sync text about secure boot on s390 to be correct (bsc#1219989)

make rubocop happy rubocop rubocop fixed test cases fixed test cases grub2bls grub2bls grub2bls grub2bls grub2bls rubocop rubocop rubocop rubocop rubocop docu added yast-bootloader added yast-bootloader
yast · Nov 13, 2024 · 26b53f4 · 26b53f4
1 parent ac50390
commit 26b53f4
Show file tree

Hide file tree

Showing 11 changed files with 727 additions and 1,074 deletions.
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -80,7 +80,7 @@ Metrics/BlockLength:
 
 # Configuration parameters: CountComments.
 Metrics/MethodLength:
-  Max: 30 # TODO this should be lower for new code
+  Max: 31 # TODO this should be lower for new code
   Include:
     - 'src/lib/**/*.rb' # be more strict for new code in lib
 

diff --git a/README.md b/README.md
@@ -37,6 +37,7 @@ that holds and also can propose the bootloader implementation. So now let's expl
 
 - [GRUB2](https://www.rubydoc.info/github/yast/yast-bootloader/master/Bootloader/Grub2) for legacy booting or emulated grub2 boot like s390x.
 - [GRUB2-EFI](https://www.rubydoc.info/github/yast/yast-bootloader/master/Bootloader/Grub2EFI) for EFI variant of GRUB2 bootloader
+- [GRUB2-BLS](https://www.rubydoc.info/github/yast/yast-bootloader/master/Bootloader/Grub2Bls) bootloader based on Boot Loader Specification(BLS) (for EFI only)
 - [systemd-boot](https://www.rubydoc.info/github/yast/yast-bootloader/master/Bootloader/SystemdBoot) systemd bootloader (for EFI only)
 - [None](https://www.rubydoc.info/github/yast/yast-bootloader/master/Bootloader/NoneBootloader) when YaST does not manage booting
 - [GRUB2 base](https://www.rubydoc.info/github/yast/yast-bootloader/master/Bootloader/Grub2Base) is the shared functionality for both GRUB2 implementations

diff --git a/doc/bootloader_backend.svg b/doc/bootloader_backend.svg
diff --git a/src/lib/bootloader/autoyast_converter.rb b/src/lib/bootloader/autoyast_converter.rb
@@ -34,21 +34,17 @@ def import(data)
         return bootloader if bootloader.name == "none"
 
         case bootloader.name
-        when "grub2"
-          import_grub2(data, bootloader)
-          import_grub2efi(data, bootloader)
-          import_stage1(data, bootloader)
-          import_default(data, bootloader.grub_default)
-          import_device_map(data, bootloader)
-          import_password(data, bootloader)
-          # always nil pmbr as autoyast does not support it yet,
-          # so use nil to always use proposed value (bsc#1081967)
-          bootloader.pmbr_action = nil
-          cpu_mitigations = data.global.cpu_mitigations
-          if cpu_mitigations
-            bootloader.cpu_mitigations = CpuMitigations.from_string(cpu_mitigations)
+        when "grub2", "grub2-efi", "grub2-bls"
+          if ["grub2", "grub2-efi"].include?(bootloader.name)
+            import_grub2(data, bootloader)
+            import_grub2efi(data, bootloader)
+            import_stage1(data, bootloader)
+            import_device_map(data, bootloader)
+            import_password(data, bootloader)
+            # always nil pmbr as autoyast does not support it yet,
+            # so use nil to always use proposed value (bsc#1081967)
+            bootloader.pmbr_action = nil
           end
-        when "grub2-bls"
           import_default(data, bootloader.grub_default)
           cpu_mitigations = data.global.cpu_mitigations
           if cpu_mitigations
@@ -78,15 +74,11 @@ def export(config)
         res["global"] = {}
 
         case config.name
-        when "grub2", "grub2-efi"
+        when "grub2", "grub2-efi", "grub2-bls"
           global = res["global"]
           export_grub2(global, config) if config.name == "grub2"
           export_grub2efi(global, config) if config.name == "grub2-efi"
-          export_default(global, config.grub_default)
-          export_password(global, config.password)
-          res["global"]["cpu_mitigations"] = config.cpu_mitigations.value.to_s
-        when "grub2-bls"
-          global = res["global"]
+          export_password(global, config.password) if ["grub2", "grub2-efi"].include?(config.name)
           export_default(global, config.grub_default)
           res["global"]["cpu_mitigations"] = config.cpu_mitigations.value.to_s
         when "systemd-boot"
@@ -116,7 +108,7 @@ def import_grub2(data, bootloader)
       end
 
       def import_grub2efi(data, bootloader)
-        return unless bootloader.name=="grub2-efi"
+        return unless bootloader.name == "grub2-efi"
 
         GRUB2EFI_BOOLEAN_MAPPING.each do |key, method|
           val = data.global.public_send(key)

diff --git a/src/lib/bootloader/bootloader_base.rb b/src/lib/bootloader/bootloader_base.rb
@@ -11,7 +11,11 @@
 module Bootloader
   # Represents base for all kinds of bootloaders
   class BootloaderBase
+    include Yast::I18n
+
     def initialize
+      textdomain "bootloader"
+
       @read = false
       @proposed = false
       @initial_sysconfig = Sysconfig.from_system

diff --git a/src/lib/bootloader/grub2bls.rb b/src/lib/bootloader/grub2bls.rb
@@ -147,7 +147,7 @@ def read_menu_timeout
     end
 
     def write_menu_timeout
-      ret = Yast::Execute.on_target("/usr/bin/sdbootutil",
+      ret = Yast::Execute.on_target(SDBOOTUTIL,
         "set-timeout",
         grub_default.timeout,
         allowed_exitstatus: [0, 1])

diff --git a/src/lib/bootloader/proposal_client.rb b/src/lib/bootloader/proposal_client.rb
@@ -381,10 +381,15 @@ def single_click_action(option, value)
         bootloader.secure_boot = value
         if value && Yast::Arch.s390
           Yast2::Popup.show(
+            # text is identical like one in grub2_widgets. Keep in sync!
+            # TRANSLATORS: IPL stands for Initial Program Load, IBM speak for system boot
             _(
-              "The new secure-boot enabled boot data format works only on z15 " \
-              "and later and only for zFCP disks.\n\n" \
-              "The system does not boot if these requirements are not met."
+              "Secure boot IPL has the following minimum system requirements,\n" \
+              "depending on the boot device to be IPLed:\n" \
+              "NVMe disk: IBM LinuxONE III or newer.\n" \
+              "FC-attached SCSI disk: IBM LinuxONE III, IBM z15 or newer.\n" \
+              "ECKD DASD with CDL layout: IBM z16, LinuxONE 4 or newer.\n" \
+              "If these requirements are not met, the system can be IPLed in non-secure mode only."
             ),
             headline: :warning, buttons: :ok
           )

diff --git a/test/bls_sections_test.rb b/test/bls_sections_test.rb
@@ -0,0 +1,76 @@
+#! /usr/bin/env rspec --format doc
+# frozen_string_literal: true
+
+require_relative "./test_helper"
+
+require "bootloader/bls_sections"
+require "cfa/memory_file"
+
+describe Bootloader::BlsSections do
+
+  before do
+    allow(Yast::Misc).to receive(:CustomSysconfigRead)
+      .with("ID_LIKE", "openSUSE", "/etc/os-release")
+      .and_return("openSUSE")
+  end
+
+  describe "#read" do
+    before do
+      allow(Yast::Execute).to receive(:on_target)
+        .with("/usr/bin/bootctl", "--json=short", "list", stdout: :capture)
+        .and_return("[{\"title\" : \"openSUSE Tumbleweed\", \"isDefault\" : true }," \
+                    "{\"title\" : \"Snapper: *openSUSE Tumbleweed 20241107\", \"isDefault\" : false}]")
+      allow(Yast::Misc).to receive(:CustomSysconfigRead)
+        .with("default", "", "/boot/efi/EFI/openSUSE/grubenv")
+        .and_return("openSUSE Tumbleweed")
+      subject.read
+    end
+
+    it "returns list of all available sections" do
+      expect(subject.all).to eq(["openSUSE Tumbleweed", "Snapper: *openSUSE Tumbleweed 20241107"])
+    end
+
+    it "reads default menu entry" do
+      expect(subject.default).to eq("openSUSE Tumbleweed")
+    end
+  end
+
+  describe "#default=" do
+    before do
+      allow(Yast::Execute).to receive(:on_target)
+        .with("/usr/bin/bootctl", "--json=short", "list", stdout: :capture)
+        .and_return("[{\"title\" : \"openSUSE Tumbleweed\", \"isDefault\" : true }," \
+                    "{\"title\" : \"Snapper: *openSUSE Tumbleweed 20241107\", \"isDefault\" : false}]")
+      allow(Yast::Misc).to receive(:CustomSysconfigRead)
+        .with("default", "", "/boot/efi/EFI/openSUSE/grubenv")
+        .and_return("openSUSE Tumbleweed")
+      subject.read
+    end
+    it "sets new value for default" do
+      subject.default = "Snapper: *openSUSE Tumbleweed 20241107"
+      expect(subject.default).to eq "Snapper: *openSUSE Tumbleweed 20241107"
+    end
+
+    it "sets default to empty if section do not exists" do
+      subject.default = "non-exist"
+      expect(subject.default).to eq ""
+    end
+  end
+
+  describe "#write" do
+    it "writes default value if set" do
+      subject.default = "Snapper: *openSUSE Tumbleweed 20241107"
+      expect(Yast::Execute).to receive(:on_target)
+        .with("/usr/bin/sdbootutil", "set-default", subject.default, { :allowed_exitstatus=>[0, 1] })
+      subject.write
+    end
+
+    it "does not write default value if not set" do
+      subject.default = ""
+      expect(Yast::Execute).to_not receive(:on_target)
+        .with("/usr/bin/sdbootutil", "set-default", subject.default, { :allowed_exitstatus=>[0, 1] })
+      subject.write
+    end
+
+  end
+end
diff --git a/test/boot_support_test.rb b/test/boot_support_test.rb
@@ -42,6 +42,13 @@
         expect(subject.SystemSupported).to eq false
       end
 
+      it "returns false if grub2-bls is used and UEFI is not supported" do
+        Bootloader::BootloaderFactory.current_name = "grub2-bls"
+        allow(subject).to receive(:efi?).and_return(false)
+
+        expect(subject.SystemSupported).to eq false
+      end
+
       it "returns false if systemd-boot is used and UEFI is not supported" do
         Bootloader::BootloaderFactory.current_name = "systemd-boot"
         allow(subject).to receive(:efi?).and_return(false)

diff --git a/test/bootloader_factory_test.rb b/test/bootloader_factory_test.rb
@@ -38,15 +38,15 @@
           allow(Yast::ProductFeatures).to receive(:GetBooleanFeature).with("globals", "enable_systemd_boot").and_return(true)
         end
         it "returns systemd-boot in the list" do
-          expect(Bootloader::BootloaderFactory.supported_names).to eq ["grub2", "grub2-efi", "systemd-boot", "none"]
+          expect(Bootloader::BootloaderFactory.supported_names).to eq ["grub2", "grub2-efi", "grub2-bls", "systemd-boot", "none"]
         end
       end
       context "product does not support systemd-boot" do
         before do
           allow(Yast::ProductFeatures).to receive(:GetBooleanFeature).with("globals", "enable_systemd_boot").and_return(false)
         end
         it "does not include systemd-boot in the list" do
-          expect(Bootloader::BootloaderFactory.supported_names).to eq ["grub2", "grub2-efi", "none"]
+          expect(Bootloader::BootloaderFactory.supported_names).to eq ["grub2", "grub2-efi", "grub2-bls", "none"]
         end
       end
     end
@@ -61,15 +61,15 @@
           allow(Yast::ProductFeatures).to receive(:GetBooleanFeature).with("globals", "enable_systemd_boot").and_return(true)
         end
         it "does not include grub2 in the list" do
-          expect(Bootloader::BootloaderFactory.supported_names).to eq ["grub2-efi", "systemd-boot", "none"]
+          expect(Bootloader::BootloaderFactory.supported_names).to eq ["grub2-efi", "grub2-bls", "systemd-boot", "none"]
         end
       end
       context "product does not support systemd-boot" do
         before do
           allow(Yast::ProductFeatures).to receive(:GetBooleanFeature).with("globals", "enable_systemd_boot").and_return(false)
         end
         it "does not include systemd-boot and grub2 in the list" do
-          expect(Bootloader::BootloaderFactory.supported_names).to eq ["grub2-efi", "none"]
+          expect(Bootloader::BootloaderFactory.supported_names).to eq ["grub2-efi", "grub2-bls", "none"]
         end
       end
     end