PNG  IHDR* pHYs+ IDATx]n#; cdLb Ǚ[at¤_:uP}>!Usă cag޿ ֵNu`ݼTâabO7uL&y^wFٝA"l[|ŲHLN밪4*sG3|Dv}?+y߉{OuOAt4Jj.u]Gz*҉sP'VQKbA1u\`& Af;HWj hsO;ogTu uj7S3/QzUr&wS`M$X_L7r2;aE+ώ%vikDA:dR+%KzƉo>eOth$z%: :{WwaQ:wz%4foɹE[9<]#ERINƻv溂E%P1i01 |Jvҗ&{b?9g=^wζXn/lK::90KwrюO\!ջ3uzuGv^;騢wq<Iatv09:tt~hEG`v;3@MNZD.1]L:{ծI3`L(÷ba")Y.iljCɄae#I"1 `3*Bdz>j<fU40⨬%O$3cGt]j%Fߠ_twJ;ABU8vP3uEԑwQ V:h%))LfraqX-ۿX]v-\9I gl8tzX ]ecm)-cgʒ#Uw=Wlێn(0hPP/ӨtQ“&J35 $=]r1{tLuǮ*i0_;NƝ8;-vݏr8+U-kruȕYr0RnC]*ެ(M:]gE;{]tg(#ZJ9y>utRDRMdr9㪩̞zֹb<ģ&wzJM"iI( .ꮅX)Qw:9,i좜\Ԛi7&N0:asϓc];=ΗOӣ APqz93 y $)A*kVHZwBƺnWNaby>XMN*45~ղM6Nvm;A=jֲ.~1}(9`KJ/V F9[=`~[;sRuk]rєT!)iQO)Y$V ی ۤmzWz5IM Zb )ˆC`6 rRa}qNmUfDsWuˤV{ Pݝ'=Kֳbg,UҘVz2ﴻnjNgBb{? ߮tcsͻQuxVCIY۠:(V뺕 ٥2;t`@Fo{Z9`;]wMzU~%UA蛚dI vGq\r82iu +St`cR.6U/M9IENDB`#!/bin/sh -e EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/' -e 's/\"//g') if [ -d /sys/firmware/efi/efivars/ ]; then grubdir=`echo "/boot/efi/EFI/${EFIDIR}/" | sed 's,//*,/,g'` else grubdir=`echo "/boot/grub2" | sed 's,//*,/,g'` fi PACKAGE_VERSION="2.03" PACKAGE_NAME="GRUB" self=`basename $0` bindir="/usr/bin" grub_mkpasswd="${bindir}/grub2-mkpasswd-pbkdf2" # Usage: usage # Print the usage. usage () { cat < put user.cfg in a user-selected directory Report bugs at https://bugzilla.redhat.com. EOF } argument () { opt=$1 shift if test $# -eq 0; then gettext_printf "%s: option requires an argument -- \`%s'\n" "$self" "$opt" 1>&2 exit 1 fi echo $1 } # Ensure that it's the root user running this script if [ "${EUID}" -ne 0 ]; then echo "The grub bootloader password may only be set by root." usage exit 2 fi # Check the arguments. while test $# -gt 0 do option=$1 shift case "$option" in -h | --help) usage exit 0 ;; -v | --version) echo "$self (${PACKAGE_NAME}) ${PACKAGE_VERSION}" exit 0 ;; -o | --output) OUTPUT_PATH=`argument $option "$@"`; shift ;; --output=*) OUTPUT_PATH=`echo "$option" | sed 's/--output=//'` ;; -o=*) OUTPUT_PATH=`echo "$option" | sed 's/-o=//'` ;; esac done # set user input or default path for user.cfg file if [ -z "${OUTPUT_PATH}" ]; then OUTPUT_PATH="${grubdir}" fi if [ ! -d "${OUTPUT_PATH}" ]; then echo "${OUTPUT_PATH} does not exist." usage exit 2; fi ttyopt=$(stty -g) fixtty() { stty ${ttyopt} } trap fixtty EXIT stty -echo # prompt & confirm new grub2 root user password echo -n "Enter password: " read PASSWORD echo echo -n "Confirm password: " read PASSWORD_CONFIRM echo stty ${ttyopt} getpass() { local P0 local P1 P0="$1" && shift P1="$1" && shift ( echo ${P0} ; echo ${P1} ) | \ LC_ALL=C ${grub_mkpasswd} | \ grep -v '[eE]nter password:' | \ sed -e "s/PBKDF2 hash of your password is //" } MYPASS="$(getpass "${PASSWORD}" "${PASSWORD_CONFIRM}")" if [ -z "${MYPASS}" ]; then echo "${self}: error: empty password" 1>&2 exit 1 fi # on the ESP, these will fail to set the permissions, but it's okay because # the directory is protected. install -m 0600 /dev/null "${OUTPUT_PATH}/user.cfg" 2>/dev/null || : chmod 0600 "${OUTPUT_PATH}/user.cfg" 2>/dev/null || : echo "GRUB2_PASSWORD=${MYPASS}" > "${OUTPUT_PATH}/user.cfg" if ! grep -q "^### BEGIN /etc/grub.d/01_users ###$" "${OUTPUT_PATH}/grub.cfg"; then echo "WARNING: The current configuration lacks password support!" echo "Update your configuration with grub2-mkconfig to support this feature." fi