From 0e0f16167c97d5be13e2e380487e4f5acac54816 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 9 Dec 2025 00:23:42 +0000 Subject: [PATCH 1/8] Initial plan From 9f40c7367d11a85cd1856e75f301f53a05d79c7b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 9 Dec 2025 00:28:46 +0000 Subject: [PATCH 2/8] Fix sudo permissions for homebridge user shutdown/restart commands Add sudoers configuration file to allow homebridge user to execute shutdown, reboot, and poweroff commands without a password. This fixes the issue introduced in Debian Trixie where sudo group membership alone is no longer sufficient for passwordless sudo access. Co-authored-by: NorthernMan54 <19808920+NorthernMan54@users.noreply.github.com> --- stage3_homebridge/01-homebridge/00-run.sh | 4 ++++ stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd | 1 + 2 files changed, 5 insertions(+) create mode 100644 stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd diff --git a/stage3_homebridge/01-homebridge/00-run.sh b/stage3_homebridge/01-homebridge/00-run.sh index fbdcf2a..c0623cd 100755 --- a/stage3_homebridge/01-homebridge/00-run.sh +++ b/stage3_homebridge/01-homebridge/00-run.sh @@ -17,6 +17,10 @@ install -m 755 files/20-hb-nginx-check "${ROOTFS_DIR}/etc/hb-service/homebridge/ install -m 644 files/first-boot-homebridge.service "${ROOTFS_DIR}/etc/systemd/system/" install -m 755 files/first-boot-homebridge "${ROOTFS_DIR}/usr/local/sbin/" +# Sudoers configuration for homebridge user +install -v -d "${ROOTFS_DIR}/etc/sudoers.d" +install -m 0440 files/010_homebridge-nopasswd "${ROOTFS_DIR}/etc/sudoers.d/" + # # MOTD # diff --git a/stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd b/stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd new file mode 100644 index 0000000..c65fe86 --- /dev/null +++ b/stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd @@ -0,0 +1 @@ +homebridge ALL=(ALL) NOPASSWD: /sbin/shutdown, /sbin/reboot, /sbin/poweroff From 1bdc7c5341d2bbef6257ce3f6a3addb3fed507c9 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 9 Dec 2025 00:29:31 +0000 Subject: [PATCH 3/8] Improve sudoers security: restrict to root user only Changed sudoers rule from ALL=(ALL) to ALL=(root) to restrict command execution to only the root user, following security best practices. Co-authored-by: NorthernMan54 <19808920+NorthernMan54@users.noreply.github.com> --- stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd b/stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd index c65fe86..b497576 100644 --- a/stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd +++ b/stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd @@ -1 +1 @@ -homebridge ALL=(ALL) NOPASSWD: /sbin/shutdown, /sbin/reboot, /sbin/poweroff +homebridge ALL=(root) NOPASSWD: /sbin/shutdown, /sbin/reboot, /sbin/poweroff From e6f6f76ce08506a2ddddd7bb91f583dc1a663976 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 9 Dec 2025 00:30:33 +0000 Subject: [PATCH 4/8] Remove trailing empty line from sudoers file Removed unnecessary trailing newline to avoid potential parsing issues. Co-authored-by: NorthernMan54 <19808920+NorthernMan54@users.noreply.github.com> --- stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd b/stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd index b497576..b6a20b4 100644 --- a/stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd +++ b/stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd @@ -1 +1 @@ -homebridge ALL=(root) NOPASSWD: /sbin/shutdown, /sbin/reboot, /sbin/poweroff +homebridge ALL=(root) NOPASSWD: /sbin/shutdown, /sbin/reboot, /sbin/poweroff \ No newline at end of file From dec2ce30ff4ce488f6ebd71a6e65c4b6ee8d37e5 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 9 Dec 2025 00:31:23 +0000 Subject: [PATCH 5/8] Add /usr/sbin paths for better compatibility Include both /sbin and /usr/sbin paths for shutdown/reboot/poweroff commands to ensure compatibility across different Debian versions. Co-authored-by: NorthernMan54 <19808920+NorthernMan54@users.noreply.github.com> --- stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd b/stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd index b6a20b4..fc4d463 100644 --- a/stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd +++ b/stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd @@ -1 +1 @@ -homebridge ALL=(root) NOPASSWD: /sbin/shutdown, /sbin/reboot, /sbin/poweroff \ No newline at end of file +homebridge ALL=(root) NOPASSWD: /sbin/shutdown, /sbin/reboot, /sbin/poweroff, /usr/sbin/shutdown, /usr/sbin/reboot, /usr/sbin/poweroff \ No newline at end of file From 455d11a55786a8adba84fa686f6fe40255c2a07b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 9 Dec 2025 00:32:35 +0000 Subject: [PATCH 6/8] Add comments to explain sudoers configuration Added explanatory comments to clarify why both /sbin and /usr/sbin paths are included in the sudoers configuration. Co-authored-by: NorthernMan54 <19808920+NorthernMan54@users.noreply.github.com> --- stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd | 2 ++ 1 file changed, 2 insertions(+) diff --git a/stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd b/stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd index fc4d463..fc20de7 100644 --- a/stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd +++ b/stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd @@ -1 +1,3 @@ +# Allow homebridge user to run shutdown/reboot commands without password +# Both /sbin and /usr/sbin paths are included for compatibility across Debian versions homebridge ALL=(root) NOPASSWD: /sbin/shutdown, /sbin/reboot, /sbin/poweroff, /usr/sbin/shutdown, /usr/sbin/reboot, /usr/sbin/poweroff \ No newline at end of file From d6b889e3e48c2c5a959bd1ab12ef064144da49d5 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 9 Dec 2025 00:45:25 +0000 Subject: [PATCH 7/8] Add one-liner patch command for existing installations Created TRIXIE_SUDO_PATCH.md with a simple one-liner command that users can run to patch their existing Homebridge installations without needing to re-flash the image. Co-authored-by: NorthernMan54 <19808920+NorthernMan54@users.noreply.github.com> --- TRIXIE_SUDO_PATCH.md | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 TRIXIE_SUDO_PATCH.md diff --git a/TRIXIE_SUDO_PATCH.md b/TRIXIE_SUDO_PATCH.md new file mode 100644 index 0000000..91b2128 --- /dev/null +++ b/TRIXIE_SUDO_PATCH.md @@ -0,0 +1,35 @@ +# Trixie Sudo Permissions Patch + +If you have already installed a Homebridge Raspberry Pi image and upgraded to Debian Trixie, you may experience issues with the restart/shutdown functionality in the Homebridge UI. + +## Quick Fix (One-liner) + +Run the following command to patch your existing installation: + +```bash +sudo bash -c 'cat > /etc/sudoers.d/010_homebridge-nopasswd << "EOF" +# Allow homebridge user to run shutdown/reboot commands without password +# Both /sbin and /usr/sbin paths are included for compatibility across Debian versions +homebridge ALL=(root) NOPASSWD: /sbin/shutdown, /sbin/reboot, /sbin/poweroff, /usr/sbin/shutdown, /usr/sbin/reboot, /usr/sbin/poweroff +EOF +chmod 0440 /etc/sudoers.d/010_homebridge-nopasswd && visudo -c' +``` + +This command will: +1. Create the sudoers configuration file for the homebridge user +2. Set the correct permissions (0440) +3. Validate the sudoers syntax + +## What This Fixes + +This patch allows the homebridge user to run shutdown, reboot, and poweroff commands without requiring a password, which is necessary for the Homebridge UI's restart and shutdown features to work properly in Debian Trixie. + +## Verification + +After applying the patch, you can verify it worked by checking: + +```bash +sudo -l -U homebridge +``` + +You should see output showing that the homebridge user can run shutdown, reboot, and poweroff commands without a password. From f6c54f89cfaa345181cc0d0eb30e49d1c7814a35 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 9 Dec 2025 00:50:29 +0000 Subject: [PATCH 8/8] Simplify patch command with curl-based approach Updated TRIXIE_SUDO_PATCH.md to include a simpler curl-based one-liner that downloads the sudoers file directly from the GitHub repository, similar to the gpg key installation pattern. Co-authored-by: NorthernMan54 <19808920+NorthernMan54@users.noreply.github.com> --- TRIXIE_SUDO_PATCH.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/TRIXIE_SUDO_PATCH.md b/TRIXIE_SUDO_PATCH.md index 91b2128..7d78371 100644 --- a/TRIXIE_SUDO_PATCH.md +++ b/TRIXIE_SUDO_PATCH.md @@ -6,6 +6,12 @@ If you have already installed a Homebridge Raspberry Pi image and upgraded to De Run the following command to patch your existing installation: +```bash +curl -fsSL https://raw.githubusercontent.com/homebridge/homebridge-raspbian-image/latest/stage3_homebridge/01-homebridge/files/010_homebridge-nopasswd | sudo tee /etc/sudoers.d/010_homebridge-nopasswd > /dev/null && sudo chmod 0440 /etc/sudoers.d/010_homebridge-nopasswd && sudo visudo -c +``` + +### Alternative (if you prefer to see the content first): + ```bash sudo bash -c 'cat > /etc/sudoers.d/010_homebridge-nopasswd << "EOF" # Allow homebridge user to run shutdown/reboot commands without password