no apt after update to release

[Arwen]

The whole idea of TrueNAS SCALE is an appliance. Lots of Linux users don't understand that firmware based on Linux, and Linux distros are a different concept.

It persists today that some Linux users of SCALE think, "It's Linux, I can do what I want". Yes, you can. Just do it, but don't expect iX to do it for you. SCALE is a packaged OS designed for NAS & Apps. It is also mostly targeted to their Enterprise customers, as they are paying for the development.

If something makes good sense to include in SCALE, make the suggestion via "Report a Bug".


Not to be rude, but some people want their cake and eat it too. Meaning they want something easy to use, that someone else develops, but to have the software customized for their use.


I am not trying to say that "apt" should be excluded. I am saying that SCALE's design philosophy does not include user installed software. (Except for Apps & VMs.) If you don't like that, feel free to change it for yourself. THAT is the power of Linux. Not getting some vendor where you don't pay them, to make the change for you. But, you can make the change yourself, for your purposes.

 

[jgreco]

Starting in SCALE DragonFish we are mounting various parts of the root filesystem readonly, and so users will have to basically run /usr/local/libexec/disable-rootfs-protection if they want to apt-install anything (trying to chmod the apt binary will fail with EROFS). This also sets a flag that the base OS has been altered (which is important for bug report triage).

Interesting to see. Our appliance platform over here has been making use of Berkeley's schg to protect the base system for many years, which is somewhat more aggressive because it requires a system reboot to clear securelevel out. The design intent over here is more about system hardening against intruders, but there's still a huge amount of value in a less aggressive solution. I like the flag indicating the base OS (presumably you meant "may" rather than "has") been altered, though this might be better done with an mtree checksum scan which could detect WHAT has been changed. It has occasionally been frustrating here in the forums when someone has "hacked" on the TrueNAS firmware with some crap they heard on YouTube or Reddit.

 

[anodos]

Interesting to see. Our appliance platform over here has been making use of Berkeley's schg to protect the base system for many years, which is somewhat more aggressive because it requires a system reboot to clear securelevel out. The design intent over here is more about system hardening against intruders, but there's still a huge amount of value in a less aggressive solution. I like the flag indicating the base OS (presumably you meant "may" rather than "has") been altered, though this might be better done with an mtree checksum scan which could detect WHAT has been changed. It has occasionally been frustrating here in the forums when someone has "hacked" on the TrueNAS firmware with some crap they heard on YouTube or Reddit.

Arguably, changing dataset property to read/write is a change already. :) We also take snapshots (<ds>@pristine) for the RO datasets and gather ZFS diff of them during system debug generation. So kind of like mtree idea in that regard. Definitely not the same as changing secure level, but it does protect against quite a few different types of accidental foot-shooting.

 

[duq3r]

Hello! How can I install the proxmox-backup-client without apt working? Can I downgrade back to 23.10? I need this tool for backups.

 

[LarsR]

You're not supposed to install additional packages on the base OS. You'd have to see if it is available as an app or try to set it up manually with the launch app function. Truecharts has the proxmox-backup-server as an app, but there are only a few installation notes on their website https://truecharts.org/charts/stable/proxmox-backup-server/installation_notes

 

[duq3r]

You're not supposed to install additional packages on the base OS. You'd have to see if it is available as an app or try to set it up manually with the launch app function. Truecharts has the proxmox-backup-server as an app, but there are only a few installation notes on their website https://truecharts.org/charts/stable/proxmox-backup-server/installation_notes

I have a separate Proxmox-backup-server VM. And also a separate TrueNas VM for my file share. Before the last update I used to backup my share to Proxmox-backup-server using CLI tool Proxmox-backup-client. Which was doing backup of my files with deduplication and also I could mount the backup to TrueNAS and restore needed files. But not I can backup only server and disks of TrueNAS VM what is much worse and uncomfortable.

 

[anodos]

Hello! How can I install the proxmox-backup-client without apt working? Can I downgrade back to 23.10? I need this tool for backups.

In DragonFish you can enable apt / toggle "developer" mode by running the command "install-dev-tools" or /usr/local/libexec/disable-rootfs-protection.

This makes the boot device read-write and sets an internal flag so that we know the base install has been altered (helps for triaging bug reports).

 

[duq3r]

In DragonFish you can enable apt / toggle "developer" mode by running the command "install-dev-tools" or /usr/local/libexec/disable-rootfs-protection.

This makes the boot device read-write and sets an internal flag so that we know the base install has been altered (helps for triaging bug reports).

Thank you very much! You saved me.

 

[tn-redux]

In DragonFish you can enable apt / toggle "developer" mode by running the command "install-dev-tools" or /usr/local/libexec/disable-rootfs-protection.

This makes the boot device read-write and sets an internal flag so that we know the base install has been altered (helps for triaging bug reports).

Does this persist between updates?