SHA256
1
0
forked from pool/grub2
grub2/grub2.spec
Michael Chang 8c3cd1e56a Accepting request 1128487 from home:michael-chang:branches:Base:System
- Fix unattended boot with TPM2 allows downgrading kernel and rootfs, also
  enhancing the overall security posture (bsc#1216680)
  * 0001-Improve-TPM-key-protection-on-boot-interruptions.patch
  * 0002-Restrict-file-access-on-cryptodisk-print.patch
  * 0003-Restrict-ls-and-auto-file-completion-on-cryptodisk-p.patch
  * 0004-Key-revocation-on-out-of-bound-file-access.patch

OBS-URL: https://build.opensuse.org/request/show/1128487
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=477
2023-11-27 00:14:50 +00:00

1491 lines
51 KiB
RPMSpec

#
# spec file for package grub2
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# needssslcertforbuild
%define _binaries_in_noarch_package_terminate_build 0
%if %{defined sbat_distro}
# SBAT metadata
%define sbat_generation 1
%define sbat_generation_grub 4
%else
%{error please define sbat_distro, sbat_distro_summary and sbat_distro_url}
%endif
Name: grub2
BuildRequires: automake
BuildRequires: bison
BuildRequires: device-mapper-devel
BuildRequires: fdupes
BuildRequires: flex
BuildRequires: freetype2-devel
BuildRequires: fuse-devel
BuildRequires: gcc
BuildRequires: glibc-devel
%if 0%{?suse_version} >= 1140
BuildRequires: dejavu-fonts
BuildRequires: gnu-unifont
%endif
BuildRequires: help2man
BuildRequires: libtasn1-devel
BuildRequires: xz
%if 0%{?suse_version} >= 1210
BuildRequires: makeinfo
%else
BuildRequires: texinfo
%endif
%if %{defined pythons}
BuildRequires: %{pythons}
%else
BuildRequires: python
%endif
BuildRequires: xz-devel
%ifarch x86_64 aarch64 ppc ppc64 ppc64le
BuildRequires: openssl >= 0.9.8
BuildRequires: pesign-obs-integration
%endif
%if 0%{?suse_version} >= 1210
# Package systemd services files grub2-once.service
BuildRequires: systemd-rpm-macros
%define has_systemd 1
%endif
%if 0%{?suse_version} > 1320
BuildRequires: update-bootloader-rpm-macros
%endif
# Modules code is dynamically loaded and collected from a _fixed_ path.
%define _libdir %{_exec_prefix}/lib
# Build grub2-emu everywhere (it may be "required" by 'grub2-once')
%define emu 1
%ifarch ppc ppc64 ppc64le
%define grubcpu powerpc
%define platform ieee1275
%define brp_pesign_reservation 65536
# emu does not build here yet... :-(
%define emu 0
%endif
%ifarch %{ix86} x86_64
%define grubcpu i386
%define platform pc
%endif
%ifarch s390x
%define grubcpu s390x
%define platform emu
%endif
%ifarch %{arm}
%define grubcpu arm
%define platform uboot
%endif
%ifarch aarch64
%define grubcpu arm64
%define platform efi
%define only_efi 1
%endif
%ifarch riscv64
%define grubcpu riscv64
%define platform efi
%define only_efi 1
%endif
%define grubarch %{grubcpu}-%{platform}
# build efi bootloader on some platforms only:
%if ! 0%{?efi:1}
%global efi %{ix86} x86_64 ia64 aarch64 %{arm} riscv64
%endif
%ifarch %{efi}
%ifarch %{ix86}
%define grubefiarch i386-efi
%else
%ifarch aarch64
%define grubefiarch arm64-efi
%else
%ifarch %{arm}
%define grubefiarch arm-efi
%else
%define grubefiarch %{_target_cpu}-efi
%endif
%endif
%endif
%endif
%ifarch %{ix86}
%define grubxenarch i386-xen
%endif
%ifarch x86_64
%define grubxenarch x86_64-xen
%endif
%if "%{platform}" == "emu"
# force %%{emu} to 1, e.g. for s390
%define emu 1
%endif
%if 0%{?suse_version} == 1110
%define only_efi %{nil}
%define only_x86_64 %{nil}
%endif
%ifarch %{efi}
# The branding package requires grub2. It's not necessary here,
# so break the dep to avoid a cycle.
#!BuildIgnore: grub2
BuildRequires: grub2-branding
BuildRequires: squashfs
%endif
# For ALP and Tumbleweed
%if 0%{?suse_version} >= 1600
# Only include the macros for the architectures with the newer UEFI and TCG protocol
%ifarch x86_64 aarch64 riscv64
BuildRequires: fde-tpm-helper-rpm-macros
%endif
%endif
Version: 2.12~rc1
Release: 0
Summary: Bootloader with support for Linux, Multiboot and more
License: GPL-3.0-or-later
Group: System/Boot
URL: http://www.gnu.org/software/grub/
Source0: https://alpha.gnu.org/gnu/grub/grub-%{version}.tar.xz
Source1: 90_persistent
Source2: grub.default
Source4: grub2.rpmlintrc
Source6: grub2-once
Source7: 20_memtest86+
Source8: README.ibm3215
Source10: openSUSE-UEFI-CA-Certificate.crt
Source11: SLES-UEFI-CA-Certificate.crt
Source12: grub2-snapper-plugin.sh
Source14: 80_suse_btrfs_snapshot
Source15: grub2-once.service
Source16: grub2-xen-pv-firmware.cfg
# required hook for systemd-sleep (bsc#941758)
Source17: grub2-systemd-sleep.sh
Source18: grub2-check-default.sh
Source19: grub2-instdev-fixup.pl
Source1000: PATCH_POLICY
Patch1: rename-grub-info-file-to-grub2.patch
Patch2: grub2-linux.patch
Patch3: use-grub2-as-a-package-name.patch
Patch4: info-dir-entry.patch
Patch5: grub2-simplefb.patch
Patch6: grub2-iterate-and-hook-for-extended-partition.patch
Patch7: grub2-ppc-terminfo.patch
Patch8: grub2-fix-error-terminal-gfxterm-isn-t-found.patch
Patch9: grub2-fix-menu-in-xen-host-server.patch
Patch10: not-display-menu-when-boot-once.patch
Patch11: grub2-pass-corret-root-for-nfsroot.patch
Patch12: grub2-efi-HP-workaround.patch
Patch13: grub2-secureboot-add-linuxefi.patch
Patch14: grub2-secureboot-no-insmod-on-sb.patch
Patch15: grub2-secureboot-chainloader.patch
Patch16: grub2-linuxefi-fix-boot-params.patch
Patch17: grub2-linguas.sh-no-rsync.patch
Patch18: grub2-use-Unifont-for-starfield-theme-terminal.patch
Patch19: grub2-s390x-01-Changes-made-and-files-added-in-order-to-allow-s390x.patch
Patch20: grub2-s390x-03-output-7-bit-ascii.patch
Patch21: grub2-s390x-04-grub2-install.patch
Patch22: grub2-s390x-05-grub2-mkconfig.patch
Patch23: grub2-use-rpmsort-for-version-sorting.patch
Patch24: grub2-getroot-treat-mdadm-ddf-as-simple-device.patch
Patch25: grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch
Patch26: grub2-xen-linux16.patch
Patch27: grub2-efi-disable-video-cirrus-and-bochus.patch
Patch28: grub2-vbe-blacklist-preferred-1440x900x32.patch
Patch29: grub2-grubenv-in-btrfs-header.patch
Patch30: grub2-mkconfig-aarch64.patch
Patch31: grub2-default-distributor.patch
Patch32: grub2-menu-unrestricted.patch
Patch33: grub2-mkconfig-arm.patch
Patch34: grub2-s390x-06-loadparm.patch
Patch35: grub2-s390x-07-add-image-param-for-zipl-setup.patch
Patch36: grub2-s390x-08-workaround-part-to-disk.patch
Patch37: grub2-commands-introduce-read_file-subcommand.patch
Patch38: grub2-efi-chainload-harder.patch
Patch39: grub2-emu-4-all.patch
Patch40: grub2-lvm-allocate-metadata-buffer-from-raw-contents.patch
Patch41: grub2-diskfilter-support-pv-without-metadatacopies.patch
Patch42: grub2-s390x-09-improve-zipl-setup.patch
Patch43: grub2-getroot-scan-disk-pv.patch
Patch44: grub2-util-30_os-prober-multiple-initrd.patch
Patch45: grub2-getroot-support-nvdimm.patch
Patch46: grub2-install-fix-not-a-directory-error.patch
Patch47: grub-install-force-journal-draining-to-ensure-data-i.patch
Patch48: grub2-s390x-skip-zfcpdump-image.patch
Patch49: grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
Patch50: grub2-btrfs-02-export-subvolume-envvars.patch
Patch51: grub2-btrfs-03-follow_default.patch
Patch52: grub2-btrfs-04-grub2-install.patch
Patch53: grub2-btrfs-05-grub2-mkconfig.patch
Patch54: grub2-btrfs-06-subvol-mount.patch
Patch55: grub2-btrfs-07-subvol-fallback.patch
Patch56: grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch
Patch57: grub2-btrfs-09-get-default-subvolume.patch
Patch58: grub2-btrfs-10-config-directory.patch
Patch59: grub2-efi-xen-chainload.patch
Patch60: grub2-efi-xen-cmdline.patch
Patch61: grub2-efi-xen-cfg-unquote.patch
Patch62: grub2-efi-xen-removable.patch
Patch63: grub2-Add-hidden-menu-entries.patch
Patch64: grub2-SUSE-Add-the-t-hotkey.patch
Patch65: grub2-zipl-setup-fix-btrfs-multipledev.patch
Patch66: grub2-suse-remove-linux-root-param.patch
Patch67: grub2-ppc64le-disable-video.patch
Patch68: grub2-ppc64le-memory-map.patch
Patch69: grub2-ppc64-cas-reboot-support.patch
Patch70: grub2-install-remove-useless-check-PReP-partition-is-empty.patch
Patch71: grub2-ppc64-cas-new-scope.patch
Patch72: grub2-ppc64-cas-fix-double-free.patch
Patch73: grub2-efi_gop-avoid-low-resolution.patch
Patch74: 0003-bootp-New-net_bootp6-command.patch
Patch75: 0004-efinet-UEFI-IPv6-PXE-support.patch
Patch76: 0005-grub.texi-Add-net_bootp6-doument.patch
Patch77: 0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch
Patch78: 0007-efinet-Setting-network-from-UEFI-device-path.patch
Patch79: 0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch
Patch80: 0012-tpm-Build-tpm-as-module.patch
Patch81: 0001-add-support-for-UEFI-network-protocols.patch
Patch82: 0002-AUDIT-0-http-boot-tracker-bug.patch
Patch83: grub2-mkconfig-default-entry-correction.patch
Patch84: grub2-s390x-11-secureboot.patch
Patch85: grub2-s390x-12-zipl-setup-usrmerge.patch
Patch86: grub2-secureboot-install-signed-grub.patch
Patch87: grub2-btrfs-help-on-snapper-rollback.patch
Patch88: grub2-video-limit-the-resolution-for-fixed-bimap-font.patch
Patch89: grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch
Patch90: 0001-kern-mm.c-Make-grub_calloc-inline.patch
Patch91: 0002-cmdline-Provide-cmdline-functions-as-module.patch
Patch92: 0001-ieee1275-powerpc-implements-fibre-channel-discovery-.patch
Patch93: 0002-ieee1275-powerpc-enables-device-mapper-discovery.patch
Patch94: 0001-Unify-the-check-to-enable-btrfs-relative-path.patch
Patch95: 0001-efi-linux-provide-linux-command.patch
Patch96: 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch
Patch97: 0002-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch
Patch98: 0003-Make-grub_error-more-verbose.patch
Patch99: 0004-arm-arm64-loader-Better-memory-allocation-and-error-.patch
Patch100: 0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch
Patch101: 0044-squash-kern-Add-lockdown-support.patch
Patch102: 0001-ieee1275-Avoiding-many-unecessary-open-close.patch
Patch103: 0001-Workaround-volatile-efi-boot-variable.patch
Patch104: 0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch
Patch105: 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch
Patch106: 0001-arm64-Fix-EFI-loader-kernel-image-allocation.patch
Patch107: 0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch
Patch108: 0001-Factor-out-grub_efi_linux_boot.patch
Patch109: 0002-Fix-race-in-EFI-validation.patch
Patch110: 0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch
Patch111: 0004-Try-to-pick-better-locations-for-kernel-and-initrd.patch
Patch112: 0005-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch
Patch113: 0006-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch
Patch114: 0007-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch
Patch115: 0008-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch
Patch116: 0009-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch
Patch117: 0010-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch
Patch118: 0011-Also-define-GRUB_EFI_MAX_ALLOCATION_ADDRESS-for-RISC.patch
Patch119: 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch
Patch120: 0005-docs-grub-Document-signing-grub-under-UEFI.patch
Patch121: 0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch
Patch122: 0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch
Patch123: 0008-pgp-factor-out-rsa_pad.patch
Patch124: 0009-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch
Patch125: 0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch
Patch126: 0011-libtasn1-import-libtasn1-4.18.0.patch
Patch127: 0012-libtasn1-disable-code-not-needed-in-grub.patch
Patch128: 0013-libtasn1-changes-for-grub-compatibility.patch
Patch129: 0014-libtasn1-compile-into-asn1-module.patch
Patch130: 0015-test_asn1-test-module-for-libtasn1.patch
Patch131: 0016-grub-install-support-embedding-x509-certificates.patch
Patch132: 0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch
Patch133: 0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch
Patch134: 0019-appended-signatures-support-verifying-appended-signa.patch
Patch135: 0020-appended-signatures-verification-tests.patch
Patch136: 0021-appended-signatures-documentation.patch
Patch137: 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch
Patch138: 0023-x509-allow-Digitial-Signature-plus-other-Key-Usages.patch
Patch139: 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch
Patch140: 0001-Add-grub_envblk_buf-helper-function.patch
Patch141: 0002-Add-grub_disk_write_tail-helper-function.patch
Patch142: 0003-grub-install-support-prep-environment-block.patch
Patch143: 0004-Introduce-prep_load_env-command.patch
Patch144: 0005-export-environment-at-start-up.patch
Patch145: 0001-grub-install-bailout-root-device-probing.patch
Patch146: 0001-install-fix-software-raid1-on-esp.patch
Patch147: 0001-grub-probe-Deduplicate-probed-partmap-output.patch
Patch148: 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch
Patch149: 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch
Patch150: 0001-protectors-Add-key-protectors-framework.patch
Patch151: 0002-tpm2-Add-TPM-Software-Stack-TSS.patch
Patch152: 0003-protectors-Add-TPM2-Key-Protector.patch
Patch153: 0004-cryptodisk-Support-key-protectors.patch
Patch154: 0005-util-grub-protect-Add-new-tool.patch
Patch155: 0008-linuxefi-Use-common-grub_initrd_load.patch
Patch156: 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch
Patch157: 0010-templates-import-etc-crypttab-to-grub.cfg.patch
Patch158: grub-read-pcr.patch
Patch159: tpm-record-pcrs.patch
Patch160: grub-install-record-pcrs.patch
Patch161: safe_tpm_pcr_snapshot.patch
Patch162: 0001-ieee1275-add-support-for-NVMeoFC.patch
Patch163: 0002-ieee1275-ofpath-enable-NVMeoF-logical-device-transla.patch
Patch164: 0003-ieee1275-change-the-logic-of-ieee1275_get_devargs.patch
Patch165: 0004-ofpath-controller-name-update.patch
Patch166: 0002-Mark-environmet-blocks-as-used-for-image-embedding.patch
Patch167: grub2-increase-crypttab-path-buffer.patch
Patch168: 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch
Patch169: 0001-grub2-Can-t-setup-a-default-boot-device-correctly-on.patch
Patch170: 0001-tpm2-Add-TPM2-types-structures-and-command-constants.patch
Patch171: 0002-tpm2-Add-more-marshal-unmarshal-functions.patch
Patch172: 0003-tpm2-Implement-more-TPM2-commands.patch
Patch173: 0004-tpm2-Support-authorized-policy.patch
Patch174: 0001-clean-up-crypttab-and-linux-modules-dependency.patch
Patch175: 0002-discard-cached-key-before-entering-grub-shell-and-ed.patch
Patch176: 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch
Patch177: 0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch
Patch178: 0001-openfw-Ensure-get_devargs-and-get_devname-functions-.patch
Patch179: 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch
Patch180: 0001-xen_boot-add-missing-grub_arch_efi_linux_load_image_.patch
Patch181: 0001-font-Try-memdisk-fonts-with-the-same-name.patch
Patch182: 0001-Make-grub.cfg-compatible-to-old-binaries.patch
Patch183: 0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch
Patch184: grub2-change-bash-completion-dir.patch
Patch185: 0001-protectors-Implement-NV-index.patch
Patch186: 0002-cryptodisk-Fallback-to-passphrase.patch
Patch187: 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch
Patch188: 0004-diskfilter-look-up-cryptodisk-devices-first.patch
Patch189: grub2-mkconfig-riscv64.patch
Patch190: arm64-Use-proper-memory-type-for-kernel-allocation.patch
Patch191: 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch
Patch192: 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch
Patch193: 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch
Patch194: 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch
Patch195: 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch
Patch196: 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch
Patch197: 0006-fs-ntfs-Make-code-more-readable.patch
Patch198: 0001-luks2-Use-grub-tpm2-token-for-TPM2-protected-volume-.patch
Patch199: Fix-the-size-calculation-for-the-synthesized-initrd.patch
Patch200: 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch
Patch201: 0001-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch
Patch202: 0002-fs-xfs-Fix-XFS-directory-extent-parsing.patch
Patch203: 0003-fs-xfs-add-large-extent-counters-incompat-feature-su.patch
Patch204: 0001-Improve-TPM-key-protection-on-boot-interruptions.patch
Patch205: 0002-Restrict-file-access-on-cryptodisk-print.patch
Patch206: 0003-Restrict-ls-and-auto-file-completion-on-cryptodisk-p.patch
Patch207: 0004-Key-revocation-on-out-of-bound-file-access.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
%ifnarch s390x
Recommends: os-prober
%endif
# xorriso not available using grub2-mkrescue (bnc#812681)
# downgrade to suggest as minimal system can't afford pulling in tcl/tk and half of the x11 stack (bsc#1102515)
Suggests: libburnia-tools
Suggests: mtools
%endif
%if ! 0%{?only_efi:1}
Requires: grub2-%{grubarch} = %{version}-%{release}
%endif
%ifarch s390x
# required utilities by grub2-s390x-04-grub2-install.patch
# use 'showconsole' to determine console device. (bnc#876743)
Requires: kexec-tools
Requires: (/sbin/showconsole or /usr/sbin/showconsole)
# for /sbin/zipl used by grub2-zipl-setup
Requires: s390-tools
%endif
%ifarch ppc64 ppc64le
Requires: powerpc-utils
%endif
%ifarch %{ix86}
# meanwhile, memtest is available as EFI executable
Recommends: memtest86+
%endif
%if 0%{?only_x86_64:1}
ExclusiveArch: x86_64
%else
ExclusiveArch: %{ix86} x86_64 ppc ppc64 ppc64le s390x aarch64 %{arm} riscv64
%endif
%description
This is the second version of the GRUB (Grand Unified Bootloader), a
highly configurable and customizable bootloader with modular
architecture. It support rich scale of kernel formats, file systems,
computer architectures and hardware devices.
This package includes user space utlities to manage GRUB on your system.
%package branding-upstream
Summary: Upstream branding for GRUB2's graphical console
Group: System/Fhs
Requires: %{name} = %{version}
%description branding-upstream
Upstream branding for GRUB2's graphical console
%if ! 0%{?only_efi:1}
%package %{grubarch}
Summary: Bootloader with support for Linux, Multiboot and more
Group: System/Boot
%if "%{platform}" != "emu"
BuildArch: noarch
%endif
Requires: %{name} = %{version}
Requires(post): %{name} = %{version}
%if 0%{?update_bootloader_requires:1}
%update_bootloader_requires
%else
Requires: perl-Bootloader
Requires(post): perl-Bootloader
%endif
%description %{grubarch}
The GRand Unified Bootloader (GRUB) is a highly configurable and customizable
bootloader with modular architecture. It supports rich variety of kernel formats,
file systems, computer architectures and hardware devices. This subpackage
provides support for %{platform} systems.
%package %{grubarch}-extras
Summary: Unsupported modules for %{grubarch}
Group: System/Boot
BuildArch: noarch
Requires: %{name}-%{grubarch} = %{version}
Provides: %{name}-%{grubarch}:%{_datadir}/%{name}/%{grubarch}/zfs.mod
Provides: %{name}-%{grubarch}:%{_datadir}/%{name}/%{grubarch}/zfscrypt.mod
Provides: %{name}-%{grubarch}:%{_datadir}/%{name}/%{grubarch}/zfsinfo.mod
%description %{grubarch}-extras
Unsupported modules for %{name}-%{grubarch}
%package %{grubarch}-debug
Summary: Debug symbols for %{grubarch}
Group: System/Boot
%if "%{platform}" != "emu"
BuildArch: noarch
%endif
Requires: %{name}-%{grubarch} = %{version}
%description %{grubarch}-debug
Debug information for %{name}-%{grubarch}
Information on how to debug grub can be found online:
https://www.cnblogs.com/coryxie/archive/2013/03/12/2956807.html
%endif
%ifarch %{efi}
%package %{grubefiarch}
Summary: Bootloader with support for Linux, Multiboot and more
Group: System/Boot
BuildArch: noarch
# Require efibootmgr
# Without it grub-install is broken so break the package as well if unavailable
Requires: efibootmgr
Requires(post): efibootmgr
Requires: %{name} = %{version}
Requires(post): %{name} = %{version}
%if 0%{?update_bootloader_requires:1}
%update_bootloader_requires
%else
Requires: perl-Bootloader >= 0.706
Requires(post): perl-Bootloader >= 0.706
%endif
%{?fde_tpm_update_requires}
Provides: %{name}-efi = %{version}-%{release}
Obsoletes: %{name}-efi < %{version}-%{release}
%description %{grubefiarch}
The GRand Unified Bootloader (GRUB) is a highly configurable and customizable
bootloader with modular architecture. It supports rich variety of kernel formats,
file systems, computer architectures and hardware devices. This subpackage
provides support for EFI systems.
%package %{grubefiarch}-extras
Summary: Unsupported modules for %{grubefiarch}
Group: System/Boot
BuildArch: noarch
Requires: %{name}-%{grubefiarch} = %{version}
Provides: %{name}-%{grubefiarch}:%{_datadir}/%{name}/%{grubefiarch}/zfs.mod
Provides: %{name}-%{grubefiarch}:%{_datadir}/%{name}/%{grubefiarch}/zfscrypt.mod
Provides: %{name}-%{grubefiarch}:%{_datadir}/%{name}/%{grubefiarch}/zfsinfo.mod
%description %{grubefiarch}-extras
Unsupported modules for %{name}-%{grubefiarch}
%package %{grubefiarch}-debug
Summary: Debug symbols for %{grubefiarch}
Group: System/Boot
%if "%{platform}" != "emu"
BuildArch: noarch
%endif
Requires: %{name}-%{grubefiarch} = %{version}
%description %{grubefiarch}-debug
Debug symbols for %{name}-%{grubefiarch}
Information on how to debug grub can be found online:
https://www.cnblogs.com/coryxie/archive/2013/03/12/2956807.html
%endif
%ifarch %{ix86} x86_64
%package %{grubxenarch}
Summary: Bootloader with support for Linux, Multiboot and more
Group: System/Boot
Provides: %{name}-xen = %{version}-%{release}
Obsoletes: %{name}-xen < %{version}-%{release}
BuildArch: noarch
%description %{grubxenarch}
The GRand Unified Bootloader (GRUB) is a highly configurable and customizable
bootloader with modular architecture. It supports rich variety of kernel formats,
file systems, computer architectures and hardware devices. This subpackage
provides support for XEN systems.
%package %{grubxenarch}-extras
Summary: Unsupported modules for %{grubxenarch}
Group: System/Boot
BuildArch: noarch
Requires: %{name}-%{grubxenarch} = %{version}
Provides: %{name}-%{grubxenarch}:%{_datadir}/%{name}/%{grubxenarch}/zfs.mod
Provides: %{name}-%{grubxenarch}:%{_datadir}/%{name}/%{grubxenarch}/zfscrypt.mod
Provides: %{name}-%{grubxenarch}:%{_datadir}/%{name}/%{grubxenarch}/zfsinfo.mod
%description %{grubxenarch}-extras
Unsupported modules for %{name}-%{grubxenarch}
%endif
%package snapper-plugin
Summary: Grub2's snapper plugin
Group: System/Fhs
Requires: %{name} = %{version}
Requires: libxml2-tools
Supplements: packageand(snapper:grub2)
BuildArch: noarch
%description snapper-plugin
Grub2's snapper plugin for advanced btrfs snapshot boot menu management
%if 0%{?has_systemd:1}
%package systemd-sleep-plugin
Summary: Grub2's systemd-sleep plugin
Group: System/Fhs
Requires: grub2
Requires: util-linux
Supplements: packageand(systemd:grub2)
BuildArch: noarch
%description systemd-sleep-plugin
Grub2's systemd-sleep plugin for directly booting hibernated kernel image in
swap partition while in resuming
%endif
%prep
# We create (if we build for efi) two copies of the sources in the Builddir
%autosetup -p1 -n grub-%{version}
%build
# collect evidence to debug spurious build failure on SLE15
ulimit -a
# patches above may update the timestamp of grub.texi
# and via build-aux/mdate-sh they end up in grub2.info, breaking build-compare
[ -z "$SOURCE_DATE_EPOCH" ] ||\
[ `stat -c %Y docs/grub.texi` -lt $SOURCE_DATE_EPOCH ] ||\
touch -d@$SOURCE_DATE_EPOCH docs/grub.texi
# This simplifies patch handling without need to use git to create patch
# that renames file
mv docs/grub.texi docs/grub2.texi
cp %{SOURCE8} .
mkdir build
%ifarch %{efi}
mkdir build-efi
%endif
%ifarch %{ix86} x86_64
mkdir build-xen
%endif
%if %{emu}
mkdir build-emu
%endif
export PYTHON=%{_bindir}/python3
[ -x $PYTHON ] || unset PYTHON # try 'python', if 'python3' is unavailable
# autogen calls autoreconf -vi
./autogen.sh
# Not yet:
%define common_conf_options TARGET_LDFLAGS=-static --program-transform-name=s,grub,%{name},
# This does NOT work on SLE11:
%define _configure ../configure
# We don't want to let rpm override *FLAGS with default a.k.a bogus values.
CFLAGS="-fno-strict-aliasing -fno-inline-functions-called-once "
CXXFLAGS=" "
FFLAGS=" "
export CFLAGS CXXFLAGS FFLAGS
%if %{emu}
cd build-emu
%define arch_specific --enable-device-mapper --disable-grub-mount
TLFLAGS="-fPIC"
# -static is needed so that autoconf script is able to link
# test that looks for _start symbol on 64 bit platforms
../configure TARGET_LDFLAGS=$TLFLAGS \
--prefix=%{_prefix} \
--libdir=%{_datadir} \
--sysconfdir=%{_sysconfdir} \
--target=%{_target_platform} \
--with-platform=emu \
%{arch_specific} \
--program-transform-name=s,grub,%{name},
make %{?_smp_mflags}
cd ..
if [ "%{platform}" = "emu" ]; then
rmdir build
mv build-emu build
fi
%endif
%ifarch %{ix86} x86_64
cd build-xen
../configure \
TARGET_LDFLAGS=-static \
--prefix=%{_prefix} \
--libdir=%{_datadir} \
--sysconfdir=%{_sysconfdir} \
--target=%{_target_platform} \
--with-platform=xen \
--program-transform-name=s,grub,%{name},
make %{?_smp_mflags}
./grub-mkstandalone --grub-mkimage=./grub-mkimage -o grub.xen -O %{grubxenarch} -d grub-core/ "/boot/grub/grub.cfg=%{SOURCE16}"
cd ..
%endif
FS_MODULES="btrfs ext2 xfs jfs reiserfs"
CD_MODULES="all_video boot cat configfile echo true \
font gfxmenu gfxterm gzio halt iso9660 \
jpeg minicmd normal part_apple part_msdos part_gpt \
password password_pbkdf2 png reboot search search_fs_uuid \
search_fs_file search_label sleep test video fat loadenv loopback"
PXE_MODULES="tftp http"
CRYPTO_MODULES="luks luks2 gcry_rijndael gcry_sha1 gcry_sha256 gcry_sha512 crypttab"
%ifarch %{efi}
CD_MODULES="${CD_MODULES} chain efifwsetup efinet read tpm tpm2 memdisk tar squash4 xzio"
PXE_MODULES="${PXE_MODULES} efinet"
%else
CD_MODULES="${CD_MODULES} net"
PXE_MODULES="${PXE_MODULES} net"
%endif
%ifarch x86_64
CD_MODULES="${CD_MODULES} linuxefi"
%else
CD_MODULES="${CD_MODULES} linux"
%endif
GRUB_MODULES="${CD_MODULES} ${FS_MODULES} ${PXE_MODULES} ${CRYPTO_MODULES} mdraid09 mdraid1x lvm serial"
%ifarch ppc ppc64 ppc64le
GRUB_MODULES="${GRUB_MODULES} appendedsig memdisk tar regexp prep_loadenv tpm"
%endif
%ifarch %{efi}
cd build-efi
../configure \
TARGET_LDFLAGS=-static \
--prefix=%{_prefix} \
--libdir=%{_datadir} \
--sysconfdir=%{_sysconfdir} \
--target=%{_target_platform} \
--with-platform=efi \
--program-transform-name=s,grub,%{name},
make %{?_smp_mflags}
%if 0%{?sbat_generation}
echo "sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md" > sbat.csv
echo "grub,%{sbat_generation_grub},Free Software Foundation,grub,%{version},https://www.gnu.org/software/grub/" >> sbat.csv
echo "grub.%{sbat_distro},%{sbat_generation},%{sbat_distro_summary},%{name},%{version},%{sbat_distro_url}" >> sbat.csv
%endif
mkdir -p ./fonts
cp %{_datadir}/%{name}/themes/*/*.pf2 ./fonts
cp ./unicode.pf2 ./fonts
%if 0%{?suse_version} > 1500
tar -cf - ./fonts | mksquashfs - memdisk.sqsh -tar -comp xz -quiet -no-progress
%else
mksquashfs ./fonts memdisk.sqsh -keep-as-directory -comp xz -quiet -no-progress
%endif
./grub-mkimage -O %{grubefiarch} -o grub.efi --memdisk=./memdisk.sqsh --prefix= %{?sbat_generation:--sbat sbat.csv} \
-d grub-core ${GRUB_MODULES}
%ifarch x86_64 aarch64
if test -e %{_sourcedir}/_projectcert.crt ; then
prjsubject=$(openssl x509 -in %{_sourcedir}/_projectcert.crt -noout -subject_hash)
prjissuer=$(openssl x509 -in %{_sourcedir}/_projectcert.crt -noout -issuer_hash)
opensusesubject=$(openssl x509 -in %{SOURCE10} -noout -subject_hash)
slessubject=$(openssl x509 -in %{SOURCE11} -noout -subject_hash)
if test "$prjissuer" = "$opensusesubject" ; then
cert=%{SOURCE10}
fi
if test "$prjissuer" = "$slessubject" ; then
cert=%{SOURCE11}
fi
if test "$prjsubject" = "$prjissuer" ; then
cert=%{_sourcedir}/_projectcert.crt
fi
fi
if test -z "$cert" ; then
echo "cannot identify project, assuming openSUSE signing"
cert=%{SOURCE10}
fi
openssl x509 -in $cert -outform DER -out grub.der
%endif
cd ..
%endif
%if ! 0%{?only_efi:1}
cd build
# 64-bit x86-64 machines use 32-bit boot loader
# (We cannot just redefine _target_cpu, as we'd get i386.rpm packages then)
%ifarch x86_64
%define _target_platform i386-%{_vendor}-%{_target_os}%{?_gnu}
%endif
%if "%{platform}" != "emu"
%define arch_specific --enable-device-mapper
TLFLAGS="-static"
# -static is needed so that autoconf script is able to link
# test that looks for _start symbol on 64 bit platforms
../configure TARGET_LDFLAGS="$TLFLAGS" \
--prefix=%{_prefix} \
--libdir=%{_datadir} \
--sysconfdir=%{_sysconfdir} \
--target=%{_target_platform} \
--with-platform=%{platform} \
%{arch_specific} \
--program-transform-name=s,grub,%{name},
make %{?_smp_mflags}
if [ "%{platform}" = "ieee1275" ]; then
# So far neither OpenFirmware nor grub support CA chain, only certificate pinning
# Use project certificate always in the shipped informational file and
# for kernel verification
projectcert="%{_sourcedir}/_projectcert.crt"
openssl x509 -in "$projectcert" -outform DER -out grub.der
cat > %{platform}-config <<'EOF'
set root=memdisk
set prefix=($root)/
echo "earlycfg: root=$root prefix=$prefix"
EOF
cat > ./grub.cfg <<'EOF'
regexp --set 1:bdev --set 2:bpath '\((.*)\)(.*)' "$cmdpath"
regexp --set 1:bdev --set 2:bpart '(.*[^\])(,.*)' "$bdev"
echo "bdev=$bdev"
echo "bpart=$bpart"
echo "bpath=$bpath"
if [ -z "$ENV_FS_UUID" ]; then
echo "Reading vars from ($bdev)"
prep_load_env "($bdev)"
fi
echo "ENV_HINT=$ENV_HINT"
echo "ENV_GRUB_DIR=$ENV_GRUB_DIR"
echo "ENV_FS_UUID=$ENV_FS_UUID"
echo "ENV_CRYPTO_UUID=$ENV_CRYPTO_UUID"
if [ "$btrfs_relative_path" = xy ]; then
btrfs_relative_path=1
fi
if [ "$bdev" -a "$bpart" -a "$bpath" ]; then
set hints="--hint $bdev$bpart"
set cfg_dir="$bpath"
elif [ "$bdev" -a "$bpart" ]; then
set hints="--hint $bdev$bpart"
set cfg_dir="/boot/grub2 /grub2"
set btrfs_relative_path=1
elif [ "$bdev" ]; then
if [ "$ENV_HINT" ]; then
set hints="--hint $ENV_HINT"
else
set hints="--hint ${bdev},"
fi
if [ "$ENV_GRUB_DIR" ]; then
set cfg_dir="$ENV_GRUB_DIR"
else
set cfg_dir="/boot/grub2 /grub2"
set btrfs_relative_path=1
fi
else
set hints=""
set cfg_dir="/boot/grub2 /grub2"
set btrfs_relative_path=1
fi
set prefix=""
set root=""
set cfg="grub.cfg"
for uuid in $ENV_CRYPTO_UUID; do
cryptomount -u $uuid
done
if [ "$ENV_FS_UUID" ]; then
echo "searching for $ENV_FS_UUID with $hints"
if search --fs-uuid --set=root "$ENV_FS_UUID" $hints; then
echo "$ENV_FS_UUID is on $root"
fi
fi
for d in ${cfg_dir}; do
if [ -z "$root" ]; then
echo "searching for ${d}/${cfg}"
if search --file --set=root "${d}/${cfg}" $hints; then
echo "${d}/${cfg} is on $root"
prefix="($root)${d}"
fi
elif [ -f "${d}/${cfg}" ]; then
echo "${d}/${cfg} is on $root"
prefix="($root)${d}"
else
echo "${d}/${cfg} not found in $root"
fi
if [ "$prefix" -a x"$btrfs_relative_path" = x1 ]; then
btrfs_relative_path=0
if [ -f /@"${d}"/powerpc-ieee1275/command.lst ]; then
btrfs_relative_path=1
echo "mounting subvolume @${d}/powerpc-ieee1275 on ${d}/powerpc-ieee1275"
btrfs-mount-subvol ($root) "${d}"/powerpc-ieee1275 @"${d}"/powerpc-ieee1275
fi
btrfs_relative_path=1
break
fi
done
echo "prefix=$prefix root=$root"
if [ -n "$prefix" ]; then
source "${prefix}/${cfg}"
fi
EOF
%{__tar} cvf memdisk.tar ./grub.cfg
./grub-mkimage -O %{grubarch} -o grub.elf -d grub-core -x grub.der -m memdisk.tar \
-c %{platform}-config --appended-signature-size %brp_pesign_reservation ${GRUB_MODULES}
ls -l "grub.elf"
truncate -s -%brp_pesign_reservation "grub.elf"
fi
%endif
cd ..
%endif
%install
%ifarch %{ix86} x86_64
cd build-xen
%make_install
install -m 644 grub.xen %{buildroot}/%{_datadir}/%{name}/%{grubxenarch}/.
# provide compatibility sym-link for VM definitions pointing to old location
install -d %{buildroot}%{_libdir}/%{name}/%{grubxenarch}
ln -srf %{buildroot}%{_datadir}/%{name}/%{grubxenarch}/grub.xen %{buildroot}%{_libdir}/%{name}/%{grubxenarch}/grub.xen
cat <<-EoM >%{buildroot}%{_libdir}/%{name}/%{grubxenarch}/DEPRECATED
This directory and its contents was moved to %{_datadir}/%{name}/%{grubxenarch}.
Individual symbolic links are provided for a smooth transition.
Please update your VM definition files to use the new location!
EoM
cd ..
%endif
%ifarch %{efi}
cd build-efi
%make_install
install -m 644 grub.efi %{buildroot}/%{_datadir}/%{name}/%{grubefiarch}/.
%ifarch x86_64
ln -srf %{buildroot}/%{_datadir}/%{name}/%{grubefiarch}/grub.efi %{buildroot}/%{_datadir}/%{name}/%{grubefiarch}/grub-tpm.efi
%endif
# Create grub.efi link to system efi directory
# This is for tools like kiwi not fiddling with the path
%define sysefibasedir %{_datadir}/efi
%define sysefidir %{sysefibasedir}/%{_target_cpu}
install -d %{buildroot}/%{sysefidir}
ln -sr %{buildroot}/%{_datadir}/%{name}/%{grubefiarch}/grub.efi %{buildroot}%{sysefidir}/grub.efi
%if 0%{?suse_version} < 1600
%ifarch x86_64
# provide compatibility sym-link for previous shim-install and the like
install -d %{buildroot}/usr/lib64/efi
ln -srf %{buildroot}/%{_datadir}/%{name}/%{grubefiarch}/grub.efi %{buildroot}/usr/lib64/efi/grub.efi
cat <<-EoM >%{buildroot}/usr/lib64/efi/DEPRECATED
This directory and its contents was moved to %{_datadir}/efi/x86_64.
Individual symbolic links are provided for a smooth transition and
may vanish at any point in time. Please use the new location!
EoM
%endif
%endif
%ifarch x86_64 aarch64
export BRP_PESIGN_FILES="%{_datadir}/%{name}/%{grubefiarch}/grub.efi"
install -m 444 grub.der %{buildroot}/%{sysefidir}/
%endif
cd ..
%endif
%if ! 0%{?only_efi:1}
cd build
%make_install
if [ "%{platform}" = "ieee1275" ]; then
export BRP_PESIGN_FILES="%{_datadir}/%{name}/%{grubarch}/grub.elf"
export BRP_PESIGN_GRUB_RESERVATION=%brp_pesign_reservation
install -m 444 grub.der %{buildroot}%{_datadir}/%{name}/%{grubarch}/
install -m 644 grub.elf %{buildroot}%{_datadir}/%{name}/%{grubarch}/
fi
cd ..
%endif
if [ "%{platform}" = "emu" ]; then
# emu-lite is currently broken (and not needed), don't install!
rm -f %{buildroot}/%{_bindir}/%{name}-emu-lite
elif [ -d build-emu/grub-core ]; then
cd build-emu/grub-core
install -m 755 grub-emu %{buildroot}/%{_bindir}/%{name}-emu
if false; then
# this needs to go to '-emu'-package; until that is ready, don't install!
install -m 755 grub-emu-lite %{buildroot}/%{_bindir}/%{name}-emu-lite
else
rm -f %{buildroot}/%{_bindir}/%{name}-emu-lite
fi
install -m 644 grub-emu.1 %{buildroot}/%{_mandir}/man1/%{name}-emu.1
cd ../..
fi
# *.module files are installed with executable bits due to the way grub2 build
# system works. Clear executable bits to not confuse find-debuginfo.sh
find %{buildroot}/%{_datadir}/%{name} \
\( -name '*.module' -o -name '*.image' -o -name '*.exec' \) -print0 | \
xargs --no-run-if-empty -0 chmod a-x
# Script that makes part of grub.cfg persist across updates
install -m 755 %{SOURCE1} %{buildroot}/%{_sysconfdir}/grub.d/
# Script to generate memtest86+ menu entry
install -m 755 %{SOURCE7} %{buildroot}/%{_sysconfdir}/grub.d/
# Ghost config file
install -d %{buildroot}/boot/%{name}
touch %{buildroot}/boot/%{name}/grub.cfg
# Remove devel files
rm %{buildroot}/%{_datadir}/%{name}/*/*.h
%if 0%{?suse_version} >= 1140
rm %{buildroot}/%{_datadir}/%{name}/*.h
%endif
# Defaults
install -m 644 -D %{SOURCE2} %{buildroot}/%{_sysconfdir}/default/grub
install -m 755 -D %{SOURCE6} %{buildroot}/%{_sbindir}/grub2-once
install -m 755 -D %{SOURCE12} %{buildroot}/%{_libdir}/snapper/plugins/grub
install -m 755 -D %{SOURCE14} %{buildroot}/%{_sysconfdir}/grub.d/80_suse_btrfs_snapshot
%if 0%{?has_systemd:1}
install -m 644 -D %{SOURCE15} %{buildroot}/%{_unitdir}/grub2-once.service
install -m 755 -D %{SOURCE17} %{buildroot}/%{_libdir}/systemd/system-sleep/grub2.sleep
%endif
install -m 755 -D %{SOURCE18} %{buildroot}/%{_sbindir}/grub2-check-default
%ifarch %{ix86} x86_64
install -m 755 -D %{SOURCE19} %{buildroot}/%{_libexecdir}/grub2-instdev-fixup.pl
%endif
R="%{buildroot}"
%ifarch %{ix86} x86_64
%else
rm -f $R%{_sysconfdir}/grub.d/20_memtest86+
%endif
%ifarch ppc ppc64 ppc64le
rm -f $R%{_sysconfdir}/grub.d/95_textmode
%else
rm -f $R%{_sysconfdir}/grub.d/20_ppc_terminfo
%endif
%ifarch s390x
mv $R%{_sysconfdir}/{grub.d,default}/zipl2grub.conf.in
chmod 600 $R%{_sysconfdir}/default/zipl2grub.conf.in
%define dracutlibdir %{_prefix}/lib/dracut
%define dracutgrubmoddir %{dracutlibdir}/modules.d/99grub2
install -m 755 -d $R%{dracutgrubmoddir}
for f in module-setup.sh grub2.sh; do
mv $R%{_datadir}/%{name}/%{grubarch}/dracut-$f $R%{dracutgrubmoddir}/$f
done
mv $R%{_datadir}/%{name}/%{grubarch}/dracut-zipl-refresh \
$R%{_datadir}/%{name}/zipl-refresh
rm -f $R%{_sysconfdir}/grub.d/30_os-prober
perl -ni -e '
sub END() {
print "\n# on s390x always:\nGRUB_DISABLE_OS_PROBER=true\n";
}
if ( s{^#?(GRUB_TERMINAL)=(console|gfxterm)}{$1=console} ) {
$_ .= "GRUB_GFXPAYLOAD_LINUX=text\n";
}
if ( m{^# The resolution used on graphical} ||
m{^# # note that you can use only modes} ||
m{^# you can see them in real GRUB} ||
m{^#?GRUB_GFXMODE=} ) {
next;
}
s{openSUSE}{SUSE Linux Enterprise Server} if (m{^GRUB_DISTRIBUTOR});
print;
' %{buildroot}/%{_sysconfdir}/default/grub
%else
%endif
# bsc#1205554 move the zfs modules into extras packages
# EXTRA_PATTERN='pattern1|pattern2|pattern3|...'
EXTRA_PATTERN="zfs"
%ifarch %{ix86} x86_64
find %{buildroot}/%{_datadir}/%{name}/%{grubxenarch}/ -type f | sed 's,%{buildroot},,' > %{grubxenarch}-all.lst
grep -v -E ${EXTRA_PATTERN} %{grubxenarch}-all.lst > %{grubxenarch}.lst
grep -E ${EXTRA_PATTERN} %{grubxenarch}-all.lst > %{grubxenarch}-extras.lst
%endif
%ifarch %{efi}
find %{buildroot}/%{_datadir}/%{name}/%{grubefiarch}/ -name '*.mod' | sed 's,%{buildroot},,' > %{grubefiarch}-mod-all.lst
grep -v -E ${EXTRA_PATTERN} %{grubefiarch}-mod-all.lst > %{grubefiarch}-mod.lst
grep -E ${EXTRA_PATTERN} %{grubefiarch}-mod-all.lst > %{grubefiarch}-mod-extras.lst
%endif
find %{buildroot}/%{_datadir}/%{name}/%{grubarch}/ -name '*.mod' | sed 's,%{buildroot},,' > %{grubarch}-mod-all.lst
grep -v -E ${EXTRA_PATTERN} %{grubarch}-mod-all.lst > %{grubarch}-mod.lst
grep -E ${EXTRA_PATTERN} %{grubarch}-mod-all.lst > %{grubarch}-mod-extras.lst
%find_lang %{name}
%fdupes %buildroot%{_bindir}
%fdupes %buildroot%{_libdir}
%fdupes %buildroot%{_datadir}
%pre
%service_add_pre grub2-once.service
%post
%service_add_post grub2-once.service
%if ! 0%{?only_efi:1}
%post %{grubarch}
%if 0%{?update_bootloader_check_type_reinit_post:1}
%update_bootloader_check_type_reinit_post grub2
%else
# To check by current loader settings
if [ -f %{_sysconfdir}/sysconfig/bootloader ]; then
. %{_sysconfdir}/sysconfig/bootloader
fi
# If the grub is the current loader, we'll handle the grub2 testing entry
if [ "x${LOADER_TYPE}" = "xgrub" ]; then
exec >/dev/null 2>&1
# check if entry for grub2's core.img exists in the config
# if yes, we will correct obsoleted path and update grub2 stuff and config to make it work
# if no, do nothing
if [ -f /boot/grub/menu.lst ]; then
# If grub config contains obsolete core.img path, remove and use the new one
if /usr/bin/grep -l "^\s*kernel\s*.*/boot/%{name}/core.img" /boot/grub/menu.lst; then
/sbin/update-bootloader --remove --image /boot/%{name}/core.img || true
/sbin/update-bootloader --add --image /boot/%{name}/i386-pc/core.img --name "GNU GRUB 2" || true
fi
# Install grub2 stuff and config to make the grub2 testing entry to work with updated version
if /usr/bin/grep -l "^\s*kernel\s*.*/boot/%{name}/i386-pc/core.img" /boot/grub/menu.lst; then
# Determine the partition with /boot
BOOT_PARTITION=$(df -h /boot | sed -n '2s/[[:blank:]].*//p')
# Generate core.img, but don't let it be installed in boot sector
%{name}-install --no-bootsector $BOOT_PARTITION || true
# Create a working grub2 config, otherwise that entry is un-bootable
/usr/sbin/grub2-mkconfig -o /boot/%{name}/grub.cfg
fi
fi
elif [ "x${LOADER_TYPE}" = "xgrub2" ]; then
# It's enought to call update-bootloader to install grub2 and update it's config
# Use new --reinit, if not available use --refresh
# --reinit: install and update bootloader config
# --refresh: update bootloader config
/sbin/update-bootloader --reinit 2>&1 | grep -q 'Unknown option: reinit' &&
/sbin/update-bootloader --refresh || true
fi
%endif
%posttrans %{grubarch}
%{?update_bootloader_posttrans}
%endif
%ifarch %{efi}
%post %{grubefiarch}
%if 0%{?fde_tpm_update_post:1}
%fde_tpm_update_post grub2-efi
%endif
%if 0%{?update_bootloader_check_type_reinit_post:1}
%update_bootloader_check_type_reinit_post grub2-efi
%else
# To check by current loader settings
if [ -f %{_sysconfdir}/sysconfig/bootloader ]; then
. %{_sysconfdir}/sysconfig/bootloader
fi
if [ "x${LOADER_TYPE}" = "xgrub2-efi" ]; then
if [ -d /boot/%{name}-efi ]; then
# Migrate settings to standard prefix /boot/grub2
for i in custom.cfg grubenv; do
[ -f /boot/%{name}-efi/$i ] && cp -a /boot/%{name}-efi/$i /boot/%{name} || :
done
fi
# It's enough to call update-bootloader to install grub2 and update it's config
# Use new --reinit, if not available use --refresh
# --reinit: install and update bootloader config
# --refresh: update bootloader config
/sbin/update-bootloader --reinit 2>&1 | grep -q 'Unknown option: reinit' &&
/sbin/update-bootloader --refresh || true
fi
if [ -d /boot/%{name}-efi ]; then
mv /boot/%{name}-efi /boot/%{name}-efi.rpmsave
fi
exit 0
%endif
%posttrans %{grubefiarch}
%{?update_bootloader_posttrans}
%{?fde_tpm_update_posttrans}
%endif
%preun
%service_del_preun grub2-once.service
# We did not add core.img to grub1 menu.lst in new update-bootloader macro as what
# the old %%post ever did, then the %%preun counterpart which removed the added core.img
# entry from old %%post can be skipped entirely if having new macro in use.
%if ! 0%{?update_bootloader_posttrans:1}%{?only_efi:1}
if [ $1 = 0 ]; then
# To check by current loader settings
if [ -f %{_sysconfdir}/sysconfig/bootloader ]; then
. %{_sysconfdir}/sysconfig/bootloader
fi
if [ "x${LOADER_TYPE}" = "xgrub" ]; then
exec >/dev/null 2>&1
if [ -f /boot/grub/menu.lst ]; then
# Remove grub2 testing entry in menu.lst if has any
for i in /boot/%{name}/core.img /boot/%{name}/i386-pc/core.img; do
if /usr/bin/grep -l "^\s*kernel\s*.*$i" /boot/grub/menu.lst; then
/sbin/update-bootloader --remove --image "$i" || true
fi
done
fi
# Cleanup config, to not confuse some tools determining bootloader in use
rm -f /boot/%{name}/grub.cfg
# Cleanup installed files
# Unless grub2 provides grub2-uninstall, we don't remove any file because
# we have no idea what's been installed. (And a blind remove is dangerous
# to remove user's or other package's file accidently ..)
fi
fi
%endif
%postun
%service_del_postun grub2-once.service
%files -f %{name}.lang
%defattr(-,root,root,-)
%if 0%{?suse_version} < 1500
%doc COPYING
%else
%license COPYING
%endif
%doc AUTHORS
%doc NEWS README
%doc THANKS TODO ChangeLog
%doc docs/autoiso.cfg docs/osdetect.cfg
%ifarch s390x
%doc README.ibm3215
%endif
%dir /boot/%{name}
%ghost %attr(600, root, root) /boot/%{name}/grub.cfg
%{_datadir}/bash-completion/completions/grub
%config(noreplace) %{_sysconfdir}/default/grub
%dir %{_sysconfdir}/grub.d
%{_sysconfdir}/grub.d/README
%config(noreplace) %{_sysconfdir}/grub.d/00_header
%config(noreplace) %{_sysconfdir}/grub.d/05_crypttab
%config(noreplace) %{_sysconfdir}/grub.d/10_linux
%config(noreplace) %{_sysconfdir}/grub.d/20_linux_xen
%config(noreplace) %{_sysconfdir}/grub.d/25_bli
%config(noreplace) %{_sysconfdir}/grub.d/30_uefi-firmware
%config(noreplace) %{_sysconfdir}/grub.d/40_custom
%config(noreplace) %{_sysconfdir}/grub.d/41_custom
%config(noreplace) %{_sysconfdir}/grub.d/90_persistent
%ifnarch ppc ppc64 ppc64le
%config(noreplace) %{_sysconfdir}/grub.d/95_textmode
%endif
%ifarch %{ix86} x86_64
%config(noreplace) %{_sysconfdir}/grub.d/20_memtest86+
%endif
%ifarch ppc ppc64 ppc64le
%config(noreplace) %{_sysconfdir}/grub.d/20_ppc_terminfo
%endif
%ifarch s390x
%config(noreplace) %{_sysconfdir}/default/zipl2grub.conf.in
%{dracutlibdir}
%{_sbindir}/%{name}-zipl-setup
%{_datadir}/%{name}/zipl-refresh
%endif
%{_sbindir}/%{name}-install
%{_sbindir}/%{name}-mkconfig
%{_sbindir}/%{name}-once
%{_sbindir}/%{name}-probe
%{_sbindir}/%{name}-reboot
%{_sbindir}/%{name}-set-default
%{_sbindir}/%{name}-check-default
%{_bindir}/%{name}-editenv
%{_bindir}/%{name}-file
%{_bindir}/%{name}-fstest
%{_bindir}/%{name}-kbdcomp
%{_bindir}/%{name}-menulst2cfg
%{_bindir}/%{name}-mkfont
%{_bindir}/%{name}-mkimage
%{_bindir}/%{name}-mklayout
%{_bindir}/%{name}-mknetdir
%{_bindir}/%{name}-mkpasswd-pbkdf2
%{_bindir}/%{name}-mkrelpath
%{_bindir}/%{name}-mkrescue
%{_bindir}/%{name}-mkstandalone
%{_bindir}/%{name}-render-label
%{_bindir}/%{name}-script-check
%{_bindir}/%{name}-syslinux2cfg
%ifarch %{efi}
%{_bindir}/%{name}-protect
%endif
%if 0%{?has_systemd:1}
%{_unitdir}/grub2-once.service
%endif
%dir %{_datadir}/%{name}
%dir %{_datadir}/%{name}/themes
%if 0%{?suse_version} >= 1140
%{_datadir}/%{name}/*.pf2
%endif
%{_datadir}/%{name}/grub-mkconfig_lib
%{_infodir}/grub-dev.info*
%{_infodir}/%{name}.info*
%{_mandir}/man1/%{name}-editenv.1.*
%{_mandir}/man1/%{name}-file.1.*
%{_mandir}/man1/%{name}-fstest.1.*
%{_mandir}/man1/%{name}-kbdcomp.1.*
%{_mandir}/man1/%{name}-menulst2cfg.1.*
%{_mandir}/man1/%{name}-mkfont.1.*
%{_mandir}/man1/%{name}-mkimage.1.*
%{_mandir}/man1/%{name}-mklayout.1.*
%{_mandir}/man1/%{name}-mknetdir.1.*
%{_mandir}/man1/%{name}-mkpasswd-pbkdf2.1.*
%{_mandir}/man1/%{name}-mkrelpath.1.*
%{_mandir}/man1/%{name}-mkrescue.1.*
%{_mandir}/man1/%{name}-mkstandalone.1.*
%{_mandir}/man1/%{name}-render-label.1.*
%{_mandir}/man1/%{name}-script-check.1.*
%{_mandir}/man1/%{name}-syslinux2cfg.1.*
%{_mandir}/man8/%{name}-install.8.*
%{_mandir}/man8/%{name}-mkconfig.8.*
%{_mandir}/man8/%{name}-probe.8.*
%{_mandir}/man8/%{name}-reboot.8.*
%{_mandir}/man8/%{name}-set-default.8.*
%if %{emu}
%{_bindir}/%{name}-emu
%{_mandir}/man1/%{name}-emu.1.*
%endif
%ifnarch s390x
%config(noreplace) %{_sysconfdir}/grub.d/30_os-prober
%{_bindir}/%{name}-glue-efi
%{_bindir}/%{name}-mount
%{_sbindir}/%{name}-bios-setup
%{_sbindir}/%{name}-macbless
%{_sbindir}/%{name}-ofpathname
%{_sbindir}/%{name}-sparc64-setup
%{_mandir}/man1/%{name}-glue-efi.1.*
%{_mandir}/man1/%{name}-mount.1.*
%{_mandir}/man8/%{name}-bios-setup.8.*
%{_mandir}/man8/%{name}-macbless.8.*
%{_mandir}/man8/%{name}-ofpathname.8.*
%{_mandir}/man8/%{name}-sparc64-setup.8.*
%endif
%files branding-upstream
%defattr(-,root,root,-)
%{_datadir}/%{name}/themes/starfield
%if ! 0%{?only_efi:1}
%files %{grubarch} -f %{grubarch}-mod.lst
%defattr(-,root,root,-)
%dir %{_datadir}/%{name}/%{grubarch}
%ifarch ppc ppc64 ppc64le
# This is intentionally "grub.chrp" and not "%%{name}.chrp"
%{_datadir}/%{name}/%{grubarch}/grub.chrp
%{_datadir}/%{name}/%{grubarch}/grub.elf
%{_datadir}/%{name}/%{grubarch}/grub.der
%{_datadir}/%{name}/%{grubarch}/bootinfo.txt
%endif
%ifnarch ppc ppc64 ppc64le s390x %{arm}
%{_datadir}/%{name}/%{grubarch}/*.image
%endif
%{_datadir}/%{name}/%{grubarch}/*.img
%{_datadir}/%{name}/%{grubarch}/*.lst
%ifarch x86_64
%{_datadir}/%{name}/%{grubarch}/efiemu*.o
%endif
%{_datadir}/%{name}/%{grubarch}/kernel.exec
%{_datadir}/%{name}/%{grubarch}/modinfo.sh
%ifarch %{ix86} x86_64
%{_libexecdir}/%{name}-instdev-fixup.pl
%endif
%files %{grubarch}-extras -f %{grubarch}-mod-extras.lst
%defattr(-,root,root,-)
%dir %{_datadir}/%{name}/%{grubarch}
%files %{grubarch}-debug
%defattr(-,root,root,-)
%{_datadir}/%{name}/%{grubarch}/gdb_grub
%{_datadir}/%{name}/%{grubarch}/gdb_helper.py
%{_datadir}/%{name}/%{grubarch}/*.module
%endif
%ifarch %{efi}
%files %{grubefiarch} -f %{grubefiarch}-mod.lst
%defattr(-,root,root,-)
%dir %{_datadir}/%{name}/%{grubefiarch}
%{_datadir}/%{name}/%{grubefiarch}/grub.efi
%ifarch x86_64
%{_datadir}/%{name}/%{grubefiarch}/grub-tpm.efi
%endif
%{_datadir}/%{name}/%{grubefiarch}/*.img
%{_datadir}/%{name}/%{grubefiarch}/*.lst
%{_datadir}/%{name}/%{grubefiarch}/kernel.exec
%{_datadir}/%{name}/%{grubefiarch}/modinfo.sh
%dir %{sysefibasedir}
%dir %{sysefidir}
%{sysefidir}/grub.efi
%if 0%{?suse_version} < 1600
%ifarch x86_64
# provide compatibility sym-link for previous shim-install and kiwi
%dir /usr/lib64/efi
/usr/lib64/efi/DEPRECATED
/usr/lib64/efi/grub.efi
%endif
%endif
%ifarch x86_64 aarch64
%{sysefidir}/grub.der
%endif
%files %{grubefiarch}-extras -f %{grubefiarch}-mod-extras.lst
%defattr(-,root,root,-)
%dir %{_datadir}/%{name}/%{grubefiarch}
%files %{grubefiarch}-debug
%defattr(-,root,root,-)
%{_datadir}/%{name}/%{grubefiarch}/gdb_grub
%{_datadir}/%{name}/%{grubefiarch}/gdb_helper.py
%{_datadir}/%{name}/%{grubefiarch}/*.module
%endif
%files snapper-plugin
%defattr(-,root,root,-)
%dir %{_libdir}/snapper
%dir %{_libdir}/snapper/plugins
%config(noreplace) %{_sysconfdir}/grub.d/80_suse_btrfs_snapshot
%{_libdir}/snapper/plugins/grub
%ifarch %{ix86} x86_64
%files %{grubxenarch} -f %{grubxenarch}.lst
%defattr(-,root,root,-)
%dir %{_datadir}/%{name}/%{grubxenarch}
# provide compatibility sym-link for VM definitions pointing to old location
%dir %{_libdir}/%{name}
%{_libdir}/%{name}/%{grubxenarch}
%files %{grubxenarch}-extras -f %{grubxenarch}-extras.lst
%defattr(-,root,root,-)
%dir %{_datadir}/%{name}/%{grubxenarch}
%endif
%if 0%{?has_systemd:1}
%files systemd-sleep-plugin
%defattr(-,root,root,-)
%dir %{_libdir}/systemd/system-sleep
%{_libdir}/systemd/system-sleep/grub2.sleep
%endif
%changelog