diff --git a/ipxe-Add-VLAN-tagging-support.patch b/ipxe-Add-VLAN-tagging-support.patch new file mode 100644 index 0000000..8e5bbed --- /dev/null +++ b/ipxe-Add-VLAN-tagging-support.patch @@ -0,0 +1,34 @@ +From 2a9170ed88dc55d601a70d34f2d93157dc30e307 Mon Sep 17 00:00:00 2001 +From: Miroslav Rezanina +Date: Mon, 2 Aug 2021 08:33:47 -0400 +Subject: [PATCH 2/5] Add VLAN tagging support + +RH-Author: Miroslav Rezanina +RH-MergeRequest: 6: Forwardport missing RHEL 8 downsteream changes +RH-Commit: [2/5] 3359f0d96c8743abefdf1b81857c84f4e7312f9d (mrezanin/centos-src-ipxe) +RH-Bugzilla: 1985658 + +RHEL 8 added support for VLAN tagging. We need to add it to RHEL 9 +so we are not regressing. + +Signed-off-by: Miroslav Rezanina +--- + src/config/general.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/config/general.h b/src/config/general.h +index 5adf6a35..a6df71b5 100644 +--- a/src/config/general.h ++++ b/src/config/general.h +@@ -140,7 +140,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + //#define TIME_CMD /* Time commands */ + //#define DIGEST_CMD /* Image crypto digest commands */ + //#define LOTEST_CMD /* Loopback testing commands */ +-//#define VLAN_CMD /* VLAN commands */ ++#define VLAN_CMD /* VLAN commands */ + //#define PXE_CMD /* PXE commands */ + //#define REBOOT_CMD /* Reboot command */ + //#define POWEROFF_CMD /* Power off command */ +-- +2.27.0 + diff --git a/ipxe-Add-ping-command-support.patch b/ipxe-Add-ping-command-support.patch new file mode 100644 index 0000000..018c17f --- /dev/null +++ b/ipxe-Add-ping-command-support.patch @@ -0,0 +1,36 @@ +From 4d004e6a535c4f102c7b91c2f4d259cebaf1fb69 Mon Sep 17 00:00:00 2001 +From: Miroslav Rezanina +Date: Mon, 2 Aug 2021 08:11:12 -0400 +Subject: [PATCH 1/5] Add ping command support + +RH-Author: Miroslav Rezanina +RH-MergeRequest: 6: Forwardport missing RHEL 8 downsteream changes +RH-Commit: [1/5] f95713f55d7af7970d39462c94b866f833eedca1 (mrezanin/centos-src-ipxe) +RH-Bugzilla: 1985658 + +To allow trouble shooting ipxe issues, ping command were added to +RHEL 8 (see BZ 1913719). + +Adding this command to RHEL 9 to prevent regression from RHEL 8 functionality. + +Signed-off-by: Miroslav Rezanina +--- + src/config/general.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/config/general.h b/src/config/general.h +index 3c14a2cd..5adf6a35 100644 +--- a/src/config/general.h ++++ b/src/config/general.h +@@ -148,7 +148,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + //#define PCI_CMD /* PCI commands */ + //#define PARAM_CMD /* Form parameter commands */ + //#define NEIGHBOUR_CMD /* Neighbour management commands */ +-//#define PING_CMD /* Ping command */ ++#define PING_CMD /* Ping command */ + //#define CONSOLE_CMD /* Console command */ + //#define IPSTAT_CMD /* IP statistics commands */ + //#define PROFSTAT_CMD /* Profiling commands */ +-- +2.27.0 + diff --git a/ipxe-netdevice-Strip-802.Q-VLAN-0-priority-tags.patch b/ipxe-netdevice-Strip-802.Q-VLAN-0-priority-tags.patch new file mode 100644 index 0000000..cf9c798 --- /dev/null +++ b/ipxe-netdevice-Strip-802.Q-VLAN-0-priority-tags.patch @@ -0,0 +1,195 @@ +From ff3a5af3d7f78577899626b2f8b612369e051916 Mon Sep 17 00:00:00 2001 +From: Miroslav Rezanina +Date: Mon, 2 Aug 2021 08:32:33 -0400 +Subject: [PATCH 3/5] [netdevice] Strip 802.Q VLAN 0 priority tags + +RH-Author: Miroslav Rezanina +RH-MergeRequest: 6: Forwardport missing RHEL 8 downsteream changes +RH-Commit: [3/5] 440560659da2028f365a71b4ed4991955022dce5 (mrezanin/centos-src-ipxe) +RH-Bugzilla: 1985658 + +iPXE was unable to receive priority tagged packets specified in +the 802.1Q standard and supported by all major networking stacks. + +This commit adds a new function net_pull_tags which is called by +all consumers of incoming packets after stripping their link-layer +headers. + +Upstream patch: +http://lists.ipxe.org/pipermail/ipxe-devel/2016-July/005099.html + +Downstream changes: +Upstream commit fe680c822856 made vlan_find static. This prevents +it's usage int this patch. Reverting changes adding static for +vlan_find. + +Signed-off-by: Ladi Prosek +Signed-off-by: Miroslav Rezanina +--- + src/arch/x86/interface/pxe/pxe_undi.c | 6 +++ + src/include/ipxe/netdevice.h | 2 + + src/include/ipxe/vlan.h | 2 + + src/interface/efi/efi_snp.c | 7 ++++ + src/net/netdevice.c | 57 +++++++++++++++++++++++++++ + src/net/vlan.c | 2 +- + 6 files changed, 75 insertions(+), 1 deletion(-) + +diff --git a/src/arch/x86/interface/pxe/pxe_undi.c b/src/arch/x86/interface/pxe/pxe_undi.c +index 2eb68178..2ea14515 100644 +--- a/src/arch/x86/interface/pxe/pxe_undi.c ++++ b/src/arch/x86/interface/pxe/pxe_undi.c +@@ -976,6 +976,12 @@ static PXENV_EXIT_t pxenv_undi_isr ( struct s_PXENV_UNDI_ISR *undi_isr ) { + } + ll_hlen = ( len - iob_len ( iobuf ) ); + ++ /* Strip link-layer-independent headers */ ++ if ( ( rc = net_pull_tags ( iobuf, pxe_netdev, &net_proto ) ) != 0 ) { ++ /* Assume unknown net_proto */ ++ net_proto = 0; ++ } ++ + /* Determine network-layer protocol */ + switch ( net_proto ) { + case htons ( ETH_P_IP ): +diff --git a/src/include/ipxe/netdevice.h b/src/include/ipxe/netdevice.h +index d498ab69..27dda45d 100644 +--- a/src/include/ipxe/netdevice.h ++++ b/src/include/ipxe/netdevice.h +@@ -726,6 +726,8 @@ extern int net_tx ( struct io_buffer *iobuf, struct net_device *netdev, + extern int net_rx ( struct io_buffer *iobuf, struct net_device *netdev, + uint16_t net_proto, const void *ll_dest, + const void *ll_source, unsigned int flags ); ++extern int net_pull_tags ( struct io_buffer *iobuf, struct net_device *netdev, ++ uint16_t *net_proto ); + extern void net_poll ( void ); + extern struct net_device_configurator * + find_netdev_configurator ( const char *name ); +diff --git a/src/include/ipxe/vlan.h b/src/include/ipxe/vlan.h +index 7f93439b..b82f3806 100644 +--- a/src/include/ipxe/vlan.h ++++ b/src/include/ipxe/vlan.h +@@ -61,6 +61,8 @@ struct vlan_header { + */ + #define VLAN_PRIORITY_IS_VALID( priority ) ( (priority) <= 7 ) + ++extern struct net_device * vlan_find ( struct net_device *trunk, ++ unsigned int tag ); + extern unsigned int vlan_tag ( struct net_device *netdev ); + extern int vlan_can_be_trunk ( struct net_device *trunk ); + extern int vlan_create ( struct net_device *trunk, unsigned int tag, +diff --git a/src/interface/efi/efi_snp.c b/src/interface/efi/efi_snp.c +index d648700f..a8f2ac8e 100644 +--- a/src/interface/efi/efi_snp.c ++++ b/src/interface/efi/efi_snp.c +@@ -813,6 +813,13 @@ efi_snp_receive ( EFI_SIMPLE_NETWORK_PROTOCOL *snp, + goto out_bad_ll_header; + } + ++ /* Strip link-layer-independent headers */ ++ if ( ( rc = net_pull_tags ( iobuf, snpdev->netdev, &iob_net_proto ) ) ) { ++ DBGC ( snpdev, "SNPDEV %p could not parse tags: %s\n", ++ snpdev, strerror ( rc ) ); ++ goto out_bad_ll_header; ++ } ++ + /* Return link-layer header parameters to caller, if required */ + if ( ll_header_len ) + *ll_header_len = ll_protocol->ll_header_len; +diff --git a/src/net/netdevice.c b/src/net/netdevice.c +index 3b02e64b..95803f26 100644 +--- a/src/net/netdevice.c ++++ b/src/net/netdevice.c +@@ -1043,6 +1043,45 @@ int net_rx ( struct io_buffer *iobuf, struct net_device *netdev, + return -ENOTSUP; + } + ++ ++/** ++ * Strip extra link-layer-independent tags from a received packet ++ * ++ * @v iobuf I/O buffer ++ * @v netdev Network device ++ * @v net_proto Network-layer protocol, in network-byte order ++ * @ret rc Return status code ++ * ++ * This function should be called after stripping link-layer headers but ++ * before inspecting the network-layer protocol. ++ */ ++int net_pull_tags ( struct io_buffer *iobuf, struct net_device *netdev, ++ uint16_t *net_proto ) { ++ struct vlan_header *vlanhdr; ++ uint16_t tag; ++ ++ /* Strip 802.1Q VLAN 0 priority tags if present */ ++ while ( *net_proto == htons ( ETH_P_8021Q ) ) { ++ if ( iob_len ( iobuf ) < sizeof ( *vlanhdr ) ) { ++ DBG ( "VLAN header too short at %zd bytes (min %zd bytes)\n", ++ iob_len ( iobuf ), sizeof ( *vlanhdr ) ); ++ return -EINVAL; ++ } ++ vlanhdr = ( struct vlan_header * ) iobuf->data; ++ tag = VLAN_TAG ( ntohs ( vlanhdr->tci ) ); ++ ++ if ( tag == 0 && ! vlan_find ( netdev, tag ) ) { ++ /* VLAN 0, strip and continue */ ++ *net_proto = vlanhdr->net_proto; ++ iob_pull ( iobuf, sizeof ( *vlanhdr ) ); ++ } else { ++ /* Real VLAN tag, leave it alone */ ++ break; ++ } ++ } ++ return 0; ++} ++ + /** + * Poll the network stack + * +@@ -1094,6 +1133,12 @@ void net_poll ( void ) { + continue; + } + ++ /* Remove link-layer-independent headers */ ++ if ( ( rc = net_pull_tags ( iobuf, netdev, &net_proto ) ) ) { ++ free_iob ( iobuf ); ++ continue; ++ } ++ + /* Hand packet to network layer */ + if ( ( rc = net_rx ( iob_disown ( iobuf ), netdev, + net_proto, ll_dest, +@@ -1125,6 +1170,18 @@ __weak unsigned int vlan_tag ( struct net_device *netdev __unused ) { + return 0; + } + ++/** ++ * Identify VLAN device (when VLAN support is not present) ++ * ++ * @v netdev Network device ++ * @v tag VLAN tag, or zero ++ * @v iobuf I/O buffer ++ */ ++__weak struct net_device * vlan_find ( struct net_device *trunk __unused, ++ unsigned int tag __unused ) { ++ return NULL; ++} ++ + /** + * Add VLAN tag-stripped packet to queue (when VLAN support is not present) + * +diff --git a/src/net/vlan.c b/src/net/vlan.c +index 90f2934d..0f234ea5 100644 +--- a/src/net/vlan.c ++++ b/src/net/vlan.c +@@ -199,7 +199,7 @@ static void vlan_sync ( struct net_device *netdev ) { + * @v tag VLAN tag + * @ret netdev VLAN device, if any + */ +-static struct net_device * vlan_find ( struct net_device *trunk, ++struct net_device * vlan_find ( struct net_device *trunk, + unsigned int tag ) { + struct net_device *netdev; + struct vlan_device *vlan; +-- +2.27.0 + diff --git a/ipxe.spec b/ipxe.spec index a30bf94..90b350b 100644 --- a/ipxe.spec +++ b/ipxe.spec @@ -50,13 +50,14 @@ Name: ipxe Version: %{date} -Release: 5.git%{hash}%{?dist} +Release: 6.git%{hash}%{?dist} Summary: A network boot loader License: GPLv2 with additional permissions and BSD URL: http://ipxe.org/ Source0: %{name}-%{version}-git%{hash}.tar.xz +Source1: script.ipxe # Enable IPv6 for qemu's config # Sent upstream: http://lists.ipxe.org/pipermail/ipxe-devel/2015-November/004494.html @@ -64,6 +65,12 @@ Patch0001: 0001-build-customize-configuration.patch Patch0002: 0002-Use-spec-compliant-timeouts.patch # For bz#1935932 - ipxe implements and/or uses the deprecated SHA-1 algorithm by default ( Patch3: ipxe-Disable-SHA-1.patch +# For bz#1985658 - carry forward rhel8 ipxe packaging changes +Patch4: ipxe-Add-ping-command-support.patch +# For bz#1985658 - carry forward rhel8 ipxe packaging changes +Patch5: ipxe-Add-VLAN-tagging-support.patch +# For bz#1985658 - carry forward rhel8 ipxe packaging changes +Patch6: ipxe-netdevice-Strip-802.Q-VLAN-0-priority-tags.patch # Source-git patches @@ -89,6 +96,10 @@ BuildRequires: make Obsoletes: gpxe <= 1.0.1 +%package rhcert +Summary: Redhat hwcert custom ipxe image +BuildArch: noarch + %package bootimgs Summary: Network boot loader images in bootable USB, CD, floppy and GRUB formats BuildArch: noarch @@ -105,6 +116,9 @@ Summary: Network boot loader roms supported by QEMU, .rom format BuildArch: noarch Obsoletes: gpxe-roms-qemu <= 1.0.1 +%description rhcert +Custom ipxe image for use in hardware certification and validation + %description bootimgs iPXE is an open source network bootloader. It provides a direct replacement for proprietary PXE ROMs, with many extra features such as @@ -159,7 +173,12 @@ make_ipxe() { "$@" } -make_ipxe bin-i386-efi/ipxe.efi bin-x86_64-efi/ipxe.efi +cp %{SOURCE1} . +make_ipxe bin-x86_64-efi/ipxe.efi EMBED=script.ipxe +mv bin-x86_64-efi/ipxe.efi bin-x86_64-efi/ipxe-rhcert.efi + +make_ipxe bin-i386-efi/ipxe.efi bin-x86_64-efi/ipxe.efi \ + bin-x86_64-efi/snponly.efi make_ipxe ISOLINUX_BIN=/usr/share/syslinux/isolinux.bin \ bin/undionly.kpxe bin/ipxe.{dsk,iso,usb,lkrn} \ @@ -208,6 +227,8 @@ popd cp -a src/bin-i386-efi/ipxe.efi %{buildroot}/%{_datadir}/%{name}/ipxe-i386.efi cp -a src/bin-x86_64-efi/ipxe.efi %{buildroot}/%{_datadir}/%{name}/ipxe-x86_64.efi +cp -a src/bin-x86_64-efi/snponly.efi %{buildroot}/%{_datadir}/%{name}/ipxe-snponly-x86_64.efi +cp -a src/bin-x86_64-efi/ipxe-rhcert.efi %{buildroot}/%{_datadir}/%{name}/ipxe-x86_64-rhcert.efi mkdir -p %{buildroot}%{_datadir}/%{name}/qemu/ @@ -241,6 +262,7 @@ done %{_datadir}/%{name}/ipxe-i386.efi %{_datadir}/%{name}/ipxe-x86_64.efi %{_datadir}/%{name}/undionly.kpxe +%{_datadir}/%{name}/ipxe-snponly-x86_64.efi %doc COPYING COPYING.GPLv2 COPYING.UBDL %files roms -f rom.list @@ -252,9 +274,22 @@ done %dir %{_datadir}/%{name}.efi %{_datadir}/%{name}/qemu %doc COPYING COPYING.GPLv2 COPYING.UBDL + +%files rhcert +%dir %{_datadir}/%{name} +%{_datadir}/%{name}/ipxe-x86_64-rhcert.efi %endif %changelog +* Sat Aug 07 2021 Miroslav Rezanina - 20200823-6.git4bd064de +- ipxe-Add-ping-command-support.patch [bz#1985658] +- ipxe-Add-VLAN-tagging-support.patch [bz#1985658] +- ipxe-netdevice-Strip-802.Q-VLAN-0-priority-tags.patch [bz#1985658] +- ipxe-Provide-snponly.efi-rom.patch [bz#1985658] +- ipxe-Build-hwcert-subpackage.patch [bz#1985658] +- Resolves: bz#1985658 + (carry forward rhel8 ipxe packaging changes) + * Mon Jul 26 2021 Miroslav Rezanina - 20200823-5.git4bd064de - ipxe-Disable-SHA-1.patch [bz#1935932] - ipxe-Replace-genisoimage-with-xorriso.patch [bz#1971981] diff --git a/script.ipxe b/script.ipxe new file mode 100644 index 0000000..f519844 --- /dev/null +++ b/script.ipxe @@ -0,0 +1,3 @@ +#!ipxe +imgexec file:rhcert-script.ipxe +