Don't update BLS files that aren't managed by GRUB scripts

Resolves: rhbz#1837783

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
This commit is contained in:
Javier Martinez Canillas 2020-05-20 14:14:47 +02:00
parent 68246dd736
commit 7fb7a6a7a5
No known key found for this signature in database
GPG key ID: C751E590D63F3D69
3 changed files with 62 additions and 1 deletions

View file

@ -0,0 +1,56 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Wed, 20 May 2020 12:23:27 +0200
Subject: [PATCH] 10_linux.in: Don't update BLS files that aren't managed by
GRUB scripts
The script is updating all BLS files present in the /boot/loader/entries
directory, but it should only update the BLS that belong to the machine.
Otherwise if a user is sharing the same boot partition between different
operating systems, the grub2-mkconfig tool will wrongly update BLS files
that were created by a different OS.
There are also cases where the BLS snippets are not managed by the GRUB
scripts at all, for example in OSTree based systems. So it's also wrong
to update the BLS snippets created by OSTree.
Resolves: rhbz#1837783
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
util/grub.d/10_linux.in | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index 519e2d9e616..e61b6c94f11 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -138,16 +138,25 @@ blsdir="/boot/loader/entries"
get_sorted_bls()
{
+ if ! [ -d "${blsdir}" ] || ! [ -e /etc/machine-id ]; then
+ return
+ fi
+
+ read machine_id < /etc/machine-id
+ if [ -z "${machine_id}" ]; then
+ return
+ fi
+
local IFS=$'\n'
- files=($(for bls in ${blsdir}/*.conf; do
+ files=($(for bls in ${blsdir}/${machine_id}-*.conf; do
if ! [[ -e "${bls}" ]] ; then
continue
fi
bls="${bls%.conf}"
bls="${bls##*/}"
echo "${bls}"
- done | ${kernel_sort} | tac)) || :
+ done | ${kernel_sort} 2>/dev/null | tac)) || :
echo "${files[@]}"
}

View file

@ -215,3 +215,4 @@ Patch0214: 0214-10_linux.in-Store-cmdline-in-BLS-snippets-instead-of.patch
Patch0215: 0215-10_linux.in-restore-existence-check-in-get_sorted_bl.patch
Patch0216: 0216-tpm-Don-t-propagate-TPM-measurement-errors-to-the-ve.patch
Patch0217: 0217-tpm-Enable-module-for-all-EFI-platforms.patch
Patch0218: 0218-10_linux.in-Don-t-update-BLS-files-that-aren-t-manag.patch

View file

@ -9,7 +9,7 @@
Name: grub2
Epoch: 1
Version: 2.04
Release: 20%{?dist}
Release: 21%{?dist}
Summary: Bootloader with support for Linux, Multiboot and more
License: GPLv3+
URL: http://www.gnu.org/software/grub/
@ -504,6 +504,10 @@ rm -r /boot/grub2.tmp/ || :
%endif
%changelog
* Wed May 20 2020 Javier Martinez Canillas <javierm@redhat.com> - 2.04-21
- Don't update BLS files that aren't managed by GRUB scripts
Resolves: rhbz#1837783
* Mon May 18 2020 Javier Martinez Canillas <javierm@redhat.com> - 2.04-20
- Only enable the tpm module for EFI platforms