Commit Graph

787 Commits

Author SHA1 Message Date
Nicolas Frayer
7b857b827a Linker: added --no-warn-rwx-segments linker option
added --no-warn-rwx-segments as build will fail after
ld.bfd default options have been changed.

Please refer:
https://fedoraproject.org/wiki/Changes/Linker_Error_On_Security_Issues

Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-11-15 15:30:41 +01:00
Nicolas Frayer
88924af554 Remove [Install] section from aux systemd units
Related: #2247635
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-11-14 17:29:09 +01:00
Hans de Goede
94ecc476ab spec: Fix enablement of grub services and timer
Fix enablement of grub services and timer:
- Switch back to static enablement for grub services in tools package
- Add %%triggerpostun to apply grub-boot-success.timer preset
  when upgrading from older versions where this was not a preset

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2247635
Signed-off-by: Christian Glombek <cglombek@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2023-11-14 13:18:59 +01:00
Nicolas Frayer
8a9297c431 util: grub-install on EFI if forced
Resolves: #1917213
Resolves: #2240994
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-11-06 18:10:09 +01:00
Nicolas Frayer
07412b4a97 kern/ieee1275/init: ppc64: Restrict high memory in presence
of fadump

Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-10-20 18:11:41 +02:00
Janne Grunau
62027d5ee3 20-grub.install: Copy device-tree directory recursively
8800efcb0b replaced '-a' with '--preserve=timestamps' to avoid
preserving ownership information on non vfat file systems. This breaks
copying of the 'dtb' directory on aarch64 systems since '-a' implies
'-r'. Add '-r' to the single place where 'dtb/' is copied to /boot.

Resolves: #2243060
Fixes: 8800efcb0b ("Do not preserve ownership or xattrs on copied files")
Signed-off-by: Janne Grunau <j@jannau.net>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-10-11 12:23:55 +02:00
Vitaly Kuznetsov
45dbc926bf Don't run 20-grub.install for UKIs
When kernel-install is called for a UKI, 20-grub.install copies it to /boot
which is totally unneeded, UKIs are now handled by the standard systemd's
90-uki-copy.install (systemd-253+) correctly which places them to the ESP.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
2023-10-03 17:27:13 +02:00
Zbigniew Jędrzejewski-Szmek
e1206cf45b Let ln and cp remove the destination files
No functional change, but makes the script a bit shorter.

Signed-off-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
2023-10-03 17:12:53 +02:00
Zbigniew Jędrzejewski-Szmek
8800efcb0b Do not preserve ownership or xattrs on copied files
As noticed in https://bugzilla.redhat.com/show_bug.cgi?id=2239008#c16, when
compiling a kernel as a user and doing 'sudo make install', and when using a
non-vfat fs for the install destination, the file would end up owned by the
user. This is not useful at all, so let's only preserve the timestamps on the
copied file, no other attributes.

Signed-off-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
2023-10-03 17:12:48 +02:00
Zbigniew Jędrzejewski-Szmek
af4f1536b6 Rename installed kernel to match name used in boot entry
The mkbls() function would write 'linux /vmlinuz-${kernelver}' into the boot
loader entry. But the code that actually copies the file would use the original
file name with a version suffix ('cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}"').
In case of a local kernel build calling /sbin/installkernel this file name was
e.g. 'bzImage', so we would end up with '/bzImage-${KERNEL_VERSION}', which of
course doesn't match '/vmlinuz-*'. The script would later call 'grub2-mkrel'
on the name taken from the boot entry which would fail because the file does not
exist. Rename the argument to "vmlinuz", so that both parts match.

Tested by doing a local kernel build with 'sudo make install' at the end.

Signed-off-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
2023-10-03 17:12:39 +02:00
Nicolas Frayer
aa936e7b0c ofdisk: Fix missing #include in ofdisk.c
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-09-29 18:06:49 +02:00
Christian Glombek
6c038d7d02 spec: Fix grub2-systemd-integration.service name
Signed-off-by: Christian Glombek <cglombek@redhat.com>
2023-09-28 19:09:26 +02:00
Nicolas Frayer
52d23fe6f6 arm64: Use proper memory type for kernel allocation
Resolves: #2149020
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-09-14 18:26:26 +02:00
Nicolas Frayer
d161705351 spec: Use systemd presets and macros for units in tools package
Resolves: #2230575

Signed-off-by: Christian Glombek <cglombek@redhat.com>
2023-09-14 18:26:07 +02:00
Nicolas Frayer
5c4529ecac spec: Modified posttrans to harden grub config detection
Resolves: #2235692
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-09-01 11:12:53 +02:00
Nicolas Frayer
6d1f9f4a80 efi/http: change uint32_t to uintn_t
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-08-22 14:25:39 +02:00
Nicolas Frayer
5184f7bcf1 util: Enable default kernel for updates
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-08-22 14:14:44 +02:00
Robbie Harwood
dc5c4e3f52 Add switch-root support to grub-emu
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-04-12 15:23:39 +00:00
Robbie Harwood
e6b8f35a69 Fix aa64 page fault with EFI_MEMORY_ATTRIBUTE_PROTOCOL
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-04-10 16:44:09 +00:00
Robbie Harwood
ab62564e2f tmp
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-31 17:47:53 -04:00
Chris Adams
9d4d1e919c Provide a legacy PXE boot core.0
This enables PXE booting with grub2 rather than syslinux.

Signed-off-by: Chris Adams <linux@cmadams.net>
[rharwood: bump spec, fix commit message]
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-31 15:59:22 -04:00
Robbie Harwood
dc0bc06560 Disable the tpm verifier if the TPM device is not present
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-30 12:47:20 +00:00
Robbie Harwood
ecd22580ae ppc64le: more cas vec5 shenanigans
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-30 12:31:37 +00:00
Robbie Harwood
6a9365c88d emu: work around systemctl bad behavior
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-22 18:39:56 +00:00
Robbie Harwood
48cf39de05 emu: handle BLS /boot weirdness
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-09 16:48:40 +00:00
Robbie Harwood
4db0050f31 Update rpminspect configuration
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-21 10:54:07 -05:00
Robbie Harwood
5c83f50804 Update mm fixes from upstream
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-20 16:49:18 +00:00
Robbie Harwood
b86fd390b8 Fix disk sector size computation
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-16 14:24:30 +00:00
Robbie Harwood
63b29f783e Override the linker and force nonexecutable stacks
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-10 21:50:45 +00:00
Robbie Harwood
851216d61a ppc64le: sync cas/tpm patchset with upstream
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-08 20:07:44 +00:00
Robbie Harwood
ed1787d5fc emu: support newer kexec syscall
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-06 22:43:11 +00:00
Robbie Harwood
a5299c3192 ppc64le: cas5, take 3
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-06 20:29:49 +00:00
Robbie Harwood
3a3516d360 Fix implicit function declaration warnings
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-06 18:54:15 +00:00
Javier Martinez Canillas
22838ae9d7
20-grub-install: Explicitly check '+debug' suffix for debug kernels
The kernel-install script is also used to install kernels when built from
source using the `make install` target.

And if this source contains modifications, a '+' is added as suffix by the
scripts/setlocalversion if no LOCALVERSION was set in the kernel config.

This confuses the grub2 kernel-install plugin, since it currently assumes
that any kernel that contain a version with a '+' suffix is a debug kernel.

But the match is too greedy, just having '+debug' should be enough to check
whether the kernel to install is a debug kernel or not.

Resolves: #2148351
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2023-02-01 23:09:10 +01:00
Robbie Harwood
1163f8ebfd Bump to re-run signing
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-01 20:54:24 +00:00
Robbie Harwood
e4be65856a Disable mdraid < 1.1 on ppc64le
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-31 16:09:55 -05:00
Robbie Harwood
f8f88e1235 Fix grub2-probe issue with previous commit
Resolves: #2165136
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-27 20:42:56 +00:00
Robbie Harwood
3ce59ed7e1 ppc64le: update signed media fixes
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-27 14:04:12 -05:00
Robbie Harwood
ac206cb17b ppc64le: fix issues using core.elf on boot media
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-13 20:28:48 +00:00
Robbie Harwood
7be2bf00c3 Pull allocator improvements from upstream
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-11 18:57:23 +00:00
Robbie Harwood
217ae25d88 Fix previous commit for non-x64
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-11 11:00:47 -05:00
Robbie Harwood
b84b21f7a2 Apply more hardening to host binaries
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-11 15:40:17 +00:00
Robbie Harwood
d2ad09e81a Allow internal grub allocations over 4GB
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-10 19:49:15 +00:00
Robbie Harwood
9e46a970c6 Fix prefix setting with memdisk creation for network boot
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-12-21 22:35:22 +00:00
Robbie Harwood
55921d8655 Attempt to fix eln build
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-12-19 14:36:15 -05:00
Robbie Harwood
fa48146e4c ppc64le: fix lpar cas5
Resolves: #2152547
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-12-14 19:30:52 +00:00
Robbie Harwood
85cfe6dd30 Fix error handling in grub_file_open()
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-12-06 15:57:14 +00:00
Robbie Harwood
9b063ec0c5 Bump spec for "Allow for xz'd symvers file"
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-12-05 12:24:36 -05:00
Prarit Bhargava
78d64adfbe Allow for xz'd symvers file
The Fedora/ARK kernel is moving to removing gzip as a dependency and
replacing it with xz.

Use xz instead of gz as an extension for the symvers file.

Signed-off-by: Prarit Bhargava <prarit@redhat.com>
2022-12-04 19:41:23 -05:00
Tomas Hrcka
81ed67d3a8 Bump release to install unicode.pf2
Signed-off-by: Tomas Hrcka <thrcka@redhat.com>
2022-11-23 20:45:18 +01:00