Disable Boot ReadOnly with OverlayFS on PiOS

PiOS shipped with Overlay FileSystem support. When enabled, the main partition (the second one) will be locked. The protection of OverlayFS doesn’t cover the boot partition (the first one). Boot partition can be set to read-only by raspi-config or editing fstab config file.

The problem is due to the read-only of the main partition, the mounting mode (readonly or read-write) cannot be changed when OverlayFS enabled. While disabling OverlayFS through raspi-config, there is no way to set the boot partition back to read-write before OverlayFS disabled, which requires a reboot. But when enabling OverlayFS, raspi-config has an option to set the boot partition to read-only at the same time before rebooting. In another word, when disabling both OverlayFS and Boot partition ReadOnly, the PiOS need to be reboot twice.

For easing the process for disabling both OverlayFS and change the boot partition back to writable, I write a script to set the boot partition writable when OverlayFS is not enabled currently. Sadly, there are two version of the script, based on the version of raspi-config.

For early releases of PiOS, raspi-config command line returns nothing but set the exit code. But it changed recently to print the result directly without setting the exit code. You can check your version by running such a command /usr/bin/raspi-config nonint get_overlay_now when OverlayFS is not enabled. For the old releases, nothing will be printed but a 1 is printed when you run echo $? after that. For new ones, you will get a 1 printed directly after the command /usr/bin/raspi-config nonint get_overlay_now processed and the exit code will always set to 0. The lucky thing is the raspi-config seems not be upgraded by apt command.

Now, let’s create the script named /usr/local/sbin/disablebootro.sh on your disk. Of cause, don’t do that with OverlayFS enabled.

Here is the version for the old silenced raspi-config:

#!/bin/sh
/usr/bin/raspi-config nonint get_overlay_now
if [ $? -eq 1 ]; then
  echo "Overlay FS is disabled."
  /usr/bin/raspi-config nonint get_bootro_conf
  if [ $? -eq 0 ]; then
    echo "Boot RO is enabled. Disabling..."
    /usr/bin/raspi-config nonint disable_bootro
    echo "Done. Rebooting..."
    reboot
  else
    echo "Boot RO is disabled."
  fi
else
  echo "Overlay FS is enabled."
fi

And this is for the new releases:

#!/bin/sh
OverlayFS=$(/usr/bin/raspi-config nonint get_overlay_now)
if [[ $OverlayFS -eq "1" ]]; then
  echo "Overlay FS is disabled."
  BootRO=$(/usr/bin/raspi-config nonint get_bootro_conf)
  if [[ $BootRO -eq "0" ]]; then
    echo "Boot RO is enabled. Disabling..."
    /usr/bin/raspi-config nonint disable_bootro
    echo "Done. Rebooting..."
    reboot
  else
    echo "Boot RO is disabled."
  fi
else
  echo "Overlay FS is enabled."
fi

Then, assign permission to this script for running by this command below.

chmod +x /usr/local/sbin/disablebootro.sh

Now, let’s create a systemd service to run this script when booting by create a file /etc/systemd/system/DisableBootRO.service with the content below.

[Unit]
Description=Disable Boot RO when Overlay Disabled
ConditionPathExists=/usr/local/sbin/disablebootro.sh

[Service]
WorkingDirectory=/usr/bin
ExecStart=/usr/local/sbin/disablebootro.sh
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
User=root
KillMode=process

[Install]
WantedBy=multi-user.target

And set the service start with system by this command:

systemctl enable DisableBootRO.service

It’s done. Every time the PiOS booting, this script will be run. When OverlayFS is disabled but the boot partition is left as read only, it will set the boot to writable and reboot. You just need to disable OverlayFS from raspi-config and reboot, leaving the boot partition things to this script and service.

Div dynamic loading is not supported in Windows IoT (yet?)

Hi. I built an ASP.net side powered by SignalR recently. The function is easy that dynamically load from a URL provided from SignalR into a div from browser side. It works like a charm in IE, Edge and Chrome. The JavaScript written in the web page is simple:

  • SignalR 2.2.0 and jQuery 2.2.3 are selected;
  • Connect SignalR at beginning;
  • When SignalR disconnected, reconnect;
  • When SignalR event raised, call one method to pull the data from URL specified and set as content of a div; and,
  • Call the method mentioned above at beginning to load the initialization data.

Then, I need to do the same thing in one Raspberry Pi 3. I choose Windows IoT with UWP to build the basis. UWP app is quite easy, only one WebView control is embedded with the starting URL set to the page of that ASP.net website. According to only Insider Preview version can support Raspberry Pi 3, build 14295 is selected, which is the latest one can be found from official site.

After this app deployed and started in Raspberry Pi 3, it acts quite different. The initialization data is shown without any problem. But no more SignalR event is proceeded. By debugging on the server side, SignalR OnConnected, OnDisconnected and OnReconnected are called repeatedly and frequently.

Due to no more information can be grabbed from app running in Raspberry Pi 3, I have no clue at first. The good thing is I made a similar solution before. The only difference between these 2 apps, is the previous one use iframe instead of div. Despite of no reason observed, after I change the div into iframe and make the data surrounded by html and body tags which filling div previously , the problem vanishes away.

UWP Developing: Don’t forget the firewall on IoT devices

After I deploy my UDP based application to Raspberry Pi 2 running Windows IoT 10.0.10586, this application receives nothing, just like running in a normal Windows computer.

I guess that maybe something related to firewall, but:
1 There is no article related to target that. As the time I’m writing this post, googling “Windows IoT firewall” returns nothing related.
2 There is no page for firewall configuration in Windows IoT utilities site.

Fortunately, a test proved that there is a built in Windows IoT.
By using PowerShell connection, I send the netsh command to create an exception of firewall. It accepted and the my application started to receive package after then.

Related command for reference:
netsh advfirewall firewall add rule name=”A name for this exception” dir=in action=allow protocol=UDP localport=12345

Hope this helps.

UWP Developing: Local network protocal stack issue

I’m working on developing a Universal Windows App (Windows 10 IoT) recently. My app includes a UDP server for receiving packages.

The issue I found is:
When the UWP running on local computer, the datagram sent by local console application cannot be received.

Normally, while developing a socket based network application, another application for making and sending test packages should be prepared. The problem is, for testing UWP application, either the tester should be prepared as UWP application, or this tester can only be used on another computer laying on the same network.