Install WebAdmin dependencies in a dedicated venv

[aravindhbalaji04]

Summary

• stop installing WebAdmin backend Python packages into system Python as root
• update installer to create/use a dedicated venv at fitcrackAPI/.venv and install requirements.txt there
• configure Apache mod_wsgi to run with python-home pointing to that venv
• update installer and WebAdmin docs to reflect venv-based setup and remove --break-system-packages guidance

Why

Recent pip behavior makes global root installs brittle and requires --break-system-packages, which is unsafe and non-ideal. A project-local virtual environment keeps Fitcrack dependencies isolated, reproducible, and distro-friendly.

Test plan

• bash -n installer/install_webadmin.sh passes after line-ending normalization on Linux shell
• run installer on a Linux host and verify /var/www/fitcrackAPI/.venv is created
• verify Apache backend vhost contains WSGIDaemonProcess ... python-home=/var/www/fitcrackAPI/.venv
• restart Apache and confirm WebAdmin backend endpoints load successfully
• confirm no global pip install step is required for WebAdmin backend dependencies

[aravindhbalaji04]

this PR #135 resolves the issue #131

[Copilot]

Pull request overview

This PR moves WebAdmin backend Python dependency installation out of system Python (root/global pip) and into a dedicated virtual environment, and updates Apache mod_wsgi configuration/documentation to run the backend using that venv.

Changes:

• Update WebAdmin setup docs to create/use a venv for requirements.txt and configure Apache WSGIDaemonProcess ... python-home=....
• Update the WebAdmin installer to create $APACHE_DOCUMENT_ROOT/fitcrackAPI/.venv and install backend requirements into it, and emit Apache config referencing that venv.
• Update installer deployment docs to avoid global pip installs (replacing them with a venv-based command sequence).

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.

File	Description
webadmin/README.md	Switch backend dependency install steps to a venv and add python-home to the Apache example.
installer/install_webadmin.sh	Create/install backend deps into a venv and configure mod_wsgi to use it via python-home.
INSTALL-Installer.md	Replace global pip install guidance with venv-based commands for Python packages.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This creates a venv in /opt/fitcrack-webadmin-venv, but the rest of the installer flow (and scripts like measureUsage.py with #!/usr/bin/python3) won’t use it unless you explicitly reference that interpreter. If these packages are needed by system-Python daemons, they should be installed via distro packages or the daemon should be updated to run using the venv’s python; otherwise, clarify/remove this step to avoid a non-functional venv.

Suggested change

	python3 -m venv /opt/fitcrack-webadmin-venv
	/opt/fitcrack-webadmin-venv/bin/python3 -m pip install --upgrade pip
	/opt/fitcrack-webadmin-venv/bin/python3 -m pip install --ignore-installed urllib3==1.26.15 mysqlclient
	# Fitcrack scripts/services use /usr/bin/python3, so install these into the
	# system Python environment rather than an unused virtualenv.
	python3 -m pip install --upgrade pip
	python3 -m pip install --ignore-installed urllib3==1.26.15 mysqlclient

[Copilot]

Same issue as above for CentOS: creating /opt/fitcrack-webadmin-venv doesn’t affect scripts that run under system Python unless they’re executed with that venv’s interpreter. Either document how this venv is wired into runtime (systemd/daemon invocation / Apache python-home), or switch the guidance to installing the needed modules in the environment that actually runs the scripts.

[Copilot]

The status output at the top is now misleading: it prints "Installing back-end requirements..." and "Done." but doesn’t actually install anything until later in the script. Consider moving/removing these messages or performing the venv/pip work here so logs accurately reflect what happened.

[Copilot]

The generated Apache vhost sets group=$APACHE_USER, but the script separately tracks APACHE_GROUP (and later chowns files to $APACHE_USER:$APACHE_GROUP). If APACHE_GROUP is customized, mod_wsgi will run under an unexpected group and may fail to access files. Use the configured group variable consistently.

Suggested change

	echo " WSGIDaemonProcess fitcrack user=$APACHE_USER group=$APACHE_USER threads=5 python-home=$WEBADMIN_VENV_PATH" >> $BE_CONFIG_FILE
	echo " WSGIDaemonProcess fitcrack user=$APACHE_USER group=$APACHE_GROUP threads=5 python-home=$WEBADMIN_VENV_PATH" >> $BE_CONFIG_FILE

[Copilot]

The venv is being made writable/owned by the Apache runtime user (chmod -R 775 + chown -R $APACHE_USER...). That allows a web-server compromise to modify Python packages/code inside the venv and persist RCE. Prefer keeping the venv owned by root (or a dedicated admin user) and only readable/executable by Apache; avoid recursive group-writable permissions.

Suggested change

	chmod -R 775 "$WEBADMIN_VENV_PATH"
	chown -R $APACHE_USER:$APACHE_GROUP "$WEBADMIN_VENV_PATH"
	chown -R root:root "$WEBADMIN_VENV_PATH"
	chmod -R a+rX,u+w "$WEBADMIN_VENV_PATH"

[Copilot]

These steps require the venv module (e.g., Debian/Ubuntu package python3-venv). The dependency list above doesn’t mention it, so python3 -m venv ... may fail on a fresh system. Please add python3-venv (or distro equivalent) to the prerequisites for platforms where it’s a separate package.

[aravindhbalaji04]

@ihranicky can you check this PR?