From: Daniel F. Dickinson <redacted>
Date: Mon, 12 Jan 2026 00:14:35 +0000 (-0500)
Subject: radicale3: fix permissions on ssl cert/key
X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=ecf9fb51dbcdc2eedd81cc5102cdb13fc4536d68;p=openwrt-packages.git

radicale3: fix permissions on ssl cert/key

When LuCI uploads files like the SSL key and certificate, it makes the
files readable only by root. Since radicale is running as a
non-privileged user it is unable to access a certificate and key
uploaded by LuCI, therefore when SSL cert and key (and optional CA) are
configured, make them group radicale3 and group readable, so the
radicale server can use them.

Signed-off-by: Daniel F. Dickinson <redacted>
---

diff --git a/net/radicale3/Makefile b/net/radicale3/Makefile
index 7b4b2d81d..8c1b66069 100644
--- a/net/radicale3/Makefile
+++ b/net/radicale3/Makefile
@@ -18,6 +18,8 @@ PYPI_NAME:=Radicale
 PYPI_SOURCE_NAME:=radicale
 PKG_HASH:=569f2a8cf990faf9bb25b7442f36ddd439526b95db81d8878952d77836ab3d4c
 
+PKG_MAINTAINER:=Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
+
 include ../../lang/python/pypi.mk
 include $(INCLUDE_DIR)/package.mk
 include ../../lang/python/python3-package.mk
diff --git a/net/radicale3/files/radicale3.init b/net/radicale3/files/radicale3.init
index 9a4c09320..d030160e5 100755
--- a/net/radicale3/files/radicale3.init
+++ b/net/radicale3/files/radicale3.init
@@ -72,8 +72,20 @@ conf_section() {
 		conf_getline "$cfg" "$cfgfile" ssl 0 1
 		if [ "$value" -eq 1 ]; then
 			conf_getline "$cfg" "$cfgfile" certificate
+			if [ "$value" != "" ]; then
+				chgrp radicale3 "$value"
+				chmod g+r "$value"
+			fi
 			conf_getline "$cfg" "$cfgfile" key
+			if [ "$value" != "" ]; then
+				chgrp radicale3 "$value"
+				chmod g+r "$value"
+			fi
 			conf_getline "$cfg" "$cfgfile" certificate_authority
+			if [ "$value" != "" ]; then
+				chgrp radicale3 "$value"
+				chmod g+r "$value"
+			fi
 			conf_getline "$cfg" "$cfgfile" protocol
 			conf_getline "$cfg" "$cfgfile" ciphers
 		fi