Merge remote-tracking branch 'remotes/origin/testing'

Real-Time-Kodi · Mar 2, 2017 · ba65c4a · ba65c4a
2 parents c530da5 + 200b3f0
commit ba65c4a
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -36,6 +36,18 @@ chmod +x *.sh
 ./install.sh
 ```
 
+##### Hardening the Pi for Reliability.
+
+In the ideal use-case, this software is installed on a Raspberry Pi with no power button/keyboard/monitor.
+This makes it impossible to properly shut down the pi. Pulling the power, especially during filesystem-writes, can corrupt the Pi's filesystem.
+Beyond that, Raspbian uses a swap file by default, which can wear out the card prematurely.
+
+To midigate these problems, we can set up Raspbian to use a read only filesystem.
+This project provides a script to do this. This script is likely to break with newer versions of Raspbian so use it with caution. It was devoped for Raspbian Jessie lite.
+
+To harden the Pi against SD card failure, you can run the following command from within the git directory. ````sudo ./harden.sh````
+Keep in mind that this process is somewhat **irreversible** and that there is no script provided to undo it.
+
 ### Use
 Booot your pi with any USB storage plugged in. The STATUS LED will light to indicate that the process is running. When the light is out, a pass has been completed and the drive can be unplugged. If more than one pass is required, you may edit the file nuke.sh and mess with the parameters passed to the shred command. When done, run ````sudo ./update.sh````
 
@@ -72,4 +84,3 @@ There is an optional STATUS LED that can be connected to GPIO pin 17 that will t
 ### Todo
  * Add support to a single-board computer with a SATA port like orange-pi.
  * Support ATA secure erase.
- * Lock SD card writes to prevent SD card corruption when the PI is unplugged.
diff --git a/harden.sh b/harden.sh
@@ -18,8 +18,9 @@ mv /etc/fstab /etc/fstab.bak
 # Match a pattern starting with /dev/[not whitespace][whitespace][/boot][whitespace][vfat][whitespace][not whitespace] then add ,ro after it.
 # Then do it again with / and ext4. Then put it in fstab.
 sed -e 's/\/dev\/\S*\s*\/boot\s*vfat\s*\S*/&,ro/' /etc/fstab.bak | sed -e 's/\/dev\/\S*\s*\/\s*ext4\s*\S*/&,ro/' > /etc/fstab
-echo "tmpfs	/var/log	tmpfs   nodev,nosuid	0	0\
-tmpfs	/var/tmp	tmpfs	nodev,nosuid	0	0\
+echo "tmpfs	/var/log	tmpfs   nodev,nosuid	0	0
+tmpfs	/var/tmp	tmpfs	nodev,nosuid	0	0
+tmpfs	/mnt	tmpfs	nodev,nosuid	0	0
 tmpfs   /tmp        tmpfs   nodev,nosuid    0   0" >> /etc/fstab
 
 # This makes SSH usable on a read only fs.

diff --git a/update.sh b/update.sh
@@ -1,6 +1,6 @@
-rm /usr/local/bin/nuke.sh
-rm /usr/local/bin/usbmount.sh
-rm /etc/udev/rules.d/usbmount.rules
+rm /usr/local/bin/nuke.sh &>/dev/null
+rm /usr/local/bin/usbmount.sh &>/dev/null
+rm /etc/udev/rules.d/usbmount.rules &>/dev/null
 
 cp nuke.sh /usr/local/bin/nuke.sh
 cp usbmount.sh /usr/local/bin/usbmount.sh