* Standardize exit codes and add mappings
Replace generic exit 1 usages with specific numeric exit codes and add corresponding explanations to the error lookup. This commit updates multiple misc/* scripts to return distinct codes for validation, Proxmox/LXC, networking, download and curl errors (e.g. 103-123, 64, 107-120, 206, 0 for explicit user cancels). It also updates curl error handling to propagate the original curl exit code and adds new entries in explain_exit_code and the error handler to improve diagnostics.
* Set exit code 115 for update_os errors
Change exit status from 6 to 115 in misc/alpine-install.func's update_os() error handlers when failing to download tools.func or when the expected functions are missing. This gives a distinct exit code for these specific failure cases.
* Add tools/addon exit codes and use them
Introduce exit codes 232-238 for Tools & Addon scripts in misc/api.func and misc/error_handler.func. Update addon scripts (tools/addon/adguardhome-sync.sh, tools/addon/copyparty.sh, tools/addon/cronmaster.sh) to return specific codes instead of generic exit 1: 238 for unsupported OS and 233 when the application is not installed/upgrade prerequisites are missing. This makes failures more descriptive and aligns scripts with the central error explanations.
* Standardize exit codes in exporter addons
Unify exit codes across exporter addon scripts: return 238 for unsupported OS detections and 233 when an update is requested but the exporter is not installed. Applied to nextcloud-exporter.sh, pihole-exporter.sh, prometheus-paperless-ngx-exporter.sh, and qbittorrent-exporter.sh to make failure modes distinguishable for callers/automation.
* Use specific exit codes in addon scripts
Replace generic exit 1 with distinct exit codes across multiple addon scripts to enable finer-grained error handling in automation. Exit codes introduced: 10 for Docker/Compose missing or user-declined Docker install, 233 for "nothing to update" cases, and 238 for unsupported OS cases. Affected files: tools/addon/arcane.sh, coolify.sh, dockge.sh, dokploy.sh, filebrowser-quantum.sh, filebrowser.sh, immich-public-proxy.sh, jellystat.sh, runtipi.sh.
* Use specific exit codes in addon scripts
Replace generic exit 1 with specific exit codes across multiple addon scripts to improve error signaling and handling. Files updated: tools/addon/add-netbird-lxc.sh (exit 238 on unsupported distro), tools/addon/add-tailscale-lxc.sh (treat user cancel as exit 0), tools/addon/glances.sh (exit 233 when not installed), tools/addon/komodo.sh (distinct exits for missing compose, legacy DB, backup/download failures, docker checks), tools/addon/netdata.sh (distinct exits for unsupported PVE versions, OS/codename detection, repo lookups), and tools/addon/phpmyadmin.sh (distinct exits for unsupported OS, network/download issues, package install/start failures, and invalid input). These changes make failures easier to identify and automate recovery or reporting.
* Use specific exit codes in PVE scripts
Replace generic exit 1 with distinct exit codes across tools/pve scripts to provide clearer failure signals for callers. post-pve-install.sh now returns 105 for unsupported Proxmox versions; pve-privilege-converter.sh uses 104 for non-root, 234 when no containers, and 235 for backup/conversion failures; update-apps.sh maps backup failures to 235, missing containers/selections to 234 (and UI cancellations to 0), missing backup storage to 119, and returns the actual container update exit code on failure. These changes improve diagnostics and allow external tooling to react to specific error conditions.
* Standardize exit codes and behaviors
Adjust exit codes and abort handling across multiple PVE helper scripts to provide clearer outcomes for automation and interactive flows. Changes include:
- container-restore-from-backup.sh, core-restore-from-backup.sh: return 235 when no backups found (was 1).
- fstrim.sh: treat user cancellation of non-ext4 warning as non-error (exit 0 instead of 1).
- kernel-clean.sh: treat no selection or user abort as non-error (exit 0 instead of 1).
- lxc-delete.sh: return 234 when no containers are present; treat no selection as non-error (exit 0).
- nic-offloading-fix.sh: use specific non-zero codes for root check and tool install failures (exit 104, 237) and 236 when no matching interfaces (was 1).
- pbs_microcode.sh, post-pmg-install.sh, post-pbs-install.sh: use distinct exit codes (232 and 105) for detected VM/PVE/unsupported distro conditions instead of generic 1.
These modifications make scripts return distinct codes for different failure modes and ensure user-initiated aborts or benign conditions exit with 0 where appropriate.
* Use exit 105 for unsupported PVE versions
Standardize error handling by replacing generic exit 1 with exit 105 in pve_check() across multiple VM template scripts to indicate unsupported Proxmox VE versions. Also add API exit code 226 message for "Proxmox: VM disk import or post-creation setup failed" in misc/api.func. Affected files include misc/api.func and various vm/*-vm.sh scripts.
* Use specific exit codes in VM scripts
Replace generic exit 1 with distinct exit codes across vm/*.sh to make failures more actionable for callers. Changes include: use 226 for missing imported-disk references, 237 for pv installation failures, 115 for download/extract/ISO-related failures, 214 for insufficient disk space during FreeBSD decompression, and 119 for missing storage detection. Updated scripts: archlinux-vm.sh, docker-vm.sh, haos-vm.sh, openwrt-vm.sh, opnsense-vm.sh, truenas-vm.sh, umbrel-os-vm.sh.
Restore and sanitize terminal state before prompting by draining stale input from /dev/tty (dd iflag=nonblock) and adding a short sleep, then perform timed reads from /dev/tty in misc/build.func and misc/error_handler.func. Also make _REPO_CACHE a global associative array (declare -gA) with fallbacks in misc/tools.func so the cache survives when tools.func is sourced inside a function scope.
Pass PG_VERSION from the Mealie installer (replace POSTGRES_VERSION with PG_VERSION) and update misc/tools.func to prefer vendor package repos by default. Adjusted comments/examples for setup_mysql and setup_postgresql to reflect the new default behavior, and changed the local default for USE_MYSQL_REPO to true. These changes align variable naming in the installer and clarify that official MySQL/PGDG repositories are used unless explicitly disabled.
Improve GitHub release tag handling: only remove a leading 'v' when it's followed by a digit (avoids mangling tags like "version/..."), and sanitize the derived version string for filenames by replacing '/' with '-'. Use the sanitized version when constructing the downloaded tarball filename to prevent invalid or unexpected paths.
Adds a reusable function to fetch the latest tag from a GitHub repo.
Useful for projects that only use tags, not full releases (e.g.
mongodb/mongo-tools).
Features:
- Optional prefix filter (e.g. '100.' or 'v')
- Optional prefix stripping for clean version output
- Skips pre-release tags (rc, alpha, beta, dev, test)
- Sorts by version (sort -V) to find the latest
- Respects GITHUB_TOKEN for rate limiting
Update misc/tools.func to include Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg on multiple Debian repository blocks (bullseye, bookworm, trixie/sid and their -security entries) for non-free and non-free-firmware components. This ensures APT uses the specified keyring to verify repository metadata and improves reproducible/secure apt configuration.
- check_for_gh_release: add Authorization header when GITHUB_TOKEN is set,
detect HTTP 403 and show actionable rate-limit hint
- fetch_and_deploy_gh_release: improve retry loop with specific 403 handling,
exponential backoff, and token export hint on rate-limit failure
The previous logic using 'file | grep PGP' was inverted — both
ASCII-armored and binary GPG keys matched the pattern, causing
ASCII-armored keys to be copied directly instead of being
dearmored. This resulted in APT failing with NO_PUBKEY errors
on Debian 12 (bookworm).
Use 'grep BEGIN PGP' to reliably detect ASCII-armored keys and
dearmor them, otherwise copy binary keys directly.
gpg --dearmor creates files with restrictive permissions (600),
which prevents Debian 13's sqv signature verifier from reading
the keyring files. This causes apt update to fail with
'Permission denied' errors for all repositories using custom
GPG keys (adoptium, pgdg, pdm, etc.).
Set chmod 644 after creating .gpg files in both setup_deb822_repo()
and the MongoDB GPG key import in manage_tool_repository().
The UniFi GPG key at dl.ui.com/unifi/unifi-repo.gpg is already in binary
format. setup_deb822_repo unconditionally ran gpg --dearmor which expects
ASCII-armored input, corrupting binary keys and causing apt to fail with
'Unable to locate package unifi'.
setup_deb822_repo now downloads the key to a temp file first and uses
the file command to detect whether it is already a binary PGP/GPG key.
Binary keys are copied directly; armored keys are dearmored as before.
This also reverts unifi-install.sh back to using setup_deb822_repo for
consistency with all other install scripts.
Add missing libmfx-gen1.2 package to _setup_intel_arc() for both
Ubuntu and Debian. Without this package, QSV hardware acceleration
fails with 'Error creating a MFX session: -9'.
The package was already present in _setup_intel_modern() (Gen9+)
but missing from the Arc GPU path.
Closes#11701
When fetch_and_deploy_gh_release fails to find a matching asset in the
target release (binary/prebuild/singlefile modes), scan up to 15 older
releases for a compatible asset. Prompts the user with a 60s timeout
(default: yes) before using the fallback version.
Addresses issues like SigNoz #11652 where the latest release has no
matching OTel collector binary.
- Add Codeberg API functions: codeberg_api_call, get_latest_codeberg_release, check_for_codeberg_release
- Add fetch_and_deploy_codeberg_release function for Codeberg releases
- Update autocaliweb install and update scripts to use Codeberg
- Update autocaliweb.json documentation and website URLs
Changes to setup_php():
- Add version detection for PHP 8.5+ built-in opcache
- Define BUILTIN_MODULES list for modules included in php-common
(ctype, fileinfo, iconv, tokenizer, phar, posix, etc.)
- Filter out built-in modules before attempting installation
- Verify each package exists via apt-cache before adding to install list
- Skip unavailable packages with informational message instead of error
- Add extended default modules (mysql, sqlite3, pgsql, redis, imagick,
bz2, apcu) to cover ~90% of typical use cases
- Improve error handling with graceful degradation
This prevents installation failures when:
- PHP version has module built into core (e.g., opcache in 8.5+)
- Module is provided by php-common (ctype, fileinfo, etc.)
- Package is renamed or unavailable in specific PHP version
Fixes#11359
Bug fixes:
- dumpUid is only available AFTER the dump task completes, not in the
initial POST /dumps response. Fixed the extraction logic to wait for
task completion first, then extract dumpUid from the task result.
- Removed non-existent API endpoint /dumps/{uid}/import - Meilisearch
only supports dump import via CLI flag --import-dump
Improvements:
- If dump creation fails, backup the data directory before proceeding
instead of just overwriting (allows manual recovery)
- Better error messages with actual API response content
- Proper health check loop during import with process monitoring
- Clear user guidance about what to do after failed migration
Fixes#11349
Meilisearch requires a dump/restore process when upgrading between
incompatible versions (different major.minor). The previous update
logic simply replaced the binary, causing database corruption.
This fix:
- Detects version changes that require migration
- Creates a data dump before upgrading
- Removes old incompatible data after binary update
- Imports the dump to restore data in new format
- Falls back to --import-dump CLI flag for older API versions
- Adds proper error handling and timeouts
Fixes#11349
Set SYSTEMD_OFFLINE=1 for apt/dpkg in binary mode to prevent systemd-tmpfiles
'unsafe path transition' errors in unprivileged containers (Debian 13+/systemd 257+).
- nvidia-utils is a virtual package and requires version suffix (e.g. nvidia-utils-580)
- Use nvidia_major_version to install correct versioned packages
- Show helpful warning message instead of crashing on failure
Fixes installation failures on Ubuntu 24.04 with NVIDIA 580.x drivers
* fix(core): add IPv6 fallback support to get_current_ip functions
Fixes IP detection in IPv6-only environments by adding fallback:
- Try IPv4 first (existing behavior)
- Fall back to IPv6 via interface lookup (eth0 scope global)
- Fall back to IPv6 routing with Google/Cloudflare DNS targets
Closes #issue-ipv6-only-environment
* fix(build): use SSH_AUTHORIZED_KEY from user defaults when no SSH_KEYS_FILE exists
When using 'User Defaults' with var_ssh_authorized_key set in default.vars,
the SSH key was not being installed because install_ssh_keys_into_ct() only
checked for SSH_KEYS_FILE (which is only created in Advanced Settings).
Now the function also checks SSH_AUTHORIZED_KEY and creates a temporary
SSH_KEYS_FILE if needed.
Fixes#11062
- Changed setup_mariadb() to use Debian/Ubuntu distribution packages by default
- Official MariaDB repository only used when specific version is requested
- Added cleanup logic for old/orphaned repository files with apt update
- Added version comparison to prevent downgrades (keeps higher version installed)
- Added automatic fallback to distro packages if repo installation fails
- Extracted _setup_mariadb_runtime_dir() helper function
- Updated all related documentation
This change improves reliability by avoiding MariaDB mirror issues
(HTTPS->HTTP redirects, geographic availability problems) for standard
installations while still allowing specific versions when needed.
Switches to using the ondrej/php PPA for Ubuntu and retains the Sury repository for Debian when setting up PHP. This ensures compatibility with the respective distributions' recommended PHP sources.
Replaces all apt commands with apt-get for consistency and adds noninteractive environment variables to prevent interactive dialogs during NVIDIA GPU driver installation. Also adds --force-confold to preserve existing config files and ensures smoother automated installs.
- Check if beignet-opencl-icd package is available before installation
- Package was removed in Debian 12+ and Ubuntu 22.04+
- VA-API hardware acceleration still works without OpenCL
- Prevents installation failure on systems with Intel HD 2000-5999 GPUs
- libigdgmm12: Fetch from intel/compute-runtime (not gmmlib which has no releases)
- intel-igc-core-2: Correct pattern with -2 suffix
- intel-igc-opencl-2: Correct pattern with -2 suffix
- libze-intel-gpu1: Correct package name (was intel-level-zero-gpu)
- Remove libigdgmm12 from apt install (already fetched from GitHub)
- Only fetch GitHub packages for Trixie/Sid (Bookworm uses repos)
Verified all patterns against actual GitHub release assets.
- Fix ((gpu_count++)) returning exit code 1 when count=0
- Fix ((failed_modules++)) same issue in setup_nodejs
- Add || true to all arithmetic increments starting from 0
- Export ENABLE_GPU from build.func to container
- Check ENABLE_GPU instead of var_gpu in setup_hwaccel
The bash arithmetic expansion ((0)) and ((x++)) when x=0
returns exit code 1, which causes immediate script abort
when set -e is active.
