* feat(update-apps): add var_continue_on_error and TERM=dumb fix
- Add var_continue_on_error=yes to skip failed containers instead
of aborting all remaining updates. Useful for cron/unattended runs
where one disabled or broken script should not stop others.
Containers with backup still attempt restore on failure regardless.
- Set TERM=dumb when running pct exec to prevent whiptail from
hanging when no TTY is available (e.g. cron jobs redirecting
stdout/stderr). This causes whiptail to fail-fast instead of
blocking indefinitely.
- Add var_continue_on_error to export_config_json, --help output,
and usage examples (cron-style invocation example added).
* feat(update-apps): add var_dry_run to check updates without applying
Adds dry-run mode (var_dry_run=yes) that reports available updates for
all selected containers without modifying anything:
- Extracts GitHub source repo from the ct script header (# Source:)
- Resolves the version file name from check_for_gh_release app arg
- Reads current installed version from ~/.appname inside the container
- Queries GitHub API /releases/latest for comparison
- Outputs color-coded status: up-to-date (green), update available (yellow),
or unknown (blue/yellow with reason)
Non-GitHub sources (Codeberg, custom URLs) are skipped with a notice.
Resource scaling is suppressed entirely during dry-run.
Example usage:
var_container=all_running var_skip_confirm=yes var_dry_run=yes \
bash -c "$(curl -fsSL .../update-apps.sh)"
* fix(update-apps): dry-run uses check_for_gh_release args, not Source header
The # Source: header can point to a different repo than what
check_for_gh_release actually queries (e.g. RustDesk uses
lejianwen fork, not official rustdesk repo).
Now parse both app name and source repo directly from the
check_for_gh_release call in the ct script:
check_for_gh_release "appname" "owner/repo"
Also fix $HOME/.appname path expansion in pct exec context.
* fix issue on clear()
* feat(update-apps): add no-op clear wrapper to PATH for update scripts
Co-authored-by: Copilot <copilot@github.com>
* feat(update-apps): enhance error handling for unattended mode in resource checks
Co-authored-by: Copilot <copilot@github.com>
* feat(update-apps): implement structured logging and summary report for updates
Co-authored-by: Copilot <copilot@github.com>
* fix log issue
Co-authored-by: Copilot <copilot@github.com>
* feat(update-apps): enhance dry-run functionality and logging for container updates
Co-authored-by: Copilot <copilot@github.com>
* feat(update-apps): add dry-run completion message for better user feedback
Co-authored-by: Copilot <copilot@github.com>
---------
Co-authored-by: Copilot <copilot@github.com>
* fix(lxc-stack): use dist-upgrade and improve recovery prompt
When the host LXC stack is too old for a template, upgrading only
pve-container/lxc-pve can leave the Proxmox stack in an inconsistent state.
Use a full dist-upgrade instead.
Also refine the recovery prompt:
- [1] Upgrade LXC stack now
- [2] Older template fallback only when actually available
- [3] Ignore
- [4] Cancel
Do not auto-fallback to an older template after ignore/failure; honor the
user's explicit choice and stop with a clear error instead.
* chore(lxc-stack-prompt): clarify host dist-upgrade action in option 1
* Update build.func
* fix(lxc-stack): use host upgrade instead of dist-upgrade in recovery flow
* Enhance upgrade prompt with warning message
Added a warning message to inform users about the implications of running the host upgrade.
---------
Co-authored-by: Michel Roegl-Brunner <73236783+michelroegl-brunner@users.noreply.github.com>
When PHS_SILENT and PHS_VERBOSE are both set, stop falling back to interactive mode. Changes prefer silent mode to keep automation safe and avoid blocking unattended/non-TTY updates. Only show a whiptail warning when both stdin/stdout are TTYs and whiptail is present, and ignore any whiptail errors. Added a brief comment and adjusted the fallback message accordingly.
* fix(build.func): pct create audit — 5 fixes
1. Disable globbing (set -f) around pct create calls to prevent
passwords containing * or ? from expanding to filenames.
2. Fix TAGS: use semicolons (pct format), prevent duplicate
community-script prefix, remove trailing separator.
3. Skip keyctl dialog for unprivileged containers — pct always
forces keyctl=1 for CT_TYPE=1, so the dialog was misleading.
4. Remove dead IPV6_STATIC variable (IPv6 is handled via
IPV6_ADDR/IPV6_GATE which are properly wired into NET_STRING).
5. Remove dead UDHCPC_FIX variable — set and exported but never
consumed by any install script.
* Update api.func
User input like 'nfs, cifs' or 'nfs,' would produce invalid pct
features strings like 'mount=nfs; cifs' (space breaks pct argument
parsing) or 'mount=nfs;' (trailing semicolon). Fixes:
- Whiptail dialog (Step 27): normalize input immediately after entry
- load_vars_file validation: normalize before regex check, use
stricter regex that rejects trailing/leading commas
- FEATURES construction: defensive sanitize before building the
mount= value (strip spaces, trailing commas/semicolons)
All three layers ensure 'nfs, cifs' -> 'nfs,cifs' -> 'mount=nfs;cifs'
* fix(core): remove unused TEMP_DIR mktemp leak in build_container
The build_container() function created a temp directory via mktemp -d and
pushd into it, but never popd or rm -rf. The directory was not used for
anything — FUNCTIONS_FILE_PATH is downloaded into a variable, not a file.
Remove the mktemp -d and pushd entirely to eliminate the leak.
* fix(sonarqube): clean up temp file after zip extraction
The SonarQube update function (ct/sonarqube.sh) never deleted the
downloaded zip file (~200-500 MB) from /tmp after extraction. On LXC
containers with 4-8 GB disks, this accumulates with every update and
can eventually fill the disk.
Also add explicit cleanup in the install script instead of relying
solely on cleanup_lxc() pattern matching.
* fix(tools): prevent script crash when entering GitHub token after rate limit
fetch_and_deploy_gh_release set attempt=0 after accepting a token, then
immediately ran ((0++)) which evaluates to 0 (falsy) causing exit code 1
and killing the script under set -e.
Fix: set attempt=1 and continue to restart the retry loop cleanly,
giving the full max_retries budget with the new token.
Also fix fetch_and_deploy_codeberg_release: replace ((attempt++)) with
attempt=\ to avoid the same zero-evaluation crash on
the first connection timeout (attempt starts at 0 in that loop).
Fixes#13635
* feat(tools): add var_github_token support with token validation
- Add var_github_token to all VAR_WHITELIST arrays in build.func so the
token can be set via default.vars, app.vars, or environment variable
- Map var_github_token -> GITHUB_TOKEN in default_var_settings() (env
variable takes precedence over the var file value)
- Add commented var_github_token example to the default.vars template
- Add validate_github_token() to tools.func:
* Calls GET /user to verify the token is accepted
* Reports expiry date from x-oauth-expiry header (fine-grained PATs)
* Warns when classic PAT is missing public_repo scope
* Returns distinct exit codes: 0=valid, 1=invalid/expired, 2=no scope, 3=error
- Update prompt_for_github_token():
* Non-interactive path now picks up var_github_token automatically
* Interactive path also picks up var_github_token without prompting
* Validates token immediately after entry; loops until valid or Ctrl+C
Update LXC and VM description blocks to include donation and script page badges. Introduces script_slug, script_url and donate_url variables (derived from SCRIPT_SLUG or NSAPP/APP, normalized to lowercase and dashed) and uses them to build links. Replaces the old Ko-fi "Buy us a coffee" badge with a generic donate badge and adds an "Open Script Page" badge linking to the script detail page.
When var_gateway is set to an empty string, the resulting gw= token
in the comma-separated network string causes pct create to fail with
a 'missing key in comma-separated list property' error.
Closes#13421
Add defensive fallbacks (|| true) to multiple command substitutions to prevent non-zero exits when commands produce no output or are unavailable. Changes touch misc/api.func, misc/build.func and misc/tools.func and cover places like lspci, /proc/cpuinfo parsing, /etc/os-release reads, hostname -I usage, grep reads from vars files and maps, pct config parsing, storage/template lookups, tool version detection, NVIDIA driver version extraction, and MeiliSearch config parsing. These edits do not change functional behavior aside from ensuring the scripts continue running (variables will be empty) instead of failing in stricter shells or when commands return non-zero status.
Analyze logs for generic exit code 1 and export an ERROR_CATEGORY_OVERRIDE so telemetry receives a more accurate error category (apt, oom, network, storage, dependency). Preserve any existing TELEMETRY_TYPE when posting updates. Add defense-in-depth by disabling strict error traps before running grep/sed log analysis to avoid spurious error_handler invocations. Mark successful installs with INSTALL_COMPLETE and update the error handler to only report a successful "done" telemetry state when INSTALL_COMPLETE is explicitly set, preventing false-positive success reports from early zero-exit exits.
Add clearer architecture error messages and gate arm64 usage, plus implement architecture-aware behavior across the toolkit. Changes include: update exit-code messages to reference amd64/arm64, refuse arm64 unless explicitly enabled, show architecture in summaries, and use arch-specific package lists when installing in containers. Make downloads for FFmpeg and yq choose the correct amd64/arm64 binaries, tighten template download error handling and formatting, and clean up minor whitespace/comment issues. These changes aim to make arm64 handling explicit and downloads/installations more robust for non-amd64 systems.
