X-Git-Url: https://code.delx.au/refind/blobdiff_plain/0240b648949d78c71d8da6ce5ba019a57f974dee..b04a842814ccc991ed93a52acbd7ac27768be686:/refind-install

diff --git a/refind-install b/refind-install
index 6f2f713..68ab959 100755
--- a/refind-install
+++ b/refind-install
@@ -31,13 +31,20 @@
 # installs to the ESP by default.
 #
 # This program is copyright (c) 2012-2015 by Roderick W. Smith
-# It is released under the terms of the GNU GPL, version 3,
-# a copy of which should be included in the file COPYING.txt.
 #
+# This program is licensed under the terms of the GNU GPL, version 3,
+# or (at your option) any later version.
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
 # Revision history:
 #
+# 0.10.2  -- Improved Secure Boot detection in Linux, fixed --usedefault in OS X,
+#            and fixed bug that could cause mountesp to be installed as a FILE
+#            called /usr/local/bin in OS X.
 # 0.10.1  -- Improve extraction of default kernel options from /proc/cmdline.
-#            Add support for AMD64 (aka AARCH64, aa64) platform.
+#            Add support for AMD64 (aka AARCH64, aa64) platform. Added
+#            warning when --alldrivers used without --usedefault.
 # 0.10.0  -- Enable running under OS X's recovery system & add warning about
 #            SIP & brief instructions on how to deal with it if SIP is
 #            detected to be enabled. Also change way refind_linux.conf default
@@ -178,6 +185,17 @@ GetParams() {
       echo "The --keepname option is incompatible with --usedefault! Aborting!"
       exit 1
    fi
+   if [[ "$InstallDrivers" == "all" && "$TargetDir" != "/EFI/BOOT" ]] ; then
+      echo "The --alldrivers option is meant for creating USB flash drives with (near-)"
+      echo "universal boot support. Using it on a hard disk partition runs the risk of"
+      echo "creating serious problems, up to and including rendering your computer"
+      echo -n "unbootable. Are you SURE you want to proceed (Y/N)? "
+      ReadYesNo
+      if [[ "$YesNo" != "Y" && "$YesNo" != "y" ]] ; then
+         echo "Aborting installation!"
+         exit 0
+      fi
+   fi
    RLConfFile="$RootDir/boot/refind_linux.conf"
    EtcKeysDir="$RootDir/etc/refind.d/keys"
 } # GetParams()
@@ -776,14 +794,14 @@ SetupMacHfs() {
         <key>ProductName</key>
         <string>rEFInd</string>
         <key>ProductVersion</key>
-        <string>0.10.0</string>
+        <string>0.10.2</string>
 </dict>
 </plist>
 ENDOFHERE
 } # SetupMacHfs()
 
 CheckForSIP() {
-   if [[ -x "/usr/bin/csrutil" ]] ; then
+   if [[ -x "/usr/bin/csrutil" && -z "$TargetPart" ]] ; then
       local OKToInstall=`/usr/bin/csrutil status | \
                          grep "Protection status: disabled\|enabled (Apple Internal)\|NVRAM Protections: disabled"`
       if [[ -z "$OKToInstall" ]] ; then
@@ -836,7 +854,7 @@ CheckForSIP() {
 # Sets Problems=1 if problems found during the installation.
 InstallOnOSX() {
    echo "Installing rEFInd on OS X...."
-   if [[ "$InstallToEspOnMac" == "1" ]] ; then
+   if [[ "$InstallToEspOnMac" == "1" && -z "$TargetPart" ]] ; then
       MountOSXESP
    elif [[ "$TargetDir" == "/EFI/BOOT" || "$OwnHfs" == '1' ]] ; then
       MountDefaultTarget
@@ -847,8 +865,9 @@ InstallOnOSX() {
    DetermineTargetDir
    CheckForSIP
    CopyRefindFiles
-   cp "$ThisDir/mountesp" /usr/local/bin &> /dev/null
-   if [[ $InstallToEspOnMac == "1" ]] ; then
+   mkdir -p /usr/local/bin &> /dev/null
+   cp "$ThisDir/mountesp" /usr/local/bin/ &> /dev/null
+   if [[ $InstallToEspOnMac == "1" && -z "$TargetPart" ]] ; then
       bless --mount "$InstallDir" --setBoot --file "$InstallDir/$TargetDir/$Refind" --shortform
    elif [[ "$TargetDir" != "/EFI/BOOT" ]] ; then
       bless --setBoot --folder "$InstallDir/$TargetDir" --file "$InstallDir/$TargetDir/$Refind"
@@ -881,11 +900,11 @@ InstallOnOSX() {
 # If we're NOT in Secure Boot mode but the user HAS specified the --shim
 # or --localkeys option, warn the user and offer to abort.
 CheckSecureBoot() {
-   local IsSecureBoot
-   if [[ -f /sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data ]] ; then
+   IsSecureBoot="0"
+   if [[ -f /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c ]] ; then
+      IsSecureBoot=`od -An -t u1 /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c | awk '{print substr($0,length,1)}'`
+   elif [[ -f /sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data ]] ; then
       IsSecureBoot=`od -An -t u1 /sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data | tr -d '[[:space:]]'`
-   else
-      IsSecureBoot="0"
    fi
    if [[ $IsSecureBoot == "1" && "$TargetDir" != '/EFI/BOOT' && "$ShimSource" == "none" ]] ; then
       echo ""
@@ -985,12 +1004,12 @@ GenerateKeys() {
 # Sign a single binary. Requires parameters:
 #   $1 = source file
 #   $2 = destination file
-# Also assumes that the SBSign, PESign, UseSBSign, UsePESign, and various key variables are set
-# appropriately.
+# Also assumes that the SBSign and various key variables are set appropriately.
 # Aborts script on error
 SignOneBinary() {
-   $SBSign --key "$PrivateKey" --cert "$CertKey" --output "$2" "$1"
-   if [[ $? != 0 ]] ; then
+   $SBSign --key "$PrivateKey" --cert "$CertKey" --output "$2" "$1" 2>&1 >/dev/null | \
+           grep -v "data remaining.*gaps between PE/COFF sections"
+   if [[ "${PIPESTATUS[0]}" != 0 ]] ; then
       echo "Problem signing the binary $1! Aborting!"
       exit 1
    fi