From e580a5d9c166eed9ece04be6a95762e120d05bec Mon Sep 17 00:00:00 2001 From: CanbiZ <47820557+MickLesk@users.noreply.github.com> Date: Wed, 10 Sep 2025 14:37:12 +0200 Subject: [PATCH] Add external installer warnings and user confirmation (#7539) Added explicit warnings and user confirmation prompts to install scripts that run external installers from third-party sources. Updated JSON metadata to remove warning notes about external sources, as the scripts now handle user notification and consent directly. This improves transparency and user safety during installation. --- frontend/public/json/pialert.json | 7 +- frontend/public/json/plex.json | 4 - .../public/json/podman-homeassistant.json | 94 +++++++++---------- install/bunkerweb-install.sh | 12 ++- install/casaos-install.sh | 10 ++ install/channels-install.sh | 11 +++ install/iobroker-install.sh | 11 +++ install/jeedom-install.sh | 11 +++ install/kasm-install.sh | 18 +++- install/mattermost-install.sh | 11 +++ install/nextcloudpi-install.sh | 15 ++- install/pihole-install.sh | 11 +++ install/runtipi-install.sh | 11 +++ install/wazuh-install.sh | 13 ++- install/yunohost-install.sh | 18 +++- 15 files changed, 187 insertions(+), 70 deletions(-) diff --git a/frontend/public/json/pialert.json b/frontend/public/json/pialert.json index 1cc30cbc6..3900a11a8 100644 --- a/frontend/public/json/pialert.json +++ b/frontend/public/json/pialert.json @@ -31,10 +31,5 @@ "username": null, "password": null }, - "notes": [ - { - "text": "WARNING: Installation sources scripts outside of Community Scripts repo. Please check the source before installing.", - "type": "warning" - } - ] + "notes": [] } diff --git a/frontend/public/json/plex.json b/frontend/public/json/plex.json index 1821318b7..1d3068860 100644 --- a/frontend/public/json/plex.json +++ b/frontend/public/json/plex.json @@ -35,10 +35,6 @@ { "text": "With Privileged/Unprivileged Hardware Acceleration Support", "type": "info" - }, - { - "text": "WARNING: Installation sources scripts outside of Community Scripts repo. Please check the source before installing.", - "type": "warning" } ] } diff --git a/frontend/public/json/podman-homeassistant.json b/frontend/public/json/podman-homeassistant.json index 75f2511f6..f1cb56484 100644 --- a/frontend/public/json/podman-homeassistant.json +++ b/frontend/public/json/podman-homeassistant.json @@ -1,52 +1,48 @@ { - "name": "Podman Home Assistant Container", - "slug": "podman-homeassistant", - "categories": [ - 16 - ], - "date_created": "2024-04-29", - "type": "ct", - "updateable": true, - "privileged": false, - "interface_port": 8123, - "documentation": "https://www.home-assistant.io/docs/", - "website": "https://www.home-assistant.io/", - "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons/webp/home-assistant.webp", - "config_path": "/var/lib/containers/storage/volumes/hass_config/_data", - "description": "A standalone Podman container-based installation of Home Assistant Core means that the Home Assistant Core software is installed inside a container managed by Podman, separate from the host operating system. This provides a flexible and scalable solution for running the software, as the container can be easily moved between host systems or isolated from other processes for security. Podman is a popular open-source tool for managing containers that is similar to Docker, but designed for use on Linux systems without a daemon.\r\n\r\n\ud83d\udec8 If the LXC is created Privileged, the script will automatically set up USB passthrough.", - "install_methods": [ - { - "type": "default", - "script": "ct/podman-homeassistant.sh", - "resources": { - "cpu": 2, - "ram": 2048, - "hdd": 16, - "os": "debian", - "version": "12" - } - } - ], - "default_credentials": { - "username": null, - "password": null + "name": "Podman Home Assistant Container", + "slug": "podman-homeassistant", + "categories": [ + 16 + ], + "date_created": "2024-04-29", + "type": "ct", + "updateable": true, + "privileged": false, + "interface_port": 8123, + "documentation": "https://www.home-assistant.io/docs/", + "website": "https://www.home-assistant.io/", + "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons/webp/home-assistant.webp", + "config_path": "/var/lib/containers/storage/volumes/hass_config/_data", + "description": "A standalone Podman container-based installation of Home Assistant Core means that the Home Assistant Core software is installed inside a container managed by Podman, separate from the host operating system. This provides a flexible and scalable solution for running the software, as the container can be easily moved between host systems or isolated from other processes for security. Podman is a popular open-source tool for managing containers that is similar to Docker, but designed for use on Linux systems without a daemon.\r\n\r\n\ud83d\udec8 If the LXC is created Privileged, the script will automatically set up USB passthrough.", + "install_methods": [ + { + "type": "default", + "script": "ct/podman-homeassistant.sh", + "resources": { + "cpu": 2, + "ram": 2048, + "hdd": 16, + "os": "debian", + "version": "12" + } + } + ], + "default_credentials": { + "username": null, + "password": null + }, + "notes": [ + { + "text": "If the LXC is created Privileged, the script will automatically set up USB passthrough.", + "type": "warning" }, - "notes": [ - { - "text": "If the LXC is created Privileged, the script will automatically set up USB passthrough.", - "type": "warning" - }, - { - "text": "config path: `/var/lib/containers/storage/volumes/hass_config/_data`", - "type": "info" - }, - { - "text": "Options to Install Portainer or Portainer Agent", - "type": "warning" - }, - { - "text": "WARNING: Installation sources scripts outside of Community Scripts repo. Please check the source before installing.", - "type": "warning" - } - ] + { + "text": "config path: `/var/lib/containers/storage/volumes/hass_config/_data`", + "type": "info" + }, + { + "text": "Options to Install Portainer or Portainer Agent", + "type": "warning" + } + ] } diff --git a/install/bunkerweb-install.sh b/install/bunkerweb-install.sh index 6dab4dfba..bab97d97f 100644 --- a/install/bunkerweb-install.sh +++ b/install/bunkerweb-install.sh @@ -19,7 +19,17 @@ $STD apt-get install -y lsb-release msg_ok "Installed Dependencies" RELEASE=$(curl -fsSL https://api.github.com/repos/bunkerity/bunkerweb/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }') -msg_info "Installing BunkerWeb v${RELEASE} (Patience)" +msg_warn "WARNING: This script will run an external installer from a third-party source (install-bunkerweb.sh)." +msg_warn "The following code is NOT maintained or audited by our repository." +msg_warn "If you have any doubts or concerns, please review the installer code before proceeding:" +msg_custom "${TAB3}${GATEWAY}${BGN}${CL}" "\e[1;34m" "→ https://github.com/bunkerity/bunkerweb/raw/v${RELEASE}/misc/install-bunkerweb.sh" +echo +read -r -p "${TAB3}Do you want to continue? [y/N]: " CONFIRM +if [[ ! "$CONFIRM" =~ ^([yY][eE][sS]|[yY])$ ]]; then + msg_error "Aborted by user. No changes have been made." + exit 10 +fi +msg_info "Installing BunkerWeb (Patience)" curl -fsSL -o install-bunkerweb.sh https://github.com/bunkerity/bunkerweb/raw/v${RELEASE}/misc/install-bunkerweb.sh chmod +x install-bunkerweb.sh $STD ./install-bunkerweb.sh --yes diff --git a/install/casaos-install.sh b/install/casaos-install.sh index 41ad77aae..41804e19f 100644 --- a/install/casaos-install.sh +++ b/install/casaos-install.sh @@ -13,6 +13,16 @@ setting_up_container network_check update_os +msg_warn "WARNING: This script will run an external installer from a third-party source (https://casaos.zimaspace.com/)." +msg_warn "The following code is NOT maintained or audited by our repository." +msg_warn "If you have any doubts or concerns, please review the installer code before proceeding:" +msg_custom "${TAB3}${GATEWAY}${BGN}${CL}" "\e[1;34m" "→ https://get.casaos.io/" +echo +read -r -p "${TAB3}Do you want to continue? [y/N]: " CONFIRM +if [[ ! "$CONFIRM" =~ ^([yY][eE][sS]|[yY])$ ]]; then + msg_error "Aborted by user. No changes have been made." + exit 10 +fi msg_info "Installing CasaOS (Patience)" DOCKER_CONFIG_PATH='/etc/docker/daemon.json' mkdir -p $(dirname $DOCKER_CONFIG_PATH) diff --git a/install/channels-install.sh b/install/channels-install.sh index 6ec8c49f1..af6ef88d4 100644 --- a/install/channels-install.sh +++ b/install/channels-install.sh @@ -18,6 +18,17 @@ $STD apt-get install -y chromium $STD apt-get install -y xvfb msg_ok "Installed Dependencies" +msg_warn "WARNING: This script will run an external installer from a third-party source (https://getchannels.com)." +msg_warn "The following code is NOT maintained or audited by our repository." +msg_warn "If you have any doubts or concerns, please review the installer code before proceeding:" +msg_custom "${TAB3}${GATEWAY}${BGN}${CL}" "\e[1;34m" "→ https://getchannels.com/dvr/setup.sh" +echo +read -r -p "${TAB3}Do you want to continue? [y/N]: " CONFIRM +if [[ ! "$CONFIRM" =~ ^([yY][eE][sS]|[yY])$ ]]; then + msg_error "Aborted by user. No changes have been made." + exit 10 +fi + if [[ "$CTTYPE" == "0" ]]; then msg_info "Setting Up Hardware Acceleration" $STD apt-get -y install \ diff --git a/install/iobroker-install.sh b/install/iobroker-install.sh index 340836ec3..1bc1acb73 100644 --- a/install/iobroker-install.sh +++ b/install/iobroker-install.sh @@ -17,6 +17,17 @@ msg_info "Installing Dependencies" $STD apt-get install -y ca-certificates msg_ok "Installed Dependencies" +msg_warn "WARNING: This script will run an external installer from a third-party source (https://iobroker.net/)." +msg_warn "The following code is NOT maintained or audited by our repository." +msg_warn "If you have any doubts or concerns, please review the installer code before proceeding:" +msg_custom "${TAB3}${GATEWAY}${BGN}${CL}" "\e[1;34m" "→ https://iobroker.net/install.sh" +echo +read -r -p "${TAB3}Do you want to continue? [y/N]: " CONFIRM +if [[ ! "$CONFIRM" =~ ^([yY][eE][sS]|[yY])$ ]]; then + msg_error "Aborted by user. No changes have been made." + exit 10 +fi + NODE_VERSION="22" setup_nodejs msg_info "Installing ioBroker (Patience)" diff --git a/install/jeedom-install.sh b/install/jeedom-install.sh index d868e84b1..b0bd78b06 100644 --- a/install/jeedom-install.sh +++ b/install/jeedom-install.sh @@ -19,6 +19,17 @@ $STD apt-get install -y \ git msg_ok "Dependencies installed" +msg_warn "WARNING: This script will run an external installer from a third-party source (https://github.com/jeedom/)." +msg_warn "The following code is NOT maintained or audited by our repository." +msg_warn "If you have any doubts or concerns, please review the installer code before proceeding:" +msg_custom "${TAB3}${GATEWAY}${BGN}${CL}" "\e[1;34m" "→ https://raw.githubusercontent.com/jeedom/core/master/install/install.sh" +echo +read -r -p "${TAB3}Do you want to continue? [y/N]: " CONFIRM +if [[ ! "$CONFIRM" =~ ^([yY][eE][sS]|[yY])$ ]]; then + msg_error "Aborted by user. No changes have been made." + exit 10 +fi + DEFAULT_BRANCH="master" REPO_URL="https://github.com/jeedom/core.git" diff --git a/install/kasm-install.sh b/install/kasm-install.sh index 1b0cc22b9..bfdf1a731 100644 --- a/install/kasm-install.sh +++ b/install/kasm-install.sh @@ -13,20 +13,32 @@ setting_up_container network_check update_os -msg_info "Installing Kasm Workspaces" KASM_VERSION=$(curl -fsSL 'https://www.kasmweb.com/downloads' | grep -o 'https://kasm-static-content.s3.amazonaws.com/kasm_release_[^"]*\.tar\.gz' | head -n 1 | sed -E 's/.*release_(.*)\.tar\.gz/\1/') + +msg_warn "WARNING: This script will run an external installer from a third-party source (https://www.kasmweb.com/)." +msg_warn "The following code is NOT maintained or audited by our repository." +msg_warn "If you have any doubts or concerns, please review the installer code before proceeding:" +msg_custom "${TAB3}${GATEWAY}${BGN}${CL}" "\e[1;34m" "→ install.sh inside tar.gz https://kasm-static-content.s3.amazonaws.com/kasm_release_${KASM_VERSION}.tar.gz" +echo +read -r -p "${TAB3}Do you want to continue? [y/N]: " CONFIRM +if [[ ! "$CONFIRM" =~ ^([yY][eE][sS]|[yY])$ ]]; then + msg_error "Aborted by user. No changes have been made." + exit 10 +fi + +msg_info "Installing Kasm Workspaces" curl -fsSL -o "/opt/kasm_release_${KASM_VERSION}.tar.gz" "https://kasm-static-content.s3.amazonaws.com/kasm_release_${KASM_VERSION}.tar.gz" cd /opt tar -xf "kasm_release_${KASM_VERSION}.tar.gz" chmod +x /opt/kasm_release/install.sh -printf 'y\ny\ny\n4\n' | bash /opt/kasm_release/install.sh > ~/kasm-install.output 2>&1 +printf 'y\ny\ny\n4\n' | bash /opt/kasm_release/install.sh >~/kasm-install.output 2>&1 awk ' /^Kasm UI Login Credentials$/ {capture=1} capture {print} /^Service Registration Token$/ {in_token=1} in_token && /^-+$/ {dash_count++} in_token && dash_count==2 {exit} -' ~/kasm-install.output > ~/kasm.creds +' ~/kasm-install.output >~/kasm.creds msg_ok "Installed Kasm Workspaces" motd_ssh diff --git a/install/mattermost-install.sh b/install/mattermost-install.sh index 6007e8735..8bb9ccbd5 100644 --- a/install/mattermost-install.sh +++ b/install/mattermost-install.sh @@ -13,6 +13,17 @@ setting_up_container network_check update_os +msg_warn "WARNING: This script will run an external installer from a third-party source (https://mattermost.com/)." +msg_warn "The following code is NOT maintained or audited by our repository." +msg_warn "If you have any doubts or concerns, please review the installer code before proceeding:" +msg_custom "${TAB3}${GATEWAY}${BGN}${CL}" "\e[1;34m" "→ https://deb.packages.mattermost.com/repo-setup.sh" +echo +read -r -p "${TAB3}Do you want to continue? [y/N]: " CONFIRM +if [[ ! "$CONFIRM" =~ ^([yY][eE][sS]|[yY])$ ]]; then + msg_error "Aborted by user. No changes have been made." + exit 10 +fi + PG_VERSION="16" setup_postgresql msg_info "Setting up PostgreSQL" diff --git a/install/nextcloudpi-install.sh b/install/nextcloudpi-install.sh index f246c40f9..183babca2 100644 --- a/install/nextcloudpi-install.sh +++ b/install/nextcloudpi-install.sh @@ -3,7 +3,7 @@ # Copyright (c) 2021-2025 tteck # Author: tteck (tteckster) # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE -# Source: https://www.turnkeylinux.org/nextcloud +# Source: https://nextcloudpi.com/ source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" color @@ -13,8 +13,19 @@ setting_up_container network_check update_os +msg_warn "WARNING: This script will run an external installer from a third-party source (https://nextcloudpi.com/)." +msg_warn "The following code is NOT maintained or audited by our repository." +msg_warn "If you have any doubts or concerns, please review the installer code before proceeding:" +msg_custom "${TAB3}${GATEWAY}${BGN}${CL}" "\e[1;34m" "→ https://raw.githubusercontent.com/nextcloud/nextcloudpi/master/install.sh" +echo +read -r -p "${TAB3}Do you want to continue? [y/N]: " CONFIRM +if [[ ! "$CONFIRM" =~ ^([yY][eE][sS]|[yY])$ ]]; then + msg_error "Aborted by user. No changes have been made." + exit 10 +fi + msg_info "Installing NextCloudPi (Patience)" -bash <(curl -fsSL https://raw.githubusercontent.com/nextcloud/nextcloudpi/master/install.sh) >/dev/null 2>&1 +$STD bash <(curl -fsSL https://raw.githubusercontent.com/nextcloud/nextcloudpi/master/install.sh) msg_ok "Installed NextCloudPi" motd_ssh diff --git a/install/pihole-install.sh b/install/pihole-install.sh index 79c7cf262..4d94d4cf6 100644 --- a/install/pihole-install.sh +++ b/install/pihole-install.sh @@ -13,6 +13,17 @@ setting_up_container network_check update_os +msg_warn "WARNING: This script will run an external installer from a third-party source (https://pi-hole.net/)." +msg_warn "The following code is NOT maintained or audited by our repository." +msg_warn "If you have any doubts or concerns, please review the installer code before proceeding:" +msg_custom "${TAB3}${GATEWAY}${BGN}${CL}" "\e[1;34m" "→ https://install.pi-hole.net" +echo +read -r -p "${TAB3}Do you want to continue? [y/N]: " CONFIRM +if [[ ! "$CONFIRM" =~ ^([yY][eE][sS]|[yY])$ ]]; then + msg_error "Aborted by user. No changes have been made." + exit 10 +fi + msg_info "Installing Dependencies" $STD apt-get install -y ufw msg_ok "Installed Dependencies" diff --git a/install/runtipi-install.sh b/install/runtipi-install.sh index 3c4d7f68b..5bd35f861 100644 --- a/install/runtipi-install.sh +++ b/install/runtipi-install.sh @@ -13,6 +13,17 @@ setting_up_container network_check update_os +msg_warn "WARNING: This script will run an external installer from a third-party source (https://runtipi.io/)." +msg_warn "The following code is NOT maintained or audited by our repository." +msg_warn "If you have any doubts or concerns, please review the installer code before proceeding:" +msg_custom "${TAB3}${GATEWAY}${BGN}${CL}" "\e[1;34m" "→ https://raw.githubusercontent.com/runtipi/runtipi/master/scripts/install.sh" +echo +read -r -p "${TAB3}Do you want to continue? [y/N]: " CONFIRM +if [[ ! "$CONFIRM" =~ ^([yY][eE][sS]|[yY])$ ]]; then + msg_error "Aborted by user. No changes have been made." + exit 10 +fi + msg_info "Installing Runtipi (Patience)" DOCKER_CONFIG_PATH='/etc/docker/daemon.json' mkdir -p "$(dirname "$DOCKER_CONFIG_PATH")" diff --git a/install/wazuh-install.sh b/install/wazuh-install.sh index 989c91c6d..3033255e5 100644 --- a/install/wazuh-install.sh +++ b/install/wazuh-install.sh @@ -13,9 +13,18 @@ setting_up_container network_check update_os -msg_info "Fetching Latest Wazuh Version" RELEASE=$(curl -fsSL https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '"tag_name"' | awk -F '"' '{print substr($4, 2, length($2)-4)}') -msg_ok "Latest Wazuh Version: $RELEASE" + +msg_warn "WARNING: This script will run an external installer from a third-party source (https://wazuh.com/)." +msg_warn "The following code is NOT maintained or audited by our repository." +msg_warn "If you have any doubts or concerns, please review the installer code before proceeding:" +msg_custom "${TAB3}${GATEWAY}${BGN}${CL}" "\e[1;34m" "→ https://packages.wazuh.com/$RELEASE/wazuh-install.sh " +echo +read -r -p "${TAB3}Do you want to continue? [y/N]: " CONFIRM +if [[ ! "$CONFIRM" =~ ^([yY][eE][sS]|[yY])$ ]]; then + msg_error "Aborted by user. No changes have been made." + exit 10 +fi msg_info "Setup Wazuh" curl -fsSL https://packages.wazuh.com/$RELEASE/wazuh-install.sh -o wazuh-install.sh diff --git a/install/yunohost-install.sh b/install/yunohost-install.sh index fc16b9213..20baaf573 100644 --- a/install/yunohost-install.sh +++ b/install/yunohost-install.sh @@ -14,11 +14,23 @@ network_check update_os msg_info "Installing Dependencies" -$STD apt-get install -y apt-transport-https -$STD apt-get install -y lsb-release -$STD apt-get install -y ca-certificates +$STD apt-get install -y \ + apt-transport-https \ + lsb-release \ + ca-certificates msg_ok "Installed Dependencies" +msg_warn "WARNING: This script will run an external installer from a third-party source (https://yunohost.org/)." +msg_warn "The following code is NOT maintained or audited by our repository." +msg_warn "If you have any doubts or concerns, please review the installer code before proceeding:" +msg_custom "${TAB3}${GATEWAY}${BGN}${CL}" "\e[1;34m" "→ https://install.yunohost.org" +echo +read -r -p "${TAB3}Do you want to continue? [y/N]: " CONFIRM +if [[ ! "$CONFIRM" =~ ^([yY][eE][sS]|[yY])$ ]]; then + msg_error "Aborted by user. No changes have been made." + exit 10 +fi + msg_info "Installing YunoHost (Patience)" touch /etc/.pve-ignore.resolv.conf curl -fsSLo /usr/share/keyrings/deb.sury.org-php.gpg https://packages.sury.org/php/apt.gpg