Insights
Neater no subscription setup

A neater Proxmox no subscription setup

Last updated
Download and install a Debian package for your no subscription deployment of Proxmox suite of products. Also remove "No valid subscription" popup in one go and safely. Initial version. PVE and PBS tested. Feedback welcome.

Lots of users run Proxmox suite of products with no support license and that is completely fine as long as they understand the caveats of freely available packages. There are two major chores:

  • setting up no-subscription repositories and disabling the “enterprise” one that came pre-set; and
  • the infamous “No valid subscription” notice popup also dubbed as a nag.

Dealing with both is somewhat manual and tiresome effort. The latter being actively discouraged by Proxmox themselves despite the fact the products are all distributed under FREE license which grants everyone freedom to modify it as they please.

Issues with standalone scripts

There are various popular and more or less trustworthy scripts dealing with both, but there is a major caveat: Patched files will not stay patched forever, they would get overwritten during upgrades from official repositories. A hack involved by most scripts is to place a specific code - essentially a recurrent script into /etc/apt/apt.conf.d/ where it is then launched whenever ANY and EVERY package is being dealt with. This is BAD design, not to mention users often do not understand let alone scrutinise these scripts and they stay behind unless their author provided yet another script to remove them.

One tiny package

Meanwhile Debian already provides a neat mechanism for handling all these situations and that is by the packaging system itself. A package can bring in its executables, configuration and declare its interest to be notified when other packages are altering files on the system. It is the system that decides when it will trigger actions implemented by the interested package and under no other than declared rules. It is also the system that will take care of removing package, including - if requested - its configuration. Nothing is left behind.

You can download a package just like any other file, directly onto your host, without installing it:

wget https://free-pmx.pages.dev/packages/free-pmx-no-subscription_0.1.0.deb -O /tmp/free-pmx-no-subscription_0.1.0.deb

No dubious APT repository

A package can be installed manually - without having to trust an unknown repository. This one-off approach will not keep it updated, but this is the safer way to run code from strangers. It is also where the system provides its benefit of transparency - maintainers have to follow certain standards with Debian packages.

Tip

How well they did can be checked with a tool called Lintian.

Meanwhile, some standalone scripts have become gargantuan and would be running own downloads of unknown payloads essentially having the user run unknown and remotely updated code at any time.

Install and use

In case you trust the author, you might wonder how to try it out right way. However, information to assist you with your own audit follow right after.

Important

Please check for existing issues before installation. Do not hesitate to file a new issue, of course.

To install the downloaded package:

apt install /tmp/free-pmx-no-subscription_0.1.0.deb

This will do everything you need upon the install already - set up no-subscription repository and remove no-subscription popup, without further ado.

Note

What this will NOT do is perform an update/upgrade - this is your choice when and how to do so.

Important

If you had GUI already loaded, you may need to clean your browser cache. If unsure, access the GUI from alternative browser (which cannot have it cached) to confirm it is caching problem.

Configuration

If you want to configure this behaviour further, there is a rudimentary configuration file /etc/free-pmx/no-subscription.conf:

FREE_PMX_NO_SUBSCRIPTION=auto   # auto | manual | prohibit
FREE_PMX_NO_NAG=auto            # auto | manual | prohibit

FREE_PMX_CEPH=quincy            # actual release name, e.g. quincy, reef, squid

Tip

If you intend to NOT have the package auto-configure itself with the default configuration, just create one with your own options set before install.

Debian install

If you are performing an install of top of Debian, you can install this package first, then manually call it to auto-configure your system, then proceed with installation of the Proxmox product, e.g.:

free-pmx-no-subscription pbs
apt update
apt install proxmox-backup-server

Removal

To remove the package:

apt remove free-pmx-no-subscription

That’s all - no skeletons in the wardrobe left behind.

Tip

Standard apt behaviour on remove is to keep the configuration file - in this case in /etc/free-pmx. This is convenient when package is then reinstalled. Use purge instead to remove the configuration files as well.

Audit

Before installing, you should be able to audit a package easily, this is simple:

cd /tmp/
mkdir CONTENTS
ar x free-pmx-no-subscription_0.1.0.deb --output CONTENTS
tree CONTENTS
CONTENTS
├── control.tar.xz
├── data.tar.xz
└── debian-binary

We can see we got hold of an archive that contains two archives. We will unpack them further yet.

Note

The debian-binary is actually a text file that contains nothing more than 2.0 within.

cd CONTENTS
mkdir CONTROL DATA
tar -xf control.tar.xz -C CONTROL
tar -xf data.tar.xz -C DATA
tree
.
├── CONTROL
│   ├── conffiles
│   ├── control
│   ├── postinst
│   └── triggers
├── control.tar.xz
├── DATA
│   ├── bin
│   │   ├── free-pmx-no-nag
│   │   └── free-pmx-no-subscription
│   ├── etc
│   │   └── free-pmx
│   │       └── no-subscription.conf
│   └── usr
│       ├── lib
│       │   └── free-pmx
│       │       ├── no-nag-patch
│       │       ├── repo-key-check
│       │       └── repo-list-replace
│       └── share
│           ├── doc
│           │   └── free-pmx-no-subscription
│           │       ├── changelog.gz
│           │       └── copyright
│           └── man
│               └── man1
│                   ├── free-pmx-no-nag.1.gz
│                   └── free-pmx-no-subscription.1.gz
├── data.tar.xz
└── debian-binary

DATA - the filesystem

The unpacked DATA directory contains the filesystem structure as will be installed onto the target system, i.e. relative to its root:

  • /bin - executables available to the user from command-line
  • /etc - a config file
  • /usr/lib/free-pmx - internal tooling not exposed to the user
  • /usr/share/doc - mandatory information for any Debian package
  • /usr/share/man - manual pages

Tip

Another way to explore only this filesystem tree from a package is with: dpkg-deb -x

You can (and should) explore each and every file with whichever favourite tool of yours, e.g.:

less usr/share/doc/free-pmx-no-subscription/copyright

A manual page can be directly displayed with:

man usr/share/man/man1/free-pmx-no-subscription.1.gz

And if you suspect shenanings with the changelog, it really is just that:

zcat usr/share/doc/free-pmx-no-subscription/changelog.gz
free-pmx-no-subscription (0.1.0) stable; urgency=medium

  * Initial release.
    - free-pmx-no-subscription (PVE & PBS support)
    - free-pmx-no-nag

 -- free-pmx <179050296@users.noreply.github.com>  Wed, 26 Mar 2025 20:00:00 +0000

Tip

You can see the same after the package gets installed with apt changelog free-pmx-no-subscription

CONTROL - the metadata

Particularly enlightening are the files unpacked into the CONTROL directory, however - they are all regular text files:

  • control contains information about the package, its version, description, and more;

Tip

Installed packages can be queried for this information with: apt show free-pmx-no-subscription

  • conffiles lists paths to our single configuration file which is then NOT removed by the system upon regular uninstall;

  • postinst is a package configuration script which will be invoked after installation and when triggered, it is the most important one to audit before installing when given a package from unknown sources;

  • triggers lists all the files that will be triggering the post-installation script.

interest-noawait /etc/apt/sources.list.d/pve-enterprise.list
interest-noawait /etc/apt/sources.list.d/pbs-enterprise.list
interest-noawait /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js

Tip

Another way to explore control information from a package is with: dpkg-deb -e

Commands

free-pmx-no-subscription

Standalone tool which is also triggered if the repository lists were to be reinstalled, or more likely - installed, such on a plain Debian system. It simply creates correct ’no-subscription’ repository lists and puts aside the original ones. There are two sub-commands that are called to perform the actual list replacement (repo-list-replace) and to ensure that Proxmox release keys are trusted on the system (repo-key-check).

Configuration options can be explored in the manual page of free-pmx-no-subscription.

free-pmx-no-nag

Standalone tool which can (and will) be triggered whenever Proxmox update their UI toolkit - makes sure the file is patched for the pesky nag popup. It makes a backup of the original, calculates checksums before and after the patch and thus knows if it was effective. The actual patch of the “No valid subscription” notice is the search’n’replace method which will at worst fail gracefully, i.e. NOT disrupt the UI - this is the only other script it calls (no-nag-patch).

Configuration options can be explored in the manual page of free-pmx-no-nag.

Feedback welcome

As this is a preliminary post, feedback is very welcome in the GitHub repository of free-pmx-no-subscription.

This post will be further updated - split into a proper insight / guide - later on as usual.

Also available as an irregularly updated GitHub Gist.
Excuse limited formatting, absent referencing and missing rich content.
Your feedback is welcome in comments therein.
Fragile cluster management