- disable os-prober by default in grub-mkconfig.in by setting GRUB_DISABLE_OS_PROBER to true - fixes logic in 30_os-prober.in
Reason for code shuffle in grub-mkconfig.in: The default was GRUB_DISABLE_OS_PROBER=false if you don't set GRUB_DISABLE_OS_PROBER at all. To prevent os-prober from starting we have to set it by default to true and shuffle GRUB_DISABLE_OS_PROBER to executed by the script code section, but give the option to the user to overwrite it with false, if he wants to execute os-prober after all. Everyone who added GRUB_DISABLE_OS_PROBER=true in grub.cfg can remove it by now. Fixes: e3464147 templates: Disable the os-prober by default --- util/grub-mkconfig.in | 5 ++++- util/grub.d/30_os-prober.in | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in index d3e879b8e..f8cbb8d7a 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -140,6 +140,9 @@ GRUB_DEVICE_PARTUUID="`${grub_probe} --device ${GRUB_DEVICE} --target=partuuid 2 GRUB_DEVICE_BOOT="`${grub_probe} --target=device /boot`" GRUB_DEVICE_BOOT_UUID="`${grub_probe} --device ${GRUB_DEVICE_BOOT} --target=fs_uuid 2> /dev/null`" || true +# Disable os-prober by default due to security reasons. +GRUB_DISABLE_OS_PROBER="true" + # Filesystem for the device containing our userland. Used for stuff like # choosing Hurd filesystem module. GRUB_FS="`${grub_probe} --device ${GRUB_DEVICE} --target=fs 2> /dev/null || echo unknown`" @@ -201,6 +204,7 @@ export GRUB_DEVICE \ GRUB_DEVICE_PARTUUID \ GRUB_DEVICE_BOOT \ GRUB_DEVICE_BOOT_UUID \ + GRUB_DISABLE_OS_PROBER \ GRUB_FS \ GRUB_FONT \ GRUB_PRELOAD_MODULES \ @@ -242,7 +246,6 @@ export GRUB_DEFAULT \ GRUB_BACKGROUND \ GRUB_THEME \ GRUB_GFXPAYLOAD_LINUX \ - GRUB_DISABLE_OS_PROBER \ GRUB_INIT_TUNE \ GRUB_SAVEDEFAULT \ GRUB_ENABLE_CRYPTODISK \ diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in index 80685b15f..a258ce71d 100644 --- a/util/grub.d/30_os-prober.in +++ b/util/grub.d/30_os-prober.in @@ -26,7 +26,7 @@ export TEXTDOMAINDIR="@localedir@" . "$pkgdatadir/grub-mkconfig_lib" -if [ "x${GRUB_DISABLE_OS_PROBER}" = "xfalse" ]; then +if [ "x${GRUB_DISABLE_OS_PROBER}" != "xfalse" ]; then gettext_printf "os-prober will not be executed to detect other bootable partitions.\nSystems on them will not be added to the GRUB boot configuration.\nCheck GRUB_DISABLE_OS_PROBER documentation entry.\n" exit 0 fi -- 2.30.1 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel