8152db0a79
Resolves: #RHEL-127909 Signed-off-by: Leo Sandoval <lsandova@redhat.com> Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
130 lines
4.6 KiB
Plaintext
130 lines
4.6 KiB
Plaintext
%global evr_cc %{epoch}:%{version}-%{release}
|
|
%global libdir_cc %{_exec_prefix}/lib
|
|
%global os_id_cc %(eval echo $(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/'))
|
|
%global grub_evr_dir_cc %{libdir_cc}/efi/grub2/%{evr_cc}
|
|
%global grub_efi_cc_dir %{grub_evr_dir_cc}/EFI/%{os_id_cc}/cc
|
|
|
|
%global grubeficcname grub%{efiarch}-cc.efi
|
|
%global grubeficccdname gcd%{efiarch}-cc.efi
|
|
|
|
%global grub_cc_modules " all_video boot blscfg blsuki \\\
|
|
cat configfile cryptodisk \\\
|
|
echo fat font \\\
|
|
gcry_rijndael gcry_rsa gcry_serpent \\\
|
|
gcry_sha256 gcry_twofish gcry_whirlpool \\\
|
|
gfxmenu gfxterm gzio \\\
|
|
halt increment \\\
|
|
loadenv loopback linux lvm luks \\\
|
|
luks2 \\\
|
|
memdisk \\\
|
|
minicmd \\\
|
|
normal part_msdos part_gpt \\\
|
|
password_pbkdf2 pgp reboot regexp \\\
|
|
search search_fs_uuid search_fs_file \\\
|
|
search_label serial sleep \\\
|
|
syslinuxcfg \\\
|
|
test version video zstd " \
|
|
|
|
%global efi_cc_modules " efi_netfs efifwsetup efinet lsefi lsefimmap connectefi bli "
|
|
|
|
%global cc_modules " backtrace chain tpm "
|
|
|
|
|
|
%define define_efi_cc_variant(o) \
|
|
%{expand:%%package %{1}-cc} \
|
|
Summary: GRUB for EFI systems. \
|
|
Requires: efi-filesystem \
|
|
Requires: grub2-common = %{evr} \
|
|
Requires: grub2-tools-minimal >= %{evr} \
|
|
Requires: grub2-tools = %{evr} \
|
|
Provides: grub2-efi-cc= %{evr} \
|
|
%{?legacy_provides:Provides: grub2 = %{evr}} \
|
|
%{-o:Obsoletes: grub2-efi < %{evr}} \
|
|
\
|
|
%{expand:%%description %{1}-cc} \
|
|
%{desc} \
|
|
This subpackage provides support for Confidential Computing %{1} systems. \
|
|
\
|
|
%{expand:%%{?!buildsubdir:%%define buildsubdir grub-%{1}-%{tarversion}-cc}}\
|
|
|
|
%define do_primary_efi_cc_build() \
|
|
cd grub-%{1}-%{tarversion}-cc \
|
|
%{expand:%%do_efi_cc_configure %%{4} %%{5} %%{6}} \
|
|
%do_efi_build_all \
|
|
%{expand:%%do_efi_cc_build_images %{grub_target_name} %{2} %{3} ./ %%{7} %%{8} %%{9}} \
|
|
cd .. \
|
|
%{nil}
|
|
|
|
%define do_efi_cc_configure() \
|
|
%configure \\\
|
|
%{cc_equals} \\\
|
|
HOST_CFLAGS="%{3}" \\\
|
|
HOST_CPPFLAGS="-I$(pwd)" \\\
|
|
HOST_LDFLAGS="%{efi_host_ldflags}" \\\
|
|
TARGET_CFLAGS="%{2}" \\\
|
|
TARGET_CPPFLAGS="-I$(pwd)" \\\
|
|
TARGET_LDFLAGS="%{efi_target_ldflags}" \\\
|
|
--with-rpm-version=%{version}-%{release} \\\
|
|
--with-platform=efi \\\
|
|
--with-utils=host \\\
|
|
--with-pcr8-disabled=yes \\\
|
|
--target=%{1} \\\
|
|
--with-grubdir=grub2 \\\
|
|
--program-transform-name=s,grub,grub2, \\\
|
|
--disable-werror || ( cat config.log ; exit 1 ) \
|
|
git add . \
|
|
git commit -m "After efi confidential computing configure" \
|
|
%{nil}
|
|
|
|
%define do_efi_cc_build_images() \
|
|
GRUB_MODULES+=%{grub_cc_modules} \
|
|
GRUB_MODULES+=%{efi_cc_modules} \
|
|
GRUB_MODULES+=%{cc_modules} \
|
|
%{expand:%%{efi_cc_mkimage %%{1} %%{2} %%{3} %%{4} %%{5} %%{6} %%{7}}} \
|
|
%{nil}
|
|
|
|
%define efi_cc_mkimage() \
|
|
mkdir -p memdisk/fonts memdisk/grub2 \
|
|
cp %{4}/unicode.pf2 memdisk/fonts \
|
|
cp %{SOURCE16} memdisk/grub2/grub.cfg \
|
|
mksquashfs memdisk memdisk.squashfs -comp lzo \
|
|
%{4}./grub-mkimage -O %{1} -o %{2}.orig \\\
|
|
-d grub-core \\\
|
|
--sbat %{4}./sbat.csv \\\
|
|
-m memdisk.squashfs \\\
|
|
-c '%{SOURCE17}' \\\
|
|
-p /EFI/%{efi_vendor} \\\
|
|
${GRUB_MODULES} \
|
|
%{4}./grub-mkimage -O %{1} -o %{3}.orig \\\
|
|
-d grub-core \\\
|
|
--sbat %{4}./sbat.csv \\\
|
|
-c '%{SOURCE17}' \\\
|
|
-m memdisk.squashfs \\\
|
|
-p /EFI/BOOT \\\
|
|
${GRUB_MODULES} \
|
|
%{expand:%%define ___pesign_client_cert %{?___pesign_client_cert}%{!?___pesign_client_cert:%{__pesign_client_cert}}} \
|
|
%{?__pesign_client_cert:%{expand:%%define __pesign_client_cert %{___pesign_client_cert}}} \
|
|
%{expand:%%{pesign -s -i %%{2}.orig -o %%{2} -a %%{5} -c %%{6} -n %%{7}}} \
|
|
%{expand:%%{pesign -s -i %%{3}.orig -o %%{3} -a %%{5} -c %%{6} -n %%{7}}} \
|
|
%{nil}
|
|
%{nil}
|
|
|
|
%define do_efi_cc_install() \
|
|
cd grub-%{1}-%{tarversion}-cc \
|
|
install -d -m 0700 ${RPM_BUILD_ROOT}%{grub_efi_cc_dir}/ \
|
|
install -m 700 %{2} $RPM_BUILD_ROOT%{grub_efi_cc_dir}/%{2} \
|
|
%{expand:%%do_install_protected_file grub2-%{package_arch}-cc} \
|
|
cd .. \
|
|
%{nil}
|
|
|
|
%define define_efi_cc_variant_files() \
|
|
%{expand:%%files %{1}-cc} \
|
|
%defattr(-,root,root,-) \
|
|
%dir %attr(0700,root,root) %{grub_efi_cc_dir} \
|
|
%attr(0700,root,root) %{grub_efi_cc_dir}/%{2} \
|
|
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/grub2-%{1}-cc.conf \
|
|
%{expand:%if 0%{?without_efi_modules} \
|
|
%exclude %{_libdir}/grub/%{6} \
|
|
%exclude %{_libdir}/grub/%{6}/* \
|
|
%endif} \
|