Saturday Burnt Pi
So I decided to upgrade my Pi3 this morning, a task that I thought would be be pretty straightforward. It's worth noting that I haven't upgraded my Pi since I did the initial package installs when I set up the OS and pihole, so ... it was more than due for at least a cursory upgrade.
I logged into my Pi:
self@GreenScreen:~$ ssh pi
Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-1009-raspi2 armv7l)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
106 packages can be updated.
1 update is a security update.
*** System restart required ***
Last login: Mon Mar 6 01:11:08 2017 from 192.168.█.█
ubuntu@ubuntu:~$ sudo apt-get update && sudo apt-get upgrade
Hit:1 http://ppa.launchpad.net/ubuntu-raspi2/ppa-rpi3/ubuntu xenial InRelease
Hit:2 http://ports.ubuntu.com/ubuntu-ports xenial InRelease
Hit:3 http://ports.ubuntu.com/ubuntu-ports xenial-updates InRelease
Hit:4 http://ports.ubuntu.com/ubuntu-ports xenial-backports InRelease
Hit:5 http://ports.ubuntu.com/ubuntu-ports xenial-security InRelease
E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)
E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?
ubuntu@ubuntu:~$ sudo reboot now
Since it was brunch time, I got up and grabbed my peanut butter latte, and sat back down. More than enough time for a reboot.
Or so you would think.
self@GreenScreen:~$ ssh pi -v
OpenSSH_7.5p1, LibreSSL 2.5.4
debug1: Reading configuration data /Users/quintessence/.ssh/config
debug1: /Users/quintessence/.ssh/config line 41: Applying options for pi
debug1: /Users/quintessence/.ssh/config line 138: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 52: Applying options for *
debug1: Connecting to 192.168.█.█ [192.168.█.█] port 22.
^C
self@GreenScreen:~$ ssh ubuntu@192.168.█.█ -v
OpenSSH_7.5p1, LibreSSL 2.5.4
debug1: Reading configuration data /Users/quintessence/.ssh/config
debug1: /Users/quintessence/.ssh/config line 138: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 52: Applying options for *
debug1: Connecting to 192.168.█.█ [192.168.█.█] port 22.
debug1: connect to address 192.168.█.█ port 22: Operation timed out
ssh: connect to host 192.168.█.█ port 22: Operation timed out
Oh.
Good.
Fishing out an HDMI cable, I connect the Pi to my TV and see that U-Boot is trying to PXE boot like so:
(( snip ))
Waiting for Ethernet connection...done
*** ERROR: `serverip' is not set
missing environment variable: bootfile
Retrieving file: pxelinux.cfg/default-arm
Waiting for Ethernet connection...done
*** ERROR: `serverip' is not set
missing environment variable: bootfile
Retrieving file: pxelinux.cfg/default
Waiting for Ethernet connection...done
*** ERROR: `serverip' is not set
(( snip ))
It looped around like this until I got a prompt, but I wasn't in bash or sh, I was in U-Boot - the bootloader. That became obvious when commands like ls
and cd
did not exist and the output of the help
command looked like this:
? - alias for 'help'
base - print or set address offset
bdinfo - print Board Info structure
boot - boot default, i.e., run 'bootcmd'
bootd - boot default, i.e., run 'bootcmd'
bootelf - Boot from an ELF image in memory
bootm - boot application image from memory
bootp - boot image via network using BOOTP/TFTP protocol
bootvx - Boot vxWorks from an ELF image
(( snip ))
Why was I in U-Boot? For some reason the SD card was not being recognized as a boot device and so the Pi tried the next thing it knew: PXE boot. This failed because I don't have a TFTP server config for it to find, so it's trying and failing to find PXE config files that don't exist.
As for how I ended up in this mess: I suspect that I didn't notice the system restart required
message at some earlier point and therefore not only did the current upgrade fail, something in the initial batch did as well. The combination, well...
In any event, I'm lucky in that since this Pi was really just for running the pihole software, I don't have to waste too much (more) time trying to dig around in there. So I just wiped it clean and re-wrote a new image on it.
After reading up on Ubuntu a bit, and the fact that the image for the Pi is "unofficial" and has some "upgrade issues" (no, really?) I opted for Raspbian, the official Pi distro.
From the instructions, I decided to download Etcher to write the image to disk, like so:
Since I only have one removable drive connected, it automatically found my SD card which was appreciated. The timer also lets me know that I can have another snack, which with how long this is taking why not...
Awesome. At this point the SD card is no longer mounted as there is a setting in Etcher to auto-unmount on success. After a successful boot I enable ssh
:
sudo systemctl enable ssh
sudo systemctl start ssh
I need to remove the 192.168.█.█
line from my ~/.ssh/known_hosts
file since on my first attempt to ssh
I receive an error about a potential man in the middle attack due to the changed fingerprint. This is expected, though, since there is a new image on the Pi at the same IP address.
Moving along I add my pubkey to ~/.ssh/authorized_keys
on the Pi and sudo passwd pi
to change the password from the default raspberry
:
pi@raspberrypi:~ $ mkdir .ssh
pi@raspberrypi:~ $ vim ~/.ssh/authorized_keys
-bash: vim: command not found
pi@raspberrypi:~ $ vi !$
vi ~/.ssh/authorized_hosts
pi@raspberrypi:~ $ sudo passwd pi
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Ran all the package updates, installed the pihole package which basically involved a curl
and then navigating through prompts:
pi@raspberrypi:~ $ curl -sSL https://install.pi-hole.net | bash
::: system networking, it requires elevated rights. Please check the contents of the script for
::: any concerns with this requirement. Please be sure to download this script from a trusted source.
:::
::: Detecting the presence of the sudo utility for continuation of this install...
::: Utility sudo located.
.;;,.
.ccccc:,.
:cccclll:. ..,,
:ccccclll. ;ooodc
'ccll:;ll .oooodc
.;cll.;;looo:.
.. ','.
.',,,,,,'.
.',,,,,,,,,,.
.',,,,,,,,,,,,....
....''',,,,,,,'.......
......... .... .........
.......... ..........
.......... ..........
......... .... .........
........,,,,,,,'......
....',,,,,,,,,,,,.
.',,,,,,,,,'.
.',,,,,,'.
..'''.
:::
::: You are root.
::: Verifying free disk space...
:::
::: Updating local cache of available packages...
(( snip ))
Navigated to a few known ad-heavy sites like Forbes and took a look at my dashboard:
And now I'm off to a safer, more secure browsing experience.
Updates
After 1 hr of use.
After 24 hrs of use.
Source for header: firey background from burnt embers created by Shutterstock user Bernatskaya Oxana and the Raspberry Pi logo.