File grub2.spec of Package grub2.35172
#
# spec file for package grub2
#
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# needssslcertforbuild
%define _binaries_in_noarch_package_terminate_build 0
Name: grub2
%ifarch x86_64 ppc64
BuildRequires: gcc-32bit
BuildRequires: glibc-32bit
BuildRequires: glibc-devel-32bit
%else
BuildRequires: gcc
BuildRequires: glibc-devel
%endif
BuildRequires: automake
BuildRequires: bison
BuildRequires: device-mapper-devel
BuildRequires: fdupes
BuildRequires: flex
BuildRequires: freetype2-devel
BuildRequires: fuse-devel
%if 0%{?suse_version} >= 1140
BuildRequires: dejavu-fonts
BuildRequires: gnu-unifont
%endif
BuildRequires: help2man
BuildRequires: xz
%if 0%{?suse_version} >= 1210
BuildRequires: makeinfo
%else
BuildRequires: texinfo
%endif
%if %{defined pythons}
BuildRequires: %{pythons}
%else
BuildRequires: python
%endif
BuildRequires: xz-devel
%ifarch x86_64 aarch64
%if 0%{?suse_version} >= 1230 || 0%{?suse_version} == 1110
BuildRequires: openssl >= 0.9.8
BuildRequires: pesign-obs-integration
%endif
%endif
%if 0%{?suse_version} >= 1210
# Package systemd services files grub2-once.service
BuildRequires: systemd-rpm-macros
%define has_systemd 1
%endif
%if 0%{?suse_version} > 1320
BuildRequires: update-bootloader-rpm-macros
%endif
# Modules code is dynamically loaded and collected from a _fixed_ path.
%define _libdir %{_exec_prefix}/lib
# Build grub2-emu everywhere (it may be "required" by 'grub2-once')
%define emu 1
%ifarch ppc ppc64 ppc64le
%define grubcpu powerpc
%define platform ieee1275
# emu does not build here yet... :-(
%define emu 0
%endif
%ifarch %{ix86} x86_64
%define grubcpu i386
%define platform pc
%endif
%ifarch s390x
%define grubcpu s390x
%define platform emu
%endif
%ifarch %{arm}
%define grubcpu arm
%define platform uboot
%endif
%ifarch aarch64
%define grubcpu arm64
%define platform efi
%define only_efi 1
%endif
%ifarch riscv64
%define grubcpu riscv64
%define platform efi
%define only_efi 1
%endif
%define grubarch %{grubcpu}-%{platform}
# build efi bootloader on some platforms only:
%if ! 0%{?efi:1}
%global efi %{ix86} x86_64 ia64 aarch64 %{arm} riscv64
%endif
%ifarch %{efi}
%ifarch %{ix86}
%define grubefiarch i386-efi
%else
%ifarch aarch64
%define grubefiarch arm64-efi
%else
%ifarch %{arm}
%define grubefiarch arm-efi
%else
%define grubefiarch %{_target_cpu}-efi
%endif
%endif
%endif
%endif
%ifarch %{ix86}
%define grubxenarch i386-xen
%endif
%ifarch x86_64
%define grubxenarch x86_64-xen
%endif
%if "%{platform}" == "emu"
# force %%{emu} to 1, e.g. for s390
%define emu 1
%endif
%if 0%{?suse_version} == 1110
%define only_efi %{nil}
%define only_x86_64 %{nil}
%endif
Version: 2.04
Release: 0
Summary: Bootloader with support for Linux, Multiboot and more
License: GPL-3.0-or-later
Group: System/Boot
URL: http://www.gnu.org/software/grub/
Source0: https://ftp.gnu.org/gnu/grub/grub-%{version}.tar.xz
Source1: 90_persistent
Source2: grub.default
Source4: grub2.rpmlintrc
Source6: grub2-once
Source7: 20_memtest86+
Source8: README.ibm3215
Source10: openSUSE-UEFI-CA-Certificate.crt
Source11: SLES-UEFI-CA-Certificate.crt
Source12: grub2-snapper-plugin.sh
Source14: 80_suse_btrfs_snapshot
Source15: grub2-once.service
Source16: grub2-xen-pv-firmware.cfg
# required hook for systemd-sleep (bsc#941758)
Source17: grub2-systemd-sleep.sh
Source18: grub2-check-default.sh
Source1000: PATCH_POLICY
Patch1: rename-grub-info-file-to-grub2.patch
Patch2: grub2-linux.patch
Patch3: use-grub2-as-a-package-name.patch
Patch4: info-dir-entry.patch
Patch6: grub2-iterate-and-hook-for-extended-partition.patch
Patch8: grub2-ppc-terminfo.patch
Patch9: grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch
Patch10: grub2-fix-error-terminal-gfxterm-isn-t-found.patch
Patch12: grub2-fix-menu-in-xen-host-server.patch
Patch15: not-display-menu-when-boot-once.patch
Patch17: grub2-pass-corret-root-for-nfsroot.patch
Patch19: grub2-efi-HP-workaround.patch
Patch21: grub2-secureboot-add-linuxefi.patch
Patch23: grub2-secureboot-no-insmod-on-sb.patch
Patch25: grub2-secureboot-chainloader.patch
Patch27: grub2-linuxefi-fix-boot-params.patch
Patch35: grub2-linguas.sh-no-rsync.patch
Patch37: grub2-use-Unifont-for-starfield-theme-terminal.patch
Patch38: grub2-s390x-01-Changes-made-and-files-added-in-order-to-allow-s390x.patch
Patch39: grub2-s390x-02-kexec-module-added-to-emu.patch
Patch40: grub2-s390x-03-output-7-bit-ascii.patch
Patch41: grub2-s390x-04-grub2-install.patch
Patch42: grub2-s390x-05-grub2-mkconfig.patch
Patch43: grub2-use-rpmsort-for-version-sorting.patch
Patch53: grub2-getroot-treat-mdadm-ddf-as-simple-device.patch
Patch56: grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch
Patch58: grub2-xen-linux16.patch
Patch59: grub2-efi-disable-video-cirrus-and-bochus.patch
Patch60: grub2-editenv-add-warning-message.patch
Patch61: grub2-vbe-blacklist-preferred-1440x900x32.patch
Patch64: grub2-grubenv-in-btrfs-header.patch
Patch65: grub2-mkconfig-aarch64.patch
Patch70: grub2-default-distributor.patch
Patch71: grub2-menu-unrestricted.patch
Patch72: grub2-mkconfig-arm.patch
Patch75: grub2-s390x-06-loadparm.patch
Patch76: grub2-s390x-07-add-image-param-for-zipl-setup.patch
Patch77: grub2-s390x-08-workaround-part-to-disk.patch
Patch78: grub2-commands-introduce-read_file-subcommand.patch
Patch79: grub2-efi-chainload-harder.patch
Patch80: grub2-emu-4-all.patch
Patch81: grub2-lvm-allocate-metadata-buffer-from-raw-contents.patch
Patch82: grub2-diskfilter-support-pv-without-metadatacopies.patch
Patch83: grub2-efi-uga-64bit-fb.patch
Patch84: grub2-s390x-09-improve-zipl-setup.patch
Patch85: grub2-getroot-scan-disk-pv.patch
Patch92: grub2-util-30_os-prober-multiple-initrd.patch
Patch93: grub2-getroot-support-nvdimm.patch
Patch94: grub2-install-fix-not-a-directory-error.patch
Patch95: grub2-verifiers-fix-system-freeze-if-verify-failed.patch
Patch96: grub-install-force-journal-draining-to-ensure-data-i.patch
Patch97: grub2-s390x-skip-zfcpdump-image.patch
# Btrfs snapshot booting related patches
Patch101: grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
Patch102: grub2-btrfs-02-export-subvolume-envvars.patch
Patch103: grub2-btrfs-03-follow_default.patch
Patch104: grub2-btrfs-04-grub2-install.patch
Patch105: grub2-btrfs-05-grub2-mkconfig.patch
Patch106: grub2-btrfs-06-subvol-mount.patch
Patch107: grub2-btrfs-07-subvol-fallback.patch
Patch108: grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch
Patch109: grub2-btrfs-09-get-default-subvolume.patch
Patch110: grub2-btrfs-10-config-directory.patch
Patch111: 0001-btrfs-disable-zstd-support-for-i386-pc.patch
# Support EFI xen loader
Patch120: grub2-efi-xen-chainload.patch
Patch121: grub2-efi-chainloader-root.patch
Patch122: grub2-efi-xen-cmdline.patch
Patch123: grub2-efi-xen-cfg-unquote.patch
Patch124: grub2-efi-xen-removable.patch
# Hidden menu entry and hotkey "t" for text console
Patch140: grub2-Add-hidden-menu-entries.patch
Patch141: grub2-SUSE-Add-the-t-hotkey.patch
# Linux root device related patches
Patch163: grub2-zipl-setup-fix-btrfs-multipledev.patch
Patch164: grub2-suse-remove-linux-root-param.patch
# PPC64 LE support
Patch205: grub2-ppc64le-disable-video.patch
Patch207: grub2-ppc64le-memory-map.patch
# PPC
Patch211: grub2-ppc64-cas-reboot-support.patch
Patch212: grub2-install-remove-useless-check-PReP-partition-is-empty.patch
Patch213: grub2-Fix-incorrect-netmask-on-ppc64.patch
Patch215: grub2-ppc64-cas-new-scope.patch
Patch218: grub2-ppc64-cas-fix-double-free.patch
Patch233: grub2-use-stat-instead-of-udevadm-for-partition-lookup.patch
Patch234: fix-grub2-use-stat-instead-of-udevadm-for-partition-lookup-with-new-glibc.patch
Patch236: grub2-efi_gop-avoid-low-resolution.patch
# Support HTTP Boot IPv4 and IPv6 (fate#320129)
Patch281: 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch
Patch282: 0003-bootp-New-net_bootp6-command.patch
Patch283: 0004-efinet-UEFI-IPv6-PXE-support.patch
Patch284: 0005-grub.texi-Add-net_bootp6-doument.patch
Patch285: 0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch
Patch286: 0007-efinet-Setting-network-from-UEFI-device-path.patch
Patch287: 0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch
# Fix GOP BLT support (FATE#322332)
Patch311: grub2-efi-gop-add-blt.patch
# TPM Support (FATE#315831)
Patch411: 0012-tpm-Build-tpm-as-module.patch
# UEFI HTTP and related network protocol support (FATE#320130)
Patch420: 0001-add-support-for-UEFI-network-protocols.patch
Patch421: 0002-AUDIT-0-http-boot-tracker-bug.patch
# check if default entry need to be corrected for updated distributor version
# and/or use fallback entry if default kernel entry removed (bsc#1065349)
Patch430: grub2-mkconfig-default-entry-correction.patch
Patch431: grub2-s390x-10-keep-network-at-kexec.patch
Patch432: grub2-s390x-11-secureboot.patch
# Support for UEFI Secure Boot on AArch64 (FATE#326541)
Patch450: grub2-secureboot-install-signed-grub.patch
Patch501: grub2-btrfs-help-on-snapper-rollback.patch
# Improved hiDPI device support (FATE#326680)
Patch510: grub2-video-limit-the-resolution-for-fixed-bimap-font.patch
# Support long menuentries (FATE#325760)
Patch511: grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch
# RISC-V fixes
Patch601: risc-v-fix-computation-of-pc-relative-relocation-offset.patch
Patch602: risc-v-add-clzdi2-symbol.patch
Patch603: grub-install-define-default-platform-for-risc-v.patch
# Fix gcc-10 build fail
Patch610: 0001-mdraid1x_linux-Fix-gcc10-error-Werror-array-bounds.patch
Patch611: 0002-zfs-Fix-gcc10-error-Werror-zero-length-bounds.patch
# bsc#1166409 - Grub netbooting does not search for grub.cfg files with mac
# address or ip address in filename
Patch700: 0001-normal-Move-common-datetime-functions-out-of-the-nor.patch
Patch701: 0002-kern-Add-X-option-to-printf-functions.patch
Patch702: 0003-normal-main-Search-for-specific-config-files-for-net.patch
Patch703: 0004-datetime-Enable-the-datetime-module-for-the-emu-plat.patch
# bsc#1168994 VUL-0: EMBARGOED: CVE-2020-10713: grub2: parsing overflows can
# bypass secure boot restrictions
Patch704: 0001-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch
# bsc#1173812 VUL-0: EMBARGOED: CVE-2020-14308, CVE-2020-14309, CVE-2020-14310,
# CVE-2020-14311: grub2: avoid integer overflows
Patch705: 0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch
Patch706: 0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch
Patch707: 0004-calloc-Use-calloc-at-most-places.patch
Patch708: 0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch
Patch709: 0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch
Patch710: 0007-font-Do-not-load-more-than-one-NAME-section.patch
# bsc#1174463 VUL-0: EMBARGOED: CVE-2020-15706: grub2: script: Avoid a
# use-after-free when redefining a function during execution
Patch711: 0008-script-Remove-unused-fields-from-grub_script_functio.patch
Patch712: 0009-script-Avoid-a-use-after-free-when-redefining-a-func.patch
# bsc#1174570 VUL-0: EMBARGOED: CVE-2020-15707: grub2: linux: Fix integer
# overflows in initrd size handling
Patch713: 0010-linux-Fix-integer-overflows-in-initrd-size-handling.patch
Patch714: 0001-kern-mm.c-Make-grub_calloc-inline.patch
Patch716: 0002-cmdline-Provide-cmdline-functions-as-module.patch
# bsc#1172745 L3: SLES 12 SP4 - Slow boot of system after updated kernel -
# takes 45 minutes after grub to start loading kernel
Patch717: 0001-ieee1275-powerpc-implements-fibre-channel-discovery-.patch
Patch718: 0002-ieee1275-powerpc-enables-device-mapper-discovery.patch
Patch719: 0001-Unify-the-check-to-enable-btrfs-relative-path.patch
Patch721: 0001-efi-linux-provide-linux-command.patch
# Improve the error handling when grub2-install fails with short mbr gap
# (bsc#1176062)
Patch722: 0001-Warn-if-MBR-gap-is-small-and-user-uses-advanced-modu.patch
Patch723: 0002-grub-install-Avoid-incompleted-install-on-i386-pc.patch
# Secure Boot support in GRUB on aarch64 (jsc#SLE-15864)
Patch730: 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch
Patch731: 0002-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch
Patch732: 0003-Make-grub_error-more-verbose.patch
Patch733: 0004-arm-arm64-loader-Better-memory-allocation-and-error-.patch
Patch734: 0005-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch
Patch735: 0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch
Patch737: 0008-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch
Patch738: 0009-squash-Add-support-for-linuxefi.patch
Patch739: 0001-Fix-build-error-in-binutils-2.36.patch
Patch740: 0001-emu-fix-executable-stack-marking.patch
# Boothole2
Patch741: 0001-include-grub-i386-linux.h-Include-missing-grub-types.patch
Patch742: 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch
Patch743: 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch
Patch744: 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch
Patch745: 0005-efi-Add-secure-boot-detection.patch
Patch746: 0006-efi-Only-register-shim_lock-verifier-if-shim_lock-pr.patch
Patch747: 0007-verifiers-Move-verifiers-API-to-kernel-image.patch
Patch748: 0008-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch
Patch749: 0009-kern-Add-lockdown-support.patch
Patch750: 0010-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch
Patch751: 0011-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch
Patch752: 0012-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch
Patch753: 0013-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch
Patch754: 0014-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch
Patch755: 0015-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch
Patch756: 0016-commands-setpci-Restrict-setpci-command-when-locked-.patch
Patch757: 0017-commands-hdparm-Restrict-hdparm-command-when-locked-.patch
Patch758: 0018-gdb-Restrict-GDB-access-when-locked-down.patch
Patch759: 0019-loader-xnu-Don-t-allow-loading-extension-and-package.patch
Patch760: 0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch
Patch761: 0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch
Patch762: 0022-lib-arg-Block-repeated-short-options-that-require-an.patch
Patch763: 0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch
Patch764: 0024-kern-parser-Fix-resource-leak-if-argc-0.patch
Patch765: 0025-kern-parser-Fix-a-memory-leak.patch
Patch766: 0026-kern-parser-Introduce-process_char-helper.patch
Patch767: 0027-kern-parser-Introduce-terminate_arg-helper.patch
Patch768: 0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch
Patch769: 0029-kern-buffer-Add-variable-sized-heap-buffer.patch
Patch770: 0030-kern-parser-Fix-a-stack-buffer-overflow.patch
Patch771: 0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch
Patch772: 0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch
Patch773: 0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch
Patch774: 0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch
Patch775: 0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch
Patch776: 0036-util-mkimage-Improve-data_size-value-calculation.patch
Patch777: 0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch
Patch778: 0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch
Patch779: 0039-grub-install-common-Add-sbat-option.patch
Patch780: 0040-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch
Patch781: 0041-squash-Add-secureboot-support-on-efi-chainloader.patch
Patch782: 0042-squash-grub2-efi-chainload-harder.patch
Patch783: 0043-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch
Patch784: 0044-squash-kern-Add-lockdown-support.patch
Patch785: 0045-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch
Patch786: 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch
Patch787: 0001-kern-efi-sb-Add-chainloaded-image-as-shim-s-verifiab.patch
Patch788: 0001-ieee1275-Avoiding-many-unecessary-open-close.patch
Patch789: 0001-Workaround-volatile-efi-boot-variable.patch
Patch790: 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch
Patch791: 0001-grub-install-Fix-inverted-test-for-NLS-enabled-when-.patch
Patch792: 0001-templates-Filter-out-POSIX-locale-for-translation.patch
Patch793: 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch
Patch794: 0001-arm64-Fix-EFI-loader-kernel-image-allocation.patch
Patch795: 0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch
Patch796: grub2-simplefb.patch
Patch797: 0001-grub-install-bailout-root-device-probing.patch
Patch798: 0001-install-fix-software-raid1-on-esp.patch
Patch799: 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch
Patch800: 0001-video-Remove-trailing-whitespaces.patch
Patch801: 0002-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch
Patch802: 0003-video-readers-jpeg-Catch-files-with-unsupported-quan.patch
Patch803: 0004-video-readers-jpeg-Catch-OOB-reads-writes-in-grub_jp.patch
Patch804: 0005-video-readers-jpeg-Don-t-decode-data-before-start-of.patch
Patch805: 0006-misc-Format-string-for-grub_error-should-be-a-litera.patch
Patch806: 0007-loader-efi-chainloader-Simplify-the-loader-state.patch
Patch807: 0008-commands-boot-Add-API-to-pass-context-to-loader.patch
Patch808: 0009-loader-efi-chainloader-Use-grub_loader_set_ex.patch
Patch809: 0010-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch
Patch810: 0011-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch
Patch811: 0012-video-readers-png-Abort-sooner-if-a-read-operation-f.patch
Patch812: 0013-video-readers-png-Refuse-to-handle-multiple-image-he.patch
Patch813: 0014-video-readers-png-Drop-greyscale-support-to-fix-heap.patch
Patch814: 0015-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch
Patch815: 0016-video-readers-png-Sanity-check-some-huffman-codes.patch
Patch816: 0017-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
Patch817: 0018-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch
Patch818: 0019-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
Patch819: 0020-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch
Patch820: 0021-normal-charset-Fix-array-out-of-bounds-formatting-un.patch
Patch821: 0022-net-ip-Do-IP-fragment-maths-safely.patch
Patch822: 0023-net-netbuff-Block-overly-large-netbuff-allocs.patch
Patch823: 0024-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch
Patch824: 0025-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch
Patch825: 0026-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch
Patch826: 0027-net-tftp-Avoid-a-trivial-UAF.patch
Patch827: 0028-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch
Patch828: 0029-net-http-Fix-OOB-write-for-split-http-headers.patch
Patch829: 0030-net-http-Error-out-on-headers-with-LF-without-CR.patch
Patch830: 0031-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch
Patch831: 0032-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch
Patch832: 0033-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch
Patch833: 0034-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch
Patch834: 0035-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch
Patch835: 0036-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch
Patch836: 0037-Use-grub_loader_set_ex-for-secureboot-chainloader.patch
Patch837: 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
Patch838: 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
Patch839: 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch
Patch840: 0004-font-Remove-grub_font_dup_glyph.patch
Patch841: 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch
Patch842: 0006-font-Fix-integer-overflow-in-BMP-index.patch
Patch843: 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch
Patch844: 0008-fbutil-Fix-integer-overflow.patch
Patch845: 0009-font-Fix-an-integer-underflow-in-blit_comb.patch
Patch846: 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
Patch847: 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
Patch848: 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
Patch849: 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch
Patch850: 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch
Patch851: 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch
Patch852: 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch
Patch853: 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch
Patch854: 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch
Patch855: 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch
Patch856: 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch
Patch857: 0006-fs-ntfs-Make-code-more-readable.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
%ifnarch s390x
Recommends: os-prober
%endif
# xorriso not available using grub2-mkrescue (bnc#812681)
# downgrade to suggest as minimal system can't afford pulling in tcl/tk and half of the x11 stack (bsc#1102515)
Suggests: libburnia-tools
Suggests: mtools
%endif
%if ! 0%{?only_efi:1}
Requires: grub2-%{grubarch} = %{version}-%{release}
%endif
%ifarch s390x
# required utilities by grub2-s390x-04-grub2-install.patch
# use 'showconsole' to determine console device. (bnc#876743)
Requires: /sbin/showconsole
Requires: kexec-tools
# for /sbin/zipl used by grub2-zipl-setup
Requires: s390-tools
%endif
%ifarch ppc64 ppc64le
Requires: powerpc-utils
%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if 0%{?only_x86_64:1}
ExclusiveArch: x86_64
%else
ExclusiveArch: %{ix86} x86_64 ppc ppc64 ppc64le s390x aarch64 %{arm} riscv64
%endif
%description
This is the second version of the GRUB (Grand Unified Bootloader), a
highly configurable and customizable bootloader with modular
architecture. It support rich scale of kernel formats, file systems,
computer architectures and hardware devices.
This package includes user space utlities to manage GRUB on your system.
Authors:
--------
Gordon Matzigkeit
Yoshinori K. Okuji
Colin Watson
Colin D. Bennett
Vesa Jääskeläinen
Robert Millan
Carles Pina
%package branding-upstream
Summary: Upstream branding for GRUB2's graphical console
Group: System/Fhs
Requires: %{name} = %{version}
%description branding-upstream
Upstream branding for GRUB2's graphical console
%if ! 0%{?only_efi:1}
%package %{grubarch}
Summary: Bootloader with support for Linux, Multiboot and more
Group: System/Boot
%if "%{platform}" != "emu"
BuildArch: noarch
%endif
Requires: %{name} = %{version}
Requires(post): %{name} = %{version}
%if 0%{?update_bootloader_requires:1}
%update_bootloader_requires
%else
Requires: perl-Bootloader
Requires(post): perl-Bootloader
%endif
%description %{grubarch}
The GRand Unified Bootloader (GRUB) is a highly configurable and customizable
bootloader with modular architecture. It supports rich variety of kernel formats,
file systems, computer architectures and hardware devices. This subpackage
provides support for %{platform} systems.
%package %{grubarch}-extras
Summary: Unsupported modules for %{grubarch}
Group: System/Boot
BuildArch: noarch
Requires: %{name}-%{grubarch} = %{version}
Provides: %{name}-%{grubarch}:%{_datadir}/%{name}/%{grubarch}/zfs.mod
Provides: %{name}-%{grubarch}:%{_datadir}/%{name}/%{grubarch}/zfscrypt.mod
Provides: %{name}-%{grubarch}:%{_datadir}/%{name}/%{grubarch}/zfsinfo.mod
%description %{grubarch}-extras
Unsupported modules for %{name}-%{grubarch}
%package %{grubarch}-debug
Summary: Debug symbols for %{grubarch}
Group: System/Boot
%if "%{platform}" != "emu"
BuildArch: noarch
%endif
Requires: %{name}-%{grubarch} = %{version}
%description %{grubarch}-debug
Debug information for %{name}-%{grubarch}
Information on how to debug grub can be found online:
https://www.cnblogs.com/coryxie/archive/2013/03/12/2956807.html
%endif
%ifarch %{efi}
%package %{grubefiarch}
Summary: Bootloader with support for Linux, Multiboot and more
Group: System/Boot
BuildArch: noarch
# Require efibootmgr
# Without it grub-install is broken so break the package as well if unavailable
Requires: efibootmgr
Requires(post): efibootmgr
Requires: %{name} = %{version}
Requires(post): %{name} = %{version}
%if 0%{?update_bootloader_requires:1}
%update_bootloader_requires
%else
Requires: perl-Bootloader >= 0.706
Requires(post): perl-Bootloader >= 0.706
%endif
Provides: %{name}-efi = %{version}-%{release}
Obsoletes: %{name}-efi < %{version}-%{release}
%description %{grubefiarch}
The GRand Unified Bootloader (GRUB) is a highly configurable and customizable
bootloader with modular architecture. It supports rich variety of kernel formats,
file systems, computer architectures and hardware devices. This subpackage
provides support for EFI systems.
%package %{grubefiarch}-extras
Summary: Unsupported modules for %{grubefiarch}
Group: System/Boot
BuildArch: noarch
Requires: %{name}-%{grubefiarch} = %{version}
Provides: %{name}-%{grubefiarch}:%{_datadir}/%{name}/%{grubefiarch}/zfs.mod
Provides: %{name}-%{grubefiarch}:%{_datadir}/%{name}/%{grubefiarch}/zfscrypt.mod
Provides: %{name}-%{grubefiarch}:%{_datadir}/%{name}/%{grubefiarch}/zfsinfo.mod
%description %{grubefiarch}-extras
Unsupported modules for %{name}-%{grubefiarch}
%package %{grubefiarch}-debug
Summary: Debug symbols for %{grubefiarch}
Group: System/Boot
%if "%{platform}" != "emu"
BuildArch: noarch
%endif
Requires: %{name}-%{grubefiarch} = %{version}
%description %{grubefiarch}-debug
Debug symbols for %{name}-%{grubefiarch}
Information on how to debug grub can be found online:
https://www.cnblogs.com/coryxie/archive/2013/03/12/2956807.html
%endif
%ifarch %{ix86} x86_64
%package %{grubxenarch}
Summary: Bootloader with support for Linux, Multiboot and more
Group: System/Boot
Provides: %{name}-xen = %{version}-%{release}
Obsoletes: %{name}-xen < %{version}-%{release}
BuildArch: noarch
%description %{grubxenarch}
The GRand Unified Bootloader (GRUB) is a highly configurable and customizable
bootloader with modular architecture. It supports rich variety of kernel formats,
file systems, computer architectures and hardware devices. This subpackage
provides support for XEN systems.
%package %{grubxenarch}-extras
Summary: Unsupported modules for %{grubxenarch}
Group: System/Boot
BuildArch: noarch
Requires: %{name}-%{grubxenarch} = %{version}
Provides: %{name}-%{grubxenarch}:%{_datadir}/%{name}/%{grubxenarch}/zfs.mod
Provides: %{name}-%{grubxenarch}:%{_datadir}/%{name}/%{grubxenarch}/zfscrypt.mod
Provides: %{name}-%{grubxenarch}:%{_datadir}/%{name}/%{grubxenarch}/zfsinfo.mod
%description %{grubxenarch}-extras
Unsupported modules for %{name}-%{grubxenarch}
%endif
%package snapper-plugin
Summary: Grub2's snapper plugin
Group: System/Fhs
Requires: %{name} = %{version}
Requires: libxml2-tools
Supplements: packageand(snapper:grub2)
BuildArch: noarch
%description snapper-plugin
Grub2's snapper plugin for advanced btrfs snapshot boot menu management
%if 0%{?has_systemd:1}
%package systemd-sleep-plugin
Summary: Grub2's systemd-sleep plugin
Group: System/Fhs
Requires: grub2
Requires: util-linux
Supplements: packageand(systemd:grub2)
BuildArch: noarch
%description systemd-sleep-plugin
Grub2's systemd-sleep plugin for directly booting hibernated kernel image in
swap partition while in resuming
%endif
%prep
# We create (if we build for efi) two copies of the sources in the Builddir
%setup -q -n grub-%{version}
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch6 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch12 -p1
%patch15 -p1
%patch17 -p1
%patch19 -p1
%patch21 -p1
%patch23 -p1
%patch25 -p1
%patch27 -p1
%patch35 -p1
%patch37 -p1
%patch38 -p1
%patch39 -p1
%patch40 -p1
%patch41 -p1
%patch42 -p1
%patch43 -p1
%patch53 -p1
%patch56 -p1
%patch58 -p1
%patch59 -p1
%patch60 -p1
%patch61 -p1
%patch64 -p1
%patch65 -p1
%patch70 -p1
%patch71 -p1
%patch72 -p1
%patch75 -p1
%patch76 -p1
%patch77 -p1
%patch78 -p1
%patch79 -p1
%patch80 -p1
%patch81 -p1
%patch82 -p1
%patch83 -p1
%patch84 -p1
%patch85 -p1
%patch92 -p1
%patch93 -p1
%patch94 -p1
%patch95 -p1
%patch96 -p1
%patch97 -p1
%patch101 -p1
%patch102 -p1
%patch103 -p1
%patch104 -p1
%patch105 -p1
%patch106 -p1
%patch107 -p1
%patch108 -p1
%patch109 -p1
%patch110 -p1
%patch111 -p1
%patch120 -p1
%patch121 -p1
%patch122 -p1
%patch123 -p1
%patch124 -p1
%patch140 -p1
%patch141 -p1
%patch163 -p1
%patch164 -p1
%patch205 -p1
%patch207 -p1
%patch211 -p1
%patch212 -p1
%patch213 -p1
%patch215 -p1
%patch218 -p1
%patch233 -p1
%patch234 -p1
%patch236 -p1
%patch281 -p1
%patch282 -p1
%patch283 -p1
%patch284 -p1
%patch285 -p1
%patch286 -p1
%patch287 -p1
%patch311 -p1
%patch411 -p1
%patch420 -p1
%patch421 -p1
%patch430 -p1
%patch431 -p1
%patch432 -p1
%patch450 -p1
%patch501 -p1
%patch510 -p1
%patch511 -p1
%patch601 -p1
%patch602 -p1
%patch603 -p1
%patch610 -p1
%patch611 -p1
%patch700 -p1
%patch701 -p1
%patch702 -p1
%patch703 -p1
%patch704 -p1
%patch705 -p1
%patch706 -p1
%patch707 -p1
%patch708 -p1
%patch709 -p1
%patch710 -p1
%patch711 -p1
%patch712 -p1
%patch713 -p1
%patch714 -p1
%patch716 -p1
%patch717 -p1
%patch718 -p1
%patch719 -p1
%patch721 -p1
%patch722 -p1
%patch723 -p1
%patch730 -p1
%patch731 -p1
%patch732 -p1
%patch733 -p1
%patch734 -p1
%patch735 -p1
%patch737 -p1
%patch738 -p1
%patch739 -p1
%patch740 -p1
%patch741 -p1
%patch742 -p1
%patch743 -p1
%patch744 -p1
%patch745 -p1
%patch746 -p1
%patch747 -p1
%patch748 -p1
%patch749 -p1
%patch750 -p1
%patch751 -p1
%patch752 -p1
%patch753 -p1
%patch754 -p1
%patch755 -p1
%patch756 -p1
%patch757 -p1
%patch758 -p1
%patch759 -p1
%patch760 -p1
%patch761 -p1
%patch762 -p1
%patch763 -p1
%patch764 -p1
%patch765 -p1
%patch766 -p1
%patch767 -p1
%patch768 -p1
%patch769 -p1
%patch770 -p1
%patch771 -p1
%patch772 -p1
%patch773 -p1
%patch774 -p1
%patch775 -p1
%patch776 -p1
%patch777 -p1
%patch778 -p1
%patch779 -p1
%patch780 -p1
%patch781 -p1
%patch782 -p1
%patch783 -p1
%patch784 -p1
%patch785 -p1
%patch786 -p1
%patch787 -p1
%patch788 -p1
%patch789 -p1
%patch790 -p1
%patch791 -p1
%patch792 -p1
%patch793 -p1
%patch794 -p1
%patch795 -p1
%patch796 -p1
%patch797 -p1
%patch798 -p1
%patch799 -p1
%patch800 -p1
%patch801 -p1
%patch802 -p1
%patch803 -p1
%patch804 -p1
%patch805 -p1
%patch806 -p1
%patch807 -p1
%patch808 -p1
%patch809 -p1
%patch810 -p1
%patch811 -p1
%patch812 -p1
%patch813 -p1
%patch814 -p1
%patch815 -p1
%patch816 -p1
%patch817 -p1
%patch818 -p1
%patch819 -p1
%patch820 -p1
%patch821 -p1
%patch822 -p1
%patch823 -p1
%patch824 -p1
%patch825 -p1
%patch826 -p1
%patch827 -p1
%patch828 -p1
%patch829 -p1
%patch830 -p1
%patch831 -p1
%patch832 -p1
%patch833 -p1
%patch834 -p1
%patch835 -p1
%patch836 -p1
%patch837 -p1
%patch838 -p1
%patch839 -p1
%patch840 -p1
%patch841 -p1
%patch842 -p1
%patch843 -p1
%patch844 -p1
%patch845 -p1
%patch846 -p1
%patch847 -p1
%patch848 -p1
%patch849 -p1
%patch850 -p1
%patch851 -p1
%patch852 -p1
%patch853 -p1
%patch854 -p1
%patch855 -p1
%patch856 -p1
%patch857 -p1
%build
# collect evidence to debug spurious build failure on SLE15
ulimit -a
# patches above may update the timestamp of grub.texi
# and via build-aux/mdate-sh they end up in grub2.info, breaking build-compare
[ -z "$SOURCE_DATE_EPOCH" ] ||\
[ `stat -c %Y docs/grub.texi` -lt $SOURCE_DATE_EPOCH ] ||\
touch -d@$SOURCE_DATE_EPOCH docs/grub.texi
# This simplifies patch handling without need to use git to create patch
# that renames file
mv docs/grub.texi docs/grub2.texi
cp %{SOURCE8} .
mkdir build
%ifarch %{efi}
mkdir build-efi
%endif
%ifarch %{ix86} x86_64
mkdir build-xen
%endif
%if %{emu}
mkdir build-emu
%endif
export PYTHON=%{_bindir}/python3
[ -x $PYTHON ] || unset PYTHON # try 'python', if 'python3' is unavailable
# autogen calls autoreconf -vi
./autogen.sh
# Not yet:
%define common_conf_options TARGET_LDFLAGS=-static --program-transform-name=s,grub,%{name},
# This does NOT work on SLE11:
%define _configure ../configure
# We don't want to let rpm override *FLAGS with default a.k.a bogus values.
CFLAGS="-fno-strict-aliasing -fno-inline-functions-called-once "
CXXFLAGS=" "
FFLAGS=" "
export CFLAGS CXXFLAGS FFLAGS
%if %{emu}
cd build-emu
%define arch_specific --enable-device-mapper --disable-grub-mount
TLFLAGS="-fPIC"
# -static is needed so that autoconf script is able to link
# test that looks for _start symbol on 64 bit platforms
../configure TARGET_LDFLAGS=$TLFLAGS \
--prefix=%{_prefix} \
--libdir=%{_datadir} \
--sysconfdir=%{_sysconfdir} \
--target=%{_target_platform} \
--with-platform=emu \
%{arch_specific} \
--program-transform-name=s,grub,%{name},
make %{?_smp_mflags}
cd ..
if [ "%{platform}" = "emu" ]; then
rmdir build
mv build-emu build
fi
%endif
%ifarch %{ix86} x86_64
cd build-xen
../configure \
TARGET_LDFLAGS=-static \
--prefix=%{_prefix} \
--libdir=%{_datadir} \
--sysconfdir=%{_sysconfdir} \
--target=%{_target_platform} \
--with-platform=xen \
--program-transform-name=s,grub,%{name},
make %{?_smp_mflags}
./grub-mkstandalone --grub-mkimage=./grub-mkimage -o grub.xen -O %{grubxenarch} -d grub-core/ "/boot/grub/grub.cfg=%{SOURCE16}"
cd ..
%endif
%ifarch %{efi}
cd build-efi
../configure \
TARGET_LDFLAGS=-static \
--prefix=%{_prefix} \
--libdir=%{_datadir} \
--sysconfdir=%{_sysconfdir} \
--target=%{_target_platform} \
--with-platform=efi \
--program-transform-name=s,grub,%{name},
make %{?_smp_mflags}
#TODO: add efifwsetup module
FS_MODULES="btrfs ext2 xfs jfs reiserfs"
CD_MODULES=" all_video boot cat chain configfile echo true \
efinet font gfxmenu gfxterm gzio halt iso9660 \
jpeg minicmd normal part_apple part_msdos part_gpt \
password_pbkdf2 png reboot search search_fs_uuid \
search_fs_file search_label sleep test video fat loadenv"
PXE_MODULES="efinet tftp http"
CRYPTO_MODULES="luks gcry_rijndael gcry_sha1 gcry_sha256"
%ifarch x86_64
CD_MODULES="${CD_MODULES} linuxefi"
%else
CD_MODULES="${CD_MODULES} linux"
%endif
# SBAT metadata
%if 0%{?is_opensuse} == 1
distro_id="opensuse"
distro_name="The openSUSE Project"
%else
distro_id="sle"
distro_name="SUSE Linux Enterprise"
%endif
upstream_sbat=4
distro_sbat=1
echo "sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md" > sbat.csv
echo "grub,${upstream_sbat},Free Software Foundation,grub,%{version},https://www.gnu.org/software/grub/" >> sbat.csv
echo "grub.${distro_id},${distro_sbat},${distro_name},%{name},%{version},mailto:security@suse.de" >> sbat.csv
GRUB_MODULES="${CD_MODULES} ${FS_MODULES} ${PXE_MODULES} ${CRYPTO_MODULES} mdraid09 mdraid1x lvm serial"
./grub-mkimage -O %{grubefiarch} -o grub.efi --prefix= --sbat sbat.csv \
-d grub-core ${GRUB_MODULES}
%ifarch x86_64
./grub-mkimage -O %{grubefiarch} -o grub-tpm.efi --prefix= --sbat sbat.csv \
-d grub-core ${GRUB_MODULES} tpm
%endif
%ifarch x86_64 aarch64
%if 0%{?suse_version} >= 1230 || 0%{?suse_version} == 1110
if test -e %{_sourcedir}/_projectcert.crt ; then
prjsubject=$(openssl x509 -in %{_sourcedir}/_projectcert.crt -noout -subject_hash)
prjissuer=$(openssl x509 -in %{_sourcedir}/_projectcert.crt -noout -issuer_hash)
opensusesubject=$(openssl x509 -in %{SOURCE10} -noout -subject_hash)
slessubject=$(openssl x509 -in %{SOURCE11} -noout -subject_hash)
if test "$prjissuer" = "$opensusesubject" ; then
cert=%{SOURCE10}
fi
if test "$prjissuer" = "$slessubject" ; then
cert=%{SOURCE11}
fi
if test "$prjsubject" = "$prjissuer" ; then
cert=%{_sourcedir}/_projectcert.crt
fi
fi
if test -z "$cert" ; then
echo "cannot identify project, assuming openSUSE signing"
cert=%{SOURCE10}
fi
openssl x509 -in $cert -outform DER -out grub.der
%endif
%endif
cd ..
%endif
%if ! 0%{?only_efi:1}
cd build
# 64-bit x86-64 machines use 32-bit boot loader
# (We cannot just redefine _target_cpu, as we'd get i386.rpm packages then)
%ifarch x86_64
%define _target_platform i386-%{_vendor}-%{_target_os}%{?_gnu}
%endif
%if "%{platform}" != "emu"
%define arch_specific --enable-device-mapper
TLFLAGS="-static"
# -static is needed so that autoconf script is able to link
# test that looks for _start symbol on 64 bit platforms
../configure TARGET_LDFLAGS="$TLFLAGS" \
--prefix=%{_prefix} \
--libdir=%{_datadir} \
--sysconfdir=%{_sysconfdir} \
--target=%{_target_platform} \
--with-platform=%{platform} \
%{arch_specific} \
--program-transform-name=s,grub,%{name},
make %{?_smp_mflags}
%endif
cd ..
%endif
%install
%ifarch %{ix86} x86_64
cd build-xen
%make_install
install -m 644 grub.xen %{buildroot}/%{_datadir}/%{name}/%{grubxenarch}/.
# provide compatibility sym-link for VM definitions pointing to old location
install -d %{buildroot}%{_libdir}/%{name}/%{grubxenarch}
ln -srf %{buildroot}%{_datadir}/%{name}/%{grubxenarch}/grub.xen %{buildroot}%{_libdir}/%{name}/%{grubxenarch}/grub.xen
cat <<-EoM >%{buildroot}%{_libdir}/%{name}/%{grubxenarch}/DEPRECATED
This directory and its contents was moved to %{_datadir}/%{name}/%{grubxenarch}.
Individual symbolic links are provided for a smooth transition.
Please update your VM definition files to use the new location!
EoM
cd ..
%endif
%ifarch %{efi}
cd build-efi
%make_install
install -m 644 grub.efi %{buildroot}/%{_datadir}/%{name}/%{grubefiarch}/.
%ifarch x86_64
install -m 644 grub-tpm.efi %{buildroot}/%{_datadir}/%{name}/%{grubefiarch}/.
%endif
# Create grub.efi link to system efi directory
# This is for tools like kiwi not fiddling with the path
%define sysefibasedir %{_datadir}/efi
%define sysefidir %{sysefibasedir}/%{_target_cpu}
install -d %{buildroot}/%{sysefidir}
ln -sr %{buildroot}/%{_datadir}/%{name}/%{grubefiarch}/grub.efi %{buildroot}%{sysefidir}/grub.efi
%ifarch x86_64
# provide compatibility sym-link for previous shim-install and the like
install -d %{buildroot}/usr/lib64/efi
ln -srf %{buildroot}/%{_datadir}/%{name}/%{grubefiarch}/grub.efi %{buildroot}/usr/lib64/efi/grub.efi
cat <<-EoM >%{buildroot}/usr/lib64/efi/DEPRECATED
This directory and its contents was moved to %{_datadir}/efi/x86_64.
Individual symbolic links are provided for a smooth transition and
may vanish at any point in time. Please use the new location!
EoM
%endif
%ifarch x86_64 aarch64
%if 0%{?suse_version} >= 1230 || 0%{?suse_version} == 1110
export BRP_PESIGN_FILES="%{_datadir}/%{name}/%{grubefiarch}/grub.efi"
%ifarch x86_64
BRP_PESIGN_FILES="${BRP_PESIGN_FILES} %{_datadir}/%{name}/%{grubefiarch}/grub-tpm.efi"
%endif
install -m 444 grub.der %{buildroot}/%{sysefidir}/
%endif
%endif
cd ..
%endif
%if ! 0%{?only_efi:1}
cd build
%make_install
cd ..
%endif
if [ "%{platform}" = "emu" ]; then
# emu-lite is currently broken (and not needed), don't install!
rm -f %{buildroot}/%{_bindir}/%{name}-emu-lite
elif [ -d build-emu/grub-core ]; then
cd build-emu/grub-core
install -m 755 grub-emu %{buildroot}/%{_bindir}/%{name}-emu
if false; then
# this needs to go to '-emu'-package; until that is ready, don't install!
install -m 755 grub-emu-lite %{buildroot}/%{_bindir}/%{name}-emu-lite
else
rm -f %{buildroot}/%{_bindir}/%{name}-emu-lite
fi
install -m 644 grub-emu.1 %{buildroot}/%{_mandir}/man1/%{name}-emu.1
cd ../..
fi
# *.module files are installed with executable bits due to the way grub2 build
# system works. Clear executable bits to not confuse find-debuginfo.sh
find %{buildroot}/%{_datadir}/%{name} \
\( -name '*.module' -o -name '*.image' -o -name '*.exec' \) -print0 | \
xargs --no-run-if-empty -0 chmod a-x
# Script that makes part of grub.cfg persist across updates
install -m 755 %{SOURCE1} %{buildroot}/%{_sysconfdir}/grub.d/
# Script to generate memtest86+ menu entry
install -m 755 %{SOURCE7} %{buildroot}/%{_sysconfdir}/grub.d/
# Ghost config file
install -d %{buildroot}/boot/%{name}
touch %{buildroot}/boot/%{name}/grub.cfg
# Remove devel files
rm %{buildroot}/%{_datadir}/%{name}/*/*.h
%if 0%{?suse_version} >= 1140
rm %{buildroot}/%{_datadir}/%{name}/*.h
%endif
# Defaults
install -m 644 -D %{SOURCE2} %{buildroot}/%{_sysconfdir}/default/grub
install -m 755 -D %{SOURCE6} %{buildroot}/%{_sbindir}/grub2-once
install -m 755 -D %{SOURCE12} %{buildroot}/%{_libdir}/snapper/plugins/grub
install -m 755 -D %{SOURCE14} %{buildroot}/%{_sysconfdir}/grub.d/80_suse_btrfs_snapshot
%if 0%{?has_systemd:1}
install -m 644 -D %{SOURCE15} %{buildroot}/%{_unitdir}/grub2-once.service
install -m 755 -D %{SOURCE17} %{buildroot}/%{_libdir}/systemd/system-sleep/grub2.sleep
%endif
install -m 755 -D %{SOURCE18} %{buildroot}/%{_sbindir}/grub2-check-default
R="%{buildroot}"
%ifarch %{ix86} x86_64
%else
rm -f $R%{_sysconfdir}/grub.d/20_memtest86+
%endif
%ifarch ppc ppc64 ppc64le
rm -f $R%{_sysconfdir}/grub.d/95_textmode
%else
rm -f $R%{_sysconfdir}/grub.d/20_ppc_terminfo
%endif
%ifarch s390x
mv $R%{_sysconfdir}/{grub.d,default}/zipl2grub.conf.in
chmod 600 $R%{_sysconfdir}/default/zipl2grub.conf.in
%define dracutlibdir %{_prefix}/lib/dracut
%define dracutgrubmoddir %{dracutlibdir}/modules.d/99grub2
install -m 755 -d $R%{dracutgrubmoddir}
for f in module-setup.sh grub2.sh; do
mv $R%{_datadir}/%{name}/%{grubarch}/dracut-$f $R%{dracutgrubmoddir}/$f
done
mv $R%{_datadir}/%{name}/%{grubarch}/dracut-zipl-refresh \
$R%{_datadir}/%{name}/zipl-refresh
rm -f $R%{_sysconfdir}/grub.d/30_os-prober
perl -ni -e '
sub END() {
print "\n# on s390x always:\nGRUB_DISABLE_OS_PROBER=true\n";
}
if ( s{^#?(GRUB_TERMINAL)=(console|gfxterm)}{$1=console} ) {
$_ .= "GRUB_GFXPAYLOAD_LINUX=text\n";
}
if ( m{^# The resolution used on graphical} ||
m{^# # note that you can use only modes} ||
m{^# you can see them in real GRUB} ||
m{^#?GRUB_GFXMODE=} ) {
next;
}
s{openSUSE}{SUSE Linux Enterprise Server} if (m{^GRUB_DISTRIBUTOR});
print;
' %{buildroot}/%{_sysconfdir}/default/grub
%else
%endif
# bsc#1205554 move the zfs modules into extras packages
# EXTRA_PATTERN='pattern1|pattern2|pattern3|...'
EXTRA_PATTERN="zfs"
%ifarch %{ix86} x86_64
find %{buildroot}/%{_datadir}/%{name}/%{grubxenarch}/ -type f | sed 's,%{buildroot},,' > %{grubxenarch}-all.lst
grep -v -E ${EXTRA_PATTERN} %{grubxenarch}-all.lst > %{grubxenarch}.lst
grep -E ${EXTRA_PATTERN} %{grubxenarch}-all.lst > %{grubxenarch}-extras.lst
%endif
%ifarch %{efi}
find %{buildroot}/%{_datadir}/%{name}/%{grubefiarch}/ -name '*.mod' | sed 's,%{buildroot},,' > %{grubefiarch}-mod-all.lst
grep -v -E ${EXTRA_PATTERN} %{grubefiarch}-mod-all.lst > %{grubefiarch}-mod.lst
grep -E ${EXTRA_PATTERN} %{grubefiarch}-mod-all.lst > %{grubefiarch}-mod-extras.lst
%endif
find %{buildroot}/%{_datadir}/%{name}/%{grubarch}/ -name '*.mod' | sed 's,%{buildroot},,' > %{grubarch}-mod-all.lst
grep -v -E ${EXTRA_PATTERN} %{grubarch}-mod-all.lst > %{grubarch}-mod.lst
grep -E ${EXTRA_PATTERN} %{grubarch}-mod-all.lst > %{grubarch}-mod-extras.lst
%find_lang %{name}
%fdupes %buildroot%{_bindir}
%fdupes %buildroot%{_libdir}
%fdupes %buildroot%{_datadir}
%pre
%service_add_pre grub2-once.service
%post
%service_add_post grub2-once.service
%if ! 0%{?only_efi:1}
%post %{grubarch}
%if 0%{?update_bootloader_check_type_reinit_post:1}
%update_bootloader_check_type_reinit_post grub2
%else
# To check by current loader settings
if [ -f %{_sysconfdir}/sysconfig/bootloader ]; then
. %{_sysconfdir}/sysconfig/bootloader
fi
# If the grub is the current loader, we'll handle the grub2 testing entry
if [ "x${LOADER_TYPE}" = "xgrub" ]; then
exec >/dev/null 2>&1
# check if entry for grub2's core.img exists in the config
# if yes, we will correct obsoleted path and update grub2 stuff and config to make it work
# if no, do nothing
if [ -f /boot/grub/menu.lst ]; then
# If grub config contains obsolete core.img path, remove and use the new one
if /usr/bin/grep -l "^\s*kernel\s*.*/boot/%{name}/core.img" /boot/grub/menu.lst; then
/sbin/update-bootloader --remove --image /boot/%{name}/core.img || true
/sbin/update-bootloader --add --image /boot/%{name}/i386-pc/core.img --name "GNU GRUB 2" || true
fi
# Install grub2 stuff and config to make the grub2 testing entry to work with updated version
if /usr/bin/grep -l "^\s*kernel\s*.*/boot/%{name}/i386-pc/core.img" /boot/grub/menu.lst; then
# Determine the partition with /boot
BOOT_PARTITION=$(df -h /boot | sed -n '2s/[[:blank:]].*//p')
# Generate core.img, but don't let it be installed in boot sector
%{name}-install --no-bootsector $BOOT_PARTITION || true
# Create a working grub2 config, otherwise that entry is un-bootable
/usr/sbin/grub2-mkconfig -o /boot/%{name}/grub.cfg
fi
fi
elif [ "x${LOADER_TYPE}" = "xgrub2" ]; then
# It's enought to call update-bootloader to install grub2 and update it's config
# Use new --reinit, if not available use --refresh
# --reinit: install and update bootloader config
# --refresh: update bootloader config
/sbin/update-bootloader --reinit 2>&1 | grep -q 'Unknown option: reinit' &&
/sbin/update-bootloader --refresh || true
fi
%endif
%posttrans %{grubarch}
%{?update_bootloader_posttrans}
%endif
%ifarch %{efi}
%post %{grubefiarch}
%if 0%{?update_bootloader_check_type_reinit_post:1}
%update_bootloader_check_type_reinit_post grub2-efi
%else
# To check by current loader settings
if [ -f %{_sysconfdir}/sysconfig/bootloader ]; then
. %{_sysconfdir}/sysconfig/bootloader
fi
if [ "x${LOADER_TYPE}" = "xgrub2-efi" ]; then
if [ -d /boot/%{name}-efi ]; then
# Migrate settings to standard prefix /boot/grub2
for i in custom.cfg grubenv; do
[ -f /boot/%{name}-efi/$i ] && cp -a /boot/%{name}-efi/$i /boot/%{name} || :
done
fi
# It's enough to call update-bootloader to install grub2 and update it's config
# Use new --reinit, if not available use --refresh
# --reinit: install and update bootloader config
# --refresh: update bootloader config
/sbin/update-bootloader --reinit 2>&1 | grep -q 'Unknown option: reinit' &&
/sbin/update-bootloader --refresh || true
fi
if [ -d /boot/%{name}-efi ]; then
mv /boot/%{name}-efi /boot/%{name}-efi.rpmsave
fi
exit 0
%endif
%posttrans %{grubefiarch}
%{?update_bootloader_posttrans}
%endif
%preun
%service_del_preun grub2-once.service
# We did not add core.img to grub1 menu.lst in new update-bootloader macro as what
# the old %%post ever did, then the %%preun counterpart which removed the added core.img
# entry from old %%post can be skipped entirely if having new macro in use.
%if ! 0%{?update_bootloader_posttrans:1}%{?only_efi:1}
if [ $1 = 0 ]; then
# To check by current loader settings
if [ -f %{_sysconfdir}/sysconfig/bootloader ]; then
. %{_sysconfdir}/sysconfig/bootloader
fi
if [ "x${LOADER_TYPE}" = "xgrub" ]; then
exec >/dev/null 2>&1
if [ -f /boot/grub/menu.lst ]; then
# Remove grub2 testing entry in menu.lst if has any
for i in /boot/%{name}/core.img /boot/%{name}/i386-pc/core.img; do
if /usr/bin/grep -l "^\s*kernel\s*.*$i" /boot/grub/menu.lst; then
/sbin/update-bootloader --remove --image "$i" || true
fi
done
fi
# Cleanup config, to not confuse some tools determining bootloader in use
rm -f /boot/%{name}/grub.cfg
# Cleanup installed files
# Unless grub2 provides grub2-uninstall, we don't remove any file because
# we have no idea what's been installed. (And a blind remove is dangerous
# to remove user's or other package's file accidently ..)
fi
fi
%endif
%postun
%service_del_postun grub2-once.service
%files -f %{name}.lang
%defattr(-,root,root,-)
%if 0%{?suse_version} < 1500
%doc COPYING
%else
%license COPYING
%endif
%doc NEWS README
%doc THANKS TODO ChangeLog
%doc docs/autoiso.cfg docs/osdetect.cfg
%ifarch s390x
%doc README.ibm3215
%endif
%dir /boot/%{name}
%ghost /boot/%{name}/grub.cfg
%{_sysconfdir}/bash_completion.d/grub
%config(noreplace) %{_sysconfdir}/default/grub
%dir %{_sysconfdir}/grub.d
%{_sysconfdir}/grub.d/README
%config(noreplace) %{_sysconfdir}/grub.d/00_header
%config(noreplace) %{_sysconfdir}/grub.d/10_linux
%config(noreplace) %{_sysconfdir}/grub.d/20_linux_xen
%config(noreplace) %{_sysconfdir}/grub.d/40_custom
%config(noreplace) %{_sysconfdir}/grub.d/41_custom
%config(noreplace) %{_sysconfdir}/grub.d/90_persistent
%ifnarch ppc ppc64 ppc64le
%config(noreplace) %{_sysconfdir}/grub.d/95_textmode
%endif
%ifarch %{ix86} x86_64
%config(noreplace) %{_sysconfdir}/grub.d/20_memtest86+
%endif
%ifarch ppc ppc64 ppc64le
%config(noreplace) %{_sysconfdir}/grub.d/20_ppc_terminfo
%endif
%ifarch s390x
%config(noreplace) %{_sysconfdir}/default/zipl2grub.conf.in
%{dracutlibdir}
%{_sbindir}/%{name}-zipl-setup
%{_datadir}/%{name}/zipl-refresh
%endif
%{_sbindir}/%{name}-install
%{_sbindir}/%{name}-mkconfig
%{_sbindir}/%{name}-once
%{_sbindir}/%{name}-probe
%{_sbindir}/%{name}-reboot
%{_sbindir}/%{name}-set-default
%{_sbindir}/%{name}-check-default
%{_bindir}/%{name}-editenv
%{_bindir}/%{name}-file
%{_bindir}/%{name}-fstest
%{_bindir}/%{name}-kbdcomp
%{_bindir}/%{name}-menulst2cfg
%{_bindir}/%{name}-mkfont
%{_bindir}/%{name}-mkimage
%{_bindir}/%{name}-mklayout
%{_bindir}/%{name}-mknetdir
%{_bindir}/%{name}-mkpasswd-pbkdf2
%{_bindir}/%{name}-mkrelpath
%{_bindir}/%{name}-mkrescue
%{_bindir}/%{name}-mkstandalone
%{_bindir}/%{name}-render-label
%{_bindir}/%{name}-script-check
%{_bindir}/%{name}-syslinux2cfg
%if 0%{?has_systemd:1}
%{_unitdir}/grub2-once.service
%endif
%dir %{_datadir}/%{name}
%dir %{_datadir}/%{name}/themes
%if 0%{?suse_version} >= 1140
%{_datadir}/%{name}/*.pf2
%endif
%{_datadir}/%{name}/grub-mkconfig_lib
%{_infodir}/grub-dev.info*
%{_infodir}/%{name}.info*
%{_mandir}/man1/%{name}-editenv.1.*
%{_mandir}/man1/%{name}-file.1.*
%{_mandir}/man1/%{name}-fstest.1.*
%{_mandir}/man1/%{name}-kbdcomp.1.*
%{_mandir}/man1/%{name}-menulst2cfg.1.*
%{_mandir}/man1/%{name}-mkfont.1.*
%{_mandir}/man1/%{name}-mkimage.1.*
%{_mandir}/man1/%{name}-mklayout.1.*
%{_mandir}/man1/%{name}-mknetdir.1.*
%{_mandir}/man1/%{name}-mkpasswd-pbkdf2.1.*
%{_mandir}/man1/%{name}-mkrelpath.1.*
%{_mandir}/man1/%{name}-mkrescue.1.*
%{_mandir}/man1/%{name}-mkstandalone.1.*
%{_mandir}/man1/%{name}-render-label.1.*
%{_mandir}/man1/%{name}-script-check.1.*
%{_mandir}/man1/%{name}-syslinux2cfg.1.*
%{_mandir}/man8/%{name}-install.8.*
%{_mandir}/man8/%{name}-mkconfig.8.*
%{_mandir}/man8/%{name}-probe.8.*
%{_mandir}/man8/%{name}-reboot.8.*
%{_mandir}/man8/%{name}-set-default.8.*
%if %{emu}
%{_bindir}/%{name}-emu
%{_mandir}/man1/%{name}-emu.1.*
%endif
%ifnarch s390x
%config(noreplace) %{_sysconfdir}/grub.d/30_os-prober
%{_bindir}/%{name}-glue-efi
%{_bindir}/%{name}-mount
%{_sbindir}/%{name}-bios-setup
%{_sbindir}/%{name}-macbless
%{_sbindir}/%{name}-ofpathname
%{_sbindir}/%{name}-sparc64-setup
%{_mandir}/man1/%{name}-glue-efi.1.*
%{_mandir}/man1/%{name}-mount.1.*
%{_mandir}/man8/%{name}-bios-setup.8.*
%{_mandir}/man8/%{name}-macbless.8.*
%{_mandir}/man8/%{name}-ofpathname.8.*
%{_mandir}/man8/%{name}-sparc64-setup.8.*
%endif
%files branding-upstream
%defattr(-,root,root,-)
%{_datadir}/%{name}/themes/starfield
%if ! 0%{?only_efi:1}
%files %{grubarch} -f %{grubarch}-mod.lst
%defattr(-,root,root,-)
%dir %{_datadir}/%{name}/%{grubarch}
%ifarch ppc ppc64 ppc64le
# This is intentionally "grub.chrp" and not "%%{name}.chrp"
%{_datadir}/%{name}/%{grubarch}/grub.chrp
%{_datadir}/%{name}/%{grubarch}/bootinfo.txt
%endif
%ifnarch ppc ppc64 ppc64le s390x %{arm}
%{_datadir}/%{name}/%{grubarch}/*.image
%endif
%{_datadir}/%{name}/%{grubarch}/*.img
%{_datadir}/%{name}/%{grubarch}/*.lst
%ifarch x86_64
%{_datadir}/%{name}/%{grubarch}/efiemu*.o
%endif
%{_datadir}/%{name}/%{grubarch}/kernel.exec
%{_datadir}/%{name}/%{grubarch}/modinfo.sh
%files %{grubarch}-extras -f %{grubarch}-mod-extras.lst
%defattr(-,root,root,-)
%dir %{_datadir}/%{name}/%{grubarch}
%files %{grubarch}-debug
%defattr(-,root,root,-)
%{_datadir}/%{name}/%{grubarch}/gdb_grub
%{_datadir}/%{name}/%{grubarch}/gmodule.pl
%{_datadir}/%{name}/%{grubarch}/*.module
%endif
%ifarch %{efi}
%files %{grubefiarch} -f %{grubefiarch}-mod.lst
%defattr(-,root,root,-)
%dir %{_datadir}/%{name}/%{grubefiarch}
%{_datadir}/%{name}/%{grubefiarch}/grub.efi
%ifarch x86_64
%{_datadir}/%{name}/%{grubefiarch}/grub-tpm.efi
%endif
%{_datadir}/%{name}/%{grubefiarch}/*.img
%{_datadir}/%{name}/%{grubefiarch}/*.lst
%{_datadir}/%{name}/%{grubefiarch}/kernel.exec
%{_datadir}/%{name}/%{grubefiarch}/modinfo.sh
%dir %{sysefibasedir}
%dir %{sysefidir}
%{sysefidir}/grub.efi
%if 0%{?suse_version} < 1600
%ifarch x86_64
# provide compatibility sym-link for previous shim-install and kiwi
%dir /usr/lib64/efi
/usr/lib64/efi/DEPRECATED
/usr/lib64/efi/grub.efi
%endif
%endif
%ifarch x86_64 aarch64
%if 0%{?suse_version} >= 1230 || 0%{?suse_version} == 1110
%{sysefidir}/grub.der
%endif
%endif
%files %{grubefiarch}-extras -f %{grubefiarch}-mod-extras.lst
%defattr(-,root,root,-)
%dir %{_datadir}/%{name}/%{grubefiarch}
%files %{grubefiarch}-debug
%defattr(-,root,root,-)
%{_datadir}/%{name}/%{grubefiarch}/gdb_grub
%{_datadir}/%{name}/%{grubefiarch}/gmodule.pl
%{_datadir}/%{name}/%{grubefiarch}/*.module
%endif
%files snapper-plugin
%defattr(-,root,root,-)
%dir %{_libdir}/snapper
%dir %{_libdir}/snapper/plugins
%config(noreplace) %{_sysconfdir}/grub.d/80_suse_btrfs_snapshot
%{_libdir}/snapper/plugins/grub
%ifarch %{ix86} x86_64
%files %{grubxenarch} -f %{grubxenarch}.lst
%defattr(-,root,root,-)
%dir %{_datadir}/%{name}/%{grubxenarch}
# provide compatibility sym-link for VM definitions pointing to old location
%dir %{_libdir}/%{name}
%{_libdir}/%{name}/%{grubxenarch}
%files %{grubxenarch}-extras -f %{grubxenarch}-extras.lst
%defattr(-,root,root,-)
%dir %{_datadir}/%{name}/%{grubxenarch}
%endif
%if 0%{?has_systemd:1}
%files systemd-sleep-plugin
%defattr(-,root,root,-)
%dir %{_libdir}/systemd/system-sleep
%{_libdir}/systemd/system-sleep/grub2.sleep
%endif
%changelog