rpms/grub
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

provide a simple sbat.csv file to be used to generate EFI images with secure boot support

Browse Source 
update unifont to 16.0.01
fix newline typo in openmamba_boot_choices patch [release 2.12-5mamba;Sun Oct 27 2024]
This commit is contained in:
Silvan Calarco 2024-10-27 09:39:08 +01:00
parent bfd9bf56d5
commit eeca92bca8
10 changed files with 26 additions and 210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
grub-2.00-flex-2.5.37.patch
View File

@ -1,12 +0,0 @@
--- grub-core/script/yylex.l 2012-06-08 20:54:21 +0000
+++ grub-core/script/yylex.l 2012-09-05 06:51:31 +0000
@@ -29,6 +29,8 @@
#pragma GCC diagnostic ignored "-Wmissing-prototypes"
#pragma GCC diagnostic ignored "-Wmissing-declarations"
#pragma GCC diagnostic ignored "-Wunsafe-loop-optimizations"
+#pragma GCC diagnostic ignored "-Wunused-function"
+#pragma GCC diagnostic ignored "-Wsign-compare"
#define yyfree grub_lexer_yyfree
#define yyalloc grub_lexer_yyalloc

11
grub-2.00-gcc-4.5.patch
View File

@ -1,11 +0,0 @@
--- grub-2.00/grub-core/kern/emu/hostdisk.c.orig 2013-06-09 12:48:55.969139451 +0200
+++ grub-2.00/grub-core/kern/emu/hostdisk.c 2013-06-09 12:45:35.250105585 +0200
@@ -431,7 +431,7 @@
uint64_t length, start;
char *target, *params;
char *ptr;
- int major, minor;
+ int major = 0, minor = 0;
int first = 1;
grub_disk_addr_t partstart = 0;

11
grub-2.00-stdio.patch
View File

@ -1,11 +0,0 @@
diff -Nru grub-2.00.orig/grub-core/gnulib/stdio.in.h grub-2.00/grub-core/gnulib/stdio.in.h
--- grub-2.00.orig/grub-core/gnulib/stdio.in.h 2010-12-01 15:45:43.000000000 +0100
+++ grub-2.00/grub-core/gnulib/stdio.in.h 2013-03-04 22:11:15.763270577 +0100
@@ -141,7 +141,6 @@
so any use of gets warrants an unconditional warning. Assume it is
always declared, since it is required by C89. */
#undef gets
-_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
#if @GNULIB_FOPEN@
# if @REPLACE_FOPEN@

20
grub-2.04-fix-enable-nls-install-locale-dir.patch
View File

@ -1,20 +0,0 @@
--- grub-2.04/util/grub-install-common.c.orig 2019-12-22 22:28:32.286000000 +0100
+++ grub-2.04/util/grub-install-common.c 2019-12-22 22:25:23.601000000 +0100
@@ -598,7 +598,7 @@
grub_util_fd_closedir (d);
}
-#if !(defined (GRUB_UTIL) && defined(ENABLE_NLS) && ENABLE_NLS)
+#if (defined (GRUB_UTIL) && defined(ENABLE_NLS) && ENABLE_NLS)
static const char *
get_localedir (void)
{
@@ -659,7 +659,7 @@
grub_install_copy_nls(const char *src __attribute__ ((unused)),
const char *dst __attribute__ ((unused)))
{
-#if !(defined (GRUB_UTIL) && defined(ENABLE_NLS) && ENABLE_NLS)
+#if (defined (GRUB_UTIL) && defined(ENABLE_NLS) && ENABLE_NLS)
char *dst_locale;
dst_locale = grub_util_path_concat (2, dst, "locale");

135
grub-2.06-e2fsprogs-1.47.patch
View File

@ -1,135 +0,0 @@
Submitted By: Xi Ruoyao <xry111 AT xry111 DOT site>
Date: 2023-02-18
Initial Package Version: 2.06
Upstream Status: Committed
Origin: Upstream git repository, commit SHA follows:
7fd5feff97c4b1f446f8fcf6d37aca0c64e7c763
2e9fa73a040462b81bfbfe56c0bc7ad2d30b446b
Description: Recognize ext2/3/4 filesystem features
metdata_csum_seed and large_dir; ignore them as
they are not used by GRUB and can be safely
ignored, instead of treat these unrecognized
features as hard errors. Particularly, the
metadata_csum_seed feature is enabled by
e2fsprogs >= 1.47.0, so failing to recognize it
will cause grub-install failure if the /boot
partition (or /, when /boot is not a separate
partition) is created by a recent mkfs.ext4.
From 7fd5feff97c4b1f446f8fcf6d37aca0c64e7c763 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Fri, 11 Jun 2021 21:36:16 +0200
Subject: [PATCH] fs/ext2: Ignore checksum seed incompat feature
This incompat feature is used to denote that the filesystem stored its
metadata checksum seed in the superblock. This is used to allow tune2fs
changing the UUID on a mounted metdata_csum filesystem without having
to rewrite all the disk metadata. However, the GRUB doesn't use the
metadata checksum at all. So, it can just ignore this feature if it
is enabled. This is consistent with the GRUB filesystem code in general
which just does a best effort to access the filesystem's data.
The checksum seed incompat feature has to be removed from the ignore
list if the support for metadata checksum verification is added to the
GRUB ext2 driver later.
Suggested-by: Eric Sandeen <esandeen@redhat.com>
Suggested-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/ext2.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
index e7dd78e66..4953a1591 100644
--- a/grub-core/fs/ext2.c
+++ b/grub-core/fs/ext2.c
@@ -103,6 +103,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
#define EXT4_FEATURE_INCOMPAT_64BIT 0x0080
#define EXT4_FEATURE_INCOMPAT_MMP 0x0100
#define EXT4_FEATURE_INCOMPAT_FLEX_BG 0x0200
+#define EXT4_FEATURE_INCOMPAT_CSUM_SEED 0x2000
#define EXT4_FEATURE_INCOMPAT_ENCRYPT 0x10000
/* The set of back-incompatible features this driver DOES support. Add (OR)
@@ -123,10 +124,15 @@ GRUB_MOD_LICENSE ("GPLv3+");
* mmp: Not really back-incompatible - was added as such to
* avoid multiple read-write mounts. Safe to ignore for this
* RO driver.
+ * checksum seed: Not really back-incompatible - was added to allow tools
+ * such as tune2fs to change the UUID on a mounted metadata
+ * checksummed filesystem. Safe to ignore for now since the
+ * driver doesn't support checksum verification. However, it
+ * has to be removed from this list if the support is added later.
*/
#define EXT2_DRIVER_IGNORED_INCOMPAT ( EXT3_FEATURE_INCOMPAT_RECOVER \
- | EXT4_FEATURE_INCOMPAT_MMP)
-
+ | EXT4_FEATURE_INCOMPAT_MMP \
+ | EXT4_FEATURE_INCOMPAT_CSUM_SEED)
#define EXT3_JOURNAL_MAGIC_NUMBER 0xc03b3998U
--
2.39.2
From 2e9fa73a040462b81bfbfe56c0bc7ad2d30b446b Mon Sep 17 00:00:00 2001
From: Theodore Ts'o <tytso@mit.edu>
Date: Tue, 30 Aug 2022 22:41:59 -0400
Subject: [PATCH] fs/ext2: Ignore the large_dir incompat feature
Recently, ext4 added the large_dir feature, which adds support for
a 3 level htree directory support.
The GRUB supports existing file systems with htree directories by
ignoring their existence, and since the index nodes for the hash tree
look like deleted directory entries (by design), the GRUB can simply do
a brute force O(n) linear search of directories. The same is true for
3 level deep htrees indicated by large_dir feature flag.
Hence, it is safe for the GRUB to ignore the large_dir incompat feature.
Fixes: https://savannah.gnu.org/bugs/?61606
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/ext2.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
index 0989e26e1..e1cc5e62a 100644
--- a/grub-core/fs/ext2.c
+++ b/grub-core/fs/ext2.c
@@ -104,6 +104,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
#define EXT4_FEATURE_INCOMPAT_MMP 0x0100
#define EXT4_FEATURE_INCOMPAT_FLEX_BG 0x0200
#define EXT4_FEATURE_INCOMPAT_CSUM_SEED 0x2000
+#define EXT4_FEATURE_INCOMPAT_LARGEDIR 0x4000 /* >2GB or 3 level htree */
#define EXT4_FEATURE_INCOMPAT_ENCRYPT 0x10000
/* The set of back-incompatible features this driver DOES support. Add (OR)
@@ -129,10 +130,17 @@ GRUB_MOD_LICENSE ("GPLv3+");
* checksummed filesystem. Safe to ignore for now since the
* driver doesn't support checksum verification. However, it
* has to be removed from this list if the support is added later.
+ * large_dir: Not back-incompatible given that the GRUB ext2 driver does
+ * not implement EXT2_FEATURE_COMPAT_DIR_INDEX. If the GRUB
+ * eventually supports the htree feature (aka dir_index)
+ * it should support 3 level htrees and then move
+ * EXT4_FEATURE_INCOMPAT_LARGEDIR to
+ * EXT2_DRIVER_SUPPORTED_INCOMPAT.
*/
#define EXT2_DRIVER_IGNORED_INCOMPAT ( EXT3_FEATURE_INCOMPAT_RECOVER \
| EXT4_FEATURE_INCOMPAT_MMP \
- | EXT4_FEATURE_INCOMPAT_CSUM_SEED)
+ | EXT4_FEATURE_INCOMPAT_CSUM_SEED \
+ | EXT4_FEATURE_INCOMPAT_LARGEDIR)
#define EXT3_JOURNAL_MAGIC_NUMBER 0xc03b3998U
--
2.39.2

2
grub-2.12-openmamba_boot_choices.patch
View File

@ -29,7 +29,7 @@
+ fi
+ done
+ if test -n "${initrd}" ; then
+ gettext_printf "Found initrd image: %sn" "${dirname}/${initrd}" >&2
+ gettext_printf "Found initrd image: %s\n" "${dirname}/${initrd}" >&2
+ linux_entry "${OS} (failsafe)" "${version}" advanced \
+ "rddebug splash selinux=0 ${GRUB_CMDLINE_LINUX_DEFAULT}"
+ fi

3
grub-sbat.csv Normal file
View File

@ -0,0 +1,3 @@
sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
grub,3,Free Software Foundation,grub,%PKGVER%,https//www.gnu.org/software/grub/
grub.openmamba,1,openmamba,grub,%PKGVER%,https://openmamba.org/en/rpms/base/grub/
1 sbat 1 SBAT Version sbat 1 https://github.com/rhboot/shim/blob/main/SBAT.md
2 grub 3 Free Software Foundation grub %PKGVER% https//www.gnu.org/software/grub/
3 grub.openmamba 1 openmamba grub %PKGVER% https://openmamba.org/en/rpms/base/grub/

42
grub.spec
View File

@ -1,35 +1,31 @@
%define majver %(echo %version| cut -d. -f1-2)
%define pkgver %(echo %version | tr _ -)
%define unifont_ver 15.1.04
%define unifont_ver 16.0.01
Name: grub
Epoch: 2
Version: 2.12
Release: 3mamba
Release: 5mamba
Summary: A Multiboot boot loader derived from GRUB, the GRand Unified Bootloader
Group: System/Kernel and Hardware
Vendor: openmamba
Distribution: openmamba
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
URL: http://www.gnu.org/software/grub/
URL: https://www.gnu.org/software/grub/
Source: https://ftp.gnu.org/gnu/grub/grub-%{version}.tar.gz
Source1: https://ftp.gnu.org/gnu/unifont/unifont-%{unifont_ver}/unifont-%{unifont_ver}.bdf.gz
Source2: %{name}2-default
Source2: grub2-default
Source3: grub-2.00-openmamba-conf-other
Source4: %{name}2-sysconfig
Source4: grub2-sysconfig
Source5: grub-2.00-openmamba-conf-other-linux
Source6: %{name}2-conf-failsafe
Source6: grub2-conf-failsafe
Source7: grub-sbat.csv
Patch1: grub-2.12-openmamba_boot_choices.patch
Patch2: grub-2.00-stdio.patch
Patch3: %{name}2-1.97-sysconfig.patch
Patch9: %{name}2-1.99-fix_saved_entry_default.patch
Patch10: grub-2.00-flex-2.5.37.patch
Patch11: grub-2.00-gcc-4.5.patch
Patch3: grub2-1.97-sysconfig.patch
Patch9: grub2-1.99-fix_saved_entry_default.patch
Patch12: grub-2.06-openmamba-default-nomodeset.patch
Patch13: grub-2.12-silent-boot.patch
Patch14: grub-2.04-fix-enable-nls-install-locale-dir.patch
Patch15: grub-2.04-custom-boot-message.patch
Patch16: grub-2.06-e2fsprogs-1.47.patch
License: GPL
## AUTOBUILDREQ-BEGIN
BuildRequires: glibc-devel
@ -57,6 +53,7 @@ Requires: xorriso
Provides: bootloader
Provides: grub2
Obsoletes: grub2 < 2:2.06
Obsoletes: mactel-boot <= 0.9-1mamba
%description
GNU GRUB is a Multiboot boot loader. It was derived from GRUB, GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn.
@ -106,9 +103,7 @@ This package contains the efi boot files needed to boot according to EFI standar
%patch 9 -p1
%patch 12 -p1
%patch 13 -p1
#%patch14 -p1
%patch 15 -p1
#%patch 16 -p1
gunzip -c %{SOURCE1} > unifont.bdf
@ -214,11 +209,7 @@ cp grub-core/{*.mod,*.lst,*.img,*.sh,*.lst} %{buildroot}%{_prefix}/lib/grub/${AR
#cp bootx64.efi %{buildroot}%{_prefix}/lib/grub/
%endif
#install -D -m0644 unifont.pf2 %{buildroot}/boot/grub/unifont.pf2
install -D -m0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/default/grub
#install -D -m0755 %{SOURCE3} %{buildroot}%{_sysconfdir}/grub.d/20_other
#install -D -m0755 %{SOURCE5} %{buildroot}%{_sysconfdir}/grub.d/30_other_linux
#install -D -m0755 %{SOURCE6} %{buildroot}%{_sysconfdir}/grub.d/90_linux_failsafe
install -D -m0755 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/grub
cat > %{buildroot}%{_sbindir}/update-grub << _EOF
@ -232,9 +223,11 @@ chmod +x %{buildroot}%{_sbindir}/update-grub
install -d -m0755 %{buildroot}/boot/grub
install -d -m0755 %{buildroot}/boot/efi
# Provide a simple sbat.csv required for EFI with secure boot support
sed -e "s/%%PKGVER%/%{epoch}:%{version}-%{release}/" < %{SOURCE7} > %{buildroot}%{_datadir}/grub/sbat.csv
%find_lang grub || touch %{name}.lang
#rm -f %{buildroot}%{_sysconfdir}/grub.d/30_os-prober
rm -f %{buildroot}%{_infodir}/dir
%post
@ -343,6 +336,7 @@ fi
%{_datadir}/grub/ascii.pf2
%{_datadir}/grub/euro.pf2
%{_datadir}/grub/grub-mkconfig_lib
%{_datadir}/grub/sbat.csv
%{_datadir}/grub/unicode.pf2
%{_datadir}/grub/widthspec.h
%{_infodir}/grub-dev.info.gz
@ -387,6 +381,14 @@ fi
%endif
%changelog
* Sun Oct 27 2024 Silvan Calarco <silvan.calarco@mambasoft.it> 2.12-5mamba
- provide a simple sbat.csv file to be used to generate EFI images with secure boot support
- update unifont to 16.0.01
- fix newline typo in openmamba_boot_choices patch
* Thu Oct 24 2024 Silvan Calarco <silvan.calarco@mambasoft.it> 2.12-4mamba
- obsolete mactel-boot (replaced by grub-mactables)
* Mon Mar 18 2024 Silvan Calarco <silvan.calarco@mambasoft.it> 2.12-3mamba
- grub-efi-x86_64: set bootloader-id to distribution name from /etc/os-release

BIN
unifont-15.1.04.bdf.gz
View File

Binary file not shown.

BIN
unifont-16.0.01.bdf.gz Normal file
View File

Binary file not shown.