Significant changes#12
Open
kindsouls wants to merge 2 commits into
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes from the original (2019) package
Bug fixes
The original code had multiple outright bugs that prevented reliable operation:
Detection checks (in order): WirePlumber process, system-level PipeWire service, PipeWire socket at
/run/user/1000/pipewire-0. Override withFORCE_AUDIO_BACKEND=pipewire|bluealsa sudo ./install.sh.Configuration
The
bt-devicesconfig file was a flatMAC=Nametext file. It is now an INI format with per-device options:codec— selects A2DP audio codec (aptX, AAC, SBC-XQ, etc.) on bluealsalms— pins the LMS server address for installs where mDNS auto-discovery doesn't work (VLANs, etc.)bt-devices.baknamefields are logged and skipped rather than silently passed to squeezeliteSecurity hardening
Neither service had any sandboxing. Both now have systemd security directives:
btspeaker-monitor.service(unprivilegedlmsuser — tighter restrictions):NoNewPrivileges=yesProtectSystem=strict— filesystem read-only except for carve-outsReadWritePaths=/etc/pyserver— allows config migration writeProtectHome=yes,PrivateTmp=yesWants=instead ofRequires=for bluezalsa — service starts on PipeWire systems where bluezalsa isn't installedbluezalsa.service(runs as root, conservative):NoNewPrivileges=yes,ProtectHome=yes,PrivateTmp=yesProtectSystemandRestrictAddressFamiliesintentionally omitted — bluealsa needs direct kernel BT socket accessInstaller and tooling
The original had no installer. Everything was manual steps in the README.
install.sh— single-command installer:apt install bluealsafirst, builds from source as fallbacklmssystem user and adds to audio groupinstall.sh --add-device— interactive pairing wizard:pair/trust/connectvia bluetoothctlbt-devicesand restarts the monitorinstall.sh --status— live system view (no sudo needed):bt-devicesinstall.sh --update— redeploys source files and restarts services without a full rebuilduninstall.sh— manifest-driven uninstaller:/var/lib/squeezelite-bluetooth/install.manifestto remove exactly what was installedAutoEnable=true, and optionally removes thelmsuser and bluealsabt-deviceshas configured speaker entries before removing it--yesflag for scripted/non-interactive removalDocumentation