Heater
Posts: 13107
Joined: Tue Jul 17, 2012 3:02 pm

Re: Raspbian with Read-only Root

Mon Jul 31, 2017 12:05 am

I don't think there was anything special about my image. It was a recent raspbian lite download.

Except the overlay module was definitely not in there.

I say "was" because I just blew it all away and am starting again....

Heater
Posts: 13107
Joined: Tue Jul 17, 2012 3:02 pm

Re: Raspbian with Read-only Root

Mon Jul 31, 2017 1:18 am

Is that supposed to be:

Code: Select all

initramfs=initrd7.img
in config.txt. Or:

Code: Select all

initramfs initrd7.img
As the OP shows?

With the latter it does not boot. With the former it is not using the overlay.

Heater
Posts: 13107
Joined: Tue Jul 17, 2012 3:02 pm

Re: Raspbian with Read-only Root

Mon Jul 31, 2017 1:52 am

OK. After fighting with this all day I have to give up. I now have, for the Nth, time today an unbootable Pi.

Should it be "=initrd7.img" or not?

Should I replace that PARTUUID thing or not?

Is there something else that has changed in the raspbian lite to break this?

Tried all sorts of combinations. Checked over everything a dozen times. Nothing works.

Reverting the changes to config.txt and cmdline.txt still does not boot.

Except, in my frustration, I forgot to backup cmdline.txt so now I don't know what that PARTUUID should be!

Too tired to continue...

User avatar
chrisoh
Posts: 217
Joined: Sun Dec 06, 2015 8:50 pm
Location: Essex, UK

Re: Raspbian with Read-only Root

Mon Jul 31, 2017 11:10 am

Heater wrote:
Mon Jul 31, 2017 1:52 am
OK. After fighting with this all day I have to give up. I now have, for the Nth, time today an unbootable Pi.
Reminds me of a Jamiroquai song :lol:
Heater wrote:
Mon Jul 31, 2017 1:52 am
Should it be "=initrd7.img" or not?
initramfs initrd7.img
Heater wrote:
Mon Jul 31, 2017 1:52 am
Should I replace that PARTUUID thing or not?
Yes, with /dev/mmcblk0p2
Heater wrote:
Mon Jul 31, 2017 1:52 am
Is there something else that has changed in the raspbian lite to break this?
I used 2017-07-05-raspbian-jessie-lite.img just a few days ago.
Heater wrote:
Mon Jul 31, 2017 1:52 am
Tried all sorts of combinations. Checked over everything a dozen times. Nothing works.

Reverting the changes to config.txt and cmdline.txt still does not boot.

Except, in my frustration, I forgot to backup cmdline.txt so now I don't know what that PARTUUID should be!

Too tired to continue...
Maybe some bad new line encodings in config.txt/cmdline.txt is breaking the boot? It's a bit strange really.
The only difference I can see is I am using a Pi Zero (so my 7's were removed from the instructions), not sure if allfox and TheComputerGuyLTD were using a Pi 3?
Raspberry Pi 3 model B Idle @ 250mA
  • HDMI +200mA
  • Minecraft 1.9 Server +100mA
  • 2.4Ghz dongle +20mA

User avatar
allfox
Posts: 452
Joined: Sat Jun 22, 2013 1:36 pm
Location: Guang Dong, China

Re: Raspbian with Read-only Root

Mon Jul 31, 2017 2:53 pm

I've just gone through this recipe on a Pi A+, it works on 2017-07-05-raspbian-jessie-lite.

chrisoh made a good post.

I want to add what I did when editing /usr/share/initramfs-tools/scripts/overlay:
1 Locate local_mount_root() function.
2 Comment out if [ "${readonly}" = "y" ]; then block, the whole if block.
3 Add "mkdir /upper /lower" line.
4 Modify the next if block, so the mount command won't work on ${rootmnt}, but on /lower. Check the OP.
5 Append those modprobe and mount commands to the tail.

Heater
Posts: 13107
Joined: Tue Jul 17, 2012 3:02 pm

Re: Raspbian with Read-only Root

Mon Aug 07, 2017 2:05 am

Yay, it works!

With a clear head and a steady hand I now have a read-only root with overlay.

To prove the point I did a "rm -rf /bin /sbin". After a power cycle it rebooted as if nothing had happened. Magic!

Thanks for all the advice and encouragement everyone. With this in place and the watchdog working I'm feeling a bit more confident about installing it in a remote location where it is going to be very hard and expensive to visit if it breaks.

I have no idea where I got things wrong before. Could have been a result of editing files on Windows. Could have been a result of me screwing up the image anyway when I resized the root partition with gparted. Or just finger trouble, as ever.

Mounting /boot as read only could be the icing on the cake.

initios
Posts: 1
Joined: Thu Jan 24, 2013 8:31 am

Re: Raspbian with Read-only Root

Sun Aug 20, 2017 11:28 am

Can I make three partition on tf card, as:
/dev/mmcblk0p1 //for BOOT partition
/dev/mmcblk0p2 //for ROOT partition
/dev/mmcblk0p3 //for HOME partition
and, I overlay a read-write HOME directory on ROOT partition?

The objective is after some io operation on the HOME partition so that it crashed, the pi can boot correctly.
Can the solution be worked?

wikusjacobsz
Posts: 1
Joined: Mon Oct 09, 2017 9:04 am

Re: Raspbian with Read-only Root

Mon Oct 09, 2017 9:19 am

Hi Everyone,

Please ignore my ignorance here. I am definitely not a linux expert.

I have found this tutorial very useful and got it to work with Raspbian Stretch on a Pi Zero. So happy days.

But, I need some more help. What I am trying to do might seem counter productive, but it is necessary. I need to save some log files on the SD card in the /home/pi/ directory. Is there a way I can retain these log files after a reboot?

Any advice will be helpful.

Thank you very much.

Heater
Posts: 13107
Joined: Tue Jul 17, 2012 3:02 pm

Re: Raspbian with Read-only Root

Mon Oct 09, 2017 11:10 am

I think if you ever write anything to the SD card you are defeating the point of making this read-only root system. Even if you make a new partition to write data to. The SD card knows nothing about your partitions and file systems it only knows about blocks of data. If it's going to screw up, which they do, it might take down your read-only root as well.

Better to put your data on a USB stick. Then if you lose the data on the USB stick at least your system is still booting and you can repair things. Or just swap the USB stick.

You can make a symbolic link from your /home/pi directory to a directory on the USB stick and it will look as if your data is in /home/pi

Michael_L
Posts: 1
Joined: Sat Oct 14, 2017 4:07 pm

Re: Raspbian with Read-only Root

Sat Oct 14, 2017 4:22 pm

Worked great first time. Only one minor glitch encountered. uname -a gave me 4.4.50-v7+ which didn't work when I ran update-initramfs

So I took a look in /lib/modules and saw that the modules were in a directory named 4.9.35-v7+. I altered my update-initramfs command accordingly and all went smoothly.

I suspect this happened because I'd run apt-get update ; apt-get upgrade and maybe not rebooted. After reboot uname -a shows 4.9.35-v7+ and / is ro.

Many thanks.

mlepage
Posts: 95
Joined: Tue Jun 12, 2012 1:58 am

Re: Raspbian with Read-only Root

Sat Oct 14, 2017 10:37 pm

Google has many incentives to ensure Android phones are updated, and provides incentives to manufacturers to do so. Unfortunately, there is a cost and manufacturers generally do not like to pay it. Ultimately, it comes down to how much (in)security consumers are willing to tolerate, and so far consumers have shown to tolerate lots. We can help to change this viewpoint with education, and by doing our part (e.g. if you're a developer) to make security less costly and more readily available and better quality.

That said, is there a guide to having a distribution be read-only, and another partition (on the same sd card) be writable? I'd like to put on a standard raspbian lite, that is protected from corruption, but I can make writeable if I wish so I can perform updates now and then. At the same time, I'd like to have a data partition that I can write captured video to (from the official camera module). Use case would be a dash cam for a vehicle. Basically, if the data partition gets a little corrupt, it's less a hassle (maybe some video loss) than if the OS gets corrupt (as it will then stop working entirely).

User avatar
davidcoton
Posts: 4027
Joined: Mon Sep 01, 2014 2:37 pm
Location: Cambridge, UK

Re: Raspbian with Read-only Root

Sat Oct 14, 2017 10:40 pm

mlepage wrote: is there a guide to having a distribution be read-only, and another partition (on the same sd card) be writable?
Re-read Heater's post above. What you want may be possible, but won't achieve what you hope.
Signature retired

Heater
Posts: 13107
Joined: Tue Jul 17, 2012 3:02 pm

Re: Raspbian with Read-only Root

Sat Oct 14, 2017 11:39 pm

Quite so. Put your OS on read-only media. Put your data some other media.

What you are asking is like demanding that the front door to your house be locked but anyone can have access to the back door.

Heater
Posts: 13107
Joined: Tue Jul 17, 2012 3:02 pm

Re: Raspbian with Read-only Root

Sat Oct 14, 2017 11:48 pm

mlepage,
I'd like to put on a standard raspbian lite, that is protected from corruption, but I can make writeable if I wish so I can perform updates now and then.
Wait a minute. I missed that part.

If you make a read-only root file system as described in this thread it is possible to make it writable again at any time. Though that does require writing to files in the boot partition and rebooting.

See the start of this thread to read how to do this.

mlepage
Posts: 95
Joined: Tue Jun 12, 2012 1:58 am

Re: Raspbian with Read-only Root

Sat Oct 14, 2017 11:59 pm

OK I missed some pages of this thread, I'll read more. Thanks!

quaddl
Posts: 5
Joined: Wed Oct 18, 2017 6:38 am

Re: Raspbian with Read-only Root

Wed Oct 18, 2017 9:35 am

I've got the ro mode working on Raspbian stretch but, if activated, it's not possible to mount a net share into an existing folder in users home by a shell script. An fstab entry is not an option because the net share may be not availlable at boot time. Does anybody have an idea to fix this please ?

Heater
Posts: 13107
Joined: Tue Jul 17, 2012 3:02 pm

Re: Raspbian with Read-only Root

Wed Oct 18, 2017 10:48 am

What kind of share, NFS or SAMBA ?

quaddl
Posts: 5
Joined: Wed Oct 18, 2017 6:38 am

Re: Raspbian with Read-only Root

Wed Oct 18, 2017 11:00 am

Hello Heater,
it's a Samba share

Heater
Posts: 13107
Joined: Tue Jul 17, 2012 3:02 pm

Re: Raspbian with Read-only Root

Wed Oct 18, 2017 11:33 am

How are you trying to mount the share. With some SAMBA command like:

$ sudo mount -t smbfs -o username=userid,workgroup=workgroupname,password=XXXXX //ipadd/sharepoint /mountpoint/

or whatever ?

What is the error you get when doing that ?

quaddl
Posts: 5
Joined: Wed Oct 18, 2017 6:38 am

Re: Raspbian with Read-only Root

Wed Oct 18, 2017 12:10 pm

Meanwhile i played around on both sides and the last working command is
$ sudo mount.cifs //x.x.x.x/[sharename] /home/pi/[foldername] -o guest ro _netdev noatime
as long as overlay is not active.

After reboot with active kernel7.img and initramsf .. lines in config.txt and even without 'boot= overlay' entry in commandline.txt
terminal respond is 'unable to find suitable address'.

BTW i'm free to make changes on server side too if necessary.

frspp
Posts: 1
Joined: Thu Oct 19, 2017 4:35 pm

Re: Raspbian with Read-only Root

Thu Oct 19, 2017 4:45 pm

mutley wrote:
Tue Oct 18, 2016 10:48 pm
I agree that RO root is the only way to go on the PI, but it's been very simple to do since wheezy. (add a few lines to /etc/fstab and modify /boot/cmdline.txt).
Are we speaking here about

Code: Select all

/etc/fstab 
Add “,ro” flag to both block devices (after "defaults")
+
/boot/cmdline.txt
At the end add
noswap ro
That's all? Seems to work, or at least boot and run for a while :P Little dirty: I get some warnings/error regarding /tmp on each cycle loop runs. But easy to do (on linux, because other systems don't read ext4 out of the box) just by modding files on SD card.

My need is only terminal, omxplayer and reliability, no networking.

ejolson
Posts: 3421
Joined: Tue Mar 18, 2014 11:47 am

Re: Raspbian with Read-only Root

Thu Oct 19, 2017 6:09 pm

quaddl wrote:
Wed Oct 18, 2017 12:10 pm
After reboot with active kernel7.img and initramsf .. lines in config.txt and even without 'boot= overlay' entry in commandline.txt
terminal respond is 'unable to find suitable address.
I've been mounting samba shares using cifs to a mount point in an overlay filesystem for two years. Prior to that I did the same thing using aufs, the out-of-kernel overlay filesystem. The problem is not overlay, but as you've noticed something to do with the kernel7.img initramfs.

What may have happened is that the kernel in your Raspbian system has been updated and is now out of sync with the kernel in the initramfs. Such a version mismatch could prevent the cifs module from loading and thus make it impossible to mount the samba shares. Try rebuilding kernel7.img to make sure it includes the most recently installed Linux kernel.

Heater
Posts: 13107
Joined: Tue Jul 17, 2012 3:02 pm

Re: Raspbian with Read-only Root

Thu Oct 19, 2017 8:21 pm

frspp,
Are we speaking here about ... /etc/fstab ...Add “,ro” flag to both block devices
No.

Sure that might do the read only thing and be quite good enough for some cases.

But some programs expect to be able to write to the fs. Like the system logs for example.

Also you can't switch off the read only thing when you really want to from there.

quaddl
Posts: 5
Joined: Wed Oct 18, 2017 6:38 am

Re: Raspbian with Read-only Root

Fri Oct 20, 2017 8:02 am

I found a solution for my mounting problem.
$ ip addr
returns the correct network configuration when ro-mode is off. If active, it returns wrong IP settings i did not config. DHCP is off. No DHCP-Server in my local network.
I read about problems with static IP settings in Rasbian stretch and switched to network manager.
Installed network-manager-gnome from the repository.
Removed dhcpcd5:

$ sudo apt purge openresolve dhcpcd5

Replaced file /etc/resolv.conf by a symlink to /lib/systemd/resolv.conf

$ sudo ln -sf /lib/systemd/resolv.conf /etc/resolv.conf

Removed applet ' wireless & wired network' from the panel.
After reboot, configuration by network manager applet and activation of ro-mode in /boot/cmdline.txt and /boot/config.txt
mounting of the network share to an empty folder in user's home works fine after reboot.
For optimizing mount options i'll study the man pages.
Thank you. :D

quaddl
Posts: 5
Joined: Wed Oct 18, 2017 6:38 am

Re: Raspbian with Read-only Root

Fri Oct 20, 2017 8:54 am

@ejolson
i did rebuild because i thought the line

-olowerdir=/lower,upperdir=/upper/data,workdir=/upper/work \

should be better

-o lowerdir=/lower,upperdir=/upper/data,workdir=/upper/work \

but that did not solve my problem.

I'm not expert enough an don't find the time to explore more details.
Porting my older Kiosk app from Bananapi to Raspbian stretch
shows many things don't work as expected anymore even killing
a shell script with wmctrl commands configured with crontab -e
is more difficult than before. Top shows the script process is killed
but wmctrl is still switching desktops. And so on.

Happy weekend to all and have a good time.

Return to “General discussion”