diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0255ecf45..64d69a0de 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,17 +1,17 @@ -name: Test build and package QubesOS RPMs +name: QubesOS RPMs on: push: branches: - 'intel-txt-aem*' + - 'xen-uefi' tags: - '*' jobs: qubes-dom0-package: - uses: TrenchBoot/.github/.github/workflows/qubes-dom0-package.yml@master + uses: TrenchBoot/.github/.github/workflows/qubes-dom0-packagev2.yml@very-stable with: - base-commit: '594fe4760a33158e7cd500825ee26a0c9aef5f6b' - patch-start: 1120 qubes-component: 'grub2' - spec-pattern: '/^Patch1119:/' + qubes-pkg-src-dir: '.' + qubes-pkg-version: '2.13' diff --git a/.gitignore b/.gitignore index 2105d87c8..0c7d7d404 100644 --- a/.gitignore +++ b/.gitignore @@ -32,7 +32,6 @@ Makefile Makefile.in ascii.bitmaps genkernsyms.sh -gensymlist.sh grub-bin2h grub-emu grub-emu-lite @@ -101,7 +100,6 @@ widthspec.bin /docs/*.info-[0-9]* /docs/stamp-1 /docs/stamp-vti -/docs/version-dev.texi /docs/version.texi /ehci_test /erofs_test diff --git a/0010-re-write-.gitignore.patch b/0010-re-write-.gitignore.patch new file mode 100644 index 000000000..74cb0dae9 --- /dev/null +++ b/0010-re-write-.gitignore.patch @@ -0,0 +1,248 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 8 Jul 2019 12:55:29 +0200 +Subject: [PATCH] re-write .gitignore + +--- + .gitignore | 152 ++++++++++++++++++++++++++++++++++++++ + docs/.gitignore | 5 ++ + grub-core/.gitignore | 16 ++++ + grub-core/lib/.gitignore | 1 + + include/grub/gcrypt/.gitignore | 2 + + po/.gitignore | 5 ++ + util/bash-completion.d/.gitignore | 2 + + 7 files changed, 183 insertions(+) + create mode 100644 docs/.gitignore + create mode 100644 grub-core/.gitignore + create mode 100644 grub-core/lib/.gitignore + create mode 100644 include/grub/gcrypt/.gitignore + create mode 100644 po/.gitignore + create mode 100644 util/bash-completion.d/.gitignore + +diff --git a/.gitignore b/.gitignore +index f6a1bd05175..594d0134d33 100644 +--- a/.gitignore ++++ b/.gitignore +@@ -275,3 +275,155 @@ widthspec.bin + /xfs_test + /xzcompress_test + /zfs_test ++======= ++# things ./autogen.sh will create ++/Makefile.utilgcry.def ++/ABOUT-NLS ++/aclocal.m4 ++/autom4te.cache ++/build-aux ++/configure ++/gnulib ++/grub-core/lib/gnulib/ ++/Makefile ++ ++# things very common editors create that we never want ++*~ ++.*.sw? ++*.patch ++ ++# stuff you're likely to make while building test trees ++grub.cfg ++/build*/ ++ ++# built objects across the whole tree ++Makefile.in ++*.a ++*.am ++*.efi ++*.exec ++*.image ++*.img ++*.info ++*.lst ++*.marker ++/m4 ++*.mod ++*.module ++*.o ++*.pf2 ++*.yy.[ch] ++.deps/ ++.deps-core/ ++.deps-util/ ++.dirstamp ++ ++# next are things you get if you do ./configure in the topdir (for e.g. ++# "make dist" invocation. ++/config-util.h ++/config.h ++/include/grub/cpu ++/include/grub/machine ++/INSTALL ++/INSTALL.grub ++/po/Makefile.in.in ++/po/Makevars ++/po/Makevars.template ++/po/POTFILES ++/po/Rules-quot ++/stamp-h ++/stamp-h1 ++bootstrap.log ++config.log ++config.status ++ ++# stuff "make dist" creates ++ChangeLog ++grub-*.tar ++grub-*.tar.* ++ ++# stuff "make" creates ++/[[:digit:]][[:digit:]]_?* ++/ascii.h ++/build-grub-gen-asciih ++/build-grub-gen-widthspec ++/build-grub-mkfont ++/config-util.h.in ++/garbage-gen ++/grub*-bios-setup ++/grub*-bios-setup.8 ++/grub*-editenv ++/grub*-editenv.1 ++/grub*-file ++/grub*-file.1 ++/grub*-fs-tester ++/grub*-fstest ++/grub*-fstest.1 ++/grub*-get-kernel-settings ++/grub*-get-kernel-settings.3 ++/grub*-glue-efi ++/grub*-glue-efi.1 ++/grub*-install ++/grub*-install.8 ++/grub*-kbdcomp ++/grub*-kbdcomp.1 ++/grub*-macbless ++/grub*-macbless.8 ++/grub*-menulst2cfg ++/grub*-menulst2cfg.1 ++/grub*-mount ++/grub*-mount.1 ++/grub*-mkconfig ++/grub*-mkconfig.8 ++/grub*-mkconfig_lib ++/grub*-mkfont ++/grub*-mkfont.1 ++/grub*-mkimage ++/grub*-mkimage.1 ++/grub*-mklayout ++/grub*-mklayout.1 ++/grub*-mknetdir ++/grub*-mknetdir.1 ++/grub*-mkpasswd-pbkdf2 ++/grub*-mkpasswd-pbkdf2.1 ++/grub*-mkrelpath ++/grub*-mkrelpath.1 ++/grub*-mkrescue ++/grub*-mkrescue.1 ++/grub*-mkstandalone ++/grub*-mkstandalone.1 ++/grub*-ofpathname ++/grub*-ofpathname.8 ++/grub*-probe ++/grub*-probe.8 ++/grub*-reboot ++/grub*-reboot.8 ++/grub*-render-label ++/grub*-render-label.1 ++/grub*-rpm-sort ++/grub*-rpm-sort.8 ++/grub*-script-check ++/grub*-script-check.1 ++/grub*-set-bootflag ++/grub*-set-bootflag.1 ++/grub*-set-default ++/grub*-set-default.8 ++/grub*-set-password ++/grub*-set-password.8 ++/grub*-shell ++/grub*-shell-tester ++/grub*-sparc64-setup ++/grub*-sparc64-setup.8 ++/grub*-syslinux2cfg ++/grub*-syslinux2cfg.1 ++/grub*-switch-to-blscfg ++/grub*-switch-to-blscfg.8 ++/grub_fstest.pp ++/grub_fstest_init.c ++/grub_fstest_init.lst ++/grub_script.tab.[ch] ++/libgrub.pp ++/libgrub_a_init.c ++/libgrub_a_init.lst ++/stamp-h.in ++/widthspec.h +diff --git a/docs/.gitignore b/docs/.gitignore +new file mode 100644 +index 00000000000..e1d849ef95b +--- /dev/null ++++ b/docs/.gitignore +@@ -0,0 +1,5 @@ ++/*.in ++/Makefile ++/stamp-1 ++/stamp-vti ++/version*.texi +diff --git a/grub-core/.gitignore b/grub-core/.gitignore +new file mode 100644 +index 00000000000..2acce281159 +--- /dev/null ++++ b/grub-core/.gitignore +@@ -0,0 +1,16 @@ ++/*.lst ++/Makefile ++/Makefile.gcry.def ++/unidata.c ++/build-grub-module-verifier ++/gdb_grub ++/genmod.sh ++/gensyminfo.sh ++/gentrigtables ++/gmodule.pl ++/grub_script.tab.[ch] ++/modinfo.sh ++/rs_decoder.h ++/symlist.c ++/symlist.h ++/trigtables.c +diff --git a/grub-core/lib/.gitignore b/grub-core/lib/.gitignore +new file mode 100644 +index 00000000000..68154591404 +--- /dev/null ++++ b/grub-core/lib/.gitignore +@@ -0,0 +1 @@ ++/libgcrypt-grub/ +diff --git a/include/grub/gcrypt/.gitignore b/include/grub/gcrypt/.gitignore +new file mode 100644 +index 00000000000..8fbf5646246 +--- /dev/null ++++ b/include/grub/gcrypt/.gitignore +@@ -0,0 +1,2 @@ ++g10lib.h ++gcrypt.h +diff --git a/po/.gitignore b/po/.gitignore +new file mode 100644 +index 00000000000..f507e7741e3 +--- /dev/null ++++ b/po/.gitignore +@@ -0,0 +1,5 @@ ++/Makefile ++/POTFILES*.in ++/grub.pot ++/remove-potcdate.sed ++/stamp-po +diff --git a/util/bash-completion.d/.gitignore b/util/bash-completion.d/.gitignore +new file mode 100644 +index 00000000000..6813a527ad3 +--- /dev/null ++++ b/util/bash-completion.d/.gitignore +@@ -0,0 +1,2 @@ ++Makefile ++grub diff --git a/20-grub.install b/20-grub.install new file mode 100755 index 000000000..f2de7760c --- /dev/null +++ b/20-grub.install @@ -0,0 +1,167 @@ +#!/bin/bash + +if ! [[ $KERNEL_INSTALL_MACHINE_ID ]]; then + exit 0 +fi + +[[ -f /etc/default/grub ]] && . /etc/default/grub +[[ -f /etc/os-release ]] && . /etc/os-release + +COMMAND="$1" +KERNEL_VERSION="$2" +BOOT_DIR_ABS="$3" +KERNEL_IMAGE="$4" + +KERNEL_DIR="${KERNEL_IMAGE%/*}" + +MACHINE_ID=$KERNEL_INSTALL_MACHINE_ID + +# If ${BOOT_DIR_ABS} exists, some other boot loader is active. +[[ -d "${BOOT_DIR_ABS}" ]] && exit 0 + +BLS_DIR="/boot/loader/entries" + +mkbls() { + local kernelver=$1 && shift + local datetime=$1 && shift + + local debugname="" + local debugid="" + local flavor="" + + if [[ "$kernelver" == *\+* ]] ; then + local flavor=-"${kernelver##*+}" + if [[ "${flavor}" == "-debug" ]]; then + local debugname=" with debugging" + local debugid="-debug" + fi + fi + + cat </dev/null && \ + restorecon -R "/boot/${i##*/}-${KERNEL_VERSION}" + done + # hmac is .vmlinuz-.hmac so needs a special treatment + i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac" + if [[ -e "$i" ]]; then + rm -f "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac" + cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac" + command -v restorecon &>/dev/null && \ + restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac" + fi + fi + + if [[ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ]] || [[ ! -f /sbin/new-kernel-pkg ]]; then + eval "$(grub2-get-kernel-settings)" || true + [[ -d "$BLS_DIR" ]] || mkdir -m 0700 -p "$BLS_DIR" + BLS_ID="${MACHINE_ID}-${KERNEL_VERSION}" + BLS_TARGET="${BLS_DIR}/${BLS_ID}.conf" + if [[ -f "${KERNEL_DIR}/bls.conf" ]]; then + cp -aT "${KERNEL_DIR}/bls.conf" "${BLS_TARGET}" || exit $? + else + mkbls "${KERNEL_VERSION}" \ + "$(date -u +%Y%m%d%H%M%S -d "$(stat -c '%y' "${KERNEL_DIR}")")" \ + >"${BLS_TARGET}" + fi + + LINUX="$(grep '^linux[ \t]' "${BLS_TARGET}" | sed -e 's,^linux[ \t]*,,')" + INITRD="$(grep '^initrd[ \t]' "${BLS_TARGET}" | sed -e 's,^initrd[ \t]*,,')" + LINUX_RELPATH="$(grub2-mkrelpath /boot${LINUX})" + BOOTPREFIX="$(dirname ${LINUX_RELPATH})" + ROOTPREFIX="$(dirname "/boot${LINUX}")" + + if [[ $LINUX != $LINUX_RELPATH ]]; then + sed -i -e "s,^linux.*,linux ${BOOTPREFIX}${LINUX},g" "${BLS_TARGET}" + sed -i -e "s,^initrd.*,initrd ${BOOTPREFIX}${INITRD},g" "${BLS_TARGET}" + fi + + if [[ "$KERNEL_VERSION" == *\+* ]] && [ "x$GRUB_DEFAULT_TO_DEBUG" != "xtrue" ]; then + GRUB_UPDATE_DEFAULT_KERNEL=false + fi + + if [ "x$GRUB_UPDATE_DEFAULT_KERNEL" = "xtrue" ]; then + NEWDEFAULT="${BLS_ID}" + fi + + if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then + ARCH="$(uname -m)" + BLS_DEBUG_ID="$(echo ${BLS_ID} | sed -e "s/${KERNEL_VERSION}/${KERNEL_VERSION}~debug/")" + BLS_DEBUG="$(echo ${BLS_TARGET} | sed -e "s/${KERNEL_VERSION}/${KERNEL_VERSION}~debug/")" + cp -aT "${BLS_TARGET}" "${BLS_DEBUG}" + TITLE="$(grep '^title[ \t]' "${BLS_DEBUG}" | sed -e 's/^title[ \t]*//')" + sed -i -e "s/^title.*/title ${TITLE}${GRUB_LINUX_DEBUG_TITLE_POSTFIX}/" "${BLS_DEBUG}" + sed -i -e "s/^id.*/id ${BLS_DEBUG_ID}/" "${BLS_DEBUG}" + sed -i -e "s/^options.*/options \$kernelopts ${GRUB_CMDLINE_LINUX_DEBUG}/" "${BLS_DEBUG}" + if [ -n "$NEWDEFAULT" -a "x$GRUB_DEFAULT_TO_DEBUG" = "xtrue" ]; then + NEWDEFAULT="${BLS_DEBUG_ID}" + fi + fi + if [ -n "$NEWDEFAULT" ]; then + grub2-editenv - set "saved_entry=${NEWDEFAULT}" + fi + + # this probably isn't the best place to do this, but it will do for now. + if [ -e "${ROOTPREFIX}${INITRD}" -a -e "${ROOTPREFIX}${LINUX}" -a \ + "${ROOTPREFIX}${INITRD}" -ot "${ROOTPREFIX}${LINUX}" -a \ + -x /usr/lib/kernel/install.d/50-dracut.install ]; then + rm -f "${ROOTPREFIX}${INITRD}" + fi + exit 0 + fi + + /sbin/new-kernel-pkg --package "kernel${flavor}" --install "$KERNEL_VERSION" || exit $? + /sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$KERNEL_VERSION" || exit $? + /sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$KERNEL_VERSION" || exit $? + # If grubby is used there's no need to run other installation plugins + exit 77 + ;; + remove) + + if [[ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ]] || [[ ! -f /sbin/new-kernel-pkg ]]; then + ARCH="$(uname -m)" + BLS_TARGET="${BLS_DIR}/${MACHINE_ID}-${KERNEL_VERSION}.conf" + BLS_DEBUG="$(echo ${BLS_TARGET} | sed -e "s/${KERNEL_VERSION}/${KERNEL_VERSION}~debug/")" + rm -f "${BLS_TARGET}" "${BLS_DEBUG}" + + for i in vmlinuz System.map config zImage.stub dtb; do + rm -rf "/boot/${i}-${KERNEL_VERSION}" + done + # hmac is .vmlinuz-.hmac so needs a special treatment + rm -f "/boot/.vmlinuz-${KERNEL_VERSION}.hmac" + + exit 0 + fi + + /sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$KERNEL_VERSION" || exit $? + # If grubby is used there's no need to run other installation plugins + exit 77 + ;; + *) + ;; +esac diff --git a/99-grub-mkconfig.install b/99-grub-mkconfig.install new file mode 100755 index 000000000..e37089936 --- /dev/null +++ b/99-grub-mkconfig.install @@ -0,0 +1,24 @@ +#!/bin/bash + +if ! [[ $KERNEL_INSTALL_MACHINE_ID ]]; then + exit 0 +fi + +ARCH=$(uname -m) + +# Is only needed for ppc64* since we can't assume a BLS capable bootloader there +if [[ $ARCH != "ppc64" && $ARCH != "ppc64le" ]]; then + exit 0 +fi + +[[ -f /etc/default/grub ]] && . /etc/default/grub + +COMMAND="$1" + +case "$COMMAND" in + add|remove) + grub2-mkconfig --no-grubenv-update -o /boot/grub2/grub.cfg >& /dev/null + ;; + *) + ;; +esac diff --git a/gitignore b/gitignore new file mode 100644 index 000000000..5de5f5f30 --- /dev/null +++ b/gitignore @@ -0,0 +1,275 @@ +# +# Ignore patterns in this directory and all subdirectories. +# +*.1 +*.8 +*.a +*.exec +*.exec.exe +*.image +*.image.exe +*.img +*.log +*.lst +*.marker +*.mod +*.o +*.pf2 +*.pp +*.trs +*~ +.deps-core/ +.deps-util/ +.deps/ +.dirstamp +DISTLIST +GPATH +GRTAGS +GSYMS +GTAGS +Makefile +Makefile.in +ascii.bitmaps +genkernsyms.sh +grub-bin2h +grub-emu +grub-emu-lite +grub-emu-lite.exe +grub-emu.exe +grub-macho2img +grub_emu_init.c +grub_emu_init.h +grub_probe_init.c +grub_probe_init.h +grub_script.tab.c +grub_script.tab.h +grub_script.yy.c +grub_script.yy.h +grub_script_check_init.c +grub_script_check_init.h +grub_setup_init.c +grub_setup_init.h +mdate-sh +mod-*.c +update-grub_lib +widthspec.bin + +# +# Ignore patterns relative to this .gitignore file's directory. +# +/00_header +/10_* +/20_linux_xen +/30_os-prober +/30_uefi-firmware +/40_custom +/41_custom +/ABOUT-NLS +/ChangeLog +/INSTALL.grub +/Makefile.util.am +/Makefile.utilgcry.def +/aclocal.m4 +/ahci_test +/ascii.h +/autom4te.cache/ +/btrfs_test +/build-aux/ +/build-grub-gen-asciih +/build-grub-gen-widthspec +/build-grub-mkfont +/cdboot_test +/cmp_test +/compile +/config-util.h +/config-util.h.in +/config.cache +/config.guess +/config.h +/config.log +/config.status +/config.sub +/configure +/contrib +/core_compress_test +/cpio_test +/date_test +/depcomp +/docs/*.info +/docs/*.info-[0-9]* +/docs/stamp-1 +/docs/stamp-vti +/docs/version.texi +/ehci_test +/example_grub_script_test +/example_scripted_test +/example_unit_test +/exfat_test +/ext234_test +/f2fs_test +/fat_test +/fddboot_test +/file_filter_test +/garbage-gen +/garbage-gen.exe +/gettext_strings_test +/gnulib/ +/grub-2.[0-9]*/ +/grub-2.[0-9]*.tar.gz +/grub-bios-setup +/grub-bios-setup.exe +/grub-core/*.module +/grub-core/*.module.exe +/grub-core/*.pp +/grub-core/Makefile.core.am +/grub-core/Makefile.gcry.def +/grub-core/bootinfo.txt +/grub-core/build-grub-module-verifier +/grub-core/build-grub-pe2elf.exe +/grub-core/contrib +/grub-core/gdb_grub +/grub-core/genmod.sh +/grub-core/gensyminfo.sh +/grub-core/gentrigtables +/grub-core/gentrigtables.exe +/grub-core/gmodule.pl +/grub-core/grub.chrp +/grub-core/kernel.img.bin +/grub-core/lib/gnulib +/grub-core/lib/libgcrypt-grub +/grub-core/modinfo.sh +/grub-core/rs_decoder.h +/grub-core/symlist.c +/grub-core/symlist.h +/grub-core/trigtables.c +/grub-core/unidata.c +/grub-editenv +/grub-editenv.exe +/grub-file +/grub-file.exe +/grub-fs-tester +/grub-fstest +/grub-fstest.exe +/grub-glue-efi +/grub-glue-efi.exe +/grub-install +/grub-install.exe +/grub-kbdcomp +/grub-macbless +/grub-macbless.exe +/grub-menulst2cfg +/grub-menulst2cfg.exe +/grub-mk* +/grub-mount +/grub-ofpathname +/grub-ofpathname.exe +/grub-probe +/grub-probe.exe +/grub-reboot +/grub-render-label +/grub-render-label.exe +/grub-script-check +/grub-script-check.exe +/grub-set-default +/grub-shell +/grub-shell-tester +/grub-sparc64-setup +/grub-sparc64-setup.exe +/grub-syslinux2cfg +/grub-syslinux2cfg.exe +/grub_cmd_date +/grub_cmd_echo +/grub_cmd_regexp +/grub_cmd_set_date +/grub_cmd_sleep +/grub_cmd_test +/grub_cmd_tr +/grub_fstest_init.c +/grub_fstest_init.h +/grub_func_test +/grub_script_blanklines +/grub_script_blockarg +/grub_script_break +/grub_script_comments +/grub_script_continue +/grub_script_dollar +/grub_script_echo1 +/grub_script_echo_keywords +/grub_script_escape_comma +/grub_script_eval +/grub_script_expansion +/grub_script_final_semicolon +/grub_script_for1 +/grub_script_functions +/grub_script_gettext +/grub_script_if +/grub_script_leading_whitespace +/grub_script_no_commands +/grub_script_not +/grub_script_return +/grub_script_setparams +/grub_script_shift +/grub_script_strcmp +/grub_script_test +/grub_script_vars1 +/grub_script_while1 +/gzcompress_test +/hddboot_test +/help_test +/hfs_test +/hfsplus_test +/include/grub/cpu +/include/grub/gcrypt/g10lib.h +/include/grub/gcrypt/gcrypt.h +/include/grub/machine +/install-sh +/iso9660_test +/jfs_test +/lib/libgcrypt-grub +/libgrub_a_init.c +/lzocompress_test +/m4/ +/minixfs_test +/missing +/netboot_test +/nilfs2_test +/ntfs_test +/ohci_test +/partmap_test +/pata_test +/po/*.gmo +/po/*.mo +/po/*.po +/po/LINGUAS +/po/Makefile.in.in +/po/Makevars +/po/Makevars.template +/po/POTFILES +/po/POTFILES-shell.in +/po/POTFILES.in +/po/Rules-quot +/po/grub.pot +/po/remove-potcdate.sed +/po/stamp-po +/printf_test +/priority_queue_unit_test +/pseries_test +/reiserfs_test +/romfs_test +/squashfs_test +/stamp-h +/stamp-h.in +/stamp-h1 +/syslinux_test +/tar_test +/test_sha512sum +/test_unset +/tests/syslinux/ubuntu10.04_grub.cfg +/texinfo.tex +/udf_test +/uhci_test +/util/bash-completion.d/grub +/widthspec.h +/xfs_test +/xzcompress_test +/zfs_test diff --git a/gnulib-9f48fb992a3d7e96610c4ce8be969cff2d61a01b.tar.gz b/gnulib-9f48fb992a3d7e96610c4ce8be969cff2d61a01b.tar.gz new file mode 100644 index 000000000..1a0cf7dba Binary files /dev/null and b/gnulib-9f48fb992a3d7e96610c4ce8be969cff2d61a01b.tar.gz differ diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def index b9090d918..a7fa07fa7 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -1903,6 +1903,7 @@ module = { x86 = loader/slaunch/skl.c; x86 = loader/slaunch/dlstub.c; x86 = loader/efi/dltrampoline.S; + i386_efi = loader/slaunch/x86_efi_linux.c; x86_64_efi = loader/slaunch/x86_efi_linux.c; enable = x86; }; diff --git a/grub2.spec.in b/grub2.spec.in new file mode 100644 index 000000000..00f365291 --- /dev/null +++ b/grub2.spec.in @@ -0,0 +1,1296 @@ +# This package calls binutils components directly and would need to pass +# in flags to enable the LTO plugins +# Disable LTO +%global _lto_cflags %{nil} + +%undefine _hardened_build +%undefine _package_note_file + +%global tarversion @VERSION@ +%undefine _missing_build_ids_terminate_build +%global _configure_gnuconfig_hack 0 + +%global efi_vendor qubes +%global efi_esp_dir /boot/efi/EFI/%{efi_vendor} +%global gnulibversion 9f48fb992a3d7e96610c4ce8be969cff2d61a01b +Name: grub2 +Epoch: 1000 +Version: @VERSION@ +Release: @REL@%{?dist} +Summary: Bootloader with support for Linux, Multiboot and more +License: GPLv3+ +URL: http://www.gnu.org/software/grub/ +Obsoletes: grub < 1:0.98 +Source0: %{name}-%{version}.tar.gz +Source3: 99-grub-mkconfig.install +Source4: http://unifoundry.com/unifont-5.1.20080820.pcf.gz +Source5: theme.tar.bz2 +Source6: gitignore +Source9: strtoull_test.c +Source10: 20-grub.install +Source12: sbat.csv.in +Source13: 99-grub-mkconfig.install + + +### begin grub.macros +# vim:filetype=spec +# Modules always contain just 32-bit code +%global _libdir %{_exec_prefix}/lib +%global _binaries_in_noarch_packages_terminate_build 0 +#%%undefine _missing_build_ids_terminate_build +%{expand:%%{!?buildsubdir:%%global buildsubdir grub2-%{tarversion}}} +%{expand:%%{!?_licensedir:%%global license %%%%doc}} + +%global _configure ../configure + +%if %{?_with_ccache: 1}%{?!_with_ccache: 0} +%global ccpath /usr/%{_lib}/ccache/gcc +%else +%global ccpath %{__cc} +%endif + +# gnulib actively ignores CFLAGS because it's terrible +%if 0%{?fedora} > 39 +%global cc_equals "CC=%{ccpath} -fPIE -Wl,-z,noexecstack -Wl,--no-warn-rwx-segments" +%else +%global cc_equals "CC=%{ccpath} -fPIE -Wl,-z,noexecstack" +%endif + +%global cflags_sed \\\ + sed \\\ + -e 's/-O. //g' \\\ + -e 's/-fplugin=annobin//g' \\\ + -e 's,-specs=[[:alnum:]/_-]*annobin[[:alnum:]_-]*,,g' \\\ + -e 's/-fstack-protector[[:alpha:]-]\\+//g' \\\ + -e 's/-[^ ]*D_FORTIFY_SOURCE=[[:digit:]][^ ]*\\+//g' \\\ + -e 's/--param=ssp-buffer-size=4//g' \\\ + -e 's/-mregparm=3/-mregparm=4/g' \\\ + -e 's/-fexceptions//g' \\\ + -e 's/-fcf-protection//g' \\\ + -e 's/-fasynchronous-unwind-tables//g' \\\ + -e 's/^/ -fno-strict-aliasing /' \\\ + %{nil} + +%global host_cflags_ %{expand:%%(echo %{build_cflags} %{?_hardening_cflags} | %{cflags_sed})} -fstack-protector-strong +%ifarch x86_64 +%global host_cflags %{host_cflags_} -fcf-protection +%else +%global host_cflags %{host_cflags_} +%endif +%global legacy_host_cflags \\\ + %{expand:%%(echo %{host_cflags} | \\\ + sed \\\ + -e 's/-m64//g' \\\ + -e 's/-mcpu=power[[:alnum:]]\\+/-mcpu=power6/g' \\\ + )} +%global efi_host_cflags %{expand:%%(echo %{host_cflags})} + +%global target_cflags %{expand:%%(echo %{build_cflags} | %{cflags_sed})} +%global legacy_target_cflags \\\ + %{expand:%%(echo %{target_cflags} | \\\ + %{cflags_sed} \\\ + -e 's/-m64//g' \\\ + -e 's/-mcpu=power[[:alnum:]]\\+/-mcpu=power6/g' \\\ + )} +%global efi_target_cflags %{expand:%%(echo %{target_cflags})} + +%global ldflags_sed \\\ + sed \\\ + -e 's,-specs=[[:alnum:]/_-]*annobin[[:alnum:]_-]*,,g' \\\ + -e 's/^$//' \\\ + %{nil} + +%global host_ldflags %{expand:%%(echo %{build_ldflags} %{?_hardening_ldflags} | %{ldflags_sed})} +%global legacy_host_ldflags \\\ + %{expand:%%(echo %{host_ldflags} | \\\ + %{ldflags_sed} \\\ + )} +%global efi_host_ldflags %{expand:%%(echo %{host_ldflags})} + +%if 0%{?fedora} > 39 +%global target_ldflags %{expand:%%(echo %{build_ldflags} -Wl,--no-warn-rwx-segments -static | %{ldflags_sed})} +%else +%global target_ldflags %{expand:%%(echo %{build_ldflags} -static | %{ldflags_sed})} +%endif +%global legacy_target_ldflags \\\ + %{expand:%%(echo %{target_ldflags} | \\\ + %{ldflags_sed} \\\ + )} +%global efi_target_ldflags %{expand:%%(echo %{target_ldflags})} + +%global with_efi_arch 0 +%global with_alt_efi_arch 0 +%global with_legacy_arch 0 +%global with_emu_arch 0 +%global emuarch %{_arch} +%global grubefiarch %{nil} +%global grublegacyarch %{nil} + +# sparc is always compiled 64 bit +%ifarch %{sparc} +%global target_cpu_name sparc64 +%global _target_platform %{target_cpu_name}-%{_vendor}-%{_target_os}%{?_gnu} +%global legacy_target_cpu_name %{_arch} +%global legacy_package_arch ieee1275 +%global platform ieee1275 +%endif +# ppc is always compiled 64 bit +%ifarch ppc ppc64 ppc64le +# GRUB emu fails to build on ppc64le +%global with_emu_arch 0 +%global target_cpu_name %{_arch} +%global legacy_target_cpu_name powerpc +%global legacy_package_arch %{_arch} +%global legacy_grub_dir powerpc-ieee1275 +%global _target_platform %{target_cpu_name}-%{_vendor}-%{_target_os}%{?_gnu} +%global platform ieee1275 +%endif + + +%global efi_only aarch64 %{arm} +%global efi_arch x86_64 ia64 %{efi_only} +%ifarch %{efi_arch} +%global with_efi_arch 1 +%else +%global with_efi_arch 0 +%endif +%ifarch %{efi_only} +%global with_efi_only 1 +%else +%global with_efi_only 0 +%endif +%{!?with_efi_arch:%global without_efi_arch 0} +%{?with_efi_arch:%global without_efi_arch 1} +%{!?with_efi_only:%global without_efi_only 0} +%{?with_efi_only:%global without_efi_only 1} + +### fixme +%ifarch aarch64 %{arm} +%global efi_modules " " +%else +%global efi_modules " backtrace chain usb usbserial_common usbserial_pl2303 usbserial_ftdi usbserial_usbdebug keylayouts at_keyboard " +%endif + +%ifarch aarch64 %{arm} +%global legacy_provides -l +%endif + +%ifarch %{ix86} +%global efiarch ia32 +%global target_cpu_name i386 +%global grub_target_name i386-efi +%global package_arch efi-ia32 + +%global legacy_target_cpu_name i386 +%global legacy_package_arch pc +%global platform pc +%endif + +%ifarch x86_64 +%global efiarch x64 +%global target_cpu_name %{_arch} +%global grub_target_name %{_arch}-efi +%global package_arch efi-x64 + +%global legacy_target_cpu_name i386 +%global legacy_package_arch pc +%global platform pc + +%global alt_efi_arch ia32 +%global alt_target_cpu_name i386 +%global alt_grub_target_name i386-efi +%global alt_platform efi +%global alt_package_arch efi-ia32 + +%global alt_efi_host_cflags %{expand:%%(echo %{efi_host_cflags})} +%global alt_efi_target_cflags \\\ + %{expand:%%(echo %{target_cflags} | \\\ + %{cflags_sed} \\\ + -e 's/-m64//g' \\\ + )} +%endif + +%ifarch aarch64 +%global emuarch arm64 +%global efiarch aa64 +%global target_cpu_name aarch64 +%global grub_target_name arm64-efi +%global package_arch efi-aa64 +%endif + +%ifarch %{arm} +%global efiarch arm +%global target_cpu_name arm +%global grub_target_name arm-efi +%global package_arch efi-arm +%global efi_target_cflags \\\ + %{expand:%%(echo %{optflags} | \\\ + %{cflags_sed} \\\ + -e 's/-march=armv7-a[[:alnum:]+-]*/&+nofp/g' \\\ + -e 's/-mfpu=[[:alnum:]-]\\+//g' \\\ + -e 's/-mfloat-abi=[[:alpha:]]\\+/-mfloat-abi=soft/g' \\\ + )} +%endif + +%global _target_platform %{target_cpu_name}-%{_vendor}-%{_target_os}%{?_gnu} +%global _alt_target_platform %{alt_target_cpu_name}-%{_vendor}-%{_target_os}%{?_gnu} + +%ifarch %{efi_arch} +%global with_efi_arch 1 +%global grubefiname grub%{efiarch}.efi +%global grubeficdname gcd%{efiarch}.efi +%global grubefiarch %{target_cpu_name}-efi +%ifarch %{ix86} +%global with_efi_modules 0 +%global without_efi_modules 1 +%else +%global with_efi_modules 1 +%global without_efi_modules 0 +%endif +%endif + +%if 0%{?alt_efi_arch:1} +%global with_alt_efi_arch 1 +%global grubaltefiname grub%{alt_efi_arch}.efi +%global grubalteficdname gcd%{alt_efi_arch}.efi +%global grubaltefiarch %{alt_target_cpu_name}-efi +%endif + +%ifnarch %{efi_only} +%global with_legacy_arch 1 +%global grublegacyarch %{legacy_target_cpu_name}-%{platform} +%global moduledir %{legacy_target_cpu_name}-%{platform} +%endif + +%global evr %{epoch}:%{version}-%{release} + +%ifarch x86_64 +%global with_efi_common 1 +%global with_legacy_modules 1 +%global with_legacy_common 1 +%else +%global with_efi_common 0 +%global with_legacy_common 1 +%global with_legacy_modules 1 +%endif + +%define define_legacy_variant() \ +%{expand:%%package %%{1}} \ +Summary: Bootloader with support for Linux, Multiboot, and more \ +Provides: grub2 = %{evr} \ +Obsoletes: grub2 < %{evr} \ +Requires: grub2-common = %{evr} \ +Requires: grub2-tools-minimal = %{evr} \ +Requires: grub2-%{1}-modules = %{evr} \ +Requires: gettext which file \ +Requires: grub2-tools = %{evr} \ +Requires(pre): dracut \ +Requires(post): dracut \ +%{expand:%%description %%{1}} \ +%{desc} \ +This subpackage provides support for %{1} systems. \ + \ +%{expand:%%{?!buildsubdir:%%define buildsubdir grub-%%{1}-%{tarversion}}}\ +%{expand:%%if 0%%{with_legacy_modules} \ +%%package %%{1}-modules \ +Summary: Modules used to build custom grub images \ +BuildArch: noarch \ +Requires: grub2-common = %%{evr} \ +%%description %%{1}-modules \ +%%{desc} \ +This subpackage provides support for rebuilding your own grub.efi. \ +%%endif \ +} \ + \ +%{expand:%%{?!buildsubdir:%%define buildsubdir grub-%%{1}-%{tarversion}}}\ +%{expand:%%package %%{1}-tools} \ +Summary: Support tools for GRUB. \ +Requires: gettext which file system-logos \ +Requires: grub2-common = %{evr} \ +Requires: grub2-tools-minimal = %{evr} \ +Requires: gettext which file \ + \ +%{expand:%%description %%{1}-tools} \ +%{desc} \ +This subpackage provides tools for support of %%{1} platforms. \ +%{nil} + +%define define_efi_variant(o) \ +%{expand:%%package %{1}} \ +Summary: GRUB for EFI systems. \ +Requires: efi-filesystem \ +Requires: grub2-common = %{evr} \ +Requires: grub2-tools-minimal >= %{evr} \ +Requires: grub2-tools = %{evr} \ +Provides: grub2-efi = %{evr} \ +%{?legacy_provides:Provides: grub2 = %{evr}} \ +%{-o:Obsoletes: grub2-efi < %{evr}} \ + \ +%{expand:%%description %{1}} \ +%{desc} \ +This subpackage provides support for %{1} systems. \ + \ +%{expand:%%{?!buildsubdir:%%define buildsubdir grub-%{1}-%{tarversion}}}\ +%{expand:%if 0%{?with_efi_modules} \ +%{expand:%%package %{1}-modules} \ +Summary: Modules used to build custom grub.efi images \ +BuildArch: noarch \ +Requires: grub2-common = %{evr} \ +Provides: grub2-efi-modules = %{evr} \ +Obsoletes: grub2-efi-modules < %{evr} \ +%{expand:%%description %{1}-modules} \ +%{desc} \ +This subpackage provides support for rebuilding your own grub.efi. \ +%endif} \ + \ +%{expand:%%package %{1}-cdboot} \ +Summary: Files used to boot removeable media with EFI \ +Requires: grub2-common = %{evr} \ +Provides: grub2-efi-cdboot = %{evr} \ +%{expand:%%description %{1}-cdboot} \ +%{desc} \ +This subpackage provides optional components of grub used with removeable media on %{1} systems.\ +%{nil} + +%global do_common_setup() \ +%setup -q -n %{name}-%{tarversion} \ +rm -fv docs/*.info \ +cp %{SOURCE6} .gitignore \ +cp %{SOURCE9} ./grub-core/tests/strtoull_test.c \ +tar -zxf gnulib-%{gnulibversion}.tar.gz \ +mv gnulib-%{gnulibversion} gnulib \ +git init \ +echo '![[:digit:]][[:digit:]]_*.in' > util/grub.d/.gitignore \ +echo '!*.[[:digit:]]' > util/.gitignore \ +echo '!config.h' > include/grub/emu/.gitignore \ +git config user.email "grub2-owner@fedoraproject.org" \ +git config user.name "Fedora Ninjas" \ +git config gc.auto 0 \ +rm -f configure \ +git add . \ +git commit -a -q -m "%{tarversion} baseline." \ +#git apply --index --whitespace=nowarn %{SOURCE3} \ +#git commit -a -q -m "%{tarversion} master." \ +git am --whitespace=nowarn %%{patches} %{1}.conf \ +install -d -m 755 ${RPM_BUILD_ROOT}/etc/dnf/protected.d/ \ +install -m 644 %{1}.conf ${RPM_BUILD_ROOT}/etc/dnf/protected.d/ \ +rm -f %{1}.conf \ +%{nil} + +%ifarch x86_64 aarch64 %{arm} +%define mkimage() \ +%{4}./grub-mkimage -O %{1} -o %{2}.orig \\\ + -p /EFI/%{efi_vendor} -d grub-core ${GRUB_MODULES} \\\ + --sbat %{4}./sbat.csv \ +%{4}./grub-mkimage -O %{1} -o %{3}.orig \\\ + -p /EFI/BOOT -d grub-core ${GRUB_MODULES} \\\ + --sbat %{4}./sbat.csv \ +%{expand:%%define ___pesign_client_cert %{?___pesign_client_cert}%{!?___pesign_client_cert:%{__pesign_client_cert}}} \ +%{?__pesign_client_cert:%{expand:%%define __pesign_client_cert %{___pesign_client_cert}}} \ +%{expand:%%{pesign -s -i %%{2}.orig -o %%{2}.onesig -a %%{5} -c %%{6} -n %%{7}}} \ +%{expand:%%{pesign -s -i %%{3}.orig -o %%{3}.onesig -a %%{5} -c %%{6} -n %%{7}}} \ +%{expand:%%define __pesign_client_cert grub2-signer} \ +%{expand:%%{pesign -s -i %%{2}.onesig -o %%{2} -a %%{5} -c %%{6} -n %%{7}}} \ +%{expand:%%{pesign -s -i %%{3}.onesig -o %%{3} -a %%{5} -c %%{6} -n %%{7}}} \ +%{nil} +%else +%define mkimage() \ +%{4}./grub-mkimage -O %{1} -o %{2} \\\ + -p /EFI/%{efi_vendor} -d grub-core ${GRUB_MODULES} \ +%{4}./grub-mkimage -O %{1} -o %{3} \\\ + -p /EFI/BOOT -d grub-core ${GRUB_MODULES} \ +%{nil} +%endif + +### QUBES OS: -blscfg -efi_netns -version +multiboot +multiboot2 + +%define do_efi_build_images() \ +GRUB_MODULES=" all_video boot btrfs \\\ + cat configfile cryptodisk \\\ + echo efifwsetup efinet ext2 f2fs \\\ + fat font gcry_rijndael gcry_rsa gcry_serpent \\\ + gcry_sha256 gcry_twofish gcry_whirlpool \\\ + gfxmenu gfxterm gzio \\\ + halt hfsplus http increment iso9660 jpeg \\\ + loadenv loopback linux lvm lsefi lsefimmap luks \\\ + luks2 mdraid09 mdraid1x minicmd net \\\ + multiboot multiboot2 \\\ + normal part_apple part_msdos part_gpt \\\ + password_pbkdf2 pgp png reboot \\\ + regexp search search_fs_uuid search_fs_file \\\ + search_label serial sleep syslinuxcfg test tftp \\\ + video xfs zstd " \ +GRUB_MODULES+=%{efi_modules} \ +%{expand:%%{mkimage %{1} %{2} %{3} %{4}}} \ +%{nil} + +%define do_primary_efi_build() \ +cd %{name}-%{1}-%{tarversion} \ +%{expand:%%do_efi_configure %%{4} %%{5} %%{6}} \ +%do_efi_build_all \ +%{expand:%%do_efi_build_images %{grub_target_name} %{2} %{3} ./ } \ +cd .. \ +%{nil} + +%define do_alt_efi_build() \ +cd %{name}-%{1}-%{tarversion} \ +%{expand:%%do_efi_configure %%{4} %%{5} %%{6}} \ +%do_efi_build_modules \ +%{expand:%%do_efi_link_utils %{grubefiarch}} \ +%{expand:%%do_efi_build_images %{alt_grub_target_name} %{2} %{3} ../%{name}-%{grubefiarch}-%{tarversion}/ } \ +cd .. \ +%{nil} + +%define do_legacy_build() \ +cd %{name}-%{1}-%{tarversion} \ +%configure \\\ + %{cc_equals} \\\ + HOST_CFLAGS="%{legacy_host_cflags}" \\\ + HOST_CPPFLAGS="-I$(pwd)" \\\ + HOST_LDFLAGS="%{legacy_host_ldflags}" \\\ + TARGET_CFLAGS="%{legacy_target_cflags}" \\\ + TARGET_CPPFLAGS="-I$(pwd)" \\\ + TARGET_LDFLAGS="%{legacy_target_ldflags}" \\\ + CFLAGS= \\\ + --with-platform=%{platform} \\\ + --with-utils=host \\\ + --target=%{_target_platform} \\\ + --with-grubdir=grub2 \\\ + --program-transform-name=s,grub,grub2, \\\ + --disable-werror || ( cat config.log ; exit 1 ) \ +CFLAGS= \ +CPPFLAGS= \ +git add . \ +git commit -m "After legacy configure" \ +make %{?_smp_mflags} \ +cd .. \ +%{nil} + +%define do_emu_build() \ +cd %{name}-emu-%{tarversion} \ +%configure \\\ + %{cc_equals} \\\ + HOST_CFLAGS="%{legacy_host_cflags}" \\\ + HOST_CPPFLAGS="-I$(pwd)" \\\ + HOST_LDFLAGS="%{legacy_host_ldflags}" \\\ + --with-platform=emu \\\ + --with-grubdir=grub2 \\\ + --program-transform-name=s,grub,grub2, \\\ + --disable-werror || ( cat config.log ; exit 1 ) \ +git add . \ +git commit -m "After emu configure" \ +make %{?_smp_mflags} ascii.h widthspec.h \ +make %{?_smp_mflags} -C grub-core/lib/gnulib \ +make %{?_smp_mflags} -C grub-core \ +cd .. \ +%{nil} + +%define do_alt_efi_install() \ +cd %{name}-%{1}-%{tarversion} \ +install -d -m 755 $RPM_BUILD_ROOT/usr/lib/grub/%{grubaltefiarch}/ \ +find . '(' -iname gdb_grub \\\ + -o -iname kernel.exec \\\ + -o -iname kernel.img \\\ + -o -iname config.h \\\ + -o -iname gmodule.pl \\\ + -o -iname modinfo.sh \\\ + -o -iname '*.lst' \\\ + -o -iname '*.mod' \\\ + ')' \\\ + -exec cp {} $RPM_BUILD_ROOT/usr/lib/grub/%{grubaltefiarch}/ \\\; \ +find $RPM_BUILD_ROOT -type f -iname "*.mod*" -exec chmod a-x {} '\;' \ +install -m 700 %{2} $RPM_BUILD_ROOT%{efi_esp_dir}/%{2} \ +install -m 700 %{3} $RPM_BUILD_ROOT%{efi_esp_dir}/%{3} \ +%{expand:%%do_install_protected_file grub2-%{alt_package_arch}} \ +cd .. \ +%{nil} + +%define do_efi_install() \ +cd %{name}-%{1}-%{tarversion} \ +make DESTDIR=$RPM_BUILD_ROOT install \ +if [ -f $RPM_BUILD_ROOT%{_infodir}/grub.info ]; then \ + rm -f $RPM_BUILD_ROOT%{_infodir}/grub.info \ +fi \ +if [ -f $RPM_BUILD_ROOT%{_infodir}/grub-dev.info ]; then \ + rm -f $RPM_BUILD_ROOT%{_infodir}/grub-dev.info \ +fi \ +find $RPM_BUILD_ROOT -iname "*.module" -exec chmod a-x {} '\;' \ +ln -s ../boot/grub2/grub.cfg \\\ + $RPM_BUILD_ROOT%{_sysconfdir}/grub2-efi.cfg \ +install -m 700 %{2} $RPM_BUILD_ROOT%{efi_esp_dir}/%{2} \ +install -m 700 %{3} $RPM_BUILD_ROOT%{efi_esp_dir}/%{3} \ +%ifarch %{arm} \ +install -D -m 700 %{2} $RPM_BUILD_ROOT%{efi_esp_boot}/BOOTARM.EFI \ +%endif \ +install -D -m 700 unicode.pf2 \\\ + $RPM_BUILD_ROOT%{efi_esp_dir}/fonts/unicode.pf2 \ +${RPM_BUILD_ROOT}/%{_bindir}/grub2-editenv \\\ + ${RPM_BUILD_ROOT}/boot/grub2/grubenv create \ +%{expand:%%do_install_protected_file grub2-%{package_arch}} \ +cd .. \ +%{nil} + +# TODO: switch to %upper macro with rpm 4.19+ +%define upper_() %{lua:print(string.upper(rpm.expand("%{1}")))} + +# This is supposed to be case-insensitive anyway. But all-uppercase (even for +# the x in BOOTx64.EFI) is what both 'grub2-install --removable' and systemd's +# 'bootctl install' do, and it might be safer: +# https://github.com/systemd/systemd/commit/00f69504a2c1861d98a027afdebc22c873f09083 +%define efi_default_image() /boot/efi/EFI/BOOT/BOOT%{upper_ %{1}}.EFI + +%global efi_startup_script /boot/efi/startup.nsh + +%define do_fallback_efi_install() \ +cd %{name}-%{1}-%{tarversion} \ +install -D -m 700 %{2} \\\ + $RPM_BUILD_ROOT%{expand:%%efi_default_image %{3}} \ +%if "%{3}" != "%{alt_efi_arch}" \ +printf '%s\\n' '\\EFI\\%{efi_vendor}\\%{2}' > \\\ + $RPM_BUILD_ROOT%{efi_startup_script} \ +%endif \ +cd .. \ +%{nil} + +%define do_legacy_install() \ +cd %{name}-%{1}-%{tarversion} \ +make DESTDIR=$RPM_BUILD_ROOT install \ +if [ -f $RPM_BUILD_ROOT%{_infodir}/grub.info ]; then \ + rm -f $RPM_BUILD_ROOT%{_infodir}/grub.info \ +fi \ +if [ -f $RPM_BUILD_ROOT%{_infodir}/grub-dev.info ]; then \ + rm -f $RPM_BUILD_ROOT%{_infodir}/grub-dev.info \ +fi \ +if [ -f $RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/grub2.chrp ]; then \ + mv $RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/grub2.chrp \\\ + $RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/grub.chrp \ +fi \ +if [ %{3} -eq 0 ]; then \ + ${RPM_BUILD_ROOT}/%{_bindir}/grub2-editenv \\\ + ${RPM_BUILD_ROOT}/boot/grub2/grubenv create \ +fi \ +%{expand:%%do_install_protected_file grub2-%{legacy_package_arch}} \ +cd .. \ +%{nil} + +%define do_emu_install() \ +cd %{name}-emu-%{tarversion} \ +make DESTDIR=$RPM_BUILD_ROOT install -C grub-core \ +if [ -f $RPM_BUILD_ROOT%{_infodir}/grub.info ]; then \ + rm -f $RPM_BUILD_ROOT%{_infodir}/grub.info \ +fi \ +if [ -f $RPM_BUILD_ROOT%{_infodir}/grub-dev.info ]; then \ + rm -f $RPM_BUILD_ROOT%{_infodir}/grub-dev.info \ +fi \ +if [ -f $RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/grub2.chrp ]; then \ + mv $RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/grub2.chrp \\\ + $RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/grub.chrp \ +fi \ +cd .. \ +%{nil} + +%define do_common_install() \ +install -d -m 0755 \\\ + $RPM_BUILD_ROOT%{_datarootdir}/locale/en\@quot \\\ + $RPM_BUILD_ROOT%{_datarootdir}/locale/en \\\ + $RPM_BUILD_ROOT%{_infodir}/ \ +cp -a $RPM_BUILD_ROOT%{_datarootdir}/locale/en\@quot \\\ + $RPM_BUILD_ROOT%{_datarootdir}/locale/en \ +cp docs/grub.info $RPM_BUILD_ROOT%{_infodir}/grub2.info \ +cp docs/grub-dev.info \\\ + $RPM_BUILD_ROOT%{_infodir}/grub2-dev.info \ +install -d -m 0700 ${RPM_BUILD_ROOT}%{efi_esp_dir}/ \ +install -d -m 0700 ${RPM_BUILD_ROOT}/boot/grub2/ \ +install -d -m 0700 ${RPM_BUILD_ROOT}/boot/loader/entries \ +install -d -m 0700 ${RPM_BUILD_ROOT}/boot/grub2/themes/system \ +install -d -m 0700 ${RPM_BUILD_ROOT}%{_sysconfdir}/default \ +install -d -m 0700 ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig \ +touch ${RPM_BUILD_ROOT}%{_sysconfdir}/default/grub \ +ln -sf ../default/grub \\\ + ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/grub \ +touch ${RPM_BUILD_ROOT}/boot/grub2/grub.cfg \ +ln -s ../boot/grub2/grub.cfg \\\ + ${RPM_BUILD_ROOT}%{_sysconfdir}/grub2.cfg \ +%{nil} + +%define define_legacy_variant_files() \ +%{expand:%%files %{1}} \ +%defattr(-,root,root,-) \ +%config(noreplace) %{_sysconfdir}/grub2.cfg \ +%ghost %config(noreplace) /boot/grub2/grub.cfg \ +%dir %attr(0700,root,root)/boot/loader/entries \ +%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/grub2-%{1}.conf \ + \ +%{expand:%if 0%{?with_legacy_modules} \ +%{expand:%%files %{1}-modules} \ +%defattr(-,root,root) \ +%dir %{_libdir}/grub/%{2}/ \ +%{_libdir}/grub/%{2}/* \ +%exclude %{_libdir}/grub/%{2}/*.module \ +%exclude %{_libdir}/grub/%{2}/{boot,boot_hybrid,cdboot,diskboot,lzma_decompress,pxeboot}.image \ +%exclude %{_libdir}/grub/%{2}/*.o \ +%else \ +%%exclude %%{_libdir}/grub/%%{grublegacyarch}/* \ +%endif} \ +%{nil} + +%define define_efi_variant_files() \ +%{expand:%%files %{1}} \ +%defattr(0700,root,root,-) \ +%config(noreplace) %{_sysconfdir}/grub2.cfg \ +%config(noreplace) %{_sysconfdir}/grub2-efi.cfg \ +%attr(0700,root,root)%{efi_esp_dir}/%{2} \ +%ifarch %{arm} \ +%attr(0700,root,root)%{efi_esp_boot}/BOOTARM.EFI \ +%endif \ +%dir %attr(0700,root,root)%{efi_esp_dir}/fonts \ +%dir %attr(0700,root,root)/boot/loader/entries \ +%ghost %config(noreplace) /boot/grub2/grub.cfg \ +%ghost %config(noreplace) %attr(0700,root,root)%{efi_esp_dir}/grub.cfg \ +%config(noreplace) %verify(not size mode md5 mtime) /boot/grub2/grubenv \ +%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/grub2-%{1}.conf \ +%{expand:%if 0%{?without_efi_modules} \ +%exclude %{_libdir}/grub/%{6} \ +%exclude %{_libdir}/grub/%{6}/* \ +%endif} \ +%attr(0700,root,root) %config(noreplace) %{expand:%%efi_default_image %{7}} \ +%if "%{1}" != "%{alt_package_arch}" \ +%attr(0700,root,root) %config(noreplace) %{efi_startup_script} \ +%endif \ + \ +%{expand:%if 0%{?with_efi_modules} \ +%{expand:%%files %{1}-modules} \ +%defattr(-,root,root,-) \ +%dir %{_libdir}/grub/%{6}/ \ +%{_libdir}/grub/%{6}/* \ +%exclude %{_libdir}/grub/%{6}/*.module \ +%endif} \ + \ +%{expand:%%files %{1}-cdboot} \ +%defattr(0700,root,root,-) \ +%attr(0700,root,root)%{efi_esp_dir}/%{3} \ +%attr(0700,root,root)%{efi_esp_dir}/fonts \ +%{nil} +### end grub.macros + +# XXX: having this as a commit doesn't work due to some ordering issue (this +# .spec-file extracts parts of .gitignore) +Patch0010: 0010-re-write-.gitignore.patch + +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: binutils +BuildRequires: bison +BuildRequires: bzip2-devel +BuildRequires: dejavu-sans-fonts +BuildRequires: device-mapper-devel +BuildRequires: efi-srpm-macros +BuildRequires: flex +BuildRequires: freetype-devel +BuildRequires: freetype-devel +BuildRequires: fuse-devel +BuildRequires: gcc +BuildRequires: gettext-devel +BuildRequires: git +BuildRequires: help2man +BuildRequires: ncurses-devel +BuildRequires: python3 +BuildRequires: rpm-devel +BuildRequires: rpm-libs +BuildRequires: squashfs-tools +BuildRequires: texinfo +BuildRequires: xz-devel + +# For %%_userunitdir and %%systemd_* macros +BuildRequires: systemd-rpm-macros + +%ifarch %{efi_arch} +BuildRequires: pesign >= 0.99-8 +%endif + +%if %{?_with_ccache: 1}%{?!_with_ccache: 0} +BuildRequires: ccache +%endif + +ExcludeArch: s390 s390x %{ix86} +Obsoletes: grub2 <= %{evr} + +%if 0%{with_legacy_arch} +Requires: grub2-%{legacy_package_arch} = %{evr} +%else +Requires: grub2-%{package_arch} = %{evr} +%endif + +%global desc \ +The GRand Unified Bootloader (GRUB) is a highly configurable and \ +customizable bootloader with modular architecture. It supports a rich \ +variety of kernel formats, file systems, computer architectures and \ +hardware devices.\ +%{nil} + +%description +%{desc} + +%package common +Summary: grub2 common layout +BuildArch: noarch +Conflicts: grubby < 8.40-18 +%if 0%{?fedora} >= 37 +Requires(posttrans): util-linux-core +%else +Requires(posttrans): util-linux +%endif +Requires(posttrans): coreutils +Requires(posttrans): grep + +%description common +This package provides some directories which are required by various grub2 +subpackages. + +%package tools +Summary: Support tools for GRUB. +Obsoletes: grub2-tools < %{evr} +Requires: grub2-common = %{epoch}:%{version}-%{release} +%if 0%{?fedora} >= 37 +Requires: gettext-runtime file +%else +Requires: gettext file +%endif +Requires(pre): dracut +Requires(post): dracut +Requires(pre): grep +Requires(pre): sed + +%description tools +%{desc} +This subpackage provides tools for support of all platforms. + +%ifarch x86_64 +%package tools-efi +Summary: Support tools for GRUB. +%if 0%{?fedora} >= 37 +Requires: gettext-runtime file +%else +Requires: gettext file +%endif +Requires: grub2-common = %{epoch}:%{version}-%{release} +Obsoletes: grub2-tools < %{evr} + +%description tools-efi +%{desc} +This subpackage provides tools for support of EFI platforms. +%endif + +%package tools-minimal +Summary: Support tools for GRUB. +%if 0%{?fedora} >= 37 +Requires: gettext-runtime +%else +Requires: gettext +%endif +Requires: grub2-common = %{epoch}:%{version}-%{release} +Obsoletes: grub2-tools < %{evr} + +%description tools-minimal +%{desc} +This subpackage provides tools for support of all platforms. + +%package tools-extra +Summary: Support tools for GRUB. +%if 0%{?fedora} >= 37 +Requires: gettext-runtime file +%else +Requires: gettext file +%endif +Requires: grub2-tools-minimal = %{epoch}:%{version}-%{release} +Requires: grub2-common = %{epoch}:%{version}-%{release} +Obsoletes: grub2-tools < %{evr} + +%description tools-extra +%{desc} +This subpackage provides tools for support of all platforms. + +%if 0%{with_efi_arch} +%{expand:%define_efi_variant %%{package_arch} -o} +%endif +%if 0%{with_alt_efi_arch} +%{expand:%define_efi_variant %%{alt_package_arch}} +%endif +%if 0%{with_legacy_arch} +%{expand:%define_legacy_variant %%{legacy_package_arch}} +%endif + +%if 0%{with_emu_arch} +%package emu +Summary: GRUB user-space emulation. +Requires: grub2-tools-minimal = %{epoch}:%{version}-%{release} + +%description emu +%{desc} +This subpackage provides the GRUB user-space emulation support of all platforms. + +%package emu-modules +Summary: GRUB user-space emulation modules. +Requires: grub2-tools-minimal = %{epoch}:%{version}-%{release} + +%description emu-modules +%{desc} +This subpackage provides the GRUB user-space emulation modules. +%endif + +%prep +%do_common_setup +%if 0%{with_efi_arch} +mkdir %{name}-%{grubefiarch}-%{tarversion} +grep -A100000 '# stuff "make" creates' .gitignore > %{name}-%{grubefiarch}-%{tarversion}/.gitignore +cp %{SOURCE4} %{name}-%{grubefiarch}-%{tarversion}/unifont.pcf.gz +sed -e "s,@@VERSION@@,%{version},g" -e "s,@@VERSION_RELEASE@@,%{version}-%{release},g" \ + %{SOURCE12} > %{name}-%{grubefiarch}-%{tarversion}/sbat.csv +git add %{name}-%{grubefiarch}-%{tarversion} +%endif +%if 0%{with_alt_efi_arch} +mkdir %{name}-%{grubaltefiarch}-%{tarversion} +grep -A100000 '# stuff "make" creates' .gitignore > %{name}-%{grubaltefiarch}-%{tarversion}/.gitignore +cp %{SOURCE4} %{name}-%{grubaltefiarch}-%{tarversion}/unifont.pcf.gz +git add %{name}-%{grubaltefiarch}-%{tarversion} +%endif +%if 0%{with_legacy_arch} +mkdir %{name}-%{grublegacyarch}-%{tarversion} +grep -A100000 '# stuff "make" creates' .gitignore > %{name}-%{grublegacyarch}-%{tarversion}/.gitignore +cp %{SOURCE4} %{name}-%{grublegacyarch}-%{tarversion}/unifont.pcf.gz +git add %{name}-%{grublegacyarch}-%{tarversion} +%endif +%if 0%{with_emu_arch} +mkdir %{name}-emu-%{tarversion} +grep -A100000 '# stuff "make" creates' .gitignore > %{name}-emu-%{tarversion}/.gitignore +cp %{SOURCE4} %{name}-emu-%{tarversion}/unifont.pcf.gz +git add %{name}-emu-%{tarversion} +%endif +git commit -m "After making subdirs" + +%build +%if 0%{with_efi_arch} +%{expand:%do_primary_efi_build %%{grubefiarch} %%{grubefiname} %%{grubeficdname} %%{_target_platform} %%{efi_target_cflags} %%{efi_host_cflags}} +%endif +%if 0%{with_alt_efi_arch} +%{expand:%do_alt_efi_build %%{grubaltefiarch} %%{grubaltefiname} %%{grubalteficdname} %%{_alt_target_platform} %%{alt_efi_target_cflags} %%{alt_efi_host_cflags}} +%endif +%if 0%{with_legacy_arch} +%{expand:%do_legacy_build %%{grublegacyarch}} +%endif +%if 0%{with_emu_arch} +%{expand:%do_emu_build} +%endif +%ifarch ppc64le +%{expand:%do_ieee1275_build_images %%{grublegacyarch} %{grubelfname} %{sb_cer} %{sb_key}} +%endif +makeinfo --info --no-split -I docs -o docs/grub-dev.info \ + docs/grub-dev.texi +makeinfo --info --no-split -I docs -o docs/grub.info \ + docs/grub.texi +makeinfo --html --no-split -I docs -o docs/grub-dev.html \ + docs/grub-dev.texi +makeinfo --html --no-split -I docs -o docs/grub.html \ + docs/grub.texi + +%install +set -e +rm -fr $RPM_BUILD_ROOT + +%do_common_install +%if 0%{with_efi_arch} +%{expand:%do_efi_install %%{grubefiarch} %%{grubefiname} %%{grubeficdname}} +%{expand:%do_fallback_efi_install %%{grubefiarch} %%{grubefiname} %%{efiarch}} +%endif +%if 0%{with_alt_efi_arch} +%{expand:%do_alt_efi_install %%{grubaltefiarch} %%{grubaltefiname} %%{grubalteficdname}} +%{expand:%do_fallback_efi_install %%{grubaltefiarch} %%{grubaltefiname} %%{alt_efi_arch}} +%endif +%if 0%{with_legacy_arch} +%{expand:%do_legacy_install %%{grublegacyarch} %%{alt_grub_target_name} 0%{with_efi_arch}} +%endif +%if 0%{with_emu_arch} +%{expand:%do_emu_install %%{package_arch}} +%endif +rm -f $RPM_BUILD_ROOT%{_infodir}/dir +ln -s grub2-set-password ${RPM_BUILD_ROOT}/%{_sbindir}/grub2-setpassword +echo '.so man8/grub2-set-password.8' > ${RPM_BUILD_ROOT}/%{_datadir}/man/man8/grub2-setpassword.8 +%ifnarch x86_64 +rm -vf ${RPM_BUILD_ROOT}/%{_bindir}/grub2-render-label +rm -vf ${RPM_BUILD_ROOT}/%{_sbindir}/grub2-bios-setup +rm -vf ${RPM_BUILD_ROOT}/%{_sbindir}/grub2-macbless +%endif +%{expand:%%do_install_protected_file grub2-tools-minimal} + +# XXX: uncommenting the next line breaks the build (changing to "grub2" doesn't help) +#%find_lang grub + +# Make selinux happy with exec stack binaries. +mkdir ${RPM_BUILD_ROOT}%{_sysconfdir}/prelink.conf.d/ +cat << EOF > ${RPM_BUILD_ROOT}%{_sysconfdir}/prelink.conf.d/grub2.conf +# these have execstack, and break under selinux +-b /usr/bin/grub2-script-check +-b /usr/bin/grub2-mkrelpath +-b /usr/bin/grub2-mount +-b /usr/bin/grub2-fstest +-b /usr/sbin/grub2-bios-setup +-b /usr/sbin/grub2-probe +-b /usr/sbin/grub2-sparc64-setup +EOF + +# Install kernel-install scripts +install -d -m 0755 %{buildroot}%{_prefix}/lib/kernel/install.d/ +install -D -m 0755 -t %{buildroot}%{_prefix}/lib/kernel/install.d/ %{SOURCE10} +install -D -m 0755 -t %{buildroot}%{_prefix}/lib/kernel/install.d/ %{SOURCE3} +install -d -m 0755 %{buildroot}%{_sysconfdir}/kernel/install.d/ +# Install systemd user service to set the boot_success flag +install -D -m 0755 -t %{buildroot}%{_userunitdir} \ + docs/grub-boot-success.{timer,service} +install -d -m 0755 %{buildroot}%{_userunitdir}/timers.target.wants +ln -s ../grub-boot-success.timer \ + %{buildroot}%{_userunitdir}/timers.target.wants +# Install systemd system-update unit to set boot_indeterminate for offline-upd +install -D -m 0755 -t %{buildroot}%{_unitdir} docs/grub-boot-indeterminate.service +install -d -m 0755 %{buildroot}%{_unitdir}/system-update.target.wants +install -d -m 0755 %{buildroot}%{_unitdir}/reboot.target.wants +ln -s ../grub-boot-indeterminate.service \ + %{buildroot}%{_unitdir}/system-update.target.wants +ln -s ../grub2-systemd-integration.service \ + %{buildroot}%{_unitdir}/reboot.target.wants + +# Don't run debuginfo on all the grub modules and whatnot; it just +# rejects them, complains, and slows down extraction. +%global finddebugroot "%{_builddir}/%{?buildsubdir}/debug" + +%global dip RPM_BUILD_ROOT=%{finddebugroot} %{__debug_install_post} +%define __debug_install_post ( \ + mkdir -p %{finddebugroot}/usr \ + mv ${RPM_BUILD_ROOT}/usr/bin %{finddebugroot}/usr/bin \ + mv ${RPM_BUILD_ROOT}/usr/sbin %{finddebugroot}/usr/sbin \ + %{dip} \ + install -m 0755 -d %{buildroot}/usr/lib/ %{buildroot}/usr/src/ \ + cp -al %{finddebugroot}/usr/lib/debug/ \\\ + %{buildroot}/usr/lib/debug/ \ + cp -al %{finddebugroot}/usr/src/debug/ \\\ + %{buildroot}/usr/src/debug/ ) \ + mv %{finddebugroot}/usr/bin %{buildroot}/usr/bin \ + mv %{finddebugroot}/usr/sbin %{buildroot}/usr/sbin \ + %{nil} + +%undefine buildsubdir + +%pre tools +if [ -f /boot/grub2/user.cfg ]; then + if grep -q '^GRUB_PASSWORD=' /boot/grub2/user.cfg ; then + sed -i 's/^GRUB_PASSWORD=/GRUB2_PASSWORD=/' /boot/grub2/user.cfg + fi +elif [ -f %{efi_esp_dir}/user.cfg ]; then + if grep -q '^GRUB_PASSWORD=' %{efi_esp_dir}/user.cfg ; then + sed -i 's/^GRUB_PASSWORD=/GRUB2_PASSWORD=/' \ + %{efi_esp_dir}/user.cfg + fi +elif [ -f /etc/grub.d/01_users ] && \ + grep -q '^password_pbkdf2 root' /etc/grub.d/01_users ; then + if [ -f %{efi_esp_dir}/grub.cfg ]; then + # on EFI we don't get permissions on the file, but + # the directory is protected. + grep '^password_pbkdf2 root' /etc/grub.d/01_users | \ + sed 's/^password_pbkdf2 root \(.*\)$/GRUB2_PASSWORD=\1/' \ + > %{efi_esp_dir}/user.cfg + fi + if [ -f /boot/grub2/grub.cfg ]; then + install -m 0600 /dev/null /boot/grub2/user.cfg + chmod 0600 /boot/grub2/user.cfg + grep '^password_pbkdf2 root' /etc/grub.d/01_users | \ + sed 's/^password_pbkdf2 root \(.*\)$/GRUB2_PASSWORD=\1/' \ + > /boot/grub2/user.cfg + fi +fi + +%triggerun -- grub2 < 1:1.99-4 +# grub2 < 1.99-4 removed a number of essential files in postun. To fix upgrades +# from the affected grub2 packages, we first back up the files in triggerun and +# later restore them in triggerpostun. +# https://bugzilla.redhat.com/show_bug.cgi?id=735259 + +# Back up the files before uninstalling old grub2 +mkdir -p /boot/grub2.tmp && +mv -f /boot/grub2/*.mod \ + /boot/grub2/*.img \ + /boot/grub2/*.lst \ + /boot/grub2/device.map \ + /boot/grub2.tmp/ || : + +%triggerpostun -- grub2 < 1:1.99-4 +# ... and restore the files. +test ! -f /boot/grub2/device.map && +test -d /boot/grub2.tmp && +mv -f /boot/grub2.tmp/*.mod \ + /boot/grub2.tmp/*.img \ + /boot/grub2.tmp/*.lst \ + /boot/grub2.tmp/device.map \ + /boot/grub2/ && +rm -r /boot/grub2.tmp/ || : + +%posttrans common +set -eu + +EFI_HOME=%{efi_esp_dir} +GRUB_HOME=/boot/grub2 +ESP_PATH=/boot/efi + +if ! mountpoint -q ${ESP_PATH}; then + exit 0 # no ESP mounted, nothing to do +fi + +if test ! -f ${EFI_HOME}/grub.cfg; then + # there's no config in ESP, create one + grub2-mkconfig -o ${EFI_HOME}/grub.cfg + cp -a ${EFI_HOME}/grub.cfg ${EFI_HOME}/grub.cfg.rpmsave + cp -a ${EFI_HOME}/grub.cfg ${GRUB_HOME}/ +fi + +if (((grep -q "configfile" ${EFI_HOME}/grub.cfg && grep -q "root-dev-only" ${EFI_HOME}/grub.cfg) || grep -q "source" ${EFI_HOME}/grub.cfg) && ! grep -q "# It is automatically generated by grub2-mkconfig using templates" ${EFI_HOME}/grub.cfg); then + exit 0 #Already unified +fi + +# create a stub grub2 config in EFI +BOOT_UUID=$(grub2-probe --target=fs_uuid ${GRUB_HOME}) +GRUB_DIR=$(grub2-mkrelpath ${GRUB_HOME}) + +cat << EOF > ${EFI_HOME}/grub.cfg.stb +search --no-floppy --root-dev-only --fs-uuid --set=dev ${BOOT_UUID} +set prefix=(\$dev)${GRUB_DIR} +export \$prefix +configfile \$prefix/grub.cfg +EOF + +if test -f ${EFI_HOME}/grubenv; then + cp -a ${EFI_HOME}/grubenv ${EFI_HOME}/grubenv.rpmsave + mv --force ${EFI_HOME}/grubenv ${GRUB_HOME}/grubenv +fi + +cp -a ${EFI_HOME}/grub.cfg ${EFI_HOME}/grub.cfg.rpmsave +if test ! -f ${GRUB_HOME}/grub.cfg; then + cp -a ${EFI_HOME}/grub.cfg ${GRUB_HOME}/ +fi +mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg + +# XXX: the following line is missing `-f grub.lang` at the end +%files common +%dir %{_libdir}/grub/ +%dir %{_datarootdir}/grub/ +%attr(0700,root,root) %dir %{_sysconfdir}/grub.d +%{_prefix}/lib/kernel/install.d/20-grub.install +%{_prefix}/lib/kernel/install.d/99-grub-mkconfig.install +%dir %{_datarootdir}/grub +%exclude %{_datarootdir}/grub/* +%dir /boot/grub2 +%dir /boot/grub2/themes/ +%dir /boot/grub2/themes/system +%attr(0700,root,root) %dir /boot/grub2 +%exclude /boot/grub2/* +%dir %attr(0700,root,root) %{efi_esp_dir} +%exclude %{efi_esp_dir}/* +%ghost %config(noreplace) %verify(not size mode md5 mtime) /boot/grub2/grubenv +%license COPYING +%doc THANKS +%doc docs/grub.html +%doc docs/grub-dev.html +%doc docs/font_char_metrics.png + +%files tools-minimal +%{_sysconfdir}/prelink.conf.d/grub2.conf +%{_sbindir}/grub2-get-kernel-settings +%{_sbindir}/grub2-probe +%attr(4755, root, root) %{_sbindir}/grub2-set-bootflag +%{_sbindir}/grub2-set-default +%{_sbindir}/grub2-set*password +%{_bindir}/grub2-editenv +%{_bindir}/grub2-mkpasswd-pbkdf2 +%{_bindir}/grub2-mount +%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/grub2-tools-minimal.conf + +%{_datadir}/man/man3/grub2-get-kernel-settings* +%{_datadir}/man/man8/grub2-set-default* +%{_datadir}/man/man8/grub2-set*password* +%{_datadir}/man/man1/grub2-editenv* +%{_datadir}/man/man1/grub2-mkpasswd-* + +%ifarch x86_64 +%files tools-efi +%{_bindir}/grub2-glue-efi +%{_bindir}/grub2-render-label +%{_sbindir}/grub2-macbless +%{_datadir}/man/man1/grub2-glue-efi* +%{_datadir}/man/man1/grub2-render-label* +%{_datadir}/man/man8/grub2-macbless* +%endif + +%files tools +%attr(0644,root,root) %ghost %config(noreplace) %{_sysconfdir}/default/grub +%config %{_sysconfdir}/grub.d/??_* +%{_sysconfdir}/grub.d/README +%{_userunitdir}/grub-boot-success.timer +%{_userunitdir}/grub-boot-success.service +%{_userunitdir}/timers.target.wants +%{_unitdir}/grub-boot-indeterminate.service +%{_unitdir}/system-update.target.wants +%{_unitdir}/grub2-systemd-integration.service +%{_unitdir}/reboot.target.wants +%{_unitdir}/systemd-logind.service.d +%{_infodir}/grub* +%{_datarootdir}/grub/* +%{_sbindir}/grub2-install +%exclude %{_datarootdir}/grub/themes +%exclude %{_datarootdir}/grub/*.h +%{_datarootdir}/bash-completion/completions/grub* +%{_sbindir}/grub2-mkconfig +%{_sbindir}/grub2-reboot +%{_bindir}/grub2-file +%{_bindir}/grub2-menulst2cfg +%{_bindir}/grub2-mkimage +%{_bindir}/grub2-mkrelpath +%{_bindir}/grub2-script-check +%{_libexecdir}/grub2 +%{_datadir}/man/man?/* + +# exclude man pages from tools-extra +%exclude %{_datadir}/man/man8/grub2-sparc64-setup* +%exclude %{_datadir}/man/man1/grub2-fstest* +%exclude %{_datadir}/man/man1/grub2-glue-efi* +%exclude %{_datadir}/man/man1/grub2-kbdcomp* +%exclude %{_datadir}/man/man1/grub2-mkfont* +%exclude %{_datadir}/man/man1/grub2-mklayout* +%exclude %{_datadir}/man/man1/grub2-mknetdir* +%exclude %{_datadir}/man/man1/grub2-mkrescue* +%exclude %{_datadir}/man/man1/grub2-mkstandalone* +%exclude %{_datadir}/man/man1/grub2-syslinux2cfg* + +# exclude man pages from tools-minimal +%exclude %{_datadir}/man/man3/grub2-get-kernel-settings* +%exclude %{_datadir}/man/man8/grub2-set-default* +%exclude %{_datadir}/man/man8/grub2-set*password* +%exclude %{_datadir}/man/man1/grub2-editenv* +%exclude %{_datadir}/man/man1/grub2-mkpasswd-* +%exclude %{_datadir}/man/man8/grub2-macbless* +%exclude %{_datadir}/man/man1/grub2-render-label* + +%if %{with_legacy_arch} +%{_sbindir}/grub2-install +%ifarch x86_64 +%{_sbindir}/grub2-bios-setup +%else +%exclude %{_sbindir}/grub2-bios-setup +%exclude %{_datadir}/man/man8/grub2-bios-setup* +%endif +%ifarch %{sparc} +%{_sbindir}/grub2-sparc64-setup +%else +%exclude %{_sbindir}/grub2-sparc64-setup +%exclude %{_datadir}/man/man8/grub2-sparc64-setup* +%endif +%ifarch %{sparc} ppc ppc64 ppc64le +%{_sbindir}/grub2-ofpathname +%else +%exclude %{_sbindir}/grub2-ofpathname +%exclude %{_datadir}/man/man8/grub2-ofpathname* +%endif +%endif + +%files tools-extra +%{_bindir}/grub2-fstest +%{_bindir}/grub2-kbdcomp +%{_bindir}/grub2-mkfont +%{_bindir}/grub2-mklayout +%{_bindir}/grub2-mknetdir +%ifnarch %{sparc} +%{_bindir}/grub2-mkrescue +%{_datadir}/man/man1/grub2-mkrescue* +%else +%exclude %{_datadir}/man/man1/grub2-mkrescue* +%endif +%{_bindir}/grub2-mkstandalone +%{_bindir}/grub2-syslinux2cfg +%{_sysconfdir}/sysconfig/grub +%{_datadir}/man/man1/grub2-fstest* +%{_datadir}/man/man1/grub2-kbdcomp* +%{_datadir}/man/man1/grub2-mkfont* +%{_datadir}/man/man1/grub2-mklayout* +%{_datadir}/man/man1/grub2-mknetdir* +%{_datadir}/man/man1/grub2-mkstandalone* +%{_datadir}/man/man1/grub2-syslinux2cfg* +%exclude %{_bindir}/grub2-glue-efi +%exclude %{_sbindir}/grub2-sparc64-setup +%exclude %{_sbindir}/grub2-ofpathname +%exclude %{_datadir}/man/man1/grub2-glue-efi* +%exclude %{_datadir}/man/man8/grub2-ofpathname* +%exclude %{_datadir}/man/man8/grub2-sparc64-setup* +%exclude %{_datarootdir}/grub/themes/starfield + +%if 0%{with_efi_arch} +%{expand:%define_efi_variant_files %%{package_arch} %%{grubefiname} %%{grubeficdname} %%{grubefiarch} %%{target_cpu_name} %%{grub_target_name} %%{efiarch}} +%endif +%if 0%{with_alt_efi_arch} +%{expand:%define_efi_variant_files %%{alt_package_arch} %%{grubaltefiname} %%{grubalteficdname} %%{grubaltefiarch} %%{alt_target_cpu_name} %%{alt_grub_target_name} %%{alt_efi_arch}} +%endif +%if 0%{with_legacy_arch} +%{expand:%define_legacy_variant_files %%{legacy_package_arch} %%{grublegacyarch}} +%endif + +%if 0%{with_emu_arch} +%files emu +%{_bindir}/grub2-emu* +%{_datadir}/man/man1/grub2-emu* + +%files emu-modules +%{_libdir}/grub/%{emuarch}-emu/* +%exclude %{_libdir}/grub/%{emuarch}-emu/*.module +%endif + +%changelog +@CHANGELOG@ diff --git a/qubesos/bootstrap b/qubesos/bootstrap new file mode 100755 index 000000000..5b08e7e2d --- /dev/null +++ b/qubesos/bootstrap @@ -0,0 +1,1073 @@ +#! /bin/sh +# Print a version string. +scriptversion=2019-01-04.17; # UTC + +# Bootstrap this package from checked-out sources. + +# Copyright (C) 2003-2019 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Originally written by Paul Eggert. The canonical version of this +# script is maintained as build-aux/bootstrap in gnulib, however, to +# be useful to your project, you should place a copy of it under +# version control in the top-level directory of your project. The +# intent is that all customization can be done with a bootstrap.conf +# file also maintained in your version control; gnulib comes with a +# template build-aux/bootstrap.conf to get you started. + +# Please report bugs or propose patches to bug-gnulib@gnu.org. + +nl=' +' + +# Ensure file names are sorted consistently across platforms. +LC_ALL=C +export LC_ALL + +# Ensure that CDPATH is not set. Otherwise, the output from cd +# would cause trouble in at least one use below. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +local_gl_dir=gl + +# Honor $PERL, but work even if there is none. +PERL="${PERL-perl}" + +me=$0 + +default_gnulib_url=git://git.sv.gnu.org/gnulib + +usage() { + cat <&2 +} + +# warn_ WORD1... +warn_ () +{ + # If IFS does not start with ' ', set it and emit the warning in a subshell. + case $IFS in + ' '*) warnf_ '%s\n' "$*";; + *) (IFS=' '; warn_ "$@");; + esac +} + +# die WORD1... +die() { warn_ "$@"; exit 1; } + +# Configuration. + +# Name of the Makefile.am +gnulib_mk=gnulib.mk + +# List of gnulib modules needed. +gnulib_modules= + +# Any gnulib files needed that are not in modules. +gnulib_files= + +: ${AUTOPOINT=autopoint} +: ${AUTORECONF=autoreconf} + +# A function to be called right after gnulib-tool is run. +# Override it via your own definition in bootstrap.conf. +bootstrap_post_import_hook() { :; } + +# A function to be called after everything else in this script. +# Override it via your own definition in bootstrap.conf. +bootstrap_epilogue() { :; } + +# The command to download all .po files for a specified domain into a +# specified directory. Fill in the first %s with the destination +# directory and the second with the domain name. +po_download_command_format=\ +"wget --mirror --level=1 -nd -q -A.po -P '%s' \ + https://translationproject.org/latest/%s/" + +# Prefer a non-empty tarname (4th argument of AC_INIT if given), else +# fall back to the package name (1st argument with munging) +extract_package_name=' + /^AC_INIT(\[*/{ + s/// + /^[^,]*,[^,]*,[^,]*,[ []*\([^][ ,)]\)/{ + s//\1/ + s/[],)].*// + p + q + } + s/[],)].*// + s/^GNU // + y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ + s/[^abcdefghijklmnopqrstuvwxyz0123456789_]/-/g + p + } +' +package=$(sed -n "$extract_package_name" configure.ac) \ + || die 'cannot find package name in configure.ac' +gnulib_name=lib$package + +build_aux=build-aux +source_base=lib +m4_base=m4 +doc_base=doc +tests_base=tests +gnulib_extra_files=" + build-aux/install-sh + build-aux/mdate-sh + build-aux/texinfo.tex + build-aux/depcomp + build-aux/config.guess + build-aux/config.sub + doc/INSTALL +" + +# Additional gnulib-tool options to use. Use "\newline" to break lines. +gnulib_tool_option_extras= + +# Other locale categories that need message catalogs. +EXTRA_LOCALE_CATEGORIES= + +# Additional xgettext options to use. Use "\\\newline" to break lines. +XGETTEXT_OPTIONS='\\\ + --flag=_:1:pass-c-format\\\ + --flag=N_:1:pass-c-format\\\ + --flag=error:3:c-format --flag=error_at_line:5:c-format\\\ +' + +# Package bug report address and copyright holder for gettext files +COPYRIGHT_HOLDER='Free Software Foundation, Inc.' +MSGID_BUGS_ADDRESS=bug-$package@gnu.org + +# Files we don't want to import. +excluded_files= + +# File that should exist in the top directory of a checked out hierarchy, +# but not in a distribution tarball. +checkout_only_file=README-hacking + +# Whether to use copies instead of symlinks. +copy=false + +# Set this to '.cvsignore .gitignore' in bootstrap.conf if you want +# those files to be generated in directories like lib/, m4/, and po/. +# Or set it to 'auto' to make this script select which to use based +# on which version control system (if any) is used in the source directory. +vc_ignore=auto + +# Set this to true in bootstrap.conf to enable --bootstrap-sync by +# default. +bootstrap_sync=false + +# Use git to update gnulib sources +use_git=true + +check_exists() { + if test "$1" = "--verbose"; then + ($2 --version /dev/null 2>&1 + if test $? -ge 126; then + # If not found, run with diagnostics as one may be + # presented with env variables to set to find the right version + ($2 --version /dev/null 2>&1 + fi + + test $? -lt 126 +} + +# find_tool ENVVAR NAMES... +# ------------------------- +# Search for a required program. Use the value of ENVVAR, if set, +# otherwise find the first of the NAMES that can be run. +# If found, set ENVVAR to the program name, die otherwise. +# +# FIXME: code duplication, see also gnu-web-doc-update. +find_tool () +{ + find_tool_envvar=$1 + shift + find_tool_names=$@ + eval "find_tool_res=\$$find_tool_envvar" + if test x"$find_tool_res" = x; then + for i; do + if check_exists $i; then + find_tool_res=$i + break + fi + done + fi + if test x"$find_tool_res" = x; then + warn_ "one of these is required: $find_tool_names;" + die "alternatively set $find_tool_envvar to a compatible tool" + fi + eval "$find_tool_envvar=\$find_tool_res" + eval "export $find_tool_envvar" +} + +# Override the default configuration, if necessary. +# Make sure that bootstrap.conf is sourced from the current directory +# if we were invoked as "sh bootstrap". +case "$0" in + */*) test -r "$0.conf" && . "$0.conf" ;; + *) test -r "$0.conf" && . ./"$0.conf" ;; +esac + +if test "$vc_ignore" = auto; then + vc_ignore= + test -d .git && vc_ignore=.gitignore + test -d CVS && vc_ignore="$vc_ignore .cvsignore" +fi + +if test x"$gnulib_modules$gnulib_files$gnulib_extra_files" = x; then + use_gnulib=false +else + use_gnulib=true +fi + +# Translate configuration into internal form. + +# Parse options. + +for option +do + case $option in + --help) + usage + exit;; + --gnulib-srcdir=*) + GNULIB_SRCDIR=${option#--gnulib-srcdir=};; + --skip-po) + SKIP_PO=t;; + --force) + checkout_only_file=;; + --copy) + copy=true;; + --bootstrap-sync) + bootstrap_sync=true;; + --no-bootstrap-sync) + bootstrap_sync=false;; + --no-git) + use_git=false;; + *) + die "$option: unknown option";; + esac +done + +$use_git || test -d "$GNULIB_SRCDIR" \ + || die "Error: --no-git requires --gnulib-srcdir" + +if test -n "$checkout_only_file" && test ! -r "$checkout_only_file"; then + die "Bootstrapping from a non-checked-out distribution is risky." +fi + +# Strip blank and comment lines to leave significant entries. +gitignore_entries() { + sed '/^#/d; /^$/d' "$@" +} + +# If $STR is not already on a line by itself in $FILE, insert it at the start. +# Entries are inserted at the start of the ignore list to ensure existing +# entries starting with ! are not overridden. Such entries support +# whitelisting exceptions after a more generic blacklist pattern. +insert_if_absent() { + file=$1 + str=$2 + test -f $file || touch $file + test -r $file || die "Error: failed to read ignore file: $file" + duplicate_entries=$(gitignore_entries $file | sort | uniq -d) + if [ "$duplicate_entries" ] ; then + die "Error: Duplicate entries in $file: " $duplicate_entries + fi + linesold=$(gitignore_entries $file | wc -l) + linesnew=$( { echo "$str"; cat $file; } | gitignore_entries | sort -u | wc -l) + if [ $linesold != $linesnew ] ; then + { echo "$str" | cat - $file > $file.bak && mv $file.bak $file; } \ + || die "insert_if_absent $file $str: failed" + fi +} + +# Adjust $PATTERN for $VC_IGNORE_FILE and insert it with +# insert_if_absent. +insert_vc_ignore() { + vc_ignore_file="$1" + pattern="$2" + case $vc_ignore_file in + *.gitignore) + # A .gitignore entry that does not start with '/' applies + # recursively to subdirectories, so prepend '/' to every + # .gitignore entry. + pattern=$(echo "$pattern" | sed s,^,/,);; + esac + insert_if_absent "$vc_ignore_file" "$pattern" +} + +# Die if there is no AC_CONFIG_AUX_DIR($build_aux) line in configure.ac. +found_aux_dir=no +grep '^[ ]*AC_CONFIG_AUX_DIR(\['"$build_aux"'\])' configure.ac \ + >/dev/null && found_aux_dir=yes +grep '^[ ]*AC_CONFIG_AUX_DIR('"$build_aux"')' configure.ac \ + >/dev/null && found_aux_dir=yes +test $found_aux_dir = yes \ + || die "configure.ac lacks 'AC_CONFIG_AUX_DIR([$build_aux])'; add it" + +# If $build_aux doesn't exist, create it now, otherwise some bits +# below will malfunction. If creating it, also mark it as ignored. +if test ! -d $build_aux; then + mkdir $build_aux + for dot_ig in x $vc_ignore; do + test $dot_ig = x && continue + insert_vc_ignore $dot_ig $build_aux + done +fi + +# Note this deviates from the version comparison in automake +# in that it treats 1.5 < 1.5.0, and treats 1.4.4a < 1.4-p3a +# but this should suffice as we won't be specifying old +# version formats or redundant trailing .0 in bootstrap.conf. +# If we did want full compatibility then we should probably +# use m4_version_compare from autoconf. +sort_ver() { # sort -V is not generally available + ver1="$1" + ver2="$2" + + # split on '.' and compare each component + i=1 + while : ; do + p1=$(echo "$ver1" | cut -d. -f$i) + p2=$(echo "$ver2" | cut -d. -f$i) + if [ ! "$p1" ]; then + echo "$1 $2" + break + elif [ ! "$p2" ]; then + echo "$2 $1" + break + elif [ ! "$p1" = "$p2" ]; then + if [ "$p1" -gt "$p2" ] 2>/dev/null; then # numeric comparison + echo "$2 $1" + elif [ "$p2" -gt "$p1" ] 2>/dev/null; then # numeric comparison + echo "$1 $2" + else # numeric, then lexicographic comparison + lp=$(printf "$p1\n$p2\n" | LANG=C sort -n | tail -n1) + if [ "$lp" = "$p2" ]; then + echo "$1 $2" + else + echo "$2 $1" + fi + fi + break + fi + i=$(($i+1)) + done +} + +get_version_sed=' +# Move version to start of line. +s/.*[v ]\([0-9]\)/\1/ + +# Skip lines that do not start with version. +/^[0-9]/!d + +# Remove characters after the version. +s/[^.a-z0-9-].*// + +# The first component must be digits only. +s/^\([0-9]*\)[a-z-].*/\1/ + +#the following essentially does s/5.005/5.5/ +s/\.0*\([1-9]\)/.\1/g +p +q' + +get_version() { + app=$1 + + $app --version >/dev/null 2>&1 || { $app --version; return 1; } + + $app --version 2>&1 | sed -n "$get_version_sed" +} + +check_versions() { + ret=0 + + while read app req_ver; do + # We only need libtoolize from the libtool package. + if test "$app" = libtool; then + app=libtoolize + fi + # Exempt git if --no-git is in effect. + if test "$app" = git; then + $use_git || continue + fi + # Honor $APP variables ($TAR, $AUTOCONF, etc.) + appvar=$(echo $app | LC_ALL=C tr '[a-z]-' '[A-Z]_') + test "$appvar" = TAR && appvar=AMTAR + case $appvar in + GZIP) ;; # Do not use $GZIP: it contains gzip options. + PERL::*) ;; # Keep perl modules as-is + *) eval "app=\${$appvar-$app}" ;; + esac + + # Handle the still-experimental Automake-NG programs specially. + # They remain named as the mainstream Automake programs ("automake", + # and "aclocal") to avoid gratuitous incompatibilities with + # pre-existing usages (by, say, autoreconf, or custom autogen.sh + # scripts), but correctly identify themselves (as being part of + # "GNU automake-ng") when asked their version. + case $app in + automake-ng|aclocal-ng) + app=${app%-ng} + ($app --version | grep '(GNU automake-ng)') >/dev/null 2>&1 || { + warn_ "Error: '$app' not found or not from Automake-NG" + ret=1 + continue + } ;; + # Another check is for perl modules. These can be written as + # e.g. perl::XML::XPath in case of XML::XPath module, etc. + perl::*) + # Extract module name + app="${app#perl::}" + if ! $PERL -m"$app" -e 'exit 0' >/dev/null 2>&1; then + warn_ "Error: perl module '$app' not found" + ret=1 + fi + continue + ;; + esac + if [ "$req_ver" = "-" ]; then + # Merely require app to exist; not all prereq apps are well-behaved + # so we have to rely on $? rather than get_version. + if ! check_exists --verbose $app; then + warn_ "Error: '$app' not found" + ret=1 + fi + else + # Require app to produce a new enough version string. + inst_ver=$(get_version $app) + if [ ! "$inst_ver" ]; then + warn_ "Error: '$app' not found" + ret=1 + else + latest_ver=$(sort_ver $req_ver $inst_ver | cut -d' ' -f2) + if [ ! "$latest_ver" = "$inst_ver" ]; then + warnf_ '%s\n' \ + "Error: '$app' version == $inst_ver is too old" \ + " '$app' version >= $req_ver is required" + ret=1 + fi + fi + fi + done + + return $ret +} + +print_versions() { + echo "Program Min_version" + echo "----------------------" + printf %s "$buildreq" + echo "----------------------" + # can't depend on column -t +} + +# Find sha1sum, named gsha1sum on MacPorts, shasum on Mac OS X 10.6. +# Also find the compatible sha1 utility on the BSDs +if test x"$SKIP_PO" = x; then + find_tool SHA1SUM sha1sum gsha1sum shasum sha1 +fi + +use_libtool=0 +# We'd like to use grep -E, to see if any of LT_INIT, +# AC_PROG_LIBTOOL, AM_PROG_LIBTOOL is used in configure.ac, +# but that's not portable enough (e.g., for Solaris). +grep '^[ ]*A[CM]_PROG_LIBTOOL' configure.ac >/dev/null \ + && use_libtool=1 +grep '^[ ]*LT_INIT' configure.ac >/dev/null \ + && use_libtool=1 +if test $use_libtool = 1; then + find_tool LIBTOOLIZE glibtoolize libtoolize +fi + +# gnulib-tool requires at least automake and autoconf. +# If either is not listed, add it (with minimum version) as a prerequisite. +case $buildreq in + *automake*) ;; + *) buildreq="automake 1.9 +$buildreq" ;; +esac +case $buildreq in + *autoconf*) ;; + *) buildreq="autoconf 2.59 +$buildreq" ;; +esac + +# When we can deduce that gnulib-tool will require patch, +# and when patch is not already listed as a prerequisite, add it, too. +if test -d "$local_gl_dir" \ + && ! find "$local_gl_dir" -name '*.diff' -exec false {} +; then + case $buildreq in + *patch*) ;; + *) buildreq="patch - +$buildreq" ;; + esac +fi + +if ! printf "$buildreq" | check_versions; then + echo >&2 + if test -f README-prereq; then + die "See README-prereq for how to get the prerequisite programs" + else + die "Please install the prerequisite programs" + fi +fi + +# Warn the user if autom4te appears to be broken; this causes known +# issues with at least gettext 0.18.3. +probe=$(echo 'm4_quote([hi])' | autom4te -l M4sugar -t 'm4_quote:$%' -) +if test "x$probe" != xhi; then + warn_ "WARNING: your autom4te wrapper eats stdin;" + warn_ "if bootstrap fails, consider upgrading your autotools" +fi + +echo "$0: Bootstrapping from checked-out $package sources..." + +# See if we can use gnulib's git-merge-changelog merge driver. +if $use_git && test -d .git && check_exists git; then + if git config merge.merge-changelog.driver >/dev/null ; then + : + elif check_exists git-merge-changelog; then + echo "$0: initializing git-merge-changelog driver" + git config merge.merge-changelog.name 'GNU-style ChangeLog merge driver' + git config merge.merge-changelog.driver 'git-merge-changelog %O %A %B' + else + echo "$0: consider installing git-merge-changelog from gnulib" + fi +fi + + +cleanup_gnulib() { + status=$? + rm -fr "$gnulib_path" + exit $status +} + +git_modules_config () { + test -f .gitmodules && git config --file .gitmodules "$@" +} + +if $use_gnulib; then + if $use_git; then + gnulib_path=$(git_modules_config submodule.gnulib.path) + test -z "$gnulib_path" && gnulib_path=gnulib + fi + + # Get gnulib files. Populate $GNULIB_SRCDIR, possibly updating a + # submodule, for use in the rest of the script. + + case ${GNULIB_SRCDIR--} in + -) + # Note that $use_git is necessarily true in this case. + if git_modules_config submodule.gnulib.url >/dev/null; then + echo "$0: getting gnulib files..." + git submodule init -- "$gnulib_path" || exit $? + git submodule update -- "$gnulib_path" || exit $? + + elif [ ! -d "$gnulib_path" ]; then + echo "$0: getting gnulib files..." + + trap cleanup_gnulib 1 2 13 15 + + shallow= + if test -z "$GNULIB_REVISION"; then + git clone -h 2>&1 | grep -- --depth > /dev/null && shallow='--depth 2' + fi + git clone $shallow ${GNULIB_URL:-$default_gnulib_url} "$gnulib_path" \ + || cleanup_gnulib + + trap - 1 2 13 15 + fi + GNULIB_SRCDIR=$gnulib_path + ;; + *) + # Use GNULIB_SRCDIR directly or as a reference. + if $use_git && test -d "$GNULIB_SRCDIR"/.git && \ + git_modules_config submodule.gnulib.url >/dev/null; then + echo "$0: getting gnulib files..." + if git submodule -h|grep -- --reference > /dev/null; then + # Prefer the one-liner available in git 1.6.4 or newer. + git submodule update --init --reference "$GNULIB_SRCDIR" \ + "$gnulib_path" || exit $? + else + # This fallback allows at least git 1.5.5. + if test -f "$gnulib_path"/gnulib-tool; then + # Since file already exists, assume submodule init already complete. + git submodule update -- "$gnulib_path" || exit $? + else + # Older git can't clone into an empty directory. + rmdir "$gnulib_path" 2>/dev/null + git clone --reference "$GNULIB_SRCDIR" \ + "$(git_modules_config submodule.gnulib.url)" "$gnulib_path" \ + && git submodule init -- "$gnulib_path" \ + && git submodule update -- "$gnulib_path" \ + || exit $? + fi + fi + GNULIB_SRCDIR=$gnulib_path + fi + ;; + esac + + if test -d "$GNULIB_SRCDIR"/.git && test -n "$GNULIB_REVISION" \ + && ! git_modules_config submodule.gnulib.url >/dev/null; then + (cd "$GNULIB_SRCDIR" && git checkout "$GNULIB_REVISION") || cleanup_gnulib + fi + + # $GNULIB_SRCDIR now points to the version of gnulib to use, and + # we no longer need to use git or $gnulib_path below here. + + if $bootstrap_sync; then + cmp -s "$0" "$GNULIB_SRCDIR/build-aux/bootstrap" || { + echo "$0: updating bootstrap and restarting..." + case $(sh -c 'echo "$1"' -- a) in + a) ignored=--;; + *) ignored=ignored;; + esac + exec sh -c \ + 'cp "$1" "$2" && shift && exec "${CONFIG_SHELL-/bin/sh}" "$@"' \ + $ignored "$GNULIB_SRCDIR/build-aux/bootstrap" \ + "$0" "$@" --no-bootstrap-sync + } + fi + + gnulib_tool=$GNULIB_SRCDIR/gnulib-tool + <$gnulib_tool || exit $? +fi + +# Get translations. + +download_po_files() { + subdir=$1 + domain=$2 + echo "$me: getting translations into $subdir for $domain..." + cmd=$(printf "$po_download_command_format" "$subdir" "$domain") + eval "$cmd" +} + +# Mirror .po files to $po_dir/.reference and copy only the new +# or modified ones into $po_dir. Also update $po_dir/LINGUAS. +# Note po files that exist locally only are left in $po_dir but will +# not be included in LINGUAS and hence will not be distributed. +update_po_files() { + # Directory containing primary .po files. + # Overwrite them only when we're sure a .po file is new. + po_dir=$1 + domain=$2 + + # Mirror *.po files into this dir. + # Usually contains *.s1 checksum files. + ref_po_dir="$po_dir/.reference" + + test -d $ref_po_dir || mkdir $ref_po_dir || return + download_po_files $ref_po_dir $domain \ + && ls "$ref_po_dir"/*.po 2>/dev/null | + sed 's|.*/||; s|\.po$||' > "$po_dir/LINGUAS" || return + + langs=$(cd $ref_po_dir && echo *.po | sed 's/\.po//g') + test "$langs" = '*' && langs=x + for po in $langs; do + case $po in x) continue;; esac + new_po="$ref_po_dir/$po.po" + cksum_file="$ref_po_dir/$po.s1" + if ! test -f "$cksum_file" || + ! test -f "$po_dir/$po.po" || + ! $SHA1SUM -c "$cksum_file" < "$new_po" > /dev/null 2>&1; then + echo "$me: updated $po_dir/$po.po..." + cp "$new_po" "$po_dir/$po.po" \ + && $SHA1SUM < "$new_po" > "$cksum_file" || return + fi + done +} + +case $SKIP_PO in +'') + if test -d po; then + update_po_files po $package || exit + fi + + if test -d runtime-po; then + update_po_files runtime-po $package-runtime || exit + fi;; +esac + +symlink_to_dir() +{ + src=$1/$2 + dst=${3-$2} + + test -f "$src" && { + + # If the destination directory doesn't exist, create it. + # This is required at least for "lib/uniwidth/cjk.h". + dst_dir=$(dirname "$dst") + if ! test -d "$dst_dir"; then + mkdir -p "$dst_dir" + + # If we've just created a directory like lib/uniwidth, + # tell version control system(s) it's ignorable. + # FIXME: for now, this does only one level + parent=$(dirname "$dst_dir") + for dot_ig in x $vc_ignore; do + test $dot_ig = x && continue + ig=$parent/$dot_ig + insert_vc_ignore $ig "${dst_dir##*/}" + done + fi + + if $copy; then + { + test ! -h "$dst" || { + echo "$me: rm -f $dst" && + rm -f "$dst" + } + } && + test -f "$dst" && + cmp -s "$src" "$dst" || { + echo "$me: cp -fp $src $dst" && + cp -fp "$src" "$dst" + } + else + # Leave any existing symlink alone, if it already points to the source, + # so that broken build tools that care about symlink times + # aren't confused into doing unnecessary builds. Conversely, if the + # existing symlink's timestamp is older than the source, make it afresh, + # so that broken tools aren't confused into skipping needed builds. See + # . + test -h "$dst" && + src_ls=$(ls -diL "$src" 2>/dev/null) && set $src_ls && src_i=$1 && + dst_ls=$(ls -diL "$dst" 2>/dev/null) && set $dst_ls && dst_i=$1 && + test "$src_i" = "$dst_i" && + both_ls=$(ls -dt "$src" "$dst") && + test "X$both_ls" = "X$dst$nl$src" || { + dot_dots= + case $src in + /*) ;; + *) + case /$dst/ in + *//* | */../* | */./* | /*/*/*/*/*/) + die "invalid symlink calculation: $src -> $dst";; + /*/*/*/*/) dot_dots=../../../;; + /*/*/*/) dot_dots=../../;; + /*/*/) dot_dots=../;; + esac;; + esac + + echo "$me: ln -fs $dot_dots$src $dst" && + ln -fs "$dot_dots$src" "$dst" + } + fi + } +} + +version_controlled_file() { + parent=$1 + file=$2 + if test -d .git; then + git rm -n "$file" > /dev/null 2>&1 + elif test -d .svn; then + svn log -r HEAD "$file" > /dev/null 2>&1 + elif test -d CVS; then + grep -F "/${file##*/}/" "$parent/CVS/Entries" 2>/dev/null | + grep '^/[^/]*/[0-9]' > /dev/null + else + warn_ "no version control for $file?" + false + fi +} + +# NOTE: we have to be careful to run both autopoint and libtoolize +# before gnulib-tool, since gnulib-tool is likely to provide newer +# versions of files "installed" by these two programs. +# Then, *after* gnulib-tool (see below), we have to be careful to +# run autoreconf in such a way that it does not run either of these +# two just-pre-run programs. + +# Import from gettext. +with_gettext=yes +grep '^[ ]*AM_GNU_GETTEXT_VERSION(' configure.ac >/dev/null || \ + with_gettext=no + +if test $with_gettext = yes || test $use_libtool = 1; then + + tempbase=.bootstrap$$ + trap "rm -f $tempbase.0 $tempbase.1" 1 2 13 15 + + > $tempbase.0 > $tempbase.1 && + find . ! -type d -print | sort > $tempbase.0 || exit + + if test $with_gettext = yes; then + # Released autopoint has the tendency to install macros that have been + # obsoleted in current gnulib, so run this before gnulib-tool. + echo "$0: $AUTOPOINT --force" + $AUTOPOINT --force || exit + fi + + # Autoreconf runs aclocal before libtoolize, which causes spurious + # warnings if the initial aclocal is confused by the libtoolized + # (or worse out-of-date) macro directory. + # libtoolize 1.9b added the --install option; but we support back + # to libtoolize 1.5.22, where the install action was default. + if test $use_libtool = 1; then + install= + case $($LIBTOOLIZE --help) in + *--install*) install=--install ;; + esac + echo "running: $LIBTOOLIZE $install --copy" + $LIBTOOLIZE $install --copy + fi + + find . ! -type d -print | sort >$tempbase.1 + old_IFS=$IFS + IFS=$nl + for file in $(comm -13 $tempbase.0 $tempbase.1); do + IFS=$old_IFS + parent=${file%/*} + version_controlled_file "$parent" "$file" || { + for dot_ig in x $vc_ignore; do + test $dot_ig = x && continue + ig=$parent/$dot_ig + insert_vc_ignore "$ig" "${file##*/}" + done + } + done + IFS=$old_IFS + + rm -f $tempbase.0 $tempbase.1 + trap - 1 2 13 15 +fi + +# Import from gnulib. + +if $use_gnulib; then + gnulib_tool_options="\ + --no-changelog\ + --aux-dir=$build_aux\ + --doc-base=$doc_base\ + --lib=$gnulib_name\ + --m4-base=$m4_base/\ + --source-base=$source_base/\ + --tests-base=$tests_base\ + --local-dir=$local_gl_dir\ + $gnulib_tool_option_extras\ + " + if test $use_libtool = 1; then + case "$gnulib_tool_options " in + *' --libtool '*) ;; + *) gnulib_tool_options="$gnulib_tool_options --libtool" ;; + esac + fi + echo "$0: $gnulib_tool $gnulib_tool_options --import ..." + $gnulib_tool $gnulib_tool_options --import $gnulib_modules \ + || die "gnulib-tool failed" + + for file in $gnulib_files; do + symlink_to_dir "$GNULIB_SRCDIR" $file \ + || die "failed to symlink $file" + done +fi + +bootstrap_post_import_hook \ + || die "bootstrap_post_import_hook failed" + +# Don't proceed if there are uninitialized submodules. In particular, +# the next step will remove dangling links, which might be links into +# uninitialized submodules. +# +# Uninitialized submodules are listed with an initial dash. +if $use_git && git submodule | grep '^-' >/dev/null; then + die "some git submodules are not initialized. " \ + "Run 'git submodule init' and bootstrap again." +fi + +# Remove any dangling symlink matching "*.m4" or "*.[ch]" in some +# gnulib-populated directories. Such .m4 files would cause aclocal to fail. +# The following requires GNU find 4.2.3 or newer. Considering the usual +# portability constraints of this script, that may seem a very demanding +# requirement, but it should be ok. Ignore any failure, which is fine, +# since this is only a convenience to help developers avoid the relatively +# unusual case in which a symlinked-to .m4 file is git-removed from gnulib +# between successive runs of this script. +find "$m4_base" "$source_base" \ + -depth \( -name '*.m4' -o -name '*.[ch]' \) \ + -type l -xtype l -delete > /dev/null 2>&1 + +# Invoke autoreconf with --force --install to ensure upgrades of tools +# such as ylwrap. +AUTORECONFFLAGS="--verbose --install --force -I $m4_base $ACLOCAL_FLAGS" + +# Some systems (RHEL 5) are using ancient autotools, for which the +# --no-recursive option had not been invented. Detect that lack and +# omit the option when it's not supported. FIXME in 2017: remove this +# hack when RHEL 5 autotools are updated, or when they become irrelevant. +case $($AUTORECONF --help) in + *--no-recursive*) AUTORECONFFLAGS="$AUTORECONFFLAGS --no-recursive";; +esac + +# Tell autoreconf not to invoke autopoint or libtoolize; they were run above. +echo "running: AUTOPOINT=true LIBTOOLIZE=true $AUTORECONF $AUTORECONFFLAGS" +AUTOPOINT=true LIBTOOLIZE=true $AUTORECONF $AUTORECONFFLAGS \ + || die "autoreconf failed" + +# Get some extra files from gnulib, overriding existing files. +for file in $gnulib_extra_files; do + case $file in + */INSTALL) dst=INSTALL;; + build-aux/*) dst=$build_aux/${file#build-aux/};; + *) dst=$file;; + esac + symlink_to_dir "$GNULIB_SRCDIR" $file $dst \ + || die "failed to symlink $file" +done + +if test $with_gettext = yes; then + # Create gettext configuration. + echo "$0: Creating po/Makevars from po/Makevars.template ..." + rm -f po/Makevars + sed ' + /^EXTRA_LOCALE_CATEGORIES *=/s/=.*/= '"$EXTRA_LOCALE_CATEGORIES"'/ + /^COPYRIGHT_HOLDER *=/s/=.*/= '"$COPYRIGHT_HOLDER"'/ + /^MSGID_BUGS_ADDRESS *=/s|=.*|= '"$MSGID_BUGS_ADDRESS"'| + /^XGETTEXT_OPTIONS *=/{ + s/$/ \\/ + a\ + '"$XGETTEXT_OPTIONS"' $${end_of_xgettext_options+} + } + ' po/Makevars.template >po/Makevars \ + || die 'cannot generate po/Makevars' + + # If the 'gettext' module is in use, grab the latest Makefile.in.in. + # If only the 'gettext-h' module is in use, assume autopoint already + # put the correct version of this file into place. + case $gnulib_modules in + *gettext-h*) ;; + *gettext*) + cp $GNULIB_SRCDIR/build-aux/po/Makefile.in.in po/Makefile.in.in \ + || die "cannot create po/Makefile.in.in" + ;; + esac + + if test -d runtime-po; then + # Similarly for runtime-po/Makevars, but not quite the same. + rm -f runtime-po/Makevars + sed ' + /^DOMAIN *=.*/s/=.*/= '"$package"'-runtime/ + /^subdir *=.*/s/=.*/= runtime-po/ + /^MSGID_BUGS_ADDRESS *=/s/=.*/= bug-'"$package"'@gnu.org/ + /^XGETTEXT_OPTIONS *=/{ + s/$/ \\/ + a\ + '"$XGETTEXT_OPTIONS_RUNTIME"' $${end_of_xgettext_options+} + } + ' po/Makevars.template >runtime-po/Makevars \ + || die 'cannot generate runtime-po/Makevars' + + # Copy identical files from po to runtime-po. + (cd po && cp -p Makefile.in.in *-quot *.header *.sed *.sin ../runtime-po) + fi +fi + +bootstrap_epilogue + +echo "$0: done. Now you can run './configure'." + +# Local variables: +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC0" +# time-stamp-end: "; # UTC" +# End: diff --git a/qubesos/bootstrap.conf b/qubesos/bootstrap.conf new file mode 100644 index 000000000..6b043fc35 --- /dev/null +++ b/qubesos/bootstrap.conf @@ -0,0 +1,101 @@ +# Bootstrap configuration. + +# Copyright (C) 2006-2019 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +GNULIB_REVISION=d271f868a8df9bbec29049d01e056481b7a1a263 + +# gnulib modules used by this package. +# mbswidth is used by gnulib-fix-width.diff's changes to argp rather than +# directly. +gnulib_modules=" + argp + base64 + error + fnmatch + getdelim + getline + gettext-h + gitlog-to-changelog + mbswidth + progname + realloc-gnu + regex + save-cwd +" + +gnulib_tool_option_extras="\ + --no-conditional-dependencies \ + --no-vc-files \ +" + +gnulib_name=libgnu +source_base=grub-core/lib/gnulib +gnulib_extra_files=" + build-aux/install-sh + build-aux/mdate-sh + build-aux/texinfo.tex + build-aux/depcomp + build-aux/config.guess + build-aux/config.sub +" + +# Additional xgettext options to use. Use "\\\newline" to break lines. +XGETTEXT_OPTIONS=$XGETTEXT_OPTIONS'\\\ + --from-code=UTF-8\\\ +' + +checkout_only_file= +copy=true +vc_ignore= + +SKIP_PO=t + +# Build prerequisites +buildreq="\ +autoconf 2.63 +automake 1.11 +gettext 0.18.3 +git 1.5.5 +tar - +" + +# bootstrap doesn't give us a reasonable way to stop Automake from +# overwriting this, so we just copy our version aside and put it back later. +cp -a INSTALL INSTALL.grub + +bootstrap_post_import_hook () { + set -e + for patchname in fix-base64 fix-null-deref fix-null-state-deref fix-regcomp-uninit-token \ + fix-regexec-null-deref fix-uninit-structure fix-unused-value fix-width no-abort; do + patch -d grub-core/lib/gnulib -p2 \ + < "grub-core/lib/gnulib-patches/$patchname.patch" + done + for patchname in \ + 0001-Support-POTFILES-shell \ + 0002-Handle-gettext_printf-shell-function \ + 0003-Make-msgfmt-output-in-little-endian \ + 0004-Use-SHELL-rather-than-bin-sh; do + patch -d po -p3 \ + < "po/gettext-patches/$patchname.patch" + done + FROM_BOOTSTRAP=1 ./autogen.sh + set +e # bootstrap expects this +} + +bootstrap_epilogue () { + mv INSTALL.grub INSTALL +} diff --git a/sbat.csv.in b/sbat.csv.in new file mode 100755 index 000000000..ea697f51a --- /dev/null +++ b/sbat.csv.in @@ -0,0 +1,3 @@ +sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md +grub,1,Free Software Foundation,grub,@@VERSION@@,https//www.gnu.org/software/grub/ +grub.fedora,1,The Fedora Project,grub2,@@VERSION_RELEASE@@,https://src.fedoraproject.org/rpms/grub2 diff --git a/strtoull_test.c b/strtoull_test.c new file mode 100644 index 000000000..5488ab26b --- /dev/null +++ b/strtoull_test.c @@ -0,0 +1,63 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2016 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#include +#include + +GRUB_MOD_LICENSE ("GPLv3+"); + +static void +strtoull_testcase (const char *input, int base, unsigned long long expected, + int num_digits, grub_err_t error) +{ + const char *output; + unsigned long long value; + grub_errno = 0; + value = grub_strtoull(input, &output, base); + grub_test_assert (grub_errno == error, + "unexpected error. Expected %d, got %d. Input \"%s\"", + error, grub_errno, input); + if (grub_errno) + { + grub_errno = 0; + return; + } + grub_test_assert (input + num_digits == output, + "unexpected number of digits. Expected %d, got %d, input \"%s\"", + num_digits, (int) (output - input), input); + grub_test_assert (value == expected, + "unexpected return value. Expected %llu, got %llu, input \"\%s\"", + expected, value, input); +} + +static void +strtoull_test (void) +{ + strtoull_testcase ("9", 0, 9, 1, GRUB_ERR_NONE); + strtoull_testcase ("0xaa", 0, 0xaa, 4, GRUB_ERR_NONE); + strtoull_testcase ("0xff", 0, 0xff, 4, GRUB_ERR_NONE); + strtoull_testcase ("0", 10, 0, 1, GRUB_ERR_NONE); + strtoull_testcase ("8", 8, 0, 0, GRUB_ERR_BAD_NUMBER); + strtoull_testcase ("38", 8, 3, 1, GRUB_ERR_NONE); + strtoull_testcase ("7", 8, 7, 1, GRUB_ERR_NONE); + strtoull_testcase ("1]", 16, 1, 1, GRUB_ERR_NONE); + strtoull_testcase ("18446744073709551616", 10, 0, 0, GRUB_ERR_OUT_OF_RANGE); +} + + +GRUB_FUNCTIONAL_TEST (strtoull_test, strtoull_test); diff --git a/theme.tar.bz2 b/theme.tar.bz2 new file mode 100644 index 000000000..c1035b08f Binary files /dev/null and b/theme.tar.bz2 differ diff --git a/unifont-5.1.20080820.pcf.gz b/unifont-5.1.20080820.pcf.gz new file mode 100644 index 000000000..2b1ce37cf Binary files /dev/null and b/unifont-5.1.20080820.pcf.gz differ