Two more cases of the manager writing directly into the container-owned /libreportal-containers tree (same class as the regen-poll stamp), both masked by a '✓ Success' that printed anyway: - Password replacers (config/password/*): used 'runInstallOp sed -i' (manager) on app configs copied into the container tree, so sed -i EACCES'd its temp file and the substitution silently failed — the adguard.config 'couldn't open temporary file', leaving the literal RANDOMIZEDPASSWORD placeholder. Added runCfgOp (picks runFileOp vs runInstallOp by the target file's location) and routed every $file grep/sed/awk through it: password, username, hex, vapid, appkey, and bcrypt. - Updater generator (webui_updater_scan): 'runFileOp cp <manager-tmp>' can't read the manager's 0600 mktemp as the container user, so it fell through to a manager 'cp' that EACCES'd on the container-owned out_dir. Switched the three writes to 'runFileWrite < tmp' (manager shell reads the tmp; container user tees the write). Both deploy via the normal quick path (relocatable scripts) — no footprint bump, no reinstall. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
22 lines
750 B
Bash
Executable File
22 lines
750 B
Bash
Executable File
#!/bin/bash
|
|
|
|
replaceVAPIDKeys()
|
|
{
|
|
local file="$1"
|
|
|
|
# Only scan for VAPID placeholders that actually exist in the file
|
|
local existing_placeholders=$(runCfgOp grep -oE 'RANDOMIZEDVAPID[0-9]*' "$file" 2>/dev/null | sort -u)
|
|
|
|
if [[ -n "$existing_placeholders" ]]; then
|
|
while IFS= read -r placeholder; do
|
|
if [[ -n "$placeholder" ]]; then
|
|
local vapid_key
|
|
vapid_key=$(openssl rand -base64 32 | tr -d '+/=' | tr -cd '[:alnum:]')
|
|
|
|
runCfgOp sed -i "s/${placeholder}/${vapid_key}/g" "$file"
|
|
checkSuccess "Updated ${placeholder} in $(basename "$file") with a new VAPID key."
|
|
fi
|
|
done <<< "$existing_placeholders"
|
|
fi
|
|
}
|