diff options
Diffstat (limited to 'packages/sys-boot/grub')
-rw-r--r-- | packages/sys-boot/grub/files/05-gfxpayload.patch | 29 | ||||
-rw-r--r-- | packages/sys-boot/grub/files/06-KERNEL_GLOBS.patch | 67 | ||||
-rw-r--r-- | packages/sys-boot/grub/files/07-Allow_GRUB_to_mount_ext234_filesystems_that_have_the_encryption_feature.patch | 140 | ||||
-rw-r--r-- | packages/sys-boot/grub/grub-2.02-r5.exheres-0 (renamed from packages/sys-boot/grub/grub-2.02-r4.exheres-0) | 3 | ||||
-rw-r--r-- | packages/sys-boot/grub/grub.exlib | 10 |
5 files changed, 243 insertions, 6 deletions
diff --git a/packages/sys-boot/grub/files/05-gfxpayload.patch b/packages/sys-boot/grub/files/05-gfxpayload.patch new file mode 100644 index 0000000..6c63ef8 --- /dev/null +++ b/packages/sys-boot/grub/files/05-gfxpayload.patch @@ -0,0 +1,29 @@ +From e2d5bf1bc6aaaabeba538c1ca94ea8601e4e1474 Mon Sep 17 00:00:00 2001 +From: Mike Gilbert <floppym@gentoo.org> +Date: Thu, 16 Oct 2014 23:43:51 -0400 +Subject: [PATCH] 10_linux: Default gfxpayload=keep only when booting using efi + +vesafb seems to be unreliable when using BIOS compat mode. + +--- + util/grub.d/10_linux.in | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index d2e2a8f..a54b888 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -104,7 +104,9 @@ linux_entry () + echo " load_video" | sed "s/^/$submenu_indentation/" + if grep -qx "CONFIG_FB_EFI=y" "${config}" 2> /dev/null \ + && grep -qx "CONFIG_VT_HW_CONSOLE_BINDING=y" "${config}" 2> /dev/null; then +- echo " set gfxpayload=keep" | sed "s/^/$submenu_indentation/" ++ echo ' if [ "x$grub_platform" = xefi ]; then' | sed "s/^/$submenu_indentation/" ++ echo " set gfxpayload=keep" | sed "s/^/$submenu_indentation/" ++ echo ' fi' | sed "s/^/$submenu_indentation/" + fi + else + if [ "x$GRUB_GFXPAYLOAD_LINUX" != xtext ]; then +-- +2.7.2 + diff --git a/packages/sys-boot/grub/files/06-KERNEL_GLOBS.patch b/packages/sys-boot/grub/files/06-KERNEL_GLOBS.patch new file mode 100644 index 0000000..c66ee68 --- /dev/null +++ b/packages/sys-boot/grub/files/06-KERNEL_GLOBS.patch @@ -0,0 +1,67 @@ +From 43e3295aaad5278a1e53c5282e2660b72cd76d28 Mon Sep 17 00:00:00 2001 +From: "Robin H. Johnson" <robbat2@gentoo.org> +Date: Tue, 29 Dec 2015 15:29:14 -0800 +Subject: [PATCH] GRUB_LINUX_KERNEL_GLOBS: configurable kernel selection + +* util/grub.d/10_linux.in: Implement GRUB_LINUX_KERNEL_GLOBS +* docs/grub.texi: Document GRUB_LINUX_KERNEL_GLOBS + +Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> +--- + docs/grub.texi | 5 +++++ + util/grub.d/10_linux.in | 21 +++++++++++---------- + 2 files changed, 16 insertions(+), 10 deletions(-) + +diff --git a/docs/grub.texi b/docs/grub.texi +index 9a25a0b..d1129ec 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -1490,6 +1490,11 @@ This option may be set to a list of GRUB module names separated by spaces. + Each module will be loaded as early as possible, at the start of + @file{grub.cfg}. + ++@item GRUB_LINUX_KERNEL_GLOBS ++This option may be set to override the list of path globs used to find Linux ++kernels. The defaults vary by architecture, and generally include both ++@file{/boot} and @file{/}. ++ + @end table + + The following options are still accepted for compatibility with existing +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 859b608..e5ac11d 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -145,18 +145,19 @@ EOF + } + + machine=`uname -m` +-case "x$machine" in ++globs="$GRUB_LINUX_KERNEL_GLOBS" ++[ -z "$globs" ] && case "x$machine" in + xi?86 | xx86_64) +- list= +- for i in /boot/vmlinuz-* /vmlinuz-* /boot/kernel-* ; do +- if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi +- done ;; +- *) +- list= +- for i in /boot/vmlinuz-* /boot/vmlinux-* /vmlinuz-* /vmlinux-* /boot/kernel-* ; do +- if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi +- done ;; ++ globs="/boot/vmlinuz-* /vmlinuz-* /boot/kernel-*" ++ ;; ++ *) ++ globs="/boot/vmlinuz-* /boot/vmlinux-* /vmlinuz-* /vmlinux-* /boot/kernel-*" ++ ;; + esac ++list= ++for i in ${globs} ; do ++ if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi ++done + + case "$machine" in + i?86) GENKERNEL_ARCH="x86" ;; +-- +2.3.0 + diff --git a/packages/sys-boot/grub/files/07-Allow_GRUB_to_mount_ext234_filesystems_that_have_the_encryption_feature.patch b/packages/sys-boot/grub/files/07-Allow_GRUB_to_mount_ext234_filesystems_that_have_the_encryption_feature.patch new file mode 100644 index 0000000..22d6292 --- /dev/null +++ b/packages/sys-boot/grub/files/07-Allow_GRUB_to_mount_ext234_filesystems_that_have_the_encryption_feature.patch @@ -0,0 +1,140 @@ +From 734668238fcc0ef691a080839e04f33854fa133a Mon Sep 17 00:00:00 2001 +From: Eric Biggers <ebiggers@google.com> +Date: Thu, 29 Jun 2017 13:27:49 +0000 +Subject: Allow GRUB to mount ext2/3/4 filesystems that have the encryption + feature. + +On such a filesystem, inodes may have EXT4_ENCRYPT_FLAG set. +For a regular file, this means its contents are encrypted; for a +directory, this means the filenames in its directory entries are +encrypted; and for a symlink, this means its target is encrypted. Since +GRUB cannot decrypt encrypted contents or filenames, just issue an error +if it would need to do so. This is sufficient to allow unencrypted boot +files to co-exist with encrypted files elsewhere on the filesystem. + +(Note that encrypted regular files and symlinks will not normally be +encountered outside an encrypted directory; however, it's possible via +hard links, so they still need to be handled.) + +Tested by booting from an ext4 /boot partition on which I had run +'tune2fs -O encrypt'. I also verified that the expected error messages +are printed when trying to access encrypted directories, files, and +symlinks from the GRUB command line. Also ran 'sudo ./grub-fs-tester +ext4_encrypt'; note that this requires e2fsprogs v1.43+ and Linux v4.1+. + +Signed-off-by: Eric Biggers <ebiggers@google.com> +--- + grub-core/fs/ext2.c | 23 ++++++++++++++++++++++- + tests/ext234_test.in | 1 + + tests/util/grub-fs-tester.in | 10 ++++++++++ + 3 files changed, 33 insertions(+), 1 deletion(-) + +diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c +index cdce63b..b8ad75a 100644 +--- a/grub-core/fs/ext2.c ++++ b/grub-core/fs/ext2.c +@@ -102,6 +102,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); + #define EXT4_FEATURE_INCOMPAT_64BIT 0x0080 + #define EXT4_FEATURE_INCOMPAT_MMP 0x0100 + #define EXT4_FEATURE_INCOMPAT_FLEX_BG 0x0200 ++#define EXT4_FEATURE_INCOMPAT_ENCRYPT 0x10000 + + /* The set of back-incompatible features this driver DOES support. Add (OR) + * flags here as the related features are implemented into the driver. */ +@@ -109,7 +110,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); + | EXT4_FEATURE_INCOMPAT_EXTENTS \ + | EXT4_FEATURE_INCOMPAT_FLEX_BG \ + | EXT2_FEATURE_INCOMPAT_META_BG \ +- | EXT4_FEATURE_INCOMPAT_64BIT) ++ | EXT4_FEATURE_INCOMPAT_64BIT \ ++ | EXT4_FEATURE_INCOMPAT_ENCRYPT) + /* List of rationales for the ignored "incompatible" features: + * needs_recovery: Not really back-incompatible - was added as such to forbid + * ext2 drivers from mounting an ext3 volume with a dirty +@@ -138,6 +140,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); + #define EXT3_JOURNAL_FLAG_DELETED 4 + #define EXT3_JOURNAL_FLAG_LAST_TAG 8 + ++#define EXT4_ENCRYPT_FLAG 0x800 + #define EXT4_EXTENTS_FLAG 0x80000 + + /* The ext2 superblock. */ +@@ -706,6 +709,12 @@ grub_ext2_read_symlink (grub_fshelp_node_t node) + grub_ext2_read_inode (diro->data, diro->ino, &diro->inode); + if (grub_errno) + return 0; ++ ++ if (diro->inode.flags & grub_cpu_to_le32_compile_time (EXT4_ENCRYPT_FLAG)) ++ { ++ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "symlink is encrypted"); ++ return 0; ++ } + } + + symlink = grub_malloc (grub_le_to_cpu32 (diro->inode.size) + 1); +@@ -749,6 +758,12 @@ grub_ext2_iterate_dir (grub_fshelp_node_t dir, + return 0; + } + ++ if (diro->inode.flags & grub_cpu_to_le32_compile_time (EXT4_ENCRYPT_FLAG)) ++ { ++ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "directory is encrypted"); ++ return 0; ++ } ++ + /* Search the file. */ + while (fpos < grub_le_to_cpu32 (diro->inode.size)) + { +@@ -859,6 +874,12 @@ grub_ext2_open (struct grub_file *file, const char *name) + goto fail; + } + ++ if (fdiro->inode.flags & grub_cpu_to_le32_compile_time (EXT4_ENCRYPT_FLAG)) ++ { ++ err = grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "file is encrypted"); ++ goto fail; ++ } ++ + grub_memcpy (data->inode, &fdiro->inode, sizeof (struct grub_ext2_inode)); + grub_free (fdiro); + +diff --git a/tests/ext234_test.in b/tests/ext234_test.in +index 892b99c..4f1eb52 100644 +--- a/tests/ext234_test.in ++++ b/tests/ext234_test.in +@@ -30,3 +30,4 @@ fi + "@builddir@/grub-fs-tester" ext3 + "@builddir@/grub-fs-tester" ext4 + "@builddir@/grub-fs-tester" ext4_metabg ++"@builddir@/grub-fs-tester" ext4_encrypt +diff --git a/tests/util/grub-fs-tester.in b/tests/util/grub-fs-tester.in +index 88cbe73..fd7e0f1 100644 +--- a/tests/util/grub-fs-tester.in ++++ b/tests/util/grub-fs-tester.in +@@ -156,6 +156,12 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do + # Could go further but what's the point? + MAXBLKSIZE=$((65536*1024)) + ;; ++ xext4_encrypt) ++ # OS LIMITATION: Linux currently only allows the 'encrypt' feature ++ # in combination with block_size = PAGE_SIZE (4096 bytes on x86). ++ MINBLKSIZE=$(getconf PAGE_SIZE) ++ MAXBLKSIZE=$MINBLKSIZE ++ ;; + xext*) + MINBLKSIZE=1024 + if [ $MINBLKSIZE -lt $SECSIZE ]; then +@@ -796,6 +802,10 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do + MKE2FS_DEVICE_SECTSIZE=$SECSIZE "mkfs.ext4" -O meta_bg,^resize_inode -b $BLKSIZE -L "$FSLABEL" -q "${MOUNTDEVICE}" + MOUNTFS=ext4 + ;; ++ xext4_encrypt) ++ MKE2FS_DEVICE_SECTSIZE=$SECSIZE "mkfs.ext4" -O encrypt -b $BLKSIZE -L "$FSLABEL" -q "${MOUNTDEVICE}" ++ MOUNTFS=ext4 ++ ;; + xext*) + MKE2FS_DEVICE_SECTSIZE=$SECSIZE "mkfs.$fs" -b $BLKSIZE -L "$FSLABEL" -q "${MOUNTDEVICE}" ;; + xxfs) +-- +cgit v1.0-41-gc330 + diff --git a/packages/sys-boot/grub/grub-2.02-r4.exheres-0 b/packages/sys-boot/grub/grub-2.02-r5.exheres-0 index cc5b955..b4e922f 100644 --- a/packages/sys-boot/grub/grub-2.02-r4.exheres-0 +++ b/packages/sys-boot/grub/grub-2.02-r5.exheres-0 @@ -11,5 +11,8 @@ DEFAULT_SRC_PREPARE_PATCHES=( "${FILES}"/02-support-multiple-early-initrd-images.patch "${FILES}"/03-relocation.patch "${FILES}"/04-Fix-packed-not-aligned-error-on-GCC-8.patch + "${FILES}"/05-gfxpayload.patch + "${FILES}"/06-KERNEL_GLOBS.patch + "${FILES}"/07-Allow_GRUB_to_mount_ext234_filesystems_that_have_the_encryption_feature.patch ) diff --git a/packages/sys-boot/grub/grub.exlib b/packages/sys-boot/grub/grub.exlib index 702f066..7e686d8 100644 --- a/packages/sys-boot/grub/grub.exlib +++ b/packages/sys-boot/grub/grub.exlib @@ -5,12 +5,6 @@ require gnu [ suffix=tar.xz ] \ flag-o-matic \ autotools [ supported_autoconf=[ 2.5 ] supported_automake=[ 1.16 1.15 ] ] -if ever is_scm ; then - DOWNLOADS="" - SCM_REPOSITORY="https://git.savannah.gnu.org/git/${PN}.git" - require scm-git -fi - export_exlib_phases pkg_setup src_prepare src_configure src_compile src_install SUMMARY="GRUB (Grand Unified Boot) bootloader" @@ -22,6 +16,7 @@ MYOPTIONS=" grub-mount [[ description = [ FUSE driver for filesystems that GRUB understands ] ]] mkfont [[ description = [ Build grub-mkfont which can create GRUB font files ] ]] pc [[ description = [ Build PC platform support ] ]] + themes [[ description = [ Build and install GRUB themes (starfield) ] ]] ( providers: eudev systemd ) [[ number-selected = exactly-one ]] ( efi pc ) [[ number-selected = at-least-one ]] " @@ -41,6 +36,7 @@ DEPENDENCIES=" fonts/unifont media-libs/freetype:2 ) + themes? ( fonts/dejavu ) build+run: app-arch/xz sys-devel/gettext [[ note = [ required for grub-mkconfig, grep gettext in /etc/grub.d ] ]] @@ -119,6 +115,7 @@ grub_src_configure() { $(option_enable device-mapper) \ $(option_enable grub-mount) \ $(option_enable mkfont grub-mkfont) + $(option_enable themes grub-themes) fi if option pc; then @@ -148,6 +145,7 @@ grub_src_configure() { $(option_enable device-mapper) \ $(option_enable grub-mount) \ $(option_enable mkfont grub-mkfont) + $(option_enable themes grub-themes) fi } |