What is the best form to Install FreeBSD in an USB Stick and keep in Read Only?

hruodr

Well-Known Member

Reaction score: 39
Messages: 277

That is my question: What is the best form to Install FreeBSD in an USB Stick and keep in Read Only?

But I want from time to time to use memory in the stick: to dd an image is sure not the best.

If I do a normal installation in an USB stick: how I can avoid that it be written? What should be a memory file system?

Is there a standard way?
 

roccobaroccoSC

Well-Known Member

Reaction score: 84
Messages: 381

You could simply do a normal installation and mount the root with readonly option.
if you use UFS, put "ro" in the options column of the /etc/fstab.
If you use ZFS, you could set the property "readonly=on" of your zroot pool.
However, you gotta make sure that certain directories are writeable otherwise the system would have a hard time. For example, this would be the /var/log directory, /var/tmp and /tmp at the least. So you need separate writeable partitions (resp. datasets) for them or RAMdisks.

Another option is to create a squash file system and install FreeBSD on it as root. It's basically a file containing an image that gets loaded into a RAMdisk at boot. It's mounted R/W but the changes do not get persisted back to the medium. This is what most OS installation media do.
I have done it with Linux but I don't know how FreeBSD supports root on a RAMdisk.
 
OP
OP
H

hruodr

Well-Known Member

Reaction score: 39
Messages: 277

roccobaroccoSC, Wozzeck.Live, I want to have the stick as ro, unless I temporarily change it for installing something.

For installing, perhaps I will manually do partitions, install manually the boot sector, make a ufs filesystem and untar the sytem files from disc1 in the stick, and write the appropriate fstab, and this is the question.

Is enough that /var/log /var/tmp and /tmp be writable? Perhaps also the home directory where I login? I need an exhaustive list.

How to do with fstab a memory filesystem and populate it with the contents of a partition in the stick? This may also be interesting for avoiding reading.
 

roccobaroccoSC

Well-Known Member

Reaction score: 84
Messages: 381

Is enough that /var/log /var/tmp and /tmp be writable? Perhaps also the home directory where I login? I need an exhaustive list.
To get an exhaustive list, consult the manual page hier(7) and decide for yourself what do you need to write to.
I have jails with mostly read-only file system. The following directories I mount r/w:
  • /etc
  • /tmp
  • /usr/home
  • /usr/local/etc
  • /var
And then on top of this, I make the following read-only again:
  • /usr/local/etc/rc.d
  • /var/db/pkg
For your purposes you probably don't need write access to /etc but otherwise it should do in this form.

If you want to change the system at some point, just remount the read-only directories R/W and you're good to go.
For example, you can remount the root as rw like so:
mount -u -o rw /

How to do with fstab a memory filesystem and populate it with the contents of a partition in the stick? This may also be interesting for avoiding reading.
As I wrote above, I have not done it with FreeBSD. You need to create a RAMdisk image, for which you could use mdconfig(7). I don't know how to mount the ramdisk at boot time as a root.
You could take a look at the FreeBSD installation ISO image and see how do they do it. Just browse the CD and see what they load. You could probably mount the ramdisk image via mdconfig and see what's in the fstab file. Or just boot from it and browse around.

If you want to avoid reading, just go with the first option above.
 
OP
OP
H

hruodr

Well-Known Member

Reaction score: 39
Messages: 277

In OpenBSD is possible to populate the mfs file system, see option -P of mount_mfs in


I do not exactly understand what option -F of FreeBSDs mount_mfs means. In man mount_mfs:

-F file
Create a vnode-backed (MD_VNODE) memory disk backed by file.
Does "backed" means to populate it with that and not to change the content in VNODE?

One of my purposes is to use iscsi to export some discs, I could use OpenBSD, but I preffer here FreeBSD due to zfs.
 

roccobaroccoSC

Well-Known Member

Reaction score: 84
Messages: 381

Backed means that you have an image of a file system in a file. This file can be mounted like any other block device and used as a partition on a disk device. When you destroy the memory device the file keeps the data and you can mount it again.
You could back the memory disk by a file, or you could create a pure ramdisk that does not have file backing. When you destroy the device the data is gone.
 
OP
OP
H

hruodr

Well-Known Member

Reaction score: 39
Messages: 277

Is it then the same as doing mdconfig and a normal mount? The mfs is not just in memory, but changes are written to the file?
 
OP
OP
H

hruodr

Well-Known Member

Reaction score: 39
Messages: 277

The following is what I did till now, it boots and seems to work well, but I did not have much time for experimenting.

Sure there is a lot to improve: I am glad if other people try it and give ideas. :)

The commands are self explaining:

Code:
mkdir SomeThing
cd SomeThing
fetch ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/11.2/FreeBSD-11.2-RELEASE-amd64-disc1.iso

mkdir mnt
mdconfig -u md0 FreeBSD-11.2-RELEASE-amd64-disc1.iso
mount_cd9660 -o noatime /dev/md0 mnt
cp -R mnt/usr/freebsd-dist/ freebsd-dist
umount mnt/
mdconfig -du md0

[plug stick, name da0]
dd if=/dev/zero of=/dev/da0 count=2
fdisk -vBI /dev/da0
bsdlabel -B -w da0s1
newfs /dev/da0s1a

mount -o noatime /dev/da0s1a mnt
cd mnt
tar xvzpf ../freebsd-dist/base.txz
tar xvzpf ../freebsd-dist/kernel.txz
tar xvzpf ../freebsd-dist/lib32.txz
tar xvzpf ../freebsd-dist/doc.txz
tar xvzpf ../freebsd-dist/tests.txz
[ports.txz, src.txz sure not necessary]
mkdir mfs
mkdir mfs/var
mkdir mfs/root
[configure files in etc]
cd ..
umount mnt
In mnt/etc/fstab something like:

Code:
/dev/da0s1a   /            ufs     ro,noatime             0    0
tmpfs         /tmp         tmpfs   rw,size=10m         0    0
md            /mfs/var     mfs     rw,-s10m              0    0
/mfs/var      /var         unionfs rw,noatime            0    0
md            /mfs/root    mfs     rw,-s10m              0    0
/mfs/root     /root        unionfs rw,noatime            0    0
In mnt/etc/rc.conf the one of disc1.iso:

Code:
sendmail_enable="NONE"
hostid_enable="NO"
Any questions ideas for improving it are welcome!
 
OP
OP
H

hruodr

Well-Known Member

Reaction score: 39
Messages: 277

In the first boot after installation FreeBSD writes some files in /etc.

With the readonly /etc there are some little problems. One could put a mfs directory above it, as I did with /var, then every boot should be as the first boot.

In order that the files be written, I wrote a custom /etc/rc.conf and did a first boot with a /etc/fstab that mounts the stick rw and that does not mount mfs over /var.
 

roccobaroccoSC

Well-Known Member

Reaction score: 84
Messages: 381

You should use gpart instead of fdisk for managing partitions. I think fdisk is not maintained anymore.
 
OP
OP
H

hruodr

Well-Known Member

Reaction score: 39
Messages: 277

I suppose, one can reach with gpart the same as with fdisk, but it is more complicated.

I regret not to have done a second partition to be mounted somewhere rw. That could help a lot on dealing with this system.

Next step: to see how to install packages in the best way. Temporary memory should stay on memory, otherwise it will be unnecessarily slow.

I think, to have X server is very practical: then one can use it as X terminal.
 

roccobaroccoSC

Well-Known Member

Reaction score: 84
Messages: 381

I suppose, one can reach with gpart the same as with fdisk, but it is more complicated.
FreeBSD Mastery: Storage Essentials. The advice comes from Michael W Lucas not to use fdisk but to use gpart for partitioning.
Also, it is not complicated, it is extremely simple. 1 command for creating the GPT and 1 command per partition to add them.
 
OP
OP
H

hruodr

Well-Known Member

Reaction score: 39
Messages: 277

I managed to use pkg and install X11, but the last took a lot of time, it required to make tmpfs over /tmp 500m.

With rw partition I run pkg. Then I cared to have in /usr/local/etc/pkg.conf:

Code:
PKG_CACHEDIR ="/tmp/cache/pkg";
AUTOCLEAN = true;
REPO_AUTOUPDATE = false;
I run mkdir -p /tmp/cache/pkg and put it in /etc/rc.local, and then:

Code:
pkg update
pkg install xorg-minimal
pkg install xorg
xinit starts now X11 also with stick mounted ro and smaller /tmp. It seems with no problem.
 
Top