GitHub bot: changelog

Move qBittorrent VPN config filename validation to init scripts

qbittorrent/CHANGELOG.md

@@ -1,4 +1,11 @@
-## 5.1.4-7 (05-02-2026)
+## 5.1.4-10 (05-02-2026)
+- Minor bugs fixed
+## 5.1.4-9 (05-02-2026)
+- Move OpenVPN/WireGuard config filename validation from schema to runtime scripts
+- Validate config name only when the related VPN mode is enabled
+
+## 5.1.4-8 (05-02-2026)
+- Allow more complex vpn config names
 - Rewrite the openvpn and wireguard scripts in order to make them more robust, secure, and compatible with more suppliers @litinoveweedle
 
 ## 5.1.4-6 (03-02-2026)

qbittorrent/config.yaml

@@ -68,6 +68,8 @@ devices:
   - /dev/nvme2
 environment:
   WEBUI_PORT: "8080"
+  PUID: "0"
+  PGID: "0"
 image: ghcr.io/alexbelgium/qbittorrent-{arch}
 ingress: true
 init: false
@@ -79,11 +81,8 @@ map:
   - ssl
 name: qBittorrent
 options:
-  log_level: info
   env_vars: []
   DNS_server: 8.8.8.8,1.1.1.1
-  PGID: "0"
-  PUID: "0"
   SavePath: /share/qBittorrent
   Username: admin
   certfile: fullchain.pem
@@ -91,6 +90,7 @@ options:
   keyfile: privkey.pem
   ssl: false
   whitelist: localhost,127.0.0.1,172.30.0.0/16,192.168.0.0/16
+  log_level: info
 panel_admin: false
 panel_icon: mdi:progress-download
 ports:
@@ -110,7 +110,6 @@ privileged:
   - DAC_READ_SEARCH
   - NET_ADMIN
 schema:
-  log_level: list(trace|debug|info|notice|warning|error|fatal)?
   env_vars:
     - name: match(^[A-Za-z0-9_]+$)
       value: str?
@@ -128,7 +127,7 @@ schema:
   keyfile: str
   localdisks: str?
   networkdisks: str?
-  openvpn_config: match(^\w+\.(ovpn|conf)$)?
+  openvpn_config: str?
   openvpn_enabled: bool?
   openvpn_password: str?
   openvpn_username: str?
@@ -136,10 +135,11 @@ schema:
   run_duration: str?
   silent: bool?
   ssl: bool
-  wireguard_config: match(^\w+\.conf$)?
+  wireguard_config: str?
   wireguard_enabled: bool?
   whitelist: str?
+  log_level: list(trace|debug|info|notice|warning|error|fatal)?
 slug: qbittorrent
 udev: true
 url: https://github.com/alexbelgium/hassio-addons
-version: "5.1.4-7"
+version: "5.1.4-10"

qbittorrent/rootfs/etc/cont-init.d/93-openvpn.sh

@@ -18,7 +18,8 @@ fi
 if ! bashio::config.true 'openvpn_enabled'; then
     bashio::exit.ok 'OpenVPN is disabled.'
 elif bashio::config.true 'wireguard_enabled'; then
-    bashio::exit.nok 'OpenVPN and WireGuard cannot be enabled simultaneously. Disable one of them.'
+    bashio::log.fatal 'OpenVPN and WireGuard cannot be enabled simultaneously. Disable one of them.'
+    bashio::addon.stop
 fi
 
 mkdir -p "${OPENVPN_STATE_DIR}"
@@ -31,12 +32,14 @@ bashio::log.info "----------------------------"
 if bashio::config.has_value "openvpn_username"; then
     openvpn_username=$(bashio::config 'openvpn_username')
 else
-    bashio::exit.nok "Openvpn is enabled, but openvpn_username option is empty! Exiting"
+    bashio::log.fatal "Openvpn is enabled, but openvpn_username option is empty! Exiting"
+    bashio::addon.stop
 fi
 if bashio::config.has_value "openvpn_password"; then
     openvpn_password=$(bashio::config 'openvpn_password')
 else
-    bashio::exit.nok "Openvpn is enabled, but openvpn_password option is empty! Exiting"
+    bashio::log.fatal "Openvpn is enabled, but openvpn_password option is empty! Exiting"
+    bashio::addon.stop
 fi
 
 echo -e "${openvpn_username}\n${openvpn_password}" > "${OPENVPN_STATE_DIR}/credentials.conf"
@@ -45,12 +48,17 @@ chmod 600 "${OPENVPN_STATE_DIR}/credentials.conf"
 if bashio::config.has_value "openvpn_config"; then
     openvpn_config="$(bashio::config 'openvpn_config')"
     openvpn_config="${openvpn_config##*/}"
+    if [[ ! "${openvpn_config}" =~ ^[A-Za-z0-9._-]+\.(conf|ovpn)$ ]]; then
+        bashio::log.fatal "Invalid openvpn_config filename '${openvpn_config}'. Allowed characters: letters, numbers, dot, underscore, dash. Extension must be .conf or .ovpn."
+        bashio::addon.stop
+    fi
 fi
 if [[ -z "${openvpn_config}" ]]; then
     bashio::log.info 'openvpn_config option left empty. Attempting automatic selection.'
         mapfile -t configs < <(find /config/openvpn -maxdepth 1 \( -type f -name '*.conf' -o -name '*.ovpn' \) -print)
     if [ "${#configs[@]}" -eq 0 ]; then
-        bashio::exit.nok 'OpenVPN is enabled but no .conf or .ovpn file was found in /config/openvpn.'
+        bashio::log.fatal 'OpenVPN is enabled but no .conf or .ovpn file was found in /config/openvpn.'
+        bashio::addon.stop
     elif [ "${#configs[@]}" -eq 1 ]; then
         openvpn_config="${configs[0]}"
         bashio::log.info "OpenVPN configuration not specified. Using ${openvpn_config##*/}."
@@ -58,17 +66,20 @@ if [[ -z "${openvpn_config}" ]]; then
         openvpn_config='/config/openvpn/config.conf'
         bashio::log.info 'Using default OpenVPN configuration config.conf.'
     else
-        bashio::exit.nok "Multiple OpenVPN configuration files detected. Please set the 'openvpn_config' option."
+        bashio::log.fatal "Multiple OpenVPN configuration files detected. Please set the 'openvpn_config' option."
+        bashio::addon.stop
     fi
 elif bashio::fs.file_exists "/config/openvpn/${openvpn_config}"; then
     openvpn_config="/config/openvpn/${openvpn_config}"
 else
-    bashio::exit.nok "OpenVPN configuration '/config/openvpn/${openvpn_config}' not found."
+    bashio::log.fatal "OpenVPN configuration '/config/openvpn/${openvpn_config}' not found."
+    bashio::addon.stop
 fi
 
 interface_name="$(sed -n "/^dev tun/p" "${openvpn_config}" | awk -F' ' '{print $2}')"
 if [[ -z "${interface_name}" ]]; then
-    bashio::exit.nok "OpenVPN configuration '${openvpn_config}' misses device directive."
+    bashio::log.fatal "OpenVPN configuration '${openvpn_config}' misses device directive."
+    bashio::addon.stop
 elif [[ ${interface_name} = "tun" ]]; then
     interface_name='tun0'
 elif [[ ${interface_name} = "tap" ]]; then

qbittorrent/rootfs/etc/cont-init.d/94-wireguard.sh

@@ -16,7 +16,8 @@ fi
 if ! bashio::config.true 'wireguard_enabled'; then
     bashio::exit.ok 'WireGuard is disabled.'
 elif bashio::config.true 'openvpn_enabled'; then
-    bashio::exit.nok 'OpenVPN and WireGuard cannot be enabled simultaneously. Disable one of them.'
+    bashio::log.fatal 'OpenVPN and WireGuard cannot be enabled simultaneously. Disable one of them.'
+    bashio::addon.stop
 fi
 
 mkdir -p "${WIREGUARD_STATE_DIR}"
@@ -28,12 +29,17 @@ bashio::log.info "------------------------------"
 if bashio::config.has_value "wireguard_config"; then
     wireguard_config="$(bashio::config 'wireguard_config')"
     wireguard_config="${wireguard_config##*/}"
+    if [[ ! "${wireguard_config}" =~ ^[A-Za-z0-9._-]+\.conf$ ]]; then
+        bashio::log.fatal "Invalid wireguard_config filename '${wireguard_config}'. Allowed characters: letters, numbers, dot, underscore, dash. Extension must be .conf."
+        bashio::addon.stop
+    fi
 fi
 if [[ -z "${wireguard_config}" ]]; then
     bashio::log.info 'wireguard_config option left empty. Attempting automatic selection.'
         mapfile -t configs < <(find /config/wireguard -maxdepth 1 -type f -name '*.conf' -print)
     if [ "${#configs[@]}" -eq 0 ]; then
-        bashio::exit.nok 'WireGuard is enabled but no .conf file was found in /config/wireguard.'
+        bashio::log.fatal 'WireGuard is enabled but no .conf file was found in /config/wireguard.'
+        bashio::addon.stop
     elif [ "${#configs[@]}" -eq 1 ]; then
         wireguard_config="${configs[0]}"
         bashio::log.info "WireGuard configuration not specified. Using ${wireguard_config##*/}."
@@ -41,12 +47,14 @@ if [[ -z "${wireguard_config}" ]]; then
         wireguard_config='/config/wireguard/config.conf'
         bashio::log.info 'Using default WireGuard configuration config.conf.'
     else
-        bashio::exit.nok "Multiple WireGuard configuration files detected. Please set the 'wireguard_config' option."
+        bashio::log.fatal "Multiple WireGuard configuration files detected. Please set the 'wireguard_config' option."
+        bashio::addon.stop
     fi
 elif bashio::fs.file_exists "/config/wireguard/${wireguard_config}"; then
     wireguard_config="/config/wireguard/${wireguard_config}"
 else
-    bashio::exit.nok "WireGuard configuration '/config/wireguard/${wireguard_config}' not found."
+    bashio::log.fatal "WireGuard configuration '/config/wireguard/${wireguard_config}' not found."
+    bashio::addon.stop
 fi
 
 interface_name="$(basename "${wireguard_config}" .conf)"

qbittorrent/rootfs/usr/local/sbin/vpn

@@ -9,6 +9,10 @@ config["MySelf"]="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/$(basename "${BA
 declare -a dns_servers_ipv4=()
 declare -a dns_servers_ipv6=()
 
+log_level="$(bashio::config "log_level")"
+[[ "$log_level" == "debug" ]] && bashio::log.warning "--- Debug mode is active ---"
+[[ "$log_level" == "debug" ]] && set -x
+
 _parse_config() {
     local -n config_ref="$1"
     local config_file="$2"
@@ -152,9 +156,11 @@ _routing_add() {
     done
     for ipv6 in ${local_ipv6}; do
         config["IPv6Enabled"]="true"
-        _cmd "ip -6 route add default dev ${config["Interface"]} table ${config["Table"]}" || return 1
         _cmd "ip -6 rule add priority 1 from ${ipv6} table ${config["Table"]}" || return 1
     done
+    if [ "${config["IPv6Enabled"]}" = "true" ]; then
+        _cmd "ip -6 route add default dev ${config["Interface"]} table ${config["Table"]}" || true
+    fi
 
     # get valid DNS servers
     _parse_dns
@@ -346,12 +352,16 @@ _openvpn_up() {
     echo "${config["MySelf"]} openvpn postdown" >> ${config["PostDownScript"]}
     chmod 755 ${config["PostDownScript"]}
 
+    # Define logging
+    log_path="/dev/null"
+    [[ "$log_level" == "debug" ]] && log_path="/proc/1/fd/1"
+
     # Start OpenVPN in the background
     _cmd "/usr/sbin/openvpn \
         --config "${config["ConfigFile"]}" \
         --client \
         --daemon \
-        --log /dev/null \
+        --log "$log_path" \
         --script-security 2 \
         --auth-user-pass "${OPENVPN_STATE_DIR}/credentials.conf" \
         --auth-retry none \