Web lists-archives.com

Re: Some help with dd backing up into an iso




Hi,

GiaThnYgeia wrote:
> 1  So an img file does not matter what extension it has,

It's the data content which matters, not the name.
dd or cp don't care about name extensions.


> 2.1  Block by block, [...] erased data on
> an empty block can be recovered because they are not zero.  Correct?

If not the filesystem overwrote the content of deleted files
the problem will still be to find the content you are interested in.

The following run will show you cleartext snippets from the disk or image
in a text viewer which you can leave by pressing the "q" key:

  strings /dev/sdb | less

Now it depends on your knowledge about the desired content whether you
can find it.


> 2.2  If a block is zeroed it can't be unzeroed?

Not by normal means. You have to be aware that especially solid state
disks like USB keys have an own physical block management which might
delay the overwriting further.


> 3  If an encrypted partition is included in the image, empty or not, it
> would be treated as a chunk of blocks that can't be altered without
> being corrupted.  Correct?

It stays encrypted. In general it is dangerous to change blocks in a
disk image unless you understand fully what the data in the block mean.
The risk is high that you break the filesystem and will get errors
or wrong file data when you mount it.


> So 4gb full of data in 1 partition with 4gb
> of empty but encrypted partition is treated the same as 4gb full of
> data,  Correct?

Well, an encrypted partition should be much less compressable than an
empty unencrypted one. Encryption shall camouflage the true content.
So it can hardly represent all zeros as a similarly redundant byte set.


> > dd if=/dev/sdb | bzip2 >usbfilename.img
> So the of=usbfilename is replaced by the | bzip2?

Yes. If dd has no of= argument then it writes its data to standard
output, which is normally your terminal window.

But "|" establishes a pipe. It connects standard output of dd with
standard input of program bzip2. (That standard input would normally
be your keyboard and its Enter key.)

Since bzip2 gets no file name argument it reads from its standard input
and writes the compression result to its standard output.

But the ">" redirects the standard output of bzip2 to the data file
usbfilename.img.
So you do not get printed a lot of text salad on your terminal but
there rather emerges a data file with compressed content.

This connecting and redirecting of output is done by the shell, not by
the programs dd and bzip2.


> > When you put it back on the USB stick, you need to uncompress:
> I will report back ... I'm willing to try this on my 1.8gb system

Be careful not to spoil irrepairable data.


> I have yet to see anything been written
> in the swap area.

Maybe your computer has lots of RAM or the swap is not in use ?
(What does shell command "free" report ? Is ther a line starting with
 "Swap:" and giving three numbers ?)


> maybe due to systemd it is no longer being used?

Systemd is a convenient suspect for everything. But i doubt that it
can make swap space obsolete when the RAM does not suffice.


> 1M used to be big!

Yeah ... Love, 36 bit, and punched cards ...


> I am willing to bet that this dd goes back to backing up hard drives

Its origin is in IBM's Job Control Language. From there it came to early
Unix when there were still unused combinations of two letters. "cp", "ls",
"dd", "cc", "ld" ... "cat" is of course an example of wastefulness.


> Etcher (https://etcher.io/) after finishing
> went back and "verified" the whole thing,

A good idea to do so.


> I suspect it is a fork of xorriso 

No. xorriso packs up files as inhabitants of an ISO 9660 filesystem.
There are no forks known.


> had too many gaps in knowledge to understand how to use its options.

If you tell me the path to the mount point of the data partition i will
modify my previous example to that address.


> > While the filesystem is mounted but fewly busy, you let a program read
> > the files and pack them up in that program's archive format.

> I may be unclear on this, my system was running on sda backing up a
> different system on sdb, it wasn't archiving itself.

That's very wise. Making a dd copy of an active system disk will at best
cause the symptoms of a heavy system power failure when you restore the
system to a disk and then try to start it up.

Backup programs usually run on mounted filesystems and thus are prone
to recording inconsistent file states if files change while the backup
is run. This danger can be avoided entirely if the filesystem is mounted
read-only.


> > Assumed you have your filesystems mounted as 
> >   /mnt/usb_part1
> >   /mnt/usb_part2

> But there is this gray area called usb_part(no number) which seems to
> have some goodies that make parts 1 and 2 sing.

Now i know that one of them is swap and thus not mountable.
But the other one is supposed to be mounted in your overall filesystem.
Either by an automounter (e.g. systemd-udev) or by a mount command issued
by the superuser (i.e. you with your sudo hat on).

You will have to find out that path to the root of your partition's
filesystem. Then you can backup it.


> I gave up trying to understand all the tsorriso options,

Nobody is supposed to. Just collect in a shell script what you need and
what you learn from the internet, man page examples, or me.


> And that is how a network of dummy terminals that always boot up a fresh
> installation of linux works.  No magic?

My xorriso example (now to be done with only one partition) is for making
a backup of the partition filesystem. You can access the files by mounting
the ISO filesystem or by using one of the archivers which can read ISO 9660.
(Mounting is a feature of the operating system.)

The magic gate for booting is in the boot sectors which let the firmware
start the very magic boot loader which then starts the incredibly magic
operating system.
I only know about boot sectors. The rest is the job of e.g. debian-cd which
prepares the files of boot loader and operating system, and the job of
the boot loader which has to deal with the hardware on which it wakes up.
 

> You have a teaching talent...

Despite i am the one who wrote the man page of xorriso ?


> Most of them say: ZZZ is a tool for [...]

It is quite difficult to describe to users something that you know on
source code level.


> Imagine if English wasn't your native language!

This might be another part of the problem. I'm german.


Have a nice day :)

Thomas