[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 4/5] Add -k, --pubkey=FILE support to grub-install command
From: |
Andrey Borzenkov |
Subject: |
Re: [PATCH v2 4/5] Add -k, --pubkey=FILE support to grub-install command |
Date: |
Fri, 6 Sep 2013 23:40:10 +0400 |
В Fri, 6 Sep 2013 09:18:52 -0700
Jon McCune <address@hidden> пишет:
> This simply passes along the public key to the grub-mkimage invocation
>
> Signed-off-by: Jon McCune <address@hidden>
> ---
> util/grub-install.in | 13 +++++++++----
> util/grub-install_header | 6 ++++++
> 2 files changed, 15 insertions(+), 4 deletions(-)
>
> diff --git a/util/grub-install.in b/util/grub-install.in
> index 1816bb1..3df0087 100644
> --- a/util/grub-install.in
> +++ b/util/grub-install.in
> @@ -650,10 +650,15 @@ case
> "${grub_modinfo_target_cpu}-${grub_modinfo_platform}" in
> *) imgext=img ;;
> esac
>
> +pubkey_file_arg=""
> +if [ -e "$pubkey_file" ]; then
> + pubkey_file_arg="--pubkey=$pubkey_file"
> +fi
> +
You should return an error if file does not exist, not silently ignore
it.
> + --pubkey | -k)
> + pubkey_file=`argument $option "$@"`;
> grub_process_install_options_consumed=2 ;;
> + --pubkey=*)
> + pubkey_file=`echo "$option" | sed 's/--pubkey=//'`
> grub_process_install_options_consumed=1;;
grub-mkimage supports multiple keys. This will work only for exactly
one.
> --modules)
> modules=`argument $option "$@"`;
> grub_process_install_options_consumed=2;;
> --modules=*)
- Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, (continued)
- Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Andrey Borzenkov, 2013/09/06
- Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Jonathan McCune, 2013/09/06
- Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Andrey Borzenkov, 2013/09/07
- Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Jonathan McCune, 2013/09/09
- Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Andrey Borzenkov, 2013/09/19
- Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Jonathan McCune, 2013/09/19
- Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Vladimir 'φ-coder/phcoder' Serbinenko, 2013/09/19
- Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Andrey Borzenkov, 2013/09/19
[PATCH v2 3/5] save_env should work, even if check_signatures=enforce, Jon McCune, 2013/09/06
[PATCH v2 4/5] Add -k, --pubkey=FILE support to grub-install command, Jon McCune, 2013/09/06
- Re: [PATCH v2 4/5] Add -k, --pubkey=FILE support to grub-install command,
Andrey Borzenkov <=
[PATCH v2 5/5] Additional security-relevant documentation, Jon McCune, 2013/09/06