#!/usr/bin/env bash
# Hide the PM_K-1 firmware files on a CIRCUITPY drive so an end user only sees
# editor.html + programs.json — the two files they're meant to touch. The hidden
# files keep running, and the editor's "Save to device" still works (programs.json
# stays writable). This just prevents *accidental* deletion of the firmware.
#
# Run it on the HOST, pointing at the mounted drive:
#     ./protect-firmware.sh /media/$USER/CIRCUITPY
# (defaults to the current directory if run from inside the drive). Needs `fatattr`
# (sudo apt install fatattr) — or use the mtools fallback printed below.
#
# To reveal them again:  fatattr -h <file>
set -euo pipefail
DIR="${1:-.}"
HIDE=(code.py boot.py font_s.bin font_m.bin font_l.bin README.md protect-firmware.sh boot_out.txt)

if command -v fatattr >/dev/null 2>&1; then
  for f in "${HIDE[@]}"; do
    if [ -e "$DIR/$f" ]; then fatattr +h "$DIR/$f" && echo "hidden: $f"; fi
  done
  echo "Done — the drive now shows only editor.html + programs.json."
else
  echo "fatattr not found.  Install it:  sudo apt install fatattr   (or dnf/pacman equivalent)"
  echo "Or, with mtools, run e.g.:  mattrib -i /dev/sdX1 +h ::code.py ::boot.py ::font_*.bin"
  exit 1
fi