plc-checkweigher 1.26.1 → 1.28.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/bin/plc_checkweigher +25 -0
  2. package/package.json +1 -1
  3. package/setup.sh +16 -0
package/bin/plc_checkweigher CHANGED
@@ -1450,6 +1450,30 @@ PYEOF
1450
1450
  ulog "CONFIG: journal OK"
1451
1451
  fi
1452
1452
 
1453
+ # 9b. Web maintenance sudoers rule (dashboard FIX button)
1454
+ spin_start "Web maintenance sudoers rule"
1455
+ _SUDOERS_F="/etc/sudoers.d/010_plc-web-fix"
1456
+ if [[ ! -f "$_SUDOERS_F" ]]; then
1457
+ cat > /tmp/010_plc-web-fix << 'SUDOEOF'
1458
+ # Web dashboard maintenance console — allows the locked, root-owned CLI
1459
+ # to run its fix command from plc_web (User=pi). Scope: fix only.
1460
+ pi ALL=(root) NOPASSWD: /usr/local/bin/plc_checkweigher fix, /usr/local/bin/plc_checkweigher fix *
1461
+ SUDOEOF
1462
+ if sudo visudo -c -f /tmp/010_plc-web-fix &>/dev/null; then
1463
+ sudo cp /tmp/010_plc-web-fix "$_SUDOERS_F"
1464
+ sudo chmod 440 "$_SUDOERS_F"
1465
+ spin_ok "Sudoers rule installed (web FIX button enabled)"
1466
+ ulog "FIXED: web maintenance sudoers rule installed"
1467
+ else
1468
+ spin_warn "Sudoers rule failed validation — skipped"
1469
+ ulog "WARN: sudoers rule validation failed"
1470
+ fi
1471
+ rm -f /tmp/010_plc-web-fix
1472
+ else
1473
+ spin_ok "Sudoers rule present"
1474
+ ulog "CONFIG: web sudoers OK"
1475
+ fi
1476
+
1453
1477
  # 9. lightdm must not wait on deprecated udev-settle (~2.4 s saved)
1454
1478
  spin_start "lightdm boot dependency"
1455
1479
  _LDM_DROPIN="/etc/systemd/system/lightdm.service.d/display-priority.conf"
@@ -1662,6 +1686,7 @@ uninstall)
1662
1686
  BASHRC="${HOME_DIR}/.bashrc"
1663
1687
  [[ -f "$BASHRC" ]] && sed -i '/export PATH.*\.local\/bin/d' "$BASHRC" 2>/dev/null || true
1664
1688
  sudo rm -f /usr/local/bin/plc_checkweigher
1689
+ sudo rm -f /etc/sudoers.d/010_plc-web-fix
1665
1690
  rm -f "${HOME_DIR}/.local/bin/plc_checkweigher" 2>/dev/null || true
1666
1691
  if [[ "${KEEP_REPORTS^^}" != "Y" && -d "$REPORTS_DIR" ]]; then
1667
1692
  rm -rf "$REPORTS_DIR"
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "plc-checkweigher",
3
- "version": "1.26.1",
3
+ "version": "1.28.1",
4
4
  "description": "One-command installer for the PLC Check-Weigher system on Raspberry Pi (PREEMPT_RT kernel, Python stack, WiFi, SMB, systemd RT services)",
5
5
  "scripts": {
6
6
  "postinstall": "node bin/cli.js"
package/setup.sh CHANGED
@@ -168,6 +168,22 @@ install_cli() {
168
168
  else
169
169
  warn "bin/plc_checkweigher not found — skipping CLI install"
170
170
  fi
171
+
172
+ # Scoped sudoers rule: web dashboard maintenance console can run the
173
+ # locked root-owned CLI's fix command (and nothing else) without password.
174
+ cat > /tmp/010_plc-web-fix << 'EOF'
175
+ # Web dashboard maintenance console — allows the locked, root-owned CLI
176
+ # to run its fix command from plc_web (User=pi). Scope: fix only.
177
+ pi ALL=(root) NOPASSWD: /usr/local/bin/plc_checkweigher fix, /usr/local/bin/plc_checkweigher fix *
178
+ EOF
179
+ if visudo -c -f /tmp/010_plc-web-fix &>/dev/null; then
180
+ cp /tmp/010_plc-web-fix /etc/sudoers.d/010_plc-web-fix
181
+ chmod 440 /etc/sudoers.d/010_plc-web-fix
182
+ ok "Web maintenance sudoers rule installed (fix only, validated)"
183
+ else
184
+ warn "sudoers rule failed validation — web FIX button will not work"
185
+ fi
186
+ rm -f /tmp/010_plc-web-fix
171
187
  }
172
188
 
173
189
  # ── 5. WiFi — scan → pick → password ─────────────────────────────────────────