npm - plc-checkweigher - Versions diffs - 1.29.1 → 1.31.0 - Mend

plc-checkweigher 1.29.1 → 1.31.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/bin/plc_checkweigher CHANGED Viewed

@@ -586,6 +586,30 @@ smb-config)
     prompt_smb_config
     ;;
+# ─────────────────────────────────────────────────────────────────────────────
+# CONSOLE-PASSWD — set / change the web maintenance terminal access code
+# ─────────────────────────────────────────────────────────────────────────────
+console-passwd)
+    banner "Maintenance Console Access Code"
+    echo ""
+    info "Required by the dashboard terminal (>_ button). Stored as SHA-256."
+    echo ""
+    mkdir -p "${DATA_DIR}" 2>/dev/null || true
+    while true; do
+        read -r -s -p "  New access code: " _PW </dev/tty; echo ""
+        if [[ -z "$_PW" ]]; then err "Cannot be empty"; continue; fi
+        read -r -s -p "  Confirm:         " _PW2 </dev/tty; echo ""
+        [[ "$_PW" == "$_PW2" ]] && break
+        warn "Codes do not match — try again"
+    done
+    printf '%s' "$_PW" | sha256sum | cut -d' ' -f1 > "${DATA_DIR}/console_passwd"
+    chmod 600 "${DATA_DIR}/console_passwd" 2>/dev/null || true
+    echo ""
+    ok "Console access code updated — active immediately, no restart needed"
+    info "Existing browser sessions stay signed in until they expire (8 h)."
+    echo ""
+    ;;
 # ─────────────────────────────────────────────────────────────────────────────
 # FIX — auto-detect and repair common issues
 # Usage: fix [-wifi] [-health] [-programs] [-errors]   (no flags = run all)
@@ -1450,6 +1474,16 @@ PYEOF
         ulog "CONFIG: journal OK"
     fi
+    # 9a. Console password present (web terminal is fail-closed without it)
+    spin_start "Console access code"
+    if [[ -f "${DATA_DIR}/console_passwd" ]]; then
+        spin_ok "Console access code set"
+        ulog "CONFIG: console password OK"
+    else
+        spin_warn "Not set — web terminal locked. Run: plc_checkweigher console-passwd"
+        ulog "WARN: console password not set"
+    fi
     # 9b. Web maintenance sudoers rule (dashboard terminal)
     spin_start "Web maintenance sudoers rule"
     _SUDOERS_F="/etc/sudoers.d/010_plc-web-fix"
@@ -1801,6 +1835,7 @@ help|--help|-h)
     echo ""
     echo -e "  ${W}Configuration${NC}"
     echo "    smb-config                 Interactively update SMB delivery target"
+    echo "    console-passwd             Set/change web maintenance terminal access code"
     echo "    push-test                  Push latest PDF to SMB target now"
     echo "    update                     Pull latest code from GitHub and restart services"
     echo ""

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "plc-checkweigher",
-  "version": "1.29.1",
+  "version": "1.31.0",
   "description": "One-command installer for the PLC Check-Weigher system on Raspberry Pi (PREEMPT_RT kernel, Python stack, WiFi, SMB, systemd RT services)",
   "scripts": {
     "postinstall": "node bin/cli.js"

package/setup.sh CHANGED Viewed

@@ -277,6 +277,27 @@ setup_wifi() {
     fi
 }
+# ── 6b. Web maintenance terminal access code ─────────────────────────────────
+setup_console_passwd() {
+    step "Maintenance console access code ..."
+    echo "  The dashboard's maintenance terminal (>_ button) requires an"
+    echo "  access code. It is stored as a SHA-256 hash, never in plain text."
+    echo ""
+    local PW PW2
+    while true; do
+        read -r -s -p "  Set console access code: " PW </dev/tty; echo ""
+        if [[ -z "$PW" ]]; then echo "  Cannot be empty — try again."; continue; fi
+        read -r -s -p "  Confirm access code:     " PW2 </dev/tty; echo ""
+        [[ "$PW" == "$PW2" ]] && break
+        echo "  Codes do not match — try again."
+    done
+    mkdir -p "${DATA_DIR}"
+    printf '%s' "$PW" | sha256sum | cut -d' ' -f1 > "${DATA_DIR}/console_passwd"
+    chown "${PI_USER}:${PI_USER}" "${DATA_DIR}/console_passwd"
+    chmod 600 "${DATA_DIR}/console_passwd"
+    ok "Console access code set  (change later: plc_checkweigher console-passwd)"
+}
 # ── 6. SMB file sharing — interactive ────────────────────────────────────────
 setup_smb() {
     step "SMB File Sharing Setup"
@@ -725,7 +746,51 @@ lock_source_files() {
 }
 # ── 12. RT kernel — installed LAST so only one reboot is needed ───────────────
-# ── 11d. System optimization — disable everything not needed by the tool ─────
+# ── 11d. Debloat — purge applications unused by the PLC stack ────────────────
+# KEEP: chromium (kiosk display), code / VS Code (maintenance), NetworkManager,
+# ssh, lightdm + compositor, rpi-connect, python3, git, nodejs, samba-client,
+# plymouth, build-essential.
+setup_debloat() {
+    step "Removing unused applications  (dedicating resources to the tool) ..."
+    local _PURGE=(
+        firefox                 # kiosk uses chromium
+        chromium-l10n           # browser locale packs — English UI only
+        vlc vlc-l10n            # no media playback on the line
+        realvnc-vnc-server      # Pi Connect (wayvnc) provides screen share
+        rpi-imager rpi-userguide rp-bookshelf piwiz
+        pocketsphinx-en-us      # offline speech model
+        python3-mypy
+        thonny geany geany-common
+        firmware-atheros firmware-mediatek firmware-libertas   # non-Pi WiFi chips
+        avahi-daemon
+        cups cups-daemon cups-browsed
+        bluez                   # BT radio already disabled at boot
+        wolfram-engine sonic-pi scratch scratch2 scratch3 minecraft-pi
+        claws-mail mu-editor smartsim sense-emu-tools
+        libreoffice-core libreoffice-common
+    )
+    local _TO_REMOVE=() _p
+    for _p in "${_PURGE[@]}"; do
+        dpkg -l "$_p" 2>/dev/null | grep -q "^ii" && _TO_REMOVE+=("$_p")
+    done
+    if [[ ${#_TO_REMOVE[@]} -gt 0 ]]; then
+        local _BEFORE
+        _BEFORE=$(df --output=avail / | tail -1)
+        DEBIAN_FRONTEND=noninteractive apt-get purge -y -qq "${_TO_REMOVE[@]}" \
+            > /tmp/debloat.log 2>&1 || warn "Some purges had warnings — see /tmp/debloat.log"
+        ok "Purged: ${_TO_REMOVE[*]}"
+        DEBIAN_FRONTEND=noninteractive apt-get autoremove --purge -y -qq \
+            >> /tmp/debloat.log 2>&1 || true
+        apt-get clean
+        local _AFTER
+        _AFTER=$(df --output=avail / | tail -1)
+        ok "Orphans removed, apt cache cleared — freed $(( (_AFTER - _BEFORE) / 1024 )) MB"
+    else
+        ok "No unused applications found"
+    fi
+}
+# ── 11e. System optimization — disable everything not needed by the tool ─────
 setup_system_optimize() {
     step "System optimization  (disable non-essential services) ..."
@@ -892,13 +957,15 @@ main() {
     install_cli               # 5  — plc_checkweigher status command
     setup_wifi                # 6  — interactive WiFi picker
     setup_smb                 # 7  — interactive SMB config → smb_config.py
+    setup_console_passwd      # 7b — web maintenance terminal access code
     setup_network_online      # 8
     install_services          # 9
     setup_boot_logo           # 10 — Plymouth: logo + "Sai Samarth Engineering"
     setup_display             # 11 — LightDM priority, CPU isolation, utmpx
     setup_vscode_priority     # 11b — VS Code: cores 0-2, Nice=-5
     lock_source_files         # 11c — root:root on .py, pi:pi on data/
-    setup_system_optimize     # 11d — disable bluetooth/avahi/cups/apt-timers
+    setup_debloat             # 11d — purge unused applications (~800 MB+)
+    setup_system_optimize     # 11e — disable bluetooth/avahi/cups/apt-timers
     install_rt_kernel         # 12 — LAST, so only one reboot needed
     do_reboot                 # 12 — single reboot applies everything
 }