I have created a Xubuntu 20.04 persistent live with guidus/mkusb on a usb 4gig and works fine. I also have installed 5 programs, synaptic package mgr, mkusb, and a few others without problems. Also i have created Debian 10 xfce persistent live on a 8 gig usb and also works fine but it is slower than Xubuntu. My question is can i apply security updates only? I have disabled updates because i red to the following that may cause breaking the system. https://help.ubuntu.com/community/mkusb (see upgrade mkusb).Thank you.
Asked
Active
Viewed 713 times
1 Answers
7
Security Updates in persistent live drives
If there is enough free space in the partition for persistence you can apply security updates (and with more free space even all updates, sudo apt full-upgrade).
I tested security updates right now in a fresh persistent live Xubuntu 20.04 LTS system in an SSD with 60 GB. The used size of the partition for persistence increased to 1.7 GiB according to df -h. (See the line for /cow ... /), 1.8 GB according to df -H.
So 'security updates'
- is definitely a bad idea in your 4GB drive,
- should work in your 8 GB drive,
- but I would recommend it only in drives with at least 16 GB.
You might be able to tweak the settings to avoid such huge security updates, but I don't know exactly how to do it, and it would reduce the security.
Workaround 1: Installed system in a USB drive
If security is important for you, I would recommend an installed system, installed like into an internal drive, but into a fast USB 3 drive with at least 16 GB.
See the following links
Workaround 2: Switch to daily iso files of released LTS versions
You can switch to a current daily iso file of a released LTS version (18.04 LTS, 20.04 LTS ...). Before point release #5 there will be daily iso files, and these are rather stable for released LTS versions. So instead of security updates you can simply create new persistent live drives.
You can be almost 100% sure that you can re-use the content of the home directory, and if there are not too big modifications, you can reuse the system part of the whole partition for persistence. Tools for backup are bundled with mkusb, and you can use them for transfer of your persistent data to a new persistent live system.
zsyncing command line and shellscript
This command line:
zsync http://cdimage.ubuntu.com/cdimage/xubuntu/focal/daily-live/current/focal-desktop-amd64.iso.zsync
should work for you with Xubuntu Focal Fossa alias Xubuntu 20.04 LTS.
You might prefer a more general shellscript. It can be used with all desktop flavours and the developing version (now groovy) and the newest LTS version (now focal). It can be a bit tricky to identify the web address for zsyncing to a released LTS version, and the shellscript can help you.
The following shellscript can be run in your main computer is a subdirectory with the name of the flavour of Ubuntu (with lower case), so in your case, when you make it executable an put it in PATH,
cd some-path/xubuntu
getdaily focal
Shellscript:
#!/bin/bash
inversvid="\0033[7m"
resetvid="\0033[0m"
if [ $# -eq 1 ] || [ $# -eq 2 ]
then
version="$1"
version="${1%%-*}"
else
echo "Usage: $0 <version-nickname>"
echo "Example: $0 bionic"
echo "Flavour selected automatically for this directory"
exit
fi
flavour=$(pwd)
flavour=${flavour##*/}
echo -e "$inversvid zsyncing $flavour $version ... $resetvid"
if [ "$flavour" == "ubuntu" ]
then
flavour=
currpend=pending
else
flavour="${flavour}/"
currpend=current
fi
if [ "$flavour" == "ubuntustudio/" ]
then
desktop=dvd
daily_dvd=dvd
else
desktop=desktop
daily_dvd=daily-live
fi
echo "first try:"
echo zsync http://cdimage.ubuntu.com/"$flavour$daily_dvd"/"$currpend"/"$version"-"$desktop"-amd64.iso.zsync
zsync http://cdimage.ubuntu.com/"$flavour$daily_dvd"/"$currpend"/"$version"-"$desktop"-amd64.iso.zsync
if [ $? -ne 0 ] && [ "$flavour" != "ubuntustudio/" ]
then
echo "second try:"
echo zsync http://cdimage.ubuntu.com/cdimage/"$flavour$version/$daily_dvd"/"$currpend"/"$version"-"$desktop"-amd64.iso.zsync
zsync http://cdimage.ubuntu.com/cdimage/"$flavour$version/$daily_dvd"/"$currpend"/"$version"-"$desktop"-amd64.iso.zsync
fi
if [ $? -eq 0 ]
then
if [ $# -eq 1 ]
then
ls -l "$version"-"$desktop"-amd64.iso
<<< "I am ready now" espeak
fi
else
<<< "something went wrong" tee /dev/stderr | espeak
fi
sudodus
- 46,324
- 5
- 88
- 152
sudoby adding it to the sudo group (in the file/etc/group) and checked that it works withsudo. With such a user it is also possible to make it an SSH server (by installingopenssh-server). After that I have removed the standard user xubuntu. But be aware that an intruder can always boot the drive live-only. If you want really good security, you should have an installed system with 'encrypted disk' alias LVM with LUKS encryption (in the USB drive). – sudodus May 13 '20 at 05:53- How i do obtain the syncing process. If you can provide the workaround for manualy syncing it will be very helpful.
- Can i sync it whenever i use my persistent drive ? let’ s say within 15 days and more or has to be done every day.? cont/d
– Dimitri Koutsouris May 13 '20 at 17:50currentto make it general). But if you want to do this twice a month, it is important to backup the data too (before zsyncing) because sometimes there are too big differences in the installed packages in the versions for the content of the persistent partition to be compatible. -- I could edit the answer to add my shellscript for zsyncing the daily iso file, so tell me if you want that. – sudodus May 13 '20 at 19:59/homeor the whole content of the partition for persistence (from the backup to the fresh persistent live drive). – sudodus May 13 '20 at 20:05zsync http://cdimage.ubuntu.com/cdimage/xubuntu/focal/daily-live/current/focal-desktop-amd64.iso.zsyncshould work for you, but you might prefer the more general shellscript in the answer. – sudodus May 14 '20 at 15:40