templates: Properly disable the os-prober by default

This patch does the following: - really disables os-prober by default in the util/grub-mkconfig.in by setting GRUB_DISABLE_OS_PROBER to true, - fixes the logic in the util/grub.d/30_os-prober.in, - updates the grub_warn() lines. Reason for the code shuffling in the util/grub-mkconfig.in: The default was GRUB_DISABLE_OS_PROBER=false if you don't set GRUB_DISABLE_OS_PROBER at all. To prevent os-prober from starting we have to set it by default to true and shuffle GRUB_DISABLE_OS_PROBER to code section, which is executed by the script. However we still give an option to the user to overwrite it with false, if he wants to execute os-prober after all. Fixes: e3464147 (templates: Disable the os-prober by default) Reported-by: Didier Spaier <didier@slint.fr> Reported-by: Lennart Sorensen <lsorense@csclub.uwaterloo.ca> Reported-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> Signed-off-by: Philip Müller <philm@manjaro.org> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2025-08-06 10:00:04 +00:00 · 2021-03-09 22:10:14 +01:00 · 2021-03-09 22:10:14 +01:00 · 54e0a1bbf1
commit 54e0a1bbf1
parent 6d05264eec
2 changed files with 8 additions and 5 deletions
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@ -140,6 +140,9 @@ GRUB_DEVICE_PARTUUID="`${grub_probe} --device ${GRUB_DEVICE} --target=partuuid 2
 GRUB_DEVICE_BOOT="`${grub_probe} --target=device /boot`"
 GRUB_DEVICE_BOOT_UUID="`${grub_probe} --device ${GRUB_DEVICE_BOOT} --target=fs_uuid 2> /dev/null`" || true

+# Disable os-prober by default due to security reasons.
+GRUB_DISABLE_OS_PROBER="true"
+
 # Filesystem for the device containing our userland.  Used for stuff like
 # choosing Hurd filesystem module.
 GRUB_FS="`${grub_probe} --device ${GRUB_DEVICE} --target=fs 2> /dev/null || echo unknown`"
@ -201,6 +204,7 @@ export GRUB_DEVICE \
  GRUB_DEVICE_PARTUUID \
  GRUB_DEVICE_BOOT \
  GRUB_DEVICE_BOOT_UUID \
+  GRUB_DISABLE_OS_PROBER \
  GRUB_FS \
  GRUB_FONT \
  GRUB_PRELOAD_MODULES \
@ -242,7 +246,6 @@ export GRUB_DEFAULT \
  GRUB_BACKGROUND \
  GRUB_THEME \
  GRUB_GFXPAYLOAD_LINUX \
-  GRUB_DISABLE_OS_PROBER \
  GRUB_INIT_TUNE \
  GRUB_SAVEDEFAULT \
  GRUB_ENABLE_CRYPTODISK \
--- a/util/grub.d/30_os-prober.in
+++ b/util/grub.d/30_os-prober.in
@ -26,8 +26,8 @@ export TEXTDOMAINDIR="@localedir@"

 . "$pkgdatadir/grub-mkconfig_lib"

-if [ "x${GRUB_DISABLE_OS_PROBER}" = "xfalse" ]; then
-  gettext_printf "os-prober will not be executed to detect other bootable partitions.\nSystems on them will not be added to the GRUB boot configuration.\nCheck GRUB_DISABLE_OS_PROBER documentation entry.\n"
+if [ "x${GRUB_DISABLE_OS_PROBER}" = "xtrue" ]; then
+  grub_warn "$(gettext_printf "os-prober will not be executed to detect other bootable partitions.\nSystems on them will not be added to the GRUB boot configuration.\nCheck GRUB_DISABLE_OS_PROBER documentation entry.")"
  exit 0
 fi

@ -36,12 +36,12 @@ if ! command -v os-prober > /dev/null || ! command -v linux-boot-prober > /dev/n
  exit 0
 fi

+grub_warn "$(gettext_printf "os-prober will be executed to detect other bootable partitions.\nIt's output will be used to detect bootable binaries on them and create new boot entries.")"
+
 OSPROBED="`os-prober | tr ' ' '^' | paste -s -d ' '`"
 if [ -z "${OSPROBED}" ] ; then
  # empty os-prober output, nothing doing
  exit 0
-else
-  grub_warn "$(gettext_printf "os-prober was executed to detect other bootable partitions.\nIt's output will be used to detect bootable binaries on them and create new boot entries.")"
 fi

 osx_entry() {