starred/ProxmoxVE
1
0
Fork 0
mirror of https://github.com/community-scripts/ProxmoxVE.git synced 2026-06-09 20:58:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

security: Fix HTTP to HTTPS for package downloads (container-level)

Browse Source 
- install/deconz-install.sh: Switch GPG key and repository URLs to HTTPS
- install/deconz-install.sh: Switch libssl1.1 .deb download to HTTPS with --proto flag
- install/odoo-install.sh: Switch python3-lxml-html-clean .deb download to HTTPS
- ct/odoo.sh: Switch python3-lxml-html-clean .deb download to HTTPS in update_script

Changes:
  - All http:// → https:// for package/key downloads
  - Added --proto '=https' to prevent protocol downgrade
  - Improved quoting for file variables

Impact: Prevents MITM attacks on container installations
Affected containers: deconz, odoo
Related to: security/fix-microcode-https PR (host-level fix)
This commit is contained in:
Security Fix
2026-06-08 21:20:24 +02:00
parent 131545081c
commit 34243ff62f
3 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ct/odoo.sh
+1 -1
View File
@@ -31,7 +31,7 @@ function update_script() {
fi fi
ensure_dependencies python3-lxml ensure_dependencies python3-lxml
if ! [[ $(dpkg -s python3-lxml-html-clean 2>/dev/null) ]]; then if ! [[ $(dpkg -s python3-lxml-html-clean 2>/dev/null) ]]; then
curl -fsSL "http://archive.ubuntu.com/ubuntu/pool/universe/l/lxml-html-clean/python3-lxml-html-clean_0.1.1-1_all.deb" -o /opt/python3-lxml-html-clean.deb curl -fsSL --proto '=https' "https://archive.ubuntu.com/ubuntu/pool/universe/l/lxml-html-clean/python3-lxml-html-clean_0.1.1-1_all.deb" -o /opt/python3-lxml-html-clean.deb
$STD dpkg -i /opt/python3-lxml-html-clean.deb $STD dpkg -i /opt/python3-lxml-html-clean.deb
rm -f /opt/python3-lxml-html-clean.deb rm -f /opt/python3-lxml-html-clean.deb
fi fi
install/deconz-install.sh
+4 -4
View File
@@ -16,14 +16,14 @@ update_os
msg_info "Setting Phoscon Repository" msg_info "Setting Phoscon Repository"
setup_deb822_repo \ setup_deb822_repo \
"deconz" \ "deconz" \
"http://phoscon.de/apt/deconz.pub.key" \ "https://phoscon.de/apt/deconz.pub.key" \
"http://phoscon.de/apt/deconz" \ "https://phoscon.de/apt/deconz" \
"generic" "generic"
msg_ok "Setup Phoscon Repository" msg_ok "Setup Phoscon Repository"
msg_info "Installing deConz" msg_info "Installing deConz"
libssl=$(curl -fsSL "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/" | grep -o 'libssl1\.1_1\.1\.1f-1ubuntu2\.2[^"]*amd64\.deb' | head -n1) libssl=$(curl -fsSL --proto '=https' "https://security.ubuntu.com/ubuntu/pool/main/o/openssl/" | grep -o 'libssl1\.1_1\.1\.1f-1ubuntu2\.2[^"]*amd64\.deb' | head -n1)
curl -fsSL "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/$libssl" -o "$libssl" curl -fsSL --proto '=https' "https://security.ubuntu.com/ubuntu/pool/main/o/openssl/$libssl" -o "$libssl"
$STD dpkg -i "$libssl" $STD dpkg -i "$libssl"
$STD apt install -y deconz $STD apt install -y deconz
rm -rf "$libssl" rm -rf "$libssl"
install/odoo-install.sh
+1 -1
View File
@@ -15,7 +15,7 @@ update_os
msg_info "Installing Dependencies" msg_info "Installing Dependencies"
$STD apt install -y python3-lxml wkhtmltopdf $STD apt install -y python3-lxml wkhtmltopdf
curl -fsSL "http://archive.ubuntu.com/ubuntu/pool/universe/l/lxml-html-clean/python3-lxml-html-clean_0.1.1-1_all.deb" -o /opt/python3-lxml-html-clean.deb curl -fsSL --proto '=https' "https://archive.ubuntu.com/ubuntu/pool/universe/l/lxml-html-clean/python3-lxml-html-clean_0.1.1-1_all.deb" -o /opt/python3-lxml-html-clean.deb
$STD dpkg -i /opt/python3-lxml-html-clean.deb $STD dpkg -i /opt/python3-lxml-html-clean.deb
msg_ok "Installed Dependencies" msg_ok "Installed Dependencies"