Compare commits

...

6 Commits
master ... f29

Author SHA1 Message Date
Peter Jones
7c415d8287 Exclude /etc/grub.d/01_fallback_counting until we work through some design
questions.
  Resolves: rhbz#1614637

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-10-04 17:10:15 -04:00
Peter Jones
8cce506787 Fix the fallback counting script even harder. Apparently, this wasn't
tested well enough.
  Resolves: rhbz#1614637

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-10-03 15:55:57 -04:00
Peter Jones
bda81f02f1 Fix grub.cfg boot counting snippet generation (lorbus)
Resolves: rhbz#1614637

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-10-02 13:34:30 -04:00
Peter Jones
678ec0d12e Fix the changelog I broke
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-09-25 14:02:41 -04:00
Hans de Goede
bb02e16c59 Stop using pkexec for grub2-set-bootflag
Stop using pkexec for grub2-set-bootflag, it does not work under gdm instead
make it suid root (it was written with this in mind)

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-09-25 14:01:44 -04:00
Peter Jones
b796a9a04b Add 2 conditions to boot-success timer and service
- Don't run it for system users
  Resolves: rhbz#1592201
- Don't run it when pkexec isn't available
  Resolves: rhbz#1619445

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-09-12 10:37:48 -04:00
30 changed files with 344 additions and 79 deletions

View File

@ -1,48 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Christian Glombek <lorbus@fedoraproject.org>
Date: Tue, 31 Jul 2018 11:12:06 +0200
Subject: [PATCH] Boot Counting
Adds 01_fallback_counting.in script to support boot counting before
falling back to the previous menu entry automatically
---
Makefile.util.def | 6 ++++++
util/grub.d/01_fallback_counting.in | 12 ++++++++++++
2 files changed, 18 insertions(+)
create mode 100644 util/grub.d/01_fallback_counting.in
diff --git a/Makefile.util.def b/Makefile.util.def
index cba4d500198..c8cb91308d9 100644
--- a/Makefile.util.def
+++ b/Makefile.util.def
@@ -448,6 +448,12 @@ script = {
installdir = grubconf;
};
+script = {
+ name = '01_fallback_counting';
+ common = util/grub.d/01_fallback_counting.in;
+ installdir = grubconf;
+};
+
script = {
name = '01_menu_auto_hide';
common = util/grub.d/01_menu_auto_hide.in;
diff --git a/util/grub.d/01_fallback_counting.in b/util/grub.d/01_fallback_counting.in
new file mode 100644
index 00000000000..ecfc7401474
--- /dev/null
+++ b/util/grub.d/01_fallback_counting.in
@@ -0,0 +1,12 @@
+#! /bin/sh -e
+
+# Boot Counting
+if [ "\${boot_counter}" -a "\${boot_success}" = "0" ]; then
+ if [ "\${boot_counter}" = "0" -o "\${boot_counter}" = "-1" ]; then
+ set default=1
+ set boot_counter=-1
+ else
+ set boot_counter=$((\${boot_counter}-1))
+ fi
+ save_env boot_counter
+fi

View File

@ -0,0 +1,33 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Mon, 3 Sep 2018 13:01:58 +0200
Subject: [PATCH] grub-boot-success.timer: Add a few Conditions for running the
timer
Add 2 Conditions for running the boot-success timer / service:
1) Do not run it for system users, this fixes errors about gdm not being
allowed to use pkexec when the greeter session lasts for more then 2 minutes:
https://bugzilla.redhat.com/show_bug.cgi?id=1592201#c6
2) Do not run the timer when pkexec is not available (on minimal installs)
since then it will just lead to a bunch of errors without doing anything:
https://bugzilla.redhat.com/show_bug.cgi?id=1619445
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
docs/grub-boot-success.timer | 2 ++
1 file changed, 2 insertions(+)
diff --git a/docs/grub-boot-success.timer b/docs/grub-boot-success.timer
index 221b532781b..67bd829b795 100644
--- a/docs/grub-boot-success.timer
+++ b/docs/grub-boot-success.timer
@@ -1,5 +1,7 @@
[Unit]
Description=Mark boot as successful after the user session has run 2 minutes
+ConditionUser=!@system
+ConditionPathExists=/usr/bin/pkexec
[Timer]
OnActiveSec=2min

View File

@ -0,0 +1,69 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Fri, 14 Sep 2018 16:39:40 +0200
Subject: [PATCH] docs: Stop using polkit / pkexec for grub-boot-success.timer
/ service
We also want to call grub2-set-bootflag under gdm and pkexec does not
work under gdm because the gdm user has /sbin/nologin as shell.
So instead we are going to install grub2-set-bootflag as suid root,
grub2-set-bootflag was written with this usage in mind, so is safe
to be made suid root.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
docs/grub-boot-success.service | 2 +-
docs/grub-boot-success.timer | 1 -
docs/org.gnu.grub.policy | 20 --------------------
3 files changed, 1 insertion(+), 22 deletions(-)
delete mode 100644 docs/org.gnu.grub.policy
diff --git a/docs/grub-boot-success.service b/docs/grub-boot-success.service
index c8c91c34d49..80e79584c91 100644
--- a/docs/grub-boot-success.service
+++ b/docs/grub-boot-success.service
@@ -3,4 +3,4 @@ Description=Mark boot as successful
[Service]
Type=oneshot
-ExecStart=/usr/bin/pkexec /usr/sbin/grub2-set-bootflag boot_success
+ExecStart=/usr/sbin/grub2-set-bootflag boot_success
diff --git a/docs/grub-boot-success.timer b/docs/grub-boot-success.timer
index 67bd829b795..5d8fcba21aa 100644
--- a/docs/grub-boot-success.timer
+++ b/docs/grub-boot-success.timer
@@ -1,7 +1,6 @@
[Unit]
Description=Mark boot as successful after the user session has run 2 minutes
ConditionUser=!@system
-ConditionPathExists=/usr/bin/pkexec
[Timer]
OnActiveSec=2min
diff --git a/docs/org.gnu.grub.policy b/docs/org.gnu.grub.policy
deleted file mode 100644
index 18391efc8e7..00000000000
--- a/docs/org.gnu.grub.policy
+++ /dev/null
@@ -1,20 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
-<policyconfig>
- <vendor>GNU GRUB</vendor>
- <vendor_url>https://www.gnu.org/software/grub/</vendor_url>
- <action id="org.gnu.grub.set-bootflag">
- <!-- SECURITY:
- - A normal active user on the local machine does not need permission
- to set bootflags to show the menu / mark current boot successful.
- -->
- <description>Set GRUB bootflags</description>
- <message>Authentication is required to modify the bootloaders bootflags</message>
- <defaults>
- <allow_any>no</allow_any>
- <allow_inactive>no</allow_inactive>
- <allow_active>yes</allow_active>
- </defaults>
- <annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/grub2-set-bootflag</annotate>
- </action>
-</policyconfig>

View File

@ -0,0 +1,187 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 4 Oct 2018 14:22:09 -0400
Subject: [PATCH] Reimplement boot_counter
This adds "increment" and "decrement" commands, and uses them to maintain our
variables in 01_fallback_counter. It also simplifies the counter logic, so
that there are no nested tests that conflict with each other.
Apparently, this *really* wasn't tested well enough.
Resolves: rhbz#1614637
Signed-off-by: Peter Jones <pjones@redhat.com>
---
Makefile.util.def | 6 +++
grub-core/Makefile.core.def | 5 ++
grub-core/commands/increment.c | 105 ++++++++++++++++++++++++++++++++++++
util/grub.d/01_fallback_counting.in | 15 ++++++
4 files changed, 131 insertions(+)
create mode 100644 grub-core/commands/increment.c
create mode 100644 util/grub.d/01_fallback_counting.in
diff --git a/Makefile.util.def b/Makefile.util.def
index cba4d500198..c8cb91308d9 100644
--- a/Makefile.util.def
+++ b/Makefile.util.def
@@ -448,6 +448,12 @@ script = {
installdir = grubconf;
};
+script = {
+ name = '01_fallback_counting';
+ common = util/grub.d/01_fallback_counting.in;
+ installdir = grubconf;
+};
+
script = {
name = '01_menu_auto_hide';
common = util/grub.d/01_menu_auto_hide.in;
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 701e5d32fa2..1bf666b5ec1 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -364,6 +364,11 @@ kernel = {
extra_dist = kern/mips/cache_flush.S;
};
+module = {
+ name = increment;
+ common = commands/increment.c;
+};
+
program = {
name = grub-emu;
mansection = 1;
diff --git a/grub-core/commands/increment.c b/grub-core/commands/increment.c
new file mode 100644
index 00000000000..79cf137656c
--- /dev/null
+++ b/grub-core/commands/increment.c
@@ -0,0 +1,105 @@
+/* increment.c - Commands to increment and decrement variables. */
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2006,2007,2008 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/dl.h>
+#include <grub/term.h>
+#include <grub/time.h>
+#include <grub/types.h>
+#include <grub/misc.h>
+#include <grub/extcmd.h>
+#include <grub/i18n.h>
+#include <grub/env.h>
+
+GRUB_MOD_LICENSE ("GPLv3+");
+
+typedef enum {
+ INCREMENT,
+ DECREMENT,
+} operation;
+
+static grub_err_t
+incr_decr(operation op, int argc, char **args)
+{
+ const char *old;
+ char *new;
+ long value;
+
+ if (argc < 1)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_ ("no variable specified"));
+ if (argc > 1)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_ ("too many arguments"));
+
+ old = grub_env_get (*args);
+ if (!old)
+ return grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("No such variable \"%s\""),
+ *args);
+
+ value = grub_strtol (old, NULL, 0);
+ if (grub_errno != GRUB_ERR_NONE)
+ return grub_errno;
+
+ switch (op)
+ {
+ case INCREMENT:
+ value += 1;
+ break;
+ case DECREMENT:
+ value -= 1;
+ break;
+ }
+
+ new = grub_xasprintf ("%ld", value);
+ if (!new)
+ return grub_errno;
+
+ grub_env_set (*args, new);
+ grub_free (new);
+
+ return GRUB_ERR_NONE;
+}
+
+static grub_err_t
+grub_cmd_incr(struct grub_command *cmd UNUSED,
+ int argc, char **args)
+{
+ return incr_decr(INCREMENT, argc, args);
+}
+
+static grub_err_t
+grub_cmd_decr(struct grub_command *cmd UNUSED,
+ int argc, char **args)
+{
+ return incr_decr(DECREMENT, argc, args);
+}
+
+static grub_command_t cmd_incr, cmd_decr;
+
+GRUB_MOD_INIT(increment)
+{
+ cmd_incr = grub_register_command ("increment", grub_cmd_incr, N_("VARIABLE"),
+ N_("increment VARIABLE"));
+ cmd_decr = grub_register_command ("decrement", grub_cmd_decr, N_("VARIABLE"),
+ N_("decrement VARIABLE"));
+}
+
+GRUB_MOD_FINI(increment)
+{
+ grub_unregister_command (cmd_incr);
+ grub_unregister_command (cmd_decr);
+}
diff --git a/util/grub.d/01_fallback_counting.in b/util/grub.d/01_fallback_counting.in
new file mode 100644
index 00000000000..6ca13da03df
--- /dev/null
+++ b/util/grub.d/01_fallback_counting.in
@@ -0,0 +1,15 @@
+#! /bin/sh -e
+
+# Boot Counting
+cat << EOF
+insmod increment
+if [ -z "\${boot_counter}" ]; then
+ set boot_counter=0
+elif [ "\${boot_counter}" = "0" -o "\${boot_counter}" = "-1" ]; then
+ increment default
+ set boot_counter=-1
+else
+ decrement boot_counter
+fi
+save_env boot_counter
+EOF

View File

@ -368,7 +368,7 @@ GRUB_MODULES=" all_video boot blscfg btrfs \\\
cat configfile \\\
echo efi_netfs efifwsetup efinet ext2 \\\
fat font gfxmenu gfxterm gzio \\\
halt hfsplus http iso9660 jpeg \\\
halt hfsplus http increment iso9660 jpeg \\\
loadenv loopback linux lvm lsefi lsefimmap \\\
mdraid09 mdraid1x minicmd net \\\
normal part_apple part_msdos part_gpt \\\

View File

@ -213,27 +213,29 @@ Patch0212: 0212-blscfg-Fallback-to-search-BLS-snippets-in-boot-loade.patch
Patch0213: 0213-blscfg-Don-t-attempt-to-sort-by-version-if-not-prese.patch
Patch0214: 0214-blscfg-remove-logic-to-read-the-grubenv-file-and-set.patch
Patch0215: 0215-Rename-00_menu_auto_hide.in-to-01_menu_auto_hide.in.patch
Patch0216: 0216-Boot-Counting.patch
Patch0217: 0217-efinet-also-use-the-firmware-acceleration-for-http.patch
Patch0218: 0218-efi-http-Make-root_url-reflect-the-protocol-hostname.patch
Patch0219: 0219-Disable-multiboot-multiboot2-and-linux16-modules-on-.patch
Patch0220: 0220-Force-everything-to-use-python3.patch
Patch0221: 0221-Fix-an-8-year-old-typo.patch
Patch0222: 0222-autogen-don-t-run-autoreconf-in-the-topdir.patch
Patch0223: 0223-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch
Patch0224: 0224-module-verifier-make-it-possible-to-run-checkers-on-.patch
Patch0225: 0225-grub-module-verifier-report-the-filename-or-modname-.patch
Patch0226: 0226-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch
Patch0227: 0227-Rework-how-the-fdt-command-builds.patch
Patch0228: 0228-Disable-non-wordsize-allocations-on-arm.patch
Patch0229: 0229-strip-R-.note.gnu.property-at-more-places.patch
Patch0230: 0230-Prepend-prefix-when-HTTP-path-is-relative.patch
Patch0231: 0231-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch
Patch0232: 0232-Mark-some-unused-stuff-unused.patch
Patch0233: 0233-Make-grub_error-more-verbose.patch
Patch0234: 0234-Make-reset-an-alias-for-the-reboot-command.patch
Patch0235: 0235-EFI-more-debug-output-on-GOP-and-UGA-probing.patch
Patch0236: 0236-Add-a-version-command.patch
Patch0237: 0237-Add-more-dprintf-and-nerf-dprintf-in-script.c.patch
Patch0238: 0238-arm-arm64-loader-Better-memory-allocation-and-error-.patch
Patch0239: 0239-Try-to-pick-better-locations-for-kernel-and-initrd.patch
Patch0216: 0216-efinet-also-use-the-firmware-acceleration-for-http.patch
Patch0217: 0217-efi-http-Make-root_url-reflect-the-protocol-hostname.patch
Patch0218: 0218-Disable-multiboot-multiboot2-and-linux16-modules-on-.patch
Patch0219: 0219-Force-everything-to-use-python3.patch
Patch0220: 0220-Fix-an-8-year-old-typo.patch
Patch0221: 0221-autogen-don-t-run-autoreconf-in-the-topdir.patch
Patch0222: 0222-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch
Patch0223: 0223-module-verifier-make-it-possible-to-run-checkers-on-.patch
Patch0224: 0224-grub-module-verifier-report-the-filename-or-modname-.patch
Patch0225: 0225-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch
Patch0226: 0226-Rework-how-the-fdt-command-builds.patch
Patch0227: 0227-Disable-non-wordsize-allocations-on-arm.patch
Patch0228: 0228-strip-R-.note.gnu.property-at-more-places.patch
Patch0229: 0229-Prepend-prefix-when-HTTP-path-is-relative.patch
Patch0230: 0230-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch
Patch0231: 0231-Mark-some-unused-stuff-unused.patch
Patch0232: 0232-Make-grub_error-more-verbose.patch
Patch0233: 0233-Make-reset-an-alias-for-the-reboot-command.patch
Patch0234: 0234-EFI-more-debug-output-on-GOP-and-UGA-probing.patch
Patch0235: 0235-Add-a-version-command.patch
Patch0236: 0236-Add-more-dprintf-and-nerf-dprintf-in-script.c.patch
Patch0237: 0237-arm-arm64-loader-Better-memory-allocation-and-error-.patch
Patch0238: 0238-Try-to-pick-better-locations-for-kernel-and-initrd.patch
Patch0239: 0239-grub-boot-success.timer-Add-a-few-Conditions-for-run.patch
Patch0240: 0240-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch
Patch0241: 0241-Reimplement-boot_counter.patch

View File

@ -7,7 +7,7 @@
Name: grub2
Epoch: 1
Version: 2.02
Release: 57%{?dist}
Release: 62%{?dist}
Summary: Bootloader with support for Linux, Multiboot and more
Group: System Environment/Base
License: GPLv3+
@ -223,9 +223,6 @@ install -D -m 0755 -t %{buildroot}%{_prefix}/lib/kernel/install.d/ %{SOURCE9}
install -d -m 0755 %{buildroot}%{_sysconfdir}/kernel/install.d/
install -m 0644 /dev/null %{buildroot}%{_sysconfdir}/kernel/install.d/20-grubby.install
install -m 0644 /dev/null %{buildroot}%{_sysconfdir}/kernel/install.d/90-loaderentry.install
# Install grub2-set-bootflag polkit policy
install -D -m 0755 -t %{buildroot}%{_datadir}/polkit-1/actions \
docs/org.gnu.grub.policy
# Install systemd user service to set the boot_success flag
install -D -m 0755 -t %{buildroot}%{_userunitdir} \
docs/grub-boot-success.{timer,service}
@ -366,7 +363,7 @@ fi
%files tools-minimal
%{_sysconfdir}/prelink.conf.d/grub2.conf
%{_sbindir}/%{name}-get-kernel-settings
%{_sbindir}/%{name}-set-bootflag
%attr(4755, root, root) %{_sbindir}/%{name}-set-bootflag
%{_sbindir}/%{name}-set-default
%{_sbindir}/%{name}-set*password
%{_bindir}/%{name}-editenv
@ -389,8 +386,8 @@ fi
%files tools
%attr(0644,root,root) %ghost %config(noreplace) %{_sysconfdir}/default/grub
%config %{_sysconfdir}/grub.d/??_*
%exclude %{_sysconfdir}/grub.d/01_fallback_counting
%{_sysconfdir}/grub.d/README
%{_datadir}/polkit-1/actions/org.gnu.grub.policy
%{_userunitdir}/grub-boot-success.timer
%{_userunitdir}/grub-boot-success.service
%{_userunitdir}/timers.target.wants
@ -498,6 +495,31 @@ fi
%endif
%changelog
* Thu Oct 04 2018 Peter Jones <pjones@redhat.com> - 2.02-62
- Exclude /etc/grub.d/01_fallback_counting until we work through some design
questions.
Resolves: rhbz#1614637
* Wed Oct 03 2018 Peter Jones <pjones@redhat.com> - 2.02-61
- Fix the fallback counting script even harder. Apparently, this wasn't
tested well enough.
Resolves: rhbz#1614637
* Tue Oct 02 2018 Peter Jones <pjones@redhat.com> - 2.02-60
- Fix grub.cfg boot counting snippet generation (lorbus)
Resolves: rhbz#1614637
* Fri Sep 14 2018 Hans de Goede <hdegoede@redhat.com> - 2.02-59
- Stop using pkexec for grub2-set-bootflag, it does not work under gdm
instead make it suid root (it was written with this in mind)
* Wed Sep 12 2018 Peter Jones <pjones@redhat.com> - 2.02-58
- Add 2 conditions to boot-success timer and service:
- Don't run it for system users
Resolves: rhbz#1592201
- Don't run it when pkexec isn't available
Resolves: rhbz#1619445
* Tue Sep 11 2018 Peter Jones <pjones@redhat.com> - 2.02-57
- Limit grub_malloc() on x86_64 to < 31bit addresses, as some devices seem to
have a colossally broken storage controller (or UEFI driver) that can't do