diff options
author | Maxim Fomin | 2021-06-14 13:15:19 +0100 |
---|---|---|
committer | Maxim Fomin | 2021-06-14 13:15:19 +0100 |
commit | ef4d3eb503cc3721b9d32457b2bde7ec3d1ecd89 (patch) | |
tree | 067bfcd5478988365034ff5d8af430337d29edbb | |
parent | 1798aecbe2a573e8bf465145a4f5a0f14216dd95 (diff) | |
download | aur-ef4d3eb503cc3721b9d32457b2bde7ec3d1ecd89.tar.gz |
Update to 2.06.
-rw-r--r-- | .SRCINFO | 36 | ||||
-rw-r--r-- | 0001-00_header-add-GRUB_COLOR_-variables.patch (renamed from 0004-add-GRUB_COLOR_variables.patch) | 19 | ||||
-rw-r--r-- | 0002-10_linux-detect-archlinux-initramfs.patch (renamed from 0003-10_linux-detect-archlinux-initramfs.patch) | 21 | ||||
-rw-r--r-- | 0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch | 344 | ||||
-rw-r--r-- | 0004-Cryptomount-support-plain-dm-crypt.patch | 245 | ||||
-rw-r--r-- | 0005-Cryptomount-support-for-hyphens-in-UUID.patch | 33 | ||||
-rw-r--r-- | 0006-Cryptomount-support-for-using-whole-device-as-keyfile.patch | 2 | ||||
-rw-r--r-- | PKGBUILD | 57 | ||||
-rw-r--r-- | grub-PKGBUILD.patch | 84 | ||||
-rw-r--r-- | grub.default | 2 | ||||
-rw-r--r-- | grub.install | 15 |
11 files changed, 246 insertions, 612 deletions
@@ -1,10 +1,9 @@ pkgbase = grub-luks-keyfile pkgdesc = GNU GRand Unified Bootloader (2) with crypto extensions to support for DMCrypt and LUKS volumes with detached headers and key files. - pkgver = 2.04 + pkgver = 2.06 pkgrel = 1 epoch = 2 url = https://www.gnu.org/software/grub/ - install = grub.install arch = x86_64 license = GPL3 makedepends = git @@ -47,16 +46,14 @@ pkgbase = grub-luks-keyfile replaces = grub-emu replaces = grub-efi-x86_64 options = !makeflags - backup = boot/grub/grub.cfg backup = etc/default/grub - backup = etc/grub.d/40_custom - source = https://ftp.gnu.org/gnu/grub/grub-2.04.tar.xz - source = https://ftp.gnu.org/gnu/grub/grub-2.04.tar.xz.sig + source = https://ftp.gnu.org/gnu/grub/grub-2.06.tar.xz + source = https://ftp.gnu.org/gnu/grub/grub-2.06.tar.xz.sig source = https://git.savannah.nongnu.org/cgit/grub-extras.git/snapshot/grub-extras-f2a079441939eee7251bf141986cdd78946e1d20.tar.gz - source = https://ftp.gnu.org/gnu/unifont/unifont-12.1.02/unifont-12.1.02.bdf.gz - source = https://ftp.gnu.org/gnu/unifont/unifont-12.1.02/unifont-12.1.02.bdf.gz.sig - source = 0003-10_linux-detect-archlinux-initramfs.patch - source = 0004-add-GRUB_COLOR_variables.patch + source = https://ftp.gnu.org/gnu/unifont/unifont-13.0.06/unifont-13.0.06.bdf.gz + source = https://ftp.gnu.org/gnu/unifont/unifont-13.0.06/unifont-13.0.06.bdf.gz.sig + source = 0001-00_header-add-GRUB_COLOR_-variables.patch + source = 0002-10_linux-detect-archlinux-initramfs.patch source = 0001-Cryptomount-support-LUKS-detached-header.patch source = 0002-Cryptomount-support-key-files.patch source = 0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch @@ -67,20 +64,19 @@ pkgbase = grub-luks-keyfile validpgpkeys = E53D497F3FA42AD8C9B4D1E835A93B74E82E4209 validpgpkeys = BE5C23209ACDDACEB20DB0A28C8189F1988C2166 validpgpkeys = 95D2E9AB8740D8046387FD151A09227B1F435A33 - sha256sums = e5292496995ad42dabe843a0192cf2a2c502e7ffcc7479398232b10a472df77d + sha256sums = b79ea44af91b93d17cd3fe80bdae6ed43770678a9a5ae192ccea803ebb657ee1 sha256sums = SKIP sha256sums = 2844601914cea6b1231eca0104853a93c4d67a5209933a0766f1475953300646 - sha256sums = 04d652be1e28a6d464965c75c71ac84633085cd0960c2687466651c34c94bd89 + sha256sums = b7668a5d498972dc4981250c49f83601babce797be19b4fdd0f2f1c6cfbd0fc5 sha256sums = SKIP - sha256sums = b41e4438319136b5e74e0abdfcb64ae115393e4e15207490272c425f54026dd3 - sha256sums = a5198267ceb04dceb6d2ea7800281a42b3f91fd02da55d2cc9ea20d47273ca29 + sha256sums = ef87b27e4cef6f83c41c8a1a0401f41e22a89a130baaef8c5a832a6c99bb2683 + sha256sums = ce7e24acec78989169a136e989e07369def3dd7c727788d5038a255409ec3c35 sha256sums = b9d737d1b403b540a00a8e9c25240a06bb371da7588d3e665af8543397724698 sha256sums = 5d7060fbe9738764d2f8ebc96b43cc0bb8939c2e4e4e78b7a82a1a149ea6e837 - sha256sums = d2ad15610f5b683ca713329bbe25d43963af9386c9c8732b61cdc135843715f1 - sha256sums = e47409d04f740a71360775af25c53662386a49ea7f93ada39ed636b9ae8a0a22 - sha256sums = 7b9ff45ba6e6c1ad45e6984580393e3801ef86144e48dbe5fe97d4aa8b90706e - sha256sums = 4d2b6f5e1a50a01b127602d8537fca1152b2d1799918faaa94dc98cf7b854513 - sha256sums = 74e5dd2090a153c10a7b9599b73bb09e70fddc6a019dd41641b0f10b9d773d82 + sha256sums = 3e373bcb7847326ae14365e7443f900559f35f4f9ba2e5e69d034f4423fc45bb + sha256sums = 9ff4aba657d3826a510c57ce44d7582c4e4c72eb32a59ffd2b09e923202750ed + sha256sums = 6f58b01eb9adcc6864e09a4ecaa728f19ee2c9a7ecf4cf20fd17fc5ec327f19c + sha256sums = 4739a472c609df2528ac30e502a9f1b77fd1517af551c6bcbd35ba57b81da827 + sha256sums = ba476142f65b4b7c94bedeba55bf2aa0303a9247c4708e99abaeca22941bf20d pkgname = grub-luks-keyfile - diff --git a/0004-add-GRUB_COLOR_variables.patch b/0001-00_header-add-GRUB_COLOR_-variables.patch index c113a81d5754..8005adf3b660 100644 --- a/0004-add-GRUB_COLOR_variables.patch +++ b/0001-00_header-add-GRUB_COLOR_-variables.patch @@ -1,18 +1,27 @@ +From 21e5bcf22ab1a9f08c63e2a0212219d7482f77c1 Mon Sep 17 00:00:00 2001 +From: Christian Hesse <mail@eworm.de> +Date: Wed, 10 Mar 2021 18:42:25 +0100 +Subject: [PATCH] 00_header: add GRUB_COLOR_* variables +--- + util/grub-mkconfig.in | 2 ++ + util/grub.d/00_header.in | 8 ++++++++ + 2 files changed, 10 insertions(+) + diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index 3390ba9..c416489 100644 +index f8cbb8d7a..1189d95f9 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in -@@ -218,6 +218,8 @@ export GRUB_DEFAULT \ +@@ -246,6 +246,8 @@ export GRUB_DEFAULT \ + GRUB_BACKGROUND \ GRUB_THEME \ GRUB_GFXPAYLOAD_LINUX \ - GRUB_DISABLE_OS_PROBER \ + GRUB_COLOR_NORMAL \ + GRUB_COLOR_HIGHLIGHT \ GRUB_INIT_TUNE \ GRUB_SAVEDEFAULT \ GRUB_ENABLE_CRYPTODISK \ diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in -index d2e7252..8259f45 100644 +index 93a90233e..c5955df00 100644 --- a/util/grub.d/00_header.in +++ b/util/grub.d/00_header.in @@ -125,6 +125,14 @@ cat <<EOF @@ -29,4 +38,4 @@ index d2e7252..8259f45 100644 + serial=0; gfxterm=0; - for x in ${GRUB_TERMINAL_INPUT} ${GRUB_TERMINAL_OUTPUT}; do + for x in ${GRUB_TERMINAL_INPUT} ${GRUB_TERMINAL_OUTPUT}; do
\ No newline at end of file diff --git a/0003-10_linux-detect-archlinux-initramfs.patch b/0002-10_linux-detect-archlinux-initramfs.patch index 5cbd19f51ca9..41ab3d12f1ef 100644 --- a/0003-10_linux-detect-archlinux-initramfs.patch +++ b/0002-10_linux-detect-archlinux-initramfs.patch @@ -1,8 +1,16 @@ +From 058d08a025f9a6ec77d5ddd1fc62c7bd6abe1a52 Mon Sep 17 00:00:00 2001 +From: Christian Hesse <mail@eworm.de> +Date: Wed, 10 Mar 2021 18:40:00 +0100 +Subject: [PATCH] 10_linux: detect archlinux initramfs +--- + util/grub.d/10_linux.in | 16 +++++++++++++++- + 1 file changed, 15 insertions(+), 1 deletion(-) + diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index f5d3e78..ef59c8c 100644 +index e8b01c0d0..e703dcdb0 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in -@@ -83,6 +83,8 @@ linux_entry () +@@ -93,6 +93,8 @@ linux_entry () case $type in recovery) title="$(gettext_printf "%s, with Linux %s (recovery mode)" "${os}" "${version}")" ;; @@ -11,7 +19,7 @@ index f5d3e78..ef59c8c 100644 *) title="$(gettext_printf "%s, with Linux %s" "${os}" "${version}")" ;; esac -@@ -186,7 +188,7 @@ while [ "x$list" != "x" ] ; do +@@ -198,7 +200,7 @@ while [ "x$list" != "x" ] ; do basename=`basename $linux` dirname=`dirname $linux` rel_dirname=`make_system_path_relative_to_its_root $dirname` @@ -20,7 +28,7 @@ index f5d3e78..ef59c8c 100644 alt_version=`echo $version | sed -e "s,\.old$,,g"` linux_root_device_thisversion="${LINUX_ROOT_DEVICE}" -@@ -248,6 +250,18 @@ while [ "x$list" != "x" ] ; do +@@ -285,6 +287,18 @@ while [ "x$list" != "x" ] ; do linux_entry "${OS}" "${version}" advanced \ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" @@ -38,7 +46,4 @@ index f5d3e78..ef59c8c 100644 + if [ "x${GRUB_DISABLE_RECOVERY}" != "xtrue" ]; then linux_entry "${OS}" "${version}" recovery \ - "single ${GRUB_CMDLINE_LINUX}" --- -2.9.2 - + "single ${GRUB_CMDLINE_LINUX}"
\ No newline at end of file diff --git a/0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch b/0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch index 19ffed89ca8d..07239e95f43d 100644 --- a/0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch +++ b/0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch @@ -1,60 +1,46 @@ -From d055c1e314fa37957f169e08bea9d19c4417ed21 Mon Sep 17 00:00:00 2001 -From: John Lane <john@lane.uk.net> -Date: Fri, 26 Jun 2015 13:49:58 +0100 -Subject: [PATCH 3/7] cryptomount luks allow multiple passphrase attempts +From f42b774020839b1e07c5fa0ad7be4735d35cc705 Mon Sep 17 00:00:00 2001 +From: Maxim Fomin <maxim@fomin.one> +Date: Fri, 8 Jan 2021 20:00:31 +0000 +Subject: [PATCH] Support for multiple LUKS passphrase attempts --- - grub-core/disk/luks.c | 278 ++++++++++++++++++++++++++------------------------ - 1 file changed, 143 insertions(+), 135 deletions(-) + grub-core/disk/luks.c | 273 ++++++++++++++++++++++-------------------- + 1 file changed, 141 insertions(+), 132 deletions(-) diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c -index 588236888..11e437edb 100644 +index eea85338d..3f98df287 100644 --- a/grub-core/disk/luks.c +++ b/grub-core/disk/luks.c -@@ -321,10 +321,10 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, +@@ -34,6 +34,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); - static grub_err_t - luks_recover_key (grub_disk_t source, -- grub_cryptodisk_t dev, -- grub_file_t hdr, -- grub_uint8_t *keyfile_bytes, -- grub_size_t keyfile_bytes_size) -+ grub_cryptodisk_t dev, -+ grub_file_t hdr, -+ grub_uint8_t *keyfile_bytes, -+ grub_size_t keyfile_bytes_size) + #define LUKS_KEY_ENABLED 0x00AC71F3 + ++#define LUKS_PASSPHRASE_ATTEMPTS 3 ++ + /* On disk LUKS header */ + struct grub_luks_phdr { - struct grub_luks_phdr header; - grub_size_t keysize; -@@ -339,6 +339,7 @@ luks_recover_key (grub_disk_t source, +@@ -182,6 +184,7 @@ luks_recover_key (grub_disk_t source, grub_size_t max_stripes = 1; char *tmp; grub_uint32_t sector; -+ unsigned attempts = 2; ++ unsigned int attempts = LUKS_PASSPHRASE_ATTEMPTS; err = GRUB_ERR_NONE; -@@ -361,151 +362,158 @@ luks_recover_key (grub_disk_t source, - - for (i = 0; i < ARRAY_SIZE (header.keyblock); i++) - if (grub_be_to_cpu32 (header.keyblock[i].active) == LUKS_KEY_ENABLED -- && grub_be_to_cpu32 (header.keyblock[i].stripes) > max_stripes) -+ && grub_be_to_cpu32 (header.keyblock[i].stripes) > max_stripes) - max_stripes = grub_be_to_cpu32 (header.keyblock[i].stripes); - - split_key = grub_malloc (keysize * max_stripes); +@@ -211,145 +214,151 @@ luks_recover_key (grub_disk_t source, if (!split_key) return grub_errno; - if (keyfile_bytes) -+ while (attempts) - { +- { - /* Use bytestring from key file as passphrase */ - passphrase = keyfile_bytes; - passphrase_length = keyfile_bytes_size; - } - else -- { ++ while (attempts) + { - /* Get the passphrase from the user. */ - tmp = NULL; - if (source->partition) @@ -67,13 +53,145 @@ index 588236888..11e437edb 100644 { - grub_free (split_key); - return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied"); -- } -- ++ /* Use bytestring from key file as passphrase */ ++ passphrase = keyfile_bytes; ++ passphrase_length = keyfile_bytes_size; ++ keyfile_bytes = NULL; /* use it only once */ ++ } ++ else ++ { ++ /* Get the passphrase from the user. */ ++ tmp = NULL; ++ if (source->partition) ++ tmp = grub_partition_get_name (source->partition); ++ grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, ++ source->partition ? "," : "", tmp ? : "", dev->uuid); ++ grub_free (tmp); ++ if (!grub_password_get (interactive_passphrase, MAX_PASSPHRASE)) ++ { ++ grub_free (split_key); ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied"); ++ } ++ ++ passphrase = (grub_uint8_t *)interactive_passphrase; ++ passphrase_length = grub_strlen (interactive_passphrase); + } + - passphrase = (grub_uint8_t *)interactive_passphrase; - passphrase_length = grub_strlen (interactive_passphrase); -- ++ /* Try to recover master key from each active keyslot. */ ++ for (i = 0; i < ARRAY_SIZE (header.keyblock); i++) ++ { ++ gcry_err_code_t gcry_err; ++ grub_uint8_t candidate_key[GRUB_CRYPTODISK_MAX_KEYLEN]; ++ grub_uint8_t digest[GRUB_CRYPTODISK_MAX_KEYLEN]; ++ ++ /* Check if keyslot is enabled. */ ++ if (grub_be_to_cpu32 (header.keyblock[i].active) != LUKS_KEY_ENABLED) ++ continue; ++ ++ grub_dprintf ("luks", "Trying keyslot %d\n", i); ++ ++ /* Calculate the PBKDF2 of the user supplied passphrase. */ ++ gcry_err = grub_crypto_pbkdf2 (dev->hash, (grub_uint8_t *) passphrase, ++ passphrase_length, ++ header.keyblock[i].passwordSalt, ++ sizeof (header.keyblock[i].passwordSalt), ++ grub_be_to_cpu32 (header.keyblock[i]. ++ passwordIterations), ++ digest, keysize); ++ ++ if (gcry_err) ++ { ++ grub_free (split_key); ++ return grub_crypto_gcry_error (gcry_err); ++ } ++ ++ grub_dprintf ("luks", "PBKDF2 done\n"); ++ ++ gcry_err = grub_cryptodisk_setkey (dev, digest, keysize); ++ if (gcry_err) ++ { ++ grub_free (split_key); ++ return grub_crypto_gcry_error (gcry_err); ++ } ++ ++ sector = grub_be_to_cpu32 (header.keyblock[i].keyMaterialOffset); ++ length = (keysize * grub_be_to_cpu32 (header.keyblock[i].stripes)); ++ ++ /* Read and decrypt the key material from the disk. */ ++ if (hdr) ++ { ++ grub_file_seek (hdr, sector * 512); ++ if (grub_file_read (hdr, split_key, length) != (grub_ssize_t)length) ++ err = GRUB_ERR_READ_ERROR; ++ } ++ else ++ err = grub_disk_read (source, sector, 0, length, split_key); ++ if (err) ++ { ++ grub_free (split_key); ++ return err; ++ } ++ ++ gcry_err = grub_cryptodisk_decrypt (dev, split_key, length, 0, ++ GRUB_LUKS1_LOG_SECTOR_SIZE); ++ if (gcry_err) ++ { ++ grub_free (split_key); ++ return grub_crypto_gcry_error (gcry_err); ++ } ++ ++ /* Merge the decrypted key material to get the candidate master key. */ ++ gcry_err = AF_merge (dev->hash, split_key, candidate_key, keysize, ++ grub_be_to_cpu32 (header.keyblock[i].stripes)); ++ if (gcry_err) ++ { ++ grub_free (split_key); ++ return grub_crypto_gcry_error (gcry_err); ++ } ++ ++ grub_dprintf ("luks", "candidate key recovered\n"); ++ ++ /* Calculate the PBKDF2 of the candidate master key. */ ++ gcry_err = grub_crypto_pbkdf2 (dev->hash, candidate_key, ++ grub_be_to_cpu32 (header.keyBytes), ++ header.mkDigestSalt, ++ sizeof (header.mkDigestSalt), ++ grub_be_to_cpu32 ++ (header.mkDigestIterations), ++ candidate_digest, ++ sizeof (candidate_digest)); ++ if (gcry_err) ++ { ++ grub_free (split_key); ++ return grub_crypto_gcry_error (gcry_err); ++ } ++ ++ /* Compare the calculated PBKDF2 to the digest stored ++ in the header to see if it's correct. */ ++ if (grub_memcmp (candidate_digest, header.mkDigest, ++ sizeof (header.mkDigest)) != 0) ++ { ++ grub_dprintf ("luks", "bad digest\n"); ++ continue; ++ } ++ ++ /* TRANSLATORS: It's a cryptographic key slot: one element of an array ++ where each element is either empty or holds a key. */ ++ grub_printf_ (N_("Slot %d opened\n"), i); ++ ++ /* Set the master key. */ ++ gcry_err = grub_cryptodisk_setkey (dev, candidate_key, keysize); ++ if (gcry_err) ++ { ++ grub_free (split_key); ++ return grub_crypto_gcry_error (gcry_err); ++ } + - } -- ++ grub_free (split_key); + - /* Try to recover master key from each active keyslot. */ - for (i = 0; i < ARRAY_SIZE (header.keyblock); i++) - { @@ -120,12 +238,9 @@ index 588236888..11e437edb 100644 - grub_file_seek (hdr, sector * 512); - if (grub_file_read (hdr, split_key, length) != (grub_ssize_t)length) - err = GRUB_ERR_READ_ERROR; -+ /* Use bytestring from key file as passphrase */ -+ passphrase = keyfile_bytes; -+ passphrase_length = keyfile_bytes_size; -+ keyfile_bytes = NULL; /* use it only once */ ++ return GRUB_ERR_NONE; } - else +- else - err = grub_disk_read (source, sector, 0, length, split_key); - if (err) - { @@ -133,7 +248,8 @@ index 588236888..11e437edb 100644 - return err; - } - -- gcry_err = grub_cryptodisk_decrypt (dev, split_key, length, 0); +- gcry_err = grub_cryptodisk_decrypt (dev, split_key, length, 0, +- GRUB_LUKS1_LOG_SECTOR_SIZE); - if (gcry_err) - { - grub_free (split_key); @@ -174,28 +290,11 @@ index 588236888..11e437edb 100644 - grub_dprintf ("luks", "bad digest\n"); - continue; - } -+ { -+ /* Get the passphrase from the user. */ -+ tmp = NULL; -+ if (source->partition) -+ tmp = grub_partition_get_name (source->partition); -+ grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, -+ source->partition ? "," : "", tmp ? : "", dev->uuid); -+ grub_free (tmp); -+ if (!grub_password_get (interactive_passphrase, MAX_PASSPHRASE)) -+ { -+ grub_free (split_key); -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied"); -+ } -+ -+ passphrase = (grub_uint8_t *)interactive_passphrase; -+ passphrase_length = grub_strlen (interactive_passphrase); - +- - /* TRANSLATORS: It's a cryptographic key slot: one element of an array - where each element is either empty or holds a key. */ - grub_printf_ (N_("Slot %d opened\n"), i); -+ } - +- - /* Set the master key. */ - gcry_err = grub_cryptodisk_setkey (dev, candidate_key, keysize); - if (gcry_err) @@ -203,127 +302,16 @@ index 588236888..11e437edb 100644 - grub_free (split_key); - return grub_crypto_gcry_error (gcry_err); - } -+ /* Try to recover master key from each active keyslot. */ -+ for (i = 0; i < ARRAY_SIZE (header.keyblock); i++) -+ { -+ gcry_err_code_t gcry_err; -+ grub_uint8_t candidate_key[GRUB_CRYPTODISK_MAX_KEYLEN]; -+ grub_uint8_t digest[GRUB_CRYPTODISK_MAX_KEYLEN]; -+ -+ /* Check if keyslot is enabled. */ -+ if (grub_be_to_cpu32 (header.keyblock[i].active) != LUKS_KEY_ENABLED) -+ continue; -+ -+ grub_dprintf ("luks", "Trying keyslot %d\n", i); -+ -+ /* Calculate the PBKDF2 of the user supplied passphrase. */ -+ gcry_err = grub_crypto_pbkdf2 (dev->hash, (grub_uint8_t *) passphrase, -+ passphrase_length, -+ header.keyblock[i].passwordSalt, -+ sizeof (header.keyblock[i].passwordSalt), -+ grub_be_to_cpu32 (header.keyblock[i]. -+ passwordIterations), -+ digest, keysize); -+ -+ if (gcry_err) -+ { -+ grub_free (split_key); -+ return grub_crypto_gcry_error (gcry_err); -+ } -+ -+ grub_dprintf ("luks", "PBKDF2 done\n"); -+ -+ gcry_err = grub_cryptodisk_setkey (dev, digest, keysize); -+ if (gcry_err) -+ { -+ grub_free (split_key); -+ return grub_crypto_gcry_error (gcry_err); -+ } -+ -+ sector = grub_be_to_cpu32 (header.keyblock[i].keyMaterialOffset); -+ length = (keysize * grub_be_to_cpu32 (header.keyblock[i].stripes)); -+ -+ /* Read and decrypt the key material from the disk. */ -+ if (hdr) -+ { -+ grub_file_seek (hdr, sector * 512); -+ if (grub_file_read (hdr, split_key, length) != (grub_ssize_t)length) -+ err = GRUB_ERR_READ_ERROR; -+ } -+ else -+ err = grub_disk_read (source, sector, 0, length, split_key); -+ if (err) -+ { -+ grub_free (split_key); -+ return err; -+ } -+ -+ gcry_err = grub_cryptodisk_decrypt (dev, split_key, length, 0); -+ if (gcry_err) -+ { -+ grub_free (split_key); -+ return grub_crypto_gcry_error (gcry_err); -+ } -+ -+ /* Merge the decrypted key material to get the candidate master key. */ -+ gcry_err = AF_merge (dev->hash, split_key, candidate_key, keysize, -+ grub_be_to_cpu32 (header.keyblock[i].stripes)); -+ if (gcry_err) -+ { -+ grub_free (split_key); -+ return grub_crypto_gcry_error (gcry_err); -+ } -+ -+ grub_dprintf ("luks", "candidate key recovered\n"); -+ -+ /* Calculate the PBKDF2 of the candidate master key. */ -+ gcry_err = grub_crypto_pbkdf2 (dev->hash, candidate_key, -+ grub_be_to_cpu32 (header.keyBytes), -+ header.mkDigestSalt, -+ sizeof (header.mkDigestSalt), -+ grub_be_to_cpu32 -+ (header.mkDigestIterations), -+ candidate_digest, -+ sizeof (candidate_digest)); -+ if (gcry_err) -+ { -+ grub_free (split_key); -+ return grub_crypto_gcry_error (gcry_err); -+ } -+ -+ /* Compare the calculated PBKDF2 to the digest stored -+ in the header to see if it's correct. */ -+ if (grub_memcmp (candidate_digest, header.mkDigest, -+ sizeof (header.mkDigest)) != 0) -+ { -+ grub_dprintf ("luks", "bad digest\n"); -+ continue; -+ } -+ -+ /* TRANSLATORS: It's a cryptographic key slot: one element of an array -+ where each element is either empty or holds a key. */ -+ grub_printf_ (N_("Slot %d opened\n"), i); -+ -+ /* Set the master key. */ -+ gcry_err = grub_cryptodisk_setkey (dev, candidate_key, keysize); -+ if (gcry_err) -+ { -+ grub_free (split_key); -+ return grub_crypto_gcry_error (gcry_err); -+ } - +- - grub_free (split_key); -+ grub_free (split_key); - +- - return GRUB_ERR_NONE; -+ return GRUB_ERR_NONE; -+ } + grub_printf_ (N_("Failed to decrypt master key.\n")); + if (--attempts) grub_printf_ (N_("%u attempt%s remaining.\n"), attempts, -+ (attempts==1) ? "" : "s"); ++ (attempts==1) ? "" : "s"); } grub_free (split_key); -- -2.16.2 +2.30.0 diff --git a/0004-Cryptomount-support-plain-dm-crypt.patch b/0004-Cryptomount-support-plain-dm-crypt.patch index 34c10d7216bb..1ea3232b9b5e 100644 --- a/0004-Cryptomount-support-plain-dm-crypt.patch +++ b/0004-Cryptomount-support-plain-dm-crypt.patch @@ -111,8 +111,8 @@ index 5261af547..7f656f75c 100644 + + dev = grub_cryptodisk_create (disk, NULL, cipher, mode, digest); + -+ dev->offset = offset; -+ if (size) dev->total_length = size; ++ dev->offset_sectors = offset; ++ if (size) dev->total_sectors = size; + + if (key) + { @@ -325,7 +325,7 @@ index 5261af547..7f656f75c 100644 + return NULL; + } + newdev->cipher = cipher; -+ newdev->offset = 0; ++ newdev->offset_sectors = 0; + newdev->source_disk = NULL; + newdev->benbi_log = benbi_log; + newdev->mode = mode; @@ -335,7 +335,7 @@ index 5261af547..7f656f75c 100644 + newdev->essiv_hash = essiv_hash; + newdev->hash = hash; + newdev->log_sector_size = 9; -+ newdev->total_length = grub_disk_get_size (disk) - newdev->offset; ++ newdev->total_sectors = grub_disk_native_sectors (disk) - newdev->offset_sectors; + grub_memcpy (newdev->uuid, uuid, sizeof (newdev->uuid)); + COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (uuid)); + @@ -357,234 +357,6 @@ diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c index 11e437edb..4ebe21b4e 100644 --- a/grub-core/disk/luks.c +++ b/grub-core/disk/luks.c -@@ -30,8 +30,6 @@ - - GRUB_MOD_LICENSE ("GPLv3+"); - --#define MAX_PASSPHRASE 256 -- - #define LUKS_KEY_ENABLED 0x00AC71F3 - - /* On disk LUKS header */ -@@ -76,15 +74,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, - char uuid[sizeof (header.uuid) + 1]; - char ciphername[sizeof (header.cipherName) + 1]; - char ciphermode[sizeof (header.cipherMode) + 1]; -- char *cipheriv = NULL; - char hashspec[sizeof (header.hashSpec) + 1]; -- grub_crypto_cipher_handle_t cipher = NULL, secondary_cipher = NULL; -- grub_crypto_cipher_handle_t essiv_cipher = NULL; -- const gcry_md_spec_t *hash = NULL, *essiv_hash = NULL; -- const struct gcry_cipher_spec *ciph; -- grub_cryptodisk_mode_t mode; -- grub_cryptodisk_mode_iv_t mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN64; -- int benbi_log = 0; - grub_err_t err; - - err = GRUB_ERR_NONE; -@@ -119,7 +109,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, - iptr++) - { - if (*iptr != '-') -- *optr++ = *iptr; -+ *optr++ = *iptr; - } - *optr = 0; - -@@ -129,6 +119,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, - return NULL; - } - -+ - /* Make sure that strings are null terminated. */ - grub_memcpy (ciphername, header.cipherName, sizeof (header.cipherName)); - ciphername[sizeof (header.cipherName)] = 0; -@@ -137,184 +128,10 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, - grub_memcpy (hashspec, header.hashSpec, sizeof (header.hashSpec)); - hashspec[sizeof (header.hashSpec)] = 0; - -- ciph = grub_crypto_lookup_cipher_by_name (ciphername); -- if (!ciph) -- { -- grub_error (GRUB_ERR_FILE_NOT_FOUND, "Cipher %s isn't available", -- ciphername); -- return NULL; -- } -- -- /* Configure the cipher used for the bulk data. */ -- cipher = grub_crypto_cipher_open (ciph); -- if (!cipher) -- return NULL; -- -- if (grub_be_to_cpu32 (header.keyBytes) > 1024) -- { -- grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid keysize %d", -- grub_be_to_cpu32 (header.keyBytes)); -- grub_crypto_cipher_close (cipher); -- return NULL; -- } -- -- /* Configure the cipher mode. */ -- if (grub_strcmp (ciphermode, "ecb") == 0) -- { -- mode = GRUB_CRYPTODISK_MODE_ECB; -- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN; -- cipheriv = NULL; -- } -- else if (grub_strcmp (ciphermode, "plain") == 0) -- { -- mode = GRUB_CRYPTODISK_MODE_CBC; -- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN; -- cipheriv = NULL; -- } -- else if (grub_memcmp (ciphermode, "cbc-", sizeof ("cbc-") - 1) == 0) -- { -- mode = GRUB_CRYPTODISK_MODE_CBC; -- cipheriv = ciphermode + sizeof ("cbc-") - 1; -- } -- else if (grub_memcmp (ciphermode, "pcbc-", sizeof ("pcbc-") - 1) == 0) -- { -- mode = GRUB_CRYPTODISK_MODE_PCBC; -- cipheriv = ciphermode + sizeof ("pcbc-") - 1; -- } -- else if (grub_memcmp (ciphermode, "xts-", sizeof ("xts-") - 1) == 0) -- { -- mode = GRUB_CRYPTODISK_MODE_XTS; -- cipheriv = ciphermode + sizeof ("xts-") - 1; -- secondary_cipher = grub_crypto_cipher_open (ciph); -- if (!secondary_cipher) -- { -- grub_crypto_cipher_close (cipher); -- return NULL; -- } -- if (cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES) -- { -- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported XTS block size: %d", -- cipher->cipher->blocksize); -- grub_crypto_cipher_close (cipher); -- grub_crypto_cipher_close (secondary_cipher); -- return NULL; -- } -- if (secondary_cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES) -- { -- grub_crypto_cipher_close (cipher); -- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported XTS block size: %d", -- secondary_cipher->cipher->blocksize); -- grub_crypto_cipher_close (secondary_cipher); -- return NULL; -- } -- } -- else if (grub_memcmp (ciphermode, "lrw-", sizeof ("lrw-") - 1) == 0) -- { -- mode = GRUB_CRYPTODISK_MODE_LRW; -- cipheriv = ciphermode + sizeof ("lrw-") - 1; -- if (cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES) -- { -- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported LRW block size: %d", -- cipher->cipher->blocksize); -- grub_crypto_cipher_close (cipher); -- return NULL; -- } -- } -- else -- { -- grub_crypto_cipher_close (cipher); -- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown cipher mode: %s", -- ciphermode); -- return NULL; -- } -- -- if (cipheriv == NULL); -- else if (grub_memcmp (cipheriv, "plain", sizeof ("plain") - 1) == 0) -- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN; -- else if (grub_memcmp (cipheriv, "plain64", sizeof ("plain64") - 1) == 0) -- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN64; -- else if (grub_memcmp (cipheriv, "benbi", sizeof ("benbi") - 1) == 0) -- { -- if (cipher->cipher->blocksize & (cipher->cipher->blocksize - 1) -- || cipher->cipher->blocksize == 0) -- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported benbi blocksize: %d", -- cipher->cipher->blocksize); -- /* FIXME should we return an error here? */ -- for (benbi_log = 0; -- (cipher->cipher->blocksize << benbi_log) < GRUB_DISK_SECTOR_SIZE; -- benbi_log++); -- mode_iv = GRUB_CRYPTODISK_MODE_IV_BENBI; -- } -- else if (grub_memcmp (cipheriv, "null", sizeof ("null") - 1) == 0) -- mode_iv = GRUB_CRYPTODISK_MODE_IV_NULL; -- else if (grub_memcmp (cipheriv, "essiv:", sizeof ("essiv:") - 1) == 0) -- { -- char *hash_str = cipheriv + 6; -- -- mode_iv = GRUB_CRYPTODISK_MODE_IV_ESSIV; -- -- /* Configure the hash and cipher used for ESSIV. */ -- essiv_hash = grub_crypto_lookup_md_by_name (hash_str); -- if (!essiv_hash) -- { -- grub_crypto_cipher_close (cipher); -- grub_crypto_cipher_close (secondary_cipher); -- grub_error (GRUB_ERR_FILE_NOT_FOUND, -- "Couldn't load %s hash", hash_str); -- return NULL; -- } -- essiv_cipher = grub_crypto_cipher_open (ciph); -- if (!essiv_cipher) -- { -- grub_crypto_cipher_close (cipher); -- grub_crypto_cipher_close (secondary_cipher); -- return NULL; -- } -- } -- else -- { -- grub_crypto_cipher_close (cipher); -- grub_crypto_cipher_close (secondary_cipher); -- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown IV mode: %s", -- cipheriv); -- return NULL; -- } -- -- /* Configure the hash used for the AF splitter and HMAC. */ -- hash = grub_crypto_lookup_md_by_name (hashspec); -- if (!hash) -- { -- grub_crypto_cipher_close (cipher); -- grub_crypto_cipher_close (essiv_cipher); -- grub_crypto_cipher_close (secondary_cipher); -- grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s hash", -- hashspec); -- return NULL; -- } -+ newdev = grub_cryptodisk_create (disk, uuid, ciphername, ciphermode, hashspec); - -- newdev = grub_zalloc (sizeof (struct grub_cryptodisk)); -- if (!newdev) -- { -- grub_crypto_cipher_close (cipher); -- grub_crypto_cipher_close (essiv_cipher); -- grub_crypto_cipher_close (secondary_cipher); -- return NULL; -- } -- newdev->cipher = cipher; - newdev->offset = grub_be_to_cpu32 (header.payloadOffset); -- newdev->source_disk = NULL; -- newdev->benbi_log = benbi_log; -- newdev->mode = mode; -- newdev->mode_iv = mode_iv; -- newdev->secondary_cipher = secondary_cipher; -- newdev->essiv_cipher = essiv_cipher; -- newdev->essiv_hash = essiv_hash; -- newdev->hash = hash; -- newdev->log_sector_size = 9; -- newdev->total_length = grub_disk_get_size (disk) - newdev->offset; -- grub_memcpy (newdev->uuid, uuid, sizeof (newdev->uuid)); - newdev->modname = "luks"; -- COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (uuid)); - - return newdev; - } @@ -329,7 +146,7 @@ luks_recover_key (grub_disk_t source, struct grub_luks_phdr header; grub_size_t keysize; @@ -594,15 +366,6 @@ index 11e437edb..4ebe21b4e 100644 grub_uint8_t *passphrase; grub_size_t passphrase_length; grub_uint8_t candidate_digest[sizeof (header.mkDigest)]; -@@ -376,7 +193,7 @@ luks_recover_key (grub_disk_t source, - /* Use bytestring from key file as passphrase */ - passphrase = keyfile_bytes; - passphrase_length = keyfile_bytes_size; -- keyfile_bytes = NULL; /* use it only once */ -+ keyfile_bytes = NULL; /* use it only once */ - } - else - { @@ -387,7 +204,7 @@ luks_recover_key (grub_disk_t source, grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, source->partition ? "," : "", tmp ? : "", dev->uuid); diff --git a/0005-Cryptomount-support-for-hyphens-in-UUID.patch b/0005-Cryptomount-support-for-hyphens-in-UUID.patch index f6ed18a66d7b..b875f66ea3ce 100644 --- a/0005-Cryptomount-support-for-hyphens-in-UUID.patch +++ b/0005-Cryptomount-support-for-hyphens-in-UUID.patch @@ -58,39 +58,6 @@ diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c index 4ebe21b4e..80a760670 100644 --- a/grub-core/disk/luks.c +++ b/grub-core/disk/luks.c -@@ -68,9 +68,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, - int check_boot, grub_file_t hdr) - { - grub_cryptodisk_t newdev; -- const char *iptr; - struct grub_luks_phdr header; -- char *optr; - char uuid[sizeof (header.uuid) + 1]; - char ciphername[sizeof (header.cipherName) + 1]; - char ciphermode[sizeof (header.cipherMode) + 1]; -@@ -104,22 +102,6 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, - || grub_be_to_cpu16 (header.version) != 1) - return NULL; - -- optr = uuid; -- for (iptr = header.uuid; iptr < &header.uuid[ARRAY_SIZE (header.uuid)]; -- iptr++) -- { -- if (*iptr != '-') -- *optr++ = *iptr; -- } -- *optr = 0; -- -- if (check_uuid && grub_strcasecmp (check_uuid, uuid) != 0) -- { -- grub_dprintf ("luks", "%s != %s\n", uuid, check_uuid); -- return NULL; -- } -- -- - /* Make sure that strings are null terminated. */ - grub_memcpy (ciphername, header.cipherName, sizeof (header.cipherName)); - ciphername[sizeof (header.cipherName)] = 0; @@ -127,6 +109,14 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, ciphermode[sizeof (header.cipherMode)] = 0; grub_memcpy (hashspec, header.hashSpec, sizeof (header.hashSpec)); diff --git a/0006-Cryptomount-support-for-using-whole-device-as-keyfile.patch b/0006-Cryptomount-support-for-using-whole-device-as-keyfile.patch index 49750f84aca2..9dd806158834 100644 --- a/0006-Cryptomount-support-for-using-whole-device-as-keyfile.patch +++ b/0006-Cryptomount-support-for-using-whole-device-as-keyfile.patch @@ -71,7 +71,7 @@ index d0388c6d1..c5d8021ba 100644 + goto cleanup_keydisk_name; + } + -+ total_sectors = grub_disk_get_size (keydisk); ++ total_sectors = grub_disk_native_sectors (keydisk); + if (total_sectors == GRUB_DISK_SIZE_UNKNOWN) + { + grub_printf (N_("Unable to determine size of disk %s\n"), keydisk_name); @@ -1,3 +1,4 @@ +# Maintainer : Maxim Fomin <maxim@fomin.one> # Maintainer : Christian Hesse <mail@eworm.de> # Maintainer : Ronald van Haren <ronald.archlinux.org> # Contributor: Tobias Powalowski <tpowa@archlinux.org> @@ -12,7 +13,7 @@ _GRUB_EMU_BUILD="0" _GRUB_EXTRAS_COMMIT="f2a079441939eee7251bf141986cdd78946e1d20" -_UNIFONT_VER="12.1.02" +_UNIFONT_VER="13.0.06" [[ "${CARCH}" == "x86_64" ]] && _EFI_ARCH="x86_64" [[ "${CARCH}" == "i686" ]] && _EFI_ARCH="i386" @@ -23,17 +24,14 @@ _UNIFONT_VER="12.1.02" _pkgname="grub" pkgname="grub-luks-keyfile" pkgdesc="GNU GRand Unified Bootloader (2) with crypto extensions to support for DMCrypt and LUKS volumes with detached headers and key files." -pkgver=2.04 +pkgver=2.06 pkgrel=1 epoch=2 url="https://www.gnu.org/software/grub/" arch=('x86_64') license=('GPL3') -backup=('boot/grub/grub.cfg' - 'etc/default/grub' - 'etc/grub.d/40_custom') -install="${_pkgname}.install" options=('!makeflags') +backup=('etc/default/grub') conflicts=('grub' 'grub-common' 'grub-bios' 'grub-emu' "grub-efi-${_EFI_ARCH}" 'grub-legacy') replaces=('grub' 'grub-common' 'grub-bios' 'grub-emu' "grub-efi-${_EFI_ARCH}") @@ -63,8 +61,8 @@ validpgpkeys=('E53D497F3FA42AD8C9B4D1E835A93B74E82E4209' # Vladimir 'phcoder' S source=("https://ftp.gnu.org/gnu/${_pkgname}/${_pkgname}-${pkgver}.tar.xz"{,.sig} "https://git.savannah.nongnu.org/cgit/grub-extras.git/snapshot/grub-extras-${_GRUB_EXTRAS_COMMIT}.tar.gz" "https://ftp.gnu.org/gnu/unifont/unifont-${_UNIFONT_VER}/unifont-${_UNIFONT_VER}.bdf.gz"{,.sig} - '0003-10_linux-detect-archlinux-initramfs.patch' - '0004-add-GRUB_COLOR_variables.patch' + '0001-00_header-add-GRUB_COLOR_-variables.patch' + '0002-10_linux-detect-archlinux-initramfs.patch' '0001-Cryptomount-support-LUKS-detached-header.patch' '0002-Cryptomount-support-key-files.patch' '0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch' @@ -73,41 +71,48 @@ source=("https://ftp.gnu.org/gnu/${_pkgname}/${_pkgname}-${pkgver}.tar.xz"{,.sig '0006-Cryptomount-support-for-using-whole-device-as-keyfile.patch' 'grub.default') -sha256sums=('e5292496995ad42dabe843a0192cf2a2c502e7ffcc7479398232b10a472df77d' +sha256sums=('b79ea44af91b93d17cd3fe80bdae6ed43770678a9a5ae192ccea803ebb657ee1' 'SKIP' '2844601914cea6b1231eca0104853a93c4d67a5209933a0766f1475953300646' - '04d652be1e28a6d464965c75c71ac84633085cd0960c2687466651c34c94bd89' + 'b7668a5d498972dc4981250c49f83601babce797be19b4fdd0f2f1c6cfbd0fc5' 'SKIP' - 'b41e4438319136b5e74e0abdfcb64ae115393e4e15207490272c425f54026dd3' - 'a5198267ceb04dceb6d2ea7800281a42b3f91fd02da55d2cc9ea20d47273ca29' + 'ef87b27e4cef6f83c41c8a1a0401f41e22a89a130baaef8c5a832a6c99bb2683' + 'ce7e24acec78989169a136e989e07369def3dd7c727788d5038a255409ec3c35' 'b9d737d1b403b540a00a8e9c25240a06bb371da7588d3e665af8543397724698' '5d7060fbe9738764d2f8ebc96b43cc0bb8939c2e4e4e78b7a82a1a149ea6e837' - 'd2ad15610f5b683ca713329bbe25d43963af9386c9c8732b61cdc135843715f1' - 'e47409d04f740a71360775af25c53662386a49ea7f93ada39ed636b9ae8a0a22' - '7b9ff45ba6e6c1ad45e6984580393e3801ef86144e48dbe5fe97d4aa8b90706e' - '4d2b6f5e1a50a01b127602d8537fca1152b2d1799918faaa94dc98cf7b854513' - '74e5dd2090a153c10a7b9599b73bb09e70fddc6a019dd41641b0f10b9d773d82') + '3e373bcb7847326ae14365e7443f900559f35f4f9ba2e5e69d034f4423fc45bb' + '9ff4aba657d3826a510c57ce44d7582c4e4c72eb32a59ffd2b09e923202750ed' + '6f58b01eb9adcc6864e09a4ecaa728f19ee2c9a7ecf4cf20fd17fc5ec327f19c' + '4739a472c609df2528ac30e502a9f1b77fd1517af551c6bcbd35ba57b81da827' + 'ba476142f65b4b7c94bedeba55bf2aa0303a9247c4708e99abaeca22941bf20d') prepare() { cd "${srcdir}/grub-${pkgver}/" - msg "Patch to detect of Arch Linux initramfs images by grub-mkconfig" - patch -Np1 -i "${srcdir}/0003-10_linux-detect-archlinux-initramfs.patch" - echo + echo "Patch to detect of Arch Linux initramfs images by grub-mkconfig..." + patch -Np1 -i "${srcdir}/0002-10_linux-detect-archlinux-initramfs.patch" - msg "Patch to enable GRUB_COLOR_* variables in grub-mkconfig" + echo "Patch to enable GRUB_COLOR_* variables in grub-mkconfig..." ## Based on http://lists.gnu.org/archive/html/grub-devel/2012-02/msg00021.html - patch -Np1 -i "${srcdir}/0004-add-GRUB_COLOR_variables.patch" - echo - - msg "Patch for adding support for DMCrypt and LUKS volumes with detached headers and key files" + patch -Np1 -i "${srcdir}/0001-00_header-add-GRUB_COLOR_-variables.patch" + + echo "Patch to enable LUKS detached header support..." patch -Np1 -i "${srcdir}/0001-Cryptomount-support-LUKS-detached-header.patch" + + echo "Patch to enable LUKS key files support ..." patch -Np1 -i "${srcdir}/0002-Cryptomount-support-key-files.patch" + + echo "Patch to enable multiple passphrase attempts support..." patch -Np1 -i "${srcdir}/0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch" + + echo "Patch to enable plain dm-crypt mode support..." patch -Np1 -i "${srcdir}/0004-Cryptomount-support-plain-dm-crypt.patch" + + echo "Patch to enable hyphens in UUID support..." patch -Np1 -i "${srcdir}/0005-Cryptomount-support-for-hyphens-in-UUID.patch" + + echo "Patch to enable whole device as keyfile support ..." patch -Np1 -i "${srcdir}/0006-Cryptomount-support-for-using-whole-device-as-keyfile.patch" - echo msg "Fix DejaVuSans.ttf location so that grub-mkfont can create *.pf2 files for starfield theme" sed 's|/usr/share/fonts/dejavu|/usr/share/fonts/dejavu /usr/share/fonts/TTF|g' -i "configure.ac" diff --git a/grub-PKGBUILD.patch b/grub-PKGBUILD.patch deleted file mode 100644 index 1ca09399ad5f..000000000000 --- a/grub-PKGBUILD.patch +++ /dev/null @@ -1,84 +0,0 @@ -diff --git a/PKGBUILD b/PKGBUILD -index 0c7a612..6493383 100644 ---- a/PKGBUILD -+++ b/PKGBUILD -@@ -19,8 +19,9 @@ _UNIFONT_VER="10.0.06" - [[ "${CARCH}" == "x86_64" ]] && _EMU_ARCH="x86_64" - [[ "${CARCH}" == "i686" ]] && _EMU_ARCH="i386" - --pkgname="grub" --pkgdesc="GNU GRand Unified Bootloader (2)" -+_pkgname="grub" -+pkgname="grub-luks-keyfile" -+pkgdesc="GNU GRand Unified Bootloader (2) with crypto extensions to support for DMCrypt and LUKS volumes with detached headers and key files." - pkgver=2.02 - pkgrel=5 - epoch=2 -@@ -30,12 +31,12 @@ license=('GPL3') - backup=('boot/grub/grub.cfg' - 'etc/default/grub' - 'etc/grub.d/40_custom') --install="${pkgname}.install" -+install="${_pkgname}.install" - options=('!makeflags') - --conflicts=('grub-common' 'grub-bios' 'grub-emu' "grub-efi-${_EFI_ARCH}" 'grub-legacy') --replaces=('grub-common' 'grub-bios' 'grub-emu' "grub-efi-${_EFI_ARCH}") --provides=('grub-common' 'grub-bios' 'grub-emu' "grub-efi-${_EFI_ARCH}") -+conflicts=('grub' 'grub-common' 'grub-bios' 'grub-emu' "grub-efi-${_EFI_ARCH}" 'grub-legacy') -+replaces=('grub' 'grub-common' 'grub-bios' 'grub-emu' "grub-efi-${_EFI_ARCH}") -+provides=('grub' 'grub-common' 'grub-bios' 'grub-emu' "grub-efi-${_EFI_ARCH}") - - makedepends=('git' 'rsync' 'xz' 'freetype2' 'ttf-dejavu' 'python' 'autogen' - 'texinfo' 'help2man' 'gettext' 'device-mapper' 'fuse2') -@@ -57,7 +58,7 @@ fi - validpgpkeys=('E53D497F3FA42AD8C9B4D1E835A93B74E82E4209' # Vladimir 'phcoder' Serbinenko <phcoder@gmail.com> - '95D2E9AB8740D8046387FD151A09227B1F435A33') # Paul Hardy <unifoundry@unifoundry.com> - --source=("https://ftp.gnu.org/gnu/${pkgname}/${pkgname}-${pkgver}.tar.xz"{,.sig} -+source=("https://ftp.gnu.org/gnu/${_pkgname}/${_pkgname}-${pkgver}.tar.xz"{,.sig} - "https://git.savannah.nongnu.org/cgit/grub-extras.git/snapshot/grub-extras-${_GRUB_EXTRAS_COMMIT}.tar.gz" - "https://ftp.gnu.org/gnu/unifont/unifont-${_UNIFONT_VER}/unifont-${_UNIFONT_VER}.bdf.gz"{,.sig} - '0003-10_linux-detect-archlinux-initramfs.patch' -@@ -66,6 +67,12 @@ source=("https://ftp.gnu.org/gnu/${pkgname}/${pkgname}-${pkgver}.tar.xz"{,.sig} - '0006-tsc-Change-default-tsc-calibration-method-to-pmtimer-on-EFI-systems.patch' - '0007-grub-mkconfig_10_linux_Support_multiple_early_initrd_images.patch' - '0008-Fix-packed-not-aligned-error-on-GCC-8.patch' -+ 'https://grub.johnlane.ie/assets/0001-Cryptomount-support-LUKS-detached-header.patch' -+ 'https://grub.johnlane.ie/assets/0002-Cryptomount-support-key-files.patch' -+ 'https://grub.johnlane.ie/assets/0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch' -+ 'https://grub.johnlane.ie/assets/0004-Cryptomount-support-plain-dm-crypt.patch' -+ 'https://grub.johnlane.ie/assets/0005-Cryptomount-support-for-hyphens-in-UUID.patch' -+ '0006-Cryptomount-support-for-using-whole-device-as-keyfile.patch::https://github.com/johnlane/grub/pull/8.patch' - 'grub.default' - 'grub.cfg') - -@@ -80,6 +87,12 @@ sha256sums=('810b3798d316394f94096ec2797909dbf23c858e48f7b3830826b8daa06b7b0f' - 'c38f2b2caae33008b35a37d8293d8bf13bf6fd779a4504925da1837fd007aeb5' - 'e43566c4fe3b1b87e677167323d4716b82ac0810410a9d8dc7fbf415c8db2b8a' - 'e84b8de569c7e6b73263758c35cf95c6516fde85d4ed451991427864f6a4e5a8' -+ 'f7790e7fd4641eed8347039ebb44b67a3f517f2bc4de213fe34d2ae887c03b92' -+ 'c1d042ca83f6ac64414f1d5df82fe324a46eaa842768fff214091b177ad30191' -+ 'd2ad15610f5b683ca713329bbe25d43963af9386c9c8732b61cdc135843715f1' -+ 'e47409d04f740a71360775af25c53662386a49ea7f93ada39ed636b9ae8a0a22' -+ '7b9ff45ba6e6c1ad45e6984580393e3801ef86144e48dbe5fe97d4aa8b90706e' -+ 'b27d252cc9a25be424416897496d85fd1aa06ebca8c4cff9c916d90aadffb855' - '74e5dd2090a153c10a7b9599b73bb09e70fddc6a019dd41641b0f10b9d773d82' - 'c5e4f3836130c6885e9273c21f057263eba53f4b7c0e2f111f6e5f2e487a47ad') - -@@ -109,6 +122,15 @@ prepare() { - msg "Fix packed-not-aligned error on GCC 8" - patch -Np1 -i "${srcdir}/0008-Fix-packed-not-aligned-error-on-GCC-8.patch" - -+ msg "Patch for adding support for DMCrypt and LUKS volumes with detached headers and key files" -+ patch -Np1 -i "${srcdir}/0001-Cryptomount-support-LUKS-detached-header.patch" -+ patch -Np1 -i "${srcdir}/0002-Cryptomount-support-key-files.patch" -+ patch -Np1 -i "${srcdir}/0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch" -+ patch -Np1 -i "${srcdir}/0004-Cryptomount-support-plain-dm-crypt.patch" -+ patch -Np1 -i "${srcdir}/0005-Cryptomount-support-for-hyphens-in-UUID.patch" -+ patch -Np1 -i "${srcdir}/0006-Cryptomount-support-for-using-whole-device-as-keyfile.patch" -+ echo -+ - msg "Fix DejaVuSans.ttf location so that grub-mkfont can create *.pf2 files for starfield theme" - sed 's|/usr/share/fonts/dejavu|/usr/share/fonts/dejavu /usr/share/fonts/TTF|g' -i "configure.ac" - diff --git a/grub.default b/grub.default index a521de425033..be82f3d25e56 100644 --- a/grub.default +++ b/grub.default @@ -10,7 +10,7 @@ GRUB_CMDLINE_LINUX="" GRUB_PRELOAD_MODULES="part_gpt part_msdos" # Uncomment to enable booting from LUKS encrypted devices -#GRUB_ENABLE_CRYPTODISK=y +GRUB_ENABLE_CRYPTODISK=y # Uncomment to enable Hidden Menu, and optionally hide the timeout count #GRUB_HIDDEN_TIMEOUT=5 diff --git a/grub.install b/grub.install deleted file mode 100644 index cf2e4b59535f..000000000000 --- a/grub.install +++ /dev/null @@ -1,15 +0,0 @@ -post_install() { - if [ -f /boot/grub/grub.cfg.pacsave ]; then - echo "Copying /boot/grub/grub.cfg.pacsave to /boot/grub/grub.cfg" - install -D -m0644 /boot/grub/grub.cfg.pacsave /boot/grub/grub.cfg - fi - - cat << 'EOM' -Generating grub.cfg.example config file... -This may fail on some machines running a custom kernel. -EOM - - grub-mkconfig -o /boot/grub/grub.cfg.example 2> /dev/null - echo "done." -} - |