diff --git a/cache-cleaner b/cache-cleaner index 552244b..256b5a8 100644 --- a/cache-cleaner +++ b/cache-cleaner @@ -2,7 +2,10 @@ rm -f /var/cache/livepatch/* -for module in /sys/kernel/livepatch/*; do +for module in /sys/kernel/livepatch/* ; do + # go out when the directory is empty + [ "$module" == '/sys/kernel/livepatch/*' ] && break + /usr/bin/klp store_patch_info "${module#/sys/kernel/livepatch/}" done diff --git a/kernel-livepatch-subpackage b/kernel-livepatch-subpackage index 0145f0e..5661bb8 100644 --- a/kernel-livepatch-subpackage +++ b/kernel-livepatch-subpackage @@ -3,7 +3,9 @@ Release: %{-r*} Summary: %summary Group: %group +%if 0%{?suse_version} < 1600 Supplements: packageand(%3:kernel-livepatch-tools) +%endif Requires: coreutils grep Requires: %3 Requires(post): kernel-livepatch-tools >= 1.2 diff --git a/kernel-livepatch-tools.changes b/kernel-livepatch-tools.changes index 3c89c1b..80f6520 100644 --- a/kernel-livepatch-tools.changes +++ b/kernel-livepatch-tools.changes @@ -1,3 +1,54 @@ +------------------------------------------------------------------- +Fri Jan 31 10:10:30 UTC 2025 - Petr Mladek + +- Release version 1.6 + +------------------------------------------------------------------- +Thu Jan 30 15:48:33 UTC 2025 - Petr Mladek + +- Improve the description of the LIVEPATCH_KERNEL sysconfig variable + (bsc#1236642) + +------------------------------------------------------------------- +Wed Jan 29 13:20:55 UTC 2025 - Petr Mladek + +- Use dracut to regenerate initrd when "mkinitrd" can't be + found (bsc#1234757) + +------------------------------------------------------------------- +Tue Jan 28 14:14:13 UTC 2025 - Petr Mladek + +- Remove week dependencies on SLE16+ to unify the behavior on + SLES, SLES Minimal, and SL Micro (bsc#1219966) + +------------------------------------------------------------------- +Wed Oct 9 13:59:01 UTC 2024 - Petr Mladek + +- Release version 1.5 + +------------------------------------------------------------------- +Wed Oct 9 13:46:25 UTC 2024 - Petr Mladek + +- cache-cleaner: Correctly handle situation when there is no livepatch + loaded (bsc#1231422) + +------------------------------------------------------------------- +Wed Oct 9 13:38:50 UTC 2024 - Petr Mladek + +- klp-info-cache.service: Expand %%{_libexecdir} when setting + ExecStart. The cache-cleaner script has been moved in SL Micro 6.0 + (bsc#1231397) + +------------------------------------------------------------------- +Wed Oct 9 13:35:00 UTC 2024 - Petr Mladek + +- klp.sh: Fix downgrade with skipped package version (bsc#1223966) + +------------------------------------------------------------------- +Wed Oct 9 13:29:52 UTC 2024 - Petr Mladek + +- klp.sh: Exit with an error code when downgrade fails (bsc#1223930) + ------------------------------------------------------------------- Tue May 14 14:12:02 UTC 2024 - Petr Mladek diff --git a/kernel-livepatch-tools.spec b/kernel-livepatch-tools.spec index abb97dc..9246ba5 100644 --- a/kernel-livepatch-tools.spec +++ b/kernel-livepatch-tools.spec @@ -19,7 +19,7 @@ %define dracutlibdir %{_prefix}/lib/dracut Name: kernel-livepatch-tools -Version: 1.4 +Version: 1.6 Release: 0 Summary: Scripts for installing kernel live patches License: GPL-2.0-only @@ -35,7 +35,7 @@ Source8: COPYING Source12: sysconfig.livepatching Source13: cache-cleaner Source14: systemd-default-klp.preset -Source15: systemd-klp-info-cache.service +Source15: systemd-klp-info-cache.service.in # compatibility with SLE 12, to be removed in SLE > 15 Source50: kgr.sh Source51: kgr.man @@ -66,10 +66,12 @@ packages. cp %{_sourcedir}/{rpm-helper,dracut-{module-setup,kernel-livepatch}.sh,sysconfig.livepatching} . cp %{_sourcedir}/{kernel-livepatch-subpackage,macros.kernel-livepatch} . cp %{_sourcedir}/k{lp,gr}.{sh,man} . -cp %{_sourcedir}/{cache-cleaner,systemd-{default-klp.preset,klp-info-cache.service}} . +cp %{_sourcedir}/{cache-cleaner,systemd-{default-klp.preset,klp-info-cache.service.in}} . cp %{_sourcedir}/COPYING . %build +sed -e "s|@_LIBEXECDIR@|%{_libexecdir}|g" \ + systemd-klp-info-cache.service.in >systemd-klp-info-cache.service %install install -D rpm-helper %{buildroot}%{_libexecdir}/kernel-livepatch/rpm-helper diff --git a/klp.sh b/klp.sh index 3e117c9..4382615 100644 --- a/klp.sh +++ b/klp.sh @@ -73,9 +73,17 @@ function klp_check() { } function klp_patches() { + local TYPE="$1" + unset PATCHES_FOUND for d in /sys/kernel/livepatch/*; do [ ! -d "$d" ] && continue + + if [ "$TYPE" = "active" ] ; then + PATCH_ENABLED=$(cat "$d/enabled" 2>/dev/null) + [ "$PATCH_ENABLED" -ne 1 ] && continue + fi + PATCH_NAME=${d#/sys/kernel/livepatch/} PATCH_MOD=${PATCH_NAME} echo "${PATCH_MOD}" @@ -191,35 +199,59 @@ function klp_downgrade() VERBOSE_ORIG="$VERBOSE" unset VERBOSE - for patch in $(klp_patches); do - RPM_FULL_NAME=$(klp_patch_rpm_name "$patch") - if [ -z "$RPM_FULL_NAME" ]; then - echo "Warning: cannot determine RPM package for $patch" >&2 - continue - fi + ACTIVE_PATCHES=$(klp_patches active) + ACTIVE_PATCHES_NUM=$(echo $ACTIVE_PATCHES | wc -w) + if [ "$ACTIVE_PATCHES_NUM" -eq 0 ] ; then + echo "Error: cannot determine livepatch for downgrade. No active livepatch." >&2 + exit 1 + fi + if [ "$ACTIVE_PATCHES_NUM" -gt 1 ] ; then + echo "Error: cannot determine livepatch for downgrade. Too many active livepatches: $ACTIVE_PATCHES" >&2 + exit 1 + fi - RPM_INFO=$(rpm -q --qf '%{name};%{version}' "$RPM_FULL_NAME") - RPM_VERSION=${RPM_INFO#*;} - RPM_NAME=${RPM_INFO%;*} - if [ "$RPM_VERSION" -le 1 ]; then - echo "$RPM_FULL_NAME is the initial kernel live patch and cannot be downgraded." - continue - fi + PATCH="$ACTIVE_PATCHES" + RPM_FULL_NAME=$(klp_patch_rpm_name "$PATCH") + if [ -z "$RPM_FULL_NAME" ]; then + echo "Error: cannot determine RPM package for $PATCH" >&2 + exit 1 + fi - ZYPPER_COMMAND="zypper -n in --oldpackage $RPM_NAME = $(($RPM_VERSION-1))" - echo "KLP tool will replace the current kernel live patch with its previous version." - echo "The command for downgrade is: $ZYPPER_COMMAND" - if [ -z "$NON_INTERACTIVE" ]; then - read -p "Continue? (y/N) " -n 1 -r - echo - else - REPLY=Y - fi - if [[ $REPLY =~ ^[Yy]$ ]]; then - eval $ZYPPER_COMMAND - fi + RPM_INFO=$(rpm -q --qf '%{name};%{version}' "$RPM_FULL_NAME") + RPM_VERSION=${RPM_INFO#*;} + RPM_NAME=${RPM_INFO%;*} + if [ "$RPM_VERSION" -le 1 ]; then + echo "Error: $RPM_FULL_NAME is the initial kernel live patch and cannot be downgraded." + exit 1 + fi + + PREV_RPM_VERSION=$(($RPM_VERSION-1)) + while [ "$PREV_RPM_VERSION" -gt 0 ] ; do + zypper -n se -x "$RPM_NAME-$PREV_RPM_VERSION" >/dev/null 2>&1 + [ "$?" -eq 0 ] && break + PREV_RPM_VERSION=$(($PREV_RPM_VERSION-1)) done + if [ "$PREV_RPM_VERSION" -le 0 ] ; then + echo "Error: cannot find package with lower version. The currently loaded livepatch is from the package: "$RPM_NAME" = "$RPM_VERSION"" >&2 + exit 1 + fi + + ZYPPER_COMMAND="zypper -n in --oldpackage $RPM_NAME = $PREV_RPM_VERSION" + echo "KLP tool will replace the current kernel live patch with its previous version." + echo "The command for downgrade is: $ZYPPER_COMMAND" + if [ -z "$NON_INTERACTIVE" ]; then + read -p "Continue? (y/N) " -n 1 -r + echo + else + REPLY=Y + fi + if [[ $REPLY =~ ^[Yy]$ ]]; then + eval $ZYPPER_COMMAND + exit_val="$?" + [ "$exit_val" -ne 0 ] && exit $exit_val + fi + VERBOSE="$VERBOSE_ORIG" } @@ -272,7 +304,7 @@ case $1 in store_patch_info) SRCVERSION=$(cat "/sys/module/$2/srcversion") klp_info_from_rpm $2 > "/var/cache/livepatch/$2-$SRCVERSION" ;; - patches) klp_patches ;; + patches) klp_patches all ;; downgrade) klp_downgrade ;; *) echo "Error: unknown command \`$1'"; exit 1 ;; esac diff --git a/rpm-helper b/rpm-helper index 51bcea6..571a425 100644 --- a/rpm-helper +++ b/rpm-helper @@ -59,14 +59,20 @@ refresh_initrd() break fi done + if test -z "$image"; then return fi - if test "$1" = "--force"; then - /sbin/mkinitrd -k "/boot/$image-$KREL" -i "/boot/initrd-$KREL" - else + + if test "$1" != "--force"; then mkdir -p /var/run/regenerate-initrd touch "/var/run/regenerate-initrd/$image-$KREL" + elif test -x /sbin/mkinitrd ; then + /sbin/mkinitrd -k "/boot/$image-$KREL" -i "/boot/initrd-$KREL" + elif test -x /usr/bin/dracut ; then + /usr/bin/dracut --force --kver "$KREL" + else + echo "[klp]: Does not know how to regenerate initrd." fi } diff --git a/sysconfig.livepatching b/sysconfig.livepatching index a19679a..3a2cc59 100644 --- a/sysconfig.livepatching +++ b/sysconfig.livepatching @@ -1,10 +1,14 @@ ## Path: System/Live Patching ## Description: Configuration of the system live patch deployment - ## Type: string ## Default: "auto" -# Controls whether kernel live patches should be loaded into -# kernel during live patch RPM package installation. The valid -# settings are "always", "never" and "auto". +# +# This setting controls whether kernel live patches are loaded +# during the installation of the live patch RPM package. +# +# The valid settings are "always", "never", and "auto". +# Specifically, "auto" functions as "never" on systems using +# transactional update and as "always" on other systems." +# LIVEPATCH_KERNEL='auto' diff --git a/systemd-klp-info-cache.service b/systemd-klp-info-cache.service.in similarity index 79% rename from systemd-klp-info-cache.service rename to systemd-klp-info-cache.service.in index a87cfea..cfc1b02 100644 --- a/systemd-klp-info-cache.service +++ b/systemd-klp-info-cache.service.in @@ -7,7 +7,7 @@ ConditionPathIsReadWrite=/var/cache/livepatch Type=oneshot Nice=19 IOSchedulingClass=idle -ExecStart=/usr/lib/kernel-livepatch/cache-cleaner +ExecStart=@_LIBEXECDIR@/kernel-livepatch/cache-cleaner [Install] WantedBy=multi-user.target