====== 8.1 Python Scripting Basics ======

===== Connecting =====

<code bash>
ssh python-user@<device-ip>
</code>

Default password: ''python-user''

The password can be changed with the standard ''passwd'' command after logging in.

===== Environment =====

The sandbox runs in a dedicated Linux user account (''python-user'') with a restricted shell environment:

  * A Python 3 virtual environment is pre-configured at ''~/.venv''. ''python'', ''python3'', ''pip'', and ''pip3'' are available directly without activation.

  * The PATH is restricted to ''~/bin'' and ''~/.venv/bin''. Access to system directories is not permitted.

  * Navigation with ''cd'' is limited to paths within the home directory.

==== Pre-installed packages ====

^ Package  ^ Purpose  ^
| ''requests''  | HTTP client for calling APIs  |
| ''fastapi''  | Web framework for building REST services  |
| ''uvicorn''  | ASGI server for running FastAPI applications  |

Additional packages can be installed with ''pip install <package>'' provided the device has internet access.

===== Workspace =====

Scripts are stored in ''~/workspace/''. An example script is provided at startup:

  ~/workspace/example_api_call.py

This script fetches process data from the Pinebox API and prints the JSON response:

<code bash>
python workspace/example_api_call.py http://localhost:18080/0/device/status
</code>

===== Available Commands =====

Standard Unix utilities are available via symlinks in ''~/bin'':

  ls, find, cat, grep, sed, awk, curl, wget, ping, ssh, scp, crontab, nano

===== Backup and Restore =====

The contents of ''~/workspace/'' and the list of installed pip packages (''pip freeze'') are included in the Pinebox user configuration backup. On restore, the workspace files are recovered and the package list is reinstalled automatically.
<WRAP info>
Internet access is required on the device at restore time for packages to be reinstalled.
</WRAP>



===== Security Notes =====

  * The virtual environment core files (''python3'', ''pip'', ''activate'') and pre-installed package directories are protected against deletion.

  * The ''.bashrc'' environment file is owned by root and cannot be modified by the ''python-user'' account, ensuring the PATH restriction cannot be bypassed through the shell.

  * The sandbox does not have access to system administration commands such as ''sudo'', ''apt'', ''systemctl'', or ''useradd''.