[SOLVED] Steps required to upgrade the desktop-live .ISO

idle · Yesterday 02:52:02

Hello folks,

Requesting help in considering that with this use-case:

booting from DEVUAN desktop-live .ISO often
up to several concurrent instances, several times per day
with zero persistence

and keeping devuan-security in mind, that it might be good to "not wait" for next .ISO release before updating packages.
Also, I suggest that it would "not be sane" to burn up bandwidth by performing apt upgrade upon each boot.

That leads me to believe that several of you must already have a routine for: upgrading the DEVUAN desktop-live .ISO

So let us say that the upgrade will be done from "inside" the booted .ISO and that we expect the high-level steps to include:

Burn to DVD the latest DEVUAN desktop-live .ISO file. (or write it to USB) https://www.devuan.org/get-devuan
Boot computer (or virtual-machine) from this new DEVUAN desktop-live media.
If not already connected, insert some storage-media with enough free space for a copy of the new filesystem and an .ISO file.
Connect to network (INTERNET)
To update the operating-system, open Terminal Emulator and run:
```
sudo apt -y update && sudo apt -y upgrade
```
Optionally pause here to make more changes: add/remove packages; update settings to personal-preferences, e.g. browser-configuration; add files; etc.
Then to create an .ISO of this improved state of the operating-system, open Terminal Emulator and run:
```
sudo refractasnapshot
```
Burn to DVD the freshly-upgraded DEVUAN desktop-live .ISO file. (or write it to USB)

(I've spent a bit of time trying the above, and have learned that it is not quite as simple as stated, e.g. issues with updating kernel and initramfs; minor-changes required in /etc/refractsnapshot.conf; ...???...)

So I ask those in-the-know, if you could please share the complete steps. Or bring forward any helpful hints. Thanking you in advance.

Separately, if there is any how-to info out there on doing automated builds of the desktop-live .ISO, please share those links here as well.

Last edited by idle (Today 06:42:36)

idle · Yesterday 04:24:20

(inb4 Fred posts his "two ways to make a live-iso" links)

found several forum-links pointing to fsmithred's topic: Make a live-CD with live-sdk

While not an answer to the immediate question, it is one possible solution to the problem at hand.

continuing...

Last edited by idle (Yesterday 04:32:02)

fsmithred · Yesterday 10:42:13

live-sdk downloads all the packages every time it runs. If you have a fast internet connection, that's not bad. It's especially good if you want to make several isos with different content. You just use different config files for the different builds. The downside is that if there's anything wrong in the build setup, or if you list a package to be installed when that package doesn't exist, the whole build fails and you have to start it again.

My preferred workflow is to install a system into a VM and make the snapshot there. Then I can upgrade the VM any time I want and make a new iso. It doesn't have to download the whole system every time.

Then, if I want to use a live, read-only system, I just boot the iso file inside a VM and use that. Then I don't have to reboot the computer to switch to read-only. When the VM shuts down, everything from that session is gone.

idle · Yesterday 17:54:50

OK, so if I get what you're saying, fsmithred, the proven method would be:

boot computer(or virtual machine) on the live .ISO
insert (if not already present) some empty storage-media, or some storage-media that can be overwritten
install the live-system onto that storage-media
then boot that newly-installed system off of the storage-media
now upgrade that booted system (and/or modify it to your liking)
lastly, run refractasnapshot to make a new, upgraded live .ISO of your installed system

Afterward, keep the operating system that's on the storage-media for future-use (preferably clean, and otherwise unused). Upgrade or modify it periodically, then run refractasnapshot to create another new, upgraded live .ISO

Looking at it that way, I see an extra step involved (creation of an installed-system on storage-media), versus what I was attempting to do.

However, if the user upgrades their .ISO more than one time between .ISO releases, then network-bandwidth will be saved between user and devuan repositories (by not re-downloading the same updates each time they update their .ISO).

Do you agree or have corrections or anything do add?

Last edited by idle (Yesterday 18:14:45)

fsmithred · Yesterday 18:01:57

Yes, that way will work if you don't want to use qemu or virtualbox. Another way would be to use a spare partition on your hard drive instead of external storage media, but those are essentially the same thing.

idle · Yesterday 18:33:19

SOLVED by fsmithred's post #3, which I expanded into post #4.

Now, I'd like to mention that back with my initial quest of running refractasnapshot straight from the booted-to-RAM" .ISO, I got to a point where the kernel had been upgraded, and a new initramfs created (which does include the correct kernel modules); and also with /etc/refractasnapshot.conf variables: kernel_image= and initrd_image= updated accordingly.

The issue now is that the initramfs on the new .ISO only contains a directory for the old kernel modules (lacking the new ones), so the boot halts and drops to the initramfs prompt. I have been inspecting /bin/refractasnapshot and so far haven't been able to find the reason for that.

If there's any ideas on why or where the issue lies, please let me know.

Last edited by idle (Yesterday 18:34:21)

fsmithred · Yesterday 19:42:50

I would expect the initramfs to contain the modules for the running kernel, and I would expect the running kernel to be the old one. A live system is read-only, so if you upgrade the kernel, you have to reboot to use that kernel, but when you reboot, the new kernel is no longer there. It was only in memory.

You need a persistent partition or an installed system to upgrade the kernel and put it into a new snapshot.

You might be able to do it from the live system if you chroot into the copy of the filesystem. I'm not sure if that would work. The new kernel will be there in the storage media after you install it and run refractasnapshot once.

You need to set refractasnapshot.conf to save the filesystem copy. Then maybe you can chroot into the fs copy and run 'update-initramfs -u -k all' and then copy the new kernel and initramfs to /iso/live/vmlinuz and /iso/live/initrd.img. Then run refractasnapshot again and choose "Re-squash and make iso (no-copy)" so you don't clobber your edits.

idle · Yesterday 20:32:24

OK, I think the message is becoming a bit more clear.

If the .ISO is an egg:

The idea I had was to make an egg from an egg.
One could set up a genetics lab to do it.

... or just let the egg hatch into a chicken, and then let the chicken lay it's own egg.

(there must be an ethnic proverb out there that covers this)

Last edited by idle (Yesterday 20:32:47)

idle · Today 05:53:53

Following-up: I would recommend the better solution in post #4, but this solution specifically answers the original question:
Steps required to upgrade the DEVUAN desktop-live .ISO (without persistence)

meaning that it is a good method to choose if you plan to do this once or rarely.
perhaps not so good if you are doing much customization

For lack of patience at this moment, I'll be a bit terse.

boot the DEVUAN desktop-live .ISO and select "TO RAM" from the boot menu
```
sudo apt -y remove live-tools
```

sudo nano /etc/kernel/post{inst,rm}.d/zz-update-grub
# in the space after the if-then clause containing "systemd-detect-virt", add this line (once for each file):
if (grep --quiet QEMU /proc/cpuinfo); then exit 0; fi

(attribution to this post: https://dev1galaxy.org/viewtopic.php?pid=62626#p62626 )

sudo apt -y remove grub-efi-amd64
sudo apt -y update
sudo apt -y upgrade
sudo apt -y autoremove
sudo apt install live-tools

note: grub efi support was just removed. implications thereof?

get your storage-media ready for use

sudo mkdir /mnt/space
# replace Zda below with your own empty storage media or partition, e.g. sda3, vda1, sdc
sudo mkfs.ext4 /dev/Zda # only do this if you need to format the space
sudo mount /dev/Zda /mnt/space
sudo mkdir /mnt/space/{work,snapshot}

sudo nano /etc/refractasnapshot.conf
# find variables: snapshot_dir and work_dir and edit them to contain /mnt/space/snapshot and /mnt/space/work

get your new kernel version:

uname -r # this shows the correct format that you need, but the old kernel version number
ls -l /vmlinuz # this is the new version; take the matching bits from the end of this line
sudo nano /bin/refractasnapshot
# at approx line #438, find line starting with "mkinitramfs"; to the end of that line, add a space and your kernel version, e.g. 6.12.86+deb13-amd64

the above edit is a hack, and could be better if scripted

```
sudo refractasnapshot
# choose: 1
# type: q
# hit: <Enter>
```
when done, find your newly upgraded .ISO in the /mnt/space/snapshot/ directory (under snapshot/ on your storage-media)

I've just finished doing the above and am running on the upgraded desktop-live .ISO to make this post.
(also with this upgrade, now safe from Copy Fail CVE-2026-31431)

thanks to fsmithred for prompt advice and encouragement

Last edited by idle (Today 07:07:07)

The officially official Devuan Forum!

#1 Yesterday 02:52:02

[SOLVED] Steps required to upgrade the desktop-live .ISO

#2 Yesterday 04:24:20

Re: [SOLVED] Steps required to upgrade the desktop-live .ISO

#3 Yesterday 10:42:13

Re: [SOLVED] Steps required to upgrade the desktop-live .ISO

#4 Yesterday 17:54:50

Re: [SOLVED] Steps required to upgrade the desktop-live .ISO

#5 Yesterday 18:01:57

Re: [SOLVED] Steps required to upgrade the desktop-live .ISO

#6 Yesterday 18:33:19

Re: [SOLVED] Steps required to upgrade the desktop-live .ISO

#7 Yesterday 19:42:50

Re: [SOLVED] Steps required to upgrade the desktop-live .ISO

#8 Yesterday 20:32:24

Re: [SOLVED] Steps required to upgrade the desktop-live .ISO

#9 Today 05:53:53

Re: [SOLVED] Steps required to upgrade the desktop-live .ISO

Board footer