Your message dated Thu, 09 Feb 2023 01:49:32 +0000
with message-id <[email protected]>
and subject line Bug#1026915: fixed in grub2 2.06-8
has caused the Debian Bug report #1026915,
regarding grub-install --removable uses CD boot image instead of normal disk
boot image
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1026915: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026915
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: grub-efi-amd64-bin
Version: 2.06-3~deb11u5
Tags: patch
When installing GRUB for UEFI secure boot, "grub-install --removable"
uses the CD boot image gcd{arch}.efi.signed which is designed for CD
boot and lacks encryption, LVM and RAID support. Such image cannot read
/boot on LUKS, LVM or Linux RAID.
The attached patch uses the normal disk boot image grub{arch}.efi.signed
instead. This is now possible because the normal disk image embeds a
config file which searches grub.cfg in $prefix (/EFI/debian) then
$cmdpath (/EFI/BOOT), instead of $prefix only in previous versions. IMO
it would be better to reverse the order, cf. patch attached to bug #925309.From 304e813b0c1ff030c4d4dd896aeb46be88478763 Mon Sep 17 00:00:00 2001
From: Pascal Hambourg <[email protected]>
Date: Fri, 23 Dec 2022 12:13:20 +0100
Subject: [PATCH] Use normal signed EFI disk boot image with --removable
grub-install --removable uses the CD boot image gcd{arch}.efi.signed
which is designed for CD boot and lacks crypto, lvm and raid support.
Use the normal disk boot image grub{arch}.efi.signed instead.
---
debian/patches/install-signed.patch | 17 +++++++----------
1 file changed, 7 insertions(+), 10 deletions(-)
diff --git a/debian/patches/install-signed.patch b/debian/patches/install-signed.patch
index bfeb3a938..2a5329f13 100644
--- a/debian/patches/install-signed.patch
+++ b/debian/patches/install-signed.patch
@@ -11,15 +11,15 @@ Author: Steve Langasek <[email protected]>
Author: Linn Crosetto <[email protected]>
Author: Mathieu Trudel-Lapierre <[email protected]>
Forwarded: no
-Last-Update: 2021-09-24
+Last-Update: 2022-12-23
Patch-Name: install-signed.patch
---
- util/grub-install.c | 212 ++++++++++++++++++++++++++++++++------------
- 1 file changed, 153 insertions(+), 59 deletions(-)
+ util/grub-install.c | 209 +++++++++++++++++++++++++++++++-------------
+ 1 file changed, 150 insertions(+), 59 deletions(-)
diff --git a/util/grub-install.c b/util/grub-install.c
-index 48e2d3779..f49c78d0b 100644
+index 48e2d3779..a18a35ac8 100644
--- a/util/grub-install.c
+++ b/util/grub-install.c
@@ -80,6 +80,7 @@ static char *label_color;
@@ -192,7 +192,7 @@ index 48e2d3779..f49c78d0b 100644
}
t = grub_util_path_concat (3, efidir, "EFI", efi_distributor);
free (efidir);
-@@ -1376,14 +1379,41 @@ main (int argc, char *argv[])
+@@ -1376,14 +1379,38 @@ main (int argc, char *argv[])
}
}
@@ -208,10 +208,7 @@ index 48e2d3779..f49c78d0b 100644
+ {
+ char *dir = xasprintf ("%s-signed", grub_install_source_directory);
+ char *signed_image;
-+ if (removable)
-+ signed_image = xasprintf ("gcd%s.efi.signed", efi_suffix);
-+ else
-+ signed_image = xasprintf ("grub%s.efi.signed", efi_suffix);
++ signed_image = xasprintf ("grub%s.efi.signed", efi_suffix);
+ efi_signed = grub_util_path_concat (2, dir, signed_image);
+ break;
+ }
@@ -236,7 +233,7 @@ index 48e2d3779..f49c78d0b 100644
{
char *uuid = NULL;
/* generic method (used on coreboot and ata mod). */
-@@ -1941,7 +1971,71 @@ main (int argc, char *argv[])
+@@ -1941,7 +1968,71 @@ main (int argc, char *argv[])
case GRUB_INSTALL_PLATFORM_IA64_EFI:
{
char *dst = grub_util_path_concat (2, efidir, efi_file);
--
2.30.2
--- End Message ---
--- Begin Message ---
Source: grub2
Source-Version: 2.06-8
Done: Steve McIntyre <[email protected]>
We believe that the bug you reported is fixed in the latest version of
grub2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve McIntyre <[email protected]> (supplier of updated grub2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 09 Feb 2023 01:09:00 +0000
Source: grub2
Architecture: source
Version: 2.06-8
Distribution: unstable
Urgency: medium
Maintainer: GRUB Maintainers <[email protected]>
Changed-By: Steve McIntyre <[email protected]>
Closes: 1001414 1016737 1021846 1022184 1026092 1026915 1030846
Changes:
grub2 (2.06-8) unstable; urgency=medium
.
[ Steve McIntyre ]
* Fix an issue in an f2fs security fix which caused mount
failures. Closes: #1021846. Thanks to программист некто for helping
to debug the problem!
* Switch build-deps from gcc-10 to gcc-12. Closes: #1022184
* Include upstream patch to enable EFI zboot support on arm64.
Closes: #1026092
* grub-mkconfig: Restore umask for the grub.cfg. CVE-2021-3981
Closes: #1001414
* postinst: be more verbose when using grub-install to install onto
devices.
* /etc/default/grub: Fix comment about text-mode console.
Fixes #845683
* grub-install: Don't install the shim fallback program when called
with --removable. Closes: #1016737
* grub-install: Don't use our grub CD EFI image for --removable.
Closes: #1026915. Thanks to Pascal Hambourg for the patch.
* Ignore some new ext2 flags to stay compatible with latest mke2fs
defaults. Closes: #1030846
.
[ Colin Watson ]
* Remove myself from Uploaders.
Checksums-Sha1:
234753e3ff9b53eff02161d83d6e177ac2bea2ed 7057 grub2_2.06-8.dsc
1770e37881e16a8b08ecc321fd3d4b50eca0f771 1101464 grub2_2.06-8.debian.tar.xz
d3e91594aa51d1aea8516811810d2769708e5619 13110 grub2_2.06-8_source.buildinfo
Checksums-Sha256:
a466fccc73504ea37c08837eeaa7a541e8ea4745447eb497482a66c81a5c87de 7057
grub2_2.06-8.dsc
d16aa0de7efa01a7c6fa6982b233cd1943163bb4a6502f29a039f75387494c52 1101464
grub2_2.06-8.debian.tar.xz
3b8af19ce295e23fc048a887f2449dfbd6f2de761865a87d3e0c3bc43f1d41c8 13110
grub2_2.06-8_source.buildinfo
Files:
40d4cb35d00c64655f6b49d5f53024f8 7057 admin optional grub2_2.06-8.dsc
42b799b299def7faacd651b78637ab2f 1101464 admin optional
grub2_2.06-8.debian.tar.xz
41eaddffeaca3810c78a52db342d1a9f 13110 admin optional
grub2_2.06-8_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCAAvFiEEzrtSMB1hfpEDkP4WWHl5VzRCaE4FAmPkTaQRHDkzc2FtQGRl
Ymlhbi5vcmcACgkQWHl5VzRCaE6/LBAAlUiw6/cPFU8fIq6szxJ4rJjNjUNPdpz1
WKTY1ewjqiLg75dTuWdZeLB6rHFeC6uWXw+P/zy3P9x95PScQ6g8AgeIDaHlBL6W
m2Cy9zYpAPSBzC5mHaAjqis7YOBUUiRm7URIURrq1SODYP86w0jVP0ow5wM4PoBA
ERkkhsWUG6ZSC5lW1nGuPo30k+lrB5euBe6xYwyssFg7h+frDdx1QEIKA2Ta3fS1
aiZEM9FBIART++7Bjv1AIcjqUeRqgz3Wan6GLvtf6IJ4lYtliP39LwELgCDf43o2
6UK2/9uJ/WB5L/F1lx/kVA07+H/icXO2WVYWFLKjzLouclQFaRg3JDj69BAjr+o0
8xpafGa++WH8ItICFx/xmiyOWbQo2jUYonjk/4sd2jaIDHueLj9KszwC1KtSsuTJ
YYpjMitUf7vH+LSWztTdJ+DSPuql4my1Y+nTUBnO5T4qOXjLuiRWP6mNLHBYZfgM
r8PQLSQ2rDKBohUk9kslcchT38tx9CHLBQvwkHSu8lnQ7tAZXYtPVbHyyJrcu5Te
wO1HgnZsgRuJNZQwa6Jk/T6MnivAIZkqaz+8BoaknrbHmUeyGnslSINL7vxYxxe+
kMWdXGyGgf4JbS7f6nOvEg3EB/le9cEP/H/MRtRYtvsrEMiptdOa5B68Gy3+g7/F
FzZ5po4425c=
=CS7I
-----END PGP SIGNATURE-----
--- End Message ---
