From ee207612f051a1577719398923fa275cab9e9291 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jul 14 2020 01:24:32 +0000 Subject: import grub2-2.02-84.el8 --- diff --git a/SOURCES/0278-Reimplement-boot_counter.patch b/SOURCES/0278-Reimplement-boot_counter.patch new file mode 100644 index 0000000..3be1786 --- /dev/null +++ b/SOURCES/0278-Reimplement-boot_counter.patch @@ -0,0 +1,196 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 4 Oct 2018 14:22:09 -0400 +Subject: [PATCH] Reimplement boot_counter + +This adds "increment" and "decrement" commands, and uses them to maintain our +variables in 01_fallback_counter. It also simplifies the counter logic, so +that there are no nested tests that conflict with each other. + +Apparently, this *really* wasn't tested well enough. + +Resolves: rhbz#1614637 +Signed-off-by: Peter Jones +[lorbus: add comments and revert logic changes in 01_fallback_counting] +Signed-off-by: Christian Glombek +--- + Makefile.util.def | 6 +++ + grub-core/Makefile.core.def | 5 ++ + grub-core/commands/increment.c | 105 ++++++++++++++++++++++++++++++++++++ + util/grub.d/01_fallback_counting.in | 22 ++++++++ + 4 files changed, 138 insertions(+) + create mode 100644 grub-core/commands/increment.c + create mode 100644 util/grub.d/01_fallback_counting.in + +diff --git a/Makefile.util.def b/Makefile.util.def +index 08cc98ddb8b..eca3dfa753f 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -448,6 +448,12 @@ script = { + installdir = grubconf; + }; + ++script = { ++ name = '01_fallback_counting'; ++ common = util/grub.d/01_fallback_counting.in; ++ installdir = grubconf; ++}; ++ + script = { + name = '01_menu_auto_hide'; + common = util/grub.d/01_menu_auto_hide.in; +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 6864e780fd4..c8a50b4fcfa 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -362,6 +362,11 @@ kernel = { + extra_dist = kern/mips/cache_flush.S; + }; + ++module = { ++ name = increment; ++ common = commands/increment.c; ++}; ++ + program = { + name = grub-emu; + mansection = 1; +diff --git a/grub-core/commands/increment.c b/grub-core/commands/increment.c +new file mode 100644 +index 00000000000..79cf137656c +--- /dev/null ++++ b/grub-core/commands/increment.c +@@ -0,0 +1,105 @@ ++/* increment.c - Commands to increment and decrement variables. */ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2006,2007,2008 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++GRUB_MOD_LICENSE ("GPLv3+"); ++ ++typedef enum { ++ INCREMENT, ++ DECREMENT, ++} operation; ++ ++static grub_err_t ++incr_decr(operation op, int argc, char **args) ++{ ++ const char *old; ++ char *new; ++ long value; ++ ++ if (argc < 1) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_ ("no variable specified")); ++ if (argc > 1) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_ ("too many arguments")); ++ ++ old = grub_env_get (*args); ++ if (!old) ++ return grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("No such variable \"%s\""), ++ *args); ++ ++ value = grub_strtol (old, NULL, 0); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; ++ ++ switch (op) ++ { ++ case INCREMENT: ++ value += 1; ++ break; ++ case DECREMENT: ++ value -= 1; ++ break; ++ } ++ ++ new = grub_xasprintf ("%ld", value); ++ if (!new) ++ return grub_errno; ++ ++ grub_env_set (*args, new); ++ grub_free (new); ++ ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++grub_cmd_incr(struct grub_command *cmd UNUSED, ++ int argc, char **args) ++{ ++ return incr_decr(INCREMENT, argc, args); ++} ++ ++static grub_err_t ++grub_cmd_decr(struct grub_command *cmd UNUSED, ++ int argc, char **args) ++{ ++ return incr_decr(DECREMENT, argc, args); ++} ++ ++static grub_command_t cmd_incr, cmd_decr; ++ ++GRUB_MOD_INIT(increment) ++{ ++ cmd_incr = grub_register_command ("increment", grub_cmd_incr, N_("VARIABLE"), ++ N_("increment VARIABLE")); ++ cmd_decr = grub_register_command ("decrement", grub_cmd_decr, N_("VARIABLE"), ++ N_("decrement VARIABLE")); ++} ++ ++GRUB_MOD_FINI(increment) ++{ ++ grub_unregister_command (cmd_incr); ++ grub_unregister_command (cmd_decr); ++} +diff --git a/util/grub.d/01_fallback_counting.in b/util/grub.d/01_fallback_counting.in +new file mode 100644 +index 00000000000..be0e770ea82 +--- /dev/null ++++ b/util/grub.d/01_fallback_counting.in +@@ -0,0 +1,22 @@ ++#! /bin/sh -e ++ ++# Boot Counting ++# The boot_counter env var can be used to count down boot attempts after an ++# OSTree upgrade and choose the rollback deployment when 0 is reached. Both ++# boot_counter and boot_success need to be (re-)set from userspace. ++cat << EOF ++insmod increment ++# Check if boot_counter exists and boot_success=0 to activate this behaviour. ++if [ -n "\${boot_counter}" -a "\${boot_success}" = "0" ]; then ++ # if countdown has ended, choose to boot rollback deployment (default=1 on ++ # OSTree-based systems) ++ if [ "\${boot_counter}" = "0" -o "\${boot_counter}" = "-1" ]; then ++ set default=1 ++ set boot_counter=-1 ++ # otherwise decrement boot_counter ++ else ++ decrement boot_counter ++ fi ++ save_env boot_counter ++fi ++EOF diff --git a/SOURCES/0279-grub.d-Split-out-boot-success-reset-from-menu-auto-h.patch b/SOURCES/0279-grub.d-Split-out-boot-success-reset-from-menu-auto-h.patch new file mode 100644 index 0000000..82df575 --- /dev/null +++ b/SOURCES/0279-grub.d-Split-out-boot-success-reset-from-menu-auto-h.patch @@ -0,0 +1,165 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Christian Glombek +Date: Tue, 2 Apr 2019 16:22:21 +0200 +Subject: [PATCH] grub.d: Split out boot success reset from menu auto hide + script + +Also rename fallback and menu auto hide script to be executed +before and after boot success reset script. +In menu auto hide script, rename last_boot_ok var to menu_hide_ok +--- + Makefile.util.def | 14 ++++++++---- + ...allback_counting.in => 08_fallback_counting.in} | 14 ++++++------ + util/grub.d/10_reset_boot_success.in | 25 ++++++++++++++++++++++ + .../{01_menu_auto_hide.in => 12_menu_auto_hide.in} | 23 +++++--------------- + 4 files changed, 48 insertions(+), 28 deletions(-) + rename util/grub.d/{01_fallback_counting.in => 08_fallback_counting.in} (65%) + create mode 100644 util/grub.d/10_reset_boot_success.in + rename util/grub.d/{01_menu_auto_hide.in => 12_menu_auto_hide.in} (58%) + +diff --git a/Makefile.util.def b/Makefile.util.def +index eca3dfa753f..5062a0e50fa 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -449,14 +449,14 @@ script = { + }; + + script = { +- name = '01_fallback_counting'; +- common = util/grub.d/01_fallback_counting.in; ++ name = '08_fallback_counting'; ++ common = util/grub.d/08_fallback_counting.in; + installdir = grubconf; + }; + + script = { +- name = '01_menu_auto_hide'; +- common = util/grub.d/01_menu_auto_hide.in; ++ name = '12_menu_auto_hide'; ++ common = util/grub.d/12_menu_auto_hide.in; + installdir = grubconf; + }; + +@@ -515,6 +515,12 @@ script = { + condition = COND_HOST_LINUX; + }; + ++script = { ++ name = '10_reset_boot_success'; ++ common = util/grub.d/10_reset_boot_success.in; ++ installdir = grubconf; ++}; ++ + script = { + name = '10_xnu'; + common = util/grub.d/10_xnu.in; +diff --git a/util/grub.d/01_fallback_counting.in b/util/grub.d/08_fallback_counting.in +similarity index 65% +rename from util/grub.d/01_fallback_counting.in +rename to util/grub.d/08_fallback_counting.in +index be0e770ea82..2e2c3ff7d31 100644 +--- a/util/grub.d/01_fallback_counting.in ++++ b/util/grub.d/08_fallback_counting.in +@@ -1,15 +1,17 @@ + #! /bin/sh -e +- +-# Boot Counting ++# Fallback Countdown ++# ++# This snippet depends on 10_reset_boot_success and needs to be kept in sync. ++# + # The boot_counter env var can be used to count down boot attempts after an +-# OSTree upgrade and choose the rollback deployment when 0 is reached. Both +-# boot_counter and boot_success need to be (re-)set from userspace. ++# OSTree upgrade and choose the rollback deployment when 0 is reached. ++# Both boot_counter=X and boot_success=1 need to be set from userspace. + cat << EOF + insmod increment + # Check if boot_counter exists and boot_success=0 to activate this behaviour. + if [ -n "\${boot_counter}" -a "\${boot_success}" = "0" ]; then +- # if countdown has ended, choose to boot rollback deployment (default=1 on +- # OSTree-based systems) ++ # if countdown has ended, choose to boot rollback deployment, ++ # i.e. default=1 on OSTree-based systems. + if [ "\${boot_counter}" = "0" -o "\${boot_counter}" = "-1" ]; then + set default=1 + set boot_counter=-1 +diff --git a/util/grub.d/10_reset_boot_success.in b/util/grub.d/10_reset_boot_success.in +new file mode 100644 +index 00000000000..6c88d933dde +--- /dev/null ++++ b/util/grub.d/10_reset_boot_success.in +@@ -0,0 +1,25 @@ ++#! /bin/sh -e ++# Reset Boot Success ++# ++# The 08_fallback_counting and 12_menu_auto_hide snippets rely on this one ++# and need to be kept in sync. ++# ++# The boot_success var needs to be set to 1 from userspace to mark a boot successful. ++cat << EOF ++insmod increment ++# Hiding the menu is ok if last boot was ok or if this is a first boot attempt to boot the entry ++if [ "\${boot_success}" = "1" -o "\${boot_indeterminate}" = "1" ]; then ++ set menu_hide_ok=1 ++else ++ set menu_hide_ok=0 ++fi ++# Reset boot_indeterminate after a successful boot, increment otherwise ++if [ "\${boot_success}" = "1" ] ; then ++ set boot_indeterminate=0 ++else ++ increment boot_indeterminate ++fi ++# Reset boot_success for current boot ++set boot_success=0 ++save_env boot_success boot_indeterminate ++EOF +diff --git a/util/grub.d/01_menu_auto_hide.in b/util/grub.d/12_menu_auto_hide.in +similarity index 58% +rename from util/grub.d/01_menu_auto_hide.in +rename to util/grub.d/12_menu_auto_hide.in +index ad175870a54..6a7c0fa0d43 100644 +--- a/util/grub.d/01_menu_auto_hide.in ++++ b/util/grub.d/12_menu_auto_hide.in +@@ -1,5 +1,8 @@ + #! /bin/sh +- ++# Menu Auto Hide ++# ++# This snippet depends on 10_reset_boot_success and needs to be kept in sync. ++# + # Disable / skip generating menu-auto-hide config parts on serial terminals + for x in ${GRUB_TERMINAL_INPUT} ${GRUB_TERMINAL_OUTPUT}; do + case "$x" in +@@ -10,29 +13,13 @@ for x in ${GRUB_TERMINAL_INPUT} ${GRUB_TERMINAL_OUTPUT}; do + done + + cat << EOF +-if [ "\${boot_success}" = "1" -o "\${boot_indeterminate}" = "1" ]; then +- set last_boot_ok=1 +-else +- set last_boot_ok=0 +-fi +- +-# Reset boot_indeterminate after a successful boot +-if [ "\${boot_success}" = "1" ] ; then +- set boot_indeterminate=0 +-# Avoid boot_indeterminate causing the menu to be hidden more then once +-elif [ "\${boot_indeterminate}" = "1" ]; then +- set boot_indeterminate=2 +-fi +-set boot_success=0 +-save_env boot_success boot_indeterminate +- + if [ x\$feature_timeout_style = xy ] ; then + if [ "\${menu_show_once}" ]; then + unset menu_show_once + save_env menu_show_once + set timeout_style=menu + set timeout=60 +- elif [ "\${menu_auto_hide}" -a "\${last_boot_ok}" = "1" ]; then ++ elif [ "\${menu_auto_hide}" -a "\${menu_hide_ok}" = "1" ]; then + set orig_timeout_style=\${timeout_style} + set orig_timeout=\${timeout} + if [ "\${fastboot}" = "1" ]; then diff --git a/SOURCES/0280-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch b/SOURCES/0280-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch new file mode 100644 index 0000000..54b73e6 --- /dev/null +++ b/SOURCES/0280-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch @@ -0,0 +1,75 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Tue, 26 Nov 2019 09:51:41 +0100 +Subject: [PATCH] grub.d: Fix boot_indeterminate getting set on boot_success=0 + boot + +The "grub.d: Split out boot success reset from menu auto hide script" +not only moved the code to clear boot_success and boot_indeterminate +but for some reason also mixed in some broken changes to the +boot_indeterminate handling. + +The boot_indeterminate var is meant to suppress the boot menu after +a reboot from either a selinux-relabel or offline-updates. These +2 special boot scenarios do not set boot_success since there is no +successfull interaction with the user. Instead they increment +boot_indeterminate, and if it is 1 and only when it is 1, so the +first reboot after a "special" boot we suppress the menu. + +To ensure that we do show the menu if we somehow get stuck in a +"special" boot loop where we do special-boots without them +incrementing boot_indeterminate, the code before the +"grub.d: Split out boot success reset from menu auto hide script" +commit would increment boot_indeterminate once when it is 1, so that +even if the "special" boot reboot-loop immediately we would show the +menu on the next boot. + +That commit broke this however, because it not only moves the code, +it also changes it from only "incrementing" boot_indeterminate once to +always incrementing it, except when boot_success == 1 (and we reset it). + +This broken behavior causes the following problem: + +1. Boot a broken kernel, system hangs, power-cycle +2. boot_success now != 1, so we increment boot_indeterminate from 0 + (unset!) to 1. User either simply tries again, or makes some changes + but the end-result still is a system hang, power-cycle +3. Now boot_indeterminate==1 so we do not show the menu even though the + previous boot failed -> BAD + +This commit fixes this by restoring the behavior of setting +boot_indeterminate to 2 when it was 1 before. + +Fixes: "grub.d: Split out boot success reset from menu auto hide script" +Signed-off-by: Hans de Goede +--- + util/grub.d/10_reset_boot_success.in | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/util/grub.d/10_reset_boot_success.in b/util/grub.d/10_reset_boot_success.in +index 6c88d933dde..737e1ae5b68 100644 +--- a/util/grub.d/10_reset_boot_success.in ++++ b/util/grub.d/10_reset_boot_success.in +@@ -6,18 +6,18 @@ + # + # The boot_success var needs to be set to 1 from userspace to mark a boot successful. + cat << EOF +-insmod increment + # Hiding the menu is ok if last boot was ok or if this is a first boot attempt to boot the entry + if [ "\${boot_success}" = "1" -o "\${boot_indeterminate}" = "1" ]; then + set menu_hide_ok=1 + else + set menu_hide_ok=0 + fi +-# Reset boot_indeterminate after a successful boot, increment otherwise ++# Reset boot_indeterminate after a successful boot + if [ "\${boot_success}" = "1" ] ; then + set boot_indeterminate=0 +-else +- increment boot_indeterminate ++# Avoid boot_indeterminate causing the menu to be hidden more then once ++elif [ "\${boot_indeterminate}" = "1" ]; then ++ set boot_indeterminate=2 + fi + # Reset boot_success for current boot + set boot_success=0 diff --git a/SOURCES/centos-ca-secureboot.der b/SOURCES/centos-ca-secureboot.der deleted file mode 100644 index 44a2563..0000000 Binary files a/SOURCES/centos-ca-secureboot.der and /dev/null differ diff --git a/SOURCES/centossecureboot001.crt b/SOURCES/centossecureboot001.crt deleted file mode 100644 index 321c4ec..0000000 --- a/SOURCES/centossecureboot001.crt +++ /dev/null @@ -1,81 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - b6:16:15:71:72:fb:31:7e - Signature Algorithm: sha256WithRSAEncryption - Issuer: CN=CentOS Secure Boot (CA key 1)/emailAddress=security@centos.org - Validity - Not Before: Aug 1 11:47:30 2018 GMT - Not After : Dec 31 11:47:30 2037 GMT - Subject: CN=CentOS Secure Boot (key 1)/emailAddress=security@centos.org - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:c1:a3:6a:f4:2d:71:83:6c:21:ca:0c:b7:ac:fa: - 76:80:43:03:40:87:5d:de:e9:1e:df:ad:e7:2b:51: - cb:f8:31:0f:9a:db:ab:23:25:04:11:05:57:7d:f2: - 4b:8d:1e:b3:75:78:1d:b9:57:8b:18:0b:bb:7e:e3: - 24:0f:6a:40:5f:2b:4f:03:a5:85:94:d2:f9:08:a0: - bc:db:a5:ea:4f:7f:e8:7c:d1:a9:f8:f0:9c:25:18: - 00:14:c4:c4:35:7d:1d:4c:8a:8d:95:f8:ed:65:97: - a5:a4:da:7d:cb:f0:33:3b:b7:03:94:68:47:05:57: - 6c:96:91:ac:14:f2:e3:f6:6d:4a:18:cf:68:8a:35: - 6f:8e:26:99:7f:db:c9:83:54:c2:c3:bf:ad:45:a0: - aa:a0:86:5f:20:b1:86:1b:ae:b7:28:15:11:f9:65: - 53:5d:70:33:9b:a3:c7:b5:c8:11:ff:55:3b:e7:46: - f1:6c:6b:8c:bb:f2:9f:36:23:b1:2d:23:2f:8f:4f: - 6c:a8:cc:ae:f5:56:9e:22:6c:0e:9a:4a:b1:bd:b2: - 76:15:5c:05:85:b8:5e:dc:8c:a5:c3:e0:75:51:a4: - 94:9b:03:2e:7b:f8:d3:b9:dd:7f:88:ce:2e:2f:28: - 4c:b4:92:2f:e6:e0:67:0a:d0:ff:c5:d2:79:a6:ef: - 94:0f - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Key Usage: - Digital Signature - X509v3 Subject Key Identifier: - F0:37:C6:EA:EC:36:D4:05:7A:52:6C:0E:C6:D5:A9:5B:32:4E:E1:29 - X509v3 Authority Key Identifier: - keyid:54:EC:81:85:89:3E:E9:1A:DB:08:F7:44:88:54:7E:8E:3F:74:3A:F3 - - Signature Algorithm: sha256WithRSAEncryption - 97:97:ba:a6:0b:5b:bb:84:39:2e:ef:8b:51:9a:89:bb:65:3c: - dc:15:d0:5a:88:c5:af:ce:93:f5:c1:74:98:15:59:a9:38:da: - 11:fd:46:d5:4f:23:7c:03:1f:ae:0c:70:93:94:a7:61:2f:4b: - 2f:5f:bb:cc:8a:d7:4a:24:66:73:85:b4:19:13:fc:6a:61:4a: - 28:1f:a2:38:f4:72:90:03:c4:3e:64:63:8b:fb:15:22:22:4e: - b9:43:d9:b4:3d:3a:60:c1:4d:3a:09:85:68:7a:bc:3b:f9:ef: - f3:f5:e9:c9:4f:80:8c:c6:e9:cb:ef:28:44:b0:5d:d4:9e:4f: - 0f:02:9a:65:aa:98:35:b4:6f:d2:80:e3:08:ef:12:d0:17:56: - a6:a1:42:1e:1d:ab:e5:33:c0:fd:88:0d:40:42:81:c8:27:30: - 17:07:57:3e:05:9d:aa:05:0e:5b:3a:79:b4:29:aa:7c:42:5a: - ad:43:59:fb:34:4d:dc:62:58:63:e4:fb:de:bb:fd:6c:4e:97: - 58:f4:b9:99:4a:71:fe:7f:16:50:55:25:46:39:96:9b:88:6c: - 75:19:33:9e:70:b3:04:82:fe:16:a8:8e:22:47:83:6d:16:77: - da:26:ad:31:d8:06:6d:c5:7e:46:4b:21:ab:ae:ec:2a:93:71: - da:7f:89:1d ------BEGIN CERTIFICATE----- -MIIDdTCCAl2gAwIBAgIJALYWFXFy+zF+MA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV -BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB -FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE4MDgwMTExNDczMFoXDTM3MTIzMTEx -NDczMFowSTEjMCEGA1UEAxMaQ2VudE9TIFNlY3VyZSBCb290IChrZXkgMSkxIjAg -BgkqhkiG9w0BCQEWE3NlY3VyaXR5QGNlbnRvcy5vcmcwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQDBo2r0LXGDbCHKDLes+naAQwNAh13e6R7frecrUcv4 -MQ+a26sjJQQRBVd98kuNHrN1eB25V4sYC7t+4yQPakBfK08DpYWU0vkIoLzbpepP -f+h80an48JwlGAAUxMQ1fR1Mio2V+O1ll6Wk2n3L8DM7twOUaEcFV2yWkawU8uP2 -bUoYz2iKNW+OJpl/28mDVMLDv61FoKqghl8gsYYbrrcoFRH5ZVNdcDObo8e1yBH/ -VTvnRvFsa4y78p82I7EtIy+PT2yozK71Vp4ibA6aSrG9snYVXAWFuF7cjKXD4HVR -pJSbAy57+NO53X+Izi4vKEy0ki/m4GcK0P/F0nmm75QPAgMBAAGjXTBbMAwGA1Ud -EwEB/wQCMAAwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBTwN8bq7DbUBXpSbA7G1alb -Mk7hKTAfBgNVHSMEGDAWgBRU7IGFiT7pGtsI90SIVH6OP3Q68zANBgkqhkiG9w0B -AQsFAAOCAQEAl5e6pgtbu4Q5Lu+LUZqJu2U83BXQWojFr86T9cF0mBVZqTjaEf1G -1U8jfAMfrgxwk5SnYS9LL1+7zIrXSiRmc4W0GRP8amFKKB+iOPRykAPEPmRji/sV -IiJOuUPZtD06YMFNOgmFaHq8O/nv8/XpyU+AjMbpy+8oRLBd1J5PDwKaZaqYNbRv -0oDjCO8S0BdWpqFCHh2r5TPA/YgNQEKByCcwFwdXPgWdqgUOWzp5tCmqfEJarUNZ -+zRN3GJYY+T73rv9bE6XWPS5mUpx/n8WUFUlRjmWm4hsdRkznnCzBIL+FqiOIkeD -bRZ32iatMdgGbcV+Rkshq67sKpNx2n+JHQ== ------END CERTIFICATE----- diff --git a/SOURCES/grub.macros b/SOURCES/grub.macros index 1e3705f..1d9e2ef 100644 --- a/SOURCES/grub.macros +++ b/SOURCES/grub.macros @@ -387,7 +387,7 @@ GRUB_MODULES=" all_video boot blscfg btrfs \\\ cat configfile \\\ echo efi_netfs efifwsetup efinet ext2 \\\ fat font gfxmenu gfxterm gzio \\\ - halt hfsplus http iso9660 jpeg \\\ + halt hfsplus http increment iso9660 jpeg \\\ loadenv loopback linux lvm lsefi lsefimmap \\\ mdraid09 mdraid1x minicmd net \\\ normal part_apple part_msdos part_gpt \\\ diff --git a/SOURCES/grub.patches b/SOURCES/grub.patches index 1c417e2..e137883 100644 --- a/SOURCES/grub.patches +++ b/SOURCES/grub.patches @@ -275,3 +275,6 @@ Patch0274: 0274-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch Patch0275: 0275-efi-net-Print-a-debug-message-if-parsing-the-address.patch Patch0276: 0276-efi-Set-image-base-address-before-jumping-to-the-PE-.patch Patch0277: 0277-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch +Patch0278: 0278-Reimplement-boot_counter.patch +Patch0279: 0279-grub.d-Split-out-boot-success-reset-from-menu-auto-h.patch +Patch0280: 0280-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec index 5fc514c..20de9b6 100644 --- a/SPECS/grub2.spec +++ b/SPECS/grub2.spec @@ -7,7 +7,7 @@ Name: grub2 Epoch: 1 Version: 2.02 -Release: 83%{?dist} +Release: 84%{?dist} Summary: Bootloader with support for Linux, Multiboot and more Group: System Environment/Base License: GPLv3+ @@ -24,8 +24,8 @@ Source6: gitignore Source8: strtoull_test.c Source9: 20-grub.install Source12: 99-grub-mkconfig.install -Source13: centos-ca-secureboot.der -Source14: centossecureboot001.crt +Source13: securebootca.cer +Source14: secureboot.cer %include %{SOURCE1} @@ -52,11 +52,7 @@ BuildRequires: pesign >= 0.99-8 BuildRequires: ccache %endif -%if 0%{?centos} -%global efidir centos -%endif - -ExcludeArch: s390 s390x +ExcludeArch: s390 s390x %{arm} Obsoletes: %{name} <= %{evr} %if 0%{with_legacy_arch} @@ -168,10 +164,10 @@ git commit -m "After making subdirs" %build %if 0%{with_efi_arch} -%{expand:%do_primary_efi_build %%{grubefiarch} %%{grubefiname} %%{grubeficdname} %%{_target_platform} %%{efi_target_cflags} %%{efi_host_cflags} %{SOURCE13} %{SOURCE14} centossecureboot001} +%{expand:%do_primary_efi_build %%{grubefiarch} %%{grubefiname} %%{grubeficdname} %%{_target_platform} %%{efi_target_cflags} %%{efi_host_cflags} %{SOURCE13} %{SOURCE14} redhatsecureboot301} %endif %if 0%{with_alt_efi_arch} -%{expand:%do_alt_efi_build %%{grubaltefiarch} %%{grubaltefiname} %%{grubalteficdname} %%{_alt_target_platform} %%{alt_efi_target_cflags} %%{alt_efi_host_cflags} %{SOURCE13} %{SOURCE14} centossecureboot001} +%{expand:%do_alt_efi_build %%{grubaltefiarch} %%{grubaltefiname} %%{grubalteficdname} %%{_alt_target_platform} %%{alt_efi_target_cflags} %%{alt_efi_host_cflags} %{SOURCE13} %{SOURCE14} redhatsecureboot301} %endif %if 0%{with_legacy_arch} %{expand:%do_legacy_build %%{grublegacyarch}} @@ -502,6 +498,10 @@ fi %endif %changelog +* Tue May 19 2020 Javier Martinez Canillas - 2.02-84 +- Add fixes for greenboot support + Resolves: rhbz#1832336 + * Mon May 18 2020 Javier Martinez Canillas - 2.02-83 - Fix a segfault in grub2-editenv when attempting to shrink a variable Resolves: rhbz#1761496