Bug#1134454: grub-efi-amd64 : postinst fails with syntax error during upgrade and is corrupting multi-line variables in /etc/default/grub
OliSPeedY
olispeedy at gmail.com
Mon Apr 20 12:07:30 BST 2026
Package: grub-efi-amd64
Version: 2.14-2
Severity: important
The postinst scripts for GRUB (generated from debian/config.in and
debian/postinst.in) incorrectly handle /etc/default/grub when variables
like
GRUB_CMDLINE_LINUX_DEFAULT use shell line-continuation characters (\).
Steps to reproduce:
1. Use a valid multi-line definition in /etc/default/grub, for example:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash \
video=1920x1080"
That is just a simple example to reproduce the issue.
In my specific case on 1 machine, I use multiple lines to manage GPU
stability
parameters:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash xdg.force_integrated=1 \
video=DP-1:1920x1080 at 100e \
drm.edid_firmware=DP-1:lg-tv.edid.bin \
amdgpu.gpu_recovery=1 amdgpu.aspm=0 amdgpu.runpm=0 amdgpu.sg_display=0
amdgpu.dc=1 amdgpu.dcfeaturemask=0x4"
Note: Putting everything on one line is a workaround, but it is
impractical for
long, complex command lines.
2. Run update-grub2. Observe that it works correctly with the
line-continuation
characters (\).
3. Trigger a package reconfiguration: dpkg-reconfigure grub-efi-amd64
(or an
apt upgrade if an update is available).
Actual Result:
The package configuration fails with the following error:
E: Sub-process /usr/bin/dpkg returned an error code (1)
Setting up grub-efi-amd64 (2.14-2)…
/var/lib/dpkg/info/grub-efi-amd64.config: 105: /etc/default/grub: Syntax
error:
EOF in backquote substitution
dpkg: error processing package grub-efi-amd64 (--configure):
old grub-efi-amd64 package postinst maintainer script subprocess failed
with
exit status 2
Errors were encountered while processing:
grub-efi-amd64
Technical Analysis:
The script's sed logic in the maintainer scripts attempts to modify or
merge
parameters. Because sed is line-oriented, it fails to recognize that the
variable definition continues across multiple lines.
In my case, the script successfully appends the parameters to a new
single line
but fails to remove or comment out the original continuation lines. This
results in corrupted file entries like this:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash xdg.force_integrated=1
video=DP-1:1920x1080 at 100e drm.edid_firmware=DP-1:lg-tv.edid.bin
amdgpu.gpu_recovery=1 amdgpu.aspm=0 amdgpu.runpm=0 amdgpu.sg_display=0
amdgpu.dc=1 amdgpu.dcfeaturemask=0x4"
video=DP-1:1920x1080 at 100e \
drm.edid_firmware=DP-1:lg-tv.edid.bin \
amdgpu.gpu_recovery=1 amdgpu.aspm=0 amdgpu.runpm=0 amdgpu.sg_display=0
amdgpu.dc=1 amdgpu.dcfeaturemask=0x4"
Probable Root Cause:
The reliance on line-based regex tools (sed/grep) in debian/postinst.in
to
modify a file that is ultimately parsed as a shell script is too
limited. These
tools are not "shell-aware" and do not recognize that a variable
definition is
still "open" if the line ends with a backslash (\).
The problem occurs when upgrading grub-efi-amd64, but the origin is most
likely in:
Package: grub2-common
Version: 2.14-2
Suggested Fix:
The postinst script should use a more robust parsing logic that detects
line-continuation characters before attempting sed substitutions.
Alternatively, if the script detects a backslash (\) at the end of a
GRUB_
variable line, it should skip automated modification and warn the user
rather
than corrupting the configuration file and breaking the package
management
state.
*********************** BEGIN /proc/mounts
/dev/mapper/levi_vg-root / ext4
rw,noatime,nodiratime,discard,errors=remount-ro 0 0
/dev/nvme0n1p2 /boot ext4 rw,relatime 0 0
/dev/mapper/levi_vg-var /var ext4 rw,noatime,nodiratime,discard 0 0
/dev/mapper/levi_vg-home /home btrfs
rw,noatime,nodiratime,ssd,discard,space_cache=v2,subvolid=5,subvol=/ 0 0
*********************** END /proc/mounts
*********************** BEGIN /boot/grub/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#
### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
set have_grubenv=true
load_env
fi
if [ "${env_block}" ] ; then
set env_block="(${root})${env_block}"
export env_block
load_env -f "${env_block}"
fi
if [ "${next_entry}" ] ; then
set default="${next_entry}"
set next_entry=
if [ "${env_block}" ] ; then
save_env -f "${env_block}" next_entry
else
save_env next_entry
fi
set boot_once=true
else
set default="0"
fi
if [ x"${feature_menuentry_id}" = xy ]; then
menuentry_id_option="--id"
else
menuentry_id_option=""
fi
export menuentry_id_option
if [ "${prev_saved_entry}" ]; then
set saved_entry="${prev_saved_entry}"
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
fi
function savedefault {
if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
if [ "${env_block}" ] ; then
save_env -f "${env_block}" saved_entry
else
save_env saved_entry
fi
fi
}
function load_video {
if [ x$grub_platform = xefi ]; then
insmod efi_gop
elif [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
}
if [ x$feature_default_font_path = xy ] ; then
font=unicode
else
insmod part_gpt
insmod ext2
search --no-floppy --fs-uuid --set=root
a4cfaacd-a5ca-4c4b-9305-3f4b1e5dc385
font="/grub/unicode.pf2"
fi
if loadfont $font ; then
set gfxmode=auto
load_video
insmod gfxterm
set locale_dir=$prefix/locale
set lang=en_US
insmod gettext
fi
terminal_output gfxterm
if [ "${recordfail}" = 1 ] ; then
set timeout=30
else
if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
set timeout=5
fi
fi
### END /etc/grub.d/00_header ###
### BEGIN /etc/grub.d/05_debian_theme ###
insmod part_gpt
insmod ext2
search --no-floppy --fs-uuid --set=root
a4cfaacd-a5ca-4c4b-9305-3f4b1e5dc385
insmod png
if background_image "/grub/.background_cache.png"; then
set color_normal=white/black
set color_highlight=black/white
else
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
fi
### END /etc/grub.d/05_debian_theme ###
### BEGIN /etc/grub.d/10_linux ###
set linux_gfx_mode=
export linux_gfx_mode
menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class
gnu --class os $menuentry_id_option
'gnulinux-simple-2fa574e6-b53b-45d5-a422-6ca1260987dd' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod ext2
search --no-floppy --fs-uuid --set=root
a4cfaacd-a5ca-4c4b-9305-3f4b1e5dc385
echo 'Loading Linux 6.19.11+deb14-amd64 ...'
linux /vmlinuz-6.19.11+deb14-amd64 root=/dev/mapper/levi_vg-root ro
net.ifnames=0 quiet splash xdg.force_integrated=1
video=DP-1:1920x1080 at 100e drm.edid_firmware=DP-1:lg-tv.edid.bin
amdgpu.gpu_recovery=1 amdgpu.aspm=0 amdgpu.runpm=0 amdgpu.sg_display=0
amdgpu.dc=1 amdgpu.dcfeaturemask=0x4
echo 'Loading initial ramdisk ...'
initrd /initrd.img-6.19.11+deb14-amd64
}
submenu 'Advanced options for Debian GNU/Linux' $menuentry_id_option
'gnulinux-advanced-2fa574e6-b53b-45d5-a422-6ca1260987dd' {
menuentry 'Debian GNU/Linux, with Linux 6.19.11+deb14-amd64' --class
debian --class gnu-linux --class gnu --class os $menuentry_id_option
'gnulinux-6.19.11+deb14-amd64-advanced-2fa574e6-b53b-45d5-a422-6ca1260987dd'
{
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod ext2
search --no-floppy --fs-uuid --set=root
a4cfaacd-a5ca-4c4b-9305-3f4b1e5dc385
echo 'Loading Linux 6.19.11+deb14-amd64 ...'
linux /vmlinuz-6.19.11+deb14-amd64 root=/dev/mapper/levi_vg-root ro
net.ifnames=0 quiet splash xdg.force_integrated=1
video=DP-1:1920x1080 at 100e drm.edid_firmware=DP-1:lg-tv.edid.bin
amdgpu.gpu_recovery=1 amdgpu.aspm=0 amdgpu.runpm=0 amdgpu.sg_display=0
amdgpu.dc=1 amdgpu.dcfeaturemask=0x4
echo 'Loading initial ramdisk ...'
initrd /initrd.img-6.19.11+deb14-amd64
}
menuentry 'Debian GNU/Linux, with Linux 6.19.11+deb14-amd64 (recovery
mode)' --class debian --class gnu-linux --class gnu --class os
$menuentry_id_option
'gnulinux-6.19.11+deb14-amd64-recovery-2fa574e6-b53b-45d5-a422-6ca1260987dd'
{
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod ext2
search --no-floppy --fs-uuid --set=root
a4cfaacd-a5ca-4c4b-9305-3f4b1e5dc385
echo 'Loading Linux 6.19.11+deb14-amd64 ...'
linux /vmlinuz-6.19.11+deb14-amd64 root=/dev/mapper/levi_vg-root ro
single dis_ucode_ldr net.ifnames=0
echo 'Loading initial ramdisk ...'
initrd /initrd.img-6.19.11+deb14-amd64
}
menuentry 'Debian GNU/Linux, with Linux 6.19.10+deb14-amd64' --class
debian --class gnu-linux --class gnu --class os $menuentry_id_option
'gnulinux-6.19.10+deb14-amd64-advanced-2fa574e6-b53b-45d5-a422-6ca1260987dd'
{
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod ext2
search --no-floppy --fs-uuid --set=root
a4cfaacd-a5ca-4c4b-9305-3f4b1e5dc385
echo 'Loading Linux 6.19.10+deb14-amd64 ...'
linux /vmlinuz-6.19.10+deb14-amd64 root=/dev/mapper/levi_vg-root ro
net.ifnames=0 quiet splash xdg.force_integrated=1
video=DP-1:1920x1080 at 100e drm.edid_firmware=DP-1:lg-tv.edid.bin
amdgpu.gpu_recovery=1 amdgpu.aspm=0 amdgpu.runpm=0 amdgpu.sg_display=0
amdgpu.dc=1 amdgpu.dcfeaturemask=0x4
echo 'Loading initial ramdisk ...'
initrd /initrd.img-6.19.10+deb14-amd64
}
menuentry 'Debian GNU/Linux, with Linux 6.19.10+deb14-amd64 (recovery
mode)' --class debian --class gnu-linux --class gnu --class os
$menuentry_id_option
'gnulinux-6.19.10+deb14-amd64-recovery-2fa574e6-b53b-45d5-a422-6ca1260987dd'
{
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod ext2
search --no-floppy --fs-uuid --set=root
a4cfaacd-a5ca-4c4b-9305-3f4b1e5dc385
echo 'Loading Linux 6.19.10+deb14-amd64 ...'
linux /vmlinuz-6.19.10+deb14-amd64 root=/dev/mapper/levi_vg-root ro
single dis_ucode_ldr net.ifnames=0
echo 'Loading initial ramdisk ...'
initrd /initrd.img-6.19.10+deb14-amd64
}
}
### END /etc/grub.d/10_linux ###
### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###
### BEGIN /etc/grub.d/25_bli ###
if [ "$grub_platform" = "efi" ]; then
insmod bli
fi
### END /etc/grub.d/25_bli ###
### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###
### BEGIN /etc/grub.d/30_uefi-firmware ###
if [ "$grub_platform" = "efi" ]; then
fwsetup --is-supported
if [ "$?" = 0 ]; then
menuentry 'UEFI Firmware Settings' $menuentry_id_option
'uefi-firmware' {
fwsetup
}
fi
fi
### END /etc/grub.d/30_uefi-firmware ###
### BEGIN /etc/grub.d/35_fwupd ###
### END /etc/grub.d/35_fwupd ###
### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries. Simply
type the
# menu entries you want to add after this comment. Be careful not to
change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###
### BEGIN /etc/grub.d/41_custom ###
if [ -f ${config_directory}/custom.cfg ]; then
source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then
source $prefix/custom.cfg
fi
### END /etc/grub.d/41_custom ###
*********************** END /boot/grub/grub.cfg
*********************** BEGIN /proc/mdstat
cat: /proc/mdstat: No such file or directory
*********************** END /proc/mdstat
-- System Information:
Debian Release: forky/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.19.11+deb14-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages grub-efi-amd64 depends on:
ii debconf 1.5.92
ii grub-efi-amd64-bin 2.14-2
ii grub2-common 2.14-2
ii ucf 3.0053
Versions of packages grub2-common depends on:
ii gettext-base 0.23.2-2
ii libc6 2.42-14
ii libdevmapper1.02.1 2:1.02.205-2+b1
ii libefiboot1t64 39-2+b1
ii libefivar1t64 39-2+b1
ii libfreetype6 2.14.3+dfsg-1
ii libfuse3-4 3.18.2-1
ii liblzma5 5.8.3-1
Versions of packages grub2-common recommends:
ii os-prober 1.84
Versions of packages grub2-common suggests:
ii console-setup 1.247
ii desktop-base 14.0.0~pre3
pn grub-emu <none>
pn mtools <none>
pn multiboot-doc <none>
ii xorriso 1.5.6-1.2+b2
-- no debconf information
More information about the Pkg-grub-devel
mailing list