noauto option ignored in /etc/fstab?

Josef Wolf jw at raven.inka.de
Sun Dec 10 23:13:25 UTC 2017 

On Sat, Dec 09, 2017 at 03:20:32PM +0100, Xen wrote:
> Josef Wolf schreef op 09-12-2017 13:23:

> >So this unattended-upgrades package is of no use at all? Why does it exist
> >then?
> 
> I was only talking about the service. I don't know the exact relation at
> this point with the other (packages).
> 
> Traditionally unattended-upgrade was run by /etc/cron.daily/apt
> 
> So you mustn't assume that the *package* isn't getting used.
> 
> I'm just saying that the *service* is not.

But I still don't understand how the service got enabled. I've never enabled
it explicitly. And I can tell for sure, since I do all my system configuration
with an automatic system (similar to cfengine, but also invented by myself).

The only thing I'm doing is to install the package and enable this 

    APT::Periodic::Unattended-Upgrade 1;

flag in /etc/apt/apt.conf. But this is done by my automatic system on every
debian/ubuntu system. And I've never noticed a problem before.

> >Wouldn't it be better to just wipe the unattended-upgrades package, if it
> >is of no use at all?
> 
> No no, I was just talking about the systemd service that does the shutdown
> thing.

I'm pretty much confused. When updats/upgrades are done by
apt-daily[-upgrades] anyway, what ist this unattended-upgrades good for?

> [ ... ] I don't understand grub [ ... ]

Me tooo ;-)

> Oh. So once a month there is a chance that some attacker would have found
> your turned-off laptop ;-).

Not really. Normally, I'd never power off my systems. If I do, I reboot
immediately. So nobody would find them in a powered-off state.

NORMALLY.

But there are exceptions: Power outages. Empty battery. Something like that.
Or I have not rebooted immediately for some reason.

Now, THAT's the time I suspect somebody could have messed with the
system. That's the time I reach for the live-cd.

> Well I thank you for your lessons.

Hmmm.. Feels like ironical? :-)

> >>You can still do that because you can install Grub in as many places as
> >>you wish.
> >
> >What would this buy me?
> 
> Multiple places to boot the same system from.
> 
> I mean you can install it on some SD card that you take with you.

Ummm... Been there about 15 years ago. Found SD-cards and USB-sticks to be
very unreliable. Are they more reliable nowadays?

> So it is more likely and common that you would need to create one CD per
> system during the lifetime of its OS.

So that's about a dozen CDs for me.

> >This is ONE cd for all systems.
> 
> Didn't realize you were doing more systems this way.

Well, once the basic structure is installed, there's no additional effort to
actually use it. The checksum-generatig script is installed automatically on
all my systems. So, whenever I install a new system, the verification system
exists there without any effort by my side.

In fact, I also create my own preseeded installation CDs. So I have to
configure only the most basic information (like hostname and domainname). This
installation CD checks out the newest version of my configuration system and
configures everything, includig all those configuration settings I have
mentioned in this thread.

Thus, I get this verification system without any cost. Checksum generating
scripts are installed automatically. And live-CDs are available anywhere
anyway.

Generating individual boot-{CD|SD|Sticks} would be much more effort for
me. Same holds for going through the hell to get encrypted /boot. There's
simple too much manual and error prone fiddling involved.

> On the other hand if you securely lock away an SD-card in your home (or USB
> stick) in some kind of vault or hidden place,
> 
> then you are also guaranteed to have a boot loader that is not tampered
> with.

Yes. But that's a lot of additional effort without any additional benefit. 
I prefer to have the benefit without additional cost.

> These are AM2+ motherboards.

Ah. Myself had only one amd MB. Around Y2000. Was not exactly
reliable. Therefore all my systems are intel (although I sympathize much more
with AMD).

> >Never felt like urgently needing this strange standby-thing. ;-)
> 
> Power consumption and silence in the home and inability to use the computer
> ;-).

Not a big deal with modern hardware. At least as long as you don't want a
gamer-ÜC.

> I sometimes even take the mains out of my house to get away from computers.

Umm. Now THAT'S a nightmare! ;-)

> >This is why TPM was invented. But TPM has other flaws, as you surely know.
> 
> I am not fully aware but hardware encryption just seems like a really bad
> idea.
> 
> It just seems to have the effect of putting control into the arms of the
> manufacturers cq. software vendors.

That's exactly the problem.

-- 
Josef Wolf
jw at raven.inka.de

More information about the ubuntu-users mailing list