diff options
| author | Thierry Vignaud <tv@mandriva.org> | 2010-02-08 15:31:07 +0000 |
|---|---|---|
| committer | Thierry Vignaud <tv@mandriva.org> | 2010-02-08 15:31:07 +0000 |
| commit | 6309f1af34519c066af8f8e9acc5a875a0023d35 (patch) | |
| tree | 7c5bd141e90533d5c3a3716104645cbb8f8db705 | |
| parent | 0d762a2029d46dacb7fb4616c90820e29c08722c (diff) | |
| download | drakx-6309f1af34519c066af8f8e9acc5a875a0023d35.tar drakx-6309f1af34519c066af8f8e9acc5a875a0023d35.tar.gz drakx-6309f1af34519c066af8f8e9acc5a875a0023d35.tar.bz2 drakx-6309f1af34519c066af8f8e9acc5a875a0023d35.tar.xz drakx-6309f1af34519c066af8f8e9acc5a875a0023d35.zip | |
(setupBootloader__general, crypt_grub_password, is_already_crypted,
read_grub_menu_lst, write_grub) add support for crypted grub passwords (and default to use them)
(backported from trunk)
| -rw-r--r-- | perl-install/NEWS | 1 | ||||
| -rw-r--r-- | perl-install/bootloader.pm | 38 | ||||
| -rw-r--r-- | perl-install/install/NEWS | 1 |
3 files changed, 39 insertions, 1 deletions
diff --git a/perl-install/NEWS b/perl-install/NEWS index a6c300cfa..cc425822b 100644 --- a/perl-install/NEWS +++ b/perl-install/NEWS @@ -1,4 +1,5 @@ - drakboot: + o add support for crypted grub passwords (and default to encrypt) o allow timeout to be '0' Version 11.71.10 - 17 September 2009 diff --git a/perl-install/bootloader.pm b/perl-install/bootloader.pm index 13135cc59..c8b2201f1 100644 --- a/perl-install/bootloader.pm +++ b/perl-install/bootloader.pm @@ -320,6 +320,11 @@ sub _parse_grub_menu_lst() { %b; } +sub is_already_crypted { + my ($password) = @_; + $password =~ /^$1\$/; # CHECKME: EMPIRIC +} + sub read_grub_menu_lst { my ($fstab, $grub2dev) = @_; @@ -328,6 +333,9 @@ sub read_grub_menu_lst { foreach my $keyword (grep { $_ ne 'entries' } keys %b) { $b{$keyword} = $b{$keyword} eq '' ? 1 : grub2file($b{$keyword}, $grub2dev, $fstab, \%b); } + if ($b{password} =~ /^--md5 (.*)/) { + $b{password} = $1; + } #- sanitize foreach my $e (@{$b{entries}}) { @@ -1626,6 +1634,28 @@ sub update_copy_in_boot { } } +sub crypt_grub_password { + my ($password) = @_; + require IPC::Open2; + local $ENV{LC_ALL} = 'C'; + my ($his_out, $his_in); + my $pid = IPC::Open2::open2($his_out, $his_in, "$::prefix/sbin/grub-md5-crypt"); + + my ($line, $res); + while (sysread($his_out, $line, 100)) { + if ($line =~ /Password/i) { + syswrite($his_in, "$password\n"); + } else { + $res = $line; + } + } + waitpid($pid, 0); + my $status = $? >> 8; + die "failed to encrypt password (status=$status)" if $status != 0; + chomp_($res); +} + + sub write_grub { my ($bootloader, $all_hds, $o_backup_extension) = @_; @@ -1674,7 +1704,13 @@ sub write_grub { my @conf; push @conf, $format->(grep { defined $bootloader->{$_} } qw(timeout)); - push @conf, $format->(grep { $bootloader->{$_} } qw(color password serial shade terminal viewport background foreground)); + push @conf, $format->(grep { $bootloader->{$_} } qw(color serial shade terminal viewport background foreground)); + if (my $pw = $bootloader->{password}) { + $pw = crypt_grub_password($pw) if !is_already_crypted($pw); + $bootloader->{'password --md5'} = $pw; + push @conf, $format->('password --md5'); + } + push @conf, map { $_ . ' ' . $file2grub->($bootloader->{$_}) } grep { $bootloader->{$_} } qw(gfxmenu); eval { diff --git a/perl-install/install/NEWS b/perl-install/install/NEWS index 43582b0ae..fe85ec972 100644 --- a/perl-install/install/NEWS +++ b/perl-install/install/NEWS @@ -1,4 +1,5 @@ - bootloader configuration: + o add support for crypted grub passwords (and default to encrypt) o allow timeout to be '0' Version 11.71.10 - 17 September 2009 |