GRUB does not care about ABI changes between versions, e.g modules are
not intended to be loaded in different GRUB versions, thus abidiff
inspections are irrelevant.
Resolves: #RHEL-106446
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
Disable annobin stack check since grub's initialization code doesn't
support it.
Resolves: #RHEL-45712
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
UKI(package is kernel-uki-virt) is a single, bootable file that
bundles everything needed to start a Linux system. It contains its own
bootable stub and bypasses GRUB2 completely. The kernel-core and
kernel-uki-virt can coexist in one machine. And both of them call
kernel-install remove <kversion> upon package removal and this leads
to the complete removal of both the traditional kernel & its
artifacts(initramfs, BLS entry file,...). For example, if the customer
remove kernel-uki-virt, currently it also removes BLS entry which
causes the regular kernel fails to boot up. In
https://github.com/systemd/systemd/pull/37897 it added
--entry-type=type1|type2 option to kernel-install. type1 stands for
normal kernel, type2 stands for uki. When kernel-install is invoked
with --entry-type=type2 which is for UKI, we should not remove the BLS
entry.
Resolves: #RHEL-108008
Signed-off-by: Yuxin Sun <yuxisun@redhat.com>
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
Resolves: #RHEL-83915
Signed-off-by: Michal Sekletar <msekleta@redhat.com>
Reviewed-by: Leo Sandoval <lsandova@redhat.com>
Reviewed-by: Marta Lewandowska <mlewando@redhat.com>
tpm: Disable the tpm verifier if the TPM device is not present
powerpc: increase MIN RMA size for CAS negotiation
Resolves: #RHEL-76558
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
The removed patch was part of the CVE patches ported recently into RHEL but
is causing segfaults on dual boot (Windows & RHEL) systems when generating the
grub configuration with the grub2-mkconfig tool. At some point the same patch
will come back with the corresponding fix but for the time being, it is removed.
Related: RHEL-83117
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
When upgrading from <=2.06-90 to newer versions, the grub config stub
may have different mode than 0600, so set the latter if this is the case.
Resolves: #RHEL-45870
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
Fix the rpm verificaton issues (see NOTE below) introduced in 2.06-83 [1].
On the other hand, 2.06-85 [2] introduced a change on grub2-mkconfig where
it prevents overwritting `${EFI_HOME}/grub.cfg` with side effects on the
`%posttrans` scriptlet, where it tries to recreate it in case this
file does not exist but due to [2] the `${EFI}/grub.cfg` file is never
created. Fix the `%posttrans` code with the logic but applied to
${GRUB_HOME}/grub.cfg. On the same scriplet, make sure
${EFI_HOME}/grub.cfg is present before grepping into it. The changes also
fix the issue reported on RHEL-45870 where now /boot/grub2/grub.cfg
conf file has the right permission (-rw-------).
NOTE: With 2.06-83 release, the grub.cfg configuration files regressed on
file's mode (M) verification
[root@localhost ~]# rpm -Va
S.5....T. c /etc/ssh/sshd_config
.M....... c /boot/efi/EFI/redhat/grub.cfg
.M....... c /boot/grub2/grub.cfg
The following change fixes the issues above as seen in log
[root@localhost ~]# rpm -Va
S.5....T. c /etc/ssh/sshd_config
[1] https://pkgs.devel.redhat.com/cgit/rpms/grub2/commit/?h=rhel-9-main&id=694ab652e3443719e3876e3d183e59b2f9e055fd
[2] https://pkgs.devel.redhat.com/cgit/rpms/grub2/commit/?h=rhel-9-main&id=0185426fb4d693307cda0c7740e9dcf9907cc146
Resolves: #RHEL-45870
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
When kernel-install is called for a UKI, 20-grub.install copies it to /boot
which is totally unneeded, UKIs are now handled by the standard systemd's
90-uki-copy.install (systemd-253+) correctly which places them to the ESP.
Resolves: #RHEL-21368
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
