Proxmox/ProxmoxVE
1
0
Fork 1
mirror of https://github.com/community-scripts/ProxmoxVE.git synced 2026-06-09 09:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
a171668d3fb8da684d464ac79db1f51b76ebfd70
ProxmoxVE/install/deconz-install.sh
T
Security Fix 34243ff62f security: Fix HTTP to HTTPS for package downloads (container-level) 
- install/deconz-install.sh: Switch GPG key and repository URLs to HTTPS
- install/deconz-install.sh: Switch libssl1.1 .deb download to HTTPS with --proto flag
- install/odoo-install.sh: Switch python3-lxml-html-clean .deb download to HTTPS
- ct/odoo.sh: Switch python3-lxml-html-clean .deb download to HTTPS in update_script

Changes:
  - All http:// → https:// for package/key downloads
  - Added --proto '=https' to prevent protocol downgrade
  - Improved quoting for file variables

Impact: Prevents MITM attacks on container installations
Affected containers: deconz, odoo
Related to: security/fix-microcode-https PR (host-level fix)
2026-06-08 21:20:24 +02:00

55 lines
1.4 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# Copyright (c) 2021-2026 tteck
# Author: tteck (tteckster)
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://www.phoscon.de/en/conbee2/software#deconz
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Setting Phoscon Repository"
setup_deb822_repo \
"deconz" \
"https://phoscon.de/apt/deconz.pub.key" \
"https://phoscon.de/apt/deconz" \
"generic"
msg_ok "Setup Phoscon Repository"
msg_info "Installing deConz"
libssl=$(curl -fsSL --proto '=https' "https://security.ubuntu.com/ubuntu/pool/main/o/openssl/" | grep -o 'libssl1\.1_1\.1\.1f-1ubuntu2\.2[^"]*amd64\.deb' | head -n1)
curl -fsSL --proto '=https' "https://security.ubuntu.com/ubuntu/pool/main/o/openssl/$libssl" -o "$libssl"
$STD dpkg -i "$libssl"
$STD apt install -y deconz
rm -rf "$libssl"
msg_ok "Installed deConz"
msg_info "Creating Service"
cat <<EOF >/lib/systemd/system/deconz.service
[Unit]
Description=deCONZ: ZigBee gateway -- REST API
Wants=deconz-init.service deconz-update.service
StartLimitIntervalSec=0
[Service]
User=root
ExecStart=/usr/bin/deCONZ -platform minimal --http-port=80
Restart=on-failure
RestartSec=30
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_KILL CAP_SYS_BOOT CAP_SYS_TIME
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now deconz
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc
Reference in New Issue View Git Blame Copy Permalink