CMXSL.org/package-helpers-cmxsl
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: CMXSL.org:470773fdbaac4e6b316fe201d702740384b108d0
Branches Tags
CMXSL.org:ecne-cmxsl
CMXSL.org:aramo-cmxsl
CMXSL.org:ecne
CMXSL.org:aramo
...
compare: CMXSL.org:63f1a0f06132305a09a5f5d31bcc4e83559524ae
Branches Tags
CMXSL.org:ecne-cmxsl
CMXSL.org:aramo-cmxsl
CMXSL.org:ecne
CMXSL.org:aramo

88 commits
470773fdba ... 63f1a0f061

Author SHA1 Message Date
Luis Guzmán
63f1a0f061 software-properties: backport v111 for improved deb822 sources 2025-09-26 14:37:13 -06:00
Ark74
ba94845cbc yt-dlp: fix license table for parsing properly. 2025-09-25 14:50:18 -06:00
Luis Guzman
9538d86cd7 firefox: set higher priority than chromium based ones 2025-09-22 19:38:55 +00:00
Luis Guzmán
3a0b55b612 riseup-vpn: backport maintained release 2025-09-20 22:51:15 -06:00
Luis Guzmán
332c457286 libmateweather: update default server uri. 2025-09-20 21:47:31 -06:00
Ark74
9dbf1c0566 casper: setup appamor live reload profiles 2025-09-19 03:57:40 -06:00
Luis Guzmán
2f4bde7002 hplip: add trisquel distro-name definition for hplip tools. 2025-09-15 16:28:11 -06:00
Ark74
6183e8282b sbuild: add Trisquel's auto-selector DistroInfo switch for backports 2025-09-15 01:41:49 -06:00
Luis Guzmán
d61972afb9 firefox: update for v143 and remove conflict on sponsors reference. 2025-09-13 01:50:24 -06:00
Ark74
c77d0b3cb8 finish-install: set final version name. 2025-09-08 02:34:16 -06:00
Ark74
c49ef5c8e2 finish-install: slim and improve script 2025-09-08 01:31:22 -06:00
Ark74
9b01ea21cd finish-install: use in-target directly 2025-09-08 00:20:23 -06:00
Ark74
91486041d0 finish-install: add fallback option. 2025-09-07 23:19:25 -06:00
Ark74
79d29a0715 finish-install: add script to set splash on uefi installations. 2025-09-07 22:29:37 -06:00
Ark74
3c9b6cae5a debian-installer: update patch for upstream trixie latest release 2025-09-06 12:44:48 -06:00
Ark74
b3de867042 misc: update debian key 2025-09-01 04:41:42 -06:00
Ark74
41b608a231 kubuntu-settings: bump helper version, update on next artwork release. 2025-09-01 03:38:43 -06:00
Ark74
3be99832a1 debian-installer: bump final helper version 2025-09-01 03:25:39 -06:00
Ark74
bb4e30e9cd netcfg: bump final helper version 2025-09-01 03:20:58 -06:00
Ark74
48fb455923 base-installer: set final helper version 2025-09-01 03:16:06 -06:00
Ark74
566593039d ubuntu-release-upgrader: set static release on tarball script 2025-09-01 02:56:38 -06:00
Luis Guzmán
19af8d6039 fix "firefox: publish 142 build, disable Sponsored Checkboxes" 2025-08-31 01:21:47 -06:00
Luis Guzmán
9a8d6f42f2 firefox: publish 142 build, disable Sponsored Checkboxes 2025-08-31 01:08:20 -06:00
Luis Guzmán
434c42cf91 casper: fix disable services on kde live (triskel). 2025-08-30 17:37:37 -06:00
Luis Guzmán
93338254a6 firefox: test 142 build 2025-08-29 03:33:43 -06:00
Luis Guzman
ff611e79eb yt-dlp: update integration with abrowser patch. 2025-08-28 14:05:55 +00:00
Ark74
33ffb36646 apt-setup: bump final release number. 2025-08-27 21:50:31 -06:00
Luis Guzmán
b0b9f1a548 apt-setup: yet another fix on finish-install.d 2025-08-27 21:24:44 -06:00
Luis Guzmán
c6b9260780 apt-setup: rollback and actually run the right script 2025-08-27 15:05:42 -06:00
Ark74
c3aeccf573 apt-setup: simplify and move slim script 2025-08-27 14:28:23 -06:00
Ark74
f9689bfb1c ubiquity: setup slim deb822 migration. 2025-08-26 16:38:12 -06:00
Luis Guzman
923cea5d74 ubiquity: test parse sources.list 2025-08-26 09:06:11 +00:00
Ark74
60f94b2d5f apt-setup: change approach 2025-08-26 01:16:48 -06:00
Ark74
140ce7a282 apt-setup: test final custom tuning file. 2025-08-26 00:27:38 -06:00
Ark74
85821ce930 akregator: remove Kubuntu feeds 2025-08-26 00:06:37 -06:00
Ark74
64bd2c8655 config: add notice to remove_patch function. 2025-08-25 23:59:22 -06:00
Ark74
b67a9c1830 apt-setup: continue testing fixing final repo setup 2025-08-25 23:17:28 -06:00
Ark74
25926c10cb apt-setup: yet another adjustment to fix missing updates. 2025-08-25 17:23:59 -06:00
Ark74
1f503fb465 apt-setup: test fix for non-applied file changes. 2025-08-25 14:49:48 -06:00
Luis Guzman
677854292f apt-setup: use default rules to prevent early setup breakage 2025-08-25 06:08:12 +00:00
Luis Guzman
f0a793833d mypaint: backport fix for openmp segfault 2025-08-25 03:18:40 +00:00
Kurt Kremitzki
0d6302786f freecad: add freecad 0.21.2 from Ubuntu 24.10 2025-08-24 11:36:24 -06:00
Kurt Kremitzki
2dd6e26db0 Use rel link in readme 2025-08-24 07:15:50 -06:00
Ark74
c9a94d83a1 grub-installler: bump final version 2025-08-23 01:31:24 -06:00
Ark74
73f7c02365 grub-installer: test fix grub-installer efi 2025-08-22 15:52:03 -06:00
Ark74
e167196ba6 apt-setup: bump version to confirm working release 2025-08-19 06:42:05 -06:00
Ark74
568757513f apt-setup: initial setup for deb822 in d-i 2025-08-19 05:18:39 -06:00
Luis Guzman
7f5176c32f ubiquity: setup custom support for deb822 format 2025-08-19 10:30:59 +00:00
Ark74
46ebef52f1 tasksel: add custom (non-extensive) l10n setup for d-i 2025-08-18 05:29:32 -06:00
Ark74
c8f629bbed pkgsel: add propagation of installer-chosen locale to tasksel 2025-08-18 04:54:06 -06:00
Ark74
c058e65f86 debconf: add patches to safeguard Template.pm and Cache.pm 2025-08-17 04:55:07 -06:00
Ark74
745e43935c lxde-metapackages: set correct browser dependencies. 2025-08-17 02:22:19 -06:00
Ark74
daba10136c language-selector: add icecat l10n support for l-s. 2025-08-17 00:01:40 -06:00
Luis Guzmán
8a814b3e6b ubiquity: add workaround for mesa upgrade 2025-08-13 11:45:39 -06:00
Ark74
79c72f92d7 gtk+3.0: delay additional fix 2025-08-13 06:38:08 -06:00
Ark74
58667d178e gtk+3.0: fix FTBFS on armhf. 2025-08-13 05:48:50 -06:00
Ark74
8dd4361d9f gtk+3.0: fix position for tooltip in gtk3 (lxde/trisquel-mini) 2025-08-13 01:24:49 -06:00
Luis Guzmán
d2b3ecfbd6 DATA/keyring.gpg: add Debian Security Archive Automatic keys 12/13. 2025-08-12 16:56:55 -06:00
Ark74
ce7d611790 yt-dlp: update upstream keyring 2025-08-12 16:24:01 -06:00
Ark74
2f0835b062 ubuntu-release-upgrade: add helper to purge gpg-wks-server and prevent postfix install. 2025-08-11 22:58:29 -06:00
Luis Guzmán
fdb3fa84cd ubuntu-release-upgrader: add trisquel-sugar workaround and promote ecne release version 2025-08-10 19:01:42 -06:00
Ark74
c7ded611ea ubuntu-release-upgrader: add trisquel-mini upgrade helper to prevent missing login greeter 2025-08-08 19:14:45 -06:00
Luis Guzmán
dc69d82ab4 debian-installer: update debian-installer for August 2025 2025-08-06 19:40:50 -06:00
Luis Guzmán
103ff49081 kubuntu-settings: add README.md to usr-share folder. 2025-08-05 11:40:34 -06:00
Luis Guzmán
9d72a79a02 kubuntu-settings: fix template. 2025-08-05 00:28:31 -06:00
Ark74
9acaed0315 caja: show desktop icon by default 2025-08-04 20:20:39 -06:00
Ark74
5e274a5594 kubuntu-settings: update distro slide and icons to match Trisquel's ones 2025-08-04 18:19:27 -06:00
Ark74
dd865885a2 ubuntu-release-upgrader: add changes to build scripts 2025-08-02 15:32:06 -06:00
Luis Guzmán
b35bb12775 DATA/rpl: basic changes to drop python2 in helpers 2025-08-01 19:36:45 -06:00
Ark74
83c540811e ubiquity: set closest to fixed number. 2025-07-23 18:28:59 -06:00
Ark74
c0c9310268 ubiquity: set trisquel default partition recipe. 2025-07-23 15:05:03 -06:00
Ark74
3b2fbb8b52 partman-auto: bump version 2025-07-23 12:15:07 -06:00
Ark74
a3b9160667 partman-auto: set default trisquel partition recipe. 2025-07-23 12:13:09 -06:00
Ark74
7e6f367d00 vidtuber: add simple yt-dlp GUI frontend. 2025-07-21 17:13:42 -06:00
Ark74
d881dc94c2 casper: fix profile overwriting. 2025-07-19 13:45:40 -06:00
Luis Guzmán
959722e3f5 casper: add & enable icecat apparmor profile 2025-07-19 00:11:41 -06:00
Ark74
de8087afd0 apparmor: add icecat profiles for ecne 2025-07-18 01:26:59 -06:00
Luis Guzmán
2a88e15ae0 icecat: test adding trisquel binaries. 2025-07-17 07:35:13 -06:00
Ark74
abdd7515d1 lxpanel: add patch to fix armhf cpufreq plugin build. 2025-07-14 03:54:25 -06:00
Ark74
5b65330e61 lxpanel: fix several issues via upstream patches for trisquel-mini 2025-07-14 01:44:23 -06:00
Ark74
410f35b19e config: add simple multi-line support changelog. 2025-07-14 01:13:28 -06:00
Luis Guzmán
fd14c173f6 firefox: patch external links for addons & update gnuzilla addon url 2025-07-09 04:19:22 -06:00
Ark74
23b8b1217a config: restore upstream mirror 2025-07-08 00:00:45 -06:00
Luis Guzmán
120d3ba1bf debian-installer: temporary re-enable overwrite 'til riscv overhaul 2025-07-07 23:52:22 -06:00
Luis Guzmán
f0c7717cd6 mate-user-admin: manually add cracklib-runtime as a dependency. 2025-07-07 23:07:34 -06:00
Ark74
81e0edcda2 grub2-unsigned: remove deprecated patches from grub.johnlane.ie 2025-07-01 19:14:23 -06:00
Ark74
391b140e9a grub2: remove deprecated patches from grub.johnlane.ie 2025-07-01 18:18:00 -06:00
Luis Guzmán
a6a027858a plymouth: fix luks password shown in plain text 2025-06-30 21:58:50 -06:00
140 changed files with 4519 additions and 7721 deletions
Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -13,7 +13,7 @@ Once a new package is added, it takes priority over the original one from Ubuntu
so they never enter into the repo from upstream and need to be
compiled with this helpers and pushed into reprepro.
To add a package to the list, follow the [CONTRIBUTING](https://gitlab.trisquel.org/trisquel/package-helpers/blob/nabia/CONTRIBUTING.md) guidelines.
To add a package to the list, follow the [CONTRIBUTING](CONTRIBUTING.md) guidelines.
## Steps
@ -39,7 +39,7 @@ Those are the steps done by the helpers:
* You don't need to use sudo in order to run those scripts, but some extra packages are needed:
`sudo apt-get install cdbs devscripts dpkg-dev git gnupg gnupg2 patch python2 quilt rename rpl sed python3-jsonschema`
`sudo apt-get install cdbs devscripts dpkg-dev git gnupg gnupg2 patch quilt rename rpl sed python3-jsonschema`
* Take care to use the right sourcePackageName, many source packages produce
several binary packages. `apt-cache showsrc binary-package` can help you.

4
helpers/DATA/akregator/trisquel_feeds.patch
View file

@ -1,5 +1,5 @@
--- src/akregator_part.cpp 2020-06-05 11:41:23.000000000 -0500
+++ src/akregator_part_trisquel.cpp 2020-06-05 12:46:05.914051386 -0500
--- a/src/akregator_part.cpp 2020-06-05 11:41:23.000000000 -0500
+++ b/src/akregator_part.cpp 2020-06-05 12:46:05.914051386 -0500
@@ -189,6 +189,61 @@
wire.setAttribute(QStringLiteral("xmlUrl"), QStringLiteral("http://wire.kubuntu.org/?feed=rss2"));
kubuntuFolder.appendChild(wire);

22
helpers/DATA/apparmor/002-add-unconfined-profile-firefox-icedove.patch → helpers/DATA/apparmor/002-add-unconfined-profile-firefox-icedove-icecat.patch
View file

@ -30,8 +30,24 @@ index 060eb24d..667b1674 100644
- include if exists <local/thunderbird>
+ include if exists <local/icedove>
}
diff --git a/profiles/apparmor.d/icecat b/profiles/apparmor.d/icecat
index 4071c345..148e445e 100644
--- a/profiles/apparmor.d/icecat
+++ b/profiles/apparmor.d/icecat
@@ -4,9 +4,9 @@
abi <abi/4.0>,
include <tunables/global>
-profile firefox /{usr/lib/firefox{,-esr,-beta,-devedition,-nightly},opt/firefox}/firefox{,-esr,-bin} flags=(unconfined) {
+profile icecat /{usr/lib/icecat{,-esr,-beta,-devedition,-nightly},opt/icecat}/icecat{,-esr,-bin} flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
- include if exists <local/firefox>
+ include if exists <local/icecat>
}
diff --git a/debian/apparmor.install b/debian/apparmor.install
index 79c8700e..2971e426 100644
index 9cdaa3a2..d9ee697c 100644
--- a/debian/apparmor.install
+++ b/debian/apparmor.install
@@ -68,6 +68,7 @@ etc/apparmor.d/sbuild-update
@ -42,11 +58,13 @@ index 79c8700e..2971e426 100644
etc/apparmor.d/thunderbird
etc/apparmor.d/toybox
etc/apparmor.d/trinity
@@ -83,6 +84,7 @@ etc/apparmor.d/1password
@@ -83,7 +84,9 @@ etc/apparmor.d/1password
etc/apparmor.d/Discord
etc/apparmor.d/MongoDB_Compass
etc/apparmor.d/code
+etc/apparmor.d/abrowser
etc/apparmor.d/firefox
+etc/apparmor.d/icecat
etc/apparmor.d/github-desktop
etc/apparmor.d/obsidian
etc/apparmor.d/opera

91
helpers/DATA/apparmor/003-add-extra-abrowser-profile.patch
View file

@ -1,91 +0,0 @@
diff --git a/profiles/apparmor/profiles/extras/abrowser b/profiles/apparmor/profiles/extras/abrowser
index c7b4aa7c..ed8f01c5 100644
--- a/profiles/apparmor/profiles/extras/abrowser
+++ b/profiles/apparmor/profiles/extras/abrowser
@@ -14,7 +14,7 @@ abi <abi/4.0>,
include <tunables/global>
# Declare some variables to help with variants
-@{MOZ_APP_NAME}=firefox{,-esr}
+@{MOZ_APP_NAME}=abrowser{,-esr}
@{MOZ_LIBDIR}=/usr/lib/@{MOZ_APP_NAME}{,-[0-9]*}
@{MOZ_ADDONDIR}=/usr/lib/{@{MOZ_APP_NAME},xulrunner}-addons
@@ -22,7 +22,7 @@ include <tunables/global>
# /usr/lib/firefox-4.0b8/firefox
# but not:
# /usr/lib/firefox-4.0b8/firefox.sh
-profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
+profile abrowser @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
include <abstractions/audio>
include <abstractions/cups-client>
include <abstractions/dbus-strict>
@@ -144,8 +144,8 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
/etc/wildmidi/wildmidi.cfg r,
# firefox specific
- /etc/firefox*/ r,
- /etc/firefox*/** r,
+ /etc/abrowser*/ r,
+ /etc/abrowser*/** r,
/etc/xul-ext/** r,
/etc/xulrunner{,-[0-9]*}/ r,
/etc/xulrunner{,-[0-9]*}/** r,
@@ -234,12 +234,12 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
owner @{HOME}/.thumbnails/*/*.png r,
# per-user firefox configuration
- owner @{HOME}/.{firefox,mozilla}/ rw,
- owner @{HOME}/.{firefox,mozilla}/** rw,
- owner @{HOME}/.{firefox,mozilla}/**/*.{db,parentlock,sqlite}* k,
- owner @{HOME}/.{firefox,mozilla}/plugins/** rm,
- owner @{HOME}/.{firefox,mozilla}/**/plugins/** rm,
- owner @{HOME}/.gnome2/firefox* rwk,
+ owner @{HOME}/.{abrowser,mozilla}/ rw,
+ owner @{HOME}/.{abrowser,mozilla}/** rw,
+ owner @{HOME}/.{abrowser,mozilla}/**/*.{db,parentlock,sqlite}* k,
+ owner @{HOME}/.{abrowser,mozilla}/plugins/** rm,
+ owner @{HOME}/.{abrowser,mozilla}/**/plugins/** rm,
+ owner @{HOME}/.gnome2/abrowser* rwk,
owner @{HOME}/.cache/mozilla/{,@{MOZ_APP_NAME}/} rw,
owner @{HOME}/.cache/mozilla/@{MOZ_APP_NAME}/** rw,
owner @{HOME}/.cache/mozilla/@{MOZ_APP_NAME}/**/*.sqlite k,
@@ -440,7 +440,7 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
owner @{HOME}/.mozilla/**/extensions/** mixr,
# Widevine CDM plugin (LP: #1777070)
- owner @{HOME}/.mozilla/firefox/*/gmp-widevinecdm/*/libwidevinecdm.so m,
+ owner @{HOME}/.mozilla/abrowser/*/gmp-widevinecdm/*/libwidevinecdm.so m,
deny @{MOZ_LIBDIR}/update.test w,
deny /usr/lib/mozilla/extensions/**/ w,
@@ -458,7 +458,7 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
/usr/bin/lsb_release Pxr -> lsb_release,
- # These should be started outside of Firefox
+ # These should be started outside of abrowser
deny /usr/bin/dbus-launch x,
deny /usr/bin/speech-dispatcher x,
@@ -466,6 +466,6 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
include if exists <abstractions/ubuntu-browsers.d/firefox>
# Site-specific additions and overrides. See local/README for details.
- include if exists <local/usr.bin.firefox>
- include if exists <local/firefox>
+ include if exists <local/usr.bin.abrowser>
+ include if exists <local/abrowser>
}
diff --git a/debian/apparmor-profiles.install b/debian/apparmor-profiles.install
index d12ab262..a6ea623d 100644
--- a/debian/apparmor-profiles.install
+++ b/debian/apparmor-profiles.install
@@ -86,6 +86,7 @@ usr/share/apparmor/extra-profiles/usr.lib.GConf.2.gconfd-2
usr/share/apparmor/extra-profiles/usr.lib.RealPlayer10.realplay
usr/share/apparmor/extra-profiles/usr.lib.bonobo.bonobo-activation-server
usr/share/apparmor/extra-profiles/usr.lib.evolution-data-server.evolution-data-server-1.10
+usr/share/apparmor/extra-profiles/abrowser
usr/share/apparmor/extra-profiles/firefox
usr/share/apparmor/extra-profiles/firefox.sh
usr/share/apparmor/extra-profiles/usr.lib.firefox.mozilla-xremote-client

173
helpers/DATA/apparmor/003-add-extra-profile-for-abrowser-icecat.patch Normal file
View file

@ -0,0 +1,173 @@
diff --git a/profiles/apparmor/profiles/extras/icecat b/profiles/apparmor/profiles/extras/icecat
index cbe1aa80..71813e99 100644
--- a/profiles/apparmor/profiles/extras/icecat
+++ b/profiles/apparmor/profiles/extras/icecat
@@ -14,7 +14,7 @@ abi <abi/4.0>,
include <tunables/global>
# Declare some variables to help with variants
-@{MOZ_APP_NAME}=firefox{,-esr}
+@{MOZ_APP_NAME}=icecat{,-esr}
@{MOZ_LIBDIR}=/usr/lib/@{MOZ_APP_NAME}{,-[0-9]*}
@{MOZ_ADDONDIR}=/usr/lib/{@{MOZ_APP_NAME},xulrunner}-addons
@@ -22,7 +22,7 @@ include <tunables/global>
# /usr/lib/firefox-4.0b8/firefox
# but not:
# /usr/lib/firefox-4.0b8/firefox.sh
-profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
+profile icecat @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
include <abstractions/audio>
include <abstractions/cups-client>
include <abstractions/dbus-strict>
@@ -144,8 +144,8 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
/etc/wildmidi/wildmidi.cfg r,
# firefox specific
- /etc/firefox*/ r,
- /etc/firefox*/** r,
+ /etc/icecat*/ r,
+ /etc/icecat*/** r,
/etc/xul-ext/** r,
/etc/xulrunner{,-[0-9]*}/ r,
/etc/xulrunner{,-[0-9]*}/** r,
@@ -234,12 +234,12 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
owner @{HOME}/.thumbnails/*/*.png r,
# per-user firefox configuration
- owner @{HOME}/.{firefox,mozilla}/ rw,
- owner @{HOME}/.{firefox,mozilla}/** rw,
- owner @{HOME}/.{firefox,mozilla}/**/*.{db,parentlock,sqlite}* k,
- owner @{HOME}/.{firefox,mozilla}/plugins/** rm,
- owner @{HOME}/.{firefox,mozilla}/**/plugins/** rm,
- owner @{HOME}/.gnome2/firefox* rwk,
+ owner @{HOME}/.{icecat,mozilla}/ rw,
+ owner @{HOME}/.{icecat,mozilla}/** rw,
+ owner @{HOME}/.{icecat,mozilla}/**/*.{db,parentlock,sqlite}* k,
+ owner @{HOME}/.{icecat,mozilla}/plugins/** rm,
+ owner @{HOME}/.{icecat,mozilla}/**/plugins/** rm,
+ owner @{HOME}/.gnome2/icecat* rwk,
owner @{HOME}/.cache/mozilla/{,@{MOZ_APP_NAME}/} rw,
owner @{HOME}/.cache/mozilla/@{MOZ_APP_NAME}/** rw,
owner @{HOME}/.cache/mozilla/@{MOZ_APP_NAME}/**/*.sqlite{,-shm} k,
@@ -440,7 +440,7 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
owner @{HOME}/.mozilla/**/extensions/** mixr,
# Widevine CDM plugin (LP: #1777070)
- owner @{HOME}/.mozilla/firefox/*/gmp-widevinecdm/*/libwidevinecdm.so m,
+ owner @{HOME}/.mozilla/icecat/*/gmp-widevinecdm/*/libwidevinecdm.so m,
deny @{MOZ_LIBDIR}/update.test w,
deny /usr/lib/mozilla/extensions/**/ w,
@@ -458,7 +458,7 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
/usr/bin/lsb_release Pxr -> lsb_release,
- # These should be started outside of Firefox
+ # These should be started outside of icecat
deny /usr/bin/dbus-launch x,
deny /usr/bin/speech-dispatcher x,
@@ -466,6 +466,6 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
include if exists <abstractions/ubuntu-browsers.d/firefox>
# Site-specific additions and overrides. See local/README for details.
- include if exists <local/usr.bin.firefox>
- include if exists <local/firefox>
+ include if exists <local/usr.bin.icecat>
+ include if exists <local/icecat>
}
diff --git a/profiles/apparmor/profiles/extras/firefox b/profiles/apparmor/profiles/extras/abrowser
index cbe1aa80..2fb77651 100644
--- a/profiles/apparmor/profiles/extras/firefox
+++ b/profiles/apparmor/profiles/extras/abrowser
@@ -14,7 +14,7 @@ abi <abi/4.0>,
include <tunables/global>
# Declare some variables to help with variants
-@{MOZ_APP_NAME}=firefox{,-esr}
+@{MOZ_APP_NAME}=abrowser{,-esr}
@{MOZ_LIBDIR}=/usr/lib/@{MOZ_APP_NAME}{,-[0-9]*}
@{MOZ_ADDONDIR}=/usr/lib/{@{MOZ_APP_NAME},xulrunner}-addons
@@ -22,7 +22,7 @@ include <tunables/global>
# /usr/lib/firefox-4.0b8/firefox
# but not:
# /usr/lib/firefox-4.0b8/firefox.sh
-profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
+profile abrowser @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
include <abstractions/audio>
include <abstractions/cups-client>
include <abstractions/dbus-strict>
@@ -144,8 +144,8 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
/etc/wildmidi/wildmidi.cfg r,
# firefox specific
- /etc/firefox*/ r,
- /etc/firefox*/** r,
+ /etc/abrowser*/ r,
+ /etc/abrowser*/** r,
/etc/xul-ext/** r,
/etc/xulrunner{,-[0-9]*}/ r,
/etc/xulrunner{,-[0-9]*}/** r,
@@ -234,12 +234,12 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
owner @{HOME}/.thumbnails/*/*.png r,
# per-user firefox configuration
- owner @{HOME}/.{firefox,mozilla}/ rw,
- owner @{HOME}/.{firefox,mozilla}/** rw,
- owner @{HOME}/.{firefox,mozilla}/**/*.{db,parentlock,sqlite}* k,
- owner @{HOME}/.{firefox,mozilla}/plugins/** rm,
- owner @{HOME}/.{firefox,mozilla}/**/plugins/** rm,
- owner @{HOME}/.gnome2/firefox* rwk,
+ owner @{HOME}/.{abrowser,mozilla}/ rw,
+ owner @{HOME}/.{abrowser,mozilla}/** rw,
+ owner @{HOME}/.{abrowser,mozilla}/**/*.{db,parentlock,sqlite}* k,
+ owner @{HOME}/.{abrowser,mozilla}/plugins/** rm,
+ owner @{HOME}/.{abrowser,mozilla}/**/plugins/** rm,
+ owner @{HOME}/.gnome2/abrowser* rwk,
owner @{HOME}/.cache/mozilla/{,@{MOZ_APP_NAME}/} rw,
owner @{HOME}/.cache/mozilla/@{MOZ_APP_NAME}/** rw,
owner @{HOME}/.cache/mozilla/@{MOZ_APP_NAME}/**/*.sqlite{,-shm} k,
@@ -440,7 +440,7 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
owner @{HOME}/.mozilla/**/extensions/** mixr,
# Widevine CDM plugin (LP: #1777070)
- owner @{HOME}/.mozilla/firefox/*/gmp-widevinecdm/*/libwidevinecdm.so m,
+ owner @{HOME}/.mozilla/abrowser/*/gmp-widevinecdm/*/libwidevinecdm.so m,
deny @{MOZ_LIBDIR}/update.test w,
deny /usr/lib/mozilla/extensions/**/ w,
@@ -458,7 +458,7 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
/usr/bin/lsb_release Pxr -> lsb_release,
- # These should be started outside of Firefox
+ # These should be started outside of abrowser
deny /usr/bin/dbus-launch x,
deny /usr/bin/speech-dispatcher x,
@@ -466,6 +466,6 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
include if exists <abstractions/ubuntu-browsers.d/firefox>
# Site-specific additions and overrides. See local/README for details.
- include if exists <local/usr.bin.firefox>
- include if exists <local/firefox>
+ include if exists <local/usr.bin.abrowser>
+ include if exists <local/abrowser>
}
diff --git a/debian/apparmor-profiles.install b/debian/apparmor-profiles.install
index 5cecd9dd..62531edb 100644
--- a/debian/apparmor-profiles.install
+++ b/debian/apparmor-profiles.install
@@ -88,8 +88,10 @@ usr/share/apparmor/extra-profiles/usr.lib.GConf.2.gconfd-2
usr/share/apparmor/extra-profiles/usr.lib.RealPlayer10.realplay
usr/share/apparmor/extra-profiles/usr.lib.bonobo.bonobo-activation-server
usr/share/apparmor/extra-profiles/usr.lib.evolution-data-server.evolution-data-server-1.10
+usr/share/apparmor/extra-profiles/abrowser
usr/share/apparmor/extra-profiles/firefox
usr/share/apparmor/extra-profiles/firefox.sh
+usr/share/apparmor/extra-profiles/icecat
usr/share/apparmor/extra-profiles/usr.lib.firefox.mozilla-xremote-client
usr/share/apparmor/extra-profiles/usr.lib.man-db.man
usr/share/apparmor/extra-profiles/postfix-anvil

23
helpers/DATA/apparmor/004-update-profile-extra-firefox-sh.patch
View file

@ -1,8 +1,8 @@
diff --git a/profiles/apparmor/profiles/extras/firefox.sh b/profiles/apparmor/profiles/extras/firefox.sh
index fb75c5b6..83a7404c 100644
index fb75c5b6..7b23cd83 100644
--- a/profiles/apparmor/profiles/extras/firefox.sh
+++ b/profiles/apparmor/profiles/extras/firefox.sh
@@ -22,3 +22,22 @@ profile firefox.sh /usr/lib/firefox/firefox.sh {
@@ -22,3 +22,41 @@ profile firefox.sh /usr/lib/firefox/firefox.sh {
# Site-specific additions and overrides. See local/README for details.
include if exists <local/firefox.sh>
}
@ -25,3 +25,22 @@ index fb75c5b6..83a7404c 100644
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/firefox.sh>
+}
+
+profile firefox.sh /usr/lib/icecat/firefox.sh {
+ include <abstractions/base>
+ include <abstractions/bash>
+ include <abstractions/consoles>
+
+ deny capability sys_ptrace,
+
+ /{usr/,}bin/basename rix,
+ /{usr/,}bin/bash rix,
+ /{usr/,}bin/grep rix,
+ /etc/magic r,
+ /usr/bin/file rix,
+ /usr/lib/icecat/icecat px,
+ /usr/share/misc/magic.mgc r,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/firefox.sh>
+}

122
helpers/DATA/apt-setup/50mirror.trisquel Executable file
View file

@ -0,0 +1,122 @@
#!/bin/sh
set -e
. /usr/share/debconf/confmodule
file="$1"
log() {
logger -t apt-setup "$@"
}
warning() {
log "warning: $@"
}
# Ask if a mirror should be used if the base system can be installed from CD
if [ -e /cdrom/.disk/base_installable ] || [ "$OVERRIDE_BASE_INSTALLABLE" ]; then
if ! search-path choose-mirror; then
warning "choose-mirror is not available; cannot offer network mirror"
exit 1
fi
# Default to false if no network selected in netcfg
if db_get netcfg/dhcp_options && \
[ "$RET" = "Do not configure the network at this time" ]; then
use_mirror=false
fi
# Set default if no value (see Debian mirror generator)
db_get apt-setup/use_mirror
[ "$RET" ] || db_set apt-setup/use_mirror true
# Text is variable for Debian
db_metaget apt-mirror/use/netinst_old description
db_subst apt-setup/use_mirror EXPLANATION "$RET"
db_input medium apt-setup/use_mirror || [ $? -eq 30 ]
db_go # or exit 10
db_get apt-setup/use_mirror
if [ "$RET" = false ]; then
exit 1
fi
if db_get cdrom/codename && [ "$RET" ]; then
db_set mirror/codename $RET
fi
if db_get cdrom/suite && [ "$RET" ]; then
db_set mirror/suite $RET
fi
choose-mirror -n # no progress bar
fi
db_input low apt-setup/backports || true
dists="main"
db_get mirror/protocol
protocol="$RET"
db_get mirror/codename
codename="$RET"
db_get mirror/$protocol/hostname
hostname="$RET"
db_get mirror/$protocol/directory
directory="/${RET#/}"
if [ "$protocol" = http ]; then
db_get mirror/$protocol/proxy
proxy="$RET"
if [ -n "$proxy" ]; then
if ! grep -iq "Acquire::$protocol::Proxy" $ROOT/etc/apt/apt.conf.new; then
echo "Acquire::$protocol::Proxy \"$proxy\";" >> $ROOT/etc/apt/apt.conf.new
fi
fi
fi
# Trisquel: Deb822-first, keep legacy clean
: "${ROOT:=/target}"
SD="$ROOT/etc/apt/sources.list.d"
SF="$SD/trisquel.sources"
mkdir -p "$SD"
# Use keyring in /usr/share/keyrings
SIGNED_BY="/usr/share/keyrings/trisquel-archive-keyring.gpg"
# Canonical URI for Deb822 (trailing slash)
uri="$protocol://$hostname$directory"
case "$uri" in */) : ;; *) uri="$uri/";; esac
# Write Deb822 sources file in the requested structure
cat << EOF > "$SF"
# Trisquel repositories for supported software and updates
Types: deb
URIs: ${uri}
Suites: ${codename} ${codename}-updates ${codename}-security
Components: main
Signed-By: ${SIGNED_BY}
# Source package repositories
Types: deb-src
URIs: ${uri}
Suites: ${codename} ${codename}-updates ${codename}-security
Components: main
Signed-By: ${SIGNED_BY}
# Optional backports repository
Enabled: no
Types: deb deb-src
URIs: ${uri}
Suites: ${codename}-backports
Components: main
Signed-By: ${SIGNED_BY}
EOF
# Set legacy format for apt-setup to apply updates correctly.
{
echo "deb ${uri} ${codename} main"
echo "deb ${uri} ${codename}-updates main"
echo "deb ${uri} ${codename}-security main"
} >> "$file"
exit 0

11
helpers/DATA/apt-setup/93trisquel-sources-clean Executable file
View file

@ -0,0 +1,11 @@
#!/bin/sh
set -e
LEGACY=/target/etc/apt/sources.list
SD=/target/etc/apt/sources.list.d
if ls "$SD"/*.sources >/dev/null 2>&1; then
MSG="# Trisquel sources have moved to /etc/apt/sources.list.d/trisquel.sources"
printf '%s\n' "$MSG" > "$LEGACY"
fi
exit 0

18
helpers/DATA/apt-setup/99deb822-breadcrumb Executable file
View file

@ -0,0 +1,18 @@
#!/bin/sh
set -e
. /usr/share/debconf/confmodule
file="$1"
ROOT="${ROOT:-/target}"
LEGACY="$ROOT/etc/apt/sources.list"
SD="$ROOT/etc/apt/sources.list.d"
SAVETO="$ROOT/etc/apt/sources.list.new"
# If .sources exist, leave sources.list reduced only as a breadcrumb
if ls "$SD"/*.sources >/dev/null 2>&1; then
MSG="# Trisquel sources have moved to /etc/apt/sources.list.d/trisquel.sources"
: > "$SAVETO"
printf '%s\n' "$MSG" > "$file"
fi
exit 0

30
helpers/DATA/casper/35apparmor_abrowser
View file

@ -1,30 +0,0 @@
#!/bin/sh
PREREQ=""
DESCRIPTION="Enabling Abrowser apparmor profile..."
prereqs()
{
echo "$PREREQ"
}
case $1 in
# get pre-requisites
prereqs)
prereqs
exit 0
;;
esac
. /scripts/casper-functions
log_begin_msg "$DESCRIPTION"
cat << EOF > /root/etc/rc.local
#!/bin/sh
# Enable apparmor profile during live session to allow Abrowser to create user namespaces
[ -d /rofs ] && apparmor_parser -a /etc/apparmor.d/abrowser
EOF
chmod 755 /root/etc/rc.local
log_end_msg

61
helpers/DATA/casper/36apparmor_live Normal file
View file

@ -0,0 +1,61 @@
#!/bin/sh
PREREQ=""
DESCRIPTION="Enabling Live apparmor profiles..."
prereqs()
{
echo "$PREREQ"
}
case $1 in
# get pre-requisites
prereqs)
prereqs
exit 0
;;
esac
. /scripts/casper-functions
log_begin_msg "$DESCRIPTION"
RC_EXIST=0
if [ ! -e /root/etc/rc.local ]; then
umask 022
mkdir -p /root/etc
cat << 'EOF' > /root/etc/rc.local
#!/bin/sh
exit 0
EOF
chmod 755 /root/etc/rc.local
RC_EXIST=1
fi
if [ "$RC_EXIST" -eq 0 ]; then
head -n1 /root/etc/rc.local | grep -q '^#!' || sed -i '1s|^|#!/bin/sh\n|' /root/etc/rc.local
sed -i 's/\r$//' /root/etc/rc.local
chmod 755 /root/etc/rc.local
fi
if ! grep -q 'BEGIN trisquel-live-apparmor' /root/etc/rc.local 2>/dev/null; then
sed -i '/^exit 0$/d' /root/etc/rc.local
cat << 'EOF' >> /root/etc/rc.local
# --- BEGIN trisquel-live-apparmor ---
if [ -d /rofs ]; then
/usr/lib/casper/casper-apparmor-live || true
fi
# --- END trisquel-live-apparmor ---
EOF
echo 'exit 0' >> /root/etc/rc.local
fi
mkdir -p /root/etc/apt/apt.conf.d
cat << 'APT' > /root/etc/apt/apt.conf.d/99-apparmor-live-hook
# /etc/apt/apt.conf.d/99-apparmor-live-hook
DPkg::Post-Invoke { "sh -c '[ -d /rofs ] && /usr/lib/casper/casper-apparmor-live || true'"; };
APT
chmod 644 /root/etc/apt/apt.conf.d/99-apparmor-live-hook
log_end_msg

0
helpers/DATA/casper/set_trisquel_iso_suggestion.patch → helpers/DATA/casper/patch_changes/000-set_trisquel_iso_suggestion.patch
View file

13
helpers/DATA/casper/patch_changes/001-fix_disable_kde_services_triskel_live.patch Normal file
View file

@ -0,0 +1,13 @@
diff --git a/scripts/casper-bottom/34disable_kde_services b/scripts/casper-bottom/34disable_kde_services
index f368ec2e..caa76986 100755
--- a/scripts/casper-bottom/34disable_kde_services
+++ b/scripts/casper-bottom/34disable_kde_services
@@ -20,7 +20,7 @@ esac
log_begin_msg "$DESCRIPTION"
-for pkg in kubuntu-default-settings ubuntustudio; do
+for pkg in triskel-default-settings kubuntu-default-settings ubuntustudio; do
settingsdir="/root/usr/share/$pkg/kf5-settings"
[ -d "$settingsdir" ] || continue
printf "[Daemon]\nTimeout=0\nAutolock=false\nLockOnResume=false\n" >> "$settingsdir"/kscreenlockerrc

29
helpers/DATA/casper/patch_changes/002-setup_apparmor_live_reload.patch Normal file
View file

@ -0,0 +1,29 @@
diff --git a/debian/casper.install b/debian/casper.install
index 5eb58de8..248d17d0 100644
--- a/debian/casper.install
+++ b/debian/casper.install
@@ -10,4 +10,5 @@ bin/casper-update-initramfs usr/share/casper
hooks usr/share/initramfs-tools
scripts usr/share/initramfs-tools
casper-md5check/casper-md5check usr/lib/casper
+extra/casper-apparmor-live usr/lib/casper
casper.conf etc
diff --git a/extra/casper-apparmor-live b/extra/casper-apparmor-live
new file mode 100755
index 00000000..c11b80ad
--- /dev/null
+++ b/extra/casper-apparmor-live
@@ -0,0 +1,13 @@
+#!/bin/sh
+# /usr/lib/casper/casper-apparmor-live
+[ -d /rofs ] || exit 0
+find /etc/apparmor.d -type f \
+ ! -path "/etc/apparmor.d/abstractions/*" \
+ ! -path "/etc/apparmor.d/tunables/*" \
+ ! -path "/etc/apparmor.d/local/*" \
+ ! -path "/etc/apparmor.d/disable/*" \
+ ! -path "/etc/apparmor.d/rsyslog.d/*" \
+ ! -path "/etc/apparmor.d/force-complain/*" \
+ ! -path "/etc/apparmor.d/apache2.d/*" \
+ ! -path "/etc/apparmor.d/abi/*" \
+ -print0 | xargs -0 -r -n1 apparmor_parser -r -T -W || true

12
helpers/DATA/debconf/patch_changes/000-add_Template_undef_guard.patch Normal file
View file

@ -0,0 +1,12 @@
diff --git a/Debconf/Template.pm b/Debconf/Template.pm
index 9ab4833d..c3649929 100644
--- a/Debconf/Template.pm
+++ b/Debconf/Template.pm
@@ -140,6 +140,7 @@ Get an existing template (it may be pulled out of the database, etc).
sub get {
my Debconf::Template $this=shift;
my $template=shift;
+ return unless defined $template && length $template;
return $template{$template} if exists $template{$template};
if ($Debconf::Db::templates->exists($template)) {
$this = fields::new($this);

12
helpers/DATA/debconf/patch_changes/001-add_DbDriver_Cache_undef_guard.patch Normal file
View file

@ -0,0 +1,12 @@
diff --git a/Debconf/DbDriver/Cache.pm b/Debconf/DbDriver/Cache.pm
index 1b0e36fb..2e80d3bb 100644
--- a/Debconf/DbDriver/Cache.pm
+++ b/Debconf/DbDriver/Cache.pm
@@ -122,6 +122,7 @@ undef -- marked as deleted in the cache, so does not exist
sub exists {
my $this=shift;
my $item=shift;
+ return 0 unless defined $item && length $item;
return $this->{cache}->{$item}
if exists $this->{cache}->{$item};

2
helpers/DATA/debian-installer/001_remove-proposed-updates.patch
View file

@ -19,7 +19,7 @@ index 371e8b57..6caa6641 100755
BOOTMENU_BEEP=n
else
USE_UDEBS_FROM=trixie
-USE_PROPOSED_UPDATES=0
-USE_PROPOSED_UPDATES=1
TRANSSTATUS=translation-status
BOOTMENU_BEEP=y
endif

2
helpers/DATA/debian-installer/003_medium_supported.patch
View file

@ -11,7 +11,7 @@ diff -Nru debian-installer-20210731+deb11u8+11.0trisquel13/build/config/arm64.cf
--- debian-installer-20210731+deb11u8+11.0trisquel13/build/config/arm64.cfg 2023-05-12 13:48:56.073639701 -0600
+++ debian-installer-20210731+deb11u8+11.0trisquel13_/build/config/arm64.cfg 2023-05-12 14:00:45.351718688 -0600
@@ -1,4 +1,4 @@
-MEDIUM_SUPPORTED = cdrom netboot netboot-gtk device-tree u-boot
-MEDIUM_SUPPORTED = cdrom netboot netboot-gtk device-tree u-boot hd-media
+MEDIUM_SUPPORTED = cdrom netboot device-tree u-boot
KERNELMAJOR = 2.6

14
helpers/DATA/debian-installer/005_customize-chromeos-devices-build.patch
View file

@ -1,14 +0,0 @@
diff --git a/build/config/x86.cfg b/build/config/x86.cfg
index 5ddc8cef..74ddad61 100644
--- a/build/config/x86.cfg
+++ b/build/config/x86.cfg
@@ -443,8 +443,8 @@ arch_netboot_dir: x86_syslinux x86_grub_efi
mkdir -p $(TEMP_DEPTHCHARGE)
depthchargectl build -v \
--board amd64-generic \
- --kernel-release $(KERNELVERSION) \
+ --kernel-release '' \
--kernel $(TEMP_KERNEL) \
--initramfs $(TEMP_INITRD) \
--root none \

0
helpers/DATA/debian-installer/007-remove_graphical_options_from_netinstall.patch → helpers/DATA/debian-installer/patch_changes/007-remove_graphical_options_from_netinstall.patch
View file

16
helpers/DATA/debian-installer/patch_changes/008-re-enable_dpkg_force-overwrite.patch Normal file
View file

@ -0,0 +1,16 @@
We'll remove the force-overwrite flag once we conclude the riscv rework on the kernel and new arch implementation.
-- ark74 - Mon, 07 Jul 2025 23:27:26 -0600
diff --git a/build/config/common b/build/config/common
index 6e58ca8f..5953b26f 100644
--- a/build/config/common
+++ b/build/config/common
@@ -41,7 +41,7 @@ PRESEED =
# Options to pass to dpkg when it is unpacking the udebs to create the
# image. None should be needed, but --force-overwrite might need to be
# enabled from time to time if udebs have conflicting files.
-DPKG_UNPACK_OPTIONS =
+DPKG_UNPACK_OPTIONS = --force-overwrite
# The codename of the Trisquel release that should be installed by default.
TRISQUEL_RELEASE = ecne

49
helpers/DATA/finish-install/09trisquel-uefi-splash Executable file
View file

@ -0,0 +1,49 @@
#!/bin/sh
# Enable 'splash' only on UEFI desktop installs, and only if Plymouth is present.
# Runs before 10update-initramfs, so we only call update-grub here.
#
# Run only on UEFI installs
[ -d /sys/firmware/efi ] || exit 0
# Require plymouth in the target system (otherwise splash is pointless)
in-target dpkg -s plymouth >/dev/null 2>&1 || exit 0
# Heuristic “desktop present?” check — avoid debconf; rely on packages/DM.
if ! in-target sh -c '
dpkg -s trisquel-desktop-common >/dev/null 2>&1 ||
dpkg -s triskel >/dev/null 2>&1 ||
dpkg -s trisquel-gnome >/dev/null 2>&1 ||
dpkg -s trisquel-mini >/dev/null 2>&1 ||
dpkg -s lightdm >/dev/null 2>&1 ||
dpkg -s gdm3 >/dev/null 2>&1 ||
dpkg -s sddm >/dev/null 2>&1
'; then
# No desktop, then do nothing
exit 0
fi
CFG=/target/etc/default/grub
[ -f "$CFG" ] || exit 0
# If the key is missing entirely, create it with just "splash"
grep -q '^GRUB_CMDLINE_LINUX_DEFAULT=' "$CFG" \
|| echo 'GRUB_CMDLINE_LINUX_DEFAULT="splash"' >> "$CFG"
# Normalize trivial cases:
# - empty quotes > "splash"
# - unquoted value > quote it
sed -i -r \
-e 's/^GRUB_CMDLINE_LINUX_DEFAULT=""$/GRUB_CMDLINE_LINUX_DEFAULT="splash"/' \
-e 's/^(GRUB_CMDLINE_LINUX_DEFAULT)=([^"].*)$/\1="\2"/' \
"$CFG"
# If 'splash' is already present, leave as-is; otherwise append it
grep -q '^GRUB_CMDLINE_LINUX_DEFAULT=.*\bsplash\b' "$CFG" || \
sed -i -r 's/^(GRUB_CMDLINE_LINUX_DEFAULT="[^"]*)"/\1 splash"/' "$CFG"
# Regenerate grub.cfg; never fail finish-install
in-target update-grub >/dev/null 2>&1 || true
# Always succeed so remaining finish-install hooks run
exit 0

9
helpers/DATA/firefox/patch_changes/007-disable_remote_settings_antifeature.patch
View file

@ -2,10 +2,17 @@ diff --git a/services/settings/RemoteSettingsClient.sys.mjs b/services/settings/
index 7e98e6d..7716e41 100644
--- a/services/settings/RemoteSettingsClient.sys.mjs
+++ b/services/settings/RemoteSettingsClient.sys.mjs
@@ -227,6 +227,8 @@ class AttachmentDownloader extends Downloader {
@@ -229,13 +229,8 @@ class AttachmentDownloader extends Downloader {
* @see Downloader.download
*/
async download(record, options) {
- await lazy.UptakeTelemetry.report(
- TELEMETRY_COMPONENT,
- lazy.UptakeTelemetry.STATUS.DOWNLOAD_START,
- {
- source: this._client.identifier,
- }
- );
+ console.warn("Function 'download' disabled in Abrowser due privacy concerns.");
+ return null;
try {

13
helpers/DATA/firefox/patch_changes/011-temp_fix_for_ppc64el_missing_fallback_value.patch
View file

@ -1,13 +0,0 @@
diff --git a/modules/libpref/init/StaticPrefList.yaml b/modules/libpref/init/StaticPrefList.yaml
index ee506bd6..7e12ca68 100644
--- a/modules/libpref/init/StaticPrefList.yaml
+++ b/modules/libpref/init/StaticPrefList.yaml
@@ -12461,6 +12461,8 @@
type: RelaxedAtomicBool
#if defined(MOZ_AV1)
value: true
+#else
+ value: false
#endif
mirror: always

98
helpers/DATA/firefox/patch_changes/013-remove_finish_setup_third_party_services.patch Normal file
View file

@ -0,0 +1,98 @@
diff --git a/browser/components/aboutwelcome/modules/AboutWelcomeDefaults.sys.mjs b/browser/components/aboutwelcome/modules/AboutWelcomeDefaults.sys.mjs
index ba47adb6..c4b29ec4 100644
--- a/browser/components/aboutwelcome/modules/AboutWelcomeDefaults.sys.mjs
+++ b/browser/components/aboutwelcome/modules/AboutWelcomeDefaults.sys.mjs
@@ -704,7 +704,7 @@ const MR_ABOUT_WELCOME_DEFAULT = {
action: {
type: "OPEN_URL",
data: {
- args: "https://addons.mozilla.org/en-US/firefox/collections/4757633/b4d5649fb087446aa05add5f0258c3/?page=1&collection_sort=-popularity",
+ args: "https://gnuzilla.gnu.org/",
where: "tabshifted",
},
navigate: true,
@@ -750,49 +750,6 @@ const MR_ABOUT_WELCOME_DEFAULT = {
},
targeting: "isFxASignedIn",
},
- {
- id: "AW_ACCOUNT_LOGIN",
- content: {
- fullscreen: true,
- position: "split",
- split_narrow_bkg_position: "-228px",
- image_alt_text: {
- string_id: "mr2022-onboarding-gratitude-image-alt",
- },
- background:
- "url('chrome://activity-stream/content/data/content/assets/fox-doodle-waving-laptop.svg') center center / 80% no-repeat var(--mr-screen-background-color)",
- progress_bar: true,
- logo: {},
- title: {
- string_id: "onboarding-sign-up-title",
- },
- subtitle: {
- string_id: "onboarding-sign-up-description",
- },
- secondary_button: {
- label: {
- string_id: "mr2-onboarding-start-browsing-button-label",
- },
- style: "secondary",
- action: {
- navigate: true,
- },
- },
- primary_button: {
- label: {
- string_id: "onboarding-sign-up-button",
- },
- action: {
- data: {
- entrypoint: "newuser-onboarding-desktop",
- },
- type: "FXA_SIGNIN_FLOW",
- navigate: true,
- },
- },
- },
- targeting: "!isFxASignedIn",
- },
],
};
diff --git a/browser/components/asrouter/modules/FeatureCalloutMessages.sys.mjs b/browser/components/asrouter/modules/FeatureCalloutMessages.sys.mjs
index 29d2ca46..41b65ac4 100644
--- a/browser/components/asrouter/modules/FeatureCalloutMessages.sys.mjs
+++ b/browser/components/asrouter/modules/FeatureCalloutMessages.sys.mjs
@@ -885,7 +885,7 @@ const MESSAGES = () => {
dismiss: true,
type: "OPEN_URL",
data: {
- args: "https://addons.mozilla.org/en-US/firefox/collections/4757633/36d285535db74c6986abbeeed3e214/?page=1&collection_sort=added",
+ args: "https://gnuzilla.gnu.org/",
where: "tabshifted",
},
},
diff --git a/browser/components/asrouter/modules/OnboardingMessageProvider.sys.mjs b/browser/components/asrouter/modules/OnboardingMessageProvider.sys.mjs
index abc6db68..0c86955f 100644
--- a/browser/components/asrouter/modules/OnboardingMessageProvider.sys.mjs
+++ b/browser/components/asrouter/modules/OnboardingMessageProvider.sys.mjs
@@ -1226,7 +1226,7 @@ const BASE_MESSAGES = () => [
{
type: "OPEN_URL",
data: {
- args: "https://addons.mozilla.org/en-US/firefox/collections/4757633/b4d5649fb087446aa05add5f0258c3/?page=1&collection_sort=-popularity",
+ args: "https://gnuzilla.gnu.org/",
where: "current",
},
},
@@ -1430,7 +1430,7 @@ const BASE_MESSAGES = () => [
{
type: "OPEN_URL",
data: {
- args: "https://addons.mozilla.org/en-US/firefox/collections/4757633/b4d5649fb087446aa05add5f0258c3/?page=1&collection_sort=-popularity",
+ args: "https://gnuzilla.gnu.org/",
where: "current",
},
},

138
helpers/DATA/firefox/patch_changes/014-remove_support_firefox_mission_on_abrowser.patch Normal file
View file

@ -0,0 +1,138 @@
diff --git a/browser/components/preferences/home.inc.xhtml b/browser/components/preferences/home.inc.xhtml
index c0094fe0..08856c78 100644
--- a/browser/components/preferences/home.inc.xhtml
+++ b/browser/components/preferences/home.inc.xhtml
@@ -101,15 +101,6 @@
<vbox id="trending-searches" />
<vbox id="topsites" />
<vbox id="topstories" />
- <vbox id="support-firefox" />
-
- <html:moz-box-item class="mission-message">
- <html:span data-l10n-id="home-prefs-mission-message" />
- <html:a is="moz-support-link"
- support-page="sponsor-privacy"
- data-l10n-id="home-prefs-mission-message-learn-more-link" />
- </html:moz-box-item>
-
<vbox id="highlights" />
</groupbox>
</html:template>
diff --git a/browser/extensions/newtab/lib/AboutPreferences.sys.mjs b/browser/extensions/newtab/lib/AboutPreferences.sys.mjs
index 0d43919b..f2e0fbd0 100644
--- a/browser/extensions/newtab/lib/AboutPreferences.sys.mjs
+++ b/browser/extensions/newtab/lib/AboutPreferences.sys.mjs
@@ -120,37 +120,6 @@ const PREFS_FOR_SETTINGS = () => [
),
eventSource: "TOP_STORIES",
},
- {
- id: "support-firefox",
- pref: {
- feed: "showSponsoredCheckboxes",
- titleString: "home-prefs-support-firefox-header",
- nestedPrefs: [
- {
- name: "showSponsoredTopSites",
- titleString: "home-prefs-shortcuts-by-option-sponsored",
- eventSource: "SPONSORED_TOP_SITES",
- },
- {
- name: "showSponsored",
- titleString: "home-prefs-recommended-by-option-sponsored-stories",
- eventSource: "POCKET_SPOCS",
- shouldHidePref: !Services.prefs.getBoolPref(
- "browser.newtabpage.activity-stream.feeds.system.topstories",
- true
- ),
- shouldDisablePref: !Services.prefs.getBoolPref(
- "browser.newtabpage.activity-stream.feeds.section.topstories",
- true
- ),
- },
- ],
- },
- shouldHidePref: !Services.prefs.getBoolPref(
- "browser.newtabpage.activity-stream.system.showSponsoredCheckboxes",
- false
- ),
- },
];
export class AboutPreferences {
@@ -351,41 +320,8 @@ export class AboutPreferences {
}
});
- // Special cases to like the nested prefs with another pref,
- // so we can disable it real time.
- if (id === "support-firefox") {
- function setupSupportFirefoxSubCheck(triggerPref, subPref) {
- const subCheckFullName = `browser.newtabpage.activity-stream.${triggerPref}`;
- const subCheckPref = Preferences.get(subCheckFullName);
-
- subCheckPref?.on("change", () => {
- const showSponsoredFullName = `browser.newtabpage.activity-stream.${subPref}`;
- const showSponsoredSubcheck = subChecks.find(
- subcheck =>
- subcheck.getAttribute("preference") === showSponsoredFullName
- );
- if (showSponsoredSubcheck) {
- showSponsoredSubcheck.disabled = !Services.prefs.getBoolPref(
- subCheckFullName,
- true
- );
- }
- });
- }
-
- setupSupportFirefoxSubCheck("feeds.section.topstories", "showSponsored");
- setupSupportFirefoxSubCheck("feeds.topsites", "showSponsoredTopSites");
- }
-
pref.on("change", () => {
subChecks.forEach(subcheck => {
- // Update child preferences for the "Support Firefox" checkbox group
- // so that they're turned on and off at the same time.
- if (id === "support-firefox") {
- const subPref = Preferences.get(subcheck.getAttribute("preference"));
- subPref.value = pref.value;
- }
-
// Disable any nested checkboxes if the parent pref is not enabled.
subcheck.disabled = !pref._value;
});
diff --git a/browser/locales/en-US/browser/preferences/preferences.ftl b/browser/locales/en-US/browser/preferences/preferences.ftl
index 269eca10..4c35b53f 100644
--- a/browser/locales/en-US/browser/preferences/preferences.ftl
+++ b/browser/locales/en-US/browser/preferences/preferences.ftl
@@ -749,11 +749,7 @@ home-prefs-trending-search-header =
home-prefs-trending-search-description = Popular and frequently searched topics
# "Support" here means to help sustain or contribute to something, especially through funding or sponsorship.
-home-prefs-support-firefox-header =
- .label = Support { -brand-product-name }
-
-home-prefs-mission-message = Our sponsors support our mission to build a better web
-home-prefs-mission-message-learn-more-link = Find out how
+## Removed by Abrowser customization process.
# Variables:
# $num (number) - Number of rows displayed
diff --git a/browser/themes/shared/preferences/preferences.css b/browser/themes/shared/preferences/preferences.css
index 9c8155e5..4718341f 100644
--- a/browser/themes/shared/preferences/preferences.css
+++ b/browser/themes/shared/preferences/preferences.css
@@ -1541,12 +1541,3 @@ richlistitem .text-link:hover {
.search-header:has(.section-heading) {
margin: 0;
}
-
-/* Styles for the "sponsors support our mission" message and link on the Home tab */
-.mission-message {
- margin-block-start: var(--space-large);
-
- > a {
- font-size: var(--font-size-small);
- }
-}

17
helpers/DATA/firefox/patch_changes/015-set_higher_priority_than_chromium_based_ones.patch Normal file
View file

@ -0,0 +1,17 @@
diff --git a/debian/firefox.postinst.in b/debian/firefox.postinst.in
index 4cb73f02..44e9261a 100644
--- a/debian/firefox.postinst.in
+++ b/debian/firefox.postinst.in
@@ -36,10 +36,10 @@ finish_rm_conffile() {
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-remove" ] ; then
update-alternatives --install /usr/bin/gnome-www-browser \
- gnome-www-browser /usr/bin/$MOZ_APP_NAME 40
+ gnome-www-browser /usr/bin/$MOZ_APP_NAME 240
update-alternatives --install /usr/bin/x-www-browser \
- x-www-browser /usr/bin/$MOZ_APP_NAME 40
+ x-www-browser /usr/bin/$MOZ_APP_NAME 240
fi
if [ "$1" = "configure" ] ; then

7
helpers/DATA/firefox/settings.js
View file

@ -62,7 +62,7 @@ pref("general.useragent.compatMode.abrowser",true);
pref ("browser.startup.homepage_override.mstone", "ignore");
// Preferences for the Get Add-ons panel
pref ("extensions.webservice.discoverURL", "https://gnuzilla.gnu.org/mozzarella/");
pref ("extensions.webservice.discoverURL", "https://gnuzilla.gnu.org/");
pref ("extensions.getAddons.search.url", "https://trisquel.info");
// Help URL
@ -258,6 +258,7 @@ pref("browser.newtabpage.activity-stream.discoverystream.endpoints", "");
pref("browser.newtabpage.activity-stream.feeds.snippets",false);
pref("browser.newtabpage.activity-stream.disableSnippets", true);
pref("browser.newtabpage.activity-stream.tippyTop.service.endpoint", "");
pref("browser.newtabpage.activity-stream.showSponsoredCheckboxes", false);
// Enable xrender
//pref("gfx.xrender.enabled",true);
@ -278,11 +279,11 @@ pref("extensions.htmlaboutaddons.discover.enabled", false);
pref("extensions.htmlaboutaddons.recommendations.enabled", false);
pref("extensions.getAddons.cache.enabled", false);
pref("extensions.getAddons.get.url", "");
pref("extensions.getAddons.link.url", "https://gnuzilla.gnu.org/mozzarella/");
pref("extensions.getAddons.link.url", "https://gnuzilla.gnu.org/");
pref("extensions.getAddons.langpacks.url", "");
pref("extensions.getAddons.discovery.api_url", "");
pref("extensions.recommendations.privacyPolicyUrl", "https://trisquel.info/legal");
pref("extensions.getAddons.search.browseURL", "https://gnuzilla.gnu.org/mozzarella/search.php?q=%TERMS%");
pref("extensions.getAddons.search.browseURL", "https://gnuzilla.gnu.org/search.php?q=%TERMS%");
// Disable pingback on first run
pref("browser.newtabpage.activity-stream.fxaccounts.endpoint", "");

18
helpers/DATA/grub-installer/patch_changes/000-migrate_efi_fix_install_to_patch.patch Normal file
View file

@ -0,0 +1,18 @@
diff --git a/grub-installer b/grub-installer
index 4fdbb30e..af19a59f 100755
--- a/grub-installer
+++ b/grub-installer
@@ -533,8 +533,12 @@ case "$grub_package" in
grub-efi-ia32-bin grub-efi-ia32
;;
grub-efi*)
+ export DEBIAN_PRIORITY=critical
+ export DEBIAN_FRONTEND=noninteractive
+ unset DEBIAN_HAS_FRONTEND
+ unset DEBCONF_REDIR
log-output -t grub-installer $chroot $ROOT dpkg -P \
- grub grub-legacy grub-pc-bin grub-pc
+ grub grub-legacy grub-pc-bin grub-pc grub-gfxpayload-lists
;;
esac

46
helpers/DATA/grub-installer/patch_changes/001-set_only_low_priority_question_as_ubiquity.patch Normal file
View file

@ -0,0 +1,46 @@
diff --git a/grub-installer b/grub-installer
index 3d80321f..a1793ee5 100755
--- a/grub-installer
+++ b/grub-installer
@@ -475,23 +475,24 @@ case $grub_package in
NV_PRIO=high
fi
- # Should we force a copy of grub-efi to be installed
- # to the removable media path too? Set default to true
- # if the removable media path is empty, then ask at low
- # priority, or can also be pre-seeded of course
- if ! [ -e /var/lib/grub-installer/removable_media_path_checked ]; then
- info "Checking removable media path $ROOT/boot/efi/EFI/BOOT/BOOT${EFI_SUFFIX}.EFI"
- if ! [ -f $ROOT/boot/efi/EFI/BOOT/BOOT${EFI_SUFFIX}.EFI ]; then
- info "Removable media path is empty"
- db_fget grub-installer/force-efi-extra-removable seen
- if [ "$RET" = false ]; then
- info "force-efi-extra-removable not preseeded, set it true"
- db_set grub-installer/force-efi-extra-removable true
- fi
- fi
- mkdir -p /var/lib/grub-installer
- touch /var/lib/grub-installer/removable_media_path_checked
- fi
+# Mimic ubiquity 1.128ubuntu15 behaviour and only bypass low priority question. -- Ark74
+# # Should we force a copy of grub-efi to be installed
+# # to the removable media path too? Set default to true
+# # if the removable media path is empty, then ask at low
+# # priority, or can also be pre-seeded of course
+# if ! [ -e /var/lib/grub-installer/removable_media_path_checked ]; then
+# info "Checking removable media path $ROOT/boot/efi/EFI/BOOT/BOOT${EFI_SUFFIX}.EFI"
+# if ! [ -f $ROOT/boot/efi/EFI/BOOT/BOOT${EFI_SUFFIX}.EFI ]; then
+# info "Removable media path is empty"
+# db_fget grub-installer/force-efi-extra-removable seen
+# if [ "$RET" = false ]; then
+# info "force-efi-extra-removable not preseeded, set it true"
+# db_set grub-installer/force-efi-extra-removable true
+# fi
+# fi
+# mkdir -p /var/lib/grub-installer
+# touch /var/lib/grub-installer/removable_media_path_checked
+# fi
db_input $ER_PRIO grub-installer/force-efi-extra-removable || [ $? -eq 30 ]
db_go || exit 10
db_get grub-installer/force-efi-extra-removable

1098
helpers/DATA/grub-installer/patch_changes/01_39c6708ef9c5f191cf9000f7499f0a1fe2dc9422.patch
View file

File diff suppressed because it is too large Load diff

42
helpers/DATA/grub-installer/patch_changes/02_a50782a34b4e792d62b77a5b56c9ca7fe14ece9c.patch
View file

@ -1,42 +0,0 @@
From a50782a34b4e792d62b77a5b56c9ca7fe14ece9c Mon Sep 17 00:00:00 2001
From: D-I role <debian-boot@lists.debian.org>
Date: Thu, 14 Sep 2023 20:02:51 +0000
Subject: [PATCH] [l10n] Update templates.pot (from l10n-sync run at dillon)
---
debian/po/templates.pot | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/debian/po/templates.pot b/debian/po/templates.pot
index 30e63b4e..c46bf4bd 100644
--- a/debian/po/templates.pot
+++ b/debian/po/templates.pot
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: grub-installer\n"
"Report-Msgid-Bugs-To: grub-installer@packages.debian.org\n"
-"POT-Creation-Date: 2023-04-20 20:02+0000\n"
+"POT-Creation-Date: 2023-09-14 20:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -394,14 +394,14 @@ msgstr ""
#. Description
#. :sl4:
#: ../grub-installer.templates:30001
-msgid "Failed to mount /target/proc"
+msgid "Failed to mount ${PATH}"
msgstr ""
#. Type: error
#. Description
#. :sl4:
#: ../grub-installer.templates:30001
-msgid "Mounting the proc file system on /target/proc failed."
+msgid "Mounting the ${FSTYPE} file system on ${PATH} failed."
msgstr ""
#. Type: error
--
GitLab

2659
helpers/DATA/grub-installer/patch_changes/03_1e1b1e7cd8e9284dd4067705f55c3a207e008d60.patch
View file

File diff suppressed because it is too large Load diff

253
helpers/DATA/grub2-unsigned/0001-Cryptomount-support-LUKS-detached-header.patch
View file

@ -1,253 +0,0 @@
diff --git a/0001-Cryptomount-support-LUKS-detached-header.patch b/0001-Cryptomount-support-LUKS-detached-header.patch
new file mode 100644
index 00000000000..65943f41b8c
--- /dev/null
+++ b/0001-Cryptomount-support-LUKS-detached-header.patch
@@ -0,0 +1,247 @@
+From 2008e08c0a511da5d454664363f452a9e26c734f Mon Sep 17 00:00:00 2001
+From: John Lane <john@lane.uk.net>
+Date: Tue, 23 Jun 2015 11:16:30 +0100
+Subject: [PATCH 1/7] Cryptomount support LUKS detached header
+
+---
+ grub-core/disk/cryptodisk.c | 22 ++++++++++++++++++----
+ grub-core/disk/geli.c | 7 +++++--
+ grub-core/disk/luks.c | 45 +++++++++++++++++++++++++++++++++++++--------
+ include/grub/cryptodisk.h | 5 +++--
+ 4 files changed, 63 insertions(+), 16 deletions(-)
+
+diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
+index bd60a66b3..5230a5a9a 100644
+--- a/grub-core/disk/cryptodisk.c
++++ b/grub-core/disk/cryptodisk.c
+@@ -41,6 +41,7 @@ static const struct grub_arg_option options[] =
+ /* TRANSLATORS: It's still restricted to cryptodisks only. */
+ {"all", 'a', 0, N_("Mount all."), 0, 0},
+ {"boot", 'b', 0, N_("Mount all volumes with `boot' flag set."), 0, 0},
++ {"header", 'H', 0, N_("Read LUKS header from file"), 0, ARG_TYPE_STRING},
+ {0, 0, 0, 0, 0, 0}
+ };
+
+@@ -809,6 +810,7 @@ grub_util_cryptodisk_get_uuid (grub_disk_t disk)
+
+ static int check_boot, have_it;
+ static char *search_uuid;
++static grub_file_t hdr;
+
+ static void
+ cryptodisk_close (grub_cryptodisk_t dev)
+@@ -833,13 +835,13 @@ grub_cryptodisk_scan_device_real (const char *name, grub_disk_t source)
+
+ FOR_CRYPTODISK_DEVS (cr)
+ {
+- dev = cr->scan (source, search_uuid, check_boot);
++ dev = cr->scan (source, search_uuid, check_boot, hdr);
+ if (grub_errno)
+ return grub_errno;
+ if (!dev)
+ continue;
+
+- err = cr->recover_key (source, dev);
++ err = cr->recover_key (source, dev, hdr);
+ if (err)
+ {
+ cryptodisk_close (dev);
+@@ -880,7 +882,7 @@ grub_cryptodisk_cheat_mount (const char *sourcedev, const char *cheat)
+
+ FOR_CRYPTODISK_DEVS (cr)
+ {
+- dev = cr->scan (source, search_uuid, check_boot);
++ dev = cr->scan (source, search_uuid, check_boot,0);
+ if (grub_errno)
+ return grub_errno;
+ if (!dev)
+@@ -934,6 +936,18 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
+ if (argc < 1 && !state[1].set && !state[2].set)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "device name required");
+
++ if (state[3].set) /* LUKS detached header */
++ {
++ if (state[0].set) /* Cannot use UUID lookup with detached header */
++ return GRUB_ERR_BAD_ARGUMENT;
++
++ hdr = grub_file_open (state[3].arg, GRUB_FILE_TYPE_NONE);
++ if (!hdr)
++ return grub_errno;
++ }
++ else
++ hdr = NULL;
++
+ have_it = 0;
+ if (state[0].set)
+ {
+@@ -1141,7 +1155,7 @@ GRUB_MOD_INIT (cryptodisk)
+ {
+ grub_disk_dev_register (&grub_cryptodisk_dev);
+ cmd = grub_register_extcmd ("cryptomount", grub_cmd_cryptomount, 0,
+- N_("SOURCE|-u UUID|-a|-b"),
++ N_("SOURCE|-u UUID|-a|-b|-H file"),
+ N_("Mount a crypto device."), options);
+ grub_procfs_register ("luks_script", &luks_script);
+ }
+diff --git a/grub-core/disk/geli.c b/grub-core/disk/geli.c
+index e9d23299a..f4394eb42 100644
+--- a/grub-core/disk/geli.c
++++ b/grub-core/disk/geli.c
+@@ -52,6 +52,7 @@
+ #include <grub/dl.h>
+ #include <grub/err.h>
+ #include <grub/disk.h>
++#include <grub/file.h>
+ #include <grub/crypto.h>
+ #include <grub/partition.h>
+ #include <grub/i18n.h>
+@@ -243,7 +244,8 @@ grub_util_get_geli_uuid (const char *dev)
+
+ static grub_cryptodisk_t
+ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+- int boot_only)
++ int boot_only,
++ grub_file_t hdr __attribute__ ((unused)) )
+ {
+ grub_cryptodisk_t newdev;
+ struct grub_geli_phdr header;
+@@ -398,7 +400,8 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+ }
+
+ static grub_err_t
+-recover_key (grub_disk_t source, grub_cryptodisk_t dev)
++recover_key (grub_disk_t source, grub_cryptodisk_t dev,
++ grub_file_t hdr __attribute__ ((unused)) )
+ {
+ grub_size_t keysize;
+ grub_uint8_t digest[GRUB_CRYPTO_MAX_MDLEN];
+diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
+index 86c50c612..66e64c0e0 100644
+--- a/grub-core/disk/luks.c
++++ b/grub-core/disk/luks.c
+@@ -23,6 +23,7 @@
+ #include <grub/dl.h>
+ #include <grub/err.h>
+ #include <grub/disk.h>
++#include <grub/file.h>
+ #include <grub/crypto.h>
+ #include <grub/partition.h>
+ #include <grub/i18n.h>
+@@ -66,7 +67,7 @@ gcry_err_code_t AF_merge (const gcry_md_spec_t * hash, grub_uint8_t * src,
+
+ static grub_cryptodisk_t
+ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+- int check_boot)
++ int check_boot, grub_file_t hdr)
+ {
+ grub_cryptodisk_t newdev;
+ const char *iptr;
+@@ -86,11 +87,21 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+ int benbi_log = 0;
+ grub_err_t err;
+
++ err = GRUB_ERR_NONE;
++
+ if (check_boot)
+ return NULL;
+
+ /* Read the LUKS header. */
+- err = grub_disk_read (disk, 0, 0, sizeof (header), &header);
++ if (hdr)
++ {
++ grub_file_seek (hdr, 0);
++ if (grub_file_read (hdr, &header, sizeof (header)) != sizeof (header))
++ err = GRUB_ERR_READ_ERROR;
++ }
++ else
++ err = grub_disk_read (disk, 0, 0, sizeof (header), &header);
++
+ if (err)
+ {
+ if (err == GRUB_ERR_OUT_OF_RANGE)
+@@ -304,12 +315,14 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+ grub_memcpy (newdev->uuid, uuid, sizeof (newdev->uuid));
+ newdev->modname = "luks";
+ COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (uuid));
++
+ return newdev;
+ }
+
+ static grub_err_t
+ luks_recover_key (grub_disk_t source,
+- grub_cryptodisk_t dev)
++ grub_cryptodisk_t dev,
++ grub_file_t hdr)
+ {
+ struct grub_luks_phdr header;
+ grub_size_t keysize;
+@@ -321,8 +334,19 @@ luks_recover_key (grub_disk_t source,
+ grub_err_t err;
+ grub_size_t max_stripes = 1;
+ char *tmp;
++ grub_uint32_t sector;
++
++ err = GRUB_ERR_NONE;
++
++ if (hdr)
++ {
++ grub_file_seek (hdr, 0);
++ if (grub_file_read (hdr, &header, sizeof (header)) != sizeof (header))
++ err = GRUB_ERR_READ_ERROR;
++ }
++ else
++ err = grub_disk_read (source, 0, 0, sizeof (header), &header);
+
+- err = grub_disk_read (source, 0, 0, sizeof (header), &header);
+ if (err)
+ return err;
+
+@@ -391,13 +415,18 @@ luks_recover_key (grub_disk_t source,
+ return grub_crypto_gcry_error (gcry_err);
+ }
+
++ sector = grub_be_to_cpu32 (header.keyblock[i].keyMaterialOffset);
+ length = (keysize * grub_be_to_cpu32 (header.keyblock[i].stripes));
+
+ /* Read and decrypt the key material from the disk. */
+- err = grub_disk_read (source,
+- grub_be_to_cpu32 (header.keyblock
+- [i].keyMaterialOffset), 0,
+- length, split_key);
++ if (hdr)
++ {
++ grub_file_seek (hdr, sector * 512);
++ if (grub_file_read (hdr, split_key, length) != (grub_ssize_t)length)
++ err = GRUB_ERR_READ_ERROR;
++ }
++ else
++ err = grub_disk_read (source, sector, 0, length, split_key);
+ if (err)
+ {
+ grub_free (split_key);
+diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h
+index 32f564ae0..4e6e89a93 100644
+--- a/include/grub/cryptodisk.h
++++ b/include/grub/cryptodisk.h
+@@ -20,6 +20,7 @@
+ #define GRUB_CRYPTODISK_HEADER 1
+
+ #include <grub/disk.h>
++#include <grub/file.h>
+ #include <grub/crypto.h>
+ #include <grub/list.h>
+ #ifdef GRUB_UTIL
+@@ -107,8 +108,8 @@ struct grub_cryptodisk_dev
+ struct grub_cryptodisk_dev **prev;
+
+ grub_cryptodisk_t (*scan) (grub_disk_t disk, const char *check_uuid,
+- int boot_only);
+- grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev);
++ int boot_only, grub_file_t hdr);
++ grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev, grub_file_t hdr);
+ };
+ typedef struct grub_cryptodisk_dev *grub_cryptodisk_dev_t;
+
+--
+2.16.2
+

211
helpers/DATA/grub2-unsigned/0002-Cryptomount-support-key-files.patch
View file

@ -1,211 +0,0 @@
diff --git a/0002-Cryptomount-support-key-files.patch b/0002-Cryptomount-support-key-files.patch
new file mode 100644
index 00000000000..43af5ff3cbf
--- /dev/null
+++ b/0002-Cryptomount-support-key-files.patch
@@ -0,0 +1,205 @@
+From df3aa34cc68b128c5441ee25ef092e6c2c87392e Mon Sep 17 00:00:00 2001
+From: John Lane <john@lane.uk.net>
+Date: Fri, 26 Jun 2015 13:37:10 +0100
+Subject: [PATCH 2/7] Cryptomount support key files
+
+---
+ grub-core/disk/cryptodisk.c | 46 ++++++++++++++++++++++++++++++++++++++++++++-
+ grub-core/disk/geli.c | 4 +++-
+ grub-core/disk/luks.c | 44 +++++++++++++++++++++++++++++--------------
+ include/grub/cryptodisk.h | 5 ++++-
+ 4 files changed, 82 insertions(+), 17 deletions(-)
+
+diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
+index 5230a5a9a..5261af547 100644
+--- a/grub-core/disk/cryptodisk.c
++++ b/grub-core/disk/cryptodisk.c
+@@ -42,6 +42,9 @@ static const struct grub_arg_option options[] =
+ {"all", 'a', 0, N_("Mount all."), 0, 0},
+ {"boot", 'b', 0, N_("Mount all volumes with `boot' flag set."), 0, 0},
+ {"header", 'H', 0, N_("Read LUKS header from file"), 0, ARG_TYPE_STRING},
++ {"keyfile", 'k', 0, N_("Key file"), 0, ARG_TYPE_STRING},
++ {"keyfile-offset", 'O', 0, N_("Key file offset (bytes)"), 0, ARG_TYPE_INT},
++ {"keyfile-size", 'S', 0, N_("Key file data size (bytes)"), 0, ARG_TYPE_INT},
+ {0, 0, 0, 0, 0, 0}
+ };
+
+@@ -811,6 +814,8 @@ grub_util_cryptodisk_get_uuid (grub_disk_t disk)
+ static int check_boot, have_it;
+ static char *search_uuid;
+ static grub_file_t hdr;
++static grub_uint8_t *key, keyfile_buffer[GRUB_CRYPTODISK_MAX_KEYFILE_SIZE];
++static grub_size_t keyfile_size;
+
+ static void
+ cryptodisk_close (grub_cryptodisk_t dev)
+@@ -841,7 +846,7 @@ grub_cryptodisk_scan_device_real (const char *name, grub_disk_t source)
+ if (!dev)
+ continue;
+
+- err = cr->recover_key (source, dev, hdr);
++ err = cr->recover_key (source, dev, hdr, key, keyfile_size);
+ if (err)
+ {
+ cryptodisk_close (dev);
+@@ -949,6 +954,45 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
+ hdr = NULL;
+
+ have_it = 0;
++ key = NULL;
++
++ if (state[4].set) /* Key file; fails back to passphrase entry */
++ {
++ grub_file_t keyfile;
++ int keyfile_offset;
++ grub_size_t requested_keyfile_size;
++
++ requested_keyfile_size = state[6].set ? grub_strtoul(state[6].arg, 0, 0) : 0;
++
++ if (requested_keyfile_size > GRUB_CRYPTODISK_MAX_KEYFILE_SIZE)
++ grub_printf (N_("Key file size exceeds maximum (%llu)\n"), \
++ (unsigned long long) GRUB_CRYPTODISK_MAX_KEYFILE_SIZE);
++ else
++ {
++ keyfile_offset = state[5].set ? grub_strtoul (state[5].arg, 0, 0) : 0;
++ keyfile_size = requested_keyfile_size ? requested_keyfile_size : \
++ GRUB_CRYPTODISK_MAX_KEYFILE_SIZE;
++
++ keyfile = grub_file_open (state[4].arg, GRUB_FILE_TYPE_NONE);
++ if (!keyfile)
++ grub_printf (N_("Unable to open key file %s\n"), state[4].arg);
++ else if (grub_file_seek (keyfile, keyfile_offset) == (grub_off_t)-1)
++ grub_printf (N_("Unable to seek to offset %d in key file\n"), keyfile_offset);
++ else
++ {
++ keyfile_size = grub_file_read (keyfile, keyfile_buffer, keyfile_size);
++ if (keyfile_size == (grub_size_t)-1)
++ grub_printf (N_("Error reading key file\n"));
++ else if (requested_keyfile_size && (keyfile_size != requested_keyfile_size))
++ grub_printf (N_("Cannot read %llu bytes for key file (read %llu bytes)\n"),
++ (unsigned long long) requested_keyfile_size,
++ (unsigned long long) keyfile_size);
++ else
++ key = keyfile_buffer;
++ }
++ }
++ }
++
+ if (state[0].set)
+ {
+ grub_cryptodisk_t dev;
+diff --git a/grub-core/disk/geli.c b/grub-core/disk/geli.c
+index f4394eb42..da6aa6a63 100644
+--- a/grub-core/disk/geli.c
++++ b/grub-core/disk/geli.c
+@@ -401,7 +401,9 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+
+ static grub_err_t
+ recover_key (grub_disk_t source, grub_cryptodisk_t dev,
+- grub_file_t hdr __attribute__ ((unused)) )
++ grub_file_t hdr __attribute__ ((unused)),
++ grub_uint8_t *key __attribute__ ((unused)),
++ grub_size_t keyfile_size __attribute__ ((unused)) )
+ {
+ grub_size_t keysize;
+ grub_uint8_t digest[GRUB_CRYPTO_MAX_MDLEN];
+diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
+index 66e64c0e0..588236888 100644
+--- a/grub-core/disk/luks.c
++++ b/grub-core/disk/luks.c
+@@ -322,12 +322,16 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+ static grub_err_t
+ luks_recover_key (grub_disk_t source,
+ grub_cryptodisk_t dev,
+- grub_file_t hdr)
++ grub_file_t hdr,
++ grub_uint8_t *keyfile_bytes,
++ grub_size_t keyfile_bytes_size)
+ {
+ struct grub_luks_phdr header;
+ grub_size_t keysize;
+ grub_uint8_t *split_key = NULL;
+- char passphrase[MAX_PASSPHRASE] = "";
++ char interactive_passphrase[MAX_PASSPHRASE] = "";
++ grub_uint8_t *passphrase;
++ grub_size_t passphrase_length;
+ grub_uint8_t candidate_digest[sizeof (header.mkDigest)];
+ unsigned i;
+ grub_size_t length;
+@@ -364,18 +368,30 @@ luks_recover_key (grub_disk_t source,
+ if (!split_key)
+ return grub_errno;
+
+- /* Get the passphrase from the user. */
+- tmp = NULL;
+- if (source->partition)
+- tmp = grub_partition_get_name (source->partition);
+- grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
+- source->partition ? "," : "", tmp ? : "",
+- dev->uuid);
+- grub_free (tmp);
+- if (!grub_password_get (passphrase, MAX_PASSPHRASE))
++ if (keyfile_bytes)
+ {
+- grub_free (split_key);
+- return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
++ /* Use bytestring from key file as passphrase */
++ passphrase = keyfile_bytes;
++ passphrase_length = keyfile_bytes_size;
++ }
++ else
++ {
++ /* Get the passphrase from the user. */
++ tmp = NULL;
++ if (source->partition)
++ tmp = grub_partition_get_name (source->partition);
++ grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
++ source->partition ? "," : "", tmp ? : "", dev->uuid);
++ grub_free (tmp);
++ if (!grub_password_get (interactive_passphrase, MAX_PASSPHRASE))
++ {
++ grub_free (split_key);
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
++ }
++
++ passphrase = (grub_uint8_t *)interactive_passphrase;
++ passphrase_length = grub_strlen (interactive_passphrase);
++
+ }
+
+ /* Try to recover master key from each active keyslot. */
+@@ -393,7 +409,7 @@ luks_recover_key (grub_disk_t source,
+
+ /* Calculate the PBKDF2 of the user supplied passphrase. */
+ gcry_err = grub_crypto_pbkdf2 (dev->hash, (grub_uint8_t *) passphrase,
+- grub_strlen (passphrase),
++ passphrase_length,
+ header.keyblock[i].passwordSalt,
+ sizeof (header.keyblock[i].passwordSalt),
+ grub_be_to_cpu32 (header.keyblock[i].
+diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h
+index 4e6e89a93..67f6b0b59 100644
+--- a/include/grub/cryptodisk.h
++++ b/include/grub/cryptodisk.h
+@@ -55,6 +55,8 @@ typedef enum
+ #define GRUB_CRYPTODISK_GF_BYTES (1U << GRUB_CRYPTODISK_GF_LOG_BYTES)
+ #define GRUB_CRYPTODISK_MAX_KEYLEN 128
+
++#define GRUB_CRYPTODISK_MAX_KEYFILE_SIZE 8192
++
+ struct grub_cryptodisk;
+
+ typedef gcry_err_code_t
+@@ -109,7 +111,8 @@ struct grub_cryptodisk_dev
+
+ grub_cryptodisk_t (*scan) (grub_disk_t disk, const char *check_uuid,
+ int boot_only, grub_file_t hdr);
+- grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev, grub_file_t hdr);
++ grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev,
++ grub_file_t hdr, grub_uint8_t *key, grub_size_t keyfile_size);
+ };
+ typedef struct grub_cryptodisk_dev *grub_cryptodisk_dev_t;
+
+--
+2.16.2
+

335
helpers/DATA/grub2-unsigned/0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch
View file

@ -1,335 +0,0 @@
diff --git a/0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch b/0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch
new file mode 100644
index 00000000000..19ffed89ca8
--- /dev/null
+++ b/0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch
@@ -0,0 +1,329 @@
+From d055c1e314fa37957f169e08bea9d19c4417ed21 Mon Sep 17 00:00:00 2001
+From: John Lane <john@lane.uk.net>
+Date: Fri, 26 Jun 2015 13:49:58 +0100
+Subject: [PATCH 3/7] cryptomount luks allow multiple passphrase attempts
+
+---
+ grub-core/disk/luks.c | 278 ++++++++++++++++++++++++++------------------------
+ 1 file changed, 143 insertions(+), 135 deletions(-)
+
+diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
+index 588236888..11e437edb 100644
+--- a/grub-core/disk/luks.c
++++ b/grub-core/disk/luks.c
+@@ -321,10 +321,10 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+
+ static grub_err_t
+ luks_recover_key (grub_disk_t source,
+- grub_cryptodisk_t dev,
+- grub_file_t hdr,
+- grub_uint8_t *keyfile_bytes,
+- grub_size_t keyfile_bytes_size)
++ grub_cryptodisk_t dev,
++ grub_file_t hdr,
++ grub_uint8_t *keyfile_bytes,
++ grub_size_t keyfile_bytes_size)
+ {
+ struct grub_luks_phdr header;
+ grub_size_t keysize;
+@@ -339,6 +339,7 @@ luks_recover_key (grub_disk_t source,
+ grub_size_t max_stripes = 1;
+ char *tmp;
+ grub_uint32_t sector;
++ unsigned attempts = 2;
+
+ err = GRUB_ERR_NONE;
+
+@@ -361,151 +362,158 @@ luks_recover_key (grub_disk_t source,
+
+ for (i = 0; i < ARRAY_SIZE (header.keyblock); i++)
+ if (grub_be_to_cpu32 (header.keyblock[i].active) == LUKS_KEY_ENABLED
+- && grub_be_to_cpu32 (header.keyblock[i].stripes) > max_stripes)
++ && grub_be_to_cpu32 (header.keyblock[i].stripes) > max_stripes)
+ max_stripes = grub_be_to_cpu32 (header.keyblock[i].stripes);
+
+ split_key = grub_malloc (keysize * max_stripes);
+ if (!split_key)
+ return grub_errno;
+
+- if (keyfile_bytes)
++ while (attempts)
+ {
+- /* Use bytestring from key file as passphrase */
+- passphrase = keyfile_bytes;
+- passphrase_length = keyfile_bytes_size;
+- }
+- else
+- {
+- /* Get the passphrase from the user. */
+- tmp = NULL;
+- if (source->partition)
+- tmp = grub_partition_get_name (source->partition);
+- grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
+- source->partition ? "," : "", tmp ? : "", dev->uuid);
+- grub_free (tmp);
+- if (!grub_password_get (interactive_passphrase, MAX_PASSPHRASE))
++ if (keyfile_bytes)
+ {
+- grub_free (split_key);
+- return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
+- }
+-
+- passphrase = (grub_uint8_t *)interactive_passphrase;
+- passphrase_length = grub_strlen (interactive_passphrase);
+-
+- }
+-
+- /* Try to recover master key from each active keyslot. */
+- for (i = 0; i < ARRAY_SIZE (header.keyblock); i++)
+- {
+- gcry_err_code_t gcry_err;
+- grub_uint8_t candidate_key[GRUB_CRYPTODISK_MAX_KEYLEN];
+- grub_uint8_t digest[GRUB_CRYPTODISK_MAX_KEYLEN];
+-
+- /* Check if keyslot is enabled. */
+- if (grub_be_to_cpu32 (header.keyblock[i].active) != LUKS_KEY_ENABLED)
+- continue;
+-
+- grub_dprintf ("luks", "Trying keyslot %d\n", i);
+-
+- /* Calculate the PBKDF2 of the user supplied passphrase. */
+- gcry_err = grub_crypto_pbkdf2 (dev->hash, (grub_uint8_t *) passphrase,
+- passphrase_length,
+- header.keyblock[i].passwordSalt,
+- sizeof (header.keyblock[i].passwordSalt),
+- grub_be_to_cpu32 (header.keyblock[i].
+- passwordIterations),
+- digest, keysize);
+-
+- if (gcry_err)
+- {
+- grub_free (split_key);
+- return grub_crypto_gcry_error (gcry_err);
+- }
+-
+- grub_dprintf ("luks", "PBKDF2 done\n");
+-
+- gcry_err = grub_cryptodisk_setkey (dev, digest, keysize);
+- if (gcry_err)
+- {
+- grub_free (split_key);
+- return grub_crypto_gcry_error (gcry_err);
+- }
+-
+- sector = grub_be_to_cpu32 (header.keyblock[i].keyMaterialOffset);
+- length = (keysize * grub_be_to_cpu32 (header.keyblock[i].stripes));
+-
+- /* Read and decrypt the key material from the disk. */
+- if (hdr)
+- {
+- grub_file_seek (hdr, sector * 512);
+- if (grub_file_read (hdr, split_key, length) != (grub_ssize_t)length)
+- err = GRUB_ERR_READ_ERROR;
++ /* Use bytestring from key file as passphrase */
++ passphrase = keyfile_bytes;
++ passphrase_length = keyfile_bytes_size;
++ keyfile_bytes = NULL; /* use it only once */
+ }
+ else
+- err = grub_disk_read (source, sector, 0, length, split_key);
+- if (err)
+- {
+- grub_free (split_key);
+- return err;
+- }
+-
+- gcry_err = grub_cryptodisk_decrypt (dev, split_key, length, 0);
+- if (gcry_err)
+- {
+- grub_free (split_key);
+- return grub_crypto_gcry_error (gcry_err);
+- }
+-
+- /* Merge the decrypted key material to get the candidate master key. */
+- gcry_err = AF_merge (dev->hash, split_key, candidate_key, keysize,
+- grub_be_to_cpu32 (header.keyblock[i].stripes));
+- if (gcry_err)
+- {
+- grub_free (split_key);
+- return grub_crypto_gcry_error (gcry_err);
+- }
+-
+- grub_dprintf ("luks", "candidate key recovered\n");
+-
+- /* Calculate the PBKDF2 of the candidate master key. */
+- gcry_err = grub_crypto_pbkdf2 (dev->hash, candidate_key,
+- grub_be_to_cpu32 (header.keyBytes),
+- header.mkDigestSalt,
+- sizeof (header.mkDigestSalt),
+- grub_be_to_cpu32
+- (header.mkDigestIterations),
+- candidate_digest,
+- sizeof (candidate_digest));
+- if (gcry_err)
+- {
+- grub_free (split_key);
+- return grub_crypto_gcry_error (gcry_err);
+- }
+-
+- /* Compare the calculated PBKDF2 to the digest stored
+- in the header to see if it's correct. */
+- if (grub_memcmp (candidate_digest, header.mkDigest,
+- sizeof (header.mkDigest)) != 0)
+- {
+- grub_dprintf ("luks", "bad digest\n");
+- continue;
+- }
++ {
++ /* Get the passphrase from the user. */
++ tmp = NULL;
++ if (source->partition)
++ tmp = grub_partition_get_name (source->partition);
++ grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
++ source->partition ? "," : "", tmp ? : "", dev->uuid);
++ grub_free (tmp);
++ if (!grub_password_get (interactive_passphrase, MAX_PASSPHRASE))
++ {
++ grub_free (split_key);
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
++ }
++
++ passphrase = (grub_uint8_t *)interactive_passphrase;
++ passphrase_length = grub_strlen (interactive_passphrase);
+
+- /* TRANSLATORS: It's a cryptographic key slot: one element of an array
+- where each element is either empty or holds a key. */
+- grub_printf_ (N_("Slot %d opened\n"), i);
++ }
+
+- /* Set the master key. */
+- gcry_err = grub_cryptodisk_setkey (dev, candidate_key, keysize);
+- if (gcry_err)
+- {
+- grub_free (split_key);
+- return grub_crypto_gcry_error (gcry_err);
+- }
++ /* Try to recover master key from each active keyslot. */
++ for (i = 0; i < ARRAY_SIZE (header.keyblock); i++)
++ {
++ gcry_err_code_t gcry_err;
++ grub_uint8_t candidate_key[GRUB_CRYPTODISK_MAX_KEYLEN];
++ grub_uint8_t digest[GRUB_CRYPTODISK_MAX_KEYLEN];
++
++ /* Check if keyslot is enabled. */
++ if (grub_be_to_cpu32 (header.keyblock[i].active) != LUKS_KEY_ENABLED)
++ continue;
++
++ grub_dprintf ("luks", "Trying keyslot %d\n", i);
++
++ /* Calculate the PBKDF2 of the user supplied passphrase. */
++ gcry_err = grub_crypto_pbkdf2 (dev->hash, (grub_uint8_t *) passphrase,
++ passphrase_length,
++ header.keyblock[i].passwordSalt,
++ sizeof (header.keyblock[i].passwordSalt),
++ grub_be_to_cpu32 (header.keyblock[i].
++ passwordIterations),
++ digest, keysize);
++
++ if (gcry_err)
++ {
++ grub_free (split_key);
++ return grub_crypto_gcry_error (gcry_err);
++ }
++
++ grub_dprintf ("luks", "PBKDF2 done\n");
++
++ gcry_err = grub_cryptodisk_setkey (dev, digest, keysize);
++ if (gcry_err)
++ {
++ grub_free (split_key);
++ return grub_crypto_gcry_error (gcry_err);
++ }
++
++ sector = grub_be_to_cpu32 (header.keyblock[i].keyMaterialOffset);
++ length = (keysize * grub_be_to_cpu32 (header.keyblock[i].stripes));
++
++ /* Read and decrypt the key material from the disk. */
++ if (hdr)
++ {
++ grub_file_seek (hdr, sector * 512);
++ if (grub_file_read (hdr, split_key, length) != (grub_ssize_t)length)
++ err = GRUB_ERR_READ_ERROR;
++ }
++ else
++ err = grub_disk_read (source, sector, 0, length, split_key);
++ if (err)
++ {
++ grub_free (split_key);
++ return err;
++ }
++
++ gcry_err = grub_cryptodisk_decrypt (dev, split_key, length, 0);
++ if (gcry_err)
++ {
++ grub_free (split_key);
++ return grub_crypto_gcry_error (gcry_err);
++ }
++
++ /* Merge the decrypted key material to get the candidate master key. */
++ gcry_err = AF_merge (dev->hash, split_key, candidate_key, keysize,
++ grub_be_to_cpu32 (header.keyblock[i].stripes));
++ if (gcry_err)
++ {
++ grub_free (split_key);
++ return grub_crypto_gcry_error (gcry_err);
++ }
++
++ grub_dprintf ("luks", "candidate key recovered\n");
++
++ /* Calculate the PBKDF2 of the candidate master key. */
++ gcry_err = grub_crypto_pbkdf2 (dev->hash, candidate_key,
++ grub_be_to_cpu32 (header.keyBytes),
++ header.mkDigestSalt,
++ sizeof (header.mkDigestSalt),
++ grub_be_to_cpu32
++ (header.mkDigestIterations),
++ candidate_digest,
++ sizeof (candidate_digest));
++ if (gcry_err)
++ {
++ grub_free (split_key);
++ return grub_crypto_gcry_error (gcry_err);
++ }
++
++ /* Compare the calculated PBKDF2 to the digest stored
++ in the header to see if it's correct. */
++ if (grub_memcmp (candidate_digest, header.mkDigest,
++ sizeof (header.mkDigest)) != 0)
++ {
++ grub_dprintf ("luks", "bad digest\n");
++ continue;
++ }
++
++ /* TRANSLATORS: It's a cryptographic key slot: one element of an array
++ where each element is either empty or holds a key. */
++ grub_printf_ (N_("Slot %d opened\n"), i);
++
++ /* Set the master key. */
++ gcry_err = grub_cryptodisk_setkey (dev, candidate_key, keysize);
++ if (gcry_err)
++ {
++ grub_free (split_key);
++ return grub_crypto_gcry_error (gcry_err);
++ }
+
+- grub_free (split_key);
++ grub_free (split_key);
+
+- return GRUB_ERR_NONE;
++ return GRUB_ERR_NONE;
++ }
++ grub_printf_ (N_("Failed to decrypt master key.\n"));
++ if (--attempts) grub_printf_ (N_("%u attempt%s remaining.\n"), attempts,
++ (attempts==1) ? "" : "s");
+ }
+
+ grub_free (split_key);
+--
+2.16.2
+

650
helpers/DATA/grub2-unsigned/0004-Cryptomount-support-plain-dm-crypt.patch
View file

@ -1,650 +0,0 @@
diff --git a/0004-Cryptomount-support-plain-dm-crypt.patch b/0004-Cryptomount-support-plain-dm-crypt.patch
new file mode 100644
index 00000000000..34c10d7216b
--- /dev/null
+++ b/0004-Cryptomount-support-plain-dm-crypt.patch
@@ -0,0 +1,644 @@
+From a8f9e3dcece89c179e89414abe89985c7ab1e03f Mon Sep 17 00:00:00 2001
+From: John Lane <john@lane.uk.net>
+Date: Fri, 26 Jun 2015 22:09:52 +0100
+Subject: [PATCH 4/7] Cryptomount support plain dm-crypt
+
+Patch modified to take into account a change to context
+brought about by c93d3e694713b8230fa2cf88414fabe005b56782
+
+grub-core/disk/cryptodisk.c
+142c142
+< if (disklast)
+---
+>
+---
+ grub-core/disk/cryptodisk.c | 298 +++++++++++++++++++++++++++++++++++++++++++-
+ grub-core/disk/luks.c | 195 +----------------------------
+ include/grub/cryptodisk.h | 8 ++
+ 3 files changed, 310 insertions(+), 191 deletions(-)
+
+diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
+index 5261af547..7f656f75c 100644
+--- a/grub-core/disk/cryptodisk.c
++++ b/grub-core/disk/cryptodisk.c
+@@ -45,6 +45,12 @@ static const struct grub_arg_option options[] =
+ {"keyfile", 'k', 0, N_("Key file"), 0, ARG_TYPE_STRING},
+ {"keyfile-offset", 'O', 0, N_("Key file offset (bytes)"), 0, ARG_TYPE_INT},
+ {"keyfile-size", 'S', 0, N_("Key file data size (bytes)"), 0, ARG_TYPE_INT},
++ {"plain", 'p', 0, N_("Plain (no LUKS header)"), 0, ARG_TYPE_NONE},
++ {"cipher", 'c', 0, N_("Plain mode cipher"), 0, ARG_TYPE_STRING},
++ {"digest", 'd', 0, N_("Plain mode passphrase digest (hash)"), 0, ARG_TYPE_STRING},
++ {"offset", 'o', 0, N_("Plain mode data sector offset"), 0, ARG_TYPE_INT},
++ {"size", 's', 0, N_("Size of raw device (sectors, defaults to whole device)"), 0, ARG_TYPE_INT},
++ {"key-size", 'K', 0, N_("Set key size (bits)"), 0, ARG_TYPE_INT},
+ {0, 0, 0, 0, 0, 0}
+ };
+
+@@ -933,6 +939,48 @@ grub_cryptodisk_scan_device (const char *name,
+ return have_it && search_uuid ? 1 : 0;
+ }
+
++/* Hashes a passphrase into a key and stores it with cipher. */
++static gcry_err_code_t
++set_passphrase (grub_cryptodisk_t dev, grub_size_t keysize, const char *passphrase)
++{
++ grub_uint8_t derived_hash[GRUB_CRYPTODISK_MAX_KEYLEN * 2], *dh = derived_hash;
++ char *p;
++ unsigned int round, i;
++ unsigned int len, size;
++
++ /* Need no passphrase if there's no key */
++ if (keysize == 0)
++ return GPG_ERR_INV_KEYLEN;
++
++ /* Hack to support the "none" hash */
++ if (dev->hash)
++ len = dev->hash->mdlen;
++ else
++ len = grub_strlen (passphrase);
++
++ if (keysize > GRUB_CRYPTODISK_MAX_KEYLEN || len > GRUB_CRYPTODISK_MAX_KEYLEN)
++ return GPG_ERR_INV_KEYLEN;
++
++ p = grub_malloc (grub_strlen (passphrase) + 2 + keysize / len);
++ if (!p)
++ return grub_errno;
++
++ for (round = 0, size = keysize; size; round++, dh += len, size -= len)
++ {
++ for (i = 0; i < round; i++)
++ p[i] = 'A';
++
++ grub_strcpy (p + i, passphrase);
++
++ if (len > size)
++ len = size;
++
++ grub_crypto_hash (dev->hash, dh, p, grub_strlen (p));
++ }
++
++ return grub_cryptodisk_setkey (dev, derived_hash, keysize);
++}
++
+ static grub_err_t
+ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
+ {
+@@ -1060,7 +1108,63 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
+ return GRUB_ERR_NONE;
+ }
+
+- err = grub_cryptodisk_scan_device_real (diskname, disk);
++ if (state[7].set) /* Plain mode */
++ {
++ char *cipher;
++ char *mode;
++ char *digest;
++ int offset, size, key_size;
++
++ cipher = grub_strdup (state[8].set ? state[8].arg : GRUB_CRYPTODISK_PLAIN_CIPHER);
++ digest = grub_strdup (state[9].set ? state[9].arg : GRUB_CRYPTODISK_PLAIN_DIGEST);
++ offset = state[10].set ? grub_strtoul (state[10].arg, 0, 0) : 0;
++ size = state[11].set ? grub_strtoul (state[11].arg, 0, 0) : 0;
++ key_size = ( state[12].set ? grub_strtoul (state[12].arg, 0, 0) \
++ : GRUB_CRYPTODISK_PLAIN_KEYSIZE ) / 8;
++
++ /* no strtok, do it manually */
++ mode = grub_strchr(cipher,'-');
++ if (!mode)
++ return GRUB_ERR_BAD_ARGUMENT;
++ else
++ *mode++ = 0;
++
++ dev = grub_cryptodisk_create (disk, NULL, cipher, mode, digest);
++
++ dev->offset = offset;
++ if (size) dev->total_length = size;
++
++ if (key)
++ {
++ err = grub_cryptodisk_setkey (dev, key, key_size);
++ if (err)
++ return err;
++ }
++ else
++ {
++ char passphrase[GRUB_CRYPTODISK_MAX_PASSPHRASE] = "";
++
++ grub_printf_ (N_("Enter passphrase for %s: "), diskname);
++ if (!grub_password_get (passphrase, GRUB_CRYPTODISK_MAX_PASSPHRASE))
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
++
++ err = set_passphrase (dev, key_size, passphrase);
++ if (err)
++ {
++ grub_crypto_cipher_close (dev->cipher);
++ return err;
++ }
++ }
++
++ grub_cryptodisk_insert (dev, diskname, disk);
++
++ grub_free (cipher);
++ grub_free (digest);
++
++ err = GRUB_ERR_NONE;
++ }
++ else
++ err = grub_cryptodisk_scan_device_real (diskname, disk);
+
+ grub_disk_close (disk);
+ if (disklast)
+@@ -1193,13 +1297,203 @@ struct grub_procfs_entry luks_script =
+ .get_contents = luks_script_get
+ };
+
++grub_cryptodisk_t
++grub_cryptodisk_create (grub_disk_t disk, char *uuid,
++ char *ciphername, char *ciphermode, char *hashspec)
++{
++ grub_cryptodisk_t newdev;
++ char *cipheriv = NULL;
++ grub_crypto_cipher_handle_t cipher = NULL, secondary_cipher = NULL;
++ grub_crypto_cipher_handle_t essiv_cipher = NULL;
++ const gcry_md_spec_t *hash = NULL, *essiv_hash = NULL;
++ const struct gcry_cipher_spec *ciph;
++ grub_cryptodisk_mode_t mode;
++ grub_cryptodisk_mode_iv_t mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN64;
++ int benbi_log = 0;
++
++ if (!uuid)
++ uuid = (char*)"00000000000000000000000000000000";
++
++ ciph = grub_crypto_lookup_cipher_by_name (ciphername);
++ if (!ciph)
++ {
++ grub_error (GRUB_ERR_FILE_NOT_FOUND, "Cipher %s isn't available",
++ ciphername);
++ return NULL;
++ }
++
++ /* Configure the cipher used for the bulk data. */
++ cipher = grub_crypto_cipher_open (ciph);
++ if (!cipher)
++ return NULL;
++
++ /* Configure the cipher mode. */
++ if (grub_strcmp (ciphermode, "ecb") == 0)
++ {
++ mode = GRUB_CRYPTODISK_MODE_ECB;
++ mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN;
++ cipheriv = NULL;
++ }
++ else if (grub_strcmp (ciphermode, "plain") == 0)
++ {
++ mode = GRUB_CRYPTODISK_MODE_CBC;
++ mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN;
++ cipheriv = NULL;
++ }
++ else if (grub_memcmp (ciphermode, "cbc-", sizeof ("cbc-") - 1) == 0)
++ {
++ mode = GRUB_CRYPTODISK_MODE_CBC;
++ cipheriv = ciphermode + sizeof ("cbc-") - 1;
++ }
++ else if (grub_memcmp (ciphermode, "pcbc-", sizeof ("pcbc-") - 1) == 0)
++ {
++ mode = GRUB_CRYPTODISK_MODE_PCBC;
++ cipheriv = ciphermode + sizeof ("pcbc-") - 1;
++ }
++ else if (grub_memcmp (ciphermode, "xts-", sizeof ("xts-") - 1) == 0)
++ {
++ mode = GRUB_CRYPTODISK_MODE_XTS;
++ cipheriv = ciphermode + sizeof ("xts-") - 1;
++ secondary_cipher = grub_crypto_cipher_open (ciph);
++ if (!secondary_cipher)
++ {
++ grub_crypto_cipher_close (cipher);
++ return NULL;
++ }
++ if (cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES)
++ {
++ grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported XTS block size: %d",
++ cipher->cipher->blocksize);
++ grub_crypto_cipher_close (cipher);
++ grub_crypto_cipher_close (secondary_cipher);
++ return NULL;
++ }
++ if (secondary_cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES)
++ {
++ grub_crypto_cipher_close (cipher);
++ grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported XTS block size: %d",
++ secondary_cipher->cipher->blocksize);
++ grub_crypto_cipher_close (secondary_cipher);
++ return NULL;
++ }
++ }
++ else if (grub_memcmp (ciphermode, "lrw-", sizeof ("lrw-") - 1) == 0)
++ {
++ mode = GRUB_CRYPTODISK_MODE_LRW;
++ cipheriv = ciphermode + sizeof ("lrw-") - 1;
++ if (cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES)
++ {
++ grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported LRW block size: %d",
++ cipher->cipher->blocksize);
++ grub_crypto_cipher_close (cipher);
++ return NULL;
++ }
++ }
++ else
++ {
++ grub_crypto_cipher_close (cipher);
++ grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown cipher mode: %s",
++ ciphermode);
++ return NULL;
++ }
++
++ if (cipheriv == NULL);
++ else if (grub_memcmp (cipheriv, "plain", sizeof ("plain") - 1) == 0)
++ mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN;
++ else if (grub_memcmp (cipheriv, "plain64", sizeof ("plain64") - 1) == 0)
++ mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN64;
++ else if (grub_memcmp (cipheriv, "benbi", sizeof ("benbi") - 1) == 0)
++ {
++ if (cipher->cipher->blocksize & (cipher->cipher->blocksize - 1)
++ || cipher->cipher->blocksize == 0)
++ grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported benbi blocksize: %d",
++ cipher->cipher->blocksize);
++ /* FIXME should we return an error here? */
++ for (benbi_log = 0;
++ (cipher->cipher->blocksize << benbi_log) < GRUB_DISK_SECTOR_SIZE;
++ benbi_log++);
++ mode_iv = GRUB_CRYPTODISK_MODE_IV_BENBI;
++ }
++ else if (grub_memcmp (cipheriv, "null", sizeof ("null") - 1) == 0)
++ mode_iv = GRUB_CRYPTODISK_MODE_IV_NULL;
++ else if (grub_memcmp (cipheriv, "essiv:", sizeof ("essiv:") - 1) == 0)
++ {
++ char *hash_str = cipheriv + 6;
++
++ mode_iv = GRUB_CRYPTODISK_MODE_IV_ESSIV;
++
++ /* Configure the hash and cipher used for ESSIV. */
++ essiv_hash = grub_crypto_lookup_md_by_name (hash_str);
++ if (!essiv_hash)
++ {
++ grub_crypto_cipher_close (cipher);
++ grub_crypto_cipher_close (secondary_cipher);
++ grub_error (GRUB_ERR_FILE_NOT_FOUND,
++ "Couldn't load %s hash", hash_str);
++ return NULL;
++ }
++ essiv_cipher = grub_crypto_cipher_open (ciph);
++ if (!essiv_cipher)
++ {
++ grub_crypto_cipher_close (cipher);
++ grub_crypto_cipher_close (secondary_cipher);
++ return NULL;
++ }
++ }
++ else
++ {
++ grub_crypto_cipher_close (cipher);
++ grub_crypto_cipher_close (secondary_cipher);
++ grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown IV mode: %s",
++ cipheriv);
++ return NULL;
++ }
++
++ /* Configure the passphrase hash (LUKS also uses AF splitter and HMAC). */
++ hash = grub_crypto_lookup_md_by_name (hashspec);
++ if (!hash)
++ {
++ grub_crypto_cipher_close (cipher);
++ grub_crypto_cipher_close (essiv_cipher);
++ grub_crypto_cipher_close (secondary_cipher);
++ grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s hash",
++ hashspec);
++ return NULL;
++ }
++
++ newdev = grub_zalloc (sizeof (struct grub_cryptodisk));
++ if (!newdev)
++ {
++ grub_crypto_cipher_close (cipher);
++ grub_crypto_cipher_close (essiv_cipher);
++ grub_crypto_cipher_close (secondary_cipher);
++ return NULL;
++ }
++ newdev->cipher = cipher;
++ newdev->offset = 0;
++ newdev->source_disk = NULL;
++ newdev->benbi_log = benbi_log;
++ newdev->mode = mode;
++ newdev->mode_iv = mode_iv;
++ newdev->secondary_cipher = secondary_cipher;
++ newdev->essiv_cipher = essiv_cipher;
++ newdev->essiv_hash = essiv_hash;
++ newdev->hash = hash;
++ newdev->log_sector_size = 9;
++ newdev->total_length = grub_disk_get_size (disk) - newdev->offset;
++ grub_memcpy (newdev->uuid, uuid, sizeof (newdev->uuid));
++ COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (uuid));
++
++ return newdev;
++}
++
+ static grub_extcmd_t cmd;
+
+ GRUB_MOD_INIT (cryptodisk)
+ {
+ grub_disk_dev_register (&grub_cryptodisk_dev);
+ cmd = grub_register_extcmd ("cryptomount", grub_cmd_cryptomount, 0,
+- N_("SOURCE|-u UUID|-a|-b|-H file"),
++ N_("SOURCE|-u UUID|-a|-b|-H file|-p -c cipher -d digest"),
+ N_("Mount a crypto device."), options);
+ grub_procfs_register ("luks_script", &luks_script);
+ }
+diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
+index 11e437edb..4ebe21b4e 100644
+--- a/grub-core/disk/luks.c
++++ b/grub-core/disk/luks.c
+@@ -30,8 +30,6 @@
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+-#define MAX_PASSPHRASE 256
+-
+ #define LUKS_KEY_ENABLED 0x00AC71F3
+
+ /* On disk LUKS header */
+@@ -76,15 +74,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+ char uuid[sizeof (header.uuid) + 1];
+ char ciphername[sizeof (header.cipherName) + 1];
+ char ciphermode[sizeof (header.cipherMode) + 1];
+- char *cipheriv = NULL;
+ char hashspec[sizeof (header.hashSpec) + 1];
+- grub_crypto_cipher_handle_t cipher = NULL, secondary_cipher = NULL;
+- grub_crypto_cipher_handle_t essiv_cipher = NULL;
+- const gcry_md_spec_t *hash = NULL, *essiv_hash = NULL;
+- const struct gcry_cipher_spec *ciph;
+- grub_cryptodisk_mode_t mode;
+- grub_cryptodisk_mode_iv_t mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN64;
+- int benbi_log = 0;
+ grub_err_t err;
+
+ err = GRUB_ERR_NONE;
+@@ -119,7 +109,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+ iptr++)
+ {
+ if (*iptr != '-')
+- *optr++ = *iptr;
++ *optr++ = *iptr;
+ }
+ *optr = 0;
+
+@@ -129,6 +119,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+ return NULL;
+ }
+
++
+ /* Make sure that strings are null terminated. */
+ grub_memcpy (ciphername, header.cipherName, sizeof (header.cipherName));
+ ciphername[sizeof (header.cipherName)] = 0;
+@@ -137,184 +128,10 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+ grub_memcpy (hashspec, header.hashSpec, sizeof (header.hashSpec));
+ hashspec[sizeof (header.hashSpec)] = 0;
+
+- ciph = grub_crypto_lookup_cipher_by_name (ciphername);
+- if (!ciph)
+- {
+- grub_error (GRUB_ERR_FILE_NOT_FOUND, "Cipher %s isn't available",
+- ciphername);
+- return NULL;
+- }
+-
+- /* Configure the cipher used for the bulk data. */
+- cipher = grub_crypto_cipher_open (ciph);
+- if (!cipher)
+- return NULL;
+-
+- if (grub_be_to_cpu32 (header.keyBytes) > 1024)
+- {
+- grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid keysize %d",
+- grub_be_to_cpu32 (header.keyBytes));
+- grub_crypto_cipher_close (cipher);
+- return NULL;
+- }
+-
+- /* Configure the cipher mode. */
+- if (grub_strcmp (ciphermode, "ecb") == 0)
+- {
+- mode = GRUB_CRYPTODISK_MODE_ECB;
+- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN;
+- cipheriv = NULL;
+- }
+- else if (grub_strcmp (ciphermode, "plain") == 0)
+- {
+- mode = GRUB_CRYPTODISK_MODE_CBC;
+- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN;
+- cipheriv = NULL;
+- }
+- else if (grub_memcmp (ciphermode, "cbc-", sizeof ("cbc-") - 1) == 0)
+- {
+- mode = GRUB_CRYPTODISK_MODE_CBC;
+- cipheriv = ciphermode + sizeof ("cbc-") - 1;
+- }
+- else if (grub_memcmp (ciphermode, "pcbc-", sizeof ("pcbc-") - 1) == 0)
+- {
+- mode = GRUB_CRYPTODISK_MODE_PCBC;
+- cipheriv = ciphermode + sizeof ("pcbc-") - 1;
+- }
+- else if (grub_memcmp (ciphermode, "xts-", sizeof ("xts-") - 1) == 0)
+- {
+- mode = GRUB_CRYPTODISK_MODE_XTS;
+- cipheriv = ciphermode + sizeof ("xts-") - 1;
+- secondary_cipher = grub_crypto_cipher_open (ciph);
+- if (!secondary_cipher)
+- {
+- grub_crypto_cipher_close (cipher);
+- return NULL;
+- }
+- if (cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES)
+- {
+- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported XTS block size: %d",
+- cipher->cipher->blocksize);
+- grub_crypto_cipher_close (cipher);
+- grub_crypto_cipher_close (secondary_cipher);
+- return NULL;
+- }
+- if (secondary_cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES)
+- {
+- grub_crypto_cipher_close (cipher);
+- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported XTS block size: %d",
+- secondary_cipher->cipher->blocksize);
+- grub_crypto_cipher_close (secondary_cipher);
+- return NULL;
+- }
+- }
+- else if (grub_memcmp (ciphermode, "lrw-", sizeof ("lrw-") - 1) == 0)
+- {
+- mode = GRUB_CRYPTODISK_MODE_LRW;
+- cipheriv = ciphermode + sizeof ("lrw-") - 1;
+- if (cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES)
+- {
+- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported LRW block size: %d",
+- cipher->cipher->blocksize);
+- grub_crypto_cipher_close (cipher);
+- return NULL;
+- }
+- }
+- else
+- {
+- grub_crypto_cipher_close (cipher);
+- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown cipher mode: %s",
+- ciphermode);
+- return NULL;
+- }
+-
+- if (cipheriv == NULL);
+- else if (grub_memcmp (cipheriv, "plain", sizeof ("plain") - 1) == 0)
+- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN;
+- else if (grub_memcmp (cipheriv, "plain64", sizeof ("plain64") - 1) == 0)
+- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN64;
+- else if (grub_memcmp (cipheriv, "benbi", sizeof ("benbi") - 1) == 0)
+- {
+- if (cipher->cipher->blocksize & (cipher->cipher->blocksize - 1)
+- || cipher->cipher->blocksize == 0)
+- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported benbi blocksize: %d",
+- cipher->cipher->blocksize);
+- /* FIXME should we return an error here? */
+- for (benbi_log = 0;
+- (cipher->cipher->blocksize << benbi_log) < GRUB_DISK_SECTOR_SIZE;
+- benbi_log++);
+- mode_iv = GRUB_CRYPTODISK_MODE_IV_BENBI;
+- }
+- else if (grub_memcmp (cipheriv, "null", sizeof ("null") - 1) == 0)
+- mode_iv = GRUB_CRYPTODISK_MODE_IV_NULL;
+- else if (grub_memcmp (cipheriv, "essiv:", sizeof ("essiv:") - 1) == 0)
+- {
+- char *hash_str = cipheriv + 6;
+-
+- mode_iv = GRUB_CRYPTODISK_MODE_IV_ESSIV;
+-
+- /* Configure the hash and cipher used for ESSIV. */
+- essiv_hash = grub_crypto_lookup_md_by_name (hash_str);
+- if (!essiv_hash)
+- {
+- grub_crypto_cipher_close (cipher);
+- grub_crypto_cipher_close (secondary_cipher);
+- grub_error (GRUB_ERR_FILE_NOT_FOUND,
+- "Couldn't load %s hash", hash_str);
+- return NULL;
+- }
+- essiv_cipher = grub_crypto_cipher_open (ciph);
+- if (!essiv_cipher)
+- {
+- grub_crypto_cipher_close (cipher);
+- grub_crypto_cipher_close (secondary_cipher);
+- return NULL;
+- }
+- }
+- else
+- {
+- grub_crypto_cipher_close (cipher);
+- grub_crypto_cipher_close (secondary_cipher);
+- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown IV mode: %s",
+- cipheriv);
+- return NULL;
+- }
+-
+- /* Configure the hash used for the AF splitter and HMAC. */
+- hash = grub_crypto_lookup_md_by_name (hashspec);
+- if (!hash)
+- {
+- grub_crypto_cipher_close (cipher);
+- grub_crypto_cipher_close (essiv_cipher);
+- grub_crypto_cipher_close (secondary_cipher);
+- grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s hash",
+- hashspec);
+- return NULL;
+- }
++ newdev = grub_cryptodisk_create (disk, uuid, ciphername, ciphermode, hashspec);
+
+- newdev = grub_zalloc (sizeof (struct grub_cryptodisk));
+- if (!newdev)
+- {
+- grub_crypto_cipher_close (cipher);
+- grub_crypto_cipher_close (essiv_cipher);
+- grub_crypto_cipher_close (secondary_cipher);
+- return NULL;
+- }
+- newdev->cipher = cipher;
+ newdev->offset = grub_be_to_cpu32 (header.payloadOffset);
+- newdev->source_disk = NULL;
+- newdev->benbi_log = benbi_log;
+- newdev->mode = mode;
+- newdev->mode_iv = mode_iv;
+- newdev->secondary_cipher = secondary_cipher;
+- newdev->essiv_cipher = essiv_cipher;
+- newdev->essiv_hash = essiv_hash;
+- newdev->hash = hash;
+- newdev->log_sector_size = 9;
+- newdev->total_length = grub_disk_get_size (disk) - newdev->offset;
+- grub_memcpy (newdev->uuid, uuid, sizeof (newdev->uuid));
+ newdev->modname = "luks";
+- COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (uuid));
+
+ return newdev;
+ }
+@@ -329,7 +146,7 @@ luks_recover_key (grub_disk_t source,
+ struct grub_luks_phdr header;
+ grub_size_t keysize;
+ grub_uint8_t *split_key = NULL;
+- char interactive_passphrase[MAX_PASSPHRASE] = "";
++ char interactive_passphrase[GRUB_CRYPTODISK_MAX_PASSPHRASE] = "";
+ grub_uint8_t *passphrase;
+ grub_size_t passphrase_length;
+ grub_uint8_t candidate_digest[sizeof (header.mkDigest)];
+@@ -376,7 +193,7 @@ luks_recover_key (grub_disk_t source,
+ /* Use bytestring from key file as passphrase */
+ passphrase = keyfile_bytes;
+ passphrase_length = keyfile_bytes_size;
+- keyfile_bytes = NULL; /* use it only once */
++ keyfile_bytes = NULL; /* use it only once */
+ }
+ else
+ {
+@@ -387,7 +204,7 @@ luks_recover_key (grub_disk_t source,
+ grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
+ source->partition ? "," : "", tmp ? : "", dev->uuid);
+ grub_free (tmp);
+- if (!grub_password_get (interactive_passphrase, MAX_PASSPHRASE))
++ if (!grub_password_get (interactive_passphrase, GRUB_CRYPTODISK_MAX_PASSPHRASE))
+ {
+ grub_free (split_key);
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
+diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h
+index 67f6b0b59..bb25ab730 100644
+--- a/include/grub/cryptodisk.h
++++ b/include/grub/cryptodisk.h
+@@ -54,9 +54,14 @@ typedef enum
+ #define GRUB_CRYPTODISK_GF_LOG_BYTES (GRUB_CRYPTODISK_GF_LOG_SIZE - 3)
+ #define GRUB_CRYPTODISK_GF_BYTES (1U << GRUB_CRYPTODISK_GF_LOG_BYTES)
+ #define GRUB_CRYPTODISK_MAX_KEYLEN 128
++#define GRUB_CRYPTODISK_MAX_PASSPHRASE 256
+
+ #define GRUB_CRYPTODISK_MAX_KEYFILE_SIZE 8192
+
++#define GRUB_CRYPTODISK_PLAIN_CIPHER "aes-cbc-essiv:sha256"
++#define GRUB_CRYPTODISK_PLAIN_DIGEST "ripemd160"
++#define GRUB_CRYPTODISK_PLAIN_KEYSIZE 256
++
+ struct grub_cryptodisk;
+
+ typedef gcry_err_code_t
+@@ -160,4 +165,7 @@ grub_util_get_geli_uuid (const char *dev);
+ grub_cryptodisk_t grub_cryptodisk_get_by_uuid (const char *uuid);
+ grub_cryptodisk_t grub_cryptodisk_get_by_source_disk (grub_disk_t disk);
+
++grub_cryptodisk_t grub_cryptodisk_create (grub_disk_t disk, char *uuid,
++ char *ciphername, char *ciphermode, char *digest);
++
+ #endif
+--
+2.16.2
+

128
helpers/DATA/grub2-unsigned/0005-Cryptomount-support-for-hyphens-in-UUID.patch
View file

@ -1,128 +0,0 @@
diff --git a/0005-Cryptomount-support-for-hyphens-in-UUID.patch b/0005-Cryptomount-support-for-hyphens-in-UUID.patch
new file mode 100644
index 00000000000..f6ed18a66d7
--- /dev/null
+++ b/0005-Cryptomount-support-for-hyphens-in-UUID.patch
@@ -0,0 +1,122 @@
+From 0939fef502c4b97d1facc7972a54d5dfeba4ab71 Mon Sep 17 00:00:00 2001
+From: John Lane <john@lane.uk.net>
+Date: Fri, 26 Jun 2015 22:48:03 +0100
+Subject: [PATCH 5/7] Cryptomount support for hyphens in UUID
+
+---
+ grub-core/disk/cryptodisk.c | 20 +++++++++++++++++---
+ grub-core/disk/luks.c | 26 ++++++++------------------
+ include/grub/cryptodisk.h | 2 ++
+ 3 files changed, 27 insertions(+), 21 deletions(-)
+
+diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
+index 7f656f75c..c442d3a34 100644
+--- a/grub-core/disk/cryptodisk.c
++++ b/grub-core/disk/cryptodisk.c
+@@ -114,6 +114,20 @@ gf_mul_be (grub_uint8_t *o, const grub_uint8_t *a, const grub_uint8_t *b)
+ }
+ }
+
++int
++grub_cryptodisk_uuidcmp(char *uuid_a, char *uuid_b)
++{
++ while ((*uuid_a != '\0') && (*uuid_b != '\0'))
++ {
++ while (*uuid_a == '-') uuid_a++;
++ while (*uuid_b == '-') uuid_b++;
++ if (grub_toupper(*uuid_a) != grub_toupper(*uuid_b)) break;
++ uuid_a++;
++ uuid_b++;
++ }
++ return (*uuid_a == '\0') && (*uuid_b == '\0');
++}
++
+ static gcry_err_code_t
+ grub_crypto_pcbc_decrypt (grub_crypto_cipher_handle_t cipher,
+ void *out, void *in, grub_size_t size,
+@@ -509,8 +523,8 @@ grub_cryptodisk_open (const char *name, grub_disk_t disk)
+ if (grub_memcmp (name, "cryptouuid/", sizeof ("cryptouuid/") - 1) == 0)
+ {
+ for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
+- if (grub_strcasecmp (name + sizeof ("cryptouuid/") - 1, dev->uuid) == 0)
+- break;
++ if (grub_cryptodisk_uuidcmp(name + sizeof ("cryptouuid/") - 1, dev->uuid))
++ break;
+ }
+ else
+ {
+@@ -742,7 +756,7 @@ grub_cryptodisk_get_by_uuid (const char *uuid)
+ {
+ grub_cryptodisk_t dev;
+ for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
+- if (grub_strcasecmp (dev->uuid, uuid) == 0)
++ if (grub_cryptodisk_uuidcmp(dev->uuid, uuid))
+ return dev;
+ return NULL;
+ }
+diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
+index 4ebe21b4e..80a760670 100644
+--- a/grub-core/disk/luks.c
++++ b/grub-core/disk/luks.c
+@@ -68,9 +68,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+ int check_boot, grub_file_t hdr)
+ {
+ grub_cryptodisk_t newdev;
+- const char *iptr;
+ struct grub_luks_phdr header;
+- char *optr;
+ char uuid[sizeof (header.uuid) + 1];
+ char ciphername[sizeof (header.cipherName) + 1];
+ char ciphermode[sizeof (header.cipherMode) + 1];
+@@ -104,22 +102,6 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+ || grub_be_to_cpu16 (header.version) != 1)
+ return NULL;
+
+- optr = uuid;
+- for (iptr = header.uuid; iptr < &header.uuid[ARRAY_SIZE (header.uuid)];
+- iptr++)
+- {
+- if (*iptr != '-')
+- *optr++ = *iptr;
+- }
+- *optr = 0;
+-
+- if (check_uuid && grub_strcasecmp (check_uuid, uuid) != 0)
+- {
+- grub_dprintf ("luks", "%s != %s\n", uuid, check_uuid);
+- return NULL;
+- }
+-
+-
+ /* Make sure that strings are null terminated. */
+ grub_memcpy (ciphername, header.cipherName, sizeof (header.cipherName));
+ ciphername[sizeof (header.cipherName)] = 0;
+@@ -127,6 +109,14 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+ ciphermode[sizeof (header.cipherMode)] = 0;
+ grub_memcpy (hashspec, header.hashSpec, sizeof (header.hashSpec));
+ hashspec[sizeof (header.hashSpec)] = 0;
++ grub_memcpy (uuid, header.uuid, sizeof (header.uuid));
++ uuid[sizeof (header.uuid)] = 0;
++
++ if ( check_uuid && ! grub_cryptodisk_uuidcmp(check_uuid, uuid))
++ {
++ grub_dprintf ("luks", "%s != %s\n", uuid, check_uuid);
++ return NULL;
++ }
+
+ newdev = grub_cryptodisk_create (disk, uuid, ciphername, ciphermode, hashspec);
+
+diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h
+index bb25ab730..01c02696e 100644
+--- a/include/grub/cryptodisk.h
++++ b/include/grub/cryptodisk.h
+@@ -168,4 +168,6 @@ grub_cryptodisk_t grub_cryptodisk_get_by_source_disk (grub_disk_t disk);
+ grub_cryptodisk_t grub_cryptodisk_create (grub_disk_t disk, char *uuid,
+ char *ciphername, char *ciphermode, char *digest);
+
++int
++grub_cryptodisk_uuidcmp(char *uuid_a, char *uuid_b);
+ #endif
+--
+2.16.2
+

114
helpers/DATA/grub2-unsigned/0006-Cryptomount-support-for-using-whole-device-as-keyfile.patch
View file

@ -1,114 +0,0 @@
diff --git a/0006-Cryptomount-support-for-using-whole-device-as-keyfile.patch b/0006-Cryptomount-support-for-using-whole-device-as-keyfile.patch
new file mode 100644
index 00000000000..49750f84aca
--- /dev/null
+++ b/0006-Cryptomount-support-for-using-whole-device-as-keyfile.patch
@@ -0,0 +1,108 @@
+From 908f4282cc934422923ff59836a835e63d6a7117 Mon Sep 17 00:00:00 2001
+From: Paul Gideon Dann <pdgiddie@gmail.com>
+Date: Tue, 19 Jul 2016 12:36:37 +0100
+Subject: [PATCH] Add support for using a whole device as a keyfile
+
+---
+ grub-core/disk/cryptodisk.c | 86 +++++++++++++++++++++++++++++--------
+ 1 file changed, 68 insertions(+), 18 deletions(-)
+
+diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
+index d0388c6d1..c5d8021ba 100644
+--- a/grub-core/disk/cryptodisk.c
++++ b/grub-core/disk/cryptodisk.c
+@@ -1031,26 +1031,76 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
+ else
+ {
+ keyfile_offset = state[5].set ? grub_strtoul (state[5].arg, 0, 0) : 0;
+- keyfile_size = requested_keyfile_size ? requested_keyfile_size : \
+- GRUB_CRYPTODISK_MAX_KEYFILE_SIZE;
+-
+- keyfile = grub_file_open (state[4].arg, GRUB_FILE_TYPE_NONE);
+- if (!keyfile)
+- grub_printf (N_("Unable to open key file %s\n"), state[4].arg);
+- else if (grub_file_seek (keyfile, keyfile_offset) == (grub_off_t)-1)
+- grub_printf (N_("Unable to seek to offset %d in key file\n"), keyfile_offset);
+- else
++
++ if (grub_strchr (state[4].arg, '/'))
+ {
+- keyfile_size = grub_file_read (keyfile, keyfile_buffer, keyfile_size);
+- if (keyfile_size == (grub_size_t)-1)
+- grub_printf (N_("Error reading key file\n"));
+- else if (requested_keyfile_size && (keyfile_size != requested_keyfile_size))
+- grub_printf (N_("Cannot read %llu bytes for key file (read %llu bytes)\n"),
+- (unsigned long long) requested_keyfile_size,
+- (unsigned long long) keyfile_size);
++ keyfile_size = requested_keyfile_size ? requested_keyfile_size : \
++ GRUB_CRYPTODISK_MAX_KEYFILE_SIZE;
++ keyfile = grub_file_open (state[4].arg, GRUB_FILE_TYPE_NONE);
++ if (!keyfile)
++ grub_printf (N_("Unable to open key file %s\n"), state[4].arg);
++ else if (grub_file_seek (keyfile, keyfile_offset) == (grub_off_t)-1)
++ grub_printf (N_("Unable to seek to offset %d in key file\n"), keyfile_offset);
+ else
+- key = keyfile_buffer;
+- }
++ {
++ keyfile_size = grub_file_read (keyfile, keyfile_buffer, keyfile_size);
++ if (keyfile_size == (grub_size_t)-1)
++ grub_printf (N_("Error reading key file\n"));
++ else if (requested_keyfile_size && (keyfile_size != requested_keyfile_size))
++ grub_printf (N_("Cannot read %llu bytes for key file (read %llu bytes)\n"),
++ (unsigned long long) requested_keyfile_size,
++ (unsigned long long) keyfile_size);
++ else
++ key = keyfile_buffer;
++ }
++ }
++ else
++ {
++ grub_disk_t keydisk;
++ char* keydisk_name;
++ grub_err_t err;
++ grub_uint64_t total_sectors;
++
++ keydisk_name = grub_file_get_device_name(state[4].arg);
++ keydisk = grub_disk_open (keydisk_name);
++ if (!keydisk)
++ {
++ grub_printf (N_("Unable to open disk %s\n"), keydisk_name);
++ goto cleanup_keydisk_name;
++ }
++
++ total_sectors = grub_disk_get_size (keydisk);
++ if (total_sectors == GRUB_DISK_SIZE_UNKNOWN)
++ {
++ grub_printf (N_("Unable to determine size of disk %s\n"), keydisk_name);
++ goto cleanup_keydisk;
++ }
++
++ keyfile_size = (total_sectors << GRUB_DISK_SECTOR_BITS);
++ if (requested_keyfile_size > 0 && requested_keyfile_size < keyfile_size)
++ keyfile_size = requested_keyfile_size;
++ if (keyfile_size > GRUB_CRYPTODISK_MAX_KEYFILE_SIZE)
++ {
++ grub_printf (N_("Key file size exceeds maximum (%llu)\n"), \
++ (unsigned long long) GRUB_CRYPTODISK_MAX_KEYFILE_SIZE);
++ goto cleanup_keydisk;
++ }
++
++ err = grub_disk_read (keydisk, 0, keyfile_offset, keyfile_size, keyfile_buffer);
++ if (err != GRUB_ERR_NONE)
++ {
++ grub_printf (N_("Failed to read from disk %s\n"), keydisk_name);
++ keyfile_size = 0;
++ goto cleanup_keydisk;
++ }
++
++ key = keyfile_buffer;
++
++ cleanup_keydisk:
++ grub_disk_close (keydisk);
++ cleanup_keydisk_name:
++ grub_free (keydisk_name);
++ }
+ }
+ }
+

0
helpers/DATA/grub2-unsigned/0007-prevent-duplicated-gnu-linux-with-trisquel-full-name.patch → helpers/DATA/grub2-unsigned/patch_changes/007-prevent-duplicated-gnu-linux-with-trisquel-full-name.patch
View file

253
helpers/DATA/grub2/0001-Cryptomount-support-LUKS-detached-header.patch
View file

@ -1,253 +0,0 @@
diff --git a/0001-Cryptomount-support-LUKS-detached-header.patch b/0001-Cryptomount-support-LUKS-detached-header.patch
new file mode 100644
index 00000000000..65943f41b8c
--- /dev/null
+++ b/0001-Cryptomount-support-LUKS-detached-header.patch
@@ -0,0 +1,247 @@
+From 2008e08c0a511da5d454664363f452a9e26c734f Mon Sep 17 00:00:00 2001
+From: John Lane <john@lane.uk.net>
+Date: Tue, 23 Jun 2015 11:16:30 +0100
+Subject: [PATCH 1/7] Cryptomount support LUKS detached header
+
+---
+ grub-core/disk/cryptodisk.c | 22 ++++++++++++++++++----
+ grub-core/disk/geli.c | 7 +++++--
+ grub-core/disk/luks.c | 45 +++++++++++++++++++++++++++++++++++++--------
+ include/grub/cryptodisk.h | 5 +++--
+ 4 files changed, 63 insertions(+), 16 deletions(-)
+
+diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
+index bd60a66b3..5230a5a9a 100644
+--- a/grub-core/disk/cryptodisk.c
++++ b/grub-core/disk/cryptodisk.c
+@@ -41,6 +41,7 @@ static const struct grub_arg_option options[] =
+ /* TRANSLATORS: It's still restricted to cryptodisks only. */
+ {"all", 'a', 0, N_("Mount all."), 0, 0},
+ {"boot", 'b', 0, N_("Mount all volumes with `boot' flag set."), 0, 0},
++ {"header", 'H', 0, N_("Read LUKS header from file"), 0, ARG_TYPE_STRING},
+ {0, 0, 0, 0, 0, 0}
+ };
+
+@@ -809,6 +810,7 @@ grub_util_cryptodisk_get_uuid (grub_disk_t disk)
+
+ static int check_boot, have_it;
+ static char *search_uuid;
++static grub_file_t hdr;
+
+ static void
+ cryptodisk_close (grub_cryptodisk_t dev)
+@@ -833,13 +835,13 @@ grub_cryptodisk_scan_device_real (const char *name, grub_disk_t source)
+
+ FOR_CRYPTODISK_DEVS (cr)
+ {
+- dev = cr->scan (source, search_uuid, check_boot);
++ dev = cr->scan (source, search_uuid, check_boot, hdr);
+ if (grub_errno)
+ return grub_errno;
+ if (!dev)
+ continue;
+
+- err = cr->recover_key (source, dev);
++ err = cr->recover_key (source, dev, hdr);
+ if (err)
+ {
+ cryptodisk_close (dev);
+@@ -880,7 +882,7 @@ grub_cryptodisk_cheat_mount (const char *sourcedev, const char *cheat)
+
+ FOR_CRYPTODISK_DEVS (cr)
+ {
+- dev = cr->scan (source, search_uuid, check_boot);
++ dev = cr->scan (source, search_uuid, check_boot,0);
+ if (grub_errno)
+ return grub_errno;
+ if (!dev)
+@@ -934,6 +936,18 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
+ if (argc < 1 && !state[1].set && !state[2].set)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "device name required");
+
++ if (state[3].set) /* LUKS detached header */
++ {
++ if (state[0].set) /* Cannot use UUID lookup with detached header */
++ return GRUB_ERR_BAD_ARGUMENT;
++
++ hdr = grub_file_open (state[3].arg, GRUB_FILE_TYPE_NONE);
++ if (!hdr)
++ return grub_errno;
++ }
++ else
++ hdr = NULL;
++
+ have_it = 0;
+ if (state[0].set)
+ {
+@@ -1141,7 +1155,7 @@ GRUB_MOD_INIT (cryptodisk)
+ {
+ grub_disk_dev_register (&grub_cryptodisk_dev);
+ cmd = grub_register_extcmd ("cryptomount", grub_cmd_cryptomount, 0,
+- N_("SOURCE|-u UUID|-a|-b"),
++ N_("SOURCE|-u UUID|-a|-b|-H file"),
+ N_("Mount a crypto device."), options);
+ grub_procfs_register ("luks_script", &luks_script);
+ }
+diff --git a/grub-core/disk/geli.c b/grub-core/disk/geli.c
+index e9d23299a..f4394eb42 100644
+--- a/grub-core/disk/geli.c
++++ b/grub-core/disk/geli.c
+@@ -52,6 +52,7 @@
+ #include <grub/dl.h>
+ #include <grub/err.h>
+ #include <grub/disk.h>
++#include <grub/file.h>
+ #include <grub/crypto.h>
+ #include <grub/partition.h>
+ #include <grub/i18n.h>
+@@ -243,7 +244,8 @@ grub_util_get_geli_uuid (const char *dev)
+
+ static grub_cryptodisk_t
+ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+- int boot_only)
++ int boot_only,
++ grub_file_t hdr __attribute__ ((unused)) )
+ {
+ grub_cryptodisk_t newdev;
+ struct grub_geli_phdr header;
+@@ -398,7 +400,8 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+ }
+
+ static grub_err_t
+-recover_key (grub_disk_t source, grub_cryptodisk_t dev)
++recover_key (grub_disk_t source, grub_cryptodisk_t dev,
++ grub_file_t hdr __attribute__ ((unused)) )
+ {
+ grub_size_t keysize;
+ grub_uint8_t digest[GRUB_CRYPTO_MAX_MDLEN];
+diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
+index 86c50c612..66e64c0e0 100644
+--- a/grub-core/disk/luks.c
++++ b/grub-core/disk/luks.c
+@@ -23,6 +23,7 @@
+ #include <grub/dl.h>
+ #include <grub/err.h>
+ #include <grub/disk.h>
++#include <grub/file.h>
+ #include <grub/crypto.h>
+ #include <grub/partition.h>
+ #include <grub/i18n.h>
+@@ -66,7 +67,7 @@ gcry_err_code_t AF_merge (const gcry_md_spec_t * hash, grub_uint8_t * src,
+
+ static grub_cryptodisk_t
+ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+- int check_boot)
++ int check_boot, grub_file_t hdr)
+ {
+ grub_cryptodisk_t newdev;
+ const char *iptr;
+@@ -86,11 +87,21 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+ int benbi_log = 0;
+ grub_err_t err;
+
++ err = GRUB_ERR_NONE;
++
+ if (check_boot)
+ return NULL;
+
+ /* Read the LUKS header. */
+- err = grub_disk_read (disk, 0, 0, sizeof (header), &header);
++ if (hdr)
++ {
++ grub_file_seek (hdr, 0);
++ if (grub_file_read (hdr, &header, sizeof (header)) != sizeof (header))
++ err = GRUB_ERR_READ_ERROR;
++ }
++ else
++ err = grub_disk_read (disk, 0, 0, sizeof (header), &header);
++
+ if (err)
+ {
+ if (err == GRUB_ERR_OUT_OF_RANGE)
+@@ -304,12 +315,14 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+ grub_memcpy (newdev->uuid, uuid, sizeof (newdev->uuid));
+ newdev->modname = "luks";
+ COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (uuid));
++
+ return newdev;
+ }
+
+ static grub_err_t
+ luks_recover_key (grub_disk_t source,
+- grub_cryptodisk_t dev)
++ grub_cryptodisk_t dev,
++ grub_file_t hdr)
+ {
+ struct grub_luks_phdr header;
+ grub_size_t keysize;
+@@ -321,8 +334,19 @@ luks_recover_key (grub_disk_t source,
+ grub_err_t err;
+ grub_size_t max_stripes = 1;
+ char *tmp;
++ grub_uint32_t sector;
++
++ err = GRUB_ERR_NONE;
++
++ if (hdr)
++ {
++ grub_file_seek (hdr, 0);
++ if (grub_file_read (hdr, &header, sizeof (header)) != sizeof (header))
++ err = GRUB_ERR_READ_ERROR;
++ }
++ else
++ err = grub_disk_read (source, 0, 0, sizeof (header), &header);
+
+- err = grub_disk_read (source, 0, 0, sizeof (header), &header);
+ if (err)
+ return err;
+
+@@ -391,13 +415,18 @@ luks_recover_key (grub_disk_t source,
+ return grub_crypto_gcry_error (gcry_err);
+ }
+
++ sector = grub_be_to_cpu32 (header.keyblock[i].keyMaterialOffset);
+ length = (keysize * grub_be_to_cpu32 (header.keyblock[i].stripes));
+
+ /* Read and decrypt the key material from the disk. */
+- err = grub_disk_read (source,
+- grub_be_to_cpu32 (header.keyblock
+- [i].keyMaterialOffset), 0,
+- length, split_key);
++ if (hdr)
++ {
++ grub_file_seek (hdr, sector * 512);
++ if (grub_file_read (hdr, split_key, length) != (grub_ssize_t)length)
++ err = GRUB_ERR_READ_ERROR;
++ }
++ else
++ err = grub_disk_read (source, sector, 0, length, split_key);
+ if (err)
+ {
+ grub_free (split_key);
+diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h
+index 32f564ae0..4e6e89a93 100644
+--- a/include/grub/cryptodisk.h
++++ b/include/grub/cryptodisk.h
+@@ -20,6 +20,7 @@
+ #define GRUB_CRYPTODISK_HEADER 1
+
+ #include <grub/disk.h>
++#include <grub/file.h>
+ #include <grub/crypto.h>
+ #include <grub/list.h>
+ #ifdef GRUB_UTIL
+@@ -107,8 +108,8 @@ struct grub_cryptodisk_dev
+ struct grub_cryptodisk_dev **prev;
+
+ grub_cryptodisk_t (*scan) (grub_disk_t disk, const char *check_uuid,
+- int boot_only);
+- grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev);
++ int boot_only, grub_file_t hdr);
++ grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev, grub_file_t hdr);
+ };
+ typedef struct grub_cryptodisk_dev *grub_cryptodisk_dev_t;
+
+--
+2.16.2
+

211
helpers/DATA/grub2/0002-Cryptomount-support-key-files.patch
View file

@ -1,211 +0,0 @@
diff --git a/0002-Cryptomount-support-key-files.patch b/0002-Cryptomount-support-key-files.patch
new file mode 100644
index 00000000000..43af5ff3cbf
--- /dev/null
+++ b/0002-Cryptomount-support-key-files.patch
@@ -0,0 +1,205 @@
+From df3aa34cc68b128c5441ee25ef092e6c2c87392e Mon Sep 17 00:00:00 2001
+From: John Lane <john@lane.uk.net>
+Date: Fri, 26 Jun 2015 13:37:10 +0100
+Subject: [PATCH 2/7] Cryptomount support key files
+
+---
+ grub-core/disk/cryptodisk.c | 46 ++++++++++++++++++++++++++++++++++++++++++++-
+ grub-core/disk/geli.c | 4 +++-
+ grub-core/disk/luks.c | 44 +++++++++++++++++++++++++++++--------------
+ include/grub/cryptodisk.h | 5 ++++-
+ 4 files changed, 82 insertions(+), 17 deletions(-)
+
+diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
+index 5230a5a9a..5261af547 100644
+--- a/grub-core/disk/cryptodisk.c
++++ b/grub-core/disk/cryptodisk.c
+@@ -42,6 +42,9 @@ static const struct grub_arg_option options[] =
+ {"all", 'a', 0, N_("Mount all."), 0, 0},
+ {"boot", 'b', 0, N_("Mount all volumes with `boot' flag set."), 0, 0},
+ {"header", 'H', 0, N_("Read LUKS header from file"), 0, ARG_TYPE_STRING},
++ {"keyfile", 'k', 0, N_("Key file"), 0, ARG_TYPE_STRING},
++ {"keyfile-offset", 'O', 0, N_("Key file offset (bytes)"), 0, ARG_TYPE_INT},
++ {"keyfile-size", 'S', 0, N_("Key file data size (bytes)"), 0, ARG_TYPE_INT},
+ {0, 0, 0, 0, 0, 0}
+ };
+
+@@ -811,6 +814,8 @@ grub_util_cryptodisk_get_uuid (grub_disk_t disk)
+ static int check_boot, have_it;
+ static char *search_uuid;
+ static grub_file_t hdr;
++static grub_uint8_t *key, keyfile_buffer[GRUB_CRYPTODISK_MAX_KEYFILE_SIZE];
++static grub_size_t keyfile_size;
+
+ static void
+ cryptodisk_close (grub_cryptodisk_t dev)
+@@ -841,7 +846,7 @@ grub_cryptodisk_scan_device_real (const char *name, grub_disk_t source)
+ if (!dev)
+ continue;
+
+- err = cr->recover_key (source, dev, hdr);
++ err = cr->recover_key (source, dev, hdr, key, keyfile_size);
+ if (err)
+ {
+ cryptodisk_close (dev);
+@@ -949,6 +954,45 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
+ hdr = NULL;
+
+ have_it = 0;
++ key = NULL;
++
++ if (state[4].set) /* Key file; fails back to passphrase entry */
++ {
++ grub_file_t keyfile;
++ int keyfile_offset;
++ grub_size_t requested_keyfile_size;
++
++ requested_keyfile_size = state[6].set ? grub_strtoul(state[6].arg, 0, 0) : 0;
++
++ if (requested_keyfile_size > GRUB_CRYPTODISK_MAX_KEYFILE_SIZE)
++ grub_printf (N_("Key file size exceeds maximum (%llu)\n"), \
++ (unsigned long long) GRUB_CRYPTODISK_MAX_KEYFILE_SIZE);
++ else
++ {
++ keyfile_offset = state[5].set ? grub_strtoul (state[5].arg, 0, 0) : 0;
++ keyfile_size = requested_keyfile_size ? requested_keyfile_size : \
++ GRUB_CRYPTODISK_MAX_KEYFILE_SIZE;
++
++ keyfile = grub_file_open (state[4].arg, GRUB_FILE_TYPE_NONE);
++ if (!keyfile)
++ grub_printf (N_("Unable to open key file %s\n"), state[4].arg);
++ else if (grub_file_seek (keyfile, keyfile_offset) == (grub_off_t)-1)
++ grub_printf (N_("Unable to seek to offset %d in key file\n"), keyfile_offset);
++ else
++ {
++ keyfile_size = grub_file_read (keyfile, keyfile_buffer, keyfile_size);
++ if (keyfile_size == (grub_size_t)-1)
++ grub_printf (N_("Error reading key file\n"));
++ else if (requested_keyfile_size && (keyfile_size != requested_keyfile_size))
++ grub_printf (N_("Cannot read %llu bytes for key file (read %llu bytes)\n"),
++ (unsigned long long) requested_keyfile_size,
++ (unsigned long long) keyfile_size);
++ else
++ key = keyfile_buffer;
++ }
++ }
++ }
++
+ if (state[0].set)
+ {
+ grub_cryptodisk_t dev;
+diff --git a/grub-core/disk/geli.c b/grub-core/disk/geli.c
+index f4394eb42..da6aa6a63 100644
+--- a/grub-core/disk/geli.c
++++ b/grub-core/disk/geli.c
+@@ -401,7 +401,9 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+
+ static grub_err_t
+ recover_key (grub_disk_t source, grub_cryptodisk_t dev,
+- grub_file_t hdr __attribute__ ((unused)) )
++ grub_file_t hdr __attribute__ ((unused)),
++ grub_uint8_t *key __attribute__ ((unused)),
++ grub_size_t keyfile_size __attribute__ ((unused)) )
+ {
+ grub_size_t keysize;
+ grub_uint8_t digest[GRUB_CRYPTO_MAX_MDLEN];
+diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
+index 66e64c0e0..588236888 100644
+--- a/grub-core/disk/luks.c
++++ b/grub-core/disk/luks.c
+@@ -322,12 +322,16 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+ static grub_err_t
+ luks_recover_key (grub_disk_t source,
+ grub_cryptodisk_t dev,
+- grub_file_t hdr)
++ grub_file_t hdr,
++ grub_uint8_t *keyfile_bytes,
++ grub_size_t keyfile_bytes_size)
+ {
+ struct grub_luks_phdr header;
+ grub_size_t keysize;
+ grub_uint8_t *split_key = NULL;
+- char passphrase[MAX_PASSPHRASE] = "";
++ char interactive_passphrase[MAX_PASSPHRASE] = "";
++ grub_uint8_t *passphrase;
++ grub_size_t passphrase_length;
+ grub_uint8_t candidate_digest[sizeof (header.mkDigest)];
+ unsigned i;
+ grub_size_t length;
+@@ -364,18 +368,30 @@ luks_recover_key (grub_disk_t source,
+ if (!split_key)
+ return grub_errno;
+
+- /* Get the passphrase from the user. */
+- tmp = NULL;
+- if (source->partition)
+- tmp = grub_partition_get_name (source->partition);
+- grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
+- source->partition ? "," : "", tmp ? : "",
+- dev->uuid);
+- grub_free (tmp);
+- if (!grub_password_get (passphrase, MAX_PASSPHRASE))
++ if (keyfile_bytes)
+ {
+- grub_free (split_key);
+- return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
++ /* Use bytestring from key file as passphrase */
++ passphrase = keyfile_bytes;
++ passphrase_length = keyfile_bytes_size;
++ }
++ else
++ {
++ /* Get the passphrase from the user. */
++ tmp = NULL;
++ if (source->partition)
++ tmp = grub_partition_get_name (source->partition);
++ grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
++ source->partition ? "," : "", tmp ? : "", dev->uuid);
++ grub_free (tmp);
++ if (!grub_password_get (interactive_passphrase, MAX_PASSPHRASE))
++ {
++ grub_free (split_key);
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
++ }
++
++ passphrase = (grub_uint8_t *)interactive_passphrase;
++ passphrase_length = grub_strlen (interactive_passphrase);
++
+ }
+
+ /* Try to recover master key from each active keyslot. */
+@@ -393,7 +409,7 @@ luks_recover_key (grub_disk_t source,
+
+ /* Calculate the PBKDF2 of the user supplied passphrase. */
+ gcry_err = grub_crypto_pbkdf2 (dev->hash, (grub_uint8_t *) passphrase,
+- grub_strlen (passphrase),
++ passphrase_length,
+ header.keyblock[i].passwordSalt,
+ sizeof (header.keyblock[i].passwordSalt),
+ grub_be_to_cpu32 (header.keyblock[i].
+diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h
+index 4e6e89a93..67f6b0b59 100644
+--- a/include/grub/cryptodisk.h
++++ b/include/grub/cryptodisk.h
+@@ -55,6 +55,8 @@ typedef enum
+ #define GRUB_CRYPTODISK_GF_BYTES (1U << GRUB_CRYPTODISK_GF_LOG_BYTES)
+ #define GRUB_CRYPTODISK_MAX_KEYLEN 128
+
++#define GRUB_CRYPTODISK_MAX_KEYFILE_SIZE 8192
++
+ struct grub_cryptodisk;
+
+ typedef gcry_err_code_t
+@@ -109,7 +111,8 @@ struct grub_cryptodisk_dev
+
+ grub_cryptodisk_t (*scan) (grub_disk_t disk, const char *check_uuid,
+ int boot_only, grub_file_t hdr);
+- grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev, grub_file_t hdr);
++ grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev,
++ grub_file_t hdr, grub_uint8_t *key, grub_size_t keyfile_size);
+ };
+ typedef struct grub_cryptodisk_dev *grub_cryptodisk_dev_t;
+
+--
+2.16.2
+

335
helpers/DATA/grub2/0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch
View file

@ -1,335 +0,0 @@
diff --git a/0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch b/0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch
new file mode 100644
index 00000000000..19ffed89ca8
--- /dev/null
+++ b/0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch
@@ -0,0 +1,329 @@
+From d055c1e314fa37957f169e08bea9d19c4417ed21 Mon Sep 17 00:00:00 2001
+From: John Lane <john@lane.uk.net>
+Date: Fri, 26 Jun 2015 13:49:58 +0100
+Subject: [PATCH 3/7] cryptomount luks allow multiple passphrase attempts
+
+---
+ grub-core/disk/luks.c | 278 ++++++++++++++++++++++++++------------------------
+ 1 file changed, 143 insertions(+), 135 deletions(-)
+
+diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
+index 588236888..11e437edb 100644
+--- a/grub-core/disk/luks.c
++++ b/grub-core/disk/luks.c
+@@ -321,10 +321,10 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+
+ static grub_err_t
+ luks_recover_key (grub_disk_t source,
+- grub_cryptodisk_t dev,
+- grub_file_t hdr,
+- grub_uint8_t *keyfile_bytes,
+- grub_size_t keyfile_bytes_size)
++ grub_cryptodisk_t dev,
++ grub_file_t hdr,
++ grub_uint8_t *keyfile_bytes,
++ grub_size_t keyfile_bytes_size)
+ {
+ struct grub_luks_phdr header;
+ grub_size_t keysize;
+@@ -339,6 +339,7 @@ luks_recover_key (grub_disk_t source,
+ grub_size_t max_stripes = 1;
+ char *tmp;
+ grub_uint32_t sector;
++ unsigned attempts = 2;
+
+ err = GRUB_ERR_NONE;
+
+@@ -361,151 +362,158 @@ luks_recover_key (grub_disk_t source,
+
+ for (i = 0; i < ARRAY_SIZE (header.keyblock); i++)
+ if (grub_be_to_cpu32 (header.keyblock[i].active) == LUKS_KEY_ENABLED
+- && grub_be_to_cpu32 (header.keyblock[i].stripes) > max_stripes)
++ && grub_be_to_cpu32 (header.keyblock[i].stripes) > max_stripes)
+ max_stripes = grub_be_to_cpu32 (header.keyblock[i].stripes);
+
+ split_key = grub_malloc (keysize * max_stripes);
+ if (!split_key)
+ return grub_errno;
+
+- if (keyfile_bytes)
++ while (attempts)
+ {
+- /* Use bytestring from key file as passphrase */
+- passphrase = keyfile_bytes;
+- passphrase_length = keyfile_bytes_size;
+- }
+- else
+- {
+- /* Get the passphrase from the user. */
+- tmp = NULL;
+- if (source->partition)
+- tmp = grub_partition_get_name (source->partition);
+- grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
+- source->partition ? "," : "", tmp ? : "", dev->uuid);
+- grub_free (tmp);
+- if (!grub_password_get (interactive_passphrase, MAX_PASSPHRASE))
++ if (keyfile_bytes)
+ {
+- grub_free (split_key);
+- return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
+- }
+-
+- passphrase = (grub_uint8_t *)interactive_passphrase;
+- passphrase_length = grub_strlen (interactive_passphrase);
+-
+- }
+-
+- /* Try to recover master key from each active keyslot. */
+- for (i = 0; i < ARRAY_SIZE (header.keyblock); i++)
+- {
+- gcry_err_code_t gcry_err;
+- grub_uint8_t candidate_key[GRUB_CRYPTODISK_MAX_KEYLEN];
+- grub_uint8_t digest[GRUB_CRYPTODISK_MAX_KEYLEN];
+-
+- /* Check if keyslot is enabled. */
+- if (grub_be_to_cpu32 (header.keyblock[i].active) != LUKS_KEY_ENABLED)
+- continue;
+-
+- grub_dprintf ("luks", "Trying keyslot %d\n", i);
+-
+- /* Calculate the PBKDF2 of the user supplied passphrase. */
+- gcry_err = grub_crypto_pbkdf2 (dev->hash, (grub_uint8_t *) passphrase,
+- passphrase_length,
+- header.keyblock[i].passwordSalt,
+- sizeof (header.keyblock[i].passwordSalt),
+- grub_be_to_cpu32 (header.keyblock[i].
+- passwordIterations),
+- digest, keysize);
+-
+- if (gcry_err)
+- {
+- grub_free (split_key);
+- return grub_crypto_gcry_error (gcry_err);
+- }
+-
+- grub_dprintf ("luks", "PBKDF2 done\n");
+-
+- gcry_err = grub_cryptodisk_setkey (dev, digest, keysize);
+- if (gcry_err)
+- {
+- grub_free (split_key);
+- return grub_crypto_gcry_error (gcry_err);
+- }
+-
+- sector = grub_be_to_cpu32 (header.keyblock[i].keyMaterialOffset);
+- length = (keysize * grub_be_to_cpu32 (header.keyblock[i].stripes));
+-
+- /* Read and decrypt the key material from the disk. */
+- if (hdr)
+- {
+- grub_file_seek (hdr, sector * 512);
+- if (grub_file_read (hdr, split_key, length) != (grub_ssize_t)length)
+- err = GRUB_ERR_READ_ERROR;
++ /* Use bytestring from key file as passphrase */
++ passphrase = keyfile_bytes;
++ passphrase_length = keyfile_bytes_size;
++ keyfile_bytes = NULL; /* use it only once */
+ }
+ else
+- err = grub_disk_read (source, sector, 0, length, split_key);
+- if (err)
+- {
+- grub_free (split_key);
+- return err;
+- }
+-
+- gcry_err = grub_cryptodisk_decrypt (dev, split_key, length, 0);
+- if (gcry_err)
+- {
+- grub_free (split_key);
+- return grub_crypto_gcry_error (gcry_err);
+- }
+-
+- /* Merge the decrypted key material to get the candidate master key. */
+- gcry_err = AF_merge (dev->hash, split_key, candidate_key, keysize,
+- grub_be_to_cpu32 (header.keyblock[i].stripes));
+- if (gcry_err)
+- {
+- grub_free (split_key);
+- return grub_crypto_gcry_error (gcry_err);
+- }
+-
+- grub_dprintf ("luks", "candidate key recovered\n");
+-
+- /* Calculate the PBKDF2 of the candidate master key. */
+- gcry_err = grub_crypto_pbkdf2 (dev->hash, candidate_key,
+- grub_be_to_cpu32 (header.keyBytes),
+- header.mkDigestSalt,
+- sizeof (header.mkDigestSalt),
+- grub_be_to_cpu32
+- (header.mkDigestIterations),
+- candidate_digest,
+- sizeof (candidate_digest));
+- if (gcry_err)
+- {
+- grub_free (split_key);
+- return grub_crypto_gcry_error (gcry_err);
+- }
+-
+- /* Compare the calculated PBKDF2 to the digest stored
+- in the header to see if it's correct. */
+- if (grub_memcmp (candidate_digest, header.mkDigest,
+- sizeof (header.mkDigest)) != 0)
+- {
+- grub_dprintf ("luks", "bad digest\n");
+- continue;
+- }
++ {
++ /* Get the passphrase from the user. */
++ tmp = NULL;
++ if (source->partition)
++ tmp = grub_partition_get_name (source->partition);
++ grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
++ source->partition ? "," : "", tmp ? : "", dev->uuid);
++ grub_free (tmp);
++ if (!grub_password_get (interactive_passphrase, MAX_PASSPHRASE))
++ {
++ grub_free (split_key);
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
++ }
++
++ passphrase = (grub_uint8_t *)interactive_passphrase;
++ passphrase_length = grub_strlen (interactive_passphrase);
+
+- /* TRANSLATORS: It's a cryptographic key slot: one element of an array
+- where each element is either empty or holds a key. */
+- grub_printf_ (N_("Slot %d opened\n"), i);
++ }
+
+- /* Set the master key. */
+- gcry_err = grub_cryptodisk_setkey (dev, candidate_key, keysize);
+- if (gcry_err)
+- {
+- grub_free (split_key);
+- return grub_crypto_gcry_error (gcry_err);
+- }
++ /* Try to recover master key from each active keyslot. */
++ for (i = 0; i < ARRAY_SIZE (header.keyblock); i++)
++ {
++ gcry_err_code_t gcry_err;
++ grub_uint8_t candidate_key[GRUB_CRYPTODISK_MAX_KEYLEN];
++ grub_uint8_t digest[GRUB_CRYPTODISK_MAX_KEYLEN];
++
++ /* Check if keyslot is enabled. */
++ if (grub_be_to_cpu32 (header.keyblock[i].active) != LUKS_KEY_ENABLED)
++ continue;
++
++ grub_dprintf ("luks", "Trying keyslot %d\n", i);
++
++ /* Calculate the PBKDF2 of the user supplied passphrase. */
++ gcry_err = grub_crypto_pbkdf2 (dev->hash, (grub_uint8_t *) passphrase,
++ passphrase_length,
++ header.keyblock[i].passwordSalt,
++ sizeof (header.keyblock[i].passwordSalt),
++ grub_be_to_cpu32 (header.keyblock[i].
++ passwordIterations),
++ digest, keysize);
++
++ if (gcry_err)
++ {
++ grub_free (split_key);
++ return grub_crypto_gcry_error (gcry_err);
++ }
++
++ grub_dprintf ("luks", "PBKDF2 done\n");
++
++ gcry_err = grub_cryptodisk_setkey (dev, digest, keysize);
++ if (gcry_err)
++ {
++ grub_free (split_key);
++ return grub_crypto_gcry_error (gcry_err);
++ }
++
++ sector = grub_be_to_cpu32 (header.keyblock[i].keyMaterialOffset);
++ length = (keysize * grub_be_to_cpu32 (header.keyblock[i].stripes));
++
++ /* Read and decrypt the key material from the disk. */
++ if (hdr)
++ {
++ grub_file_seek (hdr, sector * 512);
++ if (grub_file_read (hdr, split_key, length) != (grub_ssize_t)length)
++ err = GRUB_ERR_READ_ERROR;
++ }
++ else
++ err = grub_disk_read (source, sector, 0, length, split_key);
++ if (err)
++ {
++ grub_free (split_key);
++ return err;
++ }
++
++ gcry_err = grub_cryptodisk_decrypt (dev, split_key, length, 0);
++ if (gcry_err)
++ {
++ grub_free (split_key);
++ return grub_crypto_gcry_error (gcry_err);
++ }
++
++ /* Merge the decrypted key material to get the candidate master key. */
++ gcry_err = AF_merge (dev->hash, split_key, candidate_key, keysize,
++ grub_be_to_cpu32 (header.keyblock[i].stripes));
++ if (gcry_err)
++ {
++ grub_free (split_key);
++ return grub_crypto_gcry_error (gcry_err);
++ }
++
++ grub_dprintf ("luks", "candidate key recovered\n");
++
++ /* Calculate the PBKDF2 of the candidate master key. */
++ gcry_err = grub_crypto_pbkdf2 (dev->hash, candidate_key,
++ grub_be_to_cpu32 (header.keyBytes),
++ header.mkDigestSalt,
++ sizeof (header.mkDigestSalt),
++ grub_be_to_cpu32
++ (header.mkDigestIterations),
++ candidate_digest,
++ sizeof (candidate_digest));
++ if (gcry_err)
++ {
++ grub_free (split_key);
++ return grub_crypto_gcry_error (gcry_err);
++ }
++
++ /* Compare the calculated PBKDF2 to the digest stored
++ in the header to see if it's correct. */
++ if (grub_memcmp (candidate_digest, header.mkDigest,
++ sizeof (header.mkDigest)) != 0)
++ {
++ grub_dprintf ("luks", "bad digest\n");
++ continue;
++ }
++
++ /* TRANSLATORS: It's a cryptographic key slot: one element of an array
++ where each element is either empty or holds a key. */
++ grub_printf_ (N_("Slot %d opened\n"), i);
++
++ /* Set the master key. */
++ gcry_err = grub_cryptodisk_setkey (dev, candidate_key, keysize);
++ if (gcry_err)
++ {
++ grub_free (split_key);
++ return grub_crypto_gcry_error (gcry_err);
++ }
+
+- grub_free (split_key);
++ grub_free (split_key);
+
+- return GRUB_ERR_NONE;
++ return GRUB_ERR_NONE;
++ }
++ grub_printf_ (N_("Failed to decrypt master key.\n"));
++ if (--attempts) grub_printf_ (N_("%u attempt%s remaining.\n"), attempts,
++ (attempts==1) ? "" : "s");
+ }
+
+ grub_free (split_key);
+--
+2.16.2
+

650
helpers/DATA/grub2/0004-Cryptomount-support-plain-dm-crypt.patch
View file

@ -1,650 +0,0 @@
diff --git a/0004-Cryptomount-support-plain-dm-crypt.patch b/0004-Cryptomount-support-plain-dm-crypt.patch
new file mode 100644
index 00000000000..34c10d7216b
--- /dev/null
+++ b/0004-Cryptomount-support-plain-dm-crypt.patch
@@ -0,0 +1,644 @@
+From a8f9e3dcece89c179e89414abe89985c7ab1e03f Mon Sep 17 00:00:00 2001
+From: John Lane <john@lane.uk.net>
+Date: Fri, 26 Jun 2015 22:09:52 +0100
+Subject: [PATCH 4/7] Cryptomount support plain dm-crypt
+
+Patch modified to take into account a change to context
+brought about by c93d3e694713b8230fa2cf88414fabe005b56782
+
+grub-core/disk/cryptodisk.c
+142c142
+< if (disklast)
+---
+>
+---
+ grub-core/disk/cryptodisk.c | 298 +++++++++++++++++++++++++++++++++++++++++++-
+ grub-core/disk/luks.c | 195 +----------------------------
+ include/grub/cryptodisk.h | 8 ++
+ 3 files changed, 310 insertions(+), 191 deletions(-)
+
+diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
+index 5261af547..7f656f75c 100644
+--- a/grub-core/disk/cryptodisk.c
++++ b/grub-core/disk/cryptodisk.c
+@@ -45,6 +45,12 @@ static const struct grub_arg_option options[] =
+ {"keyfile", 'k', 0, N_("Key file"), 0, ARG_TYPE_STRING},
+ {"keyfile-offset", 'O', 0, N_("Key file offset (bytes)"), 0, ARG_TYPE_INT},
+ {"keyfile-size", 'S', 0, N_("Key file data size (bytes)"), 0, ARG_TYPE_INT},
++ {"plain", 'p', 0, N_("Plain (no LUKS header)"), 0, ARG_TYPE_NONE},
++ {"cipher", 'c', 0, N_("Plain mode cipher"), 0, ARG_TYPE_STRING},
++ {"digest", 'd', 0, N_("Plain mode passphrase digest (hash)"), 0, ARG_TYPE_STRING},
++ {"offset", 'o', 0, N_("Plain mode data sector offset"), 0, ARG_TYPE_INT},
++ {"size", 's', 0, N_("Size of raw device (sectors, defaults to whole device)"), 0, ARG_TYPE_INT},
++ {"key-size", 'K', 0, N_("Set key size (bits)"), 0, ARG_TYPE_INT},
+ {0, 0, 0, 0, 0, 0}
+ };
+
+@@ -933,6 +939,48 @@ grub_cryptodisk_scan_device (const char *name,
+ return have_it && search_uuid ? 1 : 0;
+ }
+
++/* Hashes a passphrase into a key and stores it with cipher. */
++static gcry_err_code_t
++set_passphrase (grub_cryptodisk_t dev, grub_size_t keysize, const char *passphrase)
++{
++ grub_uint8_t derived_hash[GRUB_CRYPTODISK_MAX_KEYLEN * 2], *dh = derived_hash;
++ char *p;
++ unsigned int round, i;
++ unsigned int len, size;
++
++ /* Need no passphrase if there's no key */
++ if (keysize == 0)
++ return GPG_ERR_INV_KEYLEN;
++
++ /* Hack to support the "none" hash */
++ if (dev->hash)
++ len = dev->hash->mdlen;
++ else
++ len = grub_strlen (passphrase);
++
++ if (keysize > GRUB_CRYPTODISK_MAX_KEYLEN || len > GRUB_CRYPTODISK_MAX_KEYLEN)
++ return GPG_ERR_INV_KEYLEN;
++
++ p = grub_malloc (grub_strlen (passphrase) + 2 + keysize / len);
++ if (!p)
++ return grub_errno;
++
++ for (round = 0, size = keysize; size; round++, dh += len, size -= len)
++ {
++ for (i = 0; i < round; i++)
++ p[i] = 'A';
++
++ grub_strcpy (p + i, passphrase);
++
++ if (len > size)
++ len = size;
++
++ grub_crypto_hash (dev->hash, dh, p, grub_strlen (p));
++ }
++
++ return grub_cryptodisk_setkey (dev, derived_hash, keysize);
++}
++
+ static grub_err_t
+ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
+ {
+@@ -1060,7 +1108,63 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
+ return GRUB_ERR_NONE;
+ }
+
+- err = grub_cryptodisk_scan_device_real (diskname, disk);
++ if (state[7].set) /* Plain mode */
++ {
++ char *cipher;
++ char *mode;
++ char *digest;
++ int offset, size, key_size;
++
++ cipher = grub_strdup (state[8].set ? state[8].arg : GRUB_CRYPTODISK_PLAIN_CIPHER);
++ digest = grub_strdup (state[9].set ? state[9].arg : GRUB_CRYPTODISK_PLAIN_DIGEST);
++ offset = state[10].set ? grub_strtoul (state[10].arg, 0, 0) : 0;
++ size = state[11].set ? grub_strtoul (state[11].arg, 0, 0) : 0;
++ key_size = ( state[12].set ? grub_strtoul (state[12].arg, 0, 0) \
++ : GRUB_CRYPTODISK_PLAIN_KEYSIZE ) / 8;
++
++ /* no strtok, do it manually */
++ mode = grub_strchr(cipher,'-');
++ if (!mode)
++ return GRUB_ERR_BAD_ARGUMENT;
++ else
++ *mode++ = 0;
++
++ dev = grub_cryptodisk_create (disk, NULL, cipher, mode, digest);
++
++ dev->offset = offset;
++ if (size) dev->total_length = size;
++
++ if (key)
++ {
++ err = grub_cryptodisk_setkey (dev, key, key_size);
++ if (err)
++ return err;
++ }
++ else
++ {
++ char passphrase[GRUB_CRYPTODISK_MAX_PASSPHRASE] = "";
++
++ grub_printf_ (N_("Enter passphrase for %s: "), diskname);
++ if (!grub_password_get (passphrase, GRUB_CRYPTODISK_MAX_PASSPHRASE))
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
++
++ err = set_passphrase (dev, key_size, passphrase);
++ if (err)
++ {
++ grub_crypto_cipher_close (dev->cipher);
++ return err;
++ }
++ }
++
++ grub_cryptodisk_insert (dev, diskname, disk);
++
++ grub_free (cipher);
++ grub_free (digest);
++
++ err = GRUB_ERR_NONE;
++ }
++ else
++ err = grub_cryptodisk_scan_device_real (diskname, disk);
+
+ grub_disk_close (disk);
+ if (disklast)
+@@ -1193,13 +1297,203 @@ struct grub_procfs_entry luks_script =
+ .get_contents = luks_script_get
+ };
+
++grub_cryptodisk_t
++grub_cryptodisk_create (grub_disk_t disk, char *uuid,
++ char *ciphername, char *ciphermode, char *hashspec)
++{
++ grub_cryptodisk_t newdev;
++ char *cipheriv = NULL;
++ grub_crypto_cipher_handle_t cipher = NULL, secondary_cipher = NULL;
++ grub_crypto_cipher_handle_t essiv_cipher = NULL;
++ const gcry_md_spec_t *hash = NULL, *essiv_hash = NULL;
++ const struct gcry_cipher_spec *ciph;
++ grub_cryptodisk_mode_t mode;
++ grub_cryptodisk_mode_iv_t mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN64;
++ int benbi_log = 0;
++
++ if (!uuid)
++ uuid = (char*)"00000000000000000000000000000000";
++
++ ciph = grub_crypto_lookup_cipher_by_name (ciphername);
++ if (!ciph)
++ {
++ grub_error (GRUB_ERR_FILE_NOT_FOUND, "Cipher %s isn't available",
++ ciphername);
++ return NULL;
++ }
++
++ /* Configure the cipher used for the bulk data. */
++ cipher = grub_crypto_cipher_open (ciph);
++ if (!cipher)
++ return NULL;
++
++ /* Configure the cipher mode. */
++ if (grub_strcmp (ciphermode, "ecb") == 0)
++ {
++ mode = GRUB_CRYPTODISK_MODE_ECB;
++ mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN;
++ cipheriv = NULL;
++ }
++ else if (grub_strcmp (ciphermode, "plain") == 0)
++ {
++ mode = GRUB_CRYPTODISK_MODE_CBC;
++ mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN;
++ cipheriv = NULL;
++ }
++ else if (grub_memcmp (ciphermode, "cbc-", sizeof ("cbc-") - 1) == 0)
++ {
++ mode = GRUB_CRYPTODISK_MODE_CBC;
++ cipheriv = ciphermode + sizeof ("cbc-") - 1;
++ }
++ else if (grub_memcmp (ciphermode, "pcbc-", sizeof ("pcbc-") - 1) == 0)
++ {
++ mode = GRUB_CRYPTODISK_MODE_PCBC;
++ cipheriv = ciphermode + sizeof ("pcbc-") - 1;
++ }
++ else if (grub_memcmp (ciphermode, "xts-", sizeof ("xts-") - 1) == 0)
++ {
++ mode = GRUB_CRYPTODISK_MODE_XTS;
++ cipheriv = ciphermode + sizeof ("xts-") - 1;
++ secondary_cipher = grub_crypto_cipher_open (ciph);
++ if (!secondary_cipher)
++ {
++ grub_crypto_cipher_close (cipher);
++ return NULL;
++ }
++ if (cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES)
++ {
++ grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported XTS block size: %d",
++ cipher->cipher->blocksize);
++ grub_crypto_cipher_close (cipher);
++ grub_crypto_cipher_close (secondary_cipher);
++ return NULL;
++ }
++ if (secondary_cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES)
++ {
++ grub_crypto_cipher_close (cipher);
++ grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported XTS block size: %d",
++ secondary_cipher->cipher->blocksize);
++ grub_crypto_cipher_close (secondary_cipher);
++ return NULL;
++ }
++ }
++ else if (grub_memcmp (ciphermode, "lrw-", sizeof ("lrw-") - 1) == 0)
++ {
++ mode = GRUB_CRYPTODISK_MODE_LRW;
++ cipheriv = ciphermode + sizeof ("lrw-") - 1;
++ if (cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES)
++ {
++ grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported LRW block size: %d",
++ cipher->cipher->blocksize);
++ grub_crypto_cipher_close (cipher);
++ return NULL;
++ }
++ }
++ else
++ {
++ grub_crypto_cipher_close (cipher);
++ grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown cipher mode: %s",
++ ciphermode);
++ return NULL;
++ }
++
++ if (cipheriv == NULL);
++ else if (grub_memcmp (cipheriv, "plain", sizeof ("plain") - 1) == 0)
++ mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN;
++ else if (grub_memcmp (cipheriv, "plain64", sizeof ("plain64") - 1) == 0)
++ mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN64;
++ else if (grub_memcmp (cipheriv, "benbi", sizeof ("benbi") - 1) == 0)
++ {
++ if (cipher->cipher->blocksize & (cipher->cipher->blocksize - 1)
++ || cipher->cipher->blocksize == 0)
++ grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported benbi blocksize: %d",
++ cipher->cipher->blocksize);
++ /* FIXME should we return an error here? */
++ for (benbi_log = 0;
++ (cipher->cipher->blocksize << benbi_log) < GRUB_DISK_SECTOR_SIZE;
++ benbi_log++);
++ mode_iv = GRUB_CRYPTODISK_MODE_IV_BENBI;
++ }
++ else if (grub_memcmp (cipheriv, "null", sizeof ("null") - 1) == 0)
++ mode_iv = GRUB_CRYPTODISK_MODE_IV_NULL;
++ else if (grub_memcmp (cipheriv, "essiv:", sizeof ("essiv:") - 1) == 0)
++ {
++ char *hash_str = cipheriv + 6;
++
++ mode_iv = GRUB_CRYPTODISK_MODE_IV_ESSIV;
++
++ /* Configure the hash and cipher used for ESSIV. */
++ essiv_hash = grub_crypto_lookup_md_by_name (hash_str);
++ if (!essiv_hash)
++ {
++ grub_crypto_cipher_close (cipher);
++ grub_crypto_cipher_close (secondary_cipher);
++ grub_error (GRUB_ERR_FILE_NOT_FOUND,
++ "Couldn't load %s hash", hash_str);
++ return NULL;
++ }
++ essiv_cipher = grub_crypto_cipher_open (ciph);
++ if (!essiv_cipher)
++ {
++ grub_crypto_cipher_close (cipher);
++ grub_crypto_cipher_close (secondary_cipher);
++ return NULL;
++ }
++ }
++ else
++ {
++ grub_crypto_cipher_close (cipher);
++ grub_crypto_cipher_close (secondary_cipher);
++ grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown IV mode: %s",
++ cipheriv);
++ return NULL;
++ }
++
++ /* Configure the passphrase hash (LUKS also uses AF splitter and HMAC). */
++ hash = grub_crypto_lookup_md_by_name (hashspec);
++ if (!hash)
++ {
++ grub_crypto_cipher_close (cipher);
++ grub_crypto_cipher_close (essiv_cipher);
++ grub_crypto_cipher_close (secondary_cipher);
++ grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s hash",
++ hashspec);
++ return NULL;
++ }
++
++ newdev = grub_zalloc (sizeof (struct grub_cryptodisk));
++ if (!newdev)
++ {
++ grub_crypto_cipher_close (cipher);
++ grub_crypto_cipher_close (essiv_cipher);
++ grub_crypto_cipher_close (secondary_cipher);
++ return NULL;
++ }
++ newdev->cipher = cipher;
++ newdev->offset = 0;
++ newdev->source_disk = NULL;
++ newdev->benbi_log = benbi_log;
++ newdev->mode = mode;
++ newdev->mode_iv = mode_iv;
++ newdev->secondary_cipher = secondary_cipher;
++ newdev->essiv_cipher = essiv_cipher;
++ newdev->essiv_hash = essiv_hash;
++ newdev->hash = hash;
++ newdev->log_sector_size = 9;
++ newdev->total_length = grub_disk_get_size (disk) - newdev->offset;
++ grub_memcpy (newdev->uuid, uuid, sizeof (newdev->uuid));
++ COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (uuid));
++
++ return newdev;
++}
++
+ static grub_extcmd_t cmd;
+
+ GRUB_MOD_INIT (cryptodisk)
+ {
+ grub_disk_dev_register (&grub_cryptodisk_dev);
+ cmd = grub_register_extcmd ("cryptomount", grub_cmd_cryptomount, 0,
+- N_("SOURCE|-u UUID|-a|-b|-H file"),
++ N_("SOURCE|-u UUID|-a|-b|-H file|-p -c cipher -d digest"),
+ N_("Mount a crypto device."), options);
+ grub_procfs_register ("luks_script", &luks_script);
+ }
+diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
+index 11e437edb..4ebe21b4e 100644
+--- a/grub-core/disk/luks.c
++++ b/grub-core/disk/luks.c
+@@ -30,8 +30,6 @@
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+-#define MAX_PASSPHRASE 256
+-
+ #define LUKS_KEY_ENABLED 0x00AC71F3
+
+ /* On disk LUKS header */
+@@ -76,15 +74,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+ char uuid[sizeof (header.uuid) + 1];
+ char ciphername[sizeof (header.cipherName) + 1];
+ char ciphermode[sizeof (header.cipherMode) + 1];
+- char *cipheriv = NULL;
+ char hashspec[sizeof (header.hashSpec) + 1];
+- grub_crypto_cipher_handle_t cipher = NULL, secondary_cipher = NULL;
+- grub_crypto_cipher_handle_t essiv_cipher = NULL;
+- const gcry_md_spec_t *hash = NULL, *essiv_hash = NULL;
+- const struct gcry_cipher_spec *ciph;
+- grub_cryptodisk_mode_t mode;
+- grub_cryptodisk_mode_iv_t mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN64;
+- int benbi_log = 0;
+ grub_err_t err;
+
+ err = GRUB_ERR_NONE;
+@@ -119,7 +109,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+ iptr++)
+ {
+ if (*iptr != '-')
+- *optr++ = *iptr;
++ *optr++ = *iptr;
+ }
+ *optr = 0;
+
+@@ -129,6 +119,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+ return NULL;
+ }
+
++
+ /* Make sure that strings are null terminated. */
+ grub_memcpy (ciphername, header.cipherName, sizeof (header.cipherName));
+ ciphername[sizeof (header.cipherName)] = 0;
+@@ -137,184 +128,10 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+ grub_memcpy (hashspec, header.hashSpec, sizeof (header.hashSpec));
+ hashspec[sizeof (header.hashSpec)] = 0;
+
+- ciph = grub_crypto_lookup_cipher_by_name (ciphername);
+- if (!ciph)
+- {
+- grub_error (GRUB_ERR_FILE_NOT_FOUND, "Cipher %s isn't available",
+- ciphername);
+- return NULL;
+- }
+-
+- /* Configure the cipher used for the bulk data. */
+- cipher = grub_crypto_cipher_open (ciph);
+- if (!cipher)
+- return NULL;
+-
+- if (grub_be_to_cpu32 (header.keyBytes) > 1024)
+- {
+- grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid keysize %d",
+- grub_be_to_cpu32 (header.keyBytes));
+- grub_crypto_cipher_close (cipher);
+- return NULL;
+- }
+-
+- /* Configure the cipher mode. */
+- if (grub_strcmp (ciphermode, "ecb") == 0)
+- {
+- mode = GRUB_CRYPTODISK_MODE_ECB;
+- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN;
+- cipheriv = NULL;
+- }
+- else if (grub_strcmp (ciphermode, "plain") == 0)
+- {
+- mode = GRUB_CRYPTODISK_MODE_CBC;
+- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN;
+- cipheriv = NULL;
+- }
+- else if (grub_memcmp (ciphermode, "cbc-", sizeof ("cbc-") - 1) == 0)
+- {
+- mode = GRUB_CRYPTODISK_MODE_CBC;
+- cipheriv = ciphermode + sizeof ("cbc-") - 1;
+- }
+- else if (grub_memcmp (ciphermode, "pcbc-", sizeof ("pcbc-") - 1) == 0)
+- {
+- mode = GRUB_CRYPTODISK_MODE_PCBC;
+- cipheriv = ciphermode + sizeof ("pcbc-") - 1;
+- }
+- else if (grub_memcmp (ciphermode, "xts-", sizeof ("xts-") - 1) == 0)
+- {
+- mode = GRUB_CRYPTODISK_MODE_XTS;
+- cipheriv = ciphermode + sizeof ("xts-") - 1;
+- secondary_cipher = grub_crypto_cipher_open (ciph);
+- if (!secondary_cipher)
+- {
+- grub_crypto_cipher_close (cipher);
+- return NULL;
+- }
+- if (cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES)
+- {
+- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported XTS block size: %d",
+- cipher->cipher->blocksize);
+- grub_crypto_cipher_close (cipher);
+- grub_crypto_cipher_close (secondary_cipher);
+- return NULL;
+- }
+- if (secondary_cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES)
+- {
+- grub_crypto_cipher_close (cipher);
+- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported XTS block size: %d",
+- secondary_cipher->cipher->blocksize);
+- grub_crypto_cipher_close (secondary_cipher);
+- return NULL;
+- }
+- }
+- else if (grub_memcmp (ciphermode, "lrw-", sizeof ("lrw-") - 1) == 0)
+- {
+- mode = GRUB_CRYPTODISK_MODE_LRW;
+- cipheriv = ciphermode + sizeof ("lrw-") - 1;
+- if (cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES)
+- {
+- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported LRW block size: %d",
+- cipher->cipher->blocksize);
+- grub_crypto_cipher_close (cipher);
+- return NULL;
+- }
+- }
+- else
+- {
+- grub_crypto_cipher_close (cipher);
+- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown cipher mode: %s",
+- ciphermode);
+- return NULL;
+- }
+-
+- if (cipheriv == NULL);
+- else if (grub_memcmp (cipheriv, "plain", sizeof ("plain") - 1) == 0)
+- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN;
+- else if (grub_memcmp (cipheriv, "plain64", sizeof ("plain64") - 1) == 0)
+- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN64;
+- else if (grub_memcmp (cipheriv, "benbi", sizeof ("benbi") - 1) == 0)
+- {
+- if (cipher->cipher->blocksize & (cipher->cipher->blocksize - 1)
+- || cipher->cipher->blocksize == 0)
+- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported benbi blocksize: %d",
+- cipher->cipher->blocksize);
+- /* FIXME should we return an error here? */
+- for (benbi_log = 0;
+- (cipher->cipher->blocksize << benbi_log) < GRUB_DISK_SECTOR_SIZE;
+- benbi_log++);
+- mode_iv = GRUB_CRYPTODISK_MODE_IV_BENBI;
+- }
+- else if (grub_memcmp (cipheriv, "null", sizeof ("null") - 1) == 0)
+- mode_iv = GRUB_CRYPTODISK_MODE_IV_NULL;
+- else if (grub_memcmp (cipheriv, "essiv:", sizeof ("essiv:") - 1) == 0)
+- {
+- char *hash_str = cipheriv + 6;
+-
+- mode_iv = GRUB_CRYPTODISK_MODE_IV_ESSIV;
+-
+- /* Configure the hash and cipher used for ESSIV. */
+- essiv_hash = grub_crypto_lookup_md_by_name (hash_str);
+- if (!essiv_hash)
+- {
+- grub_crypto_cipher_close (cipher);
+- grub_crypto_cipher_close (secondary_cipher);
+- grub_error (GRUB_ERR_FILE_NOT_FOUND,
+- "Couldn't load %s hash", hash_str);
+- return NULL;
+- }
+- essiv_cipher = grub_crypto_cipher_open (ciph);
+- if (!essiv_cipher)
+- {
+- grub_crypto_cipher_close (cipher);
+- grub_crypto_cipher_close (secondary_cipher);
+- return NULL;
+- }
+- }
+- else
+- {
+- grub_crypto_cipher_close (cipher);
+- grub_crypto_cipher_close (secondary_cipher);
+- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown IV mode: %s",
+- cipheriv);
+- return NULL;
+- }
+-
+- /* Configure the hash used for the AF splitter and HMAC. */
+- hash = grub_crypto_lookup_md_by_name (hashspec);
+- if (!hash)
+- {
+- grub_crypto_cipher_close (cipher);
+- grub_crypto_cipher_close (essiv_cipher);
+- grub_crypto_cipher_close (secondary_cipher);
+- grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s hash",
+- hashspec);
+- return NULL;
+- }
++ newdev = grub_cryptodisk_create (disk, uuid, ciphername, ciphermode, hashspec);
+
+- newdev = grub_zalloc (sizeof (struct grub_cryptodisk));
+- if (!newdev)
+- {
+- grub_crypto_cipher_close (cipher);
+- grub_crypto_cipher_close (essiv_cipher);
+- grub_crypto_cipher_close (secondary_cipher);
+- return NULL;
+- }
+- newdev->cipher = cipher;
+ newdev->offset = grub_be_to_cpu32 (header.payloadOffset);
+- newdev->source_disk = NULL;
+- newdev->benbi_log = benbi_log;
+- newdev->mode = mode;
+- newdev->mode_iv = mode_iv;
+- newdev->secondary_cipher = secondary_cipher;
+- newdev->essiv_cipher = essiv_cipher;
+- newdev->essiv_hash = essiv_hash;
+- newdev->hash = hash;
+- newdev->log_sector_size = 9;
+- newdev->total_length = grub_disk_get_size (disk) - newdev->offset;
+- grub_memcpy (newdev->uuid, uuid, sizeof (newdev->uuid));
+ newdev->modname = "luks";
+- COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (uuid));
+
+ return newdev;
+ }
+@@ -329,7 +146,7 @@ luks_recover_key (grub_disk_t source,
+ struct grub_luks_phdr header;
+ grub_size_t keysize;
+ grub_uint8_t *split_key = NULL;
+- char interactive_passphrase[MAX_PASSPHRASE] = "";
++ char interactive_passphrase[GRUB_CRYPTODISK_MAX_PASSPHRASE] = "";
+ grub_uint8_t *passphrase;
+ grub_size_t passphrase_length;
+ grub_uint8_t candidate_digest[sizeof (header.mkDigest)];
+@@ -376,7 +193,7 @@ luks_recover_key (grub_disk_t source,
+ /* Use bytestring from key file as passphrase */
+ passphrase = keyfile_bytes;
+ passphrase_length = keyfile_bytes_size;
+- keyfile_bytes = NULL; /* use it only once */
++ keyfile_bytes = NULL; /* use it only once */
+ }
+ else
+ {
+@@ -387,7 +204,7 @@ luks_recover_key (grub_disk_t source,
+ grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
+ source->partition ? "," : "", tmp ? : "", dev->uuid);
+ grub_free (tmp);
+- if (!grub_password_get (interactive_passphrase, MAX_PASSPHRASE))
++ if (!grub_password_get (interactive_passphrase, GRUB_CRYPTODISK_MAX_PASSPHRASE))
+ {
+ grub_free (split_key);
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
+diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h
+index 67f6b0b59..bb25ab730 100644
+--- a/include/grub/cryptodisk.h
++++ b/include/grub/cryptodisk.h
+@@ -54,9 +54,14 @@ typedef enum
+ #define GRUB_CRYPTODISK_GF_LOG_BYTES (GRUB_CRYPTODISK_GF_LOG_SIZE - 3)
+ #define GRUB_CRYPTODISK_GF_BYTES (1U << GRUB_CRYPTODISK_GF_LOG_BYTES)
+ #define GRUB_CRYPTODISK_MAX_KEYLEN 128
++#define GRUB_CRYPTODISK_MAX_PASSPHRASE 256
+
+ #define GRUB_CRYPTODISK_MAX_KEYFILE_SIZE 8192
+
++#define GRUB_CRYPTODISK_PLAIN_CIPHER "aes-cbc-essiv:sha256"
++#define GRUB_CRYPTODISK_PLAIN_DIGEST "ripemd160"
++#define GRUB_CRYPTODISK_PLAIN_KEYSIZE 256
++
+ struct grub_cryptodisk;
+
+ typedef gcry_err_code_t
+@@ -160,4 +165,7 @@ grub_util_get_geli_uuid (const char *dev);
+ grub_cryptodisk_t grub_cryptodisk_get_by_uuid (const char *uuid);
+ grub_cryptodisk_t grub_cryptodisk_get_by_source_disk (grub_disk_t disk);
+
++grub_cryptodisk_t grub_cryptodisk_create (grub_disk_t disk, char *uuid,
++ char *ciphername, char *ciphermode, char *digest);
++
+ #endif
+--
+2.16.2
+

128
helpers/DATA/grub2/0005-Cryptomount-support-for-hyphens-in-UUID.patch
View file

@ -1,128 +0,0 @@
diff --git a/0005-Cryptomount-support-for-hyphens-in-UUID.patch b/0005-Cryptomount-support-for-hyphens-in-UUID.patch
new file mode 100644
index 00000000000..f6ed18a66d7
--- /dev/null
+++ b/0005-Cryptomount-support-for-hyphens-in-UUID.patch
@@ -0,0 +1,122 @@
+From 0939fef502c4b97d1facc7972a54d5dfeba4ab71 Mon Sep 17 00:00:00 2001
+From: John Lane <john@lane.uk.net>
+Date: Fri, 26 Jun 2015 22:48:03 +0100
+Subject: [PATCH 5/7] Cryptomount support for hyphens in UUID
+
+---
+ grub-core/disk/cryptodisk.c | 20 +++++++++++++++++---
+ grub-core/disk/luks.c | 26 ++++++++------------------
+ include/grub/cryptodisk.h | 2 ++
+ 3 files changed, 27 insertions(+), 21 deletions(-)
+
+diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
+index 7f656f75c..c442d3a34 100644
+--- a/grub-core/disk/cryptodisk.c
++++ b/grub-core/disk/cryptodisk.c
+@@ -114,6 +114,20 @@ gf_mul_be (grub_uint8_t *o, const grub_uint8_t *a, const grub_uint8_t *b)
+ }
+ }
+
++int
++grub_cryptodisk_uuidcmp(char *uuid_a, char *uuid_b)
++{
++ while ((*uuid_a != '\0') && (*uuid_b != '\0'))
++ {
++ while (*uuid_a == '-') uuid_a++;
++ while (*uuid_b == '-') uuid_b++;
++ if (grub_toupper(*uuid_a) != grub_toupper(*uuid_b)) break;
++ uuid_a++;
++ uuid_b++;
++ }
++ return (*uuid_a == '\0') && (*uuid_b == '\0');
++}
++
+ static gcry_err_code_t
+ grub_crypto_pcbc_decrypt (grub_crypto_cipher_handle_t cipher,
+ void *out, void *in, grub_size_t size,
+@@ -509,8 +523,8 @@ grub_cryptodisk_open (const char *name, grub_disk_t disk)
+ if (grub_memcmp (name, "cryptouuid/", sizeof ("cryptouuid/") - 1) == 0)
+ {
+ for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
+- if (grub_strcasecmp (name + sizeof ("cryptouuid/") - 1, dev->uuid) == 0)
+- break;
++ if (grub_cryptodisk_uuidcmp(name + sizeof ("cryptouuid/") - 1, dev->uuid))
++ break;
+ }
+ else
+ {
+@@ -742,7 +756,7 @@ grub_cryptodisk_get_by_uuid (const char *uuid)
+ {
+ grub_cryptodisk_t dev;
+ for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
+- if (grub_strcasecmp (dev->uuid, uuid) == 0)
++ if (grub_cryptodisk_uuidcmp(dev->uuid, uuid))
+ return dev;
+ return NULL;
+ }
+diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
+index 4ebe21b4e..80a760670 100644
+--- a/grub-core/disk/luks.c
++++ b/grub-core/disk/luks.c
+@@ -68,9 +68,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+ int check_boot, grub_file_t hdr)
+ {
+ grub_cryptodisk_t newdev;
+- const char *iptr;
+ struct grub_luks_phdr header;
+- char *optr;
+ char uuid[sizeof (header.uuid) + 1];
+ char ciphername[sizeof (header.cipherName) + 1];
+ char ciphermode[sizeof (header.cipherMode) + 1];
+@@ -104,22 +102,6 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+ || grub_be_to_cpu16 (header.version) != 1)
+ return NULL;
+
+- optr = uuid;
+- for (iptr = header.uuid; iptr < &header.uuid[ARRAY_SIZE (header.uuid)];
+- iptr++)
+- {
+- if (*iptr != '-')
+- *optr++ = *iptr;
+- }
+- *optr = 0;
+-
+- if (check_uuid && grub_strcasecmp (check_uuid, uuid) != 0)
+- {
+- grub_dprintf ("luks", "%s != %s\n", uuid, check_uuid);
+- return NULL;
+- }
+-
+-
+ /* Make sure that strings are null terminated. */
+ grub_memcpy (ciphername, header.cipherName, sizeof (header.cipherName));
+ ciphername[sizeof (header.cipherName)] = 0;
+@@ -127,6 +109,14 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
+ ciphermode[sizeof (header.cipherMode)] = 0;
+ grub_memcpy (hashspec, header.hashSpec, sizeof (header.hashSpec));
+ hashspec[sizeof (header.hashSpec)] = 0;
++ grub_memcpy (uuid, header.uuid, sizeof (header.uuid));
++ uuid[sizeof (header.uuid)] = 0;
++
++ if ( check_uuid && ! grub_cryptodisk_uuidcmp(check_uuid, uuid))
++ {
++ grub_dprintf ("luks", "%s != %s\n", uuid, check_uuid);
++ return NULL;
++ }
+
+ newdev = grub_cryptodisk_create (disk, uuid, ciphername, ciphermode, hashspec);
+
+diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h
+index bb25ab730..01c02696e 100644
+--- a/include/grub/cryptodisk.h
++++ b/include/grub/cryptodisk.h
+@@ -168,4 +168,6 @@ grub_cryptodisk_t grub_cryptodisk_get_by_source_disk (grub_disk_t disk);
+ grub_cryptodisk_t grub_cryptodisk_create (grub_disk_t disk, char *uuid,
+ char *ciphername, char *ciphermode, char *digest);
+
++int
++grub_cryptodisk_uuidcmp(char *uuid_a, char *uuid_b);
+ #endif
+--
+2.16.2
+

114
helpers/DATA/grub2/0006-Cryptomount-support-for-using-whole-device-as-keyfile.patch
View file

@ -1,114 +0,0 @@
diff --git a/0006-Cryptomount-support-for-using-whole-device-as-keyfile.patch b/0006-Cryptomount-support-for-using-whole-device-as-keyfile.patch
new file mode 100644
index 00000000000..49750f84aca
--- /dev/null
+++ b/0006-Cryptomount-support-for-using-whole-device-as-keyfile.patch
@@ -0,0 +1,108 @@
+From 908f4282cc934422923ff59836a835e63d6a7117 Mon Sep 17 00:00:00 2001
+From: Paul Gideon Dann <pdgiddie@gmail.com>
+Date: Tue, 19 Jul 2016 12:36:37 +0100
+Subject: [PATCH] Add support for using a whole device as a keyfile
+
+---
+ grub-core/disk/cryptodisk.c | 86 +++++++++++++++++++++++++++++--------
+ 1 file changed, 68 insertions(+), 18 deletions(-)
+
+diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
+index d0388c6d1..c5d8021ba 100644
+--- a/grub-core/disk/cryptodisk.c
++++ b/grub-core/disk/cryptodisk.c
+@@ -1031,26 +1031,76 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
+ else
+ {
+ keyfile_offset = state[5].set ? grub_strtoul (state[5].arg, 0, 0) : 0;
+- keyfile_size = requested_keyfile_size ? requested_keyfile_size : \
+- GRUB_CRYPTODISK_MAX_KEYFILE_SIZE;
+-
+- keyfile = grub_file_open (state[4].arg, GRUB_FILE_TYPE_NONE);
+- if (!keyfile)
+- grub_printf (N_("Unable to open key file %s\n"), state[4].arg);
+- else if (grub_file_seek (keyfile, keyfile_offset) == (grub_off_t)-1)
+- grub_printf (N_("Unable to seek to offset %d in key file\n"), keyfile_offset);
+- else
++
++ if (grub_strchr (state[4].arg, '/'))
+ {
+- keyfile_size = grub_file_read (keyfile, keyfile_buffer, keyfile_size);
+- if (keyfile_size == (grub_size_t)-1)
+- grub_printf (N_("Error reading key file\n"));
+- else if (requested_keyfile_size && (keyfile_size != requested_keyfile_size))
+- grub_printf (N_("Cannot read %llu bytes for key file (read %llu bytes)\n"),
+- (unsigned long long) requested_keyfile_size,
+- (unsigned long long) keyfile_size);
++ keyfile_size = requested_keyfile_size ? requested_keyfile_size : \
++ GRUB_CRYPTODISK_MAX_KEYFILE_SIZE;
++ keyfile = grub_file_open (state[4].arg, GRUB_FILE_TYPE_NONE);
++ if (!keyfile)
++ grub_printf (N_("Unable to open key file %s\n"), state[4].arg);
++ else if (grub_file_seek (keyfile, keyfile_offset) == (grub_off_t)-1)
++ grub_printf (N_("Unable to seek to offset %d in key file\n"), keyfile_offset);
+ else
+- key = keyfile_buffer;
+- }
++ {
++ keyfile_size = grub_file_read (keyfile, keyfile_buffer, keyfile_size);
++ if (keyfile_size == (grub_size_t)-1)
++ grub_printf (N_("Error reading key file\n"));
++ else if (requested_keyfile_size && (keyfile_size != requested_keyfile_size))
++ grub_printf (N_("Cannot read %llu bytes for key file (read %llu bytes)\n"),
++ (unsigned long long) requested_keyfile_size,
++ (unsigned long long) keyfile_size);
++ else
++ key = keyfile_buffer;
++ }
++ }
++ else
++ {
++ grub_disk_t keydisk;
++ char* keydisk_name;
++ grub_err_t err;
++ grub_uint64_t total_sectors;
++
++ keydisk_name = grub_file_get_device_name(state[4].arg);
++ keydisk = grub_disk_open (keydisk_name);
++ if (!keydisk)
++ {
++ grub_printf (N_("Unable to open disk %s\n"), keydisk_name);
++ goto cleanup_keydisk_name;
++ }
++
++ total_sectors = grub_disk_get_size (keydisk);
++ if (total_sectors == GRUB_DISK_SIZE_UNKNOWN)
++ {
++ grub_printf (N_("Unable to determine size of disk %s\n"), keydisk_name);
++ goto cleanup_keydisk;
++ }
++
++ keyfile_size = (total_sectors << GRUB_DISK_SECTOR_BITS);
++ if (requested_keyfile_size > 0 && requested_keyfile_size < keyfile_size)
++ keyfile_size = requested_keyfile_size;
++ if (keyfile_size > GRUB_CRYPTODISK_MAX_KEYFILE_SIZE)
++ {
++ grub_printf (N_("Key file size exceeds maximum (%llu)\n"), \
++ (unsigned long long) GRUB_CRYPTODISK_MAX_KEYFILE_SIZE);
++ goto cleanup_keydisk;
++ }
++
++ err = grub_disk_read (keydisk, 0, keyfile_offset, keyfile_size, keyfile_buffer);
++ if (err != GRUB_ERR_NONE)
++ {
++ grub_printf (N_("Failed to read from disk %s\n"), keydisk_name);
++ keyfile_size = 0;
++ goto cleanup_keydisk;
++ }
++
++ key = keyfile_buffer;
++
++ cleanup_keydisk:
++ grub_disk_close (keydisk);
++ cleanup_keydisk_name:
++ grub_free (keydisk_name);
++ }
+ }
+ }
+

0
helpers/DATA/grub2/0007-prevent-duplicated-gnu-linux-with-trisquel-full-name.patch → helpers/DATA/grub2/patch_changes/007-prevent-duplicated-gnu-linux-with-trisquel-full-name.patch
View file

36
helpers/DATA/gtk+3.0/patch_changes/000-fix_tooltip_gtk+3.0_lxde.patch Normal file
View file

@ -0,0 +1,36 @@
From baa351f7e2d8cb92e94ce122bf8b96cfe88f9a5a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ingo=20Br=C3=BCckl?= <ib@oddnet.de>
Date: Mon, 17 Feb 2025 18:04:20 +0100
Subject: [PATCH] Fix position of child tooltips in custom windows
Unlike a GTK_TOPLEVEL_WINDOW, a custom toplevel window derived from
GtkWindow can have non-zero x/y allocations (like a panel at the bottom
of the screen).
Since the allocation of such a toplevel window is relative to the screen
origin, the position of the child must also be relative to the screen
origin so that we get the correct coordinates relative to each other.
diff --git a/gtk/gtktooltip.c b/gtk/gtktooltip.c
index 1bf72f19..3d6a99f1 100644
--- a/gtk/gtktooltip.c
+++ b/gtk/gtktooltip.c
@@ -875,6 +875,7 @@ gtk_tooltip_position (GtkTooltip *tooltip,
GdkWindow *widget_window;
GdkWindow *effective_toplevel;
GtkWidget *toplevel;
+ GtkAllocation toplevel_allocation;
int rect_anchor_dx = 0;
int cursor_size;
int anchor_rect_padding;
@@ -886,8 +887,9 @@ gtk_tooltip_position (GtkTooltip *tooltip,
tooltip->tooltip_widget = new_tooltip_widget;
toplevel = _gtk_widget_get_toplevel (new_tooltip_widget);
+ _gtk_widget_get_allocation (toplevel, &toplevel_allocation);
gtk_widget_translate_coordinates (new_tooltip_widget, toplevel,
- 0, 0,
+ toplevel_allocation.x, toplevel_allocation.y,
&anchor_rect.x, &anchor_rect.y);
anchor_rect.width = gtk_widget_get_allocated_width (new_tooltip_widget);

12
helpers/DATA/gtk+3.0/patch_changes/001-fix_FTBFS_on_armhf_ecne.patch Normal file
View file

@ -0,0 +1,12 @@
diff --git a/gtk/gtkwindow.c b/gtk/gtkwindow.c
index d6db84fa..bfcef2b5 100644
--- a/gtk/gtkwindow.c
+++ b/gtk/gtkwindow.c
@@ -71,6 +71,7 @@
#ifdef GDK_WINDOWING_X11
#include "x11/gdkx.h"
+#include <math.h>
#endif
#ifdef GDK_WINDOWING_WIN32

301
helpers/DATA/hplip/patch_changes/000-add_trisquel_distro_definition_distros_password.patch Normal file
View file

@ -0,0 +1,301 @@
diff --git a/installer/distros.dat b/installer/distros.dat
index 80588920..66bb81a1 100644
--- a/installer/distros.dat
+++ b/installer/distros.dat
@@ -94,7 +94,7 @@
# ****************************************
[distros]
-distros=unknown,mepis,debian,suse,mandriva,fedora,redhat,rhel,slackware,gentoo,redflag,ubuntu,xandros,freebsd,linspire,ark,pclinuxos,centos,igos,linuxmint,linpus,gos,boss,lfs,manjarolinux,zorin,mxlinux,elementary
+distros=unknown,mepis,debian,suse,mandriva,fedora,redhat,rhel,slackware,gentoo,redflag,ubuntu,xandros,freebsd,linspire,ark,pclinuxos,centos,igos,linuxmint,linpus,gos,boss,lfs,manjarolinux,zorin,mxlinux,elementary,trisquel
# ****************************************
@@ -18946,3 +18946,287 @@ packages=automake1.11
packages=epm
# ****************************************
+
+[trisquel]
+index=99
+versions=11.0.1,12.0
+display_name=Trisquel GNU/Linux
+alt_names=trisquel,Trisquel GNU/Linux
+display=1
+notes=
+package_mgrs=dpkg,apt-get,synaptic,update-manager,adept,aptitude,adept-updater
+package_mgr_cmd=sudo apt-get install --assume-yes $packages_to_install
+pre_depend_cmd=sudo dpkg --configure -a,sudo apt-get install --yes --force-yes -f,sudo apt-get update
+post_depend_cmd=
+hp_libs_remove_cmd= sudo apt-get remove libhpmud0 libsane-hpaio printer-driver-postscript-hp
+hplip_remove_cmd=sudo aptitude remove --assume-yes hplip hpijs
+su_sudo=sudo
+ppd_install=ppd
+udev_mode_fix=1
+ppd_dir=
+fix_ppd_symlink=0
+drv_dir=/usr/share/cups/drv/HP
+
+# ****************************************
+
+[trisquel:11.0.1]
+code_name=aramo
+supported=1
+scan_supported=1
+fax_supported=1
+pcard_supported=1
+network_supported=1
+parallel_supported=1
+usb_supported=1
+packaged_version=3.21.12
+release_date=01/01/2022
+notes=
+ppd_install=drv
+udev_mode_fix=1
+ppd_dir=/usr/share/ppd/HP
+fix_ppd_symlink=0
+drv_dir=/usr/share/cups/drv/HP
+ui_toolkit=qt5
+native_cups=1
+acl_rules=1
+
+libdir_path=/usr/lib
+
+[trisquel:11.0.1:cups]
+packages=libcups2
+
+[trisquel:11.0.1:cups-devel]
+packages=libcups2-dev,cups-bsd,cups-client
+
+[trisquel:11.0.1:gcc]
+packages=build-essential
+
+[trisquel:11.0.1:gs]
+packages=ghostscript
+
+[trisquel:11.0.1:libcrypto]
+packages=openssl
+
+[trisquel:11.0.1:libjpeg]
+packages=libjpeg-dev
+
+[trisquel:11.0.1:libatk-adaptor]
+packages=libatk-adaptor
+
+[trisquel:11.0.1:libgail-common]
+packages=libgail-common
+
+[trisquel:11.0.1:libnetsnmp-devel]
+packages=libsnmp-dev
+
+[trisquel:11.0.1:libpthread]
+packages=build-essential
+
+[trisquel:11.0.1:libtool]
+packages=libtool,libtool-bin
+
+[trisquel:11.0.1:libusb]
+packages=libusb-1.0-0-dev,libusb-0.1-4
+
+[trisquel:11.0.1:make]
+packages=build-essential
+
+[trisquel:11.0.1:ppdev]
+packages=
+commands=sudo modprobe ppdev,sudo cp -f /etc/modules /etc/modules.hplip,echo ppdev | sudo tee -a /etc/modules
+
+[trisquel:11.0.1:sane]
+packages=libsane
+
+[trisquel:11.0.1:sane-devel]
+packages=libsane-dev
+
+[trisquel:11.0.1:scanimage]
+packages=sane-utils
+
+[trisquel:11.0.1:xsane]
+packages=gtk2-engines-pixbuf,xsane
+
+[trisquel:11.0.1:dbus]
+packages=libdbus-1-dev
+
+[trisquel:11.0.1:cups-image]
+packages=libcupsimage2-dev
+
+[trisquel:11.0.1:cups-ddk]
+packages=cups
+
+[trisquel:11.0.1:policykit]
+packages=policykit-1,policykit-1-gnome
+
+[trisquel:11.0.1:network]
+packages=wget
+
+[trisquel:11.0.1:avahi-utils]
+packages=avahi-utils
+
+[trisquel:11.0.1:libavahi-dev]
+packages=libavahi-client-dev,libavahi-core-dev,libavahi-common-dev
+
+[trisquel:11.0.1:python3-notify2]
+packages=python3-notify2
+
+[trisquel:11.0.1:python3-pyqt5-dbus]
+packages=python3-dbus.mainloop.pyqt5
+
+[trisquel:11.0.1:python3-pyqt5]
+packages=python3-pyqt5,gtk2-engines-pixbuf
+
+[trisquel:11.0.1:python3-dbus]
+packages=python3-dbus,python3-gi
+
+[trisquel:11.0.1:python3-xml]
+packages=python3-lxml
+
+[trisquel:11.0.1:python3-devel]
+packages=python3-dev
+
+[trisquel:11.0.1:python3-pil]
+packages=python3-pil
+
+[trisquel:11.0.1:python3-reportlab]
+packages=python3-reportlab
+
+[trisquel:11.0.1:automake]
+packages=automake1.11
+
+[trisquel:11.0.1:epm]
+packages=epm
+
+# ****************************************
+
+[trisquel:12.0]
+code_name=ecne
+supported=1
+scan_supported=1
+fax_supported=1
+pcard_supported=1
+network_supported=1
+parallel_supported=1
+usb_supported=1
+packaged_version=3.23.12
+release_date=01/01/2022
+notes=
+ppd_install=drv
+udev_mode_fix=1
+ppd_dir=/usr/share/ppd/HP
+fix_ppd_symlink=0
+drv_dir=/usr/share/cups/drv/HP
+ui_toolkit=qt5
+native_cups=1
+acl_rules=1
+
+libdir_path=/usr/lib
+
+[trisquel:12.0:cups]
+packages=libcups2t64
+
+[trisquel:12.0:cups-devel]
+packages=libcups2-dev,cups-bsd,cups-client
+
+[trisquel:12.0:gcc]
+packages=build-essential
+
+[trisquel:12.0:gs]
+packages=ghostscript
+
+[trisquel:12.0:libcrypto]
+packages=openssl
+
+[trisquel:12.0:libjpeg]
+packages=libjpeg-dev
+
+[trisquel:12.0:libatk-adaptor]
+packages=libatk-adaptor
+
+[trisquel:12.0:libgail-common]
+packages=libgail-common
+
+[trisquel:12.0:libnetsnmp-devel]
+packages=libsnmp-dev
+
+[trisquel:12.0:libpthread]
+packages=build-essential
+
+[trisquel:12.0:libtool]
+packages=libtool,libtool-bin
+
+[trisquel:12.0:libusb]
+packages=libusb-1.0-0-dev,libusb-0.1-4
+
+[trisquel:12.0:make]
+packages=build-essential
+
+[trisquel:12.0:ppdev]
+packages=
+commands=sudo modprobe ppdev,sudo cp -f /etc/modules /etc/modules.hplip,echo ppdev | sudo tee -a /etc/modules
+
+[trisquel:12.0:sane]
+packages=libsane1
+
+[trisquel:12.0:sane-devel]
+packages=libsane-dev
+
+[trisquel:12.0:scanimage]
+packages=sane-utils
+
+[trisquel:12.0:xsane]
+packages=gtk2-engines-pixbuf,xsane
+
+[trisquel:12.0:dbus]
+packages=libdbus-1-dev
+
+[trisquel:12.0:cups-image]
+packages=libcupsimage2-dev
+
+[trisquel:12.0:cups-ddk]
+packages=cups
+
+[trisquel:12.0:policykit]
+packages=policykit-1,policykit-1-gnome
+
+[trisquel:12.0:network]
+packages=wget
+
+[trisquel:12.0:avahi-utils]
+packages=avahi-utils
+
+[trisquel:12.0:libavahi-dev]
+packages=libavahi-client-dev,libavahi-core-dev,libavahi-common-dev
+
+[trisquel:12.0:python3-notify2]
+packages=python3-notify2
+
+[trisquel:12.0:python3-pyqt5-dbus]
+packages=python3-dbus.mainloop.pyqt5
+
+[trisquel:12.0:python3-pyqt5]
+packages=python3-pyqt5,gtk2-engines-pixbuf
+
+[trisquel:12.0:python3-dbus]
+packages=python3-dbus,python3-gi
+
+[trisquel:12.0:python3-xml]
+packages=python3-lxml
+
+[trisquel:12.0:python3-devel]
+packages=python3-dev
+
+[trisquel:12.0:python3-pil]
+packages=python3-pil
+
+[trisquel:12.0:python3-reportlab]
+packages=python3-reportlab
+
+[trisquel:12.0:automake]
+packages=automake1.11
+
+[trisquel:12.0:epm]
+packages=epm
+
+# ****************************************

16
helpers/DATA/hplip/patch_changes/001-enable_distro_name_dectection.patch Normal file
View file

@ -0,0 +1,16 @@
diff --git a/installer/core_install.py b/installer/core_install.py
index 1c8af23e..9595b2c7 100644
--- a/installer/core_install.py
+++ b/installer/core_install.py
@@ -644,6 +644,11 @@ class CoreInstall(object):
ld = distro.linux_distribution(full_distribution_name=False)
name = ld[0]
ver = ld[1]
+ # Ensure variable exists (used below for MX detection)
+ try:
+ distro_release_name = distro.name(pretty=True) or ""
+ except Exception:
+ distro_release_name = ""
found = True

BIN
helpers/DATA/keyring.gpg
View file

Binary file not shown.

41
helpers/DATA/kubuntu-settings/patch_changes/000-tune-distro-welcome-to-trisquels-vision.patch Normal file
View file

@ -0,0 +1,41 @@
diff --git a/desktop/plasma/plasma-welcome-extra-pages/01-Kubuntu.qml b/desktop/plasma/plasma-welcome-extra-pages/01-Kubuntu.qml_
index ecb6354a..fcede269 100644
--- a/desktop/plasma/plasma-welcome-extra-pages/01-Kubuntu.qml
+++ b/desktop/plasma/plasma-welcome-extra-pages/01-Kubuntu.qml_
@@ -1,6 +1,7 @@
/*
* SPDX-FileCopyrightText: 2021 Felipe Kinoshita <kinofhek@gmail.com>
* SPDX-FileCopyrightText: 2022 Nate Graham <nate@kde.org>
+ * SPDX-FileCopyrightText: 2025 Luis Guzmán <ark@switnet.org>
*
* SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only OR LicenseRef-KDE-Accepted-GPL
*/
@@ -17,22 +18,21 @@ import org.kde.plasma.welcome 1.0
GenericPage {
heading: i18nc("@info:window", "Welcome to Triskel | Friendly Computing")
description: i18nc("@info:usagetip",
- '<p>You are using the Triskel® Linux distribution, an official Ubuntu® flavor.
- It is used by millions around the world who value:</p>
+ '<p>You are using the Triskel GNU/Linux distribution, an official Trisquel flavor.
+ It is used by users around the world who value:</p>
<ul>
<li>The beautiful and intuitive KDE Plasma desktop and KDE apps</li>
- <li>The breadth and compatibility of the full Ubuntu
- archive</li>
+ <li>The breadth and compatibility of the full Trisquel archive</li>
<li>Frequent security updates</li>
<li>Current, reliable core apps for productivity, office, email,
graphics, and music</li>
- <li>The availability of Triskel-optimized hardware and commercial support</li>
+ <li>Software Freedom along with the availability of Trisquel-community support</li>
</ul>
- <p>Triskel is free software developed by members of the global Ubuntu®
+ <p>Triskel is free software developed by members of the global
community. Please donate today to support its continued development. All
- proceeds fund the Triskel Developer Team!</p>
+ proceeds fund the continuity of the developement of Trisquel!</p>
');
RowLayout {

11
helpers/DATA/kubuntu-settings/usr-share/README.md Normal file
View file

@ -0,0 +1,11 @@
## Logotype note
The logo `triskel_tour.svg` has been modified for visual effects.
Please, do NOT reuse as "original" Trisquel logo.
Get a original copy from other source this image shouldn't be used on other places.
Regards.
-- Ark74

102
helpers/DATA/kubuntu-settings/usr-share/triskel_donate.svg Normal file
View file

File diff suppressed because one or more lines are too long
Side by side

After

Width:  |  Height:  |  Size: 24 KiB

482
helpers/DATA/kubuntu-settings/usr-share/triskel_tour.svg Normal file
View file

File diff suppressed because one or more lines are too long
Side by side

After

Width:  |  Height:  |  Size: 101 KiB

24
helpers/DATA/language-selector/patch_changes/000-add_language-selector_support_browsers.patch Normal file
View file

@ -0,0 +1,24 @@
Add icedove and abrowser, and other browsers to the supported language-selector apps.
diff --git a/data/pkg_depends b/data/pkg_depends
index 73d0d019..f38d68a6 100644
--- a/data/pkg_depends
+++ b/data/pkg_depends
@@ -11,13 +11,15 @@ tr::gvfs:language-pack-gnome-
# Format: %LCODE% or %LCODE%-%CCODE%
tr::libreoffice-common:libreoffice-l10n-
tr::libreoffice-common:libreoffice-help-
-tr::thunderbird:thunderbird-locale-
+tr::icedove:icedove-locale-
+tr::abrowser:abrowser-locale-
+tr::icecat:icecat-locale-
tr::lightning-extension:lightning-extension-locale-
tr::sunbird:sunbird-locale-
tr::sword-text-gerlut1545:sword-language-pack-
tr::gimp:gimp-help-
tr::evolution:evolution-documentation-
-tr::chromium-browser:chromium-browser-l10n
+tr::ungoogled-chromium:ungoogled-chromium-l10n
tr::sylpheed:sylpheed-i18n
tr::amarok:amarok-help-
tr::gnome-user-docs:gnome-user-docs-

38
helpers/DATA/libmateweather/patch_changes/001-weather_server_uri_update_138.patch Normal file
View file

@ -0,0 +1,38 @@
From 4e54f44dab4efa8c216b26ea7188b99c94882ba4 Mon Sep 17 00:00:00 2001
From: Victor Kareh <vkareh@redhat.com>
Date: Thu, 18 Sep 2025 11:40:55 -0400
Subject: [PATCH] metar: Update AviationWeather URL
According to their website: "The AviationWeather Data API has been
redeveloped in 2025."
Also they put 'METAR' (or 'SPECI') onto the beginning of data to make it
ICAO compliant, so we add code to parse that.
Fixes #135
---
libmateweather/weather-metar.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libmateweather/weather-metar.c b/libmateweather/weather-metar.c
index 7bc24fc9..4698a077 100644
--- a/libmateweather/weather-metar.c
+++ b/libmateweather/weather-metar.c
@@ -510,7 +510,7 @@ metar_finish (SoupSession *session, SoupMessage *msg, gpointer data)
loc = info->location;
- searchkey = g_strdup_printf ("<raw_text>%s", loc->code);
+ searchkey = g_strdup_printf ("<raw_text>METAR %s", loc->code);
p = strstr (msg->response_body->data, searchkey);
g_free (searchkey);
if (p) {
@@ -550,7 +550,7 @@ metar_start_open (WeatherInfo *info)
}
msg = soup_form_request_new (
- "GET", "https://aviationweather.gov/cgi-bin/data/dataserver.php",
+ "GET", "https://aviationweather.gov/api/data/dataserver",
"dataSource", "metars",
"requestType", "retrieve",
"format", "xml",

22
helpers/DATA/lxde-metapackages/patch_changes/000-set_customs_browsers_for_lxde-metapackages.patch Normal file
View file

@ -0,0 +1,22 @@
diff --git a/debian/control b/debian/control
index e0f0285c..5cc1787e 100644
--- a/debian/control
+++ b/debian/control
@@ -22,7 +22,7 @@ Recommends: polkitd,
lxterminal | x-terminal-emulator,
notification-daemon,
xscreensaver
-Suggests: firefox-esr | firefox | www-browser,
+Suggests: abrowser | icecat | www-browser,
lxde,
lxlauncher
Description: metapackage for the LXDE core
@@ -59,7 +59,7 @@ Recommends: connman-gtk | network-manager-gnome | wicd,
smplayer | vlc | mplayer-gui, gnome-colors,
gnome-system-tools,
gucharmap,
- firefox-esr | firefox | www-browser,
+ abrowser | icecat | www-browser,
lightdm | x-display-manager,
lxmusic | audacious, lxpolkit,
parcellite | clipit | copyq, numlockx, usermode,

72
helpers/DATA/lxpanel/patch_changes/000-MR_46_fix_scrolling_issue_volume_plugin.patch Normal file
View file

@ -0,0 +1,72 @@
From 44df20a33645b4a645b547725c75904cee46dfba Mon Sep 17 00:00:00 2001
From: Nicolas Salguero <nicolas.salguero@laposte.net>
Date: Thu, 21 Jul 2022 12:54:07 +0200
Subject: [PATCH 1/2] Fix a scrolling issue with the GTK3 volume plugin
Scrolling with the mouse wheel in the volume plugin window only reduces
the volume, because the GDK_SCROLL_SMOOTH direction is not taken into
account.
This fixes github issue #27, reported by martenwa,
part of github issue #45, reported by nsalguero, and
part of https://bugs.debian.org/1052050.
(commit and message amended by committer)
---
plugins/volumealsa/volumealsa.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/plugins/volumealsa/volumealsa.c b/plugins/volumealsa/volumealsa.c
index 5c410511..74b49f90 100644
--- a/plugins/volumealsa/volumealsa.c
+++ b/plugins/volumealsa/volumealsa.c
@@ -796,6 +796,17 @@ static void volumealsa_popup_scale_scrolled(GtkScale * scale, GdkEventScroll * e
/* Dispatch on scroll direction to update the value. */
if ((evt->direction == GDK_SCROLL_UP) || (evt->direction == GDK_SCROLL_LEFT))
val += 2;
+#if GTK_CHECK_VERSION(3, 4, 0)
+ else if (evt->direction == GDK_SCROLL_SMOOTH)
+ {
+ gdouble delta_x, delta_y;
+ gdk_event_get_scroll_deltas((GdkEvent *) evt, &delta_x, &delta_y);
+ if ((delta_y < 0) || (delta_x < 0))
+ val += 2;
+ else
+ val -= 2;
+ }
+#endif
else
val -= 2;
From a9c1c58558ec066b6e086230abcf70c7793583c8 Mon Sep 17 00:00:00 2001
From: Nicolas Salguero <nicolas.salguero@laposte.net>
Date: Thu, 21 Jul 2022 12:54:07 +0200
Subject: [PATCH 2/2] Fix a scrolling issue with the GTK3 volume plugin
Scrolling with the mouse wheel on the volume plugin icon does nothing
because GDK_SCROLL events are missing. To receive these events, widgets
must set either GDK_SCROLL_MASK or GDK_SMOOTH_SCROLL_MASK.
This fixes part of github issue #45, reported by nsalguero,
and part of https://bugs.debian.org/1052050.
(commit and message amended by committer)
---
plugins/volumealsa/volumealsa.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/plugins/volumealsa/volumealsa.c b/plugins/volumealsa/volumealsa.c
index 74b49f90..13693773 100644
--- a/plugins/volumealsa/volumealsa.c
+++ b/plugins/volumealsa/volumealsa.c
@@ -991,6 +991,9 @@ static GtkWidget *volumealsa_constructor(LXPanel *panel, config_setting_t *setti
vol->tray_icon = lxpanel_image_new_for_icon(panel, "audio-volume-muted-panel",
-1, ICONS_MUTE);
gtk_container_add(GTK_CONTAINER(p), vol->tray_icon);
+#if GTK_CHECK_VERSION(3, 4, 0)
+ gtk_widget_add_events(p, GDK_SCROLL_MASK);
+#endif
/* Initialize window to appear when icon clicked. */
volumealsa_build_popup_window(p);

28
helpers/DATA/lxpanel/patch_changes/001-MR_53_handle_not_charging_state_battery.patch Normal file
View file

@ -0,0 +1,28 @@
From 0995ca8ee2b7cbd768921b0a4e2f88a98af09c92 Mon Sep 17 00:00:00 2001
From: Mikau <mikau@aaathats3as.com>
Date: Mon, 17 Apr 2023 16:37:10 +0200
Subject: [PATCH] Handle "Not Charging" state in battery indicator
When the battery has reached the target charge level, some devices
use the status "Not Charging". LXpanel should not interpret this to mean
"Discharging", but rather the same as "Full".
This is also likely to fix github issue #50, reported by embedeo.
(commit message amended by committer)
---
plugins/batt/batt_sys.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/plugins/batt/batt_sys.c b/plugins/batt/batt_sys.c
index 5a40273e..eb807a3c 100644
--- a/plugins/batt/batt_sys.c
+++ b/plugins/batt/batt_sys.c
@@ -396,6 +396,7 @@ gboolean battery_is_charging( battery *b )
return ( strcasecmp( b->state, "Unknown" ) == 0
|| strcasecmp( b->state, "Full" ) == 0
|| strcasecmp( b->state, "Charging" ) == 0
+ || strcasecmp( b->state, "Not Charging" ) == 0
|| b->current_now == 0 ); /* bug sf.net, #720 */
}

28
helpers/DATA/lxpanel/patch_changes/002-MR_78_do_not_trigger_wincmd_button_clicked.patch Normal file
View file

@ -0,0 +1,28 @@
From 8b2d1ead714529f3abe00fff282607a4f9eb47b7 Mon Sep 17 00:00:00 2001
From: kurokawachan <kurokawapopochan@gmail.com>
Date: Fri, 23 Aug 2024 04:11:55 -0700
Subject: [PATCH] Do not trigger wincmd_button_clicked() by GDK_2BUTTON_PRESS
events
If the toggle is clicked too quickly, it is considered a double-click
and three button-press events are generated instead of the usual two,
resulting in unwanted behavior.
This fixes https://github.com/lxde/lxpanel/issues/77.
---
plugins/wincmd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plugins/wincmd.c b/plugins/wincmd.c
index 9b4ae48e..ae8db997 100644
--- a/plugins/wincmd.c
+++ b/plugins/wincmd.c
@@ -124,7 +124,7 @@ static gboolean wincmd_button_clicked(GtkWidget * widget, GdkEventButton * event
WinCmdPlugin * wc = lxpanel_plugin_get_data(widget);
/* Left-click to iconify. */
- if (event->button == 1)
+ if (event->button == 1 && event->type == GDK_BUTTON_PRESS)
{
GdkScreen* screen = gtk_widget_get_screen(widget);
Screen *xscreen = GDK_SCREEN_XSCREEN(screen);

27
helpers/DATA/lxpanel/patch_changes/003-MR_84_prevent_panel_freeze_pop_down_menu_debofe_detach.patch Normal file
View file

@ -0,0 +1,27 @@
From 8b1135b857eb684296013c92487532a903039102 Mon Sep 17 00:00:00 2001
From: kurokawachan <kurokawapopochan@gmail.com>
Date: Sat, 21 Sep 2024 20:16:48 -0700
Subject: [PATCH] Pop down a menu before detaching it
If we detach a GtkMenu while it is still being displayed,
it will freeze the entire panel.
This fixes github issue #83, reported by make-your-soft-better.
(commit message slightly amended by committer)
---
plugins/task-button.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/plugins/task-button.c b/plugins/task-button.c
index 3744cc79..f90da5c8 100644
--- a/plugins/task-button.c
+++ b/plugins/task-button.c
@@ -1544,6 +1544,7 @@ void task_button_update_windows_list(TaskButton *button, Window *list, gint n)
for (l = menu_list; l; l = l->next)
{
GtkMenu *menu = GTK_MENU(l->data);
+ gtk_menu_popdown(menu);
gtk_menu_detach(menu);
}
g_list_free(menu_list);

237
helpers/DATA/lxpanel/patch_changes/004-MR_89_1-4_restore_disabled_cpufreq_plugin_functionality.patch Normal file
View file

@ -0,0 +1,237 @@
From dfa4708213c65b734b0d724de8290d4da3ba5af4 Mon Sep 17 00:00:00 2001
From: rofl0r <rofl0r@users.noreply.github.com>
Date: Wed, 12 Mar 2025 00:35:15 +0000
Subject: [PATCH 1/4] Restore disabled cpufreq plugin functionality
According to the comment used, this was apparently disabled because
someone thought that changing CPU governors requires root permissions,
but that can be easily changed using a rc script running on system
start.
Probably the most sensible setup to modify the governors from a
restricted user account is to add it to a dedicated group with
write access to the corresponding sysfs files.
For instance:
for i in /sys/devices/system/cpu/cpu[0-9]*/cpufreq/scaling_governor \
/sys/devices/system/cpu/cpu[0-9]*/cpufreq/scaling_setspeed ; do
chown root:cpufreq "$i"
chmod 664 "$i"
done
---
plugins/cpufreq/cpufreq.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/plugins/cpufreq/cpufreq.c b/plugins/cpufreq/cpufreq.c
index 05f41e0d..24e819ea 100644
--- a/plugins/cpufreq/cpufreq.c
+++ b/plugins/cpufreq/cpufreq.c
@@ -99,7 +99,7 @@ get_cur_freq(cpufreq *cf){
}
}
-/*static void
+static void
get_governors(cpufreq *cf){
FILE *fp;
GList *l;
@@ -189,7 +189,7 @@ frequency_menu(cpufreq *cf){
fclose(fp);
return GTK_WIDGET(menu);
-}*/
+}
static void
get_cpus(cpufreq *cf)
@@ -228,7 +228,7 @@ get_cpus(cpufreq *cf)
g_dir_close(cpuDirectory);
}
-/*static void
+static void
cpufreq_set_governor(GtkWidget *widget, Param* p){
FILE *fp;
char buf[ 100 ], sstmp [ 256 ];
@@ -291,7 +291,7 @@ cpufreq_menu(cpufreq *cf){
}
return GTK_WIDGET (menu);
-}*/
+}
@@ -303,9 +303,9 @@ clicked(GtkWidget *widget, GdkEventButton *evt, LXPanel *panel)
/* Standard right-click handling. */
if( evt->button == 1 )
{
-// Setting governor can't work without root privilege
-// gtk_menu_popup( cpufreq_menu((cpufreq*)plugin->priv), NULL, NULL, NULL, NULL,
-// evt->button, evt->time );
+ cpufreq *cf = lxpanel_plugin_get_data(widget);
+ gtk_menu_popup( GTK_MENU(cpufreq_menu(cf)), NULL, NULL, NULL, NULL,
+ evt->button, evt->time );
return TRUE;
}
From 6c35362e69030f6e1bd360f1d8d8171135943c85 Mon Sep 17 00:00:00 2001
From: rofl0r <rofl0r@users.noreply.github.com>
Date: Wed, 12 Mar 2025 09:57:01 +0000
Subject: [PATCH 2/4] Factor out identical code in cpufreq_set_gov/frequency
---
plugins/cpufreq/cpufreq.c | 36 ++++++++++++++++++++++--------------
1 file changed, 22 insertions(+), 14 deletions(-)
diff --git a/plugins/cpufreq/cpufreq.c b/plugins/cpufreq/cpufreq.c
index 24e819ea..48ff25d0 100644
--- a/plugins/cpufreq/cpufreq.c
+++ b/plugins/cpufreq/cpufreq.c
@@ -138,19 +138,34 @@ get_governors(cpufreq *cf){
}
static void
-cpufreq_set_freq(GtkWidget *widget, Param* p){
+set_file(const char* cpu, const char* val, const char* file) {
FILE *fp;
- char buf[ 100 ], sstmp [ 256 ];
+ char path [ 256 ];
- if(strcmp(p->cf->cur_governor, "userspace")) return;
+ snprintf(path, sizeof(path), "%s/%s", cpu, file);
- sprintf(sstmp,"%s/%s",p->cf->cpus->data, SCALING_SETFREQ);
- if ((fp = fopen( sstmp, "w")) != NULL) {
- fprintf(fp,"%s",p->data);
+ if ((fp = fopen( path, "w")) != NULL) {
+ fprintf(fp,"%s",val);
fclose(fp);
}
}
+static void
+set_freq(const char* cpu, const char* val) {
+ set_file(cpu, val, SCALING_SETFREQ);
+}
+
+static void
+set_gov(const char* cpu, const char* val) {
+ set_file(cpu, val, SCALING_GOV);
+}
+
+static void
+cpufreq_set_freq(GtkWidget *widget, Param* p){
+ if(strcmp(p->cf->cur_governor, "userspace")) return;
+ set_freq(p->cf->cpus->data, p->data);
+}
+
static GtkWidget *
frequency_menu(cpufreq *cf){
FILE *fp;
@@ -230,14 +245,7 @@ get_cpus(cpufreq *cf)
static void
cpufreq_set_governor(GtkWidget *widget, Param* p){
- FILE *fp;
- char buf[ 100 ], sstmp [ 256 ];
-
- sprintf(sstmp, "%s/%s", p->cf->cpus->data, SCALING_GOV);
- if ((fp = fopen( sstmp, "w")) != NULL) {
- fprintf(fp,"%s",p->data);
- fclose(fp);
- }
+ set_gov(p->cf->cpus->data, p->data);
}
static GtkWidget *
From c0831241f801f321ddfd48f7acc1e61574640a38 Mon Sep 17 00:00:00 2001
From: rofl0r <rofl0r@users.noreply.github.com>
Date: Wed, 12 Mar 2025 10:00:20 +0000
Subject: [PATCH 3/4] Apply chosen governor/frequency to all CPUs
Previously, governor and frequency were only changed for the
first CPU/core in the system, but all others were left untouched.
A user changing those generally wants the setting applied
to all cores (for example to powersave governor if on battery).
---
plugins/cpufreq/cpufreq.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/plugins/cpufreq/cpufreq.c b/plugins/cpufreq/cpufreq.c
index 48ff25d0..9c194ca0 100644
--- a/plugins/cpufreq/cpufreq.c
+++ b/plugins/cpufreq/cpufreq.c
@@ -162,8 +162,12 @@ set_gov(const char* cpu, const char* val) {
static void
cpufreq_set_freq(GtkWidget *widget, Param* p){
+ GList *curr;
+
if(strcmp(p->cf->cur_governor, "userspace")) return;
- set_freq(p->cf->cpus->data, p->data);
+
+ for(curr = p->cf->cpus; curr; curr = curr->next)
+ set_freq(curr->data, p->data);
}
static GtkWidget *
@@ -245,7 +249,10 @@ get_cpus(cpufreq *cf)
static void
cpufreq_set_governor(GtkWidget *widget, Param* p){
- set_gov(p->cf->cpus->data, p->data);
+ GList *curr;
+
+ for(curr = p->cf->cpus; curr; curr = curr->next)
+ set_gov(curr->data, p->data);
}
static GtkWidget *
From e8db3d47a308e43c44e0b036fa66df448a246e51 Mon Sep 17 00:00:00 2001
From: rofl0r <rofl0r@users.noreply.github.com>
Date: Fri, 14 Mar 2025 07:23:20 +0000
Subject: [PATCH 4/4] Cosmetic change: move cpufreq_set_governor up
---
plugins/cpufreq/cpufreq.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/plugins/cpufreq/cpufreq.c b/plugins/cpufreq/cpufreq.c
index 9c194ca0..9e1bb0f1 100644
--- a/plugins/cpufreq/cpufreq.c
+++ b/plugins/cpufreq/cpufreq.c
@@ -170,6 +170,14 @@ cpufreq_set_freq(GtkWidget *widget, Param* p){
set_freq(curr->data, p->data);
}
+static void
+cpufreq_set_governor(GtkWidget *widget, Param* p) {
+ GList *curr;
+
+ for(curr = p->cf->cpus; curr; curr = curr->next)
+ set_gov(curr->data, p->data);
+}
+
static GtkWidget *
frequency_menu(cpufreq *cf){
FILE *fp;
@@ -247,14 +255,6 @@ get_cpus(cpufreq *cf)
g_dir_close(cpuDirectory);
}
-static void
-cpufreq_set_governor(GtkWidget *widget, Param* p){
- GList *curr;
-
- for(curr = p->cf->cpus; curr; curr = curr->next)
- set_gov(curr->data, p->data);
-}
-
static GtkWidget *
cpufreq_menu(cpufreq *cf){
GList *l;

117
helpers/DATA/lxpanel/patch_changes/005-fix_armhf_build_plugin_cpufreq.patch Normal file
View file

@ -0,0 +1,117 @@
diff --git a/plugins/cpufreq/cpufreq.c b/plugins/cpufreq/cpufreq.c
index 9e1bb0f1..34e781f0 100644
--- a/plugins/cpufreq/cpufreq.c
+++ b/plugins/cpufreq/cpufreq.c
@@ -2,6 +2,7 @@
* CPUFreq plugin to lxpanel
*
* Copyright (C) 2009 by Daniel Kesler <kesler.daniel@gmail.com>
+ * 2025 Ingo Brückl
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -32,7 +33,7 @@
#include "dbg.h"
-#define PROC_ICON "cpufreq-icon"
+#define PROC_ICON "cpufreq"
#define SYSFS_CPU_DIRECTORY "/sys/devices/system/cpu"
#define SCALING_GOV "scaling_governor"
#define SCALING_AGOV "scaling_available_governors"
@@ -114,7 +115,7 @@ get_governors(cpufreq *cf){
cf->governors = NULL;
return;
}
- sprintf(sstmp,"%s/%s",cf->cpus->data, SCALING_AGOV);
+ snprintf(sstmp, sizeof(sstmp), "%s/%s", cf->cpus->data, SCALING_AGOV);
if (!(fp = fopen( sstmp, "r"))) {
printf("cpufreq: cannot open %s\n",sstmp);
@@ -178,13 +179,21 @@ cpufreq_set_governor(GtkWidget *widget, Param* p) {
set_gov(curr->data, p->data);
}
+static gboolean
+permission(cpufreq *cf, const char* file) {
+ char path [ 256 ];
+
+ snprintf(path, sizeof(path), "%s/%s", cf->cpus->data, file);
+ return (g_access(path, W_OK) == 0);
+}
+
static GtkWidget *
frequency_menu(cpufreq *cf){
FILE *fp;
Param* param;
char buf[ 100 ], sstmp [ 256 ], c, bufl = 0;
- sprintf(sstmp,"%s/%s",cf->cpus->data, SCALING_AFREQ);
+ snprintf(sstmp, sizeof(sstmp), "%s/%s", cf->cpus->data, SCALING_AFREQ);
if (!(fp = fopen( sstmp, "r"))) {
printf("cpufreq: cannot open %s\n",sstmp);
@@ -199,7 +208,7 @@ frequency_menu(cpufreq *cf){
if(bufl > 1){
buf[bufl] = '\0';
menuitem = gtk_menu_item_new_with_label(strdup(buf));
- gtk_menu_append (GTK_MENU_SHELL (menu), menuitem);
+ gtk_menu_shell_append (GTK_MENU_SHELL (menu), menuitem);
gtk_widget_show (menuitem);
param = g_new0(Param, 1);
param->data = strdup(buf);
@@ -259,6 +268,7 @@ static GtkWidget *
cpufreq_menu(cpufreq *cf){
GList *l;
GSList *group;
+ gboolean can_write;
char buff[100];
GtkMenuItem* menuitem;
Param* param;
@@ -270,33 +280,39 @@ cpufreq_menu(cpufreq *cf){
group = NULL;
if((cf->governors == NULL) || (!cf->has_cpufreq) || (cf->cur_governor == NULL)){
- menuitem = GTK_MENU_ITEM(gtk_menu_item_new_with_label("CPUFreq not supported"));
- gtk_menu_append (GTK_MENU_SHELL (menu), GTK_WIDGET (menuitem));
+ menuitem = GTK_MENU_ITEM(gtk_menu_item_new_with_label(_("CPUFreq not supported")));
+ gtk_menu_shell_append (GTK_MENU_SHELL (menu), GTK_WIDGET (menuitem));
gtk_widget_show (GTK_WIDGET (menuitem));
return GTK_WIDGET(menu);
}
+ can_write = permission(cf, SCALING_SETFREQ);
+
if(strcmp(cf->cur_governor, "userspace") == 0){
- menuitem = GTK_MENU_ITEM(gtk_menu_item_new_with_label(" Frequency"));
- gtk_menu_append (GTK_MENU_SHELL (menu), GTK_WIDGET (menuitem));
+ menuitem = GTK_MENU_ITEM(gtk_menu_item_new_with_label(_(" Frequency")));
+ gtk_menu_shell_append (GTK_MENU_SHELL (menu), GTK_WIDGET (menuitem));
+ gtk_widget_set_sensitive (GTK_WIDGET (menuitem), can_write);
gtk_widget_show (GTK_WIDGET (menuitem));
gtk_menu_item_set_submenu(menuitem, frequency_menu(cf));
menuitem = GTK_MENU_ITEM(gtk_separator_menu_item_new());
- gtk_menu_append (GTK_MENU_SHELL (menu), GTK_WIDGET (menuitem));
+ gtk_menu_shell_append (GTK_MENU_SHELL (menu), GTK_WIDGET (menuitem));
gtk_widget_show (GTK_WIDGET(menuitem));
}
+ can_write = permission(cf, SCALING_GOV);
+
for( l = cf->governors; l; l = l->next )
{
if(strcmp((char*)l->data, cf->cur_governor) == 0){
- sprintf(buff,"> %s", l->data);
+ snprintf(buff, sizeof(buff), "▸ %s", l->data);
menuitem = GTK_MENU_ITEM(gtk_menu_item_new_with_label(strdup(buff)));
}else{
- sprintf(buff," %s", l->data);
+ snprintf(buff, sizeof(buff), " %s", l->data);
menuitem = GTK_MENU_ITEM(gtk_menu_item_new_with_label(strdup(buff)));
}
gtk_menu_shell_append (GTK_MENU_SHELL (menu), GTK_WIDGET (menuitem));
+ gtk_widget_set_sensitive (GTK_WIDGET (menuitem), can_write);
gtk_widget_show (GTK_WIDGET (menuitem));
param = g_new0(Param, 1);
param->data = l->data;

14
helpers/DATA/mate-user-admin/patch_changes/000-add-cracklib-runtime-as-dependency.patch Normal file
View file

@ -0,0 +1,14 @@
# Fixes https://gitlab.trisquel.org/trisquel/package-helpers/-/issues/216
diff --git a/debian/control b/debian/control
index 3297b1c..37ff49a 100644
--- a/debian/control
+++ b/debian/control
@@ -28,6 +28,7 @@ Depends: ${shlibs:Depends},
accountsservice,
group-service,
mate-desktop-common,
+ cracklib-runtime,
Description: MATE User Manager
User and group management utility suitable for lightweight desktop
environments such as MATE or Xfce.

111
helpers/DATA/mypaint/patch_changes/000-fix_openmp_segfault.patch Normal file
View file

@ -0,0 +1,111 @@
Origin: upstream, https://github.com/mypaint/mypaint/commit/356716e7bacfcbb1f3ab80171fea405fdd10b2b9
Bug-Debian: https://bugs.debian.org/1079663
From 356716e7bacfcbb1f3ab80171fea405fdd10b2b9 Mon Sep 17 00:00:00 2001
From: Red Rozenglass <rozenglass@protonmail.com>
Date: Fri, 11 Sep 2020 02:43:49 +0300
Subject: [PATCH] Acquire/release the GIL while processing tile requests
Fixes crashes on some Linux distros, potentially improves performance.
When handling tile requests we currently use an openmp critical block in a
callback registered with libmypaint. The callback calls into Python code
without locking the GIL. This sometimes crashes mypaint in numpy's memory
cache allocator on some Linux distros that compile numpy with run-time
asserts (without `-DNDEBUG`), like Gentoo, as numpy uses Python's GIL
internally as a locking mechanism for its non-thread-safe global cache
management.
Acquiring the GIL in the C callback, before calling into Python, ensures
that the GIL is still locked by the current thread when it reaches numpy's
code, and thus prevents the crashes. We yield the GIL whenever Python code
calls again into libmypaint, This allows other threads to acquire it, and
concurrent callbacks to run, which prevents deadlocks that would otherwise
happen while waiting for all the callbacks to finish on Python's side. When
libmypaint is done we re-acquire the GIL, and return up to the callback
where the GIL is released again after some Python reference count
bookkeeping.
The OpenMP critical block is no longer necessary after introducing the GIL
locking mechanism. This would potentially improve performance as the C code
in libmypaint can process multiple callbacks at the same time during the
`Py_BEGIN_ALLOW_THREADS' period that yields the GIL.
---
lib/brush.hpp | 16 ++++++++++++++--
lib/pythontiledsurface.cpp | 7 +++++--
lib/tiledsurface.hpp | 4 +++-
3 files changed, 22 insertions(+), 5 deletions(-)
diff --git a/lib/brush.hpp b/lib/brush.hpp
index f717a42df..0db455377 100644
--- a/lib/brush.hpp
+++ b/lib/brush.hpp
@@ -66,13 +66,25 @@ class Brush {
bool stroke_to (Surface * surface, float x, float y, float pressure, float xtilt, float ytilt, double dtime, float viewzoom, float viewrotation, float barrel_rotation)
{
MyPaintSurface2 *c_surface = surface->get_surface2_interface();
- return mypaint_brush_stroke_to_2(c_brush, c_surface, x, y, pressure, xtilt, ytilt, dtime, viewzoom, viewrotation, barrel_rotation);
+ bool stroke_finished_or_empty;
+
+ Py_BEGIN_ALLOW_THREADS
+ stroke_finished_or_empty = mypaint_brush_stroke_to_2(c_brush, c_surface, x, y, pressure, xtilt, ytilt, dtime, viewzoom, viewrotation, barrel_rotation);
+ Py_END_ALLOW_THREADS
+
+ return stroke_finished_or_empty;
}
bool stroke_to_linear (Surface * surface, float x, float y, float pressure, float xtilt, float ytilt, double dtime, float viewzoom, float viewrotation, float barrel_rotation)
{
MyPaintSurface2 *c_surface = surface->get_surface2_interface();
- return mypaint_brush_stroke_to_2_linearsRGB(c_brush, c_surface, x, y, pressure, xtilt, ytilt, dtime, viewzoom, viewrotation, barrel_rotation);
+ bool stroke_finished_or_empty;
+
+ Py_BEGIN_ALLOW_THREADS
+ stroke_finished_or_empty = mypaint_brush_stroke_to_2_linearsRGB(c_brush, c_surface, x, y, pressure, xtilt, ytilt, dtime, viewzoom, viewrotation, barrel_rotation);
+ Py_END_ALLOW_THREADS
+
+ return stroke_finished_or_empty;
}
double get_total_stroke_painting_time()
diff --git a/lib/pythontiledsurface.cpp b/lib/pythontiledsurface.cpp
index 46c515c99..2c6e773db 100644
--- a/lib/pythontiledsurface.cpp
+++ b/lib/pythontiledsurface.cpp
@@ -36,8 +36,9 @@ tile_request_start(MyPaintTiledSurface2 *tiled_surface, MyPaintTileRequest *requ
const int ty = request->ty;
PyArrayObject* rgba = NULL;
-#pragma omp critical
{
+ PyGILState_STATE gstate = PyGILState_Ensure();
+
rgba = (PyArrayObject*)PyObject_CallMethod(self->py_obj, "_get_tile_numpy", "(iii)", tx, ty, readonly);
if (rgba == NULL) {
request->buffer = NULL;
@@ -59,7 +60,9 @@ tile_request_start(MyPaintTiledSurface2 *tiled_surface, MyPaintTileRequest *requ
Py_DECREF((PyObject *)rgba);
request->buffer = (uint16_t*)PyArray_DATA(rgba);
}
-} // #end pragma opt critical
+
+ PyGILState_Release(gstate);
+}
}
diff --git a/lib/tiledsurface.hpp b/lib/tiledsurface.hpp
index 3a6b2e61d..d1a5d1307 100644
--- a/lib/tiledsurface.hpp
+++ b/lib/tiledsurface.hpp
@@ -66,7 +66,9 @@ class TiledSurface : public Surface {
MyPaintRectangle* rects = this->bbox_rectangles;
MyPaintRectangles bboxes = {BBOXES, rects};
- mypaint_surface2_end_atomic((MyPaintSurface2 *)c_surface, &bboxes);
+ Py_BEGIN_ALLOW_THREADS
+ mypaint_surface2_end_atomic((MyPaintSurface2 *)c_surface, &bboxes);
+ Py_END_ALLOW_THREADS
// The capacity of the bounding box array will most often exceed the number
// of rectangles that are actually used. The call to mypaint_surface_end_atomic

169
helpers/DATA/partman-auto/patch_changes/000-set_trisquel_default_partman_recipe.patch Normal file
View file

@ -0,0 +1,169 @@
diff --git a/recipes-alpha/multi b/recipes-alpha/multi
index 186decf7..5916d8ee 100644
--- a/recipes-alpha/multi
+++ b/recipes-alpha/multi
@@ -10,7 +10,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext2 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 50000 $default_filesystem
method{ format }
format{ }
use_filesystem{ }
diff --git a/recipes-armel-kirkwood/multi b/recipes-armel-kirkwood/multi
index 690676a3..bcdea3fa 100644
--- a/recipes-armel-kirkwood/multi
+++ b/recipes-armel-kirkwood/multi
@@ -9,7 +9,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext2 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 50000 $default_filesystem
$lvmok{ }
$primary{ }
method{ format }
diff --git a/recipes-armel-orion5x/multi b/recipes-armel-orion5x/multi
index 690676a3..bcdea3fa 100644
--- a/recipes-armel-orion5x/multi
+++ b/recipes-armel-orion5x/multi
@@ -9,7 +9,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext2 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 50000 $default_filesystem
$lvmok{ }
$primary{ }
method{ format }
diff --git a/recipes-armhf-efikasb/multi b/recipes-armhf-efikasb/multi
index 690676a3..bcdea3fa 100644
--- a/recipes-armhf-efikasb/multi
+++ b/recipes-armhf-efikasb/multi
@@ -9,7 +9,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext2 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 50000 $default_filesystem
$lvmok{ }
$primary{ }
method{ format }
diff --git a/recipes-hppa/multi b/recipes-hppa/multi
index c984ae28..eabbfbb4 100644
--- a/recipes-hppa/multi
+++ b/recipes-hppa/multi
@@ -12,7 +12,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext4 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 50000 $default_filesystem
$lvmok{ }
$bootable{ }
method{ format }
diff --git a/recipes-mipsel-loongson-2f/multi b/recipes-mipsel-loongson-2f/multi
index cf0e860a..0eab6089 100644
--- a/recipes-mipsel-loongson-2f/multi
+++ b/recipes-mipsel-loongson-2f/multi
@@ -9,7 +9,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext2 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 50000 $default_filesystem
$lvmok{ }
method{ format }
format{ }
diff --git a/recipes-powerpc-apus/multi b/recipes-powerpc-apus/multi
index 1ac8e5d9..5dd492ce 100644
--- a/recipes-powerpc-apus/multi
+++ b/recipes-powerpc-apus/multi
@@ -14,7 +14,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext2 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 50000 $default_filesystem
$lvmok{ }
$primary{ }
method{ format }
diff --git a/recipes-powerpc-chrp_ibm/multi b/recipes-powerpc-chrp_ibm/multi
index f42943e8..341d40fc 100644
--- a/recipes-powerpc-chrp_ibm/multi
+++ b/recipes-powerpc-chrp_ibm/multi
@@ -14,7 +14,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext2 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 50000 $default_filesystem
$lvmok{ }
$primary{ }
method{ format }
diff --git a/recipes-powerpc-chrp_pegasos/multi b/recipes-powerpc-chrp_pegasos/multi
index d8effcff..b947d8d6 100644
--- a/recipes-powerpc-chrp_pegasos/multi
+++ b/recipes-powerpc-chrp_pegasos/multi
@@ -7,7 +7,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext2 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 50000 $default_filesystem
$lvmok{ }
method{ format }
format{ }
diff --git a/recipes-powerpc-powermac_newworld/multi b/recipes-powerpc-powermac_newworld/multi
index 1d3b421b..c213840b 100644
--- a/recipes-powerpc-powermac_newworld/multi
+++ b/recipes-powerpc-powermac_newworld/multi
@@ -7,7 +7,7 @@ partman-auto/text/multi_scheme ::
filesystem{ hfs }
mountpoint{ /boot/grub } .
-2000 3500 25000 $default_filesystem
+8000 10000 50000 $default_filesystem
$lvmok{ }
method{ format }
format{ }
diff --git a/recipes-powerpc-powermac_oldworld/multi b/recipes-powerpc-powermac_oldworld/multi
index d8effcff..b947d8d6 100644
--- a/recipes-powerpc-powermac_oldworld/multi
+++ b/recipes-powerpc-powermac_oldworld/multi
@@ -7,7 +7,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext2 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 50000 $default_filesystem
$lvmok{ }
method{ format }
format{ }
diff --git a/recipes-powerpc-prep/multi b/recipes-powerpc-prep/multi
index f206800c..43c4774a 100644
--- a/recipes-powerpc-prep/multi
+++ b/recipes-powerpc-prep/multi
@@ -5,7 +5,7 @@ partman-auto/text/multi_scheme ::
$bootable{ }
method{ prep } .
-2000 3500 25000 $default_filesystem
+8000 10000 50000 $default_filesystem
$lvmok{ }
$primary{ }
method{ format }
diff --git a/recipes-sparc/multi b/recipes-sparc/multi
index ed9aec7e..4b950102 100644
--- a/recipes-sparc/multi
+++ b/recipes-sparc/multi
@@ -14,7 +14,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext2 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 50000 $default_filesystem
$lvmok{ }
method{ format }
format{ }

24
helpers/DATA/pkgsel/patch_changes/000-propagate_installer-chosen_locale_to_tasksel.patch Normal file
View file

@ -0,0 +1,24 @@
diff --git a/debian/postinst b/debian/postinst
index 2f35032b..da97a4c7 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -158,8 +158,18 @@ fi
if db_get pkgsel/run_tasksel && [ "$RET" = true ]; then
log "starting tasksel"
db_progress INFO pkgsel/progress/tasksel
+ # Propagate installer-chosen locale to tasksel so tests/lang can auto-select l10n
+ db_get debian-installer/locale || true
+ LOCALE="$RET"
+ if [ -n "$LOCALE" ]; then
+ LANG="$LOCALE"
+ NOENC="${LOCALE%%.*}"
+ BASE="${NOENC%%_*}"
+ LANGUAGE="${NOENC}:${BASE}"
+ export LANG LANGUAGE
+ fi
apt-install tasksel # ensure tasksel is installed
- DEBIAN_TASKS_ONLY=1 in-target sh -c "tasksel --new-install --debconf-apt-progress='--from $tasksel_start --to $tasksel_end --logstderr'" || aptfailed
+ DEBIAN_TASKS_ONLY=1 in-target sh -c "LANG='$LANG' LANGUAGE='$LANGUAGE' tasksel --new-install --debconf-apt-progress='--from $tasksel_start --to $tasksel_end --logstderr'" || aptfailed
fi
if db_get pkgsel/include/install-recommends; then

37
helpers/DATA/plymouth/patch_changes/10ac8d2dc927b112ce6aeb06bc73d9c46550954c.patch Normal file
View file

@ -0,0 +1,37 @@
From 10ac8d2dc927b112ce6aeb06bc73d9c46550954c Mon Sep 17 00:00:00 2001
From: n3rdopolis <bluescreen_avenger@verizon.net>
Date: Tue, 6 Feb 2024 18:52:25 -0500
Subject: [PATCH] ply-boot-splash: Set unbuffered input when creating a text
display
---
src/libply-splash-core/ply-boot-splash.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/libply-splash-core/ply-boot-splash.c b/src/libply-splash-core/ply-boot-splash.c
index 12fb6c102..217f455e0 100644
--- a/src/libply-splash-core/ply-boot-splash.c
+++ b/src/libply-splash-core/ply-boot-splash.c
@@ -173,6 +173,7 @@ ply_boot_splash_add_text_display (ply_boot_splash_t *splash,
ply_text_display_t *display)
{
int number_of_columns, number_of_rows;
+ ply_terminal_t *terminal;
if (splash->plugin_interface->add_text_display == NULL)
return;
@@ -183,6 +184,11 @@ ply_boot_splash_add_text_display (ply_boot_splash_t *splash,
ply_trace ("adding %dx%d text display", number_of_columns, number_of_rows);
splash->plugin_interface->add_text_display (splash->plugin, display);
+
+ terminal = ply_text_display_get_terminal (display);
+ if (terminal)
+ ply_terminal_set_unbuffered_input (terminal);
+
ply_list_append_data (splash->text_displays, display);
}
--
GitLab

81
helpers/DATA/rpl
View file

@ -1,4 +1,4 @@
#!/usr/bin/python2.7
#!/usr/bin/python3
import optparse, sys, os, tempfile, re
try: import readline
@ -6,7 +6,7 @@ except ImportError: pass
from stat import *
def show_license(*eat):
print """rpl - replace strings in files
print("""rpl - replace strings in files
Copyright (C) 2004-2005 Goran Weinholt <weinholt@debian.org>
Copyright (C) 2004 Christian Haggstrom <chm@c00.info>
@ -23,7 +23,7 @@ GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
"""
""")
sys.exit(0)
def get_files(filenames, recurse, suffixen, verbose, hidden_files):
@ -31,7 +31,7 @@ def get_files(filenames, recurse, suffixen, verbose, hidden_files):
for filename in filenames:
try:
perms = os.lstat(filename)
except OSError, e:
except OSError as e:
sys.stderr.write("\nrpl: Unable to read permissions of %s."
% filename)
sys.stderr.write("\nrpl: Error: %s" % e)
@ -71,26 +71,43 @@ def unescape(s):
regex = re.compile(r'\\([0-7]{1,3}|x[0-9a-fA-F]{2}|[nrtvafb\\])')
return regex.sub(lambda match: eval('"%s"' % match.group()), s)
def blockrepl(instream, outstream, regex, before, after, blocksize=None):
patlen = len(before)
sum = 0
if not blocksize: blocksize = 2*patlen
tonext = ''
while 1:
block = instream.read(blocksize)
if not block: break
parts = regex.split(tonext+block)
sum += len(parts)-1
lastpart = parts[-1]
if lastpart:
tonext = lastpart[-patlen:]
parts[-1] = lastpart[:-len(tonext)]
else:
tonext = ''
outstream.write(after.join(parts))
outstream.write(tonext)
return sum
def blockrepl(instream, outstream, regex, before, after, blocksize=None, encoding="latin-1"):
"""
Read blocks as bytes, decode, regex-replace, re-encode, write.
Keeps python2 behavior but avoids str/bytes errors on python3.
"""
patlen = len(before)
if blocksize is None:
blocksize = 2 * patlen if patlen else 4096
matches = 0
carry = "" # tail carried to the next block, as str
while True:
chunk = instream.read(blocksize)
if not chunk:
break
# Decode the new bytes and prepend any carryover from previous loop
block = carry + chunk.decode(encoding, errors="surrogateescape")
parts = regex.split(block)
matches += len(parts) - 1
# Preserve the last *patlen* chars in case the pattern straddles blocks
tail = parts[-1]
if tail:
carry = tail[-patlen:]
parts[-1] = tail[:-len(carry)]
else:
carry = ""
outstream.write(after.join(parts).encode(encoding, errors="surrogateescape"))
if carry:
outstream.write(carry.encode(encoding, errors="surrogateescape"))
return matches
def main():
# First we parse the command line arguments...
usage = "usage: %prog [options] old_string new_string target_file(s)"
@ -163,7 +180,7 @@ def main():
sys.stderr.write("(ignoring case)? (Y/[N]) ")
else:
sys.stderr.write("(case sensitive)? (Y/[N]) ")
line = raw_input()
line = input()
if line != "" and line[0] in "nN":
sys.stderr.write("\nrpl: User cancelled operation.\n")
sys.exit(os.EX_TEMPFAIL)
@ -195,7 +212,7 @@ def main():
for filename, perms in files:
# Open the input file
try: f = open(filename, "rb")
except IOError, e:
except IOError as e:
sys.stderr.write("\nrpl: Unable to open %s for reading." % fn)
sys.stderr.write("\nrpl: Error: %s" % e)
sys.stderr.write("\nrpl: SKIPPING %s\n\n" % fn)
@ -209,7 +226,7 @@ def main():
try:
o, tmp_path = tempfile.mkstemp("", ".tmp.")
o = os.fdopen(o, "wb")
except OSError, e:
except OSError as e:
sys.stderr.write("\nrpl: Unable to create temp file.")
sys.stderr.write("\nrpl: Error: %s" % e)
sys.stderr.write("\nrpl: (Type \"rpl -h\" and consider \"-t\" to specify temp file location.)")
@ -220,7 +237,7 @@ def main():
try:
os.chown(tmp_path, perms.st_uid, perms.st_gid)
os.chmod(tmp_path, perms.st_mode)
except OSError, e:
except OSError as e:
sys.stderr.write("\nrpl: Unable to set owner/group/perms of %s"
% filename)
sys.stderr.write("\nrpl: Error: %s" % e)
@ -250,7 +267,7 @@ def main():
if opts.dry_run:
try:
fn = os.path.realpath(filename)
except OSError, e:
except OSError as e:
fn = filename
if not opts.quiet: sys.stderr.write(" %s\n" % fn)
os.unlink(tmp_path)
@ -261,7 +278,7 @@ def main():
sys.stderr.write("\nSave '%s' ? ([Y]/N) " % filename)
line = ""
while line == "" or line[0] not in "Yy\nnN":
line = raw_input()
line = input()
if line[0] in "nN":
sys.stderr.write("Not Saved.\n")
os.unlink(tmp_path)
@ -270,14 +287,14 @@ def main():
if opts.do_backup:
try: os.rename(filename, filename + "~")
except OSError, e:
except OSError as e:
sys.stderr.write("rpl: An error occured renaming %s to %s." % (filename, filename + "~"))
sys.stderr.write("\nrpl: Error: %s" % e)
continue
# Rename the file
try: os.rename(tmp_path, filename)
except OSError, e:
except OSError as e:
sys.stderr.write("rpl: An error occured replacing %s with %s."
% (tmp_path, filename))
sys.stderr.write("\nrpl: Error: %s" % e)
@ -287,7 +304,7 @@ def main():
# Restore the times
if opts.keep_times:
try: os.utime(filename, (perms.st_atime, perms.st_mtime))
except OSError, e:
except OSError as e:
sys.stderr.write("\nrpl: An error occured setting the access time and mod time of the file %s.", filename)
sys.stderr.write("\nrpl: Error: %s" % e)
total_matches += matches

75
helpers/DATA/sbuild/patch_changes/000-add_distro-info_auto-detect.patch Normal file
View file

@ -0,0 +1,75 @@
diff --git a/lib/Sbuild/Conf.pm b/lib/Sbuild/Conf.pm
index 79ae1c15..4ae269ce 100644
--- a/lib/Sbuild/Conf.pm
+++ b/lib/Sbuild/Conf.pm
@@ -42,9 +42,35 @@ BEGIN {
@EXPORT = qw(new setup read);
}
-my $ubuntu_mmdebstrap_extra_args = {};
use Debian::DistroInfo;
-for my $series (UbuntuDistroInfo->new()->supported()) {
+
+# Add distro-info provider auto-detect switch
+our $DISTROINFO_CLASS;
+our $IS_TRISQUEL = 0;
+BEGIN {
+ eval {
+ require Debian::DistroInfo;
+ Debian::DistroInfo->import();
+ 1;
+ };
+ if (defined &UbuntuDistroInfo::new) {
+ $DISTROINFO_CLASS = 'UbuntuDistroInfo';
+ warn "sbuild: Debian::DistroInfo used: Ubuntu\n";
+ } elsif (defined &TrisquelDistroInfo::new) {
+ $DISTROINFO_CLASS = 'TrisquelDistroInfo';
+ $IS_TRISQUEL = 1;
+ warn "sbuild: Debian::DistroInfo used: Trisquel\n";
+ } else {
+ $DISTROINFO_CLASS = undef;
+ warn "sbuild: Debian::DistroInfo not available; mmdebstrap extras disabled at build-time\n";
+ }
+}
+
+my $ubuntu_mmdebstrap_extra_args = {};
+my $trisquel_mmdebstrap_extra_args = {};
+
+if (defined $DISTROINFO_CLASS && $DISTROINFO_CLASS eq 'UbuntuDistroInfo') {
+ for my $series (UbuntuDistroInfo->new()->supported()) {
$ubuntu_mmdebstrap_extra_args->{$series} = [ '--components=main,universe' ];
# We use snapshot.ubuntu.com here so it works both for ports and non-ports architectures without having to do complicated architecture detection logic
$ubuntu_mmdebstrap_extra_args->{"$series-proposed"} = [
@@ -63,6 +83,32 @@ for my $series (UbuntuDistroInfo->new()->supported()) {
'--components=main,universe',
'--setup-hook=sed -i /-updates/d "$1"/etc/apt/sources.list',
];
+ }
+}
+
+if (defined $DISTROINFO_CLASS && $DISTROINFO_CLASS eq 'TrisquelDistroInfo') {
+ for my $series (TrisquelDistroInfo->new()->supported()) {
+ $trisquel_mmdebstrap_extra_args->{$series} = [ '--components=main' ];
+ $trisquel_mmdebstrap_extra_args->{"$series-updates"} = [
+ '--components=main',
+ '--include=ca-certificates',
+ '--setup-hook=echo "deb [signed-by=/usr/share/keyrings/trisquel-archive-keyring.gpg] https://archive.trisquel.org/trisquel ' . $series . '-updates main" > "$1"/etc/apt/sources.list.d/updates.list'
+ ];
+ $trisquel_mmdebstrap_extra_args->{"$series-security"} = [
+ '--components=main',
+ '--include=ca-certificates',
+ '--setup-hook=echo "deb [signed-by=/usr/share/keyrings/trisquel-archive-keyring.gpg] https://archive.trisquel.org/trisquel ' . $series . '-security main" > "$1"/etc/apt/sources.list.d/security.list'
+ ];
+ $trisquel_mmdebstrap_extra_args->{"$series-backports"} = [
+ '--components=main',
+ '--include=ca-certificates',
+ '--setup-hook=echo "deb [signed-by=/usr/share/keyrings/trisquel-archive-keyring.gpg] https://archive.trisquel.org/trisquel ' . $series . '-backports main" > "$1"/etc/apt/sources.list.d/backports.list'
+ ];
+ }
+}
+
+if ($IS_TRISQUEL) {
+ $ubuntu_mmdebstrap_extra_args = $trisquel_mmdebstrap_extra_args;
}
sub setup ($);

0
helpers/DATA/software-properties/remove_ubuntu_subscription_tab.patch → helpers/DATA/software-properties/patch_changes/001-remove_ubuntu_subscription_tab.patch
View file

0
helpers/DATA/software-properties/remove_proposed_updates.patch → helpers/DATA/software-properties/patch_changes/002-remove_proposed_updates.patch
View file

0
helpers/DATA/software-properties/fix_PPA_upstream_codename.patch → helpers/DATA/software-properties/patch_changes/003-fix_PPA_upstream_codename.patch
View file

0
helpers/DATA/software-properties/removal_of_snaps_other_packages_referral.patch → helpers/DATA/software-properties/patch_changes/004-removal_of_snaps_other_packages_referral.patch
View file

0
helpers/DATA/software-properties/rm_extend_esm_url_link.patch → helpers/DATA/software-properties/patch_changes/005-rm_extend_esm_url_link.patch
View file

12
helpers/DATA/software-properties/patch_changes/006-add_new_dependency_for_s-p-111.patch Normal file
View file

@ -0,0 +1,12 @@
diff --git a/debian/control b/debian/control
index 2dc835cb..d7ec094e 100644
--- a/debian/control
+++ b/debian/control
@@ -102,6 +102,7 @@ Depends: debconf-kde-helper,
python3-pyqt6,
python3-sip,
python3-software-properties (= ${binary:Version}),
+ pyqt6-dev-tools,
software-properties-common,
${misc:Depends},
${python3:Depends}

29
helpers/DATA/tasksel/Makefile
View file

@ -10,9 +10,22 @@ UDESCDIR=trisquel-tasks
DESCPO=$(DESCDIR)/po
VERSION=$(shell expr "`dpkg-parsechangelog 2>/dev/null |grep Version:`" : '.*Version: \(.*\)' | cut -d - -f 1)
LANGS=ar bg bn bs ca cs cy da de dz el eo es et eu fa fi fr gl gu he hi hr hu hy id it ja km ko lt lv mg mk nb ne nl nn pa pl pt_BR pt ro ru sk sl sq sv ta te th tl tr uk vi wo zh_CN zh_TW
LANGS_DESC=ar bg bn bs ca cs cy da de dz el eo es et et eu fi fr gl gu he hi hr hu id it ja km ko lt lv mg mk nb ne nl nn pa pl pt_BR pt ro ru sk sl sq sv te th tl tr uk vi wo zh_CN zh_TW
LANGS_DESC=ar bg bn bs ca cs cy da de dz el eo es et eu fi fr gl gu he hi hr hu id it ja km ko lt lv mg mk nb ne nl nn pa pl pt_BR pt ro ru sk sl sq sv te th tl tr uk vi wo zh_CN zh_TW
LOCALEDIR=$(DESTDIR)/usr/share/locale
# ---- L10N generation ----
# l10n base
L10N_PKGS = language-pack hunspell hyphen mythes
# Desktops l10n
L10N_PKGS += language-pack-gnome language-pack-kde
# Apps l10n (condition in runtime)
L10N_PKGS += abrowser-locale icedove-locale libreoffice-l10n
GEN_LANG_STAMP = $(UDESCDIR)/.lang_generated
$(GEN_LANG_STAMP): lang-gen.sh
./lang-gen.sh "$(LANGS_DESC)" "$(L10N_PKGS)" $(UDESCDIR)
touch $@
all: $(UTASKDESC) po/build_stamp
$(TASKDESC): makedesc.pl $(DESCDIR)/[a-z]??*
@ -22,8 +35,10 @@ $(TASKDESC): makedesc.pl $(DESCDIR)/[a-z]??*
$(UDESCDIR): trisquel-seeds.pl
USUITE=$CODENAME
$(UTASKDESC): makedesc.pl $(UDESCDIR)/[a-z]??*
$(UTASKDESC): $(GEN_LANG_STAMP) makedesc.pl $(UDESCDIR)/*
./makedesc.pl $(UDESCDIR) $(UTASKDESC)
# drop a blank first line if present to avoid parser warnings
sed -i '1{/^$$/d}' $(UTASKDESC)
%.o: %.c
$(COMPILE) $<
@ -56,10 +71,12 @@ install:
pod2man --section=8 --center "Debian specific manpage" --release $(VERSION) tasksel.pod | gzip -9c > $(DESTDIR)/usr/share/man/man8/tasksel.8.gz
for lang in $(LANGS); do \
[ ! -d $(LOCALEDIR)/$$lang/LC_MESSAGES/ ] && mkdir -p $(LOCALEDIR)/$$lang/LC_MESSAGES/; \
if [ -f po/$$lang.mo ]; then \
install -m 644 po/$$lang.mo $(LOCALEDIR)/$$lang/LC_MESSAGES/tasksel.mo; \
fi; \
done
install-data:
install-data: $(UTASKDESC)
install -d $(DESTDIR)$(TASKDIR)/descs \
$(DESTDIR)/usr/lib/tasksel/info \
$(DESTDIR)/usr/lib/tasksel/tests
@ -77,15 +94,9 @@ install-data:
[ "$$package" = "packages/list" ] && continue; \
install -m 755 $$package $(DESTDIR)/usr/lib/tasksel/packages/; \
done
#Dropped
# for lang in $(LANGS_DESC); do \
# [ ! -d $(LOCALEDIR)/$$lang/LC_MESSAGES/ ] && mkdir -p $(LOCALEDIR)/$$lang/LC_MESSAGES/; \
# install -m 644 $(DESCDIR)/po/$$lang.mo $(LOCALEDIR)/$$lang/LC_MESSAGES/$(DOMAIN).mo; \
# done
clean:
rm -f $(TASKDESC) $(UTASKDESC) *~
rm -rf debian/external-overrides
$(MAKE) -C po clean
$(MAKE) -C $(DESCPO) clean

50
helpers/DATA/tasksel/lang-gen.sh Executable file
View file

@ -0,0 +1,50 @@
#!/bin/sh
set -e
# Args:
# $1 = LANGS_DESC (lista de códigos crudos)
# $2 = L10N_PKGS (familias base: language-pack, -gnome, hunspell, hyphen, mythes)
# $3 = destino (directorio trisquel-tasks)
raw_langs="$1"
families="$2"
dest="$3"
canon() {
case "$1" in
pt_BR) echo pt ;;
zh_CN) echo zh-hans ;;
zh_TW) echo zh-hant ;;
*) echo "${1%%_*}" ;;
esac
}
have_pkg() { apt-cache show "$1" >/dev/null 2>&1; }
mkdir -p "$dest"
# de-dup
uniq_langs=$(for l in $raw_langs; do canon "$l"; done | tr ' ' '\n' | sort -u)
for lang in $uniq_langs; do
base="language-pack-$lang"
if ! have_pkg "$base"; then
echo "skip: $lang (no $base)" >&2
continue
fi
f="$dest/l10n-$lang"
{
echo "Task: $lang"
echo "Description: $lang environment"
echo " This task localises the desktop in $lang."
echo "Key:"
echo " $base"
echo "Packages: list"
for fam in $families; do
echo " ${fam}-${lang}"
done
echo "Section: l10n"
echo "Test-lang: $lang"
echo
} > "$f"
done

57
helpers/DATA/tasksel/list Normal file
View file

@ -0,0 +1,57 @@
#!/bin/sh
# $1 = task name, $2..$N = packages (from "Packages: list")
# Runtime policy:
# - language-pack-gnome-* > MATE/GNOME/LXDE
# - language-pack-kde-* > KDE (Triskel)
# - abrowser-/firefox-locale-* > all desktops (MATE/GNOME/LXDE/KDE), not console
# - libreoffice-l10n-*, icedove-locale-* > MATE/GNOME/KDE; not LXDE/console
# - skip non-existent candidates (avoid APT 100)
shift 1
debconf_get() {
[ -x /usr/bin/debconf-communicate ] || return
printf 'GET %s\n' "$1" | /usr/bin/debconf-communicate 2>/dev/null \
| awk 'NR==1 && $1==0 { $1=""; sub(/^ /,""); print }'
}
has_pkg() { /usr/bin/dpkg-query -W -f='${Status}\n' "$1" 2>/dev/null | grep -q 'ok installed'; }
exists() { LC_ALL=C /usr/bin/apt-cache policy "$1" 2>/dev/null | awk '/Candidate:/ {print $2}' | grep -qxv '(none)'; }
sel="$(debconf_get pkgsel/desktop) $(debconf_get tasksel/first)"
case "$sel" in
*triskel*) FLAVOR=kde ;;
*trisquel-mini*) FLAVOR=lxde ;;
*trisquel-gnome*) FLAVOR=gnome ;;
*trisquel-desktop*) FLAVOR=mate ;;
*) FLAVOR=unknown ;;
esac
if [ "$FLAVOR" = unknown ]; then
if has_pkg triskel || has_pkg plasma-desktop; then FLAVOR=kde
elif has_pkg trisquel-mini || has_pkg lxde-core; then FLAVOR=lxde
elif has_pkg trisquel-gnome || has_pkg gnome-shell; then FLAVOR=gnome
elif has_pkg trisquel-desktop || has_pkg mate-desktop-environment; then FLAVOR=mate
else FLAVOR=console
fi
fi
is_kde=false; [ "$FLAVOR" = kde ] && is_kde=true
is_gtk=false; echo "$FLAVOR" | grep -Eq '^(mate|gnome|lxde)$' && is_gtk=true
is_console=false; [ "$FLAVOR" = console ] && is_console=true
is_desktop=true; $is_console && is_desktop=false
emit() {
p="$1"; [ -n "$p" ] || return
case "$p" in
language-pack-gnome-*) $is_gtk || return ;;
language-pack-kde-*) $is_kde || return ;;
abrowser-l10n-*|abrowser-locale-*|firefox-locale-*)
$is_desktop || return ;;
libreoffice-l10n-*) echo "$FLAVOR" | grep -Eq '^(lxde|console)$' && return ;;
icedove-locale-*) echo "$FLAVOR" | grep -Eq '^(lxde|console)$' && return ;;
esac
exists "$p" && printf '%s\n' "$p"
}
for p in "$@"; do emit "$p"; done

1
helpers/DATA/tasksel/trisquel-tasks/dns-server
View file

@ -2,6 +2,5 @@ Task: dns-server
Section: server
Description: Bind9 DNS server
Selects the BIND DNS server and its documentation.
Packages: list
Key:
bind9

1
helpers/DATA/tasksel/trisquel-tasks/ltsp-server
View file

@ -2,7 +2,6 @@ Task: ltsp-server
Section: user
Description: LTSP server
This task provides a LTSP server on a Trisquel console environment with a server optimized kernel.
Packages: list
Key:
trisquel-base
trisquel-base-recommended

1
helpers/DATA/tasksel/trisquel-tasks/mail-server
View file

@ -3,6 +3,5 @@ Section: server
Description: Postfix mail server
This task selects a variety of package useful for a general purpose mail
server system.
Packages: list
Key:
postfix

1
helpers/DATA/tasksel/trisquel-tasks/openssh-server
View file

@ -2,6 +2,5 @@ Task: openssh-server
Section: server
Description: OpenSSH secure shell server
Selects packages needed for an OpenSSH server.
Packages: list
Key:
openssh-server

1
helpers/DATA/tasksel/trisquel-tasks/print-server
View file

@ -2,7 +2,6 @@ Task: print-server
Section: server
Description: Cups print server
This task sets up your system to be a print server.
Packages: list
Key:
cups
cups-bsd

1
helpers/DATA/tasksel/trisquel-tasks/samba-server
View file

@ -3,6 +3,5 @@ Section: server
Description: Samba SMB file server
This task sets up your system to be a Samba file server, which is
especially suitable in networks with both Windows and GNU/Linux systems.
Packages: list
Key:
samba

1
helpers/DATA/tasksel/trisquel-tasks/triskel
View file

@ -2,7 +2,6 @@ Task: triskel
Section: user
Description: Triskel desktop environment
This task provides a KDE based Trisquel desktop environment and applications.
Packages: list
Key:
triskel
triskel-recommended

1
helpers/DATA/tasksel/trisquel-tasks/trisquel-console
View file

@ -2,7 +2,6 @@ Task: trisquel-console
Section: user
Description: Trisquel console environment
This task provides a basic Trisquel console environment
Packages: list
Key:
trisquel-base
trisquel-base-recommended

1
helpers/DATA/tasksel/trisquel-tasks/trisquel-desktop
View file

@ -2,7 +2,6 @@ Task: trisquel-desktop
Section: user
Description: Trisquel desktop environment
This task provides the standard Trisquel desktop environment and applications.
Packages: list
Key:
trisquel
trisquel-recommended

1
helpers/DATA/tasksel/trisquel-tasks/trisquel-gnome
View file

@ -2,7 +2,6 @@ Task: trisquel-gnome
Section: user
Description: Trisquel GNOME environment
This task provides a Trisquel desktop based on the GNOME environment
Packages: list
Key:
trisquel-gnome
trisquel-gnome-recommended

1
helpers/DATA/tasksel/trisquel-tasks/trisquel-mini
View file

@ -2,7 +2,6 @@ Task: trisquel-mini
Section: user
Description: Trisquel mini environment
This task provides a small Trisquel desktop environment
Packages: list
Key:
trisquel-mini
trisquel-mini-recommended

1
helpers/DATA/tasksel/trisquel-tasks/web-server
View file

@ -2,7 +2,6 @@ Task: web-server
Section: server
Description: GLAMP web server
Selects a ready-made GNU+Linux/Apache/MySQL/PHP server.
Packages: list
Key:
apache2
mysql-server

77
helpers/DATA/ubiquity/99trisquel Executable file
View file

@ -0,0 +1,77 @@
#!/bin/sh
set -e
file="$1"
: "${ROOT:=/target}"
SD="$ROOT/etc/apt/sources.list.d"
SF="$SD/trisquel.sources"
MSG="# Trisquel sources have moved to /etc/apt/sources.list.d/trisquel.sources"
SAVETO="$ROOT/etc/apt/sources.list.new"
mkdir -p "$SD"
FASTEST=https://archive.trisquel.org/trisquel/
SPEED=1000000000000
if nm-online -xq
then
for i in $(grep '//' /usr/share/python-apt/templates/Trisquel.mirrors | sed 's|/$||')
do
echo Testing $i
TIME=$(date +%s%N)
wget --no-check-certificate -t 1 -T 5 --max-redirect=0 -o /dev/null -O /dev/null $i/speedtest || continue
TIME2=$(date +%s%N)
ELAPSED=$(expr $TIME2 - $TIME)
echo Time: $ELAPSED
if [ $ELAPSED -lt $SPEED ]
then
FASTEST=$i
SPEED=$ELAPSED
fi
done
fi
echo "Selected mirror: $FASTEST"
MIRROR=$FASTEST
RELEASE=$(lsb_release -c | cut -f 2)
# Ensure MIRROR ends with a single trailing slash for Deb822 URIs
case "$MIRROR" in
*/) : ;;
*) MIRROR="$MIRROR/";;
esac
# Use keyring in /usr/share/keyrings
SIGNED_BY="/usr/share/keyrings/trisquel-archive-keyring.gpg"
# Write Deb822 sources file in the requested structure
cat << EOF > "$SF"
# Trisquel repositories for supported software and updates
Types: deb
URIs: ${MIRROR}
Suites: ${RELEASE} ${RELEASE}-updates ${RELEASE}-security
Components: main
Signed-By: ${SIGNED_BY}
# Source package repositories
Types: deb-src
URIs: ${MIRROR}
Suites: ${RELEASE} ${RELEASE}-updates ${RELEASE}-security
Components: main
Signed-By: ${SIGNED_BY}
# Optional backports repository
Enabled: no
Types: deb deb-src
URIs: ${MIRROR}
Suites: ${RELEASE}-backports
Components: main
Signed-By: ${SIGNED_BY}
EOF
# Keep the legacy file and the pipeline temp file as a single breadcrumb line
printf '%s\n' "$MSG" > "$SAVETO"
: > "$file"
exit 0

234
helpers/DATA/ubiquity/patch_changes/000-set_trisquel_default_partman_recipe.patch Normal file
View file

@ -0,0 +1,234 @@
diff --git a/d-i/source/partman-auto/recipes-alpha/multi b/d-i/source/partman-auto/recipes-alpha/multi
index 186decf7..5916d8ee 100644
--- a/d-i/source/partman-auto/recipes-alpha/multi
+++ b/d-i/source/partman-auto/recipes-alpha/multi
@@ -10,7 +10,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext2 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 51200 $default_filesystem
method{ format }
format{ }
use_filesystem{ }
diff --git a/d-i/source/partman-auto/recipes-armel-kirkwood/multi b/d-i/source/partman-auto/recipes-armel-kirkwood/multi
index 690676a3..bcdea3fa 100644
--- a/d-i/source/partman-auto/recipes-armel-kirkwood/multi
+++ b/d-i/source/partman-auto/recipes-armel-kirkwood/multi
@@ -9,7 +9,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext2 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 51200 $default_filesystem
$lvmok{ }
$primary{ }
method{ format }
diff --git a/d-i/source/partman-auto/recipes-armel-orion5x/multi b/d-i/source/partman-auto/recipes-armel-orion5x/multi
index 690676a3..bcdea3fa 100644
--- a/d-i/source/partman-auto/recipes-armel-orion5x/multi
+++ b/d-i/source/partman-auto/recipes-armel-orion5x/multi
@@ -9,7 +9,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext2 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 51200 $default_filesystem
$lvmok{ }
$primary{ }
method{ format }
diff --git a/d-i/source/partman-auto/recipes-armhf-efikasb/multi b/d-i/source/partman-auto/recipes-armhf-efikasb/multi
index 690676a3..bcdea3fa 100644
--- a/d-i/source/partman-auto/recipes-armhf-efikasb/multi
+++ b/d-i/source/partman-auto/recipes-armhf-efikasb/multi
@@ -9,7 +9,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext2 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 51200 $default_filesystem
$lvmok{ }
$primary{ }
method{ format }
diff --git a/d-i/source/partman-auto/recipes-hppa/multi b/d-i/source/partman-auto/recipes-hppa/multi
index c984ae28..eabbfbb4 100644
--- a/d-i/source/partman-auto/recipes-hppa/multi
+++ b/d-i/source/partman-auto/recipes-hppa/multi
@@ -12,7 +12,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext4 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 51200 $default_filesystem
$lvmok{ }
$bootable{ }
method{ format }
diff --git a/d-i/source/partman-auto/recipes-mipsel-loongson-2f/multi b/d-i/source/partman-auto/recipes-mipsel-loongson-2f/multi
index cf0e860a..0eab6089 100644
--- a/d-i/source/partman-auto/recipes-mipsel-loongson-2f/multi
+++ b/d-i/source/partman-auto/recipes-mipsel-loongson-2f/multi
@@ -9,7 +9,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext2 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 51200 $default_filesystem
$lvmok{ }
method{ format }
format{ }
diff --git a/d-i/source/partman-auto/recipes-powerpc-apus/multi b/d-i/source/partman-auto/recipes-powerpc-apus/multi
index 1ac8e5d9..5dd492ce 100644
--- a/d-i/source/partman-auto/recipes-powerpc-apus/multi
+++ b/d-i/source/partman-auto/recipes-powerpc-apus/multi
@@ -14,7 +14,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext2 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 51200 $default_filesystem
$lvmok{ }
$primary{ }
method{ format }
diff --git a/d-i/source/partman-auto/recipes-powerpc-chrp_ibm/multi b/d-i/source/partman-auto/recipes-powerpc-chrp_ibm/multi
index f42943e8..341d40fc 100644
--- a/d-i/source/partman-auto/recipes-powerpc-chrp_ibm/multi
+++ b/d-i/source/partman-auto/recipes-powerpc-chrp_ibm/multi
@@ -14,7 +14,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext2 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 51200 $default_filesystem
$lvmok{ }
$primary{ }
method{ format }
diff --git a/d-i/source/partman-auto/recipes-powerpc-chrp_pegasos/multi b/d-i/source/partman-auto/recipes-powerpc-chrp_pegasos/multi
index d8effcff..b947d8d6 100644
--- a/d-i/source/partman-auto/recipes-powerpc-chrp_pegasos/multi
+++ b/d-i/source/partman-auto/recipes-powerpc-chrp_pegasos/multi
@@ -7,7 +7,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext2 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 51200 $default_filesystem
$lvmok{ }
method{ format }
format{ }
diff --git a/d-i/source/partman-auto/recipes-powerpc-powermac_newworld/multi b/d-i/source/partman-auto/recipes-powerpc-powermac_newworld/multi
index 1d3b421b..c213840b 100644
--- a/d-i/source/partman-auto/recipes-powerpc-powermac_newworld/multi
+++ b/d-i/source/partman-auto/recipes-powerpc-powermac_newworld/multi
@@ -7,7 +7,7 @@ partman-auto/text/multi_scheme ::
filesystem{ hfs }
mountpoint{ /boot/grub } .
-2000 3500 25000 $default_filesystem
+8000 10000 51200 $default_filesystem
$lvmok{ }
method{ format }
format{ }
diff --git a/d-i/source/partman-auto/recipes-powerpc-powermac_oldworld/multi b/d-i/source/partman-auto/recipes-powerpc-powermac_oldworld/multi
index d8effcff..b947d8d6 100644
--- a/d-i/source/partman-auto/recipes-powerpc-powermac_oldworld/multi
+++ b/d-i/source/partman-auto/recipes-powerpc-powermac_oldworld/multi
@@ -7,7 +7,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext2 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 51200 $default_filesystem
$lvmok{ }
method{ format }
format{ }
diff --git a/d-i/source/partman-auto/recipes-powerpc-prep/multi b/d-i/source/partman-auto/recipes-powerpc-prep/multi
index f206800c..43c4774a 100644
--- a/d-i/source/partman-auto/recipes-powerpc-prep/multi
+++ b/d-i/source/partman-auto/recipes-powerpc-prep/multi
@@ -5,7 +5,7 @@ partman-auto/text/multi_scheme ::
$bootable{ }
method{ prep } .
-2000 3500 25000 $default_filesystem
+8000 10000 51200 $default_filesystem
$lvmok{ }
$primary{ }
method{ format }
diff --git a/d-i/source/partman-auto/recipes-sparc/multi b/d-i/source/partman-auto/recipes-sparc/multi
index ed9aec7e..4b950102 100644
--- a/d-i/source/partman-auto/recipes-sparc/multi
+++ b/d-i/source/partman-auto/recipes-sparc/multi
@@ -14,7 +14,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext2 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 51200 $default_filesystem
$lvmok{ }
method{ format }
format{ }
diff --git a/d-i/source/partman-auto/recipes/multi b/d-i/source/partman-auto_/recipes/multi
index b4b70373..d115e4d9 100644
--- a/d-i/source/partman-auto/recipes/multi
+++ b/d-i/source/partman-auto_/recipes/multi
@@ -20,7 +20,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext4 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 51200 $default_filesystem
$lvmok{ }
method{ format }
format{ }
diff --git a/d-i/source/partman-auto/recipes-amd64-efi/multi b/d-i/source/partman-auto_/recipes-amd64-efi/multi
index bbf8aa4e..7fa47d15 100644
--- a/d-i/source/partman-auto/recipes-amd64-efi/multi
+++ b/d-i/source/partman-auto_/recipes-amd64-efi/multi
@@ -15,7 +15,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext4 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 51200 $default_filesystem
$lvmok{ }
method{ format }
format{ }
diff --git a/d-i/source/partman-auto/recipes-armhf/multi b/d-i/source/partman-auto_/recipes-armhf/multi
index b3a9e77b..f490e8fd 100644
--- a/d-i/source/partman-auto/recipes-armhf/multi
+++ b/d-i/source/partman-auto_/recipes-armhf/multi
@@ -9,7 +9,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext4 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 51200 $default_filesystem
$lvmok{ }
$primary{ }
method{ format }
diff --git a/d-i/source/partman-auto/recipes-ia64/multi b/d-i/source/partman-auto_/recipes-ia64/multi
index 3b120834..2fa16eaa 100644
--- a/d-i/source/partman-auto/recipes-ia64/multi
+++ b/d-i/source/partman-auto_/recipes-ia64/multi
@@ -5,7 +5,7 @@ partman-auto/text/multi_scheme ::
method{ efi }
format{ } .
-2000 3500 25000 $default_filesystem
+8000 10000 51200 $default_filesystem
$primary{ }
method{ format }
format{ }
diff --git a/d-i/source/partman-auto/recipes-ppc64el/multi b/d-i/source/partman-auto_/recipes-ppc64el/multi
index b95319b9..d86962fa 100644
--- a/d-i/source/partman-auto/recipes-ppc64el/multi
+++ b/d-i/source/partman-auto_/recipes-ppc64el/multi
@@ -15,7 +15,7 @@ partman-auto/text/multi_scheme ::
filesystem{ ext4 }
mountpoint{ /boot } .
-2000 3500 25000 $default_filesystem
+8000 10000 51200 $default_filesystem
$lvmok{ }
$primary{ }
method{ format }

14
helpers/DATA/ubiquity/patch_changes/006-force_environment_software_gl_for_ubiquity.patch Normal file
View file

@ -0,0 +1,14 @@
diff --git a/bin/ubiquity b/bin/ubiquity
index e3f07a0c..5254f1f7 100755
--- a/bin/ubiquity
+++ b/bin/ubiquity
@@ -22,6 +22,9 @@ import locale
from operator import attrgetter
import optparse
import os
+# Force software GL for the installer; overridable by environment. (TPH!1804)
+if 'LIBGL_ALWAYS_SOFTWARE' not in os.environ:
+ os.environ['LIBGL_ALWAYS_SOFTWARE'] = '1'
import pwd
import shutil
import subprocess

27
helpers/DATA/ubiquity/patch_changes/007-setup_deb822_mirrors_setup.patch Normal file
View file

@ -0,0 +1,27 @@
diff --git a/d-i/source/apt-setup/generators/01setup b/d-i/source/apt-setup/generators/01setup
index b4b0ea40..c4933286 100755
--- a/d-i/source/apt-setup/generators/01setup
+++ b/d-i/source/apt-setup/generators/01setup
@@ -5,6 +5,22 @@ set -e
file="$1"
+# Ensure ROOT default; allow override
+: "${ROOT:=/target}"
+
+# If Deb822 sources already exist in the target, don't emit anything, let 99trisquel to take over.
+if [ -d "$ROOT/etc/apt/sources.list.d" ] && ls "$ROOT/etc/apt/sources.list.d/"*.sources >/dev/null 2>&1; then
+ : > "$file"
+ exit 0
+else
+ # Fallback: add old file as comments (tolerant if missing)
+ if [ -r "$ROOT/etc/apt/sources.list" ]; then
+ sed 's/^/# /' < "$ROOT/etc/apt/sources.list" | sed 's/^# # */# /' > "$file"
+ else
+ : > "$file"
+ fi
+fi
+
# add old file as comments
sed 's/^/# /' < $ROOT/etc/apt/sources.list | sed 's/^# # */# /' > $file

82
helpers/DATA/ubuntu-release-upgrader/patch_changes/001-prevent_lxde-trisquel-mini_logging_session_start.patch Normal file
View file

@ -0,0 +1,82 @@
diff --git a/DistUpgrade/DistUpgradeQuirks.py b/DistUpgrade/DistUpgradeQuirks.py
index 9423f091..c20e3079 100644
--- a/DistUpgrade/DistUpgradeQuirks.py
+++ b/DistUpgrade/DistUpgradeQuirks.py
@@ -190,6 +190,7 @@ class DistUpgradeQuirks(object):
""" run right before calculating the dist-upgrade """
logging.debug("running Quirks.PreDistUpgradeCache")
# self._install_python_is_python2()
+ self._protect_essential_gui()
self._maybe_remove_gpg_wks_server()
self._install_t64_replacement_packages()
self._install_pipewire_audio_on_ubuntu_studio()
@@ -204,6 +205,69 @@ class DistUpgradeQuirks(object):
self._disable_cloud_init()
# helpers
+ def _is_lxde_system(self):
+ """Return True if LXDE (trisquel-mini) is detected as installed."""
+ cache = self.controller.cache
+ for name in ("lxsession", "lxpanel", "lxde-core", "trisquel-mini"):
+ try:
+ if name in cache and getattr(cache[name], "is_installed", False):
+ return True
+ except Exception:
+ pass
+ return False
+
+ def _protect_essential_gui(self):
+ """
+ Prevent the solver from removing essential GUI session packages
+ (LightDM/LXDE). Only acts on packages that are already present.
+ """
+ # Skip on non-LXDE systems to avoid touching other desktops (KDE/Xfce, etc.)
+ if not self._is_lxde_system():
+ logging.debug("protect_essential_gui: not an LXDE system, skipping")
+ return
+
+ essential = {
+ "lightdm",
+ "lightdm-gtk-greeter",
+ "lxsession",
+ "lxpanel",
+ "lxsession-logout",
+ }
+ cache = self.controller.cache
+ resolver = apt.ProblemResolver(self.controller.cache)
+ logging.info("protect_essential_gui: conservative protection enabled")
+
+ for name in essential:
+ if name not in cache:
+ # Not in cache (e.g. different desktop), do nothing.
+ continue
+ pkg = cache[name]
+ # Keep package from being considered auto-removable in the future
+ try:
+ if hasattr(pkg, "mark_auto"):
+ pkg.mark_auto(auto=False)
+ except Exception:
+ logging.debug("protect_essential_gui: mark_auto(False) failed for %s", name)
+ # If installed, mark as user-requested and protect in the solver
+ try:
+ if getattr(pkg, "is_installed", False):
+ pkg.mark_install(from_user=True, auto_fix=True)
+ try:
+ resolver.protect(pkg)
+ except Exception:
+ logging.debug("protect_essential_gui: protect() failed for %s", name)
+ except Exception:
+ logging.debug("protect_essential_gui: keep/install failed for %s", name)
+
+ # Diagnostics: warn if APT still plans to remove any essential package
+ try:
+ to_remove = {p.name for p in cache.get_changes() if getattr(p, "marked_delete", False)}
+ bad = sorted(essential & to_remove)
+ if bad:
+ logging.warning("APT still wants to remove essential GUI packages: %s", ", ".join(bad))
+ except Exception:
+ pass
+
def _get_pci_ids(self):
""" return a set of pci ids of the system (using lspci -n) """
lspci = set()

50
helpers/DATA/ubuntu-release-upgrader/patch_changes/002-prevent_trisquel-sugar_to_fail_dependency_resolve.patch Normal file
View file

@ -0,0 +1,50 @@
diff --git a/DistUpgrade/DistUpgradeQuirks.py b/DistUpgrade/DistUpgradeQuirks.py
index f7427ac2..51f85b32 100644
--- a/DistUpgrade/DistUpgradeQuirks.py
+++ b/DistUpgrade/DistUpgradeQuirks.py
@@ -190,6 +190,7 @@ class DistUpgradeQuirks(object):
""" run right before calculating the dist-upgrade """
logging.debug("running Quirks.PreDistUpgradeCache")
# self._install_python_is_python2()
+ self._t64_transition_helper()
self._protect_essential_gui()
self._maybe_remove_gpg_wks_server()
self._install_t64_replacement_packages()
@@ -205,6 +206,37 @@ class DistUpgradeQuirks(object):
self._disable_cloud_init()
# helpers
+ def _t64_transition_helper(self):
+ """
+ Provides a minimal t64 transition focused on GLib and Qt5Core.
+ Marks the t64 variants for installation if the older packages are
+ installed. Idempotent and conservative for initial testing.
+ """
+ cache = self.controller.cache
+ log = logging.getLogger("DistUpgrade")
+
+ # Run only if at least one of the target t64 packages is in the cache.
+ if "libglib2.0-0t64" not in cache and "libqt5core5t64" not in cache:
+ log.debug("t64-helper: no target t64 packages in cache; skipping")
+ return
+
+ pairs = [
+ ("libglib2.0-0", "libglib2.0-0t64"),
+ ("libqt5core5a", "libqt5core5t64"),
+ ]
+
+ touched = []
+ for old, new in pairs:
+ try:
+ if old in cache and cache[old].is_installed and new in cache:
+ cache[new].mark_install(True, True, False)
+ touched.append(f"{old}->{new}")
+ except Exception as e:
+ log.warning("t64-helper: error marking %s->%s: %s", old, new, e)
+
+ if touched:
+ log.info("t64-helper: touched=%s", ", ".join(touched))
+
def _is_lxde_system(self):
"""Return True if LXDE (trisquel-mini) is detected as installed."""
cache = self.controller.cache

102
helpers/DATA/ubuntu-release-upgrader/patch_changes/003-prevent_trisquel_old_versioning_overcome_ecnes_new_version_scheme.patch Normal file
View file

@ -0,0 +1,102 @@
diff --git a/DistUpgrade/DistUpgradeQuirks.py b/DistUpgrade/DistUpgradeQuirks.py
index 243efc14..a63db6bb 100644
--- a/DistUpgrade/DistUpgradeQuirks.py
+++ b/DistUpgrade/DistUpgradeQuirks.py
@@ -196,6 +196,8 @@ class DistUpgradeQuirks(object):
self._install_t64_replacement_packages()
self._install_pipewire_audio_on_ubuntu_studio()
self._handle_ufw_breaks()
+ cache = self._get_cache()
+ self._prefer_ecne_suffix(cache)
# individual quirks handler that run *after* the dist-upgrade was
# calculated in the cache
@@ -206,6 +208,88 @@ class DistUpgradeQuirks(object):
self._disable_cloud_init()
# helpers
+ def _get_cache(self):
+ """
+ Return the active apt cache used by the upgrader, regardless of how
+ this DistUpgradeQuirks instance was wired in this fork.
+ """
+ for attr in ("cache", "_cache", "apt_cache"):
+ c = getattr(self, attr, None)
+ if c is not None:
+ return c
+ ctrl = getattr(self, "controller", None) or getattr(self, "_controller", None)
+ if ctrl:
+ for attr in ("cache", "_cache"):
+ c = getattr(ctrl, attr, None)
+ if c is not None:
+ return c
+ return None
+
+ def _prefer_ecne_suffix(self, cache):
+ """
+ Force candidate versions to Ecne-style (e.g. '101trisquel1') when the
+ installed version uses the older '+11.0trisquel' scheme. This avoids
+ holding back old packages and enables the intended transition/downgrade.
+ """
+ import logging
+ import apt_pkg
+
+ if cache is None or not hasattr(cache, "_depcache"):
+ logging.debug("prefer-ecne-suffix: cache not available, skipping")
+ return
+
+ changed = 0
+ depcache = cache._depcache
+
+ for pkg in cache:
+ # Only act on installed packages with the old '+11.0trisquel' suffix
+ if not getattr(pkg, "is_installed", False):
+ continue
+ inst = pkg.installed
+ if not inst:
+ continue
+ inst_ver = getattr(inst, "version", "")
+ if "+11.0trisquel" not in inst_ver:
+ continue
+
+ # Find a target version that is trisquel*-style but NOT '+11.0trisquel'
+ target = None
+ for ver in pkg.versions:
+ vstr = getattr(ver, "version", "")
+ if "+11.0trisquel" in vstr:
+ continue
+ if "trisquel" in vstr:
+ target = ver
+ break
+ if not target:
+ continue
+
+ # Resolve the underlying apt_pkg.Version so we can set it as candidate
+ aptpkg_pkg = pkg._pkg
+ aptpkg_ver = None
+ for v in aptpkg_pkg.version_list:
+ if v.ver_str == target.version:
+ aptpkg_ver = v
+ break
+ if aptpkg_ver is None:
+ continue
+
+ # Force candidate and request an upgrade/install to pull it in
+ depcache.set_candidate_ver(aptpkg_pkg, aptpkg_ver)
+ try:
+ pkg.mark_upgrade()
+ except Exception:
+ try:
+ pkg.mark_install()
+ except Exception:
+ continue
+ changed += 1
+
+ if changed:
+ logging.info("prefer-ecne-suffix: changed packages=%d", changed)
+ else:
+ logging.debug("prefer-ecne-suffix: no candidates changed")
+
def _t64_transition_helper(self):
"""
Provides a minimal t64 transition focused on GLib and Qt5Core.

Some files were not shown because too many files have changed in this diff Show more