miky94
Posts: 8
Joined: Sun Jun 03, 2018 9:17 pm

Raspbian Stretch Lite - change the SD from read-write to read-only and vice-versa

Tue Jan 01, 2019 5:43 pm

I've a Raspberry Pi Zero W with Raspbian Stretch Lite and a python script, I need to make the SD read-only to prevent damage because of the Raspberry is powered by a battery that I plug/unplug.
how can I achieve this in such a way that I can easily make it read-write again if I need to change the code?
I read on internet that I have to move the temporary files to ram memory and edit /boot/cmdline.txt and /etc/fstab but I didn't understand how

here they are:
temporary files:

Code: Select all

root@raspberrypi:/home/pi# fuser -v -m / 2>&1 | awk '($3 ~ /F.*/){ print "/proc/"$2"/fd"}' | xargs ls -l| grep '^l.w' | grep -v socket: | grep -v /dev/ | grep -v "/proc" | grep -v anon_inode | grep -v pipe
l-wx------ 1 root root 64 dic 23 19:07 10 -> /var/log/debug
l-wx------ 1 root root 64 dic 23 19:07 11 -> /var/log/messages
l-wx------ 1 root root 64 dic 23 19:07 12 -> /var/log/auth.log
l-wx------ 1 root root 64 dic 23 19:07 6 -> /var/log/syslog
l-wx------ 1 root root 64 dic 23 19:07 7 -> /var/log/daemon.log
l-wx------ 1 root root 64 dic 23 19:07 8 -> /var/log/kern.log
l-wx------ 1 root root 64 dic 23 19:07 9 -> /var/log/user.log
lrwx------ 1 root root 64 dic 23 19:07 5 -> /var/log/cups/access_log
lrwx------ 1 root root 64 dic 23 19:07 6 -> /var/log/cups/error_log
lrwx------ 1 root root 64 dic 23 19:07 7 -> /var/log/cups/page_log
lrwx------ 1 pi pi 64 dic 24 13:02 8 -> /home/pi/.local/share/gvfs-metadata/home-ad6ab50f.log
l-wx------ 1 pi pi 64 dic 24 18:02 1 -> /home/pi/.cache/lxsession/LXDE-pi/run.log
lrwx------ 1 pi pi 64 dic 24 18:02 13 -> /tmp/vteWVPTUZ (deleted)
lrwx------ 1 pi pi 64 dic 24 18:02 14 -> /tmp/vteM2PTUZ (deleted)
lrwx------ 1 pi pi 64 dic 24 18:02 15 -> /tmp/vteAPWTUZ (deleted)
l-wx------ 1 pi pi 64 dic 24 18:02 2 -> /home/pi/.cache/lxsession/LXDE-pi/run.log
l-wx------ 1 root root 64 dic 23 19:07 6 -> /var/log/lightdm/lightdm.log
l-wx------ 1 root root 64 dic 24 18:03 1 -> /var/log/lightdm/x-0.log
l-wx------ 1 root root 64 dic 24 18:03 2 -> /var/log/lightdm/x-0.log
l-wx------ 1 root root 64 dic 24 18:03 4 -> /var/log/Xorg.0.log
l-wx------ 1 root root 64 dic 24 18:03 2 -> /var/log/apache2/error.log
l-wx------ 1 root root 64 dic 24 18:03 7 -> /var/log/apache2/other_vhosts_access.log
l-wx------ 1 root root 64 dic 24 18:03 8 -> /var/log/apache2/access.log
l-wx------ 1 root root 64 dic 24 18:03 2 -> /var/log/apache2/error.log
l-wx------ 1 root root 64 dic 24 18:03 7 -> /var/log/apache2/other_vhosts_access.log
l-wx------ 1 root root 64 dic 24 18:03 8 -> /var/log/apache2/access.log
l-wx------ 1 root root 64 dic 24 18:03 2 -> /var/log/apache2/error.log
l-wx------ 1 root root 64 dic 24 18:03 7 -> /var/log/apache2/other_vhosts_access.log
l-wx------ 1 root root 64 dic 24 18:03 8 -> /var/log/apache2/access.log
l-wx------ 1 pi pi 64 dic 24 17:34 1 -> /home/pi/.cache/lxsession/LXDE-pi/run.log
l-wx------ 1 pi pi 64 dic 24 17:34 2 -> /home/pi/.cache/lxsession/LXDE-pi/run.log
l-wx------ 1 pi pi 64 dic 23 19:07 1 -> /home/pi/.cache/lxsession/LXDE-pi/run.log
l-wx------ 1 pi pi 64 dic 23 19:07 2 -> /home/pi/.cache/lxsession/LXDE-pi/run.log
l-wx------ 1 pi pi 64 dic 23 19:07 4 -> /home/pi/.cache/openbox/openbox.log
l-wx------ 1 pi pi 64 dic 23 19:07 1 -> /home/pi/.cache/lxsession/LXDE-pi/run.log
l-wx------ 1 pi pi 64 dic 23 19:07 2 -> /home/pi/.cache/lxsession/LXDE-pi/run.log
l-wx------ 1 pi pi 64 dic 23 19:07 1 -> /home/pi/.cache/lxsession/LXDE-pi/run.log
l-wx------ 1 pi pi 64 dic 23 19:07 2 -> /home/pi/.cache/lxsession/LXDE-pi/run.log
l-wx------ 1 pi pi 64 dic 23 19:07 6 -> /home/pi/.cache/lxsession/LXDE-pi/run.log
l-wx------ 1 pi pi 64 dic 23 19:07 7 -> /home/pi/.cache/lxsession/LXDE-pi/run.log
l-wx------ 1 pi pi 64 dic 23 19:07 1 -> /home/pi/.cache/lxsession/LXDE-pi/run.log
l-wx------ 1 pi pi 64 dic 23 19:07 2 -> /home/pi/.cache/lxsession/LXDE-pi/run.log
l-wx------ 1 pi pi 64 dic 23 19:07 1 -> /home/pi/.cache/lxsession/LXDE-pi/run.log
l-wx------ 1 pi pi 64 dic 23 19:07 2 -> /home/pi/.cache/lxsession/LXDE-pi/run.log
l-wx------ 1 pi pi 64 dic 23 19:07 1 -> /home/pi/.cache/lxsession/LXDE-pi/run.log
l-wx------ 1 pi pi 64 dic 23 19:07 2 -> /home/pi/.cache/lxsession/LXDE-pi/run.log
lrwx------ 1 lp lp 64 dic 24 18:03 5 -> /var/spool/cups/tmp/cups-dbus-notifier-lockfile
lrwx------ 1 colord colord 64 dic 23 19:07 5 -> /var/lib/colord/mapping.db
lrwx------ 1 colord colord 64 dic 23 19:07 6 -> /var/lib/colord/storage.db
lrwx------ 1 colord colord 64 dic 23 19:07 7 -> /var/lib/colord/storage.db
/boot/cmdline.txt:

Code: Select all

dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=PARTUUID=6812d82b-02 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait quiet splash plymouth.ignore-serial$
/etc/fstab:

Code: Select all

proc            /proc           proc    defaults          0       0
PARTUUID=6812d82b-01  /boot           vfat    defaults          0       2
PARTUUID=6812d82b-02  /               ext4    defaults,noatime  0       1
# a swapfile is not a swap partition, no line here
#   use  dphys-swapfile swap[on|off]  for that
what should I change to make the SD read-only? and what to make it read-write again?
Thanks

epoch1970
Posts: 2285
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: Raspbian Stretch Lite - change the SD from read-write to read-only and vice-versa

Wed Jan 02, 2019 2:57 pm

What needs to be done is not trivial (except the ro/rw switch on demand perhaps)
With Raspbian you can do this or that.

Personally I’ve used neither. When I require a more robust system I tend to install piCore. It is designed to run off an RO rootfs (or even entirely off RAM), it doesn’t feature systemd so repeatability is better once you get your stuff working. It is indeed different from Debian/Raspbian, but once you get the hang of it I think it is a comfortable platform to work with (binary distribution, plenty of good quality packages).
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel


epoch1970
Posts: 2285
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: Raspbian Stretch Lite - change the SD from read-write to read-only and vice-versa

Thu Jan 03, 2019 12:19 am

Looking at the script, I don’t think so, but try it and report if you wish.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

miky94
Posts: 8
Joined: Sun Jun 03, 2018 9:17 pm

Re: Raspbian Stretch Lite - change the SD from read-write to read-only and vice-versa

Thu Jan 03, 2019 12:35 am

epoch1970 wrote:
Thu Jan 03, 2019 12:19 am
Looking at the script, I don’t think so, but try it and report if you wish.
why do you think not?

epoch1970
Posts: 2285
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: Raspbian Stretch Lite - change the SD from read-write to read-only and vice-versa

Thu Jan 03, 2019 3:04 pm

It sets up symbolic links to /tmp (which is in RAM) as a way to allowing to set / RO and not wedge the system.
That is the general idea but it might be a bit rough for some applications. Plus you really lose anything written at runtime.
An overlay is a more generic solution.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

miky94
Posts: 8
Joined: Sun Jun 03, 2018 9:17 pm

Re: Raspbian Stretch Lite - change the SD from read-write to read-only and vice-versa

Thu Jan 03, 2019 3:27 pm

epoch1970 wrote:
Thu Jan 03, 2019 3:04 pm
It sets up symbolic links to /tmp (which is in RAM) as a way to allowing to set / RO and not wedge the system.
That is the general idea but it might be a bit rough for some applications. Plus you really lose anything written at runtime.
An overlay is a more generic solution.
If I understood (correct me if not) from the link you posted above, the overlay allows to write data on another partition on the sd card, but I think this won't completely prevent the sd damaging since there will still be writeable partitions.
consiedering that I don't need temp files, I'd opt for the solution I posted, even if I didnt' understand why: "THIS SEQUENCE IS IRREVERSIBLE. We don’t have an uninstall script. There’s an option to boot into read/write mode, but nothing to back out all these changes.", since I still can run the system in read/write mode by inserting a jumper.

epoch1970
Posts: 2285
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: Raspbian Stretch Lite - change the SD from read-write to read-only and vice-versa

Thu Jan 03, 2019 3:55 pm

Agreed, overall. Still, if you really want a bulletproof platform something like piCore is superior to a bunch of symlinks.
And if you want a more robust Raspbian, overlay is your friend. Systemd has expectations, including on the file system.

Anyway, the Adafruit recipe wouldn’t be posted if it hadn’t any merit, so why not.
The scary paragraph was written by a lawyer I suppose: the script does remove packages (like fake-hwclock) and add others (like ntp), so it is a fact this script has no undo option. Nothing tragic, really. Reverting mods by hand, reading the script, looks entirely possible if needed.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

miky94
Posts: 8
Joined: Sun Jun 03, 2018 9:17 pm

Re: Raspbian Stretch Lite - change the SD from read-write to read-only and vice-versa

Thu Jan 03, 2019 4:56 pm

If completely read-only sd will full protect it from damaging, adafruit solution is enough for me because I'm just using the Raspberry as a brain for a robot battery powered.
otherwise I'll give a try to piCore hoping that implement python code won't be difficult. Thank you

Return to “Advanced users”