mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-09 14:06:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

sys-boot/grub: Apply Flatcar patches

Browse Source 
Co-authored-by: Krzesimir Nowak <knowak@microsoft.com>
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
This commit is contained in:
Sayan Chowdhury 2023-08-02 20:01:52 +05:30
parent 9b12fecc00
commit c07fd0b13f
No known key found for this signature in database
GPG Key ID: B02399319CD05C8B
7 changed files with 3394 additions and 677 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use vendored
View File

@ -39,7 +39,7 @@ net-firewall/ipset -modules
dev-libs/glib -mime
# keep grub build simple
sys-boot/grub -multislot -nls -themes
sys-boot/grub -multislot -nls -themes -fonts
# disable "high performance ssh" patch, turn on kerberos
net-misc/openssh -hpn kerberos

460
sdk_container/src/third_party/coreos-overlay/sys-boot/grub/README.md vendored Normal file
View File

@ -0,0 +1,460 @@
Flatcar uses a patched version of the GRUB, which implements the functionality to
read the [Flatcar Container Linux partition table](https://www.flatcar.org/docs/latest/reference/developer-guides/sdk-disk-partitions/#partition-table)
## History
CoreOS Container Linux maintained a fork of the [grub](https://github.com/coreos/grub) and then was referenced
in the coreos-overlay. Any changes were made through [PRs](https://github.com/coreos/grub/pulls?q=is%3Apr+is%3Aclosed) to the grub repository.
When Flatcar was born, a `grub` repo under the flatcar-linux org was created
and referenced in the Flatcar's coreos-overlay. Except for a few, now many changes
where brought into the system.
The repo was maintained at 2.02 version. During the 2.06 migration, the philosophy
to use a separate repo was scraped, and a single patch file was created. The patch
files migrated only the essential commits, and dropped all the other commits, which
were either half-baked, or redundant at the point of migration. The two patches are applied
on top of the grub sources, and emerge is done.
Given below are the list of commits that were referenced to create the two patches.
## Summary of the patches
The patch starts with adding a new implementation of reading the GPT instead
of using the traditional module. It provides essential functionality to interact
with GPT structures on disk, and checking/validating data integrity & GPT specification.
The commits goes on to add the following modules gptprio, gptrepair, and search
commands by label and partition.
The `gptprio` command which provides a mechanism to prioritize and select the
next bootable partition based on the GPT attributes and results in flexible
partition booting. The `gptrepair` command implements the repair functions for
GPT information on a specified device. Few other functions include searching
devices by partition label or partition UUID.
## Commits
Below are the commits that are picked to create the two patches for the grub. One is
descriptive, and other is comprehensive.
<details>
<summary>(click to expand) The descriptive log for all the commits picked </summary>
```
commit f69a9e0fdcf63ac33906e2753e14152bab2fcd05
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Sun Sep 28 21:26:21 2014 -0700
gpt: start new GPT module
This module is a new implementation for reading GUID Partition Tables
which is much stricter than the existing part_gpt module and exports GPT
data directly instead of the generic grub_partition structure. It will
be the basis for modules that need to read/write/update GPT data.
The current code does nothing more than read and verify the table.
commit c26743a145c918958b862d580c4261735d1c1a6e
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Sat Oct 18 15:39:13 2014 -0700
gpt: rename misnamed header location fields
The header location fields refer to 'this header' and 'alternate header'
respectively, not 'primary header' and 'backup header'. The previous
field names are backwards for the backup header.
commit 94f04a532d2b0e2b81e47a92488ebb1613bda1a0
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Sat Oct 18 16:46:17 2014 -0700
gpt: record size of of the entries table
The size of the entries table will be needed later when writing it back
to disk. Restructure the entries reading code to flow a little better.
commit 3d066264ac13198e45dc151b863a9aac4c095225
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Sat Oct 18 18:18:17 2014 -0700
gpt: consolidate crc32 computation code
The gcrypt API is overly verbose, wrap it up in a helper function to
keep this rather common operation easy to use.
commit dab6fac705bdad7e6ec130b24085189bcb15a5c9
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Sat Oct 18 18:21:07 2014 -0700
gpt: add new repair function to sync up primary and backup tables.
commit 5e1829d4141343617b5e13e84298d118eac15bdf
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Sun Oct 19 14:21:29 2014 -0700
gpt: add write function and gptrepair command
The first hint of something practical, a command that can restore any of
the GPT structures from the alternate location. New test case must run
under QEMU because the loopback device used by the other unit tests does
not support writing.
commit 2cd009dffe98c19672394608661767e4c3c84764
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Thu Oct 30 20:55:21 2014 -0700
gpt: add a new generic GUID type
In order to do anything with partition GUIDs they need to be stored in a
proper structure like the partition type GUIDs. Additionally add an
initializer macro to simplify defining both GUID types.
commit 508b02fc8a1fe58413ec8938ed1a7b149b5855fe
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Mon Nov 3 17:14:37 2014 -0800
gpt: new gptprio.next command for selecting priority based partitions
Basic usage would look something like this:
gptprio.next -d usr_dev -u usr_uuid
linuxefi ($usr_dev)/boot/vmlinuz mount.usr=PARTUUID=$usr_uuid
After booting the system should set the 'successful' bit on the
partition that was used.
commit f8f6f790aa7448a35c2e3aae2d1a35d9d323a1b2
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Sat Nov 15 13:27:13 2014 -0800
gpt: split out checksum recomputation
For basic data modifications the full repair function is overkill.
commit d9bdbc10485a5c6f610569077631294683da4e34
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Thu Nov 27 12:55:53 2014 -0800
gpt: move gpt guid printing function to common library
commit ffb13159f1e88d8c66954c3dfbeb027f943b3b1d
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Thu Nov 27 14:54:27 2014 -0800
gpt: switch partition names to a 16 bit type
In UEFI/GPT strings are UTF-16 so use a uint16 to make dealing with the
string practical.
commit febf4666fbabc3ab4eaab32f4972b45b5c64c06d
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Thu Nov 27 15:49:57 2014 -0800
tests: add some partitions to the gpt unit test data
commit 67475f53e0ac4a844f793296ba2e4af707d5b20e
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Thu Nov 27 16:34:21 2014 -0800
gpt: add search by partition label and uuid commands
Builds on the existing filesystem search code. Only for GPT right now.
commit d1270a2ba31cc3dd747d410a907f272ff03a6d68
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Fri Jul 31 15:03:11 2015 -0700
gpt: clean up little-endian crc32 computation
- Remove problematic cast from *uint8_t to *uint32_t (alignment issue).
- Remove dynamic allocation and associated error handling paths.
- Match parameter ordering to existing grub_crypto_hash function.
commit bacbed2c07f4b4e21c70310814a75fa9a1c3a155
Author: Alex Crawford <alex.crawford@coreos.com>
Date: Mon Aug 31 15:23:39 2015 -0700
gpt: minor cleanup
commit 1545295ad49d2aff2b75c6c0e7db58214351768e
Author: Alex Crawford <alex.crawford@coreos.com>
Date: Mon Aug 31 15:15:48 2015 -0700
gpt: add search by disk uuid command
commit 6d4ea47541db4e0a1eab81de8843a491973e6b40
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Mon Jul 25 14:59:29 2016 -0700
gpt: do not use disk sizes GRUB will reject as invalid later on
GRUB assumes that no disk is ever larger than 1EiB and rejects
reads/writes to such locations. Unfortunately this is not conveyed in
the usual way with the special GRUB_DISK_SIZE_UNKNOWN value.
commit 99959fa2fb8bfafadc1fa5aec773a8d605a1df4e
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Wed Aug 10 18:26:03 2016 -0700
gpt: add verbose debug logging
commit f6b89ec3156a549999a13b3d15e9a67b4a9bf824
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Wed Aug 10 18:26:03 2016 -0700
gpt: improve validation of GPT headers
Adds basic validation of all the disk locations in the headers, reducing
the chance of corrupting weird locations on disk.
commit fa18d3a292bdcd61012d549c61e25d557481a05e
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Thu Aug 11 15:02:21 2016 -0700
gpt: refuse to write to sector 0
commit b1ef48849c8dc12756793567520dfd3654539a27
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Sat Aug 20 17:42:12 2016 -0700
gpt: properly detect and repair invalid tables
GPT_BOTH_VALID is 4 bits so simple a boolean check is not sufficient.
This broken condition allowed gptprio to trust bogus disk locations in
headers that were marked invalid causing arbitrary disk corruption.
commit 9af98c2bfd31a73b899268e67f01bca785681d52
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Mon Aug 22 16:44:30 2016 -0700
gptrepair_test: fix typo in cleanup trap
commit d457364d1d811ad262519cf6dde3d098caf7c778
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Mon Aug 22 16:45:10 2016 -0700
gptprio_test: check GPT is repaired when appropriate
commit 3a3e45823dd677b428ceb40d8963676aff63f8d2
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Mon Aug 22 18:30:56 2016 -0700
fix checking alternate_lba
commit 72b178950d313d567dfdf11f403199370d81a9f3
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Wed Aug 24 16:14:20 2016 -0700
gpt: fix partition table indexing and validation
Portions of the code attempted to handle the fact that GPT entries on
disk may be larger than the currently defined struct while others
assumed the data could be indexed by the struct size directly. This
never came up because no utility uses a size larger than 128 bytes but
for the sake of safety we need to do this by the spec.
commit 1d358a2061f40ad89567754f4787d0c76001d48a
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Tue Aug 23 13:09:14 2016 -0700
gpt: prefer disk size from header over firmware
The firmware and the OS may disagree on the disk configuration and size.
Although such a setup should be avoided users are unlikely to know about
the problem, assuming everything behaves like the OS. Tolerate this as
best we can and trust the reported on-disk location over the firmware
when looking for the backup GPT. If the location is inaccessible report
the error as best we can and move on.
commit 2ed905dc03c757c92064486b380f59166cc704e8
Author: Vito Caputo <vito.caputo@coreos.com>
Date: Thu Aug 25 17:21:18 2016 -0700
gpt: add helper for picking a valid header
Eliminate some repetition in primary vs. backup header acquisition.
commit 4af1d7a8b7d0cefa41a1ea4df050b161ea6cdf50
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Tue Sep 20 13:06:05 2016 -0700
gptrepair: fix status checking
None of these status bit checks were correct. Fix and simplify.
commit a794435ae9f5b1a2e0281d36b10545c6e643fd8d
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Tue Sep 20 12:43:01 2016 -0700
gpt: use inline functions for checking status bits
This should prevent bugs like 6078f836 and 4268f3da.
commit 38cc185319b74d7d33ad380fe4d519fb0b0c85a6
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Tue Sep 20 13:40:11 2016 -0700
gpt: allow repair function to noop
Simplifies usage a little.
commit 2aeadda52929bb47089ef99c2bad0f928eadeffa
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Wed Sep 21 13:22:06 2016 -0700
gpt: do not use an enum for status bit values
commit 34652e500d64dc747ca17091b4490f9adf93ff82
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Wed Sep 21 13:44:11 2016 -0700
gpt: check header and entries status bits together
Use the new status function which checks *_HEADER_VALID and
*_ENTRIES_VALID bits together. It doesn't make sense for the header and
entries bits to mismatch so don't allow for it.
commit 753dd9201306e8cd7092a1231ceb194524397b04
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Wed Sep 21 13:52:52 2016 -0700
gpt: be more careful about relocating backup header
The header was being relocated without checking the new location is
actually safe. If the BIOS thinks the disk is smaller than the OS then
repair may relocate the header into allocated space, failing the final
validation check. So only move it if the disk has grown.
Additionally, if the backup is valid then we can assume its current
location is good enough and leave it as-is.
commit f1f618740d1379000b04130a632f4d53bc2392b8
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Wed Sep 21 14:33:48 2016 -0700
gpt: selectively update fields during repair
Just a little cleanup/refactor to skip touching data we don't need to.
commit 285368e3753b1dbd631c1f5a4a127b7321a6941f
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Wed Sep 21 14:55:19 2016 -0700
gpt: always revalidate when recomputing checksums
This ensures all code modifying GPT data include the same sanity check
that repair does. If revalidation fails the status flags are left in the
appropriate state.
commit f19f5cc49dc00752f6b267c2d580a25c31697afb
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Wed Sep 21 15:01:09 2016 -0700
gpt: include backup-in-sync check in revalidation
commit 7b25acebc343895adf942975bba5a52ef3408437
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Wed Sep 21 15:29:55 2016 -0700
gpt: read entries table at the same time as the header
I personally think this reads easier. Also has the side effect of
directly comparing the primary and backup tables instead of presuming
they are equal if the crc32 matches.
commit edd01f055a8a8f922491ba7077bf26fcaf015516
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Wed Sep 21 16:02:53 2016 -0700
gpt: report all revalidation errors
Before returning an error that the primary or backup GPT is invalid push
the existing error onto the stack so the user will be told what is bad.
commit 176fe49cf03ffdd72b8bd174a149032c3867ddde
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Thu Sep 22 10:00:27 2016 -0700
gpt: rename and update documentation for grub_gpt_update
The function now does more than just recompute checksums so give it a
more general name to reflect that.
commit eb28d32081be2d224874c430345e7ef97bfbba07
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Thu Sep 22 11:18:42 2016 -0700
gpt: write backup GPT first, skip if inaccessible.
Writing the primary GPT before the backup may lead to a confusing
situation: booting a freshly updated system could consistently fail and
next boot will fall back to the old system if writing the primary works
but writing the backup fails. If the backup is written first and fails
the primary is left in the old state so the next boot will re-try and
possibly fail in the exact same way. Making that repeatable should make
it easier for users to identify the error.
Additionally if the firmware and OS disagree on the disk size, making
the backup inaccessible to GRUB, then just skip writing the backup.
When this happens the automatic call to `coreos-setgoodroot` after boot
will take care of repairing the backup.
commit 03b547c21ec3475980a54b71e909034ed5ed5254
Author: Matthew Garrett <mjg59@coreos.com>
Date: Thu May 28 11:15:30 2015 -0700
Add verity hash passthrough
Read the verity hash from the kernel binary and pass it to the running
system via the kernel command line
```
</details>
<details>
<summary> (click to expand) Comprehensive log of the commits</summary>
```
f69a9e0fd gpt: start new GPT module
c26743a14 gpt: rename misnamed header location fields
94f04a532 gpt: record size of of the entries table
3d066264a gpt: consolidate crc32 computation code
dab6fac70 gpt: add new repair function to sync up primary and backup tables.
5e1829d41 gpt: add write function and gptrepair command
2cd009dff gpt: add a new generic GUID type
508b02fc8 gpt: new gptprio.next command for selecting priority based partitions
f8f6f790a gpt: split out checksum recomputation
d9bdbc104 gpt: move gpt guid printing function to common library
ffb13159f gpt: switch partition names to a 16 bit type
febf4666f tests: add some partitions to the gpt unit test data
67475f53e gpt: add search by partition label and uuid commands
d1270a2ba gpt: clean up little-endian crc32 computation
bacbed2c0 gpt: minor cleanup
1545295ad gpt: add search by disk uuid command
6d4ea4754 gpt: do not use disk sizes GRUB will reject as invalid later on
99959fa2f gpt: add verbose debug logging
f6b89ec31 gpt: improve validation of GPT headers
fa18d3a29 gpt: refuse to write to sector 0
b1ef48849 gpt: properly detect and repair invalid tables
9af98c2bf gptrepair_test: fix typo in cleanup trap
d457364d1 gptprio_test: check GPT is repaired when appropriate
3a3e45823 fix checking alternate_lba
72b178950 gpt: fix partition table indexing and validation
1d358a206 gpt: prefer disk size from header over firmware
2ed905dc0 gpt: add helper for picking a valid header
4af1d7a8b gptrepair: fix status checking
a794435ae gpt: use inline functions for checking status bits
38cc18531 gpt: allow repair function to noop
2aeadda52 gpt: do not use an enum for status bit values
34652e500 gpt: check header and entries status bits together
753dd9201 gpt: be more careful about relocating backup header
f1f618740 gpt: selectively update fields during repair
285368e37 gpt: always revalidate when recomputing checksums
f19f5cc49 gpt: include backup-in-sync check in revalidation
7b25acebc gpt: read entries table at the same time as the header
edd01f055 gpt: report all revalidation errors
176fe49cf gpt: rename and update documentation for grub_gpt_update
eb28d3208 gpt: write backup GPT first, skip if inaccessible.
03b547c21 Add verity hash passthrough
```
</details>

2792
sdk_container/src/third_party/coreos-overlay/sys-boot/grub/files/grub-2.06-add-gpt-partition-scheme.patch vendored Normal file
View File

File diff suppressed because it is too large Load Diff

134
sdk_container/src/third_party/coreos-overlay/sys-boot/grub/files/grub-2.06-add-verity-hash.patch vendored Normal file
View File

@ -0,0 +1,134 @@
From 14d4760aacb8896f99422c06d100e5231e09e797 Mon Sep 17 00:00:00 2001
From: Sayan Chowdhury <schowdhury@microsoft.com>
Date: Thu, 24 Aug 2023 00:00:00 +0530
Subject: Add verity hash passthrough
Read the verity hash from the kernel binary and pass it to the running
system via the kernel command line
The patch is prepared using the coreos/grub PRs, picking the only
required ones, and dropping the others. The README.md file in the
coreos-overlay/sys-boot/grub/ contains more contexual information
along with the commits used to create the patch.
Authored-by: Matthew Garrett <mjg59@coreos.com>
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
---
grub-core/loader/arm64/linux.c | 6 +++-
grub-core/loader/i386/linux.c | 3 ++
include/grub/verity-hash.h | 51 ++++++++++++++++++++++++++++++++++
3 files changed, 59 insertions(+), 1 deletion(-)
create mode 100644 include/grub/verity-hash.h
diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c
index ef3e9f944..17bed4e15 100644
--- a/grub-core/loader/arm64/linux.c
+++ b/grub-core/loader/arm64/linux.c
@@ -34,6 +34,8 @@
#include <grub/lib/cmdline.h>
#include <grub/verify.h>
+#include <grub/verity-hash.h>
+
GRUB_MOD_LICENSE ("GPLv3+");
static grub_dl_t my_mod;
@@ -333,7 +335,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
grub_dprintf ("linux", "kernel @ %p\n", kernel_addr);
- cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE);
+ cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE)
+ + VERITY_CMDLINE_LENGTH;
linux_args = grub_malloc (cmdline_size);
if (!linux_args)
{
@@ -350,6 +353,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
if (grub_errno == GRUB_ERR_NONE)
{
+ grub_pass_verity_hash (kernel_addr, linux_args, cmdline_size);
grub_loader_set (grub_linux_boot, grub_linux_unload, 0);
loaded = 1;
}
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
index 9f74a96b1..1c76ac5bf 100644
--- a/grub-core/loader/i386/linux.c
+++ b/grub-core/loader/i386/linux.c
@@ -38,6 +38,8 @@
#include <grub/machine/kernel.h>
#include <grub/safemath.h>
+#include <grub/verity-hash.h>
+
GRUB_MOD_LICENSE ("GPLv3+");
#ifdef GRUB_MACHINE_PCBIOS
@@ -1006,6 +1008,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
+ grub_pass_verity_hash(&lh, linux_cmdline, maximal_cmdline_size);
len = prot_file_size;
if (grub_file_read (file, prot_mode_mem, len) != len && !grub_errno)
grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
diff --git a/include/grub/verity-hash.h b/include/grub/verity-hash.h
new file mode 100644
index 000000000..448d9aff0
--- /dev/null
+++ b/include/grub/verity-hash.h
@@ -0,0 +1,51 @@
+/* CoreOS verity hash */
+
+#define VERITY_ARG " verity.usrhash="
+#define VERITY_ARG_LENGTH (sizeof (VERITY_ARG) - 1)
+#define VERITY_HASH_LENGTH 64
+#define VERITY_CMDLINE_LENGTH ((VERITY_ARG_LENGTH)+(VERITY_HASH_LENGTH))
+
+#if defined(__aarch64__)
+# define VERITY_HASH_OFFSET 512
+#elif defined(__i386__) || defined(__amd64__)
+# define VERITY_HASH_OFFSET 0x40
+#else
+# error Unsupported arch
+#endif
+
+
+/**
+ * grub_pass_verity_hash - Reads the CoreOS verity hash value from a well known
+ * kernel image offset and adds a kernel command line argument for it.
+ *
+ * @pImage: Kernel image buffer.
+ * @cmdline: Kernel command line buffer.
+ * @cmdline_max_len: Kernel command line buffer length.
+ */
+
+static inline void grub_pass_verity_hash(const void *pImage,
+ char *cmdline,
+ grub_size_t cmdline_max_len)
+{
+ const char *buf = pImage;
+ grub_size_t cmdline_len;
+ int i;
+
+ for (i=VERITY_HASH_OFFSET; i<VERITY_HASH_OFFSET + VERITY_HASH_LENGTH; i++)
+ {
+ if (buf[i] < '0' || buf[i] > '9') // Not a number
+ if (buf[i] < 'a' || buf[i] > 'f') // Not a hex letter
+ return;
+ }
+
+ cmdline_len = grub_strlen(cmdline);
+ if (cmdline_len + VERITY_CMDLINE_LENGTH > cmdline_max_len)
+ return;
+
+ grub_memcpy (cmdline + cmdline_len, VERITY_ARG, VERITY_ARG_LENGTH);
+ cmdline_len += VERITY_ARG_LENGTH;
+ grub_memcpy (cmdline + cmdline_len, buf + VERITY_HASH_OFFSET,
+ VERITY_HASH_LENGTH);
+ cmdline_len += VERITY_HASH_LENGTH;
+ cmdline[cmdline_len] = '\0';
+}
--
2.34.1

7
sdk_container/src/third_party/coreos-overlay/sys-boot/grub/grub-2.06-r7.ebuild vendored
View File

@ -72,6 +72,8 @@ PATCHES=(
"${FILESDIR}"/grub-2.06-fs-ext2-ignore-checksum-seed.patch
"${FILESDIR}"/grub-2.06-riscv.patch
"${FILESDIR}"/grub-2.06-locale.patch
"${FILESDIR}"/grub-2.06-add-verity-hash.patch
"${FILESDIR}"/grub-2.06-add-gpt-partition-scheme.patch
)
DEJAVU=dejavu-sans-ttf-2.37
@ -89,6 +91,9 @@ IUSE="device-mapper doc efiemu +fonts mount nls sdl test +themes truetype libzfs
GRUB_ALL_PLATFORMS=( coreboot efi-32 efi-64 emu ieee1275 loongson multiboot
qemu qemu-mips pc uboot xen xen-32 xen-pvh )
# Flatcar: Add arm64 to the list of platforms
GRUB_ALL_PLATFORMS+=( arm64 )
IUSE+=" ${GRUB_ALL_PLATFORMS[@]/#/grub_platforms_}"
REQUIRED_USE="
@ -104,6 +109,7 @@ BDEPEND="
sys-devel/bison
sys-apps/help2man
sys-apps/texinfo
grub_platforms_arm64? ( cross-aarch64-cros-linux-gnu/gcc )
fonts? (
media-libs/freetype:2
virtual/pkgconfig
@ -210,6 +216,7 @@ grub_configure() {
efi*) platform=efi ;;
xen-pvh) platform=xen_pvh ;;
xen*) platform=xen ;;
arm64*) platform=efi ;;
guessed) ;;
*) platform=${MULTIBUILD_VARIANT} ;;
esac

344
sdk_container/src/third_party/coreos-overlay/sys-boot/grub/grub-2.12_rc1-r1.ebuild vendored
View File

@ -1,344 +0,0 @@
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
# This ebuild uses 3 special global variables:
# GRUB_BOOTSTRAP: Depend on python and invoke bootstrap (gnulib).
# GRUB_AUTOGEN: Depend on python and invoke autogen.sh.
# GRUB_AUTORECONF: Inherit autotools and invoke eautoreconf.
#
# When applying patches:
# If gnulib is updated, set GRUB_BOOTSTRAP=1
# If gentpl.py or *.def is updated, set GRUB_AUTOGEN=1
# If gnulib, gentpl.py, *.def, or any autotools files are updated, set GRUB_AUTORECONF=1
#
# If any of the above applies to a user patch, the user should set the
# corresponding variable in make.conf or the environment.
if [[ ${PV} == 9999 ]]; then
GRUB_AUTORECONF=1
GRUB_BOOTSTRAP=1
fi
PYTHON_COMPAT=( python3_{9..11} )
WANT_LIBTOOL=none
VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/dkiper.gpg
if [[ -n ${GRUB_AUTOGEN} || -n ${GRUB_BOOTSTRAP} ]]; then
inherit python-any-r1
fi
if [[ -n ${GRUB_AUTORECONF} ]]; then
inherit autotools
fi
inherit bash-completion-r1 flag-o-matic multibuild optfeature toolchain-funcs verify-sig
MY_P=${P}
if [[ ${PV} != 9999 ]]; then
if [[ ${PV} == *_alpha* || ${PV} == *_beta* || ${PV} == *_rc* ]]; then
# The quote style is to work with <=bash-4.2 and >=bash-4.3 #503860
MY_P=${P/_/'~'}
SRC_URI="
https://alpha.gnu.org/gnu/${PN}/${MY_P}.tar.xz
verify-sig? ( https://alpha.gnu.org/gnu/${PN}/${MY_P}.tar.xz.sig )
"
S=${WORKDIR}/${MY_P}
else
SRC_URI="
mirror://gnu/${PN}/${P}.tar.xz
verify-sig? ( mirror://gnu/${PN}/${P}.tar.xz.sig )
"
S=${WORKDIR}/${P%_*}
fi
#KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~riscv ~sparc ~x86"
else
inherit git-r3
EGIT_REPO_URI="https://git.savannah.gnu.org/git/grub.git"
fi
PATCHES=(
"${FILESDIR}"/gfxpayload.patch
"${FILESDIR}"/grub-2.02_beta2-KERNEL_GLOBS.patch
"${FILESDIR}"/grub-2.06-test-words.patch
"${FILESDIR}"/grub-2.12_rc1-util-grub.d-25_bli.in-fix-shebang-on-unmerged-usr.patch
)
DEJAVU=dejavu-sans-ttf-2.37
UNIFONT=unifont-15.0.06
SRC_URI+=" fonts? ( mirror://gnu/unifont/${UNIFONT}/${UNIFONT}.pcf.gz )
themes? ( mirror://sourceforge/dejavu/${DEJAVU}.zip )"
DESCRIPTION="GNU GRUB boot loader"
HOMEPAGE="https://www.gnu.org/software/grub/"
# Includes licenses for dejavu and unifont
LICENSE="GPL-3+ BSD MIT fonts? ( GPL-2-with-font-exception ) themes? ( CC-BY-SA-3.0 BitstreamVera )"
SLOT="2/${PVR}"
IUSE="device-mapper doc efiemu +fonts mount nls sdl test +themes truetype libzfs"
GRUB_ALL_PLATFORMS=( coreboot efi-32 efi-64 emu ieee1275 loongson multiboot
qemu qemu-mips pc uboot xen xen-32 xen-pvh )
IUSE+=" ${GRUB_ALL_PLATFORMS[@]/#/grub_platforms_}"
REQUIRED_USE="
grub_platforms_coreboot? ( fonts )
grub_platforms_qemu? ( fonts )
grub_platforms_ieee1275? ( fonts )
grub_platforms_loongson? ( fonts )
"
BDEPEND="
${PYTHON_DEPS}
>=sys-devel/flex-2.5.35
sys-devel/bison
sys-apps/help2man
sys-apps/texinfo
fonts? (
media-libs/freetype:2
virtual/pkgconfig
)
test? (
app-admin/genromfs
app-arch/cpio
app-arch/lzop
app-emulation/qemu
dev-libs/libisoburn
sys-apps/miscfiles
sys-block/parted
sys-fs/squashfs-tools
)
themes? (
app-arch/unzip
media-libs/freetype:2
virtual/pkgconfig
)
truetype? ( virtual/pkgconfig )
verify-sig? ( sec-keys/openpgp-keys-danielkiper )
"
DEPEND="
app-arch/xz-utils
>=sys-libs/ncurses-5.2-r5:0=
grub_platforms_emu? (
sdl? ( media-libs/libsdl )
)
device-mapper? ( >=sys-fs/lvm2-2.02.45 )
libzfs? ( sys-fs/zfs:= )
mount? ( sys-fs/fuse:0 )
truetype? ( media-libs/freetype:2= )
ppc? ( >=sys-apps/ibm-powerpc-utils-1.3.5 )
ppc64? ( >=sys-apps/ibm-powerpc-utils-1.3.5 )
"
RDEPEND="${DEPEND}
kernel_linux? (
grub_platforms_efi-32? ( sys-boot/efibootmgr )
grub_platforms_efi-64? ( sys-boot/efibootmgr )
)
!sys-boot/grub:0
nls? ( sys-devel/gettext )
"
RESTRICT="!test? ( test ) test? ( userpriv )"
QA_EXECSTACK="usr/bin/grub-emu* usr/lib/grub/*"
QA_PRESTRIPPED="usr/lib/grub/.*"
QA_MULTILIB_PATHS="usr/lib/grub/.*"
QA_WX_LOAD="usr/lib/grub/*"
pkg_setup() {
:
}
src_unpack() {
if [[ ${PV} == 9999 ]]; then
git-r3_src_unpack
pushd "${P}" >/dev/null || die
local GNULIB_URI="https://git.savannah.gnu.org/git/gnulib.git"
local GNULIB_REVISION=$(source bootstrap.conf >/dev/null; echo "${GNULIB_REVISION}")
git-r3_fetch "${GNULIB_URI}" "${GNULIB_REVISION}"
git-r3_checkout "${GNULIB_URI}" gnulib
popd >/dev/null || die
elif use verify-sig; then
verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.xz{,.sig}
fi
default
}
src_prepare() {
default
if [[ -n ${GRUB_AUTOGEN} || -n ${GRUB_BOOTSTRAP} ]]; then
python_setup
else
export PYTHON=true
fi
if [[ -n ${GRUB_BOOTSTRAP} ]]; then
eautopoint --force
AUTOPOINT=: AUTORECONF=: ./bootstrap || die
elif [[ -n ${GRUB_AUTOGEN} ]]; then
FROM_BOOTSTRAP=1 ./autogen.sh || die
fi
if [[ -n ${GRUB_AUTORECONF} ]]; then
eautoreconf
fi
}
grub_do() {
multibuild_foreach_variant run_in_build_dir "$@"
}
grub_do_once() {
multibuild_for_best_variant run_in_build_dir "$@"
}
grub_configure() {
local platform
case ${MULTIBUILD_VARIANT} in
efi*) platform=efi ;;
xen-pvh) platform=xen_pvh ;;
xen*) platform=xen ;;
guessed) ;;
*) platform=${MULTIBUILD_VARIANT} ;;
esac
case ${MULTIBUILD_VARIANT} in
*-32)
if [[ ${CTARGET:-${CHOST}} == x86_64* ]]; then
local CTARGET=i386
fi ;;
*-64)
if [[ ${CTARGET:-${CHOST}} == i?86* ]]; then
local CTARGET=x86_64
local -x TARGET_CFLAGS="-Os -march=x86-64 ${TARGET_CFLAGS}"
local -x TARGET_CPPFLAGS="-march=x86-64 ${TARGET_CPPFLAGS}"
fi ;;
esac
local myeconfargs=(
--disable-werror
--program-prefix=
--libdir="${EPREFIX}"/usr/lib
$(use_enable device-mapper)
$(use_enable mount grub-mount)
$(use_enable nls)
$(use_enable themes grub-themes)
$(use_enable truetype grub-mkfont)
$(use_enable libzfs)
$(use_enable sdl grub-emu-sdl)
${platform:+--with-platform=}${platform}
# Let configure detect this where supported
$(usex efiemu '' '--disable-efiemu')
)
if use fonts; then
ln -rs "${WORKDIR}/${UNIFONT}.pcf" unifont.pcf || die
fi
if use themes; then
ln -rs "${WORKDIR}/${DEJAVU}/ttf/DejaVuSans.ttf" DejaVuSans.ttf || die
fi
local ECONF_SOURCE="${S}"
econf "${myeconfargs[@]}"
}
src_configure() {
# Bug 508758.
replace-flags -O3 -O2
# Workaround for bug 829165.
filter-ldflags -pie
# We don't want to leak flags onto boot code.
export HOST_CCASFLAGS=${CCASFLAGS}
export HOST_CFLAGS=${CFLAGS}
export HOST_CPPFLAGS=${CPPFLAGS}
export HOST_LDFLAGS=${LDFLAGS}
unset CCASFLAGS CFLAGS CPPFLAGS LDFLAGS
tc-ld-disable-gold #439082 #466536 #526348
export TARGET_LDFLAGS="${TARGET_LDFLAGS} ${LDFLAGS}"
unset LDFLAGS
tc-export CC NM OBJCOPY RANLIB STRIP
tc-export BUILD_CC BUILD_PKG_CONFIG
# Force configure to use flex & bison, bug 887211.
export LEX=flex
unset YACC
MULTIBUILD_VARIANTS=()
local p
for p in "${GRUB_ALL_PLATFORMS[@]}"; do
use "grub_platforms_${p}" && MULTIBUILD_VARIANTS+=( "${p}" )
done
[[ ${#MULTIBUILD_VARIANTS[@]} -eq 0 ]] && MULTIBUILD_VARIANTS=( guessed )
grub_do grub_configure
}
src_compile() {
# Sandbox bug 404013.
use libzfs && addpredict /etc/dfs:/dev/zfs
grub_do emake
use doc && grub_do_once emake -C docs html
}
src_test() {
# The qemu dependency is a bit complex.
# You will need to adjust QEMU_SOFTMMU_TARGETS to match the cpu/platform.
local SANDBOX_WRITE=${SANDBOX_WRITE}
addwrite /dev
grub_do emake -j1 check
}
src_install() {
grub_do emake install DESTDIR="${D}" bashcompletiondir="$(get_bashcompdir)"
use doc && grub_do_once emake -C docs install-html DESTDIR="${D}"
einstalldocs
insinto /etc/default
newins "${FILESDIR}"/grub.default-4 grub
# https://bugs.gentoo.org/231935
dostrip -x /usr/lib/grub
}
pkg_postinst() {
elog "For information on how to configure GRUB2 please refer to the guide:"
elog " https://wiki.gentoo.org/wiki/GRUB2_Quick_Start"
if [[ -n ${REPLACING_VERSIONS} ]]; then
local v
for v in ${REPLACING_VERSIONS}; do
if ver_test -gt ${v}; then
ewarn
ewarn "Re-run grub-install to update installed boot code!"
ewarn "Re-run grub-mkconfig to update grub.cfg!"
ewarn
break
fi
done
else
elog
optfeature "detecting other operating systems (grub-mkconfig)" sys-boot/os-prober
optfeature "creating rescue media (grub-mkrescue)" dev-libs/libisoburn
optfeature "enabling RAID device detection" sys-fs/mdadm
fi
if has_version 'sys-boot/grub:0'; then
elog "A migration guide for GRUB Legacy users is available:"
elog " https://wiki.gentoo.org/wiki/GRUB2_Migration"
fi
if has_version sys-boot/os-prober; then
ewarn "Due to security concerns, os-prober is disabled by default."
ewarn "Set GRUB_DISABLE_OS_PROBER=false in /etc/default/grub to enable it."
fi
}

332
sdk_container/src/third_party/coreos-overlay/sys-boot/grub/grub-9999.ebuild vendored
View File

@ -1,332 +0,0 @@
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
# This ebuild uses 3 special global variables:
# GRUB_BOOTSTRAP: Depend on python and invoke bootstrap (gnulib).
# GRUB_AUTOGEN: Depend on python and invoke autogen.sh.
# GRUB_AUTORECONF: Inherit autotools and invoke eautoreconf.
#
# When applying patches:
# If gnulib is updated, set GRUB_BOOTSTRAP=1
# If gentpl.py or *.def is updated, set GRUB_AUTOGEN=1
# If gnulib, gentpl.py, *.def, or any autotools files are updated, set GRUB_AUTORECONF=1
#
# If any of the above applies to a user patch, the user should set the
# corresponding variable in make.conf or the environment.
if [[ ${PV} == 9999 ]]; then
GRUB_AUTORECONF=1
GRUB_BOOTSTRAP=1
fi
PYTHON_COMPAT=( python3_{9..11} )
WANT_LIBTOOL=none
if [[ -n ${GRUB_AUTOGEN} || -n ${GRUB_BOOTSTRAP} ]]; then
inherit python-any-r1
fi
if [[ -n ${GRUB_AUTORECONF} ]]; then
inherit autotools
fi
inherit bash-completion-r1 flag-o-matic multibuild optfeature toolchain-funcs
if [[ ${PV} != 9999 ]]; then
if [[ ${PV} == *_alpha* || ${PV} == *_beta* || ${PV} == *_rc* ]]; then
# The quote style is to work with <=bash-4.2 and >=bash-4.3 #503860
MY_P=${P/_/'~'}
SRC_URI="https://alpha.gnu.org/gnu/${PN}/${MY_P}.tar.xz"
S=${WORKDIR}/${MY_P}
else
SRC_URI="mirror://gnu/${PN}/${P}.tar.xz"
S=${WORKDIR}/${P%_*}
fi
KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~riscv ~sparc ~x86"
else
inherit git-r3
EGIT_REPO_URI="https://git.savannah.gnu.org/git/grub.git"
fi
PATCHES=(
"${FILESDIR}"/gfxpayload.patch
"${FILESDIR}"/grub-2.02_beta2-KERNEL_GLOBS.patch
"${FILESDIR}"/grub-2.06-test-words.patch
)
DEJAVU=dejavu-sans-ttf-2.37
UNIFONT=unifont-15.0.06
SRC_URI+=" fonts? ( mirror://gnu/unifont/${UNIFONT}/${UNIFONT}.pcf.gz )
themes? ( mirror://sourceforge/dejavu/${DEJAVU}.zip )"
DESCRIPTION="GNU GRUB boot loader"
HOMEPAGE="https://www.gnu.org/software/grub/"
# Includes licenses for dejavu and unifont
LICENSE="GPL-3+ BSD MIT fonts? ( GPL-2-with-font-exception ) themes? ( CC-BY-SA-3.0 BitstreamVera )"
SLOT="2/${PVR}"
IUSE="device-mapper doc efiemu +fonts mount nls sdl test +themes truetype libzfs"
GRUB_ALL_PLATFORMS=( coreboot efi-32 efi-64 emu ieee1275 loongson multiboot
qemu qemu-mips pc uboot xen xen-32 xen-pvh )
IUSE+=" ${GRUB_ALL_PLATFORMS[@]/#/grub_platforms_}"
REQUIRED_USE="
grub_platforms_coreboot? ( fonts )
grub_platforms_qemu? ( fonts )
grub_platforms_ieee1275? ( fonts )
grub_platforms_loongson? ( fonts )
"
BDEPEND="
${PYTHON_DEPS}
>=sys-devel/flex-2.5.35
sys-devel/bison
sys-apps/help2man
sys-apps/texinfo
fonts? (
media-libs/freetype:2
virtual/pkgconfig
)
test? (
app-admin/genromfs
app-arch/cpio
app-arch/lzop
app-emulation/qemu
dev-libs/libisoburn
sys-apps/miscfiles
sys-block/parted
sys-fs/squashfs-tools
)
themes? (
app-arch/unzip
media-libs/freetype:2
virtual/pkgconfig
)
truetype? ( virtual/pkgconfig )
"
DEPEND="
app-arch/xz-utils
>=sys-libs/ncurses-5.2-r5:0=
grub_platforms_emu? (
sdl? ( media-libs/libsdl )
)
device-mapper? ( >=sys-fs/lvm2-2.02.45 )
libzfs? ( sys-fs/zfs:= )
mount? ( sys-fs/fuse:0 )
truetype? ( media-libs/freetype:2= )
ppc? ( >=sys-apps/ibm-powerpc-utils-1.3.5 )
ppc64? ( >=sys-apps/ibm-powerpc-utils-1.3.5 )
"
RDEPEND="${DEPEND}
kernel_linux? (
grub_platforms_efi-32? ( sys-boot/efibootmgr )
grub_platforms_efi-64? ( sys-boot/efibootmgr )
)
!sys-boot/grub:0
nls? ( sys-devel/gettext )
"
RESTRICT="!test? ( test ) test? ( userpriv )"
QA_EXECSTACK="usr/bin/grub-emu* usr/lib/grub/*"
QA_PRESTRIPPED="usr/lib/grub/.*"
QA_MULTILIB_PATHS="usr/lib/grub/.*"
QA_WX_LOAD="usr/lib/grub/*"
pkg_setup() {
:
}
src_unpack() {
if [[ ${PV} == 9999 ]]; then
git-r3_src_unpack
pushd "${P}" >/dev/null || die
local GNULIB_URI="https://git.savannah.gnu.org/git/gnulib.git"
local GNULIB_REVISION=$(source bootstrap.conf >/dev/null; echo "${GNULIB_REVISION}")
git-r3_fetch "${GNULIB_URI}" "${GNULIB_REVISION}"
git-r3_checkout "${GNULIB_URI}" gnulib
popd >/dev/null || die
fi
default
}
src_prepare() {
default
if [[ -n ${GRUB_AUTOGEN} || -n ${GRUB_BOOTSTRAP} ]]; then
python_setup
else
export PYTHON=true
fi
if [[ -n ${GRUB_BOOTSTRAP} ]]; then
eautopoint --force
AUTOPOINT=: AUTORECONF=: ./bootstrap || die
elif [[ -n ${GRUB_AUTOGEN} ]]; then
FROM_BOOTSTRAP=1 ./autogen.sh || die
fi
if [[ -n ${GRUB_AUTORECONF} ]]; then
eautoreconf
fi
}
grub_do() {
multibuild_foreach_variant run_in_build_dir "$@"
}
grub_do_once() {
multibuild_for_best_variant run_in_build_dir "$@"
}
grub_configure() {
local platform
case ${MULTIBUILD_VARIANT} in
efi*) platform=efi ;;
xen-pvh) platform=xen_pvh ;;
xen*) platform=xen ;;
guessed) ;;
*) platform=${MULTIBUILD_VARIANT} ;;
esac
case ${MULTIBUILD_VARIANT} in
*-32)
if [[ ${CTARGET:-${CHOST}} == x86_64* ]]; then
local CTARGET=i386
fi ;;
*-64)
if [[ ${CTARGET:-${CHOST}} == i?86* ]]; then
local CTARGET=x86_64
local -x TARGET_CFLAGS="-Os -march=x86-64 ${TARGET_CFLAGS}"
local -x TARGET_CPPFLAGS="-march=x86-64 ${TARGET_CPPFLAGS}"
fi ;;
esac
local myeconfargs=(
--disable-werror
--program-prefix=
--libdir="${EPREFIX}"/usr/lib
$(use_enable device-mapper)
$(use_enable mount grub-mount)
$(use_enable nls)
$(use_enable themes grub-themes)
$(use_enable truetype grub-mkfont)
$(use_enable libzfs)
$(use_enable sdl grub-emu-sdl)
${platform:+--with-platform=}${platform}
# Let configure detect this where supported
$(usex efiemu '' '--disable-efiemu')
)
if use fonts; then
ln -rs "${WORKDIR}/${UNIFONT}.pcf" unifont.pcf || die
fi
if use themes; then
ln -rs "${WORKDIR}/${DEJAVU}/ttf/DejaVuSans.ttf" DejaVuSans.ttf || die
fi
local ECONF_SOURCE="${S}"
econf "${myeconfargs[@]}"
}
src_configure() {
# Bug 508758.
replace-flags -O3 -O2
# Workaround for bug 829165.
filter-ldflags -pie
# We don't want to leak flags onto boot code.
export HOST_CCASFLAGS=${CCASFLAGS}
export HOST_CFLAGS=${CFLAGS}
export HOST_CPPFLAGS=${CPPFLAGS}
export HOST_LDFLAGS=${LDFLAGS}
unset CCASFLAGS CFLAGS CPPFLAGS LDFLAGS
tc-ld-disable-gold #439082 #466536 #526348
export TARGET_LDFLAGS="${TARGET_LDFLAGS} ${LDFLAGS}"
unset LDFLAGS
tc-export CC NM OBJCOPY RANLIB STRIP
tc-export BUILD_CC BUILD_PKG_CONFIG
# Force configure to use flex & bison, bug 887211.
export LEX=flex
unset YACC
MULTIBUILD_VARIANTS=()
local p
for p in "${GRUB_ALL_PLATFORMS[@]}"; do
use "grub_platforms_${p}" && MULTIBUILD_VARIANTS+=( "${p}" )
done
[[ ${#MULTIBUILD_VARIANTS[@]} -eq 0 ]] && MULTIBUILD_VARIANTS=( guessed )
grub_do grub_configure
}
src_compile() {
# Sandbox bug 404013.
use libzfs && addpredict /etc/dfs:/dev/zfs
grub_do emake
use doc && grub_do_once emake -C docs html
}
src_test() {
# The qemu dependency is a bit complex.
# You will need to adjust QEMU_SOFTMMU_TARGETS to match the cpu/platform.
local SANDBOX_WRITE=${SANDBOX_WRITE}
addwrite /dev
grub_do emake -j1 check
}
src_install() {
grub_do emake install DESTDIR="${D}" bashcompletiondir="$(get_bashcompdir)"
use doc && grub_do_once emake -C docs install-html DESTDIR="${D}"
einstalldocs
insinto /etc/default
newins "${FILESDIR}"/grub.default-4 grub
# https://bugs.gentoo.org/231935
dostrip -x /usr/lib/grub
}
pkg_postinst() {
elog "For information on how to configure GRUB2 please refer to the guide:"
elog " https://wiki.gentoo.org/wiki/GRUB2_Quick_Start"
if [[ -n ${REPLACING_VERSIONS} ]]; then
local v
for v in ${REPLACING_VERSIONS}; do
if ver_test -gt ${v}; then
ewarn
ewarn "Re-run grub-install to update installed boot code!"
ewarn "Re-run grub-mkconfig to update grub.cfg!"
ewarn
break
fi
done
else
elog
optfeature "detecting other operating systems (grub-mkconfig)" sys-boot/os-prober
optfeature "creating rescue media (grub-mkrescue)" dev-libs/libisoburn
optfeature "enabling RAID device detection" sys-fs/mdadm
fi
if has_version 'sys-boot/grub:0'; then
elog "A migration guide for GRUB Legacy users is available:"
elog " https://wiki.gentoo.org/wiki/GRUB2_Migration"
fi
if has_version sys-boot/os-prober; then
ewarn "Due to security concerns, os-prober is disabled by default."
ewarn "Set GRUB_DISABLE_OS_PROBER=false in /etc/default/grub to enable it."
fi
}