Hi. Isn't exactly a bug or something that compromises the usability, but the license shouldn't use commas (that's also making expac report a wrong license). Like this: license=('GPL3' 'CC0')
Search Criteria
Package Details: grub-improved-luks2-git 2.12.r10.g04d2a50f3-1
Package Actions
| Git Clone URL: | https://aur.archlinux.org/grub-improved-luks2-git.git (read-only, click to copy) |
|---|---|
| Package Base: | grub-improved-luks2-git |
| Description: | GNU GRand Unified Bootloader (2) with Argon2 support. Patch made by Patrick Steinhardt |
| Upstream URL: | https://www.gnu.org/software/grub/ |
| Licenses: | GPL3, CC0 |
| Conflicts: | grub |
| Provides: | grub |
| Submitter: | Ax333l |
| Maintainer: | Ax333l |
| Last Packager: | Ax333l |
| Votes: | 29 |
| Popularity: | 0.81 |
| First Submitted: | 2022-01-02 14:06 (UTC) |
| Last Updated: | 2024-03-09 00:19 (UTC) |
Dependencies (18)
- device-mapper (device-mapper-gitAUR)
- freetype2 (freetype2-macosAUR, freetype2-qdoledAUR, freetype2-gitAUR)
- fuse2
- gettext (gettext-gitAUR)
- autogen (make)
- bdf-unifontAUR (make)
- bison (byacc-bisonAUR, bison-gitAUR) (make)
- git (git-gitAUR, git-glAUR) (make)
- help2man (help2man-gitAUR, python-help2manAUR) (make)
- python (python37AUR, python311AUR, python310AUR) (make)
- rsync (rsync-gitAUR, rsync-reflink-gitAUR, rsync-reflinkAUR) (make)
- texinfo (texinfo-gitAUR) (make)
- ttf-dejavu (ttf-dejavu-ibAUR, ttf-dejavu-emojilessAUR) (make)
- dosfstools (dosfstools-gitAUR) (optional) – For grub-mkrescue FAT FS and EFI support
- efibootmgr (efibootmgr-gitAUR) (optional) – For grub-install EFI support
- libisoburn (libisoburn-gitAUR) (optional) – Provides xorriso for generating grub rescue iso using grub-mkrescue
- mtools (mtools-svnAUR) (optional) – For grub-mkrescue FAT FS support
- os-prober (os-prober-gitAUR, os-prober-btrfsAUR) (optional) – To detect other OSes when generating grub.cfg in BIOS systems
Required by (313)
- apexisocreatorgui (requires grub)
- apexisocreatorscript (requires grub)
- apple_set_os (requires grub) (optional)
- arch-grub2-theme (requires grub)
- arch-matrix-grub-theme-git (requires grub)
- archiso-git (requires grub) (optional)
- archiso-grub-themes (requires grub)
- archuseriso (requires grub)
- ash-git (requires grub) (optional)
- boo-grub-git (requires grub)
- booty-git (requires grub)
- cryptboot (requires grub)
- cyberpunk-grub-theme-git (requires grub)
- dedsec-grub2-theme (requires grub)
- distro-grub-themes-arch (requires grub)
- distro-grub-themes-endeavouros (requires grub)
- distro-grub-themes-meta (requires grub)
- dracula-grub-theme-git (requires grub)
- endeavouros-galleon-grub (requires grub)
- graphite-grub-theme-default-1080p (requires grub)
- Show 293 more...
Sources (12)
<deleted-account> commented on 2022-11-28 22:53 (UTC)
Ax333l commented on 2022-11-27 12:33 (UTC)
Thank you for notifying me. I will see how much needs to be done to update it, but I am not sure if I have time to do so this week. It depends on how much I need to change the patch.
mca2 commented on 2022-11-26 00:03 (UTC) (edited on 2022-11-26 00:15 (UTC) by mca2)
The build fails with the upstream commit that the grub package in the core repository is currently based on (1514678888595ef41a968a0c69b7ff769edd1e9c). Two hunks in grub-install_luks2.patch fail because there have been small modifications in grub-core/disk/luks2.c upstream (see below).
Rejected hunks:
--- grub-core/disk/luks2.c
+++ grub-core/disk/luks2.c
@@ -353,8 +353,16 @@ luks2_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
{
grub_cryptodisk_t cryptodisk;
grub_luks2_header_t header;
+ grub_luks2_keyslot_t keyslot;
+ grub_luks2_digest_t digest;
+ grub_luks2_segment_t segment;
+ char cipher[32], *json_header = NULL, *ptr;
+ grub_size_t candidate_key_len = 0, json_idx, size;
char uuid[sizeof (header.uuid) + 1];
grub_size_t i, j;
+ grub_err_t ret;
+ gcry_md_spec_t *hash = NULL;
+ grub_json_t *json = NULL, keyslots;
if (cargs->check_boot)
return NULL;
@@ -545,15 +722,39 @@ luks2_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
return NULL;
}
- cryptodisk = grub_zalloc (sizeof (*cryptodisk));
- if (!cryptodisk)
- return NULL;
-
COMPILE_TIME_ASSERT (sizeof (cryptodisk->uuid) >= sizeof (uuid));
grub_memcpy (cryptodisk->uuid, uuid, sizeof (uuid));
+ hash = grub_crypto_lookup_md_by_name (digest.hash);
+ if (cryptodisk->hash) {
+ if (grub_strcmp(hash->name, cryptodisk->hash->name)) {
+ ret = grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "LUKS2 Module does not support using multiple SHA versions.");
+ goto err;
+ }
+ } else
+ cryptodisk->hash = hash;
+
+ /* Set up disk cipher. */
+ grub_strncpy (cipher, segment.encryption, sizeof (cipher));
+ ptr = grub_memchr (cipher, '-', grub_strlen (cipher));
+ if (!ptr) {
+ ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid encryption");
+ goto err;
+ }
+ *ptr = '\0';
+
+ ret = grub_cryptodisk_setcipher (cryptodisk, cipher, ptr + 1);
+ if (ret)
+ goto err;
+
+
cryptodisk->modname = "luks2";
return cryptodisk;
+err:
+ grub_free (json_header);
+ grub_json_free (json);
+ grub_errno = ret;
+ return NULL;
}
static grub_err_t
The upstream differences in grub-core/disk/luks2.c between the commit this package is based on (e43f3d93b28cce852c110c7a8e40d8311bcd8bb1) and the current commit (1514678888595ef41a968a0c69b7ff769edd1e9c) are:
diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
index bf741d70f..d5106402f 100644
--- a/grub-core/disk/luks2.c
+++ b/grub-core/disk/luks2.c
@@ -350,8 +350,6 @@ luks2_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
{
grub_cryptodisk_t cryptodisk;
grub_luks2_header_t header;
- char uuid[sizeof (header.uuid) + 1];
- grub_size_t i, j;
if (cargs->check_boot)
return NULL;
@@ -362,14 +360,9 @@ luks2_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
return NULL;
}
- for (i = 0, j = 0; i < sizeof (header.uuid); i++)
- if (header.uuid[i] != '-')
- uuid[j++] = header.uuid[i];
- uuid[j] = '\0';
-
- if (cargs->search_uuid != NULL && grub_strcasecmp (cargs->search_uuid, uuid) != 0)
+ if (cargs->search_uuid != NULL && grub_uuidcasecmp (cargs->search_uuid, header.uuid, sizeof (header.uuid)) != 0)
{
- grub_dprintf ("luks2", "%s != %s\n", uuid, cargs->search_uuid);
+ grub_dprintf ("luks2", "%s != %s\n", header.uuid, cargs->search_uuid);
return NULL;
}
@@ -377,13 +370,31 @@ luks2_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
if (!cryptodisk)
return NULL;
- COMPILE_TIME_ASSERT (sizeof (cryptodisk->uuid) >= sizeof (uuid));
- grub_memcpy (cryptodisk->uuid, uuid, sizeof (uuid));
+ COMPILE_TIME_ASSERT (sizeof (cryptodisk->uuid) >= sizeof (header.uuid));
+ grub_memcpy (cryptodisk->uuid, header.uuid, sizeof (header.uuid));
cryptodisk->modname = "luks2";
return cryptodisk;
}
+static grub_err_t
+luks2_base64_decode (const char *in, grub_size_t inlen, grub_uint8_t *decoded, idx_t *decodedlen)
+{
+ grub_size_t unescaped_len = 0;
+ char *unescaped = NULL;
+ bool successful;
+
+ if (grub_json_unescape (&unescaped, &unescaped_len, in, inlen) != GRUB_ERR_NONE)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("could not unescape Base64 string"));
+
+ successful = base64_decode (unescaped, unescaped_len, (char *) decoded, decodedlen);
+ grub_free (unescaped);
+ if (!successful)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("could not decode Base64 string"));
+
+ return GRUB_ERR_NONE;
+}
+
static grub_err_t
luks2_verify_key (grub_luks2_digest_t *d, grub_uint8_t *candidate_key,
grub_size_t candidate_key_len)
@@ -395,9 +406,11 @@ luks2_verify_key (grub_luks2_digest_t *d, grub_uint8_t *candidate_key,
gcry_err_code_t gcry_ret;
/* Decode both digest and salt */
- if (!base64_decode (d->digest, grub_strlen (d->digest), (char *)digest, &digestlen))
+ if (luks2_base64_decode (d->digest, grub_strlen (d->digest),
+ digest, &digestlen) != GRUB_ERR_NONE)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid digest");
- if (!base64_decode (d->salt, grub_strlen (d->salt), (char *)salt, &saltlen))
+ if (luks2_base64_decode (d->salt, grub_strlen (d->salt),
+ salt, &saltlen) != GRUB_ERR_NONE)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid digest salt");
/* Configure the hash used for the digest. */
@@ -435,8 +448,8 @@ luks2_decrypt_key (grub_uint8_t *out_key,
gcry_err_code_t gcry_ret;
grub_err_t ret;
- if (!base64_decode (k->kdf.salt, grub_strlen (k->kdf.salt),
- (char *)salt, &saltlen))
+ if (luks2_base64_decode (k->kdf.salt, grub_strlen (k->kdf.salt),
+ salt, &saltlen) != GRUB_ERR_NONE)
{
ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid keyslot salt");
goto err;
@@ -610,7 +623,15 @@ luks2_recover_key (grub_disk_t source,
grub_errno = GRUB_ERR_NONE;
ret = luks2_get_keyslot (&keyslot, &digest, &segment, json, json_idx);
if (ret)
- goto err;
+ {
+ /*
+ * luks2_get_keyslot() can fail for a variety of reasons that do not
+ * necessarily mean the next keyslot should not be tried (e.g. a new
+ * kdf type). So always try the next slot.
+ */
+ grub_dprintf ("luks2", "Failed to get keyslot %" PRIuGRUB_UINT64_T "\n", keyslot.idx);
+ continue;
+ }
if (grub_errno != GRUB_ERR_NONE)
grub_dprintf ("luks2", "Ignoring unhandled error %d from luks2_get_keyslot\n", grub_errno);
So patching the current upstream commit with grub-install_luks2.patch fails because of these minor changes:
@@ -350,8 +350,6 @@ luks2_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
@@ -362,14 +360,9 @@ luks2_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
@@ -377,13 +370,31 @@ luks2_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
Can you update grub-install_luks2.patch accordingly please, Ax333l? (There may be more issues to fix after these ones are taken care of.)
Ax333l commented on 2022-09-02 05:23 (UTC)
randomxusr I found the Argon2 implementation patches from the grub-devel but I also had to write my own patch to make grub-install work with luks2
randomxusr commented on 2022-07-31 21:29 (UTC)
Curious.
Have you added your own changes to grub in order to make this work?
Or is this simply the latest git build just working with Luks2 and Argon2?
Ax333l commented on 2022-07-29 10:26 (UTC) (edited on 2022-07-29 10:27 (UTC) by Ax333l)
I am not sure how I managed to mess up the source list but I have updated grub to the latest version.
Try deleting the grub-improved-luks2-git folder in your yay/paru cache directory if you still can't build it.
Porous3247 commented on 2022-07-27 16:17 (UTC)
Here's a patch to make the grub upstream version the same as what the official grub package has at the moment. I successfully built it.
diff --git a/PKGBUILD b/PKGBUILD
index 404e98e..5c2510d 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -20,7 +20,7 @@ _build_platforms="x86_64-efi"
_pkgname="grub"
pkgname="${_pkgname}-improved-luks2-git"
-pkgver=2.06.r110.gbe257de00
+pkgver=2.06.r261.g2f4430cc0
pkgrel=1
pkgdesc="GNU GRand Unified Bootloader (2) with Argon2 and better LUKS2 support"
arch=('x86_64')
@@ -41,12 +41,11 @@ conflicts=("${_pkgname}")
backup=('etc/default/grub'
'etc/grub.d/40_custom')
install="${pkgname}.install"
-source=("grub::git+https://git.savannah.gnu.org/git/grub.git#commit=be257de00c"
+source=("grub::git+https://git.savannah.gnu.org/git/grub.git#commit=2f4430cc0a"
"grub-extras::git+https://git.savannah.gnu.org/git/grub-extras.git"
"gnulib::git+https://git.savannah.gnu.org/git/gnulib.git"
'argon_1.patch'
'argon_2.patch'
- 'argon_2.patch'
'argon_3.patch'
'argon_4.patch'
'argon_5.patch'
@@ -75,7 +74,6 @@ sha256sums=('SKIP'
'SKIP'
'SKIP'
'SKIP'
- 'SKIP'
'5dee6628c48eef79812bb9e86ee772068d85e7fcebbd2b2b8d1e19d24eda9dab'
'580a81b00088773d554832b0d74c85bf16fec37728802973c45993bcb97cd7d5'
'791fadf182edf8d5bee4b45c008b08adce9689a9624971136527891a8f67d206')
prokoprandacek commented on 2022-07-27 10:08 (UTC)
Hi!
The update 2.06.r110.gbe257de00-1 -> 2.06.r284.g1b3d97bdf-1 seems to be no longer able to build.
...
if test x0 = x1; then strip -S -x -o kernel.img.bin kernel.exec; -felf64 -nr:_grub_mod_init:grub_mod_init -nr:_grub_mod_fini:grub_mod_fini -ed2022 -ed2016 -wd1106 -nu -nd kernel.img.bin kernel.img; rm -f kernel.img.bin; elif test ! -z ''; then strip -R .rel.dyn -R .reginfo -R .note -R .comment -R .drectve -R .note.gnu.gold-version -R .MIPS.abiflags -R .ARM.exidx --strip-unneeded -K start -R .note -R .comment -R .note.gnu.gold-version -o kernel.img.bin kernel.exec && kernel.img.bin kernel.img || (rm -f kernel.img; rm -f kernel.img.bin; exit 1); rm -f kernel.img.bin; else strip -R .rel.dyn -R .reginfo -R .note -R .comment -R .drectve -R .note.gnu.gold-version -R .MIPS.abiflags -R .ARM.exidx --strip-unneeded -K start -R .note -R .comment -R .note.gnu.gold-version -o kernel.img kernel.exec; fi
nm: all_video.module: no symbols
nm: all_video.module: no symbols
mv syminfo.lst.new syminfo.lst
cat syminfo.lst | sort | gawk -f ../../grub-core/genmoddep.awk > moddep.lst || (rm -f moddep.lst; exit 1)
TARGET_OBJ2ELF= sh genmod.sh moddep.lst disk.module build-grub-module-verifier disk.mod
TARGET_OBJ2ELF= sh genmod.sh moddep.lst trig.module build-grub-module-verifier trig.mod
TARGET_OBJ2ELF= sh genmod.sh moddep.lst cs5536.module build-grub-module-verifier cs5536.mod
TARGET_OBJ2ELF= sh genmod.sh moddep.lst usb.module build-grub-module-verifier usb.mod
TARGET_OBJ2ELF= sh genmod.sh moddep.lst usbserial_common.module build-grub-module-verifier usbserial_common.mod
TARGET_OBJ2ELF= sh genmod.sh moddep.lst usbserial_pl2303.module build-grub-module-verifier usbserial_pl2303.mod
TARGET_OBJ2ELF= sh genmod.sh moddep.lst usbserial_ftdi.module build-grub-module-verifier usbserial_ftdi.mod
TARGET_OBJ2ELF= sh genmod.sh moddep.lst usbserial_usbdebug.module build-grub-module-verifier usbserial_usbdebug.mod
TARGET_OBJ2ELF= sh genmod.sh moddep.lst uhci.module build-grub-module-verifier uhci.mod
TARGET_OBJ2ELF= sh genmod.sh moddep.lst ohci.module build-grub-module-verifier ohci.mod
TARGET_OBJ2ELF= sh genmod.sh moddep.lst ehci.module build-grub-module-verifier ehci.mod
TARGET_OBJ2ELF= sh genmod.sh moddep.lst nativedisk.module build-grub-module-verifier nativedisk.mod
build-grub-module-verifier: error: usbserial_pl2303.mod.tmp: incompatible license.
make[3]: *** [Makefile:50038: usbserial_pl2303.mod] Error 1
make[3]: *** Waiting for unfinished jobs....
build-grub-module-verifier: error: nativedisk.mod.tmp: incompatible license.
build-grub-module-verifier: error: disk.mod.tmp: incompatible license.
make[3]: *** [Makefile:50038: nativedisk.mod] Error 1
make[3]: *** [Makefile:50038: disk.mod] Error 1
build-grub-module-verifier: error: usbserial_common.mod.tmp: incompatible license.
make[3]: *** [Makefile:50038: usbserial_common.mod] Error 1
build-grub-module-verifier: error: trig.mod.tmp: incompatible license.
build-grub-module-verifier: error: usbserial_ftdi.mod.tmp: incompatible licensemake[3]: *** [Makefile:50038: trig.mod] Error 1
.
make[3]: *** [Makefile:50038: usbserial_ftdi.mod] Error 1
build-grub-module-verifier: error: ehci.mod.tmp: incompatible license.
make[3]: *** [Makefile:50038: ehci.mod] Error 1
build-grub-module-verifier: error: build-grub-module-verifier: error:uhci.mod.tmp: incompatible license .
usb.mod.tmp: incompatible license.
make[3]: *** [Makefile:50038: uhci.mod] Error 1
make[3]: *** [Makefile:50038: usb.mod] Error 1
build-grub-module-verifier: error: usbserial_usbdebug.mod.tmp: incompatible license.
make[3]: *** [Makefile:50038: usbserial_usbdebug.mod] Error 1
build-grub-module-verifier: error: ohci.mod.tmp: incompatible license.
build-grub-module-verifier: error: cs5536.mod.tmp: incompatible license.
make[3]: *** [Makefile:50038: ohci.mod] Error 1
make[3]: *** [Makefile:50038: cs5536.mod] Error 1
make[3]: Leaving directory '/home/prokop/.cache/yay/grub-improved-luks2-git/src/grub/build_x86_64-efi/grub-core'
make[2]: *** [Makefile:27801: all] Error 2
make[2]: Leaving directory '/home/prokop/.cache/yay/grub-improved-luks2-git/src/grub/build_x86_64-efi/grub-core'
make[1]: *** [Makefile:12180: all-recursive] Error 1
make[1]: Leaving directory '/home/prokop/.cache/yay/grub-improved-luks2-git/src/grub/build_x86_64-efi'
make: *** [Makefile:3946: all] Error 2
==> ERROR: A failure occurred in build().
Aborting...
-> error making: grub-improved-luks2-git
Pinned Comments
Ax333l commented on 2022-02-17 18:58 (UTC) (edited on 2023-06-16 14:24 (UTC) by Ax333l)
I have disabled translations because they have been the cause of build failures in both this package and
grub-git. If you want to re-enable them, check the PKGBUILD.Also, make sure you have installed
base-devel.Argon2 might not work on some devices due to issues with the memory allocator