mirror of
https://github.com/ChuckBuilds/LEDMatrix.git
synced 2026-04-10 13:02:59 +00:00
0f4dbb6c1a
* fix(plugins): Remove compatible_versions requirement from single plugin install
Remove compatible_versions from required fields in install_from_url method
to match install_plugin behavior. This allows installing plugins from URLs
without manifest version requirements, consistent with store plugin installation.
* fix(7-segment-clock): Update submodule with separator and spacing fixes
* fix(plugins): Add onchange handlers to existing custom feed inputs
- Add onchange handlers to key and value inputs for existing patternProperties fields
- Fixes bug where editing existing custom RSS feeds didn't save changes
- Ensures hidden JSON input field is updated when users edit feed entries
- Affects all plugins using patternProperties (custom_feeds, feed_logo_map, etc.)
* Add array-of-objects widget support to web UI
- Add support for rendering arrays of objects in web UI (for custom_feeds)
- Implement add/remove/update functions for array-of-objects widgets
- Support file-upload widgets within array items
- Update form data handling to support array JSON data fields
* Update plugins_manager.js cache-busting version
Update version parameter to force browser to load new JavaScript with array-of-objects widget support.
* Fix: Move array-of-objects detection before file-upload/checkbox checks
Move the array-of-objects widget detection to the top of the array handler so it's checked before file-upload and checkbox-group widgets. This ensures custom_feeds is properly detected as an array of objects.
* Update cache-busting version for array-of-objects fix
* Remove duplicate array-of-objects check
* Update cache version again
* Add array-of-objects widget support to server-side template
Add detection and rendering for array-of-objects in the Jinja2 template (plugin_config.html).
This enables the custom_feeds widget to display properly with name, URL, enabled checkbox, and logo upload fields.
The widget is detected by checking if prop.items.type == 'object' && prop.items.properties,
and is rendered before the file-upload widget check.
* Use window. prefix for array-of-objects JavaScript functions
Explicitly use window.addArrayObjectItem, window.removeArrayObjectItem, etc.
in the template to ensure the functions are accessible from inline event handlers.
Also add safety checks to prevent errors if functions aren't loaded yet.
* Fix syntax error: Missing indentation for html += in array else block
The html += statement was outside the else block, causing a syntax error.
Fixed by properly indenting it inside the else block.
* Update cache version for syntax fix
* Add debug logging to diagnose addArrayObjectItem availability
* Fix: Wrap array-of-objects functions in window check and move outside IIFE
Ensure functions are available globally by wrapping them in a window check
and ensuring they're defined outside any IIFE scope. Also fix internal
function calls to use window.updateArrayObjectData for consistency.
* Update cache version for array-of-objects fix
* Move array-of-objects functions outside IIFE to make them globally available
The functions were inside the IIFE scope, making them inaccessible from
inline event handlers. Moving them outside the IIFE ensures they're
available on window when the script loads.
* Update cache version for IIFE fix
* Fix: Add array-of-objects functions after IIFE ends
The functions were removed from inside the IIFE but never added after it.
Also removed orphaned code that was causing syntax errors.
* Update cache version for array-of-objects fix
* Fix: Remove all orphaned code and properly add array-of-objects functions after IIFE
* Add array-of-objects functions after IIFE ends
These functions must be outside the IIFE to be accessible from inline
event handlers in the server-rendered template.
* Update cache version for syntax fix
* Fix syntax error: Add missing closing brace for else block
* Update cache version for syntax fix
* Replace complex array-of-objects widget with simple table interface
- Replace nested array-of-objects widget with clean table interface
- Table shows: Name, URL, Logo (with upload), Enabled checkbox, Delete button
- Fix file-upload widget detection order to prevent breaking static-image plugin
- Add simple JavaScript functions for add/remove rows and logo upload
- Much more intuitive and easier to use
* Add simple table interface for custom feeds
- Replace complex array-of-objects widget with clean table
- Table columns: Name, URL, Logo (upload), Enabled checkbox, Delete
- Use dot notation for form field names (feeds.custom_feeds.0.name)
- Add JavaScript functions for add/remove rows and logo upload
- Fix file-upload detection order to prevent breaking static-image plugin
* Fix custom feeds table issues
- Fix JavaScript error in removeCustomFeedRow (get tbody before removing row)
- Improve array conversion logic to handle nested paths like feeds.custom_feeds
- Add better error handling and debug logging for array conversion
- Ensure dicts with numeric keys are properly converted to arrays before validation
* Add fallback fix for feeds.custom_feeds dict-to-array conversion
- Add explicit fallback conversion for feeds.custom_feeds if fix_array_structures misses it
- This ensures the dict with numeric keys is converted to an array before validation
- Logo field is already optional in schema (not in required array)
* feat(web): Add checkbox-group widget support for plugin config arrays
Add server-side rendering support for checkbox-group widget in plugin
configuration forms. This allows plugins to use checkboxes for multi-select
array fields instead of comma-separated text inputs.
The implementation:
- Checks for x-widget: 'checkbox-group' in schema
- Renders checkboxes for each enum item in items.enum
- Supports custom labels via x-options.labels
- Works with any plugin that follows the pattern
Already used by:
- ledmatrix-news plugin (enabled_feeds)
- odds-ticker plugin (enabled_leagues)
* feat(install): Add one-shot installation script
- Create comprehensive one-shot installer with robust error handling
- Includes network checks, disk space validation, and retry logic
- Handles existing installations gracefully (idempotent)
- Updates README with quick install command prominently featured
- Manual installation instructions moved to collapsible section
The script provides explicit error messages and never fails silently.
All prerequisites are validated before starting installation.
* fix: Remove accidental plugins/7-segment-clock submodule entry
Remove uninitialized submodule 'plugins/7-segment-clock' that was
accidentally included. This submodule is not related to the one-shot
installer feature and should not be part of this PR.
- Remove submodule entry from .gitmodules
- Remove submodule from git index
- Clean up submodule configuration
* fix(array-objects): Fix schema lookup, reindexing, and disable file upload
Address PR review feedback for array-of-objects helpers:
1. Schema resolution: Use getSchemaProperty() instead of manual traversal
- Fixes nested array-of-objects schema lookup (e.g., news.custom_feeds)
- Now properly descends through .properties for nested objects
2. Reindexing: Replace brittle regex with targeted patterns
- Only replace index in bracket notation [0], [1], etc. for names
- Only replace _item_<digits> pattern for IDs (not arbitrary digits)
- Use specific function parameter patterns for onclick handlers
- Prevents corruption of fieldId, pluginId, or other numeric values
3. File upload: Disable widget until properly implemented
- Hide/disable upload button with clear message
- Show existing logos if present but disable upload functionality
- Prevents silent failures when users attempt to upload files
- Added TODO comments for future implementation
Also fixes exit code handling in one-shot-install.sh to properly capture
first_time_install.sh exit status before error trap fires.
* fix(security): Fix XSS vulnerability in handleCustomFeedLogoUpload
Replace innerHTML usage with safe DOM manipulation using createElement
and setAttribute to prevent XSS when injecting uploadedFile.path and
uploadedFile.id values.
- Clear logoCell using textContent instead of innerHTML
- Create all DOM elements using document.createElement
- Set uploadedFile.path and uploadedFile.id via setAttribute (automatically escaped)
- Properly structure DOM tree by appending elements in order
- Prevents malicious HTML/script injection through file path or ID values
* fix: Update upload button onclick when reindexing custom feed rows
Fix removeCustomFeedRow to update button onclick handlers that reference
file input IDs with _logo_<index> when rows are reindexed after deletion.
Previously, after deleting a row, the upload button's onclick still referenced
the old file input ID, causing the upload functionality to fail.
Now properly updates:
- getElementById('..._logo_<num>') patterns in onclick handlers
- Other _logo_<num> patterns in button onclick strings
- Function parameter indices in onclick handlers
This ensures upload buttons continue to work correctly after row deletion.
* fix: Make custom feeds table widget-specific instead of generic fallback
Replace generic array-of-objects check with widget-specific check for
'custom-feeds' widget to prevent hardcoded schema from breaking other
plugins with different array-of-objects structures.
Changes:
- Check for x-widget == 'custom-feeds' before rendering custom feeds table
- Add schema validation to ensure required fields (name, url) exist
- Show warning message if schema doesn't match expected structure
- Fall back to generic array input for other array-of-objects schemas
- Add comments for future generic array-of-objects support
This ensures the hardcoded custom feeds table (name, url, logo, enabled)
only renders when explicitly requested via widget type, preventing
breakage for other plugins with different array-of-objects schemas.
* fix: Add image/gif to custom feed logo upload accept attribute
Update file input accept attributes for custom feed logo uploads to include
image/gif, making it consistent with the file-upload widget which also
allows GIF images.
Updated in three places:
- Template file input (plugin_config.html)
- JavaScript addCustomFeedRow function (base.html)
- Dynamic file input creation in handleCustomFeedLogoUpload (base.html)
All custom feed logo upload inputs now accept: image/png, image/jpeg,
image/bmp, image/gif
* fix: Add hidden input for enabled checkbox to ensure false is submitted
Add hidden input with value='false' before enabled checkbox in custom feeds
table to ensure an explicit false value is sent when checkbox is unchecked.
Pattern implemented:
- Hidden input: name='enabled', value='false' (always submitted)
- Checkbox: name='enabled', value='true' (only submitted when checked)
- When unchecked: only hidden input submits (false)
- When checked: both submit, checkbox value (true) overwrites hidden
Updated in two places:
- Template checkbox in plugin_config.html (existing rows)
- JavaScript addCustomFeedRow function in base.html (new rows)
Backend verification:
- Backend (api_v3.py) handles string boolean values and converts properly
- JavaScript form processing explicitly checks element.checked, independent of this pattern
- Standard form submission uses last value when multiple values share same name
* fix: Expose renderArrayObjectItem to window for addArrayObjectItem
Fix scope issue where renderArrayObjectItem is defined inside IIFE but
window.addArrayObjectItem is defined outside, causing the function check
to always fail and fallback to degraded HTML rendering.
Problem:
- renderArrayObjectItem (line 2469) is inside IIFE (lines 796-6417)
- window.addArrayObjectItem (line 6422) is outside IIFE
- Check 'typeof renderArrayObjectItem === function' at line 6454 always fails
- Fallback code lacks file upload widgets, URL input types, descriptions, styling
Solution:
- Expose renderArrayObjectItem to window object before IIFE closes
- Function maintains closure access to escapeHtml and other IIFE-scoped functions
- Newly added items now have full functionality matching initially rendered items
* fix: Reorder array type checks to match template order
Fix inconsistent rendering where JavaScript and Jinja template had opposite
ordering for array type checks, causing schemas with both x-widget: file-upload
AND items.type: object (like static-image) to render differently.
Problem:
- Template checks file-upload FIRST (to avoid breaking static-image plugin)
- JavaScript checked array-of-objects FIRST
- Server-rendered forms showed file-upload widget correctly
- JS-rendered forms incorrectly displayed array-of-objects table widget
Solution:
- Reorder JavaScript checks to match template order:
1. Check file-upload widget FIRST
2. Check checkbox-group widget
3. Check custom-feeds widget
4. Check array-of-objects as fallback
5. Regular array input (comma-separated)
This ensures consistent rendering between server-rendered and JS-rendered forms
for schemas that have both x-widget: file-upload AND items.type: object.
* fix: Handle None value for feeds config to prevent TypeError
Fix crash when plugin_config['feeds'] exists but is None, causing
TypeError when checking 'custom_feeds' in feeds_config.
Problem:
- When plugin_config['feeds'] exists but is None, dict.get('feeds', {})
returns None (not the default {}) because dict.get() only uses default
when key doesn't exist, not when value is None
- Line 3642's 'custom_feeds' in feeds_config raises TypeError because
None is not iterable
- This can crash the API endpoint if a plugin config has feeds: null
Solution:
- Change plugin_config.get('feeds', {}) to plugin_config.get('feeds') or {}
to ensure feeds_config is always a dict (never None)
- Add feeds_config check before 'in' operator for extra safety
This ensures the code gracefully handles feeds: null in plugin configuration.
* fix: Add default value for AVAILABLE_SPACE to prevent TypeError
Fix crash when df produces unexpected output that results in empty
AVAILABLE_SPACE variable, causing 'integer expression expected' error.
Problem:
- df may produce unexpected output format (different locale, unusual
filesystem name spanning lines, or non-standard df implementation)
- While '|| echo "0"' handles pipeline failures, it doesn't trigger if
awk succeeds but produces no output (empty string)
- When AVAILABLE_SPACE is empty, comparison [ "$AVAILABLE_SPACE" -lt 500 ]
fails with 'integer expression expected' error
- With set -e, this causes script to exit unexpectedly
Solution:
- Add AVAILABLE_SPACE=${AVAILABLE_SPACE:-0} before comparison to ensure
variable always has a numeric value (defaults to 0 if empty)
- This gracefully handles edge cases where df/awk produces unexpected output
* fix: Wrap debug console.log in debug flag check
Fix unconditional debug logging that outputs internal implementation
details to browser console for all users.
Problem:
- console.log('[ARRAY-OBJECTS] Functions defined on window:', ...)
executes unconditionally when page loads
- Outputs debug information about function availability to all users
- Appears to be development/debugging code inadvertently included
- Noisy console output in production
Solution:
- Wrap console.log statement in _PLUGIN_DEBUG_EARLY check to only
output when pluginDebug localStorage flag is enabled
- Matches pattern used elsewhere in the file for debug logging
- Debug info now only visible when explicitly enabled via
localStorage.setItem('pluginDebug', 'true')
* fix: Expose getSchemaProperty, disable upload widget, handle bracket notation arrays
Multiple fixes for array-of-objects and form processing:
1. Expose getSchemaProperty to window (plugins_manager.js):
- getSchemaProperty was defined inside IIFE but needed by global functions
- Added window.getSchemaProperty = getSchemaProperty before IIFE closes
- Updated window.addArrayObjectItem to use window.getSchemaProperty
- Fixes ReferenceError when dynamically adding array items
2. Disable upload widget for custom feeds (plugin_config.html):
- File input and Upload button were still active but should be disabled
- Removed onchange/onclick handlers, added disabled and aria-disabled
- Added visible disabled styling and tooltip
- Existing logos continue to display but uploads are prevented
- Matches PR objectives to disable upload until fully implemented
3. Handle bracket notation array fields (api_v3.py):
- checkbox-group uses name="field_name[]" which sends multiple values
- request.form.to_dict() collapses duplicate keys (only keeps last value)
- Added handling to detect fields ending with "[]" before to_dict()
- Use request.form.getlist() to get all values, combine as comma-separated
- Processed before existing array index field handling
- Fixes checkbox-group losing all but last selected value
* fix: Remove duplicate submit handler to prevent double POSTs
Remove document-level submit listener that conflicts with handlePluginConfigSubmit,
causing duplicate form submissions with divergent payloads.
Problem:
- handlePluginConfigSubmit correctly parses JSON from _data fields and maps to
flatConfig[baseKey] for patternProperties and array-of-objects
- Document-level listener (line 5368) builds its own config without understanding
_data convention and posts independently via savePluginConfiguration
- Every submit now sends two POSTs with divergent payloads:
- First POST: Correct structure with parsed _data fields
- Second POST: Incorrect structure with raw _data fields, missing structure
- Arrays-of-objects and patternProperties saved incorrectly in second request
Solution:
- Remove document-level submit listener for #plugin-config-form
- Rely solely on handlePluginConfigSubmit which is already attached to the form
- handlePluginConfigSubmit properly handles all form-to-config conversion including:
- _data field parsing (JSON from hidden fields)
- Type-aware conversion using schema
- Dot notation to nested object conversion
- PatternProperties and array-of-objects support
Note: savePluginConfiguration function remains for use by JSON editor saves
* fix: Use indexed names for checkbox-group to work with existing parser
Change checkbox-group widget to use indexed field names instead of bracket
notation, so the existing indexed field parser correctly handles multiple
selected values.
Problem:
- checkbox-group uses name="{{ full_key }}[]" which requires bracket
notation handling in backend
- While bracket notation handler exists, using indexed names is more robust
and leverages existing well-tested indexed field parser
- Indexed field parser already handles fields like "field_name.0",
"field_name.1" correctly
Solution:
- Template: Change name="{{ full_key }}[]" to name="{{ full_key }}.{{
loop.index0 }}"
- JavaScript: Update checkbox-group rendering to use name="."
- Backend indexed field parser (lines 3364-3388) already handles this pattern:
- Detects fields ending with numeric indices (e.g., ".0", ".1")
- Groups them by base_path and sorts by index
- Combines into array correctly
This ensures checkbox-group values are properly preserved when multiple
options are selected, working with the existing schema-based parsing system.
* fix: Set values from item data in fallback array-of-objects rendering
Fix fallback code path for rendering array-of-objects items to properly
set input values from existing item data, matching behavior of proper
renderArrayObjectItem function.
Problem:
- Fallback code at lines 3078-3091 and 6471-6486 creates input elements
without setting values from existing item data
- Text inputs have no value attribute set
- Checkboxes have no checked attribute computed from item properties
- Users would see empty form fields instead of existing configuration data
- Proper renderArrayObjectItem function correctly sets values (line 2556)
Solution:
- Extract propValue from item data: item[propKey] with schema default fallback
- For text inputs: Set value attribute with HTML-escaped propValue
- For checkboxes: Set checked attribute based on propValue truthiness
- Add inline HTML escaping for XSS prevention (since fallback code may
run outside IIFE scope where escapeHtml function may not be available)
This ensures fallback rendering displays existing data correctly when
window.renderArrayObjectItem is not available.
* fix: Remove extra closing brace breaking if/else chain
Remove stray closing brace at line 3127 that was breaking the if/else chain
before the 'else if (prop.enum)' branch, causing 'Unexpected token else'
syntax error.
Problem:
- Extra '}' at line 3127 closed the prop.type === 'array' block prematurely
- This broke the if/else chain, causing syntax error when parser reached
'else if (prop.enum)' at line 3128
- Structure was: } else if (array) { ... } } } else if (enum) - extra brace
Solution:
- Removed the extra closing brace at line 3127
- Structure now correctly: } else if (array) { ... } } else if (enum)
- Verified with Node.js syntax checker - no errors
* fix: Remove local logger assignments to prevent UnboundLocalError
Remove all local logger assignments inside save_plugin_config function that
were shadowing the module-level logger, causing UnboundLocalError when nested
helpers like normalize_config_values() or debug checks reference logger before
those assignments run.
Problem:
- Module-level logger exists at line 13: logger = logging.getLogger(__name__)
- Multiple local assignments inside save_plugin_config (lines 3361, 3401, 3421,
3540, 3660, 3977, 4093, 4118) make logger a local variable for entire function
- Python treats logger as local for entire function scope when any assignment
exists, causing UnboundLocalError if logger is used before assignments
- Nested helpers like normalize_config_values() or debug checks that reference
logger before local assignments would fail
Solution:
- Removed all local logger = logging.getLogger(__name__) assignments in
save_plugin_config function
- Use module-level logger directly throughout the function
- Removed redundant import logging statements that were only used for logger
- This ensures logger is always available and references the module-level logger
All logger references now use the module-level logger without shadowing.
* fix: Fix checkbox-group serialization and array-of-objects key leakage
Multiple fixes for array-of-objects and checkbox-group widgets:
1. Fix checkbox-group serialization (JS and template):
- Changed from indexed names (categories.0, categories.1) to _data pattern
- Added updateCheckboxGroupData() function to sync selected values
- Hidden input stores JSON array of selected enum values
- Checkboxes use data-checkbox-group and data-option-value attributes
- Fixes issue where config.categories became {0: true, 1: true} instead of ['nfl', 'nba']
- Now correctly serializes to array using existing _data handling logic
2. Prevent array-of-objects per-item key leakage:
- Added skip pattern in handlePluginConfigSubmit for _item_<n>_ names
- Removed name attributes from per-item inputs in renderArrayObjectItem
- Per-item inputs now rely solely on hidden _data field
- Prevents feeds_item_0_name from leaking into flatConfig
3. Add type coercion to updateArrayObjectData:
- Consults itemsSchema.properties[propKey].type for coercion
- Handles integer and number types correctly
- Preserves string values as-is
- Ensures numeric fields in array items are stored as numbers
4. Ensure currentPluginConfig is always available:
- Updated addArrayObjectItem to check window.currentPluginConfig first
- Added error logging if schema not available
- Prevents ReferenceError when global helpers need schema
This ensures checkbox-group arrays serialize correctly and array-of-objects
per-item fields don't leak extra keys into the configuration.
* fix: Make _data field matching more specific to prevent false positives
Fix overly broad condition that matched any field containing '_data',
causing false positives and inconsistent key transformation.
Problem:
- Condition 'key.endsWith('_data') || key.includes('_data')' matches any
field containing '_data' anywhere (e.g., 'meta_data_field', 'custom_data_config')
- key.replace(/_data$/, '') only removes '_data' from end, making logic inconsistent
- Fields with '_data' in middle get matched but key isn't transformed
- If their value happens to be valid JSON, it gets incorrectly parsed
Solution:
- Remove 'key.includes('_data')' clause
- Only check 'key.endsWith('_data')' to match actual _data suffix pattern
- Ensures consistent matching: only fields ending with '_data' are treated
as JSON data fields, and only those get the suffix removed
- Prevents false positives on fields like 'meta_data_field' that happen to
contain '_data' in their name
* fix: Add HTML escaping to prevent XSS in fallback code and checkbox-group
Add proper HTML escaping for schema-derived values to prevent XSS vulnerabilities
in fallback rendering code and checkbox-group widget.
Problem:
- Fallback code in generateFieldHtml (line 3094) doesn't escape propLabel
when building HTML strings, while main renderArrayObjectItem uses escapeHtml()
- Checkbox-group widget (lines 3012-3025) doesn't escape option or label values
- While risk is limited (values come from plugin schemas), malicious plugin
schemas or untrusted schema sources could inject XSS
- Inconsistent with main renderArrayObjectItem which properly escapes
Solution:
- Added escapeHtml() calls for propLabel in fallback array-of-objects rendering
(both locations: generateFieldHtml and addArrayObjectItem fallback)
- Added escapeHtml() calls for option values in checkbox-group widget:
- checkboxId (contains option)
- data-option-value attribute
- value attribute
- label text in span
- Ensures consistent XSS protection across all rendering paths
This prevents potential XSS if plugin schemas contain malicious HTML/script
content in enum values or property titles.
* fix: Recreate one-shot install script with APT permission and non-interactive fixes
Recreate one-shot install script that was deleted, with fixes for:
1. APT permission denied errors on /tmp
2. Non-interactive mode support
Fixes:
1. Fix /tmp permissions before running first_time_install.sh:
- chmod 1777 /tmp to ensure APT can write temp files
- Set TMPDIR=/tmp explicitly
- Preserve TMPDIR when using sudo -E
2. Enable non-interactive mode:
- Pass -y flag or LEDMATRIX_ASSUME_YES=1 to first_time_install.sh
- Prevents read prompt failure at line 242 when run via curl | bash
3. Better error handling:
- Temporarily disable errexit to capture exit code
- Re-enable errexit after capturing
- Added fix_tmp_permissions() function
This resolves the 'Permission denied' errors for APT temp files and the
interactive prompt failure when running via pipe.
* fix: Pass both -y flag and env var to first_time_install.sh for non-interactive mode
Ensure first_time_install.sh runs in non-interactive mode by passing both:
1. The -y command-line flag
2. The LEDMATRIX_ASSUME_YES=1 environment variable
This is necessary because first_time_install.sh re-executes itself with sudo
if not running as root (line 131), and we need to ensure the non-interactive
flag is preserved through the re-execution.
Also added debug_install.sh diagnostic script to help troubleshoot
installation failures on the Pi.
* fix: Improve /tmp permission handling and non-interactive mode detection
Improve handling of /tmp permissions and non-interactive mode:
1. /tmp permissions fix:
- Check current permissions before attempting to fix
- Display warning when fixing incorrect permissions (2775 -> 1777)
- Verify /tmp has permissions 1777 (sticky bit + world writable)
2. Non-interactive mode detection:
- Redirect stdin from /dev/null when running via sudo to prevent
read commands from hanging when stdin is not a TTY
- Add better error message in first_time_install.sh when non-interactive
mode is detected but ASSUME_YES is not set
- Check if stdin is a TTY before attempting interactive read
This fixes the issues identified in diagnostic output:
- /tmp permissions 2775 causing APT write failures
- read -p failing when stdin is not a TTY (curl | bash)
Fixes installation failures when running one-shot install via curl | bash.
* refactor: Simplify /tmp permission handling - only fix if actually wrong
Simplify /tmp permission handling:
- Only check and fix /tmp permissions if they're actually incorrect (not preemptively)
- Remove redundant fix_tmp_permissions() call from prerequisites check
- Keep the fix inline where first_time_install.sh is executed
- When running manually, /tmp usually has correct permissions (1777) so no fix needed
This makes the script less aggressive and avoids unnecessary permission changes
when running manually, while still fixing the issue in automated scenarios.
* fix: Remove user confirmation prompts in install_wifi_monitor.sh for non-interactive mode
Make install_wifi_monitor.sh respect non-interactive mode:
1. Package installation prompt (line 48):
- Check for ASSUME_YES or LEDMATRIX_ASSUME_YES environment variable
- If set, automatically install required packages without prompting
- If stdin is not a TTY (non-interactive), also auto-install packages
- Only prompt user in true interactive mode (TTY available)
2. Continue installation prompt (line 145):
- Already checks for ASSUME_YES, but now also checks LEDMATRIX_ASSUME_YES
- Skip prompt if stdin is not a TTY
- Proceed automatically in non-interactive mode
This fixes installation failures at step 8.5 when running via one-shot
installer or with -y flag, as the script was hanging on user prompts.
* fix: Explicitly pass ASSUME_YES to install_wifi_monitor.sh and simplify package installation
Fix WiFi monitor installation failing at step 8.5:
1. Explicitly pass ASSUME_YES environment variable when calling
install_wifi_monitor.sh from first_time_install.sh to ensure
non-interactive mode is respected
2. Simplify package installation logic in install_wifi_monitor.sh:
- Use apt directly when running as root (from first_time_install.sh)
- Use sudo when running as regular user (direct script execution)
- Always install packages automatically in non-interactive mode
- Only prompt in true interactive mode (TTY available and ASSUME_YES not set)
This ensures packages are installed automatically when running via
one-shot installer or with -y flag, preventing installation failures
at step 8.5.
* refactor: Remove all prompts from install_wifi_monitor.sh - install packages automatically
Simplify WiFi monitor installation by removing all user prompts:
1. Package installation: Always install required packages automatically
- No prompt for missing packages (hostapd, dnsmasq, network-manager)
- Just install them if missing
2. Network connection warning: Remove prompt to continue
- Just display informational message and proceed
- WiFi monitor will handle AP mode automatically if no network
3. Remove ASSUME_YES environment variable passing from first_time_install.sh
- No longer needed since script has no prompts
This makes the installation completely non-interactive and simpler,
preventing any hangs or failures at step 8.5.
* fix: Address multiple issues in debug script, array rendering, and custom feeds
1. debug_install.sh: Make log path dynamic instead of hardcoded
- Compute project root from script location
- Use dynamic LOG_DIR instead of hardcoded /home/ledpi/LEDMatrix/logs/
- Works from any clone location and user
2. plugins_manager.js renderArrayObjectItem: Fix XSS and metadata issues
- HTML-escape logoValue.path in img src attribute (XSS prevention)
- Add data-file-data attribute to preserve file metadata for serialization
- Add data-prop-key attribute for proper property tracking
- Use schema-driven remove button label (x-removeLabel) with fallback to 'Remove item'
3. base.html addCustomFeedRow: Fix duplicate enabled field and hardcoded pluginId
- Remove duplicate hidden input for enabled field (checkbox alone is sufficient)
- Add pluginId parameter to function signature
- Pass pluginId to handleCustomFeedLogoUpload instead of hardcoded 'ledmatrix-news'
- Update caller in plugin_config.html to pass plugin_id
These fixes improve security (XSS prevention), functionality (metadata
preservation), and maintainability (no hardcoded values).
* fix: Make install_wifi_monitor.sh more resilient to failures
Make install_wifi_monitor.sh handle errors more gracefully:
1. Remove unnecessary sudo when running as root:
- Check EUID before using sudo for systemctl commands
- Use systemctl directly when running as root
- Use sudo only when running as regular user
2. Add error handling for package installation:
- Continue even if apt update fails (just warn)
- Continue even if apt install fails (warn and provide manual install command)
- Allow installation to continue even if packages fail
3. Make service operations more resilient:
- Remove sudo when running as root
- Allow service start to fail without exiting script
- Print warning if service fails to start
- Service will still be enabled and may start on reboot
Note: Script still uses 'set -e' but errors in critical paths are handled
with || operators to prevent exit. This prevents the script from exiting
with code 1 when called from first_time_install.sh, allowing the
installation to continue even if some WiFi-related operations fail.
* fix: Make WiFi monitor installation failure non-fatal in first_time_install.sh
Make the WiFi monitor service installation optional/non-fatal:
1. Capture exit code from install_wifi_monitor.sh but don't fail installation
2. Continue installation even if WiFi monitor installation fails
3. Provide clear messages about the failure but allow installation to proceed
4. Check for service file creation and provide helpful messages
WiFi monitor is optional functionality - the main LED Matrix installation
should succeed even if WiFi monitor setup fails (e.g., package installation
issues, service start failures, etc.). Users can install it later if needed.
This prevents the entire installation from failing at step 8.5 due to
WiFi monitor installation issues.
* fix: Use JSON encoding for bracket-notation arrays and add sentinel for clearing
Fix bracket-notation array handling to prevent data loss:
1. Use JSON encoding instead of comma-join (lines 3358-3359):
- Comma-join breaks if option values contain commas
- Switch to json.dumps() to encode array values as JSON strings
- _parse_form_value_with_schema() already handles JSON arrays correctly
- Preserves values with commas, special characters, etc.
2. Add sentinel hidden input for clearing arrays:
- Add hidden input with name="field[]" value="" in checkbox-group template
- Ensures field is always submitted, even when all checkboxes unchecked
- Backend filters out sentinel empty strings to detect empty array
- Allows users to clear array to [] by unchecking all options
3. Update backend to handle sentinel:
- Filter out sentinel empty strings from bracket notation values
- Empty array (all unchecked) is represented as "[]" JSON string
- Properly handles both sentinel-only (empty array) and sentinel+values cases
This fixes data loss when:
- Option values contain commas (comma-join corruption)
- All checkboxes are unchecked (field omitted from form, can't clear to [])
* fix: Harden upload flow - HTTP status check, path normalization, property assignment
Fix three security and reliability issues in upload flow:
1. Check HTTP status before calling response.json():
- Prevents JSON parsing errors on non-2xx responses
- Properly handles error responses with status codes
- Returns error text if available for better debugging
- Prevents masking of HTTP errors
2. Normalize uploadedFile.path before using in img src:
- Remove leading slashes with replace(/^\/+/, '')
- Add single leading slash for image src
- Prevents //host/odd paths that could cause security issues
- Ensures consistent path format
3. Replace string-based handlers with property assignment:
- Replace setAttribute('onchange', ...) with addEventListener('change', ...)
- Replace setAttribute('onclick', ...) with addEventListener('click', ...)
- Refactor addCustomFeedRow to use DOM manipulation instead of innerHTML
- Prevents injection vulnerabilities from string interpolation
- Uses property assignment (img.src, input.name, input.value) instead of setAttribute where appropriate
These changes improve security by eliminating XSS injection surfaces
and improve reliability by properly handling HTTP errors and path formats.
* fix: Add bracket notation to checkbox-group input names
The backend expects checkbox groups to submit with bracket notation
(request.form.getlist("<field>[]")), but the templates were rendering
checkboxes without the "[]" suffix in the name attribute.
Changes:
1. Add name="{{ full_key }}[]" to checkbox inputs in plugin_config.html
2. Add name="${fullKey}[]" to checkbox inputs in plugins_manager.js
This ensures:
- Checked checkboxes submit their values with the bracket notation
- Backend can use request.form.getlist("<field>[]") to collect all values
- Sentinel hidden input (already using bracket notation) works correctly
- Backend bracket_array_fields logic receives and processes the array values
The sentinel hidden input ensures the field is always submitted (even
when all checkboxes are unchecked), allowing the backend to detect and
set empty arrays correctly.
* fix: Swap order of enabled checkbox and hidden input in custom-feeds
The hidden input with value="false" was rendered before the checkbox,
causing request.form.to_dict() to use the hidden input's value instead
of the checkbox's "true" value when checked.
Fix by rendering the checkbox first, then the hidden fallback input.
This ensures that when the checkbox is checked, its "true" value
overwrites the hidden input's "false" value in request.form.to_dict().
The hidden input still serves as a fallback to ensure "false" is
submitted when the checkbox is unchecked (since unchecked checkboxes
don't submit a value).
* fix: Enable upload buttons for existing custom feed rows in template
The template was rendering disabled upload buttons for existing custom
feed rows with the message "Logo upload for custom feeds is not yet
implemented", while the JavaScript addCustomFeedRow function creates
working upload buttons for newly added rows. This created confusing UX
where users saw disabled buttons on existing feeds but working buttons
on newly added feeds.
Since handleCustomFeedLogoUpload is fully implemented and functional,
enable the upload buttons in the template to match the JavaScript
behavior:
1. Remove disabled and aria-disabled attributes from file input
2. Remove disabled, aria-disabled, misleading title, and update button
styling to match working buttons (remove cursor-not-allowed and
opacity-50, add hover:bg-gray-300)
3. Add onchange handler to file input calling handleCustomFeedLogoUpload
4. Add onclick handler to button to trigger file input click
This ensures consistent UX across existing and newly added custom feed
rows, with all upload buttons functional.
* fix: Expose escapeHtml to window object for use by global functions
The escapeHtml function is defined inside the IIFE (at line 5445) but is
called at line 6508 from within window.addArrayObjectItem, which is
defined outside the IIFE (starting at line 6465). Since escapeHtml is
not exposed to the window object (unlike renderArrayObjectItem and
getSchemaProperty which are exposed at lines 6457-6458), the fallback
code path throws a ReferenceError: escapeHtml is not defined when
window.renderArrayObjectItem is unavailable.
Fix by exposing escapeHtml to the window object alongside
renderArrayObjectItem and getSchemaProperty, ensuring the fallback code
in window.addArrayObjectItem can safely call escapeHtml when the primary
rendering function fails to load.
This prevents users from being unable to add new items to array-of-objects
fields when the primary rendering function is unavailable.
* fix: Escape single quotes in checkbox-group JSON value attribute
The hidden input for checkbox-group uses a single-quoted value attribute
with {{ array_value|tojson|safe }}, but the tojson filter doesn't escape
single quotes for HTML attributes. While JSON uses double quotes for
strings, if array_value contains strings with single quotes (like
"Tom's Choice"), the resulting HTML value='["Tom's Choice"]' could
have parsing issues in some browsers when the single quote appears inside
the JSON string content.
The JavaScript equivalent at line 3037 correctly escapes single quotes
with .replace(/'/g, "'"), but the Jinja2 template lacked this
escaping.
Fix by applying the replace filter to escape single quotes:
{{ (array_value|tojson|safe)|replace("'", "'") }}
This ensures consistent behavior between server-side template rendering
and client-side JavaScript rendering, and prevents potential HTML attribute
parsing issues.
* fix: Move hidden input before checkbox for enabled field in custom-feeds
The hidden input and checkbox share the same name, causing duplicate form
values. When request.form.to_dict() processes multiple fields with the same
name, it uses the LAST value.
The previous fix (a315693b) had the checkbox first and hidden input second,
which meant the hidden input's "false" value would override the checkbox's
"true" value when checked.
Fix by moving the hidden input BEFORE the checkbox, so:
- When checkbox is checked: checkbox value ("true") overrides hidden ("false")
- When checkbox is unchecked: hidden input value ("false") is used (checkbox
doesn't submit a value)
This ensures the correct boolean value is submitted in both cases.
* fix: Use dataset-driven indices for custom feed row reindexing
After removeCustomFeedRow() reindexes data-index/id/name, the existing
file-input change handlers still used stale closure indices, causing
querySelector to fail and preventing logo uploads from working.
Fix by using dataset-driven indices instead of closure-captured values:
1. In addCustomFeedRow:
- Store index in fileInput.dataset.index
- Read index from e.target.dataset.index in event handler
- Use fileInput.click() directly instead of getElementById
2. In removeCustomFeedRow:
- Update dataset.index for all inputs during reindexing
- Remove onclick/onchange attribute rewriting (handlers use addEventListener)
- Simplify ID updating to handle both _logo_<n> and _logo_preview_<n>
3. In handleCustomFeedLogoUpload:
- Store index in fileInput.dataset.index
- Read index from e.target.dataset.index in event handler
- Use fileInput.click() directly
- Set pathInput.value to imageSrc (normalized path)
- Reset event.target.value to allow re-uploading the same file
This ensures event handlers always use the current index from the DOM,
preventing stale closure issues after row removal and reindexing.
* fix: Reset file input value to allow re-uploading same file
Add event.target.value = '' after successful upload to allow re-uploading
the same file (change event won't fire otherwise if the same file is
selected again).
* fix: Add proper attribute escaping for renderArrayObjectItem
The renderArrayObjectItem function was vulnerable because escapeHtml does
not properly escape attribute contexts (quotes). This could lead to XSS
if user-provided data contains quotes or other special characters in
attribute values.
Changes:
1. Create escapeAttribute function for proper attribute escaping
- Escapes quotes, ampersands, and other special characters
- Handles null/undefined values safely
2. Update renderArrayObjectItem to use escapeAttribute for all attribute values:
- id attributes (itemId, propKey)
- data-* attributes (data-prop-key, data-file-data)
- value attributes (input values)
- placeholder attributes
- title attributes
- src attributes (img src)
- onclick/onchange handler parameters (fieldId)
3. Safely encode JSON in data-file-data attribute:
- Use base64 encoding (btoa) instead of manual quote escaping
- Decode with atob when reading the attribute
- This safely handles all characters including quotes, newlines, etc.
4. Remove hardcoded 'ledmatrix-news' pluginId fallback:
- Change fallback from 'ledmatrix-news' to null
- Prevents surprising defaults when uploads are enabled later
- Requires explicit pluginId configuration
This ensures all attribute values are properly escaped and prevents
XSS vulnerabilities from unescaped quotes or special characters.
* fix: Expose escapeAttribute to window object
The escapeAttribute function was not exposed to the window object, which
could cause issues if other code needs to use it. Expose it alongside
escapeHtml for consistency.
---------
Co-authored-by: Chuck <chuck@example.com>
1560 lines
63 KiB
Bash
1560 lines
63 KiB
Bash
#!/bin/bash
|
|
|
|
# LED Matrix First-Time Installation Script
|
|
# This script handles the complete setup for a new LED Matrix installation
|
|
|
|
set -Eeuo pipefail
|
|
|
|
# Global state for nicer error messages
|
|
CURRENT_STEP="initialization"
|
|
|
|
# Error handler for friendlier failures
|
|
on_error() {
|
|
local exit_code=$?
|
|
local line_no=${1:-unknown}
|
|
echo "✗ An error occurred during: $CURRENT_STEP (line $line_no, exit $exit_code)" >&2
|
|
if [ -n "${LOG_FILE:-}" ]; then
|
|
echo "See the log for details: $LOG_FILE" >&2
|
|
echo "-- Last 50 lines from log --" >&2
|
|
tail -n 50 "$LOG_FILE" >&2 || true
|
|
fi
|
|
echo "\nCommon fixes:" >&2
|
|
echo "- Ensure the Pi is online (try: ping -c1 8.8.8.8)." >&2
|
|
echo "- If you saw an APT lock error: wait a minute, close other installers, then run: sudo dpkg --configure -a" >&2
|
|
echo "- Re-run this script. It is safe to run multiple times." >&2
|
|
exit "$exit_code"
|
|
}
|
|
trap 'on_error $LINENO' ERR
|
|
|
|
echo "=========================================="
|
|
echo "LED Matrix First-Time Installation Script"
|
|
echo "=========================================="
|
|
echo ""
|
|
|
|
# Show device model if available (helps users confirm they're on a Raspberry Pi)
|
|
if [ -r /proc/device-tree/model ]; then
|
|
DEVICE_MODEL=$(tr -d '\0' </proc/device-tree/model)
|
|
echo "Detected device: $DEVICE_MODEL"
|
|
else
|
|
echo "⚠ Could not detect Raspberry Pi model (continuing anyway)"
|
|
fi
|
|
|
|
# Check OS version - must be Raspberry Pi OS Lite (Trixie)
|
|
echo ""
|
|
echo "Checking operating system requirements..."
|
|
echo "----------------------------------------"
|
|
OS_CHECK_FAILED=0
|
|
|
|
if [ -f /etc/os-release ]; then
|
|
. /etc/os-release
|
|
echo "Detected OS: $PRETTY_NAME"
|
|
echo "Version ID: ${VERSION_ID:-unknown}"
|
|
|
|
# Check if it's Raspberry Pi OS or Debian
|
|
if [[ "$ID" != "raspbian" ]] && [[ "$ID" != "debian" ]]; then
|
|
echo "✗ ERROR: This script requires Raspberry Pi OS (raspbian/debian)"
|
|
echo " Detected OS ID: $ID"
|
|
OS_CHECK_FAILED=1
|
|
fi
|
|
|
|
# Check if it's Debian 13 (Trixie)
|
|
if [ "${VERSION_ID:-0}" != "13" ]; then
|
|
echo "✗ ERROR: This script requires Raspberry Pi OS Lite (Trixie) - Debian 13"
|
|
echo " Detected version: ${VERSION_ID:-unknown}"
|
|
echo " Please upgrade to Raspberry Pi OS Lite (Trixie) before continuing"
|
|
OS_CHECK_FAILED=1
|
|
else
|
|
echo "✓ Debian 13 (Trixie) detected"
|
|
fi
|
|
|
|
# Check if it's the Lite version (no desktop environment)
|
|
# Check for desktop packages or desktop services
|
|
DESKTOP_DETECTED=0
|
|
if dpkg -l | grep -qE "^ii.*raspberrypi-ui-mods|^ii.*lxde|^ii.*xfce|^ii.*gnome|^ii.*kde"; then
|
|
DESKTOP_DETECTED=1
|
|
fi
|
|
if systemctl list-units --type=service --state=running 2>/dev/null | grep -qE "lightdm|gdm3|sddm|lxdm"; then
|
|
DESKTOP_DETECTED=1
|
|
fi
|
|
if [ -d /usr/share/raspberrypi-ui-mods ] || [ -d /usr/share/xsessions ]; then
|
|
DESKTOP_DETECTED=1
|
|
fi
|
|
|
|
if [ "$DESKTOP_DETECTED" -eq 1 ]; then
|
|
echo "✗ ERROR: Desktop environment detected - this script requires Raspberry Pi OS Lite"
|
|
echo " Please use Raspberry Pi OS Lite (not the full desktop version)"
|
|
OS_CHECK_FAILED=1
|
|
else
|
|
echo "✓ Lite version confirmed (no desktop environment)"
|
|
fi
|
|
else
|
|
echo "✗ ERROR: Could not detect OS version (/etc/os-release not found)"
|
|
OS_CHECK_FAILED=1
|
|
fi
|
|
|
|
if [ "$OS_CHECK_FAILED" -eq 1 ]; then
|
|
echo ""
|
|
echo "Installation cannot continue. Please install Raspberry Pi OS Lite (Trixie) and try again."
|
|
echo ""
|
|
echo "To install Raspberry Pi OS Lite (Trixie):"
|
|
echo " 1. Download from: https://www.raspberrypi.com/software/operating-systems/"
|
|
echo " 2. Select 'Raspberry Pi OS Lite (64-bit)' with Debian 13 (Trixie)"
|
|
echo " 3. Flash to SD card using Raspberry Pi Imager"
|
|
echo " 4. Boot and run this script again"
|
|
exit 1
|
|
fi
|
|
|
|
echo "✓ OS requirements met"
|
|
echo ""
|
|
|
|
# Get the actual user who invoked sudo (set after we ensure sudo below)
|
|
if [ -n "${SUDO_USER:-}" ]; then
|
|
ACTUAL_USER="$SUDO_USER"
|
|
else
|
|
ACTUAL_USER=$(whoami)
|
|
fi
|
|
|
|
# Get the home directory of the actual user
|
|
USER_HOME=$(eval echo ~$ACTUAL_USER)
|
|
|
|
# Determine the Project Root Directory (where this script is located)
|
|
PROJECT_ROOT_DIR=$(cd "$(dirname "$0")" && pwd)
|
|
|
|
echo "Detected user: $ACTUAL_USER"
|
|
echo "User home directory: $USER_HOME"
|
|
echo "Project directory: $PROJECT_ROOT_DIR"
|
|
echo ""
|
|
|
|
# Check if running as root; if not, try to elevate automatically for novices
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "This script needs administrator privileges. Attempting to re-run with sudo..."
|
|
exec sudo -E env LEDMATRIX_ELEVATED=1 bash "$0" "$@"
|
|
fi
|
|
echo "✓ Running as root (required for installation)"
|
|
|
|
# Initialize logging
|
|
LOG_DIR="$PROJECT_ROOT_DIR/logs"
|
|
mkdir -p "$LOG_DIR"
|
|
LOG_FILE="$LOG_DIR/first_time_install_$(date +%Y%m%d_%H%M%S).log"
|
|
exec > >(tee -a "$LOG_FILE") 2>&1
|
|
echo "Logging to: $LOG_FILE"
|
|
|
|
# Args and options (novice-friendly defaults)
|
|
ASSUME_YES=${LEDMATRIX_ASSUME_YES:-0}
|
|
SKIP_SOUND=${LEDMATRIX_SKIP_SOUND:-0}
|
|
SKIP_PERF=${LEDMATRIX_SKIP_PERF:-0}
|
|
SKIP_REBOOT_PROMPT=${LEDMATRIX_SKIP_REBOOT_PROMPT:-0}
|
|
|
|
usage() {
|
|
cat <<USAGE
|
|
Usage: sudo ./first_time_install.sh [options]
|
|
|
|
Options:
|
|
-y, --yes Proceed without interactive confirmations
|
|
--force-rebuild Force rebuild of rpi-rgb-led-matrix even if present
|
|
--skip-sound Skip sound module configuration
|
|
--skip-perf Skip performance tweaks (isolcpus/audio)
|
|
--no-reboot-prompt Do not prompt for reboot at the end
|
|
-h, --help Show this help message and exit
|
|
|
|
Environment variables (same effect as flags):
|
|
LEDMATRIX_ASSUME_YES=1, RPI_RGB_FORCE_REBUILD=1, LEDMATRIX_SKIP_SOUND=1,
|
|
LEDMATRIX_SKIP_PERF=1, LEDMATRIX_SKIP_REBOOT_PROMPT=1
|
|
USAGE
|
|
}
|
|
|
|
while [ $# -gt 0 ]; do
|
|
case "$1" in
|
|
-y|--yes) ASSUME_YES=1 ;;
|
|
--force-rebuild) RPI_RGB_FORCE_REBUILD=1 ;;
|
|
--skip-sound) SKIP_SOUND=1 ;;
|
|
--skip-perf) SKIP_PERF=1 ;;
|
|
--no-reboot-prompt) SKIP_REBOOT_PROMPT=1 ;;
|
|
-h|--help) usage; exit 0 ;;
|
|
*) echo "Unknown option: $1"; usage; exit 1 ;;
|
|
esac
|
|
shift
|
|
done
|
|
|
|
# Helpers
|
|
retry() {
|
|
local attempt=1
|
|
local max_attempts=3
|
|
local delay_seconds=5
|
|
while true; do
|
|
"$@" && return 0
|
|
local status=$?
|
|
if [ $attempt -ge $max_attempts ]; then
|
|
echo "✗ Command failed after $attempt attempts: $*"
|
|
return $status
|
|
fi
|
|
echo "⚠ Command failed (attempt $attempt/$max_attempts). Retrying in ${delay_seconds}s: $*"
|
|
attempt=$((attempt+1))
|
|
sleep "$delay_seconds"
|
|
done
|
|
}
|
|
|
|
apt_update() { retry apt update; }
|
|
apt_install() { retry apt install -y "$@"; }
|
|
apt_remove() { apt-get remove -y "$@" || true; }
|
|
|
|
check_network() {
|
|
if command -v ping >/dev/null 2>&1; then
|
|
if ping -c 1 -W 3 8.8.8.8 >/dev/null 2>&1; then
|
|
return 0
|
|
fi
|
|
fi
|
|
if command -v curl >/dev/null 2>&1; then
|
|
if curl -Is --max-time 5 http://deb.debian.org >/dev/null 2>&1; then
|
|
return 0
|
|
fi
|
|
fi
|
|
echo "✗ No internet connectivity detected."
|
|
echo "Please connect your Raspberry Pi to the internet and re-run this script."
|
|
exit 1
|
|
}
|
|
|
|
echo ""
|
|
echo "This script will perform the following steps:"
|
|
echo "1. Install system dependencies"
|
|
echo "2. Fix cache permissions"
|
|
echo "3. Fix assets directory permissions"
|
|
echo "3.1. Fix plugin directory permissions"
|
|
echo "4. Install main LED Matrix service"
|
|
echo "5. Install Python project dependencies (requirements.txt)"
|
|
echo "6. Build and install rpi-rgb-led-matrix and test import"
|
|
echo "7. Install web interface dependencies"
|
|
echo "8. Install web interface service"
|
|
echo "8.5. Install WiFi monitor service"
|
|
echo "9. Configure web interface permissions"
|
|
echo "10. Configure passwordless sudo access"
|
|
echo "10.1. Configure WiFi management permissions"
|
|
echo "11. Set up proper file ownership"
|
|
echo "12. Configure sound module to avoid conflicts"
|
|
echo "13. Apply performance optimizations"
|
|
echo "14. Test the installation"
|
|
echo ""
|
|
|
|
# Ask for confirmation
|
|
if [ "$ASSUME_YES" = "1" ]; then
|
|
echo "Non-interactive mode: proceeding with installation."
|
|
else
|
|
# Check if stdin is available (not running via pipe/curl)
|
|
if [ -t 0 ]; then
|
|
read -p "Do you want to proceed with the installation? (y/N): " -n 1 -r
|
|
echo
|
|
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
|
|
echo "Installation cancelled."
|
|
exit 0
|
|
fi
|
|
else
|
|
# Non-interactive mode but ASSUME_YES not set - exit with error
|
|
echo "✗ Non-interactive mode detected but ASSUME_YES not set." >&2
|
|
echo " Please run with -y flag or set LEDMATRIX_ASSUME_YES=1" >&2
|
|
echo " Example: sudo ./first_time_install.sh -y" >&2
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
echo ""
|
|
CLEAR='
|
|
'
|
|
CURRENT_STEP="Install system dependencies"
|
|
echo "Step 1: Installing system dependencies..."
|
|
echo "----------------------------------------"
|
|
|
|
# Ensure network is available before APT operations
|
|
check_network
|
|
|
|
# Update package list
|
|
apt_update
|
|
|
|
# Install required system packages
|
|
echo "Installing Python packages and dependencies..."
|
|
apt_install python3-pip python3-venv python3-dev python3-pil python3-pil.imagetk python3-pillow build-essential python3-setuptools python3-wheel cython3 scons cmake ninja-build
|
|
|
|
# Install additional system dependencies that might be needed
|
|
echo "Installing additional system dependencies..."
|
|
apt_install git curl wget unzip
|
|
|
|
echo "✓ System dependencies installed"
|
|
echo ""
|
|
|
|
CURRENT_STEP="Fix cache permissions"
|
|
echo "Step 2: Fixing cache permissions..."
|
|
echo "----------------------------------"
|
|
|
|
# Run the cache setup script (uses proper group permissions)
|
|
if [ -f "$PROJECT_ROOT_DIR/scripts/install/setup_cache.sh" ]; then
|
|
echo "Running cache setup script (proper group permissions)..."
|
|
bash "$PROJECT_ROOT_DIR/scripts/install/setup_cache.sh"
|
|
echo "✓ Cache permissions fixed with proper group setup"
|
|
elif [ -f "$PROJECT_ROOT_DIR/scripts/fix_perms/fix_cache_permissions.sh" ]; then
|
|
echo "Running cache permissions fix (legacy script)..."
|
|
bash "$PROJECT_ROOT_DIR/scripts/fix_perms/fix_cache_permissions.sh"
|
|
echo "✓ Cache permissions fixed"
|
|
else
|
|
echo "⚠ Cache setup scripts not found, setting up cache directory manually..."
|
|
# Create ledmatrix group if it doesn't exist
|
|
if ! getent group ledmatrix > /dev/null 2>&1; then
|
|
groupadd ledmatrix
|
|
echo "Created ledmatrix group"
|
|
fi
|
|
|
|
# Add users to ledmatrix group
|
|
usermod -a -G ledmatrix "$ACTUAL_USER"
|
|
if id daemon > /dev/null 2>&1; then
|
|
usermod -a -G ledmatrix daemon
|
|
fi
|
|
|
|
# Create cache directory with proper permissions
|
|
mkdir -p /var/cache/ledmatrix
|
|
chown -R :ledmatrix /var/cache/ledmatrix
|
|
# Set directory permissions: 775 with setgid for group inheritance
|
|
find /var/cache/ledmatrix -type d -exec chmod 775 {} \;
|
|
chmod g+s /var/cache/ledmatrix
|
|
# Set file permissions: 660 for group-readable cache files
|
|
find /var/cache/ledmatrix -type f -exec chmod 660 {} \;
|
|
|
|
echo "✓ Cache directory created with proper group permissions"
|
|
echo " Note: You may need to log out and back in for group changes to take effect"
|
|
fi
|
|
echo ""
|
|
|
|
CURRENT_STEP="Fix assets directory permissions"
|
|
echo "Step 3: Fixing assets directory permissions..."
|
|
echo "--------------------------------------------"
|
|
|
|
# Run the assets permissions fix
|
|
if [ -f "$PROJECT_ROOT_DIR/scripts/fix_perms/fix_assets_permissions.sh" ]; then
|
|
echo "Running assets permissions fix..."
|
|
bash "$PROJECT_ROOT_DIR/scripts/fix_perms/fix_assets_permissions.sh"
|
|
echo "✓ Assets permissions fixed"
|
|
else
|
|
echo "⚠ Assets permissions script not found, fixing permissions manually..."
|
|
|
|
# Set ownership of the entire assets directory to the real user
|
|
echo "Setting ownership of assets directory..."
|
|
chown -R "$ACTUAL_USER:$ACTUAL_USER" "$PROJECT_ROOT_DIR/assets"
|
|
|
|
# Set permissions to allow read/write for owner, group, and others (for root service user)
|
|
# Note: 777 allows root (service user) to write, which is necessary when service runs as root
|
|
echo "Setting permissions for assets directory..."
|
|
chmod -R 777 "$PROJECT_ROOT_DIR/assets"
|
|
|
|
# Specifically ensure the sports logos directories are writable
|
|
SPORTS_DIRS=(
|
|
"sports/ncaa_logos"
|
|
"sports/nfl_logos"
|
|
"sports/nba_logos"
|
|
"sports/nhl_logos"
|
|
"sports/mlb_logos"
|
|
"sports/milb_logos"
|
|
"sports/soccer_logos"
|
|
)
|
|
|
|
echo "Ensuring sports logo directories are writable..."
|
|
for SPORTS_DIR in "${SPORTS_DIRS[@]}"; do
|
|
FULL_PATH="$PROJECT_ROOT_DIR/assets/$SPORTS_DIR"
|
|
if [ -d "$FULL_PATH" ]; then
|
|
chmod 777 "$FULL_PATH"
|
|
chown "$ACTUAL_USER:$ACTUAL_USER" "$FULL_PATH"
|
|
else
|
|
echo "Creating directory: $FULL_PATH"
|
|
mkdir -p "$FULL_PATH"
|
|
chown "$ACTUAL_USER:$ACTUAL_USER" "$FULL_PATH"
|
|
chmod 777 "$FULL_PATH"
|
|
fi
|
|
done
|
|
|
|
echo "✓ Assets permissions fixed manually"
|
|
fi
|
|
echo ""
|
|
|
|
CURRENT_STEP="Fix plugin directory permissions"
|
|
echo "Step 3.1: Fixing plugin directory permissions..."
|
|
echo "----------------------------------------------"
|
|
|
|
# Ensure home directory is traversable by root (needed for service access)
|
|
USER_HOME=$(eval echo ~$ACTUAL_USER)
|
|
if [ -d "$USER_HOME" ]; then
|
|
HOME_PERMS=$(stat -c "%a" "$USER_HOME" 2>/dev/null || echo "unknown")
|
|
if [ "$HOME_PERMS" = "700" ]; then
|
|
echo "Fixing home directory permissions (700 -> 755) so root service can access subdirectories..."
|
|
chmod 755 "$USER_HOME"
|
|
echo "✓ Home directory permissions fixed"
|
|
fi
|
|
fi
|
|
echo ""
|
|
|
|
# Run the plugin permissions fix
|
|
if [ -f "$PROJECT_ROOT_DIR/scripts/fix_perms/fix_plugin_permissions.sh" ]; then
|
|
echo "Running plugin permissions fix..."
|
|
bash "$PROJECT_ROOT_DIR/scripts/fix_perms/fix_plugin_permissions.sh"
|
|
echo "✓ Plugin permissions fixed"
|
|
else
|
|
echo "⚠ Plugin permissions script not found, fixing permissions manually..."
|
|
|
|
# Ensure plugins directory exists
|
|
if [ ! -d "$PROJECT_ROOT_DIR/plugins" ]; then
|
|
echo "Creating plugins directory..."
|
|
mkdir -p "$PROJECT_ROOT_DIR/plugins"
|
|
fi
|
|
|
|
# Determine ownership based on web service user
|
|
# Check if web service file exists and what user it runs as
|
|
WEB_SERVICE_USER="root"
|
|
if [ -f "/etc/systemd/system/ledmatrix-web.service" ]; then
|
|
# Check actual installed service file (most accurate)
|
|
WEB_SERVICE_USER=$(grep "^User=" /etc/systemd/system/ledmatrix-web.service | cut -d'=' -f2 || echo "root")
|
|
elif [ -f "$PROJECT_ROOT_DIR/scripts/install/install_web_service.sh" ]; then
|
|
# Check install_web_service.sh (used by first_time_install.sh)
|
|
if grep -q "User=root" "$PROJECT_ROOT_DIR/scripts/install/install_web_service.sh"; then
|
|
WEB_SERVICE_USER="root"
|
|
elif grep -q "User=\${ACTUAL_USER}" "$PROJECT_ROOT_DIR/scripts/install/install_web_service.sh"; then
|
|
WEB_SERVICE_USER="$ACTUAL_USER"
|
|
fi
|
|
elif [ -f "$PROJECT_ROOT_DIR/systemd/ledmatrix-web.service" ]; then
|
|
# Check template file (may have placeholder)
|
|
WEB_SERVICE_USER=$(grep "^User=" "$PROJECT_ROOT_DIR/systemd/ledmatrix-web.service" | cut -d'=' -f2 || echo "root")
|
|
# If template has placeholder, check install script
|
|
if [ "$WEB_SERVICE_USER" = "__USER__" ] || [ -z "$WEB_SERVICE_USER" ]; then
|
|
# Check install_service.sh to see what user it uses
|
|
if [ -f "$PROJECT_ROOT_DIR/scripts/install/install_service.sh" ] && grep -q "User=\${ACTUAL_USER}" "$PROJECT_ROOT_DIR/scripts/install/install_service.sh"; then
|
|
WEB_SERVICE_USER="$ACTUAL_USER"
|
|
fi
|
|
fi
|
|
elif [ -f "$PROJECT_ROOT_DIR/scripts/install/install_service.sh" ] && grep -q "User=\${ACTUAL_USER}" "$PROJECT_ROOT_DIR/scripts/install/install_service.sh"; then
|
|
# Web service will be installed by install_service.sh as ACTUAL_USER
|
|
WEB_SERVICE_USER="$ACTUAL_USER"
|
|
fi
|
|
|
|
# If web service runs as ACTUAL_USER (not root), set ownership to ACTUAL_USER
|
|
# so the web service can change permissions. Root service can still access via group (775).
|
|
# If web service runs as root, use root:ACTUAL_USER for mixed access.
|
|
if [ "$WEB_SERVICE_USER" = "$ACTUAL_USER" ] || [ "$WEB_SERVICE_USER" != "root" ]; then
|
|
echo "Web service runs as $WEB_SERVICE_USER, setting ownership to $ACTUAL_USER:$ACTUAL_USER..."
|
|
echo " (Root service can still access via group permissions)"
|
|
chown -R "$ACTUAL_USER:$ACTUAL_USER" "$PROJECT_ROOT_DIR/plugins"
|
|
else
|
|
echo "Web service runs as root, setting ownership to root:$ACTUAL_USER..."
|
|
chown -R root:"$ACTUAL_USER" "$PROJECT_ROOT_DIR/plugins"
|
|
fi
|
|
|
|
# Set directory permissions (775: rwxrwxr-x)
|
|
echo "Setting directory permissions to 775..."
|
|
find "$PROJECT_ROOT_DIR/plugins" -type d -exec chmod 775 {} \;
|
|
|
|
# Set file permissions (664: rw-rw-r--)
|
|
echo "Setting file permissions to 664..."
|
|
find "$PROJECT_ROOT_DIR/plugins" -type f -exec chmod 664 {} \;
|
|
|
|
echo "✓ Plugin permissions fixed manually"
|
|
fi
|
|
|
|
# Also ensure plugin-repos directory exists with proper permissions
|
|
# This is where plugins installed via the plugin store are stored
|
|
PLUGIN_REPOS_DIR="$PROJECT_ROOT_DIR/plugin-repos"
|
|
if [ ! -d "$PLUGIN_REPOS_DIR" ]; then
|
|
echo "Creating plugin-repos directory..."
|
|
mkdir -p "$PLUGIN_REPOS_DIR"
|
|
fi
|
|
|
|
# Determine ownership based on web service user
|
|
# Check if web service file exists and what user it runs as
|
|
WEB_SERVICE_USER="root"
|
|
if [ -f "/etc/systemd/system/ledmatrix-web.service" ]; then
|
|
# Check actual installed service file (most accurate)
|
|
WEB_SERVICE_USER=$(grep "^User=" /etc/systemd/system/ledmatrix-web.service | cut -d'=' -f2 || echo "root")
|
|
elif [ -f "$PROJECT_ROOT_DIR/scripts/install/install_web_service.sh" ]; then
|
|
# Check install_web_service.sh (used by first_time_install.sh)
|
|
if grep -q "User=root" "$PROJECT_ROOT_DIR/scripts/install/install_web_service.sh"; then
|
|
WEB_SERVICE_USER="root"
|
|
elif grep -q "User=\${ACTUAL_USER}" "$PROJECT_ROOT_DIR/scripts/install/install_web_service.sh"; then
|
|
WEB_SERVICE_USER="$ACTUAL_USER"
|
|
fi
|
|
elif [ -f "$PROJECT_ROOT_DIR/systemd/ledmatrix-web.service" ]; then
|
|
# Check template file (may have placeholder)
|
|
WEB_SERVICE_USER=$(grep "^User=" "$PROJECT_ROOT_DIR/systemd/ledmatrix-web.service" | cut -d'=' -f2 || echo "root")
|
|
# If template has placeholder, check install script
|
|
if [ "$WEB_SERVICE_USER" = "__USER__" ] || [ -z "$WEB_SERVICE_USER" ]; then
|
|
# Check install_service.sh to see what user it uses
|
|
if [ -f "$PROJECT_ROOT_DIR/scripts/install/install_service.sh" ] && grep -q "User=\${ACTUAL_USER}" "$PROJECT_ROOT_DIR/scripts/install/install_service.sh"; then
|
|
WEB_SERVICE_USER="$ACTUAL_USER"
|
|
fi
|
|
fi
|
|
elif [ -f "$PROJECT_ROOT_DIR/scripts/install/install_service.sh" ] && grep -q "User=\${ACTUAL_USER}" "$PROJECT_ROOT_DIR/scripts/install/install_service.sh"; then
|
|
# Web service will be installed by install_service.sh as ACTUAL_USER
|
|
WEB_SERVICE_USER="$ACTUAL_USER"
|
|
fi
|
|
|
|
# If web service runs as ACTUAL_USER (not root), set ownership to ACTUAL_USER
|
|
# so the web service can change permissions. Root service can still access via group (775).
|
|
# If web service runs as root, use root:ACTUAL_USER for mixed access.
|
|
if [ "$WEB_SERVICE_USER" = "$ACTUAL_USER" ] || [ "$WEB_SERVICE_USER" != "root" ]; then
|
|
echo "Web service runs as $WEB_SERVICE_USER, setting ownership to $ACTUAL_USER:$ACTUAL_USER..."
|
|
echo " (Root service can still access via group permissions)"
|
|
chown -R "$ACTUAL_USER:$ACTUAL_USER" "$PLUGIN_REPOS_DIR"
|
|
else
|
|
echo "Web service runs as root, setting ownership to root:$ACTUAL_USER..."
|
|
chown -R root:"$ACTUAL_USER" "$PLUGIN_REPOS_DIR"
|
|
fi
|
|
|
|
# Set directory permissions (775: rwxrwxr-x)
|
|
echo "Setting plugin-repos directory permissions to 2775 (sticky bit)..."
|
|
find "$PLUGIN_REPOS_DIR" -type d -exec chmod 2775 {} \;
|
|
|
|
# Set file permissions (664: rw-rw-r--)
|
|
echo "Setting plugin-repos file permissions to 664..."
|
|
find "$PLUGIN_REPOS_DIR" -type f -exec chmod 664 {} \;
|
|
|
|
echo "✓ Plugin-repos directory permissions fixed"
|
|
echo ""
|
|
|
|
CURRENT_STEP="Install main LED Matrix service"
|
|
echo "Step 4: Installing main LED Matrix service..."
|
|
echo "---------------------------------------------"
|
|
|
|
# Run the main service installation (idempotent)
|
|
# Note: install_service.sh always overwrites the service file, so it will update paths automatically
|
|
if [ -f "$PROJECT_ROOT_DIR/scripts/install/install_service.sh" ]; then
|
|
echo "Running main service installation/update..."
|
|
bash "$PROJECT_ROOT_DIR/scripts/install/install_service.sh"
|
|
echo "✓ Main LED Matrix service installed/updated"
|
|
else
|
|
echo "✗ Main service installation script not found at $PROJECT_ROOT_DIR/scripts/install/install_service.sh"
|
|
echo "Please ensure you are running this script from the project root: $PROJECT_ROOT_DIR"
|
|
exit 1
|
|
fi
|
|
|
|
# Configure Python capabilities for hardware timing
|
|
echo "Configuring Python capabilities for hardware timing..."
|
|
if [ -f "/usr/bin/python3.13" ]; then
|
|
sudo setcap 'cap_sys_nice=eip' /usr/bin/python3.13 2>/dev/null || echo "⚠ Could not set cap_sys_nice on python3.13 (may need manual setup)"
|
|
echo "✓ Python3.13 capabilities configured"
|
|
elif [ -f "/usr/bin/python3" ]; then
|
|
PYTHON_VER=$(python3 --version 2>&1 | grep -oP '(?<=Python )\d\.\d+' || echo "unknown")
|
|
if command -v setcap >/dev/null 2>&1; then
|
|
sudo setcap 'cap_sys_nice=eip' /usr/bin/python3 2>/dev/null || echo "⚠ Could not set cap_sys_nice on python3"
|
|
echo "✓ Python3 capabilities configured (version: $PYTHON_VER)"
|
|
else
|
|
echo "⚠ setcap not found, skipping capability configuration"
|
|
fi
|
|
else
|
|
echo "⚠ Python3 not found, skipping capability configuration"
|
|
fi
|
|
echo ""
|
|
|
|
CURRENT_STEP="Ensure configuration files exist"
|
|
echo "Step 4.1: Ensuring configuration files exist..."
|
|
echo "------------------------------------------------"
|
|
|
|
# Ensure config directory exists
|
|
mkdir -p "$PROJECT_ROOT_DIR/config"
|
|
chmod 2775 "$PROJECT_ROOT_DIR/config" || true
|
|
|
|
# Create ledmatrix group if it doesn't exist (needed for shared access)
|
|
LEDMATRIX_GROUP="ledmatrix"
|
|
if ! getent group "$LEDMATRIX_GROUP" > /dev/null 2>&1; then
|
|
groupadd "$LEDMATRIX_GROUP" || true
|
|
echo "Created group: $LEDMATRIX_GROUP"
|
|
fi
|
|
|
|
# Add root to ledmatrix group so service can read config files
|
|
if ! id -nG root | grep -qw "$LEDMATRIX_GROUP" 2>/dev/null; then
|
|
usermod -a -G "$LEDMATRIX_GROUP" root || true
|
|
echo "Added root to group: $LEDMATRIX_GROUP"
|
|
fi
|
|
|
|
# Set config directory ownership to user:ledmatrix group
|
|
chown "$ACTUAL_USER:$LEDMATRIX_GROUP" "$PROJECT_ROOT_DIR/config" || true
|
|
|
|
# Create config.json from template if missing
|
|
if [ ! -f "$PROJECT_ROOT_DIR/config/config.json" ]; then
|
|
if [ -f "$PROJECT_ROOT_DIR/config/config.template.json" ]; then
|
|
echo "Creating config/config.json from template..."
|
|
cp "$PROJECT_ROOT_DIR/config/config.template.json" "$PROJECT_ROOT_DIR/config/config.json"
|
|
chown "$ACTUAL_USER:$LEDMATRIX_GROUP" "$PROJECT_ROOT_DIR/config/config.json" || true
|
|
chmod 644 "$PROJECT_ROOT_DIR/config/config.json"
|
|
echo "✓ Main config file created from template"
|
|
else
|
|
echo "⚠ Template config/config.template.json not found; creating a minimal config file"
|
|
cat > "$PROJECT_ROOT_DIR/config/config.json" <<'EOF'
|
|
{
|
|
"web_display_autostart": true,
|
|
"timezone": "America/Chicago",
|
|
"display": {
|
|
"hardware": {
|
|
"rows": 32,
|
|
"cols": 64,
|
|
"chain_length": 2,
|
|
"parallel": 1,
|
|
"brightness": 95,
|
|
"hardware_mapping": "adafruit-hat-pwm"
|
|
}
|
|
},
|
|
"clock": {
|
|
"enabled": true,
|
|
"format": "%I:%M %p"
|
|
}
|
|
}
|
|
EOF
|
|
chown "$ACTUAL_USER:$LEDMATRIX_GROUP" "$PROJECT_ROOT_DIR/config/config.json" || true
|
|
chmod 644 "$PROJECT_ROOT_DIR/config/config.json"
|
|
echo "✓ Minimal config file created"
|
|
fi
|
|
else
|
|
echo "✓ Main config file already exists"
|
|
fi
|
|
|
|
# Create config_secrets.json from template if missing
|
|
if [ ! -f "$PROJECT_ROOT_DIR/config/config_secrets.json" ]; then
|
|
if [ -f "$PROJECT_ROOT_DIR/config/config_secrets.template.json" ]; then
|
|
echo "Creating config/config_secrets.json from template..."
|
|
cp "$PROJECT_ROOT_DIR/config/config_secrets.template.json" "$PROJECT_ROOT_DIR/config/config_secrets.json"
|
|
# Check if service runs as root and set ownership accordingly
|
|
SERVICE_USER="root"
|
|
if [ -f "/etc/systemd/system/ledmatrix.service" ]; then
|
|
SERVICE_USER=$(grep "^User=" /etc/systemd/system/ledmatrix.service | cut -d'=' -f2 || echo "root")
|
|
elif [ -f "$PROJECT_ROOT_DIR/systemd/ledmatrix.service" ]; then
|
|
SERVICE_USER=$(grep "^User=" "$PROJECT_ROOT_DIR/systemd/ledmatrix.service" | cut -d'=' -f2 || echo "root")
|
|
fi
|
|
|
|
if [ "$SERVICE_USER" = "root" ]; then
|
|
chown "root:$LEDMATRIX_GROUP" "$PROJECT_ROOT_DIR/config/config_secrets.json" || true
|
|
else
|
|
chown "$ACTUAL_USER:$LEDMATRIX_GROUP" "$PROJECT_ROOT_DIR/config/config_secrets.json" || true
|
|
fi
|
|
chmod 640 "$PROJECT_ROOT_DIR/config/config_secrets.json"
|
|
echo "✓ Secrets file created from template"
|
|
else
|
|
echo "⚠ Template config/config_secrets.template.json not found; creating a minimal secrets file"
|
|
cat > "$PROJECT_ROOT_DIR/config/config_secrets.json" <<'EOF'
|
|
{
|
|
"weather": {
|
|
"api_key": "YOUR_OPENWEATHERMAP_API_KEY"
|
|
}
|
|
}
|
|
EOF
|
|
# Check if service runs as root and set ownership accordingly
|
|
SERVICE_USER="root"
|
|
if [ -f "/etc/systemd/system/ledmatrix.service" ]; then
|
|
SERVICE_USER=$(grep "^User=" /etc/systemd/system/ledmatrix.service | cut -d'=' -f2 || echo "root")
|
|
elif [ -f "$PROJECT_ROOT_DIR/systemd/ledmatrix.service" ]; then
|
|
SERVICE_USER=$(grep "^User=" "$PROJECT_ROOT_DIR/systemd/ledmatrix.service" | cut -d'=' -f2 || echo "root")
|
|
fi
|
|
|
|
if [ "$SERVICE_USER" = "root" ]; then
|
|
chown "root:$LEDMATRIX_GROUP" "$PROJECT_ROOT_DIR/config/config_secrets.json" || true
|
|
else
|
|
chown "$ACTUAL_USER:$LEDMATRIX_GROUP" "$PROJECT_ROOT_DIR/config/config_secrets.json" || true
|
|
fi
|
|
chmod 640 "$PROJECT_ROOT_DIR/config/config_secrets.json"
|
|
echo "✓ Minimal secrets file created"
|
|
fi
|
|
else
|
|
echo "✓ Secrets file already exists"
|
|
fi
|
|
echo ""
|
|
|
|
CURRENT_STEP="Install project Python dependencies"
|
|
echo "Step 5: Installing Python project dependencies..."
|
|
echo "-----------------------------------------------"
|
|
|
|
# Install numpy via apt first (pre-built binary, much faster than building from source)
|
|
echo "Installing numpy via apt (pre-built binary for faster installation)..."
|
|
if ! python3 -c "import numpy" >/dev/null 2>&1; then
|
|
apt_install python3-numpy
|
|
echo "✓ numpy installed via apt"
|
|
else
|
|
NUMPY_VERSION=$(python3 -c "import numpy; print(numpy.__version__)" 2>/dev/null || echo "unknown")
|
|
echo "✓ numpy already installed (version: $NUMPY_VERSION)"
|
|
fi
|
|
echo ""
|
|
|
|
# Install main project Python dependencies
|
|
cd "$PROJECT_ROOT_DIR"
|
|
if [ -f "$PROJECT_ROOT_DIR/requirements.txt" ]; then
|
|
echo "Reading requirements from: $PROJECT_ROOT_DIR/requirements.txt"
|
|
|
|
# Check pip version and upgrade if needed
|
|
echo "Checking pip version..."
|
|
python3 -m pip --version
|
|
|
|
# Upgrade pip, setuptools, and wheel for better compatibility
|
|
echo "Upgrading pip, setuptools, and wheel..."
|
|
python3 -m pip install --break-system-packages --upgrade pip setuptools wheel || {
|
|
echo "⚠ Warning: Failed to upgrade pip/setuptools/wheel, continuing anyway..."
|
|
}
|
|
|
|
# Count total packages for progress
|
|
TOTAL_PACKAGES=$(grep -v '^#' "$PROJECT_ROOT_DIR/requirements.txt" | grep -v '^$' | wc -l)
|
|
echo "Found $TOTAL_PACKAGES package(s) to install"
|
|
echo ""
|
|
|
|
# Install packages one at a time for better diagnostics
|
|
INSTALLED=0
|
|
FAILED=0
|
|
PACKAGE_NUM=0
|
|
|
|
while IFS= read -r line || [ -n "$line" ]; do
|
|
# Remove inline comments (everything after #) but preserve comment-only lines
|
|
# First check if line starts with # (comment-only line)
|
|
if [[ "$line" =~ ^[[:space:]]*# ]]; then
|
|
continue
|
|
fi
|
|
|
|
# Remove inline comments and trim whitespace
|
|
line=$(echo "$line" | sed 's/[[:space:]]*#.*$//' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
|
|
|
|
# Skip empty lines
|
|
if [[ -z "$line" ]]; then
|
|
continue
|
|
fi
|
|
|
|
PACKAGE_NUM=$((PACKAGE_NUM + 1))
|
|
echo "[$PACKAGE_NUM/$TOTAL_PACKAGES] Installing: $line"
|
|
|
|
# Check if package is already installed (basic check - may not catch all cases)
|
|
PACKAGE_NAME=$(echo "$line" | sed -E 's/[<>=!].*$//' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
|
|
|
|
# Try installing with verbose output and timeout (if available)
|
|
# Use --no-cache-dir to avoid cache issues, --verbose for diagnostics
|
|
INSTALL_OUTPUT=$(mktemp)
|
|
INSTALL_SUCCESS=false
|
|
|
|
if command -v timeout >/dev/null 2>&1; then
|
|
# Use timeout if available (10 minutes = 600 seconds)
|
|
if timeout 600 python3 -m pip install --break-system-packages --no-cache-dir --verbose "$line" > "$INSTALL_OUTPUT" 2>&1; then
|
|
INSTALL_SUCCESS=true
|
|
else
|
|
EXIT_CODE=$?
|
|
if [ "$EXIT_CODE" -eq 124 ]; then
|
|
echo "✗ Timeout (10 minutes) installing: $line"
|
|
echo " This package may require building from source, which can be slow on Raspberry Pi."
|
|
echo " You can try installing it manually later with:"
|
|
echo " python3 -m pip install --break-system-packages --no-cache-dir --verbose '$line'"
|
|
else
|
|
echo "✗ Failed to install: $line (exit code: $EXIT_CODE)"
|
|
fi
|
|
fi
|
|
else
|
|
# No timeout command available, install without timeout
|
|
echo " Note: timeout command not available, installation may take a while..."
|
|
if python3 -m pip install --break-system-packages --no-cache-dir --verbose "$line" > "$INSTALL_OUTPUT" 2>&1; then
|
|
INSTALL_SUCCESS=true
|
|
else
|
|
EXIT_CODE=$?
|
|
echo "✗ Failed to install: $line (exit code: $EXIT_CODE)"
|
|
fi
|
|
fi
|
|
|
|
# Show relevant output (filtered for readability)
|
|
if [ -f "$INSTALL_OUTPUT" ]; then
|
|
echo " Output:"
|
|
grep -E "(Collecting|Installing|Successfully|Preparing metadata|Building|ERROR|WARNING|Using cached|Downloading)" "$INSTALL_OUTPUT" | head -15 | sed 's/^/ /' || true
|
|
# Log full output to log file
|
|
cat "$INSTALL_OUTPUT" >> "$LOG_FILE"
|
|
rm -f "$INSTALL_OUTPUT"
|
|
fi
|
|
|
|
if [ "$INSTALL_SUCCESS" = true ]; then
|
|
INSTALLED=$((INSTALLED + 1))
|
|
echo "✓ Successfully installed: $line"
|
|
else
|
|
FAILED=$((FAILED + 1))
|
|
|
|
# Ask if user wants to continue (unless in non-interactive mode)
|
|
if [ "$ASSUME_YES" != "1" ]; then
|
|
read -p " Continue with remaining packages? (Y/n): " -n 1 -r
|
|
echo
|
|
if [[ $REPLY =~ ^[Nn]$ ]]; then
|
|
echo "Installation cancelled by user"
|
|
exit 1
|
|
fi
|
|
fi
|
|
fi
|
|
echo ""
|
|
done < "$PROJECT_ROOT_DIR/requirements.txt"
|
|
|
|
echo "-----------------------------------------------"
|
|
echo "Installation summary:"
|
|
echo " Installed: $INSTALLED"
|
|
echo " Failed: $FAILED"
|
|
echo " Total: $TOTAL_PACKAGES"
|
|
echo ""
|
|
|
|
if [ "$FAILED" -gt 0 ]; then
|
|
echo "⚠ Some packages failed to install. The installation will continue, but"
|
|
echo " you may need to install them manually later. Check the log for details:"
|
|
echo " $LOG_FILE"
|
|
echo ""
|
|
echo "Common fixes for 'Preparing metadata' issues:"
|
|
echo " 1. Ensure you have enough disk space: df -h"
|
|
echo " 2. Check available memory: free -h"
|
|
echo " 3. Try installing failed packages individually with verbose output:"
|
|
echo " python3 -m pip install --break-system-packages --no-cache-dir --verbose <package>"
|
|
echo " 4. For packages that build from source (like numpy), consider:"
|
|
echo " - Installing pre-built wheels: python3 -m pip install --only-binary :all: <package>"
|
|
echo " - Or installing via apt if available: sudo apt install python3-<package>"
|
|
echo ""
|
|
fi
|
|
|
|
if [ "$INSTALLED" -gt 0 ]; then
|
|
echo "✓ Project Python dependencies installed ($INSTALLED/$TOTAL_PACKAGES successful)"
|
|
else
|
|
echo "✗ No packages were successfully installed"
|
|
echo " Check the log file for details: $LOG_FILE"
|
|
exit 1
|
|
fi
|
|
else
|
|
echo "⚠ requirements.txt not found; skipping main dependency install"
|
|
fi
|
|
echo ""
|
|
|
|
CURRENT_STEP="Build and install rpi-rgb-led-matrix"
|
|
echo "Step 6: Building and installing rpi-rgb-led-matrix..."
|
|
echo "-----------------------------------------------------"
|
|
|
|
# If already installed and not forcing rebuild, skip expensive build
|
|
if python3 -c 'from rgbmatrix import RGBMatrix, RGBMatrixOptions' >/dev/null 2>&1 && [ "${RPI_RGB_FORCE_REBUILD:-0}" != "1" ]; then
|
|
echo "rgbmatrix Python package already available; skipping build (set RPI_RGB_FORCE_REBUILD=1 to force rebuild)."
|
|
else
|
|
# Ensure rpi-rgb-led-matrix submodule is initialized
|
|
if [ ! -d "$PROJECT_ROOT_DIR/rpi-rgb-led-matrix-master" ]; then
|
|
echo "rpi-rgb-led-matrix-master not found. Initializing git submodule..."
|
|
cd "$PROJECT_ROOT_DIR"
|
|
|
|
# Try to initialize submodule if .gitmodules exists
|
|
if [ -f "$PROJECT_ROOT_DIR/.gitmodules" ] && grep -q "rpi-rgb-led-matrix" "$PROJECT_ROOT_DIR/.gitmodules"; then
|
|
echo "Initializing rpi-rgb-led-matrix submodule..."
|
|
if ! git submodule update --init --recursive rpi-rgb-led-matrix-master 2>&1; then
|
|
echo "⚠ Submodule init failed, cloning directly from GitHub..."
|
|
git clone https://github.com/hzeller/rpi-rgb-led-matrix.git rpi-rgb-led-matrix-master
|
|
fi
|
|
else
|
|
# Fallback: clone directly if submodule not configured
|
|
echo "Submodule not configured, cloning directly from GitHub..."
|
|
git clone https://github.com/hzeller/rpi-rgb-led-matrix.git rpi-rgb-led-matrix-master
|
|
fi
|
|
fi
|
|
|
|
# Build and install rpi-rgb-led-matrix Python bindings
|
|
if [ -d "$PROJECT_ROOT_DIR/rpi-rgb-led-matrix-master" ]; then
|
|
# Check if submodule is properly initialized (not empty)
|
|
if [ ! -f "$PROJECT_ROOT_DIR/rpi-rgb-led-matrix-master/Makefile" ]; then
|
|
echo "⚠ Submodule appears empty, re-initializing..."
|
|
cd "$PROJECT_ROOT_DIR"
|
|
rm -rf rpi-rgb-led-matrix-master
|
|
if [ -f "$PROJECT_ROOT_DIR/.gitmodules" ] && grep -q "rpi-rgb-led-matrix" "$PROJECT_ROOT_DIR/.gitmodules"; then
|
|
git submodule update --init --recursive rpi-rgb-led-matrix-master
|
|
else
|
|
git clone https://github.com/hzeller/rpi-rgb-led-matrix.git rpi-rgb-led-matrix-master
|
|
fi
|
|
fi
|
|
|
|
pushd "$PROJECT_ROOT_DIR/rpi-rgb-led-matrix-master" >/dev/null
|
|
echo "Building rpi-rgb-led-matrix Python bindings..."
|
|
# Build the library first, then Python bindings
|
|
# The build-python target depends on the library being built
|
|
if ! make build-python; then
|
|
echo "✗ Failed to build rpi-rgb-led-matrix Python bindings"
|
|
echo " Make sure you have the required build tools installed:"
|
|
echo " sudo apt install -y build-essential python3-dev cython3 scons"
|
|
popd >/dev/null
|
|
exit 1
|
|
fi
|
|
cd bindings/python
|
|
echo "Installing rpi-rgb-led-matrix Python package via pip..."
|
|
if ! python3 -m pip install --break-system-packages .; then
|
|
echo "✗ Failed to install rpi-rgb-led-matrix Python package"
|
|
popd >/dev/null
|
|
exit 1
|
|
fi
|
|
popd >/dev/null
|
|
else
|
|
echo "✗ rpi-rgb-led-matrix-master directory not found at $PROJECT_ROOT_DIR"
|
|
echo "Failed to initialize submodule or clone repository"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Running rgbmatrix import test..."
|
|
if python3 - <<'PY'
|
|
from importlib.metadata import version, PackageNotFoundError
|
|
try:
|
|
from rgbmatrix import RGBMatrix, RGBMatrixOptions
|
|
try:
|
|
print("Success! rgbmatrix version:", version('rgbmatrix'))
|
|
except PackageNotFoundError:
|
|
print("Success! rgbmatrix installed (version unknown)")
|
|
except Exception as e:
|
|
raise SystemExit(f"rgbmatrix import failed: {e}")
|
|
PY
|
|
then
|
|
echo "✓ rpi-rgb-led-matrix installed and verified"
|
|
else
|
|
echo "✗ rpi-rgb-led-matrix import test failed"
|
|
exit 1
|
|
fi
|
|
fi
|
|
echo ""
|
|
|
|
CURRENT_STEP="Install web interface dependencies"
|
|
echo "Step 7: Installing web interface dependencies..."
|
|
echo "------------------------------------------------"
|
|
|
|
# Install web interface dependencies
|
|
echo "Installing Python dependencies for web interface..."
|
|
cd "$PROJECT_ROOT_DIR"
|
|
|
|
# Try to install dependencies using the smart installer if available
|
|
if [ -f "$PROJECT_ROOT_DIR/scripts/install_dependencies_apt.py" ]; then
|
|
echo "Using smart dependency installer..."
|
|
python3 "$PROJECT_ROOT_DIR/scripts/install_dependencies_apt.py"
|
|
else
|
|
echo "Using pip to install dependencies..."
|
|
if [ -f "$PROJECT_ROOT_DIR/requirements_web_v2.txt" ]; then
|
|
python3 -m pip install --break-system-packages -r requirements_web_v2.txt
|
|
else
|
|
echo "⚠ requirements_web_v2.txt not found; skipping web dependency install"
|
|
fi
|
|
fi
|
|
|
|
echo "✓ Web interface dependencies installed"
|
|
echo ""
|
|
|
|
CURRENT_STEP="Install web interface service"
|
|
echo "Step 8: Installing web interface service..."
|
|
echo "-------------------------------------------"
|
|
|
|
if [ -f "$PROJECT_ROOT_DIR/scripts/install/install_web_service.sh" ]; then
|
|
# Check if service file exists and has old paths (needs update after reorganization)
|
|
NEEDS_UPDATE=false
|
|
if [ -f "/etc/systemd/system/ledmatrix-web.service" ]; then
|
|
# Check if service file references old path (start_web_conditionally.py without scripts/utils/)
|
|
if grep -q "start_web_conditionally.py" /etc/systemd/system/ledmatrix-web.service && ! grep -q "scripts/utils/start_web_conditionally.py" /etc/systemd/system/ledmatrix-web.service; then
|
|
NEEDS_UPDATE=true
|
|
echo "⚠ Service file has old paths, updating..."
|
|
fi
|
|
fi
|
|
|
|
if [ ! -f "/etc/systemd/system/ledmatrix-web.service" ] || [ "$NEEDS_UPDATE" = true ]; then
|
|
bash "$PROJECT_ROOT_DIR/scripts/install/install_web_service.sh"
|
|
# Ensure systemd sees any new/changed unit files
|
|
systemctl daemon-reload || true
|
|
echo "✓ Web interface service installed/updated"
|
|
else
|
|
echo "✓ Web interface service already present with correct paths"
|
|
fi
|
|
else
|
|
echo "⚠ install_web_service.sh not found; skipping web service installation"
|
|
fi
|
|
echo ""
|
|
|
|
CURRENT_STEP="Harden systemd unit file permissions"
|
|
echo "Step 8.1: Setting systemd unit file permissions..."
|
|
echo "-----------------------------------------------"
|
|
for unit in "/etc/systemd/system/ledmatrix.service" "/etc/systemd/system/ledmatrix-web.service" "/etc/systemd/system/ledmatrix-wifi-monitor.service"; do
|
|
if [ -f "$unit" ]; then
|
|
chown root:root "$unit" || true
|
|
chmod 644 "$unit" || true
|
|
fi
|
|
done
|
|
systemctl daemon-reload || true
|
|
echo "✓ Systemd unit file permissions set"
|
|
echo ""
|
|
|
|
CURRENT_STEP="Install WiFi monitor service"
|
|
echo "Step 8.5: Installing WiFi monitor service..."
|
|
echo "---------------------------------------------"
|
|
|
|
# Install WiFi monitor service if script exists
|
|
if [ -f "$PROJECT_ROOT_DIR/scripts/install/install_wifi_monitor.sh" ]; then
|
|
# Check if service file exists and has old paths (needs update after reorganization)
|
|
NEEDS_UPDATE=false
|
|
if [ -f "/etc/systemd/system/ledmatrix-wifi-monitor.service" ]; then
|
|
# Check if service file references old path (wifi_monitor_daemon.py without scripts/utils/)
|
|
if grep -q "wifi_monitor_daemon.py" /etc/systemd/system/ledmatrix-wifi-monitor.service && ! grep -q "scripts/utils/wifi_monitor_daemon.py" /etc/systemd/system/ledmatrix-wifi-monitor.service; then
|
|
NEEDS_UPDATE=true
|
|
echo "⚠ WiFi monitor service file has old paths, updating..."
|
|
fi
|
|
fi
|
|
|
|
if [ ! -f "/etc/systemd/system/ledmatrix-wifi-monitor.service" ] || [ "$NEEDS_UPDATE" = true ]; then
|
|
echo "Installing/updating WiFi monitor service..."
|
|
# Run install script but don't fail installation if it errors (WiFi monitor is optional)
|
|
if bash "$PROJECT_ROOT_DIR/scripts/install/install_wifi_monitor.sh"; then
|
|
echo "✓ WiFi monitor service installation completed"
|
|
else
|
|
INSTALL_EXIT_CODE=$?
|
|
echo "⚠ WiFi monitor service installation returned exit code $INSTALL_EXIT_CODE"
|
|
echo " Continuing installation - WiFi monitor is optional and can be installed later"
|
|
fi
|
|
fi
|
|
|
|
# Harden service file permissions (if service was created)
|
|
if [ -f "/etc/systemd/system/ledmatrix-wifi-monitor.service" ]; then
|
|
chown root:root "/etc/systemd/system/ledmatrix-wifi-monitor.service" || true
|
|
chmod 644 "/etc/systemd/system/ledmatrix-wifi-monitor.service" || true
|
|
systemctl daemon-reload || true
|
|
|
|
# Check if service was installed successfully
|
|
if systemctl list-unit-files | grep -q "ledmatrix-wifi-monitor.service"; then
|
|
echo "✓ WiFi monitor service installed"
|
|
|
|
# Check if service is running
|
|
if systemctl is-active --quiet ledmatrix-wifi-monitor.service 2>/dev/null; then
|
|
echo "✓ WiFi monitor service is running"
|
|
else
|
|
echo "⚠ WiFi monitor service installed but not running (may need required packages)"
|
|
fi
|
|
else
|
|
echo "⚠ WiFi monitor service file exists but not registered with systemd"
|
|
fi
|
|
else
|
|
echo "⚠ WiFi monitor service file not created (installation may have failed)"
|
|
echo " You can install it later by running: sudo ./scripts/install/install_wifi_monitor.sh"
|
|
fi
|
|
else
|
|
echo "⚠ install_wifi_monitor.sh not found; skipping WiFi monitor installation"
|
|
echo " You can install it later by running: sudo ./scripts/install/install_wifi_monitor.sh"
|
|
fi
|
|
echo ""
|
|
|
|
CURRENT_STEP="Configure web interface permissions"
|
|
echo "Step 9: Configuring web interface permissions..."
|
|
echo "------------------------------------------------"
|
|
|
|
# Add user to required groups (idempotent)
|
|
echo "Adding user to systemd-journal group..."
|
|
if id -nG "$ACTUAL_USER" | grep -qw systemd-journal; then
|
|
echo "User $ACTUAL_USER already in systemd-journal"
|
|
else
|
|
usermod -a -G systemd-journal "$ACTUAL_USER"
|
|
fi
|
|
|
|
echo "Adding user to adm group..."
|
|
if id -nG "$ACTUAL_USER" | grep -qw adm; then
|
|
echo "User $ACTUAL_USER already in adm"
|
|
else
|
|
usermod -a -G adm "$ACTUAL_USER"
|
|
fi
|
|
|
|
echo "✓ User added to required groups"
|
|
echo ""
|
|
|
|
CURRENT_STEP="Configure passwordless sudo access"
|
|
echo "Step 10: Configuring passwordless sudo access..."
|
|
echo "------------------------------------------------"
|
|
|
|
# Create sudoers configuration for the web interface
|
|
echo "Creating sudoers configuration..."
|
|
SUDOERS_FILE="/etc/sudoers.d/ledmatrix_web"
|
|
|
|
# Get command paths
|
|
PYTHON_PATH=$(which python3)
|
|
SYSTEMCTL_PATH=$(which systemctl)
|
|
REBOOT_PATH=$(which reboot)
|
|
POWEROFF_PATH=$(which poweroff)
|
|
BASH_PATH=$(which bash)
|
|
|
|
# Create sudoers content
|
|
cat > /tmp/ledmatrix_web_sudoers << EOF
|
|
# LED Matrix Web Interface passwordless sudo configuration
|
|
# This allows the web interface user to run specific commands without a password
|
|
|
|
# Allow $ACTUAL_USER to run specific commands without a password for the LED Matrix web interface
|
|
$ACTUAL_USER ALL=(ALL) NOPASSWD: $REBOOT_PATH
|
|
$ACTUAL_USER ALL=(ALL) NOPASSWD: $POWEROFF_PATH
|
|
$ACTUAL_USER ALL=(ALL) NOPASSWD: $SYSTEMCTL_PATH start ledmatrix.service
|
|
$ACTUAL_USER ALL=(ALL) NOPASSWD: $SYSTEMCTL_PATH stop ledmatrix.service
|
|
$ACTUAL_USER ALL=(ALL) NOPASSWD: $SYSTEMCTL_PATH restart ledmatrix.service
|
|
$ACTUAL_USER ALL=(ALL) NOPASSWD: $SYSTEMCTL_PATH enable ledmatrix.service
|
|
$ACTUAL_USER ALL=(ALL) NOPASSWD: $SYSTEMCTL_PATH disable ledmatrix.service
|
|
$ACTUAL_USER ALL=(ALL) NOPASSWD: $SYSTEMCTL_PATH status ledmatrix.service
|
|
$ACTUAL_USER ALL=(ALL) NOPASSWD: $PYTHON_PATH $PROJECT_ROOT_DIR/display_controller.py
|
|
$ACTUAL_USER ALL=(ALL) NOPASSWD: $BASH_PATH $PROJECT_ROOT_DIR/start_display.sh
|
|
$ACTUAL_USER ALL=(ALL) NOPASSWD: $BASH_PATH $PROJECT_ROOT_DIR/stop_display.sh
|
|
EOF
|
|
|
|
if [ -f "$SUDOERS_FILE" ] && cmp -s /tmp/ledmatrix_web_sudoers "$SUDOERS_FILE"; then
|
|
echo "Sudoers configuration already up to date"
|
|
rm /tmp/ledmatrix_web_sudoers
|
|
else
|
|
echo "Installing/updating sudoers configuration..."
|
|
cp /tmp/ledmatrix_web_sudoers "$SUDOERS_FILE"
|
|
chmod 440 "$SUDOERS_FILE"
|
|
rm /tmp/ledmatrix_web_sudoers
|
|
fi
|
|
|
|
echo "✓ Passwordless sudo access configured"
|
|
echo ""
|
|
|
|
CURRENT_STEP="Configure WiFi management permissions"
|
|
echo "Step 10.1: Configuring WiFi management permissions..."
|
|
echo "-----------------------------------------------------"
|
|
|
|
# Configure WiFi permissions (sudo and PolicyKit) for WiFi management
|
|
if [ -f "$PROJECT_ROOT_DIR/scripts/install/configure_wifi_permissions.sh" ]; then
|
|
echo "Configuring WiFi management permissions..."
|
|
# Run as the actual user (not root) since the script checks for that
|
|
sudo -u "$ACTUAL_USER" bash "$PROJECT_ROOT_DIR/scripts/install/configure_wifi_permissions.sh" || {
|
|
echo "⚠ WiFi permissions configuration failed, but continuing installation"
|
|
echo " You can run it manually later: ./scripts/install/configure_wifi_permissions.sh"
|
|
}
|
|
echo "✓ WiFi management permissions configured"
|
|
else
|
|
echo "⚠ configure_wifi_permissions.sh not found; skipping WiFi permissions configuration"
|
|
echo " You can configure WiFi permissions later by running:"
|
|
echo " ./scripts/install/configure_wifi_permissions.sh"
|
|
fi
|
|
echo ""
|
|
|
|
CURRENT_STEP="Set proper file ownership"
|
|
echo "Step 11: Setting proper file ownership..."
|
|
echo "----------------------------------------"
|
|
|
|
# Set ownership of project files to the user
|
|
# Exclude plugin directories which need special permissions for root service access
|
|
# Use -h flag with chown to operate on symlinks themselves rather than following them
|
|
echo "Setting project file ownership (excluding plugin directories)..."
|
|
find "$PROJECT_ROOT_DIR" \
|
|
-path "$PROJECT_ROOT_DIR/plugins" -prune -o \
|
|
-path "$PROJECT_ROOT_DIR/plugin-repos" -prune -o \
|
|
-path "$PROJECT_ROOT_DIR/scripts/dev/plugins" -prune -o \
|
|
-path "*/.git*" -prune -o \
|
|
-exec chown -h "$ACTUAL_USER:$ACTUAL_USER" {} \; 2>/dev/null || true
|
|
|
|
# Set proper permissions for config files
|
|
if [ -f "$PROJECT_ROOT_DIR/config/config.json" ]; then
|
|
chmod 644 "$PROJECT_ROOT_DIR/config/config.json"
|
|
echo "✓ Config file permissions set"
|
|
fi
|
|
|
|
# Set proper permissions for secrets file (restrictive: owner rw, group r)
|
|
# If service runs as root, set ownership to root so it can read as owner
|
|
# Otherwise, use ACTUAL_USER and rely on group membership
|
|
if [ -f "$PROJECT_ROOT_DIR/config/config_secrets.json" ]; then
|
|
# Check if service runs as root (from service file or template)
|
|
SERVICE_USER="root"
|
|
if [ -f "/etc/systemd/system/ledmatrix.service" ]; then
|
|
SERVICE_USER=$(grep "^User=" /etc/systemd/system/ledmatrix.service | cut -d'=' -f2 || echo "root")
|
|
elif [ -f "$PROJECT_ROOT_DIR/systemd/ledmatrix.service" ]; then
|
|
SERVICE_USER=$(grep "^User=" "$PROJECT_ROOT_DIR/systemd/ledmatrix.service" | cut -d'=' -f2 || echo "root")
|
|
fi
|
|
|
|
if [ "$SERVICE_USER" = "root" ]; then
|
|
# Service runs as root - set ownership to root so it can read as owner
|
|
chown "root:$LEDMATRIX_GROUP" "$PROJECT_ROOT_DIR/config/config_secrets.json" || true
|
|
echo "✓ Secrets file permissions set (root:ledmatrix for root service)"
|
|
else
|
|
# Service runs as regular user - use ACTUAL_USER and rely on group membership
|
|
chown "$ACTUAL_USER:$LEDMATRIX_GROUP" "$PROJECT_ROOT_DIR/config/config_secrets.json" || true
|
|
echo "✓ Secrets file permissions set ($ACTUAL_USER:ledmatrix)"
|
|
fi
|
|
chmod 640 "$PROJECT_ROOT_DIR/config/config_secrets.json"
|
|
fi
|
|
|
|
# Set proper permissions for YTM auth file (readable by all users including root service)
|
|
if [ -f "$PROJECT_ROOT_DIR/config/ytm_auth.json" ]; then
|
|
chown "$ACTUAL_USER:$LEDMATRIX_GROUP" "$PROJECT_ROOT_DIR/config/ytm_auth.json" || true
|
|
chmod 644 "$PROJECT_ROOT_DIR/config/ytm_auth.json"
|
|
echo "✓ YTM auth file permissions set"
|
|
fi
|
|
|
|
# Re-apply plugin directory permissions based on web service user
|
|
echo "Re-applying plugin directory permissions..."
|
|
# Determine web service user (check installed service, install scripts, or template)
|
|
WEB_SERVICE_USER="root"
|
|
if [ -f "/etc/systemd/system/ledmatrix-web.service" ]; then
|
|
# Check actual installed service file (most accurate)
|
|
WEB_SERVICE_USER=$(grep "^User=" /etc/systemd/system/ledmatrix-web.service | cut -d'=' -f2 || echo "root")
|
|
elif [ -f "$PROJECT_ROOT_DIR/scripts/install/install_web_service.sh" ]; then
|
|
# Check install_web_service.sh (used by first_time_install.sh)
|
|
if grep -q "User=root" "$PROJECT_ROOT_DIR/scripts/install/install_web_service.sh"; then
|
|
WEB_SERVICE_USER="root"
|
|
elif grep -q "User=\${ACTUAL_USER}" "$PROJECT_ROOT_DIR/scripts/install/install_web_service.sh"; then
|
|
WEB_SERVICE_USER="$ACTUAL_USER"
|
|
fi
|
|
elif [ -f "$PROJECT_ROOT_DIR/systemd/ledmatrix-web.service" ]; then
|
|
WEB_SERVICE_USER=$(grep "^User=" "$PROJECT_ROOT_DIR/systemd/ledmatrix-web.service" | cut -d'=' -f2 || echo "root")
|
|
if [ "$WEB_SERVICE_USER" = "__USER__" ] || [ -z "$WEB_SERVICE_USER" ]; then
|
|
if [ -f "$PROJECT_ROOT_DIR/scripts/install/install_service.sh" ] && grep -q "User=\${ACTUAL_USER}" "$PROJECT_ROOT_DIR/scripts/install/install_service.sh"; then
|
|
WEB_SERVICE_USER="$ACTUAL_USER"
|
|
fi
|
|
fi
|
|
elif [ -f "$PROJECT_ROOT_DIR/scripts/install/install_service.sh" ] && grep -q "User=\${ACTUAL_USER}" "$PROJECT_ROOT_DIR/scripts/install/install_service.sh"; then
|
|
WEB_SERVICE_USER="$ACTUAL_USER"
|
|
fi
|
|
|
|
# Set ownership based on web service user
|
|
if [ "$WEB_SERVICE_USER" = "$ACTUAL_USER" ] || [ "$WEB_SERVICE_USER" != "root" ]; then
|
|
PLUGIN_OWNER="$ACTUAL_USER:$ACTUAL_USER"
|
|
else
|
|
PLUGIN_OWNER="root:$ACTUAL_USER"
|
|
fi
|
|
|
|
if [ -d "$PROJECT_ROOT_DIR/plugins" ]; then
|
|
chown -R "$PLUGIN_OWNER" "$PROJECT_ROOT_DIR/plugins"
|
|
find "$PROJECT_ROOT_DIR/plugins" -type d -exec chmod 2775 {} \;
|
|
find "$PROJECT_ROOT_DIR/plugins" -type f -exec chmod 664 {} \;
|
|
fi
|
|
if [ -d "$PROJECT_ROOT_DIR/plugin-repos" ]; then
|
|
chown -R "$PLUGIN_OWNER" "$PROJECT_ROOT_DIR/plugin-repos"
|
|
find "$PROJECT_ROOT_DIR/plugin-repos" -type d -exec chmod 2775 {} \;
|
|
find "$PROJECT_ROOT_DIR/plugin-repos" -type f -exec chmod 664 {} \;
|
|
fi
|
|
|
|
echo "✓ File ownership configured"
|
|
echo ""
|
|
|
|
CURRENT_STEP="Normalize project file permissions"
|
|
echo "Step 11.1: Normalizing project file and directory permissions..."
|
|
echo "--------------------------------------------------------------"
|
|
|
|
# Normalize directory permissions (exclude VCS metadata and plugin directories)
|
|
find "$PROJECT_ROOT_DIR" \
|
|
-path "$PROJECT_ROOT_DIR/plugins" -prune -o \
|
|
-path "$PROJECT_ROOT_DIR/plugin-repos" -prune -o \
|
|
-path "$PROJECT_ROOT_DIR/scripts/dev/plugins" -prune -o \
|
|
-path "*/.git*" -prune -o \
|
|
-type d -exec chmod 755 {} \; 2>/dev/null || true
|
|
|
|
# Set default file permissions (exclude plugin directories)
|
|
find "$PROJECT_ROOT_DIR" \
|
|
-path "$PROJECT_ROOT_DIR/plugins" -prune -o \
|
|
-path "$PROJECT_ROOT_DIR/plugin-repos" -prune -o \
|
|
-path "$PROJECT_ROOT_DIR/scripts/dev/plugins" -prune -o \
|
|
-path "*/.git*" -prune -o \
|
|
-type f -exec chmod 644 {} \; 2>/dev/null || true
|
|
|
|
# Ensure shell scripts are executable
|
|
find "$PROJECT_ROOT_DIR" -path "*/.git*" -prune -o -type f -name "*.sh" -exec chmod 755 {} \; 2>/dev/null || true
|
|
|
|
# Explicitly ensure common helper scripts are executable (in case paths change)
|
|
chmod 755 "$PROJECT_ROOT_DIR/start_display.sh" "$PROJECT_ROOT_DIR/stop_display.sh" 2>/dev/null || true
|
|
chmod 755 "$PROJECT_ROOT_DIR/scripts/fix_perms/fix_cache_permissions.sh" "$PROJECT_ROOT_DIR/scripts/fix_perms/fix_web_permissions.sh" "$PROJECT_ROOT_DIR/scripts/fix_perms/fix_assets_permissions.sh" "$PROJECT_ROOT_DIR/scripts/fix_perms/fix_plugin_permissions.sh" 2>/dev/null || true
|
|
chmod 755 "$PROJECT_ROOT_DIR/scripts/install/install_service.sh" "$PROJECT_ROOT_DIR/scripts/install/install_web_service.sh" 2>/dev/null || true
|
|
|
|
# Re-apply special permissions for config directory (lost during normalization)
|
|
chmod 2775 "$PROJECT_ROOT_DIR/config" || true
|
|
|
|
echo "✓ Project file permissions normalized"
|
|
echo ""
|
|
|
|
CURRENT_STEP="Sound module configuration"
|
|
echo "Step 12: Sound module configuration..."
|
|
echo "-------------------------------------"
|
|
|
|
# Remove services that may interfere with LED matrix timing
|
|
echo "Removing potential conflicting services (bluetooth and others)..."
|
|
if [ "$SKIP_SOUND" = "1" ]; then
|
|
echo "Skipping sound module configuration as requested (--skip-sound)."
|
|
elif apt_remove bluez bluez-firmware pi-bluetooth triggerhappy pigpio; then
|
|
echo "✓ Unnecessary services removed (or not present)"
|
|
else
|
|
echo "⚠ Some packages could not be removed; continuing"
|
|
fi
|
|
|
|
# Blacklist onboard sound module (idempotent)
|
|
BLACKLIST_FILE="/etc/modprobe.d/blacklist-rgb-matrix.conf"
|
|
if [ -f "$BLACKLIST_FILE" ] && grep -q '^blacklist snd_bcm2835\b' "$BLACKLIST_FILE"; then
|
|
echo "snd_bcm2835 already blacklisted in $BLACKLIST_FILE"
|
|
else
|
|
echo "Ensuring snd_bcm2835 is blacklisted in $BLACKLIST_FILE..."
|
|
mkdir -p "/etc/modprobe.d"
|
|
if [ -f "$BLACKLIST_FILE" ]; then
|
|
cp "$BLACKLIST_FILE" "$BLACKLIST_FILE.bak" 2>/dev/null || true
|
|
fi
|
|
# Append once (don't clobber existing unrelated content)
|
|
if [ -f "$BLACKLIST_FILE" ]; then
|
|
echo "blacklist snd_bcm2835" >> "$BLACKLIST_FILE"
|
|
else
|
|
printf "blacklist snd_bcm2835\n" > "$BLACKLIST_FILE"
|
|
fi
|
|
fi
|
|
|
|
# Update initramfs if available
|
|
if command -v update-initramfs >/dev/null 2>&1; then
|
|
echo "Updating initramfs..."
|
|
update-initramfs -u
|
|
else
|
|
echo "update-initramfs not found; skipping"
|
|
fi
|
|
|
|
echo "✓ Sound module configuration applied"
|
|
echo ""
|
|
|
|
CURRENT_STEP="Apply performance optimizations"
|
|
echo "Step 13: Applying performance optimizations..."
|
|
echo "---------------------------------------------"
|
|
|
|
# Prefer /boot/firmware on newer Raspberry Pi OS, fall back to /boot on older
|
|
CMDLINE_FILE="/boot/firmware/cmdline.txt"
|
|
CONFIG_FILE="/boot/firmware/config.txt"
|
|
if [ ! -f "$CMDLINE_FILE" ]; then CMDLINE_FILE="/boot/cmdline.txt"; fi
|
|
if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="/boot/config.txt"; fi
|
|
|
|
# Append isolcpus=3 to cmdline if not present (idempotent)
|
|
if [ "$SKIP_PERF" = "1" ]; then
|
|
echo "Skipping performance optimizations as requested (--skip-perf)."
|
|
elif [ -f "$CMDLINE_FILE" ]; then
|
|
if grep -q '\bisolcpus=3\b' "$CMDLINE_FILE"; then
|
|
echo "isolcpus=3 already present in $CMDLINE_FILE"
|
|
else
|
|
echo "Adding isolcpus=3 to $CMDLINE_FILE..."
|
|
cp "$CMDLINE_FILE" "$CMDLINE_FILE.bak" 2>/dev/null || true
|
|
# Ensure single-line cmdline gets the flag once, with a leading space
|
|
sed -i '1 s/$/ isolcpus=3/' "$CMDLINE_FILE"
|
|
fi
|
|
else
|
|
echo "✗ $CMDLINE_FILE not found; skipping isolcpus optimization"
|
|
fi
|
|
|
|
# Ensure dtparam=audio=off in config.txt (idempotent)
|
|
if [ "$SKIP_PERF" = "1" ]; then
|
|
: # skipped
|
|
elif [ -f "$CONFIG_FILE" ]; then
|
|
if grep -q '^dtparam=audio=off\b' "$CONFIG_FILE"; then
|
|
echo "Onboard audio already disabled in $CONFIG_FILE"
|
|
elif grep -q '^dtparam=audio=on\b' "$CONFIG_FILE"; then
|
|
echo "Disabling onboard audio in $CONFIG_FILE..."
|
|
cp "$CONFIG_FILE" "$CONFIG_FILE.bak" 2>/dev/null || true
|
|
sed -i 's/^dtparam=audio=on\b/dtparam=audio=off/' "$CONFIG_FILE"
|
|
else
|
|
echo "Adding dtparam=audio=off to $CONFIG_FILE..."
|
|
cp "$CONFIG_FILE" "$CONFIG_FILE.bak" 2>/dev/null || true
|
|
printf "\n# Disable onboard audio for LED matrix performance\n" >> "$CONFIG_FILE"
|
|
echo "dtparam=audio=off" >> "$CONFIG_FILE"
|
|
fi
|
|
else
|
|
echo "✗ $CONFIG_FILE not found; skipping audio disable"
|
|
fi
|
|
|
|
echo "✓ Performance optimizations applied"
|
|
echo ""
|
|
|
|
CURRENT_STEP="Test the installation"
|
|
echo "Step 14: Testing the installation..."
|
|
echo "----------------------------------"
|
|
|
|
# Test sudo access
|
|
echo "Testing sudo access..."
|
|
if sudo -u "$ACTUAL_USER" sudo -n systemctl status ledmatrix.service > /dev/null 2>&1; then
|
|
echo "✓ Sudo access test passed"
|
|
else
|
|
echo "⚠ Sudo access test failed - may need to log out and back in"
|
|
fi
|
|
|
|
# Test journal access
|
|
echo "Testing journal access..."
|
|
if sudo -u "$ACTUAL_USER" journalctl --no-pager --lines=1 > /dev/null 2>&1; then
|
|
echo "✓ Journal access test passed"
|
|
else
|
|
echo "⚠ Journal access test failed - may need to log out and back in"
|
|
fi
|
|
|
|
# Check service status
|
|
echo "Checking service status..."
|
|
if systemctl is-active --quiet ledmatrix.service; then
|
|
echo "✓ Main LED Matrix service is running"
|
|
else
|
|
echo "⚠ Main LED Matrix service is not running"
|
|
fi
|
|
|
|
if systemctl is-active --quiet ledmatrix-web.service; then
|
|
echo "✓ Web interface service is running"
|
|
else
|
|
echo "⚠ Web interface service is not running"
|
|
fi
|
|
|
|
if systemctl list-unit-files | grep -q "ledmatrix-wifi-monitor.service"; then
|
|
if systemctl is-active --quiet ledmatrix-wifi-monitor.service 2>/dev/null; then
|
|
echo "✓ WiFi monitor service is running"
|
|
else
|
|
echo "⚠ WiFi monitor service is not running"
|
|
fi
|
|
fi
|
|
|
|
echo ""
|
|
if [ "$SKIP_REBOOT_PROMPT" = "1" ]; then
|
|
echo "Skipping reboot prompt as requested (--no-reboot-prompt)."
|
|
elif [ "$ASSUME_YES" = "1" ]; then
|
|
echo "Non-interactive mode: rebooting now to apply changes..."
|
|
reboot
|
|
else
|
|
read -p "A reboot is recommended to apply kernel and audio changes. Reboot now? (y/N): " -n 1 -r
|
|
echo
|
|
if [[ $REPLY =~ ^[Yy]$ ]]; then
|
|
echo "Rebooting now..."
|
|
reboot
|
|
fi
|
|
fi
|
|
|
|
echo "=========================================="
|
|
echo "Installation Complete!"
|
|
echo "=========================================="
|
|
echo ""
|
|
|
|
# Network Diagnostics Section
|
|
echo "=========================================="
|
|
echo "Network Status & Access Information"
|
|
echo "=========================================="
|
|
echo ""
|
|
|
|
# Get current IP addresses
|
|
echo "Current IP Addresses:"
|
|
if command -v hostname >/dev/null 2>&1; then
|
|
IPS=$(hostname -I 2>/dev/null | tr ' ' '\n' | grep -v '^$' || echo "")
|
|
if [ -n "$IPS" ]; then
|
|
echo "$IPS" | while read -r ip; do
|
|
if [ -n "$ip" ]; then
|
|
echo " - $ip"
|
|
fi
|
|
done
|
|
else
|
|
echo " ⚠ No IP addresses found"
|
|
fi
|
|
else
|
|
echo " ⚠ Could not determine IP addresses (hostname command not available)"
|
|
fi
|
|
|
|
echo ""
|
|
|
|
# Check WiFi status
|
|
echo "WiFi Connection Status:"
|
|
if command -v nmcli >/dev/null 2>&1; then
|
|
WIFI_STATUS=$(nmcli -t -f DEVICE,TYPE,STATE device status 2>/dev/null | grep -i wifi || echo "")
|
|
if [ -n "$WIFI_STATUS" ]; then
|
|
echo "$WIFI_STATUS" | while IFS=':' read -r device type state; do
|
|
if [ "$state" = "connected" ]; then
|
|
SSID=$(nmcli -t -f active,ssid device wifi 2>/dev/null | grep "^yes:" | cut -d: -f2 | head -1)
|
|
if [ -n "$SSID" ]; then
|
|
echo " ✓ Connected to: $SSID"
|
|
else
|
|
echo " ✓ Connected (SSID unknown)"
|
|
fi
|
|
else
|
|
echo " ✗ Not connected ($state)"
|
|
fi
|
|
done
|
|
else
|
|
echo " ⚠ Could not determine WiFi status"
|
|
fi
|
|
else
|
|
echo " ⚠ nmcli not available, cannot check WiFi status"
|
|
fi
|
|
|
|
echo ""
|
|
|
|
# Check AP mode status
|
|
echo "AP Mode Status:"
|
|
if systemctl is-active --quiet hostapd 2>/dev/null; then
|
|
echo " ✓ AP Mode is ACTIVE"
|
|
echo " → Connect to WiFi network: LEDMatrix-Setup"
|
|
echo " → Password: ledmatrix123"
|
|
echo " → Access web UI at: http://192.168.4.1:5000"
|
|
AP_MODE_ACTIVE=true
|
|
else
|
|
# Check if wlan0 has AP IP
|
|
if ip addr show wlan0 2>/dev/null | grep -q "192.168.4.1"; then
|
|
echo " ✓ AP Mode is ACTIVE (IP detected)"
|
|
echo " → Connect to WiFi network: LEDMatrix-Setup"
|
|
echo " → Password: ledmatrix123"
|
|
echo " → Access web UI at: http://192.168.4.1:5000"
|
|
AP_MODE_ACTIVE=true
|
|
else
|
|
echo " ✗ AP Mode is inactive"
|
|
AP_MODE_ACTIVE=false
|
|
fi
|
|
fi
|
|
|
|
echo ""
|
|
|
|
# Web UI access information
|
|
echo "Web UI Access:"
|
|
if [ "$AP_MODE_ACTIVE" = true ]; then
|
|
echo " → Via AP Mode: http://192.168.4.1:5000"
|
|
echo ""
|
|
echo " To connect to your WiFi network:"
|
|
echo " 1. Connect to LEDMatrix-Setup network"
|
|
echo " 2. Open http://192.168.4.1:5000 in your browser"
|
|
echo " 3. Go to WiFi tab and connect to your network"
|
|
else
|
|
# Get primary IP for web UI access
|
|
PRIMARY_IP=""
|
|
if command -v hostname >/dev/null 2>&1; then
|
|
PRIMARY_IP=$(hostname -I 2>/dev/null | awk '{print $1}' | grep -v '^$' || echo "")
|
|
fi
|
|
|
|
if [ -n "$PRIMARY_IP" ] && [ "$PRIMARY_IP" != "127.0.0.1" ] && [ "$PRIMARY_IP" != "192.168.4.1" ]; then
|
|
echo " → Access at: http://$PRIMARY_IP:5000"
|
|
else
|
|
echo " → Access at: http://<your-pi-ip>:5000"
|
|
echo " (Replace <your-pi-ip> with your Pi's IP address)"
|
|
fi
|
|
|
|
if systemctl is-active --quiet ledmatrix-web.service 2>/dev/null; then
|
|
echo " ✓ Web service is running"
|
|
else
|
|
echo " ⚠ Web service is not running"
|
|
echo " Start with: sudo systemctl start ledmatrix-web"
|
|
fi
|
|
fi
|
|
|
|
echo ""
|
|
|
|
# Service status summary
|
|
echo "Service Status:"
|
|
if systemctl is-active --quiet ledmatrix.service 2>/dev/null; then
|
|
echo " ✓ Main display service: running"
|
|
else
|
|
echo " ✗ Main display service: not running"
|
|
fi
|
|
|
|
if systemctl is-active --quiet ledmatrix-web.service 2>/dev/null; then
|
|
echo " ✓ Web interface service: running"
|
|
else
|
|
echo " ✗ Web interface service: not running"
|
|
fi
|
|
|
|
if systemctl list-unit-files | grep -q "ledmatrix-wifi-monitor.service"; then
|
|
if systemctl is-active --quiet ledmatrix-wifi-monitor.service 2>/dev/null; then
|
|
echo " ✓ WiFi monitor service: running"
|
|
else
|
|
echo " ⚠ WiFi monitor service: installed but not running"
|
|
fi
|
|
else
|
|
echo " - WiFi monitor service: not installed"
|
|
fi
|
|
|
|
echo ""
|
|
echo "=========================================="
|
|
echo "Important Notes"
|
|
echo "=========================================="
|
|
echo ""
|
|
echo "1. For group changes to take effect:"
|
|
echo " - Log out and log back in to your SSH session, OR"
|
|
echo " - Run: newgrp systemd-journal"
|
|
echo ""
|
|
echo "2. If you cannot access the web UI:"
|
|
echo " - Check that the web service is running: sudo systemctl status ledmatrix-web"
|
|
echo " - Verify firewall allows port 5000: sudo ufw status (if using UFW)"
|
|
echo " - Check network connectivity: ping -c 3 8.8.8.8"
|
|
echo " - If WiFi is not connected, connect to LEDMatrix-Setup AP network"
|
|
echo ""
|
|
echo "3. SSH Access:"
|
|
echo " - SSH must be configured during initial Pi setup (via Raspberry Pi Imager or raspi-config)"
|
|
echo " - This installation script does not configure SSH credentials"
|
|
echo ""
|
|
echo "4. Useful Commands:"
|
|
echo " - Check service status: sudo systemctl status ledmatrix.service"
|
|
echo " - View logs: journalctl -u ledmatrix-web.service -f"
|
|
echo " - Start/stop display: sudo systemctl start/stop ledmatrix.service"
|
|
echo ""
|
|
echo "5. Configuration Files:"
|
|
echo " - Main config: $PROJECT_ROOT_DIR/config/config.json"
|
|
echo " - Secrets: $PROJECT_ROOT_DIR/config/config_secrets.json"
|
|
echo ""
|
|
echo "Enjoy your LED Matrix display!"
|