From 41d61bcfa46efe149384a72f2ea4ed225fcaab14 Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Mon, 3 Nov 2025 07:12:50 +0000 Subject: [PATCH] sys-boot/grub: Sync with Gentoo It's from Gentoo commit 479e28d16934ab9bd9514bf2457be775473bfe79. Signed-off-by: Flatcar Buildbot --- .../portage-stable/sys-boot/grub/Manifest | 5 +- ...2.14_rc1-configure.ac-avoid-bashisms.patch | 46 ++ .../sys-boot/grub/grub-2.12-r7.ebuild | 4 +- .../sys-boot/grub/grub-2.14_rc1.ebuild | 439 ++++++++++++++++++ .../sys-boot/grub/grub-9999.ebuild | 28 +- 5 files changed, 510 insertions(+), 12 deletions(-) create mode 100644 sdk_container/src/third_party/portage-stable/sys-boot/grub/files/grub-2.14_rc1-configure.ac-avoid-bashisms.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-boot/grub/grub-2.14_rc1.ebuild diff --git a/sdk_container/src/third_party/portage-stable/sys-boot/grub/Manifest b/sdk_container/src/third_party/portage-stable/sys-boot/grub/Manifest index 553bc5923a..aa989811b9 100644 --- a/sdk_container/src/third_party/portage-stable/sys-boot/grub/Manifest +++ b/sdk_container/src/third_party/portage-stable/sys-boot/grub/Manifest @@ -3,5 +3,8 @@ DIST dejavu-sans-ttf-2.37.zip 417746 BLAKE2B c8904f3cd5a49370a7dc10e456684c88aea DIST grub-2.12-bash-completion.patch.gz 3627 BLAKE2B 6ba80fd4fb4b28ae2e5a2387133d815da126a4eaa4b5cb24b13f4ba5a2499ab4099d10ada366ed39f84be2c38774122f48e1a1894768c5bee29149528610d095 SHA512 a9ee6d2253ae48d7f90907a9e975a3a1d01346bc621d8b8cddf7cc815cd91e078f6c61392724d13556ee64f099fa15c94fcb88a49ff02d4a90ebd376252cea5c DIST grub-2.12.tar.xz 6675608 BLAKE2B a678f7fafb945d325c8cf47aa086f48357a8f6335b762f77038c30a3896b3b05491598d9931d5335841d224fffcbe4a9a43ca1479057c1f1ce52b8d2a952c431 SHA512 761c060a4c3da9c0e810b0ea967e3ebc66baa4ddd682a503ae3d30a83707626bccaf49359304a16b3a26fc4435fe6bea1ee90be910c84de3c2b5485a31a15be3 DIST grub-2.12.tar.xz.sig 566 BLAKE2B 9b77fe53041b99f1196743aa6d9fc9c727b17c6512129bab2b35005f2c70f371e30521ddd804bf0c666e36cf2667247980f385ca1ac911fa9b8e0311427dc01c SHA512 fbe971d8c382578b49d33902234edd9cbd084b70820a1a56a59df4ec30874c0dd4fe27f8dc44bb380716bb7480ca68a87d120a25b92a6a10ff6c8ec1b60548d3 +DIST grub-2.14~rc1.tar.xz 7652220 BLAKE2B dededd47b4c29f1d8c6e92de78d8d90dd9fa661b5964af7033100fbd15c15e89e810db9c9127f84363425f586c3283ae4511c27f8bb69015b39582a10261a4a8 SHA512 d96e4c749caaa51393f037fd2e9d1837bef8b7b1c44655d86cdfc6447adf27bb4451fbb9e78b4846f3ee39102548b560b639f97dcf6f74563ee9afac60056c2e +DIST grub-2.14~rc1.tar.xz.sig 566 BLAKE2B eac34a1a513a818809162a4f827191902e933e95cf3775930a8bccb18b0eb052a8bc4175fd1ba89a8dda802951b3b758f18443c65be3f8268201fa07d93ed6ce SHA512 a67766234f8d075d50381c9b94513a41d9c4a5214e5f000f182069d3318695d13c10072030f74cdfc3dc72f98f4d90fc9133b005e0af11314c754072c12299ef DIST unifont-15.0.06.pcf.gz 1358322 BLAKE2B 81811e3de390ca35d1a2dc1f1dee73464e97f44907ba522c218ba9c5e39ca3c9d767552780a257a97c156eb623c17786d9c0d2b67786d61df5ca33a1e10db7ca SHA512 0a28a406629c604f5cbf51f501528239a7ed50d19f93ea505bc5bdc72639e4b926b03f4b8782a5733041f7cdb4aebb9948ac7cfd5a8ad9a0fe309944e595517b -DIST unifont-16.0.02.pcf.gz 1356741 BLAKE2B 1c6409e622fd7e3331bd4afc1d81b2663dd7eb98e586c73d5c85a6828b6a972a08fbe8ba4804c2daee43ddc89ece23fc1f6e9c48b16330d7e11b080b1d8aed61 SHA512 9691db982a6e808ff95ec3cf13b2f7b24d6103b4cce6e24eae7855ad74b063f0f745d2eac3909cda524e94df6cc2112f591b700c571106f0f3056e0a2580fac6 +DIST unifont-17.0.02.pcf.gz 1357145 BLAKE2B 6043055b10273930454b95bea847f4cd9cbceb7fa5f4b903a92d1e05093ed8d36b0be6cdcc96089d910b3af9b826d8bc0491070d7af568801e829fb69238d787 SHA512 8c325b8f1b872ced2a8ceffa89ce81858c4c768562711610529ae0be488dc335e333f8674cad78fe9550de222247816c435b0079bc959e6e1caebf4c7ecd2faf +DIST unifont-17.0.02.pcf.gz.sig 566 BLAKE2B b20c3b498862b5f652bea95ca240a279674de583b2f03dc0b9ee0bac46da2513d54ca8fdcacc222adf5360da6fe919060bf41d977335d7c11a1bf9407c84c99d SHA512 f31792427adf73c0cf16f890faa579fda5315cbc0c9ac17b4d19555255f49dbf89f6333012ce99fec9819252fd7b81e07a65a2cd0d3aa54a54ded8d7c50ac186 diff --git a/sdk_container/src/third_party/portage-stable/sys-boot/grub/files/grub-2.14_rc1-configure.ac-avoid-bashisms.patch b/sdk_container/src/third_party/portage-stable/sys-boot/grub/files/grub-2.14_rc1-configure.ac-avoid-bashisms.patch new file mode 100644 index 0000000000..f25b94c99e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-boot/grub/files/grub-2.14_rc1-configure.ac-avoid-bashisms.patch @@ -0,0 +1,46 @@ +https://bugs.gentoo.org/965315 + +From 5196d40b6ec6ad75e84ab98e9f4a3d71211f0d56 Mon Sep 17 00:00:00 2001 +From: Lars Wendler +Date: Thu, 30 Oct 2025 07:31:59 +0100 +Subject: [PATCH] configure.ac: avoid bashisms +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +or else configure check doesn't succeed with non-bash shell (e.g. dash): + + checking whether to enable AMD64 as(1) feature detection... /var/tmp/portage/sys-boot/grub-2.14_rc1/work/grub-2.14~rc1/configure: 39176: test: xx86_64: unexpected operator + no + +and later build fails with + + /var/tmp/portage/sys-boot/grub-2.14_rc1/work/grub-2.14~rc1/grub-core/lib/libgcrypt-grub/src/hwf-x86.c: In function ‘detect_x86_gnuc’: + /var/tmp/portage/sys-boot/grub-2.14_rc1/work/grub-2.14~rc1/grub-core/lib/libgcrypt-grub/src/hwf-x86.c:252:17: error: ‘HWF_INTEL_CPU’ undeclared (first use in this function) + 252 | result |= HWF_INTEL_CPU; + | ^~~~~~~~~~~~~ + +and other corresponding HWF_INTEL_* definitions because HAVE_CPU_ARCH_X86 was +erroneously not defined by configure script. + +Signed-off-by: Lars Wendler +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 8a72c078e..17937baf4 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1150,7 +1150,7 @@ fi + + # Implementation of the --disable-amd64-as-feature-detection switch. + AC_MSG_CHECKING([whether to enable AMD64 as(1) feature detection]) +-if test x$target_cpu == xx86_64 -a x$platform == xefi; then ++if test x$target_cpu = xx86_64 -a x$platform = xefi; then + CPPFLAGS_GCRY_ASM="-D__x86_64 -DHAVE_CPU_ARCH_X86" + AC_ARG_ENABLE(amd64-as-feature-detection, + AS_HELP_STRING([--disable-amd64-as-feature-detection], +-- +2.51.1 + diff --git a/sdk_container/src/third_party/portage-stable/sys-boot/grub/grub-2.12-r7.ebuild b/sdk_container/src/third_party/portage-stable/sys-boot/grub/grub-2.12-r7.ebuild index 960c9f57ed..c5797ed884 100644 --- a/sdk_container/src/third_party/portage-stable/sys-boot/grub/grub-2.12-r7.ebuild +++ b/sdk_container/src/third_party/portage-stable/sys-boot/grub/grub-2.12-r7.ebuild @@ -20,7 +20,7 @@ GRUB_AUTOGEN=1 GRUB_AUTORECONF=1 PYTHON_COMPAT=( python3_{10..13} ) WANT_LIBTOOL=none -VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/dkiper.gpg +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/grub.asc if [[ -n ${GRUB_AUTORECONF} ]]; then inherit autotools @@ -52,7 +52,7 @@ if [[ ${PV} != 9999 ]]; then " S=${WORKDIR}/${P%_*} fi - BDEPEND="verify-sig? ( sec-keys/openpgp-keys-danielkiper )" + BDEPEND="verify-sig? ( sec-keys/openpgp-keys-grub )" KEYWORDS="amd64 arm arm64 ~loong ppc ppc64 ~riscv ~sparc x86" else inherit git-r3 diff --git a/sdk_container/src/third_party/portage-stable/sys-boot/grub/grub-2.14_rc1.ebuild b/sdk_container/src/third_party/portage-stable/sys-boot/grub/grub-2.14_rc1.ebuild new file mode 100644 index 0000000000..0ba443e62b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-boot/grub/grub-2.14_rc1.ebuild @@ -0,0 +1,439 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# This ebuild uses 3 special global variables: +# GRUB_BOOTSTRAP: Invoke bootstrap (gnulib) +# GRUB_AUTOGEN: Invoke autogen.sh +# GRUB_AUTORECONF: Inherit autotools and invoke eautoreconf +# +# When applying patches: +# If gnulib is updated, set GRUB_BOOTSTRAP=1 +# If gentpl.py or *.def is updated, set GRUB_AUTOGEN=1 +# If gnulib, gentpl.py, *.def, or any autotools files are updated, set GRUB_AUTORECONF=1 +# +# If any of the above applies to a user patch, the user should set the +# corresponding variable in make.conf or the environment. + +GRUB_AUTORECONF=1 +if [[ ${PV} == 9999 ]]; then + GRUB_BOOTSTRAP=1 +fi + +PYTHON_COMPAT=( python3_{11..14} ) +WANT_LIBTOOL=none + +if [[ -n ${GRUB_AUTORECONF} ]]; then + inherit autotools +fi + +inherit bash-completion-r1 eapi9-ver flag-o-matic multibuild optfeature +inherit python-any-r1 secureboot toolchain-funcs verify-sig + +DESCRIPTION="GNU GRUB boot loader" +HOMEPAGE="https://www.gnu.org/software/grub/" + +MY_P=${P} +if [[ ${PV} != 9999 ]]; then + if [[ ${PV} == *_alpha* || ${PV} == *_beta* || ${PV} == *_rc* ]]; then + # The quote style is to work with <=bash-4.2 and >=bash-4.3 #503860 + MY_P=${P/_/'~'} + SRC_URI=" + https://alpha.gnu.org/gnu/${PN}/${MY_P}.tar.xz + verify-sig? ( https://alpha.gnu.org/gnu/${PN}/${MY_P}.tar.xz.sig ) + " + S=${WORKDIR}/${MY_P} + else + SRC_URI=" + mirror://gnu/${PN}/${P}.tar.xz + verify-sig? ( mirror://gnu/${PN}/${P}.tar.xz.sig ) + " + S=${WORKDIR}/${P%_*} + fi + BDEPEND=" + verify-sig? ( + sec-keys/openpgp-keys-grub + sec-keys/openpgp-keys-unifont + ) + " + KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" +else + inherit git-r3 + EGIT_REPO_URI="https://git.savannah.gnu.org/git/grub.git" +fi + +PATCHES=( + "${FILESDIR}"/gfxpayload.patch + "${FILESDIR}"/grub-2.02_beta2-KERNEL_GLOBS.patch + "${FILESDIR}"/grub-2.06-test-words.patch + "${FILESDIR}"/grub-2.14_rc1-configure.ac-avoid-bashisms.patch +) + +DEJAVU_VER=2.37 +DEJAVU=dejavu-fonts-ttf-${DEJAVU_VER} +UNIFONT=unifont-17.0.02 +SRC_URI+=" + fonts? ( + mirror://gnu/unifont/${UNIFONT}/${UNIFONT}.pcf.gz + verify-sig? ( mirror://gnu/unifont/${UNIFONT}/${UNIFONT}.pcf.gz.sig ) + ) + themes? ( https://downloads.sourceforge.net/project/dejavu/dejavu/${DEJAVU_VER}/${DEJAVU}.tar.bz2 ) +" + +# Includes licenses for dejavu and unifont +LICENSE="GPL-3+ BSD MIT fonts? ( GPL-2-with-font-exception ) themes? ( CC-BY-SA-3.0 BitstreamVera )" +SLOT="2/${PVR}" +IUSE="+device-mapper doc efiemu +fonts mount nls sdl test +themes truetype libzfs" + +GRUB_ALL_PLATFORMS=( coreboot efi-32 efi-64 emu ieee1275 loongson multiboot + qemu qemu-mips pc uboot xen xen-32 xen-pvh ) +IUSE+=" ${GRUB_ALL_PLATFORMS[@]/#/grub_platforms_}" + +REQUIRED_USE=" + grub_platforms_coreboot? ( fonts ) + grub_platforms_qemu? ( fonts ) + grub_platforms_ieee1275? ( fonts ) + grub_platforms_loongson? ( fonts ) +" + +BDEPEND+=" + ${PYTHON_DEPS} + >=sys-devel/flex-2.5.35 + sys-devel/bison + sys-apps/help2man + sys-apps/texinfo + fonts? ( + media-libs/freetype:2 + virtual/pkgconfig + ) + test? ( + app-admin/genromfs + app-alternatives/cpio + app-arch/lzop + app-emulation/qemu + dev-libs/libisoburn + sys-apps/miscfiles + sys-block/parted + sys-fs/squashfs-tools + ) + themes? ( + media-libs/freetype:2 + virtual/pkgconfig + ) + truetype? ( virtual/pkgconfig ) +" +DEPEND=" + app-arch/xz-utils + >=sys-libs/ncurses-5.2-r5:0= + grub_platforms_emu? ( + sdl? ( media-libs/libsdl2 ) + ) + device-mapper? ( >=sys-fs/lvm2-2.02.45 ) + libzfs? ( sys-fs/zfs:= ) + mount? ( sys-fs/fuse:3= ) + truetype? ( media-libs/freetype:2= ) + ppc? ( >=sys-apps/ibm-powerpc-utils-1.3.5 ) + ppc64? ( >=sys-apps/ibm-powerpc-utils-1.3.5 ) +" +RDEPEND="${DEPEND} + kernel_linux? ( + grub_platforms_efi-32? ( sys-boot/efibootmgr ) + grub_platforms_efi-64? ( sys-boot/efibootmgr ) + ) + !sys-boot/grub:0 + nls? ( sys-devel/gettext ) +" + +RESTRICT="!test? ( test ) test? ( userpriv )" + +QA_EXECSTACK="usr/bin/grub-emu* usr/lib/grub/*" +QA_PRESTRIPPED="usr/lib/grub/.*" +QA_MULTILIB_PATHS="usr/lib/grub/.*" +QA_WX_LOAD="usr/lib/grub/*" + +pkg_setup() { + : +} + +src_unpack() { + if [[ ${PV} == 9999 ]]; then + git-r3_src_unpack + pushd "${P}" >/dev/null || die + local GNULIB_URI="https://git.savannah.gnu.org/git/gnulib.git" + local GNULIB_REVISION=$(source bootstrap.conf >/dev/null; echo "${GNULIB_REVISION}") + git-r3_fetch "${GNULIB_URI}" "${GNULIB_REVISION}" + git-r3_checkout "${GNULIB_URI}" gnulib + popd >/dev/null || die + elif use verify-sig; then + verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.xz{,.sig} \ + "${BROOT}"/usr/share/openpgp-keys/grub.asc + fi + if use fonts && use verify-sig; then + verify-sig_verify_detached "${DISTDIR}"/${UNIFONT}.pcf.gz{,.sig} \ + "${BROOT}"/usr/share/openpgp-keys/unifont.asc + fi + default +} + +src_prepare() { + default + + python_setup + + if [[ -n ${GRUB_BOOTSTRAP} ]]; then + eautopoint --force + AUTOPOINT=: AUTORECONF=: ./bootstrap || die + elif [[ -n ${GRUB_AUTOGEN} ]]; then + FROM_BOOTSTRAP=1 ./autogen.sh || die + fi + + if [[ -n ${GRUB_AUTORECONF} ]]; then + eautoreconf + fi +} + +grub_do() { + multibuild_foreach_variant run_in_build_dir "$@" +} + +grub_do_once() { + multibuild_for_best_variant run_in_build_dir "$@" +} + +grub_configure() { + local platform + + case ${MULTIBUILD_VARIANT} in + efi*) platform=efi ;; + xen-pvh) platform=xen_pvh ;; + xen*) platform=xen ;; + guessed) ;; + *) platform=${MULTIBUILD_VARIANT} ;; + esac + + case ${MULTIBUILD_VARIANT} in + *-32) + if [[ ${CTARGET:-${CHOST}} == x86_64* ]]; then + local CTARGET=i386 + fi ;; + *-64) + if [[ ${CTARGET:-${CHOST}} == i?86* ]]; then + local CTARGET=x86_64 + local -x TARGET_CFLAGS="-Os -march=x86-64 ${TARGET_CFLAGS}" + local -x TARGET_CPPFLAGS="-march=x86-64 ${TARGET_CPPFLAGS}" + fi ;; + esac + + local myeconfargs=( + --disable-werror + --program-prefix= + --libdir="${EPREFIX}"/usr/lib + $(use_enable device-mapper) + $(use_enable mount grub-mount) + $(use_enable nls) + $(use_enable themes grub-themes) + $(use_enable truetype grub-mkfont) + $(use_enable libzfs) + --enable-grub-emu-sdl=no + $(use_enable sdl grub-emu-sdl2) + ${platform:+--with-platform=}${platform} + + # Let configure detect this where supported + $(usex efiemu '' '--disable-efiemu') + ) + + if use fonts; then + cp "${WORKDIR}/${UNIFONT}.pcf" unifont.pcf || die + fi + + if use themes; then + cp "${WORKDIR}/${DEJAVU}/ttf/DejaVuSans.ttf" DejaVuSans.ttf || die + fi + + local ECONF_SOURCE="${S}" + econf "${myeconfargs[@]}" +} + +src_configure() { + # Bug 508758. + replace-flags -O3 -O2 + + # Workaround for bug 829165. + filter-ldflags -pie + + # We don't want to leak flags onto boot code. + export HOST_CCASFLAGS=${CCASFLAGS} + export HOST_CFLAGS=${CFLAGS} + export HOST_CPPFLAGS=${CPPFLAGS} + export HOST_LDFLAGS=${LDFLAGS} + unset CCASFLAGS CFLAGS CPPFLAGS LDFLAGS + + tc-ld-disable-gold #439082 #466536 #526348 + export TARGET_LDFLAGS="${TARGET_LDFLAGS} ${LDFLAGS}" + unset LDFLAGS + + tc-export CC NM OBJCOPY RANLIB STRIP + tc-export BUILD_CC BUILD_PKG_CONFIG + + # Force configure to use flex & bison, bug 887211. + export LEX=flex + unset YACC + + MULTIBUILD_VARIANTS=() + local p + for p in "${GRUB_ALL_PLATFORMS[@]}"; do + use "grub_platforms_${p}" && MULTIBUILD_VARIANTS+=( "${p}" ) + done + [[ ${#MULTIBUILD_VARIANTS[@]} -eq 0 ]] && MULTIBUILD_VARIANTS=( guessed ) + grub_do grub_configure +} + +src_compile() { + # Sandbox bug 404013. + use libzfs && { addpredict /etc/dfs; addpredict /dev/zfs; } + + grub_do emake + use doc && grub_do_once emake -C docs html +} + +src_test() { + # The qemu dependency is a bit complex. + # You will need to adjust QEMU_SOFTMMU_TARGETS to match the cpu/platform. + local SANDBOX_WRITE=${SANDBOX_WRITE} + addwrite /dev + grub_do emake -j1 check +} + +grub_mkstandalone_secureboot() { + use secureboot || return + + if tc-is-cross-compiler; then + ewarn "USE=secureboot is not supported when cross-compiling." + ewarn "No standalone EFI executable will be built." + return 1 + fi + + local standalone_targets + + case ${CTARGET:-${CHOST}} in + i?86* | x86_64*) + use grub_platforms_efi-32 && standalone_targets+=( i386-efi ) + use grub_platforms_efi-64 && standalone_targets+=( x86_64-efi ) + ;; + arm* | aarch64*) + use grub_platforms_efi-32 && standalone_targets+=( arm-efi ) + use grub_platforms_efi-64 && standalone_targets+=( arm64-efi ) + ;; + riscv*) + use grub_platforms_efi-32 && standalone_targets+=( riscv32-efi ) + use grub_platforms_efi-64 && standalone_targets+=( riscv64-efi ) + ;; + ia64*) + use grub_platforms_efi-64 && standalone_targets+=( ia64-efi ) + ;; + loongarch64*) + use grub_platforms_efi-64 && standalone_targets+=( loongarch64-efi ) + ;; + esac + + if [[ ${#standalone_targets[@]} -eq 0 ]]; then + ewarn "USE=secureboot is enabled, but no suitable EFI target in GRUB_PLATFORMS." + ewarn "No standalone EFI executable will be built." + return 1 + fi + + local target mkstandalone_args + + # grub-mkstandalone embeds a config file, make this config file chainload + # a config file in the same directory grub is installed in. This requires + # pre-loading the part_gpt and part_msdos modules. + echo 'configfile ${cmdpath}/grub.cfg' > "${T}/grub.cfg" || die + for target in "${standalone_targets[@]}"; do + ebegin "Building standalone EFI executable for ${target}" + mkstandalone_args=( + --verbose + --directory="${ED}/usr/lib/grub/${target}" + --locale-directory="${ED}/usr/share/locale" + --format="${target}" + --modules="part_gpt part_msdos" + --sbat="${ED}/usr/share/grub/sbat.csv" + --output="${ED}/usr/lib/grub/grub-${target%-efi}.efi" + "boot/grub/grub.cfg=${T}/grub.cfg" + ) + + "${ED}/usr/bin/grub-mkstandalone" "${mkstandalone_args[@]}" + eend ${?} || die "grub-mkstandalone failed to build EFI executable" + done + + secureboot_auto_sign +} + +src_install() { + grub_do emake install DESTDIR="${D}" bashcompletiondir="$(get_bashcompdir)" + use doc && grub_do_once emake -C docs install-html DESTDIR="${D}" + + einstalldocs + + insinto /etc/default + newins "${FILESDIR}"/grub.default-4 grub + + # https://bugs.gentoo.org/231935 + dostrip -x /usr/lib/grub + + sed -e "s/%PV%/${PV}/" "${FILESDIR}/sbat.csv" > "${T}/sbat.csv" || die + insinto /usr/share/grub + doins "${T}/sbat.csv" + + if use elibc_musl; then + # https://bugs.gentoo.org/900348 + QA_CONFIG_IMPL_DECL_SKIP=( re_{compile_pattern,match,search,set_syntax} ) + fi + + grub_mkstandalone_secureboot +} + +pkg_postinst() { + elog "For information on how to configure GRUB2 please refer to the guide:" + elog " https://wiki.gentoo.org/wiki/GRUB2_Quick_Start" + + if [[ -z ${REPLACING_VERSIONS} ]]; then + elog + optfeature "detecting other operating systems (grub-mkconfig)" sys-boot/os-prober + optfeature "creating rescue media (grub-mkrescue)" dev-libs/libisoburn sys-fs/mtools + optfeature "enabling RAID device detection" sys-fs/mdadm + optfeature "automatically updating GRUB's configuration on each kernel installation" "sys-kernel/installkernel[grub]" + elif ver_replacing -lt ${PVR}; then + ewarn + ewarn "Re-run grub-install to update installed boot code!" + ewarn "Re-run grub-mkconfig to update grub.cfg!" + ewarn + fi + + if has_version 'sys-boot/grub:0'; then + elog "A migration guide for GRUB Legacy users is available:" + elog " https://wiki.gentoo.org/wiki/GRUB2_Migration" + fi + + if has_version sys-boot/os-prober; then + ewarn "Due to security concerns, os-prober is disabled by default." + ewarn "Set GRUB_DISABLE_OS_PROBER=false in /etc/default/grub to enable it." + fi + + if use secureboot; then + elog + elog "The signed standalone grub EFI executable(s) are available in:" + elog " /usr/lib/grub/grub-.efi(.signed)" + elog "These EFI executables should be copied to the usual location at:" + elog " ESP/EFI/Gentoo/grub.efi" + elog "Note that 'grub-install' does not install these images." + elog + elog "These standalone grub executables read the grub config file from" + elog "the grub.cfg in the same directory instead of the default" + elog "/boot/grub/grub.cfg. When sys-kernel/installkernel[grub] is used," + elog "the location of the grub.cfg may be overridden by setting the" + elog "GRUB_CFG environment variable:" + elog " GRUB_CFG=ESP/EFI/Gentoo/grub.cfg" + elog + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-boot/grub/grub-9999.ebuild b/sdk_container/src/third_party/portage-stable/sys-boot/grub/grub-9999.ebuild index 0cc833ac5a..4ff9024e47 100644 --- a/sdk_container/src/third_party/portage-stable/sys-boot/grub/grub-9999.ebuild +++ b/sdk_container/src/third_party/portage-stable/sys-boot/grub/grub-9999.ebuild @@ -21,24 +21,21 @@ if [[ ${PV} == 9999 ]]; then GRUB_BOOTSTRAP=1 fi -PYTHON_COMPAT=( python3_{10..13} ) +PYTHON_COMPAT=( python3_{11..14} ) WANT_LIBTOOL=none -VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/dkiper.gpg if [[ -n ${GRUB_AUTORECONF} ]]; then inherit autotools fi inherit bash-completion-r1 eapi9-ver flag-o-matic multibuild optfeature -inherit python-any-r1 secureboot toolchain-funcs +inherit python-any-r1 secureboot toolchain-funcs verify-sig DESCRIPTION="GNU GRUB boot loader" HOMEPAGE="https://www.gnu.org/software/grub/" MY_P=${P} if [[ ${PV} != 9999 ]]; then - inherit verify-sig - if [[ ${PV} == *_alpha* || ${PV} == *_beta* || ${PV} == *_rc* ]]; then # The quote style is to work with <=bash-4.2 and >=bash-4.3 #503860 MY_P=${P/_/'~'} @@ -54,7 +51,12 @@ if [[ ${PV} != 9999 ]]; then " S=${WORKDIR}/${P%_*} fi - BDEPEND="verify-sig? ( sec-keys/openpgp-keys-danielkiper )" + BDEPEND=" + verify-sig? ( + sec-keys/openpgp-keys-grub + sec-keys/openpgp-keys-unifont + ) + " KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" else inherit git-r3 @@ -69,9 +71,12 @@ PATCHES=( DEJAVU_VER=2.37 DEJAVU=dejavu-fonts-ttf-${DEJAVU_VER} -UNIFONT=unifont-16.0.02 +UNIFONT=unifont-17.0.02 SRC_URI+=" - fonts? ( mirror://gnu/unifont/${UNIFONT}/${UNIFONT}.pcf.gz ) + fonts? ( + mirror://gnu/unifont/${UNIFONT}/${UNIFONT}.pcf.gz + verify-sig? ( mirror://gnu/unifont/${UNIFONT}/${UNIFONT}.pcf.gz.sig ) + ) themes? ( https://downloads.sourceforge.net/project/dejavu/dejavu/${DEJAVU_VER}/${DEJAVU}.tar.bz2 ) " @@ -160,7 +165,12 @@ src_unpack() { git-r3_checkout "${GNULIB_URI}" gnulib popd >/dev/null || die elif use verify-sig; then - verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.xz{,.sig} + verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.xz{,.sig} \ + "${BROOT}"/usr/share/openpgp-keys/grub.asc + fi + if use fonts && use verify-sig; then + verify-sig_verify_detached "${DISTDIR}"/${UNIFONT}.pcf.gz{,.sig} \ + "${BROOT}"/usr/share/openpgp-keys/unifont.asc fi default }