Ubuntu
grub-installer package

support for preseeding the password

Bug #17267 reported by Timo Aaltonen on 2005-05-19

Affects		Status	Importance	Assigned to	Milestone
	grub-installer (Ubuntu)	Fix Released	Wishlist	Colin Watson

Bug Description

Here's the patch, or at least the first _untested_ version of it, to add
preseeding support for the grub password. Admin has to set one or two keys

grub-installer/password string

for the password and optionally

grub-installer/password-crypted boolean

to specify if it is encrypted. Actually, I think it might be stupid to allow
preseeding unencrypted passwords, because menu.lst is world readable... But this
patch allows it.

After update_grub is run /target/boot/grub/menu.lst is available, and the
postinst checks if grub-installer/password is available. If it is, similar check
is made for grub-installer/password-crypted and if it returns true,
password_opts is set. Then it echos the full line to a file, and a sed-line
appends this line after the "# password" -line. This is the only way that _I_
got it working ;)

Revision history for this message

Timo Aaltonen (tjaalton) wrote on 2005-05-19:

patch for preseeding grub password Edit (925 bytes, text/plain)

Created an attachment (id=2441)
patch for preseeding grub password

this is against upstream svn, checked yesterday.

Revision history for this message

Timo Aaltonen (tjaalton) wrote on 2005-05-19:

here's a better version, actually works Edit (935 bytes, text/plain)

Created an attachment (id=2444)
here's a better version, actually works

Revision history for this message

Colin Watson (cjwatson) wrote on 2005-05-20:

(In reply to comment #0)
> Here's the patch, or at least the first _untested_ version of it, to add
> preseeding support for the grub password. Admin has to set one or two keys
>
> grub-installer/password string
>
> for the password and optionally
>
> grub-installer/password-crypted boolean
>
> to specify if it is encrypted.

Thanks, committed upstream, with a few changes:

  * I fixed up some quoting so that strange characters in passwords won't
adversely affect grub-installer's operation.
  * You didn't supply template changes, so I did those.
  * I arranged for the password question to be asked in expert mode, rather than
only being available for preseeding.
  * I removed the temporary file after use.

... and:

> Actually, I think it might be stupid to allow
> preseeding unencrypted passwords, because menu.lst is world readable... But this
> patch allows it.

* Easily solved: I made grub-installer take the world-readable bit off
menu.lst if a password is set.

Thanks!

Revision history for this message

Colin Watson (cjwatson) wrote on 2005-06-06:

grub-installer 1.09ubuntu1 uploaded, including:

grub-installer (1.09) unstable; urgency=low

  * Timo Aaltonen, Colin Watson
    - In expert mode, ask for a GRUB password (if left blank, no password is
      set). Provide a grub-installer/password-crypted question which is
      never asked but allows the password to be kept encrypted in preseed
      files. If a password is set, make sure menu.lst isn't world-readable.
  * Christian Perrier
    - Style consistency changes on the GRUB password template
  * Updated translations:
    - Arabic (ar.po) by Ossama M. Khayat
    - Bulgarian (bg.po) by Ognyan Kulev
    - Czech (cs.po) by Miroslav Kure
    - Danish (da.po) by Claus Hindsgaul
    - German (de.po) by Dennis Stampfer
    - Greek (el.po) by Greek Translation Team
    - Spanish (es.po) by Javier Fernández-Sanguino Peña
    - Basque (eu.po)
    - French (fr.po) by Christian Perrier
    - Italian (it.po) by Giuseppe Sacco
    - Japanese (ja.po) by Kenshi Muto
    - Korean (ko.po) by Changwoo Ryu
    - Portuguese (pt.po) by Miguel Figueiredo
    - Portuguese (Brazil) (pt_BR.po) by André Luís Lopes
    - Russian (ru.po) by Yuri Kozlov
    - Albanian (sq.po) by Elian Myftiu
    - Turkish (tr.po) by Recai Oktaş
    - Ukrainian (uk.po) by Eugeniy Meshcheryakov
    - Simplified Chinese (zh_CN.po) by Carlos Z.F. Liu