AlmaLinux changes

2 years ago · 33d2c41b51
parent c6f0640526
commit 33d2c41b51
8 changed files with 32 additions and 15 deletions
--- a/SOURCES/clsecureboot001.cer
+++ b/SOURCES/clsecureboot001.cer
--- a/SOURCES/grub.macros
+++ b/SOURCES/grub.macros
@ -272,6 +272,7 @@ Requires:	%{name}-common = %{evr}					\
 Requires:	%{name}-tools-minimal >= %{evr}				\
 Requires:	%{name}-tools-extra = %{evr}				\
 Requires:	%{name}-tools = %{evr}					\
+Requires:	%{efi_esp_dir}/shim%%(echo %{1} | cut -d- -f2).efi	\
 Provides:	%{name}-efi = %{evr}					\
 %{?legacy_provides:Provides:	%{name} = %{evr}}			\
 %{-o:Obsoletes:	%{name}-efi < %{evr}}					\
@ -372,12 +373,10 @@ done								\
 	-p /EFI/%{efi_vendor} -d grub-core ${GRUB_MODULES}	\\\
 	--sbat %{4}./sbat.csv					\
 %{4}./grub-mkimage -O %{1} -o %{3}.orig				\\\
-	-p /EFI/BOOT -d grub-core ${GRUB_MODULES}		\\\
-	--sbat %{4}./sbat.csv					\
-%{expand:%%{pesign -s -i %%{2}.orig -o %%{2}.one -a %%{5} -c %%{6} -n %%{7}}}	\
-%{expand:%%{pesign -s -i %%{3}.orig -o %%{3}.one -a %%{5} -c %%{6} -n %%{7}}}	\
-%{expand:%%{pesign -s -i %%{2}.one -o %%{2} -a %%{8} -c %%{9} -n %%{10}}}	\
-%{expand:%%{pesign -s -i %%{3}.one -o %%{3} -a %%{8} -c %%{9} -n %%{10}}}	\
+       -p /EFI/BOOT -d grub-core ${GRUB_MODULES}               \\\
+       --sbat %{4}./sbat.csv                                   \
+%{expand:%%{pesign -s -i %%{2}.orig -o %%{2} -a %%{5} -c %%{6} -n %%{7}}}	\
+%{expand:%%{pesign -s -i %%{3}.orig -o %%{3} -a %%{5} -c %%{6} -n %%{7}}}	\
 %{nil}
 %else
 %define mkimage()						\
@ -487,7 +486,7 @@ install -D -m 700 unicode.pf2					\\\
 	$RPM_BUILD_ROOT%{efi_esp_dir}/fonts/unicode.pf2		\
 ${RPM_BUILD_ROOT}/%{_bindir}/%{name}-editenv			\\\
 	${RPM_BUILD_ROOT}%{efi_esp_dir}/grubenv create		\
-ln -sf ../efi/EFI/%{efi_vendor}/grubenv				\\\
+ln -sf ../efi/EFI/%{efidir}/grubenv				\\\
 	$RPM_BUILD_ROOT/boot/grub2/grubenv			\
 cd ..								\
 %{nil}
--- a/SOURCES/redhatsecureboot301.cer
+++ b/SOURCES/redhatsecureboot301.cer
--- a/SOURCES/redhatsecureboot502.cer
+++ b/SOURCES/redhatsecureboot502.cer
--- a/SOURCES/redhatsecurebootca3.cer
+++ b/SOURCES/redhatsecurebootca3.cer
--- a/SOURCES/redhatsecurebootca5.cer
+++ b/SOURCES/redhatsecurebootca5.cer
--- a/SOURCES/sbat.csv.in
+++ b/SOURCES/sbat.csv.in
@ -1,3 +1,3 @@
 sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
 grub,1,Free Software Foundation,grub,2.02,https://www.gnu.org/software/grub/
-grub.rhel8,1,Red Hat Enterprise Linux 8,grub2,@@VERSION@@,mail:secalert@redhat.com
+grub.almalinux8,1,AlmaLinux 8,grub2,@@VERSION@@,mail:security@almalinux.org
--- a/SPECS/grub2.spec
+++ b/SPECS/grub2.spec
@ -1,3 +1,7 @@
+%global efi_vendor almalinux
+%global efidir almalinux
+%global efi_esp_dir /boot/efi/EFI/%{efidir}
+
 %undefine _hardened_build

 %global tarversion 2.02
@ -7,7 +11,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.02
-Release:	99%{?dist}
+Release:	99%{?dist}.alma
 Summary:	Bootloader with support for Linux, Multiboot and more
 Group:		System Environment/Base
 License:	GPLv3+
@ -24,10 +28,7 @@ Source6:	gitignore
 Source8:	strtoull_test.c
 Source9:	20-grub.install
 Source12:	99-grub-mkconfig.install
-Source13:	redhatsecurebootca3.cer
-Source14:	redhatsecureboot301.cer
-Source15:	redhatsecurebootca5.cer
-Source16:	redhatsecureboot502.cer
+Source13:	clsecureboot001.cer
 Source17:	sbat.csv.in

 %include %{SOURCE1}
@ -169,10 +170,10 @@ git commit -m "After making subdirs"

 %build
 %if 0%{with_efi_arch}
-%{expand:%do_primary_efi_build %%{grubefiarch} %%{grubefiname} %%{grubeficdname} %%{_target_platform} %%{efi_target_cflags} %%{efi_host_cflags} %{SOURCE13} %{SOURCE14} redhatsecureboot301 %{SOURCE15} %{SOURCE16} redhatsecureboot502}
+%{expand:%do_primary_efi_build %%{grubefiarch} %%{grubefiname} %%{grubeficdname} %%{_target_platform} %%{efi_target_cflags} %%{efi_host_cflags} %{SOURCE13} %{SOURCE14} alnsecureboot001}
 %endif
 %if 0%{with_alt_efi_arch}
-%{expand:%do_alt_efi_build %%{grubaltefiarch} %%{grubaltefiname} %%{grubalteficdname} %%{_alt_target_platform} %%{alt_efi_target_cflags} %%{alt_efi_host_cflags} %{SOURCE13} %{SOURCE14} redhatsecureboot301 %{SOURCE15} %{SOURCE16} redhatsecureboot502}
+%{expand:%do_alt_efi_build %%{grubaltefiarch} %%{grubaltefiname} %%{grubalteficdname} %%{_alt_target_platform} %%{alt_efi_target_cflags} %%{alt_efi_host_cflags} %{SOURCE13} %{SOURCE14} alnsecureboot001}
 %endif
 %if 0%{with_legacy_arch}
 %{expand:%do_legacy_build %%{grublegacyarch}}
@ -333,6 +334,20 @@ if [ "$1" = 0 ]; then
 	/sbin/install-info --delete --info-dir=%{_infodir} %{_infodir}/%{name}-dev.info.gz || :
 fi

+%if 0%{with_efi_arch}
+%posttrans efi-x64
+if [ -d /sys/firmware/efi ] && [ ! -f %{efi_esp_dir}/grub.cfg ]; then
+    grub2-mkconfig -o %{efi_esp_dir}/grub.cfg || :
+fi
+%endif
+
+%if 0%{with_alt_efi_arch}
+%posttrans efi-ia32
+if [ -d /sys/firmware/efi ] && [ ! -f %{efi_esp_dir}/grub.cfg ]; then
+    grub2-mkconfig -o %{efi_esp_dir}/grub.cfg || :
+fi
+%endif
+
 %files common -f grub.lang
 %dir %{_libdir}/grub/
 %dir %{_datarootdir}/grub/
@ -503,6 +518,9 @@ fi
 %endif

 %changelog
+* Fri Apr 09 2021 Andrew Lukoshko <alukoshko@almalinux.org> - 2.02-99.alma
+- Debrand for AlmaLinux
+
 * Thu Feb 25 2021 Javier Martinez Canillas <javierm@redhat.com> - 2.02-99
 - Fix bug of grub2-install not checking for the SBAT option
  Resolves: CVE-2020-14372