Make shell command substitutions safe with || true

Add defensive fallbacks (|| true) to multiple command substitutions to prevent non-zero exits when commands produce no output or are unavailable. Changes touch misc/api.func, misc/build.func and misc/tools.func and cover places like lspci, /proc/cpuinfo parsing, /etc/os-release reads, hostname -I usage, grep reads from vars files and maps, pct config parsing, storage/template lookups, tool version detection, NVIDIA driver version extraction, and MeiliSearch config parsing. These edits do not change functional behavior aside from ensuring the scripts continue running (variables will be empty) instead of failing in stricter shells or when commands return non-zero status.
set gawk
2026-04-01 15:52:58 +02:00 · 2026-03-25 08:59:11 +01:00 · 2026-03-25 08:51:06 +01:00 · 2026-03-25 07:00:00 +00:00 · 2026-03-25 07:59:27 +01:00
8 changed files with 64 additions and 30 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -426,6 +426,14 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit

 </details>

+## 2026-03-25
+
+### 🚀 Updated Scripts
+
+  - #### ✨ New Features
+
+    - Komodo v2: migrate env vars to v2 and update source [@MickLesk](https://github.com/MickLesk) ([#13262](https://github.com/community-scripts/ProxmoxVE/pull/13262))
+
 ## 2026-03-24

 ### 🆕 New Scripts
--- a/ct/alpine-komodo.sh
+++ b/ct/alpine-komodo.sh
@@ -35,6 +35,8 @@ function update_script() {
  read -r -p "${TAB}Migrate update function now? [y/N]: " CONFIRM
  if [[ ! "${CONFIRM,,}" =~ ^(y|yes)$ ]]; then
    msg_warn "Migration skipped. The old update will continue to work for now."
+    msg_warn "⚠️  Komodo v2 uses :2 image tags. The :latest tag is deprecated and will not receive v2 updates."
+    msg_warn "Please migrate to the addon script to receive Komodo v2."
    msg_info "Updating ${APP} (legacy)"
    COMPOSE_FILE=$(find /opt/komodo -maxdepth 1 -type f -name '*.compose.yaml' ! -name 'compose.env' | head -n1)
    if [[ -z "$COMPOSE_FILE" ]]; then
--- a/ct/komodo.sh
+++ b/ct/komodo.sh
@@ -39,6 +39,8 @@ function update_script() {
  read -r -p "${TAB}Migrate update function now? [y/N]: " CONFIRM
  if [[ ! "${CONFIRM,,}" =~ ^(y|yes)$ ]]; then
    msg_warn "Migration skipped. The old update will continue to work for now."
+    msg_warn "⚠️  Komodo v2 uses :2 image tags. The :latest tag is deprecated and will not receive v2 updates."
+    msg_warn "Please migrate to the addon script to receive Komodo v2."
    msg_info "Updating ${APP} (legacy)"
    COMPOSE_FILE=$(find /opt/komodo -maxdepth 1 -type f -name '*.compose.yaml' ! -name 'compose.env' | head -n1)
    if [[ -z "$COMPOSE_FILE" ]]; then
--- a/misc/api.func
+++ b/misc/api.func
@@ -504,7 +504,7 @@ detect_gpu() {
  GPU_PASSTHROUGH="unknown"

  local gpu_line
-  gpu_line=$(lspci 2>/dev/null | grep -iE "VGA|3D|Display" | head -1)
+  gpu_line=$(lspci 2>/dev/null | grep -iE "VGA|3D|Display" | head -1 || true)

  if [[ -n "$gpu_line" ]]; then
    # Extract model: everything after the colon, clean up
@@ -543,7 +543,7 @@ detect_cpu() {

  if [[ -f /proc/cpuinfo ]]; then
    local vendor_id
-    vendor_id=$(grep -m1 "vendor_id" /proc/cpuinfo 2>/dev/null | cut -d: -f2 | tr -d ' ')
+    vendor_id=$(grep -m1 "vendor_id" /proc/cpuinfo 2>/dev/null | cut -d: -f2 | tr -d ' ' || true)

    case "$vendor_id" in
    GenuineIntel) CPU_VENDOR="intel" ;;
@@ -557,7 +557,7 @@ detect_cpu() {
    esac

    # Extract model name and clean it up
-    CPU_MODEL=$(grep -m1 "model name" /proc/cpuinfo 2>/dev/null | cut -d: -f2 | sed 's/^ *//' | sed 's/(R)//g' | sed 's/(TM)//g' | sed 's/  */ /g' | cut -c1-64)
+    CPU_MODEL=$(grep -m1 "model name" /proc/cpuinfo 2>/dev/null | cut -d: -f2 | sed 's/^ *//' | sed 's/(R)//g' | sed 's/(TM)//g' | sed 's/  */ /g' | cut -c1-64 || true)
  fi

  export CPU_VENDOR CPU_MODEL
@@ -1347,8 +1347,8 @@ post_addon_to_api() {
  # Detect OS info
  local os_type="" os_version=""
  if [[ -f /etc/os-release ]]; then
-    os_type=$(grep "^ID=" /etc/os-release | cut -d= -f2 | tr -d '"')
-    os_version=$(grep "^VERSION_ID=" /etc/os-release | cut -d= -f2 | tr -d '"')
+    os_type=$(grep "^ID=" /etc/os-release | cut -d= -f2 | tr -d '"' || true)
+    os_version=$(grep "^VERSION_ID=" /etc/os-release | cut -d= -f2 | tr -d '"' || true)
  fi

  local JSON_PAYLOAD
--- a/misc/build.func
+++ b/misc/build.func
@@ -173,10 +173,10 @@ get_current_ip() {
    # Check for Debian/Ubuntu (uses hostname -I)
    if grep -qE 'ID=debian|ID=ubuntu' /etc/os-release; then
      # Try IPv4 first
-      CURRENT_IP=$(hostname -I 2>/dev/null | tr ' ' '\n' | grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$' | head -n1)
+      CURRENT_IP=$(hostname -I 2>/dev/null | tr ' ' '\n' | grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$' | head -n1 || true)
      # Fallback to IPv6 if no IPv4
      if [[ -z "$CURRENT_IP" ]]; then
-        CURRENT_IP=$(hostname -I 2>/dev/null | tr ' ' '\n' | grep -E ':' | head -n1)
+        CURRENT_IP=$(hostname -I 2>/dev/null | tr ' ' '\n' | grep -E ':' | head -n1 || true)
      fi
    # Check for Alpine (uses ip command)
    elif grep -q 'ID=alpine' /etc/os-release; then
@@ -1704,8 +1704,8 @@ ensure_storage_selection_for_vars_file() {

  # Read stored values (if any)
  local tpl ct
-  tpl=$(grep -E '^var_template_storage=' "$vf" | cut -d= -f2-)
-  ct=$(grep -E '^var_container_storage=' "$vf" | cut -d= -f2-)
+  tpl=$(grep -E '^var_template_storage=' "$vf" | cut -d= -f2- || true)
+  ct=$(grep -E '^var_container_storage=' "$vf" | cut -d= -f2- || true)

  if [[ -n "$tpl" && -n "$ct" ]]; then
    TEMPLATE_STORAGE="$tpl"
@@ -1840,7 +1840,7 @@ advanced_settings() {
    if [[ -n "$BRIDGES" ]]; then
      while IFS= read -r bridge; do
        if [[ -n "$bridge" ]]; then
-          local description=$(grep -A 10 "iface $bridge" /etc/network/interfaces 2>/dev/null | grep '^#' | head -n1 | sed 's/^#\s*//;s/^[- ]*//')
+          local description=$(grep -A 10 "iface $bridge" /etc/network/interfaces 2>/dev/null | grep '^#' | head -n1 | sed 's/^#\s*//;s/^[- ]*//' || true)
          BRIDGE_MENU_OPTIONS+=("$bridge" "${description:- }")
        fi
      done <<<"$BRIDGES"
@@ -3322,7 +3322,7 @@ configure_ssh_settings() {
      tag="${tag%\"}"
      tag="${tag#\"}"
      local line
-      line=$(grep -E "^${tag}\|" "$MAPFILE" | head -n1 | cut -d'|' -f2-)
+      line=$(grep -E "^${tag}\|" "$MAPFILE" | head -n1 | cut -d'|' -f2- || true)
      [[ -n "$line" ]] && printf '%s\n' "$line" >>"$SSH_KEYS_FILE"
    done
    ;;
@@ -3349,7 +3349,7 @@ configure_ssh_settings() {
            tag="${tag%\"}"
            tag="${tag#\"}"
            local line
-            line=$(grep -E "^${tag}\|" "$MAPFILE" | head -n1 | cut -d'|' -f2-)
+            line=$(grep -E "^${tag}\|" "$MAPFILE" | head -n1 | cut -d'|' -f2- || true)
            [[ -n "$line" ]] && printf '%s\n' "$line" >>"$SSH_KEYS_FILE"
          done
        else
@@ -4050,7 +4050,7 @@ EOF
  # Fix Debian 13 LXC template bug where / is owned by nobody:nogroup
  # This must be done from the host as unprivileged containers cannot chown /
  local rootfs
-  rootfs=$(pct config "$CTID" | grep -E '^rootfs:' | sed 's/rootfs: //' | cut -d',' -f1)
+  rootfs=$(pct config "$CTID" | grep -E '^rootfs:' | sed 's/rootfs: //' | cut -d',' -f1 || true)
  if [[ -n "$rootfs" ]]; then
    local mount_point="/var/lib/lxc/${CTID}/rootfs"
    if [[ -d "$mount_point" ]] && [[ "$(stat -c '%U' "$mount_point")" != "root" ]]; then
@@ -5142,7 +5142,7 @@ create_lxc_container() {
  fi

  msg_info "Validating storage '$CONTAINER_STORAGE'"
-  STORAGE_TYPE=$(grep -E "^[^:]+: $CONTAINER_STORAGE$" /etc/pve/storage.cfg | cut -d: -f1 | head -1)
+  STORAGE_TYPE=$(grep -E "^[^:]+: $CONTAINER_STORAGE$" /etc/pve/storage.cfg | cut -d: -f1 | head -1 || true)

  if [[ -z "$STORAGE_TYPE" ]]; then
    msg_error "Storage '$CONTAINER_STORAGE' not found in /etc/pve/storage.cfg"
@@ -5181,7 +5181,7 @@ create_lxc_container() {
  msg_ok "Storage '$CONTAINER_STORAGE' ($STORAGE_TYPE) validated"

  msg_info "Validating template storage '$TEMPLATE_STORAGE'"
-  TEMPLATE_TYPE=$(grep -E "^[^:]+: $TEMPLATE_STORAGE$" /etc/pve/storage.cfg | cut -d: -f1)
+  TEMPLATE_TYPE=$(grep -E "^[^:]+: $TEMPLATE_STORAGE$" /etc/pve/storage.cfg | cut -d: -f1 || true)

  if ! pvesm status -content vztmpl 2>/dev/null | awk 'NR>1{print $1}' | grep -qx "$TEMPLATE_STORAGE"; then
    msg_warn "Template storage '$TEMPLATE_STORAGE' may not support 'vztmpl'"
--- a/misc/tools.func
+++ b/misc/tools.func
@@ -524,12 +524,12 @@ is_tool_installed() {
  case "$tool_name" in
  mariadb)
    if command -v mariadb >/dev/null 2>&1; then
-      installed_version=$(mariadb --version 2>/dev/null | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | head -1)
+      installed_version=$(mariadb --version 2>/dev/null | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | head -1 || true)
    fi
    ;;
  mysql)
    if command -v mysql >/dev/null 2>&1; then
-      installed_version=$(mysql --version 2>/dev/null | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | head -1)
+      installed_version=$(mysql --version 2>/dev/null | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | head -1 || true)
    fi
    ;;
  mongodb | mongod)
@@ -539,7 +539,7 @@ is_tool_installed() {
    ;;
  node | nodejs)
    if command -v node >/dev/null 2>&1; then
-      installed_version=$(node -v 2>/dev/null | grep -oP '^v\K[0-9]+')
+      installed_version=$(node -v 2>/dev/null | grep -oP '^v\K[0-9]+' || true)
    fi
    ;;
  php)
@@ -4837,7 +4837,7 @@ _setup_nvidia_gpu() {
  # Use regex to extract version number (###.##.## or ###.## pattern)
  local nvidia_host_version=""
  if [[ -f /proc/driver/nvidia/version ]]; then
-    nvidia_host_version=$(grep -oP '\d{3,}\.\d+(\.\d+)?' /proc/driver/nvidia/version 2>/dev/null | head -1)
+    nvidia_host_version=$(grep -oP '\d{3,}\.\d+(\.\d+)?' /proc/driver/nvidia/version 2>/dev/null | head -1 || true)
  fi

  if [[ -z "$nvidia_host_version" ]]; then
@@ -7321,7 +7321,7 @@ function setup_meilisearch() {
      MEILI_HOST="${MEILISEARCH_HOST:-127.0.0.1}"
      MEILI_PORT="${MEILISEARCH_PORT:-7700}"
      MEILI_DUMP_DIR="${MEILISEARCH_DUMP_DIR:-/var/lib/meilisearch/dumps}"
-      MEILI_MASTER_KEY=$(grep -E "^master_key\s*=" /etc/meilisearch.toml 2>/dev/null | sed 's/.*=\s*"\(.*\)"/\1/' | tr -d ' ')
+      MEILI_MASTER_KEY=$(grep -E "^master_key\s*=" /etc/meilisearch.toml 2>/dev/null | sed 's/.*=\s*"\(.*\)"/\1/' | tr -d ' ' || true)

      # Create dump before update if migration is needed
      local DUMP_UID=""
@@ -7387,7 +7387,7 @@ function setup_meilisearch() {
      # We choose option 2: backup and proceed with warning
      if [[ "$NEEDS_MIGRATION" == "true" ]] && [[ -z "$DUMP_UID" ]]; then
        local MEILI_DB_PATH
-        MEILI_DB_PATH=$(grep -E "^db_path\s*=" /etc/meilisearch.toml 2>/dev/null | sed 's/.*=\s*"\(.*\)"/\1/' | tr -d ' ')
+        MEILI_DB_PATH=$(grep -E "^db_path\s*=" /etc/meilisearch.toml 2>/dev/null | sed 's/.*=\s*"\(.*\)"/\1/' | tr -d ' ' || true)
        MEILI_DB_PATH="${MEILI_DB_PATH:-/var/lib/meilisearch/data}"

        if [[ -d "$MEILI_DB_PATH" ]] && [[ -n "$(ls -A "$MEILI_DB_PATH" 2>/dev/null)" ]]; then
@@ -7407,7 +7407,7 @@ function setup_meilisearch() {
      # If migration needed and dump was created, remove old data and import dump
      if [[ "$NEEDS_MIGRATION" == "true" ]] && [[ -n "$DUMP_UID" ]]; then
        local MEILI_DB_PATH
-        MEILI_DB_PATH=$(grep -E "^db_path\s*=" /etc/meilisearch.toml 2>/dev/null | sed 's/.*=\s*"\(.*\)"/\1/' | tr -d ' ')
+        MEILI_DB_PATH=$(grep -E "^db_path\s*=" /etc/meilisearch.toml 2>/dev/null | sed 's/.*=\s*"\(.*\)"/\1/' | tr -d ' ' || true)
        MEILI_DB_PATH="${MEILI_DB_PATH:-/var/lib/meilisearch/data}"

        msg_info "Removing old MeiliSearch database for migration"
--- a/tools/addon/komodo.sh
+++ b/tools/addon/komodo.sh
@@ -3,7 +3,7 @@
 # Copyright (c) 2021-2026 community-scripts ORG
 # Author: MickLesk (CanbiZ)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://komo.do/ | Github: https://github.com/mbecker20/komodo
+# Source: https://komo.do/ | Github: https://github.com/moghtech/komodo
 if ! command -v curl &>/dev/null; then
  printf "\r\e[2K%b" '\033[93m Setup Source \033[m' >&2
  apt-get update >/dev/null 2>&1 || apk update >/dev/null 2>&1
@@ -82,6 +82,7 @@ function update() {
    msg_error "Failed to create backup of ${COMPOSE_BASENAME}!"
    exit 235
  }
+  cp "$COMPOSE_ENV" "${COMPOSE_ENV}.bak_$(date +%Y%m%d_%H%M%S)" 2>/dev/null || true

  GITHUB_URL="https://raw.githubusercontent.com/moghtech/komodo/main/compose/${COMPOSE_BASENAME}"
  if ! curl -fsSL "$GITHUB_URL" -o "$COMPOSE_FILE"; then
@@ -90,8 +91,29 @@ function update() {
    exit 115
  fi

-  if ! grep -qxF 'COMPOSE_KOMODO_BACKUPS_PATH=/etc/komodo/backups' "$COMPOSE_ENV"; then
-    sed -i '/^COMPOSE_KOMODO_IMAGE_TAG=latest$/a COMPOSE_KOMODO_BACKUPS_PATH=/etc/komodo/backups' "$COMPOSE_ENV"
+  # === v2 migration: image tag (latest is deprecated) ===
+  if grep -q '^COMPOSE_KOMODO_IMAGE_TAG=latest' "$COMPOSE_ENV"; then
+    msg_info "Migrating to Komodo v2 image tag"
+    sed -i 's/^COMPOSE_KOMODO_IMAGE_TAG=latest/COMPOSE_KOMODO_IMAGE_TAG=2/' "$COMPOSE_ENV"
+    msg_ok "Migrated image tag to :2"
+  fi
+
+  # === v2 migration: DB credential variable names ===
+  if grep -q '^KOMODO_DB_USERNAME=' "$COMPOSE_ENV"; then
+    msg_info "Migrating database credential variables"
+    sed -i 's/^KOMODO_DB_USERNAME=/KOMODO_DATABASE_USERNAME=/' "$COMPOSE_ENV"
+    sed -i 's/^KOMODO_DB_PASSWORD=/KOMODO_DATABASE_PASSWORD=/' "$COMPOSE_ENV"
+    msg_ok "Migrated DB credential variables"
+  fi
+
+  # === v2 migration: remove deprecated passkey (replaced by PKI) ===
+  if grep -q '^KOMODO_PASSKEY=' "$COMPOSE_ENV"; then
+    sed -i '/^KOMODO_PASSKEY=/d' "$COMPOSE_ENV"
+  fi
+
+  # === ensure backups path is set ===
+  if ! grep -q 'COMPOSE_KOMODO_BACKUPS_PATH=' "$COMPOSE_ENV"; then
+    echo 'COMPOSE_KOMODO_BACKUPS_PATH=/etc/komodo/backups' >>"$COMPOSE_ENV"
  fi

  $STD docker compose -p komodo -f "$COMPOSE_FILE" --env-file "$COMPOSE_ENV" pull
@@ -192,14 +214,12 @@ function install() {

  DB_PASSWORD=$(openssl rand -base64 16 | tr -d '/+=')
  ADMIN_PASSWORD=$(openssl rand -base64 8 | tr -d '/+=')
-  PASSKEY=$(openssl rand -base64 24 | tr -d '/+=')
  WEBHOOK_SECRET=$(openssl rand -base64 24 | tr -d '/+=')
  JWT_SECRET=$(openssl rand -base64 24 | tr -d '/+=')

-  sed -i "s/^KOMODO_DB_USERNAME=.*/KOMODO_DB_USERNAME=komodo_admin/" "$COMPOSE_ENV"
-  sed -i "s/^KOMODO_DB_PASSWORD=.*/KOMODO_DB_PASSWORD=${DB_PASSWORD}/" "$COMPOSE_ENV"
+  sed -i "s/^KOMODO_DATABASE_USERNAME=.*/KOMODO_DATABASE_USERNAME=komodo_admin/" "$COMPOSE_ENV"
+  sed -i "s/^KOMODO_DATABASE_PASSWORD=.*/KOMODO_DATABASE_PASSWORD=${DB_PASSWORD}/" "$COMPOSE_ENV"
  sed -i "s/^KOMODO_INIT_ADMIN_PASSWORD=changeme/KOMODO_INIT_ADMIN_PASSWORD=${ADMIN_PASSWORD}/" "$COMPOSE_ENV"
-  sed -i "s/^KOMODO_PASSKEY=.*/KOMODO_PASSKEY=${PASSKEY}/" "$COMPOSE_ENV"
  sed -i "s/^KOMODO_WEBHOOK_SECRET=.*/KOMODO_WEBHOOK_SECRET=${WEBHOOK_SECRET}/" "$COMPOSE_ENV"
  sed -i "s/^KOMODO_JWT_SECRET=.*/KOMODO_JWT_SECRET=${JWT_SECRET}/" "$COMPOSE_ENV"
  msg_ok "Configured environment"
--- a/turnkey/turnkey.sh
+++ b/turnkey/turnkey.sh
@@ -177,6 +177,8 @@ pveam update >/dev/null
 msg_ok "Updated LXC template list"

 # Build TurnKey selection menu dynamically from available templates
+# Requires gawk for regex capture groups in match()
+command -v gawk &>/dev/null || apt-get install -y gawk &>/dev/null
 declare -A TURNKEY_TEMPLATES
 TURNKEY_MENU=()
 MSG_MAX_LENGTH=0
@@ -185,7 +187,7 @@ while IFS=$'\t' read -r TEMPLATE_FILE TAG ITEM; do
  OFFSET=2
  ((${#ITEM} + OFFSET > MSG_MAX_LENGTH)) && MSG_MAX_LENGTH=$((${#ITEM} + OFFSET))
  TURNKEY_MENU+=("$TAG" "$ITEM " "OFF")
-done < <(pveam available -section turnkeylinux | awk '{
+done < <(pveam available -section turnkeylinux | gawk '{
  tpl = $2
  if (match(tpl, /debian-([0-9]+)-turnkey-([^_]+)_([^_]+)_/, m)) {
    app = m[2]; deb = m[1]; ver = m[3]
Author	SHA1	Message	Date
CanbiZ (MickLesk)	ec1ea0b539	Make shell command substitutions safe with \|\| true Add defensive fallbacks (\|\| true) to multiple command substitutions to prevent non-zero exits when commands produce no output or are unavailable. Changes touch misc/api.func, misc/build.func and misc/tools.func and cover places like lspci, /proc/cpuinfo parsing, /etc/os-release reads, hostname -I usage, grep reads from vars files and maps, pct config parsing, storage/template lookups, tool version detection, NVIDIA driver version extraction, and MeiliSearch config parsing. These edits do not change functional behavior aside from ensuring the scripts continue running (variables will be empty) instead of failing in stricter shells or when commands return non-zero status.	2026-03-25 08:59:11 +01:00
CanbiZ (MickLesk)	de356fa8b6	set gawk	2026-03-25 08:51:06 +01:00
community-scripts-pr-app[bot]	00c538dc3b	Update CHANGELOG.md (#13278 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2026-03-25 07:00:00 +00:00
CanbiZ (MickLesk)	7c4882384f	komodo: migrate env vars to v2 and update source (#13262 ) Update Komodo addon script: switch source GitHub URL to moghtech, create a timestamped backup of the compose env before updating, and add migrations for Komodo v2. Migrate image tag from 'latest' to ':2', rename DB credential variables (KOMODO_DB_* -> KOMODO_DATABASE_*), remove the deprecated KOMODO_PASSKEY, and ensure COMPOSE_KOMODO_BACKUPS_PATH is set. Adjust install routine to stop generating/setting PASSKEY and to use the new DATABASE variable names.	2026-03-25 07:59:27 +01:00