LibrePortal/scripts/webui/data/utils/webui_app_icons.sh
librelad f49455e38e fix(de-sudo): route all confirmed container-tree writes through the privileged path
Exhaustive audit (workflow: 19 finders + adversarial per-file verify; 85 raw ->
66 unique -> 39 confirmed) found 36 direct writes into the container-owned tree
that bypass runFileOp/runFileWrite/runCfgOp (manager => EACCES in rootless) plus
3 $?-masking sites. Fixes by area:

- apps: grafana + prometheus install hooks (sudo chmod -> runFileOp chmod);
  gluetun provider etag (tee -> runFileWrite).
- webui generators: task-create (10 sites: mkdir/chown/tee/jq|tee/sed|tee ->
  runFileOp/runFileWrite); app-icons (mkdir/cp/mv); config icon cp; system
  metrics + update throttle stamps (runAsManager touch -> runFileOp touch);
  setup-lock rm; updater history seed + cp.
- task health checker: 4 log writes (tee -a -> runFileWrite -a) + 3 find -delete
  (-> runFileOp find).
- config reconcile: backup cp -> runCfgOp; live cp -> runFileWrite < tmp for
  container-owned configs (the container user can't read a manager 0600 tmp).
- peer pull: tar extract into the container tree -> runFileOp tar.
- masking: ip_find_available + folder_group(x2) — split 'local VAR=$(cmd)' so $?
  reaches the following [[ $? ]] check.

15 files, all pass bash -n; fixed idioms confirmed gone.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-31 03:50:48 +01:00

59 lines
2.1 KiB
Bash
Executable File

#!/bin/bash
# Sync app icons from container template dirs to the LibrePortal frontend.
#
# apps.json references /core/icons/apps/<app>.<ext> unconditionally (see
# webui_config.sh), so the icon file must physically exist in the frontend
# icons dir or the apps page falls back to the default icon.
# Copy a single app's icon into the frontend icons dir. Returns 0 if an
# icon was copied, 1 if the app has no icon (or no app name given).
# Idempotent — cheap enough to call on every install/uninstall.
webuiSyncAppIcon() {
local app_name="$1"
[[ -z "$app_name" ]] && return 1
local icons_dir="${containers_dir}libreportal/frontend/core/icons/apps"
runFileOp mkdir -p "$icons_dir"
# Icons live in the install template dir — copy_build_context.sh
# excludes *.svg from the install→deployed copy, so the deployed
# container dir can't be relied on as the source.
local src_dir="${install_containers_dir}/${app_name}"
local ext
for ext in svg png; do
local src="${src_dir}/${app_name}.${ext}"
if [[ -f "$src" ]]; then
# cp to a temp name then mv so the webserver never serves a
# half-written file.
local dest="${icons_dir}/${app_name}.${ext}"
if runFileWrite "${dest}.tmp.$$" < "$src" 2>/dev/null; then
runFileOp mv "${dest}.tmp.$$" "$dest" 2>/dev/null
fi
return 0
fi
done
return 1
}
# Sync every app's icon. Used by the full WebUI update pass.
webuiSyncAppIcons() {
echo "Syncing app icons from installed containers to LibrePortal frontend..."
if [ -d "$install_containers_dir" ]; then
find "$install_containers_dir" -maxdepth 1 -type d -not -path "$install_containers_dir" | while read -r dir; do
local app_name
app_name=$(basename "$dir")
if webuiSyncAppIcon "$app_name"; then
echo "✅ Copied icon for $app_name"
else
echo "⚠️ No icon found for $app_name"
fi
done
else
echo "❌ Install containers directory not found: $install_containers_dir"
fi
echo "Icon sync completed!"
}