so this i what i’m doing to live upgrade running RPI’s to a mender-client, u could also maybe see this a guide.
so apparently, u can just completely dd an image on de sd-card without bricking the device,
with been bricking i mean, ‘it does not freeze mid wget | dd’
once dd is doing what its doing, there is no way back, and most functionality of raspbian or whatever happens to be running will be gone, only what’s left in memory will be left.
at this point i have done dozen’s of rewrites this way, and never does it seem to brick when done correct.
this is for pi’s that do not hold any important data, once the dd starts, there is no going back!
first start of with activating magic sysrq in the kernel, this allows the kernel to listen to a certain key combination & will do an certain action to it. this will be needed to reboot the pi, since ‘shutdown now -r’ wont work anymore, because the running os is broken at this point.
active magic sysrq here,
echo 1 > /proc/sys/kernel/sysrq
then we will use a wget, streaming it to funzip and then finally dd it on the sd-card
wget -c -t inf -O - https://to-my-url-containing-my-.sdimg.zip | funzip | dd of=/dev/mmcblk0 bs=64k
after the command is done, we send an echo, triggering the kernel to reboot itself using
echo b > /proc/sysrq-trigger
And that’s it. don’t forget that your .sdimg needs to have ssh enabled! the new stock raspbians images for example are not ssh enabled.
I was also working to get an checksum with a sha256 hash, for when the file was written on the sd-card, u could also read the same amount of block’s written to check if they where indeed all correct, its very cumbersome, and i could get some help completing it, it’s just an extra security, especially concerning transferring over wifi.
Again i encountered no problems, since wget will be using ftp protocol with tcp, which has checksums, its just to be very, very sure.
the problem is iam unable to feed sha256sum the hash, because it only accepts a hash from a file, not directly inside the command itself like this
dd if=/dev/mmcblk0 | sha256sum --check ‘random digits from hash’
since we only have one stdin, and broke our filesystem, iam unable to give sha256sum its hash file. even with ramdisk, i could not get this working, an eventual solution would be to kexec another kernel, for ramdisk, put the hash file there & use it that way.
wget -c -t inf -O - 192.168.30.11:/working_9-7-19_rapbian-stretch-lite.sdimg.zip | funzip | dd of=/dev/mmcblk0 && dd if=/dev/mmcblk0 bs=65536 count=57600 status=progress | echo ‘2628a2784264a78ef8f155ee35785f14ece8aaba28df64003e9ff1aabecb5036 hash.sha256’ | sha256sum --check -
the problem is getting past the echo, the data of ‘dd if=’ wont get to the sha256, and not having an ‘file’ for sha256sum does not work also as mentioned earlier.
so an ideal solution would be
wget -c -t inf -O - 192.168.30.11:/working_9-7-19_rapbian-stretch-lite.sdimg.zip | funzip | dd of=/dev/mmcblk0
&& "here an variable $touch ‘2628a2784264a78ef8f155ee35785f14ece8aaba28df64003e9ff1aabecb5036 hash.sha256’
&& dd if=/dev/mmcblk0 bs=65536 count=57600 status=progress | sha256sum --check ‘$hash.sha256’
but i’m not aware if this is possible.
other suggestions on how to do this better, are ofcourse welcome! cheers