qbittorrent: fix OpenVPN stale-process loop and broken _routing_del

Agent-Logs-Url: https://github.com/alexbelgium/hassio-addons/sessions/9b5f5807-1537-4008-9933-f6a6b21ec5b4

Co-authored-by: alexbelgium <44178713+alexbelgium@users.noreply.github.com>

manyfold/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.139.3 (11-05-2026)
+- Minor bugs fixed
 ## 0.138.0 (24-04-2026)
 - Minor bugs fixed
 ## 0.137.0 (13-04-2026)

manyfold/config.yaml

@@ -1,7 +1,7 @@
 name: "Manyfold"
 slug: manyfold
 description: "Manyfold 3D model manager as a Home Assistant add-on, using the upstream image with configurable library/index paths."
-version: "0.138.0"
+version: "0.139.3"
 url: "https://github.com/alexbelgium/hassio-addons/tree/master/manyfold"
 image: ghcr.io/alexbelgium/manyfold-{arch}
 arch:

qbittorrent/CHANGELOG.md

@@ -1,3 +1,12 @@
+## 5.2.0-7 (12-05-2026)
+- Fix OpenVPN stale-process crash loop on S6 service restart: kill any existing OpenVPN daemon and clean up stale interface/routing state before re-establishing the tunnel (same class of fix as WireGuard 5.2.0-3)
+- Fix broken routing rule cleanup: `_routing_del` was deleting rules with `from all`/`to all` wildcard which never matched the specific `from IP`/`to IP` rules added by `_routing_add`, leaving stale routing rules after VPN teardown and causing DNS resolution failures when OpenVPN tried to reconnect
+
+## 5.2.0-6 (12-05-2026)
+- Minor bugs fixed
+
+## 5.2.0-3 (2026-05-12)
+- Fix WireGuard "RTNETLINK answers: File exists" crash loop: clean up stale interface and routing rules before re-establishing the tunnel on S6 service restart
 
 ## 5.2.0-2 (2026-05-10)
 - Fix startup loop on aarch64: drop s6-notifyoncheck wrapper so s6 supervises qbittorrent-nox directly (LSIO arm64 image has no notification-fd, causing EBADF restart loop)

qbittorrent/config.yaml

@@ -143,4 +143,4 @@ schema:
 slug: qbittorrent
 udev: true
 url: https://github.com/alexbelgium/hassio-addons
-version: "5.2.0-2"
+version: "5.2.0-7"

qbittorrent/rootfs/usr/local/sbin/vpn

@@ -192,13 +192,36 @@ _routing_add() {
 
 _routing_del() {
     bashio::log.info "Removing routing rules for VPN interface ${config["Interface"]}..."
+    local table="${config["Table"]}"
+    local line prio rest
 
-    while _cmd "ip -4 rule del priority 1 from all table ${config["Table"]} 2>/dev/null"; do :; done
-    while _cmd "ip -4 rule del priority 1 to all table ${config["Table"]} 2>/dev/null"; do :; done
-    while _cmd "ip -4 route del default dev ${config["Interface"]} table ${config["Table"]} 2>/dev/null"; do :; done
-    while _cmd "ip -6 rule del priority 1 from all table ${config["Table"]} 2>/dev/null"; do :; done
-    while _cmd "ip -6 rule del priority 1 to all table ${config["Table"]} 2>/dev/null"; do :; done
-    while _cmd "ip -6 route del default dev ${config["Interface"]} table ${config["Table"]} 2>/dev/null"; do :; done
+    # Remove all IPv4 policy rules pointing to our custom routing table.
+    # We must parse `ip rule list` and delete each matching rule individually,
+    # because the rules were added with specific from/to selectors (e.g.
+    # "from 10.8.0.2" or "to 8.8.8.8") — not the "from all" wildcard that
+    # the old code tried to delete, which never matched anything.
+    while IFS= read -r line; do
+        [[ "${line}" =~ ^[[:space:]]*([0-9]+):[[:space:]]+(.*lookup[[:space:]]+${table}.*)$ ]] || continue
+        prio="${BASH_REMATCH[1]}"
+        rest="${BASH_REMATCH[2]}"
+        # shellcheck disable=SC2206 — word-split is intentional: ip needs individual tokens
+        local -a rule_args=( ${rest} )
+        ip -4 rule del prio "${prio}" "${rule_args[@]}" 2>/dev/null || true
+    done < <(ip -4 rule list 2>/dev/null)
+
+    # Same for IPv6
+    while IFS= read -r line; do
+        [[ "${line}" =~ ^[[:space:]]*([0-9]+):[[:space:]]+(.*lookup[[:space:]]+${table}.*)$ ]] || continue
+        prio="${BASH_REMATCH[1]}"
+        rest="${BASH_REMATCH[2]}"
+        # shellcheck disable=SC2206 — word-split is intentional: ip needs individual tokens
+        local -a rule_args=( ${rest} )
+        ip -6 rule del prio "${prio}" "${rule_args[@]}" 2>/dev/null || true
+    done < <(ip -6 rule list 2>/dev/null)
+
+    # Flush all routes in our custom table
+    ip -4 route flush table "${table}" 2>/dev/null || true
+    ip -6 route flush table "${table}" 2>/dev/null || true
 }
 
 # --- Firewall Specific Functions ---
@@ -279,6 +302,16 @@ _wireguard_up() {
         fi
     done
 
+    # Clean up any leftover state from a previous run (e.g., after an S6 service restart).
+    # Without this, `ip link add` and `ip rule add` fail with "RTNETLINK answers: File exists"
+    # when the svc-qbittorrent service is restarted while the WireGuard interface is still up.
+    if ip link show "${config["Interface"]}" > /dev/null 2>&1; then
+        bashio::log.info "WireGuard interface ${config["Interface"]} already exists. Cleaning up before re-establishing connection."
+        ip link set "${config["Interface"]}" down 2>/dev/null || true
+        ip link del "${config["Interface"]}" 2>/dev/null || true
+    fi
+    _routing_del 2>/dev/null || true
+
     _cmd "ip link add ${config["Interface"]} type wireguard" || return 1
 
     mapfile -d ',' -t local_ips < <(echo "${config["Address"]}" | tr -d ' ')
@@ -490,6 +523,22 @@ _openvpn_up() {
     bashio::log.warning "This routing table will be used for traffic from the VPN interface and to the configured DNS servers."
     bashio::log.warning "Qbittorrent bittorrent client shall be set to use the VPN interface ${config["Interface"]} only."
 
+    # Clean up any leftover state from a previous run (e.g., after an S6 service restart).
+    # Without this, a second OpenVPN daemon starts while the first is still running, leaving
+    # stale routing rules that cause DNS resolution failures during reconnect — the same class
+    # of bug that was fixed for WireGuard in 5.2.0-3.
+    if pgrep -f "openvpn --config ${config["ConfigFile"]}" > /dev/null 2>&1; then
+        bashio::log.info "Previous OpenVPN process found. Stopping it before re-establishing connection."
+        pkill -TERM -f "openvpn --config ${config["ConfigFile"]}" 2>/dev/null || true
+        sleep 2
+    fi
+    if ip link show "${config["Interface"]}" > /dev/null 2>&1; then
+        bashio::log.info "OpenVPN interface ${config["Interface"]} already exists. Cleaning up before re-establishing connection."
+        ip link set "${config["Interface"]}" down 2>/dev/null || true
+    fi
+    _routing_del 2>/dev/null || true
+    _resolvconf "reset" 2>/dev/null || true
+
     # Register this script as OpenVPN up/down handlers to manage routing
     echo '#!/bin/bash' > ${config["PostUpScript"]}
     echo "${config["MySelf"]} openvpn postup" >> ${config["PostUpScript"]}

seafile/CHANGELOG.md

@@ -1,18 +1,4 @@
 
-## 12.0.18-6 (2026-05-11)
-- Preserve custom port in `SEAFILE_SERVER_HOSTNAME` (e.g. `seafile.example.com:8443`)
-- Fix `CSRF_TRUSTED_ORIGINS` to use scheme+host[:port] only (no URL path)
-- Add validation: reject newlines and quote characters in URL config values
-- Replace sed address-range approach for `seafile.conf` with idempotent `awk` edit so repeated runs never produce duplicate `host =` keys
-- Harden `apply_addon_urls.sh` generation: baked-in values are written to a separate sourced file using `printf %q` and the script body uses a single-quoted heredoc, eliminating any shell-injection risk from malformed config values
-
-## 12.0.18-5 (2026-05-11)
-- Fix file uploads and downloads through a reverse proxy (e.g. Nginx Proxy Manager) by:
-  - Writing `SEAFILE_SERVER_HOSTNAME` and `SEAFILE_SERVER_PROTOCOL` to `seafile.env` so Seafile knows its external URL
-  - Setting `host = 0.0.0.0` in the `[fileserver]` section of `seafile.conf` so the fileserver binds to all interfaces
-  - Adding `CSRF_TRUSTED_ORIGINS` to `seahub_settings.py` to prevent Django CSRF rejections on HTTPS setups
-  - Making `FILE_SERVER_ROOT` optional (`str?`) so it can be left empty when the reverse proxy handles `/seafhttp` routing
-
 ## 12.0.18-4 (2026-05-10)
 - Fix admin account creation by writing `conf/admin.txt` and seeding `seafile.env` with `SEAFILE_ADMIN_EMAIL`/`SEAFILE_ADMIN_PASSWORD` so the upstream `check_init_admin.py` no longer falls back to an interactive prompt (#2685)
 

seafile/config.yaml

@@ -79,7 +79,7 @@ name: Seafile
 options:
   env_vars: []
   CONFIG_LOCATION: /config/addons_config/seafile/config.yaml
-  FILE_SERVER_ROOT: ""
+  FILE_SERVER_ROOT: http://homeassistant.local:8082
   PGID: 1000
   PORT: "8082"
   PUID: 1000
@@ -107,7 +107,7 @@ schema:
     - name: match(^[A-Za-z0-9_]+$)
       value: str?
   CONFIG_LOCATION: str?
-  FILE_SERVER_ROOT: str?
+  FILE_SERVER_ROOT: str
   PGID: int
   PORT: str?
   PUID: int
@@ -128,5 +128,5 @@ services:
 slug: seafile
 udev: true
 url: https://github.com/alexbelgium/hassio-addons/tree/master/seafile
-version: "12.0.18-6"
+version: "12.0.18-4"
 webui: http://[HOST]:[PORT:8000]

seafile/rootfs/etc/cont-init.d/99-run.sh

@@ -154,8 +154,10 @@ bashio::log.info "Configuring Seafile URLs"
 SERVER_IP_CONFIG=$(bashio::config 'SERVER_IP')
 SERVICE_URL_CONFIG=$(bashio::config 'url')
 FILE_SERVER_ROOT_CONFIG=$(bashio::config 'FILE_SERVER_ROOT')
+FILE_PORT_CONFIG=$(bashio::config 'PORT')
 
 DEFAULT_HOST=${SERVER_IP_CONFIG:-homeassistant.local}
+DEFAULT_FILE_PORT=${FILE_PORT_CONFIG:-8082}
 
 normalize_url() {
     local raw_url="${1%/}"
@@ -174,39 +176,7 @@ normalize_url() {
 }
 
 SERVICE_URL_VALUE=$(normalize_url "${SERVICE_URL_CONFIG:-${DEFAULT_HOST}:8000}" "http")
-
-# FILE_SERVER_ROOT is optional; when empty Seafile derives it from SERVICE_URL
-# (clients then reach the fileserver via the same reverse proxy path /seafhttp).
-if [[ -n "${FILE_SERVER_ROOT_CONFIG}" && "${FILE_SERVER_ROOT_CONFIG}" != "null" ]]; then
-    FILE_SERVER_ROOT_VALUE=$(normalize_url "${FILE_SERVER_ROOT_CONFIG}" "http")
-else
-    FILE_SERVER_ROOT_VALUE=""
-fi
-
-# Validate URL values: reject characters that would break config file syntax or
-# the generated helper script (quotes and newlines are the dangerous ones).
-_seafile_validate_url() {
-    local _val="$1" _name="$2"
-    case "${_val}" in
-        *$'\n'*|*$'\r'*|*\"*|*\'*)
-            bashio::exit.nok "${_name} contains invalid characters (newlines or quotes are not allowed)"
-            ;;
-    esac
-}
-_seafile_validate_url "${SERVICE_URL_VALUE}" "url"
-if [[ -n "${FILE_SERVER_ROOT_VALUE}" ]]; then
-    _seafile_validate_url "${FILE_SERVER_ROOT_VALUE}" "FILE_SERVER_ROOT"
-fi
-
-# Extract protocol and host[:port] for seafile.env.
-# Keep the port when present (e.g. seafile.example.com:8443) so Seafile
-# advertises the correct external endpoint on non-standard ports.
-SERVER_PROTOCOL="${SERVICE_URL_VALUE%%://*}"
-_service_authority="${SERVICE_URL_VALUE#*://}"
-SERVER_HOSTNAME="${_service_authority%%/*}"   # strip any path; keep host:port
-
-# CSRF_TRUSTED_ORIGINS requires scheme://host[:port] only – no path component.
-CSRF_ORIGIN="${SERVER_PROTOCOL}://${SERVER_HOSTNAME}"
+FILE_SERVER_ROOT_VALUE=$(normalize_url "${FILE_SERVER_ROOT_CONFIG:-${DEFAULT_HOST}:${DEFAULT_FILE_PORT}}" "http")
 
 SEAHUB_CONF_DIRS=()
 if [[ -d "${DATA_LOCATION}/conf" || ! -d "${DATA_LOCATION}/seafile/conf" ]]; then
@@ -226,135 +196,28 @@ for conf_dir in "${SEAHUB_CONF_DIRS[@]}"; do
 
     sed -i '/^SERVICE_URL *=/d' "${SEAHUB_SETTINGS_FILE}"
     sed -i '/^FILE_SERVER_ROOT *=/d' "${SEAHUB_SETTINGS_FILE}"
-    sed -i '/^CSRF_TRUSTED_ORIGINS *=/d' "${SEAHUB_SETTINGS_FILE}"
 
-    printf 'SERVICE_URL = "%s"\n' "${SERVICE_URL_VALUE}" >> "${SEAHUB_SETTINGS_FILE}"
-    if [[ -n "${FILE_SERVER_ROOT_VALUE}" ]]; then
-        printf 'FILE_SERVER_ROOT = "%s"\n' "${FILE_SERVER_ROOT_VALUE}" >> "${SEAHUB_SETTINGS_FILE}"
-    fi
-    printf 'CSRF_TRUSTED_ORIGINS = ["%s"]\n' "${CSRF_ORIGIN}" >> "${SEAHUB_SETTINGS_FILE}"
+    {
+        echo "SERVICE_URL = \"${SERVICE_URL_VALUE}\""
+        echo "FILE_SERVER_ROOT = \"${FILE_SERVER_ROOT_VALUE}\""
+    } >> "${SEAHUB_SETTINGS_FILE}"
 done
 
 bashio::log.info "SERVICE_URL set to ${SERVICE_URL_VALUE}"
-if [[ -n "${FILE_SERVER_ROOT_VALUE}" ]]; then
-    bashio::log.info "FILE_SERVER_ROOT set to ${FILE_SERVER_ROOT_VALUE}"
-else
-    bashio::log.info "FILE_SERVER_ROOT not set; Seafile will derive it from SERVICE_URL"
-fi
-bashio::log.info "CSRF_TRUSTED_ORIGINS set to [\"${CSRF_ORIGIN}\"]"
-
-#############################################
-# Configure seafile.env (hostname/protocol) #
-#############################################
-
-bashio::log.info "Configuring seafile.env (SEAFILE_SERVER_HOSTNAME=${SERVER_HOSTNAME}, SEAFILE_SERVER_PROTOCOL=${SERVER_PROTOCOL})"
-
-for conf_dir in "${SEAHUB_CONF_DIRS[@]}"; do
-    SEAFILE_ENV_FILE="${conf_dir}/seafile.env"
-    touch "${SEAFILE_ENV_FILE}"
-    chown seafile:seafile "${SEAFILE_ENV_FILE}" 2>/dev/null || true
-    chmod 600 "${SEAFILE_ENV_FILE}"
-    sed -i '/^SEAFILE_SERVER_HOSTNAME=/d' "${SEAFILE_ENV_FILE}"
-    sed -i '/^SEAFILE_SERVER_PROTOCOL=/d' "${SEAFILE_ENV_FILE}"
-    {
-        printf 'SEAFILE_SERVER_HOSTNAME=%s\n' "${SERVER_HOSTNAME}"
-        printf 'SEAFILE_SERVER_PROTOCOL=%s\n' "${SERVER_PROTOCOL}"
-    } >> "${SEAFILE_ENV_FILE}"
-done
-
-#############################################
-# Configure fileserver binding (0.0.0.0)   #
-#############################################
+bashio::log.info "FILE_SERVER_ROOT set to ${FILE_SERVER_ROOT_VALUE}"
 
 # The upstream write_config.sh hardcodes /seafhttp in FILE_SERVER_ROOT and
 # overwrites our settings on first run.  Create a helper that re-applies the
 # addon's URL configuration right before Seafile services start, so it always
 # takes effect regardless of what the upstream init/setup scripts wrote.
-#
-# addon_url_config.sh holds the baked-in values (printf %q escaped) AND the
-# shared _seafile_set_fileserver_host function so the logic lives in exactly
-# one place.  The apply_addon_urls.sh helper sources that file and uses the
-# function; this script sources it too so it can call the same function below.
-{
-    printf 'ADDON_DATA_LOCATION=%q\n'      "${DATA_LOCATION}"
-    printf 'ADDON_SERVICE_URL=%q\n'        "${SERVICE_URL_VALUE}"
-    printf 'ADDON_FILE_SERVER_ROOT=%q\n'   "${FILE_SERVER_ROOT_VALUE:-}"
-    printf 'ADDON_SERVER_HOSTNAME=%q\n'    "${SERVER_HOSTNAME}"
-    printf 'ADDON_SERVER_PROTOCOL=%q\n'    "${SERVER_PROTOCOL}"
-    printf 'ADDON_CSRF_ORIGIN=%q\n'        "${CSRF_ORIGIN}"
-    # Shared helper: idempotently set host = 0.0.0.0 in the [fileserver] INI
-    # section using awk (avoids sed address-range pitfalls that leave duplicate
-    # keys).  mktemp ensures a unique temp file; on any failure the original is
-    # left untouched.
-    cat << 'FUNCEOF'
-_seafile_set_fileserver_host() {
-    local _cf="$1"
-    local _tmp
-    _tmp=$(mktemp "${_cf}.XXXXXX") || return 1
-    awk '
-        /^\[fileserver\]/ { in_fs=1; print; next }
-        /^\[/             { in_fs=0 }
-        in_fs && /^[[:space:]]*host[[:space:]]*=/ { next }
-        { print }
-    ' "${_cf}" > "${_tmp}" && mv "${_tmp}" "${_cf}" || { rm -f "${_tmp}"; return 1; }
-    if grep -q '^\[fileserver\]' "${_cf}"; then
-        sed -i '/^\[fileserver\]/a host = 0.0.0.0' "${_cf}"
-    else
-        printf '\n[fileserver]\nhost = 0.0.0.0\n' >> "${_cf}"
-    fi
-}
-FUNCEOF
-} > /home/seafile/addon_url_config.sh
-chmod 644 /home/seafile/addon_url_config.sh
-
-# Source so _seafile_set_fileserver_host is available in this script.
-# shellcheck disable=SC1091
-. /home/seafile/addon_url_config.sh
-
-bashio::log.info "Setting fileserver host to 0.0.0.0 in seafile.conf"
-
-for conf_dir in "${SEAHUB_CONF_DIRS[@]}"; do
-    SEAFILE_CONF="${conf_dir}/seafile.conf"
-    mkdir -p "${conf_dir}"
-    if [[ -f "${SEAFILE_CONF}" ]]; then
-        _seafile_set_fileserver_host "${SEAFILE_CONF}"
-    else
-        printf '[fileserver]\nhost = 0.0.0.0\n' > "${SEAFILE_CONF}"
-        chown seafile:seafile "${SEAFILE_CONF}" 2>/dev/null || true
-    fi
-done
-
-cat > /home/seafile/apply_addon_urls.sh << 'URLEOF'
+cat > /home/seafile/apply_addon_urls.sh << URLEOF
 #!/bin/bash
-# shellcheck disable=SC1091
-. /home/seafile/addon_url_config.sh
-
-for _CONF in "${ADDON_DATA_LOCATION}/conf/seahub_settings.py" \
-             "${ADDON_DATA_LOCATION}/seafile/conf/seahub_settings.py"; do
-    if [ -f "$_CONF" ]; then
-        sed -i '/^SERVICE_URL *=/d'          "$_CONF"
-        sed -i '/^FILE_SERVER_ROOT *=/d'     "$_CONF"
-        sed -i '/^CSRF_TRUSTED_ORIGINS *=/d' "$_CONF"
-        printf 'SERVICE_URL = "%s"\n' "${ADDON_SERVICE_URL}" >> "$_CONF"
-        if [ -n "${ADDON_FILE_SERVER_ROOT}" ]; then
-            printf 'FILE_SERVER_ROOT = "%s"\n' "${ADDON_FILE_SERVER_ROOT}" >> "$_CONF"
-        fi
-        printf 'CSRF_TRUSTED_ORIGINS = ["%s"]\n' "${ADDON_CSRF_ORIGIN}" >> "$_CONF"
-    fi
-done
-for _ENV in "${ADDON_DATA_LOCATION}/conf/seafile.env" \
-            "${ADDON_DATA_LOCATION}/seafile/conf/seafile.env"; do
-    if [ -f "$_ENV" ]; then
-        sed -i '/^SEAFILE_SERVER_HOSTNAME=/d' "$_ENV"
-        sed -i '/^SEAFILE_SERVER_PROTOCOL=/d' "$_ENV"
-        printf 'SEAFILE_SERVER_HOSTNAME=%s\n' "${ADDON_SERVER_HOSTNAME}" >> "$_ENV"
-        printf 'SEAFILE_SERVER_PROTOCOL=%s\n' "${ADDON_SERVER_PROTOCOL}" >> "$_ENV"
-    fi
-done
-for _SCONF in "${ADDON_DATA_LOCATION}/conf/seafile.conf" \
-              "${ADDON_DATA_LOCATION}/seafile/conf/seafile.conf"; do
-    if [ -f "$_SCONF" ]; then
-        _seafile_set_fileserver_host "$_SCONF"
+for _CONF in "${DATA_LOCATION}/conf/seahub_settings.py" "${DATA_LOCATION}/seafile/conf/seahub_settings.py"; do
+    if [ -f "\$_CONF" ]; then
+        sed -i '/^SERVICE_URL *=/d' "\$_CONF"
+        sed -i '/^FILE_SERVER_ROOT *=/d' "\$_CONF"
+        echo 'SERVICE_URL = "${SERVICE_URL_VALUE}"' >> "\$_CONF"
+        echo 'FILE_SERVER_ROOT = "${FILE_SERVER_ROOT_VALUE}"' >> "\$_CONF"
     fi
 done
 URLEOF

zzz_archived_tor/README.md

@@ -1,4 +1,5 @@
 ## ⚠ Open Issue : [🐛 Cloudcommander New Directory (opened 2026-03-19)](https://github.com/alexbelgium/hassio-addons/issues/2594) by [@pgitsov](https://github.com/pgitsov)
+## ⚠ Open Issue : [🐛 [Qbittorent] qbittorrent-nox (opened 2026-05-09)](https://github.com/alexbelgium/hassio-addons/issues/2690) by [@BrainDeLook](https://github.com/BrainDeLook)
 # Hass.io Add-ons: Tor with bridges
 
 [![Donate][donation-badge]](https://www.buymeacoffee.com/alexbelgium)