grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v4 4/4] Add (multiple) -k, --pubkey=FILE support to installation

From: Jon McCune
Subject: [PATCH v4 4/4] Add (multiple) -k, --pubkey=FILE support to installation commands.
Date: Tue, 24 Sep 2013 19:00:32 -0700 
Passes along one or more public keys to the grub-mkimage invocation.
Impacts grub-install, grub-mkrescue, grub-mkstandalone, grub-mknetdir.

Tested with 'make check' to the best of my ability. Failures (both
before and after the changes proposed in this patch set, i.e.,
unchanged by this patch set):
gettext_strings_test, fddboot_test, grub_func_test

This also introduces a quote () utility function to quote arbitrary
argument strings in a way that is POSIX compatible. Such strings
require 'eval' to be parsed properly. Quote function and help with
appropriate use of eval thanks to dalias (the author of:
http://www.etalabs.net/sh_tricks.html )

Signed-off-by: Jon McCune <address@hidden>
---
 util/grub-install.in      |  8 ++++----
 util/grub-install_header  | 17 +++++++++++++++++
 util/grub-mknetdir.in     |  2 +-
 util/grub-mkrescue.in     | 12 ++++++------
 util/grub-mkstandalone.in |  2 +-
 5 files changed, 29 insertions(+), 12 deletions(-)

diff --git a/util/grub-install.in b/util/grub-install.in
index 1816bb1..25a903f 100644
--- a/util/grub-install.in
+++ b/util/grub-install.in
@@ -651,9 +651,9 @@ case "${grub_modinfo_target_cpu}-${grub_modinfo_platform}" 
in
 esac
 
 if [ x"$config_opt_file" = x ]; then
-    "$grub_mkimage" -d "${source_directory}" -O "${mkimage_target}" 
--output="${grubdir}/${grub_modinfo_target_cpu}-$grub_modinfo_platform/core.${imgext}"
 --prefix="${prefix_drive}${relative_grubdir}" $grub_decompression_module 
$modules || exit 1
+    eval "$(quote "$grub_mkimage") $pubkey_file_args -d $(quote 
"${source_directory}") -O $(quote "${mkimage_target}") $(quote 
--output="${grubdir}/${grub_modinfo_target_cpu}-$grub_modinfo_platform/core.${imgext}")
 $(quote --prefix="${prefix_drive}${relative_grubdir}") 
$grub_decompression_module $modules" || exit 1
 else
-    "$grub_mkimage" -c "${config_opt_file}" -d "${source_directory}" -O 
"${mkimage_target}" 
--output="${grubdir}/${grub_modinfo_target_cpu}-$grub_modinfo_platform/core.${imgext}"
 --prefix="${prefix_drive}${relative_grubdir}" $grub_decompression_module 
$modules || exit 1
+    eval "$(quote "$grub_mkimage") -c $(quote "${config_opt_file}") 
$pubkey_file_args -d $(quote "${source_directory}") -O $(quote 
"${mkimage_target}") $(quote 
--output="${grubdir}/${grub_modinfo_target_cpu}-$grub_modinfo_platform/core.${imgext}")
 $(quote --prefix="${prefix_drive}${relative_grubdir}") 
$grub_decompression_module $modules" || exit 1
 fi
 
 # Backward-compatibility kludges
@@ -664,9 +664,9 @@ elif [ 
"${grub_modinfo_target_cpu}-${grub_modinfo_platform}" = "i386-ieee1275" ]
 elif [ "${grub_modinfo_target_cpu}-${grub_modinfo_platform}" = "i386-efi" ] || 
[ "${grub_modinfo_target_cpu}-${grub_modinfo_platform}" = "x86_64-efi" ]; then
 
     if [ x"$config_opt_file" = x ]; then
-       "$grub_mkimage" -d "${source_directory}" -O "${mkimage_target}" 
--output="${grubdir}/${grub_modinfo_target_cpu}-$grub_modinfo_platform/grub.efi"
 --prefix="" $grub_decompression_module $modules || exit 1
+        eval "$(quote "$grub_mkimage") $pubkey_file_args -d $(quote 
"${source_directory}") -O $(quote "${mkimage_target}") $(quote 
--output="${grubdir}/${grub_modinfo_target_cpu}-$grub_modinfo_platform/grub.efi")
 $(quote --prefix="") $grub_decompression_module $modules" || exit 1
     else
-       "$grub_mkimage" -c "${config_opt_file}" -d "${source_directory}" -O 
"${mkimage_target}" 
--output="${grubdir}/${grub_modinfo_target_cpu}-$grub_modinfo_platform/grub.efi"
 --prefix="" $grub_decompression_module $modules || exit 1
+        eval "$(quote "$grub_mkimage") -c $(quote "${config_opt_file}") 
$pubkey_file_args -d $(quote "${source_directory}") -O $(quote 
"${mkimage_target}") $(quote 
--output="${grubdir}/${grub_modinfo_target_cpu}-$grub_modinfo_platform/grub.efi")
 $(quote --prefix="") $grub_decompression_module $modules" || exit 1
     fi
 fi
 
diff --git a/util/grub-install_header b/util/grub-install_header
index cf7fa9d..87550f6 100644
--- a/util/grub-install_header
+++ b/util/grub-install_header
@@ -44,6 +44,11 @@ handler.lst video.lst crypto.lst terminal.lst"
 
 grub_mkimage="${bindir}/@grub_mkimage@"
 
+# Thanks to http://www.etalabs.net/sh_tricks.html
+quote () {
+    printf %s\\n "$1" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/"
+}
+
 grub_compress_file () {
     if [ "$compressor" != "" ] ; then
         "$compressor" $compressor_opts "$1" > "$2"
@@ -156,6 +161,7 @@ grub_print_install_files_help () {
     dir_msg="$(gettext_printf "use images and modules under DIR 
[default=%s/<platform>]" "${libdir}/@PACKAGE@")"
     print_option_help "-d, --directory=$(gettext "DIR")" "$dir_msg"
     print_option_help  "--grub-mkimage=$(gettext "FILE")" "$(gettext "use FILE 
as grub-mkimage")"
+    print_option_help  "-k, --pubkey=$(gettext "FILE")" "$(gettext "embed FILE 
as public key for signature checking")"
     print_option_help "-v, --version" "$(gettext "print the version 
information and exit")"
 }
 
@@ -168,6 +174,7 @@ grub_decompression_module=""
 compressor=""
 compressor_opts=""
 source_directory=""
+pubkey_file_args=""
 
 argument () {
   opt=$1
@@ -245,6 +252,16 @@ grub_process_install_options () {
            grub_mkimage=`argument $option "$@"`; 
grub_process_install_options_consumed=2 ;;
         --grub-mkimage=*)
            grub_mkimage=`echo "$option" | sed 
's/--grub-mkimage=//'`;grub_process_install_options_consumed=1 ;;
+       --pubkey | -k)
+        new_pubkey_file=`argument $option "$@"`
+        new_pubkey_file_quoted=`quote "$new_pubkey_file"`
+        pubkey_file_args="$pubkey_file_args --pubkey $new_pubkey_file_quoted"
+           grub_process_install_options_consumed=2;;
+       --pubkey=*)
+        new_pubkey_file=`printf "%s" "$option" | sed 's/--pubkey=//'`
+        new_pubkey_file_quoted=`quote "$new_pubkey_file"`
+        pubkey_file_args="$pubkey_file_args --pubkey $new_pubkey_file_quoted"
+        grub_process_install_options_consumed=1;;
         --modules)
            modules=`argument $option "$@"`; 
grub_process_install_options_consumed=2;;
         --modules=*)
diff --git a/util/grub-mknetdir.in b/util/grub-mknetdir.in
index b7b59da..a573449 100644
--- a/util/grub-mknetdir.in
+++ b/util/grub-mknetdir.in
@@ -146,7 +146,7 @@ process_input_dir ()
 source ${subdir}/grub.cfg
 EOF
 
-    "$grub_mkimage" ${config_opt} -d "${input_dir}" -O ${mkimage_target} 
"--output=${grubdir}/core.$ext" "--prefix=$prefix" $modules 
$grub_decompression_module $netmodules tftp || exit 1
+    eval "$(quote "$grub_mkimage") ${config_opt} -d $(quote "${input_dir}") -O 
${mkimage_target} $(quote "--output=${grubdir}/core.$ext") $(quote 
"--prefix=$prefix") $modules $grub_decompression_module $netmodules tftp" || 
exit 1
     # TRANSLATORS: First %s is replaced by platform name. Second one by 
filename.
     gettext_printf "Netboot directory for %s created. Configure your DHCP 
server to point to %s\n" "${platform}" "${subdir}/${platform}/core.$ext"
 }
diff --git a/util/grub-mkrescue.in b/util/grub-mkrescue.in
index 0adde3b..18be94c 100644
--- a/util/grub-mkrescue.in
+++ b/util/grub-mkrescue.in
@@ -209,8 +209,8 @@ EOF
         echo "insmod $i"
     done ; ) > "${load_cfg}"
 
-    "$grub_mkimage" -O ${platform} -d "${source_directory}" -c "${load_cfg}" 
-o "$3" \
-        $grub_decompression_module search iso9660 $4
+    eval "$(quote "$grub_mkimage") $pubkey_file_args -O ${platform} -d $(quote 
"${source_directory}") -c $(quote "${load_cfg}") -o $(quote "$3") \
+        $grub_decompression_module search iso9660 $4"
     rm -rf "${load_cfg}"
 }
 
@@ -224,8 +224,8 @@ make_image_fwdisk ()
 
     gettext_printf "Enabling %s support ...\n" "$2"
 
-    "$grub_mkimage" -O ${platform} -d "${source_directory}" -p '()/boot/grub' 
-o "$3" \
-        $grub_decompression_module iso9660 $4
+    eval "$(quote "$grub_mkimage") $pubkey_file_args -O ${platform} -d $(quote 
"${source_directory}") -p '()/boot/grub' -o $(quote "$3") \
+        $grub_decompression_module iso9660 $4"
 }
 
 if [ "${source_directory}" = "" ] ; then
@@ -335,8 +335,8 @@ if test -e "${pc_dir}" ; then
         echo "insmod $i"
     done ;) > "${load_cfg}"
 
-    "$grub_mkimage" -O i386-pc -d "${pc_dir}/" -o "${core_img}" -c "$load_cfg" 
--prefix=/boot/grub \
-        $grub_decompression_module iso9660 biosdisk
+    eval "$(quote "$grub_mkimage") $pubkey_file_args -O i386-pc -d $(quote 
"${pc_dir}/") -o $(quote "${core_img}") -c $(quote "$load_cfg") 
--prefix=/boot/grub \
+        $grub_decompression_module iso9660 biosdisk"
     cat "${pc_dir}/cdboot.img" "${core_img}" > 
"${iso9660_dir}/boot/grub/i386-pc/eltorito.img"
 
     grub_mkisofs_arguments="${grub_mkisofs_arguments} -b 
boot/grub/i386-pc/eltorito.img -no-emul-boot -boot-load-size 4 -boot-info-table"
diff --git a/util/grub-mkstandalone.in b/util/grub-mkstandalone.in
index b692c48..6e62a3f 100644
--- a/util/grub-mkstandalone.in
+++ b/util/grub-mkstandalone.in
@@ -124,7 +124,7 @@ memdisk_img=`mktemp "${TMPDIR:-/tmp}/tmp.XXXXXXXXXX"` || 
exit 1
 
 (cd "${memdisk_dir}"; tar -cf - * $source) > "${memdisk_img}"
 rm -rf "${memdisk_dir}"
-"$grub_mkimage" -O "${format}" -C "$compression" -d "${source_directory}" -m 
"${memdisk_img}" -o "$output_image" --prefix='(memdisk)/boot/grub' memdisk tar 
$grub_decompression_module $modules
+eval "$(quote "$grub_mkimage") -O $(quote "${format}") -C $(quote 
"$compression") -d $(quote "${source_directory}") -m $(quote "${memdisk_img}") 
-o $(quote "$output_image") --prefix='(memdisk)/boot/grub' memdisk tar 
$grub_decompression_module $modules"
 rm -rf "${memdisk_img}"
 
 exit 0
-- 
1.8.4
reply via email to
[Prev in Thread] Current Thread [Next in Thread]