starred/ProxmoxVE
1
0
Fork 0
mirror of https://github.com/community-scripts/ProxmoxVE.git synced 2026-06-09 20:58:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

security: Fix HTTP to HTTPS for package downloads (container-level)

Browse Source 
- install/deconz-install.sh: Switch GPG key and repository URLs to HTTPS
- install/deconz-install.sh: Switch libssl1.1 .deb download to HTTPS with --proto flag
- install/odoo-install.sh: Switch python3-lxml-html-clean .deb download to HTTPS
- ct/odoo.sh: Switch python3-lxml-html-clean .deb download to HTTPS in update_script

Changes:
  - All http:// → https:// for package/key downloads
  - Added --proto '=https' to prevent protocol downgrade
  - Improved quoting for file variables

Impact: Prevents MITM attacks on container installations
Affected containers: deconz, odoo
Related to: security/fix-microcode-https PR (host-level fix)
This commit is contained in:
Security Fix
2026-06-08 21:20:24 +02:00
parent 131545081c
commit 34243ff62f
3 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ct/odoo.sh
+1 -1
View File
@@ -31,7 +31,7 @@ function update_script() {
fi
ensure_dependencies python3-lxml
if ! [[ $(dpkg -s python3-lxml-html-clean 2>/dev/null) ]]; then
curl -fsSL "http://archive.ubuntu.com/ubuntu/pool/universe/l/lxml-html-clean/python3-lxml-html-clean_0.1.1-1_all.deb" -o /opt/python3-lxml-html-clean.deb
curl -fsSL --proto '=https' "https://archive.ubuntu.com/ubuntu/pool/universe/l/lxml-html-clean/python3-lxml-html-clean_0.1.1-1_all.deb" -o /opt/python3-lxml-html-clean.deb
$STD dpkg -i /opt/python3-lxml-html-clean.deb
rm -f /opt/python3-lxml-html-clean.deb
fi