I modified my install to lock the device better from unwanted accesses and I wonder: how will we update the device? not by flashing from scratch the new version, I hope.
Please let me know the plans.
Could you please share your security improvements? I agree with you, that as of now security on Volumio is not sufficient. So if you share what you did I will be glad to secure Volumio more.
I didn’t really thought how to handle updates. For some time it will be a reflashing. We are talking about a whole system… So it is quite a challenging task…
Ps. are you italian?
For updates, the best would be to create a package with the files (and scripts when necessary) you provide/use to create this distro and then to add it a (separate) repo, so that you use the standard update tool “apt-get update”.
This way people should not be afraid of updating the system.
Moreover, I think in the past some update tools were able to check config files to detect changes from the user. Or, since the web gui was written by your team (before the fork), you can simply provide in your volumio_webgui.deb a volumio.conf.default that will get updated and then create a volumio.conf upon first run. The update mechanism will never touch the actual config file.
I can provide well organized suggestions next time I reflash it (also, once you lock SSH every other change becomes much less urgent). Moreover, I don’t have a linux machine able to mount two SD cards to do a diff between my modified install and your original one, otherwise I would do it immediately.
Yes, I’m Italian.
I’m currently studyin how to perform automatic updates… But sincerely, I have lot of work now to do, to add functionalities. I don’t think to make a .deb soon, but of course in the future I would like to set up a Volumio’s repo, and use install scripts.
If you want to help on that it would be great. I asked you because of your nick, it’s quite nomen-omen!!
Anyway, grazie per i suggerimenti, molto apprezzati!