Hello,

> On 6 Jul 2022, at 20:36, Peter Müller <peter.mueller(a)ipfire.org> wrote:
> 
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> ---
> config/rootfiles/core/170/update.sh | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/config/rootfiles/core/170/update.sh b/config/rootfiles/core/170/update.sh
> index 8edb5ff2e..c9744f5f5 100644
> --- a/config/rootfiles/core/170/update.sh
> +++ b/config/rootfiles/core/170/update.sh
> @@ -49,8 +49,11 @@ ldconfig
> 
> # Start services
> 
> +# Harden mount options of /boot
> +sed -e -i "s/[[:space:]]*\/boot[[:space:]]*auto[[:space:]]*defaults[[:space:]]*/ \/boot    auto defaults,nodev,noexec,nosuid   /g" /etc/fstab

This is probably longer than it needs to. To keep regular expressions more readable, I would suggest the following:

* Use \s instead of [[:space:]]. The latter is probably easier if you are not familiar with \s, but very hard to read.

* If you know that you are going to have slashes, use a different delimiter character. So instead of s/A\/B/C\/D/ you could also write s(a)A/B(a)C/D@ which is a lot easier to read.

* I am not convinced editing /etc/fstab like this is a good idea, but we don’t seem to have any other option.

> +
> # This update needs a reboot...
> -#touch /var/run/need_reboot
> +touch /var/run/need_reboot

Why do we need to reboot? Can we not remount?

> 
> # Finish
> /etc/init.d/fireinfo start
> -- 
> 2.35.3