Commit Graph

617 Commits

Author SHA1 Message Date
Javier Martinez Canillas
32351b3093
Don't attempt to unify if there is no grub.cfg on EFI
Resolves: rhbz#1933085

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-02-25 18:26:22 +01:00
Christian Kellner
931f4f0364 Don't attempt to unify if there is no grub.cfg on EFI
If there is no grub config, for example when installing the
system via anaconda, there is no need to attempt a grub
configuration unification. It will indeed actually break
because it will try to copy a non-existent file.

Resolves: rhbz#1933085
2021-02-25 18:17:46 +01:00
Javier Martinez Canillas
c65a33ebca
Switch EFI users to new config and fix ESC no longer showing the menu
Resolves: rhbz#1918817
Resolves: rhbz#1928595

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-02-22 20:50:22 +01:00
Christian Kellner
a32aa179fa Transition existing installations to unified GRUB configuration
The previous commits, especially b14117, unified the grub config
locations across all platforms. In brief, this means that in the
case of EFI, the config file in the EFI System Partition (ESP)
is now meant to be a small stub config file that will in turn
load the main configuration in /boot/grub2, which is used on
all other platforms as well. For new installations all this is
done by the Anaconda installer. But existing installations also
need to be adapted.
Add a %posttrans script to the grub2-common package that will,
if a non-unified installation is detected, transition it into
a unified one. This is done by moving the main grub.cfg file
from the ESP to /boot/grub2, creating minimal stub on the ESP
instead. Additionally, the grubenv file is also moved from the
ESP to /boot/grub2.
The detection of the non-unified installation is done by
checking if the grub.cfg on the ESP contains the 'configfile'
directive. If so, it is assumed the system has a unified
grub configuration.

Signed-off-by: Christian Kellner <christian@kellner.me>
2021-02-22 19:32:42 +01:00
Javier Martinez Canillas
b141171629
Appended signatures support, unify GRUB config location and some fixes
- Remove -fcf-protection compiler flag to allow i386 builds (law)
  Related: rhbz#1915452
- Unify GRUB configuration file location across all platforms
  Related: rhbz#1918817
- Add 'at_keyboard_fallback_set' var to force the set manually (rmetrich)
- Add appended signatures support for ppc64le LPAR Secure Boot (daxtens)

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-02-09 01:04:42 +01:00
Javier Martinez Canillas
f9736ec085
at_keyboard: use set 1 when keyboard is in Translate mode
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-01-12 17:01:31 +01:00
Javier Martinez Canillas
d84350c121
Add DNF protected.d fragments and pull a few fixes and enhancements
- Add DNF protected.d fragments for GRUB packages
  Resolves: rhbz#1874541
- Include keylayouts and at_keyboard modules in EFI builds
- Add GRUB enhanced debugging features
- ieee1275: Avoiding many unecessary open/close
- ieee1275: device mapper and fibre channel discovery support
- Fix tps-rpmtest failing due /boot/grub2/grubenv attributes mismatch

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-12-31 16:17:43 +01:00
Javier Martinez Canillas
8c2cf1c368
Add DNF protected.d fragments for GRUB packages
Users can unintentionally remove the grub2 packages and break their system
by deleting the bootloader. To prevent this mark them as protected by DNF.

Resolves: rhbz#1874541

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-12-30 22:45:54 +01:00
Javier Martinez Canillas
ec73df1b6e
Fix tps-rpmtest failing due /boot/grub2/grubenv attributes mismatch
The /boot/grub2/grubenv file is not installed by the grub2 packages but
is either a symbolic link created on %install or a regular file created
by Anaconda during installation.

This is causing the tps-rpmtest to fail in some architectures since the
file attributes don't match what's expected by the package. Because is
a special file, make verification  to ignore the size, mode, checksum
and mtime attributes.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-12-30 20:50:03 +01:00
Peetz0r
5a625020e2
Fixed some typos in grub-install.8 man page 2020-12-18 00:32:39 +01:00
Florian Weimer
fac1a22c9e
Remove build dependency on autogen 2020-11-11 16:52:19 +01:00
Javier Martinez Canillas
f7e054f3d6
Roll over TFTP block counter to prevent timeouts with data packets
Resolves: rhbz#1869335

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-08-31 14:19:03 +02:00
Javier Martinez Canillas
ae1167a78d
Set TFTP blocksize to 1428 instead of 2048 to avoid IP fragmentation
Resolves: rhbz#1869335

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-08-21 15:59:56 +02:00
Javier Martinez Canillas
cc2f966c55
Fix TFTP timeouts when trying to fetch files larger than 65535 KiB
Resolves: rhbz#1869335

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-08-21 12:56:15 +02:00
Javier Martinez Canillas
db0149e860
Add support for "systemctl reboot --boot-loader-menu=xx"
Related: rhbz#1857389

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-08-12 14:43:54 +02:00
Peter Jones
47cf63735c "Minor" bug fixes
Resolves: CVE-2020-10713
Resolves: CVE-2020-14308
Resolves: CVE-2020-14309
Resolves: CVE-2020-14310
Resolves: CVE-2020-14311
Resolves: CVE-2020-15705
Resolves: CVE-2020-15706
Resolves: CVE-2020-15707

Signed-off-by: Peter Jones <pjones@redhat.com>
2020-08-10 22:02:39 -04:00
Jeff Law
dc2f1a03d9 Move lto disablement to a point where it works for this package 2020-07-21 13:43:44 -06:00
Jeff Law
95f5dd8a82 Disable LTO 2020-06-30 14:10:27 -06:00
Javier Martinez Canillas
51e876849c
Only mark GRUB as BLS supported in OSTree systems with a boot partition
OSTree doesn't support installations that don't have a boot partition. The
BLS snippets assume that there will be one, so this has to be checked and
only mark GRUB as supporting BLS in OSTree systems have a boot partition.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-06-18 17:18:11 +02:00
Javier Martinez Canillas
9f83bf2258
Fix build with rpm-4.16 and a HTTP boot issue with relative paths
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-06-08 10:15:55 +02:00
Javier Martinez Canillas
0993459d92
Install GRUB as \EFI\BOOT\BOOTARM.EFI in armv7hl
The Default Boot Behavior for EFI if no BootOrder and Boot#### variables
are found is to look for an ESP and start \EFI\BOOT\BOOT{$arch}.efi.

This is usually fallback.efi installed by the shim package, but since shim
isn't used on armv7, there's no \EFI\BOOT\BOOTARM.EFI installed in the ESP.

So install GRUB as \EFI\BOOT\BOOTARM.EFI for armv7 so there is a default
EFI binary to be started.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-06-07 10:50:19 +02:00
Javier Martinez Canillas
098a8a9e99
Fix an out of memory error when loading large initrd images
Resolves: rhbz#1838633

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-05-26 18:09:54 +02:00
Javier Martinez Canillas
7fb7a6a7a5
Don't update BLS files that aren't managed by GRUB scripts
Resolves: rhbz#1837783

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-05-20 14:21:29 +02:00
Javier Martinez Canillas
68246dd736
Only enable the tpm module for EFI platforms
The module is only built for EFI, so don't enable it for other platforms.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-05-18 13:26:28 +02:00
Javier Martinez Canillas
4cf8c08cf7
Enable tpm module and make system to boot even if TPM measurements fail
Since GRUB 2.04 there is support for TPM measurements in a tpm module that
uses the verifiers framework. So this is used now instead of the previous
downstream patches that we were carrying.

But we forgot to enable this module when rebasing to 2.04 which leads to
GRUB no longer measuring the kernel, initrd and command line parameters.

One side effect of using the verifiers framework is that if measurements
fail, GRUB won't be able to open the files since the errors from the tpm
module are propagated. This means that a firmware with a buggy tpm support
will prevent the machine to boot, which was not the case with the previous
downstream patches. Don't propagate the measurement errors to prevent this.

Resolves: rhbz#1836433

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-05-18 10:19:45 +02:00
Adam Williamson
4ff1f12e40 10_linux.in: restore existence check in get_sorted_bls 2020-05-14 18:02:26 -07:00
Javier Martinez Canillas
4a742183a3
Store cmdline in BLS snippets instead of using a grubenv variable
The kernel cmdline was stored as a kernelopts variable in the grubenv file
and the BLS snippets used that. But this turned out to be fragile since the
grubenv file could be removed or get corrupted easily.

To prevent the entries to not have a cmdline if the grubenv can't be read,
a fallback variable was set in the GRUB config file. But this still caused
issues since the config needs to be re-generated to change the parameters.

Instead, let's store the cmdline in the BLS snippets. This will make the
configuration more robust, since it will work even without the grubenv
file and the BLS entries will contain all the information needed to boot.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-05-13 20:03:20 +02:00
Javier Martinez Canillas
107dc9a693
Fix a segfault in grub2-editenv when attempting to shrink a variable
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-05-12 20:17:50 +02:00
Javier Martinez Canillas
b914a7e168
Fix bugs in the blscfg module and in the 10_linux script for ppc64le
blscfg: Lookup default_kernelopts variable as fallback for options
  Related: rhbz#1765297
10_linux.in: fix early exit due error when reading petitboot version
  Resolves: rhbz#1827397

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-04-30 15:55:52 +02:00
Javier Martinez Canillas
b28e5aa886
efi: Set image base address before jumping to the PE/COFF entry point
Resolves: rhbz#1825411

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-04-23 21:35:17 +02:00
Javier Martinez Canillas
5b188159a7
Make the grub-switch-to-blscfg and 10_linux scripts more robust
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-04-16 21:42:23 +02:00
Javier Martinez Canillas
7509e59c4a
Drop 10_linux_bls and avoid corner case of blsdir set with ostree
The logic to parse the BLS configs to generate a set of menuentry commands
that's needed on ppc64le machines with bootloaders that don't have support
to parse BLS config directly, was implemented in a 10_linux_bls script.

But there's no need to have a separate script just for this and this logic
can be merged into the 10_linux script to avoid code duplication.

Also since the blscfg module will also now be used by ostree-based distros
there is a possible corner case in which a user set the blsdir variable to
a BLS directory path that is different than the default used by ostree.

So to avoid possible issues, only drop the marker file to specify that the
bootloader has support to parse BLS files if this variable hasn't been set.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-04-02 14:44:30 +02:00
Javier Martinez Canillas
7c2bab5e98
grub-switch-to-blscfg: Update grub2 binary in ESP for OSTree systems
Related: rhbz#1751272

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-03-26 18:30:49 +01:00
Javier Martinez Canillas
904d351ffd
Fix for entries having an empty initrd command and HTTP boot issues
Resolves: rhbz#1806022

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-03-17 19:04:44 +01:00
Javier Martinez Canillas
fbe5a8c26a
A bunch of RISC-V build fixes and some cleanups
- Add riscv64 support to grub.macros and RISC-V build fixes (davidlt)
- blscfg: Always use the root variable to search for BLS snippets
- bootstrap.conf: Force autogen.sh to use python3

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-01-16 16:01:15 +01:00
Javier Martinez Canillas
89bc295877
Make blscfg to support the GRUB_SAVEDEFAULT option
This option was not supported on a BLS configuration.

Resolves: rhbz#1704926

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-01-13 19:54:14 +01:00
Peter Jones
190e583e94 Add zstd to the EFI module list.
cmurf and javierm noticed[0] that we don't have zstd enabled, and that could
cause issues in some cases for /boot on btrfs subvolumes.  This adds it to our
module list.

[0] https://github.com/rhinstaller/anaconda/pull/2255#discussion_r359123085

Related: rhbz#1418336

Signed-off-by: Peter Jones <pjones@redhat.com>
2020-01-06 10:30:23 -05:00
Peter Jones
0cb30b7d2b Renumber sources
This gets rid of the vestigial remnants of the now-obsolete
release-to-master.patch , and moves gnulib to be earlier in our source list.

Signed-off-by: Peter Jones <pjones@redhat.com>
2020-01-06 10:28:40 -05:00
Javier Martinez Canillas
3f3dfd4006
A couple BLS fixes and various grub2 cleanups
- Various grub2 cleanups (pbrobinson)
- Another fix for blscfg variable expansion support
- blscfg: Add support for sorting the plus ('+') higher than base version
  Resolves: rhbz#1767395

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-12-05 17:21:27 +01:00
Peter Robinson
8733281382
various grub2 cleanups
- drop deprecated groups from the macros file, already gone from main spec.
- don't ship arch specific bits in tools-extra that are already special cased in tools
- move grub2-glue-efi to tools-efi, it's Mac specific and there's othe Mac efi tools there
- drop tools-extra dep for efi binaries, all in tools-efi and anaconda deals with that
- put grub2-install man page in the right package with the util
- other minor cleanups
2019-12-05 17:01:50 +01:00
Javier Martinez Canillas
5db4bc774e
Fix a grub hidden-menu regression and a bug in blscfg variable expansion
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-11-27 12:12:44 +01:00
Javier Martinez Canillas
eeeca9c900
grub-set-bootflag: Write new env to tmpfile and then rename
Resolves: CVE-2019-14865
Resolves: rhbz#1776580

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-11-26 11:43:57 +01:00
Javier Martinez Canillas
d3ceae4bfd
Some BLS cleanups and fixes
- 20-grub-install: Don't add an id field to generated BLS snippets
- 99-grub-mkconfig: Disable BLS usage for Xen machines
  Resolves: rhbz#1703700
- Don't add a class option to menu entries generated for ppc64le
  Resolves: rhbz#1758225
- 10_linux.in: Also use GRUB_CMDLINE_LINUX_DEFAULT to set kernelopts
- blscfg: Don't hardcode an env var as fallback for the BLS options field
  Resolves: rhbz#1710483

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-10-17 13:41:17 +02:00
Javier Martinez Canillas
be6e591e0f
Add BLS devicetree support and a couple of RISC-V fixes
- A couple of RISC-V fixes
- Remove grub2-tools %%posttrans scriptlet that migrates to a BLS config
- Add blscfg device tree support
  Resolves: rhbz#1751307

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-09-18 10:01:25 +02:00
Javier Martinez Canillas
e1531466e1
Update to grub 2.04
This change updates grub to the 2.04 release. The new release changed how
grub is built, so the bootstrap and bootstrap.conf files have to be added
to the dist-git. Also, the gitignore file changed so it has to be updated.

Since the patches have been forward ported to 2.04, there's no need for a
logic to maintain a patch with the delta between the release and the grub
master branch. So the release-to-master.patch is dropped and no longer is
updated by the do-rebase script.

Also since gnulib isn't part of the grub repository anymore and cloned by
the boostrap tool, a gnulib tarball is included as other source file and
copied before calling the bootstrap tool. That way grub can be built even
in builders that only have access to the sources lookaside cache.

Resolves: rhbz#1727279

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-08-15 08:04:53 +02:00
Javier Martinez Canillas
c432d1fe96
Include regexp module in EFI builds
So the regexp command can be used in systems with Secure Boot enabled.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-08-07 22:15:12 +02:00
Javier Martinez Canillas
0ca82180b8
Manual build for the Fedora 31 mass rebuild to succeed
Releng attempted to build the grub2 package as a part of the Fedora 31
mass rebuild [0], but this failed due lack of credentials to build the
grub2 package. Do a manual build for the rebuild to succeed.

[0]: https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-08-01 18:37:28 +02:00
Fedora Release Engineering
498ea7003b - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-25 07:48:51 +00:00
Javier Martinez Canillas
d8bbf039e9
20-grub-install: Restore default SELinux security contexts for BLS files
The BLS files are copied from /lib/modules/$(uname -r)/bls.conf and this
file has a SELinux label of "system_u:object_r:modules_object_t" like all
the other files that are installed by the kernel package.

But the files in the /boot directory are expected to have a SELinux label
of "system_u:object_r:boot_t". For all the other files that are copied to
/boot by the kernel-install script, the SELinux security contexts are
restored to the default but that was missing for the BLS files.

Resolves: rhbz#1726020

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-07-18 14:43:42 +02:00
Javier Martinez Canillas
a1dedc8a10
Add btrfs snapshot submenu and move grub2-probe to tools-minimal
The btrfs snapshot submenu was removed because it broke the old grubby tool
since it searched for "menuentry". But now that a BLS config is supported,
this can be added again as long as grubby isn't used.

This patch also moves the grub2-probe tool to the tools-minimal package to
prevent a circular dependency since the grub2-tools package depends on the
os-prober package, but os-prober package needs grub2-probe as a dependency.

So instead of making os-prober to depend on grub2-tools, it can be made to
depend on the grub2-tools-minimal subpackage.

Resolves: rhbz#1715994

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-07-17 16:41:25 +02:00
Javier Martinez Canillas
7e98da058f
Cleanup our patchset to reduce the number of patches
This change reorganizes and cleanups our patches to reduce the patch number
from 314 patches to 187. That's achieved by dropping patches that are later
reverted and squashing fixes for earlier patches that introduced features.

There are no code changes and the diff with upstream is the same before and
after the cleanup. Having fewer patches makes easier to manage the patchset
and also will ease to rebase them on top of the latest grub-2.04 release.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-07-16 12:30:06 +02:00
Javier Martinez Canillas
18d67626ee
Enable again multiboot and multiboot2 modules on EFI builds
Building the multiboot and multiboot2 modules was disabled for EFI builds.
But that made the menu entries created by the Xen package to stop working
since they use the multiboot2 module.

The modules were disabled modules because they can be used to bypass the
Secure Boot mechanism. But it's enough to not include these modules in the
grub2 EFI binary that's signed, which is the case already in the grub2 pkg.

Having them as modules if the user installs the grub2-efi-x64-modules is
a valid use case. And since module loading isn't allowed when Secure Boot
is enabled, it doesn't represent any security threat.

Resolves: rhbz#1703872

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-07-15 12:12:17 +02:00
Javier Martinez Canillas
f2b28b651f
Some fixes mostly for ARM
Fix failure to request grub.cfg over HTTP
Some ARM fixes (pbrobinson)
Preserve multi-device workflows (Yclept Nemo)

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-07-06 15:16:40 +02:00
Javier Martinez Canillas
04d38248e3
A set of fixes mostly BLS related
Fix --bls-directory option comment in grub2-switch-to-blscfg man page
  Resolves: rhbz#1714835
10_linux_bls: use '=' to separate --id argument due a Petitboot bug
grub-set-bootflag: Print an error if failing to read from grubenv
  Resolves: rhbz#1702354
10_linux: generate BLS section even if no kernels are found in /boot
10_linux: don't search for OSTree kernels

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-06-27 17:27:11 +02:00
Sergio Durigan Junior
f6da347edf
Use '-g' instead of '-g3' when compiling grub2.
The rpm-build's "debugedit" program will silently corrupt .debug_macro
strings when a binary is compiled with -g3.  Later in the build phase,
gdb-add-index is invoked to extract the DWARF index from the binary,
and GDB will segfault because dwarf2read.c:parse_definition_macro's
'body' variable is NULL.

Resolves: rhbz#1708780
2019-06-18 12:05:36 +02:00
Javier Martinez Canillas
05efc9de7f
Rebuild for RPM 4.15
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-06-11 10:30:48 +02:00
Igor Gnatenko
96a8e420da
Rebuild for RPM 4.15
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2019-06-11 00:13:19 +02:00
Igor Gnatenko
2df60da858
Rebuild for RPM 4.15
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2019-06-10 17:42:01 +02:00
Javier Martinez Canillas
22467ee641
Don't try to switch to a BLS config if GRUB_ENABLE_BLSCFG is already set
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-05-20 19:02:19 +02:00
Javier Martinez Canillas
298aa12e25
Only execute grub2-switch-to-blscfg if GRUB_ENABLE_BLSCFG isn't set
There's no point on executing the script if GRUB_ENABLE_BLSCFG has already
been set. Currently was checking if an user explicitly set it to false to
avoid enabling the BLS configuration, but it should also be avoided if was
already set to true by a previous package update or during installation.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-05-20 18:38:34 +02:00
Javier Martinez Canillas
d8cdcb3a21
Fix error messages wrongly being printed when executing blscfg command
Resolves: rhbz#1699761

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-05-15 12:28:06 +02:00
Javier Martinez Canillas
a9b371c2fb
Make blscfg module compatible at least up to the Fedora 19 GRUB core
The blscfg module isn't compatible with the GRUB core.img installed by any
release older than Fedora 21.

This is because the blscfg module calls to the grub_file_size() function to
check if the BLS file size is correct, but the struct grub_file used as the
parameter for this function changed in the GRUB version used in Fedora 21.

So the function returns a wrong file size due the .size field offset being
different in the older GRUB from Fedora 20 and earlier.

This is causing all the BLS files to be ignored due having a wrong size and
leading to GRUB menu not being populated on boot.

Related: rhbz#1652806

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-05-08 15:19:43 +02:00
Neal Gompa
0b428f20f3
Add grub2-mount to grub2-tools-minimal subpackage
os-prober 1.75 dropped all the code for handling device mapper
directly in favor of only supporting the use of grub2-mount.

Thus, we now need grub2-mount to be built and packaged so that
os-prober can depend on it. We ship it in the grub2-tools-minimal
package to avoid creating a dependency loop between grub2-tools and
os-prober.

Resolves: rhbz#1471267

Signed-off-by: Neal Gompa <ngompa13@gmail.com>
2019-05-06 13:40:04 +02:00
Javier Martinez Canillas
a18e8e631d
Add grub2-emu subpackage
GRUB has an user-space program emulator that allows to parse config files
and execute boot entries using the kexec tool. Add a grub2-emu subpackage
to install the emulator.

The subpackage is disabled on ppc64le architecture for now since grub2-emu
fails to build there.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-05-03 15:39:28 +02:00
Tim Landscheidt
af06f22ee4 Fix description of grub2-pc
Resolves: rhbz#1484298
2019-05-03 10:43:27 +02:00
Javier Martinez Canillas
79551a59f5
Add 10_reset_boot_success to Makefile
This was missed when the script got added.

Related: rhbz#1701003

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-04-18 19:33:20 +02:00
Javier Martinez Canillas
62a05cdcd4
Some grub2-emu, HTTP boot and fallback fixes
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-04-18 11:57:05 +02:00
Javier Martinez Canillas
173fb18386
Execute grub2-switch-to-blscfg script in %posttrans instead of %post
The GRUB configuration is switched to BLS using the grub2-switch-to-blscfg
script, which is installed by the grub2-tools package. Among other things,
the script copies the blscfg module from the /usr/lib/grub/$arch directory
to /boot/grub2/$arch.

This is done because for non-UEFI installs (i386-pc and powerpc-ieee1275)
the GRUB core and modules aren't updated on package upgrade, so the blscfg
module won't be the latest that contains the current BLS support.

But the grub2-switch-to-blscfg script is currently executed in grub2-tools
%post scritplet, which means that if the grub2-tools package is installed
before the grub2-pc-modules package (that installs the blscfg module), the
grub2-switch-to-blscfg script won't copy the latest version of the module.

This will make systems to fail to populate the GRUB menu, since its config
will already be migrated to BLS but the blscfg module won't be the latest.

So to make sure that the latest blscfg module is copied regardless of the
grub2-tools and grub2-pc-modules packages install order, run the switch
script in a grub2-tools %posttrans so it's executed at the end of the RPM
transaction once all the packages have been installed.

Resolves: rhbz#1652806

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-04-16 18:27:09 +02:00
Zbigniew Jędrzejewski-Szmek
30b139ceba
Do not remove boot loader configuration for other boot loaders 2019-04-16 18:16:25 +02:00
Javier Martinez Canillas
dd6e48876e
10_linux_bls: don't add --users option to generated menu entries
The generated menu entries have a --users $grub_users option but this will
fail on old versions of GRUB, since it expects the --users option argument
to either be a constant or a variable that has been set.

The latest GRUB version fix this but the GRUB core isn't updated on a GRUB
package update, so this will cause the entries to not be shown in the menu
after a system upgrade.

Since can cause issues and because the entries that weren't generated from
the BLS snippets didn't have the --users option either, just don't add it.

Resolves: rhbz#1693515

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-03-28 17:05:25 +01:00
Javier Martinez Canillas
88459565ec
A set of EFI fixes to support arm64 QCom UEFI firmwares
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-03-26 17:17:17 +01:00
Javier Martinez Canillas
c1ccaf8a0e
Fix some BLS snippets not being displayed in the GRUB menu
There was an error in the logic that stored the parsed BLS snippets in the
sorted linked list that is used to populate the GRUB boot menu entries.

Also add a fix found by coverity scan about a possible undefined behaviour
due grub_efi_status_t having the wrong type.

Resolves: rhbz#1691232

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-03-22 15:33:06 +01:00
Javier Martinez Canillas
242b306a29
Only set blsdir if /boot/loader/entries is in a btrfs or zfs partition
Commit bfc756f8d86 ("Set blsdir if the BLS directory path isn't one of the
looked up by default") attempted to set blsdir if /boot/loader/entries was
not the real path of the directory containing the BLS snippets. Which may
be the case if for example /boot/loader/entries is in a btrfs subvolume.

But in the case of ostree, /boot/loader is a symlink to the directory with
the entries for the current deployment. So with ostree the blsdir will be
wrongly set, since GRUB is able to follow the symlinks just fine. In fact,
it has to follow the symlink since otherwise GRUB will always use the BLS
files for the deployment that the symlink pointed out when blsdir was set.

So only set blsdir if /boot/loader/entries is in a btrfs or zfs partition.

Related: rhbz#1688453

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-03-20 16:54:35 +01:00
Javier Martinez Canillas
fad457cd90
Two more fixes
Avoid grub2-efi package to overwrite existing /boot/grub2/grubenv file
  Resolves: rhbz#1687323
Switch to BLS in tools package %%post scriptlet
  Resolves: rhbz#1652806

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-03-11 12:07:18 +01:00
Javier Martinez Canillas
a7449e2e58
Switch to BLS in tools package %post scriptlet
The switch to a BLS configuration was made before in the grubby package
%post scriptlet, but this is wrong since it means that a not up-do-date
grub2-switch-to-blscfg script could be used to do the switch.

Resolves: rhbz#1652806

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-03-11 12:01:43 +01:00
Javier Martinez Canillas
5d7e4540ed
Some BLS fixes
20-grub-install: Replace, rather than overwrite, the existing kernel (pjones)
  Resolves: rhbz#1642402
99-grub-mkconfig: Don't update grubenv generating entries on ppc64le
  Related: rhbz#1637875
blscfg: fallback to default_kernelopts if BLS option field isn't set
  Related: rhbz#1625124
grub-switch-to-blscfg: copy increment.mod for legacy BIOS and ppc64
  Resolves: rhbz#1652806

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-02-27 19:54:32 +01:00
Javier Martinez Canillas
f6d4ab8f83
Check if blsdir exists before attempting to get it's real path
Resolves: rhbz#1677415

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-02-15 18:22:18 +01:00
Javier Martinez Canillas
e3a408a521
A couple of fixes
Don't make grub_strtoull() print an error if no conversion is performed
  Resolves: rhbz#1674512
Set blsdir if the BLS directory path isn't one of the looked up by default
  Resolves: rhbz#1657240

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-02-13 13:41:46 +01:00
Javier Martinez Canillas
11b49b804e
BLS support enhancements and some fixes
- Don't build the grub2-efi-ia32-* packages on i686 (pjones)
- Add efi-export-env and efi-load-env commands (pjones)
- Make it possible to subtract conditions from debug= (pjones)
- Try to set -fPIE and friends on libgnu.a (pjones)
- Add more options to blscfg command to make it more flexible
- Add support for prepend early initrds to the BLS entries
- Fix grub.cfg-XXX look up when booting over TFTP

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-02-04 19:28:49 +01:00
Fedora Release Engineering
5699af497f - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-02-01 01:37:54 +00:00
Igor Gnatenko
3463a4b800 Remove obsolete Group tag
References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag
2019-01-28 20:24:06 +01:00
Igor Gnatenko
23b6ae2b79
Remove obsolete scriptlets
References: https://fedoraproject.org/wiki/Changes/RemoveObsoleteScriptlets
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2019-01-27 19:01:54 +01:00
Javier Martinez Canillas
bb036b8233
Don't exclude /etc/grub.d/01_fallback_counting anymore
This was causing issues but it should be fixed now.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2018-12-17 12:58:43 +01:00
Javier Martinez Canillas
4ff5f8dcef
Another set of BLS fixes
BLS files should only be copied by grub-switch-to-blscfg if BLS isn't set
  Related: rhbz#1638117
Fix get_entry_number() wrongly dereferencing the tail pointer
  Resolves: rhbz#1654936
Make grub2-mkconfig to honour GRUB_CMDLINE_LINUX in /etc/default/grub
  Resolves: rhbz#1637875

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2018-12-11 20:23:51 +01:00
Javier Martinez Canillas
1f092caba7
Drop two efinet patches that were causing issues and a bunch of other fixes
Add comments and revert logic changes in 01_fallback_counting
Remove quotes when reading ID value from /etc/os-release
  Related: rhbz#1650706
blscfg: expand grub_users before passing to grub_normal_add_menu_entry()
  Resolves: rhbz#1650706
Drop buggy downstream patch "efinet: retransmit if our device is busy"
  Resolves: rhbz#1649048
Make the menu entry users option argument to be optional
  Related: rhbz#1652434
10_linux_bls: add missing menu entries options
  Resolves: rhbz#1652434
Drop "Be more aggro about actually using the *configured* network device."
  Resolves: rhbz#1654388
Fix menu entry selection based on title
  Resolves: rhbz#1654936

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2018-12-01 03:28:36 +01:00
Javier Martinez Canillas
f92a00c4b3
Remove installkernel-bls script
The installkernel-bls script is present in both the grub2-common and
grubby packages. But there's no need for this duplication and it can
just be installed by the grubby package.

Related: rhbz#1647721

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2018-11-21 10:06:17 +01:00
Javier Martinez Canillas
ff9dc1ed7d
Don't unconditionally set default entry when installing debug kernels
If a debug kernel package is installed, the default entry should only
be set when DEFAULTDEBUG=yes is set in /etc/sysconfig/kernel.

Resolves: rhbz#1636346

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2018-10-26 14:25:04 +02:00
Javier Martinez Canillas
420527a50b
A bunch of fixes for BLS
- add 10_linux_bls grub.d snippet to generate menu entries from BLS files
  Resolves: rhbz#1636013
- Only set kernelopts in grubenv if it wasn't set before
  Resolves: rhbz#1636466
- kernel-install: Remove existing initramfs if it's older than the kernel (pjones)
  Resolves: rhbz#1638405
- Update the saved entry correctly after a kernel install (pjones)
  Resolves: rhbz#1638117
- blscfg: sort everything with rpm *package* comparison (pjones)
  Related: rhbz#1638103
- blscfg: Make 10_linux_bls sort the same way as well
  Related: rhbz#1638103
- don't set saved_entry on grub2-mkconfig
  Resolves: rhbz#1636466
- Fix menu entry selection based on ID and title (pjones)
  Resolves: rhbz#1640979

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2018-10-23 15:57:56 +02:00
Peter Jones
db4a99687c Exclude /etc/grub.d/01_fallback_counting until we work through some design
questions.
  Resolves: rhbz#1614637

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-10-04 17:11:21 -04:00
Peter Jones
7531222057 Fix the fallback counting script even harder. Apparently, this wasn't
tested well enough.
  Resolves: rhbz#1614637

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-10-03 15:57:52 -04:00
Peter Jones
a3bfe35d12 Various bug fixes
- Fix grub.cfg boot counting snippet generation (lorbus)
  Resolves: rhbz#1614637
- Fix spurrious allocation error reporting on EFI boot
  Resolves: rhbz#1635319
- Stop doing TPM on BIOS *again*.  It just doesn't work.
  Related: rhbz#1579835
- Make blscfg module loadable on older grub2 i386-pc and powerpc-ieee1275
  builds
- Fix execstack cropping up in grub2-tools
- Ban stack trampolines with compiler flags.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-10-02 13:40:52 -04:00
Hans de Goede
ace3c257a6 Stop using pkexec for grub2-set-bootflag
Stop using pkexec for grub2-set-bootflag, it does not work under gdm instead
make it suid root (it was written with this in mind)

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-09-25 14:11:00 -04:00
Peter Jones
e30274adfa More EFI memory allocator work.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-09-25 14:10:22 -04:00
Peter Jones
c4e6bf30f6 Some more bug fixes and just some general hygiene.
Add 2 conditions to boot-success timer and service:
  Don't run it for system users
  Resolves: rhbz#1592201
  Don't run it when pkexec isn't available
  Resolves: rhbz#1619445
Use -Wsign-compare -Wconversion -Wextra in the build.
  Related: rhbz#1624532
  Related: rhbz#1626844

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-09-12 10:36:43 -04:00
Peter Jones
98536ecf37 Once more into the breach, dear friends.
- Limit grub_malloc() on x86_64 to < 31bit addresses, as some devices seem to
  have a colossally broken storage controller (or UEFI driver) that can't do
  DMA to higher memory addresses, but fails silently.
  Resolves: rhbz#1626844 (possibly really resolving it this time.)
- Also integrate Hans's attempt to fix the related error from -54, but do it
  the other way around: try the low addresses first and *then* the high one if
  the allocation fails.  This way we'll get low regions by default, and if
  kernel/initramfs don't fit anywhere, it'll try the higher addresses.
  Related: rhbz#1624532
- Coalesce all the intermediate debugging junk from -54/-55/-56.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-09-11 18:08:44 -04:00
Peter Jones
371309b06e More bug "fixes"...
Don't mangle fw_path even harder.
  Resolves: rhbz#1626844
Fix reboot being missing on some platforms, and make it alias to
  "reset" as well.
More dprintf().

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-09-11 11:07:08 -04:00
Peter Jones
76df8270f6 Several fixes.
Fix UEFI memory problem in a different way.
  Related: rhbz#1624532
Don't mangle fw_path with a / unless we're on http
  Resolves: rhbz#1626844

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-09-10 17:32:30 -04:00
Peter Jones
0c72748086 Fix UEFI booting in a different way.
Related: rhbz#1626844
Related: rhbz#1624532
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-09-10 17:05:51 -04:00
Kevin Fenzi
1b51084aaa Add patch from https://github.com/rhboot/grub2/pull/30 to fix uefi booting
Resolves: rhbz#1624532
2018-09-07 10:17:38 -07:00
Peter Jones
66fa5861ee Update conflicts on grubby
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-08-30 11:18:03 -04:00
Peter Jones
c2f7a5e9af Update some more stuff again and whatnot.
Fix AArch64 machines with no RAM latched lower than 1GB
  Resolves: rhbz#1615969
Set http_path and http_url when HTTP booting
Hopefully slightly better error reporting in some cases
Better allocation of kernel+initramfs on x86_64 and aarch64
  Resolves: rhbz#1572126

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-08-30 11:15:56 -04:00
Peter Jones
c87b938e5d woops
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-08-19 10:42:52 -04:00
Peter Jones
cefdf750ef We don't have the force python patch in SOURCES any more.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-08-16 14:21:41 -04:00
Peter Jones
bed013f094 Fix arm32 off-by-one error on reading the PE header.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-08-16 13:55:16 -04:00
Peter Jones
f0ceaa7597 Fix typo in /etc/grub.d/01_fallback_counting
Resolves: rhbz#1614637
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-08-16 13:53:45 -04:00
Javier Martinez Canillas
2d1140eb96
Add an installkernel script for BLS configurations
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2018-08-11 21:57:02 +02:00
Peter Jones
4892e6bea5 Temporarily make -cdboot files 0700 again.
We need to move these to /boot/efi/EFI/BOOT/ and change the perms at the same
time, but that means changing this, comps, and lorax (at least) at the same
time.  Right this minute isn't a good time to do that.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-08-07 11:21:29 -04:00
Peter Jones
73bf9047ae Kill .note.gnu.property with fire.
Resolves: rhbz#1612339

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-08-03 15:12:58 -04:00
Peter Jones
3e07ee7c3e Enable armv7 EFI builds. This was way harder than I expected.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-08-02 14:04:20 -04:00
Peter Jones
dbfd2e6b04 Make more stuff in our buildroot go into the git repo so I can grep it better.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-31 16:40:33 -04:00
Peter Jones
15a207211f Roll upstream's patches into one big patch here.
I don't really need to watch 150+ patches from upstream get applied.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-31 10:57:52 -04:00
Peter Jones
8d563110da --with-utils=host
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-27 12:52:55 -04:00
Peter Jones
da0e16c206 Fix autogen/autoconf invocation to actually re-make configure.
autogen.sh was running autoreconf, which *ran* configure but didn't actually
re-make it if it was there.  This means we effectively can't change our
configure invocation (for newer configure options), so that's bad.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-27 12:43:35 -04:00
Peter Jones
1f9267118f Fix some minor BLS issues
Rework the FDT module linking to make aarch64 build and boot right

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-17 16:50:04 -04:00
Peter Jones
ad4aff0c12 Rework SB patches and 10_linux.in changes even harder.
Apparently working on two identical trees at once is not good for doing things
right.

Resolves: rhbz#1601578
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-17 10:21:37 -04:00
Hans de Goede
1d36e193e6 Add support for setting boot_success / boot_indeterminate grubenv flags
Add support for making the user session automatically set the boot_success
flag and make offline-updates increment the boot_indeterminate grubenv var.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2018-07-16 16:51:14 -04:00
Peter Jones
ce0f493268 Rebased to newer upstream for fedora-29
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-16 15:54:21 -04:00
Peter Jones
e08eb33a57 Revert broken moduledir fix *again*.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-13 10:16:42 -04:00
Peter Jones
321567331b Fix our linuxefi/linux comand reunion
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-12 23:20:02 -04:00
Peter Jones
bfa240db6a Turn off armv7hl again until I can make the rest of the builds work
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-12 11:06:07 -04:00
Peter Jones
a52365a0df Port several fixes from the F28 tree and a WIP tree.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-11 16:49:50 -04:00
Peter Jones
cee2256e1c Fix some places where f28 and f29 .spec diverged
This is just to make diffing to make sure I haven't missed anything easier.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-11 15:40:00 -04:00
Peter Jones
752ceb1640 Rebased to newer upstream for fedora-29
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-10 15:12:02 -04:00
Peter Jones
dd0009ec4d Enable 32-bit ARM EFI builds.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-10 15:12:02 -04:00
Igor Gnatenko
15eb78a25c add BuildRequires: gcc
Reference: https://fedoraproject.org/wiki/Changes/Remove_GCC_from_BuildRoot
2018-07-09 19:06:46 +02:00
Peter Jones
63f1a982b9 Various fixups (gcc 8, xfs, UEFI https)
Fixups to work with gcc 8
Experimental https boot support on UEFI
XFS fixes for sparse inode support
  Resolves: rhbz#1575797

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-16 11:15:49 -04:00
Javier Martinez Canillas
dc178ac546 Two more fixes for BLS support
- Use version field to sort BLS entries if id field isn't defined
 - Add version field to BLS fragments generated by 20-grub.install

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2018-05-11 10:13:07 -04:00
Peter Jones
a8d8dcf190 A couple of fixes needed by Fedora Atomic - javierm
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-11 10:13:05 -04:00
Peter Jones
578b4d713f Put the os-prober dep back in - we need to change test plans and criteria
before it can go.
  Resolves: rhbz#1569411

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-11 10:13:04 -04:00
Peter Jones
fb3328442e Work around some issues with older automake found in CentOS.
Make multiple initramfs images work in BLS.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-04-11 14:47:38 -04:00
Peter Jones
c789522f7c Work around some issues with older automake found in CentOS.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-04-11 14:43:48 -04:00
Javier Martinez Canillas
ed50db379d Make 20-grub.install to generate debug BLS when MAKEDEBUG is set
If MAKEDEBUG=yes in /etc/sysconfig/kernel, then a debug menu entry should
be created. So for BLS, a debug configuration file has to be created that
contains debug kernel command line parameters.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2018-04-11 10:11:27 -04:00
Peter Jones
4fd69fdbcd Pull in some TPM fixes I missed.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-04-06 16:19:11 -04:00
Peter Jones
0bcec266a0 Enable TPM measurements
Set the default boot entry to the first entry when we're using BLS.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-04-06 15:42:49 -04:00
Peter Jones
78e1a10ec4 Add grub2-switch-to-blscfg
Fix for BLS paths on BIOS / non-UEFI (javierm)

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-04-03 13:41:24 -04:00
Benjamin Pereto
d73e0cbe7e FIX: broken rpm build introduced in 61faef, which fails with "missing directory for 20-grubby.install" 2018-04-02 07:47:39 -07:00
Javier Martinez Canillas
61faef65b2 Add kernel-install scripts
Install a 20-grubby.install and 90-loaderentry.install kernel-install
scripts in /etc/kernel/install.d so these have higher precedence than
the ones installed in /usr/lib/kernel/install.d by the systemd pkg.

If GRUB 2 pkg isn't installed, then the systemd scripts are executed
on kernel installation and removal.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2018-03-14 17:09:34 -04:00
Peter Jones
06b68a8c94 Build the blscfg module in on EFI builds.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-03-06 14:47:22 -05:00
Peter Jones
ec4acbbd98 Update grub2 for f28
- Try to fix things for new compiler madness.
  I really don't know why gcc decided __attribute__((packed)) on a "typedef
  struct" should imply __attribute__((align (1))) and that it should have a
  warning that it does so.  The obvious behavior would be to keep the alignment
  of the first element unless it's used in another object or type that /also/
  hask the packed attribute.  Why should it change the default alignment at
  all?
- Merge in the BLS patches Javier and I wrote.
- Attempt to fix pmtimer initialization failures to not be super duper slow.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-02-28 10:08:00 -05:00
Igor Gnatenko
38305f23ff
Remove %clean section
None of currently supported distributions need that.
Last one was EL5 which is EOL for a while.

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-14 08:05:13 +01:00
Igor Gnatenko
8bbfda8a06
Escape macros in %changelog
Reference: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Y2ZUKK2B7T2IKXPMODNF6HB2O5T5TS6H/
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-09 09:04:38 +01:00
Peter Jones
8b3d200862 Fix a merge error from 2.02-21 that affected kernel loading on Aarch64.
Fix a merge error from 2.02-21 that affected kernel loading on Aarch64.
Related: rhbz#1519311
Related: rhbz#1506704
Related: rhbz#1502312

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-01-23 16:35:31 -05:00
Peter Jones
d51395ea7f Update our gcc nerfing.
- Only nerf annobin, not -fstack-crash-protection.
- Fix a conflict on /boot/efi directory permissions between -cdboot and the
  normal bootloader.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-01-19 13:17:09 -05:00
Peter Jones
28076bb004 Nerf some new gcc 'features'
For now, completely nerf annobin and -fstack-clash-protection; at least
one of those things makes grubx64.efi crash on start.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-01-18 18:23:41 -05:00
Peter Jones
a91fed7f66 Fix some efi modules bugs
- Fix grub2-efi-modules provides/obsoletes generation
  Resolves: rhbz#1506704
- *Also* build grub-efi-ia32{,-*,!-modules} packages for i686 builds
  Resolves: rhbz#1502312

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-01-18 14:14:19 -05:00
Peter Jones
8cceee7ebe Make everything under /boot/efi be mode 0700, since that's what FAT will
show anyway.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-01-18 14:12:52 -05:00
Peter Jones
da63b36ca7 Rebase to newer upstream and fix pmtimer.
- Rebase to current master
- Fix pmtimer calibration to not take forever to fail on kvm.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-01-17 15:41:44 -05:00
Peter Jones
307d019554 Handle xen module loading (somewhat) better
You'll still need to actually install grub2-${efiarch}-modules and then
use grub2-install to install the xen modules in /boot/grub2/,
but this should handle actually loading them from the grub config file.

Resolves: rhbz#1486002

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-10-24 12:53:12 -04:00
Peter Jones
e1f4c0ec1e Make grub2-efi-aa64 provide grub2
I'm not sure this is 100% the right place to do this - maybe it should
go in anaconda - but it seems most expedient :/

Resolves: rhbz#1491045

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-09-20 15:28:42 -04:00
Dennis Gilmore
8887fc70b1 bump for Obsoletes again
Signed-off-by: Dennis Gilmore <dennis@ausil.us>
2017-09-11 12:39:02 -05:00
Peter Jones
b52a729921 Fix Obsoletes on grub2-pc
Signed-off-by: Peter Jones <pjones@redhat.com>
2017-09-06 18:26:03 -04:00
Petr Šabata
50a9c3a2b3 Limit the pattern matching in do_alt_efi_install to files
This unbreaks module builds that contain the ".module" string in their
dist tags.

Signed-off-by: Petr Šabata <contyk@redhat.com>
2017-08-30 11:03:41 -04:00
Peter Jones
7849a868f2 Revert the /usr/lib/.build-id/ change
Revert the /usr/lib/.build-id/ change:
  https://fedoraproject.org/wiki/Changes/ParallelInstallableDebuginfo
  says (without any particularly convincing reasoning):
    The main build-id file should not be in the debuginfo file, but in the
    main package (this was always a problem since the package and debuginfo
    package installed might not match). If we want to make usr/lib/debug/ a
    network resource then we will need to move the symlink to another
    location (maybe /usr/lib/.build-id).
  So do it that way.  Of course it doesn't matter, because exclude gets
  ignored due to implementation details.

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-25 16:40:58 -04:00
Peter Jones
152cdcd6f5 Minor updates to provides and excludes
Add some unconditional Provides:
  grub2-efi on grub2-efi-${arch}
  grub2-efi-cdboot on grub2-efi-${arch}-cdboot
  grub2 on all grub2-${arch} pacakges
Something is somehow adding /usr/lib/.build-id/... to all the -tools
  subpackages, so exclude all that.

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-25 13:31:34 -04:00
Peter Jones
1300d7b633 Fix arm kernel command line allocation
Resolves: rhbz#1484609
Get rid of the temporary extra efi packages hack.

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-24 14:10:08 -04:00
Peter Jones
53a4172ac4 Various fixups
- Put grub2-mkimage in -tools, not -tools-extra.
- Fix i686 building
- Fix ppc HFS+ usage due to /boot/efi's presence.

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-23 17:05:03 -04:00
Peter Jones
71e0fb4ea6 Put grub2-mkimage in -tools, not -tools-extra.
Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-22 11:14:37 -04:00
Peter Jones
31ea67e0aa Add the .img files into grub2-pc-modules (and all legacy variants)
autoqa is seeing a failure that looks like:

13:50:17,909 INF program: grub2-install: error: cannot open `/usr/lib/grub/i386-pc/lzma_decompress.img': No such file or directory.

And it's because the .img files are currently excluded.  So put them
back.

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-18 17:36:01 -04:00
Peter Jones
3619a3f545 Simplify some of the macros a bit.
Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-17 13:28:53 -04:00
Peter Jones
41c1671979 Actually fix the configure usage and the gcc -E weirdness.
Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-17 13:28:53 -04:00
Peter Jones
dcee992d1c Fix some build failures.
Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-16 17:04:58 -04:00
Peter Jones
35d1684777 Make a temporary grub2-efi package on 64-bit efi arches.
This makes it so we can build grub2 with the changes before anaconda and
lorax are fixed.

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-16 15:05:31 -04:00
Peter Jones
345233e0e5 fix grubenv once more... 2017-08-16 15:05:26 -04:00
Peter Jones
9d2fddcf46 Fix a merge error that dropped the grub.macros and grub.patches sources
Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-16 15:05:12 -04:00
Peter Jones
b50565e33e Make ia32 work as well.
- make it work with rpm-4.13.90
- split up the packages for various arch targets so ia32 can work

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-16 15:05:12 -04:00
Peter Jones
bbc6a8998a Rebased to newer upstream for fedora-27
Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-16 11:14:30 -04:00
Peter Jones
47f2daf5df Rebuild again with new fixed rpm. (bug #1480407)
Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-15 15:08:31 -04:00
Kevin Fenzi
21962f5359 Rebuild again with new fixed rpm. (bug #1480407) 2017-08-11 08:59:07 -07:00
Kevin Fenzi
e3cdc195c4 Rebuild for rpm soname bump again 2017-08-10 14:47:43 -07:00
Igor Gnatenko
5e05dbf1e6 Rebuilt for RPM soname bump
Signed-off-by: Igor Gnatenko <ignatenko@redhat.com>
2017-08-10 20:24:55 +02:00
Peter Jones
73823ebf7d Undo those last two - something is going wrong with fedpkg locally.
Somehow the wrong version is getting built, and I'm quite confused as to
why:

trillian:~/devel/fedora/grub2/master$ fedpkg build
/usr/lib/python2.7/site-packages/fedora/client/bodhi.py:48: DeprecationWarning: fedora.client.bodhi has been deprecated. Please use bodhi.client.bindings instead.
  DeprecationWarning)
Building grub2-2.02-3.fc27 for rawhide

         ^^^^^^^^^^^^^^^^^ looks correct

Created task: 21022413
Task info: https://koji.fedoraproject.org/koji/taskinfo?taskID=21022413
Watching tasks (this may be safely interrupted)...
21022413 build (rawhide, /rpms/grub2:bf8e18bc1df80b77e218e3e673f9e3f8f2116542): free
21022413 build (rawhide, /rpms/grub2:bf8e18bc1df80b77e218e3e673f9e3f8f2116542): free -> open (buildvm-aarch64-01.arm.fedoraproject.org)
  21022414 buildSRPMFromSCM (/rpms/grub2:bf8e18bc1df80b77e218e3e673f9e3f8f2116542): free
  21022414 buildSRPMFromSCM (/rpms/grub2:bf8e18bc1df80b77e218e3e673f9e3f8f2116542): free -> open (buildvm-aarch64-01.arm.fedoraproject.org)
  21022414 buildSRPMFromSCM (/rpms/grub2:bf8e18bc1df80b77e218e3e673f9e3f8f2116542): open (buildvm-aarch64-01.arm.fedoraproject.org) -> closed
  0 free  1 open  1 done  0 failed
  21022475 buildArch (grub2-2.02-0.25.fc27.src.rpm, i686): free

                      ^^^^^^^^^^^^^^^^^^^^ does not look correct

So I'm trying from a fresh checkout instead.

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-03 15:06:42 -04:00
Peter Jones
1f054ac587 Try even harder to make it look like the scratch build that worked...
Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-03 14:50:49 -04:00
Peter Jones
9322a748fe For some reason build-ids are breaking aarch64 (again.)
Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-03 14:30:15 -04:00
Peter Jones
dd84573118 Rebuild so it gets SB signed correctly.
Related: rhbz#1335533
Enable lsefi

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-03 13:35:21 -04:00
Michael Cronenworth
7495404bba Fix symlink to work on both EFI and BIOS machines, Resolves: rhbz#1335533
Signed-off-by: Michael Cronenworth <mike@cchtml.com>
2017-07-24 09:13:47 -05:00
Peter Jones
bc092b9bcd Rebased to grub 2.02 for fedora-27
Signed-off-by: Peter Jones <pjones@redhat.com>
2017-07-11 07:38:34 -04:00
Peter Jones
39d46ea780 Fix deps that should have moved to -tools but didn't.
Signed-off-by: Peter Jones <pjones@redhat.com>
2017-07-11 07:38:34 -04:00
Peter Jones
6d8e18dbc8 Fix some old deps that should have moved to -tools
Signed-off-by: Peter Jones <pjones@redhat.com>
2017-07-11 07:38:34 -04:00
Stephen Gallagher
eea0c02ae7
Add missing %%license macro 2017-02-01 20:12:10 -05:00
Peter Jones
819251656a Fix regexp in power compile flags, and synchronize release number with
other branches.

Signed-off-by: Peter Jones <pjones@redhat.com>
2016-12-08 10:42:05 -05:00
Dan Horák
b7437aa1d1 fix typo in regex 2016-12-07 09:47:49 +01:00
Peter Jones
377f5fc2d0 Rebased to newer upstream for fedora-26
Signed-off-by: Peter Jones <pjones@redhat.com>
2016-12-02 16:18:30 -05:00
Peter Jones
0773b3d5c8 remove the manual application of Laszlo's patch...
Signed-off-by: Peter Jones <pjones@redhat.com>
2016-12-01 17:22:09 -05:00
Peter Jones
1f6f8c776e Update version to .36 because I already built an f25 one named 0.35
Signed-off-by: Peter Jones <pjones@redhat.com>
2016-12-01 17:19:52 -05:00
Peter Jones
475000b94d Rebased to newer upstream for fedora-26
Signed-off-by: Peter Jones <pjones@redhat.com>
2016-12-01 17:18:47 -05:00
Adam Williamson
ced107a476 Add patch from lersek to fix UEFI Windows dual-boot
Resolves: rhbz#1347291

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2016-12-01 17:16:03 -05:00
Peter Jones
7c83ceb432 Fix power6 makefile bits for newer autoconf defaults.
Signed-off-by: Peter Jones <pjones@redhat.com>
2016-12-01 17:14:05 -05:00
Adam Williamson
0ea125de5a Revert "Add patch from lersek to fix UEFI Windows dual-boot - #1347291"
This reverts commit 44da1e072b.
Reverting for now as there's some unresolved questions that
make me unwilling to go through with this change - like why
ppc64 build fails on Rawhide, and whether the changes from
the f24 branch that aren't on master or f25 should be brought
forward. So reverting to the status quo until I can talk to
Peter.
2016-11-21 19:29:03 -08:00
Adam Williamson
44da1e072b Add patch from lersek to fix UEFI Windows dual-boot - #1347291
Signed-off-by: Adam Williamson <awilliam@redhat.com>
2016-11-21 19:02:04 -08:00
Peter Jones
9d15b4d492 Update to be newer than f24's branch.
- Add grub2-get-kernel-settings
  Related: rhbz#1226325

Signed-off-by: Peter Jones <pjones@redhat.com>
2016-11-18 16:02:43 -05:00
Peter Jones
336bf36497 Revert 27e66193, which was replaced by upstream's 49426e9fd
Resolves: rhbz#1251600

Signed-off-by: Peter Jones <pjones@redhat.com>
2016-04-07 11:01:55 -04:00
Peter Jones
1713515a59 Rebased to newer f24 code
Signed-off-by: Peter Jones <pjones@redhat.com>
2016-04-07 10:46:33 -04:00
Peter Jones
0ac23e2378 Pull TPM updates from mjg59.
Resolves: rhbz#1318067

Signed-off-by: Peter Jones <pjones@redhat.com>
2016-04-05 15:31:48 -04:00
Thierry Vignaud
dcaf8f6883 switch to pkgconfig() style BR
See
https://fedoraproject.org/wiki/Packaging:Guidelines#BuildRequires_based_on_pkg-config
2016-03-22 13:29:53 -04:00
Thierry Vignaud
bec00f199a fix summary-ended-with-dot warning from rpmlint 2016-03-22 13:29:51 -04:00
Peter Jones
2ae5c1ecf9 Rebased to newer upstream for fedora-24
Signed-off-by: Peter Jones <pjones@redhat.com>
2016-03-04 15:29:53 -05:00
Peter Jones
b9efc549fa Bump for grub-2.02-beta3
Signed-off-by: Peter Jones <pjones@redhat.com>
2016-03-04 14:08:54 -05:00
Peter Jones
52f24b72a1 Make a "do-rebase" script we can use when we've rebased the github repo.
This rebuilds our patchset automatically.

Signed-off-by: Peter Jones <pjones@redhat.com>
2016-03-04 13:28:38 -05:00
Peter Jones
bf8e18bc1d Security update for keyboard input vulnerability.
- Fix security issue when reading username and password
  Related: CVE-2015-8370
- Do a better job of handling GRUB2_PASSWORD
  Related: rhbz#1284370

Signed-off-by: Peter Jones <pjones@redhat.com>
2015-12-17 10:06:43 +01:00
Peter Jones
d979a79ed2 Rebuild without multiboot* modules in the EFI image.
Related: rhbz#1264103

Signed-off-by: Peter Jones <pjones@redhat.com>
2015-11-20 18:18:48 -05:00