Compare commits

..

5 Commits

Author SHA1 Message Date
MickLesk d13075a5e1 Fix Manyfold Ruby setup home initialization
Create the `manyfold` service user before calling `setup_ruby` so `/home/manyfold` exists when rbenv profile snippets are written. Also harden `setup_ruby` by creating `$HOME` if missing, preventing profile-write failures for installers that pass a home directory before creating the user.
2026-07-18 12:05:20 +02:00
MickLesk 6cb0fbbc39 Add _download_source_tarball with retry/validation
Introduce `_download_source_tarball` helper that validates gzip integrity after download and retries up to 3 times. This guards against truncated-but-valid-HTTP responses from GitHub/GitLab/Codeberg on-the-fly archive generation. Replace ad-hoc curl/curl_download calls in fetch_and_deploy_* functions with the new helper. Also remove redundant tmpdir cleanup before early returns (tmpdir is cleaned up at function exit).
2026-07-18 11:33:28 +02:00
MickLesk d83e2aa15c refactor(tools.func): centralize deploy tail + trap-based tmpdir cleanup
Extract the duplicated post-download logic of the fetch_and_deploy_*
helpers into two shared functions and switch per-branch cleanup to a
single RETURN trap.

- _deploy_source_tarball: shared source-tarball tail (6 call sites)
- _deploy_unpacked_archive: shared prebuild-archive tail (3 call sites)
- RETURN trap per function guarantees tmpdir/unpack_tmp cleanup on every
  return path, replacing ~40 manual `rm -rf "$tmpdir"` lines
- CLEAN_INSTALL now lives in the helpers instead of 12 copies

Behavior-preserving except: codeberg prebuild gains .txz support and
uses helper return codes; from_url resets shopt on error paths.
2026-07-18 10:45:02 +02:00
MickLesk 4560806137 tools.func: replace rm -rf with find for safer directory cleanup 2026-07-18 09:44:43 +02:00
MickLesk 456af0bf91 tools.func: replace rm -rf with find for safer directory cleanup 2026-07-18 09:40:40 +02:00
7 changed files with 320 additions and 718 deletions
-170
View File
@@ -1,173 +1,3 @@
## 2026-07-18
### 💾 Core
- #### ✨ New Features
- core: add configurable host CA inheritance during bootstrap [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15840](https://github.com/community-scripts/ProxmoxVE/pull/15840))
- #### 🔧 Refactor
- tools.func: Safe Delete Directorys & Update PYTHON_VERSION with setup_uv [@MickLesk](https://github.com/MickLesk) ([#15870](https://github.com/community-scripts/ProxmoxVE/pull/15870))
### 🧰 Tools
- #### ✨ New Features
- [tools.update-lxcs] feat: optional reporting success/failures to heathchecks.io (or others) [@sir106](https://github.com/sir106) ([#15701](https://github.com/community-scripts/ProxmoxVE/pull/15701))
## 2026-07-17
### 🆕 New Scripts
- Invidious ([#15824](https://github.com/community-scripts/ProxmoxVE/pull/15824))
- OxiCloud ([#15823](https://github.com/community-scripts/ProxmoxVE/pull/15823))
### 🚀 Updated Scripts
- #### 🐞 Bug Fixes
- webtrees: initialize database schema before admin user creation [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15837](https://github.com/community-scripts/ProxmoxVE/pull/15837))
- Fix DocuSeal missing Leptonica deps on install and update [@Copilot](https://github.com/Copilot) ([#15858](https://github.com/community-scripts/ProxmoxVE/pull/15858))
- apache-guacamole: detect installed extensions during update [@TowyTowy](https://github.com/TowyTowy) ([#15841](https://github.com/community-scripts/ProxmoxVE/pull/15841))
- CLIProxyAPI: fix update deleting config.yaml [@austinpilz](https://github.com/austinpilz) ([#15834](https://github.com/community-scripts/ProxmoxVE/pull/15834))
- esphome: install libusb-1.0-0 for ESP-IDF native builds [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15838](https://github.com/community-scripts/ProxmoxVE/pull/15838))
- #### ✨ New Features
- AFFiNE: Bump to 0.27.0 [@MickLesk](https://github.com/MickLesk) ([#15848](https://github.com/community-scripts/ProxmoxVE/pull/15848))
- n8n: unpin / use latest release [@MickLesk](https://github.com/MickLesk) ([#15817](https://github.com/community-scripts/ProxmoxVE/pull/15817))
- Pin Opencloud to v7.3.0 [@vhsdream](https://github.com/vhsdream) ([#15826](https://github.com/community-scripts/ProxmoxVE/pull/15826))
- #### 🔧 Refactor
- SFTPGo: Update APT Repo & Re-Enable Script [@MickLesk](https://github.com/MickLesk) ([#15829](https://github.com/community-scripts/ProxmoxVE/pull/15829))
### 💾 Core
- #### ✨ New Features
- tools.func: enhance rbenv with profile updates / bundle in bashrc [@MickLesk](https://github.com/MickLesk) ([#15822](https://github.com/community-scripts/ProxmoxVE/pull/15822))
- feat(build.func): notify users when already on a pinned script version [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15819](https://github.com/community-scripts/ProxmoxVE/pull/15819))
- #### 💥 Breaking Changes
- MongoDB: Implement kernel version check and patch [@MickLesk](https://github.com/MickLesk) ([#15821](https://github.com/community-scripts/ProxmoxVE/pull/15821))
### 🧰 Tools
- #### ✨ New Features
- update-lxc: autoremove and autoclean after apt full-upgrade [@soupy-boy](https://github.com/soupy-boy) ([#15831](https://github.com/community-scripts/ProxmoxVE/pull/15831))
## 2026-07-16
### 🆕 New Scripts
- Sync-In ([#15812](https://github.com/community-scripts/ProxmoxVE/pull/15812))
- Beaverhabits ([#15813](https://github.com/community-scripts/ProxmoxVE/pull/15813))
- Notediscovery ([#15811](https://github.com/community-scripts/ProxmoxVE/pull/15811))
### 🚀 Updated Scripts
- #### 🐞 Bug Fixes
- Pin Immich to v3.0.3 [@vhsdream](https://github.com/vhsdream) ([#15790](https://github.com/community-scripts/ProxmoxVE/pull/15790))
## 2026-07-15
### 🆕 New Scripts
- Nexterm ([#15688](https://github.com/community-scripts/ProxmoxVE/pull/15688))
### 🚀 Updated Scripts
- #### 🐞 Bug Fixes
- 2fauth: minor fixes for 8.0.0 [@MickLesk](https://github.com/MickLesk) ([#15795](https://github.com/community-scripts/ProxmoxVE/pull/15795))
- SnapOtter: refactor update process to prebuild [@MickLesk](https://github.com/MickLesk) ([#15797](https://github.com/community-scripts/ProxmoxVE/pull/15797))
### 💾 Core
- #### 🔧 Refactor
- tools.func: default Docker setup to official repo [@MickLesk](https://github.com/MickLesk) ([#15794](https://github.com/community-scripts/ProxmoxVE/pull/15794))
## 2026-07-14
### 🆕 New Scripts
- Grav ([#15773](https://github.com/community-scripts/ProxmoxVE/pull/15773))
- Yuvomi ([#15772](https://github.com/community-scripts/ProxmoxVE/pull/15772))
### 🚀 Updated Scripts
- #### 🐞 Bug Fixes
- Lychee: Preserve uploads and ownership during update [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15768](https://github.com/community-scripts/ProxmoxVE/pull/15768))
- Wanderer: Clean deploy and install plugins for v0.20.0 update [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15759](https://github.com/community-scripts/ProxmoxVE/pull/15759))
- FileFlows: Handle update API 401, force update, and Node install [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15766](https://github.com/community-scripts/ProxmoxVE/pull/15766))
- BirdNET-Go: Match new upstream release asset naming [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15758](https://github.com/community-scripts/ProxmoxVE/pull/15758))
- [Upstream Fix] Immich: Fix loader priority [@vhsdream](https://github.com/vhsdream) ([#15755](https://github.com/community-scripts/ProxmoxVE/pull/15755))
- #### ✨ New Features
- Bump OpenCloud version to v7.2.2 [@MickLesk](https://github.com/MickLesk) ([#15769](https://github.com/community-scripts/ProxmoxVE/pull/15769))
- Silverbullet: Add optional Runtime API install via Chromium [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15761](https://github.com/community-scripts/ProxmoxVE/pull/15761))
- #### 💥 Breaking Changes
- Pangolin: Bump to 1.20.0 | BREAKING: Switch to PostgreSQL [@MickLesk](https://github.com/MickLesk) ([#15682](https://github.com/community-scripts/ProxmoxVE/pull/15682))
- #### 🔧 Refactor
- AFFiNE: Pin to v0.26.3 [@MickLesk](https://github.com/MickLesk) ([#15782](https://github.com/community-scripts/ProxmoxVE/pull/15782))
## 2026-07-13
### 🆕 New Scripts
- LeafWiki ([#15748](https://github.com/community-scripts/ProxmoxVE/pull/15748))
### 🚀 Updated Scripts
- #### 🐞 Bug Fixes
- fix(hyperion): keep service running after container reboot [@TowyTowy](https://github.com/TowyTowy) ([#15653](https://github.com/community-scripts/ProxmoxVE/pull/15653))
- Change sign-in URL to admin URL in affine.sh [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15741](https://github.com/community-scripts/ProxmoxVE/pull/15741))
- immich: use actual PostgreSQL version for VectorChord package lookup [@mnavon](https://github.com/mnavon) ([#15705](https://github.com/community-scripts/ProxmoxVE/pull/15705))
- fix storyteller release selection for stable web tags [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15736](https://github.com/community-scripts/ProxmoxVE/pull/15736))
- Docmost: Fix update procedure [@MickLesk](https://github.com/MickLesk) ([#15732](https://github.com/community-scripts/ProxmoxVE/pull/15732))
- fix(shinobi): remove obsolete --unsafe-perm npm flag [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15730](https://github.com/community-scripts/ProxmoxVE/pull/15730))
- #### 💥 Breaking Changes
- reitti: update to v5 [@CrazyWolf13](https://github.com/CrazyWolf13) ([#15635](https://github.com/community-scripts/ProxmoxVE/pull/15635))
### 💾 Core
- #### 🐞 Bug Fixes
- fix(build.func): parse script status without jq dependency [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15729](https://github.com/community-scripts/ProxmoxVE/pull/15729))
- #### 🔧 Refactor
- tools.func: some improvements (sql injection / command injection / guard) [@MickLesk](https://github.com/MickLesk) ([#15661](https://github.com/community-scripts/ProxmoxVE/pull/15661))
## 2026-07-12
### 🆕 New Scripts
- AFFiNE ([#15690](https://github.com/community-scripts/ProxmoxVE/pull/15690))
### 🚀 Updated Scripts
- Immich: Bump version to 3.0.2 [@vhsdream](https://github.com/vhsdream) ([#15668](https://github.com/community-scripts/ProxmoxVE/pull/15668))
### ❔ Uncategorized
- fix(immich): correct Python indentation error in ct/immich.sh heredoc patch [@Copilot](https://github.com/Copilot) ([#15723](https://github.com/community-scripts/ProxmoxVE/pull/15723))
## 2026-07-11 ## 2026-07-11
### 🆕 New Scripts ### 🆕 New Scripts
+126 -25
View File
@@ -77,9 +77,6 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
@@ -93,7 +90,7 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
<details> <details>
<summary><h4>July (18 entries)</h4></summary> <summary><h4>July (11 entries)</h4></summary>
[View July 2026 Changelog](.github/changelogs/2026/07.md) [View July 2026 Changelog](.github/changelogs/2026/07.md)
@@ -505,26 +502,6 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
</details> </details>
## 2026-07-19
## 2026-07-18
### 💾 Core
- #### ✨ New Features
- core: add configurable host CA inheritance during bootstrap [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15840](https://github.com/community-scripts/ProxmoxVE/pull/15840))
- #### 🔧 Refactor
- tools.func: Safe Delete Directorys & Update PYTHON_VERSION with setup_uv [@MickLesk](https://github.com/MickLesk) ([#15870](https://github.com/community-scripts/ProxmoxVE/pull/15870))
### 🧰 Tools
- #### ✨ New Features
- [tools.update-lxcs] feat: optional reporting success/failures to heathchecks.io (or others) [@sir106](https://github.com/sir106) ([#15701](https://github.com/community-scripts/ProxmoxVE/pull/15701))
## 2026-07-17 ## 2026-07-17
### 🆕 New Scripts ### 🆕 New Scripts
@@ -1158,4 +1135,128 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
- chore(ct): sync coredns defaults with PocketBase [@github-actions[bot]](https://github.com/github-actions[bot]) ([#15182](https://github.com/community-scripts/ProxmoxVE/pull/15182)) - chore(ct): sync coredns defaults with PocketBase [@github-actions[bot]](https://github.com/github-actions[bot]) ([#15182](https://github.com/community-scripts/ProxmoxVE/pull/15182))
- chore(ct): sync gatus defaults with PocketBase [@github-actions[bot]](https://github.com/github-actions[bot]) ([#15184](https://github.com/community-scripts/ProxmoxVE/pull/15184)) - chore(ct): sync gatus defaults with PocketBase [@github-actions[bot]](https://github.com/github-actions[bot]) ([#15184](https://github.com/community-scripts/ProxmoxVE/pull/15184))
- chore(ct): sync bitmagnet defaults with PocketBase [@github-actions[bot]](https://github.com/github-actions[bot]) ([#15183](https://github.com/community-scripts/ProxmoxVE/pull/15183)) - chore(ct): sync bitmagnet defaults with PocketBase [@github-actions[bot]](https://github.com/github-actions[bot]) ([#15183](https://github.com/community-scripts/ProxmoxVE/pull/15183))
## 2026-06-18
### 🚀 Updated Scripts
- #### 🐞 Bug Fixes
- flowise: add deps / uv / python 3.11 [@MickLesk](https://github.com/MickLesk) ([#15177](https://github.com/community-scripts/ProxmoxVE/pull/15177))
- #### 💥 Breaking Changes
- refactor: crafty-controller [@CrazyWolf13](https://github.com/CrazyWolf13) ([#15178](https://github.com/community-scripts/ProxmoxVE/pull/15178))
## 2026-06-17
### 🚀 Updated Scripts
- #### 🐞 Bug Fixes
- kasm: fix release detection [@CrazyWolf13](https://github.com/CrazyWolf13) ([#15151](https://github.com/community-scripts/ProxmoxVE/pull/15151))
- #### ✨ New Features
- trek: update install and upgrade workflow for v3.1.0 [@MickLesk](https://github.com/MickLesk) ([#15165](https://github.com/community-scripts/ProxmoxVE/pull/15165))
- #### 💥 Breaking Changes
- TREK: Pin version [@tremor021](https://github.com/tremor021) ([#15156](https://github.com/community-scripts/ProxmoxVE/pull/15156))
- #### 🔧 Refactor
- chore(paperless-ngx): pin version to prevent v3 update [@tomfrenzel](https://github.com/tomfrenzel) ([#15171](https://github.com/community-scripts/ProxmoxVE/pull/15171))
### 🧰 Tools
- #### 🐞 Bug Fixes
- immich public proxy: replace npm install with npm ci for consistent dependency installation [@MickLesk](https://github.com/MickLesk) ([#15166](https://github.com/community-scripts/ProxmoxVE/pull/15166))
## 2026-06-16
### 🆕 New Scripts
- Feishin ([#15130](https://github.com/community-scripts/ProxmoxVE/pull/15130))
- Kiwix ([#15131](https://github.com/community-scripts/ProxmoxVE/pull/15131))
- Add runtime status guard and deleted script stubs [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15125](https://github.com/community-scripts/ProxmoxVE/pull/15125))
### 🚀 Updated Scripts
- #### 🐞 Bug Fixes
- fix(degoog): use localhost for valkey url [@ethan-hgwr](https://github.com/ethan-hgwr) ([#15149](https://github.com/community-scripts/ProxmoxVE/pull/15149))
- Fix InvoiceShelf install/update Yarn package manager mismatch [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15141](https://github.com/community-scripts/ProxmoxVE/pull/15141))
- fix storyteller install failure with yarn 4 corepack [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15140](https://github.com/community-scripts/ProxmoxVE/pull/15140))
- fix: generate policy-compliant OpenObserve root password [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15137](https://github.com/community-scripts/ProxmoxVE/pull/15137))
## 2026-06-15
### 🚀 Updated Scripts
- #### 🐞 Bug Fixes
- Watcharr: Clean install on update [@tremor021](https://github.com/tremor021) ([#15119](https://github.com/community-scripts/ProxmoxVE/pull/15119))
- Vaultwarden: extend version check for VaultWarden update [@MickLesk](https://github.com/MickLesk) ([#15105](https://github.com/community-scripts/ProxmoxVE/pull/15105))
- #### ✨ New Features
- degoog: add curl-impersonate to script [@MickLesk](https://github.com/MickLesk) ([#15117](https://github.com/community-scripts/ProxmoxVE/pull/15117))
### 💾 Core
- #### ✨ New Features
- tools.func: extend mesa-vulkan-drivers and vulkan-tools to installation for ARC GPU's [@MickLesk](https://github.com/MickLesk) ([#15106](https://github.com/community-scripts/ProxmoxVE/pull/15106))
- #### 🔧 Refactor
- core: improve mirror selection and error handling [@MickLesk](https://github.com/MickLesk) ([#15108](https://github.com/community-scripts/ProxmoxVE/pull/15108))
- core: implement gateway validation for DHCP and static networks [@MickLesk](https://github.com/MickLesk) ([#15107](https://github.com/community-scripts/ProxmoxVE/pull/15107))
## 2026-06-14
### 🚀 Updated Scripts
- #### 🐞 Bug Fixes
- Iinvoiceninja: fix nginx setup assets port [@MickLesk](https://github.com/MickLesk) ([#15090](https://github.com/community-scripts/ProxmoxVE/pull/15090))
- CheckMK: remove stale backup site before creating new backup during update [@MickLesk](https://github.com/MickLesk) ([#15088](https://github.com/community-scripts/ProxmoxVE/pull/15088))
- #### 🔧 Refactor
- Refactor: Implement backup functions for scripts C-D [@tremor021](https://github.com/tremor021) ([#15096](https://github.com/community-scripts/ProxmoxVE/pull/15096))
## 2026-06-13
### 🆕 New Scripts
- BookOrbit ([#15080](https://github.com/community-scripts/ProxmoxVE/pull/15080))
### 🚀 Updated Scripts
- Update authentik version to 2026.5.3 [@thieneret](https://github.com/thieneret) ([#15093](https://github.com/community-scripts/ProxmoxVE/pull/15093))
- #### 🐞 Bug Fixes
- Immich: Update image-processing libraries [@vhsdream](https://github.com/vhsdream) ([#15082](https://github.com/community-scripts/ProxmoxVE/pull/15082))
- HomeBox: Support v0.26.0 [@tomfrenzel](https://github.com/tomfrenzel) ([#15086](https://github.com/community-scripts/ProxmoxVE/pull/15086))
- #### 🔧 Refactor
- Refactor: Implement backup functions for scripts A-B [@tremor021](https://github.com/tremor021) ([#15075](https://github.com/community-scripts/ProxmoxVE/pull/15075))
## 2026-06-12
### 🆕 New Scripts
- Twenty ([#15047](https://github.com/community-scripts/ProxmoxVE/pull/15047))
- Alpine-Cinny ([#15044](https://github.com/community-scripts/ProxmoxVE/pull/15044))
### 💾 Core
- #### ✨ New Features
- [core] Implement backup and restore functions [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15067](https://github.com/community-scripts/ProxmoxVE/pull/15067))
+4 -1
View File
@@ -31,13 +31,16 @@ NODE_VERSION="24" NODE_MODULE="corepack,yarn" setup_nodejs
fetch_and_deploy_gh_release "manyfold" "manyfold3d/manyfold" "tarball" "latest" "/opt/manyfold/app" fetch_and_deploy_gh_release "manyfold" "manyfold3d/manyfold" "tarball" "latest" "/opt/manyfold/app"
# Create the service user (and its home) before setup_ruby, which writes rbenv
# profile snippets into HOME=/home/manyfold.
useradd -m -s /usr/bin/bash manyfold
RUBY_INSTALL_VERSION=$(cat /opt/manyfold/app/.ruby-version) RUBY_INSTALL_VERSION=$(cat /opt/manyfold/app/.ruby-version)
RUBY_VERSION=${RUBY_INSTALL_VERSION} RUBY_INSTALL_RAILS="true" HOME=/home/manyfold setup_ruby RUBY_VERSION=${RUBY_INSTALL_VERSION} RUBY_INSTALL_RAILS="true" HOME=/home/manyfold setup_ruby
msg_info "Configuring Manyfold" msg_info "Configuring Manyfold"
YARN_VERSION=$(grep '"packageManager":' /opt/manyfold/app/package.json | sed -E 's/.*"(yarn@[0-9\.]+)".*/\1/') YARN_VERSION=$(grep '"packageManager":' /opt/manyfold/app/package.json | sed -E 's/.*"(yarn@[0-9\.]+)".*/\1/')
RELEASE=$(get_latest_github_release "manyfold3d/manyfold") RELEASE=$(get_latest_github_release "manyfold3d/manyfold")
useradd -m -s /usr/bin/bash manyfold
cat <<EOF >/opt/manyfold/.env cat <<EOF >/opt/manyfold/.env
export APP_VERSION=${RELEASE} export APP_VERSION=${RELEASE}
export GUID=1002 export GUID=1002
+7 -136
View File
@@ -1009,7 +1009,6 @@ base_settings() {
APT_CACHER=${var_apt_cacher:-""} APT_CACHER=${var_apt_cacher:-""}
APT_CACHER_IP=${var_apt_cacher_ip:-""} APT_CACHER_IP=${var_apt_cacher_ip:-""}
INHERIT_HOST_CA="${var_inherit_host_ca:-auto}"
# Runtime check: Verify APT cacher is reachable if configured # Runtime check: Verify APT cacher is reachable if configured
if [[ -n "$APT_CACHER_IP" && "$APT_CACHER" == "yes" ]]; then if [[ -n "$APT_CACHER_IP" && "$APT_CACHER" == "yes" ]]; then
@@ -1089,7 +1088,7 @@ load_vars_file() {
# Allowed var_* keys # Allowed var_* keys
local VAR_WHITELIST=( local VAR_WHITELIST=(
var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_inherit_host_ca var_keyctl var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_keyctl
var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain
@@ -1286,12 +1285,6 @@ load_vars_file() {
continue continue
fi fi
;; ;;
var_inherit_host_ca)
if [[ "$var_val" != "yes" && "$var_val" != "no" && "$var_val" != "auto" ]]; then
msg_warn "Invalid host CA inheritance value '$var_val' in $file (must be yes/no/auto), ignoring"
continue
fi
;;
var_container_storage | var_template_storage) var_container_storage | var_template_storage)
# Validate that the storage exists and is active on the current node # Validate that the storage exists and is active on the current node
local _storage_status local _storage_status
@@ -1331,7 +1324,7 @@ default_var_settings() {
# Allowed var_* keys (alphabetically sorted) # Allowed var_* keys (alphabetically sorted)
# Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique) # Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
local VAR_WHITELIST=( local VAR_WHITELIST=(
var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_inherit_host_ca var_keyctl var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_keyctl
var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
@@ -1414,7 +1407,6 @@ var_ssh=no
# HTTP/HTTPS proxy (optional - for networks requiring a proxy) # HTTP/HTTPS proxy (optional - for networks requiring a proxy)
# var_http_proxy=http://proxy.local:8080 # var_http_proxy=http://proxy.local:8080
# var_http_no_proxy=localhost,127.0.0.1,.local # var_http_no_proxy=localhost,127.0.0.1,.local
# var_inherit_host_ca=auto
# Features/Tags/verbosity # Features/Tags/verbosity
var_fuse=no var_fuse=no
@@ -1515,7 +1507,7 @@ get_app_defaults_path() {
if ! declare -p VAR_WHITELIST >/dev/null 2>&1; then if ! declare -p VAR_WHITELIST >/dev/null 2>&1; then
# Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique) # Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
declare -ag VAR_WHITELIST=( declare -ag VAR_WHITELIST=(
var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_inherit_host_ca var_keyctl var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_keyctl
var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain
@@ -1665,7 +1657,6 @@ _build_current_app_vars_tmp() {
_apt_cacher_ip="${APT_CACHER_IP:-}" _apt_cacher_ip="${APT_CACHER_IP:-}"
_http_proxy="${HTTP_PROXY:-${var_http_proxy:-}}" _http_proxy="${HTTP_PROXY:-${var_http_proxy:-}}"
_http_no_proxy="${HTTP_NO_PROXY:-${var_http_no_proxy:-}}" _http_no_proxy="${HTTP_NO_PROXY:-${var_http_no_proxy:-}}"
_inherit_host_ca="${INHERIT_HOST_CA:-${var_inherit_host_ca:-auto}}"
_fuse="${ENABLE_FUSE:-no}" _fuse="${ENABLE_FUSE:-no}"
_tun="${ENABLE_TUN:-no}" _tun="${ENABLE_TUN:-no}"
_gpu="${ENABLE_GPU:-no}" _gpu="${ENABLE_GPU:-no}"
@@ -1719,7 +1710,6 @@ _build_current_app_vars_tmp() {
[ -n "$_apt_cacher_ip" ] && echo "var_apt_cacher_ip=$(_sanitize_value "$_apt_cacher_ip")" [ -n "$_apt_cacher_ip" ] && echo "var_apt_cacher_ip=$(_sanitize_value "$_apt_cacher_ip")"
[ -n "$_http_proxy" ] && echo "var_http_proxy=$(_sanitize_value "$_http_proxy")" [ -n "$_http_proxy" ] && echo "var_http_proxy=$(_sanitize_value "$_http_proxy")"
[ -n "$_http_no_proxy" ] && echo "var_http_no_proxy=$(_sanitize_value "$_http_no_proxy")" [ -n "$_http_no_proxy" ] && echo "var_http_no_proxy=$(_sanitize_value "$_http_no_proxy")"
[ -n "$_inherit_host_ca" ] && echo "var_inherit_host_ca=$(_sanitize_value "$_inherit_host_ca")"
[ -n "$_fuse" ] && echo "var_fuse=$(_sanitize_value "$_fuse")" [ -n "$_fuse" ] && echo "var_fuse=$(_sanitize_value "$_fuse")"
[ -n "$_tun" ] && echo "var_tun=$(_sanitize_value "$_tun")" [ -n "$_tun" ] && echo "var_tun=$(_sanitize_value "$_tun")"
@@ -1884,7 +1874,7 @@ advanced_settings() {
TAGS="community-script${var_tags:+;${var_tags}}" TAGS="community-script${var_tags:+;${var_tags}}"
fi fi
local STEP=1 local STEP=1
local MAX_STEP=31 local MAX_STEP=30
# Store values for back navigation - inherit from var_* app defaults # Store values for back navigation - inherit from var_* app defaults
local _ct_type="${var_unprivileged:-1}" local _ct_type="${var_unprivileged:-1}"
@@ -1906,7 +1896,6 @@ advanced_settings() {
local _apt_cacher_ip="${var_apt_cacher_ip:-}" local _apt_cacher_ip="${var_apt_cacher_ip:-}"
local _http_proxy="${var_http_proxy:-}" local _http_proxy="${var_http_proxy:-}"
local _http_no_proxy="${var_http_no_proxy:-}" local _http_no_proxy="${var_http_no_proxy:-}"
local _inherit_host_ca="${var_inherit_host_ca:-auto}"
local _mtu="${var_mtu:-}" local _mtu="${var_mtu:-}"
local _sd="${var_searchdomain:-}" local _sd="${var_searchdomain:-}"
local _ns="${var_ns:-}" local _ns="${var_ns:-}"
@@ -2736,47 +2725,9 @@ advanced_settings() {
;; ;;
# ═══════════════════════════════════════════════════════════════════════════ # ═══════════════════════════════════════════════════════════════════════════
# STEP 25: Host CA Inheritance # STEP 25: Container Timezone
# ═══════════════════════════════════════════════════════════════════════════ # ═══════════════════════════════════════════════════════════════════════════
25) 25)
local host_ca_count=0
local host_ca_dir="/usr/local/share/ca-certificates"
local cert
shopt -s nullglob
for cert in "$host_ca_dir"/*.crt; do
host_ca_count=$((host_ca_count + 1))
done
shopt -u nullglob
if [[ $host_ca_count -eq 0 ]]; then
_inherit_host_ca="auto"
((STEP++))
continue
fi
local host_ca_default_flag=""
[[ "$_inherit_host_ca" == "no" ]] && host_ca_default_flag="--defaultno"
if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
--title "HOST CA INHERITANCE" \
--ok-button "Next" --cancel-button "Back" \
$host_ca_default_flag \
--yesno "\nInherit host CA certificates into this container?\n\nDetected on host: ${host_ca_count} certificate(s) in:\n${host_ca_dir}\n\nRecommended for private PKI / TLS-inspection environments.\n\n(App default: ${var_inherit_host_ca:-auto})" 16 72; then
_inherit_host_ca="yes"
else
if [ $? -eq 1 ]; then
_inherit_host_ca="no"
else
((STEP--))
continue
fi
fi
((STEP++))
;;
# ═══════════════════════════════════════════════════════════════════════════
# STEP 26: Container Timezone
# ═══════════════════════════════════════════════════════════════════════════
26)
local tz_hint="$_ct_timezone" local tz_hint="$_ct_timezone"
[[ -z "$tz_hint" ]] && tz_hint="(empty - will use host timezone)" [[ -z "$tz_hint" ]] && tz_hint="(empty - will use host timezone)"
@@ -2799,9 +2750,9 @@ advanced_settings() {
;; ;;
# ═══════════════════════════════════════════════════════════════════════════ # ═══════════════════════════════════════════════════════════════════════════
# STEP 27: Container Protection # STEP 26: Container Protection
# ═══════════════════════════════════════════════════════════════════════════ # ═══════════════════════════════════════════════════════════════════════════
27) 26)
local protect_default_flag="--defaultno" local protect_default_flag="--defaultno"
[[ "$_protect_ct" == "yes" || "$_protect_ct" == "1" ]] && protect_default_flag="" [[ "$_protect_ct" == "yes" || "$_protect_ct" == "1" ]] && protect_default_flag=""
@@ -2953,7 +2904,6 @@ Leave empty to skip."
local apt_display="${_apt_cacher:-no}" local apt_display="${_apt_cacher:-no}"
[[ "$_apt_cacher" == "yes" && -n "$_apt_cacher_ip" ]] && apt_display="$_apt_cacher_ip" [[ "$_apt_cacher" == "yes" && -n "$_apt_cacher_ip" ]] && apt_display="$_apt_cacher_ip"
local http_proxy_display="${_http_proxy:-(none)}" local http_proxy_display="${_http_proxy:-(none)}"
local inherit_ca_display="${_inherit_host_ca:-auto}"
local post_install_display="${_post_install:-(none)}" local post_install_display="${_post_install:-(none)}"
local post_install_warn="" local post_install_warn=""
@@ -2984,7 +2934,6 @@ Advanced:
Timezone: $tz_display Timezone: $tz_display
APT Cacher: $apt_display APT Cacher: $apt_display
HTTP Proxy: $http_proxy_display HTTP Proxy: $http_proxy_display
Inherit Host CAs: $inherit_ca_display
Verbose: $_verbose Verbose: $_verbose
Post-Install Script: ${post_install_display}${post_install_warn}" Post-Install Script: ${post_install_display}${post_install_warn}"
@@ -3030,7 +2979,6 @@ Advanced:
APT_CACHER_IP="$_apt_cacher_ip" APT_CACHER_IP="$_apt_cacher_ip"
HTTP_PROXY="$_http_proxy" HTTP_PROXY="$_http_proxy"
HTTP_NO_PROXY="$_http_no_proxy" HTTP_NO_PROXY="$_http_no_proxy"
INHERIT_HOST_CA="$_inherit_host_ca"
VERBOSE="$_verbose" VERBOSE="$_verbose"
var_post_install="$_post_install" var_post_install="$_post_install"
@@ -3049,7 +2997,6 @@ Advanced:
var_sdn_vnet="$_sdn_vnet" var_sdn_vnet="$_sdn_vnet"
var_http_proxy="$_http_proxy" var_http_proxy="$_http_proxy"
var_http_no_proxy="$_http_no_proxy" var_http_no_proxy="$_http_no_proxy"
var_inherit_host_ca="$_inherit_host_ca"
# Format optional values # Format optional values
[[ -n "$_mtu" ]] && MTU=",mtu=$_mtu" || MTU="" [[ -n "$_mtu" ]] && MTU=",mtu=$_mtu" || MTU=""
@@ -3998,81 +3945,6 @@ EOF
msg_ok "Applied HTTP proxy in container" msg_ok "Applied HTTP proxy in container"
} }
# ------------------------------------------------------------------------------
# _apply_host_ca_certs_in_container()
#
# - Copies administrator-provided CA certificates from the Proxmox host into the
# container before base package bootstrap
# - Source: /usr/local/share/ca-certificates/*.crt (Debian convention)
# - Refreshes the container trust store when update-ca-certificates is available
# - No-op when no host certificates are present; failures are non-fatal
# ------------------------------------------------------------------------------
_apply_host_ca_certs_in_container() {
local host_ca_dir="/usr/local/share/ca-certificates"
[[ -z "${CTID:-}" ]] && return 0
local inherit_host_ca="${INHERIT_HOST_CA:-${var_inherit_host_ca:-auto}}"
local -a host_certs=()
local cert
shopt -s nullglob
for cert in "$host_ca_dir"/*.crt; do
host_certs+=("$cert")
done
shopt -u nullglob
[[ ${#host_certs[@]} -eq 0 ]] && return 0
case "${inherit_host_ca,,}" in
no | false | 0 | off)
msg_info "Skipping host CA inheritance by configuration"
return 0
;;
esac
msg_info "Inheriting host CA certificates into container"
local found=${#host_certs[@]}
local copied=0
local skipped=0
local cert_name
pct exec "$CTID" -- mkdir -p /usr/local/share/ca-certificates >/dev/null 2>&1 || {
msg_warn "Failed to create CA certificate directory in container"
return 0
}
for cert in "${host_certs[@]}"; do
cert_name="$(basename "$cert")"
if [[ ! -r "$cert" || "$cert_name" != *.crt ]]; then
msg_warn "Skipping invalid or unreadable host CA certificate: ${cert_name}"
skipped=$((skipped + 1))
continue
fi
if pct push "$CTID" "$cert" "/usr/local/share/ca-certificates/${cert_name}" >/dev/null 2>&1; then
pct exec "$CTID" -- chmod 644 "/usr/local/share/ca-certificates/${cert_name}" >/dev/null 2>&1 || true
copied=$((copied + 1))
else
msg_warn "Failed to push host CA certificate: ${cert_name}"
skipped=$((skipped + 1))
fi
done
if [[ $copied -eq 0 ]]; then
msg_warn "No host CA certificates were copied (${found} found, ${skipped} skipped)"
return 0
fi
local refresh_shell="bash"
[[ "$var_os" == "alpine" ]] && refresh_shell="ash"
if pct exec "$CTID" -- "$refresh_shell" -c 'command -v update-ca-certificates >/dev/null 2>&1 && update-ca-certificates' >/dev/null 2>&1; then
msg_ok "Inherited ${copied} host CA certificate(s) and updated trust store (${skipped} skipped)"
else
msg_warn "Copied ${copied} host CA certificate(s), but trust store update failed or update-ca-certificates is unavailable (${skipped} skipped)"
fi
}
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# build_container() # build_container()
# #
@@ -4693,7 +4565,6 @@ EOF
local install_exit_code=0 local install_exit_code=0
_apply_http_proxy_in_container _apply_http_proxy_in_container
_apply_host_ca_certs_in_container
# Continue with standard container setup # Continue with standard container setup
if [ "$var_os" == "alpine" ]; then if [ "$var_os" == "alpine" ]; then
+175 -335
View File
@@ -2483,6 +2483,150 @@ verify_gpg_fingerprint() {
return 65 return 65
} }
# ------------------------------------------------------------------------------
# _download_source_tarball <url> <dest> [curl args...]
#
# Downloads a source .tar.gz to <dest> and verifies the gzip stream is complete
# before returning. Source forges (GitHub/GitLab/Codeberg) build these archives
# on the fly; for large repos the response is occasionally a truncated-but-
# cleanly-closed gzip that curl accepts as success (HTTP 200) and which then
# fails at extraction time. We validate with `gzip -t` and re-download on
# failure, and abort stalled transfers (--speed-time) so a hung generation
# retries instead of blocking for minutes. Extra args pass through to curl
# (e.g. auth headers like -H "PRIVATE-TOKEN: ...").
#
# Returns: 0 on success, 250 on persistent failure.
# ------------------------------------------------------------------------------
_download_source_tarball() {
local url="$1" dest="$2"
shift 2
local attempt max=3
for ((attempt = 1; attempt <= max; attempt++)); do
if curl --connect-timeout 15 --max-time 900 --speed-limit 1024 --speed-time 60 \
-fsSL "$@" -o "$dest" "$url" && gzip -t "$dest" 2>/dev/null; then
return 0
fi
rm -f "$dest"
((attempt < max)) && {
msg_warn "Source archive download failed or incomplete (attempt ${attempt}/${max}), retrying..."
sleep $((attempt * 3))
}
done
return 250
}
# ------------------------------------------------------------------------------
# _deploy_source_tarball <tarball_path> <target> <workdir>
#
# Shared tail for the *source tarball* modes of the fetch_and_deploy_* helpers
# (GitHub/GitLab/Codeberg archive tarballs that contain a single top-level
# directory). Extracts <tarball_path> into <workdir>, then copies the contents
# of that top-level directory into <target>.
#
# - Honors CLEAN_INSTALL=1 (wipes <target> first, dotfiles included).
# - Does NOT own <workdir>: the caller creates it and is responsible for its
# cleanup (typically via a RETURN trap on its tmpdir).
# - cp failures are non-fatal here, matching the previous inline behavior.
#
# Returns: 0 on success (or non-fatal cp failure), 251 on extraction failure.
# ------------------------------------------------------------------------------
_deploy_source_tarball() {
local tarball="$1" target="$2" workdir="$3"
mkdir -p "$target"
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
find "${target:?}" -mindepth 1 -delete
fi
tar --no-same-owner -xzf "$tarball" -C "$workdir" || {
msg_error "Failed to extract tarball"
return 251
}
local unpack_dir
unpack_dir=$(find "$workdir" -mindepth 1 -maxdepth 1 -type d | head -n1)
shopt -s dotglob nullglob
cp -r "$unpack_dir"/* "$target/"
shopt -u dotglob nullglob
return 0
}
# ------------------------------------------------------------------------------
# _deploy_unpacked_archive <archive_path> <target> <workdir>
#
# Shared tail for the *prebuild* modes of the fetch_and_deploy_*_release helpers
# (release assets shipped as .zip / .tar.* / .tgz / .txz). Extracts the archive
# into <workdir>, then copies its payload into <target>. If the archive contains
# a single top-level directory, that directory is stripped (its contents land
# directly in <target>); otherwise the archive contents are copied as-is.
#
# - Honors CLEAN_INSTALL=1 (wipes <target> first, dotfiles included).
# - Does NOT own <workdir>: the caller creates it and cleans it up.
#
# Returns: 0 on success, 65 on unsupported format, 251 on extraction failure,
# 252 on copy failure / empty archive.
# ------------------------------------------------------------------------------
_deploy_unpacked_archive() {
local archive="$1" target="$2" workdir="$3"
local filename="${archive##*/}"
mkdir -p "$target"
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
find "${target:?}" -mindepth 1 -delete
fi
if [[ "$filename" == *.zip ]]; then
ensure_dependencies unzip
unzip -q "$archive" -d "$workdir" || {
msg_error "Failed to extract ZIP archive"
return 251
}
elif [[ "$filename" == *.tar.* || "$filename" == *.tgz || "$filename" == *.txz ]]; then
tar --no-same-owner -xf "$archive" -C "$workdir" || {
msg_error "Failed to extract TAR archive"
return 251
}
else
msg_error "Unsupported archive format: $filename"
return 65
fi
local top_entries inner_dir
top_entries=$(find "$workdir" -mindepth 1 -maxdepth 1)
if [[ "$(echo "$top_entries" | wc -l)" -eq 1 && -d "$top_entries" ]]; then
inner_dir="$top_entries"
shopt -s dotglob nullglob
if compgen -G "$inner_dir/*" >/dev/null; then
cp -r "$inner_dir"/* "$target/" || {
msg_error "Failed to copy contents from $inner_dir to $target"
shopt -u dotglob nullglob
return 252
}
else
msg_error "Inner directory is empty: $inner_dir"
shopt -u dotglob nullglob
return 252
fi
shopt -u dotglob nullglob
else
shopt -s dotglob nullglob
if compgen -G "$workdir/*" >/dev/null; then
cp -r "$workdir"/* "$target/" || {
msg_error "Failed to copy contents to $target"
shopt -u dotglob nullglob
return 252
}
else
msg_error "Unpacked archive is empty"
shopt -u dotglob nullglob
return 252
fi
shopt -u dotglob nullglob
fi
return 0
}
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Fetches and deploys a GitHub tag-based source tarball. # Fetches and deploys a GitHub tag-based source tarball.
# #
@@ -2531,36 +2675,19 @@ fetch_and_deploy_gh_tag() {
local tmpdir local tmpdir
tmpdir=$(mktemp -d) || return 1 tmpdir=$(mktemp -d) || return 1
trap 'rm -rf "$tmpdir"' RETURN
local tarball_url="https://github.com/${repo}/archive/refs/tags/${version}.tar.gz" local tarball_url="https://github.com/${repo}/archive/refs/tags/${version}.tar.gz"
local filename="${app_lc}-${version}.tar.gz" local filename="${app_lc}-${version}.tar.gz"
msg_info "Fetching GitHub tag: ${app} (${version})" msg_info "Fetching GitHub tag: ${app} (${version})"
download_file "$tarball_url" "$tmpdir/$filename" || { _download_source_tarball "$tarball_url" "$tmpdir/$filename" || {
msg_error "Download failed: $tarball_url" msg_error "Download failed: $tarball_url"
rm -rf "$tmpdir"
return 7 return 7
} }
mkdir -p "$target" _deploy_source_tarball "$tmpdir/$filename" "$target" "$tmpdir" || return 251
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
find "${target:?}" -mindepth 1 -delete
fi
tar --no-same-owner -xzf "$tmpdir/$filename" -C "$tmpdir" || {
msg_error "Failed to extract tarball"
rm -rf "$tmpdir"
return 251
}
local unpack_dir
unpack_dir=$(find "$tmpdir" -mindepth 1 -maxdepth 1 -type d | head -n1)
shopt -s dotglob nullglob
cp -r "$unpack_dir"/* "$target/"
shopt -u dotglob nullglob
rm -rf "$tmpdir"
echo "$version" >"$version_file" echo "$version" >"$version_file"
msg_ok "Deployed ${app} ${version} to ${target}" msg_ok "Deployed ${app} ${version} to ${target}"
return 0 return 0
@@ -2725,35 +2852,18 @@ fetch_and_deploy_gl_tag() {
local tmpdir local tmpdir
tmpdir=$(mktemp -d) || return 1 tmpdir=$(mktemp -d) || return 1
trap 'rm -rf "$tmpdir"' RETURN
local filename="${app_lc}-${version_safe}.tar.gz" local filename="${app_lc}-${version_safe}.tar.gz"
msg_info "Fetching GitLab tag: ${app} (${resolved_tag})" msg_info "Fetching GitLab tag: ${app} (${resolved_tag})"
curl $download_timeout -fsSL "${header[@]}" -o "$tmpdir/$filename" "$tarball_url" || { _download_source_tarball "$tarball_url" "$tmpdir/$filename" "${header[@]}" || {
msg_error "Download failed: $tarball_url" msg_error "Download failed: $tarball_url"
rm -rf "$tmpdir"
return 7 return 7
} }
mkdir -p "$target" _deploy_source_tarball "$tmpdir/$filename" "$target" "$tmpdir" || return 251
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
find "${target:?}" -mindepth 1 -delete
fi
tar --no-same-owner -xzf "$tmpdir/$filename" -C "$tmpdir" || {
msg_error "Failed to extract tarball"
rm -rf "$tmpdir"
return 251
}
local unpack_dir
unpack_dir=$(find "$tmpdir" -mindepth 1 -maxdepth 1 -type d | head -n1)
shopt -s dotglob nullglob
cp -r "$unpack_dir"/* "$target/"
shopt -u dotglob nullglob
rm -rf "$tmpdir"
echo "$resolved_tag" >"$version_file" echo "$resolved_tag" >"$version_file"
msg_ok "Deployed ${app} ${resolved_tag} to ${target}" msg_ok "Deployed ${app} ${resolved_tag} to ${target}"
return 0 return 0
@@ -3450,6 +3560,7 @@ fetch_and_deploy_codeberg_release() {
local tmpdir local tmpdir
tmpdir=$(mktemp -d) || return 252 tmpdir=$(mktemp -d) || return 252
trap 'rm -rf "$tmpdir"' RETURN
msg_info "Fetching Codeberg tag: $app ($tag_name)" msg_info "Fetching Codeberg tag: $app ($tag_name)"
@@ -3460,37 +3571,19 @@ fetch_and_deploy_codeberg_release() {
# Codeberg archive URL format: https://codeberg.org/{owner}/{repo}/archive/{tag}.tar.gz # Codeberg archive URL format: https://codeberg.org/{owner}/{repo}/archive/{tag}.tar.gz
local archive_url="https://codeberg.org/$repo/archive/${tag_name}.tar.gz" local archive_url="https://codeberg.org/$repo/archive/${tag_name}.tar.gz"
if curl_download "$tmpdir/$filename" "$archive_url"; then if _download_source_tarball "$archive_url" "$tmpdir/$filename"; then
download_success=true download_success=true
fi fi
if [[ "$download_success" != "true" ]]; then if [[ "$download_success" != "true" ]]; then
msg_error "Download failed for $app ($tag_name)" msg_error "Download failed for $app ($tag_name)"
rm -rf "$tmpdir"
return 250 return 250
fi fi
mkdir -p "$target" _deploy_source_tarball "$tmpdir/$filename" "$target" "$tmpdir" || return 251
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
find "${target:?}" -mindepth 1 -delete
fi
tar --no-same-owner -xzf "$tmpdir/$filename" -C "$tmpdir" || {
msg_error "Failed to extract tarball"
rm -rf "$tmpdir"
return 251
}
local unpack_dir
unpack_dir=$(find "$tmpdir" -mindepth 1 -maxdepth 1 -type d | head -n1)
shopt -s dotglob nullglob
cp -r "$unpack_dir"/* "$target/"
shopt -u dotglob nullglob
echo "$version" >"$version_file" echo "$version" >"$version_file"
msg_ok "Deployed: $app ($version)" msg_ok "Deployed: $app ($version)"
rm -rf "$tmpdir"
return 0 return 0
fi fi
@@ -3509,7 +3602,7 @@ fetch_and_deploy_codeberg_release() {
local codeberg_rel_json local codeberg_rel_json
codeberg_rel_json=$(mktemp /tmp/tools-codeberg-rel-XXXXXX) || return 73 codeberg_rel_json=$(mktemp /tmp/tools-codeberg-rel-XXXXXX) || return 73
trap 'rm -f "$codeberg_rel_json"' RETURN trap 'rm -f "$codeberg_rel_json"; rm -rf "${tmpdir:-}" "${unpack_tmp:-}"' RETURN
local attempt=0 success=false resp http_code local attempt=0 success=false resp http_code
@@ -3563,32 +3656,16 @@ fetch_and_deploy_codeberg_release() {
# Codeberg archive URL format # Codeberg archive URL format
local archive_url="https://codeberg.org/$repo/archive/${tag_name}.tar.gz" local archive_url="https://codeberg.org/$repo/archive/${tag_name}.tar.gz"
if curl_download "$tmpdir/$filename" "$archive_url"; then if _download_source_tarball "$archive_url" "$tmpdir/$filename"; then
download_success=true download_success=true
fi fi
if [[ "$download_success" != "true" ]]; then if [[ "$download_success" != "true" ]]; then
msg_error "Download failed for $app ($tag_name)" msg_error "Download failed for $app ($tag_name)"
rm -rf "$tmpdir"
return 250 return 250
fi fi
mkdir -p "$target" _deploy_source_tarball "$tmpdir/$filename" "$target" "$tmpdir" || return 251
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
find "${target:?}" -mindepth 1 -delete
fi
tar --no-same-owner -xzf "$tmpdir/$filename" -C "$tmpdir" || {
msg_error "Failed to extract tarball"
rm -rf "$tmpdir"
return 251
}
local unpack_dir
unpack_dir=$(find "$tmpdir" -mindepth 1 -maxdepth 1 -type d | head -n1)
shopt -s dotglob nullglob
cp -r "$unpack_dir"/* "$target/"
shopt -u dotglob nullglob
### Binary Mode ### ### Binary Mode ###
elif [[ "$mode" == "binary" ]]; then elif [[ "$mode" == "binary" ]]; then
@@ -3636,14 +3713,12 @@ fetch_and_deploy_codeberg_release() {
if [[ -z "$url_match" ]]; then if [[ -z "$url_match" ]]; then
msg_error "No suitable .deb asset found for $app" msg_error "No suitable .deb asset found for $app"
rm -rf "$tmpdir"
return 252 return 252
fi fi
filename="${url_match##*/}" filename="${url_match##*/}"
curl_download "$tmpdir/$filename" "$url_match" || { curl_download "$tmpdir/$filename" "$url_match" || {
msg_error "Download failed: $url_match" msg_error "Download failed: $url_match"
rm -rf "$tmpdir"
return 250 return 250
} }
@@ -3651,7 +3726,6 @@ fetch_and_deploy_codeberg_release() {
$STD apt install -y "$tmpdir/$filename" || { $STD apt install -y "$tmpdir/$filename" || {
$STD dpkg -i "$tmpdir/$filename" || { $STD dpkg -i "$tmpdir/$filename" || {
_diagnose_deb_failure "$tmpdir/$filename" _diagnose_deb_failure "$tmpdir/$filename"
rm -rf "$tmpdir"
return 100 return 100
} }
} }
@@ -3662,7 +3736,6 @@ fetch_and_deploy_codeberg_release() {
pattern="${pattern#\"}" pattern="${pattern#\"}"
[[ -z "$pattern" ]] && { [[ -z "$pattern" ]] && {
msg_error "Mode 'prebuild' requires 6th parameter (asset filename pattern)" msg_error "Mode 'prebuild' requires 6th parameter (asset filename pattern)"
rm -rf "$tmpdir"
return 65 return 65
} }
@@ -3679,77 +3752,18 @@ fetch_and_deploy_codeberg_release() {
[[ -z "$asset_url" ]] && { [[ -z "$asset_url" ]] && {
msg_error "No asset matching '$pattern' found" msg_error "No asset matching '$pattern' found"
rm -rf "$tmpdir"
return 252 return 252
} }
filename="${asset_url##*/}" filename="${asset_url##*/}"
curl_download "$tmpdir/$filename" "$asset_url" || { curl_download "$tmpdir/$filename" "$asset_url" || {
msg_error "Download failed: $asset_url" msg_error "Download failed: $asset_url"
rm -rf "$tmpdir"
return 250 return 250
} }
local unpack_tmp local unpack_tmp
unpack_tmp=$(mktemp -d) unpack_tmp=$(mktemp -d)
mkdir -p "$target" _deploy_unpacked_archive "$tmpdir/$filename" "$target" "$unpack_tmp" || return
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
find "${target:?}" -mindepth 1 -delete
fi
if [[ "$filename" == *.zip ]]; then
ensure_dependencies unzip
unzip -q "$tmpdir/$filename" -d "$unpack_tmp" || {
msg_error "Failed to extract ZIP archive"
rm -rf "$tmpdir" "$unpack_tmp"
return 251
}
elif [[ "$filename" == *.tar.* || "$filename" == *.tgz ]]; then
tar --no-same-owner -xf "$tmpdir/$filename" -C "$unpack_tmp" || {
msg_error "Failed to extract TAR archive"
rm -rf "$tmpdir" "$unpack_tmp"
return 251
}
else
msg_error "Unsupported archive format: $filename"
rm -rf "$tmpdir" "$unpack_tmp"
return 251
fi
local top_dirs
top_dirs=$(find "$unpack_tmp" -mindepth 1 -maxdepth 1 -type d | wc -l)
local top_entries inner_dir
top_entries=$(find "$unpack_tmp" -mindepth 1 -maxdepth 1)
if [[ "$(echo "$top_entries" | wc -l)" -eq 1 && -d "$top_entries" ]]; then
inner_dir="$top_entries"
shopt -s dotglob nullglob
if compgen -G "$inner_dir/*" >/dev/null; then
cp -r "$inner_dir"/* "$target/" || {
msg_error "Failed to copy contents from $inner_dir to $target"
rm -rf "$tmpdir" "$unpack_tmp"
return 252
}
else
msg_error "Inner directory is empty: $inner_dir"
rm -rf "$tmpdir" "$unpack_tmp"
return 252
fi
shopt -u dotglob nullglob
else
shopt -s dotglob nullglob
if compgen -G "$unpack_tmp/*" >/dev/null; then
cp -r "$unpack_tmp"/* "$target/" || {
msg_error "Failed to copy contents to $target"
rm -rf "$tmpdir" "$unpack_tmp"
return 252
}
else
msg_error "Unpacked archive is empty"
rm -rf "$tmpdir" "$unpack_tmp"
return 252
fi
shopt -u dotglob nullglob
fi
### Singlefile Mode ### ### Singlefile Mode ###
elif [[ "$mode" == "singlefile" ]]; then elif [[ "$mode" == "singlefile" ]]; then
@@ -3757,7 +3771,6 @@ fetch_and_deploy_codeberg_release() {
pattern="${pattern#\"}" pattern="${pattern#\"}"
[[ -z "$pattern" ]] && { [[ -z "$pattern" ]] && {
msg_error "Mode 'singlefile' requires 6th parameter (asset filename pattern)" msg_error "Mode 'singlefile' requires 6th parameter (asset filename pattern)"
rm -rf "$tmpdir"
return 65 return 65
} }
@@ -3774,7 +3787,6 @@ fetch_and_deploy_codeberg_release() {
[[ -z "$asset_url" ]] && { [[ -z "$asset_url" ]] && {
msg_error "No asset matching '$pattern' found" msg_error "No asset matching '$pattern' found"
rm -rf "$tmpdir"
return 252 return 252
} }
@@ -3787,7 +3799,6 @@ fetch_and_deploy_codeberg_release() {
curl_download "$target/$target_file" "$asset_url" || { curl_download "$target/$target_file" "$asset_url" || {
msg_error "Download failed: $asset_url" msg_error "Download failed: $asset_url"
rm -rf "$tmpdir"
return 250 return 250
} }
@@ -3797,13 +3808,11 @@ fetch_and_deploy_codeberg_release() {
else else
msg_error "Unknown mode: $mode" msg_error "Unknown mode: $mode"
rm -rf "$tmpdir"
return 65 return 65
fi fi
echo "$version" >"$version_file" echo "$version" >"$version_file"
msg_ok "Deployed: $app ($version)" msg_ok "Deployed: $app ($version)"
rm -rf "$tmpdir"
} }
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
@@ -4090,6 +4099,7 @@ fetch_and_deploy_gh_release() {
local tmpdir local tmpdir
tmpdir=$(mktemp -d) || return 1 tmpdir=$(mktemp -d) || return 1
trap 'rm -rf "$tmpdir" "${unpack_tmp:-}"' RETURN
local filename="" url="" local filename="" url=""
msg_info "Fetching GitHub release: $app ($version)" msg_info "Fetching GitHub release: $app ($version)"
@@ -4104,28 +4114,12 @@ fetch_and_deploy_gh_release() {
local direct_tarball_url="https://github.com/$repo/archive/refs/tags/$tag_name.tar.gz" local direct_tarball_url="https://github.com/$repo/archive/refs/tags/$tag_name.tar.gz"
filename="${app_lc}-${version_safe}.tar.gz" filename="${app_lc}-${version_safe}.tar.gz"
curl_download "$tmpdir/$filename" "$direct_tarball_url" || { _download_source_tarball "$direct_tarball_url" "$tmpdir/$filename" || {
msg_error "Download failed: $direct_tarball_url" msg_error "Download failed: $direct_tarball_url"
rm -rf "$tmpdir"
return 250 return 250
} }
mkdir -p "$target" _deploy_source_tarball "$tmpdir/$filename" "$target" "$tmpdir" || return 251
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
find "${target:?}" -mindepth 1 -delete
fi
tar --no-same-owner -xzf "$tmpdir/$filename" -C "$tmpdir" || {
msg_error "Failed to extract tarball"
rm -rf "$tmpdir"
return 251
}
local unpack_dir
unpack_dir=$(find "$tmpdir" -mindepth 1 -maxdepth 1 -type d | head -n1)
shopt -s dotglob nullglob
cp -r "$unpack_dir"/* "$target/"
shopt -u dotglob nullglob
### Binary Mode ### ### Binary Mode ###
elif [[ "$mode" == "binary" ]]; then elif [[ "$mode" == "binary" ]]; then
@@ -4210,14 +4204,12 @@ fetch_and_deploy_gh_release() {
if [[ -z "$url_match" ]]; then if [[ -z "$url_match" ]]; then
msg_error "No suitable .deb asset found for $app" msg_error "No suitable .deb asset found for $app"
rm -rf "$tmpdir"
return 252 return 252
fi fi
filename="${url_match##*/}" filename="${url_match##*/}"
curl_download "$tmpdir/$filename" "$url_match" || { curl_download "$tmpdir/$filename" "$url_match" || {
msg_error "Download failed: $url_match" msg_error "Download failed: $url_match"
rm -rf "$tmpdir"
return 250 return 250
} }
@@ -4230,7 +4222,6 @@ fetch_and_deploy_gh_release() {
DEBIAN_FRONTEND=noninteractive SYSTEMD_OFFLINE=1 $STD apt install -y $dpkg_opts "$tmpdir/$filename" || { DEBIAN_FRONTEND=noninteractive SYSTEMD_OFFLINE=1 $STD apt install -y $dpkg_opts "$tmpdir/$filename" || {
SYSTEMD_OFFLINE=1 $STD dpkg -i "$tmpdir/$filename" || { SYSTEMD_OFFLINE=1 $STD dpkg -i "$tmpdir/$filename" || {
_diagnose_deb_failure "$tmpdir/$filename" _diagnose_deb_failure "$tmpdir/$filename"
rm -rf "$tmpdir"
return 100 return 100
} }
} }
@@ -4241,7 +4232,6 @@ fetch_and_deploy_gh_release() {
pattern="${pattern#\"}" pattern="${pattern#\"}"
[[ -z "$pattern" ]] && { [[ -z "$pattern" ]] && {
msg_error "Mode 'prebuild' requires 6th parameter (asset filename pattern)" msg_error "Mode 'prebuild' requires 6th parameter (asset filename pattern)"
rm -rf "$tmpdir"
return 65 return 65
} }
@@ -4277,79 +4267,18 @@ fetch_and_deploy_gh_release() {
[[ -z "$asset_url" ]] && { [[ -z "$asset_url" ]] && {
msg_error "No asset matching '$pattern' found" msg_error "No asset matching '$pattern' found"
rm -rf "$tmpdir"
return 252 return 252
} }
filename="${asset_url##*/}" filename="${asset_url##*/}"
curl_download "$tmpdir/$filename" "$asset_url" || { curl_download "$tmpdir/$filename" "$asset_url" || {
msg_error "Download failed: $asset_url" msg_error "Download failed: $asset_url"
rm -rf "$tmpdir"
return 250 return 250
} }
local unpack_tmp local unpack_tmp
unpack_tmp=$(mktemp -d) unpack_tmp=$(mktemp -d)
mkdir -p "$target" _deploy_unpacked_archive "$tmpdir/$filename" "$target" "$unpack_tmp" || return
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
find "${target:?}" -mindepth 1 -delete
fi
if [[ "$filename" == *.zip ]]; then
ensure_dependencies unzip
unzip -q "$tmpdir/$filename" -d "$unpack_tmp" || {
msg_error "Failed to extract ZIP archive"
rm -rf "$tmpdir" "$unpack_tmp"
return 251
}
elif [[ "$filename" == *.tar.* || "$filename" == *.tgz || "$filename" == *.txz ]]; then
tar --no-same-owner -xf "$tmpdir/$filename" -C "$unpack_tmp" || {
msg_error "Failed to extract TAR archive"
rm -rf "$tmpdir" "$unpack_tmp"
return 251
}
else
msg_error "Unsupported archive format: $filename"
rm -rf "$tmpdir" "$unpack_tmp"
return 65
fi
local top_dirs
top_dirs=$(find "$unpack_tmp" -mindepth 1 -maxdepth 1 -type d | wc -l)
local top_entries inner_dir
top_entries=$(find "$unpack_tmp" -mindepth 1 -maxdepth 1)
if [[ "$(echo "$top_entries" | wc -l)" -eq 1 && -d "$top_entries" ]]; then
# Strip leading folder
inner_dir="$top_entries"
shopt -s dotglob nullglob
if compgen -G "$inner_dir/*" >/dev/null; then
cp -r "$inner_dir"/* "$target/" || {
msg_error "Failed to copy contents from $inner_dir to $target"
rm -rf "$tmpdir" "$unpack_tmp"
return 252
}
else
msg_error "Inner directory is empty: $inner_dir"
rm -rf "$tmpdir" "$unpack_tmp"
return 252
fi
shopt -u dotglob nullglob
else
# Copy all contents
shopt -s dotglob nullglob
if compgen -G "$unpack_tmp/*" >/dev/null; then
cp -r "$unpack_tmp"/* "$target/" || {
msg_error "Failed to copy contents to $target"
rm -rf "$tmpdir" "$unpack_tmp"
return 252
}
else
msg_error "Unpacked archive is empty"
rm -rf "$tmpdir" "$unpack_tmp"
return 252
fi
shopt -u dotglob nullglob
fi
### Singlefile Mode ### ### Singlefile Mode ###
elif [[ "$mode" == "singlefile" ]]; then elif [[ "$mode" == "singlefile" ]]; then
@@ -4357,7 +4286,6 @@ fetch_and_deploy_gh_release() {
pattern="${pattern#\"}" pattern="${pattern#\"}"
[[ -z "$pattern" ]] && { [[ -z "$pattern" ]] && {
msg_error "Mode 'singlefile' requires 6th parameter (asset filename pattern)" msg_error "Mode 'singlefile' requires 6th parameter (asset filename pattern)"
rm -rf "$tmpdir"
return 65 return 65
} }
@@ -4392,7 +4320,6 @@ fetch_and_deploy_gh_release() {
fi fi
[[ -z "$asset_url" ]] && { [[ -z "$asset_url" ]] && {
msg_error "No asset matching '$pattern' found" msg_error "No asset matching '$pattern' found"
rm -rf "$tmpdir"
return 252 return 252
} }
@@ -4405,7 +4332,6 @@ fetch_and_deploy_gh_release() {
curl_download "$target/$target_file" "$asset_url" || { curl_download "$target/$target_file" "$asset_url" || {
msg_error "Download failed: $asset_url" msg_error "Download failed: $asset_url"
rm -rf "$tmpdir"
return 250 return 250
} }
@@ -4415,13 +4341,11 @@ fetch_and_deploy_gh_release() {
else else
msg_error "Unknown mode: $mode" msg_error "Unknown mode: $mode"
rm -rf "$tmpdir"
return 65 return 65
fi fi
echo "$version" >"$version_file" echo "$version" >"$version_file"
msg_ok "Deployed: $app ($version)" msg_ok "Deployed: $app ($version)"
rm -rf "$tmpdir"
} }
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
@@ -8713,6 +8637,11 @@ setup_ruby() {
local BASHRC_FILE="$HOME/.bashrc" local BASHRC_FILE="$HOME/.bashrc"
local TMP_DIR=$(mktemp -d) local TMP_DIR=$(mktemp -d)
# Ensure HOME exists: callers may pass a not-yet-created home (e.g. a service
# user that is created later in the install), so the profile writes below do
# not fail on a missing directory.
mkdir -p "$HOME"
if ! grep -q 'rbenv init' "$PROFILE_FILE" 2>/dev/null; then if ! grep -q 'rbenv init' "$PROFILE_FILE" 2>/dev/null; then
cat <<'EOF' >>"$PROFILE_FILE" cat <<'EOF' >>"$PROFILE_FILE"
export PATH="$HOME/.rbenv/bin:$PATH" export PATH="$HOME/.rbenv/bin:$PATH"
@@ -9343,10 +9272,10 @@ fetch_and_deploy_from_url() {
msg_error "Failed to create temporary directory" msg_error "Failed to create temporary directory"
return 252 return 252
} }
trap 'rm -rf "$tmpdir" "${unpack_tmp:-}"' RETURN
curl -fsSL -o "$tmpdir/$filename" "$url" || { curl -fsSL -o "$tmpdir/$filename" "$url" || {
msg_error "Download failed: $url" msg_error "Download failed: $url"
rm -rf "$tmpdir"
return 250 return 250
} }
@@ -9366,7 +9295,6 @@ fetch_and_deploy_from_url() {
archive_type="tar" archive_type="tar"
else else
msg_error "Unsupported or unknown archive type: $file_desc" msg_error "Unsupported or unknown archive type: $file_desc"
rm -rf "$tmpdir"
return 65 return 65
fi fi
@@ -9379,19 +9307,16 @@ fetch_and_deploy_from_url() {
$STD apt install -y "$tmpdir/$filename" || { $STD apt install -y "$tmpdir/$filename" || {
$STD dpkg -i "$tmpdir/$filename" || { $STD dpkg -i "$tmpdir/$filename" || {
_diagnose_deb_failure "$tmpdir/$filename" _diagnose_deb_failure "$tmpdir/$filename"
rm -rf "$tmpdir"
return 100 return 100
} }
} }
rm -rf "$tmpdir"
msg_ok "Successfully installed .deb package" msg_ok "Successfully installed .deb package"
return 0 return 0
fi fi
if [[ -z "$directory" ]]; then if [[ -z "$directory" ]]; then
msg_error "Directory parameter is required for archive extraction" msg_error "Directory parameter is required for archive extraction"
rm -rf "$tmpdir"
return 65 return 65
fi fi
@@ -9410,13 +9335,11 @@ fetch_and_deploy_from_url() {
ensure_dependencies unzip ensure_dependencies unzip
unzip -q "$tmpdir/$filename" -d "$unpack_tmp" || { unzip -q "$tmpdir/$filename" -d "$unpack_tmp" || {
msg_error "Failed to extract ZIP archive" msg_error "Failed to extract ZIP archive"
rm -rf "$tmpdir" "$unpack_tmp"
return 251 return 251
} }
elif [[ "$archive_type" == "tar" ]]; then elif [[ "$archive_type" == "tar" ]]; then
tar --no-same-owner -xf "$tmpdir/$filename" -C "$unpack_tmp" || { tar --no-same-owner -xf "$tmpdir/$filename" -C "$unpack_tmp" || {
msg_error "Failed to extract TAR archive" msg_error "Failed to extract TAR archive"
rm -rf "$tmpdir" "$unpack_tmp"
return 251 return 251
} }
fi fi
@@ -9430,12 +9353,12 @@ fetch_and_deploy_from_url() {
if compgen -G "$inner_dir/*" >/dev/null; then if compgen -G "$inner_dir/*" >/dev/null; then
cp -r "$inner_dir"/* "$directory/" || { cp -r "$inner_dir"/* "$directory/" || {
msg_error "Failed to copy contents from $inner_dir to $directory" msg_error "Failed to copy contents from $inner_dir to $directory"
rm -rf "$tmpdir" "$unpack_tmp" shopt -u dotglob nullglob
return 252 return 252
} }
else else
msg_error "Inner directory is empty: $inner_dir" msg_error "Inner directory is empty: $inner_dir"
rm -rf "$tmpdir" "$unpack_tmp" shopt -u dotglob nullglob
return 252 return 252
fi fi
shopt -u dotglob nullglob shopt -u dotglob nullglob
@@ -9444,18 +9367,17 @@ fetch_and_deploy_from_url() {
if compgen -G "$unpack_tmp/*" >/dev/null; then if compgen -G "$unpack_tmp/*" >/dev/null; then
cp -r "$unpack_tmp"/* "$directory/" || { cp -r "$unpack_tmp"/* "$directory/" || {
msg_error "Failed to copy contents to $directory" msg_error "Failed to copy contents to $directory"
rm -rf "$tmpdir" "$unpack_tmp" shopt -u dotglob nullglob
return 252 return 252
} }
else else
msg_error "Unpacked archive is empty" msg_error "Unpacked archive is empty"
rm -rf "$tmpdir" "$unpack_tmp" shopt -u dotglob nullglob
return 252 return 252
fi fi
shopt -u dotglob nullglob shopt -u dotglob nullglob
fi fi
rm -rf "$tmpdir" "$unpack_tmp"
msg_ok "Successfully deployed archive to $directory" msg_ok "Successfully deployed archive to $directory"
return 0 return 0
} }
@@ -9856,7 +9778,7 @@ fetch_and_deploy_gl_release() {
local gl_rel_json local gl_rel_json
gl_rel_json=$(mktemp /tmp/tools-gl-rel-XXXXXX) || return 73 gl_rel_json=$(mktemp /tmp/tools-gl-rel-XXXXXX) || return 73
trap 'rm -f "$gl_rel_json"' RETURN trap 'rm -f "$gl_rel_json"; rm -rf "${tmpdir:-}" "${unpack_tmp:-}"' RETURN
local repo_encoded local repo_encoded
repo_encoded=$(printf '%s' "$repo" | sed 's|/|%2F|g') repo_encoded=$(printf '%s' "$repo" | sed 's|/|%2F|g')
@@ -9968,28 +9890,12 @@ fetch_and_deploy_gl_release() {
local direct_tarball_url="https://gitlab.com/$repo/-/archive/$tag_name/${app_lc}-${version_safe}.tar.gz" local direct_tarball_url="https://gitlab.com/$repo/-/archive/$tag_name/${app_lc}-${version_safe}.tar.gz"
filename="${app_lc}-${version_safe}.tar.gz" filename="${app_lc}-${version_safe}.tar.gz"
curl $download_timeout -fsSL "${header[@]}" -o "$tmpdir/$filename" "$direct_tarball_url" || { _download_source_tarball "$direct_tarball_url" "$tmpdir/$filename" "${header[@]}" || {
msg_error "Download failed: $direct_tarball_url" msg_error "Download failed: $direct_tarball_url"
rm -rf "$tmpdir"
return 1 return 1
} }
mkdir -p "$target" _deploy_source_tarball "$tmpdir/$filename" "$target" "$tmpdir" || return 1
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
find "${target:?}" -mindepth 1 -delete
fi
tar --no-same-owner -xzf "$tmpdir/$filename" -C "$tmpdir" || {
msg_error "Failed to extract tarball"
rm -rf "$tmpdir"
return 1
}
local unpack_dir
unpack_dir=$(find "$tmpdir" -mindepth 1 -maxdepth 1 -type d | head -n1)
shopt -s dotglob nullglob
cp -r "$unpack_dir"/* "$target/"
shopt -u dotglob nullglob
### Binary Mode ### ### Binary Mode ###
elif [[ "$mode" == "binary" ]]; then elif [[ "$mode" == "binary" ]]; then
@@ -10059,14 +9965,12 @@ fetch_and_deploy_gl_release() {
if [[ -z "$url_match" ]]; then if [[ -z "$url_match" ]]; then
msg_error "No suitable .deb asset found for $app" msg_error "No suitable .deb asset found for $app"
rm -rf "$tmpdir"
return 1 return 1
fi fi
filename="${url_match##*/}" filename="${url_match##*/}"
curl $download_timeout -fsSL "${header[@]}" -o "$tmpdir/$filename" "$url_match" || { curl $download_timeout -fsSL "${header[@]}" -o "$tmpdir/$filename" "$url_match" || {
msg_error "Download failed: $url_match" msg_error "Download failed: $url_match"
rm -rf "$tmpdir"
return 1 return 1
} }
@@ -10077,7 +9981,6 @@ fetch_and_deploy_gl_release() {
DEBIAN_FRONTEND=noninteractive SYSTEMD_OFFLINE=1 $STD apt install -y $dpkg_opts "$tmpdir/$filename" || { DEBIAN_FRONTEND=noninteractive SYSTEMD_OFFLINE=1 $STD apt install -y $dpkg_opts "$tmpdir/$filename" || {
SYSTEMD_OFFLINE=1 $STD dpkg -i "$tmpdir/$filename" || { SYSTEMD_OFFLINE=1 $STD dpkg -i "$tmpdir/$filename" || {
_diagnose_deb_failure "$tmpdir/$filename" _diagnose_deb_failure "$tmpdir/$filename"
rm -rf "$tmpdir"
return 1 return 1
} }
} }
@@ -10088,7 +9991,6 @@ fetch_and_deploy_gl_release() {
pattern="${pattern#\"}" pattern="${pattern#\"}"
[[ -z "$pattern" ]] && { [[ -z "$pattern" ]] && {
msg_error "Mode 'prebuild' requires 6th parameter (asset filename pattern)" msg_error "Mode 'prebuild' requires 6th parameter (asset filename pattern)"
rm -rf "$tmpdir"
return 1 return 1
} }
@@ -10123,75 +10025,18 @@ fetch_and_deploy_gl_release() {
[[ -z "$asset_url" ]] && { [[ -z "$asset_url" ]] && {
msg_error "No asset matching '$pattern' found" msg_error "No asset matching '$pattern' found"
rm -rf "$tmpdir"
return 1 return 1
} }
filename="${asset_url##*/}" filename="${asset_url##*/}"
curl $download_timeout -fsSL "${header[@]}" -o "$tmpdir/$filename" "$asset_url" || { curl $download_timeout -fsSL "${header[@]}" -o "$tmpdir/$filename" "$asset_url" || {
msg_error "Download failed: $asset_url" msg_error "Download failed: $asset_url"
rm -rf "$tmpdir"
return 1 return 1
} }
local unpack_tmp local unpack_tmp
unpack_tmp=$(mktemp -d) unpack_tmp=$(mktemp -d)
mkdir -p "$target" _deploy_unpacked_archive "$tmpdir/$filename" "$target" "$unpack_tmp" || return
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
find "${target:?}" -mindepth 1 -delete
fi
if [[ "$filename" == *.zip ]]; then
ensure_dependencies unzip
unzip -q "$tmpdir/$filename" -d "$unpack_tmp" || {
msg_error "Failed to extract ZIP archive"
rm -rf "$tmpdir" "$unpack_tmp"
return 1
}
elif [[ "$filename" == *.tar.* || "$filename" == *.tgz || "$filename" == *.txz ]]; then
tar --no-same-owner -xf "$tmpdir/$filename" -C "$unpack_tmp" || {
msg_error "Failed to extract TAR archive"
rm -rf "$tmpdir" "$unpack_tmp"
return 1
}
else
msg_error "Unsupported archive format: $filename"
rm -rf "$tmpdir" "$unpack_tmp"
return 1
fi
local top_entries inner_dir
top_entries=$(find "$unpack_tmp" -mindepth 1 -maxdepth 1)
if [[ "$(echo "$top_entries" | wc -l)" -eq 1 && -d "$top_entries" ]]; then
inner_dir="$top_entries"
shopt -s dotglob nullglob
if compgen -G "$inner_dir/*" >/dev/null; then
cp -r "$inner_dir"/* "$target/" || {
msg_error "Failed to copy contents from $inner_dir to $target"
rm -rf "$tmpdir" "$unpack_tmp"
return 1
}
else
msg_error "Inner directory is empty: $inner_dir"
rm -rf "$tmpdir" "$unpack_tmp"
return 1
fi
shopt -u dotglob nullglob
else
shopt -s dotglob nullglob
if compgen -G "$unpack_tmp/*" >/dev/null; then
cp -r "$unpack_tmp"/* "$target/" || {
msg_error "Failed to copy contents to $target"
rm -rf "$tmpdir" "$unpack_tmp"
return 1
}
else
msg_error "Unpacked archive is empty"
rm -rf "$tmpdir" "$unpack_tmp"
return 1
fi
shopt -u dotglob nullglob
fi
### Singlefile Mode ### ### Singlefile Mode ###
elif [[ "$mode" == "singlefile" ]]; then elif [[ "$mode" == "singlefile" ]]; then
@@ -10199,7 +10044,6 @@ fetch_and_deploy_gl_release() {
pattern="${pattern#\"}" pattern="${pattern#\"}"
[[ -z "$pattern" ]] && { [[ -z "$pattern" ]] && {
msg_error "Mode 'singlefile' requires 6th parameter (asset filename pattern)" msg_error "Mode 'singlefile' requires 6th parameter (asset filename pattern)"
rm -rf "$tmpdir"
return 1 return 1
} }
@@ -10234,7 +10078,6 @@ fetch_and_deploy_gl_release() {
[[ -z "$asset_url" ]] && { [[ -z "$asset_url" ]] && {
msg_error "No asset matching '$pattern' found" msg_error "No asset matching '$pattern' found"
rm -rf "$tmpdir"
return 1 return 1
} }
@@ -10247,7 +10090,6 @@ fetch_and_deploy_gl_release() {
curl $download_timeout -fsSL "${header[@]}" -o "$target/$target_file" "$asset_url" || { curl $download_timeout -fsSL "${header[@]}" -o "$target/$target_file" "$asset_url" || {
msg_error "Download failed: $asset_url" msg_error "Download failed: $asset_url"
rm -rf "$tmpdir"
return 1 return 1
} }
@@ -10257,13 +10099,11 @@ fetch_and_deploy_gl_release() {
else else
msg_error "Unknown mode: $mode" msg_error "Unknown mode: $mode"
rm -rf "$tmpdir"
return 1 return 1
fi fi
echo "$version" >"$version_file" echo "$version" >"$version_file"
msg_ok "Deployed: $app ($version)" msg_ok "Deployed: $app ($version)"
rm -rf "$tmpdir"
} }
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
+2 -9
View File
@@ -116,9 +116,6 @@ add() {
# Add container IDs to exclude from updates (comma-separated): # Add container IDs to exclude from updates (comma-separated):
# EXCLUDE=100,101,102 # EXCLUDE=100,101,102
EXCLUDE= EXCLUDE=
# Healthchecks.io Ping URL (optional)
# PING_URL=
CONF CONF
ok "Created config ${CONF_FILE}" ok "Created config ${CONF_FILE}"
fi fi
@@ -238,11 +235,9 @@ view_cron_config() {
fi fi
if [[ -f "$CONF_FILE" ]]; then if [[ -f "$CONF_FILE" ]]; then
echo -e " \e[36mConfig file:\e[0m ${CONF_FILE}" echo -e " \e[36mConfig file:\e[0m ${CONF_FILE}"
local excludes ping_url local excludes
excludes=$(grep -oP '^\s*EXCLUDE\s*=\s*\K.*' "$CONF_FILE" 2>/dev/null || true) excludes=$(grep -oP '^\s*EXCLUDE\s*=\s*\K.*' "$CONF_FILE" 2>/dev/null || true)
ping_url=$(grep -oP '^\s*PING_URL\s*=\s*\K.*' "$CONF_FILE" 2>/dev/null | tr -d '"' | tr -d "'" || true)
echo -e " \e[36mExcluded:\e[0m ${excludes:-(none)}" echo -e " \e[36mExcluded:\e[0m ${excludes:-(none)}"
echo -e " \e[36mPing URL:\e[0m ${ping_url:-(none)}"
echo "" echo ""
echo -e " \e[90m--- ${CONF_FILE} ---\e[0m" echo -e " \e[90m--- ${CONF_FILE} ---\e[0m"
cat "$CONF_FILE" cat "$CONF_FILE"
@@ -289,11 +284,9 @@ show_status() {
fi fi
if [[ -f "$CONF_FILE" ]]; then if [[ -f "$CONF_FILE" ]]; then
local excludes ping_url local excludes
excludes=$(grep -oP '^\s*EXCLUDE\s*=\s*\K.*' "$CONF_FILE" 2>/dev/null || echo "(none)") excludes=$(grep -oP '^\s*EXCLUDE\s*=\s*\K.*' "$CONF_FILE" 2>/dev/null || echo "(none)")
ping_url=$(grep -oP '^\s*PING_URL\s*=\s*\K.*' "$CONF_FILE" 2>/dev/null | tr -d '"' | tr -d "'" || echo "(none)")
echo -e " \e[36mExcluded:\e[0m ${excludes:-"(none)"}" echo -e " \e[36mExcluded:\e[0m ${excludes:-"(none)"}"
echo -e " \e[36mPing URL:\e[0m ${ping_url:-"(none)"}"
fi fi
if [[ -f "$LOG_FILE" ]]; then if [[ -f "$LOG_FILE" ]]; then
+6 -42
View File
@@ -11,15 +11,14 @@
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
CONF_FILE="/etc/update-lxcs.conf" CONF_FILE="/etc/update-lxcs.conf"
LOG_FILE="/var/log/update-lxcs-cron.log"
PING_URL="" echo -e "\n $(date)"
# Collect excluded containers from arguments # Collect excluded containers from arguments
excluded_containers=("$@") excluded_containers=("$@")
# Merge exclusions and healthchecks URL from config file if it exists # Merge exclusions from config file if it exists
if [[ -f "$CONF_FILE" ]]; then if [[ -f "$CONF_FILE" ]]; then
PING_URL=$(grep -oP '^\s*PING_URL\s*=\s*\K.+' "$CONF_FILE" 2>/dev/null | tr -d '"' | tr -d "'" || true)
conf_exclude=$(grep -oP '^\s*EXCLUDE\s*=\s*\K[0-9,]+' "$CONF_FILE" 2>/dev/null || true) conf_exclude=$(grep -oP '^\s*EXCLUDE\s*=\s*\K[0-9,]+' "$CONF_FILE" 2>/dev/null || true)
IFS=',' read -ra conf_ids <<<"$conf_exclude" IFS=',' read -ra conf_ids <<<"$conf_exclude"
for id in "${conf_ids[@]}"; do for id in "${conf_ids[@]}"; do
@@ -28,17 +27,6 @@ if [[ -f "$CONF_FILE" ]]; then
done done
fi fi
# Overwrite logfile on each run when healthchecks is used
if [[ -n "$PING_URL" ]]; then
true > "$LOG_FILE"
fi
if [[ -n "$PING_URL" ]]; then
curl -fsS -m 10 --retry 5 "${PING_URL}/start" -o /dev/null 2>/dev/null || true
fi
echo -e "\n $(date)"
function update_container() { function update_container() {
local container=$1 local container=$1
local name local name
@@ -50,36 +38,12 @@ function update_container() {
alpine) pct exec "$container" -- ash -c "apk -U upgrade" ;; alpine) pct exec "$container" -- ash -c "apk -U upgrade" ;;
archlinux) pct exec "$container" -- bash -c "pacman -Syyu --noconfirm" ;; archlinux) pct exec "$container" -- bash -c "pacman -Syyu --noconfirm" ;;
fedora | rocky | centos | alma) pct exec "$container" -- bash -c "dnf -y update && dnf -y upgrade" ;; fedora | rocky | centos | alma) pct exec "$container" -- bash -c "dnf -y update && dnf -y upgrade" ;;
ubuntu | debian | devuan) pct exec "$container" -- bash -c "apt-get update; DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::='--force-confold' dist-upgrade -y; status=\$?; rm -rf /usr/lib/python3.*/EXTERNALLY-MANAGED || true; exit \$status" ;; ubuntu | debian | devuan) pct exec "$container" -- bash -c "apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::='--force-confold' dist-upgrade -y; rm -rf /usr/lib/python3.*/EXTERNALLY-MANAGED" ;;
opensuse) pct exec "$container" -- bash -c "zypper ref && zypper --non-interactive dup" ;; opensuse) pct exec "$container" -- bash -c "zypper ref && zypper --non-interactive dup" ;;
*) echo " [Warn] Unknown OS type '$os' for container $container, skipping" ;; *) echo " [Warn] Unknown OS type '$os' for container $container, skipping" ;;
esac esac
} }
update_status=0
# Define exit handler to send healthchecks.io status (with logfile on failure/success)
function exit_handler() {
local exit_code=$?
if [[ -n "$PING_URL" ]]; then
sync
if [[ $exit_code -ne 0 || $update_status -ne 0 ]]; then
if [[ -f "$LOG_FILE" ]]; then
curl -fsS -m 10 --retry 5 --data-binary @"$LOG_FILE" "${PING_URL}/fail" -o /dev/null 2>/dev/null || true
else
curl -fsS -m 10 --retry 5 "${PING_URL}/fail" -o /dev/null 2>/dev/null || true
fi
else
if [[ -f "$LOG_FILE" ]]; then
curl -fsS -m 10 --retry 5 --data-binary @"$LOG_FILE" "$PING_URL" -o /dev/null 2>/dev/null || true
else
curl -fsS -m 10 --retry 5 "$PING_URL" -o /dev/null 2>/dev/null || true
fi
fi
fi
}
trap exit_handler EXIT
for container in $(pct list | awk '{if(NR>1) print $1}'); do for container in $(pct list | awk '{if(NR>1) print $1}'); do
excluded=false excluded=false
for excluded_container in "${excluded_containers[@]}"; do for excluded_container in "${excluded_containers[@]}"; do
@@ -101,7 +65,7 @@ for container in $(pct list | awk '{if(NR>1) print $1}'); do
echo -e "[Info] Starting $container" echo -e "[Info] Starting $container"
pct start "$container" pct start "$container"
sleep 5 sleep 5
update_container "$container" || { echo " [Error] Update failed for $container"; update_status=1; } update_container "$container" || echo " [Error] Update failed for $container"
# check if patchmon agent is present in container and run a report if found # check if patchmon agent is present in container and run a report if found
if pct exec "$container" -- [ -e "/usr/local/bin/patchmon-agent" ]; then if pct exec "$container" -- [ -e "/usr/local/bin/patchmon-agent" ]; then
echo -e "${BL}[Info]${GN} patchmon-agent found in ${BL} $container ${CL}, triggering report. \n" echo -e "${BL}[Info]${GN} patchmon-agent found in ${BL} $container ${CL}, triggering report. \n"
@@ -110,7 +74,7 @@ for container in $(pct list | awk '{if(NR>1) print $1}'); do
echo -e "[Info] Shutting down $container" echo -e "[Info] Shutting down $container"
pct shutdown "$container" --timeout 60 & pct shutdown "$container" --timeout 60 &
elif [ "$status" == "status: running" ]; then elif [ "$status" == "status: running" ]; then
update_container "$container" || { echo " [Error] Update failed for $container"; update_status=1; } update_container "$container" || echo " [Error] Update failed for $container"
# check if patchmon agent is present in container and run a report if found # check if patchmon agent is present in container and run a report if found
if pct exec "$container" -- [ -e "/usr/local/bin/patchmon-agent" ]; then if pct exec "$container" -- [ -e "/usr/local/bin/patchmon-agent" ]; then
echo -e "${BL}[Info]${GN} patchmon-agent found in ${BL} $container ${CL}, triggering report. \n" echo -e "${BL}[Info]${GN} patchmon-agent found in ${BL} $container ${CL}, triggering report. \n"