commit yast2-bootloader for openSUSE:Factory

Source-Sync Wed, 05 Mar 2025 04:47:05 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package yast2-bootloader for 
openSUSE:Factory checked in at 2025-03-05 13:38:26
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-bootloader (Old)
 and      /work/SRC/openSUSE:Factory/.yast2-bootloader.new.19136 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "yast2-bootloader"

Wed Mar  5 13:38:26 2025 rev:343 rq:1249614 version:5.0.15

Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-bootloader/yast2-bootloader.changes        
2025-01-14 16:21:44.251748880 +0100
+++ 
/work/SRC/openSUSE:Factory/.yast2-bootloader.new.19136/yast2-bootloader.changes 
    2025-03-05 13:38:39.295855196 +0100
@@ -1,0 +2,5 @@
+Thu Feb 27 08:44:41 UTC 2025 - Stefan Schubert <[email protected]>
+
+- Enabled secure boot for grub2-bls (jsc#PED-10703).
+
+-------------------------------------------------------------------

Old:
----
  yast2-bootloader-5.0.14.tar.bz2

New:
----
  yast2-bootloader-5.0.15.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ yast2-bootloader.spec ++++++
--- /var/tmp/diff_new_pack.RkFnLB/_old  2025-03-05 13:38:39.875879528 +0100
+++ /var/tmp/diff_new_pack.RkFnLB/_new  2025-03-05 13:38:39.879879696 +0100
@@ -17,7 +17,7 @@
 
 
 Name:           yast2-bootloader
-Version:        5.0.14
+Version:        5.0.15
 Release:        0
 Summary:        YaST2 - Bootloader Configuration
 License:        GPL-2.0-or-later

++++++ yast2-bootloader-5.0.14.tar.bz2 -> yast2-bootloader-5.0.15.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/yast2-bootloader-5.0.14/package/yast2-bootloader.changes 
new/yast2-bootloader-5.0.15/package/yast2-bootloader.changes
--- old/yast2-bootloader-5.0.14/package/yast2-bootloader.changes        
2025-01-13 13:38:32.000000000 +0100
+++ new/yast2-bootloader-5.0.15/package/yast2-bootloader.changes        
2025-03-03 08:37:14.000000000 +0100
@@ -1,4 +1,9 @@
 -------------------------------------------------------------------
+Thu Feb 27 08:44:41 UTC 2025 - Stefan Schubert <[email protected]>
+
+- Enabled secure boot for grub2-bls (jsc#PED-10703).
+
+-------------------------------------------------------------------
 Thu Jan  9 11:26:59 UTC 2025 - Stefan Schubert <[email protected]>
 
 - Added grub2-bls support (jsc#PED-10703).
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/yast2-bootloader-5.0.14/package/yast2-bootloader.spec 
new/yast2-bootloader-5.0.15/package/yast2-bootloader.spec
--- old/yast2-bootloader-5.0.14/package/yast2-bootloader.spec   2025-01-13 
13:38:32.000000000 +0100
+++ new/yast2-bootloader-5.0.15/package/yast2-bootloader.spec   2025-03-03 
08:37:14.000000000 +0100
@@ -17,7 +17,7 @@
 
 
 Name:           yast2-bootloader
-Version:        5.0.14
+Version:        5.0.15
 Release:        0
 Summary:        YaST2 - Bootloader Configuration
 License:        GPL-2.0-or-later
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/yast2-bootloader-5.0.14/src/lib/bootloader/grub2bls.rb 
new/yast2-bootloader-5.0.15/src/lib/bootloader/grub2bls.rb
--- old/yast2-bootloader-5.0.14/src/lib/bootloader/grub2bls.rb  2025-01-13 
13:38:32.000000000 +0100
+++ new/yast2-bootloader-5.0.15/src/lib/bootloader/grub2bls.rb  2025-03-03 
08:37:14.000000000 +0100
@@ -28,15 +28,31 @@
       @is_proposed = false
     end
 
+    # Secure boot setting shown in summary screen.
+    # sdbootutil intialize secure boot if shim has been installed.
+    #
+    # @return [String]
+    def secure_boot_summary
+      link = if secure_boot
+        "<a href=\"disable_secure_boot\">(#{_("disable")})</a>"
+      else
+        "<a href=\"enable_secure_boot\">(#{_("enable")})</a>"
+      end
+
+      "#{_("Secure Boot:")} #{status_string(secure_boot)} #{link}"
+    end
+
     # Display bootloader summary
     # @return a list of summary lines
     def summary(*)
-      [
+      result = [
         Yast::Builtins.sformat(
           _("Boot Loader Type: %1"),
           "GRUB2 BLS"
         )
       ]
+      result << secure_boot_summary if Systeminfo.secure_boot_available?(name)
+      result
     end
 
     # @return bootloader name
@@ -56,10 +72,12 @@
           lines = + line
         end
       end
+      self.secure_boot = Systeminfo.secure_boot_active?
       grub_default.kernel_params.replace(lines)
       log.info "kernel params: #{grub_default.kernel_params}"
-      log.info "bls sections: #{@sections.all}"
-      log.info "bls default:  #{@sections.default}"
+      log.info "bls sections:  #{@sections.all}"
+      log.info "bls default:   #{@sections.default}"
+      log.info "secure boot:   #{secure_boot}"
       @is_read = true # flag that settings has been read
     end
 
@@ -76,6 +94,7 @@
         grub_default.kernel_params.replace(kernel_line)
       end
       grub_default.timeout = 
Yast::ProductFeatures.GetIntegerFeature("globals", "boot_timeout").to_i
+      self.secure_boot = Systeminfo.secure_boot_supported?
       @is_proposed = true
       # for UEFI always remove PMBR flag on disk (bnc#872054)
       self.pmbr_action = :remove
@@ -112,6 +131,7 @@
       log.info "         mitigations: #{cpu_mitigations.to_human_string}=>" \
                "#{other.cpu_mitigations.to_human_string}"
       log.info "         pmbr_action: #{pmbr_action}=>#{other.pmbr_action}"
+      log.info "         secure boot: #{other.secure_boot}"
       log.info "         grub_default.kernel_params: 
#{grub_default.kernel_params.serialize}=>" \
                "#{other.grub_default.kernel_params.serialize}"
       log.info "         grub_default.kernel_params: 
#{grub_default.kernel_params.serialize}=>" \
@@ -120,11 +140,13 @@
       merge_sections(other)
       merge_grub_default(other)
       merge_pmbr_action(other)
+      self.secure_boot = other.secure_boot unless other.secure_boot.nil?
 
       log.info "merging result: timeout: #{grub_default.timeout}"
       log.info "                mitigations: 
#{cpu_mitigations.to_human_string}"
       log.info "                kernel_params: 
#{grub_default.kernel_params.serialize}"
       log.info "                pmbr_action: #{pmbr_action}"
+      log.info "                secure boot: #{secure_boot}"
     end
     # rubocop:enable Metrics/AbcSize
 
@@ -133,9 +155,18 @@
       res = super
       res << ("grub2-" + grub2bls_architecture + "-efi-bls")
       res << "sdbootutil"
+      res << "shim" if secure_boot
       res
     end
 
+    # overwrite BootloaderBase version to save secure boot
+    def write_sysconfig(prewrite: false)
+      sysconfig = Bootloader::Sysconfig.new(bootloader: name,
+        secure_boot: secure_boot, trusted_boot: false,
+        update_nvram: false)
+      prewrite ? sysconfig.pre_write : sysconfig.write
+    end
+
   private
 
     def grub2bls_architecture
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/yast2-bootloader-5.0.14/src/lib/bootloader/systeminfo.rb 
new/yast2-bootloader-5.0.15/src/lib/bootloader/systeminfo.rb
--- old/yast2-bootloader-5.0.14/src/lib/bootloader/systeminfo.rb        
2025-01-13 13:38:32.000000000 +0100
+++ new/yast2-bootloader-5.0.15/src/lib/bootloader/systeminfo.rb        
2025-03-03 08:37:14.000000000 +0100
@@ -46,8 +46,6 @@
         return false if efi_arch == "i386"
         # no shim neither secure boot support for 32 bit arm nor riscv64 
(bsc#1229070)
         return false if Yast::Arch.arm || Yast::Arch.riscv64
-        # not for grub2-bls
-        return false if bootloader_name == "grub2-bls"
 
         efi_used?(bootloader_name) || s390_secure_boot_available? || 
ppc_secure_boot_available?
       end

commit yast2-bootloader for openSUSE:Factory

Reply via email to