,

Raspberry Read-Only

Page en construction

Objectif

Apporter des modifications à la distribution Raspbian pour une utilisation sans écritures sur la carte SD et permettre une extinction brutale de la machine sans risque de détériorer le système de fichiers

Limitation

Utilisation de la version Raspbian/Buster, version stable à ce jour (déc 2019). L'image installée à la base est la version lite pour limiter les logiciels installés.

lectures

https://the.mad-tinkerer.me/raspberry-pi/read-only-root-filesystem-debian-buster/

https://medium.com/@andreas.schallwig/how-to-make-your-raspberry-pi-file-system-read-only-raspbian-stretch-80c0f7be7353

https://k3a.me/how-to-make-raspberrypi-truly-read-only-reliable-and-trouble-free/

http://blog.gegg.us/2014/03/a-raspbian-read-only-root-fs-howto/

https://github.com/JasperE84/root-ro

https://www.a-netz.de/blog/2013/02/read-only-root-filesystem/

https://the.mad-tinkerer.me/raspberry-pi/read-only-root-filesystem-debian-buster/

Buster read-only

sudo apt update
sudo apt upgrade
sudo apt dist-upgrade
sudo apt install python3
sudo apt install puredata
sudo apt install pd-osc pd-mrpeach pd-iemlib
sudo apt install lsof
lsof / | awk 'NR==1 || $4~/[0-9]+[uw]/'
sudo systemctl disable apt-daily.timer apt-daily-upgrade.timer man-db.timer
sudo systemctl mask systemd-tmpfiles-setup apt-daily apt-daily-upgrade systemd-tmpfiles-clean systemd-tmpfiles-clean.timer systemd-update-utmp systemd-update-utmp-runlevel systemd-rfkill systemd-rfkill.socket systemd-logind.service man-db.service
systemd-update-utmp-runlevel systemd-rfkill systemd-rfkill.socket systemd-logind.service man-db.service
sudo systemctl disable dphys-swapfile
sudo apt clean

Modifier /etc/fstab

modifier en ro /boot et /

PARTUUID=6c586e13-01  /boot           vfat    defaults,ro          0 2
PARTUUID=6c586e13-02  /               ext4    defaults,ro,noatime  0 1

ajouter

none                  /tmp               tmpfs   size=128M,mode=01777                    0 0
none                  /var/tmp           tmpfs   size=16M                                0 0
none                  /var/log           tmpfs   size=16M,mode=0755                      0 0
none                  /var/lib/logrotate tmpfs  size=1M                                  0 0

sudo reboot et vérifier les services en erreur

systemctl list-units --state=failed

Changement de mode

Autoriser l'écriture
sudo mount / -o remount,rw
sudo mount /boot -o remount,rw
Retourner en mode read-only
sudo mount / -o remount,ro -f
sudo mount /boot -o remount,ro -f

Ajouter à /etc/bash.bashrc source : https://hallard.me/raspberry-pi-read-only/

# set variable identifying the filesystem you work in (used in the prompt below)
set_bash_prompt(){
    fs_mode=$(mount | sed -n -e "s/^\/dev\/.* on \/ .*(\(r[w|o]\).*/\1/p")
    PS1='\[\033[01;32m\]\u@\h${fs_mode:+($fs_mode)}\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
}
 
alias ro='sudo mount -o remount,ro / ; sudo mount -o remount,ro /boot'
alias rw='sudo mount -o remount,rw / ; sudo mount -o remount,rw /boot'
 
# setup fancy prompt"
PROMPT_COMMAND=set_bash_prompt

Compléments

Logrotate

modifier /etc/cron.daily/logrotate

#/usr/sbin/logrotate /etc/logrotate.conf
/usr/sbin/logrotate --state /var/log/logrotate.state /etc/logrotate.conf
lightdm

modifier /etc/lightdm.conf

cache-directory=/var/tmp/lightdm