Search Criteria
Package Details: grub-luks-keyfile 2:2.06-1
Package Actions
Git Clone URL: | https://aur.archlinux.org/grub-luks-keyfile.git (read-only, click to copy) |
---|---|
Package Base: | grub-luks-keyfile |
Description: | GNU GRand Unified Bootloader (2) with crypto extensions to support for DMCrypt and LUKS volumes with detached headers and key files. |
Upstream URL: | https://www.gnu.org/software/grub/ |
Licenses: | GPL3 |
Conflicts: | grub, grub-bios, grub-common, grub-efi-x86_64, grub-emu, grub-legacy |
Provides: | grub, grub-bios, grub-common, grub-efi-x86_64, grub-emu |
Replaces: | grub, grub-bios, grub-common, grub-efi-x86_64, grub-emu |
Submitter: | kalbasit |
Maintainer: | mxfm |
Last Packager: | mxfm |
Votes: | 6 |
Popularity: | 0.000210 |
First Submitted: | 2017-12-22 02:31 (UTC) |
Last Updated: | 2021-06-14 12:15 (UTC) |
Dependencies (23)
- device-mapper (device-mapper-git, device-mapper-noudev)
- gettext (gettext-git)
- sh (bash-devel-git, dashbinsh, bash-devel-static-git, bash-git, bash-xdg, zshbinsh, toyboxbinsh, bash)
- xz (xz-git)
- autogen (make)
- device-mapper (device-mapper-git, device-mapper-noudev) (make)
- freetype2 (freetype2-minimal-git, freetype2-ttmetrics, freetype2-v35, freetype2-git, freetype2-ultimate5, freetype2-infinality-remix) (make)
- fuse2 (make)
- gettext (gettext-git) (make)
- git (git-git, git-vfs, git-run-command-patch-git) (make)
- help2man (help2man-git) (make)
- python (python38, python37, python3.7, nogil-python, python39, python36, python311, python32) (make)
- rsync (rsync-git) (make)
- texinfo (texinfo-git) (make)
- ttf-dejavu (ttf-dejavu-ib, ttf-dejavu-emojiless) (make)
- xz (xz-git) (make)
- dosfstools (dosfstools-git) (optional) – For grub-mkrescue FAT FS and EFI support
- efibootmgr (efibootmgr-git) (optional) – For grub-install EFI support
- freetype2 (freetype2-minimal-git, freetype2-ttmetrics, freetype2-v35, freetype2-git, freetype2-ultimate5, freetype2-infinality-remix) (optional) – For grub-mkfont usage
- fuse2 (optional) – For grub-mount usage
- Show 3 more dependencies...
Required by (147)
- admin-git (requires grub) (optional)
- apple_set_os (requires grub) (optional)
- arch-grub2-theme (requires grub)
- arch-matrix-grub-theme-git (requires grub)
- archiso-git (requires grub)
- archuseriso (requires grub)
- bieaz (requires grub)
- bieaz-git (requires grub)
- booty-git (requires grub)
- cryptboot (requires grub)
- cyberpunk-grub-theme-git (requires grub)
- dedsec-grub2-theme (requires grub)
- dracula-grub-theme-git (requires grub)
- endeavouros-galleon-grub (requires grub)
- grml-iso (requires grub)
- grml-rescueboot (requires grub)
- grml2usb (requires grub) (optional)
- grub-btrfs-git (requires grub)
- grub-custom-simona (requires grub)
- grub-editor (requires grub)
Sources (14)
- 0001-00_header-add-GRUB_COLOR_-variables.patch
- 0001-Cryptomount-support-LUKS-detached-header.patch
- 0002-10_linux-detect-archlinux-initramfs.patch
- 0002-Cryptomount-support-key-files.patch
- 0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch
- 0004-Cryptomount-support-plain-dm-crypt.patch
- 0005-Cryptomount-support-for-hyphens-in-UUID.patch
- 0006-Cryptomount-support-for-using-whole-device-as-keyfile.patch
- grub.default
- https://ftp.gnu.org/gnu/grub/grub-2.06.tar.xz
- https://ftp.gnu.org/gnu/grub/grub-2.06.tar.xz.sig
- https://ftp.gnu.org/gnu/unifont/unifont-13.0.06/unifont-13.0.06.bdf.gz
- https://ftp.gnu.org/gnu/unifont/unifont-13.0.06/unifont-13.0.06.bdf.gz.sig
- https://git.savannah.nongnu.org/cgit/grub-extras.git/snapshot/grub-extras-f2a079441939eee7251bf141986cdd78946e1d20.tar.gz
Latest Comments
mxfm commented on 2022-06-10 10:04 (UTC) (edited on 2022-06-10 10:07 (UTC) by mxfm)
Yes. The state of things with these patches is following. The 'crypto enhancement' patch series by John Lane adds following features:
key files
detached headers
multiple passphrase attempts
plain dm-crypt support
using device as keyfile
UUID hyphens
Key files were added recently by Glenn Washburn who rewrote some of these patches. Detached headers patch series will be also added soon to grub master.
Currently I am working on the third version of plain mode patch, but it will not be accepted as soon as detached headers support (according to my expectation).
Using device as a keyfile can be added as a fix to keyfiles patch series of Glen Washburn, but currently nobody is working on this. I have added support for this feature in plain mode, but it is not currently supported in LUKS mode.
Finally, supporting multiple passphrase attempts and UUID hyphens patches are not included into grub master and nobody is working on supporting them. When I started to support these patches I was interested only in plain mode. If I have spare time, I will rewrite these two minor patches (+ device as a keyfile), but they are not my priorities.
gamezelda commented on 2022-06-09 19:35 (UTC) (edited on 2022-06-09 19:35 (UTC) by gamezelda)
The 2nd patch in the series, the one which enables the
key-file
,keyfile-offset
andkeyfile-size
parameters, was committed to the official GRUB repository and is included in the latest Arch GRUB package (grub 2:2.06.r261.g2f4430cc0-1).So you may be able to switch to the official Arch package, as long as you only need the base keyfile support and not any of the extras (LUKS detached header, plain dm-crypt, whole device as keyfile, etc.).
PS: And if you switch to the official Arch package, also make sure to remove hyphens from the UUID in
cryptomount
(if this applies to you), that part is not in the official GRUB package yet and it will fail to find the disk unless you remove them.acerix commented on 2021-05-11 22:07 (UTC)
Thank you for your work on this, the git version does not have the issue so I will use that for now.
mxfm commented on 2021-05-11 16:41 (UTC)
No, it is not expected, because I follow arch Grub package pkgbuild, also these patches should not explode package size.
I will investigate this in next weekend.
Can you try git version of this package?
acerix commented on 2021-05-11 00:31 (UTC)
Is it expected for this package to have a Total Installed Size of 930.45 MiB? When I build it, the .img files are much larger than the base grub package.
mxfm commented on 2020-03-04 10:44 (UTC)
@Martmists can you elaborate on the context of your comment? It seems you refer to some revealed bug/issue, however I do not see any links.
I use these patches in a following way. I don't have grub menu, I simply type necessary parameters upon each boot, so I don't know what happens when these patches are used together with grub menu.
Besides, these patches are developed by John Lane (https://github.com/johnlane/grub), so you can contact him to file a bug.
Martmists commented on 2020-03-02 08:27 (UTC) (edited on 2020-03-02 08:27 (UTC) by Martmists)
Grub seems to not use the -p and -k parameter BEFORE the grub menu, as they are not in the binary file on the EFI partition. The cause seems to be that in some parts of the patched code, simply
cryptomount -u $uuid
seems to be used, therefore not unlocking grub at boot.mxfm commented on 2019-07-09 20:38 (UTC)
Updated.
mxfm commented on 2019-07-09 05:24 (UTC) (edited on 2019-07-09 05:25 (UTC) by mxfm)
@gamezelda, I have already opened github issue https://github.com/johnlane/grub/issues/18
Thanks for digging compilation errors up. If the author (John Lane) does not fix within days, I will patch myself.
gamezelda commented on 2019-07-08 21:34 (UTC)
At the official repos Grub 2.04 is out, and has some features that may be interesting ( https://www.phoronix.com/scan.php?page=news_item&px=GRUB-2.04-Released ).
This package's patches don't work out of the box with the new version, but are easy to fix. The grub_file_open now has one second parameter GRUB_FILE_TYPE_...., I modified the patches to pass GRUB_FILE_TYPE_NONE and I was able to compile and get it to work for me. (From my naive inspection, I wasn't able to find any better GRUB_FILE_TYPE_... constant to use for the keyfiles other than GRUB_FILE_TYPE_NONE)
mxfm commented on 2019-07-07 12:16 (UTC)
GRUB was updated to version 2.04 at 2019-07-05. Currently several patches cannot applied because of this. I has written to the author.
mxfm commented on 2018-10-16 11:08 (UTC)
Updated.
Kay94 commented on 2018-10-15 19:54 (UTC)
Hi, thanks a lot. One thing: Could you change the weblinks to the patches to https instead of http? Like: "https://grub.johnlane.ie/assets/0001-Cryptomount-support-LUKS-detached-header.patch" Regards
gamezelda commented on 2018-08-25 21:23 (UTC)
Thanks for your work! I have been able to build and install GRUB successfully with the new release.
mxfm commented on 2018-08-25 19:19 (UTC) (edited on 2018-08-25 19:20 (UTC) by mxfm)
Update. It appears that patch mentioned in forum discussion (link in previous post) was actually a fix to the issue. After letter to Christian Hesse he added the patch (https://lists.archlinux.org/pipermail/arch-commits/2018-August/527094.html) to trunk, but currently grub package is not affected because no changes were made to repo. So, manual compilation from trunk sources works, compiled grub package is still 2018-06-27.
Meanwhile, 0010-relocation patch was added here, together with xfs patch from grub trunk (looks like kalbasit left maintaining this package before the patch was added to core grub). On my machine the relocation patch works. It would be helpful if someone tests current version.
mxfm commented on 2018-08-25 08:17 (UTC)
@gamezelda, I was about to check when stock package was compiled (2018-06-27) and to write the same :)
So this may be something wrong with core package, not the way we compile ...
gamezelda commented on 2018-08-25 07:47 (UTC)
@mxfm Good to know it's definitely not a problem on my side! Not sure how I didn't find that link though.
The stock Arch package works because it was built in June, before the breakage ocurred.
mxfm commented on 2018-08-25 05:59 (UTC) (edited on 2018-08-25 07:22 (UTC) by mxfm)
@gamezelda I have just recompiled this package not in clean root - installation of x86-64_efi target failed with error you described. Then I recompiled the package in clean chroot - installation failed with the same error. So, indeed there is some problem either with the package (this patches) or with the grub.
P.S Compiled in clean chroot grub also fails upon installation. P.P.S Some explanation https://www.mail-archive.com/openembedded-core@lists.openembedded.org/msg112375.html Looks like some changes in binutils in July break grub. However, this does not explain why stock archlinux grub kernel.img is OK.
gamezelda commented on 2018-08-24 20:56 (UTC) (edited on 2018-08-24 20:57 (UTC) by gamezelda)
I've been banging my head for some hours trying to reinstall GRUB again after recompiling this package, because I was receiving an error message like 'relocation 0x4 is not implemented yet' when trying to install GRUB in EFI mode (BIOS worked file).
However, the source of the problem is not in this package, because if I recompile the original unchanged Arch GRUB package the same thing happens... it looks like there's something wrong going on with compilers/linkers/whatever and the resulting GRUB x86_64 EFI kernel binary is broken.
Anyway, I found a dirty workaround if anyone happens to stumble upon the same problem: - Build and install this package as usual - Download the compiled GRUB package binaries from https://www.archlinux.org/packages/core/x86_64/grub/ - Extract the ZIP file and replace /usr/lib/grub/x86_64-efi/kernel.img with the precompiled version from the ZIP (overwrite as root) - Now you should be able to run grub-install
DISCLAIMER: Make sure you have an alternative boot method (BIOS boot, Live Arch CD, backup, etc.) because as you may suspect, this method isn't too solid. Also check the versions, I copied the kernel of grub 2:2.02-7 over grub-luks-keyfile 2:2.02-6.
kalbasit commented on 2018-08-13 18:59 (UTC)
@mxfm if you have the time, why not! Please just claim the package and it's yours. I have already disowned it.
mxfm commented on 2018-08-13 18:32 (UTC)
@kalbasit Perhaps me?
kalbasit commented on 2018-08-13 14:15 (UTC)
I switched to NixOS recently, so I won't be maintaining this package any further, can someone please adopt it? Thank you!
mxfm commented on 2018-08-09 05:22 (UTC)
... but now it does not because of sha256 mismatch of file '0006-Cryptomount-support-for-using-whole-device-as-keyfile.patch' (likely it was updated).
mxfm commented on 2018-07-18 09:22 (UTC)
I use this package since January and did not have compilation errors. Just downloaded snapshot - it builds fine.
gamezelda commented on 2018-06-12 22:17 (UTC)
@kalbasit Sure, I’ll take a look at it tomorrow.
kalbasit commented on 2018-06-12 17:36 (UTC)
@gamezelda Care to submit a pull request with your fixes? I host this AUR package at https://github.com/kalbasit/aur_grub-luks-keyfile
gamezelda commented on 2018-06-12 15:10 (UTC) (edited on 2018-06-12 16:48 (UTC) by gamezelda)
The package does not build complaining about not finding freetype2 (despite being installed).
I have been able to install it by rebasing on the last PKGBUILD:
1570924382c7
to the PKGBUILD in the trunk foldergamezelda commented on 2018-06-12 15:08 (UTC) (edited on 2018-06-13 16:45 (UTC) by gamezelda)
@nils_92 You need to trust those GPG keys by adding them to your keyring before trying to build the package:
nils_92 commented on 2018-03-26 10:12 (UTC) (edited on 2018-03-26 10:12 (UTC) by nils_92)
Unfortunately it does not build with the following error
==> Verifying source file signatures with gpg... grub-2.02.tar.xz ... FAILED (unknown public key 35A93B74E82E4209) unifont-10.0.06.bdf.gz ... FAILED (unknown public key 1A09227B1F435A33) ==> ERROR: One or more PGP signatures could not be verified! ==> ERROR: Makepkg was unable to build grub-luks-keyfile.
kalbasit commented on 2018-03-18 18:22 (UTC)
@mxfm I just pushed an update, thanks for the report!
mxfm commented on 2018-03-18 18:18 (UTC)
@kalbasit
:) Sorry, pushed wrong button...
kalbasit commented on 2018-03-18 18:16 (UTC)
@mxfm I asked for a PR not an issue :). That's fine, I can push an update myself.
mxfm commented on 2018-03-18 08:28 (UTC)
https://github.com/kalbasit/aur_grub-luks-keyfile/issues/1
However, I don't understand why I should write there. Github page appears to be exact clone of this page, which provides necessary infrastruction to deal with those problems.
kalbasit commented on 2018-03-18 06:14 (UTC)
@mxfm I pushed this repo to https://github.com/kalbasit/aur_grub-luks-keyfile would you be able to send me a PR? Thank you!
mxfm commented on 2018-03-18 06:10 (UTC)
It seems John Lane updated patches (from http://grub.johnlane.ie/):
"Patches compatible with upstream HEAD (28b0d190) at time of writing, 2018/03/14. Patches 6 and 7 are contributed pull requests."
mxfm commented on 2018-03-18 05:59 (UTC) (edited on 2018-03-18 06:07 (UTC) by mxfm)
Unfortunately I cannot compile the package anymore because some patches fail source check. For example, for "0001-Crypmount..." my sha526sum is: f7790e7fd4641eed8347039ebb44b67a3f517f2bc4de213fe34d2ae887c03b92 0001-Cryptomount-support-LUKS-detached-header.patch
It is missing in sha256sums() function in PKGBUILD.
==> Validating source files with sha256sums...
==> ERROR: One or more files did not pass the validity check!
mxfm commented on 2018-01-13 16:25 (UTC)
Hi!
First of all, I am glad to see this package because I am interested in having support plain dm-crypt, in particular support for dm-crypt options for 'cryptomount' command.
How old is grub in this version comparing with upstream? AFAIK, these patches are by John Lane written in 2015. Are they still revelant? 2-3 years ago I tried to apply them on upstream version and failed because grub was updated.
Since John is not working on new versions, it seems that either 1) one can use old version from 2015 with these patches 2) forget about these features and use upstream version or 3) update patches manually after (possibly) each new version.