Tiny Core Linux
Tiny Core Base => Raspberry Pi => Topic started by: ashfame on July 08, 2020, 03:20:37 PM
-
Hi,
My use-case demands avoiding accidental writes to the disk of whatever kind. So much, that I am working towards un-mounting the second partition automatically upon boot.
Can I change the piCore-11 config anywhere which will result in effectively disabling the persistent layer i.e. attempt to restore certain files upon boot & attempt to save certain files upon shutdown?
-
You can prevent loading at boot, but not prevent it from being ran. whatever you are doing is such a fringe case, you would be best served by making your own initrd image(remastering in the wiki) and not using extensions at all. Adding or removing files from the initrd as yo see fit.
-
Hi ashfame
... disabling the persistent layer i.e. attempt to restore certain files upon boot ...
Use the norestore boot code.
... & attempt to save certain files upon shutdown?
If you use the Exit icon to shut down, it defaults to running a backup. If you change:
export BACKUP=1
to:
export BACKUP=0
in ~/.profile then clicking Exit will default to not running a backup. Since your /home directory won't be persistent, you will need
to make the change in the initrd in the /etc/skel/.profile file.
-
Since your /home directory won't be persistent, you will need
to make the change in the initrd in the /etc/skel/.profile file.
Thanks again Rich :)
Do you mean to say `/etc/skel/.profile` is the file that becomes `~/.profile` upon boot? And that's where I should modify it for the change to be permanent?
-
You can prevent loading at boot, but not prevent it from being ran. whatever you are doing is such a fringe case, you would be best served by making your own initrd image(remastering in the wiki) and not using extensions at all. Adding or removing files from the initrd as yo see fit.
Hi Paul, I am building an air-gapped device running on an immutable/ephemeral operating system, hence stringent needs of specific behavior.
Right now, I only want to change bits to make it work as I require. Having my own program packaged as extension & need of display server + webcam support etc, I don't mind using extensions at all, unless you can give me a reason why I shouldn't do things the way I am doing :)
-
Use the norestore boot code.
Hi Rich,
I added this boot code and bunch of others like noswap, showapps to cmdline.txt in partition1, but that didn't do the trick.
Contents of cmdline.txt:
dwc_otg.lpm_enable=0 console=ttyAMA0,115200 console=tty1 root=/dev/ram0 elevator=deadline rootwait quiet nortc loglevel=3 noembed
and config.txt file uses it, few lines from the top of it:
[PI0]
initramfs 11.0.gz,4.19.81-piCore.gz followkernel
kernel kernel41981.img
cmdline cmdline.txt
Pretty sure this is where I need to specify it. Is there another file which is used in place of this one?
-
I created a video to see kernel messages on the screen before they go quickly off and saw this on playback:
1)
Ignoring swap partition(s) seek as requested
This means noswap bootcode did its thing. But when I run `free -m`, I still see swap reserving 100MB of space. So not sure what's happening here.
2)
Skipping restore as requested from the command line
I also don't see any message "backing up" when rebooting even though I have not changed the .profile file yet. So `norestore` bootcode must be effectively disabling both backup and restore functionality. Right?
3)
Also, I am now seeing this error, before I get the logged in prompt:
Loading extensions...
Mounting extensions
----------------------
Traceback (most recent call last):
File "/usr/bin/tce-bootload", line 97, in <module>
TypeError: extra keyword arguments given
Because of this no extension is loaded from onboot.lst
-
Also, I am now seeing this error, before I get the logged in prompt:
Loading extensions...
Mounting extensions
----------------------
Traceback (most recent call last):
File "/usr/bin/tce-bootload", line 97, in <module>
TypeError: extra keyword arguments given
Because of this no extension is loaded from onboot.lst
Ok, apparently `showapps` bootcode broke it. Removing that made extensions functional again. So, please ignore #3
-
Hi ashfame
... This means noswap bootcode did its thing. But when I run `free -m`, I still see swap reserving 100MB of space. So not sure what's happening here. ...
It's setting up compressed swap space in RAM. If you wish to disable this, add the nozswap boot code.
-
Hi ashfame
... This means noswap bootcode did its thing. But when I run `free -m`, I still see swap reserving 100MB of space. So not sure what's happening here. ...
It's setting up compressed swap space in RAM. If you wish to disable this, add the nozswap boot code.
That did it. I didn't realize it would still require nozswap when noswap is already specified. Oh well. Thanks again :)
Also, should I bother with that .profile change (/etc/skel/.profile file) that you mentioned earlier, now that, `norestore` seems to be disabling backup as well. Any way to confirm this other than just the messages on tty1 when shutdown/reboot is issued?
-
Hi ashfame
I would not expect the norestore command to disable the backup, but I can't say for sure.
... Any way to confirm this other than just the messages on tty1 when shutdown/reboot is issued?
If shutdown/reboot is done using the Exit icon, the popup window contains a Backup Options field. If it's set to None , then it's not
doing a backup.
-
Hi ashfame
I would not expect the norestore command to disable the backup, but I can't say for sure.
... Any way to confirm this other than just the messages on tty1 when shutdown/reboot is issued?
If shutdown/reboot is done using the Exit icon, the popup window contains a Backup Options field. If it's set to None , then it's not
doing a backup.
oh I see, will try that. I have only been using "sudo poweroff" & "sudo reboot" commands till now and that's how I was able to see the messages.
Since your /home directory won't be persistent, you will need
to make the change in the initrd in the /etc/skel/.profile file.
Thanks again Rich :)
Do you mean to say `/etc/skel/.profile` is the file that becomes `~/.profile` upon boot? And that's where I should modify it for the change to be permanent?
Could you clarify this bit please?
-
Hi ashfame
... oh I see, will try that. I have only been using "sudo poweroff" & "sudo reboot" commands till now ...
Those are both Linux system commands. No backup will be performed by running either one of those.
Do you mean to say `/etc/skel/.profile` is the file that becomes `~/.profile` upon boot? And that's where I should modify it for the change to be permanent?
Yes.
-
Hi Paul, I am building an air-gapped device running on an immutable/ephemeral operating system, hence stringent needs of specific behavior.
Right now, I only want to change bits to make it work as I require. Having my own program packaged as extension & need of display server + webcam support etc, I don't mind using extensions at all, unless you can give me a reason why I shouldn't do things the way I am doing :)
Not doing automatic backups would not prevent someone manually doing a backup and that would write to your card. You would need to either remove the backup programs, or change the ownership of the files such that you cannot run them. However security on TC is not meant for higher security. For example, user tc is automatically logged in, and user tc has passwordless sudo access. With sudo access someone can easily mount the boot partition and change all of your bootcodes. To change all of this behavior would require editing files that are contained in the initrd. Hence my comment to remaster it.
-
Hi ashfame
Those are both Linux system commands. No backup will be performed by running either one of those.
Oh, I see. I thought the backup is linked to a shutdown script of some sort. I guess it then comes down to how my OS would be powered off. And since my application would run in a kiosk mode, that's where I would provide the shutdown option either explicit or inactivity based.
-
Hi Paul, I am building an air-gapped device running on an immutable/ephemeral operating system, hence stringent needs of specific behavior.
Right now, I only want to change bits to make it work as I require. Having my own program packaged as extension & need of display server + webcam support etc, I don't mind using extensions at all, unless you can give me a reason why I shouldn't do things the way I am doing :)
Not doing automatic backups would not prevent someone manually doing a backup and that would write to your card. You would need to either remove the backup programs, or change the ownership of the files such that you cannot run them. However security on TC is not meant for higher security. For example, user tc is automatically logged in, and user tc has passwordless sudo access. With sudo access someone can easily mount the boot partition and change all of your bootcodes. To change all of this behavior would require editing files that are contained in the initrd. Hence my comment to remaster it.
Good point, but essentially not applicable in my-use case as I would run application in a kiosk mode (1:1 relation for every device with the user, not a public kiosk) with no option of looking around. From what I have heard, its possible to even remove right click context menu so curious users can't get out if they wanted to. Nothing gets stored on the storage medium ever. I have disabled swap, 2nd partition would be auto-unmounted upon boot. Also, no data is actually stored on the storage medium other than the OS + application. Sensitive information is restored in, once it boots up, so unless its the intended user, nobody can do anything even if they physically steal the device in a powered-off state.
And perhaps for some of the customizations, I will be editing files that are in partition 1, which is by definition a remaster, I suppose? I am slowly approaching towards the required behavior step by step, figuring out as I go.
I totally get where you are coming from though. And thanks for raising your concern. If you can still see some concerns, please highlight them, so that I can either amend ways (this is my first time diving this deep into OS layers) or explain why that isn't a concern :)
-
Hi ashfame
Those are both Linux system commands. No backup will be performed by running either one of those.
Oh, I see. I thought the backup is linked to a shutdown script of some sort. I guess it then comes down to how my OS would be powered off. And since my application would run in a kiosk mode, that's where I would provide the shutdown option either explicit or inactivity based.
Wait a minute. Since I have always used those commands and never the UI option. I did see the "backing up" message on the screen at shutdown until I used "norestore" bootcode.
I suspect "norestore" does alter the backup behavior as well. Anyway to confirm this?
-
The "norestore" boot code prevents an existing backup from being restored - I don't believe it prevents a backup from being made.
The tinycore script for shutdown/reboot is called with "sudo exitcheck.sh"/"sudo exitcheck.sh reboot"
-
Hi ashfame
... Wait a minute. Since I have always used those commands and never the UI option. I did see the "backing up" message on the screen at shutdown until I used "norestore" bootcode. ...
If you execute these commands:
tc@E310:~$ ls -l `which poweroff`
lrwxrwxrwx 1 root root 14 Jun 9 2019 /sbin/poweroff -> ../bin/busybox
tc@E310:~$ ls -l `which reboot`
lrwxrwxrwx 1 root root 14 Jun 9 2019 /sbin/reboot -> ../bin/busybox
tc@E310:~$
You should see they are linked back to busybox which is not a Tinycore specific component. It knows nothing about backup or restore.
It exists in many different Linux distros. I would not be surprised to see a list of available commands if you opened a terminal on your
Ubuntu box and entered busybox.