Public bug reported:
setting grub with encrypted password fails if set in 40_custom.
I have added to /etc/grub.d/40_custom this:
set supersusers="tuxer"
password_pbkdf2 tuxer grub.pbkdf2.sha512.10000...ETC...98A
i have rebooted and it did not asked to enter user and password, it
acted as i didnt set any user/password protection.
It only started working when instead what i added in 40_custom was set
in /etc/grub.d/00_header and added:
cat << EOF
set superusers="tuxer"
password_pbkdf2 tuxer grub.pbkdf2.sha512.10000...ETC...98A
EOF
To note that i did add:
--user ''
to the menuentries in /etc/grub.d/10_linux (else it wouldnt also work).
Bottom line is that the changes made in grub2 in raring triggered some
malfunction, so that the entries added in 40_custom script are
irrelevant.
Im also pasting here /boot/grub/grub.cfg to clear any doubts about what im
reporting:
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#
### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
set have_grubenv=true
load_env
fi
set default="${saved_entry}"
if [ x"${feature_menuentry_id}" = xy ]; then
menuentry_id_option="--id"
else
menuentry_id_option=""
fi
export menuentry_id_option
if [ "${prev_saved_entry}" ]; then
set saved_entry="${prev_saved_entry}"
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
fi
function savedefault {
if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
fi
}
function recordfail {
set recordfail=1
if [ -n "${have_grubenv}" ]; then if [ -z "${boot_once}" ]; then save_env
recordfail; fi; fi
}
function load_video {
if [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
}
if [ x$feature_default_font_path = xy ] ; then
font=unicode
else
insmod part_msdos
insmod ext2
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1
--hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1
b1d6e1b4-06c3-46e4-b73e-4457969910a6
else
search --no-floppy --fs-uuid --set=root b1d6e1b4-06c3-46e4-b73e-4457969910a6
fi
font="/grub/unicode.pf2"
fi
if loadfont $font ; then
set gfxmode=auto
load_video
insmod gfxterm
set locale_dir=$prefix/locale
set lang=pt_PT
insmod gettext
fi
terminal_output gfxterm
if [ "${recordfail}" = 1 ]; then
set timeout=-1
else
set timeout=10
fi
set superusers="tuxer"
password_pbkdf2 tuxer grub.pbkdf2.sha512.10000...ETC...98A
### END /etc/grub.d/00_header ###
### BEGIN /etc/grub.d/05_debian_theme ###
set menu_color_normal=white/black
set menu_color_highlight=black/light-gray
if background_color 44,0,30; then
clear
fi
### END /etc/grub.d/05_debian_theme ###
### BEGIN /etc/grub.d/10_linux ###
function gfxmode {
set gfxpayload="${1}"
if [ "${1}" = "keep" ]; then
set vt_handoff=vt.handoff=7
else
set vt_handoff=
fi
}
if [ "${recordfail}" != 1 ]; then
if [ -e ${prefix}/gfxblacklist.txt ]; then
if hwmatch ${prefix}/gfxblacklist.txt 3; then
if [ ${match} = 0 ]; then
set linux_gfx_mode=keep
else
set linux_gfx_mode=text
fi
else
set linux_gfx_mode=text
fi
else
set linux_gfx_mode=keep
fi
else
set linux_gfx_mode=text
fi
export linux_gfx_mode
if [ "${linux_gfx_mode}" != "text" ]; then load_video; fi
menuentry 'Ubuntu' --class ubuntu --class gnu-linux --class gnu --class os
--users "" $menuentry_id_option
'gnulinux-simple-4f3ff71a-012b-4910-9cf7-73af48e49905' {
recordfail
savedefault
gfxmode $linux_gfx_mode
insmod gzio
insmod part_msdos
insmod ext2
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1
--hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1
b1d6e1b4-06c3-46e4-b73e-4457969910a6
else
search --no-floppy --fs-uuid --set=root
b1d6e1b4-06c3-46e4-b73e-4457969910a6
fi
linux /vmlinuz-3.7.0-6-generic root=/dev/mapper/ubu-root ro quiet
splash $vt_handoff
initrd /initrd.img-3.7.0-6-generic
}
submenu 'Advanced options for Ubuntu' $menuentry_id_option
'gnulinux-advanced-4f3ff71a-012b-4910-9cf7-73af48e49905' {
menuentry 'Ubuntu, com Linux 3.7.0-6-generic' --class ubuntu --class
gnu-linux --class gnu --class os --users "" $menuentry_id_option
'gnulinux-3.7.0-6-generic-advanced-4f3ff71a-012b-4910-9cf7-73af48e49905' {
recordfail
savedefault
gfxmode $linux_gfx_mode
insmod gzio
insmod part_msdos
insmod ext2
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root
--hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1
b1d6e1b4-06c3-46e4-b73e-4457969910a6
else
search --no-floppy --fs-uuid --set=root
b1d6e1b4-06c3-46e4-b73e-4457969910a6
fi
echo 'A carregar Linux 3.7.0-6-generic ...'
linux /vmlinuz-3.7.0-6-generic root=/dev/mapper/ubu-root ro
quiet splash $vt_handoff
echo 'A carregar ramdisk inicial ...'
initrd /initrd.img-3.7.0-6-generic
}
menuentry 'Ubuntu, com Linux 3.7.0-6-generic (modo de recuperação)'
--class ubuntu --class gnu-linux --class gnu --class os --users ""
$menuentry_id_option
'gnulinux-3.7.0-6-generic-recovery-4f3ff71a-012b-4910-9cf7-73af48e49905' {
recordfail
insmod gzio
insmod part_msdos
insmod ext2
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root
--hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1
b1d6e1b4-06c3-46e4-b73e-4457969910a6
else
search --no-floppy --fs-uuid --set=root
b1d6e1b4-06c3-46e4-b73e-4457969910a6
fi
echo 'A carregar Linux 3.7.0-6-generic ...'
linux /vmlinuz-3.7.0-6-generic root=/dev/mapper/ubu-root ro
recovery nomodeset
echo 'A carregar ramdisk inicial ...'
initrd /initrd.img-3.7.0-6-generic
}
menuentry 'Ubuntu, com Linux 3.5.0-17-generic' --class ubuntu --class
gnu-linux --class gnu --class os --users "" $menuentry_id_option
'gnulinux-3.5.0-17-generic-advanced-4f3ff71a-012b-4910-9cf7-73af48e49905' {
recordfail
savedefault
gfxmode $linux_gfx_mode
insmod gzio
insmod part_msdos
insmod ext2
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root
--hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1
b1d6e1b4-06c3-46e4-b73e-4457969910a6
else
search --no-floppy --fs-uuid --set=root
b1d6e1b4-06c3-46e4-b73e-4457969910a6
fi
echo 'A carregar Linux 3.5.0-17-generic ...'
linux /vmlinuz-3.5.0-17-generic root=/dev/mapper/ubu-root ro
quiet splash $vt_handoff
echo 'A carregar ramdisk inicial ...'
initrd /initrd.img-3.5.0-17-generic
}
menuentry 'Ubuntu, com Linux 3.5.0-17-generic (modo de recuperação)'
--class ubuntu --class gnu-linux --class gnu --class os --users ""
$menuentry_id_option
'gnulinux-3.5.0-17-generic-recovery-4f3ff71a-012b-4910-9cf7-73af48e49905' {
recordfail
insmod gzio
insmod part_msdos
insmod ext2
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root
--hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1
b1d6e1b4-06c3-46e4-b73e-4457969910a6
else
search --no-floppy --fs-uuid --set=root
b1d6e1b4-06c3-46e4-b73e-4457969910a6
fi
echo 'A carregar Linux 3.5.0-17-generic ...'
linux /vmlinuz-3.5.0-17-generic root=/dev/mapper/ubu-root ro
recovery nomodeset
echo 'A carregar ramdisk inicial ...'
initrd /initrd.img-3.5.0-17-generic
}
}
### END /etc/grub.d/10_linux ###
### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###
### BEGIN /etc/grub.d/20_memtest86+ ###
menuentry "Memory test (memtest86+)" --users "" {
insmod part_msdos
insmod ext2
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1
--hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1
b1d6e1b4-06c3-46e4-b73e-4457969910a6
else
search --no-floppy --fs-uuid --set=root
b1d6e1b4-06c3-46e4-b73e-4457969910a6
fi
linux16 /memtest86+.bin
}
menuentry "Memory test (memtest86+, serial console 115200)" --users "" {
insmod part_msdos
insmod ext2
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1
--hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1
b1d6e1b4-06c3-46e4-b73e-4457969910a6
else
search --no-floppy --fs-uuid --set=root
b1d6e1b4-06c3-46e4-b73e-4457969910a6
fi
linux16 /memtest86+.bin console=ttyS0,115200n8
}
### END /etc/grub.d/20_memtest86+ ###
### BEGIN /etc/grub.d/30_os-prober ###
menuentry 'Windows 7 (loader) (on /dev/sda2)' --class windows --class os
--users '' $menuentry_id_option 'osprober-chain-8880277F8027733C' {
savedefault
insmod part_msdos
insmod ntfs
set root='hd0,msdos2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos2
--hint-efi=hd0,msdos2 --hint-baremetal=ahci0,msdos2 8880277F8027733C
else
search --no-floppy --fs-uuid --set=root 8880277F8027733C
fi
chainloader +1
}
### END /etc/grub.d/30_os-prober ###
### BEGIN /etc/grub.d/30_uefi-firmware ###
### END /etc/grub.d/30_uefi-firmware ###
### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
#set supersusers="tuxer"
#password_pbkdf2 tuxer grub.pbkdf2.sha512.10000...ETC...98A
### END /etc/grub.d/40_custom ###
### BEGIN /etc/grub.d/41_custom ###
if [ -f ${config_directory}/custom.cfg ]; then
source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then
source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###
ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: grub (not installed)
ProcVersionSignature: Ubuntu 3.5.0-17.28-generic 3.5.5
Uname: Linux 3.5.0-17-generic x86_64
ApportVersion: 2.7-0ubuntu2
Architecture: amd64
Date: Fri Dec 14 23:36:11 2012
InstallationDate: Installed on 2012-11-24 (20 days ago)
InstallationMedia: Kubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.1)
MarkForUpload: True
SourcePackage: grub
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: grub (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug raring
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1090601
Title:
setting grub with encrypted password fails if set in 40_custom
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub/+bug/1090601/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
