On systems which support multiple boot platforms such as BIOS and
EFI, it makes no sense to show menu entries which are not supported
by the current boot platform. Menu entries generated from os-prober
"chain" boot type use boot sector chainloading which is supported
on PC BIOS platform only.
Show "chain" menu entries only if boot platform is PC BIOS.
Show "efi" menu entries only if boot platform is EFI.
This is aimed to allow os-prober to report both EFI and PC BIOS
boot loaders regardless of the current boot mode on x86 systems
which support both EFI and legacy BIOS boot, in order to generate
a config file which can be used with either BIOS or EFI boot.
Signed-off-by: Pascal Hambourg <pascal@plouf.fr.eu.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
GRUB documentation states:
GRUB_OS_PROBER_SKIP_LIST
List of space-separated FS UUIDs of filesystems to be ignored from
os-prober output. For efi chainloaders it’s <UUID>@<EFI FILE>
But the actual behaviour does not match this description.
GRUB_OS_PROBER_SKIP_LIST="<UUID>"
does nothing. In order to skip non-EFI bootloaders, you must set
GRUB_OS_PROBER_SKIP_LIST="<UUID>@<DEVICE>"
which is both absurd, <UUID> and <DEVICE> are redundant, and wrong,
<DEVICE> such as /dev/sd* may not be persistent across boots.
Also, any non-word character is accepted as a separator, including "-"
and "@" which may be present in UUIDs. This can cause false positives
because of partial UUID match.
This patch fixes these flaws while retaining some backward compatibility
with previous behaviour which may be expected by existing setups:
- also accept <UUID>@/dev/* (with warning) for non-EFI bootloaders,
- also accept comma and semicolon as separator.
Fixes: 55e706c9 (Add GRUB_OS_PROBER_SKIP_LIST to selectively skipping systems)
Signed-off-by: Pascal Hambourg <pascal@plouf.fr.eu.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
A user may wish to use an image that is not sorted as the "latest"
version as the top-level entry. For example, in Arch Linux, if a user
has the LTS and regular kernels installed, "/boot/vmlinuz-linux-lts"
gets sorted as the "latest" compared to "/boot/vmlinuz-linux", meaning
the LTS kernel becomes the top-level entry. However, a user may wish to
use the regular kernel as the top-level default with the LTS only
existing as a backup.
This need can be seen in Arch Linux's AUR with two user-submitted
packages[0][1] providing an update hook which patches /etc/grub.d/10_linux
to move the desired kernel to the top-level. This patch serves to solve
this in a more generic way.
Introduce the GRUB_TOP_LEVEL, GRUB_TOP_LEVEL_XEN and GRUB_TOP_LEVEL_OS_PROBER
variables to allow users to specify the top-level entry.
Create grub_move_to_front() as a helper function which moves entries to
the front of a list. This function does the heavy lifting of moving
the menu entry to the front in each script.
In 10_netbsd, since there isn't an explicit list variable, extract the
items that are being iterated through into a list so that we can
optionally apply grub_move_to_front() to the list before the loop.
[0]: https://aur.archlinux.org/packages/grub-linux-default-hook
[1]: https://aur.archlinux.org/packages/grub-linux-rt-default-hook
Signed-off-by: Denton Liu <liu.denton@gmail.com>
Reviewed-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
os-prober now effectively handles multiple paths passed to initrd, but
grub-mkconfig still truncates off any subsequent space-delimited paths.
Support proper parsing of space-delimited initrd paths passed from
os-prober for distributions, like Manjaro, that require it.
Fixes: https://savannah.gnu.org/bugs/?47681
Signed-off-by: Peter Levine <plevine457@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Since the possessive form of "it" is being used, the apostrophe must be omitted.
Signed-off-by: Aru Sahni <aru@arusahni.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This patch does the following:
- really disables os-prober by default in the util/grub-mkconfig.in
by setting GRUB_DISABLE_OS_PROBER to true,
- fixes the logic in the util/grub.d/30_os-prober.in,
- updates the grub_warn() lines.
Reason for the code shuffling in the util/grub-mkconfig.in:
The default was GRUB_DISABLE_OS_PROBER=false if you don't set
GRUB_DISABLE_OS_PROBER at all. To prevent os-prober from starting we
have to set it by default to true and shuffle GRUB_DISABLE_OS_PROBER to
code section, which is executed by the script. However we still give an
option to the user to overwrite it with false, if he wants to execute
os-prober after all.
Fixes: e3464147 (templates: Disable the os-prober by default)
Reported-by: Didier Spaier <didier@slint.fr>
Reported-by: Lennart Sorensen <lsorense@csclub.uwaterloo.ca>
Reported-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: Philip Müller <philm@manjaro.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
The os-prober is enabled by default what may lead to potentially
dangerous use cases and borderline opening attack vectors. This
patch disables the os-prober, adds warning messages and updates
GRUB_DISABLE_OS_PROBER configuration option documentation. This
way we make it clear that the os-prober usage is not recommended.
Simplistic nature of this change allows downstream vendors, who
really want os-prober to be enabled out of the box in their
relevant products, easily revert to it's old behavior.
Reported-by: NyankoSec (<nyanko@10x.moe>, https://twitter.com/NyankoSec),
working with SSD Secure Disclosure
Signed-off-by: Alex Burmashev <alexander.burmashev@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
The "which" utility is not guaranteed to be installed either, and if it
is, its behavior is not portable either.
Conversely, the "command -v" shell builtin is required to exist in all
POSIX 2008 compliant shells, and is thus guaranteed to work everywhere.
Examples of open-source shells likely to be installed as /bin/sh on
Linux, which implement the 11-year-old standard: ash, bash, busybox,
dash, ksh, mksh and zsh.
A side benefit of using the POSIX portable option is that it requires
neither an external disk executable, nor (because unlike "which", the
exit code is reliable) a subshell fork. This therefore represents a mild
speedup.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
The GRUB_DISABLE_SUBMENU option is different than the others in the sense
that it has to be set to "y" instead of "true" to be enabled.
That causes a lot of confusion to users, some may wrongly set it to "true"
expecting that will work the same than with most options, and some may set
it to "yes" since for other options the value to set is a word and not a
single character.
This patch changes all the grub.d scripts using the GRUB_DISABLE_SUBMENU
option, so they check if it was set to "true" instead of "y", making it
consistent with all the other options.
But to keep backward compatibility for users that set the option to "y" in
/etc/default/grub file, keep testing for this value. And also do it for
"yes", since it is a common mistake made by users caused by this option
being inconsistent with the others.
Signed-off-by: Prarit Bhargava <prarit@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Currently only Windows gets distinguished icons, everything else is displayed
using the same generic one. Add additional --class based on os-prober returned
label, which usually is expected to match primary distribution name.
Also use it for Windows as well - chainloader prober may actually return
different strings (Windows, MS-DOS, Windows9xME).
util/grub-mkconfig_lib.in(version_test_gt): "echo -n" is not really needed,
final newline is stripped by command substitution.
util/grub.d/10_kfreebsd.in, util/grub.d/10_linux.in,
util/grub.d/20_linux_xen.in: change how list is built, to avoid echo -n
completely.
util/grub.d/30_os-prober.in: add spaces to printed line directly
Closes 43668.
* util/grub.d/30_os-prober.in: Tolerate devices with no filesystem
UUID. Other parts of grub-mkconfig tolerate these, they were
previously allowed here up to commit
55e706c918922def17f5012c23cfe88c4c645208, and they can arise in
practice when the system has active LVM snapshots.
Fixes Ubuntu bug #1287436.
* util/grub.d/00_header.in (make_timeout): Use && rather than test
-a.
* util/grub.d/10_windows.in: Likewise.
* util/grub.d/10_netbsd.in (netbsd_load_fs_module): Use || rather
than test -o.
* util/grub.d/30_os-prober.in: Use && rather than test -a, and ||
rather than test -o.
* grub-core/Makefile.core.def (xnu): Add file lzss.c
* grub-core/loader/lzss.c: New file.
* grub-core/loader/xnu.c (grub_xnu_load_driver): Close binaryfile
on Mach-O open failure.
* grub-core/loader/macho.c (grub_macho_close): Free uncompressedXX.
Don't free cmdsXX in uncompressedXX is set.
(grub_macho_file): Init new fields.
New argument is_64bit. All users updated.
Handle compressed. Error out if no suitable architecture is found.
Don't close file.
(grub_macho_open): New argument is_64bit. All users updated.
* grub-core/loader/macho32.c: Add defines for new fields.
* grub-core/loader/macho64.c: Likewise.
* grub-core/loader/machoXX.c (grub_macho_contains_macho): Make static.
(grub_macho_parse): Handle compressed.
Defer actual processing if compressed.
(grub_macho_cmds_iterate): Decompress if compressed. New argument
"filename". All users updated.
(grub_macho_size): New argument "filename". All users updated.
(grub_macho_get_entry_point): Likewise.
(grub_macho_load): Handle compressed.
* include/grub/macho.h (grub_macho_lzss_header): New struct.
(GRUB_MACHO_LZSS_OFFSET): New define.
(grub_decompress_lzss): New proto.
* include/grub/machoload.h (grub_macho_file): New fields to handle
compressed.
(grub_macho_contains_macho64): Remove proto.
(grub_macho_contains_macho32): Likewise.
* util/grub.d/30_os-prober.in: Use kernel cache if available.
available as a user override instead. Replace the gfxterm backend
check with a check that ${GRUB_PREFIX}/video.lst is non-empty.
* util/grub.d/00_header.in (load_video): New generated function.
Call it before loading gfxterm rather than loading
${GRUB_VIDEO_BACKEND}.
* util/grub.d/10_linux.in (linux_entry): Call load_video.
* util/grub.d/30_os-prober.in (osx_entry): Likewise.
* docs/grub.texi (Simple configuration): Document
GRUB_VIDEO_BACKEND.
