Debian Bug report logs - #708181

requests password to boot

Reported by: "Bernhard R. Link" <brlink@debian.org> Date: Mon, 13 May 2013 20:06:02 UTC Severity: important Tags: patch Found in version grub2/2.00-14 Forwarded to https://savannah.gnu.org/bugs/?41801

Reply or subscribe to this bug.

Toggle useless messages

Report forwarded to debian-bugs-dist@lists.debian.org, GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> :

Bug#708181 ; Package grub-pc . (Mon, 13 May 2013 20:06:06 GMT) (full text, mbox, link).

Acknowledgement sent to "Bernhard R. Link" <brlink@debian.org> :

New Bug report received and forwarded. Copy sent to GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> . (Mon, 13 May 2013 20:06:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: "Bernhard R. Link" <brlink@debian.org> To: Debian Bug Tracking System <submit@bugs.debian.org> Subject: requests password to boot Date: Mon, 13 May 2013 22:03:14 +0200

Package: grub-pc Version: 2.00-14 Severity: important After upgrading to 2.00-14, grub asks for a password at boot time and no longer boots unless the superuser password is entered. -- Package-specific info: *********************** BEGIN /boot/grub/grub.cfg # # DO NOT EDIT THIS FILE # # It is automatically generated by grub-mkconfig using templates # from /etc/grub.d and settings from /etc/default/grub # ### BEGIN /etc/grub.d/00_header ### if [ -s $prefix/grubenv ]; then load_env fi set default="0" if [ x"${feature_menuentry_id}" = xy ]; then menuentry_id_option="--id" else menuentry_id_option="" fi export menuentry_id_option if [ "${prev_saved_entry}" ]; then set saved_entry="${prev_saved_entry}" save_env saved_entry set prev_saved_entry= save_env prev_saved_entry set boot_once=true fi function savedefault { if [ -z "${boot_once}" ]; then saved_entry="${chosen}" save_env saved_entry fi } function load_video { if [ x$feature_all_video_module = xy ]; then insmod all_video else insmod efi_gop insmod efi_uga insmod ieee1275_fb insmod vbe insmod vga insmod video_bochs insmod video_cirrus fi } terminal_input console terminal_output console set timeout=1 ### END /etc/grub.d/00_header ### ### BEGIN /etc/grub.d/05_debian_theme ### set menu_color_normal=cyan/blue set menu_color_highlight=white/blue ### END /etc/grub.d/05_debian_theme ### ### BEGIN /etc/grub.d/10_linux ### menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-redacted' { load_video insmod gzio insmod part_msdos insmod ext2 set root='hd0,msdos1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1' redacted else search --no-floppy --fs-uuid --set=root redacted fi echo 'Loading Linux 3.8-1-amd64 ...' linux /boot/vmlinuz-3.8-1-amd64 root=UUID=redacted ro quiet echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-3.8-1-amd64 } submenu 'Advanced options for Debian GNU/Linux' $menuentry_id_option 'gnulinux-advanced-redacted' { menuentry 'Debian GNU/Linux, with Linux 3.8-1-amd64' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-3.8-1-amd64-advanced-redacted' { load_video insmod gzio insmod part_msdos insmod ext2 set root='hd0,msdos1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1' redacted else search --no-floppy --fs-uuid --set=root redacted fi echo 'Loading Linux 3.8-1-amd64 ...' linux /boot/vmlinuz-3.8-1-amd64 root=UUID=redacted ro quiet echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-3.8-1-amd64 } menuentry 'Debian GNU/Linux, with Linux 3.2.0-4-amd64' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-3.2.0-4-amd64-advanced-redacted' { load_video insmod gzio insmod part_msdos insmod ext2 set root='hd0,msdos1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1' redacted else search --no-floppy --fs-uuid --set=root redacted fi echo 'Loading Linux 3.2.0-4-amd64 ...' linux /boot/vmlinuz-3.2.0-4-amd64 root=UUID=redacted ro quiet echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-3.2.0-4-amd64 } menuentry 'Debian GNU/Linux, with Linux 3.2.0-3-amd64' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-3.2.0-3-amd64-advanced-redacted' { load_video insmod gzio insmod part_msdos insmod ext2 set root='hd0,msdos1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1' redacted else search --no-floppy --fs-uuid --set=root redacted fi echo 'Loading Linux 3.2.0-3-amd64 ...' linux /boot/vmlinuz-3.2.0-3-amd64 root=UUID=redacted ro quiet echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-3.2.0-3-amd64 } menuentry 'Debian GNU/Linux, with Linux 3.2.0-2-amd64' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-3.2.0-2-amd64-advanced-redacted' { load_video insmod gzio insmod part_msdos insmod ext2 set root='hd0,msdos1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1' redacted else search --no-floppy --fs-uuid --set=root redacted fi echo 'Loading Linux 3.2.0-2-amd64 ...' linux /boot/vmlinuz-3.2.0-2-amd64 root=UUID=redacted ro quiet echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-3.2.0-2-amd64 } menuentry 'Debian GNU/Linux, with Linux 3.2.0-1-amd64' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-3.2.0-1-amd64-advanced-redacted' { load_video insmod gzio insmod part_msdos insmod ext2 set root='hd0,msdos1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1' redacted else search --no-floppy --fs-uuid --set=root redacted fi echo 'Loading Linux 3.2.0-1-amd64 ...' linux /boot/vmlinuz-3.2.0-1-amd64 root=UUID=redacted ro quiet echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-3.2.0-1-amd64 } } ### END /etc/grub.d/10_linux ### ### BEGIN /etc/grub.d/20_linux_xen ### ### END /etc/grub.d/20_linux_xen ### ### BEGIN /etc/grub.d/30_os-prober ### ### END /etc/grub.d/30_os-prober ### ### BEGIN /etc/grub.d/30_uefi-firmware ### ### END /etc/grub.d/30_uefi-firmware ### ### BEGIN /etc/grub.d/40_custom ### # This file provides an easy way to add custom menu entries. Simply type the # menu entries you want to add after this comment. Be careful not to change # the 'exec tail' line above. ### END /etc/grub.d/40_custom ### ### BEGIN /etc/grub.d/41_custom ### if [ -f ${config_directory}/custom.cfg ]; then source ${config_directory}/custom.cfg elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then source $prefix/custom.cfg; fi ### END /etc/grub.d/41_custom ### ### PASSWORD LINE REMOVED ### # This file provides an easy way to add custom menu entries. Simply type the # menu entries you want to add after this comment. Be careful not to change # the 'exec tail' line above. set superusers="superuser" ### PASSWORD LINE REMOVED ### ### PASSWORD LINE REMOVED ### *********************** END /boot/grub/grub.cfg -- System Information: Debian Release: jessie/sid Architecture: amd64 (x86_64) Versions of packages grub-pc depends on: ii debconf [debconf-2.0] 1.5.50 ii grub-common 2.00-14 ii grub-pc-bin 2.00-14 ii grub2-common 2.00-14 ii ucf 3.0025+nmu3 -- debconf information: grub-pc/kopt_extracted: false grub2/kfreebsd_cmdline: grub2/device_map_regenerated: * grub-pc/install_devices: /dev/disk/by-id/ata-REDACTED grub-pc/postrm_purge_boot_grub: false grub-pc/install_devices_failed_upgrade: true grub-pc/disk_description: * grub2/linux_cmdline: grub-pc/install_devices_empty: false grub2/kfreebsd_cmdline_default: quiet grub-pc/partition_description: grub-pc/install_devices_failed: false grub-pc/install_devices_disks_changed: * grub2/linux_cmdline_default: quiet grub-pc/chainload_from_menu.lst: true grub-pc/mixed_legacy_and_grub2: true

Information forwarded to debian-bugs-dist@lists.debian.org, GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> :

Bug#708181 ; Package grub-pc . (Sat, 11 Jan 2014 16:39:04 GMT) (full text, mbox, link).

Acknowledgement sent to Kim Rydhof Thor Hansen <kim@rthansen.dk> :

Extra info received and forwarded to list. Copy sent to GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> . (Sat, 11 Jan 2014 16:39:04 GMT) (full text, mbox, link).

Message #10 received at 708181@bugs.debian.org (full text, mbox, reply):

From: Kim Rydhof Thor Hansen <kim@rthansen.dk> To: 708181@bugs.debian.org Subject: Workaround Date: Sat, 11 Jan 2014 17:34:50 +0100

I was also bitten by this bug, the problem it that the default behaviour for menus with no security defined has changed from being unrestricted to being restricted if some users are defined. My workaround is to make the "Simple" default selection unrestricted like this: root@mich:/etc/grub.d# hg diff diff -r 5132058ad651 grub.d/10_linux --- a/grub.d/10_linux Sat Jan 11 14:23:52 2014 +0000 +++ b/grub.d/10_linux Sat Jan 11 16:33:37 2014 +0000 @@ -132,7 +132,7 @@ fi echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/" else - echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/" + echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} --unrestricted \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/" fi if [ "$quick_boot" = 1 ]; then echo " recordfail" | sed "s/^/$submenu_indentation/" root@mich:/etc/grub.d# It would be nice if there was a way to do that by defining a variable in a config file that isn't updated often. -- Kim Rydhof Thor Hansen Vadgårdsvej 3, 2. tv. 2860 Søborg Phone: +45 3091 2437

Information forwarded to debian-bugs-dist@lists.debian.org, GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> :

Bug#708181 ; Package grub-pc . (Sun, 19 Jan 2014 22:42:05 GMT) (full text, mbox, link).

Acknowledgement sent to Francesco Poli <invernomuto@paranoici.org> :

Extra info received and forwarded to list. Copy sent to GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> . (Sun, 19 Jan 2014 22:42:05 GMT) (full text, mbox, link).

Message #15 received at 708181@bugs.debian.org (full text, mbox, reply):

From: Francesco Poli <invernomuto@paranoici.org> To: 708181@bugs.debian.org Cc: "Bernhard R. Link" <brlink@debian.org>, Kim Rydhof Thor Hansen <kim@rthansen.dk> Subject: Re: Workaround Date: Sun, 19 Jan 2014 23:36:17 +0100

Control: tags -1 + patch On Sat, 11 Jan 2014 17:34:50 +0100 Kim Rydhof Thor Hansen wrote: > I was also bitten by this bug, the problem it that the default > behaviour for menus with no security defined has changed from being > unrestricted to being restricted if some users are defined. > > My workaround is to make the "Simple" default selection unrestricted like this: [...] I prepared a more general patch (against grub2/2.00-22) that lets the user add options to the simple menu entry and to the advanced submenu and menu entries. With these modifications, the user may set both GRUB_SIMPLEMENU_OPTS and GRUB_ADVANCEDMENU_OPTS to "--unrestricted" and get the following result, when superusers are defined with passwords: • anyone may select the simple boot option, without having to type passwords • anyone may enter the advanced submenu and select any advanced boot option, without having to type passwords • editing the boot parameters (hitting [e]) is restricted and requires to type a valid superuser+password pair In other words, it is possible to obtain the previous behavior. Dear GRUB Maintainers, the patch is attached to this message: I think it is below the copyright threshold, hence you should be able to apply it without needing any license from me. Should this turn out to not be the case, please consider my patch released under the same terms as the modified files (that is to say, under the terms of the GNU GPL version 3 or later). Please apply my patch. Thanks for your time! Bye. -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE

Added tag(s) patch. Request was from Francesco Poli <invernomuto@paranoici.org> to 708181-submit@bugs.debian.org . (Sun, 19 Jan 2014 22:42:05 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> :

Bug#708181 ; Package grub-pc . (Mon, 20 Jan 2014 10:27:04 GMT) (full text, mbox, link).

Acknowledgement sent to Colin Watson <cjwatson@debian.org> :

Extra info received and forwarded to list. Copy sent to GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> . (Mon, 20 Jan 2014 10:27:04 GMT) (full text, mbox, link).

Message #22 received at 708181@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org> To: Francesco Poli <invernomuto@paranoici.org>, 708181@bugs.debian.org Cc: "Bernhard R. Link" <brlink@debian.org>, Kim Rydhof Thor Hansen <kim@rthansen.dk> Subject: Re: Bug#708181: Workaround Date: Mon, 20 Jan 2014 10:22:44 +0000

On Sun, Jan 19, 2014 at 11:36:17PM +0100, Francesco Poli wrote: > On Sat, 11 Jan 2014 17:34:50 +0100 Kim Rydhof Thor Hansen wrote: > > I was also bitten by this bug, the problem it that the default > > behaviour for menus with no security defined has changed from being > > unrestricted to being restricted if some users are defined. > > > > My workaround is to make the "Simple" default selection unrestricted like this: > [...] > > I prepared a more general patch (against grub2/2.00-22) that lets the > user add options to the simple menu entry and to the advanced submenu > and menu entries. Please rebase your patch against current upstream git and send it upstream first; I don't think it's a good idea to apply configuration patches of this kind that haven't been accepted upstream, as it might well lead to compatibility problems in future. Thanks, -- Colin Watson [cjwatson@debian.org]

Information forwarded to debian-bugs-dist@lists.debian.org, GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> :

Bug#708181 ; Package grub-pc . (Mon, 20 Jan 2014 22:54:11 GMT) (full text, mbox, link).

Acknowledgement sent to Francesco Poli <invernomuto@paranoici.org> :

Extra info received and forwarded to list. Copy sent to GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> . (Mon, 20 Jan 2014 22:54:11 GMT) (full text, mbox, link).

Message #27 received at 708181@bugs.debian.org (full text, mbox, reply):

From: Francesco Poli <invernomuto@paranoici.org> To: Colin Watson <cjwatson@debian.org> Cc: 708181@bugs.debian.org, "Bernhard R. Link" <brlink@debian.org>, Kim Rydhof Thor Hansen <kim@rthansen.dk> Subject: Re: Bug#708181: Workaround Date: Mon, 20 Jan 2014 23:49:36 +0100

On Mon, 20 Jan 2014 10:22:44 +0000 Colin Watson wrote: > On Sun, Jan 19, 2014 at 11:36:17PM +0100, Francesco Poli wrote: [...] > > I prepared a more general patch (against grub2/2.00-22) that lets the > > user add options to the simple menu entry and to the advanced submenu > > and menu entries. > > Please rebase your patch against current upstream git and send it > upstream first; [...] Could you please do that for me? I am sure you are much more knowledgeable about GRUB than me and you have much more solid connection with upstream. Moreover, I'd really appreciate it, if you could review/check/test my patch before it is sent upstream. Pretty please? :p -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE

Information forwarded to debian-bugs-dist@lists.debian.org, GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> :

Bug#708181 ; Package grub-pc . (Sun, 09 Feb 2014 19:54:04 GMT) (full text, mbox, link).

Acknowledgement sent to Christian Kastner <debian@kvr.at> :

Extra info received and forwarded to list. Copy sent to GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> . (Sun, 09 Feb 2014 19:54:05 GMT) (full text, mbox, link).

Message #32 received at 708181@bugs.debian.org (full text, mbox, reply):

From: Christian Kastner <debian@kvr.at> To: 708181@bugs.debian.org Cc: Kim Rydhof Thor Hansen <kim@rthansen.dk>, "Bernhard R. Link" <brlink@debian.org> Subject: Re: Date: Sun, 09 Feb 2014 20:24:21 +0100

On 2013-05-13 22:03, Bernhard R. Link wrote > After upgrading to 2.00-14, grub asks for a password at boot time > and no longer boots unless the superuser password is entered. On 2014-01-11 17:34, Kim Rydhof Thor Hansen wrote: > I was also bitten by this bug, the problem it that the default > behaviour for menus with no security defined has changed from > being unrestricted to being restricted if some users are defined. Within the Red Hat bug report for this issue, a solution was proposed[0] that seems to be simple yet clean: make the behavior configurable by introducing a GRUB_RESTRICTED variable. This way, the new (much stricter) behavior can be used by default, yet one can still revert back to the old behavior with a simple change in /etc/default/grub. This change in default behavior really is a bad oversight. There no longer seems to be a way to generally protect menu entries from editing only, as there has been for ages before. With the new behavior, this is only possible by changing /etc/grub.d/10_linux, or the final grub.conf itself. I've included links to the Red Hat[1] and Mint[2] bugs for reference. Christian [0] https://bugzilla.redhat.com/show_bug.cgi?id=840204#c32 [1] https://bugzilla.redhat.com/show_bug.cgi?id=840204 [2] https://bugs.launchpad.net/linuxmint/+bug/1223147

Information forwarded to debian-bugs-dist@lists.debian.org, GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> :

Bug#708181 ; Package grub-pc . (Fri, 07 Mar 2014 12:39:10 GMT) (full text, mbox, link).

Acknowledgement sent to Axel Beckert <abe@debian.org> :

Extra info received and forwarded to list. Copy sent to GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> . (Fri, 07 Mar 2014 12:39:10 GMT) (full text, mbox, link).

Message #37 received at 708181@bugs.debian.org (full text, mbox, reply):

From: Axel Beckert <abe@debian.org> To: 708181@bugs.debian.org Subject: #708181 (grub2: requests password to boot): According upstream bug reports so far Date: Fri, 7 Mar 2014 13:37:17 +0100

Hi, JFTR: there are already two upstream bug reports about this issue: https://savannah.gnu.org/bugs/?func=detailitem&item_id=37020 https://savannah.gnu.org/bugs/?func=detailitem&item_id=39351 But they're just about the regression/change, not about adding configuration possibilities (in /etc/default/grub) to restore the previous behaviour(*). Hence they were both closed with a reference to the current documentation. (*) Which is in use in many entreprises and universities to prevent users to root a system via editing the grub config. Regards, Axel -- ,''`. | Axel Beckert <abe@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `- | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5

Information forwarded to debian-bugs-dist@lists.debian.org, GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> :

Bug#708181 ; Package grub-pc . (Fri, 07 Mar 2014 13:39:14 GMT) (full text, mbox, link).

Acknowledgement sent to Axel Beckert <abe@debian.org> :

Extra info received and forwarded to list. Copy sent to GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> . (Fri, 07 Mar 2014 13:39:14 GMT) (full text, mbox, link).

Message #42 received at 708181@bugs.debian.org (full text, mbox, reply):

From: Axel Beckert <abe@debian.org> To: 708181@bugs.debian.org Subject: Re: #708181 (grub2: requests password to boot): According upstream bug reports so far Date: Fri, 7 Mar 2014 14:37:25 +0100

Control: forwarded -1 https://savannah.gnu.org/bugs/?41801 Hi, Axel Beckert wrote: > JFTR: there are already two upstream bug reports about this issue: > > https://savannah.gnu.org/bugs/?func=detailitem&item_id=37020 > https://savannah.gnu.org/bugs/?func=detailitem&item_id=39351 > > But they're just about the regression/change, not about adding > configuration possibilities (in /etc/default/grub) to restore the > previous behaviour(*). Hence they were both closed with a reference to > the current documentation. I've now filed an upstream bug report to add configurability via /etc/default/grub to be able to easily restore the previous behaviour without changing the new default (which is wanted by upstream): https://savannah.gnu.org/bugs/?41801 Regards, Axel -- ,''`. | Axel Beckert <abe@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `- | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5

Set Bug forwarded-to-address to 'https://savannah.gnu.org/bugs/?41801'. Request was from Axel Beckert <abe@debian.org> to 708181-submit@bugs.debian.org . (Fri, 07 Mar 2014 13:39:14 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> :

Bug#708181 ; Package grub-pc . (Fri, 07 Mar 2014 14:06:21 GMT) (full text, mbox, link).

Acknowledgement sent to Axel Beckert <abe@debian.org> :

Extra info received and forwarded to list. Copy sent to GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> . (Fri, 07 Mar 2014 14:06:21 GMT) (full text, mbox, link).

Message #49 received at 708181@bugs.debian.org (full text, mbox, reply):

From: Axel Beckert <abe@debian.org> To: 708181@bugs.debian.org Subject: Re: Bug#708181: Patch against upstream's git HEAD (grub2: requests password to boot) Date: Fri, 7 Mar 2014 15:05:51 +0100

Hi again, Axel Beckert wrote: > > JFTR: there are already two upstream bug reports about this issue: > > > > https://savannah.gnu.org/bugs/?func=detailitem&item_id=37020 > > https://savannah.gnu.org/bugs/?func=detailitem&item_id=39351 > > > > But they're just about the regression/change, not about adding > > configuration possibilities (in /etc/default/grub) to restore the > > previous behaviour(*). Hence they were both closed with a reference to > > the current documentation. > > I've now filed an upstream bug report to add configurability via > /etc/default/grub to be able to easily restore the previous behaviour > without changing the new default (which is wanted by upstream): > https://savannah.gnu.org/bugs/?41801 I've just added a patch against upstream's git HEAD at https://savannah.gnu.org/file/0001-Introduce-GRUB_ALL_UNRESTRICTED-to-only-restrict-edi.patch?file_id=30817 which honours upstream decision to change the behaviour and offers an option to configure more or less the previous behaviour. Regards, Axel -- ,''`. | Axel Beckert <abe@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `- | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5

Information forwarded to debian-bugs-dist@lists.debian.org, GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> :

Bug#708181 ; Package grub-pc . (Tue, 17 Feb 2015 21:54:05 GMT) (full text, mbox, link).

Acknowledgement sent to Pierre Beck <debian-bugs@pierre-beck.de> :

Extra info received and forwarded to list. Copy sent to GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> . (Tue, 17 Feb 2015 21:54:05 GMT) (full text, mbox, link).

Message #54 received at 708181@bugs.debian.org (full text, mbox, reply):

From: Pierre Beck <debian-bugs@pierre-beck.de> To: 708181@bugs.debian.org Subject: Re: Bug#708181: Patch against upstream's git HEAD (grub2: requests password to boot) Date: Tue, 17 Feb 2015 22:12:41 +0100

Apply the patch and make old behavior default? Now is the time. When Jessie goes stable and people start upgrading their dedicated servers, they will be bitten by this. Regards, Pierre Beck

Information forwarded to debian-bugs-dist@lists.debian.org, GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> :

Bug#708181 ; Package grub-pc . (Tue, 02 Jun 2015 00:57:03 GMT) (full text, mbox, link).

Acknowledgement sent to Miguel Landaeta <nomadium@debian.org> :

Extra info received and forwarded to list. Copy sent to GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> . (Tue, 02 Jun 2015 00:57:03 GMT) (full text, mbox, link).

Message #59 received at 708181@bugs.debian.org (full text, mbox, reply):

From: Miguel Landaeta <nomadium@debian.org> To: 708181@bugs.debian.org Subject: Re: requests password to boot Date: Mon, 1 Jun 2015 21:54:29 -0300

Don't let this bug rot in the BTS and please attempt to include the fix in a Jessie point release at least. I'm locked out of one workstation due to this, I guess it's my fault by not reading changelogs or taking care of reviewing bug reports but who has time for that if you only want to boot your workstation? Year after year, I'm convinced the best strategy regarding grub is to just lock its version and don't touch it anymore, ever. Sorry for the rant but is not cool to having to "rescue systems" due to these arbitrary upstream changes.

Information forwarded to debian-bugs-dist@lists.debian.org, GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> :

Bug#708181 ; Package grub-pc . (Wed, 09 Dec 2015 06:21:03 GMT) (full text, mbox, link).

Acknowledgement sent to "Tomar, Tejendra Singh" <Tejendra.Tomar@barco.com> :

Extra info received and forwarded to list. Copy sent to GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> . (Wed, 09 Dec 2015 06:21:03 GMT) (full text, mbox, link).

Message #64 received at 708181@bugs.debian.org (full text, mbox, reply):

From: "Tomar, Tejendra Singh" <Tejendra.Tomar@barco.com> To: "708181@bugs.debian.org" <708181@bugs.debian.org> Subject: Re: requests password to boot Date: Wed, 9 Dec 2015 06:16:09 +0000

Does anyone have any update on this bug ? I can see the status is still open at https://savannah.gnu.org/bugs/?41801 Thanks and Best Regards Tejendra This message is subject to the following terms and conditions: MAIL DISCLAIMER<http://www.barco.com/en/maildisclaimer>

Information forwarded to debian-bugs-dist@lists.debian.org, GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> :

Bug#708181 ; Package grub-pc . (Sun, 13 Dec 2015 15:42:09 GMT) (full text, mbox, link).

Acknowledgement sent to Francesco Poli <invernomuto@paranoici.org> :

Extra info received and forwarded to list. Copy sent to GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> . (Sun, 13 Dec 2015 15:42:09 GMT) (full text, mbox, link).

Message #69 received at 708181@bugs.debian.org (full text, mbox, reply):

From: Francesco Poli <invernomuto@paranoici.org> To: 708181@bugs.debian.org, Axel Beckert <abe@debian.org> Cc: "Tomar, Tejendra Singh" <Tejendra.Tomar@barco.com> Subject: Re: requests password to boot Date: Sun, 13 Dec 2015 16:39:14 +0100

On Wed, 9 Dec 2015 06:16:09 +0000 Tomar, Tejendra Singh wrote: > Does anyone have any update on this bug ? > > I can see the status is still open at https://savannah.gnu.org/bugs/?41801 > > Thanks and Best Regards > Tejendra Hello, I am also wondering what's the status of this bug. It has been forwarded upstream with a patch on March 2014, but it seems to have received no reply from upstream yet. Could someone urge upstream to review the patch and apply it, please? This "all or nothing" support for GRUB passwords is really frustrating: I would like to restrict (with a password) the ability to edit menu entries, without restricting the ability to select the menu entries. As previously said, this is not currently possible (without locally patching /etc/grub.d/* stuff). I really hope this annoying regression may be fixed soon. Thanks for your time! Bye. -- http://www.inventati.org/frx/ There's not a second to spare! To the laboratory! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE

Information forwarded to debian-bugs-dist@lists.debian.org, GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> :

Bug#708181 ; Package grub-pc . (Mon, 04 Jan 2016 17:51:03 GMT) (full text, mbox, link).

Acknowledgement sent to Francesco Poli <invernomuto@paranoici.org> :

Extra info received and forwarded to list. Copy sent to GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org> . (Mon, 04 Jan 2016 17:51:03 GMT) (full text, mbox, link).

Message #74 received at 708181@bugs.debian.org (full text, mbox, reply):

From: Francesco Poli <invernomuto@paranoici.org> To: 708181@bugs.debian.org, Axel Beckert <abe@debian.org> Subject: Re: requests password to boot Date: Mon, 4 Jan 2016 18:46:49 +0100

On Sun, 13 Dec 2015 16:39:14 +0100 Francesco Poli wrote: [...] > Hello, > I am also wondering what's the status of this bug. > > It has been forwarded upstream with a patch on March 2014, but it seems > to have received no reply from upstream yet. > > Could someone urge upstream to review the patch and apply it, please? > > This "all or nothing" support for GRUB passwords is really frustrating: > I would like to restrict (with a password) the ability to edit menu > entries, without restricting the ability to select the menu entries. > As previously said, this is not currently possible (without locally > patching /etc/grub.d/* stuff). > > I really hope this annoying regression may be fixed soon. > Thanks for your time! > > Bye. Once again, could someone urge upstream to review the patch and fix this annoying regression, please? Thanks for your time! Bye. -- http://www.inventati.org/frx/ There's not a second to spare! To the laboratory! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE

Send a report that this bug log contains spam.