On Tue, 2011-11-29 at 00:46 +0100, Kevin Kofler wrote:
Jason L Tibbitts III wrote:
> You can also edit grub.cfg directly, but it gets wiped out if anything
> ever runs grub2-mkconfig. Finally, grubby has options for modifying
> kernel arguments, but I do not believe that goes in and does anything
> with the /etc/default/grub line so again that gets wiped out of anything
> runs grub2-mkconfig.
But does anything in Fedora actually run grub2-mkconfig automatically?
Kernel updates sure don't, they have grubby edit the grub.cfg file directly
instead.
I wonder whether it might actually make sense to patch grub2-mkconfig to no
longer emit that warning and to make it a packaging guideline that RPM
scriptlets MUST NOT run grub2-mkconfig. The template system may be a nice
idea, but it doesn't cover everything, it makes things more complicated, and
it doesn't seem to be actually needed in Fedora, thanks to grubby.
On the other hand, unfortunately, tools such as kcm-grub2, which we probably
want to package for Fedora at some point, run grub2-mkconfig, and we can't
even blame them for that given that it is what GRUB upstream recommends. :-(
(That said, kcm-grub2's KAuth helper's code also scares me for other
reasons:
* The config file to write to is soft-coded as a configuration option, which
means that giving out org.kde.kcontrol.kcmgrub2.save permissions to a user
essentially gives that user root. (It doesn't just allow to "Save the GRUB2
Bootloader settings" as the action description claims, but to write to ANY
file on the system as root.)
* The executable names to run are hard-coded as grub-*, which is wrong for
Fedora.
IMHO, the proper solution would be to make both of those compile-time CMake
options.)
So the situation is indeed a mess.
Well, it's _something_ of a mess, but as far as end-user customization
goes it is, AFAIK, pretty much always safe just to do things
via /etc/default/grub and grub2-mkconfig, because any changes you
produce in this way will then get inherited by grubby when updating the
kernel, and now everything's in sync.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net