-
Notifications
You must be signed in to change notification settings - Fork 541
/
grub2.spec
630 lines (528 loc) · 25.6 KB
/
grub2.spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
%define debug_package %{nil}
%define __os_install_post %{nil}
# Gnulib does not produce source tarball releases, and grub's bootstrap.conf
# bakes in a specific commit id to pull (GNULIB_REVISION).
%global gnulibversion d271f868a8df9bbec29049d01e056481b7a1a263
Summary: GRand Unified Bootloader
Name: grub2
Version: 2.06
Release: 20%{?dist}
License: GPLv3+
Vendor: Microsoft Corporation
Distribution: Azure Linux
Group: Applications/System
URL: https://www.gnu.org/software/grub
Source0: https://git.savannah.gnu.org/cgit/grub.git/snapshot/grub-%{version}.tar.gz
Source1: https://git.savannah.gnu.org/cgit/gnulib.git/snapshot/gnulib-%{gnulibversion}.tar.gz
Source2: sbat.csv.in
# Incorporate relevant patches from Fedora 34
# EFI Secure Boot / Handover Protocol patches
Patch0001: 0001-Add-support-for-Linux-EFI-stub-loading.patch
Patch0002: 0002-Rework-linux-command.patch
Patch0003: 0003-Rework-linux16-command.patch
Patch0004: 0004-Add-secureboot-support-on-efi-chainloader.patch
Patch0005: 0005-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch
Patch0006: 0006-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch
# Kernel cmdline fix
Patch0017: 0017-Pass-x-hex-hex-straight-through-unmolested.patch
# Nicer documentation. Also makes patch #166 apply cleanly
Patch0037: 0037-Replace-a-lot-of-man-pages-with-slightly-nicer-ones.patch
Patch0052: 0052-Make-our-info-pages-say-grub2-where-appropriate.patch
# General fix
Patch0069: 0069-Make-pmtimer-tsc-calibration-not-take-51-seconds-to-.patch
# ARM64 build patch
Patch0104: 0104-Rework-how-the-fdt-command-builds.patch
# General fixes (> 4GB DMA, TPM measurements, etc)
Patch0112: 0112-Try-to-pick-better-locations-for-kernel-and-initrd.patch
Patch0115: 0115-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch
Patch0116: 0116-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch
Patch0117: 0117-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch
Patch0118: 0118-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch
Patch0148: 0148-efi-Set-image-base-address-before-jumping-to-the-PE-.patch
Patch0149: 0149-tpm-Don-t-propagate-TPM-measurement-errors-to-the-ve.patch
Patch0150: 0150-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch
Patch0156: 0156-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch
# CVE-2020-15705
Patch0157: 0157-linuxefi-fail-kernel-validation-without-shim-protoco.patch
# Fix to prevent user from overwriting signed grub binary using grub2-install
Patch0166: 0166-grub-install-disable-support-for-EFI-platforms.patch
# CVE-2021-3981
Patch0167: 0167-restore-umask-for-grub-config.patch
# Fix to reset the global errno to success upon success.
Patch0170: 0170-fix-memory-alloc-errno-reset.patch
Patch0171: CVE-2022-2601.patch
Patch0172: CVE-2022-3775.patch
# CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734
# CVE-2022-28735 CVE-2022-28736
Patch0173: 0173-loader-efi-chainloader-Simplify-the-loader-state.patch
Patch0174: 0174-commands-boot-Add-API-to-pass-context-to-loader.patch
Patch0175: 0175-loader-efi-chainloader-Use-grub_loader_set_ex.patch
Patch0176: 0176-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch
Patch0177: 0177-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch
Patch0178: 0178-video-readers-png-Abort-sooner-if-a-read-operation-f.patch
Patch0179: 0179-video-readers-png-Refuse-to-handle-multiple-image-he.patch
Patch0180: 0180-video-readers-png-Drop-greyscale-support-to-fix-heap.patch
Patch0181: 0181-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch
Patch0182: 0182-video-readers-png-Sanity-check-some-huffman-codes.patch
Patch0183: 0183-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
Patch0184: 0184-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch
Patch0185: 0185-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
Patch0186: 0186-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch
Patch0187: 0187-normal-charset-Fix-array-out-of-bounds-formatting-un.patch
Patch0188: 0188-net-ip-Do-IP-fragment-maths-safely.patch
Patch0189: 0189-net-netbuff-Block-overly-large-netbuff-allocs.patch
Patch0190: 0190-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch
Patch0191: 0191-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch
Patch0192: 0192-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch
Patch0193: 0193-net-tftp-Avoid-a-trivial-UAF.patch
Patch0194: 0194-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch
Patch0195: 0195-net-http-Fix-OOB-write-for-split-http-headers.patch
Patch0196: 0196-net-http-Error-out-on-headers-with-LF-without-CR.patch
Patch0197: 0197-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch
Patch0198: 0198-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch
Patch0199: 0199-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch
Patch0200: 0200-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch
Patch0201: 0201-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch
Patch0202: 0202-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch
# Required to reach SBAT 3
Patch: sbat-3-0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
Patch: sbat-3-0004-font-Remove-grub_font_dup_glyph.patch
Patch: sbat-3-0005-font-Fix-integer-overflow-in-ensure_comb_space.patch
Patch: sbat-3-0006-font-Fix-integer-overflow-in-BMP-index.patch
Patch: sbat-3-0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch
Patch: sbat-3-0008-kern-efi-sb-Enforce-verification-of-font-files.patch
Patch: sbat-3-0009-fbutil-Fix-integer-overflow.patch
Patch: sbat-3-0011-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
Patch: sbat-3-0012-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
Patch: sbat-3-0013-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
# Required to reach SBAT 4
Patch: sbat-4-0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch
Patch: sbat-4-0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch
Patch: sbat-4-0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch
Patch: sbat-4-0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch
Patch: sbat-4-0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch
Patch: sbat-4-0006-fs-ntfs-Make-code-more-readable.patch
# The Azure Linux team created this patch since the gcc version in use at the
# time optimizes the code incorrectly, leading to network traffic getting
# dropped in scenarios like PXE booting.
Patch: disable-checksum-code-optimization.patch
BuildRequires: autoconf
BuildRequires: device-mapper-devel
BuildRequires: python3
BuildRequires: xz-devel
Requires: device-mapper
Requires: systemd-udev
Requires: xz
Requires: %{name}-tools-minimal = %{version}-%{release}
# Some distros split 'grub2' into more subpackages. For now we're bundling it all together
# inside the default package and adding these 'Provides' to make installation more user-friendly
# for people used to other distributions.
Provides: %{name}-common = %{version}-%{release}
Provides: %{name}-tools = %{version}-%{release}
Provides: %{name}-tools-efi = %{version}-%{release}
Provides: %{name}-tools-extra = %{version}-%{release}
%description
The GRUB package contains the GRand Unified Bootloader.
%ifarch x86_64
%package pc
Summary: GRUB Library for BIOS
Group: System Environment/Programming
Requires: %{name} = %{version}
# Some distros split 'grub2' into more subpackages. For now we're bundling it all together
# inside the default package and adding these 'Provides' to make installation more user-friendly
# for people used to other distributions.
Provides: %{name}-pc-modules = %{version}-%{release}
%description pc
Additional library files for grub
%endif
%package efi
Summary: GRUB Library for UEFI
Group: System Environment/Programming
Requires: %{name} = %{version}
# Some distros split 'grub2' into more subpackages. For now we're bundling it all together
# inside the default package and adding these 'Provides' to make installation more user-friendly
# for people used to other distributions.
Provides: %{name}-efi-modules = %{version}-%{release}
%ifarch x86_64
Provides: %{name}-efi-x64-modules = %{version}-%{release}
%endif
%ifarch aarch64
Provides: %{name}-efi-aa64-modules = %{version}-%{release}
%endif
%description efi
Additional library files for grub
%package efi-unsigned
Summary: Unsigned GRUB UEFI image
Group: System Environment/Base
%description efi-unsigned
Unsigned GRUB UEFI image
%package efi-binary
Summary: GRUB UEFI image
Group: System Environment/Base
Requires: %{name}-tools-minimal = %{version}-%{release}
# Some distros split 'grub2' into more subpackages. For now we're bundling it all together
# inside the default package and adding these 'Provides' to make installation more user-friendly
# for people used to other distributions.
%ifarch x86_64
Provides: %{name}-efi-x64 = %{version}-%{release}
%endif
%description efi-binary
GRUB UEFI bootloader binaries
%package efi-binary-noprefix
Summary: GRUB UEFI image with no prefix directory set
Group: System Environment/Base
Requires: %{name}-tools-minimal = %{version}-%{release}
%description efi-binary-noprefix
GRUB UEFI bootloader binaries with no prefix directory set
%package configuration
Summary: Location for local grub configurations
Group: System Environment/Base
%description configuration
Directory for package-specific boot configurations
to be persistently stored on AzureLinux
%package tools-minimal
Summary: Minimal set of utilities to configure a grub-based system
Group: System Environment/Base
Requires: %{name}-configuration = %{version}-%{release}
%description tools-minimal
Minimal set of utilities to configure a grub-based system
%prep
# Remove module_info.ld script due to error "grub2-install: error: Decompressor is too big"
LDFLAGS="`echo " %{build_ldflags} " | sed 's#-Wl,-dT,%{_topdir}/BUILD/module_info.ld##'`"
export LDFLAGS
%autosetup -p1 -n grub-2.06
cp %{SOURCE1} gnulib-%{gnulibversion}.tar.gz
tar -zxf gnulib-%{gnulibversion}.tar.gz
mv gnulib-%{gnulibversion} gnulib
%build
# Remove module_info.ld script due to error "grub2-install: error: Decompressor is too big"
LDFLAGS="`echo " %{build_ldflags} " | sed 's#-Wl,-dT,%{_topdir}/BUILD/module_info.ld##'`"
export LDFLAGS
export PYTHON=%{python3}
./bootstrap --no-git --gnulib-srcdir=./gnulib
%ifarch x86_64
mkdir build-for-pc
pushd build-for-pc
# Modify the default CFLAGS to support the i386 build
CFLAGS="`echo " %{build_cflags} " | \
sed 's/-fcf-protection//' | \
sed 's/-fstack-protector-strong//' | \
sed 's/-m64//' | \
sed 's/-specs.*cc1//' | \
sed 's/-mtune=generic//' | \
sed 's/-O. //' | \
sed 's/-fexceptions//' | \
sed 's/-Wp,-D_FORTIFY_SOURCE=2//'`"
export CFLAGS
../configure \
--prefix=%{_prefix} \
--sbindir=/sbin \
--sysconfdir=%{_sysconfdir} \
--disable-werror \
--disable-efiemu \
--with-grubdir=grub2 \
--with-platform=pc \
--target=i386 \
--program-transform-name=s,grub,%{name}, \
--with-bootdir="/boot"
make %{?_smp_mflags}
make DESTDIR=$PWD/../install-for-pc install
popd
%endif
# Disable stack-protector and PIE spec to fix compilation
CFLAGS="`echo " %{build_cflags} " | \
sed 's/-specs.*cc1//' | \
sed 's/-fstack-protector-strong//'`"
export CFLAGS
mkdir build-for-efi
pushd build-for-efi
../configure \
--prefix=%{_prefix} \
--sbindir=/sbin \
--sysconfdir=%{_sysconfdir} \
--disable-werror \
--disable-efiemu \
--with-grubdir=grub2 \
--with-platform=efi \
--target=%{_arch} \
--program-transform-name=s,grub,%{name}, \
--with-bootdir="/boot"
make %{?_smp_mflags}
make DESTDIR=$PWD/../install-for-efi install
popd
#make sure all the files are same between two configure except the /usr/lib/grub
%check
%ifarch x86_64
# Note: bin & sbin binaries are expected to differ due to different CFLAGS
# Just compare files under _sysconfdir and _datarootdir
diff -sr install-for-efi%{_sysconfdir} install-for-pc%{_sysconfdir}
diff -sr install-for-efi%{_datarootdir} install-for-pc%{_datarootdir}
%endif
%install
mkdir -p %{buildroot}
cp -a install-for-efi/. %{buildroot}/.
%ifarch x86_64
cp -a install-for-pc/. %{buildroot}/.
%endif
mkdir %{buildroot}%{_sysconfdir}/default
touch %{buildroot}%{_sysconfdir}/default/grub
mkdir %{buildroot}%{_sysconfdir}/default/grub.d
mkdir %{buildroot}%{_sysconfdir}/sysconfig
ln -sf %{_sysconfdir}/default/grub %{buildroot}%{_sysconfdir}/sysconfig/grub
install -vdm 700 %{buildroot}/boot/%{name}
touch %{buildroot}/boot/%{name}/grub.cfg
chmod 400 %{buildroot}/boot/%{name}/grub.cfg
rm -rf %{buildroot}%{_infodir}
# Add SBAT
sed -e "s,@@VERSION@@,%{version},g" -e "s,@@VERSION_RELEASE@@,%{version}-%{release},g" %{SOURCE2} > ./sbat.csv
cat ./sbat.csv
# Generate grub efi image
install -d %{buildroot}%{_datadir}/grub2-efi
%ifarch x86_64
./install-for-efi/usr/bin/grub2-mkimage -d ./install-for-efi/usr/lib/grub/x86_64-efi/ --sbat ./sbat.csv -o %{buildroot}%{_datadir}/grub2-efi/grubx64.efi -p /boot/grub2 -O x86_64-efi fat iso9660 part_gpt part_msdos normal boot linux configfile loopback chain efifwsetup efi_gop efi_uga ls search search_label search_fs_uuid search_fs_file gfxterm gfxterm_background gfxterm_menu test all_video loadenv exfat ext2 udf halt gfxmenu png tga lsefi help probe echo lvm cryptodisk luks gcry_rijndael gcry_sha512 tpm efinet tftp multiboot2 xfs
./install-for-efi/usr/bin/grub2-mkimage -d ./install-for-efi/usr/lib/grub/x86_64-efi/ --sbat ./sbat.csv -o %{buildroot}%{_datadir}/grub2-efi/grubx64-noprefix.efi --prefix= -O x86_64-efi fat iso9660 part_gpt part_msdos normal boot linux configfile loopback chain efifwsetup efi_gop efi_uga ls search search_label search_fs_uuid search_fs_file gfxterm gfxterm_background gfxterm_menu test all_video loadenv exfat ext2 udf halt gfxmenu png tga lsefi help probe echo lvm cryptodisk luks gcry_rijndael gcry_sha512 tpm efinet tftp multiboot2 xfs
%endif
%ifarch aarch64
./install-for-efi/usr/bin/grub2-mkimage -d ./install-for-efi/usr/lib/grub/arm64-efi/ --sbat ./sbat.csv -o %{buildroot}%{_datadir}/grub2-efi/grubaa64.efi -p /boot/grub2 -O arm64-efi fat iso9660 part_gpt part_msdos normal boot linux configfile loopback chain efifwsetup efi_gop ls search search_label search_fs_uuid search_fs_file gfxterm gfxterm_background gfxterm_menu test all_video loadenv exfat ext2 udf halt gfxmenu png tga lsefi help probe echo lvm cryptodisk luks gcry_rijndael gcry_sha512 tpm efinet tftp xfs
./install-for-efi/usr/bin/grub2-mkimage -d ./install-for-efi/usr/lib/grub/arm64-efi/ --sbat ./sbat.csv -o %{buildroot}%{_datadir}/grub2-efi/grubaa64-noprefix.efi --prefix= -O arm64-efi fat iso9660 part_gpt part_msdos normal boot linux configfile loopback chain efifwsetup efi_gop ls search search_label search_fs_uuid search_fs_file gfxterm gfxterm_background gfxterm_menu test all_video loadenv exfat ext2 udf halt gfxmenu png tga lsefi help probe echo lvm cryptodisk luks gcry_rijndael gcry_sha512 tpm efinet tftp xfs
%endif
# Install to efi directory
EFI_BOOT_DIR=%{buildroot}/boot/efi/EFI/BOOT
GRUB_MODULE_NAME=
GRUB_MODULE_SOURCE=
install -d $EFI_BOOT_DIR
%ifarch x86_64
GRUB_MODULE_NAME=grubx64.efi
GRUB_PXE_MODULE_NAME=grubx64-noprefix.efi
GRUB_MODULE_SOURCE=%{buildroot}%{_datadir}/grub2-efi/grubx64.efi
GRUB_PXE_MODULE_SOURCE=%{buildroot}%{_datadir}/grub2-efi/grubx64-noprefix.efi
%endif
%ifarch aarch64
GRUB_MODULE_NAME=grubaa64.efi
GRUB_PXE_MODULE_NAME=grubaa64-noprefix.efi
GRUB_MODULE_SOURCE=%{buildroot}%{_datadir}/grub2-efi/grubaa64.efi
GRUB_PXE_MODULE_SOURCE=%{buildroot}%{_datadir}/grub2-efi/grubaa64-noprefix.efi
%endif
cp $GRUB_MODULE_SOURCE $EFI_BOOT_DIR/$GRUB_MODULE_NAME
cp $GRUB_PXE_MODULE_SOURCE $EFI_BOOT_DIR/$GRUB_PXE_MODULE_NAME
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files
%defattr(-,root,root)
%license COPYING
%dir /boot/%{name}
%config() %{_sysconfdir}/bash_completion.d/grub
%{_sysconfdir}/sysconfig/grub
/sbin/grub2-bios-setup
/sbin/grub2-install
/sbin/grub2-macbless
/sbin/grub2-ofpathname
/sbin/grub2-reboot
/sbin/grub2-set-default
/sbin/grub2-sparc64-setup
%{_bindir}/grub2-fstest
%{_bindir}/grub2-glue-efi
%{_bindir}/grub2-kbdcomp
%{_bindir}/grub2-menulst2cfg
%{_bindir}/grub2-mkimage
%{_bindir}/grub2-mklayout
%{_bindir}/grub2-mknetdir
%{_bindir}/grub2-mkpasswd-pbkdf2
%{_bindir}/grub2-mkrescue
%{_bindir}/grub2-mkstandalone
%{_bindir}/grub2-render-label
%{_bindir}/grub2-syslinux2cfg
%files tools-minimal
%{_datarootdir}/grub/grub-mkconfig_lib
/sbin/grub2-probe
/sbin/grub2-mkconfig
%{_bindir}/grub2-editenv
%{_bindir}/grub2-script-check
%{_bindir}/grub2-file
%{_bindir}/grub2-mkrelpath
%ifarch x86_64
%files pc
%{_libdir}/grub/i386-pc
%files efi
%{_libdir}/grub/x86_64-efi
%endif
%files efi-unsigned
%{_datadir}/grub2-efi/*
%files efi-binary
%ifarch x86_64
/boot/efi/EFI/BOOT/grubx64.efi
%endif
%ifarch aarch64
/boot/efi/EFI/BOOT/grubaa64.efi
%endif
%files efi-binary-noprefix
%ifarch x86_64
/boot/efi/EFI/BOOT/grubx64-noprefix.efi
%endif
%ifarch aarch64
/boot/efi/EFI/BOOT/grubaa64-noprefix.efi
%endif
%ifarch aarch64
%files efi
%{_libdir}/grub/*
%endif
%files configuration
%dir %{_sysconfdir}/grub.d
%dir %{_sysconfdir}/default/grub.d
%{_sysconfdir}/grub.d/README
%attr(0644,root,root) %ghost %config(noreplace) %{_sysconfdir}/default/grub
%ghost %config(noreplace) /boot/%{name}/grub.cfg
%config() %{_sysconfdir}/grub.d/00_header
%config() %{_sysconfdir}/grub.d/10_linux
%config() %{_sysconfdir}/grub.d/20_linux_xen
%config() %{_sysconfdir}/grub.d/30_os-prober
%config() %{_sysconfdir}/grub.d/30_uefi-firmware
%config(noreplace) %{_sysconfdir}/grub.d/40_custom
%config(noreplace) %{_sysconfdir}/grub.d/41_custom
%changelog
* Tue Aug 13 2024 Daniel McIlvaney <damcilva@microsoft.com> - 2.06-20
- Move grub2-rpm-macros to the azurelinux-rpm-macros package
* Wed Jun 12 2024 George Mileka <gmileka@microsoft.com> - 2.06-19
- disable code optimization for ip checksum calculation
* Mon Apr 15 2024 Dan Streetman <ddstreet@microsoft.com> - 2.06-18
- update grub to sbat 4
* Tue Mar 19 2024 Cameron Baird <cameronbaird@microsoft.com> - 2.06-17
- Introduce grub2-tools-minimal subpackage
* Wed Mar 06 2024 Mykhailo Bykhovtsev <mbykhovtsev@microsoft.com> - 2.06-16
- Updated sbat.csv.in to reflect new distro name.
* Tue Mar 05 2024 Cameron Baird <cameronbaird@microsoft.com> - 2.06-15
- Explicitly depend on systemd-udev for image install
* Thu Jan 25 10:49:55 EST 2024 Dan Streetman <ddstreet@ieee.org> - 2.06-14
- remove systemd-devel build dep
* Mon Nov 27 2023 Cameron Baird <cameronbaird@microsoft.com> - 2.06-13
- Move /etc/grub.d to the configuration subpackage
* Wed Oct 18 2023 Gary Swalling <gaswal@microsoft.com> - 2.06-12
- CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734
CVE-2022-28735 CVE-2022-28736 and increment SBAT level to 2
* Fri Aug 11 2023 Cameron Baird <cameronbaird@microsoft.com> - 2.06-11
- Enable support for grub2-mkconfig grub.cfg generation
- Introduce rpm-macros, configuration subpackage
- The Mariner /etc/default/grub now sources files from /etc/default/grub.d
before the remainder of grub2-mkconfig runs. This allows RPM to
install package-specific configurations that the users can safely
override.
* Thu Jun 08 2023 Daniel McIlvaney <damcilva@microsoft.com> - 2.06-10
- CVE-2022-3775
* Wed Apr 05 2023 Andy Zaugg <azaugg@linkedin.com> - 2.06-9
- Adding XFS support to GRUB
* Thu Dec 29 2022 Mykhailo Bykhovtsev <mbykhovtsev@microsoft@microsoft.com> - 2.06-8
- Fix CVE-2022-2601 (Mykhailo Bykhovtsev <mbykhovtsev@microsoft.com>).
* Wed Sep 07 2022 Zhichun Wan <zhichunwan@microsoft.com> - 2.06-7
- Port internal patch for reseting grub_errno on success (George mileka <gmileka@microsoft.com>).
* Thu Jul 28 2022 Minghe Ren <mingheren@microsoft.com> - 2.06-6
- Change permission on grub.cfg to improve security
* Tue Jul 19 2022 Henry Li <lihl@microsoft.com> - 2.06-5
- Resolve CVE-2021-3981
- Remove specification of nopatch files in the spec file
* Fri Jul 08 2022 Henry Li <lihl@microsoft.com> - 2.06-4
- Create additional efi binary that has no prefix directory set
- Add grub2-efi-binary-noprefix subpackage for efi binary with no prefix set
* Fri Feb 25 2022 Henry Li <lihl@microsoft.com> - 2.06-3
- Enable multiboot2 support for x86_64
* Thu Feb 17 2022 Andrew Phelps <anphel@microsoft.com> - 2.06-2
- Use _topdir instead of hard-coded value /usr/src/mariner
* Wed Feb 09 2022 Chris Co <chrco@microsoft.com> - 2.06-1
- Update to 2.06 release
- Add efinet and tftp modules to grub efi binary
* Tue Feb 08 2022 Chris Co <chrco@microsoft.com> - 2.06~rc1-8
- Bump release number to force binary signing with new secure boot key
* Tue Sep 14 2021 Andrew Phelps <anphel@microsoft.com> - 2.06~rc1-7
- Disable module_info.ld script due to issue with ELF metadata note
* Tue Jul 20 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 2.06~rc1-6
- License verified.
- Adding 'Provides' for:
- 'grub2-common',
- 'grub2-efi-aa64-modules',
- 'grub2-efi-modules',
- 'grub2-efi-x64',
- 'grub2-efi-x64-modules',
- 'grub2-pc-modules',
- 'grub2-tools',
- 'grub2-tools-efi',
- 'grub2-tools-extra',
- 'grub2-tools-minimal'.
* Tue May 25 2021 Thomas Crain <thcrain@microsoft.com> - 2.06~rc1-5
- Explicitly specify python 3 as the python interpreter for bootstrapping
* Fri Apr 16 2021 Chris Co <chrco@microsoft.com> - 2.06~rc1-4
- Bump version to match grub-efi-binary-signed spec
* Fri Apr 02 2021 Rachel Menge <rachelmenge@microsoft.com> - 2.06~rc1-3
- Apply no patches for CVE-2021-3418 CVE-2020-14372 CVE-2020-25632
CVE-2020-25647 CVE-2020-27779 CVE-2021-20233 CVE-2020-10713 CVE-2020-14308
CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-27749 CVE-2021-20225
* Fri Mar 26 2021 Chris Co <chrco@microsoft.com> - 2.06~rc1-2
- Add a few more F34 patches (017, 037, 052, 069, 166)
* Wed Mar 10 2021 Chris Co <chrco@microsoft.com> - 2.06~rc1-1
- Update to 2.06-rc1. Remove old out-of-tree patches. Add patches from F34
- Incorporate SBAT data
- Remove grub2-lang (locale) subpackage
- Enable tpm module to EFI binary
* Mon Dec 14 2020 Andrew Phelps <anphel@microsoft.com> - 2.02-26
- Modify check test
* Fri Oct 30 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 2.02-25
- Fix CVE-2020-15705 (BootHole cont.).
* Thu Aug 13 2020 Chris Co <chrco@microsoft.com> - 2.02-24
- Remove signed subpackage and macro
* Thu Jul 30 2020 Chris Co <chrco@microsoft.com> - 2.02-23
- Fix CVE-2020-10713 (BootHole)
- Fix CVE-2020-14308
- Fix CVE-2020-14309
- Fix CVE-2020-14310
- Fix CVE-2020-14311
- Fix CVE-2020-15706
- Fix CVE-2020-15707
* Wed Jul 22 2020 Joe Schmitt <joschmit@microsoft.com> - 2.02-22
- Always include Patch100, but conditionally apply it.
- Switch URL to https.
* Tue Jun 30 2020 Nicolas Ontiveros <niontive@microsoft.com> - 2.02-21
- Add cryptodisk, luks, gcry_rijndael and gcry_sha512 modules to EFI files.
* Fri Jun 19 2020 Chris Co <chrco@microsoft.com> - 2.02-20
- Add grub2-efi-binary subpackage
- Add grub2-efi-binary-signed subpackage and macros for adding offline signed grub binaries
* Mon Jun 01 2020 Henry Beberman <henry.beberman@microsoft.com> - 2.02-19
- Address compilation errors from hardened cflags.
* Tue May 26 2020 Emre Girgin <mrgirgin@microsoft.com> - 2.02-18
- Change /boot directory permissions to 600.
* Fri May 22 2020 Chris Co <chrco@microsoft.com> - 2.02-17
- Create grubaa64.efi as part of the grub2-efi-unsigned subpackage
* Wed May 13 2020 Nick Samson <nisamson@microsoft.com> - 2.02-16
- Added %%license line automatically
* Mon May 11 2020 Chris Co <chrco@microsoft.com> - 2.02-15
- Create new grub2-efi-unsigned subpackage containing grubx64.efi
* Thu Apr 30 2020 Chris Co <chrco@microsoft.com> - 2.02-14
- Add fdt rework patch to fix aarch64 build errors
- Enable aarch64 build
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> - 2.02-13
- Initial CBL-Mariner import from Photon (license: Apache2).
* Thu Feb 21 2019 Alexey Makhalov <amakhalov@vmware.com> - 2.02-12
- Update grub version from ~rc3 to release.
- Enhance SB + TPM support (19 patches from grub2-2.02-70.fc30)
- Remove i386-pc modules from grub2-efi
* Fri Jan 25 2019 Alexey Makhalov <amakhalov@vmware.com> - 2.02-11
- Disable efinet for aarch64 to workwround NXP ls1012a frwy PFE bug.
* Tue Nov 14 2017 Alexey Makhalov <amakhalov@vmware.com> - 2.02-10
- Aarch64 support
* Fri Jun 2 2017 Bo Gan <ganb@vmware.com> - 2.02-9
- Split grub2 to grub2 and grub2-pc, remove grub2-efi spec
* Fri Apr 14 2017 Alexey Makhalov <amakhalov@vmware.com> - 2.02-8
- Version update to 2.02~rc2
* Fri Nov 18 2016 Anish Swaminathan <anishs@vmware.com> - 2.02-7
- Add fix for CVE-2015-8370
* Fri Nov 18 2016 Anish Swaminathan <anishs@vmware.com> - 2.02-6
- Change systemd dependency
* Thu Oct 06 2016 ChangLee <changlee@vmware.com> - 2.02-5
- Modified %check
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> - 2.02-4
- GA - Bump release of all rpms
* Fri Oct 02 2015 Divya Thaluru <dthaluru@vmware.com> - 2.02-3
- Adding patch to boot entries with out password.
* Wed Jul 22 2015 Divya Thaluru <dthaluru@vmware.com> - 2.02-2
- Changing program name from grub to grub2.
* Mon Jun 29 2015 Divya Thaluru <dthaluru@vmware.com> - 2.02-1
- Updating grub to 2.02
* Wed Nov 5 2014 Divya Thaluru <dthaluru@vmware.com> - 2.00-1
- Initial build. First version