ALP-pool/kernel-livepatch-tools
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:ALP:Source:Standard:1.0 kernel-livepatch-tools revision 9a01f66af536561b9079b3bd720cf5bb

Browse Source
This commit is contained in:
Adrian Schröter 2024-10-14 15:17:36 +02:00
parent 32ce0bd1ad
commit 92b6dae79f
5 changed files with 96 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cache-cleaner
View File

@ -2,7 +2,10 @@
rm -f /var/cache/livepatch/* rm -f /var/cache/livepatch/*
for module in /sys/kernel/livepatch/*; do for module in /sys/kernel/livepatch/* ; do
# go out when the directory is empty
[ "$module" == '/sys/kernel/livepatch/*' ] && break
/usr/bin/klp store_patch_info "${module#/sys/kernel/livepatch/}" /usr/bin/klp store_patch_info "${module#/sys/kernel/livepatch/}"
done done

28
kernel-livepatch-tools.changes
View File

@ -1,3 +1,31 @@
-------------------------------------------------------------------
Wed Oct 9 13:59:01 UTC 2024 - Petr Mladek <pmladek@suse.com>
- Release version 1.5
-------------------------------------------------------------------
Wed Oct 9 13:46:25 UTC 2024 - Petr Mladek <pmladek@suse.com>
- cache-cleaner: Correctly handle situation when there is no livepatch
loaded (bsc#1231422)
-------------------------------------------------------------------
Wed Oct 9 13:38:50 UTC 2024 - Petr Mladek <pmladek@suse.com>
- klp-info-cache.service: Expand %%{_libexecdir} when setting
ExecStart. The cache-cleaner script has been moved in SL Micro 6.0
(bsc#1231397)
-------------------------------------------------------------------
Wed Oct 9 13:35:00 UTC 2024 - Petr Mladek <pmladek@suse.com>
- klp.sh: Fix downgrade with skipped package version (bsc#1223966)
-------------------------------------------------------------------
Wed Oct 9 13:29:52 UTC 2024 - Petr Mladek <pmladek@suse.com>
- klp.sh: Exit with an error code when downgrade fails (bsc#1223930)
------------------------------------------------------------------- -------------------------------------------------------------------
Tue May 14 14:12:02 UTC 2024 - Petr Mladek <pmladek@suse.com> Tue May 14 14:12:02 UTC 2024 - Petr Mladek <pmladek@suse.com>

8
kernel-livepatch-tools.spec
View File

@ -19,7 +19,7 @@
%define dracutlibdir %{_prefix}/lib/dracut %define dracutlibdir %{_prefix}/lib/dracut
Name: kernel-livepatch-tools Name: kernel-livepatch-tools
Version: 1.4 Version: 1.5
Release: 0 Release: 0
Summary: Scripts for installing kernel live patches Summary: Scripts for installing kernel live patches
License: GPL-2.0-only License: GPL-2.0-only
@ -35,7 +35,7 @@ Source8: COPYING
Source12: sysconfig.livepatching Source12: sysconfig.livepatching
Source13: cache-cleaner Source13: cache-cleaner
Source14: systemd-default-klp.preset Source14: systemd-default-klp.preset
Source15: systemd-klp-info-cache.service Source15: systemd-klp-info-cache.service.in
# compatibility with SLE 12, to be removed in SLE > 15 # compatibility with SLE 12, to be removed in SLE > 15
Source50: kgr.sh Source50: kgr.sh
Source51: kgr.man Source51: kgr.man
@ -66,10 +66,12 @@ packages.
cp %{_sourcedir}/{rpm-helper,dracut-{module-setup,kernel-livepatch}.sh,sysconfig.livepatching} . cp %{_sourcedir}/{rpm-helper,dracut-{module-setup,kernel-livepatch}.sh,sysconfig.livepatching} .
cp %{_sourcedir}/{kernel-livepatch-subpackage,macros.kernel-livepatch} . cp %{_sourcedir}/{kernel-livepatch-subpackage,macros.kernel-livepatch} .
cp %{_sourcedir}/k{lp,gr}.{sh,man} . cp %{_sourcedir}/k{lp,gr}.{sh,man} .
cp %{_sourcedir}/{cache-cleaner,systemd-{default-klp.preset,klp-info-cache.service}} . cp %{_sourcedir}/{cache-cleaner,systemd-{default-klp.preset,klp-info-cache.service.in}} .
cp %{_sourcedir}/COPYING . cp %{_sourcedir}/COPYING .
%build %build
sed -e "s|@_LIBEXECDIR@|%{_libexecdir}|g" \
systemd-klp-info-cache.service.in >systemd-klp-info-cache.service
%install %install
install -D rpm-helper %{buildroot}%{_libexecdir}/kernel-livepatch/rpm-helper install -D rpm-helper %{buildroot}%{_libexecdir}/kernel-livepatch/rpm-helper

84
klp.sh
View File

@ -73,9 +73,17 @@ function klp_check() {
} }
function klp_patches() { function klp_patches() {
local TYPE="$1"
unset PATCHES_FOUND unset PATCHES_FOUND
for d in /sys/kernel/livepatch/*; do for d in /sys/kernel/livepatch/*; do
[ ! -d "$d" ] && continue [ ! -d "$d" ] && continue
if [ "$TYPE" = "active" ] ; then
PATCH_ENABLED=$(cat "$d/enabled" 2>/dev/null)
[ "$PATCH_ENABLED" -ne 1 ] && continue
fi
PATCH_NAME=${d#/sys/kernel/livepatch/} PATCH_NAME=${d#/sys/kernel/livepatch/}
PATCH_MOD=${PATCH_NAME} PATCH_MOD=${PATCH_NAME}
echo "${PATCH_MOD}" echo "${PATCH_MOD}"
@ -191,35 +199,59 @@ function klp_downgrade()
VERBOSE_ORIG="$VERBOSE" VERBOSE_ORIG="$VERBOSE"
unset VERBOSE unset VERBOSE
for patch in $(klp_patches); do ACTIVE_PATCHES=$(klp_patches active)
RPM_FULL_NAME=$(klp_patch_rpm_name "$patch") ACTIVE_PATCHES_NUM=$(echo $ACTIVE_PATCHES | wc -w)
if [ -z "$RPM_FULL_NAME" ]; then if [ "$ACTIVE_PATCHES_NUM" -eq 0 ] ; then
echo "Warning: cannot determine RPM package for $patch" >&2 echo "Error: cannot determine livepatch for downgrade. No active livepatch." >&2
continue exit 1
fi fi
if [ "$ACTIVE_PATCHES_NUM" -gt 1 ] ; then
echo "Error: cannot determine livepatch for downgrade. Too many active livepatches: $ACTIVE_PATCHES" >&2
exit 1
fi
RPM_INFO=$(rpm -q --qf '%{name};%{version}' "$RPM_FULL_NAME") PATCH="$ACTIVE_PATCHES"
RPM_VERSION=${RPM_INFO#*;} RPM_FULL_NAME=$(klp_patch_rpm_name "$PATCH")
RPM_NAME=${RPM_INFO%;*} if [ -z "$RPM_FULL_NAME" ]; then
if [ "$RPM_VERSION" -le 1 ]; then echo "Error: cannot determine RPM package for $PATCH" >&2
echo "$RPM_FULL_NAME is the initial kernel live patch and cannot be downgraded." exit 1
continue fi
fi
ZYPPER_COMMAND="zypper -n in --oldpackage $RPM_NAME = $(($RPM_VERSION-1))" RPM_INFO=$(rpm -q --qf '%{name};%{version}' "$RPM_FULL_NAME")
echo "KLP tool will replace the current kernel live patch with its previous version." RPM_VERSION=${RPM_INFO#*;}
echo "The command for downgrade is: $ZYPPER_COMMAND" RPM_NAME=${RPM_INFO%;*}
if [ -z "$NON_INTERACTIVE" ]; then if [ "$RPM_VERSION" -le 1 ]; then
read -p "Continue? (y/N) " -n 1 -r echo "Error: $RPM_FULL_NAME is the initial kernel live patch and cannot be downgraded."
echo exit 1
else fi
REPLY=Y
fi PREV_RPM_VERSION=$(($RPM_VERSION-1))
if [[ $REPLY =~ ^[Yy]$ ]]; then while [ "$PREV_RPM_VERSION" -gt 0 ] ; do
eval $ZYPPER_COMMAND zypper -n se -x "$RPM_NAME-$PREV_RPM_VERSION" >/dev/null 2>&1
fi [ "$?" -eq 0 ] && break
PREV_RPM_VERSION=$(($PREV_RPM_VERSION-1))
done done
if [ "$PREV_RPM_VERSION" -le 0 ] ; then
echo "Error: cannot find package with lower version. The currently loaded livepatch is from the package: "$RPM_NAME" = "$RPM_VERSION"" >&2
exit 1
fi
ZYPPER_COMMAND="zypper -n in --oldpackage $RPM_NAME = $PREV_RPM_VERSION"
echo "KLP tool will replace the current kernel live patch with its previous version."
echo "The command for downgrade is: $ZYPPER_COMMAND"
if [ -z "$NON_INTERACTIVE" ]; then
read -p "Continue? (y/N) " -n 1 -r
echo
else
REPLY=Y
fi
if [[ $REPLY =~ ^[Yy]$ ]]; then
eval $ZYPPER_COMMAND
exit_val="$?"
[ "$exit_val" -ne 0 ] && exit $exit_val
fi
VERBOSE="$VERBOSE_ORIG" VERBOSE="$VERBOSE_ORIG"
} }
@ -272,7 +304,7 @@ case $1 in
store_patch_info) store_patch_info)
SRCVERSION=$(cat "/sys/module/$2/srcversion") SRCVERSION=$(cat "/sys/module/$2/srcversion")
klp_info_from_rpm $2 > "/var/cache/livepatch/$2-$SRCVERSION" ;; klp_info_from_rpm $2 > "/var/cache/livepatch/$2-$SRCVERSION" ;;
patches) klp_patches ;; patches) klp_patches all ;;
downgrade) klp_downgrade ;; downgrade) klp_downgrade ;;
*) echo "Error: unknown command \`$1'"; exit 1 ;; *) echo "Error: unknown command \`$1'"; exit 1 ;;
esac esac

2
systemd-klp-info-cache.service → systemd-klp-info-cache.service.in
View File

@ -7,7 +7,7 @@ ConditionPathIsReadWrite=/var/cache/livepatch
Type=oneshot Type=oneshot
Nice=19 Nice=19
IOSchedulingClass=idle IOSchedulingClass=idle
ExecStart=/usr/lib/kernel-livepatch/cache-cleaner ExecStart=@_LIBEXECDIR@/kernel-livepatch/cache-cleaner
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target