From c6fc6dd635be3cb1afe23f5ad31e87f7c6d908c7 Mon Sep 17 00:00:00 2001
From: Tianling Shen <cnsztl@immortalwrt.org>
Date: Wed, 26 Apr 2023 11:35:19 +0800
Subject: [PATCH] librespeed-go: update file permissions for ujail

This fixes "permission denied" error when access files as a normal user.

Reported-by: Anya Lin <hukk1996@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 42d340bce0106538888f9e942dc3dd6f7f9e62ff)
---
 net/librespeed-go/Makefile                 |  2 +-
 net/librespeed-go/files/librespeed-go.init | 46 ++++++++++++++--------
 2 files changed, 31 insertions(+), 17 deletions(-)

diff --git a/net/librespeed-go/Makefile b/net/librespeed-go/Makefile
index bb5557b0de..5fbe18d2e7 100644
--- a/net/librespeed-go/Makefile
+++ b/net/librespeed-go/Makefile
@@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=librespeed-go
 PKG_VERSION:=1.1.5
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/librespeed/speedtest-go/tar.gz/v$(PKG_VERSION)?
diff --git a/net/librespeed-go/files/librespeed-go.init b/net/librespeed-go/files/librespeed-go.init
index 484a283dba..13c333c1a7 100644
--- a/net/librespeed-go/files/librespeed-go.init
+++ b/net/librespeed-go/files/librespeed-go.init
@@ -8,6 +8,31 @@ CONF="librespeed-go"
 PROG="/usr/bin/librespeed-go"
 TMPCONF="/var/run/$CONF/settings.json"
 
+mount_jail_file() {
+	local cfg="$1"
+	local isdir="${2:-0}"
+	local rw="${3:-0}"
+
+	local value
+	config_get value "config" "$cfg"
+	[ -n "$value" ] || return 1
+
+	if [ "$isdir" = "1" ]; then
+		mkdir -p "$value"
+		chown -R librespeed "$value"
+	else
+		mkdir -p "${value%/*}"
+		touch "$value"
+		chown librespeed "$value"
+	fi
+
+	if [ "$rw" = "1" ]; then
+		procd_add_jail_mount_rw "$value"
+	else
+		procd_add_jail_mount "$value"
+	fi
+}
+
 start_service() {
 	config_load "$CONF"
 
@@ -32,14 +57,7 @@ start_service() {
 	}
 	config_load "$CONF"
 	json_dump > "$TMPCONF"
-
-	local database_file
-	config_get database_file "config" "database_file"
-	if [ -n "$database_file" ]; then
-		mkdir -p "${database_file%/*}"
-		touch "$database_file"
-		chown librespeed "$database_file"
-	fi
+	chown librespeed "$TMPCONF"
 
 	procd_open_instance "$CONF"
 	procd_set_param command "$PROG"
@@ -53,15 +71,11 @@ start_service() {
 
 	procd_add_jail "$CONF" log
 	procd_add_jail_mount "$TMPCONF"
-	[ -z "$database_file" ] || procd_add_jail_mount_rw "$database_file"
 
-	local assets_path tls_cert_file tls_key_file
-	config_get assets_path "config" "assets_path"
-	config_get tls_cert_file "config" "tls_cert_file"
-	config_get tls_key_file "config" "tls_key_file"
-	[ -z "$assets_path" ] || procd_add_jail_mount "$assets_path"
-	[ -z "$tls_cert_file" ] || procd_add_jail_mount "$tls_cert_file"
-	[ -z "$tls_key_file" ] || procd_add_jail_mount "$tls_key_file"
+	mount_jail_file "assets_path" "1"
+	mount_jail_file "database_file" "0" "1"
+	mount_jail_file "tls_cert_file"
+	mount_jail_file "tls_key_file"
 
 	procd_close_instance
 }