diff --git a/kdump-KDUMP_SSH_IDENTITY-cfg.patch b/kdump-KDUMP_SSH_IDENTITY-cfg.patch new file mode 100644 index 0000000..2772da1 --- /dev/null +++ b/kdump-KDUMP_SSH_IDENTITY-cfg.patch @@ -0,0 +1,32 @@ +Date: Tue May 16 13:30:14 2017 +0200 +From: Petr Tesarik +Subject: Add KDUMP_SSH_IDENTITY to the config file template +References: FATE#321583 +Git-commit: c257bdb31fa65133fe3a380b09e61566fefef4fe +Upstream: v0.8.17 + +Also put the new option to the config file template, so it can be +modified using the standard /etc/sysconfig editor. + +Signed-off-by: Petr Tesarik + +--- + sysconfig.kdump.in | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +--- a/sysconfig.kdump.in ++++ b/sysconfig.kdump.in +@@ -383,3 +383,13 @@ KDUMP_NOTIFICATION_CC="" + # + # See also: kdump(5) + KDUMP_HOST_KEY="" ++ ++## Type: string ++## Default: "" ++## ServiceRestart: kdump ++# ++# List of SSH identity files for public key authentication. If empty, kdump ++# will try all standard OpenSSH identities for the 'root' user. ++# ++# See also: kdump(5) ++KDUMP_SSH_IDENTITY="" diff --git a/kdump-KDUMP_SSH_IDENTITY.patch b/kdump-KDUMP_SSH_IDENTITY.patch new file mode 100644 index 0000000..d342055 --- /dev/null +++ b/kdump-KDUMP_SSH_IDENTITY.patch @@ -0,0 +1,96 @@ +Date: Tue May 16 13:23:49 2017 +0200 +From: Petr Tesarik +Subject: Add KDUMP_SSH_IDENTITY config option +References: FATE#321583 +Git-commit: 3e7e5f020024eed5c6d944e0ff9554772cbdb896 +Upstream: v0.8.17 + +Make the SSH private file configurable. + +Signed-off-by: Petr Tesarik + +--- + doc/man/kdump.5.txt.in | 9 +++++++++ + init/setup-kdump.functions | 37 ++++++++++++++++++++++++++----------- + kdumptool/define_opt.h | 1 + + 3 files changed, 36 insertions(+), 11 deletions(-) + +--- a/doc/man/kdump.5.txt.in ++++ b/doc/man/kdump.5.txt.in +@@ -643,7 +643,16 @@ Example (broken into lines for readabili + + Default: "" + ++KDUMP_SSH_IDENTITY ++~~~~~~~~~~~~~~~~~~ + ++List of SSH identity files for public key authentication. If empty, kdump ++will try all standard OpenSSH identities for the 'root' user (rsa, dsa, ++ecdsa, ed25519, in this order). ++ ++Example: "/root/.ssh/id_kdump_rsa" ++ ++Default: "" + + URL FORMAT + ---------- +--- a/init/setup-kdump.functions ++++ b/init/setup-kdump.functions +@@ -935,6 +935,27 @@ function kdump_modify_multipath() + } # }}} + + # ++# Copy SSH identity file(s) and update the target config file ++# Parameters: ++# 1) dest: root of the temporary area ++function kdump_copy_ssh_ident() # {{{ ++{ ++ local dest="$1" ++ local ssh_conf="$dest/kdump/.ssh/config" ++ local f ++ ++ shift ++ for f in "$@"; do ++ test -f "$f" || continue ++ ++ cp "$f" "${dest}/kdump/.ssh/" ++ test -f "${f}.pub" && cp "${f}.pub" "${dest}/kdump/.ssh/" ++ test -f "${f}-cert.pub" && cp "${f}-cert.pub" "${dest}/kdump/.ssh/" ++ echo "IdentityFile ${f}" >> "$ssh_conf" ++ done ++} # }}} ++ ++# + # Copy SSH keys and create a config file in the target + # Parameters: + # 1) dest: root of the temporary area +@@ -952,17 +973,11 @@ function kdump_init_ssh() # {{{ + echo "StrictHostKeyChecking yes" >> "$ssh_conf" + echo "UserKnownHostsFile /kdump/.ssh/known_hosts" >> "$ssh_conf" + +- local type +- for type in rsa dsa ecdsa ed25519 +- do +- if [ -f /root/.ssh/id_${type} -a -f /root/.ssh/id_${type}.pub ] ; then +- cp /root/.ssh/id_${type}{,.pub} "${dest}/kdump/.ssh/" +- if [ -f /root/.ssh/id_${type}-cert.pub ] ; then +- cp /root/.ssh/id_${type}-cert.pub "${dest}/kdump/.ssh/" +- fi +- echo "IdentityFile /kdump/.ssh/id_${type}" >> "$ssh_conf" +- fi +- done ++ if [ -n "$KDUMP_SSH_IDENTITY" ] ; then ++ kdump_copy_ssh_ident "$dest" $KDUMP_SSH_IDENTITY ++ else ++ kdump_copy_ssh_ident "$dest" /root/.ssh/id_{rsa,dsa,ecdsa,ed25519} ++ fi + } # }}} + + # +--- a/kdumptool/define_opt.h ++++ b/kdumptool/define_opt.h +@@ -41,3 +41,4 @@ DEFINE_OPT(KDUMP_SMTP_PASSWORD, String, + DEFINE_OPT(KDUMP_NOTIFICATION_TO, String, "", DUMP) + DEFINE_OPT(KDUMP_NOTIFICATION_CC, String, "", DUMP) + DEFINE_OPT(KDUMP_HOST_KEY, String, "", DUMP) ++DEFINE_OPT(KDUMP_SSH_IDENTITY, String, "", MKINITRD) diff --git a/kdump-always-pass-kernelver-to-dracut.patch b/kdump-always-pass-kernelver-to-dracut.patch new file mode 100644 index 0000000..05ad96d --- /dev/null +++ b/kdump-always-pass-kernelver-to-dracut.patch @@ -0,0 +1,30 @@ +From: Petr Tesarik +Subject: Always pass kernel version to dracut +References: bsc#900418 +Upstream: v0.8.17 +Git-commit: 950e82a515a2e5ea9386e54b51eb60edc09a758e + +Dracut does not take a kernel image as its argument, but rather the kernel +version, but the KERNELVERSION variable is set only if the kernel version +is explicitly given on the mkdumprd command line. + +Signed-off-by: Petr Tesarik + +--- + init/mkdumprd | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/init/mkdumprd ++++ b/init/mkdumprd +@@ -123,6 +123,11 @@ function run_dracut() + DRACUT_ARGS="--force --hostonly --omit 'plymouth resume usrmount'" + DRACUT_ARGS="$DRACUT_ARGS --compress='xz -0 --check=crc32'" + ++ if [ -z "$KERNELVERSION" ] ++ then ++ KERNELVERSION=$(get_kernel_version "$KERNEL") ++ fi ++ + # add mount points + kdump_get_mountpoints || return 1 + i=0 diff --git a/kdump-bind-mount-sysroot.patch b/kdump-bind-mount-sysroot.patch new file mode 100644 index 0000000..d36e194 --- /dev/null +++ b/kdump-bind-mount-sysroot.patch @@ -0,0 +1,43 @@ +From: Petr Tesarik +Subject: Convert sysroot to a bind mount in kdump initrd +References: bsc#976864 +Upstream: v0.8.17 +Git-commit: a532a27d0bb7f69fbf89527fb02e8434fdafa147 + +In SLES 12 SP2, systemd-fstab-generator no longer ignores non-device +root mounts, so it tries to run an actual mount command for root=kdump. +This fails, of course, because "kdump" is not mountable. + +To solve this, pass "rootflags=bind" to the panic kernel, so systemd +can create a (bogus) bind mount and be happy. + +See also kdump-root-parameter.patch. + +Signed-off-by: Petr Tesarik +--- + init/load.sh | 2 +- + init/module-setup.sh | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/init/load.sh ++++ b/init/load.sh +@@ -71,7 +71,7 @@ function build_kdump_commandline() + # Use deadline for saving the memory footprint + commandline="$commandline elevator=deadline sysrq=yes reset_devices acpi_no_memhotplug cgroup_disable=memory" + commandline="$commandline irqpoll ${nr_cpus}=${KDUMP_CPUS:-1}" +- commandline="$commandline root=kdump rd.udev.children-max=8" ++ commandline="$commandline root=kdump rootflags=bind rd.udev.children-max=8" + case $(uname -i) in + i?86|x86_64) + local boot_apicid=$( +--- a/init/module-setup.sh ++++ b/init/module-setup.sh +@@ -123,7 +123,7 @@ kdump_gen_mount_units() { + echo "${line[@]}" >> "$fstab" + done + +- echo "root=kdump" > "$initdir/proc/cmdline" ++ echo > "$initdir/proc/cmdline" + inst_binary -l \ + "$systemdutildir/system-generators/systemd-fstab-generator" \ + "/tmp/systemd-fstab-generator" diff --git a/kdump-no-xen-secondary-kernel.patch b/kdump-no-xen-secondary-kernel.patch new file mode 100644 index 0000000..a4ffdee --- /dev/null +++ b/kdump-no-xen-secondary-kernel.patch @@ -0,0 +1,74 @@ +From: Petr Tesarik +Subject: Avoid Xen kernels as kdump kernel +References: bsc#900418, bsc#974270 +Upstream: v0.8.17 +Git-commit: 5b3a612f79f8a4935cee162e3bc2f72e996f628e + +Since Xen kernels cannot run on bare metal, they must be avoided +as a secondary kernel. + +Signed-off-by: Petr Tesarik + +--- + kdumptool/findkernel.cc | 29 ++++++++++++++++++++++++----- + 1 file changed, 24 insertions(+), 5 deletions(-) + +--- a/kdumptool/findkernel.cc ++++ b/kdumptool/findkernel.cc +@@ -130,14 +130,33 @@ bool FindKernel::suitableForKdump(const + } + } + ++ Kconfig *kconfig = kt.retrieveKernelConfig(); ++ KconfigValue kv; ++ bool isxen; ++ ++ // Avoid Xenlinux kernels, because they do not run on bare metal ++ kv = kconfig->get("CONFIG_X86_64_XEN"); ++ isxen = (kv.getType() == KconfigValue::T_TRISTATE && ++ kv.getTristateValue() == KconfigValue::ON); ++ if (!isxen) { ++ kv = kconfig->get("CONFIG_X86_XEN"); ++ isxen = (kv.getType() == KconfigValue::T_TRISTATE && ++ kv.getTristateValue() == KconfigValue::ON); ++ } ++ if (isxen) { ++ Debug::debug()->dbg("%s is a Xen kernel. Avoid.", ++ kernelImage.c_str()); ++ delete kconfig; ++ return false; ++ } ++ + if (strict) { + string arch = Util::getArch(); +- Kconfig *kconfig = kt.retrieveKernelConfig(); + + // avoid large number of CPUs on x86 since that increases + // memory size constraints of the capture kernel + if (arch == "i386" || arch == "x86_64") { +- KconfigValue kv = kconfig->get("CONFIG_NR_CPUS"); ++ kv = kconfig->get("CONFIG_NR_CPUS"); + if (kv.getType() == KconfigValue::T_INTEGER && + kv.getIntValue() > MAXCPUS_KDUMP) { + Debug::debug()->dbg("NR_CPUS of %s is %d >= %d. Avoid.", +@@ -148,17 +167,17 @@ bool FindKernel::suitableForKdump(const + } + + // avoid realtime kernels +- KconfigValue kv = kconfig->get("CONFIG_PREEMPT_RT"); ++ kv = kconfig->get("CONFIG_PREEMPT_RT"); + if (kv.getType() != KconfigValue::T_INVALID) { + Debug::debug()->dbg("%s is realtime kernel. Avoid.", + kernelImage.c_str()); + delete kconfig; + return false; + } +- +- delete kconfig; + } + ++ delete kconfig; ++ + return true; + } + diff --git a/kdump-pre-generate-mount-units.patch b/kdump-pre-generate-mount-units.patch new file mode 100644 index 0000000..8dbcd9d --- /dev/null +++ b/kdump-pre-generate-mount-units.patch @@ -0,0 +1,74 @@ +From: Petr Tesarik +Subject: Pre-generate kdump mount units +References: bsc#942895 +Upstream: v0.8.17 +Git-commit: a7e47cdf9cb7db385bc30fce59abce1dc2b5cc11 + +SUSE version of dracut intentionally modifies the initrd to run +systemd-fstab-generator only after the root filesystem is mounted. +This breaks kdump-save.service, because mount units for /kdump/* +do not yet exist when kdump needs them. + +Solve this by pre-generating the required mount units in the primary +system, so kdump no longer depends on running the fstab generator in +initrd context. + +Note that I had to write a temporary /etc/fstab, because dracut +creates this file only after all modules have been processed. + +Signed-off-by: Petr Tesarik +--- + init/module-setup.sh | 35 +++++++++++++++++++++++++++++++++++ + 1 file changed, 35 insertions(+) + +--- a/init/module-setup.sh ++++ b/init/module-setup.sh +@@ -108,6 +108,39 @@ kdump_cmdline_ip() { + esac + } + ++kdump_gen_mount_units() { ++ local line ++ local fstab="$initdir/etc/fstab" ++ ++ [ -e "$fstab" ] && mv "$fstab" "$fstab.kdumpsave" ++ for line in "${fstab_lines[@]}" ++ do ++ line=($line) ++ [ "${line[1]#/kdump}" = "${line[1]}" ] && continue ++ [ -z "${line[3]}" ] && line[3]="defaults" ++ [ -z "${line[4]}" ] && line[4]="0" ++ [ -z "${line[5]}" ] && line[5]="2" ++ echo "${line[@]}" >> "$fstab" ++ done ++ ++ echo "root=kdump" > "$initdir/proc/cmdline" ++ inst_binary -l \ ++ "$systemdutildir/system-generators/systemd-fstab-generator" \ ++ "/tmp/systemd-fstab-generator" ++ chroot "$initdir" "/tmp/systemd-fstab-generator" \ ++ "$systemdsystemunitdir" \ ++ "$systemdsystemunitdir" \ ++ "$systemdsystemunitdir" ++ rm -f "$initdir/tmp/systemd-fstab-generator" ++ rm -f "$initdir/proc/cmdline" ++ ++ if [ -e "$fstab.kdumpsave" ]; then ++ mv "$fstab.kdumpsave" "$fstab" ++ else ++ rm "$fstab" ++ fi ++} ++ + cmdline() { + kdump_cmdline_ip + } +@@ -155,6 +188,8 @@ install() { + "$initdir/$systemdsystemunitdir"/kdump-save.service + ln_r "$systemdsystemunitdir"/kdump-save.service \ + "$systemdsystemunitdir"/initrd.target.wants/kdump-save.service ++ ++ kdump_gen_mount_units + else + [ "$KDUMP_FADUMP" != yes ] && \ + inst_hook mount 30 "$moddir/mount-kdump.sh" diff --git a/kdump-x86_64-kexec-file-syscall.patch b/kdump-x86_64-kexec-file-syscall.patch new file mode 100644 index 0000000..8f09652 --- /dev/null +++ b/kdump-x86_64-kexec-file-syscall.patch @@ -0,0 +1,29 @@ +From: Joey Lee +Subject: Use 'kexec -s' on x86_64 +References: FATE#315018, bsc#884453 +Upstream: v0.8.17 +Git-commit: 48162b5fc73d733ce57a27e4f6df7e46cae66684 + +The kexec(2) system call is disabled if booted with Secure Boot. Tell +kexec (the utility) to use kexec_file(2) instead on x86_64. + +Signed-off-by: Joey Lee + +--- + init/load.sh | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/init/load.sh ++++ b/init/load.sh +@@ -135,6 +135,11 @@ function build_kexec_options() + options="$options --noio" + fi + ++ # add -s on x86_64 for signature verification of kernel ++ if [ "$(uname -i)" = "x86_64" ] ; then ++ options="$options -s" ++ fi ++ + echo "$options" + } + diff --git a/kdump.changes b/kdump.changes index a15ffe6..3d27463 100644 --- a/kdump.changes +++ b/kdump.changes @@ -1,3 +1,30 @@ +------------------------------------------------------------------- +Wed May 17 13:31:11 UTC 2017 - ptesarik@suse.com + +- kdump-x86_64-kexec-file-syscall.patch: add -s on x86_64 for + signature verification of kernel. (fate#315018, bsc#884453) + +------------------------------------------------------------------- +Wed May 17 13:18:23 UTC 2017 - ptesarik@suse.com + +- kdump-bind-mount-sysroot.patch: Convert sysroot to a bind mount + in kdump initrd (bsc#976864). +- kdump-pre-generate-mount-units.patch: Pre-generate kdump mount + units (bsc#942895). +- kdump-always-pass-kernelver-to-dracut.patch: Always pass kernel + version to dracut (bsc#900418). +- kdump-no-xen-secondary-kernel.patch: Avoid Xenlinux (aka + traditional, Xenified or SUSE) kernels as kdump kernel + (bsc#900418, bsc#974270). + +------------------------------------------------------------------- +Tue May 16 11:31:53 UTC 2017 - ptesarik@suse.com + +- kdump-KDUMP_SSH_IDENTITY.patch: Add KDUMP_SSH_IDENTITY config + option (FATE#321583). +- kdump-KDUMP_SSH_IDENTITY-cfg.patch: Add KDUMP_SSH_IDENTITY to the + config file template (FATE#321583). + ------------------------------------------------------------------- Sat Feb 18 14:38:57 CET 2017 - kukuk@suse.de @@ -18,6 +45,22 @@ Wed Oct 5 10:55:39 UTC 2016 - ptesarik@suse.com Wed Oct 5 07:53:00 UTC 2016 - ptesarik@suse.com - Update to 0.8.16 + o Improve systemd integration (FATE#319020, bsc#900134, + bsc#909515, bsc#936363, bsc#936475, bsc#936489, bsc#942895, + bsc#943902, bsc#944606, bsc#947825, bsc#948913). + o Use OpenSSH for SSH and SFTP (FATE#318874, bsc#917747). + o Improve 'kdumptool calibrate' (FATE#318842, bsc#882082, + bsc#947539, bsc#952141, bsc#953732). + o Improve network initialization (bsc#943214, bsc#944201, + bsc#980328). + o Fix FADUMP with systemd (bsc#917846, bsc#923790, bsc#944699). + o Fix saving to XFS (bsc#964206). + o Use full path to dracut (bsc#989972, bsc#990200, + CVE-2016-5759). + o Documentation updates (bsc#987862, bsc#997104). + o Various smaller fixes (bsc#905690, bsc#927451, bsc#932339, + bsc#934581, bsc#941088, bsc#946242, bsc#948956, bsc#951844, + bsc#952149, bsc#970708, bsc#973213, bsc#984799, bsc#986081). - Drop patches now in mainline: o 0001-multipath-Write-proper-regex-into-multipath-conf.patch o kdump-add-IPv6-KDUMP_NETCONFIG-modes.patch diff --git a/kdump.spec b/kdump.spec index bcb81c7..f0d90d2 100644 --- a/kdump.spec +++ b/kdump.spec @@ -42,6 +42,13 @@ Url: https://github.com/ptesarik/kdump Source: %{name}-%{version}.tar.bz2 Source2: %{name}-rpmlintrc Patch1: %{name}-cmake-compat.patch +Patch2: %{name}-KDUMP_SSH_IDENTITY.patch +Patch3: %{name}-KDUMP_SSH_IDENTITY-cfg.patch +Patch4: %{name}-no-xen-secondary-kernel.patch +Patch5: %{name}-always-pass-kernelver-to-dracut.patch +Patch6: %{name}-pre-generate-mount-units.patch +Patch7: %{name}-bind-mount-sysroot.patch +Patch8: %{name}-x86_64-kexec-file-syscall.patch BuildRequires: asciidoc BuildRequires: cmake BuildRequires: gcc-c++ @@ -102,6 +109,13 @@ after a crash dump has occured. %prep %setup -q %patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 %build export CFLAGS="%{optflags}"