Commit Graph

97 Commits

Author SHA1 Message Date
Javier Martinez Canillas
c432d1fe96
Include regexp module in EFI builds
So the regexp command can be used in systems with Secure Boot enabled.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-08-07 22:15:12 +02:00
Benjamin Doron
300c372004
Includes security modules in Grub2 EFI builds
Satisfies https://fedoraproject.org/wiki/Changes/Include_security_modules_in_efi_Grub2

Resolves: rhbz#1722938
2019-07-15 12:06:36 +02:00
Sergio Durigan Junior
f6da347edf
Use '-g' instead of '-g3' when compiling grub2.
The rpm-build's "debugedit" program will silently corrupt .debug_macro
strings when a binary is compiled with -g3.  Later in the build phase,
gdb-add-index is invoked to extract the DWARF index from the binary,
and GDB will segfault because dwarf2read.c:parse_definition_macro's
'body' variable is NULL.

Resolves: rhbz#1708780
2019-06-18 12:05:36 +02:00
Peter Jones
7388f24e3e Fix HOST_LDFLAGS to include the hardening flags.
rpmdiff noticed the following:

Detecting usr/sbin/grub2-ofpathname with not-hardened warnings '
Hardened: grub2-ofpathname: FAIL: Gaps were detected in the annobin coverage.  Run with -v to list.
Hardened: grub2-ofpathname: FAIL: Not linked with -Wl,-z,now.
Hardened: grub2-ofpathname: MAYB: The PIC/PIE setting was not recorded.
Hardened: grub2-ofpathname: FAIL: Not linked as a position independent executable (ie need to add '-pie' to link command line).
' on ppc64le

This is because while we made the CFLAGS get some new options, LDFLAGS never
got the same treatement, and we disabled %{_hardened_build} to avoid getting
its options in the TARGET_{C,LD}FLAGS variables.

This patch duplicates the infrastructure for {HOST,TARGET}_CFLAGS into
{HOST,TARGET}_LDFLAGS, and adds the %{_hardening_ldflags} and
%{_hardening_cflags} to both HOST_{C,LD}FLAGS.

Additionally, it fixes the CPPFLAGS definitions, since rpm doesn't define any
CPPFLAGS at all, and makes the -I$(pwd) be there exclusively, not on CFLAGS as
well, since they're always used in concert.

Signed-off-by: Peter Jones <pjones@redhat.com>
2019-05-23 13:51:07 -04:00
Neal Gompa
0b428f20f3
Add grub2-mount to grub2-tools-minimal subpackage
os-prober 1.75 dropped all the code for handling device mapper
directly in favor of only supporting the use of grub2-mount.

Thus, we now need grub2-mount to be built and packaged so that
os-prober can depend on it. We ship it in the grub2-tools-minimal
package to avoid creating a dependency loop between grub2-tools and
os-prober.

Resolves: rhbz#1471267

Signed-off-by: Neal Gompa <ngompa13@gmail.com>
2019-05-06 13:40:04 +02:00
Javier Martinez Canillas
a18e8e631d
Add grub2-emu subpackage
GRUB has an user-space program emulator that allows to parse config files
and execute boot entries using the kexec tool. Add a grub2-emu subpackage
to install the emulator.

The subpackage is disabled on ppc64le architecture for now since grub2-emu
fails to build there.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-05-03 15:39:28 +02:00
Tim Landscheidt
af06f22ee4 Fix description of grub2-pc
Resolves: rhbz#1484298
2019-05-03 10:43:27 +02:00
Javier Martinez Canillas
8c44667ebf
Avoid grub2-efi package to overwrite existing /boot/grub2/grubenv file
The grub2-efi package create a /boot/grub2/grubenv symlink that points to
/boot/efi/EFI/fedora/grubenv that's where the real grubenv file is looked
up by GRUB on an EFI installation.

But currently if the grub2-efi is installed on a legacy BIOS install, it
will overwrite an existing /boot/grub2/grubenv file with a broken symlink.

So mark it as %config(noreplace) to avoid loosing an existing grubenv.

Resolves: rhbz#1687323

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-03-11 10:22:11 +01:00
Javier Martinez Canillas
11b49b804e
BLS support enhancements and some fixes
- Don't build the grub2-efi-ia32-* packages on i686 (pjones)
- Add efi-export-env and efi-load-env commands (pjones)
- Make it possible to subtract conditions from debug= (pjones)
- Try to set -fPIE and friends on libgnu.a (pjones)
- Add more options to blscfg command to make it more flexible
- Add support for prepend early initrds to the BLS entries
- Fix grub.cfg-XXX look up when booting over TFTP

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-02-04 19:28:49 +01:00
Peter Jones
db4a99687c Exclude /etc/grub.d/01_fallback_counting until we work through some design
questions.
  Resolves: rhbz#1614637

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-10-04 17:11:21 -04:00
Peter Jones
98536ecf37 Once more into the breach, dear friends.
- Limit grub_malloc() on x86_64 to < 31bit addresses, as some devices seem to
  have a colossally broken storage controller (or UEFI driver) that can't do
  DMA to higher memory addresses, but fails silently.
  Resolves: rhbz#1626844 (possibly really resolving it this time.)
- Also integrate Hans's attempt to fix the related error from -54, but do it
  the other way around: try the low addresses first and *then* the high one if
  the allocation fails.  This way we'll get low regions by default, and if
  kernel/initramfs don't fit anywhere, it'll try the higher addresses.
  Related: rhbz#1624532
- Coalesce all the intermediate debugging junk from -54/-55/-56.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-09-11 18:08:44 -04:00
Peter Jones
5376ad0c95 Fix 'reboot' command
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-09-11 10:44:46 -04:00
Peter Jones
4892e6bea5 Temporarily make -cdboot files 0700 again.
We need to move these to /boot/efi/EFI/BOOT/ and change the perms at the same
time, but that means changing this, comps, and lorax (at least) at the same
time.  Right this minute isn't a good time to do that.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-08-07 11:21:29 -04:00
Peter Jones
627591c8af Make -cdboot packages have file perms of 0755
This lets you use them for http(s) boot easier.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-08-02 16:12:23 -04:00
Peter Jones
18694c1a36 Fix git commits after %configure
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-08-02 14:30:59 -04:00
Peter Jones
dbfd2e6b04 Make more stuff in our buildroot go into the git repo so I can grep it better.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-31 16:40:33 -04:00
Peter Jones
15a207211f Roll upstream's patches into one big patch here.
I don't really need to watch 150+ patches from upstream get applied.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-31 10:57:52 -04:00
Peter Jones
8d563110da --with-utils=host
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-27 12:52:55 -04:00
Peter Jones
a45161331b Minor whitespace cleanup
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-27 12:48:09 -04:00
Peter Jones
da0e16c206 Fix autogen/autoconf invocation to actually re-make configure.
autogen.sh was running autoreconf, which *ran* configure but didn't actually
re-make it if it was there.  This means we effectively can't change our
configure invocation (for newer configure options), so that's bad.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-27 12:43:35 -04:00
Peter Jones
1b55f4c84d Fix some lingering bls issues
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-17 16:46:37 -04:00
Peter Jones
ebe16ceeab Make a couple of commands be built differently.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-12 18:51:56 -04:00
Peter Jones
64626d2a22 Fix arm (32-bit) ABI specification.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-11 17:13:42 -04:00
Peter Jones
a52365a0df Port several fixes from the F28 tree and a WIP tree.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-11 16:49:50 -04:00
Peter Jones
dd0009ec4d Enable 32-bit ARM EFI builds.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-10 15:12:02 -04:00
Peter Jones
bf33524673 Minor permissions fixes
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-10 14:39:21 -04:00
Peter Jones
a8d8dcf190 A couple of fixes needed by Fedora Atomic - javierm
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-11 10:13:05 -04:00
Peter Jones
78e1a10ec4 Add grub2-switch-to-blscfg
Fix for BLS paths on BIOS / non-UEFI (javierm)

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-04-03 13:41:24 -04:00
Peter Jones
06b68a8c94 Build the blscfg module in on EFI builds.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-03-06 14:47:22 -05:00
Peter Jones
d51395ea7f Update our gcc nerfing.
- Only nerf annobin, not -fstack-crash-protection.
- Fix a conflict on /boot/efi directory permissions between -cdboot and the
  normal bootloader.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-01-19 13:17:09 -05:00
Peter Jones
28076bb004 Nerf some new gcc 'features'
For now, completely nerf annobin and -fstack-clash-protection; at least
one of those things makes grubx64.efi crash on start.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-01-18 18:23:41 -05:00
Peter Jones
a91fed7f66 Fix some efi modules bugs
- Fix grub2-efi-modules provides/obsoletes generation
  Resolves: rhbz#1506704
- *Also* build grub-efi-ia32{,-*,!-modules} packages for i686 builds
  Resolves: rhbz#1502312

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-01-18 14:14:19 -05:00
Peter Jones
8cceee7ebe Make everything under /boot/efi be mode 0700, since that's what FAT will
show anyway.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-01-18 14:12:52 -05:00
Peter Jones
e1f4c0ec1e Make grub2-efi-aa64 provide grub2
I'm not sure this is 100% the right place to do this - maybe it should
go in anaconda - but it seems most expedient :/

Resolves: rhbz#1491045

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-09-20 15:28:42 -04:00
Peter Jones
b52a729921 Fix Obsoletes on grub2-pc
Signed-off-by: Peter Jones <pjones@redhat.com>
2017-09-06 18:26:03 -04:00
Petr Šabata
50a9c3a2b3 Limit the pattern matching in do_alt_efi_install to files
This unbreaks module builds that contain the ".module" string in their
dist tags.

Signed-off-by: Petr Šabata <contyk@redhat.com>
2017-08-30 11:03:41 -04:00
Peter Jones
152cdcd6f5 Minor updates to provides and excludes
Add some unconditional Provides:
  grub2-efi on grub2-efi-${arch}
  grub2-efi-cdboot on grub2-efi-${arch}-cdboot
  grub2 on all grub2-${arch} pacakges
Something is somehow adding /usr/lib/.build-id/... to all the -tools
  subpackages, so exclude all that.

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-25 13:31:34 -04:00
Peter Jones
53a4172ac4 Various fixups
- Put grub2-mkimage in -tools, not -tools-extra.
- Fix i686 building
- Fix ppc HFS+ usage due to /boot/efi's presence.

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-23 17:05:03 -04:00
Peter Jones
31ea67e0aa Add the .img files into grub2-pc-modules (and all legacy variants)
autoqa is seeing a failure that looks like:

13:50:17,909 INF program: grub2-install: error: cannot open `/usr/lib/grub/i386-pc/lzma_decompress.img': No such file or directory.

And it's because the .img files are currently excluded.  So put them
back.

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-18 17:36:01 -04:00
Peter Jones
3619a3f545 Simplify some of the macros a bit.
Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-17 13:28:53 -04:00
Peter Jones
41c1671979 Actually fix the configure usage and the gcc -E weirdness.
Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-17 13:28:53 -04:00
Peter Jones
31ca1450fc Try harder to avoid configure blowing up...
Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-16 17:46:08 -04:00
Peter Jones
cd4f646672 nope. 2017-08-16 17:32:06 -04:00
Peter Jones
6247ff55d9 try to fix broken ppc build
Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-16 17:20:57 -04:00
Peter Jones
dcee992d1c Fix some build failures.
Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-16 17:04:58 -04:00
Peter Jones
345233e0e5 fix grubenv once more... 2017-08-16 15:05:26 -04:00
Peter Jones
b50565e33e Make ia32 work as well.
- make it work with rpm-4.13.90
- split up the packages for various arch targets so ia32 can work

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-16 15:05:12 -04:00