Sync from SUSE:ALP:Source:Standard:1.0 kernel-livepatch-tools revision 9a01f66af536561b9079b3bd720cf5bb

This commit is contained in:
Adrian Schröter 2024-10-14 15:17:36 +02:00
parent 32ce0bd1ad
commit 92b6dae79f
5 changed files with 96 additions and 31 deletions

View File

@ -2,7 +2,10 @@
rm -f /var/cache/livepatch/*
for module in /sys/kernel/livepatch/*; do
for module in /sys/kernel/livepatch/* ; do
# go out when the directory is empty
[ "$module" == '/sys/kernel/livepatch/*' ] && break
/usr/bin/klp store_patch_info "${module#/sys/kernel/livepatch/}"
done

View File

@ -1,3 +1,31 @@
-------------------------------------------------------------------
Wed Oct 9 13:59:01 UTC 2024 - Petr Mladek <pmladek@suse.com>
- Release version 1.5
-------------------------------------------------------------------
Wed Oct 9 13:46:25 UTC 2024 - Petr Mladek <pmladek@suse.com>
- cache-cleaner: Correctly handle situation when there is no livepatch
loaded (bsc#1231422)
-------------------------------------------------------------------
Wed Oct 9 13:38:50 UTC 2024 - Petr Mladek <pmladek@suse.com>
- klp-info-cache.service: Expand %%{_libexecdir} when setting
ExecStart. The cache-cleaner script has been moved in SL Micro 6.0
(bsc#1231397)
-------------------------------------------------------------------
Wed Oct 9 13:35:00 UTC 2024 - Petr Mladek <pmladek@suse.com>
- klp.sh: Fix downgrade with skipped package version (bsc#1223966)
-------------------------------------------------------------------
Wed Oct 9 13:29:52 UTC 2024 - Petr Mladek <pmladek@suse.com>
- klp.sh: Exit with an error code when downgrade fails (bsc#1223930)
-------------------------------------------------------------------
Tue May 14 14:12:02 UTC 2024 - Petr Mladek <pmladek@suse.com>

View File

@ -19,7 +19,7 @@
%define dracutlibdir %{_prefix}/lib/dracut
Name: kernel-livepatch-tools
Version: 1.4
Version: 1.5
Release: 0
Summary: Scripts for installing kernel live patches
License: GPL-2.0-only
@ -35,7 +35,7 @@ Source8: COPYING
Source12: sysconfig.livepatching
Source13: cache-cleaner
Source14: systemd-default-klp.preset
Source15: systemd-klp-info-cache.service
Source15: systemd-klp-info-cache.service.in
# compatibility with SLE 12, to be removed in SLE > 15
Source50: kgr.sh
Source51: kgr.man
@ -66,10 +66,12 @@ packages.
cp %{_sourcedir}/{rpm-helper,dracut-{module-setup,kernel-livepatch}.sh,sysconfig.livepatching} .
cp %{_sourcedir}/{kernel-livepatch-subpackage,macros.kernel-livepatch} .
cp %{_sourcedir}/k{lp,gr}.{sh,man} .
cp %{_sourcedir}/{cache-cleaner,systemd-{default-klp.preset,klp-info-cache.service}} .
cp %{_sourcedir}/{cache-cleaner,systemd-{default-klp.preset,klp-info-cache.service.in}} .
cp %{_sourcedir}/COPYING .
%build
sed -e "s|@_LIBEXECDIR@|%{_libexecdir}|g" \
systemd-klp-info-cache.service.in >systemd-klp-info-cache.service
%install
install -D rpm-helper %{buildroot}%{_libexecdir}/kernel-livepatch/rpm-helper

84
klp.sh
View File

@ -73,9 +73,17 @@ function klp_check() {
}
function klp_patches() {
local TYPE="$1"
unset PATCHES_FOUND
for d in /sys/kernel/livepatch/*; do
[ ! -d "$d" ] && continue
if [ "$TYPE" = "active" ] ; then
PATCH_ENABLED=$(cat "$d/enabled" 2>/dev/null)
[ "$PATCH_ENABLED" -ne 1 ] && continue
fi
PATCH_NAME=${d#/sys/kernel/livepatch/}
PATCH_MOD=${PATCH_NAME}
echo "${PATCH_MOD}"
@ -191,35 +199,59 @@ function klp_downgrade()
VERBOSE_ORIG="$VERBOSE"
unset VERBOSE
for patch in $(klp_patches); do
RPM_FULL_NAME=$(klp_patch_rpm_name "$patch")
if [ -z "$RPM_FULL_NAME" ]; then
echo "Warning: cannot determine RPM package for $patch" >&2
continue
fi
ACTIVE_PATCHES=$(klp_patches active)
ACTIVE_PATCHES_NUM=$(echo $ACTIVE_PATCHES | wc -w)
if [ "$ACTIVE_PATCHES_NUM" -eq 0 ] ; then
echo "Error: cannot determine livepatch for downgrade. No active livepatch." >&2
exit 1
fi
if [ "$ACTIVE_PATCHES_NUM" -gt 1 ] ; then
echo "Error: cannot determine livepatch for downgrade. Too many active livepatches: $ACTIVE_PATCHES" >&2
exit 1
fi
RPM_INFO=$(rpm -q --qf '%{name};%{version}' "$RPM_FULL_NAME")
RPM_VERSION=${RPM_INFO#*;}
RPM_NAME=${RPM_INFO%;*}
if [ "$RPM_VERSION" -le 1 ]; then
echo "$RPM_FULL_NAME is the initial kernel live patch and cannot be downgraded."
continue
fi
PATCH="$ACTIVE_PATCHES"
RPM_FULL_NAME=$(klp_patch_rpm_name "$PATCH")
if [ -z "$RPM_FULL_NAME" ]; then
echo "Error: cannot determine RPM package for $PATCH" >&2
exit 1
fi
ZYPPER_COMMAND="zypper -n in --oldpackage $RPM_NAME = $(($RPM_VERSION-1))"
echo "KLP tool will replace the current kernel live patch with its previous version."
echo "The command for downgrade is: $ZYPPER_COMMAND"
if [ -z "$NON_INTERACTIVE" ]; then
read -p "Continue? (y/N) " -n 1 -r
echo
else
REPLY=Y
fi
if [[ $REPLY =~ ^[Yy]$ ]]; then
eval $ZYPPER_COMMAND
fi
RPM_INFO=$(rpm -q --qf '%{name};%{version}' "$RPM_FULL_NAME")
RPM_VERSION=${RPM_INFO#*;}
RPM_NAME=${RPM_INFO%;*}
if [ "$RPM_VERSION" -le 1 ]; then
echo "Error: $RPM_FULL_NAME is the initial kernel live patch and cannot be downgraded."
exit 1
fi
PREV_RPM_VERSION=$(($RPM_VERSION-1))
while [ "$PREV_RPM_VERSION" -gt 0 ] ; do
zypper -n se -x "$RPM_NAME-$PREV_RPM_VERSION" >/dev/null 2>&1
[ "$?" -eq 0 ] && break
PREV_RPM_VERSION=$(($PREV_RPM_VERSION-1))
done
if [ "$PREV_RPM_VERSION" -le 0 ] ; then
echo "Error: cannot find package with lower version. The currently loaded livepatch is from the package: "$RPM_NAME" = "$RPM_VERSION"" >&2
exit 1
fi
ZYPPER_COMMAND="zypper -n in --oldpackage $RPM_NAME = $PREV_RPM_VERSION"
echo "KLP tool will replace the current kernel live patch with its previous version."
echo "The command for downgrade is: $ZYPPER_COMMAND"
if [ -z "$NON_INTERACTIVE" ]; then
read -p "Continue? (y/N) " -n 1 -r
echo
else
REPLY=Y
fi
if [[ $REPLY =~ ^[Yy]$ ]]; then
eval $ZYPPER_COMMAND
exit_val="$?"
[ "$exit_val" -ne 0 ] && exit $exit_val
fi
VERBOSE="$VERBOSE_ORIG"
}
@ -272,7 +304,7 @@ case $1 in
store_patch_info)
SRCVERSION=$(cat "/sys/module/$2/srcversion")
klp_info_from_rpm $2 > "/var/cache/livepatch/$2-$SRCVERSION" ;;
patches) klp_patches ;;
patches) klp_patches all ;;
downgrade) klp_downgrade ;;
*) echo "Error: unknown command \`$1'"; exit 1 ;;
esac

View File

@ -7,7 +7,7 @@ ConditionPathIsReadWrite=/var/cache/livepatch
Type=oneshot
Nice=19
IOSchedulingClass=idle
ExecStart=/usr/lib/kernel-livepatch/cache-cleaner
ExecStart=@_LIBEXECDIR@/kernel-livepatch/cache-cleaner
[Install]
WantedBy=multi-user.target