File grub2.spec of Package grub2.18446

# spec file for package grub2
# Copyright (c) 2020 SUSE LLC
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via
# needssslcertforbuild

%define _binaries_in_noarch_package_terminate_build 0

Name:           grub2
%ifarch x86_64 ppc64
BuildRequires:  gcc-32bit
BuildRequires:  glibc-32bit
BuildRequires:  glibc-devel-32bit
BuildRequires:  gcc
BuildRequires:  glibc-devel
BuildRequires:  automake
BuildRequires:  bison
BuildRequires:  device-mapper-devel
BuildRequires:  fdupes
BuildRequires:  flex
BuildRequires:  freetype2-devel
BuildRequires:  fuse-devel
%if 0%{?suse_version} >= 1140
BuildRequires:  dejavu-fonts
BuildRequires:  gnu-unifont
BuildRequires:  help2man
BuildRequires:  xz
%if 0%{?suse_version} >= 1210
BuildRequires:  makeinfo
BuildRequires:  texinfo
%if %{defined pythons}
BuildRequires:  %{pythons}
BuildRequires:  python
BuildRequires:  xz-devel
%ifarch x86_64 aarch64
%if 0%{?suse_version} >= 1230 || 0%{?suse_version} == 1110
BuildRequires:  openssl >= 0.9.8
BuildRequires:  pesign-obs-integration
%if 0%{?suse_version} >= 1210
# Package systemd services files grub2-once.service
BuildRequires:  systemd-rpm-macros
%define has_systemd 1
%if 0%{?suse_version} > 1320
BuildRequires:  update-bootloader-rpm-macros

# Modules code is dynamically loaded and collected from a _fixed_ path.
%define _libdir %{_exec_prefix}/lib

# Build grub2-emu everywhere (it may be "required" by 'grub2-once')
%define emu 1

%ifarch ppc ppc64 ppc64le
%define grubcpu powerpc
%define platform ieee1275
# emu does not build here yet... :-(
%define emu 0

%ifarch %{ix86} x86_64
%define grubcpu i386
%define platform pc

%ifarch s390x
%define grubcpu s390x
%define platform emu

%ifarch %{arm}
%define grubcpu arm
%define platform uboot

%ifarch aarch64
%define grubcpu arm64
%define platform efi
%define only_efi 1

%ifarch riscv64
%define grubcpu riscv64
%define platform efi
%define only_efi 1

%define grubarch %{grubcpu}-%{platform}

# build efi bootloader on some platforms only:
%if ! 0%{?efi:1}
%global efi %{ix86} x86_64 ia64 aarch64 %{arm} riscv64

%ifarch %{efi}
%ifarch %{ix86}
%define grubefiarch i386-efi
%ifarch aarch64
%define grubefiarch arm64-efi
%ifarch %{arm}
%define grubefiarch arm-efi
%define grubefiarch %{_target_cpu}-efi

%ifarch %{ix86}
%define grubxenarch i386-xen

%ifarch x86_64
%define grubxenarch x86_64-xen

%if %{platform} == emu
# force %%{emu} to 1, e.g. for s390
%define emu 1

%if 0%{?suse_version} == 1110
%define only_efi %{nil}
%define only_x86_64 %{nil}

Version:        2.04
Release:        0
Summary:        Bootloader with support for Linux, Multiboot and more
License:        GPL-3.0-or-later
Group:          System/Boot
Source1:        90_persistent
Source2:        grub.default
Source4:        grub2.rpmlintrc
Source6:        grub2-once
Source7:        20_memtest86+
Source8:        README.ibm3215
Source10:       openSUSE-UEFI-CA-Certificate.crt
Source11:       SLES-UEFI-CA-Certificate.crt
Source14:       80_suse_btrfs_snapshot
Source15:       grub2-once.service
Source16:       grub2-xen-pv-firmware.cfg
# required hook for systemd-sleep (bsc#941758)
Source1000:     PATCH_POLICY
Patch1:         rename-grub-info-file-to-grub2.patch
Patch2:         grub2-linux.patch
Patch3:         use-grub2-as-a-package-name.patch
Patch4:         info-dir-entry.patch
Patch6:         grub2-iterate-and-hook-for-extended-partition.patch
Patch8:         grub2-ppc-terminfo.patch
Patch9:         grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch
Patch10:        grub2-fix-error-terminal-gfxterm-isn-t-found.patch
Patch12:        grub2-fix-menu-in-xen-host-server.patch
Patch15:        not-display-menu-when-boot-once.patch
Patch17:        grub2-pass-corret-root-for-nfsroot.patch
Patch19:        grub2-efi-HP-workaround.patch
Patch21:        grub2-secureboot-add-linuxefi.patch
Patch22:        grub2-secureboot-use-linuxefi-on-uefi.patch
Patch23:        grub2-secureboot-no-insmod-on-sb.patch
Patch24:        grub2-secureboot-provide-linuxefi-config.patch
Patch25:        grub2-secureboot-chainloader.patch
Patch26:        grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch
Patch27:        grub2-linuxefi-fix-boot-params.patch
Patch37:        grub2-use-Unifont-for-starfield-theme-terminal.patch
Patch38:        grub2-s390x-01-Changes-made-and-files-added-in-order-to-allow-s390x.patch
Patch39:        grub2-s390x-02-kexec-module-added-to-emu.patch
Patch40:        grub2-s390x-03-output-7-bit-ascii.patch
Patch41:        grub2-s390x-04-grub2-install.patch
Patch42:        grub2-s390x-05-grub2-mkconfig.patch
Patch43:        grub2-use-rpmsort-for-version-sorting.patch
Patch53:        grub2-getroot-treat-mdadm-ddf-as-simple-device.patch
Patch56:        grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch
Patch58:        grub2-xen-linux16.patch
Patch59:        grub2-efi-disable-video-cirrus-and-bochus.patch
Patch60:        grub2-editenv-add-warning-message.patch
Patch61:        grub2-vbe-blacklist-preferred-1440x900x32.patch
Patch64:        grub2-grubenv-in-btrfs-header.patch
Patch65:        grub2-mkconfig-aarch64.patch
Patch70:        grub2-default-distributor.patch
Patch71:        grub2-menu-unrestricted.patch
Patch72:        grub2-mkconfig-arm.patch
Patch75:        grub2-s390x-06-loadparm.patch
Patch76:        grub2-s390x-07-add-image-param-for-zipl-setup.patch
Patch77:        grub2-s390x-08-workaround-part-to-disk.patch
Patch78:        grub2-commands-introduce-read_file-subcommand.patch
Patch79:        grub2-efi-chainload-harder.patch
Patch80:        grub2-emu-4-all.patch
Patch81:        grub2-lvm-allocate-metadata-buffer-from-raw-contents.patch
Patch82:        grub2-diskfilter-support-pv-without-metadatacopies.patch
Patch83:        grub2-efi-uga-64bit-fb.patch
Patch84:        grub2-s390x-09-improve-zipl-setup.patch
Patch85:        grub2-getroot-scan-disk-pv.patch
Patch92:        grub2-util-30_os-prober-multiple-initrd.patch
Patch93:        grub2-getroot-support-nvdimm.patch
Patch94:        grub2-install-fix-not-a-directory-error.patch
Patch95:        grub2-verifiers-fix-system-freeze-if-verify-failed.patch
Patch96:        grub-install-force-journal-draining-to-ensure-data-i.patch
Patch97:        grub2-s390x-skip-zfcpdump-image.patch
# Btrfs snapshot booting related patches
Patch101:       grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
Patch102:       grub2-btrfs-02-export-subvolume-envvars.patch
Patch103:       grub2-btrfs-03-follow_default.patch
Patch104:       grub2-btrfs-04-grub2-install.patch
Patch105:       grub2-btrfs-05-grub2-mkconfig.patch
Patch106:       grub2-btrfs-06-subvol-mount.patch
Patch107:       grub2-btrfs-07-subvol-fallback.patch
Patch108:       grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch
Patch109:       grub2-btrfs-09-get-default-subvolume.patch
Patch110:       grub2-btrfs-10-config-directory.patch
Patch111:       0001-btrfs-disable-zstd-support-for-i386-pc.patch
# Support EFI xen loader
Patch120:       grub2-efi-xen-chainload.patch
Patch121:       grub2-efi-chainloader-root.patch
Patch122:       grub2-efi-xen-cmdline.patch
Patch123:       grub2-efi-xen-cfg-unquote.patch
Patch124:       grub2-efi-xen-removable.patch
# Hidden menu entry and hotkey "t" for text console
Patch140:       grub2-Add-hidden-menu-entries.patch
Patch141:       grub2-SUSE-Add-the-t-hotkey.patch
# Linux root device related patches
Patch163:       grub2-zipl-setup-fix-btrfs-multipledev.patch
Patch164:       grub2-suse-remove-linux-root-param.patch
# PPC64 LE support
Patch205:       grub2-ppc64le-disable-video.patch
Patch207:       grub2-ppc64le-memory-map.patch
# PPC 
Patch211:       grub2-ppc64-cas-reboot-support.patch
Patch212:       grub2-install-remove-useless-check-PReP-partition-is-empty.patch
Patch213:       grub2-Fix-incorrect-netmask-on-ppc64.patch
Patch215:       grub2-ppc64-cas-new-scope.patch
Patch218:       grub2-ppc64-cas-fix-double-free.patch
Patch233:       grub2-use-stat-instead-of-udevadm-for-partition-lookup.patch
Patch234:       fix-grub2-use-stat-instead-of-udevadm-for-partition-lookup-with-new-glibc.patch
Patch236:       grub2-efi_gop-avoid-low-resolution.patch
# Support HTTP Boot IPv4 and IPv6 (fate#320129)
Patch281:       0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch
Patch282:       0003-bootp-New-net_bootp6-command.patch
Patch283:       0004-efinet-UEFI-IPv6-PXE-support.patch
Patch284:       0005-grub.texi-Add-net_bootp6-doument.patch
Patch285:       0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch
Patch286:       0007-efinet-Setting-network-from-UEFI-device-path.patch
Patch287:       0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch
# Fix GOP BLT support (FATE#322332)
Patch311:       grub2-efi-gop-add-blt.patch
# TPM Support (FATE#315831)
Patch411:       0012-tpm-Build-tpm-as-module.patch
# UEFI HTTP and related network protocol support (FATE#320130)
Patch420:       0001-add-support-for-UEFI-network-protocols.patch
Patch421:       0002-AUDIT-0-http-boot-tracker-bug.patch
# check if default entry need to be corrected for updated distributor version 
# and/or use fallback entry if default kernel entry removed (bsc#1065349)
Patch430:       grub2-mkconfig-default-entry-correction.patch
Patch431:       grub2-s390x-10-keep-network-at-kexec.patch
Patch432:       grub2-s390x-11-secureboot.patch
# Support for UEFI Secure Boot on AArch64 (FATE#326541)
Patch450:       grub2-secureboot-install-signed-grub.patch
Patch501:       grub2-btrfs-help-on-snapper-rollback.patch
# Improved hiDPI device support (FATE#326680)
Patch510:       grub2-video-limit-the-resolution-for-fixed-bimap-font.patch
# Support long menuentries (FATE#325760)
Patch511:       grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch
# RISC-V fixes
Patch601:       risc-v-fix-computation-of-pc-relative-relocation-offset.patch
Patch602:       risc-v-add-clzdi2-symbol.patch
Patch603:       grub-install-define-default-platform-for-risc-v.patch
# Fix gcc-10 build fail
Patch610:       0001-mdraid1x_linux-Fix-gcc10-error-Werror-array-bounds.patch
Patch611:       0002-zfs-Fix-gcc10-error-Werror-zero-length-bounds.patch
# bsc#1166409 - Grub netbooting does not search for grub.cfg files with mac
# address or ip address in filename
Patch700:       0001-normal-Move-common-datetime-functions-out-of-the-nor.patch
Patch701:       0002-kern-Add-X-option-to-printf-functions.patch
Patch702:       0003-normal-main-Search-for-specific-config-files-for-net.patch
Patch703:       0004-datetime-Enable-the-datetime-module-for-the-emu-plat.patch
# bsc#1168994 VUL-0: EMBARGOED: CVE-2020-10713: grub2: parsing overflows can
# bypass secure boot restrictions
Patch704:       0001-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch
# bsc#1173812 VUL-0: EMBARGOED: CVE-2020-14308, CVE-2020-14309, CVE-2020-14310,
# CVE-2020-14311: grub2: avoid integer overflows
Patch705:       0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch
Patch706:       0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch
Patch707:       0004-calloc-Use-calloc-at-most-places.patch
Patch708:       0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch
Patch709:       0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch
Patch710:       0007-font-Do-not-load-more-than-one-NAME-section.patch
# bsc#1174463 VUL-0: EMBARGOED: CVE-2020-15706: grub2: script: Avoid a
# use-after-free when redefining a function during execution
Patch711:       0008-script-Remove-unused-fields-from-grub_script_functio.patch
Patch712:       0009-script-Avoid-a-use-after-free-when-redefining-a-func.patch
# bsc#1174570 VUL-0: EMBARGOED: CVE-2020-15707: grub2: linux: Fix integer
# overflows in initrd size handling
Patch713:       0010-linux-Fix-integer-overflows-in-initrd-size-handling.patch
Patch714:       0001-kern-mm.c-Make-grub_calloc-inline.patch
Patch716:       0002-cmdline-Provide-cmdline-functions-as-module.patch
# bsc#1172745 L3: SLES 12 SP4 - Slow boot of system after updated kernel -
# takes 45 minutes after grub to start loading kernel
Patch717:       0001-ieee1275-powerpc-implements-fibre-channel-discovery-.patch
Patch718:       0002-ieee1275-powerpc-enables-device-mapper-discovery.patch
Patch719:       0001-Unify-the-check-to-enable-btrfs-relative-path.patch
Patch721:       0001-efi-linux-provide-linux-command.patch
# Improve the error handling when grub2-install fails with short mbr gap
# (bsc#1176062)
Patch722:       0001-Warn-if-MBR-gap-is-small-and-user-uses-advanced-modu.patch
Patch723:       0002-grub-install-Avoid-incompleted-install-on-i386-pc.patch
# Boothole2
Patch740:       0001-include-grub-i386-linux.h-Include-missing-grub-types.patch
Patch741:       0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch
Patch742:       0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch
Patch743:       0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch
Patch744:       0005-efi-Add-secure-boot-detection.patch
Patch745:       0006-efi-Only-register-shim_lock-verifier-if-shim_lock-pr.patch
Patch746:       0007-verifiers-Move-verifiers-API-to-kernel-image.patch
Patch747:       0008-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch
Patch748:       0009-kern-Add-lockdown-support.patch
Patch749:       0010-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch
Patch750:       0011-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch
Patch751:       0012-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch
Patch752:       0013-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch
Patch753:       0014-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch
Patch754:       0015-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch
Patch755:       0016-commands-setpci-Restrict-setpci-command-when-locked-.patch
Patch756:       0017-commands-hdparm-Restrict-hdparm-command-when-locked-.patch
Patch757:       0018-gdb-Restrict-GDB-access-when-locked-down.patch
Patch758:       0019-loader-xnu-Don-t-allow-loading-extension-and-package.patch
Patch759:       0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch
Patch760:       0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch
Patch761:       0022-lib-arg-Block-repeated-short-options-that-require-an.patch
Patch762:       0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch
Patch763:       0024-kern-parser-Fix-resource-leak-if-argc-0.patch
Patch764:       0025-kern-parser-Fix-a-memory-leak.patch
Patch765:       0026-kern-parser-Introduce-process_char-helper.patch
Patch766:       0027-kern-parser-Introduce-terminate_arg-helper.patch
Patch767:       0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch
Patch768:       0029-kern-buffer-Add-variable-sized-heap-buffer.patch
Patch769:       0030-kern-parser-Fix-a-stack-buffer-overflow.patch
Patch770:       0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch
Patch771:       0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch
Patch772:       0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch
Patch773:       0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch
Patch774:       0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch
Patch775:       0036-util-mkimage-Improve-data_size-value-calculation.patch
Patch776:       0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch
Patch777:       0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch
Patch778:       0039-grub-install-common-Add-sbat-option.patch
Patch779:       0040-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch
Patch780:       0041-squash-Add-secureboot-support-on-efi-chainloader.patch
Patch781:       0042-squash-grub2-efi-chainload-harder.patch
Patch782:       0043-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch
Patch783:       0044-squash-kern-Add-lockdown-support.patch
Patch784:       0045-squash-verifiers-Move-verifiers-API-to-kernel-image.patch

Requires:       gettext-runtime
%if 0%{?suse_version} >= 1140
%ifnarch s390x
Recommends:     os-prober
# xorriso not available using grub2-mkrescue (bnc#812681)
# downgrade to suggest as minimal system can't afford pulling in tcl/tk and half of the x11 stack (bsc#1102515)
Suggests:       libburnia-tools
Suggests:       mtools
%if ! 0%{?only_efi:1}
Requires:       grub2-%{grubarch} = %{version}-%{release}
%ifarch s390x
# required utilities by grub2-s390x-04-grub2-install.patch
# use 'showconsole' to determine console device. (bnc#876743)
Requires:       /sbin/showconsole
Requires:       kexec-tools
# for /sbin/zipl used by grub2-zipl-setup
Requires:       s390-tools
%ifarch ppc64 ppc64le
Requires:       powerpc-utils

BuildRoot:      %{_tmppath}/%{name}-%{version}-build

%if 0%{?only_x86_64:1}
ExclusiveArch:  x86_64
ExclusiveArch:  %{ix86} x86_64 ppc ppc64 ppc64le s390x aarch64 %{arm} riscv64

This is the second version of the GRUB (Grand Unified Bootloader), a
highly configurable and customizable bootloader with modular
architecture.  It support rich scale of kernel formats, file systems,
computer architectures and hardware devices.

This package includes user space utlities to manage GRUB on your system.

    Gordon Matzigkeit
    Yoshinori K. Okuji
    Colin Watson
    Colin D. Bennett
    Vesa Jääskeläinen
    Robert Millan
    Carles Pina

%package branding-upstream

Summary:        Upstream branding for GRUB2's graphical console
Group:          System/Fhs
Requires:       %{name} = %{version}

%description branding-upstream
Upstream branding for GRUB2's graphical console

%if ! 0%{?only_efi:1}
%package %{grubarch}

Summary:        Bootloader with support for Linux, Multiboot and more
Group:          System/Boot
%if %{platform} != emu
BuildArch:      noarch
Requires:       %{name} = %{version}
Requires(post):	%{name} = %{version}
%if 0%{?update_bootloader_requires:1}
Requires:       perl-Bootloader
Requires(post): perl-Bootloader

%description %{grubarch}
The GRand Unified Bootloader (GRUB) is a highly configurable and customizable
bootloader with modular architecture.  It supports rich variety of kernel formats,
file systems, computer architectures and hardware devices.  This subpackage
provides support for %{platform} systems.

%package %{grubarch}-debug
Summary:        Debug symbols for %{grubarch}
Group:          System/Boot
%if %{platform} != emu
BuildArch:      noarch
Requires:       %{name}-%{grubarch} = %{version}

%description %{grubarch}-debug
Debug information for %{name}-%{grubarch}

Information on how to debug grub can be found online:


%ifarch %{efi}

%package %{grubefiarch}

Summary:        Bootloader with support for Linux, Multiboot and more
Group:          System/Boot
BuildArch:      noarch
# Require efibootmgr
# Without it grub-install is broken so break the package as well if unavailable
Requires:       efibootmgr
Requires(post): efibootmgr
Requires:       %{name} = %{version}
Requires(post):	%{name} = %{version}
%if 0%{?update_bootloader_requires:1}
Requires:       perl-Bootloader >= 0.706
Requires(post): perl-Bootloader >= 0.706
Provides:       %{name}-efi = %{version}-%{release}
Obsoletes:      %{name}-efi < %{version}-%{release}

%description %{grubefiarch}
The GRand Unified Bootloader (GRUB) is a highly configurable and customizable
bootloader with modular architecture.  It supports rich variety of kernel formats,
file systems, computer architectures and hardware devices.  This subpackage
provides support for EFI systems.

%package %{grubefiarch}-debug
Summary:        Debug symbols for %{grubefiarch}
Group:          System/Boot
%if %{platform} != emu
BuildArch:      noarch
Requires:       %{name}-%{grubefiarch} = %{version}

%description %{grubefiarch}-debug
Debug symbols for %{name}-%{grubefiarch}

Information on how to debug grub can be found online:


%ifarch %{ix86} x86_64

%package %{grubxenarch}

Summary:        Bootloader with support for Linux, Multiboot and more
Group:          System/Boot
Provides:       %{name}-xen = %{version}-%{release}
Obsoletes:      %{name}-xen < %{version}-%{release}
BuildArch:      noarch

%description %{grubxenarch}
The GRand Unified Bootloader (GRUB) is a highly configurable and customizable
bootloader with modular architecture.  It supports rich variety of kernel formats,
file systems, computer architectures and hardware devices.  This subpackage
provides support for XEN systems.


%package snapper-plugin

Summary:        Grub2's snapper plugin
Group:          System/Fhs
Requires:       %{name} = %{version}
Requires:       libxml2-tools
Supplements:    packageand(snapper:grub2)
BuildArch:      noarch

%description snapper-plugin
Grub2's snapper plugin for advanced btrfs snapshot boot menu management

%if 0%{?has_systemd:1}
%package systemd-sleep-plugin

Summary:        Grub2's systemd-sleep plugin
Group:          System/Fhs
Requires:       grub2
Requires:       util-linux
Supplements:    packageand(systemd:grub2)
BuildArch:      noarch

%description systemd-sleep-plugin
Grub2's systemd-sleep plugin for directly booting hibernated kernel image in
swap partition while in resuming

# We create (if we build for efi) two copies of the sources in the Builddir
%setup -q -n grub-%{version}
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch6 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch12 -p1
%patch15 -p1
%patch17 -p1
%patch19 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch35 -p1
%patch37 -p1
%patch38 -p1
%patch39 -p1
%patch40 -p1
%patch41 -p1
%patch42 -p1
%patch43 -p1
%patch53 -p1
%patch56 -p1
%patch58 -p1
%patch59 -p1
%patch60 -p1
%patch61 -p1
%patch64 -p1
%patch65 -p1
%patch70 -p1
%patch71 -p1
%patch72 -p1
%patch75 -p1
%patch76 -p1
%patch77 -p1
%patch78 -p1
%patch79 -p1
%patch80 -p1
%patch81 -p1
%patch82 -p1
%patch83 -p1
%patch84 -p1
%patch85 -p1
%patch92 -p1
%patch93 -p1
%patch94 -p1
%patch95 -p1
%patch96 -p1
%patch97 -p1
%patch101 -p1
%patch102 -p1
%patch103 -p1
%patch104 -p1
%patch105 -p1
%patch106 -p1
%patch107 -p1
%patch108 -p1
%patch109 -p1
%patch110 -p1
%patch111 -p1
%patch120 -p1
%patch121 -p1
%patch122 -p1
%patch123 -p1
%patch124 -p1
%patch140 -p1
%patch141 -p1
%patch163 -p1
%patch164 -p1
%patch205 -p1
%patch207 -p1
%patch211 -p1
%patch212 -p1
%patch213 -p1
%patch215 -p1
%patch218 -p1
%patch233 -p1
%patch234 -p1
%patch236 -p1
%patch281 -p1
%patch282 -p1
%patch283 -p1
%patch284 -p1
%patch285 -p1
%patch286 -p1
%patch287 -p1
%patch311 -p1
%patch411 -p1
%patch420 -p1
%patch421 -p1
%patch430 -p1
%patch431 -p1
%patch432 -p1
%patch450 -p1
%patch501 -p1
%patch510 -p1
%patch511 -p1
%patch601 -p1
%patch602 -p1
%patch603 -p1
%patch610 -p1
%patch611 -p1
%patch700 -p1
%patch701 -p1
%patch702 -p1
%patch703 -p1
%patch704 -p1
%patch705 -p1
%patch706 -p1
%patch707 -p1
%patch708 -p1
%patch709 -p1
%patch710 -p1
%patch711 -p1
%patch712 -p1
%patch713 -p1
%patch714 -p1
%patch716 -p1
%patch717 -p1
%patch718 -p1
%patch719 -p1
%patch721 -p1
%patch722 -p1
%patch723 -p1
%patch740 -p1
%patch741 -p1
%patch742 -p1
%patch743 -p1
%patch744 -p1
%patch745 -p1
%patch746 -p1
%patch747 -p1
%patch748 -p1
%patch749 -p1
%patch750 -p1
%patch751 -p1
%patch752 -p1
%patch753 -p1
%patch754 -p1
%patch755 -p1
%patch756 -p1
%patch757 -p1
%patch758 -p1
%patch759 -p1
%patch760 -p1
%patch761 -p1
%patch762 -p1
%patch763 -p1
%patch764 -p1
%patch765 -p1
%patch766 -p1
%patch767 -p1
%patch768 -p1
%patch769 -p1
%patch770 -p1
%patch771 -p1
%patch772 -p1
%patch773 -p1
%patch774 -p1
%patch775 -p1
%patch776 -p1
%patch777 -p1
%patch778 -p1
%patch779 -p1
%patch780 -p1
%patch781 -p1
%patch782 -p1
%patch783 -p1
%patch784 -p1

# collect evidence to debug spurious build failure on SLE15
ulimit -a
# patches above may update the timestamp of grub.texi
# and via build-aux/mdate-sh they end up in, breaking build-compare
[ -z "$SOURCE_DATE_EPOCH" ] ||\
  [ `stat -c %Y docs/grub.texi` -lt $SOURCE_DATE_EPOCH ] ||\
  touch -d@$SOURCE_DATE_EPOCH docs/grub.texi

# This simplifies patch handling without need to use git to create patch
# that renames file
mv docs/grub.texi docs/grub2.texi

cp %{SOURCE8} .
mkdir build
%ifarch %{efi}
mkdir build-efi
%ifarch %{ix86} x86_64
mkdir build-xen
%if %{emu}
mkdir build-emu

export PYTHON=%{_bindir}/python3
[ -x $PYTHON ] || unset PYTHON   # try 'python', if 'python3' is unavailable
# autogen calls autoreconf -vi
# Not yet:
%define common_conf_options TARGET_LDFLAGS=-static --program-transform-name=s,grub,%{name},
# This does NOT work on SLE11:
%define _configure ../configure

# We don't want to let rpm override *FLAGS with default a.k.a bogus values.
CFLAGS="-fno-strict-aliasing -fno-inline-functions-called-once "

%if %{emu}
cd build-emu
%define arch_specific --enable-device-mapper --disable-grub-mount

# -static is needed so that autoconf script is able to link
# test that looks for _start symbol on 64 bit platforms
	--prefix=%{_prefix}		\
	--libdir=%{_datadir}		\
	--sysconfdir=%{_sysconfdir}	\
        --target=%{_target_platform}    \
        --with-platform=emu     \
	%{arch_specific}                \
make %{?_smp_mflags}
cd ..
if [ "%{platform}" = "emu" ]; then
  rmdir build
  mv build-emu build

%ifarch %{ix86} x86_64
cd build-xen
../configure                           \
        TARGET_LDFLAGS=-static         \
        --prefix=%{_prefix}            \
        --libdir=%{_datadir}           \
        --sysconfdir=%{_sysconfdir}    \
        --target=%{_target_platform}   \
        --with-platform=xen            \
make %{?_smp_mflags}

./grub-mkstandalone --grub-mkimage=./grub-mkimage -o grub.xen -O %{grubxenarch} -d grub-core/ "/boot/grub/grub.cfg=%{SOURCE16}"

cd ..

%ifarch %{efi}
cd build-efi
../configure   				                \
        TARGET_LDFLAGS=-static                          \
	--prefix=%{_prefix}				\
	--libdir=%{_datadir}				\
	--sysconfdir=%{_sysconfdir}			\
        --target=%{_target_platform}                    \
        --with-platform=efi                             \
make %{?_smp_mflags}

#TODO: add efifwsetup module

FS_MODULES="btrfs ext2 xfs jfs reiserfs"
CD_MODULES=" all_video boot cat chain configfile echo true \
		efinet font gfxmenu gfxterm gzio halt iso9660 \
		jpeg minicmd normal part_apple part_msdos part_gpt \
		password_pbkdf2 png reboot search search_fs_uuid \
		search_fs_file search_label sleep test video fat loadenv"
PXE_MODULES="efinet tftp http"
CRYPTO_MODULES="luks gcry_rijndael gcry_sha1 gcry_sha256"

%ifarch x86_64
CD_MODULES="${CD_MODULES} linuxefi" 

# SBAT metadata
%if 0%{?is_opensuse} == 1
distro_name="The openSUSE Project"
distro_name="SUSE Linux Enterprise"
echo "sbat,1,SBAT Version,sbat,1," > sbat.csv
echo "grub,${upstream_sbat},Free Software Foundation,grub,%{version}," >> sbat.csv
echo "grub.${distro_id},${distro_sbat},${distro_name},%{name},%{version}," >> sbat.csv

GRUB_MODULES="${CD_MODULES} ${FS_MODULES} ${PXE_MODULES} ${CRYPTO_MODULES} mdraid09 mdraid1x lvm serial"
./grub-mkimage -O %{grubefiarch} -o grub.efi --prefix= --sbat sbat.csv \
		-d grub-core ${GRUB_MODULES}
%ifarch x86_64
./grub-mkimage -O %{grubefiarch} -o grub-tpm.efi --prefix= --sbat sbat.csv \
		-d grub-core ${GRUB_MODULES} tpm

%ifarch x86_64 aarch64
%if 0%{?suse_version} >= 1230 || 0%{?suse_version} == 1110
if test -e %{_sourcedir}/_projectcert.crt ; then
    prjsubject=$(openssl x509 -in %{_sourcedir}/_projectcert.crt -noout -subject_hash)
    prjissuer=$(openssl x509 -in %{_sourcedir}/_projectcert.crt -noout -issuer_hash)
    opensusesubject=$(openssl x509 -in %{SOURCE10} -noout -subject_hash)
    slessubject=$(openssl x509 -in %{SOURCE11} -noout -subject_hash)
    if test "$prjissuer" = "$opensusesubject" ; then
    if test "$prjissuer" = "$slessubject" ; then
    if test "$prjsubject" = "$prjissuer" ; then
if test -z "$cert" ; then
    echo "cannot identify project, assuming openSUSE signing"

openssl x509 -in $cert -outform DER -out grub.der

cd ..

%if ! 0%{?only_efi:1}
cd build

# 64-bit x86-64 machines use 32-bit boot loader
# (We cannot just redefine _target_cpu, as we'd get i386.rpm packages then)
%ifarch x86_64 
%define _target_platform i386-%{_vendor}-%{_target_os}%{?_gnu}

%if %{platform} != "emu"
%define arch_specific --enable-device-mapper

# -static is needed so that autoconf script is able to link
# test that looks for _start symbol on 64 bit platforms
../configure TARGET_LDFLAGS="$TLFLAGS"	\
	--prefix=%{_prefix}		\
	--libdir=%{_datadir}		\
	--sysconfdir=%{_sysconfdir}	\
        --target=%{_target_platform}    \
        --with-platform=%{platform}     \
	%{arch_specific}                \
make %{?_smp_mflags}
cd ..


%ifarch %{ix86} x86_64
cd build-xen
install -m 644 grub.xen %{buildroot}/%{_datadir}/%{name}/%{grubxenarch}/.
# provide compatibility sym-link for VM definitions pointing to old location
install -d %{buildroot}%{_libdir}/%{name}/%{grubxenarch}
ln -srf %{buildroot}%{_datadir}/%{name}/%{grubxenarch}/grub.xen %{buildroot}%{_libdir}/%{name}/%{grubxenarch}/grub.xen
cat <<-EoM >%{buildroot}%{_libdir}/%{name}/%{grubxenarch}/DEPRECATED
	This directory and its contents was moved to %{_datadir}/%{name}/%{grubxenarch}.
	Individual symbolic links are provided for a smooth transition.
	Please update your VM definition files to use the new location!
cd ..

%ifarch %{efi}
cd build-efi
install -m 644 grub.efi %{buildroot}/%{_datadir}/%{name}/%{grubefiarch}/.
%ifarch x86_64
install -m 644 grub-tpm.efi %{buildroot}/%{_datadir}/%{name}/%{grubefiarch}/.

# Create grub.efi link to system efi directory
# This is for tools like kiwi not fiddling with the path
%define sysefibasedir %{_datadir}/efi
%define sysefidir %{sysefibasedir}/%{_target_cpu} 
install -d %{buildroot}/%{sysefidir}
ln -sr %{buildroot}/%{_datadir}/%{name}/%{grubefiarch}/grub.efi %{buildroot}%{sysefidir}/grub.efi
%ifarch x86_64
# provide compatibility sym-link for previous shim-install and the like
install -d %{buildroot}/usr/lib64/efi
ln -srf %{buildroot}/%{_datadir}/%{name}/%{grubefiarch}/grub.efi %{buildroot}/usr/lib64/efi/grub.efi
cat <<-EoM >%{buildroot}/usr/lib64/efi/DEPRECATED
	This directory and its contents was moved to %{_datadir}/efi/x86_64.
	Individual symbolic links are provided for a smooth transition and
	may vanish at any point in time.  Please use the new location!

%ifarch x86_64 aarch64
%if 0%{?suse_version} >= 1230 || 0%{?suse_version} == 1110
export BRP_PESIGN_FILES="%{_datadir}/%{name}/%{grubefiarch}/grub.efi"
%ifarch x86_64
BRP_PESIGN_FILES="${BRP_PESIGN_FILES} %{_datadir}/%{name}/%{grubefiarch}/grub-tpm.efi"
install -m 444 grub.der %{buildroot}/%{sysefidir}/

cd ..

%if ! 0%{?only_efi:1}
cd build
cd ..

if [ "%{platform}" = "emu" ]; then
  # emu-lite is currently broken (and not needed), don't install!
  rm -f %{buildroot}/%{_bindir}/%{name}-emu-lite
elif [ -d build-emu/grub-core ]; then
  cd build-emu/grub-core
  install -m 755 grub-emu %{buildroot}/%{_bindir}/%{name}-emu
  if false; then
    # this needs to go to '-emu'-package; until that is ready, don't install!
    install -m 755 grub-emu-lite %{buildroot}/%{_bindir}/%{name}-emu-lite
    rm -f %{buildroot}/%{_bindir}/%{name}-emu-lite
  install -m 644 grub-emu.1 %{buildroot}/%{_mandir}/man1/%{name}-emu.1
  cd ../..

# *.module files are installed with executable bits due to the way grub2 build
# system works. Clear executable bits to not confuse
find %{buildroot}/%{_datadir}/%{name} \
       \( -name '*.module' -o -name '*.image' -o -name '*.exec' \) -print0 | \
       xargs --no-run-if-empty -0 chmod a-x

# Script that makes part of grub.cfg persist across updates
install -m 755 %{SOURCE1} %{buildroot}/%{_sysconfdir}/grub.d/

# Script to generate memtest86+ menu entry
install -m 755 %{SOURCE7} %{buildroot}/%{_sysconfdir}/grub.d/

# Ghost config file
install -d %{buildroot}/boot/%{name}
touch %{buildroot}/boot/%{name}/grub.cfg

# Remove devel files
rm %{buildroot}/%{_datadir}/%{name}/*/*.h
%if 0%{?suse_version} >= 1140
rm %{buildroot}/%{_datadir}/%{name}/*.h

# Defaults
install -m 644 -D %{SOURCE2} %{buildroot}/%{_sysconfdir}/default/grub
install -m 755 -D %{SOURCE6} %{buildroot}/%{_sbindir}/grub2-once
install -m 755 -D %{SOURCE12} %{buildroot}/%{_libdir}/snapper/plugins/grub
install -m 755 -D %{SOURCE14} %{buildroot}/%{_sysconfdir}/grub.d/80_suse_btrfs_snapshot
%if 0%{?has_systemd:1}
install -m 644 -D %{SOURCE15} %{buildroot}/%{_unitdir}/grub2-once.service
install -m 755 -D %{SOURCE17} %{buildroot}/%{_libdir}/systemd/system-sleep/grub2.sleep
install -m 755 -D %{SOURCE18} %{buildroot}/%{_sbindir}/grub2-check-default

%ifarch %{ix86} x86_64
rm -f $R%{_sysconfdir}/grub.d/20_memtest86+

%ifarch ppc ppc64 ppc64le
rm -f $R%{_sysconfdir}/grub.d/20_ppc_terminfo

%ifarch s390x
mv $R%{_sysconfdir}/{grub.d,default}/
chmod 600 $R%{_sysconfdir}/default/

%define dracutlibdir %{_prefix}/lib/dracut
%define dracutgrubmoddir %{dracutlibdir}/modules.d/99grub2
install -m 755 -d $R%{dracutgrubmoddir}
for f in; do
  mv $R%{_datadir}/%{name}/%{grubarch}/dracut-$f $R%{dracutgrubmoddir}/$f
mv $R%{_datadir}/%{name}/%{grubarch}/dracut-zipl-refresh \
rm -f $R%{_sysconfdir}/grub.d/30_os-prober

perl -ni -e '
  sub END() {
    print "\n# on s390x always:\nGRUB_DISABLE_OS_PROBER=true\n";
  if ( s{^#?(GRUB_TERMINAL)=(console|gfxterm)}{$1=console} ) {
    $_ .= "GRUB_GFXPAYLOAD_LINUX=text\n";
  if (	m{^# The resolution used on graphical} ||
	m{^# # note that you can use only modes} ||
	m{^# you can see them in real GRUB} ||
	m{^#?GRUB_GFXMODE=} ) {
  s{openSUSE}{SUSE Linux Enterprise Server} if (m{^GRUB_DISTRIBUTOR});
'  %{buildroot}/%{_sysconfdir}/default/grub

%find_lang %{name}
%fdupes %buildroot%{_bindir}
%fdupes %buildroot%{_libdir}
%fdupes %buildroot%{_datadir}

%service_add_pre grub2-once.service

%service_add_post grub2-once.service

%if ! 0%{?only_efi:1}

%post %{grubarch}
%if 0%{?update_bootloader_check_type_reinit_post:1} 
%update_bootloader_check_type_reinit_post grub2
# To check by current loader settings
if [ -f %{_sysconfdir}/sysconfig/bootloader ]; then
  . %{_sysconfdir}/sysconfig/bootloader

# If the grub is the current loader, we'll handle the grub2 testing entry
if [ "x${LOADER_TYPE}" = "xgrub" ]; then

  exec >/dev/null 2>&1

  # check if entry for grub2's core.img exists in the config
  # if yes, we will correct obsoleted path and update grub2 stuff and config to make it work
  # if no, do nothing
  if [ -f /boot/grub/menu.lst ]; then

    # If grub config contains obsolete core.img path, remove and use the new one
    if /usr/bin/grep -l "^\s*kernel\s*.*/boot/%{name}/core.img" /boot/grub/menu.lst; then
      /sbin/update-bootloader --remove --image /boot/%{name}/core.img || true
      /sbin/update-bootloader --add --image /boot/%{name}/i386-pc/core.img --name "GNU GRUB 2" || true

    # Install grub2 stuff and config to make the grub2 testing entry to work with updated version
    if /usr/bin/grep -l "^\s*kernel\s*.*/boot/%{name}/i386-pc/core.img" /boot/grub/menu.lst; then
      # Determine the partition with /boot
      BOOT_PARTITION=$(df -h /boot | sed -n '2s/[[:blank:]].*//p')
      # Generate core.img, but don't let it be installed in boot sector
      %{name}-install --no-bootsector $BOOT_PARTITION || true
      # Create a working grub2 config, otherwise that entry is un-bootable
      /usr/sbin/grub2-mkconfig -o /boot/%{name}/grub.cfg

elif [ "x${LOADER_TYPE}" = "xgrub2" ]; then

  # It's enought to call update-bootloader to install grub2 and update it's config
  # Use new --reinit, if not available use --refresh
  # --reinit: install and update bootloader config
  # --refresh: update bootloader config
  /sbin/update-bootloader --reinit 2>&1 | grep -q 'Unknown option: reinit' &&
  /sbin/update-bootloader --refresh || true

%posttrans %{grubarch}


%ifarch %{efi}

%post %{grubefiarch}
%if 0%{?update_bootloader_check_type_reinit_post:1} 
%update_bootloader_check_type_reinit_post grub2-efi
# To check by current loader settings
if [ -f %{_sysconfdir}/sysconfig/bootloader ]; then
  . %{_sysconfdir}/sysconfig/bootloader

if [ "x${LOADER_TYPE}" = "xgrub2-efi" ]; then

  if [ -d /boot/%{name}-efi ]; then
    # Migrate settings to standard prefix /boot/grub2
    for i in custom.cfg grubenv; do
      [ -f /boot/%{name}-efi/$i ] && cp -a /boot/%{name}-efi/$i /boot/%{name} || :


  # It's enough to call update-bootloader to install grub2 and update it's config
  # Use new --reinit, if not available use --refresh
  # --reinit: install and update bootloader config
  # --refresh: update bootloader config
  /sbin/update-bootloader --reinit 2>&1 | grep -q 'Unknown option: reinit' &&
  /sbin/update-bootloader --refresh || true

if [ -d /boot/%{name}-efi ]; then
  mv /boot/%{name}-efi /boot/%{name}-efi.rpmsave

exit 0

%posttrans %{grubefiarch}


%service_del_preun grub2-once.service
# We did not add core.img to grub1 menu.lst in new update-bootloader macro as what
# the old %%post ever did, then the %%preun counterpart which removed the added core.img
# entry from old %%post can be skipped entirely if having new macro in use.
%if ! 0%{?update_bootloader_posttrans:1}%{?only_efi:1}
if [ $1 = 0 ]; then
  # To check by current loader settings
  if [ -f %{_sysconfdir}/sysconfig/bootloader ]; then
    . %{_sysconfdir}/sysconfig/bootloader

  if [ "x${LOADER_TYPE}" = "xgrub" ]; then

    exec >/dev/null 2>&1

    if [ -f /boot/grub/menu.lst ]; then

      # Remove grub2 testing entry in menu.lst if has any
      for i in /boot/%{name}/core.img /boot/%{name}/i386-pc/core.img; do
        if /usr/bin/grep -l "^\s*kernel\s*.*$i" /boot/grub/menu.lst; then
          /sbin/update-bootloader --remove --image "$i" || true

    # Cleanup config, to not confuse some tools determining bootloader in use
    rm -f /boot/%{name}/grub.cfg

    # Cleanup installed files
    # Unless grub2 provides grub2-uninstall, we don't remove any file because
    # we have no idea what's been installed. (And a blind remove is dangerous
    # to remove user's or other package's file accidently ..)

%service_del_postun grub2-once.service

%files -f %{name}.lang
%if 0%{?suse_version} < 1500
%license COPYING
%doc THANKS TODO ChangeLog
%doc docs/autoiso.cfg docs/osdetect.cfg
%ifarch s390x
%doc README.ibm3215
%dir /boot/%{name}
%ghost /boot/%{name}/grub.cfg
%config(noreplace) %{_sysconfdir}/default/grub
%dir %{_sysconfdir}/grub.d
%config(noreplace) %{_sysconfdir}/grub.d/00_header
%config(noreplace) %{_sysconfdir}/grub.d/10_linux
%config(noreplace) %{_sysconfdir}/grub.d/20_linux_xen
%config(noreplace) %{_sysconfdir}/grub.d/40_custom
%config(noreplace) %{_sysconfdir}/grub.d/41_custom
%config(noreplace) %{_sysconfdir}/grub.d/90_persistent
%config(noreplace) %{_sysconfdir}/grub.d/95_textmode
%ifarch %{ix86} x86_64
%config(noreplace) %{_sysconfdir}/grub.d/20_memtest86+
%ifarch ppc ppc64 ppc64le
%config(noreplace) %{_sysconfdir}/grub.d/20_ppc_terminfo
%ifarch s390x
%config(noreplace) %{_sysconfdir}/default/
%if 0%{?has_systemd:1}
%dir %{_datadir}/%{name}
%dir %{_datadir}/%{name}/themes
%if 0%{?suse_version} >= 1140
%if %{emu}
%ifnarch s390x
%config(noreplace) %{_sysconfdir}/grub.d/30_os-prober

%files branding-upstream

%if ! 0%{?only_efi:1}

%files %{grubarch}
%dir %{_datadir}/%{name}/%{grubarch}
%ifarch ppc ppc64 ppc64le
# This is intentionally "grub.chrp" and not "%%{name}.chrp"
%ifnarch ppc ppc64 ppc64le s390x %{arm}
%ifarch x86_64

%files %{grubarch}-debug


%ifarch %{efi}

%files %{grubefiarch}
%dir %{_datadir}/%{name}/%{grubefiarch}
%ifarch x86_64
%dir %{sysefibasedir}
%dir %{sysefidir}
%if 0%{?suse_version} < 1600
%ifarch x86_64
# provide compatibility sym-link for previous shim-install and kiwi
%dir /usr/lib64/efi

%ifarch x86_64 aarch64
%if 0%{?suse_version} >= 1230 || 0%{?suse_version} == 1110

%files %{grubefiarch}-debug


%files snapper-plugin
%dir %{_libdir}/snapper
%dir %{_libdir}/snapper/plugins
%config(noreplace) %{_sysconfdir}/grub.d/80_suse_btrfs_snapshot

%ifarch %{ix86} x86_64
%files %{grubxenarch}
%dir %{_datadir}/%{name}/%{grubxenarch}
# provide compatibility sym-link for VM definitions pointing to old location
%dir %{_libdir}/%{name}

%if 0%{?has_systemd:1}
%files systemd-sleep-plugin
%dir %{_libdir}/systemd/system-sleep

openSUSE Build Service is sponsored by