2

On Linux, I'm looking for a way to run grub-install <device> and update-grub in a chrooted environment without some devices being taken into account by GRUB (I don't want them to appear at boot).

From a system on a disk A, I want to chroot to a disk B with its own system, to install grub there. So grub installs itself on B with entries A and B. It works but when I boot disk B (without A) I see all the entries (including A), which I don't want. Hence my question.

What I tested...

When I booted a fresh Debian Buster install on a disk /dev/sda with a second disk /dev/sdb with too a fresh Debian Buster install, I had :

root@buster:~# blkid -s UUID
/dev/sda1: UUID="0505963d-a522-415c-ba85-57bac4b7e0ae"
/dev/sda5: UUID="40e956ea-05c7-4099-b9c8-3b0c97780db0"
/dev/sdb1: UUID="afc267fa-5f9b-464a-b9c0-02437f83b28f"
/dev/sdb5: UUID="ae03e23b-cdbf-4b46-96d1-0f1b0b5ac13b"

=> 2 disks are listed

The GRUB menu boot was (I wrote a command to display UUID too and the result is in french) :

Debian GNU/Linux [0505963d-a522-415c-ba85-57bac4b7e0ae]
Options avancées pour Debian GNU/Linux [0505963d-a522-415c-ba85-57bac4b7e0ae]

=> only /dev/sda1 is concerned

So, I prepared the chroot environment :

root@buster:~# DEST=/dev/sdb
root@buster:~# mkdir -p /mnt${DEST}1
root@buster:~# mount -t ext4 ${DEST}1 /mnt${DEST}1
root@buster:~# for i in /dev /proc /sys /run /sys ; \
               do mount -B $i /mnt${DEST}1$i ; done
root@buster:~# DEST=$DEST chroot /mnt${DEST}1

From the chrooted environment :

root@buster:/# cat /etc/fstab 
...
UUID=afc267fa-5f9b-464a-b9c0-02437f83b28f /               ext4    ...
UUID=ae03e23b-cdbf-4b46-96d1-0f1b0b5ac13b none            swap    ...

root@buster:/# blkid -s UUID
/dev/sda1: UUID="0505963d-a522-415c-ba85-57bac4b7e0ae"
/dev/sda5: UUID="40e956ea-05c7-4099-b9c8-3b0c97780db0"
/dev/sdb1: UUID="afc267fa-5f9b-464a-b9c0-02437f83b28f"
/dev/sdb5: UUID="ae03e23b-cdbf-4b46-96d1-0f1b0b5ac13b"

=> the chrooted environment saw the same things as the NON-chrooted one

I installed grub on it :

root@buster:/# grub-install ${DEST}
root@buster:/# update-grub

=> success, no errors !

But when the GRUB menu is displayed (the same command as these used above) :

Debian GNU/Linux [afc267fa-5f9b-464a-b9c0-02437f83b28f]
Options avancées pour Debian GNU/Linux [afc267fa-5f9b-464a-b9c0-02437f83b28f]
Debian GNU/Linux 10 (buster) (sur /dev/sda1) [0505963d-a522-415c-ba85-57bac4b7e0ae]
Options avancées pour Debian GNU/Linux 10 (buster) (sur /dev/sda1) [0505963d-a522-415c-ba85-57bac4b7e0ae]

=> the partitions /dev/sdb1 and /dev/sda1 are listed, but I do NOT want /dev/sda1

So I am looking for a way to install GRUB in a chrooted environment without some devices being taken into account by GRUB.

I searched in web but I did not find a way to achieve this and if it is possible. How can I do it?

OK so I found a solution that more or less satisfies me which is pretty system agnostic.

The idea is to make os-prober NOT executable before installing GRUB and reverting back after (source of idea) :

os_prober_path=$( which os-prober ) && perms=$( getfacl -e $os_prober_path ) \ 
  && chmod a-x $os_prober_path
grub-install ${DEST}
update-grub
[[ $os_prober_path ]] && echo "$perms" |setfacl -M- $os_prober_path

Finally we have :

# needs : gawk acl
DEST=/dev/sdb
mkdir -p /mnt${DEST}1
mount -t ext4 ${DEST}1 /mnt${DEST}1
for i in /dev /proc /sys /run /sys ; do mount -B $i /mnt${DEST}1$i; done
DEST=$DEST chroot /mnt${DEST}1
os_prober_path=$( which os-prober ) && perms=$( getfacl -e $os_prober_path ) \
  && chmod a-x $os_prober_path
grub-install ${DEST}
update-grub
[[ $os_prober_path ]] && echo "$perms" |setfacl -M- $os_prober_path
exit
for i in /dev /proc /sys /run /sys ; do umount -l /mnt${DEST}1$i; done
umount -l /mnt${DEST}1
rmdir /mnt${DEST}1

But I always search a way to disable some devices. So if you have another idea...

Le Nain Jaune
  • 135
  • 9
  • 1
    I don't think it's possible. The `/dev/` directory is populated by the kernel. What do you mean by "I don't want them to appear at boot"? What does boot have to do with chroot? I think you should introduce the question with some motivation about what you are really trying to achieve, because this seems like an XY Problem https://meta.stackexchange.com/questions/66377/what-is-the-xy-problem – cryptarch Feb 12 '21 at 18:48
  • Can you add that information to the question, along with some output or a picture showing the undesirable behaviour? – cryptarch Feb 12 '21 at 19:07
  • You've directly mounted /dev into your chroot environment so devfs is directly in your chroot. If anything is going to work then it will be to NOT use devfs. Instead make a dummy /dev by copying over the device files, being careful to remove (not copy) any devices you want to hide. I believe OS prober mounts partitions for itself. So it effectively ignores mount points. – Philip Couling Feb 15 '21 at 20:18
  • It would be better to state which Linux you are using. Some grub scripts can be OS dependant. – Philip Couling Feb 15 '21 at 20:21
  • @PhilipCouling From what I understand my systems do not use devfs manager but instead they use udev. I do not found a way to create a dummy device (from past I ever create a dummy ethernet interface but not a device). How do you do that ? – Le Nain Jaune Feb 16 '21 at 08:38
  • @PhilipCouling for these tests I use some Debian Buster distros but I prefere to not specialize for a given system. – Le Nain Jaune Feb 16 '21 at 08:41
  • @PhilipCouling I tried in the chrooted environment, removing unwanted devices with `rm /dev/sda*`, it seemed to work because I could reboot on this new device (I am surprise that we can delete a device) but when I left the "chroot" I noticed that the system (the NON chrooted system) also does not see deleted devices, which is not what I want – Le Nain Jaune Feb 16 '21 at 10:35
  • @PhilipCouling I tried makedev which from what I understand is intendend to create devices. Before chrooting, I created some dummy devices and mount all the desired devices with `cd /mnt${DEST}1/dev ; MAKEDEV sdb ; for i in /dev/sdb /dev/sdb1 /dev/sdb5 /proc /sys /run /sys ; do mount -B $i /mnt${DEST}1$i; done` but in "chrooted" I do not managed to install GRUB, which returned the error "/dev/log not found" but when I tried to add this device (a dependence ?) with `MAKEDEV log` I got "/usr/sbin/MAKEDEV: don't know how to make device log), furthermore the system did not boot as is. – Le Nain Jaune Feb 16 '21 at 10:44
  • @PhilipCouling For info I installed this [makedev](https://packages.debian.org/buster/makedev) package (see also the [man](http://manpages.ubuntu.com/manpages/xenial/man8/MAKEDEV.8.html)) – Le Nain Jaune Feb 16 '21 at 11:08

1 Answers1

1

It looks like you are trying are trying to control the way grub menus are generated. These are generally configured from scripts in /etc/grub.d. I believe the one you are specifically interested in is "os-prober" which finds other installed operating systems.

Of course if you wanted to remove all other operating systems you could just disable os-prober all togeather with chmod ugo-x /etc/grub.d/30_os-prober to stop the script being executable.

The normal case is that other operating systems are not mounted, so the mount points are unlikely to affect the way this script behaves. From memory it attempts to mount drives to investigate what's installed on them.

I see from your scripts that you are bind mounting /dev into your chroot environment. If it's possible to control os-prober then it will be by removing drives from /dev.
You could try copying the device files instead of bind mounting /dev. Then you are free to delete whichever you wish before running update-grub.

Failing that I'm afraid you might be forced to completely disable os-prober and then create your own script that mimics it minus the unwanted drives.

Philip Couling
  • 17,591
  • 5
  • 42
  • 82
  • Yes I want to control it but without modifying the different scripts (it is why I want to hide this extra devices to its). I tried to disable temporarily **/etc/grub.d/30_os-prober** and that worked. But this solution seems OS dependent. I would prefer a solution passed to chroot environment with a dummy device command like **makedev** – Le Nain Jaune Feb 16 '21 at 12:54
  • I found an alternative to disable **os-prober** which is more OS-agnostic [here](https://unix.stackexchange.com/questions/56004/how-to-stop-update-grub-from-scanning-all-drives/59787#59787) – Le Nain Jaune Feb 17 '21 at 12:03