Re: for the adventurous: apt in readonly rootfs
On Mon, Jun 12, 2023 at 09:53:03PM +0200, Smits Katze wrote: > >What would be the difference to simply saying > > > > sudo -i > > The effect should be the same (and the command is more concise). > > Thanks for pointing it out. Thank you for confirmation & sorry for the nitpick :) Cheers -- t signature.asc Description: PGP signature
Re: for the adventurous: apt in readonly rootfs
>What would be the difference to simply saying > > sudo -i The effect should be the same (and the command is more concise). Thanks for pointing it out. -- PGP: FF815935D964B268656B43DCB8037830D522909E
Re: for the adventurous: apt in readonly rootfs
On Mon, Jun 12, 2023 at 06:54:40PM +0200, Smits Katze wrote: > Debian wiki describes how to configure a read-only rootfs and how to > run apt and unattended-upgrades in such a filesystem: > https://wiki.debian.org/ReadonlyRoot > > I would like to report that I am having considerable success with the > following simple command sequence: > > sudo su -l What would be the difference to simply saying sudo -i ? Cheers -- t signature.asc Description: PGP signature
for the adventurous: apt in readonly rootfs
Debian wiki describes how to configure a read-only rootfs and how to run apt and unattended-upgrades in such a filesystem: https://wiki.debian.org/ReadonlyRoot I would like to report that I am having considerable success with the following simple command sequence: sudo su -l unshare -m # in the new namespace, remount all # filesystems writable that apt upgrade # would want to write to mount --bind /boot /boot mount -o remount,rw /boot mount --bind /usr /usr mount -o remount,rw /usr apt upgrade exit In particular, this avoids all problems with remounting back to read-only afterwards, because processes in the original mount namespace never get to see a writable filesystem. The whole story is rather trivial, but anyways I wrote a small script to make this more comfortable: https://github.com/smitsohu/rofairy The script also verifies that remounting in the new mount namespace does not inadvertently create writable locations in the original mount namespace. Maybe it helps someone. Also let me know if you hate it. Thanks! -- PGP: FF815935D964B268656B43DCB8037830D522909E