fix(librenms): run daily.sh as librenms user with git available

Install git, initialize git metadata for tarball deployments, and execute
daily.sh via su so updates no longer fail with permission or missing git.

ct/librenms.sh

@@ -29,10 +29,21 @@ function update_script() {
     exit
   fi
   setup_mariadb
+  ensure_dependencies git
+  if [[ ! -d /opt/librenms/.git ]]; then
+    msg_info "Initializing LibreNMS git metadata"
+    LIBRENMS_VERSION=$(cat ~/.librenms 2>/dev/null)
+    cd /opt/librenms
+    git init -q
+    git remote add origin https://github.com/librenms/librenms.git
+    git fetch --depth 1 origin "refs/tags/v${LIBRENMS_VERSION}" 2>/dev/null ||
+      git fetch --depth 1 origin "refs/tags/${LIBRENMS_VERSION}" 2>/dev/null || true
+    git checkout -qf FETCH_HEAD 2>/dev/null || true
+    chown -R librenms:librenms .git
+    msg_ok "Initialized LibreNMS git metadata"
+  fi
   msg_info "Updating LibreNMS"
-  su librenms
-  cd /opt/librenms
-  ./daily.sh
+  $STD su - librenms -s /bin/bash -c 'cd /opt/librenms && ./daily.sh'
   msg_ok "Updated LibreNMS"
   exit
 }

install/librenms-install.sh

@@ -17,6 +17,7 @@ msg_info "Installing Dependencies"
 $STD apt install -y \
   acl \
   fping \
+  git \
   graphviz \
   imagemagick \
   mtr-tiny \
@@ -64,6 +65,16 @@ EOF
 chown -R librenms:librenms /opt/librenms
 chmod 771 /opt/librenms
 chmod -R ug=rwX /opt/librenms/bootstrap/cache /opt/librenms/storage /opt/librenms/logs /opt/librenms/rrd
+if [[ ! -d /opt/librenms/.git ]]; then
+  LIBRENMS_VERSION=$(cat ~/.librenms 2>/dev/null)
+  cd /opt/librenms
+  git init -q
+  git remote add origin https://github.com/librenms/librenms.git
+  git fetch --depth 1 origin "refs/tags/v${LIBRENMS_VERSION}" 2>/dev/null ||
+    git fetch --depth 1 origin "refs/tags/${LIBRENMS_VERSION}" 2>/dev/null || true
+  git checkout -qf FETCH_HEAD 2>/dev/null || true
+  chown -R librenms:librenms .git
+fi
 msg_ok "Configured LibreNMS"
 
 msg_info "Configure MariaDB"

tools/pve/update-apps.sh

@@ -145,35 +145,11 @@ function header_info {
 EOF
 }
 
-function sanitize_service_name() {
-  local name="${1//$'\r'/}"
-  name="${name//$'\n'/}"
-  [[ -z "$name" ]] && return 1
-  [[ "$name" == *'#!'* ]] && return 1
-  [[ ! "$name" =~ ^[a-zA-Z0-9._-]+$ ]] && return 1
-  return 0
-}
-
-function validate_service_script() {
-  local name="$1"
-  sanitize_service_name "$name" || return 1
-  curl -fsSL --max-time 10 -o /dev/null \
-    "https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/${name}.sh" 2>/dev/null
-}
-
 function detect_service() {
-  local container="$1"
-  local tmpdir update_file
-  service=""
-  tmpdir=$(mktemp -d)
-  update_file="$tmpdir/update"
-  pct pull "$container" /usr/bin/update "$update_file" 2>/dev/null || true
-  if [[ ! -s "$update_file" ]]; then
-    rm -rf "$tmpdir"
-    return 1
-  fi
-  service=$(grep -oE '/ct/[a-zA-Z0-9._-]+\.sh' "$update_file" 2>/dev/null | head -n1 | sed 's|.*/ct/||; s|\.sh$||')
-  rm -rf "$tmpdir"
+  pushd $(mktemp -d) >/dev/null
+  pct pull "$1" /usr/bin/update update 2>/dev/null
+  service=$(cat update | sed 's|.*/ct/||g' | sed 's|\.sh).*||g')
+  popd >/dev/null
 }
 
 function dry_run_container() {
@@ -471,33 +447,24 @@ for container in $CHOICE; do
   #1) Detect service using the service name in the update command
   detect_service $container
 
-  #1.1) If update script not detected or service name is invalid, skip
-  if [ -z "${service}" ] || ! sanitize_service_name "${service}"; then
-    echo -e "${RD}[ERROR]${CL} Could not detect a valid service name for container $container"
-    log_result "$container" "(unknown)" "ERROR" "Invalid or missing service name in /usr/bin/update"
-    log_write "Container $container: ERROR — invalid or missing service name"
+  #1.1) If update script not detected, return
+  if [ -z "${service}" ]; then
+    echo -e "${YW}[WARN]${CL} Update script not found. Skipping to next container"
+    log_result "$container" "(unknown)" "SKIPPED" "No update script found in container"
+    log_write "Container $container: SKIPPED — no update script found"
     continue
+  else
+    echo -e "${BL}[INFO]${CL} Detected service: ${GN}${service}${CL}"
+    log_write "Container $container: detected service '$service'"
   fi
 
-  if ! validate_service_script "${service}"; then
-    echo -e "${RD}[ERROR]${CL} Service '${service}' does not resolve to ct/${service}.sh"
-    log_result "$container" "${service}" "ERROR" "No matching ct/${service}.sh script found"
-    log_write "Container $container: ERROR — ct/${service}.sh not found"
-    continue
-  fi
-
-  echo -e "${BL}[INFO]${CL} Detected service: ${GN}${service}${CL}"
-  log_write "Container $container: detected service '${service}'"
-
   #2) Extract service build/update resource requirements from config/installation file
-  script=$(curl -fsSL "https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/${service}.sh")
+  script=$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/${service}.sh)
 
   #2.1) Check if the script downloaded successfully
-  if [ $? -ne 0 ] || [ -z "${script}" ]; then
-    echo -e "${RD}[ERROR]${CL} Failed to download ct/${service}.sh"
-    log_result "$container" "${service}" "ERROR" "Failed to download ct/${service}.sh"
-    log_write "Container $container (${service}): ERROR — failed to download install script"
-    continue
+  if [ $? -ne 0 ]; then
+    echo -e "${RD}[ERROR]${CL} Issue while downloading install script."
+    echo -e "${YW}[WARN]${CL} Unable to assess build resource requirements. Proceeding with current resources."
   fi
 
   config=$(pct config "$container")