Installing fake_vcgencmd for Pine64

[PanderMusubi]

Description

Fake vcgencmd allows requesting information from a non-Raspberry Pi board in the same way that can be done via an executable on there. Since this command is now available, the Armbian board can also be monitored, rebooted etc via eht FOSS Android app RasPi Check.

See also:

• https://f-droid.org/en/packages/de.eidottermihi.raspicheck/
• Make 'vcgencmd' optional eidottermihi/rpicheck#161
• https://forum.armbian.com/topic/17069-android-app-to-monitor-and-restart-boards/#comment-119650
• https://github.com/clach04/fake_vcgencmd

Jira reference number [AR-9999]

How Has This Been Tested?

Yes, made a build and it worked, also via the Android app.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• Any dependent changes have been merged and published in downstream modules

[juanesf]

Also works on Banana Pi M2 Ultra

[ThomasKaiser]

Introduces another temp file vulnerability (usual practice with Armbian these days it seems)

[PanderMusubi]

Introduces another temp file vulnerability (usual practice with Armbian these days it seems)

That part of the code is not executed. Would it be getter that the line with exit is removed and the lines for logging are commented out?

[PanderMusubi]

Second question, is using mktemp not triggering temp file vulnerabilities?

[ThomasKaiser]

is using mktemp not triggering temp file vulnerabilities?

It's only purpose is to avoid temp file vulnerabilities in scripts. You pull in code from somewhere that's not under your own control and the exit statement might vanish at any time without anyone noticing. That's almost recipe for disaster :)

Why not let the script be part of this repo, use mktemp or delete the whole logging stuff entirely? The last two variants are of course useless as long as you pull in random code from the Internet that's not under your own control.

[PanderMusubi]

Thanks, the author is very helpful and responsive so we'll fix this soon.

[clach04]

is using mktemp not triggering temp file vulnerabilities?

It's only purpose is to avoid temp file vulnerabilities in scripts. You pull in code from somewhere that's not under your own control and the exit statement might vanish at any time without anyone noticing. That's almost recipe for disaster :)

Why not let the script be part of this repo, use mktemp or delete the whole logging stuff entirely? The last two variants are of course useless as long as you pull in random code from the Internet that's not under your own control.

Agreed, original code was quickly put together without thinking about anyone else using this ;-) Tracking via clach04/fake_vcgencmd#5

[clach04]

@PanderMusubi fixed, with a bunch of other minor cleanups (with no actual code change).

[clach04]

https://github.com/clach04/fake_vcgencmd/releases/tag/0.0.2

[rpardini]

Please revert this, see discussion in #5100 -- this does not belong in Armbian core