grub2/0208-Add-grub2-switch-to-blscfg.patch
Peter Jones 0bcec266a0 Enable TPM measurements
Set the default boot entry to the first entry when we're using BLS.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-04-06 15:42:49 -04:00

349 lines
9.7 KiB
Diff

From 95d9f5c317fb59dbb47c1df531fe5ab6f61e55af Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 15 Mar 2018 14:12:40 -0400
Subject: [PATCH 208/227] Add grub2-switch-to-blscfg
Signed-off-by: Peter Jones <pjones@redhat.com>
---
Makefile.util.def | 7 ++
.gitignore | 2 +
util/grub-switch-to-blscfg.8 | 25 ++++
util/grub-switch-to-blscfg.in | 262 ++++++++++++++++++++++++++++++++++++++++++
4 files changed, 296 insertions(+)
create mode 100644 util/grub-switch-to-blscfg.8
create mode 100644 util/grub-switch-to-blscfg.in
diff --git a/Makefile.util.def b/Makefile.util.def
index 38cdf4ccc09..fe392c24351 100644
--- a/Makefile.util.def
+++ b/Makefile.util.def
@@ -1341,6 +1341,13 @@ program = {
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
};
+script = {
+ name = grub-switch-to-blscfg;
+ common = util/grub-switch-to-blscfg.in;
+ mansection = 8;
+ installdir = sbin;
+};
+
program = {
name = grub-glue-efi;
mansection = 1;
diff --git a/.gitignore b/.gitignore
index 9f258735aaa..4a945596fea 100644
--- a/.gitignore
+++ b/.gitignore
@@ -117,6 +117,8 @@ grub-*.tar.*
/grub*-sparc64-setup.8
/grub*-syslinux2cfg
/grub*-syslinux2cfg.1
+/grub*-switch-to-blscfg
+/grub*-switch-to-blscfg.8
/grub_fstest.pp
/grub_fstest_init.c
/grub_fstest_init.lst
diff --git a/util/grub-switch-to-blscfg.8 b/util/grub-switch-to-blscfg.8
new file mode 100644
index 00000000000..134dfc62a7b
--- /dev/null
+++ b/util/grub-switch-to-blscfg.8
@@ -0,0 +1,25 @@
+.TH GRUB-SWITCH-TO-BLSCFG 1 "Wed Feb 26 2014"
+.SH NAME
+\fBgrub-switch-to-blscfg\fR \(em Switch to using BLS config files.
+
+.SH SYNOPSIS
+\fBgrub-switch-to-blscfg\fR [--grub-directory=\fIDIR\fR] [--config-file=\fIFILE\fR] [--grub-defaults=\fIFILE\fR]
+
+.SH DESCRIPTION
+\fBgrub-switch-to-blscfg\fR reconfigures grub-mkconfig to use BLS-style config files, and then regenerates the GRUB configuration.
+
+.SH OPTIONS
+.TP
+--grub-directory=\fIDIR\fR
+Search for grub.cfg under \fIDIR\fR. The default value is \fI/boot/efi/EFI/\fBVENDOR\fR on UEFI machines and \fI/boot/grub2\fR elsewhere.
+
+.TP
+--config-file=\fIFILE\fR
+The grub config file to use. The default value is \fI/etc/grub2-efi.cfg\fR on UEFI machines and \fI/etc/grub2.cfg\fR elsewhere. Symbolic links will be followed.
+
+.TP
+--grub-defaults=\fIFILE\fR
+The defaults file for grub-mkconfig. The default value is \fI/etc/default/grub\fR.
+
+.SH SEE ALSO
+.BR "info grub"
diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in
new file mode 100644
index 00000000000..3ae5e4ea8d0
--- /dev/null
+++ b/util/grub-switch-to-blscfg.in
@@ -0,0 +1,262 @@
+#! /bin/sh
+#
+# Set a default boot entry for GRUB.
+# Copyright (C) 2004,2009 Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+#set -eu
+
+# Initialize some variables.
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+bindir=@bindir@
+sysconfdir="@sysconfdir@"
+PACKAGE_NAME=@PACKAGE_NAME@
+PACKAGE_VERSION=@PACKAGE_VERSION@
+datarootdir="@datarootdir@"
+datadir="@datadir@"
+if [ ! -v pkgdatadir ]; then
+ pkgdatadir="${datadir}/@PACKAGE@"
+fi
+
+self=`basename $0`
+
+grub_editenv=${bindir}/@grub_editenv@
+etcdefaultgrub=/etc/default/grub
+
+EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/')
+if [ -d /sys/firmware/efi/efivars/ ]; then
+ startlink=/etc/grub2-efi.cfg
+ grubdir=`echo "/@bootdirname@/efi/EFI/${EFIDIR}/" | sed 's,//*,/,g'`
+ blsdir=`echo "/@bootdirname@/efi/EFI/${EFIDIR}/loader/entries" | sed 's,//*,/,g'`
+else
+ startlink=/etc/grub2.cfg
+ grubdir=`echo "/@bootdirname@/@grubdirname@" | sed 's,//*,/,g'`
+ blsdir=`echo "/@bootdirname@" | sed 's,//*,/,g'`
+fi
+
+backupsuffix=.bak
+
+export TEXTDOMAIN=@PACKAGE@
+export TEXTDOMAINDIR="@localedir@"
+
+. "${pkgdatadir}/grub-mkconfig_lib"
+
+# Usage: usage
+# Print the usage.
+usage () {
+ gettext_printf "Usage: %s\n" "$self"
+ gettext "Switch to BLS config files.\n"; echo
+ echo
+ print_option_help "-h, --help" "$(gettext "print this message and exit")"
+ print_option_help "-V, --version" "$(gettext "print the version information and exit")"
+ echo
+ print_option_help "--backup-suffix=$(gettext "SUFFIX")" "$backupsuffix"
+ print_option_help "--bls-directory=$(gettext "DIR")" "$blsdir"
+ print_option_help "--config-file=$(gettext "FILE")" "$startlink"
+ print_option_help "--grub-defaults=$(gettext "FILE")" "$etcdefaultgrub"
+ print_option_help "--grub-directory=$(gettext "DIR")" "$grubdir"
+ # echo
+ # gettext "Report bugs to <bug-grub@gnu.org>."; echo
+}
+
+argument () {
+ opt=$1
+ shift
+
+ if test $# -eq 0; then
+ gettext_printf "%s: option requires an argument -- \`%s'\n" "$self" "$opt" 1>&2
+ exit 1
+ fi
+ echo $1
+}
+
+# Check the arguments.
+while test $# -gt 0
+do
+ option=$1
+ shift
+
+ case "$option" in
+ -h | --help)
+ usage
+ exit 0 ;;
+ -V | --version)
+ echo "$self (${PACKAGE_NAME}) ${PACKAGE_VERSION}"
+ exit 0 ;;
+
+ --backup-suffix)
+ backupsuffix=`argument $option "$@"`
+ shift
+ ;;
+ --backup-suffix=*)
+ backupsuffix=`echo "$option" | sed 's/--backup-suffix=//'`
+ ;;
+
+ --bls-directory)
+ blsdir=`argument $option "$@"`
+ shift
+ ;;
+ --bls-directory=*)
+ blsdir=`echo "$option" | sed 's/--bls-directory=//'`
+ ;;
+
+ --config-file)
+ startlink=`argument $option "$@"`
+ shift
+ ;;
+ --config-file=*)
+ startlink=`echo "$option" | sed 's/--config-file=//'`
+ ;;
+
+ --grub-defaults)
+ etcdefaultgrub=`argument $option "$@"`
+ shift
+ ;;
+ --grub-defaults=*)
+ etcdefaultgrub=`echo "$option" | sed 's/--grub-defaults=//'`
+ ;;
+
+ --grub-directory)
+ grubdir=`argument $option "$@"`
+ shift
+ ;;
+ --grub-directory=*)
+ grubdir=`echo "$option" | sed 's/--grub-directory=//'`
+ ;;
+
+ *)
+ gettext_printf "Unrecognized option \`%s'\n" "$option" 1>&2
+ usage
+ exit 1
+ ;;
+ esac
+done
+
+find_grub_cfg() {
+ local candidate=""
+ while [[ -e "${candidate}" || $# -gt 0 ]]
+ do
+ if [[ ! -e "${candidate}" ]] ; then
+ candidate="$1"
+ shift
+ fi
+
+ if [[ -L "${candidate}" ]]; then
+ candidate="$(realpath "${candidate}")"
+ fi
+
+ if [[ -f "${candidate}" ]]; then
+ export GRUB_CONFIG_FILE="${candidate}"
+ return 0
+ fi
+ done
+ return 1
+}
+
+if ! find_grub_cfg ${startlink} ${grubdir}/grub.cfg ; then
+ gettext_printf "Couldn't find config file\n" 1>&2
+ exit 1
+fi
+
+if [[ ! -d "${blsdir}" ]]; then
+ install -m 700 -d "${blsdir}"
+fi
+
+if [[ -f /etc/machine-id ]]; then
+ MACHINE_ID=$(cat /etc/machine-id)
+else
+ MACHINE_ID=$(dmesg | sha256sum)
+fi
+
+mkbls() {
+ local kernelver=$1 && shift
+ local datetime=$1 && shift
+
+ local debugname=""
+ local flavor=""
+
+ if [[ "$kernelver" == *\+* ]] ; then
+ local flavor=-"${kernelver##*+}"
+ if [[ "${flavor}" == "-debug" ]]; then
+ local debugname=" with debugging"
+ fi
+ fi
+ (
+ source /etc/os-release
+
+ cat <<EOF
+title ${NAME} (${kernelver}) ${VERSION}${debugname}
+linux /vmlinuz-${kernelver}
+initrd /initramfs-${kernelver}.img
+options \$kernelopts
+id ${ID}-${datetime}-${kernelver}
+grub_users \$grub_users
+grub_arg --unrestricted
+grub_class kernel${flavor}
+EOF
+ ) | cat
+}
+
+for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do
+ if [[ ! -d "/lib/modules/${kernelver}" ]] ; then
+ continue
+ fi
+ if [[ ! -f "/boot/vmlinuz-${kernelver}" ]]; then
+ continue
+ fi
+ bls_target="${blsdir}/${MACHINE_ID}-${kernelver}.conf"
+ kernel_dir="/lib/modules/${kernelver}"
+ if [[ -f "${kernel_dir}/bls.conf" ]]; then
+ cp -af "${kernel_dir}/bls.conf" "${bls_target}"
+ else
+ mkbls "${kernelver}" \
+ "$(date -u +%Y%m%d%H%M%S -d "$(stat -c '%y' "${kernel_dir}")")" \
+ >"${bls_target}"
+ fi
+done
+
+GENERATE=0
+if grep '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" \
+ | grep -vq '^GRUB_ENABLE_BLSCFG="*true"*\s*$' ; then
+ if ! sed -i"${backupsuffix}" \
+ -e 's,^GRUB_ENABLE_BLSCFG=.*,GRUB_ENABLE_BLSCFG=true,' \
+ "${etcdefaultgrub}" ; then
+ gettext_printf "Updating %s failed\n" "${etcdefaultgrub}"
+ exit 1
+ fi
+ GENERATE=1
+elif ! grep -q '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" ; then
+ if ! echo 'GRUB_ENABLE_BLSCFG=true' >> "${etcdefaultgrub}" ; then
+ gettext_printf "Updating %s failed\n" "${etcdefaultgrub}"
+ exit 1
+ fi
+ GENERATE=1
+fi
+
+if [[ "${GENERATE}" -eq 1 ]] ; then
+ cp -af "${GRUB_CONFIG_FILE}" "${GRUB_CONFIG_FILE}${backupsuffix}"
+ if ! grub2-mkconfig -o "${GRUB_CONFIG_FILE}" ; then
+ cp -af "${GRUB_CONFIG_FILE}${backupsuffix}" "${GRUB_CONFIG_FILE}"
+ sed -i"${backupsuffix}" \
+ -e 's,^GRUB_ENABLE_BLSCFG=.*,GRUB_ENABLE_BLSCFG=false,' \
+ /etc/default/grub
+ gettext_printf "Updating %s failed\n" "${GRUB_CONFIG_FILE}"
+ exit 1
+ fi
+fi
+
+# Bye.
+exit 0
--
2.15.0