Merge branch 'c10s' into a10s
This commit is contained in:
commit
f4d8802bb4
12
grub.macros
12
grub.macros
@ -15,7 +15,12 @@
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
# gnulib actively ignores CFLAGS because it's terrible
|
# gnulib actively ignores CFLAGS because it's terrible
|
||||||
|
# build aarch64 gnulib with branch protection
|
||||||
|
%ifarch aarch64
|
||||||
|
%global cc_equals "CC=%{ccpath} -fPIE -Wl,-z,noexecstack -Wl,--no-warn-rwx-segments -mbranch-protection=standard"
|
||||||
|
%else
|
||||||
%global cc_equals "CC=%{ccpath} -fPIE -Wl,-z,noexecstack -Wl,--no-warn-rwx-segments"
|
%global cc_equals "CC=%{ccpath} -fPIE -Wl,-z,noexecstack -Wl,--no-warn-rwx-segments"
|
||||||
|
%endif
|
||||||
|
|
||||||
%global cflags_sed \\\
|
%global cflags_sed \\\
|
||||||
sed \\\
|
sed \\\
|
||||||
@ -671,7 +676,8 @@ install -d -m 0700 ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig \
|
|||||||
touch ${RPM_BUILD_ROOT}%{_sysconfdir}/default/grub \
|
touch ${RPM_BUILD_ROOT}%{_sysconfdir}/default/grub \
|
||||||
ln -sf ../default/grub \\\
|
ln -sf ../default/grub \\\
|
||||||
${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/grub \
|
${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/grub \
|
||||||
touch ${RPM_BUILD_ROOT}/boot/grub2/grub.cfg \
|
touch grub.cfg \
|
||||||
|
install -m 0600 grub.cfg ${RPM_BUILD_ROOT}/boot/grub2/ \
|
||||||
ln -s ../boot/grub2/grub.cfg \\\
|
ln -s ../boot/grub2/grub.cfg \\\
|
||||||
${RPM_BUILD_ROOT}%{_sysconfdir}/grub2.cfg \
|
${RPM_BUILD_ROOT}%{_sysconfdir}/grub2.cfg \
|
||||||
%{nil}
|
%{nil}
|
||||||
@ -680,7 +686,7 @@ ln -s ../boot/grub2/grub.cfg \\\
|
|||||||
%{expand:%%files %{1}} \
|
%{expand:%%files %{1}} \
|
||||||
%defattr(-,root,root,-) \
|
%defattr(-,root,root,-) \
|
||||||
%config(noreplace) %{_sysconfdir}/grub2.cfg \
|
%config(noreplace) %{_sysconfdir}/grub2.cfg \
|
||||||
%ghost %config(noreplace) %attr(0700,root,root)/boot/grub2/grub.cfg \
|
%ghost %config(noreplace) %attr(0600,root,root)/boot/grub2/grub.cfg \
|
||||||
%dir %attr(0700,root,root)/boot/loader/entries \
|
%dir %attr(0700,root,root)/boot/loader/entries \
|
||||||
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/grub2-%{1}.conf \
|
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/grub2-%{1}.conf \
|
||||||
%ifarch ppc64le \
|
%ifarch ppc64le \
|
||||||
@ -715,7 +721,7 @@ ln -s ../boot/grub2/grub.cfg \\\
|
|||||||
%endif \
|
%endif \
|
||||||
%attr(0700,root,root)/boot/grub2/fonts \
|
%attr(0700,root,root)/boot/grub2/fonts \
|
||||||
%dir %attr(0700,root,root)/boot/loader/entries \
|
%dir %attr(0700,root,root)/boot/loader/entries \
|
||||||
%ghost %config(noreplace) %attr(0700,root,root)/boot/grub2/grub.cfg \
|
%ghost %config(noreplace) %attr(0600,root,root)/boot/grub2/grub.cfg \
|
||||||
%ghost %config(noreplace) %verify(not mtime) %attr(0700,root,root)%{efi_esp_dir}/grub.cfg \
|
%ghost %config(noreplace) %verify(not mtime) %attr(0700,root,root)%{efi_esp_dir}/grub.cfg \
|
||||||
%config(noreplace) %verify(not size mode md5 mtime) /boot/grub2/grubenv \
|
%config(noreplace) %verify(not size mode md5 mtime) /boot/grub2/grubenv \
|
||||||
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/grub2-%{1}.conf \
|
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/grub2-%{1}.conf \
|
||||||
|
|||||||
52
grub2.spec
52
grub2.spec
@ -17,7 +17,7 @@
|
|||||||
Name: grub2
|
Name: grub2
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 2.06
|
Version: 2.06
|
||||||
Release: 127%{?dist}.alma.1
|
Release: 133%{?dist}.alma.1
|
||||||
Summary: Bootloader with support for Linux, Multiboot and more
|
Summary: Bootloader with support for Linux, Multiboot and more
|
||||||
License: GPL-3.0-or-later
|
License: GPL-3.0-or-later
|
||||||
URL: http://www.gnu.org/software/grub/
|
URL: http://www.gnu.org/software/grub/
|
||||||
@ -364,13 +364,25 @@ if ! mountpoint -q ${ESP_PATH}; then
|
|||||||
exit 0 # no ESP mounted, nothing to do
|
exit 0 # no ESP mounted, nothing to do
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if test ! -f ${EFI_HOME}/grub.cfg; then
|
# if no GRUB_HOME/grub.cfg file exists, create one, otherwise just check mode is correct
|
||||||
# there's no config in ESP, create one
|
if ! test -f ${GRUB_HOME}/grub.cfg; then
|
||||||
grub2-mkconfig -o ${EFI_HOME}/grub.cfg
|
grub2-mkconfig -o ${GRUB_HOME}/grub.cfg
|
||||||
|
else
|
||||||
|
GRUB_CFG_MODE=$(stat --format="%a" ${GRUB_HOME}/grub.cfg)
|
||||||
|
if ! test "${GRUB_CFG_MODE}" = "600"; then
|
||||||
|
chmod 0600 ${GRUB_HOME}/grub.cfg
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ((grep -q "configfile" ${EFI_HOME}/grub.cfg || grep -q "source" ${EFI_HOME}/grub.cfg) && ! grep -q "# It is automatically generated by grub2-mkconfig using templates" ${EFI_HOME}/grub.cfg); then
|
if test -f ${EFI_HOME}/grub.cfg; then
|
||||||
exit 0 #Already unified
|
# need to move grub.cfg to correct dir for major version upgrade
|
||||||
|
if ! grep -q "configfile" ${EFI_HOME}/grub.cfg; then
|
||||||
|
cp -a ${EFI_HOME}/grub.cfg ${GRUB_HOME}/
|
||||||
|
fi
|
||||||
|
|
||||||
|
if grep -q "configfile" ${EFI_HOME}/grub.cfg && grep -q "root-dev-only" ${EFI_HOME}/grub.cfg; then
|
||||||
|
exit 0 #Already unified
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# create a stub grub2 config in EFI
|
# create a stub grub2 config in EFI
|
||||||
@ -389,8 +401,6 @@ if test -f ${EFI_HOME}/grubenv; then
|
|||||||
mv --force ${EFI_HOME}/grubenv ${GRUB_HOME}/grubenv
|
mv --force ${EFI_HOME}/grubenv ${GRUB_HOME}/grubenv
|
||||||
fi
|
fi
|
||||||
|
|
||||||
cp -a ${EFI_HOME}/grub.cfg ${EFI_HOME}/grub.cfg.rpmsave
|
|
||||||
cp -a ${EFI_HOME}/grub.cfg ${GRUB_HOME}/
|
|
||||||
mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
|
mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
|
||||||
|
|
||||||
%files common -f grub.lang
|
%files common -f grub.lang
|
||||||
@ -564,9 +574,33 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Mon Sep 02 2024 Andrew Lukoshko <alukoshko@almalinux.org> - 2.06-127.alma.1
|
* Thu Sep 26 2024 Andrew Lukoshko <alukoshko@almalinux.org> - 2.06-123.alma.1
|
||||||
- Debrand for AlmaLinux
|
- Debrand for AlmaLinux
|
||||||
|
|
||||||
|
* Mon Sep 23 2024 Leo Sandoval <lsandova@redhat.com> - 2.06-133
|
||||||
|
- posttrans: condition EFI_HOME/grub.cfg cmds if stub is present
|
||||||
|
- Resolves: #RHEL-59796
|
||||||
|
|
||||||
|
* Mon Sep 23 2024 Marta Lewandowska <mlewando@redhat.com> - 2.06-132
|
||||||
|
- grub.cfg: Fix an issue when doing a major version upgrade
|
||||||
|
- Related: #RHEL-56733
|
||||||
|
|
||||||
|
* Mon Sep 23 2024 Nicolas Frayer <nfrayer@redhat.com> - 2.06-131
|
||||||
|
- Added more code for the previous CVE fix (CVE-2023-4001)
|
||||||
|
- Related: #RHEL-56733
|
||||||
|
|
||||||
|
* Wed Sep 18 2024 Nicolas Frayer <nfrayer@redhat.com> - 2.06-130
|
||||||
|
- aarch64/macros: Re-added flags that disappeared with previous commit
|
||||||
|
- Related: #RHEL-58821
|
||||||
|
|
||||||
|
* Thu Sep 12 2024 Nicolas Frayer <nfrayer@redhat.com> - 2.06-129
|
||||||
|
- aarch64/macros: Build gnulib with -mbranch-protection=standard
|
||||||
|
- Resolves: #RHEL-58821
|
||||||
|
|
||||||
|
* Mon Sep 2 2024 Leo Sandoval <lsandova@redhat.com> - 2.06-128
|
||||||
|
- grub.cfg: Fix rpm grub.cfg verification issues
|
||||||
|
- Resolves: #RHEL-56918
|
||||||
|
|
||||||
* Fri Aug 30 2024 Nicolas Frayer <nfrayer@redhat.com> - 2.06-127
|
* Fri Aug 30 2024 Nicolas Frayer <nfrayer@redhat.com> - 2.06-127
|
||||||
- Sync with rhel9 for critical patches
|
- Sync with rhel9 for critical patches
|
||||||
- Resolves: #RHEL-56733
|
- Resolves: #RHEL-56733
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user