Last active
May 1, 2018 18:34
-
-
Save ajeddeloh/8be70b4e2389d59ab12af6f0d147b218 to your computer and use it in GitHub Desktop.
Draft grub updater
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
set -e | |
function patch_grub { | |
# See bug #2400 | |
local file='/boot/coreos/grub/i386-pc/linux' | |
local tmpfile="$(mktemp)" | |
local escape_hatch='/boot/coreos/grub/skip-bug-2400-patch' | |
[[ -e "${escape_hatch}" ]] && return | |
# Avoid writing to /boot if we don't need to | |
gunzip -c -S .mod "${file}.mod" > "${tmpfile}" | |
# Values derived from https://gist.github.com/ajeddeloh/365cfed1d3a326362e05f78720baf4df | |
declare -A offsets | |
offsets=( | |
[1e11052c144ae483cba4f70efe278070c50daa80d1a5febe7c0d08e401baf0ab16a542b7a34da00d7aea1591238f01d9902ac6fbfcce8d82eebcf09d97d132cd]='3378' | |
[2fd5f0fade7c4c986259524f148f79ee1d1353d7ab83d1bdd0d50e52d393d8d896c32ab64eb714ba08861b8ba4f113d19f940a04889fa407784f010f119c8c19]='3378' | |
[6d60e369c1b4b484c7221e91d80f03a782b5286137f8087b2bf22b9f54e3507c4947d2a456ba46a6ef3c0c7216dc8251c017e9122f44cba89e32f23a0542afd3]='3383' | |
[6e9e5ebb6cd1a15d5a570d9a06a56c9bf60cb047d858c7220dd9dcfd54ebb87c8e0ea4611ac98a0ab51fec9e87b265b2207973f3e4882d87f62d887da72f87ab]='3404' | |
[82b37fa4b305cab33277d2cf0249008731a69575b5689a47e72fe2a35be4440e0e116bc02191f9b0066ea3ae278327fe3409f28d25d13bae88c5f347dba6a254]='3383' | |
[8a7b03d92a8b115943e7f004820fadd2dc6ab125c077a48fb232a1e9ac77fdb27fbb01d52fd33a6ddf65a9f58ce981244c99bcca821030511caa277bc2f68239]='3378' | |
[a3e9dadfe3cc34189b5fee83bfc01c3c5b42e04ba19cdcd84f8301c42566617b5916294e2414348139d8c5e557a7ccf6c0d3dca0661f2d10c0c0077345630b1d]='3298' | |
[c127d7c1dbd5d11cf7af627e37808ea16166b6430ddd8e96111e503cc78ae1fd78083d474495951743fa1b489140be63178a4bb65dabb0d719c5d0ad9c57eb78]='3298' | |
[f1f9abefa49eeba6a3fe46ba3d254dfc3fa6e2cd8823835e2d982e9cbcd0d82c298e3896dc79d234305d2262a828a7398526906022f8ed7407368725d95e08d8]='3375' | |
) | |
declare -A correctvals | |
correctvals=( | |
[1e11052c144ae483cba4f70efe278070c50daa80d1a5febe7c0d08e401baf0ab16a542b7a34da00d7aea1591238f01d9902ac6fbfcce8d82eebcf09d97d132cd]='\x74\x02\x00\x00' | |
[2fd5f0fade7c4c986259524f148f79ee1d1353d7ab83d1bdd0d50e52d393d8d896c32ab64eb714ba08861b8ba4f113d19f940a04889fa407784f010f119c8c19]='\x88\x02\x00\x00' | |
[6d60e369c1b4b484c7221e91d80f03a782b5286137f8087b2bf22b9f54e3507c4947d2a456ba46a6ef3c0c7216dc8251c017e9122f44cba89e32f23a0542afd3]='\x74\x02\x00\x00' | |
[6e9e5ebb6cd1a15d5a570d9a06a56c9bf60cb047d858c7220dd9dcfd54ebb87c8e0ea4611ac98a0ab51fec9e87b265b2207973f3e4882d87f62d887da72f87ab]='\x88\x02\x00\x00' | |
[82b37fa4b305cab33277d2cf0249008731a69575b5689a47e72fe2a35be4440e0e116bc02191f9b0066ea3ae278327fe3409f28d25d13bae88c5f347dba6a254]='\x74\x02\x00\x00' | |
[8a7b03d92a8b115943e7f004820fadd2dc6ab125c077a48fb232a1e9ac77fdb27fbb01d52fd33a6ddf65a9f58ce981244c99bcca821030511caa277bc2f68239]='\x74\x02\x00\x00' | |
[a3e9dadfe3cc34189b5fee83bfc01c3c5b42e04ba19cdcd84f8301c42566617b5916294e2414348139d8c5e557a7ccf6c0d3dca0661f2d10c0c0077345630b1d]='\x74\x02\x00\x00' | |
[c127d7c1dbd5d11cf7af627e37808ea16166b6430ddd8e96111e503cc78ae1fd78083d474495951743fa1b489140be63178a4bb65dabb0d719c5d0ad9c57eb78]='\x74\x02\x00\x00' | |
[f1f9abefa49eeba6a3fe46ba3d254dfc3fa6e2cd8823835e2d982e9cbcd0d82c298e3896dc79d234305d2262a828a7398526906022f8ed7407368725d95e08d8]='\x74\x02\x00\x00' | |
) | |
filesum="$(sha512sum "${tmpfile}" | cut -d' ' -f1)" | |
if [[ -z "${offsets[$filesum]}" ]]; then | |
echo "Nothing to do" | |
rm "${tmpfile}" | |
touch "${escape_hatch}" | |
return | |
fi | |
printf "${correctvals[$filesum]}" | dd of="${tmpfile}" bs=1 seek="${offsets[$filesum]}" conv=notrunc status=none | |
# There's a lot of sync'ing going on. On remotely up to date systems (newer than 1109.1.0), sync can operate on | |
# individual files. On old systems it syncs everything which is slow, but we want to be as safe as possible. | |
# Since we write out the escape hatch after everything is done, this will only happen once. | |
# rezip onto /boot so ENOSPC can't cause problems | |
gzip -c "${tmpfile}" > "${file}.tmp" | |
rm "${tmpfile}" | |
# in case something goes horribly wrong. Do not use mv -b since it moves the original file to | |
# the backup name then moves the new file to the target, leaving a window with no file | |
cp -p "${file}.mod" "${file}.bak.bug2400" | |
sync "${file}.bak.bug2400" "${file}.tmp" | |
# use mv then sync to be as atomic as possible | |
mv "${file}.tmp" "${file}.mod" | |
sync '/boot/coreos/grub/i386-pc/' | |
touch "${escape_hatch}" | |
echo 'linux.mod updated successfully' | |
} | |
patch_grub |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment