On Ma, 17 dec 19, 19:49:37, andreimpope...@gmail.com wrote: > > Additionally, if the variable is always set the checks must be changed > slightly, otherwise the script would always error out.
If I'm being a little bit paranoid about checks on the file I figured I might as well issue a message in case the file is a symlink. Updated patch attached. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser
From 3179b3155004a455f3ceb1e5a67e7d5b4d359f60 Mon Sep 17 00:00:00 2001
From: Andrei POPESCU <andreimpope...@gmail.com>
Date: Sun, 8 Dec 2019 11:53:36 +0200
Subject: [PATCH] Add option to append one or more custom entries from an
external file
This patch adds a new option U_BOOT_CUSTOM_ENTRIES to specify an
external file to be appended to extlinux.conf.
default:
Add the new option commented out, with the default value.
u-boot-update:
Do some basic checks on the file (exists, regular file, readable,
non-zero length).
Issue an info message in case the file is a symlink.
Issue a warning in case the file is not owned by root, but don't
error out (the sysadmin may have good reasons for that).
u-boot-update.8:
Document the new option in the manpage, including some safety/security
warnings.
---
default | 1 +
u-boot-update | 36 ++++++++++++++++++++++++++++++++++++
u-boot-update.8 | 2 ++
3 files changed, 39 insertions(+)
diff --git a/default b/default
index 4389a87..7e6804d 100644
--- a/default
+++ b/default
@@ -11,4 +11,5 @@
#U_BOOT_TIMEOUT="50"
#U_BOOT_FDT=""
#U_BOOT_FDT_DIR="/usr/lib/linux-image-"
+#U_BOOT_CUSTOM_ENTRIES="/etc/default/u-boot-custom"
diff --git a/u-boot-update b/u-boot-update
index 2bf151b..dddb923 100755
--- a/u-boot-update
+++ b/u-boot-update
@@ -82,6 +82,7 @@ U_BOOT_TIMEOUT="${U_BOOT_TIMEOUT:-50}"
U_BOOT_MENU_LABEL="Debian GNU/Linux kernel"
U_BOOT_PARAMETERS="${U_BOOT_PARAMETERS:-ro quiet}"
U_BOOT_FDT_DIR="${U_BOOT_FDT_DIR:-/usr/lib/linux-image-}"
+U_BOOT_CUSTOM_ENTRIES="${U_BOOT_CUSTOM:-/etc/default/u-boot-custom}"
# Find parameter for root from fstab
if [ -z "${U_BOOT_ROOT}" ]
@@ -216,5 +217,40 @@ done
_NUMBER=""
+# Append custom entries if any
+if [ -f "${U_BOOT_CUSTOM_ENTRIES}" ]
+then
+ if [ ! -r "${U_BOOT_CUSTOM_ENTRIES}" ]
+ then
+ echo 'E: The file '"${U_BOOT_CUSTOM_ENTRIES}"' is unreadable'
+ exit 1
+ fi
+
+ if [ ! -s "${U_BOOT_CUSTOM_ENTRIES}" ]
+ then
+ echo 'E: The file '"${U_BOOT_CUSTOM_ENTRIES}"' is empty'
+ exit 1
+ fi
+
+ if [ ! -O "${U_BOOT_CUSTOM_ENTRIES}" ]
+ then
+ echo 'W: The file '"${U_BOOT_CUSTOM_ENTRIES}"' is NOT owned by root'
+ fi
+
+ if [ -h "${U_BOOT_CUSTOM_ENTRIES}" ]
+ then
+ _SYMLINK_TARGET=$(readlink -f "${U_BOOT_CUSTOM_ENTRIES}")
+ echo 'I: The file '"${U_BOOT_CUSTOM_ENTRIES}"' is a symbolic link pointing to '"${_SYMLINK_TARGET}"
+ fi
+
+echo 'P: Appending custom entries from '"${U_BOOT_CUSTOM_ENTRIES}"'...'
+
+# Writing custom entries
+_CONFIG="${_CONFIG}
+
+$(< "${U_BOOT_CUSTOM_ENTRIES}")
+"
+fi
+
Update "${_U_BOOT_DIRECTORY}/extlinux.conf" "${_CONFIG}"
diff --git a/u-boot-update.8 b/u-boot-update.8
index 3397bc8..7e88000 100644
--- a/u-boot-update.8
+++ b/u-boot-update.8
@@ -26,6 +26,8 @@ This variable specifies additional boot parameters that are appended to each ker
This variable specifies the root partition. It is automatically extracted from /etc/fstab. U\-BOOT supports both devices and UUIDs.
.IP "U_BOOT_TIMEOUT=""\fB50\fR""" 4
This variable specifies the time that U\-BOOT should wait for user input during boot. Values are in decisecond greater than 0 (e.g. '10' for a 1 second timeout), 0 specifies to wait forever. The default is 50.
+.IP "U_BOOT_CUSTOM_ENTRIES=""/path/to/file""" 4
+This variable specifies the name of a file containing one or more custom entries. The file is appended \fBas is\fR, without any checks for validity or safety. For security reasons the file should not be writable to untrusted users as it can be used to gain root access to the system (e.g. by adding a boot entry with "init=/bin/sh" as kernel parameter). u\-boot\-update will issue a warning if the file is not owned by root. The default is '/etc/default/u-boot-custom'.
.SH FILES
/etc/default/u-boot
--
2.20.1
signature.asc
Description: PGP signature
