From 45e97910d557b21b65444e6e9afb3b3476a71d3f Mon Sep 17 00:00:00 2001 From: Bin Qian Date: Mon, 4 Oct 2021 14:50:40 -0400 Subject: [PATCH] relocate /pxeboot to /var/pxeboot Relocate writable /pxeboot dir to /var/pxeboot Story: 2009101 Task: 44229 TCs are list https://review.opendev.org/c/starlingx/metal/+/822008. Depends-on: https://review.opendev.org/c/starlingx/metal/+/822008 Change-Id: Ia1d12db455bc72c5ef7c111f0fb398aabeed1266 Signed-off-by: Bin Qian --- ...elocate-pxeboot-to-var-pxeboot-patch.patch | 44 +++++++++++++++++++ grub/grub2/centos/meta_patches/PATCH_ORDER | 1 + ...0004-relocate-pxeboot-to-var-pxeboot.patch | 34 ++++++++++++++ .../centos/meta_patches/PATCH_ORDER | 1 + 4 files changed, 80 insertions(+) create mode 100644 grub/grub2/centos/meta_patches/0014-relocate-pxeboot-to-var-pxeboot-patch.patch create mode 100644 security/shim-signed/centos/meta_patches/0004-relocate-pxeboot-to-var-pxeboot.patch diff --git a/grub/grub2/centos/meta_patches/0014-relocate-pxeboot-to-var-pxeboot-patch.patch b/grub/grub2/centos/meta_patches/0014-relocate-pxeboot-to-var-pxeboot-patch.patch new file mode 100644 index 000000000..d68d7a7dc --- /dev/null +++ b/grub/grub2/centos/meta_patches/0014-relocate-pxeboot-to-var-pxeboot-patch.patch @@ -0,0 +1,44 @@ +From e78aeedb002ddf204d0b970b8601ead55bf32f6f Mon Sep 17 00:00:00 2001 +From: Bin Qian +Date: Wed, 29 Sep 2021 16:49:47 -0400 +Subject: [PATCH] Relocate /pxeboot to /var/pxeboot + +Relocate writable directory /pxeboot to /var/pxeboot +--- + SOURCES/grub.macros | 4 ++-- + SOURCES/grub.patches | 1 - + 2 files changed, 2 insertions(+), 3 deletions(-) + +diff --git a/SOURCES/grub.macros b/SOURCES/grub.macros +index d52861a..fe88bf1 100644 +--- a/SOURCES/grub.macros ++++ b/SOURCES/grub.macros +@@ -410,7 +410,7 @@ ln -sf ../boot/efi/EFI/%{efidir}/grub.cfg \\\ + $RPM_BUILD_ROOT%{_sysconfdir}/%{name}-efi.cfg \ + install -m 700 %{2} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{2}.unsigned \ + install -m 700 %{3} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{3}.unsigned \ +-install -D -m 755 %{2} $RPM_BUILD_ROOT/pxeboot/EFI/%{2} \ ++install -D -m 755 %{2} $RPM_BUILD_ROOT/var/pxeboot/EFI/%{2} \ + install -m 700 %{2} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{2} \ + install -m 700 %{3} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{3} \ + install -D -m 700 unicode.pf2 \\\ +@@ -502,6 +502,6 @@ cd .. \ + /boot/efi/EFI/%{efidir}/%{grubeficdname}.unsigned \ + \ + %{expand:%%files %{1}-pxeboot} \ +-/pxeboot/EFI/%{grubefiname} \ ++/var/pxeboot/EFI/%{grubefiname} \ + \ + %{nil} +diff --git a/SOURCES/grub.patches b/SOURCES/grub.patches +index ece014a..5ce9177 100644 +--- a/SOURCES/grub.patches ++++ b/SOURCES/grub.patches +@@ -336,4 +336,3 @@ Patch1000: 1000_linux-mktitle-de-brand-the-grub.cfg-menu.patch + Patch1001: 1001-add-tboot.patch + Patch1002: 1002-Don-t-write-trailing-colon-when-populating-MAC-strin.patch + Patch1003: 1003-tftp-roll-over-block-counter-to-prevent-timeouts-wit.patch +- +-- +2.29.2 + diff --git a/grub/grub2/centos/meta_patches/PATCH_ORDER b/grub/grub2/centos/meta_patches/PATCH_ORDER index 542fa1763..a1ea61b88 100644 --- a/grub/grub2/centos/meta_patches/PATCH_ORDER +++ b/grub/grub2/centos/meta_patches/PATCH_ORDER @@ -10,3 +10,4 @@ 0011-grub2-fix-str-for-6B-macs.patch 0012-grub2-Don-t-strip-img-files-from-non-EFI-build.patch 0013-tftp-roll-over-block-counter-to-prevent-timeouts-wit.patch +0014-relocate-pxeboot-to-var-pxeboot-patch.patch diff --git a/security/shim-signed/centos/meta_patches/0004-relocate-pxeboot-to-var-pxeboot.patch b/security/shim-signed/centos/meta_patches/0004-relocate-pxeboot-to-var-pxeboot.patch new file mode 100644 index 000000000..653f82888 --- /dev/null +++ b/security/shim-signed/centos/meta_patches/0004-relocate-pxeboot-to-var-pxeboot.patch @@ -0,0 +1,34 @@ +From 7d276fc48d468cc257bcfc7e957c18e3035f2503 Mon Sep 17 00:00:00 2001 +From: Bin Qian +Date: Wed, 29 Sep 2021 20:17:18 -0400 +Subject: [PATCH] relocate /pxeboot to /var/pxeboot + +--- + SPECS/shim-signed.spec | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/SPECS/shim-signed.spec b/SPECS/shim-signed.spec +index c085104..6dd7b95 100755 +--- a/SPECS/shim-signed.spec ++++ b/SPECS/shim-signed.spec +@@ -229,7 +229,7 @@ install -m 0700 shimia32.efi $RPM_BUILD_ROOT/boot/efi/EFI/BOOT/BOOTIA32.EFI + install -m 0700 fbia32.efi $RPM_BUILD_ROOT/boot/efi/EFI/BOOT/fbia32.efi + + # pxeboot support +-install -D -p -m 0755 shimx64.efi $RPM_BUILD_ROOT/pxeboot/EFI/shim.efi ++install -D -p -m 0755 shimx64.efi $RPM_BUILD_ROOT/var/pxeboot/EFI/shim.efi + %endif + + cd mokutil-%{mokutil_version} +@@ -246,7 +246,7 @@ make PREFIX=%{_prefix} LIBDIR=%{_libdir} DESTDIR=%{buildroot} install + /boot/efi/EFI/BOOT/fb%{efiarchlc}.efi + /boot/efi/EFI/BOOT/fallback.efi + /boot/efi/EFI/%{efidir}/shim.efi +-%attr(755,root,root) /pxeboot/EFI/shim.efi ++%attr(755,root,root) /var/pxeboot/EFI/shim.efi + + %ifarch x86_64 + /boot/efi/EFI/%{efidir}/BOOT.CSV +-- +2.29.2 + diff --git a/security/shim-signed/centos/meta_patches/PATCH_ORDER b/security/shim-signed/centos/meta_patches/PATCH_ORDER index 6cddcd319..72deb920a 100644 --- a/security/shim-signed/centos/meta_patches/PATCH_ORDER +++ b/security/shim-signed/centos/meta_patches/PATCH_ORDER @@ -1,3 +1,4 @@ 0001-Titanium-release-info.patch 0002-Use-presigned-binaries.patch 0003-Support-pxeboot-secure-boot.patch +0004-relocate-pxeboot-to-var-pxeboot.patch