- post_update_to_api: Attempts 2/3 now send medium_error (16KB truncated
log) instead of short_error (generic description only). This is the
primary fix — when attempt 1 fails (120KB payload too large/timeout),
attempts 2/3 no longer discard all log data.
- _send_abort_telemetry: Increased container fallback from 20 to 200
log lines (capped at 16KB). Added SILENT_LOGFILE as fallback source.
Added exit code explanation header and error_category to payload.
- get_error_text/get_full_log: Added SILENT_LOGFILE as last-resort
fallback when INSTALL_LOG, combined log, and BUILD_LOG are all
empty/missing.
Part of #12467 — scripts only (no framework changes).
New exit codes 250-254 registered in api.func and error_handler.func:
- 250: App download failed or version not determined
- 251: App file extraction failed (corrupt/incomplete archive)
- 252: App required file or resource not found
- 253: App data migration required — update aborted
- 254: App user declined prompt or input timed out
Existing codes reused where applicable:
- 10: privileged/Docker required (unifi-os-server)
- 64: invalid user input (postgresql, tomcat)
- 71: system error (pulse useradd)
- 150: service failed to start (docker, npmplus)
- 153: build failed (booklore)
- 233: app not installed (evcc, endurain, grafana, loki, itsm-ng)
- 236: hardware not detected (unifi-os-server /dev/net/tun)
- 238: OS not supported (frigate)
* Standardize exit codes and add mappings
Replace generic exit 1 usages with specific numeric exit codes and add corresponding explanations to the error lookup. This commit updates multiple misc/* scripts to return distinct codes for validation, Proxmox/LXC, networking, download and curl errors (e.g. 103-123, 64, 107-120, 206, 0 for explicit user cancels). It also updates curl error handling to propagate the original curl exit code and adds new entries in explain_exit_code and the error handler to improve diagnostics.
* Set exit code 115 for update_os errors
Change exit status from 6 to 115 in misc/alpine-install.func's update_os() error handlers when failing to download tools.func or when the expected functions are missing. This gives a distinct exit code for these specific failure cases.
* Add tools/addon exit codes and use them
Introduce exit codes 232-238 for Tools & Addon scripts in misc/api.func and misc/error_handler.func. Update addon scripts (tools/addon/adguardhome-sync.sh, tools/addon/copyparty.sh, tools/addon/cronmaster.sh) to return specific codes instead of generic exit 1: 238 for unsupported OS and 233 when the application is not installed/upgrade prerequisites are missing. This makes failures more descriptive and aligns scripts with the central error explanations.
* Standardize exit codes in exporter addons
Unify exit codes across exporter addon scripts: return 238 for unsupported OS detections and 233 when an update is requested but the exporter is not installed. Applied to nextcloud-exporter.sh, pihole-exporter.sh, prometheus-paperless-ngx-exporter.sh, and qbittorrent-exporter.sh to make failure modes distinguishable for callers/automation.
* Use specific exit codes in addon scripts
Replace generic exit 1 with distinct exit codes across multiple addon scripts to enable finer-grained error handling in automation. Exit codes introduced: 10 for Docker/Compose missing or user-declined Docker install, 233 for "nothing to update" cases, and 238 for unsupported OS cases. Affected files: tools/addon/arcane.sh, coolify.sh, dockge.sh, dokploy.sh, filebrowser-quantum.sh, filebrowser.sh, immich-public-proxy.sh, jellystat.sh, runtipi.sh.
* Use specific exit codes in addon scripts
Replace generic exit 1 with specific exit codes across multiple addon scripts to improve error signaling and handling. Files updated: tools/addon/add-netbird-lxc.sh (exit 238 on unsupported distro), tools/addon/add-tailscale-lxc.sh (treat user cancel as exit 0), tools/addon/glances.sh (exit 233 when not installed), tools/addon/komodo.sh (distinct exits for missing compose, legacy DB, backup/download failures, docker checks), tools/addon/netdata.sh (distinct exits for unsupported PVE versions, OS/codename detection, repo lookups), and tools/addon/phpmyadmin.sh (distinct exits for unsupported OS, network/download issues, package install/start failures, and invalid input). These changes make failures easier to identify and automate recovery or reporting.
* Use specific exit codes in PVE scripts
Replace generic exit 1 with distinct exit codes across tools/pve scripts to provide clearer failure signals for callers. post-pve-install.sh now returns 105 for unsupported Proxmox versions; pve-privilege-converter.sh uses 104 for non-root, 234 when no containers, and 235 for backup/conversion failures; update-apps.sh maps backup failures to 235, missing containers/selections to 234 (and UI cancellations to 0), missing backup storage to 119, and returns the actual container update exit code on failure. These changes improve diagnostics and allow external tooling to react to specific error conditions.
* Standardize exit codes and behaviors
Adjust exit codes and abort handling across multiple PVE helper scripts to provide clearer outcomes for automation and interactive flows. Changes include:
- container-restore-from-backup.sh, core-restore-from-backup.sh: return 235 when no backups found (was 1).
- fstrim.sh: treat user cancellation of non-ext4 warning as non-error (exit 0 instead of 1).
- kernel-clean.sh: treat no selection or user abort as non-error (exit 0 instead of 1).
- lxc-delete.sh: return 234 when no containers are present; treat no selection as non-error (exit 0).
- nic-offloading-fix.sh: use specific non-zero codes for root check and tool install failures (exit 104, 237) and 236 when no matching interfaces (was 1).
- pbs_microcode.sh, post-pmg-install.sh, post-pbs-install.sh: use distinct exit codes (232 and 105) for detected VM/PVE/unsupported distro conditions instead of generic 1.
These modifications make scripts return distinct codes for different failure modes and ensure user-initiated aborts or benign conditions exit with 0 where appropriate.
* Use exit 105 for unsupported PVE versions
Standardize error handling by replacing generic exit 1 with exit 105 in pve_check() across multiple VM template scripts to indicate unsupported Proxmox VE versions. Also add API exit code 226 message for "Proxmox: VM disk import or post-creation setup failed" in misc/api.func. Affected files include misc/api.func and various vm/*-vm.sh scripts.
* Use specific exit codes in VM scripts
Replace generic exit 1 with distinct exit codes across vm/*.sh to make failures more actionable for callers. Changes include: use 226 for missing imported-disk references, 237 for pv installation failures, 115 for download/extract/ISO-related failures, 214 for insufficient disk space during FreeBSD decompression, and 119 for missing storage detection. Updated scripts: archlinux-vm.sh, docker-vm.sh, haos-vm.sh, openwrt-vm.sh, opnsense-vm.sh, truenas-vm.sh, umbrel-os-vm.sh.
Remove host-side tee capture of lxc-attach output and PIPESTATUS handling; lxc-attach is now invoked directly and the exit code is taken from $?. Simplify install log retrieval by pulling /root/.install-<SESSION_ID>.log directly and removing the fallback that used the host-captured terminal log, related temp-file size checks, and timeout logic. Remove terminal-state restores and input-draining (stty/dd) and stop redirecting reads from /dev/tty so interactive reads use standard input; similar simplifications applied to the retry flow. Also remove cleanup of the discarded capture log. These changes reduce complexity and terminal manipulation, at the cost of losing the previous terminal-capture fallback for installs that failed to produce a container-side log.
Restore and sanitize terminal state before prompting by draining stale input from /dev/tty (dd iflag=nonblock) and adding a short sleep, then perform timed reads from /dev/tty in misc/build.func and misc/error_handler.func. Also make _REPO_CACHE a global associative array (declare -gA) with fallbacks in misc/tools.func so the cache survives when tools.func is sourced inside a function scope.
Pass PG_VERSION from the Mealie installer (replace POSTGRES_VERSION with PG_VERSION) and update misc/tools.func to prefer vendor package repos by default. Adjusted comments/examples for setup_mysql and setup_postgresql to reflect the new default behavior, and changed the local default for USE_MYSQL_REPO to true. These changes align variable naming in the installer and clarify that official MySQL/PGDG repositories are used unless explicitly disabled.
Replace pre-opened _RECOVERY_TTY handling with direct reads from /dev/tty in misc/build.func and misc/error_handler.func. The change opens /dev/tty at prompt time (with stty sane) so the prompt reads aren't affected by tty state corruption from lxc-attach|tee, simplifies the read logic by using a local response variable with a timeout, and removes the pre-open/close bookkeeping for _RECOVERY_TTY.
Two critical bugs fixed:
1. Install scripts (80+) using 'read' for interactive prompts all fail because
lxc-attach stdin was redirected from /dev/null. Change to /dev/tty so install
scripts like immich, elementsynapse, etc. can prompt the user interactively.
2. Recovery menu read gets 'Input/output error' from /dev/tty after the
lxc-attach|tee pipeline corrupts the terminal state. Pre-open a separate
file descriptor to /dev/tty BEFORE the pipeline starts. This fd survives
any tty corruption and is used as fallback for the recovery menu read.
Fixes the 'command not found' issue where user input falls through to the
parent shell.
Both build.func (main install + APT retry) and error_handler.func (fallback
cleanup prompt) are updated with the same pattern.
Prevent the lxc-attach pipeline from consuming the host's stdin by redirecting its stdin from /dev/null, keeping /dev/tty available for the recovery menu after SIGINT or failures (avoids "read: read error: Input/output error"). Also restore terminal state after the pipeline by running `stty sane` (errors ignored). Applied these changes to both installation invocation sites in misc/build.func.
Delete the stderr TTY check and the static spinner printf/early return in msg_info. The function now always calls color_spinner and starts the animated spinner in the background, removing the special-case for piped/non-TTY environments and simplifying terminal handling.
Improve GitHub release tag handling: only remove a leading 'v' when it's followed by a digit (avoids mangling tags like "version/..."), and sanitize the derived version string for filenames by replacing '/' with '-'. Use the sanitized version when constructing the downloaded tarball filename to prevent invalid or unexpected paths.
Detect non-TTY stderr in msg_info() and print a static progress indicator instead of launching the background spinner (which is unreliable when output is piped). Remove the non-TTY check from is_verbose_mode() and add comments clarifying that non-TTY behavior is handled in msg_info(). Apply the same verbosity simplification to vm-core.func. This keeps spinner visuals working when passed through pipes while avoiding backgrounding issues.
* feat: add Docker-based tool addons for dockge, komodo, dokploy, npmplus
Create addon scripts following the arcane.sh pattern for Docker-based
tools that can be installed on any existing Docker LXC:
- dockge: Docker Compose stack manager (port 5001)
- komodo: Build/deployment system with MongoDB/FerretDB (port 9120)
- dokploy: PaaS via external installer with Redis (port 3000)
- npmplus: Nginx Proxy Manager Plus via Compose (port 81)
Each addon includes:
- Docker availability check
- Install with full configuration
- Update via docker compose pull
- Uninstall with container cleanup
- ASCII header files
Original ct/ and install/ scripts are preserved for now.
* refactor: convert Docker tools to addons, remove old scripts
Convert dockge, komodo, dokploy, coolify from standalone ct/install
scripts to addon pattern (like arcane.sh).
Added:
- tools/addon/dockge.sh (port 5001)
- tools/addon/komodo.sh (port 9120, MongoDB/FerretDB choice)
- tools/addon/dokploy.sh (port 3000, external installer)
- tools/addon/coolify.sh (port 8000, external installer)
- tools/headers/ for all 4
Removed:
- ct/dockge.sh, ct/komodo.sh, ct/alpine-komodo.sh, ct/dokploy.sh, ct/coolify.sh
- install/dockge-install.sh, install/komodo-install.sh, install/alpine-komodo-install.sh
- install/dokploy-install.sh, install/coolify-install.sh
- frontend/public/json/ for dockge, komodo, dokploy, coolify
- tools/addon/npmplus.sh (not an addon candidate)
These tools are Docker-only and fit the addon pattern: they require
an existing Docker LXC and manage containers via docker compose.
* feat: add addon JSON configs for dockge, komodo, dokploy, coolify
Recreate JSON configs with type=addon, script paths pointing to
tools/addon/*.sh, null resources (addon runs on existing Docker LXC),
and update instructions in notes.
* feat: add Runtipi addon + upgrade all addons with Proxmox host check, optional Docker install, Alpine support
- New: tools/addon/runtipi.sh with full Alpine support (gcompat for musl)
- New: tools/headers/runtipi ASCII header
- Updated: runtipi.json to addon type with null resources
- Removed: ct/runtipi.sh, install/runtipi-install.sh (migrated to addon)
- All addons (dockge, komodo, dokploy, coolify, runtipi) now have:
- check_proxmox_host(): warns when running on PVE host, default N
- check_or_install_docker(): optional Docker install (Debian+Alpine)
- Alpine-aware curl bootstrap and dependency installation
* readd ct, update information
* Create runtipi.sh
* refactor: remove inline header_info from addons, use core.func get_header()
- get_header() in core.func now maps APP_TYPE=addon to tools/headers/ path
- Removed 5 duplicate ASCII art header_info functions from addon scripts
- Addons now use the shared header_info() from core.func + tools/headers/ files
* chore(tools): add Github source links to dockge, komodo, dokploy, coolify, runtipi addons
* fix(runtipi): drop Alpine support; add OS compat notes to docker addon JSONs
Add apt_update_safe() function that warns instead of aborting when apt-get update fails (e.g. enterprise repo 401 Unauthorized). Shows a helpful hint about disabling the enterprise repo when no subscription is active. Replaces direct apt-get update calls in build.func and install.func.
Prevent terminal job-control signals from suspending the script during recovery by trapping TSTP, TTIN and TTOU (instead of only TSTP) and restoring them on exit. Also clear the terminal 'tostop' flag in stop_spinner() with `stty -tostop` to avoid background spinner I/O from stopping the process group.
* fix(zammad): configure Elasticsearch for LXC container startup
- Set discovery.type: single-node (required for single-node ES)
- Set xpack.security.enabled: false (not needed in local LXC)
- Set bootstrap.memory_lock: false (fails in unprivileged LXC)
- Add startup wait loop (up to 60s) to ensure ES is ready before
Zammad installation continues
Fixes #12301-related recurring Elasticsearch startup failures
* refactor(api): eliminate duplicate traps, harden error handling & telemetry
Phase 1 - Structural:
- Remove api_exit_script() and 5 inline traps from build.func
- error_handler.func is now the sole trap owner via catch_errors()
- Update api.func comment reference (api_exit_script -> on_exit)
Phase 2 - Quality:
- Add stop_spinner() + cursor restore to error_handler(), on_interrupt(),
on_terminate(), on_hangup() to prevent spinner/cursor artifacts
- Enhance _send_abort_telemetry() with error text (last 20 log lines),
duration calculation, and 2 retry attempts (was fire-and-forget)
- Harden json_escape() to also strip DEL (0x7F) character
* fix(build): show spinner during post_update_to_api to prevent Ctrl+Z abort
post_update_to_api can take up to 33 seconds worst-case (3 curl attempts
x 10s timeout + sleep delays). Without any terminal output during this
time, users think the script is stuck and press Ctrl+Z, which prevents
the recovery menu from ever appearing.
Add msg_info spinner before both post_update_to_api calls in the failure
path (initial report + final force retry after recovery menu).
* fix(build): prevent SIGTSTP from killing recovery dialog
- Replace msg_info/stop_spinner with plain echo for telemetry reporting
The background spinner process in non-interactive shells (bash -c)
can trigger SIGTSTP, stopping the entire process group before the
recovery dialog appears. Plain echo avoids this.
- Add trap '' TSTP at failure path entry to ignore suspension signals
Prevents Ctrl+Z or terminal-related SIGTSTP from interrupting the
recovery menu. Restored with trap - TSTP before exit.
- Root cause: msg_info starts a background process (spinner &) that
is not properly detached in non-interactive shells where job control
(set -m) is OFF. The disown builtin has no effect without job
control, leaving the spinner in the same process group. This can
cause terminal I/O conflicts during the 33-second post_update_to_api
retry window, resulting in [2]+ Stopped.
* fix(test): initialize colors and remove illegal local in test harness
- Call load_functions() after sourcing core.func to initialize
color/formatting/icon variables (RD, GN, YW, CL, TAB, etc.)
- Remove 'local' keyword from top-level scope (not inside function)
- Default REPO_SOURCE to ref_api instead of main
* chore: remove test-recovery-dialog.sh from branch
* Revert "fix(zammad): configure Elasticsearch for LXC container startup"
This reverts commit 10e450b72f.
* fix(build): show telemetry status only in verbose mode
Telemetry reporting is an implementation detail that doesn't help
the user during failure recovery. Wrap echo statements with
VERBOSE check so they only appear when verbose mode is enabled.
Adds a reusable function to fetch the latest tag from a GitHub repo.
Useful for projects that only use tags, not full releases (e.g.
mongodb/mongo-tools).
Features:
- Optional prefix filter (e.g. '100.' or 'v')
- Optional prefix stripping for clean version output
- Skips pre-release tags (rc, alpha, beta, dev, test)
- Sorts by version (sort -V) to find the latest
- Respects GITHUB_TOKEN for rate limiting
Root cause: post_update_to_api set POST_UPDATE_DONE=true even after
all 3 retry attempts failed (curl timeout, API error). This prevented
the EXIT trap (api_exit_script) from retrying with fresh attempts.
Changes:
- Only set POST_UPDATE_DONE=true on actual HTTP 2xx success
- If all 3 attempts fail, EXIT trap gets 3 more fresh attempts
- Increase timeout from 5s to 10s for final status updates (STATUS_TIMEOUT)
Progress pings keep 5s (TELEMETRY_TIMEOUT) since they're lightweight
- post_update_to_api_extended: add proper retry logic + HTTP code check
(was fire-and-forget with no retry)
Validation status was persisting through container start, network check,
and OS customization. Now transitions to 'configuring' immediately after
create_lxc_container returns. Validation only covers storage/template/cluster
checks as intended.
Pipe lxc-attach output through tee into /tmp/.install-capture-${SESSION_ID}.log and use PIPESTATUS[0] to get the real lxc-attach exit code. Prefer a pulled container-side INSTALL_LOG when it exists and is >100 bytes; otherwise fall back to the host-captured terminal log (stripping ANSI codes) and append it to the combined log so get_full_log() can find it. Apply the same capture behavior to the retry path and remove temporary capture files on completion. This makes install output reliable when container-side logging is missing (DNS errors, early crashes, or missing silent() usage).
After 'export INSTALL_LOG' in build.func, get_active_logfile() returned
the container's INSTALL_LOG path for all host-side logging, causing
msg_info/msg_ok/msg_error on the host to write to /root/.install-SESSION.log
(the host file, not the container's) instead of BUILD_LOG. This made
BUILD_LOG incomplete and get_full_log() unable to send full traces.
Fix: Add _HOST_LOGFILE (not exported, invisible to container) so the host
always logs to BUILD_LOG. Container still uses INSTALL_LOG as before.
* Enhance telemetry, signal handling, and logs
Improve failure telemetry and signal handling across the installer: add get_full_log() to collect/strip/truncate install logs and include them in API payloads with a truncated retry; add CONTAINER_INSTALLING flag around lxc-attach and stop containers on abort to avoid orphaned "installing/configuring" records; introduce _send_abort_telemetry() (curl fallback for container context) and _stop_container_if_installing() helpers; centralize and simplify EXIT/ERR/INT/TERM/HUP traps and handlers (including a new on_hangup handler) and update VM scripts to report numeric exit codes. Also ensure best-effort log collection is performed and tweak error categorization for certain signals.
* Include full log in error telemetry
Use get_full_log (up to 120KB) to populate the error telemetry field so the API receives the full installation trace; fall back to get_error_text (last ~20 lines) if the full log is empty. Removed collection and inclusion of a separate install_log field from the JSON payloads and simplified the retry payloads/comments accordingly. The change ensures error reports contain the complete trace while avoiding duplicate large log fields and keeps graceful failure handling (get_full_log || true).
* Anonymize IP addresses in get_full_log
Mask IPv4 addresses in logs when collecting full log output: added a sed step that replaces the last two octets with "x.x" to avoid exposing full IPs (GDPR). Also updated the comment to reflect anonymization; existing steps that strip carriage returns and ANSI escape sequences remain in place before truncating with head -c.
Prevent host-side error_handler from being triggered during in-container install/recovery by delaying re-enabling set -Eeuo pipefail and the ERR trap in misc/build.func until after install/recovery completes; add explanatory comments. Update misc/error_handler.func to fall back to BUILD_LOG if container-internal log path is unavailable, show the last 20 log lines when present, refine container vs host detection (check INSTALL_LOG file and /root), copy INSTALL_LOG into /root and write a .failed flag with the exit code for host-side detection, and ensure full-log output and container removal prompt are shown appropriately in host context. Tweak misc/core.func silent() output to include a "Full log" path and adjust formatting.
Update misc/tools.func to include Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg on multiple Debian repository blocks (bullseye, bookworm, trixie/sid and their -security entries) for non-free and non-free-firmware components. This ensures APT uses the specified keyring to verify repository metadata and improves reproducible/secure apt configuration.
- check_for_gh_release: add Authorization header when GITHUB_TOKEN is set,
detect HTTP 403 and show actionable rate-limit hint
- fetch_and_deploy_gh_release: improve retry loop with specific 403 handling,
exponential backoff, and token export hint on rate-limit failure
Introduce post_progress_to_api() in misc/api.func — a non-blocking, fire-and-forget curl ping (gated by DIAGNOSTICS and RANDOM_UUID) that updates telemetry status to "configuring". Wire this progress ping into multiple scripts (alpine-install.func, install.func, build.func, core.func) at key milestones (container start, network ready, customization, creation, cleanup) and replace/deduplicate some earlier post_to_api calls. Also update error_handler.func to always report failures immediately via post_update_to_api to ensure failures are captured even before/after container lifecycle.
Prevent hangs when pulling logs from containers by wrapping pct pull calls with timeout (8s) and running ensure_log_on_host under timeout (10s). Always send telemetry (post_update_to_api) before attempting best-effort log collection so status is reported even if log retrieval blocks. Update EXIT/ERR/SIGHUP/SIGINT/SIGTERM traps and consolidate error/interrupt handlers to use the new timeouted log collection. Changes in misc/build.func and misc/error_handler.func.
* fix: send telemetry BEFORE log collection in signal handlers
- Swap ensure_log_on_host/post_update_to_api order in on_interrupt, on_terminate, api_exit_script, and inline SIGHUP/SIGINT/SIGTERM traps
- For signal exits (>128): send telemetry immediately, then best-effort log collection
- Add 2>/dev/null || true to all I/O in signal handlers to prevent SIGPIPE
- Fix on_exit: exit_code=0 now reports 'done' instead of 'failed 1'
- Root cause: pct pull hangs on dying containers blocked telemetry updates, leaving 595+ records stuck in 'installing' daily
* feat: add execution_id to all telemetry payloads
- Generate EXECUTION_ID from RANDOM_UUID in variables()
- Export EXECUTION_ID to container environment
- Add execution_id field to all 8 API payloads in api.func
- Add execution_id to post_progress_to_api in install.func and alpine-install.func
- Fallback to RANDOM_UUID when EXECUTION_ID not set (backward compat)
* fix: correct telemetry type values for PVE and addon scripts
- PVE scripts (tools/pve/*): change type 'tool' -> 'pve'
- Addon scripts (tools/addon/*): fix 4 scripts that wrongly used 'tool' -> 'addon'
(netdata, add-tailscale-lxc, add-netbird-lxc, all-templates)
- api.func: post_tool_to_api sends type='pve', default fallback 'pve'
- Aligns with PocketBase categories: lxc, vm, pve, addon
* fix: persist diagnostics opt-in inside containers for addon telemetry
- install.func + alpine-install.func: create /usr/local/community-scripts/diagnostics
inside the container when DIAGNOSTICS=yes (from build.func export)
- Enables addon scripts running later inside containers to find the opt-in
- Update init_tool_telemetry default type from 'tool' to 'pve'
* refactor: clean up diagnostics/telemetry opt-in system
- diagnostics_check(): deduplicate heredoc (was 2x 22 lines), improve whiptail
text with clear what/what-not collected, add telemetry + privacy links
- diagnostics_menu(): better UX with current status, clear enable/disable
buttons, note about existing containers
- variables(): change DIAGNOSTICS default from 'yes' to 'no' (safe: no
telemetry before user consents via diagnostics_check)
- install.func + alpine-install.func: persist BOTH yes AND no in container
so opt-out is explicit (not just missing file = no)
- Fix typo 'menue' -> 'menu' in config file comments
* fix: no pre-selection in telemetry dialog, link to telemetry-service README
- Add --defaultno so 'No, opt out' is focused by default (user must Tab to Yes)
- Change privacy link from discussions/1836 to telemetry-service#privacy--compliance
* fix: use radiolist for telemetry dialog (no pre-selection)
- Replace --yesno with --radiolist: user must actively SPACE-select an option
- Both options start as OFF (no pre-selection)
- Cancel/Exit defaults to 'no' (opt-out)
* simplify: inline telemetry dialog text like other whiptail dialogs
* improve: telemetry dialog with more detail, link to PRIVACY.md
- Add what we collect / don't collect sections back to dialog
- Link to telemetry-service/docs/PRIVACY.md instead of README anchor
- Update config file comment with same link
* core: add progress; fix exit status
Introduce post_progress_to_api() in alpine-install.func and install.func to send a lightweight, fire-and-forget telemetry ping (HTTP POST) that updates an existing telemetry record to "configuring" when DIAGNOSTICS=yes and RANDOM_UUID is set. The function is non-blocking (curl -m 5, errors ignored) and is invoked during container setup and after OS updates to signal active progress. Also adjust api_exit_script() in build.func to report success (post_update_to_api "done" "0") for cases where the script exited normally but a completion status wasn't posted, instead of reporting failure.
* Safer tools.func load and improved error handling
Replace process-substitution sourcing of tools.func with an explicit curl -> variable -> source via /dev/stdin, adding failure messages and a check that expected functions (e.g. fetch_and_deploy_gh_release) are present (misc/alpine-install.func, misc/install.func). Add categorize_error mapping for exit code 10 -> "config" (misc/api.func). Tweak build.func: minor pipeline formatting and change the ERR trap to capture the actual exit code and only call ensure_log_on_host/post_update on non-zero exits, preventing erroneous failure reporting.
* tools: add data init and auto-reporting to tools and pve section
Introduce telemetry helpers in misc/api.func: _telemetry_report_exit (reports success/failure via post_tool_to_api/post_addon_to_api) and init_tool_telemetry (reads DIAGNOSTICS, starts install timer and installs an EXIT trap to auto-report). Integrate telemetry into many tools/addon and tools/pve scripts by sourcing the remote api.func and calling init_tool_telemetry (guarded with declare -f). Also apply a minor arithmetic formatting tweak in misc/build.func for RECOVERY_ATTEMPT.
* core: add progress; fix exit status
Introduce post_progress_to_api() in alpine-install.func and install.func to send a lightweight, fire-and-forget telemetry ping (HTTP POST) that updates an existing telemetry record to "configuring" when DIAGNOSTICS=yes and RANDOM_UUID is set. The function is non-blocking (curl -m 5, errors ignored) and is invoked during container setup and after OS updates to signal active progress. Also adjust api_exit_script() in build.func to report success (post_update_to_api "done" "0") for cases where the script exited normally but a completion status wasn't posted, instead of reporting failure.
* Safer tools.func load and improved error handling
Replace process-substitution sourcing of tools.func with an explicit curl -> variable -> source via /dev/stdin, adding failure messages and a check that expected functions (e.g. fetch_and_deploy_gh_release) are present (misc/alpine-install.func, misc/install.func). Add categorize_error mapping for exit code 10 -> "config" (misc/api.func). Tweak build.func: minor pipeline formatting and change the ERR trap to capture the actual exit code and only call ensure_log_on_host/post_update on non-zero exits, preventing erroneous failure reporting.
* Ensure API update is sent on script exit
Add exit-time telemetry handling across scripts to avoid orphaned "installing" records. Introduce local exit_code capture in api_exit_script and cleanup handlers and, when POST_TO_API_DONE is true but POST_UPDATE_DONE is not, post a final status (marking failures on non-zero exit codes, or marking done/failed in VM cleanups based on exit code). Changes touch misc/build.func, misc/vm-core.func and various vm/*-vm.sh cleanup functions to reliably send post_update_to_api on normal or early exits.
* Update api.func
* fix(telemetry): add missing exit codes to explain_exit_code()
- Add curl error codes: 4, 5, 8, 23, 25, 30, 56, 78
- Add code 10: Docker/privileged mode required (used in ~15 scripts)
- Add code 75: Temporary failure (retry later)
- Add BSD sysexits.h codes: 64-77
- Sync error_handler.func fallback with canonical api.func
- Remove legacy error_handler(), on_exit(), on_interrupt(), on_terminate() and set/trap definitions from alpine-install.func (already provided by error_handler.func which is sourced on line 10)
- The local error_handler() expected positional args as required, but catch_errors() sets trap as 'error_handler' (without args), causing unbound variable error with set -u (nounset)
- error_handler.func uses default values which is set -u safe
- Also align legacy trap in install.func network_check() to standard format
Fixes#11929
- Add 'exit 130' after SIGINT trap handler
- Add 'exit 143' after SIGTERM trap handler
- Fixes issue where interrupted scripts stayed as 'Installing' in telemetry
- Previously the traps only sent the update but didn't terminate the script
- Add || true to dmidecode pipelines to prevent script abort when
'Configured Memory Speed: Unknown' is returned (no numeric match)
- Fixes#11913 edge case for nested ProxmoxVE VMs
Update hardcoded fallback REPO_SOURCE from ProxmoxVED to ProxmoxVE and clarify comment about production vs dev repository naming. Add fail-safe '|| true' to several detection pipelines (lspci for GPU and grep commands reading /proc/cpuinfo for CPU vendor/model) to avoid non-zero exits or empty outputs causing function failures and improve robustness.
- Add || true to dmidecode pipelines to prevent error when speed is 'Unknown'
- Validate RAM_SPEED is a valid integer, fallback to 0
- Send ram_speed as integer (not string) in all JSON payloads for PocketBase
Fixes: dmidecode in nested VMs returns 'Configured Memory Speed: Unknown'
which causes grep to fail and triggers catch_errors handler.
