SLFO-pool/s390-tools
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main s390-tools revision ca6e8fd2e5ddbe310b053b103d70157f

Browse Source
This commit is contained in:
Adrian Schröter 2024-11-28 10:28:50 +01:00
parent afbbc8f565
commit aa2121ba34
23 changed files with 1179 additions and 332 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ctc_configure
View File

@ -44,14 +44,6 @@ debug_mesg () {
esac esac
} }
add_cio_channel() {
echo "$* # ${DATE}" >> /boot/zipl/active_devices.txt
}
remove_cio_channel() {
[ -w /boot/zipl/active_devices.txt ] && sed -i -e "/^${1}/d" /boot/zipl/active_devices.txt
}
usage(){ usage(){
echo "Usage: ${0} <read channel> <write channel> <online> [<protocol>]" echo "Usage: ${0} <read channel> <write channel> <online> [<protocol>]"
echo " read/write channel = x.y.ssss where" echo " read/write channel = x.y.ssss where"
@ -120,9 +112,3 @@ RC=${?}
if [ ${RC} -ne 0 ]; then if [ ${RC} -ne 0 ]; then
exit ${RC} exit ${RC}
fi fi
if [ ${ON_OFF} == 1 ]; then
add_cio_channel "${CTC_READ_CHAN},${CTC_WRITE_CHAN}"
else remove_cio_channel "${CTC_READ_CHAN}"
remove_cio_channel "${CTC_WRITE_CHAN}"
fi

13
dasd_configure.opensuse
View File

@ -43,14 +43,6 @@ debug_mesg () {
esac esac
} }
add_cio_channel() {
echo "$* # ${DATE}" >> /boot/zipl/active_devices.txt
}
remove_cio_channel() {
[ -w /boot/zipl/active_devices.txt ] && sed -i -e "/^${1}/d" /boot/zipl/active_devices.txt
}
usage(){ usage(){
echo "Usage: ${0} [-f -t <dasd_type> ] <ccwid> <online> [use_diag]" echo "Usage: ${0} [-f -t <dasd_type> ] <ccwid> <online> [use_diag]"
echo echo
@ -165,9 +157,4 @@ elif [ ${ON_OFF} == 1 ]; then
fi fi
fi fi
if [ ${ON_OFF} == 1 ]; then
add_cio_channel "${CCW_CHAN_ID}"
else remove_cio_channel "${CCW_CHAN_ID}"
fi
exit ${exitcode} exit ${exitcode}

13
dasd_configure.suse
View File

@ -43,14 +43,6 @@ debug_mesg () {
esac esac
} }
add_cio_channel() {
echo "$* # ${DATE}" >> /boot/zipl/active_devices.txt
}
remove_cio_channel() {
[ -w /boot/zipl/active_devices.txt ] && sed -i -e "/^${1}/d" /boot/zipl/active_devices.txt
}
usage(){ usage(){
echo "Usage: ${0} [-f -t <dasd_type> ] <ccwid> <online> [use_diag]" echo "Usage: ${0} [-f -t <dasd_type> ] <ccwid> <online> [use_diag]"
echo echo
@ -165,9 +157,4 @@ elif [ ${ON_OFF} == 1 ]; then
fi fi
fi fi
if [ ${ON_OFF} == 1 ]; then
add_cio_channel "${CCW_CHAN_ID}"
else remove_cio_channel "${CCW_CHAN_ID}"
fi
exit ${exitcode} exit ${exitcode}

15
qeth_configure
View File

@ -48,14 +48,6 @@ debug_mesg () {
esac esac
} }
add_cio_channel() {
echo "$* # ${DATE}" >> /boot/zipl/active_devices.txt
}
remove_cio_channel() {
[ -w /boot/zipl/active_devices.txt ] && sed -i -e "/^${1}/d" /boot/zipl/active_devices.txt
}
usage(){ usage(){
echo "Usage: ${0} [options] <read chan> <write chan> <data chan> <online>" echo "Usage: ${0} [options] <read chan> <write chan> <data chan> <online>"
echo " -i Configure IP takeover" echo " -i Configure IP takeover"
@ -165,10 +157,3 @@ RC=${?}
if [ ${RC} -ne 0 ]; then if [ ${RC} -ne 0 ]; then
exit ${RC} exit ${RC}
fi fi
if [ ${ON_OFF} == 1 ]; then
add_cio_channel "${QETH_READ_CHAN},${QETH_WRITE_CHAN},${QETH_DATA_CHAN}"
else remove_cio_channel "${QETH_READ_CHAN}"
remove_cio_channel "${QETH_WRITE_CHAN}"
remove_cio_channel "${QETH_DATA_CHAN}"
fi

BIN
s390-tools-2.31.0.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
s390-tools-2.35.0.tar.gz (Stored with Git LFS)
View File

Binary file not shown.

22
s390-tools-ALP-zdev-live.patch
View File

@ -5,8 +5,10 @@
zdev/dracut/Makefile | 15 ++++++++++-- zdev/dracut/Makefile | 15 ++++++++++--
4 files changed, 92 insertions(+), 2 deletions(-) 4 files changed, 92 insertions(+), 2 deletions(-)
Index: s390-tools-2.30.0/zdev/dracut/96zdev-live/module-setup.sh
===================================================================
--- /dev/null --- /dev/null
+++ b/zdev/dracut/96zdev-live/module-setup.sh +++ s390-tools-2.30.0/zdev/dracut/96zdev-live/module-setup.sh
@@ -0,0 +1,32 @@ @@ -0,0 +1,32 @@
+#!/bin/bash +#!/bin/bash
+ +
@ -40,8 +42,10 @@
+ inst_hook cleanup 41 "$moddir/write-udev-live.sh" + inst_hook cleanup 41 "$moddir/write-udev-live.sh"
+ inst_multiple chzdev + inst_multiple chzdev
+} +}
Index: s390-tools-2.30.0/zdev/dracut/96zdev-live/parse-zdev-live.sh
===================================================================
--- /dev/null --- /dev/null
+++ b/zdev/dracut/96zdev-live/parse-zdev-live.sh +++ s390-tools-2.30.0/zdev/dracut/96zdev-live/parse-zdev-live.sh
@@ -0,0 +1,36 @@ @@ -0,0 +1,36 @@
+#!/bin/bash +#!/bin/bash
+# +#
@ -79,8 +83,10 @@
+ fi + fi
+done +done
+ +
Index: s390-tools-2.30.0/zdev/dracut/96zdev-live/write-udev-live.sh
===================================================================
--- /dev/null --- /dev/null
+++ b/zdev/dracut/96zdev-live/write-udev-live.sh +++ s390-tools-2.30.0/zdev/dracut/96zdev-live/write-udev-live.sh
@@ -0,0 +1,11 @@ @@ -0,0 +1,11 @@
+#!/bin/sh +#!/bin/sh
+# +#
@ -93,9 +99,11 @@
+if [ -w /sysroot/etc/udev/rules.d ]; then +if [ -w /sysroot/etc/udev/rules.d ]; then
+ cp -p /etc/udev/rules.d/41-* /sysroot/etc/udev/rules.d + cp -p /etc/udev/rules.d/41-* /sysroot/etc/udev/rules.d
+fi +fi
--- a/zdev/dracut/Makefile Index: s390-tools-2.30.0/zdev/dracut/Makefile
+++ b/zdev/dracut/Makefile ===================================================================
@@ -3,17 +3,23 @@ --- s390-tools-2.30.0.orig/zdev/dracut/Makefile
+++ s390-tools-2.30.0/zdev/dracut/Makefile
@@ -3,17 +3,23 @@ include ../../common.mak
ZDEVDIR := 95zdev ZDEVDIR := 95zdev
ZDEVKDUMPDIR := 95zdev-kdump ZDEVKDUMPDIR := 95zdev-kdump
@ -121,7 +129,7 @@
ifeq ($(HAVE_DRACUT),1) ifeq ($(HAVE_DRACUT),1)
install: install:
$(INSTALL) -m 755 -d $(DESTDIR)$(DRACUTMODDIR)/ $(INSTALL) -m 755 -d $(DESTDIR)$(DRACUTMODDIR)/
@@ -29,4 +35,9 @@ @@ -25,4 +31,9 @@ install:
$(INSTALL) -m 755 -d $(DESTDIR)$(DRACUTMODDIR)/$(ZDEVKDUMPDIR) $(INSTALL) -m 755 -d $(DESTDIR)$(DRACUTMODDIR)/$(ZDEVKDUMPDIR)
$(INSTALL) -m 755 $(ZDEVKDUMPDIR)/module-setup.sh \ $(INSTALL) -m 755 $(ZDEVKDUMPDIR)/module-setup.sh \
$(DESTDIR)$(DRACUTMODDIR)/$(ZDEVKDUMPDIR)/ $(DESTDIR)$(DRACUTMODDIR)/$(ZDEVKDUMPDIR)/

124
s390-tools-sles15-sysconfig-compatible-dumpconf.patch
View File

@ -1,27 +1,34 @@
--- Index: s390-tools-2.30.0/etc/sysconfig/dumpconf
etc/sysconfig/dumpconf | 133 +++++++++++++++++++++++++++++++++++++++++++++++++ ===================================================================
1 file changed, 133 insertions(+) --- s390-tools-2.30.0.orig/etc/sysconfig/dumpconf
+++ s390-tools-2.30.0/etc/sysconfig/dumpconf
--- a/etc/sysconfig/dumpconf @@ -1,71 +1,137 @@
+++ b/etc/sysconfig/dumpconf
@@ -1,3 +1,4 @@
+###########################################################################################
#
# s390 dump config
#
@@ -78,3 +79,135 @@
# dumpconf becomes active immediately during system startup.
#
# ON_PANIC=reipl
+
+############################ Begin Definitions ###########################################
+## Path: System/Dumpconf +## Path: System/Dumpconf
+## Description: Configures the actions which should be performed after a kernel panic +## Description: Configures the actions which should be performed after a kernel panic
+## Type: list(stop,dump,vmcmd,reipl,dump_reipl) +## Type: list(stop,dump,vmcmd,reipl,dump_reipl)
+## Default: "stop" +## Default: "stop"
+## ServiceRestart: dumpconf +## ServiceRestart: dumpconf
+# #
-# s390 dump config
-#
-# Configures the actions which should be performed after a kernel panic
-# and on PSW restart.
+# Define the action that should be taken if a kernel panic happens. +# Define the action that should be taken if a kernel panic happens.
#
# The following actions are supported:
#
-# * stop: Stop Linux (default)
-# * dump: Dump Linux with stand-alone dump tool
-# * vmcmd: Issue z/VM CP commands
-# * reipl: Re-IPL Linux using setting under /sys/firmware/reipl
-# * dump_reipl: First dump Linux with stand-alone dump tool, then re-IPL Linux
-# using setting under /sys/firmware/reipl
+# * stop: Stop Linux (default)
+# * dump: Dump Linux
+# * vmcmd: Issue z/VM CP commands
+# * reipl: Re-IPL Linux using setting under /sys/firmware/reipl
+# * dump_reipl: First dump Linux, then re-IPL Linux using setting under
+# /sys/firmware/reipl
+# +#
+ON_PANIC="stop" +ON_PANIC="stop"
+ +
@ -55,10 +62,14 @@
+# Define the device id for a DASD or SCSI over zFCP dump device. +# Define the device id for a DASD or SCSI over zFCP dump device.
+# +#
+# For example (DASD and SCSI over zFCP have the same structure): DEVICE=0.0.4711 +# For example (DASD and SCSI over zFCP have the same structure): DEVICE=0.0.4711
+# #
+DEVICE="" +DEVICE=""
+
+# Type: string -# For the actions "reipl" and "dump_reipl" the DELAY_MINUTES keyword may
-# be used to delay the activation of dumpconf.
-# Thus potential reipl loops caused by kernel panics
-# which persistently occur early in the boot process can be prevented.
+## Type: string
+## Default: "" +## Default: ""
+## ServiceRestart: dumpconf +## ServiceRestart: dumpconf
+# +#
@ -67,40 +78,62 @@
+# For example: WWPN=0x5005076303004711 +# For example: WWPN=0x5005076303004711
+# +#
+WWPN="" +WWPN=""
+
-# Dump on CCW device (DASD) and re-IPL after dump is complete.
-# The re-IPL device, as specified under "/sys/firmware/reipl", is used.
-# The activation of dumpconf is delayed by 5 minutes.
+## Type: string +## Type: string
+## Default: "" +## Default: ""
+## ServiceRestart: dumpconf +## ServiceRestart: dumpconf
+# #
-# ON_PANIC=dump_reipl
-# DUMP_TYPE=ccw
-# DEVICE=0.0.4e13
-# DELAY_MINUTES=5
+# Define the LUN for a zFCP dump device. +# Define the LUN for a zFCP dump device.
+# +#
+# For example: LUN=0x4711000000000000 +# For example: LUN=0x4711000000000000
+# +#
+LUN="" +LUN=""
+
+## Type: integer(0:30) +## Type: integer(0:30)
+## Default: "0" +## Default: "0"
+## ServiceRestart: dumpconf +## ServiceRestart: dumpconf
+# +#
+# Define the Boot program selector for a zFCP dump device. +# Define the Boot program selector for a zFCP dump device.
+# #
-# Dump on fcp device (SCSI Disk)
+# A decimal value between 0 and 30 specifying the program to be loaded from +# A decimal value between 0 and 30 specifying the program to be loaded from
+# the FCP-I/O device. +# the FCP-I/O device.
+# #
-# ON_PANIC=dump
-# DUMP_TYPE=fcp
-# DEVICE=0.0.4711
-# WWPN=0x5005076303004711
-# LUN=0x4711000000000000
-# BOOTPROG=0
-# BR_LBA=0
+BOOTPROG="0" +BOOTPROG="0"
+
+## Type: string +## Type: string
+## Default: "0" +## Default: "0"
+## ServiceRestart: dumpconf +## ServiceRestart: dumpconf
+# #
-# Dump on nvme device (NVMe Disk)
+# Define the Boot record logical block address for a zFCP dump device. +# Define the Boot record logical block address for a zFCP dump device.
+# #
-# ON_PANIC=dump
-# DUMP_TYPE=nvme
-# FID=0x00000300
-# NSID=0x00000001
-# BOOTPROG=3
-# BR_LBA=0
+# The hexadecimal digits designating the logical-block address of the boot record of the FCP-I/O device. +# The hexadecimal digits designating the logical-block address of the boot record of the FCP-I/O device.
+# It must be a value from 0-FFFFFFFF FFFFFFFF. For values longer than 8 hex characters at least one separator +# It must be a value from 0-FFFFFFFF FFFFFFFF. For values longer than 8 hex characters at least one separator
+# blank is required after the 8th character. +# blank is required after the 8th character.
+# +#
+BR_LBA="0" +BR_LBA="0"
+
+## Type: string +## Type: string
+## Default: "" +## Default: ""
+## ServiceRestart: dumpconf +## ServiceRestart: dumpconf
@ -108,11 +141,16 @@
+# Define the Function ID for NVMe dump device. +# Define the Function ID for NVMe dump device.
+# +#
+# The hexadecimal digits designating the Function ID for the NMVe disk. +# The hexadecimal digits designating the Function ID for the NMVe disk.
+# #
-# Use VMDUMP
+# For example: FID=0x00000300 +# For example: FID=0x00000300
+# #
-# ON_PANIC=vmcmd
-# VMCMD_1="MESSAGE * Starting VMDUMP"
-# VMCMD_2="VMDUMP"
-# VMCMD_3="IPL 4711"
+FID="" +FID=""
+
+## Type: string +## Type: string
+## Default: "" +## Default: ""
+## ServiceRestart: dumpconf +## ServiceRestart: dumpconf
@ -120,21 +158,28 @@
+# Define the Namespace ID for the NVMe dump device +# Define the Namespace ID for the NVMe dump device
+# +#
+# The hexadecimal digits designating the Namespace ID for the NMVe disk. +# The hexadecimal digits designating the Namespace ID for the NMVe disk.
+# #
-# Stop Linux (default)
+# For example: NSID=0x00000001 +# For example: NSID=0x00000001
+# #
-# ON_PANIC=stop
+NSID="" +NSID=""
+
+## Type: string +## Type: string
+## Default: "" +## Default: ""
+## ServiceRestart: dumpconf +## ServiceRestart: dumpconf
+# #
-# Re-IPL Linux
-# The re-IPL device, as specified under "/sys/firmware/reipl", is used.
-# Since the DELAY_MINUTES keyword is omitted, there is no delay and
-# dumpconf becomes active immediately during system startup.
+# VMCMD_<X> +# VMCMD_<X>
+# Specifies a CP command, <X> is a number from one to eight. You can +# Specifies a CP command, <X> is a number from one to eight. You can
+# specify up to eight CP commands that are executed in case of a kernel +# specify up to eight CP commands that are executed in case of a kernel
+# panic. Note that VM commands, device adresses, and VM guest names +# panic. Note that VM commands, device adresses, and VM guest names
+# must be uppercase. +# must be uppercase.
+# #
-# ON_PANIC=reipl
+VMCMD_1="" +VMCMD_1=""
+VMCMD_2="" +VMCMD_2=""
+VMCMD_3="" +VMCMD_3=""
@ -143,6 +188,3 @@
+VMCMD_6="" +VMCMD_6=""
+VMCMD_7="" +VMCMD_7=""
+VMCMD_8="" +VMCMD_8=""
+
+############################### End Definitions ##############################################
\ No newline at end of file

84
s390-tools-sles15sp3-Allow-multiple-device-arguments.patch
View File

@ -7,32 +7,36 @@ Allow the user to specify several devices as arguments to dasdfmt.
Signed-off-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Hannes Reinecke <hare@suse.com>
--- ---
dasdfmt/dasdfmt.8 | 6 - dasdfmt/dasdfmt.8 | 5 +-
dasdfmt/dasdfmt.c | 197 +++++++++++++++++++++++++++++++----------------------- dasdfmt/dasdfmt.c | 175 ++++++++++++++++++++++++++++++------------------------
2 files changed, 119 insertions(+), 84 deletions(-) 2 files changed, 100 insertions(+), 80 deletions(-)
--- a/dasdfmt/dasdfmt.8 Index: s390-tools-2.30.0/dasdfmt/dasdfmt.8
+++ b/dasdfmt/dasdfmt.8 ===================================================================
@@ -11,14 +11,14 @@ --- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.8
+++ s390-tools-2.30.0/dasdfmt/dasdfmt.8
@@ -11,14 +11,15 @@ dasdfmt \- formatting of DASD (ECKD) dis
.br .br
[\-r \fIcylinder\fR] [\-b \fIblksize\fR] [\-l \fIvolser\fR] [\-d \fIlayout\fR] [-r \fIcylinder\fR] [-b \fIblksize\fR] [-l \fIvolser\fR] [-d \fIlayout\fR]
.br .br
- [\-L] [\-V] [\-F] [\-k] [\-C] [\-M \fImode\fR] \fIdevice\fR - [-L] [-V] [-F] [-k] [-C] [-M \fImode\fR] \fIdevice\fR
+ [\-L] [\-V] [\-F] [\-k] [\-C] [\-M \fImode\fR] \fIdevice\fR [\fIdevice\fR] + [-L] [-V] [-F] [-k] [-C] [-M \fImode\fR] \fIdevice\fR [\fIdevice\fR]
.SH DESCRIPTION .SH DESCRIPTION
-\fBdasdfmt\fR formats a DASD (ECKD) disk drive to prepare it -\fBdasdfmt\fR formats a DASD (ECKD) disk drive to prepare it
+\fBdasdfmt\fR formats one or several DASD (ECKD) disk drive(s) to prepare them +\fBdasdfmt\fR formats one or several DASD (ECKD) disk drive to prepare it
for usage with Linux for S/390. for usage with Linux for S/390.
The \fIdevice\fR is the node of the device (e.g. '/dev/dasda'). The \fIdevice\fR is the node of the device (e.g. '/dev/dasda').
Any device node created by udev for kernel 2.6 can be used Any device node created by udev for kernel 2.6 can be used
-(e.g. '/dev/dasd/0.0.b100/disc'). (e.g. '/dev/dasd/0.0.b100/disc').
+(e.g. '/dev/dasd/0.0.b100/disc'). It is possible to specify up to 512 devices. +It is possible to specify up to 512 devices.
.br .br
\fBWARNING\fR: Careless usage of \fBdasdfmt\fR can result in \fBWARNING\fR: Careless usage of \fBdasdfmt\fR can result in
--- a/dasdfmt/dasdfmt.c Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
+++ b/dasdfmt/dasdfmt.c ===================================================================
--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.c
+++ s390-tools-2.30.0/dasdfmt/dasdfmt.c
@@ -25,6 +25,8 @@ @@ -25,6 +25,8 @@
#include "dasdfmt.h" #include "dasdfmt.h"
@ -42,7 +46,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
#define BUSIDSIZE 8 #define BUSIDSIZE 8
#define SEC_PER_DAY (60 * 60 * 24) #define SEC_PER_DAY (60 * 60 * 24)
#define SEC_PER_HOUR (60 * 60) #define SEC_PER_HOUR (60 * 60)
@@ -57,7 +59,9 @@ @@ -57,7 +59,9 @@ static const struct util_prg prg = {
static struct dasdfmt_globals { static struct dasdfmt_globals {
dasd_information2_t dasd_info; dasd_information2_t dasd_info;
char *dev_path; /* device path entered by user */ char *dev_path; /* device path entered by user */
@ -52,7 +56,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
int verbosity; int verbosity;
int testmode; int testmode;
int withoutprompt; int withoutprompt;
@@ -484,15 +488,15 @@ @@ -484,15 +488,15 @@ static void program_interrupt_signal(int
program_interrupt_in_progress = 1; program_interrupt_in_progress = 1;
if (disk_disabled) { if (disk_disabled) {
@ -71,7 +75,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
} else { } else {
printf("Exiting...\n"); printf("Exiting...\n");
} }
@@ -512,9 +516,6 @@ @@ -512,9 +516,6 @@ static void get_device_name(int optind,
unsigned int maj, min; unsigned int maj, min;
struct stat dev_stat; struct stat dev_stat;
@ -81,7 +85,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
if (optind >= argc) if (optind >= argc)
error("No device specified!"); error("No device specified!");
@@ -610,10 +611,10 @@ @@ -610,10 +611,10 @@ static void check_disk(void)
error("the ioctl call to retrieve read/write status information failed: %s", error("the ioctl call to retrieve read/write status information failed: %s",
strerror(err)); strerror(err));
if (ro) if (ro)
@ -94,7 +98,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
} }
if (strncmp(g.dasd_info.type, "ECKD", 4) != 0) { if (strncmp(g.dasd_info.type, "ECKD", 4) != 0) {
warnx("Unsupported disk type"); warnx("Unsupported disk type");
@@ -700,7 +701,7 @@ @@ -700,7 +701,7 @@ static void set_geo(unsigned int *cylind
struct dasd_eckd_characteristics *characteristics; struct dasd_eckd_characteristics *characteristics;
if (g.verbosity > 0) if (g.verbosity > 0)
@ -103,7 +107,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
characteristics = (struct dasd_eckd_characteristics *) characteristics = (struct dasd_eckd_characteristics *)
&g.dasd_info.characteristics; &g.dasd_info.characteristics;
@@ -728,13 +729,13 @@ @@ -728,13 +729,13 @@ static void set_label(volume_label_t *vl
"Cylinders above this limit will not be" "Cylinders above this limit will not be"
" accessible as a linux partition!\n" " accessible as a linux partition!\n"
"Type \"yes\" to continue, no will leave" "Type \"yes\" to continue, no will leave"
@ -120,7 +124,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
return; return;
} }
} }
@@ -872,7 +873,7 @@ @@ -872,7 +873,7 @@ static void check_disk_format(unsigned i
check_params->start_unit = 0; check_params->start_unit = 0;
check_params->stop_unit = (cylinders * heads) - 1; check_params->stop_unit = (cylinders * heads) - 1;
@ -129,7 +133,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
if (g.testmode) { if (g.testmode) {
printf("Test mode active, omitting ioctl.\n"); printf("Test mode active, omitting ioctl.\n");
@@ -896,7 +897,7 @@ @@ -896,7 +897,7 @@ static void check_disk_format(unsigned i
if (process_tracks(cylinders, heads, check_params)) if (process_tracks(cylinders, heads, check_params))
error("Use --mode=full to perform a clean format."); error("Use --mode=full to perform a clean format.");
@ -138,7 +142,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
} }
/* /*
@@ -946,8 +947,8 @@ @@ -946,8 +947,8 @@ static void dasdfmt_print_info(volume_la
printf("Device Type: %s Provisioned\n", printf("Device Type: %s Provisioned\n",
g.ese ? "Thinly" : "Fully"); g.ese ? "Thinly" : "Fully");
@ -149,7 +153,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
printf(" Device number of device : 0x%x\n", g.dasd_info.devno); printf(" Device number of device : 0x%x\n", g.dasd_info.devno);
printf(" Labelling device : %s\n", printf(" Labelling device : %s\n",
(g.writenolabel) ? "no" : "yes"); (g.writenolabel) ? "no" : "yes");
@@ -1012,7 +1013,7 @@ @@ -1012,7 +1013,7 @@ static void dasdfmt_write_labels(volume_
int ipl1_record_len, ipl2_record_len; int ipl1_record_len, ipl2_record_len;
if (g.verbosity > 0) if (g.verbosity > 0)
@ -158,7 +162,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
get_blocksize(&blksize); get_blocksize(&blksize);
@@ -1030,7 +1031,7 @@ @@ -1030,7 +1031,7 @@ static void dasdfmt_write_labels(volume_
/* write empty bootstrap (initial IPL records) */ /* write empty bootstrap (initial IPL records) */
if (g.verbosity > 0) if (g.verbosity > 0)
@ -167,7 +171,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
/* /*
* Note: ldl labels do not contain the key field * Note: ldl labels do not contain the key field
@@ -1089,7 +1090,7 @@ @@ -1089,7 +1090,7 @@ static void dasdfmt_write_labels(volume_
label_position = g.dasd_info.label_block * blksize; label_position = g.dasd_info.label_block * blksize;
if (g.verbosity > 0) if (g.verbosity > 0)
@ -176,7 +180,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
rc = lseek(fd, label_position, SEEK_SET); rc = lseek(fd, label_position, SEEK_SET);
if (rc != label_position) { if (rc != label_position) {
@@ -1120,7 +1121,7 @@ @@ -1120,7 +1121,7 @@ static void dasdfmt_write_labels(volume_
} }
if (g.verbosity > 0) if (g.verbosity > 0)
@ -185,16 +189,16 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
label_position = (VTOC_START_CC * heads + VTOC_START_HH) * label_position = (VTOC_START_CC * heads + VTOC_START_HH) *
geo.sectors * blksize; geo.sectors * blksize;
@@ -1242,7 +1243,7 @@ @@ -1242,7 +1243,7 @@ static int dasdfmt_release_space(void)
if (!g.ese || g.no_discard) if (!g.ese || g.no_discard)
return; return 0;
- printf("Releasing space for the entire device...\n"); - printf("Releasing space for the entire device...\n");
+ printf("Releasing space for the entire %s device...\n", g.dev_path); + printf("Releasing space for the entire %s device...\n", g.dev_path);
err = dasd_release_space(g.dev_node, &r); err = dasd_release_space(g.dev_node, &r);
if (err) /*
error("Could not release space: %s", strerror(err)); * Warn or Error on failing RAS depending on QUICK mode set explicitly or automatically
@@ -1261,20 +1262,21 @@ @@ -1270,20 +1271,21 @@ static void dasdfmt_prepare_and_format(u
int err; int err;
if (!(g.withoutprompt && g.verbosity < 1)) if (!(g.withoutprompt && g.verbosity < 1))
@ -221,7 +225,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
/* except track 0 from standard formatting procss */ /* except track 0 from standard formatting procss */
p->start_unit = 1; p->start_unit = 1;
@@ -1282,19 +1284,19 @@ @@ -1291,19 +1293,19 @@ static void dasdfmt_prepare_and_format(u
process_tracks(cylinders, heads, p); process_tracks(cylinders, heads, p);
if (g.verbosity > 0) if (g.verbosity > 0)
@ -244,7 +248,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
disk_enable(); disk_enable();
} }
@@ -1306,18 +1308,18 @@ @@ -1315,18 +1317,18 @@ static void dasdfmt_expand_format(unsign
format_data_t *p) format_data_t *p)
{ {
if (!(g.withoutprompt && g.verbosity < 1)) if (!(g.withoutprompt && g.verbosity < 1))
@ -267,7 +271,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
if (g.verbosity > 0) if (g.verbosity > 0)
printf("Re-accessing the device...\n"); printf("Re-accessing the device...\n");
@@ -1426,16 +1428,16 @@ @@ -1435,16 +1437,16 @@ static void do_format_dasd(volume_label_
if (!g.withoutprompt) { if (!g.withoutprompt) {
printf("\n"); printf("\n");
if (mode != EXPAND) if (mode != EXPAND)
@ -288,7 +292,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
return; return;
} }
} }
@@ -1453,12 +1455,12 @@ @@ -1466,12 +1468,12 @@ static void do_format_dasd(volume_label_
break; break;
} }
@ -303,7 +307,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
err = dasd_reread_partition_table(g.dev_node, 5); err = dasd_reread_partition_table(g.dev_node, 5);
if (err != 0) { if (err != 0) {
ERRMSG("%s: error during rereading the partition " ERRMSG("%s: error during rereading the partition "
@@ -1472,7 +1474,7 @@ @@ -1485,7 +1487,7 @@ static void do_format_dasd(volume_label_
static void eval_format_mode(void) static void eval_format_mode(void)
{ {
if (!g.force && g.mode_specified && g.ese && mode == EXPAND) { if (!g.force && g.mode_specified && g.ese && mode == EXPAND) {
@ -312,7 +316,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
warnx("Format mode 'expand' is not feasible."); warnx("Format mode 'expand' is not feasible.");
error("Use --mode=full or --mode=quick to perform a clean format"); error("Use --mode=full or --mode=quick to perform a clean format");
} }
@@ -1495,20 +1497,70 @@ @@ -1508,20 +1510,70 @@ static void set_prog_name(char *s)
prog_name = p + 1; prog_name = p + 1;
} }
@ -387,7 +391,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
/* Establish a handler for interrupt signals. */ /* Establish a handler for interrupt signals. */
signal(SIGTERM, program_interrupt_signal); signal(SIGTERM, program_interrupt_signal);
@@ -1644,6 +1696,9 @@ @@ -1657,6 +1709,9 @@ int main(int argc, char *argv[])
break; /* exit loop if finished */ break; /* exit loop if finished */
} }
@ -397,7 +401,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
CHECK_SPEC_MAX_ONCE(g.blksize_specified, "blocksize"); CHECK_SPEC_MAX_ONCE(g.blksize_specified, "blocksize");
CHECK_SPEC_MAX_ONCE(g.labelspec, "label"); CHECK_SPEC_MAX_ONCE(g.labelspec, "label");
CHECK_SPEC_MAX_ONCE(g.writenolabel, "omit-label-writing flag"); CHECK_SPEC_MAX_ONCE(g.writenolabel, "omit-label-writing flag");
@@ -1662,48 +1717,28 @@ @@ -1675,48 +1730,28 @@ int main(int argc, char *argv[])
if (g.print_hashmarks) if (g.print_hashmarks)
PARSE_PARAM_INTO(g.hashstep, hashstep_str, 10, "hashstep"); PARSE_PARAM_INTO(g.hashstep, hashstep_str, 10, "hashstep");

53
s390-tools-sles15sp3-Format-devices-in-parallel.patch
View File

@ -7,34 +7,37 @@ Allow dasdfmt to run in parallel when several devices are specified.
Signed-off-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Hannes Reinecke <hare@suse.com>
--- ---
dasdfmt/dasdfmt.8 | 16 +++++++++++++- dasdfmt/dasdfmt.8 | 16 ++++++++++++++--
dasdfmt/dasdfmt.c | 58 ++++++++++++++++++++++++++++++++++++++++++------------ dasdfmt/dasdfmt.c | 50 +++++++++++++++++++++++++++++++++++++++++++-------
2 files changed, 60 insertions(+), 14 deletions(-) dasdfmt/dasdfmt.h | 1 +
3 files changed, 58 insertions(+), 9 deletions(-)
--- a/dasdfmt/dasdfmt.8 Index: s390-tools-2.30.0/dasdfmt/dasdfmt.8
+++ b/dasdfmt/dasdfmt.8 ===================================================================
--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.8
+++ s390-tools-2.30.0/dasdfmt/dasdfmt.8
@@ -7,7 +7,7 @@ @@ -7,7 +7,7 @@
dasdfmt \- formatting of DASD (ECKD) disk drives. dasdfmt \- formatting of DASD (ECKD) disk drives.
.SH SYNOPSIS .SH SYNOPSIS
-\fBdasdfmt\fR [\-h] [\-t] [\-v] [\-y] [\-p] [\-P] [\-m \fIstep\fR] -\fBdasdfmt\fR [-h] [-t] [-v] [-y] [-p] [-P] [-m \fIstep\fR]
+\fBdasdfmt\fR [\-h] [\-t] [\-v] [\-y] [\-p] [\-Q] [\-P] [\-m \fIstep\fR] +\fBdasdfmt\fR [-h] [-t] [-v] [-y] [-p] [-Q] [-P] [-m \fIstep\fR]
.br .br
[\-r \fIcylinder\fR] [\-b \fIblksize\fR] [\-l \fIvolser\fR] [\-d \fIlayout\fR] [-r \fIcylinder\fR] [-b \fIblksize\fR] [-l \fIvolser\fR] [-d \fIlayout\fR]
.br .br
@@ -95,7 +95,7 @@ @@ -96,7 +96,7 @@ Do not use this option if you are using
running in background or redirecting the output to a file. running in background or redirecting the output to a file.
.TP .TP
-\fB\-P\fR or \fB\-\-percentage\fR -\fB-P\fR or \fB--percentage\fR
+\fB\-Q\fR or \fB\-\-percentage\fR +\fB-Q\fR or \fB--percentage\fR
Print one line for each formatted cylinder showing the number of the Print one line for each formatted cylinder showing the number of the
cylinder and percentage of formatting process. cylinder and percentage of formatting process.
Intended to be used by higher level interfaces. Intended to be used by higher level interfaces.
@@ -164,6 +164,18 @@ @@ -164,6 +164,18 @@ Specify blocksize to be used. \fIblksize
and always be a power of two. The recommended blocksize is 4096 bytes.
.TP .TP
\fB\-l\fR \fIvolser\fR or \fB\-\-label\fR=\fIvolser\fR
+\fB-P\fR \fInumdisks\fR or \fB--max_parallel\fR=\fInumdisks\fR +\fB-P\fR \fInumdisks\fR or \fB--max_parallel\fR=\fInumdisks\fR
+Specify the number of disks to be formatted in parallel. +Specify the number of disks to be formatted in parallel.
+\fInumdisks\fR specifies the number of formatting processed, +\fInumdisks\fR specifies the number of formatting processed,
@ -47,11 +50,13 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
+.br +.br
+ +
+.TP +.TP
\fB-l\fR \fIvolser\fR or \fB--label\fR=\fIvolser\fR
Specify the volume serial number or volume identifier to be written Specify the volume serial number or volume identifier to be written
to disk after formatting. If no label is specified, a sensible default to disk after formatting. If no label is specified, a sensible default
is used. \fIvolser\fR is interpreted as ASCII string and is automatically Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
--- a/dasdfmt/dasdfmt.c ===================================================================
+++ b/dasdfmt/dasdfmt.c --- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.c
+++ s390-tools-2.30.0/dasdfmt/dasdfmt.c
@@ -13,6 +13,7 @@ @@ -13,6 +13,7 @@
#include <sys/sysmacros.h> #include <sys/sysmacros.h>
#include <sys/time.h> #include <sys/time.h>
@ -60,7 +65,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
#include "lib/dasd_base.h" #include "lib/dasd_base.h"
#include "lib/dasd_sys.h" #include "lib/dasd_sys.h"
@@ -81,6 +82,7 @@ @@ -81,6 +82,7 @@ static struct dasdfmt_globals {
int mode_specified; int mode_specified;
int ese; int ese;
int no_discard; int no_discard;
@ -68,7 +73,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
} g = { } g = {
.dasd_info = { 0 }, .dasd_info = { 0 },
}; };
@@ -105,6 +107,11 @@ @@ -105,6 +107,11 @@ static struct util_opt opt_vec[] = {
.desc = "Perform complete format check on device", .desc = "Perform complete format check on device",
.flags = UTIL_OPT_FLAG_NOSHORT, .flags = UTIL_OPT_FLAG_NOSHORT,
}, },
@ -80,7 +85,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
UTIL_OPT_SECTION("FORMAT OPTIONS"), UTIL_OPT_SECTION("FORMAT OPTIONS"),
{ {
.option = { "blocksize", required_argument, NULL, 'b' }, .option = { "blocksize", required_argument, NULL, 'b' },
@@ -162,7 +169,7 @@ @@ -162,7 +169,7 @@ static struct util_opt opt_vec[] = {
.desc = "Show a progressbar", .desc = "Show a progressbar",
}, },
{ {
@ -89,7 +94,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
.desc = "Show progress in percent", .desc = "Show progress in percent",
}, },
UTIL_OPT_SECTION("MISC"), UTIL_OPT_SECTION("MISC"),
@@ -311,7 +318,7 @@ @@ -311,7 +318,7 @@ static void draw_progress(int cyl, unsig
} }
if (g.print_hashmarks && (cyl / g.hashstep - hashcount) != 0) { if (g.print_hashmarks && (cyl / g.hashstep - hashcount) != 0) {
@ -98,7 +103,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
fflush(stdout); fflush(stdout);
hashcount++; hashcount++;
} }
@@ -1560,7 +1567,11 @@ @@ -1573,7 +1580,11 @@ int main(int argc, char *argv[])
char *reqsize_param_str = NULL; char *reqsize_param_str = NULL;
char *hashstep_str = NULL; char *hashstep_str = NULL;
@ -111,7 +116,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
/* Establish a handler for interrupt signals. */ /* Establish a handler for interrupt signals. */
signal(SIGTERM, program_interrupt_signal); signal(SIGTERM, program_interrupt_signal);
@@ -1623,7 +1634,7 @@ @@ -1636,7 +1647,7 @@ int main(int argc, char *argv[])
g.print_hashmarks = 1; g.print_hashmarks = 1;
} }
break; break;
@ -120,7 +125,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
if (!(g.print_hashmarks || g.print_progressbar)) if (!(g.print_hashmarks || g.print_progressbar))
g.print_percentage = 1; g.print_percentage = 1;
break; break;
@@ -1682,6 +1693,9 @@ @@ -1695,6 +1706,9 @@ int main(int argc, char *argv[])
case OPT_NODISCARD: case OPT_NODISCARD:
g.no_discard = 1; g.no_discard = 1;
break; break;
@ -130,7 +135,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
case OPT_CHECK: case OPT_CHECK:
g.check = 1; g.check = 1;
break; break;
@@ -1733,15 +1747,35 @@ @@ -1746,15 +1760,35 @@ int main(int argc, char *argv[])
if (numdev > 1 && g.labelspec) if (numdev > 1 && g.labelspec)
error("Specifying a volser to be written doesn't make sense when formatting multiple DASD volumes."); error("Specifying a volser to be written doesn't make sense when formatting multiple DASD volumes.");

51
s390-tools-sles15sp3-Implement-Y-yast_mode.patch
View File

@ -7,22 +7,25 @@ Implement an option '-Y' to suppress most output.
Signed-off-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Hannes Reinecke <hare@suse.com>
--- ---
dasdfmt/dasdfmt.8 | 7 ++++- dasdfmt/dasdfmt.8 | 7 ++++++-
dasdfmt/dasdfmt.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++------ dasdfmt/dasdfmt.c | 27 ++++++++++++++++++++-------
2 files changed, 72 insertions(+), 8 deletions(-) dasdfmt/dasdfmt.h | 1 +
3 files changed, 27 insertions(+), 8 deletions(-)
--- a/dasdfmt/dasdfmt.8 Index: s390-tools-2.30.0/dasdfmt/dasdfmt.8
+++ b/dasdfmt/dasdfmt.8 ===================================================================
--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.8
+++ s390-tools-2.30.0/dasdfmt/dasdfmt.8
@@ -7,7 +7,7 @@ @@ -7,7 +7,7 @@
dasdfmt \- formatting of DASD (ECKD) disk drives. dasdfmt \- formatting of DASD (ECKD) disk drives.
.SH SYNOPSIS .SH SYNOPSIS
-\fBdasdfmt\fR [\-h] [\-t] [\-v] [\-y] [\-p] [\-Q] [\-P] [\-m \fIstep\fR] -\fBdasdfmt\fR [-h] [-t] [-v] [-y] [-p] [-Q] [-P] [-m \fIstep\fR]
+\fBdasdfmt\fR [\-h] [\-t] [\-v] [\-y] [\-p] [\-Q] [\-P] [\-Y] [\-m \fIstep\fR] +\fBdasdfmt\fR [-h] [-t] [-v] [-y] [-p] [-Q] [-P] [-Y] [-m \fIstep\fR]
.br .br
[\-r \fIcylinder\fR] [\-b \fIblksize\fR] [\-l \fIvolser\fR] [\-d \fIlayout\fR] [-r \fIcylinder\fR] [-b \fIblksize\fR] [-l \fIvolser\fR] [-d \fIlayout\fR]
.br .br
@@ -112,6 +112,11 @@ @@ -113,6 +113,11 @@ The value will be at least as big as the
.br .br
.TP .TP
@ -31,12 +34,14 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
+.br +.br
+ +
+.TP +.TP
\fB\-M\fR \fImode\fR or \fB\-\-mode\fR=\fImode\fR \fB-M\fR \fImode\fR or \fB--mode\fR=\fImode\fR
Specify the \fImode\fR to be used to format the device. Valid modes are: Specify the \fImode\fR to be used to format the device. Valid modes are:
.RS .RS
--- a/dasdfmt/dasdfmt.c Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
+++ b/dasdfmt/dasdfmt.c ===================================================================
@@ -83,6 +83,7 @@ --- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.c
+++ s390-tools-2.30.0/dasdfmt/dasdfmt.c
@@ -83,6 +83,7 @@ static struct dasdfmt_globals {
int ese; int ese;
int no_discard; int no_discard;
int procnum; int procnum;
@ -44,7 +49,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
} g = { } g = {
.dasd_info = { 0 }, .dasd_info = { 0 },
}; };
@@ -172,6 +173,10 @@ @@ -172,6 +173,10 @@ static struct util_opt opt_vec[] = {
.option = { "percentage", no_argument, NULL, 'Q' }, .option = { "percentage", no_argument, NULL, 'Q' },
.desc = "Show progress in percent", .desc = "Show progress in percent",
}, },
@ -55,7 +60,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
UTIL_OPT_SECTION("MISC"), UTIL_OPT_SECTION("MISC"),
{ {
.option = { "check_host_count", no_argument, NULL, 'C' }, .option = { "check_host_count", no_argument, NULL, 'C' },
@@ -318,7 +323,9 @@ @@ -318,7 +323,9 @@ static void draw_progress(int cyl, unsig
} }
if (g.print_hashmarks && (cyl / g.hashstep - hashcount) != 0) { if (g.print_hashmarks && (cyl / g.hashstep - hashcount) != 0) {
@ -66,7 +71,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
fflush(stdout); fflush(stdout);
hashcount++; hashcount++;
} }
@@ -392,7 +399,7 @@ @@ -392,7 +399,7 @@ static void evaluate_format_error(format
unsigned int kl = 0; unsigned int kl = 0;
int blksize = cdata->expect.blksize; int blksize = cdata->expect.blksize;
@ -75,7 +80,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
printf("\n"); printf("\n");
/* /*
@@ -780,8 +787,9 @@ @@ -780,8 +787,9 @@ static void check_hashmarks(void)
g.hashstep = 10; g.hashstep = 10;
} }
@ -87,7 +92,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
} }
} }
@@ -1462,17 +1470,19 @@ @@ -1475,17 +1483,19 @@ static void do_format_dasd(volume_label_
break; break;
} }
@ -110,7 +115,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
printf("ok\n"); printf("ok\n");
} }
} }
@@ -1548,6 +1558,7 @@ @@ -1561,6 +1571,7 @@ void process_dasd(volume_label_t *orig_v
error("%s", str); error("%s", str);
set_geo(&cylinders, &heads); set_geo(&cylinders, &heads);
@ -118,7 +123,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
set_label(&vlabel, &format_params, cylinders); set_label(&vlabel, &format_params, cylinders);
if (g.check) if (g.check)
@@ -1557,6 +1568,29 @@ @@ -1570,6 +1581,29 @@ void process_dasd(volume_label_t *orig_v
} }
@ -148,7 +153,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
int main(int argc, char *argv[]) int main(int argc, char *argv[])
{ {
volume_label_t vlabel; volume_label_t vlabel;
@@ -1693,6 +1727,10 @@ @@ -1706,6 +1740,10 @@ int main(int argc, char *argv[])
case OPT_NODISCARD: case OPT_NODISCARD:
g.no_discard = 1; g.no_discard = 1;
break; break;
@ -159,7 +164,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
case 'P': case 'P':
max_parallel = atoi(optarg); max_parallel = atoi(optarg);
break; break;
@@ -1728,6 +1766,21 @@ @@ -1741,6 +1779,21 @@ int main(int argc, char *argv[])
reqsize = DEFAULT_REQUESTSIZE; reqsize = DEFAULT_REQUESTSIZE;
} }
@ -181,7 +186,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
if (g.print_hashmarks) if (g.print_hashmarks)
PARSE_PARAM_INTO(g.hashstep, hashstep_str, 10, "hashstep"); PARSE_PARAM_INTO(g.hashstep, hashstep_str, 10, "hashstep");
@@ -1747,6 +1800,12 @@ @@ -1760,6 +1813,12 @@ int main(int argc, char *argv[])
if (numdev > 1 && g.labelspec) if (numdev > 1 && g.labelspec)
error("Specifying a volser to be written doesn't make sense when formatting multiple DASD volumes."); error("Specifying a volser to be written doesn't make sense when formatting multiple DASD volumes.");

47
s390-tools-sles15sp3-Implement-f-for-backwards-compability.patch
View File

@ -9,34 +9,39 @@ version of YaST we should accept this option, too.
Signed-off-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Hannes Reinecke <hare@suse.com>
--- ---
dasdfmt/dasdfmt.8 | 5 ++++- dasdfmt/dasdfmt.8 | 6 +++++-
dasdfmt/dasdfmt.c | 10 ++++++++++ dasdfmt/dasdfmt.c | 8 ++++++++
2 files changed, 14 insertions(+), 1 deletion(-) 2 files changed, 13 insertions(+), 1 deletion(-)
--- a/dasdfmt/dasdfmt.8 Index: s390-tools-2.30.0/dasdfmt/dasdfmt.8
+++ b/dasdfmt/dasdfmt.8 ===================================================================
@@ -11,7 +11,7 @@ --- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.8
+++ s390-tools-2.30.0/dasdfmt/dasdfmt.8
@@ -11,7 +11,7 @@ dasdfmt \- formatting of DASD (ECKD) dis
.br .br
[\-r \fIcylinder\fR] [\-b \fIblksize\fR] [\-l \fIvolser\fR] [\-d \fIlayout\fR] [-r \fIcylinder\fR] [-b \fIblksize\fR] [-l \fIvolser\fR] [-d \fIlayout\fR]
.br .br
- [\-L] [\-V] [\-F] [\-k] [\-C] [\-M \fImode\fR] \fIdevice\fR [\fIdevice\fR] - [-L] [-V] [-F] [-k] [-C] [-M \fImode\fR] \fIdevice\fR [\fIdevice\fR]
+ [\-L] [\-V] [\-F] [\-k] [\-C] [\-M \fImode\fR] [-f \fIdevice\fR] [\fIdevice\fR] + [-L] [-V] [-F] [-k] [-C] [-M \fImode\fR] [-f \fIdevice\fR] [\fIdevice\fR]
.SH DESCRIPTION .SH DESCRIPTION
\fBdasdfmt\fR formats one or several DASD (ECKD) disk drive(s) to prepare them \fBdasdfmt\fR formats one or several DASD (ECKD) disk drive to prepare it
@@ -39,6 +39,9 @@ @@ -42,6 +42,10 @@ out, what it \fBwould\fR do.
.TP
\fB\-v\fR
Increases verbosity. Increases verbosity.
+.TP
+\fB-f\fR \fIdevice\fR or \fB--device\fR=\fIdevice\fR
+Specify device to format. For backwards compability only.
.TP .TP
\fB\-y\fR +\fB-f\fR \fIdevice\fR or \fB--device\fR=\fIdevice\fR
--- a/dasdfmt/dasdfmt.c +Specify device to format. For backwards compability only.
+++ b/dasdfmt/dasdfmt.c +
@@ -113,6 +113,10 @@ +.TP
\fB-y\fR
Start formatting without further user-confirmation.
Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
===================================================================
--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.c
+++ s390-tools-2.30.0/dasdfmt/dasdfmt.c
@@ -113,6 +113,10 @@ static struct util_opt opt_vec[] = {
.desc = "Format devices in parallel", .desc = "Format devices in parallel",
.flags = UTIL_OPT_FLAG_NOLONG, .flags = UTIL_OPT_FLAG_NOLONG,
}, },
@ -47,7 +52,7 @@ Signed-off-by: Hannes Reinecke <hare@suse.com>
UTIL_OPT_SECTION("FORMAT OPTIONS"), UTIL_OPT_SECTION("FORMAT OPTIONS"),
{ {
.option = { "blocksize", required_argument, NULL, 'b' }, .option = { "blocksize", required_argument, NULL, 'b' },
@@ -1649,6 +1653,12 @@ @@ -1662,6 +1666,12 @@ int main(int argc, char *argv[])
} }
g.layout_specified = 1; g.layout_specified = 1;
break; break;

286
s390-tools-sles15sp5-01-rust-pv-support-Armonk-in-IBM-signing-key-subject.patch Normal file
View File

@ -0,0 +1,286 @@
Index: s390-tools-service/rust/pv/src/verify.rs
===================================================================
--- s390-tools-service.orig/rust/pv/src/verify.rs
+++ s390-tools-service/rust/pv/src/verify.rs
@@ -3,10 +3,11 @@
// Copyright IBM Corp. 2023
use core::slice;
-use log::debug;
+use log::{debug, trace};
+use openssl::error::ErrorStack;
use openssl::stack::Stack;
use openssl::x509::store::X509Store;
-use openssl::x509::{CrlStatus, X509Ref, X509StoreContext, X509};
+use openssl::x509::{CrlStatus, X509NameRef, X509Ref, X509StoreContext, X509StoreContextRef, X509};
use openssl_extensions::crl::StackableX509Crl;
use openssl_extensions::crl::X509StoreContextExtension;
@@ -82,8 +83,8 @@ impl HkdVerifier for CertVerifier {
if verified_crls.is_empty() {
bail_hkd_verify!(NoCrl);
}
- for crl in &verified_crls {
- match crl.get_by_cert(&hkd.to_owned()) {
+ for crl in verified_crls {
+ match crl.get_by_serial(hkd.serial_number()) {
CrlStatus::NotRevoked => (),
_ => bail_hkd_verify!(HdkRevoked),
}
@@ -94,21 +95,54 @@ impl HkdVerifier for CertVerifier {
}
impl CertVerifier {
+ fn quirk_crls(
+ ctx: &mut X509StoreContextRef,
+ subject: &X509NameRef,
+ ) -> Result<Stack<StackableX509Crl>, ErrorStack> {
+ match ctx.crls(subject) {
+ Ok(ret) if !ret.is_empty() => return Ok(ret),
+ _ => (),
+ }
+
+ // Armonk/Poughkeepsie fixup
+ trace!("quirk_crls: Try Locality");
+ if let Some(locality_subject) = helper::armonk_locality_fixup(subject) {
+ match ctx.crls(&locality_subject) {
+ Ok(ret) if !ret.is_empty() => return Ok(ret),
+ _ => (),
+ }
+
+ // reorder
+ trace!("quirk_crls: Try Locality+Reorder");
+ if let Ok(locality_ordered_subject) = helper::reorder_x509_names(&locality_subject) {
+ match ctx.crls(&locality_ordered_subject) {
+ Ok(ret) if !ret.is_empty() => return Ok(ret),
+ _ => (),
+ }
+ }
+ }
+
+ // reorder unchanged loaciliy subject
+ trace!("quirk_crls: Try Reorder");
+ if let Ok(ordered_subject) = helper::reorder_x509_names(subject) {
+ match ctx.crls(&ordered_subject) {
+ Ok(ret) if !ret.is_empty() => return Ok(ret),
+ _ => (),
+ }
+ }
+ // nothing found, return empty stack
+ Stack::new()
+ }
+
///Download the CLRs that a HKD refers to.
pub fn hkd_crls(&self, hkd: &X509Ref) -> Result<Stack<StackableX509Crl>> {
let mut ctx = X509StoreContext::new()?;
// Unfortunately we cannot use a dedicated function here and have to use a closure (E0434)
// Otherwise, we cannot refer to self
+ // Search for local CRLs
let mut crls = ctx.init_opt(&self.store, None, None, |ctx| {
let subject = self.ibm_z_sign_key.subject_name();
- match ctx.crls(subject) {
- Ok(crls) => Ok(crls),
- _ => {
- // reorder the name and try again
- let broken_subj = helper::reorder_x509_names(subject)?;
- ctx.crls(&broken_subj).or_else(helper::stack_err_hlp)
- }
- }
+ Self::quirk_crls(ctx, subject)
})?;
if !self.offline {
Index: s390-tools-service/rust/pv/src/verify/helper.rs
===================================================================
--- s390-tools-service.orig/rust/pv/src/verify/helper.rs
+++ s390-tools-service/rust/pv/src/verify/helper.rs
@@ -13,7 +13,7 @@ use openssl::{
error::ErrorStack,
nid::Nid,
ssl::SslFiletype,
- stack::{Stack, Stackable},
+ stack::Stack,
x509::{
store::{File, X509Lookup, X509StoreBuilder, X509StoreBuilderRef, X509StoreRef},
verify::{X509VerifyFlags, X509VerifyParam},
@@ -25,6 +25,7 @@ use openssl_extensions::{
akid::{AkidCheckResult, AkidExtension},
crl::X509StoreExtension,
};
+use std::str::from_utf8;
use std::{cmp::Ordering, ffi::c_int, time::Duration, usize};
/// Minimum security level for the keys/certificates used to establish a chain of
@@ -39,7 +40,6 @@ const SECURITY_CHAIN_MAX_LEN: c_int = 2;
/// verifies that the HKD
/// * has enough security bits
/// * is inside its validity period
-/// * issuer name is the subject name of the [`sign_key`]
/// * the Authority Key ID matches the Signing Key ID of the [`sign_key`]
pub fn verify_hkd_options(hkd: &X509Ref, sign_key: &X509Ref) -> Result<()> {
let hk_pkey = hkd.public_key()?;
@@ -53,9 +53,6 @@ pub fn verify_hkd_options(hkd: &X509Ref,
// verify that the hkd is still valid
check_validity_period(hkd.not_before(), hkd.not_after())?;
- // check if hkd.issuer_name == issuer.subject
- check_x509_name_equal(sign_key.subject_name(), hkd.issuer_name())?;
-
// verify that the AKID of the hkd matches the SKID of the issuer
if let Some(akid) = hkd.akid() {
if akid.check(sign_key) != AkidCheckResult::OK {
@@ -75,9 +72,6 @@ pub fn verify_crl(crl: &X509CrlRef, issu
return None;
}
}
-
- check_x509_name_equal(crl.issuer_name(), issuer.subject_name()).ok()?;
-
match crl.verify(issuer.public_key().ok()?.as_ref()).ok()? {
true => Some(()),
false => None,
@@ -207,7 +201,8 @@ pub fn download_crls_into_store(store: &
//Asn1StringRef::as_slice aka ASN1_STRING_get0_data gives a string without \0 delimiter
const IBM_Z_COMMON_NAME: &[u8; 43usize] = b"International Business Machines Corporation";
const IBM_Z_COUNTRY_NAME: &[u8; 2usize] = b"US";
-const IBM_Z_LOCALITY_NAME: &[u8; 12usize] = b"Poughkeepsie";
+const IBM_Z_LOCALITY_NAME_POUGHKEEPSIE: &[u8; 12usize] = b"Poughkeepsie";
+const IBM_Z_LOCALITY_NAME_ARMONK: &[u8; 6usize] = b"Armonk";
const IBM_Z_ORGANIZATIONAL_UNIT_NAME_SUFFIX: &str = "Key Signing Service";
const IBM_Z_ORGANIZATION_NAME: &[u8; 43usize] = b"International Business Machines Corporation";
const IBM_Z_STATE: &[u8; 8usize] = b"New York";
@@ -226,7 +221,8 @@ fn is_ibm_signing_cert(cert: &X509) -> b
if subj.entries().count() != IMB_Z_ENTRY_COUNT
|| !name_data_eq(subj, Nid::COUNTRYNAME, IBM_Z_COUNTRY_NAME)
|| !name_data_eq(subj, Nid::STATEORPROVINCENAME, IBM_Z_STATE)
- || !name_data_eq(subj, Nid::LOCALITYNAME, IBM_Z_LOCALITY_NAME)
+ || !(name_data_eq(subj, Nid::LOCALITYNAME, IBM_Z_LOCALITY_NAME_POUGHKEEPSIE)
+ || name_data_eq(subj, Nid::LOCALITYNAME, IBM_Z_LOCALITY_NAME_ARMONK))
|| !name_data_eq(subj, Nid::ORGANIZATIONNAME, IBM_Z_ORGANIZATION_NAME)
|| !name_data_eq(subj, Nid::COMMONNAME, IBM_Z_COMMON_NAME)
{
@@ -367,24 +363,6 @@ fn check_validity_period(not_before: &As
}
}
-fn check_x509_name_equal(lhs: &X509NameRef, rhs: &X509NameRef) -> Result<()> {
- if lhs.entries().count() != rhs.entries().count() {
- bail_hkd_verify!(IssuerMismatch);
- }
-
- for l in lhs.entries() {
- // search for the matching value in the rhs names
- // found none? -> names are not equal
- if !rhs
- .entries()
- .any(|r| l.data().as_slice() == r.data().as_slice())
- {
- bail_hkd_verify!(IssuerMismatch);
- }
- }
- Ok(())
-}
-
const NIDS_CORRECT_ORDER: [Nid; 6] = [
Nid::COUNTRYNAME,
Nid::ORGANIZATIONNAME,
@@ -407,13 +385,28 @@ pub fn reorder_x509_names(subject: &X509
Ok(correct_subj.build())
}
-pub fn stack_err_hlp<T: Stackable>(
- e: ErrorStack,
-) -> std::result::Result<Stack<T>, openssl::error::ErrorStack> {
- match e.errors().len() {
- 0 => Stack::<T>::new(),
- _ => Err(e),
+/**
+* Workaround for potential locality mismatches between CRLs and Certs
+* # Return
+* fixed subject or none if locality was not Armonk or any OpenSSL error
+*/
+pub fn armonk_locality_fixup(subject: &X509NameRef) -> Option<X509Name> {
+ if !name_data_eq(subject, Nid::LOCALITYNAME, IBM_Z_LOCALITY_NAME_ARMONK) {
+ return None;
+ }
+
+ let mut ret = X509Name::builder().ok()?;
+ for entry in subject.entries() {
+ match entry.object().nid() {
+ nid @ Nid::LOCALITYNAME => ret
+ .append_entry_by_nid(nid, from_utf8(IBM_Z_LOCALITY_NAME_POUGHKEEPSIE).ok()?)
+ .ok()?,
+ _ => {
+ ret.append_entry(entry).ok()?;
+ }
+ }
}
+ Some(ret.build())
}
#[cfg(test)]
@@ -451,20 +444,6 @@ mod test {
));
}
- #[test]
- fn x509_name_equal() {
- let sign_crt = load_gen_cert("ibm.crt");
- let hkd = load_gen_cert("host.crt");
- let other = load_gen_cert("inter_ca.crt");
-
- assert!(super::check_x509_name_equal(sign_crt.subject_name(), hkd.issuer_name()).is_ok(),);
-
- assert!(matches!(
- super::check_x509_name_equal(other.subject_name(), hkd.subject_name()),
- Err(Error::HkdVerify(IssuerMismatch))
- ));
- }
-
#[test]
fn is_ibm_z_sign_key() {
let ibm_crt = load_gen_cert("ibm.crt");
Index: s390-tools-service/rust/pv/src/verify/test.rs
===================================================================
--- s390-tools-service.orig/rust/pv/src/verify/test.rs
+++ s390-tools-service/rust/pv/src/verify/test.rs
@@ -84,7 +84,6 @@ fn verify_online() {
let inter_crt = get_cert_asset_path_string("inter_ca.crt");
let ibm_crt = get_cert_asset_path_string("ibm.crt");
let hkd_revoked = load_gen_cert("host_rev.crt");
- let hkd_inv = load_gen_cert("host_invalid_signing_key.crt");
let hkd_exp = load_gen_cert("host_crt_expired.crt");
let hkd = load_gen_cert("host.crt");
@@ -112,11 +111,6 @@ fn verify_online() {
));
assert!(matches!(
- verifier.verify(&hkd_inv),
- Err(Error::HkdVerify(IssuerMismatch))
- ));
-
- assert!(matches!(
verifier.verify(&hkd_exp),
Err(Error::HkdVerify(AfterValidity))
));
@@ -130,7 +124,6 @@ fn verify_offline() {
let ibm_crt = get_cert_asset_path_string("ibm.crt");
let ibm_crl = get_cert_asset_path_string("ibm.crl");
let hkd_revoked = load_gen_cert("host_rev.crt");
- let hkd_inv = load_gen_cert("host_invalid_signing_key.crt");
let hkd_exp = load_gen_cert("host_crt_expired.crt");
let hkd = load_gen_cert("host.crt");
@@ -149,11 +142,6 @@ fn verify_offline() {
));
assert!(matches!(
- verifier.verify(&hkd_inv),
- Err(Error::HkdVerify(IssuerMismatch))
- ));
-
- assert!(matches!(
verifier.verify(&hkd_exp),
Err(Error::HkdVerify(AfterValidity))
));

12
s390-tools-sles15sp5-remove-no-pie-link-arguments.patch
View File

@ -1,10 +1,8 @@
--- Index: s390-tools-2.30.0/common.mak
common.mak | 4 ++-- ===================================================================
1 file changed, 2 insertions(+), 2 deletions(-) --- s390-tools-2.30.0.orig/common.mak
+++ s390-tools-2.30.0/common.mak
--- a/common.mak @@ -338,8 +338,8 @@ export INSTALL CFLAGS CXXFLAGS \
+++ b/common.mak
@@ -338,8 +338,8 @@
LDFLAGS CPPFLAGS ALL_CFLAGS ALL_CXXFLAGS ALL_LDFLAGS ALL_CPPFLAGS LDFLAGS CPPFLAGS ALL_CFLAGS ALL_CXXFLAGS ALL_LDFLAGS ALL_CPPFLAGS
ifneq ($(shell $(CC_SILENT) -dumpspecs 2>/dev/null | grep -e '[^f]no-pie'),) ifneq ($(shell $(CC_SILENT) -dumpspecs 2>/dev/null | grep -e '[^f]no-pie'),)

304
s390-tools-sles15sp6-02-genprotimg-support-Armonk-in-IBM-signing-key-subject.patch Normal file
View File

@ -0,0 +1,304 @@
Index: s390-tools-service/genprotimg/src/include/pv_crypto_def.h
===================================================================
--- s390-tools-service.orig/genprotimg/src/include/pv_crypto_def.h
+++ s390-tools-service/genprotimg/src/include/pv_crypto_def.h
@@ -17,7 +17,8 @@
/* IBM signing key subject */
#define PV_IBM_Z_SUBJECT_COMMON_NAME "International Business Machines Corporation"
#define PV_IBM_Z_SUBJECT_COUNTRY_NAME "US"
-#define PV_IBM_Z_SUBJECT_LOCALITY_NAME "Poughkeepsie"
+#define PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE "Poughkeepsie"
+#define PV_IBM_Z_SUBJECT_LOCALITY_NAME_ARMONK "Armonk"
#define PV_IBM_Z_SUBJECT_ORGANIZATIONONAL_UNIT_NAME_SUFFIX "Key Signing Service"
#define PV_IBM_Z_SUBJECT_ORGANIZATION_NAME "International Business Machines Corporation"
#define PV_IBM_Z_SUBJECT_STATE "New York"
Index: s390-tools-service/genprotimg/src/utils/crypto.c
===================================================================
--- s390-tools-service.orig/genprotimg/src/utils/crypto.c
+++ s390-tools-service/genprotimg/src/utils/crypto.c
@@ -664,62 +664,9 @@ static gboolean x509_name_data_by_nid_eq
return memcmp(data, y, data_len) == 0;
}
-static gboolean own_X509_NAME_ENTRY_equal(const X509_NAME_ENTRY *x,
- const X509_NAME_ENTRY *y)
-{
- const ASN1_OBJECT *x_obj = X509_NAME_ENTRY_get_object(x);
- const ASN1_STRING *x_data = X509_NAME_ENTRY_get_data(x);
- const ASN1_OBJECT *y_obj = X509_NAME_ENTRY_get_object(y);
- const ASN1_STRING *y_data = X509_NAME_ENTRY_get_data(y);
- gint x_len = ASN1_STRING_length(x_data);
- gint y_len = ASN1_STRING_length(y_data);
-
- if (x_len < 0 || x_len != y_len)
- return FALSE;
-
- /* ASN1_STRING_cmp(x_data, y_data) == 0 doesn't work because it also
- * compares the type, which is sometimes different.
- */
- return OBJ_cmp(x_obj, y_obj) == 0 &&
- memcmp(ASN1_STRING_get0_data(x_data),
- ASN1_STRING_get0_data(y_data),
- (unsigned long)x_len) == 0;
-}
-
-static gboolean own_X509_NAME_equal(const X509_NAME *x, const X509_NAME *y)
-{
- gint x_count = X509_NAME_entry_count(x);
- gint y_count = X509_NAME_entry_count(y);
-
- if (x != y && (!x || !y))
- return FALSE;
-
- if (x_count != y_count)
- return FALSE;
-
- for (gint i = 0; i < x_count; i++) {
- const X509_NAME_ENTRY *entry_i = X509_NAME_get_entry(x, i);
- gboolean entry_found = FALSE;
-
- for (gint j = 0; j < y_count; j++) {
- const X509_NAME_ENTRY *entry_j =
- X509_NAME_get_entry(y, j);
-
- if (own_X509_NAME_ENTRY_equal(entry_i, entry_j)) {
- entry_found = TRUE;
- break;
- }
- }
-
- if (!entry_found)
- return FALSE;
- }
- return TRUE;
-}
-
/* Checks whether the subject of @cert is a IBM signing key subject. For this we
* must check that the subject is equal to: 'C = US, ST = New York, L =
- * Poughkeepsie, O = International Business Machines Corporation, CN =
+ * Poughkeepsie or Armonk, O = International Business Machines Corporation, CN =
* International Business Machines Corporation' and the organization unit (OUT)
* must end with the suffix ' Key Signing Service'.
*/
@@ -743,8 +690,10 @@ static gboolean has_ibm_signing_subject(
PV_IBM_Z_SUBJECT_STATE))
return FALSE;
- if (!x509_name_data_by_nid_equal(subject, NID_localityName,
- PV_IBM_Z_SUBJECT_LOCALITY_NAME))
+ if (!(x509_name_data_by_nid_equal(subject, NID_localityName,
+ PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE) ||
+ x509_name_data_by_nid_equal(subject, NID_localityName,
+ PV_IBM_Z_SUBJECT_LOCALITY_NAME_ARMONK)))
return FALSE;
if (!x509_name_data_by_nid_equal(subject, NID_organizationName,
@@ -806,6 +755,39 @@ static X509_NAME *x509_name_reorder_attr
return g_steal_pointer(&ret);
}
+/** Replace locality 'Armonk' with 'Pougkeepsie'. If Armonk was not set return
+ * `NULL`.
+ */
+static X509_NAME *x509_armonk_locality_fixup(const X509_NAME *name)
+{
+ g_autoptr(X509_NAME) ret = NULL;
+ int pos;
+
+ /* Check if ``L=Armonk`` */
+ if (!x509_name_data_by_nid_equal((X509_NAME *)name, NID_localityName,
+ PV_IBM_Z_SUBJECT_LOCALITY_NAME_ARMONK))
+ return NULL;
+
+ ret = X509_NAME_dup(name);
+ if (!ret)
+ g_abort();
+
+ pos = X509_NAME_get_index_by_NID(ret, NID_localityName, -1);
+ if (pos == -1)
+ return NULL;
+
+ X509_NAME_ENTRY_free(X509_NAME_delete_entry(ret, pos));
+
+ /* Create a new name entry at the same position as before */
+ if (X509_NAME_add_entry_by_NID(
+ ret, NID_localityName, MBSTRING_UTF8,
+ (const unsigned char *)&PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE,
+ sizeof(PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE) - 1, pos, 0) != 1)
+ return NULL;
+
+ return g_steal_pointer(&ret);
+}
+
/* In RFC 5280 the attributes of a (subject/issuer) name is not mandatory
* ordered. The problem is that our certificates are not consistent in the order
* (see https://tools.ietf.org/html/rfc5280#section-4.1.2.4 for details).
@@ -828,24 +810,10 @@ X509_NAME *c2b_name(const X509_NAME *nam
return X509_NAME_dup((X509_NAME *)name);
}
-/* Verify that: subject(issuer) == issuer(crl) and SKID(issuer) == AKID(crl) */
+/* Verify that SKID(issuer) == AKID(crl) if available */
static gint check_crl_issuer(X509_CRL *crl, X509 *issuer, GError **err)
{
- const X509_NAME *crl_issuer = X509_CRL_get_issuer(crl);
- const X509_NAME *issuer_subject = X509_get_subject_name(issuer);
- AUTHORITY_KEYID *akid = NULL;
-
- if (!own_X509_NAME_equal(issuer_subject, crl_issuer)) {
- g_autofree char *issuer_subject_str = X509_NAME_oneline(issuer_subject,
- NULL, 0);
- g_autofree char *crl_issuer_str = X509_NAME_oneline(crl_issuer, NULL, 0);
-
- g_set_error(err, PV_CRYPTO_ERROR,
- PV_CRYPTO_ERROR_CRL_SUBJECT_ISSUER_MISMATCH,
- _("issuer mismatch:\n%s\n%s"),
- issuer_subject_str, crl_issuer_str);
- return -1;
- }
+ g_autoptr(AUTHORITY_KEYID) akid = NULL;
/* If AKID(@crl) is specified it must match with SKID(@issuer) */
akid = X509_CRL_get_ext_d2i(crl, NID_authority_key_identifier, NULL, NULL);
@@ -881,7 +849,6 @@ gint check_crl_valid_for_cert(X509_CRL *
return -1;
}
- /* check that the @crl issuer matches with the subject name of @cert*/
if (check_crl_issuer(crl, cert, err) < 0)
return -1;
@@ -910,6 +877,60 @@ gint check_crl_valid_for_cert(X509_CRL *
return 0;
}
+/* This function contains work-arounds for some known subject(CRT)<->issuer(CRL)
+ * issues.
+ */
+static STACK_OF_X509_CRL *quirk_X509_STORE_ctx_get1_crls(X509_STORE_CTX *ctx,
+ const X509_NAME *subject, GError **err)
+{
+ g_autoptr(X509_NAME) fixed_subject = NULL;
+ g_autoptr(STACK_OF_X509_CRL) ret = NULL;
+
+ ret = Pv_X509_STORE_CTX_get1_crls(ctx, subject);
+ if (ret && sk_X509_CRL_num(ret) > 0)
+ return g_steal_pointer(&ret);
+
+ /* Workaround to fix the mismatch between issuer name of the * IBM
+ * signing CRLs and the IBM signing key subject name. Locality name has
+ * changed from Poughkeepsie to Armonk.
+ */
+ fixed_subject = x509_armonk_locality_fixup(subject);
+ /* Was the locality replaced? */
+ if (fixed_subject) {
+ X509_NAME *tmp;
+
+ sk_X509_CRL_free(ret);
+ ret = Pv_X509_STORE_CTX_get1_crls(ctx, fixed_subject);
+ if (ret && sk_X509_CRL_num(ret) > 0)
+ return g_steal_pointer(&ret);
+
+ /* Workaround to fix the ordering mismatch between issuer name
+ * of the IBM signing CRLs and the IBM signing key subject name.
+ */
+ tmp = fixed_subject;
+ fixed_subject = c2b_name(fixed_subject);
+ X509_NAME_free(tmp);
+ sk_X509_CRL_free(ret);
+ ret = Pv_X509_STORE_CTX_get1_crls(ctx, fixed_subject);
+ if (ret && sk_X509_CRL_num(ret) > 0)
+ return g_steal_pointer(&ret);
+ X509_NAME_free(fixed_subject);
+ fixed_subject = NULL;
+ }
+
+ /* Workaround to fix the ordering mismatch between issuer name of the
+ * IBM signing CRLs and the IBM signing key subject name.
+ */
+ fixed_subject = c2b_name(subject);
+ sk_X509_CRL_free(ret);
+ ret = Pv_X509_STORE_CTX_get1_crls(ctx, fixed_subject);
+ if (ret && sk_X509_CRL_num(ret) > 0)
+ return g_steal_pointer(&ret);
+
+ g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_NO_CRL, _("no CRL found"));
+ return NULL;
+}
+
/* Given a certificate @cert try to find valid revocation lists in @ctx. If no
* valid CRL was found NULL is returned.
*/
@@ -927,20 +948,9 @@ STACK_OF_X509_CRL *store_ctx_find_valid_
return NULL;
}
- ret = X509_STORE_CTX_get1_crls(ctx, subject);
- if (!ret) {
- /* Workaround to fix the mismatch between issuer name of the
- * IBM Z signing CRLs and the IBM Z signing key subject name.
- */
- g_autoptr(X509_NAME) broken_subject = c2b_name(subject);
-
- ret = X509_STORE_CTX_get1_crls(ctx, broken_subject);
- if (!ret) {
- g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_NO_CRL,
- _("no CRL found"));
- return NULL;
- }
- }
+ ret = quirk_X509_STORE_ctx_get1_crls(ctx, subject, err);
+ if (!ret)
+ return NULL;
/* Filter out non-valid CRLs for @cert */
for (gint i = 0; i < sk_X509_CRL_num(ret); i++) {
@@ -1328,32 +1338,14 @@ gint check_chain_parameters(const STACK_
/* It's almost the same as X509_check_issed from OpenSSL does except that we
* don't check the key usage of the potential issuer. This means we check:
- * 1. issuer_name(cert) == subject_name(issuer)
- * 2. Check whether the akid(cert) (if available) matches the issuer skid
- * 3. Check that the cert algrithm matches the subject algorithm
- * 4. Verify the signature of certificate @cert is using the public key of
+ * 1. Check whether the akid(cert) (if available) matches the issuer skid
+ * 2. Check that the cert algrithm matches the subject algorithm
+ * 3. Verify the signature of certificate @cert is using the public key of
* @issuer.
*/
static gint check_host_key_issued(X509 *cert, X509 *issuer, GError **err)
{
- const X509_NAME *issuer_subject = X509_get_subject_name(issuer);
- const X509_NAME *cert_issuer = X509_get_issuer_name(cert);
- AUTHORITY_KEYID *akid = NULL;
-
- /* We cannot use X509_NAME_cmp() because it considers the order of the
- * X509_NAME_Entries.
- */
- if (!own_X509_NAME_equal(issuer_subject, cert_issuer)) {
- g_autofree char *issuer_subject_str =
- X509_NAME_oneline(issuer_subject, NULL, 0);
- g_autofree char *cert_issuer_str =
- X509_NAME_oneline(cert_issuer, NULL, 0);
- g_set_error(err, PV_CRYPTO_ERROR,
- PV_CRYPTO_ERROR_CERT_SUBJECT_ISSUER_MISMATCH,
- _("Subject issuer mismatch:\n'%s'\n'%s'"),
- issuer_subject_str, cert_issuer_str);
- return -1;
- }
+ g_autoptr(AUTHORITY_KEYID) akid = NULL;
akid = X509_get_ext_d2i(cert, NID_authority_key_identifier, NULL, NULL);
if (akid && X509_check_akid(issuer, akid) != X509_V_OK) {
Index: s390-tools-service/genprotimg/src/utils/crypto.h
===================================================================
--- s390-tools-service.orig/genprotimg/src/utils/crypto.h
+++ s390-tools-service/genprotimg/src/utils/crypto.h
@@ -75,6 +75,7 @@ void x509_pair_free(x509_pair *pair);
/* Register auto cleanup functions */
WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(ASN1_INTEGER, ASN1_INTEGER_free)
WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(ASN1_OCTET_STRING, ASN1_OCTET_STRING_free)
+WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(AUTHORITY_KEYID, AUTHORITY_KEYID_free)
WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(BIGNUM, BN_free)
WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(BIO, BIO_free_all)
WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(BN_CTX, BN_CTX_free)

224
s390-tools-sles15sp6-03-libpv-support-Armonk-in-IBM-signing-key-subject.patch Normal file
View File

@ -0,0 +1,224 @@
Index: s390-tools-service/include/libpv/cert.h
===================================================================
--- s390-tools-service.orig/include/libpv/cert.h
+++ s390-tools-service/include/libpv/cert.h
@@ -16,7 +16,8 @@
#define PV_IBM_Z_SUBJECT_COMMON_NAME "International Business Machines Corporation"
#define PV_IBM_Z_SUBJECT_COUNTRY_NAME "US"
-#define PV_IBM_Z_SUBJECT_LOCALITY_NAME "Poughkeepsie"
+#define PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE "Poughkeepsie"
+#define PV_IBM_Z_SUBJECT_LOCALITY_NAME_ARMONK "Armonk"
#define PV_IBM_Z_SUBJECT_ORGANIZATIONAL_UNIT_NAME_SUFFIX "Key Signing Service"
#define PV_IBM_Z_SUBJECT_ORGANIZATION_NAME "International Business Machines Corporation"
#define PV_IBM_Z_SUBJECT_STATE "New York"
Index: s390-tools-service/libpv/cert.c
===================================================================
--- s390-tools-service.orig/libpv/cert.c
+++ s390-tools-service/libpv/cert.c
@@ -857,7 +857,7 @@ static gboolean x509_name_data_by_nid_eq
/* Checks whether the subject of @cert is a IBM signing key subject. For this we
* must check that the subject is equal to: 'C = US, ST = New York, L =
- * Poughkeepsie, O = International Business Machines Corporation, CN =
+ * Poughkeepsie or Armonk, O = International Business Machines Corporation, CN =
* International Business Machines Corporation' and the organization unit (OUT)
* must end with the suffix ' Key Signing Service'.
*/
@@ -879,7 +879,10 @@ static gboolean has_ibm_signing_subject(
if (!x509_name_data_by_nid_equal(subject, NID_stateOrProvinceName, PV_IBM_Z_SUBJECT_STATE))
return FALSE;
- if (!x509_name_data_by_nid_equal(subject, NID_localityName, PV_IBM_Z_SUBJECT_LOCALITY_NAME))
+ if (!(x509_name_data_by_nid_equal(subject, NID_localityName,
+ PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE) ||
+ x509_name_data_by_nid_equal(subject, NID_localityName,
+ PV_IBM_Z_SUBJECT_LOCALITY_NAME_ARMONK)))
return FALSE;
if (!x509_name_data_by_nid_equal(subject, NID_organizationName,
@@ -1085,10 +1088,9 @@ static int check_signature_algo_match(co
/* It's almost the same as X509_check_issed from OpenSSL does except that we
* don't check the key usage of the potential issuer. This means we check:
- * 1. issuer_name(cert) == subject_name(issuer)
- * 2. Check whether the akid(cert) (if available) matches the issuer skid
- * 3. Check that the cert algrithm matches the subject algorithm
- * 4. Verify the signature of certificate @cert is using the public key of
+ * 1. Check whether the akid(cert) (if available) matches the issuer skid
+ * 2. Check that the cert algrithm matches the subject algorithm
+ * 3. Verify the signature of certificate @cert is using the public key of
* @issuer.
*/
static int check_host_key_issued(X509 *cert, X509 *issuer, GError **error)
@@ -1097,19 +1099,6 @@ static int check_host_key_issued(X509 *c
const X509_NAME *cert_issuer = X509_get_issuer_name(cert);
g_autoptr(AUTHORITY_KEYID) akid = NULL;
- /* We cannot use X509_NAME_cmp() because it considers the order of the
- * X509_NAME_Entries.
- */
- if (!own_X509_NAME_equal(issuer_subject, cert_issuer)) {
- g_autofree char *issuer_subject_str = pv_X509_NAME_oneline(issuer_subject);
- g_autofree char *cert_issuer_str = pv_X509_NAME_oneline(cert_issuer);
-
- g_set_error(error, PV_CERT_ERROR, PV_CERT_ERROR_CERT_SUBJECT_ISSUER_MISMATCH,
- _("Subject issuer mismatch:\n'%s'\n'%s'"), issuer_subject_str,
- cert_issuer_str);
- return -1;
- }
-
akid = X509_get_ext_d2i(cert, NID_authority_key_identifier, NULL, NULL);
if (akid && X509_check_akid(issuer, akid) != X509_V_OK) {
g_set_error(error, PV_CERT_ERROR, PV_CERT_ERROR_SKID_AKID_MISMATCH,
@@ -1286,21 +1275,10 @@ int pv_verify_cert(X509_STORE_CTX *ctx,
return 0;
}
-/* Verify that: subject(issuer) == issuer(crl) and SKID(issuer) == AKID(crl) */
+/* Verify that SKID(issuer) == AKID(crl) */
static int check_crl_issuer(X509_CRL *crl, X509 *issuer, GError **error)
{
- const X509_NAME *crl_issuer = X509_CRL_get_issuer(crl);
- const X509_NAME *issuer_subject = X509_get_subject_name(issuer);
- AUTHORITY_KEYID *akid = NULL;
-
- if (!own_X509_NAME_equal(issuer_subject, crl_issuer)) {
- g_autofree char *issuer_subject_str = pv_X509_NAME_oneline(issuer_subject);
- g_autofree char *crl_issuer_str = pv_X509_NAME_oneline(crl_issuer);
-
- g_set_error(error, PV_CERT_ERROR, PV_CERT_ERROR_CRL_SUBJECT_ISSUER_MISMATCH,
- _("issuer mismatch:\n%s\n%s"), issuer_subject_str, crl_issuer_str);
- return -1;
- }
+ g_autoptr(AUTHORITY_KEYID) akid = NULL;
/* If AKID(@crl) is specified it must match with SKID(@issuer) */
akid = X509_CRL_get_ext_d2i(crl, NID_authority_key_identifier, NULL, NULL);
@@ -1325,7 +1303,6 @@ int pv_verify_crl(X509_CRL *crl, X509 *c
return -1;
}
- /* check that the @crl issuer matches with the subject name of @cert*/
if (check_crl_issuer(crl, cert, error) < 0)
return -1;
@@ -1393,6 +1370,93 @@ int pv_check_chain_parameters(const STAC
return 0;
}
+/** Replace locality 'Armonk' with 'Pougkeepsie'. If Armonk was not set return
+ * `NULL`.
+ */
+static X509_NAME *x509_armonk_locality_fixup(const X509_NAME *name)
+{
+ g_autoptr(X509_NAME) ret = NULL;
+ int pos;
+
+ /* Check if ``L=Armonk`` */
+ if (!x509_name_data_by_nid_equal((X509_NAME *)name, NID_localityName,
+ PV_IBM_Z_SUBJECT_LOCALITY_NAME_ARMONK))
+ return NULL;
+
+ ret = X509_NAME_dup(name);
+ if (!ret)
+ g_abort();
+
+ pos = X509_NAME_get_index_by_NID(ret, NID_localityName, -1);
+ if (pos == -1)
+ return NULL;
+
+ X509_NAME_ENTRY_free(X509_NAME_delete_entry(ret, pos));
+
+ /* Create a new name entry at the same position as before */
+ if (X509_NAME_add_entry_by_NID(
+ ret, NID_localityName, MBSTRING_UTF8,
+ (const unsigned char *)&PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE,
+ sizeof(PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE) - 1, pos, 0) != 1)
+ return NULL;
+
+ return g_steal_pointer(&ret);
+}
+
+/* This function contains work-arounds for some known subject(CRT)<->issuer(CRL)
+ * issues.
+ */
+static STACK_OF_X509_CRL *quirk_X509_STORE_ctx_get1_crls(X509_STORE_CTX *ctx,
+ const X509_NAME *subject, GError **err)
+{
+ g_autoptr(X509_NAME) fixed_subject = NULL;
+ g_autoptr(STACK_OF_X509_CRL) ret = NULL;
+
+ ret = pv_X509_STORE_CTX_get1_crls(ctx, subject);
+ if (ret && sk_X509_CRL_num(ret) > 0)
+ return g_steal_pointer(&ret);
+
+ /* Workaround to fix the mismatch between issuer name of the * IBM
+ * signing CRLs and the IBM signing key subject name. Locality name has
+ * changed from Poughkeepsie to Armonk.
+ */
+ fixed_subject = x509_armonk_locality_fixup(subject);
+ /* Was the locality replaced? */
+ if (fixed_subject) {
+ X509_NAME *tmp;
+
+ sk_X509_CRL_free(ret);
+ ret = pv_X509_STORE_CTX_get1_crls(ctx, fixed_subject);
+ if (ret && sk_X509_CRL_num(ret) > 0)
+ return g_steal_pointer(&ret);
+
+ /* Workaround to fix the ordering mismatch between issuer name
+ * of the IBM signing CRLs and the IBM signing key subject name.
+ */
+ tmp = fixed_subject;
+ fixed_subject = pv_c2b_name(fixed_subject);
+ X509_NAME_free(tmp);
+ sk_X509_CRL_free(ret);
+ ret = pv_X509_STORE_CTX_get1_crls(ctx, fixed_subject);
+ if (ret && sk_X509_CRL_num(ret) > 0)
+ return g_steal_pointer(&ret);
+ X509_NAME_free(fixed_subject);
+ fixed_subject = NULL;
+ }
+
+ /* Workaround to fix the ordering mismatch between issuer name of the
+ * IBM signing CRLs and the IBM signing key subject name.
+ */
+ fixed_subject = pv_c2b_name(subject);
+ sk_X509_CRL_free(ret);
+ ret = pv_X509_STORE_CTX_get1_crls(ctx, fixed_subject);
+ if (ret && sk_X509_CRL_num(ret) > 0)
+ return g_steal_pointer(&ret);
+
+ g_set_error(err, PV_CERT_ERROR, PV_CERT_ERROR_NO_CRL, _("no CRL found"));
+ return NULL;
+}
+
/* Given a certificate @cert try to find valid revocation lists in @ctx. If no
* valid CRL was found NULL is returned.
*/
@@ -1412,21 +1476,9 @@ STACK_OF_X509_CRL *pv_store_ctx_find_val
return NULL;
}
- ret = pv_X509_STORE_CTX_get1_crls(ctx, subject);
- if (!ret) {
- /* Workaround to fix the mismatch between issuer name of the
- * IBM Z signing CRLs and the IBM Z signing key subject name.
- */
- g_autoptr(X509_NAME) broken_subject = pv_c2b_name(subject);
-
- ret = pv_X509_STORE_CTX_get1_crls(ctx, broken_subject);
- if (!ret) {
- g_set_error(error, PV_CERT_ERROR, PV_CERT_ERROR_NO_CRL, _("no CRL found"));
- g_info("ERROR: %s", (*error)->message);
- return NULL;
- }
- }
-
+ ret = quirk_X509_STORE_ctx_get1_crls(ctx, subject, error);
+ if (!ret)
+ return NULL;
/* Filter out non-valid CRLs for @cert */
for (int i = 0; i < sk_X509_CRL_num(ret); i++) {
X509_CRL *crl = sk_X509_CRL_value(ret, i);

25
s390-tools-sles15sp6-04-pvattest-Fix-root-ca-parsing.patch Normal file
View File

@ -0,0 +1,25 @@
Index: s390-tools-service/pvattest/src/argparse.c
===================================================================
--- s390-tools-service.orig/pvattest/src/argparse.c
+++ s390-tools-service/pvattest/src/argparse.c
@@ -190,13 +190,13 @@ static gboolean hex_str_toull(const char
}
/* NOTE REQUIRED */
-#define _entry_root_ca(__arg_data, __indent) \
- { \
- .long_name = "root-ca", .short_name = 0, .flags = G_OPTION_FLAG_NONE, \
- .arg = G_OPTION_ARG_FILENAME_ARRAY, .arg_data = __arg_data, \
- .description = "Use FILE as the trusted root CA instead the\n" __indent \
- "root CAs that are installed on the system (optional).\n", \
- .arg_description = "FILE", \
+#define _entry_root_ca(__arg_data, __indent) \
+ { \
+ .long_name = "root-ca", .short_name = 0, .flags = G_OPTION_FLAG_NONE, \
+ .arg = G_OPTION_ARG_FILENAME, .arg_data = __arg_data, \
+ .description = "Use FILE as the trusted root CA instead the\n" __indent \
+ "root CAs that are installed on the system (optional).\n", \
+ .arg_description = "FILE", \
}
/* NOTE REQUIRED */

92
s390-tools-sles15sp6-genprotimg-makefile.patch Normal file
View File

@ -0,0 +1,92 @@
From 0748d365a60477c96cb9f6a12e9dbe547d549e1f Mon Sep 17 00:00:00 2001
From: Marc Hartmayer <mhartmay@linux.ibm.com>
Date: Tue, 12 Mar 2024 09:33:19 +0000
Subject: [PATCH] genprotimg/**/Makefile: Fix staged installs
Fix the support for staged installs. The Makefile variable `PKGDATADIR`
uses `DESTDIR` for all Makefile target, but actually it should only be
used for the `install*` and `uninstall*` targets. [1] Fix this by using
`DESTDIR` only for `install*` targets - uninstall* targets are not
supported by s390-tools.
Before this change, if `DESTDIR` was set for staged installs,
`genprotimg` has tried to find the bootloader binaries at the temporary
installation path `$DESTDIR$(TOOLS_DATADIR)/genprotimg/` instead of
`$(TOOLS_DATADIR)/genprotimg`.
[1] https://www.gnu.org/prep/standards/html_node/DESTDIR.html
Fixes: 65b9fc442c1a ("genprotimg: introduce new tool for the creation of PV images")
Reviewed-by: Steffen Eiden <seiden@linux.ibm.com>
Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>
---
genprotimg/Makefile | 6 +++---
genprotimg/boot/Makefile | 8 ++++----
genprotimg/src/Makefile | 2 +-
3 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/genprotimg/Makefile b/genprotimg/Makefile
index 8c9f7048..6a2e37e4 100644
--- a/genprotimg/Makefile
+++ b/genprotimg/Makefile
@@ -3,7 +3,7 @@ include ../common.mak
.DEFAULT_GOAL := all
-PKGDATADIR := "$(DESTDIR)$(TOOLS_DATADIR)/genprotimg"
+PKGDATADIR := "$(TOOLS_DATADIR)/genprotimg"
TESTS :=
SUBDIRS := boot src man
RECURSIVE_TARGETS := all-recursive install-recursive clean-recursive
@@ -11,8 +11,8 @@ RECURSIVE_TARGETS := all-recursive install-recursive clean-recursive
all: all-recursive
install: install-recursive
- $(INSTALL) -d -m 755 "$(PKGDATADIR)"
- $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 samples/check_hostkeydoc "$(PKGDATADIR)"
+ $(INSTALL) -d -m 755 "$(DESTDIR)$(PKGDATADIR)"
+ $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 samples/check_hostkeydoc "$(DESTDIR)$(PKGDATADIR)"
clean: clean-recursive
diff --git a/genprotimg/boot/Makefile b/genprotimg/boot/Makefile
index 799df9cc..73f3c9a8 100644
--- a/genprotimg/boot/Makefile
+++ b/genprotimg/boot/Makefile
@@ -7,7 +7,7 @@ DEBUG_FILES := $(addsuffix .debug,$(FILES))
ifeq ($(HOST_ARCH),s390x)
ZIPL_DIR := $(rootdir)/zipl
ZIPL_BOOT_DIR := $(ZIPL_DIR)/boot
-PKGDATADIR := $(DESTDIR)$(TOOLS_DATADIR)/genprotimg
+PKGDATADIR := $(TOOLS_DATADIR)/genprotimg
INCLUDE_PATHS := $(ZIPL_BOOT_DIR) $(ZIPL_DIR)/include $(rootdir)/include
INCLUDE_PARMS := $(addprefix -I,$(INCLUDE_PATHS))
@@ -86,9 +86,9 @@ stage3b.elf: head.o $(ZIPL_OBJS)
@chmod a-x $@
install: stage3a.bin stage3b_reloc.bin
- $(INSTALL) -d -m 755 "$(PKGDATADIR)"
- $(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 stage3a.bin "$(PKGDATADIR)"
- $(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 stage3b_reloc.bin "$(PKGDATADIR)"
+ $(INSTALL) -d -m 755 "$(DESTDIR)$(PKGDATADIR)"
+ $(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 stage3a.bin "$(DESTDIR)$(PKGDATADIR)"
+ $(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 stage3b_reloc.bin "$(DESTDIR)$(PKGDATADIR)"
else
# Don't generate the dependency files (see `common.mak` for the
diff --git a/genprotimg/src/Makefile b/genprotimg/src/Makefile
index 08734bff..d447e6cf 100644
--- a/genprotimg/src/Makefile
+++ b/genprotimg/src/Makefile
@@ -3,7 +3,7 @@ include ../../common.mak
bin_PROGRAM = genprotimg
-PKGDATADIR ?= "$(DESTDIR)$(TOOLS_DATADIR)/genprotimg"
+PKGDATADIR ?= "$(TOOLS_DATADIR)/genprotimg"
SRC_DIR := $(dir $(realpath $(firstword $(MAKEFILE_LIST))))
TOP_SRCDIR := $(SRC_DIR)/../
ROOT_DIR = $(TOP_SRC_DIR)/../../

10
s390-tools-sles15sp6-kdump-initrd-59-zfcp-compat-rules.patch
View File

@ -12,12 +12,8 @@ and the symlink not created in the kdump environment.
Fix this by including 59-zfcp-compat.rules in the kdump initrd. Fix this by including 59-zfcp-compat.rules in the kdump initrd.
--- --- a/zdev/dracut/95zdev-kdump/module-setup.sh 2024-02-21 15:57:33.027658387 +0100
zdev/dracut/95zdev-kdump/module-setup.sh | 1 + +++ b/zdev/dracut/95zdev-kdump/module-setup.sh 2024-02-21 15:57:38.215675799 +0100
1 file changed, 1 insertion(+)
--- a/zdev/dracut/95zdev-kdump/module-setup.sh
+++ b/zdev/dracut/95zdev-kdump/module-setup.sh
@@ -78,6 +78,7 @@ @@ -78,6 +78,7 @@
inst_multiple /lib/s390-tools/zdev-from-dasd_mod.dasd inst_multiple /lib/s390-tools/zdev-from-dasd_mod.dasd
@ -25,4 +21,4 @@ Fix this by including 59-zfcp-compat.rules in the kdump initrd.
+ inst_rules "59-zfcp-compat.rules" + inst_rules "59-zfcp-compat.rules"
# Obtain kdump target device configuration # Obtain kdump target device configuration

81
s390-tools.changes
View File

@ -1,84 +1,3 @@
-------------------------------------------------------------------
Tue Nov 5 15:26:42 UTC 2024 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
- Amended the *_configure scripts to update again the SUSE's specific file
'/boot/zipl/active_devices.txt' (bsc#1232474, bsc#1216257)
* ctc_configure
* dasd_configure
* qeth_configure
* zfcp_host_configure
-------------------------------------------------------------------
Tue Nov 5 13:04:20 UTC 2024 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
* Upgrade s390-tools to version 2.35 (jsc#PED-9591, jsc#PED-10303)
* Changes of existing tools:
- cpacfstats: Add support for FULL XTS (MSA 10) and HMAC (MSA 11) PAI counter
- cpuplugd: Make cpuplugd compatible with hiperdispatch
- dbginfo.sh: Add network sockstat info
- pvapconfig: s390x exclusive build
- zdev: Add option to select IPL device
- zdump/dfo_s390: Support s390 DFO for vr-kernel dumps
- zipl: Add support of mirror devices
* Bug Fixes:
- (genprotimg|zipl)/boot: discard .note.package ELF section to save memory
- netboot/mk-s390image: Fix size when argument is a symlink
- ziorep_config: Fix warning message when multipath device is not there.
- zipl: Fix problems when target parameters are specified by user
- zipl: Fix segfault when creating device-based dumps with '--dry-run'
*** v2.34.0
* Changes of existing tools:
- ap_tools/ap-check: Add support for vfio-ap dynamic configuration
- dbginfo.sh: Update/Add additional DASD data collection
- dumpconf: Add new parameter 'SCP_DATA' for SCSI/NVMe/ECKD dump devices
- libutil: Make formatted meta-data configurable
- s390-tools: Replace 'which' with built-in 'command -v'
- zdump/dfi_elf: Support core dumps of vr-kernels
* Bug Fixes:
- chzdev: Fix warning about failed ATTR writes by udev
- rust/pv: Try again if first CRL-URI is invalid
- rust/pvattest: Add short option for --arpk
- zdump: Fix 'zgetdump -i' ioctl error on s390 formatted dump file
*** v2.33.1
* Bug Fixes:
- s390-tools: Fix formatting and typos in README.md
- s390-tools: Fix release string
*** v2.33.0
* Add new tools / libraries:
- chpstat: New tool for displaying channel path statistics
- libutil: Add output format helpers(util_fmt: JSON, JSON-SEQ, CSV, text pairs)
* Changes of existing tools / libraries:
- chzdev: Add --is-owner to identify files created by zdev
- dasdfmt: Change default mode to always use full-format (Note: affects ESE DASD)
- libap: Significantly reduce delay time between file lock retries
- pvattest: Rewrite from C to Rust
- pvattest: Support additional data & user-data
- rust/pv: Support for Attestation
* Bug Fixes:
- chreipl: Improve disk type detection when running under QEMU
- dbginfo.sh: Use POSIX option with uname
- s390-tools: Fix missing hyphen escapes in the man page for many tools
- zipl/src: Fix bugs in disk_get_info() reproducible in corner cases
*** v2.32.0
* Changes of existing tools:
- cpumf/lscpumf: add support for machine type 3932
- genprotimg, pvattest, and pvsecret accept IBM signing key with Armonk as
subject locality
- zdump/zipl: Support for List-Directed dump from ECKD DASD
- zkey: Detect FIPS mode and generate PBKDF for luksFormat according to it
* Bug Fixes:
- dbginfo.sh: dash compatible copy sequence
- rust/pv_core: Fix UvDeviceInfo::get() method
- zipl/src: Fix leak of files if run with a broken configuration
- zkey: Fix convert command to accept only keys of type CCA-AESDATA
* Revendored vendor.tar.gz
* Removed obsolete patches
- s390-tools-sles15sp6-genprotimg-makefile.patch
- s390-tools-sles15sp5-01-rust-pv-support-Armonk-in-IBM-signing-key-subject.patch
- s390-tools-sles15sp6-02-genprotimg-support-Armonk-in-IBM-signing-key-subject.patch
- s390-tools-sles15sp6-03-libpv-support-Armonk-in-IBM-signing-key-subject.patch
- s390-tools-sles15sp6-04-pvattest-Fix-root-ca-parsing.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jul 11 14:56:34 UTC 2024 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com> Thu Jul 11 14:56:34 UTC 2024 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>

18
s390-tools.spec
View File

@ -33,7 +33,7 @@
%endif %endif
Name: s390-tools Name: s390-tools
Version: 2.35.0 Version: 2.31.0
Release: 0 Release: 0
Summary: S/390 tools like zipl and dasdfmt for s390x (plus selected tools for x86_64) Summary: S/390 tools like zipl and dasdfmt for s390x (plus selected tools for x86_64)
License: MIT License: MIT
@ -153,8 +153,13 @@ Patch910: s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.p
Patch911: s390-tools-sles15sp5-remove-no-pie-link-arguments.patch Patch911: s390-tools-sles15sp5-remove-no-pie-link-arguments.patch
Patch912: s390-tools-ALP-zdev-live.patch Patch912: s390-tools-ALP-zdev-live.patch
Patch913: s390-tools-sles15sp6-kdump-initrd-59-zfcp-compat-rules.patch Patch913: s390-tools-sles15sp6-kdump-initrd-59-zfcp-compat-rules.patch
### Patch only for SLFO Patch914: s390-tools-sles15sp6-genprotimg-makefile.patch
Patch914: s390-tools-slfo-01-parse-ipl-device-for-activation.patch Patch915: s390-tools-slfo-01-parse-ipl-device-for-activation.patch
### SE-tooling: New IBM host-key subject locality (s390-tools)
Patch916: s390-tools-sles15sp5-01-rust-pv-support-Armonk-in-IBM-signing-key-subject.patch
Patch917: s390-tools-sles15sp6-02-genprotimg-support-Armonk-in-IBM-signing-key-subject.patch
Patch918: s390-tools-sles15sp6-03-libpv-support-Armonk-in-IBM-signing-key-subject.patch
Patch919: s390-tools-sles15sp6-04-pvattest-Fix-root-ca-parsing.patch
### ###
BuildRequires: curl-devel BuildRequires: curl-devel
@ -179,7 +184,6 @@ BuildRequires: zlib-devel-static
### s390x ### s390x
%ifarch s390x %ifarch s390x
BuildRequires: kernel-zfcpdump BuildRequires: kernel-zfcpdump
BuildRequires: perl-Bootloader >= 0.4.15
BuildRequires: qclib-devel-static BuildRequires: qclib-devel-static
%endif %endif
### Cargo ### Cargo
@ -228,11 +232,9 @@ zgetdump - tool to get linux system dumps from DASD
genprotimg - create a protected virtualization image genprotimg - create a protected virtualization image
pvattest - create, perform, and verify protected virtualization attestation measurements pvattest - create, perform, and verify protected virtualization attestation measurements
pvsecret - manage secrets for IBM Secure Execution guests. pvsecret - manage secrets for IBM Secure Execution guests.
pvapconfig - used to automatically set up the AP configuration within an IBM Secure Execution guest.
Warning: There is an auxiliary data package - s390-tools-genprotimg-data. Note: Auxiliary data package - s390-tools-genprotimg-data
To install s390-tools properly, please use:
'sudo zypper install s390-tools s390-tools-genprotimg-data'
%package -n osasnmpd %package -n osasnmpd
Summary: OSA-Express SNMP subagent Summary: OSA-Express SNMP subagent

BIN
vendor.tar.gz (Stored with Git LFS)
View File

Binary file not shown.

13
zfcp_host_configure
View File

@ -38,14 +38,6 @@ debug_mesg () {
esac esac
} }
add_cio_channel() {
echo "$* # ${DATE}" >> /boot/zipl/active_devices.txt
}
remove_cio_channel() {
[ -w /boot/zipl/active_devices.txt ] && sed -i -e "/^${1}/d" /boot/zipl/active_devices.txt
}
usage(){ usage(){
echo "Usage: ${0} <ccwid> <online>" echo "Usage: ${0} <ccwid> <online>"
echo " ccwid = x.y.ssss where" echo " ccwid = x.y.ssss where"
@ -88,8 +80,3 @@ RC=${?}
if [ ${RC} -ne 0 ]; then if [ ${RC} -ne 0 ]; then
exit ${RC} exit ${RC}
fi fi
if [ ${ON_OFF} == 1 ]; then
add_cio_channel "${CCW_CHAN_ID}"
else remove_cio_channel "${CCW_CHAN_ID}"
fi