diff --git a/0209-Don-t-update-the-cmdline-when-generating-legacy-menu.patch b/0209-Don-t-update-the-cmdline-when-generating-legacy-menu.patch new file mode 100644 index 0000000..c55b7e3 --- /dev/null +++ b/0209-Don-t-update-the-cmdline-when-generating-legacy-menu.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 17 Jun 2021 14:31:42 +0200 +Subject: [PATCH] Don't update the cmdline when generating legacy menuentry + commands + +On OPAL ppc64le machines with an old petitboot version that doesn't have +support to parse BLS snippets, the grub2-mkconfig script is executed to +generate menuentry commands from the BLS snippets. + +In this case, the script is executed with the --no-grubenv-update option +that indicates that no side effects should happen when running the script. + +But the options field in the BLS snippets are updated regardless, only do +the update if --no-grubenv-update was not used. + +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/10_linux.in | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 68adb55d893..c9296154f51 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -261,7 +261,9 @@ if [ -z "\${kernelopts}" ]; then + fi + EOF + +- update_bls_cmdline ++ if [ "x${GRUB_GRUBENV_UPDATE}" = "xyes" ]; then ++ update_bls_cmdline ++ fi + + if [ "x${BLS_POPULATE_MENU}" = "xtrue" ]; then + populate_menu diff --git a/0210-Suppress-gettext-error-message.patch b/0210-Suppress-gettext-error-message.patch new file mode 100644 index 0000000..c57e7ff --- /dev/null +++ b/0210-Suppress-gettext-error-message.patch @@ -0,0 +1,33 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Paulo Flabiano Smorigo +Date: Tue, 29 Jun 2021 13:17:42 +0200 +Subject: [PATCH] Suppress gettext error message + +Colin Watson's patch from comment #11 on the upstream bug: +https://savannah.gnu.org/bugs/?35880#comment11 + +Resolves: rhbz#1592124 + +Signed-off-by: Paulo Flabiano Smorigo +--- + grub-core/gettext/gettext.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c +index 84d520cd494..87a912ac6e5 100644 +--- a/grub-core/gettext/gettext.c ++++ b/grub-core/gettext/gettext.c +@@ -424,6 +424,13 @@ grub_gettext_init_ext (struct grub_gettext_context *ctx, + grub_free (lang); + } + ++ /* If no translations are available, fall back to untranslated text. */ ++ if (err == GRUB_ERR_FILE_NOT_FOUND) ++ { ++ grub_errno = GRUB_ERR_NONE; ++ return 0; ++ } ++ + if (locale[0] == 'e' && locale[1] == 'n' + && (locale[2] == '\0' || locale[2] == '_')) + grub_errno = err = GRUB_ERR_NONE; diff --git a/0211-grub-boot-success.timer-Only-run-if-not-in-a-contain.patch b/0211-grub-boot-success.timer-Only-run-if-not-in-a-contain.patch new file mode 100644 index 0000000..61d0f6d --- /dev/null +++ b/0211-grub-boot-success.timer-Only-run-if-not-in-a-contain.patch @@ -0,0 +1,32 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Gena Makhomed +Date: Thu, 1 Jul 2021 01:07:46 +0200 +Subject: [PATCH] grub-boot-success.timer: Only run if not in a container + +The grub-boot-success.timer should be disabled inside a container since it +leads to the following error: + +Jan 09 22:56:38 test sshd[8786]: pam_unix(sshd:session): session opened for user www(uid=1000) by (uid=0) +Jan 09 22:58:39 test systemd[8857]: Starting Mark boot as successful... +Jan 09 22:58:39 test systemd[8857]: grub-boot-success.service: Main process exited, code=exited, status=1/FAILURE +Jan 09 22:58:39 test systemd[8857]: grub-boot-success.service: Failed with result 'exit-code'. +Jan 09 22:58:39 test systemd[8857]: Failed to start Mark boot as successful. +Jan 09 22:58:39 test grub2-set-bootflag[10034]: Error canonicalizing /boot/grub2/grubenv filename: No such file or directory + +Resolves: rhbz#1914571 +--- + docs/grub-boot-success.timer | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/docs/grub-boot-success.timer b/docs/grub-boot-success.timer +index 5d8fcba21aa..406f1720056 100644 +--- a/docs/grub-boot-success.timer ++++ b/docs/grub-boot-success.timer +@@ -1,6 +1,7 @@ + [Unit] + Description=Mark boot as successful after the user session has run 2 minutes + ConditionUser=!@system ++ConditionVirtualization=!container + + [Timer] + OnActiveSec=2min diff --git a/0212-grub-set-password-Always-use-boot-grub2-user.cfg-as-.patch b/0212-grub-set-password-Always-use-boot-grub2-user.cfg-as-.patch new file mode 100644 index 0000000..7ecea22 --- /dev/null +++ b/0212-grub-set-password-Always-use-boot-grub2-user.cfg-as-.patch @@ -0,0 +1,42 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 5 Jul 2021 18:24:22 +0200 +Subject: [PATCH] grub-set-password: Always use /boot/grub2/user.cfg as + password default + +The GRUB configuration file is always placed in /boot/grub2/ now, even for +EFI. But the tool is still creating the user.cfg in the ESP and not there. + +Resolves: rhbz#1955294 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub-set-password.in | 9 +-------- + 1 file changed, 1 insertion(+), 8 deletions(-) + +diff --git a/util/grub-set-password.in b/util/grub-set-password.in +index c0b5ebbfdc5..d8005e5a142 100644 +--- a/util/grub-set-password.in ++++ b/util/grub-set-password.in +@@ -1,11 +1,6 @@ + #!/bin/sh -e + +-EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/' -e 's/\"//g') +-if [ -d /sys/firmware/efi/efivars/ ]; then +- grubdir=`echo "/@bootdirname@/efi/EFI/${EFIDIR}/" | sed 's,//*,/,g'` +-else +- grubdir=`echo "/@bootdirname@/@grubdirname@" | sed 's,//*,/,g'` +-fi ++grubdir=`echo "/@bootdirname@/@grubdirname@" | sed 's,//*,/,g'` + + PACKAGE_VERSION="@PACKAGE_VERSION@" + PACKAGE_NAME="@PACKAGE_NAME@" +@@ -116,8 +111,6 @@ if [ -z "${MYPASS}" ]; then + exit 1 + fi + +-# on the ESP, these will fail to set the permissions, but it's okay because +-# the directory is protected. + install -m 0600 /dev/null "${OUTPUT_PATH}/user.cfg" 2>/dev/null || : + chmod 0600 "${OUTPUT_PATH}/user.cfg" 2>/dev/null || : + echo "GRUB2_PASSWORD=${MYPASS}" > "${OUTPUT_PATH}/user.cfg" diff --git a/0213-Remove-outdated-URL-for-BLS-document.patch b/0213-Remove-outdated-URL-for-BLS-document.patch new file mode 100644 index 0000000..d380fe8 --- /dev/null +++ b/0213-Remove-outdated-URL-for-BLS-document.patch @@ -0,0 +1,28 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 5 Jul 2021 19:00:25 +0200 +Subject: [PATCH] Remove outdated URL for BLS document + +The document was moved to https://systemd.io/BOOT_LOADER_SPECIFICATION/, +update the URL accordingly to point to the current location. + +Resolves: rhbz#1926453 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/10_linux.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index c9296154f51..6ee0a2cf3d0 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -96,7 +96,7 @@ cat < +Date: Tue, 6 Jul 2021 00:38:40 +0200 +Subject: [PATCH] templates: Check for EFI at runtime instead of config + generation time + +The 30_uefi-firmware template checks if an OsIndicationsSupported UEFI var +exists and EFI_OS_INDICATIONS_BOOT_TO_FW_UI bit is set, to decide whether +a "fwsetup" menu entry would be added or not to the GRUB menu. + +But this has the problem that it will only work if the configuration file +was created on an UEFI machine that supports booting to a firmware UI. + +This for example doesn't support creating GRUB config files when executing +on systems that support both UEFI and legacy BIOS booting. Since creating +the config file from legacy BIOS wouldn't allow to access the firmware UI. + +To prevent this, make the template to unconditionally create the grub.cfg +snippet but check at runtime if was booted through UEFI to decide if this +entry should be added. That way it won't be added when booting with BIOS. + +There's no need to check if EFI_OS_INDICATIONS_BOOT_TO_FW_UI bit is set, +since that's already done by the "fwsetup" command when is executed. + +Resolves: rhbz#1823864 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/30_uefi-firmware.in | 21 ++++++++------------- + 1 file changed, 8 insertions(+), 13 deletions(-) + +diff --git a/util/grub.d/30_uefi-firmware.in b/util/grub.d/30_uefi-firmware.in +index d344d3883d7..b6041b55e2a 100644 +--- a/util/grub.d/30_uefi-firmware.in ++++ b/util/grub.d/30_uefi-firmware.in +@@ -26,19 +26,14 @@ export TEXTDOMAINDIR="@localedir@" + + . "$pkgdatadir/grub-mkconfig_lib" + +-EFI_VARS_DIR=/sys/firmware/efi/efivars +-EFI_GLOBAL_VARIABLE=8be4df61-93ca-11d2-aa0d-00e098032b8c +-OS_INDICATIONS="$EFI_VARS_DIR/OsIndicationsSupported-$EFI_GLOBAL_VARIABLE" ++LABEL="UEFI Firmware Settings" + +-if [ -e "$OS_INDICATIONS" ] && \ +- [ "$(( $(printf 0x%x \'"$(cat $OS_INDICATIONS | cut -b5)"\') & 1 ))" = 1 ]; then +- LABEL="UEFI Firmware Settings" ++gettext_printf "Adding boot menu entry for UEFI Firmware Settings ...\n" >&2 + +- gettext_printf "Adding boot menu entry for UEFI Firmware Settings ...\n" >&2 +- +- cat << EOF +-menuentry '$LABEL' \$menuentry_id_option 'uefi-firmware' { +- fwsetup +-} +-EOF ++cat << EOF ++if [ "\$grub_platform" = "efi" ]; then ++ menuentry '$LABEL' \$menuentry_id_option 'uefi-firmware' { ++ fwsetup ++ } + fi ++EOF diff --git a/0215-efi-Print-an-error-if-boot-to-firmware-setup-is-not-.patch b/0215-efi-Print-an-error-if-boot-to-firmware-setup-is-not-.patch new file mode 100644 index 0000000..65b4aec --- /dev/null +++ b/0215-efi-Print-an-error-if-boot-to-firmware-setup-is-not-.patch @@ -0,0 +1,92 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 6 Jul 2021 01:10:18 +0200 +Subject: [PATCH] efi: Print an error if boot to firmware setup is not + supported + +The "fwsetup" command is only registered if the firmware supports booting +to the firmware setup UI. But it could be possible that the GRUB config +already contains a "fwsetup" entry, because it was generated in a machine +that has support for this feature. + +To prevent users getting a "can't find command `fwsetup`" error if it is +not supported by the firmware, let's just always register the command but +print a more accurate message if the firmware doesn't support this option. + +Resolves: rhbz#1823864 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/efi/efifwsetup.c | 43 ++++++++++++++++++++----------------- + 1 file changed, 23 insertions(+), 20 deletions(-) + +diff --git a/grub-core/commands/efi/efifwsetup.c b/grub-core/commands/efi/efifwsetup.c +index eaca0328388..328c45e82e0 100644 +--- a/grub-core/commands/efi/efifwsetup.c ++++ b/grub-core/commands/efi/efifwsetup.c +@@ -27,6 +27,25 @@ + + GRUB_MOD_LICENSE ("GPLv3+"); + ++static grub_efi_boolean_t ++efifwsetup_is_supported (void) ++{ ++ grub_efi_uint64_t *os_indications_supported = NULL; ++ grub_size_t oi_size = 0; ++ grub_efi_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID; ++ ++ grub_efi_get_variable ("OsIndicationsSupported", &global, &oi_size, ++ (void **) &os_indications_supported); ++ ++ if (!os_indications_supported) ++ return 0; ++ ++ if (*os_indications_supported & GRUB_EFI_OS_INDICATIONS_BOOT_TO_FW_UI) ++ return 1; ++ ++ return 0; ++} ++ + static grub_err_t + grub_cmd_fwsetup (grub_command_t cmd __attribute__ ((unused)), + int argc __attribute__ ((unused)), +@@ -38,6 +57,10 @@ grub_cmd_fwsetup (grub_command_t cmd __attribute__ ((unused)), + grub_size_t oi_size; + grub_efi_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID; + ++ if (!efifwsetup_is_supported ()) ++ return grub_error (GRUB_ERR_INVALID_COMMAND, ++ N_("Reboot to firmware setup is not supported")); ++ + grub_efi_get_variable ("OsIndications", &global, &oi_size, + (void **) &old_os_indications); + +@@ -56,28 +79,8 @@ grub_cmd_fwsetup (grub_command_t cmd __attribute__ ((unused)), + + static grub_command_t cmd = NULL; + +-static grub_efi_boolean_t +-efifwsetup_is_supported (void) +-{ +- grub_efi_uint64_t *os_indications_supported = NULL; +- grub_size_t oi_size = 0; +- grub_efi_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID; +- +- grub_efi_get_variable ("OsIndicationsSupported", &global, &oi_size, +- (void **) &os_indications_supported); +- +- if (!os_indications_supported) +- return 0; +- +- if (*os_indications_supported & GRUB_EFI_OS_INDICATIONS_BOOT_TO_FW_UI) +- return 1; +- +- return 0; +-} +- + GRUB_MOD_INIT (efifwsetup) + { +- if (efifwsetup_is_supported ()) + cmd = grub_register_command ("fwsetup", grub_cmd_fwsetup, NULL, + N_("Reboot into firmware setup menu.")); + diff --git a/grub.patches b/grub.patches index df709d6..9215894 100644 --- a/grub.patches +++ b/grub.patches @@ -206,3 +206,10 @@ Patch0205: 0205-Don-t-check-for-rpmvercmp-in-librpm.patch Patch0206: 0206-Allow-chainloading-EFI-apps-from-loop-mounts.patch Patch0207: 0207-efinet-Add-DHCP-proxy-support.patch Patch0208: 0208-fs-ext2-Ignore-checksum-seed-incompat-feature.patch +Patch0209: 0209-Don-t-update-the-cmdline-when-generating-legacy-menu.patch +Patch0210: 0210-Suppress-gettext-error-message.patch +Patch0211: 0211-grub-boot-success.timer-Only-run-if-not-in-a-contain.patch +Patch0212: 0212-grub-set-password-Always-use-boot-grub2-user.cfg-as-.patch +Patch0213: 0213-Remove-outdated-URL-for-BLS-document.patch +Patch0214: 0214-templates-Check-for-EFI-at-runtime-instead-of-config.patch +Patch0215: 0215-efi-Print-an-error-if-boot-to-firmware-setup-is-not-.patch diff --git a/grub2.spec b/grub2.spec index 179e8d4..907cae8 100644 --- a/grub2.spec +++ b/grub2.spec @@ -14,7 +14,7 @@ Name: grub2 Epoch: 1 Version: 2.06 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Bootloader with support for Linux, Multiboot and more License: GPLv3+ URL: http://www.gnu.org/software/grub/ @@ -523,6 +523,37 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg %endif %changelog +* Tue Jul 06 2021 Javier Martinez Canillas - 2.06-3 +- Add luks2 to GRUB_MODULES +- 20-grub-install: Create a symvers.gz symbolic link +- 20-grub-install: Always use fedora as the boot entry --class + Resolves: rhbz#1957014 +- grub.macros: Install font in /boot/grub2 instead of the ESP + Resolves: rhbz#1739762 +- grub.macros: Use consistent file mode for legacy and EFI + Resolves: rhbz#1965794 +- Drop grub2 prelink configuration + Resolves: rhbz#1659675 +- Remove triggers needed to upgrade from legacy GRUB +- Don't harcode grub2 in the spec file +- Update to unifont-13.0.06 + Resolves: rhbz#1939125 +- 20-grub-install: Use relative paths for btrfs in BLS snippets + Resolves: rhbz#1906191 +- Don't update the cmdline when generating legacy menuentry commands +- Suppress gettext error message + Resolves: rhbz#1592124 +- grub-boot-success.timer: Only run if not in a container + Resolves: rhbz#1914571 +- grub-set-password: Always use /boot/grub2/user.cfg as password default + Resolves: rhbz#1955294 +- Remove outdated URL for BLS document + Resolves: rhbz#1926453 +- templates: Check for EFI at runtime instead of config generation time + Resolves: rhbz#1823864 +- efi: Print an error if boot to firmware setup is not supported + Resolves: rhbz#1823864 + * Tue Jun 15 2021 Javier Martinez Canillas - 2.06-2 - Only try to generate a config if the ESP is mounted