Commit Graph

709 Commits

Author SHA1 Message Date
Robbie Harwood
e7aee52b19 Handle FAT mtime of 0
Resolves: #2096192
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-07-19 16:24:58 +00:00
Robbie Harwood
f0ad2aaa26 CVE fixes for 2022-05-24
Resolves: CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733
Resolves: CVE-2021-3697 CVE-2021-3696 CVE-2021-3695
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-06-03 13:54:45 -04:00
Robbie Harwood
a44a6377ed ppc64le: make ofdisk retries optional
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-05-16 21:15:56 +00:00
Robbie Harwood
ea7cfdf726 Fix missing declaration of strchrnul in rpm-sort
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-05-05 22:14:21 +00:00
Robbie Harwood
d15d46b0e4 ppc64le: CAS improvements, prefix detection, and vTPM support
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-05-04 18:00:02 +00:00
Dominik 'Rathann' Mierzejewski
ac52d21d8a Fix mkformat error from grub2-mkrescue
grub2-tools-extra missing dependency on mformat (mtools).

[rharwood: NVR fix, commit message]
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-04-19 10:38:41 -04:00
Robbie Harwood
e622855aa2 Attempt to fix version display
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-04-18 21:58:58 +00:00
Robbie Harwood
f9344de20a Stop using %{name} for things in the spec file
There's no point to this (the packaging isn't generic, confusion between
grub and grub2 in places, it's not fewer characters to type, have to
think about escaping in macros, ...) and it makes searching for things
needlessly difficult.

This finishes the revert of 967c5629ed
("Don't harcode grub2 in the spec file") that was begun in
af038a0bdc ("Revert "Don't harcode grub2
in the spec file"").

Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-04-18 17:14:40 -04:00
Robbie Harwood
1d98b5f260 Fix permission change report from rpm verification on grub.cfg
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-04-18 17:50:28 +00:00
Robbie Harwood
6c2cc46451 Enable "read" module
Resolves: #2071644
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-04-13 15:13:22 +00:00
Robbie Harwood
2e106f9a3e Drop use of which and update requirements
Original patches by Zbigniew Jędrzejewski-Szmek.

Merges: #16
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-04-12 14:46:11 -04:00
Robbie Harwood
d17f80cfd5 Update rpminspect configuration
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-04-01 13:50:04 -04:00
Robbie Harwood
eeff7639b3 Drop i32 build for real this time
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-31 21:23:48 +00:00
Robbie Harwood
bd73b85ea3 Switch to upstream man pages
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-31 21:21:43 +00:00
Robbie Harwood
d171a2a95c Revert previous change (grub2-pc-modules is built on i32)
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-30 14:44:17 +00:00
Robbie Harwood
2b909b72a4 Drop i32 support
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-29 18:45:49 +00:00
Adam Williamson
f29388d27a Fix a syntax error in the ostree BLS fix attempt 2022-03-23 16:48:18 -07:00
Peter Robinson
5d7c163550 Rebuild for secure-boot signing 2022-03-23 10:29:57 +00:00
Adam Williamson
5e72956199 Revert "Use my sort patch instead", fix BLS ostree detection
This reverts commit 93004a8494,
because it broke Rawhide. It also tries to fixes BLS ostree
detection to work in chroots (e.g. during installation) by also
checking for /ostree/repo.
2022-03-22 18:32:24 -07:00
Robbie Harwood
2a0a68c542 Fix rebase fuzz on x509 embedding patch
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-22 16:25:08 -04:00
Robbie Harwood
93004a8494 Use my sort patch instead
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-21 17:54:55 +00:00
Robbie Harwood
ac0e146ae3 Fix missing format specifier in appended signature commit
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-21 17:01:32 +00:00
Robbie Harwood
90dacf59d0 Don't verify kernels twice
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-18 18:33:12 +00:00
Robbie Harwood
e31fc7ca96 Skip updating BLS on ostree installations
Resolves: #2059776
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-10 19:46:17 +00:00
Robbie Harwood
3de994c662 Drop libusb dependency
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-09 15:28:03 -05:00
Robbie Harwood
e849938f16 Fix location of fix for fixing
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-09 12:50:39 -05:00
Robbie Harwood
e72456a804 Fix libusb dep
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-09 12:10:32 -05:00
Robbie Harwood
9a30e00fc0 Fix initialization in efidisk patch
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-03-09 16:50:45 +00:00
Robbie Harwood
95d197a80c Disable the .package_note awfulness
Resolves: #2058712
Resolves: #2058527
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-28 20:31:09 +00:00
Robbie Harwood
0bd5331192 Fix efi_modules to include connectefi
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-28 14:02:46 -05:00
Robbie Harwood
9027ec262f Bump spec
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-25 17:26:09 -05:00
Robbie Harwood
fe0248c0ce Fix stripping of annobin -spec
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-25 22:25:36 +00:00
Robbie Harwood
e82a4fd034 Add efidisk/connectefi patches
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-24 22:03:20 +00:00
Robbie Harwood
9c910dfa10 Fix appending signature support commit (thanks: pjones)
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-24 15:11:16 -05:00
Robbie Harwood
1c4e61c989 Don't forget the sources file
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-24 13:35:00 -05:00
Robbie Harwood
8a74d28ac8 Life is pain, but especially when it's gnulib
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-24 13:25:56 -05:00
Robbie Harwood
3e40727f72 Skip machine ID check when updating BLS
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-20 17:52:23 -05:00
Robbie Harwood
a382c9e3c9 Bump release; no code chages
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-18 14:47:04 -05:00
Robbie Harwood
357489e3ea Add location of DejaVu Sans font
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-18 19:46:15 +00:00
Robbie Harwood
e602a0629d Update patches; minor changes at most, if correct
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-17 18:09:27 -05:00
Robbie Harwood
b256068060 btrfs: use full bootloader area
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-06 17:42:54 +00:00
Robbie Harwood
46317f98bf Bump to rerun signing (no code changes)
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2021-12-10 17:34:40 +00:00
Robbie Harwood
d90546c5ee restore umask for grub.cfg (CVE-2021-3981)
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2021-12-09 11:11:30 -05:00
Robbie Harwood
9fdaa794e0 Drop UI patches and update provenance information
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2021-11-04 12:30:16 -04:00
Peter Jones
af038a0bdc Revert "Don't harcode grub2 in the spec file"
Two issues:
- line 538 switches the filename from "grub" to "grub2" where it
  shouldn't
- in general, things that aren't referring to the packaging itself
  shouldn't be %{name}; it just makes them less flexible.

This reverts commit 967c5629ed.
2021-10-07 17:38:20 -04:00
Peter Jones
42a07486d8 Fix "grub2-mkimage --appended-signature-size" parsing.
Signed-off-by: Peter Jones <pjones@redhat.com>
2021-10-07 12:30:43 -04:00
Peter Jones
99bcf9931e Fix grub-mkimage --append-signature-size
0179-Add-suport-for-signing-grub-with-an-appended-signatu.patch was
written in Jun of 2020, before support for .sbat went upstream.  It adds
a command line option "--append-signature-size" to grub-mkimage with the
short argument '-s'.

Unfortunately, .sbat support also uses that short argument, and as a
result, trying to use "grub-mkimage --append-signature-size" on ppc64le
(where we need it) fails due to argument.sbat being set on a non-EFI
platform.

This patch makes the --append-signature-size use 'S' instead of 's'.

Related: rhbz#1951104
Signed-off-by: Peter Jones <pjones@redhat.com>
2021-10-06 10:09:21 -04:00
Robbie Harwood
b3b9566edf Rebuild; no code changes 2021-09-29 18:05:43 +00:00
Robbie Harwood
07cf41c169 fs/xfs: Fix unreadable filesystem with v4 superblock
While we're here, also: check for the PE magic for the compiled arch

Resolves: rhbz#2008819
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2021-09-29 12:12:55 -04:00
Robbie Harwood
64dc7670b0 Add rpminspect config file
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2021-09-23 16:44:52 -04:00