Make APT mirror selection more robust by scanning for reachable mirrors and retrying installs with clearer failure reasons. In misc/build.func added mirror_exit, try_mirrors and scan_reachable helpers; prefer regional mirrors (pick up to 3), fall back to ftp.debian.org, then try global mirrors. Improved detection/reporting of hash mismatches vs apt-get errors and return codes, and use a short reachability TCP check before attempting updates. In misc/install.func added a reachable-mirror scan phase, count/report reachable mirrors, and provide clearer log messages when apt-get update/install fails. These changes aim to reduce failures caused by unreachable mirrors or CDN synchronization issues.
Refactor mirror logic in misc/build.func and misc/install.func to prefer regional Debian mirrors (detected from /etc/timezone), shuffle mirror lists, and include additional AP region hosts. Add quick TCP reachability checks, limit consecutive mirror failures, and surface clearer status messages. On repeated failures, prompt interactively for a custom mirror (with validation) and handle pct exec exit codes to present more informative errors and retry behavior.
When apt-get update fails, switch from disabling hash verification/insecure repos to trying a list of alternate Debian mirrors. Updated misc/build.func to iterate a curated mirror list, rewrite /etc/apt/sources.list* to point to each mirror, and attempt apt-get update/install until one succeeds (exiting with failure if all mirrors fail). Updated misc/install.func to perform a similar mirror-rotation loop and return an error if no mirror succeeds. Also adjusted warning/error messages to reflect the new behavior. This improves resilience against repo desyncs without enabling insecure apt settings.
Replace the previous multi-step APT retry sequence (mirror swaps, sleeps, multiple retries) with a simpler fallback: on apt-get update failure disable Acquire::By-Hash, enable Acquire::AllowInsecureRepositories and attempt updates/installs using --allow-insecure-repositories/--allow-unauthenticated where needed. Restore secure settings and refresh lists afterwards, and preserve/propagate the original command exit status. Apply the same simplification in misc/build.func, misc/install.func and the Proxmox LXC cron updater (tools/pve/update-lxcs-cron.sh) to handle Debian repo desyncs more reliably and reduce complex retry logic.
Add robust retry logic for APT operations in misc/build.func and misc/install.func. Introduces an apt_retry helper and multiple fallback steps: disable by-hash, switch to a country mirror (ftp.de.debian.org), wait and retry to allow mirror sync, and as a last resort temporarily relax APT verification to allow insecure repositories to complete updates. Ensures cleanup and restores secure settings where possible, with clearer failure handling and messages to increase resilience of package installation during container builds and installs.
Improve APT retry logic to handle failures caused by by-hash/CDN issues. Both misc/build.func and misc/install.func now write an apt config to disable Acquire::By-Hash, remove /var/lib/apt/lists/* and retry apt-get update/install; if that still fails they substitute deb.debian.org with ftp.debian.org as a fallback. This makes container builds and package updates more robust against CDN/hash-related apt failures.
LXC containers use /dev/console, not tty1!
- pct console connects to /dev/console device
- Added explicit console entry in inittab for LXC
- tty1 autologin still works for direct access
- Fixes autologin not working in Devuan containers
Devuan:
- Fixed sed syntax error: replaced -E with BRE, removed invalid [^$] pattern
- Simplified regex patterns for inittab autologin matching
openEuler:
- Added template patching to inject /etc/redhat-release before pct create
- This fixes 'error in setup task PVE::LXC::Setup::post_create_hook'
- Reverted to unprivileged container (privileged not needed with patch)
openSUSE:
- Added --gpg-auto-import-keys to zypper to avoid interactive GPG prompts
- This was causing the 15+ minute hangs during package manager init
Gentoo:
- Changed to use emerge-webrsync (http) instead of emerge --sync (rsync)
- webrsync is significantly faster than full rsync sync
- Install curl FIRST before other packages (required for install.func)
- Better error handling with separate curl check
Rocky Linux DNS issue:
- Not a script bug - container network/DNS not working
- User should check container gateway and DNS settings
- Rocky/AlmaLinux 10 (EL10): Version detection for DNF 5 with correct packages (langpacks-en instead of glibc-langpack-en), makecache refresh, fallback to minimal install
- openSUSE: Install ncurses-utils and terminfo-base, set TERM in /etc/profile.d and /etc/environment to fix 'unknown terminal type'
- Gentoo: Fixed template pattern to use underscore (-openrc_) instead of dash, special version handling
- openEuler: Set privileged container (var_unprivileged=0) to workaround PVE setup hook limitation
- Devuan: Enhanced sysvinit autologin with multiple inittab patterns, fallback console entry, telinit reload
- CentOS/all: Updated URLs from raw.githubusercontent.com to git.community-scripts.org
- General: Better error handling and removed duplicate code blocks
- Gentoo: Fix template pattern to match 'gentoo-current-openrc' naming
- openSUSE: Sanitize ANSI escape codes from MSG_INFO_SHOWN array keys
- Devuan: Use flexible runlevel matching for sysvinit autologin
- CentOS/RHEL: Add missing '-' before $TERM in agetty commands
Fixes reported issues:
- Gentoo template not found (wrong pattern '-current_')
- openSUSE 'not a valid identifier' error on msg_ok with color codes
- Devuan autologin failing due to strict runlevel pattern
- CentOS autologin improvements for LXC console
The update script now uses the OS variable for OS-based containers instead of the app name, and the script source URL has been updated to use git.community-scripts.org. This ensures the correct update script is fetched for each container type.
Refines the configuration of getty services for auto-login in LXC containers. Adds explicit handling for console-getty.service (used in Fedora/RHEL) and container-getty@1.service (Debian/Ubuntu), ensuring proper override and enabling where necessary.
Simplifies and improves auto-login configuration for systemd, openrc, and sysvinit. Removes unnecessary service reloads and restarts during installation, and directly modifies configuration files where appropriate.
Refactored build.func to use a unified install.func for all supported OS types, simplifying OS detection and package installation. Added cleanup_lxc step to all install scripts. Removed support for runit, pacman, and nix-env from install.func, and improved SSH server installation logic for containers. Updated template pattern matching for additional OS types.
Changed all function bodies in misc/build.func to use 2-space indentation for improved readability and consistency. No logic changes were made; only whitespace and indentation were updated.
Expanded IPv6 configuration in build.func to include a 'disable' option with clearer descriptions. Updated install.func to use IPV6_METHOD for disabling IPv6 via sysctl.d, improving clarity and control over IPv6 management.
Changed PCT_OPTIONS from an array to a string for proper export and compatibility with Proxmox pct. Features are now passed as a comma-separated string. Also updated install.func to use a literal heredoc for systemd override configuration.
Cleaned up dev mode and persistent log directory logic from build.func and install.func. Network connectivity status messages are now more direct, and unnecessary exports and re-parsing of dev_mode have been removed for clarity and maintainability.
Introduces granular dev_mode flags (motd, keep, trace, pause, breakpoint, logs, dryrun) with a parser and exports for container builds. Enables persistent log directories when logs mode is active, supports dryrun and trace modes, and adds MOTD/SSH setup and breakpoint shell for debugging. Refactors related logic in build.func, core.func, and install.func for improved developer experience and debugging.
Introduces distinct BUILD_LOG and INSTALL_LOG variables for host and container operations, ensuring logs are properly captured and retrievable. Refactors silent execution and error handling to use the active log file, improves log copying after failures, and enhances context detection for log management. Also adds fallback logic for INSTALL_LOG initialization in install.func.
Expanded inline documentation and section headers across misc/api.func, misc/build.func, misc/core.func, misc/error_handler.func, and misc/install.func for improved maintainability and clarity. Refactored error handling to use centralized explain_exit_code and updated API telemetry/reporting logic. Enhanced modularity and structure of utility, validation, and setup functions, and improved comments for user guidance and developer onboarding.
Replaces all occurrences of the 'init_error_traps' function with 'catch_errors' across container and install scripts for consistency in error handling. Also adjusts indentation and formatting in some scripts for improved readability.
