Commit Graph

500 Commits

Author SHA1 Message Date
Robbie Harwood
8a74d28ac8 Life is pain, but especially when it's gnulib
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-24 13:25:56 -05:00
Robbie Harwood
3e40727f72 Skip machine ID check when updating BLS
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-20 17:52:23 -05:00
Robbie Harwood
a382c9e3c9 Bump release; no code chages
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-18 14:47:04 -05:00
Robbie Harwood
357489e3ea Add location of DejaVu Sans font
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-18 19:46:15 +00:00
Robbie Harwood
e602a0629d Update patches; minor changes at most, if correct
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-17 18:09:27 -05:00
Robbie Harwood
b256068060 btrfs: use full bootloader area
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-06 17:42:54 +00:00
Robbie Harwood
46317f98bf Bump to rerun signing (no code changes)
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2021-12-10 17:34:40 +00:00
Robbie Harwood
d90546c5ee restore umask for grub.cfg (CVE-2021-3981)
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2021-12-09 11:11:30 -05:00
Robbie Harwood
9fdaa794e0 Drop UI patches and update provenance information
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2021-11-04 12:30:16 -04:00
Peter Jones
af038a0bdc Revert "Don't harcode grub2 in the spec file"
Two issues:
- line 538 switches the filename from "grub" to "grub2" where it
  shouldn't
- in general, things that aren't referring to the packaging itself
  shouldn't be %{name}; it just makes them less flexible.

This reverts commit 967c5629ed.
2021-10-07 17:38:20 -04:00
Peter Jones
42a07486d8 Fix "grub2-mkimage --appended-signature-size" parsing.
Signed-off-by: Peter Jones <pjones@redhat.com>
2021-10-07 12:30:43 -04:00
Robbie Harwood
b3b9566edf Rebuild; no code changes 2021-09-29 18:05:43 +00:00
Robbie Harwood
07cf41c169 fs/xfs: Fix unreadable filesystem with v4 superblock
While we're here, also: check for the PE magic for the compiled arch

Resolves: rhbz#2008819
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2021-09-29 12:12:55 -04:00
Javier Martinez Canillas
1f9e8074ae
A few fixes for ppc64le LPAR Secure Boot support
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-08-30 16:55:22 +02:00
Peter Jones
db96a0c4de grub.macros: Remove annobin plugin from linker flags
The annobin GCC plugin is now turned on linking for LTO mode but it causes
build failures on at least powerpc. The plugin is already removed from the
CFLAGS but was added again through LDFLAGS, remove from there as well.

Signed-off-by: Peter Jones <pjones@redhat.com>
2021-08-30 10:33:06 -04:00
Javier Martinez Canillas
67f07b7c9e
Another set of fixes for 2.06
- Add luks2 to GRUB_MODULES
- 20-grub-install: Create a symvers.gz symbolic link
- 20-grub-install: Always use fedora as the boot entry --class
  Resolves: rhbz#1957014
- grub.macros: Install font in /boot/grub2 instead of the ESP
  Resolves: rhbz#1739762
- grub.macros: Use consistent file mode for legacy and EFI
  Resolves: rhbz#1965794
- Drop grub2 prelink configuration
  Resolves: rhbz#1659675
- Remove triggers needed to upgrade from legacy GRUB
- Don't harcode grub2 in the spec file
- Update to unifont-13.0.06
  Resolves: rhbz#1939125
- 20-grub-install: Use relative paths for btrfs in BLS snippets
  Resolves: rhbz#1906191
- Don't update the cmdline when generating legacy menuentry commands
- Suppress gettext error message
  Resolves: rhbz#1592124
- grub-boot-success.timer: Only run if not in a container
  Resolves: rhbz#1914571
- grub-set-password: Always use /boot/grub2/user.cfg as password default
  Resolves: rhbz#1955294
- Remove outdated URL for BLS document
  Resolves: rhbz#1926453
- templates: Check for EFI at runtime instead of config generation time
  Resolves: rhbz#1823864
- efi: Print an error if boot to firmware setup is not supported
  Resolves: rhbz#1823864

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-07-06 11:18:04 +02:00
Javier Martinez Canillas
419340f25e
Update to unifont-13.0.06
Resolves: rhbz#1939125

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-06-30 09:52:19 +02:00
Javier Martinez Canillas
967c5629ed
Don't harcode grub2 in the spec file
There's a variable for this, use it consistently.

Suggested-by: Benjamin Herrenschmidt <benh@amazon.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-06-30 09:20:25 +02:00
Javier Martinez Canillas
5e2444babe
Remove triggers needed to upgrade from legacy GRUB
The legacy GRUB package (grub2 < 1.99-4) had a %preun scriptlet that did a
rm -f /boot/%{name}/*.{mod,img,lst} and caused users who upgraded to grub2
to have an empty /boot/%{name} directory, leading to an unbootable system.

To workaround this, a set of %triggerun and %triggerpostun triggers were
added that backup and restore the /boot/%{name} directory. But that was an
issue in Fedora 16, almost a decade ago. These aren't needed anymore.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-06-30 09:20:11 +02:00
Javier Martinez Canillas
8efaf82828
Drop grub2 prelink configuration
A /etc/prelink.conf.d/grub2.conf is shipped to avoid SELinux to warn about
security violations when SELinux is enforced and allow_execstack is off.

But the tools have been fixed a long time ago and the allow list shouldn't
be needed anymore, let's just drop it.

Resolves: rhbz#1659675

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-06-29 18:19:10 +02:00
Javier Martinez Canillas
3459058062
Only try to generate a config if the ESP is mounted
The posttran scriptlet attempts to generate a GRUB configuration if there
isn't one in the EFI System Partition. But this leads to a failure if the
grub2 package is installed in a container.

To avoid this issue, only attempt to generate a GRUB config if the ESP is
mounted in /boot/efi.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-06-15 16:54:32 +02:00
Javier Martinez Canillas
13985b0e4c
Update to 2.06 final release and ton of fixes
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-06-14 11:11:36 +02:00
Javier Martinez Canillas
6dc8b4a57a
Generate a GRUB config if is not present in the ESP
If there's no GRUB config in the ESP, generate one. This is a full config
but later the posttrans script will convert it to the minimal config stub.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-06-11 17:11:18 +02:00
Benjamin Herrenschmidt
6b5d11f760
Use the proper macro instead of hard coding fedora
The efi-srpm-macros package contais a macro for the ESP vendor directory
to make sure that the correct one for each distro is used. But the grub2
package is instead hardcoding it to "fedora", use the macro instead.

Signed-off-by: Benjamin Herrenschmidt <benh@amazon.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-06-10 10:29:18 +02:00
Javier Martinez Canillas
e91046d264
Add XFS needsrepair support
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-05-03 17:26:40 +02:00
Javier Martinez Canillas
ddafa09a88
Find and claim more memory for ieee1275
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-04-23 11:30:55 +02:00
Javier Martinez Canillas
5ef95ecb65
Add XFS bigtime support
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-04-14 12:59:23 +02:00
Javier Martinez Canillas
2f63333bcf
Add again 20_linux_xen script fix that got dropped by mistake
Resolves: rhbz#1858364

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-04-12 01:23:27 +02:00
Javier Martinez Canillas
d672447dfb
Prevent %posttrans scriptlet to fail if grubenv isn't present in the ESP
Also simplify the logic to determine the filesystem UUID of the partition
that contains the /boot/grub2 directory.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-03-25 23:00:25 +01:00
Javier Martinez Canillas
51b7d6220e
Fix a couple of merge mistakes made when rebasing to 2.06~rc1
Resolves: rhbz#1940524

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-03-24 09:39:42 +01:00
Javier Martinez Canillas
46968b6e63
Update to 2.06~rc1 to fix a bunch of CVEs
Resolves: CVE-2020-14372
Resolves: CVE-2020-25632
Resolves: CVE-2020-25647
Resolves: CVE-2020-27749
Resolves: CVE-2020-27779
Resolves: CVE-2021-20225
Resolves: CVE-2021-20233

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-03-15 10:13:33 +01:00
Javier Martinez Canillas
89b6faf012
Fix config file generation failing due invalid petitboot version value
Resolves: rhbz#1921479

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-03-11 13:15:37 +01:00
Javier Martinez Canillas
3b8cfc9cf6
Fix keyboards that report IBM PC AT scan codes
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-03-05 11:37:24 +01:00
Javier Martinez Canillas
32351b3093
Don't attempt to unify if there is no grub.cfg on EFI
Resolves: rhbz#1933085

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-02-25 18:26:22 +01:00
Christian Kellner
931f4f0364 Don't attempt to unify if there is no grub.cfg on EFI
If there is no grub config, for example when installing the
system via anaconda, there is no need to attempt a grub
configuration unification. It will indeed actually break
because it will try to copy a non-existent file.

Resolves: rhbz#1933085
2021-02-25 18:17:46 +01:00
Javier Martinez Canillas
c65a33ebca
Switch EFI users to new config and fix ESC no longer showing the menu
Resolves: rhbz#1918817
Resolves: rhbz#1928595

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-02-22 20:50:22 +01:00
Christian Kellner
a32aa179fa Transition existing installations to unified GRUB configuration
The previous commits, especially b14117, unified the grub config
locations across all platforms. In brief, this means that in the
case of EFI, the config file in the EFI System Partition (ESP)
is now meant to be a small stub config file that will in turn
load the main configuration in /boot/grub2, which is used on
all other platforms as well. For new installations all this is
done by the Anaconda installer. But existing installations also
need to be adapted.
Add a %posttrans script to the grub2-common package that will,
if a non-unified installation is detected, transition it into
a unified one. This is done by moving the main grub.cfg file
from the ESP to /boot/grub2, creating minimal stub on the ESP
instead. Additionally, the grubenv file is also moved from the
ESP to /boot/grub2.
The detection of the non-unified installation is done by
checking if the grub.cfg on the ESP contains the 'configfile'
directive. If so, it is assumed the system has a unified
grub configuration.

Signed-off-by: Christian Kellner <christian@kellner.me>
2021-02-22 19:32:42 +01:00
Javier Martinez Canillas
b141171629
Appended signatures support, unify GRUB config location and some fixes
- Remove -fcf-protection compiler flag to allow i386 builds (law)
  Related: rhbz#1915452
- Unify GRUB configuration file location across all platforms
  Related: rhbz#1918817
- Add 'at_keyboard_fallback_set' var to force the set manually (rmetrich)
- Add appended signatures support for ppc64le LPAR Secure Boot (daxtens)

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-02-09 01:04:42 +01:00
Javier Martinez Canillas
f9736ec085
at_keyboard: use set 1 when keyboard is in Translate mode
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-01-12 17:01:31 +01:00
Javier Martinez Canillas
d84350c121
Add DNF protected.d fragments and pull a few fixes and enhancements
- Add DNF protected.d fragments for GRUB packages
  Resolves: rhbz#1874541
- Include keylayouts and at_keyboard modules in EFI builds
- Add GRUB enhanced debugging features
- ieee1275: Avoiding many unecessary open/close
- ieee1275: device mapper and fibre channel discovery support
- Fix tps-rpmtest failing due /boot/grub2/grubenv attributes mismatch

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-12-31 16:17:43 +01:00
Javier Martinez Canillas
8c2cf1c368
Add DNF protected.d fragments for GRUB packages
Users can unintentionally remove the grub2 packages and break their system
by deleting the bootloader. To prevent this mark them as protected by DNF.

Resolves: rhbz#1874541

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-12-30 22:45:54 +01:00
Javier Martinez Canillas
ec73df1b6e
Fix tps-rpmtest failing due /boot/grub2/grubenv attributes mismatch
The /boot/grub2/grubenv file is not installed by the grub2 packages but
is either a symbolic link created on %install or a regular file created
by Anaconda during installation.

This is causing the tps-rpmtest to fail in some architectures since the
file attributes don't match what's expected by the package. Because is
a special file, make verification  to ignore the size, mode, checksum
and mtime attributes.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-12-30 20:50:03 +01:00
Peetz0r
5a625020e2
Fixed some typos in grub-install.8 man page 2020-12-18 00:32:39 +01:00
Florian Weimer
fac1a22c9e
Remove build dependency on autogen 2020-11-11 16:52:19 +01:00
Javier Martinez Canillas
f7e054f3d6
Roll over TFTP block counter to prevent timeouts with data packets
Resolves: rhbz#1869335

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-08-31 14:19:03 +02:00
Javier Martinez Canillas
ae1167a78d
Set TFTP blocksize to 1428 instead of 2048 to avoid IP fragmentation
Resolves: rhbz#1869335

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-08-21 15:59:56 +02:00
Javier Martinez Canillas
cc2f966c55
Fix TFTP timeouts when trying to fetch files larger than 65535 KiB
Resolves: rhbz#1869335

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-08-21 12:56:15 +02:00
Javier Martinez Canillas
db0149e860
Add support for "systemctl reboot --boot-loader-menu=xx"
Related: rhbz#1857389

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-08-12 14:43:54 +02:00
Peter Jones
47cf63735c "Minor" bug fixes
Resolves: CVE-2020-10713
Resolves: CVE-2020-14308
Resolves: CVE-2020-14309
Resolves: CVE-2020-14310
Resolves: CVE-2020-14311
Resolves: CVE-2020-15705
Resolves: CVE-2020-15706
Resolves: CVE-2020-15707

Signed-off-by: Peter Jones <pjones@redhat.com>
2020-08-10 22:02:39 -04:00
Jeff Law
dc2f1a03d9 Move lto disablement to a point where it works for this package 2020-07-21 13:43:44 -06:00