The BLS files are copied from /lib/modules/$(uname -r)/bls.conf and this
file has a SELinux label of "system_u:object_r:modules_object_t" like all
the other files that are installed by the kernel package.
But the files in the /boot directory are expected to have a SELinux label
of "system_u:object_r:boot_t". For all the other files that are copied to
/boot by the kernel-install script, the SELinux security contexts are
restored to the default but that was missing for the BLS files.
Resolves: rhbz#1726020
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
In rhbz#1638405, we worked around the issue of an existing initramfs
being in the way by removing it if it's older than the kernel we're in
the process of installing.
But it was buggy and only worked with some filesystem layouts and paths, and
also possibly had some issues with file creation times causing the shell -ot
comparison to fail in some cases.
This patch changes it to remove the existing kernel (as well as other
related files) in the case that it's going to do the copy, and also fixes the
path issues.
Resolves: rhbz#1642402
Related: rhbz#1638405
Signed-off-by: Peter Jones <pjones@redhat.com>
Tested-by: Prarit Bhargava <prarit@redhat.com>
If a debug kernel package is installed, the default entry should only
be set when DEFAULTDEBUG=yes is set in /etc/sysconfig/kernel.
Resolves: rhbz#1636346
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
For the debug BLS entries a -debug suffix was added so they are sorted after
the kernel entries, but that only works with version sort and not rpm sort.
So instead use ~debug prefix so rpm sort algorithm could sort it correctly.
Related: rhbz#1638103
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Currently we fail to install a new kernel with "make install" on the second
try, because dracut won't over-write the initramfs without --force. In this
patch, 20-grub.install will remove an existing initramfs if it's newer than the
kernel we're installing.
Resolves: rhbz#1638405
Signed-off-by: Peter Jones <pjones@redhat.com>
For EFI systems, the BLS fragments were stored in the EFI System Partition
(ESP) while in non-EFI systems it was stored in /boot.
For consistency, it's better to always store the BLS fragments in the same
path regardless of the firmware interface used.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
The kernel-install plugins are called with an environment variable named
$KERNEL_INSTALL_MACHINE_ID, which is set to the machine ID read from the
/etc/machine-id file. If the file doesn't exist or is empty, the variable
is empty and $BOOT_DIR_ABS is set to a temporary directory that's removed
after all the plugins exit.
So if $KERNEL_INSTALL_MACHINE_ID is not set, just exit the script since
installing a kernel BootLoaderSpec fragment won't be possible anyways.
Resolves: rhbz#1576573
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Add some fixes for BLS parsing logic and also make 20-grub.install script
to query the relative path of the kernel and initramfs images, so BLS can
also work when /boot is not a mount point or is a btrfs subvolume.
Also pull some build fixes.
Resolves: rhbz#1588184
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
- Use version field to sort BLS entries if id field isn't defined
- Add version field to BLS fragments generated by 20-grub.install
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
If MAKEDEBUG=yes in /etc/sysconfig/kernel, then a debug menu entry should
be created. So for BLS, a debug configuration file has to be created that
contains debug kernel command line parameters.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Install a 20-grubby.install and 90-loaderentry.install kernel-install
scripts in /etc/kernel/install.d so these have higher precedence than
the ones installed in /usr/lib/kernel/install.d by the systemd pkg.
If GRUB 2 pkg isn't installed, then the systemd scripts are executed
on kernel installation and removal.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>