summaryrefslogtreecommitdiff
path: root/packages/sys-boot/grub
diff options
context:
space:
mode:
Diffstat (limited to 'packages/sys-boot/grub')
-rw-r--r--packages/sys-boot/grub/files/05-gfxpayload.patch29
-rw-r--r--packages/sys-boot/grub/files/06-KERNEL_GLOBS.patch67
-rw-r--r--packages/sys-boot/grub/files/07-Allow_GRUB_to_mount_ext234_filesystems_that_have_the_encryption_feature.patch140
-rw-r--r--packages/sys-boot/grub/grub-2.02-r5.exheres-0 (renamed from packages/sys-boot/grub/grub-2.02-r4.exheres-0)3
-rw-r--r--packages/sys-boot/grub/grub.exlib10
5 files changed, 243 insertions, 6 deletions
diff --git a/packages/sys-boot/grub/files/05-gfxpayload.patch b/packages/sys-boot/grub/files/05-gfxpayload.patch
new file mode 100644
index 0000000..6c63ef8
--- /dev/null
+++ b/packages/sys-boot/grub/files/05-gfxpayload.patch
@@ -0,0 +1,29 @@
+From e2d5bf1bc6aaaabeba538c1ca94ea8601e4e1474 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Thu, 16 Oct 2014 23:43:51 -0400
+Subject: [PATCH] 10_linux: Default gfxpayload=keep only when booting using efi
+
+vesafb seems to be unreliable when using BIOS compat mode.
+
+---
+ util/grub.d/10_linux.in | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
+index d2e2a8f..a54b888 100644
+--- a/util/grub.d/10_linux.in
++++ b/util/grub.d/10_linux.in
+@@ -104,7 +104,9 @@ linux_entry ()
+ echo " load_video" | sed "s/^/$submenu_indentation/"
+ if grep -qx "CONFIG_FB_EFI=y" "${config}" 2> /dev/null \
+ && grep -qx "CONFIG_VT_HW_CONSOLE_BINDING=y" "${config}" 2> /dev/null; then
+- echo " set gfxpayload=keep" | sed "s/^/$submenu_indentation/"
++ echo ' if [ "x$grub_platform" = xefi ]; then' | sed "s/^/$submenu_indentation/"
++ echo " set gfxpayload=keep" | sed "s/^/$submenu_indentation/"
++ echo ' fi' | sed "s/^/$submenu_indentation/"
+ fi
+ else
+ if [ "x$GRUB_GFXPAYLOAD_LINUX" != xtext ]; then
+--
+2.7.2
+
diff --git a/packages/sys-boot/grub/files/06-KERNEL_GLOBS.patch b/packages/sys-boot/grub/files/06-KERNEL_GLOBS.patch
new file mode 100644
index 0000000..c66ee68
--- /dev/null
+++ b/packages/sys-boot/grub/files/06-KERNEL_GLOBS.patch
@@ -0,0 +1,67 @@
+From 43e3295aaad5278a1e53c5282e2660b72cd76d28 Mon Sep 17 00:00:00 2001
+From: "Robin H. Johnson" <robbat2@gentoo.org>
+Date: Tue, 29 Dec 2015 15:29:14 -0800
+Subject: [PATCH] GRUB_LINUX_KERNEL_GLOBS: configurable kernel selection
+
+* util/grub.d/10_linux.in: Implement GRUB_LINUX_KERNEL_GLOBS
+* docs/grub.texi: Document GRUB_LINUX_KERNEL_GLOBS
+
+Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
+---
+ docs/grub.texi | 5 +++++
+ util/grub.d/10_linux.in | 21 +++++++++++----------
+ 2 files changed, 16 insertions(+), 10 deletions(-)
+
+diff --git a/docs/grub.texi b/docs/grub.texi
+index 9a25a0b..d1129ec 100644
+--- a/docs/grub.texi
++++ b/docs/grub.texi
+@@ -1490,6 +1490,11 @@ This option may be set to a list of GRUB module names separated by spaces.
+ Each module will be loaded as early as possible, at the start of
+ @file{grub.cfg}.
+
++@item GRUB_LINUX_KERNEL_GLOBS
++This option may be set to override the list of path globs used to find Linux
++kernels. The defaults vary by architecture, and generally include both
++@file{/boot} and @file{/}.
++
+ @end table
+
+ The following options are still accepted for compatibility with existing
+diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
+index 859b608..e5ac11d 100644
+--- a/util/grub.d/10_linux.in
++++ b/util/grub.d/10_linux.in
+@@ -145,18 +145,19 @@ EOF
+ }
+
+ machine=`uname -m`
+-case "x$machine" in
++globs="$GRUB_LINUX_KERNEL_GLOBS"
++[ -z "$globs" ] && case "x$machine" in
+ xi?86 | xx86_64)
+- list=
+- for i in /boot/vmlinuz-* /vmlinuz-* /boot/kernel-* ; do
+- if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi
+- done ;;
+- *)
+- list=
+- for i in /boot/vmlinuz-* /boot/vmlinux-* /vmlinuz-* /vmlinux-* /boot/kernel-* ; do
+- if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi
+- done ;;
++ globs="/boot/vmlinuz-* /vmlinuz-* /boot/kernel-*"
++ ;;
++ *)
++ globs="/boot/vmlinuz-* /boot/vmlinux-* /vmlinuz-* /vmlinux-* /boot/kernel-*"
++ ;;
+ esac
++list=
++for i in ${globs} ; do
++ if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi
++done
+
+ case "$machine" in
+ i?86) GENKERNEL_ARCH="x86" ;;
+--
+2.3.0
+
diff --git a/packages/sys-boot/grub/files/07-Allow_GRUB_to_mount_ext234_filesystems_that_have_the_encryption_feature.patch b/packages/sys-boot/grub/files/07-Allow_GRUB_to_mount_ext234_filesystems_that_have_the_encryption_feature.patch
new file mode 100644
index 0000000..22d6292
--- /dev/null
+++ b/packages/sys-boot/grub/files/07-Allow_GRUB_to_mount_ext234_filesystems_that_have_the_encryption_feature.patch
@@ -0,0 +1,140 @@
+From 734668238fcc0ef691a080839e04f33854fa133a Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Thu, 29 Jun 2017 13:27:49 +0000
+Subject: Allow GRUB to mount ext2/3/4 filesystems that have the encryption
+ feature.
+
+On such a filesystem, inodes may have EXT4_ENCRYPT_FLAG set.
+For a regular file, this means its contents are encrypted; for a
+directory, this means the filenames in its directory entries are
+encrypted; and for a symlink, this means its target is encrypted. Since
+GRUB cannot decrypt encrypted contents or filenames, just issue an error
+if it would need to do so. This is sufficient to allow unencrypted boot
+files to co-exist with encrypted files elsewhere on the filesystem.
+
+(Note that encrypted regular files and symlinks will not normally be
+encountered outside an encrypted directory; however, it's possible via
+hard links, so they still need to be handled.)
+
+Tested by booting from an ext4 /boot partition on which I had run
+'tune2fs -O encrypt'. I also verified that the expected error messages
+are printed when trying to access encrypted directories, files, and
+symlinks from the GRUB command line. Also ran 'sudo ./grub-fs-tester
+ext4_encrypt'; note that this requires e2fsprogs v1.43+ and Linux v4.1+.
+
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+---
+ grub-core/fs/ext2.c | 23 ++++++++++++++++++++++-
+ tests/ext234_test.in | 1 +
+ tests/util/grub-fs-tester.in | 10 ++++++++++
+ 3 files changed, 33 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
+index cdce63b..b8ad75a 100644
+--- a/grub-core/fs/ext2.c
++++ b/grub-core/fs/ext2.c
+@@ -102,6 +102,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
+ #define EXT4_FEATURE_INCOMPAT_64BIT 0x0080
+ #define EXT4_FEATURE_INCOMPAT_MMP 0x0100
+ #define EXT4_FEATURE_INCOMPAT_FLEX_BG 0x0200
++#define EXT4_FEATURE_INCOMPAT_ENCRYPT 0x10000
+
+ /* The set of back-incompatible features this driver DOES support. Add (OR)
+ * flags here as the related features are implemented into the driver. */
+@@ -109,7 +110,8 @@ GRUB_MOD_LICENSE ("GPLv3+");
+ | EXT4_FEATURE_INCOMPAT_EXTENTS \
+ | EXT4_FEATURE_INCOMPAT_FLEX_BG \
+ | EXT2_FEATURE_INCOMPAT_META_BG \
+- | EXT4_FEATURE_INCOMPAT_64BIT)
++ | EXT4_FEATURE_INCOMPAT_64BIT \
++ | EXT4_FEATURE_INCOMPAT_ENCRYPT)
+ /* List of rationales for the ignored "incompatible" features:
+ * needs_recovery: Not really back-incompatible - was added as such to forbid
+ * ext2 drivers from mounting an ext3 volume with a dirty
+@@ -138,6 +140,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
+ #define EXT3_JOURNAL_FLAG_DELETED 4
+ #define EXT3_JOURNAL_FLAG_LAST_TAG 8
+
++#define EXT4_ENCRYPT_FLAG 0x800
+ #define EXT4_EXTENTS_FLAG 0x80000
+
+ /* The ext2 superblock. */
+@@ -706,6 +709,12 @@ grub_ext2_read_symlink (grub_fshelp_node_t node)
+ grub_ext2_read_inode (diro->data, diro->ino, &diro->inode);
+ if (grub_errno)
+ return 0;
++
++ if (diro->inode.flags & grub_cpu_to_le32_compile_time (EXT4_ENCRYPT_FLAG))
++ {
++ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "symlink is encrypted");
++ return 0;
++ }
+ }
+
+ symlink = grub_malloc (grub_le_to_cpu32 (diro->inode.size) + 1);
+@@ -749,6 +758,12 @@ grub_ext2_iterate_dir (grub_fshelp_node_t dir,
+ return 0;
+ }
+
++ if (diro->inode.flags & grub_cpu_to_le32_compile_time (EXT4_ENCRYPT_FLAG))
++ {
++ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "directory is encrypted");
++ return 0;
++ }
++
+ /* Search the file. */
+ while (fpos < grub_le_to_cpu32 (diro->inode.size))
+ {
+@@ -859,6 +874,12 @@ grub_ext2_open (struct grub_file *file, const char *name)
+ goto fail;
+ }
+
++ if (fdiro->inode.flags & grub_cpu_to_le32_compile_time (EXT4_ENCRYPT_FLAG))
++ {
++ err = grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "file is encrypted");
++ goto fail;
++ }
++
+ grub_memcpy (data->inode, &fdiro->inode, sizeof (struct grub_ext2_inode));
+ grub_free (fdiro);
+
+diff --git a/tests/ext234_test.in b/tests/ext234_test.in
+index 892b99c..4f1eb52 100644
+--- a/tests/ext234_test.in
++++ b/tests/ext234_test.in
+@@ -30,3 +30,4 @@ fi
+ "@builddir@/grub-fs-tester" ext3
+ "@builddir@/grub-fs-tester" ext4
+ "@builddir@/grub-fs-tester" ext4_metabg
++"@builddir@/grub-fs-tester" ext4_encrypt
+diff --git a/tests/util/grub-fs-tester.in b/tests/util/grub-fs-tester.in
+index 88cbe73..fd7e0f1 100644
+--- a/tests/util/grub-fs-tester.in
++++ b/tests/util/grub-fs-tester.in
+@@ -156,6 +156,12 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do
+ # Could go further but what's the point?
+ MAXBLKSIZE=$((65536*1024))
+ ;;
++ xext4_encrypt)
++ # OS LIMITATION: Linux currently only allows the 'encrypt' feature
++ # in combination with block_size = PAGE_SIZE (4096 bytes on x86).
++ MINBLKSIZE=$(getconf PAGE_SIZE)
++ MAXBLKSIZE=$MINBLKSIZE
++ ;;
+ xext*)
+ MINBLKSIZE=1024
+ if [ $MINBLKSIZE -lt $SECSIZE ]; then
+@@ -796,6 +802,10 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do
+ MKE2FS_DEVICE_SECTSIZE=$SECSIZE "mkfs.ext4" -O meta_bg,^resize_inode -b $BLKSIZE -L "$FSLABEL" -q "${MOUNTDEVICE}"
+ MOUNTFS=ext4
+ ;;
++ xext4_encrypt)
++ MKE2FS_DEVICE_SECTSIZE=$SECSIZE "mkfs.ext4" -O encrypt -b $BLKSIZE -L "$FSLABEL" -q "${MOUNTDEVICE}"
++ MOUNTFS=ext4
++ ;;
+ xext*)
+ MKE2FS_DEVICE_SECTSIZE=$SECSIZE "mkfs.$fs" -b $BLKSIZE -L "$FSLABEL" -q "${MOUNTDEVICE}" ;;
+ xxfs)
+--
+cgit v1.0-41-gc330
+
diff --git a/packages/sys-boot/grub/grub-2.02-r4.exheres-0 b/packages/sys-boot/grub/grub-2.02-r5.exheres-0
index cc5b955..b4e922f 100644
--- a/packages/sys-boot/grub/grub-2.02-r4.exheres-0
+++ b/packages/sys-boot/grub/grub-2.02-r5.exheres-0
@@ -11,5 +11,8 @@ DEFAULT_SRC_PREPARE_PATCHES=(
"${FILES}"/02-support-multiple-early-initrd-images.patch
"${FILES}"/03-relocation.patch
"${FILES}"/04-Fix-packed-not-aligned-error-on-GCC-8.patch
+ "${FILES}"/05-gfxpayload.patch
+ "${FILES}"/06-KERNEL_GLOBS.patch
+ "${FILES}"/07-Allow_GRUB_to_mount_ext234_filesystems_that_have_the_encryption_feature.patch
)
diff --git a/packages/sys-boot/grub/grub.exlib b/packages/sys-boot/grub/grub.exlib
index 702f066..7e686d8 100644
--- a/packages/sys-boot/grub/grub.exlib
+++ b/packages/sys-boot/grub/grub.exlib
@@ -5,12 +5,6 @@ require gnu [ suffix=tar.xz ] \
flag-o-matic \
autotools [ supported_autoconf=[ 2.5 ] supported_automake=[ 1.16 1.15 ] ]
-if ever is_scm ; then
- DOWNLOADS=""
- SCM_REPOSITORY="https://git.savannah.gnu.org/git/${PN}.git"
- require scm-git
-fi
-
export_exlib_phases pkg_setup src_prepare src_configure src_compile src_install
SUMMARY="GRUB (Grand Unified Boot) bootloader"
@@ -22,6 +16,7 @@ MYOPTIONS="
grub-mount [[ description = [ FUSE driver for filesystems that GRUB understands ] ]]
mkfont [[ description = [ Build grub-mkfont which can create GRUB font files ] ]]
pc [[ description = [ Build PC platform support ] ]]
+ themes [[ description = [ Build and install GRUB themes (starfield) ] ]]
( providers: eudev systemd ) [[ number-selected = exactly-one ]]
( efi pc ) [[ number-selected = at-least-one ]]
"
@@ -41,6 +36,7 @@ DEPENDENCIES="
fonts/unifont
media-libs/freetype:2
)
+ themes? ( fonts/dejavu )
build+run:
app-arch/xz
sys-devel/gettext [[ note = [ required for grub-mkconfig, grep gettext in /etc/grub.d ] ]]
@@ -119,6 +115,7 @@ grub_src_configure() {
$(option_enable device-mapper) \
$(option_enable grub-mount) \
$(option_enable mkfont grub-mkfont)
+ $(option_enable themes grub-themes)
fi
if option pc; then
@@ -148,6 +145,7 @@ grub_src_configure() {
$(option_enable device-mapper) \
$(option_enable grub-mount) \
$(option_enable mkfont grub-mkfont)
+ $(option_enable themes grub-themes)
fi
}