[Bug 1797894] Re: upgrading grub, modifies GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub
Launchpad Bug Tracker
1797894 at bugs.launchpad.net
Wed Mar 6 15:20:47 UTC 2019
This bug was fixed in the package grub2 - 2.02+dfsg1-12ubuntu1
---------------
grub2 (2.02+dfsg1-12ubuntu1) disco; urgency=medium
* Merge against Debian unstable; remaining changes (LP: #564853):
- debian/control: Update Vcs fields for code location on Ubuntu.
- debian/control: Breaks shim (<< 13).
- Secure Boot support: use newer patchset from rhboot repo:
- many linuxefi_* patches added and modified
- dropped debian/patches/linuxefi_require_shim.patch
- renamed: debian/patches/no_insmod_on_sb.patch ->
debian/patches/linuxefi_no_insmod_on_sb.patch
- debian/patches/install_signed.patch, grub-install-extra-removable.patch:
- Make sure if we install shim; it should also be exported as the default
bootloader to install later to a removable path, if we do.
- Rework grub-install-extra-removable.patch to reverse its logic: in the
default case, install the bootloader to /EFI/BOOT, unless we're trying
to install on a removable device, or explicitly telling grub *not* to
do it.
- Install a BOOT.CSV for fallback to use.
- Make sure postinst and templates know about the replacement of
--force-extra-removable with --no-extra-removable.
- debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the
--auto-nvram option to grub-install for auto-detecting NVRAM availability
before attempting NVRAM updates.
- debian/build-efi-images: provide a new grub EFI image which enforces that
loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is
the same as grub$arch.efi minus the 'linux' module. Without fallback to
'linux' for unsigned loading, this makes it effectively enforce having a
signed kernel.
- Verify that the current and newer kernels are signed when grub is
updated, to make sure people do not accidentally shutdown without a
signed kernel.
- debian/default/grub: replace GRUB_HIDDEN_* variables with the less
confusing GRUB_TIMEOUT_STYLE=hidden.
- debian/patches/support_initrd-less_boot.patch: Added knobs to allow
non-initrd boot config.
- Disable os-prober for ppc64el on the PowerNV platform, to reduce the
number of entries/clutter from other OSes in Petitboot
- debian/patches/shorter_version_info.patch: Only show the upstream version
in menu and console, and hide the package one in a package_version
variable.
- debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the
'text' payload if it's not supported but present in gfxpayload, such as
on EFI systems.
- debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file
fizes as block sizes in bufio: this avoids potentially seeking back in
the files unnecessarily, which may require re-open files that cannot be
seeked into, such as via TFTP.
- debian/patches/ofnet-init-structs-in-bootpath-parser.patch: initialize
structs in bootpath parser.
- debian/rules: shuffle files around for now to keep build artefacts
for signing at the same location as they were expected by Launchpad.
- debian/rules, debian/control: enable dh-systemd.
- debian/grub-common.install.in: install the systemd unit that's part of
initrd fallback handling, missed when the feature landed.
- debian/patches/quick-boot-lvm.patch: If we don't have writable
grubenv and we're on EFI, always show the menu.
- debian/patches/mkconfig_leave_breadcrumbs.patch: make sure grub-mkconfig
leaves a trace of what files were sourced to help generate the config
we're building.
- debian/patches/linuxefi_truncate_overlong_reloc_section.patch: Windows
7 bootloader has inconsistent headers; truncate to the smaller, correct
size to fix chainloading Windows 7.
- debian/patches/linuxefi_fix_relocate_coff.patch: fix typo in
relocate_coff() causing issues with relocation of code in chainload.
- debian/patches/add-initrd-less-boot-fallback.patch: add initrd-less
capabilities. If a kernel fails to boot without initrd, we will fallback
to trying to boot the kernel with an initrd. Patch by Chris Glass.
- debian/patches/grub-reboot-warn.patch: Warn when "for the next
boot only" promise cannot be kept.
* Refreshed patches and fixed up attribution to the right authors after
merge with Debian.
* debian/patches/linuxefi_missing_include.patch,
debian/patches/linuxefi_fixing_more_errors.patch: Apply some additional
small fixes to casts, format strings, includes and Makefile to make sure
the newer linuxefi patches apply and build properly.
grub2 (2.02+dfsg1-12) unstable; urgency=medium
[ Colin Watson ]
* Remove code to migrate grub-pc/install_devices to persistent device
names under /dev/disk/by-id/. This migration happened in
1.98+20100702-1, which was in squeeze (four stable releases ago), so we
no longer need to carry around this complex code.
* Preserve previous answer to grub-pc/install_devices if we have to ask
grub-pc/install_devices_disks_changed and the user chooses not to
install to any devices, so that we can recover from temporary bugs that
cause /dev/disk/by-id/ paths to change (closes: #919029).
* debian/signing-template.json.in: Add trusted_certs key (empty, since
GRUB has no hardcoded list of trusted certificates).
* util: Detect more I/O errors (closes: #922741).
[ Leif Lindholm ]
* arm64/efi: Fix grub_efi_get_ram_base().
[ Steve McIntyre ]
* grub-install: Check for arm-efi as a default target (closes: #922104).
[ James Clarke ]
* osdep/freebsd: Fix partition calculation for EBR entries (closes:
#923253).
grub2 (2.02+dfsg1-11) unstable; urgency=medium
[ Colin Watson ]
* Apply patches from Alexander Graf to set arm64-efi code offset to
EFI_PAGE_SIZE (closes: #919012, LP: #1812317).
* Upgrade to debhelper v10.
* Set Rules-Requires-Root: no.
* Add help and ls modules to signed UEFI images (closes: #919955).
* Fix application of answers from dpkg-reconfigure to /etc/default/grub
(based loosely on a patch by Steve Langasek, for which thanks; closes:
#921702).
[ Steve McIntyre ]
* Make grub-efi-amd64-signed recommend shim-signed (closes: #919067).
[ Jeroen Dekkers ]
* Initialize keyboard in at_keyboard module init if keyboard is ready
(closes: #741464).
[ John Paul Adrian Glaubitz ]
* Include a.out header in assembly of sparc64 boot loader (closes:
#921249).
[ Hervé Werner ]
* Fix setup on Secure Boot systems where cryptodisk is in use (closes:
#917117).
[ Debconf translations ]
* [de] German (Helge Kreutzmann and Holger Wansing; closes: #921018).
grub2 (2.02+dfsg1-10) unstable; urgency=medium
* Apply patch from Heinrich Schuchardt (mentioned in #916695 though
unrelated):
- grub-core/loader/efi/fdt.c: do not copy random memory
* Add luks modules to signed UEFI images (pointed out by Alex Griffin and
Hervé Werner; closes: #908162, LP: #1565950).
* Keep track of the previous version of /usr/share/grub/default/grub and
set UCF_FORCE_CONFFOLD=1 when running ucf if it hasn't changed; ucf
can't figure this out for itself since we apply debconf-based
customisations on top of the template configuration file (closes:
#812574, LP: #564853).
* Backport Xen PVH guest support from upstream (closes: #776450). Thanks
to Hans van Kranenburg for testing.
grub2 (2.02+dfsg1-9) unstable; urgency=medium
[ Colin Watson ]
* Sync Maintainer/Uploaders in debian/signing-template/control.in with the
main packaging.
* Tell reportbug to submit bug reports against unsigned packages rather
than generated signed packages.
* Update Homepage, debian/copyright Source, and debian/watch to use HTTPS.
* Move bash completions to /usr/share/bash-completion/completions/grub and
add appropriate symlinks (closes: #912852).
* Build with GCC 8 (closes: #915735).
[ Leif Lindholm ]
* Apply patch series (mostly) from upstream to switch the arm loader over
to use the arm64 loader code and improve arm/arm64 initrd handling
(closes: #907596, #909420, #915091).
[ Matthew Garrett ]
* Don't enforce Shim signature validation if Secure Boot is disabled.
grub2 (2.02+dfsg1-8) unstable; urgency=medium
* Revise grub-<platform>-bin and grub-<platform> package descriptions to
try to explain better how they fit together and which one should be used
(based loosely on work by Justin B Rye, for which thanks; closes:
#630224).
* Skip flaky grub_cmd_set_date test (closes: #906470).
* Work around bug in obsolete init-select package: add Conflicts/Replaces
from grub-common, and take over /etc/default/grub.d/init-select.cfg with
a no-op stub (thanks to Guillem Jover for the suggestion; closes:
#863801).
* Build-depend on dosfstools and mtools on non-Linux variants of
i386/amd64/arm64 as well, to match debian/rules.
* Cherry-pick from upstream:
- i386/linux: Add support for ext_lfb_base (LP: #1785033).
* Don't source /etc/default/grub.d/*.cfg in config maintainer scripts,
since otherwise we incorrectly merge settings from there into
/etc/default/grub (closes: #872637, LP: #1797894).
* Add xfs module to signed UEFI images (closes: #911147, LP: #1652822).
* Cope with / being on a ZFS root dataset (closes: #886178).
[ Debconf translations ]
* [sv] Swedish (Martin Bagge and Anders Jonsson; closes: #851964).
grub2 (2.02+dfsg1-7) unstable; urgency=medium
* Move kernel maintainer script snippets into grub2-common (thanks,
Bastian Blank; closes: #910959).
* Add cryptodisk and gcry_* modules to signed UEFI images (closes:
#908162, LP: #1565950).
* Remove dh_builddeb override to use xz compression; this has been the
default since dpkg 1.17.0.
grub2 (2.02+dfsg1-6) unstable; urgency=medium
* Only build *-signed packages on their native architecture for now, since
otherwise we end up with clashing source packages (closes: #906596).
* Refer to source packages in Built-Using, not binary packages (closes:
#907483).
-- Mathieu Trudel-Lapierre <cyphermox at ubuntu.com> Tue, 05 Mar 2019
17:05:09 -0500
** Changed in: grub2 (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1797894
Title:
upgrading grub, modifies GRUB_CMDLINE_LINUX_DEFAULT in
/etc/default/grub
Status in grub2 package in Ubuntu:
Fix Released
Status in grub2 package in Debian:
Fix Released
Bug description:
upgrading grub, modifies GRUB_CMDLINE_LINUX_DEFAULT in
/etc/default/grub
if one has makedumpfile installed. the setting from
/etc/default/grub.d/kdump-tools.cfg which imho should not have leaked
into /etd/default/grub.
See screenshot.
Also,
grub-efi-amd64 grub2/linux_cmdline_default string quiet splash
pcie_aspm=off crashkernel=512M-:192M
has been helpfully "updated" when it should not have.
in postinst, it seems like we source all of /etc/default/grub.d/*
files, when maybe we should not have.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1797894/+subscriptions
More information about the foundations-bugs
mailing list