From 0f64ba5bc885f8f65a72eb25c9ab0569a7fd86d5 Mon Sep 17 00:00:00 2001 From: Zhao Hang Date: Tue, 5 Dec 2023 16:29:36 +0800 Subject: [PATCH 1/2] update to rear-2.6-10.src.rpm Signed-off-by: Zhao Hang --- rear-device-shrinking-bz2223895.patch | 32 +++++++++ rear-luks-key-bz2228779.patch | 25 +++++++ rear-uefi-usb-secureboot-bz2196445.patch | 82 +++++++++++++++++++++++ rear-usb-uefi-part-size-bz2228402.patch | 41 ++++++++++++ rear-vg-command-not-found-bz2121476.patch | 21 ++++++ rear.spec | 39 ++++++----- 6 files changed, 222 insertions(+), 18 deletions(-) create mode 100644 rear-device-shrinking-bz2223895.patch create mode 100644 rear-luks-key-bz2228779.patch create mode 100644 rear-uefi-usb-secureboot-bz2196445.patch create mode 100644 rear-usb-uefi-part-size-bz2228402.patch create mode 100644 rear-vg-command-not-found-bz2121476.patch diff --git a/rear-device-shrinking-bz2223895.patch b/rear-device-shrinking-bz2223895.patch new file mode 100644 index 0000000..4da263c --- /dev/null +++ b/rear-device-shrinking-bz2223895.patch @@ -0,0 +1,32 @@ +commit 4f03a10d4866efc9b6920a3878e6397d170742f9 +Author: Johannes Meixner +Date: Thu Jul 20 15:11:52 2023 +0200 + + Merge pull request #3027 from rmetrich/shrinking_file + + In build/GNU/Linux/100_copy_as_is.sh + ensure to really get all COPY_AS_IS files copied by using + 'tar ... -i' when extracting to avoid a false regular exit of 'tar' + in particular when padding zeroes get added when a file being read shrinks + because for 'tar' (without '-i') two consecutive 512-blocks of zeroes mean EOF, + cf. https://github.com/rear/rear/pull/3027 + +diff --git a/usr/share/rear/build/GNU/Linux/100_copy_as_is.sh b/usr/share/rear/build/GNU/Linux/100_copy_as_is.sh +index ec55f331..0e402b01 100644 +--- a/usr/share/rear/build/GNU/Linux/100_copy_as_is.sh ++++ b/usr/share/rear/build/GNU/Linux/100_copy_as_is.sh +@@ -92,9 +92,13 @@ done >$copy_as_is_exclude_file + # COPY_AS_IS+=( /path/to/directory/* ) + # which are used in our scripts and by users in their etc/rear/local.conf + # cf. https://github.com/rear/rear/pull/2405#issuecomment-633512932 ++# Using '-i' when extracting is necessary to avoid a false regular exit of 'tar' ++# in particular when padding zeroes get added when a file being read shrinks ++# because for 'tar' (without '-i') two consecutive 512-blocks of zeroes mean EOF, ++# cf. https://github.com/rear/rear/pull/3027 + # FIXME: The following code fails if file names contain characters from IFS (e.g. blanks), + # cf. https://github.com/rear/rear/issues/1372 +-if ! tar -v -X $copy_as_is_exclude_file -P -C / -c ${COPY_AS_IS[*]} 2>$copy_as_is_filelist_file | tar $v -C $ROOTFS_DIR/ -x 1>/dev/null ; then ++if ! tar -v -X $copy_as_is_exclude_file -P -C / -c ${COPY_AS_IS[*]} 2>$copy_as_is_filelist_file | tar $v -C $ROOTFS_DIR/ -x -i 1>/dev/null ; then + Error "Failed to copy files and directories in COPY_AS_IS minus COPY_AS_IS_EXCLUDE" + fi + Log "Finished copying files and directories in COPY_AS_IS minus COPY_AS_IS_EXCLUDE" diff --git a/rear-luks-key-bz2228779.patch b/rear-luks-key-bz2228779.patch new file mode 100644 index 0000000..56559d9 --- /dev/null +++ b/rear-luks-key-bz2228779.patch @@ -0,0 +1,25 @@ +commit 2aa7b47354bdf5863071c8b479d29c99aad05ecb +Author: Johannes Meixner +Date: Fri Jul 24 13:02:45 2020 +0200 + + Update 240_reassign_luks_keyfiles.sh + + Use ReaR specific TMP_DIR (not TMPDIR or hardcoded /tmp) + +diff --git a/usr/share/rear/finalize/GNU/Linux/240_reassign_luks_keyfiles.sh b/usr/share/rear/finalize/GNU/Linux/240_reassign_luks_keyfiles.sh +index d989c3fb..358f3950 100644 +--- a/usr/share/rear/finalize/GNU/Linux/240_reassign_luks_keyfiles.sh ++++ b/usr/share/rear/finalize/GNU/Linux/240_reassign_luks_keyfiles.sh +@@ -24,9 +24,9 @@ awk ' + while read target_name source_device original_keyfile; do + Log "Re-assigning keyfile $original_keyfile to LUKS device $target_name ($source_device)" + +- # The scheme for generating a temporary keyfile path must be the same here and in the 'layout/prepare' stage. +- temp_keyfile="${TMPDIR:-/tmp}/LUKS-keyfile-$target_name" +- [ -f "$temp_keyfile" ] || BugError "temporary keyfile $temp_keyfile not found" ++ # The scheme for generating a temporary keyfile path must be the same here and in the 'layout/prepare' stage: ++ temp_keyfile="$TMP_DIR/LUKS-keyfile-$target_name" ++ test -f "$temp_keyfile" || BugError "temporary LUKS keyfile $temp_keyfile not found" + + target_keyfile="$TARGET_FS_ROOT/$original_keyfile" + diff --git a/rear-uefi-usb-secureboot-bz2196445.patch b/rear-uefi-usb-secureboot-bz2196445.patch new file mode 100644 index 0000000..2fc7035 --- /dev/null +++ b/rear-uefi-usb-secureboot-bz2196445.patch @@ -0,0 +1,82 @@ +commit 4af486794d45adbda7567361d8dcc658599dcd2c +Author: Johannes Meixner +Date: Tue Aug 8 14:44:16 2023 +0200 + + Merge pull request #3031 from rear/jsmeix-USB-Secure-Boot + + Secure Boot support for OUTPUT=USB: + In output/USB/Linux-i386/100_create_efiboot.sh + added SECURE_BOOT_BOOTLOADER related code that is based + on the code in output/ISO/Linux-i386/250_populate_efibootimg.sh + with some adaptions to make it work within the existing USB code. + The basic idea for Secure Boot booting of the ReaR recovery system + is to "just copy" the (signed) EFI binaries of the Linux distribution + (shim*.efi and grub*.efi as first and second stage UEFI bootloaders) + instead of let ReaR make its own EFI binary via build_bootx86_efi() + see https://github.com/rear/rear/pull/3031 + +diff --git a/usr/share/rear/output/USB/Linux-i386/100_create_efiboot.sh b/usr/share/rear/output/USB/Linux-i386/100_create_efiboot.sh +index f4659306..fd631c44 100644 +--- a/usr/share/rear/output/USB/Linux-i386/100_create_efiboot.sh ++++ b/usr/share/rear/output/USB/Linux-i386/100_create_efiboot.sh +@@ -29,6 +29,44 @@ mount $EFI_PART $EFI_MPT || Error "Failed to mount EFI partition '$EFI_PART' at + mkdir -p $EFI_DST || Error "Failed to create directory '$EFI_DST'" + + # Copy boot loader ++# The SECURE_BOOT_BOOTLOADER related code below is based on the code in output/ISO/Linux-i386/250_populate_efibootimg.sh ++# because I noticed that Secure Boot works with ISO at least for me, cf. ++# https://github.com/rear/rear/pull/3025#issuecomment-1635876186 ++# but not with USB, cf. ++# https://github.com/rear/rear/pull/3025#issuecomment-1643774477 ++# so I tried to re-use the ISO Secure Boot code for USB ++# which made Secure Boot "just work" for me with USB ++# but I had to do some (minor) adaptions to make it work ++# within the existing USB code, cf. ++# https://github.com/rear/rear/pull/3031#issuecomment-1653443454 ++# Copy UEFI bootloader: ++if test -f "$SECURE_BOOT_BOOTLOADER" ; then ++ # For a technical description of Shim see https://mjg59.dreamwidth.org/19448.html ++ # Shim is a signed EFI binary that is a first stage bootloader ++ # that loads and executes another (signed) EFI binary ++ # which normally is a second stage bootloader ++ # which normally is a GRUB EFI binary ++ # which normally is available as a file named grub*.efi ++ # so when SECURE_BOOT_BOOTLOADER is used as UEFI_BOOTLOADER ++ # (cf. rescue/default/850_save_sysfs_uefi_vars.sh) ++ # then Shim (usually shim.efi) must be copied as EFI/BOOT/BOOTX64.efi ++ # and Shim's second stage bootloader must be also copied where Shim already is. ++ DebugPrint "Using '$SECURE_BOOT_BOOTLOADER' as first stage Secure Boot bootloader BOOTX64.efi" ++ cp -L $v "$SECURE_BOOT_BOOTLOADER" "$EFI_DST/BOOTX64.efi" || Error "Failed to copy SECURE_BOOT_BOOTLOADER '$SECURE_BOOT_BOOTLOADER' to $EFI_DST/BOOTX64.efi" ++ # When Shim is used, its second stage bootloader can be actually anything ++ # named grub*.efi (second stage bootloader is Shim compile time option), see ++ # http://www.rodsbooks.com/efi-bootloaders/secureboot.html#initial_shim ++ local uefi_bootloader_dirname="$( dirname $SECURE_BOOT_BOOTLOADER )" ++ local second_stage_UEFI_bootloader_files="$( echo $uefi_bootloader_dirname/grub*.efi )" ++ # Avoid 'nullglob' pitfall when nothing matches .../grub*.efi which would result ++ # an invalid "cp -v /var/tmp/.../EFI/BOOT/" command that fails ++ # cf. https://github.com/rear/rear/issues/1921 ++ test "$second_stage_UEFI_bootloader_files" || Error "Could not find second stage Secure Boot bootloader $uefi_bootloader_dirname/grub*.efi" ++ DebugPrint "Using second stage Secure Boot bootloader files: $second_stage_UEFI_bootloader_files" ++ cp -L $v $second_stage_UEFI_bootloader_files $EFI_DST/ || Error "Failed to copy second stage Secure Boot bootloader files" ++else ++ cp -L $v "$UEFI_BOOTLOADER" "$EFI_DST/BOOTX64.efi" || Error "Failed to copy UEFI_BOOTLOADER '$UEFI_BOOTLOADER' to $EFI_DST/BOOTX64.efi" ++fi + cp $v $UEFI_BOOTLOADER "$EFI_DST/BOOTX64.efi" || Error "Failed to copy UEFI_BOOTLOADER '$UEFI_BOOTLOADER' to $EFI_DST/BOOTX64.efi" + + # Copy kernel +@@ -93,7 +131,14 @@ EOF + create_grub2_cfg ${EFI_DIR}/kernel ${EFI_DIR}/$REAR_INITRD_FILENAME > ${EFI_DST}/grub.cfg + + # Create bootloader, this overwrite BOOTX64.efi copied in previous step ... +- build_bootx86_efi ${EFI_DST}/BOOTX64.efi ${EFI_DST}/grub.cfg "/boot" "$UEFI_BOOTLOADER" ++ # Create BOOTX86.efi but only if we are NOT secure booting. ++ # We are not able to create signed boot loader ++ # so we need to reuse existing one. ++ # See issue #1374 ++ # build_bootx86_efi () can be safely used for other scenarios. ++ if ! test -f "$SECURE_BOOT_BOOTLOADER" ; then ++ build_bootx86_efi ${EFI_DST}/BOOTX64.efi ${EFI_DST}/grub.cfg "/boot" "$UEFI_BOOTLOADER" ++ fi + ;; + *) + BugError "Neither grub 0.97 nor 2.0" diff --git a/rear-usb-uefi-part-size-bz2228402.patch b/rear-usb-uefi-part-size-bz2228402.patch new file mode 100644 index 0000000..68cf13e --- /dev/null +++ b/rear-usb-uefi-part-size-bz2228402.patch @@ -0,0 +1,41 @@ +commit 1cd41052f7a7cd42ea14ea53b7280c73624aba3f +Author: Johannes Meixner +Date: Mon Mar 21 12:14:21 2022 +0100 + + Merge pull request #2774 from rear/jsmeix-1024-USB_UEFI_PART_SIZE + + In default.conf increase USB_UEFI_PART_SIZE to 1024 MiB, + cf. https://github.com/rear/rear/pull/1205 + in particular to also make things work by default when additional + third-party kernel modules and firmware (e.g. from Nvidia) are used, + cf. https://github.com/rear/rear/issues/2770#issuecomment-1068935688 + +diff --git a/usr/share/rear/conf/default.conf b/usr/share/rear/conf/default.conf +index 8faa56aa..17a764cb 100644 +--- a/usr/share/rear/conf/default.conf ++++ b/usr/share/rear/conf/default.conf +@@ -872,13 +872,20 @@ USB_PARTITION_ALIGN_BLOCK_SIZE="8" + # in MiB when formatting a medium by the format workflow. + # If USB_UEFI_PART_SIZE is empty or invalid (i.e. not an unsigned integer larger than 0) + # the user must interactively enter a valid value while running the format workflow. +-# The default value of 400 MiB should be sufficiently big and it is in compliance +-# with the 8 MiB partition alignment default value ( 400 = 8 * 50 ) +-# and even with a 16 MiB partition alignment value ( 400 = 16 * 25 ) ++# The default value of 1024 MiB should be sufficiently big + # cf. https://github.com/rear/rear/pull/1205 ++# in particular when third-party kernel modules and firmware (e.g. from Nvidia) are used ++# cf. https://github.com/rear/rear/issues/2770#issuecomment-1068935688 ++# and 1024 MiB is in compliance with the 8 MiB partition alignment value ( 1024 = 8 * 128 ) ++# and also with higher 2^n MiB partition alignment values. ++# Furthermore the default value of 1024 MiB results that the FAT filesystem of the ESP ++# will be in compliance with that the ESP should officially use a FAT32 filesystem ++# because mkfs.vfat automatically makes a FAT32 filesystem starting at 512 MiB ++# (a FAT16 ESP works in most cases but causes issues with certain UEFI firmware) ++# cf. https://github.com/rear/rear/issues/2575 + # The value of USB_UEFI_PART_SIZE will be rounded to the nearest + # USB_PARTITION_ALIGN_BLOCK_SIZE chunk: +-USB_UEFI_PART_SIZE="400" ++USB_UEFI_PART_SIZE="1024" + # + # Default boot option (i.e. what gets booted automatically after some timeout) + # when EXTLINUX boots the USB stick or USB disk or other disk device on BIOS systems. diff --git a/rear-vg-command-not-found-bz2121476.patch b/rear-vg-command-not-found-bz2121476.patch new file mode 100644 index 0000000..6d6ab1d --- /dev/null +++ b/rear-vg-command-not-found-bz2121476.patch @@ -0,0 +1,21 @@ +commit ead05a460d3b219372f47be888ba6011c7fd3318 +Author: Pavel Cahyna +Date: Tue Aug 22 12:32:04 2023 +0200 + + Fix downstream only bug + + \$IsInArray -> IsInArray - it is a shell function, not a variable. + +diff --git a/usr/share/rear/layout/prepare/GNU/Linux/110_include_lvm_code.sh b/usr/share/rear/layout/prepare/GNU/Linux/110_include_lvm_code.sh +index d34ab335..a65a9c8e 100644 +--- a/usr/share/rear/layout/prepare/GNU/Linux/110_include_lvm_code.sh ++++ b/usr/share/rear/layout/prepare/GNU/Linux/110_include_lvm_code.sh +@@ -246,7 +246,7 @@ create_lvmvol() { + local warnraidline + + if [ $is_thin -eq 0 ] ; then +- ifline="if IsInArray $vg \"\${create_logical_volumes[@]}\" && ! \$IsInArray $vg \"\${create_thin_volumes_only[@]}\" ; then" ++ ifline="if IsInArray $vg \"\${create_logical_volumes[@]}\" && ! IsInArray $vg \"\${create_thin_volumes_only[@]}\" ; then" + else + ifline="if IsInArray $vg \"\${create_logical_volumes[@]}\" ; then" + fi diff --git a/rear.spec b/rear.spec index a83036c..9a7d315 100644 --- a/rear.spec +++ b/rear.spec @@ -1,10 +1,9 @@ -%define anolis_release .0.1 %define debug_package %{nil} Summary: Relax-and-Recover is a Linux disaster recovery and system migration tool Name: rear Version: 2.6 -Release: 9%{anolis_release}%{?dist} +Release: 10%{?dist} License: GPLv3 Group: Applications/File URL: http://relax-and-recover.org/ @@ -35,6 +34,11 @@ Patch52: rear-bz2091163.patch Patch53: rear-bz2130945.patch Patch54: rear-bz2131946.patch Patch56: s390-no-clobber-disks.patch +Patch58: rear-device-shrinking-bz2223895.patch +Patch59: rear-usb-uefi-part-size-bz2228402.patch +Patch60: rear-luks-key-bz2228779.patch +Patch61: rear-uefi-usb-secureboot-bz2196445.patch +Patch62: rear-vg-command-not-found-bz2121476.patch ### Dependencies on all distributions BuildRequires: asciidoc @@ -51,8 +55,6 @@ Requires: bc Requires: file Requires: dhcp-client -Provides: /usr/sbin/rear - ### If you require NFS, you may need the below packages #Requires: nfsclient portmap rpcbind @@ -131,14 +133,6 @@ removes any excuse for not having a disaster recovery solution implemented. Professional services and support are available. -%package doc -Summary: Documents for %{name} -BuildArch: noarch -Requires: %{name} = %{version}-%{release} - -%description doc -Doc pages for %{name}. - %pre if [ $1 -gt 1 ] ; then # during upgrade remove obsolete directories @@ -172,6 +166,11 @@ fi %patch53 -p1 %patch54 -p1 %patch56 -p1 +%patch58 -p1 +%patch59 -p1 +%patch60 -p1 +%patch61 -p1 +%patch62 -p1 echo "30 1 * * * root test -f /var/lib/rear/layout/disklayout.conf && /usr/sbin/rear checklayout || /usr/sbin/rear mkrescue" >rear.cron @@ -195,6 +194,8 @@ TZ=UTC %{__make} -C doc %files %defattr(-, root, root, 0755) +%doc MAINTAINERS COPYING README.adoc doc/*.txt doc/user-guide/relax-and-recover-user-guide.html +%doc %{_mandir}/man8/rear.8* %config(noreplace) %{_sysconfdir}/cron.d/rear %config(noreplace) %{_sysconfdir}/rear/ %config(noreplace) %{_sysconfdir}/rear/cert/ @@ -202,13 +203,15 @@ TZ=UTC %{__make} -C doc %{_localstatedir}/lib/rear/ %{_sbindir}/rear -%files doc -%doc MAINTAINERS COPYING README.adoc doc/*.txt doc/user-guide/relax-and-recover-user-guide.html -%doc %{_mandir}/man8/rear.8* - %changelog -* Wed May 31 2023 Xiaoping Liu - 2.6-9.0.1 -- Add doc sub package +* Tue Aug 22 2023 Pavel Cahyna - 2.6-10 +- Apply PR 3027 to ensure correct creation of the rescue environment + when a file is shrinking while being read +- Backport PR 2774 to increase USB_UEFI_PART_SIZE to 1024 MiB +- Apply upstream patch for temp dir usage with LUKS to ensure + that during recovery an encrypted disk can be unlocked using a keyfile +- Backport upstream PR 3031: Secure Boot support for OUTPUT=USB +- Correct a mistake done when backporting PR 2691 * Wed Feb 22 2023 Pavel Cahyna - 2.6-9 - Backport PR2943 to fix s390x dasd formatting -- Gitee From e079e6b04f565cdd0695422996c043ddcfd162f1 Mon Sep 17 00:00:00 2001 From: liuxiaoping Date: Sat, 16 Jul 2022 10:29:09 +0800 Subject: [PATCH 2/2] add doc sub package --- rear.spec | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/rear.spec b/rear.spec index 9a7d315..6d028a0 100644 --- a/rear.spec +++ b/rear.spec @@ -1,9 +1,10 @@ +%define anolis_release .0.1 %define debug_package %{nil} Summary: Relax-and-Recover is a Linux disaster recovery and system migration tool Name: rear Version: 2.6 -Release: 10%{?dist} +Release: 10%{anolis_release}%{?dist} License: GPLv3 Group: Applications/File URL: http://relax-and-recover.org/ @@ -55,6 +56,8 @@ Requires: bc Requires: file Requires: dhcp-client +Provides: /usr/sbin/rear + ### If you require NFS, you may need the below packages #Requires: nfsclient portmap rpcbind @@ -133,6 +136,14 @@ removes any excuse for not having a disaster recovery solution implemented. Professional services and support are available. +%package doc +Summary: Documents for %{name} +BuildArch: noarch +Requires: %{name} = %{version}-%{release} + +%description doc +Doc pages for %{name}. + %pre if [ $1 -gt 1 ] ; then # during upgrade remove obsolete directories @@ -194,8 +205,6 @@ TZ=UTC %{__make} -C doc %files %defattr(-, root, root, 0755) -%doc MAINTAINERS COPYING README.adoc doc/*.txt doc/user-guide/relax-and-recover-user-guide.html -%doc %{_mandir}/man8/rear.8* %config(noreplace) %{_sysconfdir}/cron.d/rear %config(noreplace) %{_sysconfdir}/rear/ %config(noreplace) %{_sysconfdir}/rear/cert/ @@ -203,7 +212,14 @@ TZ=UTC %{__make} -C doc %{_localstatedir}/lib/rear/ %{_sbindir}/rear +%files doc +%doc MAINTAINERS COPYING README.adoc doc/*.txt doc/user-guide/relax-and-recover-user-guide.html +%doc %{_mandir}/man8/rear.8* + %changelog +* Mon Dec 11 2023 Xiaoping Liu - 2.6-10.0.1 +- Add doc sub package + * Tue Aug 22 2023 Pavel Cahyna - 2.6-10 - Apply PR 3027 to ensure correct creation of the rescue environment when a file is shrinking while being read -- Gitee