Compare commits

...

No commits in common. 'c9' and 'i9.5-beta' have entirely different histories.

@ -0,0 +1,159 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Marta Lewandowska <mlewando@redhat.com>
Date: Mon, 9 Oct 2023 08:53:18 +0200
Subject: [PATCH] search command: add flag to only search root dev
bz#2223437
Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
---
grub-core/commands/search.c | 36 ++++++++++++++++++++++++++++++++++++
grub-core/commands/search_wrap.c | 5 +++++
grub-core/kern/misc.c | 30 ++++++++++++++++++++++++++++++
include/grub/misc.h | 1 +
include/grub/search.h | 3 ++-
5 files changed, 74 insertions(+), 1 deletion(-)
diff --git a/grub-core/commands/search.c b/grub-core/commands/search.c
index 57d26ced8a8e..94fe8b2872a1 100644
--- a/grub-core/commands/search.c
+++ b/grub-core/commands/search.c
@@ -85,6 +85,42 @@ iterate_device (const char *name, void *data)
grub_device_close (dev);
}
+ /* Skip it if it's not the root device when requested. */
+ if (ctx->flags & SEARCH_FLAGS_ROOTDEV_ONLY)
+ {
+ const char *root_dev;
+ root_dev = grub_env_get ("root");
+ if (root_dev != NULL && *root_dev != '\0')
+ {
+ char *root_disk = grub_malloc (grub_strlen(root_dev) + 1);
+ char *name_disk = grub_malloc (grub_strlen(name) + 1);
+ char *rem_1 = grub_malloc(grub_strlen(root_dev) + 1);
+ char *rem_2 = grub_malloc(grub_strlen(name) + 1);
+
+ if (root_disk != NULL && name_disk != NULL &&
+ rem_1 != NULL && rem_2 != NULL)
+ {
+ /* get just the disk name; partitions will be different. */
+ grub_str_sep (root_dev, root_disk, ',', rem_1);
+ grub_str_sep (name, name_disk, ',', rem_2);
+ if (root_disk != NULL && *root_disk != '\0' &&
+ name_disk != NULL && *name_disk != '\0')
+ if (grub_strcmp(root_disk, name_disk) != 0)
+ {
+ grub_free (root_disk);
+ grub_free (name_disk);
+ grub_free (rem_1);
+ grub_free (rem_2);
+ return 0;
+ }
+ }
+ grub_free (root_disk);
+ grub_free (name_disk);
+ grub_free (rem_1);
+ grub_free (rem_2);
+ }
+ }
+
#ifdef DO_SEARCH_FS_UUID
#define compare_fn grub_strcasecmp
#else
diff --git a/grub-core/commands/search_wrap.c b/grub-core/commands/search_wrap.c
index 0b62acf85359..06b5f51eefb5 100644
--- a/grub-core/commands/search_wrap.c
+++ b/grub-core/commands/search_wrap.c
@@ -41,6 +41,7 @@ static const struct grub_arg_option options[] =
ARG_TYPE_STRING},
{"no-floppy", 'n', 0, N_("Do not probe any floppy drive."), 0, 0},
{"efidisk-only", 0, 0, N_("Only probe EFI disks."), 0, 0},
+ {"root-dev-only", 'r', 0, N_("Only probe root device."), 0, 0},
{"hint", 'h', GRUB_ARG_OPTION_REPEATABLE,
N_("First try the device HINT. If HINT ends in comma, "
"also try subpartitions"), N_("HINT"), ARG_TYPE_STRING},
@@ -75,6 +76,7 @@ enum options
SEARCH_SET,
SEARCH_NO_FLOPPY,
SEARCH_EFIDISK_ONLY,
+ SEARCH_ROOTDEV_ONLY,
SEARCH_HINT,
SEARCH_HINT_IEEE1275,
SEARCH_HINT_BIOS,
@@ -189,6 +191,9 @@ grub_cmd_search (grub_extcmd_context_t ctxt, int argc, char **args)
if (state[SEARCH_EFIDISK_ONLY].set)
flags |= SEARCH_FLAGS_EFIDISK_ONLY;
+ if (state[SEARCH_ROOTDEV_ONLY].set)
+ flags |= SEARCH_FLAGS_ROOTDEV_ONLY;
+
if (state[SEARCH_LABEL].set)
grub_search_label (id, var, flags, hints, nhints);
else if (state[SEARCH_FS_UUID].set)
diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c
index cb454614022f..50af9ee1bdd9 100644
--- a/grub-core/kern/misc.c
+++ b/grub-core/kern/misc.c
@@ -619,6 +619,36 @@ grub_reverse (char *str)
}
}
+/* Separate string into two parts, broken up by delimiter delim. */
+void
+grub_str_sep (const char *s, char *p, char delim, char *r)
+{
+ char* t = grub_strndup(s, grub_strlen(s));
+
+ if (t != NULL && *t != '\0')
+ {
+ char* tmp = t;
+
+ while (((*p = *t) != '\0') && ((*p = *t) != delim))
+ {
+ p++;
+ t++;
+ }
+ *p = '\0';
+
+ if (*t != '\0')
+ {
+ t++;
+ while ((*r++ = *t++) != '\0')
+ ;
+ *r = '\0';
+ }
+ grub_free (tmp);
+ }
+ else
+ grub_free (t);
+}
+
/* Divide N by D, return the quotient, and store the remainder in *R. */
grub_uint64_t
grub_divmod64 (grub_uint64_t n, grub_uint64_t d, grub_uint64_t *r)
diff --git a/include/grub/misc.h b/include/grub/misc.h
index faae0ae8606c..981526644d29 100644
--- a/include/grub/misc.h
+++ b/include/grub/misc.h
@@ -314,6 +314,7 @@ void *EXPORT_FUNC(grub_memset) (void *s, int c, grub_size_t n);
grub_size_t EXPORT_FUNC(grub_strlen) (const char *s) WARN_UNUSED_RESULT;
int EXPORT_FUNC(grub_printf) (const char *fmt, ...) __attribute__ ((format (GNU_PRINTF, 1, 2)));
int EXPORT_FUNC(grub_printf_) (const char *fmt, ...) __attribute__ ((format (GNU_PRINTF, 1, 2)));
+void EXPORT_FUNC(grub_str_sep) (const char *s, char *p, char delim, char *r);
/* Replace all `ch' characters of `input' with `with' and copy the
result into `output'; return EOS address of `output'. */
diff --git a/include/grub/search.h b/include/grub/search.h
index 4190aeb2cbf5..321d1400e451 100644
--- a/include/grub/search.h
+++ b/include/grub/search.h
@@ -22,7 +22,8 @@
enum search_flags
{
SEARCH_FLAGS_NO_FLOPPY = 1,
- SEARCH_FLAGS_EFIDISK_ONLY = 2
+ SEARCH_FLAGS_EFIDISK_ONLY = 2,
+ SEARCH_FLAGS_ROOTDEV_ONLY = 4
};
void grub_search_fs_file (const char *key, const char *var,

@ -0,0 +1,29 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Leo Sandoval <lsandova@redhat.com>
Date: Mon, 1 Jul 2024 12:52:13 -0600
Subject: [PATCH] grub-mkconfig.in: turn off executable owner bit
Stricker permissions are required on the grub.cfg file, resulting in
at most 0600 owner's file permissions. This resolves conflicting
requirement permissions on grub2-pc package's grub2.cfg file.
Resolves: RHEL-45870
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
---
util/grub-mkconfig.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index 34f7c13fc..f47b2735d 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -320,7 +320,7 @@ and /etc/grub.d/* files or please file a bug report with
exit 1
else
# none of the children aborted with error, install the new grub.cfg
- oldumask=$(umask); umask 077
+ oldumask=$(umask); umask 177
cat ${grub_cfg}.new > ${grub_cfg}
umask $oldumask
rm -f ${grub_cfg}.new

@ -0,0 +1,40 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Nicolas Frayer <nfrayer@redhat.com>
Date: Tue, 16 Jul 2024 11:11:43 +0200
Subject: [PATCH] grub2-mkconfig: Ensure grub cfg stub is not overwritten
/boot/efi/EFI/$os_name/grub.cfg contains a grub cfg stub
that should not be overwritten by grub2-mkconfig.
Ensure that we prevent this from happening.
Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
---
util/grub-mkconfig.in | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index 34f7c13fc521..34d0120d0ba2 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -114,6 +114,20 @@ do
esac
done
+os_name=$(grep '^ID=' /etc/os-release | sed 's/ID=//')
+if test "$os_name" = '"rhel"'; then
+ os_name=redhat
+elif test "$os_name" = '"centos"'; then
+ os_name=centos
+fi
+if test "x${grub_cfg}" = "x/boot/efi/EFI/$os_name/grub.cfg" &&\
+ mountpoint -q /boot/efi; then
+ gettext_printf "Running \`grub2-mkconfig -o %s' will overwrite the GRUB wrapper.\n" "$grub_cfg" 1>&2
+ gettext_printf "Please run \`grub2-mkconfig -o /boot/grub2/grub.cfg' instead to update grub.cfg.\n" 1>&2
+ gettext_printf "GRUB configuration file was not updated.\n" 1>&2
+ exit 1
+fi
+
if [ "x$EUID" = "x" ] ; then
EUID=`id -u`
fi

@ -0,0 +1,25 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: raravind <raravind@redhat.com>
Date: Tue, 9 May 2023 11:29:35 +0200
Subject: [PATCH] chainloader: remove device path debug message
Remove the debug message "/EndEntire" while using GRUB chainloader command.
Signed-off-by: raravind <raravind@redhat.com>
(cherry picked from commit f75f5386b7a6a7cb2e10d30f817a3564c0a28dd7)
---
grub-core/loader/efi/chainloader.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
index dd31ac9bb318..b1c86dab2b60 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -210,7 +210,6 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
/* Fill the file path for the directory. */
d = (grub_efi_device_path_t *) ((char *) file_path
+ ((char *) d - (char *) dp));
- grub_efi_print_device_path (d);
if (copy_file_path ((grub_efi_file_path_device_path_t *) d,
dir_start, dir_end - dir_start) != GRUB_ERR_NONE)
{

@ -0,0 +1,30 @@
From ac5b2bc87a6c361fd504898a368f0867ef3e2679 Mon Sep 17 00:00:00 2001
From: Andrew Lukoshko <alukoshko@almalinux.org>
Date: Wed, 31 Jul 2024 16:06:10 +0000
Subject: [PATCH] grub2-mkconfig: Simplify os_name detection
---
util/grub-mkconfig.in | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index 7a0738b..ebf5150 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -114,12 +114,7 @@ do
esac
done
-os_name=$(grep '^ID=' /etc/os-release | sed 's/ID=//')
-if test "$os_name" = '"rhel"'; then
- os_name=redhat
-elif test "$os_name" = '"centos"'; then
- os_name=centos
-fi
+os_name=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/' -e 's/\"//g')
if test "x${grub_cfg}" = "x/boot/efi/EFI/$os_name/grub.cfg" &&\
mountpoint -q /boot/efi; then
gettext_printf "Running \`grub2-mkconfig -o %s' will overwrite the GRUB wrapper.\n" "$grub_cfg" 1>&2
--
2.43.5

@ -0,0 +1,29 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Nicolas Frayer <nfrayer@redhat.com>
Date: Thu, 1 Aug 2024 11:13:20 +0200
Subject: [PATCH] grub/mkconfig: Remove check for mount point for grub cfg stub
Remove mountpoint when checking whether or not the grub cfg stub
exists and add -s to the test. This should cover scenarios where
the ESP doesn't have a seperate partition but still uses a grub
cfg stub
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
---
util/grub-mkconfig.in | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index a4972039b751..3f131eea2b12 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -115,8 +115,7 @@ do
done
os_name=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/' -e 's/\"//g')
-if test "x${grub_cfg}" = "x/boot/efi/EFI/$os_name/grub.cfg" &&\
- mountpoint -q /boot/efi; then
+if test -s "${grub_cfg}" && test "x${grub_cfg}" = "x/boot/efi/EFI/$os_name/grub.cfg"; then
gettext_printf "Running \`grub2-mkconfig -o %s' will overwrite the GRUB wrapper.\n" "$grub_cfg" 1>&2
gettext_printf "Please run \`grub2-mkconfig -o /boot/grub2/grub.cfg' instead to update grub.cfg.\n" 1>&2
gettext_printf "GRUB configuration file was not updated.\n" 1>&2

@ -0,0 +1,44 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Maximilian Luz <luzmaximilian@gmail.com>
Date: Tue, 28 Jun 2022 23:06:46 +0200
Subject: [PATCH] arm64: Use proper memory type for kernel allocation
Currently, the kernel pages are allocated with type EFI_LOADER_DATA.
While the vast majority of systems will happily execute code from those
pages (i.e. don't care about memory protection), the Microsoft Surface
Pro X stalls, as this memory is not designated as "executable".
Therefore, allocate the kernel pages as EFI_LOADER_CODE to request
memory that is actually executable.
Signed-off-by: Maximilian Luz <luzmaximilian@gmail.com>
---
grub-core/loader/arm64/linux.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c
index 419f2201df8b..a3a193c255e9 100644
--- a/grub-core/loader/arm64/linux.c
+++ b/grub-core/loader/arm64/linux.c
@@ -26,7 +26,9 @@
#include <grub/mm.h>
#include <grub/types.h>
#include <grub/cpu/linux.h>
+#include <grub/efi/api.h>
#include <grub/efi/efi.h>
+#include <grub/cpu/efi/memory.h>
#include <grub/efi/fdtload.h>
#include <grub/efi/memory.h>
#include <grub/efi/linux.h>
@@ -403,7 +405,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
grub_loader_unset();
kernel_alloc_pages = GRUB_EFI_BYTES_TO_PAGES (kernel_size + align - 1);
- kernel_alloc_addr = grub_efi_allocate_any_pages (kernel_alloc_pages);
+ kernel_alloc_addr = grub_efi_allocate_pages_real (GRUB_EFI_MAX_USABLE_ADDRESS,
+ kernel_alloc_pages,
+ GRUB_EFI_ALLOCATE_MAX_ADDRESS,
+ GRUB_EFI_LOADER_CODE);
grub_dprintf ("linux", "kernel numpages: %d\n", kernel_alloc_pages);
if (!kernel_alloc_addr)
{

@ -6,6 +6,8 @@ fi
[[ -f /etc/default/grub ]] && . /etc/default/grub
[[ -f /etc/os-release ]] && . /etc/os-release
# NCSD mess
PRETTY_VERSION="$(echo $VERSION | sed 's/(//g;s/)//g')"
COMMAND="$1"
KERNEL_VERSION="$2"
@ -42,7 +44,7 @@ mkbls() {
fi
cat <<EOF
title ${NAME} (${kernelver}) ${VERSION}${debugname}
title ${NAME} (${kernelver}) ${PRETTY_VERSION}${debugname}
version ${kernelver}${debugid}
linux /vmlinuz-${kernelver}
initrd /initramfs-${kernelver}.img

@ -4,35 +4,12 @@ if ! [[ $KERNEL_INSTALL_MACHINE_ID ]]; then
exit 0
fi
# PV and PVH Xen DomU guests boot with pygrub that doesn't have BLS support,
# also Xen Dom0 use the menuentries from 20_linux_xen and not the ones from
# 10_linux. So BLS support needs to be disabled for both Xen Dom0 and DomU.
if [[ -e /sys/hypervisor/type ]] && grep -q "^xen$" /sys/hypervisor/type; then
RUN_MKCONFIG=true
DISABLE_BLS=true
fi
ARCH=$(uname -m)
# Older ppc64le OPAL firmware (petitboot version < 1.8.0) don't have BLS support
# so grub2-mkconfig has to be run to generate a config with menuentry commands.
if [[ $ARCH = "ppc64le" ]] && [ -d /sys/firmware/opal ]; then
petitboot_path="/sys/firmware/devicetree/base/ibm,firmware-versions/petitboot"
if test -e ${petitboot_path}; then
read -r -d '' petitboot_version < ${petitboot_path}
petitboot_version="$(echo ${petitboot_version//v})"
major_version="$(echo ${petitboot_version} | cut -d . -f1)"
minor_version="$(echo ${petitboot_version} | cut -d . -f2)"
if test -z ${petitboot_version} || test ${major_version} -lt 1 || \
test ${major_version} -eq 1 -a ${minor_version} -lt 8; then
RUN_MKCONFIG=true
fi
else
RUN_MKCONFIG=true
fi
fi
if [[ $DISABLE_BLS = "true" ]]; then
if grep -q '^GRUB_ENABLE_BLSCFG="*true"*\s*$' /etc/default/grub; then

@ -380,22 +380,27 @@ rm -f %{1}.conf \
gfxmenu gfxterm gzio \\\
halt http increment iso9660 \\\
jpeg loadenv loopback linux lvm luks \\\
luks2 mdraid09 mdraid1x minicmd net \\\
luks2 memdisk mdraid09 mdraid1x minicmd net \\\
normal part_apple part_msdos part_gpt \\\
password_pbkdf2 pgp png reboot regexp \\\
search search_fs_uuid search_fs_file \\\
search_label serial sleep syslinuxcfg \\\
search_label serial sleep squash4 syslinuxcfg \\\
test tftp version video xfs zstd " \
%ifarch x86_64 aarch64 %{arm} riscv64
%define efi_mkimage() \
mkdir -p memdisk/fonts \
cp %{4}/unicode.pf2 memdisk/fonts \
mksquashfs memdisk memdisk.squashfs -comp xz \
%{4}./grub-mkimage -O %{1} -o %{2}.orig \\\
-p /EFI/%{efi_vendor} -d grub-core \\\
--sbat %{4}./sbat.csv \\\
-m memdisk.squashfs \\\
${GRUB_MODULES} \
%{4}./grub-mkimage -O %{1} -o %{3}.orig \\\
-p /EFI/BOOT -d grub-core \\\
--sbat %{4}./sbat.csv \\\
-m memdisk.squashfs \\\
${GRUB_MODULES} \
%{expand:%%define ___pesign_client_cert %{?___pesign_client_cert}%{!?___pesign_client_cert:%{__pesign_client_cert}}} \
%{?__pesign_client_cert:%{expand:%%define __pesign_client_cert %{___pesign_client_cert}}} \
@ -589,7 +594,8 @@ install -d -m 0700 ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig \
touch ${RPM_BUILD_ROOT}%{_sysconfdir}/default/grub \
ln -sf ../default/grub \\\
${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/grub \
touch ${RPM_BUILD_ROOT}/boot/%{name}/grub.cfg \
touch grub.cfg \
install -m 0600 grub.cfg ${RPM_BUILD_ROOT}/boot/%{name}/ \
ln -s ../boot/%{name}/grub.cfg \\\
${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.cfg \
%{nil}
@ -598,7 +604,7 @@ ln -s ../boot/%{name}/grub.cfg \\\
%{expand:%%files %{1}} \
%defattr(-,root,root,-) \
%config(noreplace) %{_sysconfdir}/%{name}.cfg \
%ghost %config(noreplace) %attr(0700,root,root)/boot/%{name}/grub.cfg \
%ghost %config(noreplace) %attr(0600,root,root)/boot/%{name}/grub.cfg \
%dir %attr(0700,root,root)/boot/loader/entries \
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/%{name}-%{1}.conf \
%ifarch ppc64le \
@ -633,7 +639,7 @@ ln -s ../boot/%{name}/grub.cfg \\\
%endif \
%attr(0700,root,root)/boot/%{name}/fonts \
%dir %attr(0700,root,root)/boot/loader/entries \
%ghost %config(noreplace) %attr(0700,root,root)/boot/%{name}/grub.cfg \
%ghost %config(noreplace) %attr(0600,root,root)/boot/%{name}/grub.cfg \
%ghost %config(noreplace) %verify(not mtime) %attr(0700,root,root)%{efi_esp_dir}/grub.cfg \
%config(noreplace) %verify(not size mode md5 mtime) /boot/%{name}/grubenv \
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/%{name}-%{1}.conf \

@ -343,3 +343,9 @@ Patch0342: 0342-grub_dl_set_mem_attrs-add-self-check-for-the-tramp-G.patch
Patch0343: 0343-grub_dl_load_segments-page-align-the-tramp-GOT-areas.patch
Patch0344: 0344-grub-install-on-EFI-if-forced.patch
Patch0345: 0345-cmd-search-Rework-of-CVE-2023-4001-fix.patch
Patch0346: 0346-grub-mkconfig.in-turn-off-executable-owner-bit.patch
Patch0347: 0347-grub2-mkconfig-Ensure-grub-cfg-stub-is-not-overwritt.patch
Patch0348: 0348-chainloader-remove-device-path-debug-message.patch
Patch0349: 0349-grub2-mkconfig-Simplify-os_name-detection.patch
Patch0350: 0350-grub-mkconfig-Remove-check-for-mount-point-for-grub-.patch
Patch0351: 0351-arm64-Use-proper-memory-type-for-kernel-allocation.patch

@ -1,3 +1,4 @@
sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
grub,3,Free Software Foundation,grub,@@VERSION@@,https//www.gnu.org/software/grub/
grub.rh,2,Red Hat,grub2,@@VERSION_RELEASE@@,mailto:secalert@redhat.com
grub.rh,2,Red Hat,grub2,@@RHEL_VERSION_RELEASE@@,mailto:secalert@redhat.com
grub.msvsphere,2,MSVSphere,grub2,@@VERSION_RELEASE@@,mailto:security@msvsphere-os.ru

@ -1,3 +1,6 @@
%global efi_vendor msvsphere
%global efidir msvsphere
%global efi_esp_dir /boot/efi/EFI/%{efidir}
# This package calls binutils components directly and would need to pass
# in flags to enable the LTO plugins
# Disable LTO
@ -16,7 +19,7 @@
Name: grub2
Epoch: 1
Version: 2.06
Release: 82%{?dist}
Release: 92%{?dist}.inferit.4
Summary: Bootloader with support for Linux, Multiboot and more
License: GPLv3+
URL: http://www.gnu.org/software/grub/
@ -37,25 +40,9 @@ Source12: sbat.csv.in
%include %{SOURCE1}
%ifarch x86_64 aarch64 ppc64le
%define sb_ca %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer
%define sb_cer %{_datadir}/pki/sb-certs/secureboot-grub2-%{_arch}.cer
%endif
%if 0%{?centos}
%ifarch x86_64 aarch64 ppc64le
%define sb_key centossecureboot202
%endif
%else
%ifarch x86_64 aarch64
%define sb_key redhatsecureboot502
%endif
%ifarch ppc64le
%define sb_key redhatsecureboot702
%endif
%endif
%define sb_key spheresecureboot001
BuildRequires: gcc efi-srpm-macros
@ -69,6 +56,7 @@ BuildRequires: freetype-devel gettext-devel git
BuildRequires: texinfo
BuildRequires: dejavu-sans-fonts
BuildRequires: help2man
BuildRequires: squashfs-tools
# For %%_userunitdir macro
BuildRequires: systemd
%ifarch %{efi_arch}
@ -97,6 +85,9 @@ variety of kernel formats, file systems, computer architectures and \
hardware devices.\
%{nil}
# MSVSphere: keep upstream EVR for RHEL SBAT entry
%define rhel_version_release $(echo %{version}-%{release} | sed 's/\.inferit.*//')
# generate with do-rebase
%include %{SOURCE11}
@ -189,7 +180,7 @@ This subpackage provides the GRUB user-space emulation modules.
mkdir grub-%{grubefiarch}-%{tarversion}
grep -A100000 '# stuff "make" creates' .gitignore > grub-%{grubefiarch}-%{tarversion}/.gitignore
cp %{SOURCE4} grub-%{grubefiarch}-%{tarversion}/unifont.pcf.gz
sed -e "s,@@VERSION@@,%{version},g" -e "s,@@VERSION_RELEASE@@,%{version}-%{release},g" \
sed -e "s,@@VERSION@@,%{version},g" -e "s,@@VERSION_RELEASE@@,%{version}-%{release},g" -e "s,@@RHEL_VERSION_RELEASE@@,%{rhel_version_release},g" \
%{SOURCE12} > grub-%{grubefiarch}-%{tarversion}/sbat.csv
git add grub-%{grubefiarch}-%{tarversion}
%endif
@ -335,20 +326,30 @@ if ! mountpoint -q ${ESP_PATH}; then
exit 0 # no ESP mounted, nothing to do
fi
if test ! -f ${EFI_HOME}/grub.cfg; then
# there's no config in ESP, create one
grub2-mkconfig -o ${EFI_HOME}/grub.cfg
cp -a ${EFI_HOME}/grub.cfg ${EFI_HOME}/grub.cfg.rpmsave
if test ! -f ${GRUB_HOME}/grub.cfg; then
# there's no config in GRUB home, create one
grub2-mkconfig -o ${GRUB_HOME}/grub.cfg
else
GRUB_CFG_MODE=$(stat --format="%a" ${GRUB_HOME}/grub.cfg)
if ! test "${GRUB_CFG_MODE}" = "600"; then
# when upgrading from <=2.06-90 to newer versions, the grub config stub
# may have different mode than 0600, so set the latter if this is the case
chmod 0600 ${GRUB_HOME}/grub.cfg
fi
fi
# make sure grub.cfg is present before grepping it
if test -f ${EFI_HOME}/grub.cfg; then
# need to move grub.cfg to correct dir for major version upgrade
if ! grep -q "configfile" ${EFI_HOME}/grub.cfg; then
cp -a ${EFI_HOME}/grub.cfg ${GRUB_HOME}/
chmod 0600 ${GRUB_HOME}/grub.cfg
fi
if grep -q "configfile" ${EFI_HOME}/grub.cfg && grep -q "root-dev-only" ${EFI_HOME}/grub.cfg; then
exit 0 # already unified, nothing to do
fi
fi
# create a stub grub2 config in EFI
BOOT_UUID=$(%{name}-probe --target=fs_uuid ${GRUB_HOME})
@ -537,21 +538,75 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
%endif
%changelog
* Mon Nov 11 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 1:2.06-92.inferit.4
- Added missing modules
* Mon Nov 11 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 1:2.06-92.inferit.3
- Bundle unicode.pf2 with images
* Mon Nov 11 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 1:2.06-92.inferit.2
- Try to use font from MSVSphere 8 to avoid bad symbols in EFI mode
* Fri Nov 01 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 2.06-92.inferit.1
- Bump release to rebuild
* Tue Aug 13 2024 Nicolas Frayer <nfrayer@redhat.com> - 2.06-92
- arm64/linux: Allocate memory for kernel with EFI_LOADER_CODE type
- Resolves: #RHEL-49868
* Fri Aug 2 2024 Leo Sandoval <lsandova@redhat.com> - 2.06-91
- Set /boot/grub2/grub.cfg to 0600 mode if present
- Resolves: #RHEL-45870
* Thu Aug 1 2024 Nicolas Frayer <nfrayer@redhat.com> - 2.06-90
- grub2-mkconfig: Remove mountpoint check
- Related: #RHEL-32099
* Thu Aug 1 2024 Leo Sandoval <lsandova@redhat.com> - 2.06-89
- Bump release number
- Resolves: #RHEL-45870
* Wed Jul 31 2024 Leo Sandoval <lsandova@redhat.com> - 2.06-88
- grub.cfg: Fix rpm grub.cfg verification issues
- Resolves: #RHEL-45870
* Wed Jul 31 2024 Andrew Lukoshko <alukoshko@almalinux.org> - 2.06-87
- grub2-mkconfig: Simplify os_name detection
- Resolves: #RHEL-32099
* Tue Jul 16 2024 Nicolas Frayer <nfrayer@redhat.com> - 2.06-86
- chainloader: Remove unexpected "/EndEntire"
- Resolves: #RHEL-4380
* Tue Jul 16 2024 Nicolas Frayer <nfrayer@redhat.com> - 2.06-85
- grub2-mkconfig: Prevent mkconfig from overwriting grub cfg stub
- Resolves: #RHEL-32099
* Thu Jul 11 2024 Nicolas Frayer <nfrayer@redhat.com> - 2.06-84
- install/ppc64le: run grub2-mkconfig regardless of petitboot version
- Resolves: #RHEL-45161
* Mon Jul 1 2024 Leo Sandoval <lsandova@redhat.com> - 2.06-83
- grub-mkconfig.in: turn off executable owner bit
- Resolves: RHEL-45870
* Thu Jun 27 2024 Nicolas Frayer <nfrayer@redhat.com> - 2.06-82
- Bump to assign correct tag
- Related: #RHEL-40362
- mkconfig/install: Remove BLS handling for XEN
- Resolves: #RHEL-4386
* Tue Jun 25 2024 Marta Lewandowska <mlewando@redhat.com> - 2.06-81
- grub.cfg: Fix an issue when doing a major version upgrade
- Resolves: #RHEL-40362
- Resolves: #RHEL-45008
* Tue May 28 2024 Nicolas Frayer <nfrayer@redhat.com> - 2.06-80
- Added more code for the previous CVE fix
- Related: #RHEL-39405
- Related: #RHEL-36249
- Related: #RHEL-36186
* Tue May 28 2024 Nicolas Frayer <nfrayer@redhat.com> - 2.06-79
- cmd/search: Rework of CVE-2023-4001 fix
- Resolves: #RHEL-39405
- Resolves: #RHEL-36249
- Resolves: #RHEL-36186
* Thu Feb 22 2024 Nicolas Frayer <nfrayer@redhat.com> - 2.06-78
- util: grub-install on EFI if forced
@ -584,11 +639,19 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
- normal: Remove grub_env_set prefix in grub_try_normal_prefix
- Resolves: #RHEL-1601
* Fri Oct 27 2023 Arkady L. Shane <tigro@msvsphere-os.ru> - 2.06-70.el9_3.1.inferit.1
- Drop brackets from grub menu (INF-738)
* Thu Oct 19 2023 Nicolas Frayer <nfrayer@redhat.com> - 2.06-71
- kern/ieee1275/init: ppc64: Restrict high memory in presence
of fadump
- Resolves: #RHEL-14282
* Thu Oct 12 2023 Sergey Cherevko <s.cherevko@msvsphere-os.ru> - 2.06-70.el9_3.1.inferit
- Modified to use MSVSphere Secure Boot certificates
(changes from Eugene Zamriy <ezamriy@msvsphere-os.ru> have been applied)
- Rebuilt for MSVSphere 9.3
* Tue Aug 29 2023 Nicolas Frayer <nfrayer@redhat.com> - 2.06-70
- grub2-mkconfig: Pass all boot params when used by anaconda
- Resolves: #RHEL-2185
@ -632,6 +695,9 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
- 20-grub-install: Explicitly check '+debug' suffix for debug kernels
- Resolves: #2148351
* Wed Mar 15 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 2.06-61
- Rebuilt for MSVSphere 9.1.
* Mon Feb 20 2023 Robbie Harwood <rharwood@redhat.com> - 2.06-61
- ppc64le sysfs and mm update
- Resolves: #2026579

Loading…
Cancel
Save