Proxmox/ProxmoxVE
1
0
Fork 1
mirror of https://github.com/community-scripts/ProxmoxVE.git synced 2026-06-09 09:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
7d62e8319eb21babe54f3d5e95024b8fe5ae3612
ProxmoxVE/install/odoo-install.sh
T
Security Fix 7d62e8319e security: Fix HTTP to HTTPS for all package and repository downloads 
CRITICAL FIXES (CWE-494, CWE-300):
- tools/pve/microcode.sh:79 (Intel microcode)
- tools/pve/pbs-microcode.sh:93 (Intel microcode)

CONTAINER-LEVEL FIXES:
- install/deconz-install.sh: libssl1.1 .deb + setup_deb822_repo URLs
- install/odoo-install.sh: lxml-clean .deb
- ct/odoo.sh: lxml-clean .deb (update_script)

HOST-LEVEL REPOSITORY FIXES:
- tools/pve/post-pve-install.sh: Debian + Proxmox PVE repos
- tools/pve/post-pbs-install.sh: Debian + Proxmox PBS repos
- tools/pve/pve8-upgrade.sh: Debian + Proxmox PVE + Ceph repos
- tools/pve/pbs3-upgrade.sh: Debian + Proxmox PBS repos
- tools/pve/hw-acceleration.sh: Debian non-free repos (deb + deb-src)
- install/proxmox-backup-server-install.sh: Proxmox PBS repo
- install/medusa-install.sh: Debian non-free repo
- install/globaleaks-install.sh: GlobaLeaks repository

CHANGES:
 All http:// → https:// for package downloads
 All http:// → https:// for repository configurations
 Added --proto '=https' to curl commands for protocol enforcement
 Improved quoting for file variables

IMPACT:
- Prevents MITM attacks on package installations
- Prevents MITM attacks on repository configuration
- Enforces TLS transport security across all downloads
- Brings consistency with security best practices

CVSS: 6.5 (Medium) - CWE-494, CWE-300, CWE-829
2026-06-08 21:26:18 +02:00

73 lines
2.4 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/tteck/Proxmox/raw/main/LICENSE
# Source: https://github.com/odoo/odoo
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y python3-lxml wkhtmltopdf
curl -fsSL --proto '=https' "https://archive.ubuntu.com/ubuntu/pool/universe/l/lxml-html-clean/python3-lxml-html-clean_0.1.1-1_all.deb" -o /opt/python3-lxml-html-clean.deb
$STD dpkg -i /opt/python3-lxml-html-clean.deb
msg_ok "Installed Dependencies"
PG_VERSION="18" setup_postgresql
RELEASE=$(curl -fsSL https://nightly.odoo.com/ | grep -oE 'href="[0-9]+\.[0-9]+/nightly"' | head -n1 | cut -d'"' -f2 | cut -d/ -f1)
LATEST_VERSION=$(curl -fsSL "https://nightly.odoo.com/${RELEASE}/nightly/deb/" |
grep -oP "odoo_${RELEASE}\.\d+_all\.deb" |
sed -E "s/odoo_(${RELEASE}\.[0-9]+)_all\.deb/\1/" |
sort -V |
tail -n1)
msg_info "Setup Odoo $RELEASE"
curl -fsSL https://nightly.odoo.com/${RELEASE}/nightly/deb/odoo_${RELEASE}.latest_all.deb -o /opt/odoo.deb
$STD apt install -y /opt/odoo.deb
msg_ok "Setup Odoo $RELEASE"
msg_info "Setup PostgreSQL Database"
DB_NAME="odoo"
DB_USER="odoo_usr"
DB_PASS="$(openssl rand -base64 18 | cut -c1-13)"
$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME;"
$STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';"
$STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;"
$STD sudo -u postgres psql -c "ALTER DATABASE $DB_NAME OWNER TO $DB_USER;"
$STD sudo -u postgres psql -c "ALTER USER $DB_USER WITH SUPERUSER;"
{
echo "Odoo-Credentials"
echo -e "Odoo Database User: $DB_USER"
echo -e "Odoo Database Password: $DB_PASS"
echo -e "Odoo Database Name: $DB_NAME"
} >>~/odoo.creds
msg_ok "Setup PostgreSQL"
msg_info "Configuring Odoo"
sed -i \
-e "s|^;*db_host *=.*|db_host = localhost|" \
-e "s|^;*db_port *=.*|db_port = 5432|" \
-e "s|^;*db_user *=.*|db_user = $DB_USER|" \
-e "s|^;*db_password *=.*|db_password = $DB_PASS|" \
/etc/odoo/odoo.conf
$STD sudo -u odoo odoo -c /etc/odoo/odoo.conf -d odoo -i base --stop-after-init
rm -f /opt/odoo.deb
rm -f /opt/python3-lxml-html-clean.deb
echo "${LATEST_VERSION}" >/opt/${APPLICATION}_version.txt
msg_ok "Configured Odoo"
msg_info "Restarting Odoo"
systemctl restart odoo
msg_ok "Restarted Odoo"
motd_ssh
customize
cleanup_lxc
Reference in New Issue View Git Blame Copy Permalink