{{tag>raspberry-pi gk}}

==== Raspberry Read-Only ====
^Page en construction^
=== Objectif ===
Apporter des modifications à la distribution Raspbian pour une utilisation sans écritures sur la carte SD et permettre une extinction brutale de la machine sans risque de détériorer le système de fichiers
=== Limitation ==
Utilisation de la version Raspbian/Buster, version stable à ce jour (déc 2019).
L'image installée à la base est la version **lite** pour limiter les logiciels installés.
=== lectures ===
https://the.mad-tinkerer.me/raspberry-pi/read-only-root-filesystem-debian-buster/

https://medium.com/@andreas.schallwig/how-to-make-your-raspberry-pi-file-system-read-only-raspbian-stretch-80c0f7be7353

https://k3a.me/how-to-make-raspberrypi-truly-read-only-reliable-and-trouble-free/

http://blog.gegg.us/2014/03/a-raspbian-read-only-root-fs-howto/

https://github.com/JasperE84/root-ro

https://www.a-netz.de/blog/2013/02/read-only-root-filesystem/

https://the.mad-tinkerer.me/raspberry-pi/read-only-root-filesystem-debian-buster/
=== Buster read-only ===

<code>
sudo apt update
sudo apt upgrade
sudo apt dist-upgrade
sudo apt install python3
sudo apt install puredata
sudo apt install pd-osc pd-mrpeach pd-iemlib
sudo apt install lsof
lsof / | awk 'NR==1 || $4~/[0-9]+[uw]/'
sudo systemctl disable apt-daily.timer apt-daily-upgrade.timer man-db.timer
sudo systemctl mask systemd-tmpfiles-setup apt-daily apt-daily-upgrade systemd-tmpfiles-clean systemd-tmpfiles-clean.timer systemd-update-utmp systemd-update-utmp-runlevel systemd-rfkill systemd-rfkill.socket systemd-logind.service man-db.service
systemd-update-utmp-runlevel systemd-rfkill systemd-rfkill.socket systemd-logind.service man-db.service
sudo systemctl disable dphys-swapfile
sudo apt clean
</code>
Modifier /etc/fstab

modifier en ro /boot et /
<code>
PARTUUID=6c586e13-01  /boot           vfat    defaults,ro          0 2
PARTUUID=6c586e13-02  /               ext4    defaults,ro,noatime  0 1
</code>

ajouter
<code>
none                  /tmp               tmpfs   size=128M,mode=01777                    0 0
none                  /var/tmp           tmpfs   size=16M                                0 0
none                  /var/log           tmpfs   size=16M,mode=0755                      0 0
none                  /var/lib/logrotate tmpfs  size=1M                                  0 0
</code>

sudo reboot et vérifier les services en erreur
<code>systemctl list-units --state=failed</code>

=== Changement de mode ===
== Autoriser l'écriture ==
<code>
sudo mount / -o remount,rw
sudo mount /boot -o remount,rw
</code>
== Retourner en mode read-only ==
<code>
sudo mount / -o remount,ro -f
sudo mount /boot -o remount,ro -f
</code>
Ajouter à /etc/bash.bashrc  **source** : https://hallard.me/raspberry-pi-read-only/
<code>
# set variable identifying the filesystem you work in (used in the prompt below)
set_bash_prompt(){
    fs_mode=$(mount | sed -n -e "s/^\/dev\/.* on \/ .*(\(r[w|o]\).*/\1/p")
    PS1='\[\033[01;32m\]\u@\h${fs_mode:+($fs_mode)}\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
}
 
alias ro='sudo mount -o remount,ro / ; sudo mount -o remount,ro /boot'
alias rw='sudo mount -o remount,rw / ; sudo mount -o remount,rw /boot'
 
# setup fancy prompt"
PROMPT_COMMAND=set_bash_prompt
</code>

=== Compléments ===
== Logrotate ==
modifier /etc/cron.daily/logrotate
<code bash>
#/usr/sbin/logrotate /etc/logrotate.conf
/usr/sbin/logrotate --state /var/log/logrotate.state /etc/logrotate.conf
</code>
==lightdm==
modifier /etc/lightdm.conf
<code>
cache-directory=/var/tmp/lightdm
</code>