site  contact  subhomenews

QV snapshot management

April 01, 2024 — BarryK

Snapshots are a very exciting feature of btrfs. In Puppy Linux, you know that you can copy a "save file", then at bootup choose which save-file you want to use. In brtrfs, a snapshot is like that; however, it is not a copy, nor is it a file.

Brtfs is a COW filesystem, meaning "Copy On Write". This enables a snapshot, similar to creating a Puppy save-file, but it happens almost instantly, with no copying. Quoting from here:

In Btrfs, it uses Copy-On-Write (COW). Every file update is stored in a separate block, and the original file pointer points to this updated data block. So, in a snapshot, there’s no actual copying of files or folders; instead, we freeze the state of the pointers pointing to the data blocks.

For example, if we have 10 GB of data in a sub-volume and create a snapshot, it might seem like a copy-paste, but the total size consumed remains 10 GB. Updating the original sub-volume only takes up space for the newly updated data, not duplicating the entire content.

I have implemented snapshot management in QV. At bootup, there is a menu in the initrd:

img1

I showed this menu in a post about Lockdown, a couple of days ago:

https://bkhome.org/news/202403/qv-lockdown-implemented.html

...at that time, there were snapshot items, but not yet implemented. I have also now added item-7.

Choosing item-3:

img2

Choosing "OK", next window:

img3

After bootup, taking a look at the directory hierarchy:

img4

I have re-organized the directory hierarchy. Folder '1' is the original installation, '2' is the snapshot. '@files' is at the same level, as it will be bind-mounted in all snapshots, as folder /files -- this is for your personal storage, and is not snapshotted. Your photo collection, for example, will be available in all snapshots.

Looking into folder '2':

img6

...'@qv' is the folder that becomes '/', the rootfs, with '@data' bind-mounted as '/data' and '@home' as /home -- these are private to the snapshot. Initially, these three folders are snapshots of the previous current snapshot.

I don't want to explain too much, as just doing it is simple. You bootup and you are in a new snapshot. Only /files has not been snapshotted, as it is common to all snapshots. That is, you download a file into /files, and it is available in all snapshots.

OK, now running in snapshot '2', which is now the default. At a reboot, though, can choose item-4 "Choose snapshot to boot into":

img7

Choose '1':

img8

...back at the original installation!

This snapshot mechanism is really neat. Each snapshot is entirely independent, and they all have the full free space of the partition to play in. You could setup a snapshot just for compiling, another for video editing. Oh, and as Void is a rolling-release if you do a package update in one snapshot, that breaks things, can bootup a different snapshot.

And yes, you can look inside other snapshots. Just click on the "sdc2" desktop icon, and poke around, do whatever you want. It is only in Lockdown mode that you cannot do that.

Haven't yet implemented deleting of snapshots; will do that.  

Tags: quirky

QV strategies to reduce SSD writes

April 01, 2024 — BarryK

EasyOS and the pups are able to run in RAM, saving to the storage media only when you want to. That is very good for Flash media. QV does not have a aufs or overlay layered filesystem, so writes are direct to the storage media.

Back in the Quirky Linux days, I implemented strategies to minimize writes to Flash media. In those days, was using ext4, so did things like disable the journal. QV though, is using btrfs, which from a bit of reading does seem pretty good running on Flash.

When a btrfs partition is mounted, it auto-detects if it is Flash, and makes certain decisions. What those decisions are, I don't know. Anyway, here are actions that I have taken:

  1. Set the "noatime" option
    An operation that trawls through files, such as grep, will set the access-time on files. That is a write operation, so have disabled it. Apparently, mounting with noatime is particularly important with how btrfs works.
  2. Set "commit" to high value
    The default commit value for btrfs is 30 seconds, which is how often RAM file buffers are flushed to the storage media. I have changed it, if there is more RAM than 3GB then set commit to 240; that's 4 minutes. I presume that a "sync" operation, such as running 'sync' utility, will flush immediately -- at least I hope so.
  3. zstd compression
    I am mounting with zstd, compression-level 3. This actually makes reading and writing faster, due to smaller files. Another benefit is less bytes written to the Flash media.
  4. Caches in /tmp
    /tmp is a tmpfs, and I have setup all cache folders that I can find as symlinks inside /tmp. This includes /var/cache, /root/.cache and /home/*/.cache. /run is a symlink inside /tmp

These strategies will greatly reduce writes to the Flash media, but not entirely, so it is recommended to use a reasonable quality drive. Most SSDs should be OK. Bargain-bin USB Flash sticks, well, I don't know how long they will last -- they are really only intended for occasional writes, like keeping ones collection of photos.

On past occassions, I have recommended SanDisk Ultra and Extreme USB Flash drives. However, have discovered something disturbing; a couple of Ultra model that I bought in the last year, from a reputable local retailer, have considerably slower write speed than those I purchased a few years ago. In EasyDD, I am getting about half the speed of the older ones, just over 7MB/sec.

I really do need to buy another Ultra drive, from a different local retailer. Also need to buy another Extreme model, see if that has also degraded. Extreme model is the best, if you can afford it; they have an SSD type of controller chip and very fast read/write -- presume they still do.

A quality Flash drive will also have spare storage locations, that are substituted when parts of the memory start to fail. The controller chip handles this automatically. A very cheap Flash stick may have little or none of this spare storage. Also, I'm not sure, but if you partition an SSD to use less than it's rated capacity, the left-over memory will then become spare capacity -- read that somewhere. But maybe very cheap Flash sticks don't have that kind of clever management.   

Tags: quirky

woof-quirky-void created at github

March 30, 2024 — BarryK

The last couple of months, have been exploring an "EasyOS like" distro based on the XBPS package manager and built from Void packages. Then more recently exploring btrfs for the working-partition, instead of ext4, and without a layered-filesystem nor squashfs files. I have nicknamed the latter "QV", and the last post is here:

https://bkhome.org/news/202403/qv-lockdown-implemented.html

It is starting to reach usability, well, has reached usability, so decided to put it up at github:

https://github.com/bkauler/woof-quirky-void

So, what direction to take in the future?

EasyOS Kirkstone-series will continue; it still has life in it, maybe for a couple more years. But probably updates will be infrequent.

OpenEmbedded/Yocto will be releasing the Scarthgap series in April this year. That is the schedule anyway, no definite date published. The intention is to do an OE compile when it is released, and that will become a new series to replace Kirkstone. I do intend that people who have a Kirkstone version installed, will be able to update to Scarthgap.

A few weeks ago, was working on EasyVoid, but that has now morphed into Quirky Void, or just "QV". And as mentioned above, no aufs/overlay layers nor SFS squashfs files.

QV has been fun, exploring possibilities, without really knowing whether it will become a stayer.

One disappointment is that the kernel btrfs fscrypt patches do not work; cause the kernel to crash. The last iteration is v5, about three months ago, and there doesn't seem to have been any activity since then. My crash report has gone unanswered.

So, is QV good enough to keep going, without fscrypt? It was the promise of fscrypt that attracted me to btrfs originally. That, and other features such as snapshots, compression and checksumming.

Today I tested Flapi, the Flatpak manager. Installed Frogatto and it works. Toggled to Lockdown mode then installed OpenShot; again works. Good. Haven't tried Appi, the Appimage manager yet.

A couple more things to do, then intend to release a pre-alpha.        

Tags: quirky

QV lockdown implemented

March 29, 2024 — BarryK

About a week ago, I posted about the return of Quirky Linux:

https://bkhome.org/news/202403/quirky-has-returned.html

...well, not exactly; this is a somewhat different beast. I have named it "Quirky Void", or just "QV". Which may also be the Latin words "Quantum Vīs", meaning "as much as you want".

Those using EasyOS will know about Lockdown modes. The most stringent is bootup and run in RAM, with all drives disabled. Lockdown is described here:

https://easyos.org/user/ultra-secure-web-browsing.html

QV does not use a layered filesystem, nor Squashfs files; it is a traditional installation. With a significant difference that QV can install into a folder in a partition. In Puppyland, we refer to that as a "Frugal installation".

The ability of QV to install into a folder inside a partition is important; it is possible to lock the user inside that folder, unable to see outside. Hence Lockdown can be achieved.

Like EasyOS, QV has a little menu in the initrd. Here is the QV menu:

img1

...notice item-1. Previously, item-1 had "Turn ON lockdown, disable access drive partitions", which I chose. By choosing item-1 again, I can toggle Lockdown off.

Oh, one thing. The menu had a message "Hit the SPACEBAR to disable 15-second timeout", because it will timeout then bootup will happen. But if you want more time to read the menu items, just hit the SPACEBAR and you will get the menu as shown above.

So, it is currently in Lockdown-mode; I just press the ENTER key and after bootup:

img2

...the important thing to see in that photo is only one partition icon is displayed. That is the working-partition. In fact, you can't even mount that and access outside the '@qv' folder. In the previous blog post, there is this image, showing the folder hierarchy in the USB-stick:

img3

The 'init' script in the initrd has booted into the '@qv' folder. 'data', '@files' and '@home' are bind-mounted on '/data', '/files/ and 'home' inside '@qv', so they are accessable. But that's it, cannot access anything else in /mnt/sdc2, nor any other partitions.

You are still running as the root user, administrator, but it is "crippled root". Here is some of the code in the 'init' script in the initrd:

img4

The ability to prevent mounting of partitions relies upon dropping "cap_sys_mount". Linux Capabilities allows selective dropping of the administrator's capabilities. Unfortunately, the designers created "cap_sys_admin" which, when dropped, takes away just about all of administrator's capabilities, making it hardly more than a normal user -- cap_sys_admin also drops ability to mount partitions. It really should have been broken into smaller pieces.

So, I have a patch, that separates out the ability to mount from cap_sys_admin; named cap_sys_mount. I can then just drop ability to mount, while keeping all of the rest of cap_sys_admin capabilities. The patch for the 6.8.1 kernel can be found here:

https://distro.ibiblio.org/easyos/source/kernel/6.8.x/6.8.1-20240325/

That cap_sys_mount patch origin is described here:

https://bkhome.org/news/202012/kernel-510-lockdown-success.html

...I have modified the original patch a bit, and it also required a fix for the 6.8.1 kernel.

QV now has Lockdown, and I kept it very simple. There are no types of Lockdown; just the one. EasyOS has the ability to plugin a USB drive and can save to that; however, QV doesn't need that, as it already saves direct to the working-partition. Plugging in a USB drive won't work in QV; it cannot be mounted, even though the partition icon(s) will appear.

Note also, like EasyOS, when in Lockdown mode, the 'init' script in the initrd will detect any HDD (rotating platter drive) and power it down. So it will be turned off, which is an extra security mechanism.

In Lockdown mode, swap partitions are also disabled. However, you can create a swap file in '/data', and that will be automatically used. Name it "pupswap.swp".

QV's Lockdown mode is pretty good. You can do everything that you would normally do, except not access any other partitions. You have all the space in the working-partition, so use a big enough partition for any foreseeable requirements. Probably if running off a USB-stick, at least 16GB would be OK, preferably 32GB.

However, there may be some applications that will want to perform a mount operation. That will fail. Haven't tried Flatpaks yet. A Flatpak app runs as a user (same name as the executable), but it can bump its Linux Capabilites and acquire some root abilities. The ability to do this is required by Flatpaks, and back then I was very reluctant to enable that feature in the kernel. I forget the particular kernel config that allows capability-jump. However, in the case of QV, the ability to mount is removed while still in the initrd, so it is gone and cannot be bumped up to by a Flatpak app.   

Tags: quirky

Quirky has returned!

March 21, 2024 — BarryK

I created Quirky Linux in 2010 and the last release was in 2018. I then notified Distrowatch that the project was discontinued.

Quirky was a full installation, occupying an entire partition, the same as most Linux distributions. It did not support squashfs (SFS) files, nor did it use aufs or overlay fs layered filesystem. So it did not have "run in RAM with a save file";  what it did have was strategies to minimize flushes to the storage media, to help prolong the life of flash media.

There are some guys active on the Puppy Forum who would have fond memories of Quirky. Well, Quirky is back, though this is "Quirky on steroids". And very highly experimental.

Yes, the features are as described above; however, major new features are added. Quirky can be installed frugally, that is, be in one folder in a partition used for other purposes -- but it has to be a btrfs partition. There is a snapshot and potentially rollback/roll-forward capability, like we have in EasyOS and the pups. The filesystem has read-write compression. There is per-folder encryption.

Regarding the requirement for a btrfs partition, if you want to install to an internal drive, you would probably have one if have installed Fedora or OpenSuse. It is theoretically possible to create a file in a ext4 partition and create a btrfs filesystem in that file (maybe a sparse file) and mount it as subvolume; then can boot into it.

The containers feature of EasyOS is gone. Instead, there will be more attention given to isolation of apps from each other by the method introduced in Easy; to run each app as its own user. This mechanism can be tightened further.

This new Quirky is built with Void Linux packages, and uses XBPS package management, with PKGget (PPM) as a GUI frontend. As introduced in easyVoid. I was struggling with easyVoid, as it uses SFSs and aufs layered filesystem, which is very incompatible with XBPS. It is this incompatibility that was causing me to implement hacks that I did not like, and turned my attention to bringing back Quirky.

A name for this new Quirky can be "QuirkyVoid", or just "QV". Here is the old logo:

img1

...I never created an SVG for it; will put that on the to-do list.

The new build system is derived from woofV that builds easyVoid; the new name is "woofQV". I will be uploading it to github very soon.

woofQV is very simple. A series of scripts to run, and it creates a drive image file 'qv-<date>-amd64.img'. Just like with EasyOS, write it to a USB-stick and boot it. OK, I did that, and got a normal-looking desktop:

img2

Works as you would expect. What is important though, is what is underneath. The filesystem is completely different. If I am running another distro and plugin the USB-stick and mount the working-partition, this is what is seen:

img3

...the working-partition has a btrfs filesystem, and those folders named "@*" are what is called "subvolumes". This is a frugal-install, as all of this is inside folder 'quirkyvoid'. Folder '@qv' is the root-filesystem -- before clarifying that, explaining more about the drive-image file...

Just like EasyOS, the drive-image file has two partitions; an esp boot vfat partition, and a working-partition. Except the working-partition is no longer ext4. Here is the boot-partition:

img5

...for various reasons, this has 'vmlinuz' and 'initrd'; not in the working-partition.

Here is code in the 'init' script in the initrd, before the switch_root operation:

img6

...that SUBVOL variable is "quirkyvoid/@qv", which mounts the @qv folder onto /newroot folder.  SUBDIR is "quirkyvoid/". Then /dev, /proc, etc are moved to /newroot, and a switch_root performed.

There are three "--bind" mounts, that mount the external folders 'data', '@home' and '@files' inside /newroot. So, after bootup, this is what "/" looks like:

img7

...which looks similar to EasyOS. Except for that new 'data' folder.

It is intended that 'files' and 'home' will be encrypted. This will require a password to be entered at bootup. Currently don't have that, as the 6.8.1 kernel with fscrypt patches doesn't work; booted to the shell prompt, then a second later the kernel crashed. I have reported this to the 'linux-btrfs' mail-list, with a screenshot of the crash.

QV has huge potential, but a lot of work to get it to a reasonable working condition that can be released. A pre-alpha maybe not to far away.

I will post more explanations in future blog posts. I'm a beginner with btrfs, so refinement will happen. Those 'data', '@home' and '@files' located outside of '@qv' is unusual, I gather from reading so far; it seems that it is more usual to create '@home' for example, nested inside '@qv' -- but intuitively it seemed better to have '@home' outside and bind-mount it inside -- anyway, my way seems to be working.    

Tags: quirky

btrfs-progs with fscrypt take-2

March 20, 2024 — BarryK

I posted yesterday about compiling Josef Bacik's fscrypt branch of 'btrfs-progs':

https://bkhome.org/news/202403/btrfs-progs-with-fscrypt-patches.html

There were some things that I didn't understand, and sent an inquiry email to Josef. Here is part of my email:

With ext4, "mkfs.ext4 -O encrypt,..." will enable fscrypt; however
"mkfs.btrfs -O list-all" does not show "encrypt" as an available
feature.

So that is my question, is it just the documentation that is lagging,
and "-O encrypt" will work?

And if so, how do I check? With ext4, can use "tune4fs -l ..." to list
features. I'm new to btrfs, not familiar with the tools.

And here is part of Josef's reply:

You need to make sure when you're configuring btrfs-progs you use

./configure --enable-experimental

so you get the encryption support. However you don't need that to
enable encryption. If you just use the normal fscrypt tools to enable
encryption it'll work properly, we don't do anything specific at mkfs
time like ext4 does, we do it all live.

Good. I have recompiled 'btrfs-progs' and updated the PET. Also recompiled it statically in OE for use of the utilities in the initrd.  

Tags: quirky

btrfs-progs with fscrypt patches

March 19, 2024 — BarryK

Recent posts about btrfs:

https://bkhome.org/news/202403/kernel-681-with-btrfs-fscrypt.html

https://bkhome.org/news/202403/improved-support-for-btrfs.html

https://bkhome.org/news/202403/btrfs-progs-compiled-statically-in-oe.html

However, to support fscrypt, patches need to ba applied to 'btrfs-progs'. One of the main developers of btrfs is Josef Bacik, and he is the primary implementer of fscrypt support in btrfs. He has fscrypt patches for btrfs-progs:

https://github.com/josefbacik/btrfs-progs/tree/fscrypt

I have compiled his btrfs-progs in EasyOS Kirkstone and created a PET:

https://distro.ibiblio.org/easyos/amd64/packages/pet/pet_packages-kirkstone/

For the record, this is how I configured the source:

# ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --with-crypto=builtin \
--with-convert='' --disable-python --disable-libudev --disable-zoned --disable-convert \
--disable-documentation --disable-backtrace

I uploaded the source tarball to ibiblio:

https://distro.ibiblio.org/easyos/source/alphabetical/b/

Need static binaries for the initrd. Here is the build recipe:

https://github.com/bkauler/oe-qky-kirkstone/commit/e80f8a9bc3eb8241b03127d61379e55738b3092f     

Tags: quirky

Kernel 6.8.1 with btrfs fscrypt

March 16, 2024 — BarryK

I posted about 52 patches available to implement fscrypt in btrfs:

https://bkhome.org/news/202403/linux-kernel-btrfs-supports-fscrypt.html

I have compiled the 6.8.1 kernel with btrfs builtin (not as a module) and those 52 patches applied. The kernel also has both overlay and aufs builtin.

For anyone who wants them, those patches are in a tarball, available here (inside build-kernel.tar.gz):

https://distro.ibiblio.org/easyos/source/kernel/6.8.x/6.8.1-20240316/

Here is how I applied the patches:

if [ -f 3rd-party/filesystem/btrfs-fscrypt.tar.gz ];then
echo "btrfs fscrypt patch..."
cp -a -f 3rd-party/filesystem/btrfs-fscrypt.tar.gz temp1/
cd temp1
tar -xf btrfs-fscrypt.tar.gz
cd ..
cd linux-${KERNVER}
Psorted="$(find ../temp1/btrfs-fscrypt -type f -name '*.patch' | sort -n | tr '\n' ' ')"
for aP in ${Psorted}
do
patch -p1 < ${aP}
done
cd ..
rm -f temp1/btrfs-fscrypt.tar.gz
rm -rf temp1/btrfs-fscrypt
fi

...excessive "cd" operations, but it works.

The kernel was compiled in EasyOS Kirkstone-series version 5.7 and the PET is here:

https://distro.ibiblio.org/easyos/amd64/packages/pet/pet_packages-kirkstone/

...there is no broadcom-sta module for it, as it failed to compile.

Note, it you are running EasyOS, there is a bit more involved than just installing the PET. The PET is used in WoofQ when building EasyOS. Developers can, however, open up the PET and extract 'vmlinuz' and the modules, then manually change to use that kernel (it is at /boot/vmlinuz).    

Tags: quirky