diff --git a/nixos/modules/config/gnu.nix b/nixos/modules/config/gnu.nix index d06b479e2af5..a47d299b226b 100644 --- a/nixos/modules/config/gnu.nix +++ b/nixos/modules/config/gnu.nix @@ -29,7 +29,6 @@ # GNU GRUB, where available. boot.loader.grub.enable = !pkgs.stdenv.isAarch32; - boot.loader.grub.version = 2; # GNU lsh. services.openssh.enable = false; diff --git a/nixos/modules/installer/cd-dvd/iso-image.nix b/nixos/modules/installer/cd-dvd/iso-image.nix index 3921bb61b91c..e22bb866927b 100644 --- a/nixos/modules/installer/cd-dvd/iso-image.nix +++ b/nixos/modules/installer/cd-dvd/iso-image.nix @@ -694,8 +694,6 @@ in } ]; - boot.loader.grub.version = 2; - # Don't build the GRUB menu builder script, since we don't need it # here and it causes a cyclic dependency. boot.loader.grub.enable = false; diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl index c65898b261cb..5d3d0216d20c 100644 --- a/nixos/modules/installer/tools/nixos-generate-config.pl +++ b/nixos/modules/installer/tools/nixos-generate-config.pl @@ -651,7 +651,6 @@ EOF $bootLoaderConfig = < !config.boot.loader.efi.canTouchEfiVariables; message = "If you wish to to use boot.loader.grub.efiInstallAsRemovable, then turn off boot.loader.efi.canTouchEfiVariables"; } + { + assertion = !(options.boot.loader.grub.version.isDefined && cfg.version == 1); + message = "Support for version 0.9x of GRUB was removed after being unsupported upstream for around a decade"; + } ] ++ flip concatMap cfg.mirroredBoots (args: [ { assertion = args.devices != [ ]; @@ -844,6 +825,11 @@ in })); }) + (mkIf options.boot.loader.grub.version.isDefined { + warnings = [ '' + The boot.loader.grub.version option does not have any effect anymore, please remove it from your configuration. + '' ]; + }) ]; diff --git a/nixos/modules/system/boot/loader/grub/install-grub.pl b/nixos/modules/system/boot/loader/grub/install-grub.pl index 2779f26aa1b6..cfccb93264bf 100644 --- a/nixos/modules/system/boot/loader/grub/install-grub.pl +++ b/nixos/modules/system/boot/loader/grub/install-grub.pl @@ -61,7 +61,6 @@ sub runCommand { } my $grub = get("grub"); -my $grubVersion = int(get("version")); my $grubTarget = get("grubTarget"); my $extraConfig = get("extraConfig"); my $extraPrepareConfig = get("extraPrepareConfig"); @@ -96,9 +95,7 @@ my $theme = get("theme"); my $saveDefault = $defaultEntry eq "saved"; $ENV{'PATH'} = get("path"); -die "unsupported GRUB version\n" if $grubVersion != 1 && $grubVersion != 2; - -print STDERR "updating GRUB $grubVersion menu...\n"; +print STDERR "updating GRUB 2 menu...\n"; mkpath("$bootPath/grub", 0, 0700); @@ -176,76 +173,74 @@ sub GrubFs { } my $search = ""; - if ($grubVersion > 1) { - # ZFS is completely separate logic as zpools are always identified by a label - # or custom UUID - if ($fs->type eq 'zfs') { - my $sid = index($fs->device, '/'); + # ZFS is completely separate logic as zpools are always identified by a label + # or custom UUID + if ($fs->type eq 'zfs') { + my $sid = index($fs->device, '/'); - if ($sid < 0) { - $search = '--label ' . $fs->device; - $path = '/@' . $path; - } else { - $search = '--label ' . substr($fs->device, 0, $sid); - $path = '/' . substr($fs->device, $sid) . '/@' . $path; + if ($sid < 0) { + $search = '--label ' . $fs->device; + $path = '/@' . $path; + } else { + $search = '--label ' . substr($fs->device, 0, $sid); + $path = '/' . substr($fs->device, $sid) . '/@' . $path; + } + } else { + my %types = ('uuid' => '--fs-uuid', 'label' => '--label'); + + if ($fsIdentifier eq 'provided') { + # If the provided dev is identifying the partition using a label or uuid, + # we should get the label / uuid and do a proper search + my @matches = $fs->device =~ m/\/dev\/disk\/by-(label|uuid)\/(.*)/; + if ($#matches > 1) { + die "Too many matched devices" + } elsif ($#matches == 1) { + $search = "$types{$matches[0]} $matches[1]" } } else { - my %types = ('uuid' => '--fs-uuid', 'label' => '--label'); + # Determine the identifying type + $search = $types{$fsIdentifier} . ' '; - if ($fsIdentifier eq 'provided') { - # If the provided dev is identifying the partition using a label or uuid, - # we should get the label / uuid and do a proper search - my @matches = $fs->device =~ m/\/dev\/disk\/by-(label|uuid)\/(.*)/; - if ($#matches > 1) { - die "Too many matched devices" - } elsif ($#matches == 1) { - $search = "$types{$matches[0]} $matches[1]" - } - } else { - # Determine the identifying type - $search = $types{$fsIdentifier} . ' '; - - # Based on the type pull in the identifier from the system - my ($status, @devInfo) = runCommand("@utillinux@/bin/blkid", "-o", "export", @{[$fs->device]}); - if ($status != 0) { - die "Failed to get blkid info (returned $status) for @{[$fs->mount]} on @{[$fs->device]}"; - } - my @matches = join("", @devInfo) =~ m/@{[uc $fsIdentifier]}=([^\n]*)/; - if ($#matches != 0) { - die "Couldn't find a $types{$fsIdentifier} for @{[$fs->device]}\n" - } - $search .= $matches[0]; + # Based on the type pull in the identifier from the system + my ($status, @devInfo) = runCommand("@utillinux@/bin/blkid", "-o", "export", @{[$fs->device]}); + if ($status != 0) { + die "Failed to get blkid info (returned $status) for @{[$fs->mount]} on @{[$fs->device]}"; } + my @matches = join("", @devInfo) =~ m/@{[uc $fsIdentifier]}=([^\n]*)/; + if ($#matches != 0) { + die "Couldn't find a $types{$fsIdentifier} for @{[$fs->device]}\n" + } + $search .= $matches[0]; + } - # BTRFS is a special case in that we need to fix the referrenced path based on subvolumes - if ($fs->type eq 'btrfs') { - my ($status, @id_info) = runCommand("@btrfsprogs@/bin/btrfs", "subvol", "show", @{[$fs->mount]}); + # BTRFS is a special case in that we need to fix the referrenced path based on subvolumes + if ($fs->type eq 'btrfs') { + my ($status, @id_info) = runCommand("@btrfsprogs@/bin/btrfs", "subvol", "show", @{[$fs->mount]}); + if ($status != 0) { + die "Failed to retrieve subvolume info for @{[$fs->mount]}\n"; + } + my @ids = join("\n", @id_info) =~ m/^(?!\/\n).*Subvolume ID:[ \t\n]*([0-9]+)/s; + if ($#ids > 0) { + die "Btrfs subvol name for @{[$fs->device]} listed multiple times in mount\n" + } elsif ($#ids == 0) { + my ($status, @path_info) = runCommand("@btrfsprogs@/bin/btrfs", "subvol", "list", @{[$fs->mount]}); if ($status != 0) { - die "Failed to retrieve subvolume info for @{[$fs->mount]}\n"; + die "Failed to find @{[$fs->mount]} subvolume id from btrfs\n"; } - my @ids = join("\n", @id_info) =~ m/^(?!\/\n).*Subvolume ID:[ \t\n]*([0-9]+)/s; - if ($#ids > 0) { - die "Btrfs subvol name for @{[$fs->device]} listed multiple times in mount\n" - } elsif ($#ids == 0) { - my ($status, @path_info) = runCommand("@btrfsprogs@/bin/btrfs", "subvol", "list", @{[$fs->mount]}); - if ($status != 0) { - die "Failed to find @{[$fs->mount]} subvolume id from btrfs\n"; - } - my @paths = join("", @path_info) =~ m/ID $ids[0] [^\n]* path ([^\n]*)/; - if ($#paths > 0) { - die "Btrfs returned multiple paths for a single subvolume id, mountpoint @{[$fs->mount]}\n"; - } elsif ($#paths != 0) { - die "Btrfs did not return a path for the subvolume at @{[$fs->mount]}\n"; - } - $path = "/$paths[0]$path"; + my @paths = join("", @path_info) =~ m/ID $ids[0] [^\n]* path ([^\n]*)/; + if ($#paths > 0) { + die "Btrfs returned multiple paths for a single subvolume id, mountpoint @{[$fs->mount]}\n"; + } elsif ($#paths != 0) { + die "Btrfs did not return a path for the subvolume at @{[$fs->mount]}\n"; } + $path = "/$paths[0]$path"; } } - if (not $search eq "") { - $search = "search --set=drive$driveid " . $search; - $path = "(\$drive$driveid)$path"; - $driveid += 1; - } + } + if (not $search eq "") { + $search = "search --set=drive$driveid " . $search; + $path = "(\$drive$driveid)$path"; + $driveid += 1; } return Grub->new(path => $path, search => $search); } @@ -258,166 +253,151 @@ if ($copyKernels == 0) { # Generate the header. my $conf .= "# Automatically generated. DO NOT EDIT THIS FILE!\n"; -if ($grubVersion == 1) { - # $defaultEntry might be "saved", indicating that we want to use the last selected configuration as default. - # Incidentally this is already the correct value for the grub 1 config to achieve this behaviour. - $conf .= " - default $defaultEntry - timeout $timeout - "; - if ($splashImage) { - copy $splashImage, "$bootPath/background.xpm.gz" or die "cannot copy $splashImage to $bootPath: $!\n"; - $conf .= "splashimage " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/background.xpm.gz\n"; +my @users = (); +foreach my $user ($dom->findnodes('/expr/attrs/attr[@name = "users"]/attrs/attr')) { + my $name = $user->findvalue('@name') or die; + my $hashedPassword = $user->findvalue('./attrs/attr[@name = "hashedPassword"]/string/@value'); + my $hashedPasswordFile = $user->findvalue('./attrs/attr[@name = "hashedPasswordFile"]/string/@value'); + my $password = $user->findvalue('./attrs/attr[@name = "password"]/string/@value'); + my $passwordFile = $user->findvalue('./attrs/attr[@name = "passwordFile"]/string/@value'); + + if ($hashedPasswordFile) { + open(my $f, '<', $hashedPasswordFile) or die "Can't read file '$hashedPasswordFile'!"; + $hashedPassword = <$f>; + chomp $hashedPassword; + } + if ($passwordFile) { + open(my $f, '<', $passwordFile) or die "Can't read file '$passwordFile'!"; + $password = <$f>; + chomp $password; } -} -else { - my @users = (); - foreach my $user ($dom->findnodes('/expr/attrs/attr[@name = "users"]/attrs/attr')) { - my $name = $user->findvalue('@name') or die; - my $hashedPassword = $user->findvalue('./attrs/attr[@name = "hashedPassword"]/string/@value'); - my $hashedPasswordFile = $user->findvalue('./attrs/attr[@name = "hashedPasswordFile"]/string/@value'); - my $password = $user->findvalue('./attrs/attr[@name = "password"]/string/@value'); - my $passwordFile = $user->findvalue('./attrs/attr[@name = "passwordFile"]/string/@value'); - - if ($hashedPasswordFile) { - open(my $f, '<', $hashedPasswordFile) or die "Can't read file '$hashedPasswordFile'!"; - $hashedPassword = <$f>; - chomp $hashedPassword; - } - if ($passwordFile) { - open(my $f, '<', $passwordFile) or die "Can't read file '$passwordFile'!"; - $password = <$f>; - chomp $password; - } - - if ($hashedPassword) { - if (index($hashedPassword, "grub.pbkdf2.") == 0) { - $conf .= "\npassword_pbkdf2 $name $hashedPassword"; - } - else { - die "Password hash for GRUB user '$name' is not valid!"; - } - } - elsif ($password) { - $conf .= "\npassword $name $password"; + if ($hashedPassword) { + if (index($hashedPassword, "grub.pbkdf2.") == 0) { + $conf .= "\npassword_pbkdf2 $name $hashedPassword"; } else { - die "GRUB user '$name' has no password!"; + die "Password hash for GRUB user '$name' is not valid!"; } - push(@users, $name); } - if (@users) { - $conf .= "\nset superusers=\"" . join(' ',@users) . "\"\n"; + elsif ($password) { + $conf .= "\npassword $name $password"; } + else { + die "GRUB user '$name' has no password!"; + } + push(@users, $name); +} +if (@users) { + $conf .= "\nset superusers=\"" . join(' ',@users) . "\"\n"; +} - if ($copyKernels == 0) { - $conf .= " - " . $grubStore->search; - } - # FIXME: should use grub-mkconfig. - my $defaultEntryText = $defaultEntry; - if ($saveDefault) { - $defaultEntryText = "\"\${saved_entry}\""; - } +if ($copyKernels == 0) { $conf .= " - " . $grubBoot->search . " - if [ -s \$prefix/grubenv ]; then - load_env + " . $grubStore->search; +} +# FIXME: should use grub-mkconfig. +my $defaultEntryText = $defaultEntry; +if ($saveDefault) { + $defaultEntryText = "\"\${saved_entry}\""; +} +$conf .= " + " . $grubBoot->search . " + if [ -s \$prefix/grubenv ]; then + load_env + fi + + # ‘grub-reboot’ sets a one-time saved entry, which we process here and + # then delete. + if [ \"\${next_entry}\" ]; then + set default=\"\${next_entry}\" + set next_entry= + save_env next_entry + set timeout=1 + set boot_once=true + else + set default=$defaultEntryText + set timeout=$timeout + fi + + function savedefault { + if [ -z \"\${boot_once}\"]; then + saved_entry=\"\${chosen}\" + save_env saved_entry fi + } - # ‘grub-reboot’ sets a one-time saved entry, which we process here and - # then delete. - if [ \"\${next_entry}\" ]; then - set default=\"\${next_entry}\" - set next_entry= - save_env next_entry - set timeout=1 - set boot_once=true - else - set default=$defaultEntryText - set timeout=$timeout - fi + # Setup the graphics stack for bios and efi systems + if [ \"\${grub_platform}\" = \"efi\" ]; then + insmod efi_gop + insmod efi_uga + else + insmod vbe + fi +"; - function savedefault { - if [ -z \"\${boot_once}\"]; then - saved_entry=\"\${chosen}\" - save_env saved_entry - fi - } - - # Setup the graphics stack for bios and efi systems - if [ \"\${grub_platform}\" = \"efi\" ]; then - insmod efi_gop - insmod efi_uga - else - insmod vbe +if ($font) { + copy $font, "$bootPath/converted-font.pf2" or die "cannot copy $font to $bootPath: $!\n"; + $conf .= " + insmod font + if loadfont " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/converted-font.pf2; then + insmod gfxterm + if [ \"\${grub_platform}\" = \"efi\" ]; then + set gfxmode=$gfxmodeEfi + set gfxpayload=$gfxpayloadEfi + else + set gfxmode=$gfxmodeBios + set gfxpayload=$gfxpayloadBios + fi + terminal_output gfxterm fi "; - - if ($font) { - copy $font, "$bootPath/converted-font.pf2" or die "cannot copy $font to $bootPath: $!\n"; +} +if ($splashImage) { + # Keeps the image's extension. + my ($filename, $dirs, $suffix) = fileparse($splashImage, qr"\..[^.]*$"); + # The module for jpg is jpeg. + if ($suffix eq ".jpg") { + $suffix = ".jpeg"; + } + if ($backgroundColor) { $conf .= " - insmod font - if loadfont " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/converted-font.pf2; then - insmod gfxterm - if [ \"\${grub_platform}\" = \"efi\" ]; then - set gfxmode=$gfxmodeEfi - set gfxpayload=$gfxpayloadEfi - else - set gfxmode=$gfxmodeBios - set gfxpayload=$gfxpayloadBios - fi - terminal_output gfxterm - fi + background_color '$backgroundColor' "; } - if ($splashImage) { - # Keeps the image's extension. - my ($filename, $dirs, $suffix) = fileparse($splashImage, qr"\..[^.]*$"); - # The module for jpg is jpeg. - if ($suffix eq ".jpg") { - $suffix = ".jpeg"; - } - if ($backgroundColor) { + copy $splashImage, "$bootPath/background$suffix" or die "cannot copy $splashImage to $bootPath: $!\n"; + $conf .= " + insmod " . substr($suffix, 1) . " + if background_image --mode '$splashMode' " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/background$suffix; then + set color_normal=white/black + set color_highlight=black/white + else + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue + fi + "; +} + +rmtree("$bootPath/theme") or die "cannot clean up theme folder in $bootPath\n" if -e "$bootPath/theme"; + +if ($theme) { + # Copy theme + rcopy($theme, "$bootPath/theme") or die "cannot copy $theme to $bootPath\n"; + $conf .= " + # Sets theme. + set theme=" . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/theme/theme.txt + export theme + # Load theme fonts, if any + "; + + find( { wanted => sub { + if ($_ =~ /\.pf2$/i) { + $font = File::Spec->abs2rel($File::Find::name, $theme); $conf .= " - background_color '$backgroundColor' + loadfont " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/theme/$font "; } - copy $splashImage, "$bootPath/background$suffix" or die "cannot copy $splashImage to $bootPath: $!\n"; - $conf .= " - insmod " . substr($suffix, 1) . " - if background_image --mode '$splashMode' " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/background$suffix; then - set color_normal=white/black - set color_highlight=black/white - else - set menu_color_normal=cyan/blue - set menu_color_highlight=white/blue - fi - "; - } - - rmtree("$bootPath/theme") or die "cannot clean up theme folder in $bootPath\n" if -e "$bootPath/theme"; - - if ($theme) { - # Copy theme - rcopy($theme, "$bootPath/theme") or die "cannot copy $theme to $bootPath\n"; - $conf .= " - # Sets theme. - set theme=" . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/theme/theme.txt - export theme - # Load theme fonts, if any - "; - - find( { wanted => sub { - if ($_ =~ /\.pf2$/i) { - $font = File::Spec->abs2rel($File::Find::name, $theme); - $conf .= " - loadfont " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/theme/$font - "; - } - }, no_chdir => 1 }, $theme ); - } + }, no_chdir => 1 }, $theme ); } $conf .= "$extraConfig\n"; @@ -494,31 +474,19 @@ sub addEntry { readFile("$path/kernel-params"); my $xenParams = $xen && -e "$path/xen-params" ? readFile("$path/xen-params") : ""; - if ($grubVersion == 1) { - $conf .= "title $name\n"; - $conf .= " $extraPerEntryConfig\n" if $extraPerEntryConfig; - $conf .= " kernel $xen $xenParams\n" if $xen; - $conf .= " " . ($xen ? "module" : "kernel") . " $kernel $kernelParams\n"; - $conf .= " " . ($xen ? "module" : "initrd") . " $initrd\n"; - if ($saveDefault) { - $conf .= " savedefault\n"; - } - $conf .= "\n"; - } else { - $conf .= "menuentry \"$name\" " . $options . " {\n"; - if ($saveDefault) { - $conf .= " savedefault\n"; - } - $conf .= $grubBoot->search . "\n"; - if ($copyKernels == 0) { - $conf .= $grubStore->search . "\n"; - } - $conf .= " $extraPerEntryConfig\n" if $extraPerEntryConfig; - $conf .= " multiboot $xen $xenParams\n" if $xen; - $conf .= " " . ($xen ? "module" : "linux") . " $kernel $kernelParams\n"; - $conf .= " " . ($xen ? "module" : "initrd") . " $initrd\n"; - $conf .= "}\n\n"; + $conf .= "menuentry \"$name\" " . $options . " {\n"; + if ($saveDefault) { + $conf .= " savedefault\n"; } + $conf .= $grubBoot->search . "\n"; + if ($copyKernels == 0) { + $conf .= $grubStore->search . "\n"; + } + $conf .= " $extraPerEntryConfig\n" if $extraPerEntryConfig; + $conf .= " multiboot $xen $xenParams\n" if $xen; + $conf .= " " . ($xen ? "module" : "linux") . " $kernel $kernelParams\n"; + $conf .= " " . ($xen ? "module" : "initrd") . " $initrd\n"; + $conf .= "}\n\n"; } @@ -562,7 +530,7 @@ sub addProfile { my ($profile, $description) = @_; # Add entries for all generations of this profile. - $conf .= "submenu \"$description\" --class submenu {\n" if $grubVersion == 2; + $conf .= "submenu \"$description\" --class submenu {\n"; sub nrFromGen { my ($x) = @_; $x =~ /\/\w+-(\d+)-link/; return $1; } @@ -585,17 +553,15 @@ sub addProfile { addEntry("@distroName@ - Configuration " . nrFromGen($link) . " ($date - $version)", $link, $subEntryOptions, 0); } - $conf .= "}\n" if $grubVersion == 2; + $conf .= "}\n"; } addProfile "/nix/var/nix/profiles/system", "@distroName@ - All configurations"; -if ($grubVersion == 2) { - for my $profile (glob "/nix/var/nix/profiles/system-profiles/*") { - my $name = basename($profile); - next unless $name =~ /^\w+$/; - addProfile $profile, "@distroName@ - Profile '$name'"; - } +for my $profile (glob "/nix/var/nix/profiles/system-profiles/*") { + my $name = basename($profile); + next unless $name =~ /^\w+$/; + addProfile $profile, "@distroName@ - Profile '$name'"; } # extraPrepareConfig could refer to @bootPath@, which we have to substitute @@ -607,16 +573,14 @@ if ($extraPrepareConfig ne "") { } # write the GRUB config. -my $confFile = $grubVersion == 1 ? "$bootPath/grub/menu.lst" : "$bootPath/grub/grub.cfg"; +my $confFile = "$bootPath/grub/grub.cfg"; my $tmpFile = $confFile . ".tmp"; writeFile($tmpFile, $conf); # check whether to install GRUB EFI or not sub getEfiTarget { - if ($grubVersion == 1) { - return "no" - } elsif (($grub ne "") && ($grubEfi ne "")) { + if (($grub ne "") && ($grubEfi ne "")) { # EFI can only be installed when target is set; # A target is also required then for non-EFI grub if (($grubTarget eq "") || ($grubTargetEfi eq "")) { die } @@ -741,7 +705,7 @@ symlink "$bootPath", "$tmpDir/boot" or die "Failed to symlink $tmpDir/boot: $!"; if (($requireNewInstall != 0) && ($efiTarget eq "no" || $efiTarget eq "both")) { foreach my $dev (@deviceTargets) { next if $dev eq "nodev"; - print STDERR "installing the GRUB $grubVersion boot loader on $dev...\n"; + print STDERR "installing the GRUB 2 boot loader on $dev...\n"; my @command = ("$grub/sbin/grub-install", "--recheck", "--root-directory=$tmpDir", Cwd::abs_path($dev), @extraGrubInstallArgs); if ($forceInstall eq "true") { push @command, "--force"; @@ -756,7 +720,7 @@ if (($requireNewInstall != 0) && ($efiTarget eq "no" || $efiTarget eq "both")) { # install EFI GRUB if (($requireNewInstall != 0) && ($efiTarget eq "only" || $efiTarget eq "both")) { - print STDERR "installing the GRUB $grubVersion EFI boot loader into $efiSysMountPoint...\n"; + print STDERR "installing the GRUB 2 boot loader into $efiSysMountPoint...\n"; my @command = ("$grubEfi/sbin/grub-install", "--recheck", "--target=$grubTargetEfi", "--boot-directory=$bootPath", "--efi-directory=$efiSysMountPoint", @extraGrubInstallArgs); if ($forceInstall eq "true") { push @command, "--force"; diff --git a/nixos/modules/system/boot/loader/grub/ipxe.nix b/nixos/modules/system/boot/loader/grub/ipxe.nix index adddcbee0164..d926b7ceaa6e 100644 --- a/nixos/modules/system/boot/loader/grub/ipxe.nix +++ b/nixos/modules/system/boot/loader/grub/ipxe.nix @@ -46,11 +46,7 @@ in config = mkIf (builtins.length scripts != 0) { - boot.loader.grub.extraEntries = - if config.boot.loader.grub.version == 2 then - toString (map grubEntry scripts) - else - throw "iPXE is not supported with GRUB 1."; + boot.loader.grub.extraEntries = toString (map grubEntry scripts); boot.loader.grub.extraFiles = { "ipxe.lkrn" = "${pkgs.ipxe}/ipxe.lkrn"; } diff --git a/nixos/modules/system/boot/loader/grub/memtest.nix b/nixos/modules/system/boot/loader/grub/memtest.nix index ccb6e8cc3caf..ee969e9bff5b 100644 --- a/nixos/modules/system/boot/loader/grub/memtest.nix +++ b/nixos/modules/system/boot/loader/grub/memtest.nix @@ -84,15 +84,11 @@ in }) (mkIf (cfg.enable && !efiSupport) { - boot.loader.grub.extraEntries = - if config.boot.loader.grub.version == 2 then - '' - menuentry "Memtest86+" { - linux16 @bootRoot@/memtest.bin ${toString cfg.params} - } - '' - else - throw "Memtest86+ is not supported with GRUB 1."; + boot.loader.grub.extraEntries = '' + menuentry "Memtest86+" { + linux16 @bootRoot@/memtest.bin ${toString cfg.params} + } + ''; boot.loader.grub.extraFiles."memtest.bin" = "${memtest86}/memtest.bin"; }) diff --git a/nixos/modules/virtualisation/azure-common.nix b/nixos/modules/virtualisation/azure-common.nix index f29d368137ae..cd1ffdb6cbcc 100644 --- a/nixos/modules/virtualisation/azure-common.nix +++ b/nixos/modules/virtualisation/azure-common.nix @@ -12,7 +12,6 @@ with lib; # Generate a GRUB menu. boot.loader.grub.device = "/dev/sda"; - boot.loader.grub.version = 2; boot.loader.timeout = 0; boot.growPartition = true; diff --git a/nixos/modules/virtualisation/xen-domU.nix b/nixos/modules/virtualisation/xen-domU.nix index c00b984c2ce0..ce5a482b1145 100644 --- a/nixos/modules/virtualisation/xen-domU.nix +++ b/nixos/modules/virtualisation/xen-domU.nix @@ -3,7 +3,6 @@ { ... }: { - boot.loader.grub.version = 2; boot.loader.grub.device = "nodev"; boot.initrd.kernelModules = diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index 51d0d232ebbf..28b93472263f 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -10,7 +10,7 @@ with pkgs.lib; let # The configuration to install. - makeConfig = { bootLoader, grubVersion, grubDevice, grubIdentifier, grubUseEfi + makeConfig = { bootLoader, grubDevice, grubIdentifier, grubUseEfi , extraConfig, forceGrubReinstallCount ? 0 }: pkgs.writeText "configuration.nix" '' @@ -29,11 +29,6 @@ let ${optionalString systemdStage1 "boot.initrd.systemd.enable = true;"} ${optionalString (bootLoader == "grub") '' - boot.loader.grub.version = ${toString grubVersion}; - ${optionalString (grubVersion == 1) '' - boot.loader.grub.splashImage = null; - ''} - boot.loader.grub.extraConfig = "serial; terminal_output serial"; ${if grubUseEfi then '' boot.loader.grub.device = "nodev"; @@ -70,11 +65,11 @@ let # disk, and then reboot from the hard disk. It's parameterized with # a test script fragment `createPartitions', which must create # partitions and filesystems. - testScriptFun = { bootLoader, createPartitions, grubVersion, grubDevice, grubUseEfi + testScriptFun = { bootLoader, createPartitions, grubDevice, grubUseEfi , grubIdentifier, preBootCommands, postBootCommands, extraConfig , testSpecialisationConfig }: - let iface = if grubVersion == 1 then "ide" else "virtio"; + let iface = "virtio"; isEfi = bootLoader == "systemd-boot" || (bootLoader == "grub" && grubUseEfi); bios = if pkgs.stdenv.isAarch64 then "QEMU_EFI.fd" else "OVMF.fd"; in if !isEfi && !pkgs.stdenv.hostPlatform.isx86 then '' @@ -122,7 +117,7 @@ let machine.succeed("cat /mnt/etc/nixos/hardware-configuration.nix >&2") machine.copy_from_host( "${ makeConfig { - inherit bootLoader grubVersion grubDevice grubIdentifier + inherit bootLoader grubDevice grubIdentifier grubUseEfi extraConfig; } }", @@ -193,7 +188,7 @@ let # doesn't know about the host-guest sharing mechanism. machine.copy_from_host_via_shell( "${ makeConfig { - inherit bootLoader grubVersion grubDevice grubIdentifier + inherit bootLoader grubDevice grubIdentifier grubUseEfi extraConfig; forceGrubReinstallCount = 1; } @@ -222,7 +217,7 @@ let # doesn't know about the host-guest sharing mechanism. machine.copy_from_host_via_shell( "${ makeConfig { - inherit bootLoader grubVersion grubDevice grubIdentifier + inherit bootLoader grubDevice grubIdentifier grubUseEfi extraConfig; forceGrubReinstallCount = 2; } @@ -284,7 +279,7 @@ let { createPartitions, preBootCommands ? "", postBootCommands ? "", extraConfig ? "" , extraInstallerConfig ? {} , bootLoader ? "grub" # either "grub" or "systemd-boot" - , grubVersion ? 2, grubDevice ? "/dev/vda", grubIdentifier ? "uuid", grubUseEfi ? false + , grubDevice ? "/dev/vda", grubIdentifier ? "uuid", grubUseEfi ? false , enableOCR ? false, meta ? {} , testSpecialisationConfig ? false }: @@ -316,11 +311,9 @@ let # installer. This ensures the target disk (/dev/vda) is # the same during and after installation. virtualisation.emptyDiskImages = [ 512 ]; - virtualisation.rootDevice = - if grubVersion == 1 then "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive2" else "/dev/vdb"; + virtualisation.rootDevice = "/dev/vdb"; virtualisation.bootLoaderDevice = "/dev/vda"; - virtualisation.qemu.diskInterface = - if grubVersion == 1 then "scsi" else "virtio"; + virtualisation.qemu.diskInterface = "virtio"; # We don't want to have any networking in the guest whatsoever. # Also, if any vlans are enabled, the guest will reboot @@ -372,8 +365,7 @@ let # curl's tarball, we see what it's trying to download curl ] - ++ optional (bootLoader == "grub" && grubVersion == 1) pkgs.grub - ++ optionals (bootLoader == "grub" && grubVersion == 2) (let + ++ optionals (bootLoader == "grub") (let zfsSupport = lib.any (x: x == "zfs") (extraInstallerConfig.boot.supportedFilesystems or []); in [ @@ -392,7 +384,7 @@ let testScript = testScriptFun { inherit bootLoader createPartitions preBootCommands postBootCommands - grubVersion grubDevice grubIdentifier grubUseEfi extraConfig + grubDevice grubIdentifier grubUseEfi extraConfig testSpecialisationConfig; }; }; @@ -875,26 +867,6 @@ in { ''; }; - # Test a basic install using GRUB 1. - grub1 = makeInstallerTest "grub1" rec { - createPartitions = '' - machine.succeed( - "flock ${grubDevice} parted --script ${grubDevice} -- mklabel msdos" - + " mkpart primary linux-swap 1M 1024M" - + " mkpart primary ext2 1024M -1s", - "udevadm settle", - "mkswap ${grubDevice}-part1 -L swap", - "swapon -L swap", - "mkfs.ext3 -L nixos ${grubDevice}-part2", - "mount LABEL=nixos /mnt", - "mkdir -p /mnt/tmp", - ) - ''; - grubVersion = 1; - # /dev/sda is not stable, even when the SCSI disk number is. - grubDevice = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive1"; - }; - # Test using labels to identify volumes in grub simpleLabels = makeInstallerTest "simpleLabels" { createPartitions = '' diff --git a/pkgs/tools/misc/grub/2.0x.nix b/pkgs/tools/misc/grub/2.0x.nix deleted file mode 100644 index f44b3c7a1bcf..000000000000 --- a/pkgs/tools/misc/grub/2.0x.nix +++ /dev/null @@ -1,457 +0,0 @@ -{ lib, stdenv, fetchurl, flex, bison, python3, autoreconfHook, gnulib, libtool, bash -, gettext, ncurses, libusb-compat-0_1, freetype, qemu, lvm2, unifont, pkg-config -, buildPackages -, fetchpatch -, pkgsBuildBuild -, nixosTests -, fuse # only needed for grub-mount -, runtimeShell -, zfs ? null -, efiSupport ? false -, zfsSupport ? false -, xenSupport ? false -, kbdcompSupport ? false, ckbcomp -}: - -let - pcSystems = { - i686-linux.target = "i386"; - x86_64-linux.target = "i386"; - }; - - efiSystemsBuild = { - i686-linux.target = "i386"; - x86_64-linux.target = "x86_64"; - armv7l-linux.target = "arm"; - aarch64-linux.target = "aarch64"; - riscv32-linux.target = "riscv32"; - riscv64-linux.target = "riscv64"; - }; - - # For aarch64, we need to use '--target=aarch64-efi' when building, - # but '--target=arm64-efi' when installing. Insanity! - efiSystemsInstall = { - i686-linux.target = "i386"; - x86_64-linux.target = "x86_64"; - armv7l-linux.target = "arm"; - aarch64-linux.target = "arm64"; - riscv32-linux.target = "riscv32"; - riscv64-linux.target = "riscv64"; - }; - - canEfi = lib.any (system: stdenv.hostPlatform.system == system) (lib.mapAttrsToList (name: _: name) efiSystemsBuild); - inPCSystems = lib.any (system: stdenv.hostPlatform.system == system) (lib.mapAttrsToList (name: _: name) pcSystems); - - version = "2.06"; - -in ( - -assert efiSupport -> canEfi; -assert zfsSupport -> zfs != null; -assert !(efiSupport && xenSupport); - -stdenv.mkDerivation rec { - pname = "grub"; - inherit version; - - src = fetchurl { - url = "mirror://gnu/grub/grub-${version}.tar.xz"; - sha256 = "sha256-t56kSvkbk9F80/6Ava5u1DdwZ4qaWuGSzOqAPrtlfuE="; - }; - - patches = [ - ./fix-bash-completion.patch - (fetchpatch { - name = "Add-hidden-menu-entries.patch"; - # https://lists.gnu.org/archive/html/grub-devel/2016-04/msg00089.html - url = "https://marc.info/?l=grub-devel&m=146193404929072&q=mbox"; - sha256 = "00wa1q5adiass6i0x7p98vynj9vsz1w0gn1g4dgz89v35mpyw2bi"; - }) - - # Pull upstream patch to fix linkage against binutils-2.36. - (fetchpatch { - name = "binutils-2.36.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=b98275138bf4fc250a1c362dfd2c8b1cf2421701"; - sha256 = "001m058bsl2pcb0ii84jfm5ias8zgzabrfy6k2cc9w6w1y51ii82"; - }) - # Properly handle multiple initrd paths in 30_os-prober - # Remove this patch once a new release is cut - (fetchpatch { - name = "Properly-handle-multiple-initrd-paths-in-os-prober.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=000b5cd04fd228f9741f5dca0491636bc0b89eb8"; - sha256 = "sha256-Mex3qQ0lW7ZCv7ZI7MSSqbylJXZ5RTbR4Pv1+CJ0ciM="; - }) - - # Upstreamed patches for flicker-free boot - # Remove these patches once a new release is cut - (fetchpatch { - # term/efi/console: Do not set colorstate until the first text output - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=9381dbe045b39bd9395c9ab4276d95b4041ec9fb"; - sha256 = "sha256-ZFq/PdCYo6aRySZRAfZARO8BmXwGgqeXz+9uNgNJEO8="; - }) - (fetchpatch { - # term/efi/console: Do not set cursor until the first text output - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=7c316e18301e101e4dcd8abe88c0bed0b1b78857"; - sha256 = "sha256-WJiK7MqmdStzq77vIDsO60Fu7i9LE/jDYzF4E9FXb7c="; - }) - (fetchpatch { - # normal/menu: Don't show "Booting `%s'" msg when auto-booting with TIMEOUT_STYLE_HIDDEN - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=5bb4f2b7d665c84bde402d1a528b652a61753380"; - sha256 = "sha256-lwJPPyq6yj7X1C2RuHfxnwKKstFkWGxcMXuSQqd9Z4I="; - }) - (fetchpatch { - # kern/main: Suppress the "Welcome to GRUB!" message in EFI builds - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=3e4cbbeca0ef35097301a1086f85fd0d119e64aa"; - sha256 = "sha256-cQX4x9V5Y7SU9WACn5FzDjukL2/StAUMMoHY/DRHq+g="; - }) - - (fetchpatch { - name = "CVE-2021-3981.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=0adec29674561034771c13e446069b41ef41e4d4"; - sha256 = "sha256-3vkvWjcSv0hyY2EX3ig2EXEe+XLiRsXYlcd5kpY4wXw="; - }) - # June 2022 security patches - # https://lists.gnu.org/archive/html/grub-devel/2022-06/msg00035.html - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.1.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1469983ebb9674753ad333d37087fb8cb20e1dce"; - sha256 = "sha256-oB4S0jvIXsDPcjIz1E2LKm7gwdvZjywuI1j0P6JQdJg="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.2.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=14ceb3b3ff6db664649138442b6562c114dcf56e"; - sha256 = "sha256-mKe8gzd0U4PbV8z3TWCdvv7UugEgYaVIkB4dyMrSGEE="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.3.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=04c86e0bb7b58fc2f913f798cdb18934933e532d"; - sha256 = "sha256-sA+PTlk4hwYOVKRZBHkEskabzmsf47Hi4h3mzWOFjwM="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.4.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=6fe755c5c07bb386fda58306bfd19e4a1c974c53"; - sha256 = "sha256-8zmFocUfnjSyhYitUFDHoilHDnm1NJmhcKwO9dueV3k="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.5.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=f1ce0e15e70ea1aafcfa26ad93e7585f65783c6f"; - sha256 = "sha256-Wrlam6CRPUAHbKqe/X1YLcRxJ2LQTtmQ/Y66gxUlqK4="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.6.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=5bff31cdb6b93d738f850834e6291df1d0b136fa"; - sha256 = "sha256-ReLWSePXjRweymsVAL/uoBgYMWt9vRDcY3iXlDNZT0w="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.7.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=347880a13c239b4c2811c94c9a7cf78b607332e3"; - sha256 = "sha256-07hpHuJFw95xGoJ/6ej7i6HlCFb2QRxP3arvRjKW4uU="; - }) - ## Needed to apply patch 8 - (fetchpatch { - name = "video-remove-trailing-whitespaces.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1f48917d8ddb490dcdc70176e0f58136b7f7811a"; - sha256 = "sha256-/yf/LGpwYcQ36KITzmiFfg4BvhcApKbrlFzjKK8V2kI="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.8.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=e623866d9286410156e8b9d2c82d6253a1b22d08"; - sha256 = "sha256-zFxP6JY5Q9s3yJHdkbZ2w+dXFKeOCXjFnQKadB5HLCg="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.9.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=210245129c932dc9e1c2748d9d35524fb95b5042"; - sha256 = "sha256-FyZhdTlcRVmn7X2hv93RhWP7NOoEMb7ib/DWveyz3Ew="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.10.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=690bee69fae6b4bd911293d6b7e56774e29fdf64"; - sha256 = "sha256-nOAXxebCW/s5M6sjPKdSdx47/PcH1lc0yYT0flVwoC8="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.11.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=d5caac8ab79d068ad9a41030c772d03a4d4fbd7b"; - sha256 = "sha256-9fGJJkgZ6+E01MJqVTR1qFITx9EAx41Hv9QNfdqBgu0="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.12.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=768ef2199e0265cf455b154f1a80a612f02274c8"; - sha256 = "sha256-2/JJJux5vqXUc77bi3aXRy8NclbvyD/0e6UN8/6Ui3c="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.13.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=166a4d61448f74745afe1dac2f2cfb85d04909bf"; - sha256 = "sha256-XxTZ8P8qr4qEXELdHwaRACPeIZ/iixlATLB5RvVQsC8="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.14.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6"; - sha256 = "sha256-bzB2gmGvWR2ylvMw779KQ/VHBBMsDNbG96eg9qQlljA="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.15.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=830a9628b2c9e1b6388af624aaf4a80818ed6be0"; - sha256 = "sha256-8fna2VbbUw8zBx77osaOOHlZFgRrHqwQK87RoUtCF6w="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.16.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=3e4817538de828319ba6d59ced2fbb9b5ca13287"; - sha256 = "sha256-iCZAyRS/a15x5aJCJBYl9nw6Hc3WRCUG7zF5V+OwDKg="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.17.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=f407e34f3871a4c402bbd516e7c28ea193cef1b7"; - sha256 = "sha256-S45cLZNTWapAodKudUz2fMjnPsW6vbtNz0bIvIBGmu4="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.18.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=c1b7eef9fa4aaefbf7d0507505c3bb2914e1ad6b"; - sha256 = "sha256-TWPfEAOePwC77yiVdsTSZIjfsMp7+0XabCz9K3FlV7w="; - }) - ## Needed to apply patch 19 - (fetchpatch { - name = "net-remove-trailing-whitespaces.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=e453a4a64392a41bc7b37f890aceb358112d1687"; - sha256 = "sha256-JCbUB77Y6js5u99uJ9StDxNjjahNy4nO3crK8/GvmPY="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.19.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=96abf4fb9d829f4a405d5df39bc74bbccbd0e322"; - sha256 = "sha256-6E2MKO5kauFA1TA8YkUgIUusniwHS2Sr44A/a7ZqDCo="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.20.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=ee9652031491326736714a988fbbaeab8ef9255c"; - sha256 = "sha256-E21q+Mj+JBQlUW0pe4zbaoL3ErXmCanyizwAsRYYZHk="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.21.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=8f287c3e13da2bf82049e2e464eca7ca4fef0a85"; - sha256 = "sha256-dZ24RwYsHeUrMuiU7PDgPcw+iK9cOd6q+E0xWXbtTkE="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.22.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=dad94fffe14be476df5f34a8e5a90ea62a41fe12"; - sha256 = "sha256-06TyTEvSy19dsnXZZoKBGx7ymJVWogr0NorzLflEwY4="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.23.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=ec6bfd3237394c1c7dbf2fd73417173318d22f4b"; - sha256 = "sha256-NryxSekO8oSxsnv5G9mFZExm4Pwfc778mslyUDuDhlM="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.24.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4"; - sha256 = "sha256-fSH3cxl/76DwkE8dHSR9uao9Vf1sJrhz7SmUSgDNodI="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.25.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=4bd9877f62166b7e369773ab92fe24a39f6515f8"; - sha256 = "sha256-VMtR/sF8F1BMKmJ06ZZEPNH/+l0RySy/E6lVWdCyFKE="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.26.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=deae293f399dde3773cf37dfa9b77ca7e04ef772"; - sha256 = "sha256-sCC3KE9adavw7jHMTVlxtyuwDFCPRDqT24H3AKUYf68="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.27.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=e40b83335bb33d9a2d1c06cc269875b3b3d6c539"; - sha256 = "sha256-cviCfBkzacAtnHGW87RLshhduE4Ym/v2Vq4h/sZDmZg="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.28.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=11e1cffb7e2492ddac4ab8d19ce466783adbb957"; - sha256 = "sha256-I1feoneVeU3XkscKfVprWWJfLUnrc5oauMXYDyDxo5M="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.29.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=13dce204cf6f3f0f49c9949971052a4c9657c0c0"; - sha256 = "sha256-DzFHxgR9A8FNZ/y9OMeBvTp1K6J5ePyL06dhHQmk7Ik="; - }) - (fetchpatch { - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.30.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=2f4430cc0a44fd8c8aa7aee5c51887667ad3d6c3"; - sha256 = "sha256-AufP/10/auO4NMjYQ7yPDDbYShwGaktyQtqJx2Jasz8="; - }) - # October 2022 security patches - # https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html - (fetchpatch { - name = "CVE-2022-2601.CVE-2022-3775.1.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=f6b6236077f059e64ee315f2d7acb8fa4eda87c5"; - sha256 = "sha256-pk02iVf/u6CdsVjl8HaFBh0Bt473ZQzz5zBp9SoBLtE="; - }) - (fetchpatch { - name = "CVE-2022-2601.CVE-2022-3775.2.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=9c76ec09ae08155df27cd237eaea150b4f02f532"; - sha256 = "sha256-axbEOH5WFkUroGna2XY1f2kq7+B1Cs6LiubIA2EBdiM="; - }) - (fetchpatch { - name = "CVE-2022-2601.CVE-2022-3775.3.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e"; - sha256 = "sha256-aKDUVS/Yx1c87NCrt4EG8BlSpkHijUyAJIwbmtzNjD8="; - }) - (fetchpatch { - name = "CVE-2022-2601.CVE-2022-3775.4.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=c51292274ded3259eb04c2f1c8d253ffbdb5216a"; - sha256 = "sha256-OLNOKuAJuHy2MBMnU2xcYM7AaxmDk9fchXhggoDrxJU="; - }) - (fetchpatch { - name = "CVE-2022-2601.CVE-2022-3775.5.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=23843fe8947e4da955a05ad3d1858725bfcb56c8"; - sha256 = "sha256-ptn00nqVJlEb1c6HhoMy9nrBuctH077LM4yXKsK47gc="; - }) - (fetchpatch { - name = "CVE-2022-2601.CVE-2022-3775.6.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=b9396daf1c2e3cdc0a1e69b056852e0769fb24de"; - sha256 = "sha256-K7XNneDZjLpZh/C908+5uYsB/0oIdgQqmk0yJrdQLG4="; - }) - (fetchpatch { - name = "CVE-2022-2601.CVE-2022-3775.7.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1d2015598cc7a9fca4b39186273e3519a88e80c7"; - sha256 = "sha256-s4pZtszH4b/0u85rpzVapZmNQdYEq/wW06SQ3PW/1aU="; - }) - (fetchpatch { - name = "CVE-2022-2601.CVE-2022-3775.8.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=93a786a00163e50c29f0394df198518617e1c9a5"; - sha256 = "sha256-R8x557RMAxJ0ZV2jb6zDmwOPVlk6875q37fNpqKsPT0="; - }) - (fetchpatch { - name = "CVE-2022-2601.CVE-2022-3775.9.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1eac01c147b4d85d2ec4a7e5671fa4345f2e8549"; - sha256 = "sha256-eOnhmU3pT5cCVnNHcY/BzDjldfs7yh/OGsxa15tGv94="; - }) - (fetchpatch { - name = "CVE-2022-2601.CVE-2022-3775.10.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=992c06191babc1e109caf40d6a07ec6fdef427af"; - sha256 = "sha256-kezNKPcLmFXwyZbXtJbaPTIbE8tijmHIzdC2jsKwrNk="; - }) - (fetchpatch { - name = "CVE-2022-2601.CVE-2022-3775.11.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=9d81f71c6b8f55cf20cd56f5fe29c759df9b48cc"; - sha256 = "sha256-jnniVGy4KvFGFmcOP2YLA46k3cK8vwoByo19ismVUzE="; - }) - (fetchpatch { - name = "CVE-2022-2601.CVE-2022-3775.12.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=22b77b87e10a3a6c9bb9885415bc9a9c678378e6"; - sha256 = "sha256-iYTEqN5997I7MVIg82jt/bbEAYhcgq8fNRCNPpY9ze0="; - }) - (fetchpatch { - name = "CVE-2022-2601.CVE-2022-3775.13.patch"; - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1514678888595ef41a968a0c69b7ff769edd1e9c"; - sha256 = "sha256-tgAEoAtaNKJjscjMFkXXiVn59Pa4c+NiQ3iVW6CMrpo="; - }) - ]; - - postPatch = if kbdcompSupport then '' - sed -i util/grub-kbdcomp.in -e 's@\bckbcomp\b@${ckbcomp}/bin/ckbcomp@' - '' else '' - echo '#! ${runtimeShell}' > util/grub-kbdcomp.in - echo 'echo "Compile grub2 with { kbdcompSupport = true; } to enable support for this command."' >> util/grub-kbdcomp.in - ''; - - depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ bison flex python3 pkg-config gettext freetype autoreconfHook ]; - buildInputs = [ ncurses libusb-compat-0_1 freetype lvm2 fuse libtool bash ] - ++ lib.optional doCheck qemu - ++ lib.optional zfsSupport zfs; - - strictDeps = true; - - hardeningDisable = [ "all" ]; - - separateDebugInfo = !xenSupport; - - # Work around a bug in the generated flex lexer (upstream flex bug?) - env.NIX_CFLAGS_COMPILE = "-Wno-error"; - - preConfigure = - '' for i in "tests/util/"*.in - do - sed -i "$i" -e's|/bin/bash|${stdenv.shell}|g' - done - - # Apparently, the QEMU executable is no longer called - # `qemu-system-i386', even on i386. - # - # In addition, use `-nodefaults' to avoid errors like: - # - # chardev: opening backend "stdio" failed - # qemu: could not open serial device 'stdio': Invalid argument - # - # See . - sed -i "tests/util/grub-shell.in" \ - -e's/qemu-system-i386/qemu-system-x86_64 -nodefaults/g' - - unset CPP # setting CPP intereferes with dependency calculation - - patchShebangs . - - substituteInPlace ./configure --replace '/usr/share/fonts/unifont' '${unifont}/share/fonts' - ''; - - configureFlags = [ - "--enable-grub-mount" # dep of os-prober - ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ - # grub doesn't do cross-compilation as usual and tries to use unprefixed - # tools to target the host. Provide toolchain information explicitly for - # cross builds. - # - # Ref: # https://github.com/buildroot/buildroot/blob/master/boot/grub2/grub2.mk#L108 - "TARGET_CC=${stdenv.cc.targetPrefix}cc" - "TARGET_NM=${stdenv.cc.targetPrefix}nm" - "TARGET_OBJCOPY=${stdenv.cc.targetPrefix}objcopy" - "TARGET_RANLIB=${stdenv.cc.targetPrefix}ranlib" - "TARGET_STRIP=${stdenv.cc.targetPrefix}strip" - ] ++ lib.optional zfsSupport "--enable-libzfs" - ++ lib.optionals efiSupport [ "--with-platform=efi" "--target=${efiSystemsBuild.${stdenv.hostPlatform.system}.target}" "--program-prefix=" ] - ++ lib.optionals xenSupport [ "--with-platform=xen" "--target=${efiSystemsBuild.${stdenv.hostPlatform.system}.target}"]; - - # save target that grub is compiled for - grubTarget = if efiSupport - then "${efiSystemsInstall.${stdenv.hostPlatform.system}.target}-efi" - else lib.optionalString inPCSystems "${pcSystems.${stdenv.hostPlatform.system}.target}-pc"; - - doCheck = false; - enableParallelBuilding = true; - - postInstall = '' - # Avoid a runtime reference to gcc - sed -i $out/lib/grub/*/modinfo.sh -e "/grub_target_cppflags=/ s|'.*'|' '|" - # just adding bash to buildInputs wasn't enough to fix the shebang - substituteInPlace $out/lib/grub/*/modinfo.sh \ - --replace ${buildPackages.bash} "/usr/bin/bash" - ''; - - passthru.tests = { - nixos-grub = nixosTests.grub; - nixos-install-simple = nixosTests.installer.simple; - nixos-install-grub1 = nixosTests.installer.grub1; - nixos-install-grub-uefi = nixosTests.installer.simpleUefiGrub; - nixos-install-grub-uefi-spec = nixosTests.installer.simpleUefiGrubSpecialisation; - }; - - meta = with lib; { - description = "GNU GRUB, the Grand Unified Boot Loader (2.x beta)"; - - longDescription = - '' GNU GRUB is a Multiboot boot loader. It was derived from GRUB, GRand - Unified Bootloader, which was originally designed and implemented by - Erich Stefan Boleyn. - - Briefly, the boot loader is the first software program that runs when a - computer starts. It is responsible for loading and transferring - control to the operating system kernel software (such as the Hurd or - the Linux). The kernel, in turn, initializes the rest of the - operating system (e.g., GNU). - ''; - - homepage = "https://www.gnu.org/software/grub/"; - - license = licenses.gpl3Plus; - - platforms = platforms.gnu ++ platforms.linux; - - maintainers = [ maintainers.samueldr ]; - }; -}) diff --git a/pkgs/tools/misc/grub/buggybios.patch b/pkgs/tools/misc/grub/buggybios.patch deleted file mode 100644 index 1453a8adaa00..000000000000 --- a/pkgs/tools/misc/grub/buggybios.patch +++ /dev/null @@ -1,11 +0,0 @@ -Taken from: http://savannah.gnu.org/bugs/?func=detailitem&item_id=10433 ---- grub-0.95.orig/stage2/bios.c 2004-03-27 17:34:04.000000000 +0100 -+++ grub-0.95/stage2/bios.c 2005-03-02 01:02:29.192582200 +0100 -@@ -147,6 +147,7 @@ - grub_memset (&cdrp, 0, sizeof (cdrp)); - cdrp.size = sizeof (cdrp) - sizeof (cdrp.dummy); - err = biosdisk_int13_extensions (0x4B01, drive, &cdrp); -+ err = 0; /* really ugly hack to circumvent faulty BIOS versions like Acer 292LMi */ - if (! err && cdrp.drive_no == drive) - { - if ((cdrp.media_type & 0x0F) == 0) diff --git a/pkgs/tools/misc/grub/default.nix b/pkgs/tools/misc/grub/default.nix index bf66a467620d..6020b38b8e09 100644 --- a/pkgs/tools/misc/grub/default.nix +++ b/pkgs/tools/misc/grub/default.nix @@ -1,40 +1,456 @@ -{ lib, stdenv, fetchurl, autoreconfHook, texinfo, buggyBiosCDSupport ? true }: +{ lib, stdenv, fetchurl, flex, bison, python3, autoreconfHook, gnulib, libtool, bash +, gettext, ncurses, libusb-compat-0_1, freetype, qemu, lvm2, unifont, pkg-config +, buildPackages +, fetchpatch +, pkgsBuildBuild +, nixosTests +, fuse # only needed for grub-mount +, runtimeShell +, zfs ? null +, efiSupport ? false +, zfsSupport ? false +, xenSupport ? false +, kbdcompSupport ? false, ckbcomp +}: + +let + pcSystems = { + i686-linux.target = "i386"; + x86_64-linux.target = "i386"; + }; + + efiSystemsBuild = { + i686-linux.target = "i386"; + x86_64-linux.target = "x86_64"; + armv7l-linux.target = "arm"; + aarch64-linux.target = "aarch64"; + riscv32-linux.target = "riscv32"; + riscv64-linux.target = "riscv64"; + }; + + # For aarch64, we need to use '--target=aarch64-efi' when building, + # but '--target=arm64-efi' when installing. Insanity! + efiSystemsInstall = { + i686-linux.target = "i386"; + x86_64-linux.target = "x86_64"; + armv7l-linux.target = "arm"; + aarch64-linux.target = "arm64"; + riscv32-linux.target = "riscv32"; + riscv64-linux.target = "riscv64"; + }; + + canEfi = lib.any (system: stdenv.hostPlatform.system == system) (lib.mapAttrsToList (name: _: name) efiSystemsBuild); + inPCSystems = lib.any (system: stdenv.hostPlatform.system == system) (lib.mapAttrsToList (name: _: name) pcSystems); + + version = "2.06"; + +in ( + +assert efiSupport -> canEfi; +assert zfsSupport -> zfs != null; +assert !(efiSupport && xenSupport); stdenv.mkDerivation rec { pname = "grub"; - version = "0.97-73"; + inherit version; src = fetchurl { - url = "https://alpha.gnu.org/gnu/grub/grub-${lib.versions.majorMinor version}.tar.gz"; - sha256 = "02r6b52r0nsp6ryqfiqchnl7r1d9smm80sqx24494gmx5p8ia7af"; + url = "mirror://gnu/grub/grub-${version}.tar.xz"; + sha256 = "sha256-t56kSvkbk9F80/6Ava5u1DdwZ4qaWuGSzOqAPrtlfuE="; }; patches = [ - # Properly handle the case of symlinks such as - # /dev/disk/by-label/bla. The symlink resolution code in - # grub-install isn't smart enough. - ./symlink.patch - ] - ++ (lib.optional buggyBiosCDSupport ./buggybios.patch) - ++ map fetchurl (import ./grub1.patches.nix) - ; + ./fix-bash-completion.patch + (fetchpatch { + name = "Add-hidden-menu-entries.patch"; + # https://lists.gnu.org/archive/html/grub-devel/2016-04/msg00089.html + url = "https://marc.info/?l=grub-devel&m=146193404929072&q=mbox"; + sha256 = "00wa1q5adiass6i0x7p98vynj9vsz1w0gn1g4dgz89v35mpyw2bi"; + }) - preConfigure = '' - substituteInPlace ./configure.ac --replace 'AC_PREREQ(2.61)' 'AC_PREREQ(2.64)' + # Pull upstream patch to fix linkage against binutils-2.36. + (fetchpatch { + name = "binutils-2.36.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=b98275138bf4fc250a1c362dfd2c8b1cf2421701"; + sha256 = "001m058bsl2pcb0ii84jfm5ias8zgzabrfy6k2cc9w6w1y51ii82"; + }) + # Properly handle multiple initrd paths in 30_os-prober + # Remove this patch once a new release is cut + (fetchpatch { + name = "Properly-handle-multiple-initrd-paths-in-os-prober.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=000b5cd04fd228f9741f5dca0491636bc0b89eb8"; + sha256 = "sha256-Mex3qQ0lW7ZCv7ZI7MSSqbylJXZ5RTbR4Pv1+CJ0ciM="; + }) + + # Upstreamed patches for flicker-free boot + # Remove these patches once a new release is cut + (fetchpatch { + # term/efi/console: Do not set colorstate until the first text output + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=9381dbe045b39bd9395c9ab4276d95b4041ec9fb"; + sha256 = "sha256-ZFq/PdCYo6aRySZRAfZARO8BmXwGgqeXz+9uNgNJEO8="; + }) + (fetchpatch { + # term/efi/console: Do not set cursor until the first text output + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=7c316e18301e101e4dcd8abe88c0bed0b1b78857"; + sha256 = "sha256-WJiK7MqmdStzq77vIDsO60Fu7i9LE/jDYzF4E9FXb7c="; + }) + (fetchpatch { + # normal/menu: Don't show "Booting `%s'" msg when auto-booting with TIMEOUT_STYLE_HIDDEN + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=5bb4f2b7d665c84bde402d1a528b652a61753380"; + sha256 = "sha256-lwJPPyq6yj7X1C2RuHfxnwKKstFkWGxcMXuSQqd9Z4I="; + }) + (fetchpatch { + # kern/main: Suppress the "Welcome to GRUB!" message in EFI builds + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=3e4cbbeca0ef35097301a1086f85fd0d119e64aa"; + sha256 = "sha256-cQX4x9V5Y7SU9WACn5FzDjukL2/StAUMMoHY/DRHq+g="; + }) + + (fetchpatch { + name = "CVE-2021-3981.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=0adec29674561034771c13e446069b41ef41e4d4"; + sha256 = "sha256-3vkvWjcSv0hyY2EX3ig2EXEe+XLiRsXYlcd5kpY4wXw="; + }) + # June 2022 security patches + # https://lists.gnu.org/archive/html/grub-devel/2022-06/msg00035.html + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.1.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1469983ebb9674753ad333d37087fb8cb20e1dce"; + sha256 = "sha256-oB4S0jvIXsDPcjIz1E2LKm7gwdvZjywuI1j0P6JQdJg="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.2.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=14ceb3b3ff6db664649138442b6562c114dcf56e"; + sha256 = "sha256-mKe8gzd0U4PbV8z3TWCdvv7UugEgYaVIkB4dyMrSGEE="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.3.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=04c86e0bb7b58fc2f913f798cdb18934933e532d"; + sha256 = "sha256-sA+PTlk4hwYOVKRZBHkEskabzmsf47Hi4h3mzWOFjwM="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.4.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=6fe755c5c07bb386fda58306bfd19e4a1c974c53"; + sha256 = "sha256-8zmFocUfnjSyhYitUFDHoilHDnm1NJmhcKwO9dueV3k="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.5.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=f1ce0e15e70ea1aafcfa26ad93e7585f65783c6f"; + sha256 = "sha256-Wrlam6CRPUAHbKqe/X1YLcRxJ2LQTtmQ/Y66gxUlqK4="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.6.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=5bff31cdb6b93d738f850834e6291df1d0b136fa"; + sha256 = "sha256-ReLWSePXjRweymsVAL/uoBgYMWt9vRDcY3iXlDNZT0w="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.7.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=347880a13c239b4c2811c94c9a7cf78b607332e3"; + sha256 = "sha256-07hpHuJFw95xGoJ/6ej7i6HlCFb2QRxP3arvRjKW4uU="; + }) + ## Needed to apply patch 8 + (fetchpatch { + name = "video-remove-trailing-whitespaces.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1f48917d8ddb490dcdc70176e0f58136b7f7811a"; + sha256 = "sha256-/yf/LGpwYcQ36KITzmiFfg4BvhcApKbrlFzjKK8V2kI="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.8.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=e623866d9286410156e8b9d2c82d6253a1b22d08"; + sha256 = "sha256-zFxP6JY5Q9s3yJHdkbZ2w+dXFKeOCXjFnQKadB5HLCg="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.9.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=210245129c932dc9e1c2748d9d35524fb95b5042"; + sha256 = "sha256-FyZhdTlcRVmn7X2hv93RhWP7NOoEMb7ib/DWveyz3Ew="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.10.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=690bee69fae6b4bd911293d6b7e56774e29fdf64"; + sha256 = "sha256-nOAXxebCW/s5M6sjPKdSdx47/PcH1lc0yYT0flVwoC8="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.11.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=d5caac8ab79d068ad9a41030c772d03a4d4fbd7b"; + sha256 = "sha256-9fGJJkgZ6+E01MJqVTR1qFITx9EAx41Hv9QNfdqBgu0="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.12.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=768ef2199e0265cf455b154f1a80a612f02274c8"; + sha256 = "sha256-2/JJJux5vqXUc77bi3aXRy8NclbvyD/0e6UN8/6Ui3c="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.13.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=166a4d61448f74745afe1dac2f2cfb85d04909bf"; + sha256 = "sha256-XxTZ8P8qr4qEXELdHwaRACPeIZ/iixlATLB5RvVQsC8="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.14.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6"; + sha256 = "sha256-bzB2gmGvWR2ylvMw779KQ/VHBBMsDNbG96eg9qQlljA="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.15.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=830a9628b2c9e1b6388af624aaf4a80818ed6be0"; + sha256 = "sha256-8fna2VbbUw8zBx77osaOOHlZFgRrHqwQK87RoUtCF6w="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.16.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=3e4817538de828319ba6d59ced2fbb9b5ca13287"; + sha256 = "sha256-iCZAyRS/a15x5aJCJBYl9nw6Hc3WRCUG7zF5V+OwDKg="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.17.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=f407e34f3871a4c402bbd516e7c28ea193cef1b7"; + sha256 = "sha256-S45cLZNTWapAodKudUz2fMjnPsW6vbtNz0bIvIBGmu4="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.18.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=c1b7eef9fa4aaefbf7d0507505c3bb2914e1ad6b"; + sha256 = "sha256-TWPfEAOePwC77yiVdsTSZIjfsMp7+0XabCz9K3FlV7w="; + }) + ## Needed to apply patch 19 + (fetchpatch { + name = "net-remove-trailing-whitespaces.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=e453a4a64392a41bc7b37f890aceb358112d1687"; + sha256 = "sha256-JCbUB77Y6js5u99uJ9StDxNjjahNy4nO3crK8/GvmPY="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.19.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=96abf4fb9d829f4a405d5df39bc74bbccbd0e322"; + sha256 = "sha256-6E2MKO5kauFA1TA8YkUgIUusniwHS2Sr44A/a7ZqDCo="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.20.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=ee9652031491326736714a988fbbaeab8ef9255c"; + sha256 = "sha256-E21q+Mj+JBQlUW0pe4zbaoL3ErXmCanyizwAsRYYZHk="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.21.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=8f287c3e13da2bf82049e2e464eca7ca4fef0a85"; + sha256 = "sha256-dZ24RwYsHeUrMuiU7PDgPcw+iK9cOd6q+E0xWXbtTkE="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.22.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=dad94fffe14be476df5f34a8e5a90ea62a41fe12"; + sha256 = "sha256-06TyTEvSy19dsnXZZoKBGx7ymJVWogr0NorzLflEwY4="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.23.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=ec6bfd3237394c1c7dbf2fd73417173318d22f4b"; + sha256 = "sha256-NryxSekO8oSxsnv5G9mFZExm4Pwfc778mslyUDuDhlM="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.24.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4"; + sha256 = "sha256-fSH3cxl/76DwkE8dHSR9uao9Vf1sJrhz7SmUSgDNodI="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.25.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=4bd9877f62166b7e369773ab92fe24a39f6515f8"; + sha256 = "sha256-VMtR/sF8F1BMKmJ06ZZEPNH/+l0RySy/E6lVWdCyFKE="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.26.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=deae293f399dde3773cf37dfa9b77ca7e04ef772"; + sha256 = "sha256-sCC3KE9adavw7jHMTVlxtyuwDFCPRDqT24H3AKUYf68="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.27.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=e40b83335bb33d9a2d1c06cc269875b3b3d6c539"; + sha256 = "sha256-cviCfBkzacAtnHGW87RLshhduE4Ym/v2Vq4h/sZDmZg="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.28.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=11e1cffb7e2492ddac4ab8d19ce466783adbb957"; + sha256 = "sha256-I1feoneVeU3XkscKfVprWWJfLUnrc5oauMXYDyDxo5M="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.29.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=13dce204cf6f3f0f49c9949971052a4c9657c0c0"; + sha256 = "sha256-DzFHxgR9A8FNZ/y9OMeBvTp1K6J5ePyL06dhHQmk7Ik="; + }) + (fetchpatch { + name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.30.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=2f4430cc0a44fd8c8aa7aee5c51887667ad3d6c3"; + sha256 = "sha256-AufP/10/auO4NMjYQ7yPDDbYShwGaktyQtqJx2Jasz8="; + }) + # October 2022 security patches + # https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html + (fetchpatch { + name = "CVE-2022-2601.CVE-2022-3775.1.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=f6b6236077f059e64ee315f2d7acb8fa4eda87c5"; + sha256 = "sha256-pk02iVf/u6CdsVjl8HaFBh0Bt473ZQzz5zBp9SoBLtE="; + }) + (fetchpatch { + name = "CVE-2022-2601.CVE-2022-3775.2.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=9c76ec09ae08155df27cd237eaea150b4f02f532"; + sha256 = "sha256-axbEOH5WFkUroGna2XY1f2kq7+B1Cs6LiubIA2EBdiM="; + }) + (fetchpatch { + name = "CVE-2022-2601.CVE-2022-3775.3.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e"; + sha256 = "sha256-aKDUVS/Yx1c87NCrt4EG8BlSpkHijUyAJIwbmtzNjD8="; + }) + (fetchpatch { + name = "CVE-2022-2601.CVE-2022-3775.4.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=c51292274ded3259eb04c2f1c8d253ffbdb5216a"; + sha256 = "sha256-OLNOKuAJuHy2MBMnU2xcYM7AaxmDk9fchXhggoDrxJU="; + }) + (fetchpatch { + name = "CVE-2022-2601.CVE-2022-3775.5.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=23843fe8947e4da955a05ad3d1858725bfcb56c8"; + sha256 = "sha256-ptn00nqVJlEb1c6HhoMy9nrBuctH077LM4yXKsK47gc="; + }) + (fetchpatch { + name = "CVE-2022-2601.CVE-2022-3775.6.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=b9396daf1c2e3cdc0a1e69b056852e0769fb24de"; + sha256 = "sha256-K7XNneDZjLpZh/C908+5uYsB/0oIdgQqmk0yJrdQLG4="; + }) + (fetchpatch { + name = "CVE-2022-2601.CVE-2022-3775.7.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1d2015598cc7a9fca4b39186273e3519a88e80c7"; + sha256 = "sha256-s4pZtszH4b/0u85rpzVapZmNQdYEq/wW06SQ3PW/1aU="; + }) + (fetchpatch { + name = "CVE-2022-2601.CVE-2022-3775.8.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=93a786a00163e50c29f0394df198518617e1c9a5"; + sha256 = "sha256-R8x557RMAxJ0ZV2jb6zDmwOPVlk6875q37fNpqKsPT0="; + }) + (fetchpatch { + name = "CVE-2022-2601.CVE-2022-3775.9.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1eac01c147b4d85d2ec4a7e5671fa4345f2e8549"; + sha256 = "sha256-eOnhmU3pT5cCVnNHcY/BzDjldfs7yh/OGsxa15tGv94="; + }) + (fetchpatch { + name = "CVE-2022-2601.CVE-2022-3775.10.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=992c06191babc1e109caf40d6a07ec6fdef427af"; + sha256 = "sha256-kezNKPcLmFXwyZbXtJbaPTIbE8tijmHIzdC2jsKwrNk="; + }) + (fetchpatch { + name = "CVE-2022-2601.CVE-2022-3775.11.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=9d81f71c6b8f55cf20cd56f5fe29c759df9b48cc"; + sha256 = "sha256-jnniVGy4KvFGFmcOP2YLA46k3cK8vwoByo19ismVUzE="; + }) + (fetchpatch { + name = "CVE-2022-2601.CVE-2022-3775.12.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=22b77b87e10a3a6c9bb9885415bc9a9c678378e6"; + sha256 = "sha256-iYTEqN5997I7MVIg82jt/bbEAYhcgq8fNRCNPpY9ze0="; + }) + (fetchpatch { + name = "CVE-2022-2601.CVE-2022-3775.13.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1514678888595ef41a968a0c69b7ff769edd1e9c"; + sha256 = "sha256-tgAEoAtaNKJjscjMFkXXiVn59Pa4c+NiQ3iVW6CMrpo="; + }) + ]; + + postPatch = if kbdcompSupport then '' + sed -i util/grub-kbdcomp.in -e 's@\bckbcomp\b@${ckbcomp}/bin/ckbcomp@' + '' else '' + echo '#! ${runtimeShell}' > util/grub-kbdcomp.in + echo 'echo "Compile grub2 with { kbdcompSupport = true; } to enable support for this command."' >> util/grub-kbdcomp.in ''; - # autoreconfHook required for the splashimage patch. - nativeBuildInputs = [ autoreconfHook ]; - buildInputs = [ texinfo ]; + depsBuildBuild = [ buildPackages.stdenv.cc ]; + nativeBuildInputs = [ bison flex python3 pkg-config gettext freetype autoreconfHook ]; + buildInputs = [ ncurses libusb-compat-0_1 freetype lvm2 fuse libtool bash ] + ++ lib.optional doCheck qemu + ++ lib.optional zfsSupport zfs; - hardeningDisable = [ "format" "stackprotector" ]; + strictDeps = true; - passthru.grubTarget = ""; + hardeningDisable = [ "all" ]; + + separateDebugInfo = !xenSupport; + + # Work around a bug in the generated flex lexer (upstream flex bug?) + env.NIX_CFLAGS_COMPILE = "-Wno-error"; + + preConfigure = + '' for i in "tests/util/"*.in + do + sed -i "$i" -e's|/bin/bash|${stdenv.shell}|g' + done + + # Apparently, the QEMU executable is no longer called + # `qemu-system-i386', even on i386. + # + # In addition, use `-nodefaults' to avoid errors like: + # + # chardev: opening backend "stdio" failed + # qemu: could not open serial device 'stdio': Invalid argument + # + # See . + sed -i "tests/util/grub-shell.in" \ + -e's/qemu-system-i386/qemu-system-x86_64 -nodefaults/g' + + unset CPP # setting CPP intereferes with dependency calculation + + patchShebangs . + + substituteInPlace ./configure --replace '/usr/share/fonts/unifont' '${unifont}/share/fonts' + ''; + + configureFlags = [ + "--enable-grub-mount" # dep of os-prober + ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ + # grub doesn't do cross-compilation as usual and tries to use unprefixed + # tools to target the host. Provide toolchain information explicitly for + # cross builds. + # + # Ref: # https://github.com/buildroot/buildroot/blob/master/boot/grub2/grub2.mk#L108 + "TARGET_CC=${stdenv.cc.targetPrefix}cc" + "TARGET_NM=${stdenv.cc.targetPrefix}nm" + "TARGET_OBJCOPY=${stdenv.cc.targetPrefix}objcopy" + "TARGET_RANLIB=${stdenv.cc.targetPrefix}ranlib" + "TARGET_STRIP=${stdenv.cc.targetPrefix}strip" + ] ++ lib.optional zfsSupport "--enable-libzfs" + ++ lib.optionals efiSupport [ "--with-platform=efi" "--target=${efiSystemsBuild.${stdenv.hostPlatform.system}.target}" "--program-prefix=" ] + ++ lib.optionals xenSupport [ "--with-platform=xen" "--target=${efiSystemsBuild.${stdenv.hostPlatform.system}.target}"]; + + # save target that grub is compiled for + grubTarget = if efiSupport + then "${efiSystemsInstall.${stdenv.hostPlatform.system}.target}-efi" + else lib.optionalString inPCSystems "${pcSystems.${stdenv.hostPlatform.system}.target}-pc"; + + doCheck = false; + enableParallelBuilding = true; + + postInstall = '' + # Avoid a runtime reference to gcc + sed -i $out/lib/grub/*/modinfo.sh -e "/grub_target_cppflags=/ s|'.*'|' '|" + # just adding bash to buildInputs wasn't enough to fix the shebang + substituteInPlace $out/lib/grub/*/modinfo.sh \ + --replace ${buildPackages.bash} "/usr/bin/bash" + ''; + + passthru.tests = { + nixos-grub = nixosTests.grub; + nixos-install-simple = nixosTests.installer.simple; + nixos-install-grub-uefi = nixosTests.installer.simpleUefiGrub; + nixos-install-grub-uefi-spec = nixosTests.installer.simpleUefiGrubSpecialisation; + }; meta = with lib; { - homepage = "https://www.gnu.org/software/grub"; - description = "GRand Unified Bootloader"; - license = licenses.gpl2; - platforms = platforms.linux; + description = "GNU GRUB, the Grand Unified Boot Loader (2.x beta)"; + + longDescription = + '' GNU GRUB is a Multiboot boot loader. It was derived from GRUB, GRand + Unified Bootloader, which was originally designed and implemented by + Erich Stefan Boleyn. + + Briefly, the boot loader is the first software program that runs when a + computer starts. It is responsible for loading and transferring + control to the operating system kernel software (such as the Hurd or + the Linux). The kernel, in turn, initializes the rest of the + operating system (e.g., GNU). + ''; + + homepage = "https://www.gnu.org/software/grub/"; + + license = licenses.gpl3Plus; + + platforms = platforms.gnu ++ platforms.linux; + + maintainers = [ maintainers.samueldr ]; }; -} +}) diff --git a/pkgs/tools/misc/grub/grub1.patches.nix b/pkgs/tools/misc/grub/grub1.patches.nix deleted file mode 100644 index 5ee8722b5eca..000000000000 --- a/pkgs/tools/misc/grub/grub1.patches.nix +++ /dev/null @@ -1,34 +0,0 @@ -# Generated by grub1-patches.sh -let - prefix = "https://salsa.debian.org/grub-team/grub-legacy/raw/1dad5507d74ef97fdd3c6cf2a028084f6f2850c3/debian/patches"; -in -[ -{ url = "${prefix}/snapshot.patch"; sha256 = "0ixymrn5w1dq0kkxnzdjwwvhjchgyrlivfvnrfncxcv30v84xzna"; } -{ url = "${prefix}/menu.lst_gnu-hurd.patch"; sha256 = "0mz8dvgmxlyrl28dza1ncfq1xipihxgymw4aw688bgg7xxmw7jbs"; } -{ url = "${prefix}/graphics.patch"; sha256 = "1v9kp832f3rhncfdrd28djhw0zfrznfmiadch33mclnkcxprcqcs"; } -{ url = "${prefix}/raid.patch"; sha256 = "0cq6dz5s7m48g76frvbf296bv4pvqkxqcbydsvs43ymqdsary7hj"; } -{ url = "${prefix}/raid_cciss.patch"; sha256 = "0sy5xvzjsllgbn26nykkq4b69lp1fcwjkjs2kmxq38sk3dzadjfl"; } -{ url = "${prefix}/xfs_freeze.patch"; sha256 = "1wqgj8ar4x4zwa37bj4a7kldiz5v92msigy3cv879nnk6sz4rmhg"; } -{ url = "${prefix}/2gb_limit.patch"; sha256 = "06f9lfl4va3alz87wzli0df5ay0xxlqj2akr2dcay6jr27z6ks29"; } -{ url = "${prefix}/grub-special_device_names.patch"; sha256 = "098608xh20sqdjqf42fm2z23r8xd9ify1v0vmy1j9qhrhk3g9qyz"; } -{ url = "${prefix}/grub-xvd_drives.patch"; sha256 = "13k0m1c1w5d1d4qd1bshjc8kp7qba4agk2j64gb7mg8vfzjd35bj"; } -{ url = "${prefix}/initrd_max_address.patch"; sha256 = "05q90rxdnyncpanhbkrknshkk7g8ff4v8fpk7wj4sg8666d9llg3"; } -{ url = "${prefix}/splashimage_help.patch"; sha256 = "1lj3xh56wf1pdcf0fg585vmggrz7qqfzbhg91qv0rf4snf3ybfvr"; } -{ url = "${prefix}/grub-install_addsyncs.patch"; sha256 = "1dzcpxi806kw3j8mx4amyy4ibc0ir3qhqyyyxz3w43741p351r65"; } -{ url = "${prefix}/grub-install_regexp.patch"; sha256 = "0ph9lb63x858019c25aa3fpsm8rzn00ad8fp88yqqvq0xq2jxq69"; } -{ url = "${prefix}/grub-install_aoe_support.patch"; sha256 = "19szmvg13h2hhijrwbgdszldg26iz7vjnagvajxb7nav7vca6k3n"; } -{ url = "${prefix}/grub-install_xvd.patch"; sha256 = "1cgh731nhs0chj2r2dzh5dcfj5xmap34i3fk0i0aq59j83cwflgz"; } -{ url = "${prefix}/geometry-26kernel.patch"; sha256 = "01vka7jrxrwlj9m1d6schygyh964a3k1rdrm3j9x910xkz74i13n"; } -{ url = "${prefix}/print_func.patch"; sha256 = "0dvrcy1i58fgrv2x1qniqfr5az9b834hm5l94k0cy8ii2nfvk27g"; } -{ url = "${prefix}/mprotect.patch"; sha256 = "0ahgnhgw2b86j024ajs6m3h2fy2shqdssjzz0ahk8ny9f4mnvns6"; } -{ url = "${prefix}/savedefault.patch"; sha256 = "1l6x1s9mxkrf3k4j9dpg7qhvrk816vs70sw073iiisvqspnrz2j3"; } -{ url = "${prefix}/find-grub-dir.patch"; sha256 = "1vkgig4dylji03jflwikhap87lz8l470ck1bhmcy8jh0slg6ndbf"; } -{ url = "${prefix}/intelmac.patch"; sha256 = "04l9mk9xm9ml8vdlpbv3qbj7gbaa0g5k4dl7xp8wm7kmqwxd9l3m"; } -{ url = "${prefix}/crossreference_manpages.patch"; sha256 = "0kd12ck4s4bg414fmllgvq8n4b58i3kgdhmcx6riaz43gg2g2b9p"; } -{ url = "${prefix}/ext3_256byte_inode.patch"; sha256 = "0ay9svbdj7mw8p1ld0iiryg6nhd9hc1xpmr9rqg9990xzmg2h4pi"; } -{ url = "${prefix}/objcopy-absolute.patch"; sha256 = "0hkmicjli7bsmc56kr40ls21v6x3yd188xpwc08dvqxnb0763077"; } -{ url = "${prefix}/no-reorder-functions.patch"; sha256 = "0gmv0nzkqim2901hd0an90kwnr83155qp2zjp52biznad2p415gw"; } -{ url = "${prefix}/modern-automake.patch"; sha256 = "08l3y6cbk6gfj63kpqlpzrlain7nmvki7jjjxq86n7himj078znj"; } -{ url = "${prefix}/no-combine-stack-adjustments.patch"; sha256 = "0h4di8zja0rg45rs02x9qm8q1vxly1bcl6ms08wgdl5ywn6849nr"; } -{ url = "${prefix}/no-pie.patch"; sha256 = "0kshdsclza7lsd31apd28qq04arv42nd6wsj2v6q6jx7f8bgdaqw"; } -] diff --git a/pkgs/tools/misc/grub/grub1.patches.sh b/pkgs/tools/misc/grub/grub1.patches.sh deleted file mode 100755 index a7db25afb64f..000000000000 --- a/pkgs/tools/misc/grub/grub1.patches.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/usr/bin/env nix-shell -#!nix-shell -p nix -i bash --pure - -# Does like `maintainers/scripts/debian-patches.sh`, but specialized for -# grub1 patches, and using the new salsa service. - -# Most common usage: `pkgs/tools/misc/grub/grub1.patches.sh pkgs/tools/misc/grub/grub1.patches.nix` -# That is, after updating the script with the new list from the series file, -# removing (by commenting) patches as required. - -set -e -set -u - -# https://salsa.debian.org/grub-team/grub-legacy/tree/master/debian/patches -SERIES=( - snapshot.patch - menu.lst_gnu-hurd.patch - graphics.patch - raid.patch - raid_cciss.patch - xfs_freeze.patch - 2gb_limit.patch - grub-special_device_names.patch - grub-xvd_drives.patch - initrd_max_address.patch - splashimage_help.patch - grub-install_addsyncs.patch - grub-install_regexp.patch - grub-install_aoe_support.patch - grub-install_xvd.patch - geometry-26kernel.patch - print_func.patch - mprotect.patch - savedefault.patch - find-grub-dir.patch - intelmac.patch - crossreference_manpages.patch - ext3_256byte_inode.patch - # Breaks on NixOS. - #use_grub-probe_in_grub-install.patch - objcopy-absolute.patch - no-reorder-functions.patch - - # We aren't building amd64 binaries, see #244498 - #fix_amd64_compile.patch - modern-automake.patch - no-combine-stack-adjustments.patch - no-pie.patch -) - -# Revision mapping to current tip of the 0.97-73 branch. -rev="1dad5507d74ef97fdd3c6cf2a028084f6f2850c3" -prefix="https://salsa.debian.org/grub-team/grub-legacy/raw/${rev}/debian/patches" -FILE="$1" -shift - -cat < "$FILE" -# Generated by grub1-patches.sh -let - prefix = "${prefix}"; -in -[ -EOF - -for PATCH in "${SERIES[@]}"; do - URL="$prefix/$PATCH" - HASH="$(nix-prefetch-url "$URL")" - echo "{ url = \"\${prefix}/$PATCH\"; sha256 = \"$HASH\"; }" >> "$FILE" -done -echo "]" >> "$FILE" diff --git a/pkgs/tools/misc/grub/symlink.patch b/pkgs/tools/misc/grub/symlink.patch deleted file mode 100644 index ac38be046188..000000000000 --- a/pkgs/tools/misc/grub/symlink.patch +++ /dev/null @@ -1,37 +0,0 @@ -diff -rc grub-0.97-orig/util/grub-install.in grub-0.97/util/grub-install.in -*** grub-0.97-orig/util/grub-install.in 2008-09-18 11:32:13.000000000 +0200 ---- grub-0.97/util/grub-install.in 2008-09-18 11:36:40.000000000 +0200 -*************** -*** 194,217 **** - # Usage: resolve_symlink file - # Find the real file/device that file points at - resolve_symlink () { -! tmp_fname=$1 -! # Resolve symlinks -! while test -L $tmp_fname; do -! tmp_new_fname=`ls -al $tmp_fname | sed -n 's%.*-> \(.*\)%\1%p'` -! if test -z "$tmp_new_fname"; then -! echo "Unrecognized ls output" 2>&1 -! exit 1 -! fi -! -! # Convert relative symlinks -! case $tmp_new_fname in -! /*) tmp_fname="$tmp_new_fname" -! ;; -! *) tmp_fname="`echo $tmp_fname | sed 's%/[^/]*$%%'`/$tmp_new_fname" -! ;; -! esac -! done -! echo "$tmp_fname" - } - - # Usage: find_device file ---- 194,200 ---- - # Usage: resolve_symlink file - # Find the real file/device that file points at - resolve_symlink () { -! readlink -f $1 - } - - # Usage: find_device file diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index c22d2e9f65cd..08622c30e6da 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -648,6 +648,7 @@ mapAliases ({ gr-osmosdr = gnuradio3_7.pkgs.osmosdr; # Added 2019-05-27, changed 2020-10-16 gr-rds = gnuradio3_7.pkgs.rds; # Added 2019-05-27, changed 2020-10-16 grub2_full = grub2; # Added 2022-11-18 + grub = throw "grub1 was removed after not being maintained upstream for a decade. Please switch to another bootloader"; # Added 2023-04-11 grv = throw "grv has been dropped due to the lack of maintenance from upstream since 2019"; # Added 2022-06-01 gsettings_desktop_schemas = throw "'gsettings_desktop_schemas' has been renamed to/replaced by 'gsettings-desktop-schemas'"; # Converted to throw 2022-02-22 gsl_1 = throw "'gsl_1' has been renamed to/replaced by 'gsl'"; # Added 2022-11-19 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index fc6159df5682..943b21b4801e 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -8168,15 +8168,11 @@ with pkgs; grpc-client-cli = callPackage ../development/tools/misc/grpc-client-cli { }; - grub = pkgsi686Linux.callPackage ../tools/misc/grub ({ - stdenv = overrideCC stdenv buildPackages.pkgsi686Linux.gcc6; - } // (config.grub or {})); - trustedGrub = pkgsi686Linux.callPackage ../tools/misc/grub/trusted.nix { }; trustedGrub-for-HP = pkgsi686Linux.callPackage ../tools/misc/grub/trusted.nix { for_HP_laptop = true; }; - grub2 = callPackage ../tools/misc/grub/2.0x.nix { + grub2 = callPackage ../tools/misc/grub/default.nix { # update breaks grub2 gnulib = pkgs.gnulib.overrideAttrs (_: rec { version = "20200223";