Merge pull request #10 from sourcebots/fixes

WillB97 · web-flow · commit f0569fae46eb · 2023-07-29T18:27:35.000+01:00
Fix issues from testing
diff --git a/parts/files/polkit/localauthority/10-udisks.pkla b/parts/files/polkit/localauthority/10-udisks.pkla
@@ -0,0 +1,14 @@
+[udisks1]
+Identity=unix-group:storage
+Action=org.freedesktop.udisks.filesystem-mount;org.freedesktop.udisks.luks-unlock;org.freedesktop.udisks.drive-eject;org.freedesktop.udisks.drive-detach
+ResultAny=yes
+
+[udisks2]
+Identity=unix-group:storage
+Action=org.freedesktop.udisks2.filesystem-mount;org.freedesktop.udisks2.filesystem-mount-system;org.freedesktop.udisks2.encrypted-unlock;org.freedesktop.udisks2.eject-media;org.freedesktop.udisks2.power-off-drive
+ResultAny=yes
+
+[udisks2-other-seat]
+Identity=unix-group:storage
+Action=org.freedesktop.udisks2.filesystem-mount-other-seat;org.freedesktop.udisks2.filesystem-unmount-others;org.freedesktop.udisks2.encrypted-unlock-other-seat;org.freedesktop.udisks2.eject-media-other-seat;org.freedesktop.udisks2.power-off-drive-other-seat
+ResultAny=yes
diff --git a/parts/files/polkit/rules.d/50-udiskie.rules b/parts/files/polkit/rules.d/50-udiskie.rules
@@ -0,0 +1,25 @@
+polkit.addRule(function(action, subject) {
+  var YES = polkit.Result.YES;
+  var permission = {
+    // required for udisks1:
+    "org.freedesktop.udisks.filesystem-mount": YES,
+    "org.freedesktop.udisks.luks-unlock": YES,
+    "org.freedesktop.udisks.drive-eject": YES,
+    "org.freedesktop.udisks.drive-detach": YES,
+    // required for udisks2:
+    "org.freedesktop.udisks2.filesystem-mount": YES,
+    "org.freedesktop.udisks2.encrypted-unlock": YES,
+    "org.freedesktop.udisks2.eject-media": YES,
+    "org.freedesktop.udisks2.power-off-drive": YES,
+    // required for udisks2 if using udiskie from another seat (e.g. systemd):
+    "org.freedesktop.udisks2.filesystem-mount-other-seat": YES,
+    "org.freedesktop.udisks2.filesystem-unmount-others": YES,
+    "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES,
+    "org.freedesktop.udisks2.encrypted-unlock-system": YES,
+    "org.freedesktop.udisks2.eject-media-other-seat": YES,
+    "org.freedesktop.udisks2.power-off-drive-other-seat": YES
+  };
+  if (subject.isInGroup("storage")) {
+    return permission[action.id];
+  }
+});
diff --git a/parts/files/requirements.txt b/parts/files/requirements.txt
@@ -1,3 +1,3 @@
-sbot[vision]==1.0.0rc2
+sbot[vision]==1.0.0
 numpy==1.25.0
-runusb==2023.0.0rc2
+runusb==2023.0.0
diff --git a/parts/files/runusb.service b/parts/files/runusb.service
@@ -5,7 +5,7 @@ Description=Automatic running of USB devices
 Type=simple
 User=robot
 Environment="RUNUSB_MOUNTPOINT_DIR=/media/robot"
-ExecStart=/usr/bin/runusb
+ExecStart=/usr/local/bin/runusb
 Restart=on-failure
 RestartSec=5s
 
diff --git a/parts/robot.sh b/parts/robot.sh
@@ -9,6 +9,16 @@ cp /tmp/packer-files/udiskie/udiskie.yml /etc/
 cp /tmp/packer-files/udiskie/udiskie.service /lib/systemd/system/
 systemctl enable udiskie.service
 
+# Add polkit rules for udiskie
+mkdir -p /etc/polkit-1/rules.d
+mkdir -p /etc/polkit-1/localauthority/50-local.d
+cp /tmp/packer-files/polkit/rules.d/50-udiskie.rules /etc/polkit-1/rules.d/50-udiskie.rules
+cp /tmp/packer-files/polkit/localauthority/10-udisks.pkla /etc/polkit-1/localauthority/50-local.d/10-udisks.pkla
+
+# Create a group that can use udisks and add the default user to it.
+groupadd --force storage
+usermod -a -G storage robot
+
 # Install core components
 pip install --no-cache -r /tmp/packer-files/requirements.txt
 
diff --git a/parts/user.sh b/parts/user.sh
@@ -11,7 +11,7 @@ useradd \
     --create-home \
     -s /bin/bash \
     -u 1000 \
-    -G sudo,video,dialout,adm \
+    -G sudo,video,dialout,adm,gpio \
     -p "$password" \
     $user
 
