feat: graceful fallback for apt-get update failures

Add apt_update_safe() function that warns instead of aborting when apt-get update fails (e.g. enterprise repo 401 Unauthorized). Shows a helpful hint about disabling the enterprise repo when no subscription is active. Replaces direct  apt-get update calls in build.func and install.func.

CHANGELOG.md

@@ -409,6 +409,12 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 ## 2026-02-27
 
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - TrueNAS VM: filter out new nightlies with MASTER [@juronja](https://github.com/juronja) ([#12355](https://github.com/community-scripts/ProxmoxVE/pull/12355))
+
 ## 2026-02-26
 
 ### 🆕 New Scripts

frontend/public/json/github-versions.json

@@ -1,5 +1,5 @@
 {
-  "generated": "2026-02-27T00:22:57Z",
+  "generated": "2026-02-27T06:18:43Z",
   "versions": [
     {
       "slug": "2fauth",
@@ -613,9 +613,9 @@
     {
       "slug": "jackett",
       "repo": "Jackett/Jackett",
-      "version": "v0.24.1218",
+      "version": "v0.24.1223",
       "pinned": false,
-      "date": "2026-02-26T05:55:11Z"
+      "date": "2026-02-27T05:51:11Z"
     },
     {
       "slug": "jellystat",
@@ -669,9 +669,9 @@
     {
       "slug": "kima-hub",
       "repo": "Chevron7Locked/kima-hub",
-      "version": "v1.5.7",
+      "version": "v1.5.8",
       "pinned": false,
-      "date": "2026-02-23T23:58:59Z"
+      "date": "2026-02-27T00:46:31Z"
     },
     {
       "slug": "kimai",
@@ -1047,9 +1047,9 @@
     {
       "slug": "pangolin",
       "repo": "fosrl/pangolin",
-      "version": "1.15.4",
+      "version": "1.16.0",
       "pinned": false,
-      "date": "2026-02-13T23:01:29Z"
+      "date": "2026-02-27T05:59:58Z"
     },
     {
       "slug": "paperless-ai",
@@ -1817,9 +1817,9 @@
     {
       "slug": "zoraxy",
       "repo": "tobychui/zoraxy",
-      "version": "v3.3.2-rc1",
+      "version": "v3.3.2-rc2",
       "pinned": false,
-      "date": "2026-02-15T02:16:17Z"
+      "date": "2026-02-27T03:31:25Z"
     },
     {
       "slug": "zwave-js-ui",

misc/build.func

@@ -4917,7 +4917,8 @@ create_lxc_container() {
     case "${_ans,,}" in
     y | yes)
       msg_info "Upgrading Proxmox LXC stack (pve-container, lxc-pve)"
-      if $STD apt-get update && $STD apt-get install -y --only-upgrade pve-container lxc-pve; then
+      apt_update_safe
+      if $STD apt-get install -y --only-upgrade pve-container lxc-pve; then
         msg_ok "LXC stack upgraded."
         if [[ "$do_retry" == "yes" ]]; then
           msg_info "Retrying container creation after upgrade"

misc/core.func

@@ -551,6 +551,53 @@ silent() {
   fi
 }
 
+# ------------------------------------------------------------------------------
+# apt_update_safe()
+#
+# - Runs apt-get update with graceful error handling
+# - On failure: shows warning with common causes instead of aborting
+# - Logs full output to active log file
+# - Returns 0 even on failure so the caller can continue
+# - Typical cause: enterprise repos returning 401 Unauthorized
+#
+# Usage:
+#   apt_update_safe       # Warn on failure, continue without aborting
+# ------------------------------------------------------------------------------
+apt_update_safe() {
+  local logfile
+  logfile="$(get_active_logfile)"
+
+  local _restore_errexit=false
+  [[ "$-" == *e* ]] && _restore_errexit=true
+
+  set +Eeuo pipefail
+  trap - ERR
+
+  apt-get update >>"$logfile" 2>&1
+  local rc=$?
+
+  if $_restore_errexit; then
+    set -Eeuo pipefail
+    trap 'error_handler' ERR
+  fi
+
+  if [[ $rc -ne 0 ]]; then
+    msg_warn "apt-get update exited with code ${rc} — some repositories may have failed."
+
+    # Check log for common 401/403 enterprise repo issues
+    if grep -qiE '401\s*Unauthorized|403\s*Forbidden|enterprise\.proxmox\.com' "$logfile" 2>/dev/null; then
+      echo -e "${TAB}${INFO} ${YWB}Hint: Proxmox enterprise repository returned an auth error.${CL}"
+      echo -e "${TAB}       If you don't have a subscription, you can disable the enterprise"
+      echo -e "${TAB}       repo and use the no-subscription repo instead."
+    fi
+
+    echo -e "${TAB}${INFO} ${YWB}Continuing despite partial update failure — packages may still be installable.${CL}"
+    echo ""
+  fi
+
+  return 0
+}
+
 # ------------------------------------------------------------------------------
 # spinner()
 #

misc/install.func

@@ -233,7 +233,7 @@ fi
 EOF
     chmod +x /usr/local/bin/apt-proxy-detect.sh
   fi
-  $STD apt-get update
+  apt_update_safe
   $STD apt-get -o Dpkg::Options::="--force-confold" -y dist-upgrade
   rm -rf /usr/lib/python3.*/EXTERNALLY-MANAGED
   msg_ok "Updated Container OS"

vm/truenas-vm.sh

@@ -88,7 +88,7 @@ function truenas_iso_lookup() {
     curl -sL "$BASE_URL" |
       grep -oE 'href="[^"]+\.iso"' |
       sed 's/href="//; s/"$//' |
-      grep -vE '(nightly|ALPHA)' |
+      grep -vE '(MASTER|ALPHA)' |
       grep -E "$year_pattern"
   )