You are not logged in.

#1 2024-09-02 23:32:20

labuwx
Member
Registered: 2014-04-10
Posts: 5

Update packages with read only /etc

Hi,

Is it possible to force install/upgrade a package when a related file in /etc is mounted read only?
For example, I have /etc/nftables.conf bind mounted read only. When I try to upgrade nftables, I get:

:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...

Packages (1) nftables-1:1.1.0-2

Total Installed Size:  1.24 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n] 
(1/1) checking keys in keyring                             [###############################] 100%
(1/1) checking package integrity                           [###############################] 100%
(1/1) loading package files                                [###############################] 100%
(1/1) checking for file conflicts                          [###############################] 100%
(1/1) checking available disk space                        [###############################] 100%
error: Partition /etc/nftables.conf is mounted read only
error: not enough free disk space
error: failed to commit transaction (not enough free disk space)
Errors occurred, no packages were upgraded.
 -> error installing repo packages

Since this could be an XY problem, here is my reasoning behind the ro mount.
I need to have a few selected config files under version control, and those files only. I need direct correspondence, a copying script is not sufficient.
Initially, I just had a directory containing the config files, and symlinks from /etc pointing back to those. However, I have noticed that pacman kept overwriting the links, in particular if a link pointed to a directory.
After many trials, I have arrived at the current solution: read only bind mounts from the VCS dir to /etc. I think—but less and less sure—it was working for a while, but right now pacman just refuses to touch the affected packages.

Any ideas are welcome.

Offline

#2 2024-09-03 00:33:52

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 23,174

Re: Update packages with read only /etc

Why read-only? The fact that pacman replaces symlinks with the actual file in the package (a directory) is normal and intended. You can workaround this via a bind mount, but why are you bind mounting it RO?

If you really want those not get touched by pacman under any circumstances, add the affected files to a NoUpgrade/NoExtract directive in the pacman.conf. But to me it sounds like the RO mount should be unnecessary.

Last edited by V1del (2024-09-03 00:35:28)

Offline

#3 2024-09-03 10:17:57

Lone_Wolf
Administrator
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 12,926

Re: Update packages with read only /etc

There may be  a simpler solution .
Pacman has mechanisms to avoid overwriting user edited files , see https://wiki.archlinux.org/title/Pacman … nd_Pacsave

To figure out whether the files you're concerned about are covered, use pacman -Qii packagename and look for the backup files line .


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.

clean chroot building not flexible enough ?
Try clean chroot manager by graysky

Offline

#4 2024-09-03 23:15:03

labuwx
Member
Registered: 2014-04-10
Posts: 5

Re: Update packages with read only /etc

@V1del
NoUpgrade/NoExtract would protect the files if we only consider pacman. Thank you for mentioning.
However, there are various programs that want to overwrite files in /etc, see /etc/resolv.conf for example.
That is why I wanted a universal way to lock down these files.
Unfortunately, even with everything added to NoUpgrade/NoExtract, the current version of pacman still complains about the RO mount.

@Lone_Wolf
Pacman overwriting regular files was never a problem, even when those files were symlinks.
The problem arose after I symlinked directories and a package contained a new file for that directory. Then pacman just replaced the link with a new dir.

Offline

#5 2024-09-03 23:53:21

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 23,174

Re: Update packages with read only /etc

But you have them in version control no? If they change unexpectedly it'd be trivial to check what changed why and where.

Offline

#6 2024-09-04 06:58:05

seth
Member
Registered: 2012-09-03
Posts: 58,659

Re: Update packages with read only /etc

after I symlinked directories

Don't.
https://man.archlinux.org/man/extra/imake/lndir.1.en

The possible outcomes of symlinking a system dir into your $HOME are
- it's read only and new files can't be added
- it's writeable and new files get installed into unexpected/insecure paths
- it's writeable and gets replaced
There's no good outcome to that scenario and that's not gonna change w/ bind mounts either.

That is why I wanted a universal way to lock down these files.

man chattr | grep -C8 immutable

Offline

Board footer

Powered by FluxBB