Add "here document" block to 40_custom #2751
Conversation
Signed-off-by: pq2 <github@nhelmschmidt.de>
| @@ -99,10 +99,11 @@ GRUB_PASS="$(echo -e "$PASSWORD\n$PASSWORD" | grub-mkpasswd-pbkdf2 | grep -oP 'g | |||
| if [ -n "${PASSWORD##grub.pbkdf2.sha512.10000.}" ] | |||
| then | |||
| cat << GRUB_CONF > /etc/grub.d/40_custom | |||
|
|
|||
| cat << EOF | |||
| # Password-protect GRUB | |||
| set superusers="grub" | |||
| password_pbkdf2 grub $GRUB_PASS | |||
There was a problem hiding this comment.
Hi, thanks for your PR but I wonder if this is really necessary since there is already a surrounding cat command. Why should this make it work? Cannot we fix the surrounding cat command somehow?
There was a problem hiding this comment.
Adding those two lines fixed the issue for me. I don't know if it's possible to adjust the surrounding cat. To be honest, this solution was suggested to me by an AI, but the sources given seemed to me to fit the problem and made sense (unfortunately, the main source no longer seems to be available without an account).
There was a problem hiding this comment.
Can you show me the content of /etc/grub.d/40_custom on your instance after applying the patch?
There was a problem hiding this comment.
# Password-protect GRUB
cat << EOF
set superusers="grub"
password_pbkdf2 grub grub.pbkdf2.sha512.10000.XXXXXXX
EOF
There was a problem hiding this comment.
I fear this is not doing anything. It just stores the content in the EOF variable IIRC. So the solution does not seem correct to me...
There was a problem hiding this comment.
All I can say is that before applying this fix, updating my system always failed because apt tried to install a new kernel version, which is why update-grub was run, and this always resulted in “password_pbkdf2: not found” and a three digit return value. After this fix it worked fine.
There was a problem hiding this comment.
Yes it works fine because the config is bascially disabled...
password_pbkdf2: not found
The question is why this binary is not found?
There was a problem hiding this comment.
Yes it works fine because the config is bascially disabled...
Then, of course, this fix is not a solution
The question is why this binary is not found?
I was wondering the same thing. This problem seems to have come out of nowhere. /boot/grub2/x86_64-efi/password_pbkdf2.mod exists.
When using "update_grub"
password_pbkdf2was interpreted as a bash command. This lead to the error "password_pbkdf2: not found". This should fix the issue.