Accepting request 482462 from Base:System

Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/482462
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dracut?expand=0&rev=105

0314-nfs_do_not_pass_ifname_for_bonding_devices.patch

@@ -0,0 +1,16 @@
+Index: dracut-044/modules.d/95nfs/module-setup.sh
+===================================================================
+--- dracut-044.orig/modules.d/95nfs/module-setup.sh	2016-12-07 11:46:32.799438777 +0100
++++ dracut-044/modules.d/95nfs/module-setup.sh	2016-12-07 11:46:33.519479687 +0100
+@@ -57,7 +57,10 @@ cmdline() {
+         nfs_address=${lookup##* }
+     fi
+     ifname=$(ip -o route get to $nfs_address | sed -n 's/.*dev \([^ ]*\).*/\1/p')
+-    if [ -e /sys/class/net/$ifname/address ] ; then
++    if [ -d /sys/class/net/$ifname/bonding ]; then
++        dinfo "Found bonded interface '${ifname}'. Make sure to provide an appropriate 'bond=' cmdline."
++        return
++    elif [ -e /sys/class/net/$ifname/address ] ; then
+         ifmac=$(cat /sys/class/net/$ifname/address)
+         printf 'ifname=%s:%s ' ${ifname} ${ifmac}
+     fi

0509-01fips-Remove-zlib-module-as-requirement.patch

@@ -0,0 +1,27 @@
+From 17eff2759ab2d5e3622864fb06a7657c7f95bfd3 Mon Sep 17 00:00:00 2001
+From: Daniel Molkentin <dmolkentin@suse.com>
+Date: Wed, 1 Mar 2017 11:43:39 +0100
+Subject: [PATCH] 01fips: Remove zlib module as requirement
+
+zlib has been removed from the upstream kernel, affecting SLE12SP3.
+This patch must not be backported to SLE12SP2 and earlier (bsc#1020063).
+---
+ modules.d/01fips/module-setup.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh
+index 0bca7a1..e29af08 100755
+--- a/modules.d/01fips/module-setup.sh
++++ b/modules.d/01fips/module-setup.sh
+@@ -17,7 +17,7 @@ installkernel() {
+     _fipsmodules+="ctr cts deflate drbg "
+     _fipsmodules+="ecb fcrypt gcm ghash_generic khazad md4 michael_mic rmd128 "
+     _fipsmodules+="rmd160 rmd256 rmd320 seed "
+-    _fipsmodules+="sha512_generic tcrypt tea wp512 xts zlib "
++    _fipsmodules+="sha512_generic tcrypt tea wp512 xts "
+     _fipsmodules+="aes_s390 des_s390 sha256_s390 ghash_s390 sha1_s390 sha512_s390 "
+     _fipsmodules+="gf128mul "
+     _fipsmodules+="cmac vmac xcbc salsa20_generic salsa20_x86_64 camellia_generic camellia_x86_64 pcbc tgr192 anubis "
+-- 
+2.10.2
+

0510-01fips-Some-modules-use-separators-other-than.patch

@@ -0,0 +1,39 @@
+From e8804fc3d2052000d66661ced4a03103e0176e63 Mon Sep 17 00:00:00 2001
+From: Daniel Molkentin <dmolkentin@suse.com>
+Date: Tue, 7 Mar 2017 11:51:17 +0100
+Subject: [PATCH] 01fips: Some modules use separators other than "-"
+
+We need to account for that in our exception list
+of modules that are fine to fail. This only happened
+on non-Intel machines, because the intel modules
+use "_" as separator.
+
+Original-Patch-By: Marcus Meissner <meissner@suse.de>
+Reference: bsc#1021687
+---
+ modules.d/01fips/fips.sh | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh
+index 055093a..30f53b4 100755
+--- a/modules.d/01fips/fips.sh
++++ b/modules.d/01fips/fips.sh
+@@ -105,11 +105,11 @@ do_fips()
+                 # If we find some hardware specific modules and cannot load them
+                 # it is not a problem, proceed.
+                 if [ "$_found" = "0" ]; then
+-                    if [    "$_module" != "${_module%-intel}"   \
+-                        -o  "$_module" != "${_module%-ssse3}"   \
+-                        -o  "$_module" != "${_module%-x86_64}"  \
++                    if [    "$_module" != "${_module%intel}"    \
++                        -o  "$_module" != "${_module%ssse3}"    \
++                        -o  "$_module" != "${_module%x86_64}"   \
+                         -o  "$_module" != "${_module%z90}"      \
+-                        -o  "$_module" != "${_module%s390}"      \
++                        -o  "$_module" != "${_module%s390}"     \
+                     ]; then
+                         _found=1
+                     fi
+-- 
+2.10.2
+

0511-01fips-ensure-fips-initialization-succeeds-on-s390-x.patch

@@ -0,0 +1,50 @@
+From d31f6dc51b26ac4110b2e5357a46f9b74ebd80e2 Mon Sep 17 00:00:00 2001
+From: Daniel Molkentin <dmolkentin@suse.com>
+Date: Wed, 15 Mar 2017 11:59:28 +0100
+Subject: [PATCH] 01fips: ensure fips initialization succeeds on s390(x)
+
+More modules are x86_64 only but are not matchable
+by the generic postfix checks. Others are helper modules
+that are not strictly needed on all platforms. Ensure
+we pass FIPS init without them.
+
+Finally, cbc is not always compiled into the kernel -- try
+adding as a module.
+
+Relates-to: e8804fc3d2052000d66661ced4a03103e0176e63
+Reference: bsc#1021687
+---
+ modules.d/01fips/fips.sh         | 3 +++
+ modules.d/01fips/module-setup.sh | 2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh
+index 30f53b4..a005b0f 100755
+--- a/modules.d/01fips/fips.sh
++++ b/modules.d/01fips/fips.sh
+@@ -110,6 +110,9 @@ do_fips()
+                         -o  "$_module" != "${_module%x86_64}"   \
+                         -o  "$_module" != "${_module%z90}"      \
+                         -o  "$_module" != "${_module%s390}"     \
++                        -o  "$_module" == "twofish_x86_64_3way" \
++                        -o  "$_module" == "ablk_helper"         \
++                        -o  "$_module" == "glue_helper"         \
+                     ]; then
+                         _found=1
+                     fi
+diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh
+index e29af08..beeb2f6 100755
+--- a/modules.d/01fips/module-setup.sh
++++ b/modules.d/01fips/module-setup.sh
+@@ -23,7 +23,7 @@ installkernel() {
+     _fipsmodules+="cmac vmac xcbc salsa20_generic salsa20_x86_64 camellia_generic camellia_x86_64 pcbc tgr192 anubis "
+     _fipsmodules+="cast6_generic cast5_generic cast_common sha512_ssse3 serpent_sse2_x86_64 serpent_generic twofish_generic "
+     _fipsmodules+="ablk_helper cryptd twofish_x86_64_3way lrw glue_helper twofish_x86_64 twofish_common blowfish_generic "
+-    _fipsmodules+="blowfish_x86_64 blowfish_common des_generic "
++    _fipsmodules+="blowfish_x86_64 blowfish_common des_generic cbc "
+ 
+     mkdir -m 0755 -p "${initdir}/etc/modprobe.d"
+ 
+-- 
+2.10.2
+

dracut-installkernel

@@ -64,8 +64,8 @@ if [ -f $INSTALL_PATH/System.map-$KERNEL_VERSION ]; then
 fi
 
 
-if [ -f $INSTALL_PATH/$CONFIGFILE ]; then
-    mv $INSTALL_PATH/$CONFIGFILE \
+if [ -f .config ] && [ -f $INSTALL_PATH/$CONFIGFILE ]; then
+    mv -v $INSTALL_PATH/$CONFIGFILE \
         $INSTALL_PATH/$CONFIGFILE.old;
 fi
 
@@ -75,7 +75,7 @@ fi
 
 cp -fp $BOOTIMAGE $INSTALL_PATH/$BOOTFILE-$KERNEL_VERSION
 cp -fp $MAPFILE $INSTALL_PATH/System.map-$KERNEL_VERSION
-cp -fp .config $INSTALL_PATH/$CONFIGFILE
+[ -f .config] && cp -fp .config $INSTALL_PATH/$CONFIGFILE
 
 
 # If the kernel has module support, recreate modules.dep using depmod

dracut.changes

@@ -1,3 +1,33 @@
+-------------------------------------------------------------------
+Fri Mar 17 10:09:57 UTC 2017 - daniel.molkentin@suse.com
+
+- 01fips: Make init on non-x86_64, specifically s390x, pass (bsc#1021687)
+  * add 0510-01fips-Some-modules-use-separators-other-than.patch
+  * add 0511-01fips-ensure-fips-initialization-succeeds-on-s390-x.patch 
+
+-------------------------------------------------------------------
+Thu Mar 16 11:45:01 UTC 2017 - daniel.molkentin@suse.com
+
+- installkernel: handle make bin-rpmpkg (bsc#1008648)
+
+-------------------------------------------------------------------
+Thu Mar  2 15:06:01 UTC 2017 - daniel.molkentin@suse.com
+
+- Do not pass ifname for bonding devices (bsc#995812)
+  * add 0314-nfs_do_not_pass_ifname_for_bonding_devices.patch
+
+-------------------------------------------------------------------
+Thu Mar  2 15:03:26 UTC 2017 - daniel.molkentin@suse.com
+
+- Find devices by path for S390x (bsc#915218)
+  * add s390x_persistent_device.conf
+
+-------------------------------------------------------------------
+Wed Mar  1 13:24:19 UTC 2017 - daniel.molkentin@suse.com
+
+- 01fips: Remove zlib module as requirement (bsc#1020063)
+  * add 0509-01fips-Remove-zlib-module-as-requirement.patch
+
 -------------------------------------------------------------------
 Wed Feb  8 16:55:16 UTC 2017 - daniel.molkentin@suse.com
 

dracut.spec

@@ -32,6 +32,7 @@ Source4:        purge-kernels
 Source5:        purge-kernels.service
 Source6:        dracut-installkernel
 Source7:        99-debug.conf
+Source8:        s390x_persistent_device.conf
 
 #Network:
 Patch12:        0012-40network-Fix-race-condition-when-wait-for-networks.patch
@@ -92,6 +93,9 @@ Patch126:       0126-01fips-Add-drbg-module-to-force-loaded-modules.patch
 Patch137:       0137-Switch-from-Mozilla-NSS-sha256hmac-checking-to-fipsc.patch
 Patch138:       0138-fips_add_aesni-intel.patch
 Patch139:       0139-fips-kernel-4.4-fixes.patch
+Patch509:       0509-01fips-Remove-zlib-module-as-requirement.patch
+Patch510:       0510-01fips-Some-modules-use-separators-other-than.patch
+Patch511:       0511-01fips-ensure-fips-initialization-succeeds-on-s390-x.patch
 
 # Others
 Patch20:        0020-00warpclock-Set-correct-timezone.patch
@@ -164,6 +168,7 @@ Patch310:       0310-95resume-Do-not-resume-on-iSCSI.patch
 Patch311:       0311-95iscsi-ip-ibft-is-deprecated.patch
 Patch312:       0312-40network-Do-not-print-message-about-tmp-net.ibft0.c.patch
 Patch313:       0313-90mdraid-Use-stock-MD-rules-to-assemble-RAID-arrays.patch
+Patch314:       0314-nfs_do_not_pass_ifname_for_bonding_devices.patch
 
 # New features/improvements
 Patch402:       0402-driver-fail-summary.patch
@@ -376,6 +381,7 @@ chmod a+x modules.d/91zipl/install_zipl_cmdline.sh
 %patch311 -p1
 %patch312 -p1
 %patch313 -p1
+%patch314 -p1
 
 %patch402 -p1
 %patch403 -p1
@@ -397,6 +403,9 @@ chmod a+x modules.d/91zipl/install_zipl_cmdline.sh
 %patch506 -p1
 %patch507 -p1
 %patch508 -p1
+%patch509 -p1
+%patch510 -p1
+%patch511 -p1
 
 %build
 %configure\
@@ -433,6 +442,10 @@ touch %{buildroot}%{_localstatedir}/log/dracut.log
 install -D -m 0644 dracut.conf.d/suse.conf.example %{buildroot}/usr/lib/dracut/dracut.conf.d/01-dist.conf
 install -m 0644 %{SOURCE7} %{buildroot}%{_sysconfdir}/dracut.conf.d/99-debug.conf
 install -m 0644 dracut.conf.d/fips.conf.example %{buildroot}%{_sysconfdir}/dracut.conf.d/40-fips.conf
+# bsc#915218
+%ifarch s390 s390x
+install -m 0644 %{SOURCE8} %{buildroot}%{_sysconfdir}/dracut.conf.d/10-s390x_persistent_device.conf
+%endif
 
 %ifarch %ix86 x86_64
 echo 'early_microcode="yes"' > %{buildroot}%{_sysconfdir}/dracut.conf.d/02-early-microcode.conf

s390x_persistent_device.conf

@@ -0,0 +1,10 @@
+# Set persistent policy by-path on s390 platforms, to prevent
+# the system from hanging during the boot when vDISKs are used
+# as swap devices (bsc#915218).
+#
+# Indeed, they are required to be present early in the boot
+# process to possibly resume the system. However, since
+# they are cleared after logoff/logon and the UUID will likely
+# change after reinitialization, these will not be found with
+# the default by-uuid policy.
+persistent_policy=by-path