From 51b16230b10bf02f627959c522facee0c02f61f5 Mon Sep 17 00:00:00 2001
From: yueyuankun <yueyuankun@kylinos.cn>
Date: Wed, 7 Jun 2023 12:23:51 +0800
Subject: [PATCH] update the grub.cfg path so that both uefi and legacy modes
 have grub2 password

---
 ...-uefi-and-legacy-modes-have-password.patch | 28 +++++++++++++++++++
 security-tool.spec                            |  9 +++++-
 2 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 security-tool-update-grub.cfg-path-both-uefi-and-legacy-modes-have-password.patch

diff --git a/security-tool-update-grub.cfg-path-both-uefi-and-legacy-modes-have-password.patch b/security-tool-update-grub.cfg-path-both-uefi-and-legacy-modes-have-password.patch
new file mode 100644
index 0000000..168d16a
--- /dev/null
+++ b/security-tool-update-grub.cfg-path-both-uefi-and-legacy-modes-have-password.patch
@@ -0,0 +1,28 @@
+From 57c20541655a6224c1f257264c13a62b93e52bf6 Mon Sep 17 00:00:00 2001
+From: yueyuankun <yueyuankun@kylinos.cn>
+Date: Wed, 7 Jun 2023 11:45:59 +0800
+Subject: [PATCH] update grub.cfg path, both uefi and legacy modes have grub2
+ password
+
+---
+ security-tool.sh | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/security-tool.sh b/security-tool.sh
+index 0877081..2ac16a4 100644
+--- a/security-tool.sh
++++ b/security-tool.sh
+@@ -946,9 +946,7 @@ function fn_harden_nouser_nogroup()
+ function fn_harden_grub2()
+ {
+     echo -e "cat <<EOF\nset superusers="root"\npassword_pbkdf2 root grub.pbkdf2.sha512.10000.5A45748D892672FDA02DD3B6F7AE390AC6E6D532A600D4AC477D25C7D087644697D8A0894DFED9D86DC2A27F4E01D925C46417A225FC099C12DBD3D7D49A7425.2BD2F5BF4907DCC389CC5D165DB85CC3E2C94C8F9A30B01DACAA9CD552B731BA1DD3B7CC2C765704D55B8CD962D2AEF19A753CBE9B8464E2B1EB39A3BB4EAB08\nEOF\n" >> /etc/grub.d/00_header
+-    if [ -d /boot/efi/EFI/openEuler -a -d /sys/firmware/efi ]; then
+-        grub2-mkconfig -o /boot/efi/EFI/openEuler/grub.cfg
+-    fi
++    grub2-mkconfig -o /boot/grub2/grub.cfg
+ }
+ # Function Name: fn_harden_sysctl
+ # Returns      : 0 on success, otherwise on fail
+-- 
+2.33.0
+
diff --git a/security-tool.spec b/security-tool.spec
index 4894600..a535c2f 100644
--- a/security-tool.spec
+++ b/security-tool.spec
@@ -2,7 +2,7 @@
 Summary: openEuler Security Tool
 Name   : security-tool
 Version: 2.0
-Release: 1.87
+Release: 1.88
 Source0: https://gitee.com/openeuler/security-tool/repository/archive/v2.0.tar.gz
 License: MulanPSL-2.0
 URL: https://gitee.com/openeuler/security-tool
@@ -21,6 +21,7 @@ Patch3: fix-function-allow-rpm-q.patch
 Patch4: add-secure-hostKey-algorithms.patch
 Patch5: Do-not-hard-code-vendor-name-in-source-code.patch
 Patch6: sshd-delete-deprecated-option-RSAAuthentication-and-Rhost.patch
+Patch7: security-tool-update-grub.cfg-path-both-uefi-and-legacy-modes-have-password.patch
 
 %description
 %{vendor} Security Tool
@@ -126,6 +127,12 @@ fi
 %attr(0500,root,root) %{_sbindir}/security-tool.sh
 
 %changelog
+* Wed Jun 07 2023 yueyuankun <yueyuankun@kylinos.cn> - 2.0-1.88
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:update the grub.cfg path so that both uefi and legacy modes have grub2 password
+
 * Tue Jan 10 2023 renmingshuai <renmingshuai@huawei.com> - 2.0-1.87
 - delete deprecated option RSAAuthentication and RhostsRSAAuthentication
 
-- 
Gitee