From: srs5694 Date: Wed, 9 Dec 2015 20:34:38 +0000 (-0500) Subject: Added rudimentary debconf support for Debian package. X-Git-Url: https://code.delx.au/refind/commitdiff_plain/a685467b7efc9a27ea7cf0318d35577b80c63356 Added rudimentary debconf support for Debian package. --- diff --git a/Makefile b/Makefile index 6426e8d..ec8c892 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ MOK_DIR=mok GPTSYNC_DIR=gptsync EFILIB_DIR=EfiLib export EDK2BASE=/usr/local/UDK2014/MyWorkSpace -export REFIND_VERSION='L"0.10.0.10"' +export REFIND_VERSION='L"0.10.0.11"' # The "all" target builds with the TianoCore library if possible, but falls # back on the more easily-installed GNU-EFI library if TianoCore isn't diff --git a/debian/changelog b/debian/changelog index aaa3946..d2462d8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,90 @@ -refind (0.10.0-1) UNRELEASED; urgency=medium +refind (0.10.0.11-0ppa9) trusty; urgency=medium - * Initial release (Closes: #715426) + * Version bump - -- Tianon Gravi Wed, 25 Nov 2015 09:07:15 -0800 + -- Roderick Smith Wed, 09 Dec 2015 12:52:52 -0500 + +refind (0.10.0-0ppa1) trusty; urgency=medium + + * Version bump + + -- Roderick Smith Sun, 08 Nov 2015 16:53:35 -0500 + +refind (0.9.2-0ppa1) trusty; urgency=medium + + * Version bump + + -- Roderick Smith Sat, 19 Sep 2015 10:42:58 -0400 + +refind (0.9.1-0ppa1) trusty; urgency=medium + + * Version bump + + -- Roderick Smith Sun, 13 Sep 2015 17:14:29 -0400 + +refind (0.9.0-0ppa1) trusty; urgency=medium + + * Version bump + + -- Roderick Smith Sun, 26 Jul 2015 12:36:11 -0400 + +refind (0.8.7-0ppa2) trusty; urgency=medium + + * Fix Debian packaging error affecting IA32 platforms + + -- Roderick Smith Thu, 19 Mar 2015 20:25:03 -0400 + +refind (0.8.7-0ppa1) trusty; urgency=medium + + * Version bump + + -- Roderick Smith Sun, 01 Mar 2015 18:32:25 -0500 + +refind (0.8.6-0ppa1) trusty; urgency=medium + + * Version bump + + -- Roderick Smith Sun, 08 Feb 2015 09:38:43 -0500 + +refind (0.8.4-0ppa1) trusty; urgency=medium + + * Version bump + + -- Rod Smith Mon, 08 Dec 2014 12:28:56 -0400 + +refind (0.8.3-0ppa1) trusty; urgency=medium + + * Version bump + + -- Rod Smith Sun, 06 Jul 2014 12:28:56 -0400 + +refind (0.8.2-0ppa3) trusty; urgency=medium + + * Removed stray debugging code that caused pause during startup + + -- Rod Smith Sun, 08 Jun 2014 16:48:48 -0400 + +refind (0.8.2-0ppa2) trusty; urgency=medium + + * Version bump + + -- Rod Smith Sun, 08 Jun 2014 12:32:48 -0400 + +refind (0.8.1-0ppa2) trusty; urgency=medium + + * Revised Debian package to not use version numbers in /usr/share directory names + + -- Rod Smith Fri, 16 May 2014 14:57:11 -0400 + +refind (0.8.0-0ppa1) trusty; urgency=medium + + * Updated for version 0.8.0 + + -- Rod Smith Fri, 16 May 2014 09:01:45 -0400 + +refind (0.7.8-0ppa1) trusty; urgency=low + + [ Roderick W. Smith ] + * Initial release. (Closes: #1136112) + + -- Rod Smith Sun, 9 Mar 2014 07:59:50 -0500 diff --git a/debian/config b/debian/config new file mode 100644 index 0000000..a12b996 --- /dev/null +++ b/debian/config @@ -0,0 +1,9 @@ +#!/bin/sh + +set -e + +. /usr/share/debconf/confmodule + +db_input high refind/install_to_esp || true + +db_go || true diff --git a/debian/control b/debian/control index fe66d1c..baf29b1 100644 --- a/debian/control +++ b/debian/control @@ -11,7 +11,7 @@ Vcs-Git: git://anonscm.debian.org/collab-maint/refind.git Package: refind Architecture: amd64 i386 arm64 -Depends: efibootmgr, openssl, parted, ${misc:Depends} +Depends: debconf, efibootmgr, openssl, parted, ${misc:Depends} Description: boot manager for EFI-based computers A graphical boot manager for EFI- and UEFI-based computers, such as all Intel-based Macs and recent (most 2011 and later) PCs. rEFInd presents a diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in new file mode 100644 index 0000000..cef83a3 --- /dev/null +++ b/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] templates diff --git a/debian/po/templates.pot b/debian/po/templates.pot new file mode 100644 index 0000000..fd188ef --- /dev/null +++ b/debian/po/templates.pot @@ -0,0 +1,43 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: refind\n" +"Report-Msgid-Bugs-To: refind@packages.debian.org\n" +"POT-Creation-Date: 2015-12-09 13:29-0500\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Automatically install rEFInd to the ESP?" +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"It is necessary to install rEFInd to the EFI System Partition (ESP) for it " +"to control the boot process." +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:1001 +#, no-c-format +msgid "" +"Not installing the new rEFInd binary on the ESP may leave the system in an " +"unbootable state. Alternatives to automatically installing rEFInd include " +"running /usr/sbin/refind-install by hand or installing the rEFInd binaries " +"manually by copying them from subdirectories of /usr/share/refind-%Version." +msgstr "" diff --git a/debian/postinst b/debian/postinst index af73308..898fde3 100755 --- a/debian/postinst +++ b/debian/postinst @@ -4,47 +4,93 @@ set -e -# Remove any existing NVRAM entry for rEFInd, to avoid creating a duplicate. -ExistingEntry=`efibootmgr | grep "rEFInd Boot Manager" | cut -c 5-8` -if [[ -n $ExistingEntry ]] ; then - efibootmgr --bootnum $ExistingEntry --delete-bootnum &> /dev/null +if [ -f /usr/share/debconf/confmodule ] ; then + . /usr/share/debconf/confmodule fi -cd /usr/share/refind +install_to_esp() { + # Remove any existing NVRAM entry for rEFInd, to avoid creating a duplicate. + ExistingEntry=`efibootmgr | grep "rEFInd Boot Manager" | cut -c 5-8` + if [[ -n $ExistingEntry ]] ; then + efibootmgr --bootnum $ExistingEntry --delete-bootnum &> /dev/null + fi -if [[ -f /sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data ]] ; then - IsSecureBoot=`od -An -t u1 /sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data | tr -d '[[:space:]]'` -else - IsSecureBoot="0" -fi -# Note: Two find operations for ShimFile favors shim over PreLoader -- if both are -# present, the script uses shim rather than PreLoader. -declare ShimFile=`find /boot -name shim\.efi -o -name shimx64\.efi -o -name PreLoader\.efi 2> /dev/null | head -n 1` -if [[ ! -n $ShimFile ]] ; then - declare ShimFile=`find /boot -name PreLoader\.efi 2> /dev/null | head -n 1` -fi -declare SBSign=`which sbsign 2> /dev/null` -declare OpenSSL=`which openssl 2> /dev/null` - -# Run the rEFInd installation script. Do so with the --shim option -# if Secure Boot mode is suspected and if a shim program can be -# found, or without it if not. If a shim installation is attempted -# and the sbsign and openssl programs can be found, do the install -# using a local signing key. Note that this option is undesirable -# for a distribution, since it would then require the user to -# enroll an extra MOK. I'm including it here because I'm NOT a -# distribution maintainer, and I want to encourage users to use -# their own local keys. -if [[ $IsSecureBoot == "1" && -n $ShimFile ]] ; then - if [[ -n $SBSign && -n $OpenSSL ]] ; then - ./refind-install --shim $ShimFile --localkeys --yes - else - ./refind-install --shim $ShimFile --yes - fi -else - if [[ -n $SBSign && -n $OpenSSL ]] ; then - ./refind-install --localkeys --yes - else - ./refind-install --yes - fi -fi + cd /usr/share/refind + + if [[ -f /sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data ]] ; then + IsSecureBoot=`od -An -t u1 /sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data | tr -d '[[:space:]]'` + else + IsSecureBoot="0" + fi + # Note: Two find operations for ShimFile favors shim over PreLoader -- if both are + # present, the script uses shim rather than PreLoader. + declare ShimFile=`find /boot -name shim\.efi -o -name shimx64\.efi -o -name PreLoader\.efi 2> /dev/null | head -n 1` + if [[ ! -n $ShimFile ]] ; then + declare ShimFile=`find /boot -name PreLoader\.efi 2> /dev/null | head -n 1` + fi + declare SBSign=`which sbsign 2> /dev/null` + declare OpenSSL=`which openssl 2> /dev/null` + + # Run the rEFInd installation script. Do so with the --shim option + # if Secure Boot mode is suspected and if a shim program can be + # found, or without it if not. If a shim installation is attempted + # and the sbsign and openssl programs can be found, do the install + # using a local signing key. Note that this option is undesirable + # for a distribution, since it would then require the user to + # enroll an extra MOK. I'm including it here because I'm NOT a + # distribution maintainer, and I want to encourage users to use + # their own local keys. + if [[ $IsSecureBoot == "1" && -n $ShimFile ]] ; then + if [[ -n $SBSign && -n $OpenSSL ]] ; then + ./refind-install --shim $ShimFile --localkeys --yes + else + ./refind-install --shim $ShimFile --yes + fi + else + if [[ -n $SBSign && -n $OpenSSL ]] ; then + ./refind-install --localkeys --yes + else + ./refind-install --yes + fi + fi +} # install_to_esp() + +# +# Main part of script begins +# + +case "$1" in + configure) + db_get refind/install_to_esp || true; + if [ x"$RET" = x"true" ]; then + echo "Installing rEFInd to the ESP..." + install_to_esp + else + echo "** Not installing rEFInd to the ESP! **" + echo "If you want rEFInd to control the boot process, you can do so by runing:" + echo "" + echo "dpkg-reconfigure refind" + echo "" + fi + ;; + + reconfigure) + db_get refind/install_to_esp || true; + if [ x"$RET" = x"true" ]; then + echo "Installing rEFInd to the ESP..." + install_to_esp + else + echo "If rEFInd was previously configured to be your primary boot manager, you must" + echo "use efibootmgr to set the computer to boot with something else." + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + exit 0 + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 0 + ;; +esac diff --git a/debian/templates b/debian/templates new file mode 100644 index 0000000..760abe7 --- /dev/null +++ b/debian/templates @@ -0,0 +1,11 @@ +Template: refind/install_to_esp +Type: boolean +Default: true +_Description: Automatically install rEFInd to the ESP? + It is necessary to install rEFInd to the EFI System Partition (ESP) for + it to control the boot process. + . + Not installing the new rEFInd binary on the ESP may leave the system in an + unbootable state. Alternatives to automatically installing rEFInd include + running /usr/sbin/refind-install by hand or installing the rEFInd binaries + manually by copying them from subdirectories of /usr/share/refind-{version}. diff --git a/refind-install b/refind-install index 32aa8d9..eaeddcd 100755 --- a/refind-install +++ b/refind-install @@ -1000,12 +1000,12 @@ GenerateKeys() { # Sign a single binary. Requires parameters: # $1 = source file # $2 = destination file -# Also assumes that the SBSign, PESign, UseSBSign, UsePESign, and various key variables are set -# appropriately. +# Also assumes that the SBSign and various key variables are set appropriately. # Aborts script on error SignOneBinary() { - $SBSign --key "$PrivateKey" --cert "$CertKey" --output "$2" "$1" - if [[ $? != 0 ]] ; then + $SBSign --key "$PrivateKey" --cert "$CertKey" --output "$2" "$1" 2>&1 >/dev/null | \ + grep -v "data remaining.*gaps between PE/COFF sections" + if [[ "${PIPESTATUS[0]}" != 0 ]] ; then echo "Problem signing the binary $1! Aborting!" exit 1 fi