* Mon Jul 26 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20200823-5.git4bd064de
- ipxe-Disable-SHA-1.patch [bz#1935932] - ipxe-Replace-genisoimage-with-xorriso.patch [bz#1971981] - ipxe-spec-Drop-disabled-efi-ia32-build-infrastructure.patch [bz#1980138] - ipxe-spec-Generate-qemu-compatible-rom-filenames.patch [bz#1980138] - Resolves: bz#1935932 (ipxe implements and/or uses the deprecated SHA-1 algorithm by default () - Resolves: bz#1971981 (Please replace genisoimage with xorriso) - Resolves: bz#1980138 (install qemu rom symlinks so qemu doesn't have to)
This commit is contained in:
Miroslav Rezanina
parent
3eec3fce38
commit
4d2489eb39
33
ipxe-Disable-SHA-1.patch
Normal file
33
ipxe-Disable-SHA-1.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From e50ff50417dca26223b771d2a93cf57d4f627104 Mon Sep 17 00:00:00 2001
|
||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Thu, 22 Jul 2021 15:49:51 +0200
|
||||
Subject: [PATCH 1/4] Disable SHA-1
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
|
||||
RH-MergeRequest: 5: Disable SHA-1
|
||||
RH-Commit: [1/1] 23f1cca1f3ac86958088c41e0f8122dde74c72cf (kraxel/ipxe)
|
||||
RH-Bugzilla: 1935932
|
||||
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
src/config/local/crypto.h | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
create mode 100644 src/config/local/crypto.h
|
||||
|
||||
diff --git a/src/config/local/crypto.h b/src/config/local/crypto.h
|
||||
new file mode 100644
|
||||
index 00000000..ff4a5b7f
|
||||
--- /dev/null
|
||||
+++ b/src/config/local/crypto.h
|
||||
@@ -0,0 +1,2 @@
|
||||
+/** disable SHA-1 digest algorithm */
|
||||
+#undef CRYPTO_DIGEST_SHA1
|
||||
--
|
||||
2.27.0
|
||||
|
||||
79
ipxe.spec
79
ipxe.spec
@ -1,28 +1,21 @@
|
||||
%if 0%{?fedora}
|
||||
%global cross 1
|
||||
%global efi_ia32 1
|
||||
%endif
|
||||
|
||||
# With the addition of HTTPS support, we need to drop
|
||||
# efi_ia32 so qemu roms still stay in the expected size
|
||||
# range. If no one complains we can drop the efi_ia32
|
||||
# infrastructure in 2021 IMO
|
||||
%global efi_ia32 0
|
||||
# ROMS we want for QEMU with format PCIID:QEMUNAME
|
||||
%global qemuroms \\\
|
||||
8086100e:e1000 \\\
|
||||
10ec8139:rtl8139 \\\
|
||||
1af41000:virtio \\\
|
||||
808610d3:e1000e
|
||||
|
||||
# PCI IDs (vendor,product) of the ROMS we want for QEMU
|
||||
#
|
||||
# pcnet32: 0x1022 0x2000
|
||||
# ne2k_pci: 0x10ec 0x8029
|
||||
# e1000: 0x8086 0x100e
|
||||
# rtl8139: 0x10ec 0x8139
|
||||
# virtio-net: 0x1af4 0x1000
|
||||
# eepro100: 0x8086 0x1209
|
||||
# e1000e: 0x8086 0x10d3
|
||||
# vmxnet3: 0x15ad 0x07b0
|
||||
%if 0%{?rhel}
|
||||
%global qemuroms 8086100e 10ec8139 1af41000 808610d3
|
||||
%else
|
||||
%global qemuroms 10222000 10ec8029 8086100e 10ec8139 1af41000 80861209 808610d3 15ad07b0
|
||||
%if 0%{?fedora}
|
||||
# Fedora specific roms
|
||||
%global qemuroms %{qemuroms} \\\
|
||||
10222000:pcnet \\\
|
||||
10ec8029:ne2k_pci \\\
|
||||
80861209:eepro100 \\\
|
||||
15ad07b0:vmxnet3
|
||||
%endif
|
||||
|
||||
# We only build the ROMs if on an x86 build host. The resulting
|
||||
@ -57,7 +50,7 @@
|
||||
|
||||
Name: ipxe
|
||||
Version: %{date}
|
||||
Release: 4.git%{hash}%{?dist}
|
||||
Release: 5.git%{hash}%{?dist}
|
||||
Summary: A network boot loader
|
||||
|
||||
License: GPLv2 with additional permissions and BSD
|
||||
@ -69,6 +62,8 @@ Source0: %{name}-%{version}-git%{hash}.tar.xz
|
||||
# Sent upstream: http://lists.ipxe.org/pipermail/ipxe-devel/2015-November/004494.html
|
||||
Patch0001: 0001-build-customize-configuration.patch
|
||||
Patch0002: 0002-Use-spec-compliant-timeouts.patch
|
||||
# For bz#1935932 - ipxe implements and/or uses the deprecated SHA-1 algorithm by default (
|
||||
Patch3: ipxe-Disable-SHA-1.patch
|
||||
|
||||
# Source-git patches
|
||||
|
||||
@ -81,7 +76,7 @@ BuildRequires: perl-lib
|
||||
%endif
|
||||
BuildRequires: syslinux
|
||||
BuildRequires: mtools
|
||||
BuildRequires: genisoimage
|
||||
BuildRequires: xorriso
|
||||
BuildRequires: edk2-tools
|
||||
BuildRequires: xz-devel
|
||||
BuildRequires: gcc
|
||||
@ -172,18 +167,14 @@ make_ipxe ISOLINUX_BIN=/usr/share/syslinux/isolinux.bin \
|
||||
|
||||
# build roms with efi support for qemu
|
||||
mkdir bin-combined
|
||||
for rom in %{qemuroms}; do
|
||||
for romstr in %{qemuroms}; do
|
||||
rom=$(echo "$romstr" | cut -d ":" -f 1)
|
||||
|
||||
make_ipxe CONFIG=qemu bin/${rom}.rom
|
||||
%if 0%{?efi_ia32}
|
||||
make_ipxe CONFIG=qemu bin-i386-efi/${rom}.efidrv
|
||||
%endif
|
||||
make_ipxe CONFIG=qemu bin-x86_64-efi/${rom}.efidrv
|
||||
vid="0x${rom%%????}"
|
||||
did="0x${rom#????}"
|
||||
EfiRom -f "$vid" -i "$did" --pci23 \
|
||||
%if 0%{?efi_ia32}
|
||||
-ec bin-i386-efi/${rom}.efidrv \
|
||||
%endif
|
||||
-ec bin-x86_64-efi/${rom}.efidrv \
|
||||
-o bin-combined/${rom}.eficrom
|
||||
util/catrom.pl \
|
||||
@ -218,17 +209,28 @@ popd
|
||||
cp -a src/bin-i386-efi/ipxe.efi %{buildroot}/%{_datadir}/%{name}/ipxe-i386.efi
|
||||
cp -a src/bin-x86_64-efi/ipxe.efi %{buildroot}/%{_datadir}/%{name}/ipxe-x86_64.efi
|
||||
|
||||
# the roms supported by qemu will be packaged separatedly
|
||||
# remove from the main rom list and add them to qemu.list
|
||||
for rom in %{qemuroms}; do
|
||||
mkdir -p %{buildroot}%{_datadir}/%{name}/qemu/
|
||||
|
||||
for romstr in %{qemuroms}; do
|
||||
# the roms supported by qemu will be packaged separatedly
|
||||
# remove from the main rom list and add them to qemu.list
|
||||
rom=$(echo "$romstr" | cut -d ":" -f 1)
|
||||
qemuname=$(echo "$romstr" | cut -d ":" -f 2)
|
||||
sed -i -e "/\/${rom}.rom/d" rom.list
|
||||
echo %{_datadir}/%{name}/${rom}.rom >> qemu.rom.list
|
||||
|
||||
cp src/bin-combined/${rom}.rom %{buildroot}/%{_datadir}/%{name}.efi/
|
||||
echo %{_datadir}/%{name}.efi/${rom}.rom >> qemu.rom.list
|
||||
|
||||
# Set up symlinks with expected qemu firmware names
|
||||
ln -s ../../ipxe/${rom}.rom %{buildroot}%{_datadir}/%{name}/qemu/pxe-${qemuname}.rom
|
||||
ln -s ../../ipxe.efi/${rom}.rom %{buildroot}%{_datadir}/%{name}/qemu/efi-${qemuname}.rom
|
||||
done
|
||||
|
||||
# endif buildarches
|
||||
%endif
|
||||
|
||||
|
||||
%ifarch %{buildarches}
|
||||
%files bootimgs
|
||||
%dir %{_datadir}/%{name}
|
||||
@ -248,10 +250,23 @@ done
|
||||
%files roms-qemu -f qemu.rom.list
|
||||
%dir %{_datadir}/%{name}
|
||||
%dir %{_datadir}/%{name}.efi
|
||||
%{_datadir}/%{name}/qemu
|
||||
%doc COPYING COPYING.GPLv2 COPYING.UBDL
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Jul 26 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20200823-5.git4bd064de
|
||||
- ipxe-Disable-SHA-1.patch [bz#1935932]
|
||||
- ipxe-Replace-genisoimage-with-xorriso.patch [bz#1971981]
|
||||
- ipxe-spec-Drop-disabled-efi-ia32-build-infrastructure.patch [bz#1980138]
|
||||
- ipxe-spec-Generate-qemu-compatible-rom-filenames.patch [bz#1980138]
|
||||
- Resolves: bz#1935932
|
||||
(ipxe implements and/or uses the deprecated SHA-1 algorithm by default ()
|
||||
- Resolves: bz#1971981
|
||||
(Please replace genisoimage with xorriso)
|
||||
- Resolves: bz#1980138
|
||||
(install qemu rom symlinks so qemu doesn't have to)
|
||||
|
||||
* Tue Jun 08 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20200823-4.git4bd064de
|
||||
- ipxe-Skip-some-QEMU-ROMs-when-building-for-RHEL.patch [bz#1956931]
|
||||
- ipxe-spec-combine-BIOS-and-EFI-roms-using-util-catrom.pl.patch [bz#1957246]
|
||||
|
||||
Loading…
Reference in New Issue
Block a user