Sync from SUSE:SLFO:Main s390-tools revision 69aca3a62e8416d9ac6d63c3626a06c5

This commit is contained in:
Adrian Schröter 2024-12-18 16:18:39 +01:00
parent aa2121ba34
commit 8cb5f775e2
33 changed files with 552 additions and 1233 deletions

View File

@ -44,6 +44,14 @@ debug_mesg () {
esac esac
} }
add_cio_channel() {
echo "$* # ${DATE}" >> /boot/zipl/active_devices.txt
}
remove_cio_channel() {
[ -w /boot/zipl/active_devices.txt ] && sed -i -e "/^${1}/d" /boot/zipl/active_devices.txt
}
usage(){ usage(){
echo "Usage: ${0} <read channel> <write channel> <online> [<protocol>]" echo "Usage: ${0} <read channel> <write channel> <online> [<protocol>]"
echo " read/write channel = x.y.ssss where" echo " read/write channel = x.y.ssss where"
@ -112,3 +120,9 @@ RC=${?}
if [ ${RC} -ne 0 ]; then if [ ${RC} -ne 0 ]; then
exit ${RC} exit ${RC}
fi fi
if [ ${ON_OFF} == 1 ]; then
add_cio_channel "${CTC_READ_CHAN},${CTC_WRITE_CHAN}"
else remove_cio_channel "${CTC_READ_CHAN}"
remove_cio_channel "${CTC_WRITE_CHAN}"
fi

View File

@ -43,6 +43,14 @@ debug_mesg () {
esac esac
} }
add_cio_channel() {
echo "$* # ${DATE}" >> /boot/zipl/active_devices.txt
}
remove_cio_channel() {
[ -w /boot/zipl/active_devices.txt ] && sed -i -e "/^${1}/d" /boot/zipl/active_devices.txt
}
usage(){ usage(){
echo "Usage: ${0} [-f -t <dasd_type> ] <ccwid> <online> [use_diag]" echo "Usage: ${0} [-f -t <dasd_type> ] <ccwid> <online> [use_diag]"
echo echo
@ -157,4 +165,9 @@ elif [ ${ON_OFF} == 1 ]; then
fi fi
fi fi
if [ ${ON_OFF} == 1 ]; then
add_cio_channel "${CCW_CHAN_ID}"
else remove_cio_channel "${CCW_CHAN_ID}"
fi
exit ${exitcode} exit ${exitcode}

View File

@ -43,6 +43,14 @@ debug_mesg () {
esac esac
} }
add_cio_channel() {
echo "$* # ${DATE}" >> /boot/zipl/active_devices.txt
}
remove_cio_channel() {
[ -w /boot/zipl/active_devices.txt ] && sed -i -e "/^${1}/d" /boot/zipl/active_devices.txt
}
usage(){ usage(){
echo "Usage: ${0} [-f -t <dasd_type> ] <ccwid> <online> [use_diag]" echo "Usage: ${0} [-f -t <dasd_type> ] <ccwid> <online> [use_diag]"
echo echo
@ -157,4 +165,9 @@ elif [ ${ON_OFF} == 1 ]; then
fi fi
fi fi
if [ ${ON_OFF} == 1 ]; then
add_cio_channel "${CCW_CHAN_ID}"
else remove_cio_channel "${CCW_CHAN_ID}"
fi
exit ${exitcode} exit ${exitcode}

View File

@ -1,7 +1,10 @@
# #
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2018-2024 SUSE LINUX GmbH, Nuernberg, Germany.
# All rights reserved. # All rights reserved.
# #
# load pkey module at boot time # load pkey module at boot time
pkey pkey
pkey_cca
pkey_ep11
pkey_pckmo

View File

@ -48,6 +48,14 @@ debug_mesg () {
esac esac
} }
add_cio_channel() {
echo "$* # ${DATE}" >> /boot/zipl/active_devices.txt
}
remove_cio_channel() {
[ -w /boot/zipl/active_devices.txt ] && sed -i -e "/^${1}/d" /boot/zipl/active_devices.txt
}
usage(){ usage(){
echo "Usage: ${0} [options] <read chan> <write chan> <data chan> <online>" echo "Usage: ${0} [options] <read chan> <write chan> <data chan> <online>"
echo " -i Configure IP takeover" echo " -i Configure IP takeover"
@ -157,3 +165,10 @@ RC=${?}
if [ ${RC} -ne 0 ]; then if [ ${RC} -ne 0 ]; then
exit ${RC} exit ${RC}
fi fi
if [ ${ON_OFF} == 1 ]; then
add_cio_channel "${QETH_READ_CHAN},${QETH_WRITE_CHAN},${QETH_DATA_CHAN}"
else remove_cio_channel "${QETH_READ_CHAN}"
remove_cio_channel "${QETH_WRITE_CHAN}"
remove_cio_channel "${QETH_DATA_CHAN}"
fi

View File

@ -0,0 +1,67 @@
From 2d26a63806d2847f549c06276070a636a61bcb80 Mon Sep 17 00:00:00 2001
From: Eduard Shishkin <edward6@linux.ibm.com>
Date: Wed, 4 Dec 2024 13:37:46 +0100
Subject: [PATCH s390-tools] zipl_helper.device-mapper: add missed step in
logical device resolution
This fixes 670bf3e
Preparing a loop device for IPL by zipl tool, using its partition as
zipl target, leads to inconsistent installation setup. The problem is in
a missed step in the procedure of logical device resolution performed
by the script zipl_helper.device-mapper:
\# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
loop0 7:0 0 5G 0 loop
|-loop0p1 253:15 0 128M 0 part
`-loop0p2 253:16 0 4.9G 0 part /mnt
\# ./zipl_helper.device-mapper 253:16
Expected result:
targetbase=7:0
targettype=SCSI
targetblocksize=4096
targetoffset=32784
Actual result:
targetbase=253:16
targettype=SCSI
targetblocksize=4096
targetoffset=32784
The fixup adds a missed resolution step.
Reference-ID: LTC210771
Signed-off-by: Eduard Shishkin <edward6@linux.ibm.com>
---
zipl/src/zipl_helper.device-mapper.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/zipl/src/zipl_helper.device-mapper.c b/zipl/src/zipl_helper.device-mapper.c
index aca52be1..918c5aba 100644
--- a/zipl/src/zipl_helper.device-mapper.c
+++ b/zipl/src/zipl_helper.device-mapper.c
@@ -1306,13 +1306,13 @@ static int complete_physical_device(struct physical_device *pd, dev_t *base_dev)
*base_dev = base_entry->dev.dev;
} else {
/*
- * In this case base device is the uppermost logical
+ * In this case base device is the uppermost
* device which provides access to boot sectors
*/
base_entry = find_base_entry(pd->dmpath, dc->bootsectors);
if (!base_entry)
return -1;
- *base_dev = base_entry->dev.dev;
+ *base_dev = first_device_by_target_data(base_entry->target);
}
/* Check for valid offset of filesystem */
if ((pd->offset % (dc->blocksize / SECTOR_SIZE)) != 0) {
--
2.39.0

View File

@ -0,0 +1,63 @@
From 592a016a1095fa9813f0bae8256433ba5af4ab9b Mon Sep 17 00:00:00 2001
From: Eduard Shishkin <edward6@linux.ibm.com>
Date: Sat, 7 Dec 2024 12:48:12 +0100
Subject: [PATCH s390-tools 2/2] zipl/src: fix imprecise check that file is on
specified device
This fixes c0f02d2
The check that file is on specified disk is imprecise: In case when
target parameters are specified by user, the check compares a logical
device with a base disk, which is incorrect.
The fixup makes the check compare base disks (a specified one with
the base disk determined by disk_get_info() procedure).
Signed-off-by: Eduard Shishkin <edward6@linux.ibm.com>
---
zipl/src/bootmap.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/zipl/src/bootmap.c b/zipl/src/bootmap.c
index 7d340156..880b93ce 100644
--- a/zipl/src/bootmap.c
+++ b/zipl/src/bootmap.c
@@ -299,14 +299,15 @@ create_component_header(void* buffer, component_header_type type)
}
/*
- * Not precise check that the file FILENAME locates on specified physical DISK.
+ * Not precise check that the file FILENAME locates on the physical
+ * disk specified by WHERE.
*
* Try to auto-detect parameters of the disk which the file locates on
* and compare found device-ID with DISK.
* Return 0, if auto-detection succeeded, and it is proven that the
* file does NOT locate on DISK. Otherwise, return 1.
*/
-static int file_is_on_disk(const char *filename, dev_t disk)
+static int file_is_on_disk(const char *filename, struct disk_info *where)
{
/*
* Retrieve info of the underlying disk without any user hints
@@ -331,7 +332,7 @@ static int file_is_on_disk(const char *filename, dev_t disk)
"Warning: Preparing a logical device for boot might fail\n");
return 1;
}
- if (info->device != disk) {
+ if (info->basedisks[0] != where->basedisks[0]) {
disk_free_info(info);
return 0;
}
@@ -378,7 +379,7 @@ static int add_component_file_range(struct install_set *bis,
return -1;
}
} else {
- if (!file_is_on_disk(filename, bis->info->device)) {
+ if (!file_is_on_disk(filename, bis->info)) {
error_reason("File is not on target device");
return -1;
}
--
2.39.0

BIN
s390-tools-2.31.0.tar.gz (Stored with Git LFS)

Binary file not shown.

BIN
s390-tools-2.36.0.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -5,10 +5,8 @@
zdev/dracut/Makefile | 15 ++++++++++-- zdev/dracut/Makefile | 15 ++++++++++--
4 files changed, 92 insertions(+), 2 deletions(-) 4 files changed, 92 insertions(+), 2 deletions(-)
Index: s390-tools-2.30.0/zdev/dracut/96zdev-live/module-setup.sh
===================================================================
--- /dev/null --- /dev/null
+++ s390-tools-2.30.0/zdev/dracut/96zdev-live/module-setup.sh +++ b/zdev/dracut/96zdev-live/module-setup.sh
@@ -0,0 +1,32 @@ @@ -0,0 +1,32 @@
+#!/bin/bash +#!/bin/bash
+ +
@ -42,10 +40,8 @@ Index: s390-tools-2.30.0/zdev/dracut/96zdev-live/module-setup.sh
+ inst_hook cleanup 41 "$moddir/write-udev-live.sh" + inst_hook cleanup 41 "$moddir/write-udev-live.sh"
+ inst_multiple chzdev + inst_multiple chzdev
+} +}
Index: s390-tools-2.30.0/zdev/dracut/96zdev-live/parse-zdev-live.sh
===================================================================
--- /dev/null --- /dev/null
+++ s390-tools-2.30.0/zdev/dracut/96zdev-live/parse-zdev-live.sh +++ b/zdev/dracut/96zdev-live/parse-zdev-live.sh
@@ -0,0 +1,36 @@ @@ -0,0 +1,36 @@
+#!/bin/bash +#!/bin/bash
+# +#
@ -83,10 +79,8 @@ Index: s390-tools-2.30.0/zdev/dracut/96zdev-live/parse-zdev-live.sh
+ fi + fi
+done +done
+ +
Index: s390-tools-2.30.0/zdev/dracut/96zdev-live/write-udev-live.sh
===================================================================
--- /dev/null --- /dev/null
+++ s390-tools-2.30.0/zdev/dracut/96zdev-live/write-udev-live.sh +++ b/zdev/dracut/96zdev-live/write-udev-live.sh
@@ -0,0 +1,11 @@ @@ -0,0 +1,11 @@
+#!/bin/sh +#!/bin/sh
+# +#
@ -99,11 +93,9 @@ Index: s390-tools-2.30.0/zdev/dracut/96zdev-live/write-udev-live.sh
+if [ -w /sysroot/etc/udev/rules.d ]; then +if [ -w /sysroot/etc/udev/rules.d ]; then
+ cp -p /etc/udev/rules.d/41-* /sysroot/etc/udev/rules.d + cp -p /etc/udev/rules.d/41-* /sysroot/etc/udev/rules.d
+fi +fi
Index: s390-tools-2.30.0/zdev/dracut/Makefile --- a/zdev/dracut/Makefile
=================================================================== +++ b/zdev/dracut/Makefile
--- s390-tools-2.30.0.orig/zdev/dracut/Makefile @@ -3,17 +3,23 @@
+++ s390-tools-2.30.0/zdev/dracut/Makefile
@@ -3,17 +3,23 @@ include ../../common.mak
ZDEVDIR := 95zdev ZDEVDIR := 95zdev
ZDEVKDUMPDIR := 95zdev-kdump ZDEVKDUMPDIR := 95zdev-kdump
@ -129,7 +121,7 @@ Index: s390-tools-2.30.0/zdev/dracut/Makefile
ifeq ($(HAVE_DRACUT),1) ifeq ($(HAVE_DRACUT),1)
install: install:
$(INSTALL) -m 755 -d $(DESTDIR)$(DRACUTMODDIR)/ $(INSTALL) -m 755 -d $(DESTDIR)$(DRACUTMODDIR)/
@@ -25,4 +31,9 @@ install: @@ -29,4 +35,9 @@
$(INSTALL) -m 755 -d $(DESTDIR)$(DRACUTMODDIR)/$(ZDEVKDUMPDIR) $(INSTALL) -m 755 -d $(DESTDIR)$(DRACUTMODDIR)/$(ZDEVKDUMPDIR)
$(INSTALL) -m 755 $(ZDEVKDUMPDIR)/module-setup.sh \ $(INSTALL) -m 755 $(ZDEVKDUMPDIR)/module-setup.sh \
$(DESTDIR)$(DRACUTMODDIR)/$(ZDEVKDUMPDIR)/ $(DESTDIR)$(DRACUTMODDIR)/$(ZDEVKDUMPDIR)/

View File

@ -1,8 +1,10 @@
Index: s390-tools-2.30.0/etc/udev/rules.d/59-dasd.rules ---
=================================================================== etc/udev/rules.d/59-dasd.rules | 10 +++++++++-
--- s390-tools-2.30.0.orig/etc/udev/rules.d/59-dasd.rules 1 file changed, 9 insertions(+), 1 deletion(-)
+++ s390-tools-2.30.0/etc/udev/rules.d/59-dasd.rules
@@ -15,7 +15,7 @@ KERNEL=="dasd*[!0-9]", ENV{ID_XUID}=="?* --- a/etc/udev/rules.d/59-dasd.rules
+++ b/etc/udev/rules.d/59-dasd.rules
@@ -15,7 +15,7 @@
LABEL="dasd_block_end" LABEL="dasd_block_end"
@ -11,7 +13,7 @@ Index: s390-tools-2.30.0/etc/udev/rules.d/59-dasd.rules
# for partitions import parent information # for partitions import parent information
KERNEL=="dasd*[0-9]", IMPORT{parent}=="ID_*" KERNEL=="dasd*[0-9]", IMPORT{parent}=="ID_*"
@@ -24,6 +24,14 @@ KERNEL=="dasd*[0-9]", ENV{ID_SERIAL}=="? @@ -24,6 +24,14 @@
KERNEL=="dasd*[0-9]", ENV{ID_UID}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_UID}-part%n" KERNEL=="dasd*[0-9]", ENV{ID_UID}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_UID}-part%n"
KERNEL=="dasd*[0-9]", ENV{ID_XUID}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_XUID}-part%n" KERNEL=="dasd*[0-9]", ENV{ID_XUID}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_XUID}-part%n"

View File

@ -12,14 +12,12 @@ so we should be suppressing the error message for these devices, too.
Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Hannes Reinecke <hare@suse.de>
--- ---
fdasd/fdasd.c | 13 ++++++++----- fdasd/fdasd.c | 4 +++-
1 file changed, 8 insertions(+), 5 deletions(-) 1 file changed, 3 insertions(+), 1 deletion(-)
Index: s390-tools-2.30.0/fdasd/fdasd.c --- a/fdasd/fdasd.c
=================================================================== +++ b/fdasd/fdasd.c
--- s390-tools-2.30.0.orig/fdasd/fdasd.c @@ -1231,10 +1231,12 @@
+++ s390-tools-2.30.0/fdasd/fdasd.c
@@ -1231,10 +1231,12 @@ static int fdasd_get_volser(fdasd_anchor
*/ */
static void fdasd_reread_partition_table(fdasd_anchor_t *anc) static void fdasd_reread_partition_table(fdasd_anchor_t *anc)
{ {

View File

@ -13,10 +13,8 @@ Signed-off-by: Robert Milasan <rmilasan@suse.de>
etc/udev/rules.d/59-dasd.rules | 2 +- etc/udev/rules.d/59-dasd.rules | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
Index: s390-tools-2.30.0/etc/udev/rules.d/59-dasd.rules --- a/etc/udev/rules.d/59-dasd.rules
=================================================================== +++ b/etc/udev/rules.d/59-dasd.rules
--- s390-tools-2.30.0.orig/etc/udev/rules.d/59-dasd.rules
+++ s390-tools-2.30.0/etc/udev/rules.d/59-dasd.rules
@@ -6,7 +6,7 @@ @@ -6,7 +6,7 @@
SUBSYSTEM!="block", GOTO="dasd_symlinks_end" SUBSYSTEM!="block", GOTO="dasd_symlinks_end"
KERNEL!="dasd*", GOTO="dasd_symlinks_end" KERNEL!="dasd*", GOTO="dasd_symlinks_end"

View File

@ -1,8 +1,10 @@
Index: s390-tools-2.30.0/zipl/boot/menu.c ---
=================================================================== zipl/boot/menu.c | 7 +++++--
--- s390-tools-2.30.0.orig/zipl/boot/menu.c 1 file changed, 5 insertions(+), 2 deletions(-)
+++ s390-tools-2.30.0/zipl/boot/menu.c
@@ -168,8 +168,11 @@ int menu(void) --- a/zipl/boot/menu.c
+++ b/zipl/boot/menu.c
@@ -168,8 +168,11 @@
/* print config list */ /* print config list */
menu_list(); menu_list();

View File

@ -1,34 +1,27 @@
Index: s390-tools-2.30.0/etc/sysconfig/dumpconf ---
=================================================================== etc/sysconfig/dumpconf | 133 +++++++++++++++++++++++++++++++++++++++++++++++++
--- s390-tools-2.30.0.orig/etc/sysconfig/dumpconf 1 file changed, 133 insertions(+)
+++ s390-tools-2.30.0/etc/sysconfig/dumpconf
@@ -1,71 +1,137 @@ --- a/etc/sysconfig/dumpconf
+++ b/etc/sysconfig/dumpconf
@@ -1,3 +1,4 @@
+###########################################################################################
#
# s390 dump config
#
@@ -78,3 +79,135 @@
# dumpconf becomes active immediately during system startup.
#
# ON_PANIC=reipl
+
+############################ Begin Definitions ###########################################
+## Path: System/Dumpconf +## Path: System/Dumpconf
+## Description: Configures the actions which should be performed after a kernel panic +## Description: Configures the actions which should be performed after a kernel panic
+## Type: list(stop,dump,vmcmd,reipl,dump_reipl) +## Type: list(stop,dump,vmcmd,reipl,dump_reipl)
+## Default: "stop" +## Default: "stop"
+## ServiceRestart: dumpconf +## ServiceRestart: dumpconf
# +#
-# s390 dump config
-#
-# Configures the actions which should be performed after a kernel panic
-# and on PSW restart.
+# Define the action that should be taken if a kernel panic happens. +# Define the action that should be taken if a kernel panic happens.
#
# The following actions are supported:
#
-# * stop: Stop Linux (default)
-# * dump: Dump Linux with stand-alone dump tool
-# * vmcmd: Issue z/VM CP commands
-# * reipl: Re-IPL Linux using setting under /sys/firmware/reipl
-# * dump_reipl: First dump Linux with stand-alone dump tool, then re-IPL Linux
-# using setting under /sys/firmware/reipl
+# * stop: Stop Linux (default)
+# * dump: Dump Linux
+# * vmcmd: Issue z/VM CP commands
+# * reipl: Re-IPL Linux using setting under /sys/firmware/reipl
+# * dump_reipl: First dump Linux, then re-IPL Linux using setting under
+# /sys/firmware/reipl
+# +#
+ON_PANIC="stop" +ON_PANIC="stop"
+ +
@ -62,14 +55,10 @@ Index: s390-tools-2.30.0/etc/sysconfig/dumpconf
+# Define the device id for a DASD or SCSI over zFCP dump device. +# Define the device id for a DASD or SCSI over zFCP dump device.
+# +#
+# For example (DASD and SCSI over zFCP have the same structure): DEVICE=0.0.4711 +# For example (DASD and SCSI over zFCP have the same structure): DEVICE=0.0.4711
# +#
+DEVICE="" +DEVICE=""
+
-# For the actions "reipl" and "dump_reipl" the DELAY_MINUTES keyword may +# Type: string
-# be used to delay the activation of dumpconf.
-# Thus potential reipl loops caused by kernel panics
-# which persistently occur early in the boot process can be prevented.
+## Type: string
+## Default: "" +## Default: ""
+## ServiceRestart: dumpconf +## ServiceRestart: dumpconf
+# +#
@ -78,62 +67,40 @@ Index: s390-tools-2.30.0/etc/sysconfig/dumpconf
+# For example: WWPN=0x5005076303004711 +# For example: WWPN=0x5005076303004711
+# +#
+WWPN="" +WWPN=""
+
-# Dump on CCW device (DASD) and re-IPL after dump is complete.
-# The re-IPL device, as specified under "/sys/firmware/reipl", is used.
-# The activation of dumpconf is delayed by 5 minutes.
+## Type: string +## Type: string
+## Default: "" +## Default: ""
+## ServiceRestart: dumpconf +## ServiceRestart: dumpconf
# +#
-# ON_PANIC=dump_reipl
-# DUMP_TYPE=ccw
-# DEVICE=0.0.4e13
-# DELAY_MINUTES=5
+# Define the LUN for a zFCP dump device. +# Define the LUN for a zFCP dump device.
+# +#
+# For example: LUN=0x4711000000000000 +# For example: LUN=0x4711000000000000
+# +#
+LUN="" +LUN=""
+
+## Type: integer(0:30) +## Type: integer(0:30)
+## Default: "0" +## Default: "0"
+## ServiceRestart: dumpconf +## ServiceRestart: dumpconf
+# +#
+# Define the Boot program selector for a zFCP dump device. +# Define the Boot program selector for a zFCP dump device.
# +#
-# Dump on fcp device (SCSI Disk)
+# A decimal value between 0 and 30 specifying the program to be loaded from +# A decimal value between 0 and 30 specifying the program to be loaded from
+# the FCP-I/O device. +# the FCP-I/O device.
# +#
-# ON_PANIC=dump
-# DUMP_TYPE=fcp
-# DEVICE=0.0.4711
-# WWPN=0x5005076303004711
-# LUN=0x4711000000000000
-# BOOTPROG=0
-# BR_LBA=0
+BOOTPROG="0" +BOOTPROG="0"
+
+## Type: string +## Type: string
+## Default: "0" +## Default: "0"
+## ServiceRestart: dumpconf +## ServiceRestart: dumpconf
# +#
-# Dump on nvme device (NVMe Disk)
+# Define the Boot record logical block address for a zFCP dump device. +# Define the Boot record logical block address for a zFCP dump device.
# +#
-# ON_PANIC=dump
-# DUMP_TYPE=nvme
-# FID=0x00000300
-# NSID=0x00000001
-# BOOTPROG=3
-# BR_LBA=0
+# The hexadecimal digits designating the logical-block address of the boot record of the FCP-I/O device. +# The hexadecimal digits designating the logical-block address of the boot record of the FCP-I/O device.
+# It must be a value from 0-FFFFFFFF FFFFFFFF. For values longer than 8 hex characters at least one separator +# It must be a value from 0-FFFFFFFF FFFFFFFF. For values longer than 8 hex characters at least one separator
+# blank is required after the 8th character. +# blank is required after the 8th character.
+# +#
+BR_LBA="0" +BR_LBA="0"
+
+## Type: string +## Type: string
+## Default: "" +## Default: ""
+## ServiceRestart: dumpconf +## ServiceRestart: dumpconf
@ -141,16 +108,11 @@ Index: s390-tools-2.30.0/etc/sysconfig/dumpconf
+# Define the Function ID for NVMe dump device. +# Define the Function ID for NVMe dump device.
+# +#
+# The hexadecimal digits designating the Function ID for the NMVe disk. +# The hexadecimal digits designating the Function ID for the NMVe disk.
# +#
-# Use VMDUMP
+# For example: FID=0x00000300 +# For example: FID=0x00000300
# +#
-# ON_PANIC=vmcmd
-# VMCMD_1="MESSAGE * Starting VMDUMP"
-# VMCMD_2="VMDUMP"
-# VMCMD_3="IPL 4711"
+FID="" +FID=""
+
+## Type: string +## Type: string
+## Default: "" +## Default: ""
+## ServiceRestart: dumpconf +## ServiceRestart: dumpconf
@ -158,28 +120,21 @@ Index: s390-tools-2.30.0/etc/sysconfig/dumpconf
+# Define the Namespace ID for the NVMe dump device +# Define the Namespace ID for the NVMe dump device
+# +#
+# The hexadecimal digits designating the Namespace ID for the NMVe disk. +# The hexadecimal digits designating the Namespace ID for the NMVe disk.
# +#
-# Stop Linux (default)
+# For example: NSID=0x00000001 +# For example: NSID=0x00000001
# +#
-# ON_PANIC=stop
+NSID="" +NSID=""
+
+## Type: string +## Type: string
+## Default: "" +## Default: ""
+## ServiceRestart: dumpconf +## ServiceRestart: dumpconf
# +#
-# Re-IPL Linux
-# The re-IPL device, as specified under "/sys/firmware/reipl", is used.
-# Since the DELAY_MINUTES keyword is omitted, there is no delay and
-# dumpconf becomes active immediately during system startup.
+# VMCMD_<X> +# VMCMD_<X>
+# Specifies a CP command, <X> is a number from one to eight. You can +# Specifies a CP command, <X> is a number from one to eight. You can
+# specify up to eight CP commands that are executed in case of a kernel +# specify up to eight CP commands that are executed in case of a kernel
+# panic. Note that VM commands, device adresses, and VM guest names +# panic. Note that VM commands, device adresses, and VM guest names
+# must be uppercase. +# must be uppercase.
# +#
-# ON_PANIC=reipl
+VMCMD_1="" +VMCMD_1=""
+VMCMD_2="" +VMCMD_2=""
+VMCMD_3="" +VMCMD_3=""
@ -188,3 +143,6 @@ Index: s390-tools-2.30.0/etc/sysconfig/dumpconf
+VMCMD_6="" +VMCMD_6=""
+VMCMD_7="" +VMCMD_7=""
+VMCMD_8="" +VMCMD_8=""
+
+############################### End Definitions ##############################################
\ No newline at end of file

View File

@ -35,11 +35,9 @@ Signed-off-by: Peter Oberparleiter <oberpar@linux.ibm.com>
zdev/src/zdev-root-update.dracut | 6 ------ zdev/src/zdev-root-update.dracut | 6 ------
1 file changed, 6 deletions(-) 1 file changed, 6 deletions(-)
Index: s390-tools-2.30.0/zdev/src/zdev-root-update.dracut --- a/zdev/src/zdev-root-update.dracut
=================================================================== +++ b/zdev/src/zdev-root-update.dracut
--- s390-tools-2.30.0.orig/zdev/src/zdev-root-update.dracut @@ -20,10 +20,4 @@
+++ s390-tools-2.30.0/zdev/src/zdev-root-update.dracut
@@ -20,10 +20,4 @@ dracut -f || {
exit 1 exit 1
} }

View File

@ -7,36 +7,32 @@ Allow the user to specify several devices as arguments to dasdfmt.
Signed-off-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Hannes Reinecke <hare@suse.com>
--- ---
dasdfmt/dasdfmt.8 | 5 +- dasdfmt/dasdfmt.8 | 6 -
dasdfmt/dasdfmt.c | 175 ++++++++++++++++++++++++++++++------------------------ dasdfmt/dasdfmt.c | 197 +++++++++++++++++++++++++++++++-----------------------
2 files changed, 100 insertions(+), 80 deletions(-) 2 files changed, 119 insertions(+), 84 deletions(-)
Index: s390-tools-2.30.0/dasdfmt/dasdfmt.8 --- a/dasdfmt/dasdfmt.8
=================================================================== +++ b/dasdfmt/dasdfmt.8
--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.8 @@ -11,14 +11,14 @@
+++ s390-tools-2.30.0/dasdfmt/dasdfmt.8
@@ -11,14 +11,15 @@ dasdfmt \- formatting of DASD (ECKD) dis
.br .br
[-r \fIcylinder\fR] [-b \fIblksize\fR] [-l \fIvolser\fR] [-d \fIlayout\fR] [\-r \fIcylinder\fR] [\-b \fIblksize\fR] [\-l \fIvolser\fR] [\-d \fIlayout\fR]
.br .br
- [-L] [-V] [-F] [-k] [-C] [-M \fImode\fR] \fIdevice\fR - [\-L] [\-V] [\-F] [\-k] [\-C] [\-M \fImode\fR] \fIdevice\fR
+ [-L] [-V] [-F] [-k] [-C] [-M \fImode\fR] \fIdevice\fR [\fIdevice\fR] + [\-L] [\-V] [\-F] [\-k] [\-C] [\-M \fImode\fR] \fIdevice\fR [\fIdevice\fR]
.SH DESCRIPTION .SH DESCRIPTION
-\fBdasdfmt\fR formats a DASD (ECKD) disk drive to prepare it -\fBdasdfmt\fR formats a DASD (ECKD) disk drive to prepare it
+\fBdasdfmt\fR formats one or several DASD (ECKD) disk drive to prepare it +\fBdasdfmt\fR formats one or several DASD (ECKD) disk drive(s) to prepare them
for usage with Linux for S/390. for usage with Linux for S/390.
The \fIdevice\fR is the node of the device (e.g. '/dev/dasda'). The \fIdevice\fR is the node of the device (e.g. '/dev/dasda').
Any device node created by udev for kernel 2.6 can be used Any device node created by udev for kernel 2.6 can be used
(e.g. '/dev/dasd/0.0.b100/disc'). -(e.g. '/dev/dasd/0.0.b100/disc').
+It is possible to specify up to 512 devices. +(e.g. '/dev/dasd/0.0.b100/disc'). It is possible to specify up to 512 devices.
.br .br
\fBWARNING\fR: Careless usage of \fBdasdfmt\fR can result in \fBWARNING\fR: Careless usage of \fBdasdfmt\fR can result in
Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c --- a/dasdfmt/dasdfmt.c
=================================================================== +++ b/dasdfmt/dasdfmt.c
--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.c
+++ s390-tools-2.30.0/dasdfmt/dasdfmt.c
@@ -25,6 +25,8 @@ @@ -25,6 +25,8 @@
#include "dasdfmt.h" #include "dasdfmt.h"
@ -46,7 +42,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
#define BUSIDSIZE 8 #define BUSIDSIZE 8
#define SEC_PER_DAY (60 * 60 * 24) #define SEC_PER_DAY (60 * 60 * 24)
#define SEC_PER_HOUR (60 * 60) #define SEC_PER_HOUR (60 * 60)
@@ -57,7 +59,9 @@ static const struct util_prg prg = { @@ -57,7 +59,9 @@
static struct dasdfmt_globals { static struct dasdfmt_globals {
dasd_information2_t dasd_info; dasd_information2_t dasd_info;
char *dev_path; /* device path entered by user */ char *dev_path; /* device path entered by user */
@ -56,7 +52,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
int verbosity; int verbosity;
int testmode; int testmode;
int withoutprompt; int withoutprompt;
@@ -484,15 +488,15 @@ static void program_interrupt_signal(int @@ -484,15 +488,15 @@
program_interrupt_in_progress = 1; program_interrupt_in_progress = 1;
if (disk_disabled) { if (disk_disabled) {
@ -75,7 +71,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
} else { } else {
printf("Exiting...\n"); printf("Exiting...\n");
} }
@@ -512,9 +516,6 @@ static void get_device_name(int optind, @@ -512,9 +516,6 @@
unsigned int maj, min; unsigned int maj, min;
struct stat dev_stat; struct stat dev_stat;
@ -85,7 +81,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
if (optind >= argc) if (optind >= argc)
error("No device specified!"); error("No device specified!");
@@ -610,10 +611,10 @@ static void check_disk(void) @@ -610,10 +611,10 @@
error("the ioctl call to retrieve read/write status information failed: %s", error("the ioctl call to retrieve read/write status information failed: %s",
strerror(err)); strerror(err));
if (ro) if (ro)
@ -98,7 +94,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
} }
if (strncmp(g.dasd_info.type, "ECKD", 4) != 0) { if (strncmp(g.dasd_info.type, "ECKD", 4) != 0) {
warnx("Unsupported disk type"); warnx("Unsupported disk type");
@@ -700,7 +701,7 @@ static void set_geo(unsigned int *cylind @@ -700,7 +701,7 @@
struct dasd_eckd_characteristics *characteristics; struct dasd_eckd_characteristics *characteristics;
if (g.verbosity > 0) if (g.verbosity > 0)
@ -107,7 +103,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
characteristics = (struct dasd_eckd_characteristics *) characteristics = (struct dasd_eckd_characteristics *)
&g.dasd_info.characteristics; &g.dasd_info.characteristics;
@@ -728,13 +729,13 @@ static void set_label(volume_label_t *vl @@ -728,13 +729,13 @@
"Cylinders above this limit will not be" "Cylinders above this limit will not be"
" accessible as a linux partition!\n" " accessible as a linux partition!\n"
"Type \"yes\" to continue, no will leave" "Type \"yes\" to continue, no will leave"
@ -124,7 +120,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
return; return;
} }
} }
@@ -872,7 +873,7 @@ static void check_disk_format(unsigned i @@ -872,7 +873,7 @@
check_params->start_unit = 0; check_params->start_unit = 0;
check_params->stop_unit = (cylinders * heads) - 1; check_params->stop_unit = (cylinders * heads) - 1;
@ -133,7 +129,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
if (g.testmode) { if (g.testmode) {
printf("Test mode active, omitting ioctl.\n"); printf("Test mode active, omitting ioctl.\n");
@@ -896,7 +897,7 @@ static void check_disk_format(unsigned i @@ -896,7 +897,7 @@
if (process_tracks(cylinders, heads, check_params)) if (process_tracks(cylinders, heads, check_params))
error("Use --mode=full to perform a clean format."); error("Use --mode=full to perform a clean format.");
@ -142,7 +138,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
} }
/* /*
@@ -946,8 +947,8 @@ static void dasdfmt_print_info(volume_la @@ -946,8 +947,8 @@
printf("Device Type: %s Provisioned\n", printf("Device Type: %s Provisioned\n",
g.ese ? "Thinly" : "Fully"); g.ese ? "Thinly" : "Fully");
@ -153,7 +149,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
printf(" Device number of device : 0x%x\n", g.dasd_info.devno); printf(" Device number of device : 0x%x\n", g.dasd_info.devno);
printf(" Labelling device : %s\n", printf(" Labelling device : %s\n",
(g.writenolabel) ? "no" : "yes"); (g.writenolabel) ? "no" : "yes");
@@ -1012,7 +1013,7 @@ static void dasdfmt_write_labels(volume_ @@ -1012,7 +1013,7 @@
int ipl1_record_len, ipl2_record_len; int ipl1_record_len, ipl2_record_len;
if (g.verbosity > 0) if (g.verbosity > 0)
@ -162,7 +158,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
get_blocksize(&blksize); get_blocksize(&blksize);
@@ -1030,7 +1031,7 @@ static void dasdfmt_write_labels(volume_ @@ -1030,7 +1031,7 @@
/* write empty bootstrap (initial IPL records) */ /* write empty bootstrap (initial IPL records) */
if (g.verbosity > 0) if (g.verbosity > 0)
@ -171,7 +167,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
/* /*
* Note: ldl labels do not contain the key field * Note: ldl labels do not contain the key field
@@ -1089,7 +1090,7 @@ static void dasdfmt_write_labels(volume_ @@ -1089,7 +1090,7 @@
label_position = g.dasd_info.label_block * blksize; label_position = g.dasd_info.label_block * blksize;
if (g.verbosity > 0) if (g.verbosity > 0)
@ -180,7 +176,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
rc = lseek(fd, label_position, SEEK_SET); rc = lseek(fd, label_position, SEEK_SET);
if (rc != label_position) { if (rc != label_position) {
@@ -1120,7 +1121,7 @@ static void dasdfmt_write_labels(volume_ @@ -1120,7 +1121,7 @@
} }
if (g.verbosity > 0) if (g.verbosity > 0)
@ -189,16 +185,16 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
label_position = (VTOC_START_CC * heads + VTOC_START_HH) * label_position = (VTOC_START_CC * heads + VTOC_START_HH) *
geo.sectors * blksize; geo.sectors * blksize;
@@ -1242,7 +1243,7 @@ static int dasdfmt_release_space(void) @@ -1242,7 +1243,7 @@
if (!g.ese || g.no_discard) if (!g.ese || g.no_discard)
return 0; return;
- printf("Releasing space for the entire device...\n"); - printf("Releasing space for the entire device...\n");
+ printf("Releasing space for the entire %s device...\n", g.dev_path); + printf("Releasing space for the entire %s device...\n", g.dev_path);
err = dasd_release_space(g.dev_node, &r); err = dasd_release_space(g.dev_node, &r);
/* if (err)
* Warn or Error on failing RAS depending on QUICK mode set explicitly or automatically error("Could not release space: %s", strerror(err));
@@ -1270,20 +1271,21 @@ static void dasdfmt_prepare_and_format(u @@ -1261,20 +1262,21 @@
int err; int err;
if (!(g.withoutprompt && g.verbosity < 1)) if (!(g.withoutprompt && g.verbosity < 1))
@ -225,7 +221,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
/* except track 0 from standard formatting procss */ /* except track 0 from standard formatting procss */
p->start_unit = 1; p->start_unit = 1;
@@ -1291,19 +1293,19 @@ static void dasdfmt_prepare_and_format(u @@ -1282,19 +1284,19 @@
process_tracks(cylinders, heads, p); process_tracks(cylinders, heads, p);
if (g.verbosity > 0) if (g.verbosity > 0)
@ -248,7 +244,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
disk_enable(); disk_enable();
} }
@@ -1315,18 +1317,18 @@ static void dasdfmt_expand_format(unsign @@ -1306,18 +1308,18 @@
format_data_t *p) format_data_t *p)
{ {
if (!(g.withoutprompt && g.verbosity < 1)) if (!(g.withoutprompt && g.verbosity < 1))
@ -271,7 +267,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
if (g.verbosity > 0) if (g.verbosity > 0)
printf("Re-accessing the device...\n"); printf("Re-accessing the device...\n");
@@ -1435,16 +1437,16 @@ static void do_format_dasd(volume_label_ @@ -1426,16 +1428,16 @@
if (!g.withoutprompt) { if (!g.withoutprompt) {
printf("\n"); printf("\n");
if (mode != EXPAND) if (mode != EXPAND)
@ -292,7 +288,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
return; return;
} }
} }
@@ -1466,12 +1468,12 @@ static void do_format_dasd(volume_label_ @@ -1453,12 +1455,12 @@
break; break;
} }
@ -307,7 +303,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
err = dasd_reread_partition_table(g.dev_node, 5); err = dasd_reread_partition_table(g.dev_node, 5);
if (err != 0) { if (err != 0) {
ERRMSG("%s: error during rereading the partition " ERRMSG("%s: error during rereading the partition "
@@ -1485,7 +1487,7 @@ static void do_format_dasd(volume_label_ @@ -1472,7 +1474,7 @@
static void eval_format_mode(void) static void eval_format_mode(void)
{ {
if (!g.force && g.mode_specified && g.ese && mode == EXPAND) { if (!g.force && g.mode_specified && g.ese && mode == EXPAND) {
@ -316,7 +312,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
warnx("Format mode 'expand' is not feasible."); warnx("Format mode 'expand' is not feasible.");
error("Use --mode=full or --mode=quick to perform a clean format"); error("Use --mode=full or --mode=quick to perform a clean format");
} }
@@ -1508,20 +1510,70 @@ static void set_prog_name(char *s) @@ -1495,20 +1497,70 @@
prog_name = p + 1; prog_name = p + 1;
} }
@ -391,7 +387,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
/* Establish a handler for interrupt signals. */ /* Establish a handler for interrupt signals. */
signal(SIGTERM, program_interrupt_signal); signal(SIGTERM, program_interrupt_signal);
@@ -1657,6 +1709,9 @@ int main(int argc, char *argv[]) @@ -1644,6 +1696,9 @@
break; /* exit loop if finished */ break; /* exit loop if finished */
} }
@ -401,7 +397,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
CHECK_SPEC_MAX_ONCE(g.blksize_specified, "blocksize"); CHECK_SPEC_MAX_ONCE(g.blksize_specified, "blocksize");
CHECK_SPEC_MAX_ONCE(g.labelspec, "label"); CHECK_SPEC_MAX_ONCE(g.labelspec, "label");
CHECK_SPEC_MAX_ONCE(g.writenolabel, "omit-label-writing flag"); CHECK_SPEC_MAX_ONCE(g.writenolabel, "omit-label-writing flag");
@@ -1675,48 +1730,28 @@ int main(int argc, char *argv[]) @@ -1662,48 +1717,28 @@
if (g.print_hashmarks) if (g.print_hashmarks)
PARSE_PARAM_INTO(g.hashstep, hashstep_str, 10, "hashstep"); PARSE_PARAM_INTO(g.hashstep, hashstep_str, 10, "hashstep");

View File

@ -7,37 +7,34 @@ Allow dasdfmt to run in parallel when several devices are specified.
Signed-off-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Hannes Reinecke <hare@suse.com>
--- ---
dasdfmt/dasdfmt.8 | 16 ++++++++++++++-- dasdfmt/dasdfmt.8 | 16 +++++++++++++-
dasdfmt/dasdfmt.c | 50 +++++++++++++++++++++++++++++++++++++++++++------- dasdfmt/dasdfmt.c | 58 ++++++++++++++++++++++++++++++++++++++++++------------
dasdfmt/dasdfmt.h | 1 + 2 files changed, 60 insertions(+), 14 deletions(-)
3 files changed, 58 insertions(+), 9 deletions(-)
Index: s390-tools-2.30.0/dasdfmt/dasdfmt.8 --- a/dasdfmt/dasdfmt.8
=================================================================== +++ b/dasdfmt/dasdfmt.8
--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.8
+++ s390-tools-2.30.0/dasdfmt/dasdfmt.8
@@ -7,7 +7,7 @@ @@ -7,7 +7,7 @@
dasdfmt \- formatting of DASD (ECKD) disk drives. dasdfmt \- formatting of DASD (ECKD) disk drives.
.SH SYNOPSIS .SH SYNOPSIS
-\fBdasdfmt\fR [-h] [-t] [-v] [-y] [-p] [-P] [-m \fIstep\fR] -\fBdasdfmt\fR [\-h] [\-t] [\-v] [\-y] [\-p] [\-P] [\-m \fIstep\fR]
+\fBdasdfmt\fR [-h] [-t] [-v] [-y] [-p] [-Q] [-P] [-m \fIstep\fR] +\fBdasdfmt\fR [\-h] [\-t] [\-v] [\-y] [\-p] [\-Q] [\-P] [\-m \fIstep\fR]
.br .br
[-r \fIcylinder\fR] [-b \fIblksize\fR] [-l \fIvolser\fR] [-d \fIlayout\fR] [\-r \fIcylinder\fR] [\-b \fIblksize\fR] [\-l \fIvolser\fR] [\-d \fIlayout\fR]
.br .br
@@ -96,7 +96,7 @@ Do not use this option if you are using @@ -95,7 +95,7 @@
running in background or redirecting the output to a file. running in background or redirecting the output to a file.
.TP .TP
-\fB-P\fR or \fB--percentage\fR -\fB\-P\fR or \fB\-\-percentage\fR
+\fB-Q\fR or \fB--percentage\fR +\fB\-Q\fR or \fB\-\-percentage\fR
Print one line for each formatted cylinder showing the number of the Print one line for each formatted cylinder showing the number of the
cylinder and percentage of formatting process. cylinder and percentage of formatting process.
Intended to be used by higher level interfaces. Intended to be used by higher level interfaces.
@@ -164,6 +164,18 @@ Specify blocksize to be used. \fIblksize @@ -164,6 +164,18 @@
and always be a power of two. The recommended blocksize is 4096 bytes.
.TP .TP
\fB\-l\fR \fIvolser\fR or \fB\-\-label\fR=\fIvolser\fR
+\fB-P\fR \fInumdisks\fR or \fB--max_parallel\fR=\fInumdisks\fR +\fB-P\fR \fInumdisks\fR or \fB--max_parallel\fR=\fInumdisks\fR
+Specify the number of disks to be formatted in parallel. +Specify the number of disks to be formatted in parallel.
+\fInumdisks\fR specifies the number of formatting processed, +\fInumdisks\fR specifies the number of formatting processed,
@ -50,13 +47,11 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.8
+.br +.br
+ +
+.TP +.TP
\fB-l\fR \fIvolser\fR or \fB--label\fR=\fIvolser\fR
Specify the volume serial number or volume identifier to be written Specify the volume serial number or volume identifier to be written
to disk after formatting. If no label is specified, a sensible default to disk after formatting. If no label is specified, a sensible default
Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c is used. \fIvolser\fR is interpreted as ASCII string and is automatically
=================================================================== --- a/dasdfmt/dasdfmt.c
--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.c +++ b/dasdfmt/dasdfmt.c
+++ s390-tools-2.30.0/dasdfmt/dasdfmt.c
@@ -13,6 +13,7 @@ @@ -13,6 +13,7 @@
#include <sys/sysmacros.h> #include <sys/sysmacros.h>
#include <sys/time.h> #include <sys/time.h>
@ -65,7 +60,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
#include "lib/dasd_base.h" #include "lib/dasd_base.h"
#include "lib/dasd_sys.h" #include "lib/dasd_sys.h"
@@ -81,6 +82,7 @@ static struct dasdfmt_globals { @@ -81,6 +82,7 @@
int mode_specified; int mode_specified;
int ese; int ese;
int no_discard; int no_discard;
@ -73,7 +68,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
} g = { } g = {
.dasd_info = { 0 }, .dasd_info = { 0 },
}; };
@@ -105,6 +107,11 @@ static struct util_opt opt_vec[] = { @@ -105,6 +107,11 @@
.desc = "Perform complete format check on device", .desc = "Perform complete format check on device",
.flags = UTIL_OPT_FLAG_NOSHORT, .flags = UTIL_OPT_FLAG_NOSHORT,
}, },
@ -85,7 +80,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
UTIL_OPT_SECTION("FORMAT OPTIONS"), UTIL_OPT_SECTION("FORMAT OPTIONS"),
{ {
.option = { "blocksize", required_argument, NULL, 'b' }, .option = { "blocksize", required_argument, NULL, 'b' },
@@ -162,7 +169,7 @@ static struct util_opt opt_vec[] = { @@ -162,7 +169,7 @@
.desc = "Show a progressbar", .desc = "Show a progressbar",
}, },
{ {
@ -94,7 +89,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
.desc = "Show progress in percent", .desc = "Show progress in percent",
}, },
UTIL_OPT_SECTION("MISC"), UTIL_OPT_SECTION("MISC"),
@@ -311,7 +318,7 @@ static void draw_progress(int cyl, unsig @@ -311,7 +318,7 @@
} }
if (g.print_hashmarks && (cyl / g.hashstep - hashcount) != 0) { if (g.print_hashmarks && (cyl / g.hashstep - hashcount) != 0) {
@ -103,7 +98,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
fflush(stdout); fflush(stdout);
hashcount++; hashcount++;
} }
@@ -1573,7 +1580,11 @@ int main(int argc, char *argv[]) @@ -1560,7 +1567,11 @@
char *reqsize_param_str = NULL; char *reqsize_param_str = NULL;
char *hashstep_str = NULL; char *hashstep_str = NULL;
@ -116,7 +111,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
/* Establish a handler for interrupt signals. */ /* Establish a handler for interrupt signals. */
signal(SIGTERM, program_interrupt_signal); signal(SIGTERM, program_interrupt_signal);
@@ -1636,7 +1647,7 @@ int main(int argc, char *argv[]) @@ -1623,7 +1634,7 @@
g.print_hashmarks = 1; g.print_hashmarks = 1;
} }
break; break;
@ -125,7 +120,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
if (!(g.print_hashmarks || g.print_progressbar)) if (!(g.print_hashmarks || g.print_progressbar))
g.print_percentage = 1; g.print_percentage = 1;
break; break;
@@ -1695,6 +1706,9 @@ int main(int argc, char *argv[]) @@ -1682,6 +1693,9 @@
case OPT_NODISCARD: case OPT_NODISCARD:
g.no_discard = 1; g.no_discard = 1;
break; break;
@ -135,7 +130,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
case OPT_CHECK: case OPT_CHECK:
g.check = 1; g.check = 1;
break; break;
@@ -1746,15 +1760,35 @@ int main(int argc, char *argv[]) @@ -1733,15 +1747,35 @@
if (numdev > 1 && g.labelspec) if (numdev > 1 && g.labelspec)
error("Specifying a volser to be written doesn't make sense when formatting multiple DASD volumes."); error("Specifying a volser to be written doesn't make sense when formatting multiple DASD volumes.");

View File

@ -7,25 +7,22 @@ Implement an option '-Y' to suppress most output.
Signed-off-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Hannes Reinecke <hare@suse.com>
--- ---
dasdfmt/dasdfmt.8 | 7 ++++++- dasdfmt/dasdfmt.8 | 7 ++++-
dasdfmt/dasdfmt.c | 27 ++++++++++++++++++++------- dasdfmt/dasdfmt.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++------
dasdfmt/dasdfmt.h | 1 + 2 files changed, 72 insertions(+), 8 deletions(-)
3 files changed, 27 insertions(+), 8 deletions(-)
Index: s390-tools-2.30.0/dasdfmt/dasdfmt.8 --- a/dasdfmt/dasdfmt.8
=================================================================== +++ b/dasdfmt/dasdfmt.8
--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.8
+++ s390-tools-2.30.0/dasdfmt/dasdfmt.8
@@ -7,7 +7,7 @@ @@ -7,7 +7,7 @@
dasdfmt \- formatting of DASD (ECKD) disk drives. dasdfmt \- formatting of DASD (ECKD) disk drives.
.SH SYNOPSIS .SH SYNOPSIS
-\fBdasdfmt\fR [-h] [-t] [-v] [-y] [-p] [-Q] [-P] [-m \fIstep\fR] -\fBdasdfmt\fR [\-h] [\-t] [\-v] [\-y] [\-p] [\-Q] [\-P] [\-m \fIstep\fR]
+\fBdasdfmt\fR [-h] [-t] [-v] [-y] [-p] [-Q] [-P] [-Y] [-m \fIstep\fR] +\fBdasdfmt\fR [\-h] [\-t] [\-v] [\-y] [\-p] [\-Q] [\-P] [\-Y] [\-m \fIstep\fR]
.br .br
[-r \fIcylinder\fR] [-b \fIblksize\fR] [-l \fIvolser\fR] [-d \fIlayout\fR] [\-r \fIcylinder\fR] [\-b \fIblksize\fR] [\-l \fIvolser\fR] [\-d \fIlayout\fR]
.br .br
@@ -113,6 +113,11 @@ The value will be at least as big as the @@ -112,6 +112,11 @@
.br .br
.TP .TP
@ -34,14 +31,12 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.8
+.br +.br
+ +
+.TP +.TP
\fB-M\fR \fImode\fR or \fB--mode\fR=\fImode\fR \fB\-M\fR \fImode\fR or \fB\-\-mode\fR=\fImode\fR
Specify the \fImode\fR to be used to format the device. Valid modes are: Specify the \fImode\fR to be used to format the device. Valid modes are:
.RS .RS
Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c --- a/dasdfmt/dasdfmt.c
=================================================================== +++ b/dasdfmt/dasdfmt.c
--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.c @@ -83,6 +83,7 @@
+++ s390-tools-2.30.0/dasdfmt/dasdfmt.c
@@ -83,6 +83,7 @@ static struct dasdfmt_globals {
int ese; int ese;
int no_discard; int no_discard;
int procnum; int procnum;
@ -49,7 +44,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
} g = { } g = {
.dasd_info = { 0 }, .dasd_info = { 0 },
}; };
@@ -172,6 +173,10 @@ static struct util_opt opt_vec[] = { @@ -172,6 +173,10 @@
.option = { "percentage", no_argument, NULL, 'Q' }, .option = { "percentage", no_argument, NULL, 'Q' },
.desc = "Show progress in percent", .desc = "Show progress in percent",
}, },
@ -60,7 +55,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
UTIL_OPT_SECTION("MISC"), UTIL_OPT_SECTION("MISC"),
{ {
.option = { "check_host_count", no_argument, NULL, 'C' }, .option = { "check_host_count", no_argument, NULL, 'C' },
@@ -318,7 +323,9 @@ static void draw_progress(int cyl, unsig @@ -318,7 +323,9 @@
} }
if (g.print_hashmarks && (cyl / g.hashstep - hashcount) != 0) { if (g.print_hashmarks && (cyl / g.hashstep - hashcount) != 0) {
@ -71,7 +66,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
fflush(stdout); fflush(stdout);
hashcount++; hashcount++;
} }
@@ -392,7 +399,7 @@ static void evaluate_format_error(format @@ -392,7 +399,7 @@
unsigned int kl = 0; unsigned int kl = 0;
int blksize = cdata->expect.blksize; int blksize = cdata->expect.blksize;
@ -80,7 +75,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
printf("\n"); printf("\n");
/* /*
@@ -780,8 +787,9 @@ static void check_hashmarks(void) @@ -780,8 +787,9 @@
g.hashstep = 10; g.hashstep = 10;
} }
@ -92,7 +87,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
} }
} }
@@ -1475,17 +1483,19 @@ static void do_format_dasd(volume_label_ @@ -1462,17 +1470,19 @@
break; break;
} }
@ -115,7 +110,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
printf("ok\n"); printf("ok\n");
} }
} }
@@ -1561,6 +1571,7 @@ void process_dasd(volume_label_t *orig_v @@ -1548,6 +1558,7 @@
error("%s", str); error("%s", str);
set_geo(&cylinders, &heads); set_geo(&cylinders, &heads);
@ -123,7 +118,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
set_label(&vlabel, &format_params, cylinders); set_label(&vlabel, &format_params, cylinders);
if (g.check) if (g.check)
@@ -1570,6 +1581,29 @@ void process_dasd(volume_label_t *orig_v @@ -1557,6 +1568,29 @@
} }
@ -153,7 +148,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
int main(int argc, char *argv[]) int main(int argc, char *argv[])
{ {
volume_label_t vlabel; volume_label_t vlabel;
@@ -1706,6 +1740,10 @@ int main(int argc, char *argv[]) @@ -1693,6 +1727,10 @@
case OPT_NODISCARD: case OPT_NODISCARD:
g.no_discard = 1; g.no_discard = 1;
break; break;
@ -164,7 +159,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
case 'P': case 'P':
max_parallel = atoi(optarg); max_parallel = atoi(optarg);
break; break;
@@ -1741,6 +1779,21 @@ int main(int argc, char *argv[]) @@ -1728,6 +1766,21 @@
reqsize = DEFAULT_REQUESTSIZE; reqsize = DEFAULT_REQUESTSIZE;
} }
@ -186,7 +181,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
if (g.print_hashmarks) if (g.print_hashmarks)
PARSE_PARAM_INTO(g.hashstep, hashstep_str, 10, "hashstep"); PARSE_PARAM_INTO(g.hashstep, hashstep_str, 10, "hashstep");
@@ -1760,6 +1813,12 @@ int main(int argc, char *argv[]) @@ -1747,6 +1800,12 @@
if (numdev > 1 && g.labelspec) if (numdev > 1 && g.labelspec)
error("Specifying a volser to be written doesn't make sense when formatting multiple DASD volumes."); error("Specifying a volser to be written doesn't make sense when formatting multiple DASD volumes.");

View File

@ -9,39 +9,34 @@ version of YaST we should accept this option, too.
Signed-off-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Hannes Reinecke <hare@suse.com>
--- ---
dasdfmt/dasdfmt.8 | 6 +++++- dasdfmt/dasdfmt.8 | 5 ++++-
dasdfmt/dasdfmt.c | 8 ++++++++ dasdfmt/dasdfmt.c | 10 ++++++++++
2 files changed, 13 insertions(+), 1 deletion(-) 2 files changed, 14 insertions(+), 1 deletion(-)
Index: s390-tools-2.30.0/dasdfmt/dasdfmt.8 --- a/dasdfmt/dasdfmt.8
=================================================================== +++ b/dasdfmt/dasdfmt.8
--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.8 @@ -11,7 +11,7 @@
+++ s390-tools-2.30.0/dasdfmt/dasdfmt.8
@@ -11,7 +11,7 @@ dasdfmt \- formatting of DASD (ECKD) dis
.br .br
[-r \fIcylinder\fR] [-b \fIblksize\fR] [-l \fIvolser\fR] [-d \fIlayout\fR] [\-r \fIcylinder\fR] [\-b \fIblksize\fR] [\-l \fIvolser\fR] [\-d \fIlayout\fR]
.br .br
- [-L] [-V] [-F] [-k] [-C] [-M \fImode\fR] \fIdevice\fR [\fIdevice\fR] - [\-L] [\-V] [\-F] [\-k] [\-C] [\-M \fImode\fR] \fIdevice\fR [\fIdevice\fR]
+ [-L] [-V] [-F] [-k] [-C] [-M \fImode\fR] [-f \fIdevice\fR] [\fIdevice\fR] + [\-L] [\-V] [\-F] [\-k] [\-C] [\-M \fImode\fR] [-f \fIdevice\fR] [\fIdevice\fR]
.SH DESCRIPTION .SH DESCRIPTION
\fBdasdfmt\fR formats one or several DASD (ECKD) disk drive to prepare it \fBdasdfmt\fR formats one or several DASD (ECKD) disk drive(s) to prepare them
@@ -42,6 +42,10 @@ out, what it \fBwould\fR do. @@ -39,6 +39,9 @@
Increases verbosity.
.TP .TP
\fB\-v\fR
Increases verbosity.
+.TP
+\fB-f\fR \fIdevice\fR or \fB--device\fR=\fIdevice\fR +\fB-f\fR \fIdevice\fR or \fB--device\fR=\fIdevice\fR
+Specify device to format. For backwards compability only. +Specify device to format. For backwards compability only.
+
+.TP
\fB-y\fR
Start formatting without further user-confirmation.
Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c .TP
=================================================================== \fB\-y\fR
--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.c --- a/dasdfmt/dasdfmt.c
+++ s390-tools-2.30.0/dasdfmt/dasdfmt.c +++ b/dasdfmt/dasdfmt.c
@@ -113,6 +113,10 @@ static struct util_opt opt_vec[] = { @@ -113,6 +113,10 @@
.desc = "Format devices in parallel", .desc = "Format devices in parallel",
.flags = UTIL_OPT_FLAG_NOLONG, .flags = UTIL_OPT_FLAG_NOLONG,
}, },
@ -52,7 +47,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
UTIL_OPT_SECTION("FORMAT OPTIONS"), UTIL_OPT_SECTION("FORMAT OPTIONS"),
{ {
.option = { "blocksize", required_argument, NULL, 'b' }, .option = { "blocksize", required_argument, NULL, 'b' },
@@ -1662,6 +1666,12 @@ int main(int argc, char *argv[]) @@ -1649,6 +1653,12 @@
} }
g.layout_specified = 1; g.layout_specified = 1;
break; break;

View File

@ -16,14 +16,12 @@ References: bsc#937340
Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Hannes Reinecke <hare@suse.de>
--- ---
dasdfmt/dasdfmt.c | 21 ++++++++++++++++++--- dasdfmt/dasdfmt.c | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 3 deletions(-) 1 file changed, 18 insertions(+), 1 deletion(-)
Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c --- a/dasdfmt/dasdfmt.c
=================================================================== +++ b/dasdfmt/dasdfmt.c
--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.c @@ -621,7 +621,7 @@
+++ s390-tools-2.30.0/dasdfmt/dasdfmt.c
@@ -621,7 +621,7 @@ static void check_layout(unsigned int in
*/ */
static void check_disk(void) static void check_disk(void)
{ {
@ -32,7 +30,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
bool ro; bool ro;
err = dasd_is_ro(g.dev_node, &ro); err = dasd_is_ro(g.dev_node, &ro);
@@ -631,6 +631,23 @@ static void check_disk(void) @@ -631,6 +631,23 @@
if (ro) if (ro)
error("Disk %s is read only!", g.dev_path); error("Disk %s is read only!", g.dev_path);
if (!g.force) { if (!g.force) {

View File

@ -1,286 +0,0 @@
Index: s390-tools-service/rust/pv/src/verify.rs
===================================================================
--- s390-tools-service.orig/rust/pv/src/verify.rs
+++ s390-tools-service/rust/pv/src/verify.rs
@@ -3,10 +3,11 @@
// Copyright IBM Corp. 2023
use core::slice;
-use log::debug;
+use log::{debug, trace};
+use openssl::error::ErrorStack;
use openssl::stack::Stack;
use openssl::x509::store::X509Store;
-use openssl::x509::{CrlStatus, X509Ref, X509StoreContext, X509};
+use openssl::x509::{CrlStatus, X509NameRef, X509Ref, X509StoreContext, X509StoreContextRef, X509};
use openssl_extensions::crl::StackableX509Crl;
use openssl_extensions::crl::X509StoreContextExtension;
@@ -82,8 +83,8 @@ impl HkdVerifier for CertVerifier {
if verified_crls.is_empty() {
bail_hkd_verify!(NoCrl);
}
- for crl in &verified_crls {
- match crl.get_by_cert(&hkd.to_owned()) {
+ for crl in verified_crls {
+ match crl.get_by_serial(hkd.serial_number()) {
CrlStatus::NotRevoked => (),
_ => bail_hkd_verify!(HdkRevoked),
}
@@ -94,21 +95,54 @@ impl HkdVerifier for CertVerifier {
}
impl CertVerifier {
+ fn quirk_crls(
+ ctx: &mut X509StoreContextRef,
+ subject: &X509NameRef,
+ ) -> Result<Stack<StackableX509Crl>, ErrorStack> {
+ match ctx.crls(subject) {
+ Ok(ret) if !ret.is_empty() => return Ok(ret),
+ _ => (),
+ }
+
+ // Armonk/Poughkeepsie fixup
+ trace!("quirk_crls: Try Locality");
+ if let Some(locality_subject) = helper::armonk_locality_fixup(subject) {
+ match ctx.crls(&locality_subject) {
+ Ok(ret) if !ret.is_empty() => return Ok(ret),
+ _ => (),
+ }
+
+ // reorder
+ trace!("quirk_crls: Try Locality+Reorder");
+ if let Ok(locality_ordered_subject) = helper::reorder_x509_names(&locality_subject) {
+ match ctx.crls(&locality_ordered_subject) {
+ Ok(ret) if !ret.is_empty() => return Ok(ret),
+ _ => (),
+ }
+ }
+ }
+
+ // reorder unchanged loaciliy subject
+ trace!("quirk_crls: Try Reorder");
+ if let Ok(ordered_subject) = helper::reorder_x509_names(subject) {
+ match ctx.crls(&ordered_subject) {
+ Ok(ret) if !ret.is_empty() => return Ok(ret),
+ _ => (),
+ }
+ }
+ // nothing found, return empty stack
+ Stack::new()
+ }
+
///Download the CLRs that a HKD refers to.
pub fn hkd_crls(&self, hkd: &X509Ref) -> Result<Stack<StackableX509Crl>> {
let mut ctx = X509StoreContext::new()?;
// Unfortunately we cannot use a dedicated function here and have to use a closure (E0434)
// Otherwise, we cannot refer to self
+ // Search for local CRLs
let mut crls = ctx.init_opt(&self.store, None, None, |ctx| {
let subject = self.ibm_z_sign_key.subject_name();
- match ctx.crls(subject) {
- Ok(crls) => Ok(crls),
- _ => {
- // reorder the name and try again
- let broken_subj = helper::reorder_x509_names(subject)?;
- ctx.crls(&broken_subj).or_else(helper::stack_err_hlp)
- }
- }
+ Self::quirk_crls(ctx, subject)
})?;
if !self.offline {
Index: s390-tools-service/rust/pv/src/verify/helper.rs
===================================================================
--- s390-tools-service.orig/rust/pv/src/verify/helper.rs
+++ s390-tools-service/rust/pv/src/verify/helper.rs
@@ -13,7 +13,7 @@ use openssl::{
error::ErrorStack,
nid::Nid,
ssl::SslFiletype,
- stack::{Stack, Stackable},
+ stack::Stack,
x509::{
store::{File, X509Lookup, X509StoreBuilder, X509StoreBuilderRef, X509StoreRef},
verify::{X509VerifyFlags, X509VerifyParam},
@@ -25,6 +25,7 @@ use openssl_extensions::{
akid::{AkidCheckResult, AkidExtension},
crl::X509StoreExtension,
};
+use std::str::from_utf8;
use std::{cmp::Ordering, ffi::c_int, time::Duration, usize};
/// Minimum security level for the keys/certificates used to establish a chain of
@@ -39,7 +40,6 @@ const SECURITY_CHAIN_MAX_LEN: c_int = 2;
/// verifies that the HKD
/// * has enough security bits
/// * is inside its validity period
-/// * issuer name is the subject name of the [`sign_key`]
/// * the Authority Key ID matches the Signing Key ID of the [`sign_key`]
pub fn verify_hkd_options(hkd: &X509Ref, sign_key: &X509Ref) -> Result<()> {
let hk_pkey = hkd.public_key()?;
@@ -53,9 +53,6 @@ pub fn verify_hkd_options(hkd: &X509Ref,
// verify that the hkd is still valid
check_validity_period(hkd.not_before(), hkd.not_after())?;
- // check if hkd.issuer_name == issuer.subject
- check_x509_name_equal(sign_key.subject_name(), hkd.issuer_name())?;
-
// verify that the AKID of the hkd matches the SKID of the issuer
if let Some(akid) = hkd.akid() {
if akid.check(sign_key) != AkidCheckResult::OK {
@@ -75,9 +72,6 @@ pub fn verify_crl(crl: &X509CrlRef, issu
return None;
}
}
-
- check_x509_name_equal(crl.issuer_name(), issuer.subject_name()).ok()?;
-
match crl.verify(issuer.public_key().ok()?.as_ref()).ok()? {
true => Some(()),
false => None,
@@ -207,7 +201,8 @@ pub fn download_crls_into_store(store: &
//Asn1StringRef::as_slice aka ASN1_STRING_get0_data gives a string without \0 delimiter
const IBM_Z_COMMON_NAME: &[u8; 43usize] = b"International Business Machines Corporation";
const IBM_Z_COUNTRY_NAME: &[u8; 2usize] = b"US";
-const IBM_Z_LOCALITY_NAME: &[u8; 12usize] = b"Poughkeepsie";
+const IBM_Z_LOCALITY_NAME_POUGHKEEPSIE: &[u8; 12usize] = b"Poughkeepsie";
+const IBM_Z_LOCALITY_NAME_ARMONK: &[u8; 6usize] = b"Armonk";
const IBM_Z_ORGANIZATIONAL_UNIT_NAME_SUFFIX: &str = "Key Signing Service";
const IBM_Z_ORGANIZATION_NAME: &[u8; 43usize] = b"International Business Machines Corporation";
const IBM_Z_STATE: &[u8; 8usize] = b"New York";
@@ -226,7 +221,8 @@ fn is_ibm_signing_cert(cert: &X509) -> b
if subj.entries().count() != IMB_Z_ENTRY_COUNT
|| !name_data_eq(subj, Nid::COUNTRYNAME, IBM_Z_COUNTRY_NAME)
|| !name_data_eq(subj, Nid::STATEORPROVINCENAME, IBM_Z_STATE)
- || !name_data_eq(subj, Nid::LOCALITYNAME, IBM_Z_LOCALITY_NAME)
+ || !(name_data_eq(subj, Nid::LOCALITYNAME, IBM_Z_LOCALITY_NAME_POUGHKEEPSIE)
+ || name_data_eq(subj, Nid::LOCALITYNAME, IBM_Z_LOCALITY_NAME_ARMONK))
|| !name_data_eq(subj, Nid::ORGANIZATIONNAME, IBM_Z_ORGANIZATION_NAME)
|| !name_data_eq(subj, Nid::COMMONNAME, IBM_Z_COMMON_NAME)
{
@@ -367,24 +363,6 @@ fn check_validity_period(not_before: &As
}
}
-fn check_x509_name_equal(lhs: &X509NameRef, rhs: &X509NameRef) -> Result<()> {
- if lhs.entries().count() != rhs.entries().count() {
- bail_hkd_verify!(IssuerMismatch);
- }
-
- for l in lhs.entries() {
- // search for the matching value in the rhs names
- // found none? -> names are not equal
- if !rhs
- .entries()
- .any(|r| l.data().as_slice() == r.data().as_slice())
- {
- bail_hkd_verify!(IssuerMismatch);
- }
- }
- Ok(())
-}
-
const NIDS_CORRECT_ORDER: [Nid; 6] = [
Nid::COUNTRYNAME,
Nid::ORGANIZATIONNAME,
@@ -407,13 +385,28 @@ pub fn reorder_x509_names(subject: &X509
Ok(correct_subj.build())
}
-pub fn stack_err_hlp<T: Stackable>(
- e: ErrorStack,
-) -> std::result::Result<Stack<T>, openssl::error::ErrorStack> {
- match e.errors().len() {
- 0 => Stack::<T>::new(),
- _ => Err(e),
+/**
+* Workaround for potential locality mismatches between CRLs and Certs
+* # Return
+* fixed subject or none if locality was not Armonk or any OpenSSL error
+*/
+pub fn armonk_locality_fixup(subject: &X509NameRef) -> Option<X509Name> {
+ if !name_data_eq(subject, Nid::LOCALITYNAME, IBM_Z_LOCALITY_NAME_ARMONK) {
+ return None;
+ }
+
+ let mut ret = X509Name::builder().ok()?;
+ for entry in subject.entries() {
+ match entry.object().nid() {
+ nid @ Nid::LOCALITYNAME => ret
+ .append_entry_by_nid(nid, from_utf8(IBM_Z_LOCALITY_NAME_POUGHKEEPSIE).ok()?)
+ .ok()?,
+ _ => {
+ ret.append_entry(entry).ok()?;
+ }
+ }
}
+ Some(ret.build())
}
#[cfg(test)]
@@ -451,20 +444,6 @@ mod test {
));
}
- #[test]
- fn x509_name_equal() {
- let sign_crt = load_gen_cert("ibm.crt");
- let hkd = load_gen_cert("host.crt");
- let other = load_gen_cert("inter_ca.crt");
-
- assert!(super::check_x509_name_equal(sign_crt.subject_name(), hkd.issuer_name()).is_ok(),);
-
- assert!(matches!(
- super::check_x509_name_equal(other.subject_name(), hkd.subject_name()),
- Err(Error::HkdVerify(IssuerMismatch))
- ));
- }
-
#[test]
fn is_ibm_z_sign_key() {
let ibm_crt = load_gen_cert("ibm.crt");
Index: s390-tools-service/rust/pv/src/verify/test.rs
===================================================================
--- s390-tools-service.orig/rust/pv/src/verify/test.rs
+++ s390-tools-service/rust/pv/src/verify/test.rs
@@ -84,7 +84,6 @@ fn verify_online() {
let inter_crt = get_cert_asset_path_string("inter_ca.crt");
let ibm_crt = get_cert_asset_path_string("ibm.crt");
let hkd_revoked = load_gen_cert("host_rev.crt");
- let hkd_inv = load_gen_cert("host_invalid_signing_key.crt");
let hkd_exp = load_gen_cert("host_crt_expired.crt");
let hkd = load_gen_cert("host.crt");
@@ -112,11 +111,6 @@ fn verify_online() {
));
assert!(matches!(
- verifier.verify(&hkd_inv),
- Err(Error::HkdVerify(IssuerMismatch))
- ));
-
- assert!(matches!(
verifier.verify(&hkd_exp),
Err(Error::HkdVerify(AfterValidity))
));
@@ -130,7 +124,6 @@ fn verify_offline() {
let ibm_crt = get_cert_asset_path_string("ibm.crt");
let ibm_crl = get_cert_asset_path_string("ibm.crl");
let hkd_revoked = load_gen_cert("host_rev.crt");
- let hkd_inv = load_gen_cert("host_invalid_signing_key.crt");
let hkd_exp = load_gen_cert("host_crt_expired.crt");
let hkd = load_gen_cert("host.crt");
@@ -149,11 +142,6 @@ fn verify_offline() {
));
assert!(matches!(
- verifier.verify(&hkd_inv),
- Err(Error::HkdVerify(IssuerMismatch))
- ));
-
- assert!(matches!(
verifier.verify(&hkd_exp),
Err(Error::HkdVerify(AfterValidity))
));

View File

@ -1,8 +1,10 @@
Index: s390-tools-2.30.0/common.mak ---
=================================================================== common.mak | 4 ++--
--- s390-tools-2.30.0.orig/common.mak 1 file changed, 2 insertions(+), 2 deletions(-)
+++ s390-tools-2.30.0/common.mak
@@ -338,8 +338,8 @@ export INSTALL CFLAGS CXXFLAGS \ --- a/common.mak
+++ b/common.mak
@@ -338,8 +338,8 @@
LDFLAGS CPPFLAGS ALL_CFLAGS ALL_CXXFLAGS ALL_LDFLAGS ALL_CPPFLAGS LDFLAGS CPPFLAGS ALL_CFLAGS ALL_CXXFLAGS ALL_LDFLAGS ALL_CPPFLAGS
ifneq ($(shell $(CC_SILENT) -dumpspecs 2>/dev/null | grep -e '[^f]no-pie'),) ifneq ($(shell $(CC_SILENT) -dumpspecs 2>/dev/null | grep -e '[^f]no-pie'),)

View File

@ -1,304 +0,0 @@
Index: s390-tools-service/genprotimg/src/include/pv_crypto_def.h
===================================================================
--- s390-tools-service.orig/genprotimg/src/include/pv_crypto_def.h
+++ s390-tools-service/genprotimg/src/include/pv_crypto_def.h
@@ -17,7 +17,8 @@
/* IBM signing key subject */
#define PV_IBM_Z_SUBJECT_COMMON_NAME "International Business Machines Corporation"
#define PV_IBM_Z_SUBJECT_COUNTRY_NAME "US"
-#define PV_IBM_Z_SUBJECT_LOCALITY_NAME "Poughkeepsie"
+#define PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE "Poughkeepsie"
+#define PV_IBM_Z_SUBJECT_LOCALITY_NAME_ARMONK "Armonk"
#define PV_IBM_Z_SUBJECT_ORGANIZATIONONAL_UNIT_NAME_SUFFIX "Key Signing Service"
#define PV_IBM_Z_SUBJECT_ORGANIZATION_NAME "International Business Machines Corporation"
#define PV_IBM_Z_SUBJECT_STATE "New York"
Index: s390-tools-service/genprotimg/src/utils/crypto.c
===================================================================
--- s390-tools-service.orig/genprotimg/src/utils/crypto.c
+++ s390-tools-service/genprotimg/src/utils/crypto.c
@@ -664,62 +664,9 @@ static gboolean x509_name_data_by_nid_eq
return memcmp(data, y, data_len) == 0;
}
-static gboolean own_X509_NAME_ENTRY_equal(const X509_NAME_ENTRY *x,
- const X509_NAME_ENTRY *y)
-{
- const ASN1_OBJECT *x_obj = X509_NAME_ENTRY_get_object(x);
- const ASN1_STRING *x_data = X509_NAME_ENTRY_get_data(x);
- const ASN1_OBJECT *y_obj = X509_NAME_ENTRY_get_object(y);
- const ASN1_STRING *y_data = X509_NAME_ENTRY_get_data(y);
- gint x_len = ASN1_STRING_length(x_data);
- gint y_len = ASN1_STRING_length(y_data);
-
- if (x_len < 0 || x_len != y_len)
- return FALSE;
-
- /* ASN1_STRING_cmp(x_data, y_data) == 0 doesn't work because it also
- * compares the type, which is sometimes different.
- */
- return OBJ_cmp(x_obj, y_obj) == 0 &&
- memcmp(ASN1_STRING_get0_data(x_data),
- ASN1_STRING_get0_data(y_data),
- (unsigned long)x_len) == 0;
-}
-
-static gboolean own_X509_NAME_equal(const X509_NAME *x, const X509_NAME *y)
-{
- gint x_count = X509_NAME_entry_count(x);
- gint y_count = X509_NAME_entry_count(y);
-
- if (x != y && (!x || !y))
- return FALSE;
-
- if (x_count != y_count)
- return FALSE;
-
- for (gint i = 0; i < x_count; i++) {
- const X509_NAME_ENTRY *entry_i = X509_NAME_get_entry(x, i);
- gboolean entry_found = FALSE;
-
- for (gint j = 0; j < y_count; j++) {
- const X509_NAME_ENTRY *entry_j =
- X509_NAME_get_entry(y, j);
-
- if (own_X509_NAME_ENTRY_equal(entry_i, entry_j)) {
- entry_found = TRUE;
- break;
- }
- }
-
- if (!entry_found)
- return FALSE;
- }
- return TRUE;
-}
-
/* Checks whether the subject of @cert is a IBM signing key subject. For this we
* must check that the subject is equal to: 'C = US, ST = New York, L =
- * Poughkeepsie, O = International Business Machines Corporation, CN =
+ * Poughkeepsie or Armonk, O = International Business Machines Corporation, CN =
* International Business Machines Corporation' and the organization unit (OUT)
* must end with the suffix ' Key Signing Service'.
*/
@@ -743,8 +690,10 @@ static gboolean has_ibm_signing_subject(
PV_IBM_Z_SUBJECT_STATE))
return FALSE;
- if (!x509_name_data_by_nid_equal(subject, NID_localityName,
- PV_IBM_Z_SUBJECT_LOCALITY_NAME))
+ if (!(x509_name_data_by_nid_equal(subject, NID_localityName,
+ PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE) ||
+ x509_name_data_by_nid_equal(subject, NID_localityName,
+ PV_IBM_Z_SUBJECT_LOCALITY_NAME_ARMONK)))
return FALSE;
if (!x509_name_data_by_nid_equal(subject, NID_organizationName,
@@ -806,6 +755,39 @@ static X509_NAME *x509_name_reorder_attr
return g_steal_pointer(&ret);
}
+/** Replace locality 'Armonk' with 'Pougkeepsie'. If Armonk was not set return
+ * `NULL`.
+ */
+static X509_NAME *x509_armonk_locality_fixup(const X509_NAME *name)
+{
+ g_autoptr(X509_NAME) ret = NULL;
+ int pos;
+
+ /* Check if ``L=Armonk`` */
+ if (!x509_name_data_by_nid_equal((X509_NAME *)name, NID_localityName,
+ PV_IBM_Z_SUBJECT_LOCALITY_NAME_ARMONK))
+ return NULL;
+
+ ret = X509_NAME_dup(name);
+ if (!ret)
+ g_abort();
+
+ pos = X509_NAME_get_index_by_NID(ret, NID_localityName, -1);
+ if (pos == -1)
+ return NULL;
+
+ X509_NAME_ENTRY_free(X509_NAME_delete_entry(ret, pos));
+
+ /* Create a new name entry at the same position as before */
+ if (X509_NAME_add_entry_by_NID(
+ ret, NID_localityName, MBSTRING_UTF8,
+ (const unsigned char *)&PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE,
+ sizeof(PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE) - 1, pos, 0) != 1)
+ return NULL;
+
+ return g_steal_pointer(&ret);
+}
+
/* In RFC 5280 the attributes of a (subject/issuer) name is not mandatory
* ordered. The problem is that our certificates are not consistent in the order
* (see https://tools.ietf.org/html/rfc5280#section-4.1.2.4 for details).
@@ -828,24 +810,10 @@ X509_NAME *c2b_name(const X509_NAME *nam
return X509_NAME_dup((X509_NAME *)name);
}
-/* Verify that: subject(issuer) == issuer(crl) and SKID(issuer) == AKID(crl) */
+/* Verify that SKID(issuer) == AKID(crl) if available */
static gint check_crl_issuer(X509_CRL *crl, X509 *issuer, GError **err)
{
- const X509_NAME *crl_issuer = X509_CRL_get_issuer(crl);
- const X509_NAME *issuer_subject = X509_get_subject_name(issuer);
- AUTHORITY_KEYID *akid = NULL;
-
- if (!own_X509_NAME_equal(issuer_subject, crl_issuer)) {
- g_autofree char *issuer_subject_str = X509_NAME_oneline(issuer_subject,
- NULL, 0);
- g_autofree char *crl_issuer_str = X509_NAME_oneline(crl_issuer, NULL, 0);
-
- g_set_error(err, PV_CRYPTO_ERROR,
- PV_CRYPTO_ERROR_CRL_SUBJECT_ISSUER_MISMATCH,
- _("issuer mismatch:\n%s\n%s"),
- issuer_subject_str, crl_issuer_str);
- return -1;
- }
+ g_autoptr(AUTHORITY_KEYID) akid = NULL;
/* If AKID(@crl) is specified it must match with SKID(@issuer) */
akid = X509_CRL_get_ext_d2i(crl, NID_authority_key_identifier, NULL, NULL);
@@ -881,7 +849,6 @@ gint check_crl_valid_for_cert(X509_CRL *
return -1;
}
- /* check that the @crl issuer matches with the subject name of @cert*/
if (check_crl_issuer(crl, cert, err) < 0)
return -1;
@@ -910,6 +877,60 @@ gint check_crl_valid_for_cert(X509_CRL *
return 0;
}
+/* This function contains work-arounds for some known subject(CRT)<->issuer(CRL)
+ * issues.
+ */
+static STACK_OF_X509_CRL *quirk_X509_STORE_ctx_get1_crls(X509_STORE_CTX *ctx,
+ const X509_NAME *subject, GError **err)
+{
+ g_autoptr(X509_NAME) fixed_subject = NULL;
+ g_autoptr(STACK_OF_X509_CRL) ret = NULL;
+
+ ret = Pv_X509_STORE_CTX_get1_crls(ctx, subject);
+ if (ret && sk_X509_CRL_num(ret) > 0)
+ return g_steal_pointer(&ret);
+
+ /* Workaround to fix the mismatch between issuer name of the * IBM
+ * signing CRLs and the IBM signing key subject name. Locality name has
+ * changed from Poughkeepsie to Armonk.
+ */
+ fixed_subject = x509_armonk_locality_fixup(subject);
+ /* Was the locality replaced? */
+ if (fixed_subject) {
+ X509_NAME *tmp;
+
+ sk_X509_CRL_free(ret);
+ ret = Pv_X509_STORE_CTX_get1_crls(ctx, fixed_subject);
+ if (ret && sk_X509_CRL_num(ret) > 0)
+ return g_steal_pointer(&ret);
+
+ /* Workaround to fix the ordering mismatch between issuer name
+ * of the IBM signing CRLs and the IBM signing key subject name.
+ */
+ tmp = fixed_subject;
+ fixed_subject = c2b_name(fixed_subject);
+ X509_NAME_free(tmp);
+ sk_X509_CRL_free(ret);
+ ret = Pv_X509_STORE_CTX_get1_crls(ctx, fixed_subject);
+ if (ret && sk_X509_CRL_num(ret) > 0)
+ return g_steal_pointer(&ret);
+ X509_NAME_free(fixed_subject);
+ fixed_subject = NULL;
+ }
+
+ /* Workaround to fix the ordering mismatch between issuer name of the
+ * IBM signing CRLs and the IBM signing key subject name.
+ */
+ fixed_subject = c2b_name(subject);
+ sk_X509_CRL_free(ret);
+ ret = Pv_X509_STORE_CTX_get1_crls(ctx, fixed_subject);
+ if (ret && sk_X509_CRL_num(ret) > 0)
+ return g_steal_pointer(&ret);
+
+ g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_NO_CRL, _("no CRL found"));
+ return NULL;
+}
+
/* Given a certificate @cert try to find valid revocation lists in @ctx. If no
* valid CRL was found NULL is returned.
*/
@@ -927,20 +948,9 @@ STACK_OF_X509_CRL *store_ctx_find_valid_
return NULL;
}
- ret = X509_STORE_CTX_get1_crls(ctx, subject);
- if (!ret) {
- /* Workaround to fix the mismatch between issuer name of the
- * IBM Z signing CRLs and the IBM Z signing key subject name.
- */
- g_autoptr(X509_NAME) broken_subject = c2b_name(subject);
-
- ret = X509_STORE_CTX_get1_crls(ctx, broken_subject);
- if (!ret) {
- g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_NO_CRL,
- _("no CRL found"));
- return NULL;
- }
- }
+ ret = quirk_X509_STORE_ctx_get1_crls(ctx, subject, err);
+ if (!ret)
+ return NULL;
/* Filter out non-valid CRLs for @cert */
for (gint i = 0; i < sk_X509_CRL_num(ret); i++) {
@@ -1328,32 +1338,14 @@ gint check_chain_parameters(const STACK_
/* It's almost the same as X509_check_issed from OpenSSL does except that we
* don't check the key usage of the potential issuer. This means we check:
- * 1. issuer_name(cert) == subject_name(issuer)
- * 2. Check whether the akid(cert) (if available) matches the issuer skid
- * 3. Check that the cert algrithm matches the subject algorithm
- * 4. Verify the signature of certificate @cert is using the public key of
+ * 1. Check whether the akid(cert) (if available) matches the issuer skid
+ * 2. Check that the cert algrithm matches the subject algorithm
+ * 3. Verify the signature of certificate @cert is using the public key of
* @issuer.
*/
static gint check_host_key_issued(X509 *cert, X509 *issuer, GError **err)
{
- const X509_NAME *issuer_subject = X509_get_subject_name(issuer);
- const X509_NAME *cert_issuer = X509_get_issuer_name(cert);
- AUTHORITY_KEYID *akid = NULL;
-
- /* We cannot use X509_NAME_cmp() because it considers the order of the
- * X509_NAME_Entries.
- */
- if (!own_X509_NAME_equal(issuer_subject, cert_issuer)) {
- g_autofree char *issuer_subject_str =
- X509_NAME_oneline(issuer_subject, NULL, 0);
- g_autofree char *cert_issuer_str =
- X509_NAME_oneline(cert_issuer, NULL, 0);
- g_set_error(err, PV_CRYPTO_ERROR,
- PV_CRYPTO_ERROR_CERT_SUBJECT_ISSUER_MISMATCH,
- _("Subject issuer mismatch:\n'%s'\n'%s'"),
- issuer_subject_str, cert_issuer_str);
- return -1;
- }
+ g_autoptr(AUTHORITY_KEYID) akid = NULL;
akid = X509_get_ext_d2i(cert, NID_authority_key_identifier, NULL, NULL);
if (akid && X509_check_akid(issuer, akid) != X509_V_OK) {
Index: s390-tools-service/genprotimg/src/utils/crypto.h
===================================================================
--- s390-tools-service.orig/genprotimg/src/utils/crypto.h
+++ s390-tools-service/genprotimg/src/utils/crypto.h
@@ -75,6 +75,7 @@ void x509_pair_free(x509_pair *pair);
/* Register auto cleanup functions */
WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(ASN1_INTEGER, ASN1_INTEGER_free)
WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(ASN1_OCTET_STRING, ASN1_OCTET_STRING_free)
+WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(AUTHORITY_KEYID, AUTHORITY_KEYID_free)
WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(BIGNUM, BN_free)
WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(BIO, BIO_free_all)
WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(BN_CTX, BN_CTX_free)

View File

@ -1,224 +0,0 @@
Index: s390-tools-service/include/libpv/cert.h
===================================================================
--- s390-tools-service.orig/include/libpv/cert.h
+++ s390-tools-service/include/libpv/cert.h
@@ -16,7 +16,8 @@
#define PV_IBM_Z_SUBJECT_COMMON_NAME "International Business Machines Corporation"
#define PV_IBM_Z_SUBJECT_COUNTRY_NAME "US"
-#define PV_IBM_Z_SUBJECT_LOCALITY_NAME "Poughkeepsie"
+#define PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE "Poughkeepsie"
+#define PV_IBM_Z_SUBJECT_LOCALITY_NAME_ARMONK "Armonk"
#define PV_IBM_Z_SUBJECT_ORGANIZATIONAL_UNIT_NAME_SUFFIX "Key Signing Service"
#define PV_IBM_Z_SUBJECT_ORGANIZATION_NAME "International Business Machines Corporation"
#define PV_IBM_Z_SUBJECT_STATE "New York"
Index: s390-tools-service/libpv/cert.c
===================================================================
--- s390-tools-service.orig/libpv/cert.c
+++ s390-tools-service/libpv/cert.c
@@ -857,7 +857,7 @@ static gboolean x509_name_data_by_nid_eq
/* Checks whether the subject of @cert is a IBM signing key subject. For this we
* must check that the subject is equal to: 'C = US, ST = New York, L =
- * Poughkeepsie, O = International Business Machines Corporation, CN =
+ * Poughkeepsie or Armonk, O = International Business Machines Corporation, CN =
* International Business Machines Corporation' and the organization unit (OUT)
* must end with the suffix ' Key Signing Service'.
*/
@@ -879,7 +879,10 @@ static gboolean has_ibm_signing_subject(
if (!x509_name_data_by_nid_equal(subject, NID_stateOrProvinceName, PV_IBM_Z_SUBJECT_STATE))
return FALSE;
- if (!x509_name_data_by_nid_equal(subject, NID_localityName, PV_IBM_Z_SUBJECT_LOCALITY_NAME))
+ if (!(x509_name_data_by_nid_equal(subject, NID_localityName,
+ PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE) ||
+ x509_name_data_by_nid_equal(subject, NID_localityName,
+ PV_IBM_Z_SUBJECT_LOCALITY_NAME_ARMONK)))
return FALSE;
if (!x509_name_data_by_nid_equal(subject, NID_organizationName,
@@ -1085,10 +1088,9 @@ static int check_signature_algo_match(co
/* It's almost the same as X509_check_issed from OpenSSL does except that we
* don't check the key usage of the potential issuer. This means we check:
- * 1. issuer_name(cert) == subject_name(issuer)
- * 2. Check whether the akid(cert) (if available) matches the issuer skid
- * 3. Check that the cert algrithm matches the subject algorithm
- * 4. Verify the signature of certificate @cert is using the public key of
+ * 1. Check whether the akid(cert) (if available) matches the issuer skid
+ * 2. Check that the cert algrithm matches the subject algorithm
+ * 3. Verify the signature of certificate @cert is using the public key of
* @issuer.
*/
static int check_host_key_issued(X509 *cert, X509 *issuer, GError **error)
@@ -1097,19 +1099,6 @@ static int check_host_key_issued(X509 *c
const X509_NAME *cert_issuer = X509_get_issuer_name(cert);
g_autoptr(AUTHORITY_KEYID) akid = NULL;
- /* We cannot use X509_NAME_cmp() because it considers the order of the
- * X509_NAME_Entries.
- */
- if (!own_X509_NAME_equal(issuer_subject, cert_issuer)) {
- g_autofree char *issuer_subject_str = pv_X509_NAME_oneline(issuer_subject);
- g_autofree char *cert_issuer_str = pv_X509_NAME_oneline(cert_issuer);
-
- g_set_error(error, PV_CERT_ERROR, PV_CERT_ERROR_CERT_SUBJECT_ISSUER_MISMATCH,
- _("Subject issuer mismatch:\n'%s'\n'%s'"), issuer_subject_str,
- cert_issuer_str);
- return -1;
- }
-
akid = X509_get_ext_d2i(cert, NID_authority_key_identifier, NULL, NULL);
if (akid && X509_check_akid(issuer, akid) != X509_V_OK) {
g_set_error(error, PV_CERT_ERROR, PV_CERT_ERROR_SKID_AKID_MISMATCH,
@@ -1286,21 +1275,10 @@ int pv_verify_cert(X509_STORE_CTX *ctx,
return 0;
}
-/* Verify that: subject(issuer) == issuer(crl) and SKID(issuer) == AKID(crl) */
+/* Verify that SKID(issuer) == AKID(crl) */
static int check_crl_issuer(X509_CRL *crl, X509 *issuer, GError **error)
{
- const X509_NAME *crl_issuer = X509_CRL_get_issuer(crl);
- const X509_NAME *issuer_subject = X509_get_subject_name(issuer);
- AUTHORITY_KEYID *akid = NULL;
-
- if (!own_X509_NAME_equal(issuer_subject, crl_issuer)) {
- g_autofree char *issuer_subject_str = pv_X509_NAME_oneline(issuer_subject);
- g_autofree char *crl_issuer_str = pv_X509_NAME_oneline(crl_issuer);
-
- g_set_error(error, PV_CERT_ERROR, PV_CERT_ERROR_CRL_SUBJECT_ISSUER_MISMATCH,
- _("issuer mismatch:\n%s\n%s"), issuer_subject_str, crl_issuer_str);
- return -1;
- }
+ g_autoptr(AUTHORITY_KEYID) akid = NULL;
/* If AKID(@crl) is specified it must match with SKID(@issuer) */
akid = X509_CRL_get_ext_d2i(crl, NID_authority_key_identifier, NULL, NULL);
@@ -1325,7 +1303,6 @@ int pv_verify_crl(X509_CRL *crl, X509 *c
return -1;
}
- /* check that the @crl issuer matches with the subject name of @cert*/
if (check_crl_issuer(crl, cert, error) < 0)
return -1;
@@ -1393,6 +1370,93 @@ int pv_check_chain_parameters(const STAC
return 0;
}
+/** Replace locality 'Armonk' with 'Pougkeepsie'. If Armonk was not set return
+ * `NULL`.
+ */
+static X509_NAME *x509_armonk_locality_fixup(const X509_NAME *name)
+{
+ g_autoptr(X509_NAME) ret = NULL;
+ int pos;
+
+ /* Check if ``L=Armonk`` */
+ if (!x509_name_data_by_nid_equal((X509_NAME *)name, NID_localityName,
+ PV_IBM_Z_SUBJECT_LOCALITY_NAME_ARMONK))
+ return NULL;
+
+ ret = X509_NAME_dup(name);
+ if (!ret)
+ g_abort();
+
+ pos = X509_NAME_get_index_by_NID(ret, NID_localityName, -1);
+ if (pos == -1)
+ return NULL;
+
+ X509_NAME_ENTRY_free(X509_NAME_delete_entry(ret, pos));
+
+ /* Create a new name entry at the same position as before */
+ if (X509_NAME_add_entry_by_NID(
+ ret, NID_localityName, MBSTRING_UTF8,
+ (const unsigned char *)&PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE,
+ sizeof(PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE) - 1, pos, 0) != 1)
+ return NULL;
+
+ return g_steal_pointer(&ret);
+}
+
+/* This function contains work-arounds for some known subject(CRT)<->issuer(CRL)
+ * issues.
+ */
+static STACK_OF_X509_CRL *quirk_X509_STORE_ctx_get1_crls(X509_STORE_CTX *ctx,
+ const X509_NAME *subject, GError **err)
+{
+ g_autoptr(X509_NAME) fixed_subject = NULL;
+ g_autoptr(STACK_OF_X509_CRL) ret = NULL;
+
+ ret = pv_X509_STORE_CTX_get1_crls(ctx, subject);
+ if (ret && sk_X509_CRL_num(ret) > 0)
+ return g_steal_pointer(&ret);
+
+ /* Workaround to fix the mismatch between issuer name of the * IBM
+ * signing CRLs and the IBM signing key subject name. Locality name has
+ * changed from Poughkeepsie to Armonk.
+ */
+ fixed_subject = x509_armonk_locality_fixup(subject);
+ /* Was the locality replaced? */
+ if (fixed_subject) {
+ X509_NAME *tmp;
+
+ sk_X509_CRL_free(ret);
+ ret = pv_X509_STORE_CTX_get1_crls(ctx, fixed_subject);
+ if (ret && sk_X509_CRL_num(ret) > 0)
+ return g_steal_pointer(&ret);
+
+ /* Workaround to fix the ordering mismatch between issuer name
+ * of the IBM signing CRLs and the IBM signing key subject name.
+ */
+ tmp = fixed_subject;
+ fixed_subject = pv_c2b_name(fixed_subject);
+ X509_NAME_free(tmp);
+ sk_X509_CRL_free(ret);
+ ret = pv_X509_STORE_CTX_get1_crls(ctx, fixed_subject);
+ if (ret && sk_X509_CRL_num(ret) > 0)
+ return g_steal_pointer(&ret);
+ X509_NAME_free(fixed_subject);
+ fixed_subject = NULL;
+ }
+
+ /* Workaround to fix the ordering mismatch between issuer name of the
+ * IBM signing CRLs and the IBM signing key subject name.
+ */
+ fixed_subject = pv_c2b_name(subject);
+ sk_X509_CRL_free(ret);
+ ret = pv_X509_STORE_CTX_get1_crls(ctx, fixed_subject);
+ if (ret && sk_X509_CRL_num(ret) > 0)
+ return g_steal_pointer(&ret);
+
+ g_set_error(err, PV_CERT_ERROR, PV_CERT_ERROR_NO_CRL, _("no CRL found"));
+ return NULL;
+}
+
/* Given a certificate @cert try to find valid revocation lists in @ctx. If no
* valid CRL was found NULL is returned.
*/
@@ -1412,21 +1476,9 @@ STACK_OF_X509_CRL *pv_store_ctx_find_val
return NULL;
}
- ret = pv_X509_STORE_CTX_get1_crls(ctx, subject);
- if (!ret) {
- /* Workaround to fix the mismatch between issuer name of the
- * IBM Z signing CRLs and the IBM Z signing key subject name.
- */
- g_autoptr(X509_NAME) broken_subject = pv_c2b_name(subject);
-
- ret = pv_X509_STORE_CTX_get1_crls(ctx, broken_subject);
- if (!ret) {
- g_set_error(error, PV_CERT_ERROR, PV_CERT_ERROR_NO_CRL, _("no CRL found"));
- g_info("ERROR: %s", (*error)->message);
- return NULL;
- }
- }
-
+ ret = quirk_X509_STORE_ctx_get1_crls(ctx, subject, error);
+ if (!ret)
+ return NULL;
/* Filter out non-valid CRLs for @cert */
for (int i = 0; i < sk_X509_CRL_num(ret); i++) {
X509_CRL *crl = sk_X509_CRL_value(ret, i);

View File

@ -1,25 +0,0 @@
Index: s390-tools-service/pvattest/src/argparse.c
===================================================================
--- s390-tools-service.orig/pvattest/src/argparse.c
+++ s390-tools-service/pvattest/src/argparse.c
@@ -190,13 +190,13 @@ static gboolean hex_str_toull(const char
}
/* NOTE REQUIRED */
-#define _entry_root_ca(__arg_data, __indent) \
- { \
- .long_name = "root-ca", .short_name = 0, .flags = G_OPTION_FLAG_NONE, \
- .arg = G_OPTION_ARG_FILENAME_ARRAY, .arg_data = __arg_data, \
- .description = "Use FILE as the trusted root CA instead the\n" __indent \
- "root CAs that are installed on the system (optional).\n", \
- .arg_description = "FILE", \
+#define _entry_root_ca(__arg_data, __indent) \
+ { \
+ .long_name = "root-ca", .short_name = 0, .flags = G_OPTION_FLAG_NONE, \
+ .arg = G_OPTION_ARG_FILENAME, .arg_data = __arg_data, \
+ .description = "Use FILE as the trusted root CA instead the\n" __indent \
+ "root CAs that are installed on the system (optional).\n", \
+ .arg_description = "FILE", \
}
/* NOTE REQUIRED */

View File

@ -1,92 +0,0 @@
From 0748d365a60477c96cb9f6a12e9dbe547d549e1f Mon Sep 17 00:00:00 2001
From: Marc Hartmayer <mhartmay@linux.ibm.com>
Date: Tue, 12 Mar 2024 09:33:19 +0000
Subject: [PATCH] genprotimg/**/Makefile: Fix staged installs
Fix the support for staged installs. The Makefile variable `PKGDATADIR`
uses `DESTDIR` for all Makefile target, but actually it should only be
used for the `install*` and `uninstall*` targets. [1] Fix this by using
`DESTDIR` only for `install*` targets - uninstall* targets are not
supported by s390-tools.
Before this change, if `DESTDIR` was set for staged installs,
`genprotimg` has tried to find the bootloader binaries at the temporary
installation path `$DESTDIR$(TOOLS_DATADIR)/genprotimg/` instead of
`$(TOOLS_DATADIR)/genprotimg`.
[1] https://www.gnu.org/prep/standards/html_node/DESTDIR.html
Fixes: 65b9fc442c1a ("genprotimg: introduce new tool for the creation of PV images")
Reviewed-by: Steffen Eiden <seiden@linux.ibm.com>
Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>
---
genprotimg/Makefile | 6 +++---
genprotimg/boot/Makefile | 8 ++++----
genprotimg/src/Makefile | 2 +-
3 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/genprotimg/Makefile b/genprotimg/Makefile
index 8c9f7048..6a2e37e4 100644
--- a/genprotimg/Makefile
+++ b/genprotimg/Makefile
@@ -3,7 +3,7 @@ include ../common.mak
.DEFAULT_GOAL := all
-PKGDATADIR := "$(DESTDIR)$(TOOLS_DATADIR)/genprotimg"
+PKGDATADIR := "$(TOOLS_DATADIR)/genprotimg"
TESTS :=
SUBDIRS := boot src man
RECURSIVE_TARGETS := all-recursive install-recursive clean-recursive
@@ -11,8 +11,8 @@ RECURSIVE_TARGETS := all-recursive install-recursive clean-recursive
all: all-recursive
install: install-recursive
- $(INSTALL) -d -m 755 "$(PKGDATADIR)"
- $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 samples/check_hostkeydoc "$(PKGDATADIR)"
+ $(INSTALL) -d -m 755 "$(DESTDIR)$(PKGDATADIR)"
+ $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 samples/check_hostkeydoc "$(DESTDIR)$(PKGDATADIR)"
clean: clean-recursive
diff --git a/genprotimg/boot/Makefile b/genprotimg/boot/Makefile
index 799df9cc..73f3c9a8 100644
--- a/genprotimg/boot/Makefile
+++ b/genprotimg/boot/Makefile
@@ -7,7 +7,7 @@ DEBUG_FILES := $(addsuffix .debug,$(FILES))
ifeq ($(HOST_ARCH),s390x)
ZIPL_DIR := $(rootdir)/zipl
ZIPL_BOOT_DIR := $(ZIPL_DIR)/boot
-PKGDATADIR := $(DESTDIR)$(TOOLS_DATADIR)/genprotimg
+PKGDATADIR := $(TOOLS_DATADIR)/genprotimg
INCLUDE_PATHS := $(ZIPL_BOOT_DIR) $(ZIPL_DIR)/include $(rootdir)/include
INCLUDE_PARMS := $(addprefix -I,$(INCLUDE_PATHS))
@@ -86,9 +86,9 @@ stage3b.elf: head.o $(ZIPL_OBJS)
@chmod a-x $@
install: stage3a.bin stage3b_reloc.bin
- $(INSTALL) -d -m 755 "$(PKGDATADIR)"
- $(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 stage3a.bin "$(PKGDATADIR)"
- $(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 stage3b_reloc.bin "$(PKGDATADIR)"
+ $(INSTALL) -d -m 755 "$(DESTDIR)$(PKGDATADIR)"
+ $(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 stage3a.bin "$(DESTDIR)$(PKGDATADIR)"
+ $(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 stage3b_reloc.bin "$(DESTDIR)$(PKGDATADIR)"
else
# Don't generate the dependency files (see `common.mak` for the
diff --git a/genprotimg/src/Makefile b/genprotimg/src/Makefile
index 08734bff..d447e6cf 100644
--- a/genprotimg/src/Makefile
+++ b/genprotimg/src/Makefile
@@ -3,7 +3,7 @@ include ../../common.mak
bin_PROGRAM = genprotimg
-PKGDATADIR ?= "$(DESTDIR)$(TOOLS_DATADIR)/genprotimg"
+PKGDATADIR ?= "$(TOOLS_DATADIR)/genprotimg"
SRC_DIR := $(dir $(realpath $(firstword $(MAKEFILE_LIST))))
TOP_SRCDIR := $(SRC_DIR)/../
ROOT_DIR = $(TOP_SRC_DIR)/../../

View File

@ -12,8 +12,12 @@ and the symlink not created in the kdump environment.
Fix this by including 59-zfcp-compat.rules in the kdump initrd. Fix this by including 59-zfcp-compat.rules in the kdump initrd.
--- a/zdev/dracut/95zdev-kdump/module-setup.sh 2024-02-21 15:57:33.027658387 +0100 ---
+++ b/zdev/dracut/95zdev-kdump/module-setup.sh 2024-02-21 15:57:38.215675799 +0100 zdev/dracut/95zdev-kdump/module-setup.sh | 1 +
1 file changed, 1 insertion(+)
--- a/zdev/dracut/95zdev-kdump/module-setup.sh
+++ b/zdev/dracut/95zdev-kdump/module-setup.sh
@@ -78,6 +78,7 @@ @@ -78,6 +78,7 @@
inst_multiple /lib/s390-tools/zdev-from-dasd_mod.dasd inst_multiple /lib/s390-tools/zdev-from-dasd_mod.dasd

View File

@ -5,12 +5,10 @@ Subject: [PATCH] parse ipl device for activation
ported from dracut modules ported from dracut modules
--- ---
zdev/dracut/95zdev/parse-dasd.sh | 20 ++++++++++-- zdev/dracut/95zdev/parse-dasd.sh | 20 +++++++++++--
zdev/dracut/95zdev/parse-zfcp.sh | 56 +++++++++++++++++++++----------- zdev/dracut/95zdev/parse-zfcp.sh | 56 +++++++++++++++++++++++++--------------
2 files changed, 54 insertions(+), 22 deletions(-) 2 files changed, 54 insertions(+), 22 deletions(-)
diff --git a/zdev/dracut/95zdev/parse-dasd.sh b/zdev/dracut/95zdev/parse-dasd.sh
index a97801fe..cce0435a 100644
--- a/zdev/dracut/95zdev/parse-dasd.sh --- a/zdev/dracut/95zdev/parse-dasd.sh
+++ b/zdev/dracut/95zdev/parse-dasd.sh +++ b/zdev/dracut/95zdev/parse-dasd.sh
@@ -10,6 +10,8 @@ @@ -10,6 +10,8 @@
@ -22,7 +20,7 @@ index a97801fe..cce0435a 100644
# shellcheck source=/dev/null # shellcheck source=/dev/null
type zdev_parse_dasd_list > /dev/null 2>&1 || . /lib/s390-tools/zdev-from-dasd_mod.dasd type zdev_parse_dasd_list > /dev/null 2>&1 || . /lib/s390-tools/zdev-from-dasd_mod.dasd
@@ -27,9 +29,21 @@ zdev_vinfo() { @@ -27,9 +29,21 @@
zdev_parse_rd_dasd() { zdev_parse_rd_dasd() {
local _zdev_dasd _zdev_dasd_list local _zdev_dasd _zdev_dasd_list
@ -47,8 +45,6 @@ index a97801fe..cce0435a 100644
echo "$_zdev_dasd_list" echo "$_zdev_dasd_list"
} }
diff --git a/zdev/dracut/95zdev/parse-zfcp.sh b/zdev/dracut/95zdev/parse-zfcp.sh
index 715aa009..e4fef0b9 100644
--- a/zdev/dracut/95zdev/parse-zfcp.sh --- a/zdev/dracut/95zdev/parse-zfcp.sh
+++ b/zdev/dracut/95zdev/parse-zfcp.sh +++ b/zdev/dracut/95zdev/parse-zfcp.sh
@@ -12,25 +12,43 @@ @@ -12,25 +12,43 @@

View File

@ -1,3 +1,120 @@
-------------------------------------------------------------------
Mon Dec 9 07:10:06 UTC 2024 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
- Upgrade s390-tools to version 2.36 (jsc#PED-10303, jsc#PED-9591)
* s390-tools: Define Rust MSRV as 1.75.0
* Add new tools / libraries:
- cpacfinfo: Tool to provide CPACF information
- opticsmon: Tools to monitor optical modules for directly attached PCI based NICs
- pvimg: Rust rewrite of genprotimg
* Changes of existing tools:
- chpstat: Add data bandwidth utilization column
- chpstat: Add support for full CMCB
- chpstat: Add support for new CMG types
- dbginfo.sh: add overview commands and crypto update
- hyptop: Support for structured output (json, json-seq, csv)
- lszfcp: Add missing fallback marker for non-good fc_host port_state
- lszfcp: Improve speed with many SCSI devices
- pvattest: Add attestation policy check command
- zipl: Add support of partitions of mirror md-devices
* Bug Fixes:
- lszcrypt: Fix wrong state showing up for removed AP queue within SE guest
- lszfcp: Show device names line for zfcp_units without SCSI device
- Revendored vendor.tar.gz
- Applied additional patch (bsc#1233889, bsc#1233079)
* s390-tools-02-zipl-src-fix-imprecise-check-that-file-is-on-specifi.patch
-------------------------------------------------------------------
Thu Dec 5 11:04:48 UTC 2024 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
- Applied a patch (bsc#1233889)
* s390-tools-01-zipl_helper.device-mapper-add-missed-step-in-logical.patch
- Amended the /usr/lib/modules-load.d/pkey.conf (bsc#1233233). Added
* pkey_cca
* pkey_ep11
* pkey_pckmo
-------------------------------------------------------------------
Tue Nov 5 15:26:42 UTC 2024 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
- Amended the *_configure scripts to update again the SUSE's specific file
'/boot/zipl/active_devices.txt' (bsc#1232474, bsc#1216257)
* ctc_configure
* dasd_configure
* qeth_configure
* zfcp_host_configure
-------------------------------------------------------------------
Tue Nov 5 13:04:20 UTC 2024 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
* Upgrade s390-tools to version 2.35 (jsc#PED-9591, jsc#PED-10303)
* Changes of existing tools:
- cpacfstats: Add support for FULL XTS (MSA 10) and HMAC (MSA 11) PAI counter
- cpuplugd: Make cpuplugd compatible with hiperdispatch
- dbginfo.sh: Add network sockstat info
- pvapconfig: s390x exclusive build
- zdev: Add option to select IPL device
- zdump/dfo_s390: Support s390 DFO for vr-kernel dumps
- zipl: Add support of mirror devices
* Bug Fixes:
- (genprotimg|zipl)/boot: discard .note.package ELF section to save memory
- netboot/mk-s390image: Fix size when argument is a symlink
- ziorep_config: Fix warning message when multipath device is not there.
- zipl: Fix problems when target parameters are specified by user
- zipl: Fix segfault when creating device-based dumps with '--dry-run'
*** v2.34.0
* Changes of existing tools:
- ap_tools/ap-check: Add support for vfio-ap dynamic configuration
- dbginfo.sh: Update/Add additional DASD data collection
- dumpconf: Add new parameter 'SCP_DATA' for SCSI/NVMe/ECKD dump devices
- libutil: Make formatted meta-data configurable
- s390-tools: Replace 'which' with built-in 'command -v'
- zdump/dfi_elf: Support core dumps of vr-kernels
* Bug Fixes:
- chzdev: Fix warning about failed ATTR writes by udev
- rust/pv: Try again if first CRL-URI is invalid
- rust/pvattest: Add short option for --arpk
- zdump: Fix 'zgetdump -i' ioctl error on s390 formatted dump file
*** v2.33.1
* Bug Fixes:
- s390-tools: Fix formatting and typos in README.md
- s390-tools: Fix release string
*** v2.33.0
* Add new tools / libraries:
- chpstat: New tool for displaying channel path statistics
- libutil: Add output format helpers(util_fmt: JSON, JSON-SEQ, CSV, text pairs)
* Changes of existing tools / libraries:
- chzdev: Add --is-owner to identify files created by zdev
- dasdfmt: Change default mode to always use full-format (Note: affects ESE DASD)
- libap: Significantly reduce delay time between file lock retries
- pvattest: Rewrite from C to Rust
- pvattest: Support additional data & user-data
- rust/pv: Support for Attestation
* Bug Fixes:
- chreipl: Improve disk type detection when running under QEMU
- dbginfo.sh: Use POSIX option with uname
- s390-tools: Fix missing hyphen escapes in the man page for many tools
- zipl/src: Fix bugs in disk_get_info() reproducible in corner cases
*** v2.32.0
* Changes of existing tools:
- cpumf/lscpumf: add support for machine type 3932
- genprotimg, pvattest, and pvsecret accept IBM signing key with Armonk as
subject locality
- zdump/zipl: Support for List-Directed dump from ECKD DASD
- zkey: Detect FIPS mode and generate PBKDF for luksFormat according to it
* Bug Fixes:
- dbginfo.sh: dash compatible copy sequence
- rust/pv_core: Fix UvDeviceInfo::get() method
- zipl/src: Fix leak of files if run with a broken configuration
- zkey: Fix convert command to accept only keys of type CCA-AESDATA
* Revendored vendor.tar.gz
* Removed obsolete patches
- s390-tools-sles15sp6-genprotimg-makefile.patch
- s390-tools-sles15sp5-01-rust-pv-support-Armonk-in-IBM-signing-key-subject.patch
- s390-tools-sles15sp6-02-genprotimg-support-Armonk-in-IBM-signing-key-subject.patch
- s390-tools-sles15sp6-03-libpv-support-Armonk-in-IBM-signing-key-subject.patch
- s390-tools-sles15sp6-04-pvattest-Fix-root-ca-parsing.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jul 11 14:56:34 UTC 2024 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com> Thu Jul 11 14:56:34 UTC 2024 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
@ -4581,3 +4698,4 @@ Fri Jul 13 18:31:30 CEST 2001 - mls@suse.de
Fri Jul 13 16:15:33 CEST 2001 - bk@suse.de Fri Jul 13 16:15:33 CEST 2001 - bk@suse.de
- new package based on s390utils - new package based on s390utils

View File

@ -33,7 +33,7 @@
%endif %endif
Name: s390-tools Name: s390-tools
Version: 2.31.0 Version: 2.36.0
Release: 0 Release: 0
Summary: S/390 tools like zipl and dasdfmt for s390x (plus selected tools for x86_64) Summary: S/390 tools like zipl and dasdfmt for s390x (plus selected tools for x86_64)
License: MIT License: MIT
@ -153,13 +153,10 @@ Patch910: s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.p
Patch911: s390-tools-sles15sp5-remove-no-pie-link-arguments.patch Patch911: s390-tools-sles15sp5-remove-no-pie-link-arguments.patch
Patch912: s390-tools-ALP-zdev-live.patch Patch912: s390-tools-ALP-zdev-live.patch
Patch913: s390-tools-sles15sp6-kdump-initrd-59-zfcp-compat-rules.patch Patch913: s390-tools-sles15sp6-kdump-initrd-59-zfcp-compat-rules.patch
Patch914: s390-tools-sles15sp6-genprotimg-makefile.patch Patch914: s390-tools-01-zipl_helper.device-mapper-add-missed-step-in-logical.patch
Patch915: s390-tools-slfo-01-parse-ipl-device-for-activation.patch Patch915: s390-tools-02-zipl-src-fix-imprecise-check-that-file-is-on-specifi.patch
### SE-tooling: New IBM host-key subject locality (s390-tools) ### Patch only for SLFO
Patch916: s390-tools-sles15sp5-01-rust-pv-support-Armonk-in-IBM-signing-key-subject.patch Patch920: s390-tools-slfo-01-parse-ipl-device-for-activation.patch
Patch917: s390-tools-sles15sp6-02-genprotimg-support-Armonk-in-IBM-signing-key-subject.patch
Patch918: s390-tools-sles15sp6-03-libpv-support-Armonk-in-IBM-signing-key-subject.patch
Patch919: s390-tools-sles15sp6-04-pvattest-Fix-root-ca-parsing.patch
### ###
BuildRequires: curl-devel BuildRequires: curl-devel
@ -172,6 +169,7 @@ BuildRequires: glib2-devel
BuildRequires: glibc-devel-static BuildRequires: glibc-devel-static
BuildRequires: libcryptsetup-devel > 2.0.3 BuildRequires: libcryptsetup-devel > 2.0.3
BuildRequires: libjson-c-devel BuildRequires: libjson-c-devel
BuildRequires: libnl3-devel
BuildRequires: libxml2-devel BuildRequires: libxml2-devel
BuildRequires: mdevctl BuildRequires: mdevctl
BuildRequires: ncurses-devel BuildRequires: ncurses-devel
@ -184,6 +182,7 @@ BuildRequires: zlib-devel-static
### s390x ### s390x
%ifarch s390x %ifarch s390x
BuildRequires: kernel-zfcpdump BuildRequires: kernel-zfcpdump
BuildRequires: perl-Bootloader >= 0.4.15
BuildRequires: qclib-devel-static BuildRequires: qclib-devel-static
%endif %endif
### Cargo ### Cargo
@ -229,12 +228,14 @@ zipl - boot loader and dump DASD initializer
zgetdump - tool to get linux system dumps from DASD zgetdump - tool to get linux system dumps from DASD
- x86_64 - x86_64
genprotimg - create a protected virtualization image pvimg - create a protected virtualization image (genprotimg)
pvattest - create, perform, and verify protected virtualization attestation measurements pvattest - create, perform, and verify protected virtualization attestation measurements
pvsecret - manage secrets for IBM Secure Execution guests. pvsecret - manage secrets for IBM Secure Execution guests.
pvapconfig - used to automatically set up the AP configuration within an IBM Secure Execution guest.
Note: Auxiliary data package - s390-tools-genprotimg-data Warning: There is an auxiliary data package - s390-tools-genprotimg-data.
To install s390-tools properly, please use:
'sudo zypper install s390-tools s390-tools-genprotimg-data'
%package -n osasnmpd %package -n osasnmpd
Summary: OSA-Express SNMP subagent Summary: OSA-Express SNMP subagent
@ -353,11 +354,11 @@ BuildArch: noarch
Requires(pre): filesystem Requires(pre): filesystem
%description genprotimg-data %description genprotimg-data
The genprotimg allows preparing and analyzing boot images The pvimg (genprotimg) allows preparing and analyzing boot images
in the realm of IBM Secure Execution on a trusted environment, in the realm of IBM Secure Execution on a trusted environment,
such as the laptop of an admin by limiting the build targets such as the laptop of an admin by limiting the build targets
depending on the defined or detected host architecture. depending on the defined or detected host architecture.
This package provides auxiliary data used by genprotimg. This package provides auxiliary data used by pvimg(genprotimg).
### *** s390x ************************************************************************* ### ### *** s390x ************************************************************************* ###
%ifarch s390x %ifarch s390x
@ -367,7 +368,7 @@ This package provides auxiliary data used by genprotimg.
cp -vi %{SOURCE22} CAUTION cp -vi %{SOURCE22} CAUTION
install -D -m 0644 %{SOURCE200} .cargo/config install -D -m 0644 %{SOURCE200} .cargo/config.toml
tar -xzf %{SOURCE201} tar -xzf %{SOURCE201}
%build %build
@ -723,7 +724,6 @@ done
%dir %{_prefix}/lib/systemd/scripts %dir %{_prefix}/lib/systemd/scripts
%dir %{_datadir}/s390-tools %dir %{_datadir}/s390-tools
%dir %{_datadir}/s390-tools/netboot %dir %{_datadir}/s390-tools/netboot
%dir %{_datadir}/s390-tools/genprotimg
%dir %{_prefix}/lib/dracut/modules.d/95zdev %dir %{_prefix}/lib/dracut/modules.d/95zdev
%dir %{_prefix}/lib/dracut/modules.d/95zdev-kdump %dir %{_prefix}/lib/dracut/modules.d/95zdev-kdump
%dir %{_prefix}/lib/dracut/modules.d/96zdev-live %dir %{_prefix}/lib/dracut/modules.d/96zdev-live
@ -746,8 +746,8 @@ done
%dir /etc/mdevctl.d/scripts.d/callouts/ %dir /etc/mdevctl.d/scripts.d/callouts/
### ###
%exclude /lib/s390-tools/stage3.bin %exclude /lib/s390-tools/stage3.bin
%exclude %{_datadir}/s390-tools/genprotimg/stage3a.bin %exclude %{_datadir}/s390-tools/pvimg/stage3a.bin
%exclude %{_datadir}/s390-tools/genprotimg/stage3b_reloc.bin %exclude %{_datadir}/s390-tools/pvimg/stage3b_reloc.bin
### ###
%files -n osasnmpd -f %{_builddir}/%{name}.osasnmp %files -n osasnmpd -f %{_builddir}/%{name}.osasnmp
@ -798,8 +798,9 @@ done
### genprotimg ### genprotimg
%files genprotimg-data %files genprotimg-data
/lib/s390-tools/stage3.bin /lib/s390-tools/stage3.bin
%{_datadir}/s390-tools/genprotimg/stage3a.bin %dir %{_datadir}/s390-tools/pvimg
%{_datadir}/s390-tools/genprotimg/stage3b_reloc.bin %{_datadir}/s390-tools/pvimg/stage3a.bin
%{_datadir}/s390-tools/pvimg/stage3b_reloc.bin
### _endif ### _endif
### *** !s390x ************************************************************************* ### ### *** !s390x ************************************************************************* ###
@ -832,10 +833,11 @@ export KERNELIMAGE_MAKEFLAGS="%%{?_smp_mflags}"
%files %files
%{_prefix}/bin/* %{_prefix}/bin/*
%dir %{_datadir}/s390-tools %dir %{_datadir}/s390-tools
%dir %{_datadir}/s390-tools/genprotimg %dir %{_datadir}/s390-tools/pvimg
%{_datadir}/s390-tools/genprotimg/check_hostkeydoc %{_datadir}/s390-tools/pvimg/check_hostkeydoc
%{_mandir}/man1/* %{_mandir}/man1/*
%endif %endif
%changelog %changelog

BIN
vendor.tar.gz (Stored with Git LFS)

Binary file not shown.

View File

@ -38,6 +38,14 @@ debug_mesg () {
esac esac
} }
add_cio_channel() {
echo "$* # ${DATE}" >> /boot/zipl/active_devices.txt
}
remove_cio_channel() {
[ -w /boot/zipl/active_devices.txt ] && sed -i -e "/^${1}/d" /boot/zipl/active_devices.txt
}
usage(){ usage(){
echo "Usage: ${0} <ccwid> <online>" echo "Usage: ${0} <ccwid> <online>"
echo " ccwid = x.y.ssss where" echo " ccwid = x.y.ssss where"
@ -80,3 +88,8 @@ RC=${?}
if [ ${RC} -ne 0 ]; then if [ ${RC} -ne 0 ]; then
exit ${RC} exit ${RC}
fi fi
if [ ${ON_OFF} == 1 ]; then
add_cio_channel "${CCW_CHAN_ID}"
else remove_cio_channel "${CCW_CHAN_ID}"
fi