Re: [PATCH] Fix grub-mkconfig detecting .sig files as system images

[Jordan Glover]

I'm re-sending this patch and i try to make it clearer this time.

When you install grub with grub-install --pubkey option and set "check_signatures" in grub.cfg,

you can sign and verify kernel images loaded by grub. Unfortunately grub-mkconfig detects

detached signatures with ".sig" extension as valid kernel images and adds them to menuentry

in grub.cfg.

It means for every signed kernel image grub adds two entries in menu and one of

them is obviously invalid. Below are two example files which will be detected as two kernel

images instead of one:

/boot/vmlinuz-4.9-x86_64

/boot/vmlinuz-4.9-x86_64.sig

My patch fixes this behavior by adding ".sig" filename extension to already exiting blacklist.

Jordan

------------------

grub-mkconfig detects detached RSA signatures for kernel images used for signature checking as valid images and adds them to grub.cfg
as separete menuentries. This patch adds .sig extension to common blacklist.

Signed-off-by: Jordan Glover <address@hidden>
---
 util/grub-mkconfig_lib.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in
index 60b31ca..0f801ca 100644
--- a/util/grub-mkconfig_lib.in
+++ b/util/grub-mkconfig_lib.in
@@ -188,6 +188,7 @@ grub_file_is_not_garbage ()
       *.dpkg-*) return 1 ;; # debian dpkg
       *.rpmsave|*.rpmnew) return 1 ;;
       README*|*/README*)  return 1 ;; # documentation
+      *.sig) return 1 ;; # signatures
     esac
   else
     return 1
--
2.15.0

grub-mkconfig-add-.sig-files-to-garbage-blacklist.patch
Description: Text Data