mirror of
https://src.fedoraproject.org/rpms/grub2.git
synced 2024-11-28 07:44:52 +00:00
Forward-port ppc64le image creation (with nerfed signing)
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
This commit is contained in:
parent
3972172d4d
commit
06e51d2a65
2 changed files with 106 additions and 28 deletions
126
grub.macros
126
grub.macros
|
@ -77,6 +77,7 @@
|
||||||
%global emuarch %{_arch}
|
%global emuarch %{_arch}
|
||||||
%global grubefiarch %{nil}
|
%global grubefiarch %{nil}
|
||||||
%global grublegacyarch %{nil}
|
%global grublegacyarch %{nil}
|
||||||
|
%global grubelfname %{nil}
|
||||||
|
|
||||||
# sparc is always compiled 64 bit
|
# sparc is always compiled 64 bit
|
||||||
%ifarch %{sparc}
|
%ifarch %{sparc}
|
||||||
|
@ -116,11 +117,20 @@
|
||||||
%{!?with_efi_only:%global without_efi_only 0}
|
%{!?with_efi_only:%global without_efi_only 0}
|
||||||
%{?with_efi_only:%global without_efi_only 1}
|
%{?with_efi_only:%global without_efi_only 1}
|
||||||
|
|
||||||
### fixme
|
%ifarch %{efi_arch}
|
||||||
|
%global efi_modules " efi_netfs efifwsetup efinet lsefi lsefimmap connectefi "
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%ifarch x86_64 %{ix86}
|
||||||
|
%global platform_modules " backtrace chain tpm usb usbserial_common usbserial_pl2303 usbserial_ftdi usbserial_usbdebug keylayouts at_keyboard "
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%ifarch ppc64le
|
||||||
|
%global platform_modules " appendedsig tpm ofnet "
|
||||||
|
%endif
|
||||||
|
|
||||||
%ifarch aarch64 %{arm} riscv64
|
%ifarch aarch64 %{arm} riscv64
|
||||||
%global efi_modules " "
|
%global platform_modules " "
|
||||||
%else
|
|
||||||
%global efi_modules " backtrace chain tpm usb usbserial_common usbserial_pl2303 usbserial_ftdi usbserial_usbdebug keylayouts at_keyboard connectefi "
|
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%ifarch aarch64 %{arm} riscv64
|
%ifarch aarch64 %{arm} riscv64
|
||||||
|
@ -220,6 +230,7 @@
|
||||||
%global with_legacy_arch 1
|
%global with_legacy_arch 1
|
||||||
%global grublegacyarch %{legacy_target_cpu_name}-%{platform}
|
%global grublegacyarch %{legacy_target_cpu_name}-%{platform}
|
||||||
%global moduledir %{legacy_target_cpu_name}-%{platform}
|
%global moduledir %{legacy_target_cpu_name}-%{platform}
|
||||||
|
%global grubelfname core.elf
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%global evr %{epoch}:%{version}-%{release}
|
%global evr %{epoch}:%{version}-%{release}
|
||||||
|
@ -380,14 +391,31 @@ install -m 644 %{1}.conf ${RPM_BUILD_ROOT}/etc/dnf/protected.d/ \
|
||||||
rm -f %{1}.conf \
|
rm -f %{1}.conf \
|
||||||
%{nil}
|
%{nil}
|
||||||
|
|
||||||
|
%global grub_modules " all_video boot blscfg btrfs \\\
|
||||||
|
cat configfile cryptodisk \\\
|
||||||
|
echo ext2 f2fs fat font \\\
|
||||||
|
gcry_rijndael gcry_rsa gcry_serpent \\\
|
||||||
|
gcry_sha256 gcry_twofish gcry_whirlpool \\\
|
||||||
|
gfxmenu gfxterm gzio \\\
|
||||||
|
halt hfsplus http increment iso9660 \\\
|
||||||
|
jpeg loadenv loopback linux lvm luks \\\
|
||||||
|
luks2 mdraid09 mdraid1x minicmd net \\\
|
||||||
|
normal part_apple part_msdos part_gpt \\\
|
||||||
|
password_pbkdf2 pgp png reboot regexp \\\
|
||||||
|
search search_fs_uuid search_fs_file \\\
|
||||||
|
search_label serial sleep syslinuxcfg \\\
|
||||||
|
test tftp version video xfs zstd " \
|
||||||
|
|
||||||
%ifarch x86_64 aarch64 %{arm} riscv64
|
%ifarch x86_64 aarch64 %{arm} riscv64
|
||||||
%define mkimage() \
|
%define efi_mkimage() \
|
||||||
%{4}./grub-mkimage -O %{1} -o %{2}.orig \\\
|
%{4}./grub-mkimage -O %{1} -o %{2}.orig \\\
|
||||||
-p /EFI/%{efi_vendor} -d grub-core ${GRUB_MODULES} \\\
|
-p /EFI/%{efi_vendor} -d grub-core \\\
|
||||||
--sbat %{4}./sbat.csv \
|
--sbat %{4}./sbat.csv \\\
|
||||||
|
${GRUB_MODULES} \
|
||||||
%{4}./grub-mkimage -O %{1} -o %{3}.orig \\\
|
%{4}./grub-mkimage -O %{1} -o %{3}.orig \\\
|
||||||
-p /EFI/BOOT -d grub-core ${GRUB_MODULES} \\\
|
-p /EFI/BOOT -d grub-core \\\
|
||||||
--sbat %{4}./sbat.csv \
|
--sbat %{4}./sbat.csv \\\
|
||||||
|
${GRUB_MODULES} \
|
||||||
%{expand:%%define ___pesign_client_cert %{?___pesign_client_cert}%{!?___pesign_client_cert:%{__pesign_client_cert}}} \
|
%{expand:%%define ___pesign_client_cert %{?___pesign_client_cert}%{!?___pesign_client_cert:%{__pesign_client_cert}}} \
|
||||||
%{?__pesign_client_cert:%{expand:%%define __pesign_client_cert %{___pesign_client_cert}}} \
|
%{?__pesign_client_cert:%{expand:%%define __pesign_client_cert %{___pesign_client_cert}}} \
|
||||||
%{expand:%%{pesign -s -i %%{2}.orig -o %%{2}.onesig -a %%{5} -c %%{6} -n %%{7}}} \
|
%{expand:%%{pesign -s -i %%{2}.orig -o %%{2}.onesig -a %%{5} -c %%{6} -n %%{7}}} \
|
||||||
|
@ -397,31 +425,65 @@ rm -f %{1}.conf \
|
||||||
%{expand:%%{pesign -s -i %%{3}.onesig -o %%{3} -a %%{5} -c %%{6} -n %%{7}}} \
|
%{expand:%%{pesign -s -i %%{3}.onesig -o %%{3} -a %%{5} -c %%{6} -n %%{7}}} \
|
||||||
%{nil}
|
%{nil}
|
||||||
%else
|
%else
|
||||||
%define mkimage() \
|
%define efi_mkimage() \
|
||||||
%{4}./grub-mkimage -O %{1} -o %{2} \\\
|
%{4}./grub-mkimage -O %{1} -o %{2} \\\
|
||||||
-p /EFI/%{efi_vendor} -d grub-core ${GRUB_MODULES} \
|
-p /EFI/%{efi_vendor} -d grub-core \\\
|
||||||
|
${GRUB_MODULES} \
|
||||||
%{4}./grub-mkimage -O %{1} -o %{3} \\\
|
%{4}./grub-mkimage -O %{1} -o %{3} \\\
|
||||||
-p /EFI/BOOT -d grub-core ${GRUB_MODULES} \
|
-p /EFI/BOOT -d grub-core \\\
|
||||||
|
${GRUB_MODULES} \
|
||||||
%{nil}
|
%{nil}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
%ifarch ppc64le
|
||||||
|
%if 0%{?rhel}
|
||||||
|
%define ieee1275_mkimage() \
|
||||||
|
APPENDED_SIG_SIZE=0 \
|
||||||
|
if [ -x /usr/bin/rpm-sign ]; then \
|
||||||
|
touch empty.unsigned \
|
||||||
|
rpm-sign --key %{4} \\\
|
||||||
|
--lkmsign empty.unsigned \\\
|
||||||
|
--output empty.signed \
|
||||||
|
APPENDED_SIG_SIZE="$(stat -c '%s' empty.signed)" \
|
||||||
|
rm empty.{un,}signed \
|
||||||
|
fi \
|
||||||
|
# FIXME: using this prefix is fragile, must be done properly \
|
||||||
|
./grub-mkimage -O %{1} -o %{2}.orig \\\
|
||||||
|
-p '/grub2' -d grub-core \\\
|
||||||
|
-x %{3} \\\
|
||||||
|
--appended-signature-size ${APPENDED_SIG_SIZE} \\\
|
||||||
|
${GRUB_MODULES} \
|
||||||
|
if [ -x /usr/bin/rpm-sign ]; then \
|
||||||
|
truncate -s -${APPENDED_SIG_SIZE} %{2}.orig \
|
||||||
|
rpm-sign --key %{4} \\\
|
||||||
|
--lkmsign %{2}.orig \\\
|
||||||
|
--output %{2} \
|
||||||
|
else \
|
||||||
|
mv %{2}.orig %{2} \
|
||||||
|
fi \
|
||||||
|
%{nil}
|
||||||
|
%else
|
||||||
|
# Fedora et al.
|
||||||
|
%define ieee1275_mkimage() \
|
||||||
|
./grub-mkimage -O %{1} -o %{2}.orig -p '/grub2' -d grub-core ${GRUB_MODULES} \
|
||||||
|
mv %{2}.orig %{2}
|
||||||
|
%{nil}
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
|
||||||
%define do_efi_build_images() \
|
%define do_efi_build_images() \
|
||||||
GRUB_MODULES=" all_video boot blscfg btrfs \\\
|
GRUB_MODULES+=%{grub_modules} \
|
||||||
cat configfile cryptodisk \\\
|
|
||||||
echo efi_netfs efifwsetup efinet ext2 f2fs \\\
|
|
||||||
fat font gcry_rijndael gcry_rsa gcry_serpent \\\
|
|
||||||
gcry_sha256 gcry_twofish gcry_whirlpool \\\
|
|
||||||
gfxmenu gfxterm gzio \\\
|
|
||||||
halt hfsplus http increment iso9660 jpeg \\\
|
|
||||||
loadenv loopback linux lvm lsefi lsefimmap luks \\\
|
|
||||||
luks2 mdraid09 mdraid1x minicmd net \\\
|
|
||||||
normal part_apple part_msdos part_gpt \\\
|
|
||||||
password_pbkdf2 pgp png read reboot \\\
|
|
||||||
regexp search search_fs_uuid search_fs_file \\\
|
|
||||||
search_label serial sleep syslinuxcfg test tftp \\\
|
|
||||||
version video xfs zstd " \
|
|
||||||
GRUB_MODULES+=%{efi_modules} \
|
GRUB_MODULES+=%{efi_modules} \
|
||||||
%{expand:%%{mkimage %{1} %{2} %{3} %{4}}} \
|
GRUB_MODULES+=%{platform_modules} \
|
||||||
|
%{expand:%%{efi_mkimage %{1} %{2} %{3} %{4}}} \
|
||||||
|
%{nil}
|
||||||
|
|
||||||
|
%define do_ieee1275_build_images() \
|
||||||
|
GRUB_MODULES+=%{grub_modules} \
|
||||||
|
GRUB_MODULES+=%{platform_modules} \
|
||||||
|
cd grub-%{1}-%{tarversion} \
|
||||||
|
%{expand:%%ieee1275_mkimage %%{1} %%{2} %%{3} %%{4}} \
|
||||||
|
cd .. \
|
||||||
%{nil}
|
%{nil}
|
||||||
|
|
||||||
%define do_primary_efi_build() \
|
%define do_primary_efi_build() \
|
||||||
|
@ -536,6 +598,9 @@ fi \
|
||||||
if [ -f $RPM_BUILD_ROOT%{_infodir}/grub-dev.info ]; then \
|
if [ -f $RPM_BUILD_ROOT%{_infodir}/grub-dev.info ]; then \
|
||||||
rm -f $RPM_BUILD_ROOT%{_infodir}/grub-dev.info \
|
rm -f $RPM_BUILD_ROOT%{_infodir}/grub-dev.info \
|
||||||
fi \
|
fi \
|
||||||
|
%{expand:%ifarch ppc64le \
|
||||||
|
install -m 700 %{grubelfname} $RPM_BUILD_ROOT/%{_libdir}/grub/%{1} \
|
||||||
|
%endif} \
|
||||||
if [ -f $RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/grub2.chrp ]; then \
|
if [ -f $RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/grub2.chrp ]; then \
|
||||||
mv $RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/grub2.chrp \\\
|
mv $RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/grub2.chrp \\\
|
||||||
$RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/grub.chrp \
|
$RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/grub.chrp \
|
||||||
|
@ -595,12 +660,19 @@ ln -s ../boot/grub2/grub.cfg \\\
|
||||||
%ghost %config(noreplace) %attr(0700,root,root)/boot/grub2/grub.cfg \
|
%ghost %config(noreplace) %attr(0700,root,root)/boot/grub2/grub.cfg \
|
||||||
%dir %attr(0700,root,root)/boot/loader/entries \
|
%dir %attr(0700,root,root)/boot/loader/entries \
|
||||||
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/grub2-%{1}.conf \
|
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/grub2-%{1}.conf \
|
||||||
|
%ifarch ppc64le \
|
||||||
|
%dir %{_libdir}/grub/%{2}/ \
|
||||||
|
%{_libdir}/grub/%{2}/%{grubelfname} \
|
||||||
|
%endif \
|
||||||
\
|
\
|
||||||
%{expand:%if 0%{?with_legacy_modules} \
|
%{expand:%if 0%{?with_legacy_modules} \
|
||||||
%{expand:%%files %{1}-modules} \
|
%{expand:%%files %{1}-modules} \
|
||||||
%defattr(-,root,root) \
|
%defattr(-,root,root) \
|
||||||
%dir %{_libdir}/grub/%{2}/ \
|
%dir %{_libdir}/grub/%{2}/ \
|
||||||
%{_libdir}/grub/%{2}/* \
|
%{_libdir}/grub/%{2}/* \
|
||||||
|
%ifarch ppc64le \
|
||||||
|
%exclude %{_libdir}/grub/%{2}/%{grubelfname} \
|
||||||
|
%endif \
|
||||||
%exclude %{_libdir}/grub/%{2}/*.module \
|
%exclude %{_libdir}/grub/%{2}/*.module \
|
||||||
%exclude %{_libdir}/grub/%{2}/{boot,boot_hybrid,cdboot,diskboot,lzma_decompress,pxeboot}.image \
|
%exclude %{_libdir}/grub/%{2}/{boot,boot_hybrid,cdboot,diskboot,lzma_decompress,pxeboot}.image \
|
||||||
%exclude %{_libdir}/grub/%{2}/*.o \
|
%exclude %{_libdir}/grub/%{2}/*.o \
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
Name: grub2
|
Name: grub2
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 2.06
|
Version: 2.06
|
||||||
Release: 63%{?dist}
|
Release: 64%{?dist}
|
||||||
Summary: Bootloader with support for Linux, Multiboot and more
|
Summary: Bootloader with support for Linux, Multiboot and more
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
URL: http://www.gnu.org/software/grub/
|
URL: http://www.gnu.org/software/grub/
|
||||||
|
@ -210,6 +210,9 @@ git commit -m "After making subdirs"
|
||||||
%if 0%{with_emu_arch}
|
%if 0%{with_emu_arch}
|
||||||
%{expand:%do_emu_build}
|
%{expand:%do_emu_build}
|
||||||
%endif
|
%endif
|
||||||
|
%ifarch ppc64le
|
||||||
|
%{expand:%do_ieee1275_build_images %%{grublegacyarch} %{grubelfname} %{sb_cer} %{sb_key}}
|
||||||
|
%endif
|
||||||
makeinfo --info --no-split -I docs -o docs/grub-dev.info \
|
makeinfo --info --no-split -I docs -o docs/grub-dev.info \
|
||||||
docs/grub-dev.texi
|
docs/grub-dev.texi
|
||||||
makeinfo --info --no-split -I docs -o docs/grub.info \
|
makeinfo --info --no-split -I docs -o docs/grub.info \
|
||||||
|
@ -529,6 +532,9 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Nov 21 2022 Robbie Harwood <rharwood@redhat.com> - 1:2.06-64
|
||||||
|
- Forward-port ppc64le image creation (with nerfed signing)
|
||||||
|
|
||||||
* Tue Nov 08 2022 Robbie Harwood <rharwood@redhat.com> - 1:2.06-63
|
* Tue Nov 08 2022 Robbie Harwood <rharwood@redhat.com> - 1:2.06-63
|
||||||
- Font fixes (CVE-2022-2601 batch)
|
- Font fixes (CVE-2022-2601 batch)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue