Stop having this problem and just copy over the beta tree
Resolves: rhbz#2006784 Signed-off-by: Robbie Harwood <rharwood@redhat.com>
This commit is contained in:
parent
0b61fb6968
commit
161ae8daaf
126
grub.macros
126
grub.macros
@ -74,6 +74,7 @@
|
||||
%global emuarch %{_arch}
|
||||
%global grubefiarch %{nil}
|
||||
%global grublegacyarch %{nil}
|
||||
%global grubelfname %{nil}
|
||||
|
||||
# sparc is always compiled 64 bit
|
||||
%ifarch %{sparc}
|
||||
@ -113,11 +114,20 @@
|
||||
%{!?with_efi_only:%global without_efi_only 0}
|
||||
%{?with_efi_only:%global without_efi_only 1}
|
||||
|
||||
### fixme
|
||||
%ifarch %{efi_arch}
|
||||
%global efi_modules " efi_netfs efifwsetup efinet lsefi lsefimmap "
|
||||
%endif
|
||||
|
||||
%ifarch x86_64 %{ix86}
|
||||
%global platform_modules " backtrace chain tpm usb usbserial_common usbserial_pl2303 usbserial_ftdi usbserial_usbdebug keylayouts at_keyboard "
|
||||
%endif
|
||||
|
||||
%ifarch ppc64le
|
||||
%global platform_modules " appendedsig "
|
||||
%endif
|
||||
|
||||
%ifarch aarch64 %{arm} riscv64
|
||||
%global efi_modules " "
|
||||
%else
|
||||
%global efi_modules " backtrace chain tpm usb usbserial_common usbserial_pl2303 usbserial_ftdi usbserial_usbdebug keylayouts at_keyboard "
|
||||
%global platform_modules " "
|
||||
%endif
|
||||
|
||||
%ifarch aarch64 %{arm} riscv64
|
||||
@ -217,6 +227,7 @@
|
||||
%global with_legacy_arch 1
|
||||
%global grublegacyarch %{legacy_target_cpu_name}-%{platform}
|
||||
%global moduledir %{legacy_target_cpu_name}-%{platform}
|
||||
%global grubelfname core.elf
|
||||
%endif
|
||||
|
||||
%global evr %{epoch}:%{version}-%{release}
|
||||
@ -378,55 +389,98 @@ install -m 644 %{1}.conf ${RPM_BUILD_ROOT}/etc/dnf/protected.d/ \
|
||||
rm -f %{1}.conf \
|
||||
%{nil}
|
||||
|
||||
%global grub_modules " all_video boot blscfg btrfs \\\
|
||||
cat configfile cryptodisk \\\
|
||||
echo ext2 f2fs fat font \\\
|
||||
gcry_rijndael gcry_rsa gcry_serpent \\\
|
||||
gcry_sha256 gcry_twofish gcry_whirlpool \\\
|
||||
gfxmenu gfxterm gzio \\\
|
||||
halt hfsplus http increment iso9660 \\\
|
||||
jpeg loadenv loopback linux lvm luks \\\
|
||||
luks2 mdraid09 mdraid1x minicmd net \\\
|
||||
normal part_apple part_msdos part_gpt \\\
|
||||
password_pbkdf2 pgp png reboot regexp \\\
|
||||
search search_fs_uuid search_fs_file \\\
|
||||
search_label serial sleep syslinuxcfg \\\
|
||||
test tftp version video xfs zstd " \
|
||||
|
||||
%ifarch x86_64 aarch64 %{arm} riscv64
|
||||
%define mkimage() \
|
||||
%define efi_mkimage() \
|
||||
%{4}./grub-mkimage -O %{1} -o %{2}.orig \\\
|
||||
-p /EFI/%{efi_vendor} -d grub-core ${GRUB_MODULES} \\\
|
||||
--sbat %{4}./sbat.csv \
|
||||
-p /EFI/%{efi_vendor} -d grub-core \\\
|
||||
--sbat %{4}./sbat.csv \\\
|
||||
${GRUB_MODULES} \
|
||||
%{4}./grub-mkimage -O %{1} -o %{3}.orig \\\
|
||||
-p /EFI/BOOT -d grub-core ${GRUB_MODULES} \\\
|
||||
--sbat %{4}./sbat.csv \
|
||||
-p /EFI/BOOT -d grub-core \\\
|
||||
--sbat %{4}./sbat.csv \\\
|
||||
${GRUB_MODULES} \
|
||||
%{expand:%%define ___pesign_client_cert %{?___pesign_client_cert}%{!?___pesign_client_cert:%{__pesign_client_cert}}} \
|
||||
%{?__pesign_client_cert:%{expand:%%define __pesign_client_cert %{___pesign_client_cert}}} \
|
||||
%{expand:%%{pesign -s -i %%{2}.orig -o %%{2}.onesig -a %%{5} -c %%{6} -n %%{7}}} \
|
||||
%{expand:%%{pesign -s -i %%{3}.orig -o %%{3}.onesig -a %%{5} -c %%{6} -n %%{7}}} \
|
||||
%{expand:%%define __pesign_client_cert %{name}-signer} \
|
||||
%{expand:%%{pesign -s -i %%{2}.onesig -o %%{2} -a %%{5} -c %%{6} -n %%{7}}} \
|
||||
%{expand:%%{pesign -s -i %%{3}.onesig -o %%{3} -a %%{5} -c %%{6} -n %%{7}}} \
|
||||
%{expand:%%{pesign -s -i %%{2}.onesig -o %%{2} -a %%{8} -c %%{9} -n %%{10}}} \
|
||||
%{expand:%%{pesign -s -i %%{3}.onesig -o %%{3} -a %%{8} -c %%{9} -n %%{10}}} \
|
||||
%{nil}
|
||||
%else
|
||||
%define mkimage() \
|
||||
%define efi_mkimage() \
|
||||
%{4}./grub-mkimage -O %{1} -o %{2} \\\
|
||||
-p /EFI/%{efi_vendor} -d grub-core ${GRUB_MODULES} \
|
||||
-p /EFI/%{efi_vendor} -d grub-core \\\
|
||||
${GRUB_MODULES} \
|
||||
%{4}./grub-mkimage -O %{1} -o %{3} \\\
|
||||
-p /EFI/BOOT -d grub-core ${GRUB_MODULES} \
|
||||
-p /EFI/BOOT -d grub-core \\\
|
||||
${GRUB_MODULES} \
|
||||
%{nil}
|
||||
%endif
|
||||
|
||||
%ifarch ppc64le
|
||||
%define ieee1275_mkimage() \
|
||||
APPENDED_SIG_SIZE=0 \
|
||||
if [ -x /usr/bin/rpm-sign ]; then \
|
||||
touch empty.unsigned \
|
||||
rpm-sign --key %{5} \\\
|
||||
--lkmsign empty.unsigned \\\
|
||||
--output empty.signed \
|
||||
APPENDED_SIG_SIZE="$(stat -c '%s' empty.signed)" \
|
||||
rm empty.{un,}signed \
|
||||
fi \
|
||||
# FIXME: using this prefix is fragile, must be done properly \
|
||||
./grub-mkimage -O %{1} -o %{2}.orig \\\
|
||||
-p '/grub2' -d grub-core \\\
|
||||
-x %{3} -x %{4} \\\
|
||||
--appended-signature-size ${APPENDED_SIG_SIZE} \\\
|
||||
${GRUB_MODULES} \
|
||||
if [ -x /usr/bin/rpm-sign ]; then \
|
||||
truncate -s -${APPENDED_SIG_SIZE} %{2}.orig \
|
||||
rpm-sign --key %{5} \\\
|
||||
--lkmsign %{2}.orig \\\
|
||||
--output %{2} \
|
||||
else \
|
||||
mv %{2}.orig %{2} \
|
||||
fi \
|
||||
%{nil}
|
||||
%endif
|
||||
|
||||
%define do_efi_build_images() \
|
||||
GRUB_MODULES=" all_video boot blscfg btrfs \\\
|
||||
cat configfile cryptodisk \\\
|
||||
echo efi_netfs efifwsetup efinet ext2 f2fs \\\
|
||||
fat font gcry_rijndael gcry_rsa gcry_serpent \\\
|
||||
gcry_sha256 gcry_twofish gcry_whirlpool \\\
|
||||
gfxmenu gfxterm gzio \\\
|
||||
halt hfsplus http increment iso9660 jpeg \\\
|
||||
loadenv loopback linux lvm lsefi lsefimmap luks \\\
|
||||
luks2 mdraid09 mdraid1x minicmd net \\\
|
||||
normal part_apple part_msdos part_gpt \\\
|
||||
password_pbkdf2 pgp png reboot \\\
|
||||
regexp search search_fs_uuid search_fs_file \\\
|
||||
search_label serial sleep syslinuxcfg test tftp \\\
|
||||
version video xfs zstd " \
|
||||
GRUB_MODULES+=%{grub_modules} \
|
||||
GRUB_MODULES+=%{efi_modules} \
|
||||
%{expand:%%{mkimage %{1} %{2} %{3} %{4}}} \
|
||||
GRUB_MODULES+=%{platform_modules} \
|
||||
%{expand:%%{efi_mkimage %{1} %{2} %{3} %{4} %{5} %{6} %{7} %{8} %{9} %{10}}} \
|
||||
%{nil}
|
||||
|
||||
%define do_ieee1275_build_images() \
|
||||
GRUB_MODULES+=%{grub_modules} \
|
||||
GRUB_MODULES+=%{platform_modules} \
|
||||
cd grub-%{1}-%{tarversion} \
|
||||
%{expand:%%ieee1275_mkimage %%{1} %%{2} %%{3} %%{4} %%{5}} \
|
||||
cd .. \
|
||||
%{nil}
|
||||
|
||||
%define do_primary_efi_build() \
|
||||
cd grub-%{1}-%{tarversion} \
|
||||
%{expand:%%do_efi_configure %%{4} %%{5} %%{6}} \
|
||||
%do_efi_build_all \
|
||||
%{expand:%%do_efi_build_images %{grub_target_name} %{2} %{3} ./ } \
|
||||
%{expand:%%do_efi_build_images %{grub_target_name} %{2} %{3} ./ %{7} %{8} %{9} %{10} %{11} %{12}} \
|
||||
cd .. \
|
||||
%{nil}
|
||||
|
||||
@ -435,7 +489,7 @@ cd grub-%{1}-%{tarversion} \
|
||||
%{expand:%%do_efi_configure %%{4} %%{5} %%{6}} \
|
||||
%do_efi_build_modules \
|
||||
%{expand:%%do_efi_link_utils %{grubefiarch}} \
|
||||
%{expand:%%do_efi_build_images %{alt_grub_target_name} %{2} %{3} ../grub-%{grubefiarch}-%{tarversion}/ } \
|
||||
%{expand:%%do_efi_build_images %{alt_grub_target_name} %{2} %{3} ../grub-%{grubefiarch}-%{tarversion}/ %{7} %{8} %{9} %{10} %{11} %{12}} \
|
||||
cd .. \
|
||||
%{nil}
|
||||
|
||||
@ -534,6 +588,9 @@ fi \
|
||||
if [ -f $RPM_BUILD_ROOT%{_infodir}/grub-dev.info ]; then \
|
||||
rm -f $RPM_BUILD_ROOT%{_infodir}/grub-dev.info \
|
||||
fi \
|
||||
%{expand:%ifarch ppc64le \
|
||||
install -m 700 %{grubelfname} $RPM_BUILD_ROOT/%{_libdir}/grub/%{1} \
|
||||
%endif} \
|
||||
if [ -f $RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/%{name}.chrp ]; then \
|
||||
mv $RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/%{name}.chrp \\\
|
||||
$RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/%{name}.chrp \
|
||||
@ -593,12 +650,19 @@ ln -s ../boot/%{name}/grub.cfg \\\
|
||||
%ghost %config(noreplace) /boot/%{name}/grub.cfg \
|
||||
%dir %attr(0700,root,root)/boot/loader/entries \
|
||||
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/%{name}-%{1}.conf \
|
||||
%ifarch ppc64le \
|
||||
%dir %{_libdir}/grub/%{2}/ \
|
||||
%{_libdir}/grub/%{2}/%{grubelfname} \
|
||||
%endif \
|
||||
\
|
||||
%{expand:%if 0%{?with_legacy_modules} \
|
||||
%{expand:%%files %{1}-modules} \
|
||||
%defattr(-,root,root) \
|
||||
%dir %{_libdir}/grub/%{2}/ \
|
||||
%{_libdir}/grub/%{2}/* \
|
||||
%ifarch ppc64le \
|
||||
%exclude %{_libdir}/grub/%{2}/%{grubelfname} \
|
||||
%endif \
|
||||
%exclude %{_libdir}/grub/%{2}/*.module \
|
||||
%exclude %{_libdir}/grub/%{2}/{boot,boot_hybrid,cdboot,diskboot,lzma_decompress,pxeboot}.image \
|
||||
%exclude %{_libdir}/grub/%{2}/*.o \
|
||||
|
74
grub2.spec
74
grub2.spec
@ -14,7 +14,7 @@
|
||||
Name: grub2
|
||||
Epoch: 1
|
||||
Version: 2.06
|
||||
Release: 15%{?dist}
|
||||
Release: 16%{?dist}
|
||||
Summary: Bootloader with support for Linux, Multiboot and more
|
||||
License: GPLv3+
|
||||
URL: http://www.gnu.org/software/grub/
|
||||
@ -36,9 +36,26 @@ Source13: redhatsecurebootca3.cer
|
||||
Source14: redhatsecureboot301.cer
|
||||
Source15: redhatsecurebootca5.cer
|
||||
Source16: redhatsecureboot502.cer
|
||||
Source17: redhatsecureboot303.cer
|
||||
Source18: redhatsecureboot601.cer
|
||||
|
||||
%include %{SOURCE1}
|
||||
|
||||
%if 0%{with_efi_arch}
|
||||
%define old_sb_ca %{SOURCE13}
|
||||
%define old_sb_cer %{SOURCE14}
|
||||
%define old_sb_key redhatsecureboot301
|
||||
%define sb_ca %{SOURCE15}
|
||||
%define sb_cer %{SOURCE16}
|
||||
%define sb_key redhatsecureboot502
|
||||
%endif
|
||||
|
||||
%ifarch ppc64le
|
||||
%define old_sb_cer %{SOURCE17}
|
||||
%define sb_cer %{SOURCE18}
|
||||
%define sb_key redhatsecureboot602
|
||||
%endif
|
||||
|
||||
BuildRequires: gcc efi-srpm-macros
|
||||
BuildRequires: flex bison binutils python3
|
||||
BuildRequires: ncurses-devel xz-devel bzip2-devel
|
||||
@ -53,7 +70,7 @@ BuildRequires: help2man
|
||||
# For %%_userunitdir macro
|
||||
BuildRequires: systemd
|
||||
%ifarch %{efi_arch}
|
||||
BuildRequires: pesign >= 113-21
|
||||
BuildRequires: pesign >= 0.99-8
|
||||
%endif
|
||||
%if %{?_with_ccache: 1}%{?!_with_ccache: 0}
|
||||
BuildRequires: ccache
|
||||
@ -196,10 +213,10 @@ git commit -m "After making subdirs"
|
||||
|
||||
%build
|
||||
%if 0%{with_efi_arch}
|
||||
%{expand:%do_primary_efi_build %%{grubefiarch} %%{grubefiname} %%{grubeficdname} %%{_target_platform} %%{efi_target_cflags} %%{efi_host_cflags} %{SOURCE13} %{SOURCE14} redhatsecureboot301 %{SOURCE15} %{SOURCE16} redhatsecureboot502}
|
||||
%{expand:%do_primary_efi_build %%{grubefiarch} %%{grubefiname} %%{grubeficdname} %%{_target_platform} %%{efi_target_cflags} %%{efi_host_cflags} %{old_sb_ca} %{old_sb_cer} %{old_sb_key} %{sb_ca} %{sb_cer} %{sb_key}}
|
||||
%endif
|
||||
%if 0%{with_alt_efi_arch}
|
||||
%{expand:%do_alt_efi_build %%{grubaltefiarch} %%{grubaltefiname} %%{grubalteficdname} %%{_alt_target_platform} %%{alt_efi_target_cflags} %%{alt_efi_host_cflags} %{SOURCE13} %{SOURCE14} redhatsecureboot301 %{SOURCE15} %{SOURCE16} redhatsecureboot502}
|
||||
%{expand:%do_alt_efi_build %%{grubaltefiarch} %%{grubaltefiname} %%{grubalteficdname} %%{_alt_target_platform} %%{alt_efi_target_cflags} %%{alt_efi_host_cflags} %{old_sb_ca} %{old_sb_cer} %{old_sb_key} %{sb_ca} %{sb_cer} %{sb_key}}
|
||||
%endif
|
||||
%if 0%{with_legacy_arch}
|
||||
%{expand:%do_legacy_build %%{grublegacyarch}}
|
||||
@ -207,6 +224,9 @@ git commit -m "After making subdirs"
|
||||
%if 0%{with_emu_arch}
|
||||
%{expand:%do_emu_build}
|
||||
%endif
|
||||
%ifarch ppc64le
|
||||
%{expand:%do_ieee1275_build_images %%{grublegacyarch} %{grubelfname} %{old_sb_cer} %{sb_cer} %{sb_key}}
|
||||
%endif
|
||||
makeinfo --info --no-split -I docs -o docs/grub-dev.info \
|
||||
docs/grub-dev.texi
|
||||
makeinfo --info --no-split -I docs -o docs/grub.info \
|
||||
@ -527,29 +547,49 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Jan 04 2021 Robbie Harwood <rharwood@redhat.com> - 2.06-15
|
||||
- Sync with beta for signing changes
|
||||
* Tue Jan 04 2021 Robbie Harwood <rharwood@redhat.com> - 2.06-16
|
||||
- Stop having this problem and just copy over the beta tree
|
||||
- Resolves: rhbz#2006784
|
||||
|
||||
* Tue Dec 21 2021 Robbie Harwood <rharwood@redhat.com> - 2.06-14
|
||||
- Rebuild for signing; no code changes
|
||||
- Resolves: rhbz#2006784
|
||||
* Mon Oct 25 2021 Robbie Harwood <rharwood@redhat.com>
|
||||
- powerpc-ieee1275: load grub at 4MB, not 2MB
|
||||
Related: rhbz#1873860
|
||||
|
||||
* Fri Nov 19 2021 Robbie Harwood <rharwood@redhat.com> - 2.06-13
|
||||
- Rebuild for gating; no code changes
|
||||
- Resolves: rhbz#2006784
|
||||
* Tue Oct 12 2021 Robbie Harwood <rharwood@redhat.com>
|
||||
- Print out module name on license check failure
|
||||
Related: rhbz#1873860
|
||||
|
||||
* Tue Oct 26 2021 Robbie Harwood <rharwood@redhat.com> - 2.06-12
|
||||
- Sync with beta changes (version jump because our process is bad)
|
||||
Resolves: rhbz#2006784
|
||||
* Thu Oct 07 2021 pjones <pjones@redhat.com>
|
||||
- Hopefully make "grub2-mkimage --appended-signature-size=" actually work.
|
||||
Related: rhbz#1873860
|
||||
|
||||
* Thu Oct 07 2021 Peter Jones <pjones@redhat.com> - 2.06-8
|
||||
- Attempt once more to fix signatures on ppc64le
|
||||
Related: rhbz#1873860
|
||||
|
||||
* Tue Oct 05 2021 Peter Jones <pjones@redhat.com> - 2.06-7
|
||||
- Fix signatures on ppc64le
|
||||
Related: rhbz#1951104
|
||||
|
||||
* Tue Oct 05 2021 Robbie Harwood <rharwood@redhat.com> - 2.06-6
|
||||
- Fix booting with XFSv4 partitions
|
||||
Resolves: rhbz#2006993
|
||||
|
||||
* Thu Sep 30 2021 Peter Jones <pjones@redhat.com> - 2.06-5
|
||||
- Rebuild for correct signatures once more.
|
||||
Resolves: rhbz#1976771
|
||||
|
||||
* Thu Sep 30 2021 Peter Jones <pjones@redhat.com> - 2.06-4
|
||||
- Rebuild for correct signatures
|
||||
Resolves: rhbz#1976771
|
||||
|
||||
* Mon Sep 27 2021 Robbie Harwood <rharwood@redhat.com> - 2.06-3
|
||||
- Rebuild for gating + rpminspect
|
||||
Resolves: rhbz#2006784
|
||||
Resolves: rhbz#1976771
|
||||
|
||||
* Wed Sep 22 2021 Robbie Harwood <rharwood@redhat.com> - 2.06-2
|
||||
- Rebuild because our CI infrastructure doesn't work right
|
||||
Resolves: rhbz#2006784
|
||||
Resolves: rhbz#1976771
|
||||
|
||||
* Tue Aug 31 2021 Javier Martinez Canillas <javierm@redhat.com> - 2.06-1
|
||||
- Update to 2.06 final release and ton of fixes
|
||||
|
BIN
redhatsecureboot303.cer
Normal file
BIN
redhatsecureboot303.cer
Normal file
Binary file not shown.
BIN
redhatsecureboot601.cer
Normal file
BIN
redhatsecureboot601.cer
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user