diff --git a/docs/FONT_MANAGER.md b/docs/FONT_MANAGER.md index 10527d4e..9178df6a 100644 --- a/docs/FONT_MANAGER.md +++ b/docs/FONT_MANAGER.md @@ -373,5 +373,8 @@ self.font = self.font_manager.resolve_font( ## Example: Complete Manager Implementation -See `test/font_manager_example.py` for a complete working example. +For a working example of the font manager API in use, see +`src/font_manager.py` itself and the bundled scoreboard base classes +in `src/base_classes/` (e.g., `hockey.py`, `football.py`) which +register and resolve fonts via the patterns documented above. diff --git a/docs/HOW_TO_RUN_TESTS.md b/docs/HOW_TO_RUN_TESTS.md index bb6f1664..810076fd 100644 --- a/docs/HOW_TO_RUN_TESTS.md +++ b/docs/HOW_TO_RUN_TESTS.md @@ -336,11 +336,15 @@ pytest --cov=src --cov-report=html ## Continuous Integration -Tests are configured to run automatically in CI/CD. The GitHub Actions workflow (`.github/workflows/tests.yml`) runs: +There is currently no CI test workflow in this repo — `pytest` runs +locally but is not gated on PRs. The only GitHub Actions workflow is +[`.github/workflows/security-audit.yml`](../.github/workflows/security-audit.yml), +which runs bandit and semgrep on every push. -- All tests on multiple Python versions (3.10, 3.11, 3.12) -- Coverage reporting -- Uploads coverage to Codecov (if configured) +If you'd like to add a test workflow, the recommended setup is a +`.github/workflows/tests.yml` that runs `pytest` against the +supported Python versions (3.10, 3.11, 3.12, 3.13 per +`requirements.txt`). Open an issue or PR if you want to contribute it. ## Best Practices diff --git a/docs/MIGRATION_GUIDE.md b/docs/MIGRATION_GUIDE.md index 3f6786f5..422cd064 100644 --- a/docs/MIGRATION_GUIDE.md +++ b/docs/MIGRATION_GUIDE.md @@ -88,8 +88,8 @@ If you encounter issues during migration: 1. Check the [README.md](README.md) for current installation and usage instructions 2. Review script README files: - - `scripts/install/README.md` - Installation scripts documentation - - `scripts/fix_perms/README.md` (if exists) - Permission scripts documentation + - [`scripts/install/README.md`](../scripts/install/README.md) - Installation scripts documentation + - [`scripts/fix_perms/README.md`](../scripts/fix_perms/README.md) - Permission scripts documentation 3. Check system logs: `journalctl -u ledmatrix -f` or `journalctl -u ledmatrix-web -f` 4. Review the troubleshooting section in the main README diff --git a/scripts/fix_perms/README.md b/scripts/fix_perms/README.md new file mode 100644 index 00000000..96f293d2 --- /dev/null +++ b/scripts/fix_perms/README.md @@ -0,0 +1,70 @@ +# Permission Fix Scripts + +This directory contains shell scripts for repairing file/directory +permissions on a LEDMatrix installation. They're typically only needed +when something has gone wrong — for example, after running parts of the +install as the wrong user, after a manual file copy that didn't preserve +ownership, or after a permissions-related error from the display or +web service. + +Most of these scripts require `sudo` since they touch directories +owned by the `ledmatrix` service user or by `root`. + +## Scripts + +- **`fix_assets_permissions.sh`** — Fixes ownership and write + permissions on the `assets/` tree so plugins can download and cache + team logos, fonts, and other static content. + +- **`fix_cache_permissions.sh`** — Fixes permissions on every cache + directory the project may use (`/var/cache/ledmatrix/`, + `~/.cache/ledmatrix/`, `/opt/ledmatrix/cache/`, project-local + `cache/`). Also creates placeholder logo subdirectories used by the + sports plugins. + +- **`fix_plugin_permissions.sh`** — Fixes ownership on the plugins + directory so both the root display service and the web service user + can read and write plugin files (manifests, configs, requirements + installs). + +- **`fix_web_permissions.sh`** — Fixes permissions on log files, + systemd journal access, and the sudoers entries the web interface + needs to control the display service. + +- **`fix_nhl_cache.sh`** — Targeted fix for NHL plugin cache issues + (clears the NHL cache and restarts the display service). + +- **`safe_plugin_rm.sh`** — Validates that a plugin removal path is + inside an allowed base directory before deleting it. Used by the web + interface (via sudo) when a user clicks **Uninstall** on a plugin — + prevents path-traversal abuse from the web UI. + +## When to use these + +Most users never need to run these directly. The first-time installer +(`first_time_install.sh`) sets up permissions correctly, and the web +interface manages plugin install/uninstall through the sudoers entries +the installer creates. + +Run these scripts only when: + +- You see "Permission denied" errors in `journalctl -u ledmatrix` or + the web UI Logs tab. +- You manually copied files into the project directory as the wrong + user. +- You restored from a backup that didn't preserve ownership. +- You moved the LEDMatrix directory and need to re-anchor permissions. + +## Usage + +```bash +# Run from the project root +sudo ./scripts/fix_perms/fix_cache_permissions.sh +sudo ./scripts/fix_perms/fix_assets_permissions.sh +sudo ./scripts/fix_perms/fix_plugin_permissions.sh +sudo ./scripts/fix_perms/fix_web_permissions.sh +``` + +If you're not sure which one you need, run `fix_cache_permissions.sh` +first — it's the most commonly needed and creates several directories +the other scripts assume exist.