rpms/grub2
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add DNF protected.d fragments for GRUB packages

Browse Source 
Users can unintentionally remove the grub2 packages and break their system
by deleting the bootloader. To prevent this mark them as protected by DNF.

Resolves: rhbz#1874541

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
This commit is contained in:
Javier Martinez Canillas 2020-12-30 19:31:02 +01:00
parent c321e640dc
commit 8c2cf1c368
No known key found for this signature in database
GPG Key ID: C751E590D63F3D69
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
grub.macros
View File

@ -370,6 +370,14 @@ for x in grub-mkimage ; do \\\
done \
%{nil}
%define do_install_protected_file() \
touch %{1}.conf \
echo %{1} > %{1}.conf \
install -d -m 755 ${RPM_BUILD_ROOT}/etc/dnf/protected.d/ \
install -m 644 %{1}.conf ${RPM_BUILD_ROOT}/etc/dnf/protected.d/ \
rm -f %{1}.conf \
%{nil}
%ifarch x86_64 aarch64 %{arm} riscv64
%define mkimage() \
%{4}./grub-mkimage -O %{1} -o %{2}.orig \\\
@ -483,6 +491,7 @@ find . '(' -iname gdb_grub \\\
find $RPM_BUILD_ROOT -type f -iname "*.mod*" -exec chmod a-x {} '\;' \
install -m 700 %{2} $RPM_BUILD_ROOT%{efi_esp_dir}/%{2} \
install -m 700 %{3} $RPM_BUILD_ROOT%{efi_esp_dir}/%{3} \
%{expand:%%do_install_protected_file %{name}-%{alt_package_arch}} \
cd .. \
%{nil}
@ -510,6 +519,7 @@ ${RPM_BUILD_ROOT}/%{_bindir}/%{name}-editenv \\\
${RPM_BUILD_ROOT}%{efi_esp_dir}/grubenv create \
ln -sf ../efi/EFI/%{efi_vendor}/grubenv \\\
$RPM_BUILD_ROOT/boot/grub2/grubenv \
%{expand:%%do_install_protected_file %{name}-%{package_arch}} \
cd .. \
%{nil}
@ -532,6 +542,7 @@ if [ %{3} -eq 0 ]; then \
${RPM_BUILD_ROOT}/%{_bindir}/%{name}-editenv \\\
${RPM_BUILD_ROOT}/boot/%{name}/grubenv create \
fi \
%{expand:%%do_install_protected_file %{name}-%{legacy_package_arch}} \
cd .. \
%{nil}
@ -579,6 +590,7 @@ touch ${RPM_BUILD_ROOT}/boot/%{name}/grub.cfg \
%config(noreplace) %{_sysconfdir}/%{name}.cfg \
%ghost %config(noreplace) /boot/%{name}/grub.cfg \
%dir %attr(0700,root,root)/boot/loader/entries \
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/%{name}-%{1}.conf \
\
%{expand:%if 0%{?with_legacy_modules} \
%{expand:%%files %{1}-modules} \
@ -606,6 +618,7 @@ touch ${RPM_BUILD_ROOT}/boot/%{name}/grub.cfg \
%ghost %config(noreplace) %attr(0700,root,root)%{efi_esp_dir}/grub.cfg \
%config(noreplace) %verify(not size mode md5 mtime) /boot/grub2/grubenv \
%ghost %config(noreplace) %attr(0700,root,root)%{efi_esp_dir}/grubenv \
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/%{name}-%{1}.conf \
%{expand:%if 0%{?without_efi_modules} \
%exclude %{_libdir}/grub/%{6} \
%exclude %{_libdir}/grub/%{6}/* \

2
grub2.spec
View File

@ -233,6 +233,7 @@ rm -vf ${RPM_BUILD_ROOT}/%{_bindir}/%{name}-render-label
rm -vf ${RPM_BUILD_ROOT}/%{_sbindir}/%{name}-bios-setup
rm -vf ${RPM_BUILD_ROOT}/%{_sbindir}/%{name}-macbless
%endif
%{expand:%%do_install_protected_file %{name}-tools-minimal}
%find_lang grub
@ -375,6 +376,7 @@ rm -r /boot/grub2.tmp/ || :
%{_bindir}/%{name}-editenv
%{_bindir}/%{name}-mkpasswd-pbkdf2
%{_bindir}/%{name}-mount
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/%{name}-tools-minimal.conf
%{_datadir}/man/man3/%{name}-get-kernel-settings*
%{_datadir}/man/man8/%{name}-set-default*