Fix install and erase issues and bump to 1.10.5-2

- The install scriptlet in %post was choosing the first grub.cfg file it encountered, which was /boot/efi/EFI/redhat/grub.cfg. This is a stub that defines grub boot disk UUID necessary for proper grubenv setup, and it must not be overwritten or changed. - Modify the scriptlet to target /boot/grub2/grub.cfg - Additionally, remove any wrongly created /boot/grub2/x86_64-efi directory and recreate the correct /boot/efi/EFI/redhat/grub.cfg stub file. - Added a %postun section to cleanup when removing tboot with dnf erase. - Thanks to Lenny Szubowicz for the bash code to recreate the /boot/efi/EFI/redhat/grub.cfg stub file. Resolves: rhbz#2112236 Signed-off-by: Tony Camuso <tcamuso@redhat.com>
2022-08-23 10:16:29 -04:00 · 2022-08-23 10:16:29 -04:00 · 0891de6e6c
commit 0891de6e6c
parent 26f7e15a83
1 changed files with 48 additions and 8 deletions
--- a/tboot.spec
+++ b/tboot.spec
@ -1,7 +1,7 @@
 Summary:        Performs a verified launch using Intel TXT
 Name:           tboot
 Version:        1.10.5
-Release:        1%{?dist}
+Release:        2%{?dist}
 Epoch:          1

 License:        BSD
@ -33,16 +33,41 @@ LDFLAGS="%{build_ldflags}"; export LDFLAGS
 make debug=y %{?_smp_mflags}

 %post
-efidir=$(find /boot -type d -name EFI)
-if [ -n "$efidir" ]; then
+# Rmove the grub efi modules if they had been placed in the wrong directory by
+# a previous install.
+[ -d /boot/efi/EFI/redhat/x86_64-efi ] && rm -rf /boot/efi/EFI/redhat/x86_64-efi
+# create the tboot grub entry
+grub2-mkconfig -o /boot/grub2/grub.cfg
+
+# For EFI based machines ...
+if [ -d /sys/firmware/efi ]; then
 	echo "EFI detected .."
-	mkdir -pv /boot/efi/EFI/redhat/x86_64-efi
-	cp -vf /usr/lib/grub/x86_64-efi/relocator.mod /boot/efi/EFI/redhat/x86_64-efi/
-	cp -vf /usr/lib/grub/x86_64-efi/multiboot2.mod /boot/efi/EFI/redhat/x86_64-efi/
-	gcfg=$(find /boot -name grub.cfg -print -quit)
-	[ -n "$gcfg" ] && grub2-mkconfig -o "$gcfg"
+	[ -d /boot/grub2/x86_64-efi ] || mkdir -pv /boot/grub2/x86_64-efi
+	cp -vf /usr/lib/grub/x86_64-efi/relocator.mod /boot/grub2/x86_64-efi/
+	cp -vf /usr/lib/grub/x86_64-efi/multiboot2.mod /boot/grub2/x86_64-efi/
+
+	# If there were a previous install of tboot that overwrote the
+	# originally installed /boot/efi/EFI/redhat/grub.cfg stub, then
+	# recreate it.
+	if grep -q -m1 tboot /boot/efi/EFI/redhat/grub.cfg; then
+cat << EOF > /boot/efi/EFI/redhat/grub.cfg
+search --no-floppy --fs-uuid --set=dev \
+	$(lsblk -no UUID $(df -P /boot/grub2 | awk 'END{print $1}'))
+set prefix=(\$dev)/grub2
+export \$prefix
+configfile \$prefix/grub.cfg
+EOF
+		chown root:root /boot/efi/EFI/redhat/grub.cfg
+		chmod u=rwx,go= /boot/efi/EFI/redhat/grub.cfg
+	fi
 fi

+%postun
+# Remove residual grub efi modules.
+[ -d /boot/grub2/x86_64-efi ] && rm -rf /boot/grub2/x86_64-efi
+[ -d /boot/efi/EFI/redhat/x86_64-efi ] && rm -rf /boot/efi/EFI/redhat/x86_64-efi
+grub2-mkconfig -o /etc/grub2.cfg
+
 %install
 make debug=y DISTDIR=$RPM_BUILD_ROOT install

@ -70,6 +95,21 @@ make debug=y DISTDIR=$RPM_BUILD_ROOT install
 /boot/tboot-syms

 %changelog
+* Thu Aug 18 2022 Tony Camuso <tcamuso@redhat.com> - 1:1.10.5-2
+- The install scriptlet in %post was choosing the first grub.cfg
+  file it encountered, which was /boot/efi/EFI/redhat/grub.cfg.
+  This is a stub that defines grub boot disk UUID necessary for
+  proper grubenv setup, and it must not be overwritten or changed.
+  Modify the scriptlet to target /boot/grub2/grub.cfg
+  Additionally, remove any wrongly created /boot/grub2/x86_64-efi
+  directory and recreate the correct /boot/efi/EFI/redhat/grub.cfg
+  stub file.
+  Added a %postun section to cleanup when removing tboot with
+  dnf erase.
+  Thanks to Lenny Szubowicz for the bash code to recreate the
+  /boot/efi/EFI/redhat/grub.cfg stub file.
+  Resolves: rhbz#2112236
+
 * Wed May 04 2022 Tony Camuso <tcamuso@redhat.com> - 1:1.10.5-1
 - Upgrade to tboot-1.10.5-1 for fixes and updates.
 - Added a Requires line to install grub2-efi-x64-modules