OSTree doesn't support installations that don't have a boot partition. The
BLS snippets assume that there will be one, so this has to be checked and
only mark GRUB as supporting BLS in OSTree systems have a boot partition.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
The Default Boot Behavior for EFI if no BootOrder and Boot#### variables
are found is to look for an ESP and start \EFI\BOOT\BOOT{$arch}.efi.
This is usually fallback.efi installed by the shim package, but since shim
isn't used on armv7, there's no \EFI\BOOT\BOOTARM.EFI installed in the ESP.
So install GRUB as \EFI\BOOT\BOOTARM.EFI for armv7 so there is a default
EFI binary to be started.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Since GRUB 2.04 there is support for TPM measurements in a tpm module that
uses the verifiers framework. So this is used now instead of the previous
downstream patches that we were carrying.
But we forgot to enable this module when rebasing to 2.04 which leads to
GRUB no longer measuring the kernel, initrd and command line parameters.
One side effect of using the verifiers framework is that if measurements
fail, GRUB won't be able to open the files since the errors from the tpm
module are propagated. This means that a firmware with a buggy tpm support
will prevent the machine to boot, which was not the case with the previous
downstream patches. Don't propagate the measurement errors to prevent this.
Resolves: rhbz#1836433
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
The kernel cmdline was stored as a kernelopts variable in the grubenv file
and the BLS snippets used that. But this turned out to be fragile since the
grubenv file could be removed or get corrupted easily.
To prevent the entries to not have a cmdline if the grubenv can't be read,
a fallback variable was set in the GRUB config file. But this still caused
issues since the config needs to be re-generated to change the parameters.
Instead, let's store the cmdline in the BLS snippets. This will make the
configuration more robust, since it will work even without the grubenv
file and the BLS entries will contain all the information needed to boot.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
blscfg: Lookup default_kernelopts variable as fallback for options
Related: rhbz#1765297
10_linux.in: fix early exit due error when reading petitboot version
Resolves: rhbz#1827397
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
The logic to parse the BLS configs to generate a set of menuentry commands
that's needed on ppc64le machines with bootloaders that don't have support
to parse BLS config directly, was implemented in a 10_linux_bls script.
But there's no need to have a separate script just for this and this logic
can be merged into the 10_linux script to avoid code duplication.
Also since the blscfg module will also now be used by ostree-based distros
there is a possible corner case in which a user set the blsdir variable to
a BLS directory path that is different than the default used by ostree.
So to avoid possible issues, only drop the marker file to specify that the
bootloader has support to parse BLS files if this variable hasn't been set.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
- Add riscv64 support to grub.macros and RISC-V build fixes (davidlt)
- blscfg: Always use the root variable to search for BLS snippets
- bootstrap.conf: Force autogen.sh to use python3
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
cmurf and javierm noticed[0] that we don't have zstd enabled, and that could
cause issues in some cases for /boot on btrfs subvolumes. This adds it to our
module list.
[0] https://github.com/rhinstaller/anaconda/pull/2255#discussion_r359123085
Related: rhbz#1418336
Signed-off-by: Peter Jones <pjones@redhat.com>
This gets rid of the vestigial remnants of the now-obsolete
release-to-master.patch , and moves gnulib to be earlier in our source list.
Signed-off-by: Peter Jones <pjones@redhat.com>
- Various grub2 cleanups (pbrobinson)
- Another fix for blscfg variable expansion support
- blscfg: Add support for sorting the plus ('+') higher than base version
Resolves: rhbz#1767395
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
- drop deprecated groups from the macros file, already gone from main spec.
- don't ship arch specific bits in tools-extra that are already special cased in tools
- move grub2-glue-efi to tools-efi, it's Mac specific and there's othe Mac efi tools there
- drop tools-extra dep for efi binaries, all in tools-efi and anaconda deals with that
- put grub2-install man page in the right package with the util
- other minor cleanups
- 20-grub-install: Don't add an id field to generated BLS snippets
- 99-grub-mkconfig: Disable BLS usage for Xen machines
Resolves: rhbz#1703700
- Don't add a class option to menu entries generated for ppc64le
Resolves: rhbz#1758225
- 10_linux.in: Also use GRUB_CMDLINE_LINUX_DEFAULT to set kernelopts
- blscfg: Don't hardcode an env var as fallback for the BLS options field
Resolves: rhbz#1710483
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
- A couple of RISC-V fixes
- Remove grub2-tools %%posttrans scriptlet that migrates to a BLS config
- Add blscfg device tree support
Resolves: rhbz#1751307
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
This change updates grub to the 2.04 release. The new release changed how
grub is built, so the bootstrap and bootstrap.conf files have to be added
to the dist-git. Also, the gitignore file changed so it has to be updated.
Since the patches have been forward ported to 2.04, there's no need for a
logic to maintain a patch with the delta between the release and the grub
master branch. So the release-to-master.patch is dropped and no longer is
updated by the do-rebase script.
Also since gnulib isn't part of the grub repository anymore and cloned by
the boostrap tool, a gnulib tarball is included as other source file and
copied before calling the bootstrap tool. That way grub can be built even
in builders that only have access to the sources lookaside cache.
Resolves: rhbz#1727279
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Releng attempted to build the grub2 package as a part of the Fedora 31
mass rebuild [0], but this failed due lack of credentials to build the
grub2 package. Do a manual build for the rebuild to succeed.
[0]: https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
The BLS files are copied from /lib/modules/$(uname -r)/bls.conf and this
file has a SELinux label of "system_u:object_r:modules_object_t" like all
the other files that are installed by the kernel package.
But the files in the /boot directory are expected to have a SELinux label
of "system_u:object_r:boot_t". For all the other files that are copied to
/boot by the kernel-install script, the SELinux security contexts are
restored to the default but that was missing for the BLS files.
Resolves: rhbz#1726020
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
The btrfs snapshot submenu was removed because it broke the old grubby tool
since it searched for "menuentry". But now that a BLS config is supported,
this can be added again as long as grubby isn't used.
This patch also moves the grub2-probe tool to the tools-minimal package to
prevent a circular dependency since the grub2-tools package depends on the
os-prober package, but os-prober package needs grub2-probe as a dependency.
So instead of making os-prober to depend on grub2-tools, it can be made to
depend on the grub2-tools-minimal subpackage.
Resolves: rhbz#1715994
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
This change reorganizes and cleanups our patches to reduce the patch number
from 314 patches to 187. That's achieved by dropping patches that are later
reverted and squashing fixes for earlier patches that introduced features.
There are no code changes and the diff with upstream is the same before and
after the cleanup. Having fewer patches makes easier to manage the patchset
and also will ease to rebase them on top of the latest grub-2.04 release.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Building the multiboot and multiboot2 modules was disabled for EFI builds.
But that made the menu entries created by the Xen package to stop working
since they use the multiboot2 module.
The modules were disabled modules because they can be used to bypass the
Secure Boot mechanism. But it's enough to not include these modules in the
grub2 EFI binary that's signed, which is the case already in the grub2 pkg.
Having them as modules if the user installs the grub2-efi-x64-modules is
a valid use case. And since module loading isn't allowed when Secure Boot
is enabled, it doesn't represent any security threat.
Resolves: rhbz#1703872
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Fix failure to request grub.cfg over HTTP
Some ARM fixes (pbrobinson)
Preserve multi-device workflows (Yclept Nemo)
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Fix --bls-directory option comment in grub2-switch-to-blscfg man page
Resolves: rhbz#1714835
10_linux_bls: use '=' to separate --id argument due a Petitboot bug
grub-set-bootflag: Print an error if failing to read from grubenv
Resolves: rhbz#1702354
10_linux: generate BLS section even if no kernels are found in /boot
10_linux: don't search for OSTree kernels
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
The rpm-build's "debugedit" program will silently corrupt .debug_macro
strings when a binary is compiled with -g3. Later in the build phase,
gdb-add-index is invoked to extract the DWARF index from the binary,
and GDB will segfault because dwarf2read.c:parse_definition_macro's
'body' variable is NULL.
Resolves: rhbz#1708780
There's no point on executing the script if GRUB_ENABLE_BLSCFG has already
been set. Currently was checking if an user explicitly set it to false to
avoid enabling the BLS configuration, but it should also be avoided if was
already set to true by a previous package update or during installation.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
The blscfg module isn't compatible with the GRUB core.img installed by any
release older than Fedora 21.
This is because the blscfg module calls to the grub_file_size() function to
check if the BLS file size is correct, but the struct grub_file used as the
parameter for this function changed in the GRUB version used in Fedora 21.
So the function returns a wrong file size due the .size field offset being
different in the older GRUB from Fedora 20 and earlier.
This is causing all the BLS files to be ignored due having a wrong size and
leading to GRUB menu not being populated on boot.
Related: rhbz#1652806
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
os-prober 1.75 dropped all the code for handling device mapper
directly in favor of only supporting the use of grub2-mount.
Thus, we now need grub2-mount to be built and packaged so that
os-prober can depend on it. We ship it in the grub2-tools-minimal
package to avoid creating a dependency loop between grub2-tools and
os-prober.
Resolves: rhbz#1471267
Signed-off-by: Neal Gompa <ngompa13@gmail.com>
GRUB has an user-space program emulator that allows to parse config files
and execute boot entries using the kexec tool. Add a grub2-emu subpackage
to install the emulator.
The subpackage is disabled on ppc64le architecture for now since grub2-emu
fails to build there.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
The GRUB configuration is switched to BLS using the grub2-switch-to-blscfg
script, which is installed by the grub2-tools package. Among other things,
the script copies the blscfg module from the /usr/lib/grub/$arch directory
to /boot/grub2/$arch.
This is done because for non-UEFI installs (i386-pc and powerpc-ieee1275)
the GRUB core and modules aren't updated on package upgrade, so the blscfg
module won't be the latest that contains the current BLS support.
But the grub2-switch-to-blscfg script is currently executed in grub2-tools
%post scritplet, which means that if the grub2-tools package is installed
before the grub2-pc-modules package (that installs the blscfg module), the
grub2-switch-to-blscfg script won't copy the latest version of the module.
This will make systems to fail to populate the GRUB menu, since its config
will already be migrated to BLS but the blscfg module won't be the latest.
So to make sure that the latest blscfg module is copied regardless of the
grub2-tools and grub2-pc-modules packages install order, run the switch
script in a grub2-tools %posttrans so it's executed at the end of the RPM
transaction once all the packages have been installed.
Resolves: rhbz#1652806
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
The generated menu entries have a --users $grub_users option but this will
fail on old versions of GRUB, since it expects the --users option argument
to either be a constant or a variable that has been set.
The latest GRUB version fix this but the GRUB core isn't updated on a GRUB
package update, so this will cause the entries to not be shown in the menu
after a system upgrade.
Since can cause issues and because the entries that weren't generated from
the BLS snippets didn't have the --users option either, just don't add it.
Resolves: rhbz#1693515
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
There was an error in the logic that stored the parsed BLS snippets in the
sorted linked list that is used to populate the GRUB boot menu entries.
Also add a fix found by coverity scan about a possible undefined behaviour
due grub_efi_status_t having the wrong type.
Resolves: rhbz#1691232
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Commit bfc756f8d86 ("Set blsdir if the BLS directory path isn't one of the
looked up by default") attempted to set blsdir if /boot/loader/entries was
not the real path of the directory containing the BLS snippets. Which may
be the case if for example /boot/loader/entries is in a btrfs subvolume.
But in the case of ostree, /boot/loader is a symlink to the directory with
the entries for the current deployment. So with ostree the blsdir will be
wrongly set, since GRUB is able to follow the symlinks just fine. In fact,
it has to follow the symlink since otherwise GRUB will always use the BLS
files for the deployment that the symlink pointed out when blsdir was set.
So only set blsdir if /boot/loader/entries is in a btrfs or zfs partition.
Related: rhbz#1688453
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
The switch to a BLS configuration was made before in the grubby package
%post scriptlet, but this is wrong since it means that a not up-do-date
grub2-switch-to-blscfg script could be used to do the switch.
Resolves: rhbz#1652806
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
20-grub-install: Replace, rather than overwrite, the existing kernel (pjones)
Resolves: rhbz#1642402
99-grub-mkconfig: Don't update grubenv generating entries on ppc64le
Related: rhbz#1637875
blscfg: fallback to default_kernelopts if BLS option field isn't set
Related: rhbz#1625124
grub-switch-to-blscfg: copy increment.mod for legacy BIOS and ppc64
Resolves: rhbz#1652806
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Don't make grub_strtoull() print an error if no conversion is performed
Resolves: rhbz#1674512
Set blsdir if the BLS directory path isn't one of the looked up by default
Resolves: rhbz#1657240
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
- Don't build the grub2-efi-ia32-* packages on i686 (pjones)
- Add efi-export-env and efi-load-env commands (pjones)
- Make it possible to subtract conditions from debug= (pjones)
- Try to set -fPIE and friends on libgnu.a (pjones)
- Add more options to blscfg command to make it more flexible
- Add support for prepend early initrds to the BLS entries
- Fix grub.cfg-XXX look up when booting over TFTP
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
BLS files should only be copied by grub-switch-to-blscfg if BLS isn't set
Related: rhbz#1638117
Fix get_entry_number() wrongly dereferencing the tail pointer
Resolves: rhbz#1654936
Make grub2-mkconfig to honour GRUB_CMDLINE_LINUX in /etc/default/grub
Resolves: rhbz#1637875
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Add comments and revert logic changes in 01_fallback_counting
Remove quotes when reading ID value from /etc/os-release
Related: rhbz#1650706
blscfg: expand grub_users before passing to grub_normal_add_menu_entry()
Resolves: rhbz#1650706
Drop buggy downstream patch "efinet: retransmit if our device is busy"
Resolves: rhbz#1649048
Make the menu entry users option argument to be optional
Related: rhbz#1652434
10_linux_bls: add missing menu entries options
Resolves: rhbz#1652434
Drop "Be more aggro about actually using the *configured* network device."
Resolves: rhbz#1654388
Fix menu entry selection based on title
Resolves: rhbz#1654936
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
The installkernel-bls script is present in both the grub2-common and
grubby packages. But there's no need for this duplication and it can
just be installed by the grubby package.
Related: rhbz#1647721
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
If a debug kernel package is installed, the default entry should only
be set when DEFAULTDEBUG=yes is set in /etc/sysconfig/kernel.
Resolves: rhbz#1636346
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
- add 10_linux_bls grub.d snippet to generate menu entries from BLS files
Resolves: rhbz#1636013
- Only set kernelopts in grubenv if it wasn't set before
Resolves: rhbz#1636466
- kernel-install: Remove existing initramfs if it's older than the kernel (pjones)
Resolves: rhbz#1638405
- Update the saved entry correctly after a kernel install (pjones)
Resolves: rhbz#1638117
- blscfg: sort everything with rpm *package* comparison (pjones)
Related: rhbz#1638103
- blscfg: Make 10_linux_bls sort the same way as well
Related: rhbz#1638103
- don't set saved_entry on grub2-mkconfig
Resolves: rhbz#1636466
- Fix menu entry selection based on ID and title (pjones)
Resolves: rhbz#1640979
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
- Fix grub.cfg boot counting snippet generation (lorbus)
Resolves: rhbz#1614637
- Fix spurrious allocation error reporting on EFI boot
Resolves: rhbz#1635319
- Stop doing TPM on BIOS *again*. It just doesn't work.
Related: rhbz#1579835
- Make blscfg module loadable on older grub2 i386-pc and powerpc-ieee1275
builds
- Fix execstack cropping up in grub2-tools
- Ban stack trampolines with compiler flags.
Signed-off-by: Peter Jones <pjones@redhat.com>
Stop using pkexec for grub2-set-bootflag, it does not work under gdm instead
make it suid root (it was written with this in mind)
Signed-off-by: Peter Jones <pjones@redhat.com>
Add 2 conditions to boot-success timer and service:
Don't run it for system users
Resolves: rhbz#1592201
Don't run it when pkexec isn't available
Resolves: rhbz#1619445
Use -Wsign-compare -Wconversion -Wextra in the build.
Related: rhbz#1624532
Related: rhbz#1626844
Signed-off-by: Peter Jones <pjones@redhat.com>
- Limit grub_malloc() on x86_64 to < 31bit addresses, as some devices seem to
have a colossally broken storage controller (or UEFI driver) that can't do
DMA to higher memory addresses, but fails silently.
Resolves: rhbz#1626844 (possibly really resolving it this time.)
- Also integrate Hans's attempt to fix the related error from -54, but do it
the other way around: try the low addresses first and *then* the high one if
the allocation fails. This way we'll get low regions by default, and if
kernel/initramfs don't fit anywhere, it'll try the higher addresses.
Related: rhbz#1624532
- Coalesce all the intermediate debugging junk from -54/-55/-56.
Signed-off-by: Peter Jones <pjones@redhat.com>
Don't mangle fw_path even harder.
Resolves: rhbz#1626844
Fix reboot being missing on some platforms, and make it alias to
"reset" as well.
More dprintf().
Signed-off-by: Peter Jones <pjones@redhat.com>
Fix UEFI memory problem in a different way.
Related: rhbz#1624532
Don't mangle fw_path with a / unless we're on http
Resolves: rhbz#1626844
Signed-off-by: Peter Jones <pjones@redhat.com>
Fix AArch64 machines with no RAM latched lower than 1GB
Resolves: rhbz#1615969
Set http_path and http_url when HTTP booting
Hopefully slightly better error reporting in some cases
Better allocation of kernel+initramfs on x86_64 and aarch64
Resolves: rhbz#1572126
Signed-off-by: Peter Jones <pjones@redhat.com>
We need to move these to /boot/efi/EFI/BOOT/ and change the perms at the same
time, but that means changing this, comps, and lorax (at least) at the same
time. Right this minute isn't a good time to do that.
Signed-off-by: Peter Jones <pjones@redhat.com>
autogen.sh was running autoreconf, which *ran* configure but didn't actually
re-make it if it was there. This means we effectively can't change our
configure invocation (for newer configure options), so that's bad.
Signed-off-by: Peter Jones <pjones@redhat.com>
