X-Git-Url: https://code.delx.au/refind/blobdiff_plain/37c98e1a4e30f80d6a7f7158bc27c81a1c3cac37..af701e2da03597cc45fa171febf7933b1357564a:/refind-install?ds=sidebyside
diff --git a/refind-install b/refind-install
index 495892f..68ab959 100755
--- a/refind-install
+++ b/refind-install
@@ -39,8 +39,12 @@
# Revision history:
#
+# 0.10.2 -- Improved Secure Boot detection in Linux, fixed --usedefault in OS X,
+# and fixed bug that could cause mountesp to be installed as a FILE
+# called /usr/local/bin in OS X.
# 0.10.1 -- Improve extraction of default kernel options from /proc/cmdline.
-# Add support for AMD64 (aka AARCH64, aa64) platform.
+# Add support for AMD64 (aka AARCH64, aa64) platform. Added
+# warning when --alldrivers used without --usedefault.
# 0.10.0 -- Enable running under OS X's recovery system & add warning about
# SIP & brief instructions on how to deal with it if SIP is
# detected to be enabled. Also change way refind_linux.conf default
@@ -181,6 +185,17 @@ GetParams() {
echo "The --keepname option is incompatible with --usedefault! Aborting!"
exit 1
fi
+ if [[ "$InstallDrivers" == "all" && "$TargetDir" != "/EFI/BOOT" ]] ; then
+ echo "The --alldrivers option is meant for creating USB flash drives with (near-)"
+ echo "universal boot support. Using it on a hard disk partition runs the risk of"
+ echo "creating serious problems, up to and including rendering your computer"
+ echo -n "unbootable. Are you SURE you want to proceed (Y/N)? "
+ ReadYesNo
+ if [[ "$YesNo" != "Y" && "$YesNo" != "y" ]] ; then
+ echo "Aborting installation!"
+ exit 0
+ fi
+ fi
RLConfFile="$RootDir/boot/refind_linux.conf"
EtcKeysDir="$RootDir/etc/refind.d/keys"
} # GetParams()
@@ -779,14 +794,14 @@ SetupMacHfs() {
ProductName
rEFInd
ProductVersion
- 0.10.0
+ 0.10.2
ENDOFHERE
} # SetupMacHfs()
CheckForSIP() {
- if [[ -x "/usr/bin/csrutil" ]] ; then
+ if [[ -x "/usr/bin/csrutil" && -z "$TargetPart" ]] ; then
local OKToInstall=`/usr/bin/csrutil status | \
grep "Protection status: disabled\|enabled (Apple Internal)\|NVRAM Protections: disabled"`
if [[ -z "$OKToInstall" ]] ; then
@@ -839,7 +854,7 @@ CheckForSIP() {
# Sets Problems=1 if problems found during the installation.
InstallOnOSX() {
echo "Installing rEFInd on OS X...."
- if [[ "$InstallToEspOnMac" == "1" ]] ; then
+ if [[ "$InstallToEspOnMac" == "1" && -z "$TargetPart" ]] ; then
MountOSXESP
elif [[ "$TargetDir" == "/EFI/BOOT" || "$OwnHfs" == '1' ]] ; then
MountDefaultTarget
@@ -850,8 +865,9 @@ InstallOnOSX() {
DetermineTargetDir
CheckForSIP
CopyRefindFiles
- cp "$ThisDir/mountesp" /usr/local/bin &> /dev/null
- if [[ $InstallToEspOnMac == "1" ]] ; then
+ mkdir -p /usr/local/bin &> /dev/null
+ cp "$ThisDir/mountesp" /usr/local/bin/ &> /dev/null
+ if [[ $InstallToEspOnMac == "1" && -z "$TargetPart" ]] ; then
bless --mount "$InstallDir" --setBoot --file "$InstallDir/$TargetDir/$Refind" --shortform
elif [[ "$TargetDir" != "/EFI/BOOT" ]] ; then
bless --setBoot --folder "$InstallDir/$TargetDir" --file "$InstallDir/$TargetDir/$Refind"
@@ -884,11 +900,11 @@ InstallOnOSX() {
# If we're NOT in Secure Boot mode but the user HAS specified the --shim
# or --localkeys option, warn the user and offer to abort.
CheckSecureBoot() {
- local IsSecureBoot
- if [[ -f /sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data ]] ; then
+ IsSecureBoot="0"
+ if [[ -f /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c ]] ; then
+ IsSecureBoot=`od -An -t u1 /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c | awk '{print substr($0,length,1)}'`
+ elif [[ -f /sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data ]] ; then
IsSecureBoot=`od -An -t u1 /sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data | tr -d '[[:space:]]'`
- else
- IsSecureBoot="0"
fi
if [[ $IsSecureBoot == "1" && "$TargetDir" != '/EFI/BOOT' && "$ShimSource" == "none" ]] ; then
echo ""
@@ -988,12 +1004,12 @@ GenerateKeys() {
# Sign a single binary. Requires parameters:
# $1 = source file
# $2 = destination file
-# Also assumes that the SBSign, PESign, UseSBSign, UsePESign, and various key variables are set
-# appropriately.
+# Also assumes that the SBSign and various key variables are set appropriately.
# Aborts script on error
SignOneBinary() {
- $SBSign --key "$PrivateKey" --cert "$CertKey" --output "$2" "$1"
- if [[ $? != 0 ]] ; then
+ $SBSign --key "$PrivateKey" --cert "$CertKey" --output "$2" "$1" 2>&1 >/dev/null | \
+ grep -v "data remaining.*gaps between PE/COFF sections"
+ if [[ "${PIPESTATUS[0]}" != 0 ]] ; then
echo "Problem signing the binary $1! Aborting!"
exit 1
fi