diff --git a/containers/gluetun/scripts/gluetun_providers.sh b/containers/gluetun/scripts/gluetun_providers.sh index 9697c34..0ba17a6 100644 --- a/containers/gluetun/scripts/gluetun_providers.sh +++ b/containers/gluetun/scripts/gluetun_providers.sh @@ -36,18 +36,24 @@ appWebuiRefresh_gluetun() { -D "$headers" -o "$raw" \ -w '%{http_code}' "$upstream") || http_code="" + # $raw and $headers live next to $output_file (under containers_dir/ + # libreportal/frontend/data/, dockerinstall-owned in rootless). The + # manager can't `rm` them directly without a Permission denied — same + # class of bug as the updateConfigOption sed-i issue. runFileOp routes + # the rm through the right user. $tmp is from mktemp (/tmp), so + # `rm -f $tmp` stays unwrapped. if [[ "$http_code" == "304" ]]; then - rm -f "$raw" "$headers" + runFileOp rm -f "$raw" "$headers" return 0 fi if [[ "$http_code" != "200" ]]; then isNotice "Upstream fetch failed (${http_code:-no response}); keeping existing snapshot." - rm -f "$raw" "$headers" + runFileOp rm -f "$raw" "$headers" return 0 fi local new_etag new_etag=$(awk 'tolower($1)=="etag:"{print $2}' "$headers" | tr -d '\r') - rm -f "$headers" + runFileOp rm -f "$headers" # servers.json is a top-level object keyed by provider; each provider # entry has a `servers` array whose items have `vpn` (wireguard|openvpn), @@ -67,11 +73,12 @@ appWebuiRefresh_gluetun() { | { providers: . } ' "$raw" > "$tmp" 2>/dev/null; then isNotice "Failed to parse gluetun servers.json; keeping existing provider snapshot." - rm -f "$raw" "$tmp" + runFileOp rm -f "$raw" + rm -f "$tmp" return 0 fi - rm -f "$raw" + runFileOp rm -f "$raw" if [ -s "$tmp" ]; then runFileWrite "$output_file" < "$tmp"; rm -f "$tmp"