Commit Graph

813 Commits

Author SHA1 Message Date
Nicolas Frayer
742532ab73 grub.cfg: Fix an issue when doing a major version upgrade
Related: #RHEL-56733
Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-09-23 14:33:04 +02:00
Nicolas Frayer
1022bec884 spec: Added more code for the previous CVE fix
Related: #RHEL-56733
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-09-23 14:31:55 +02:00
Nicolas Frayer
008b689173 aarch64/macros: Re-added flags that disappeared with previous commit
Related: #RHEL-58821
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-09-18 17:56:57 +02:00
Nicolas Frayer
c69e56f2af aarch64/macros: Build gnulib with -mbranch-protection=standard
Resolves: #RHEL-58821
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-09-13 09:33:04 +02:00
Leo Sandoval
5e22405b1c grub.cfg: Fix rpm grub.cfg permission and verification issues
Fix the rpm verificaton issues. On the other hand, 2.06-121 [1]
introduced a change on grub2-mkconfig where it prevents overwritting
`${EFI_HOME}/grub.cfg` with side effects on the `%posttrans`
scriptlet, where it tries to recreate it in case this file does not
exist but due to [1] the `${EFI}/grub.cfg` file would never be
created. Fix the `%posttrans` code with the logic but applied to
${GRUB_HOME}/grub.cfg. On the same scriplet, make sure
${EFI_HOME}/grub.cfg is present before grepping into it.

[1] https://pkgs.devel.redhat.com/cgit/rpms/grub2/commit/?h=rhel-10-main&id=9c6e5cf6c8e597efbf6a10399371789fddafac12

Resolves: #RHEL-56918
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2024-09-03 16:14:28 -06:00
Nicolas Frayer
6fd4bccf50 Sync with rhel9 for critical patches
Resolves: #RHEL-56733
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-08-30 12:04:21 +02:00
Nicolas Frayer
7e8f0f0dcf grub-mkconfig dont overwrite BLS cmdline if BLSCFG
Resolves: #RHEL-53848
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-08-28 12:51:29 +02:00
Peter Jones
91198fdd6c spec/macros: Modified spec and macros files for RHEL10 signing
Related: #RHEL-51867
Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-08-05 23:28:33 +02:00
Nicolas Frayer
824f4e8aa6 grub2-mkconfig: Remove mountpoint check
Related: #RHEL-32099
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-08-05 22:26:37 +02:00
Nicolas Frayer
1b7f195817 Use the set of macros provided by system-sb-certs for signing
Resolves: #RHEL-51867
Resolves: #RHELBLD-15314
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-08-01 19:04:23 +02:00
72310e515d grub2-mkconfig: Simplify os_name detection 2024-07-31 17:05:13 +00:00
Nicolas Frayer
9c6e5cf6c8 grub2-mkconfig: Prevent mkconfig from overwriting grub cfg stub
Resolves: #RHEL-32099
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-07-16 11:36:09 +02:00
Nicolas Frayer
0bbba2c660 Added gating.yaml
Resolves: #RHELMISC-3917
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-06-26 08:40:54 +00:00
Troy Dawson
f5a592b680 Bump release for June 2024 mass rebuild 2024-06-24 12:29:35 -07:00
Nicolas Frayer
59b43ff448 spec: bump release to use right keys to sign
Relates: RHEL-25958
Relates: RHELBLD-15314
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-06-19 11:48:05 +02:00
Brian Stinson
41b6d9cafa Add the right certificate macros for CentOS Stream and RHEL
Relates: RHEL-25958

Signed-off-by: Brian Stinson <bstinson@redhat.com>
2024-02-20 20:44:11 -06:00
Leo Sandoval
29406ad333 xfs: include directory extent parsing patch
Patch is required to boot XFS-formatted partitions created with
xfsprogs 6.5.0

Resolves: #2259266
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2024-01-23 12:02:27 -06:00
Nicolas Frayer
6cc927e76b Compiler flags: ignore incompatible types for now as it prevents
CI builds

Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-01-18 15:22:45 +01:00
Nicolas Frayer
d2d9f6012b grub-core/commands: add flag to only search root dev
Resolves: #2223437
Resolves: #2224951
Resolves: #2258096
Resolves: CVE-2023-4001
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-01-18 15:22:34 +01:00
Nicolas Frayer
ebd311ec52 xfs: Remove directory extent parsing patch
Some bios systems can't boot with one of
the xfs upstream patches

Resolves: #2254370
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-01-17 15:23:37 +01:00
Hector Martin
0c1c9228d2 Switch memdisk compression to lzop
xz decompression is very slow and slows down boot by around 5 seconds on
aarch64/Apple M1 when using the default font. Switch to lzop, which
takes less than one second to uncompress.

This increases EFI core image size by around 11%.

Signed-off-by: Hector Martin <marcan@marcan.st>
2024-01-13 08:19:34 +09:00
Daan De Meyer
a162c0412f Drop grub2-tools obsoletes for grub2-tools-minimal
When installing grub2-tools grub2-tools-minimal is pulled in which
obsoletes grub2-tools causing grub2-tools to not get installed.
Remove the obsoletes so that grub2-tools can be installed again.

Signed-off-by: Daan De Meyer <daan.j.demeyer@gmail.com>
2024-01-11 19:10:34 +01:00
Nicolas Frayer
d11c8385d6 normal: fix prefix when loading modules
Resolves: #2209435
Resolves: #2173015
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-01-04 11:29:35 +01:00
Leo Sandoval
4562b72afc chainloader: remove device path debug message
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2023-12-14 09:31:59 -06:00
Nicolas Frayer
cadd7a1196 Migrate to SPDX license
Please refer to https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_2

Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-12-01 17:09:13 +01:00
Nicolas Frayer
c4a49e5c9a fs/xfs: Add several fixes/improvements to xfs fs from upstream
Resolves: #2247926
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-12-01 10:31:36 +01:00
Nicolas Frayer
7b857b827a Linker: added --no-warn-rwx-segments linker option
added --no-warn-rwx-segments as build will fail after
ld.bfd default options have been changed.

Please refer:
https://fedoraproject.org/wiki/Changes/Linker_Error_On_Security_Issues

Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-11-15 15:30:41 +01:00
Nicolas Frayer
88924af554 Remove [Install] section from aux systemd units
Related: #2247635
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-11-14 17:29:09 +01:00
Hans de Goede
94ecc476ab spec: Fix enablement of grub services and timer
Fix enablement of grub services and timer:
- Switch back to static enablement for grub services in tools package
- Add %%triggerpostun to apply grub-boot-success.timer preset
  when upgrading from older versions where this was not a preset

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2247635
Signed-off-by: Christian Glombek <cglombek@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2023-11-14 13:18:59 +01:00
Nicolas Frayer
8a9297c431 util: grub-install on EFI if forced
Resolves: #1917213
Resolves: #2240994
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-11-06 18:10:09 +01:00
Nicolas Frayer
07412b4a97 kern/ieee1275/init: ppc64: Restrict high memory in presence
of fadump

Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-10-20 18:11:41 +02:00
Janne Grunau
62027d5ee3 20-grub.install: Copy device-tree directory recursively
8800efcb0b replaced '-a' with '--preserve=timestamps' to avoid
preserving ownership information on non vfat file systems. This breaks
copying of the 'dtb' directory on aarch64 systems since '-a' implies
'-r'. Add '-r' to the single place where 'dtb/' is copied to /boot.

Resolves: #2243060
Fixes: 8800efcb0b ("Do not preserve ownership or xattrs on copied files")
Signed-off-by: Janne Grunau <j@jannau.net>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-10-11 12:23:55 +02:00
Vitaly Kuznetsov
45dbc926bf Don't run 20-grub.install for UKIs
When kernel-install is called for a UKI, 20-grub.install copies it to /boot
which is totally unneeded, UKIs are now handled by the standard systemd's
90-uki-copy.install (systemd-253+) correctly which places them to the ESP.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
2023-10-03 17:27:13 +02:00
Zbigniew Jędrzejewski-Szmek
e1206cf45b Let ln and cp remove the destination files
No functional change, but makes the script a bit shorter.

Signed-off-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
2023-10-03 17:12:53 +02:00
Zbigniew Jędrzejewski-Szmek
8800efcb0b Do not preserve ownership or xattrs on copied files
As noticed in https://bugzilla.redhat.com/show_bug.cgi?id=2239008#c16, when
compiling a kernel as a user and doing 'sudo make install', and when using a
non-vfat fs for the install destination, the file would end up owned by the
user. This is not useful at all, so let's only preserve the timestamps on the
copied file, no other attributes.

Signed-off-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
2023-10-03 17:12:48 +02:00
Zbigniew Jędrzejewski-Szmek
af4f1536b6 Rename installed kernel to match name used in boot entry
The mkbls() function would write 'linux /vmlinuz-${kernelver}' into the boot
loader entry. But the code that actually copies the file would use the original
file name with a version suffix ('cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}"').
In case of a local kernel build calling /sbin/installkernel this file name was
e.g. 'bzImage', so we would end up with '/bzImage-${KERNEL_VERSION}', which of
course doesn't match '/vmlinuz-*'. The script would later call 'grub2-mkrel'
on the name taken from the boot entry which would fail because the file does not
exist. Rename the argument to "vmlinuz", so that both parts match.

Tested by doing a local kernel build with 'sudo make install' at the end.

Signed-off-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
2023-10-03 17:12:39 +02:00
Nicolas Frayer
aa936e7b0c ofdisk: Fix missing #include in ofdisk.c
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-09-29 18:06:49 +02:00
Christian Glombek
6c038d7d02 spec: Fix grub2-systemd-integration.service name
Signed-off-by: Christian Glombek <cglombek@redhat.com>
2023-09-28 19:09:26 +02:00
Nicolas Frayer
52d23fe6f6 arm64: Use proper memory type for kernel allocation
Resolves: #2149020
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-09-14 18:26:26 +02:00
Nicolas Frayer
d161705351 spec: Use systemd presets and macros for units in tools package
Resolves: #2230575

Signed-off-by: Christian Glombek <cglombek@redhat.com>
2023-09-14 18:26:07 +02:00
Nicolas Frayer
5c4529ecac spec: Modified posttrans to harden grub config detection
Resolves: #2235692
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-09-01 11:12:53 +02:00
Nicolas Frayer
6d1f9f4a80 efi/http: change uint32_t to uintn_t
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-08-22 14:25:39 +02:00
Nicolas Frayer
5184f7bcf1 util: Enable default kernel for updates
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-08-22 14:14:44 +02:00
Robbie Harwood
dc5c4e3f52 Add switch-root support to grub-emu
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-04-12 15:23:39 +00:00
Robbie Harwood
e6b8f35a69 Fix aa64 page fault with EFI_MEMORY_ATTRIBUTE_PROTOCOL
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-04-10 16:44:09 +00:00
Robbie Harwood
ab62564e2f tmp
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-31 17:47:53 -04:00
Chris Adams
9d4d1e919c Provide a legacy PXE boot core.0
This enables PXE booting with grub2 rather than syslinux.

Signed-off-by: Chris Adams <linux@cmadams.net>
[rharwood: bump spec, fix commit message]
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-31 15:59:22 -04:00
Robbie Harwood
dc0bc06560 Disable the tpm verifier if the TPM device is not present
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-30 12:47:20 +00:00
Robbie Harwood
ecd22580ae ppc64le: more cas vec5 shenanigans
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-30 12:31:37 +00:00
Robbie Harwood
6a9365c88d emu: work around systemctl bad behavior
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-22 18:39:56 +00:00