[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] Fix grub-mkconfig detecting .sig files as system images
From: |
Jordan Glover |
Subject: |
Re: [PATCH] Fix grub-mkconfig detecting .sig files as system images |
Date: |
Wed, 01 Nov 2017 15:27:20 -0400 |
I'm re-sending this patch and i try to make it clearer this time.
When you install grub with grub-install --pubkey option and set "check_signatures" in grub.cfg,
you can sign and verify kernel images loaded by grub. Unfortunately grub-mkconfig detects
detached signatures with ".sig" extension as valid kernel images and adds them to menuentry
in grub.cfg.
It means for every signed kernel image grub adds two entries in menu and one of
them is obviously invalid. Below are two example files which will be detected as two kernel
images instead of one:
/boot/vmlinuz-4.9-x86_64
/boot/vmlinuz-4.9-x86_64.sig
My patch fixes this behavior by adding ".sig" filename extension to already exiting blacklist.
Jordan
------------------
grub-mkconfig detects detached RSA signatures for kernel images used for signature checking as valid images and adds them to grub.cfg
as separete menuentries. This patch adds .sig extension to common blacklist.
Signed-off-by: Jordan Glover <address@hidden>
---
util/grub-mkconfig_lib.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in
index 60b31ca..0f801ca 100644
--- a/util/grub-mkconfig_lib.in
+++ b/util/grub-mkconfig_lib.in
@@ -188,6 +188,7 @@ grub_file_is_not_garbage ()
*.dpkg-*) return 1 ;; # debian dpkg
*.rpmsave|*.rpmnew) return 1 ;;
README*|*/README*) return 1 ;; # documentation
+ *.sig) return 1 ;; # signatures
esac
else
return 1
--
2.15.0
grub-mkconfig-add-.sig-files-to-garbage-blacklist.patch
Description: Text Data
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [PATCH] Fix grub-mkconfig detecting .sig files as system images,
Jordan Glover <=