Robbie Harwood
dc0bc06560
Disable the tpm verifier if the TPM device is not present
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-30 12:47:20 +00:00
Robbie Harwood
ecd22580ae
ppc64le: more cas vec5 shenanigans
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-30 12:31:37 +00:00
Robbie Harwood
6a9365c88d
emu: work around systemctl bad behavior
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-22 18:39:56 +00:00
Robbie Harwood
48cf39de05
emu: handle BLS /boot weirdness
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-09 16:48:40 +00:00
Robbie Harwood
5c83f50804
Update mm fixes from upstream
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-20 16:49:18 +00:00
Robbie Harwood
b86fd390b8
Fix disk sector size computation
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-16 14:24:30 +00:00
Robbie Harwood
63b29f783e
Override the linker and force nonexecutable stacks
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-10 21:50:45 +00:00
Robbie Harwood
851216d61a
ppc64le: sync cas/tpm patchset with upstream
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-08 20:07:44 +00:00
Robbie Harwood
ed1787d5fc
emu: support newer kexec syscall
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-06 22:43:11 +00:00
Robbie Harwood
a5299c3192
ppc64le: cas5, take 3
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-06 20:29:49 +00:00
Robbie Harwood
3a3516d360
Fix implicit function declaration warnings
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-06 18:54:15 +00:00
Javier Martinez Canillas
22838ae9d7
20-grub-install: Explicitly check '+debug' suffix for debug kernels
...
The kernel-install script is also used to install kernels when built from
source using the `make install` target.
And if this source contains modifications, a '+' is added as suffix by the
scripts/setlocalversion if no LOCALVERSION was set in the kernel config.
This confuses the grub2 kernel-install plugin, since it currently assumes
that any kernel that contain a version with a '+' suffix is a debug kernel.
But the match is too greedy, just having '+debug' should be enough to check
whether the kernel to install is a debug kernel or not.
Resolves : #2148351
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2023-02-01 23:09:10 +01:00
Robbie Harwood
1163f8ebfd
Bump to re-run signing
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-01 20:54:24 +00:00
Robbie Harwood
e4be65856a
Disable mdraid < 1.1 on ppc64le
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-31 16:09:55 -05:00
Robbie Harwood
f8f88e1235
Fix grub2-probe issue with previous commit
...
Resolves : #2165136
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-27 20:42:56 +00:00
Robbie Harwood
3ce59ed7e1
ppc64le: update signed media fixes
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-27 14:04:12 -05:00
Robbie Harwood
ac206cb17b
ppc64le: fix issues using core.elf on boot media
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-13 20:28:48 +00:00
Robbie Harwood
7be2bf00c3
Pull allocator improvements from upstream
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-11 18:57:23 +00:00
Robbie Harwood
b84b21f7a2
Apply more hardening to host binaries
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-11 15:40:17 +00:00
Robbie Harwood
d2ad09e81a
Allow internal grub allocations over 4GB
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-10 19:49:15 +00:00
Robbie Harwood
9e46a970c6
Fix prefix setting with memdisk creation for network boot
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-12-21 22:35:22 +00:00
Robbie Harwood
55921d8655
Attempt to fix eln build
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-12-19 14:36:15 -05:00
Robbie Harwood
fa48146e4c
ppc64le: fix lpar cas5
...
Resolves : #2152547
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-12-14 19:30:52 +00:00
Robbie Harwood
85cfe6dd30
Fix error handling in grub_file_open()
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-12-06 15:57:14 +00:00
Robbie Harwood
9b063ec0c5
Bump spec for "Allow for xz'd symvers file"
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-12-05 12:24:36 -05:00
Tomas Hrcka
81ed67d3a8
Bump release to install unicode.pf2
...
Signed-off-by: Tomas Hrcka <thrcka@redhat.com>
2022-11-23 20:45:18 +01:00
Robbie Harwood
f09f9764c6
Add BR on squashfs-tools
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-22 18:18:54 -05:00
Robbie Harwood
0ccadff7a2
Bundle unicode.pf2 with images
...
Resolves : #2143725
Resolves : #2144113
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-22 17:56:56 -05:00
Peter Robinson
558410c2d9
Don't obsolete the tools package with extra/efi
...
The extra/efi packages aren't needed in a lot of use cases.
The efi subpackage is actually only useful on EFI based macs.
The extra subpackage isn't useful on cloud/server and a lot
of places where there's no need for pretty GUIs. Stop obsoleting
the tools package so that they're pulled in with every update
even though they may have been actively remove by images or users.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
[rharwood: bump spec]
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-22 11:39:30 -05:00
Robbie Harwood
06e51d2a65
Forward-port ppc64le image creation (with nerfed signing)
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-21 15:22:04 -05:00
Robbie Harwood
3972172d4d
Font fixes (CVE-2022-2601 batch)
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-08 11:00:57 -05:00
Robbie Harwood
3d407d2111
Try dropping custom sort again
...
See-also: https://github.com/rpm-software-management/rpm/pull/2249
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-01 13:58:37 -04:00
Robbie Harwood
bc32a76bab
TDX measurements to RTMR
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-10-28 16:58:27 +00:00
Robbie Harwood
fdd5c6f423
x86-efi: Fix an incorrect array size in kernel allocation
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-10-12 18:08:53 +00:00
Robbie Harwood
4fa957c61c
Flush instruction cache before starting aa64 kernel
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-10-04 19:42:56 +00:00
Robbie Harwood
7a1af0ff6d
Bump spec for grub.macros gettext changes from Jens
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-09-09 18:06:11 +00:00
Robbie Harwood
c50cc54b88
aa64: support pe/coff decompressor
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-09-08 20:17:42 +00:00
Robbie Harwood
db229abffb
Revert patches to claim more memory for the arena
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-09-07 23:51:40 +00:00
Robbie Harwood
82f5820dd4
Fix root definition for blscfg in emu
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-25 21:59:45 +00:00
Robbie Harwood
d8336270fe
gettext to gettext-runtime migration from Jens
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-25 18:19:28 +00:00
Robbie Harwood
c814f068c6
ieee1275: implement vec5 for cas negotiation
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-25 15:40:30 +00:00
Robbie Harwood
714559fb3d
Handle ostree's non-writable /etc/kernel
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-17 16:09:22 +00:00
Robbie Harwood
bb8ac90efb
Give up on rhgb quiet
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-17 15:31:34 +00:00
Robbie Harwood
fc76aed533
Fix duplicated args and cope with /etc/default/grub modification
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-17 11:08:14 -04:00
Robbie Harwood
2f39adbb14
Fix nvr mismatch
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-16 15:25:07 -04:00
Robbie Harwood
89d7a298b6
Skip rpm mtime verification on likely-vfat filesystems
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-15 20:50:19 +00:00
Robbie Harwood
867b41f7d3
Use --with-rpm-version
...
Resolves : #2118390
Suggested-by: François Rigault <frigo@amadeus.com>
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-15 16:21:35 -04:00
Robbie Harwood
ac27fd45d7
Try reserving less RAM to fix windows booting
...
Related: #2115202
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-08 16:32:19 +00:00
Robbie Harwood
11e6d3f1b0
Populate /etc/kernel/cmdline during mkconfig
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-02 17:13:34 -04:00
Robbie Harwood
74d57bbd19
Rest of allocator fixes
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-02 14:39:11 +00:00
Robbie Harwood
5b44e10cf3
Some allocator fixes for kernel
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-01 21:57:55 +00:00
Robbie Harwood
e7aee52b19
Handle FAT mtime of 0
...
Resolves : #2096192
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-07-19 16:24:58 +00:00
Robbie Harwood
f0ad2aaa26
CVE fixes for 2022-05-24
...
Resolves: CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733
Resolves: CVE-2021-3697 CVE-2021-3696 CVE-2021-3695
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-06-03 13:54:45 -04:00
Robbie Harwood
a44a6377ed
ppc64le: make ofdisk retries optional
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-05-16 21:15:56 +00:00
Robbie Harwood
ea7cfdf726
Fix missing declaration of strchrnul in rpm-sort
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-05-05 22:14:21 +00:00
Robbie Harwood
d15d46b0e4
ppc64le: CAS improvements, prefix detection, and vTPM support
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-05-04 18:00:02 +00:00
Dominik 'Rathann' Mierzejewski
ac52d21d8a
Fix mkformat error from grub2-mkrescue
...
grub2-tools-extra missing dependency on mformat (mtools).
[rharwood: NVR fix, commit message]
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-04-19 10:38:41 -04:00
Robbie Harwood
e622855aa2
Attempt to fix version display
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-04-18 21:58:58 +00:00
Robbie Harwood
f9344de20a
Stop using %{name} for things in the spec file
...
There's no point to this (the packaging isn't generic, confusion between
grub and grub2 in places, it's not fewer characters to type, have to
think about escaping in macros, ...) and it makes searching for things
needlessly difficult.
This finishes the revert of 967c5629ed
("Don't harcode grub2 in the spec file") that was begun in
af038a0bdc
("Revert "Don't harcode grub2
in the spec file"").
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-04-18 17:14:40 -04:00
Robbie Harwood
1d98b5f260
Fix permission change report from rpm verification on grub.cfg
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-04-18 17:50:28 +00:00
Robbie Harwood
6c2cc46451
Enable "read" module
...
Resolves : #2071644
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-04-13 15:13:22 +00:00
Robbie Harwood
2e106f9a3e
Drop use of which and update requirements
...
Original patches by Zbigniew Jędrzejewski-Szmek.
Merges: #16
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-04-12 14:46:11 -04:00
Robbie Harwood
eeff7639b3
Drop i32 build for real this time
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-31 21:23:48 +00:00
Robbie Harwood
bd73b85ea3
Switch to upstream man pages
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-31 21:21:43 +00:00
Robbie Harwood
d171a2a95c
Revert previous change (grub2-pc-modules is built on i32)
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-30 14:44:17 +00:00
Robbie Harwood
2b909b72a4
Drop i32 support
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-29 18:45:49 +00:00
Adam Williamson
f29388d27a
Fix a syntax error in the ostree BLS fix attempt
2022-03-23 16:48:18 -07:00
Peter Robinson
5d7c163550
Rebuild for secure-boot signing
2022-03-23 10:29:57 +00:00
Adam Williamson
5e72956199
Revert "Use my sort patch instead", fix BLS ostree detection
...
This reverts commit 93004a8494
,
because it broke Rawhide. It also tries to fixes BLS ostree
detection to work in chroots (e.g. during installation) by also
checking for /ostree/repo.
2022-03-22 18:32:24 -07:00
Robbie Harwood
2a0a68c542
Fix rebase fuzz on x509 embedding patch
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-22 16:25:08 -04:00
Robbie Harwood
93004a8494
Use my sort patch instead
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-21 17:54:55 +00:00
Robbie Harwood
ac0e146ae3
Fix missing format specifier in appended signature commit
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-21 17:01:32 +00:00
Robbie Harwood
90dacf59d0
Don't verify kernels twice
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-18 18:33:12 +00:00
Robbie Harwood
e31fc7ca96
Skip updating BLS on ostree installations
...
Resolves : #2059776
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-10 19:46:17 +00:00
Robbie Harwood
3de994c662
Drop libusb dependency
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-09 15:28:03 -05:00
Robbie Harwood
e72456a804
Fix libusb dep
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-09 12:10:32 -05:00
Robbie Harwood
9a30e00fc0
Fix initialization in efidisk patch
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-09 16:50:45 +00:00
Robbie Harwood
95d197a80c
Disable the .package_note awfulness
...
Resolves : #2058712
Resolves : #2058527
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-28 20:31:09 +00:00
Robbie Harwood
9027ec262f
Bump spec
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-25 17:26:09 -05:00
Robbie Harwood
fe0248c0ce
Fix stripping of annobin -spec
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-25 22:25:36 +00:00
Robbie Harwood
e82a4fd034
Add efidisk/connectefi patches
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-24 22:03:20 +00:00
Robbie Harwood
9c910dfa10
Fix appending signature support commit (thanks: pjones)
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-24 15:11:16 -05:00
Robbie Harwood
8a74d28ac8
Life is pain, but especially when it's gnulib
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-24 13:25:56 -05:00
Robbie Harwood
3e40727f72
Skip machine ID check when updating BLS
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-20 17:52:23 -05:00
Robbie Harwood
a382c9e3c9
Bump release; no code chages
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-18 14:47:04 -05:00
Robbie Harwood
357489e3ea
Add location of DejaVu Sans font
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-18 19:46:15 +00:00
Robbie Harwood
e602a0629d
Update patches; minor changes at most, if correct
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-17 18:09:27 -05:00
Robbie Harwood
b256068060
btrfs: use full bootloader area
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-06 17:42:54 +00:00
Robbie Harwood
46317f98bf
Bump to rerun signing (no code changes)
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2021-12-10 17:34:40 +00:00
Robbie Harwood
d90546c5ee
restore umask for grub.cfg (CVE-2021-3981)
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2021-12-09 11:11:30 -05:00
Robbie Harwood
9fdaa794e0
Drop UI patches and update provenance information
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2021-11-04 12:30:16 -04:00
Peter Jones
af038a0bdc
Revert "Don't harcode grub2 in the spec file"
...
Two issues:
- line 538 switches the filename from "grub" to "grub2" where it
shouldn't
- in general, things that aren't referring to the packaging itself
shouldn't be %{name}; it just makes them less flexible.
This reverts commit 967c5629ed
.
2021-10-07 17:38:20 -04:00
Peter Jones
42a07486d8
Fix "grub2-mkimage --appended-signature-size" parsing.
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2021-10-07 12:30:43 -04:00
Robbie Harwood
b3b9566edf
Rebuild; no code changes
2021-09-29 18:05:43 +00:00
Robbie Harwood
07cf41c169
fs/xfs: Fix unreadable filesystem with v4 superblock
...
While we're here, also: check for the PE magic for the compiled arch
Resolves: rhbz#2008819
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2021-09-29 12:12:55 -04:00
Javier Martinez Canillas
1f9e8074ae
A few fixes for ppc64le LPAR Secure Boot support
...
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-08-30 16:55:22 +02:00
Peter Jones
db96a0c4de
grub.macros: Remove annobin plugin from linker flags
...
The annobin GCC plugin is now turned on linking for LTO mode but it causes
build failures on at least powerpc. The plugin is already removed from the
CFLAGS but was added again through LDFLAGS, remove from there as well.
Signed-off-by: Peter Jones <pjones@redhat.com>
2021-08-30 10:33:06 -04:00
Javier Martinez Canillas
67f07b7c9e
Another set of fixes for 2.06
...
- Add luks2 to GRUB_MODULES
- 20-grub-install: Create a symvers.gz symbolic link
- 20-grub-install: Always use fedora as the boot entry --class
Resolves: rhbz#1957014
- grub.macros: Install font in /boot/grub2 instead of the ESP
Resolves: rhbz#1739762
- grub.macros: Use consistent file mode for legacy and EFI
Resolves: rhbz#1965794
- Drop grub2 prelink configuration
Resolves: rhbz#1659675
- Remove triggers needed to upgrade from legacy GRUB
- Don't harcode grub2 in the spec file
- Update to unifont-13.0.06
Resolves: rhbz#1939125
- 20-grub-install: Use relative paths for btrfs in BLS snippets
Resolves: rhbz#1906191
- Don't update the cmdline when generating legacy menuentry commands
- Suppress gettext error message
Resolves: rhbz#1592124
- grub-boot-success.timer: Only run if not in a container
Resolves: rhbz#1914571
- grub-set-password: Always use /boot/grub2/user.cfg as password default
Resolves: rhbz#1955294
- Remove outdated URL for BLS document
Resolves: rhbz#1926453
- templates: Check for EFI at runtime instead of config generation time
Resolves: rhbz#1823864
- efi: Print an error if boot to firmware setup is not supported
Resolves: rhbz#1823864
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-07-06 11:18:04 +02:00
Javier Martinez Canillas
419340f25e
Update to unifont-13.0.06
...
Resolves: rhbz#1939125
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-06-30 09:52:19 +02:00
Javier Martinez Canillas
967c5629ed
Don't harcode grub2 in the spec file
...
There's a variable for this, use it consistently.
Suggested-by: Benjamin Herrenschmidt <benh@amazon.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-06-30 09:20:25 +02:00