pool/grub2
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
factory
grub2/0010-templates-import-etc-crypttab-to-grub.cfg.patch
Michael Chang 8ee92f5194 Accepting request 1105405 from home:michael-chang:grub:2.12rc1 
- Implement NV index mode for TPM 2.0 key protector
  0001-protectors-Implement-NV-index.patch
- Fall back to passphrase mode when the key protector fails to
  unlock the disk
  0002-cryptodisk-Fallback-to-passphrase.patch
- Wipe out the cached key cleanly
  0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch
- Make diskfiler to look up cryptodisk devices first
  0004-diskfilter-look-up-cryptodisk-devices-first.patch

- Version bump to 2.12~rc1
  * Added:
    - grub-2.12~rc1.tar.xz
  * Removed:
    - grub-2.06.tar.xz
  * Patch dropped merged by new version:
    - grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch
    - grub2-s390x-02-kexec-module-added-to-emu.patch
    - grub2-efi-chainloader-root.patch
    - grub2-Fix-incorrect-netmask-on-ppc64.patch
    - 0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch
    - 0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch
    - 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch
    - grub2-s390x-10-keep-network-at-kexec.patch
    - 0001-Fix-build-error-in-binutils-2.36.patch
    - 0001-emu-fix-executable-stack-marking.patch
    - 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch
    - 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch
    - 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch
    - 0001-Filter-out-POSIX-locale-for-translation.patch

OBS-URL: https://build.opensuse.org/request/show/1105405
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=458
2023-08-24 03:25:56 +00:00

88 lines
2.5 KiB
Diff
Raw Permalink Blame History

From 2d3130c289b293269dcf558a26674f83f77729a6 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Tue, 14 Jun 2022 17:10:01 +0800
Subject: [PATCH 10/10] templates: import /etc/crypttab to grub.cfg
The /etc/crypptab is used to setup location of encryption key files during
boot, among other things. It is useful to make use the information by grub to
determine where keys are being looked up.
This script can be used to import relevant /etc/crypptab entry to grub.cfg.
Signed-off-by: Michael Chang <mchang@suse.com>
---
Makefile.util.def | 7 ++++++
util/grub.d/05_crypttab.in | 50 +++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 57 insertions(+)
create mode 100644 util/grub.d/05_crypttab.in
--- a/Makefile.util.def
+++ b/Makefile.util.def
@@ -483,6 +483,13 @@
};
script = {
+ name = '05_crypttab';
+ common = util/grub.d/05_crypttab.in;
+ installdir = grubconf;
+ condition = COND_HOST_LINUX;
+};
+
+script = {
name = '10_windows';
common = util/grub.d/10_windows.in;
installdir = grubconf;
--- /dev/null
+++ b/util/grub.d/05_crypttab.in
@@ -0,0 +1,50 @@
+#! /bin/sh
+set -e
+
+# grub-mkconfig helper script.
+# Copyright (C) 2022 Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+prefix="@prefix@"
+exec_prefix="@exec_prefix@"
+datarootdir="@datarootdir@"
+
+export TEXTDOMAIN=@PACKAGE@
+export TEXTDOMAINDIR="@localedir@"
+
+. "$pkgdatadir/grub-mkconfig_lib"
+
+CRYPTTAB=/etc/crypttab
+
+if [ -r "$CRYPTTAB" ]; then
+ awk '
+ /^\s*#/ || $3 ~ /(^\/dev\/|^\/proc\/|^\/sys\/|:)/ { next }
+ { key[0] = $3 }
+ $3 ~ /(^$|none|-)/ {
+ key[0] = "/etc/cryptsetup-keys.d/" $1 ".key"
+ key[1] = "/run/cryptsetup-keys.d/" $1 ".key"
+ }
+ {
+ for (d in key)
+ if (system("test -f " key[d]) == 0)
+ next
+ }
+ /UUID=/ {
+ sub(/UUID=/,"",$2);
+ gsub(/-/,"",$2);
+ printf("crypttab_entry %s %s %s\n",$1,$2,$3)
+ }
+ ' "$CRYPTTAB"
+fi
Reference in New Issue View Git Blame Copy Permalink