On Tue, Mar 09, 2021 at 10:10:14PM +0100, Philip Müller wrote:
> - disable os-prober by default in grub-mkconfig.in by setting
> GRUB_DISABLE_OS_PROBER to true
> - fixes logic in 30_os-prober.in
> - update grub_warn() lines
>
> Reason for code shuffle in grub-mkconfig.in:
>
> The default was GRUB_DISABLE_OS_PROBER=false if you don't set
> GRUB_DISABLE_OS_PROBER at all. To prevent os-prober from starting
> we have to set it by default to true and shuffle GRUB_DISABLE_OS_PROBER
> to code section, which is executed by the script. However we stil give
> the option to the user to overwrite it with false, if he wants to execute
> os-prober after all.
>
> Everyone who added GRUB_DISABLE_OS_PROBER=true in grub.cfg can remove
> it by now.
>
> Fixes: e3464147 templates: Disable the os-prober by default
>
> Signed-off-by: Philip Müller <ph...@manjaro.org>
Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com>
Daniel
> ---
> util/grub-mkconfig.in | 5 ++++-
> util/grub.d/30_os-prober.in | 2 +-
> 2 files changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
> index d3e879b8e..f8cbb8d7a 100644
> --- a/util/grub-mkconfig.in
> +++ b/util/grub-mkconfig.in
> @@ -140,6 +140,9 @@ GRUB_DEVICE_PARTUUID="`${grub_probe} --device
> ${GRUB_DEVICE} --target=partuuid 2
> GRUB_DEVICE_BOOT="`${grub_probe} --target=device /boot`"
> GRUB_DEVICE_BOOT_UUID="`${grub_probe} --device ${GRUB_DEVICE_BOOT}
> --target=fs_uuid 2> /dev/null`" || true
>
> +# Disable os-prober by default due to security reasons.
> +GRUB_DISABLE_OS_PROBER="true"
> +
> # Filesystem for the device containing our userland. Used for stuff like
> # choosing Hurd filesystem module.
> GRUB_FS="`${grub_probe} --device ${GRUB_DEVICE} --target=fs 2> /dev/null ||
> echo unknown`"
> @@ -201,6 +204,7 @@ export GRUB_DEVICE \
> GRUB_DEVICE_PARTUUID \
> GRUB_DEVICE_BOOT \
> GRUB_DEVICE_BOOT_UUID \
> + GRUB_DISABLE_OS_PROBER \
> GRUB_FS \
> GRUB_FONT \
> GRUB_PRELOAD_MODULES \
> @@ -242,7 +246,6 @@ export GRUB_DEFAULT \
> GRUB_BACKGROUND \
> GRUB_THEME \
> GRUB_GFXPAYLOAD_LINUX \
> - GRUB_DISABLE_OS_PROBER \
> GRUB_INIT_TUNE \
> GRUB_SAVEDEFAULT \
> GRUB_ENABLE_CRYPTODISK \
> diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in
> index 80685b15f..a258ce71d 100644
> --- a/util/grub.d/30_os-prober.in
> +++ b/util/grub.d/30_os-prober.in
> @@ -26,7 +26,7 @@ export TEXTDOMAINDIR="@localedir@"
>
> . "$pkgdatadir/grub-mkconfig_lib"
>
> -if [ "x${GRUB_DISABLE_OS_PROBER}" = "xfalse" ]; then
> +if [ "x${GRUB_DISABLE_OS_PROBER}" = "xtrue" ]; then
> gettext_printf "os-prober will not be executed to detect other bootable
> partitions.\nSystems on them will not be added to the GRUB boot
> configuration.\nCheck GRUB_DISABLE_OS_PROBER documentation entry.\n"
> exit 0
> fi
>
> @@ -36,12 +36,11 @@ if ! command -v os-prober > /dev/null ||
> exit 0
> fi
>
> +grub_warn "$(gettext_printf "os-prober will be executed to detect other
> bootable partitions.\nIt's output will be used to detect bootable binaries on
> them and create new boot entries.")"
> OSPROBED="`os-prober | tr ' ' '^' | paste -s -d ' '`"
> if [ -z "${OSPROBED}" ] ; then
> # empty os-prober output, nothing doing
> exit 0
> -else
> - grub_warn "$(gettext_printf "os-prober was executed to detect other
> bootable partitions.\nIt's output will be used to detect bootable binaries on
> them and create new boot entries.")"
> fi
>
> osx_entry() {
> --
> 2.30.1
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
