diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f215bd0 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/ipxe-20200823-git4bd064de.tar.xz diff --git a/.ipxe.metadata b/.ipxe.metadata new file mode 100644 index 0000000..c0638cf --- /dev/null +++ b/.ipxe.metadata @@ -0,0 +1 @@ +0441a1fc97256eb89f1e0dccb2067bde8e9cf2a2 SOURCES/ipxe-20200823-git4bd064de.tar.xz diff --git a/SOURCES/0001-build-customize-configuration.patch b/SOURCES/0001-build-customize-configuration.patch new file mode 100644 index 0000000..9763ba0 --- /dev/null +++ b/SOURCES/0001-build-customize-configuration.patch @@ -0,0 +1,8 @@ +diff -rupN ipxe-20190125-git36a4c85f/src/config/local/general.h ipxe-20190125-git36a4c85f.new/src/config/local/general.h +--- ipxe-20190125-git36a4c85f/src/config/local/general.h 1970-01-01 01:00:00.000000000 +0100 ++++ ipxe-20190125-git36a4c85f.new/src/config/local/general.h 2019-02-01 16:40:42.725293033 +0000 +@@ -0,0 +1,4 @@ ++/* Enable IPv6. */ ++#define NET_PROTO_IPV6 ++/* Enable HTTPS */ ++#define DOWNLOAD_PROTO_HTTPS diff --git a/SOURCES/0002-Use-spec-compliant-timeouts.patch b/SOURCES/0002-Use-spec-compliant-timeouts.patch new file mode 100644 index 0000000..f1a4d50 --- /dev/null +++ b/SOURCES/0002-Use-spec-compliant-timeouts.patch @@ -0,0 +1,98 @@ +From bc252caa54fcfb2e9fd0ddb01ebaa50192e85c38 Mon Sep 17 00:00:00 2001 +From: Alex Williamson +Date: Wed, 21 Oct 2015 11:18:40 +0200 +Subject: Use spec compliant timeouts + +Message-id: <20150428212403.31299.29391.stgit@gimli.home> +Patchwork-id: 64951 +O-Subject: [RHEL7.2 ipxe PATCH 2/2] [dhcp][RHEL-only] Use spec compliant timeouts +Bugzilla: 1196352 +RH-Acked-by: Miroslav Rezanina +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Laszlo Ersek + +Use local config to override iPXE's abbreviated DHCP timeouts using +the recommended values for spec compliance. This matches the state +of RHEL6 gPXE DHCP timeouts after bz968474 + bz1206042 + +Signed-off-by: Alex Williamson +Signed-off-by: Miroslav Rezanina +(cherry picked from commit 7038f41c0131d263de5165b416500009acdbf550) +--- + src/config/local/.gitignore | 1 - + src/config/local/dhcp.h | 62 +++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 62 insertions(+), 1 deletion(-) + delete mode 100644 src/config/local/.gitignore + create mode 100644 src/config/local/dhcp.h + +diff --git a/src/config/local/dhcp.h b/src/config/local/dhcp.h +new file mode 100644 +index 0000000..83df5b8 +--- /dev/null ++++ b/src/config/local/dhcp.h +@@ -0,0 +1,62 @@ ++/* ++ * Downstream localization ++ * ++ * For RHEL, use spec compliant DHCP timeouts (bz1196352) ++ */ ++ ++/* ++ * PXE spec defines timeouts of 4, 8, 16, 32 seconds ++ */ ++#undef DHCP_DISC_START_TIMEOUT_SEC ++#define DHCP_DISC_START_TIMEOUT_SEC 4 ++#undef DHCP_DISC_END_TIMEOUT_SEC ++#define DHCP_DISC_END_TIMEOUT_SEC 32 ++ ++/* ++ * Elapsed time used for early break waiting for ProxyDHCP, this therefore ++ * needs to be less than the cumulative time for the first 2 timeouts. ++ */ ++#undef DHCP_DISC_PROXY_TIMEOUT_SEC ++#define DHCP_DISC_PROXY_TIMEOUT_SEC 11 ++ ++/* ++ * Approximate PXE spec requirement using minimum timeout (0.25s) for ++ * timeouts of 0.25, 0.5, 1, 2, 4 ++ */ ++#undef DHCP_REQ_START_TIMEOUT_SEC ++#define DHCP_REQ_START_TIMEOUT_SEC 0 ++#undef DHCP_REQ_END_TIMEOUT_SEC ++#define DHCP_REQ_END_TIMEOUT_SEC 4 ++ ++/* ++ * Same as normal request phase, except non-fatal, so we extend the timer ++ * to 8 and set the early timeout to an elapsed time value that causes a ++ * break after the 4 second timeout. At least that's what we'd like to do, ++ * but our timer operates at 18Hz and has a minimum resolution of 7 cycles. ++ * Therefore the above quarter-second starting timeout looks more like ++ * 0.39s, 0.78s, 1.56s, 3.11s, 6.22s. If we had an ideal timer, we could ++ * set the timeout to 7s (0.25 + 0.5 + 1 + 2 + 4 = 7.75s) and exit without ++ * failure when the timer rolls over to 8s. With our timer, we get 0.39 + ++ * 0.78 + 1.56 + 3.11 = 5.84s. The next timeout would take us to 12.06s ++ * (+6.22). That seems like a long time to wait for an optional reply, so ++ * we reduce the early timeout to 5s to exit before the timer exceeds the ++ * max and causes a failure. This still adds one extra cycle vs the ++ * upstream defaults. ++ */ ++#undef DHCP_PROXY_START_TIMEOUT_SEC ++#define DHCP_PROXY_START_TIMEOUT_SEC 0 ++#undef DHCP_PROXY_END_TIMEOUT_SEC ++#define DHCP_PROXY_END_TIMEOUT_SEC 8 ++#undef DHCP_REQ_PROXY_TIMEOUT_SEC ++#define DHCP_REQ_PROXY_TIMEOUT_SEC 5 ++ ++/* ++ * Same as above, retry each server using our approximation of standard ++ * timeouts and exit before timer induced failure. ++ */ ++#undef PXEBS_START_TIMEOUT_SEC ++#define PXEBS_START_TIMEOUT_SEC 0 ++#undef PXEBS_END_TIMEOUT_SEC ++#define PXEBS_END_TIMEOUT_SEC 8 ++#undef PXEBS_MAX_TIMEOUT_SEC ++#define PXEBS_MAX_TIMEOUT_SEC 5 +-- +1.8.3.1 + diff --git a/SOURCES/ipxe-Add-VLAN-tagging-support.patch b/SOURCES/ipxe-Add-VLAN-tagging-support.patch new file mode 100644 index 0000000..8e5bbed --- /dev/null +++ b/SOURCES/ipxe-Add-VLAN-tagging-support.patch @@ -0,0 +1,34 @@ +From 2a9170ed88dc55d601a70d34f2d93157dc30e307 Mon Sep 17 00:00:00 2001 +From: Miroslav Rezanina +Date: Mon, 2 Aug 2021 08:33:47 -0400 +Subject: [PATCH 2/5] Add VLAN tagging support + +RH-Author: Miroslav Rezanina +RH-MergeRequest: 6: Forwardport missing RHEL 8 downsteream changes +RH-Commit: [2/5] 3359f0d96c8743abefdf1b81857c84f4e7312f9d (mrezanin/centos-src-ipxe) +RH-Bugzilla: 1985658 + +RHEL 8 added support for VLAN tagging. We need to add it to RHEL 9 +so we are not regressing. + +Signed-off-by: Miroslav Rezanina +--- + src/config/general.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/config/general.h b/src/config/general.h +index 5adf6a35..a6df71b5 100644 +--- a/src/config/general.h ++++ b/src/config/general.h +@@ -140,7 +140,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + //#define TIME_CMD /* Time commands */ + //#define DIGEST_CMD /* Image crypto digest commands */ + //#define LOTEST_CMD /* Loopback testing commands */ +-//#define VLAN_CMD /* VLAN commands */ ++#define VLAN_CMD /* VLAN commands */ + //#define PXE_CMD /* PXE commands */ + //#define REBOOT_CMD /* Reboot command */ + //#define POWEROFF_CMD /* Power off command */ +-- +2.27.0 + diff --git a/SOURCES/ipxe-Add-ping-command-support.patch b/SOURCES/ipxe-Add-ping-command-support.patch new file mode 100644 index 0000000..018c17f --- /dev/null +++ b/SOURCES/ipxe-Add-ping-command-support.patch @@ -0,0 +1,36 @@ +From 4d004e6a535c4f102c7b91c2f4d259cebaf1fb69 Mon Sep 17 00:00:00 2001 +From: Miroslav Rezanina +Date: Mon, 2 Aug 2021 08:11:12 -0400 +Subject: [PATCH 1/5] Add ping command support + +RH-Author: Miroslav Rezanina +RH-MergeRequest: 6: Forwardport missing RHEL 8 downsteream changes +RH-Commit: [1/5] f95713f55d7af7970d39462c94b866f833eedca1 (mrezanin/centos-src-ipxe) +RH-Bugzilla: 1985658 + +To allow trouble shooting ipxe issues, ping command were added to +RHEL 8 (see BZ 1913719). + +Adding this command to RHEL 9 to prevent regression from RHEL 8 functionality. + +Signed-off-by: Miroslav Rezanina +--- + src/config/general.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/config/general.h b/src/config/general.h +index 3c14a2cd..5adf6a35 100644 +--- a/src/config/general.h ++++ b/src/config/general.h +@@ -148,7 +148,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + //#define PCI_CMD /* PCI commands */ + //#define PARAM_CMD /* Form parameter commands */ + //#define NEIGHBOUR_CMD /* Neighbour management commands */ +-//#define PING_CMD /* Ping command */ ++#define PING_CMD /* Ping command */ + //#define CONSOLE_CMD /* Console command */ + //#define IPSTAT_CMD /* IP statistics commands */ + //#define PROFSTAT_CMD /* Profiling commands */ +-- +2.27.0 + diff --git a/SOURCES/ipxe-Disable-SHA-1.patch b/SOURCES/ipxe-Disable-SHA-1.patch new file mode 100644 index 0000000..e66cad1 --- /dev/null +++ b/SOURCES/ipxe-Disable-SHA-1.patch @@ -0,0 +1,33 @@ +From e50ff50417dca26223b771d2a93cf57d4f627104 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Thu, 22 Jul 2021 15:49:51 +0200 +Subject: [PATCH 1/4] Disable SHA-1 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Gerd Hoffmann +RH-MergeRequest: 5: Disable SHA-1 +RH-Commit: [1/1] 23f1cca1f3ac86958088c41e0f8122dde74c72cf (kraxel/ipxe) +RH-Bugzilla: 1935932 +RH-Acked-by: Daniel P. Berrangé +RH-Acked-by: Philippe Mathieu-Daudé + +Signed-off-by: Gerd Hoffmann +Signed-off-by: Miroslav Rezanina +--- + src/config/local/crypto.h | 2 ++ + 1 file changed, 2 insertions(+) + create mode 100644 src/config/local/crypto.h + +diff --git a/src/config/local/crypto.h b/src/config/local/crypto.h +new file mode 100644 +index 00000000..ff4a5b7f +--- /dev/null ++++ b/src/config/local/crypto.h +@@ -0,0 +1,2 @@ ++/** disable SHA-1 digest algorithm */ ++#undef CRYPTO_DIGEST_SHA1 +-- +2.27.0 + diff --git a/SOURCES/ipxe-netdevice-Strip-802.Q-VLAN-0-priority-tags.patch b/SOURCES/ipxe-netdevice-Strip-802.Q-VLAN-0-priority-tags.patch new file mode 100644 index 0000000..cf9c798 --- /dev/null +++ b/SOURCES/ipxe-netdevice-Strip-802.Q-VLAN-0-priority-tags.patch @@ -0,0 +1,195 @@ +From ff3a5af3d7f78577899626b2f8b612369e051916 Mon Sep 17 00:00:00 2001 +From: Miroslav Rezanina +Date: Mon, 2 Aug 2021 08:32:33 -0400 +Subject: [PATCH 3/5] [netdevice] Strip 802.Q VLAN 0 priority tags + +RH-Author: Miroslav Rezanina +RH-MergeRequest: 6: Forwardport missing RHEL 8 downsteream changes +RH-Commit: [3/5] 440560659da2028f365a71b4ed4991955022dce5 (mrezanin/centos-src-ipxe) +RH-Bugzilla: 1985658 + +iPXE was unable to receive priority tagged packets specified in +the 802.1Q standard and supported by all major networking stacks. + +This commit adds a new function net_pull_tags which is called by +all consumers of incoming packets after stripping their link-layer +headers. + +Upstream patch: +http://lists.ipxe.org/pipermail/ipxe-devel/2016-July/005099.html + +Downstream changes: +Upstream commit fe680c822856 made vlan_find static. This prevents +it's usage int this patch. Reverting changes adding static for +vlan_find. + +Signed-off-by: Ladi Prosek +Signed-off-by: Miroslav Rezanina +--- + src/arch/x86/interface/pxe/pxe_undi.c | 6 +++ + src/include/ipxe/netdevice.h | 2 + + src/include/ipxe/vlan.h | 2 + + src/interface/efi/efi_snp.c | 7 ++++ + src/net/netdevice.c | 57 +++++++++++++++++++++++++++ + src/net/vlan.c | 2 +- + 6 files changed, 75 insertions(+), 1 deletion(-) + +diff --git a/src/arch/x86/interface/pxe/pxe_undi.c b/src/arch/x86/interface/pxe/pxe_undi.c +index 2eb68178..2ea14515 100644 +--- a/src/arch/x86/interface/pxe/pxe_undi.c ++++ b/src/arch/x86/interface/pxe/pxe_undi.c +@@ -976,6 +976,12 @@ static PXENV_EXIT_t pxenv_undi_isr ( struct s_PXENV_UNDI_ISR *undi_isr ) { + } + ll_hlen = ( len - iob_len ( iobuf ) ); + ++ /* Strip link-layer-independent headers */ ++ if ( ( rc = net_pull_tags ( iobuf, pxe_netdev, &net_proto ) ) != 0 ) { ++ /* Assume unknown net_proto */ ++ net_proto = 0; ++ } ++ + /* Determine network-layer protocol */ + switch ( net_proto ) { + case htons ( ETH_P_IP ): +diff --git a/src/include/ipxe/netdevice.h b/src/include/ipxe/netdevice.h +index d498ab69..27dda45d 100644 +--- a/src/include/ipxe/netdevice.h ++++ b/src/include/ipxe/netdevice.h +@@ -726,6 +726,8 @@ extern int net_tx ( struct io_buffer *iobuf, struct net_device *netdev, + extern int net_rx ( struct io_buffer *iobuf, struct net_device *netdev, + uint16_t net_proto, const void *ll_dest, + const void *ll_source, unsigned int flags ); ++extern int net_pull_tags ( struct io_buffer *iobuf, struct net_device *netdev, ++ uint16_t *net_proto ); + extern void net_poll ( void ); + extern struct net_device_configurator * + find_netdev_configurator ( const char *name ); +diff --git a/src/include/ipxe/vlan.h b/src/include/ipxe/vlan.h +index 7f93439b..b82f3806 100644 +--- a/src/include/ipxe/vlan.h ++++ b/src/include/ipxe/vlan.h +@@ -61,6 +61,8 @@ struct vlan_header { + */ + #define VLAN_PRIORITY_IS_VALID( priority ) ( (priority) <= 7 ) + ++extern struct net_device * vlan_find ( struct net_device *trunk, ++ unsigned int tag ); + extern unsigned int vlan_tag ( struct net_device *netdev ); + extern int vlan_can_be_trunk ( struct net_device *trunk ); + extern int vlan_create ( struct net_device *trunk, unsigned int tag, +diff --git a/src/interface/efi/efi_snp.c b/src/interface/efi/efi_snp.c +index d648700f..a8f2ac8e 100644 +--- a/src/interface/efi/efi_snp.c ++++ b/src/interface/efi/efi_snp.c +@@ -813,6 +813,13 @@ efi_snp_receive ( EFI_SIMPLE_NETWORK_PROTOCOL *snp, + goto out_bad_ll_header; + } + ++ /* Strip link-layer-independent headers */ ++ if ( ( rc = net_pull_tags ( iobuf, snpdev->netdev, &iob_net_proto ) ) ) { ++ DBGC ( snpdev, "SNPDEV %p could not parse tags: %s\n", ++ snpdev, strerror ( rc ) ); ++ goto out_bad_ll_header; ++ } ++ + /* Return link-layer header parameters to caller, if required */ + if ( ll_header_len ) + *ll_header_len = ll_protocol->ll_header_len; +diff --git a/src/net/netdevice.c b/src/net/netdevice.c +index 3b02e64b..95803f26 100644 +--- a/src/net/netdevice.c ++++ b/src/net/netdevice.c +@@ -1043,6 +1043,45 @@ int net_rx ( struct io_buffer *iobuf, struct net_device *netdev, + return -ENOTSUP; + } + ++ ++/** ++ * Strip extra link-layer-independent tags from a received packet ++ * ++ * @v iobuf I/O buffer ++ * @v netdev Network device ++ * @v net_proto Network-layer protocol, in network-byte order ++ * @ret rc Return status code ++ * ++ * This function should be called after stripping link-layer headers but ++ * before inspecting the network-layer protocol. ++ */ ++int net_pull_tags ( struct io_buffer *iobuf, struct net_device *netdev, ++ uint16_t *net_proto ) { ++ struct vlan_header *vlanhdr; ++ uint16_t tag; ++ ++ /* Strip 802.1Q VLAN 0 priority tags if present */ ++ while ( *net_proto == htons ( ETH_P_8021Q ) ) { ++ if ( iob_len ( iobuf ) < sizeof ( *vlanhdr ) ) { ++ DBG ( "VLAN header too short at %zd bytes (min %zd bytes)\n", ++ iob_len ( iobuf ), sizeof ( *vlanhdr ) ); ++ return -EINVAL; ++ } ++ vlanhdr = ( struct vlan_header * ) iobuf->data; ++ tag = VLAN_TAG ( ntohs ( vlanhdr->tci ) ); ++ ++ if ( tag == 0 && ! vlan_find ( netdev, tag ) ) { ++ /* VLAN 0, strip and continue */ ++ *net_proto = vlanhdr->net_proto; ++ iob_pull ( iobuf, sizeof ( *vlanhdr ) ); ++ } else { ++ /* Real VLAN tag, leave it alone */ ++ break; ++ } ++ } ++ return 0; ++} ++ + /** + * Poll the network stack + * +@@ -1094,6 +1133,12 @@ void net_poll ( void ) { + continue; + } + ++ /* Remove link-layer-independent headers */ ++ if ( ( rc = net_pull_tags ( iobuf, netdev, &net_proto ) ) ) { ++ free_iob ( iobuf ); ++ continue; ++ } ++ + /* Hand packet to network layer */ + if ( ( rc = net_rx ( iob_disown ( iobuf ), netdev, + net_proto, ll_dest, +@@ -1125,6 +1170,18 @@ __weak unsigned int vlan_tag ( struct net_device *netdev __unused ) { + return 0; + } + ++/** ++ * Identify VLAN device (when VLAN support is not present) ++ * ++ * @v netdev Network device ++ * @v tag VLAN tag, or zero ++ * @v iobuf I/O buffer ++ */ ++__weak struct net_device * vlan_find ( struct net_device *trunk __unused, ++ unsigned int tag __unused ) { ++ return NULL; ++} ++ + /** + * Add VLAN tag-stripped packet to queue (when VLAN support is not present) + * +diff --git a/src/net/vlan.c b/src/net/vlan.c +index 90f2934d..0f234ea5 100644 +--- a/src/net/vlan.c ++++ b/src/net/vlan.c +@@ -199,7 +199,7 @@ static void vlan_sync ( struct net_device *netdev ) { + * @v tag VLAN tag + * @ret netdev VLAN device, if any + */ +-static struct net_device * vlan_find ( struct net_device *trunk, ++struct net_device * vlan_find ( struct net_device *trunk, + unsigned int tag ) { + struct net_device *netdev; + struct vlan_device *vlan; +-- +2.27.0 + diff --git a/SOURCES/script.ipxe b/SOURCES/script.ipxe new file mode 100644 index 0000000..f519844 --- /dev/null +++ b/SOURCES/script.ipxe @@ -0,0 +1,3 @@ +#!ipxe +imgexec file:rhcert-script.ipxe + diff --git a/SPECS/ipxe.spec b/SPECS/ipxe.spec new file mode 100644 index 0000000..ef8ff5b --- /dev/null +++ b/SPECS/ipxe.spec @@ -0,0 +1,511 @@ +%if 0%{?fedora} +%global cross 1 +%endif + +# ROMS we want for QEMU with format PCIID:QEMUNAME +%global qemuroms \\\ + 8086100e:e1000 \\\ + 10ec8139:rtl8139 \\\ + 1af41000:virtio \\\ + 808610d3:e1000e + +%if 0%{?fedora} +# Fedora specific roms +%global qemuroms %{qemuroms} \\\ + 10222000:pcnet \\\ + 10ec8029:ne2k_pci \\\ + 80861209:eepro100 \\\ + 15ad07b0:vmxnet3 +%endif + +# We only build the ROMs if on an x86 build host. The resulting +# binary RPM will be noarch, so other archs will still be able +# to use the binary ROMs. +# +# We do cross-compilation for 32->64-bit, but not for other arches +# because EDK II does not support big-endian hosts. +%if 0%{?cross} +%global buildarches %{ix86} x86_64 +%else +%global buildarches x86_64 +%endif + +# debugging firmwares does not go the same way as a normal program. +# moreover, all architectures providing debuginfo for a single noarch +# package is currently clashing in koji, so don't bother. +%global debug_package %{nil} + +# Upstream don't do "releases" :-( So we're going to use the date +# as the version, and a GIT hash as the release. Generate new GIT +# snapshots using the folowing commands: +# +# $ hash=`git log -1 --format='%h'` +# $ date=`git log -1 --format='%cd' --date=short | tr -d -` +# $ git archive --prefix ipxe-${date}-git${hash}/ ${hash} | xz -7e > ipxe-${date}-git${hash}.tar.xz +# +# And then change these two: + +%global hash 4bd064de +%global date 20200823 + +Name: ipxe +Version: %{date} +Release: 7.git%{hash}%{?dist} +Summary: A network boot loader + +License: GPLv2 with additional permissions and BSD +URL: http://ipxe.org/ + +Source0: %{name}-%{version}-git%{hash}.tar.xz +Source1: script.ipxe + +# Enable IPv6 for qemu's config +# Sent upstream: http://lists.ipxe.org/pipermail/ipxe-devel/2015-November/004494.html +Patch0001: 0001-build-customize-configuration.patch +Patch0002: 0002-Use-spec-compliant-timeouts.patch +# For bz#1935932 - ipxe implements and/or uses the deprecated SHA-1 algorithm by default ( +Patch3: ipxe-Disable-SHA-1.patch +# For bz#1985658 - carry forward rhel8 ipxe packaging changes +Patch4: ipxe-Add-ping-command-support.patch +# For bz#1985658 - carry forward rhel8 ipxe packaging changes +Patch5: ipxe-Add-VLAN-tagging-support.patch +# For bz#1985658 - carry forward rhel8 ipxe packaging changes +Patch6: ipxe-netdevice-Strip-802.Q-VLAN-0-priority-tags.patch + +# Source-git patches + +%ifarch %{buildarches} +BuildRequires: perl-interpreter +BuildRequires: perl-Getopt-Long +%if 0%{?fedora} >= 33 || 0%{?rhel} >= 9 +BuildRequires: perl-FindBin +BuildRequires: perl-lib +%endif +BuildRequires: syslinux +BuildRequires: mtools +BuildRequires: xorriso +BuildRequires: edk2-tools +BuildRequires: xz-devel +BuildRequires: gcc + +BuildRequires: binutils-devel +%if 0%{?cross} +BuildRequires: binutils-x86_64-linux-gnu gcc-x86_64-linux-gnu +%endif +BuildRequires: make + +Obsoletes: gpxe <= 1.0.1 + +%package rhcert +Summary: Redhat hwcert custom ipxe image +BuildArch: noarch + +%package bootimgs +Summary: Network boot loader images in bootable USB, CD, floppy and GRUB formats +BuildArch: noarch +Obsoletes: gpxe-bootimgs <= 1.0.1 + +%package roms +Summary: Network boot loader roms in .rom format +Requires: %{name}-roms-qemu = %{version}-%{release} +BuildArch: noarch +Obsoletes: gpxe-roms <= 1.0.1 + +%package roms-qemu +Summary: Network boot loader roms supported by QEMU, .rom format +BuildArch: noarch +Obsoletes: gpxe-roms-qemu <= 1.0.1 + +%description rhcert +Custom ipxe image for use in hardware certification and validation + +%description bootimgs +iPXE is an open source network bootloader. It provides a direct +replacement for proprietary PXE ROMs, with many extra features such as +DNS, HTTP, iSCSI, etc. + +This package contains the iPXE boot images in USB, CD, floppy, and PXE +UNDI formats. + +%description roms +iPXE is an open source network bootloader. It provides a direct +replacement for proprietary PXE ROMs, with many extra features such as +DNS, HTTP, iSCSI, etc. + +This package contains the iPXE roms in .rom format. + + +%description roms-qemu +iPXE is an open source network bootloader. It provides a direct +replacement for proprietary PXE ROMs, with many extra features such as +DNS, HTTP, iSCSI, etc. + +This package contains the iPXE ROMs for devices emulated by QEMU, in +.rom format. +%endif + +%description +iPXE is an open source network bootloader. It provides a direct +replacement for proprietary PXE ROMs, with many extra features such as +DNS, HTTP, iSCSI, etc. + +%prep +%setup -q -n %{name}-%{version}-git%{hash} +%autopatch -p1 + + +%build +%ifarch %{buildarches} +cd src + +# ath9k drivers are too big for an Option ROM, and ipxe devs say it doesn't +# make sense anyways +# http://lists.ipxe.org/pipermail/ipxe-devel/2012-March/001290.html +rm -rf drivers/net/ath/ath9k + +make_ipxe() { + make %{?_smp_mflags} \ + NO_WERROR=1 V=1 \ + GITVERSION=%{hash} \ +%if 0%{?cross} + CROSS_COMPILE=x86_64-linux-gnu- \ +%endif + "$@" +} + +cp %{SOURCE1} . +make_ipxe bin-x86_64-efi/ipxe.efi EMBED=script.ipxe +mv bin-x86_64-efi/ipxe.efi bin-x86_64-efi/ipxe-rhcert.efi + +make_ipxe bin-i386-efi/ipxe.efi bin-x86_64-efi/ipxe.efi \ + bin-x86_64-efi/snponly.efi + +make_ipxe ISOLINUX_BIN=/usr/share/syslinux/isolinux.bin \ + bin/undionly.kpxe bin/ipxe.{dsk,iso,usb,lkrn} \ + allroms + +# build roms with efi support for qemu +mkdir bin-combined +for romstr in %{qemuroms}; do + rom=$(echo "$romstr" | cut -d ":" -f 1) + + make_ipxe CONFIG=qemu bin/${rom}.rom + make_ipxe CONFIG=qemu bin-x86_64-efi/${rom}.efidrv + vid="0x${rom%%????}" + did="0x${rom#????}" + EfiRom -f "$vid" -i "$did" --pci23 \ + -ec bin-x86_64-efi/${rom}.efidrv \ + -o bin-combined/${rom}.eficrom + util/catrom.pl \ + bin/${rom}.rom \ + bin-combined/${rom}.eficrom \ + > bin-combined/${rom}.rom + EfiRom -d bin-combined/${rom}.rom + # truncate to at least 256KiB + truncate -s \>256K bin-combined/${rom}.rom + # verify rom fits in 256KiB + test $(stat -c '%s' bin-combined/${rom}.rom) -le $((256 * 1024)) +done + +%endif + +%install +%ifarch %{buildarches} +mkdir -p %{buildroot}/%{_datadir}/%{name}/ +mkdir -p %{buildroot}/%{_datadir}/%{name}.efi/ +pushd src/bin/ + +cp -a undionly.kpxe ipxe.{iso,usb,dsk,lkrn} %{buildroot}/%{_datadir}/%{name}/ + +for img in *.rom; do + if [ -e $img ]; then + cp -a $img %{buildroot}/%{_datadir}/%{name}/ + echo %{_datadir}/%{name}/$img >> ../../rom.list + fi +done +popd + +cp -a src/bin-i386-efi/ipxe.efi %{buildroot}/%{_datadir}/%{name}/ipxe-i386.efi +cp -a src/bin-x86_64-efi/ipxe.efi %{buildroot}/%{_datadir}/%{name}/ipxe-x86_64.efi +cp -a src/bin-x86_64-efi/snponly.efi %{buildroot}/%{_datadir}/%{name}/ipxe-snponly-x86_64.efi +cp -a src/bin-x86_64-efi/ipxe-rhcert.efi %{buildroot}/%{_datadir}/%{name}/ipxe-x86_64-rhcert.efi + +mkdir -p %{buildroot}%{_datadir}/%{name}/qemu/ + +for romstr in %{qemuroms}; do + # the roms supported by qemu will be packaged separatedly + # remove from the main rom list and add them to qemu.list + rom=$(echo "$romstr" | cut -d ":" -f 1) + qemuname=$(echo "$romstr" | cut -d ":" -f 2) + sed -i -e "/\/${rom}.rom/d" rom.list + echo %{_datadir}/%{name}/${rom}.rom >> qemu.rom.list + + cp src/bin-combined/${rom}.rom %{buildroot}/%{_datadir}/%{name}.efi/ + echo %{_datadir}/%{name}.efi/${rom}.rom >> qemu.rom.list + + # Set up symlinks with expected qemu firmware names + ln -s ../../ipxe/${rom}.rom %{buildroot}%{_datadir}/%{name}/qemu/pxe-${qemuname}.rom + ln -s ../../ipxe.efi/${rom}.rom %{buildroot}%{_datadir}/%{name}/qemu/efi-${qemuname}.rom +done + +# endif buildarches +%endif + + +%ifarch %{buildarches} +%files bootimgs +%dir %{_datadir}/%{name} +%{_datadir}/%{name}/ipxe.iso +%{_datadir}/%{name}/ipxe.usb +%{_datadir}/%{name}/ipxe.dsk +%{_datadir}/%{name}/ipxe.lkrn +%{_datadir}/%{name}/ipxe-i386.efi +%{_datadir}/%{name}/ipxe-x86_64.efi +%{_datadir}/%{name}/undionly.kpxe +%{_datadir}/%{name}/ipxe-snponly-x86_64.efi +%doc COPYING COPYING.GPLv2 COPYING.UBDL + +%files roms -f rom.list +%dir %{_datadir}/%{name} +%doc COPYING COPYING.GPLv2 COPYING.UBDL + +%files roms-qemu -f qemu.rom.list +%dir %{_datadir}/%{name} +%dir %{_datadir}/%{name}.efi +%{_datadir}/%{name}/qemu +%doc COPYING COPYING.GPLv2 COPYING.UBDL + +%files rhcert +%dir %{_datadir}/%{name} +%{_datadir}/%{name}/ipxe-x86_64-rhcert.efi +%endif + +%changelog +* Mon Aug 09 2021 Mohan Boddu - 20200823-7.git4bd064de +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Sat Aug 07 2021 Miroslav Rezanina - 20200823-6.git4bd064de +- ipxe-Add-ping-command-support.patch [bz#1985658] +- ipxe-Add-VLAN-tagging-support.patch [bz#1985658] +- ipxe-netdevice-Strip-802.Q-VLAN-0-priority-tags.patch [bz#1985658] +- ipxe-Provide-snponly.efi-rom.patch [bz#1985658] +- ipxe-Build-hwcert-subpackage.patch [bz#1985658] +- Resolves: bz#1985658 + (carry forward rhel8 ipxe packaging changes) + +* Mon Jul 26 2021 Miroslav Rezanina - 20200823-5.git4bd064de +- ipxe-Disable-SHA-1.patch [bz#1935932] +- ipxe-Replace-genisoimage-with-xorriso.patch [bz#1971981] +- ipxe-spec-Drop-disabled-efi-ia32-build-infrastructure.patch [bz#1980138] +- ipxe-spec-Generate-qemu-compatible-rom-filenames.patch [bz#1980138] +- Resolves: bz#1935932 + (ipxe implements and/or uses the deprecated SHA-1 algorithm by default () +- Resolves: bz#1971981 + (Please replace genisoimage with xorriso) +- Resolves: bz#1980138 + (install qemu rom symlinks so qemu doesn't have to) + +* Tue Jun 08 2021 Miroslav Rezanina - 20200823-4.git4bd064de +- ipxe-Skip-some-QEMU-ROMs-when-building-for-RHEL.patch [bz#1956931] +- ipxe-spec-combine-BIOS-and-EFI-roms-using-util-catrom.pl.patch [bz#1957246] +- Resolves: bz#1956931 + (ipxe-roms-qemu list: Clean out old ROMs) +- Resolves: bz#1957246 + (boot vm from pxe failed) + +* Fri Apr 16 2021 Mohan Boddu - 20200823-3.git4bd064de +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 20200823-2.git4bd064de +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Sep 15 2020 Cole Robinson - 20200823-1.git4bd064de.git +- Update to newer git snapshot, synced with qemu.git +- Re-enable HTTPS support, with edk2 fix included (bz 1820836) + +* Fri Sep 04 2020 Merlin Mathesius - 20190125-9.git36a4c85f +- Workaound fatal GCC 9 compilation/link errors +- Fix conditionals for perl BuildRequires + +* Mon Aug 17 2020 Cole Robinson - 20190125-8.git36a4c85f +- Revert HTTPS support, causes boot hangs with UEFI (bz 1869102) + +* Tue Aug 11 2020 Cole Robinson - 20190125-7.git36a4c85f +- Enable HTTPS support (bug 1820836) + +* Wed Jul 29 2020 Richard W.M. Jones - 20190125-6.git36a4c85f +- Explicitly BR perl-FindBin and perl-lib. + +* Tue Jul 28 2020 Fedora Release Engineering - 20190125-5.git36a4c85f +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jan 29 2020 Fedora Release Engineering - 20190125-4.git36a4c85f +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Jul 25 2019 Fedora Release Engineering - 20190125-3.git36a4c85f +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Tue Jul 16 2019 Paolo Bonzini - 20190125-2.git36a4c85f +- Allow removing IA32 EFI images from combined oproms +- Check that the ROMs fit in 256K and pad them + +* Tue Feb 12 2019 Daniel P. Berrangé - 20190125-1.git36a4c85f +- Update to latest git snapshot + +* Fri Feb 01 2019 Fedora Release Engineering - 20170710-6.git0600d3ae +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Jul 23 2018 Daniel P. Berrangé - 20170710-5.git0600d3ae +- mkisofs tool moved to genisoimage RPM + +* Fri Jul 13 2018 Fedora Release Engineering - 20170710-4.git0600d3ae +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Feb 07 2018 Fedora Release Engineering - 20170710-3.git0600d3ae +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Nov 21 2017 Paolo Bonzini - ipxe-20170710-2.git0600d3ae +- Include bugfix and configuration patches from RHEL +- Disable cross compilation on RHEL + +* Thu Aug 03 2017 Cole Robinson - ipxe-20170710-1.git0600d3ae +- Update to ipxe 0600d3ae for qemu-2.10.0 + +* Wed Aug 02 2017 Fedora Release Engineering - 20161108-4.gitb991c67 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 20161108-3.gitb991c67 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 20161108-2.gitb991c67 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Sun Dec 04 2016 Cole Robinson - 20161108-1.gitb991c67 +- Rebase to version shipped with qemu 2.8 + +* Thu Feb 04 2016 Fedora Release Engineering - 20150821-3.git4e03af8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Jan 26 2016 Cole Robinson 20150821-2.git4e03af8 +- Build ipxe.efi (bug 1300865) +- Build eepro100 rom for qemu + +* Tue Nov 17 2015 Cole Robinson - 20150821-1.git4e03af8 +- Update to commit 4e03af8 for qemu 2.5 +- Enable IPv6 (bug 1280318) + +* Wed Jun 17 2015 Fedora Release Engineering - 20150407-3.gitdc795b9f +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Thu Apr 16 2015 Paolo Bonzini - 20150407-2.gitdc795b9f +- Fix virtio bug with UEFI driver + +* Thu Apr 16 2015 Paolo Bonzini - 20150407-1.gitdc795b9f +- Update to latest upstream snapshot +- Switch source to .tar.xz +- Include patches from QEMU submodule +- Use config file for configuration +- Distribute additional permissions on top of GPLv2 ("UBDL") + +* Sat Aug 16 2014 Fedora Release Engineering - 20140303-3.gitff1e7fc7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 20140303-2.gitff1e7fc7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Mon Mar 03 2014 Cole Robinson - 20140303-1.gitff1e7fc7 +- Allow access to ipxe prompt if VM is set to pxe boot (bz #842932) +- Enable PNG support (bz #1058176) + +* Sat Aug 03 2013 Fedora Release Engineering - 20130517-3.gitc4bce43 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon May 20 2013 Paolo Bonzini - 20130103-3.git717279a +- Fix BuildRequires, use cross-compiler when building on 32-bit i686 +- Build UEFI drivers for QEMU and include them (patch from Gerd Hoffmann. + BZ#958875) + +* Fri May 17 2013 Daniel P. Berrange - 20130517-1.gitc4bce43 +- Update to latest upstream snapshot + +* Fri May 17 2013 Daniel P. Berrange - 20130103-3.git717279a +- Fix build with GCC 4.8 (rhbz #914091) + +* Thu Feb 14 2013 Fedora Release Engineering - 20130103-2.git717279a +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Thu Jan 3 2013 Daniel P. Berrange - 20130103-1.git717279a +- Updated to latest GIT snapshot + +* Thu Jul 19 2012 Fedora Release Engineering - 20120328-2.gitaac9718 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed Mar 28 2012 Daniel P. Berrange - 20120328-1.gitaac9718 +- Update to newer upstream + +* Fri Mar 23 2012 Daniel P. Berrange - 20120319-3.git0b2c788 +- Remove more defattr statements + +* Tue Mar 20 2012 Daniel P. Berrange - 20120319-2.git0b2c788 +- Remove BuildRoot & rm -rf of it in install/clean sections +- Remove defattr in file section +- Switch to use global, instead of define for macros +- Add note about Patch1 not going upstream +- Split BRs across lines for easier readability + +* Mon Feb 27 2012 Daniel P. Berrange - 20120319-1.git0b2c788 +- Initial package based on gPXE + +* Fri Jan 13 2012 Fedora Release Engineering - 1.0.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Mon Feb 21 2011 Matt Domsch - 1.0.1-4 +- don't use -Werror, it flags a failure that is not a failure for gPXE + +* Mon Feb 21 2011 Matt Domsch - 1.0.1-3 +- Fix virtio-net ethernet frame length (patch by cra), fixes BZ678789 + +* Tue Feb 08 2011 Fedora Release Engineering - 1.0.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Thu Aug 5 2010 Matt Domsch - 1.0.1-1 +- New drivers: Intel e1000, e1000e, igb, EFI snpnet, JMicron jme, + Neterion X3100, vxge, pcnet32. +- Bug fixes and improvements to drivers, wireless, DHCP, iSCSI, + COMBOOT, and EFI. +* Tue Feb 2 2010 Matt Domsch - 1.0.0-1 +- bugfix release, also adds wireless card support +- bnx2 builds again +- drop our one patch + +* Tue Oct 27 2009 Matt Domsch - 0.9.9-1 +- new upstream version 0.9.9 +-- plus patches from git up to 20090818 which fix build errors and + other release-critical bugs. +-- 0.9.9: added Attansic L1E and sis190/191 ethernet drivers. Fixes + and updates to e1000 and 3c90x drivers. +-- 0.9.8: new commands: time, sleep, md5sum, sha1sum. 802.11 wireless + support with Realtek 8180/8185 and non-802.11n Atheros drivers. + New Marvell Yukon-II gigabet Ethernet driver. HTTP redirection + support. SYSLINUX floppy image type (.sdsk) with usable file + system. Rewrites, fixes, and updates to 3c90x, forcedeth, pcnet32, + e1000, and hermon drivers. + +* Mon Oct 5 2009 Matt Domsch - 0.9.7-6 +- move rtl8029 from -roms to -roms-qemu for qemu ne2k_pci NIC (BZ 526776) + +* Fri Jul 24 2009 Fedora Release Engineering - 0.9.7-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Tue May 19 2009 Matt Domsch - 0.9.7-4 +- add undionly.kpxe to -bootimgs + +* Tue May 12 2009 Matt Domsch - 0.9.7-3 +- handle isolinux changing paths + +* Sat May 9 2009 Matt Domsch - 0.9.7-2 +- add dist tag + +* Thu Mar 26 2009 Matt Domsch - 0.9.7-1 +- Initial release based on etherboot spec