diff --git a/ctc_configure b/ctc_configure index 1634b93..3d4ee1f 100644 --- a/ctc_configure +++ b/ctc_configure @@ -44,6 +44,14 @@ debug_mesg () { esac } +add_cio_channel() { + echo "$* # ${DATE}" >> /boot/zipl/active_devices.txt +} + +remove_cio_channel() { + [ -w /boot/zipl/active_devices.txt ] && sed -i -e "/^${1}/d" /boot/zipl/active_devices.txt +} + usage(){ echo "Usage: ${0} []" echo " read/write channel = x.y.ssss where" @@ -112,3 +120,9 @@ RC=${?} if [ ${RC} -ne 0 ]; then exit ${RC} fi + +if [ ${ON_OFF} == 1 ]; then + add_cio_channel "${CTC_READ_CHAN},${CTC_WRITE_CHAN}" +else remove_cio_channel "${CTC_READ_CHAN}" + remove_cio_channel "${CTC_WRITE_CHAN}" +fi diff --git a/dasd_configure.opensuse b/dasd_configure.opensuse index 6f135ee..a04fcde 100644 --- a/dasd_configure.opensuse +++ b/dasd_configure.opensuse @@ -43,6 +43,14 @@ debug_mesg () { esac } +add_cio_channel() { + echo "$* # ${DATE}" >> /boot/zipl/active_devices.txt +} + +remove_cio_channel() { + [ -w /boot/zipl/active_devices.txt ] && sed -i -e "/^${1}/d" /boot/zipl/active_devices.txt +} + usage(){ echo "Usage: ${0} [-f -t ] [use_diag]" echo @@ -157,4 +165,9 @@ elif [ ${ON_OFF} == 1 ]; then fi fi +if [ ${ON_OFF} == 1 ]; then + add_cio_channel "${CCW_CHAN_ID}" +else remove_cio_channel "${CCW_CHAN_ID}" +fi + exit ${exitcode} diff --git a/dasd_configure.suse b/dasd_configure.suse index 6b453b2..1aae177 100644 --- a/dasd_configure.suse +++ b/dasd_configure.suse @@ -43,6 +43,14 @@ debug_mesg () { esac } +add_cio_channel() { + echo "$* # ${DATE}" >> /boot/zipl/active_devices.txt +} + +remove_cio_channel() { + [ -w /boot/zipl/active_devices.txt ] && sed -i -e "/^${1}/d" /boot/zipl/active_devices.txt +} + usage(){ echo "Usage: ${0} [-f -t ] [use_diag]" echo @@ -157,4 +165,9 @@ elif [ ${ON_OFF} == 1 ]; then fi fi +if [ ${ON_OFF} == 1 ]; then + add_cio_channel "${CCW_CHAN_ID}" +else remove_cio_channel "${CCW_CHAN_ID}" +fi + exit ${exitcode} diff --git a/qeth_configure b/qeth_configure index bf30117..8e883ab 100644 --- a/qeth_configure +++ b/qeth_configure @@ -48,6 +48,14 @@ debug_mesg () { esac } +add_cio_channel() { + echo "$* # ${DATE}" >> /boot/zipl/active_devices.txt +} + +remove_cio_channel() { + [ -w /boot/zipl/active_devices.txt ] && sed -i -e "/^${1}/d" /boot/zipl/active_devices.txt +} + usage(){ echo "Usage: ${0} [options] " echo " -i Configure IP takeover" @@ -157,3 +165,10 @@ RC=${?} if [ ${RC} -ne 0 ]; then exit ${RC} fi + +if [ ${ON_OFF} == 1 ]; then + add_cio_channel "${QETH_READ_CHAN},${QETH_WRITE_CHAN},${QETH_DATA_CHAN}" +else remove_cio_channel "${QETH_READ_CHAN}" + remove_cio_channel "${QETH_WRITE_CHAN}" + remove_cio_channel "${QETH_DATA_CHAN}" +fi diff --git a/s390-tools-2.31.0.tar.gz b/s390-tools-2.31.0.tar.gz deleted file mode 100644 index 3f5dfab..0000000 --- a/s390-tools-2.31.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:83550c05f4fdb631376ad980df058de84292a9e5fbbce631ba3de5749c4f1c5e -size 2059068 diff --git a/s390-tools-2.35.0.tar.gz b/s390-tools-2.35.0.tar.gz new file mode 100644 index 0000000..99e5cfb --- /dev/null +++ b/s390-tools-2.35.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2b00d49d2fd649308ad385a80da4cfdfacc1fa642b6949431adf41689ac4848a +size 2125787 diff --git a/s390-tools-ALP-zdev-live.patch b/s390-tools-ALP-zdev-live.patch index fee9f2b..5d45a79 100644 --- a/s390-tools-ALP-zdev-live.patch +++ b/s390-tools-ALP-zdev-live.patch @@ -5,10 +5,8 @@ zdev/dracut/Makefile | 15 ++++++++++-- 4 files changed, 92 insertions(+), 2 deletions(-) -Index: s390-tools-2.30.0/zdev/dracut/96zdev-live/module-setup.sh -=================================================================== --- /dev/null -+++ s390-tools-2.30.0/zdev/dracut/96zdev-live/module-setup.sh ++++ b/zdev/dracut/96zdev-live/module-setup.sh @@ -0,0 +1,32 @@ +#!/bin/bash + @@ -42,10 +40,8 @@ Index: s390-tools-2.30.0/zdev/dracut/96zdev-live/module-setup.sh + inst_hook cleanup 41 "$moddir/write-udev-live.sh" + inst_multiple chzdev +} -Index: s390-tools-2.30.0/zdev/dracut/96zdev-live/parse-zdev-live.sh -=================================================================== --- /dev/null -+++ s390-tools-2.30.0/zdev/dracut/96zdev-live/parse-zdev-live.sh ++++ b/zdev/dracut/96zdev-live/parse-zdev-live.sh @@ -0,0 +1,36 @@ +#!/bin/bash +# @@ -83,10 +79,8 @@ Index: s390-tools-2.30.0/zdev/dracut/96zdev-live/parse-zdev-live.sh + fi +done + -Index: s390-tools-2.30.0/zdev/dracut/96zdev-live/write-udev-live.sh -=================================================================== --- /dev/null -+++ s390-tools-2.30.0/zdev/dracut/96zdev-live/write-udev-live.sh ++++ b/zdev/dracut/96zdev-live/write-udev-live.sh @@ -0,0 +1,11 @@ +#!/bin/sh +# @@ -99,11 +93,9 @@ Index: s390-tools-2.30.0/zdev/dracut/96zdev-live/write-udev-live.sh +if [ -w /sysroot/etc/udev/rules.d ]; then + cp -p /etc/udev/rules.d/41-* /sysroot/etc/udev/rules.d +fi -Index: s390-tools-2.30.0/zdev/dracut/Makefile -=================================================================== ---- s390-tools-2.30.0.orig/zdev/dracut/Makefile -+++ s390-tools-2.30.0/zdev/dracut/Makefile -@@ -3,17 +3,23 @@ include ../../common.mak +--- a/zdev/dracut/Makefile ++++ b/zdev/dracut/Makefile +@@ -3,17 +3,23 @@ ZDEVDIR := 95zdev ZDEVKDUMPDIR := 95zdev-kdump @@ -129,7 +121,7 @@ Index: s390-tools-2.30.0/zdev/dracut/Makefile ifeq ($(HAVE_DRACUT),1) install: $(INSTALL) -m 755 -d $(DESTDIR)$(DRACUTMODDIR)/ -@@ -25,4 +31,9 @@ install: +@@ -29,4 +35,9 @@ $(INSTALL) -m 755 -d $(DESTDIR)$(DRACUTMODDIR)/$(ZDEVKDUMPDIR) $(INSTALL) -m 755 $(ZDEVKDUMPDIR)/module-setup.sh \ $(DESTDIR)$(DRACUTMODDIR)/$(ZDEVKDUMPDIR)/ diff --git a/s390-tools-sles15-sysconfig-compatible-dumpconf.patch b/s390-tools-sles15-sysconfig-compatible-dumpconf.patch index 49cd4ab..61e9f97 100644 --- a/s390-tools-sles15-sysconfig-compatible-dumpconf.patch +++ b/s390-tools-sles15-sysconfig-compatible-dumpconf.patch @@ -1,34 +1,27 @@ -Index: s390-tools-2.30.0/etc/sysconfig/dumpconf -=================================================================== ---- s390-tools-2.30.0.orig/etc/sysconfig/dumpconf -+++ s390-tools-2.30.0/etc/sysconfig/dumpconf -@@ -1,71 +1,137 @@ +--- + etc/sysconfig/dumpconf | 133 +++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 133 insertions(+) + +--- a/etc/sysconfig/dumpconf ++++ b/etc/sysconfig/dumpconf +@@ -1,3 +1,4 @@ ++########################################################################################### + # + # s390 dump config + # +@@ -78,3 +79,135 @@ + # dumpconf becomes active immediately during system startup. + # + # ON_PANIC=reipl ++ ++############################ Begin Definitions ########################################### +## Path: System/Dumpconf +## Description: Configures the actions which should be performed after a kernel panic +## Type: list(stop,dump,vmcmd,reipl,dump_reipl) +## Default: "stop" +## ServiceRestart: dumpconf - # --# s390 dump config --# --# Configures the actions which should be performed after a kernel panic --# and on PSW restart. ++# +# Define the action that should be taken if a kernel panic happens. - # - # The following actions are supported: - # --# * stop: Stop Linux (default) --# * dump: Dump Linux with stand-alone dump tool --# * vmcmd: Issue z/VM CP commands --# * reipl: Re-IPL Linux using setting under /sys/firmware/reipl --# * dump_reipl: First dump Linux with stand-alone dump tool, then re-IPL Linux --# using setting under /sys/firmware/reipl -+# * stop: Stop Linux (default) -+# * dump: Dump Linux -+# * vmcmd: Issue z/VM CP commands -+# * reipl: Re-IPL Linux using setting under /sys/firmware/reipl -+# * dump_reipl: First dump Linux, then re-IPL Linux using setting under -+# /sys/firmware/reipl +# +ON_PANIC="stop" + @@ -62,14 +55,10 @@ Index: s390-tools-2.30.0/etc/sysconfig/dumpconf +# Define the device id for a DASD or SCSI over zFCP dump device. +# +# For example (DASD and SCSI over zFCP have the same structure): DEVICE=0.0.4711 - # ++# +DEVICE="" - --# For the actions "reipl" and "dump_reipl" the DELAY_MINUTES keyword may --# be used to delay the activation of dumpconf. --# Thus potential reipl loops caused by kernel panics --# which persistently occur early in the boot process can be prevented. -+## Type: string ++ ++# Type: string +## Default: "" +## ServiceRestart: dumpconf +# @@ -78,62 +67,40 @@ Index: s390-tools-2.30.0/etc/sysconfig/dumpconf +# For example: WWPN=0x5005076303004711 +# +WWPN="" - --# Dump on CCW device (DASD) and re-IPL after dump is complete. --# The re-IPL device, as specified under "/sys/firmware/reipl", is used. --# The activation of dumpconf is delayed by 5 minutes. ++ +## Type: string +## Default: "" +## ServiceRestart: dumpconf - # --# ON_PANIC=dump_reipl --# DUMP_TYPE=ccw --# DEVICE=0.0.4e13 --# DELAY_MINUTES=5 ++# +# Define the LUN for a zFCP dump device. +# +# For example: LUN=0x4711000000000000 +# +LUN="" - ++ +## Type: integer(0:30) +## Default: "0" +## ServiceRestart: dumpconf +# +# Define the Boot program selector for a zFCP dump device. - # --# Dump on fcp device (SCSI Disk) ++# +# A decimal value between 0 and 30 specifying the program to be loaded from +# the FCP-I/O device. - # --# ON_PANIC=dump --# DUMP_TYPE=fcp --# DEVICE=0.0.4711 --# WWPN=0x5005076303004711 --# LUN=0x4711000000000000 --# BOOTPROG=0 --# BR_LBA=0 ++# +BOOTPROG="0" - ++ +## Type: string +## Default: "0" +## ServiceRestart: dumpconf - # --# Dump on nvme device (NVMe Disk) ++# +# Define the Boot record logical block address for a zFCP dump device. - # --# ON_PANIC=dump --# DUMP_TYPE=nvme --# FID=0x00000300 --# NSID=0x00000001 --# BOOTPROG=3 --# BR_LBA=0 ++# +# The hexadecimal digits designating the logical-block address of the boot record of the FCP-I/O device. +# It must be a value from 0-FFFFFFFF FFFFFFFF. For values longer than 8 hex characters at least one separator +# blank is required after the 8th character. +# +BR_LBA="0" - ++ +## Type: string +## Default: "" +## ServiceRestart: dumpconf @@ -141,16 +108,11 @@ Index: s390-tools-2.30.0/etc/sysconfig/dumpconf +# Define the Function ID for NVMe dump device. +# +# The hexadecimal digits designating the Function ID for the NMVe disk. - # --# Use VMDUMP ++# +# For example: FID=0x00000300 - # --# ON_PANIC=vmcmd --# VMCMD_1="MESSAGE * Starting VMDUMP" --# VMCMD_2="VMDUMP" --# VMCMD_3="IPL 4711" ++# +FID="" - ++ +## Type: string +## Default: "" +## ServiceRestart: dumpconf @@ -158,28 +120,21 @@ Index: s390-tools-2.30.0/etc/sysconfig/dumpconf +# Define the Namespace ID for the NVMe dump device +# +# The hexadecimal digits designating the Namespace ID for the NMVe disk. - # --# Stop Linux (default) ++# +# For example: NSID=0x00000001 - # --# ON_PANIC=stop ++# +NSID="" - ++ +## Type: string +## Default: "" +## ServiceRestart: dumpconf - # --# Re-IPL Linux --# The re-IPL device, as specified under "/sys/firmware/reipl", is used. --# Since the DELAY_MINUTES keyword is omitted, there is no delay and --# dumpconf becomes active immediately during system startup. ++# +# VMCMD_ +# Specifies a CP command, is a number from one to eight. You can +# specify up to eight CP commands that are executed in case of a kernel +# panic. Note that VM commands, device adresses, and VM guest names +# must be uppercase. - # --# ON_PANIC=reipl ++# +VMCMD_1="" +VMCMD_2="" +VMCMD_3="" @@ -188,3 +143,6 @@ Index: s390-tools-2.30.0/etc/sysconfig/dumpconf +VMCMD_6="" +VMCMD_7="" +VMCMD_8="" ++ ++############################### End Definitions ############################################## +\ No newline at end of file diff --git a/s390-tools-sles15sp3-Allow-multiple-device-arguments.patch b/s390-tools-sles15sp3-Allow-multiple-device-arguments.patch index 9f8c579..a68246f 100644 --- a/s390-tools-sles15sp3-Allow-multiple-device-arguments.patch +++ b/s390-tools-sles15sp3-Allow-multiple-device-arguments.patch @@ -7,36 +7,32 @@ Allow the user to specify several devices as arguments to dasdfmt. Signed-off-by: Hannes Reinecke --- - dasdfmt/dasdfmt.8 | 5 +- - dasdfmt/dasdfmt.c | 175 ++++++++++++++++++++++++++++++------------------------ - 2 files changed, 100 insertions(+), 80 deletions(-) + dasdfmt/dasdfmt.8 | 6 - + dasdfmt/dasdfmt.c | 197 +++++++++++++++++++++++++++++++----------------------- + 2 files changed, 119 insertions(+), 84 deletions(-) -Index: s390-tools-2.30.0/dasdfmt/dasdfmt.8 -=================================================================== ---- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.8 -+++ s390-tools-2.30.0/dasdfmt/dasdfmt.8 -@@ -11,14 +11,15 @@ dasdfmt \- formatting of DASD (ECKD) dis +--- a/dasdfmt/dasdfmt.8 ++++ b/dasdfmt/dasdfmt.8 +@@ -11,14 +11,14 @@ .br - [-r \fIcylinder\fR] [-b \fIblksize\fR] [-l \fIvolser\fR] [-d \fIlayout\fR] + [\-r \fIcylinder\fR] [\-b \fIblksize\fR] [\-l \fIvolser\fR] [\-d \fIlayout\fR] .br -- [-L] [-V] [-F] [-k] [-C] [-M \fImode\fR] \fIdevice\fR -+ [-L] [-V] [-F] [-k] [-C] [-M \fImode\fR] \fIdevice\fR [\fIdevice\fR] +- [\-L] [\-V] [\-F] [\-k] [\-C] [\-M \fImode\fR] \fIdevice\fR ++ [\-L] [\-V] [\-F] [\-k] [\-C] [\-M \fImode\fR] \fIdevice\fR [\fIdevice\fR] .SH DESCRIPTION -\fBdasdfmt\fR formats a DASD (ECKD) disk drive to prepare it -+\fBdasdfmt\fR formats one or several DASD (ECKD) disk drive to prepare it ++\fBdasdfmt\fR formats one or several DASD (ECKD) disk drive(s) to prepare them for usage with Linux for S/390. The \fIdevice\fR is the node of the device (e.g. '/dev/dasda'). Any device node created by udev for kernel 2.6 can be used - (e.g. '/dev/dasd/0.0.b100/disc'). -+It is possible to specify up to 512 devices. +-(e.g. '/dev/dasd/0.0.b100/disc'). ++(e.g. '/dev/dasd/0.0.b100/disc'). It is possible to specify up to 512 devices. .br \fBWARNING\fR: Careless usage of \fBdasdfmt\fR can result in -Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c -=================================================================== ---- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.c -+++ s390-tools-2.30.0/dasdfmt/dasdfmt.c +--- a/dasdfmt/dasdfmt.c ++++ b/dasdfmt/dasdfmt.c @@ -25,6 +25,8 @@ #include "dasdfmt.h" @@ -46,7 +42,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c #define BUSIDSIZE 8 #define SEC_PER_DAY (60 * 60 * 24) #define SEC_PER_HOUR (60 * 60) -@@ -57,7 +59,9 @@ static const struct util_prg prg = { +@@ -57,7 +59,9 @@ static struct dasdfmt_globals { dasd_information2_t dasd_info; char *dev_path; /* device path entered by user */ @@ -56,7 +52,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c int verbosity; int testmode; int withoutprompt; -@@ -484,15 +488,15 @@ static void program_interrupt_signal(int +@@ -484,15 +488,15 @@ program_interrupt_in_progress = 1; if (disk_disabled) { @@ -75,7 +71,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c } else { printf("Exiting...\n"); } -@@ -512,9 +516,6 @@ static void get_device_name(int optind, +@@ -512,9 +516,6 @@ unsigned int maj, min; struct stat dev_stat; @@ -85,7 +81,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c if (optind >= argc) error("No device specified!"); -@@ -610,10 +611,10 @@ static void check_disk(void) +@@ -610,10 +611,10 @@ error("the ioctl call to retrieve read/write status information failed: %s", strerror(err)); if (ro) @@ -98,7 +94,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c } if (strncmp(g.dasd_info.type, "ECKD", 4) != 0) { warnx("Unsupported disk type"); -@@ -700,7 +701,7 @@ static void set_geo(unsigned int *cylind +@@ -700,7 +701,7 @@ struct dasd_eckd_characteristics *characteristics; if (g.verbosity > 0) @@ -107,7 +103,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c characteristics = (struct dasd_eckd_characteristics *) &g.dasd_info.characteristics; -@@ -728,13 +729,13 @@ static void set_label(volume_label_t *vl +@@ -728,13 +729,13 @@ "Cylinders above this limit will not be" " accessible as a linux partition!\n" "Type \"yes\" to continue, no will leave" @@ -124,7 +120,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c return; } } -@@ -872,7 +873,7 @@ static void check_disk_format(unsigned i +@@ -872,7 +873,7 @@ check_params->start_unit = 0; check_params->stop_unit = (cylinders * heads) - 1; @@ -133,7 +129,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c if (g.testmode) { printf("Test mode active, omitting ioctl.\n"); -@@ -896,7 +897,7 @@ static void check_disk_format(unsigned i +@@ -896,7 +897,7 @@ if (process_tracks(cylinders, heads, check_params)) error("Use --mode=full to perform a clean format."); @@ -142,7 +138,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c } /* -@@ -946,8 +947,8 @@ static void dasdfmt_print_info(volume_la +@@ -946,8 +947,8 @@ printf("Device Type: %s Provisioned\n", g.ese ? "Thinly" : "Fully"); @@ -153,7 +149,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c printf(" Device number of device : 0x%x\n", g.dasd_info.devno); printf(" Labelling device : %s\n", (g.writenolabel) ? "no" : "yes"); -@@ -1012,7 +1013,7 @@ static void dasdfmt_write_labels(volume_ +@@ -1012,7 +1013,7 @@ int ipl1_record_len, ipl2_record_len; if (g.verbosity > 0) @@ -162,7 +158,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c get_blocksize(&blksize); -@@ -1030,7 +1031,7 @@ static void dasdfmt_write_labels(volume_ +@@ -1030,7 +1031,7 @@ /* write empty bootstrap (initial IPL records) */ if (g.verbosity > 0) @@ -171,7 +167,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c /* * Note: ldl labels do not contain the key field -@@ -1089,7 +1090,7 @@ static void dasdfmt_write_labels(volume_ +@@ -1089,7 +1090,7 @@ label_position = g.dasd_info.label_block * blksize; if (g.verbosity > 0) @@ -180,7 +176,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c rc = lseek(fd, label_position, SEEK_SET); if (rc != label_position) { -@@ -1120,7 +1121,7 @@ static void dasdfmt_write_labels(volume_ +@@ -1120,7 +1121,7 @@ } if (g.verbosity > 0) @@ -189,16 +185,16 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c label_position = (VTOC_START_CC * heads + VTOC_START_HH) * geo.sectors * blksize; -@@ -1242,7 +1243,7 @@ static int dasdfmt_release_space(void) +@@ -1242,7 +1243,7 @@ if (!g.ese || g.no_discard) - return 0; + return; - printf("Releasing space for the entire device...\n"); + printf("Releasing space for the entire %s device...\n", g.dev_path); err = dasd_release_space(g.dev_node, &r); - /* - * Warn or Error on failing RAS depending on QUICK mode set explicitly or automatically -@@ -1270,20 +1271,21 @@ static void dasdfmt_prepare_and_format(u + if (err) + error("Could not release space: %s", strerror(err)); +@@ -1261,20 +1262,21 @@ int err; if (!(g.withoutprompt && g.verbosity < 1)) @@ -225,7 +221,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c /* except track 0 from standard formatting procss */ p->start_unit = 1; -@@ -1291,19 +1293,19 @@ static void dasdfmt_prepare_and_format(u +@@ -1282,19 +1284,19 @@ process_tracks(cylinders, heads, p); if (g.verbosity > 0) @@ -248,7 +244,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c disk_enable(); } -@@ -1315,18 +1317,18 @@ static void dasdfmt_expand_format(unsign +@@ -1306,18 +1308,18 @@ format_data_t *p) { if (!(g.withoutprompt && g.verbosity < 1)) @@ -271,7 +267,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c if (g.verbosity > 0) printf("Re-accessing the device...\n"); -@@ -1435,16 +1437,16 @@ static void do_format_dasd(volume_label_ +@@ -1426,16 +1428,16 @@ if (!g.withoutprompt) { printf("\n"); if (mode != EXPAND) @@ -292,7 +288,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c return; } } -@@ -1466,12 +1468,12 @@ static void do_format_dasd(volume_label_ +@@ -1453,12 +1455,12 @@ break; } @@ -307,7 +303,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c err = dasd_reread_partition_table(g.dev_node, 5); if (err != 0) { ERRMSG("%s: error during rereading the partition " -@@ -1485,7 +1487,7 @@ static void do_format_dasd(volume_label_ +@@ -1472,7 +1474,7 @@ static void eval_format_mode(void) { if (!g.force && g.mode_specified && g.ese && mode == EXPAND) { @@ -316,7 +312,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c warnx("Format mode 'expand' is not feasible."); error("Use --mode=full or --mode=quick to perform a clean format"); } -@@ -1508,20 +1510,70 @@ static void set_prog_name(char *s) +@@ -1495,20 +1497,70 @@ prog_name = p + 1; } @@ -391,7 +387,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c /* Establish a handler for interrupt signals. */ signal(SIGTERM, program_interrupt_signal); -@@ -1657,6 +1709,9 @@ int main(int argc, char *argv[]) +@@ -1644,6 +1696,9 @@ break; /* exit loop if finished */ } @@ -401,7 +397,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c CHECK_SPEC_MAX_ONCE(g.blksize_specified, "blocksize"); CHECK_SPEC_MAX_ONCE(g.labelspec, "label"); CHECK_SPEC_MAX_ONCE(g.writenolabel, "omit-label-writing flag"); -@@ -1675,48 +1730,28 @@ int main(int argc, char *argv[]) +@@ -1662,48 +1717,28 @@ if (g.print_hashmarks) PARSE_PARAM_INTO(g.hashstep, hashstep_str, 10, "hashstep"); diff --git a/s390-tools-sles15sp3-Format-devices-in-parallel.patch b/s390-tools-sles15sp3-Format-devices-in-parallel.patch index ab53115..8ec3f2e 100644 --- a/s390-tools-sles15sp3-Format-devices-in-parallel.patch +++ b/s390-tools-sles15sp3-Format-devices-in-parallel.patch @@ -7,37 +7,34 @@ Allow dasdfmt to run in parallel when several devices are specified. Signed-off-by: Hannes Reinecke --- - dasdfmt/dasdfmt.8 | 16 ++++++++++++++-- - dasdfmt/dasdfmt.c | 50 +++++++++++++++++++++++++++++++++++++++++++------- - dasdfmt/dasdfmt.h | 1 + - 3 files changed, 58 insertions(+), 9 deletions(-) + dasdfmt/dasdfmt.8 | 16 +++++++++++++- + dasdfmt/dasdfmt.c | 58 ++++++++++++++++++++++++++++++++++++++++++------------ + 2 files changed, 60 insertions(+), 14 deletions(-) -Index: s390-tools-2.30.0/dasdfmt/dasdfmt.8 -=================================================================== ---- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.8 -+++ s390-tools-2.30.0/dasdfmt/dasdfmt.8 +--- a/dasdfmt/dasdfmt.8 ++++ b/dasdfmt/dasdfmt.8 @@ -7,7 +7,7 @@ dasdfmt \- formatting of DASD (ECKD) disk drives. .SH SYNOPSIS --\fBdasdfmt\fR [-h] [-t] [-v] [-y] [-p] [-P] [-m \fIstep\fR] -+\fBdasdfmt\fR [-h] [-t] [-v] [-y] [-p] [-Q] [-P] [-m \fIstep\fR] +-\fBdasdfmt\fR [\-h] [\-t] [\-v] [\-y] [\-p] [\-P] [\-m \fIstep\fR] ++\fBdasdfmt\fR [\-h] [\-t] [\-v] [\-y] [\-p] [\-Q] [\-P] [\-m \fIstep\fR] .br - [-r \fIcylinder\fR] [-b \fIblksize\fR] [-l \fIvolser\fR] [-d \fIlayout\fR] + [\-r \fIcylinder\fR] [\-b \fIblksize\fR] [\-l \fIvolser\fR] [\-d \fIlayout\fR] .br -@@ -96,7 +96,7 @@ Do not use this option if you are using +@@ -95,7 +95,7 @@ running in background or redirecting the output to a file. .TP --\fB-P\fR or \fB--percentage\fR -+\fB-Q\fR or \fB--percentage\fR +-\fB\-P\fR or \fB\-\-percentage\fR ++\fB\-Q\fR or \fB\-\-percentage\fR Print one line for each formatted cylinder showing the number of the cylinder and percentage of formatting process. Intended to be used by higher level interfaces. -@@ -164,6 +164,18 @@ Specify blocksize to be used. \fIblksize - and always be a power of two. The recommended blocksize is 4096 bytes. +@@ -164,6 +164,18 @@ .TP + \fB\-l\fR \fIvolser\fR or \fB\-\-label\fR=\fIvolser\fR +\fB-P\fR \fInumdisks\fR or \fB--max_parallel\fR=\fInumdisks\fR +Specify the number of disks to be formatted in parallel. +\fInumdisks\fR specifies the number of formatting processed, @@ -50,13 +47,11 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.8 +.br + +.TP - \fB-l\fR \fIvolser\fR or \fB--label\fR=\fIvolser\fR Specify the volume serial number or volume identifier to be written to disk after formatting. If no label is specified, a sensible default -Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c -=================================================================== ---- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.c -+++ s390-tools-2.30.0/dasdfmt/dasdfmt.c + is used. \fIvolser\fR is interpreted as ASCII string and is automatically +--- a/dasdfmt/dasdfmt.c ++++ b/dasdfmt/dasdfmt.c @@ -13,6 +13,7 @@ #include #include @@ -65,7 +60,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c #include "lib/dasd_base.h" #include "lib/dasd_sys.h" -@@ -81,6 +82,7 @@ static struct dasdfmt_globals { +@@ -81,6 +82,7 @@ int mode_specified; int ese; int no_discard; @@ -73,7 +68,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c } g = { .dasd_info = { 0 }, }; -@@ -105,6 +107,11 @@ static struct util_opt opt_vec[] = { +@@ -105,6 +107,11 @@ .desc = "Perform complete format check on device", .flags = UTIL_OPT_FLAG_NOSHORT, }, @@ -85,7 +80,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c UTIL_OPT_SECTION("FORMAT OPTIONS"), { .option = { "blocksize", required_argument, NULL, 'b' }, -@@ -162,7 +169,7 @@ static struct util_opt opt_vec[] = { +@@ -162,7 +169,7 @@ .desc = "Show a progressbar", }, { @@ -94,7 +89,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c .desc = "Show progress in percent", }, UTIL_OPT_SECTION("MISC"), -@@ -311,7 +318,7 @@ static void draw_progress(int cyl, unsig +@@ -311,7 +318,7 @@ } if (g.print_hashmarks && (cyl / g.hashstep - hashcount) != 0) { @@ -103,7 +98,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c fflush(stdout); hashcount++; } -@@ -1573,7 +1580,11 @@ int main(int argc, char *argv[]) +@@ -1560,7 +1567,11 @@ char *reqsize_param_str = NULL; char *hashstep_str = NULL; @@ -116,7 +111,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c /* Establish a handler for interrupt signals. */ signal(SIGTERM, program_interrupt_signal); -@@ -1636,7 +1647,7 @@ int main(int argc, char *argv[]) +@@ -1623,7 +1634,7 @@ g.print_hashmarks = 1; } break; @@ -125,7 +120,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c if (!(g.print_hashmarks || g.print_progressbar)) g.print_percentage = 1; break; -@@ -1695,6 +1706,9 @@ int main(int argc, char *argv[]) +@@ -1682,6 +1693,9 @@ case OPT_NODISCARD: g.no_discard = 1; break; @@ -135,7 +130,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c case OPT_CHECK: g.check = 1; break; -@@ -1746,15 +1760,35 @@ int main(int argc, char *argv[]) +@@ -1733,15 +1747,35 @@ if (numdev > 1 && g.labelspec) error("Specifying a volser to be written doesn't make sense when formatting multiple DASD volumes."); diff --git a/s390-tools-sles15sp3-Implement-Y-yast_mode.patch b/s390-tools-sles15sp3-Implement-Y-yast_mode.patch index ac0d6c5..39f4dd4 100644 --- a/s390-tools-sles15sp3-Implement-Y-yast_mode.patch +++ b/s390-tools-sles15sp3-Implement-Y-yast_mode.patch @@ -7,25 +7,22 @@ Implement an option '-Y' to suppress most output. Signed-off-by: Hannes Reinecke --- - dasdfmt/dasdfmt.8 | 7 ++++++- - dasdfmt/dasdfmt.c | 27 ++++++++++++++++++++------- - dasdfmt/dasdfmt.h | 1 + - 3 files changed, 27 insertions(+), 8 deletions(-) + dasdfmt/dasdfmt.8 | 7 ++++- + dasdfmt/dasdfmt.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++------ + 2 files changed, 72 insertions(+), 8 deletions(-) -Index: s390-tools-2.30.0/dasdfmt/dasdfmt.8 -=================================================================== ---- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.8 -+++ s390-tools-2.30.0/dasdfmt/dasdfmt.8 +--- a/dasdfmt/dasdfmt.8 ++++ b/dasdfmt/dasdfmt.8 @@ -7,7 +7,7 @@ dasdfmt \- formatting of DASD (ECKD) disk drives. .SH SYNOPSIS --\fBdasdfmt\fR [-h] [-t] [-v] [-y] [-p] [-Q] [-P] [-m \fIstep\fR] -+\fBdasdfmt\fR [-h] [-t] [-v] [-y] [-p] [-Q] [-P] [-Y] [-m \fIstep\fR] +-\fBdasdfmt\fR [\-h] [\-t] [\-v] [\-y] [\-p] [\-Q] [\-P] [\-m \fIstep\fR] ++\fBdasdfmt\fR [\-h] [\-t] [\-v] [\-y] [\-p] [\-Q] [\-P] [\-Y] [\-m \fIstep\fR] .br - [-r \fIcylinder\fR] [-b \fIblksize\fR] [-l \fIvolser\fR] [-d \fIlayout\fR] + [\-r \fIcylinder\fR] [\-b \fIblksize\fR] [\-l \fIvolser\fR] [\-d \fIlayout\fR] .br -@@ -113,6 +113,11 @@ The value will be at least as big as the +@@ -112,6 +112,11 @@ .br .TP @@ -34,14 +31,12 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.8 +.br + +.TP - \fB-M\fR \fImode\fR or \fB--mode\fR=\fImode\fR + \fB\-M\fR \fImode\fR or \fB\-\-mode\fR=\fImode\fR Specify the \fImode\fR to be used to format the device. Valid modes are: .RS -Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c -=================================================================== ---- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.c -+++ s390-tools-2.30.0/dasdfmt/dasdfmt.c -@@ -83,6 +83,7 @@ static struct dasdfmt_globals { +--- a/dasdfmt/dasdfmt.c ++++ b/dasdfmt/dasdfmt.c +@@ -83,6 +83,7 @@ int ese; int no_discard; int procnum; @@ -49,7 +44,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c } g = { .dasd_info = { 0 }, }; -@@ -172,6 +173,10 @@ static struct util_opt opt_vec[] = { +@@ -172,6 +173,10 @@ .option = { "percentage", no_argument, NULL, 'Q' }, .desc = "Show progress in percent", }, @@ -60,7 +55,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c UTIL_OPT_SECTION("MISC"), { .option = { "check_host_count", no_argument, NULL, 'C' }, -@@ -318,7 +323,9 @@ static void draw_progress(int cyl, unsig +@@ -318,7 +323,9 @@ } if (g.print_hashmarks && (cyl / g.hashstep - hashcount) != 0) { @@ -71,7 +66,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c fflush(stdout); hashcount++; } -@@ -392,7 +399,7 @@ static void evaluate_format_error(format +@@ -392,7 +399,7 @@ unsigned int kl = 0; int blksize = cdata->expect.blksize; @@ -80,7 +75,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c printf("\n"); /* -@@ -780,8 +787,9 @@ static void check_hashmarks(void) +@@ -780,8 +787,9 @@ g.hashstep = 10; } @@ -92,7 +87,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c } } -@@ -1475,17 +1483,19 @@ static void do_format_dasd(volume_label_ +@@ -1462,17 +1470,19 @@ break; } @@ -115,7 +110,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c printf("ok\n"); } } -@@ -1561,6 +1571,7 @@ void process_dasd(volume_label_t *orig_v +@@ -1548,6 +1558,7 @@ error("%s", str); set_geo(&cylinders, &heads); @@ -123,7 +118,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c set_label(&vlabel, &format_params, cylinders); if (g.check) -@@ -1570,6 +1581,29 @@ void process_dasd(volume_label_t *orig_v +@@ -1557,6 +1568,29 @@ } @@ -153,7 +148,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c int main(int argc, char *argv[]) { volume_label_t vlabel; -@@ -1706,6 +1740,10 @@ int main(int argc, char *argv[]) +@@ -1693,6 +1727,10 @@ case OPT_NODISCARD: g.no_discard = 1; break; @@ -164,7 +159,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c case 'P': max_parallel = atoi(optarg); break; -@@ -1741,6 +1779,21 @@ int main(int argc, char *argv[]) +@@ -1728,6 +1766,21 @@ reqsize = DEFAULT_REQUESTSIZE; } @@ -186,7 +181,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c if (g.print_hashmarks) PARSE_PARAM_INTO(g.hashstep, hashstep_str, 10, "hashstep"); -@@ -1760,6 +1813,12 @@ int main(int argc, char *argv[]) +@@ -1747,6 +1800,12 @@ if (numdev > 1 && g.labelspec) error("Specifying a volser to be written doesn't make sense when formatting multiple DASD volumes."); diff --git a/s390-tools-sles15sp3-Implement-f-for-backwards-compability.patch b/s390-tools-sles15sp3-Implement-f-for-backwards-compability.patch index ae8ced6..ee1a9b9 100644 --- a/s390-tools-sles15sp3-Implement-f-for-backwards-compability.patch +++ b/s390-tools-sles15sp3-Implement-f-for-backwards-compability.patch @@ -9,39 +9,34 @@ version of YaST we should accept this option, too. Signed-off-by: Hannes Reinecke --- - dasdfmt/dasdfmt.8 | 6 +++++- - dasdfmt/dasdfmt.c | 8 ++++++++ - 2 files changed, 13 insertions(+), 1 deletion(-) + dasdfmt/dasdfmt.8 | 5 ++++- + dasdfmt/dasdfmt.c | 10 ++++++++++ + 2 files changed, 14 insertions(+), 1 deletion(-) -Index: s390-tools-2.30.0/dasdfmt/dasdfmt.8 -=================================================================== ---- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.8 -+++ s390-tools-2.30.0/dasdfmt/dasdfmt.8 -@@ -11,7 +11,7 @@ dasdfmt \- formatting of DASD (ECKD) dis +--- a/dasdfmt/dasdfmt.8 ++++ b/dasdfmt/dasdfmt.8 +@@ -11,7 +11,7 @@ .br - [-r \fIcylinder\fR] [-b \fIblksize\fR] [-l \fIvolser\fR] [-d \fIlayout\fR] + [\-r \fIcylinder\fR] [\-b \fIblksize\fR] [\-l \fIvolser\fR] [\-d \fIlayout\fR] .br -- [-L] [-V] [-F] [-k] [-C] [-M \fImode\fR] \fIdevice\fR [\fIdevice\fR] -+ [-L] [-V] [-F] [-k] [-C] [-M \fImode\fR] [-f \fIdevice\fR] [\fIdevice\fR] +- [\-L] [\-V] [\-F] [\-k] [\-C] [\-M \fImode\fR] \fIdevice\fR [\fIdevice\fR] ++ [\-L] [\-V] [\-F] [\-k] [\-C] [\-M \fImode\fR] [-f \fIdevice\fR] [\fIdevice\fR] .SH DESCRIPTION - \fBdasdfmt\fR formats one or several DASD (ECKD) disk drive to prepare it -@@ -42,6 +42,10 @@ out, what it \fBwould\fR do. - Increases verbosity. - + \fBdasdfmt\fR formats one or several DASD (ECKD) disk drive(s) to prepare them +@@ -39,6 +39,9 @@ .TP + \fB\-v\fR + Increases verbosity. ++.TP +\fB-f\fR \fIdevice\fR or \fB--device\fR=\fIdevice\fR +Specify device to format. For backwards compability only. -+ -+.TP - \fB-y\fR - Start formatting without further user-confirmation. -Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c -=================================================================== ---- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.c -+++ s390-tools-2.30.0/dasdfmt/dasdfmt.c -@@ -113,6 +113,10 @@ static struct util_opt opt_vec[] = { + .TP + \fB\-y\fR +--- a/dasdfmt/dasdfmt.c ++++ b/dasdfmt/dasdfmt.c +@@ -113,6 +113,10 @@ .desc = "Format devices in parallel", .flags = UTIL_OPT_FLAG_NOLONG, }, @@ -52,7 +47,7 @@ Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c UTIL_OPT_SECTION("FORMAT OPTIONS"), { .option = { "blocksize", required_argument, NULL, 'b' }, -@@ -1662,6 +1666,12 @@ int main(int argc, char *argv[]) +@@ -1649,6 +1653,12 @@ } g.layout_specified = 1; break; diff --git a/s390-tools-sles15sp5-01-rust-pv-support-Armonk-in-IBM-signing-key-subject.patch b/s390-tools-sles15sp5-01-rust-pv-support-Armonk-in-IBM-signing-key-subject.patch deleted file mode 100644 index e4704df..0000000 --- a/s390-tools-sles15sp5-01-rust-pv-support-Armonk-in-IBM-signing-key-subject.patch +++ /dev/null @@ -1,286 +0,0 @@ -Index: s390-tools-service/rust/pv/src/verify.rs -=================================================================== ---- s390-tools-service.orig/rust/pv/src/verify.rs -+++ s390-tools-service/rust/pv/src/verify.rs -@@ -3,10 +3,11 @@ - // Copyright IBM Corp. 2023 - - use core::slice; --use log::debug; -+use log::{debug, trace}; -+use openssl::error::ErrorStack; - use openssl::stack::Stack; - use openssl::x509::store::X509Store; --use openssl::x509::{CrlStatus, X509Ref, X509StoreContext, X509}; -+use openssl::x509::{CrlStatus, X509NameRef, X509Ref, X509StoreContext, X509StoreContextRef, X509}; - use openssl_extensions::crl::StackableX509Crl; - use openssl_extensions::crl::X509StoreContextExtension; - -@@ -82,8 +83,8 @@ impl HkdVerifier for CertVerifier { - if verified_crls.is_empty() { - bail_hkd_verify!(NoCrl); - } -- for crl in &verified_crls { -- match crl.get_by_cert(&hkd.to_owned()) { -+ for crl in verified_crls { -+ match crl.get_by_serial(hkd.serial_number()) { - CrlStatus::NotRevoked => (), - _ => bail_hkd_verify!(HdkRevoked), - } -@@ -94,21 +95,54 @@ impl HkdVerifier for CertVerifier { - } - - impl CertVerifier { -+ fn quirk_crls( -+ ctx: &mut X509StoreContextRef, -+ subject: &X509NameRef, -+ ) -> Result, ErrorStack> { -+ match ctx.crls(subject) { -+ Ok(ret) if !ret.is_empty() => return Ok(ret), -+ _ => (), -+ } -+ -+ // Armonk/Poughkeepsie fixup -+ trace!("quirk_crls: Try Locality"); -+ if let Some(locality_subject) = helper::armonk_locality_fixup(subject) { -+ match ctx.crls(&locality_subject) { -+ Ok(ret) if !ret.is_empty() => return Ok(ret), -+ _ => (), -+ } -+ -+ // reorder -+ trace!("quirk_crls: Try Locality+Reorder"); -+ if let Ok(locality_ordered_subject) = helper::reorder_x509_names(&locality_subject) { -+ match ctx.crls(&locality_ordered_subject) { -+ Ok(ret) if !ret.is_empty() => return Ok(ret), -+ _ => (), -+ } -+ } -+ } -+ -+ // reorder unchanged loaciliy subject -+ trace!("quirk_crls: Try Reorder"); -+ if let Ok(ordered_subject) = helper::reorder_x509_names(subject) { -+ match ctx.crls(&ordered_subject) { -+ Ok(ret) if !ret.is_empty() => return Ok(ret), -+ _ => (), -+ } -+ } -+ // nothing found, return empty stack -+ Stack::new() -+ } -+ - ///Download the CLRs that a HKD refers to. - pub fn hkd_crls(&self, hkd: &X509Ref) -> Result> { - let mut ctx = X509StoreContext::new()?; - // Unfortunately we cannot use a dedicated function here and have to use a closure (E0434) - // Otherwise, we cannot refer to self -+ // Search for local CRLs - let mut crls = ctx.init_opt(&self.store, None, None, |ctx| { - let subject = self.ibm_z_sign_key.subject_name(); -- match ctx.crls(subject) { -- Ok(crls) => Ok(crls), -- _ => { -- // reorder the name and try again -- let broken_subj = helper::reorder_x509_names(subject)?; -- ctx.crls(&broken_subj).or_else(helper::stack_err_hlp) -- } -- } -+ Self::quirk_crls(ctx, subject) - })?; - - if !self.offline { -Index: s390-tools-service/rust/pv/src/verify/helper.rs -=================================================================== ---- s390-tools-service.orig/rust/pv/src/verify/helper.rs -+++ s390-tools-service/rust/pv/src/verify/helper.rs -@@ -13,7 +13,7 @@ use openssl::{ - error::ErrorStack, - nid::Nid, - ssl::SslFiletype, -- stack::{Stack, Stackable}, -+ stack::Stack, - x509::{ - store::{File, X509Lookup, X509StoreBuilder, X509StoreBuilderRef, X509StoreRef}, - verify::{X509VerifyFlags, X509VerifyParam}, -@@ -25,6 +25,7 @@ use openssl_extensions::{ - akid::{AkidCheckResult, AkidExtension}, - crl::X509StoreExtension, - }; -+use std::str::from_utf8; - use std::{cmp::Ordering, ffi::c_int, time::Duration, usize}; - - /// Minimum security level for the keys/certificates used to establish a chain of -@@ -39,7 +40,6 @@ const SECURITY_CHAIN_MAX_LEN: c_int = 2; - /// verifies that the HKD - /// * has enough security bits - /// * is inside its validity period --/// * issuer name is the subject name of the [`sign_key`] - /// * the Authority Key ID matches the Signing Key ID of the [`sign_key`] - pub fn verify_hkd_options(hkd: &X509Ref, sign_key: &X509Ref) -> Result<()> { - let hk_pkey = hkd.public_key()?; -@@ -53,9 +53,6 @@ pub fn verify_hkd_options(hkd: &X509Ref, - // verify that the hkd is still valid - check_validity_period(hkd.not_before(), hkd.not_after())?; - -- // check if hkd.issuer_name == issuer.subject -- check_x509_name_equal(sign_key.subject_name(), hkd.issuer_name())?; -- - // verify that the AKID of the hkd matches the SKID of the issuer - if let Some(akid) = hkd.akid() { - if akid.check(sign_key) != AkidCheckResult::OK { -@@ -75,9 +72,6 @@ pub fn verify_crl(crl: &X509CrlRef, issu - return None; - } - } -- -- check_x509_name_equal(crl.issuer_name(), issuer.subject_name()).ok()?; -- - match crl.verify(issuer.public_key().ok()?.as_ref()).ok()? { - true => Some(()), - false => None, -@@ -207,7 +201,8 @@ pub fn download_crls_into_store(store: & - //Asn1StringRef::as_slice aka ASN1_STRING_get0_data gives a string without \0 delimiter - const IBM_Z_COMMON_NAME: &[u8; 43usize] = b"International Business Machines Corporation"; - const IBM_Z_COUNTRY_NAME: &[u8; 2usize] = b"US"; --const IBM_Z_LOCALITY_NAME: &[u8; 12usize] = b"Poughkeepsie"; -+const IBM_Z_LOCALITY_NAME_POUGHKEEPSIE: &[u8; 12usize] = b"Poughkeepsie"; -+const IBM_Z_LOCALITY_NAME_ARMONK: &[u8; 6usize] = b"Armonk"; - const IBM_Z_ORGANIZATIONAL_UNIT_NAME_SUFFIX: &str = "Key Signing Service"; - const IBM_Z_ORGANIZATION_NAME: &[u8; 43usize] = b"International Business Machines Corporation"; - const IBM_Z_STATE: &[u8; 8usize] = b"New York"; -@@ -226,7 +221,8 @@ fn is_ibm_signing_cert(cert: &X509) -> b - if subj.entries().count() != IMB_Z_ENTRY_COUNT - || !name_data_eq(subj, Nid::COUNTRYNAME, IBM_Z_COUNTRY_NAME) - || !name_data_eq(subj, Nid::STATEORPROVINCENAME, IBM_Z_STATE) -- || !name_data_eq(subj, Nid::LOCALITYNAME, IBM_Z_LOCALITY_NAME) -+ || !(name_data_eq(subj, Nid::LOCALITYNAME, IBM_Z_LOCALITY_NAME_POUGHKEEPSIE) -+ || name_data_eq(subj, Nid::LOCALITYNAME, IBM_Z_LOCALITY_NAME_ARMONK)) - || !name_data_eq(subj, Nid::ORGANIZATIONNAME, IBM_Z_ORGANIZATION_NAME) - || !name_data_eq(subj, Nid::COMMONNAME, IBM_Z_COMMON_NAME) - { -@@ -367,24 +363,6 @@ fn check_validity_period(not_before: &As - } - } - --fn check_x509_name_equal(lhs: &X509NameRef, rhs: &X509NameRef) -> Result<()> { -- if lhs.entries().count() != rhs.entries().count() { -- bail_hkd_verify!(IssuerMismatch); -- } -- -- for l in lhs.entries() { -- // search for the matching value in the rhs names -- // found none? -> names are not equal -- if !rhs -- .entries() -- .any(|r| l.data().as_slice() == r.data().as_slice()) -- { -- bail_hkd_verify!(IssuerMismatch); -- } -- } -- Ok(()) --} -- - const NIDS_CORRECT_ORDER: [Nid; 6] = [ - Nid::COUNTRYNAME, - Nid::ORGANIZATIONNAME, -@@ -407,13 +385,28 @@ pub fn reorder_x509_names(subject: &X509 - Ok(correct_subj.build()) - } - --pub fn stack_err_hlp( -- e: ErrorStack, --) -> std::result::Result, openssl::error::ErrorStack> { -- match e.errors().len() { -- 0 => Stack::::new(), -- _ => Err(e), -+/** -+* Workaround for potential locality mismatches between CRLs and Certs -+* # Return -+* fixed subject or none if locality was not Armonk or any OpenSSL error -+*/ -+pub fn armonk_locality_fixup(subject: &X509NameRef) -> Option { -+ if !name_data_eq(subject, Nid::LOCALITYNAME, IBM_Z_LOCALITY_NAME_ARMONK) { -+ return None; -+ } -+ -+ let mut ret = X509Name::builder().ok()?; -+ for entry in subject.entries() { -+ match entry.object().nid() { -+ nid @ Nid::LOCALITYNAME => ret -+ .append_entry_by_nid(nid, from_utf8(IBM_Z_LOCALITY_NAME_POUGHKEEPSIE).ok()?) -+ .ok()?, -+ _ => { -+ ret.append_entry(entry).ok()?; -+ } -+ } - } -+ Some(ret.build()) - } - - #[cfg(test)] -@@ -451,20 +444,6 @@ mod test { - )); - } - -- #[test] -- fn x509_name_equal() { -- let sign_crt = load_gen_cert("ibm.crt"); -- let hkd = load_gen_cert("host.crt"); -- let other = load_gen_cert("inter_ca.crt"); -- -- assert!(super::check_x509_name_equal(sign_crt.subject_name(), hkd.issuer_name()).is_ok(),); -- -- assert!(matches!( -- super::check_x509_name_equal(other.subject_name(), hkd.subject_name()), -- Err(Error::HkdVerify(IssuerMismatch)) -- )); -- } -- - #[test] - fn is_ibm_z_sign_key() { - let ibm_crt = load_gen_cert("ibm.crt"); -Index: s390-tools-service/rust/pv/src/verify/test.rs -=================================================================== ---- s390-tools-service.orig/rust/pv/src/verify/test.rs -+++ s390-tools-service/rust/pv/src/verify/test.rs -@@ -84,7 +84,6 @@ fn verify_online() { - let inter_crt = get_cert_asset_path_string("inter_ca.crt"); - let ibm_crt = get_cert_asset_path_string("ibm.crt"); - let hkd_revoked = load_gen_cert("host_rev.crt"); -- let hkd_inv = load_gen_cert("host_invalid_signing_key.crt"); - let hkd_exp = load_gen_cert("host_crt_expired.crt"); - let hkd = load_gen_cert("host.crt"); - -@@ -112,11 +111,6 @@ fn verify_online() { - )); - - assert!(matches!( -- verifier.verify(&hkd_inv), -- Err(Error::HkdVerify(IssuerMismatch)) -- )); -- -- assert!(matches!( - verifier.verify(&hkd_exp), - Err(Error::HkdVerify(AfterValidity)) - )); -@@ -130,7 +124,6 @@ fn verify_offline() { - let ibm_crt = get_cert_asset_path_string("ibm.crt"); - let ibm_crl = get_cert_asset_path_string("ibm.crl"); - let hkd_revoked = load_gen_cert("host_rev.crt"); -- let hkd_inv = load_gen_cert("host_invalid_signing_key.crt"); - let hkd_exp = load_gen_cert("host_crt_expired.crt"); - let hkd = load_gen_cert("host.crt"); - -@@ -149,11 +142,6 @@ fn verify_offline() { - )); - - assert!(matches!( -- verifier.verify(&hkd_inv), -- Err(Error::HkdVerify(IssuerMismatch)) -- )); -- -- assert!(matches!( - verifier.verify(&hkd_exp), - Err(Error::HkdVerify(AfterValidity)) - )); diff --git a/s390-tools-sles15sp5-remove-no-pie-link-arguments.patch b/s390-tools-sles15sp5-remove-no-pie-link-arguments.patch index 22cbbb8..862f2f9 100644 --- a/s390-tools-sles15sp5-remove-no-pie-link-arguments.patch +++ b/s390-tools-sles15sp5-remove-no-pie-link-arguments.patch @@ -1,8 +1,10 @@ -Index: s390-tools-2.30.0/common.mak -=================================================================== ---- s390-tools-2.30.0.orig/common.mak -+++ s390-tools-2.30.0/common.mak -@@ -338,8 +338,8 @@ export INSTALL CFLAGS CXXFLAGS \ +--- + common.mak | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/common.mak ++++ b/common.mak +@@ -338,8 +338,8 @@ LDFLAGS CPPFLAGS ALL_CFLAGS ALL_CXXFLAGS ALL_LDFLAGS ALL_CPPFLAGS ifneq ($(shell $(CC_SILENT) -dumpspecs 2>/dev/null | grep -e '[^f]no-pie'),) diff --git a/s390-tools-sles15sp6-02-genprotimg-support-Armonk-in-IBM-signing-key-subject.patch b/s390-tools-sles15sp6-02-genprotimg-support-Armonk-in-IBM-signing-key-subject.patch deleted file mode 100644 index 8b09d05..0000000 --- a/s390-tools-sles15sp6-02-genprotimg-support-Armonk-in-IBM-signing-key-subject.patch +++ /dev/null @@ -1,304 +0,0 @@ -Index: s390-tools-service/genprotimg/src/include/pv_crypto_def.h -=================================================================== ---- s390-tools-service.orig/genprotimg/src/include/pv_crypto_def.h -+++ s390-tools-service/genprotimg/src/include/pv_crypto_def.h -@@ -17,7 +17,8 @@ - /* IBM signing key subject */ - #define PV_IBM_Z_SUBJECT_COMMON_NAME "International Business Machines Corporation" - #define PV_IBM_Z_SUBJECT_COUNTRY_NAME "US" --#define PV_IBM_Z_SUBJECT_LOCALITY_NAME "Poughkeepsie" -+#define PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE "Poughkeepsie" -+#define PV_IBM_Z_SUBJECT_LOCALITY_NAME_ARMONK "Armonk" - #define PV_IBM_Z_SUBJECT_ORGANIZATIONONAL_UNIT_NAME_SUFFIX "Key Signing Service" - #define PV_IBM_Z_SUBJECT_ORGANIZATION_NAME "International Business Machines Corporation" - #define PV_IBM_Z_SUBJECT_STATE "New York" -Index: s390-tools-service/genprotimg/src/utils/crypto.c -=================================================================== ---- s390-tools-service.orig/genprotimg/src/utils/crypto.c -+++ s390-tools-service/genprotimg/src/utils/crypto.c -@@ -664,62 +664,9 @@ static gboolean x509_name_data_by_nid_eq - return memcmp(data, y, data_len) == 0; - } - --static gboolean own_X509_NAME_ENTRY_equal(const X509_NAME_ENTRY *x, -- const X509_NAME_ENTRY *y) --{ -- const ASN1_OBJECT *x_obj = X509_NAME_ENTRY_get_object(x); -- const ASN1_STRING *x_data = X509_NAME_ENTRY_get_data(x); -- const ASN1_OBJECT *y_obj = X509_NAME_ENTRY_get_object(y); -- const ASN1_STRING *y_data = X509_NAME_ENTRY_get_data(y); -- gint x_len = ASN1_STRING_length(x_data); -- gint y_len = ASN1_STRING_length(y_data); -- -- if (x_len < 0 || x_len != y_len) -- return FALSE; -- -- /* ASN1_STRING_cmp(x_data, y_data) == 0 doesn't work because it also -- * compares the type, which is sometimes different. -- */ -- return OBJ_cmp(x_obj, y_obj) == 0 && -- memcmp(ASN1_STRING_get0_data(x_data), -- ASN1_STRING_get0_data(y_data), -- (unsigned long)x_len) == 0; --} -- --static gboolean own_X509_NAME_equal(const X509_NAME *x, const X509_NAME *y) --{ -- gint x_count = X509_NAME_entry_count(x); -- gint y_count = X509_NAME_entry_count(y); -- -- if (x != y && (!x || !y)) -- return FALSE; -- -- if (x_count != y_count) -- return FALSE; -- -- for (gint i = 0; i < x_count; i++) { -- const X509_NAME_ENTRY *entry_i = X509_NAME_get_entry(x, i); -- gboolean entry_found = FALSE; -- -- for (gint j = 0; j < y_count; j++) { -- const X509_NAME_ENTRY *entry_j = -- X509_NAME_get_entry(y, j); -- -- if (own_X509_NAME_ENTRY_equal(entry_i, entry_j)) { -- entry_found = TRUE; -- break; -- } -- } -- -- if (!entry_found) -- return FALSE; -- } -- return TRUE; --} -- - /* Checks whether the subject of @cert is a IBM signing key subject. For this we - * must check that the subject is equal to: 'C = US, ST = New York, L = -- * Poughkeepsie, O = International Business Machines Corporation, CN = -+ * Poughkeepsie or Armonk, O = International Business Machines Corporation, CN = - * International Business Machines Corporation' and the organization unit (OUT) - * must end with the suffix ' Key Signing Service'. - */ -@@ -743,8 +690,10 @@ static gboolean has_ibm_signing_subject( - PV_IBM_Z_SUBJECT_STATE)) - return FALSE; - -- if (!x509_name_data_by_nid_equal(subject, NID_localityName, -- PV_IBM_Z_SUBJECT_LOCALITY_NAME)) -+ if (!(x509_name_data_by_nid_equal(subject, NID_localityName, -+ PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE) || -+ x509_name_data_by_nid_equal(subject, NID_localityName, -+ PV_IBM_Z_SUBJECT_LOCALITY_NAME_ARMONK))) - return FALSE; - - if (!x509_name_data_by_nid_equal(subject, NID_organizationName, -@@ -806,6 +755,39 @@ static X509_NAME *x509_name_reorder_attr - return g_steal_pointer(&ret); - } - -+/** Replace locality 'Armonk' with 'Pougkeepsie'. If Armonk was not set return -+ * `NULL`. -+ */ -+static X509_NAME *x509_armonk_locality_fixup(const X509_NAME *name) -+{ -+ g_autoptr(X509_NAME) ret = NULL; -+ int pos; -+ -+ /* Check if ``L=Armonk`` */ -+ if (!x509_name_data_by_nid_equal((X509_NAME *)name, NID_localityName, -+ PV_IBM_Z_SUBJECT_LOCALITY_NAME_ARMONK)) -+ return NULL; -+ -+ ret = X509_NAME_dup(name); -+ if (!ret) -+ g_abort(); -+ -+ pos = X509_NAME_get_index_by_NID(ret, NID_localityName, -1); -+ if (pos == -1) -+ return NULL; -+ -+ X509_NAME_ENTRY_free(X509_NAME_delete_entry(ret, pos)); -+ -+ /* Create a new name entry at the same position as before */ -+ if (X509_NAME_add_entry_by_NID( -+ ret, NID_localityName, MBSTRING_UTF8, -+ (const unsigned char *)&PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE, -+ sizeof(PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE) - 1, pos, 0) != 1) -+ return NULL; -+ -+ return g_steal_pointer(&ret); -+} -+ - /* In RFC 5280 the attributes of a (subject/issuer) name is not mandatory - * ordered. The problem is that our certificates are not consistent in the order - * (see https://tools.ietf.org/html/rfc5280#section-4.1.2.4 for details). -@@ -828,24 +810,10 @@ X509_NAME *c2b_name(const X509_NAME *nam - return X509_NAME_dup((X509_NAME *)name); - } - --/* Verify that: subject(issuer) == issuer(crl) and SKID(issuer) == AKID(crl) */ -+/* Verify that SKID(issuer) == AKID(crl) if available */ - static gint check_crl_issuer(X509_CRL *crl, X509 *issuer, GError **err) - { -- const X509_NAME *crl_issuer = X509_CRL_get_issuer(crl); -- const X509_NAME *issuer_subject = X509_get_subject_name(issuer); -- AUTHORITY_KEYID *akid = NULL; -- -- if (!own_X509_NAME_equal(issuer_subject, crl_issuer)) { -- g_autofree char *issuer_subject_str = X509_NAME_oneline(issuer_subject, -- NULL, 0); -- g_autofree char *crl_issuer_str = X509_NAME_oneline(crl_issuer, NULL, 0); -- -- g_set_error(err, PV_CRYPTO_ERROR, -- PV_CRYPTO_ERROR_CRL_SUBJECT_ISSUER_MISMATCH, -- _("issuer mismatch:\n%s\n%s"), -- issuer_subject_str, crl_issuer_str); -- return -1; -- } -+ g_autoptr(AUTHORITY_KEYID) akid = NULL; - - /* If AKID(@crl) is specified it must match with SKID(@issuer) */ - akid = X509_CRL_get_ext_d2i(crl, NID_authority_key_identifier, NULL, NULL); -@@ -881,7 +849,6 @@ gint check_crl_valid_for_cert(X509_CRL * - return -1; - } - -- /* check that the @crl issuer matches with the subject name of @cert*/ - if (check_crl_issuer(crl, cert, err) < 0) - return -1; - -@@ -910,6 +877,60 @@ gint check_crl_valid_for_cert(X509_CRL * - return 0; - } - -+/* This function contains work-arounds for some known subject(CRT)<->issuer(CRL) -+ * issues. -+ */ -+static STACK_OF_X509_CRL *quirk_X509_STORE_ctx_get1_crls(X509_STORE_CTX *ctx, -+ const X509_NAME *subject, GError **err) -+{ -+ g_autoptr(X509_NAME) fixed_subject = NULL; -+ g_autoptr(STACK_OF_X509_CRL) ret = NULL; -+ -+ ret = Pv_X509_STORE_CTX_get1_crls(ctx, subject); -+ if (ret && sk_X509_CRL_num(ret) > 0) -+ return g_steal_pointer(&ret); -+ -+ /* Workaround to fix the mismatch between issuer name of the * IBM -+ * signing CRLs and the IBM signing key subject name. Locality name has -+ * changed from Poughkeepsie to Armonk. -+ */ -+ fixed_subject = x509_armonk_locality_fixup(subject); -+ /* Was the locality replaced? */ -+ if (fixed_subject) { -+ X509_NAME *tmp; -+ -+ sk_X509_CRL_free(ret); -+ ret = Pv_X509_STORE_CTX_get1_crls(ctx, fixed_subject); -+ if (ret && sk_X509_CRL_num(ret) > 0) -+ return g_steal_pointer(&ret); -+ -+ /* Workaround to fix the ordering mismatch between issuer name -+ * of the IBM signing CRLs and the IBM signing key subject name. -+ */ -+ tmp = fixed_subject; -+ fixed_subject = c2b_name(fixed_subject); -+ X509_NAME_free(tmp); -+ sk_X509_CRL_free(ret); -+ ret = Pv_X509_STORE_CTX_get1_crls(ctx, fixed_subject); -+ if (ret && sk_X509_CRL_num(ret) > 0) -+ return g_steal_pointer(&ret); -+ X509_NAME_free(fixed_subject); -+ fixed_subject = NULL; -+ } -+ -+ /* Workaround to fix the ordering mismatch between issuer name of the -+ * IBM signing CRLs and the IBM signing key subject name. -+ */ -+ fixed_subject = c2b_name(subject); -+ sk_X509_CRL_free(ret); -+ ret = Pv_X509_STORE_CTX_get1_crls(ctx, fixed_subject); -+ if (ret && sk_X509_CRL_num(ret) > 0) -+ return g_steal_pointer(&ret); -+ -+ g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_NO_CRL, _("no CRL found")); -+ return NULL; -+} -+ - /* Given a certificate @cert try to find valid revocation lists in @ctx. If no - * valid CRL was found NULL is returned. - */ -@@ -927,20 +948,9 @@ STACK_OF_X509_CRL *store_ctx_find_valid_ - return NULL; - } - -- ret = X509_STORE_CTX_get1_crls(ctx, subject); -- if (!ret) { -- /* Workaround to fix the mismatch between issuer name of the -- * IBM Z signing CRLs and the IBM Z signing key subject name. -- */ -- g_autoptr(X509_NAME) broken_subject = c2b_name(subject); -- -- ret = X509_STORE_CTX_get1_crls(ctx, broken_subject); -- if (!ret) { -- g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_NO_CRL, -- _("no CRL found")); -- return NULL; -- } -- } -+ ret = quirk_X509_STORE_ctx_get1_crls(ctx, subject, err); -+ if (!ret) -+ return NULL; - - /* Filter out non-valid CRLs for @cert */ - for (gint i = 0; i < sk_X509_CRL_num(ret); i++) { -@@ -1328,32 +1338,14 @@ gint check_chain_parameters(const STACK_ - - /* It's almost the same as X509_check_issed from OpenSSL does except that we - * don't check the key usage of the potential issuer. This means we check: -- * 1. issuer_name(cert) == subject_name(issuer) -- * 2. Check whether the akid(cert) (if available) matches the issuer skid -- * 3. Check that the cert algrithm matches the subject algorithm -- * 4. Verify the signature of certificate @cert is using the public key of -+ * 1. Check whether the akid(cert) (if available) matches the issuer skid -+ * 2. Check that the cert algrithm matches the subject algorithm -+ * 3. Verify the signature of certificate @cert is using the public key of - * @issuer. - */ - static gint check_host_key_issued(X509 *cert, X509 *issuer, GError **err) - { -- const X509_NAME *issuer_subject = X509_get_subject_name(issuer); -- const X509_NAME *cert_issuer = X509_get_issuer_name(cert); -- AUTHORITY_KEYID *akid = NULL; -- -- /* We cannot use X509_NAME_cmp() because it considers the order of the -- * X509_NAME_Entries. -- */ -- if (!own_X509_NAME_equal(issuer_subject, cert_issuer)) { -- g_autofree char *issuer_subject_str = -- X509_NAME_oneline(issuer_subject, NULL, 0); -- g_autofree char *cert_issuer_str = -- X509_NAME_oneline(cert_issuer, NULL, 0); -- g_set_error(err, PV_CRYPTO_ERROR, -- PV_CRYPTO_ERROR_CERT_SUBJECT_ISSUER_MISMATCH, -- _("Subject issuer mismatch:\n'%s'\n'%s'"), -- issuer_subject_str, cert_issuer_str); -- return -1; -- } -+ g_autoptr(AUTHORITY_KEYID) akid = NULL; - - akid = X509_get_ext_d2i(cert, NID_authority_key_identifier, NULL, NULL); - if (akid && X509_check_akid(issuer, akid) != X509_V_OK) { -Index: s390-tools-service/genprotimg/src/utils/crypto.h -=================================================================== ---- s390-tools-service.orig/genprotimg/src/utils/crypto.h -+++ s390-tools-service/genprotimg/src/utils/crypto.h -@@ -75,6 +75,7 @@ void x509_pair_free(x509_pair *pair); - /* Register auto cleanup functions */ - WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(ASN1_INTEGER, ASN1_INTEGER_free) - WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(ASN1_OCTET_STRING, ASN1_OCTET_STRING_free) -+WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(AUTHORITY_KEYID, AUTHORITY_KEYID_free) - WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(BIGNUM, BN_free) - WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(BIO, BIO_free_all) - WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(BN_CTX, BN_CTX_free) diff --git a/s390-tools-sles15sp6-03-libpv-support-Armonk-in-IBM-signing-key-subject.patch b/s390-tools-sles15sp6-03-libpv-support-Armonk-in-IBM-signing-key-subject.patch deleted file mode 100644 index b4d41d8..0000000 --- a/s390-tools-sles15sp6-03-libpv-support-Armonk-in-IBM-signing-key-subject.patch +++ /dev/null @@ -1,224 +0,0 @@ -Index: s390-tools-service/include/libpv/cert.h -=================================================================== ---- s390-tools-service.orig/include/libpv/cert.h -+++ s390-tools-service/include/libpv/cert.h -@@ -16,7 +16,8 @@ - - #define PV_IBM_Z_SUBJECT_COMMON_NAME "International Business Machines Corporation" - #define PV_IBM_Z_SUBJECT_COUNTRY_NAME "US" --#define PV_IBM_Z_SUBJECT_LOCALITY_NAME "Poughkeepsie" -+#define PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE "Poughkeepsie" -+#define PV_IBM_Z_SUBJECT_LOCALITY_NAME_ARMONK "Armonk" - #define PV_IBM_Z_SUBJECT_ORGANIZATIONAL_UNIT_NAME_SUFFIX "Key Signing Service" - #define PV_IBM_Z_SUBJECT_ORGANIZATION_NAME "International Business Machines Corporation" - #define PV_IBM_Z_SUBJECT_STATE "New York" -Index: s390-tools-service/libpv/cert.c -=================================================================== ---- s390-tools-service.orig/libpv/cert.c -+++ s390-tools-service/libpv/cert.c -@@ -857,7 +857,7 @@ static gboolean x509_name_data_by_nid_eq - - /* Checks whether the subject of @cert is a IBM signing key subject. For this we - * must check that the subject is equal to: 'C = US, ST = New York, L = -- * Poughkeepsie, O = International Business Machines Corporation, CN = -+ * Poughkeepsie or Armonk, O = International Business Machines Corporation, CN = - * International Business Machines Corporation' and the organization unit (OUT) - * must end with the suffix ' Key Signing Service'. - */ -@@ -879,7 +879,10 @@ static gboolean has_ibm_signing_subject( - if (!x509_name_data_by_nid_equal(subject, NID_stateOrProvinceName, PV_IBM_Z_SUBJECT_STATE)) - return FALSE; - -- if (!x509_name_data_by_nid_equal(subject, NID_localityName, PV_IBM_Z_SUBJECT_LOCALITY_NAME)) -+ if (!(x509_name_data_by_nid_equal(subject, NID_localityName, -+ PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE) || -+ x509_name_data_by_nid_equal(subject, NID_localityName, -+ PV_IBM_Z_SUBJECT_LOCALITY_NAME_ARMONK))) - return FALSE; - - if (!x509_name_data_by_nid_equal(subject, NID_organizationName, -@@ -1085,10 +1088,9 @@ static int check_signature_algo_match(co - - /* It's almost the same as X509_check_issed from OpenSSL does except that we - * don't check the key usage of the potential issuer. This means we check: -- * 1. issuer_name(cert) == subject_name(issuer) -- * 2. Check whether the akid(cert) (if available) matches the issuer skid -- * 3. Check that the cert algrithm matches the subject algorithm -- * 4. Verify the signature of certificate @cert is using the public key of -+ * 1. Check whether the akid(cert) (if available) matches the issuer skid -+ * 2. Check that the cert algrithm matches the subject algorithm -+ * 3. Verify the signature of certificate @cert is using the public key of - * @issuer. - */ - static int check_host_key_issued(X509 *cert, X509 *issuer, GError **error) -@@ -1097,19 +1099,6 @@ static int check_host_key_issued(X509 *c - const X509_NAME *cert_issuer = X509_get_issuer_name(cert); - g_autoptr(AUTHORITY_KEYID) akid = NULL; - -- /* We cannot use X509_NAME_cmp() because it considers the order of the -- * X509_NAME_Entries. -- */ -- if (!own_X509_NAME_equal(issuer_subject, cert_issuer)) { -- g_autofree char *issuer_subject_str = pv_X509_NAME_oneline(issuer_subject); -- g_autofree char *cert_issuer_str = pv_X509_NAME_oneline(cert_issuer); -- -- g_set_error(error, PV_CERT_ERROR, PV_CERT_ERROR_CERT_SUBJECT_ISSUER_MISMATCH, -- _("Subject issuer mismatch:\n'%s'\n'%s'"), issuer_subject_str, -- cert_issuer_str); -- return -1; -- } -- - akid = X509_get_ext_d2i(cert, NID_authority_key_identifier, NULL, NULL); - if (akid && X509_check_akid(issuer, akid) != X509_V_OK) { - g_set_error(error, PV_CERT_ERROR, PV_CERT_ERROR_SKID_AKID_MISMATCH, -@@ -1286,21 +1275,10 @@ int pv_verify_cert(X509_STORE_CTX *ctx, - return 0; - } - --/* Verify that: subject(issuer) == issuer(crl) and SKID(issuer) == AKID(crl) */ -+/* Verify that SKID(issuer) == AKID(crl) */ - static int check_crl_issuer(X509_CRL *crl, X509 *issuer, GError **error) - { -- const X509_NAME *crl_issuer = X509_CRL_get_issuer(crl); -- const X509_NAME *issuer_subject = X509_get_subject_name(issuer); -- AUTHORITY_KEYID *akid = NULL; -- -- if (!own_X509_NAME_equal(issuer_subject, crl_issuer)) { -- g_autofree char *issuer_subject_str = pv_X509_NAME_oneline(issuer_subject); -- g_autofree char *crl_issuer_str = pv_X509_NAME_oneline(crl_issuer); -- -- g_set_error(error, PV_CERT_ERROR, PV_CERT_ERROR_CRL_SUBJECT_ISSUER_MISMATCH, -- _("issuer mismatch:\n%s\n%s"), issuer_subject_str, crl_issuer_str); -- return -1; -- } -+ g_autoptr(AUTHORITY_KEYID) akid = NULL; - - /* If AKID(@crl) is specified it must match with SKID(@issuer) */ - akid = X509_CRL_get_ext_d2i(crl, NID_authority_key_identifier, NULL, NULL); -@@ -1325,7 +1303,6 @@ int pv_verify_crl(X509_CRL *crl, X509 *c - return -1; - } - -- /* check that the @crl issuer matches with the subject name of @cert*/ - if (check_crl_issuer(crl, cert, error) < 0) - return -1; - -@@ -1393,6 +1370,93 @@ int pv_check_chain_parameters(const STAC - return 0; - } - -+/** Replace locality 'Armonk' with 'Pougkeepsie'. If Armonk was not set return -+ * `NULL`. -+ */ -+static X509_NAME *x509_armonk_locality_fixup(const X509_NAME *name) -+{ -+ g_autoptr(X509_NAME) ret = NULL; -+ int pos; -+ -+ /* Check if ``L=Armonk`` */ -+ if (!x509_name_data_by_nid_equal((X509_NAME *)name, NID_localityName, -+ PV_IBM_Z_SUBJECT_LOCALITY_NAME_ARMONK)) -+ return NULL; -+ -+ ret = X509_NAME_dup(name); -+ if (!ret) -+ g_abort(); -+ -+ pos = X509_NAME_get_index_by_NID(ret, NID_localityName, -1); -+ if (pos == -1) -+ return NULL; -+ -+ X509_NAME_ENTRY_free(X509_NAME_delete_entry(ret, pos)); -+ -+ /* Create a new name entry at the same position as before */ -+ if (X509_NAME_add_entry_by_NID( -+ ret, NID_localityName, MBSTRING_UTF8, -+ (const unsigned char *)&PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE, -+ sizeof(PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE) - 1, pos, 0) != 1) -+ return NULL; -+ -+ return g_steal_pointer(&ret); -+} -+ -+/* This function contains work-arounds for some known subject(CRT)<->issuer(CRL) -+ * issues. -+ */ -+static STACK_OF_X509_CRL *quirk_X509_STORE_ctx_get1_crls(X509_STORE_CTX *ctx, -+ const X509_NAME *subject, GError **err) -+{ -+ g_autoptr(X509_NAME) fixed_subject = NULL; -+ g_autoptr(STACK_OF_X509_CRL) ret = NULL; -+ -+ ret = pv_X509_STORE_CTX_get1_crls(ctx, subject); -+ if (ret && sk_X509_CRL_num(ret) > 0) -+ return g_steal_pointer(&ret); -+ -+ /* Workaround to fix the mismatch between issuer name of the * IBM -+ * signing CRLs and the IBM signing key subject name. Locality name has -+ * changed from Poughkeepsie to Armonk. -+ */ -+ fixed_subject = x509_armonk_locality_fixup(subject); -+ /* Was the locality replaced? */ -+ if (fixed_subject) { -+ X509_NAME *tmp; -+ -+ sk_X509_CRL_free(ret); -+ ret = pv_X509_STORE_CTX_get1_crls(ctx, fixed_subject); -+ if (ret && sk_X509_CRL_num(ret) > 0) -+ return g_steal_pointer(&ret); -+ -+ /* Workaround to fix the ordering mismatch between issuer name -+ * of the IBM signing CRLs and the IBM signing key subject name. -+ */ -+ tmp = fixed_subject; -+ fixed_subject = pv_c2b_name(fixed_subject); -+ X509_NAME_free(tmp); -+ sk_X509_CRL_free(ret); -+ ret = pv_X509_STORE_CTX_get1_crls(ctx, fixed_subject); -+ if (ret && sk_X509_CRL_num(ret) > 0) -+ return g_steal_pointer(&ret); -+ X509_NAME_free(fixed_subject); -+ fixed_subject = NULL; -+ } -+ -+ /* Workaround to fix the ordering mismatch between issuer name of the -+ * IBM signing CRLs and the IBM signing key subject name. -+ */ -+ fixed_subject = pv_c2b_name(subject); -+ sk_X509_CRL_free(ret); -+ ret = pv_X509_STORE_CTX_get1_crls(ctx, fixed_subject); -+ if (ret && sk_X509_CRL_num(ret) > 0) -+ return g_steal_pointer(&ret); -+ -+ g_set_error(err, PV_CERT_ERROR, PV_CERT_ERROR_NO_CRL, _("no CRL found")); -+ return NULL; -+} -+ - /* Given a certificate @cert try to find valid revocation lists in @ctx. If no - * valid CRL was found NULL is returned. - */ -@@ -1412,21 +1476,9 @@ STACK_OF_X509_CRL *pv_store_ctx_find_val - return NULL; - } - -- ret = pv_X509_STORE_CTX_get1_crls(ctx, subject); -- if (!ret) { -- /* Workaround to fix the mismatch between issuer name of the -- * IBM Z signing CRLs and the IBM Z signing key subject name. -- */ -- g_autoptr(X509_NAME) broken_subject = pv_c2b_name(subject); -- -- ret = pv_X509_STORE_CTX_get1_crls(ctx, broken_subject); -- if (!ret) { -- g_set_error(error, PV_CERT_ERROR, PV_CERT_ERROR_NO_CRL, _("no CRL found")); -- g_info("ERROR: %s", (*error)->message); -- return NULL; -- } -- } -- -+ ret = quirk_X509_STORE_ctx_get1_crls(ctx, subject, error); -+ if (!ret) -+ return NULL; - /* Filter out non-valid CRLs for @cert */ - for (int i = 0; i < sk_X509_CRL_num(ret); i++) { - X509_CRL *crl = sk_X509_CRL_value(ret, i); diff --git a/s390-tools-sles15sp6-04-pvattest-Fix-root-ca-parsing.patch b/s390-tools-sles15sp6-04-pvattest-Fix-root-ca-parsing.patch deleted file mode 100644 index f584399..0000000 --- a/s390-tools-sles15sp6-04-pvattest-Fix-root-ca-parsing.patch +++ /dev/null @@ -1,25 +0,0 @@ -Index: s390-tools-service/pvattest/src/argparse.c -=================================================================== ---- s390-tools-service.orig/pvattest/src/argparse.c -+++ s390-tools-service/pvattest/src/argparse.c -@@ -190,13 +190,13 @@ static gboolean hex_str_toull(const char - } - - /* NOTE REQUIRED */ --#define _entry_root_ca(__arg_data, __indent) \ -- { \ -- .long_name = "root-ca", .short_name = 0, .flags = G_OPTION_FLAG_NONE, \ -- .arg = G_OPTION_ARG_FILENAME_ARRAY, .arg_data = __arg_data, \ -- .description = "Use FILE as the trusted root CA instead the\n" __indent \ -- "root CAs that are installed on the system (optional).\n", \ -- .arg_description = "FILE", \ -+#define _entry_root_ca(__arg_data, __indent) \ -+ { \ -+ .long_name = "root-ca", .short_name = 0, .flags = G_OPTION_FLAG_NONE, \ -+ .arg = G_OPTION_ARG_FILENAME, .arg_data = __arg_data, \ -+ .description = "Use FILE as the trusted root CA instead the\n" __indent \ -+ "root CAs that are installed on the system (optional).\n", \ -+ .arg_description = "FILE", \ - } - - /* NOTE REQUIRED */ diff --git a/s390-tools-sles15sp6-genprotimg-makefile.patch b/s390-tools-sles15sp6-genprotimg-makefile.patch deleted file mode 100644 index 3d0ad08..0000000 --- a/s390-tools-sles15sp6-genprotimg-makefile.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 0748d365a60477c96cb9f6a12e9dbe547d549e1f Mon Sep 17 00:00:00 2001 -From: Marc Hartmayer -Date: Tue, 12 Mar 2024 09:33:19 +0000 -Subject: [PATCH] genprotimg/**/Makefile: Fix staged installs - -Fix the support for staged installs. The Makefile variable `PKGDATADIR` -uses `DESTDIR` for all Makefile target, but actually it should only be -used for the `install*` and `uninstall*` targets. [1] Fix this by using -`DESTDIR` only for `install*` targets - uninstall* targets are not -supported by s390-tools. - -Before this change, if `DESTDIR` was set for staged installs, -`genprotimg` has tried to find the bootloader binaries at the temporary -installation path `$DESTDIR$(TOOLS_DATADIR)/genprotimg/` instead of -`$(TOOLS_DATADIR)/genprotimg`. - -[1] https://www.gnu.org/prep/standards/html_node/DESTDIR.html - -Fixes: 65b9fc442c1a ("genprotimg: introduce new tool for the creation of PV images") -Reviewed-by: Steffen Eiden -Signed-off-by: Marc Hartmayer -Signed-off-by: Steffen Eiden ---- - genprotimg/Makefile | 6 +++--- - genprotimg/boot/Makefile | 8 ++++---- - genprotimg/src/Makefile | 2 +- - 3 files changed, 8 insertions(+), 8 deletions(-) - -diff --git a/genprotimg/Makefile b/genprotimg/Makefile -index 8c9f7048..6a2e37e4 100644 ---- a/genprotimg/Makefile -+++ b/genprotimg/Makefile -@@ -3,7 +3,7 @@ include ../common.mak - - .DEFAULT_GOAL := all - --PKGDATADIR := "$(DESTDIR)$(TOOLS_DATADIR)/genprotimg" -+PKGDATADIR := "$(TOOLS_DATADIR)/genprotimg" - TESTS := - SUBDIRS := boot src man - RECURSIVE_TARGETS := all-recursive install-recursive clean-recursive -@@ -11,8 +11,8 @@ RECURSIVE_TARGETS := all-recursive install-recursive clean-recursive - all: all-recursive - - install: install-recursive -- $(INSTALL) -d -m 755 "$(PKGDATADIR)" -- $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 samples/check_hostkeydoc "$(PKGDATADIR)" -+ $(INSTALL) -d -m 755 "$(DESTDIR)$(PKGDATADIR)" -+ $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 samples/check_hostkeydoc "$(DESTDIR)$(PKGDATADIR)" - - clean: clean-recursive - -diff --git a/genprotimg/boot/Makefile b/genprotimg/boot/Makefile -index 799df9cc..73f3c9a8 100644 ---- a/genprotimg/boot/Makefile -+++ b/genprotimg/boot/Makefile -@@ -7,7 +7,7 @@ DEBUG_FILES := $(addsuffix .debug,$(FILES)) - ifeq ($(HOST_ARCH),s390x) - ZIPL_DIR := $(rootdir)/zipl - ZIPL_BOOT_DIR := $(ZIPL_DIR)/boot --PKGDATADIR := $(DESTDIR)$(TOOLS_DATADIR)/genprotimg -+PKGDATADIR := $(TOOLS_DATADIR)/genprotimg - - INCLUDE_PATHS := $(ZIPL_BOOT_DIR) $(ZIPL_DIR)/include $(rootdir)/include - INCLUDE_PARMS := $(addprefix -I,$(INCLUDE_PATHS)) -@@ -86,9 +86,9 @@ stage3b.elf: head.o $(ZIPL_OBJS) - @chmod a-x $@ - - install: stage3a.bin stage3b_reloc.bin -- $(INSTALL) -d -m 755 "$(PKGDATADIR)" -- $(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 stage3a.bin "$(PKGDATADIR)" -- $(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 stage3b_reloc.bin "$(PKGDATADIR)" -+ $(INSTALL) -d -m 755 "$(DESTDIR)$(PKGDATADIR)" -+ $(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 stage3a.bin "$(DESTDIR)$(PKGDATADIR)" -+ $(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 stage3b_reloc.bin "$(DESTDIR)$(PKGDATADIR)" - - else - # Don't generate the dependency files (see `common.mak` for the -diff --git a/genprotimg/src/Makefile b/genprotimg/src/Makefile -index 08734bff..d447e6cf 100644 ---- a/genprotimg/src/Makefile -+++ b/genprotimg/src/Makefile -@@ -3,7 +3,7 @@ include ../../common.mak - - bin_PROGRAM = genprotimg - --PKGDATADIR ?= "$(DESTDIR)$(TOOLS_DATADIR)/genprotimg" -+PKGDATADIR ?= "$(TOOLS_DATADIR)/genprotimg" - SRC_DIR := $(dir $(realpath $(firstword $(MAKEFILE_LIST)))) - TOP_SRCDIR := $(SRC_DIR)/../ - ROOT_DIR = $(TOP_SRC_DIR)/../../ - diff --git a/s390-tools-sles15sp6-kdump-initrd-59-zfcp-compat-rules.patch b/s390-tools-sles15sp6-kdump-initrd-59-zfcp-compat-rules.patch index ed5f356..740ced7 100644 --- a/s390-tools-sles15sp6-kdump-initrd-59-zfcp-compat-rules.patch +++ b/s390-tools-sles15sp6-kdump-initrd-59-zfcp-compat-rules.patch @@ -12,8 +12,12 @@ and the symlink not created in the kdump environment. Fix this by including 59-zfcp-compat.rules in the kdump initrd. ---- a/zdev/dracut/95zdev-kdump/module-setup.sh 2024-02-21 15:57:33.027658387 +0100 -+++ b/zdev/dracut/95zdev-kdump/module-setup.sh 2024-02-21 15:57:38.215675799 +0100 +--- + zdev/dracut/95zdev-kdump/module-setup.sh | 1 + + 1 file changed, 1 insertion(+) + +--- a/zdev/dracut/95zdev-kdump/module-setup.sh ++++ b/zdev/dracut/95zdev-kdump/module-setup.sh @@ -78,6 +78,7 @@ inst_multiple /lib/s390-tools/zdev-from-dasd_mod.dasd @@ -21,4 +25,4 @@ Fix this by including 59-zfcp-compat.rules in the kdump initrd. + inst_rules "59-zfcp-compat.rules" # Obtain kdump target device configuration - + diff --git a/s390-tools.changes b/s390-tools.changes index 425aa92..f2a82f2 100644 --- a/s390-tools.changes +++ b/s390-tools.changes @@ -1,3 +1,84 @@ +------------------------------------------------------------------- +Tue Nov 5 15:26:42 UTC 2024 - Nikolay Gueorguiev + +- Amended the *_configure scripts to update again the SUSE's specific file + '/boot/zipl/active_devices.txt' (bsc#1232474, bsc#1216257) + * ctc_configure + * dasd_configure + * qeth_configure + * zfcp_host_configure + +------------------------------------------------------------------- +Tue Nov 5 13:04:20 UTC 2024 - Nikolay Gueorguiev + +* Upgrade s390-tools to version 2.35 (jsc#PED-9591, jsc#PED-10303) +* Changes of existing tools: + - cpacfstats: Add support for FULL XTS (MSA 10) and HMAC (MSA 11) PAI counter + - cpuplugd: Make cpuplugd compatible with hiperdispatch + - dbginfo.sh: Add network sockstat info + - pvapconfig: s390x exclusive build + - zdev: Add option to select IPL device + - zdump/dfo_s390: Support s390 DFO for vr-kernel dumps + - zipl: Add support of mirror devices +* Bug Fixes: + - (genprotimg|zipl)/boot: discard .note.package ELF section to save memory + - netboot/mk-s390image: Fix size when argument is a symlink + - ziorep_config: Fix warning message when multipath device is not there. + - zipl: Fix problems when target parameters are specified by user + - zipl: Fix segfault when creating device-based dumps with '--dry-run' +*** v2.34.0 +* Changes of existing tools: + - ap_tools/ap-check: Add support for vfio-ap dynamic configuration + - dbginfo.sh: Update/Add additional DASD data collection + - dumpconf: Add new parameter 'SCP_DATA' for SCSI/NVMe/ECKD dump devices + - libutil: Make formatted meta-data configurable + - s390-tools: Replace 'which' with built-in 'command -v' + - zdump/dfi_elf: Support core dumps of vr-kernels +* Bug Fixes: + - chzdev: Fix warning about failed ATTR writes by udev + - rust/pv: Try again if first CRL-URI is invalid + - rust/pvattest: Add short option for --arpk + - zdump: Fix 'zgetdump -i' ioctl error on s390 formatted dump file +*** v2.33.1 +* Bug Fixes: + - s390-tools: Fix formatting and typos in README.md + - s390-tools: Fix release string +*** v2.33.0 +* Add new tools / libraries: + - chpstat: New tool for displaying channel path statistics + - libutil: Add output format helpers(util_fmt: JSON, JSON-SEQ, CSV, text pairs) +* Changes of existing tools / libraries: + - chzdev: Add --is-owner to identify files created by zdev + - dasdfmt: Change default mode to always use full-format (Note: affects ESE DASD) + - libap: Significantly reduce delay time between file lock retries + - pvattest: Rewrite from C to Rust + - pvattest: Support additional data & user-data + - rust/pv: Support for Attestation +* Bug Fixes: + - chreipl: Improve disk type detection when running under QEMU + - dbginfo.sh: Use POSIX option with uname + - s390-tools: Fix missing hyphen escapes in the man page for many tools + - zipl/src: Fix bugs in disk_get_info() reproducible in corner cases + *** v2.32.0 +* Changes of existing tools: + - cpumf/lscpumf: add support for machine type 3932 + - genprotimg, pvattest, and pvsecret accept IBM signing key with Armonk as + subject locality + - zdump/zipl: Support for List-Directed dump from ECKD DASD + - zkey: Detect FIPS mode and generate PBKDF for luksFormat according to it +* Bug Fixes: + - dbginfo.sh: dash compatible copy sequence + - rust/pv_core: Fix UvDeviceInfo::get() method + - zipl/src: Fix leak of files if run with a broken configuration + - zkey: Fix convert command to accept only keys of type CCA-AESDATA +* Revendored vendor.tar.gz +* Removed obsolete patches + - s390-tools-sles15sp6-genprotimg-makefile.patch + - s390-tools-sles15sp5-01-rust-pv-support-Armonk-in-IBM-signing-key-subject.patch + - s390-tools-sles15sp6-02-genprotimg-support-Armonk-in-IBM-signing-key-subject.patch + - s390-tools-sles15sp6-03-libpv-support-Armonk-in-IBM-signing-key-subject.patch + - s390-tools-sles15sp6-04-pvattest-Fix-root-ca-parsing.patch + ------------------------------------------------------------------- Thu Jul 11 14:56:34 UTC 2024 - Nikolay Gueorguiev diff --git a/s390-tools.spec b/s390-tools.spec index 9b1047e..b5bad4a 100644 --- a/s390-tools.spec +++ b/s390-tools.spec @@ -33,7 +33,7 @@ %endif Name: s390-tools -Version: 2.31.0 +Version: 2.35.0 Release: 0 Summary: S/390 tools like zipl and dasdfmt for s390x (plus selected tools for x86_64) License: MIT @@ -153,13 +153,8 @@ Patch910: s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.p Patch911: s390-tools-sles15sp5-remove-no-pie-link-arguments.patch Patch912: s390-tools-ALP-zdev-live.patch Patch913: s390-tools-sles15sp6-kdump-initrd-59-zfcp-compat-rules.patch -Patch914: s390-tools-sles15sp6-genprotimg-makefile.patch -Patch915: s390-tools-slfo-01-parse-ipl-device-for-activation.patch -### SE-tooling: New IBM host-key subject locality (s390-tools) -Patch916: s390-tools-sles15sp5-01-rust-pv-support-Armonk-in-IBM-signing-key-subject.patch -Patch917: s390-tools-sles15sp6-02-genprotimg-support-Armonk-in-IBM-signing-key-subject.patch -Patch918: s390-tools-sles15sp6-03-libpv-support-Armonk-in-IBM-signing-key-subject.patch -Patch919: s390-tools-sles15sp6-04-pvattest-Fix-root-ca-parsing.patch +### Patch only for SLFO +Patch914: s390-tools-slfo-01-parse-ipl-device-for-activation.patch ### BuildRequires: curl-devel @@ -184,6 +179,7 @@ BuildRequires: zlib-devel-static ### s390x %ifarch s390x BuildRequires: kernel-zfcpdump +BuildRequires: perl-Bootloader >= 0.4.15 BuildRequires: qclib-devel-static %endif ### Cargo @@ -232,9 +228,11 @@ zgetdump - tool to get linux system dumps from DASD genprotimg - create a protected virtualization image pvattest - create, perform, and verify protected virtualization attestation measurements pvsecret - manage secrets for IBM Secure Execution guests. -pvapconfig - used to automatically set up the AP configuration within an IBM Secure Execution guest. -Note: Auxiliary data package - s390-tools-genprotimg-data +Warning: There is an auxiliary data package - s390-tools-genprotimg-data. + To install s390-tools properly, please use: + 'sudo zypper install s390-tools s390-tools-genprotimg-data' + %package -n osasnmpd Summary: OSA-Express SNMP subagent diff --git a/vendor.tar.gz b/vendor.tar.gz index 6a10e06..4af5458 100644 --- a/vendor.tar.gz +++ b/vendor.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:9ec5f811538c55052a6167b51fa11da135ae2f84db0b927b2a1c2e447ded3fe1 -size 39176578 +oid sha256:13ce3050d9af81c9d01c73fd54d4932bdcb1d7349336654880a4c9393863e899 +size 43462501 diff --git a/zfcp_host_configure b/zfcp_host_configure index db5036c..047560b 100644 --- a/zfcp_host_configure +++ b/zfcp_host_configure @@ -38,6 +38,14 @@ debug_mesg () { esac } +add_cio_channel() { + echo "$* # ${DATE}" >> /boot/zipl/active_devices.txt +} + +remove_cio_channel() { + [ -w /boot/zipl/active_devices.txt ] && sed -i -e "/^${1}/d" /boot/zipl/active_devices.txt +} + usage(){ echo "Usage: ${0} " echo " ccwid = x.y.ssss where" @@ -80,3 +88,8 @@ RC=${?} if [ ${RC} -ne 0 ]; then exit ${RC} fi + +if [ ${ON_OFF} == 1 ]; then + add_cio_channel "${CCW_CHAN_ID}" +else remove_cio_channel "${CCW_CHAN_ID}" +fi