rpmdiff noticed the following:
Detecting usr/sbin/grub2-ofpathname with not-hardened warnings '
Hardened: grub2-ofpathname: FAIL: Gaps were detected in the annobin coverage. Run with -v to list.
Hardened: grub2-ofpathname: FAIL: Not linked with -Wl,-z,now.
Hardened: grub2-ofpathname: MAYB: The PIC/PIE setting was not recorded.
Hardened: grub2-ofpathname: FAIL: Not linked as a position independent executable (ie need to add '-pie' to link command line).
' on ppc64le
This is because while we made the CFLAGS get some new options, LDFLAGS never
got the same treatement, and we disabled %{_hardened_build} to avoid getting
its options in the TARGET_{C,LD}FLAGS variables.
This patch duplicates the infrastructure for {HOST,TARGET}_CFLAGS into
{HOST,TARGET}_LDFLAGS, and adds the %{_hardening_ldflags} and
%{_hardening_cflags} to both HOST_{C,LD}FLAGS.
Additionally, it fixes the CPPFLAGS definitions, since rpm doesn't define any
CPPFLAGS at all, and makes the -I$(pwd) be there exclusively, not on CFLAGS as
well, since they're always used in concert.
Signed-off-by: Peter Jones <pjones@redhat.com>
os-prober 1.75 dropped all the code for handling device mapper
directly in favor of only supporting the use of grub2-mount.
Thus, we now need grub2-mount to be built and packaged so that
os-prober can depend on it. We ship it in the grub2-tools-minimal
package to avoid creating a dependency loop between grub2-tools and
os-prober.
Resolves: rhbz#1471267
Signed-off-by: Neal Gompa <ngompa13@gmail.com>
GRUB has an user-space program emulator that allows to parse config files
and execute boot entries using the kexec tool. Add a grub2-emu subpackage
to install the emulator.
The subpackage is disabled on ppc64le architecture for now since grub2-emu
fails to build there.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
The grub2-efi package create a /boot/grub2/grubenv symlink that points to
/boot/efi/EFI/fedora/grubenv that's where the real grubenv file is looked
up by GRUB on an EFI installation.
But currently if the grub2-efi is installed on a legacy BIOS install, it
will overwrite an existing /boot/grub2/grubenv file with a broken symlink.
So mark it as %config(noreplace) to avoid loosing an existing grubenv.
Resolves: rhbz#1687323
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
- Don't build the grub2-efi-ia32-* packages on i686 (pjones)
- Add efi-export-env and efi-load-env commands (pjones)
- Make it possible to subtract conditions from debug= (pjones)
- Try to set -fPIE and friends on libgnu.a (pjones)
- Add more options to blscfg command to make it more flexible
- Add support for prepend early initrds to the BLS entries
- Fix grub.cfg-XXX look up when booting over TFTP
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
- Limit grub_malloc() on x86_64 to < 31bit addresses, as some devices seem to
have a colossally broken storage controller (or UEFI driver) that can't do
DMA to higher memory addresses, but fails silently.
Resolves: rhbz#1626844 (possibly really resolving it this time.)
- Also integrate Hans's attempt to fix the related error from -54, but do it
the other way around: try the low addresses first and *then* the high one if
the allocation fails. This way we'll get low regions by default, and if
kernel/initramfs don't fit anywhere, it'll try the higher addresses.
Related: rhbz#1624532
- Coalesce all the intermediate debugging junk from -54/-55/-56.
Signed-off-by: Peter Jones <pjones@redhat.com>
We need to move these to /boot/efi/EFI/BOOT/ and change the perms at the same
time, but that means changing this, comps, and lorax (at least) at the same
time. Right this minute isn't a good time to do that.
Signed-off-by: Peter Jones <pjones@redhat.com>
autogen.sh was running autoreconf, which *ran* configure but didn't actually
re-make it if it was there. This means we effectively can't change our
configure invocation (for newer configure options), so that's bad.
Signed-off-by: Peter Jones <pjones@redhat.com>
- Only nerf annobin, not -fstack-crash-protection.
- Fix a conflict on /boot/efi directory permissions between -cdboot and the
normal bootloader.
Signed-off-by: Peter Jones <pjones@redhat.com>
For now, completely nerf annobin and -fstack-clash-protection; at least
one of those things makes grubx64.efi crash on start.
Signed-off-by: Peter Jones <pjones@redhat.com>
I'm not sure this is 100% the right place to do this - maybe it should
go in anaconda - but it seems most expedient :/
Resolves: rhbz#1491045
Signed-off-by: Peter Jones <pjones@redhat.com>
Add some unconditional Provides:
grub2-efi on grub2-efi-${arch}
grub2-efi-cdboot on grub2-efi-${arch}-cdboot
grub2 on all grub2-${arch} pacakges
Something is somehow adding /usr/lib/.build-id/... to all the -tools
subpackages, so exclude all that.
Signed-off-by: Peter Jones <pjones@redhat.com>
- Put grub2-mkimage in -tools, not -tools-extra.
- Fix i686 building
- Fix ppc HFS+ usage due to /boot/efi's presence.
Signed-off-by: Peter Jones <pjones@redhat.com>
autoqa is seeing a failure that looks like:
13:50:17,909 INF program: grub2-install: error: cannot open `/usr/lib/grub/i386-pc/lzma_decompress.img': No such file or directory.
And it's because the .img files are currently excluded. So put them
back.
Signed-off-by: Peter Jones <pjones@redhat.com>