Bug#713886: grub-common: grub-mkconfig empties grub.cfg; old content not saved; system remains unbootable.
Hans Putter
putter at online.de
Sun Jun 23 14:44:20 UTC 2013
Package: grub-common
Version: 1.99-27+deb7u1
Severity: critical
Justification: breaks the whole system
-- System Information:
Debian Release: 7.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages grub-common depends on:
ii gettext-base 0.18.1.1-9
ii libc6 2.13-38
ii libdevmapper1.02.1 2:1.02.74-7
ii libfreetype6 2.4.9-1.1
ii libfuse2 2.9.0-2+deb7u1
ii liblzma5 5.1.1alpha+20120614-2
ii zlib1g 1:1.2.7.dfsg-13
Versions of packages grub-common recommends:
ii os-prober 1.58
Versions of packages grub-common suggests:
ii desktop-base 7.0.3
pn grub-emu <none>
pn multiboot-doc <none>
pn xorriso <none>
-- Configuration Files:
/etc/grub.d/10_linux changed:
set -e
prefix=/usr
exec_prefix=${prefix}
bindir=${exec_prefix}/bin
libdir=${exec_prefix}/lib
. ${libdir}/grub/grub-mkconfig_lib
export TEXTDOMAIN=grub
export TEXTDOMAINDIR=${prefix}/share/locale
USERS="--users nn"
CLASS="--class gnu-linux --class gnu --class os"
if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then
OS=GNU/Linux
else
OS="${GRUB_DISTRIBUTOR} GNU/Linux"
CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr '[A-Z]' '[a-z]' |
cut -d' ' -f1) ${CLASS}"
fi
case ${GRUB_DEVICE} in
/dev/loop/*|/dev/loop[0-9])
GRUB_DEVICE=`losetup ${GRUB_DEVICE} | sed -e
"s/^[^(]*(\([^)]\+\)).*/\1/"`
;;
esac
if [ "x${GRUB_DEVICE_UUID}" = "x" ] || [ "x${GRUB_DISABLE_LINUX_UUID}" =
"xtrue" ] \
|| ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \
|| uses_abstraction "${GRUB_DEVICE}" lvm; then
LINUX_ROOT_DEVICE=${GRUB_DEVICE}
else
LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID}
fi
linux_entry ()
{
os="$1"
version="$2"
recovery="$3"
args="$4"
if ${recovery} ; then
title="$(gettext_quoted "%s, with Linux %s (recovery mode)")"
else
title="$(gettext_quoted "%s, with Linux %s")"
fi
printf "set superusers='root'"
printf "\n"
printf "password_pbkdf2 nn
grub.pbkdf2.sha512.10000.68C2C1973B5C76F588F748D212BBFDC028A8F024BD7B8474B0F47424434E70BC802775B111DB5CF747B3F30074005179AD824D8FE6E926FD7F370F0107F89FA0.20B31D520A002081D3EEC45688AED57023AA7C226EE23278CD040B57EBBC14F37ED376473F4DEF214B1FBE2D505A9F2BC4BC58A410BAE624C4EFF0EFEDE6527E"
printf "\n"
printf "menuentry '${title}' $USERS ${CLASS} {\n" "${os}" "${version}"
save_default_entry | sed -e "s/^/\t/"
# Use ELILO's generic "efifb" when it's known to be available.
# FIXME: We need an interface to select vesafb in case efifb can't
be used.
if [ "x$GRUB_GFXPAYLOAD_LINUX" != x ]; then
cat << EOF
set gfxpayload=$GRUB_GFXPAYLOAD_LINUX
EOF
fi
if [ -z "${prepare_boot_cache}" ]; then
prepare_boot_cache="$(prepare_grub_to_access_device
${GRUB_DEVICE_BOOT} | sed -e "s/^/\t/")"
fi
printf '%s\n' "${prepare_boot_cache}"
message="$(gettext_printf "Loading Linux %s ..." ${version})"
cat << EOF
echo '$message'
linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion}
ro ${args}
EOF
if test -n "${initrd}" ; then
message="$(gettext_printf "Loading initial ramdisk ...")"
cat << EOF
echo '$message'
initrd ${rel_dirname}/${initrd}
EOF
fi
cat << EOF
}
EOF
}
list=`for i in /boot/vmlinu[zx]-* /vmlinu[zx]-* ; do
if grub_file_is_not_garbage "$i" ; then echo -n "$i " ; fi
done`
prepare_boot_cache=
while [ "x$list" != "x" ] ; do
linux=`version_find_latest $list`
echo "Found linux image: $linux" >&2
basename=`basename $linux`
dirname=`dirname $linux`
rel_dirname=`make_system_path_relative_to_its_root $dirname`
version=`echo $basename | sed -e "s,^[^0-9]*-,,g"`
alt_version=`echo $version | sed -e "s,\.old$,,g"`
linux_root_device_thisversion="${LINUX_ROOT_DEVICE}"
initrd=
for i in "initrd.img-${version}" "initrd-${version}.img" \
"initrd-${version}" "initramfs-${version}.img" \
"initrd.img-${alt_version}" "initrd-${alt_version}.img" \
"initrd-${alt_version}" "initramfs-${alt_version}.img"; do
if test -e "${dirname}/${i}" ; then
initrd="$i"
break
fi
done
if test -n "${initrd}" ; then
echo "Found initrd image: ${dirname}/${initrd}" >&2
else
# "UUID=" magic is parsed by initrds. Since there's no initrd,
it can't work here.
linux_root_device_thisversion=${GRUB_DEVICE}
fi
linux_entry "${OS}" "${version}" false \
"${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
if [ "x${GRUB_DISABLE_LINUX_RECOVERY}" != "xtrue" ]; then
linux_entry "${OS}" "${version}" true \
"single ${GRUB_CMDLINE_LINUX}"
fi
list=`echo $list | tr ' ' '\n' | grep -vx $linux | tr '\n' ' '`
done
/etc/grub.d/40_custom changed:
exec tail -n +3 $0
menuentry 'PC neu starten' {
echo '-e' '\r\n\n\n\n\n\n\n=== PC wird neu gestartet ===\r\n\n\n'
sleep 3
reboot
}
menuentry 'PC ausschalten' {
echo '-e' '\r\n\n\n\n\n\n\n=== PC wird ausgeschaltet ===\r\n\n\n'
sleep 3
halt --no-apm
}
/etc/grub.d/README [Errno 2] Datei oder Verzeichnis nicht gefunden:
u'/etc/grub.d/README'
-- no debconf information
=====================================================================
Hi,
I got an e-mail from the Debian security team with 68
upgrade-announcements, including "linux-image-3.2.0-4-amd64", which uses
the trouble-producing "grub-mkconfig" from package "grub-common". After
applying these security-upgrades my harddisk was unbootable because of
the empty file "grub.cfg". In my mind, destroying data without saving it
anywhere and without giving any notice to the enduser is a very critical
and not tolerable security problem.
Further informations in the two appended files.
Regards,
Hans Putter
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: etc-default-grub
URL: <http://lists.alioth.debian.org/pipermail/pkg-grub-devel/attachments/20130623/46562b82/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: grub-empty.cfg
URL: <http://lists.alioth.debian.org/pipermail/pkg-grub-devel/attachments/20130623/46562b82/attachment-0001.ksh>
More information about the Pkg-grub-devel
mailing list