Compare commits
No commits in common. "c9" and "c8" have entirely different histories.
240
SPECS/tboot.spec
240
SPECS/tboot.spec
@ -4,71 +4,71 @@ Version: 1.10.5
|
||||
Release: 2%{?dist}
|
||||
Epoch: 1
|
||||
|
||||
Group: System Environment/Base
|
||||
License: BSD
|
||||
URL: http://sourceforge.net/projects/tboot/
|
||||
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
|
||||
|
||||
Patch01: 0001-fix-typo-in-lcp2_crtpollist-manpage.patch
|
||||
Patch02: 0002-check-for-client-server-match.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc
|
||||
BuildRequires: perl
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: zlib-devel
|
||||
BuildRequires: perl
|
||||
ExclusiveArch: %{ix86} x86_64
|
||||
Requires: grub2-efi-x64-modules
|
||||
|
||||
Patch01: 0001-fix-typo-in-lcp2_crtpollist-manpage.patch
|
||||
Patch02: 0002-check-for-client-server-match.patch
|
||||
|
||||
%description
|
||||
Trusted Boot (tboot) is an open source, pre-kernel/VMM module that uses
|
||||
Intel Trusted Execution Technology (Intel TXT) to perform a measured
|
||||
and verified launch of an OS kernel/VMM.
|
||||
|
||||
%prep
|
||||
%autosetup -p1 -n %{name}-%{version}
|
||||
%autosetup -S git
|
||||
|
||||
# do not override OPTFLAGS
|
||||
sed -i -e 's/-march=i686//' Config.mk
|
||||
|
||||
%build
|
||||
CFLAGS="%{optflags}"; export CFLAGS
|
||||
LDFLAGS="%{build_ldflags}"; export LDFLAGS
|
||||
CFLAGS="$RPM_OPT_FLAGS"; export CFLAGS
|
||||
LDFLAGS="$RPM_LD_FLAGS"; export LDFLAGS
|
||||
make debug=y %{?_smp_mflags}
|
||||
|
||||
%post
|
||||
# Rmove the grub efi modules if they had been placed in the wrong directory by
|
||||
# a previous install.
|
||||
[ -d /boot/efi/EFI/redhat/x86_64-efi ] && rm -rf /boot/efi/EFI/redhat/x86_64-efi
|
||||
# create the tboot grub entry
|
||||
grub2-mkconfig -o /boot/grub2/grub.cfg
|
||||
# create the tboot entry and copy the modules to the grubenvdir
|
||||
grublib='/usr/lib/grub/x86_64-efi/'
|
||||
|
||||
# For EFI based machines ...
|
||||
if [ -d /sys/firmware/efi ]; then
|
||||
echo "EFI detected .."
|
||||
[ -d /boot/grub2/x86_64-efi ] || mkdir -pv /boot/grub2/x86_64-efi
|
||||
cp -vf /usr/lib/grub/x86_64-efi/relocator.mod /boot/grub2/x86_64-efi/
|
||||
cp -vf /usr/lib/grub/x86_64-efi/multiboot2.mod /boot/grub2/x86_64-efi/
|
||||
|
||||
# If there were a previous install of tboot that overwrote the
|
||||
# originally installed /boot/efi/EFI/redhat/grub.cfg stub, then
|
||||
# recreate it.
|
||||
if grep -q -m1 tboot /boot/efi/EFI/redhat/grub.cfg; then
|
||||
cat << EOF > /boot/efi/EFI/redhat/grub.cfg
|
||||
search --no-floppy --fs-uuid --set=dev \
|
||||
$(lsblk -no UUID $(df -P /boot/grub2 | awk 'END{print $1}'))
|
||||
set prefix=(\$dev)/grub2
|
||||
export \$prefix
|
||||
configfile \$prefix/grub.cfg
|
||||
EOF
|
||||
chown root:root /boot/efi/EFI/redhat/grub.cfg
|
||||
chmod u=rwx,go= /boot/efi/EFI/redhat/grub.cfg
|
||||
fi
|
||||
grubenvdir='/boot/efi/EFI/redhat'
|
||||
else
|
||||
echo "Legacy BIOS detected .."
|
||||
grubenvdir='/boot/grub2'
|
||||
# If previous install put the modules in the wrong dir
|
||||
[ -d /boot/efi/EFI/redhat/x86_64-efi ] && rm -rf /boot/efi/EFI/redhat/x86_64-efi
|
||||
fi
|
||||
|
||||
grub2-mkconfig -o $grubenvdir/grub.cfg
|
||||
[ -d $grubenvdir/x86_64-efi ] || mkdir -pv $grubenvdir/x86_64-efi
|
||||
cp -vf $grublib/relocator.mod $grubenvdir/x86_64-efi/
|
||||
cp -vf $grublib/multiboot2.mod $grubenvdir/x86_64-efi/
|
||||
|
||||
%postun
|
||||
# Cleanup all tboot files
|
||||
|
||||
# Remove residual grub efi modules.
|
||||
[ -d /boot/grub2/x86_64-efi ] && rm -rf /boot/grub2/x86_64-efi
|
||||
[ -d /boot/efi/EFI/redhat/x86_64-efi ] && rm -rf /boot/efi/EFI/redhat/x86_64-efi
|
||||
grub2-mkconfig -o /etc/grub2.cfg
|
||||
if [ -d /sys/firmware/efi ]; then
|
||||
echo "EFI detected .."
|
||||
grubenvdir='/boot/efi/EFI/redhat'
|
||||
else
|
||||
echo "Legacy BIOS detected .."
|
||||
grubenvdir='/boot/grub2'
|
||||
fi
|
||||
|
||||
[ -d $grubenvdir/x86_64-efi ] && rm -rf $grubenvdir/x86_64-efi
|
||||
grub2-mkconfig -o $grubenvdir/grub.cfg
|
||||
|
||||
%install
|
||||
echo "installing tboot"
|
||||
make debug=y DISTDIR=$RPM_BUILD_ROOT install
|
||||
|
||||
%files
|
||||
@ -95,122 +95,84 @@ make debug=y DISTDIR=$RPM_BUILD_ROOT install
|
||||
/boot/tboot-syms
|
||||
|
||||
%changelog
|
||||
* Thu Aug 18 2022 Tony Camuso <tcamuso@redhat.com> - 1:1.10.5-2
|
||||
- The install scriptlet in %post was choosing the first grub.cfg
|
||||
file it encountered, which was /boot/efi/EFI/redhat/grub.cfg.
|
||||
This is a stub that defines grub boot disk UUID necessary for
|
||||
proper grubenv setup, and it must not be overwritten or changed.
|
||||
Modify the scriptlet to target /boot/grub2/grub.cfg
|
||||
Additionally, remove any wrongly created /boot/grub2/x86_64-efi
|
||||
directory and recreate the correct /boot/efi/EFI/redhat/grub.cfg
|
||||
stub file.
|
||||
* Fri Aug 26 2022 Tony Camuso <tcamuso@redhat.com> - 1:1.10.5-2
|
||||
- The install scriptlet in %post was not choosing the correct
|
||||
grubenv directory. In RHEL8, the efi and legacy bios grubenv
|
||||
directories are different. This change assures that the
|
||||
correct directory is used for grub.cfg and related modules.
|
||||
Added a %postun section to cleanup when removing tboot with
|
||||
dnf erase.
|
||||
Thanks to Lenny Szubowicz for the bash code to recreate the
|
||||
/boot/efi/EFI/redhat/grub.cfg stub file.
|
||||
Resolves: rhbz#2112236
|
||||
Resolves: rhbz#2121836
|
||||
|
||||
* Wed May 04 2022 Tony Camuso <tcamuso@redhat.com> - 1:1.10.5-1
|
||||
- Upgrade to tboot-1.10.5-1 for fixes and updates.
|
||||
- Added a Requires line to install grub2-efi-x64-modules
|
||||
- Added a scriptlet to the tboot.spec file to automatically install
|
||||
* Wed Apr 20 2022 Tony Camuso <tcamuso@redhat.com> - 1:1.10.5-1
|
||||
Upgrade to tboot-1.10.5-1 for fixes and updates.
|
||||
Added a scriptlet to the tboot.spec file to automatically install
|
||||
grub2-efi-x64-modules and move them to the correct directory.
|
||||
- Removed three patches that are no longer needed.
|
||||
- Added two patches from upstream, one for a fix, the other cosemetic.
|
||||
- Resolves: rhbz#2041766
|
||||
Resolves: rhbz#2040083
|
||||
Resolves: rhbz#2040082
|
||||
Resolves: rhbz#2041759
|
||||
|
||||
* Thu Sep 30 2021 Tony Camuso <tcamuso@redhat.com> - 1:1.10.2-6
|
||||
- Use sha256 as default hashing algorithm
|
||||
Resolves: rhbz#1935448
|
||||
* Thu Jun 10 2021 Tony Camuso <tcamuso@redhat.com> - 1:1.10.1-1
|
||||
Upgrade to tboot-1.10.2-1 provides some bug fixes and updates.
|
||||
Remove 0001-Do-not-install-man-pages-for-deprecated-tools.patch
|
||||
from the git repo, since it is no longer needed.
|
||||
Resolves: rhbz#1857068
|
||||
Resolves: rhbz#1873296
|
||||
Resolves: rhbz#1920386
|
||||
|
||||
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.10.2-5
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
* Mon Feb 22 2021 Tony Camuso <tcamuso@redhat.com> - 1:1.10.0-1
|
||||
Need to add BuildRequires: perl, since it has beem moved
|
||||
from BuildRoot.
|
||||
See: https://fedoraproject.org/wiki/Packaging:Perl#Build_Dependencies
|
||||
Resolves: rhbz#1857068
|
||||
|
||||
* Wed Jul 28 2021 Tony Camuso <tcamuso@redhat.com> - 1:1.10.2-4
|
||||
- From Miroslave Vadkerti:
|
||||
Onboarding tests to RHEL9 in BaseOS CI requires action, adding
|
||||
test configuration in our "dispatcher" configuration for RHEL9:
|
||||
https://gitlab.cee.redhat.com/baseos-qe/citool-config/blob/production/brew-dispatcher-rhel9.yaml
|
||||
Test config was added for tboot in the following MR.
|
||||
https://gitlab.cee.redhat.com/baseos-qe/citool-config/-/merge_requests/2686
|
||||
Resolves: rhbz#1922002
|
||||
* Mon Feb 22 2021 Tony Camuso <tcamuso@redhat.com> - 1:1.10.0-1
|
||||
Build problem creating directory for grub modules. We can't
|
||||
know if the modules are there, so it's up to the end user to
|
||||
find the modules and copy them to the correct location.
|
||||
Specifically, for systems booting from EFI, the
|
||||
/boot/efi/EFI/redhat/x86_64-efi/multiboot2.mod file, if it
|
||||
exists, must be copied to the /boot/efi/EFI/redhat/x86_64-efi/
|
||||
directory. If that file does not exist, then the system has
|
||||
the wrong version of grub for using tboot in an EFI system.
|
||||
Resolves: rhbz#1857068
|
||||
|
||||
* Tue Jul 27 2021 Tony Camuso <tcamuso@redhat.com> - 1:1.10.2-3
|
||||
- Add the %{optflags} and %{build_ldflags} macros to assure the
|
||||
build meets RHEL security requirements.
|
||||
Resolves: rhbz#1922002
|
||||
* Fri Dec 11 2020 Tony Camuso <tcamuso@redhat.com> - 1:1.10.0-0
|
||||
Upgrade to latest upstream version
|
||||
Added upstream patch to remove deprecated man pages
|
||||
Resolves: rhbz#1857068
|
||||
|
||||
* Thu Jul 22 2021 Tony Camuso <tcamuso@redhat.com> - 1:1.10.2-2
|
||||
- Bump the NVR as a result of including the gating.yaml file in
|
||||
the git repo.
|
||||
Resolves: rhbz#1922002
|
||||
* Tue Jun 23 2020 Tony Camuso <tcamuso@redhat.com> - 1:1.9.12-2
|
||||
- Fix build issues with one upstream patch.
|
||||
This patch also reverts the previous patch concerning the
|
||||
-Wno-address-of-packed-member cflag.
|
||||
Resolves: rhbz#1847938
|
||||
|
||||
* Mon Jun 21 2021 Tony Camuso <tcamuso@redhat.com> - 1:1.10.2-1
|
||||
- The patches are for SSL3 compatibility. These can probably be
|
||||
removed when upstream tboot fully implements SSL3.
|
||||
- Upgrade to latest upstream.
|
||||
- Remove trousers dependency.
|
||||
Resolves: rhbz#1922002
|
||||
Resolves: rhbz#1870520
|
||||
Resolves: rhbz#1927374
|
||||
* Fri Jun 12 2020 Tony Camuso <tcamuso@redhat.com> - 1:1.9.12-1
|
||||
- Add patch to revert "Disable GCC9 address-of-packed-member warning"
|
||||
While it was able to build locally with 'rhpkg local', the brew
|
||||
build failed, because the compiler on the brew systems did not
|
||||
recognized the new GCC9 command line flag:
|
||||
-Wno-address-of-packed-member
|
||||
|
||||
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.9.11-9
|
||||
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
||||
Related: rhbz#1971065
|
||||
* Fri May 29 2020 Tony Camuso <tcamuso@redhat.com> - 1:1.9.12-1
|
||||
- Upgrade to latest upstream version
|
||||
Resolves: rhbz#1790169
|
||||
|
||||
* Thu May 27 2021 Tony Camuso <tcamuso@redhat.com> - 1:1.9.11-8
|
||||
- Add -Wno-error=deprecated-declarations to the Config.mk patch
|
||||
Resolves: rhbz#1958031
|
||||
* Fri Nov 15 2019 Tony Camuso <tcamuso@redhat.com> - 1:1.9.10-1
|
||||
- Rebase to the lastest upstream version.
|
||||
Resolves: rhbz#1725661
|
||||
|
||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.9.11-7
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
* Fri Sep 7 2018 Tony Camuso <tcamuso@redhat.com> - 1:1.9.7-1
|
||||
- Rebase to the latest upstream version.
|
||||
Resolves: rhbz#1511799
|
||||
- Do not override OPTFLAGS in the make
|
||||
Resolves: rhbz#1620070
|
||||
|
||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.9.11-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Fri Oct 30 2020 Jeff Law <law@redhat.com> - 1:1.9.11-5
|
||||
- Re-enable -Wstringop-overflow and instead make the problematical
|
||||
pointer volatile to avoid the false positive diagnostic
|
||||
|
||||
* Thu Oct 29 2020 Jeff Law <law@redhat.com> - 1:1.9.11-4
|
||||
- Fix buglet exposed by gcc-11 -Warray-parameter
|
||||
- Temporarily disable -Wstringop-overflow due to false positive in gcc-11
|
||||
|
||||
* Wed Jul 29 2020 Jeff Law <law@redhat.com> - 1:1.9.11-3
|
||||
- Explicitly allow uninitialized variables in a few places that do it
|
||||
- on purpose
|
||||
|
||||
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.9.11-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Sun Apr 19 2020 Filipe Rosset <rosset.filipe@gmail.com> - 1:1.9.11-1
|
||||
- Update to 1.9.11
|
||||
|
||||
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.9.10-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.9.10-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Tue May 14 2019 Yunying Sun <yunying.sun@intel.com> - 1:1.9.10-1
|
||||
- Add patch to fix package build error
|
||||
- Add build dependency to zlib-devel
|
||||
- Update to latest release 1.9.10
|
||||
|
||||
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.9.8-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Wed Oct 31 2018 Yunying Sun <yunying.sun@intel.com> - 1:1.9.8-1
|
||||
- Updated to upstream 1.9.8 release
|
||||
|
||||
* Tue Sep 4 2018 Yunying Sun <yunying.sun@intel.com> - 1:1.9.7-1
|
||||
- Updated to upstream 1.9.7 release
|
||||
- Removed the patch for openssl 1.1 as it is included in 1.9.7 already
|
||||
|
||||
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.9.6-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
* Fri Jul 20 2018 Tony Camuso <tcamuso@redhat.com> - 1:1.9.6-3
|
||||
- Incorporate latest upstream patches, including a newer version
|
||||
of the OpenSSL patch in 1.9.6-2
|
||||
Resolves: rhbz#1492771
|
||||
Resolves: rhbz#1499435
|
||||
|
||||
* Tue Feb 06 2018 Tomáš Mráz <tmraz@redhat.com> - 1:1.9.6-2
|
||||
- Patch to build with OpenSSL-1.1.x
|
||||
|
||||
Loading…
Reference in New Issue
Block a user