grub: update to grub-2.06-42.amzn2022 #2503
Conversation
| @@ -1,2 +1,3 @@ | |||
| #!/bin/sh | |||
| docker run --rm amazonlinux:2 sh -c 'yum install -q -y yum-utils && yumdownloader -q --source --urls grub2 | grep ^http' | |||
| cmd='dnf install -q -y --releasever=latest yum-utils && yumdownloader -q --releasever=latest --source --urls grub2' | |||
There was a problem hiding this comment.
Will this make sure that the latest RPM repo will be used?
There was a problem hiding this comment.
I assume you're referring to Amazon Linux 2022's version locking? If so, yes, this will always pull the latest RPM due to --releasever=latest. I happened to still have an old container image around, so can provide some evidence as well. :-)
bash-5.1# yumdownloader -q --source --urls grub2
https://al2022-repos-us-west-2-9761ab97.s3.dualstack.us-west-2.amazonaws.com/core/guids/7121068131b337400594464d34e729a039727242067ddefbd6a8545886479c22/SRPMS/../../../../blobstore/aa41fdf9982b65a4c4dad5df5b49ba143b1710d60f82688221966f3c790c6c63/grub2-2.06-42.amzn2022.0.1.src.rpm
bash-5.1# yumdownloader -q --releasever=latest --source --urls grub2
https://al2022-repos-us-west-2-9761ab97.s3.dualstack.us-west-2.amazonaws.com/core/guids/3639f46a50c6c4978d36ecda0895b164e42fa86ff7fd8dc984898128901b9962/SRPMS/../../../../blobstore/aa41fdf9982b65a4c4dad5df5b49ba143b1710d60f82688221966f3c790c6c63/grub2-2.06-42.amzn2022.0.1.src.rpm
Note that here only the repo GUIDs differ.
packages/grub/grub.spec
Outdated
|
|
||
| Name: %{_cross_os}grub | ||
| Version: 2.06 | ||
| Release: 1%{?dist} | ||
| Summary: Bootloader with support for Linux and more | ||
| License: GPL-3.0-or-later AND Unicode-DFS-2015 | ||
| URL: https://www.gnu.org/software/grub/ | ||
| Source0: https://cdn.amazonlinux.com/blobstore/21d0df3b06c1c5cc9e5cf3bb559dad713335e782ac3a46b57c5d0097e22c0aec/grub2-2.06-9.amzn2.0.1.src.rpm | ||
| Source0: https://al2022-repos-us-west-2-9761ab97.s3.dualstack.us-west-2.amazonaws.com/core/guids/3639f46a50c6c4978d36ecda0895b164e42fa86ff7fd8dc984898128901b9962/SRPMS/../../../../blobstore/aa41fdf9982b65a4c4dad5df5b49ba143b1710d60f82688221966f3c790c6c63/grub2-2.06-42.amzn2022.0.1.src.rpm |
There was a problem hiding this comment.
Last time I updated this I was asked to do the test described in this comment, I think we should do that as well for this PR:
There was a problem hiding this comment.
Can do, will have to look into running under ESXi though. To better understand this, what's the concern? Has the boot menu broken before? Do we want to ensure a GRUB update doesn't break it to retain the ability to interactively engage with GRUB in a debug build?
There was a problem hiding this comment.
I updated the PR description with the testing done for serial console output. The only one left at the moment is ESXi/VMware. I'm working to get this set up and tested.
packages/grub/Cargo.toml
Outdated
| @@ -9,5 +9,5 @@ build = "build.rs" | |||
| path = "pkg.rs" | |||
|
|
|||
| [[package.metadata.build-package.external-files]] | |||
| url = "https://cdn.amazonlinux.com/blobstore/21d0df3b06c1c5cc9e5cf3bb559dad713335e782ac3a46b57c5d0097e22c0aec/grub2-2.06-9.amzn2.0.1.src.rpm" | |||
| sha512 = "f27b4005e789ce1e0e792133f6adfbdbf221245c03b27c25285ff5b81e53065385536971934744f33c52a924022480aa15cd25e8d5ded9f4999c753e8394ae36" | |||
| url = "https://al2022-repos-us-west-2-9761ab97.s3.dualstack.us-west-2.amazonaws.com/core/guids/3639f46a50c6c4978d36ecda0895b164e42fa86ff7fd8dc984898128901b9962/SRPMS/../../../../blobstore/aa41fdf9982b65a4c4dad5df5b49ba143b1710d60f82688221966f3c790c6c63/grub2-2.06-42.amzn2022.0.1.src.rpm" | |||
There was a problem hiding this comment.
nit: it might be good to canonicalize this somehow:
| url = "https://al2022-repos-us-west-2-9761ab97.s3.dualstack.us-west-2.amazonaws.com/core/guids/3639f46a50c6c4978d36ecda0895b164e42fa86ff7fd8dc984898128901b9962/SRPMS/../../../../blobstore/aa41fdf9982b65a4c4dad5df5b49ba143b1710d60f82688221966f3c790c6c63/grub2-2.06-42.amzn2022.0.1.src.rpm" | |
| url = "https://al2022-repos-us-west-2-9761ab97.s3.dualstack.us-west-2.amazonaws.com/blobstore/aa41fdf9982b65a4c4dad5df5b49ba143b1710d60f82688221966f3c790c6c63/grub2-2.06-42.amzn2022.0.1.src.rpm" |
There was a problem hiding this comment.
Before submitting the PR, I was mentally going back and forth on this a bit. In the end I liked latest-srpm-url.sh giving the same output as copied into Cargo.toml for consistency (since clients should remove the dotted components during normalization). I'll send an update for both.
Update GRUB to grub-2.06-42.amzn2022. This also switches Bottlerocket's immediate upstream from Amazon Linux 2 to Amazon Linux 2022, which more closely tracks the GRUB project. Signed-off-by: Markus Boehme <[email protected]>
markusboehme
force-pushed
the
package-update/grub-2.06-42.amzn2022
branch
from
3f99c37
to
61517d2
Compare
|
The force push canonicalizes the upstream package URLs and brings a change to |
| docker run --rm amazonlinux:2022 sh -c "${cmd}" \ | ||
| | grep '^http' \ | ||
| | xargs --max-args=1 --no-run-if-empty realpath --canonicalize-missing --relative-to=. \ | ||
| | sed 's_:/_://_' |
|
I just verified serial console output/responsiveness on VMware as well. Merging now. |
Issue number: No dedicated issue, but related to #2501
Description of changes: Update GRUB to grub-2.06-42.amzn2022. This also switches Bottlerocket's immediate upstream from Amazon Linux 2 to Amazon Linux 2022, which more closely tracks the GRUB project.
This picks up the fixes for the CVEs dubbed BootHole 3. These are relevant for eventually supporting Secure Boot (#2501).
Testing done: I used the metal-dev variant to test the following aspects and scenarios:
Terms of contribution:
By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.