Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package sdbootutil for openSUSE:Factory checked in at 2024-10-06 17:51:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sdbootutil (Old) and /work/SRC/openSUSE:Factory/.sdbootutil.new.19354 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "sdbootutil" Sun Oct 6 17:51:23 2024 rev:34 rq:1205688 version:1+git20241004.a1bb60f Changes: -------- --- /work/SRC/openSUSE:Factory/sdbootutil/sdbootutil.changes 2024-10-02 21:33:25.074464924 +0200 +++ /work/SRC/openSUSE:Factory/.sdbootutil.new.19354/sdbootutil.changes 2024-10-06 17:51:30.539950529 +0200 @@ -1,0 +2,9 @@ +Fri Oct 04 11:49:32 UTC 2024 - aplanas@suse.com + +- Update to version 1+git20241004.a1bb60f: + * Support bootloader switch + * Update order after bootloader install + * Use /etc/sysconfig/bootloader to untie detection + * Reference to grub2-bls + +------------------------------------------------------------------- Old: ---- sdbootutil-1+git20241002.7da4a47.obscpio New: ---- sdbootutil-1+git20241004.a1bb60f.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sdbootutil.spec ++++++ --- /var/tmp/diff_new_pack.oul0yD/_old 2024-10-06 17:51:31.151975962 +0200 +++ /var/tmp/diff_new_pack.oul0yD/_new 2024-10-06 17:51:31.155976129 +0200 @@ -27,7 +27,7 @@ %define git_version %{nil} %endif Name: sdbootutil -Version: 1+git20241002.7da4a47%{git_version} +Version: 1+git20241004.a1bb60f%{git_version} Release: 0 Summary: script to install shim with sd-boot License: MIT ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.oul0yD/_old 2024-10-06 17:51:31.199977958 +0200 +++ /var/tmp/diff_new_pack.oul0yD/_new 2024-10-06 17:51:31.203978123 +0200 @@ -3,6 +3,6 @@ <param name="url">https://github.com/lnussel/sdbootutil.git</param> <param name="changesrevision">708592a5033bb41d14e378172466ae9e90dfb3c4</param></service><service name="tar_scm"> <param name="url">https://github.com/openSUSE/sdbootutil.git</param> - <param name="changesrevision">7da4a479cf89b2d20e9cc81e15ba58cf32294735</param></service></servicedata> + <param name="changesrevision">a1bb60fc9a3b846f8abc0795871bd5162f77baa3</param></service></servicedata> (No newline at EOF) ++++++ sdbootutil-1+git20241002.7da4a47.obscpio -> sdbootutil-1+git20241004.a1bb60f.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sdbootutil-1+git20241002.7da4a47/sdbootutil new/sdbootutil-1+git20241004.a1bb60f/sdbootutil --- old/sdbootutil-1+git20241002.7da4a47/sdbootutil 2024-10-02 11:14:41.000000000 +0200 +++ new/sdbootutil-1+git20241004.a1bb60f/sdbootutil 2024-10-04 13:48:01.000000000 +0200 @@ -219,21 +219,27 @@ is_sdboot() { - # If systemd-boot and grub2 are co-installed, we favor grub2 - # in the detection - local sdboot grub2 + # LOADER_TYPE has preference, but is is not present and + # systemd-boot and grub2-bls are co-installed, we favor + # grub2-bls in the detection + [ -z "$LOADER_TYPE" ] || { [ "$LOADER_TYPE" = "systemd-boot" ]; return; } + + local sdboot grub2_bls sdboot="$(find_sdboot "${1-$root_snapshot}")" - grub2="$(find_grub2 "${1-$root_snapshot}")" - [ -e "$sdboot" ] && [ ! -e "$grub2" ] + grub2_bls="$(find_grub2_bls "${1-$root_snapshot}")" + [ -e "$sdboot" ] && [ ! -e "$grub2_bls" ] } -is_grub2() +is_grub2_bls() { - # If systemd-boot and grub2 are co-installed, we favor grub2 - # in the detection - local grub2 - grub2="$(find_grub2 "${1-$root_snapshot}")" - [ -e "$grub2" ] + # LOADER_TYPE has preference, but is is not present and + # systemd-boot and grub2-bls are co-installed, we favor + # grub2-bls in the detection + [ -z "$LOADER_TYPE" ] || { [ "$LOADER_TYPE" = "grub2-bls" ]; return; } + + local grub2_bls + grub2_bls="$(find_grub2_bls "${1-$root_snapshot}")" + [ -e "$grub2_bls" ] } reset_rollback() @@ -400,7 +406,7 @@ local prefix="" local subvol="" [ -z "$have_snapshots" ] || subvol="${subvol_prefix}/.snapshots/${snapshot}/snapshot" - if ! is_transactional && is_grub2; then + if ! is_transactional && is_grub2_bls; then if ! subvol_is_ro "$subvol"; then prefix="system" else @@ -1102,7 +1108,8 @@ local id id="$(entry_conf_file "$kernel_version" "$snapshot")" - local conf="$(find_conf_file "$kernel_version" "$snapshot")" + local conf + conf="$(find_conf_file "$kernel_version" "$snapshot")" [ -f "$conf" ] || return 0 echo "Updating $id" @@ -1398,22 +1405,22 @@ echo "$sdboot" } -find_grub2() +find_grub2_bls() { - local grub2 + local grub2_bls # The old grub.efi will contain the BLS patches, but we cannot # use it because we also dropped the process of creating the # configuration file and installing bli.mod - grub2="/usr/share/grub2/$(uname -m)-efi/grubbls.efi" - echo "$grub2" + grub2_bls="/usr/share/grub2/$(uname -m)-efi/grubbls.efi" + echo "$grub2_bls" } find_bootloader() { if is_sdboot "${1-$root_snapshot}"; then find_sdboot "${1-$root_snapshot}" - elif is_grub2 "${1-$root_snapshot}"; then - find_grub2 "${1-$root_snapshot}" + elif is_grub2_bls "${1-$root_snapshot}"; then + find_grub2_bls "${1-$root_snapshot}" else err "Bootloader not detected" fi @@ -1499,7 +1506,22 @@ fi # Create boot menu entry if it does not exist - [ -n "$arg_no_variables" ] || [ -n "$arg_portable" ] || efibootmgr | grep -q 'Boot.*openSUSE Boot Manager' || efibootmgr -q --create --disk "$drive" --part "$partno" --label "openSUSE Boot Manager" --loader "$entry" || true + local escaped_entry="${entry//\//\\\\}" + [ -n "$arg_no_variables" ] || [ -n "$arg_portable" ] || efibootmgr | grep -q "Boot.*openSUSE Boot Manager.*${escaped_entry}" || efibootmgr -q --create --disk "$drive" --part "$partno" --label "openSUSE Boot Manager ($bldr_name)" --loader "$entry" || true + + # Make it the first option + if [ -z "$arg_no_variables" ] && [ -z "$arg_portable" ]; then + local boot_order + boot_order="$(efibootmgr | grep BootOrder)" + boot_order="${boot_order#BootOrder: }" + + local boot_entry + boot_entry="$(efibootmgr | grep "Boot.*openSUSE Boot Manager.*${escaped_entry}")" + boot_entry="${boot_entry%\* *}" + boot_entry="${boot_entry#Boot}" + + efibootmgr -q -D -o "$boot_entry,$boot_order" || true + fi # This action will require to update the PCR predictions update_predictions=1 @@ -1716,7 +1738,7 @@ rm "$tmpdir/cmdline.utf16" } -pcrlock_grub2_kernel_initrd() +pcrlock_grub2_bls_kernel_initrd() { local linux="$1" local initrd="$2" @@ -1736,11 +1758,11 @@ done jq --slurp '{"records": [.[].records[0]]}' \ "${locks[@]}" \ - > "/var/lib/pcrlock.d/710-grub2-kernel-initrd-entry.pcrlock.d/kernel-initrd-$suffix.pcrlock" + > "/var/lib/pcrlock.d/710-grub2-bls-kernel-initrd-entry.pcrlock.d/kernel-initrd-$suffix.pcrlock" rm "${locks[@]}" } -pcrlock_grub2_cmdline() +pcrlock_grub2_bls_cmdline() { local linux="$1" local cmdline="$2" @@ -1763,11 +1785,11 @@ done jq --slurp '{"records": [.[].records[0]]}' \ "${locks[@]}" \ - > "/var/lib/pcrlock.d/650-grub2-entry-cmdline.pcrlock.d/cmdline-$suffix.pcrlock" + > "/var/lib/pcrlock.d/650-grub2-bls-entry-cmdline.pcrlock.d/cmdline-$suffix.pcrlock" rm "${locks[@]}" } -pcrlock_grub2_entry_files() +pcrlock_grub2_bls_entry_files() { local entries="${1:-$entryfile}" local suffix="${2:+-$2}" @@ -1790,7 +1812,7 @@ jq --slurp '{"records": [.[].records[0]]}' \ "${locks[@]}" \ - > "/var/lib/pcrlock.d/643-grub2-entry-files.pcrlock.d/generated$suffix.pcrlock" + > "/var/lib/pcrlock.d/643-grub2-bls-entry-files.pcrlock.d/generated$suffix.pcrlock" rm "${locks[@]}" } @@ -1840,14 +1862,14 @@ fi } -pcrlock_grub2() +pcrlock_grub2_bls() { - # 643-grub2-entry-files.pcrlock is not part of the pcrlock + # 643-grub2-bls-entry-files.pcrlock is not part of the pcrlock # standards - mkdir -p /var/lib/pcrlock.d/643-grub2-entry-files.pcrlock.d - pcrlock_grub2_entry_files + mkdir -p /var/lib/pcrlock.d/643-grub2-bls-entry-files.pcrlock.d + pcrlock_grub2_bls_entry_files if [ "$SDB_ADD_INITIAL_COMPONENT" = "1" ]; then - pcrlock_grub2_entry_files "$initialentryfile" "0" "$tmpdir" + pcrlock_grub2_bls_entry_files "$initialentryfile" "0" "$tmpdir" fi blkpart="$(findmnt -nvo SOURCE "$boot_root")" @@ -1855,21 +1877,21 @@ # Once we are out of the BIOS / EFI, the numeration cannot be # done without device.map. It is safe to assume that the ESP # is always the first disk (hd0) - grub_drive="(hd0,gpt$partno)" + grub2_bls_drive="(hd0,gpt$partno)" # Join linux, initrd and cmdline in a single pcrlock file - mkdir -p /var/lib/pcrlock.d/650-grub2-entry-cmdline.pcrlock.d + mkdir -p /var/lib/pcrlock.d/650-grub2-bls-entry-cmdline.pcrlock.d n=0 while read -r options; do read -r kernel read -r initrd n=$((n+1)) - pcrlock_grub2_cmdline "linux ${grub_drive}$kernel $options" \ - "${grub_drive}$kernel $options" \ - "initrd ${grub_drive}$initrd" "$n" + pcrlock_grub2_bls_cmdline "linux ${grub2_bls_drive}$kernel $options" \ + "${grub2_bls_drive}$kernel $options" \ + "initrd ${grub2_bls_drive}$initrd" "$n" done < <(jq --raw-output '.[] | .options, .linux, .initrd[0]' "$entryfile") - # Generate variation for 650-grub2-entry-cmdline component + # Generate variation for 650-grub2-bls-entry-cmdline component # that contains the current cmdline and the current initrd, # even if this will never be used again. This is required # because disk-encryption-tool generates a new initrd during @@ -1879,27 +1901,27 @@ while read -r options; do read -r kernel read -r initrd - pcrlock_grub2_cmdline "linux ${grub_drive}$kernel $options" \ - "${grub_drive}$kernel $options" \ - "initrd ${grub_drive}$initrd" "0" + pcrlock_grub2_bls_cmdline "linux ${grub2_bls_drive}$kernel $options" \ + "${grub2_bls_drive}$kernel $options" \ + "initrd ${grub2_bls_drive}$initrd" "0" done < <(jq --raw-output '.[] | .options, .linux, .initrd[0]' "$initialentryfile") fi # Join the kernel and the initrd in a single component - mkdir -p /var/lib/pcrlock.d/710-grub2-kernel-initrd-entry.pcrlock.d + mkdir -p /var/lib/pcrlock.d/710-grub2-bls-kernel-initrd-entry.pcrlock.d n=0 while read -r kernel; do read -r initrd n=$((n+1)) - pcrlock_grub2_kernel_initrd "$boot_root$kernel" "$boot_root$initrd" "$n" + pcrlock_grub2_bls_kernel_initrd "$boot_root$kernel" "$boot_root$initrd" "$n" done < <(jq --raw-output '.[] | .linux, .initrd[0]' "$entryfile") - # Generate variation for 710-grub2-kernel-initrd-entry for the + # Generate variation for 710-grub2-bls-kernel-initrd-entry for the # same reason than before. if [ "$SDB_ADD_INITIAL_COMPONENT" = "1" ]; then while read -r kernel; do read -r initrd - pcrlock_grub2_kernel_initrd "$tmpdir$kernel" "$tmpdir$initrd" "0" + pcrlock_grub2_bls_kernel_initrd "$tmpdir$kernel" "$tmpdir$initrd" "0" done < <(jq --raw-output '.[] | .linux, .initrd[0]' "$initialentryfile") fi } @@ -1952,7 +1974,7 @@ # 640-boot-loader-efi-application is not part of the pcrlock # standards - # This is measuing the systemd-boot EFI binary (named grub.efi) + # This is measuring the systemd-boot EFI binary (named grub.efi) # TODO: move to systemd-boot-pcrlock.rpm pcrlock \ lock-pe \ @@ -1961,8 +1983,8 @@ if is_sdboot; then pcrlock_sdboot - elif is_grub2; then - pcrlock_grub2 + elif is_grub2_bls; then + pcrlock_grub2_bls fi # If the prediction fails, the system will ask for a password, @@ -2356,7 +2378,7 @@ if [ -z "${FDE_SEAL_PCR_LIST}" ]; then if is_sdboot; then FDE_SEAL_PCR_LIST="0,2,4,7,9" - elif is_grub2; then + elif is_grub2_bls; then FDE_SEAL_PCR_LIST="0,2,4,7,8,9" else err "Bootloader not detected" @@ -2502,8 +2524,8 @@ { if is_sdboot "${1-$root_snapshot}"; then echo "systemd-boot" - elif is_grub2 "${1-$root_snapshot}"; then - echo "grub2" + elif is_grub2_bls "${1-$root_snapshot}"; then + echo "grub2-bls" else err "Bootloader not detected" fi @@ -2612,6 +2634,8 @@ *) err "Unsupported architecture $firmware_arch" ;; esac +[ -e /etc/sysconfig/bootloader ] && . /etc/sysconfig/bootloader + # XXX: Unify both in /EFI/opensuse? if [ -n "$arg_portable" ]; then if [ ! -d "$boot_root/EFI/systemd" ] && [ ! -d "$boot_root/EFI/opensuse" ]; then @@ -2621,7 +2645,7 @@ fi elif is_sdboot; then boot_dst="/EFI/systemd" -elif is_grub2; then +elif is_grub2_bls; then boot_dst="/EFI/opensuse" else err "Bootloader not detected" ++++++ sdbootutil.obsinfo ++++++ --- /var/tmp/diff_new_pack.oul0yD/_old 2024-10-06 17:51:31.319982944 +0200 +++ /var/tmp/diff_new_pack.oul0yD/_new 2024-10-06 17:51:31.323983111 +0200 @@ -1,5 +1,5 @@ name: sdbootutil -version: 1+git20241002.7da4a47 -mtime: 1727860481 -commit: 7da4a479cf89b2d20e9cc81e15ba58cf32294735 +version: 1+git20241004.a1bb60f +mtime: 1728042481 +commit: a1bb60fc9a3b846f8abc0795871bd5162f77baa3