From: Philip Müller Date: Tue, 9 Mar 2021 21:10:14 +0000 (+0100) Subject: templates: Properly disable the os-prober by default X-Git-Tag: grub-2.06-rc1~16 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=54e0a1bbf1e9106901a557195bb35e5e20fb3925;p=thirdparty%2Fgrub.git templates: Properly disable the os-prober by default This patch does the following: - really disables os-prober by default in the util/grub-mkconfig.in by setting GRUB_DISABLE_OS_PROBER to true, - fixes the logic in the util/grub.d/30_os-prober.in, - updates the grub_warn() lines. Reason for the code shuffling in the util/grub-mkconfig.in: The default was GRUB_DISABLE_OS_PROBER=false if you don't set GRUB_DISABLE_OS_PROBER at all. To prevent os-prober from starting we have to set it by default to true and shuffle GRUB_DISABLE_OS_PROBER to code section, which is executed by the script. However we still give an option to the user to overwrite it with false, if he wants to execute os-prober after all. Fixes: e3464147 (templates: Disable the os-prober by default) Reported-by: Didier Spaier Reported-by: Lennart Sorensen Reported-by: John Paul Adrian Glaubitz Signed-off-by: Philip Müller Reviewed-by: Daniel Kiper --- diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in index d3e879b8e..f8cbb8d7a 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -140,6 +140,9 @@ GRUB_DEVICE_PARTUUID="`${grub_probe} --device ${GRUB_DEVICE} --target=partuuid 2 GRUB_DEVICE_BOOT="`${grub_probe} --target=device /boot`" GRUB_DEVICE_BOOT_UUID="`${grub_probe} --device ${GRUB_DEVICE_BOOT} --target=fs_uuid 2> /dev/null`" || true +# Disable os-prober by default due to security reasons. +GRUB_DISABLE_OS_PROBER="true" + # Filesystem for the device containing our userland. Used for stuff like # choosing Hurd filesystem module. GRUB_FS="`${grub_probe} --device ${GRUB_DEVICE} --target=fs 2> /dev/null || echo unknown`" @@ -201,6 +204,7 @@ export GRUB_DEVICE \ GRUB_DEVICE_PARTUUID \ GRUB_DEVICE_BOOT \ GRUB_DEVICE_BOOT_UUID \ + GRUB_DISABLE_OS_PROBER \ GRUB_FS \ GRUB_FONT \ GRUB_PRELOAD_MODULES \ @@ -242,7 +246,6 @@ export GRUB_DEFAULT \ GRUB_BACKGROUND \ GRUB_THEME \ GRUB_GFXPAYLOAD_LINUX \ - GRUB_DISABLE_OS_PROBER \ GRUB_INIT_TUNE \ GRUB_SAVEDEFAULT \ GRUB_ENABLE_CRYPTODISK \ diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in index 80685b15f..946224812 100644 --- a/util/grub.d/30_os-prober.in +++ b/util/grub.d/30_os-prober.in @@ -26,8 +26,8 @@ export TEXTDOMAINDIR="@localedir@" . "$pkgdatadir/grub-mkconfig_lib" -if [ "x${GRUB_DISABLE_OS_PROBER}" = "xfalse" ]; then - gettext_printf "os-prober will not be executed to detect other bootable partitions.\nSystems on them will not be added to the GRUB boot configuration.\nCheck GRUB_DISABLE_OS_PROBER documentation entry.\n" +if [ "x${GRUB_DISABLE_OS_PROBER}" = "xtrue" ]; then + grub_warn "$(gettext_printf "os-prober will not be executed to detect other bootable partitions.\nSystems on them will not be added to the GRUB boot configuration.\nCheck GRUB_DISABLE_OS_PROBER documentation entry.")" exit 0 fi @@ -36,12 +36,12 @@ if ! command -v os-prober > /dev/null || ! command -v linux-boot-prober > /dev/n exit 0 fi +grub_warn "$(gettext_printf "os-prober will be executed to detect other bootable partitions.\nIt's output will be used to detect bootable binaries on them and create new boot entries.")" + OSPROBED="`os-prober | tr ' ' '^' | paste -s -d ' '`" if [ -z "${OSPROBED}" ] ; then # empty os-prober output, nothing doing exit 0 -else - grub_warn "$(gettext_printf "os-prober was executed to detect other bootable partitions.\nIt's output will be used to detect bootable binaries on them and create new boot entries.")" fi osx_entry() {