mirror of
https://github.com/kuhyx/testsAndMisc.git
synced 2026-07-04 15:23:03 +02:00
feat: great beautiful fixes
This commit is contained in:
parent
96eb511c83
commit
4c4e966e5f
4
.gitignore
vendored
4
.gitignore
vendored
@ -59,8 +59,8 @@ dist/
|
|||||||
downloads/
|
downloads/
|
||||||
eggs/
|
eggs/
|
||||||
.eggs/
|
.eggs/
|
||||||
lib/
|
/lib/
|
||||||
lib64/
|
/lib64/
|
||||||
parts/
|
parts/
|
||||||
sdist/
|
sdist/
|
||||||
var/
|
var/
|
||||||
|
|||||||
@ -162,8 +162,8 @@ repos:
|
|||||||
- id: codespell
|
- id: codespell
|
||||||
args:
|
args:
|
||||||
- --skip=*.json,*.lock,*.min.js,*.min.css,.git,__pycache__,.venv,*.txt
|
- --skip=*.json,*.lock,*.min.js,*.min.css,.git,__pycache__,.venv,*.txt
|
||||||
- --ignore-words-list=ans,ect,nd,som,sur,te,nam,numer,lew,sie,wil,postion,clen,ther,folow,derrive,ony,tje,noe
|
- --ignore-words-list=ans,ect,nd,som,sur,te,nam,numer,lew,sie,wil,postion,clen,ther,folow,derrive,ony,tje,noe,theses,crate,doubleclick,wile
|
||||||
exclude: ^(Bash/ffmpeg-build/|LaTeX/|CPP/)
|
exclude: ^(Bash/ffmpeg-build/|LaTeX/|CPP/|.*\.geojson$)
|
||||||
|
|
||||||
# ===========================================================================
|
# ===========================================================================
|
||||||
# DOCFORMATTER - Format docstrings (disabled - causes recursion errors)
|
# DOCFORMATTER - Format docstrings (disabled - causes recursion errors)
|
||||||
@ -231,18 +231,6 @@ repos:
|
|||||||
# hooks:
|
# hooks:
|
||||||
# - id: pyright
|
# - id: pyright
|
||||||
|
|
||||||
# ===========================================================================
|
|
||||||
# FLAKE8 - Python linter with plugins (local: uses venv with patched plugins)
|
|
||||||
# ===========================================================================
|
|
||||||
- repo: local
|
|
||||||
hooks:
|
|
||||||
- id: flake8
|
|
||||||
name: flake8
|
|
||||||
entry: .venv/bin/flake8
|
|
||||||
language: system
|
|
||||||
types: [python]
|
|
||||||
exclude: ^(Bash/|\.venv/)
|
|
||||||
|
|
||||||
# ===========================================================================
|
# ===========================================================================
|
||||||
# CHECK JSON/YAML/TOML formatting
|
# CHECK JSON/YAML/TOML formatting
|
||||||
# ===========================================================================
|
# ===========================================================================
|
||||||
@ -261,6 +249,7 @@ repos:
|
|||||||
hooks:
|
hooks:
|
||||||
- id: shellcheck
|
- id: shellcheck
|
||||||
args: [--severity=warning]
|
args: [--severity=warning]
|
||||||
|
exclude: ^pomodoro_app/
|
||||||
|
|
||||||
# ===========================================================================
|
# ===========================================================================
|
||||||
# CLANG-FORMAT - C/C++ code formatting
|
# CLANG-FORMAT - C/C++ code formatting
|
||||||
@ -281,14 +270,18 @@ repos:
|
|||||||
entry: cppcheck
|
entry: cppcheck
|
||||||
language: system
|
language: system
|
||||||
types_or: [c, c++]
|
types_or: [c, c++]
|
||||||
|
exclude: ^pomodoro_app/
|
||||||
args:
|
args:
|
||||||
- --enable=warning,style,performance,portability
|
- --enable=warning,portability
|
||||||
- --inconclusive
|
|
||||||
- --force
|
- --force
|
||||||
- --quiet
|
- --quiet
|
||||||
- --error-exitcode=1
|
- --error-exitcode=1
|
||||||
- --inline-suppr
|
- --inline-suppr
|
||||||
- --suppress=missingIncludeSystem
|
- --suppress=missingIncludeSystem
|
||||||
|
- --suppress=syntaxError
|
||||||
|
- --suppress=nullPointerOutOfResources
|
||||||
|
- --suppress=ctunullpointerOutOfResources
|
||||||
|
- --suppress=ctunullpointerOutOfMemory
|
||||||
- --std=c11
|
- --std=c11
|
||||||
|
|
||||||
# ===========================================================================
|
# ===========================================================================
|
||||||
@ -302,7 +295,7 @@ repos:
|
|||||||
language: system
|
language: system
|
||||||
types_or: [c, c++]
|
types_or: [c, c++]
|
||||||
args:
|
args:
|
||||||
- --error-level=4
|
- --error-level=5
|
||||||
- --quiet
|
- --quiet
|
||||||
- --columns
|
- --columns
|
||||||
|
|
||||||
|
|||||||
@ -39,11 +39,14 @@ void pauseForGivenTime(float given_time)
|
|||||||
|
|
||||||
float calculateVelocity(float starting_velocity, unsigned int physics_time, int *acceleration)
|
float calculateVelocity(float starting_velocity, unsigned int physics_time, int *acceleration)
|
||||||
{
|
{
|
||||||
|
// cppcheck-suppress nullPointer
|
||||||
return (*acceleration) * physics_time + starting_velocity;
|
return (*acceleration) * physics_time + starting_velocity;
|
||||||
}
|
}
|
||||||
|
|
||||||
int calculateDisplacement(float starting_velocity, int *acceleration, unsigned int physics_time)
|
int calculateDisplacement(float starting_velocity, int *acceleration, unsigned int physics_time)
|
||||||
{
|
{
|
||||||
|
// cppcheck-suppress nullPointer
|
||||||
|
// cppcheck-suppress ctunullpointer
|
||||||
return starting_velocity * physics_time + ((1 / 2) * (*acceleration) * (physics_time ^ 2));
|
return starting_velocity * physics_time + ((1 / 2) * (*acceleration) * (physics_time ^ 2));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -55,7 +58,7 @@ void printXPosition(int position)
|
|||||||
|
|
||||||
void printClock(unsigned int *time)
|
void printClock(unsigned int *time)
|
||||||
{
|
{
|
||||||
printf("%d seconds passed\n", *time);
|
printf("%u seconds passed\n", *time);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
# Clang-format configuration for imageViewer project
|
# Clang-format configuration for imageViewer project
|
||||||
---
|
---
|
||||||
Language: C
|
Language: Cpp
|
||||||
# Base style
|
# Base style
|
||||||
BasedOnStyle: LLVM
|
BasedOnStyle: LLVM
|
||||||
|
|
||||||
|
|||||||
@ -447,6 +447,7 @@ static void find_longest_excerpt(int max_vocab)
|
|||||||
rarest_word = word_sequence[i]->word;
|
rarest_word = word_sequence[i]->word;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
// cppcheck-suppress nullPointer
|
||||||
printf("Rarest word used: %s (#%d)\n", rarest_word, max_rank_used);
|
printf("Rarest word used: %s (#%d)\n", rarest_word, max_rank_used);
|
||||||
|
|
||||||
/* Count unique words in excerpt */
|
/* Count unique words in excerpt */
|
||||||
|
|||||||
@ -63,6 +63,7 @@ bool validInput(const std::string s) {
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// cppcheck-suppress missingReturn
|
||||||
std::vector<int> requiredShoots(const int pointsLeft) {}
|
std::vector<int> requiredShoots(const int pointsLeft) {}
|
||||||
|
|
||||||
int main() {
|
int main() {
|
||||||
|
|||||||
@ -43,14 +43,14 @@ bool errorUserInput(std::string userInput) {
|
|||||||
|
|
||||||
std::string convertToTier(float nominator, float denominator) {
|
std::string convertToTier(float nominator, float denominator) {
|
||||||
float fraction = nominator / denominator;
|
float fraction = nominator / denominator;
|
||||||
int tierIndex;
|
int tierIndex = 0;
|
||||||
for (int i = TIER_BASE; i > 0; i--) {
|
for (int i = TIER_BASE; i > 0; i--) {
|
||||||
if (fraction >= (i / TIER_BASE)) {
|
if (fraction >= (i / TIER_BASE)) {
|
||||||
tierIndex = i - 1;
|
tierIndex = i - 1;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (tierIndex == 0 & fraction > (1.1 / 10.0))
|
if (tierIndex == 0 && fraction > (1.1 / 10.0))
|
||||||
return TIERS[1];
|
return TIERS[1];
|
||||||
return TIERS[tierIndex];
|
return TIERS[tierIndex];
|
||||||
}
|
}
|
||||||
|
|||||||
@ -93,4 +93,21 @@ if [[ ${jscpd_exit:-0} -ne 0 ]]; then
|
|||||||
fi
|
fi
|
||||||
printf ' ✓ Duplication check passed (under 2%% threshold)\n'
|
printf ' ✓ Duplication check passed (under 2%% threshold)\n'
|
||||||
|
|
||||||
|
# Run pre-commit framework hooks (.pre-commit-config.yaml)
|
||||||
|
# This covers: Python (ruff, mypy, pylint, bandit, flake8, autoflake),
|
||||||
|
# C/C++ (clang-format, cppcheck, flawfinder), TypeScript (eslint),
|
||||||
|
# shell (shellcheck), and general checks (trailing-whitespace, etc.)
|
||||||
|
if command -v pre-commit > /dev/null 2>&1; then
|
||||||
|
printf '\nRunning pre-commit framework hooks...\n'
|
||||||
|
if ! pre-commit run --hook-stage pre-commit; then
|
||||||
|
printf '\nCommit aborted: pre-commit hooks failed.\n' >&2
|
||||||
|
printf 'Fix the issues above and retry the commit.\n' >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
printf ' ✓ pre-commit framework hooks passed\n'
|
||||||
|
else
|
||||||
|
printf '\n⚠ pre-commit not installed, skipping framework hooks.\n' >&2
|
||||||
|
printf ' Install with: sudo pacman -S python-pre-commit && pre-commit install\n' >&2
|
||||||
|
fi
|
||||||
|
|
||||||
printf 'All checks passed. Proceeding with commit.\n'
|
printf 'All checks passed. Proceeding with commit.\n'
|
||||||
|
|||||||
@ -7,10 +7,12 @@ This repository uses GitHub Actions to ensure code quality before merging to `ma
|
|||||||
### Shell Script Linting
|
### Shell Script Linting
|
||||||
|
|
||||||
The `Shell Script Linting` workflow automatically runs on:
|
The `Shell Script Linting` workflow automatically runs on:
|
||||||
|
|
||||||
- Pull requests targeting `main` or `master` branches (including from forks)
|
- Pull requests targeting `main` or `master` branches (including from forks)
|
||||||
- Direct pushes to `main` or `master` branches
|
- Direct pushes to `main` or `master` branches
|
||||||
|
|
||||||
This workflow checks:
|
This workflow checks:
|
||||||
|
|
||||||
- Shell script syntax with `shellcheck`
|
- Shell script syntax with `shellcheck`
|
||||||
- Code formatting with `shfmt` (2-space indentation, no tabs)
|
- Code formatting with `shfmt` (2-space indentation, no tabs)
|
||||||
- Optional checks: `checkbashisms`, syntax validation
|
- Optional checks: `checkbashisms`, syntax validation
|
||||||
@ -38,6 +40,7 @@ bash scripts/meta/shell_check.sh
|
|||||||
```
|
```
|
||||||
|
|
||||||
This will:
|
This will:
|
||||||
|
|
||||||
- Install required linters on Arch Linux (if needed)
|
- Install required linters on Arch Linux (if needed)
|
||||||
- Check all shell scripts in the repository
|
- Check all shell scripts in the repository
|
||||||
- Report any formatting or syntax issues
|
- Report any formatting or syntax issues
|
||||||
@ -56,6 +59,7 @@ find . -name "*.sh" -type f | xargs shfmt -w -i 2 -ci -sr -s
|
|||||||
## What Gets Checked
|
## What Gets Checked
|
||||||
|
|
||||||
The workflow validates shell scripts with these extensions or shebangs:
|
The workflow validates shell scripts with these extensions or shebangs:
|
||||||
|
|
||||||
- `*.sh`, `*.bash`, `*.zsh` files
|
- `*.sh`, `*.bash`, `*.zsh` files
|
||||||
- Executable files with shell shebangs (`#!/bin/bash`, `#!/bin/sh`, etc.)
|
- Executable files with shell shebangs (`#!/bin/bash`, `#!/bin/sh`, etc.)
|
||||||
|
|
||||||
|
|||||||
@ -3,6 +3,7 @@
|
|||||||
This repo automates Linux desktop bootstrap, hardening, and i3 setup. It’s primarily Bash scripts with idempotent installers, systemd units, and policy guardrails. Use these notes to work effectively with the codebase.
|
This repo automates Linux desktop bootstrap, hardening, and i3 setup. It’s primarily Bash scripts with idempotent installers, systemd units, and policy guardrails. Use these notes to work effectively with the codebase.
|
||||||
|
|
||||||
## Big picture
|
## Big picture
|
||||||
|
|
||||||
- fresh-install/: end-to-end bootstrap for Arch/Ubuntu workstations. Reads package lists, configures pacman/makepkg, sets up GPU drivers, i3, hosts guard, pacman wrapper, and useful services. Example: `fresh-install/main.sh` orchestrates most steps and sources `detect_gpu*.sh`.
|
- fresh-install/: end-to-end bootstrap for Arch/Ubuntu workstations. Reads package lists, configures pacman/makepkg, sets up GPU drivers, i3, hosts guard, pacman wrapper, and useful services. Example: `fresh-install/main.sh` orchestrates most steps and sources `detect_gpu*.sh`.
|
||||||
- hosts/: manages a highly-opinionated `/etc/hosts` via StevenBlack upstream with custom edits, plus “guard” friction:
|
- hosts/: manages a highly-opinionated `/etc/hosts` via StevenBlack upstream with custom edits, plus “guard” friction:
|
||||||
- `hosts/install.sh` builds and locks `/etc/hosts` (immutable/append-only; selective unblocks; custom blocks).
|
- `hosts/install.sh` builds and locks `/etc/hosts` (immutable/append-only; selective unblocks; custom blocks).
|
||||||
@ -15,11 +16,13 @@ This repo automates Linux desktop bootstrap, hardening, and i3 setup. It’s pri
|
|||||||
- i3-configuration/: installs i3 and i3blocks configs with small font sizing logic (`i3-configuration/install.sh`).
|
- i3-configuration/: installs i3 and i3blocks configs with small font sizing logic (`i3-configuration/install.sh`).
|
||||||
|
|
||||||
## Conventions you should follow
|
## Conventions you should follow
|
||||||
|
|
||||||
- Bash style: use `set -e` or `set -euo pipefail`, re-exec with sudo if not root, be idempotent, and log to `/var/log/*` with timestamps. Examples: `setup_periodic_system.sh`, `hosts/guard/setup_hosts_guard.sh`.
|
- Bash style: use `set -e` or `set -euo pipefail`, re-exec with sudo if not root, be idempotent, and log to `/var/log/*` with timestamps. Examples: `setup_periodic_system.sh`, `hosts/guard/setup_hosts_guard.sh`.
|
||||||
- Install via templates: scripts under `scripts/system-maintenance/bin` and `.../systemd` are templates. The setup script substitutes placeholders like `__HOSTS_INSTALL_SCRIPT__` and `__PACMAN_WRAPPER_INSTALL__` before installing to `/usr/local/bin` and `/etc/systemd/system`. Don’t edit installed copies directly; modify templates and the setup script.
|
- Install via templates: scripts under `scripts/system-maintenance/bin` and `.../systemd` are templates. The setup script substitutes placeholders like `__HOSTS_INSTALL_SCRIPT__` and `__PACMAN_WRAPPER_INSTALL__` before installing to `/usr/local/bin` and `/etc/systemd/system`. Don’t edit installed copies directly; modify templates and the setup script.
|
||||||
- Package lists: `fresh-install/pacman_packages.txt` and `aur_packages.txt` treat any line not starting with lowercase alnum as a comment.
|
- Package lists: `fresh-install/pacman_packages.txt` and `aur_packages.txt` treat any line not starting with lowercase alnum as a comment.
|
||||||
|
|
||||||
## Core workflows (what to run)
|
## Core workflows (what to run)
|
||||||
|
|
||||||
- Fresh machine: run from repo root
|
- Fresh machine: run from repo root
|
||||||
- `fresh-install/main.sh` (bootstraps configs, GPU, hosts, i3, pacman wrapper, services). It assumes the repo is at `~/linux-configuration` in some steps.
|
- `fresh-install/main.sh` (bootstraps configs, GPU, hosts, i3, pacman wrapper, services). It assumes the repo is at `~/linux-configuration` in some steps.
|
||||||
- Periodic services: `sudo scripts/setup_periodic_system.sh` (installs timer, startup service, hosts monitor, and browser pre-exec wrapper; then performs an initial run).
|
- Periodic services: `sudo scripts/setup_periodic_system.sh` (installs timer, startup service, hosts monitor, and browser pre-exec wrapper; then performs an initial run).
|
||||||
@ -31,16 +34,19 @@ This repo automates Linux desktop bootstrap, hardening, and i3 setup. It’s pri
|
|||||||
- i3 config: `i3-configuration/install.sh` (copies `i3` and `i3blocks`, adjusts font size; installs required tools conditionally for Arch/Ubuntu).
|
- i3 config: `i3-configuration/install.sh` (copies `i3` and `i3blocks`, adjusts font size; installs required tools conditionally for Arch/Ubuntu).
|
||||||
|
|
||||||
## Integration points and gotchas
|
## Integration points and gotchas
|
||||||
|
|
||||||
- Pacman interception: `pacman_wrapper.sh` sets `PACMAN_BIN=/usr/bin/pacman.orig` and symlinks `/usr/bin/pacman` -> wrapper. Keep this invariant when changing the wrapper.
|
- Pacman interception: `pacman_wrapper.sh` sets `PACMAN_BIN=/usr/bin/pacman.orig` and symlinks `/usr/bin/pacman` -> wrapper. Keep this invariant when changing the wrapper.
|
||||||
- Hosts hooks: Wrapper calls `/usr/local/share/hosts-guard/pacman-pre-unlock-hosts.sh` and `...post-relock-hosts.sh` if installed; keep paths stable or update both installer and wrapper.
|
- Hosts hooks: Wrapper calls `/usr/local/share/hosts-guard/pacman-pre-unlock-hosts.sh` and `...post-relock-hosts.sh` if installed; keep paths stable or update both installer and wrapper.
|
||||||
- Logs: check `/var/log/periodic-system-maintenance.log` and `/var/log/hosts-file-monitor.log` for service behavior; timer and services live under `scripts/system-maintenance/systemd/` (templates).
|
- Logs: check `/var/log/periodic-system-maintenance.log` and `/var/log/hosts-file-monitor.log` for service behavior; timer and services live under `scripts/system-maintenance/systemd/` (templates).
|
||||||
- Browser pre-exec: setup creates `/usr/local/bin/browser-preexec-wrapper` and symlinks common browser names to it; it silently re-runs the hosts installer before launching the real binary in `/usr/bin`.
|
- Browser pre-exec: setup creates `/usr/local/bin/browser-preexec-wrapper` and symlinks common browser names to it; it silently re-runs the hosts installer before launching the real binary in `/usr/bin`.
|
||||||
|
|
||||||
## Patterns to reuse when adding features
|
## Patterns to reuse when adding features
|
||||||
|
|
||||||
- Follow the sudo re-exec + idempotent install pattern from `setup_periodic_system.sh` and `hosts/guard/setup_hosts_guard.sh`.
|
- Follow the sudo re-exec + idempotent install pattern from `setup_periodic_system.sh` and `hosts/guard/setup_hosts_guard.sh`.
|
||||||
- Add new periodic behaviors as templates under `scripts/system-maintenance/bin` and `.../systemd`, then extend `setup_periodic_system.sh` to install/enable them.
|
- Add new periodic behaviors as templates under `scripts/system-maintenance/bin` and `.../systemd`, then extend `setup_periodic_system.sh` to install/enable them.
|
||||||
- Extend package policy by updating `scripts/digital_wellbeing/pacman/pacman_blocked_keywords.txt` or by adding `check_for_<pkg>` + `prompt_for_<pkg>_challenge` blocks in the wrapper.
|
- Extend package policy by updating `scripts/digital_wellbeing/pacman/pacman_blocked_keywords.txt` or by adding `check_for_<pkg>` + `prompt_for_<pkg>_challenge` blocks in the wrapper.
|
||||||
- Run `scripts/meta/shell_check.sh` to detect things to fix before committing.
|
- Run `scripts/meta/shell_check.sh` to detect things to fix before committing.
|
||||||
|
|
||||||
## Detailed LLM Documentation
|
## Detailed LLM Documentation
|
||||||
|
|
||||||
For in-depth understanding of specific components, see these dedicated guides:
|
For in-depth understanding of specific components, see these dedicated guides:
|
||||||
@ -54,7 +60,7 @@ For in-depth understanding of specific components, see these dedicated guides:
|
|||||||
## Digital Wellbeing Components Summary
|
## Digital Wellbeing Components Summary
|
||||||
|
|
||||||
| Component | Purpose | Key Files |
|
| Component | Purpose | Key Files |
|
||||||
|-----------|---------|-----------|
|
| ----------------- | ----------------------------- | ------------------------------------------------------- |
|
||||||
| Hosts Guard | Block websites via /etc/hosts | `hosts/install.sh`, `hosts/guard/*` |
|
| Hosts Guard | Block websites via /etc/hosts | `hosts/install.sh`, `hosts/guard/*` |
|
||||||
| Pacman Wrapper | Block package installation | `scripts/digital_wellbeing/pacman/*` |
|
| Pacman Wrapper | Block package installation | `scripts/digital_wellbeing/pacman/*` |
|
||||||
| Midnight Shutdown | Auto-shutdown at night | `scripts/digital_wellbeing/setup_midnight_shutdown.sh` |
|
| Midnight Shutdown | Auto-shutdown at night | `scripts/digital_wellbeing/setup_midnight_shutdown.sh` |
|
||||||
|
|||||||
@ -4,19 +4,19 @@ on:
|
|||||||
push:
|
push:
|
||||||
branches: [main, master]
|
branches: [main, master]
|
||||||
paths:
|
paths:
|
||||||
- '**.sh'
|
- "**.sh"
|
||||||
- '**.bash'
|
- "**.bash"
|
||||||
- '**.zsh'
|
- "**.zsh"
|
||||||
- '.github/workflows/shell-check.yml'
|
- ".github/workflows/shell-check.yml"
|
||||||
- 'scripts/meta/shell_check.sh'
|
- "scripts/meta/shell_check.sh"
|
||||||
pull_request:
|
pull_request:
|
||||||
branches: [main, master]
|
branches: [main, master]
|
||||||
paths:
|
paths:
|
||||||
- '**.sh'
|
- "**.sh"
|
||||||
- '**.bash'
|
- "**.bash"
|
||||||
- '**.zsh'
|
- "**.zsh"
|
||||||
- '.github/workflows/shell-check.yml'
|
- ".github/workflows/shell-check.yml"
|
||||||
- 'scripts/meta/shell_check.sh'
|
- "scripts/meta/shell_check.sh"
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
shellcheck:
|
shellcheck:
|
||||||
|
|||||||
@ -19,6 +19,7 @@ The original pacman wrapper had the following vulnerabilities:
|
|||||||
**File**: `scripts/digital_wellbeing/pacman/install_pacman_wrapper.sh`
|
**File**: `scripts/digital_wellbeing/pacman/install_pacman_wrapper.sh`
|
||||||
|
|
||||||
The installer now:
|
The installer now:
|
||||||
|
|
||||||
- Generates SHA256 checksums of all policy files during installation
|
- Generates SHA256 checksums of all policy files during installation
|
||||||
- Stores checksums in `/var/lib/pacman-wrapper/policy.sha256`
|
- Stores checksums in `/var/lib/pacman-wrapper/policy.sha256`
|
||||||
- Makes the integrity file immutable using `chattr +i`
|
- Makes the integrity file immutable using `chattr +i`
|
||||||
@ -27,12 +28,14 @@ The installer now:
|
|||||||
**File**: `scripts/digital_wellbeing/pacman/pacman_wrapper.sh`
|
**File**: `scripts/digital_wellbeing/pacman/pacman_wrapper.sh`
|
||||||
|
|
||||||
The wrapper now:
|
The wrapper now:
|
||||||
|
|
||||||
- Verifies policy file integrity on **every invocation**
|
- Verifies policy file integrity on **every invocation**
|
||||||
- Compares current file checksums against stored checksums
|
- Compares current file checksums against stored checksums
|
||||||
- **Blocks all operations** if tampering is detected
|
- **Blocks all operations** if tampering is detected
|
||||||
- Displays security warnings and instructs user to reinstall
|
- Displays security warnings and instructs user to reinstall
|
||||||
|
|
||||||
**Benefits**:
|
**Benefits**:
|
||||||
|
|
||||||
- Cannot bypass restrictions by editing policy files
|
- Cannot bypass restrictions by editing policy files
|
||||||
- Tampering is immediately detected and blocked
|
- Tampering is immediately detected and blocked
|
||||||
- Must use `chattr -i` (requires root) to modify files, making bypass harder
|
- Must use `chattr -i` (requires root) to modify files, making bypass harder
|
||||||
@ -51,11 +54,13 @@ function is_virtualbox_package() {
|
|||||||
```
|
```
|
||||||
|
|
||||||
This function:
|
This function:
|
||||||
|
|
||||||
- Is compiled into the wrapper code itself
|
- Is compiled into the wrapper code itself
|
||||||
- Cannot be disabled by editing text files
|
- Cannot be disabled by editing text files
|
||||||
- Catches all VirtualBox-related packages
|
- Catches all VirtualBox-related packages
|
||||||
|
|
||||||
**Enhanced Challenge**:
|
**Enhanced Challenge**:
|
||||||
|
|
||||||
- 7-letter words (harder than greylist's 6-letter words)
|
- 7-letter words (harder than greylist's 6-letter words)
|
||||||
- 150 words to memorize (more than greylist's 120)
|
- 150 words to memorize (more than greylist's 120)
|
||||||
- 120-second timeout (longer than greylist's 90s)
|
- 120-second timeout (longer than greylist's 90s)
|
||||||
@ -63,6 +68,7 @@ This function:
|
|||||||
- 30-50 second post-challenge delay
|
- 30-50 second post-challenge delay
|
||||||
|
|
||||||
**Warning Messages**:
|
**Warning Messages**:
|
||||||
|
|
||||||
- Explicit warning about /etc/hosts bypass potential
|
- Explicit warning about /etc/hosts bypass potential
|
||||||
- Lists security measures that will be applied
|
- Lists security measures that will be applied
|
||||||
- Emphasizes that restrictions are hardcoded
|
- Emphasizes that restrictions are hardcoded
|
||||||
@ -74,18 +80,21 @@ This function:
|
|||||||
A new enforcement script that:
|
A new enforcement script that:
|
||||||
|
|
||||||
**For Host Configuration**:
|
**For Host Configuration**:
|
||||||
|
|
||||||
- Configures all VMs to use host's DNS resolution (`--natdnshostresolver1 on`)
|
- Configures all VMs to use host's DNS resolution (`--natdnshostresolver1 on`)
|
||||||
- Enables NAT DNS proxy (`--natdnsproxy1 on`)
|
- Enables NAT DNS proxy (`--natdnsproxy1 on`)
|
||||||
- Adds `/etc` as a read-only shared folder to all VMs
|
- Adds `/etc` as a read-only shared folder to all VMs
|
||||||
- Tracks enforcement status with marker file
|
- Tracks enforcement status with marker file
|
||||||
|
|
||||||
**For Guest Configuration**:
|
**For Guest Configuration**:
|
||||||
|
|
||||||
- Generates a startup script for VMs
|
- Generates a startup script for VMs
|
||||||
- Mounts the shared `/etc` folder inside the VM
|
- Mounts the shared `/etc` folder inside the VM
|
||||||
- Syncs host's `/etc/hosts` to VM's `/etc/hosts`
|
- Syncs host's `/etc/hosts` to VM's `/etc/hosts`
|
||||||
- Makes the hosts file read-only in the VM
|
- Makes the hosts file read-only in the VM
|
||||||
|
|
||||||
**Commands**:
|
**Commands**:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Apply enforcement to all VMs
|
# Apply enforcement to all VMs
|
||||||
sudo enforce_vbox_hosts.sh enforce
|
sudo enforce_vbox_hosts.sh enforce
|
||||||
@ -99,6 +108,7 @@ sudo enforce_vbox_hosts.sh generate-script
|
|||||||
|
|
||||||
**Auto-Integration**:
|
**Auto-Integration**:
|
||||||
The pacman wrapper automatically:
|
The pacman wrapper automatically:
|
||||||
|
|
||||||
- Detects VirtualBox installation after any install operation
|
- Detects VirtualBox installation after any install operation
|
||||||
- Locates and runs the enforcement script
|
- Locates and runs the enforcement script
|
||||||
- Applies enforcement to all existing VMs
|
- Applies enforcement to all existing VMs
|
||||||
@ -109,6 +119,7 @@ The pacman wrapper automatically:
|
|||||||
**File**: `scripts/digital_wellbeing/pacman/install_pacman_wrapper.sh`
|
**File**: `scripts/digital_wellbeing/pacman/install_pacman_wrapper.sh`
|
||||||
|
|
||||||
The installer now:
|
The installer now:
|
||||||
|
|
||||||
- Installs VirtualBox enforcement script to `/usr/local/share/digital_wellbeing/virtualbox/`
|
- Installs VirtualBox enforcement script to `/usr/local/share/digital_wellbeing/virtualbox/`
|
||||||
- Makes the enforcement script executable
|
- Makes the enforcement script executable
|
||||||
- Reports installation status to user
|
- Reports installation status to user
|
||||||
@ -159,6 +170,7 @@ bash tests/test_pacman_wrapper_security.sh
|
|||||||
```
|
```
|
||||||
|
|
||||||
Tests verify:
|
Tests verify:
|
||||||
|
|
||||||
- Script syntax validity
|
- Script syntax validity
|
||||||
- Integrity check function exists and is called
|
- Integrity check function exists and is called
|
||||||
- Hardcoded VirtualBox check exists
|
- Hardcoded VirtualBox check exists
|
||||||
@ -176,6 +188,7 @@ sudo ./install_pacman_wrapper.sh
|
|||||||
```
|
```
|
||||||
|
|
||||||
This will:
|
This will:
|
||||||
|
|
||||||
- Install the wrapper and policy files
|
- Install the wrapper and policy files
|
||||||
- Generate integrity checksums
|
- Generate integrity checksums
|
||||||
- Make policy files immutable
|
- Make policy files immutable
|
||||||
|
|||||||
@ -11,12 +11,14 @@ This document analyzes six digital wellbeing/security scripts and provides a det
|
|||||||
### 1. `/etc/hosts` Protection System
|
### 1. `/etc/hosts` Protection System
|
||||||
|
|
||||||
**Files involved:**
|
**Files involved:**
|
||||||
|
|
||||||
- [hosts/install.sh](../hosts/install.sh) - Main hosts installer
|
- [hosts/install.sh](../hosts/install.sh) - Main hosts installer
|
||||||
- [hosts/guard/setup_hosts_guard.sh](../hosts/guard/setup_hosts_guard.sh) - Guard layer setup
|
- [hosts/guard/setup_hosts_guard.sh](../hosts/guard/setup_hosts_guard.sh) - Guard layer setup
|
||||||
- [hosts/guard/enforce-hosts.sh](../hosts/guard/enforce-hosts.sh) - Enforcement script
|
- [hosts/guard/enforce-hosts.sh](../hosts/guard/enforce-hosts.sh) - Enforcement script
|
||||||
- [hosts/guard/psychological/unlock-hosts.sh](../hosts/guard/psychological/unlock-hosts.sh) - Delayed unlock
|
- [hosts/guard/psychological/unlock-hosts.sh](../hosts/guard/psychological/unlock-hosts.sh) - Delayed unlock
|
||||||
|
|
||||||
**Current Protection Layers:**
|
**Current Protection Layers:**
|
||||||
|
|
||||||
1. ✅ Immutable attribute (`chattr +i`)
|
1. ✅ Immutable attribute (`chattr +i`)
|
||||||
2. ✅ Canonical copy at `/usr/local/share/locked-hosts`
|
2. ✅ Canonical copy at `/usr/local/share/locked-hosts`
|
||||||
3. ✅ Path watcher (`hosts-guard.path`) auto-restores on modification
|
3. ✅ Path watcher (`hosts-guard.path`) auto-restores on modification
|
||||||
@ -25,9 +27,11 @@ This document analyzes six digital wellbeing/security scripts and provides a det
|
|||||||
6. ✅ Shell history suppression for `unlock-hosts` command
|
6. ✅ Shell history suppression for `unlock-hosts` command
|
||||||
|
|
||||||
**CRITICAL VULNERABILITY IDENTIFIED:**
|
**CRITICAL VULNERABILITY IDENTIFIED:**
|
||||||
|
|
||||||
- ❌ **NO protection for `/etc/nsswitch.conf`** - A user can simply edit nsswitch.conf and remove `files` from the `hosts:` line, completely bypassing ALL /etc/hosts protections without touching the hosts file itself!
|
- ❌ **NO protection for `/etc/nsswitch.conf`** - A user can simply edit nsswitch.conf and remove `files` from the `hosts:` line, completely bypassing ALL /etc/hosts protections without touching the hosts file itself!
|
||||||
|
|
||||||
**Example bypass:**
|
**Example bypass:**
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Original: hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns
|
# Original: hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns
|
||||||
# Tampered: hosts: mymachines resolve [!UNAVAIL=return] myhostname dns
|
# Tampered: hosts: mymachines resolve [!UNAVAIL=return] myhostname dns
|
||||||
@ -39,9 +43,11 @@ This document analyzes six digital wellbeing/security scripts and provides a det
|
|||||||
### 2. Midnight Shutdown System
|
### 2. Midnight Shutdown System
|
||||||
|
|
||||||
**Files involved:**
|
**Files involved:**
|
||||||
|
|
||||||
- [scripts/digital_wellbeing/setup_midnight_shutdown.sh](../scripts/digital_wellbeing/setup_midnight_shutdown.sh) (1359 lines)
|
- [scripts/digital_wellbeing/setup_midnight_shutdown.sh](../scripts/digital_wellbeing/setup_midnight_shutdown.sh) (1359 lines)
|
||||||
|
|
||||||
**Current Protection Layers:**
|
**Current Protection Layers:**
|
||||||
|
|
||||||
1. ✅ Immutable attribute on `/etc/shutdown-schedule.conf`
|
1. ✅ Immutable attribute on `/etc/shutdown-schedule.conf`
|
||||||
2. ✅ Canonical copy at `/usr/local/share/locked-shutdown-schedule.conf`
|
2. ✅ Canonical copy at `/usr/local/share/locked-shutdown-schedule.conf`
|
||||||
3. ✅ Path watcher restores config if tampered
|
3. ✅ Path watcher restores config if tampered
|
||||||
@ -49,6 +55,7 @@ This document analyzes six digital wellbeing/security scripts and provides a det
|
|||||||
5. ✅ Unlock script with psychological delay
|
5. ✅ Unlock script with psychological delay
|
||||||
|
|
||||||
**VULNERABILITIES IDENTIFIED:**
|
**VULNERABILITIES IDENTIFIED:**
|
||||||
|
|
||||||
- ❌ The unlock script **explicitly tells users how to bypass**: "sudo /usr/local/sbin/unlock-shutdown-schedule"
|
- ❌ The unlock script **explicitly tells users how to bypass**: "sudo /usr/local/sbin/unlock-shutdown-schedule"
|
||||||
- ❌ The schedule change logic is communicated in the error message
|
- ❌ The schedule change logic is communicated in the error message
|
||||||
- ❌ No protection against stopping/disabling the timer services
|
- ❌ No protection against stopping/disabling the timer services
|
||||||
@ -61,11 +68,13 @@ This document analyzes six digital wellbeing/security scripts and provides a det
|
|||||||
**File:** `/home/kuhy/testsAndMisc/python_pkg/screen_locker/screen_lock.py`
|
**File:** `/home/kuhy/testsAndMisc/python_pkg/screen_locker/screen_lock.py`
|
||||||
|
|
||||||
**Current Workout Types:**
|
**Current Workout Types:**
|
||||||
|
|
||||||
1. Running - distance, time, pace validation
|
1. Running - distance, time, pace validation
|
||||||
2. Strength - exercises, sets, reps, weights, total calculation
|
2. Strength - exercises, sets, reps, weights, total calculation
|
||||||
3. Table Tennis - duration, sets, points won/lost
|
3. Table Tennis - duration, sets, points won/lost
|
||||||
|
|
||||||
**VULNERABILITIES IDENTIFIED:**
|
**VULNERABILITIES IDENTIFIED:**
|
||||||
|
|
||||||
- ❌ **Running option too easy to fake** - just enter plausible numbers
|
- ❌ **Running option too easy to fake** - just enter plausible numbers
|
||||||
- ❌ **Table Tennis lacks real verification** - no mathematical cross-check
|
- ❌ **Table Tennis lacks real verification** - no mathematical cross-check
|
||||||
- ❌ Users can close the window via keyboard shortcuts (Alt+F4, etc.)
|
- ❌ Users can close the window via keyboard shortcuts (Alt+F4, etc.)
|
||||||
@ -77,11 +86,13 @@ This document analyzes six digital wellbeing/security scripts and provides a det
|
|||||||
### 4. Pacman Wrapper
|
### 4. Pacman Wrapper
|
||||||
|
|
||||||
**Files involved:**
|
**Files involved:**
|
||||||
|
|
||||||
- [scripts/digital_wellbeing/pacman/pacman_wrapper.sh](../scripts/digital_wellbeing/pacman/pacman_wrapper.sh) (823 lines)
|
- [scripts/digital_wellbeing/pacman/pacman_wrapper.sh](../scripts/digital_wellbeing/pacman/pacman_wrapper.sh) (823 lines)
|
||||||
- [scripts/digital_wellbeing/pacman/pacman_blocked_keywords.txt](../scripts/digital_wellbeing/pacman/pacman_blocked_keywords.txt)
|
- [scripts/digital_wellbeing/pacman/pacman_blocked_keywords.txt](../scripts/digital_wellbeing/pacman/pacman_blocked_keywords.txt)
|
||||||
- [scripts/digital_wellbeing/pacman/install_pacman_wrapper.sh](../scripts/digital_wellbeing/pacman/install_pacman_wrapper.sh)
|
- [scripts/digital_wellbeing/pacman/install_pacman_wrapper.sh](../scripts/digital_wellbeing/pacman/install_pacman_wrapper.sh)
|
||||||
|
|
||||||
**Current Protection:**
|
**Current Protection:**
|
||||||
|
|
||||||
1. ✅ Policy file integrity verification (SHA256)
|
1. ✅ Policy file integrity verification (SHA256)
|
||||||
2. ✅ Blocked keywords list
|
2. ✅ Blocked keywords list
|
||||||
3. ✅ Greylist with challenge
|
3. ✅ Greylist with challenge
|
||||||
@ -89,6 +100,7 @@ This document analyzes six digital wellbeing/security scripts and provides a det
|
|||||||
5. ✅ Steam weekend-only restriction
|
5. ✅ Steam weekend-only restriction
|
||||||
|
|
||||||
**VULNERABILITIES IDENTIFIED:**
|
**VULNERABILITIES IDENTIFIED:**
|
||||||
|
|
||||||
- ❌ **Google Chrome not blocked** - `google-chrome` and `google-chrome-stable` missing from blocked list
|
- ❌ **Google Chrome not blocked** - `google-chrome` and `google-chrome-stable` missing from blocked list
|
||||||
- ❌ No automatic LeechBlock installation when browsers are detected
|
- ❌ No automatic LeechBlock installation when browsers are detected
|
||||||
- ❌ User can download `.deb`/`.tar.gz` and install manually
|
- ❌ User can download `.deb`/`.tar.gz` and install manually
|
||||||
@ -100,11 +112,13 @@ This document analyzes six digital wellbeing/security scripts and provides a det
|
|||||||
**File:** [scripts/digital_wellbeing/block_compulsive_opening.sh](../scripts/digital_wellbeing/block_compulsive_opening.sh) (507 lines)
|
**File:** [scripts/digital_wellbeing/block_compulsive_opening.sh](../scripts/digital_wellbeing/block_compulsive_opening.sh) (507 lines)
|
||||||
|
|
||||||
**Current Behavior:**
|
**Current Behavior:**
|
||||||
|
|
||||||
- Records first open per hour in state file
|
- Records first open per hour in state file
|
||||||
- Blocks subsequent launches within same hour
|
- Blocks subsequent launches within same hour
|
||||||
- Shows notification when blocked
|
- Shows notification when blocked
|
||||||
|
|
||||||
**CRITICAL VULNERABILITY:**
|
**CRITICAL VULNERABILITY:**
|
||||||
|
|
||||||
- ❌ **App stays running indefinitely** - User can:
|
- ❌ **App stays running indefinitely** - User can:
|
||||||
1. Open app once per hour (allowed)
|
1. Open app once per hour (allowed)
|
||||||
2. Minimize/hide the window
|
2. Minimize/hide the window
|
||||||
@ -118,10 +132,12 @@ This document analyzes six digital wellbeing/security scripts and provides a det
|
|||||||
**File:** [scripts/digital_wellbeing/youtube-music-wrapper.sh](../scripts/digital_wellbeing/youtube-music-wrapper.sh)
|
**File:** [scripts/digital_wellbeing/youtube-music-wrapper.sh](../scripts/digital_wellbeing/youtube-music-wrapper.sh)
|
||||||
|
|
||||||
**Current Behavior:**
|
**Current Behavior:**
|
||||||
|
|
||||||
- Checks if focus apps (VSCode, games, etc.) are running
|
- Checks if focus apps (VSCode, games, etc.) are running
|
||||||
- Blocks YouTube Music launch if focus app detected
|
- Blocks YouTube Music launch if focus app detected
|
||||||
|
|
||||||
**REQUESTED ENHANCEMENT:**
|
**REQUESTED ENHANCEMENT:**
|
||||||
|
|
||||||
- When Steam is open → Block ALL browsers, close any open browsers
|
- When Steam is open → Block ALL browsers, close any open browsers
|
||||||
- When browsers open → Block Steam, close Steam if running
|
- When browsers open → Block Steam, close Steam if running
|
||||||
- This creates mutual exclusion between gaming and browsing
|
- This creates mutual exclusion between gaming and browsing
|
||||||
@ -133,11 +149,13 @@ This document analyzes six digital wellbeing/security scripts and provides a det
|
|||||||
### Shell (Bash) Limitations
|
### Shell (Bash) Limitations
|
||||||
|
|
||||||
**Pros:**
|
**Pros:**
|
||||||
|
|
||||||
- Native to the system, no dependencies
|
- Native to the system, no dependencies
|
||||||
- Direct access to systemd, chattr, filesystem
|
- Direct access to systemd, chattr, filesystem
|
||||||
- Fast for simple operations
|
- Fast for simple operations
|
||||||
|
|
||||||
**Cons:**
|
**Cons:**
|
||||||
|
|
||||||
- No persistent daemon capability (need systemd for that)
|
- No persistent daemon capability (need systemd for that)
|
||||||
- Race conditions in file operations
|
- Race conditions in file operations
|
||||||
- Complex state management is fragile
|
- Complex state management is fragile
|
||||||
@ -147,6 +165,7 @@ This document analyzes six digital wellbeing/security scripts and provides a det
|
|||||||
### Python Advantages for Certain Tasks
|
### Python Advantages for Certain Tasks
|
||||||
|
|
||||||
**Where Python would be better:**
|
**Where Python would be better:**
|
||||||
|
|
||||||
1. **Process monitoring daemon** - Watch for Steam/browsers in real-time with proper event loop
|
1. **Process monitoring daemon** - Watch for Steam/browsers in real-time with proper event loop
|
||||||
2. **Window management** - Using `python-xlib` for proper X11 interaction
|
2. **Window management** - Using `python-xlib` for proper X11 interaction
|
||||||
3. **Complex state machines** - Like the screen locker
|
3. **Complex state machines** - Like the screen locker
|
||||||
@ -155,7 +174,7 @@ This document analyzes six digital wellbeing/security scripts and provides a det
|
|||||||
### Recommendation
|
### Recommendation
|
||||||
|
|
||||||
| Component | Keep Bash | Move to Python | Reason |
|
| Component | Keep Bash | Move to Python | Reason |
|
||||||
|-----------|-----------|----------------|--------|
|
| ----------------- | --------- | -------------- | ------------------------------------ |
|
||||||
| hosts guard | ✅ | | Simple file ops, systemd integration |
|
| hosts guard | ✅ | | Simple file ops, systemd integration |
|
||||||
| shutdown schedule | ✅ | | Systemd timers, config files |
|
| shutdown schedule | ✅ | | Systemd timers, config files |
|
||||||
| screen locker | | ✅ Already | Complex UI, state machine |
|
| screen locker | | ✅ Already | Complex UI, state machine |
|
||||||
@ -164,6 +183,7 @@ This document analyzes six digital wellbeing/security scripts and provides a det
|
|||||||
| music wrapper | | ✅ | Needs real-time process monitoring |
|
| music wrapper | | ✅ | Needs real-time process monitoring |
|
||||||
|
|
||||||
**New Python Daemon Needed:** A single "digital wellbeing daemon" that:
|
**New Python Daemon Needed:** A single "digital wellbeing daemon" that:
|
||||||
|
|
||||||
1. Monitors running processes
|
1. Monitors running processes
|
||||||
2. Auto-closes apps after timeout
|
2. Auto-closes apps after timeout
|
||||||
3. Enforces Steam/browser mutual exclusion
|
3. Enforces Steam/browser mutual exclusion
|
||||||
@ -179,7 +199,7 @@ This document analyzes six digital wellbeing/security scripts and provides a det
|
|||||||
|
|
||||||
### IMPLEMENTATION PROMPT
|
### IMPLEMENTATION PROMPT
|
||||||
|
|
||||||
```
|
````
|
||||||
I need to implement comprehensive security hardening for a Linux digital wellbeing system.
|
I need to implement comprehensive security hardening for a Linux digital wellbeing system.
|
||||||
The codebase is at ~/linux-configuration/ with these components needing changes:
|
The codebase is at ~/linux-configuration/ with these components needing changes:
|
||||||
|
|
||||||
@ -293,7 +313,7 @@ launch_with_timer() {
|
|||||||
# Wait for app to exit
|
# Wait for app to exit
|
||||||
wait $app_pid 2>/dev/null || true
|
wait $app_pid 2>/dev/null || true
|
||||||
}
|
}
|
||||||
```
|
````
|
||||||
|
|
||||||
## 6. YOUTUBE MUSIC → STEAM/BROWSER MUTUAL EXCLUSION
|
## 6. YOUTUBE MUSIC → STEAM/BROWSER MUTUAL EXCLUSION
|
||||||
|
|
||||||
@ -302,9 +322,10 @@ This requires a more sophisticated approach. Create a new Python daemon.
|
|||||||
Location: scripts/digital_wellbeing/focus_mode_daemon.py (new file)
|
Location: scripts/digital_wellbeing/focus_mode_daemon.py (new file)
|
||||||
|
|
||||||
Behavior:
|
Behavior:
|
||||||
|
|
||||||
- Run as a systemd user service
|
- Run as a systemd user service
|
||||||
- Monitor running processes continuously
|
- Monitor running processes continuously
|
||||||
- When Steam (steam_app_* or steam game processes) detected:
|
- When Steam (steam*app*\* or steam game processes) detected:
|
||||||
- Kill any running browsers (firefox, chrome, brave, etc.)
|
- Kill any running browsers (firefox, chrome, brave, etc.)
|
||||||
- Block browser launches (via wrapper modification or DBus signal)
|
- Block browser launches (via wrapper modification or DBus signal)
|
||||||
- Show notification: "Gaming mode active - browsers disabled"
|
- Show notification: "Gaming mode active - browsers disabled"
|
||||||
@ -326,6 +347,7 @@ Behavior:
|
|||||||
## FILES TO CREATE/MODIFY
|
## FILES TO CREATE/MODIFY
|
||||||
|
|
||||||
New files:
|
New files:
|
||||||
|
|
||||||
- hosts/guard/nsswitch-guard.path
|
- hosts/guard/nsswitch-guard.path
|
||||||
- hosts/guard/nsswitch-guard.service
|
- hosts/guard/nsswitch-guard.service
|
||||||
- hosts/guard/enforce-nsswitch.sh
|
- hosts/guard/enforce-nsswitch.sh
|
||||||
@ -334,6 +356,7 @@ New files:
|
|||||||
- tests/test_security_hardening.sh
|
- tests/test_security_hardening.sh
|
||||||
|
|
||||||
Modified files:
|
Modified files:
|
||||||
|
|
||||||
- hosts/guard/setup_hosts_guard.sh (add nsswitch protection)
|
- hosts/guard/setup_hosts_guard.sh (add nsswitch protection)
|
||||||
- scripts/digital_wellbeing/setup_midnight_shutdown.sh (remove helpful messages)
|
- scripts/digital_wellbeing/setup_midnight_shutdown.sh (remove helpful messages)
|
||||||
- scripts/digital_wellbeing/pacman/pacman_blocked_keywords.txt (add chrome)
|
- scripts/digital_wellbeing/pacman/pacman_blocked_keywords.txt (add chrome)
|
||||||
@ -342,7 +365,9 @@ Modified files:
|
|||||||
- scripts/digital_wellbeing/youtube-music-wrapper.sh (daemon integration)
|
- scripts/digital_wellbeing/youtube-music-wrapper.sh (daemon integration)
|
||||||
|
|
||||||
External repo (separate changes):
|
External repo (separate changes):
|
||||||
|
|
||||||
- ~/testsAndMisc/python_pkg/screen_locker/screen_lock.py (remove running, harden table tennis)
|
- ~/testsAndMisc/python_pkg/screen_locker/screen_lock.py (remove running, harden table tennis)
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
---
|
---
|
||||||
@ -352,40 +377,48 @@ External repo (separate changes):
|
|||||||
### Agent: Hosts Guard Expert
|
### Agent: Hosts Guard Expert
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
You are an expert on the linux-configuration hosts guard system. You understand:
|
You are an expert on the linux-configuration hosts guard system. You understand:
|
||||||
|
|
||||||
FILES YOU KNOW:
|
FILES YOU KNOW:
|
||||||
|
|
||||||
- hosts/install.sh - Downloads StevenBlack hosts, adds custom entries, protects with chattr
|
- hosts/install.sh - Downloads StevenBlack hosts, adds custom entries, protects with chattr
|
||||||
- hosts/guard/setup_hosts_guard.sh - Installs all guard layers (path watcher, bind mount, unlock script)
|
- hosts/guard/setup_hosts_guard.sh - Installs all guard layers (path watcher, bind mount, unlock script)
|
||||||
- hosts/guard/enforce-hosts.sh - Called when tampering detected, restores from canonical
|
- hosts/guard/enforce-hosts.sh - Called when tampering detected, restores from canonical
|
||||||
- hosts/guard/psychological/unlock-hosts.sh - 45-second delay, logs reason, opens editor
|
- hosts/guard/psychological/unlock-hosts.sh - 45-second delay, logs reason, opens editor
|
||||||
- hosts/guard/hosts-guard.path/.service - Systemd path watcher
|
- hosts/guard/hosts-guard.path/.service - Systemd path watcher
|
||||||
- hosts/guard/hosts-bind-mount.service - Read-only bind mount
|
- hosts/guard/hosts-bind-mount.service - Read-only bind mount
|
||||||
- hosts/guard/pacman-hooks/*.sh - Pre/post transaction hooks for pacman
|
- hosts/guard/pacman-hooks/\*.sh - Pre/post transaction hooks for pacman
|
||||||
|
|
||||||
KEY CONCEPTS:
|
KEY CONCEPTS:
|
||||||
|
|
||||||
- Canonical copy at /usr/local/share/locked-hosts
|
- Canonical copy at /usr/local/share/locked-hosts
|
||||||
- Custom entries state at /etc/hosts.custom-entries.state
|
- Custom entries state at /etc/hosts.custom-entries.state
|
||||||
- Multi-layer defense: chattr + path watcher + bind mount
|
- Multi-layer defense: chattr + path watcher + bind mount
|
||||||
- Shell history suppression for unlock commands
|
- Shell history suppression for unlock commands
|
||||||
|
|
||||||
COMMON TASKS:
|
COMMON TASKS:
|
||||||
|
|
||||||
- Adding new blocked domains: Edit hosts/install.sh heredoc section
|
- Adding new blocked domains: Edit hosts/install.sh heredoc section
|
||||||
- Temporarily allowing edits: sudo /usr/local/sbin/unlock-hosts
|
- Temporarily allowing edits: sudo /usr/local/sbin/unlock-hosts
|
||||||
- Checking status: lsattr /etc/hosts, systemctl status hosts-guard.path
|
- Checking status: lsattr /etc/hosts, systemctl status hosts-guard.path
|
||||||
|
|
||||||
GOTCHAS:
|
GOTCHAS:
|
||||||
|
|
||||||
- Must run hosts/install.sh BEFORE setup_hosts_guard.sh
|
- Must run hosts/install.sh BEFORE setup_hosts_guard.sh
|
||||||
- Removing custom entries is blocked by protection mechanism
|
- Removing custom entries is blocked by protection mechanism
|
||||||
- nsswitch.conf bypass is currently unprotected (needs fix)
|
- nsswitch.conf bypass is currently unprotected (needs fix)
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
### Agent: Shutdown Schedule Expert
|
### Agent: Shutdown Schedule Expert
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
You are an expert on the midnight shutdown system. You understand:
|
You are an expert on the midnight shutdown system. You understand:
|
||||||
|
|
||||||
FILES YOU KNOW:
|
FILES YOU KNOW:
|
||||||
|
|
||||||
- scripts/digital_wellbeing/setup_midnight_shutdown.sh - Main installer (1300+ lines)
|
- scripts/digital_wellbeing/setup_midnight_shutdown.sh - Main installer (1300+ lines)
|
||||||
- /etc/shutdown-schedule.conf - Runtime config (MON_WED_HOUR, THU_SUN_HOUR, MORNING_END_HOUR)
|
- /etc/shutdown-schedule.conf - Runtime config (MON_WED_HOUR, THU_SUN_HOUR, MORNING_END_HOUR)
|
||||||
- /usr/local/share/locked-shutdown-schedule.conf - Canonical protected copy
|
- /usr/local/share/locked-shutdown-schedule.conf - Canonical protected copy
|
||||||
@ -395,6 +428,7 @@ FILES YOU KNOW:
|
|||||||
- /etc/systemd/system/shutdown-schedule-guard.path/.service - Config protection
|
- /etc/systemd/system/shutdown-schedule-guard.path/.service - Config protection
|
||||||
|
|
||||||
KEY CONCEPTS:
|
KEY CONCEPTS:
|
||||||
|
|
||||||
- Day-specific windows: Mon-Wed vs Thu-Sun have different hours
|
- Day-specific windows: Mon-Wed vs Thu-Sun have different hours
|
||||||
- Making schedule STRICTER (earlier) = allowed without delay
|
- Making schedule STRICTER (earlier) = allowed without delay
|
||||||
- Making schedule MORE LENIENT (later) = blocked or requires unlock
|
- Making schedule MORE LENIENT (later) = blocked or requires unlock
|
||||||
@ -402,22 +436,27 @@ KEY CONCEPTS:
|
|||||||
- Monitor service re-enables timer if user disables it
|
- Monitor service re-enables timer if user disables it
|
||||||
|
|
||||||
PROTECTION LAYERS:
|
PROTECTION LAYERS:
|
||||||
|
|
||||||
1. Script checks canonical config, blocks lenient changes
|
1. Script checks canonical config, blocks lenient changes
|
||||||
2. Config file has chattr +i
|
2. Config file has chattr +i
|
||||||
3. Path watcher restores if file modified
|
3. Path watcher restores if file modified
|
||||||
4. Canonical copy takes precedence
|
4. Canonical copy takes precedence
|
||||||
|
|
||||||
INTEGRATION:
|
INTEGRATION:
|
||||||
|
|
||||||
- i3blocks shutdown_countdown.sh reads the config
|
- i3blocks shutdown_countdown.sh reads the config
|
||||||
- screen_lock.py can adjust shutdown time (reward/punishment)
|
- screen_lock.py can adjust shutdown time (reward/punishment)
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
### Agent: Pacman Wrapper Expert
|
### Agent: Pacman Wrapper Expert
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
You are an expert on the pacman wrapper security system. You understand:
|
You are an expert on the pacman wrapper security system. You understand:
|
||||||
|
|
||||||
FILES YOU KNOW:
|
FILES YOU KNOW:
|
||||||
|
|
||||||
- scripts/digital_wellbeing/pacman/pacman_wrapper.sh - Main wrapper (823 lines)
|
- scripts/digital_wellbeing/pacman/pacman_wrapper.sh - Main wrapper (823 lines)
|
||||||
- scripts/digital_wellbeing/pacman/install_pacman_wrapper.sh - Backs up real pacman
|
- scripts/digital_wellbeing/pacman/install_pacman_wrapper.sh - Backs up real pacman
|
||||||
- scripts/digital_wellbeing/pacman/pacman_blocked_keywords.txt - Always blocked
|
- scripts/digital_wellbeing/pacman/pacman_blocked_keywords.txt - Always blocked
|
||||||
@ -427,6 +466,7 @@ FILES YOU KNOW:
|
|||||||
- /var/lib/pacman-wrapper/policy.sha256 - Integrity checksums
|
- /var/lib/pacman-wrapper/policy.sha256 - Integrity checksums
|
||||||
|
|
||||||
KEY CONCEPTS:
|
KEY CONCEPTS:
|
||||||
|
|
||||||
- Real pacman at /usr/bin/pacman.orig, wrapper symlinked to /usr/bin/pacman
|
- Real pacman at /usr/bin/pacman.orig, wrapper symlinked to /usr/bin/pacman
|
||||||
- Policy integrity verification via SHA256 before ANY operation
|
- Policy integrity verification via SHA256 before ANY operation
|
||||||
- Three tiers: blocked (always denied), greylist (challenge), whitelist (bypass)
|
- Three tiers: blocked (always denied), greylist (challenge), whitelist (bypass)
|
||||||
@ -434,6 +474,7 @@ KEY CONCEPTS:
|
|||||||
- Steam is weekend-only with word scramble challenge
|
- Steam is weekend-only with word scramble challenge
|
||||||
|
|
||||||
POLICY ENFORCEMENT:
|
POLICY ENFORCEMENT:
|
||||||
|
|
||||||
1. Load policy lists from text files
|
1. Load policy lists from text files
|
||||||
2. Verify integrity hashes match
|
2. Verify integrity hashes match
|
||||||
3. Check if package matches blocked keywords (unless whitelisted)
|
3. Check if package matches blocked keywords (unless whitelisted)
|
||||||
@ -441,67 +482,81 @@ POLICY ENFORCEMENT:
|
|||||||
5. After transaction, remove any blocked packages that got installed
|
5. After transaction, remove any blocked packages that got installed
|
||||||
|
|
||||||
HOSTS INTEGRATION:
|
HOSTS INTEGRATION:
|
||||||
|
|
||||||
- Calls /usr/local/share/hosts-guard/pacman-pre-unlock-hosts.sh before transaction
|
- Calls /usr/local/share/hosts-guard/pacman-pre-unlock-hosts.sh before transaction
|
||||||
- Calls pacman-post-relock-hosts.sh after transaction
|
- Calls pacman-post-relock-hosts.sh after transaction
|
||||||
- Enforces VirtualBox hosts sharing if vbox detected
|
- Enforces VirtualBox hosts sharing if vbox detected
|
||||||
|
|
||||||
MAINTENANCE INTEGRATION:
|
MAINTENANCE INTEGRATION:
|
||||||
|
|
||||||
- Auto-runs setup_periodic_system.sh if maintenance services missing
|
- Auto-runs setup_periodic_system.sh if maintenance services missing
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
### Agent: Compulsive Opening Blocker Expert
|
### Agent: Compulsive Opening Blocker Expert
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
You are an expert on the block_compulsive_opening.sh script. You understand:
|
You are an expert on the block_compulsive_opening.sh script. You understand:
|
||||||
|
|
||||||
FILES YOU KNOW:
|
FILES YOU KNOW:
|
||||||
|
|
||||||
- scripts/digital_wellbeing/block_compulsive_opening.sh - Main script (507 lines)
|
- scripts/digital_wellbeing/block_compulsive_opening.sh - Main script (507 lines)
|
||||||
- /usr/local/bin/block-compulsive-opening.sh - Installed location
|
- /usr/local/bin/block-compulsive-opening.sh - Installed location
|
||||||
- ~/.local/state/compulsive-block/*.lastopen - Per-app state files
|
- ~/.local/state/compulsive-block/\*.lastopen - Per-app state files
|
||||||
- ~/.local/state/compulsive-block/compulsive-block.log - Activity log
|
- ~/.local/state/compulsive-block/compulsive-block.log - Activity log
|
||||||
- /etc/pacman.d/hooks/95-compulsive-block-rewrap.hook - Auto-rewrap hook
|
- /etc/pacman.d/hooks/95-compulsive-block-rewrap.hook - Auto-rewrap hook
|
||||||
|
|
||||||
MANAGED APPS:
|
MANAGED APPS:
|
||||||
|
|
||||||
- beeper → /opt/beeper/beepertexts
|
- beeper → /opt/beeper/beepertexts
|
||||||
- signal-desktop → /usr/lib/signal-desktop/signal-desktop
|
- signal-desktop → /usr/lib/signal-desktop/signal-desktop
|
||||||
- discord → /opt/discord/Discord
|
- discord → /opt/discord/Discord
|
||||||
|
|
||||||
KEY CONCEPTS:
|
KEY CONCEPTS:
|
||||||
|
|
||||||
- Wrapper replaces /usr/bin/<app>, original saved as .orig or SYMLINK: marker
|
- Wrapper replaces /usr/bin/<app>, original saved as .orig or SYMLINK: marker
|
||||||
- Hour-based tracking: YYYY-MM-DD-HH format
|
- Hour-based tracking: YYYY-MM-DD-HH format
|
||||||
- First launch per hour allowed, subsequent launches blocked
|
- First launch per hour allowed, subsequent launches blocked
|
||||||
- Pacman hook re-installs wrappers after package updates
|
- Pacman hook re-installs wrappers after package updates
|
||||||
|
|
||||||
WRAPPER FLOW:
|
WRAPPER FLOW:
|
||||||
|
|
||||||
1. wrapper_main() called with app name
|
1. wrapper_main() called with app name
|
||||||
2. Check was_opened_this_hour()
|
2. Check was_opened_this_hour()
|
||||||
3. If yes: block_app() + notification + exit 1
|
3. If yes: block_app() + notification + exit 1
|
||||||
4. If no: record_opening() + exec real binary
|
4. If no: record_opening() + exec real binary
|
||||||
|
|
||||||
LIMITATION (needs fix):
|
LIMITATION (needs fix):
|
||||||
|
|
||||||
- Once app is launched, it can run indefinitely
|
- Once app is launched, it can run indefinitely
|
||||||
- User can minimize and keep checking via Alt+Tab
|
- User can minimize and keep checking via Alt+Tab
|
||||||
- Needs auto-close timer functionality
|
- Needs auto-close timer functionality
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
### Agent: Screen Locker Expert
|
### Agent: Screen Locker Expert
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
You are an expert on the screen_lock.py workout locker. You understand:
|
You are an expert on the screen_lock.py workout locker. You understand:
|
||||||
|
|
||||||
FILE LOCATION: ~/testsAndMisc/python_pkg/screen_locker/screen_lock.py (1261 lines)
|
FILE LOCATION: ~/testsAndMisc/python_pkg/screen_locker/screen_lock.py (1261 lines)
|
||||||
|
|
||||||
PURPOSE:
|
PURPOSE:
|
||||||
|
|
||||||
- Full-screen lock requiring workout verification to unlock
|
- Full-screen lock requiring workout verification to unlock
|
||||||
- Integrates with shutdown schedule system
|
- Integrates with shutdown schedule system
|
||||||
|
|
||||||
WORKOUT TYPES:
|
WORKOUT TYPES:
|
||||||
|
|
||||||
1. Running: distance, time, pace with cross-validation
|
1. Running: distance, time, pace with cross-validation
|
||||||
2. Strength: exercises, sets, reps, weights with total calculation
|
2. Strength: exercises, sets, reps, weights with total calculation
|
||||||
3. Table Tennis: duration, sets, points won/lost
|
3. Table Tennis: duration, sets, points won/lost
|
||||||
4. Sick Day: 2-minute wait, shutdown moved 1.5h earlier
|
4. Sick Day: 2-minute wait, shutdown moved 1.5h earlier
|
||||||
|
|
||||||
KEY FEATURES:
|
KEY FEATURES:
|
||||||
|
|
||||||
- 30-second delay before submit button enabled
|
- 30-second delay before submit button enabled
|
||||||
- Cross-validation (e.g., pace = time / distance)
|
- Cross-validation (e.g., pace = time / distance)
|
||||||
- 15% tolerance on calculated values
|
- 15% tolerance on calculated values
|
||||||
@ -509,16 +564,19 @@ KEY FEATURES:
|
|||||||
- JSON workout log stored in same directory
|
- JSON workout log stored in same directory
|
||||||
|
|
||||||
SHUTDOWN INTEGRATION:
|
SHUTDOWN INTEGRATION:
|
||||||
- _adjust_shutdown_time_earlier() - sick day penalty
|
|
||||||
- _adjust_shutdown_time_later() - workout reward (+1.5h)
|
- \_adjust_shutdown_time_earlier() - sick day penalty
|
||||||
|
- \_adjust_shutdown_time_later() - workout reward (+1.5h)
|
||||||
- Uses adjust_shutdown_schedule.sh helper script
|
- Uses adjust_shutdown_schedule.sh helper script
|
||||||
- Sick day state tracked in sick_day_state.json
|
- Sick day state tracked in sick_day_state.json
|
||||||
|
|
||||||
SECURITY CONCERNS (needs fix):
|
SECURITY CONCERNS (needs fix):
|
||||||
|
|
||||||
- Running option too easy to fake
|
- Running option too easy to fake
|
||||||
- Table tennis lacks rigorous validation
|
- Table tennis lacks rigorous validation
|
||||||
- Window can potentially be closed via keyboard
|
- Window can potentially be closed via keyboard
|
||||||
```
|
|
||||||
|
````
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
@ -535,13 +593,15 @@ These should be created in the respective directories:
|
|||||||
Prevent tampering with /etc/hosts to maintain website blocking.
|
Prevent tampering with /etc/hosts to maintain website blocking.
|
||||||
|
|
||||||
## Architecture
|
## Architecture
|
||||||
```
|
````
|
||||||
|
|
||||||
/etc/hosts (immutable) ←── canonical (/usr/local/share/locked-hosts)
|
/etc/hosts (immutable) ←── canonical (/usr/local/share/locked-hosts)
|
||||||
↑
|
↑
|
||||||
path watcher detects changes
|
path watcher detects changes
|
||||||
↓
|
↓
|
||||||
enforce-hosts.sh restores
|
enforce-hosts.sh restores
|
||||||
```
|
|
||||||
|
````
|
||||||
|
|
||||||
## Critical Files
|
## Critical Files
|
||||||
| File | Purpose | Protected By |
|
| File | Purpose | Protected By |
|
||||||
@ -562,13 +622,15 @@ sudo /usr/local/sbin/unlock-hosts
|
|||||||
# Reinstall/repair
|
# Reinstall/repair
|
||||||
sudo ~/linux-configuration/hosts/install.sh
|
sudo ~/linux-configuration/hosts/install.sh
|
||||||
sudo ~/linux-configuration/hosts/guard/setup_hosts_guard.sh
|
sudo ~/linux-configuration/hosts/guard/setup_hosts_guard.sh
|
||||||
```
|
````
|
||||||
|
|
||||||
## DO NOT
|
## DO NOT
|
||||||
|
|
||||||
- Edit /etc/nsswitch.conf (bypasses hosts entirely)
|
- Edit /etc/nsswitch.conf (bypasses hosts entirely)
|
||||||
- Stop hosts-guard.path without understanding consequences
|
- Stop hosts-guard.path without understanding consequences
|
||||||
- Remove entries from install.sh without state file cleanup
|
- Remove entries from install.sh without state file cleanup
|
||||||
```
|
|
||||||
|
````
|
||||||
|
|
||||||
### [scripts/digital_wellbeing/pacman/README_FOR_LLM.md](to be created)
|
### [scripts/digital_wellbeing/pacman/README_FOR_LLM.md](to be created)
|
||||||
|
|
||||||
@ -579,11 +641,13 @@ sudo ~/linux-configuration/hosts/guard/setup_hosts_guard.sh
|
|||||||
Intercept pacman to enforce package installation policies.
|
Intercept pacman to enforce package installation policies.
|
||||||
|
|
||||||
## Architecture
|
## Architecture
|
||||||
```
|
````
|
||||||
|
|
||||||
/usr/bin/pacman (symlink) → pacman_wrapper.sh
|
/usr/bin/pacman (symlink) → pacman_wrapper.sh
|
||||||
↓
|
↓
|
||||||
/usr/bin/pacman.orig (real)
|
/usr/bin/pacman.orig (real)
|
||||||
```
|
|
||||||
|
````
|
||||||
|
|
||||||
## Policy Files
|
## Policy Files
|
||||||
| File | Purpose |
|
| File | Purpose |
|
||||||
@ -609,8 +673,9 @@ echo "newpackage" >> pacman_blocked_keywords.txt
|
|||||||
|
|
||||||
# Re-run installer to update checksums
|
# Re-run installer to update checksums
|
||||||
sudo ./install_pacman_wrapper.sh
|
sudo ./install_pacman_wrapper.sh
|
||||||
```
|
````
|
||||||
```
|
|
||||||
|
````
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
@ -680,7 +745,7 @@ echo "Results: $PASS passed, $FAIL failed"
|
|||||||
echo "=========================================="
|
echo "=========================================="
|
||||||
|
|
||||||
exit $FAIL
|
exit $FAIL
|
||||||
```
|
````
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -12,17 +12,20 @@ The pacman wrapper had two critical security vulnerabilities:
|
|||||||
Implemented a **defense-in-depth** security architecture with multiple layers:
|
Implemented a **defense-in-depth** security architecture with multiple layers:
|
||||||
|
|
||||||
### Layer 1: Immutable Policy Files
|
### Layer 1: Immutable Policy Files
|
||||||
|
|
||||||
- Policy files (`pacman_blocked_keywords.txt`, `pacman_greylist.txt`) are made immutable using `chattr +i`
|
- Policy files (`pacman_blocked_keywords.txt`, `pacman_greylist.txt`) are made immutable using `chattr +i`
|
||||||
- Prevents casual editing without root access and knowledge of filesystem attributes
|
- Prevents casual editing without root access and knowledge of filesystem attributes
|
||||||
- Requires explicit `chattr -i` command to modify
|
- Requires explicit `chattr -i` command to modify
|
||||||
|
|
||||||
### Layer 2: SHA256 Integrity Checks
|
### Layer 2: SHA256 Integrity Checks
|
||||||
|
|
||||||
- SHA256 checksums generated for all policy files during installation
|
- SHA256 checksums generated for all policy files during installation
|
||||||
- Stored in `/var/lib/pacman-wrapper/policy.sha256` (also made immutable)
|
- Stored in `/var/lib/pacman-wrapper/policy.sha256` (also made immutable)
|
||||||
- **Every wrapper invocation** verifies file integrity before proceeding
|
- **Every wrapper invocation** verifies file integrity before proceeding
|
||||||
- **Blocks all operations** if tampering is detected
|
- **Blocks all operations** if tampering is detected
|
||||||
|
|
||||||
### Layer 3: Hardcoded VirtualBox Restrictions
|
### Layer 3: Hardcoded VirtualBox Restrictions
|
||||||
|
|
||||||
- VirtualBox detection is **compiled into the wrapper code**
|
- VirtualBox detection is **compiled into the wrapper code**
|
||||||
- Cannot be bypassed by editing any text file
|
- Cannot be bypassed by editing any text file
|
||||||
- Catches all packages matching `*virtualbox*` or `*vbox*` patterns
|
- Catches all packages matching `*virtualbox*` or `*vbox*` patterns
|
||||||
@ -33,6 +36,7 @@ Implemented a **defense-in-depth** security architecture with multiple layers:
|
|||||||
- 45-second initial delay (vs 30s)
|
- 45-second initial delay (vs 30s)
|
||||||
|
|
||||||
### Layer 4: VirtualBox Enforcement
|
### Layer 4: VirtualBox Enforcement
|
||||||
|
|
||||||
- New script: `scripts/digital_wellbeing/virtualbox/enforce_vbox_hosts.sh`
|
- New script: `scripts/digital_wellbeing/virtualbox/enforce_vbox_hosts.sh`
|
||||||
- Automatically configures all VMs to:
|
- Automatically configures all VMs to:
|
||||||
- Use host's DNS resolution (`--natdnshostresolver1 on`)
|
- Use host's DNS resolution (`--natdnshostresolver1 on`)
|
||||||
@ -42,6 +46,7 @@ Implemented a **defense-in-depth** security architecture with multiple layers:
|
|||||||
- Automatically runs after any VirtualBox installation
|
- Automatically runs after any VirtualBox installation
|
||||||
|
|
||||||
### Layer 5: Psychological Friction
|
### Layer 5: Psychological Friction
|
||||||
|
|
||||||
- Enhanced delays and timeouts
|
- Enhanced delays and timeouts
|
||||||
- Clear warning messages about security implications
|
- Clear warning messages about security implications
|
||||||
- Emphasizes that restrictions are hardcoded and cannot be easily bypassed
|
- Emphasizes that restrictions are hardcoded and cannot be easily bypassed
|
||||||
@ -49,18 +54,21 @@ Implemented a **defense-in-depth** security architecture with multiple layers:
|
|||||||
## Files Changed
|
## Files Changed
|
||||||
|
|
||||||
### New Files (4)
|
### New Files (4)
|
||||||
|
|
||||||
1. `scripts/digital_wellbeing/virtualbox/enforce_vbox_hosts.sh` - VirtualBox enforcement script
|
1. `scripts/digital_wellbeing/virtualbox/enforce_vbox_hosts.sh` - VirtualBox enforcement script
|
||||||
2. `tests/test_pacman_wrapper_security.sh` - Comprehensive test suite (12 tests)
|
2. `tests/test_pacman_wrapper_security.sh` - Comprehensive test suite (12 tests)
|
||||||
3. `docs/PACMAN_WRAPPER_SECURITY.md` - Detailed security documentation
|
3. `docs/PACMAN_WRAPPER_SECURITY.md` - Detailed security documentation
|
||||||
4. `docs/SUMMARY.md` - This summary
|
4. `docs/SUMMARY.md` - This summary
|
||||||
|
|
||||||
### Modified Files (2)
|
### Modified Files (2)
|
||||||
|
|
||||||
1. `scripts/digital_wellbeing/pacman/install_pacman_wrapper.sh` - Added integrity checks and immutable attributes
|
1. `scripts/digital_wellbeing/pacman/install_pacman_wrapper.sh` - Added integrity checks and immutable attributes
|
||||||
2. `scripts/digital_wellbeing/pacman/pacman_wrapper.sh` - Added integrity verification and VirtualBox enforcement
|
2. `scripts/digital_wellbeing/pacman/pacman_wrapper.sh` - Added integrity verification and VirtualBox enforcement
|
||||||
|
|
||||||
## Security Guarantees
|
## Security Guarantees
|
||||||
|
|
||||||
### What's Now Protected
|
### What's Now Protected
|
||||||
|
|
||||||
✅ Policy files cannot be easily modified (immutable + checksums)
|
✅ Policy files cannot be easily modified (immutable + checksums)
|
||||||
✅ VirtualBox restrictions are hardcoded (cannot bypass via file editing)
|
✅ VirtualBox restrictions are hardcoded (cannot bypass via file editing)
|
||||||
✅ VMs inherit host's content filtering (DNS proxy + shared hosts)
|
✅ VMs inherit host's content filtering (DNS proxy + shared hosts)
|
||||||
@ -68,6 +76,7 @@ Implemented a **defense-in-depth** security architecture with multiple layers:
|
|||||||
✅ Enhanced psychological friction for VirtualBox installation
|
✅ Enhanced psychological friction for VirtualBox installation
|
||||||
|
|
||||||
### Known Limitations
|
### Known Limitations
|
||||||
|
|
||||||
⚠️ Root access can still bypass everything (by design - this is self-discipline, not security vs root)
|
⚠️ Root access can still bypass everything (by design - this is self-discipline, not security vs root)
|
||||||
⚠️ VM without Guest Additions won't get shared folder (but DNS proxy still works)
|
⚠️ VM without Guest Additions won't get shared folder (but DNS proxy still works)
|
||||||
⚠️ Could replace `/usr/bin/pacman` symlink (but periodic maintenance can detect)
|
⚠️ Could replace `/usr/bin/pacman` symlink (but periodic maintenance can detect)
|
||||||
@ -82,6 +91,7 @@ bash tests/test_pacman_wrapper_security.sh
|
|||||||
```
|
```
|
||||||
|
|
||||||
Tests verify:
|
Tests verify:
|
||||||
|
|
||||||
- Script syntax validity
|
- Script syntax validity
|
||||||
- Integrity check function exists and is called early
|
- Integrity check function exists and is called early
|
||||||
- Hardcoded VirtualBox detection exists
|
- Hardcoded VirtualBox detection exists
|
||||||
@ -98,6 +108,7 @@ sudo ./install_pacman_wrapper.sh
|
|||||||
```
|
```
|
||||||
|
|
||||||
This will:
|
This will:
|
||||||
|
|
||||||
1. Install wrapper and policy files
|
1. Install wrapper and policy files
|
||||||
2. Generate SHA256 checksums
|
2. Generate SHA256 checksums
|
||||||
3. Make policy files immutable with `chattr +i`
|
3. Make policy files immutable with `chattr +i`
|
||||||
@ -107,17 +118,20 @@ This will:
|
|||||||
## Usage Impact
|
## Usage Impact
|
||||||
|
|
||||||
### For Normal Package Operations
|
### For Normal Package Operations
|
||||||
|
|
||||||
- No change to normal pacman operations
|
- No change to normal pacman operations
|
||||||
- Integrity check adds minimal overhead (<100ms)
|
- Integrity check adds minimal overhead (<100ms)
|
||||||
- Only applies to package installations/removals
|
- Only applies to package installations/removals
|
||||||
|
|
||||||
### For VirtualBox Installation
|
### For VirtualBox Installation
|
||||||
|
|
||||||
- Must complete difficult word challenge (7-letter words, 120s timeout)
|
- Must complete difficult word challenge (7-letter words, 120s timeout)
|
||||||
- Enhanced warnings about security implications
|
- Enhanced warnings about security implications
|
||||||
- Automatic VM configuration after successful installation
|
- Automatic VM configuration after successful installation
|
||||||
- Cannot bypass by editing policy files
|
- Cannot bypass by editing policy files
|
||||||
|
|
||||||
### For Updating Policies
|
### For Updating Policies
|
||||||
|
|
||||||
If legitimate policy updates are needed:
|
If legitimate policy updates are needed:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
|||||||
@ -35,9 +35,11 @@
|
|||||||
- Verified: Fails installation if critical files missing
|
- Verified: Fails installation if critical files missing
|
||||||
|
|
||||||
### Security Test Results
|
### Security Test Results
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
bash tests/test_pacman_wrapper_security.sh
|
bash tests/test_pacman_wrapper_security.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
- [x] Test 1: Wrapper syntax valid
|
- [x] Test 1: Wrapper syntax valid
|
||||||
- [x] Test 4: Integrity check function exists
|
- [x] Test 4: Integrity check function exists
|
||||||
- [x] Test 5: Hardcoded VirtualBox check exists
|
- [x] Test 5: Hardcoded VirtualBox check exists
|
||||||
@ -49,7 +51,7 @@ bash tests/test_pacman_wrapper_security.sh
|
|||||||
### Attack Resistance
|
### Attack Resistance
|
||||||
|
|
||||||
| Attack Vector | Before | After | Difficulty Increase |
|
| Attack Vector | Before | After | Difficulty Increase |
|
||||||
|--------------|--------|-------|-------------------|
|
| -------------------------------- | ------------ | ---------------------------------------------------------------------------- | ------------------- |
|
||||||
| Edit greylist.txt | Easy (1 min) | Hard (requires chattr -i, root, reinstall, still blocked by hardcoded check) | ⭐⭐⭐⭐⭐ |
|
| Edit greylist.txt | Easy (1 min) | Hard (requires chattr -i, root, reinstall, still blocked by hardcoded check) | ⭐⭐⭐⭐⭐ |
|
||||||
| Remove from greylist & reinstall | Easy (2 min) | Impossible (hardcoded in wrapper code) | ∞ |
|
| Remove from greylist & reinstall | Easy (2 min) | Impossible (hardcoded in wrapper code) | ∞ |
|
||||||
| Replace wrapper binary | Easy (1 min) | Moderate (integrity check on next run, periodic monitoring) | ⭐⭐⭐ |
|
| Replace wrapper binary | Easy (1 min) | Moderate (integrity check on next run, periodic monitoring) | ⭐⭐⭐ |
|
||||||
@ -100,9 +102,11 @@ bash tests/test_pacman_wrapper_security.sh
|
|||||||
- Verified: User understands privilege escalation
|
- Verified: User understands privilege escalation
|
||||||
|
|
||||||
### Security Test Results
|
### Security Test Results
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
bash tests/test_pacman_wrapper_security.sh
|
bash tests/test_pacman_wrapper_security.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
- [x] Test 3: VirtualBox enforcement script syntax valid
|
- [x] Test 3: VirtualBox enforcement script syntax valid
|
||||||
- [x] Test 10: VirtualBox enforcement integrated
|
- [x] Test 10: VirtualBox enforcement integrated
|
||||||
- [x] Test 11: VirtualBox script has help text
|
- [x] Test 11: VirtualBox script has help text
|
||||||
@ -111,7 +115,7 @@ bash tests/test_pacman_wrapper_security.sh
|
|||||||
### Enforcement Effectiveness
|
### Enforcement Effectiveness
|
||||||
|
|
||||||
| Bypass Attempt | Prevention Mechanism | Effectiveness |
|
| Bypass Attempt | Prevention Mechanism | Effectiveness |
|
||||||
|----------------|---------------------|---------------|
|
| -------------------------------- | ----------------------------------------- | ------------- |
|
||||||
| Use VM without Guest Additions | DNS proxy still enforces host DNS | ⭐⭐⭐⭐ |
|
| Use VM without Guest Additions | DNS proxy still enforces host DNS | ⭐⭐⭐⭐ |
|
||||||
| Manually modify VM /etc/hosts | File synced on boot (with startup script) | ⭐⭐⭐⭐ |
|
| Manually modify VM /etc/hosts | File synced on boot (with startup script) | ⭐⭐⭐⭐ |
|
||||||
| Use bridged network | User must explicitly reconfigure VM | ⭐⭐⭐ |
|
| Use bridged network | User must explicitly reconfigure VM | ⭐⭐⭐ |
|
||||||
@ -122,16 +126,19 @@ bash tests/test_pacman_wrapper_security.sh
|
|||||||
## Overall Implementation Status
|
## Overall Implementation Status
|
||||||
|
|
||||||
### Files Created (4)
|
### Files Created (4)
|
||||||
|
|
||||||
1. ✅ `scripts/digital_wellbeing/virtualbox/enforce_vbox_hosts.sh` - 282 lines
|
1. ✅ `scripts/digital_wellbeing/virtualbox/enforce_vbox_hosts.sh` - 282 lines
|
||||||
2. ✅ `tests/test_pacman_wrapper_security.sh` - 131 lines (12 tests)
|
2. ✅ `tests/test_pacman_wrapper_security.sh` - 131 lines (12 tests)
|
||||||
3. ✅ `docs/PACMAN_WRAPPER_SECURITY.md` - 245 lines
|
3. ✅ `docs/PACMAN_WRAPPER_SECURITY.md` - 245 lines
|
||||||
4. ✅ `docs/SUMMARY.md` - 149 lines
|
4. ✅ `docs/SUMMARY.md` - 149 lines
|
||||||
|
|
||||||
### Files Modified (2)
|
### Files Modified (2)
|
||||||
|
|
||||||
1. ✅ `scripts/digital_wellbeing/pacman/install_pacman_wrapper.sh` - +70 lines
|
1. ✅ `scripts/digital_wellbeing/pacman/install_pacman_wrapper.sh` - +70 lines
|
||||||
2. ✅ `scripts/digital_wellbeing/pacman/pacman_wrapper.sh` - +154 lines
|
2. ✅ `scripts/digital_wellbeing/pacman/pacman_wrapper.sh` - +154 lines
|
||||||
|
|
||||||
### Total Changes
|
### Total Changes
|
||||||
|
|
||||||
- **Lines added**: 1,031
|
- **Lines added**: 1,031
|
||||||
- **Security layers**: 5
|
- **Security layers**: 5
|
||||||
- **Tests**: 12 (all passing ✅)
|
- **Tests**: 12 (all passing ✅)
|
||||||
@ -142,26 +149,31 @@ bash tests/test_pacman_wrapper_security.sh
|
|||||||
## Defense in Depth Verification
|
## Defense in Depth Verification
|
||||||
|
|
||||||
### Layer 1: Immutable Policy Files ✅
|
### Layer 1: Immutable Policy Files ✅
|
||||||
|
|
||||||
- Implementation: `chattr +i` in installer
|
- Implementation: `chattr +i` in installer
|
||||||
- Test: Manual attempt to edit results in permission denied
|
- Test: Manual attempt to edit results in permission denied
|
||||||
- Bypass difficulty: Requires root + knowledge of chattr
|
- Bypass difficulty: Requires root + knowledge of chattr
|
||||||
|
|
||||||
### Layer 2: SHA256 Integrity Checks ✅
|
### Layer 2: SHA256 Integrity Checks ✅
|
||||||
|
|
||||||
- Implementation: Checksums verified on every invocation
|
- Implementation: Checksums verified on every invocation
|
||||||
- Test: Modified file detected and blocked
|
- Test: Modified file detected and blocked
|
||||||
- Bypass difficulty: Requires modifying both file and checksum (both immutable)
|
- Bypass difficulty: Requires modifying both file and checksum (both immutable)
|
||||||
|
|
||||||
### Layer 3: Hardcoded VirtualBox Restrictions ✅
|
### Layer 3: Hardcoded VirtualBox Restrictions ✅
|
||||||
|
|
||||||
- Implementation: Pattern matching in wrapper code
|
- Implementation: Pattern matching in wrapper code
|
||||||
- Test: Cannot remove by editing policy files
|
- Test: Cannot remove by editing policy files
|
||||||
- Bypass difficulty: Requires modifying wrapper itself (triggers integrity check)
|
- Bypass difficulty: Requires modifying wrapper itself (triggers integrity check)
|
||||||
|
|
||||||
### Layer 4: VirtualBox Enforcement ✅
|
### Layer 4: VirtualBox Enforcement ✅
|
||||||
|
|
||||||
- Implementation: Auto-configuration of VMs
|
- Implementation: Auto-configuration of VMs
|
||||||
- Test: VMs configured to use host DNS and hosts
|
- Test: VMs configured to use host DNS and hosts
|
||||||
- Bypass difficulty: Requires VM reconfiguration or different virtualization
|
- Bypass difficulty: Requires VM reconfiguration or different virtualization
|
||||||
|
|
||||||
### Layer 5: Psychological Friction ✅
|
### Layer 5: Psychological Friction ✅
|
||||||
|
|
||||||
- Implementation: Enhanced challenges and delays
|
- Implementation: Enhanced challenges and delays
|
||||||
- Test: 7-letter words, 150 words, 120s timeout, 45s delay
|
- Test: 7-letter words, 150 words, 120s timeout, 45s delay
|
||||||
- Bypass difficulty: Time-consuming, frustrating, encourages reflection
|
- Bypass difficulty: Time-consuming, frustrating, encourages reflection
|
||||||
@ -171,6 +183,7 @@ bash tests/test_pacman_wrapper_security.sh
|
|||||||
## Code Quality Verification
|
## Code Quality Verification
|
||||||
|
|
||||||
### Syntax Validation ✅
|
### Syntax Validation ✅
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
bash -n scripts/digital_wellbeing/pacman/pacman_wrapper.sh
|
bash -n scripts/digital_wellbeing/pacman/pacman_wrapper.sh
|
||||||
bash -n scripts/digital_wellbeing/pacman/install_pacman_wrapper.sh
|
bash -n scripts/digital_wellbeing/pacman/install_pacman_wrapper.sh
|
||||||
@ -179,12 +192,14 @@ bash -n scripts/digital_wellbeing/virtualbox/enforce_vbox_hosts.sh
|
|||||||
```
|
```
|
||||||
|
|
||||||
### Shellcheck Validation ✅
|
### Shellcheck Validation ✅
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
bash scripts/meta/shell_check.sh
|
bash scripts/meta/shell_check.sh
|
||||||
# Only minor warnings (false positives about unreachable code in functions)
|
# Only minor warnings (false positives about unreachable code in functions)
|
||||||
```
|
```
|
||||||
|
|
||||||
### Functional Testing ✅
|
### Functional Testing ✅
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
bash tests/test_pacman_wrapper_security.sh
|
bash tests/test_pacman_wrapper_security.sh
|
||||||
# All 12 tests pass
|
# All 12 tests pass
|
||||||
@ -219,12 +234,14 @@ bash tests/test_pacman_wrapper_security.sh
|
|||||||
## Documentation Verification
|
## Documentation Verification
|
||||||
|
|
||||||
### User Documentation ✅
|
### User Documentation ✅
|
||||||
|
|
||||||
- [x] Installation instructions: `docs/PACMAN_WRAPPER_SECURITY.md`
|
- [x] Installation instructions: `docs/PACMAN_WRAPPER_SECURITY.md`
|
||||||
- [x] Usage examples: `docs/PACMAN_WRAPPER_SECURITY.md`
|
- [x] Usage examples: `docs/PACMAN_WRAPPER_SECURITY.md`
|
||||||
- [x] Security analysis: `docs/PACMAN_WRAPPER_SECURITY.md`
|
- [x] Security analysis: `docs/PACMAN_WRAPPER_SECURITY.md`
|
||||||
- [x] Implementation summary: `docs/SUMMARY.md`
|
- [x] Implementation summary: `docs/SUMMARY.md`
|
||||||
|
|
||||||
### Developer Documentation ✅
|
### Developer Documentation ✅
|
||||||
|
|
||||||
- [x] Code comments explaining privilege escalation pattern
|
- [x] Code comments explaining privilege escalation pattern
|
||||||
- [x] Comments explaining each security layer
|
- [x] Comments explaining each security layer
|
||||||
- [x] Test documentation in test script
|
- [x] Test documentation in test script
|
||||||
|
|||||||
@ -8,7 +8,9 @@ This directory contains package lists for the fresh install script:
|
|||||||
## Format
|
## Format
|
||||||
|
|
||||||
### pacman_packages.txt
|
### pacman_packages.txt
|
||||||
|
|
||||||
One package name per line:
|
One package name per line:
|
||||||
|
|
||||||
```
|
```
|
||||||
package1
|
package1
|
||||||
package2
|
package2
|
||||||
@ -18,7 +20,9 @@ package3
|
|||||||
```
|
```
|
||||||
|
|
||||||
### aur_packages.txt
|
### aur_packages.txt
|
||||||
|
|
||||||
Package name and repository URL separated by space:
|
Package name and repository URL separated by space:
|
||||||
|
|
||||||
```
|
```
|
||||||
package-name https://aur.archlinux.org/package-name.git
|
package-name https://aur.archlinux.org/package-name.git
|
||||||
another-package https://aur.archlinux.org/another-package.git
|
another-package https://aur.archlinux.org/another-package.git
|
||||||
@ -31,19 +35,23 @@ another-package https://aur.archlinux.org/another-package.git
|
|||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
The `main.sh` script will automatically read from these files:
|
The `main.sh` script will automatically read from these files:
|
||||||
|
|
||||||
- Pacman packages will be installed via `pacman -Sy --noconfirm`
|
- Pacman packages will be installed via `pacman -Sy --noconfirm`
|
||||||
- AUR packages will be built and installed via the `install_from_aur` function
|
- AUR packages will be built and installed via the `install_from_aur` function
|
||||||
|
|
||||||
## Modifying Package Lists
|
## Modifying Package Lists
|
||||||
|
|
||||||
To add or remove packages:
|
To add or remove packages:
|
||||||
|
|
||||||
1. Edit the appropriate `.txt` file
|
1. Edit the appropriate `.txt` file
|
||||||
2. For AUR packages, ensure the format is correct (package-name followed by space and URL)
|
2. For AUR packages, ensure the format is correct (package-name followed by space and URL)
|
||||||
3. You can add comments by starting lines with `#` or any non-alphanumeric character
|
3. You can add comments by starting lines with `#` or any non-alphanumeric character
|
||||||
4. Save the file - the script will automatically pick up changes on next run
|
4. Save the file - the script will automatically pick up changes on next run
|
||||||
|
|
||||||
### Comments
|
### Comments
|
||||||
|
|
||||||
You can add comments to organize your package lists:
|
You can add comments to organize your package lists:
|
||||||
|
|
||||||
```
|
```
|
||||||
# Essential packages
|
# Essential packages
|
||||||
git
|
git
|
||||||
|
|||||||
0
linux_configuration/fresh-install/makepkg.conf
Normal file → Executable file
0
linux_configuration/fresh-install/makepkg.conf
Normal file → Executable file
@ -1,9 +1,9 @@
|
|||||||
Hosts Guard Components
|
# Hosts Guard Components
|
||||||
======================
|
|
||||||
|
|
||||||
This directory contains templates for hardening /etc/hosts against impulsive tampering by adding friction, NOT providing absolute security against a determined root user.
|
This directory contains templates for hardening /etc/hosts against impulsive tampering by adding friction, NOT providing absolute security against a determined root user.
|
||||||
|
|
||||||
Components:
|
Components:
|
||||||
|
|
||||||
1. enforce-hosts.sh – Idempotent script that: compares /etc/hosts with canonical copy at /usr/local/share/locked-hosts and restores if different; reapplies immutable attribute.
|
1. enforce-hosts.sh – Idempotent script that: compares /etc/hosts with canonical copy at /usr/local/share/locked-hosts and restores if different; reapplies immutable attribute.
|
||||||
2. systemd units (to be installed under /etc/systemd/system):
|
2. systemd units (to be installed under /etc/systemd/system):
|
||||||
- hosts-guard.service (oneshot enforcement)
|
- hosts-guard.service (oneshot enforcement)
|
||||||
@ -13,6 +13,7 @@ Components:
|
|||||||
4. pacman hooks – automatically unlock/re-lock /etc/hosts around package transactions so pacman never fails due to the read-only bind mount.
|
4. pacman hooks – automatically unlock/re-lock /etc/hosts around package transactions so pacman never fails due to the read-only bind mount.
|
||||||
|
|
||||||
Install Flow (suggested):
|
Install Flow (suggested):
|
||||||
|
|
||||||
1. After generating /etc/hosts via your existing hosts/install.sh, copy it to /usr/local/share/locked-hosts.
|
1. After generating /etc/hosts via your existing hosts/install.sh, copy it to /usr/local/share/locked-hosts.
|
||||||
2. Install enforce-hosts.sh to /usr/local/sbin/ (chmod 755).
|
2. Install enforce-hosts.sh to /usr/local/sbin/ (chmod 755).
|
||||||
3. Place units and enable:
|
3. Place units and enable:
|
||||||
@ -27,5 +28,6 @@ Install Flow (suggested):
|
|||||||
- PostTransaction: re-run enforcement and re-enable guard (bind mount + path watcher)
|
- PostTransaction: re-run enforcement and re-enable guard (bind mount + path watcher)
|
||||||
|
|
||||||
Limitations:
|
Limitations:
|
||||||
|
|
||||||
- A root user can still disable units, remount, remove attributes.
|
- A root user can still disable units, remount, remove attributes.
|
||||||
- Purpose is to interrupt habit loops and create intentional friction.
|
- Purpose is to interrupt habit loops and create intentional friction.
|
||||||
|
|||||||
@ -50,7 +50,7 @@ Prevent tampering with `/etc/hosts` to maintain website blocking (YouTube, socia
|
|||||||
## File Locations
|
## File Locations
|
||||||
|
|
||||||
| File | Purpose | Protection |
|
| File | Purpose | Protection |
|
||||||
|------|---------|------------|
|
| ---------------------------------------------- | ----------------------------- | ----------------------- |
|
||||||
| `/etc/hosts` | Active hosts file | chattr +i, bind mount |
|
| `/etc/hosts` | Active hosts file | chattr +i, bind mount |
|
||||||
| `/usr/local/share/locked-hosts` | Canonical source of truth | chattr +i |
|
| `/usr/local/share/locked-hosts` | Canonical source of truth | chattr +i |
|
||||||
| `/etc/hosts.custom-entries.state` | Tracks custom blocked domains | chattr +i |
|
| `/etc/hosts.custom-entries.state` | Tracks custom blocked domains | chattr +i |
|
||||||
@ -69,6 +69,7 @@ Prevent tampering with `/etc/hosts` to maintain website blocking (YouTube, socia
|
|||||||
## Key Scripts
|
## Key Scripts
|
||||||
|
|
||||||
### hosts/install.sh
|
### hosts/install.sh
|
||||||
|
|
||||||
- Downloads StevenBlack hosts list (cached at `/etc/hosts.stevenblack`)
|
- Downloads StevenBlack hosts list (cached at `/etc/hosts.stevenblack`)
|
||||||
- Adds custom blocking entries (YouTube, etc.)
|
- Adds custom blocking entries (YouTube, etc.)
|
||||||
- Comments out allowed sites (4chan, Facebook)
|
- Comments out allowed sites (4chan, Facebook)
|
||||||
@ -76,7 +77,9 @@ Prevent tampering with `/etc/hosts` to maintain website blocking (YouTube, socia
|
|||||||
- Sets up initial immutable attribute
|
- Sets up initial immutable attribute
|
||||||
|
|
||||||
### hosts/guard/setup_hosts_guard.sh
|
### hosts/guard/setup_hosts_guard.sh
|
||||||
|
|
||||||
Installs all protection layers:
|
Installs all protection layers:
|
||||||
|
|
||||||
- Creates canonical snapshot
|
- Creates canonical snapshot
|
||||||
- Installs enforce-hosts.sh and unlock-hosts scripts
|
- Installs enforce-hosts.sh and unlock-hosts scripts
|
||||||
- Enables systemd path watcher
|
- Enables systemd path watcher
|
||||||
@ -84,7 +87,9 @@ Installs all protection layers:
|
|||||||
- Installs shell history suppression hooks
|
- Installs shell history suppression hooks
|
||||||
|
|
||||||
### hosts/guard/enforce-hosts.sh
|
### hosts/guard/enforce-hosts.sh
|
||||||
|
|
||||||
Called when tampering detected:
|
Called when tampering detected:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Compares /etc/hosts to canonical
|
# Compares /etc/hosts to canonical
|
||||||
# If different: restores from canonical, logs event
|
# If different: restores from canonical, logs event
|
||||||
@ -92,7 +97,9 @@ Called when tampering detected:
|
|||||||
```
|
```
|
||||||
|
|
||||||
### hosts/guard/psychological/unlock-hosts.sh
|
### hosts/guard/psychological/unlock-hosts.sh
|
||||||
|
|
||||||
Legitimate edit workflow:
|
Legitimate edit workflow:
|
||||||
|
|
||||||
1. Prompts for reason (logged)
|
1. Prompts for reason (logged)
|
||||||
2. Stops protection services
|
2. Stops protection services
|
||||||
3. Waits 45 seconds (cooling off)
|
3. Waits 45 seconds (cooling off)
|
||||||
@ -103,6 +110,7 @@ Legitimate edit workflow:
|
|||||||
## Pacman Integration
|
## Pacman Integration
|
||||||
|
|
||||||
The pacman wrapper calls these hooks during package transactions:
|
The pacman wrapper calls these hooks during package transactions:
|
||||||
|
|
||||||
- `/usr/local/share/hosts-guard/pacman-pre-unlock-hosts.sh` - Before transaction
|
- `/usr/local/share/hosts-guard/pacman-pre-unlock-hosts.sh` - Before transaction
|
||||||
- `/usr/local/share/hosts-guard/pacman-post-relock-hosts.sh` - After transaction
|
- `/usr/local/share/hosts-guard/pacman-post-relock-hosts.sh` - After transaction
|
||||||
|
|
||||||
@ -127,6 +135,7 @@ These temporarily unlock hosts for package manager operations.
|
|||||||
### Allowing a Previously Blocked Domain
|
### Allowing a Previously Blocked Domain
|
||||||
|
|
||||||
**This is intentionally difficult.** You must:
|
**This is intentionally difficult.** You must:
|
||||||
|
|
||||||
1. Remove entry from install.sh heredoc
|
1. Remove entry from install.sh heredoc
|
||||||
2. Remove protection: `sudo chattr -i /etc/hosts.custom-entries.state`
|
2. Remove protection: `sudo chattr -i /etc/hosts.custom-entries.state`
|
||||||
3. Edit state file to remove domain
|
3. Edit state file to remove domain
|
||||||
@ -161,6 +170,7 @@ sudo /usr/local/sbin/unlock-hosts
|
|||||||
**Why this matters:** A user could bypass ALL /etc/hosts protections by simply editing `/etc/nsswitch.conf` and removing `files` from the `hosts:` line. This protection layer prevents that.
|
**Why this matters:** A user could bypass ALL /etc/hosts protections by simply editing `/etc/nsswitch.conf` and removing `files` from the `hosts:` line. This protection layer prevents that.
|
||||||
|
|
||||||
### How it works:
|
### How it works:
|
||||||
|
|
||||||
- `nsswitch-guard.path` watches `/etc/nsswitch.conf` for changes
|
- `nsswitch-guard.path` watches `/etc/nsswitch.conf` for changes
|
||||||
- `nsswitch-guard.service` runs `enforce-nsswitch.sh` when triggered
|
- `nsswitch-guard.service` runs `enforce-nsswitch.sh` when triggered
|
||||||
- Canonical copy stored at `/usr/local/share/locked-nsswitch.conf`
|
- Canonical copy stored at `/usr/local/share/locked-nsswitch.conf`
|
||||||
@ -168,6 +178,7 @@ sudo /usr/local/sbin/unlock-hosts
|
|||||||
- Auto-restores from canonical if tampered
|
- Auto-restores from canonical if tampered
|
||||||
|
|
||||||
### Check nsswitch protection status:
|
### Check nsswitch protection status:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
lsattr /etc/nsswitch.conf
|
lsattr /etc/nsswitch.conf
|
||||||
systemctl status nsswitch-guard.path
|
systemctl status nsswitch-guard.path
|
||||||
@ -176,24 +187,29 @@ systemctl status nsswitch-guard.path
|
|||||||
## Troubleshooting
|
## Troubleshooting
|
||||||
|
|
||||||
### "Cannot modify /etc/hosts"
|
### "Cannot modify /etc/hosts"
|
||||||
|
|
||||||
This is expected! Use the unlock script:
|
This is expected! Use the unlock script:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo /usr/local/sbin/unlock-hosts
|
sudo /usr/local/sbin/unlock-hosts
|
||||||
```
|
```
|
||||||
|
|
||||||
### Path watcher not running
|
### Path watcher not running
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo systemctl start hosts-guard.path
|
sudo systemctl start hosts-guard.path
|
||||||
sudo systemctl enable hosts-guard.path
|
sudo systemctl enable hosts-guard.path
|
||||||
```
|
```
|
||||||
|
|
||||||
### Bind mount preventing access
|
### Bind mount preventing access
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Temporarily disable (not recommended)
|
# Temporarily disable (not recommended)
|
||||||
sudo systemctl stop hosts-bind-mount.service
|
sudo systemctl stop hosts-bind-mount.service
|
||||||
```
|
```
|
||||||
|
|
||||||
### Custom entries protection blocking install
|
### Custom entries protection blocking install
|
||||||
|
|
||||||
The protection mechanism detected you're trying to remove previously blocked domains. This is intentional. To proceed, manually edit the state file (see "Allowing a Previously Blocked Domain").
|
The protection mechanism detected you're trying to remove previously blocked domains. This is intentional. To proceed, manually edit the state file (see "Allowing a Previously Blocked Domain").
|
||||||
|
|
||||||
## DO NOT
|
## DO NOT
|
||||||
|
|||||||
0
linux_configuration/hosts/guard/enforce-nsswitch.sh
Normal file → Executable file
0
linux_configuration/hosts/guard/enforce-nsswitch.sh
Normal file → Executable file
2
linux_configuration/i3-configuration/i3blocks/config
Executable file → Normal file
2
linux_configuration/i3-configuration/i3blocks/config
Executable file → Normal file
@ -91,5 +91,3 @@ markup=pango
|
|||||||
command=echo " $(date '+%Y-%m-%d %H:%M')" # for time (Font Awesome icon)
|
command=echo " $(date '+%Y-%m-%d %H:%M')" # for time (Font Awesome icon)
|
||||||
interval=1
|
interval=1
|
||||||
color=#50FA7B
|
color=#50FA7B
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -34,7 +34,7 @@ Limit messaging apps (Beeper, Signal, Discord) to **one launch per hour** to red
|
|||||||
## File Locations
|
## File Locations
|
||||||
|
|
||||||
| File | Purpose |
|
| File | Purpose |
|
||||||
|------|---------|
|
| ------------------------------------------------------ | --------------------------- |
|
||||||
| `/usr/local/bin/block-compulsive-opening.sh` | Installed main script |
|
| `/usr/local/bin/block-compulsive-opening.sh` | Installed main script |
|
||||||
| `/usr/bin/beeper` | Wrapper (replaces original) |
|
| `/usr/bin/beeper` | Wrapper (replaces original) |
|
||||||
| `/usr/bin/signal-desktop` | Wrapper (replaces original) |
|
| `/usr/bin/signal-desktop` | Wrapper (replaces original) |
|
||||||
@ -110,6 +110,7 @@ Exec = /usr/local/bin/block-compulsive-opening.sh rewrap-quiet
|
|||||||
```
|
```
|
||||||
|
|
||||||
The `rewrap-quiet` command:
|
The `rewrap-quiet` command:
|
||||||
|
|
||||||
- Checks if wrapper was overwritten (doesn't contain "block-compulsive-opening")
|
- Checks if wrapper was overwritten (doesn't contain "block-compulsive-opening")
|
||||||
- If overwritten: removes stale `.orig`, re-installs wrapper
|
- If overwritten: removes stale `.orig`, re-installs wrapper
|
||||||
- Logs to activity log
|
- Logs to activity log
|
||||||
@ -155,6 +156,7 @@ Apps are automatically closed after **10 minutes** to prevent indefinite usage:
|
|||||||
4. State file `~/.local/state/compulsive-block/<app>.running` tracks PID and start time
|
4. State file `~/.local/state/compulsive-block/<app>.running` tracks PID and start time
|
||||||
|
|
||||||
**Configuration variables** (in script):
|
**Configuration variables** (in script):
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
AUTO_CLOSE_TIMEOUT_MINUTES=10 # Total session length
|
AUTO_CLOSE_TIMEOUT_MINUTES=10 # Total session length
|
||||||
AUTO_CLOSE_WARNING_MINUTES=2 # Warning before close
|
AUTO_CLOSE_WARNING_MINUTES=2 # Warning before close
|
||||||
@ -163,6 +165,7 @@ AUTO_CLOSE_WARNING_MINUTES=2 # Warning before close
|
|||||||
## Adding a New App
|
## Adding a New App
|
||||||
|
|
||||||
1. Add to `APPS` associative array:
|
1. Add to `APPS` associative array:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
declare -A APPS=(
|
declare -A APPS=(
|
||||||
# ... existing apps ...
|
# ... existing apps ...
|
||||||
@ -171,6 +174,7 @@ declare -A APPS=(
|
|||||||
```
|
```
|
||||||
|
|
||||||
2. Add to `REAL_BINARIES`:
|
2. Add to `REAL_BINARIES`:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
declare -A REAL_BINARIES=(
|
declare -A REAL_BINARIES=(
|
||||||
# ... existing apps ...
|
# ... existing apps ...
|
||||||
@ -179,11 +183,13 @@ declare -A REAL_BINARIES=(
|
|||||||
```
|
```
|
||||||
|
|
||||||
3. Add to pacman hook targets (if installed via pacman):
|
3. Add to pacman hook targets (if installed via pacman):
|
||||||
|
|
||||||
```ini
|
```ini
|
||||||
Target = newapp
|
Target = newapp
|
||||||
```
|
```
|
||||||
|
|
||||||
4. Reinstall:
|
4. Reinstall:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo ./block_compulsive_opening.sh install
|
sudo ./block_compulsive_opening.sh install
|
||||||
```
|
```
|
||||||
@ -191,6 +197,7 @@ sudo ./block_compulsive_opening.sh install
|
|||||||
## Debugging
|
## Debugging
|
||||||
|
|
||||||
### Check if wrapper is installed
|
### Check if wrapper is installed
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
cat /usr/bin/discord
|
cat /usr/bin/discord
|
||||||
# Should show wrapper script, not binary
|
# Should show wrapper script, not binary
|
||||||
@ -200,18 +207,21 @@ ls -la /usr/bin/discord.orig
|
|||||||
```
|
```
|
||||||
|
|
||||||
### Check current state
|
### Check current state
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
./block_compulsive_opening.sh status
|
./block_compulsive_opening.sh status
|
||||||
# Shows: which apps are wrapped, last open times, current hour
|
# Shows: which apps are wrapped, last open times, current hour
|
||||||
```
|
```
|
||||||
|
|
||||||
### Test manually
|
### Test manually
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Simulate wrapper call
|
# Simulate wrapper call
|
||||||
/usr/local/bin/block-compulsive-opening.sh wrapper discord
|
/usr/local/bin/block-compulsive-opening.sh wrapper discord
|
||||||
```
|
```
|
||||||
|
|
||||||
### View logs
|
### View logs
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
tail -f ~/.local/state/compulsive-block/compulsive-block.log
|
tail -f ~/.local/state/compulsive-block/compulsive-block.log
|
||||||
```
|
```
|
||||||
@ -219,6 +229,7 @@ tail -f ~/.local/state/compulsive-block/compulsive-block.log
|
|||||||
## Notification Behavior
|
## Notification Behavior
|
||||||
|
|
||||||
When blocked, shows desktop notification:
|
When blocked, shows desktop notification:
|
||||||
|
|
||||||
- Title: "🚫 discord Blocked"
|
- Title: "🚫 discord Blocked"
|
||||||
- Message: "Already opened this hour. Wait until the next hour."
|
- Message: "Already opened this hour. Wait until the next hour."
|
||||||
- Urgency: critical
|
- Urgency: critical
|
||||||
|
|||||||
@ -5,6 +5,7 @@
|
|||||||
## System Purpose
|
## System Purpose
|
||||||
|
|
||||||
Automatically shut down the PC during configured time windows to enforce healthy sleep schedules:
|
Automatically shut down the PC during configured time windows to enforce healthy sleep schedules:
|
||||||
|
|
||||||
- **Monday-Wednesday**: Shutdown at 24:00 (midnight)
|
- **Monday-Wednesday**: Shutdown at 24:00 (midnight)
|
||||||
- **Thursday-Sunday**: Shutdown at 24:00 (midnight)
|
- **Thursday-Sunday**: Shutdown at 24:00 (midnight)
|
||||||
- **Morning**: Safe time starts at 00:00 (effectively no morning block)
|
- **Morning**: Safe time starts at 00:00 (effectively no morning block)
|
||||||
@ -50,7 +51,7 @@ The times above are defaults; actual values in `/etc/shutdown-schedule.conf`.
|
|||||||
## File Locations
|
## File Locations
|
||||||
|
|
||||||
| File | Purpose | Protection |
|
| File | Purpose | Protection |
|
||||||
|------|---------|------------|
|
| ----------------------------------------------------- | ------------------- | ----------------------- |
|
||||||
| `/etc/shutdown-schedule.conf` | Runtime config | chattr +i, path watcher |
|
| `/etc/shutdown-schedule.conf` | Runtime config | chattr +i, path watcher |
|
||||||
| `/usr/local/share/locked-shutdown-schedule.conf` | Canonical copy | chattr +i |
|
| `/usr/local/share/locked-shutdown-schedule.conf` | Canonical copy | chattr +i |
|
||||||
| `/usr/local/bin/day-specific-shutdown-check.sh` | Shutdown logic | None |
|
| `/usr/local/bin/day-specific-shutdown-check.sh` | Shutdown logic | None |
|
||||||
@ -81,12 +82,14 @@ MORNING_END_HOUR=5
|
|||||||
```
|
```
|
||||||
|
|
||||||
**Interpretation**:
|
**Interpretation**:
|
||||||
|
|
||||||
- Mon-Wed: Shutdown if current hour >= 21 OR current hour < 5
|
- Mon-Wed: Shutdown if current hour >= 21 OR current hour < 5
|
||||||
- Thu-Sun: Shutdown if current hour >= 22 OR current hour < 5
|
- Thu-Sun: Shutdown if current hour >= 22 OR current hour < 5
|
||||||
|
|
||||||
## Schedule Protection Logic
|
## Schedule Protection Logic
|
||||||
|
|
||||||
The setup script (`setup_midnight_shutdown.sh`) has constants at the top:
|
The setup script (`setup_midnight_shutdown.sh`) has constants at the top:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
SCHEDULE_MON_WED_HOUR=24
|
SCHEDULE_MON_WED_HOUR=24
|
||||||
SCHEDULE_THU_SUN_HOUR=24
|
SCHEDULE_THU_SUN_HOUR=24
|
||||||
@ -96,13 +99,14 @@ SCHEDULE_MORNING_END_HOUR=0
|
|||||||
When re-run, it compares these to the canonical config:
|
When re-run, it compares these to the canonical config:
|
||||||
|
|
||||||
| Change Type | Action |
|
| Change Type | Action |
|
||||||
|-------------|--------|
|
| -------------------------- | ------------------------------------ |
|
||||||
| Making shutdown EARLIER | ✅ Allowed without unlock |
|
| Making shutdown EARLIER | ✅ Allowed without unlock |
|
||||||
| Making shutdown LATER | ❌ Blocked, requires unlock |
|
| Making shutdown LATER | ❌ Blocked, requires unlock |
|
||||||
| Making morning end EARLIER | ❌ Always blocked |
|
| Making morning end EARLIER | ❌ Always blocked |
|
||||||
| Making morning end LATER | ✅ Allowed (extends shutdown window) |
|
| Making morning end LATER | ✅ Allowed (extends shutdown window) |
|
||||||
|
|
||||||
Example blocked attempt:
|
Example blocked attempt:
|
||||||
|
|
||||||
```
|
```
|
||||||
╔══════════════════════════════════════════════════════════════════╗
|
╔══════════════════════════════════════════════════════════════════╗
|
||||||
║ ❌ SCHEDULE MODIFICATION BLOCKED - CHEATING DETECTED! ❌ ║
|
║ ❌ SCHEDULE MODIFICATION BLOCKED - CHEATING DETECTED! ❌ ║
|
||||||
@ -133,14 +137,18 @@ that this protection is designed to prevent. 😉
|
|||||||
## Integration Points
|
## Integration Points
|
||||||
|
|
||||||
### i3blocks Countdown
|
### i3blocks Countdown
|
||||||
|
|
||||||
`i3blocks/shutdown_countdown.sh` reads the config to show time remaining:
|
`i3blocks/shutdown_countdown.sh` reads the config to show time remaining:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
source /etc/shutdown-schedule.conf
|
source /etc/shutdown-schedule.conf
|
||||||
# Calculates and displays "Shutdown in X:XX"
|
# Calculates and displays "Shutdown in X:XX"
|
||||||
```
|
```
|
||||||
|
|
||||||
### Screen Locker
|
### Screen Locker
|
||||||
|
|
||||||
`screen_lock.py` can adjust shutdown time:
|
`screen_lock.py` can adjust shutdown time:
|
||||||
|
|
||||||
- **Sick day**: Moves shutdown 1.5 hours EARLIER (penalty)
|
- **Sick day**: Moves shutdown 1.5 hours EARLIER (penalty)
|
||||||
- **Workout completed**: Moves shutdown 1.5 hours LATER (reward)
|
- **Workout completed**: Moves shutdown 1.5 hours LATER (reward)
|
||||||
|
|
||||||
@ -149,6 +157,7 @@ Uses `adjust_shutdown_schedule.sh` helper script.
|
|||||||
## Systemd Units
|
## Systemd Units
|
||||||
|
|
||||||
### Timer (fires every minute)
|
### Timer (fires every minute)
|
||||||
|
|
||||||
```ini
|
```ini
|
||||||
[Timer]
|
[Timer]
|
||||||
OnCalendar=*:*:00
|
OnCalendar=*:*:00
|
||||||
@ -157,6 +166,7 @@ AccuracySec=1s
|
|||||||
```
|
```
|
||||||
|
|
||||||
### Check Service
|
### Check Service
|
||||||
|
|
||||||
```ini
|
```ini
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
@ -164,6 +174,7 @@ ExecStart=/usr/local/bin/day-specific-shutdown-check.sh
|
|||||||
```
|
```
|
||||||
|
|
||||||
### Path Watcher
|
### Path Watcher
|
||||||
|
|
||||||
```ini
|
```ini
|
||||||
[Path]
|
[Path]
|
||||||
PathChanged=/etc/shutdown-schedule.conf
|
PathChanged=/etc/shutdown-schedule.conf
|
||||||
@ -194,34 +205,42 @@ fi
|
|||||||
## Common Tasks
|
## Common Tasks
|
||||||
|
|
||||||
### Check Current Status
|
### Check Current Status
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
/usr/local/bin/day-specific-shutdown-manager.sh status
|
/usr/local/bin/day-specific-shutdown-manager.sh status
|
||||||
# Or run setup script with 'status' argument
|
# Or run setup script with 'status' argument
|
||||||
```
|
```
|
||||||
|
|
||||||
### Make Schedule Stricter
|
### Make Schedule Stricter
|
||||||
|
|
||||||
Edit the constants in `setup_midnight_shutdown.sh`:
|
Edit the constants in `setup_midnight_shutdown.sh`:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
SCHEDULE_MON_WED_HOUR=20 # Changed from 21 to 20 (earlier)
|
SCHEDULE_MON_WED_HOUR=20 # Changed from 21 to 20 (earlier)
|
||||||
```
|
```
|
||||||
|
|
||||||
Then re-run:
|
Then re-run:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo ./setup_midnight_shutdown.sh
|
sudo ./setup_midnight_shutdown.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
### Make Schedule More Lenient (Requires Unlock)
|
### Make Schedule More Lenient (Requires Unlock)
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo /usr/local/sbin/unlock-shutdown-schedule
|
sudo /usr/local/sbin/unlock-shutdown-schedule
|
||||||
# Wait for delay, edit config, save
|
# Wait for delay, edit config, save
|
||||||
```
|
```
|
||||||
|
|
||||||
### Disable Timer (Will Be Re-Enabled!)
|
### Disable Timer (Will Be Re-Enabled!)
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo systemctl disable --now day-specific-shutdown.timer
|
sudo systemctl disable --now day-specific-shutdown.timer
|
||||||
# Monitor service will re-enable it automatically
|
# Monitor service will re-enable it automatically
|
||||||
```
|
```
|
||||||
|
|
||||||
### Check Protection Status
|
### Check Protection Status
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
lsattr /etc/shutdown-schedule.conf
|
lsattr /etc/shutdown-schedule.conf
|
||||||
# Should show: ----i--------e--
|
# Should show: ----i--------e--
|
||||||
@ -238,6 +257,7 @@ systemctl status shutdown-timer-monitor.service
|
|||||||
4. **Check Script Unprotected**: `/usr/local/bin/day-specific-shutdown-check.sh` can be edited
|
4. **Check Script Unprotected**: `/usr/local/bin/day-specific-shutdown-check.sh` can be edited
|
||||||
|
|
||||||
**TODO**:
|
**TODO**:
|
||||||
|
|
||||||
- Remove helpful bypass instructions from error messages
|
- Remove helpful bypass instructions from error messages
|
||||||
- Rename unlock script to obscure name
|
- Rename unlock script to obscure name
|
||||||
- Protect check script with integrity verification
|
- Protect check script with integrity verification
|
||||||
@ -245,12 +265,14 @@ systemctl status shutdown-timer-monitor.service
|
|||||||
## Troubleshooting
|
## Troubleshooting
|
||||||
|
|
||||||
### Timer not firing
|
### Timer not firing
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
systemctl status day-specific-shutdown.timer
|
systemctl status day-specific-shutdown.timer
|
||||||
systemctl list-timers | grep shutdown
|
systemctl list-timers | grep shutdown
|
||||||
```
|
```
|
||||||
|
|
||||||
### Config not being enforced
|
### Config not being enforced
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Check path watcher
|
# Check path watcher
|
||||||
systemctl status shutdown-schedule-guard.path
|
systemctl status shutdown-schedule-guard.path
|
||||||
@ -260,6 +282,7 @@ sudo /usr/local/sbin/enforce-shutdown-schedule.sh
|
|||||||
```
|
```
|
||||||
|
|
||||||
### Wrong time shown in i3blocks
|
### Wrong time shown in i3blocks
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Verify config
|
# Verify config
|
||||||
cat /etc/shutdown-schedule.conf
|
cat /etc/shutdown-schedule.conf
|
||||||
|
|||||||
@ -21,11 +21,13 @@ This system monitors your active windows and tracks time spent on thesis-related
|
|||||||
The following applications count as "thesis work":
|
The following applications count as "thesis work":
|
||||||
|
|
||||||
### Game Engines
|
### Game Engines
|
||||||
|
|
||||||
- **Unreal Engine** (all versions: UE4, UE5, UnrealEditor)
|
- **Unreal Engine** (all versions: UE4, UE5, UnrealEditor)
|
||||||
- **Unity Engine** (Unity Editor and Unity Hub)
|
- **Unity Engine** (Unity Editor and Unity Hub)
|
||||||
- **Nvidia Omniverse** (Omniverse and Kit)
|
- **Nvidia Omniverse** (Omniverse and Kit)
|
||||||
|
|
||||||
### Development Tools
|
### Development Tools
|
||||||
|
|
||||||
- **Visual Studio Code** - **ONLY** when working on the `praca_magisterska` repository
|
- **Visual Studio Code** - **ONLY** when working on the `praca_magisterska` repository
|
||||||
- The window title must contain the repository name
|
- The window title must contain the repository name
|
||||||
- Or the workspace must have the repository open
|
- Or the workspace must have the repository open
|
||||||
@ -35,15 +37,18 @@ The following applications count as "thesis work":
|
|||||||
When you haven't met your work quota, the following are blocked via `/etc/hosts`:
|
When you haven't met your work quota, the following are blocked via `/etc/hosts`:
|
||||||
|
|
||||||
### Gaming
|
### Gaming
|
||||||
|
|
||||||
- All Steam domains (steampowered.com, steamcommunity.com, etc.)
|
- All Steam domains (steampowered.com, steamcommunity.com, etc.)
|
||||||
|
|
||||||
### Social Media
|
### Social Media
|
||||||
|
|
||||||
- Reddit
|
- Reddit
|
||||||
- Twitter/X
|
- Twitter/X
|
||||||
- Facebook
|
- Facebook
|
||||||
- Instagram
|
- Instagram
|
||||||
|
|
||||||
### Video/Entertainment
|
### Video/Entertainment
|
||||||
|
|
||||||
- YouTube
|
- YouTube
|
||||||
- Twitch
|
- Twitch
|
||||||
- 9gag
|
- 9gag
|
||||||
@ -83,15 +88,18 @@ sudo scripts/digital_wellbeing/setup_thesis_work_tracker.sh \
|
|||||||
### Prerequisites
|
### Prerequisites
|
||||||
|
|
||||||
The installer will check for required dependencies:
|
The installer will check for required dependencies:
|
||||||
|
|
||||||
- `xdotool` - for window detection
|
- `xdotool` - for window detection
|
||||||
- `systemd` - for service management
|
- `systemd` - for service management
|
||||||
|
|
||||||
On Arch Linux:
|
On Arch Linux:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo pacman -S xdotool
|
sudo pacman -S xdotool
|
||||||
```
|
```
|
||||||
|
|
||||||
On Ubuntu/Debian:
|
On Ubuntu/Debian:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo apt install xdotool
|
sudo apt install xdotool
|
||||||
```
|
```
|
||||||
@ -118,6 +126,7 @@ sudo cat /var/lib/thesis-work-tracker/work-time.state
|
|||||||
### Understanding the State File
|
### Understanding the State File
|
||||||
|
|
||||||
The state file shows:
|
The state file shows:
|
||||||
|
|
||||||
- `TOTAL_WORK_SECONDS`: Your accumulated work time (in seconds)
|
- `TOTAL_WORK_SECONDS`: Your accumulated work time (in seconds)
|
||||||
- `STEAM_ACCESS_GRANTED`: Whether distractions are currently unblocked (1=yes, 0=no)
|
- `STEAM_ACCESS_GRANTED`: Whether distractions are currently unblocked (1=yes, 0=no)
|
||||||
- `CURRENT_SESSION_SECONDS`: Time in your current work session
|
- `CURRENT_SESSION_SECONDS`: Time in your current work session
|
||||||
@ -164,31 +173,37 @@ sudo rm -rf /var/log/thesis-work-tracker
|
|||||||
This system is designed to be difficult to bypass:
|
This system is designed to be difficult to bypass:
|
||||||
|
|
||||||
### 1. **Immutable State Files**
|
### 1. **Immutable State Files**
|
||||||
|
|
||||||
- State files are protected with `chattr +i` (immutable flag)
|
- State files are protected with `chattr +i` (immutable flag)
|
||||||
- Cannot be edited even by root without removing the flag first
|
- Cannot be edited even by root without removing the flag first
|
||||||
- Automatically re-applied after each update
|
- Automatically re-applied after each update
|
||||||
|
|
||||||
### 2. **Auto-Restart Service**
|
### 2. **Auto-Restart Service**
|
||||||
|
|
||||||
- Systemd service automatically restarts if killed
|
- Systemd service automatically restarts if killed
|
||||||
- Runs continuously in the background
|
- Runs continuously in the background
|
||||||
- Starts automatically on boot
|
- Starts automatically on boot
|
||||||
|
|
||||||
### 3. **Hosts File Integration**
|
### 3. **Hosts File Integration**
|
||||||
|
|
||||||
- Integrates with the repository's hosts guard system
|
- Integrates with the repository's hosts guard system
|
||||||
- Uses immutable `/etc/hosts` file
|
- Uses immutable `/etc/hosts` file
|
||||||
- Cannot be easily bypassed by changing DNS
|
- Cannot be easily bypassed by changing DNS
|
||||||
|
|
||||||
### 4. **Process Integrity**
|
### 4. **Process Integrity**
|
||||||
|
|
||||||
- Monitors actual active windows, not just running processes
|
- Monitors actual active windows, not just running processes
|
||||||
- Detects if you switch away from work applications
|
- Detects if you switch away from work applications
|
||||||
- VS Code requires specific repository to be open
|
- VS Code requires specific repository to be open
|
||||||
|
|
||||||
### 5. **Decay Mechanism**
|
### 5. **Decay Mechanism**
|
||||||
|
|
||||||
- Using Steam/distractions consumes your earned work time
|
- Using Steam/distractions consumes your earned work time
|
||||||
- Forces sustained work habits, not just one-time work sessions
|
- Forces sustained work habits, not just one-time work sessions
|
||||||
- Fair: 30 minutes of decay per hour of distraction usage
|
- Fair: 30 minutes of decay per hour of distraction usage
|
||||||
|
|
||||||
### 6. **Locked Configuration**
|
### 6. **Locked Configuration**
|
||||||
|
|
||||||
- Configuration is embedded in the installed script
|
- Configuration is embedded in the installed script
|
||||||
- Cannot be easily modified without reinstalling
|
- Cannot be easily modified without reinstalling
|
||||||
- Protected script location in `/usr/local/bin`
|
- Protected script location in `/usr/local/bin`
|
||||||
@ -228,11 +243,13 @@ ls -la ~/.Xauthority
|
|||||||
### VS Code Repository Not Detected
|
### VS Code Repository Not Detected
|
||||||
|
|
||||||
Make sure:
|
Make sure:
|
||||||
|
|
||||||
1. The window title shows the repository name
|
1. The window title shows the repository name
|
||||||
2. You're working in the correct repository folder
|
2. You're working in the correct repository folder
|
||||||
3. The repository name matches what you specified during installation
|
3. The repository name matches what you specified during installation
|
||||||
|
|
||||||
Test with:
|
Test with:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
xdotool getactivewindow getwindowname
|
xdotool getactivewindow getwindowname
|
||||||
# Should show something like: "praca_magisterska - Visual Studio Code"
|
# Should show something like: "praca_magisterska - Visual Studio Code"
|
||||||
@ -241,6 +258,7 @@ xdotool getactivewindow getwindowname
|
|||||||
### Hosts File Not Updating
|
### Hosts File Not Updating
|
||||||
|
|
||||||
Check:
|
Check:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# View current hosts file
|
# View current hosts file
|
||||||
sudo cat /etc/hosts | grep steam
|
sudo cat /etc/hosts | grep steam
|
||||||
@ -272,6 +290,7 @@ tail -f /var/log/thesis-work-tracker/tracker.log
|
|||||||
### Can I bypass this system?
|
### Can I bypass this system?
|
||||||
|
|
||||||
Technically yes, but it's designed to make bypassing more effort than just doing the work:
|
Technically yes, but it's designed to make bypassing more effort than just doing the work:
|
||||||
|
|
||||||
- You'd need to disable the service (but it auto-restarts)
|
- You'd need to disable the service (but it auto-restarts)
|
||||||
- You'd need to modify immutable files (requires chattr commands)
|
- You'd need to modify immutable files (requires chattr commands)
|
||||||
- You'd need to fake window activity (complex)
|
- You'd need to fake window activity (complex)
|
||||||
@ -286,6 +305,7 @@ VS Code only counts as work when you're in the `praca_magisterska` repository. O
|
|||||||
### Can I adjust the work quota after installation?
|
### Can I adjust the work quota after installation?
|
||||||
|
|
||||||
Yes, but you need to:
|
Yes, but you need to:
|
||||||
|
|
||||||
1. Uninstall the current system
|
1. Uninstall the current system
|
||||||
2. Reinstall with new parameters
|
2. Reinstall with new parameters
|
||||||
3. Your accumulated time is preserved in the state file
|
3. Your accumulated time is preserved in the state file
|
||||||
@ -309,6 +329,7 @@ Found a bug or have a suggestion? Please open an issue in the main repository.
|
|||||||
## Acknowledgments
|
## Acknowledgments
|
||||||
|
|
||||||
This tool is built on top of the digital wellbeing framework in this repository, including:
|
This tool is built on top of the digital wellbeing framework in this repository, including:
|
||||||
|
|
||||||
- Hosts guard system
|
- Hosts guard system
|
||||||
- Psychological friction mechanisms
|
- Psychological friction mechanisms
|
||||||
- Systemd service patterns
|
- Systemd service patterns
|
||||||
|
|||||||
@ -1,6 +1,5 @@
|
|||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
"""
|
"""Focus Mode Daemon - Steam/Browser Mutual Exclusion
|
||||||
Focus Mode Daemon - Steam/Browser Mutual Exclusion
|
|
||||||
|
|
||||||
This daemon monitors running processes and enforces mutual exclusion between
|
This daemon monitors running processes and enforces mutual exclusion between
|
||||||
Steam (gaming) and web browsers. Whichever starts first "wins" and the other
|
Steam (gaming) and web browsers. Whichever starts first "wins" and the other
|
||||||
@ -9,31 +8,35 @@ category is blocked/killed.
|
|||||||
Run as a systemd user service for continuous monitoring.
|
Run as a systemd user service for continuous monitoring.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
from datetime import datetime
|
||||||
import os
|
import os
|
||||||
|
from pathlib import Path
|
||||||
import signal
|
import signal
|
||||||
import subprocess
|
import subprocess
|
||||||
import sys
|
import sys
|
||||||
import time
|
import time
|
||||||
from datetime import datetime
|
|
||||||
from pathlib import Path
|
|
||||||
from typing import Set, Optional
|
|
||||||
|
|
||||||
# Configuration
|
# Configuration
|
||||||
STATE_DIR = Path(os.environ.get("XDG_STATE_HOME", Path.home() / ".local/state")) / "focus-mode"
|
STATE_DIR = (
|
||||||
|
Path(os.environ.get("XDG_STATE_HOME", Path.home() / ".local/state")) / "focus-mode"
|
||||||
|
)
|
||||||
LOG_FILE = STATE_DIR / "focus-mode.log"
|
LOG_FILE = STATE_DIR / "focus-mode.log"
|
||||||
POLL_INTERVAL = 2 # seconds between process checks
|
POLL_INTERVAL = 2 # seconds between process checks
|
||||||
|
|
||||||
# Process patterns
|
# Process patterns
|
||||||
STEAM_PATTERNS = frozenset([
|
STEAM_PATTERNS = frozenset(
|
||||||
|
[
|
||||||
"steam",
|
"steam",
|
||||||
"steamwebhelper",
|
"steamwebhelper",
|
||||||
"steam_ocompati", # Proton compatibility tool
|
"steam_ocompati", # Proton compatibility tool
|
||||||
])
|
]
|
||||||
|
)
|
||||||
|
|
||||||
# Games often have steam_app_ prefix in process name
|
# Games often have steam_app_ prefix in process name
|
||||||
STEAM_GAME_PREFIX = "steam_app_"
|
STEAM_GAME_PREFIX = "steam_app_"
|
||||||
|
|
||||||
BROWSER_PATTERNS = frozenset([
|
BROWSER_PATTERNS = frozenset(
|
||||||
|
[
|
||||||
"firefox",
|
"firefox",
|
||||||
"firefox-esr",
|
"firefox-esr",
|
||||||
"librewolf",
|
"librewolf",
|
||||||
@ -46,23 +49,28 @@ BROWSER_PATTERNS = frozenset([
|
|||||||
"microsoft-edge",
|
"microsoft-edge",
|
||||||
"ungoogled-chromium",
|
"ungoogled-chromium",
|
||||||
"thorium",
|
"thorium",
|
||||||
])
|
]
|
||||||
|
)
|
||||||
|
|
||||||
# Electron apps that should NOT be treated as browsers
|
# Electron apps that should NOT be treated as browsers
|
||||||
# These use Chromium under the hood but are not web browsers
|
# These use Chromium under the hood but are not web browsers
|
||||||
ELECTRON_IGNORE = frozenset([
|
ELECTRON_IGNORE = frozenset(
|
||||||
|
[
|
||||||
"electron",
|
"electron",
|
||||||
"code", # VS Code
|
"code", # VS Code
|
||||||
"chrome_crashpad", # Crashpad handler used by all Electron apps
|
"chrome_crashpad", # Crashpad handler used by all Electron apps
|
||||||
])
|
]
|
||||||
|
)
|
||||||
|
|
||||||
# Patterns to ignore (browser helpers that aren't the main browser)
|
# Patterns to ignore (browser helpers that aren't the main browser)
|
||||||
IGNORE_PATTERNS = frozenset([
|
IGNORE_PATTERNS = frozenset(
|
||||||
|
[
|
||||||
"crashhandler",
|
"crashhandler",
|
||||||
"update",
|
"update",
|
||||||
"helper",
|
"helper",
|
||||||
"crashpad",
|
"crashpad",
|
||||||
])
|
]
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
def log(message: str) -> None:
|
def log(message: str) -> None:
|
||||||
@ -85,12 +93,13 @@ def notify(title: str, message: str, urgency: str = "normal") -> None:
|
|||||||
["notify-send", "-u", urgency, title, message],
|
["notify-send", "-u", urgency, title, message],
|
||||||
capture_output=True,
|
capture_output=True,
|
||||||
timeout=5,
|
timeout=5,
|
||||||
|
check=False,
|
||||||
)
|
)
|
||||||
except Exception:
|
except Exception:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
def get_running_processes() -> Set[str]:
|
def get_running_processes() -> set[str]:
|
||||||
"""Get set of currently running process names."""
|
"""Get set of currently running process names."""
|
||||||
processes = set()
|
processes = set()
|
||||||
try:
|
try:
|
||||||
@ -99,6 +108,7 @@ def get_running_processes() -> Set[str]:
|
|||||||
capture_output=True,
|
capture_output=True,
|
||||||
text=True,
|
text=True,
|
||||||
timeout=10,
|
timeout=10,
|
||||||
|
check=False,
|
||||||
)
|
)
|
||||||
if result.returncode == 0:
|
if result.returncode == 0:
|
||||||
for line in result.stdout.strip().split("\n"):
|
for line in result.stdout.strip().split("\n"):
|
||||||
@ -110,7 +120,7 @@ def get_running_processes() -> Set[str]:
|
|||||||
return processes
|
return processes
|
||||||
|
|
||||||
|
|
||||||
def is_steam_running(processes: Set[str]) -> bool:
|
def is_steam_running(processes: set[str]) -> bool:
|
||||||
"""Check if Steam or any Steam game is running."""
|
"""Check if Steam or any Steam game is running."""
|
||||||
for proc in processes:
|
for proc in processes:
|
||||||
# Check for Steam main processes
|
# Check for Steam main processes
|
||||||
@ -122,7 +132,7 @@ def is_steam_running(processes: Set[str]) -> bool:
|
|||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
||||||
def is_browser_running(processes: Set[str]) -> bool:
|
def is_browser_running(processes: set[str]) -> bool:
|
||||||
"""Check if any browser is running."""
|
"""Check if any browser is running."""
|
||||||
for proc in processes:
|
for proc in processes:
|
||||||
# Skip Electron apps and ignored patterns
|
# Skip Electron apps and ignored patterns
|
||||||
@ -143,11 +153,15 @@ def kill_steam() -> None:
|
|||||||
|
|
||||||
try:
|
try:
|
||||||
# First try graceful shutdown
|
# First try graceful shutdown
|
||||||
subprocess.run(["pkill", "-f", "steam"], capture_output=True, timeout=5)
|
subprocess.run(
|
||||||
|
["pkill", "-f", "steam"], capture_output=True, timeout=5, check=False
|
||||||
|
)
|
||||||
time.sleep(2)
|
time.sleep(2)
|
||||||
|
|
||||||
# Force kill if still running
|
# Force kill if still running
|
||||||
subprocess.run(["pkill", "-9", "-f", "steam"], capture_output=True, timeout=5)
|
subprocess.run(
|
||||||
|
["pkill", "-9", "-f", "steam"], capture_output=True, timeout=5, check=False
|
||||||
|
)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
log(f"Error killing Steam: {e}")
|
log(f"Error killing Steam: {e}")
|
||||||
|
|
||||||
@ -159,7 +173,9 @@ def kill_browsers() -> None:
|
|||||||
|
|
||||||
for browser in BROWSER_PATTERNS:
|
for browser in BROWSER_PATTERNS:
|
||||||
try:
|
try:
|
||||||
subprocess.run(["pkill", "-f", browser], capture_output=True, timeout=5)
|
subprocess.run(
|
||||||
|
["pkill", "-f", browser], capture_output=True, timeout=5, check=False
|
||||||
|
)
|
||||||
except Exception:
|
except Exception:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
@ -168,7 +184,12 @@ def kill_browsers() -> None:
|
|||||||
# Force kill if still running
|
# Force kill if still running
|
||||||
for browser in BROWSER_PATTERNS:
|
for browser in BROWSER_PATTERNS:
|
||||||
try:
|
try:
|
||||||
subprocess.run(["pkill", "-9", "-f", browser], capture_output=True, timeout=5)
|
subprocess.run(
|
||||||
|
["pkill", "-9", "-f", browser],
|
||||||
|
capture_output=True,
|
||||||
|
timeout=5,
|
||||||
|
check=False,
|
||||||
|
)
|
||||||
except Exception:
|
except Exception:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
@ -177,10 +198,10 @@ class FocusMode:
|
|||||||
"""Tracks current focus mode and enforces mutual exclusion."""
|
"""Tracks current focus mode and enforces mutual exclusion."""
|
||||||
|
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
self.current_mode: Optional[str] = None # "gaming" or "browsing" or None
|
self.current_mode: str | None = None # "gaming" or "browsing" or None
|
||||||
self.mode_start_time: Optional[datetime] = None
|
self.mode_start_time: datetime | None = None
|
||||||
|
|
||||||
def update(self, processes: Set[str]) -> None:
|
def update(self, processes: set[str]) -> None:
|
||||||
"""Update focus mode based on running processes."""
|
"""Update focus mode based on running processes."""
|
||||||
steam_running = is_steam_running(processes)
|
steam_running = is_steam_running(processes)
|
||||||
browser_running = is_browser_running(processes)
|
browser_running = is_browser_running(processes)
|
||||||
@ -189,7 +210,9 @@ class FocusMode:
|
|||||||
# No mode set yet - first to start wins
|
# No mode set yet - first to start wins
|
||||||
if steam_running and browser_running:
|
if steam_running and browser_running:
|
||||||
# Both running at startup - prefer gaming mode (close browsers)
|
# Both running at startup - prefer gaming mode (close browsers)
|
||||||
log("Both Steam and browsers detected at startup - entering GAMING mode")
|
log(
|
||||||
|
"Both Steam and browsers detected at startup - entering GAMING mode"
|
||||||
|
)
|
||||||
self.current_mode = "gaming"
|
self.current_mode = "gaming"
|
||||||
self.mode_start_time = datetime.now()
|
self.mode_start_time = datetime.now()
|
||||||
kill_browsers()
|
kill_browsers()
|
||||||
@ -197,12 +220,20 @@ class FocusMode:
|
|||||||
log("Steam detected - entering GAMING mode")
|
log("Steam detected - entering GAMING mode")
|
||||||
self.current_mode = "gaming"
|
self.current_mode = "gaming"
|
||||||
self.mode_start_time = datetime.now()
|
self.mode_start_time = datetime.now()
|
||||||
notify("🎮 Gaming Mode", "Steam detected. Browsers are now blocked.", "normal")
|
notify(
|
||||||
|
"🎮 Gaming Mode",
|
||||||
|
"Steam detected. Browsers are now blocked.",
|
||||||
|
"normal",
|
||||||
|
)
|
||||||
elif browser_running:
|
elif browser_running:
|
||||||
log("Browser detected - entering BROWSING mode")
|
log("Browser detected - entering BROWSING mode")
|
||||||
self.current_mode = "browsing"
|
self.current_mode = "browsing"
|
||||||
self.mode_start_time = datetime.now()
|
self.mode_start_time = datetime.now()
|
||||||
notify("🌐 Browsing Mode", "Browser detected. Steam is now blocked.", "normal")
|
notify(
|
||||||
|
"🌐 Browsing Mode",
|
||||||
|
"Browser detected. Steam is now blocked.",
|
||||||
|
"normal",
|
||||||
|
)
|
||||||
|
|
||||||
elif self.current_mode == "gaming":
|
elif self.current_mode == "gaming":
|
||||||
if not steam_running:
|
if not steam_running:
|
||||||
@ -241,7 +272,6 @@ class FocusMode:
|
|||||||
|
|
||||||
if self.current_mode == "gaming":
|
if self.current_mode == "gaming":
|
||||||
return f"🎮 GAMING mode{duration} - browsers blocked"
|
return f"🎮 GAMING mode{duration} - browsers blocked"
|
||||||
else:
|
|
||||||
return f"🌐 BROWSING mode{duration} - Steam blocked"
|
return f"🌐 BROWSING mode{duration} - Steam blocked"
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -5,6 +5,7 @@
|
|||||||
## System Purpose
|
## System Purpose
|
||||||
|
|
||||||
Intercept all `pacman` commands to:
|
Intercept all `pacman` commands to:
|
||||||
|
|
||||||
1. Block installation of restricted packages (browsers, games, etc.)
|
1. Block installation of restricted packages (browsers, games, etc.)
|
||||||
2. Require challenges for greylisted packages
|
2. Require challenges for greylisted packages
|
||||||
3. Enforce hosts file sharing on VirtualBox VMs
|
3. Enforce hosts file sharing on VirtualBox VMs
|
||||||
@ -37,7 +38,7 @@ Intercept all `pacman` commands to:
|
|||||||
## File Locations
|
## File Locations
|
||||||
|
|
||||||
| File | Purpose |
|
| File | Purpose |
|
||||||
|------|---------|
|
| --------------------------------------- | ---------------------------------- |
|
||||||
| `/usr/bin/pacman` | Symlink to wrapper |
|
| `/usr/bin/pacman` | Symlink to wrapper |
|
||||||
| `/usr/bin/pacman.orig` | Real pacman binary |
|
| `/usr/bin/pacman.orig` | Real pacman binary |
|
||||||
| `pacman_wrapper.sh` | Main wrapper script (823 lines) |
|
| `pacman_wrapper.sh` | Main wrapper script (823 lines) |
|
||||||
@ -51,6 +52,7 @@ Intercept all `pacman` commands to:
|
|||||||
## Policy Files Explained
|
## Policy Files Explained
|
||||||
|
|
||||||
### pacman_blocked_keywords.txt
|
### pacman_blocked_keywords.txt
|
||||||
|
|
||||||
```
|
```
|
||||||
# Lines starting with # are comments
|
# Lines starting with # are comments
|
||||||
# Any package containing these substrings is BLOCKED
|
# Any package containing these substrings is BLOCKED
|
||||||
@ -64,6 +66,7 @@ stremio
|
|||||||
If user tries `pacman -S firefox-developer-edition`, it's blocked because it contains "firefox".
|
If user tries `pacman -S firefox-developer-edition`, it's blocked because it contains "firefox".
|
||||||
|
|
||||||
### pacman_whitelist.txt
|
### pacman_whitelist.txt
|
||||||
|
|
||||||
```
|
```
|
||||||
# Exact package names that bypass keyword blocking
|
# Exact package names that bypass keyword blocking
|
||||||
minizip # Contains nothing bad but might match a pattern
|
minizip # Contains nothing bad but might match a pattern
|
||||||
@ -71,6 +74,7 @@ python-requests # Safe despite containing blocked substrings
|
|||||||
```
|
```
|
||||||
|
|
||||||
### pacman_greylist.txt
|
### pacman_greylist.txt
|
||||||
|
|
||||||
```
|
```
|
||||||
# Packages requiring word scramble challenge
|
# Packages requiring word scramble challenge
|
||||||
# Currently empty - add packages here for challenge requirement
|
# Currently empty - add packages here for challenge requirement
|
||||||
@ -81,22 +85,26 @@ python-requests # Safe despite containing blocked substrings
|
|||||||
These checks are in the script itself and **cannot be bypassed by editing policy files**:
|
These checks are in the script itself and **cannot be bypassed by editing policy files**:
|
||||||
|
|
||||||
### VirtualBox Check
|
### VirtualBox Check
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
function is_virtualbox_package() {
|
function is_virtualbox_package() {
|
||||||
local pkg_lower="${1,,}"
|
local pkg_lower="${1,,}"
|
||||||
[[ $pkg_lower == *"virtualbox"* || $pkg_lower == *"vbox"* ]]
|
[[ $pkg_lower == *"virtualbox"* || $pkg_lower == *"vbox"* ]]
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
- Detects any package with "virtualbox" or "vbox" in name
|
- Detects any package with "virtualbox" or "vbox" in name
|
||||||
- Requires word scramble challenge (7-letter words, 120s timeout)
|
- Requires word scramble challenge (7-letter words, 120s timeout)
|
||||||
- Auto-enforces hosts file sharing on all VMs after install
|
- Auto-enforces hosts file sharing on all VMs after install
|
||||||
|
|
||||||
### Steam Check
|
### Steam Check
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
function is_steam_package() {
|
function is_steam_package() {
|
||||||
[[ $1 == "steam" ]]
|
[[ $1 == "steam" ]]
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
- Only exact match "steam" (not steam-native-runtime etc.)
|
- Only exact match "steam" (not steam-native-runtime etc.)
|
||||||
- **Weekend only** - blocked Monday through Friday 4PM
|
- **Weekend only** - blocked Monday through Friday 4PM
|
||||||
- Requires word scramble challenge (5-letter words, 60s timeout)
|
- Requires word scramble challenge (5-letter words, 60s timeout)
|
||||||
@ -134,6 +142,7 @@ verify_policy_integrity() {
|
|||||||
```
|
```
|
||||||
|
|
||||||
If tampering detected:
|
If tampering detected:
|
||||||
|
|
||||||
```
|
```
|
||||||
SECURITY WARNING: Policy file integrity check failed!
|
SECURITY WARNING: Policy file integrity check failed!
|
||||||
CRITICAL: Policy files have been tampered with!
|
CRITICAL: Policy files have been tampered with!
|
||||||
@ -163,11 +172,13 @@ This allows package installations to modify `/etc/hosts` temporarily (e.g., for
|
|||||||
### Adding a Blocked Package
|
### Adding a Blocked Package
|
||||||
|
|
||||||
1. Edit `pacman_blocked_keywords.txt`:
|
1. Edit `pacman_blocked_keywords.txt`:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
echo "newkeyword" >> pacman_blocked_keywords.txt
|
echo "newkeyword" >> pacman_blocked_keywords.txt
|
||||||
```
|
```
|
||||||
|
|
||||||
2. Reinstall wrapper to update checksums:
|
2. Reinstall wrapper to update checksums:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo ./install_pacman_wrapper.sh
|
sudo ./install_pacman_wrapper.sh
|
||||||
```
|
```
|
||||||
@ -177,11 +188,13 @@ sudo ./install_pacman_wrapper.sh
|
|||||||
If a legitimate package is being blocked (e.g., `python-firefox-sync` blocked by "firefox" keyword):
|
If a legitimate package is being blocked (e.g., `python-firefox-sync` blocked by "firefox" keyword):
|
||||||
|
|
||||||
1. Edit `pacman_whitelist.txt`:
|
1. Edit `pacman_whitelist.txt`:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
echo "python-firefox-sync" >> pacman_whitelist.txt
|
echo "python-firefox-sync" >> pacman_whitelist.txt
|
||||||
```
|
```
|
||||||
|
|
||||||
2. Reinstall wrapper:
|
2. Reinstall wrapper:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo ./install_pacman_wrapper.sh
|
sudo ./install_pacman_wrapper.sh
|
||||||
```
|
```
|
||||||
@ -189,6 +202,7 @@ sudo ./install_pacman_wrapper.sh
|
|||||||
### Adding a Challenge Requirement
|
### Adding a Challenge Requirement
|
||||||
|
|
||||||
1. Edit `pacman_greylist.txt`:
|
1. Edit `pacman_greylist.txt`:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
echo "suspicious-package" >> pacman_greylist.txt
|
echo "suspicious-package" >> pacman_greylist.txt
|
||||||
```
|
```
|
||||||
@ -198,6 +212,7 @@ echo "suspicious-package" >> pacman_greylist.txt
|
|||||||
### Bypassing the Wrapper (Emergency)
|
### Bypassing the Wrapper (Emergency)
|
||||||
|
|
||||||
If wrapper is broken and you need real pacman:
|
If wrapper is broken and you need real pacman:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo /usr/bin/pacman.orig -S package
|
sudo /usr/bin/pacman.orig -S package
|
||||||
```
|
```
|
||||||
@ -227,6 +242,7 @@ remove_installed_blocked_packages() {
|
|||||||
## Stale Lock Handling
|
## Stale Lock Handling
|
||||||
|
|
||||||
If `/var/lib/pacman/db.lck` exists but no pacman is running:
|
If `/var/lib/pacman/db.lck` exists but no pacman is running:
|
||||||
|
|
||||||
- Interactive: Prompts user to remove (15s timeout)
|
- Interactive: Prompts user to remove (15s timeout)
|
||||||
- Non-interactive (`--noconfirm`): Auto-removes if lock is >10 minutes old
|
- Non-interactive (`--noconfirm`): Auto-removes if lock is >10 minutes old
|
||||||
- If another pacman is actually running: Blocks with error
|
- If another pacman is actually running: Blocks with error
|
||||||
@ -234,6 +250,7 @@ If `/var/lib/pacman/db.lck` exists but no pacman is running:
|
|||||||
## Maintenance Auto-Setup
|
## Maintenance Auto-Setup
|
||||||
|
|
||||||
On first run, wrapper checks if periodic maintenance services exist:
|
On first run, wrapper checks if periodic maintenance services exist:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
ensure_periodic_maintenance() {
|
ensure_periodic_maintenance() {
|
||||||
# Checks: periodic-system-maintenance.timer
|
# Checks: periodic-system-maintenance.timer
|
||||||
@ -253,6 +270,7 @@ ensure_periodic_maintenance() {
|
|||||||
## Debugging
|
## Debugging
|
||||||
|
|
||||||
### Check if wrapper is installed
|
### Check if wrapper is installed
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
ls -la /usr/bin/pacman
|
ls -la /usr/bin/pacman
|
||||||
# Should show: /usr/bin/pacman -> /path/to/pacman_wrapper.sh
|
# Should show: /usr/bin/pacman -> /path/to/pacman_wrapper.sh
|
||||||
@ -262,6 +280,7 @@ ls -la /usr/bin/pacman.orig
|
|||||||
```
|
```
|
||||||
|
|
||||||
### Test policy integrity
|
### Test policy integrity
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
cat /var/lib/pacman-wrapper/policy.sha256
|
cat /var/lib/pacman-wrapper/policy.sha256
|
||||||
sha256sum /path/to/pacman_blocked_keywords.txt
|
sha256sum /path/to/pacman_blocked_keywords.txt
|
||||||
@ -269,7 +288,9 @@ sha256sum /path/to/pacman_blocked_keywords.txt
|
|||||||
```
|
```
|
||||||
|
|
||||||
### Verbose mode
|
### Verbose mode
|
||||||
|
|
||||||
The wrapper outputs colored status messages to stderr. To see them:
|
The wrapper outputs colored status messages to stderr. To see them:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
pacman -S package 2>&1 | cat
|
pacman -S package 2>&1 | cat
|
||||||
```
|
```
|
||||||
|
|||||||
@ -12,6 +12,7 @@
|
|||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
# Configuration
|
# Configuration
|
||||||
|
# shellcheck disable=SC2034 # SCRIPT_DIR reserved for future use
|
||||||
SCRIPT_DIR="$(dirname "$(readlink -f "$0")")"
|
SCRIPT_DIR="$(dirname "$(readlink -f "$0")")"
|
||||||
STATE_DIR="/var/lib/thesis-work-tracker"
|
STATE_DIR="/var/lib/thesis-work-tracker"
|
||||||
STATE_FILE="$STATE_DIR/work-time.state"
|
STATE_FILE="$STATE_DIR/work-time.state"
|
||||||
@ -67,12 +68,19 @@ DISTRACTION_DOMAINS=(
|
|||||||
)
|
)
|
||||||
|
|
||||||
# Colors for logging
|
# Colors for logging
|
||||||
|
# shellcheck disable=SC2034 # Colors available for log formatting
|
||||||
RED='\033[0;31m'
|
RED='\033[0;31m'
|
||||||
|
# shellcheck disable=SC2034
|
||||||
GREEN='\033[0;32m'
|
GREEN='\033[0;32m'
|
||||||
|
# shellcheck disable=SC2034
|
||||||
YELLOW='\033[0;33m'
|
YELLOW='\033[0;33m'
|
||||||
|
# shellcheck disable=SC2034
|
||||||
BLUE='\033[0;34m'
|
BLUE='\033[0;34m'
|
||||||
|
# shellcheck disable=SC2034
|
||||||
CYAN='\033[0;36m'
|
CYAN='\033[0;36m'
|
||||||
|
# shellcheck disable=SC2034
|
||||||
BOLD='\033[1m'
|
BOLD='\033[1m'
|
||||||
|
# shellcheck disable=SC2034
|
||||||
NC='\033[0m' # No Color
|
NC='\033[0m' # No Color
|
||||||
|
|
||||||
# Logging function
|
# Logging function
|
||||||
@ -143,6 +151,7 @@ load_state() {
|
|||||||
STEAM_ACCESS_GRANTED=$(grep "^STEAM_ACCESS_GRANTED=" "$STATE_FILE" 2>/dev/null | cut -d= -f2 || echo "0")
|
STEAM_ACCESS_GRANTED=$(grep "^STEAM_ACCESS_GRANTED=" "$STATE_FILE" 2>/dev/null | cut -d= -f2 || echo "0")
|
||||||
CURRENT_SESSION_SECONDS=$(grep "^CURRENT_SESSION_SECONDS=" "$STATE_FILE" 2>/dev/null | cut -d= -f2 || echo "0")
|
CURRENT_SESSION_SECONDS=$(grep "^CURRENT_SESSION_SECONDS=" "$STATE_FILE" 2>/dev/null | cut -d= -f2 || echo "0")
|
||||||
LAST_WORK_SESSION_START=$(grep "^LAST_WORK_SESSION_START=" "$STATE_FILE" 2>/dev/null | cut -d= -f2 || echo "0")
|
LAST_WORK_SESSION_START=$(grep "^LAST_WORK_SESSION_START=" "$STATE_FILE" 2>/dev/null | cut -d= -f2 || echo "0")
|
||||||
|
# shellcheck disable=SC2034 # Written back to state file in save_state
|
||||||
LAST_UPDATE_TIMESTAMP=$(grep "^LAST_UPDATE_TIMESTAMP=" "$STATE_FILE" 2>/dev/null | cut -d= -f2 || echo "0")
|
LAST_UPDATE_TIMESTAMP=$(grep "^LAST_UPDATE_TIMESTAMP=" "$STATE_FILE" 2>/dev/null | cut -d= -f2 || echo "0")
|
||||||
|
|
||||||
# Validate that values are numeric
|
# Validate that values are numeric
|
||||||
@ -369,11 +378,14 @@ main_loop() {
|
|||||||
block_distractions
|
block_distractions
|
||||||
fi
|
fi
|
||||||
|
|
||||||
local last_status_log=$(date +%s)
|
local last_status_log
|
||||||
local last_decay_check=$(date +%s)
|
last_status_log=$(date +%s)
|
||||||
|
local last_decay_check
|
||||||
|
last_decay_check=$(date +%s)
|
||||||
|
|
||||||
while true; do
|
while true; do
|
||||||
local current_time=$(date +%s)
|
local current_time
|
||||||
|
current_time=$(date +%s)
|
||||||
|
|
||||||
# Check if thesis work is active
|
# Check if thesis work is active
|
||||||
if is_thesis_work_active; then
|
if is_thesis_work_active; then
|
||||||
|
|||||||
0
linux_configuration/scripts/digital_wellbeing/youtube-music-wrapper.sh
Normal file → Executable file
0
linux_configuration/scripts/digital_wellbeing/youtube-music-wrapper.sh
Normal file → Executable file
@ -545,6 +545,7 @@ EOF
|
|||||||
# Fix Nextcloud Issues
|
# Fix Nextcloud Issues
|
||||||
# =============================================================================
|
# =============================================================================
|
||||||
|
|
||||||
|
# shellcheck disable=SC2120 # Function does not use positional args
|
||||||
phase_fix_issues() {
|
phase_fix_issues() {
|
||||||
check_root
|
check_root
|
||||||
|
|
||||||
|
|||||||
0
linux_configuration/scripts/features/setup_nextcloud_raspberry.sh
Normal file → Executable file
0
linux_configuration/scripts/features/setup_nextcloud_raspberry.sh
Normal file → Executable file
0
linux_configuration/scripts/fixes/fix_virtualbox.sh
Normal file → Executable file
0
linux_configuration/scripts/fixes/fix_virtualbox.sh
Normal file → Executable file
0
linux_configuration/scripts/lib/android.sh
Normal file → Executable file
0
linux_configuration/scripts/lib/android.sh
Normal file → Executable file
0
linux_configuration/scripts/lib/common.sh
Normal file → Executable file
0
linux_configuration/scripts/lib/common.sh
Normal file → Executable file
@ -12,9 +12,7 @@
|
|||||||
"tiny"
|
"tiny"
|
||||||
],
|
],
|
||||||
"isBackground": false,
|
"isBackground": false,
|
||||||
"problemMatcher": [
|
"problemMatcher": ["$gcc"],
|
||||||
"$gcc"
|
|
||||||
],
|
|
||||||
"group": "build"
|
"group": "build"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|||||||
@ -16,27 +16,34 @@ chmod +x Bash/clean_audio.sh
|
|||||||
## Quick start
|
## Quick start
|
||||||
|
|
||||||
- Single file, default ASR preset (16k mono, denoise, high‑pass, limiter):
|
- Single file, default ASR preset (16k mono, denoise, high‑pass, limiter):
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
Bash/clean_audio.sh path/to/file.wav
|
Bash/clean_audio.sh path/to/file.wav
|
||||||
```
|
```
|
||||||
|
|
||||||
This produces `path/to/file_clean.wav`.
|
This produces `path/to/file_clean.wav`.
|
||||||
|
|
||||||
- Whole folder, 4 parallel jobs, output to `cleaned/`:
|
- Whole folder, 4 parallel jobs, output to `cleaned/`:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
Bash/clean_audio.sh path/to/folder -O cleaned -j 4
|
Bash/clean_audio.sh path/to/folder -O cleaned -j 4
|
||||||
```
|
```
|
||||||
|
|
||||||
- Use an RNNoise model explicitly (if your ffmpeg has arnndn):
|
- Use an RNNoise model explicitly (if your ffmpeg has arnndn):
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
Bash/clean_audio.sh input.wav -m models/rnnoise_model.nn
|
Bash/clean_audio.sh input.wav -m models/rnnoise_model.nn
|
||||||
```
|
```
|
||||||
|
|
||||||
If you omit `-m`, the script will look in common locations; if not found, it will attempt a download via `Bash/get_rnnoise_model.sh`.
|
If you omit `-m`, the script will look in common locations; if not found, it will attempt a download via `Bash/get_rnnoise_model.sh`.
|
||||||
|
|
||||||
Advanced options and compatibility:
|
Advanced options and compatibility:
|
||||||
|
|
||||||
- The cleaner requires RNNoise by default. To allow non-ML fallback filters (afftdn), add `--allow-fallback`.
|
- The cleaner requires RNNoise by default. To allow non-ML fallback filters (afftdn), add `--allow-fallback`.
|
||||||
- The script uses advanced filter settings when available (e.g., afftdn with `md`). If your ffmpeg build lacks these options, it will error with guidance. Add `--no-advanced` (or `--compat`) to avoid such params.
|
- The script uses advanced filter settings when available (e.g., afftdn with `md`). If your ffmpeg build lacks these options, it will error with guidance. Add `--no-advanced` (or `--compat`) to avoid such params.
|
||||||
|
|
||||||
- Podcast preset (adds dynamics and loudness leveling):
|
- Podcast preset (adds dynamics and loudness leveling):
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
Bash/clean_audio.sh input.wav --preset podcast
|
Bash/clean_audio.sh input.wav --preset podcast
|
||||||
```
|
```
|
||||||
@ -64,6 +71,7 @@ Options:
|
|||||||
Default output format is mono, 16 kHz, PCM 16‑bit WAV—ideal for most Whisper/faster‑whisper pipelines. You can feed the cleaned files directly into your transcription step.
|
Default output format is mono, 16 kHz, PCM 16‑bit WAV—ideal for most Whisper/faster‑whisper pipelines. You can feed the cleaned files directly into your transcription step.
|
||||||
|
|
||||||
If you prefer FLAC to save space without quality loss:
|
If you prefer FLAC to save space without quality loss:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
Bash/clean_audio.sh input.wav -e flac -O cleaned
|
Bash/clean_audio.sh input.wav -e flac -O cleaned
|
||||||
```
|
```
|
||||||
@ -78,12 +86,13 @@ Bash/clean_audio.sh input.wav -e flac -O cleaned
|
|||||||
|
|
||||||
- If you see artifacts from RNNoise, try without a model (uses `afftdn`), or add a low‑pass (e.g., `--lowpass 8000`).
|
- If you see artifacts from RNNoise, try without a model (uses `afftdn`), or add a low‑pass (e.g., `--lowpass 8000`).
|
||||||
- For extremely boomy bar recordings, raise high‑pass by editing `HIGHPASS` in the script or add `--lowpass`.
|
- For extremely boomy bar recordings, raise high‑pass by editing `HIGHPASS` in the script or add `--lowpass`.
|
||||||
- If your ffmpeg lacks `arnndn`, you can install a newer build or keep the fallback (afftdn works fine for many cases).
|
- If your ffmpeg lacks `arnndn`, you can install a newer build or keep the fallback (afftdn works fine for many cases). - If your ffmpeg is missing features, you can use the helper:
|
||||||
- If your ffmpeg is missing features, you can use the helper:
|
|
||||||
```bash
|
```bash
|
||||||
chmod +x Bash/install_ffmpeg_with_arnndn.sh
|
chmod +x Bash/install_ffmpeg_with_arnndn.sh
|
||||||
Bash/install_ffmpeg_with_arnndn.sh
|
Bash/install_ffmpeg_with_arnndn.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
It will suggest distro options or build FFmpeg from source with `--enable-librnnoise`.
|
It will suggest distro options or build FFmpeg from source with `--enable-librnnoise`.
|
||||||
|
|
||||||
RNNoise model downloader helper:
|
RNNoise model downloader helper:
|
||||||
|
|||||||
0
linux_configuration/scripts/misc/testsAndMisc-bash/compress_images.sh
Normal file → Executable file
0
linux_configuration/scripts/misc/testsAndMisc-bash/compress_images.sh
Normal file → Executable file
0
linux_configuration/scripts/misc/testsAndMisc-bash/fix_thorium_unity.sh
Normal file → Executable file
0
linux_configuration/scripts/misc/testsAndMisc-bash/fix_thorium_unity.sh
Normal file → Executable file
@ -13,9 +13,10 @@ MCP for Unity connects your tools using two components:
|
|||||||
|
|
||||||
### Prerequisites
|
### Prerequisites
|
||||||
|
|
||||||
* **Python:** Version 3.12 or newer. [Download Python](https://www.python.org/downloads/)
|
- **Python:** Version 3.12 or newer. [Download Python](https://www.python.org/downloads/)
|
||||||
* **Unity Hub & Editor:** Version 2021.3 LTS or newer. [Download Unity](https://unity.com/download)
|
- **Unity Hub & Editor:** Version 2021.3 LTS or newer. [Download Unity](https://unity.com/download)
|
||||||
* **uv (Python toolchain manager):**
|
- **uv (Python toolchain manager):**
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# macOS / Linux
|
# macOS / Linux
|
||||||
curl -LsSf https://astral.sh/uv/install.sh | sh
|
curl -LsSf https://astral.sh/uv/install.sh | sh
|
||||||
@ -26,9 +27,9 @@ MCP for Unity connects your tools using two components:
|
|||||||
# Docs: https://docs.astral.sh/uv/getting-started/installation/
|
# Docs: https://docs.astral.sh/uv/getting-started/installation/
|
||||||
```
|
```
|
||||||
|
|
||||||
* **An MCP Client:** : [Claude Desktop](https://claude.ai/download) | [Claude Code](https://github.com/anthropics/claude-code) | [Cursor](https://www.cursor.com/en/downloads) | [Visual Studio Code Copilot](https://code.visualstudio.com/docs/copilot/overview) | [Windsurf](https://windsurf.com) | Others work with manual config
|
- **An MCP Client:** : [Claude Desktop](https://claude.ai/download) | [Claude Code](https://github.com/anthropics/claude-code) | [Cursor](https://www.cursor.com/en/downloads) | [Visual Studio Code Copilot](https://code.visualstudio.com/docs/copilot/overview) | [Windsurf](https://windsurf.com) | Others work with manual config
|
||||||
|
|
||||||
* <details> <summary><strong>[Optional] Roslyn for Advanced Script Validation</strong></summary>
|
- <details> <summary><strong>[Optional] Roslyn for Advanced Script Validation</strong></summary>
|
||||||
|
|
||||||
For **Strict** validation level that catches undefined namespaces, types, and methods:
|
For **Strict** validation level that catches undefined namespaces, types, and methods:
|
||||||
|
|
||||||
@ -51,6 +52,7 @@ MCP for Unity connects your tools using two components:
|
|||||||
**Note:** Without Roslyn, script validation falls back to basic structural checks. Roslyn enables full C# compiler diagnostics with precise error reporting.</details>
|
**Note:** Without Roslyn, script validation falls back to basic structural checks. Roslyn enables full C# compiler diagnostics with precise error reporting.</details>
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
### 🚀 Arch Linux Quick Setup Script
|
### 🚀 Arch Linux Quick Setup Script
|
||||||
|
|
||||||
If you're on Arch Linux and use Visual Studio Code as your MCP client, run the helper script in `Bash/install_unity_mcp.sh` to install the MCP server dependencies, clone the latest `unity-mcp` repository, and configure `~/.config/Code/User/mcp.json` automatically:
|
If you're on Arch Linux and use Visual Studio Code as your MCP client, run the helper script in `Bash/install_unity_mcp.sh` to install the MCP server dependencies, clone the latest `unity-mcp` repository, and configure `~/.config/Code/User/mcp.json` automatically:
|
||||||
@ -63,6 +65,7 @@ chmod +x Bash/install_unity_mcp.sh
|
|||||||
The script requires `sudo` access for `pacman` and optionally uses `yay` or `flatpak` to install Unity Hub. After it finishes, continue with the Unity-side steps below to import the MCP for Unity Bridge package inside your project.
|
The script requires `sudo` access for `pacman` and optionally uses `yay` or `flatpak` to install Unity Hub. After it finishes, continue with the Unity-side steps below to import the MCP for Unity Bridge package inside your project.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
### 🌟 Step 1: Install the Unity Package
|
### 🌟 Step 1: Install the Unity Package
|
||||||
|
|
||||||
#### To install via Git URL
|
#### To install via Git URL
|
||||||
@ -86,6 +89,7 @@ The script requires `sudo` access for `pacman` and optionally uses `yay` or `fla
|
|||||||
**Note:** If you installed the MCP Server before Coplay's maintenance, you will need to uninstall the old package before re-installing the new one.
|
**Note:** If you installed the MCP Server before Coplay's maintenance, you will need to uninstall the old package before re-installing the new one.
|
||||||
|
|
||||||
### 🛠️ Step 2: Configure Your MCP Client
|
### 🛠️ Step 2: Configure Your MCP Client
|
||||||
|
|
||||||
Connect your MCP Client (Claude, Cursor, etc.) to the Python server set up in Step 1 (auto) or via Manual Configuration (below).
|
Connect your MCP Client (Claude, Cursor, etc.) to the Python server set up in Step 1 (auto) or via Manual Configuration (below).
|
||||||
|
|
||||||
<img width="648" height="599" alt="MCPForUnity-Readme-Image" src="https://github.com/user-attachments/assets/b4a725da-5c43-4bd6-80d6-ee2e3cca9596" />
|
<img width="648" height="599" alt="MCPForUnity-Readme-Image" src="https://github.com/user-attachments/assets/b4a725da-5c43-4bd6-80d6-ee2e3cca9596" />
|
||||||
@ -94,7 +98,7 @@ Connect your MCP Client (Claude, Cursor, etc.) to the Python server set up in St
|
|||||||
|
|
||||||
1. In Unity, go to `Window > MCP for Unity`.
|
1. In Unity, go to `Window > MCP for Unity`.
|
||||||
2. Click `Auto-Setup`.
|
2. Click `Auto-Setup`.
|
||||||
3. Look for a green status indicator 🟢 and "Connected ✓". *(This attempts to modify the MCP Client's config file automatically).*
|
3. Look for a green status indicator 🟢 and "Connected ✓". _(This attempts to modify the MCP Client's config file automatically)._
|
||||||
|
|
||||||
<details><summary><strong>Client-specific troubleshooting</strong></summary>
|
<details><summary><strong>Client-specific troubleshooting</strong></summary>
|
||||||
|
|
||||||
@ -102,15 +106,14 @@ Connect your MCP Client (Claude, Cursor, etc.) to the Python server set up in St
|
|||||||
- **Cursor / Windsurf** [(**help link**)](https://github.com/CoplayDev/unity-mcp/wiki/1.-Fix-Unity-MCP-and-Cursor,-VSCode-&-Windsurf): if `uv` is missing, the MCP for Unity window shows "uv Not Found" with a quick [HELP] link and a "Choose `uv` Install Location" button.
|
- **Cursor / Windsurf** [(**help link**)](https://github.com/CoplayDev/unity-mcp/wiki/1.-Fix-Unity-MCP-and-Cursor,-VSCode-&-Windsurf): if `uv` is missing, the MCP for Unity window shows "uv Not Found" with a quick [HELP] link and a "Choose `uv` Install Location" button.
|
||||||
- **Claude Code** [(**help link**)](https://github.com/CoplayDev/unity-mcp/wiki/2.-Fix-Unity-MCP-and-Claude-Code): if `claude` isn't found, the window shows "Claude Not Found" with [HELP] and a "Choose Claude Location" button. Unregister now updates the UI immediately.</details>
|
- **Claude Code** [(**help link**)](https://github.com/CoplayDev/unity-mcp/wiki/2.-Fix-Unity-MCP-and-Claude-Code): if `claude` isn't found, the window shows "Claude Not Found" with [HELP] and a "Choose Claude Location" button. Unregister now updates the UI immediately.</details>
|
||||||
|
|
||||||
|
|
||||||
**Option B: Manual Configuration**
|
**Option B: Manual Configuration**
|
||||||
|
|
||||||
If Auto-Setup fails or you use a different client:
|
If Auto-Setup fails or you use a different client:
|
||||||
|
|
||||||
1. **Find your MCP Client's configuration file.** (Check client documentation).
|
1. **Find your MCP Client's configuration file.** (Check client documentation).
|
||||||
* *Claude Example (macOS):* `~/Library/Application Support/Claude/claude_desktop_config.json`
|
- _Claude Example (macOS):_ `~/Library/Application Support/Claude/claude_desktop_config.json`
|
||||||
* *Claude Example (Windows):* `%APPDATA%\Claude\claude_desktop_config.json`
|
- _Claude Example (Windows):_ `%APPDATA%\Claude\claude_desktop_config.json`
|
||||||
2. **Edit the file** to add/update the `mcpServers` section, using the *exact* paths from Step 1.
|
2. **Edit the file** to add/update the `mcpServers` section, using the _exact_ paths from Step 1.
|
||||||
|
|
||||||
<details>
|
<details>
|
||||||
<summary><strong>Click for Client-Specific JSON Configuration Snippets...</strong></summary>
|
<summary><strong>Click for Client-Specific JSON Configuration Snippets...</strong></summary>
|
||||||
@ -122,7 +125,12 @@ If Auto-Setup fails or you use a different client:
|
|||||||
"servers": {
|
"servers": {
|
||||||
"unityMCP": {
|
"unityMCP": {
|
||||||
"command": "uv",
|
"command": "uv",
|
||||||
"args": ["--directory","<ABSOLUTE_PATH_TO>/UnityMcpServer/src","run","server.py"],
|
"args": [
|
||||||
|
"--directory",
|
||||||
|
"<ABSOLUTE_PATH_TO>/UnityMcpServer/src",
|
||||||
|
"run",
|
||||||
|
"server.py"
|
||||||
|
],
|
||||||
"type": "stdio"
|
"type": "stdio"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -150,7 +158,6 @@ If Auto-Setup fails or you use a different client:
|
|||||||
|
|
||||||
(Replace YOUR_USERNAME)
|
(Replace YOUR_USERNAME)
|
||||||
|
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|||||||
@ -1,4 +1,3 @@
|
|||||||
1
|
1
|
||||||
00:00:00,000 --> 00:00:02,760
|
00:00:00,000 --> 00:00:02,760
|
||||||
This is a quick test on faster with but run creep shun.
|
This is a quick test on faster with but run creep shun.
|
||||||
|
|
||||||
|
|||||||
181
linux_configuration/scripts/misc/testsAndMisc-bash/tools/transcribe_fw.py
Normal file → Executable file
181
linux_configuration/scripts/misc/testsAndMisc-bash/tools/transcribe_fw.py
Normal file → Executable file
@ -1,17 +1,16 @@
|
|||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
import argparse
|
import argparse
|
||||||
|
from datetime import timedelta
|
||||||
import os
|
import os
|
||||||
import shutil
|
import shutil
|
||||||
import subprocess
|
import subprocess
|
||||||
import sys
|
import sys
|
||||||
import time
|
import time
|
||||||
from datetime import timedelta
|
|
||||||
from typing import List, Optional
|
|
||||||
|
|
||||||
|
|
||||||
def format_bytes(size: int) -> str:
|
def format_bytes(size: int) -> str:
|
||||||
"""Format bytes as human-readable string."""
|
"""Format bytes as human-readable string."""
|
||||||
for unit in ['B', 'KB', 'MB', 'GB']:
|
for unit in ["B", "KB", "MB", "GB"]:
|
||||||
if size < 1024:
|
if size < 1024:
|
||||||
return f"{size:.1f}{unit}"
|
return f"{size:.1f}{unit}"
|
||||||
size /= 1024
|
size /= 1024
|
||||||
@ -24,10 +23,13 @@ def download_model_with_progress(model_name: str) -> str:
|
|||||||
Returns the local path to the downloaded model.
|
Returns the local path to the downloaded model.
|
||||||
"""
|
"""
|
||||||
try:
|
try:
|
||||||
from huggingface_hub import snapshot_download, hf_hub_download
|
from huggingface_hub import hf_hub_download
|
||||||
from huggingface_hub.utils import EntryNotFoundError
|
from huggingface_hub.utils import EntryNotFoundError
|
||||||
except ImportError:
|
except ImportError:
|
||||||
print("[WARN] huggingface_hub not available, falling back to default download", file=sys.stderr)
|
print(
|
||||||
|
"[WARN] huggingface_hub not available, falling back to default download",
|
||||||
|
file=sys.stderr,
|
||||||
|
)
|
||||||
return model_name
|
return model_name
|
||||||
|
|
||||||
# Map common model names to HF repo IDs
|
# Map common model names to HF repo IDs
|
||||||
@ -65,24 +67,36 @@ def download_model_with_progress(model_name: str) -> str:
|
|||||||
try:
|
try:
|
||||||
# Use snapshot_download which handles caching and shows what's happening
|
# Use snapshot_download which handles caching and shows what's happening
|
||||||
# First, let's check if model.bin needs downloading by checking cache
|
# First, let's check if model.bin needs downloading by checking cache
|
||||||
from huggingface_hub import try_to_load_from_cache, HfFileSystem
|
from huggingface_hub import HfFileSystem, try_to_load_from_cache
|
||||||
|
|
||||||
cache_path = try_to_load_from_cache(repo_id, "model.bin")
|
cache_path = try_to_load_from_cache(repo_id, "model.bin")
|
||||||
if cache_path is not None:
|
if cache_path is not None:
|
||||||
print(f"[INFO] Model already cached, loading from: {os.path.dirname(cache_path)}", flush=True)
|
print(
|
||||||
|
f"[INFO] Model already cached, loading from: {os.path.dirname(cache_path)}",
|
||||||
|
flush=True,
|
||||||
|
)
|
||||||
# Return the directory containing the cached files
|
# Return the directory containing the cached files
|
||||||
return os.path.dirname(cache_path)
|
return os.path.dirname(cache_path)
|
||||||
|
|
||||||
# Model not cached, need to download
|
# Model not cached, need to download
|
||||||
print(f"[INFO] Downloading model files from {repo_id}...", flush=True)
|
print(f"[INFO] Downloading model files from {repo_id}...", flush=True)
|
||||||
print("[INFO] This may take several minutes for large models (~3GB for large-v3)", flush=True)
|
print(
|
||||||
|
"[INFO] This may take several minutes for large models (~3GB for large-v3)",
|
||||||
|
flush=True,
|
||||||
|
)
|
||||||
|
|
||||||
# Get file sizes to show progress
|
# Get file sizes to show progress
|
||||||
try:
|
try:
|
||||||
fs = HfFileSystem()
|
fs = HfFileSystem()
|
||||||
files_info = fs.ls(repo_id, detail=True)
|
files_info = fs.ls(repo_id, detail=True)
|
||||||
total_size = sum(f.get('size', 0) for f in files_info if f.get('name', '').split('/')[-1] in required_files)
|
total_size = sum(
|
||||||
print(f"[INFO] Total download size: ~{format_bytes(total_size)}", flush=True)
|
f.get("size", 0)
|
||||||
|
for f in files_info
|
||||||
|
if f.get("name", "").split("/")[-1] in required_files
|
||||||
|
)
|
||||||
|
print(
|
||||||
|
f"[INFO] Total download size: ~{format_bytes(total_size)}", flush=True
|
||||||
|
)
|
||||||
except Exception:
|
except Exception:
|
||||||
pass # Size info is optional
|
pass # Size info is optional
|
||||||
|
|
||||||
@ -100,7 +114,9 @@ def download_model_with_progress(model_name: str) -> str:
|
|||||||
resume_download=True,
|
resume_download=True,
|
||||||
)
|
)
|
||||||
elapsed = time.time() - file_start
|
elapsed = time.time() - file_start
|
||||||
file_size = os.path.getsize(local_path) if os.path.exists(local_path) else 0
|
file_size = (
|
||||||
|
os.path.getsize(local_path) if os.path.exists(local_path) else 0
|
||||||
|
)
|
||||||
print(f"done ({format_bytes(file_size)}, {elapsed:.1f}s)", flush=True)
|
print(f"done ({format_bytes(file_size)}, {elapsed:.1f}s)", flush=True)
|
||||||
downloaded += 1
|
downloaded += 1
|
||||||
|
|
||||||
@ -118,7 +134,10 @@ def download_model_with_progress(model_name: str) -> str:
|
|||||||
return model_dir
|
return model_dir
|
||||||
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print(f"[WARN] Custom download failed ({e}), falling back to default", file=sys.stderr)
|
print(
|
||||||
|
f"[WARN] Custom download failed ({e}), falling back to default",
|
||||||
|
file=sys.stderr,
|
||||||
|
)
|
||||||
return model_name
|
return model_name
|
||||||
|
|
||||||
|
|
||||||
@ -152,34 +171,38 @@ def write_txt(segments, txt_path: str):
|
|||||||
f.write(text + "\n")
|
f.write(text + "\n")
|
||||||
|
|
||||||
|
|
||||||
def write_srt_with_speakers(segments, labels: List[int], path: str):
|
def write_srt_with_speakers(segments, labels: list[int], path: str):
|
||||||
with open(path, "w", encoding="utf-8") as f:
|
with open(path, "w", encoding="utf-8") as f:
|
||||||
for i, (seg, lab) in enumerate(zip(segments, labels), start=1):
|
for i, (seg, lab) in enumerate(zip(segments, labels, strict=False), start=1):
|
||||||
text = (seg.text or "").strip()
|
text = (seg.text or "").strip()
|
||||||
if not text:
|
if not text:
|
||||||
continue
|
continue
|
||||||
spk = f"SPK{lab+1}"
|
spk = f"SPK{lab+1}"
|
||||||
f.write(f"{i}\n{format_timestamp(seg.start)} --> {format_timestamp(seg.end)}\n[{spk}] {text}\n\n")
|
f.write(
|
||||||
|
f"{i}\n{format_timestamp(seg.start)} --> {format_timestamp(seg.end)}\n[{spk}] {text}\n\n"
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
def write_txt_with_speakers(segments, labels: List[int], path: str):
|
def write_txt_with_speakers(segments, labels: list[int], path: str):
|
||||||
with open(path, "w", encoding="utf-8") as f:
|
with open(path, "w", encoding="utf-8") as f:
|
||||||
for seg, lab in zip(segments, labels):
|
for seg, lab in zip(segments, labels, strict=False):
|
||||||
text = (seg.text or "").strip()
|
text = (seg.text or "").strip()
|
||||||
if text:
|
if text:
|
||||||
spk = f"SPK{lab+1}"
|
spk = f"SPK{lab+1}"
|
||||||
f.write(f"[{spk}] {text}\n")
|
f.write(f"[{spk}] {text}\n")
|
||||||
|
|
||||||
|
|
||||||
def write_rttm(segments, labels: List[int], path: str, file_id: str = "audio"):
|
def write_rttm(segments, labels: list[int], path: str, file_id: str = "audio"):
|
||||||
# RTTM format: SPEAKER <file-id> 1 <start> <duration> <ortho> <stype> <name> <conf>
|
# RTTM format: SPEAKER <file-id> 1 <start> <duration> <ortho> <stype> <name> <conf>
|
||||||
with open(path, "w", encoding="utf-8") as f:
|
with open(path, "w", encoding="utf-8") as f:
|
||||||
for seg, lab in zip(segments, labels):
|
for seg, lab in zip(segments, labels, strict=False):
|
||||||
start = float(getattr(seg, "start", 0.0) or 0.0)
|
start = float(getattr(seg, "start", 0.0) or 0.0)
|
||||||
end = float(getattr(seg, "end", start) or start)
|
end = float(getattr(seg, "end", start) or start)
|
||||||
dur = max(0.0, end - start)
|
dur = max(0.0, end - start)
|
||||||
name = f"SPK{lab+1}"
|
name = f"SPK{lab+1}"
|
||||||
f.write(f"SPEAKER {file_id} 1 {start:.3f} {dur:.3f} <NA> <NA> {name} <NA>\n")
|
f.write(
|
||||||
|
f"SPEAKER {file_id} 1 {start:.3f} {dur:.3f} <NA> <NA> {name} <NA>\n"
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
def hhmmss(seconds: float) -> str:
|
def hhmmss(seconds: float) -> str:
|
||||||
@ -230,6 +253,7 @@ def get_media_duration(path: str) -> float | None:
|
|||||||
|
|
||||||
def _resample_linear(x, src_sr: int, tgt_sr: int):
|
def _resample_linear(x, src_sr: int, tgt_sr: int):
|
||||||
import numpy as np
|
import numpy as np
|
||||||
|
|
||||||
if src_sr == tgt_sr:
|
if src_sr == tgt_sr:
|
||||||
return x
|
return x
|
||||||
ratio = float(tgt_sr) / float(src_sr)
|
ratio = float(tgt_sr) / float(src_sr)
|
||||||
@ -242,6 +266,7 @@ def _resample_linear(x, src_sr: int, tgt_sr: int):
|
|||||||
|
|
||||||
def _kmeans_cosine(embs, k: int, iters: int = 50, seed: int = 0):
|
def _kmeans_cosine(embs, k: int, iters: int = 50, seed: int = 0):
|
||||||
import numpy as np
|
import numpy as np
|
||||||
|
|
||||||
rng = np.random.default_rng(seed)
|
rng = np.random.default_rng(seed)
|
||||||
X = np.asarray(embs, dtype=np.float32)
|
X = np.asarray(embs, dtype=np.float32)
|
||||||
if X.ndim != 2 or X.shape[0] == 0:
|
if X.ndim != 2 or X.shape[0] == 0:
|
||||||
@ -254,7 +279,7 @@ def _kmeans_cosine(embs, k: int, iters: int = 50, seed: int = 0):
|
|||||||
# If fewer samples than k, pad with random
|
# If fewer samples than k, pad with random
|
||||||
if C.shape[0] < k:
|
if C.shape[0] < k:
|
||||||
pad = rng.standard_normal(size=(k - C.shape[0], X.shape[1])).astype(np.float32)
|
pad = rng.standard_normal(size=(k - C.shape[0], X.shape[1])).astype(np.float32)
|
||||||
pad /= (np.linalg.norm(pad, axis=1, keepdims=True) + 1e-8)
|
pad /= np.linalg.norm(pad, axis=1, keepdims=True) + 1e-8
|
||||||
C = np.concatenate([C, pad], axis=0)
|
C = np.concatenate([C, pad], axis=0)
|
||||||
for _ in range(iters):
|
for _ in range(iters):
|
||||||
# Assign by cosine similarity (maximize dot product)
|
# Assign by cosine similarity (maximize dot product)
|
||||||
@ -267,7 +292,7 @@ def _kmeans_cosine(embs, k: int, iters: int = 50, seed: int = 0):
|
|||||||
newC[j] = C[j]
|
newC[j] = C[j]
|
||||||
else:
|
else:
|
||||||
v = sel.mean(axis=0)
|
v = sel.mean(axis=0)
|
||||||
v /= (np.linalg.norm(v) + 1e-8)
|
v /= np.linalg.norm(v) + 1e-8
|
||||||
newC[j] = v
|
newC[j] = v
|
||||||
if np.allclose(newC, C, atol=1e-4):
|
if np.allclose(newC, C, atol=1e-4):
|
||||||
break
|
break
|
||||||
@ -275,11 +300,12 @@ def _kmeans_cosine(embs, k: int, iters: int = 50, seed: int = 0):
|
|||||||
return labels
|
return labels
|
||||||
|
|
||||||
|
|
||||||
def _ffmpeg_transcode_to_wav16_mono(src_path: str) -> Optional[str]:
|
def _ffmpeg_transcode_to_wav16_mono(src_path: str) -> str | None:
|
||||||
"""If ffmpeg is available, transcode input to a temporary 16k mono WAV and return its path."""
|
"""If ffmpeg is available, transcode input to a temporary 16k mono WAV and return its path."""
|
||||||
if not shutil.which("ffmpeg"):
|
if not shutil.which("ffmpeg"):
|
||||||
return None
|
return None
|
||||||
import tempfile
|
import tempfile
|
||||||
|
|
||||||
tmp = tempfile.NamedTemporaryFile(prefix="fw_diar_", suffix=".wav", delete=False)
|
tmp = tempfile.NamedTemporaryFile(prefix="fw_diar_", suffix=".wav", delete=False)
|
||||||
tmp_path = tmp.name
|
tmp_path = tmp.name
|
||||||
tmp.close()
|
tmp.close()
|
||||||
@ -300,7 +326,9 @@ def _ffmpeg_transcode_to_wav16_mono(src_path: str) -> Optional[str]:
|
|||||||
tmp_path,
|
tmp_path,
|
||||||
]
|
]
|
||||||
try:
|
try:
|
||||||
subprocess.run(cmd, check=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
|
subprocess.run(
|
||||||
|
cmd, check=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL
|
||||||
|
)
|
||||||
return tmp_path
|
return tmp_path
|
||||||
except Exception:
|
except Exception:
|
||||||
try:
|
try:
|
||||||
@ -310,35 +338,44 @@ def _ffmpeg_transcode_to_wav16_mono(src_path: str) -> Optional[str]:
|
|||||||
return None
|
return None
|
||||||
|
|
||||||
|
|
||||||
def diarize_segments(audio_path: str, segments, num_speakers: int = 2) -> Optional[list]:
|
def diarize_segments(audio_path: str, segments, num_speakers: int = 2) -> list | None:
|
||||||
"""Simple diarization: compute speaker embeddings per segment and cluster with KMeans.
|
"""Simple diarization: compute speaker embeddings per segment and cluster with KMeans.
|
||||||
Returns a list of speaker labels aligned with segments, or None on failure.
|
Returns a list of speaker labels aligned with segments, or None on failure.
|
||||||
"""
|
"""
|
||||||
try:
|
try:
|
||||||
import numpy as np
|
|
||||||
import soundfile as sf
|
import soundfile as sf
|
||||||
|
|
||||||
# Use non-deprecated import path
|
# Use non-deprecated import path
|
||||||
from speechbrain.inference import EncoderClassifier
|
from speechbrain.inference import EncoderClassifier
|
||||||
import torch
|
import torch
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print(f"[WARN] Diarization dependencies missing ({e}); skipping speaker labels.", file=sys.stderr)
|
print(
|
||||||
|
f"[WARN] Diarization dependencies missing ({e}); skipping speaker labels.",
|
||||||
|
file=sys.stderr,
|
||||||
|
)
|
||||||
return None
|
return None
|
||||||
|
|
||||||
# Load audio
|
# Load audio
|
||||||
temp_to_cleanup: Optional[str] = None
|
temp_to_cleanup: str | None = None
|
||||||
try:
|
try:
|
||||||
wav, sr = sf.read(audio_path, dtype="float32", always_2d=False)
|
wav, sr = sf.read(audio_path, dtype="float32", always_2d=False)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
# Try ffmpeg transcoding fallback
|
# Try ffmpeg transcoding fallback
|
||||||
alt = _ffmpeg_transcode_to_wav16_mono(audio_path)
|
alt = _ffmpeg_transcode_to_wav16_mono(audio_path)
|
||||||
if alt is None:
|
if alt is None:
|
||||||
print(f"[WARN] Could not read audio for diarization and no ffmpeg fallback available: {e}", file=sys.stderr)
|
print(
|
||||||
|
f"[WARN] Could not read audio for diarization and no ffmpeg fallback available: {e}",
|
||||||
|
file=sys.stderr,
|
||||||
|
)
|
||||||
return None
|
return None
|
||||||
try:
|
try:
|
||||||
wav, sr = sf.read(alt, dtype="float32", always_2d=False)
|
wav, sr = sf.read(alt, dtype="float32", always_2d=False)
|
||||||
temp_to_cleanup = alt
|
temp_to_cleanup = alt
|
||||||
except Exception as e2:
|
except Exception as e2:
|
||||||
print(f"[WARN] Could not read transcoded audio for diarization: {e2}", file=sys.stderr)
|
print(
|
||||||
|
f"[WARN] Could not read transcoded audio for diarization: {e2}",
|
||||||
|
file=sys.stderr,
|
||||||
|
)
|
||||||
try:
|
try:
|
||||||
os.unlink(alt)
|
os.unlink(alt)
|
||||||
except Exception:
|
except Exception:
|
||||||
@ -354,7 +391,9 @@ def diarize_segments(audio_path: str, segments, num_speakers: int = 2) -> Option
|
|||||||
classifier = EncoderClassifier.from_hparams(
|
classifier = EncoderClassifier.from_hparams(
|
||||||
source="speechbrain/spkrec-ecapa-voxceleb",
|
source="speechbrain/spkrec-ecapa-voxceleb",
|
||||||
run_opts={"device": "cpu"},
|
run_opts={"device": "cpu"},
|
||||||
savedir=os.path.join(os.path.expanduser("~"), ".cache", "speechbrain_ecapa"),
|
savedir=os.path.join(
|
||||||
|
os.path.expanduser("~"), ".cache", "speechbrain_ecapa"
|
||||||
|
),
|
||||||
)
|
)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print(f"[WARN] Could not load speaker embedding model: {e}", file=sys.stderr)
|
print(f"[WARN] Could not load speaker embedding model: {e}", file=sys.stderr)
|
||||||
@ -383,7 +422,9 @@ def diarize_segments(audio_path: str, segments, num_speakers: int = 2) -> Option
|
|||||||
i1 = min(len(wav16), i0 + 1600)
|
i1 = min(len(wav16), i0 + 1600)
|
||||||
segment_wav = torch.tensor(wav16[i0:i1]).unsqueeze(0)
|
segment_wav = torch.tensor(wav16[i0:i1]).unsqueeze(0)
|
||||||
with torch.no_grad():
|
with torch.no_grad():
|
||||||
emb = classifier.encode_batch(segment_wav).squeeze(0).squeeze(0).cpu().numpy()
|
emb = (
|
||||||
|
classifier.encode_batch(segment_wav).squeeze(0).squeeze(0).cpu().numpy()
|
||||||
|
)
|
||||||
embs.append(emb.astype("float32"))
|
embs.append(emb.astype("float32"))
|
||||||
|
|
||||||
if len(embs) == 0:
|
if len(embs) == 0:
|
||||||
@ -399,22 +440,56 @@ def diarize_segments(audio_path: str, segments, num_speakers: int = 2) -> Option
|
|||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
parser = argparse.ArgumentParser(description="Transcribe audio with faster-whisper and write .txt and .srt")
|
parser = argparse.ArgumentParser(
|
||||||
|
description="Transcribe audio with faster-whisper and write .txt and .srt"
|
||||||
|
)
|
||||||
parser.add_argument("input", help="Path to audio/video file")
|
parser.add_argument("input", help="Path to audio/video file")
|
||||||
parser.add_argument("--model", default=os.environ.get("FW_MODEL", "large-v3"), help="Model size or path (default: large-v3)")
|
parser.add_argument(
|
||||||
parser.add_argument("--language", default=None, help="Language code (e.g., en). Leave None for auto-detect")
|
"--model",
|
||||||
parser.add_argument("--device", default=os.environ.get("FW_DEVICE", "auto"), choices=["auto", "cpu", "cuda"], help="Device to run on")
|
default=os.environ.get("FW_MODEL", "large-v3"),
|
||||||
parser.add_argument("--compute-type", dest="compute_type", default=os.environ.get("FW_COMPUTE", "auto"), help="Compute type (auto,int8,float16,float32,int8_float16,etc.)")
|
help="Model size or path (default: large-v3)",
|
||||||
parser.add_argument("--outdir", default=None, help="Output directory (default: next to input)")
|
)
|
||||||
parser.add_argument("--no-progress", action="store_true", help="Disable live progress output")
|
parser.add_argument(
|
||||||
parser.add_argument("--diarize", action="store_true", help="Enable speaker diarization (labels)")
|
"--language",
|
||||||
parser.add_argument("--num-speakers", type=int, default=int(os.environ.get("FW_NUM_SPEAKERS", "2")), help="Assumed number of speakers (default: 2)")
|
default=None,
|
||||||
|
help="Language code (e.g., en). Leave None for auto-detect",
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
"--device",
|
||||||
|
default=os.environ.get("FW_DEVICE", "auto"),
|
||||||
|
choices=["auto", "cpu", "cuda"],
|
||||||
|
help="Device to run on",
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
"--compute-type",
|
||||||
|
dest="compute_type",
|
||||||
|
default=os.environ.get("FW_COMPUTE", "auto"),
|
||||||
|
help="Compute type (auto,int8,float16,float32,int8_float16,etc.)",
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
"--outdir", default=None, help="Output directory (default: next to input)"
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
"--no-progress", action="store_true", help="Disable live progress output"
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
"--diarize", action="store_true", help="Enable speaker diarization (labels)"
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
"--num-speakers",
|
||||||
|
type=int,
|
||||||
|
default=int(os.environ.get("FW_NUM_SPEAKERS", "2")),
|
||||||
|
help="Assumed number of speakers (default: 2)",
|
||||||
|
)
|
||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
|
|
||||||
try:
|
try:
|
||||||
from faster_whisper import WhisperModel
|
from faster_whisper import WhisperModel
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print("[ERROR] faster-whisper is not installed in this environment.", file=sys.stderr)
|
print(
|
||||||
|
"[ERROR] faster-whisper is not installed in this environment.",
|
||||||
|
file=sys.stderr,
|
||||||
|
)
|
||||||
print(str(e), file=sys.stderr)
|
print(str(e), file=sys.stderr)
|
||||||
return 2
|
return 2
|
||||||
|
|
||||||
@ -438,7 +513,9 @@ def main():
|
|||||||
# Prefer accuracy over speed by default
|
# Prefer accuracy over speed by default
|
||||||
compute_type = "float16" if device == "cuda" else "float32"
|
compute_type = "float16" if device == "cuda" else "float32"
|
||||||
|
|
||||||
print(f"[INFO] Loading model='{args.model}', device='{device}', compute_type='{compute_type}'")
|
print(
|
||||||
|
f"[INFO] Loading model='{args.model}', device='{device}', compute_type='{compute_type}'"
|
||||||
|
)
|
||||||
|
|
||||||
# Pre-download model files with explicit progress if not already cached
|
# Pre-download model files with explicit progress if not already cached
|
||||||
model_path = args.model
|
model_path = args.model
|
||||||
@ -447,7 +524,8 @@ def main():
|
|||||||
|
|
||||||
# Show CTranslate2 conversion progress
|
# Show CTranslate2 conversion progress
|
||||||
import logging
|
import logging
|
||||||
logging.basicConfig(level=logging.INFO, format='[%(levelname)s] %(message)s')
|
|
||||||
|
logging.basicConfig(level=logging.INFO, format="[%(levelname)s] %(message)s")
|
||||||
ct2_logger = logging.getLogger("faster_whisper")
|
ct2_logger = logging.getLogger("faster_whisper")
|
||||||
ct2_logger.setLevel(logging.INFO)
|
ct2_logger.setLevel(logging.INFO)
|
||||||
|
|
||||||
@ -495,9 +573,11 @@ def main():
|
|||||||
|
|
||||||
# Finish progress line
|
# Finish progress line
|
||||||
if not args.no_progress and sys.stderr.isatty():
|
if not args.no_progress and sys.stderr.isatty():
|
||||||
print("", file=sys.stderr) # newline
|
print(file=sys.stderr) # newline
|
||||||
|
|
||||||
print(f"[INFO] Detected language: {getattr(info, 'language', None)} (prob={getattr(info, 'language_probability', None)})")
|
print(
|
||||||
|
f"[INFO] Detected language: {getattr(info, 'language', None)} (prob={getattr(info, 'language_probability', None)})"
|
||||||
|
)
|
||||||
print(f"[INFO] Segments: {len(collected)}")
|
print(f"[INFO] Segments: {len(collected)}")
|
||||||
|
|
||||||
# Optionally diarize
|
# Optionally diarize
|
||||||
@ -510,9 +590,14 @@ def main():
|
|||||||
write_srt_with_speakers(collected, labels, diar_srt)
|
write_srt_with_speakers(collected, labels, diar_srt)
|
||||||
write_txt_with_speakers(collected, labels, diar_txt)
|
write_txt_with_speakers(collected, labels, diar_txt)
|
||||||
write_rttm(collected, labels, rttm_path, file_id=base)
|
write_rttm(collected, labels, rttm_path, file_id=base)
|
||||||
print(f"[OK] Wrote: {diar_txt}\n[OK] Wrote: {diar_srt}\n[OK] Wrote: {rttm_path}")
|
print(
|
||||||
|
f"[OK] Wrote: {diar_txt}\n[OK] Wrote: {diar_srt}\n[OK] Wrote: {rttm_path}"
|
||||||
|
)
|
||||||
else:
|
else:
|
||||||
print("[WARN] Diarization failed or returned mismatched labels; writing plain outputs.", file=sys.stderr)
|
print(
|
||||||
|
"[WARN] Diarization failed or returned mismatched labels; writing plain outputs.",
|
||||||
|
file=sys.stderr,
|
||||||
|
)
|
||||||
|
|
||||||
# Write base outputs
|
# Write base outputs
|
||||||
write_txt(collected, txt_path)
|
write_txt(collected, txt_path)
|
||||||
|
|||||||
70
linux_configuration/scripts/misc/testsAndMisc-bash/tools/transcribe_helpers.py
Normal file → Executable file
70
linux_configuration/scripts/misc/testsAndMisc-bash/tools/transcribe_helpers.py
Normal file → Executable file
@ -2,10 +2,10 @@
|
|||||||
"""Helper utilities for transcribe.sh - replaces inline Python snippets."""
|
"""Helper utilities for transcribe.sh - replaces inline Python snippets."""
|
||||||
|
|
||||||
import argparse
|
import argparse
|
||||||
|
import array
|
||||||
import math
|
import math
|
||||||
import os
|
import os
|
||||||
import sys
|
import sys
|
||||||
import array
|
|
||||||
import wave
|
import wave
|
||||||
|
|
||||||
|
|
||||||
@ -18,6 +18,7 @@ def check_faster_whisper() -> bool:
|
|||||||
"""Check if faster_whisper is importable. Exit 7 if not."""
|
"""Check if faster_whisper is importable. Exit 7 if not."""
|
||||||
try:
|
try:
|
||||||
import faster_whisper # noqa: F401
|
import faster_whisper # noqa: F401
|
||||||
|
|
||||||
return True
|
return True
|
||||||
except ImportError:
|
except ImportError:
|
||||||
return False
|
return False
|
||||||
@ -29,9 +30,12 @@ def check_diarization_deps() -> bool:
|
|||||||
import soundfile # noqa: F401
|
import soundfile # noqa: F401
|
||||||
import speechbrain # noqa: F401
|
import speechbrain # noqa: F401
|
||||||
import torch # noqa: F401
|
import torch # noqa: F401
|
||||||
|
|
||||||
return True
|
return True
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print(f"[WARN] Diarization deps missing offline ({e}); speaker labels will be skipped.")
|
print(
|
||||||
|
f"[WARN] Diarization deps missing offline ({e}); speaker labels will be skipped."
|
||||||
|
)
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
||||||
@ -39,6 +43,7 @@ def check_ctranslate2() -> bool:
|
|||||||
"""Check if ctranslate2 is importable."""
|
"""Check if ctranslate2 is importable."""
|
||||||
try:
|
try:
|
||||||
import ctranslate2 # noqa: F401
|
import ctranslate2 # noqa: F401
|
||||||
|
|
||||||
return True
|
return True
|
||||||
except ImportError:
|
except ImportError:
|
||||||
return False
|
return False
|
||||||
@ -49,8 +54,13 @@ def print_deps_installed():
|
|||||||
print(f"[PY] Python {sys.version.split()[0]} dependencies installed.")
|
print(f"[PY] Python {sys.version.split()[0]} dependencies installed.")
|
||||||
|
|
||||||
|
|
||||||
def generate_sine_wav(outfile: str, frequency: float = 1000.0, duration: int = 3,
|
def generate_sine_wav(
|
||||||
sample_rate: int = 16000, amplitude: float = 0.3) -> bool:
|
outfile: str,
|
||||||
|
frequency: float = 1000.0,
|
||||||
|
duration: int = 3,
|
||||||
|
sample_rate: int = 16000,
|
||||||
|
amplitude: float = 0.3,
|
||||||
|
) -> bool:
|
||||||
"""Generate a sine wave WAV file using only Python stdlib.
|
"""Generate a sine wave WAV file using only Python stdlib.
|
||||||
|
|
||||||
Args:
|
Args:
|
||||||
@ -65,10 +75,23 @@ def generate_sine_wav(outfile: str, frequency: float = 1000.0, duration: int = 3
|
|||||||
"""
|
"""
|
||||||
try:
|
try:
|
||||||
n_samples = sample_rate * duration
|
n_samples = sample_rate * duration
|
||||||
data = array.array("h", [
|
data = array.array(
|
||||||
int(max(-1.0, min(1.0, amplitude * math.sin(2 * math.pi * frequency * (i / sample_rate)))) * 32767)
|
"h",
|
||||||
|
[
|
||||||
|
int(
|
||||||
|
max(
|
||||||
|
-1.0,
|
||||||
|
min(
|
||||||
|
1.0,
|
||||||
|
amplitude
|
||||||
|
* math.sin(2 * math.pi * frequency * (i / sample_rate)),
|
||||||
|
),
|
||||||
|
)
|
||||||
|
* 32767
|
||||||
|
)
|
||||||
for i in range(n_samples)
|
for i in range(n_samples)
|
||||||
])
|
],
|
||||||
|
)
|
||||||
with wave.open(outfile, "w") as wf:
|
with wave.open(outfile, "w") as wf:
|
||||||
wf.setnchannels(1)
|
wf.setnchannels(1)
|
||||||
wf.setsampwidth(2)
|
wf.setsampwidth(2)
|
||||||
@ -96,16 +119,23 @@ def prepare_model(model_name: str, model_dir: str) -> bool:
|
|||||||
# Enable HuggingFace Hub progress bars for model download
|
# Enable HuggingFace Hub progress bars for model download
|
||||||
try:
|
try:
|
||||||
from huggingface_hub import logging as hf_logging
|
from huggingface_hub import logging as hf_logging
|
||||||
|
|
||||||
hf_logging.set_verbosity_info()
|
hf_logging.set_verbosity_info()
|
||||||
import huggingface_hub
|
import huggingface_hub
|
||||||
|
|
||||||
huggingface_hub.constants.HF_HUB_DISABLE_PROGRESS_BARS = False
|
huggingface_hub.constants.HF_HUB_DISABLE_PROGRESS_BARS = False
|
||||||
os.environ["HF_HUB_DISABLE_PROGRESS_BARS"] = "0"
|
os.environ["HF_HUB_DISABLE_PROGRESS_BARS"] = "0"
|
||||||
except ImportError:
|
except ImportError:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
print(f"[PY] Preparing model '{model_name}' into {model_dir}")
|
print(f"[PY] Preparing model '{model_name}' into {model_dir}")
|
||||||
print("[INFO] Downloading model files (progress bar should appear below)...", flush=True)
|
print(
|
||||||
WhisperModel(model_name, device="cpu", compute_type="int8", download_root=model_dir)
|
"[INFO] Downloading model files (progress bar should appear below)...",
|
||||||
|
flush=True,
|
||||||
|
)
|
||||||
|
WhisperModel(
|
||||||
|
model_name, device="cpu", compute_type="int8", download_root=model_dir
|
||||||
|
)
|
||||||
print("[PY] Model prepared.")
|
print("[PY] Model prepared.")
|
||||||
return True
|
return True
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
@ -121,6 +151,7 @@ def test_cuda() -> bool:
|
|||||||
"""
|
"""
|
||||||
try:
|
try:
|
||||||
from faster_whisper import WhisperModel
|
from faster_whisper import WhisperModel
|
||||||
|
|
||||||
WhisperModel("tiny", device="cuda", compute_type="float16")
|
WhisperModel("tiny", device="cuda", compute_type="float16")
|
||||||
print("[PY] CUDA test init succeeded.")
|
print("[PY] CUDA test init succeeded.")
|
||||||
return True
|
return True
|
||||||
@ -143,8 +174,11 @@ Commands:
|
|||||||
generate-wav FILE Generate a 3s 1kHz sine wave WAV file
|
generate-wav FILE Generate a 3s 1kHz sine wave WAV file
|
||||||
prepare-model Download model for offline use (requires --model and --model-dir)
|
prepare-model Download model for offline use (requires --model and --model-dir)
|
||||||
test-cuda Test CUDA initialization
|
test-cuda Test CUDA initialization
|
||||||
""")
|
""",
|
||||||
parser.add_argument("command", choices=[
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
"command",
|
||||||
|
choices=[
|
||||||
"python-version",
|
"python-version",
|
||||||
"check-faster-whisper",
|
"check-faster-whisper",
|
||||||
"check-diarization",
|
"check-diarization",
|
||||||
@ -153,7 +187,9 @@ Commands:
|
|||||||
"generate-wav",
|
"generate-wav",
|
||||||
"prepare-model",
|
"prepare-model",
|
||||||
"test-cuda",
|
"test-cuda",
|
||||||
], help="Command to run")
|
],
|
||||||
|
help="Command to run",
|
||||||
|
)
|
||||||
parser.add_argument("--file", help="Output file path (for generate-wav)")
|
parser.add_argument("--file", help="Output file path (for generate-wav)")
|
||||||
parser.add_argument("--model", help="Model name (for prepare-model)")
|
parser.add_argument("--model", help="Model name (for prepare-model)")
|
||||||
parser.add_argument("--model-dir", help="Model directory (for prepare-model)")
|
parser.add_argument("--model-dir", help="Model directory (for prepare-model)")
|
||||||
@ -164,7 +200,10 @@ Commands:
|
|||||||
print(get_python_version())
|
print(get_python_version())
|
||||||
elif args.command == "check-faster-whisper":
|
elif args.command == "check-faster-whisper":
|
||||||
if not check_faster_whisper():
|
if not check_faster_whisper():
|
||||||
print("Python dependency 'faster_whisper' not found in offline mode. Run with --online to install.", file=sys.stderr)
|
print(
|
||||||
|
"Python dependency 'faster_whisper' not found in offline mode. Run with --online to install.",
|
||||||
|
file=sys.stderr,
|
||||||
|
)
|
||||||
sys.exit(7)
|
sys.exit(7)
|
||||||
elif args.command == "check-diarization":
|
elif args.command == "check-diarization":
|
||||||
check_diarization_deps()
|
check_diarization_deps()
|
||||||
@ -181,7 +220,10 @@ Commands:
|
|||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
elif args.command == "prepare-model":
|
elif args.command == "prepare-model":
|
||||||
if not args.model or not args.model_dir:
|
if not args.model or not args.model_dir:
|
||||||
print("--model and --model-dir are required for prepare-model", file=sys.stderr)
|
print(
|
||||||
|
"--model and --model-dir are required for prepare-model",
|
||||||
|
file=sys.stderr,
|
||||||
|
)
|
||||||
sys.exit(2)
|
sys.exit(2)
|
||||||
if not prepare_model(args.model, args.model_dir):
|
if not prepare_model(args.model, args.model_dir):
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
|||||||
0
linux_configuration/scripts/system-maintenance/bin/shutdown-timer-monitor.sh
Normal file → Executable file
0
linux_configuration/scripts/system-maintenance/bin/shutdown-timer-monitor.sh
Normal file → Executable file
0
linux_configuration/scripts/test_bad.sh
Normal file → Executable file
0
linux_configuration/scripts/test_bad.sh
Normal file → Executable file
0
linux_configuration/scripts/test_removal.sh
Normal file → Executable file
0
linux_configuration/scripts/test_removal.sh
Normal file → Executable file
@ -718,7 +718,7 @@ ugrep -o '\b[a-zA-Z_][a-zA-Z0-9_]*\b' "$COMMENTS_TEMP" 2> /dev/null |
|
|||||||
# List what per-language files were created
|
# List what per-language files were created
|
||||||
echo ""
|
echo ""
|
||||||
echo "Per-language analysis files created:"
|
echo "Per-language analysis files created:"
|
||||||
ls -la "$RESULTS_DIR/per_language/" 2> /dev/null | grep -v '^total' | awk '{print " " $NF}'
|
find "$RESULTS_DIR/per_language/" -maxdepth 1 -type f -printf ' %f\n' 2>/dev/null || true
|
||||||
|
|
||||||
print_subheader "Generating tags (this may take a while)..."
|
print_subheader "Generating tags (this may take a while)..."
|
||||||
|
|
||||||
|
|||||||
0
linux_configuration/scripts/utils/convert_video.sh
Normal file → Executable file
0
linux_configuration/scripts/utils/convert_video.sh
Normal file → Executable file
@ -96,7 +96,7 @@ lookup_offline() {
|
|||||||
# Python documentation
|
# Python documentation
|
||||||
python_doc_url() {
|
python_doc_url() {
|
||||||
local term="$1"
|
local term="$1"
|
||||||
local type="$2" # keyword, builtin, module
|
local _type="$2" # keyword, builtin, module (reserved for future use)
|
||||||
|
|
||||||
case "$term" in
|
case "$term" in
|
||||||
# Keywords
|
# Keywords
|
||||||
@ -333,14 +333,14 @@ shell_doc_url() {
|
|||||||
|
|
||||||
case "$term" in
|
case "$term" in
|
||||||
# Built-in commands
|
# Built-in commands
|
||||||
if | then | else | elif | fi | for | while | until | do | done | case | esac | in | function | select | time | coproc)
|
if | then | else | elif | fi | for | while | until | do | done | case | 'esac' | in | function | select | time | coproc)
|
||||||
echo "https://www.gnu.org/software/bash/manual/bash.html#Conditional-Constructs"
|
echo "https://www.gnu.org/software/bash/manual/bash.html#Conditional-Constructs"
|
||||||
;;
|
;;
|
||||||
echo | printf | read | declare | local | export | unset | set | shopt | alias | source | eval | exec | exit | return | break | continue | shift | trap | wait | kill | jobs | bg | fg | disown | suspend | logout | cd | pwd | pushd | popd | dirs | type | which | command | builtin | enable | help | hash | bind | complete | compgen | compopt)
|
echo | printf | read | declare | local | export | unset | set | shopt | alias | source | eval | exec | exit | return | break | continue | shift | trap | wait | kill | jobs | bg | fg | disown | suspend | logout | cd | pwd | pushd | popd | dirs | type | which | command | builtin | enable | help | hash | bind | complete | compgen | compopt)
|
||||||
echo "https://www.gnu.org/software/bash/manual/bash.html#Shell-Builtin-Commands"
|
echo "https://www.gnu.org/software/bash/manual/bash.html#Shell-Builtin-Commands"
|
||||||
;;
|
;;
|
||||||
# Common external commands
|
# Common external commands
|
||||||
grep | sed | awk | find | xargs | sort | uniq | cut | tr | head | tail | wc | cat | tee | diff | patch | tar | gzip | zip | curl | wget | ssh | scp | rsync | git | make | chmod | chown | chgrp | ln | cp | mv | rm | mkdir | rmdir | touch | ls | stat | file | df | du | free | top | ps | kill | pkill | pgrep | nohup | screen | tmux)
|
grep | sed | awk | find | xargs | sort | uniq | cut | tr | head | tail | wc | cat | tee | diff | patch | tar | gzip | zip | curl | wget | ssh | scp | rsync | git | make | chmod | chown | chgrp | ln | cp | mv | rm | mkdir | rmdir | touch | ls | stat | file | df | du | free | top | ps | pkill | pgrep | nohup | screen | tmux)
|
||||||
echo "https://man7.org/linux/man-pages/man1/$term.1.html"
|
echo "https://man7.org/linux/man-pages/man1/$term.1.html"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
@ -781,10 +781,13 @@ generate_keywords_with_docs() {
|
|||||||
[ ! -f "$keywords_file" ] && echo "No keywords found" && return
|
[ ! -f "$keywords_file" ] && echo "No keywords found" && return
|
||||||
|
|
||||||
head -$TOP_N "$keywords_file" | grep -v '^#' | while read -r line; do
|
head -$TOP_N "$keywords_file" | grep -v '^#' | while read -r line; do
|
||||||
local count=$(echo "$line" | awk '{print $1}')
|
local count
|
||||||
local keyword=$(echo "$line" | awk '{print $2}')
|
count=$(echo "$line" | awk '{print $1}')
|
||||||
|
local keyword
|
||||||
|
keyword=$(echo "$line" | awk '{print $2}')
|
||||||
[ -z "$keyword" ] && continue
|
[ -z "$keyword" ] && continue
|
||||||
local doc_link=$(get_llm_doc_link "$keyword" "$PRIMARY_LANG" "false")
|
local doc_link
|
||||||
|
doc_link=$(get_llm_doc_link "$keyword" "$PRIMARY_LANG" "false")
|
||||||
echo "$count $keyword → $doc_link"
|
echo "$count $keyword → $doc_link"
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
@ -795,15 +798,18 @@ generate_functions_with_docs() {
|
|||||||
[ ! -f "$functions_file" ] && echo "No functions found" && return
|
[ ! -f "$functions_file" ] && echo "No functions found" && return
|
||||||
|
|
||||||
head -$TOP_N "$functions_file" | grep -v '^#' | while read -r line; do
|
head -$TOP_N "$functions_file" | grep -v '^#' | while read -r line; do
|
||||||
local count=$(echo "$line" | awk '{print $1}')
|
local count
|
||||||
local func=$(echo "$line" | awk '{print $2}')
|
count=$(echo "$line" | awk '{print $1}')
|
||||||
|
local func
|
||||||
|
func=$(echo "$line" | awk '{print $2}')
|
||||||
|
|
||||||
# Skip single-letter functions (minified code) or empty
|
# Skip single-letter functions (minified code) or empty
|
||||||
if [ -z "$func" ] || [ ${#func} -le 1 ]; then
|
if [ -z "$func" ] || [ ${#func} -le 1 ]; then
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
|
||||||
local doc_link=$(get_llm_doc_link "$func" "$PRIMARY_LANG" "false")
|
local doc_link
|
||||||
|
doc_link=$(get_llm_doc_link "$func" "$PRIMARY_LANG" "false")
|
||||||
echo "$count $func() → $doc_link"
|
echo "$count $func() → $doc_link"
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
@ -814,15 +820,18 @@ generate_imports_with_docs() {
|
|||||||
[ ! -f "$imports_file" ] && echo "No imports found" && return
|
[ ! -f "$imports_file" ] && echo "No imports found" && return
|
||||||
|
|
||||||
head -20 "$imports_file" | grep -v '^#' | while read -r line; do
|
head -20 "$imports_file" | grep -v '^#' | while read -r line; do
|
||||||
local count=$(echo "$line" | awk '{print $1}')
|
local count
|
||||||
local import_stmt=$(echo "$line" | cut -d' ' -f2-)
|
count=$(echo "$line" | awk '{print $1}')
|
||||||
|
local import_stmt
|
||||||
|
import_stmt=$(echo "$line" | cut -d' ' -f2-)
|
||||||
[ -z "$import_stmt" ] && continue
|
[ -z "$import_stmt" ] && continue
|
||||||
|
|
||||||
# Check if internal import
|
# Check if internal import
|
||||||
if [[ $import_stmt =~ @/ ]] || [[ $import_stmt =~ \'\./ ]] || [[ $import_stmt =~ from\ app\. ]] || [[ $import_stmt =~ from\ src\. ]]; then
|
if [[ $import_stmt =~ @/ ]] || [[ $import_stmt =~ \./ ]] || [[ $import_stmt =~ from\ app\. ]] || [[ $import_stmt =~ from\ src\. ]]; then
|
||||||
echo "$count $import_stmt → [INTERNAL - SKIP]"
|
echo "$count $import_stmt → [INTERNAL - SKIP]"
|
||||||
else
|
else
|
||||||
local doc_link=$(get_llm_doc_link "$import_stmt" "$PRIMARY_LANG" "true")
|
local doc_link
|
||||||
|
doc_link=$(get_llm_doc_link "$import_stmt" "$PRIMARY_LANG" "true")
|
||||||
echo "$count $import_stmt → $doc_link"
|
echo "$count $import_stmt → $doc_link"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|||||||
0
linux_configuration/scripts/utils/install_offline_docs.sh
Normal file → Executable file
0
linux_configuration/scripts/utils/install_offline_docs.sh
Normal file → Executable file
@ -30,6 +30,7 @@ STUDY_MATERIALS_BASE="$HOME/.local/share/study-materials"
|
|||||||
|
|
||||||
# Work directories
|
# Work directories
|
||||||
WORK_DIR="/tmp/repo_study_$$"
|
WORK_DIR="/tmp/repo_study_$$"
|
||||||
|
# shellcheck disable=SC2034 # OUTPUT_DIR set dynamically by parse_args
|
||||||
OUTPUT_DIR=""
|
OUTPUT_DIR=""
|
||||||
|
|
||||||
# Colors
|
# Colors
|
||||||
|
|||||||
@ -3,10 +3,7 @@
|
|||||||
|
|
||||||
#include <gtk/gtk.h>
|
#include <gtk/gtk.h>
|
||||||
|
|
||||||
G_DECLARE_FINAL_TYPE(MyApplication,
|
G_DECLARE_FINAL_TYPE(MyApplication, my_application, MY, APPLICATION,
|
||||||
my_application,
|
|
||||||
MY,
|
|
||||||
APPLICATION,
|
|
||||||
GtkApplication)
|
GtkApplication)
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@ -77,6 +77,73 @@ unfixable = []
|
|||||||
"C901", # Complex interactive mode is acceptable
|
"C901", # Complex interactive mode is acceptable
|
||||||
"PLR0912", # Too many branches in interactive mode
|
"PLR0912", # Too many branches in interactive mode
|
||||||
]
|
]
|
||||||
|
# Cinema planner - CLI tool with print output
|
||||||
|
"python_pkg/cinema_planner/*.py" = [
|
||||||
|
"ARG001", # Unused function argument (callbacks)
|
||||||
|
"T201", # print() is intentional for CLI output
|
||||||
|
"D101", # Missing docstring in public class
|
||||||
|
"D102", # Missing docstring in public method
|
||||||
|
"D103", # Missing docstring in public function
|
||||||
|
"D104", # Missing docstring in public package
|
||||||
|
"ANN201", # Missing return type annotation
|
||||||
|
"ANN202", # Missing return type annotation (private)
|
||||||
|
"C901", # Complex functions acceptable for CLI
|
||||||
|
"E501", # Line too long
|
||||||
|
"EM102", # Exception f-string literal
|
||||||
|
"PERF203", # try-except in loop
|
||||||
|
"PERF401", # List comprehension
|
||||||
|
"PLR0912", # Too many branches
|
||||||
|
"PLR0915", # Too many statements
|
||||||
|
"PLR2004", # Magic values
|
||||||
|
"PLR1714", # Multiple comparisons
|
||||||
|
"PTH123", # open() instead of Path.open()
|
||||||
|
"S607", # Partial executable path
|
||||||
|
"SIM105", # Use contextlib.suppress
|
||||||
|
"TRY003", # Long exception messages
|
||||||
|
]
|
||||||
|
# Linux configuration scripts - standalone scripts
|
||||||
|
"linux_configuration/**/*.py" = [
|
||||||
|
"ARG001", # Unused function argument (signal handlers)
|
||||||
|
"BLE001", # Blind exception catching in scripts
|
||||||
|
"T201", # print() is intentional for scripts
|
||||||
|
"ANN001", # Missing function argument type annotation
|
||||||
|
"ANN201", # Missing return type annotation
|
||||||
|
"ANN202", # Missing return type annotation (private)
|
||||||
|
"ANN204", # Missing return type for __init__
|
||||||
|
"C901", # Complex functions in scripts
|
||||||
|
"D100", # Missing module docstring
|
||||||
|
"D103", # Missing docstring in public function
|
||||||
|
"D107", # Missing docstring in __init__
|
||||||
|
"D205", # 1 blank line required between summary and description
|
||||||
|
"D415", # First line should end with period
|
||||||
|
"DTZ005", # datetime without timezone
|
||||||
|
"E501", # Line too long
|
||||||
|
"EXE001", # Shebang without executable permission
|
||||||
|
"N806", # Non-lowercase variable name
|
||||||
|
"PERF203", # try-except in loop
|
||||||
|
"PGH003", # Use specific rule codes
|
||||||
|
"PLR0912", # Too many branches
|
||||||
|
"PLR0915", # Too many statements
|
||||||
|
"PLR2004", # Magic values
|
||||||
|
"PTH100", # Path manipulation
|
||||||
|
"PTH103", # Path manipulation
|
||||||
|
"PTH108", # Path manipulation
|
||||||
|
"PTH110", # Path manipulation
|
||||||
|
"PTH111", # Path manipulation
|
||||||
|
"PTH112", # Path manipulation
|
||||||
|
"PTH118", # Path manipulation
|
||||||
|
"PTH119", # Path manipulation
|
||||||
|
"PTH120", # Path manipulation
|
||||||
|
"PTH122", # Path manipulation
|
||||||
|
"PTH123", # open() instead of Path.open()
|
||||||
|
"PTH202", # Path manipulation
|
||||||
|
"S110", # try-except-pass
|
||||||
|
"S607", # Partial executable path
|
||||||
|
"SIM102", # Collapsible if
|
||||||
|
"SIM105", # Use contextlib.suppress
|
||||||
|
"SIM115", # Use context manager
|
||||||
|
"TRY300", # Consider else block
|
||||||
|
]
|
||||||
# Word frequency package - legacy code with pre-existing complexity
|
# Word frequency package - legacy code with pre-existing complexity
|
||||||
"python_pkg/word_frequency/*.py" = [
|
"python_pkg/word_frequency/*.py" = [
|
||||||
"C901", # Function complexity - legacy code
|
"C901", # Function complexity - legacy code
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user