[RFC] Support menuentry options in simple configuration interface

[RFC] Support menuentry options in simple configuration interface

[Michael Chang]

This patch provides settings in simple configuration interface that can set
common options to menuentry. One of the use cases is specifying the security
settings thus it won't be overwritten by grub-mkconfig. For eg.

GRUB_MENU_ENTRY_OPTION_LINUX="--unrestricted"
GRUB_MENU_ENTRY_OPTION_OSPROBER="--users user1"

---
 util/grub-mkconfig.in       |   11 ++++++++++-
 util/grub.d/10_hurd.in      |    6 +++---
 util/grub.d/10_illumos.in   |    2 +-
 util/grub.d/10_kfreebsd.in  |    6 +++---
 util/grub.d/10_linux.in     |    6 +++---
 util/grub.d/10_netbsd.in    |    6 +++---
 util/grub.d/10_windows.in   |    2 +-
 util/grub.d/10_xnu.in       |    2 +-
 util/grub.d/20_linux_xen.in |   10 +++++-----
 util/grub.d/30_os-prober.in |   16 ++++++++--------
 10 files changed, 38 insertions(+), 29 deletions(-)

diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index 3183744..b378e9d 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -227,7 +227,16 @@ export GRUB_DEFAULT \
   GRUB_ENABLE_CRYPTODISK \
   GRUB_BADRAM \
   GRUB_OS_PROBER_SKIP_LIST \
-  GRUB_DISABLE_SUBMENU
+  GRUB_DISABLE_SUBMENU \
+  GRUB_MENU_ENTRY_OPTION_HURD \
+  GRUB_MENU_ENTRY_OPTION_ILLUMOS \
+  GRUB_MENU_ENTRY_OPTION_KFREEBSD \
+  GRUB_MENU_ENTRY_OPTION_LINUX \
+  GRUB_MENU_ENTRY_OPTION_NETBSD \
+  GRUB_MENU_ENTRY_OPTION_WINDOWS \
+  GRUB_MENU_ENTRY_OPTION_XNU \
+  GRUB_MENU_ENTRY_OPTION_LINUX_XEN \
+  GRUB_MENU_ENTRY_OPTION_OSPROBER
 
 if test "x${grub_cfg}" != "x"; then
   rm -f "${grub_cfg}.new"
diff --git a/util/grub.d/10_hurd.in b/util/grub.d/10_hurd.in
index 59a9a48..9f2f173 100644
--- a/util/grub.d/10_hurd.in
+++ b/util/grub.d/10_hurd.in
@@ -100,11 +100,11 @@ hurd_entry () {
 	  grub_warn "$(gettext_printf "Please don't use old title \`%s' for GRUB_DEFAULT, use \`%s' (for versions before 2.00) or \`%s' (for 2.00 or later)" "$GRUB_ACTUAL_DEFAULT" "$replacement_title" "gnuhurd-advanced-$boot_device_id>'gnuhurd-$kernel-$type-$(grub_get_device_id "${GRUB_DEVICE_BOOT}")'")"
       fi
       sed "s/^/$submenu_indentation/" << EOF
-menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnuhurd-$kernel-$type-$(grub_get_device_id "${GRUB_DEVICE_BOOT}")' {
+menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnuhurd-$kernel-$type-$(grub_get_device_id "${GRUB_DEVICE_BOOT}")' ${GRUB_MENU_ENTRY_OPTION_HURD} {
 EOF
   else
       sed "s/^/$submenu_indentation/" << EOF
-menuentry '$(echo "$OS" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnuhurd-simple-$(grub_get_device_id "${GRUB_DEVICE_BOOT}")' {
+menuentry '$(echo "$OS" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnuhurd-simple-$(grub_get_device_id "${GRUB_DEVICE_BOOT}")' ${GRUB_MENU_ENTRY_OPTION_HURD} {
 EOF
   fi
 
@@ -161,7 +161,7 @@ while [ "x$kernels" != "x" ] ; do
       submenu_indentation="$grub_tab"
     
       # TRANSLATORS: %s is replaced with an OS name
-      echo "submenu '$(gettext_printf "Advanced options for %s" "${OS}" | grub_quote)' \$menuentry_id_option 'gnuhurd-advanced-$(grub_get_device_id "${GRUB_DEVICE_BOOT}")' {"
+      echo "submenu '$(gettext_printf "Advanced options for %s" "${OS}" | grub_quote)' \$menuentry_id_option 'gnuhurd-advanced-$(grub_get_device_id "${GRUB_DEVICE_BOOT}")' ${GRUB_MENU_ENTRY_OPTION_HURD} {"
       is_top_level=false
   fi
 
diff --git a/util/grub.d/10_illumos.in b/util/grub.d/10_illumos.in
index a133e1b..a52125a 100644
--- a/util/grub.d/10_illumos.in
+++ b/util/grub.d/10_illumos.in
@@ -34,7 +34,7 @@ case "${GRUB_DISTRIBUTOR}" in
   ;;
 esac
 
-echo "menuentry '$(echo "$OS" | grub_quote)' ${CLASS} \$menuentry_id_option 'illumos-$(grub_get_device_id "${GRUB_DEVICE_BOOT}")' {"
+echo "menuentry '$(echo "$OS" | grub_quote)' ${CLASS} \$menuentry_id_option 'illumos-$(grub_get_device_id "${GRUB_DEVICE_BOOT}")' ${GRUB_MENU_ENTRY_OPTION_ILLUMOS} {"
 save_default_entry | grub_add_tab
 prepare_grub_to_access_device "${GRUB_DEVICE_BOOT}" | grub_add_tab
 message="$(gettext_printf "Loading kernel of Illumos ...")"
diff --git a/util/grub.d/10_kfreebsd.in b/util/grub.d/10_kfreebsd.in
index 9d8e8fd..e595565 100644
--- a/util/grub.d/10_kfreebsd.in
+++ b/util/grub.d/10_kfreebsd.in
@@ -86,9 +86,9 @@ kfreebsd_entry ()
 	  title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;"
 	  grub_warn "$(gettext_printf "Please don't use old title \`%s' for GRUB_DEFAULT, use \`%s' (for versions before 2.00) or \`%s' (for 2.00 or later)" "$GRUB_ACTUAL_DEFAULT" "$replacement_title" "kfreebsd-advanced-$boot_device_id>kfreebsd-$version-$type-$boot_device_id")"
       fi
-      echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'kfreebsd-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
+      echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'kfreebsd-$version-$type-$boot_device_id' ${GRUB_MENU_ENTRY_OPTION_KFREEBSD} {" | sed "s/^/$submenu_indentation/"
   else
-      echo "menuentry '$(echo "$OS" | grub_quote)' ${CLASS} \$menuentry_id_option 'kfreebsd-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
+      echo "menuentry '$(echo "$OS" | grub_quote)' ${CLASS} \$menuentry_id_option 'kfreebsd-simple-$boot_device_id' ${GRUB_MENU_ENTRY_OPTION_KFREEBSD} {" | sed "s/^/$submenu_indentation/"
   fi
   if [ x$type != xrecovery ] ; then
       save_default_entry | grub_add_tab | sed "s/^/$submenu_indentation/"
@@ -222,7 +222,7 @@ while [ "x$list" != "x" ] ; do
 	  boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")"
       fi
       # TRANSLATORS: %s is replaced with an OS name
-      echo "submenu '$(gettext_printf "Advanced options for %s" "${OS}" | grub_quote)' \$menuentry_id_option 'kfreebsd-advanced-$boot_device_id' {"
+      echo "submenu '$(gettext_printf "Advanced options for %s" "${OS}" | grub_quote)' \$menuentry_id_option 'kfreebsd-advanced-$boot_device_id' ${GRUB_MENU_ENTRY_OPTION_KFREEBSD} {"
       is_top_level=false
   fi
 
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index 859b608..341872a 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -90,9 +90,9 @@ linux_entry ()
 	  title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;"
 	  grub_warn "$(gettext_printf "Please don't use old title \`%s' for GRUB_DEFAULT, use \`%s' (for versions before 2.00) or \`%s' (for 2.00 or later)" "$GRUB_ACTUAL_DEFAULT" "$replacement_title" "gnulinux-advanced-$boot_device_id>gnulinux-$version-$type-$boot_device_id")"
       fi
-      echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
+      echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' ${GRUB_MENU_ENTRY_OPTION_LINUX} {" | sed "s/^/$submenu_indentation/"
   else
-      echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
+      echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' ${GRUB_MENU_ENTRY_OPTION_LINUX} {" | sed "s/^/$submenu_indentation/"
   fi      
   if [ x$type != xrecovery ] ; then
       save_default_entry | grub_add_tab
@@ -232,7 +232,7 @@ while [ "x$list" != "x" ] ; do
 	boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")"
     fi
     # TRANSLATORS: %s is replaced with an OS name
-    echo "submenu '$(gettext_printf "Advanced options for %s" "${OS}" | grub_quote)' \$menuentry_id_option 'gnulinux-advanced-$boot_device_id' {"
+    echo "submenu '$(gettext_printf "Advanced options for %s" "${OS}" | grub_quote)' \$menuentry_id_option 'gnulinux-advanced-$boot_device_id' ${GRUB_MENU_ENTRY_OPTION_LINUX} {"
     is_top_level=false
   fi
 
diff --git a/util/grub.d/10_netbsd.in b/util/grub.d/10_netbsd.in
index 874f599..bdfa18a 100644
--- a/util/grub.d/10_netbsd.in
+++ b/util/grub.d/10_netbsd.in
@@ -113,9 +113,9 @@ netbsd_entry ()
 	  grub_warn "$(gettext_printf "Please don't use old title \`%s' for GRUB_DEFAULT, use \`%s' (for versions before 2.00) or \`%s' (for 2.00 or later)" "$GRUB_ACTUAL_DEFAULT" "$replacement_title" "netbsd-advanced-$boot_device_id>netbsd-${loader}-$kernel-$type-$boot_device_id")"
       fi
 
-      echo "menuentry '$(echo "$title" | grub_quote)' \$menuentry_id_option 'netbsd-${loader}-$kernel-$type-$boot_device_id' {"  | sed "s/^/$submenu_indentation/"
+      echo "menuentry '$(echo "$title" | grub_quote)' \$menuentry_id_option 'netbsd-${loader}-$kernel-$type-$boot_device_id' ${GRUB_MENU_ENTRY_OPTION_NETBSD} {"  | sed "s/^/$submenu_indentation/"
   else
-      echo "menuentry '$(echo "$OS" | grub_quote)' \$menuentry_id_option 'netbsd-${loader}-simple-$boot_device_id' {"  | sed "s/^/$submenu_indentation/"
+      echo "menuentry '$(echo "$OS" | grub_quote)' \$menuentry_id_option 'netbsd-${loader}-simple-$boot_device_id' ${GRUB_MENU_ENTRY_OPTION_NETBSD} {"  | sed "s/^/$submenu_indentation/"
   fi
 
   printf "%s\n" "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/"
@@ -165,7 +165,7 @@ for k in /netbsd $(ls -t /netbsd?* 2>/dev/null) ; do
 	boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")"
     fi
     # TRANSLATORS: %s is replaced with an OS name
-    echo "submenu '$(gettext_printf "Advanced options for %s" "${OS}" | grub_quote)' \$menuentry_id_option 'netbsd-advanced-$boot_device_id' {"
+    echo "submenu '$(gettext_printf "Advanced options for %s" "${OS}" | grub_quote)' \$menuentry_id_option 'netbsd-advanced-$boot_device_id' ${GRUB_MENU_ENTRY_OPTION_NETBSD} {"
     is_top_level=false
   fi
 
diff --git a/util/grub.d/10_windows.in b/util/grub.d/10_windows.in
index 554c561..973c865 100644
--- a/util/grub.d/10_windows.in
+++ b/util/grub.d/10_windows.in
@@ -84,7 +84,7 @@ for drv in $drives ; do
 
   gettext_printf "Found %s on %s (%s)\n" "$OS" "$drv" "$dev" >&2
   cat << EOF
-menuentry '$(echo "$OS" | grub_quote)' \$menuentry_id_option '$osid-$(grub_get_device_id "${dev}")' {
+menuentry '$(echo "$OS" | grub_quote)' \$menuentry_id_option '$osid-$(grub_get_device_id "${dev}")' ${GRUB_MENU_ENTRY_OPTION_WINDOWS} {
 EOF
 
   save_default_entry | sed -e 's,^,$grub_tab,'
diff --git a/util/grub.d/10_xnu.in b/util/grub.d/10_xnu.in
index 51ee2f4..6d0a567 100644
--- a/util/grub.d/10_xnu.in
+++ b/util/grub.d/10_xnu.in
@@ -37,7 +37,7 @@ osx_entry() {
     # TRANSLATORS: it refers on the OS residing on device %s
     onstr="$(gettext_printf "(on %s)" "${GRUB_DEVICE}")"
         cat << EOF
-menuentry '$(echo "Darwin/Mac OS X $bitstr $onstr" | grub_quote)' --class osx --class darwin --class os \$menuentry_id_option 'osprober-xnu-$2-$(grub_get_device_id "${GRUB_DEVICE}")'  {
+menuentry '$(echo "Darwin/Mac OS X $bitstr $onstr" | grub_quote)' --class osx --class darwin --class os \$menuentry_id_option 'osprober-xnu-$2-$(grub_get_device_id "${GRUB_DEVICE}")' ${GRUB_MENU_ENTRY_OPTION_XNU} {
 EOF
 	save_default_entry | grub_add_tab
 	prepare_grub_to_access_device ${GRUB_DEVICE} | grub_add_tab
diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in
index f532fb9..d54bfc1 100644
--- a/util/grub.d/20_linux_xen.in
+++ b/util/grub.d/20_linux_xen.in
@@ -98,10 +98,10 @@ linux_entry ()
          title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;"
          grub_warn "$(gettext_printf "Please don't use old title \`%s' for GRUB_DEFAULT, use \`%s' (for versions before 2.00) or \`%s' (for 2.00 or later)" "$GRUB_ACTUAL_DEFAULT" "$replacement_title" "gnulinux-advanced-$boot_device_id>gnulinux-$version-$type-$boot_device_id")"
       fi
-      echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'xen-gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
+      echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'xen-gnulinux-$version-$type-$boot_device_id' ${GRUB_MENU_ENTRY_OPTION_LINUX_XEN} {" | sed "s/^/$submenu_indentation/"
   else
       title="$(gettext_printf "%s, with Xen hypervisor" "${os}")"
-      echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'xen-gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
+      echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'xen-gnulinux-simple-$boot_device_id' ${GRUB_MENU_ENTRY_OPTION_LINUX_XEN} {" | sed "s/^/$submenu_indentation/"
   fi
   if [ x$type != xrecovery ] ; then
       save_default_entry | grub_add_tab | sed "s/^/$submenu_indentation/"
@@ -202,7 +202,7 @@ while [ "x${xen_list}" != "x" ] ; do
 	boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")"
     fi
     if [ "x$is_top_level" != xtrue ]; then
-	echo "	submenu '$(gettext_printf "Xen hypervisor, version %s" "${xen_version}" | grub_quote)' \$menuentry_id_option 'xen-hypervisor-$xen_version-$boot_device_id' {"
+	echo "	submenu '$(gettext_printf "Xen hypervisor, version %s" "${xen_version}" | grub_quote)' \$menuentry_id_option 'xen-hypervisor-$xen_version-$boot_device_id' ${GRUB_MENU_ENTRY_OPTION_LINUX_XEN} {"
     fi
     while [ "x$list" != "x" ] ; do
 	linux=`version_find_latest $list`
@@ -245,8 +245,8 @@ while [ "x${xen_list}" != "x" ] ; do
 		boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")"
 	    fi
             # TRANSLATORS: %s is replaced with an OS name
-	    echo "submenu '$(gettext_printf "Advanced options for %s (with Xen hypervisor)" "${OS}" | grub_quote)' \$menuentry_id_option 'gnulinux-advanced-$boot_device_id' {"
-	echo "	submenu '$(gettext_printf "Xen hypervisor, version %s" "${xen_version}" | grub_quote)' \$menuentry_id_option 'xen-hypervisor-$xen_version-$boot_device_id' {"
+	    echo "submenu '$(gettext_printf "Advanced options for %s (with Xen hypervisor)" "${OS}" | grub_quote)' \$menuentry_id_option 'gnulinux-advanced-$boot_device_id' ${GRUB_MENU_ENTRY_OPTION_LINUX_XEN} {"
+	echo "	submenu '$(gettext_printf "Xen hypervisor, version %s" "${xen_version}" | grub_quote)' \$menuentry_id_option 'xen-hypervisor-$xen_version-$boot_device_id' ${GRUB_MENU_ENTRY_OPTION_LINUX_XEN} {"
 	   is_top_level=false
 	fi
 
diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in
index 5fc4f0c..9741ca2 100644
--- a/util/grub.d/30_os-prober.in
+++ b/util/grub.d/30_os-prober.in
@@ -52,7 +52,7 @@ osx_entry() {
     # TRANSLATORS: it refers on the OS residing on device %s
     onstr="$(gettext_printf "(on %s)" "${DEVICE}")"
         cat << EOF
-menuentry '$(echo "${LONGNAME} $bitstr $onstr" | grub_quote)' --class osx --class darwin --class os \$menuentry_id_option 'osprober-xnu-$2-$(grub_get_device_id "${DEVICE}")'  {
+menuentry '$(echo "${LONGNAME} $bitstr $onstr" | grub_quote)' --class osx --class darwin --class os \$menuentry_id_option 'osprober-xnu-$2-$(grub_get_device_id "${DEVICE}")' ${GRUB_MENU_ENTRY_OPTION_OSPROBER} {
 EOF
 	save_default_entry | grub_add_tab
 	prepare_grub_to_access_device ${DEVICE} | grub_add_tab
@@ -142,7 +142,7 @@ for OS in ${OSPROBED} ; do
 
 	  onstr="$(gettext_printf "(on %s)" "${DEVICE}")"
       cat << EOF
-menuentry '$(echo "${LONGNAME} $onstr" | grub_quote)' --class windows --class os \$menuentry_id_option 'osprober-chain-$(grub_get_device_id "${DEVICE}")' {
+menuentry '$(echo "${LONGNAME} $onstr" | grub_quote)' --class windows --class os \$menuentry_id_option 'osprober-chain-$(grub_get_device_id "${DEVICE}")' ${GRUB_MENU_ENTRY_OPTION_OSPROBER} {
 EOF
       save_default_entry | grub_add_tab
       prepare_grub_to_access_device ${DEVICE} | grub_add_tab
@@ -174,7 +174,7 @@ EOF
 	DEVICE=${DEVICE%@*}
 	onstr="$(gettext_printf "(on %s)" "${DEVICE}")"
       cat << EOF
-menuentry '$(echo "${LONGNAME} $onstr" | grub_quote)' --class windows --class os \$menuentry_id_option 'osprober-efi-$(grub_get_device_id "${DEVICE}")' {
+menuentry '$(echo "${LONGNAME} $onstr" | grub_quote)' --class windows --class os \$menuentry_id_option 'osprober-efi-$(grub_get_device_id "${DEVICE}")' ${GRUB_MENU_ENTRY_OPTION_OSPROBER} {
 EOF
       save_default_entry | sed -e "s/^/\t/"
       prepare_grub_to_access_device ${DEVICE} | sed -e "s/^/\t/"
@@ -230,7 +230,7 @@ EOF
 
 	if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xy ]; then
             cat << EOF
-menuentry '$(echo "$OS $onstr" | grub_quote)' --class gnu-linux --class gnu --class os \$menuentry_id_option 'osprober-gnulinux-simple-$boot_device_id' {
+menuentry '$(echo "$OS $onstr" | grub_quote)' --class gnu-linux --class gnu --class os \$menuentry_id_option 'osprober-gnulinux-simple-$boot_device_id' ${GRUB_MENU_ENTRY_OPTION_OSPROBER} {
 EOF
 	    save_default_entry | grub_add_tab
 	    printf '%s\n' "${prepare_boot_cache}"
@@ -245,12 +245,12 @@ EOF
         cat << EOF
 }
 EOF
-	    echo "submenu '$(gettext_printf "Advanced options for %s" "${OS} $onstr" | grub_quote)' \$menuentry_id_option 'osprober-gnulinux-advanced-$boot_device_id' {"
+	    echo "submenu '$(gettext_printf "Advanced options for %s" "${OS} $onstr" | grub_quote)' \$menuentry_id_option 'osprober-gnulinux-advanced-$boot_device_id' ${GRUB_MENU_ENTRY_OPTION_OSPROBER} {"
 	    is_top_level=false
 	fi
 	title="${LLABEL} $onstr"
         cat << EOF
-	menuentry '$(echo "$title" | grub_quote)' --class gnu-linux --class gnu --class os \$menuentry_id_option 'osprober-gnulinux-$LKERNEL-${recovery_params}-$boot_device_id' {
+	menuentry '$(echo "$title" | grub_quote)' --class gnu-linux --class gnu --class os \$menuentry_id_option 'osprober-gnulinux-$LKERNEL-${recovery_params}-$boot_device_id' ${GRUB_MENU_ENTRY_OPTION_OSPROBER} {
 EOF
 	save_default_entry | sed -e "s/^/$grub_tab$grub_tab/"
 	printf '%s\n' "${prepare_boot_cache}" | grub_add_tab
@@ -287,7 +287,7 @@ EOF
     hurd)
       onstr="$(gettext_printf "(on %s)" "${DEVICE}")"
       cat << EOF
-menuentry '$(echo "${LONGNAME} $onstr" | grub_quote)' --class hurd --class gnu --class os \$menuentry_id_option 'osprober-gnuhurd-/boot/gnumach.gz-false-$(grub_get_device_id "${DEVICE}")' {
+menuentry '$(echo "${LONGNAME} $onstr" | grub_quote)' --class hurd --class gnu --class os \$menuentry_id_option 'osprober-gnuhurd-/boot/gnumach.gz-false-$(grub_get_device_id "${DEVICE}")' ${GRUB_MENU_ENTRY_OPTION_OSPROBER} {
 EOF
       save_default_entry | grub_add_tab
       prepare_grub_to_access_device ${DEVICE} | grub_add_tab
@@ -312,7 +312,7 @@ EOF
     ;;
     minix)
 	  cat << EOF
-menuentry "${LONGNAME} (on ${DEVICE}, Multiboot)" {
+menuentry "${LONGNAME} (on ${DEVICE}, Multiboot)" ${GRUB_MENU_ENTRY_OPTION_OSPROBER} {
 EOF
          save_default_entry | sed -e "s/^/\t/"
          prepare_grub_to_access_device ${DEVICE} | sed -e "s/^/\t/"
-- 
1.7.3.4

Re: [RFC] Support menuentry options in simple configuration interface

[Andrei Borzenkov]

В Tue, 26 May 2015 15:53:14 +0800
Michael Chang <mchang@suse.com> пишет:

> This patch provides settings in simple configuration interface that can set
> common options to menuentry. One of the use cases is specifying the security
> settings thus it won't be overwritten by grub-mkconfig. For eg.
> 
> GRUB_MENU_ENTRY_OPTION_LINUX="--unrestricted"
> GRUB_MENU_ENTRY_OPTION_OSPROBER="--users user1"
> 

I'm not sure. I actually feel like configurations that need detailed
per user authorizations simply do not fit into simplistic
grub-mkconfig. Next someone will miss per-menuentry user list.

Most common request is really to allow menu boot while restricting
command line, so I think that adding support for this to grub-mkconfig
would be fine. Otherwise something more detailed should really be left
to distribution specific tools or manual creation of grub.cfg.

Re: [RFC] Support menuentry options in simple configuration interface

[Michael Chang]

On Sat, May 30, 2015 at 10:39:06AM +0300, Andrei Borzenkov wrote:
> В Tue, 26 May 2015 15:53:14 +0800
> Michael Chang <mchang@suse.com> пишет:
> 
> > This patch provides settings in simple configuration interface that can set
> > common options to menuentry. One of the use cases is specifying the security
> > settings thus it won't be overwritten by grub-mkconfig. For eg.
> > 
> > GRUB_MENU_ENTRY_OPTION_LINUX="--unrestricted"
> > GRUB_MENU_ENTRY_OPTION_OSPROBER="--users user1"
> > 
> 
> I'm not sure. I actually feel like configurations that need detailed
> per user authorizations simply do not fit into simplistic
> grub-mkconfig. Next someone will miss per-menuentry user list.

Thanks for comment. I'm also not sure as per menu entry options not fit
well with global options context provided by simple interface. But from
my understanding, generic options settings maybe more welcome from
upstream POV, so that's why I send it here as RFC patch. :)

> 
> Most common request is really to allow menu boot while restricting
> command line, so I think that adding support for this to grub-mkconfig
> would be fine. 

Yes. We have quite many users request the password protection to work
the same way as legacy grub, that is actually what --unrestricted could
provide them, but they need to manually patch grub scripts to keep their
settings persist as currently distribution tools have no way to
integrate it by lacking of inteface in simple config. We can extend that
on our own, of course, but it seems better to coordinated on upstream if
possible.

How do you think proposed option like this ?

  GRUB_UNRESTRICTED_MENU_ENTRY="true"

to have generated menu-entry with --unrestricted options set?

> Otherwise something more detailed should really be left
> to distribution specific tools or manual creation of grub.cfg.

Agreed.

Thanks,
Michael

> 
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel

Re: [RFC] Support menuentry options in simple configuration interface

[Michael Chang]

On Mon, Jun 01, 2015 at 11:35:49AM +0800, Michael Chang wrote:
> On Sat, May 30, 2015 at 10:39:06AM +0300, Andrei Borzenkov wrote:
> > В Tue, 26 May 2015 15:53:14 +0800
> > Michael Chang <mchang@suse.com> пишет:
> > 
> > > This patch provides settings in simple configuration interface that can set
> > > common options to menuentry. One of the use cases is specifying the security
> > > settings thus it won't be overwritten by grub-mkconfig. For eg.
> > > 
> > > GRUB_MENU_ENTRY_OPTION_LINUX="--unrestricted"
> > > GRUB_MENU_ENTRY_OPTION_OSPROBER="--users user1"
> > > 
> > 
> > I'm not sure. I actually feel like configurations that need detailed
> > per user authorizations simply do not fit into simplistic
> > grub-mkconfig. Next someone will miss per-menuentry user list.
> 
> Thanks for comment. I'm also not sure as per menu entry options not fit
> well with global options context provided by simple interface. But from
> my understanding, generic options settings maybe more welcome from
> upstream POV, so that's why I send it here as RFC patch. :)
> 
> > 
> > Most common request is really to allow menu boot while restricting
> > command line, so I think that adding support for this to grub-mkconfig
> > would be fine. 
> 
> Yes. We have quite many users request the password protection to work
> the same way as legacy grub, that is actually what --unrestricted could
> provide them, but they need to manually patch grub scripts to keep their
> settings persist as currently distribution tools have no way to
> integrate it by lacking of inteface in simple config. We can extend that
> on our own, of course, but it seems better to coordinated on upstream if
> possible.
> 
> How do you think proposed option like this ?
> 
>   GRUB_UNRESTRICTED_MENU_ENTRY="true"

Hi Andrei,

Do you have any comment on the new setting? I am absolutely happy to
work on the patch if it's the way to go.

If not, do you have any other recommends or be it a down-stream settings
is more feasible here ?

Thanks,
Michael
> 
> to have generated menu-entry with --unrestricted options set?
> 
> > Otherwise something more detailed should really be left
> > to distribution specific tools or manual creation of grub.cfg.
> 
> Agreed.
> 
> Thanks,
> Michael
> 
> > 
> > _______________________________________________
> > Grub-devel mailing list
> > Grub-devel@gnu.org
> > https://lists.gnu.org/mailman/listinfo/grub-devel
> 
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel

Re: [RFC] Support menuentry options in simple configuration interface

[Andrei Borzenkov]

В Thu, 11 Jun 2015 11:13:01 +0800
Michael Chang <mchang@suse.com> пишет:

> On Mon, Jun 01, 2015 at 11:35:49AM +0800, Michael Chang wrote:
> > On Sat, May 30, 2015 at 10:39:06AM +0300, Andrei Borzenkov wrote:
> > > В Tue, 26 May 2015 15:53:14 +0800
> > > Michael Chang <mchang@suse.com> пишет:
> > > 
> > > > This patch provides settings in simple configuration interface that can set
> > > > common options to menuentry. One of the use cases is specifying the security
> > > > settings thus it won't be overwritten by grub-mkconfig. For eg.
> > > > 
> > > > GRUB_MENU_ENTRY_OPTION_LINUX="--unrestricted"
> > > > GRUB_MENU_ENTRY_OPTION_OSPROBER="--users user1"
> > > > 
> > > 
> > > I'm not sure. I actually feel like configurations that need detailed
> > > per user authorizations simply do not fit into simplistic
> > > grub-mkconfig. Next someone will miss per-menuentry user list.
> > 
> > Thanks for comment. I'm also not sure as per menu entry options not fit
> > well with global options context provided by simple interface. But from
> > my understanding, generic options settings maybe more welcome from
> > upstream POV, so that's why I send it here as RFC patch. :)
> > 
> > > 
> > > Most common request is really to allow menu boot while restricting
> > > command line, so I think that adding support for this to grub-mkconfig
> > > would be fine. 
> > 
> > Yes. We have quite many users request the password protection to work
> > the same way as legacy grub, that is actually what --unrestricted could
> > provide them, but they need to manually patch grub scripts to keep their
> > settings persist as currently distribution tools have no way to
> > integrate it by lacking of inteface in simple config. We can extend that
> > on our own, of course, but it seems better to coordinated on upstream if
> > possible.
> > 
> > How do you think proposed option like this ?
> > 
> >   GRUB_UNRESTRICTED_MENU_ENTRY="true"
> 
> Hi Andrei,
> 
> Do you have any comment on the new setting? I am absolutely happy to
> work on the patch if it's the way to go.
> 
> If not, do you have any other recommends or be it a down-stream settings
> is more feasible here ?
> 

What I do not like in all this - such option requires explicit support
in grub.d script. IOW by adding such an option we make promise to make
all menu entries unrestricted, which we cannot hold.

It is not true for most other options which are either interpreted by
core or apply to specific scripts, so no global expectations. Exceptions
are

GRUB_DISTRIBUTOR
GRUB_DISABLE_RECOVERY

which are unfortunate. But GRUB_DISTRIBUTOR is advisory-only, so it is
OK.

Also there are GRUB legacy and syslinux generated menu entries which
would not be covered here at all.

Note that default in the past was unrestricted. I tried to find
rationale for changing it, but could not really. There is

http://marc.info/?t=139175165000018&r=1&w=2

without explanation why it was error prone.

Vladimir, what about adding unrestricted_menu=y environment variable
that could then be set in 00_header using GRUB_UNRESTRICTED_MENU
option? This would allow users to globally turn it on/off for all menu
entries.