From 516a4ca4a06d3b33db29b841bcb7c1c5db712e2b Mon Sep 17 00:00:00 2001 From: Mitchell R Date: Thu, 21 May 2026 16:03:42 +0200 Subject: [PATCH] fix(firmware): grant bfkiosk write access to binary dir + align marker path /opt/betterframe/kiosk/ now owned bfkiosk:bfkiosk so OTA can write .new/.prev files. Marker path in Rust code aligned with rollback script expectation (/var/lib/betterframe/kiosk/firmware-applying.json). --- .../01-install-kiosk/01-run-chroot.sh | 4 +++- deploy/scripts/setup-pi-kiosk.sh | 3 ++- deploy/tmpfiles/betterframe-kiosk.conf | 1 + kiosk/src/firmware.rs | 14 ++++++-------- 4 files changed, 12 insertions(+), 10 deletions(-) diff --git a/deploy/pi-gen/stage-betterframe-client/01-install-kiosk/01-run-chroot.sh b/deploy/pi-gen/stage-betterframe-client/01-install-kiosk/01-run-chroot.sh index be039ab..fad0766 100755 --- a/deploy/pi-gen/stage-betterframe-client/01-install-kiosk/01-run-chroot.sh +++ b/deploy/pi-gen/stage-betterframe-client/01-install-kiosk/01-run-chroot.sh @@ -14,8 +14,10 @@ for grp in video render input audio; do done # --- Binary --- -install -d -m 755 /opt/betterframe/kiosk +install -d -o bfkiosk -g bfkiosk -m 755 /opt/betterframe/kiosk install -m 755 /tmp/bf-files/betterframe-kiosk /opt/betterframe/kiosk/betterframe-kiosk +# State dir for firmware marker file (rollback script reads this) +install -d -o bfkiosk -g bfkiosk -m 755 /var/lib/betterframe/kiosk # --- Systemd unit + PAM + rollback hook --- install -m 644 /tmp/bf-files/betterframe-kiosk.service /etc/systemd/system/betterframe-kiosk.service diff --git a/deploy/scripts/setup-pi-kiosk.sh b/deploy/scripts/setup-pi-kiosk.sh index 2790226..5faa44c 100755 --- a/deploy/scripts/setup-pi-kiosk.sh +++ b/deploy/scripts/setup-pi-kiosk.sh @@ -189,8 +189,9 @@ if [ "${INSTALL_KIOSK}" = "1" ]; then exit 1 fi - install -d -m 755 "${BIN_DST_DIR}" + install -d -o bfkiosk -g bfkiosk -m 755 "${BIN_DST_DIR}" install -m 755 "${BIN_SRC}" "${BIN_DST}" + install -d -o bfkiosk -g bfkiosk -m 755 /var/lib/betterframe/kiosk echo " installed → ${BIN_DST}" # -------------------------------------------------------------------------- diff --git a/deploy/tmpfiles/betterframe-kiosk.conf b/deploy/tmpfiles/betterframe-kiosk.conf index 2fb9a1a..cd1cb74 100644 --- a/deploy/tmpfiles/betterframe-kiosk.conf +++ b/deploy/tmpfiles/betterframe-kiosk.conf @@ -1 +1,2 @@ d /run/betterframe 0755 bfkiosk bfkiosk - +d /var/lib/betterframe/kiosk 0755 bfkiosk bfkiosk - diff --git a/kiosk/src/firmware.rs b/kiosk/src/firmware.rs index 7bc0056..712a3b6 100644 --- a/kiosk/src/firmware.rs +++ b/kiosk/src/firmware.rs @@ -37,6 +37,7 @@ pub const ARCH: &str = match option_env!("BF_BUILD_ARCH") { }; const DEFAULT_BIN_PATH: &str = "/opt/betterframe/kiosk/betterframe-kiosk"; +const FIRMWARE_MARKER: &str = "/var/lib/betterframe/kiosk/firmware-applying.json"; fn binary_path() -> PathBuf { std::env::var("BF_KIOSK_BINARY") @@ -163,8 +164,8 @@ pub fn apply(server: &str, key: &str, info: &UpdateInfo) -> Result<(), String> { // failed first boot of the new binary. We delete it after a clean boot // (see `mark_firmware_applied()`). If we crash before that, next start // sees a stale marker → restores .prev. - if let Some(dir) = bin.parent() { - let marker = dir.join("firmware-applying.json"); + { + let marker = PathBuf::from(FIRMWARE_MARKER); let payload = serde_json::json!({ "version": info.version, "attempt_at": chrono_now_iso(), @@ -210,12 +211,9 @@ fn verify_signature(public_key_pem: &str, sha256_hex: &str, sig_b64url: &str) -> /// Clear the in-progress marker. Call after the kiosk has booted cleanly and /// reported back to the server — proves the new binary survives startup. pub fn mark_firmware_applied() { - let bin = binary_path(); - if let Some(dir) = bin.parent() { - let marker = dir.join("firmware-applying.json"); - if marker.exists() { - let _ = fs::remove_file(marker); - } + let marker = PathBuf::from(FIRMWARE_MARKER); + if marker.exists() { + let _ = fs::remove_file(marker); } }