commit: 4ce63f8b85aa62e485eaebc34b36024f80866106 Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> AuthorDate: Sun Apr 1 18:17:04 2018 +0000 Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> CommitDate: Sun Apr 1 18:18:14 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ce63f8b
sys-boot/grub: backport early microcode patch Closes: https://bugs.gentoo.org/645088 Package-Manager: Portage-2.3.24, Repoman-2.3.6_p81 .../grub/files/2.02-multiple-early-initrd.patch | 177 ++++++++++++ sys-boot/grub/grub-2.02-r1.ebuild | 299 +++++++++++++++++++++ 2 files changed, 476 insertions(+) diff --git a/sys-boot/grub/files/2.02-multiple-early-initrd.patch b/sys-boot/grub/files/2.02-multiple-early-initrd.patch new file mode 100644 index 00000000000..74b576f8b00 --- /dev/null +++ b/sys-boot/grub/files/2.02-multiple-early-initrd.patch @@ -0,0 +1,177 @@ +From a698240df0c43278b2d1d7259c8e7a6926c63112 Mon Sep 17 00:00:00 2001 +From: "Matthew S. Turnbull" <spa...@bluefang-logic.com> +Date: Sat, 24 Feb 2018 17:44:58 -0500 +Subject: grub-mkconfig/10_linux: Support multiple early initrd images + +Add support for multiple, shared, early initrd images. These early +images will be loaded in the order declared, and all will be loaded +before the initrd image. + +While many classes of data can be provided by early images, the +immediate use case would be for distributions to provide CPU +microcode to mitigate the Meltdown and Spectre vulnerabilities. + +There are two environment variables provided for declaring the early +images. + +* GRUB_EARLY_INITRD_LINUX_STOCK is for the distribution declare + images that are provided by the distribution or installed packages. + If undeclared, this will default to a set of common microcode image + names. + +* GRUB_EARLY_INITRD_LINUX_CUSTOM is for user created images. User + images will be loaded after the stock images. + +These separate configurations allow the distribution and user to +declare different image sets without clobbering each other. + +This also makes a minor update to ensure that UUID partition labels +stay disabled when no initrd image is found, even if early images are +present. + +This is a continuation of a previous patch published by Christian +Hesse in 2016: +http://lists.gnu.org/archive/html/grub-devel/2016-02/msg00025.html + +Down stream Gentoo bug: +https://bugs.gentoo.org/645088 + +Signed-off-by: Robin H. Johnson <robb...@gentoo.org> +Signed-off-by: Matthew S. Turnbull <spa...@bluefang-logic.com> +Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com> +--- + docs/grub.texi | 19 +++++++++++++++++++ + util/grub-mkconfig.in | 8 ++++++++ + util/grub.d/10_linux.in | 33 +++++++++++++++++++++++++++------ + 3 files changed, 54 insertions(+), 6 deletions(-) + +diff --git a/docs/grub.texi b/docs/grub.texi +index 137b894..65b4bbe 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -1398,6 +1398,25 @@ for all respectively normal entries. + The values of these options replace the values of @samp{GRUB_CMDLINE_LINUX} + and @samp{GRUB_CMDLINE_LINUX_DEFAULT} for Linux and Xen menu entries. + ++@item GRUB_EARLY_INITRD_LINUX_CUSTOM ++@itemx GRUB_EARLY_INITRD_LINUX_STOCK ++List of space-separated early initrd images to be loaded from @samp{/boot}. ++This is for loading things like CPU microcode, firmware, ACPI tables, crypto ++keys, and so on. These early images will be loaded in the order declared, ++and all will be loaded before the actual functional initrd image. ++ ++@samp{GRUB_EARLY_INITRD_LINUX_STOCK} is for your distribution to declare ++images that are provided by the distribution. It should not be modified ++without understanding the consequences. They will be loaded first. ++ ++@samp{GRUB_EARLY_INITRD_LINUX_CUSTOM} is for your custom created images. ++ ++The default stock images are as follows, though they may be overridden by ++your distribution: ++@example ++intel-uc.img intel-ucode.img amd-uc.img amd-ucode.img early_ucode.cpio microcode.cpio ++@end example ++ + @item GRUB_DISABLE_LINUX_UUID + Normally, @command{grub-mkconfig} will generate menu entries that use + universally-unique identifiers (UUIDs) to identify the root filesystem to +diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in +index f8496d2..35ef583 100644 +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -147,6 +147,12 @@ if [ x"$GRUB_FS" = xunknown ]; then + GRUB_FS="$(stat -f --printf=%T / || echo unknown)" + fi + ++# Provide a default set of stock linux early initrd images. ++# Define here so the list can be modified in the sourced config file. ++if [ "x${GRUB_EARLY_INITRD_LINUX_STOCK}" = "x" ]; then ++ GRUB_EARLY_INITRD_LINUX_STOCK="intel-uc.img intel-ucode.img amd-uc.img amd-ucode.img early_ucode.cpio microcode.cpio" ++fi ++ + if test -f ${sysconfdir}/default/grub ; then + . ${sysconfdir}/default/grub + fi +@@ -211,6 +217,8 @@ export GRUB_DEFAULT \ + GRUB_CMDLINE_NETBSD \ + GRUB_CMDLINE_NETBSD_DEFAULT \ + GRUB_CMDLINE_GNUMACH \ ++ GRUB_EARLY_INITRD_LINUX_CUSTOM \ ++ GRUB_EARLY_INITRD_LINUX_STOCK \ + GRUB_TERMINAL_INPUT \ + GRUB_TERMINAL_OUTPUT \ + GRUB_SERIAL_COMMAND \ +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index de9044c..faedf74 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -136,9 +136,13 @@ EOF + if test -n "${initrd}" ; then + # TRANSLATORS: ramdisk isn't identifier. Should be translated. + message="$(gettext_printf "Loading initial ramdisk ...")" ++ initrd_path= ++ for i in ${initrd}; do ++ initrd_path="${initrd_path} ${rel_dirname}/${i}" ++ done + sed "s/^/$submenu_indentation/" << EOF + echo '$(echo "$message" | grub_quote)' +- initrd ${rel_dirname}/${initrd} ++ initrd $(echo $initrd_path) + EOF + fi + sed "s/^/$submenu_indentation/" << EOF +@@ -188,7 +192,15 @@ while [ "x$list" != "x" ] ; do + alt_version=`echo $version | sed -e "s,\.old$,,g"` + linux_root_device_thisversion="${LINUX_ROOT_DEVICE}" + +- initrd= ++ initrd_early= ++ for i in ${GRUB_EARLY_INITRD_LINUX_STOCK} \ ++ ${GRUB_EARLY_INITRD_LINUX_CUSTOM}; do ++ if test -e "${dirname}/${i}" ; then ++ initrd_early="${initrd_early} ${i}" ++ fi ++ done ++ ++ initrd_real= + for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \ + "initrd-${version}" "initramfs-${version}.img" \ + "initrd.img-${alt_version}" "initrd-${alt_version}.img" \ +@@ -198,11 +210,22 @@ while [ "x$list" != "x" ] ; do + "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \ + "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do + if test -e "${dirname}/${i}" ; then +- initrd="$i" ++ initrd_real="${i}" + break + fi + done + ++ initrd= ++ if test -n "${initrd_early}" || test -n "${initrd_real}"; then ++ initrd="${initrd_early} ${initrd_real}" ++ ++ initrd_display= ++ for i in ${initrd}; do ++ initrd_display="${initrd_display} ${dirname}/${i}" ++ done ++ gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2 ++ fi ++ + config= + for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do + if test -e "${i}" ; then +@@ -216,9 +239,7 @@ while [ "x$list" != "x" ] ; do + initramfs=`grep CONFIG_INITRAMFS_SOURCE= "${config}" | cut -f2 -d= | tr -d \"` + fi + +- if test -n "${initrd}" ; then +- gettext_printf "Found initrd image: %s\n" "${dirname}/${initrd}" >&2 +- elif test -z "${initramfs}" ; then ++ if test -z "${initramfs}" && test -z "${initrd_real}" ; then + # "UUID=" and "ZFS=" magic is parsed by initrd or initramfs. Since there's + # no initrd or builtin initramfs, it can't work here. + linux_root_device_thisversion=${GRUB_DEVICE} +-- +cgit v1.0-41-gc330 + diff --git a/sys-boot/grub/grub-2.02-r1.ebuild b/sys-boot/grub/grub-2.02-r1.ebuild new file mode 100644 index 00000000000..7b3b5251bc1 --- /dev/null +++ b/sys-boot/grub/grub-2.02-r1.ebuild @@ -0,0 +1,299 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +if [[ ${PV} == 9999 ]]; then + GRUB_AUTOGEN=1 +fi + +if [[ -n ${GRUB_AUTOGEN} ]]; then + PYTHON_COMPAT=( python{2_7,3_3,3_4,3_5} ) + WANT_LIBTOOL=none + inherit autotools python-any-r1 +fi + +inherit autotools bash-completion-r1 flag-o-matic multibuild pax-utils toolchain-funcs versionator + +if [[ ${PV} != 9999 ]]; then + if [[ ${PV} == *_alpha* || ${PV} == *_beta* || ${PV} == *_rc* ]]; then + # The quote style is to work with <=bash-4.2 and >=bash-4.3 #503860 + MY_P=${P/_/'~'} + SRC_URI="mirror://gnu-alpha/${PN}/${MY_P}.tar.xz" + S=${WORKDIR}/${MY_P} + else + SRC_URI="mirror://gnu/${PN}/${P}.tar.xz" + S=${WORKDIR}/${P%_*} + fi + KEYWORDS="~amd64 ~arm64 ~x86" +else + inherit git-r3 + EGIT_REPO_URI="git://git.sv.gnu.org/grub.git + http://git.savannah.gnu.org/r/grub.git"; +fi + +PATCHES=( + "${FILESDIR}"/gfxpayload.patch + "${FILESDIR}"/grub-2.02_beta2-KERNEL_GLOBS.patch + "${FILESDIR}"/2.02-multiple-early-initrd.patch +) + +DEJAVU=dejavu-sans-ttf-2.37 +UNIFONT=unifont-9.0.06 +SRC_URI+=" fonts? ( mirror://gnu/unifont/${UNIFONT}/${UNIFONT}.pcf.gz ) + themes? ( mirror://sourceforge/dejavu/${DEJAVU}.zip )" + +DESCRIPTION="GNU GRUB boot loader" +HOMEPAGE="https://www.gnu.org/software/grub/"; + +# Includes licenses for dejavu and unifont +LICENSE="GPL-3 fonts? ( GPL-2-with-font-exception ) themes? ( BitstreamVera )" +SLOT="2/${PVR}" +IUSE="debug device-mapper doc efiemu +fonts mount multislot nls static sdl test +themes truetype libzfs" + +GRUB_ALL_PLATFORMS=( coreboot efi-32 efi-64 emu ieee1275 loongson multiboot qemu qemu-mips pc uboot xen xen-32 ) +IUSE+=" ${GRUB_ALL_PLATFORMS[@]/#/grub_platforms_}" + +REQUIRED_USE=" + grub_platforms_coreboot? ( fonts ) + grub_platforms_qemu? ( fonts ) + grub_platforms_ieee1275? ( fonts ) + grub_platforms_loongson? ( fonts ) +" + +# os-prober: Used on runtime to detect other OSes +# xorriso (dev-libs/libisoburn): Used on runtime for mkrescue +RDEPEND=" + app-arch/xz-utils + >=sys-libs/ncurses-5.2-r5:0= + debug? ( + sdl? ( media-libs/libsdl ) + ) + device-mapper? ( >=sys-fs/lvm2-2.02.45 ) + libzfs? ( sys-fs/zfs ) + mount? ( sys-fs/fuse ) + truetype? ( media-libs/freetype:2= ) + ppc? ( sys-apps/ibm-powerpc-utils sys-apps/powerpc-utils ) + ppc64? ( sys-apps/ibm-powerpc-utils sys-apps/powerpc-utils ) +" +DEPEND="${RDEPEND} + ${PYTHON_DEPS} + app-misc/pax-utils + sys-devel/flex + sys-devel/bison + sys-apps/help2man + sys-apps/texinfo + fonts? ( media-libs/freetype:2 ) + grub_platforms_xen? ( app-emulation/xen-tools:= ) + grub_platforms_xen-32? ( app-emulation/xen-tools:= ) + static? ( + app-arch/xz-utils[static-libs(+)] + truetype? ( + app-arch/bzip2[static-libs(+)] + media-libs/freetype[static-libs(+)] + sys-libs/zlib[static-libs(+)] + ) + ) + test? ( + app-admin/genromfs + app-arch/cpio + app-arch/lzop + app-emulation/qemu + dev-libs/libisoburn + sys-apps/miscfiles + sys-block/parted + sys-fs/squashfs-tools + ) + themes? ( + app-arch/unzip + media-libs/freetype:2 + ) +" +RDEPEND+=" + kernel_linux? ( + grub_platforms_efi-32? ( sys-boot/efibootmgr ) + grub_platforms_efi-64? ( sys-boot/efibootmgr ) + ) + !multislot? ( !sys-boot/grub:0 !sys-boot/grub-static ) + nls? ( sys-devel/gettext ) +" + +DEPEND+=" !!=media-libs/freetype-2.5.4" + +RESTRICT="strip !test? ( test )" + +QA_EXECSTACK="usr/bin/grub*-emu* usr/lib/grub/*" +QA_WX_LOAD="usr/lib/grub/*" +QA_MULTILIB_PATHS="usr/lib/grub/.*" + +src_unpack() { + if [[ ${PV} == 9999 ]]; then + git-r3_src_unpack + fi + default +} + +src_prepare() { + default + + sed -i -e /autoreconf/d autogen.sh || die + + if use multislot; then + # fix texinfo file name, bug 416035 + sed -i -e 's/^\* GRUB:/* GRUB2:/' -e 's/(grub)/(grub2)/' docs/grub.texi || die + fi + + # Nothing in Gentoo packages 'american-english' in the exact path + # wanted for the test, but all that is needed is a compressible text + # file, and we do have 'words' from miscfiles in the same path. + sed -i \ + -e '/CFILESSRC.*=/s,american-english,words,' \ + tests/util/grub-fs-tester.in \ + || die + + if [[ -n ${GRUB_AUTOGEN} ]]; then + python_setup + bash autogen.sh || die + autopoint() { :; } + eautoreconf + fi +} + +grub_do() { + multibuild_foreach_variant run_in_build_dir "$@" +} + +grub_do_once() { + multibuild_for_best_variant run_in_build_dir "$@" +} + +grub_configure() { + local platform + + case ${MULTIBUILD_VARIANT} in + efi*) platform=efi ;; + xen*) platform=xen ;; + guessed) ;; + *) platform=${MULTIBUILD_VARIANT} ;; + esac + + case ${MULTIBUILD_VARIANT} in + *-32) + if [[ ${CTARGET:-${CHOST}} == x86_64* ]]; then + local CTARGET=i386 + fi ;; + *-64) + if [[ ${CTARGET:-${CHOST}} == i?86* ]]; then + local CTARGET=x86_64 + local -x TARGET_CFLAGS="-Os -march=x86-64 ${TARGET_CFLAGS}" + local -x TARGET_CPPFLAGS="-march=x86-64 ${TARGET_CPPFLAGS}" + fi ;; + esac + + local myeconfargs=( + --disable-werror + --program-prefix= + --libdir="${EPREFIX}"/usr/lib + --htmldir="${EPREFIX}"/usr/share/doc/${PF}/html + $(use_enable debug mm-debug) + $(use_enable device-mapper) + $(use_enable mount grub-mount) + $(use_enable nls) + $(use_enable themes grub-themes) + $(use_enable truetype grub-mkfont) + $(use_enable libzfs) + $(use sdl && use_enable debug grub-emu-sdl) + ${platform:+--with-platform=}${platform} + + # Let configure detect this where supported + $(usex efiemu '' '--disable-efiemu') + ) + + if use multislot; then + myeconfargs+=( --program-transform-name="s,grub,grub2," ) + fi + + # Set up font symlinks + ln -s "${WORKDIR}/${UNIFONT}.pcf" unifont.pcf || die + if use themes; then + ln -s "${WORKDIR}/${DEJAVU}/ttf/DejaVuSans.ttf" DejaVuSans.ttf || die + fi + + local ECONF_SOURCE="${S}" + econf "${myeconfargs[@]}" +} + +src_configure() { + # Bug 508758. + replace-flags -O3 -O2 + + # We don't want to leak flags onto boot code. + export HOST_CCASFLAGS=${CCASFLAGS} + export HOST_CFLAGS=${CFLAGS} + export HOST_CPPFLAGS=${CPPFLAGS} + export HOST_LDFLAGS=${LDFLAGS} + unset CCASFLAGS CFLAGS CPPFLAGS LDFLAGS + + use static && HOST_LDFLAGS+=" -static" + + tc-ld-disable-gold #439082 #466536 #526348 + export TARGET_LDFLAGS="${TARGET_LDFLAGS} ${LDFLAGS}" + unset LDFLAGS + + tc-export CC NM OBJCOPY RANLIB STRIP + tc-export BUILD_CC # Bug 485592 + + MULTIBUILD_VARIANTS=() + local p + for p in "${GRUB_ALL_PLATFORMS[@]}"; do + use "grub_platforms_${p}" && MULTIBUILD_VARIANTS+=( "${p}" ) + done + [[ ${#MULTIBUILD_VARIANTS[@]} -eq 0 ]] && MULTIBUILD_VARIANTS=( guessed ) + grub_do grub_configure +} + +src_compile() { + # Sandbox bug 404013. + use libzfs && addpredict /etc/dfs:/dev/zfs + + grub_do emake + use doc && grub_do_once emake -C docs html +} + +src_test() { + # The qemu dependency is a bit complex. + # You will need to adjust QEMU_SOFTMMU_TARGETS to match the cpu/platform. + grub_do emake check +} + +src_install() { + grub_do emake install DESTDIR="${D}" bashcompletiondir="$(get_bashcompdir)" + use doc && grub_do_once emake -C docs install-html DESTDIR="${D}" + + einstalldocs + + if use multislot; then + mv "${ED%/}"/usr/share/info/grub{,2}.info || die + fi + + insinto /etc/default + newins "${FILESDIR}"/grub.default-3 grub +} + +pkg_postinst() { + elog "For information on how to configure GRUB2 please refer to the guide:" + elog " https://wiki.gentoo.org/wiki/GRUB2_Quick_Start"; + + if has_version 'sys-boot/grub:0'; then + elog "A migration guide for GRUB Legacy users is available:" + elog " https://wiki.gentoo.org/wiki/GRUB2_Migration"; + fi + + if [[ -z ${REPLACING_VERSIONS} ]]; then + elog + elog "You may consider installing the following optional packages:" + optfeature "Detect other operating systems (grub-mkconfig)" sys-boot/os-prober + optfeature "Create rescue media (grub-mkrescue)" dev-libs/libisoburn + optfeature "Enable RAID device detection" sys-fs/mdadm + fi +}
