fix(firmware): grant bfkiosk write access to binary dir + align marker path

/opt/betterframe/kiosk/ now owned bfkiosk:bfkiosk so OTA can write .new/.prev files. Marker path in Rust code aligned with rollback script expectation (/var/lib/betterframe/kiosk/firmware-applying.json).
2026-05-26 21:26:33 +00:00 · 2026-05-21 16:03:42 +02:00 · 2026-05-21 16:03:42 +02:00 · 516a4ca4a0
commit 516a4ca4a0
parent 7d81891b0e
4 changed files with 12 additions and 10 deletions
--- a/deploy/pi-gen/stage-betterframe-client/01-install-kiosk/01-run-chroot.sh
+++ b/deploy/pi-gen/stage-betterframe-client/01-install-kiosk/01-run-chroot.sh
@ -14,8 +14,10 @@ for grp in video render input audio; do
 done
 # --- Binary ---
-install -d -m 755 /opt/betterframe/kiosk
+install -d -o bfkiosk -g bfkiosk -m 755 /opt/betterframe/kiosk
 install -m 755 /tmp/bf-files/betterframe-kiosk /opt/betterframe/kiosk/betterframe-kiosk
 # State dir for firmware marker file (rollback script reads this)
 install -d -o bfkiosk -g bfkiosk -m 755 /var/lib/betterframe/kiosk
 # --- Systemd unit + PAM + rollback hook ---
 install -m 644 /tmp/bf-files/betterframe-kiosk.service /etc/systemd/system/betterframe-kiosk.service
--- a/deploy/scripts/setup-pi-kiosk.sh
+++ b/deploy/scripts/setup-pi-kiosk.sh
@ -189,8 +189,9 @@ if [ "${INSTALL_KIOSK}" = "1" ]; then
    exit 1
  fi
-  install -d -m 755 "${BIN_DST_DIR}"
+  install -d -o bfkiosk -g bfkiosk -m 755 "${BIN_DST_DIR}"
  install -m 755 "${BIN_SRC}" "${BIN_DST}"
  install -d -o bfkiosk -g bfkiosk -m 755 /var/lib/betterframe/kiosk
  echo "    installed → ${BIN_DST}"
  # --------------------------------------------------------------------------
--- a/deploy/tmpfiles/betterframe-kiosk.conf
+++ b/deploy/tmpfiles/betterframe-kiosk.conf
@ -1 +1,2 @@
 d /run/betterframe 0755 bfkiosk bfkiosk -
 d /var/lib/betterframe/kiosk 0755 bfkiosk bfkiosk -
--- a/kiosk/src/firmware.rs
+++ b/kiosk/src/firmware.rs
@ -37,6 +37,7 @@ pub const ARCH: &str = match option_env!("BF_BUILD_ARCH") {
 };
 const DEFAULT_BIN_PATH: &str = "/opt/betterframe/kiosk/betterframe-kiosk";
 const FIRMWARE_MARKER: &str = "/var/lib/betterframe/kiosk/firmware-applying.json";
 fn binary_path() -> PathBuf {
    std::env::var("BF_KIOSK_BINARY")
@ -163,8 +164,8 @@ pub fn apply(server: &str, key: &str, info: &UpdateInfo) -> Result<(), String> {
    // failed first boot of the new binary. We delete it after a clean boot
    // (see `mark_firmware_applied()`). If we crash before that, next start
    // sees a stale marker → restores .prev.
-    if let Some(dir) = bin.parent() {
+    {
-        let marker = dir.join("firmware-applying.json");
+        let marker = PathBuf::from(FIRMWARE_MARKER);
        let payload = serde_json::json!({
            "version": info.version,
            "attempt_at": chrono_now_iso(),
@ -210,14 +211,11 @@ fn verify_signature(public_key_pem: &str, sha256_hex: &str, sig_b64url: &str) ->
 /// Clear the in-progress marker. Call after the kiosk has booted cleanly and
 /// reported back to the server — proves the new binary survives startup.
 pub fn mark_firmware_applied() {
-    let bin = binary_path();
+    let marker = PathBuf::from(FIRMWARE_MARKER);
    if let Some(dir) = bin.parent() {
        let marker = dir.join("firmware-applying.json");
    if marker.exists() {
        let _ = fs::remove_file(marker);
    }
 }
 }
 fn chrono_now_iso() -> String {
    // Sidesteps adding a chrono dep — Unix epoch ms is enough for the
`@ -1 +1,2 @@`
	`d /run/betterframe 0755 bfkiosk bfkiosk -`	`d /run/betterframe 0755 bfkiosk bfkiosk -`
		`d /var/lib/betterframe/kiosk 0755 bfkiosk bfkiosk -`