Exhaustive audit (workflow: 19 finders + adversarial per-file verify; 85 raw -> 66 unique -> 39 confirmed) found 36 direct writes into the container-owned tree that bypass runFileOp/runFileWrite/runCfgOp (manager => EACCES in rootless) plus 3 $?-masking sites. Fixes by area: - apps: grafana + prometheus install hooks (sudo chmod -> runFileOp chmod); gluetun provider etag (tee -> runFileWrite). - webui generators: task-create (10 sites: mkdir/chown/tee/jq|tee/sed|tee -> runFileOp/runFileWrite); app-icons (mkdir/cp/mv); config icon cp; system metrics + update throttle stamps (runAsManager touch -> runFileOp touch); setup-lock rm; updater history seed + cp. - task health checker: 4 log writes (tee -a -> runFileWrite -a) + 3 find -delete (-> runFileOp find). - config reconcile: backup cp -> runCfgOp; live cp -> runFileWrite < tmp for container-owned configs (the container user can't read a manager 0600 tmp). - peer pull: tar extract into the container tree -> runFileOp tar. - masking: ip_find_available + folder_group(x2) — split 'local VAR=$(cmd)' so $? reaches the following [[ $? ]] check. 15 files, all pass bash -n; fixed idioms confirmed gone. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
59 lines
2.1 KiB
Bash
Executable File
59 lines
2.1 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Sync app icons from container template dirs to the LibrePortal frontend.
|
|
#
|
|
# apps.json references /core/icons/apps/<app>.<ext> unconditionally (see
|
|
# webui_config.sh), so the icon file must physically exist in the frontend
|
|
# icons dir or the apps page falls back to the default icon.
|
|
|
|
# Copy a single app's icon into the frontend icons dir. Returns 0 if an
|
|
# icon was copied, 1 if the app has no icon (or no app name given).
|
|
# Idempotent — cheap enough to call on every install/uninstall.
|
|
webuiSyncAppIcon() {
|
|
local app_name="$1"
|
|
[[ -z "$app_name" ]] && return 1
|
|
|
|
local icons_dir="${containers_dir}libreportal/frontend/core/icons/apps"
|
|
runFileOp mkdir -p "$icons_dir"
|
|
|
|
# Icons live in the install template dir — copy_build_context.sh
|
|
# excludes *.svg from the install→deployed copy, so the deployed
|
|
# container dir can't be relied on as the source.
|
|
local src_dir="${install_containers_dir}/${app_name}"
|
|
local ext
|
|
for ext in svg png; do
|
|
local src="${src_dir}/${app_name}.${ext}"
|
|
if [[ -f "$src" ]]; then
|
|
# cp to a temp name then mv so the webserver never serves a
|
|
# half-written file.
|
|
local dest="${icons_dir}/${app_name}.${ext}"
|
|
if runFileWrite "${dest}.tmp.$$" < "$src" 2>/dev/null; then
|
|
runFileOp mv "${dest}.tmp.$$" "$dest" 2>/dev/null
|
|
fi
|
|
return 0
|
|
fi
|
|
done
|
|
return 1
|
|
}
|
|
|
|
# Sync every app's icon. Used by the full WebUI update pass.
|
|
webuiSyncAppIcons() {
|
|
echo "Syncing app icons from installed containers to LibrePortal frontend..."
|
|
|
|
if [ -d "$install_containers_dir" ]; then
|
|
find "$install_containers_dir" -maxdepth 1 -type d -not -path "$install_containers_dir" | while read -r dir; do
|
|
local app_name
|
|
app_name=$(basename "$dir")
|
|
if webuiSyncAppIcon "$app_name"; then
|
|
echo "✅ Copied icon for $app_name"
|
|
else
|
|
echo "⚠️ No icon found for $app_name"
|
|
fi
|
|
done
|
|
else
|
|
echo "❌ Install containers directory not found: $install_containers_dir"
|
|
fi
|
|
|
|
echo "Icon sync completed!"
|
|
}
|