From f9093b2645a19e708605d484d936d397c7645be4 Mon Sep 17 00:00:00 2001 From: Leo Sandoval Date: Fri, 2 Aug 2024 11:34:29 -0600 Subject: [PATCH] grub2.spec: Conditionally set grub config stub to 0600 mode When upgrading from <=2.06-126 to newer versions, the grub config stub may have different mode than 0600, so set the latter if this is the case. Signed-off-by: Leo Sandoval --- grub2.spec | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/grub2.spec b/grub2.spec index 9b80199..202137b 100644 --- a/grub2.spec +++ b/grub2.spec @@ -17,7 +17,7 @@ Name: grub2 Epoch: 1 Version: 2.06 -Release: 126%{?dist} +Release: 127%{?dist} Summary: Bootloader with support for Linux, Multiboot and more License: GPL-3.0-or-later URL: http://www.gnu.org/software/grub/ @@ -359,6 +359,13 @@ fi if test ! -f ${GRUB_HOME}/grub.cfg; then # there's no config in GRUB home, create one grub2-mkconfig -o ${GRUB_HOME}/grub.cfg +else + GRUB_CFG_MODE=$(stat --format="%a" ${GRUB_HOME}/grub.cfg) + if ! test "${GRUB_CFG_MODE}" = "600"; then + # when upgrading from <=2.06-126 to newer versions, the grub config stub + # may have different mode than 0600, so set the latter if this is the case + chmod 0600 ${GRUB_HOME}/grub.cfg + fi fi if (((grep -q "configfile" ${EFI_HOME}/grub.cfg && grep -q "root-dev-only" ${EFI_HOME}/grub.cfg) || grep -q "source" ${EFI_HOME}/grub.cfg) && ! grep -q "# It is automatically generated by grub2-mkconfig using templates" ${EFI_HOME}/grub.cfg); then @@ -553,6 +560,9 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg %endif %changelog +* Fri Aug 2 2024 Leo Sandoval - 2.06-127 +- Set /boot/grub2/grub.cfg to 0600 mode if present + * Mon Jul 22 2024 Leo Sandoval - 2.06.126 - grub.cfg: Fix rpm grub.cfg verification issues