Accepting request 495621 from Kernel:kdump

1 OBS-URL: https://build.opensuse.org/request/show/495621 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/kdump?expand=0&rev=87
2017-05-20 08:11:27 +00:00 · 2017-05-20 08:11:27 +00:00 · ffe69a5859
commit ffe69a5859
parent cff5bebf5d d58c1277f3
9 changed files with 435 additions and 0 deletions
--- a/kdump-KDUMP_SSH_IDENTITY-cfg.patch
+++ b/kdump-KDUMP_SSH_IDENTITY-cfg.patch
@ -0,0 +1,32 @@
+Date: Tue May 16 13:30:14 2017 +0200
+From: Petr Tesarik <ptesarik@suse.com>
+Subject: Add KDUMP_SSH_IDENTITY to the config file template
+References: FATE#321583
+Git-commit: c257bdb31fa65133fe3a380b09e61566fefef4fe
+Upstream: v0.8.17
+
+Also put the new option to the config file template, so it can be
+modified using the standard /etc/sysconfig editor.
+
+Signed-off-by: Petr Tesarik <ptesarik@suse.com>
+
+---
+ sysconfig.kdump.in |   10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/sysconfig.kdump.in
+++ b/sysconfig.kdump.in
+@@ -383,3 +383,13 @@ KDUMP_NOTIFICATION_CC=""
+ #
+ # See also: kdump(5)
+ KDUMP_HOST_KEY=""
+
+## Type:        string
+## Default:     ""
+## ServiceRestart:	kdump
+#
+# List of SSH identity files for public key authentication. If empty, kdump
+# will try all standard OpenSSH identities for the 'root' user.
+#
+# See also: kdump(5)
+KDUMP_SSH_IDENTITY=""
--- a/kdump-KDUMP_SSH_IDENTITY.patch
+++ b/kdump-KDUMP_SSH_IDENTITY.patch
@ -0,0 +1,96 @@
+Date: Tue May 16 13:23:49 2017 +0200
+From: Petr Tesarik <ptesarik@suse.com>
+Subject: Add KDUMP_SSH_IDENTITY config option
+References: FATE#321583
+Git-commit: 3e7e5f020024eed5c6d944e0ff9554772cbdb896
+Upstream: v0.8.17
+
+Make the SSH private file configurable.
+
+Signed-off-by: Petr Tesarik <ptesarik@suse.com>
+
+---
+ doc/man/kdump.5.txt.in     |    9 +++++++++
+ init/setup-kdump.functions |   37 ++++++++++++++++++++++++++-----------
+ kdumptool/define_opt.h     |    1 +
+ 3 files changed, 36 insertions(+), 11 deletions(-)
+
+--- a/doc/man/kdump.5.txt.in
+++ b/doc/man/kdump.5.txt.in
+@@ -643,7 +643,16 @@ Example (broken into lines for readabili
+ 
+ Default: ""
+ 
+KDUMP_SSH_IDENTITY
+~~~~~~~~~~~~~~~~~~
+ 
+List of SSH identity files for public key authentication. If empty, kdump
+will try all standard OpenSSH identities for the 'root' user (rsa, dsa,
+ecdsa, ed25519, in this order).
+
+Example: "/root/.ssh/id_kdump_rsa"
+
+Default: ""
+ 
+ URL FORMAT
+ ----------
+--- a/init/setup-kdump.functions
+++ b/init/setup-kdump.functions
+@@ -935,6 +935,27 @@ function kdump_modify_multipath()
+ }									   # }}}
+ 
+ #
+# Copy SSH identity file(s) and update the target config file
+# Parameters:
+#   1) dest: root of the temporary area
+function kdump_copy_ssh_ident()						   # {{{
+{
+    local dest="$1"
+    local ssh_conf="$dest/kdump/.ssh/config"
+    local f
+
+    shift
+    for f in "$@"; do
+	test -f "$f" || continue
+
+        cp "$f" "${dest}/kdump/.ssh/"
+	test -f "${f}.pub" && cp "${f}.pub" "${dest}/kdump/.ssh/"
+	test -f "${f}-cert.pub" && cp "${f}-cert.pub" "${dest}/kdump/.ssh/"
+	echo "IdentityFile ${f}" >> "$ssh_conf"
+    done
+}									   # }}}
+
+#
+ # Copy SSH keys and create a config file in the target
+ # Parameters:
+ #   1) dest: root of the temporary area
+@@ -952,17 +973,11 @@ function kdump_init_ssh()						   # {{{
+     echo "StrictHostKeyChecking yes" >> "$ssh_conf"
+     echo "UserKnownHostsFile /kdump/.ssh/known_hosts" >> "$ssh_conf"
+ 
+-    local type
+-    for type in rsa dsa ecdsa ed25519
+-    do
+-	if [ -f /root/.ssh/id_${type} -a -f /root/.ssh/id_${type}.pub ] ; then
+-            cp /root/.ssh/id_${type}{,.pub} "${dest}/kdump/.ssh/"
+-	    if [ -f /root/.ssh/id_${type}-cert.pub ] ; then
+-		cp /root/.ssh/id_${type}-cert.pub "${dest}/kdump/.ssh/"
+-	    fi
+-	    echo "IdentityFile /kdump/.ssh/id_${type}" >> "$ssh_conf"
+-	fi
+-    done
+    if [ -n "$KDUMP_SSH_IDENTITY" ] ; then
+	kdump_copy_ssh_ident "$dest" $KDUMP_SSH_IDENTITY
+    else
+	kdump_copy_ssh_ident "$dest" /root/.ssh/id_{rsa,dsa,ecdsa,ed25519}
+    fi
+ }									   # }}}
+ 
+ #
+--- a/kdumptool/define_opt.h
+++ b/kdumptool/define_opt.h
+@@ -41,3 +41,4 @@ DEFINE_OPT(KDUMP_SMTP_PASSWORD, String,
+ DEFINE_OPT(KDUMP_NOTIFICATION_TO, String, "", DUMP)
+ DEFINE_OPT(KDUMP_NOTIFICATION_CC, String, "", DUMP)
+ DEFINE_OPT(KDUMP_HOST_KEY, String, "", DUMP)
+DEFINE_OPT(KDUMP_SSH_IDENTITY, String, "", MKINITRD)
--- a/kdump-always-pass-kernelver-to-dracut.patch
+++ b/kdump-always-pass-kernelver-to-dracut.patch
@ -0,0 +1,30 @@
+From: Petr Tesarik <ptesarik@suse.cz>
+Subject: Always pass kernel version to dracut
+References: bsc#900418
+Upstream: v0.8.17
+Git-commit: 950e82a515a2e5ea9386e54b51eb60edc09a758e
+
+Dracut does not take a kernel image as its argument, but rather the kernel
+version, but the KERNELVERSION variable is set only if the kernel version
+is explicitly given on the mkdumprd command line.
+
+Signed-off-by: Petr Tesarik <ptesarik@suse.cz>
+
+---
+ init/mkdumprd |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/init/mkdumprd
+++ b/init/mkdumprd
+@@ -123,6 +123,11 @@ function run_dracut()
+     DRACUT_ARGS="--force --hostonly --omit 'plymouth resume usrmount'"
+     DRACUT_ARGS="$DRACUT_ARGS --compress='xz -0 --check=crc32'"
+ 
+    if [ -z "$KERNELVERSION" ]
+    then
+	KERNELVERSION=$(get_kernel_version "$KERNEL")
+    fi
+
+     # add mount points
+     kdump_get_mountpoints || return 1
+     i=0
--- a/kdump-bind-mount-sysroot.patch
+++ b/kdump-bind-mount-sysroot.patch
@ -0,0 +1,43 @@
+From: Petr Tesarik <ptesarik@suse.com>
+Subject: Convert sysroot to a bind mount in kdump initrd
+References: bsc#976864
+Upstream: v0.8.17
+Git-commit: a532a27d0bb7f69fbf89527fb02e8434fdafa147
+
+In SLES 12 SP2, systemd-fstab-generator no longer ignores non-device
+root mounts, so it tries to run an actual mount command for root=kdump.
+This fails, of course, because "kdump" is not mountable.
+
+To solve this, pass "rootflags=bind" to the panic kernel, so systemd
+can create a (bogus) bind mount and be happy.
+
+See also kdump-root-parameter.patch.
+
+Signed-off-by: Petr Tesarik <ptesarik@suse.com>
+---
+ init/load.sh         |    2 +-
+ init/module-setup.sh |    2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/init/load.sh
+++ b/init/load.sh
+@@ -71,7 +71,7 @@ function build_kdump_commandline()
+         # Use deadline for saving the memory footprint
+         commandline="$commandline elevator=deadline sysrq=yes reset_devices acpi_no_memhotplug cgroup_disable=memory"
+         commandline="$commandline irqpoll ${nr_cpus}=${KDUMP_CPUS:-1}"
+-        commandline="$commandline root=kdump rd.udev.children-max=8"
+        commandline="$commandline root=kdump rootflags=bind rd.udev.children-max=8"
+         case $(uname -i) in
+         i?86|x86_64)
+             local boot_apicid=$(
+--- a/init/module-setup.sh
+++ b/init/module-setup.sh
+@@ -123,7 +123,7 @@ kdump_gen_mount_units() {
+ 	echo "${line[@]}" >> "$fstab"
+     done
+ 
+-    echo "root=kdump" > "$initdir/proc/cmdline"
+    echo > "$initdir/proc/cmdline"
+     inst_binary -l \
+ 	"$systemdutildir/system-generators/systemd-fstab-generator" \
+ 	"/tmp/systemd-fstab-generator"
--- a/kdump-no-xen-secondary-kernel.patch
+++ b/kdump-no-xen-secondary-kernel.patch
@ -0,0 +1,74 @@
+From: Petr Tesarik <ptesarik@suse.com>
+Subject: Avoid Xen kernels as kdump kernel
+References: bsc#900418, bsc#974270
+Upstream: v0.8.17
+Git-commit: 5b3a612f79f8a4935cee162e3bc2f72e996f628e
+
+Since Xen kernels cannot run on bare metal, they must be avoided
+as a secondary kernel.
+
+Signed-off-by: Petr Tesarik <ptesarik@suse.com>
+
+---
+ kdumptool/findkernel.cc |   29 ++++++++++++++++++++++++-----
+ 1 file changed, 24 insertions(+), 5 deletions(-)
+
+--- a/kdumptool/findkernel.cc
+++ b/kdumptool/findkernel.cc
+@@ -130,14 +130,33 @@ bool FindKernel::suitableForKdump(const
+         }
+     }
+ 
+    Kconfig *kconfig = kt.retrieveKernelConfig();
+    KconfigValue kv;
+    bool isxen;
+
+    // Avoid Xenlinux kernels, because they do not run on bare metal
+    kv = kconfig->get("CONFIG_X86_64_XEN");
+    isxen = (kv.getType() == KconfigValue::T_TRISTATE &&
+             kv.getTristateValue() == KconfigValue::ON);
+    if (!isxen) {
+        kv = kconfig->get("CONFIG_X86_XEN");
+        isxen = (kv.getType() == KconfigValue::T_TRISTATE &&
+                 kv.getTristateValue() == KconfigValue::ON);
+    }
+    if (isxen) {
+        Debug::debug()->dbg("%s is a Xen kernel. Avoid.",
+            kernelImage.c_str());
+	delete kconfig;
+	return false;
+    }
+
+     if (strict) {
+         string arch = Util::getArch();
+-        Kconfig *kconfig = kt.retrieveKernelConfig();
+ 
+         // avoid large number of CPUs on x86 since that increases
+         // memory size constraints of the capture kernel
+         if (arch == "i386" || arch == "x86_64") {
+-            KconfigValue kv = kconfig->get("CONFIG_NR_CPUS");
+            kv = kconfig->get("CONFIG_NR_CPUS");
+             if (kv.getType() == KconfigValue::T_INTEGER &&
+                     kv.getIntValue() > MAXCPUS_KDUMP) {
+                 Debug::debug()->dbg("NR_CPUS of %s is %d >= %d. Avoid.",
+@@ -148,17 +167,17 @@ bool FindKernel::suitableForKdump(const
+         }
+ 
+         // avoid realtime kernels
+-        KconfigValue kv = kconfig->get("CONFIG_PREEMPT_RT");
+        kv = kconfig->get("CONFIG_PREEMPT_RT");
+         if (kv.getType() != KconfigValue::T_INVALID) {
+             Debug::debug()->dbg("%s is realtime kernel. Avoid.",
+                 kernelImage.c_str());
+             delete kconfig;
+             return false;
+         }
+-
+-        delete kconfig;
+     }
+ 
+    delete kconfig;
+
+     return true;
+ }
+ 
--- a/kdump-pre-generate-mount-units.patch
+++ b/kdump-pre-generate-mount-units.patch
@ -0,0 +1,74 @@
+From: Petr Tesarik <ptesarik@suse.com>
+Subject: Pre-generate kdump mount units
+References: bsc#942895
+Upstream: v0.8.17
+Git-commit: a7e47cdf9cb7db385bc30fce59abce1dc2b5cc11
+
+SUSE version of dracut intentionally modifies the initrd to run
+systemd-fstab-generator only after the root filesystem is mounted.
+This breaks kdump-save.service, because mount units for /kdump/*
+do not yet exist when kdump needs them.
+
+Solve this by pre-generating the required mount units in the primary
+system, so kdump no longer depends on running the fstab generator in
+initrd context.
+
+Note that I had to write a temporary /etc/fstab, because dracut
+creates this file only after all modules have been processed.
+
+Signed-off-by: Petr Tesarik <ptesarik@suse.com>
+---
+ init/module-setup.sh |   35 +++++++++++++++++++++++++++++++++++
+ 1 file changed, 35 insertions(+)
+
+--- a/init/module-setup.sh
+++ b/init/module-setup.sh
+@@ -108,6 +108,39 @@ kdump_cmdline_ip() {
+     esac
+ }
+ 
+kdump_gen_mount_units() {
+    local line
+    local fstab="$initdir/etc/fstab"
+
+    [ -e "$fstab" ] && mv "$fstab" "$fstab.kdumpsave"
+    for line in "${fstab_lines[@]}"
+    do
+	line=($line)
+	[ "${line[1]#/kdump}" = "${line[1]}" ] && continue
+	[ -z "${line[3]}" ] && line[3]="defaults"
+	[ -z "${line[4]}" ] && line[4]="0"
+	[ -z "${line[5]}" ] && line[5]="2"
+	echo "${line[@]}" >> "$fstab"
+    done
+
+    echo "root=kdump" > "$initdir/proc/cmdline"
+    inst_binary -l \
+	"$systemdutildir/system-generators/systemd-fstab-generator" \
+	"/tmp/systemd-fstab-generator"
+    chroot "$initdir" "/tmp/systemd-fstab-generator" \
+	"$systemdsystemunitdir" \
+	"$systemdsystemunitdir" \
+	"$systemdsystemunitdir"
+    rm -f "$initdir/tmp/systemd-fstab-generator"
+    rm -f "$initdir/proc/cmdline"
+
+    if [ -e "$fstab.kdumpsave" ]; then
+	mv "$fstab.kdumpsave" "$fstab"
+    else
+	rm "$fstab"
+    fi
+}
+
+ cmdline() {
+     kdump_cmdline_ip
+ }
+@@ -155,6 +188,8 @@ install() {
+ 	    "$initdir/$systemdsystemunitdir"/kdump-save.service
+ 	ln_r "$systemdsystemunitdir"/kdump-save.service \
+ 	    "$systemdsystemunitdir"/initrd.target.wants/kdump-save.service
+
+	kdump_gen_mount_units
+     else
+ 	[ "$KDUMP_FADUMP" != yes ] && \
+ 	    inst_hook mount 30 "$moddir/mount-kdump.sh"
--- a/kdump-x86_64-kexec-file-syscall.patch
+++ b/kdump-x86_64-kexec-file-syscall.patch
@ -0,0 +1,29 @@
+From: Joey Lee <jlee@suse.com>
+Subject: Use 'kexec -s' on x86_64
+References: FATE#315018, bsc#884453
+Upstream: v0.8.17
+Git-commit: 48162b5fc73d733ce57a27e4f6df7e46cae66684
+
+The kexec(2) system call is disabled if booted with Secure Boot. Tell
+kexec (the utility) to use kexec_file(2) instead on x86_64.
+
+Signed-off-by: Joey Lee <jlee@suse.com>
+
+---
+ init/load.sh |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/init/load.sh
+++ b/init/load.sh
+@@ -135,6 +135,11 @@ function build_kexec_options()
+         options="$options --noio"
+     fi
+ 
+    # add -s on x86_64 for signature verification of kernel
+    if [ "$(uname -i)" = "x86_64" ] ; then
+	options="$options -s"
+    fi
+
+     echo "$options"
+ }
+ 
--- a/kdump.changes
+++ b/kdump.changes
@ -1,3 +1,30 @@
+-------------------------------------------------------------------
+Wed May 17 13:31:11 UTC 2017 - ptesarik@suse.com
+
+- kdump-x86_64-kexec-file-syscall.patch: add -s on x86_64 for
+  signature verification of kernel. (fate#315018, bsc#884453)
+
+-------------------------------------------------------------------
+Wed May 17 13:18:23 UTC 2017 - ptesarik@suse.com
+
+- kdump-bind-mount-sysroot.patch: Convert sysroot to a bind mount
+  in kdump initrd (bsc#976864).
+- kdump-pre-generate-mount-units.patch: Pre-generate kdump mount
+  units (bsc#942895).
+- kdump-always-pass-kernelver-to-dracut.patch: Always pass kernel
+  version to dracut (bsc#900418).
+- kdump-no-xen-secondary-kernel.patch: Avoid Xenlinux (aka
+  traditional, Xenified or SUSE) kernels as kdump kernel
+  (bsc#900418, bsc#974270).
+
+-------------------------------------------------------------------
+Tue May 16 11:31:53 UTC 2017 - ptesarik@suse.com
+
+- kdump-KDUMP_SSH_IDENTITY.patch: Add KDUMP_SSH_IDENTITY config
+  option (FATE#321583).
+- kdump-KDUMP_SSH_IDENTITY-cfg.patch: Add KDUMP_SSH_IDENTITY to the
+  config file template (FATE#321583).
+
 -------------------------------------------------------------------
 Sat Feb 18 14:38:57 CET 2017 - kukuk@suse.de

@ -18,6 +45,22 @@ Wed Oct  5 10:55:39 UTC 2016 - ptesarik@suse.com
 Wed Oct  5 07:53:00 UTC 2016 - ptesarik@suse.com

 - Update to 0.8.16
+  o Improve systemd integration (FATE#319020, bsc#900134,
+    bsc#909515, bsc#936363, bsc#936475, bsc#936489, bsc#942895,
+    bsc#943902, bsc#944606, bsc#947825, bsc#948913).
+  o Use OpenSSH for SSH and SFTP (FATE#318874, bsc#917747).
+  o Improve 'kdumptool calibrate' (FATE#318842, bsc#882082,
+    bsc#947539, bsc#952141, bsc#953732).
+  o Improve network initialization (bsc#943214, bsc#944201,
+    bsc#980328).
+  o Fix FADUMP with systemd (bsc#917846, bsc#923790, bsc#944699).
+  o Fix saving to XFS (bsc#964206).
+  o Use full path to dracut (bsc#989972, bsc#990200,
+    CVE-2016-5759).
+  o Documentation updates (bsc#987862, bsc#997104).
+  o Various smaller fixes (bsc#905690, bsc#927451, bsc#932339,
+    bsc#934581, bsc#941088, bsc#946242, bsc#948956, bsc#951844,
+    bsc#952149, bsc#970708, bsc#973213, bsc#984799, bsc#986081).
 - Drop patches now in mainline:
  o 0001-multipath-Write-proper-regex-into-multipath-conf.patch
  o kdump-add-IPv6-KDUMP_NETCONFIG-modes.patch
--- a/kdump.spec
+++ b/kdump.spec
@ -42,6 +42,13 @@ Url:            https://github.com/ptesarik/kdump
 Source:         %{name}-%{version}.tar.bz2
 Source2:        %{name}-rpmlintrc
 Patch1:         %{name}-cmake-compat.patch
+Patch2:         %{name}-KDUMP_SSH_IDENTITY.patch
+Patch3:         %{name}-KDUMP_SSH_IDENTITY-cfg.patch
+Patch4:         %{name}-no-xen-secondary-kernel.patch
+Patch5:         %{name}-always-pass-kernelver-to-dracut.patch
+Patch6:         %{name}-pre-generate-mount-units.patch
+Patch7:         %{name}-bind-mount-sysroot.patch
+Patch8:         %{name}-x86_64-kexec-file-syscall.patch
 BuildRequires:  asciidoc
 BuildRequires:  cmake
 BuildRequires:  gcc-c++
@ -102,6 +109,13 @@ after a crash dump has occured.
 %prep
 %setup -q
 %patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1

 %build
 export CFLAGS="%{optflags}"