He's got a serious concern, and even plugging the power adapter into "a good UPS" you still have the non-locking and easy-to-dislodge USB connector. He's not alone in wishing to prevent file system corruption.
I don't know why we should be discussing the reasoning behind it. This should be basics for embedded consumer systems.
These systems usually don't reside in a locked server room and a lot of mishaps can happen even when you have a "good" UPS. From your cat to your child, by your own error and what not can interfere with the system and render it inoperable and possibly hard to recover when all you have is an inaccessible JTAG and non-removable storage media.
At least on the Pi i can remove the SD card and check it externally offline, but as another point SD cards are not very stable if you write to them a lot. The three broken SD cards (SanDisk) from various Pi systems in front of me tell me to change something.
As you quoted, the mounting of root / and /boot on LEDE seems not to be done through /etc/options/fstab as it doesn't exist. This info is found on wiki pages, but the mount mechanism has apparently changed. The info how to modify this mount process and also how to force file system checking of partitions before mount is nowhere to be found for LEDE. This is what my other thread is about.
My plan was to use or configure the appropriate LEDE files for fsck of filesystems at boot and have the file systems used in read-only mode, which both seems to be no standard use case in LEDE so far. At least i am still not knowing the standard procedure for both.
The option where i am at right now is to boot the system until userspace is running and then execute a shell script with root privileges to remount /boot and root / in read-only mode, have fsck run on both filesystems and leave them read-only until next reboot where the procedure then executed again. The standard way on other Linux systems is to tell the kernel to fsck the filesystems on mount and never to enter read-write mode, which is safer in case the boot process crashes badly and destroys the filesystem.
Thanks, but this is not adding information how the filesystems are brought up in LEDE and where they are remounted to read-write and why no filecheck is done when the filesystems are dirty.
I have tried as written in the article....installed block-mount, created /etc/config/fstab with block detect and activated fstab usage and rebooted.
For the filesystems i used the following switches:
option options 'ro,sync'
option enabled '1'
It didn't change any attributes in the mounted filesystems. Possibly the fstab in LEDE is only affecting filesystems to be mounted after boot...(the non-essential filesystems for booting).
I need to modify the original mount parameters. To my knowledge mounting at boot is executed among other mechanics by:
/lib/preinit/80_mount_root
and within this file by "mount_root" which is a binary in /sbin where i don't seen configuration options.
Also i think this only mounts root and i am not sure where the remaining like /boot is mounted.
I think the first mount of root / is done by the kernel; then root / gets remounted to read-write by 80_mount_root. Please correct me if i am wrong.
Early filesystem mounting happens in various places, depending on the target and image type. Usually root, overlay and overlyfs are mounted by fstools which in turn are invoked by preinit during boot. Supplementary filesystems like /tmp, /sys etc. are directly monted by procd during boot.
The simplest solution to your problem is adding an appropriate mount / -o remount,ro call using a custom script in /lib/preinit/.
This seems to be working for me, after moving udevd's /run/udev to /tmp (wonder why udevd doesn't have its directory in /tmp by default as do all other programs/daemons)
Mounting is not configurable, since it is done by a binary, so you need to comment it out:
mount_root
For /boot it is:
79_move_config
Mounting is configurable, since it uses mount, so you can configure it from rw to ro:
mount -t vfat -o rw,noatime $BOOTPART /boot
These changes will force the system to stay read-only on media-based filesystems at boot.
But it will break applying a sysupgrade.tgz which i don't use. It would be better if all this was configurable with a boot-switch, but this is up to developers to decide.