Revert OL changes
This commit is contained in:
eabdullin
parent
6fdd8b9aca
commit
e542637ec6
@ -6,7 +6,6 @@ fi
|
||||
|
||||
[[ -f /etc/default/grub ]] && . /etc/default/grub
|
||||
[[ -f /etc/os-release ]] && . /etc/os-release
|
||||
[[ -f /etc/sysconfig/kernel ]] && . /etc/sysconfig/kernel
|
||||
|
||||
COMMAND="$1"
|
||||
KERNEL_VERSION="$2"
|
||||
@ -42,14 +41,8 @@ mkbls() {
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ $kernelver =~ uek ]]; then
|
||||
local ver_stanza="$kernelver with Unbreakable Enterprise Kernel"
|
||||
else
|
||||
local ver_stanza="$kernelver"
|
||||
fi
|
||||
|
||||
cat <<EOF
|
||||
title ${NAME} (${ver_stanza}) ${VERSION}${debugname}
|
||||
title ${NAME} (${kernelver}) ${VERSION}${debugname}
|
||||
version ${kernelver}${debugid}
|
||||
linux /vmlinuz-${kernelver}
|
||||
initrd /initramfs-${kernelver}.img
|
||||
@ -111,7 +104,6 @@ case "$COMMAND" in
|
||||
done
|
||||
fi
|
||||
|
||||
KERNEL_NAME="$(rpm -q --queryformat %{NAME} $(rpm -qf $KERNEL_IMAGE))"
|
||||
eval "$(grub2-get-kernel-settings)" || true
|
||||
[[ -d "$BLS_DIR" ]] || mkdir -m 0700 -p "$BLS_DIR"
|
||||
BLS_ID="${MACHINE_ID}-${KERNEL_VERSION}"
|
||||
@ -137,7 +129,11 @@ case "$COMMAND" in
|
||||
sed -i -e "s,^initrd.*,initrd ${BOOTPREFIX}${INITRD},g" "${BLS_TARGET}"
|
||||
fi
|
||||
|
||||
if [[ "$KERNEL_VERSION" == *\+* ]] && [ "x$GRUB_DEFAULT_TO_DEBUG" != "xtrue" ]; then
|
||||
if ( [[ "$KERNEL_VERSION" != *${GRUB_DEFAULT_KERNEL_TYPE}* ]] && \
|
||||
[ "x$GRUB_NON_STANDARD_KERNEL" == "xtrue" ] ) || \
|
||||
( echo "$KERNEL_VERSION" | grep -E -q "64k|auto|rt|uki" && \
|
||||
[ "x$GRUB_NON_STANDARD_KERNEL" != "xtrue" ] ) || \
|
||||
( [[ "$KERNEL_VERSION" == *debug* ]] && [ "x$GRUB_DEFAULT_TO_DEBUG" != "xtrue" ] ); then
|
||||
GRUB_UPDATE_DEFAULT_KERNEL=false
|
||||
fi
|
||||
|
||||
@ -156,7 +152,7 @@ case "$COMMAND" in
|
||||
NEWDEFAULT="${BLS_DEBUG_ID}"
|
||||
fi
|
||||
fi
|
||||
if [ -n "$NEWDEFAULT" ] && [ "$DEFAULTKERNEL" = "$KERNEL_NAME" ]; then
|
||||
if [ -n "$NEWDEFAULT" ]; then
|
||||
grub2-editenv - set "saved_entry=${NEWDEFAULT}"
|
||||
fi
|
||||
|
||||
|
||||
@ -1,30 +0,0 @@
|
||||
From fd04ca689f52d8bbef13413b4d285c9ba4d0f038 Mon Sep 17 00:00:00 2001
|
||||
From: build team <natalya.naumova@oracle.com>
|
||||
Date: Tue, 18 Dec 2018 13:22:12 -0800
|
||||
Subject: [PATCH 1/1] Use different menuentries for UEK kernel
|
||||
|
||||
---
|
||||
util/grub.d/10_linux.in | 7 ++++++-
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
|
||||
index b54d277..fe8b20f 100644
|
||||
--- a/util/grub.d/10_linux.in
|
||||
+++ b/util/grub.d/10_linux.in
|
||||
@@ -173,7 +173,12 @@ EOF
|
||||
fi
|
||||
|
||||
if [ x$type != xsimple ] ; then
|
||||
- title=$(mktitle "$type" "$version")
|
||||
+ if echo "$version" | grep -q uek; then
|
||||
+ kernel_type_text="with Unbreakable Enterprise Kernel"
|
||||
+ else
|
||||
+ kernel_type_text="with Linux"
|
||||
+ fi
|
||||
+ title=$(mktitle "$type" "$version $kernel_type_text")
|
||||
if [ x"$title" = x"$GRUB_ACTUAL_DEFAULT" ] || [ x"Previous Linux versions>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then
|
||||
replacement_title="$(echo "Advanced options for ${OS}" | sed 's,>,>>,g')>$(echo "$title" | sed 's,>,>>,g')"
|
||||
quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)"
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@ -1,25 +0,0 @@
|
||||
From aba9976ce324fdf845b04b326f7426566a676335 Mon Sep 17 00:00:00 2001
|
||||
From: "livy.ge" <livy.ge@oracle.com>
|
||||
Date: Wed, 5 Jul 2017 03:53:48 -0700
|
||||
Subject: [PATCH] update bug url
|
||||
|
||||
---
|
||||
util/grub-set-password.in | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/util/grub-set-password.in b/util/grub-set-password.in
|
||||
index 6553eaa..03731d5 100644
|
||||
--- a/util/grub-set-password.in
|
||||
+++ b/util/grub-set-password.in
|
||||
@@ -21,7 +21,7 @@ located by default at ${grubdir}.
|
||||
-v, --version print the version information and exit
|
||||
-o, --output_path <DIRECTORY> put user.cfg in a user-selected directory
|
||||
|
||||
-Report bugs at https://bugzilla.redhat.com.
|
||||
+Report bugs at https://github.com/oracle/oracle-linux .
|
||||
EOF
|
||||
}
|
||||
|
||||
--
|
||||
2.43.5
|
||||
|
||||
@ -216,7 +216,7 @@
|
||||
|
||||
%ifarch x86_64
|
||||
%global with_efi_common 1
|
||||
%global with_legacy_modules 1
|
||||
%global with_legacy_modules 0
|
||||
%global with_legacy_common 0
|
||||
%else
|
||||
%global with_efi_common 0
|
||||
@ -274,11 +274,6 @@ Requires: %{name}-common = %{evr} \
|
||||
Requires: %{name}-tools-minimal >= %{evr} \
|
||||
Requires: %{name}-tools = %{evr} \
|
||||
Provides: %{name}-efi = %{evr} \
|
||||
Provides: oracle(grub2-sig-key) = 202204 \
|
||||
%{expand:%%ifarch x86_64 \
|
||||
Conflicts: shim-x64 <= 15.3-1.0.5.el9 \
|
||||
Conflicts: shim-ia32 <= 15.3-1.0.5.el9 \
|
||||
%%endif} \
|
||||
%{?legacy_provides:Provides: %{name} = %{evr}} \
|
||||
%{-o:Obsoletes: %{name}-efi < %{evr}} \
|
||||
\
|
||||
@ -377,7 +372,7 @@ install -m 644 %{1}.conf ${RPM_BUILD_ROOT}/etc/dnf/protected.d/ \
|
||||
rm -f %{1}.conf \
|
||||
%{nil}
|
||||
|
||||
%global grub_modules " all_video boot blscfg btrfs \\\
|
||||
%global grub_modules " all_video boot blscfg \\\
|
||||
cat configfile cryptodisk \\\
|
||||
echo ext2 f2fs fat font \\\
|
||||
gcry_rijndael gcry_rsa gcry_serpent \\\
|
||||
@ -392,7 +387,7 @@ rm -f %{1}.conf \
|
||||
search_label serial sleep syslinuxcfg \\\
|
||||
test tftp version video xfs zstd " \
|
||||
|
||||
%ifarch x86_64 aarch64 %{arm}
|
||||
%ifarch x86_64 aarch64 %{arm} riscv64
|
||||
%define efi_mkimage() \
|
||||
%{4}./grub-mkimage -O %{1} -o %{2}.orig \\\
|
||||
-p /EFI/%{efi_vendor} -d grub-core \\\
|
||||
|
||||
@ -352,5 +352,3 @@ Patch0351: 0351-arm64-Use-proper-memory-type-for-kernel-allocation.patch
|
||||
Patch0352: 0352-cmd-search-Fix-a-possible-NULL-ptr-dereference.patch
|
||||
Patch0353: 0353-net-Fix-OOB-write-in-grub_net_search_config_file.patch
|
||||
Patch0354: 0354-misc-Implement-grub_strlcpy.patch
|
||||
Patch1000: bug18504756-use-different-title-for-UEK.patch
|
||||
Patch1001: bug26388226-update-redhat-references.patch
|
||||
@ -1,4 +1,3 @@
|
||||
sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
|
||||
grub,3,Free Software Foundation,grub,@@VERSION@@,https//www.gnu.org/software/grub/
|
||||
grub.rh,2,Red Hat,grub2,@@VERSION_RELEASE@@,mailto:secalert@redhat.com
|
||||
grub.ol9,3,Oracle Linux,grub2,@@VERSION@@,mail:secalert_us@oracle.com
|
||||
|
||||
@ -16,7 +16,7 @@
|
||||
Name: grub2
|
||||
Epoch: 1
|
||||
Version: 2.06
|
||||
Release: 94.0.1%{?dist}
|
||||
Release: 94%{?dist}
|
||||
Summary: Bootloader with support for Linux, Multiboot and more
|
||||
License: GPLv3+
|
||||
URL: http://www.gnu.org/software/grub/
|
||||
@ -38,21 +38,21 @@ Source12: sbat.csv.in
|
||||
%include %{SOURCE1}
|
||||
|
||||
%ifarch x86_64 aarch64 ppc64le
|
||||
%define sb_ca %{SOURCE14}
|
||||
%define sb_cer %{SOURCE14}
|
||||
%define sb_ca %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer
|
||||
%define sb_cer %{_datadir}/pki/sb-certs/secureboot-grub2-%{_arch}.cer
|
||||
%endif
|
||||
|
||||
%if 0%{?centos}
|
||||
|
||||
%ifarch x86_64 aarch64 ppc64le
|
||||
%define sb_key OracleSecureBootgrubsigningkey2
|
||||
%define sb_key centossecureboot202
|
||||
%endif
|
||||
%else
|
||||
%ifarch x86_64 aarch64
|
||||
%define sb_key OracleSecureBootgrubsigningkey2
|
||||
%define sb_key redhatsecureboot502
|
||||
%endif
|
||||
%ifarch ppc64le
|
||||
%define sb_key OracleSecureBootgrubsigningkey2
|
||||
%define sb_key redhatsecureboot702
|
||||
%endif
|
||||
|
||||
%endif
|
||||
@ -547,35 +547,6 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Mar 17 2025 Alex Burmashev <alexander.burmashev@oracle.com> - 2.06-94.0.1
|
||||
- Rework the scripts to cover both in-place upgrade and update scenarios [Orabug: 36768566]
|
||||
- Restore correct order of processing config files [Orabug: 36758359]
|
||||
- Support setting custom kernels as default kernels [Orabug: 36043978]
|
||||
- Bump SBAT metadata for grub to 3 [Orabug: 34872719]
|
||||
- Fix CVE-2022-3775 [Orabug: 34871953]
|
||||
- Enable signing for aarch64 EFI
|
||||
- Fix signing certificate names
|
||||
- Enable back btrfs grub module for EFI pre-built image [Orabug: 34360986]
|
||||
- Replaced bugzilla.oracle.com references [Orabug: 34202300]
|
||||
- Update provided certificate version to 202204 [JIRA: OLDIS-16371]
|
||||
- Various coverity fixes [JIRA: OLDIS-16371]
|
||||
- bump SBAT generation
|
||||
- Update bug url [Orabug: 34202300]
|
||||
- Revert provided certificate version back to 202102 [JIRA: OLDIS-16371]
|
||||
- Update signing certificate [JIRA: OLDIS-16371]
|
||||
- fix SBAT data [JIRA: OLDIS-16371]
|
||||
- Update requires [JIRA: OLDIS-16371]
|
||||
- Rebuild for SecureBoot signatures [Orabug: 33801813]
|
||||
- Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033]
|
||||
- Update Oracle SBAT data [Orabug: 32670033]
|
||||
- Use new signing certificate [Orabug: 32670033]
|
||||
- honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497]
|
||||
- set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597]
|
||||
- Update upstream references [Orabug: 26388226]
|
||||
- Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955]
|
||||
- Put "with" in menuentry instead of "using" [Orabug: 18504756]
|
||||
- Use different titles for UEK and RHCK kernels [Orabug: 18504756]
|
||||
|
||||
* Thu Feb 20 2025 Nicolas Frayer <nfrayer@redhat.com> 2.06-94
|
||||
- CVE fixes
|
||||
- Resolves: CVE-2025-0624
|
||||
|
||||
Loading…
Reference in New Issue
Block a user