Append a guarded snippet to /root/.bash_profile that forces TERM=linux on physical LXC consoles (e.g. noVNC) for login shells. This prevents readline (8.2+) from querying CPR (ESC[6n) which can produce stray R;80R garbage; the change runs only for non-SSH sessions and detects /dev/console or /dev/ttyN. The block is only added if a __cs_console_term marker is not already present.
Reset shell command hash in spinner and make sleep resilient to shells without redirected sleep, preventing stale PATH lookups and failures in background subshells. Improve Gentoo bootstrap by syncing portage (emerge-webrsync or emerge --sync), preferring binary packages (--getbinpkg --usepkg) before falling back to source emerge, and add a fallback fetcher: prefer curl but use wget if curl is unavailable; fail with a clear error if neither is present. Replace direct curl sourcing with a configurable _fetch command to support the wget fallback.
Add a forced container env (_ct_env) exporting LC_ALL/LANG=C.UTF-8 and DEBIAN_FRONTEND to ensure commands (apt, sed, locale-gen, getent, tz setup) run reliably in fresh templates that lack generated locales. Use the env when running pct exec for locale setup, timezone symlink, DNS checks, and apt installs.
Improve terminal handling: set TERM=xterm-256color only for SSH sessions by appending a guarded block to /root/.bashrc, disable /etc/profile.d/vte.{sh,csh} by renaming them to avoid CSI 6n prompt garbage on LXC/noVNC consoles, and add /etc/profile.d/00-lxc-term-size.sh to force a sane stty rows/cols when the pseudo-tty reports 0x0. These changes prevent locale-related errors and stray CSI responses in LXC containers.
Configure both container-getty@1 and console-getty to auto-login root with unified agetty options, ensuring either Proxmox noVNC (/dev/tty1) or pct/serial (/dev/console) works. Add stable _agetty_opts, write per-service override files, enable console-getty on distros that need it, and reload systemd. Disable vte profile scripts to avoid cursor-query noise on first prompt, restart only active getty services to avoid duplicates, and create /root/.hushlogin to suppress login messages.
Refine LXC container bootstrap and sysvinit autologin handling.
- Fix case branch formatting and change Debian-family check to an elif to avoid logic fall-through.
- Add a non-apt branch for Fedora/Rocky/Alma/CentOS/openEuler/openSUSE/Arch/Gentoo that sets the container timezone from the host and ensures curl is installed via the appropriate package manager.
- Improve sysvinit (/etc/inittab) auto-login changes: use more robust sed patterns, append a console autologin entry via heredoc, signal init to reload inittab before killing getty processes, and target getty processes more precisely to ensure proper respawn with new settings.
Suppress perl/apt locale warnings by configuring C.UTF-8 for apt-based systems. The script now exports DEBIAN_FRONTEND=noninteractive and LC_ALL/LANG/LANGUAGE=C.UTF-8 when PKG_MANAGER==apt, and appends LC_ALL and LANG to /etc/environment if not present. This addresses cases where a container inherits an ungenerated host locale (e.g. Devuan) and ensures C.UTF-8, which is always available, is used.
Add Arch Linux container support and integrate pacman into install utilities. New files: ct/archlinux.sh (container build/update script), install/archlinux-install.sh (install entrypoint), and json/archlinux.json (metadata). misc/install.func: detect_arch in detect_os, add pacman bootstrap, and implement pacman handlers for pkg_upgrade, pkg_install, pkg_remove, pkg_clean and package refresh; include openssh install path for pacman and provide a cleanup_lxc override to run pkg_clean. Enables creating/updating Arch Linux LXC containers and proper package manager handling.
Bump Fedora template to 43 and enhance container installation tooling. Persist DIAGNOSTICS setting and introduce post_progress_to_api() to send lightweight telemetry pings from inside containers (fire-and-forget, enabled when DIAGNOSTICS=yes and RANDOM_UUID set). Harden package management flows: re-detect PKG_MANAGER when commands are missing, add apt mirror fallback logic (apt_update_safe) and more robust apt-cacher proxy parsing. Fix Debian 13 LXC root ownership bug (chown /) and add additional DNS/Git host checks (including api.github.com). Improve downloading and validation of tools.func, add multiple post_progress_to_api hooks to signal progress, and add two new install entrypoints (misc/main/install.func and misc/main/alpine-install.func) that consolidate network checks, OS updates, MOTD/SSH setup and container customization.
Replace inconsistent msg_info calls with msg_warn for mirror-list warnings and msg_custom for "Attempting mirror" lines to unify output formatting in misc/build.func and misc/install.func. Simplify tools/pve/update-lxcs-cron.sh by removing the long mirror-probing block and using a straightforward apt-get update + noninteractive dist-upgrade (and cleanup of EXTERNALLY-MANAGED) in containers to reduce complexity and improve maintainability.
Improve package mirror resiliency in misc/build.func and misc/install.func by adding fallback and detection logic for Debian/Ubuntu and Alpine CDNs. Changes include:
- Detect distro (debian vs ubuntu) and use appropriate mirror lists and primary mirror (ftp.debian.org vs archive.ubuntu.com).
- Add retry loops that try a shuffled list of regional mirrors, test connectivity, update repo files, and attempt package installs/updates again.
- For Alpine (apk) installs and updates, try alternate mirrors on failure, write /etc/apk/repositories, and surface clearer warnings/errors if all mirrors fail.
- Update interactive prompts and informational messages to reference the correct mirror list (Ubuntu vs Debian) and generalize prompt wording.
- Improve exit handling so failures are reported and abort the process when necessary.
These changes make automated installs more robust against CDN sync issues and unreachable primary mirrors.
Standardize and clarify apt mirror diagnostics in misc/build.func and misc/install.func: update warning phrasing when apt-get update fails; change per-mirror failure messages from "Mirror X: <reason>" to "Mirror X failed (<reason>)"; change success messages to "CDN set to <mirror>: tests passed"; and add informational logs like "Attempting mirror: <mirror>" when trying alternate mirrors. These changes improve visibility into mirror selection and failure reasons during package update/installation.
When apt-get update fails, capture and display the failing mirror host to aid debugging. Adds grep-based extraction of the upstream host (from /etc/apt/sources.list.d/debian.sources or /etc/apt/sources.list) with a fallback to "unknown", and includes the host in the warning/echo. Applied to misc/build.func (inside pct exec), misc/install.func (pkg_update), and tools/pve/update-lxcs-cron.sh.
Reduce noisy mirror-related output and clarify messages across misc/build.func and misc/install.func. Reword various apt/mirror status lines (hash mismatch, SSL/certificate, apt-get update failed, package install failed) and standardize success to "Using mirror"/msg_ok. Remove verbose scan/try/skip/count logs and suppression of detailed apt output to make output cleaner for automated runs. Also change the custom_mirror sed replacement to use http:// instead of https:// to support non-HTTPS local mirrors.
Add explicit detection of SSL/certificate errors when running apt-get update and treat those mirrors as failed (logs a short SSL error snippet and returns failure). Change mirror URL rewrites to use http:// instead of https:// when substituting mirror hosts, and remove ftp.in.debian.org from the AP mirror lists. Changes applied to misc/build.func (try_mirrors) and misc/install.func (pkg_update/_try_apt_mirror) to improve mirror fallback behavior and error reporting.
Reorder mirror probing in misc/build.func and misc/install.func to scan global (OTHERS) mirrors first and fall back to regional mirrors—pick up to 3 random reachable mirrors and try them. Rename related variables accordingly and keep the fallback logic intact. Update tools/pve/update-lxcs-cron.sh to define region-specific Debian mirror lists, detect container timezone to pick regional vs other mirrors, and implement a fallback loop that checks mirror connectivity, rewrites APT URIs to use a working mirror, and retries apt-get update before proceeding with dist-upgrade. These changes improve resilience against local CDN/local-regional outages by preferring globally reachable mirrors first and providing an automated mirror-switch fallback.
Make APT mirror selection more robust by scanning for reachable mirrors and retrying installs with clearer failure reasons. In misc/build.func added mirror_exit, try_mirrors and scan_reachable helpers; prefer regional mirrors (pick up to 3), fall back to ftp.debian.org, then try global mirrors. Improved detection/reporting of hash mismatches vs apt-get errors and return codes, and use a short reachability TCP check before attempting updates. In misc/install.func added a reachable-mirror scan phase, count/report reachable mirrors, and provide clearer log messages when apt-get update/install fails. These changes aim to reduce failures caused by unreachable mirrors or CDN synchronization issues.
Refactor mirror logic in misc/build.func and misc/install.func to prefer regional Debian mirrors (detected from /etc/timezone), shuffle mirror lists, and include additional AP region hosts. Add quick TCP reachability checks, limit consecutive mirror failures, and surface clearer status messages. On repeated failures, prompt interactively for a custom mirror (with validation) and handle pct exec exit codes to present more informative errors and retry behavior.
When apt-get update fails, switch from disabling hash verification/insecure repos to trying a list of alternate Debian mirrors. Updated misc/build.func to iterate a curated mirror list, rewrite /etc/apt/sources.list* to point to each mirror, and attempt apt-get update/install until one succeeds (exiting with failure if all mirrors fail). Updated misc/install.func to perform a similar mirror-rotation loop and return an error if no mirror succeeds. Also adjusted warning/error messages to reflect the new behavior. This improves resilience against repo desyncs without enabling insecure apt settings.
Replace the previous multi-step APT retry sequence (mirror swaps, sleeps, multiple retries) with a simpler fallback: on apt-get update failure disable Acquire::By-Hash, enable Acquire::AllowInsecureRepositories and attempt updates/installs using --allow-insecure-repositories/--allow-unauthenticated where needed. Restore secure settings and refresh lists afterwards, and preserve/propagate the original command exit status. Apply the same simplification in misc/build.func, misc/install.func and the Proxmox LXC cron updater (tools/pve/update-lxcs-cron.sh) to handle Debian repo desyncs more reliably and reduce complex retry logic.
Add robust retry logic for APT operations in misc/build.func and misc/install.func. Introduces an apt_retry helper and multiple fallback steps: disable by-hash, switch to a country mirror (ftp.de.debian.org), wait and retry to allow mirror sync, and as a last resort temporarily relax APT verification to allow insecure repositories to complete updates. Ensures cleanup and restores secure settings where possible, with clearer failure handling and messages to increase resilience of package installation during container builds and installs.
Improve APT retry logic to handle failures caused by by-hash/CDN issues. Both misc/build.func and misc/install.func now write an apt config to disable Acquire::By-Hash, remove /var/lib/apt/lists/* and retry apt-get update/install; if that still fails they substitute deb.debian.org with ftp.debian.org as a fallback. This makes container builds and package updates more robust against CDN/hash-related apt failures.
LXC containers use /dev/console, not tty1!
- pct console connects to /dev/console device
- Added explicit console entry in inittab for LXC
- tty1 autologin still works for direct access
- Fixes autologin not working in Devuan containers
Devuan:
- Fixed sed syntax error: replaced -E with BRE, removed invalid [^$] pattern
- Simplified regex patterns for inittab autologin matching
openEuler:
- Added template patching to inject /etc/redhat-release before pct create
- This fixes 'error in setup task PVE::LXC::Setup::post_create_hook'
- Reverted to unprivileged container (privileged not needed with patch)
openSUSE:
- Added --gpg-auto-import-keys to zypper to avoid interactive GPG prompts
- This was causing the 15+ minute hangs during package manager init
Gentoo:
- Changed to use emerge-webrsync (http) instead of emerge --sync (rsync)
- webrsync is significantly faster than full rsync sync
- Install curl FIRST before other packages (required for install.func)
- Better error handling with separate curl check
Rocky Linux DNS issue:
- Not a script bug - container network/DNS not working
- User should check container gateway and DNS settings
- Rocky/AlmaLinux 10 (EL10): Version detection for DNF 5 with correct packages (langpacks-en instead of glibc-langpack-en), makecache refresh, fallback to minimal install
- openSUSE: Install ncurses-utils and terminfo-base, set TERM in /etc/profile.d and /etc/environment to fix 'unknown terminal type'
- Gentoo: Fixed template pattern to use underscore (-openrc_) instead of dash, special version handling
- openEuler: Set privileged container (var_unprivileged=0) to workaround PVE setup hook limitation
- Devuan: Enhanced sysvinit autologin with multiple inittab patterns, fallback console entry, telinit reload
- CentOS/all: Updated URLs from raw.githubusercontent.com to git.community-scripts.org
- General: Better error handling and removed duplicate code blocks
- Gentoo: Fix template pattern to match 'gentoo-current-openrc' naming
- openSUSE: Sanitize ANSI escape codes from MSG_INFO_SHOWN array keys
- Devuan: Use flexible runlevel matching for sysvinit autologin
- CentOS/RHEL: Add missing '-' before $TERM in agetty commands
Fixes reported issues:
- Gentoo template not found (wrong pattern '-current_')
- openSUSE 'not a valid identifier' error on msg_ok with color codes
- Devuan autologin failing due to strict runlevel pattern
- CentOS autologin improvements for LXC console
The update script now uses the OS variable for OS-based containers instead of the app name, and the script source URL has been updated to use git.community-scripts.org. This ensures the correct update script is fetched for each container type.
Refines the configuration of getty services for auto-login in LXC containers. Adds explicit handling for console-getty.service (used in Fedora/RHEL) and container-getty@1.service (Debian/Ubuntu), ensuring proper override and enabling where necessary.
Simplifies and improves auto-login configuration for systemd, openrc, and sysvinit. Removes unnecessary service reloads and restarts during installation, and directly modifies configuration files where appropriate.
Refactored build.func to use a unified install.func for all supported OS types, simplifying OS detection and package installation. Added cleanup_lxc step to all install scripts. Removed support for runit, pacman, and nix-env from install.func, and improved SSH server installation logic for containers. Updated template pattern matching for additional OS types.
Changed all function bodies in misc/build.func to use 2-space indentation for improved readability and consistency. No logic changes were made; only whitespace and indentation were updated.
