What: The update process workflow of Tormach PathPilot Robot software is going through a change with the upcoming release of 0.3.3. Up until now, the Docker images were downloaded from Tormach namespace of Docker HUB registry. This is now going to change, and all following updates are going to be distributed from the Tormach PathPilot Container registry.
Why: With the approach of official release of robot product lineup, we needed a better way how to automate internal processes for deploying new machines. Up until now, all beta users were equipped with an access token used for pulling the images hard-coded into the base OS installation. This is now going to change, and the pull access will be coupled with Tormach PathPilot HUB account. Using the own registry (with prefix docker.pathpilot.com) will also allow us to reach better to any potential issues which may arise.
Who: Every current beta tester user and in future every customer will need to create a PathPilot HUB account to receive updates. One account per robot will suffice. (There is no need for every user of the robot to create his own account.)
When: The 0.3.3 public release of PathPilot Robot software is a special one. It is going to be a last release in the tormach/ros_public image line and the first one in the docker.pathpilot.com/ros_public line.
How: The PathPilot Robot Launcher will offer update to the 0.3.3 version. After download, it will allow running it as normal. However, this image will be still tagged in the old tormach/ros_public repository (respective docker.io/tormach/ros_public). Next time the Launcher is started, it will be the version. This version will first check the Internet connection (as having access to the Internet is required for this process) and after that it will check presence and validity of PathPilot HUB account in the system. If there is no account present or the account present is evaluated as not valid, the login page will be shown up. Here, the user can log in using an existing account or create a new one.
In case the machine has no access to the Internet, the whole account and update checking is skipped. The user will still be able to run the PathPilot Robot software, but will not be able to download any updates.
Because the base pattern for image names changed, the way how the Robot Launcher is started has to change too. The launch-pathpilot-launcher executable did not allow for ad-hoc updates, as it was a static Bash script copied into the local binaries folder when the system was first imagined. Which is why it was packed into a pathpilotrobotstarter Debian package, along with splash screen and new icons.
The update of the pathpilotrobotstarter package on the base OS will happen automatically from the Robot Launcher and will not require assistance from the user.
HOWTO:
If you don’t have a PathPilot HUB account yet, click on the “Create Account” button as shown in the picture. Otherwise, enter your e-mail (username) and password and click on the “Submit” button.
Please be aware that during the beta stage, the PathPilot HUB databases for updates and rest of HUB functionality are separated. This means you cannot use your pre-existing Tormach PathPilot HUB account, but have to create a new one. This situation will change with the official release.
A new page will be shown titled “Create Account”. Read through the instructions and start inputting required information. You can navigate on the page via the mouse scroll wheel or Page Up and Page Down keyboard buttons.
At any moment in the process, you can also click on the “Skip Account” button, which will cancel the account acquisition process and update checking. This may prove useful in the case there is a technical issue with the remote service.
Fill out the required form windows. Make sure the e-mail address is valid, as the system will not require an immediate confirmation of it when the account is created from the PathPIlot Robot Launcher environment.
After checking the requested information, click on the “Submit” button. The PathPilot Robot Launcher will request an access token from the remote service and store it along with metadata on the local machine. At no moment is your password stored anywhere on the file system.
The webpages with PathPilot HUB login are displayed with browser integrated into PathPilot Robot Launcher based on Chromium, and it is what is processing the inputted information. No internal PathPilot specific code has access to your information.
If the access token acquisition and validation were successful, the standard update checking process will start.
Hopefully, the whole process should be a lot quicker than in previous instances, as only images newer than the ones currently available to the local Docker daemon will be compared and checked.
If there is an update, it will be shown via the standard pop-up window. The first time, when transferring from the tormach Docker HUB namespace to the docker.pathpilot.com registry, the update to 0.3.3 will be offered - even though you already downloaded the 0.3.3 update previously. This is because the first download pulled the docker.io/tormach/ros_public image, now the Robot Launcher needs to pull the docker.pathpilot.com/ros_public image. However, as the manifest for those two images are mostly the same, and the layers should be the exact same, the download should be almost instantaneous.
The download progress will be shown. Wait till the image is fully downloaded, as there should not be any runnable image on the system.
Successful download of new image will be reflected with pop-up window saying so. The new version should also be shown in the list of local versions available for run.
As the Robot Launcher is using the default keyring, which is usually the Login one, the keyring is unlocked when the user logs into the session. This is not true when the system is set up to auto-login a specific user at startup. As the user in this scenario doesn’t input any password, the keyring cannot be securely unlocked and stays locked. This means that for PathPilot Robot Launcher to access any secrets from it, the user must first unlock it by inputting a password.
If the user cancels the unlocking, the Launcher will shut down!
The standard password on robot installations is
pathpilotfor userpathpilot.
After the first run of the amended launcher, the new pathpilotrobotstarted Debian package should be installed. You should check it out by running the command: dpkg -s pathpilotrobotstarter in the terminal of the base OS. The output should be similar to:
Package: pathpilotrobotstarter
Status: install ok installed
Priority: extra
Section: misc
Installed-Size: 18848
Maintainer: Jakub Fišer <jakub.fiser@eryaf.com>
Architecture: all
Source: tormachpathpilotrobotstarter
Version: 0.1.1
Depends: containerd.io, docker-ce, docker-ce-cli, gir1.2-gtk-3.0, lsb-release, python3-gi, python3-gi-cairo
Conffiles:
/etc/xdg/menus/applications-merged/tormach.menu 8c58149e3225aac214e3a1cdb189a1a8
Description: Tormach PathPilot Robot starter
This package contains the launch script files for Tormach PathPilot Robot suite
The installation of the package itself should also create a new item in the Start menu (depends heavily on installed and used Desktop environment) and Desktop icon shortcut to the Desktop screen of every user.
HOWTO remove keyring password:
There is no way how to automatically unlock the Login keyring in an auto-login setup. However, as the Login keyring is a normal keyring, the user can arbitrarily change the Login keyring password. There is even the possibility to remove the password from the keyring altogether. And this is at the core of the solution, how to remove the maybe annoying request for the password.
This action is dangerous, as it removes the encryption from the keyring. Anybody with access to the filesystem will be able to read the secret information (passwords, tokens etc.). As such, it should be each user own decision if to keep the keyring protected or not.
You will need a Secret Service frontend application. For example, the GNOME Seahorse which is available from Debian channels and can be installed with:
sudo apt install seahorse
After starting the seahorse executable, you will be able to see if the default keyring is locked or not. To do any change on it, you will need it in unlocked state. This can be done by clicking on the “Unlock” button.
If you’re already logged into the PathPilot Robot Launcher, you should also see the item in the list of others. (These belong to other programs and applications on your system which use the Login keyring to securely store login information.)
By right-clicking the item and selecting the “Properties” from the menu, you can see the whole information set the Launcher stored.
You can also remove the whole item (token and all metadata) if you so choose. The Robot Launcher will ask you to log in again next time you start it.
To remove the protective password from the keyring, right-click on the button with its name and select “Change Password” from the menu.
A new window will pop up, and you will be asked for the old password. (pathpilot in most cases.) Enter it and click “Continue”.
A new window will pop up, and you will be asked for the new password. Leave both inputs empty to remove the password and click “Continue”.
As this is a dangerous operation, you will be asked to confirm your choice. Click “Continue” button.
Now the protection from the default keyring was removed, and you should not be asked anymore to unlock it.
I hope this tutorial was useful and if you stumbled on any issue, reply to this thread, and we will solve it together!