None

Read-only Raspberry PI with Jessie

home automation

A step-by-step tutorial to get Debian Jessie up and running in RO mode on a Raspberry PI (v3 tested). Never lose our installation due to power-related SD card corruption again!

  1. Get Jessie and copy it it to your SD card
    – you may have a problem extracting the file on Mac, for those instances do not use unzip but use the following:
    ditto -x -k 2016-05-27-raspbian-jessie.zip .
    # flash contents to SD card (just example what I did on my mac):
    diskutil unmountdisk /dev/disk3
    pv 2016-05-27-raspbian-jessie.img | sudo dd of=/dev/disk5 bs=1m
  2. Boot up, find out IP address from your router and SSH in, then run:
    sudo su
    apt-get update
    apt-get upgrade
    reboot
    
    # run raspi-config to make sure the root partition fills the whole SD card
    sudo raspi-config
    reboot
    
    # clean up unwanted packages
    sudo su
    apt-get remove --purge wolfram-engine triggerhappy cron logrotate dbus dphys-swapfile xserver-common lightdm fake-hwclock
    apt-get autoremove --purge
    
    # replace log management with busybox, you can read the logs with logread
    apt-get install busybox-syslogd; dpkg --purge rsyslog
    
    # just for convenience
    apt-get install vim
  3. Disable swap and start read-only FS
    $ cat /boot/cmdline.txt 
    dwc_otg.lpm_enable=0 console=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait fastboot noswap ro
    I’ve added fastboot noswap ro at the end of the line.
  4. Move spool
    # move spool
    rm -rf  /var/spool
    ln -s /tmp /var/spool
  5. Make sure SSH works – I had to disable UsePrivilegeSeparation, for me it says:
    vim /etc/ssh/sshd_config
    ...
    UsePrivilegeSeparation no
    ...
  6. Make edits to the fstab
    root@raspberrypi:/home/pi# cat /etc/fstab 
    proc            /proc           proc    defaults          0       0
    /dev/mmcblk0p1  /boot           vfat    defaults,ro          0       2
    /dev/mmcblk0p2  /               ext4    defaults,noatime,ro  0       1
    # a swapfile is not a swap partition, no line here
    #   use  dphys-swapfile swap[on|off]  for that
    tmpfs	/var/log	tmpfs   nodev,nosuid	0	0
    tmpfs	/var/tmp	tmpfs	nodev,nosuid	0	0
    tmpfs   /tmp        tmpfs   nodev,nosuid    0   0
    Last 3 lines and RO flag for /dev/mmcblk0p* are new additions.
  7. Move dhcpd.resolv.conf to tmpfs
    touch /tmp/dhcpcd.resolv.conf
    rm /etc/resolv.conf
    ln -s /tmp/dhcpcd.resolv.conf /etc/resolv.conf


Optional steps

Enable easy way to switch back and forth:

(place the below at the end of your /etc/bash.bashrc)

# set variable identifying the filesystem you work in (used in the prompt below)
fs_mode=$(mount | sed -n -e "s/^.* on \/ .*(\(r[w|o]\).*/\1/p")
# alias ro/rw 
alias ro='mount -o remount,ro / ; fs_mode=$(mount | sed -n -e "s/^.* on \/ .*(\(r[w|o]\).*/\1/p")'
alias rw='mount -o remount,rw / ; fs_mode=$(mount | sed -n -e "s/^.* on \/ .*(\(r[w|o]\).*/\1/p")'
# setup fancy prompt
export PS1='\[\033[01;32m\]\u@\h${fs_mode:+($fs_mode)}\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
# aliases for mounting boot volume
alias roboot='mount -o remount,ro /boot'
alias rwboot='mount -o remount,rw /boot'

(Thanks to Vittorio for fix)

 

Enable watchdog

# enter RW mode
rw

# enable watchdog
modprobe bcm2708_wdog; apt-get install watchdog

# add bcm2708_wdog in to /etc/modules to load it at boot time
$ cat /etc/modules
# /etc/modules: kernel modules to load at boot time.
#
# This file contains the names of kernel modules that should be loaded
# at boot time, one per line. Lines beginning with "#" are ignored.
bcm2708_wdog

# edit watchdog config /etc/watchdog.conf and enable (uncomment) following lines:

watchdog-device = /dev/watchdog
max-load-1


# start watchdog at system start and start right away
insserv watchdog; /etc/init.d/watchdog start

# http://raspberrypi.stackexchange.com/questions/33850/pi-b-raspbian-jessie-watchdog-doesnt-start-at-boot
# additional settings needed on Jessie, edit /lib/systemd/system/watchdog.service and add:
[Install]
WantedBy=multi-user.target

# now it should be enabled properly
systemctl enable watchdog


# setup automatic reboot after kernel panic in /etc/sysctl.conf (add to the end)
kernel.panic = 10

# finish and reboot
ro
reboot

 

Credits:

http://hallard.me/raspberry-pi-read-only/

http://k3a.me/how-to-make-raspberrypi-truly-read-only-reliable-and-trouble-free/

 

blog comments powered by Disqus