Simplify APT retry logic and add insecure fallback

Replace the previous multi-step APT retry sequence (mirror swaps, sleeps, multiple retries) with a simpler fallback: on apt-get update failure disable Acquire::By-Hash, enable Acquire::AllowInsecureRepositories and attempt updates/installs using --allow-insecure-repositories/--allow-unauthenticated where needed. Restore secure settings and refresh lists afterwards, and preserve/propagate the original command exit status. Apply the same simplification in misc/build.func, misc/install.func and the Proxmox LXC cron updater (tools/pve/update-lxcs-cron.sh) to handle Debian repo desyncs more reliably and reduce complex retry logic.
2026-03-26 14:02:09 +01:00
parent 681c438e60
commit 6d213d511f
3 changed files with 18 additions and 99 deletions
--- a/misc/install.func
+++ b/misc/install.func
@@ -201,39 +201,15 @@ pkg_update() {
  case "$PKG_MANAGER" in
  apt)
    if ! $STD apt-get update; then
-      msg_warn "apt-get update failed, retrying with by-hash bypass and alternate mirror..."
+      msg_warn "apt-get update failed, bypassing hash verification (Debian repo desync)..."
+      echo 'Acquire::By-Hash "no";' >/etc/apt/apt.conf.d/99no-by-hash
+      echo 'Acquire::AllowInsecureRepositories "true";' >>/etc/apt/apt.conf.d/99no-by-hash
+      rm -rf /var/lib/apt/lists/*
+      $STD apt-get update --allow-insecure-repositories
+      # Restore secure settings
      echo 'Acquire::By-Hash "no";' >/etc/apt/apt.conf.d/99no-by-hash
      rm -rf /var/lib/apt/lists/*
-      if ! $STD apt-get update; then
-        # Retry with country mirror
-        for src in /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list; do
-          [[ -f "$src" ]] && sed -i 's|deb.debian.org|ftp.de.debian.org|g' "$src"
-        done
-        rm -rf /var/lib/apt/lists/*
-        if ! $STD apt-get update; then
-          # Wait for mirror sync, try original
-          sleep 30
-          for src in /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list; do
-            [[ -f "$src" ]] && sed -i 's|ftp.de.debian.org|deb.debian.org|g' "$src"
-          done
-          rm -rf /var/lib/apt/lists/*
-          if ! $STD apt-get update; then
-            # Last resort: temporarily allow insecure repos
-            msg_warn "All mirrors have hash mismatch, temporarily relaxing APT verification..."
-            echo 'Acquire::AllowInsecureRepositories "true";' >>/etc/apt/apt.conf.d/99no-by-hash
-            for src in /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list; do
-              [[ -f "$src" ]] && sed -i 's|deb.debian.org|ftp.debian.org|g' "$src"
-            done
-            rm -rf /var/lib/apt/lists/*
-            $STD apt-get update --allow-insecure-repositories
-            # Restore secure settings immediately
-            echo 'Acquire::By-Hash "no";' >/etc/apt/apt.conf.d/99no-by-hash
-            for src in /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list; do
-              [[ -f "$src" ]] && sed -i 's|ftp.debian.org|deb.debian.org|g' "$src"
-            done
-          fi
-        fi
-      fi
+      $STD apt-get update || true
    fi
    ;;
  apk)