Add a new Alpine-based container template for IronClaw. Introduces ct/alpine-ironclaw.sh (installer/launcher with update routine), ct/headers/alpine-ironclaw (ASCII header), install/alpine-ironclaw-install.sh (sets up PostgreSQL 17, pgvector, deploys MUSL prebuilt IronClaw binary, creates OpenRC service and env file), and json/alpine-ironclaw.json (metadata, docs link, ports, resource defaults). The template auto-generates a gateway auth token, uses the MUSL binary for a minimal footprint, and documents post-install steps (ironclaw onboard).
Create /usr/local/bin/update_cronmaster during install and inside update() (using a single-quoted heredoc to avoid variable expansion) and make it executable. The generated updater now exports CRONMASTER_ACTION=update when invoking the fetched cronmaster.sh, and the main script checks CRONMASTER_ACTION instead of type. Also adjust the repository fetch path and remove a duplicate ensure_usr_local_bin_persist call.
Add IronClaw container templates and install scripts (ct/ironclaw.sh, install/ironclaw-install.sh, json/ironclaw.json) to provide automated setup, service unit, and default config for the IronClaw AI agent.
Refactor tools/addon/cronmaster.sh to use the ProxmoxVE misc endpoints, initialize optional telemetry, improve function loading, and strengthen OS detection (Debian/Ubuntu-only). Make service and install behaviors more robust: ensure /usr/local/bin persistence, create/update the update script from the new repo URL, change systemd WantedBy to multi-user.target, enable service quietly, save generated credentials to /root/cronmaster.creds, and use distinct exit codes for unsupported/invalid states. Misc license URL fix and other small reliability improvements.
Replace inconsistent msg_info calls with msg_warn for mirror-list warnings and msg_custom for "Attempting mirror" lines to unify output formatting in misc/build.func and misc/install.func. Simplify tools/pve/update-lxcs-cron.sh by removing the long mirror-probing block and using a straightforward apt-get update + noninteractive dist-upgrade (and cleanup of EXTERNALLY-MANAGED) in containers to reduce complexity and improve maintainability.
Improve package mirror resiliency in misc/build.func and misc/install.func by adding fallback and detection logic for Debian/Ubuntu and Alpine CDNs. Changes include:
- Detect distro (debian vs ubuntu) and use appropriate mirror lists and primary mirror (ftp.debian.org vs archive.ubuntu.com).
- Add retry loops that try a shuffled list of regional mirrors, test connectivity, update repo files, and attempt package installs/updates again.
- For Alpine (apk) installs and updates, try alternate mirrors on failure, write /etc/apk/repositories, and surface clearer warnings/errors if all mirrors fail.
- Update interactive prompts and informational messages to reference the correct mirror list (Ubuntu vs Debian) and generalize prompt wording.
- Improve exit handling so failures are reported and abort the process when necessary.
These changes make automated installs more robust against CDN sync issues and unreachable primary mirrors.
Standardize and clarify apt mirror diagnostics in misc/build.func and misc/install.func: update warning phrasing when apt-get update fails; change per-mirror failure messages from "Mirror X: <reason>" to "Mirror X failed (<reason>)"; change success messages to "CDN set to <mirror>: tests passed"; and add informational logs like "Attempting mirror: <mirror>" when trying alternate mirrors. These changes improve visibility into mirror selection and failure reasons during package update/installation.
When apt-get update fails, capture and display the failing mirror host to aid debugging. Adds grep-based extraction of the upstream host (from /etc/apt/sources.list.d/debian.sources or /etc/apt/sources.list) with a fallback to "unknown", and includes the host in the warning/echo. Applied to misc/build.func (inside pct exec), misc/install.func (pkg_update), and tools/pve/update-lxcs-cron.sh.
Enhance apt-get update handling for Debian/Ubuntu/Devuan containers by adding regional mirror lists and a fallback routine. The script now detects container timezone to prefer regional mirrors, builds a randomized candidate list, probes each mirror (timeout on TCP:80), rewrites /etc/apt/* sources to use a working mirror, and retries apt-get update until success. Keeps the existing non-interactive dist-upgrade and cleans up apt lists as before. This improves reliability of updates inside LXC containers when default mirrors are unreachable or misbehaving.
Reduce noisy mirror-related output and clarify messages across misc/build.func and misc/install.func. Reword various apt/mirror status lines (hash mismatch, SSL/certificate, apt-get update failed, package install failed) and standardize success to "Using mirror"/msg_ok. Remove verbose scan/try/skip/count logs and suppression of detailed apt output to make output cleaner for automated runs. Also change the custom_mirror sed replacement to use http:// instead of https:// to support non-HTTPS local mirrors.
Add explicit detection of SSL/certificate errors when running apt-get update and treat those mirrors as failed (logs a short SSL error snippet and returns failure). Change mirror URL rewrites to use http:// instead of https:// when substituting mirror hosts, and remove ftp.in.debian.org from the AP mirror lists. Changes applied to misc/build.func (try_mirrors) and misc/install.func (pkg_update/_try_apt_mirror) to improve mirror fallback behavior and error reporting.
Reorder mirror probing in misc/build.func and misc/install.func to scan global (OTHERS) mirrors first and fall back to regional mirrors—pick up to 3 random reachable mirrors and try them. Rename related variables accordingly and keep the fallback logic intact. Update tools/pve/update-lxcs-cron.sh to define region-specific Debian mirror lists, detect container timezone to pick regional vs other mirrors, and implement a fallback loop that checks mirror connectivity, rewrites APT URIs to use a working mirror, and retries apt-get update before proceeding with dist-upgrade. These changes improve resilience against local CDN/local-regional outages by preferring globally reachable mirrors first and providing an automated mirror-switch fallback.
Make APT mirror selection more robust by scanning for reachable mirrors and retrying installs with clearer failure reasons. In misc/build.func added mirror_exit, try_mirrors and scan_reachable helpers; prefer regional mirrors (pick up to 3), fall back to ftp.debian.org, then try global mirrors. Improved detection/reporting of hash mismatches vs apt-get errors and return codes, and use a short reachability TCP check before attempting updates. In misc/install.func added a reachable-mirror scan phase, count/report reachable mirrors, and provide clearer log messages when apt-get update/install fails. These changes aim to reduce failures caused by unreachable mirrors or CDN synchronization issues.
Refactor mirror logic in misc/build.func and misc/install.func to prefer regional Debian mirrors (detected from /etc/timezone), shuffle mirror lists, and include additional AP region hosts. Add quick TCP reachability checks, limit consecutive mirror failures, and surface clearer status messages. On repeated failures, prompt interactively for a custom mirror (with validation) and handle pct exec exit codes to present more informative errors and retry behavior.
When apt-get update fails, switch from disabling hash verification/insecure repos to trying a list of alternate Debian mirrors. Updated misc/build.func to iterate a curated mirror list, rewrite /etc/apt/sources.list* to point to each mirror, and attempt apt-get update/install until one succeeds (exiting with failure if all mirrors fail). Updated misc/install.func to perform a similar mirror-rotation loop and return an error if no mirror succeeds. Also adjusted warning/error messages to reflect the new behavior. This improves resilience against repo desyncs without enabling insecure apt settings.
Replace the previous multi-step APT retry sequence (mirror swaps, sleeps, multiple retries) with a simpler fallback: on apt-get update failure disable Acquire::By-Hash, enable Acquire::AllowInsecureRepositories and attempt updates/installs using --allow-insecure-repositories/--allow-unauthenticated where needed. Restore secure settings and refresh lists afterwards, and preserve/propagate the original command exit status. Apply the same simplification in misc/build.func, misc/install.func and the Proxmox LXC cron updater (tools/pve/update-lxcs-cron.sh) to handle Debian repo desyncs more reliably and reduce complex retry logic.
Display an installation summary (including downloaded script SHA256, source, install path, config, log file, and cron schedule) and make script review optional before install. Add an interactive View menu to inspect the installed worker script, cron configuration, or both; implement view_worker_script, view_cron_config (shows cron entry, human-readable schedule, config contents and excluded patterns, and log file size), and cron_to_human helper. Also update prompt wording and the View option description.
Add robust retry logic for APT operations in misc/build.func and misc/install.func. Introduces an apt_retry helper and multiple fallback steps: disable by-hash, switch to a country mirror (ftp.de.debian.org), wait and retry to allow mirror sync, and as a last resort temporarily relax APT verification to allow insecure repositories to complete updates. Ensures cleanup and restores secure settings where possible, with clearer failure handling and messages to increase resilience of package installation during container builds and installs.
tools/pve/cron-update-lxcs.sh: add show_status, run_now and rotate_log functions; expose new menu options (Status, Run, Rotate) and enlarge menu. Consolidate license line formatting.
tools/pve/update-lxcs-cron.sh: tighten variable scoping, improve ostype detection and logging, add fallback for hostname, handle unknown OS types, harden apt workflow (retry with By-Hash workaround and refresh lists), skip template containers correctly, add error reporting on container updates, and use a timed shutdown. Update author/license header.
Overall: adds manual control and status/log rotation to the cron manager and makes the container updater more robust and safer for Debian/Ubuntu-based containers.
Improve APT retry logic to handle failures caused by by-hash/CDN issues. Both misc/build.func and misc/install.func now write an apt config to disable Acquire::By-Hash, remove /var/lib/apt/lists/* and retry apt-get update/install; if that still fails they substitute deb.debian.org with ftp.debian.org as a fallback. This makes container builds and package updates more robust against CDN/hash-related apt failures.
