You are not logged in.
- Topics: Active | Unanswered
#1 2024-09-02 23:32:20
- labuwx
- Member
- Registered: 2014-04-10
- Posts: 5
Update packages with read only /etc
Hi,
Is it possible to force install/upgrade a package when a related file in /etc is mounted read only?
For example, I have /etc/nftables.conf bind mounted read only. When I try to upgrade nftables, I get:
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...
Packages (1) nftables-1:1.1.0-2
Total Installed Size: 1.24 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n]
(1/1) checking keys in keyring [###############################] 100%
(1/1) checking package integrity [###############################] 100%
(1/1) loading package files [###############################] 100%
(1/1) checking for file conflicts [###############################] 100%
(1/1) checking available disk space [###############################] 100%
error: Partition /etc/nftables.conf is mounted read only
error: not enough free disk space
error: failed to commit transaction (not enough free disk space)
Errors occurred, no packages were upgraded.
-> error installing repo packagesSince this could be an XY problem, here is my reasoning behind the ro mount.
I need to have a few selected config files under version control, and those files only. I need direct correspondence, a copying script is not sufficient.
Initially, I just had a directory containing the config files, and symlinks from /etc pointing back to those. However, I have noticed that pacman kept overwriting the links, in particular if a link pointed to a directory.
After many trials, I have arrived at the current solution: read only bind mounts from the VCS dir to /etc. I think—but less and less sure—it was working for a while, but right now pacman just refuses to touch the affected packages.
Any ideas are welcome.
Offline
#2 2024-09-03 00:33:52
- V1del
- Forum Moderator
- Registered: 2012-10-16
- Posts: 23,175
Re: Update packages with read only /etc
Why read-only? The fact that pacman replaces symlinks with the actual file in the package (a directory) is normal and intended. You can workaround this via a bind mount, but why are you bind mounting it RO?
If you really want those not get touched by pacman under any circumstances, add the affected files to a NoUpgrade/NoExtract directive in the pacman.conf. But to me it sounds like the RO mount should be unnecessary.
Last edited by V1del (2024-09-03 00:35:28)
Online
#3 2024-09-03 10:17:57
- Lone_Wolf
- Administrator
- From: Netherlands, Europe
- Registered: 2005-10-04
- Posts: 12,926
Re: Update packages with read only /etc
There may be a simpler solution .
Pacman has mechanisms to avoid overwriting user edited files , see https://wiki.archlinux.org/title/Pacman … nd_Pacsave
To figure out whether the files you're concerned about are covered, use pacman -Qii packagename and look for the backup files line .
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
clean chroot building not flexible enough ?
Try clean chroot manager by graysky
Offline
#4 2024-09-03 23:15:03
- labuwx
- Member
- Registered: 2014-04-10
- Posts: 5
Re: Update packages with read only /etc
@V1del
NoUpgrade/NoExtract would protect the files if we only consider pacman. Thank you for mentioning.
However, there are various programs that want to overwrite files in /etc, see /etc/resolv.conf for example.
That is why I wanted a universal way to lock down these files.
Unfortunately, even with everything added to NoUpgrade/NoExtract, the current version of pacman still complains about the RO mount.
@Lone_Wolf
Pacman overwriting regular files was never a problem, even when those files were symlinks.
The problem arose after I symlinked directories and a package contained a new file for that directory. Then pacman just replaced the link with a new dir.
Offline
#5 2024-09-03 23:53:21
- V1del
- Forum Moderator
- Registered: 2012-10-16
- Posts: 23,175
Re: Update packages with read only /etc
But you have them in version control no? If they change unexpectedly it'd be trivial to check what changed why and where.
Online
#6 2024-09-04 06:58:05
- seth
- Member
- Registered: 2012-09-03
- Posts: 58,664
Re: Update packages with read only /etc
after I symlinked directories
Don't.
https://man.archlinux.org/man/extra/imake/lndir.1.en
The possible outcomes of symlinking a system dir into your $HOME are
- it's read only and new files can't be added
- it's writeable and new files get installed into unexpected/insecure paths
- it's writeable and gets replaced
There's no good outcome to that scenario and that's not gonna change w/ bind mounts either.
That is why I wanted a universal way to lock down these files.
man chattr | grep -C8 immutableOnline