noauto option ignored in /etc/fstab?
tomh0665 at gmail.com
Wed Dec 6 14:31:43 UTC 2017
On Wed, Dec 6, 2017 at 4:58 AM, Josef Wolf <jw at raven.inka.de> wrote:
> On Tue, Dec 05, 2017 at 12:40:31PM -0500, Tom H wrote:
>>> I understand that grub wants to remember that the last boot was successful.
>>> 1. It stores only an empty /boot/grub/grubenv (1024 bytes of '#' characters)
>>> 2. shouldn't it undo what it have done? When it needs to mount an unmounted
>>> partition, it should umount this partition again when done.
>> I disable grub-common on my Ubuntu and Debian systems, so I don't
>> really care what/where/how.
> I thought grub is mandatory? How do you boot without grub? The days of lilo
> are gone...
If I have grub installed, I disable the grub-common boot script but
grub isn't mandatory.
You can use syslinux on both BIOS and EFI.
You can use refind on EFI.
You can use systemd-boot on EFI. This is what I use, even on systems
where I'm booting with sysvinit or upstart. AFAIK, Ubuntu hasn't
integrated it so you have to grab the executable from
"/usr/lib/systemd/boot/efi/systemd-bootx64.efi" and set up the menu
entries manually. It can only read vfat filesystems; that's why my ESP
is mounted at "/boot" and why "/boot" is formatted as vfat.
>> I suspect that the great majority of Ubuntu installations "/boot" is
>> always mounted, even if it's a separate filesystem but you could file
>> an RFE to take your use-case into account.
> My use-case is a completely encrypted laptop. Since /boot can't be encrypted,
> I've implemented the following strategy to detect whether the boot partitions
> were manipulated:
> 1. The following script is run regularly by cron:
> #! /bin/sh
> mkdir -p $DIR
> cd $DIR
> md5sum /dev/sda >$TMP
> LASTFILE=`ls md5log-*T* | tail -1`
> if cmp -s "$LASTFILE" "$TMP" ; then
> rm $TMP
> mv $TMP md5log-`date -Iseconds`
> 2. Before booting, I check whether somebody messed with the boot partitions.
> I do this by booting a live-CD, cryptsetup+mount the partition with the
> logs, and running the following script:
> #! /bin/sh
> DIR=`dirname "$0"`
> FILE=`find "$DIR" -name 'md5log-*' | sort | tail -1`
> md5sum /dev/sda | diff -qs -- - "$FILE"
> Since the log files with the original md5sum's are on an encrypted FS, nobody
> can mess with the unencrypted partitions without me to notice it.
> But this works only, when the /boot partition is normally not mounted. This is
> because mounting/umounting the partition will modify it.
> Do you think this use case is considered to be "sane" by the Ubuntu-Gurus? Or
> will they just call me paranoid ;-)
This is an interestingly paranoid use-case :)
But this isn't what I meant. I meant that your use-case was not to
have "/boot" mounted and that your RFE would be to unmount "/boot" at
the end of the grub-common execution if "/boot" was previously
unmounted. I'm not sure whether they'd care why you want "/boot"
unmounted; it was a common MO years ago but it seems to have been
forgotten these days. It comes down to whether the grub maintainer
wants to write and maintain the extra scripting.
>>>> [You might want to add "x-systemd.auto" to the "/boot" line in
>>>> ?etc/fstab". "/boot" will be automounted when it's needed.]
>>> Will this umount the partition again when it's no longer needed?
>> You can add "x-systemd.idle-timeout=xxx" too.
> I really see only one use case for /boot to be mounted: Upgrade of
> grub/kernel/initrd. There's really no reason for /boot to remain mounted all
> the time. When some script (in this case grubenv) wants to mount it, this
> script should undo what it has done.
It would allow you to avoid the RFE. You could set
"x-systemd.idle-timeout=60" (for example) and "/boot" would be
unmounted 60 seconds after the end of grub-common's execution.
More information about the ubuntu-users