readonly root file system for raspbian

copyright (C) qingfeng Xia 2011-2020 CC-BY-NC 4.0

crash of SD card file system make me crasy, so I need to to sth!

################## debian wheezy #####################

#In wheezy the init scripts directly modify /var/lib/initscripts/nologin

## First of all, make another partition and mounted as /var
# make it fsck each time for this partition, or using reiserfs journal filesystem
tune2fs -c 1 /dev/sda2
# migrated the current /var and /home
mkdir /var/home && cp -rp /home/* /var/home/
cd / && mv /home /homeba k&& ln -s /var/home /home

#https://wiki.debian.org/ReadonlyRoot
## special files under /etc

#1) replace /etc/mtab with a symlink to /proc/mounts
mv /etc/mtab /etc/mtab_bak
ln -s /proc/mounts /etc/mtab

The standard location of the /etc/blkid.conf, set the cache_file location
#blkid.tab not found, /run/blkid/blkid.tab if there exists /run
#set the environement variable BLKID_FILE=/run/blkid/blkid.tab.
#this file is not found on raspbian
#You should do this in /etc/environment to set the variable for everybody who might do mounting.

# 2) adjtime (not necessary)
# Solution: Create a symlink from /etc/adjtime to /var/local/adjtime and
#fix /etc/init.d/hwclockfirst.sh by replacing -f by -L in “if [ -w /etc ] && [ ! -f /etc/adjtime ] && [ ! -e /etc/adjtime ]; then”;

#3) ifupdown, DHCP and resolv.conf
if you use a dynamic /etc/resolv.conf (e.g. from DHCP), replace it with a symbolic link to some writable location, /var/etc/resolv.conf
Systems running Wheezy will be automatically moved to using /run/network no matter what their existing configuration was.
under /run/ there has network and ifupdown.d folders

#4) udev rules

## apt-get auto remount with
#or remount manually " mount - / -oremount,rw "
#force fsck on boot for some partition:

## finally check your /etc/fstab, using tmpfs no swapon, noatime

#clean /tmp or make /tmp mounting point available
## fstab file
```
/dev/hda1 / ext4 defaults,noatime,ro,errors=remount-ro 0 1
none /var/run tmpfs size=1M,noatime 0 0
```
append ro in /boot/cmdline.txt:

… elevator=deadline rootwait ro

## Tips and tricks Make apt-get remount / if needed

To make apt-get remounts the filesystem automatically read/write before calling dpkg and remounting it readonly after dpkg finished, put these lines in /etc/apt/apt.conf

DPkg {
// Auto re-mounting of a readonly /
Pre-Invoke { “mount -o remount,rw /”; };
Post-Invoke { “test ${NO_APT_REMOUNT:-no} = yes || mount -o remount,ro / || true”; };
};

The environment variable NO_APT_REMOUNT can be set to yes to prevent apt remounting the filesystem read-only. This is handy, if you plan to configure the installed package or make other changes in /etc

## Optimize the EXT4 partition

The optimization consists on selecting the data mode for our fileystem as data=writeback. The other two possible data modes (data=ordered and data=journal) do not have as good of bandwidth performance as writeback. The EXT4 journaling is disabled when using writeback. For details on the attributes of the various EXT4 data modes, read the “Data Mode” section from the Ext4 Filesystem
<h1>## Less writing</h1>
This SD card is a lost case. To prevent your Raspberry Pi’s from writing a lot of data, and thus, wearing the SD card, you can do a couple of things.

## use tmpfs

The first one is to mount a few folders in RAM as tmpfs. The folders are the folders where temp files and logging is written to. This means that you won’t have syslog available, but most of the time that is not a problem.

Edit /etc/fstab and add the following:

none /var/run tmpfs size=1M,noatime 00
none /var/log tmpfs size=1M,noatime 00
none /var/tmp tmpfs size=1M,noatime 00
none /tmp tmpfs size=1M,noatime 00

This will mount the above folders in RAM, with a max size of 1 megabyte. The noatime option means that the access time of a file is not updated, saving a lot of writes as well. You should also add the noatime option to your other partitions, for example on a standard Raspbian:

proc /proc proc defaults 0 0
/dev/mmcblk0p1 /boot vfat ro,noatime 0 2
/dev/mmcblk0p2 / ext4 defaults,noatime 0 1

Here the /boot partition is also mounted read only (ro). The noatime option is added.

Issue a mount -a command or reboot the machine to make this active.

## Disable swap

Linux divides its physical RAM (random access memory) into chucks of memory called pages. Swapping is the process whereby a page of memory is copied to the preconfigured space on the hard disk, called swap space, to free up that page of memory. The combined sizes of the physical memory and the swap space is the amount of virtual memory available.

Swappig causes a lot of writes to the SD card. You would want to turn it off to save writes. The downside of this is that when there is not enough RAM available the linux OOM killer will randomly kill processes to save RAM.

Raspbian by default has a swap file, dynamically managed by the dphsys-swapfile utility. You can turn off this utility by issueing the following commands:

dphys-swapfile swapoff
dphys-swapfile uninstall
update-rc.d dphys-swapfile remove

After a reboot the swap will be gone, which you can check with the free -m command:

total used free shared buffers cached
Mem: 484 243 241 0 42 162
-/+ buffers/cache: 38 446
Swap: 0 0 0

## fsck at every boot
My Raspberry Pi’s have a cronjob which reboots them once every seven days. This to apply kernel updates and just a general good procedure to see if all still works after a reboot. By default, fsck checks a filesystem every 30 boots (counted individually for each partition). I decided to change this to every boot, so problems will be found and possibly fixed earlier.

To set up an fsck at every boot, execute the following command:

tune2fs -c 1 /dev/sda1

Where /dev/sda1 is the device or partition.

CUPS SAMBA, /root /media need to be adjusted for ubuntu desktop, but not for raspbian.

trying liveCD/USB image if you needs a readonly /var
EXT4 journal is disable for SD card for better performance

## reference

https://sites.google.com/site/linuxpendrive/rorootfs
“Overlayroot makes the process of mounting the root filesystem as read-only on Ubuntu very easy”

OpenELEC /storage/.kodi/userdata/
https://raymii.org/s/blog/Broken_Corrupted_Raspberry_Pi_SD_Card.html


CC-BY-NC 4.0 licensed free for non-commercial usage
Author: Qingfeng XIA
copyright (C) 2011-2020
http://www.iesensor.com
please keep the original link in your reference.
http://www.iesensor.com/blog/2015/06/24/readonly-root-file-system-for-raspbian/
This entry was posted in Linux. Bookmark the permalink.