ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-11-18 13:19:10 +03:00
Code Issues Projects Releases Wiki Activity

Merge pull request #167204 from helsinki-systems/drop/grub1

Browse Source 
grub legacy: remove
This commit is contained in:
Jörg Thalheim 2023-05-10 21:04:08 +01:00 committed by GitHub
commit 9184f1989b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
18 changed files with 683 additions and 971 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nixos/modules/config/gnu.nix
View File

@ -29,7 +29,6 @@
# GNU GRUB, where available.
boot.loader.grub.enable = !pkgs.stdenv.isAarch32;
boot.loader.grub.version = 2;
# GNU lsh.
services.openssh.enable = false;

2
nixos/modules/installer/cd-dvd/iso-image.nix
View File

@ -694,8 +694,6 @@ in
}
];
boot.loader.grub.version = 2;
# Don't build the GRUB menu builder script, since we don't need it
# here and it causes a cyclic dependency.
boot.loader.grub.enable = false;

1
nixos/modules/installer/tools/nixos-generate-config.pl
View File

@ -651,7 +651,6 @@ EOF
$bootLoaderConfig = <<EOF;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";

52
nixos/modules/system/boot/loader/grub/grub.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, options, lib, pkgs, ... }:
with lib;
@ -12,8 +12,7 @@ let
# Package set of targeted architecture
if cfg.forcei686 then pkgs.pkgsi686Linux else pkgs;
realGrub = if cfg.version == 1 then grubPkgs.grub
else if cfg.zfsSupport then grubPkgs.grub2.override { zfsSupport = true; }
realGrub = if cfg.zfsSupport then grubPkgs.grub2.override { zfsSupport = true; }
else if cfg.trustedBoot.enable
then if cfg.trustedBoot.isHPLaptop
then grubPkgs.trustedGrub-for-HP
@ -28,8 +27,7 @@ let
else realGrub;
grubEfi =
# EFI version of Grub v2
if cfg.efiSupport && (cfg.version == 2)
if cfg.efiSupport
then realGrub.override { efiSupport = cfg.efiSupport; }
else null;
@ -52,24 +50,24 @@ let
fullName = lib.getName realGrub;
fullVersion = lib.getVersion realGrub;
grubEfi = f grubEfi;
grubTargetEfi = optionalString (cfg.efiSupport && (cfg.version == 2)) (f (grubEfi.grubTarget or ""));
grubTargetEfi = optionalString cfg.efiSupport (f (grubEfi.grubTarget or ""));
bootPath = args.path;
storePath = config.boot.loader.grub.storePath;
bootloaderId = if args.efiBootloaderId == null then "${config.system.nixos.distroName}${efiSysMountPoint'}" else args.efiBootloaderId;
timeout = if config.boot.loader.timeout == null then -1 else config.boot.loader.timeout;
users = if cfg.users == {} || cfg.version != 1 then cfg.users else throw "GRUB version 1 does not support user accounts.";
theme = f cfg.theme;
inherit efiSysMountPoint;
inherit (args) devices;
inherit (efi) canTouchEfiVariables;
inherit (cfg)
version extraConfig extraPerEntryConfig extraEntries forceInstall useOSProber
extraConfig extraPerEntryConfig extraEntries forceInstall useOSProber
extraGrubInstallArgs
extraEntriesBeforeNixOS extraPrepareConfig configurationLimit copyKernels
default fsIdentifier efiSupport efiInstallAsRemovable gfxmodeEfi gfxmodeBios gfxpayloadEfi gfxpayloadBios;
default fsIdentifier efiSupport efiInstallAsRemovable gfxmodeEfi gfxmodeBios gfxpayloadEfi gfxpayloadBios
users;
path = with pkgs; makeBinPath (
[ coreutils gnused gnugrep findutils diffutils btrfs-progs util-linux mdadm ]
++ optional (cfg.efiSupport && (cfg.version == 2)) efibootmgr
++ optional cfg.efiSupport efibootmgr
++ optionals cfg.useOSProber [ busybox os-prober ]);
font = if cfg.font == null then ""
else (if lib.last (lib.splitString "." cfg.font) == "pf2"
@ -109,14 +107,8 @@ in
};
version = mkOption {
default = 2;
example = 1;
visible = false;
type = types.int;
description = lib.mdDoc ''
The version of GRUB to use: `1` for GRUB
Legacy (versions 0.9x), or `2` (the
default) for GRUB 2.
'';
};
device = mkOption {
@ -724,14 +716,7 @@ in
config = mkMerge [
{ boot.loader.grub.splashImage = mkDefault (
if cfg.version == 1 then pkgs.fetchurl {
url = "http://www.gnome-look.org/CONTENT/content-files/36909-soft-tux.xpm.gz";
sha256 = "14kqdx2lfqvh40h6fjjzqgff1mwk74dmbjvmqphi6azzra7z8d59";
}
# GRUB 1.97 doesn't support gzipped XPMs.
else defaultSplash);
}
{ boot.loader.grub.splashImage = mkDefault defaultSplash; }
(mkIf (cfg.splashImage == defaultSplash) {
boot.loader.grub.backgroundColor = mkDefault "#2F302F";
@ -788,10 +773,6 @@ in
'') config.boot.loader.grub.extraFiles);
assertions = [
{
assertion = !cfg.zfsSupport || cfg.version == 2;
message = "Only GRUB version 2 provides ZFS support";
}
{
assertion = cfg.mirroredBoots != [ ];
message = "You must set the option boot.loader.grub.devices or "
@ -801,10 +782,6 @@ in
assertion = cfg.efiSupport || all (c: c < 2) (mapAttrsToList (n: c: if n == "nodev" then 0 else c) bootDeviceCounters);
message = "You cannot have duplicated devices in mirroredBoots";
}
{
assertion = !cfg.trustedBoot.enable || cfg.version == 2;
message = "Trusted GRUB is only available for GRUB 2";
}
{
assertion = !cfg.efiSupport || !cfg.trustedBoot.enable;
message = "Trusted GRUB does not have EFI support";
@ -825,6 +802,10 @@ in
assertion = cfg.efiInstallAsRemovable -> !config.boot.loader.efi.canTouchEfiVariables;
message = "If you wish to to use boot.loader.grub.efiInstallAsRemovable, then turn off boot.loader.efi.canTouchEfiVariables";
}
{
assertion = !(options.boot.loader.grub.version.isDefined && cfg.version == 1);
message = "Support for version 0.9x of GRUB was removed after being unsupported upstream for around a decade";
}
] ++ flip concatMap cfg.mirroredBoots (args: [
{
assertion = args.devices != [ ];
@ -844,6 +825,11 @@ in
}));
})
(mkIf options.boot.loader.grub.version.isDefined {
warnings = [ ''
The boot.loader.grub.version option does not have any effect anymore, please remove it from your configuration.
'' ];
})
];

50
nixos/modules/system/boot/loader/grub/install-grub.pl
View File

@ -61,7 +61,6 @@ sub runCommand {
}
my $grub = get("grub");
my $grubVersion = int(get("version"));
my $grubTarget = get("grubTarget");
my $extraConfig = get("extraConfig");
my $extraPrepareConfig = get("extraPrepareConfig");
@ -96,9 +95,7 @@ my $theme = get("theme");
my $saveDefault = $defaultEntry eq "saved";
$ENV{'PATH'} = get("path");
die "unsupported GRUB version\n" if $grubVersion != 1 && $grubVersion != 2;
print STDERR "updating GRUB $grubVersion menu...\n";
print STDERR "updating GRUB 2 menu...\n";
mkpath("$bootPath/grub", 0, 0700);
@ -176,7 +173,6 @@ sub GrubFs {
}
my $search = "";
if ($grubVersion > 1) {
# ZFS is completely separate logic as zpools are always identified by a label
# or custom UUID
if ($fs->type eq 'zfs') {
@ -246,7 +242,6 @@ sub GrubFs {
$path = "(\$drive$driveid)$path";
$driveid += 1;
}
}
return Grub->new(path => $path, search => $search);
}
my $grubBoot = GrubFs($bootPath);
@ -258,20 +253,6 @@ if ($copyKernels == 0) {
# Generate the header.
my $conf .= "# Automatically generated. DO NOT EDIT THIS FILE!\n";
if ($grubVersion == 1) {
# $defaultEntry might be "saved", indicating that we want to use the last selected configuration as default.
# Incidentally this is already the correct value for the grub 1 config to achieve this behaviour.
$conf .= "
default $defaultEntry
timeout $timeout
";
if ($splashImage) {
copy $splashImage, "$bootPath/background.xpm.gz" or die "cannot copy $splashImage to $bootPath: $!\n";
$conf .= "splashimage " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/background.xpm.gz\n";
}
}
else {
my @users = ();
foreach my $user ($dom->findnodes('/expr/attrs/attr[@name = "users"]/attrs/attr')) {
my $name = $user->findvalue('@name') or die;
@ -418,7 +399,6 @@ else {
}
}, no_chdir => 1 }, $theme );
}
}
$conf .= "$extraConfig\n";
@ -494,17 +474,6 @@ sub addEntry {
readFile("$path/kernel-params");
my $xenParams = $xen && -e "$path/xen-params" ? readFile("$path/xen-params") : "";
if ($grubVersion == 1) {
$conf .= "title $name\n";
$conf .= " $extraPerEntryConfig\n" if $extraPerEntryConfig;
$conf .= " kernel $xen $xenParams\n" if $xen;
$conf .= " " . ($xen ? "module" : "kernel") . " $kernel $kernelParams\n";
$conf .= " " . ($xen ? "module" : "initrd") . " $initrd\n";
if ($saveDefault) {
$conf .= " savedefault\n";
}
$conf .= "\n";
} else {
$conf .= "menuentry \"$name\" " . $options . " {\n";
if ($saveDefault) {
$conf .= " savedefault\n";
@ -519,7 +488,6 @@ sub addEntry {
$conf .= " " . ($xen ? "module" : "initrd") . " $initrd\n";
$conf .= "}\n\n";
}
}
# Add default entries.
@ -562,7 +530,7 @@ sub addProfile {
my ($profile, $description) = @_;
# Add entries for all generations of this profile.
$conf .= "submenu \"$description\" --class submenu {\n" if $grubVersion == 2;
$conf .= "submenu \"$description\" --class submenu {\n";
sub nrFromGen { my ($x) = @_; $x =~ /\/\w+-(\d+)-link/; return $1; }
@ -585,18 +553,16 @@ sub addProfile {
addEntry("@distroName@ - Configuration " . nrFromGen($link) . " ($date - $version)", $link, $subEntryOptions, 0);
}
$conf .= "}\n" if $grubVersion == 2;
$conf .= "}\n";
}
addProfile "/nix/var/nix/profiles/system", "@distroName@ - All configurations";
if ($grubVersion == 2) {
for my $profile (glob "/nix/var/nix/profiles/system-profiles/*") {
my $name = basename($profile);
next unless $name =~ /^\w+$/;
addProfile $profile, "@distroName@ - Profile '$name'";
}
}
# extraPrepareConfig could refer to @bootPath@, which we have to substitute
$extraPrepareConfig =~ s/\@bootPath\@/$bootPath/g;
@ -607,16 +573,14 @@ if ($extraPrepareConfig ne "") {
}
# write the GRUB config.
my $confFile = $grubVersion == 1 ? "$bootPath/grub/menu.lst" : "$bootPath/grub/grub.cfg";
my $confFile = "$bootPath/grub/grub.cfg";
my $tmpFile = $confFile . ".tmp";
writeFile($tmpFile, $conf);
# check whether to install GRUB EFI or not
sub getEfiTarget {
if ($grubVersion == 1) {
return "no"
} elsif (($grub ne "") && ($grubEfi ne "")) {
if (($grub ne "") && ($grubEfi ne "")) {
# EFI can only be installed when target is set;
# A target is also required then for non-EFI grub
if (($grubTarget eq "") || ($grubTargetEfi eq "")) { die }
@ -741,7 +705,7 @@ symlink "$bootPath", "$tmpDir/boot" or die "Failed to symlink $tmpDir/boot: $!";
if (($requireNewInstall != 0) && ($efiTarget eq "no" || $efiTarget eq "both")) {
foreach my $dev (@deviceTargets) {
next if $dev eq "nodev";
print STDERR "installing the GRUB $grubVersion boot loader on $dev...\n";
print STDERR "installing the GRUB 2 boot loader on $dev...\n";
my @command = ("$grub/sbin/grub-install", "--recheck", "--root-directory=$tmpDir", Cwd::abs_path($dev), @extraGrubInstallArgs);
if ($forceInstall eq "true") {
push @command, "--force";
@ -756,7 +720,7 @@ if (($requireNewInstall != 0) && ($efiTarget eq "no" || $efiTarget eq "both")) {
# install EFI GRUB
if (($requireNewInstall != 0) && ($efiTarget eq "only" || $efiTarget eq "both")) {
print STDERR "installing the GRUB $grubVersion EFI boot loader into $efiSysMountPoint...\n";
print STDERR "installing the GRUB 2 boot loader into $efiSysMountPoint...\n";
my @command = ("$grubEfi/sbin/grub-install", "--recheck", "--target=$grubTargetEfi", "--boot-directory=$bootPath", "--efi-directory=$efiSysMountPoint", @extraGrubInstallArgs);
if ($forceInstall eq "true") {
push @command, "--force";

6
nixos/modules/system/boot/loader/grub/ipxe.nix
View File

@ -46,11 +46,7 @@ in
config = mkIf (builtins.length scripts != 0) {
boot.loader.grub.extraEntries =
if config.boot.loader.grub.version == 2 then
toString (map grubEntry scripts)
else
throw "iPXE is not supported with GRUB 1.";
boot.loader.grub.extraEntries = toString (map grubEntry scripts);
boot.loader.grub.extraFiles =
{ "ipxe.lkrn" = "${pkgs.ipxe}/ipxe.lkrn"; }

8
nixos/modules/system/boot/loader/grub/memtest.nix
View File

@ -84,15 +84,11 @@ in
})
(mkIf (cfg.enable && !efiSupport) {
boot.loader.grub.extraEntries =
if config.boot.loader.grub.version == 2 then
''
boot.loader.grub.extraEntries = ''
menuentry "Memtest86+" {
linux16 @bootRoot@/memtest.bin ${toString cfg.params}
}
''
else
throw "Memtest86+ is not supported with GRUB 1.";
'';
boot.loader.grub.extraFiles."memtest.bin" = "${memtest86}/memtest.bin";
})

1
nixos/modules/virtualisation/azure-common.nix
View File

@ -12,7 +12,6 @@ with lib;
# Generate a GRUB menu.
boot.loader.grub.device = "/dev/sda";
boot.loader.grub.version = 2;
boot.loader.timeout = 0;
boot.growPartition = true;

1
nixos/modules/virtualisation/xen-domU.nix
View File

@ -3,7 +3,6 @@
{ ... }:
{
boot.loader.grub.version = 2;
boot.loader.grub.device = "nodev";
boot.initrd.kernelModules =

50
nixos/tests/installer.nix
View File

@ -10,7 +10,7 @@ with pkgs.lib;
let
# The configuration to install.
makeConfig = { bootLoader, grubVersion, grubDevice, grubIdentifier, grubUseEfi
makeConfig = { bootLoader, grubDevice, grubIdentifier, grubUseEfi
, extraConfig, forceGrubReinstallCount ? 0
}:
pkgs.writeText "configuration.nix" ''
@ -29,11 +29,6 @@ let
${optionalString systemdStage1 "boot.initrd.systemd.enable = true;"}
${optionalString (bootLoader == "grub") ''
boot.loader.grub.version = ${toString grubVersion};
${optionalString (grubVersion == 1) ''
boot.loader.grub.splashImage = null;
''}
boot.loader.grub.extraConfig = "serial; terminal_output serial";
${if grubUseEfi then ''
boot.loader.grub.device = "nodev";
@ -70,11 +65,11 @@ let
# disk, and then reboot from the hard disk. It's parameterized with
# a test script fragment `createPartitions', which must create
# partitions and filesystems.
testScriptFun = { bootLoader, createPartitions, grubVersion, grubDevice, grubUseEfi
testScriptFun = { bootLoader, createPartitions, grubDevice, grubUseEfi
, grubIdentifier, preBootCommands, postBootCommands, extraConfig
, testSpecialisationConfig
}:
let iface = if grubVersion == 1 then "ide" else "virtio";
let iface = "virtio";
isEfi = bootLoader == "systemd-boot" || (bootLoader == "grub" && grubUseEfi);
bios = if pkgs.stdenv.isAarch64 then "QEMU_EFI.fd" else "OVMF.fd";
in if !isEfi && !pkgs.stdenv.hostPlatform.isx86 then ''
@ -122,7 +117,7 @@ let
machine.succeed("cat /mnt/etc/nixos/hardware-configuration.nix >&2")
machine.copy_from_host(
"${ makeConfig {
inherit bootLoader grubVersion grubDevice grubIdentifier
inherit bootLoader grubDevice grubIdentifier
grubUseEfi extraConfig;
}
}",
@ -193,7 +188,7 @@ let
# doesn't know about the host-guest sharing mechanism.
machine.copy_from_host_via_shell(
"${ makeConfig {
inherit bootLoader grubVersion grubDevice grubIdentifier
inherit bootLoader grubDevice grubIdentifier
grubUseEfi extraConfig;
forceGrubReinstallCount = 1;
}
@ -222,7 +217,7 @@ let
# doesn't know about the host-guest sharing mechanism.
machine.copy_from_host_via_shell(
"${ makeConfig {
inherit bootLoader grubVersion grubDevice grubIdentifier
inherit bootLoader grubDevice grubIdentifier
grubUseEfi extraConfig;
forceGrubReinstallCount = 2;
}
@ -284,7 +279,7 @@ let
{ createPartitions, preBootCommands ? "", postBootCommands ? "", extraConfig ? ""
, extraInstallerConfig ? {}
, bootLoader ? "grub" # either "grub" or "systemd-boot"
, grubVersion ? 2, grubDevice ? "/dev/vda", grubIdentifier ? "uuid", grubUseEfi ? false
, grubDevice ? "/dev/vda", grubIdentifier ? "uuid", grubUseEfi ? false
, enableOCR ? false, meta ? {}
, testSpecialisationConfig ? false
}:
@ -316,11 +311,9 @@ let
# installer. This ensures the target disk (/dev/vda) is
# the same during and after installation.
virtualisation.emptyDiskImages = [ 512 ];
virtualisation.rootDevice =
if grubVersion == 1 then "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive2" else "/dev/vdb";
virtualisation.rootDevice = "/dev/vdb";
virtualisation.bootLoaderDevice = "/dev/vda";
virtualisation.qemu.diskInterface =
if grubVersion == 1 then "scsi" else "virtio";
virtualisation.qemu.diskInterface = "virtio";
# We don't want to have any networking in the guest whatsoever.
# Also, if any vlans are enabled, the guest will reboot
@ -372,8 +365,7 @@ let
# curl's tarball, we see what it's trying to download
curl
]
++ optional (bootLoader == "grub" && grubVersion == 1) pkgs.grub
++ optionals (bootLoader == "grub" && grubVersion == 2) (let
++ optionals (bootLoader == "grub") (let
zfsSupport = lib.any (x: x == "zfs")
(extraInstallerConfig.boot.supportedFilesystems or []);
in [
@ -392,7 +384,7 @@ let
testScript = testScriptFun {
inherit bootLoader createPartitions preBootCommands postBootCommands
grubVersion grubDevice grubIdentifier grubUseEfi extraConfig
grubDevice grubIdentifier grubUseEfi extraConfig
testSpecialisationConfig;
};
};
@ -875,26 +867,6 @@ in {
'';
};
# Test a basic install using GRUB 1.
grub1 = makeInstallerTest "grub1" rec {
createPartitions = ''
machine.succeed(
"flock ${grubDevice} parted --script ${grubDevice} -- mklabel msdos"
+ " mkpart primary linux-swap 1M 1024M"
+ " mkpart primary ext2 1024M -1s",
"udevadm settle",
"mkswap ${grubDevice}-part1 -L swap",
"swapon -L swap",
"mkfs.ext3 -L nixos ${grubDevice}-part2",
"mount LABEL=nixos /mnt",
"mkdir -p /mnt/tmp",
)
'';
grubVersion = 1;
# /dev/sda is not stable, even when the SCSI disk number is.
grubDevice = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive1";
};
# Test using labels to identify volumes in grub
simpleLabels = makeInstallerTest "simpleLabels" {
createPartitions = ''

457
pkgs/tools/misc/grub/2.0x.nix
View File

@ -1,457 +0,0 @@
{ lib, stdenv, fetchurl, flex, bison, python3, autoreconfHook, gnulib, libtool, bash
, gettext, ncurses, libusb-compat-0_1, freetype, qemu, lvm2, unifont, pkg-config
, buildPackages
, fetchpatch
, pkgsBuildBuild
, nixosTests
, fuse # only needed for grub-mount
, runtimeShell
, zfs ? null
, efiSupport ? false
, zfsSupport ? false
, xenSupport ? false
, kbdcompSupport ? false, ckbcomp
}:
let
pcSystems = {
i686-linux.target = "i386";
x86_64-linux.target = "i386";
};
efiSystemsBuild = {
i686-linux.target = "i386";
x86_64-linux.target = "x86_64";
armv7l-linux.target = "arm";
aarch64-linux.target = "aarch64";
riscv32-linux.target = "riscv32";
riscv64-linux.target = "riscv64";
};
# For aarch64, we need to use '--target=aarch64-efi' when building,
# but '--target=arm64-efi' when installing. Insanity!
efiSystemsInstall = {
i686-linux.target = "i386";
x86_64-linux.target = "x86_64";
armv7l-linux.target = "arm";
aarch64-linux.target = "arm64";
riscv32-linux.target = "riscv32";
riscv64-linux.target = "riscv64";
};
canEfi = lib.any (system: stdenv.hostPlatform.system == system) (lib.mapAttrsToList (name: _: name) efiSystemsBuild);
inPCSystems = lib.any (system: stdenv.hostPlatform.system == system) (lib.mapAttrsToList (name: _: name) pcSystems);
version = "2.06";
in (
assert efiSupport -> canEfi;
assert zfsSupport -> zfs != null;
assert !(efiSupport && xenSupport);
stdenv.mkDerivation rec {
pname = "grub";
inherit version;
src = fetchurl {
url = "mirror://gnu/grub/grub-${version}.tar.xz";
sha256 = "sha256-t56kSvkbk9F80/6Ava5u1DdwZ4qaWuGSzOqAPrtlfuE=";
};
patches = [
./fix-bash-completion.patch
(fetchpatch {
name = "Add-hidden-menu-entries.patch";
# https://lists.gnu.org/archive/html/grub-devel/2016-04/msg00089.html
url = "https://marc.info/?l=grub-devel&m=146193404929072&q=mbox";
sha256 = "00wa1q5adiass6i0x7p98vynj9vsz1w0gn1g4dgz89v35mpyw2bi";
})
# Pull upstream patch to fix linkage against binutils-2.36.
(fetchpatch {
name = "binutils-2.36.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=b98275138bf4fc250a1c362dfd2c8b1cf2421701";
sha256 = "001m058bsl2pcb0ii84jfm5ias8zgzabrfy6k2cc9w6w1y51ii82";
})
# Properly handle multiple initrd paths in 30_os-prober
# Remove this patch once a new release is cut
(fetchpatch {
name = "Properly-handle-multiple-initrd-paths-in-os-prober.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=000b5cd04fd228f9741f5dca0491636bc0b89eb8";
sha256 = "sha256-Mex3qQ0lW7ZCv7ZI7MSSqbylJXZ5RTbR4Pv1+CJ0ciM=";
})
# Upstreamed patches for flicker-free boot
# Remove these patches once a new release is cut
(fetchpatch {
# term/efi/console: Do not set colorstate until the first text output
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=9381dbe045b39bd9395c9ab4276d95b4041ec9fb";
sha256 = "sha256-ZFq/PdCYo6aRySZRAfZARO8BmXwGgqeXz+9uNgNJEO8=";
})
(fetchpatch {
# term/efi/console: Do not set cursor until the first text output
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=7c316e18301e101e4dcd8abe88c0bed0b1b78857";
sha256 = "sha256-WJiK7MqmdStzq77vIDsO60Fu7i9LE/jDYzF4E9FXb7c=";
})
(fetchpatch {
# normal/menu: Don't show "Booting `%s'" msg when auto-booting with TIMEOUT_STYLE_HIDDEN
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=5bb4f2b7d665c84bde402d1a528b652a61753380";
sha256 = "sha256-lwJPPyq6yj7X1C2RuHfxnwKKstFkWGxcMXuSQqd9Z4I=";
})
(fetchpatch {
# kern/main: Suppress the "Welcome to GRUB!" message in EFI builds
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=3e4cbbeca0ef35097301a1086f85fd0d119e64aa";
sha256 = "sha256-cQX4x9V5Y7SU9WACn5FzDjukL2/StAUMMoHY/DRHq+g=";
})
(fetchpatch {
name = "CVE-2021-3981.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=0adec29674561034771c13e446069b41ef41e4d4";
sha256 = "sha256-3vkvWjcSv0hyY2EX3ig2EXEe+XLiRsXYlcd5kpY4wXw=";
})
# June 2022 security patches
# https://lists.gnu.org/archive/html/grub-devel/2022-06/msg00035.html
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.1.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1469983ebb9674753ad333d37087fb8cb20e1dce";
sha256 = "sha256-oB4S0jvIXsDPcjIz1E2LKm7gwdvZjywuI1j0P6JQdJg=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.2.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=14ceb3b3ff6db664649138442b6562c114dcf56e";
sha256 = "sha256-mKe8gzd0U4PbV8z3TWCdvv7UugEgYaVIkB4dyMrSGEE=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.3.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=04c86e0bb7b58fc2f913f798cdb18934933e532d";
sha256 = "sha256-sA+PTlk4hwYOVKRZBHkEskabzmsf47Hi4h3mzWOFjwM=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.4.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=6fe755c5c07bb386fda58306bfd19e4a1c974c53";
sha256 = "sha256-8zmFocUfnjSyhYitUFDHoilHDnm1NJmhcKwO9dueV3k=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.5.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=f1ce0e15e70ea1aafcfa26ad93e7585f65783c6f";
sha256 = "sha256-Wrlam6CRPUAHbKqe/X1YLcRxJ2LQTtmQ/Y66gxUlqK4=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.6.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=5bff31cdb6b93d738f850834e6291df1d0b136fa";
sha256 = "sha256-ReLWSePXjRweymsVAL/uoBgYMWt9vRDcY3iXlDNZT0w=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.7.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=347880a13c239b4c2811c94c9a7cf78b607332e3";
sha256 = "sha256-07hpHuJFw95xGoJ/6ej7i6HlCFb2QRxP3arvRjKW4uU=";
})
## Needed to apply patch 8
(fetchpatch {
name = "video-remove-trailing-whitespaces.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1f48917d8ddb490dcdc70176e0f58136b7f7811a";
sha256 = "sha256-/yf/LGpwYcQ36KITzmiFfg4BvhcApKbrlFzjKK8V2kI=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.8.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=e623866d9286410156e8b9d2c82d6253a1b22d08";
sha256 = "sha256-zFxP6JY5Q9s3yJHdkbZ2w+dXFKeOCXjFnQKadB5HLCg=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.9.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=210245129c932dc9e1c2748d9d35524fb95b5042";
sha256 = "sha256-FyZhdTlcRVmn7X2hv93RhWP7NOoEMb7ib/DWveyz3Ew=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.10.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=690bee69fae6b4bd911293d6b7e56774e29fdf64";
sha256 = "sha256-nOAXxebCW/s5M6sjPKdSdx47/PcH1lc0yYT0flVwoC8=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.11.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=d5caac8ab79d068ad9a41030c772d03a4d4fbd7b";
sha256 = "sha256-9fGJJkgZ6+E01MJqVTR1qFITx9EAx41Hv9QNfdqBgu0=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.12.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=768ef2199e0265cf455b154f1a80a612f02274c8";
sha256 = "sha256-2/JJJux5vqXUc77bi3aXRy8NclbvyD/0e6UN8/6Ui3c=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.13.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=166a4d61448f74745afe1dac2f2cfb85d04909bf";
sha256 = "sha256-XxTZ8P8qr4qEXELdHwaRACPeIZ/iixlATLB5RvVQsC8=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.14.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6";
sha256 = "sha256-bzB2gmGvWR2ylvMw779KQ/VHBBMsDNbG96eg9qQlljA=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.15.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=830a9628b2c9e1b6388af624aaf4a80818ed6be0";
sha256 = "sha256-8fna2VbbUw8zBx77osaOOHlZFgRrHqwQK87RoUtCF6w=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.16.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=3e4817538de828319ba6d59ced2fbb9b5ca13287";
sha256 = "sha256-iCZAyRS/a15x5aJCJBYl9nw6Hc3WRCUG7zF5V+OwDKg=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.17.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=f407e34f3871a4c402bbd516e7c28ea193cef1b7";
sha256 = "sha256-S45cLZNTWapAodKudUz2fMjnPsW6vbtNz0bIvIBGmu4=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.18.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=c1b7eef9fa4aaefbf7d0507505c3bb2914e1ad6b";
sha256 = "sha256-TWPfEAOePwC77yiVdsTSZIjfsMp7+0XabCz9K3FlV7w=";
})
## Needed to apply patch 19
(fetchpatch {
name = "net-remove-trailing-whitespaces.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=e453a4a64392a41bc7b37f890aceb358112d1687";
sha256 = "sha256-JCbUB77Y6js5u99uJ9StDxNjjahNy4nO3crK8/GvmPY=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.19.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=96abf4fb9d829f4a405d5df39bc74bbccbd0e322";
sha256 = "sha256-6E2MKO5kauFA1TA8YkUgIUusniwHS2Sr44A/a7ZqDCo=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.20.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=ee9652031491326736714a988fbbaeab8ef9255c";
sha256 = "sha256-E21q+Mj+JBQlUW0pe4zbaoL3ErXmCanyizwAsRYYZHk=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.21.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=8f287c3e13da2bf82049e2e464eca7ca4fef0a85";
sha256 = "sha256-dZ24RwYsHeUrMuiU7PDgPcw+iK9cOd6q+E0xWXbtTkE=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.22.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=dad94fffe14be476df5f34a8e5a90ea62a41fe12";
sha256 = "sha256-06TyTEvSy19dsnXZZoKBGx7ymJVWogr0NorzLflEwY4=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.23.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=ec6bfd3237394c1c7dbf2fd73417173318d22f4b";
sha256 = "sha256-NryxSekO8oSxsnv5G9mFZExm4Pwfc778mslyUDuDhlM=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.24.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4";
sha256 = "sha256-fSH3cxl/76DwkE8dHSR9uao9Vf1sJrhz7SmUSgDNodI=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.25.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=4bd9877f62166b7e369773ab92fe24a39f6515f8";
sha256 = "sha256-VMtR/sF8F1BMKmJ06ZZEPNH/+l0RySy/E6lVWdCyFKE=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.26.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=deae293f399dde3773cf37dfa9b77ca7e04ef772";
sha256 = "sha256-sCC3KE9adavw7jHMTVlxtyuwDFCPRDqT24H3AKUYf68=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.27.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=e40b83335bb33d9a2d1c06cc269875b3b3d6c539";
sha256 = "sha256-cviCfBkzacAtnHGW87RLshhduE4Ym/v2Vq4h/sZDmZg=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.28.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=11e1cffb7e2492ddac4ab8d19ce466783adbb957";
sha256 = "sha256-I1feoneVeU3XkscKfVprWWJfLUnrc5oauMXYDyDxo5M=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.29.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=13dce204cf6f3f0f49c9949971052a4c9657c0c0";
sha256 = "sha256-DzFHxgR9A8FNZ/y9OMeBvTp1K6J5ePyL06dhHQmk7Ik=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.30.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=2f4430cc0a44fd8c8aa7aee5c51887667ad3d6c3";
sha256 = "sha256-AufP/10/auO4NMjYQ7yPDDbYShwGaktyQtqJx2Jasz8=";
})
# October 2022 security patches
# https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.1.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=f6b6236077f059e64ee315f2d7acb8fa4eda87c5";
sha256 = "sha256-pk02iVf/u6CdsVjl8HaFBh0Bt473ZQzz5zBp9SoBLtE=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.2.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=9c76ec09ae08155df27cd237eaea150b4f02f532";
sha256 = "sha256-axbEOH5WFkUroGna2XY1f2kq7+B1Cs6LiubIA2EBdiM=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.3.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e";
sha256 = "sha256-aKDUVS/Yx1c87NCrt4EG8BlSpkHijUyAJIwbmtzNjD8=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.4.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=c51292274ded3259eb04c2f1c8d253ffbdb5216a";
sha256 = "sha256-OLNOKuAJuHy2MBMnU2xcYM7AaxmDk9fchXhggoDrxJU=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.5.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=23843fe8947e4da955a05ad3d1858725bfcb56c8";
sha256 = "sha256-ptn00nqVJlEb1c6HhoMy9nrBuctH077LM4yXKsK47gc=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.6.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=b9396daf1c2e3cdc0a1e69b056852e0769fb24de";
sha256 = "sha256-K7XNneDZjLpZh/C908+5uYsB/0oIdgQqmk0yJrdQLG4=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.7.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1d2015598cc7a9fca4b39186273e3519a88e80c7";
sha256 = "sha256-s4pZtszH4b/0u85rpzVapZmNQdYEq/wW06SQ3PW/1aU=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.8.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=93a786a00163e50c29f0394df198518617e1c9a5";
sha256 = "sha256-R8x557RMAxJ0ZV2jb6zDmwOPVlk6875q37fNpqKsPT0=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.9.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1eac01c147b4d85d2ec4a7e5671fa4345f2e8549";
sha256 = "sha256-eOnhmU3pT5cCVnNHcY/BzDjldfs7yh/OGsxa15tGv94=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.10.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=992c06191babc1e109caf40d6a07ec6fdef427af";
sha256 = "sha256-kezNKPcLmFXwyZbXtJbaPTIbE8tijmHIzdC2jsKwrNk=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.11.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=9d81f71c6b8f55cf20cd56f5fe29c759df9b48cc";
sha256 = "sha256-jnniVGy4KvFGFmcOP2YLA46k3cK8vwoByo19ismVUzE=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.12.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=22b77b87e10a3a6c9bb9885415bc9a9c678378e6";
sha256 = "sha256-iYTEqN5997I7MVIg82jt/bbEAYhcgq8fNRCNPpY9ze0=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.13.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1514678888595ef41a968a0c69b7ff769edd1e9c";
sha256 = "sha256-tgAEoAtaNKJjscjMFkXXiVn59Pa4c+NiQ3iVW6CMrpo=";
})
];
postPatch = if kbdcompSupport then ''
sed -i util/grub-kbdcomp.in -e 's@\bckbcomp\b@${ckbcomp}/bin/ckbcomp@'
'' else ''
echo '#! ${runtimeShell}' > util/grub-kbdcomp.in
echo 'echo "Compile grub2 with { kbdcompSupport = true; } to enable support for this command."' >> util/grub-kbdcomp.in
'';
depsBuildBuild = [ buildPackages.stdenv.cc ];
nativeBuildInputs = [ bison flex python3 pkg-config gettext freetype autoreconfHook ];
buildInputs = [ ncurses libusb-compat-0_1 freetype lvm2 fuse libtool bash ]
++ lib.optional doCheck qemu
++ lib.optional zfsSupport zfs;
strictDeps = true;
hardeningDisable = [ "all" ];
separateDebugInfo = !xenSupport;
# Work around a bug in the generated flex lexer (upstream flex bug?)
env.NIX_CFLAGS_COMPILE = "-Wno-error";
preConfigure =
'' for i in "tests/util/"*.in
do
sed -i "$i" -e's|/bin/bash|${stdenv.shell}|g'
done
# Apparently, the QEMU executable is no longer called
# `qemu-system-i386', even on i386.
#
# In addition, use `-nodefaults' to avoid errors like:
#
# chardev: opening backend "stdio" failed
# qemu: could not open serial device 'stdio': Invalid argument
#
# See <http://www.mail-archive.com/qemu-devel@nongnu.org/msg22775.html>.
sed -i "tests/util/grub-shell.in" \
-e's/qemu-system-i386/qemu-system-x86_64 -nodefaults/g'
unset CPP # setting CPP intereferes with dependency calculation
patchShebangs .
substituteInPlace ./configure --replace '/usr/share/fonts/unifont' '${unifont}/share/fonts'
'';
configureFlags = [
"--enable-grub-mount" # dep of os-prober
] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
# grub doesn't do cross-compilation as usual and tries to use unprefixed
# tools to target the host. Provide toolchain information explicitly for
# cross builds.
#
# Ref: # https://github.com/buildroot/buildroot/blob/master/boot/grub2/grub2.mk#L108
"TARGET_CC=${stdenv.cc.targetPrefix}cc"
"TARGET_NM=${stdenv.cc.targetPrefix}nm"
"TARGET_OBJCOPY=${stdenv.cc.targetPrefix}objcopy"
"TARGET_RANLIB=${stdenv.cc.targetPrefix}ranlib"
"TARGET_STRIP=${stdenv.cc.targetPrefix}strip"
] ++ lib.optional zfsSupport "--enable-libzfs"
++ lib.optionals efiSupport [ "--with-platform=efi" "--target=${efiSystemsBuild.${stdenv.hostPlatform.system}.target}" "--program-prefix=" ]
++ lib.optionals xenSupport [ "--with-platform=xen" "--target=${efiSystemsBuild.${stdenv.hostPlatform.system}.target}"];
# save target that grub is compiled for
grubTarget = if efiSupport
then "${efiSystemsInstall.${stdenv.hostPlatform.system}.target}-efi"
else lib.optionalString inPCSystems "${pcSystems.${stdenv.hostPlatform.system}.target}-pc";
doCheck = false;
enableParallelBuilding = true;
postInstall = ''
# Avoid a runtime reference to gcc
sed -i $out/lib/grub/*/modinfo.sh -e "/grub_target_cppflags=/ s|'.*'|' '|"
# just adding bash to buildInputs wasn't enough to fix the shebang
substituteInPlace $out/lib/grub/*/modinfo.sh \
--replace ${buildPackages.bash} "/usr/bin/bash"
'';
passthru.tests = {
nixos-grub = nixosTests.grub;
nixos-install-simple = nixosTests.installer.simple;
nixos-install-grub1 = nixosTests.installer.grub1;
nixos-install-grub-uefi = nixosTests.installer.simpleUefiGrub;
nixos-install-grub-uefi-spec = nixosTests.installer.simpleUefiGrubSpecialisation;
};
meta = with lib; {
description = "GNU GRUB, the Grand Unified Boot Loader (2.x beta)";
longDescription =
'' GNU GRUB is a Multiboot boot loader. It was derived from GRUB, GRand
Unified Bootloader, which was originally designed and implemented by
Erich Stefan Boleyn.
Briefly, the boot loader is the first software program that runs when a
computer starts. It is responsible for loading and transferring
control to the operating system kernel software (such as the Hurd or
the Linux). The kernel, in turn, initializes the rest of the
operating system (e.g., GNU).
'';
homepage = "https://www.gnu.org/software/grub/";
license = licenses.gpl3Plus;
platforms = platforms.gnu ++ platforms.linux;
maintainers = [ maintainers.samueldr ];
};
})

11
pkgs/tools/misc/grub/buggybios.patch
View File

@ -1,11 +0,0 @@
Taken from: http://savannah.gnu.org/bugs/?func=detailitem&item_id=10433
--- grub-0.95.orig/stage2/bios.c 2004-03-27 17:34:04.000000000 +0100
+++ grub-0.95/stage2/bios.c 2005-03-02 01:02:29.192582200 +0100
@@ -147,6 +147,7 @@
grub_memset (&cdrp, 0, sizeof (cdrp));
cdrp.size = sizeof (cdrp) - sizeof (cdrp.dummy);
err = biosdisk_int13_extensions (0x4B01, drive, &cdrp);
+ err = 0; /* really ugly hack to circumvent faulty BIOS versions like Acer 292LMi */
if (! err && cdrp.drive_no == drive)
{
if ((cdrp.media_type & 0x0F) == 0)

464
pkgs/tools/misc/grub/default.nix
View File

@ -1,40 +1,456 @@
{ lib, stdenv, fetchurl, autoreconfHook, texinfo, buggyBiosCDSupport ? true }:
{ lib, stdenv, fetchurl, flex, bison, python3, autoreconfHook, gnulib, libtool, bash
, gettext, ncurses, libusb-compat-0_1, freetype, qemu, lvm2, unifont, pkg-config
, buildPackages
, fetchpatch
, pkgsBuildBuild
, nixosTests
, fuse # only needed for grub-mount
, runtimeShell
, zfs ? null
, efiSupport ? false
, zfsSupport ? false
, xenSupport ? false
, kbdcompSupport ? false, ckbcomp
}:
let
pcSystems = {
i686-linux.target = "i386";
x86_64-linux.target = "i386";
};
efiSystemsBuild = {
i686-linux.target = "i386";
x86_64-linux.target = "x86_64";
armv7l-linux.target = "arm";
aarch64-linux.target = "aarch64";
riscv32-linux.target = "riscv32";
riscv64-linux.target = "riscv64";
};
# For aarch64, we need to use '--target=aarch64-efi' when building,
# but '--target=arm64-efi' when installing. Insanity!
efiSystemsInstall = {
i686-linux.target = "i386";
x86_64-linux.target = "x86_64";
armv7l-linux.target = "arm";
aarch64-linux.target = "arm64";
riscv32-linux.target = "riscv32";
riscv64-linux.target = "riscv64";
};
canEfi = lib.any (system: stdenv.hostPlatform.system == system) (lib.mapAttrsToList (name: _: name) efiSystemsBuild);
inPCSystems = lib.any (system: stdenv.hostPlatform.system == system) (lib.mapAttrsToList (name: _: name) pcSystems);
version = "2.06";
in (
assert efiSupport -> canEfi;
assert zfsSupport -> zfs != null;
assert !(efiSupport && xenSupport);
stdenv.mkDerivation rec {
pname = "grub";
version = "0.97-73";
inherit version;
src = fetchurl {
url = "https://alpha.gnu.org/gnu/grub/grub-${lib.versions.majorMinor version}.tar.gz";
sha256 = "02r6b52r0nsp6ryqfiqchnl7r1d9smm80sqx24494gmx5p8ia7af";
url = "mirror://gnu/grub/grub-${version}.tar.xz";
sha256 = "sha256-t56kSvkbk9F80/6Ava5u1DdwZ4qaWuGSzOqAPrtlfuE=";
};
patches = [
# Properly handle the case of symlinks such as
# /dev/disk/by-label/bla. The symlink resolution code in
# grub-install isn't smart enough.
./symlink.patch
]
++ (lib.optional buggyBiosCDSupport ./buggybios.patch)
++ map fetchurl (import ./grub1.patches.nix)
;
./fix-bash-completion.patch
(fetchpatch {
name = "Add-hidden-menu-entries.patch";
# https://lists.gnu.org/archive/html/grub-devel/2016-04/msg00089.html
url = "https://marc.info/?l=grub-devel&m=146193404929072&q=mbox";
sha256 = "00wa1q5adiass6i0x7p98vynj9vsz1w0gn1g4dgz89v35mpyw2bi";
})
preConfigure = ''
substituteInPlace ./configure.ac --replace 'AC_PREREQ(2.61)' 'AC_PREREQ(2.64)'
# Pull upstream patch to fix linkage against binutils-2.36.
(fetchpatch {
name = "binutils-2.36.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=b98275138bf4fc250a1c362dfd2c8b1cf2421701";
sha256 = "001m058bsl2pcb0ii84jfm5ias8zgzabrfy6k2cc9w6w1y51ii82";
})
# Properly handle multiple initrd paths in 30_os-prober
# Remove this patch once a new release is cut
(fetchpatch {
name = "Properly-handle-multiple-initrd-paths-in-os-prober.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=000b5cd04fd228f9741f5dca0491636bc0b89eb8";
sha256 = "sha256-Mex3qQ0lW7ZCv7ZI7MSSqbylJXZ5RTbR4Pv1+CJ0ciM=";
})
# Upstreamed patches for flicker-free boot
# Remove these patches once a new release is cut
(fetchpatch {
# term/efi/console: Do not set colorstate until the first text output
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=9381dbe045b39bd9395c9ab4276d95b4041ec9fb";
sha256 = "sha256-ZFq/PdCYo6aRySZRAfZARO8BmXwGgqeXz+9uNgNJEO8=";
})
(fetchpatch {
# term/efi/console: Do not set cursor until the first text output
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=7c316e18301e101e4dcd8abe88c0bed0b1b78857";
sha256 = "sha256-WJiK7MqmdStzq77vIDsO60Fu7i9LE/jDYzF4E9FXb7c=";
})
(fetchpatch {
# normal/menu: Don't show "Booting `%s'" msg when auto-booting with TIMEOUT_STYLE_HIDDEN
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=5bb4f2b7d665c84bde402d1a528b652a61753380";
sha256 = "sha256-lwJPPyq6yj7X1C2RuHfxnwKKstFkWGxcMXuSQqd9Z4I=";
})
(fetchpatch {
# kern/main: Suppress the "Welcome to GRUB!" message in EFI builds
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=3e4cbbeca0ef35097301a1086f85fd0d119e64aa";
sha256 = "sha256-cQX4x9V5Y7SU9WACn5FzDjukL2/StAUMMoHY/DRHq+g=";
})
(fetchpatch {
name = "CVE-2021-3981.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=0adec29674561034771c13e446069b41ef41e4d4";
sha256 = "sha256-3vkvWjcSv0hyY2EX3ig2EXEe+XLiRsXYlcd5kpY4wXw=";
})
# June 2022 security patches
# https://lists.gnu.org/archive/html/grub-devel/2022-06/msg00035.html
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.1.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1469983ebb9674753ad333d37087fb8cb20e1dce";
sha256 = "sha256-oB4S0jvIXsDPcjIz1E2LKm7gwdvZjywuI1j0P6JQdJg=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.2.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=14ceb3b3ff6db664649138442b6562c114dcf56e";
sha256 = "sha256-mKe8gzd0U4PbV8z3TWCdvv7UugEgYaVIkB4dyMrSGEE=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.3.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=04c86e0bb7b58fc2f913f798cdb18934933e532d";
sha256 = "sha256-sA+PTlk4hwYOVKRZBHkEskabzmsf47Hi4h3mzWOFjwM=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.4.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=6fe755c5c07bb386fda58306bfd19e4a1c974c53";
sha256 = "sha256-8zmFocUfnjSyhYitUFDHoilHDnm1NJmhcKwO9dueV3k=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.5.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=f1ce0e15e70ea1aafcfa26ad93e7585f65783c6f";
sha256 = "sha256-Wrlam6CRPUAHbKqe/X1YLcRxJ2LQTtmQ/Y66gxUlqK4=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.6.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=5bff31cdb6b93d738f850834e6291df1d0b136fa";
sha256 = "sha256-ReLWSePXjRweymsVAL/uoBgYMWt9vRDcY3iXlDNZT0w=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.7.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=347880a13c239b4c2811c94c9a7cf78b607332e3";
sha256 = "sha256-07hpHuJFw95xGoJ/6ej7i6HlCFb2QRxP3arvRjKW4uU=";
})
## Needed to apply patch 8
(fetchpatch {
name = "video-remove-trailing-whitespaces.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1f48917d8ddb490dcdc70176e0f58136b7f7811a";
sha256 = "sha256-/yf/LGpwYcQ36KITzmiFfg4BvhcApKbrlFzjKK8V2kI=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.8.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=e623866d9286410156e8b9d2c82d6253a1b22d08";
sha256 = "sha256-zFxP6JY5Q9s3yJHdkbZ2w+dXFKeOCXjFnQKadB5HLCg=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.9.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=210245129c932dc9e1c2748d9d35524fb95b5042";
sha256 = "sha256-FyZhdTlcRVmn7X2hv93RhWP7NOoEMb7ib/DWveyz3Ew=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.10.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=690bee69fae6b4bd911293d6b7e56774e29fdf64";
sha256 = "sha256-nOAXxebCW/s5M6sjPKdSdx47/PcH1lc0yYT0flVwoC8=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.11.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=d5caac8ab79d068ad9a41030c772d03a4d4fbd7b";
sha256 = "sha256-9fGJJkgZ6+E01MJqVTR1qFITx9EAx41Hv9QNfdqBgu0=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.12.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=768ef2199e0265cf455b154f1a80a612f02274c8";
sha256 = "sha256-2/JJJux5vqXUc77bi3aXRy8NclbvyD/0e6UN8/6Ui3c=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.13.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=166a4d61448f74745afe1dac2f2cfb85d04909bf";
sha256 = "sha256-XxTZ8P8qr4qEXELdHwaRACPeIZ/iixlATLB5RvVQsC8=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.14.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6";
sha256 = "sha256-bzB2gmGvWR2ylvMw779KQ/VHBBMsDNbG96eg9qQlljA=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.15.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=830a9628b2c9e1b6388af624aaf4a80818ed6be0";
sha256 = "sha256-8fna2VbbUw8zBx77osaOOHlZFgRrHqwQK87RoUtCF6w=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.16.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=3e4817538de828319ba6d59ced2fbb9b5ca13287";
sha256 = "sha256-iCZAyRS/a15x5aJCJBYl9nw6Hc3WRCUG7zF5V+OwDKg=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.17.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=f407e34f3871a4c402bbd516e7c28ea193cef1b7";
sha256 = "sha256-S45cLZNTWapAodKudUz2fMjnPsW6vbtNz0bIvIBGmu4=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.18.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=c1b7eef9fa4aaefbf7d0507505c3bb2914e1ad6b";
sha256 = "sha256-TWPfEAOePwC77yiVdsTSZIjfsMp7+0XabCz9K3FlV7w=";
})
## Needed to apply patch 19
(fetchpatch {
name = "net-remove-trailing-whitespaces.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=e453a4a64392a41bc7b37f890aceb358112d1687";
sha256 = "sha256-JCbUB77Y6js5u99uJ9StDxNjjahNy4nO3crK8/GvmPY=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.19.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=96abf4fb9d829f4a405d5df39bc74bbccbd0e322";
sha256 = "sha256-6E2MKO5kauFA1TA8YkUgIUusniwHS2Sr44A/a7ZqDCo=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.20.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=ee9652031491326736714a988fbbaeab8ef9255c";
sha256 = "sha256-E21q+Mj+JBQlUW0pe4zbaoL3ErXmCanyizwAsRYYZHk=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.21.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=8f287c3e13da2bf82049e2e464eca7ca4fef0a85";
sha256 = "sha256-dZ24RwYsHeUrMuiU7PDgPcw+iK9cOd6q+E0xWXbtTkE=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.22.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=dad94fffe14be476df5f34a8e5a90ea62a41fe12";
sha256 = "sha256-06TyTEvSy19dsnXZZoKBGx7ymJVWogr0NorzLflEwY4=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.23.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=ec6bfd3237394c1c7dbf2fd73417173318d22f4b";
sha256 = "sha256-NryxSekO8oSxsnv5G9mFZExm4Pwfc778mslyUDuDhlM=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.24.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4";
sha256 = "sha256-fSH3cxl/76DwkE8dHSR9uao9Vf1sJrhz7SmUSgDNodI=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.25.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=4bd9877f62166b7e369773ab92fe24a39f6515f8";
sha256 = "sha256-VMtR/sF8F1BMKmJ06ZZEPNH/+l0RySy/E6lVWdCyFKE=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.26.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=deae293f399dde3773cf37dfa9b77ca7e04ef772";
sha256 = "sha256-sCC3KE9adavw7jHMTVlxtyuwDFCPRDqT24H3AKUYf68=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.27.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=e40b83335bb33d9a2d1c06cc269875b3b3d6c539";
sha256 = "sha256-cviCfBkzacAtnHGW87RLshhduE4Ym/v2Vq4h/sZDmZg=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.28.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=11e1cffb7e2492ddac4ab8d19ce466783adbb957";
sha256 = "sha256-I1feoneVeU3XkscKfVprWWJfLUnrc5oauMXYDyDxo5M=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.29.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=13dce204cf6f3f0f49c9949971052a4c9657c0c0";
sha256 = "sha256-DzFHxgR9A8FNZ/y9OMeBvTp1K6J5ePyL06dhHQmk7Ik=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.30.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=2f4430cc0a44fd8c8aa7aee5c51887667ad3d6c3";
sha256 = "sha256-AufP/10/auO4NMjYQ7yPDDbYShwGaktyQtqJx2Jasz8=";
})
# October 2022 security patches
# https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.1.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=f6b6236077f059e64ee315f2d7acb8fa4eda87c5";
sha256 = "sha256-pk02iVf/u6CdsVjl8HaFBh0Bt473ZQzz5zBp9SoBLtE=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.2.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=9c76ec09ae08155df27cd237eaea150b4f02f532";
sha256 = "sha256-axbEOH5WFkUroGna2XY1f2kq7+B1Cs6LiubIA2EBdiM=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.3.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e";
sha256 = "sha256-aKDUVS/Yx1c87NCrt4EG8BlSpkHijUyAJIwbmtzNjD8=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.4.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=c51292274ded3259eb04c2f1c8d253ffbdb5216a";
sha256 = "sha256-OLNOKuAJuHy2MBMnU2xcYM7AaxmDk9fchXhggoDrxJU=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.5.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=23843fe8947e4da955a05ad3d1858725bfcb56c8";
sha256 = "sha256-ptn00nqVJlEb1c6HhoMy9nrBuctH077LM4yXKsK47gc=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.6.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=b9396daf1c2e3cdc0a1e69b056852e0769fb24de";
sha256 = "sha256-K7XNneDZjLpZh/C908+5uYsB/0oIdgQqmk0yJrdQLG4=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.7.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1d2015598cc7a9fca4b39186273e3519a88e80c7";
sha256 = "sha256-s4pZtszH4b/0u85rpzVapZmNQdYEq/wW06SQ3PW/1aU=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.8.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=93a786a00163e50c29f0394df198518617e1c9a5";
sha256 = "sha256-R8x557RMAxJ0ZV2jb6zDmwOPVlk6875q37fNpqKsPT0=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.9.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1eac01c147b4d85d2ec4a7e5671fa4345f2e8549";
sha256 = "sha256-eOnhmU3pT5cCVnNHcY/BzDjldfs7yh/OGsxa15tGv94=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.10.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=992c06191babc1e109caf40d6a07ec6fdef427af";
sha256 = "sha256-kezNKPcLmFXwyZbXtJbaPTIbE8tijmHIzdC2jsKwrNk=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.11.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=9d81f71c6b8f55cf20cd56f5fe29c759df9b48cc";
sha256 = "sha256-jnniVGy4KvFGFmcOP2YLA46k3cK8vwoByo19ismVUzE=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.12.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=22b77b87e10a3a6c9bb9885415bc9a9c678378e6";
sha256 = "sha256-iYTEqN5997I7MVIg82jt/bbEAYhcgq8fNRCNPpY9ze0=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.13.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1514678888595ef41a968a0c69b7ff769edd1e9c";
sha256 = "sha256-tgAEoAtaNKJjscjMFkXXiVn59Pa4c+NiQ3iVW6CMrpo=";
})
];
postPatch = if kbdcompSupport then ''
sed -i util/grub-kbdcomp.in -e 's@\bckbcomp\b@${ckbcomp}/bin/ckbcomp@'
'' else ''
echo '#! ${runtimeShell}' > util/grub-kbdcomp.in
echo 'echo "Compile grub2 with { kbdcompSupport = true; } to enable support for this command."' >> util/grub-kbdcomp.in
'';
# autoreconfHook required for the splashimage patch.
nativeBuildInputs = [ autoreconfHook ];
buildInputs = [ texinfo ];
depsBuildBuild = [ buildPackages.stdenv.cc ];
nativeBuildInputs = [ bison flex python3 pkg-config gettext freetype autoreconfHook ];
buildInputs = [ ncurses libusb-compat-0_1 freetype lvm2 fuse libtool bash ]
++ lib.optional doCheck qemu
++ lib.optional zfsSupport zfs;
hardeningDisable = [ "format" "stackprotector" ];
strictDeps = true;
passthru.grubTarget = "";
hardeningDisable = [ "all" ];
separateDebugInfo = !xenSupport;
# Work around a bug in the generated flex lexer (upstream flex bug?)
env.NIX_CFLAGS_COMPILE = "-Wno-error";
preConfigure =
'' for i in "tests/util/"*.in
do
sed -i "$i" -e's|/bin/bash|${stdenv.shell}|g'
done
# Apparently, the QEMU executable is no longer called
# `qemu-system-i386', even on i386.
#
# In addition, use `-nodefaults' to avoid errors like:
#
# chardev: opening backend "stdio" failed
# qemu: could not open serial device 'stdio': Invalid argument
#
# See <http://www.mail-archive.com/qemu-devel@nongnu.org/msg22775.html>.
sed -i "tests/util/grub-shell.in" \
-e's/qemu-system-i386/qemu-system-x86_64 -nodefaults/g'
unset CPP # setting CPP intereferes with dependency calculation
patchShebangs .
substituteInPlace ./configure --replace '/usr/share/fonts/unifont' '${unifont}/share/fonts'
'';
configureFlags = [
"--enable-grub-mount" # dep of os-prober
] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
# grub doesn't do cross-compilation as usual and tries to use unprefixed
# tools to target the host. Provide toolchain information explicitly for
# cross builds.
#
# Ref: # https://github.com/buildroot/buildroot/blob/master/boot/grub2/grub2.mk#L108
"TARGET_CC=${stdenv.cc.targetPrefix}cc"
"TARGET_NM=${stdenv.cc.targetPrefix}nm"
"TARGET_OBJCOPY=${stdenv.cc.targetPrefix}objcopy"
"TARGET_RANLIB=${stdenv.cc.targetPrefix}ranlib"
"TARGET_STRIP=${stdenv.cc.targetPrefix}strip"
] ++ lib.optional zfsSupport "--enable-libzfs"
++ lib.optionals efiSupport [ "--with-platform=efi" "--target=${efiSystemsBuild.${stdenv.hostPlatform.system}.target}" "--program-prefix=" ]
++ lib.optionals xenSupport [ "--with-platform=xen" "--target=${efiSystemsBuild.${stdenv.hostPlatform.system}.target}"];
# save target that grub is compiled for
grubTarget = if efiSupport
then "${efiSystemsInstall.${stdenv.hostPlatform.system}.target}-efi"
else lib.optionalString inPCSystems "${pcSystems.${stdenv.hostPlatform.system}.target}-pc";
doCheck = false;
enableParallelBuilding = true;
postInstall = ''
# Avoid a runtime reference to gcc
sed -i $out/lib/grub/*/modinfo.sh -e "/grub_target_cppflags=/ s|'.*'|' '|"
# just adding bash to buildInputs wasn't enough to fix the shebang
substituteInPlace $out/lib/grub/*/modinfo.sh \
--replace ${buildPackages.bash} "/usr/bin/bash"
'';
passthru.tests = {
nixos-grub = nixosTests.grub;
nixos-install-simple = nixosTests.installer.simple;
nixos-install-grub-uefi = nixosTests.installer.simpleUefiGrub;
nixos-install-grub-uefi-spec = nixosTests.installer.simpleUefiGrubSpecialisation;
};
meta = with lib; {
homepage = "https://www.gnu.org/software/grub";
description = "GRand Unified Bootloader";
license = licenses.gpl2;
platforms = platforms.linux;
description = "GNU GRUB, the Grand Unified Boot Loader (2.x beta)";
longDescription =
'' GNU GRUB is a Multiboot boot loader. It was derived from GRUB, GRand
Unified Bootloader, which was originally designed and implemented by
Erich Stefan Boleyn.
Briefly, the boot loader is the first software program that runs when a
computer starts. It is responsible for loading and transferring
control to the operating system kernel software (such as the Hurd or
the Linux). The kernel, in turn, initializes the rest of the
operating system (e.g., GNU).
'';
homepage = "https://www.gnu.org/software/grub/";
license = licenses.gpl3Plus;
platforms = platforms.gnu ++ platforms.linux;
maintainers = [ maintainers.samueldr ];
};
}
})

34
pkgs/tools/misc/grub/grub1.patches.nix
View File

@ -1,34 +0,0 @@
# Generated by grub1-patches.sh
let
prefix = "https://salsa.debian.org/grub-team/grub-legacy/raw/1dad5507d74ef97fdd3c6cf2a028084f6f2850c3/debian/patches";
in
[
{ url = "${prefix}/snapshot.patch"; sha256 = "0ixymrn5w1dq0kkxnzdjwwvhjchgyrlivfvnrfncxcv30v84xzna"; }
{ url = "${prefix}/menu.lst_gnu-hurd.patch"; sha256 = "0mz8dvgmxlyrl28dza1ncfq1xipihxgymw4aw688bgg7xxmw7jbs"; }
{ url = "${prefix}/graphics.patch"; sha256 = "1v9kp832f3rhncfdrd28djhw0zfrznfmiadch33mclnkcxprcqcs"; }
{ url = "${prefix}/raid.patch"; sha256 = "0cq6dz5s7m48g76frvbf296bv4pvqkxqcbydsvs43ymqdsary7hj"; }
{ url = "${prefix}/raid_cciss.patch"; sha256 = "0sy5xvzjsllgbn26nykkq4b69lp1fcwjkjs2kmxq38sk3dzadjfl"; }
{ url = "${prefix}/xfs_freeze.patch"; sha256 = "1wqgj8ar4x4zwa37bj4a7kldiz5v92msigy3cv879nnk6sz4rmhg"; }
{ url = "${prefix}/2gb_limit.patch"; sha256 = "06f9lfl4va3alz87wzli0df5ay0xxlqj2akr2dcay6jr27z6ks29"; }
{ url = "${prefix}/grub-special_device_names.patch"; sha256 = "098608xh20sqdjqf42fm2z23r8xd9ify1v0vmy1j9qhrhk3g9qyz"; }
{ url = "${prefix}/grub-xvd_drives.patch"; sha256 = "13k0m1c1w5d1d4qd1bshjc8kp7qba4agk2j64gb7mg8vfzjd35bj"; }
{ url = "${prefix}/initrd_max_address.patch"; sha256 = "05q90rxdnyncpanhbkrknshkk7g8ff4v8fpk7wj4sg8666d9llg3"; }
{ url = "${prefix}/splashimage_help.patch"; sha256 = "1lj3xh56wf1pdcf0fg585vmggrz7qqfzbhg91qv0rf4snf3ybfvr"; }
{ url = "${prefix}/grub-install_addsyncs.patch"; sha256 = "1dzcpxi806kw3j8mx4amyy4ibc0ir3qhqyyyxz3w43741p351r65"; }
{ url = "${prefix}/grub-install_regexp.patch"; sha256 = "0ph9lb63x858019c25aa3fpsm8rzn00ad8fp88yqqvq0xq2jxq69"; }
{ url = "${prefix}/grub-install_aoe_support.patch"; sha256 = "19szmvg13h2hhijrwbgdszldg26iz7vjnagvajxb7nav7vca6k3n"; }
{ url = "${prefix}/grub-install_xvd.patch"; sha256 = "1cgh731nhs0chj2r2dzh5dcfj5xmap34i3fk0i0aq59j83cwflgz"; }
{ url = "${prefix}/geometry-26kernel.patch"; sha256 = "01vka7jrxrwlj9m1d6schygyh964a3k1rdrm3j9x910xkz74i13n"; }
{ url = "${prefix}/print_func.patch"; sha256 = "0dvrcy1i58fgrv2x1qniqfr5az9b834hm5l94k0cy8ii2nfvk27g"; }
{ url = "${prefix}/mprotect.patch"; sha256 = "0ahgnhgw2b86j024ajs6m3h2fy2shqdssjzz0ahk8ny9f4mnvns6"; }
{ url = "${prefix}/savedefault.patch"; sha256 = "1l6x1s9mxkrf3k4j9dpg7qhvrk816vs70sw073iiisvqspnrz2j3"; }
{ url = "${prefix}/find-grub-dir.patch"; sha256 = "1vkgig4dylji03jflwikhap87lz8l470ck1bhmcy8jh0slg6ndbf"; }
{ url = "${prefix}/intelmac.patch"; sha256 = "04l9mk9xm9ml8vdlpbv3qbj7gbaa0g5k4dl7xp8wm7kmqwxd9l3m"; }
{ url = "${prefix}/crossreference_manpages.patch"; sha256 = "0kd12ck4s4bg414fmllgvq8n4b58i3kgdhmcx6riaz43gg2g2b9p"; }
{ url = "${prefix}/ext3_256byte_inode.patch"; sha256 = "0ay9svbdj7mw8p1ld0iiryg6nhd9hc1xpmr9rqg9990xzmg2h4pi"; }
{ url = "${prefix}/objcopy-absolute.patch"; sha256 = "0hkmicjli7bsmc56kr40ls21v6x3yd188xpwc08dvqxnb0763077"; }
{ url = "${prefix}/no-reorder-functions.patch"; sha256 = "0gmv0nzkqim2901hd0an90kwnr83155qp2zjp52biznad2p415gw"; }
{ url = "${prefix}/modern-automake.patch"; sha256 = "08l3y6cbk6gfj63kpqlpzrlain7nmvki7jjjxq86n7himj078znj"; }
{ url = "${prefix}/no-combine-stack-adjustments.patch"; sha256 = "0h4di8zja0rg45rs02x9qm8q1vxly1bcl6ms08wgdl5ywn6849nr"; }
{ url = "${prefix}/no-pie.patch"; sha256 = "0kshdsclza7lsd31apd28qq04arv42nd6wsj2v6q6jx7f8bgdaqw"; }
]

70
pkgs/tools/misc/grub/grub1.patches.sh
View File

@ -1,70 +0,0 @@
#!/usr/bin/env nix-shell
#!nix-shell -p nix -i bash --pure
# Does like `maintainers/scripts/debian-patches.sh`, but specialized for
# grub1 patches, and using the new salsa service.
# Most common usage: `pkgs/tools/misc/grub/grub1.patches.sh pkgs/tools/misc/grub/grub1.patches.nix`
# That is, after updating the script with the new list from the series file,
# removing (by commenting) patches as required.
set -e
set -u
# https://salsa.debian.org/grub-team/grub-legacy/tree/master/debian/patches
SERIES=(
snapshot.patch
menu.lst_gnu-hurd.patch
graphics.patch
raid.patch
raid_cciss.patch
xfs_freeze.patch
2gb_limit.patch
grub-special_device_names.patch
grub-xvd_drives.patch
initrd_max_address.patch
splashimage_help.patch
grub-install_addsyncs.patch
grub-install_regexp.patch
grub-install_aoe_support.patch
grub-install_xvd.patch
geometry-26kernel.patch
print_func.patch
mprotect.patch
savedefault.patch
find-grub-dir.patch
intelmac.patch
crossreference_manpages.patch
ext3_256byte_inode.patch
# Breaks on NixOS.
#use_grub-probe_in_grub-install.patch
objcopy-absolute.patch
no-reorder-functions.patch
# We aren't building amd64 binaries, see #244498
#fix_amd64_compile.patch
modern-automake.patch
no-combine-stack-adjustments.patch
no-pie.patch
)
# Revision mapping to current tip of the 0.97-73 branch.
rev="1dad5507d74ef97fdd3c6cf2a028084f6f2850c3"
prefix="https://salsa.debian.org/grub-team/grub-legacy/raw/${rev}/debian/patches"
FILE="$1"
shift
cat <<EOF > "$FILE"
# Generated by grub1-patches.sh
let
prefix = "${prefix}";
in
[
EOF
for PATCH in "${SERIES[@]}"; do
URL="$prefix/$PATCH"
HASH="$(nix-prefetch-url "$URL")"
echo "{ url = \"\${prefix}/$PATCH\"; sha256 = \"$HASH\"; }" >> "$FILE"
done
echo "]" >> "$FILE"

37
pkgs/tools/misc/grub/symlink.patch
View File

@ -1,37 +0,0 @@
diff -rc grub-0.97-orig/util/grub-install.in grub-0.97/util/grub-install.in
*** grub-0.97-orig/util/grub-install.in 2008-09-18 11:32:13.000000000 +0200
--- grub-0.97/util/grub-install.in 2008-09-18 11:36:40.000000000 +0200
***************
*** 194,217 ****
# Usage: resolve_symlink file
# Find the real file/device that file points at
resolve_symlink () {
! tmp_fname=$1
! # Resolve symlinks
! while test -L $tmp_fname; do
! tmp_new_fname=`ls -al $tmp_fname | sed -n 's%.*-> \(.*\)%\1%p'`
! if test -z "$tmp_new_fname"; then
! echo "Unrecognized ls output" 2>&1
! exit 1
! fi
!
! # Convert relative symlinks
! case $tmp_new_fname in
! /*) tmp_fname="$tmp_new_fname"
! ;;
! *) tmp_fname="`echo $tmp_fname | sed 's%/[^/]*$%%'`/$tmp_new_fname"
! ;;
! esac
! done
! echo "$tmp_fname"
}
# Usage: find_device file
--- 194,200 ----
# Usage: resolve_symlink file
# Find the real file/device that file points at
resolve_symlink () {
! readlink -f $1
}
# Usage: find_device file

1
pkgs/top-level/aliases.nix
View File

@ -648,6 +648,7 @@ mapAliases ({
gr-osmosdr = gnuradio3_7.pkgs.osmosdr; # Added 2019-05-27, changed 2020-10-16
gr-rds = gnuradio3_7.pkgs.rds; # Added 2019-05-27, changed 2020-10-16
grub2_full = grub2; # Added 2022-11-18
grub = throw "grub1 was removed after not being maintained upstream for a decade. Please switch to another bootloader"; # Added 2023-04-11
grv = throw "grv has been dropped due to the lack of maintenance from upstream since 2019"; # Added 2022-06-01
gsettings_desktop_schemas = throw "'gsettings_desktop_schemas' has been renamed to/replaced by 'gsettings-desktop-schemas'"; # Converted to throw 2022-02-22
gsl_1 = throw "'gsl_1' has been renamed to/replaced by 'gsl'"; # Added 2022-11-19

6
pkgs/top-level/all-packages.nix
View File

@ -8168,15 +8168,11 @@ with pkgs;
grpc-client-cli = callPackage ../development/tools/misc/grpc-client-cli { };
grub = pkgsi686Linux.callPackage ../tools/misc/grub ({
stdenv = overrideCC stdenv buildPackages.pkgsi686Linux.gcc6;
} // (config.grub or {}));
trustedGrub = pkgsi686Linux.callPackage ../tools/misc/grub/trusted.nix { };
trustedGrub-for-HP = pkgsi686Linux.callPackage ../tools/misc/grub/trusted.nix { for_HP_laptop = true; };
grub2 = callPackage ../tools/misc/grub/2.0x.nix {
grub2 = callPackage ../tools/misc/grub/default.nix {
# update breaks grub2
gnulib = pkgs.gnulib.overrideAttrs (_: rec {
version = "20200223";