Hello!
I'm looking into messing around with btrfs snapshots and sub-volumes, and I wonder what would be the optimal layout if I want root to be read-only?
My idea is to basically end up with openSUSE's transactional-update but done with a couple of bash scripts (I hope at least lol), and for that I need to figure out what stuff I can make read-only permanently and what must stay writable, and, as far as I understand, it's possible to make btrfs sub-volumes read-only.
So far I've learnt that /home, /etc and /var must be writable since you want your configs to be writable and /var is literally variable data, but is that it?
Also, to clarify what exactly I'm trying to do:
Instead of the system changing its root partition continuously with installed packages or updates, I want it to create separate versions of itself. So for example when you run my-script -Syu
it'd first create a btrfs snapshot, mount it, chroot there and only then run actual pacman -Syu
and make the snapshot the next boot target.
My motivation is that, well, partial upgrades are officially unsupported by Arch, so an update system which can't have partial updates by design (even due to outages, since a snapshot would simply be discarded as incomplete) is something that would work great with Arch and something I'd really want to try and daily-drive.
Also, if it ends up working, I'll only have a very basic install running on the actual system, the rest will be flatpaks, distrobox, etc. so that the system itself stays stable and robust.
Also, I do know about snapper, but it's not exactly what I want. Basically, it creates snapshots for backups while I want to create snapshots for updates.
And yeah I'm aware of openSUSE Aeon and Kalpa which is basically that, but, well, first of all it doesn't run on my 13 yo motherboard which lacks UEFI, and second - I want to setup this myself and learn about FHS, btrfs, distrobox and Arch itself.
I'm new to btrfs, so please, do tell me if my idea is flawed somewhere or if I'm straight up talking non-sense lol. Thanks!
That's really just not true. Firewalls exist, both in Windows and in the router. You're not gonna get viruses just from being connected to the internet. Unless of course you disable your Windows firewall and connect your PC directly to the internet, which you have to intentionally do.
Plus, there are still official security updates released for Win7, you just need to do some patching to receive them.
Uhhh please help. Never seen this before.
computers