antonius
Posts: 7
Joined: Wed Oct 28, 2015 8:12 pm

Read-only Jessie

Mon Dec 14, 2015 10:33 pm

Hello!

I'm trying to make my SD card read-only to prevent it from damage in case of power failure.

I found many guides which I tried to follow but I still get two errors during the boot process:
Failed to start Load/Save Random Seed.
and
Failed to start Update UTMP about System Boot/Shutdown.
This is what I have done so far:

- in `/boot/cmdline.txt` append `fastboot noswap ro`

- disable swap (`dphys-swapfile {swapoff, uninstall}` and `update-rc.d dphys-swapfile remove`)

- the /etc/fstab looks like:

Code: Select all

proc        ...
/...        /boot        vfat        defaults,ro        ...
/...        /        ext4        defaults,ro,noatime        ...
tmpfs        /tmp        tmpfs        defaults,size=1M        0        0
I think it has something to do with `/var` not being writable but I failed to find out how to make it so. I saw that in Jessie both `/var/lock` and `/var/run` are `tmpfs` already...

I also tried to disable the saving of pseudo-random generator state as `systemctl disable systemd-random-seed.service` to no avail.

Please, could anyone point me in the right direction to get rid of the errors above?

User avatar
r3d4
Posts: 967
Joined: Sat Jul 30, 2011 8:21 am
Location: ./

Re: Read-only Jessie

Sun Dec 20, 2015 1:57 pm

antonius wrote: I found many guides which I tried to follow but I still get two errors during the boot process:
It might help to post the links to one or more of the "many guides" you found ?! ;)

aristosv
Posts: 151
Joined: Mon Dec 08, 2014 7:47 pm

Re: Read-only Jessie

Wed Jan 20, 2016 10:05 am

Did you ever find a solution to this?

blakspek
Posts: 1
Joined: Tue May 17, 2016 3:24 pm

Re: Read-only Jessie

Tue May 17, 2016 3:34 pm

You'll have to link the file "/var/lib/systemd/random-seed" somewhere it can be written in, like /tmp

Put that in a booting script like "/etc/rc.local"
sudo touch /tmp/random-seed
sudo ln -s /tmp/random-seed /var/lib/systemd/random-seed
sudo chmod 600 /tmp/random-seed
sudo chown root:root /tmp/random-seed

Charly86
Posts: 23
Joined: Wed Mar 06, 2013 9:57 am

Re: Read-only Jessie

Tue Aug 30, 2016 1:31 pm

Quite easy as said @blakspek
First remove existing file

Code: Select all

rm /var/lib/systemd/random-seed
link the random-seed file to tmpfs location

Code: Select all

ln -s /tmp/random-seed /var/lib/systemd/random-seed
Since file is on tmpfs it will not be created upon, reboot, but we can do it with a kind of magic of systemd system service, this is so powerfull.
To create file on the tmp area at bootup before starting random-seed service, just edit the file service file to add a pre-command to execute :

Code: Select all

nano /lib/systemd/system/systemd-random-seed.service
add the line
ExecStartPre=/bin/echo "" >/tmp/random-seed
under service section, should now looks like this
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStartPre=/bin/echo "" >/tmp/random-seed
ExecStart=/lib/systemd/systemd-random-seed load
ExecStop=/lib/systemd/systemd-random-seed save
Execute following to tell systemd we made changes
Do not use touch instead of echo, it won't work because it will check RO filesystem
Execute following to tell systemd we made changes

Code: Select all

systemctl daemon-reload
I've update the dedicated article here
https://hallard.me/raspberry-pi-read-only/

aristosv
Posts: 151
Joined: Mon Dec 08, 2014 7:47 pm

Re: Read-only Jessie

Tue Aug 30, 2016 1:59 pm

Thanks for your reply. You suggested 2 methods of resolving the issue. Is there any benefit or drawback in chosing one over the other?

septantrionalis
Posts: 73
Joined: Sat Feb 08, 2014 11:12 pm
Location: Denver, CO

Re: Read-only Jessie

Tue Sep 27, 2016 2:51 pm

I tried the solution mentioned by Charlie86, but its not working. It looks like the random seed is being generated before the tmp filesystem is mounted. This causes the random-seed file to be blown away. How do I get around this?

Code: Select all

Dec 31 17:00:10 raspberrypi systemd[1]: Mounting /var/tmp...
Dec 31 17:00:10 raspberrypi echo[192]: >/tmp/random-seed
Dec 31 17:00:10 raspberrypi systemd[1]: var-tmp.mount: Directory /var/tmp to mount over is not empty, mounting anyway.
Dec 31 17:00:10 raspberrypi systemd[1]: Mounting /tmp...
Dec 31 17:00:10 raspberrypi systemd[1]: tmp.mount: Directory /tmp to mount over is not empty, mounting anyway.
Dec 31 17:00:10 raspberrypi systemd[1]: Mounted /var/tmp.
I just tested it with the filesystem mounted and restarted the systemd configuration with this command :

sudo systemctl restart systemd-random-seed.service

It still doesnt create the random-seed file.

drmacro
Posts: 37
Joined: Tue Mar 08, 2016 4:26 pm

Re: Read-only Jessie

Wed Dec 07, 2016 3:27 pm

I've been attempting to get a read only system with the latest jessie and a pi 2 B (note: same results with a 3 as well).

In addition to the random seed error dhcpcd (the dhcp client daemon) fails to start. Since, typically, there was a dhcp lease available before things were read only, the old lease is used at boot. (After the lease period, since dhcpcd isn't runing, it then looses the lease and, while it still has an IP, it is no longer known by it's hostname. So, the only way to ssh to it is by IP. )

I have tried several attempts to get whatever is needed to a writable /vat/log, etc. (i.e. symlinks from /tmp) to no avail.

I have not found any help from the busybox/logread. Using logread provides a few lines of log about what has been done at the command line and nothing about failures during boot.

I've been working at this on and off for over a month and started with clean images several time... :(

Any suggestions appreciated. :?:

FYI: I posted about this back in Nov.: viewtopic.php?f=29&t=166725&p=1073637#p1073637

Mac

aristosv
Posts: 151
Joined: Mon Dec 08, 2014 7:47 pm

Re: Read-only Jessie

Thu Dec 08, 2016 6:40 am

This worked for me, on the random seed issue.

Code: Select all

ln -s /tmp/random-seed /var/lib/systemd/random-seed
sed -i '/RemainAfterExit=yes/ a ExecStartPre=/bin/echo "" >/tmp/random-seed' /lib/systemd/system/systemd-random-seed.service
As for the dhcp issue, the problem for me was that resolv.conf was not getting updated because of the read only file system, so I fixed it like this.

Code: Select all

rm /etc/resolv.conf
ln -s /tmp/resolv.conf /etc/resolv.conf
sed -i 's/\/etc\/resolv.conf/\/tmp\/resolv.conf/g' /sbin/dhclient-script
I have been told that this is not the correct way of fixing this, even though I never had problems.

drmacro
Posts: 37
Joined: Tue Mar 08, 2016 4:26 pm

Re: Read-only Jessie

Thu Dec 08, 2016 4:07 pm

That does fix the random-seed error.

But, even with resolv.conf in /tmp dhcpcd fails to start.

using "systemctl status dhcpcd.service" after boot it complains as follows:

dhcp_bind: write_lease: Read-only file system

I tried moving /var/log/dhcpcd to /tmp, same results.

User avatar
jojopi
Posts: 3078
Joined: Tue Oct 11, 2011 8:38 pm

Re: Read-only Jessie

Thu Dec 08, 2016 4:33 pm

"man systemd.service" makes it clear that service options such as ExecStart are not run in a shell, and that redirections are not supported by the syntax. That fits with one of the log messages that septantrionalis posted:

Code: Select all

Dec 31 17:00:10 raspberrypi echo[192]: >/tmp/random-seed
It seems that echo has treated the redirection as part of the literal string to echo, so this technique does not work to create a file.

I can only think that, where people have had success with this, the success is actually because of one of the other changes they made.

User avatar
DougieLawson
Posts: 35378
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: Read-only Jessie

Thu Dec 08, 2016 7:01 pm

Just an aside, why would anyone need to play with /tmp/random-seed when the RPi has a true RNG (/dev/hwrng) as part of the hardware.
Note: Having anything remotely humorous in your signature is completely banned on this forum.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

drmacro
Posts: 37
Joined: Tue Mar 08, 2016 4:26 pm

Re: Read-only Jessie

Thu Dec 08, 2016 7:08 pm

The various web sites that have documented making the PI read only remove a variety of packages.

In addition, they end up making the normal place the seed file gets written, read only. Thus the need to create the seed on each boot in some temp space.

At least that is how I understand the random-seed issue.

The bigger issue, for me at least, is dhcpcd not starting.

ejolson
Posts: 3072
Joined: Tue Mar 18, 2014 11:47 am

Re: Read-only Jessie

Thu Dec 08, 2016 7:52 pm

antonius wrote:I'm trying to make my SD card read-only to prevent it from damage in case of power failure.
Making a read-only root filesystem is easy if you choose the general approach of an overlay filesystem. This is the method used by PiNet as well as almost all Linux live DVD's. The advantage is that it doesn't require additional fiddling with individual packages and can be switched back to a regular system with a single boot option.

drmacro
Posts: 37
Joined: Tue Mar 08, 2016 4:26 pm

Re: Read-only Jessie

Thu Dec 08, 2016 8:08 pm

Well that looks great, especially since is is with jessie...but

in the second set of instructions "cp -rp local-bottom overlay-bottom", get a "no such file or directory" error.

aristosv
Posts: 151
Joined: Mon Dec 08, 2014 7:47 pm

Re: Read-only Jessie

Thu Dec 08, 2016 8:49 pm

drmacro wrote:The various web sites that have documented making the PI read only remove a variety of packages.

In addition, they end up making the normal place the seed file gets written, read only. Thus the need to create the seed on each boot in some temp space.

At least that is how I understand the random-seed issue.

The bigger issue, for me at least, is dhcpcd not starting.
Don't even try to remove packages. Just start from scratch with a minimal installation using this https://github.com/debian-pi/raspbian-ua-netinst

ejolson
Posts: 3072
Joined: Tue Mar 18, 2014 11:47 am

Re: Read-only Jessie

Fri Dec 09, 2016 1:33 am

drmacro wrote:Well that looks great, especially since is is with jessie...but

in the second set of instructions "cp -rp local-bottom overlay-bottom", get a "no such file or directory" error.
Sorry, about that. Please try just skipping that step. Unless an important package is missing it should still work. Let me know if you have any further trouble, because read-only with overlayfs should be quite easy.

drmacro
Posts: 37
Joined: Tue Mar 08, 2016 4:26 pm

Re: Read-only Jessie

Fri Dec 09, 2016 3:45 pm

ejolson wrote:
drmacro wrote:Well that looks great, especially since is is with jessie...but

in the second set of instructions "cp -rp local-bottom overlay-bottom", get a "no such file or directory" error.
Sorry, about that. Please try just skipping that step. Unless an important package is missing it should still work. Let me know if you have any further trouble, because read-only with overlayfs should be quite easy.
I've added this comment to the other post and started more comments there so they are all in one place.

Mac

Return to “Raspbian”