mirror of
https://github.com/community-scripts/ProxmoxVE.git
synced 2026-07-19 20:35:05 +02:00
Compare commits
14 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| a28f810b01 | |||
| e1ce55b547 | |||
| d81c9f3ed2 | |||
| b098501a37 | |||
| a1058256be | |||
| e425d9c02c | |||
| 0dbea508d3 | |||
| 787e27a4ac | |||
| 8f0083850e | |||
| 8f9c4eb13b | |||
| beacf9e43a | |||
| b2898debce | |||
| 8c7da1e036 | |||
| bbd5a3f522 |
@@ -507,6 +507,27 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
|
||||
|
||||
## 2026-07-19
|
||||
|
||||
### 🚀 Updated Scripts
|
||||
|
||||
- #### 🐞 Bug Fixes
|
||||
|
||||
- change trek repo to liketrek/TREK [@asylumexp](https://github.com/asylumexp) ([#15893](https://github.com/community-scripts/ProxmoxVE/pull/15893))
|
||||
- update authentik to 2026.5.5 [@thieneret](https://github.com/thieneret) ([#15855](https://github.com/community-scripts/ProxmoxVE/pull/15855))
|
||||
- [FIX] BookOrbit: add missing `restore_backup` during update [@vhsdream](https://github.com/vhsdream) ([#15881](https://github.com/community-scripts/ProxmoxVE/pull/15881))
|
||||
|
||||
- #### ✨ New Features
|
||||
|
||||
- tools.func: centralize deploy tail + trap-based tmpdir cleanup [@MickLesk](https://github.com/MickLesk) ([#15872](https://github.com/community-scripts/ProxmoxVE/pull/15872))
|
||||
- Update OPNsense from 26.1 to 26.7 [@tdn131](https://github.com/tdn131) ([#15895](https://github.com/community-scripts/ProxmoxVE/pull/15895))
|
||||
|
||||
### 💾 Core
|
||||
|
||||
- Revert "core: add configurable host CA inheritance during bootstrap" [@MickLesk](https://github.com/MickLesk) ([#15886](https://github.com/community-scripts/ProxmoxVE/pull/15886))
|
||||
|
||||
- #### 🐞 Bug Fixes
|
||||
|
||||
- fix(build.func): expand glob in SSH key "Scan Folder/Glob" so it can find keys [@TowyTowy](https://github.com/TowyTowy) ([#15873](https://github.com/community-scripts/ProxmoxVE/pull/15873))
|
||||
|
||||
## 2026-07-18
|
||||
|
||||
### 💾 Core
|
||||
|
||||
+4
-3
@@ -38,13 +38,14 @@ function update_script() {
|
||||
|
||||
NODE_VERSION="24" setup_nodejs
|
||||
setup_go
|
||||
UV_PYTHON_INSTALL_DIR="/usr/local/bin" PYTHON_VERSION="3.14.3" setup_uv
|
||||
$STD uv cache clean
|
||||
UV_PYTHON_INSTALL_DIR="/usr/local/bin" PYTHON_VERSION="3.14.6" setup_uv
|
||||
RUST_PROFILE="minimal" RUST_TOOLCHAIN="stable" setup_rust
|
||||
setup_yq
|
||||
|
||||
AUTHENTIK_VERSION="version/2026.5.3"
|
||||
AUTHENTIK_VERSION="version/2026.5.5"
|
||||
# Source: https://github.com/goauthentik/fips/blob/main/Makefile#L26
|
||||
XMLSEC_VERSION="1.3.11"
|
||||
XMLSEC_VERSION="1.3.12"
|
||||
|
||||
if check_for_gh_release "geoipupdate" "maxmind/geoipupdate"; then
|
||||
fetch_and_deploy_gh_release "geoipupdate" "maxmind/geoipupdate" "binary"
|
||||
|
||||
@@ -53,6 +53,7 @@ function update_script() {
|
||||
mkdir -p /opt/bookorbit/server/migrations
|
||||
cp -r /opt/bookorbit/server/src/db/migrations/. /opt/bookorbit/server/migrations/
|
||||
chmod +x /opt/bookorbit/server/bin/kepubify/*
|
||||
restore_backup
|
||||
APP_VER=$(cat ~/.bookorbit)
|
||||
sed -i "s/^APP_VERSION=.*/APP_VERSION=v$APP_VER/" /opt/bookorbit/.env
|
||||
msg_ok "Rebuilt Application"
|
||||
|
||||
+4
-4
@@ -3,7 +3,7 @@ source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxV
|
||||
# Copyright (c) 2021-2026 community-scripts ORG
|
||||
# Author: MickLesk (CanbiZ)
|
||||
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
|
||||
# Source: https://github.com/mauriceboe/TREK
|
||||
# Source: https://github.com/liketrek/TREK
|
||||
|
||||
APP="TREK"
|
||||
var_tags="${var_tags:-travel;planning;collaboration}"
|
||||
@@ -32,7 +32,7 @@ function update_script() {
|
||||
|
||||
NODE_VERSION="24" setup_nodejs
|
||||
|
||||
if check_for_gh_release "trek" "mauriceboe/TREK"; then
|
||||
if check_for_gh_release "trek" "liketrek/TREK"; then
|
||||
MIGRATION=0
|
||||
grep -qF "ExecStart=/usr/bin/node --import tsx src/index.ts" \
|
||||
/etc/systemd/system/trek.service && MIGRATION=1
|
||||
@@ -47,7 +47,7 @@ function update_script() {
|
||||
/opt/trek/data \
|
||||
/opt/trek/uploads
|
||||
|
||||
CLEAN_INSTALL=1 fetch_and_deploy_gh_release "trek" "mauriceboe/TREK" "tarball"
|
||||
CLEAN_INSTALL=1 fetch_and_deploy_gh_release "trek" "liketrek/TREK" "tarball"
|
||||
|
||||
msg_info "Building TREK"
|
||||
cd /opt/trek
|
||||
@@ -79,7 +79,7 @@ function update_script() {
|
||||
cat <<EOF >/etc/systemd/system/trek.service
|
||||
[Unit]
|
||||
Description=TREK Travel Planner
|
||||
Documentation=https://github.com/mauriceboe/TREK
|
||||
Documentation=https://github.com/liketrek/TREK
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
|
||||
@@ -54,12 +54,12 @@ NODE_VERSION="24" setup_nodejs
|
||||
setup_yq
|
||||
setup_go
|
||||
RUST_PROFILE="minimal" RUST_TOOLCHAIN="stable" setup_rust
|
||||
UV_PYTHON_INSTALL_DIR="/usr/local/bin" PYTHON_VERSION="3.14.3" setup_uv
|
||||
UV_PYTHON_INSTALL_DIR="/usr/local/bin" PYTHON_VERSION="3.14.6" setup_uv
|
||||
PG_VERSION="17" setup_postgresql
|
||||
PG_DB_NAME="authentik" PG_DB_USER="authentik" PG_DB_GRANT_SUPERUSER="true" setup_postgresql_db
|
||||
|
||||
XMLSEC_VERSION="1.3.11"
|
||||
AUTHENTIK_VERSION="version/2026.5.3"
|
||||
XMLSEC_VERSION="1.3.12"
|
||||
AUTHENTIK_VERSION="version/2026.5.5"
|
||||
fetch_and_deploy_gh_release "xmlsec" "lsh123/xmlsec" "tarball" "${XMLSEC_VERSION}" "/opt/xmlsec"
|
||||
fetch_and_deploy_gh_release "authentik" "goauthentik/authentik" "tarball" "${AUTHENTIK_VERSION}" "/opt/authentik"
|
||||
fetch_and_deploy_gh_release "geoipupdate" "maxmind/geoipupdate" "binary"
|
||||
|
||||
@@ -31,13 +31,14 @@ NODE_VERSION="24" NODE_MODULE="corepack,yarn" setup_nodejs
|
||||
|
||||
fetch_and_deploy_gh_release "manyfold" "manyfold3d/manyfold" "tarball" "latest" "/opt/manyfold/app"
|
||||
|
||||
useradd -m -s /usr/bin/bash manyfold
|
||||
|
||||
RUBY_INSTALL_VERSION=$(cat /opt/manyfold/app/.ruby-version)
|
||||
RUBY_VERSION=${RUBY_INSTALL_VERSION} RUBY_INSTALL_RAILS="true" HOME=/home/manyfold setup_ruby
|
||||
|
||||
msg_info "Configuring Manyfold"
|
||||
YARN_VERSION=$(grep '"packageManager":' /opt/manyfold/app/package.json | sed -E 's/.*"(yarn@[0-9\.]+)".*/\1/')
|
||||
RELEASE=$(get_latest_github_release "manyfold3d/manyfold")
|
||||
useradd -m -s /usr/bin/bash manyfold
|
||||
cat <<EOF >/opt/manyfold/.env
|
||||
export APP_VERSION=${RELEASE}
|
||||
export GUID=1002
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
# Copyright (c) 2021-2026 community-scripts ORG
|
||||
# Author: MickLesk (CanbiZ)
|
||||
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
|
||||
# Source: https://github.com/mauriceboe/TREK
|
||||
# Source: https://github.com/liketrek/TREK
|
||||
|
||||
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
|
||||
color
|
||||
@@ -20,7 +20,7 @@ $STD apt install -y \
|
||||
msg_ok "Installed Dependencies"
|
||||
|
||||
NODE_VERSION="24" setup_nodejs
|
||||
fetch_and_deploy_gh_release "trek" "mauriceboe/TREK" "tarball"
|
||||
fetch_and_deploy_gh_release "trek" "liketrek/TREK" "tarball"
|
||||
|
||||
msg_info "Setup TREK"
|
||||
cd /opt/trek
|
||||
@@ -78,7 +78,7 @@ msg_info "Creating Service"
|
||||
cat <<EOF >/etc/systemd/system/trek.service
|
||||
[Unit]
|
||||
Description=TREK Travel Planner
|
||||
Documentation=https://github.com/mauriceboe/TREK
|
||||
Documentation=https://github.com/liketrek/TREK
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
|
||||
+10
-139
@@ -1009,7 +1009,6 @@ base_settings() {
|
||||
|
||||
APT_CACHER=${var_apt_cacher:-""}
|
||||
APT_CACHER_IP=${var_apt_cacher_ip:-""}
|
||||
INHERIT_HOST_CA="${var_inherit_host_ca:-auto}"
|
||||
|
||||
# Runtime check: Verify APT cacher is reachable if configured
|
||||
if [[ -n "$APT_CACHER_IP" && "$APT_CACHER" == "yes" ]]; then
|
||||
@@ -1089,7 +1088,7 @@ load_vars_file() {
|
||||
|
||||
# Allowed var_* keys
|
||||
local VAR_WHITELIST=(
|
||||
var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_inherit_host_ca var_keyctl
|
||||
var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_keyctl
|
||||
var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
|
||||
var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
|
||||
var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain
|
||||
@@ -1286,12 +1285,6 @@ load_vars_file() {
|
||||
continue
|
||||
fi
|
||||
;;
|
||||
var_inherit_host_ca)
|
||||
if [[ "$var_val" != "yes" && "$var_val" != "no" && "$var_val" != "auto" ]]; then
|
||||
msg_warn "Invalid host CA inheritance value '$var_val' in $file (must be yes/no/auto), ignoring"
|
||||
continue
|
||||
fi
|
||||
;;
|
||||
var_container_storage | var_template_storage)
|
||||
# Validate that the storage exists and is active on the current node
|
||||
local _storage_status
|
||||
@@ -1331,7 +1324,7 @@ default_var_settings() {
|
||||
# Allowed var_* keys (alphabetically sorted)
|
||||
# Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
|
||||
local VAR_WHITELIST=(
|
||||
var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_inherit_host_ca var_keyctl
|
||||
var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_keyctl
|
||||
var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
|
||||
var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
|
||||
var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
|
||||
@@ -1414,7 +1407,6 @@ var_ssh=no
|
||||
# HTTP/HTTPS proxy (optional - for networks requiring a proxy)
|
||||
# var_http_proxy=http://proxy.local:8080
|
||||
# var_http_no_proxy=localhost,127.0.0.1,.local
|
||||
# var_inherit_host_ca=auto
|
||||
|
||||
# Features/Tags/verbosity
|
||||
var_fuse=no
|
||||
@@ -1515,7 +1507,7 @@ get_app_defaults_path() {
|
||||
if ! declare -p VAR_WHITELIST >/dev/null 2>&1; then
|
||||
# Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
|
||||
declare -ag VAR_WHITELIST=(
|
||||
var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_inherit_host_ca var_keyctl
|
||||
var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_keyctl
|
||||
var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
|
||||
var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
|
||||
var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain
|
||||
@@ -1665,7 +1657,6 @@ _build_current_app_vars_tmp() {
|
||||
_apt_cacher_ip="${APT_CACHER_IP:-}"
|
||||
_http_proxy="${HTTP_PROXY:-${var_http_proxy:-}}"
|
||||
_http_no_proxy="${HTTP_NO_PROXY:-${var_http_no_proxy:-}}"
|
||||
_inherit_host_ca="${INHERIT_HOST_CA:-${var_inherit_host_ca:-auto}}"
|
||||
_fuse="${ENABLE_FUSE:-no}"
|
||||
_tun="${ENABLE_TUN:-no}"
|
||||
_gpu="${ENABLE_GPU:-no}"
|
||||
@@ -1719,7 +1710,6 @@ _build_current_app_vars_tmp() {
|
||||
[ -n "$_apt_cacher_ip" ] && echo "var_apt_cacher_ip=$(_sanitize_value "$_apt_cacher_ip")"
|
||||
[ -n "$_http_proxy" ] && echo "var_http_proxy=$(_sanitize_value "$_http_proxy")"
|
||||
[ -n "$_http_no_proxy" ] && echo "var_http_no_proxy=$(_sanitize_value "$_http_no_proxy")"
|
||||
[ -n "$_inherit_host_ca" ] && echo "var_inherit_host_ca=$(_sanitize_value "$_inherit_host_ca")"
|
||||
|
||||
[ -n "$_fuse" ] && echo "var_fuse=$(_sanitize_value "$_fuse")"
|
||||
[ -n "$_tun" ] && echo "var_tun=$(_sanitize_value "$_tun")"
|
||||
@@ -1884,7 +1874,7 @@ advanced_settings() {
|
||||
TAGS="community-script${var_tags:+;${var_tags}}"
|
||||
fi
|
||||
local STEP=1
|
||||
local MAX_STEP=31
|
||||
local MAX_STEP=30
|
||||
|
||||
# Store values for back navigation - inherit from var_* app defaults
|
||||
local _ct_type="${var_unprivileged:-1}"
|
||||
@@ -1906,7 +1896,6 @@ advanced_settings() {
|
||||
local _apt_cacher_ip="${var_apt_cacher_ip:-}"
|
||||
local _http_proxy="${var_http_proxy:-}"
|
||||
local _http_no_proxy="${var_http_no_proxy:-}"
|
||||
local _inherit_host_ca="${var_inherit_host_ca:-auto}"
|
||||
local _mtu="${var_mtu:-}"
|
||||
local _sd="${var_searchdomain:-}"
|
||||
local _ns="${var_ns:-}"
|
||||
@@ -2736,47 +2725,9 @@ advanced_settings() {
|
||||
;;
|
||||
|
||||
# ═══════════════════════════════════════════════════════════════════════════
|
||||
# STEP 25: Host CA Inheritance
|
||||
# STEP 25: Container Timezone
|
||||
# ═══════════════════════════════════════════════════════════════════════════
|
||||
25)
|
||||
local host_ca_count=0
|
||||
local host_ca_dir="/usr/local/share/ca-certificates"
|
||||
local cert
|
||||
shopt -s nullglob
|
||||
for cert in "$host_ca_dir"/*.crt; do
|
||||
host_ca_count=$((host_ca_count + 1))
|
||||
done
|
||||
shopt -u nullglob
|
||||
|
||||
if [[ $host_ca_count -eq 0 ]]; then
|
||||
_inherit_host_ca="auto"
|
||||
((STEP++))
|
||||
continue
|
||||
fi
|
||||
|
||||
local host_ca_default_flag=""
|
||||
[[ "$_inherit_host_ca" == "no" ]] && host_ca_default_flag="--defaultno"
|
||||
if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
|
||||
--title "HOST CA INHERITANCE" \
|
||||
--ok-button "Next" --cancel-button "Back" \
|
||||
$host_ca_default_flag \
|
||||
--yesno "\nInherit host CA certificates into this container?\n\nDetected on host: ${host_ca_count} certificate(s) in:\n${host_ca_dir}\n\nRecommended for private PKI / TLS-inspection environments.\n\n(App default: ${var_inherit_host_ca:-auto})" 16 72; then
|
||||
_inherit_host_ca="yes"
|
||||
else
|
||||
if [ $? -eq 1 ]; then
|
||||
_inherit_host_ca="no"
|
||||
else
|
||||
((STEP--))
|
||||
continue
|
||||
fi
|
||||
fi
|
||||
((STEP++))
|
||||
;;
|
||||
|
||||
# ═══════════════════════════════════════════════════════════════════════════
|
||||
# STEP 26: Container Timezone
|
||||
# ═══════════════════════════════════════════════════════════════════════════
|
||||
26)
|
||||
local tz_hint="$_ct_timezone"
|
||||
[[ -z "$tz_hint" ]] && tz_hint="(empty - will use host timezone)"
|
||||
|
||||
@@ -2799,9 +2750,9 @@ advanced_settings() {
|
||||
;;
|
||||
|
||||
# ═══════════════════════════════════════════════════════════════════════════
|
||||
# STEP 27: Container Protection
|
||||
# STEP 26: Container Protection
|
||||
# ═══════════════════════════════════════════════════════════════════════════
|
||||
27)
|
||||
26)
|
||||
local protect_default_flag="--defaultno"
|
||||
[[ "$_protect_ct" == "yes" || "$_protect_ct" == "1" ]] && protect_default_flag=""
|
||||
|
||||
@@ -2953,7 +2904,6 @@ Leave empty to skip."
|
||||
local apt_display="${_apt_cacher:-no}"
|
||||
[[ "$_apt_cacher" == "yes" && -n "$_apt_cacher_ip" ]] && apt_display="$_apt_cacher_ip"
|
||||
local http_proxy_display="${_http_proxy:-(none)}"
|
||||
local inherit_ca_display="${_inherit_host_ca:-auto}"
|
||||
|
||||
local post_install_display="${_post_install:-(none)}"
|
||||
local post_install_warn=""
|
||||
@@ -2984,7 +2934,6 @@ Advanced:
|
||||
Timezone: $tz_display
|
||||
APT Cacher: $apt_display
|
||||
HTTP Proxy: $http_proxy_display
|
||||
Inherit Host CAs: $inherit_ca_display
|
||||
Verbose: $_verbose
|
||||
Post-Install Script: ${post_install_display}${post_install_warn}"
|
||||
|
||||
@@ -3030,7 +2979,6 @@ Advanced:
|
||||
APT_CACHER_IP="$_apt_cacher_ip"
|
||||
HTTP_PROXY="$_http_proxy"
|
||||
HTTP_NO_PROXY="$_http_no_proxy"
|
||||
INHERIT_HOST_CA="$_inherit_host_ca"
|
||||
VERBOSE="$_verbose"
|
||||
var_post_install="$_post_install"
|
||||
|
||||
@@ -3049,7 +2997,6 @@ Advanced:
|
||||
var_sdn_vnet="$_sdn_vnet"
|
||||
var_http_proxy="$_http_proxy"
|
||||
var_http_no_proxy="$_http_no_proxy"
|
||||
var_inherit_host_ca="$_inherit_host_ca"
|
||||
|
||||
# Format optional values
|
||||
[[ -n "$_mtu" ]] && MTU=",mtu=$_mtu" || MTU=""
|
||||
@@ -3653,9 +3600,9 @@ configure_ssh_settings() {
|
||||
glob_path=$(whiptail --backtitle "$backtitle" \
|
||||
--inputbox "Enter a folder or glob to scan (e.g. /root/.ssh/*.pub)" 10 72 --title "Scan Folder/Glob" 3>&1 1>&2 2>&3)
|
||||
if [[ -n "$glob_path" ]]; then
|
||||
shopt -s nullglob
|
||||
read -r -a _scan_files <<<"$glob_path"
|
||||
shopt -u nullglob
|
||||
[[ -d "$glob_path" ]] && glob_path="${glob_path%/}/*"
|
||||
local -a _scan_files
|
||||
mapfile -t _scan_files < <(compgen -G "$glob_path")
|
||||
if [[ "${#_scan_files[@]}" -gt 0 ]]; then
|
||||
ssh_build_choices_from_files "${_scan_files[@]}"
|
||||
if [[ "$COUNT" -gt 0 ]]; then
|
||||
@@ -3998,81 +3945,6 @@ EOF
|
||||
msg_ok "Applied HTTP proxy in container"
|
||||
}
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# _apply_host_ca_certs_in_container()
|
||||
#
|
||||
# - Copies administrator-provided CA certificates from the Proxmox host into the
|
||||
# container before base package bootstrap
|
||||
# - Source: /usr/local/share/ca-certificates/*.crt (Debian convention)
|
||||
# - Refreshes the container trust store when update-ca-certificates is available
|
||||
# - No-op when no host certificates are present; failures are non-fatal
|
||||
# ------------------------------------------------------------------------------
|
||||
_apply_host_ca_certs_in_container() {
|
||||
local host_ca_dir="/usr/local/share/ca-certificates"
|
||||
[[ -z "${CTID:-}" ]] && return 0
|
||||
local inherit_host_ca="${INHERIT_HOST_CA:-${var_inherit_host_ca:-auto}}"
|
||||
|
||||
local -a host_certs=()
|
||||
local cert
|
||||
shopt -s nullglob
|
||||
for cert in "$host_ca_dir"/*.crt; do
|
||||
host_certs+=("$cert")
|
||||
done
|
||||
shopt -u nullglob
|
||||
|
||||
[[ ${#host_certs[@]} -eq 0 ]] && return 0
|
||||
|
||||
case "${inherit_host_ca,,}" in
|
||||
no | false | 0 | off)
|
||||
msg_info "Skipping host CA inheritance by configuration"
|
||||
return 0
|
||||
;;
|
||||
esac
|
||||
|
||||
msg_info "Inheriting host CA certificates into container"
|
||||
|
||||
local found=${#host_certs[@]}
|
||||
local copied=0
|
||||
local skipped=0
|
||||
local cert_name
|
||||
|
||||
pct exec "$CTID" -- mkdir -p /usr/local/share/ca-certificates >/dev/null 2>&1 || {
|
||||
msg_warn "Failed to create CA certificate directory in container"
|
||||
return 0
|
||||
}
|
||||
|
||||
for cert in "${host_certs[@]}"; do
|
||||
cert_name="$(basename "$cert")"
|
||||
if [[ ! -r "$cert" || "$cert_name" != *.crt ]]; then
|
||||
msg_warn "Skipping invalid or unreadable host CA certificate: ${cert_name}"
|
||||
skipped=$((skipped + 1))
|
||||
continue
|
||||
fi
|
||||
|
||||
if pct push "$CTID" "$cert" "/usr/local/share/ca-certificates/${cert_name}" >/dev/null 2>&1; then
|
||||
pct exec "$CTID" -- chmod 644 "/usr/local/share/ca-certificates/${cert_name}" >/dev/null 2>&1 || true
|
||||
copied=$((copied + 1))
|
||||
else
|
||||
msg_warn "Failed to push host CA certificate: ${cert_name}"
|
||||
skipped=$((skipped + 1))
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ $copied -eq 0 ]]; then
|
||||
msg_warn "No host CA certificates were copied (${found} found, ${skipped} skipped)"
|
||||
return 0
|
||||
fi
|
||||
|
||||
local refresh_shell="bash"
|
||||
[[ "$var_os" == "alpine" ]] && refresh_shell="ash"
|
||||
|
||||
if pct exec "$CTID" -- "$refresh_shell" -c 'command -v update-ca-certificates >/dev/null 2>&1 && update-ca-certificates' >/dev/null 2>&1; then
|
||||
msg_ok "Inherited ${copied} host CA certificate(s) and updated trust store (${skipped} skipped)"
|
||||
else
|
||||
msg_warn "Copied ${copied} host CA certificate(s), but trust store update failed or update-ca-certificates is unavailable (${skipped} skipped)"
|
||||
fi
|
||||
}
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# build_container()
|
||||
#
|
||||
@@ -4693,7 +4565,6 @@ EOF
|
||||
local install_exit_code=0
|
||||
|
||||
_apply_http_proxy_in_container
|
||||
_apply_host_ca_certs_in_container
|
||||
|
||||
# Continue with standard container setup
|
||||
if [ "$var_os" == "alpine" ]; then
|
||||
|
||||
+175
-335
@@ -2483,6 +2483,150 @@ verify_gpg_fingerprint() {
|
||||
return 65
|
||||
}
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# _download_source_tarball <url> <dest> [curl args...]
|
||||
#
|
||||
# Downloads a source .tar.gz to <dest> and verifies the gzip stream is complete
|
||||
# before returning. Source forges (GitHub/GitLab/Codeberg) build these archives
|
||||
# on the fly; for large repos the response is occasionally a truncated-but-
|
||||
# cleanly-closed gzip that curl accepts as success (HTTP 200) and which then
|
||||
# fails at extraction time. We validate with `gzip -t` and re-download on
|
||||
# failure, and abort stalled transfers (--speed-time) so a hung generation
|
||||
# retries instead of blocking for minutes. Extra args pass through to curl
|
||||
# (e.g. auth headers like -H "PRIVATE-TOKEN: ...").
|
||||
#
|
||||
# Returns: 0 on success, 250 on persistent failure.
|
||||
# ------------------------------------------------------------------------------
|
||||
_download_source_tarball() {
|
||||
local url="$1" dest="$2"
|
||||
shift 2
|
||||
local attempt max=3
|
||||
for ((attempt = 1; attempt <= max; attempt++)); do
|
||||
if curl --connect-timeout 15 --max-time 900 --speed-limit 1024 --speed-time 60 \
|
||||
-fsSL "$@" -o "$dest" "$url" && gzip -t "$dest" 2>/dev/null; then
|
||||
return 0
|
||||
fi
|
||||
rm -f "$dest"
|
||||
((attempt < max)) && {
|
||||
msg_warn "Source archive download failed or incomplete (attempt ${attempt}/${max}), retrying..."
|
||||
sleep $((attempt * 3))
|
||||
}
|
||||
done
|
||||
return 250
|
||||
}
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# _deploy_source_tarball <tarball_path> <target> <workdir>
|
||||
#
|
||||
# Shared tail for the *source tarball* modes of the fetch_and_deploy_* helpers
|
||||
# (GitHub/GitLab/Codeberg archive tarballs that contain a single top-level
|
||||
# directory). Extracts <tarball_path> into <workdir>, then copies the contents
|
||||
# of that top-level directory into <target>.
|
||||
#
|
||||
# - Honors CLEAN_INSTALL=1 (wipes <target> first, dotfiles included).
|
||||
# - Does NOT own <workdir>: the caller creates it and is responsible for its
|
||||
# cleanup (typically via a RETURN trap on its tmpdir).
|
||||
# - cp failures are non-fatal here, matching the previous inline behavior.
|
||||
#
|
||||
# Returns: 0 on success (or non-fatal cp failure), 251 on extraction failure.
|
||||
# ------------------------------------------------------------------------------
|
||||
_deploy_source_tarball() {
|
||||
local tarball="$1" target="$2" workdir="$3"
|
||||
|
||||
mkdir -p "$target"
|
||||
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
|
||||
find "${target:?}" -mindepth 1 -delete
|
||||
fi
|
||||
|
||||
tar --no-same-owner -xzf "$tarball" -C "$workdir" || {
|
||||
msg_error "Failed to extract tarball"
|
||||
return 251
|
||||
}
|
||||
|
||||
local unpack_dir
|
||||
unpack_dir=$(find "$workdir" -mindepth 1 -maxdepth 1 -type d | head -n1)
|
||||
|
||||
shopt -s dotglob nullglob
|
||||
cp -r "$unpack_dir"/* "$target/"
|
||||
shopt -u dotglob nullglob
|
||||
return 0
|
||||
}
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# _deploy_unpacked_archive <archive_path> <target> <workdir>
|
||||
#
|
||||
# Shared tail for the *prebuild* modes of the fetch_and_deploy_*_release helpers
|
||||
# (release assets shipped as .zip / .tar.* / .tgz / .txz). Extracts the archive
|
||||
# into <workdir>, then copies its payload into <target>. If the archive contains
|
||||
# a single top-level directory, that directory is stripped (its contents land
|
||||
# directly in <target>); otherwise the archive contents are copied as-is.
|
||||
#
|
||||
# - Honors CLEAN_INSTALL=1 (wipes <target> first, dotfiles included).
|
||||
# - Does NOT own <workdir>: the caller creates it and cleans it up.
|
||||
#
|
||||
# Returns: 0 on success, 65 on unsupported format, 251 on extraction failure,
|
||||
# 252 on copy failure / empty archive.
|
||||
# ------------------------------------------------------------------------------
|
||||
_deploy_unpacked_archive() {
|
||||
local archive="$1" target="$2" workdir="$3"
|
||||
local filename="${archive##*/}"
|
||||
|
||||
mkdir -p "$target"
|
||||
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
|
||||
find "${target:?}" -mindepth 1 -delete
|
||||
fi
|
||||
|
||||
if [[ "$filename" == *.zip ]]; then
|
||||
ensure_dependencies unzip
|
||||
unzip -q "$archive" -d "$workdir" || {
|
||||
msg_error "Failed to extract ZIP archive"
|
||||
return 251
|
||||
}
|
||||
elif [[ "$filename" == *.tar.* || "$filename" == *.tgz || "$filename" == *.txz ]]; then
|
||||
tar --no-same-owner -xf "$archive" -C "$workdir" || {
|
||||
msg_error "Failed to extract TAR archive"
|
||||
return 251
|
||||
}
|
||||
else
|
||||
msg_error "Unsupported archive format: $filename"
|
||||
return 65
|
||||
fi
|
||||
|
||||
local top_entries inner_dir
|
||||
top_entries=$(find "$workdir" -mindepth 1 -maxdepth 1)
|
||||
if [[ "$(echo "$top_entries" | wc -l)" -eq 1 && -d "$top_entries" ]]; then
|
||||
inner_dir="$top_entries"
|
||||
shopt -s dotglob nullglob
|
||||
if compgen -G "$inner_dir/*" >/dev/null; then
|
||||
cp -r "$inner_dir"/* "$target/" || {
|
||||
msg_error "Failed to copy contents from $inner_dir to $target"
|
||||
shopt -u dotglob nullglob
|
||||
return 252
|
||||
}
|
||||
else
|
||||
msg_error "Inner directory is empty: $inner_dir"
|
||||
shopt -u dotglob nullglob
|
||||
return 252
|
||||
fi
|
||||
shopt -u dotglob nullglob
|
||||
else
|
||||
shopt -s dotglob nullglob
|
||||
if compgen -G "$workdir/*" >/dev/null; then
|
||||
cp -r "$workdir"/* "$target/" || {
|
||||
msg_error "Failed to copy contents to $target"
|
||||
shopt -u dotglob nullglob
|
||||
return 252
|
||||
}
|
||||
else
|
||||
msg_error "Unpacked archive is empty"
|
||||
shopt -u dotglob nullglob
|
||||
return 252
|
||||
fi
|
||||
shopt -u dotglob nullglob
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Fetches and deploys a GitHub tag-based source tarball.
|
||||
#
|
||||
@@ -2531,36 +2675,19 @@ fetch_and_deploy_gh_tag() {
|
||||
|
||||
local tmpdir
|
||||
tmpdir=$(mktemp -d) || return 1
|
||||
trap 'rm -rf "$tmpdir"' RETURN
|
||||
local tarball_url="https://github.com/${repo}/archive/refs/tags/${version}.tar.gz"
|
||||
local filename="${app_lc}-${version}.tar.gz"
|
||||
|
||||
msg_info "Fetching GitHub tag: ${app} (${version})"
|
||||
|
||||
download_file "$tarball_url" "$tmpdir/$filename" || {
|
||||
_download_source_tarball "$tarball_url" "$tmpdir/$filename" || {
|
||||
msg_error "Download failed: $tarball_url"
|
||||
rm -rf "$tmpdir"
|
||||
return 7
|
||||
}
|
||||
|
||||
mkdir -p "$target"
|
||||
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
|
||||
find "${target:?}" -mindepth 1 -delete
|
||||
fi
|
||||
_deploy_source_tarball "$tmpdir/$filename" "$target" "$tmpdir" || return 251
|
||||
|
||||
tar --no-same-owner -xzf "$tmpdir/$filename" -C "$tmpdir" || {
|
||||
msg_error "Failed to extract tarball"
|
||||
rm -rf "$tmpdir"
|
||||
return 251
|
||||
}
|
||||
|
||||
local unpack_dir
|
||||
unpack_dir=$(find "$tmpdir" -mindepth 1 -maxdepth 1 -type d | head -n1)
|
||||
|
||||
shopt -s dotglob nullglob
|
||||
cp -r "$unpack_dir"/* "$target/"
|
||||
shopt -u dotglob nullglob
|
||||
|
||||
rm -rf "$tmpdir"
|
||||
echo "$version" >"$version_file"
|
||||
msg_ok "Deployed ${app} ${version} to ${target}"
|
||||
return 0
|
||||
@@ -2725,35 +2852,18 @@ fetch_and_deploy_gl_tag() {
|
||||
|
||||
local tmpdir
|
||||
tmpdir=$(mktemp -d) || return 1
|
||||
trap 'rm -rf "$tmpdir"' RETURN
|
||||
local filename="${app_lc}-${version_safe}.tar.gz"
|
||||
|
||||
msg_info "Fetching GitLab tag: ${app} (${resolved_tag})"
|
||||
|
||||
curl $download_timeout -fsSL "${header[@]}" -o "$tmpdir/$filename" "$tarball_url" || {
|
||||
_download_source_tarball "$tarball_url" "$tmpdir/$filename" "${header[@]}" || {
|
||||
msg_error "Download failed: $tarball_url"
|
||||
rm -rf "$tmpdir"
|
||||
return 7
|
||||
}
|
||||
|
||||
mkdir -p "$target"
|
||||
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
|
||||
find "${target:?}" -mindepth 1 -delete
|
||||
fi
|
||||
_deploy_source_tarball "$tmpdir/$filename" "$target" "$tmpdir" || return 251
|
||||
|
||||
tar --no-same-owner -xzf "$tmpdir/$filename" -C "$tmpdir" || {
|
||||
msg_error "Failed to extract tarball"
|
||||
rm -rf "$tmpdir"
|
||||
return 251
|
||||
}
|
||||
|
||||
local unpack_dir
|
||||
unpack_dir=$(find "$tmpdir" -mindepth 1 -maxdepth 1 -type d | head -n1)
|
||||
|
||||
shopt -s dotglob nullglob
|
||||
cp -r "$unpack_dir"/* "$target/"
|
||||
shopt -u dotglob nullglob
|
||||
|
||||
rm -rf "$tmpdir"
|
||||
echo "$resolved_tag" >"$version_file"
|
||||
msg_ok "Deployed ${app} ${resolved_tag} to ${target}"
|
||||
return 0
|
||||
@@ -3450,6 +3560,7 @@ fetch_and_deploy_codeberg_release() {
|
||||
|
||||
local tmpdir
|
||||
tmpdir=$(mktemp -d) || return 252
|
||||
trap 'rm -rf "$tmpdir"' RETURN
|
||||
|
||||
msg_info "Fetching Codeberg tag: $app ($tag_name)"
|
||||
|
||||
@@ -3460,37 +3571,19 @@ fetch_and_deploy_codeberg_release() {
|
||||
|
||||
# Codeberg archive URL format: https://codeberg.org/{owner}/{repo}/archive/{tag}.tar.gz
|
||||
local archive_url="https://codeberg.org/$repo/archive/${tag_name}.tar.gz"
|
||||
if curl_download "$tmpdir/$filename" "$archive_url"; then
|
||||
if _download_source_tarball "$archive_url" "$tmpdir/$filename"; then
|
||||
download_success=true
|
||||
fi
|
||||
|
||||
if [[ "$download_success" != "true" ]]; then
|
||||
msg_error "Download failed for $app ($tag_name)"
|
||||
rm -rf "$tmpdir"
|
||||
return 250
|
||||
fi
|
||||
|
||||
mkdir -p "$target"
|
||||
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
|
||||
find "${target:?}" -mindepth 1 -delete
|
||||
fi
|
||||
|
||||
tar --no-same-owner -xzf "$tmpdir/$filename" -C "$tmpdir" || {
|
||||
msg_error "Failed to extract tarball"
|
||||
rm -rf "$tmpdir"
|
||||
return 251
|
||||
}
|
||||
|
||||
local unpack_dir
|
||||
unpack_dir=$(find "$tmpdir" -mindepth 1 -maxdepth 1 -type d | head -n1)
|
||||
|
||||
shopt -s dotglob nullglob
|
||||
cp -r "$unpack_dir"/* "$target/"
|
||||
shopt -u dotglob nullglob
|
||||
_deploy_source_tarball "$tmpdir/$filename" "$target" "$tmpdir" || return 251
|
||||
|
||||
echo "$version" >"$version_file"
|
||||
msg_ok "Deployed: $app ($version)"
|
||||
rm -rf "$tmpdir"
|
||||
return 0
|
||||
fi
|
||||
|
||||
@@ -3509,7 +3602,7 @@ fetch_and_deploy_codeberg_release() {
|
||||
|
||||
local codeberg_rel_json
|
||||
codeberg_rel_json=$(mktemp /tmp/tools-codeberg-rel-XXXXXX) || return 73
|
||||
trap 'rm -f "$codeberg_rel_json"' RETURN
|
||||
trap 'rm -f "$codeberg_rel_json"; rm -rf "${tmpdir:-}" "${unpack_tmp:-}"' RETURN
|
||||
|
||||
local attempt=0 success=false resp http_code
|
||||
|
||||
@@ -3563,32 +3656,16 @@ fetch_and_deploy_codeberg_release() {
|
||||
|
||||
# Codeberg archive URL format
|
||||
local archive_url="https://codeberg.org/$repo/archive/${tag_name}.tar.gz"
|
||||
if curl_download "$tmpdir/$filename" "$archive_url"; then
|
||||
if _download_source_tarball "$archive_url" "$tmpdir/$filename"; then
|
||||
download_success=true
|
||||
fi
|
||||
|
||||
if [[ "$download_success" != "true" ]]; then
|
||||
msg_error "Download failed for $app ($tag_name)"
|
||||
rm -rf "$tmpdir"
|
||||
return 250
|
||||
fi
|
||||
|
||||
mkdir -p "$target"
|
||||
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
|
||||
find "${target:?}" -mindepth 1 -delete
|
||||
fi
|
||||
|
||||
tar --no-same-owner -xzf "$tmpdir/$filename" -C "$tmpdir" || {
|
||||
msg_error "Failed to extract tarball"
|
||||
rm -rf "$tmpdir"
|
||||
return 251
|
||||
}
|
||||
local unpack_dir
|
||||
unpack_dir=$(find "$tmpdir" -mindepth 1 -maxdepth 1 -type d | head -n1)
|
||||
|
||||
shopt -s dotglob nullglob
|
||||
cp -r "$unpack_dir"/* "$target/"
|
||||
shopt -u dotglob nullglob
|
||||
_deploy_source_tarball "$tmpdir/$filename" "$target" "$tmpdir" || return 251
|
||||
|
||||
### Binary Mode ###
|
||||
elif [[ "$mode" == "binary" ]]; then
|
||||
@@ -3636,14 +3713,12 @@ fetch_and_deploy_codeberg_release() {
|
||||
|
||||
if [[ -z "$url_match" ]]; then
|
||||
msg_error "No suitable .deb asset found for $app"
|
||||
rm -rf "$tmpdir"
|
||||
return 252
|
||||
fi
|
||||
|
||||
filename="${url_match##*/}"
|
||||
curl_download "$tmpdir/$filename" "$url_match" || {
|
||||
msg_error "Download failed: $url_match"
|
||||
rm -rf "$tmpdir"
|
||||
return 250
|
||||
}
|
||||
|
||||
@@ -3651,7 +3726,6 @@ fetch_and_deploy_codeberg_release() {
|
||||
$STD apt install -y "$tmpdir/$filename" || {
|
||||
$STD dpkg -i "$tmpdir/$filename" || {
|
||||
_diagnose_deb_failure "$tmpdir/$filename"
|
||||
rm -rf "$tmpdir"
|
||||
return 100
|
||||
}
|
||||
}
|
||||
@@ -3662,7 +3736,6 @@ fetch_and_deploy_codeberg_release() {
|
||||
pattern="${pattern#\"}"
|
||||
[[ -z "$pattern" ]] && {
|
||||
msg_error "Mode 'prebuild' requires 6th parameter (asset filename pattern)"
|
||||
rm -rf "$tmpdir"
|
||||
return 65
|
||||
}
|
||||
|
||||
@@ -3679,77 +3752,18 @@ fetch_and_deploy_codeberg_release() {
|
||||
|
||||
[[ -z "$asset_url" ]] && {
|
||||
msg_error "No asset matching '$pattern' found"
|
||||
rm -rf "$tmpdir"
|
||||
return 252
|
||||
}
|
||||
|
||||
filename="${asset_url##*/}"
|
||||
curl_download "$tmpdir/$filename" "$asset_url" || {
|
||||
msg_error "Download failed: $asset_url"
|
||||
rm -rf "$tmpdir"
|
||||
return 250
|
||||
}
|
||||
|
||||
local unpack_tmp
|
||||
unpack_tmp=$(mktemp -d)
|
||||
mkdir -p "$target"
|
||||
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
|
||||
find "${target:?}" -mindepth 1 -delete
|
||||
fi
|
||||
|
||||
if [[ "$filename" == *.zip ]]; then
|
||||
ensure_dependencies unzip
|
||||
unzip -q "$tmpdir/$filename" -d "$unpack_tmp" || {
|
||||
msg_error "Failed to extract ZIP archive"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
return 251
|
||||
}
|
||||
elif [[ "$filename" == *.tar.* || "$filename" == *.tgz ]]; then
|
||||
tar --no-same-owner -xf "$tmpdir/$filename" -C "$unpack_tmp" || {
|
||||
msg_error "Failed to extract TAR archive"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
return 251
|
||||
}
|
||||
else
|
||||
msg_error "Unsupported archive format: $filename"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
return 251
|
||||
fi
|
||||
|
||||
local top_dirs
|
||||
top_dirs=$(find "$unpack_tmp" -mindepth 1 -maxdepth 1 -type d | wc -l)
|
||||
local top_entries inner_dir
|
||||
top_entries=$(find "$unpack_tmp" -mindepth 1 -maxdepth 1)
|
||||
if [[ "$(echo "$top_entries" | wc -l)" -eq 1 && -d "$top_entries" ]]; then
|
||||
inner_dir="$top_entries"
|
||||
shopt -s dotglob nullglob
|
||||
if compgen -G "$inner_dir/*" >/dev/null; then
|
||||
cp -r "$inner_dir"/* "$target/" || {
|
||||
msg_error "Failed to copy contents from $inner_dir to $target"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
return 252
|
||||
}
|
||||
else
|
||||
msg_error "Inner directory is empty: $inner_dir"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
return 252
|
||||
fi
|
||||
shopt -u dotglob nullglob
|
||||
else
|
||||
shopt -s dotglob nullglob
|
||||
if compgen -G "$unpack_tmp/*" >/dev/null; then
|
||||
cp -r "$unpack_tmp"/* "$target/" || {
|
||||
msg_error "Failed to copy contents to $target"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
return 252
|
||||
}
|
||||
else
|
||||
msg_error "Unpacked archive is empty"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
return 252
|
||||
fi
|
||||
shopt -u dotglob nullglob
|
||||
fi
|
||||
_deploy_unpacked_archive "$tmpdir/$filename" "$target" "$unpack_tmp" || return
|
||||
|
||||
### Singlefile Mode ###
|
||||
elif [[ "$mode" == "singlefile" ]]; then
|
||||
@@ -3757,7 +3771,6 @@ fetch_and_deploy_codeberg_release() {
|
||||
pattern="${pattern#\"}"
|
||||
[[ -z "$pattern" ]] && {
|
||||
msg_error "Mode 'singlefile' requires 6th parameter (asset filename pattern)"
|
||||
rm -rf "$tmpdir"
|
||||
return 65
|
||||
}
|
||||
|
||||
@@ -3774,7 +3787,6 @@ fetch_and_deploy_codeberg_release() {
|
||||
|
||||
[[ -z "$asset_url" ]] && {
|
||||
msg_error "No asset matching '$pattern' found"
|
||||
rm -rf "$tmpdir"
|
||||
return 252
|
||||
}
|
||||
|
||||
@@ -3787,7 +3799,6 @@ fetch_and_deploy_codeberg_release() {
|
||||
|
||||
curl_download "$target/$target_file" "$asset_url" || {
|
||||
msg_error "Download failed: $asset_url"
|
||||
rm -rf "$tmpdir"
|
||||
return 250
|
||||
}
|
||||
|
||||
@@ -3797,13 +3808,11 @@ fetch_and_deploy_codeberg_release() {
|
||||
|
||||
else
|
||||
msg_error "Unknown mode: $mode"
|
||||
rm -rf "$tmpdir"
|
||||
return 65
|
||||
fi
|
||||
|
||||
echo "$version" >"$version_file"
|
||||
msg_ok "Deployed: $app ($version)"
|
||||
rm -rf "$tmpdir"
|
||||
}
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
@@ -4090,6 +4099,7 @@ fetch_and_deploy_gh_release() {
|
||||
|
||||
local tmpdir
|
||||
tmpdir=$(mktemp -d) || return 1
|
||||
trap 'rm -rf "$tmpdir" "${unpack_tmp:-}"' RETURN
|
||||
local filename="" url=""
|
||||
|
||||
msg_info "Fetching GitHub release: $app ($version)"
|
||||
@@ -4104,28 +4114,12 @@ fetch_and_deploy_gh_release() {
|
||||
local direct_tarball_url="https://github.com/$repo/archive/refs/tags/$tag_name.tar.gz"
|
||||
filename="${app_lc}-${version_safe}.tar.gz"
|
||||
|
||||
curl_download "$tmpdir/$filename" "$direct_tarball_url" || {
|
||||
_download_source_tarball "$direct_tarball_url" "$tmpdir/$filename" || {
|
||||
msg_error "Download failed: $direct_tarball_url"
|
||||
rm -rf "$tmpdir"
|
||||
return 250
|
||||
}
|
||||
|
||||
mkdir -p "$target"
|
||||
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
|
||||
find "${target:?}" -mindepth 1 -delete
|
||||
fi
|
||||
|
||||
tar --no-same-owner -xzf "$tmpdir/$filename" -C "$tmpdir" || {
|
||||
msg_error "Failed to extract tarball"
|
||||
rm -rf "$tmpdir"
|
||||
return 251
|
||||
}
|
||||
local unpack_dir
|
||||
unpack_dir=$(find "$tmpdir" -mindepth 1 -maxdepth 1 -type d | head -n1)
|
||||
|
||||
shopt -s dotglob nullglob
|
||||
cp -r "$unpack_dir"/* "$target/"
|
||||
shopt -u dotglob nullglob
|
||||
_deploy_source_tarball "$tmpdir/$filename" "$target" "$tmpdir" || return 251
|
||||
|
||||
### Binary Mode ###
|
||||
elif [[ "$mode" == "binary" ]]; then
|
||||
@@ -4210,14 +4204,12 @@ fetch_and_deploy_gh_release() {
|
||||
|
||||
if [[ -z "$url_match" ]]; then
|
||||
msg_error "No suitable .deb asset found for $app"
|
||||
rm -rf "$tmpdir"
|
||||
return 252
|
||||
fi
|
||||
|
||||
filename="${url_match##*/}"
|
||||
curl_download "$tmpdir/$filename" "$url_match" || {
|
||||
msg_error "Download failed: $url_match"
|
||||
rm -rf "$tmpdir"
|
||||
return 250
|
||||
}
|
||||
|
||||
@@ -4230,7 +4222,6 @@ fetch_and_deploy_gh_release() {
|
||||
DEBIAN_FRONTEND=noninteractive SYSTEMD_OFFLINE=1 $STD apt install -y $dpkg_opts "$tmpdir/$filename" || {
|
||||
SYSTEMD_OFFLINE=1 $STD dpkg -i "$tmpdir/$filename" || {
|
||||
_diagnose_deb_failure "$tmpdir/$filename"
|
||||
rm -rf "$tmpdir"
|
||||
return 100
|
||||
}
|
||||
}
|
||||
@@ -4241,7 +4232,6 @@ fetch_and_deploy_gh_release() {
|
||||
pattern="${pattern#\"}"
|
||||
[[ -z "$pattern" ]] && {
|
||||
msg_error "Mode 'prebuild' requires 6th parameter (asset filename pattern)"
|
||||
rm -rf "$tmpdir"
|
||||
return 65
|
||||
}
|
||||
|
||||
@@ -4277,79 +4267,18 @@ fetch_and_deploy_gh_release() {
|
||||
|
||||
[[ -z "$asset_url" ]] && {
|
||||
msg_error "No asset matching '$pattern' found"
|
||||
rm -rf "$tmpdir"
|
||||
return 252
|
||||
}
|
||||
|
||||
filename="${asset_url##*/}"
|
||||
curl_download "$tmpdir/$filename" "$asset_url" || {
|
||||
msg_error "Download failed: $asset_url"
|
||||
rm -rf "$tmpdir"
|
||||
return 250
|
||||
}
|
||||
|
||||
local unpack_tmp
|
||||
unpack_tmp=$(mktemp -d)
|
||||
mkdir -p "$target"
|
||||
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
|
||||
find "${target:?}" -mindepth 1 -delete
|
||||
fi
|
||||
|
||||
if [[ "$filename" == *.zip ]]; then
|
||||
ensure_dependencies unzip
|
||||
unzip -q "$tmpdir/$filename" -d "$unpack_tmp" || {
|
||||
msg_error "Failed to extract ZIP archive"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
return 251
|
||||
}
|
||||
elif [[ "$filename" == *.tar.* || "$filename" == *.tgz || "$filename" == *.txz ]]; then
|
||||
tar --no-same-owner -xf "$tmpdir/$filename" -C "$unpack_tmp" || {
|
||||
msg_error "Failed to extract TAR archive"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
return 251
|
||||
}
|
||||
else
|
||||
msg_error "Unsupported archive format: $filename"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
return 65
|
||||
fi
|
||||
|
||||
local top_dirs
|
||||
top_dirs=$(find "$unpack_tmp" -mindepth 1 -maxdepth 1 -type d | wc -l)
|
||||
local top_entries inner_dir
|
||||
top_entries=$(find "$unpack_tmp" -mindepth 1 -maxdepth 1)
|
||||
if [[ "$(echo "$top_entries" | wc -l)" -eq 1 && -d "$top_entries" ]]; then
|
||||
# Strip leading folder
|
||||
inner_dir="$top_entries"
|
||||
shopt -s dotglob nullglob
|
||||
if compgen -G "$inner_dir/*" >/dev/null; then
|
||||
cp -r "$inner_dir"/* "$target/" || {
|
||||
msg_error "Failed to copy contents from $inner_dir to $target"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
return 252
|
||||
}
|
||||
else
|
||||
msg_error "Inner directory is empty: $inner_dir"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
return 252
|
||||
fi
|
||||
shopt -u dotglob nullglob
|
||||
else
|
||||
# Copy all contents
|
||||
shopt -s dotglob nullglob
|
||||
if compgen -G "$unpack_tmp/*" >/dev/null; then
|
||||
cp -r "$unpack_tmp"/* "$target/" || {
|
||||
msg_error "Failed to copy contents to $target"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
return 252
|
||||
}
|
||||
else
|
||||
msg_error "Unpacked archive is empty"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
return 252
|
||||
fi
|
||||
shopt -u dotglob nullglob
|
||||
fi
|
||||
_deploy_unpacked_archive "$tmpdir/$filename" "$target" "$unpack_tmp" || return
|
||||
|
||||
### Singlefile Mode ###
|
||||
elif [[ "$mode" == "singlefile" ]]; then
|
||||
@@ -4357,7 +4286,6 @@ fetch_and_deploy_gh_release() {
|
||||
pattern="${pattern#\"}"
|
||||
[[ -z "$pattern" ]] && {
|
||||
msg_error "Mode 'singlefile' requires 6th parameter (asset filename pattern)"
|
||||
rm -rf "$tmpdir"
|
||||
return 65
|
||||
}
|
||||
|
||||
@@ -4392,7 +4320,6 @@ fetch_and_deploy_gh_release() {
|
||||
fi
|
||||
[[ -z "$asset_url" ]] && {
|
||||
msg_error "No asset matching '$pattern' found"
|
||||
rm -rf "$tmpdir"
|
||||
return 252
|
||||
}
|
||||
|
||||
@@ -4405,7 +4332,6 @@ fetch_and_deploy_gh_release() {
|
||||
|
||||
curl_download "$target/$target_file" "$asset_url" || {
|
||||
msg_error "Download failed: $asset_url"
|
||||
rm -rf "$tmpdir"
|
||||
return 250
|
||||
}
|
||||
|
||||
@@ -4415,13 +4341,11 @@ fetch_and_deploy_gh_release() {
|
||||
|
||||
else
|
||||
msg_error "Unknown mode: $mode"
|
||||
rm -rf "$tmpdir"
|
||||
return 65
|
||||
fi
|
||||
|
||||
echo "$version" >"$version_file"
|
||||
msg_ok "Deployed: $app ($version)"
|
||||
rm -rf "$tmpdir"
|
||||
}
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
@@ -8713,6 +8637,11 @@ setup_ruby() {
|
||||
local BASHRC_FILE="$HOME/.bashrc"
|
||||
local TMP_DIR=$(mktemp -d)
|
||||
|
||||
# Ensure HOME exists: callers may pass a not-yet-created home (e.g. a service
|
||||
# user that is created later in the install), so the profile writes below do
|
||||
# not fail on a missing directory.
|
||||
mkdir -p "$HOME"
|
||||
|
||||
if ! grep -q 'rbenv init' "$PROFILE_FILE" 2>/dev/null; then
|
||||
cat <<'EOF' >>"$PROFILE_FILE"
|
||||
export PATH="$HOME/.rbenv/bin:$PATH"
|
||||
@@ -9343,10 +9272,10 @@ fetch_and_deploy_from_url() {
|
||||
msg_error "Failed to create temporary directory"
|
||||
return 252
|
||||
}
|
||||
trap 'rm -rf "$tmpdir" "${unpack_tmp:-}"' RETURN
|
||||
|
||||
curl -fsSL -o "$tmpdir/$filename" "$url" || {
|
||||
msg_error "Download failed: $url"
|
||||
rm -rf "$tmpdir"
|
||||
return 250
|
||||
}
|
||||
|
||||
@@ -9366,7 +9295,6 @@ fetch_and_deploy_from_url() {
|
||||
archive_type="tar"
|
||||
else
|
||||
msg_error "Unsupported or unknown archive type: $file_desc"
|
||||
rm -rf "$tmpdir"
|
||||
return 65
|
||||
fi
|
||||
|
||||
@@ -9379,19 +9307,16 @@ fetch_and_deploy_from_url() {
|
||||
$STD apt install -y "$tmpdir/$filename" || {
|
||||
$STD dpkg -i "$tmpdir/$filename" || {
|
||||
_diagnose_deb_failure "$tmpdir/$filename"
|
||||
rm -rf "$tmpdir"
|
||||
return 100
|
||||
}
|
||||
}
|
||||
|
||||
rm -rf "$tmpdir"
|
||||
msg_ok "Successfully installed .deb package"
|
||||
return 0
|
||||
fi
|
||||
|
||||
if [[ -z "$directory" ]]; then
|
||||
msg_error "Directory parameter is required for archive extraction"
|
||||
rm -rf "$tmpdir"
|
||||
return 65
|
||||
fi
|
||||
|
||||
@@ -9410,13 +9335,11 @@ fetch_and_deploy_from_url() {
|
||||
ensure_dependencies unzip
|
||||
unzip -q "$tmpdir/$filename" -d "$unpack_tmp" || {
|
||||
msg_error "Failed to extract ZIP archive"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
return 251
|
||||
}
|
||||
elif [[ "$archive_type" == "tar" ]]; then
|
||||
tar --no-same-owner -xf "$tmpdir/$filename" -C "$unpack_tmp" || {
|
||||
msg_error "Failed to extract TAR archive"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
return 251
|
||||
}
|
||||
fi
|
||||
@@ -9430,12 +9353,12 @@ fetch_and_deploy_from_url() {
|
||||
if compgen -G "$inner_dir/*" >/dev/null; then
|
||||
cp -r "$inner_dir"/* "$directory/" || {
|
||||
msg_error "Failed to copy contents from $inner_dir to $directory"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
shopt -u dotglob nullglob
|
||||
return 252
|
||||
}
|
||||
else
|
||||
msg_error "Inner directory is empty: $inner_dir"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
shopt -u dotglob nullglob
|
||||
return 252
|
||||
fi
|
||||
shopt -u dotglob nullglob
|
||||
@@ -9444,18 +9367,17 @@ fetch_and_deploy_from_url() {
|
||||
if compgen -G "$unpack_tmp/*" >/dev/null; then
|
||||
cp -r "$unpack_tmp"/* "$directory/" || {
|
||||
msg_error "Failed to copy contents to $directory"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
shopt -u dotglob nullglob
|
||||
return 252
|
||||
}
|
||||
else
|
||||
msg_error "Unpacked archive is empty"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
shopt -u dotglob nullglob
|
||||
return 252
|
||||
fi
|
||||
shopt -u dotglob nullglob
|
||||
fi
|
||||
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
msg_ok "Successfully deployed archive to $directory"
|
||||
return 0
|
||||
}
|
||||
@@ -9856,7 +9778,7 @@ fetch_and_deploy_gl_release() {
|
||||
|
||||
local gl_rel_json
|
||||
gl_rel_json=$(mktemp /tmp/tools-gl-rel-XXXXXX) || return 73
|
||||
trap 'rm -f "$gl_rel_json"' RETURN
|
||||
trap 'rm -f "$gl_rel_json"; rm -rf "${tmpdir:-}" "${unpack_tmp:-}"' RETURN
|
||||
|
||||
local repo_encoded
|
||||
repo_encoded=$(printf '%s' "$repo" | sed 's|/|%2F|g')
|
||||
@@ -9968,28 +9890,12 @@ fetch_and_deploy_gl_release() {
|
||||
local direct_tarball_url="https://gitlab.com/$repo/-/archive/$tag_name/${app_lc}-${version_safe}.tar.gz"
|
||||
filename="${app_lc}-${version_safe}.tar.gz"
|
||||
|
||||
curl $download_timeout -fsSL "${header[@]}" -o "$tmpdir/$filename" "$direct_tarball_url" || {
|
||||
_download_source_tarball "$direct_tarball_url" "$tmpdir/$filename" "${header[@]}" || {
|
||||
msg_error "Download failed: $direct_tarball_url"
|
||||
rm -rf "$tmpdir"
|
||||
return 1
|
||||
}
|
||||
|
||||
mkdir -p "$target"
|
||||
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
|
||||
find "${target:?}" -mindepth 1 -delete
|
||||
fi
|
||||
|
||||
tar --no-same-owner -xzf "$tmpdir/$filename" -C "$tmpdir" || {
|
||||
msg_error "Failed to extract tarball"
|
||||
rm -rf "$tmpdir"
|
||||
return 1
|
||||
}
|
||||
local unpack_dir
|
||||
unpack_dir=$(find "$tmpdir" -mindepth 1 -maxdepth 1 -type d | head -n1)
|
||||
|
||||
shopt -s dotglob nullglob
|
||||
cp -r "$unpack_dir"/* "$target/"
|
||||
shopt -u dotglob nullglob
|
||||
_deploy_source_tarball "$tmpdir/$filename" "$target" "$tmpdir" || return 1
|
||||
|
||||
### Binary Mode ###
|
||||
elif [[ "$mode" == "binary" ]]; then
|
||||
@@ -10059,14 +9965,12 @@ fetch_and_deploy_gl_release() {
|
||||
|
||||
if [[ -z "$url_match" ]]; then
|
||||
msg_error "No suitable .deb asset found for $app"
|
||||
rm -rf "$tmpdir"
|
||||
return 1
|
||||
fi
|
||||
|
||||
filename="${url_match##*/}"
|
||||
curl $download_timeout -fsSL "${header[@]}" -o "$tmpdir/$filename" "$url_match" || {
|
||||
msg_error "Download failed: $url_match"
|
||||
rm -rf "$tmpdir"
|
||||
return 1
|
||||
}
|
||||
|
||||
@@ -10077,7 +9981,6 @@ fetch_and_deploy_gl_release() {
|
||||
DEBIAN_FRONTEND=noninteractive SYSTEMD_OFFLINE=1 $STD apt install -y $dpkg_opts "$tmpdir/$filename" || {
|
||||
SYSTEMD_OFFLINE=1 $STD dpkg -i "$tmpdir/$filename" || {
|
||||
_diagnose_deb_failure "$tmpdir/$filename"
|
||||
rm -rf "$tmpdir"
|
||||
return 1
|
||||
}
|
||||
}
|
||||
@@ -10088,7 +9991,6 @@ fetch_and_deploy_gl_release() {
|
||||
pattern="${pattern#\"}"
|
||||
[[ -z "$pattern" ]] && {
|
||||
msg_error "Mode 'prebuild' requires 6th parameter (asset filename pattern)"
|
||||
rm -rf "$tmpdir"
|
||||
return 1
|
||||
}
|
||||
|
||||
@@ -10123,75 +10025,18 @@ fetch_and_deploy_gl_release() {
|
||||
|
||||
[[ -z "$asset_url" ]] && {
|
||||
msg_error "No asset matching '$pattern' found"
|
||||
rm -rf "$tmpdir"
|
||||
return 1
|
||||
}
|
||||
|
||||
filename="${asset_url##*/}"
|
||||
curl $download_timeout -fsSL "${header[@]}" -o "$tmpdir/$filename" "$asset_url" || {
|
||||
msg_error "Download failed: $asset_url"
|
||||
rm -rf "$tmpdir"
|
||||
return 1
|
||||
}
|
||||
|
||||
local unpack_tmp
|
||||
unpack_tmp=$(mktemp -d)
|
||||
mkdir -p "$target"
|
||||
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
|
||||
find "${target:?}" -mindepth 1 -delete
|
||||
fi
|
||||
|
||||
if [[ "$filename" == *.zip ]]; then
|
||||
ensure_dependencies unzip
|
||||
unzip -q "$tmpdir/$filename" -d "$unpack_tmp" || {
|
||||
msg_error "Failed to extract ZIP archive"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
return 1
|
||||
}
|
||||
elif [[ "$filename" == *.tar.* || "$filename" == *.tgz || "$filename" == *.txz ]]; then
|
||||
tar --no-same-owner -xf "$tmpdir/$filename" -C "$unpack_tmp" || {
|
||||
msg_error "Failed to extract TAR archive"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
return 1
|
||||
}
|
||||
else
|
||||
msg_error "Unsupported archive format: $filename"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
return 1
|
||||
fi
|
||||
|
||||
local top_entries inner_dir
|
||||
top_entries=$(find "$unpack_tmp" -mindepth 1 -maxdepth 1)
|
||||
if [[ "$(echo "$top_entries" | wc -l)" -eq 1 && -d "$top_entries" ]]; then
|
||||
inner_dir="$top_entries"
|
||||
shopt -s dotglob nullglob
|
||||
if compgen -G "$inner_dir/*" >/dev/null; then
|
||||
cp -r "$inner_dir"/* "$target/" || {
|
||||
msg_error "Failed to copy contents from $inner_dir to $target"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
return 1
|
||||
}
|
||||
else
|
||||
msg_error "Inner directory is empty: $inner_dir"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
return 1
|
||||
fi
|
||||
shopt -u dotglob nullglob
|
||||
else
|
||||
shopt -s dotglob nullglob
|
||||
if compgen -G "$unpack_tmp/*" >/dev/null; then
|
||||
cp -r "$unpack_tmp"/* "$target/" || {
|
||||
msg_error "Failed to copy contents to $target"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
return 1
|
||||
}
|
||||
else
|
||||
msg_error "Unpacked archive is empty"
|
||||
rm -rf "$tmpdir" "$unpack_tmp"
|
||||
return 1
|
||||
fi
|
||||
shopt -u dotglob nullglob
|
||||
fi
|
||||
_deploy_unpacked_archive "$tmpdir/$filename" "$target" "$unpack_tmp" || return
|
||||
|
||||
### Singlefile Mode ###
|
||||
elif [[ "$mode" == "singlefile" ]]; then
|
||||
@@ -10199,7 +10044,6 @@ fetch_and_deploy_gl_release() {
|
||||
pattern="${pattern#\"}"
|
||||
[[ -z "$pattern" ]] && {
|
||||
msg_error "Mode 'singlefile' requires 6th parameter (asset filename pattern)"
|
||||
rm -rf "$tmpdir"
|
||||
return 1
|
||||
}
|
||||
|
||||
@@ -10234,7 +10078,6 @@ fetch_and_deploy_gl_release() {
|
||||
|
||||
[[ -z "$asset_url" ]] && {
|
||||
msg_error "No asset matching '$pattern' found"
|
||||
rm -rf "$tmpdir"
|
||||
return 1
|
||||
}
|
||||
|
||||
@@ -10247,7 +10090,6 @@ fetch_and_deploy_gl_release() {
|
||||
|
||||
curl $download_timeout -fsSL "${header[@]}" -o "$target/$target_file" "$asset_url" || {
|
||||
msg_error "Download failed: $asset_url"
|
||||
rm -rf "$tmpdir"
|
||||
return 1
|
||||
}
|
||||
|
||||
@@ -10257,13 +10099,11 @@ fetch_and_deploy_gl_release() {
|
||||
|
||||
else
|
||||
msg_error "Unknown mode: $mode"
|
||||
rm -rf "$tmpdir"
|
||||
return 1
|
||||
fi
|
||||
|
||||
echo "$version" >"$version_file"
|
||||
msg_ok "Deployed: $app ($version)"
|
||||
rm -rf "$tmpdir"
|
||||
}
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
+2
-2
@@ -24,7 +24,7 @@ RANDOM_UUID="$(cat /proc/sys/kernel/random/uuid)"
|
||||
METHOD=""
|
||||
NSAPP="opnsense-vm"
|
||||
var_os="opnsense"
|
||||
var_version="26.1"
|
||||
var_version="26.7"
|
||||
#
|
||||
GEN_MAC=02:$(openssl rand -hex 5 | awk '{print toupper($0)}' | sed 's/\(..\)/\1:/g; s/.$//')
|
||||
GEN_MAC_LAN=02:$(openssl rand -hex 5 | awk '{print toupper($0)}' | sed 's/\(..\)/\1:/g; s/.$//')
|
||||
@@ -814,7 +814,7 @@ if [ -n "$WAN_BRG" ]; then
|
||||
msg_ok "WAN interface added"
|
||||
sleep 5 # Brief pause after adding network interface
|
||||
fi
|
||||
send_line_to_vm "sh ./opnsense-bootstrap.sh.in -y -f -r 26.1"
|
||||
send_line_to_vm "sh ./opnsense-bootstrap.sh.in -y -f -r 26.7"
|
||||
msg_ok "OPNsense VM is being installed, do not close the terminal, or the installation will fail."
|
||||
#We need to wait for the OPNsense build proccess to finish, this takes a few minutes
|
||||
sleep 1000
|
||||
|
||||
Reference in New Issue
Block a user