provide a simple sbat.csv file to be used to generate EFI images with secure boot support

update unifont to 16.0.01 fix newline typo in openmamba_boot_choices patch [release 2.12-5mamba;Sun Oct 27 2024]
2024-10-27 09:39:08 +01:00 · 2024-10-27 09:39:08 +01:00 · eeca92bca8
commit eeca92bca8
parent bfd9bf56d5
10 changed files with 26 additions and 210 deletions
--- a/grub-2.00-flex-2.5.37.patch
+++ b/grub-2.00-flex-2.5.37.patch
@ -1,12 +0,0 @@
 --- grub-core/script/yylex.l	2012-06-08 20:54:21 +0000
 +++ grub-core/script/yylex.l	2012-09-05 06:51:31 +0000
@@ -29,6 +29,8 @@
 #pragma GCC diagnostic ignored "-Wmissing-prototypes"
 #pragma GCC diagnostic ignored "-Wmissing-declarations"
 #pragma GCC diagnostic ignored "-Wunsafe-loop-optimizations"
 +#pragma GCC diagnostic ignored "-Wunused-function"
 +#pragma GCC diagnostic ignored "-Wsign-compare"
 #define yyfree    grub_lexer_yyfree
 #define yyalloc   grub_lexer_yyalloc
--- a/grub-2.00-gcc-4.5.patch
+++ b/grub-2.00-gcc-4.5.patch
@ -1,11 +0,0 @@
 --- grub-2.00/grub-core/kern/emu/hostdisk.c.orig	2013-06-09 12:48:55.969139451 +0200
 +++ grub-2.00/grub-core/kern/emu/hostdisk.c	2013-06-09 12:45:35.250105585 +0200
@@ -431,7 +431,7 @@
   uint64_t length, start;
   char *target, *params;
   char *ptr;
 -  int major, minor;
 +  int major = 0, minor = 0;
   int first = 1;
   grub_disk_addr_t partstart = 0;
--- a/grub-2.00-stdio.patch
+++ b/grub-2.00-stdio.patch
@ -1,11 +0,0 @@
 diff -Nru grub-2.00.orig/grub-core/gnulib/stdio.in.h grub-2.00/grub-core/gnulib/stdio.in.h
 --- grub-2.00.orig/grub-core/gnulib/stdio.in.h	2010-12-01 15:45:43.000000000 +0100
 +++ grub-2.00/grub-core/gnulib/stdio.in.h	2013-03-04 22:11:15.763270577 +0100
@@ -141,7 +141,6 @@
    so any use of gets warrants an unconditional warning.  Assume it is
    always declared, since it is required by C89.  */
 #undef gets
 -_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
 #if @GNULIB_FOPEN@
 # if @REPLACE_FOPEN@
--- a/grub-2.04-fix-enable-nls-install-locale-dir.patch
+++ b/grub-2.04-fix-enable-nls-install-locale-dir.patch
@ -1,20 +0,0 @@
 --- grub-2.04/util/grub-install-common.c.orig	2019-12-22 22:28:32.286000000 +0100
 +++ grub-2.04/util/grub-install-common.c	2019-12-22 22:25:23.601000000 +0100
@@ -598,7 +598,7 @@
   grub_util_fd_closedir (d);
 }
 -#if !(defined (GRUB_UTIL) && defined(ENABLE_NLS) && ENABLE_NLS)
 +#if (defined (GRUB_UTIL) && defined(ENABLE_NLS) && ENABLE_NLS)
 static const char *
 get_localedir (void)
 {
@@ -659,7 +659,7 @@
 grub_install_copy_nls(const char *src __attribute__ ((unused)),
                       const char *dst __attribute__ ((unused)))
 {
 -#if !(defined (GRUB_UTIL) && defined(ENABLE_NLS) && ENABLE_NLS)
 +#if (defined (GRUB_UTIL) && defined(ENABLE_NLS) && ENABLE_NLS)
   char *dst_locale;
   dst_locale = grub_util_path_concat (2, dst, "locale");
--- a/grub-2.06-e2fsprogs-1.47.patch
+++ b/grub-2.06-e2fsprogs-1.47.patch
@ -1,135 +0,0 @@
 Submitted By:            Xi Ruoyao <xry111 AT xry111 DOT site>
 Date:                    2023-02-18
 Initial Package Version: 2.06
 Upstream Status:         Committed
 Origin:                  Upstream git repository, commit SHA follows:
                         7fd5feff97c4b1f446f8fcf6d37aca0c64e7c763
                         2e9fa73a040462b81bfbfe56c0bc7ad2d30b446b
 Description:             Recognize ext2/3/4 filesystem features
                         metdata_csum_seed and large_dir; ignore them as
                         they are not used by GRUB and can be safely
                         ignored, instead of treat these unrecognized
                         features as hard errors.  Particularly, the
                         metadata_csum_seed feature is enabled by
                         e2fsprogs >= 1.47.0, so failing to recognize it
                         will cause grub-install failure if the /boot
                         partition (or /, when /boot is not a separate
                         partition) is created by a recent mkfs.ext4.
 From 7fd5feff97c4b1f446f8fcf6d37aca0c64e7c763 Mon Sep 17 00:00:00 2001
 From: Javier Martinez Canillas <javierm@redhat.com>
 Date: Fri, 11 Jun 2021 21:36:16 +0200
 Subject: [PATCH] fs/ext2: Ignore checksum seed incompat feature
 This incompat feature is used to denote that the filesystem stored its
 metadata checksum seed in the superblock. This is used to allow tune2fs
 changing the UUID on a mounted metdata_csum filesystem without having
 to rewrite all the disk metadata. However, the GRUB doesn't use the
 metadata checksum at all. So, it can just ignore this feature if it
 is enabled. This is consistent with the GRUB filesystem code in general
 which just does a best effort to access the filesystem's data.
 The checksum seed incompat feature has to be removed from the ignore
 list if the support for metadata checksum verification is added to the
 GRUB ext2 driver later.
 Suggested-by: Eric Sandeen <esandeen@redhat.com>
 Suggested-by: Lukas Czerner <lczerner@redhat.com>
 Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
 Reviewed-by: Lukas Czerner <lczerner@redhat.com>
 Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
 ---
 grub-core/fs/ext2.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)
 diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
 index e7dd78e66..4953a1591 100644
 --- a/grub-core/fs/ext2.c
 +++ b/grub-core/fs/ext2.c
@@ -103,6 +103,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
 #define EXT4_FEATURE_INCOMPAT_64BIT		0x0080
 #define EXT4_FEATURE_INCOMPAT_MMP		0x0100
 #define EXT4_FEATURE_INCOMPAT_FLEX_BG		0x0200
 +#define EXT4_FEATURE_INCOMPAT_CSUM_SEED		0x2000
 #define EXT4_FEATURE_INCOMPAT_ENCRYPT          0x10000
 /* The set of back-incompatible features this driver DOES support. Add (OR)
@@ -123,10 +124,15 @@ GRUB_MOD_LICENSE ("GPLv3+");
  * mmp:            Not really back-incompatible - was added as such to
  *                 avoid multiple read-write mounts. Safe to ignore for this
  *                 RO driver.
 + * checksum seed:  Not really back-incompatible - was added to allow tools
 + *                 such as tune2fs to change the UUID on a mounted metadata
 + *                 checksummed filesystem. Safe to ignore for now since the
 + *                 driver doesn't support checksum verification. However, it
 + *                 has to be removed from this list if the support is added later.
  */
 #define EXT2_DRIVER_IGNORED_INCOMPAT ( EXT3_FEATURE_INCOMPAT_RECOVER \
 -				     | EXT4_FEATURE_INCOMPAT_MMP)
 -
 +				     | EXT4_FEATURE_INCOMPAT_MMP \
 +				     | EXT4_FEATURE_INCOMPAT_CSUM_SEED)
 #define EXT3_JOURNAL_MAGIC_NUMBER	0xc03b3998U
 -- 
 2.39.2
 From 2e9fa73a040462b81bfbfe56c0bc7ad2d30b446b Mon Sep 17 00:00:00 2001
 From: Theodore Ts'o <tytso@mit.edu>
 Date: Tue, 30 Aug 2022 22:41:59 -0400
 Subject: [PATCH] fs/ext2: Ignore the large_dir incompat feature
 Recently, ext4 added the large_dir feature, which adds support for
 a 3 level htree directory support.
 The GRUB supports existing file systems with htree directories by
 ignoring their existence, and since the index nodes for the hash tree
 look like deleted directory entries (by design), the GRUB can simply do
 a brute force O(n) linear search of directories. The same is true for
 3 level deep htrees indicated by large_dir feature flag.
 Hence, it is safe for the GRUB to ignore the large_dir incompat feature.
 Fixes: https://savannah.gnu.org/bugs/?61606
 Signed-off-by: Theodore Ts'o <tytso@mit.edu>
 Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
 ---
 grub-core/fs/ext2.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)
 diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
 index 0989e26e1..e1cc5e62a 100644
 --- a/grub-core/fs/ext2.c
 +++ b/grub-core/fs/ext2.c
@@ -104,6 +104,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
 #define EXT4_FEATURE_INCOMPAT_MMP		0x0100
 #define EXT4_FEATURE_INCOMPAT_FLEX_BG		0x0200
 #define EXT4_FEATURE_INCOMPAT_CSUM_SEED		0x2000
 +#define EXT4_FEATURE_INCOMPAT_LARGEDIR		0x4000 /* >2GB or 3 level htree */
 #define EXT4_FEATURE_INCOMPAT_ENCRYPT          0x10000
 /* The set of back-incompatible features this driver DOES support. Add (OR)
@@ -129,10 +130,17 @@ GRUB_MOD_LICENSE ("GPLv3+");
  *                 checksummed filesystem. Safe to ignore for now since the
  *                 driver doesn't support checksum verification. However, it
  *                 has to be removed from this list if the support is added later.
 + * large_dir:      Not back-incompatible given that the GRUB ext2 driver does
 + *                 not implement EXT2_FEATURE_COMPAT_DIR_INDEX. If the GRUB
 + *                 eventually supports the htree feature (aka dir_index)
 + *                 it should support 3 level htrees and then move
 + *                 EXT4_FEATURE_INCOMPAT_LARGEDIR to
 + *                 EXT2_DRIVER_SUPPORTED_INCOMPAT.
  */
 #define EXT2_DRIVER_IGNORED_INCOMPAT ( EXT3_FEATURE_INCOMPAT_RECOVER \
 				     | EXT4_FEATURE_INCOMPAT_MMP \
 -				     | EXT4_FEATURE_INCOMPAT_CSUM_SEED)
 +				     | EXT4_FEATURE_INCOMPAT_CSUM_SEED \
 +				     | EXT4_FEATURE_INCOMPAT_LARGEDIR)
 #define EXT3_JOURNAL_MAGIC_NUMBER	0xc03b3998U
 -- 
 2.39.2
--- a/grub-2.12-openmamba_boot_choices.patch
+++ b/grub-2.12-openmamba_boot_choices.patch
@ -29,7 +29,7 @@
 +    fi
 +  done
 +  if test -n "${initrd}" ; then
-+    gettext_printf "Found initrd image: %sn" "${dirname}/${initrd}" >&2
+    gettext_printf "Found initrd image: %s\n" "${dirname}/${initrd}" >&2
 +    linux_entry "${OS} (failsafe)" "${version}" advanced \
 +      "rddebug splash selinux=0 ${GRUB_CMDLINE_LINUX_DEFAULT}"
 +  fi
--- a/grub-sbat.csv
+++ b/grub-sbat.csv
@ -0,0 +1,3 @@
 sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
 grub,3,Free Software Foundation,grub,%PKGVER%,https//www.gnu.org/software/grub/
 grub.openmamba,1,openmamba,grub,%PKGVER%,https://openmamba.org/en/rpms/base/grub/
--- a/grub.spec
+++ b/grub.spec
@ -1,35 +1,31 @@
 %define majver %(echo %version| cut -d. -f1-2)
 %define pkgver %(echo %version | tr _ -)
-%define unifont_ver 15.1.04
+%define unifont_ver 16.0.01
 Name:          grub
 Epoch:         2
 Version:       2.12
-Release:       3mamba
+Release:       5mamba
 Summary:       A Multiboot boot loader derived from GRUB, the GRand Unified Bootloader
 Group:         System/Kernel and Hardware
 Vendor:        openmamba
 Distribution:  openmamba
 Packager:      Silvan Calarco <silvan.calarco@mambasoft.it>
-URL:           http://www.gnu.org/software/grub/
+URL:           https://www.gnu.org/software/grub/
 Source:        https://ftp.gnu.org/gnu/grub/grub-%{version}.tar.gz
 Source1:       https://ftp.gnu.org/gnu/unifont/unifont-%{unifont_ver}/unifont-%{unifont_ver}.bdf.gz
-Source2:       %{name}2-default
+Source2:       grub2-default
 Source3:       grub-2.00-openmamba-conf-other
-Source4:       %{name}2-sysconfig
+Source4:       grub2-sysconfig
 Source5:       grub-2.00-openmamba-conf-other-linux
-Source6:       %{name}2-conf-failsafe
+Source6:       grub2-conf-failsafe
 Source7:       grub-sbat.csv
 Patch1:        grub-2.12-openmamba_boot_choices.patch
-Patch2:        grub-2.00-stdio.patch
+Patch3:        grub2-1.97-sysconfig.patch
-Patch3:        %{name}2-1.97-sysconfig.patch
+Patch9:        grub2-1.99-fix_saved_entry_default.patch
 Patch9:        %{name}2-1.99-fix_saved_entry_default.patch
 Patch10:       grub-2.00-flex-2.5.37.patch
 Patch11:       grub-2.00-gcc-4.5.patch
 Patch12:       grub-2.06-openmamba-default-nomodeset.patch
 Patch13:       grub-2.12-silent-boot.patch
 Patch14:       grub-2.04-fix-enable-nls-install-locale-dir.patch
 Patch15:       grub-2.04-custom-boot-message.patch
 Patch16:       grub-2.06-e2fsprogs-1.47.patch
 License:       GPL
 ## AUTOBUILDREQ-BEGIN
 BuildRequires: glibc-devel
@ -57,6 +53,7 @@ Requires:      xorriso
 Provides:      bootloader
 Provides:      grub2
 Obsoletes:     grub2 < 2:2.06
 Obsoletes:     mactel-boot <= 0.9-1mamba
 %description
 GNU GRUB is a Multiboot boot loader. It was derived from GRUB, GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn. 
@ -106,9 +103,7 @@ This package contains the efi boot files needed to boot according to EFI standar
 %patch 9 -p1
 %patch 12 -p1
 %patch 13 -p1
 #%patch14 -p1
 %patch 15 -p1
 #%patch 16 -p1
 gunzip -c %{SOURCE1} > unifont.bdf
@ -214,11 +209,7 @@ cp grub-core/{*.mod,*.lst,*.img,*.sh,*.lst} %{buildroot}%{_prefix}/lib/grub/${AR
 #cp bootx64.efi %{buildroot}%{_prefix}/lib/grub/
 %endif
 #install -D -m0644 unifont.pf2 %{buildroot}/boot/grub/unifont.pf2
 install -D -m0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/default/grub
 #install -D -m0755 %{SOURCE3} %{buildroot}%{_sysconfdir}/grub.d/20_other
 #install -D -m0755 %{SOURCE5} %{buildroot}%{_sysconfdir}/grub.d/30_other_linux
 #install -D -m0755 %{SOURCE6} %{buildroot}%{_sysconfdir}/grub.d/90_linux_failsafe
 install -D -m0755 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/grub
 cat > %{buildroot}%{_sbindir}/update-grub << _EOF
@ -232,9 +223,11 @@ chmod +x %{buildroot}%{_sbindir}/update-grub
 install -d -m0755 %{buildroot}/boot/grub
 install -d -m0755 %{buildroot}/boot/efi
 # Provide a simple sbat.csv required for EFI with secure boot support
 sed -e "s/%%PKGVER%/%{epoch}:%{version}-%{release}/" < %{SOURCE7} > %{buildroot}%{_datadir}/grub/sbat.csv
 %find_lang grub || touch %{name}.lang
 #rm -f %{buildroot}%{_sysconfdir}/grub.d/30_os-prober
 rm -f %{buildroot}%{_infodir}/dir
 %post
@ -343,6 +336,7 @@ fi
 %{_datadir}/grub/ascii.pf2
 %{_datadir}/grub/euro.pf2
 %{_datadir}/grub/grub-mkconfig_lib
 %{_datadir}/grub/sbat.csv
 %{_datadir}/grub/unicode.pf2
 %{_datadir}/grub/widthspec.h
 %{_infodir}/grub-dev.info.gz
@ -387,6 +381,14 @@ fi
 %endif
 %changelog
 * Sun Oct 27 2024 Silvan Calarco <silvan.calarco@mambasoft.it> 2.12-5mamba
 - provide a simple sbat.csv file to be used to generate EFI images with secure boot support
 - update unifont to 16.0.01
 - fix newline typo in openmamba_boot_choices patch
 * Thu Oct 24 2024 Silvan Calarco <silvan.calarco@mambasoft.it> 2.12-4mamba
 - obsolete mactel-boot (replaced by grub-mactables)
 * Mon Mar 18 2024 Silvan Calarco <silvan.calarco@mambasoft.it> 2.12-3mamba
 - grub-efi-x86_64: set bootloader-id to distribution name from /etc/os-release
--- a/unifont-15.1.04.bdf.gz
+++ b/unifont-15.1.04.bdf.gz
--- a/unifont-16.0.01.bdf.gz
+++ b/unifont-16.0.01.bdf.gz