]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blobdiff - lfs/grub
projects / people / pmueller / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'master' into kernel-4.9
[people/pmueller/ipfire-2.x.git] / lfs / grub
diff --git a/lfs/grub b/lfs/grub
index a054b8e50b73df89a574aecd0052d0bd47286772..8b82189fce16a7015a7e13355a3ee2555f03a2da 100644 (file)
--- a/lfs/grub
+++ b/lfs/grub
@@ -80,6 +80,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub-2.00_disable_vga_fallback.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub2-remove-gets.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub-2.00_ignore_missing_symtab.patch
        cd $(DIR_APP) && \
                ./configure \
                        --prefix=/usr \
@@ -100,6 +101,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        -mkdir -pv /etc/default
        install -m 644 $(DIR_SRC)/config/grub2/default /etc/default/grub
 
+       # Disable hardening.
+       paxctl -Cmpes /usr/sbin/grub-bios-setup /usr/sbin/grub-probe
+       paxctl -Cmpexs /usr/bin/grub-script-check
+
        # We don't need to install unifont just to generate a grub2 compatible
        # font archive for the graphical boot menu. The following command only
        # converts Latin-1, Latin Extended A+B, Arrows, Box and Block characters.
Peter's tree of IPFire 2.x