Commit Graph

632 Commits

Author SHA1 Message Date
Robbie Harwood
dc0bc06560 Disable the tpm verifier if the TPM device is not present
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-30 12:47:20 +00:00
Robbie Harwood
ecd22580ae ppc64le: more cas vec5 shenanigans
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-30 12:31:37 +00:00
Robbie Harwood
6a9365c88d emu: work around systemctl bad behavior
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-22 18:39:56 +00:00
Robbie Harwood
48cf39de05 emu: handle BLS /boot weirdness
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-09 16:48:40 +00:00
Robbie Harwood
5c83f50804 Update mm fixes from upstream
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-20 16:49:18 +00:00
Robbie Harwood
b86fd390b8 Fix disk sector size computation
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-16 14:24:30 +00:00
Robbie Harwood
63b29f783e Override the linker and force nonexecutable stacks
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-10 21:50:45 +00:00
Robbie Harwood
851216d61a ppc64le: sync cas/tpm patchset with upstream
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-08 20:07:44 +00:00
Robbie Harwood
ed1787d5fc emu: support newer kexec syscall
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-06 22:43:11 +00:00
Robbie Harwood
a5299c3192 ppc64le: cas5, take 3
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-06 20:29:49 +00:00
Robbie Harwood
3a3516d360 Fix implicit function declaration warnings
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-06 18:54:15 +00:00
Javier Martinez Canillas
22838ae9d7
20-grub-install: Explicitly check '+debug' suffix for debug kernels
The kernel-install script is also used to install kernels when built from
source using the `make install` target.

And if this source contains modifications, a '+' is added as suffix by the
scripts/setlocalversion if no LOCALVERSION was set in the kernel config.

This confuses the grub2 kernel-install plugin, since it currently assumes
that any kernel that contain a version with a '+' suffix is a debug kernel.

But the match is too greedy, just having '+debug' should be enough to check
whether the kernel to install is a debug kernel or not.

Resolves: #2148351
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2023-02-01 23:09:10 +01:00
Robbie Harwood
1163f8ebfd Bump to re-run signing
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-01 20:54:24 +00:00
Robbie Harwood
e4be65856a Disable mdraid < 1.1 on ppc64le
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-31 16:09:55 -05:00
Robbie Harwood
f8f88e1235 Fix grub2-probe issue with previous commit
Resolves: #2165136
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-27 20:42:56 +00:00
Robbie Harwood
3ce59ed7e1 ppc64le: update signed media fixes
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-27 14:04:12 -05:00
Robbie Harwood
ac206cb17b ppc64le: fix issues using core.elf on boot media
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-13 20:28:48 +00:00
Robbie Harwood
7be2bf00c3 Pull allocator improvements from upstream
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-11 18:57:23 +00:00
Robbie Harwood
b84b21f7a2 Apply more hardening to host binaries
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-11 15:40:17 +00:00
Robbie Harwood
d2ad09e81a Allow internal grub allocations over 4GB
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-10 19:49:15 +00:00
Robbie Harwood
9e46a970c6 Fix prefix setting with memdisk creation for network boot
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-12-21 22:35:22 +00:00
Robbie Harwood
55921d8655 Attempt to fix eln build
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-12-19 14:36:15 -05:00
Robbie Harwood
fa48146e4c ppc64le: fix lpar cas5
Resolves: #2152547
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-12-14 19:30:52 +00:00
Robbie Harwood
85cfe6dd30 Fix error handling in grub_file_open()
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-12-06 15:57:14 +00:00
Robbie Harwood
9b063ec0c5 Bump spec for "Allow for xz'd symvers file"
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-12-05 12:24:36 -05:00
Tomas Hrcka
81ed67d3a8 Bump release to install unicode.pf2
Signed-off-by: Tomas Hrcka <thrcka@redhat.com>
2022-11-23 20:45:18 +01:00
Robbie Harwood
f09f9764c6 Add BR on squashfs-tools
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-22 18:18:54 -05:00
Robbie Harwood
0ccadff7a2 Bundle unicode.pf2 with images
Resolves: #2143725
Resolves: #2144113
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-22 17:56:56 -05:00
Peter Robinson
558410c2d9 Don't obsolete the tools package with extra/efi
The extra/efi packages aren't needed in a lot of use cases.
The efi subpackage is actually only useful on EFI based macs.
The extra subpackage isn't useful on cloud/server and a lot
of places where there's no need for pretty GUIs. Stop obsoleting
the tools package so that they're pulled in with every update
even though they may have been actively remove by images or users.

Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
[rharwood: bump spec]
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-22 11:39:30 -05:00
Robbie Harwood
06e51d2a65 Forward-port ppc64le image creation (with nerfed signing)
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-21 15:22:04 -05:00
Robbie Harwood
3972172d4d Font fixes (CVE-2022-2601 batch)
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-08 11:00:57 -05:00
Robbie Harwood
3d407d2111 Try dropping custom sort again
See-also: https://github.com/rpm-software-management/rpm/pull/2249
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-01 13:58:37 -04:00
Robbie Harwood
bc32a76bab TDX measurements to RTMR
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-10-28 16:58:27 +00:00
Robbie Harwood
fdd5c6f423 x86-efi: Fix an incorrect array size in kernel allocation
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-10-12 18:08:53 +00:00
Robbie Harwood
4fa957c61c Flush instruction cache before starting aa64 kernel
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-10-04 19:42:56 +00:00
Robbie Harwood
7a1af0ff6d Bump spec for grub.macros gettext changes from Jens
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-09-09 18:06:11 +00:00
Robbie Harwood
c50cc54b88 aa64: support pe/coff decompressor
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-09-08 20:17:42 +00:00
Robbie Harwood
db229abffb Revert patches to claim more memory for the arena
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-09-07 23:51:40 +00:00
Robbie Harwood
82f5820dd4 Fix root definition for blscfg in emu
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-25 21:59:45 +00:00
Robbie Harwood
d8336270fe gettext to gettext-runtime migration from Jens
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-25 18:19:28 +00:00
Robbie Harwood
c814f068c6 ieee1275: implement vec5 for cas negotiation
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-25 15:40:30 +00:00
Robbie Harwood
714559fb3d Handle ostree's non-writable /etc/kernel
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-17 16:09:22 +00:00
Robbie Harwood
bb8ac90efb Give up on rhgb quiet
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-17 15:31:34 +00:00
Robbie Harwood
fc76aed533 Fix duplicated args and cope with /etc/default/grub modification
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-17 11:08:14 -04:00
Robbie Harwood
2f39adbb14 Fix nvr mismatch
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-16 15:25:07 -04:00
Robbie Harwood
89d7a298b6 Skip rpm mtime verification on likely-vfat filesystems
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-15 20:50:19 +00:00
Robbie Harwood
867b41f7d3 Use --with-rpm-version
Resolves: #2118390
Suggested-by: François Rigault <frigo@amadeus.com>
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-15 16:21:35 -04:00
Robbie Harwood
ac27fd45d7 Try reserving less RAM to fix windows booting
Related: #2115202
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-08 16:32:19 +00:00
Robbie Harwood
11e6d3f1b0 Populate /etc/kernel/cmdline during mkconfig
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-02 17:13:34 -04:00
Robbie Harwood
74d57bbd19 Rest of allocator fixes
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-02 14:39:11 +00:00
Robbie Harwood
5b44e10cf3 Some allocator fixes for kernel
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-01 21:57:55 +00:00
Robbie Harwood
e7aee52b19 Handle FAT mtime of 0
Resolves: #2096192
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-07-19 16:24:58 +00:00
Robbie Harwood
f0ad2aaa26 CVE fixes for 2022-05-24
Resolves: CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733
Resolves: CVE-2021-3697 CVE-2021-3696 CVE-2021-3695
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-06-03 13:54:45 -04:00
Robbie Harwood
a44a6377ed ppc64le: make ofdisk retries optional
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-05-16 21:15:56 +00:00
Robbie Harwood
ea7cfdf726 Fix missing declaration of strchrnul in rpm-sort
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-05-05 22:14:21 +00:00
Robbie Harwood
d15d46b0e4 ppc64le: CAS improvements, prefix detection, and vTPM support
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-05-04 18:00:02 +00:00
Dominik 'Rathann' Mierzejewski
ac52d21d8a Fix mkformat error from grub2-mkrescue
grub2-tools-extra missing dependency on mformat (mtools).

[rharwood: NVR fix, commit message]
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-04-19 10:38:41 -04:00
Robbie Harwood
e622855aa2 Attempt to fix version display
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-04-18 21:58:58 +00:00
Robbie Harwood
f9344de20a Stop using %{name} for things in the spec file
There's no point to this (the packaging isn't generic, confusion between
grub and grub2 in places, it's not fewer characters to type, have to
think about escaping in macros, ...) and it makes searching for things
needlessly difficult.

This finishes the revert of 967c5629ed
("Don't harcode grub2 in the spec file") that was begun in
af038a0bdc ("Revert "Don't harcode grub2
in the spec file"").

Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-04-18 17:14:40 -04:00
Robbie Harwood
1d98b5f260 Fix permission change report from rpm verification on grub.cfg
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-04-18 17:50:28 +00:00
Robbie Harwood
6c2cc46451 Enable "read" module
Resolves: #2071644
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-04-13 15:13:22 +00:00
Robbie Harwood
2e106f9a3e Drop use of which and update requirements
Original patches by Zbigniew Jędrzejewski-Szmek.

Merges: #16
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-04-12 14:46:11 -04:00
Robbie Harwood
eeff7639b3 Drop i32 build for real this time
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-31 21:23:48 +00:00
Robbie Harwood
bd73b85ea3 Switch to upstream man pages
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-31 21:21:43 +00:00
Robbie Harwood
d171a2a95c Revert previous change (grub2-pc-modules is built on i32)
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-30 14:44:17 +00:00
Robbie Harwood
2b909b72a4 Drop i32 support
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-29 18:45:49 +00:00
Adam Williamson
f29388d27a Fix a syntax error in the ostree BLS fix attempt 2022-03-23 16:48:18 -07:00
Peter Robinson
5d7c163550 Rebuild for secure-boot signing 2022-03-23 10:29:57 +00:00
Adam Williamson
5e72956199 Revert "Use my sort patch instead", fix BLS ostree detection
This reverts commit 93004a8494,
because it broke Rawhide. It also tries to fixes BLS ostree
detection to work in chroots (e.g. during installation) by also
checking for /ostree/repo.
2022-03-22 18:32:24 -07:00
Robbie Harwood
2a0a68c542 Fix rebase fuzz on x509 embedding patch
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-22 16:25:08 -04:00
Robbie Harwood
93004a8494 Use my sort patch instead
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-21 17:54:55 +00:00
Robbie Harwood
ac0e146ae3 Fix missing format specifier in appended signature commit
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-21 17:01:32 +00:00
Robbie Harwood
90dacf59d0 Don't verify kernels twice
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-18 18:33:12 +00:00
Robbie Harwood
e31fc7ca96 Skip updating BLS on ostree installations
Resolves: #2059776
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-10 19:46:17 +00:00
Robbie Harwood
3de994c662 Drop libusb dependency
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-09 15:28:03 -05:00
Robbie Harwood
e72456a804 Fix libusb dep
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-09 12:10:32 -05:00
Robbie Harwood
9a30e00fc0 Fix initialization in efidisk patch
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-09 16:50:45 +00:00
Robbie Harwood
95d197a80c Disable the .package_note awfulness
Resolves: #2058712
Resolves: #2058527
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-28 20:31:09 +00:00
Robbie Harwood
9027ec262f Bump spec
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-25 17:26:09 -05:00
Robbie Harwood
fe0248c0ce Fix stripping of annobin -spec
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-25 22:25:36 +00:00
Robbie Harwood
e82a4fd034 Add efidisk/connectefi patches
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-24 22:03:20 +00:00
Robbie Harwood
9c910dfa10 Fix appending signature support commit (thanks: pjones)
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-24 15:11:16 -05:00
Robbie Harwood
8a74d28ac8 Life is pain, but especially when it's gnulib
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-24 13:25:56 -05:00
Robbie Harwood
3e40727f72 Skip machine ID check when updating BLS
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-20 17:52:23 -05:00
Robbie Harwood
a382c9e3c9 Bump release; no code chages
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-18 14:47:04 -05:00
Robbie Harwood
357489e3ea Add location of DejaVu Sans font
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-18 19:46:15 +00:00
Robbie Harwood
e602a0629d Update patches; minor changes at most, if correct
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-17 18:09:27 -05:00
Robbie Harwood
b256068060 btrfs: use full bootloader area
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-06 17:42:54 +00:00
Robbie Harwood
46317f98bf Bump to rerun signing (no code changes)
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2021-12-10 17:34:40 +00:00
Robbie Harwood
d90546c5ee restore umask for grub.cfg (CVE-2021-3981)
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2021-12-09 11:11:30 -05:00
Robbie Harwood
9fdaa794e0 Drop UI patches and update provenance information
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2021-11-04 12:30:16 -04:00
Peter Jones
af038a0bdc Revert "Don't harcode grub2 in the spec file"
Two issues:
- line 538 switches the filename from "grub" to "grub2" where it
  shouldn't
- in general, things that aren't referring to the packaging itself
  shouldn't be %{name}; it just makes them less flexible.

This reverts commit 967c5629ed.
2021-10-07 17:38:20 -04:00
Peter Jones
42a07486d8 Fix "grub2-mkimage --appended-signature-size" parsing.
Signed-off-by: Peter Jones <pjones@redhat.com>
2021-10-07 12:30:43 -04:00
Robbie Harwood
b3b9566edf Rebuild; no code changes 2021-09-29 18:05:43 +00:00
Robbie Harwood
07cf41c169 fs/xfs: Fix unreadable filesystem with v4 superblock
While we're here, also: check for the PE magic for the compiled arch

Resolves: rhbz#2008819
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2021-09-29 12:12:55 -04:00
Javier Martinez Canillas
1f9e8074ae
A few fixes for ppc64le LPAR Secure Boot support
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-08-30 16:55:22 +02:00
Peter Jones
db96a0c4de grub.macros: Remove annobin plugin from linker flags
The annobin GCC plugin is now turned on linking for LTO mode but it causes
build failures on at least powerpc. The plugin is already removed from the
CFLAGS but was added again through LDFLAGS, remove from there as well.

Signed-off-by: Peter Jones <pjones@redhat.com>
2021-08-30 10:33:06 -04:00
Javier Martinez Canillas
67f07b7c9e
Another set of fixes for 2.06
- Add luks2 to GRUB_MODULES
- 20-grub-install: Create a symvers.gz symbolic link
- 20-grub-install: Always use fedora as the boot entry --class
  Resolves: rhbz#1957014
- grub.macros: Install font in /boot/grub2 instead of the ESP
  Resolves: rhbz#1739762
- grub.macros: Use consistent file mode for legacy and EFI
  Resolves: rhbz#1965794
- Drop grub2 prelink configuration
  Resolves: rhbz#1659675
- Remove triggers needed to upgrade from legacy GRUB
- Don't harcode grub2 in the spec file
- Update to unifont-13.0.06
  Resolves: rhbz#1939125
- 20-grub-install: Use relative paths for btrfs in BLS snippets
  Resolves: rhbz#1906191
- Don't update the cmdline when generating legacy menuentry commands
- Suppress gettext error message
  Resolves: rhbz#1592124
- grub-boot-success.timer: Only run if not in a container
  Resolves: rhbz#1914571
- grub-set-password: Always use /boot/grub2/user.cfg as password default
  Resolves: rhbz#1955294
- Remove outdated URL for BLS document
  Resolves: rhbz#1926453
- templates: Check for EFI at runtime instead of config generation time
  Resolves: rhbz#1823864
- efi: Print an error if boot to firmware setup is not supported
  Resolves: rhbz#1823864

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-07-06 11:18:04 +02:00
Javier Martinez Canillas
419340f25e
Update to unifont-13.0.06
Resolves: rhbz#1939125

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-06-30 09:52:19 +02:00
Javier Martinez Canillas
967c5629ed
Don't harcode grub2 in the spec file
There's a variable for this, use it consistently.

Suggested-by: Benjamin Herrenschmidt <benh@amazon.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-06-30 09:20:25 +02:00