From ecf9fb51dbcdc2eedd81cc5102cdb13fc4536d68 Mon Sep 17 00:00:00 2001 From: "Daniel F. Dickinson" Date: Sun, 11 Jan 2026 19:14:35 -0500 Subject: [PATCH] radicale3: fix permissions on ssl cert/key When LuCI uploads files like the SSL key and certificate, it makes the files readable only by root. Since radicale is running as a non-privileged user it is unable to access a certificate and key uploaded by LuCI, therefore when SSL cert and key (and optional CA) are configured, make them group radicale3 and group readable, so the radicale server can use them. Signed-off-by: Daniel F. Dickinson --- net/radicale3/Makefile | 2 ++ net/radicale3/files/radicale3.init | 12 ++++++++++++ 2 files changed, 14 insertions(+) diff --git a/net/radicale3/Makefile b/net/radicale3/Makefile index 7b4b2d81d2..8c1b660692 100644 --- a/net/radicale3/Makefile +++ b/net/radicale3/Makefile @@ -18,6 +18,8 @@ PYPI_NAME:=Radicale PYPI_SOURCE_NAME:=radicale PKG_HASH:=569f2a8cf990faf9bb25b7442f36ddd439526b95db81d8878952d77836ab3d4c +PKG_MAINTAINER:=Daniel F. Dickinson + include ../../lang/python/pypi.mk include $(INCLUDE_DIR)/package.mk include ../../lang/python/python3-package.mk diff --git a/net/radicale3/files/radicale3.init b/net/radicale3/files/radicale3.init index 9a4c093205..d030160e5e 100755 --- a/net/radicale3/files/radicale3.init +++ b/net/radicale3/files/radicale3.init @@ -72,8 +72,20 @@ conf_section() { conf_getline "$cfg" "$cfgfile" ssl 0 1 if [ "$value" -eq 1 ]; then conf_getline "$cfg" "$cfgfile" certificate + if [ "$value" != "" ]; then + chgrp radicale3 "$value" + chmod g+r "$value" + fi conf_getline "$cfg" "$cfgfile" key + if [ "$value" != "" ]; then + chgrp radicale3 "$value" + chmod g+r "$value" + fi conf_getline "$cfg" "$cfgfile" certificate_authority + if [ "$value" != "" ]; then + chgrp radicale3 "$value" + chmod g+r "$value" + fi conf_getline "$cfg" "$cfgfile" protocol conf_getline "$cfg" "$cfgfile" ciphers fi