bigtreetech
Configs changed after install, and serious security risk.
It appears that instead of keeping the users existing config, you guys back it up, and copy a new one in place of it. This can be bad for someone that has spent days getting their OctoPrint install setup and dialed in to how they want it. Instead, you guys should be adding the required lines to the config, if any that are needed to enable OctoBTT to work.
You can use this command to get additional info on how to set configs via CLI.
~/oprint/bin/octoprint config --help
And here is some info on what is in the config.yaml file.
https://docs.octoprint.org/en/master/configuration/config_yaml.html
And for security reasons, you guys need to stop using the same API key for all installs. This is a HUGE security risk.
Hardcoded API key... https://github.com/bigtreetech/OctoBTT/blob/e3516ea90a2b578b497829ca3616c09f1ad2241e/main.cpp#L17 https://github.com/bigtreetech/OctoBTT/blob/e3516ea90a2b578b497829ca3616c09f1ad2241e/octonetwork.h#L35
Yes, I am trying the way you said, but you still need to wait patiently before I debug and stabilize. Thank you for your feedback.
There also seems to be an issue w/ Settings > WiFi, as when I click it, it either hangs OctoBTT, or drops to console.
Also, OctoPrint will be making user auth mandatory in the near future, so it might be good to start getting that worked on.
The Wi-Fi connection is performed by the console operation mode, and I did not encounter the situation of falling into the console. As for the problem you encountered, I wonder if you could record a video for me, so That I can locate your problem more easily. The second question is about the account permissions you think we will finish as soon as possible. Please wait patiently and thank you for your attention and support.
@bigtreetech I can do the video, no problem. I have a spare rPi and screen I can set it up on. I should be able to get it in the next day or 2.
I am active user on OctoPrint's discord server, and have been told that auth will be mandatory in the near future. I believe it will be 0.15.0 that implements this requirement.
I look forward to the official release. Will this be the software used w/ the Biqu BX rPi interface ? I am a kickstarter backer of it, and can't wait for the printer to be delivered. :)
Thank you for your support. I also have a request that you send me a copy of your configuration file, and I will refer to your configuration requirements to improve the usability of the software.
I have completed a fresh install of OctoPi 0.18.0 RC1 armhf. I completed a apt update and upgrade, then installed OctoDash before configuring OctoPrint. I then logged into OctoPrint, and did not get the normal Welcome wizard for the new installation. Here is the config.yaml that is currently in use. (The BTT Provided config.yaml I believe.) Along w/ the vanilla config that came with the install. If you need a live config, I will need to sanitize it before sending it to you. But all salts, sercret keys, api keys, application keys, discovery upnpUuid, and error tracking/tracking unique_id are generated uniquely per installation. They cannot be reused for another system, or this causes a security issue.
Also... https://octoprint.org/blog/2020/11/10/new-release-candidate-1.5.0rc1
config.yaml.OctoBTTbackup.txt config.yaml.txt
Here is the video for the wifi issues. It looks like it's just hanging, and doesn't do anything at all. I am running on a rPi 4 4GB.
https://drive.google.com/file/d/1QVfl7Mkzt5qdeotWIxBuVq4aAmaWnNR2/view?usp=sharing
@bigtreetech - Just to let you know, as of OctoPrint 1.5.0 OctoBTT no longer works, because of the configuration copying. It requires Access Control to be enabled, which also means you need a users.yaml which has encrypted passwords in it. As a result, users cannot open OctoPrint.
You should not need change the entire configuration like this to connect to OctoPrint. If you want an example of how it can be done, OctoDash is a good example. You only need the API key, not the entire file.
There is no reason to sudo to read info either. sudo should ONLY be used for system changes, not reading data..
https://github.com/bigtreetech/OctoBTT/blob/e3516ea90a2b578b497829ca3616c09f1ad2241e/wlanconfig.cpp#L202
ifconfig | grep -E "flags|inet|ether" eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 ether dc:a6:32:a4:xx:xx txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.x.xxx netmask 255.255.255.0 broadcast 192.168.x.255 ether dc:a6:32:a4:xx:xx txqueuelen 1000 (Ethernet)
@bigtreetech @Shine6Z If I want to recompile my changes for testing, what do I need to run from the rPi ? The below lines ?
cd ~/OctoBTT qmake OctoBTT.pro if [ ! -f "$OctoBTT" ]; then rm OctoBTT make clean fi make -j$(cat /proc/cpuinfo | grep processor | wc -l)
Hardcoding password, APIs, etc is a HUGE no no.. This needs to be removed.
https://github.com/Will-wastelander/OctoBTT/blob/bfffb6cbc50562a9bbd6eee861d62279f6417c44/terminaldialog.h#L54
If needing sudo for the commands is required, which some of them aren't. You should be using something like this in /etc/sudoers.d/OctoBTT
pi ALL=(ALL) NOPASSWD: /sbin/iwlist, /sbin/wpa_cli, /sbin/iwconfig, /sbins/ifconfig
I have forked the build, and will make some security changes, and do a PR. I'm not that into coding, so I won't be much help with anything outside of security stuff, and recommendations..
I have completed a fresh install of OctoPi 0.18.0 RC1 armhf. I completed a apt update and upgrade, then installed OctoDash before configuring OctoPrint. I then logged into OctoPrint, and did not get the normal Welcome wizard for the new installation. Here is the config.yaml that is currently in use. (The BTT Provided config.yaml I believe.) Along w/ the vanilla config that came with the install. If you need a live config, I will need to sanitize it before sending it to you. But all salts, sercret keys, api keys, application keys, discovery upnpUuid, and error tracking/tracking unique_id are generated uniquely per installation. They cannot be reused for another system, or this causes a security issue.
Also... https://octoprint.org/blog/2020/11/10/new-release-candidate-1.5.0rc1
Yes, I have noticed the existence of similar problems, so I will solve this problem as soon as possible.
For incorrect console passwords, you can enter the correct console password by clicking on the console icon at the top.
@bigtreetech - Just to let you know, as of OctoPrint 1.5.0 OctoBTT no longer works, because of the configuration copying. It requires Access Control to be enabled, which also means you need a
users.yamlwhich has encrypted passwords in it. As a result, users cannot open OctoPrint.You should not need change the entire configuration like this to connect to OctoPrint. If you want an example of how it can be done, OctoDash is a good example. You only need the API key, not the entire file.
Indeed, here I do need to adjust for the right access, I'm already doing it, you need to be patient.
There is no reason to sudo to read info either. sudo should ONLY be used for system changes, not reading data..
https://github.com/bigtreetech/OctoBTT/blob/e3516ea90a2b578b497829ca3616c09f1ad2241e/wlanconfig.cpp#L202
ifconfig | grep -E "flags|inet|ether" eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 ether dc:a6:32:a4:xx:xx txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.x.xxx netmask 255.255.255.0 broadcast 192.168.x.255 ether dc:a6:32:a4:xx:xx txqueuelen 1000 (Ethernet)
Due to the scanning permission involved, the command sudo will be used. However, it is not a complete command procedure shown in the figure. Here, the required command is simply passed to the Terminal unit for execution, and the terminal unit will automatically solve the process of entering the password.
@bigtreetech @Shine6Z If I want to recompile my changes for testing, what do I need to run from the rPi ? The below lines ?
cd ~/OctoBTT qmake OctoBTT.pro if [ ! -f "$OctoBTT" ]; then rm OctoBTT make clean fi make -j$(cat /proc/cpuinfo | grep processor | wc -l)
Right, you can execute this command to recompile the boot:
cd ~/OctoBTT && qmake OctoBTT.pro && rm OctoBTT && make clean && make -j$(cat /proc/cpuinfo | grep processor | wc -l) && sudo reboot
I have forked the build, and will make some security changes, and do a PR. I'm not that into coding, so I won't be much help with anything outside of security stuff, and recommendations..
Involving safety I can adjust to a more reasonable way to solve this kind of problem, the current operation permissions not immediately remove permissions required demand, this also involves dynamic loading of USB storage devices, but does not rule out future will take a more reasonable way to deal with these problems, thank you for your feedback, also hope that you will continue to focus on, do better suggestion for our improvement.
Here is the video for the wifi issues. It looks like it's just hanging, and doesn't do anything at all. I am running on a rPi 4 4GB.
https://drive.google.com/file/d/1QVfl7Mkzt5qdeotWIxBuVq4aAmaWnNR2/view?usp=sharing
Combined with the overall content, video interface freeze reason is caused by the console password is not correct, my side to freeze the aim is to avoid multiple console driver execution at the same time lead to chaos, so I'll be frozen when entering the video interface interface scanning devices are available, and after the scan will remove freeze, I'm sorry to bring you problems, I will prioritize the unfriendly interface freeze.
I was able to resolve the wifi issue w/ my OctoBTT file in sudoers.d. This gives OctoBTT access to run iwlist, iwconfig, wpa_cli, and ifconfig. If there are any other sudo commands that I have missed, please let me know, and I will get them added. Then we no longer need to provide a password for those specific commands to be ran.
Would you mind explaining what is going on with the USB mounting stuff ? Why is it needed, what is the function/purpose of it ? I think there is a way to auto-mount USB drives, as it happens when you insert a USB drive when running Xorg.
I would like to have full bash console capability in OctoBTT so that DIY users do not lose their console access because they are using OctoBTT. There are still some issues with introducing Bash, so I'm still looking for a more sensible solution; As for the USB storage device mount problem, I tried the automatic mount scheme before, but for some reason, the mount function did not seem to work, so I took it on OctoBTT and I used the Bash console command to scan and mount the USB storage device.