grub.cfg: Fix rpm grub.cfg permission and verification issues
Fix the rpm verificaton issues (see NOTE below) introduced in 2.06-83 [1]. On the other hand, 2.06-85 [2] introduced a change on grub2-mkconfig where it prevents overwritting `${EFI_HOME}/grub.cfg` with side effects on the `%posttrans` scriptlet, where it tries to recreate it in case this file does not exist but due to [2] the `${EFI}/grub.cfg` file is never created. Fix the `%posttrans` code with the logic but applied to ${GRUB_HOME}/grub.cfg. On the same scriplet, make sure ${EFI_HOME}/grub.cfg is present before grepping into it. The changes also fix the issue reported on RHEL-45870 where now /boot/grub2/grub.cfg conf file has the right permission (-rw-------). NOTE: With 2.06-83 release, the grub.cfg configuration files regressed on file's mode (M) verification [root@localhost ~]# rpm -Va S.5....T. c /etc/ssh/sshd_config .M....... c /boot/efi/EFI/redhat/grub.cfg .M....... c /boot/grub2/grub.cfg The following change fixes the issues above as seen in log [root@localhost ~]# rpm -Va S.5....T. c /etc/ssh/sshd_config [1] https://pkgs.devel.redhat.com/cgit/rpms/grub2/commit/?h=rhel-9-main&id=694ab652e3443719e3876e3d183e59b2f9e055fd [2] https://pkgs.devel.redhat.com/cgit/rpms/grub2/commit/?h=rhel-9-main&id=0185426fb4d693307cda0c7740e9dcf9907cc146 Resolves: #RHEL-45870 Signed-off-by: Leo Sandoval <lsandova@redhat.com>
This commit is contained in:
parent
032b849f1c
commit
73fed98a8a
@ -589,7 +589,8 @@ install -d -m 0700 ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig \
|
||||
touch ${RPM_BUILD_ROOT}%{_sysconfdir}/default/grub \
|
||||
ln -sf ../default/grub \\\
|
||||
${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/grub \
|
||||
touch ${RPM_BUILD_ROOT}/boot/%{name}/grub.cfg \
|
||||
touch grub.cfg \
|
||||
install -m 0600 grub.cfg ${RPM_BUILD_ROOT}/boot/%{name}/ \
|
||||
ln -s ../boot/%{name}/grub.cfg \\\
|
||||
${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.cfg \
|
||||
%{nil}
|
||||
@ -634,7 +635,7 @@ ln -s ../boot/%{name}/grub.cfg \\\
|
||||
%attr(0700,root,root)/boot/%{name}/fonts \
|
||||
%dir %attr(0700,root,root)/boot/loader/entries \
|
||||
%ghost %config(noreplace) %attr(0600,root,root)/boot/%{name}/grub.cfg \
|
||||
%ghost %config(noreplace) %verify(not mtime) %attr(0600,root,root)%{efi_esp_dir}/grub.cfg \
|
||||
%ghost %config(noreplace) %verify(not mtime) %attr(0700,root,root)%{efi_esp_dir}/grub.cfg \
|
||||
%config(noreplace) %verify(not size mode md5 mtime) /boot/%{name}/grubenv \
|
||||
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/%{name}-%{1}.conf \
|
||||
%{expand:%if 0%{?without_efi_modules} \
|
||||
|
27
grub2.spec
27
grub2.spec
@ -335,19 +335,22 @@ if ! mountpoint -q ${ESP_PATH}; then
|
||||
exit 0 # no ESP mounted, nothing to do
|
||||
fi
|
||||
|
||||
if test ! -f ${EFI_HOME}/grub.cfg; then
|
||||
# there's no config in ESP, create one
|
||||
grub2-mkconfig -o ${EFI_HOME}/grub.cfg
|
||||
cp -a ${EFI_HOME}/grub.cfg ${EFI_HOME}/grub.cfg.rpmsave
|
||||
if test ! -f ${GRUB_HOME}/grub.cfg; then
|
||||
# there's no config in GRUB home, create one
|
||||
grub2-mkconfig -o ${GRUB_HOME}/grub.cfg
|
||||
fi
|
||||
|
||||
# need to move grub.cfg to correct dir for major version upgrade
|
||||
if ! grep -q "configfile" ${EFI_HOME}/grub.cfg; then
|
||||
cp -a ${EFI_HOME}/grub.cfg ${GRUB_HOME}/
|
||||
fi
|
||||
# make sure grub.cfg is present before grepping it
|
||||
if test -f ${EFI_HOME}/grub.cfg; then
|
||||
# need to move grub.cfg to correct dir for major version upgrade
|
||||
if ! grep -q "configfile" ${EFI_HOME}/grub.cfg; then
|
||||
cp -a ${EFI_HOME}/grub.cfg ${GRUB_HOME}/
|
||||
chmod 0600 ${GRUB_HOME}/grub.cfg
|
||||
fi
|
||||
|
||||
if grep -q "configfile" ${EFI_HOME}/grub.cfg && grep -q "root-dev-only" ${EFI_HOME}/grub.cfg; then
|
||||
exit 0 # already unified, nothing to do
|
||||
if grep -q "configfile" ${EFI_HOME}/grub.cfg && grep -q "root-dev-only" ${EFI_HOME}/grub.cfg; then
|
||||
exit 0 # already unified, nothing to do
|
||||
fi
|
||||
fi
|
||||
|
||||
# create a stub grub2 config in EFI
|
||||
@ -537,6 +540,10 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Jul 31 2024 Leo Sandoval <lsandova@redhat.com> - 2.06-88
|
||||
- grub.cfg: Fix rpm grub.cfg verification issues
|
||||
- Resolves: #RHEL-45870
|
||||
|
||||
* Wed Jul 31 2024 Andrew Lukoshko <alukoshko@almalinux.org> - 2.06-87
|
||||
- grub2-mkconfig: Simplify os_name detection
|
||||
- Resolves: #RHEL-32099
|
||||
|
Loading…
Reference in New Issue
Block a user