SLFO-pool/kernel-livepatch-tools
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main kernel-livepatch-tools revision e1af59bfd8108efc5ce32279e5432a3d

Browse Source
This commit is contained in:
Adrian Schröter 2025-02-07 18:09:59 +01:00
parent e79fb77957
commit 76388a604c
8 changed files with 138 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cache-cleaner
View File

@ -3,6 +3,9 @@
rm -f /var/cache/livepatch/* rm -f /var/cache/livepatch/*
for module in /sys/kernel/livepatch/* ; do for module in /sys/kernel/livepatch/* ; do
# go out when the directory is empty
[ "$module" == '/sys/kernel/livepatch/*' ] && break
/usr/bin/klp store_patch_info "${module#/sys/kernel/livepatch/}" /usr/bin/klp store_patch_info "${module#/sys/kernel/livepatch/}"
done done

2
kernel-livepatch-subpackage
View File

@ -3,7 +3,9 @@
Release: %{-r*} Release: %{-r*}
Summary: %summary Summary: %summary
Group: %group Group: %group
%if 0%{?suse_version} < 1600
Supplements: packageand(%3:kernel-livepatch-tools) Supplements: packageand(%3:kernel-livepatch-tools)
%endif
Requires: coreutils grep Requires: coreutils grep
Requires: %3 Requires: %3
Requires(post): kernel-livepatch-tools >= 1.2 Requires(post): kernel-livepatch-tools >= 1.2

51
kernel-livepatch-tools.changes
View File

@ -1,3 +1,54 @@
-------------------------------------------------------------------
Fri Jan 31 10:10:30 UTC 2025 - Petr Mladek <pmladek@suse.com>
- Release version 1.6
-------------------------------------------------------------------
Thu Jan 30 15:48:33 UTC 2025 - Petr Mladek <pmladek@suse.com>
- Improve the description of the LIVEPATCH_KERNEL sysconfig variable
(bsc#1236642)
-------------------------------------------------------------------
Wed Jan 29 13:20:55 UTC 2025 - Petr Mladek <pmladek@suse.com>
- Use dracut to regenerate initrd when "mkinitrd" can't be
found (bsc#1234757)
-------------------------------------------------------------------
Tue Jan 28 14:14:13 UTC 2025 - Petr Mladek <pmladek@suse.com>
- Remove week dependencies on SLE16+ to unify the behavior on
SLES, SLES Minimal, and SL Micro (bsc#1219966)
-------------------------------------------------------------------
Wed Oct 9 13:59:01 UTC 2024 - Petr Mladek <pmladek@suse.com>
- Release version 1.5
-------------------------------------------------------------------
Wed Oct 9 13:46:25 UTC 2024 - Petr Mladek <pmladek@suse.com>
- cache-cleaner: Correctly handle situation when there is no livepatch
loaded (bsc#1231422)
-------------------------------------------------------------------
Wed Oct 9 13:38:50 UTC 2024 - Petr Mladek <pmladek@suse.com>
- klp-info-cache.service: Expand %%{_libexecdir} when setting
ExecStart. The cache-cleaner script has been moved in SL Micro 6.0
(bsc#1231397)
-------------------------------------------------------------------
Wed Oct 9 13:35:00 UTC 2024 - Petr Mladek <pmladek@suse.com>
- klp.sh: Fix downgrade with skipped package version (bsc#1223966)
-------------------------------------------------------------------
Wed Oct 9 13:29:52 UTC 2024 - Petr Mladek <pmladek@suse.com>
- klp.sh: Exit with an error code when downgrade fails (bsc#1223930)
------------------------------------------------------------------- -------------------------------------------------------------------
Tue May 14 14:12:02 UTC 2024 - Petr Mladek <pmladek@suse.com> Tue May 14 14:12:02 UTC 2024 - Petr Mladek <pmladek@suse.com>

8
kernel-livepatch-tools.spec
View File

@ -19,7 +19,7 @@
%define dracutlibdir %{_prefix}/lib/dracut %define dracutlibdir %{_prefix}/lib/dracut
Name: kernel-livepatch-tools Name: kernel-livepatch-tools
Version: 1.4 Version: 1.6
Release: 0 Release: 0
Summary: Scripts for installing kernel live patches Summary: Scripts for installing kernel live patches
License: GPL-2.0-only License: GPL-2.0-only
@ -35,7 +35,7 @@ Source8: COPYING
Source12: sysconfig.livepatching Source12: sysconfig.livepatching
Source13: cache-cleaner Source13: cache-cleaner
Source14: systemd-default-klp.preset Source14: systemd-default-klp.preset
Source15: systemd-klp-info-cache.service Source15: systemd-klp-info-cache.service.in
# compatibility with SLE 12, to be removed in SLE > 15 # compatibility with SLE 12, to be removed in SLE > 15
Source50: kgr.sh Source50: kgr.sh
Source51: kgr.man Source51: kgr.man
@ -66,10 +66,12 @@ packages.
cp %{_sourcedir}/{rpm-helper,dracut-{module-setup,kernel-livepatch}.sh,sysconfig.livepatching} . cp %{_sourcedir}/{rpm-helper,dracut-{module-setup,kernel-livepatch}.sh,sysconfig.livepatching} .
cp %{_sourcedir}/{kernel-livepatch-subpackage,macros.kernel-livepatch} . cp %{_sourcedir}/{kernel-livepatch-subpackage,macros.kernel-livepatch} .
cp %{_sourcedir}/k{lp,gr}.{sh,man} . cp %{_sourcedir}/k{lp,gr}.{sh,man} .
cp %{_sourcedir}/{cache-cleaner,systemd-{default-klp.preset,klp-info-cache.service}} . cp %{_sourcedir}/{cache-cleaner,systemd-{default-klp.preset,klp-info-cache.service.in}} .
cp %{_sourcedir}/COPYING . cp %{_sourcedir}/COPYING .
%build %build
sed -e "s|@_LIBEXECDIR@|%{_libexecdir}|g" \
systemd-klp-info-cache.service.in >systemd-klp-info-cache.service
%install %install
install -D rpm-helper %{buildroot}%{_libexecdir}/kernel-livepatch/rpm-helper install -D rpm-helper %{buildroot}%{_libexecdir}/kernel-livepatch/rpm-helper

50
klp.sh
View File

@ -73,9 +73,17 @@ function klp_check() {
} }
function klp_patches() { function klp_patches() {
local TYPE="$1"
unset PATCHES_FOUND unset PATCHES_FOUND
for d in /sys/kernel/livepatch/*; do for d in /sys/kernel/livepatch/*; do
[ ! -d "$d" ] && continue [ ! -d "$d" ] && continue
if [ "$TYPE" = "active" ] ; then
PATCH_ENABLED=$(cat "$d/enabled" 2>/dev/null)
[ "$PATCH_ENABLED" -ne 1 ] && continue
fi
PATCH_NAME=${d#/sys/kernel/livepatch/} PATCH_NAME=${d#/sys/kernel/livepatch/}
PATCH_MOD=${PATCH_NAME} PATCH_MOD=${PATCH_NAME}
echo "${PATCH_MOD}" echo "${PATCH_MOD}"
@ -191,22 +199,45 @@ function klp_downgrade()
VERBOSE_ORIG="$VERBOSE" VERBOSE_ORIG="$VERBOSE"
unset VERBOSE unset VERBOSE
for patch in $(klp_patches); do ACTIVE_PATCHES=$(klp_patches active)
RPM_FULL_NAME=$(klp_patch_rpm_name "$patch") ACTIVE_PATCHES_NUM=$(echo $ACTIVE_PATCHES | wc -w)
if [ "$ACTIVE_PATCHES_NUM" -eq 0 ] ; then
echo "Error: cannot determine livepatch for downgrade. No active livepatch." >&2
exit 1
fi
if [ "$ACTIVE_PATCHES_NUM" -gt 1 ] ; then
echo "Error: cannot determine livepatch for downgrade. Too many active livepatches: $ACTIVE_PATCHES" >&2
exit 1
fi
PATCH="$ACTIVE_PATCHES"
RPM_FULL_NAME=$(klp_patch_rpm_name "$PATCH")
if [ -z "$RPM_FULL_NAME" ]; then if [ -z "$RPM_FULL_NAME" ]; then
echo "Warning: cannot determine RPM package for $patch" >&2 echo "Error: cannot determine RPM package for $PATCH" >&2
continue exit 1
fi fi
RPM_INFO=$(rpm -q --qf '%{name};%{version}' "$RPM_FULL_NAME") RPM_INFO=$(rpm -q --qf '%{name};%{version}' "$RPM_FULL_NAME")
RPM_VERSION=${RPM_INFO#*;} RPM_VERSION=${RPM_INFO#*;}
RPM_NAME=${RPM_INFO%;*} RPM_NAME=${RPM_INFO%;*}
if [ "$RPM_VERSION" -le 1 ]; then if [ "$RPM_VERSION" -le 1 ]; then
echo "$RPM_FULL_NAME is the initial kernel live patch and cannot be downgraded." echo "Error: $RPM_FULL_NAME is the initial kernel live patch and cannot be downgraded."
continue exit 1
fi fi
ZYPPER_COMMAND="zypper -n in --oldpackage $RPM_NAME = $(($RPM_VERSION-1))" PREV_RPM_VERSION=$(($RPM_VERSION-1))
while [ "$PREV_RPM_VERSION" -gt 0 ] ; do
zypper -n se -x "$RPM_NAME-$PREV_RPM_VERSION" >/dev/null 2>&1
[ "$?" -eq 0 ] && break
PREV_RPM_VERSION=$(($PREV_RPM_VERSION-1))
done
if [ "$PREV_RPM_VERSION" -le 0 ] ; then
echo "Error: cannot find package with lower version. The currently loaded livepatch is from the package: "$RPM_NAME" = "$RPM_VERSION"" >&2
exit 1
fi
ZYPPER_COMMAND="zypper -n in --oldpackage $RPM_NAME = $PREV_RPM_VERSION"
echo "KLP tool will replace the current kernel live patch with its previous version." echo "KLP tool will replace the current kernel live patch with its previous version."
echo "The command for downgrade is: $ZYPPER_COMMAND" echo "The command for downgrade is: $ZYPPER_COMMAND"
if [ -z "$NON_INTERACTIVE" ]; then if [ -z "$NON_INTERACTIVE" ]; then
@ -217,8 +248,9 @@ function klp_downgrade()
fi fi
if [[ $REPLY =~ ^[Yy]$ ]]; then if [[ $REPLY =~ ^[Yy]$ ]]; then
eval $ZYPPER_COMMAND eval $ZYPPER_COMMAND
exit_val="$?"
[ "$exit_val" -ne 0 ] && exit $exit_val
fi fi
done
VERBOSE="$VERBOSE_ORIG" VERBOSE="$VERBOSE_ORIG"
} }
@ -272,7 +304,7 @@ case $1 in
store_patch_info) store_patch_info)
SRCVERSION=$(cat "/sys/module/$2/srcversion") SRCVERSION=$(cat "/sys/module/$2/srcversion")
klp_info_from_rpm $2 > "/var/cache/livepatch/$2-$SRCVERSION" ;; klp_info_from_rpm $2 > "/var/cache/livepatch/$2-$SRCVERSION" ;;
patches) klp_patches ;; patches) klp_patches all ;;
downgrade) klp_downgrade ;; downgrade) klp_downgrade ;;
*) echo "Error: unknown command \`$1'"; exit 1 ;; *) echo "Error: unknown command \`$1'"; exit 1 ;;
esac esac

12
rpm-helper
View File

@ -59,14 +59,20 @@ refresh_initrd()
break break
fi fi
done done
if test -z "$image"; then if test -z "$image"; then
return return
fi fi
if test "$1" = "--force"; then
/sbin/mkinitrd -k "/boot/$image-$KREL" -i "/boot/initrd-$KREL" if test "$1" != "--force"; then
else
mkdir -p /var/run/regenerate-initrd mkdir -p /var/run/regenerate-initrd
touch "/var/run/regenerate-initrd/$image-$KREL" touch "/var/run/regenerate-initrd/$image-$KREL"
elif test -x /sbin/mkinitrd ; then
/sbin/mkinitrd -k "/boot/$image-$KREL" -i "/boot/initrd-$KREL"
elif test -x /usr/bin/dracut ; then
/usr/bin/dracut --force --kver "$KREL"
else
echo "[klp]: Does not know how to regenerate initrd."
fi fi
} }

12
sysconfig.livepatching
View File

@ -1,10 +1,14 @@
## Path: System/Live Patching ## Path: System/Live Patching
## Description: Configuration of the system live patch deployment ## Description: Configuration of the system live patch deployment
## Type: string ## Type: string
## Default: "auto" ## Default: "auto"
# Controls whether kernel live patches should be loaded into #
# kernel during live patch RPM package installation. The valid # This setting controls whether kernel live patches are loaded
# settings are "always", "never" and "auto". # during the installation of the live patch RPM package.
#
# The valid settings are "always", "never", and "auto".
# Specifically, "auto" functions as "never" on systems using
# transactional update and as "always" on other systems."
#
LIVEPATCH_KERNEL='auto' LIVEPATCH_KERNEL='auto'

2
systemd-klp-info-cache.service → systemd-klp-info-cache.service.in
View File

@ -7,7 +7,7 @@ ConditionPathIsReadWrite=/var/cache/livepatch
Type=oneshot Type=oneshot
Nice=19 Nice=19
IOSchedulingClass=idle IOSchedulingClass=idle
ExecStart=/usr/lib/kernel-livepatch/cache-cleaner ExecStart=@_LIBEXECDIR@/kernel-livepatch/cache-cleaner
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target