lesavka/scripts/install/client.sh

#!/usr/bin/env bash
# scripts/install/client.sh - install and setup all client related apps and environments
set -euo pipefail

ORIG_USER=${SUDO_USER:-$(id -un)}
REF=${LESAVKA_REF:-master}
SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)
SCRIPT_REPO_ROOT=$(cd -- "$SCRIPT_DIR/../.." && pwd)
DEFAULT_REPO_URL=ssh://git@scm.bstein.dev:2242/bstein/lesavka.git
REPO_URL=${LESAVKA_REPO_URL:-}
SRC=/var/src/lesavka
export TMPDIR=${TMPDIR:-/var/tmp}
USER_HOME=$(getent passwd "$ORIG_USER" | cut -d: -f6)
CLIENT_PKI_DIR=${LESAVKA_CLIENT_PKI_DIR:-$USER_HOME/.config/lesavka/pki}
CLIENT_PKI_AUTO_FETCH=${LESAVKA_CLIENT_PKI_AUTO_FETCH:-1}
CLIENT_PKI_SSH_SOURCE=${LESAVKA_CLIENT_PKI_SSH_SOURCE:-theia:/etc/lesavka/lesavka-client-pki.tar.gz}
CLIENT_CAPTURE_DIR=${LESAVKA_CLIENT_CAPTURE_DIR:-$USER_HOME/Pictures/lesavka}

log() {
  printf '==> %s\n' "$*"
}

manifest_package_version() {
  local manifest=$1
  [[ -f $manifest ]] || return 1
  awk -F'"' '
    $0 ~ /^\[package\]/ { in_package=1; next }
    in_package && $0 ~ /^\[/ { exit }
    in_package && $0 ~ /^[[:space:]]*version[[:space:]]*=/ { print $2; exit }
  ' "$manifest"
}

installed_kernel_module_trees() {
  local roots=(/usr/lib/modules /lib/modules)
  local seen=()
  local root entry
  for root in "${roots[@]}"; do
    [[ -d $root ]] || continue
    for entry in "$root"/*; do
      [[ -d $entry ]] || continue
      seen+=("$(basename "$entry")")
    done
  done
  if [[ ${#seen[@]} -eq 0 ]]; then
    return 0
  fi
  printf '%s\n' "${seen[@]}" | awk '!seen[$0]++'
}

require_command() {
  local cmd=$1
  local pkg_hint=$2
  if command -v "$cmd" >/dev/null 2>&1; then
    return 0
  fi
  echo "❌ required command '$cmd' is unavailable after install (expected via $pkg_hint)" >&2
  exit 1
}

require_linkable() {
  local path=$1
  local label=$2
  if ldd "$path" 2>/dev/null | grep -q 'not found'; then
    echo "❌ $label is present but has unresolved shared-library dependencies:" >&2
    ldd "$path" 2>/dev/null | grep 'not found' >&2 || true
    exit 1
  fi
}

require_gst_element() {
  local element=$1
  if gst-inspect-1.0 "$element" >/dev/null 2>&1; then
    return 0
  fi
  echo "❌ required GStreamer element '$element' is unavailable after install." >&2
  exit 1
}

require_kernel_module() {
  local module=$1
  local why=$2
  if modinfo "$module" >/dev/null 2>&1; then
    return 0
  fi
  local running_kernel
  running_kernel=$(uname -r)
  mapfile -t module_trees < <(installed_kernel_module_trees)
  echo "❌ required kernel module '$module' is unavailable for the running kernel $(uname -r)." >&2
  echo "   Lesavka needs it for $why." >&2
  if [[ ${#module_trees[@]} -eq 0 ]]; then
    echo "   No kernel module trees are currently installed under /usr/lib/modules or /lib/modules." >&2
  else
    echo "   Installed kernel module trees: ${module_trees[*]}" >&2
    if [[ ! " ${module_trees[*]} " =~ [[:space:]]${running_kernel}[[:space:]] ]]; then
      echo "   The machine is booted into an older kernel than the modules that are currently installed." >&2
      echo "   Reboot into one of the installed kernels above, then rerun the installer." >&2
    else
      echo "   The current kernel tree exists, but modinfo still cannot resolve '$module'." >&2
      echo "   Verify the kernel package and headers are healthy, then rerun the installer." >&2
    fi
  fi
  exit 1
}

run_as_user() {
  sudo -u "$ORIG_USER" env HOME="$USER_HOME" SSH_AUTH_SOCK="${SSH_AUTH_SOCK:-}" "$@"
}

fetch_client_pki_bundle() {
  [[ $CLIENT_PKI_AUTO_FETCH != 0 && $CLIENT_PKI_AUTO_FETCH != false && $CLIENT_PKI_AUTO_FETCH != no ]] || return 1
  [[ $CLIENT_PKI_SSH_SOURCE == *:* ]] || return 1

  local host=${CLIENT_PKI_SSH_SOURCE%%:*}
  local remote_path=${CLIENT_PKI_SSH_SOURCE#*:}
  local tmp_bundle
  tmp_bundle=$(run_as_user mktemp --tmpdir="$TMPDIR" lesavka-client-pki.XXXXXX.tar.gz)
  if run_as_user scp -q -o BatchMode=yes -o ConnectTimeout=5 \
    "$host:$remote_path" "$tmp_bundle" >/dev/null 2>&1; then
    printf '%s\n' "$tmp_bundle"
    return 0
  fi
  rm -f "$tmp_bundle"
  return 1
}

install_client_pki_bundle() {
  local bundle=${LESAVKA_CLIENT_PKI_BUNDLE:-}
  local fetched_bundle=0
  if [[ -z $bundle ]]; then
    if [[ -s "$CLIENT_PKI_DIR/ca.crt" && -s "$CLIENT_PKI_DIR/client.crt" && -s "$CLIENT_PKI_DIR/client.key" ]]; then
      echo "   ↪ TLS client identity already present: $CLIENT_PKI_DIR"
      return 0
    fi

    if bundle=$(fetch_client_pki_bundle); then
      fetched_bundle=1
      echo "   ↪ fetched TLS client enrollment bundle from $CLIENT_PKI_SSH_SOURCE"
    else
      echo "⚠️  no TLS client identity installed."
      echo "   Rerun with LESAVKA_CLIENT_PKI_BUNDLE=/path/to/lesavka-client-pki.tar.gz,"
      echo "   or make $CLIENT_PKI_SSH_SOURCE readable over SSH and rerun the installer."
      echo "   HTTPS/mTLS relay connections will not work until this bundle is installed."
      return 0
    fi
  fi

  log "5b. Installing TLS client identity"
  local tmp
  tmp=$(mktemp -d)
  sudo tar -xzf "$bundle" -C "$tmp"
  for item in ca.crt client.crt client.key; do
    if [[ ! -s "$tmp/$item" ]]; then
      echo "❌ TLS client bundle $bundle is missing $item" >&2
      sudo rm -rf "$tmp"
      exit 1
    fi
  done
  sudo install -d -m 0700 -o "$ORIG_USER" -g "$ORIG_USER" "$CLIENT_PKI_DIR"
  sudo install -m 0644 -o "$ORIG_USER" -g "$ORIG_USER" "$tmp/ca.crt" "$CLIENT_PKI_DIR/ca.crt"
  sudo install -m 0644 -o "$ORIG_USER" -g "$ORIG_USER" "$tmp/client.crt" "$CLIENT_PKI_DIR/client.crt"
  sudo install -m 0600 -o "$ORIG_USER" -g "$ORIG_USER" "$tmp/client.key" "$CLIENT_PKI_DIR/client.key"
  sudo rm -rf "$tmp"
  if [[ $fetched_bundle == 1 ]]; then
    rm -f "$bundle"
  fi
  echo "   ↪ installed TLS client identity: $CLIENT_PKI_DIR"
}

mkdir -p "$TMPDIR"

if [[ -z $REPO_URL ]] && [[ -d $SCRIPT_REPO_ROOT/.git ]]; then
  REPO_URL=$(git -C "$SCRIPT_REPO_ROOT" config --get remote.origin.url || true)
fi
REPO_URL=${REPO_URL:-$DEFAULT_REPO_URL}

log "1. Installing base packages"
sudo pacman -Sq --needed --noconfirm \
  git rustup protobuf abseil-cpp gcc clang llvm-libs compiler-rt evtest base-devel libpulse \
  pipewire pipewire-pulse wireplumber alsa-utils gst-plugin-pipewire \
  gstreamer gst-plugins-base gst-plugins-good gst-plugins-bad gst-plugins-ugly gst-libav \
  wmctrl qt6-tools wl-clipboard xclip xsel desktop-file-utils openssl

ensure_yay() {
  if command -v yay >/dev/null 2>&1; then
    if run_as_user yay --version >/dev/null 2>&1; then
      return
    fi
  fi
  run_as_user env TMPDIR="$TMPDIR" bash -c 'rm -rf "$TMPDIR/yay" &&
    cd "$TMPDIR" && git clone --depth 1 https://aur.archlinux.org/yay.git &&
    cd yay && makepkg -si --noconfirm'
}

log "1b. Installing grpcurl"
if sudo pacman -Si grpcurl >/dev/null 2>&1; then
  sudo pacman -Sq --needed --noconfirm grpcurl
else
  ensure_yay
  if ! run_as_user yay -S --needed --noconfirm grpcurl-bin; then
    log "grpcurl AUR install failed once, rebuilding yay and retrying"
    ensure_yay
    run_as_user yay -S --needed --noconfirm grpcurl-bin
  fi
fi

# 1c. input access
log "1c. Ensuring input group access for $ORIG_USER"
sudo usermod -aG input "$ORIG_USER"

log "1d. Verifying runtime tools"
require_command pactl "libpulse"
require_command gst-inspect-1.0 "gstreamer"
require_command arecord "alsa-utils"
require_command speaker-test "alsa-utils"
require_command wmctrl "wmctrl"
require_command qdbus6 "qt6-tools"
require_command protoc "protobuf"
if ! command -v wl-paste >/dev/null 2>&1 \
  && ! command -v xclip >/dev/null 2>&1 \
  && ! command -v xsel >/dev/null 2>&1; then
  echo "❌ no clipboard reader found after install (expected one of wl-clipboard/xclip/xsel)" >&2
  exit 1
fi
require_linkable "$(command -v protoc)" "protoc"
if [[ -e /usr/lib/libclang.so ]]; then
  require_linkable /usr/lib/libclang.so "libclang"
fi
require_kernel_module snd_usb_audio "USB microphones and USB headsets"
require_gst_element pulsesrc
require_gst_element pulsesink
require_gst_element pipewiresrc
protoc --version >/dev/null
if ! run_as_user pactl info >/dev/null 2>&1; then
  echo "⚠️  pactl is installed, but no PulseAudio/PipeWire Pulse server is reachable right now."
  echo "    Lesavka will still install, but local speaker/mic staging may stay empty until the host audio session is up."
fi

# 2. Rust tool-chain for both root & user
log "2. Ensuring Rust toolchain"
sudo rustup default stable
run_as_user rustup default stable

# 3. clone / update into a canonical workspace checkout
log "3. Syncing source checkout for ref ${REF}"
if [[ ! -d /var/src ]]; then
  sudo mkdir -p /var/src
fi
sudo chown "$ORIG_USER":"$ORIG_USER" /var/src
if [[ -d $SRC/.git ]]; then
  run_as_user git -C "$SRC" fetch --all --tags --prune
else
  run_as_user git clone "$REPO_URL" "$SRC"
fi
if run_as_user git -C "$SRC" rev-parse --verify --quiet "origin/$REF" >/dev/null; then
  run_as_user git -C "$SRC" checkout -B "$REF" "origin/$REF"
else
  run_as_user git -C "$SRC" checkout --force "$REF"
fi

# 4. build
log "4. Building client release binary"
run_as_user env TMPDIR="$TMPDIR" bash -c "cd '$SRC/client' && cargo clean && cargo build --release"

# 5. install binary
log "5. Installing launchable client binaries"
sudo install -Dm755 "$SRC/target/release/lesavka-client" /usr/local/bin/lesavka-client
sudo ln -sf /usr/local/bin/lesavka-client /usr/local/bin/lesavka
install_client_pki_bundle
sudo install -d -m 0755 -o "$ORIG_USER" -g "$ORIG_USER" "$CLIENT_CAPTURE_DIR"
echo "   ↪ capture folder: $CLIENT_CAPTURE_DIR"

log "6. Registering desktop application"
sudo install -Dm644 "$SRC/client/assets/icons/hicolor/1024x1024/apps/lesavka.png" \
  /usr/share/icons/hicolor/1024x1024/apps/lesavka.png
sudo install -Dm644 "$SRC/client/assets/icons/hicolor/1024x1024/apps/lesavka.png" \
  /usr/share/pixmaps/lesavka.png
sudo install -Dm644 "$SRC/client/assets/linux/lesavka.desktop" \
  /usr/share/applications/lesavka.desktop
if command -v update-desktop-database >/dev/null 2>&1; then
  sudo update-desktop-database /usr/share/applications
fi
if command -v gtk-update-icon-cache >/dev/null 2>&1; then
  sudo gtk-update-icon-cache -f /usr/share/icons/hicolor >/dev/null 2>&1 || true
fi

log "7. Removing legacy auto-start service"
sudo systemctl disable --now lesavka-client.service >/dev/null 2>&1 || true
sudo rm -f /etc/systemd/system/lesavka-client.service
sudo systemctl daemon-reload

echo
echo "✅ lesavka-client install complete"
INSTALLED_VERSION=$(manifest_package_version "$SRC/client/Cargo.toml" 2>/dev/null || true)
INSTALLED_SHA=$(run_as_user git -C "$SRC" rev-parse --short HEAD 2>/dev/null || true)
if [[ -n ${INSTALLED_VERSION:-} ]]; then
  echo "➡️  Installed: lesavka-client ${INSTALLED_VERSION:-unknown}${INSTALLED_SHA:+ ($INSTALLED_SHA)}"
fi
echo "   Binary: /usr/local/bin/lesavka-client"
echo "   Launch alias: /usr/local/bin/lesavka"
echo "   Desktop entry: /usr/share/applications/lesavka.desktop"
echo "   Build source: $SRC/target/release/lesavka-client"
echo "   TLS identity: $CLIENT_PKI_DIR"
echo "   Captures: $CLIENT_CAPTURE_DIR"
echo "✅  Installed version: lesavka-client ${INSTALLED_VERSION:-unknown}${INSTALLED_SHA:+ ($INSTALLED_SHA)}"
echo
echo "Quick start:"
echo "  KDE menu: search for Lesavka"
echo "  Terminal: /usr/local/bin/lesavka"
poc to app overhaul 2025-06-01 13:31:22 -05:00			`#!/usr/bin/env bash`
Video Fix & Script Updates 2025-06-27 22:51:50 -05:00			`# scripts/install/client.sh - install and setup all client related apps and environments`
poc to app overhaul 2025-06-01 13:31:22 -05:00			`set -euo pipefail`
moved proto 2025-06-01 14:18:42 -05:00
added linger 2025-06-01 21:59:43 -05:00			`ORIG_USER=${SUDO_USER:-$(id -un)}`
lesavka: harden relay input and install flow 2026-04-16 12:58:05 -03:00			`REF=${LESAVKA_REF:-master}`
lesavka: honor checkout remote in installers 2026-04-16 14:29:16 -03:00			`SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)`
			`SCRIPT_REPO_ROOT=$(cd -- "$SCRIPT_DIR/../.." && pwd)`
			`DEFAULT_REPO_URL=ssh://git@scm.bstein.dev:2242/bstein/lesavka.git`
			`REPO_URL=${LESAVKA_REPO_URL:-}`
lesavka: harden relay input and install flow 2026-04-16 12:58:05 -03:00			`SRC=/var/src/lesavka`
lesavka: harden install scripts 2026-04-16 13:54:25 -03:00			`export TMPDIR=${TMPDIR:-/var/tmp}`
lesavka: honor checkout remote in installers 2026-04-16 14:29:16 -03:00			`USER_HOME=$(getent passwd "$ORIG_USER" \| cut -d: -f6)`
release: ship lesavka 0.16.0 2026-04-30 08:16:57 -03:00			`CLIENT_PKI_DIR=${LESAVKA_CLIENT_PKI_DIR:-$USER_HOME/.config/lesavka/pki}`
release: ship lesavka 0.16.1 2026-04-30 11:38:16 -03:00			`CLIENT_PKI_AUTO_FETCH=${LESAVKA_CLIENT_PKI_AUTO_FETCH:-1}`
			`CLIENT_PKI_SSH_SOURCE=${LESAVKA_CLIENT_PKI_SSH_SOURCE:-theia:/etc/lesavka/lesavka-client-pki.tar.gz}`
			`CLIENT_CAPTURE_DIR=${LESAVKA_CLIENT_CAPTURE_DIR:-$USER_HOME/Pictures/lesavka}`
added linger 2025-06-01 21:58:47 -05:00
stabilize camera streaming and add adaptive monitor controls 2026-04-08 22:23:40 -03:00			`log() {`
			`printf '==> %s\n' "$*"`
			`}`

install(client): print installed version and commit sha 2026-04-29 21:03:30 -03:00			`manifest_package_version() {`
			`local manifest=$1`
			`[[ -f $manifest ]] \|\| return 1`
			`awk -F'"' '`
			`$0 ~ /^\[package\]/ { in_package=1; next }`
			`in_package && $0 ~ /^\[/ { exit }`
			`in_package && $0 ~ /^[[:space:]]version[[:space:]]=/ { print $2; exit }`
			`' "$manifest"`
			`}`

lesavka: clarify kernel module preflight 2026-04-20 14:25:34 -03:00			`installed_kernel_module_trees() {`
			`local roots=(/usr/lib/modules /lib/modules)`
			`local seen=()`
			`local root entry`
			`for root in "${roots[@]}"; do`
			`[[ -d $root ]] \|\| continue`
			`for entry in "$root"/*; do`
			`[[ -d $entry ]] \|\| continue`
			`seen+=("$(basename "$entry")")`
			`done`
			`done`
			`if [[ ${#seen[@]} -eq 0 ]]; then`
			`return 0`
			`fi`
			`printf '%s\n' "${seen[@]}" \| awk '!seen[$0]++'`
			`}`

lesavka: verify client runtime prerequisites 2026-04-16 14:22:20 -03:00			`require_command() {`
			`local cmd=$1`
			`local pkg_hint=$2`
			`if command -v "$cmd" >/dev/null 2>&1; then`
			`return 0`
			`fi`
			`echo "❌ required command '$cmd' is unavailable after install (expected via $pkg_hint)" >&2`
			`exit 1`
			`}`

lesavka: verify client build toolchain 2026-04-16 14:34:05 -03:00			`require_linkable() {`
			`local path=$1`
			`local label=$2`
			`if ldd "$path" 2>/dev/null \| grep -q 'not found'; then`
			`echo "❌ $label is present but has unresolved shared-library dependencies:" >&2`
			`ldd "$path" 2>/dev/null \| grep 'not found' >&2 \|\| true`
			`exit 1`
			`fi`
			`}`

lesavka: honor staged audio devices 2026-04-20 13:59:34 -03:00			`require_gst_element() {`
			`local element=$1`
			`if gst-inspect-1.0 "$element" >/dev/null 2>&1; then`
			`return 0`
			`fi`
			`echo "❌ required GStreamer element '$element' is unavailable after install." >&2`
			`exit 1`
			`}`

			`require_kernel_module() {`
			`local module=$1`
			`local why=$2`
			`if modinfo "$module" >/dev/null 2>&1; then`
			`return 0`
			`fi`
lesavka: clarify kernel module preflight 2026-04-20 14:25:34 -03:00			`local running_kernel`
			`running_kernel=$(uname -r)`
			`mapfile -t module_trees < <(installed_kernel_module_trees)`
lesavka: honor staged audio devices 2026-04-20 13:59:34 -03:00			`echo "❌ required kernel module '$module' is unavailable for the running kernel $(uname -r)." >&2`
			`echo " Lesavka needs it for $why." >&2`
lesavka: clarify kernel module preflight 2026-04-20 14:25:34 -03:00			`if [[ ${#module_trees[@]} -eq 0 ]]; then`
			`echo " No kernel module trees are currently installed under /usr/lib/modules or /lib/modules." >&2`
			`else`
			`echo " Installed kernel module trees: ${module_trees[*]}" >&2`
			`if [[ ! " ${module_trees[*]} " =~ [[:space:]]${running_kernel}[[:space:]] ]]; then`
			`echo " The machine is booted into an older kernel than the modules that are currently installed." >&2`
			`echo " Reboot into one of the installed kernels above, then rerun the installer." >&2`
			`else`
			`echo " The current kernel tree exists, but modinfo still cannot resolve '$module'." >&2`
			`echo " Verify the kernel package and headers are healthy, then rerun the installer." >&2`
			`fi`
			`fi`
lesavka: honor staged audio devices 2026-04-20 13:59:34 -03:00			`exit 1`
			`}`

lesavka: honor checkout remote in installers 2026-04-16 14:29:16 -03:00			`run_as_user() {`
			`sudo -u "$ORIG_USER" env HOME="$USER_HOME" SSH_AUTH_SOCK="${SSH_AUTH_SOCK:-}" "$@"`
			`}`

release: ship lesavka 0.16.1 2026-04-30 11:38:16 -03:00			`fetch_client_pki_bundle() {`
			`[[ $CLIENT_PKI_AUTO_FETCH != 0 && $CLIENT_PKI_AUTO_FETCH != false && $CLIENT_PKI_AUTO_FETCH != no ]] \|\| return 1`
			`[[ $CLIENT_PKI_SSH_SOURCE == : ]] \|\| return 1`

			`local host=${CLIENT_PKI_SSH_SOURCE%%:*}`
			`local remote_path=${CLIENT_PKI_SSH_SOURCE#*:}`
			`local tmp_bundle`
release: ship lesavka 0.16.2 2026-04-30 12:07:31 -03:00			`tmp_bundle=$(run_as_user mktemp --tmpdir="$TMPDIR" lesavka-client-pki.XXXXXX.tar.gz)`
release: ship lesavka 0.16.1 2026-04-30 11:38:16 -03:00			`if run_as_user scp -q -o BatchMode=yes -o ConnectTimeout=5 \`
			`"$host:$remote_path" "$tmp_bundle" >/dev/null 2>&1; then`
			`printf '%s\n' "$tmp_bundle"`
			`return 0`
			`fi`
			`rm -f "$tmp_bundle"`
			`return 1`
			`}`

release: ship lesavka 0.16.0 2026-04-30 08:16:57 -03:00			`install_client_pki_bundle() {`
			`local bundle=${LESAVKA_CLIENT_PKI_BUNDLE:-}`
release: ship lesavka 0.16.1 2026-04-30 11:38:16 -03:00			`local fetched_bundle=0`
release: ship lesavka 0.16.0 2026-04-30 08:16:57 -03:00			`if [[ -z $bundle ]]; then`
			`if [[ -s "$CLIENT_PKI_DIR/ca.crt" && -s "$CLIENT_PKI_DIR/client.crt" && -s "$CLIENT_PKI_DIR/client.key" ]]; then`
			`echo " ↪ TLS client identity already present: $CLIENT_PKI_DIR"`
release: ship lesavka 0.16.1 2026-04-30 11:38:16 -03:00			`return 0`
			`fi`

			`if bundle=$(fetch_client_pki_bundle); then`
			`fetched_bundle=1`
			`echo " ↪ fetched TLS client enrollment bundle from $CLIENT_PKI_SSH_SOURCE"`
release: ship lesavka 0.16.0 2026-04-30 08:16:57 -03:00			`else`
release: ship lesavka 0.16.1 2026-04-30 11:38:16 -03:00			`echo "⚠️ no TLS client identity installed."`
			`echo " Rerun with LESAVKA_CLIENT_PKI_BUNDLE=/path/to/lesavka-client-pki.tar.gz,"`
			`echo " or make $CLIENT_PKI_SSH_SOURCE readable over SSH and rerun the installer."`
			`echo " HTTPS/mTLS relay connections will not work until this bundle is installed."`
			`return 0`
release: ship lesavka 0.16.0 2026-04-30 08:16:57 -03:00			`fi`
			`fi`

			`log "5b. Installing TLS client identity"`
			`local tmp`
			`tmp=$(mktemp -d)`
			`sudo tar -xzf "$bundle" -C "$tmp"`
			`for item in ca.crt client.crt client.key; do`
			`if [[ ! -s "$tmp/$item" ]]; then`
			`echo "❌ TLS client bundle $bundle is missing $item" >&2`
			`sudo rm -rf "$tmp"`
			`exit 1`
			`fi`
			`done`
			`sudo install -d -m 0700 -o "$ORIG_USER" -g "$ORIG_USER" "$CLIENT_PKI_DIR"`
			`sudo install -m 0644 -o "$ORIG_USER" -g "$ORIG_USER" "$tmp/ca.crt" "$CLIENT_PKI_DIR/ca.crt"`
			`sudo install -m 0644 -o "$ORIG_USER" -g "$ORIG_USER" "$tmp/client.crt" "$CLIENT_PKI_DIR/client.crt"`
			`sudo install -m 0600 -o "$ORIG_USER" -g "$ORIG_USER" "$tmp/client.key" "$CLIENT_PKI_DIR/client.key"`
			`sudo rm -rf "$tmp"`
release: ship lesavka 0.16.1 2026-04-30 11:38:16 -03:00			`if [[ $fetched_bundle == 1 ]]; then`
			`rm -f "$bundle"`
			`fi`
release: ship lesavka 0.16.0 2026-04-30 08:16:57 -03:00			`echo " ↪ installed TLS client identity: $CLIENT_PKI_DIR"`
			`}`

lesavka: harden install scripts 2026-04-16 13:54:25 -03:00			`mkdir -p "$TMPDIR"`

lesavka: honor checkout remote in installers 2026-04-16 14:29:16 -03:00			`if [[ -z $REPO_URL ]] && [[ -d $SCRIPT_REPO_ROOT/.git ]]; then`
			`REPO_URL=$(git -C "$SCRIPT_REPO_ROOT" config --get remote.origin.url \|\| true)`
			`fi`
			`REPO_URL=${REPO_URL:-$DEFAULT_REPO_URL}`

stabilize camera streaming and add adaptive monitor controls 2026-04-08 22:23:40 -03:00			`log "1. Installing base packages"`
lesavka: harden install scripts 2026-04-16 13:54:25 -03:00			`sudo pacman -Sq --needed --noconfirm \`
lesavka: verify client build toolchain 2026-04-16 14:34:05 -03:00			`git rustup protobuf abseil-cpp gcc clang llvm-libs compiler-rt evtest base-devel libpulse \`
lesavka: honor staged audio devices 2026-04-20 13:59:34 -03:00			`pipewire pipewire-pulse wireplumber alsa-utils gst-plugin-pipewire \`
install updates - relay service update 2025-11-30 16:16:03 -03:00			`gstreamer gst-plugins-base gst-plugins-good gst-plugins-bad gst-plugins-ugly gst-libav \`
release: ship lesavka 0.16.0 2026-04-30 08:16:57 -03:00			`wmctrl qt6-tools wl-clipboard xclip xsel desktop-file-utils openssl`
install updates - relay service update 2025-11-30 16:16:03 -03:00
master: ship webcam hdmi path + secure paste + deploy tooling 2026-04-08 20:00:14 -03:00			`ensure_yay() {`
			`if command -v yay >/dev/null 2>&1; then`
lesavka: honor checkout remote in installers 2026-04-16 14:29:16 -03:00			`if run_as_user yay --version >/dev/null 2>&1; then`
master: ship webcam hdmi path + secure paste + deploy tooling 2026-04-08 20:00:14 -03:00			`return`
			`fi`
			`fi`
lesavka: honor checkout remote in installers 2026-04-16 14:29:16 -03:00			`run_as_user env TMPDIR="$TMPDIR" bash -c 'rm -rf "$TMPDIR/yay" &&`
lesavka: harden install scripts 2026-04-16 13:54:25 -03:00			`cd "$TMPDIR" && git clone --depth 1 https://aur.archlinux.org/yay.git &&`
master: ship webcam hdmi path + secure paste + deploy tooling 2026-04-08 20:00:14 -03:00			`cd yay && makepkg -si --noconfirm'`
			`}`

stabilize camera streaming and add adaptive monitor controls 2026-04-08 22:23:40 -03:00			`log "1b. Installing grpcurl"`
master: ship webcam hdmi path + secure paste + deploy tooling 2026-04-08 20:00:14 -03:00			`if sudo pacman -Si grpcurl >/dev/null 2>&1; then`
lesavka: harden install scripts 2026-04-16 13:54:25 -03:00			`sudo pacman -Sq --needed --noconfirm grpcurl`
master: ship webcam hdmi path + secure paste + deploy tooling 2026-04-08 20:00:14 -03:00			`else`
			`ensure_yay`
lesavka: honor checkout remote in installers 2026-04-16 14:29:16 -03:00			`if ! run_as_user yay -S --needed --noconfirm grpcurl-bin; then`
stabilize camera streaming and add adaptive monitor controls 2026-04-08 22:23:40 -03:00			`log "grpcurl AUR install failed once, rebuilding yay and retrying"`
			`ensure_yay`
lesavka: honor checkout remote in installers 2026-04-16 14:29:16 -03:00			`run_as_user yay -S --needed --noconfirm grpcurl-bin`
stabilize camera streaming and add adaptive monitor controls 2026-04-08 22:23:40 -03:00			`fi`
install updates - relay service update 2025-11-30 16:16:03 -03:00			`fi`

			`# 1c. input access`
stabilize camera streaming and add adaptive monitor controls 2026-04-08 22:23:40 -03:00			`log "1c. Ensuring input group access for $ORIG_USER"`
0.4.0 mostly complete milestone 2025-06-29 03:46:34 -05:00			`sudo usermod -aG input "$ORIG_USER"`
poc to app overhaul 2025-06-01 13:31:22 -05:00
lesavka: verify client runtime prerequisites 2026-04-16 14:22:20 -03:00			`log "1d. Verifying runtime tools"`
			`require_command pactl "libpulse"`
lesavka: honor staged audio devices 2026-04-20 13:59:34 -03:00			`require_command gst-inspect-1.0 "gstreamer"`
			`require_command arecord "alsa-utils"`
			`require_command speaker-test "alsa-utils"`
lesavka: verify client runtime prerequisites 2026-04-16 14:22:20 -03:00			`require_command wmctrl "wmctrl"`
			`require_command qdbus6 "qt6-tools"`
lesavka: verify client build toolchain 2026-04-16 14:34:05 -03:00			`require_command protoc "protobuf"`
lesavka: verify client runtime prerequisites 2026-04-16 14:22:20 -03:00			`if ! command -v wl-paste >/dev/null 2>&1 \`
			`&& ! command -v xclip >/dev/null 2>&1 \`
			`&& ! command -v xsel >/dev/null 2>&1; then`
			`echo "❌ no clipboard reader found after install (expected one of wl-clipboard/xclip/xsel)" >&2`
			`exit 1`
			`fi`
lesavka: verify client build toolchain 2026-04-16 14:34:05 -03:00			`require_linkable "$(command -v protoc)" "protoc"`
			`if [[ -e /usr/lib/libclang.so ]]; then`
			`require_linkable /usr/lib/libclang.so "libclang"`
			`fi`
lesavka: honor staged audio devices 2026-04-20 13:59:34 -03:00			`require_kernel_module snd_usb_audio "USB microphones and USB headsets"`
			`require_gst_element pulsesrc`
			`require_gst_element pulsesink`
			`require_gst_element pipewiresrc`
lesavka: verify client build toolchain 2026-04-16 14:34:05 -03:00			`protoc --version >/dev/null`
lesavka: honor checkout remote in installers 2026-04-16 14:29:16 -03:00			`if ! run_as_user pactl info >/dev/null 2>&1; then`
lesavka: verify client runtime prerequisites 2026-04-16 14:22:20 -03:00			`echo "⚠️ pactl is installed, but no PulseAudio/PipeWire Pulse server is reachable right now."`
			`echo " Lesavka will still install, but local speaker/mic staging may stay empty until the host audio session is up."`
			`fi`

added linger 2025-06-01 21:58:47 -05:00			`# 2. Rust tool-chain for both root & user`
stabilize camera streaming and add adaptive monitor controls 2026-04-08 22:23:40 -03:00			`log "2. Ensuring Rust toolchain"`
added linger 2025-06-01 21:58:47 -05:00			`sudo rustup default stable`
lesavka: honor checkout remote in installers 2026-04-16 14:29:16 -03:00			`run_as_user rustup default stable`
added linger 2025-06-01 21:58:47 -05:00
lesavka: harden relay input and install flow 2026-04-16 12:58:05 -03:00			`# 3. clone / update into a canonical workspace checkout`
			`log "3. Syncing source checkout for ref ${REF}"`
			`if [[ ! -d /var/src ]]; then`
			`sudo mkdir -p /var/src`
			`fi`
			`sudo chown "$ORIG_USER":"$ORIG_USER" /var/src`
			`if [[ -d $SRC/.git ]]; then`
lesavka: honor checkout remote in installers 2026-04-16 14:29:16 -03:00			`run_as_user git -C "$SRC" fetch --all --tags --prune`
moved proto 2025-06-01 14:18:42 -05:00			`else`
lesavka: honor checkout remote in installers 2026-04-16 14:29:16 -03:00			`run_as_user git clone "$REPO_URL" "$SRC"`
lesavka: harden relay input and install flow 2026-04-16 12:58:05 -03:00			`fi`
lesavka: honor checkout remote in installers 2026-04-16 14:29:16 -03:00			`if run_as_user git -C "$SRC" rev-parse --verify --quiet "origin/$REF" >/dev/null; then`
			`run_as_user git -C "$SRC" checkout -B "$REF" "origin/$REF"`
lesavka: harden relay input and install flow 2026-04-16 12:58:05 -03:00			`else`
lesavka: honor checkout remote in installers 2026-04-16 14:29:16 -03:00			`run_as_user git -C "$SRC" checkout --force "$REF"`
moved proto 2025-06-01 14:18:42 -05:00			`fi`

added linger 2025-06-01 21:58:47 -05:00			`# 4. build`
stabilize camera streaming and add adaptive monitor controls 2026-04-08 22:23:40 -03:00			`log "4. Building client release binary"`
lesavka: honor checkout remote in installers 2026-04-16 14:29:16 -03:00			`run_as_user env TMPDIR="$TMPDIR" bash -c "cd '$SRC/client' && cargo clean && cargo build --release"`
added linger 2025-06-01 21:58:47 -05:00
			`# 5. install binary`
lesavka: harden relay input and install flow 2026-04-16 12:58:05 -03:00			`log "5. Installing launchable client binaries"`
			`sudo install -Dm755 "$SRC/target/release/lesavka-client" /usr/local/bin/lesavka-client`
			`sudo ln -sf /usr/local/bin/lesavka-client /usr/local/bin/lesavka`
release: ship lesavka 0.16.0 2026-04-30 08:16:57 -03:00			`install_client_pki_bundle`
release: ship lesavka 0.16.1 2026-04-30 11:38:16 -03:00			`sudo install -d -m 0755 -o "$ORIG_USER" -g "$ORIG_USER" "$CLIENT_CAPTURE_DIR"`
			`echo " ↪ capture folder: $CLIENT_CAPTURE_DIR"`
lesavka: harden relay input and install flow 2026-04-16 12:58:05 -03:00
			`log "6. Registering desktop application"`
			`sudo install -Dm644 "$SRC/client/assets/icons/hicolor/1024x1024/apps/lesavka.png" \`
			`/usr/share/icons/hicolor/1024x1024/apps/lesavka.png`
			`sudo install -Dm644 "$SRC/client/assets/icons/hicolor/1024x1024/apps/lesavka.png" \`
			`/usr/share/pixmaps/lesavka.png`
			`sudo install -Dm644 "$SRC/client/assets/linux/lesavka.desktop" \`
			`/usr/share/applications/lesavka.desktop`
			`if command -v update-desktop-database >/dev/null 2>&1; then`
			`sudo update-desktop-database /usr/share/applications`
			`fi`
			`if command -v gtk-update-icon-cache >/dev/null 2>&1; then`
			`sudo gtk-update-icon-cache -f /usr/share/icons/hicolor >/dev/null 2>&1 \|\| true`
			`fi`
poc to app overhaul 2025-06-01 13:31:22 -05:00
lesavka: harden relay input and install flow 2026-04-16 12:58:05 -03:00			`log "7. Removing legacy auto-start service"`
			`sudo systemctl disable --now lesavka-client.service >/dev/null 2>&1 \|\| true`
			`sudo rm -f /etc/systemd/system/lesavka-client.service`
adding client suicide & dev mode 2025-06-08 14:40:15 -05:00			`sudo systemctl daemon-reload`
master: ship webcam hdmi path + secure paste + deploy tooling 2026-04-08 20:00:14 -03:00
stabilize camera streaming and add adaptive monitor controls 2026-04-08 22:23:40 -03:00			`echo`
			`echo "✅ lesavka-client install complete"`
install(client): print installed version and commit sha 2026-04-29 21:03:30 -03:00			`INSTALLED_VERSION=$(manifest_package_version "$SRC/client/Cargo.toml" 2>/dev/null \|\| true)`
			`INSTALLED_SHA=$(run_as_user git -C "$SRC" rev-parse --short HEAD 2>/dev/null \|\| true)`
			`if [[ -n ${INSTALLED_VERSION:-} ]]; then`
			`echo "➡️ Installed: lesavka-client ${INSTALLED_VERSION:-unknown}${INSTALLED_SHA:+ ($INSTALLED_SHA)}"`
			`fi`
stabilize camera streaming and add adaptive monitor controls 2026-04-08 22:23:40 -03:00			`echo " Binary: /usr/local/bin/lesavka-client"`
lesavka: harden relay input and install flow 2026-04-16 12:58:05 -03:00			`echo " Launch alias: /usr/local/bin/lesavka"`
			`echo " Desktop entry: /usr/share/applications/lesavka.desktop"`
			`echo " Build source: $SRC/target/release/lesavka-client"`
release: ship lesavka 0.16.0 2026-04-30 08:16:57 -03:00			`echo " TLS identity: $CLIENT_PKI_DIR"`
release: ship lesavka 0.16.1 2026-04-30 11:38:16 -03:00			`echo " Captures: $CLIENT_CAPTURE_DIR"`
install(client): print installed version and commit sha 2026-04-29 21:03:30 -03:00			`echo "✅ Installed version: lesavka-client ${INSTALLED_VERSION:-unknown}${INSTALLED_SHA:+ ($INSTALLED_SHA)}"`
stabilize camera streaming and add adaptive monitor controls 2026-04-08 22:23:40 -03:00			`echo`
lesavka: harden relay input and install flow 2026-04-16 12:58:05 -03:00			`echo "Quick start:"`
			`echo " KDE menu: search for Lesavka"`
			`echo " Terminal: /usr/local/bin/lesavka"`