From 65b6176beb6171976d044fc17cc7ab6f98e458a1 Mon Sep 17 00:00:00 2001 From: srs5694 Date: Wed, 12 Dec 2012 17:13:26 -0500 Subject: [PATCH] Fixed install.sh bug on OS X --- docs/refind/linux.html | 14 ++++++----- docs/refind/secureboot.html | 4 +-- install.sh | 3 ++- mkdistrib | 49 +++++++++++++++++++++++++------------ refind/main.c | 2 +- 5 files changed, 46 insertions(+), 26 deletions(-) diff --git a/docs/refind/linux.html b/docs/refind/linux.html index 5a18814..92141d2 100644 --- a/docs/refind/linux.html +++ b/docs/refind/linux.html @@ -15,7 +15,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.com

Originally written: 3/19/2012; last Web page update: -12/11/2012, referencing rEFInd 0.5.1

+12/12/2012, referencing rEFInd 0.5.1

I'm a technical writer and consultant specializing in Linux technologies. This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!

@@ -152,7 +152,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.com

Configuring a Maintenance-Free Setup

-

The ideal configuration for use of the EFI stub loader involves giving rEFInd the ability to load your kernels directly from /boot. The main obstacle to doing so is that this directory is frequently on an XFS, JFS, Btrfs, or ext4 filesystem that the EFI can't read, or it's tucked away in an LVM or RAID configuration that the EFI can't read. Fortunately, this problem can be overcome with relatively little fuss. Several variant procedures are possible, but I begin by describing one that will almost always work, although it's got some important caveats (described at the end). If you're currently booting via GRUB 2, it is likely to cease working when you try this, although GRUB should be recoverable by re-installing it. (On the other hand, GRUB will become redundant once this method of booting starts working so you might prefer to remove it completely.) You should perform the following steps as root, or precede each of these commands with sudo:

+

The ideal configuration for use of the EFI stub loader involves giving rEFInd the ability to load your kernels directly from /boot. The main obstacle to doing so is that this directory is frequently on an XFS, JFS, Btrfs, or ext4 filesystem that the EFI can't read, or it's tucked away in an LVM or RAID configuration that the EFI can't read. Fortunately, this problem can be overcome with relatively little fuss. Several variant procedures are possible, but I begin by describing one that will almost always work, although it's got some important caveats (described at the end). You should perform the following steps as root, or precede each of these commands with sudo:

    @@ -173,8 +173,8 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.com

    determine if you can work around the need for such permissions and ownership. -
  1. Type mv /boot/* /boot/efi. You'll see an - error message about being unable to move /boot/efi into +
  2. Type cp -r /boot/* /boot/efi. You'll see an + error message about being unable to copy /boot/efi into itself. Ignore this.
  3. Type umount /boot/efi.
    4. @@ -211,12 +211,14 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.com

+

Recall that in step #4, you copied the contents of /boot (as a safety measure), but you did not move them. Therefore, you ended up with two copies of your kernels and other /boot directory contents, with one copy hiding the other when you mounted the ESP at /boot. Once you've booted successfully and are sure all is working well, you can recover some disk space by unmounting /boot and deleting the contents of the underlying /boot directory on your root (/) filesystem. Be sure that the /boot partition is unmounted before you do this, though! Also, be sure to leave the /boot directory itself in place, even if it has no contents; the directory is needed as a mount point for the /boot partition. Note that GRUB 2 may stop working if you delete its files from the root filesystem's /boot/grub directory, so if you want to keep GRUB around, you should re-install it with the separate /boot partition mounted.

+

Once this task is done, updates to your kernel will automatically be stored in the root directory of your ESP, where rEFInd will automatically detect them. Thus, the boot configuration becomes maintenance-free. The procedure as just described has some drawbacks, though. By placing your kernels in the root directory of your ESP, you render them vulnerable to any other OS with which you might be dual-booting. Your ESP must also be large enough to hold all your kernels. If you dual-boot with multiple Linux distributions, they might conceivably overwrite each others' kernels, and distinguishing one from another becomes more difficult.

-

For these reasons, a variant of this procedure may be desirable. Most of the steps are similar, but in this variant, you create a separate /boot partition that's independent of the ESP. This partition can use FAT, HFS+, ReiserFS, ext2fs, ext3fs; but if you use any of the last four filesystems (three on Macs), you must install the matching EFI filesystem driver that ships with rEFInd. Creating the filesystem will normally require you to shrink an existing partition by a suitable amount (200–500MiB). Mount your new /boot partition at a temporary location, copy or move the current /boot files into it, unmount it, and add it to /etc/fstab as /boot.

+

For these reasons, a variant of this procedure is desirable on some systems. Most of the steps are similar, but in this variant, you create a separate /boot partition that's independent of the ESP. This partition can use FAT, HFS+, ReiserFS, ext2fs, or ext3fs; but if you use any of the last four filesystems (three on Macs), you must install the matching EFI filesystem driver that ships with rEFInd. Creating the filesystem will normally require you to shrink an existing partition by a suitable amount (200–500MiB). Mount your new /boot partition at a temporary location, copy or move the current /boot files into it, unmount it, and add it to /etc/fstab as /boot.

-

If your distribution already uses a separate /boot partition (as Fedora 17 does by default), but if it uses ext4fs or some other unsuitable filesystem, you can back it up, create a fresh FAT, HFS+, ReiserFS, ext2, or ext3 filesystem on it, and restore the original files. If you use a separate non-ESP /boot partition, you'll probably want to continue mounting the ESP at /boot/efi.

+

If your distribution already uses a separate /boot partition (as Fedora 17 does by default), but if it uses ext4fs or some other unsuitable filesystem, you can back it up, create a fresh FAT, HFS+, ReiserFS, ext2, or ext3 filesystem on it, and restore the original files. You'll probably need to adjust the UUID value in /etc/fstab to ensure that the computer mounts the new filesystem when you boot. If you use a separate non-ESP /boot partition, you'll probably want to continue mounting the ESP at /boot/efi.

EFI Stub Loader Support Technical Details

diff --git a/docs/refind/secureboot.html b/docs/refind/secureboot.html index d73fe3a..a399c0b 100644 --- a/docs/refind/secureboot.html +++ b/docs/refind/secureboot.html @@ -15,7 +15,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.com

Originally written: 11/13/2012; last Web page update: -12/11/2012, referencing rEFInd 0.5.1

+12/12/2012, referencing rEFInd 0.5.1

I'm a technical writer and consultant specializing in Linux technologies. This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!

@@ -232,7 +232,7 @@ described on this page currently supports only x86-64, not

At this point the computer may boot into its default OS, reboot, or perhaps even hang. When you reboot it, though, rEFInd should start up in Secure Boot mode. (You can verify this by selecting the About rEFInd tool in the main menu. Check the Platform item in the resulting screen; it should verify that Secure Boot is active.) You should now be able to launch any boot loader signed with a key recognized by the firmware or by shim (including any MOKs you've enrolled). If you want to manage keys in the future, rEFInd displays a new icon in the second (tools) row you can use to launch MokManager. (This icon appears by default if MokManager is installed, but if you edit showtools in refind.conf, you must be sure to include mok_tool as an option in order to gain access to it.)

-

If you're using Ubuntu 12.10, you can't use its version of shim, but you can replace it with Garrett's shim. The problem is that Ubuntu's GRUB and kernel will then be signed by an unknown key. Unfortunately, I haven't found a suitable public key file on Ubuntu's distribution medium, so you may need to sign GRUB and/or your kernels with your own MOK. In principle, you should be able to use shim 0.2 or later from future distributions that include it; but you must be sure that whatever you use supports MokManager.

+

If you're using Ubuntu 12.10, you can't use its version of shim, but you can replace it with Garrett's shim. If you do so, though, you'll have to add Ubuntu's public key as a MOK, at least if you intend to launch Ubuntu's version of GRUB or launch Ubuntu-provided signed kernels. Ubuntu's public key is available in the shim_0~20120906.bcd0a4e8-0ubuntu4.debian.tar.gz tarball, as canonical-uefi-ca.der. (The filename extensions .cer and .der are interchangeable for most purposes.) To use it, copy canonical-uefi-ca.der to your ESP and enroll it with MokManager. See this blog post for further details on Ubuntu 12.10's handling of Secure Boot. In principle, you should be able to use shim 0.2 or later from future distributions that include it; but you must be sure that whatever you use supports MokManager.

Managing Your MOKs

diff --git a/install.sh b/install.sh index 747475a..6040c23 100755 --- a/install.sh +++ b/install.sh @@ -27,6 +27,7 @@ # # Revision history: # +# 0.5.1.1 -- Fixed bug that caused script failure under OS X # 0.5.1 -- Added --shim & --localkeys options & create sample refind_linux.conf # in /boot # 0.5.0 -- Added --usedefault & --drivers options & changed "esp" option to "--esp" @@ -649,7 +650,7 @@ if [[ `whoami` != "root" ]] ; then fi CheckForFiles if [[ $OSName == 'Darwin' ]] ; then - if [[ $ShimDir != "none" ]] ; then + if [[ $ShimSource != "none" ]] ; then echo "The --shim option is not supported on OS X! Exiting!" exit 1 fi diff --git a/mkdistrib b/mkdistrib index 264137c..c12196f 100755 --- a/mkdistrib +++ b/mkdistrib @@ -5,7 +5,7 @@ # Updated 11/8/2012 to do more things automatically # Updated 12/6/2012 to sign binaries with the rEFInd MOK # -# Usage: ./mkdistrib version +# Usage: ./mkdistrib version [--nosign] # where "version" is a version number # MUST be run from an x86-64 system, on which the TianoCore build # includes both X64 and IA32 build support ("TARGET_ARCH = IA32 X64" @@ -13,25 +13,30 @@ # partition to be mounted via /etc/fstab at /mnt/refind. +if [[ $2 == "--nosign" ]] ; then + SignIt=0 +else + SignIt=1 +fi + StartDir=`pwd` SBSign=`which sbsign 2> /dev/null` KeysDir=/mnt/refind KeysInfo=`df $KeysDir 2> /dev/null | grep $KeysDir` -if [[ ! -n $SBSign ]] ; then +if [[ ! -n $SBSign && $SignIt == 1 ]] ; then echo "Can't find sbsign binary! Aborting!" exit 1 fi -if [[ ! -n $KeysInfo ]] ; then +if [[ ! -n $KeysInfo && $SignIt == 1 ]] ; then mount /mnt/refind -fi - -if [[ $? -ne 0 ]] ; then - echo "Error mounting $KeysDir! Aborting!" - echo "" - exit 1 + if [[ $? -ne 0 ]] ; then + echo "Error mounting $KeysDir! Aborting!" + echo "" + exit 1 + fi fi # From here on, if there's an error, abort immediately. @@ -43,7 +48,9 @@ make clean mkdir -p ../snapshots/$1/refind-$1/icons cp --preserve=timestamps icons/*icns ../snapshots/$1/refind-$1/icons/ cp -a docs images include EfiLib libeg refind filesystems install.sh mkrlconf.sh CREDITS.txt NEWS.txt BUILDING.txt COPYING.txt LICENSE.txt README.txt refind.inf Make.tiano Make.common Makefile refind.conf-sample ../snapshots/$1/refind-$1 -cp $KeysDir/refind.cer $KeysDir/refind.crt ../snapshots/$1/refind-$1/ +if [[ SignIt == 1 ]] ; then + cp $KeysDir/refind.cer $KeysDir/refind.crt ../snapshots/$1/refind-$1/ +fi # Go there and prepare a souce code zip file.... cd ../snapshots/$1/ @@ -65,19 +72,29 @@ make make fs mkdir -p refind-bin-$1/refind/drivers_x64 cp -a icons refind-bin-$1/refind/ -for File in `ls drivers_x64/*_x64.efi` ; do - $SBSign --key $KeysDir/refind.key --cert $KeysDir/refind.crt --output refind-bin-$1/refind/$File $File -done +if [[ $SignIt == 1 ]] ; then + for File in `ls drivers_x64/*_x64.efi` ; do + $SBSign --key $KeysDir/refind.key --cert $KeysDir/refind.crt --output refind-bin-$1/refind/$File $File + done +else + cp --preserve=timestamps drivers_x64/*_x64.efi refind-bin-$1/refind/drivers_x64/ +fi cp --preserve=timestamps filesystems/LICENSE*txt refind-bin-$1/refind/drivers_x64/ cp --preserve=timestamps refind.conf-sample refind-bin-$1/refind/ -$SBSign --key $KeysDir/refind.key --cert $KeysDir/refind.crt --output refind-bin-$1/refind/refind_x64.efi refind/refind_x64.efi +if [[ $SignIt == 1 ]] ; then + $SBSign --key $KeysDir/refind.key --cert $KeysDir/refind.crt --output refind-bin-$1/refind/refind_x64.efi refind/refind_x64.efi +else + cp refind/refind_x64.efi refind-bin-$1/refind/refind_x64.efi +fi cp refind-bin-$1/refind/refind_x64.efi $StartDir cp -a COPYING.txt LICENSE.txt README.txt docs CREDITS.txt install.sh mkrlconf.sh refind-bin-$1 # Prepare the final .zip file and clean up -cp $KeysDir/refind.cer $KeysDir/refind.crt refind-bin-$1/ +if [[ $SignIt == 1 ]] ; then + cp $KeysDir/refind.cer $KeysDir/refind.crt refind-bin-$1/ + umount $KeysDir +fi zip -9r ../refind-bin-$1.zip refind-bin-$1 cd .. rm -r refind-$1 cd $StartDir -umount $KeysDir \ No newline at end of file diff --git a/refind/main.c b/refind/main.c index 0158401..7e07c79 100644 --- a/refind/main.c +++ b/refind/main.c @@ -118,7 +118,7 @@ static VOID AboutrEFInd(VOID) if (AboutMenu.EntryCount == 0) { AboutMenu.TitleImage = BuiltinIcon(BUILTIN_ICON_FUNC_ABOUT); - AddMenuInfoLine(&AboutMenu, L"rEFInd Version 0.5.1"); + AddMenuInfoLine(&AboutMenu, L"rEFInd Version 0.5.1.1"); AddMenuInfoLine(&AboutMenu, L""); AddMenuInfoLine(&AboutMenu, L"Copyright (c) 2006-2010 Christoph Pfisterer"); AddMenuInfoLine(&AboutMenu, L"Copyright (c) 2012 Roderick W. Smith"); -- 2.39.2