fix: Improve /tmp permission handling and non-interactive mode detection

Improve handling of /tmp permissions and non-interactive mode:

1. /tmp permissions fix:
   - Check current permissions before attempting to fix
   - Display warning when fixing incorrect permissions (2775 -> 1777)
   - Verify /tmp has permissions 1777 (sticky bit + world writable)

2. Non-interactive mode detection:
   - Redirect stdin from /dev/null when running via sudo to prevent
     read commands from hanging when stdin is not a TTY
   - Add better error message in first_time_install.sh when non-interactive
     mode is detected but ASSUME_YES is not set
   - Check if stdin is a TTY before attempting interactive read

This fixes the issues identified in diagnostic output:
- /tmp permissions 2775 causing APT write failures
- read -p failing when stdin is not a TTY (curl | bash)

Fixes installation failures when running one-shot install via curl | bash.

first_time_install.sh

@@ -239,11 +239,20 @@ echo ""
 if [ "$ASSUME_YES" = "1" ]; then
     echo "Non-interactive mode: proceeding with installation."
 else
-    read -p "Do you want to proceed with the installation? (y/N): " -n 1 -r
-    echo
-    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
-        echo "Installation cancelled."
-        exit 0
+    # Check if stdin is available (not running via pipe/curl)
+    if [ -t 0 ]; then
+        read -p "Do you want to proceed with the installation? (y/N): " -n 1 -r
+        echo
+        if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+            echo "Installation cancelled."
+            exit 0
+        fi
+    else
+        # Non-interactive mode but ASSUME_YES not set - exit with error
+        echo "✗ Non-interactive mode detected but ASSUME_YES not set." >&2
+        echo "  Please run with -y flag or set LEDMATRIX_ASSUME_YES=1" >&2
+        echo "  Example: sudo ./first_time_install.sh -y" >&2
+        exit 1
     fi
 fi
 

scripts/install/one-shot-install.sh

@@ -270,18 +270,35 @@ main() {
     set +e
     
     # Fix /tmp permissions before running (ensure APT can write temp files)
+    # /tmp should have permissions 1777 (sticky bit + world writable)
+    CURRENT_STEP="Fixing /tmp permissions"
     if [ "$EUID" -eq 0 ]; then
-        chmod 1777 /tmp 2>/dev/null || true
+        # Check and fix /tmp permissions
+        TMP_PERMS=$(stat -c '%a' /tmp 2>/dev/null || echo "unknown")
+        if [ "$TMP_PERMS" != "1777" ]; then
+            print_warning "/tmp has incorrect permissions ($TMP_PERMS), fixing to 1777..."
+            chmod 1777 /tmp 2>/dev/null || {
+                print_error "Failed to fix /tmp permissions. Continuing anyway..."
+            }
+        fi
         export TMPDIR=/tmp
         # Run in non-interactive mode with ASSUME_YES (both -y flag and env var for safety)
         export LEDMATRIX_ASSUME_YES=1
         bash ./first_time_install.sh -y
     else
-        sudo chmod 1777 /tmp 2>/dev/null || true
+        # Check and fix /tmp permissions
+        TMP_PERMS=$(stat -c '%a' /tmp 2>/dev/null || echo "unknown")
+        if [ "$TMP_PERMS" != "1777" ]; then
+            print_warning "/tmp has incorrect permissions ($TMP_PERMS), fixing to 1777..."
+            sudo chmod 1777 /tmp 2>/dev/null || {
+                print_error "Failed to fix /tmp permissions. Continuing anyway..."
+            }
+        fi
         export TMPDIR=/tmp
         # Pass both -y flag AND environment variable for non-interactive mode
         # This ensures it works even if the script re-executes itself with sudo
-        sudo -E env TMPDIR=/tmp LEDMATRIX_ASSUME_YES=1 bash ./first_time_install.sh -y
+        # Also ensure stdin is properly handled for non-interactive mode
+        sudo -E env TMPDIR=/tmp LEDMATRIX_ASSUME_YES=1 bash ./first_time_install.sh -y </dev/null
     fi
     INSTALL_EXIT_CODE=$?
     set -e  # Re-enable errexit