From a45e3d9c5b77faf758b1b0b6182efa82bef3be121a8823d627db8a021340d26c Mon Sep 17 00:00:00 2001 From: Nikolay Gueorguiev Date: Thu, 9 Jan 2025 11:12:54 +0000 Subject: [PATCH] - Applied backport patches from s390-tools 2.37 to 2.36 ( jsc#PED-11870 ) ( jsc#IBM-1447, jsc#IBM-1062 ) * s390-tools-General-update-01.patch * s390-tools-General-update-02.patch * s390-tools-General-update-03.patch * s390-tools-General-update-04.patch * s390-tools-General-update-05.patch * s390-tools-General-update-06.patch * s390-tools-General-update-07.patch * s390-tools-General-update-08.patch * s390-tools-General-update-09.patch * s390-tools-General-update-10.patch * s390-tools-General-update-11.patch * s390-tools-General-update-12.patch * s390-tools-Additional-update-01.patch * s390-tools-Additional-update-02.patch ( jsc#IBM-1570, jsc#IBM-1571 ) * s390-tools-Support-unencrypted-SE-images-01.patch ( jsc#IBM-1572, jsc#IBM-1573 ) * s390-tools-pvimg-info-command-01.patch * s390-tools-pvimg-info-command-02.patch * s390-tools-pvimg-info-command-03.patch * s390-tools-pvimg-info-command-04.patch ( jsc#IBM-1576, jsc#IBM-1577 ) * s390-tools-pvimg-additional-01.patch - Renamed patches from - to * s390-tools-01-opticsmon-Fix-runaway-loop-in-on_link_change.patch to s390-tools-Additional-update-01.patch * s390-tools-02-libzpci-opticsmon-Refactor-on_link_change-using-new.patch to s390-tools-Additional-update-02.patch * s390-tools-03-rust-pvimg-Add-enable-disable-image-encryption-flags-to-pvimg-create.patch to s390-tools-Support-unencrypted-SE-images-01.patch - Revendored vendor.tar.gz OBS-URL: https://build.opensuse.org/package/show/Base:System/s390-tools?expand=0&rev=243 --- .gitattributes | 23 + .gitignore | 1 + 59-graf.rules.opensuse | 13 + 59-graf.rules.suse | 13 + 59-prng.rules | 5 + 59-zfcp-compat.rules | 23 + 90-s390-tools.conf | 25 + README.SUSE.opensuse | 57 + README.SUSE.suse | 57 + _service | 8 + appldata | 126 + appldata.service | 17 + cargo_config | 5 + cio_ignore.service | 13 + cputype | 73 + cputype.1 | 50 + ctc_configure | 128 + ctc_configure.8 | 155 + dasd_configure.8 | 60 + dasd_configure.opensuse | 173 + dasd_configure.suse | 173 + dasd_reload.opensuse | 156 + dasd_reload.suse | 156 + dasdro | 20 + detach_disks.sh.opensuse | 157 + detach_disks.sh.suse | 157 + hsnc | 181 + hsnc.service | 16 + iucv_configure.8 | 64 + iucv_configure.opensuse | 133 + iucv_configure.suse | 133 + killcdl.opensuse | 217 + killcdl.suse | 217 + lgr_check | 335 ++ mkdump.8 | 72 + mkdump.pl.opensuse | 666 +++ mkdump.pl.suse | 666 +++ pkey.conf | 10 + qeth_configure | 174 + qeth_configure.8 | 66 + read_values.8 | 50 + read_values.c | 628 +++ rules.hw_random | 2 + rules.xpram | 2 + ...n-Fix-runaway-loop-in-on_link_change.patch | 64 + ...pport-for-multiple-target-base-disks.patch | 969 ++++ ...ce-mapper-add-missed-step-in-logical.patch | 67 + ...on-Refactor-on_link_change-using-new.patch | 129 + ...pport-for-multiple-target-base-disks.patch | 15 + ...recise-check-that-file-is-on-specifi.patch | 63 + ...age-encryption-flags-to-pvimg-create.patch | 334 ++ s390-tools-2.31.0.tar.gz | 3 + ...ols-2.34-Fix-Rust-compilation-errors.patch | 51 + s390-tools-2.34.0.tar.gz | 3 + s390-tools-2.35.0.tar.gz | 3 + s390-tools-2.36.0.tar.gz | 3 + s390-tools-ALP-zdev-live.patch | 133 + s390-tools-Additional-update-01.patch | 64 + s390-tools-Additional-update-02.patch | 129 + s390-tools-General-update-01.patch | 147 + s390-tools-General-update-02.patch | 467 ++ s390-tools-General-update-03.patch | 57 + s390-tools-General-update-04.patch | 204 + s390-tools-General-update-05.patch | 710 +++ s390-tools-General-update-06.patch | 877 +++ s390-tools-General-update-07.patch | 95 + s390-tools-General-update-08.patch | 423 ++ s390-tools-General-update-09.patch | 313 ++ s390-tools-General-update-10.patch | 111 + s390-tools-General-update-11.patch | 387 ++ s390-tools-General-update-12.patch | 1207 +++++ ...ols-Support-unencrypted-SE-images-01.patch | 334 ++ s390-tools-pvimg-additional-01.patch | 167 + s390-tools-pvimg-info-command-01.patch | 58 + s390-tools-pvimg-info-command-02.patch | 51 + s390-tools-pvimg-info-command-03.patch | 334 ++ s390-tools-pvimg-info-command-04.patch | 101 + s390-tools-rpmlintrc | 6 + ...tools-sles12-create-filesystem-links.patch | 30 + ...-partition-check-and-BLKRRPART-ioctl.patch | 33 + ...ks-on-change-and-add-action.patch.opensuse | 34 + ...-links-on-change-and-add-action.patch.suse | 26 + s390-tools-sles12-zipl_boot_msg.patch | 20 + ...sles15-sysconfig-compatible-dumpconf.patch | 148 + ...ev-Do-not-call-zipl-on-initrd-update.patch | 50 + ...5sp3-Allow-multiple-device-arguments.patch | 465 ++ ...sles15sp3-Format-devices-in-parallel.patch | 176 + ...ools-sles15sp3-Implement-Y-yast_mode.patch | 196 + ...mplement-f-for-backwards-compability.patch | 62 + ...-retry-BIODASDINFO-if-device-is-busy.patch | 56 + ...rt-Armonk-in-IBM-signing-key-subject.patch | 286 + ...es15sp5-remove-no-pie-link-arguments.patch | 17 + ...6-01-parse-ipl-device-for-activation.patch | 97 + ...rt-Armonk-in-IBM-signing-key-subject.patch | 304 ++ ...rt-Armonk-in-IBM-signing-key-subject.patch | 224 + ...5sp6-04-pvattest-Fix-root-ca-parsing.patch | 25 + ...-tools-sles15sp6-genprotimg-makefile.patch | 92 + ...p6-kdump-initrd-59-zfcp-compat-rules.patch | 28 + ...o-01-parse-ipl-device-for-activation.patch | 112 + s390-tools-zdsfs.caution.txt | 19 + s390-tools.changes | 4781 +++++++++++++++++ s390-tools.spec | 864 +++ setup_cio_ignore.sh | 16 + sysconfig.appldata | 35 + sysconfig.hsnc | 23 + sysconfig.osasnmpd | 14 + sysconfig.virtsetup | 48 + sysconfig.xpram | 48 + vendor.tar.gz | 3 + virtsetup.service | 13 + virtsetup.sh.opensuse | 92 + virtsetup.sh.suse | 92 + vmlogrdr.service.opensuse | 15 + vmlogrdr.service.suse | 15 + xpram | 181 + xpram.service | 18 + zfcp_disk_configure | 73 + zfcp_disk_configure.8 | 46 + zfcp_host_configure | 95 + zfcp_host_configure.8 | 42 + zfcp_san_disc | 330 ++ zipl.conf | 31 + zpxe.rexx | 528 ++ 123 files changed, 23458 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 59-graf.rules.opensuse create mode 100644 59-graf.rules.suse create mode 100644 59-prng.rules create mode 100644 59-zfcp-compat.rules create mode 100644 90-s390-tools.conf create mode 100644 README.SUSE.opensuse create mode 100644 README.SUSE.suse create mode 100644 _service create mode 100644 appldata create mode 100644 appldata.service create mode 100644 cargo_config create mode 100644 cio_ignore.service create mode 100644 cputype create mode 100644 cputype.1 create mode 100644 ctc_configure create mode 100644 ctc_configure.8 create mode 100644 dasd_configure.8 create mode 100644 dasd_configure.opensuse create mode 100644 dasd_configure.suse create mode 100644 dasd_reload.opensuse create mode 100644 dasd_reload.suse create mode 100644 dasdro create mode 100644 detach_disks.sh.opensuse create mode 100644 detach_disks.sh.suse create mode 100644 hsnc create mode 100644 hsnc.service create mode 100644 iucv_configure.8 create mode 100644 iucv_configure.opensuse create mode 100644 iucv_configure.suse create mode 100644 killcdl.opensuse create mode 100644 killcdl.suse create mode 100644 lgr_check create mode 100644 mkdump.8 create mode 100644 mkdump.pl.opensuse create mode 100644 mkdump.pl.suse create mode 100644 pkey.conf create mode 100644 qeth_configure create mode 100644 qeth_configure.8 create mode 100644 read_values.8 create mode 100644 read_values.c create mode 100644 rules.hw_random create mode 100644 rules.xpram create mode 100644 s390-tools-01-opticsmon-Fix-runaway-loop-in-on_link_change.patch create mode 100644 s390-tools-01-zipl-src-add-basic-support-for-multiple-target-base-disks.patch create mode 100644 s390-tools-01-zipl_helper.device-mapper-add-missed-step-in-logical.patch create mode 100644 s390-tools-02-libzpci-opticsmon-Refactor-on_link_change-using-new.patch create mode 100644 s390-tools-02-zipl-src-add-basic-support-for-multiple-target-base-disks.patch create mode 100644 s390-tools-02-zipl-src-fix-imprecise-check-that-file-is-on-specifi.patch create mode 100644 s390-tools-03-rust-pvimg-Add-enable-disable-image-encryption-flags-to-pvimg-create.patch create mode 100644 s390-tools-2.31.0.tar.gz create mode 100644 s390-tools-2.34-Fix-Rust-compilation-errors.patch create mode 100644 s390-tools-2.34.0.tar.gz create mode 100644 s390-tools-2.35.0.tar.gz create mode 100644 s390-tools-2.36.0.tar.gz create mode 100644 s390-tools-ALP-zdev-live.patch create mode 100644 s390-tools-Additional-update-01.patch create mode 100644 s390-tools-Additional-update-02.patch create mode 100644 s390-tools-General-update-01.patch create mode 100644 s390-tools-General-update-02.patch create mode 100644 s390-tools-General-update-03.patch create mode 100644 s390-tools-General-update-04.patch create mode 100644 s390-tools-General-update-05.patch create mode 100644 s390-tools-General-update-06.patch create mode 100644 s390-tools-General-update-07.patch create mode 100644 s390-tools-General-update-08.patch create mode 100644 s390-tools-General-update-09.patch create mode 100644 s390-tools-General-update-10.patch create mode 100644 s390-tools-General-update-11.patch create mode 100644 s390-tools-General-update-12.patch create mode 100644 s390-tools-Support-unencrypted-SE-images-01.patch create mode 100644 s390-tools-pvimg-additional-01.patch create mode 100644 s390-tools-pvimg-info-command-01.patch create mode 100644 s390-tools-pvimg-info-command-02.patch create mode 100644 s390-tools-pvimg-info-command-03.patch create mode 100644 s390-tools-pvimg-info-command-04.patch create mode 100644 s390-tools-rpmlintrc create mode 100644 s390-tools-sles12-create-filesystem-links.patch create mode 100644 s390-tools-sles12-fdasd-skip-partition-check-and-BLKRRPART-ioctl.patch create mode 100644 s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.opensuse create mode 100644 s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.suse create mode 100644 s390-tools-sles12-zipl_boot_msg.patch create mode 100644 s390-tools-sles15-sysconfig-compatible-dumpconf.patch create mode 100644 s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch create mode 100644 s390-tools-sles15sp3-Allow-multiple-device-arguments.patch create mode 100644 s390-tools-sles15sp3-Format-devices-in-parallel.patch create mode 100644 s390-tools-sles15sp3-Implement-Y-yast_mode.patch create mode 100644 s390-tools-sles15sp3-Implement-f-for-backwards-compability.patch create mode 100644 s390-tools-sles15sp3-dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch create mode 100644 s390-tools-sles15sp5-01-rust-pv-support-Armonk-in-IBM-signing-key-subject.patch create mode 100644 s390-tools-sles15sp5-remove-no-pie-link-arguments.patch create mode 100644 s390-tools-sles15sp6-01-parse-ipl-device-for-activation.patch create mode 100644 s390-tools-sles15sp6-02-genprotimg-support-Armonk-in-IBM-signing-key-subject.patch create mode 100644 s390-tools-sles15sp6-03-libpv-support-Armonk-in-IBM-signing-key-subject.patch create mode 100644 s390-tools-sles15sp6-04-pvattest-Fix-root-ca-parsing.patch create mode 100644 s390-tools-sles15sp6-genprotimg-makefile.patch create mode 100644 s390-tools-sles15sp6-kdump-initrd-59-zfcp-compat-rules.patch create mode 100644 s390-tools-slfo-01-parse-ipl-device-for-activation.patch create mode 100644 s390-tools-zdsfs.caution.txt create mode 100644 s390-tools.changes create mode 100644 s390-tools.spec create mode 100644 setup_cio_ignore.sh create mode 100644 sysconfig.appldata create mode 100644 sysconfig.hsnc create mode 100644 sysconfig.osasnmpd create mode 100644 sysconfig.virtsetup create mode 100644 sysconfig.xpram create mode 100644 vendor.tar.gz create mode 100644 virtsetup.service create mode 100644 virtsetup.sh.opensuse create mode 100644 virtsetup.sh.suse create mode 100644 vmlogrdr.service.opensuse create mode 100644 vmlogrdr.service.suse create mode 100644 xpram create mode 100644 xpram.service create mode 100644 zfcp_disk_configure create mode 100644 zfcp_disk_configure.8 create mode 100644 zfcp_host_configure create mode 100644 zfcp_host_configure.8 create mode 100644 zfcp_san_disc create mode 100644 zipl.conf create mode 100644 zpxe.rexx diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/59-graf.rules.opensuse b/59-graf.rules.opensuse new file mode 100644 index 0000000..dd7d1d9 --- /dev/null +++ b/59-graf.rules.opensuse @@ -0,0 +1,13 @@ +# +# Rules for unique 3270 device nodes created in /dev/3270/ +# This file should be installed in /usr/lib/udev/rules.d +# + +SUBSYSTEM!="ccw", GOTO="graf_end" +DRIVER!="3270", GOTO="graf_end" + +# Configure 3270 device +ACTION=="add", SUBSYSTEM=="ccw", PROGRAM="/usr/sbin/chccwdev -e $kernel" +ACTION=="remove", SUBSYSTEM=="ccw", PROGRAM="/usr/sbin/chccwdev -d $kernel" + +LABEL="graf_end" diff --git a/59-graf.rules.suse b/59-graf.rules.suse new file mode 100644 index 0000000..c1e1fc7 --- /dev/null +++ b/59-graf.rules.suse @@ -0,0 +1,13 @@ +# +# Rules for unique 3270 device nodes created in /dev/3270/ +# This file should be installed in /usr/lib/udev/rules.d +# + +SUBSYSTEM!="ccw", GOTO="graf_end" +DRIVER!="3270", GOTO="graf_end" + +# Configure 3270 device +ACTION=="add", SUBSYSTEM=="ccw", PROGRAM="/sbin/chccwdev -e $kernel" +ACTION=="remove", SUBSYSTEM=="ccw", PROGRAM="/sbin/chccwdev -d $kernel" + +LABEL="graf_end" diff --git a/59-prng.rules b/59-prng.rules new file mode 100644 index 0000000..2248d55 --- /dev/null +++ b/59-prng.rules @@ -0,0 +1,5 @@ +# +# Rule for prandom character device node permissions +# This file should be installed in /usr/lib/udev/rules.d +# +ACTION=="add", SUBSYSTEM=="misc", KERNEL=="prandom", MODE="0444" diff --git a/59-zfcp-compat.rules b/59-zfcp-compat.rules new file mode 100644 index 0000000..9baeb8f --- /dev/null +++ b/59-zfcp-compat.rules @@ -0,0 +1,23 @@ +# Rules for creating the ID_PATH for SCSI devices based on the CCW bus +# using the form: ccw--zfcp-: +# +ACTION=="remove", GOTO="zfcp_scsi_device_end" + +# +# Set environment variable "ID_ZFCP_BUS" to "1" if the devices +# (both disk and partition) are SCSI devices based on FCP devices +# +KERNEL=="sd*", SUBSYSTEMS=="ccw", DRIVERS=="zfcp", ENV{.ID_ZFCP_BUS}="1" + +# For SCSI disks +KERNEL=="sd*[!0-9]", SUBSYSTEMS=="scsi", \ + ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="disk", \ + SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}" + + +# For partitions on a SCSI disk +KERNEL=="sd*[0-9]", SUBSYSTEMS=="scsi", \ + ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="partition", \ + SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}-part%n" + +LABEL="zfcp_scsi_device_end" diff --git a/90-s390-tools.conf b/90-s390-tools.conf new file mode 100644 index 0000000..a83661d --- /dev/null +++ b/90-s390-tools.conf @@ -0,0 +1,25 @@ +# +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# All rights reserved. +# +# Please don't edit this file. Place your settings into +# /etc/modprobe.d/99-local.conf instead. +# +# The dasd_diag_mod kernel module will not function properly +# unless the dasd_fba_mod module is also loaded. However, +# there are no cross-module symbol dependencies that would +# cause and entry to be placed in +# /lib/modules/$(uname -r)/modules.dep +# So, we're adding this "soft" dependency here to make sure that +# any time dasd_diag_mod gets loaded, so will dasd_fba_mod. +# +# Additionally, DASD devices that are supposed to be used in +# DIAG250 mode will have problems because as far as the kernel +# is concerned, and hence udev, the driver is dasd_fba_mod. So, +# we need to also have the reverse dependency so that when +# dasd_fba_mod gets loaded, so will dasd_diag_mod. This will +# prevent problems that would show up in the system log as: +# Setting the DASD online failed because of missing DIAG discipline +# +softdep dasd_diag_mod pre: dasd_fba_mod +softdep dasd_fba_mod pre: dasd_diag_mod diff --git a/README.SUSE.opensuse b/README.SUSE.opensuse new file mode 100644 index 0000000..79e34f1 --- /dev/null +++ b/README.SUSE.opensuse @@ -0,0 +1,57 @@ + +ls - Addons by SUSE + + The following utility and its man page have been added to make it + easier to determine the machine type on which Linux is running. + + * cputype + Usage: cputype + + The following utilities and their man pages have been added by SUSE to + ease the activation and deactivation of devices. These scripts are also + used by YaST. Functionality not provided by these scripts cannot be + provided by YaST. + These scripts also create/delete the needed udev rules. + Detailed information on some parameters are in the + "Device Drivers, Features and Commands" for this release. + + General parameters + channel numbers are with lower letters + parameters switching things on or off are + 1 for on and 0 for off + + * ctc_configure + Usage: /usr/sbin/ctc_configure [] + To configure CTC connections + Valid Parameters for the protocal are 0, 1 and 3 + For a detailed explanation please look in the Device Driver book + + * dasd_configure + Usage: dasd_configure + To set DASDs online/offline + The use_diag makes only sense under z/VM. In an + LPAR just set it to 0 + + * iucv_configure + Usage: /usr/sbin/iucv_configure + To set an IUCV IP-network online/offline + + * qeth_configure + Usage: /usr/sbin/qeth_configure [options] + Set qeth, hipersocket adapter online/offline. + options could be one of the following: + + -i Configure IP takeover + -l Configure Layer2 support + -p NAME QETH Portname to use + -n 1/0 QETH port number to use + + + * zfcp_disk_configure + Usage: /usr/sbin/zfcp_disk_configure + set a disk online/offline. This require that the repective + Adapter is online. See command below. + + * zfcp_host_configure + Usage: /usr/sbin/zfcp_host_configure + Set a zfcp Adapter online/offline diff --git a/README.SUSE.suse b/README.SUSE.suse new file mode 100644 index 0000000..1d98ca5 --- /dev/null +++ b/README.SUSE.suse @@ -0,0 +1,57 @@ + +ls - Addons by SUSE + + The following utility and its man page have been added to make it + easier to determine the machine type on which Linux is running. + + * cputype + Usage: cputype + + The following utilities and their man pages have been added by SUSE to + ease the activation and deactivation of devices. These scripts are also + used by YaST. Functionality not provided by these scripts cannot be + provided by YaST. + These scripts also create/delete the needed udev rules. + Detailed information on some parameters are in the + "Device Drivers, Features and Commands" for this release. + + General parameters + channel numbers are with lower letters + parameters switching things on or off are + 1 for on and 0 for off + + * ctc_configure + Usage: /sbin/ctc_configure [] + To configure CTC connections + Valid Parameters for the protocal are 0, 1 and 3 + For a detailed explanation please look in the Device Driver book + + * dasd_configure + Usage: dasd_configure + To set DASDs online/offline + The use_diag makes only sense under z/VM. In an + LPAR just set it to 0 + + * iucv_configure + Usage: /sbin/iucv_configure + To set an IUCV IP-network online/offline + + * qeth_configure + Usage: /sbin/qeth_configure [options] + Set qeth, hipersocket adapter online/offline. + options could be one of the following: + + -i Configure IP takeover + -l Configure Layer2 support + -p NAME QETH Portname to use + -n 1/0 QETH port number to use + + + * zfcp_disk_configure + Usage: /sbin/zfcp_disk_configure + set a disk online/offline. This require that the repective + Adapter is online. See command below. + + * zfcp_host_configure + Usage: /sbin/zfcp_host_configure + Set a zfcp Adapter online/offline diff --git a/_service b/_service new file mode 100644 index 0000000..4a4786b --- /dev/null +++ b/_service @@ -0,0 +1,8 @@ + + + s390-tools-2.29.0.tar.gz + zst + true + + + diff --git a/appldata b/appldata new file mode 100644 index 0000000..6dbc4d0 --- /dev/null +++ b/appldata @@ -0,0 +1,126 @@ +#!/bin/sh +# Copyright (c) 2003 SUSE LINUX AG Nuernberg, Germany. +# +# Submit feedback to http://www.suse.de/feedback/ + +# Local settings +LOCKFILE=/var/lock/appldata +CONFIGFILE=/etc/sysconfig/appldata + +# Source config file +if [ -f $CONFIGFILE ]; then + . $CONFIGFILE +else + echo "No config file found (should be $CONFIGFILE)." + exit 1 +fi + +RETVAL=0 + +start() { + echo "Starting \"Linux - z/VM Monitor Stream\" ..." + echo -n "(interval $APPLDATA_INTERVAL milliseconds) " + echo $APPLDATA_INTERVAL > /proc/sys/appldata/interval + if [ "$APPLDATA_MEM" = "yes" ]; then + if [ ! -e /proc/sys/appldata/mem ]; then + echo -n "(mem) " + modprobe appldata_mem 2>&1 + if [ "$?" -ne 0 ] ; then + exit 1 + else + echo 1 > /proc/sys/appldata/mem + fi + fi + fi + if [ "$APPLDATA_OS" = "yes" ]; then + if [ ! -e /proc/sys/appldata/os ]; then + echo -n "(os) " + modprobe appldata_os 2>&1 + if [ "$?" -ne 0 ]; then + exit 1 + else + echo 1 > /proc/sys/appldata/os + fi + fi + fi + if [ "$APPLDATA_NET_SUM" = "yes" ]; then + if [ ! -e /proc/sys/appldata/net_sum ]; then + echo -n "(net_sum) " + modprobe appldata_net_sum 2>&1 + if [ "$?" -ne 0 ]; then + exit 1 + else + echo 1 > /proc/sys/appldata/net_sum + fi + fi + fi + echo -n "(timer)" + echo 1 > /proc/sys/appldata/timer + touch $LOCKFILE +} + +stop() { + echo -n "Stopping \"Linux - z/VM Monitor Stream\" " + echo -n "(timer" + echo 0 > /proc/sys/appldata/timer + if [ -e /proc/sys/appldata/mem ]; then + echo -n ",mem" + echo 0 > /proc/sys/appldata/mem + rmmod appldata_mem + fi + if [ -e /proc/sys/appldata/os ]; then + echo -n ",os" + echo 0 > /proc/sys/appldata/os + rmmod appldata_os + fi + if [ -e /proc/sys/appldata/net_sum ]; then + echo -n ",net_sum" + echo 0 > /proc/sys/appldata/net_sum + rmmod appldata_net_sum + fi + echo -n ")" + rm -f $LOCKFILE +} + +status() { + echo "\"Linux - z/VM Monitor Stream\" status..." + echo -n "interval " + cat /proc/sys/appldata/interval + echo -n "timer " + cat /proc/sys/appldata/timer + echo -n "mem " + if [ -e /proc/sys/appldata/mem ]; then + cat /proc/sys/appldata/mem + else + echo 0 + fi + echo -n "os " + if [ -e /proc/sys/appldata/os ]; then + cat /proc/sys/appldata/os + else + echo 0 + fi + echo -n "net_sum " + if [ -e /proc/sys/appldata/net_sum ]; then + cat /proc/sys/appldata/net_sum + else + echo 0 + fi +} + +# How are we called? +case "$1" in + start) + start + ;; + stop) + stop + ;; + status) + status + ;; + *) + RETVAL=1 +esac + +exit $RETVAL diff --git a/appldata.service b/appldata.service new file mode 100644 index 0000000..7a61169 --- /dev/null +++ b/appldata.service @@ -0,0 +1,17 @@ +[Unit] +Description=Linux - z/VM Monitor Stream +After=network-online.target remote-fs.target +Wants=network-online.target remote-fs.target +ConditionPathExists=/proc/sys/appldata/interval +ConditionPathExists=!/var/lock/appldata + +[Service] +Type=oneshot +RemainAfterExit=yes + +ExecStart=/usr/lib/systemd/scripts/appldata start +ExecStartPost=/usr/lib/systemd/scripts/appldata status +ExecStop=/usr/lib/systemd/scripts/appldata stop + +[Install] +WantedBy=default.target diff --git a/cargo_config b/cargo_config new file mode 100644 index 0000000..f0c3455 --- /dev/null +++ b/cargo_config @@ -0,0 +1,5 @@ +[source.crates-io] +replace-with = "vendored-sources" + +[source.vendored-sources] +directory = "vendor/" diff --git a/cio_ignore.service b/cio_ignore.service new file mode 100644 index 0000000..66b09ff --- /dev/null +++ b/cio_ignore.service @@ -0,0 +1,13 @@ +[Unit] +Description=Setup devices for cio_ignore +DefaultDependencies=no +Before=local-fs.target +ConditionKernelCommandLine=cio_ignore + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/lib/systemd/scripts/setup_cio_ignore.sh + +[Install] +WantedBy=sysinit.target diff --git a/cputype b/cputype new file mode 100644 index 0000000..98ac99a --- /dev/null +++ b/cputype @@ -0,0 +1,73 @@ +#!/bin/sh +# +# cputype +# +# Copyright (c) 2014-2017, 2019, 2023 SUSE LINUX GmbH, Nuernberg, Germany. +# +# Based on the IBM machine model, returns a (hopefully) human understandable +# string that identifies the processor. +# +# Usage: +# cputype +# +# Return values: +# 1 The script was executed on a system that is a non-IBM mainframe +# architecture +# 2 The search for the machine type in /proc/cpuinfo returned a null string +# 3 The parsing of the machine type returned a null string +# 4 The machine type found is (probably) a new one, and the script needs to +# be updated to handle it. +# + +architecture=$(/bin/uname -m) +if [ "${architecture}" != "s390x" -a "${architecture}" != "s390" ]; then + echo "This command is only useful on IBM mainframes." >&2 + exit 1 +fi + +args=$(/usr/bin/grep machine /proc/cpuinfo | awk '{print $11}' ) + +if [ -z "${args}" ]; then + echo "I couldn't find the machine type. Please report a bug with this output:" >&2 + /bin/cat /proc/cpuinfo >&2 + echo "******************" >&2 + /usr/bin/grep machine /proc/cpuinfo >&2 + exit 2 +fi + +machine=${args:0:4} + +if [ -z "${machine}" ] ; then + echo "The machine type came out null. Please report a bug with this output:" >&2 + /bin/cat /proc/cpuinfo >&2 + exit 3 +fi + +case "${machine}" in + 2064) echo "${machine} = z900 IBM eServer zSeries 900" ;; + 2066) echo "${machine} = z800 IBM eServer zSeries 800" ;; + 2084) echo "${machine} = z990 IBM eServer zSeries 990" ;; + 2086) echo "${machine} = z890 IBM eServer zSeries 890" ;; + 2094) echo "${machine} = z9-EC IBM System z9 Enterprise Class" ;; + 2096) echo "${machine} = z9-BC IBM System z9 Business Class" ;; + 2097) echo "${machine} = z10-EC IBM System z10 Enterprise Class" ;; + 2098) echo "${machine} = z10-BC IBM System z10 Business Class" ;; + 2817) echo "${machine} = z196 IBM zEnterprise 196" ;; + 2818) echo "${machine} = z114 IBM zEnterprise 114" ;; + 2827) echo "${machine} = z12-EC IBM zEnterprise EC12" ;; + 2828) echo "${machine} = z12-BC IBM zEnterprise BC12" ;; + 2964) echo "${machine} = z13 IBM z13" ;; + 2965) echo "${machine} = z13s IBM z13s (single frame)" ;; + 3906) echo "${machine} = z14 IBM z14" ;; + 3907) echo "${machine} = z14 ZR1 IBM z14 ZR1" ;; + 8561) echo "${machine} = z15 T01 IBM z15 T01" ;; + 8562) echo "${machine} = z15 T02 IBM z15 T02" ;; + 3931) echo "${machine} = z16 A01 IBM z16 A01" ;; + 3932) echo "${machine} = z16 A02 IBM z16 A02" ;; + *) echo "An unknown machine type was reported: ${machine}" >&2 + echo "Please file a bug report with this output:" >&2 + /bin/cat /proc/cpuinfo >&2 + exit 4 + ;; +esac + diff --git a/cputype.1 b/cputype.1 new file mode 100644 index 0000000..1ee5733 --- /dev/null +++ b/cputype.1 @@ -0,0 +1,50 @@ +.TH cputype 1 "April 2014" "s390-tools" +.SH NAME +cputype \- Based on the IBM machine model, returns a (hopefully) human understandable string that identifies the processor. +.SH SYNOPSIS +.B cputype +.SH DESCRIPTION +.B cputype +is intended to make it easy to find out the type of the mainframe system in use, by examining /proc/cpuinfo and converting that to the name typically known by people familiar with the IBM mainframe. +.SH PARAMETERS +.IP None +.SH FILES +.I /proc/cpuinfo +.RS +Read to determine the IBM machine model for the running system. +.RE +.SH DIAGNOSTICS +The following messages may be issued on stderr: +.IP +.B This command is only useful on IBM mainframes. +.RS +The command was executed on a system that is running on a non-IBM mainframe architecture. +Return code 1 is set. +.RE +.IP +.B I couldn't find the machine type. Please report a bug with this output: +.RS +The contents of /proc/cpuinfo are printed as well as the output from the grep command used. +Return code 2 is set. +.RE +.IP +.B The machine type came out null. Please report a bug with this output: +.RS +The contents of /proc/cpuinfo are printed. Return code 3 is set. +.RE +.IP +.B An unknown machine type was reported: mmmm +.RS +.B Please file a bug report with this output: +.RE +.RS +This is most likely seen because the command was run on a newer generation processor +and the script has not been updated with the new model number. +The contents of /proc/cpuinfo are printed. Return code 4 is set. +.RE +.SH Author +Mark Post (mpost@suse.com) +.SH Copyright +Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +.SH BUGS +Gotta be some, I'm sure. If you find one, please open a bug report. diff --git a/ctc_configure b/ctc_configure new file mode 100644 index 0000000..3d4ee1f --- /dev/null +++ b/ctc_configure @@ -0,0 +1,128 @@ +#! /bin/sh +# +# ctc_configure +# +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# +# Configures a CTC device by calling the IBM-provided chzdev command. +# Whereas this script used to validate the parameters provided to it, +# we now rely on chzdev to do that instead. The script is intended only +# as a "translation layer" to provide backward compatability for older +# scripts and tools that invoke it. +# +# Usage: +# ctc_configure [] +# +# read/write channel = x.y.ssss where +# x is always 0 until IBM creates something that +# uses that number +# y is the logical channel subsystem (lcss) number. +# Most often this is 0, but it could be non-zero +# ssss is the four digit subchannel address of the +# device, in hexidecimal, with leading zeros. +# online = 0 to take the device offline +# 1 to bring the device online +# protocol = 0 Compatibility with peers other than OS/390®, or z/OS, for +# example, a z/VM TCP service machine. This is the default. +# 1 Enhanced package checking for Linux peers. +# 3 For compatibility with OS/390 or z/OS peers. +# 4 For MPC connections to VTAM on traditional mainframe +# operating systems. +# +# Return values: +# Return codes are determined by the chzdev command. +# + +mesg () { + echo "$@" +} + +debug_mesg () { + case "${DEBUG}" in + yes) mesg "$@" ;; + *) ;; + esac +} + +add_cio_channel() { + echo "$* # ${DATE}" >> /boot/zipl/active_devices.txt +} + +remove_cio_channel() { + [ -w /boot/zipl/active_devices.txt ] && sed -i -e "/^${1}/d" /boot/zipl/active_devices.txt +} + +usage(){ + echo "Usage: ${0} []" + echo " read/write channel = x.y.ssss where" + echo " x is always 0 until IBM creates something that" + echo " uses that number" + echo " y is the logical channel subsystem (lcss) number." + echo " Most often this is 0, but it could be non-zero" + echo " ssss is the four digit subchannel address of the" + echo " device, in hexidecimal, with leading zeros." + echo " online = 0 to take the device offline" + echo " 1 to bring the device online" + echo " protocol = 0 Compatibility with peers other than OS/390®, or z/OS, for" + echo " example, a z/VM TCP service machine. This is the default." + echo " 1 Enhanced package checking for Linux peers." + echo " 3 For compatibility with OS/390 or z/OS peers." + echo " 4 For MPC connections to VTAM on traditional mainframe" + echo " operating systems." +} + +if [ "${DEBUG}" != "yes" ]; then + DEBUG="no" +fi + +DATE=$(date) + +CTC_READ_CHAN=${1} +CTC_WRITE_CHAN=${2} +ON_OFF=${3} +CTC_MODE=${4} + +if [ -z "${CTC_READ_CHAN}" ] || [ -z "${CTC_WRITE_CHAN}" ] || [ -z "${ON_OFF}" ]; then + mesg "You didn't specify all the needed parameters." + usage + exit 1 +fi + +if [ -f /sys/bus/ccw/devices/${CTC_READ_CHAN}/cutype ]; then + read CU_TYPE < /sys/bus/ccw/devices/${CTC_READ_CHAN}/cutype +else mesg "Psuedo file/sys/bus/ccw/devices/${CTC_READ_CHAN}/cutype doesn't exist." + mesg "Check to see if sysfs is mounted." + exit 1 +fi + +PARM_LIST="" +if [ "${CU_TYPE}" == "3088/01" ] || [ "${CU_TYPE}" == "3088/60" ]; then + DEV_TYPE="lcs" +else DEV_TYPE="ctc" + if [ -z "${CTC_MODE}" ]; then + PARM_LIST="${PARM_LIST} protocol=0" + else PARM_LIST="${PARM_LIST} protocol=${CTC_MODE}" + fi +fi + +if [ "${ON_OFF}" == 0 ]; then + debug_mesg "chzdev -d ${DEV_TYPE} --no-root-update ${CTC_READ_CHAN}" + chzdev -d ${DEV_TYPE} --no-root-update ${CTC_READ_CHAN} +elif [ "${ON_OFF}" == 1 ]; then + debug_mesg "chzdev -e ${DEV_TYPE} --no-root-update ${CTC_READ_CHAN} ${PARM_LIST}" + chzdev -e ${DEV_TYPE} --no-root-update ${CTC_READ_CHAN} ${PARM_LIST} +else mesg "You must specify a 0 or a 1 for the online/offline attribute." + usage + exit 1 +fi + +RC=${?} +if [ ${RC} -ne 0 ]; then + exit ${RC} +fi + +if [ ${ON_OFF} == 1 ]; then + add_cio_channel "${CTC_READ_CHAN},${CTC_WRITE_CHAN}" +else remove_cio_channel "${CTC_READ_CHAN}" + remove_cio_channel "${CTC_WRITE_CHAN}" +fi diff --git a/ctc_configure.8 b/ctc_configure.8 new file mode 100644 index 0000000..c1e4a4f --- /dev/null +++ b/ctc_configure.8 @@ -0,0 +1,155 @@ +.TH ctc_configure "8" "July 2013" "s390-tools" +.SH NAME +ctc_configure \- Configures or deconfigures a Channel-to-Channel adapter (CTC) or LAN Channel Station adapter (LCS) +.SH SYNOPSIS +.B ctc_configure read_channel write_channel online [protocol] +.SH DESCRIPTION +.B ctc_configure +is intended to make it easy to persistently add and remove IBM CTC and LCS adapters. In addition to bringing the adapter online or offline, it will also create or delete the necessary udev rules for the adapter. +.SH PARAMETERS +.IP read_channel +The device number of the read channel of the adapter. Takes the form x.y.ssss. +.IP write_channel +The device number of the write channel of the adapter.Takes the form x.y.ssss. +.RS + +where +.RS +.B x +is always 0 until IBM creates something that uses that number. +.RE +.RS +.B y +is the logical channel subsystem (lcss) number. Most often this is 0, but it could be non-zero. +.RE +.RS +.B ssss +is the four digit subchannel address of the device, in hexidecimal, with leading zeros. If entered in upper/mixed case, this is automatically converted to lower case. +.RE +.RE +.RS + +Keep in mind that for a CTC, the read channel needs to be coupled to the write channel of the peer, and vice versa. This does not apply to LCS adapters. +.RE +.RE +.IP online +Either a literal 1 to bring the adapter online or a literal 0 to take it offline +.IP protocol +.RS +0 Compatibility with peers other than OS/390®, or z/OS, for example, a z/VM TCP service machine. This is the default. +.RE +.RS +1 Enhanced package checking for Linux peers. +.RE +.RS +3 For compatibility with OS/390 or z/OS peers. +.RE +.RS +4 For MPC connections to VTAM on traditional mainframe operating systems. +.RE +.RS + +Not needed for LCS adapters. +.SH FILES +.I /etc/udev/rules.d/51-ctcm-.rules +.RE +.I /etc/udev/rules.d/51-lcs-.rules +.RS +These files provide the udev rules necessary to activate a specific CTC or LCS. +.RE +.SH ENVIRONMENT +.IP DEBUG +If set to "yes" some minimal debugging information is output during execution. +.SH DIAGNOSTICS +The following messages may be issued on stdout: +.IP +.B /sysfs not present +.RS +The sysfs file system could not be found in /proc/mounts, so there's nothing the script can +do. Return code 1 is set. +.RE +.IP +.B Invalid device status ${ONLINE} +.RS +A value other than 0 or 1 was specified for the third parameter, online. Return code 2 is set. +.RE +.IP +.B Device ${CTC_READ_CHAN} does not exist +.RS +A non-existent was specified for the first parameter. Remember the x.y.ssss format is necessary. Return code 3 is set. +.RE +.IP +.B Device ${CTC_READ_CHAN} does not exist +.RS +A non-existent was specified for the second parameter. Remember the x.y.ssss format is necessary. Return code 4 is set. +.RE +.IP +.B Not a valid CTC device (cu ${_cutype}, dev ${_devtype}) +.RS +The device number specified does not correspond to a valid CTC or LCS device type. Return code 5 is st. +.RE +.IP +.B CTC type mismatch (read: ${tmp_chan}, write: ${CCW_CHAN_GROUP}) +.RS +The device number specified for the read channel has a different device type than the device number specified for the write channel. Return code 6 is set. +.RE +.IP +.B Could not load module ${CCW_CHAN_GROUP} +.RS +The kernel module for the device type failed to load. Try "dmesg" to see if there is any indication why. Return code 7 is set. +.RE +.IP +.B CCW devices grouped to different devices +.RS +The read and write channels are already grouped, but not within the same interface. Try again with different devices. Return code 8 is set. +.RE +.IP +.B Could not group ${CCW_CHAN_GROUP} devices ${CTC_READ_CHAN}/${CTC_WRITE_CHAN} +.RS +The attempt to group the read and write channels into an interface failed. Try "dmesg" to see if there is any indication why. Return code 9 is set. +.RE +.IP +.B Could not set device ${CCW_CHAN_ID} online +.RS +The attempt to bring the grouped devices online failed. Try "dmesg" to see if there is any indication why. Return code 10 is set. +.RE +.IP +.B Could not set device ${CCW_CHAN_ID} offline +.RS +The attempt to take the grouped devices offline failed. Try "dmesg" to see if there is any indication why. Return code 11 is set. +.RE + +If environment variable DEBUG is set to "yes," the following messages may be issued on stdout: +.IP +.B +Configuring CTC/LCS device ${CTC_READ_CHAN}/${CTC_WRITE_CHAN} +.RS +Just a little bit of verbosity, since it just indicates that we got past certain error checks and will now try to do something useful. +.RE +.IP +.B Group is ${_ccw_groupdir}/drivers/${CCW_CHAN_GROUP}/group +.RS +Just a little bit of verbosity. +.RE +.IP +.B Setting device online +.RS +Just a little bit of verbosity. +.RE +.IP +.B Device ${CCW_CHAN_ID} is already online +.RS +An attempt was made to bring the adapter online when it was already online. +.RE +.IP +.B Setting device offline +.RS +Just a little bit of verbosity. +.RE +.IP +.B Device ${CCW_CHAN_ID} is already offline +.RS +An attempt was made to take the adapter offline when it was already offline. +.RE +.SH BUGS +Gotta be some, I'm sure. If you find one, please open a bug report. diff --git a/dasd_configure.8 b/dasd_configure.8 new file mode 100644 index 0000000..8072507 --- /dev/null +++ b/dasd_configure.8 @@ -0,0 +1,60 @@ +.TH dasd_configure "8" "February 2013" "s390-tools" +.SH NAME +dasd_configure \- Configures or deconfigures a Direct Access Storage Device (DASD) volume. +.SH SYNOPSIS +.B dasd_configure [-f -t dasd_type ] ccwid online [use_diag] +.SH DESCRIPTION +.B dasd_configure +is intended to make it easy to persistently add and remove DASD volumes. In addition to bringing the volume online or offline, it will also create or delete the necessary udev rules for the volume. +.SH PARAMETERS +.IP -f +Force creation of udev rules, do not check values in /sys. +.IP -t +Must be either dasd-eckd or dasd-fba. Must be provided if -f is used. +.IP ccwid +The device number of the DASD volume. Takes the form x.y.ssss where +.RS +.B x +is always 0 until IBM creates something that uses that number. +.RE +.RS +.B y +is the subchannel set ID (SSID). Most often this is 0, but it could be non-zero. +.RE +.RS +.B ssss +is the four digit device address of the subchannel, in hexidecimal, with leading zeros. If entered in upper/mixed case, this is automatically converted to lower case. +.RE +.IP online +Either a literal 1 to bring the volume online or a literal 0 to take it offline +.RE +.IP use_diag +Either a literal 1 to use the DIAG driver for this device, or a literal 0 to use the "normal" driver. +.RE +.SH FILES +Please see the documentation of +.B chzdev. +.SH ENVIRONMENT +.IP DEBUG +If set to "yes" some minimal debugging information is output during execution. +.SH DIAGNOSTICS +Messages and return codes are determined by the +.B chzdev +command. +Except for: +.IP +.B Device ${CCW_CHAN_ID} is unformatted +.RS +The DASD volume was brought online, but it has not been formatted with dasdfmt. This condition is really only important for YaST to determine if it should prompt the user to decide if they want to format it or not at that point. Return code 8 is set. +.RE + +If environment variable DEBUG is set to "yes," it shows the command line of the invoked +.B chzdev. +Additionally, the following messages may be issued on stdout: +.IP +.B DASD ${CCW_CHAN_ID} did not come online. +.RS +The DASD volume did not come online within the waiting time. Could not check if the DASD is formatted (see above). Return code 17 is set. +.RE +.SH BUGS +Gotta be some, I'm sure. If you find one, please open a bug report. diff --git a/dasd_configure.opensuse b/dasd_configure.opensuse new file mode 100644 index 0000000..a04fcde --- /dev/null +++ b/dasd_configure.opensuse @@ -0,0 +1,173 @@ +#! /bin/sh +# +# dasd_configure +# +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# +# Configures a DASD device by calling the IBM-provided chzdev command. +# Whereas this script used to validate the parameters provided to it, +# we now rely on chzdev to do that instead. The script is intended only +# as a "translation layer" to provide backward compatability for older +# scripts and tools that invoke it. +# +# Usage: +# dasd_configure [-f -t ] [use_diag] +# +# -f Override safety checks +# -t DASD type. Must be provided if -f is used. Only dasd-eckd and +# dasd-fba are supported - Deprecated +# ccwid = x.y.ssss where +# x is always 0 until IBM creates something that uses that number +# y is the subchannel set ID (SSID). Most often +# this is 0, but it could be non-zero +# ssss is the four digit device address of the subchannel, in +# hexidecimal, with leading zeros. +# online = 0 to take the device offline +# 1 to bring the device online +# use_diag = 0 to _not_ use z/VM DIAG250 I/O, which is the default +# 1 to use z/VM DIAG250 I/O +# +# Return values: +# Return codes are determined by the chzdev command, with one exception: If a +# DASD volume is not formatted, we will issue a return code of 8. +# + +mesg () { + echo "$@" +} + +debug_mesg () { + case "${DEBUG}" in + yes) mesg "$@" ;; + *) ;; + esac +} + +add_cio_channel() { + echo "$* # ${DATE}" >> /boot/zipl/active_devices.txt +} + +remove_cio_channel() { + [ -w /boot/zipl/active_devices.txt ] && sed -i -e "/^${1}/d" /boot/zipl/active_devices.txt +} + +usage(){ + echo "Usage: ${0} [-f -t ] [use_diag]" + echo + echo " -f Override safety checks" + echo " -t DASD type. Must be provided if -f is used. Only dasd-eckd and" + echo " dasd-fba are supported - Deprecated" + echo " ccwid = x.y.ssss where" + echo " x is always 0 until IBM creates something that uses that number" + echo " y is the subchannel set ID (SSID). Most often" + echo " this is 0, but it could be non-zero" + echo " ssss is the four digit device address of the subchannel, in" + echo " hexidecimal, with leading zeros." + echo " online = 0 to take the device offline" + echo " 1 to bring the device online" + echo " use_diag = 0 to _not_ use z/VM DIAG250 I/O, which is the default" + echo " 1 to use z/VM DIAG250 I/O" +} + +if [ "${DEBUG}" != "yes" ]; then + DEBUG="no" +fi + +DATE=$(date) + +DASD_FORCE=0 + +############################################################ +# Parse the parameters from the command line +# +ARGS=$(getopt --options ft: -n "dasd_configure" -- "$@") +if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi + +eval set -- "${ARGS}" +debug_mesg "All the parms passed were ${ARGS}" + +while true; do + case "${1}" in + -f) debug_mesg "This used to mean udev rules will always be generated." + debug_mesg "For chzdev, it means safety checks will be overridden." + debug_mesg "Kinda sorta the same thing, really." + PARM_LIST="${PARM_LIST} -f" + DASD_FORCE=1 + shift 1 + ;; + -t) debug_mesg "This used to set the card type to ${2}" + debug_mesg "Now it gets ignored." + shift 2 + ;; + --) debug_mesg "Found the end of parms indicator: --" + shift 1 + break + ;; + *) debug_mesg "At the catch-all select entry" + debug_mesg "What was selected was ${1}" + shift 1 + ;; + esac +done + +CCW_CHAN_ID=${1} +ON_OFF=${2} +USE_DIAG=${3} + +if [ -z "${CCW_CHAN_ID}" ] || [ -z "${ON_OFF}" ]; then + mesg "You didn't specify all the needed parameters." + usage + exit 1 +fi + +if [ -n "${USE_DIAG}" ]; then + PARM_LIST="${PARM_LIST} use_diag=${USE_DIAG}" +else PARM_LIST="${PARM_LIST} use_diag=0" +fi + +if [ "${ON_OFF}" == 0 ]; then + debug_mesg "chzdev -d dasd --no-root-update ${CCW_CHAN_ID}" + chzdev -d dasd --no-root-update ${CCW_CHAN_ID} +elif [ "${ON_OFF}" == 1 ]; then + debug_mesg "chzdev -e dasd --no-root-update ${CCW_CHAN_ID} ${PARM_LIST}" + chzdev -e dasd --no-root-update ${CCW_CHAN_ID} ${PARM_LIST} +else mesg "You must specify a 0 or a 1 for the online/offline attribute." + usage + exit 1 +fi + +RC=${?} +if [ ${RC} -ne 0 ]; then + exit ${RC} +elif [ ${ON_OFF} == 1 ]; then + exitcode=0 + # Extract the full busid so that we can reference the proper entries in /sys + BUSID=$(/usr/sbin/lszdev dasd ${CCW_CHAN_ID} | /usr/bin/sed -e 1d | /usr/bin/tr -s " " | /usr/bin/cut -f2 -d" " ) + # Make sure the DASD volume came online + for ((counter=0; counter<30; counter++)); do + sleep 0.1 + read online < /sys/bus/ccw/devices/${BUSID}/online + if [ ${online} -eq 1 ] ; then + break + fi + done + + if [ ${online} -ne 1 ]; then + debug_mesg "DASD ${CCW_CHAN_ID} did not come online." + exit 17 + fi + + # Check to see if the DASD volume is unformatted. If so, let YaST know. + read status < /sys/bus/ccw/devices/${BUSID}/status + if [ "${status}" == "unformatted" ]; then + mesg "DASD ${CCW_CHAN_ID} is unformatted." + exitcode=8 + fi +fi + +if [ ${ON_OFF} == 1 ]; then + add_cio_channel "${CCW_CHAN_ID}" +else remove_cio_channel "${CCW_CHAN_ID}" +fi + +exit ${exitcode} diff --git a/dasd_configure.suse b/dasd_configure.suse new file mode 100644 index 0000000..1aae177 --- /dev/null +++ b/dasd_configure.suse @@ -0,0 +1,173 @@ +#! /bin/sh +# +# dasd_configure +# +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# +# Configures a DASD device by calling the IBM-provided chzdev command. +# Whereas this script used to validate the parameters provided to it, +# we now rely on chzdev to do that instead. The script is intended only +# as a "translation layer" to provide backward compatability for older +# scripts and tools that invoke it. +# +# Usage: +# dasd_configure [-f -t ] [use_diag] +# +# -f Override safety checks +# -t DASD type. Must be provided if -f is used. Only dasd-eckd and +# dasd-fba are supported - Deprecated +# ccwid = x.y.ssss where +# x is always 0 until IBM creates something that uses that number +# y is the subchannel set ID (SSID). Most often +# this is 0, but it could be non-zero +# ssss is the four digit device address of the subchannel, in +# hexidecimal, with leading zeros. +# online = 0 to take the device offline +# 1 to bring the device online +# use_diag = 0 to _not_ use z/VM DIAG250 I/O, which is the default +# 1 to use z/VM DIAG250 I/O +# +# Return values: +# Return codes are determined by the chzdev command, with one exception: If a +# DASD volume is not formatted, we will issue a return code of 8. +# + +mesg () { + echo "$@" +} + +debug_mesg () { + case "${DEBUG}" in + yes) mesg "$@" ;; + *) ;; + esac +} + +add_cio_channel() { + echo "$* # ${DATE}" >> /boot/zipl/active_devices.txt +} + +remove_cio_channel() { + [ -w /boot/zipl/active_devices.txt ] && sed -i -e "/^${1}/d" /boot/zipl/active_devices.txt +} + +usage(){ + echo "Usage: ${0} [-f -t ] [use_diag]" + echo + echo " -f Override safety checks" + echo " -t DASD type. Must be provided if -f is used. Only dasd-eckd and" + echo " dasd-fba are supported - Deprecated" + echo " ccwid = x.y.ssss where" + echo " x is always 0 until IBM creates something that uses that number" + echo " y is the subchannel set ID (SSID). Most often" + echo " this is 0, but it could be non-zero" + echo " ssss is the four digit device address of the subchannel, in" + echo " hexidecimal, with leading zeros." + echo " online = 0 to take the device offline" + echo " 1 to bring the device online" + echo " use_diag = 0 to _not_ use z/VM DIAG250 I/O, which is the default" + echo " 1 to use z/VM DIAG250 I/O" +} + +if [ "${DEBUG}" != "yes" ]; then + DEBUG="no" +fi + +DATE=$(date) + +DASD_FORCE=0 + +############################################################ +# Parse the parameters from the command line +# +ARGS=$(getopt --options ft: -n "dasd_configure" -- "$@") +if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi + +eval set -- "${ARGS}" +debug_mesg "All the parms passed were ${ARGS}" + +while true; do + case "${1}" in + -f) debug_mesg "This used to mean udev rules will always be generated." + debug_mesg "For chzdev, it means safety checks will be overridden." + debug_mesg "Kinda sorta the same thing, really." + PARM_LIST="${PARM_LIST} -f" + DASD_FORCE=1 + shift 1 + ;; + -t) debug_mesg "This used to set the card type to ${2}" + debug_mesg "Now it gets ignored." + shift 2 + ;; + --) debug_mesg "Found the end of parms indicator: --" + shift 1 + break + ;; + *) debug_mesg "At the catch-all select entry" + debug_mesg "What was selected was ${1}" + shift 1 + ;; + esac +done + +CCW_CHAN_ID=${1} +ON_OFF=${2} +USE_DIAG=${3} + +if [ -z "${CCW_CHAN_ID}" ] || [ -z "${ON_OFF}" ]; then + mesg "You didn't specify all the needed parameters." + usage + exit 1 +fi + +if [ -n "${USE_DIAG}" ]; then + PARM_LIST="${PARM_LIST} use_diag=${USE_DIAG}" +else PARM_LIST="${PARM_LIST} use_diag=0" +fi + +if [ "${ON_OFF}" == 0 ]; then + debug_mesg "chzdev -d dasd --no-root-update ${CCW_CHAN_ID}" + chzdev -d dasd --no-root-update ${CCW_CHAN_ID} +elif [ "${ON_OFF}" == 1 ]; then + debug_mesg "chzdev -e dasd --no-root-update ${CCW_CHAN_ID} ${PARM_LIST}" + chzdev -e dasd --no-root-update ${CCW_CHAN_ID} ${PARM_LIST} +else mesg "You must specify a 0 or a 1 for the online/offline attribute." + usage + exit 1 +fi + +RC=${?} +if [ ${RC} -ne 0 ]; then + exit ${RC} +elif [ ${ON_OFF} == 1 ]; then + exitcode=0 + # Extract the full busid so that we can reference the proper entries in /sys + BUSID=$(/sbin/lszdev dasd ${CCW_CHAN_ID} | /usr/bin/sed -e 1d | /usr/bin/tr -s " " | /usr/bin/cut -f2 -d" " ) + # Make sure the DASD volume came online + for ((counter=0; counter<30; counter++)); do + sleep 0.1 + read online < /sys/bus/ccw/devices/${BUSID}/online + if [ ${online} -eq 1 ] ; then + break + fi + done + + if [ ${online} -ne 1 ]; then + debug_mesg "DASD ${CCW_CHAN_ID} did not come online." + exit 17 + fi + + # Check to see if the DASD volume is unformatted. If so, let YaST know. + read status < /sys/bus/ccw/devices/${BUSID}/status + if [ "${status}" == "unformatted" ]; then + mesg "DASD ${CCW_CHAN_ID} is unformatted." + exitcode=8 + fi +fi + +if [ ${ON_OFF} == 1 ]; then + add_cio_channel "${CCW_CHAN_ID}" +else remove_cio_channel "${CCW_CHAN_ID}" +fi + +exit ${exitcode} diff --git a/dasd_reload.opensuse b/dasd_reload.opensuse new file mode 100644 index 0000000..1b7182a --- /dev/null +++ b/dasd_reload.opensuse @@ -0,0 +1,156 @@ +#!/bin/sh +# +# dasd_reload +# $Id: dasd_reload,v 1.2 2004/05/26 15:17:09 hare Exp $ +# +# Deconfigures all active DASDs, unloads the modules +# and activates the configured DASDs again. +# Needed to establish an identical device mapping +# in the installation system and in the running system. +# All DASD access need to be cancelled prior to running +# this script. +# +# Usage: +# dasd_reload +# +# Return values: +# 1 Cannot read /proc/modules +# 2 Missing module programs +# 3 /sys not mounted +# 4 Failure on deactivate DASDs +# + +if [ ! -r /proc/modules ]; then + echo "Cannot read /proc/modules" + exit 1 +fi + +if [ ! -x /usr/sbin/rmmod -o ! -x /usr/sbin/modprobe ]; then + echo "Missing module programs" + exit 2 +fi + +if [ ! -d /sys/bus ]; then + echo "sysfs not mounted" + exit 3 +fi + +let anymd=0 +if [ -f /proc/mdstat ]; then + for mddevice in $(grep active /proc/mdstat | cut -f1 -d:); do + mdadm -S /dev/${mddevice} + let anymd=1 + done + udevadm settle +fi + +# +# Setting HyperPAV alias devices offline +# +dasd_alias= +let EXITRC=0 +for dev in /sys/bus/ccw/devices/*; do + if [ -f ${dev}/use_diag ]; then + read _online < ${dev}/online + read _alias < ${dev}/alias + if [ "$_online" -eq 1 -a "$_alias" -eq 1 ]; then + echo "setting DASD HyperPAV alias $(basename ${dev}) offline" + echo "0" > ${dev}/online + read _online < ${dev}/online + dasd_alias="${dasd_alias} $(basename ${dev})" + if [ "$_online" -eq 1 ]; then + echo "failure on setting DASD HyperPAV alias $(basename ${dev}) offline !" + let EXITRC=4 + fi + fi + fi +done + +# +# Setting "normal" DASD and HyperPAV base devices offline +# +dasd_base= +for dev in /sys/bus/ccw/devices/*; do + if [ -f ${dev}/use_diag ]; then + read _online < ${dev}/online + read _alias < ${dev}/alias + if [ "$_online" -eq 1 -a "$_alias" -eq 0 ]; then + echo "setting DASD $(basename ${dev}) offline" + echo "0" > ${dev}/online + read _online < ${dev}/online + dasd_base="${dasd_base} $(basename ${dev})" + if [ "$_online" -eq 1 ]; then + echo "failure on setting DASD $(basename ${dev}) offline !" + let EXITRC=4 + fi + fi + fi +done + +udevadm settle + +module_list= +module_test_list="dasd_diag_mod dasd_eckd_mod dasd_fba_mod dasd_mod" +for module in ${module_test_list}; do + if grep -q "${module}" /proc/modules; then + module_list="${module} ${module_list}" + : Unloading ${module} + /usr/sbin/rmmod ${module} + fi +done + +udevadm settle +sleep 2 + +if [ -d /etc/udev/rules.d ]; then + cd /etc/udev/rules.d +# +# Re-activating "normal" DASD and HyperPAV base devices +# +# We need to move all the DASD udev rules out from /etc/udev/rules.d +# because if we don't, then when the first DASD volume gets brought +# back online, they are all brought back online, in a non-deterministic +# order, not the numeric order we expect. +# + mv -i 41-dasd-*.rules 51-dasd-*.rules /tmp + cd /tmp + for dasd in ${dasd_base}; do + for file in 41-dasd-*-${dasd}.rules 51-dasd-${dasd}.rules; do + [ -f "${file}" ] || continue +# +# Special handling is needed for old udev rules that start with 51- +# since the chzdev command won't look for that name +# + prefix="$(echo ${file} | cut -f1 -d-)" + if [ "${prefix}" == "51" ]; then + if [ -h /sys/bus/ccw/drivers/dasd-eckd/${dasd} ]; then + mv -i ${file} 41-dasd-eckd-${dasd}.rules + elif [ -h /sys/bus/ccw/drivers/dasd-fba/${dasd} ]; then + mv -i ${file} 41-dasd-fba-${dasd}.rules + else echo "DASD volume ${dasd} is neither an ECKD or FBA device." + let EXITRC=4 + fi + fi + echo Activating ${dasd} + mv -i "${file}" /etc/udev/rules.d/ + /usr/sbin/chzdev dasd --apply --configured -q --no-root-update ${dasd} + lsdasd + break + done + done + +# +# Re-activating HyperPAV alias devices +# + for dasd in ${dasd_alias}; do + for file in 41-dasd-*-${dasd}.rules 51-dasd-${dasd}.rules; do + [ -f "${file}" ] || continue + echo Activating ${dasd} + mv -i "${file}" /etc/udev/rules.d/ + /usr/sbin/chzdev dasd --apply --configured -q --no-root-update ${dasd} + break + done + done +fi + +exit ${EXITRC} diff --git a/dasd_reload.suse b/dasd_reload.suse new file mode 100644 index 0000000..33abc04 --- /dev/null +++ b/dasd_reload.suse @@ -0,0 +1,156 @@ +#!/bin/sh +# +# dasd_reload +# $Id: dasd_reload,v 1.2 2004/05/26 15:17:09 hare Exp $ +# +# Deconfigures all active DASDs, unloads the modules +# and activates the configured DASDs again. +# Needed to establish an identical device mapping +# in the installation system and in the running system. +# All DASD access need to be cancelled prior to running +# this script. +# +# Usage: +# dasd_reload +# +# Return values: +# 1 Cannot read /proc/modules +# 2 Missing module programs +# 3 /sys not mounted +# 4 Failure on deactivate DASDs +# + +if [ ! -r /proc/modules ]; then + echo "Cannot read /proc/modules" + exit 1 +fi + +if [ ! -x /sbin/rmmod -o ! -x /sbin/modprobe ]; then + echo "Missing module programs" + exit 2 +fi + +if [ ! -d /sys/bus ]; then + echo "sysfs not mounted" + exit 3 +fi + +let anymd=0 +if [ -f /proc/mdstat ]; then + for mddevice in $(grep active /proc/mdstat | cut -f1 -d:); do + mdadm -S /dev/${mddevice} + let anymd=1 + done + udevadm settle +fi + +# +# Setting HyperPAV alias devices offline +# +dasd_alias= +let EXITRC=0 +for dev in /sys/bus/ccw/devices/*; do + if [ -f ${dev}/use_diag ]; then + read _online < ${dev}/online + read _alias < ${dev}/alias + if [ "$_online" -eq 1 -a "$_alias" -eq 1 ]; then + echo "setting DASD HyperPAV alias $(basename ${dev}) offline" + echo "0" > ${dev}/online + read _online < ${dev}/online + dasd_alias="${dasd_alias} $(basename ${dev})" + if [ "$_online" -eq 1 ]; then + echo "failure on setting DASD HyperPAV alias $(basename ${dev}) offline !" + let EXITRC=4 + fi + fi + fi +done + +# +# Setting "normal" DASD and HyperPAV base devices offline +# +dasd_base= +for dev in /sys/bus/ccw/devices/*; do + if [ -f ${dev}/use_diag ]; then + read _online < ${dev}/online + read _alias < ${dev}/alias + if [ "$_online" -eq 1 -a "$_alias" -eq 0 ]; then + echo "setting DASD $(basename ${dev}) offline" + echo "0" > ${dev}/online + read _online < ${dev}/online + dasd_base="${dasd_base} $(basename ${dev})" + if [ "$_online" -eq 1 ]; then + echo "failure on setting DASD $(basename ${dev}) offline !" + let EXITRC=4 + fi + fi + fi +done + +udevadm settle + +module_list= +module_test_list="dasd_diag_mod dasd_eckd_mod dasd_fba_mod dasd_mod" +for module in ${module_test_list}; do + if grep -q "${module}" /proc/modules; then + module_list="${module} ${module_list}" + : Unloading ${module} + /sbin/rmmod ${module} + fi +done + +udevadm settle +sleep 2 + +if [ -d /etc/udev/rules.d ]; then + cd /etc/udev/rules.d +# +# Re-activating "normal" DASD and HyperPAV base devices +# +# We need to move all the DASD udev rules out from /etc/udev/rules.d +# because if we don't, then when the first DASD volume gets brought +# back online, they are all brought back online, in a non-deterministic +# order, not the numeric order we expect. +# + mv -i 41-dasd-*.rules 51-dasd-*.rules /tmp + cd /tmp + for dasd in ${dasd_base}; do + for file in 41-dasd-*-${dasd}.rules 51-dasd-${dasd}.rules; do + [ -f "${file}" ] || continue +# +# Special handling is needed for old udev rules that start with 51- +# since the chzdev command won't look for that name +# + prefix="$(echo ${file} | cut -f1 -d-)" + if [ "${prefix}" == "51" ]; then + if [ -h /sys/bus/ccw/drivers/dasd-eckd/${dasd} ]; then + mv -i ${file} 41-dasd-eckd-${dasd}.rules + elif [ -h /sys/bus/ccw/drivers/dasd-fba/${dasd} ]; then + mv -i ${file} 41-dasd-fba-${dasd}.rules + else echo "DASD volume ${dasd} is neither an ECKD or FBA device." + let EXITRC=4 + fi + fi + echo Activating ${dasd} + mv -i "${file}" /etc/udev/rules.d/ + /sbin/chzdev dasd --apply --configured -q --no-root-update ${dasd} + lsdasd + break + done + done + +# +# Re-activating HyperPAV alias devices +# + for dasd in ${dasd_alias}; do + for file in 41-dasd-*-${dasd}.rules 51-dasd-${dasd}.rules; do + [ -f "${file}" ] || continue + echo Activating ${dasd} + mv -i "${file}" /etc/udev/rules.d/ + /sbin/chzdev dasd --apply --configured -q --no-root-update ${dasd} + break + done + done +fi + +exit ${EXITRC} diff --git a/dasdro b/dasdro new file mode 100644 index 0000000..da7b401 --- /dev/null +++ b/dasdro @@ -0,0 +1,20 @@ +#!/bin/bash +# checks DASD accessibility in VM and sets Linux-side readonly attributes +# accordingly + +modprobe -q vmcp + +vmcp q v dasd 2>/dev/null >/dev/null || exit 0 # not running in VM + +vmcp q v dasd | while read x dev rest +do + dev=`echo $dev|tr A-F a-f` + roattr=/sys/bus/ccw/devices/?.?.$dev/readonly + test -e $roattr || continue + if echo "$rest"|grep -q R/O + then + echo 1 >$roattr + else + echo 0 >$roattr + fi +done diff --git a/detach_disks.sh.opensuse b/detach_disks.sh.opensuse new file mode 100644 index 0000000..d315b35 --- /dev/null +++ b/detach_disks.sh.opensuse @@ -0,0 +1,157 @@ +#!/bin/sh + +DASDFILE=/tmp/dasd.list.$(mcookie) +DETFILE=/tmp/detach.disks.$(mcookie) +KEEPFILE=/tmp/keep.disks.$(mcookie) +NICFILE=/tmp/nic.list.$(mcookie) +FAILFILE=/tmp/error.$(mcookie) + +function expand_RANGE(){ +local RANGE=${1} +local RANGE_SAVE=${RANGE} +local DEVNO +local BEGIN=0 +local END=0 + +RANGE=$(IFS=":-"; echo ${RANGE} | cut -f1-2 -d" " ) +set -- ${RANGE} +let BEGIN=0x$1 2>/dev/null +let END=0x$2 2>/dev/null + +if [ ${BEGIN} -eq 0 ] || [ ${END} -eq 0 ]; then + ${msg} "An invalid device number range was specified: ${RANGE_SAVE}" >&2 + touch ${FAILFILE} + return +fi + +for DEVNO in $(eval echo {${BEGIN}..${END}}) + do printf "%d\n" ${DEVNO} + done +} + +function usage(){ + echo "Usage: ${0} [ -F ] [ -q ] [ -h ]" + echo " -F Exit with failure if any invalid parms are detected." + echo " -q Don't generate any output." + echo " -h Display this help message." +} + +msg="echo" +let FORCE_FAIL=0 + +############################################################ +# Parse the parameters from the command line +# +ARGS=$(getopt -a --options Fhq -n "detach_devices" -- "$@") +if [ $? -ne 0 ]; then + usage + exit 3 +fi + +eval set -- "${ARGS}" +for ARG; do + case "${ARG}" in + -F) let FORCE_FAIL=1 + shift 1 + ;; + -h) usage; + exit 0 + ;; + -q) msg="/bin/true" + shift 1 + ;; + --) shift 1 + ;; + *) ${msg} "Extraneous input detected: ${1}" + shift 1 + ;; + esac +done + +if [ -r /etc/sysconfig/virtsetup ]; then + . /etc/sysconfig/virtsetup +else ${msg} "No /etc/sysconfig/virtsetup file was found." + exit 1 +fi + +# First, get a list of all the DASD devices we have for this guest, in decimal. +# (Trying to handle things in hex gets complicated.) +/usr/sbin/vmcp -b1048576 q v dasd | cut -f2 -d" " |\ + while read HEXNO + do let DECNO=0x${HEXNO} + echo ${DECNO} + done > ${DASDFILE} 2>/dev/null + +# If the system administrator specified certain devices to be detached +# let's put those device numbers in a file, one per line. +touch ${DETFILE} +for ADDR in $(IFS=", " ; echo ${ZVM_DISKS_TO_DETACH}) + do if $(echo ${ADDR} | grep -iqE ":|-" 2>/dev/null) + then expand_RANGE ${ADDR} >> ${DETFILE} + else let DEVNO=0 + let DEVNO=0x${ADDR} 2>/dev/null + if [ ${DEVNO} -eq 0 ]; then + ${msg} "An invalid device number was specified: ${ADDR}" >&2 + touch ${FAILFILE} + else printf "%d\n" ${DEVNO} + fi + fi + done > ${DETFILE} + +# If the system administrator specified certain devices that should _not_ +# be detached, let's put those in another file, one per line. +touch ${KEEPFILE} +for ADDR in $(IFS=", " ; echo ${ZVM_DISKS_TO_NOT_DETACH}) + do if $(echo ${ADDR} | grep -iqE ":|-" 2>/dev/null) + then expand_RANGE ${ADDR} >> ${KEEPFILE} + else let DEVNO=0 + let DEVNO=0x${ADDR} 2>/dev/null + if [ ${DEVNO} -eq 0 ]; then + ${msg} "An invalid device number was specified: ${ADDR}" >&2 + touch ${FAILFILE} + else printf "%d\n" ${DEVNO} + fi + fi + done > ${KEEPFILE} + +if [ ${FORCE_FAIL} -eq 1 ] && [ -e ${FAILFILE} ]; then + let RETURN_CODE=1 + ${msg} "Terminating detach_disk because of input errors." +else +# If the system administrator specified that all "unused" disks should be +# detached, compare the disks lsdasd show as activated to the complete +# list of disks we have currently, and add the inactive ones to the +# file containing devices to be detached + if [ "${ZVM_DETACH_ALL_UNUSED}" == "yes" ]; then + lsdasd -s | sed -e 1,2d | cut -f1 -d" " | \ + while read ADDR + do let DEVNO=0x${ADDR} + sed -i -e "/^${DEVNO}$/d" ${DASDFILE} + done + cat ${DASDFILE} >> ${DETFILE} + fi + +# Now remove any "to be kept" disks from the detach file + while read DEVNO + do sed -i -e "/^${DEVNO}/d" ${DETFILE} + done < ${KEEPFILE} + +# Get a list of all the virtual NICs since they require an +# extra keyword to detach. Contrary to what we've done before +# these will be hex values + /usr/sbin/vmcp -b1048576 q nic | grep Adapter | cut -f2 -d" " | cut -f1 -d. > ${NICFILE} + +# Now we sort the device numbers and detach them. + sort -un ${DETFILE} | \ + while read DEVNO + do HEXNO=$(printf %04X ${DEVNO}) + if grep -q ^${HEXNO}$ ${NICFILE} 2>/dev/null ; then + vmcp detach nic ${HEXNO} 2>/dev/null + else vmcp detach ${HEXNO} 2>/dev/null + fi + done + let RETURN_CODE=0 +fi + +rm -f ${DASDFILE} ${DETFILE} ${KEEPFILE} ${NICFILE} ${FAILFILE} +exit ${RETURN_CODE} diff --git a/detach_disks.sh.suse b/detach_disks.sh.suse new file mode 100644 index 0000000..c514208 --- /dev/null +++ b/detach_disks.sh.suse @@ -0,0 +1,157 @@ +#!/bin/sh + +DASDFILE=/tmp/dasd.list.$(mcookie) +DETFILE=/tmp/detach.disks.$(mcookie) +KEEPFILE=/tmp/keep.disks.$(mcookie) +NICFILE=/tmp/nic.list.$(mcookie) +FAILFILE=/tmp/error.$(mcookie) + +function expand_RANGE(){ +local RANGE=${1} +local RANGE_SAVE=${RANGE} +local DEVNO +local BEGIN=0 +local END=0 + +RANGE=$(IFS=":-"; echo ${RANGE} | cut -f1-2 -d" " ) +set -- ${RANGE} +let BEGIN=0x$1 2>/dev/null +let END=0x$2 2>/dev/null + +if [ ${BEGIN} -eq 0 ] || [ ${END} -eq 0 ]; then + ${msg} "An invalid device number range was specified: ${RANGE_SAVE}" >&2 + touch ${FAILFILE} + return +fi + +for DEVNO in $(eval echo {${BEGIN}..${END}}) + do printf "%d\n" ${DEVNO} + done +} + +function usage(){ + echo "Usage: ${0} [ -F ] [ -q ] [ -h ]" + echo " -F Exit with failure if any invalid parms are detected." + echo " -q Don't generate any output." + echo " -h Display this help message." +} + +msg="echo" +let FORCE_FAIL=0 + +############################################################ +# Parse the parameters from the command line +# +ARGS=$(getopt -a --options Fhq -n "detach_devices" -- "$@") +if [ $? -ne 0 ]; then + usage + exit 3 +fi + +eval set -- "${ARGS}" +for ARG; do + case "${ARG}" in + -F) let FORCE_FAIL=1 + shift 1 + ;; + -h) usage; + exit 0 + ;; + -q) msg="/bin/true" + shift 1 + ;; + --) shift 1 + ;; + *) ${msg} "Extraneous input detected: ${1}" + shift 1 + ;; + esac +done + +if [ -r /etc/sysconfig/virtsetup ]; then + . /etc/sysconfig/virtsetup +else ${msg} "No /etc/sysconfig/virtsetup file was found." + exit 1 +fi + +# First, get a list of all the DASD devices we have for this guest, in decimal. +# (Trying to handle things in hex gets complicated.) +/sbin/vmcp -b1048576 q v dasd | cut -f2 -d" " |\ + while read HEXNO + do let DECNO=0x${HEXNO} + echo ${DECNO} + done > ${DASDFILE} 2>/dev/null + +# If the system administrator specified certain devices to be detached +# let's put those device numbers in a file, one per line. +touch ${DETFILE} +for ADDR in $(IFS=", " ; echo ${ZVM_DISKS_TO_DETACH}) + do if $(echo ${ADDR} | grep -iqE ":|-" 2>/dev/null) + then expand_RANGE ${ADDR} >> ${DETFILE} + else let DEVNO=0 + let DEVNO=0x${ADDR} 2>/dev/null + if [ ${DEVNO} -eq 0 ]; then + ${msg} "An invalid device number was specified: ${ADDR}" >&2 + touch ${FAILFILE} + else printf "%d\n" ${DEVNO} + fi + fi + done > ${DETFILE} + +# If the system administrator specified certain devices that should _not_ +# be detached, let's put those in another file, one per line. +touch ${KEEPFILE} +for ADDR in $(IFS=", " ; echo ${ZVM_DISKS_TO_NOT_DETACH}) + do if $(echo ${ADDR} | grep -iqE ":|-" 2>/dev/null) + then expand_RANGE ${ADDR} >> ${KEEPFILE} + else let DEVNO=0 + let DEVNO=0x${ADDR} 2>/dev/null + if [ ${DEVNO} -eq 0 ]; then + ${msg} "An invalid device number was specified: ${ADDR}" >&2 + touch ${FAILFILE} + else printf "%d\n" ${DEVNO} + fi + fi + done > ${KEEPFILE} + +if [ ${FORCE_FAIL} -eq 1 ] && [ -e ${FAILFILE} ]; then + let RETURN_CODE=1 + ${msg} "Terminating detach_disk because of input errors." +else +# If the system administrator specified that all "unused" disks should be +# detached, compare the disks lsdasd show as activated to the complete +# list of disks we have currently, and add the inactive ones to the +# file containing devices to be detached + if [ "${ZVM_DETACH_ALL_UNUSED}" == "yes" ]; then + lsdasd -s | sed -e 1,2d | cut -f1 -d" " | \ + while read ADDR + do let DEVNO=0x${ADDR} + sed -i -e "/^${DEVNO}$/d" ${DASDFILE} + done + cat ${DASDFILE} >> ${DETFILE} + fi + +# Now remove any "to be kept" disks from the detach file + while read DEVNO + do sed -i -e "/^${DEVNO}/d" ${DETFILE} + done < ${KEEPFILE} + +# Get a list of all the virtual NICs since they require an +# extra keyword to detach. Contrary to what we've done before +# these will be hex values + /sbin/vmcp -b1048576 q nic | grep Adapter | cut -f2 -d" " | cut -f1 -d. > ${NICFILE} + +# Now we sort the device numbers and detach them. + sort -un ${DETFILE} | \ + while read DEVNO + do HEXNO=$(printf %04X ${DEVNO}) + if grep -q ^${HEXNO}$ ${NICFILE} 2>/dev/null ; then + vmcp detach nic ${HEXNO} 2>/dev/null + else vmcp detach ${HEXNO} 2>/dev/null + fi + done + let RETURN_CODE=0 +fi + +rm -f ${DASDFILE} ${DETFILE} ${KEEPFILE} ${NICFILE} ${FAILFILE} +exit ${RETURN_CODE} diff --git a/hsnc b/hsnc new file mode 100644 index 0000000..2981b5e --- /dev/null +++ b/hsnc @@ -0,0 +1,181 @@ +#! /bin/sh +# Copyright (c) 2003 SUSE LINUX AG Nuernberg, Germany. +# +# Please send feedback to http://www.suse.de/feedback/ +# +# /etc/init.d/hsnc +# +# and symbolic its link +# +# /usr/sbin/ip_watcher.pl +# /usr/sbin/xcec-bridge +# /usr/sbin/start_hsnc.sh +# /use/sbin/rchsnc +# +# System startup script for the HiperSockets Network Concentrator +# +# /etc/hsnc.conf should contain the following lines: +# +# operating_mode=[unicast|full|no] +# unicast means, only unicast forwarded between the hsint's and osaint's. +# this is the default mode +# full means, unicast, multicast and broadcast are forwarded, if supported +# by the hardware +# +# hsi_int=" [ [...]]" +# described all the HiperSockets interfaces involved in the HSN +# +# osa_int="" +# describes the OSA interface connecting to other LANs +# + + +START_HSNC_BIN=/usr/sbin/start_hsnc.sh +IP_WATCHER_BIN=/usr/sbin/ip_watcher.pl +XCEC_BRIDGE_BIN=/usr/sbin/xcec-bridge + +HSNC_CONFIG_FILE=/etc/sysconfig/hsnc +HSNC_CLEANUP_FILE=/var/run/hsnc.cleanup + +test -x $START_HSNC_BIN || exit 5 +test -x $IP_WATCHER_BIN || exit 5 +test -x $XCEC_BRIDGE_BIN || exit 5 + +# Return values acc. to LSB for all commands but status: +# 0 - success +# 1 - generic or unspecified error +# 2 - invalid or excess argument(s) +# 3 - unimplemented feature (e.g. "reload") +# 4 - insufficient privilege +# 5 - program is not installed +# 6 - program is not configured +# 7 - program is not running +# +# Note that starting an already running service, stopping +# or restarting a not-running service as well as the restart +# with force-reload (in case signalling is not supported) are +# considered a success. + +#call with cleanup or not +read_config_file() { + if [ "$1" == "cleanup" ]; then + file=$HSNC_CLEANUP_FILE + else + file=$HSNC_CONFIG_FILE + fi + + if [ -s $file ]; then + source $file + else + echo -ne "\nCannot read $file: empty or nonexistant! " + # Means not configured: + exit 3 + fi +} + +#call with cleanup or not +set_osa_mode() { +# for full mode, we set up the osa as multicast router. otherwise, no +# special setup is required for the osa. + if [ "$operating_mode" == "full" ]; then + if [ "$1" == "cleanup" ]; then + echo no_router > /sys/class/net/$osa_int/device/route4 + else + echo multicast_router > /sys/class/net/$osa_int/device/route4 + fi + fi +} + +#call with cleanup or not +set_hsi_mode() { +# set all the involved HiperSockets interfaces as primary_connector. For +# special HA setups, some more tweaking is needed, but then a handcarved +# solution should be used anyway. + for i in $hsi_int ; do + if [ "$1" == "cleanup" ]; then + echo no_router > /sys/class/net/$i/device/route4 + else + echo primary_connector > /sys/class/net/$i/device/route4 + fi + done +} + +do_start_hsnc() { + set_osa_mode + set_hsi_mode + if [ "$operating_mode" == "full" ]; then + $IP_WATCHER_BIN --check + else + $IP_WATCHER_BIN --check $osa_int + fi + CODE=$? + if [ $CODE != 0 ]; then + return $CODE + else + cp $HSNC_CONFIG_FILE $HSNC_CLEANUP_FILE + # + # To match the LSB spec, startproc returns 0, + # even if the program it already running. + # + if [ "$operating_mode" == "full" ]; then + startproc $START_HSNC_BIN + else + startproc $START_HSNC_BIN $osa_int + fi + return $? + fi +} + +service="HiperSockets Network concentrator" +case "$1" in + start) + if checkproc $START_HSNC_BIN; then + # Starting an already running service is success: + echo -n "(already running)" + else + if read_config_file; then + do_start_hsnc + RETVAL=$? + exit $RETVAL + fi + fi + + ;; + stop) + echo -n "Shutting down $service " + + # kill ip_watcher, start_hsnc, which started it needs cleans up + # then: + killproc -TERM $IP_WATCHER_BIN + if [ -f $HSNC_CLEANUP_FILE ]; then + read_config_file cleanup + # remove all connector settings(not yet implemented): + set_osa_mode cleanup + set_hsi_mode cleanup + + # remove the file in /var/run + rm -f $HSNC_CLEANUP_FILE + else + echo -n "- no cleanup file found " + fi + + ;; + status) + echo -n "Checking $service " + ## Check status with checkproc(8), if process is running + ## checkproc will return with exit status 0. + + # Status has a slightly different for the status command: + # 0 - service running + # 1 - service dead, but /var/run/ pid file exists + # 2 - service dead, but /var/lock/ lock file exists + # 3 - service not running + + # NOTE: checkproc returns LSB compliant status values. + checkproc $START_HSNC_BIN + ;; + *) + exit 1 + ;; +esac + diff --git a/hsnc.service b/hsnc.service new file mode 100644 index 0000000..42daceb --- /dev/null +++ b/hsnc.service @@ -0,0 +1,16 @@ +[Unit] +Description=Start the qeth HiperSockets Network Concentrator +After=network-online.target remote-fs.target +Wants=network-online.target remote-fs.target +ConditionPathExists=/sys/devices/qeth + +[Service] +Type=oneshot +RemainAfterExit=yes + +ExecStart=/usr/lib/systemd/scripts/hsnc start +ExecStartPost=/usr/lib/systemd/scripts/hsnc status +ExecStop=/usr/lib/systemd/scripts/hsnc stop + +[Install] +WantedBy=default.target diff --git a/iucv_configure.8 b/iucv_configure.8 new file mode 100644 index 0000000..2141947 --- /dev/null +++ b/iucv_configure.8 @@ -0,0 +1,64 @@ +.TH iucv_configure "8" "July 2013" "s390-tools" +.SH NAME +iucv_configure \- Configures or deconfigures a z/VM Inter-User Communications Vehicle (IUCV) network adapter +.SH SYNOPSIS +.B iucv_configure peer_userid online +.SH DESCRIPTION +.B iucv_configure +is intended to make it easy to persistently add and remove z/VM point-to-point IUCV network adapters. In addition to bringing the adapter online or offline, it will also create or delete the necessary udev rules for the adapter. +.SH PARAMETERS +.IP peer_userid +The z/VM userid of the virtual machine on the other end of the point-to-point connection. +.IP online +Either a literal 1 to bring the adapter online or a literal 0 to take it offline +.SH FILES +.I /etc/udev/rules.d/51-iucv-.rules +.RS +This file provide the udev rules necessary to activate a specific IUCV adapter. +.RE +.SH ENVIRONMENT +.IP DEBUG +If set to "yes" some minimal debugging information is output during execution. +.SH DIAGNOSTICS +The following messages may be issued on stdout: +.IP +.B /sysfs not present +.RS +The sysfs file system could not be found in /proc/mounts, so there's nothing the script can +do. Return code 1 is set. +.RE +.IP +.B No IUCV user name given +.RS +You didn't specify the z/VM userid of the virtual machine to which you want to connect. Return code 2 is set. +.RE +.IP +.B Unable to connect to $PEER_USERID +.RS +The attempt to connect to the IUCV peer failed. Try "dmesg" to see if there is any indication why. Return code 3 is set. +.RE +.IP +.B Unable to remove device $netdev +.RS +The attempt to remove the IUCV adapter failed. Try "dmesg" to see if there is any indication why. Return code 4 is set. +.RE + +If environment variable DEBUG is set to "yes," the following messages may be issued on stdout: +.IP +.B +Configuring IUCV device ${PEER_USERID} +.RS +Just a little bit of verbosity, since it just indicates that we got past certain error checks and will now try to do something useful. +.RE +.IP +.B Configured device $iucvdev +.RS +The attempt to create the IUCV adapter was successful. +.RE +.IP +.B Removed device $iucvdev +.RS +The attempt to remove the IUCV adapter was successful. +.RE +.SH BUGS +Gotta be some, I'm sure. If you find one, please open a bug report. diff --git a/iucv_configure.opensuse b/iucv_configure.opensuse new file mode 100644 index 0000000..f6e0f7e --- /dev/null +++ b/iucv_configure.opensuse @@ -0,0 +1,133 @@ +#! /bin/sh +# +# iucv_configure +# +# Configures a z/VM IUCV network adapter +# +# Usage: +# iucv_configure +# +# peer_userid = z/VM userid of the IUCV peer +# online = 0 to take the device offline +# 1 to bring the device online +# +# Return values: +# 1 sysfs not mounted +# 2 Invalid status for +# 3 Could not create iucv device +# 4 Could not remove iucv device +# + +if [ "${DEBUG}" != "yes" ]; then + DEBUG="no" +fi + +mesg () { + echo "$@" +} + +debug_mesg () { + case "$DEBUG" in + yes) mesg "$@" ;; + *) ;; + esac +} + +if [ $# -ne 2 ] ; then + echo "Usage: $0 " + echo " peer_userid = z/VM userid of the IUCV peer" + echo " online = 0 to take the device offline" + echo " 1 to bring the device online" + exit 1 +fi + +# Get the mount point for sysfs +while read MNTPT MNTDIR MNTSYS MNTTYPE; do + if test "$MNTSYS" = "sysfs"; then + SYSFS="$MNTDIR" + break; + fi +done $_iucv_drv/connection + if [ $? -ne 0 ] ; then + mesg "Unable to connect to $PEER_USERID" + exit 3 + fi + for _iucv_dev in $_iucv_dir/netiucv?* ; do + [ -d $_iucv_dev ] || continue + read user < $_iucv_dev/user + if [ "$user" = "$PEER_USERID" ] ; then + iucvdev=${_iucv_dev##*/} + break; + fi + done + if [ "$iucvdev" ] ; then + debug_mesg "Configured device $iucvdev" + fi +elif [ "$iucvdev" -a $ONLINE -eq 0 ] ; then + for _net_dev in $_iucv_dir/$iucvdev/net/* ; do + [ -d $_net_dev ] || continue + netdev=${_net_dev##*/} + break; + done + if [ "$netdev" ] ; then + echo $netdev > $_iucv_drv/remove + if [ $? -ne 0 ] ; then + mesg "Unable to remove device $netdev" + exit 4 + else + debug_mesg "Removed device $iucvdev" + rm -f /etc/udev/rules.d/51-iucv-$PEER_USERID.rules /etc/udev/rules.d/51-iucv-$PEER_USERID_LOWER.rules + iucvdev= + fi + fi + +fi + +if [ "$iucvdev" ] ; then + cat > /etc/udev/rules.d/51-iucv-$PEER_USERID.rules < +# +# peer_userid = z/VM userid of the IUCV peer +# online = 0 to take the device offline +# 1 to bring the device online +# +# Return values: +# 1 sysfs not mounted +# 2 Invalid status for +# 3 Could not create iucv device +# 4 Could not remove iucv device +# + +if [ "${DEBUG}" != "yes" ]; then + DEBUG="no" +fi + +mesg () { + echo "$@" +} + +debug_mesg () { + case "$DEBUG" in + yes) mesg "$@" ;; + *) ;; + esac +} + +if [ $# -ne 2 ] ; then + echo "Usage: $0 " + echo " peer_userid = z/VM userid of the IUCV peer" + echo " online = 0 to take the device offline" + echo " 1 to bring the device online" + exit 1 +fi + +# Get the mount point for sysfs +while read MNTPT MNTDIR MNTSYS MNTTYPE; do + if test "$MNTSYS" = "sysfs"; then + SYSFS="$MNTDIR" + break; + fi +done $_iucv_drv/connection + if [ $? -ne 0 ] ; then + mesg "Unable to connect to $PEER_USERID" + exit 3 + fi + for _iucv_dev in $_iucv_dir/netiucv?* ; do + [ -d $_iucv_dev ] || continue + read user < $_iucv_dev/user + if [ "$user" = "$PEER_USERID" ] ; then + iucvdev=${_iucv_dev##*/} + break; + fi + done + if [ "$iucvdev" ] ; then + debug_mesg "Configured device $iucvdev" + fi +elif [ "$iucvdev" -a $ONLINE -eq 0 ] ; then + for _net_dev in $_iucv_dir/$iucvdev/net/* ; do + [ -d $_net_dev ] || continue + netdev=${_net_dev##*/} + break; + done + if [ "$netdev" ] ; then + echo $netdev > $_iucv_drv/remove + if [ $? -ne 0 ] ; then + mesg "Unable to remove device $netdev" + exit 4 + else + debug_mesg "Removed device $iucvdev" + rm -f /etc/udev/rules.d/51-iucv-$PEER_USERID.rules /etc/udev/rules.d/51-iucv-$PEER_USERID_LOWER.rules + iucvdev= + fi + fi + +fi + +if [ "$iucvdev" ] ; then + cat > /etc/udev/rules.d/51-iucv-$PEER_USERID.rules < /dev/null + if [ $? -eq 0 ]; then + echo "That device is in the cio_ignore list." + echo "Please remove it with \"cio_ignore -r ${BUSID}\" before trying again." + fi + exit 10 +fi + +case ${DEVNO:0:3} in + 019) if grep -q "version = FF" /proc/cpuinfo 2>/dev/null; then + echo "That looks like a CMS disk." + if [ ${FORCE} -eq 0 ]; then + echo "Specify the -f option to force the operation." + exit 11 + fi + echo "But you specified -f so we'll kill it anyway." + fi + ;; +esac + +read ORIG_ONLINE_STATUS < /sys/bus/ccw/devices/${BUSID}/online + +DISCIPLINE="none" +if [ -r /sys/bus/ccw/devices/${BUSID}/discipline ]; then + # We have to bring the device online before the kernel will fill in + # the value for discipline. + if [ ${ORIG_ONLINE_STATUS} -eq 0 ]; then + /usr/sbin/chccwdev -e ${BUSID} + /usr/sbin/udevadm settle + fi + + read STATUS < /sys/bus/ccw/devices/${BUSID}/status + if [ "${STATUS}" == "unformatted" ]; then + echo "DASD device ${BUSID} is already in an unformatted state." + if [ ${ORIG_ONLINE_STATUS} -eq 0 ]; then + /usr/sbin/chccwdev -d -s ${BUSID} + /usr/sbin/udevadm settle + fi + exit 0 + fi + + read DISCIPLINE < /sys/bus/ccw/devices/${BUSID}/discipline +else read CU_TYPE < /sys/bus/ccw/devices/${BUSID}/cutype + read DEV_TYPE < /sys/bus/ccw/devices/${BUSID}/devtype + case "${CU_TYPE}" in + 3990/*|2105/*|2107/*|1750/*|9343/*) + DISCIPLINE=ECKD + ;; + 3880/*) + case "${DEV_TYPE}" in + 3390/*) + DISCIPLINE=ECKD + ;; + esac + ;; + esac +fi + +if [ "${DISCIPLINE}" != "ECKD" ]; then + echo "This script only works on ECKD DASD." + if [ ${ORIG_ONLINE_STATUS} -eq 0 ]; then + /usr/sbin/chccwdev -d -s ${BUSID} + fi + exit 12 +fi + +read STATUS < /sys/bus/ccw/devices/${BUSID}/online +if [ ${STATUS} -eq 1 ]; then + if [ ! -h /dev/disk/by-path/ccw-${BUSID} ]; then + echo "The udev-generated symbolic link in /dev/disk/by-path was not found." + exit 13 + fi + + /usr/sbin/chccwdev -d -s ${BUSID} + /usr/sbin/udevadm settle + + read STATUS < /sys/bus/ccw/devices/${BUSID}/online + if [ ${STATUS} -ne 0 ]; then + echo "Device number ${DEVNO} didn't go offline. Unable to continue." + exit 14 + fi +fi + +/usr/sbin/chccwdev -a raw_track_access=1 -e ${BUSID} +/usr/sbin/udevadm settle + +read STATUS < /sys/bus/ccw/devices/${BUSID}/online +if [ ${STATUS} -ne 1 ]; then + echo "Unable to bring ${DEVNO} online. Unable to continue." + exit 15 +fi + +# After this point, we will kill the formatting on the device +perl -e 'for ($h=0;$h<2;$h++){printf "\0\0\0%c\0\0\0\x8%s",$h,(("\0"x8).("\xff"x8).("\0"x65512))}' | dd bs=65536 count=2 oflag=direct of=/dev/disk/by-path/ccw-${BUSID} >/dev/null 2>&1 + +if [ "$?" -ne 0 ]; then + echo "The writing of the null record 0 failed." + exit 16 +fi + +echo "Setting ${BUSID} back offline with raw track access disabled." +/usr/sbin/chccwdev -d -s -a raw_track_access=0 ${BUSID} +/usr/sbin/udevadm settle + +if [ ${ORIG_ONLINE_STATUS} -eq 1 ]; then + /usr/sbin/chccwdev -e ${BUSID} + /usr/sbin/udevadm settle +fi diff --git a/killcdl.suse b/killcdl.suse new file mode 100644 index 0000000..1bdf61b --- /dev/null +++ b/killcdl.suse @@ -0,0 +1,217 @@ +#!/bin/sh + +# +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Released under the GNU General Public License version 2. +# + +let FORCE=0 +DEVPARM="" + +usage(){ + echo "Usage: ${0} [ -f ] devno|busid" + echo " -f Force unformatting for DASD volumes in the CMS device range of 19x." + echo " devno The \"plain\" device number of the volume, e.g. 3184." + echo " busid The full specification of the volume, e.g., 0.0.3184." +} + +ARCH="$(/bin/uname -m)" +if [ "${ARCH}" != "s390x" ] && [ "${ARCH}" != "s390" ]; then + echo "This script is only useful on IBM mainframes." + exit 1 +fi + +############################################################ +# Parse the parameters from the command line +# +ARGS=$(getopt -a --options f -n "killcdl" -- "$@") +if [ $? -ne 0 ]; then + usage + exit 3 +fi + +eval set -- "${ARGS}" +for ARG; do + case "${ARG}" in + -f) FORCE=1 + shift 1 + ;; + --) shift 1 + ;; + [0-9a-fA-F]*) if [ ! -z "${DEVPARM}" ]; then + echo "More than one parameter specified." + usage + exit 4 + fi + DEVPARM=${1} + shift 1 + ;; + *) echo "That looks invalid" + usage + exit 5 + ;; + esac +done + +if [ -z "${DEVPARM}" ]; then + echo "You must specify the device number of the DASD volume to be unformatted." + usage + exit 6 +fi + +DEVNO=$(echo "${DEVPARM}" | tr A-Z a-z) + +# Validate the device number or busid provided +set -- $(IFS='.'; echo ${DEVNO}) +let NUMPARMS=${#} +if [ ${NUMPARMS} -ne 1 ] && [ ${NUMPARMS} -ne 3 ]; then + echo "You have not specified the device number in a recognizable format." + echo "It must either be the plain device number, e.g., 0123, or in" + echo "so-called busid format, e.g., 0.0.0123" + exit 7 +fi + +# Just a device number, SIMPLE=1. A busid, SIMPLE=0 +SIMPLE=0 +if [ ${NUMPARMS} -eq 1 ]; then + let SIMPLE=1 + let FIRST=0 + let FIRSTLEN=1 + let SECOND=0 + let SECONDLEN=1 + DEVNO="${1}" + let DEVNOLEN=${#1} +else FIRST="${1}" + let FIRSTLEN=${#FIRST} + SECOND="${2}" + let SECONDLEN=${#SECOND} + DEVNO="${3}" + let DEVNOLEN=${#3} +fi + +if [ ${FIRSTLEN} -ne 1 ] || [ ${SECONDLEN} -ne 1 ]; then + echo "The first and second fields of the busid may only be one digit long." + exit 8 +fi + +if [ ${DEVNOLEN} -gt 4 ]; then + echo "The device number may only be 4 digits long." + exit 9 +fi + +if [ ${DEVNOLEN} -lt 4 ]; then + DEVNO=$(echo "0000${DEVNO}" | rev | cut -c1-4 | rev) +fi + +BUSID="${FIRST}.${SECOND}.${DEVNO}" + +if [ ! -h /sys/bus/ccw/devices/${BUSID} ]; then + echo "Busid ${BUSID} was not found." + /sbin/cio_ignore -i ${BUSID} > /dev/null + if [ $? -eq 0 ]; then + echo "That device is in the cio_ignore list." + echo "Please remove it with \"cio_ignore -r ${BUSID}\" before trying again." + fi + exit 10 +fi + +case ${DEVNO:0:3} in + 019) if grep -q "version = FF" /proc/cpuinfo 2>/dev/null; then + echo "That looks like a CMS disk." + if [ ${FORCE} -eq 0 ]; then + echo "Specify the -f option to force the operation." + exit 11 + fi + echo "But you specified -f so we'll kill it anyway." + fi + ;; +esac + +read ORIG_ONLINE_STATUS < /sys/bus/ccw/devices/${BUSID}/online + +DISCIPLINE="none" +if [ -r /sys/bus/ccw/devices/${BUSID}/discipline ]; then + # We have to bring the device online before the kernel will fill in + # the value for discipline. + if [ ${ORIG_ONLINE_STATUS} -eq 0 ]; then + /sbin/chccwdev -e ${BUSID} + /sbin/udevadm settle + fi + + read STATUS < /sys/bus/ccw/devices/${BUSID}/status + if [ "${STATUS}" == "unformatted" ]; then + echo "DASD device ${BUSID} is already in an unformatted state." + if [ ${ORIG_ONLINE_STATUS} -eq 0 ]; then + /sbin/chccwdev -d -s ${BUSID} + /sbin/udevadm settle + fi + exit 0 + fi + + read DISCIPLINE < /sys/bus/ccw/devices/${BUSID}/discipline +else read CU_TYPE < /sys/bus/ccw/devices/${BUSID}/cutype + read DEV_TYPE < /sys/bus/ccw/devices/${BUSID}/devtype + case "${CU_TYPE}" in + 3990/*|2105/*|2107/*|1750/*|9343/*) + DISCIPLINE=ECKD + ;; + 3880/*) + case "${DEV_TYPE}" in + 3390/*) + DISCIPLINE=ECKD + ;; + esac + ;; + esac +fi + +if [ "${DISCIPLINE}" != "ECKD" ]; then + echo "This script only works on ECKD DASD." + if [ ${ORIG_ONLINE_STATUS} -eq 0 ]; then + /sbin/chccwdev -d -s ${BUSID} + fi + exit 12 +fi + +read STATUS < /sys/bus/ccw/devices/${BUSID}/online +if [ ${STATUS} -eq 1 ]; then + if [ ! -h /dev/disk/by-path/ccw-${BUSID} ]; then + echo "The udev-generated symbolic link in /dev/disk/by-path was not found." + exit 13 + fi + + /sbin/chccwdev -d -s ${BUSID} + /sbin/udevadm settle + + read STATUS < /sys/bus/ccw/devices/${BUSID}/online + if [ ${STATUS} -ne 0 ]; then + echo "Device number ${DEVNO} didn't go offline. Unable to continue." + exit 14 + fi +fi + +/sbin/chccwdev -a raw_track_access=1 -e ${BUSID} +/sbin/udevadm settle + +read STATUS < /sys/bus/ccw/devices/${BUSID}/online +if [ ${STATUS} -ne 1 ]; then + echo "Unable to bring ${DEVNO} online. Unable to continue." + exit 15 +fi + +# After this point, we will kill the formatting on the device +perl -e 'for ($h=0;$h<2;$h++){printf "\0\0\0%c\0\0\0\x8%s",$h,(("\0"x8).("\xff"x8).("\0"x65512))}' | dd bs=65536 count=2 oflag=direct of=/dev/disk/by-path/ccw-${BUSID} >/dev/null 2>&1 + +if [ "$?" -ne 0 ]; then + echo "The writing of the null record 0 failed." + exit 16 +fi + +echo "Setting ${BUSID} back offline with raw track access disabled." +/sbin/chccwdev -d -s -a raw_track_access=0 ${BUSID} +/sbin/udevadm settle + +if [ ${ORIG_ONLINE_STATUS} -eq 1 ]; then + /sbin/chccwdev -e ${BUSID} + /sbin/udevadm settle +fi diff --git a/lgr_check b/lgr_check new file mode 100644 index 0000000..5e691df --- /dev/null +++ b/lgr_check @@ -0,0 +1,335 @@ +#!/bin/sh + +function check_sysoper(){ +local SYSOPER=$(vmcp q sysoper | cut -f4 -d" ") +local USERID=$(vmcp q userid | cut -f1 -d" ")"." +if [ "${SYSOPER}" == "${USERID}" ]; then +return 0 +else return 1 +fi +} + +function check_disc(){ +local USERID=$(vmcp q userid | cut -f1 -d" ") +local DISCONNECTED=$(vmcp q ${USERID} | cut -f2 -d-) +if [ "${DISCONNECTED}" == " DSC" ]; then + return 1 +else return 0 +fi +} + +function check_3270(){ +local CONMODE=$(vmcp q term | sed -n -e '/CONMODE/ {s/CONMODE \([0-9]*\), .*$/\1/;p}') +if [ "${CONMODE}" == "3270" ]; then + return 0 +else return 1 +fi +} + +function check_graf(){ +local GRAF +GRAF=$(vmcp -b 1048576 q v graf 2>/dev/null | grep -v "^CONS" | grep "ON LDEV" ) +if [ ${?} -eq 0 ] && [ -n "${GRAF}" ]; then + return 0 +else return 1 +fi +} + +function check_ascii_console(){ +local SYSASCII=$(vmcp q v sysascii 2>/dev/null | grep "not attached to you") +if [ -z "${SYSASCII}" ]; then + return 0 +else return 1 +fi +} + +function check_tdisk(){ +local TDISK=$(vmcp -b 1048576 q v dasd 2>/dev/null | grep TEMP) +if [ -n "${TDISK}" ]; then + return 0 +else return 1 +fi +} + +function check_ctc(){ +local CTC +CTC=$(vmcp -b 1048576 q v ctc 2>/dev/null) +if [ ${?} -eq 0 ]; then + return 0 +else return 1 +fi +} + +function check_dynamic_switch(){ +local SWCH +SWCH=$(vmcp -b 1048576 q v switches 2>/dev/null) +if [ ${?} -eq 0 ]; then + return 0 +else return 1 +fi +} + +function check_maint_mdisks(){ +local MDISKS +MDISKS=$(vmcp -b 1048576 q v dasd | grep -E "0190|0191|0193|019D|019E") +if [ -n "${MDISKS}" ]; then + return 0 +else return 1 +fi +} + +function check_wrkalleg(){ +local WRKALLEG +WRKALLEG=$(vmcp -b 1048576 q wrkalleg | grep "is not simulated") +if [ -z "${WRKALLEG}" ]; then + return 0 +else return 1 +fi +} + +function check_isolated_vswitch(){ +local ISOLATED=0 +local VSWITCH + +# Find out if we have any NICs coupled to any VSWITCH or not. If not, we're OK. +VSWITCH=$(vmcp -b 1048576 q nic | sed -e '1~2 {N;s/\n//;}' | grep VSWITCH) +if [ -z "${VSWITCH}" ]; then + return 1 +fi + +ISOLATED=$(vmcp -b 1048576 q nic | sed -e '1~2 {N;s/\n//;}' | \ + grep VSWITCH | \ + sed -e 's/^.* VSWITCH: //' | \ + while read owner name + do VSWITCH=$(vmcp -b 1048576 q vswitch $name | grep RDEV) + if [ -z "${VSWITCH}" ]; then + echo 1 + fi + done) + +if [ "${ISOLATED}" == "1" ]; then + return 0 +else return 1 +fi +} + +function check_chpidvirt(){ +local CHPIDV +CHPIDV=$(vmcp q chpidv 2>/dev/null | grep "CHPID Virtualization is on") +if [ -z "${CHPIDV}" ]; then + return 0 +else return 1 +fi +} + +function check_pci_functions(){ +local PCIF +local RETCODE +PCIF=$(vmcp -b 1048576 q v pcif 2>/dev/null | grep "A PCI function was not found.") +RETCODE=${?} +if [ ${RETCODE} -eq 0 ] && [ -z "${PCIF}" ]; then + return 0 +else return 1 +fi +} + +function check_tape_assign(){ +local TAPES +local RETCODE=1 +TAPES=$(vmcp -b 1048576 q v tapes 2>/dev/null | grep "Device TAPE does not exist") +if [ -n "${TAPES}" ]; then + return 1 +fi + +TAPES=$(vmcp -b 1048576 q v tapes 2>/dev/null | grep "NOASSIGN") +if [ -n "${TAPES}" ]; then + return 0 +else return 1 +fi +} + +function check_open_spool(){ +local QSPOOL +local OPENSPOOL=0 +QSPOOL=$(vmcp -b 1048576 q pun \* all 2>/dev/null | grep "OPEN") +if [ -n "${QSPOOL}" ]; then + let OPENSPOOL=1 +fi + +QSPOOL=$(vmcp -b 1048576 q prt \* all 2>/dev/null | grep "OPEN" | grep -v " CON ") +if [ -n "${QSPOOL}" ]; then + let OPENSPOOL=1 +fi + +if [ ${OPENSPOOL} -eq 1 ]; then + return 0 +else return 1 +fi +} + +function check_xstore(){ +local XSTOR +XSTOR=$(vmcp -b 1048576 q v xstor 2>/dev/null | grep "XSTORE = none") +if [ -z "${XSTOR}" ]; then + return 0 +else return 1 +fi +} + +function check_iucv(){ +local QIUCV +QIUCV=$(vmcp -b 1048576 q iucv 2>/dev/null | grep -vE "^No IUCV paths exist|^Source| *MSG| *MSGALL") +if [ -n "${QIUCV}" ]; then + return 0 +else return 1 +fi +} + +function usage(){ + echo "Usage: ${0} [ -f ] [ -h ] devno|busid" + echo " -q Don't generate any output, just set a return code." + echo " -m Suppress the check for local minidisks." + echo " Only use this if you know for certain all minidisks for this" + echo " guest are NOT local to this instance of z/VM." + echo " -h Display this help message." +} + +ARCH="$(/bin/uname -m)" +if [ "${ARCH}" != "s390x" ] && [ "${ARCH}" != "s390" ]; then + echo "This script is only useful on IBM mainframes." + exit 1 +fi + +HYPERVISOR=$(systemd-detect-virt) +if [ "${HYPERVISOR}" != "zvm" ]; then + echo "This script is only useful for guests of the z/VM hypervisor." + exit 1 +fi + +MDISK_SUPPRESS=0 +msg="echo" + +############################################################ +# Parse the parameters from the command line +# +ARGS=$(getopt -a --options qhm -n "lgr_check" -- "$@") +if [ $? -ne 0 ]; then + usage + exit 3 +fi + +eval set -- "${ARGS}" +for ARG; do + case "${ARG}" in + -h) usage; + exit 0 + ;; + -m) let MDISK_SUPPRESS=1; + shift 1 + ;; + -q) msg="/bin/true" + shift 1 + ;; + --) shift 1 + ;; + *) ${msg} "Extraneous input detected: ${1}" + shift 1 + ;; + esac +done + + +let FAIL=0 +##let COLS=$(stty -a | sed -n -e '/columns/{s/^.*columns \([0-9]*\);.*$/\1/;p}') + +if [ ! -c /dev/vmcp ]; then + ${msg} "Cannot find /dev/vmcp to issue z/VM CP commands." + exit 1 +fi + +${msg} "Checking for conditions that might prevent Live Guest Relocation" + +if check_chpidvirt; then + ${msg} "This guest does not have CHPID Virtualization set for it in the CP directory." + ${msg} "Live Guest Relocation is absolutely not possible for this guest." + # exit 99 + let FAIL=1 +fi +if check_sysoper ; then + ${msg} "This guest is currently the z/VM system operator." + let FAIL=1 +fi +let GUEST_CONN=0 +if check_disc; then + ${msg} "The guest is not running disconnected." + let GUEST_CONN=1 + let FAIL=1 +fi +if check_3270; then + ${msg} -n "The guest has a 3270 console, " + if [ ${GUEST_CONN} -eq 0 ]; then + ${msg} "but it is not currently in use." + else ${msg} "and it is currently in use." + let FAIL=1 + fi +fi +if check_graf; then + ${msg} "The guest has a DIALED 3270 device in current use." + let FAIL=1 +fi +if check_ascii_console; then + ${msg} "The guest has the ASCII console attached to it." + let FAIL=1 +fi +if check_tdisk; then + ${msg} "The guest has a temporary disk (T-disk) attached to it." + let FAIL=1 +fi +if check_ctc; then + ${msg} "The guest has a Channel-to-Channel device (CTC) attached to it." + let FAIL=1 +fi +if check_dynamic_switch; then + ${msg} "The guest has a dynamic switching device attached to it." + let FAIL=1 +fi +if check_wrkalleg; then + ${msg} "The guest is currently using virtual working allegiance." + let FAIL=1 +fi +if [ ${MDISK_SUPPRESS} -eq 0 ] && check_maint_mdisks; then + ${msg} "The guest currently has one or more Minidisks that might be local to this instance of z/VM." + let FAIL=1 +fi +if check_isolated_vswitch; then + ${msg} "The guest is currently coupled to an isolated VSWITCH." + let FAIL=1 +fi +if check_pci_functions; then + ${msg} "The guest has PCI functions available to it." + let FAIL=1 +fi +if check_tape_assign; then + ${msg} "The guest has potential problems with a tape." + let FAIL=1 +fi +if check_open_spool; then + ${msg} "The guest has an open SPOOL file that is not from the virtual console." + let FAIL=1 +fi +if check_xstore; then + ${msg} "The guest has Expanded Storage attached to it." + let FAIL=1 +fi +if check_iucv; then + ${msg} "The guest has an IUCV connection to a z/VM system service or another z/VM user." + let FAIL=1 +fi + +if [ ${FAIL} == 1 ]; then + ${msg} "The guest is currently not eligible for Live Guest Relocation." + exit 1 +else ${msg} "As far as can be determined from within the guest, it is currently eligible for Live Guest Relocation." + ${msg} "This is not a guarantee. Other factors that cannot be checked from within the guest may prevent it from being eligible for LGR." +fi + diff --git a/mkdump.8 b/mkdump.8 new file mode 100644 index 0000000..b80e543 --- /dev/null +++ b/mkdump.8 @@ -0,0 +1,72 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.36. +.TH MKDUMP "8" "August 2011" "mkdump 2.0" "System Administration Utilities" +.SH NAME +mkdump \- Preparing disks for use as S/390 dump device. +.SH SYNOPSIS +.B mkdump +[\fIOPTIONS\fR] [\fIDEVICE\fR]... +.SH DESCRIPTION +mkdump 2.0.3 +.PP +Prepare one or more volumes for use as S/390 dump device. Supported devices +are ECKD DASD and SCSI over zFCP disks, while multi\-volumes are limited to DASD. +.PP +Only whole disks can be used, no partitions! If the device is incompatible +formatted/partioned, the script will refuse to install the dump record +unless the \fB\-\-force\fR switch is given. +.PP +Disks which are in use or have mounted partitions will not be listed and can't be used. +The mentioning of "dumpdevice" after a disk indicates that it is an already usable dump device. Additionally multi\-volume dump devices are indicated by the list of including DASD ids. +.SH OPTIONS +.TP +\fB\-h\fR, \fB\-\-help\fR +display this help and exit +.TP +\fB\-V\fR, \fB\-\-version\fR +display version information and exit +.TP +\fB\-d\fR, \fB\-\-debug\fR +debug mode, do not run programs which commit changes +.TP +\fB\-v\fR, \fB\-\-verbose\fR +be verbose and show command outputs +.TP +\fB\-f\fR, \fB\-\-force\fR +force overwrite of the disk +.TP +\fB\-l\fR, \fB\-\-list\-dump\fR +display dump disks +.TP +\fB\-D\fR, \fB\-\-list\-dasd\fR +display usable DASD disks (Device, Size, ID, Dump) +.TP +\fB\-Z\fR, \fB\-\-list\-zfcp\fR +display usable SCSI over zFCP disks (Device, Size, ID, WWPN, LUN, Dump) +.SH DIAGNOSTICS +mkdump returns the following exit codes: +.RS +.IP 0 +Normal (no errors or warnings detected) +.IP 11 +Invalid or unusable disk (fatal) +.IP 12 +Incompatible formatting/partitioning, can be corrected with --force +.IP 13 +Missing support programs +.IP 14 +Bad command line parameters +.IP 15 +Access problem +.IP other +Support program failed +.SH AUTHOR +Written by Tim Hardeck . +.SH "REPORTING BUGS" +Report bugs on https://bugzilla.novell.com/ +.SH COPYRIGHT +Copyright \(co 2011 SUSE LINUX Products GmbH +License GPLv2 or (at your option) any later version. + +.br +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. diff --git a/mkdump.pl.opensuse b/mkdump.pl.opensuse new file mode 100644 index 0000000..d757b3a --- /dev/null +++ b/mkdump.pl.opensuse @@ -0,0 +1,666 @@ +#!/usr/bin/perl +######################################################################## +# +# mkdump.pl - Preparing disks for use as S/390 dump device +# +# Copyright (c) 2011 Tim Hardeck, SUSE LINUX Products GmbH +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Based on mkdump.sh (c) 2004 Hannes Reinecke, SuSE AG +# +# License: +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +######################################################################## + +use strict; +use warnings; +use Fcntl; +use Getopt::Long; + +my $VERSION = "2.0.4"; + +my $BLKID = "/usr/sbin/blkid"; +my $PARTED = "/usr/sbin/parted"; +my $FDASD = "/usr/sbin/fdasd"; +my $DASDVIEW = "/usr/sbin/dasdview"; +my $DASDFMT = "/usr/sbin/dasdfmt"; +my $ZIPL = "/usr/sbin/zipl"; +my $UDEVADM = "/usr/sbin/udevadm"; +my $ZGETDUMP = "/usr/sbin/zgetdump"; + +# temporary DASD device configuration file for Zipl +my $MDPATH = "/tmp/mvdump.conf.".`mcookie`; +chomp($MDPATH); + +my $OPT_DEBUG = 0; +my $OPT_FORCE = 0; +my $OPT_VERBOSE = 0; + +sub cleanup +{ + # DASD + if (-e $MDPATH) { + system("rm -f $MDPATH"); + } +} + +sub exit_with +{ + my $message = shift(); + my $exitcode = shift(); + + print STDERR "$message Exiting...\n"; + cleanup(); + + # fdasd isn't able to create volume label interactively + # could be fixed with a reformat + if ($exitcode == 65280) { + $exitcode = 12; + } + + # bigger exit codes are not supported + if ($exitcode > 255) { + $exitcode = 255; + } + + exit($exitcode); +} + +sub run_cmd +{ + my $cmd = shift(); + + my $output = ""; + if (! $OPT_DEBUG) { + my ($app) = $cmd =~ /\/(\w+) /; + + # run command + $output = `$cmd`; + my $exit_code = $?; + # wait for udev to finish processing + system("$UDEVADM settle"); + + # only print output in case of an error or in verbose mode + if ($output and ($exit_code != 0 or $OPT_VERBOSE)) { + print("$output\n"); + } + + if ($exit_code != 0) { + exit_with("$app failed with exit code $exit_code", $exit_code); + } + } else { + # only print the command in debug mode + print("\`$cmd\`\n"); + } + return($output); +} + +sub check_paths +{ + for my $path ($BLKID, $PARTED, $FDASD, $DASDVIEW, $DASDFMT, $ZIPL, $UDEVADM, $ZGETDUMP) { + unless ( -x $path) { + exit_with("Command $path is not available.", 13); + } + } +} + +sub read_file +{ + my $path = shift(); + + open(my $file, "<", "$path") or exit_with("Unable to access $path: $!.", 15); + my @content = <$file>; + close($file); + + # no need for arrays in case of single lines + if (@content > 1) { + return @content; + } else { + chomp($content[0]); + return($content[0]); + } +} + +sub is_dasd +{ + # remove leading /dev/ + my $device = substr(shift(), 5); + + if (-r "/sys/block/$device/device/discipline") { + return(1); + } else { + return(0); + } +} + +sub has_free_single_kpartx +{ + my $device = substr(shift(), 5); + return(0) unless ($device =~ /^dm-[0-9]+$/); + my $blockpath = "/sys/block/$device"; + my @holders = glob("$blockpath/holders/*"); + return(0) unless (@holders == 1); + my $dmuuid = read_file("$holders[0]/dm/uuid"); + return(0) unless ($dmuuid =~ /^part1-mpath-/); + my @holderparts = split(/\//, $holders[0]); + my $holder = "/dev/" . $holderparts[-1]; + if(-b $holder and sysopen(my $blockdev, $holder, O_RDWR|O_EXCL)) { + close($blockdev); + return(1); + } + return(0); +} + +sub is_zfcp +{ + # remove leading /dev/ + my $device = substr(shift(), 5); + my $blockpath = "/sys/block/$device"; + my $dmname = undef; + + # if user passed a device name on cmdline that we listed before + # convert to a dm-[0-9]+ kernel device name + if ($device =~ /^mapper\//) { + $device = substr(readlink("/dev/" . $device), 3); + $blockpath = "/sys/block/" . $device; + } + # check if dm-multipath and get one path member + if ($device =~ /^dm-[0-9]+$/) { + my $dmuuid = read_file("$blockpath/dm/uuid"); + return(undef) unless $dmuuid =~ /^mpath-/; + $dmname = read_file("$blockpath/dm/name"); + opendir(DIR, "$blockpath/slaves/") or return(undef); + while (defined(my $pathmember = readdir(DIR))) { + # skip ".", "..", or other non scsi disk entries + next unless $pathmember =~ /^sd[a-z]+$/; + $device = $pathmember; + last; + } + closedir(DIR); + } + my $devpath = "/sys/block/$device/device"; + + unless (-r "$devpath/hba_id" or -r "$devpath/type") { + return(undef); + } + + my $devtype = read_file("$devpath/type"); + + # SCSI type '0' means disk + if ($devtype == 0) { + if (defined $dmname) { + return("/dev/mapper/$dmname"); + } else { + return("/dev/$device"); + } + } else { + return(undef); + } +} + +sub get_partition_num +{ + # remove leading /dev/ + my $device = substr(shift, 5); + + my $part_num = grep(/\s+$device\d+/, read_file("/proc/partitions")); + + return($part_num); +} + +sub print_device +{ + my $device = shift(); + my $only_dump_disks = shift(); + my $devpath; + + if ($device =~ /^\/dev\/mapper\//) { + $devpath = "/sys/block/" . substr(readlink($device), 3); + } else { + $devpath = "/sys/block/" . substr($device, 5); + } + my $output = $device; + my $dump_device = 0; + + my $size = int(read_file("$devpath/size") / 2048); # 512 Byte blocks + # size can't be read this way in case of unformatted devices + if ($size != 0) { + $output .= "\t${size}MB"; + } else { + $output .= "\tunknown"; + } + + if (is_dasd($device)) { + my ($busid) = readlink("$devpath/device") =~ /(\w\.\w\.\w{4})/; + $output .= "\t$busid"; + + # check for dump record and list multi volumes + my $zgetdump_output = `$ZGETDUMP -d $device 2>&1`; + my @dump_devs = $zgetdump_output =~ /(\w\.\w\.\w{4})/g; + if (@dump_devs) { + $dump_device = 1; + $output .= "\tdumpdevice"; + # no need to output the dump ids for a single device + if (@dump_devs > 1) { + for my $id (@dump_devs) { + $output .= "|$id"; + } + } + } else { + # check for single volume dump devices + if ($zgetdump_output =~ /Single-volume DASD dump tool/) { + $dump_device = 1; + $output .= "\tdumpdevice"; + } + } + } else { + # get one path member to fill path info for "yast onpanic" + if ($device =~ /^\/dev\/mapper\//) { + my $blockdev = substr(readlink($device), 3); + my $blockpath = "/sys/block/" . $blockdev; + opendir(DIR, "$blockpath/slaves/") or return(undef); + while (defined(my $pathmember = readdir(DIR))) { + # skip ".", "..", or other non scsi disk entries + next unless $pathmember =~ /^sd[a-z]+$/; + $devpath = "/sys/block/" . $pathmember; + last; + } + closedir(DIR); + } + my $adapter = read_file("$devpath/device/hba_id"); + my $wwpn = read_file("$devpath/device/wwpn"); + my $lun = read_file("$devpath/device/fcp_lun"); + $output .= "\t$adapter\t$wwpn\t$lun"; + + # check for dump record + my $zgetdump = `$ZGETDUMP -d $device 2>&1`; + if ($? == 0) { + my ($dsize) = ($zgetdump =~ /Maximum dump size\.:\s+([0-9]+) MB/m); + $dsize = $size unless (defined($dsize)); + $output = "$device\t${dsize}MB\t$adapter\t$wwpn\t$lun\tdumpdevice"; + $dump_device = 1; + } + } + if ($only_dump_disks) { + if ($dump_device) { + print("$output\n"); + } + } else { + print("$output\n"); + } +} + +sub list_free_disks +{ + my $devices_ref = shift(); + my $type = shift(); + + if (@$devices_ref) { + for my $device (@$devices_ref) { + print_device($device); + } + } else { + print STDERR "No free $type devices available!\n"; + } +} + +sub list_dump_disks +{ + my @devices = @_; + + if (@devices) { + for my $device (@devices) { + print_device($device, 1); + } + } else { + print STDERR "No dump devices available!\n"; + } +} + +sub determine_free_disks +{ + my @dasd; + my @zfcp; + my @devices; + + # gather block devices + my $path="/sys/block/"; + opendir(DIR, $path) or exit_with("Unable to find $path: $!", 15); + while (defined(my $file = readdir(DIR))) { + # no need to add other devices then dasd* or sd* + # or dm-multipath + if ($file =~ /^dasd[a-z]+$/ or $file =~ /^sd[a-z]+$/ or + $file =~ /^dm-[0-9]+$/) { + push(@devices, $file); + } + } + closedir(DIR); + + for my $entry (@devices) { + # only allow disks, no partitions + my ($device) = $entry =~ /^([a-z]+)$/; + # dm devices other than dm-multipath are filtered by is_zfcp() + ($device) = $entry =~ /^(dm-[0-9]+)$/ unless ($device); + next unless ($device); + + $device = "/dev/$device"; + + # determine if the block device could be accessed exclusively + if(-b $device and sysopen(my $blockdev, $device, O_RDWR|O_EXCL)) { + close($blockdev); + if (is_dasd($device)) { + push(@dasd, $device); + } + my $zfcp = is_zfcp($device); + if (defined $zfcp) { + push(@zfcp, $zfcp); + } + } else { + # A dm-multipath device with a single holder + # being a kpartx partition number 1 could still + # be free or contain a zfcpdump boot record. + # Due to the kpartx linear dm mapping, such + # dm-multipath device cannot open exclusively. + if (has_free_single_kpartx($device)) { + my $zfcp = is_zfcp($device); + if (defined $zfcp) { + push(@zfcp, $zfcp); + } + } + } + # wait for udev to process all events triggered by sysopen(,O_EXCL) + system("$UDEVADM settle"); + } + + return(\@dasd, \@zfcp); +} + +sub prepare_dasd +{ + my @devices = @_; + + my $format_disks = ""; + + # check formatting + for my $device (@devices) { + # determine disk layout + my ($fmtstr) = `$DASDVIEW -x $device` =~ /(\w\w\w) formatted/; + + SWITCH: + for($fmtstr) { + if (/NOT/) { + print("Unformatted disk, formatting $device.\n"); + $format_disks .= " $device"; + last SWITCH; + } + if (/LDL/) { + if ($OPT_FORCE) { + print("Linux disk layout, reformatting $device.\n"); + $format_disks .= " $device"; + } else { + print("$device was formatted with the Linux disk layout.\n"); + print("Unable to use it without reformatting.\n"); + exit_with("Re-issue the mkdump command with the --force option.", 12); + } + last SWITCH; + } + if (/CDL/) { + # allow reformatting with force, since fdasd isn't able to create volume label interactively + if ($OPT_FORCE) { + print("Compatible disk layout, force reformatting $device.\n"); + $format_disks .= " $device"; + } else { + print("$device: Compatible disk layout, Ok to use.\n"); + } + last SWITCH; + } + exit_with("Unknown layout ($fmtstr), cannot use disk.", 11); + } + } + + # format devices + if ($format_disks) { + #up to eight devices in parallel + run_cmd("$DASDFMT -P 8 -b 4096 -y -f $format_disks"); + } + + # check partitioning and partition + for my $device (@devices) { + my $part_num = get_partition_num($device); + if ($part_num == 0 or $OPT_FORCE) { + print("Re-partitioning disk $device.\n"); + run_cmd("$FDASD -a $device"); + } else { + # allow disk with one partition if it don't consist a file system + if ($part_num == 1) { + my ($fstype) = `$BLKID ${device}1` =~ /TYPE=\"(\w+)\"/; + if ($fstype) { + exit_with("Device ${device}1 already contains a filesystem of type $fstype.", 12); + } + } else { + exit_with("$part_num partitions detected, cannot use disk $device.", 12); + } + } + } +} + +sub setup_dasddump +{ + my @devices = @_; + + prepare_dasd(@devices); + + # create zipl device configuration file + # don't create files in debug mode + unless ($OPT_DEBUG) { + open(my $file, ">", $MDPATH) or exit_with("Unable to access $MDPATH: $!.", 15); + for my $device (@devices) { + print{$file}("${device}1\n"); + } + close($file); + } + + print("Creating dump record.\n"); + run_cmd("${ZIPL} -V -n -M $MDPATH"); + + cleanup(); +} + +sub setup_zfcpdump +{ + my $device = shift(); + + # check partitioning + my $part_num = get_partition_num($device); + if ($part_num == 0 or $OPT_FORCE) { + print("Re-partitioning disk $device.\n"); + run_cmd("$PARTED -s -- $device mklabel gpt mkpart primary 0 -1"); + } else { + if ($part_num > 1) { + exit_with("$part_num partitions detected, cannot use disk $device.", 12); + } + } + + # install bootloader + print("Creating dump record.\n"); + my $partdev; + if ($device =~ /^\/dev\/mapper\//) { + $partdev = $device . "-part1"; # kpartx partition on multipath + } else { + $partdev = $device . "1"; # real partition, single path SCSI + } + run_cmd("${ZIPL} -V -d ${partdev}"); + + cleanup(); +} + +sub print_version +{ + print << "EOF"; +mkdump $VERSION + +Copyright (c) 2011 SUSE LINUX Products GmbH +License GPLv2 or (at your option) any later version. + +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. + +Written by Tim Hardeck . +EOF + exit(0); +} + +sub print_usage +{ + my $exitcode = shift(); + + print << "EOF"; +Usage: mkdump [OPTIONS] [DEVICE]... +mkdump $VERSION + +Prepare one or more volumes for use as S/390 dump device. Supported devices +are ECKD DASD and SCSI over zFCP disks, while multi-volumes are limited to DASD. + +Only whole disks can be used, no partitions! If the device is incompatible +formatted/partioned, the script will refuse to install the dump record +unless the --force switch is given. + +Disks which are in use or have mounted partitions will not be listed and can't be used. +The mentioning of "dumpdevice" after a disk indicates that it is an already usable dump device. Additionally multi-volume dump devices are indicated by the list of including DASD ids. + +Options: + -h, --help display this help and exit + -V, --version display version information and exit + + -d, --debug debug mode, do not run programs which commit changes + -v, --verbose be verbose and show command outputs + -f, --force force overwrite of the disk + + -l, --list-dump display dump disks + -D, --list-dasd display usable DASD disks (Device, Size, ID, Dump) + -Z, --list-zfcp display usable SCSI over zFCP disks (Device, Size, ID, WWPN, LUN, Dump) + +Report bugs on https://bugzilla.novell.com/ +EOF + + exit($exitcode); +} + +sub analyze_cmd_parameters +{ + #verbose, debug and force are global + my $opt_help = 0; + my $opt_version = 0; + my $opt_dump = 0; + my $opt_dasd = 0; + my $opt_zfcp = 0; + + if (@ARGV == 0) { + print_usage(14); + } + + Getopt::Long::Configure('bundling'); + GetOptions( + 'h|help' => \$opt_help, + 'V|version' => \$opt_version, + 'd|debug' => \$OPT_DEBUG, + 'v|verbose' => \$OPT_VERBOSE, + 'f|force' => \$OPT_FORCE, + 'l|list-dump' => \$opt_dump, + 'D|list-dasd' => \$opt_dasd, + 'Z|list-zfcp' => \$opt_zfcp, + ) or print_usage(14); + + if ($opt_help) { + print_usage(0); + } + + if ($opt_version) { + print_version(); + } + + # determine free dasd and zfcp devices + my ($dasd_ref, $zfcp_ref) = determine_free_disks(); + + if ($opt_dump) { + list_dump_disks(@$dasd_ref, @$zfcp_ref); + exit 0; + } + + if ($opt_dasd) { + list_free_disks(\@$dasd_ref, "dasd"); + } + + if ($opt_zfcp) { + list_free_disks(\@$zfcp_ref, "zfcp"); + } + + # allow listing of both device types at the same time + if ($opt_dasd or $opt_zfcp) { + exit 0; + } + + # check provided devices and be strict + my @devices; + for my $device (@ARGV) { + if (grep(/$device/, @devices)) { + exit_with("$device is mentioned more than once.", 14); + } + # dm devices other than dm-multipath are filtered by is_zfcp() + if ( $device =~ /^\/dev\/[a-z]+$/ == 0 and + $device !~ /^\/dev\/mapper\// ) { + exit_with("The device parameter $device is inaccurate. Only whole disks are allowed.", 14); + } + if (grep(/$device/, (@$dasd_ref, @$zfcp_ref))) { + my $zfcp = is_zfcp($device); + if (defined $zfcp and @ARGV > 1) { + exit_with("Multi-volume dumps aren't supported with zFCP.", 14); + } + push(@devices, (defined $zfcp) ? $zfcp : $device); + } else { + if (-b $device) { + exit_with("$device is in use or not a DASD/zFCP disk!", 14); + } else { + exit_with("$device does not exist!", 14); + } + } + } + + if (@devices == 0) { + exit_with("No usable devices where provided.", 14); + } + + return(@devices); +} + +sub main +{ + check_paths(); + my @devices = analyze_cmd_parameters(); + + # only one dump device is possible with zFCP which is enforced in analyze_cmd_parameters + my $zfcp = is_zfcp($devices[0]); + if (defined $zfcp) { + setup_zfcpdump($zfcp); + } else { + setup_dasddump(@devices); + } + + print("Creating the dump device was successful.\n"); +} + +main(); diff --git a/mkdump.pl.suse b/mkdump.pl.suse new file mode 100644 index 0000000..cf1541c --- /dev/null +++ b/mkdump.pl.suse @@ -0,0 +1,666 @@ +#!/usr/bin/perl +######################################################################## +# +# mkdump.pl - Preparing disks for use as S/390 dump device +# +# Copyright (c) 2011 Tim Hardeck, SUSE LINUX Products GmbH +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Based on mkdump.sh (c) 2004 Hannes Reinecke, SuSE AG +# +# License: +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +######################################################################## + +use strict; +use warnings; +use Fcntl; +use Getopt::Long; + +my $VERSION = "2.0.4"; + +my $BLKID = "/sbin/blkid"; +my $PARTED = "/usr/sbin/parted"; +my $FDASD = "/sbin/fdasd"; +my $DASDVIEW = "/sbin/dasdview"; +my $DASDFMT = "/sbin/dasdfmt"; +my $ZIPL = "/sbin/zipl"; +my $UDEVADM = "/sbin/udevadm"; +my $ZGETDUMP = "/sbin/zgetdump"; + +# temporary DASD device configuration file for Zipl +my $MDPATH = "/tmp/mvdump.conf.".`mcookie`; +chomp($MDPATH); + +my $OPT_DEBUG = 0; +my $OPT_FORCE = 0; +my $OPT_VERBOSE = 0; + +sub cleanup +{ + # DASD + if (-e $MDPATH) { + system("rm -f $MDPATH"); + } +} + +sub exit_with +{ + my $message = shift(); + my $exitcode = shift(); + + print STDERR "$message Exiting...\n"; + cleanup(); + + # fdasd isn't able to create volume label interactively + # could be fixed with a reformat + if ($exitcode == 65280) { + $exitcode = 12; + } + + # bigger exit codes are not supported + if ($exitcode > 255) { + $exitcode = 255; + } + + exit($exitcode); +} + +sub run_cmd +{ + my $cmd = shift(); + + my $output = ""; + if (! $OPT_DEBUG) { + my ($app) = $cmd =~ /\/(\w+) /; + + # run command + $output = `$cmd`; + my $exit_code = $?; + # wait for udev to finish processing + system("$UDEVADM settle"); + + # only print output in case of an error or in verbose mode + if ($output and ($exit_code != 0 or $OPT_VERBOSE)) { + print("$output\n"); + } + + if ($exit_code != 0) { + exit_with("$app failed with exit code $exit_code", $exit_code); + } + } else { + # only print the command in debug mode + print("\`$cmd\`\n"); + } + return($output); +} + +sub check_paths +{ + for my $path ($BLKID, $PARTED, $FDASD, $DASDVIEW, $DASDFMT, $ZIPL, $UDEVADM, $ZGETDUMP) { + unless ( -x $path) { + exit_with("Command $path is not available.", 13); + } + } +} + +sub read_file +{ + my $path = shift(); + + open(my $file, "<", "$path") or exit_with("Unable to access $path: $!.", 15); + my @content = <$file>; + close($file); + + # no need for arrays in case of single lines + if (@content > 1) { + return @content; + } else { + chomp($content[0]); + return($content[0]); + } +} + +sub is_dasd +{ + # remove leading /dev/ + my $device = substr(shift(), 5); + + if (-r "/sys/block/$device/device/discipline") { + return(1); + } else { + return(0); + } +} + +sub has_free_single_kpartx +{ + my $device = substr(shift(), 5); + return(0) unless ($device =~ /^dm-[0-9]+$/); + my $blockpath = "/sys/block/$device"; + my @holders = glob("$blockpath/holders/*"); + return(0) unless (@holders == 1); + my $dmuuid = read_file("$holders[0]/dm/uuid"); + return(0) unless ($dmuuid =~ /^part1-mpath-/); + my @holderparts = split(/\//, $holders[0]); + my $holder = "/dev/" . $holderparts[-1]; + if(-b $holder and sysopen(my $blockdev, $holder, O_RDWR|O_EXCL)) { + close($blockdev); + return(1); + } + return(0); +} + +sub is_zfcp +{ + # remove leading /dev/ + my $device = substr(shift(), 5); + my $blockpath = "/sys/block/$device"; + my $dmname = undef; + + # if user passed a device name on cmdline that we listed before + # convert to a dm-[0-9]+ kernel device name + if ($device =~ /^mapper\//) { + $device = substr(readlink("/dev/" . $device), 3); + $blockpath = "/sys/block/" . $device; + } + # check if dm-multipath and get one path member + if ($device =~ /^dm-[0-9]+$/) { + my $dmuuid = read_file("$blockpath/dm/uuid"); + return(undef) unless $dmuuid =~ /^mpath-/; + $dmname = read_file("$blockpath/dm/name"); + opendir(DIR, "$blockpath/slaves/") or return(undef); + while (defined(my $pathmember = readdir(DIR))) { + # skip ".", "..", or other non scsi disk entries + next unless $pathmember =~ /^sd[a-z]+$/; + $device = $pathmember; + last; + } + closedir(DIR); + } + my $devpath = "/sys/block/$device/device"; + + unless (-r "$devpath/hba_id" or -r "$devpath/type") { + return(undef); + } + + my $devtype = read_file("$devpath/type"); + + # SCSI type '0' means disk + if ($devtype == 0) { + if (defined $dmname) { + return("/dev/mapper/$dmname"); + } else { + return("/dev/$device"); + } + } else { + return(undef); + } +} + +sub get_partition_num +{ + # remove leading /dev/ + my $device = substr(shift, 5); + + my $part_num = grep(/\s+$device\d+/, read_file("/proc/partitions")); + + return($part_num); +} + +sub print_device +{ + my $device = shift(); + my $only_dump_disks = shift(); + my $devpath; + + if ($device =~ /^\/dev\/mapper\//) { + $devpath = "/sys/block/" . substr(readlink($device), 3); + } else { + $devpath = "/sys/block/" . substr($device, 5); + } + my $output = $device; + my $dump_device = 0; + + my $size = int(read_file("$devpath/size") / 2048); # 512 Byte blocks + # size can't be read this way in case of unformatted devices + if ($size != 0) { + $output .= "\t${size}MB"; + } else { + $output .= "\tunknown"; + } + + if (is_dasd($device)) { + my ($busid) = readlink("$devpath/device") =~ /(\w\.\w\.\w{4})/; + $output .= "\t$busid"; + + # check for dump record and list multi volumes + my $zgetdump_output = `$ZGETDUMP -d $device 2>&1`; + my @dump_devs = $zgetdump_output =~ /(\w\.\w\.\w{4})/g; + if (@dump_devs) { + $dump_device = 1; + $output .= "\tdumpdevice"; + # no need to output the dump ids for a single device + if (@dump_devs > 1) { + for my $id (@dump_devs) { + $output .= "|$id"; + } + } + } else { + # check for single volume dump devices + if ($zgetdump_output =~ /Single-volume DASD dump tool/) { + $dump_device = 1; + $output .= "\tdumpdevice"; + } + } + } else { + # get one path member to fill path info for "yast onpanic" + if ($device =~ /^\/dev\/mapper\//) { + my $blockdev = substr(readlink($device), 3); + my $blockpath = "/sys/block/" . $blockdev; + opendir(DIR, "$blockpath/slaves/") or return(undef); + while (defined(my $pathmember = readdir(DIR))) { + # skip ".", "..", or other non scsi disk entries + next unless $pathmember =~ /^sd[a-z]+$/; + $devpath = "/sys/block/" . $pathmember; + last; + } + closedir(DIR); + } + my $adapter = read_file("$devpath/device/hba_id"); + my $wwpn = read_file("$devpath/device/wwpn"); + my $lun = read_file("$devpath/device/fcp_lun"); + $output .= "\t$adapter\t$wwpn\t$lun"; + + # check for dump record + my $zgetdump = `$ZGETDUMP -d $device 2>&1`; + if ($? == 0) { + my ($dsize) = ($zgetdump =~ /Maximum dump size\.:\s+([0-9]+) MB/m); + $dsize = $size unless (defined($dsize)); + $output = "$device\t${dsize}MB\t$adapter\t$wwpn\t$lun\tdumpdevice"; + $dump_device = 1; + } + } + if ($only_dump_disks) { + if ($dump_device) { + print("$output\n"); + } + } else { + print("$output\n"); + } +} + +sub list_free_disks +{ + my $devices_ref = shift(); + my $type = shift(); + + if (@$devices_ref) { + for my $device (@$devices_ref) { + print_device($device); + } + } else { + print STDERR "No free $type devices available!\n"; + } +} + +sub list_dump_disks +{ + my @devices = @_; + + if (@devices) { + for my $device (@devices) { + print_device($device, 1); + } + } else { + print STDERR "No dump devices available!\n"; + } +} + +sub determine_free_disks +{ + my @dasd; + my @zfcp; + my @devices; + + # gather block devices + my $path="/sys/block/"; + opendir(DIR, $path) or exit_with("Unable to find $path: $!", 15); + while (defined(my $file = readdir(DIR))) { + # no need to add other devices then dasd* or sd* + # or dm-multipath + if ($file =~ /^dasd[a-z]+$/ or $file =~ /^sd[a-z]+$/ or + $file =~ /^dm-[0-9]+$/) { + push(@devices, $file); + } + } + closedir(DIR); + + for my $entry (@devices) { + # only allow disks, no partitions + my ($device) = $entry =~ /^([a-z]+)$/; + # dm devices other than dm-multipath are filtered by is_zfcp() + ($device) = $entry =~ /^(dm-[0-9]+)$/ unless ($device); + next unless ($device); + + $device = "/dev/$device"; + + # determine if the block device could be accessed exclusively + if(-b $device and sysopen(my $blockdev, $device, O_RDWR|O_EXCL)) { + close($blockdev); + if (is_dasd($device)) { + push(@dasd, $device); + } + my $zfcp = is_zfcp($device); + if (defined $zfcp) { + push(@zfcp, $zfcp); + } + } else { + # A dm-multipath device with a single holder + # being a kpartx partition number 1 could still + # be free or contain a zfcpdump boot record. + # Due to the kpartx linear dm mapping, such + # dm-multipath device cannot open exclusively. + if (has_free_single_kpartx($device)) { + my $zfcp = is_zfcp($device); + if (defined $zfcp) { + push(@zfcp, $zfcp); + } + } + } + # wait for udev to process all events triggered by sysopen(,O_EXCL) + system("$UDEVADM settle"); + } + + return(\@dasd, \@zfcp); +} + +sub prepare_dasd +{ + my @devices = @_; + + my $format_disks = ""; + + # check formatting + for my $device (@devices) { + # determine disk layout + my ($fmtstr) = `$DASDVIEW -x $device` =~ /(\w\w\w) formatted/; + + SWITCH: + for($fmtstr) { + if (/NOT/) { + print("Unformatted disk, formatting $device.\n"); + $format_disks .= " $device"; + last SWITCH; + } + if (/LDL/) { + if ($OPT_FORCE) { + print("Linux disk layout, reformatting $device.\n"); + $format_disks .= " $device"; + } else { + print("$device was formatted with the Linux disk layout.\n"); + print("Unable to use it without reformatting.\n"); + exit_with("Re-issue the mkdump command with the --force option.", 12); + } + last SWITCH; + } + if (/CDL/) { + # allow reformatting with force, since fdasd isn't able to create volume label interactively + if ($OPT_FORCE) { + print("Compatible disk layout, force reformatting $device.\n"); + $format_disks .= " $device"; + } else { + print("$device: Compatible disk layout, Ok to use.\n"); + } + last SWITCH; + } + exit_with("Unknown layout ($fmtstr), cannot use disk.", 11); + } + } + + # format devices + if ($format_disks) { + #up to eight devices in parallel + run_cmd("$DASDFMT -P 8 -b 4096 -y -f $format_disks"); + } + + # check partitioning and partition + for my $device (@devices) { + my $part_num = get_partition_num($device); + if ($part_num == 0 or $OPT_FORCE) { + print("Re-partitioning disk $device.\n"); + run_cmd("$FDASD -a $device"); + } else { + # allow disk with one partition if it don't consist a file system + if ($part_num == 1) { + my ($fstype) = `$BLKID ${device}1` =~ /TYPE=\"(\w+)\"/; + if ($fstype) { + exit_with("Device ${device}1 already contains a filesystem of type $fstype.", 12); + } + } else { + exit_with("$part_num partitions detected, cannot use disk $device.", 12); + } + } + } +} + +sub setup_dasddump +{ + my @devices = @_; + + prepare_dasd(@devices); + + # create zipl device configuration file + # don't create files in debug mode + unless ($OPT_DEBUG) { + open(my $file, ">", $MDPATH) or exit_with("Unable to access $MDPATH: $!.", 15); + for my $device (@devices) { + print{$file}("${device}1\n"); + } + close($file); + } + + print("Creating dump record.\n"); + run_cmd("${ZIPL} -V -n -M $MDPATH"); + + cleanup(); +} + +sub setup_zfcpdump +{ + my $device = shift(); + + # check partitioning + my $part_num = get_partition_num($device); + if ($part_num == 0 or $OPT_FORCE) { + print("Re-partitioning disk $device.\n"); + run_cmd("$PARTED -s -- $device mklabel gpt mkpart primary 0 -1"); + } else { + if ($part_num > 1) { + exit_with("$part_num partitions detected, cannot use disk $device.", 12); + } + } + + # install bootloader + print("Creating dump record.\n"); + my $partdev; + if ($device =~ /^\/dev\/mapper\//) { + $partdev = $device . "-part1"; # kpartx partition on multipath + } else { + $partdev = $device . "1"; # real partition, single path SCSI + } + run_cmd("${ZIPL} -V -d ${partdev}"); + + cleanup(); +} + +sub print_version +{ + print << "EOF"; +mkdump $VERSION + +Copyright (c) 2011 SUSE LINUX Products GmbH +License GPLv2 or (at your option) any later version. + +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. + +Written by Tim Hardeck . +EOF + exit(0); +} + +sub print_usage +{ + my $exitcode = shift(); + + print << "EOF"; +Usage: mkdump [OPTIONS] [DEVICE]... +mkdump $VERSION + +Prepare one or more volumes for use as S/390 dump device. Supported devices +are ECKD DASD and SCSI over zFCP disks, while multi-volumes are limited to DASD. + +Only whole disks can be used, no partitions! If the device is incompatible +formatted/partioned, the script will refuse to install the dump record +unless the --force switch is given. + +Disks which are in use or have mounted partitions will not be listed and can't be used. +The mentioning of "dumpdevice" after a disk indicates that it is an already usable dump device. Additionally multi-volume dump devices are indicated by the list of including DASD ids. + +Options: + -h, --help display this help and exit + -V, --version display version information and exit + + -d, --debug debug mode, do not run programs which commit changes + -v, --verbose be verbose and show command outputs + -f, --force force overwrite of the disk + + -l, --list-dump display dump disks + -D, --list-dasd display usable DASD disks (Device, Size, ID, Dump) + -Z, --list-zfcp display usable SCSI over zFCP disks (Device, Size, ID, WWPN, LUN, Dump) + +Report bugs on https://bugzilla.novell.com/ +EOF + + exit($exitcode); +} + +sub analyze_cmd_parameters +{ + #verbose, debug and force are global + my $opt_help = 0; + my $opt_version = 0; + my $opt_dump = 0; + my $opt_dasd = 0; + my $opt_zfcp = 0; + + if (@ARGV == 0) { + print_usage(14); + } + + Getopt::Long::Configure('bundling'); + GetOptions( + 'h|help' => \$opt_help, + 'V|version' => \$opt_version, + 'd|debug' => \$OPT_DEBUG, + 'v|verbose' => \$OPT_VERBOSE, + 'f|force' => \$OPT_FORCE, + 'l|list-dump' => \$opt_dump, + 'D|list-dasd' => \$opt_dasd, + 'Z|list-zfcp' => \$opt_zfcp, + ) or print_usage(14); + + if ($opt_help) { + print_usage(0); + } + + if ($opt_version) { + print_version(); + } + + # determine free dasd and zfcp devices + my ($dasd_ref, $zfcp_ref) = determine_free_disks(); + + if ($opt_dump) { + list_dump_disks(@$dasd_ref, @$zfcp_ref); + exit 0; + } + + if ($opt_dasd) { + list_free_disks(\@$dasd_ref, "dasd"); + } + + if ($opt_zfcp) { + list_free_disks(\@$zfcp_ref, "zfcp"); + } + + # allow listing of both device types at the same time + if ($opt_dasd or $opt_zfcp) { + exit 0; + } + + # check provided devices and be strict + my @devices; + for my $device (@ARGV) { + if (grep(/$device/, @devices)) { + exit_with("$device is mentioned more than once.", 14); + } + # dm devices other than dm-multipath are filtered by is_zfcp() + if ( $device =~ /^\/dev\/[a-z]+$/ == 0 and + $device !~ /^\/dev\/mapper\// ) { + exit_with("The device parameter $device is inaccurate. Only whole disks are allowed.", 14); + } + if (grep(/$device/, (@$dasd_ref, @$zfcp_ref))) { + my $zfcp = is_zfcp($device); + if (defined $zfcp and @ARGV > 1) { + exit_with("Multi-volume dumps aren't supported with zFCP.", 14); + } + push(@devices, (defined $zfcp) ? $zfcp : $device); + } else { + if (-b $device) { + exit_with("$device is in use or not a DASD/zFCP disk!", 14); + } else { + exit_with("$device does not exist!", 14); + } + } + } + + if (@devices == 0) { + exit_with("No usable devices where provided.", 14); + } + + return(@devices); +} + +sub main +{ + check_paths(); + my @devices = analyze_cmd_parameters(); + + # only one dump device is possible with zFCP which is enforced in analyze_cmd_parameters + my $zfcp = is_zfcp($devices[0]); + if (defined $zfcp) { + setup_zfcpdump($zfcp); + } else { + setup_dasddump(@devices); + } + + print("Creating the dump device was successful.\n"); +} + +main(); diff --git a/pkey.conf b/pkey.conf new file mode 100644 index 0000000..6d75dbe --- /dev/null +++ b/pkey.conf @@ -0,0 +1,10 @@ +# +# Copyright (c) 2018-2024 SUSE LINUX GmbH, Nuernberg, Germany. +# All rights reserved. +# + +# load pkey module at boot time +pkey +pkey_cca +pkey_ep11 +pkey_pckmo diff --git a/qeth_configure b/qeth_configure new file mode 100644 index 0000000..8e883ab --- /dev/null +++ b/qeth_configure @@ -0,0 +1,174 @@ +#! /bin/sh +# +# qeth_configure +# +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# +# Configures a qeth device by calling the IBM-provided chzdev command. +# Whereas this script used to validate the parameters provided to it, +# we now rely on chzdev to do that instead. The script is intended only +# as a "translation layer" to provide backward compatability for older +# scripts and tools that invoke it. +# +# Usage: +# qeth_configure [-i] [-l] [-f -t ] [-o "Values"] -n -p +# +# -i Configure IP takeover +# -l Configure Layer2 support +# -f Override safety checks +# -t Valid cardtypes are: qeth, hsi - Deprecated +# -o General QETH options, separated by spaces +# -n QETH port number to use, 0 or 1. Only needed for real, not virtual +# devices. +# -p QETH Portname to use - Deprecated. OSAs no longer need a port name. +# read/write/data chan = x.y.ssss where +# x is always 0 until IBM creates something that +# uses that number +# y is the logical channel subsystem (lcss) +# number. Most often this is 0, but it could +# be non-zero +# ssss is the four digit subchannel address of +# the device, in hexidecimal, with leading +# zeros. +# online = 0 to take the device offline +# 1 to bring the device online +# +# Return values: +# Return codes are determined by the chzdev command. +# + +mesg () { + echo "$@" +} + +debug_mesg () { + case "${DEBUG}" in + yes) mesg "$@" ;; + *) ;; + esac +} + +add_cio_channel() { + echo "$* # ${DATE}" >> /boot/zipl/active_devices.txt +} + +remove_cio_channel() { + [ -w /boot/zipl/active_devices.txt ] && sed -i -e "/^${1}/d" /boot/zipl/active_devices.txt +} + +usage(){ + echo "Usage: ${0} [options] " + echo " -i Configure IP takeover" + echo " -l Configure Layer2 support" + echo " -f Override safety checks" + echo " -t Valid cardtypes are: qeth, hsi - Deprecated." + echo " -o General QETH options, separated by spaces" + echo " -n QETH port number to use, 0 or 1. Only needed for real, not virtual" + echo " devices." + echo " -p QETH Portname to use - Deprecated. OSAs no longer need a port name." + echo " read/write/data chan = x.y.ssss where" + echo " x is always 0 until IBM creates something that" + echo " uses that number" + echo " y is the logical channel subsystem (lcss)" + echo " number. Most often this is 0, but it could" + echo " be non-zero" + echo " ssss is the four digit subchannel address of" + echo " the device, in hexidecimal, with leading" + echo " zeros." + echo " online = 0 to take the device offline" + echo " 1 to bring the device online" +} + +if [ "${DEBUG}" != "yes" ]; then + DEBUG="no" +fi + +DATE=$(date) + +############################################################ +# Parse the parameters from the command line +# +ARGS=$(getopt --options ifln:o:p:t: -n "qeth_configure" -- "$@") +if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi + +eval set -- "${ARGS}" +debug_mesg "All the parms passed were ${ARGS}" + +# Set some defaults +LAYER_MODE="layer2=0" + +while true; do + case "${1}" in + -i) debug_mesg "Configure IP takeover" + PARM_LIST="${PARM_LIST} ipa_takeover/enable=1" + shift 1 + ;; + -f) debug_mesg "This used to mean udev rules will always be generated." + debug_mesg "For chzdev, it means safety checks will be overridden." + debug_mesg "Kinda sorta the same thing, really." + PARM_LIST="${PARM_LIST} -f" + shift 1 + ;; + -l) debug_mesg "Configure Layer 2 support" + LAYER_MODE="layer2=1" + shift 1 + ;; + -n) debug_mesg "Set QETH port number to ${2}" + PARM_LIST="${PARM_LIST} portno=${2}" + shift 2 + ;; + -o) debug_mesg "Add the following arbitrary parms: ${2}" + PARM_LIST="${PARM_LIST} ${2}" + shift 2 + ;; + -p) debug_mesg "QETH Port name is no longer used, don't specify it: ${2}" + shift 2 + ;; + -t) debug_mesg "This used to set the card type to ${2}" + debug_mesg "Now it gets ignored." + shift 2 + ;; + --) debug_mesg "Found the end of parms indicator: --" + shift 1 + break + ;; + *) debug_mesg "At the catch-all select entry" + debug_mesg "What was selected was ${1}" + shift 1 + ;; + esac +done + +QETH_READ_CHAN=${1} +QETH_WRITE_CHAN=${2} +QETH_DATA_CHAN=${3} +ON_OFF=${4} + +if [ -z "${QETH_READ_CHAN}" ] || [ -z "${QETH_WRITE_CHAN}" ] || [ -z "${QETH_DATA_CHAN}" ] || [ -z "${ON_OFF}" ]; then + mesg "You didn't specify all the needed parameters." + usage + exit 1 +fi + +if [ "${ON_OFF}" == 0 ]; then + debug_mesg "chzdev -d qeth --no-root-update ${QETH_READ_CHAN}" + chzdev -d qeth --no-root-update ${QETH_READ_CHAN} +elif [ "${ON_OFF}" == 1 ]; then + debug_mesg "chzdev -e qeth --no-root-update ${LAYER_MODE} ${PARM_LIST} ${QETH_READ_CHAN}" + chzdev -e qeth ${LAYER_MODE} --no-root-update ${PARM_LIST} ${QETH_READ_CHAN} +else mesg "You must specify a 0 or a 1 for the online/offline attribute." + usage + exit 1 +fi + +RC=${?} +if [ ${RC} -ne 0 ]; then + exit ${RC} +fi + +if [ ${ON_OFF} == 1 ]; then + add_cio_channel "${QETH_READ_CHAN},${QETH_WRITE_CHAN},${QETH_DATA_CHAN}" +else remove_cio_channel "${QETH_READ_CHAN}" + remove_cio_channel "${QETH_WRITE_CHAN}" + remove_cio_channel "${QETH_DATA_CHAN}" +fi diff --git a/qeth_configure.8 b/qeth_configure.8 new file mode 100644 index 0000000..bb1e76d --- /dev/null +++ b/qeth_configure.8 @@ -0,0 +1,66 @@ +.TH qeth_configure "8" "July 2013" "s390-tools" +.SH NAME +qeth_configure \- Configures or deconfigures a HiperSocket adapter or an IBM Open Systems Adapter (OSA) in QDIO mode +.SH SYNOPSIS +.B qeth_configure [options] read_channel write_channel data_channel online +.SH DESCRIPTION +.B qeth_configure +is intended to make it easy to persistently add and remove HiperSocket Adapters and Open System Adapters (OSAs) that are in QDIO mode. In addition to bringing the adapter online or offline, it will also create or delete the necessary udev rules for the adapter. +.SH PARAMETERS +.IP read_channel +The device number of the read channel of the adapter. Takes the form x.y.ssss. +.IP write_channel +The device number of the write channel of the adapter.Takes the form x.y.ssss. +.IP data_channel +The device number of the data channel of the adapter.Takes the form x.y.ssss. +.RS + +where +.RS +.B x +is always 0 until IBM creates something that uses that number. +.RE +.RS +.B y +is the logical channel subsystem (lcss) number. Most often this is 0, but it could be non-zero. +.RE +.RS +.B ssss +is the four digit subchannel address of the device, in hexidecimal, with leading zeros. If entered in upper/mixed case, this is automatically converted to lower case. +.RE +.RE +.RS +.RE +.RE +.IP online +Either a literal 1 to bring the adapter online or a literal 0 to take it offline +.SH OPTIONAL PARAMETERS +.IP -i +Configure IP takeover +.IP -l +Configure Layer 2 support +.IP -f +Force creation of udev rules, do not check values in /sys. Requires -t to be specfied. +.IP "-t CARDTYPE" +The type of card being configured. Valid values are: qeth, hsi, or osn. +.IP "-o ""Values""" +General/arbitrary QETH options, separated by spaces +.IP "-n portnumber" +QETH port number to use, 0 or 1. Only needed for real, not virtual devices. +.IP "-p portname" +QETH Portname to use. Only needed if sharing a real OSA with z/OS. +.SH FILES +Please see the documentation of +.B chzdev. +.SH ENVIRONMENT +.IP DEBUG +If set to "yes" some minimal debugging information is output during execution. +.SH DIAGNOSTICS +Messages and return codes are determined by the +.B chzdev +command. +If environment variable DEBUG is set to "yes," it shows the command line of the invoked +.B chzdev, +and a message for each command line option is issued on stdout. +.SH BUGS +Gotta be some, I'm sure. If you find one, please open a bug report. diff --git a/read_values.8 b/read_values.8 new file mode 100644 index 0000000..a308d97 --- /dev/null +++ b/read_values.8 @@ -0,0 +1,50 @@ +.TH read_values "8" "March 2015" "s390-tools" +.SH NAME +read_values \- Read information from the /sys and /proc filesystems for SUSE Customer Center (SCC) and the like. +.SH SYNOPSIS +.B read_values [-s] [-u] [-c] [-a Attribute] [-L Keyword] [-d debug] [-h] +.SH DESCRIPTION +.B read_values +is intended to make it easy to read values from the /sys and /proc filesystems. Those values may be at different places depending on the machine type and the kernel version. +.SH PARAMETERS +.IP -s +Outputs the values needed by the SCC (SUSE Customer Center) +.IP -u +Creates a uuid for this system +.IP -c +Prints the CPU type of the current system +.IP -a Attribute +Prints the value of the +.B Attribute +.IP -L Keyword +The +.B Keyword +may be +.B Attribute +or +.B Recognised. +With this option you get a list of all +.B Attributes +the programm can accept ( +.B Attribute +) or a list of attributes which in turn can be used for the option -L ( +.B Recognised +). +.SH FILES +.I /sys and /proc +.SH DIAGNOSTICS +The following messages may be issued on stderr: +.IP +.B Unable to open /proc/sysinfo +or +.B Unable to open sysinfo.zvm +.RS +The named file cannot be opened. This means the tool can't do anything useful. Return code 99 is set. +.RE +.IP +.B Only one of the options a, c, L, s or u can be specified. +.RS +Only one of the options a, c, L, s or u can be specified at a time. Return code 1 is set. +.RE +.SH BUGS +Gotta be some, I'm sure. If you find one, please open a bug report. diff --git a/read_values.c b/read_values.c new file mode 100644 index 0000000..c701a5e --- /dev/null +++ b/read_values.c @@ -0,0 +1,628 @@ +/********************************************************************************/ +/* */ +/* Copyright (C) 2014-2015, 2019-2023 SUSE LLC */ +/* */ +/* All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +*/ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* + * Data types + */ +enum datatypes { + integer, + string, + floatingpoint +}; + +#define WITHOUT_KEY 0 +#define WITH_KEY 1 + +static char *versionstring = "Version 1.0.5 2024-06-20 14:30"; + +static char *version = "1.0.5"; + +void *configuration_handle = NULL; +int layers = -1; + +/* + * List of machine types + */ +struct machinetype { + enum qc_model_families model_families; + char *typenumber; + char *fullname; + } machinetypes[] = { + { QC_TYPE_FAMILY_IBMZ, "2064", "2064 = z900 IBM eServer zSeries 900" }, + { QC_TYPE_FAMILY_IBMZ, "2066", "2066 = z800 IBM eServer zSeries 800" }, + { QC_TYPE_FAMILY_IBMZ, "2084", "2084 = z990 IBM eServer zSeries 990" }, + { QC_TYPE_FAMILY_IBMZ, "2086", "2086 = z890 IBM eServer zSeries 890" }, + { QC_TYPE_FAMILY_IBMZ, "2094", "2094 = z9-EC IBM System z9 Enterprise Class" }, + { QC_TYPE_FAMILY_IBMZ, "2096", "2096 = z9-BC IBM System z9 Business Class" }, + { QC_TYPE_FAMILY_IBMZ, "2097", "2097 = z10-EC IBM System z10 Enterprise Class" }, + { QC_TYPE_FAMILY_IBMZ, "2098", "2098 = z10-BC IBM System z10 Business Class" }, + { QC_TYPE_FAMILY_IBMZ, "2817", "2817 = z196 IBM zEnterprise 196" }, + { QC_TYPE_FAMILY_IBMZ, "2818", "2818 = z114 IBM zEnterprise 114" }, + { QC_TYPE_FAMILY_IBMZ, "2827", "2827 = z12-EC IBM zEnterprise EC12" }, + { QC_TYPE_FAMILY_IBMZ, "2828", "2828 = z12-BC IBM zEnterprise BC12" }, + { QC_TYPE_FAMILY_IBMZ, "2964", "2964 = z13 IBM z13" }, + { QC_TYPE_FAMILY_LINUXONE, "2964", "2964 = IBM LinuxONE Emperor" }, + { QC_TYPE_FAMILY_IBMZ, "2965", "2965 = z13s IBM z13s (single frame)" }, + { QC_TYPE_FAMILY_LINUXONE, "2965", "2965 = IBM LinuxONE Rockhopper" }, + { QC_TYPE_FAMILY_IBMZ, "3906", "3906 = z14 IBM z14" }, + { QC_TYPE_FAMILY_LINUXONE, "3906", "3906 = IBM LinuxONE Emperor II" }, + { QC_TYPE_FAMILY_IBMZ, "3907", "3907 = z14 ZR1 IBM z14 ZR1" }, + { QC_TYPE_FAMILY_LINUXONE, "3907", "3907 = IBM LinuxONE Rockhopper II" }, + { QC_TYPE_FAMILY_IBMZ, "8561", "8561 = z15 T01 IBM z15 T01" }, + { QC_TYPE_FAMILY_LINUXONE, "8561", "8561 = IBM LinuxONE III LT1" }, + { QC_TYPE_FAMILY_IBMZ, "8562", "8562 = z15 T02 IBM z15 T02" }, + { QC_TYPE_FAMILY_LINUXONE, "8562", "8562 = IBM LinuxONE III LT2" }, + { QC_TYPE_FAMILY_IBMZ, "3931", "3931 = z16 A01 IBM z16 A01" }, + { QC_TYPE_FAMILY_LINUXONE, "3931", "3931 = IBM LinuxONE Emperor 4" }, + { QC_TYPE_FAMILY_IBMZ, "3932", "3932 = z16 A02 IBM z16 A02" }, + { QC_TYPE_FAMILY_LINUXONE, "3932", "3932 = IBM LinuxONE Rockhopper 4" }, + }; + +int debug = 0; + +/******************************************************************************/ +/* */ +/* Print the program version */ +/* */ +/******************************************************************************/ +void print_version() +{ +printf("Version: %s\n", version); +} +/******************************************************************************/ +/* */ +/* Look for one attribute and print it */ +/* */ +/******************************************************************************/ +void print_attribute(char *user_string, int level, enum qc_attr_id attribute, enum datatypes type, int print_key) +{ +int erg = 0; +const char *result_string = NULL; +int result_int = 0; +float result_float = 0.0; + + switch (type) + { + case integer: + erg = qc_get_attribute_int(configuration_handle, attribute, level, &result_int); + break; + case string: + erg = qc_get_attribute_string(configuration_handle, attribute, level, &result_string); + break; + case floatingpoint: + erg = qc_get_attribute_float(configuration_handle, attribute, level, &result_float); + break; + default: + break; + } + if (erg == 1) { + if (print_key == WITH_KEY) { + printf("%s : ",(user_string == NULL? "NULL": user_string)); + } /* endif */ + switch (type) + { + case integer: + printf("%d\n",result_int); + break; + case string: + printf("%s\n", result_string); + break; + case floatingpoint: + printf("%f\n",result_float); + break; + default: + break; + } + } /* endif */ + else { + if ( erg == 0 ) { + /* printf("%s : Attribute exists, but is not set. \n", (user_string == NULL? "NULL": user_string)); */ + } /* endif */ + else if ( erg < 0) { + printf("%s: An error occurred retrieving the attribute. Error: erg = %d, result_string = %s \n", user_string, erg, (result_string == NULL? "NULL": result_string)); + } /* end else if */ + /* */ + /* TODO qc_get_attribute_string returned error */ + /* */ + } +} /* print_attribute */ + +/********************************************************************************/ +/* */ +/* Open the lib and get the handle */ +/* */ +/********************************************************************************/ +int read_sysinfo() +{ +int return_code; + + configuration_handle = qc_open(&return_code); + if (return_code < 0) { + printf("Error: Unable to open configuration, return_code =%d\n", return_code); + return -1; + } /* endif */ + if (return_code > 0) { + printf("Warning: Unable to read configuration completely, return_code =%d\n", return_code); + return -2; + } /* endif */ + if (configuration_handle == NULL) { + printf("Error: Unable to open configuration, return_code =%d\n", return_code); + return -3; + } /* endif */ + layers = qc_get_num_layers(configuration_handle, &return_code); + if (layers < 0) { + printf("Error: Unable to retrieve number of layers, return_code =%d\n", return_code); + return -4; + } /* endif */ + return 0; +} /* read_sysinfo */ + +/********************************************************************************/ +/* */ +/* Look at the type of machine we're running on and print out a user */ +/* friendly string */ +/* */ +/********************************************************************************/ +void print_cputype() +{ +int i, search; +int erg; +const char *cpu_type = NULL; +int family_type = -1; + +/* + * First find out whether we run on an IBM Z, or a LinuxONE system + */ + erg = qc_get_attribute_int(configuration_handle, qc_type_family, 0, &family_type); + if (erg <= 0 || family_type == -1) { + printf("Error reading family type\n"); + return; + } /* endif */ +/* + * Now get the machine ID + */ + erg = qc_get_attribute_string(configuration_handle, qc_type, 0, &cpu_type); + if (erg == 1 && cpu_type != NULL) { + for (i = 0, search = 1; (i < sizeof(machinetypes) / sizeof(struct machinetype)) && search ; i++) + { + if ((family_type == machinetypes[i].model_families) && (strcmp(cpu_type, machinetypes[i].typenumber) == 0)) { + printf("%s\n", machinetypes[i].fullname); + search = 0; + } /* endif */ + } /* endfor */ + if (search != 0) { + printf("An unknown machine type was reported: %s\n\ +Please file a bug report with this output:\n" , cpu_type); +/* TODO output of /proc/sysinfo */ + } /* endif */ + } /* endif */ + return; +} /* print_cputype */ + +/********************************************************************************/ +/* */ +/* Print out the values for SCC */ +/* */ +/* To uniquely identify a machine the following information is used: */ +/* */ +/* Type */ +/* Sequence code */ +/* CPUs total */ +/* CPUs IFL */ +/* LPAR Number */ +/* LPAR Characteristics: */ +/* LPAR CPUs */ +/* LPAR IFLs */ +/* */ +/* Optional: */ +/* */ +/* VM00 Name */ +/* VM00 Control Programm */ +/* VM00 CPUs */ +/* */ +/********************************************************************************/ +void print_scc() +{ +print_version(); +print_attribute("Type", 0, qc_type, string, WITH_KEY); +print_attribute("Type Name", 0, qc_type_name, string, WITH_KEY); +print_attribute("Sequence Code", 0, qc_sequence_code, string, WITH_KEY); +print_attribute("CPUs Total", 0, qc_num_ifl_total, integer, WITH_KEY); +print_attribute("CPUs IFL", 0, qc_num_ifl_total, integer, WITH_KEY); +print_attribute("LPAR Number", 1, qc_partition_number, integer, WITH_KEY); +print_attribute("LPAR Name", 1, qc_layer_name, string, WITH_KEY); +print_attribute("LPAR Characteristics", 1, qc_partition_char, string, WITH_KEY); +print_attribute("LPAR CPUs Total", 1, qc_num_ifl_total, integer, WITH_KEY); +print_attribute("LPAR CPUs IFL", 1, qc_num_ifl_total, integer, WITH_KEY); +if (layers > 2) { +/* + * This means, that eather zKVM or z/Vm is running + */ + print_attribute("VM00 Name", 3, qc_layer_name, string, WITH_KEY); + print_attribute("VM00 Control Program", 2, qc_control_program_id, string, WITH_KEY); + print_attribute("VM00 CPUs Total", 3, qc_num_cpu_total, integer, WITH_KEY); + print_attribute("VM00 IFLs", 3, qc_num_cpu_total, integer, WITH_KEY); +} /* endif */ +return; +} /* print_scc */ + + +/******************************************************************************/ +/* */ +/* Secure boot support models ( check_model () ) */ +/* Only the following machines support secure boot: */ +/* z14, z14 ZR1, z15, z16 */ +/* */ +/******************************************************************************/ + +int check_model (const char *cpu) { + + #define IBM_Models 6 /* Number of IBM models listed below */ + char *types[IBM_Models] = { + "3906", + "3907", + "8561", + "8562", + "3931", + "3932", + }; + + int i; + int models = sizeof(types) / sizeof(types[0]); + + for ( i = 0; i < models; i++) { + + if ( !strcmp(cpu,types[i]) ) { + return 1; + }; + } + return 0; +} /* check_model */ + + +/******************************************************************************/ +/* */ +/* print out whether secure boot is enabled */ +/* */ +/******************************************************************************/ +void print_secure_mode() +{ +int erg; +int release_major; +int release_sub; +int release_minor; +const char *cpu_type = NULL; +int cpu_okay = 0; +int Layer = 0; +int i = 0; +/* + * First we have to check whether we have the appropriate kernel Level (>= 5.3) + */ + +struct utsname uts; + + erg = uname(&uts); + if (erg != 0) { + perror ("Error executing uname(): "); + return; + } /* endif */ +#if 0 + printf("sysname: %s\n", uts.sysname); + printf("nodename: %s\n", uts.nodename); + printf("release: %s\n", uts.release); +#endif + /* + * A release number looks like: m.s.mi + * where m, s, mi are numbers with one ore more digits + * Minimum kernel version is 5.3 + */ + erg = sscanf(uts.release,"%d.%d.%d-%*s", &release_major, &release_sub, &release_minor); + if ( release_major < 5 ) { + goto return_does_not_exist; + } + if ( release_sub < 3 ) { + goto return_does_not_exist; + } +#if 0 + printf("Translated successfully: %d\n", erg); + printf("release_major: %d\n", release_major); + printf("release_sub: %d\n", release_sub); + printf("release_minor: %d\n", release_minor); + printf("version: %s\n", uts.version); + printf("machine: %s\n", uts.machine); + printf("Print_secure called\n"); +#endif + /* + * Only the following machines support secure boot: + * z14, z15, z16 + * 3906, 3907, 8561, 8562, 3931, 3932 + */ + erg = qc_get_attribute_string(configuration_handle, qc_type, 0, &cpu_type); + if (erg == 1 && cpu_type != NULL) { + cpu_okay = check_model(cpu_type); + if ( cpu_okay == 0 ) { + goto return_does_not_exist; + } /* endif */ + } /* endif */ + + for ( i = 0; i < layers; i++) { + erg = qc_get_attribute_int(configuration_handle, qc_layer_type_num, i, &Layer); + if (erg == 1) { + print_attribute("Secure mode on ", i, qc_has_secure, integer, WITH_KEY); + print_attribute("Secure mode used", i, qc_secure, integer, WITH_KEY); + } /* endif */ + } /* endfor */ +return; + +return_does_not_exist: +/* + * Software or hardware does not support secure boot. + */ + puts("Secure mode on : 0\nSecure mode used : 0"); +return; +} /* print_secure_mode */ + + +/******************************************************************************/ +/* */ +/* print out the uuid for this machine */ +/* */ +/******************************************************************************/ +int print_uuid() +{ + const char *result_string = NULL; + int erg; + + erg = qc_get_attribute_string(configuration_handle, qc_sequence_code, 0, &result_string); + if (erg != 1) + { + puts("Error reading the Serial Number"); + return 1; + } + printf("%s", result_string); + + result_string = NULL; + + erg = qc_get_attribute_string(configuration_handle, qc_layer_name, 1, &result_string); + if (erg != 1) + { + puts("Error reading the LPAR Name"); + return 1; + } + printf("-%s", result_string); + + result_string = NULL; + if (layers > 2) { + + erg = qc_get_attribute_string(configuration_handle, qc_layer_name, 3, &result_string); + if (erg != 1) + { + puts("Error Reading the VM Name"); + return 1; + } + printf("-%s", result_string); + } + putchar('\n'); + return 0; +} /* print_uuid */ + +/******************************************************************************/ +/* */ +/* print out the list of valid / found symbols */ +/* */ +/******************************************************************************/ +void list(char * list_attribute_param) +{ +return; +} /* list */ + +/******************************************************************************/ +/* */ +/* print out the requested attribute */ +/* */ +/******************************************************************************/ +void print_user_attribute(char *key, char *attribute_param, int layer) +{ +return; +} /* print_user_attribute */ + + +/******************************************************************************/ +/* */ +/* Help Function */ +/* */ +/******************************************************************************/ +void help() +{ +puts("help:\n\ +\n\ +-a List the value of the named attribute\n\ +-c Print the cputype of this machine\n\ +-d Debug Level\n\ +-h this help\n\ +-L List the requested list (Attribute, Recognised)\n\ +-s create Info for SCC\n\ +-S report whether secure boot is switched on\n\ +-u create uuid\n\ +-V print version string\n\ +"); +#if 0 +if (debug != 0) { + puts("\n\ +Valid values for debug:\n\ + 4 - read sysinfo.zvm from current directory instead of /proc/sysinfo\n\ + 8 - printout lines read in from source (see debug == 4)\n\ + 16 - printf found keys in store_value\n\ + 32 - Search expression in show attribute\n\ +"); +} /* endif */ +#endif +} /* help */ + +/******************************************************************************/ +/* */ +/* Main */ +/* */ +/******************************************************************************/ +int main(int argc, char **argv, char **envp) +{ +int opt; +int read_sysinfo_opt; +int print_attr; +int print_cpu; +int print_secure; +int print_help; +int list_attr; +int create_scc; +int create_uuid; +int erg; +int return_code; +char *print_attribute_param = NULL; +char *list_attribute_param = NULL; +void *configuration_handle_tmp = NULL; + + read_sysinfo_opt = + print_attr = + print_cpu = + print_secure = + print_help = + list_attr = + create_scc = + create_uuid = + return_code = + erg = 0; + if (strcmp(argv[0],"cputype") == 0) { + read_sysinfo_opt++; + print_cpu++; + } /* endif */ + else { + while ((opt = getopt(argc, argv, "a:cd:hL:sSuV")) != -1) { + switch (opt) + { + case 'a': + read_sysinfo_opt++; + print_attr++; + print_attribute_param = strdup(optarg); + break; + case 'c': + read_sysinfo_opt++; + print_cpu++; + break; + case 'd': + debug = atoi(optarg); + if ((debug & 1) == 1) { + setenv("QC_DEBUG", "1", 1); + } /* endif */ + if ((debug & 2) == 2) { + setenv("QC_AUTODUMP", "1", 1); + } /* endif */ + debug = debug >> 2; + break; + case 'L': + read_sysinfo_opt++; + list_attr++; + list_attribute_param = strdup(optarg); + break; + case 's': /* create unique string for scc */ + read_sysinfo_opt++; + create_scc++; + break; + case 'S': /* print out whether secure boot is enabled */ + read_sysinfo_opt++; + print_secure++; + break; + case 'u': /* create UUID */ + read_sysinfo_opt++; + create_uuid++; + break; + case 'V': + printf("%s\n",versionstring); + return 0; + break; + case 'h': + default: + print_help++; + break; + } /* endswitch */ + } /* while */ + } /* endlse */ + if (print_help != 0) { + help(); + return 0; + } /* endif */ + if (read_sysinfo_opt != 0) { + if ((erg = read_sysinfo()) != 0) { + return -erg; + } /* endif */ + } /* endif */ + if ((print_attr + print_cpu + print_secure + list_attr + create_scc + create_uuid) > 1) { + fputs("Only one of the options a, c, L, s, S or u can be specified.\n",stderr); + return 1; + } /* endif */ + /* still not implemented thatfore set to zero */ + list_attr = print_attr = 0; + if (print_attr != 0) { + print_user_attribute(NULL, print_attribute_param, layers); + goto main_exit; + } /* endif */ + if (print_cpu != 0) { + print_cputype(); + goto main_exit; + } /* endif */ + if (print_secure != 0) { + print_secure_mode(); + goto main_exit; + } /* endif */ + if (list_attr != 0) { + list(list_attribute_param); + goto main_exit; + } /* endif */ + if (create_scc != 0) { + print_scc(); + goto main_exit; + } /* endif */ + if (create_uuid != 0) { + if(print_uuid() == 1){ + goto main_exit_error; + } + goto main_exit; + } /* endif */ + help(); +main_exit: + if (configuration_handle != NULL) { + configuration_handle_tmp = qc_open(&return_code); + qc_close(configuration_handle); + setenv("QC_DEBUG", "0", 1); + setenv("QC_AUTODUMP", "0", 1); + qc_close(configuration_handle_tmp); + } /* endif */ + +return 0; + +main_exit_error: +return 1; +} /* end main */ diff --git a/rules.hw_random b/rules.hw_random new file mode 100644 index 0000000..9a4d3d6 --- /dev/null +++ b/rules.hw_random @@ -0,0 +1,2 @@ +# Rules to add hw_random node to maintain SLES11-SP1 backward compatibility +KERNEL=="hwrng", SYMLINK+="hw_random" diff --git a/rules.xpram b/rules.xpram new file mode 100644 index 0000000..0ba0962 --- /dev/null +++ b/rules.xpram @@ -0,0 +1,2 @@ +# Rules to add xpram* nodes to maintain SLES11-SP1 backward compatibility +KERNEL=="sl*[0-9]", SYMLINK+="xpram%n" diff --git a/s390-tools-01-opticsmon-Fix-runaway-loop-in-on_link_change.patch b/s390-tools-01-opticsmon-Fix-runaway-loop-in-on_link_change.patch new file mode 100644 index 0000000..1433eb5 --- /dev/null +++ b/s390-tools-01-opticsmon-Fix-runaway-loop-in-on_link_change.patch @@ -0,0 +1,64 @@ +From dff965465ca9d9c4edaf0f90eadd9a6de335b354 Mon Sep 17 00:00:00 2001 +From: Niklas Schnelle +Date: Fri, 6 Dec 2024 15:28:08 +0100 +Subject: [PATCH] opticsmon: Fix runaway loop in on_link_change() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When on_link_change() gets called with a netdev that would be monitored +but hasn't entered zpci_list yet, reloads is 1 after the loops and +a reload occurs. Then the netdev is found in the list and reloads +becomes -1 which incorrectly triggers more reloads until underflow. +Fix this by returning once the device is found. Also just check for +reloads being larger than zero. + +Fixes: c34adb9cabee ("opticsmon: Introduce opticsmon tool") +Reviewed-by: Halil Pasic +Signed-off-by: Niklas Schnelle +Signed-off-by: Jan Höppner +--- + opticsmon/opticsmon.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/opticsmon/opticsmon.c b/opticsmon/opticsmon.c +index c2f355e2..50dd8d7f 100644 +--- a/opticsmon/opticsmon.c ++++ b/opticsmon/opticsmon.c +@@ -280,16 +280,15 @@ void on_link_change(struct zpci_netdev *netdev, void *arg) + if (!ctx->zpci_list || util_list_is_empty(ctx->zpci_list)) + zpci_list_reload(&ctx->zpci_list); + +-reload: ++find: + util_list_iterate(ctx->zpci_list, zdev) { + for (i = 0; i < zdev->num_netdevs; i++) { + if (!strcmp(zdev->netdevs[i].name, netdev->name)) { +- reloads--; + /* Skip data collection if operational state is + * unchanged + */ + if (zdev->netdevs[i].operstate == netdev->operstate) +- continue; ++ return; + /* Update operation state for VFs even though + * they are skipped just for a consistent view + */ +@@ -297,14 +296,15 @@ void on_link_change(struct zpci_netdev *netdev, void *arg) + /* Only collect optics data for PFs */ + if (!zpci_is_vf(zdev)) + dump_adapter_data(ctx, zdev); ++ return; + } + } + } + /* Might be a new device, reload list of devices and retry */ +- if (reloads) { ++ if (reloads > 0) { + zpci_list_reload(&ctx->zpci_list); + reloads--; +- goto reload; ++ goto find; + } + } + diff --git a/s390-tools-01-zipl-src-add-basic-support-for-multiple-target-base-disks.patch b/s390-tools-01-zipl-src-add-basic-support-for-multiple-target-base-disks.patch new file mode 100644 index 0000000..aa5a861 --- /dev/null +++ b/s390-tools-01-zipl-src-add-basic-support-for-multiple-target-base-disks.patch @@ -0,0 +1,969 @@ +From d6b702d5791b47f735960ad1f6986e0a32768df6 Mon Sep 17 00:00:00 2001 +From: Eduard Shishkin +Date: Thu, 11 Jul 2024 10:43:37 +0200 +Subject: [PATCH] zipl/src: add basic support for multiple target base disks + +. Modify disk_get_info() to process multiple sets of target parameters + provided by the helper script and store it in the array of "targets" + of the structure job_target_data; +. Besides the logical device, maintain an array of physical base disks + in the disk_info structure; +. Use the logical target device only to create bootmap (it is + automatically mirrored by the respective linux driver (dm, or md) + managing the mirrored target). In contrast, install bootstrap blocks + to each physical base disk individually, bypassing that driver; +. Report in verbose mode on which base disks the bootstrap + installation was performed; +. Use the following logic of setting @info->device (which is printed + as "Device...:" in verbose mode): + . source_auto - the target base disk is set; + . source_script - the target (logical) device is set; + . source_user - the device specified by user (via --targetbase + option), or config file is set. + +Signed-off-by: Eduard Shishkin +Reviewed-by: Stefan Haberland +Signed-off-by: Steffen Eiden +--- + zipl/include/disk.h | 14 +- + zipl/include/install.h | 2 + zipl/include/job.h | 122 ++++++++++++++++++-- + zipl/include/zipl.h | 1 + zipl/src/bootmap.c | 23 ++- + zipl/src/disk.c | 295 +++++++++++++++++++++++++++++++++++++------------ + zipl/src/install.c | 89 +++++++++----- + zipl/src/job.c | 82 +++++++------ + 8 files changed, 469 insertions(+), 159 deletions(-) + +--- a/zipl/include/disk.h ++++ b/zipl/include/disk.h +@@ -56,13 +56,14 @@ + /* targetbase definition */ + typedef enum { + defined_as_device, +- defined_as_name ++ defined_as_name, ++ undefined + } definition_t; + + /* Disk information type */ + struct disk_info { + disk_type_t type; +- dev_t device; ++ dev_t device; /* logical device for bootmap creation */ + dev_t partition; + int devno; + int partnum; +@@ -72,8 +73,11 @@ + struct hd_geometry geo; + char* name; + char* drv_name; +- definition_t targetbase; ++ definition_t targetbase_def; + int is_nvme; ++ dev_t basedisks[MAX_TARGETS]; /* array of physical disks for ++ * bootstrap blocks recording ++ */ + }; + + struct file_range { +@@ -113,6 +117,9 @@ + struct disk_info *info, int align, + off_t *offset); + void disk_print_devt(dev_t d); ++void disk_print_devname(dev_t d); ++void prepare_footnote_ptr(int source, char *ptr); ++void print_footnote_ref(int source, const char *prefix); + void disk_print_info(struct disk_info *info, int source); + int disk_is_zero_block(disk_blockptr_t* block, struct disk_info* info); + blocknum_t disk_compact_blocklist(disk_blockptr_t* list, blocknum_t count, +@@ -122,7 +129,6 @@ + disk_blockptr_t** blocklist, + struct disk_info* pinfo); + int disk_check_subchannel_set(int devno, dev_t device, char* dev_name); +-void disk_print_geo(struct disk_info *data); + int fs_map(int fd, uint64_t offset, blocknum_t *mapped, int fs_block_size); + + #endif /* not DISK_H */ +--- a/zipl/include/install.h ++++ b/zipl/include/install.h +@@ -71,7 +71,7 @@ + struct program_component *components[NR_PROGRAM_COMPONENTS]; + int nr_menu_entries; + int fd; +- char *device; ++ char *basetmp[MAX_TARGETS]; + char *filename; + unsigned int tmp_filename_created:1; + unsigned int skip_prepare:1; +--- a/zipl/include/job.h ++++ b/zipl/include/job.h +@@ -18,7 +18,6 @@ + #include "disk.h" + #include "zipl.h" + +- + enum job_id { + job_print_usage = 1, + job_print_version = 2, +@@ -30,6 +29,21 @@ + job_mvdump = 8, + }; + ++/* ++ * Set of parameters per physical disk, which are provided ++ * either by user, or by helper script ++ */ ++struct target { ++ char *targetbase; ++ disk_type_t targettype; ++ int targetcylinders; ++ int targetheads; ++ int targetsectors; ++ int targetblocksize; ++ blocknum_t targetoffset; ++ int check_params; ++}; ++ + /* target information source */ + typedef enum { + source_unknown = 0, +@@ -39,17 +53,21 @@ + } source_t; + + struct job_target_data { +- char* bootmap_dir; +- char* targetbase; +- disk_type_t targettype; +- int targetcylinders; +- int targetheads; +- int targetsectors; +- int targetblocksize; +- blocknum_t targetoffset; ++ char *bootmap_dir; ++ int nr_targets; ++ struct target targets[MAX_TARGETS]; + source_t source; + }; + ++enum target_params { ++ TARGET_BASE, ++ TARGET_TYPE, ++ TARGET_GEOMETRY, ++ TARGET_BLOCKSIZE, ++ TARGET_OFFSET, ++ LAST_TARGET_PARAM ++}; ++ + struct job_common_ipl_data { + char* image; + char* parmline; +@@ -142,12 +160,94 @@ + int is_ldipl_dump; + }; + ++static inline struct target *target_at(struct job_target_data *data, ++ int index) ++{ ++ return index >= MAX_TARGETS ? NULL : &data->targets[index]; ++} ++ ++static inline char *get_targetbase(struct job_target_data *data, int index) ++{ ++ return target_at(data, index)->targetbase; ++} ++ ++static inline void set_targetbase(struct job_target_data *data, int index, ++ char *value) ++{ ++ target_at(data, index)->targetbase = value; ++} ++ ++static inline disk_type_t get_targettype(struct job_target_data *data, ++ int index) ++{ ++ return target_at(data, index)->targettype; ++} ++ ++int set_targettype(struct job_target_data *data, int index, char *value); ++ ++static inline char *job_get_targetbase(struct job_data *job) ++{ ++ return get_targetbase(&job->target, 0); ++} ++ ++static inline void job_set_targetbase(struct job_data *job, char *value) ++{ ++ set_targetbase(&job->target, 0, value); ++} ++ ++static inline int job_get_nr_targets(struct job_data *job) ++{ ++ return job->target.nr_targets; ++} ++ ++static inline void job_set_nr_targets(struct job_data *job, int value) ++{ ++ job->target.nr_targets = value; ++} ++ ++static inline disk_type_t job_get_targettype(struct job_data *job) ++{ ++ return get_targettype(&job->target, 0); ++} ++ ++int job_set_targettype(struct job_data *job, char *value); ++ ++#define define_target_param_ops(_TYPE_, _PARAM_) \ ++static inline _TYPE_ get_target##_PARAM_(struct job_target_data *data, \ ++ int index) \ ++{ \ ++ return target_at(data, index)->target##_PARAM_; \ ++} \ ++ \ ++static inline void set_target##_PARAM_(struct job_target_data *data, \ ++ int index, _TYPE_ value) \ ++{ \ ++ target_at(data, index)->target##_PARAM_ = value; \ ++} \ ++ \ ++static inline _TYPE_ job_get_target##_PARAM_(struct job_data *job) \ ++{ \ ++ return get_target##_PARAM_(&job->target, 0); \ ++} \ ++ \ ++static inline void job_set_target##_PARAM_(struct job_data *job, \ ++ _TYPE_ value) \ ++{ \ ++ set_target##_PARAM_(&job->target, 0, value); \ ++} ++ ++define_target_param_ops(int, cylinders) ++define_target_param_ops(int, heads) ++define_target_param_ops(int, sectors) ++define_target_param_ops(int, blocksize) ++define_target_param_ops(blocknum_t, offset) ++ + /** +- * Return true, if target parameters for the base disk are set ++ * Return true, if target parameters are set at least for one target base disk + */ + static inline int target_parameters_are_set(struct job_target_data *td) + { +- return td->targetbase != NULL; ++ return get_targetbase(td, 0) != NULL; + } + + int job_get(int argc, char* argv[], struct job_data** data); +--- a/zipl/include/zipl.h ++++ b/zipl/include/zipl.h +@@ -41,6 +41,7 @@ + #define MENU_DEFAULT_TIMEOUT 0 + + #define MAX_DUMP_VOLUMES 32 ++#define MAX_TARGETS 32 + + #define SECURE_BOOT_UNDEFINED -1 + #define SECURE_BOOT_DISABLED 0 +--- a/zipl/src/bootmap.c ++++ b/zipl/src/bootmap.c +@@ -1477,9 +1477,9 @@ + printf("Target device information\n"); + disk_print_info(bis->info, job->target.source); + } +- if (misc_temp_dev(bis->info->device, 1, &bis->device)) ++ if (misc_temp_dev(bis->info->device, 1, &bis->basetmp[0])) + return -1; +- if (check_dump_device(job, bis->info, bis->device)) ++ if (check_dump_device(job, bis->info, bis->basetmp[0])) + return -1; + printf("Building bootmap directly on partition '%s'%s\n", + bis->filename, +@@ -1543,6 +1543,8 @@ + static int prepare_build_program_table_file(struct job_data *job, + struct install_set *bis) + { ++ int i; ++ + if (bis->skip_prepare) + /* skip the preparation work */ + return 0; +@@ -1576,8 +1578,12 @@ + printf("Target device information\n"); + disk_print_info(bis->info, job->target.source); + } +- if (misc_temp_dev(bis->info->device, 1, &bis->device)) +- return -1; ++ for (i = 0; i < job_get_nr_targets(job); i++) { ++ if (misc_temp_dev(bis->info->basedisks[i], ++ 1, ++ &bis->basetmp[i])) ++ return -1; ++ } + /* Check configuration number limits */ + if (job->id == job_menu) { + if (check_menu_positions(&job->data.menu, job->name, +@@ -1692,9 +1698,9 @@ + /* Retrieve target device information */ + if (disk_get_info(job->data.dump.device, &job->target, &info)) + return -1; +- if (misc_temp_dev(info->device, 1, &bis->device)) ++ if (misc_temp_dev(info->device, 1, &bis->basetmp[0])) + return -1; +- if (check_dump_device(job, info, bis->device)) ++ if (check_dump_device(job, info, bis->basetmp[0])) + return -1; + + assert(!job->target.bootmap_dir); +@@ -1844,6 +1850,9 @@ + if (bis->tmp_filename_created) + misc_free_temp_file(bis->filename); + free(bis->filename); +- misc_free_temp_dev(bis->device); ++ for (i = 0; i < MAX_TARGETS; i++) { ++ if (bis->basetmp[i]) ++ misc_free_temp_dev(bis->basetmp[i]); ++ } + disk_free_info(bis->info); + } +--- a/zipl/src/disk.c ++++ b/zipl/src/disk.c +@@ -187,43 +187,134 @@ + return rc; + } + ++/** ++ * Process a script output represented by FH and consisting ++ * of pairs 'key=value' (each such pair is on a separate line). ++ * Check its consistency and set the extracted target parameters ++ * to the array of "targets" at TD. ++ * ++ * NOTE: this function defines specifications on valid output of ++ * zipl helper scripts. See zipl-support-for-mirrored-devices.txt ++ * for details. Before modifying this function, make sure that it ++ * won't lead to format change. ++ */ + static int set_target_parameters(FILE *fh, struct job_target_data *td) + { +- int checkparm = 0; ++ int idx[LAST_TARGET_PARAM] = {0}; ++ struct target *t; + char buffer[80]; + char value[40]; ++ char *error; ++ int i; + ++ /** ++ * Process a stream of 'key=value' pairs and distribute ++ * them into groups. ++ * The i-th occurrence of some "key" in the stream means ++ * that the respective pair belongs to the group #i ++ */ ++ error = "Exceeded the maximum number of base disks"; + while (fgets(buffer, 80, fh)) { + if (sscanf(buffer, "targetbase=%s", value) == 1) { +- td->targetbase = misc_strdup(value); +- checkparm++; ++ t = target_at(td, idx[TARGET_BASE]++); ++ if (!t) ++ goto error; ++ t->targetbase = misc_strdup(value); ++ goto found; + } + if (sscanf(buffer, "targettype=%s", value) == 1) { +- type_from_target(value, &td->targettype); +- checkparm++; ++ t = target_at(td, idx[TARGET_TYPE]++); ++ if (!t) ++ goto error; ++ type_from_target(value, &t->targettype); ++ goto found; + } + if (sscanf(buffer, "targetgeometry=%s", value) == 1) { +- td->targetcylinders = +- atoi(strtok(value, ",")); +- td->targetheads = atoi(strtok(NULL, ",")); +- td->targetsectors = atoi(strtok(NULL, ",")); +- checkparm++; ++ t = target_at(td, idx[TARGET_GEOMETRY]++); ++ if (!t) ++ goto error; ++ t->targetcylinders = atoi(strtok(value, ",")); ++ t->targetheads = atoi(strtok(NULL, ",")); ++ t->targetsectors = atoi(strtok(NULL, ",")); ++ goto found; + } + if (sscanf(buffer, "targetblocksize=%s", value) == 1) { +- td->targetblocksize = atoi(value); +- checkparm++; ++ t = target_at(td, idx[TARGET_BLOCKSIZE]++); ++ if (!t) ++ goto error; ++ t->targetblocksize = atoi(value); ++ goto found; + } + if (sscanf(buffer, "targetoffset=%s", value) == 1) { +- td->targetoffset = atol(value); +- checkparm++; ++ t = target_at(td, idx[TARGET_OFFSET]++); ++ if (!t) ++ goto error; ++ t->targetoffset = atol(value); ++ goto found; + } ++ continue; ++found: ++ t->check_params++; + } +- if ((!disk_is_eckd(td->targettype) && checkparm < 4) || +- (disk_is_eckd(td->targettype) && checkparm != 5)) { +- error_reason("Target parameters missing from script"); +- return -1; ++ /* Check for consistency */ ++ error = "Inconsistent script output"; ++ /* ++ * First, calculate total number of groups ++ */ ++ td->nr_targets = 0; ++ for (i = 0; i < MAX_TARGETS; i++) { ++ t = target_at(td, i); ++ if (t->check_params == 0) ++ break; ++ td->nr_targets++; ++ } ++ if (!td->nr_targets) ++ /* No keywords found in the stream */ ++ goto error; ++ /* ++ * Each group has to include targetbase, targettype, ++ * targetblocksize and targetoffset. ++ */ ++ if (td->nr_targets != idx[TARGET_BASE] || ++ td->nr_targets != idx[TARGET_TYPE] || ++ td->nr_targets != idx[TARGET_BLOCKSIZE] || ++ td->nr_targets != idx[TARGET_OFFSET]) ++ goto error; ++ /* ++ * In addition, any group of "ECKD" type has to include ++ * targetgeometry ++ */ ++ for (i = 0; i < td->nr_targets; i++) { ++ t = target_at(td, i); ++ assert(t->check_params >= 4); ++ if (disk_is_eckd(t->targettype) && t->check_params != 5) ++ goto error; + } + return 0; ++error: ++ error_reason("%s", error); ++ return -1; ++} ++ ++static void print_base_disk_params(struct job_target_data *td, int index) ++{ ++ disk_type_t type = get_targettype(td, index); ++ ++ if (!verbose) ++ return; ++ { ++ fprintf(stderr, "Base disk '%s':\n", get_targetbase(td, index)); ++ fprintf(stderr, " layout........: %s\n", disk_get_type_name(type)); ++ } ++ if (disk_is_eckd(type)) { ++ fprintf(stderr, " heads.........: %u\n", get_targetheads(td, index)); ++ fprintf(stderr, " sectors.......: %u\n", get_targetsectors(td, index)); ++ fprintf(stderr, " cylinders.....: %u\n", get_targetcylinders(td, index)); ++ } ++ { ++ fprintf(stderr, " start.........: %lu\n", get_targetoffset(td, index)); ++ fprintf(stderr, " blksize.......: %u\n", get_targetblocksize(td, index)); ++ } + } + + /** +@@ -235,31 +326,57 @@ + { + int majnum, minnum; + struct stat stats; +- ++ int i; ++ /* ++ * Currently multiple base disks with different parameters ++ * are not supported ++ */ + data->devno = -1; +- data->phy_block_size = td->targetblocksize; +- data->type = td->targettype; +- data->partnum = 0; ++ data->phy_block_size = get_targetblocksize(td, 0); ++ data->type = get_targettype(td, 0); + +- if (sscanf(td->targetbase, "%d:%d", &majnum, &minnum) == 2) { +- data->device = makedev(majnum, minnum); +- data->targetbase = defined_as_device; +- data->partnum = minor(stats.st_rdev) - minnum; +- } else { +- if (stat(td->targetbase, &stats)) { +- error_reason(strerror(errno)); +- error_text("Could not get information for " +- "file '%s'", td->targetbase); ++ assert(td->nr_targets != 0); ++ for (i = 1; i < td->nr_targets; i++) { ++ if (data->type != get_targettype(td, i) || ++ data->phy_block_size != get_targetblocksize(td, i)) { ++ print_base_disk_params(td, 0); ++ print_base_disk_params(td, i); ++ error_reason("Inconsistent base disk geometry in target device"); + return -1; + } +- if (!S_ISBLK(stats.st_mode)) { +- error_reason("Target base device '%s' is not " +- "a block device", +- td->targetbase); ++ } ++ data->partnum = 0; ++ data->targetbase_def = undefined; ++ ++ for (i = 0; i < td->nr_targets; i++) { ++ definition_t defined_as; ++ ++ if (sscanf(get_targetbase(td, i), ++ "%d:%d", &majnum, &minnum) == 2) { ++ data->basedisks[i] = makedev(majnum, minnum); ++ defined_as = defined_as_device; ++ } else { ++ if (stat(get_targetbase(td, i), &stats)) { ++ error_reason(strerror(errno)); ++ error_text("Could not get information for " ++ "file '%s'", get_targetbase(td, i)); ++ return -1; ++ } ++ if (!S_ISBLK(stats.st_mode)) { ++ error_reason("Target base device '%s' is not " ++ "a block device", ++ get_targetbase(td, i)); ++ return -1; ++ } ++ data->basedisks[i] = stats.st_rdev; ++ defined_as = defined_as_name; ++ } ++ if (data->targetbase_def != undefined && ++ data->targetbase_def != defined_as) { ++ error_reason("Target base disks are defined by different ways"); + return -1; + } +- data->device = stats.st_rdev; +- data->targetbase = defined_as_name; ++ data->targetbase_def = defined_as; + } + if (data->type == disk_type_scsi && ioctl(fd, NVME_IOCTL_ID) >= 0) + data->is_nvme = 1; +@@ -446,11 +563,28 @@ + static int disk_set_geometry_by_hint(struct job_target_data *td, + struct disk_info *data) + { +- data->geo.heads = td->targetheads; +- data->geo.sectors = td->targetsectors; +- data->geo.cylinders = td->targetcylinders; +- data->geo.start = td->targetoffset; +- ++ int i; ++ /* ++ * Currently multiple base disks with different parameters ++ * are not supported ++ */ ++ data->geo.heads = get_targetheads(td, 0); ++ data->geo.sectors = get_targetsectors(td, 0); ++ data->geo.cylinders = get_targetcylinders(td, 0); ++ data->geo.start = get_targetoffset(td, 0); ++ ++ assert(td->nr_targets != 0); ++ for (i = 1; i < td->nr_targets; i++) { ++ if (data->geo.heads != get_targetheads(td, i) || ++ data->geo.sectors != get_targetsectors(td, i) || ++ data->geo.cylinders != get_targetcylinders(td, i) || ++ data->geo.start != get_targetoffset(td, i)) { ++ print_base_disk_params(td, 0); ++ print_base_disk_params(td, i); ++ error_reason("Inconsistent base disk geometry in target device"); ++ return -1; ++ } ++ } + return 0; + } + +@@ -515,14 +649,16 @@ + } + + /** +- * Prepare INFO required to perform IPL installation on the physical +- * disk where the logical DEVICE is located. ++ * Prepare INFO required to perform IPL installation on physical disks ++ * participating in the logical DEVICE. + * Preparation is performed in 2 steps: + * +- * 1. Find out a physical "base" disk where the logical DEVICE is +- * located. Calculate "target" parameters (type, geometry, physical +- * block size, data offset, etc); +- * 2. Complete INFO by the found base disk and target parameters. ++ * 1. Find out a set of physical "base" disks participating in the ++ * logical DEVICE. For each found disk calculate "target" parameters ++ * (type, geometry, physical block size, data offset, etc) and store ++ * it in the array of "targets" of TD; ++ * 2. Complete INFO using the found base disks and calculated target ++ * parameters. + * + * TD: optionally contains target parameters specified by user via + * config file, or special "target options" of zipl tool. +@@ -566,6 +702,7 @@ + goto error; + if (disk_set_info_by_hint(td, data, fd)) + goto error; ++ data->device = stats.st_rdev; + break; + case source_user: + /* +@@ -578,6 +715,12 @@ + goto error; + if (disk_set_info_by_hint(td, data, fd)) + goto error; ++ /* ++ * multiple base disks are not supported ++ * with this source type ++ */ ++ assert(td->nr_targets == 1); ++ data->device = data->basedisks[0]; + break; + case source_auto: + /* no ready target parameters are available */ +@@ -585,6 +728,12 @@ + goto error; + if (disk_set_info_auto(data, &stats, fd)) + goto error; ++ /* ++ * multiple base disks are not supported ++ * with this source type ++ */ ++ data->basedisks[0] = data->device; ++ td->nr_targets = 1; + break; + default: + assert(0); +@@ -940,6 +1089,33 @@ + printf("%02x:%02x", major(d), minor(d)); + } + ++void disk_print_devname(dev_t dev) ++{ ++ struct util_proc_part_entry part_entry; ++ ++ if (!util_proc_part_get_entry(dev, &part_entry)) { ++ printf("%s", part_entry.name); ++ util_proc_part_free_entry(&part_entry); ++ } else { ++ disk_print_devt(dev); ++ } ++} ++ ++void prepare_footnote_ptr(int source, char *ptr) ++{ ++ if (source == source_user || source == source_script) ++ strcpy(ptr, " *)"); ++ else ++ strcpy(ptr, ""); ++} ++ ++void print_footnote_ref(int source, const char *prefix) ++{ ++ if (source == source_user) ++ printf("%s*) Data provided by user.\n", prefix); ++ else if (source == source_script) ++ printf("%s*) Data provided by script.\n", prefix); ++} + + /* Return a name for a given disk TYPE. */ + char * +@@ -991,12 +1167,11 @@ + void disk_print_info(struct disk_info *info, int source) + { + char footnote[4] = ""; +- if (source == source_user || source == source_script) +- strcpy(footnote, " *)"); + ++ prepare_footnote_ptr(source, footnote); + printf(" Device..........................: "); + disk_print_devt(info->device); +- if (info->targetbase == defined_as_device) ++ if (info->targetbase_def == defined_as_device) + printf("%s", footnote); + printf("\n"); + if (info->partnum != 0) { +@@ -1007,7 +1182,7 @@ + if (info->name) { + printf(" Device name.....................: %s", + info->name); +- if (info->targetbase == defined_as_name) ++ if (info->targetbase_def == defined_as_name) + printf("%s", footnote); + printf("\n"); + } +@@ -1050,21 +1225,7 @@ + info->phy_block_size, footnote); + printf(" Device size in physical blocks..: %ld\n", + (long) info->phy_blocks); +- if (source == source_user) +- printf(" *) Data provided by user.\n"); +- if (source == source_script) +- printf(" *) Data provided by script.\n"); +-} +- +-/* Print textual representation of geo structure. */ +-void +-disk_print_geo(struct disk_info *data) +-{ +- printf(" geo.heads.........:%u\n", data->geo.heads); +- printf(" geo.sectors.......:%u\n", data->geo.sectors); +- printf(" geo.cylinders.....:%u\n", data->geo.cylinders); +- printf(" geo.start.........:%lu\n", data->geo.start); +- printf(" blksize...........:%u\n", data->phy_block_size); ++ print_footnote_ref(source, " "); + } + + /* Check whether a block is a zero block which identifies a hole in a file. +--- a/zipl/src/install.c ++++ b/zipl/src/install.c +@@ -434,11 +434,14 @@ + { + disk_blockptr_t *scsi_dump_sb_blockptr = &bis->scsi_dump_sb_blockptr; + struct disk_info *info = bis->info; +- char *device = bis->device; +- int fd, rc; ++ char footnote[4]; ++ int rc; ++ int i; + + if (!info) + return 0; ++ ++ prepare_footnote_ptr(job->target.source, footnote); + /* Inform user about what we're up to */ + printf("Preparing boot device for %s%s: ", + disk_get_ipl_type(info->type, +@@ -455,40 +458,58 @@ + disk_print_devt(info->device); + printf(".\n"); + } +- /* Open device file */ +- fd = open(device, O_RDWR); +- if (fd == -1) { +- error_reason(strerror(errno)); +- error_text("Could not open temporary device file '%s'", +- device); +- return -1; +- } +- /* Ensure that potential cache inconsistencies between disk and +- * partition are resolved by flushing the corresponding buffers. */ +- if (!dry_run) { +- if (ioctl(fd, BLKFLSBUF)) { +- fprintf(stderr, "Warning: Could not flush disk " +- "caches.\n"); ++ /* Install independently on each physical target base */ ++ ++ for (i = 0; i < job_get_nr_targets(job); i++) { ++ int fd; ++ ++ if (verbose) { ++ printf("Installing on base disk: "); ++ disk_print_devname(info->basedisks[i]); ++ printf("%s.\n", footnote); + } ++ /* Open device file */ ++ fd = open(bis->basetmp[i], O_RDWR); ++ if (fd == -1) { ++ error_reason(strerror(errno)); ++ error_text("Could not open temporary device file '%s'", ++ bis->basetmp[i]); ++ return -1; ++ } ++ /* Ensure that potential cache inconsistencies between disk and ++ * partition are resolved by flushing the corresponding buffers. ++ */ ++ if (!dry_run) { ++ if (ioctl(fd, BLKFLSBUF)) { ++ fprintf(stderr, "Warning: Could not flush disk " ++ "caches.\n"); ++ } ++ } ++ /* ++ * Depending on disk type, install one or two program tables ++ * for CCW-type IPL and (or) for List-Directed IPL (see the ++ * picture in comments above) ++ */ ++ if (job->id == job_dump_partition) { ++ rc = install_bootloader_dump(bis->tables, info, ++ scsi_dump_sb_blockptr, ++ is_ngdump_enabled(job), ++ fd); ++ } else { ++ rc = install_bootloader_ipl(bis->tables, info, ++ fd); ++ } ++ if (fsync(fd)) ++ error_text("Could not sync device file '%s'", ++ bis->basetmp[i]); ++ if (close(fd)) ++ error_text("Could not close device file '%s'", ++ bis->basetmp[i]); ++ if (rc) ++ break; + } +- /* +- * Depending on disk type, install one or two program tables +- * for CCW-type IPL and (or) for List-Directed IPL (see the +- * picture in comments above) +- */ +- if (job->id == job_dump_partition) { +- rc = install_bootloader_dump(bis->tables, info, +- scsi_dump_sb_blockptr, +- is_ngdump_enabled(job), +- fd); +- } else { +- rc = install_bootloader_ipl(bis->tables, info, fd); +- } +- +- if (fsync(fd)) +- error_text("Could not sync device file '%s'", device); +- if (close(fd)) +- error_text("Could not close device file '%s'", device); ++ if (verbose) ++ print_footnote_ref(job->target.source, ""); + + if (!dry_run && rc == 0) { + if (info->devno >= 0) +--- a/zipl/src/job.c ++++ b/zipl/src/job.c +@@ -1346,6 +1346,27 @@ + } + } + ++int set_targettype(struct job_target_data *data, int index, char *value) ++{ ++ return type_from_target(value, ++ &target_at(data, index)->targettype); ++} ++ ++int job_set_targettype(struct job_data *job, char *value) ++{ ++ return set_targettype(&job->target, 0, value); ++} ++ ++static int job_set_target(struct job_data *job, char *value) ++{ ++ job_set_targetbase(job, value); ++ if (!job_get_targetbase(job)) ++ return -1; ++ job_set_nr_targets(job, 1); ++ job->target.source = source_user; ++ return 0; ++} ++ + static int + get_job_from_section_data(char* data[], struct job_data* job, char* section) + { +@@ -1362,32 +1383,28 @@ + return -1; + /* Fill in target */ + if (data[(int) scan_keyword_targetbase] != NULL) { +- job->target.targetbase = +- misc_strdup(data[(int) +- scan_keyword_targetbase]); +- if (job->target.targetbase == NULL) ++ if (job_set_target(job, misc_strdup(data[(int) ++ scan_keyword_targetbase]))) + return -1; +- job->target.source = source_user; + } + if (data[(int) scan_keyword_targettype] != NULL) { +- if (type_from_target( +- data[(int) scan_keyword_targettype], +- &job->target.targettype)) ++ if (job_set_targettype(job, ++ data[(int) scan_keyword_targettype])) + return -1; + } + if (data[(int) scan_keyword_targetgeometry] != NULL) { +- job->target.targetcylinders = ++ job_set_targetcylinders(job, + atoi(strtok(data[(int) +- scan_keyword_targetgeometry], ",")); +- job->target.targetheads = atoi(strtok(NULL, ",")); +- job->target.targetsectors = atoi(strtok(NULL, ",")); ++ scan_keyword_targetgeometry], ","))); ++ job_set_targetheads(job, atoi(strtok(NULL, ","))); ++ job_set_targetsectors(job, atoi(strtok(NULL, ","))); + } + if (data[(int) scan_keyword_targetblocksize] != NULL) +- job->target.targetblocksize = +- atoi(data[(int) scan_keyword_targetblocksize]); ++ job_set_targetblocksize(job, ++ atoi(data[(int) scan_keyword_targetblocksize])); + if (data[(int) scan_keyword_targetoffset] != NULL) +- job->target.targetoffset = +- atol(data[(int) scan_keyword_targetoffset]); ++ job_set_targetoffset(job, ++ atol(data[(int) scan_keyword_targetoffset])); + /* Fill in name and address of image file */ + + job->data.ipl.common.image = misc_strdup( +@@ -1615,37 +1632,32 @@ + return -1; + break; + case scan_keyword_targetbase: +- job->target.targetbase = misc_strdup( +- scan[i].content.keyword.value); +- if (job->target.targetbase == NULL) ++ if (job_set_target(job, misc_strdup( ++ scan[i].content.keyword.value))) + return -1; +- job->target.source = source_user; + break; + case scan_keyword_targettype: +- if (type_from_target( +- scan[i].content.keyword.value, +- &job->target.targettype)) ++ if (job_set_targettype(job, ++ scan[i].content.keyword.value)) + return -1; + break; + case scan_keyword_targetgeometry: +- job->target.targetcylinders = ++ job_set_targetcylinders(job, + atoi(strtok( + scan[i].content.keyword.value, +- ",")); +- job->target.targetheads = +- atoi(strtok(NULL, ",")); +- job->target.targetsectors = +- atoi(strtok(NULL, ",")); ++ ","))); ++ job_set_targetheads(job, ++ atoi(strtok(NULL, ","))); ++ job_set_targetsectors(job, ++ atoi(strtok(NULL, ","))); + break; + case scan_keyword_targetblocksize: +- job->target.targetblocksize = +- atoi( +- scan[i].content.keyword.value); ++ job_set_targetblocksize(job, atoi( ++ scan[i].content.keyword.value)); + break; + case scan_keyword_targetoffset: +- job->target.targetoffset = +- atol( +- scan[i].content.keyword.value); ++ job_set_targetoffset(job, atol( ++ scan[i].content.keyword.value)); + break; + default: + /* Should not happen */ diff --git a/s390-tools-01-zipl_helper.device-mapper-add-missed-step-in-logical.patch b/s390-tools-01-zipl_helper.device-mapper-add-missed-step-in-logical.patch new file mode 100644 index 0000000..0c1282b --- /dev/null +++ b/s390-tools-01-zipl_helper.device-mapper-add-missed-step-in-logical.patch @@ -0,0 +1,67 @@ +From 2d26a63806d2847f549c06276070a636a61bcb80 Mon Sep 17 00:00:00 2001 +From: Eduard Shishkin +Date: Wed, 4 Dec 2024 13:37:46 +0100 +Subject: [PATCH s390-tools] zipl_helper.device-mapper: add missed step in + logical device resolution + +This fixes 670bf3e + +Preparing a loop device for IPL by zipl tool, using its partition as +zipl target, leads to inconsistent installation setup. The problem is in +a missed step in the procedure of logical device resolution performed +by the script zipl_helper.device-mapper: + +\# lsblk + +NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT +loop0 7:0 0 5G 0 loop +|-loop0p1 253:15 0 128M 0 part +`-loop0p2 253:16 0 4.9G 0 part /mnt + +\# ./zipl_helper.device-mapper 253:16 + +Expected result: + +targetbase=7:0 +targettype=SCSI +targetblocksize=4096 +targetoffset=32784 + +Actual result: + +targetbase=253:16 +targettype=SCSI +targetblocksize=4096 +targetoffset=32784 + +The fixup adds a missed resolution step. + +Reference-ID: LTC210771 +Signed-off-by: Eduard Shishkin +--- + zipl/src/zipl_helper.device-mapper.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/zipl/src/zipl_helper.device-mapper.c b/zipl/src/zipl_helper.device-mapper.c +index aca52be1..918c5aba 100644 +--- a/zipl/src/zipl_helper.device-mapper.c ++++ b/zipl/src/zipl_helper.device-mapper.c +@@ -1306,13 +1306,13 @@ static int complete_physical_device(struct physical_device *pd, dev_t *base_dev) + *base_dev = base_entry->dev.dev; + } else { + /* +- * In this case base device is the uppermost logical ++ * In this case base device is the uppermost + * device which provides access to boot sectors + */ + base_entry = find_base_entry(pd->dmpath, dc->bootsectors); + if (!base_entry) + return -1; +- *base_dev = base_entry->dev.dev; ++ *base_dev = first_device_by_target_data(base_entry->target); + } + /* Check for valid offset of filesystem */ + if ((pd->offset % (dc->blocksize / SECTOR_SIZE)) != 0) { +-- +2.39.0 + diff --git a/s390-tools-02-libzpci-opticsmon-Refactor-on_link_change-using-new.patch b/s390-tools-02-libzpci-opticsmon-Refactor-on_link_change-using-new.patch new file mode 100644 index 0000000..7c711cc --- /dev/null +++ b/s390-tools-02-libzpci-opticsmon-Refactor-on_link_change-using-new.patch @@ -0,0 +1,129 @@ +From cf5560a100b5552e2eeeaac9c60a88ae77233530 Mon Sep 17 00:00:00 2001 +From: Niklas Schnelle +Date: Mon, 9 Dec 2024 15:08:03 +0100 +Subject: [PATCH] libzpci: opticsmon: Refactor on_link_change() using new + zpci_find_by_netdev() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Finding a PCI device given the name of a netdev seems generally useful +so pull this out into a new zpci_find_by_netdev() function in libzpci +and use this to simplify on_link_change() removing the need for +backwards goto. + +Reviewed-by: Halil Pasic +Reviewed-by: Jan Höppner +Signed-off-by: Niklas Schnelle +Signed-off-by: Jan Höppner +--- + include/lib/pci_list.h | 3 +++ + libzpci/pci_list.c | 31 +++++++++++++++++++++++++++++++ + opticsmon/opticsmon.c | 27 +++++++++++---------------- + 3 files changed, 45 insertions(+), 16 deletions(-) + +diff --git a/include/lib/pci_list.h b/include/lib/pci_list.h +index 829ec244..5b2918bc 100644 +--- a/include/lib/pci_list.h ++++ b/include/lib/pci_list.h +@@ -93,4 +93,7 @@ const char *zpci_pft_str(struct zpci_dev *zdev); + const char *zpci_operstate_str(operstate_t state); + operstate_t zpci_operstate_from_str(const char *oper_str); + ++struct zpci_dev *zpci_find_by_netdev(struct util_list *zpci_list, char *netdev_name, ++ struct zpci_netdev **netdev); ++ + #endif /* LIB_ZPCI_PCI_LIST_H */ +diff --git a/libzpci/pci_list.c b/libzpci/pci_list.c +index 10f64e89..e0d56e44 100644 +--- a/libzpci/pci_list.c ++++ b/libzpci/pci_list.c +@@ -356,3 +356,34 @@ void zpci_free_dev_list(struct util_list *zpci_list) + } + util_list_free(zpci_list); + } ++ ++/** ++ * Find a PCI device given the name of a netdev ++ * ++ * This function allows finding a PCI device when only the name of one ++ * of its netdevs is known. ++ * ++ * @param[in] zpci_list The device list to search ++ * @param[in] netdev_name The name of the netdev ++ * @param[out] netdev Pointer to store the netdev or NULL if ++ * only the PCI device is needed ++ * ++ * @return The PCI device if one is found NULL otherwise ++ */ ++struct zpci_dev *zpci_find_by_netdev(struct util_list *zpci_list, char *netdev_name, ++ struct zpci_netdev **netdev) ++{ ++ struct zpci_dev *zdev = NULL; ++ int i; ++ ++ util_list_iterate(zpci_list, zdev) { ++ for (i = 0; i < zdev->num_netdevs; i++) { ++ if (!strcmp(zdev->netdevs[i].name, netdev_name)) { ++ if (netdev) ++ *netdev = &zdev->netdevs[i]; ++ return zdev; ++ } ++ } ++ } ++ return NULL; ++} +diff --git a/opticsmon/opticsmon.c b/opticsmon/opticsmon.c +index 50dd8d7f..7ecaa125 100644 +--- a/opticsmon/opticsmon.c ++++ b/opticsmon/opticsmon.c +@@ -274,38 +274,33 @@ static int oneshot_mode(struct opticsmon_ctx *ctx) + void on_link_change(struct zpci_netdev *netdev, void *arg) + { + struct opticsmon_ctx *ctx = arg; +- struct zpci_dev *zdev; +- int i, reloads = 1; +- +- if (!ctx->zpci_list || util_list_is_empty(ctx->zpci_list)) +- zpci_list_reload(&ctx->zpci_list); ++ struct zpci_netdev *found_netdev; ++ struct zpci_dev *zdev = NULL; ++ int reloads = 1; + +-find: +- util_list_iterate(ctx->zpci_list, zdev) { +- for (i = 0; i < zdev->num_netdevs; i++) { +- if (!strcmp(zdev->netdevs[i].name, netdev->name)) { ++ do { ++ if (ctx->zpci_list) { ++ zdev = zpci_find_by_netdev(ctx->zpci_list, netdev->name, &found_netdev); ++ if (zdev) { + /* Skip data collection if operational state is + * unchanged + */ +- if (zdev->netdevs[i].operstate == netdev->operstate) ++ if (found_netdev->operstate == netdev->operstate) + return; + /* Update operation state for VFs even though + * they are skipped just for a consistent view + */ +- zdev->netdevs[i].operstate = netdev->operstate; ++ found_netdev->operstate = netdev->operstate; + /* Only collect optics data for PFs */ + if (!zpci_is_vf(zdev)) + dump_adapter_data(ctx, zdev); + return; + } + } +- } +- /* Might be a new device, reload list of devices and retry */ +- if (reloads > 0) { ++ /* Could be uninitalized list or a new device, retry after reload */ + zpci_list_reload(&ctx->zpci_list); + reloads--; +- goto find; +- } ++ } while (reloads > 0); + } + + #define MAX_EVENTS 8 diff --git a/s390-tools-02-zipl-src-add-basic-support-for-multiple-target-base-disks.patch b/s390-tools-02-zipl-src-add-basic-support-for-multiple-target-base-disks.patch new file mode 100644 index 0000000..bf8dfb1 --- /dev/null +++ b/s390-tools-02-zipl-src-add-basic-support-for-multiple-target-base-disks.patch @@ -0,0 +1,15 @@ +--- a/zipl/src/job.c 2024-09-16 14:20:09.321762661 +0200 ++++ b/zipl/src/job.c 2024-09-16 14:29:28.601846724 +0200 +@@ -373,8 +373,11 @@ + static void + free_target_data(struct job_target_data* data) + { ++ int i; ++ + free(data->bootmap_dir); +- free(data->targetbase); ++ for (i = 0; i < data->nr_targets; i++) ++ free(get_targetbase(data, i)); + } + + static void diff --git a/s390-tools-02-zipl-src-fix-imprecise-check-that-file-is-on-specifi.patch b/s390-tools-02-zipl-src-fix-imprecise-check-that-file-is-on-specifi.patch new file mode 100644 index 0000000..bf9ce66 --- /dev/null +++ b/s390-tools-02-zipl-src-fix-imprecise-check-that-file-is-on-specifi.patch @@ -0,0 +1,63 @@ +From 592a016a1095fa9813f0bae8256433ba5af4ab9b Mon Sep 17 00:00:00 2001 +From: Eduard Shishkin +Date: Sat, 7 Dec 2024 12:48:12 +0100 +Subject: [PATCH s390-tools 2/2] zipl/src: fix imprecise check that file is on + specified device + +This fixes c0f02d2 + +The check that file is on specified disk is imprecise: In case when +target parameters are specified by user, the check compares a logical +device with a base disk, which is incorrect. + +The fixup makes the check compare base disks (a specified one with +the base disk determined by disk_get_info() procedure). + +Signed-off-by: Eduard Shishkin +--- + zipl/src/bootmap.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/zipl/src/bootmap.c b/zipl/src/bootmap.c +index 7d340156..880b93ce 100644 +--- a/zipl/src/bootmap.c ++++ b/zipl/src/bootmap.c +@@ -299,14 +299,15 @@ create_component_header(void* buffer, component_header_type type) + } + + /* +- * Not precise check that the file FILENAME locates on specified physical DISK. ++ * Not precise check that the file FILENAME locates on the physical ++ * disk specified by WHERE. + * + * Try to auto-detect parameters of the disk which the file locates on + * and compare found device-ID with DISK. + * Return 0, if auto-detection succeeded, and it is proven that the + * file does NOT locate on DISK. Otherwise, return 1. + */ +-static int file_is_on_disk(const char *filename, dev_t disk) ++static int file_is_on_disk(const char *filename, struct disk_info *where) + { + /* + * Retrieve info of the underlying disk without any user hints +@@ -331,7 +332,7 @@ static int file_is_on_disk(const char *filename, dev_t disk) + "Warning: Preparing a logical device for boot might fail\n"); + return 1; + } +- if (info->device != disk) { ++ if (info->basedisks[0] != where->basedisks[0]) { + disk_free_info(info); + return 0; + } +@@ -378,7 +379,7 @@ static int add_component_file_range(struct install_set *bis, + return -1; + } + } else { +- if (!file_is_on_disk(filename, bis->info->device)) { ++ if (!file_is_on_disk(filename, bis->info)) { + error_reason("File is not on target device"); + return -1; + } +-- +2.39.0 + diff --git a/s390-tools-03-rust-pvimg-Add-enable-disable-image-encryption-flags-to-pvimg-create.patch b/s390-tools-03-rust-pvimg-Add-enable-disable-image-encryption-flags-to-pvimg-create.patch new file mode 100644 index 0000000..446e3e7 --- /dev/null +++ b/s390-tools-03-rust-pvimg-Add-enable-disable-image-encryption-flags-to-pvimg-create.patch @@ -0,0 +1,334 @@ +From cf51ac786095f2a1a17d04fea9ee73271438d247 Mon Sep 17 00:00:00 2001 +From: Marc Hartmayer +Date: Wed, 11 Dec 2024 19:25:59 +0100 +Subject: [PATCH] rust/pvimg: Add '--(enable|disable)-image-encryption' flags + to 'pvimg create' +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +With runtime attestation it might be useful to have non-encrypted Secure +Execution images. This patch adds the support for this to the 'pvimg +create' and 'genprotimg' commands. + +Reviewed-by: Steffen Eiden +Acked-by: Hendrik Brueckner +Signed-off-by: Marc Hartmayer +Signed-off-by: Jan Höppner +--- + rust/pvimg/man/genprotimg.1 | 26 +++++++++++++++++++++----- + rust/pvimg/man/pvimg-create.1 | 26 +++++++++++++++++++++----- + rust/pvimg/man/pvimg-info.1 | 10 +++++----- + rust/pvimg/man/pvimg-test.1 | 10 +++++----- + rust/pvimg/man/pvimg.1 | 10 +++++----- + rust/pvimg/src/cli.rs | 18 ++++++++++++++++++ + rust/pvimg/src/cmd/create.rs | 10 ++++++++++ + 7 files changed, 85 insertions(+), 25 deletions(-) + +diff --git a/rust/pvimg/man/genprotimg.1 b/rust/pvimg/man/genprotimg.1 +index 46a91aa4..3f4949e9 100644 +--- a/rust/pvimg/man/genprotimg.1 ++++ b/rust/pvimg/man/genprotimg.1 +@@ -3,11 +3,11 @@ + .\" it under the terms of the MIT license. See LICENSE for details. + .\" + +-.TH genprotimg 1 "2024-12-05" "s390-tools" "Genprotimg Manual" ++.TH genprotimg 1 "2024-12-11" "s390-tools" "Genprotimg Manual" + .nh + .ad l + .SH NAME +-\fBgenprotimg\fP - Create an IBM Secure Execution image ++\fBgenprotimg\fP \- Create an IBM Secure Execution image + \fB + .SH SYNOPSIS + .nf +@@ -196,6 +196,22 @@ Disable the support for backup target keys (default). + .RE + .RE + .PP ++\-\-enable\-image\-encryption ++.RS 4 ++Enable encryption of the image components (default). The image components are: ++the kernel, ramdisk, and kernel command line. ++.RE ++.RE ++.PP ++\-\-disable\-image\-encryption ++.RS 4 ++Disable encryption of the image components. The image components are: the ++kernel, ramdisk, and kernel command line. Use only if the components used do not ++contain any confidential content (for example, secrets like non\-public ++cryptographic keys). ++.RE ++.RE ++.PP + \-v, \-\-verbose + .RS 4 + Provide more detailed output. +@@ -222,16 +238,16 @@ Print help (see a summary with \fB\-h\fR). + + .SH EXIT STATUS + .TP 8 +-.B 0 - Program finished successfully ++.B 0 \- Program finished successfully + The command was executed successfully. + .RE + .TP 8 +-.B 1 - Generic error ++.B 1 \- Generic error + Something went wrong during the operation. Refer to the error + message. + .RE + .TP 8 +-.B 2 - Usage error ++.B 2 \- Usage error + The command was used incorrectly, for example: unsupported command + line flag, or wrong number of arguments. + .RE +diff --git a/rust/pvimg/man/pvimg-create.1 b/rust/pvimg/man/pvimg-create.1 +index aba197fa..dae1cf18 100644 +--- a/rust/pvimg/man/pvimg-create.1 ++++ b/rust/pvimg/man/pvimg-create.1 +@@ -3,11 +3,11 @@ + .\" it under the terms of the MIT license. See LICENSE for details. + .\" + +-.TH pvimg-create 1 "2024-12-05" "s390-tools" "Pvimg Manual" ++.TH pvimg-create 1 "2024-12-11" "s390-tools" "Pvimg Manual" + .nh + .ad l + .SH NAME +-\fBpvimg create\fP - Create an IBM Secure Execution image ++\fBpvimg create\fP \- Create an IBM Secure Execution image + \fB + .SH SYNOPSIS + .nf +@@ -195,6 +195,22 @@ Disable the support for backup target keys (default). + .RE + .RE + .PP ++\-\-enable\-image\-encryption ++.RS 4 ++Enable encryption of the image components (default). The image components are: ++the kernel, ramdisk, and kernel command line. ++.RE ++.RE ++.PP ++\-\-disable\-image\-encryption ++.RS 4 ++Disable encryption of the image components. The image components are: the ++kernel, ramdisk, and kernel command line. Use only if the components used do not ++contain any confidential content (for example, secrets like non\-public ++cryptographic keys). ++.RE ++.RE ++.PP + \-h, \-\-help + .RS 4 + Print help (see a summary with \fB\-h\fR). +@@ -203,16 +219,16 @@ Print help (see a summary with \fB\-h\fR). + + .SH EXIT STATUS + .TP 8 +-.B 0 - Program finished successfully ++.B 0 \- Program finished successfully + The command was executed successfully. + .RE + .TP 8 +-.B 1 - Generic error ++.B 1 \- Generic error + Something went wrong during the operation. Refer to the error + message. + .RE + .TP 8 +-.B 2 - Usage error ++.B 2 \- Usage error + The command was used incorrectly, for example: unsupported command + line flag, or wrong number of arguments. + .RE +diff --git a/rust/pvimg/man/pvimg-info.1 b/rust/pvimg/man/pvimg-info.1 +index e88cbe49..d2726c35 100644 +--- a/rust/pvimg/man/pvimg-info.1 ++++ b/rust/pvimg/man/pvimg-info.1 +@@ -3,11 +3,11 @@ + .\" it under the terms of the MIT license. See LICENSE for details. + .\" + +-.TH pvimg-info 1 "2024-12-05" "s390-tools" "Pvimg Manual" ++.TH pvimg-info 1 "2024-12-11" "s390-tools" "Pvimg Manual" + .nh + .ad l + .SH NAME +-\fBpvimg info\fP - Print information about the IBM Secure Execution image ++\fBpvimg info\fP \- Print information about the IBM Secure Execution image + \fB + .SH SYNOPSIS + .nf +@@ -51,16 +51,16 @@ Print help (see a summary with \fB\-h\fR). + + .SH EXIT STATUS + .TP 8 +-.B 0 - Program finished successfully ++.B 0 \- Program finished successfully + The command was executed successfully. + .RE + .TP 8 +-.B 1 - Generic error ++.B 1 \- Generic error + Something went wrong during the operation. Refer to the error + message. + .RE + .TP 8 +-.B 2 - Usage error ++.B 2 \- Usage error + The command was used incorrectly, for example: unsupported command + line flag, or wrong number of arguments. + .RE +diff --git a/rust/pvimg/man/pvimg-test.1 b/rust/pvimg/man/pvimg-test.1 +index 901c7edb..4fb7d73f 100644 +--- a/rust/pvimg/man/pvimg-test.1 ++++ b/rust/pvimg/man/pvimg-test.1 +@@ -3,11 +3,11 @@ + .\" it under the terms of the MIT license. See LICENSE for details. + .\" + +-.TH pvimg-test 1 "2024-12-05" "s390-tools" "Pvimg Manual" ++.TH pvimg-test 1 "2024-12-11" "s390-tools" "Pvimg Manual" + .nh + .ad l + .SH NAME +-\fBpvimg test\fP - Test different aspects of an existing IBM Secure Execution image ++\fBpvimg test\fP \- Test different aspects of an existing IBM Secure Execution image + \fB + .SH SYNOPSIS + .nf +@@ -54,16 +54,16 @@ Print help (see a summary with \fB\-h\fR). + + .SH EXIT STATUS + .TP 8 +-.B 0 - Program finished successfully ++.B 0 \- Program finished successfully + The command was executed successfully. + .RE + .TP 8 +-.B 1 - Generic error ++.B 1 \- Generic error + Something went wrong during the operation. Refer to the error + message. + .RE + .TP 8 +-.B 2 - Usage error ++.B 2 \- Usage error + The command was used incorrectly, for example: unsupported command + line flag, or wrong number of arguments. + .RE +diff --git a/rust/pvimg/man/pvimg.1 b/rust/pvimg/man/pvimg.1 +index 37c8e978..5676b61d 100644 +--- a/rust/pvimg/man/pvimg.1 ++++ b/rust/pvimg/man/pvimg.1 +@@ -3,11 +3,11 @@ + .\" it under the terms of the MIT license. See LICENSE for details. + .\" + +-.TH pvimg 1 "2024-12-05" "s390-tools" "Pvimg Manual" ++.TH pvimg 1 "2024-12-11" "s390-tools" "Pvimg Manual" + .nh + .ad l + .SH NAME +-\fBpvimg\fP - Create and inspect IBM Secure Execution images ++\fBpvimg\fP \- Create and inspect IBM Secure Execution images + \fB + .SH SYNOPSIS + .nf +@@ -69,16 +69,16 @@ Print help (see a summary with \fB\-h\fR). + + .SH EXIT STATUS + .TP 8 +-.B 0 - Program finished successfully ++.B 0 \- Program finished successfully + The command was executed successfully. + .RE + .TP 8 +-.B 1 - Generic error ++.B 1 \- Generic error + Something went wrong during the operation. Refer to the error + message. + .RE + .TP 8 +-.B 2 - Usage error ++.B 2 \- Usage error + The command was used incorrectly, for example: unsupported command + line flag, or wrong number of arguments. + .RE +diff --git a/rust/pvimg/src/cli.rs b/rust/pvimg/src/cli.rs +index 2ca4e901..12f0b764 100644 +--- a/rust/pvimg/src/cli.rs ++++ b/rust/pvimg/src/cli.rs +@@ -140,6 +140,20 @@ pub struct CreateBootImageLegacyFlags { + /// Disable the support for backup target keys (default). + #[arg(long, action = clap::ArgAction::SetTrue, conflicts_with="enable_backup_keys", group="header-flags")] + pub disable_backup_keys: Option, ++ ++ /// Enable encryption of the image components (default). ++ /// ++ /// The image components are: the kernel, ramdisk, and kernel command line. ++ #[arg(long, action = clap::ArgAction::SetTrue, group="header-flags")] ++ pub enable_image_encryption: Option, ++ ++ /// Disable encryption of the image components. ++ /// ++ /// The image components are: the kernel, ramdisk, and kernel command line. ++ /// Use only if the components used do not contain any confidential content ++ /// (for example, secrets like non-public cryptographic keys). ++ #[arg(long, action = clap::ArgAction::SetTrue, conflicts_with="enable_image_encryption", group="header-flags")] ++ pub disable_image_encryption: Option, + } + + #[non_exhaustive] +@@ -476,6 +490,8 @@ mod test { + flat_map_collect(insert(mvca.clone(), vec![CliOption::new("enable-pckmo", ["--enable-pckmo"])])), + flat_map_collect(insert(mvca.clone(), vec![CliOption::new("enable-pckmo-hmac", ["--enable-pckmo-hmac"])])), + flat_map_collect(insert(mvca.clone(), vec![CliOption::new("enable-backup-keys", ["--enable-backup-keys"])])), ++ flat_map_collect(insert(mvca.clone(), vec![CliOption::new("disable-image-encryption", ["--disable-image-encryption"])])), ++ flat_map_collect(insert(mvca.clone(), vec![CliOption::new("enable-image-encryption", ["--enable-image-encryption"])])), + ]; + let invalid_create_args = [ + flat_map_collect(remove(mvcanv.clone(), "no-verify")), +@@ -501,6 +517,8 @@ mod test { + CliOption::new("x-pcf2", ["--x-pcf", "0x0"])])), + flat_map_collect(insert(mvca.clone(), vec![CliOption::new("enable-pckmo", ["--enable-pckmo"]), + CliOption::new("disable-pckmo", ["--disable-pckmo"])])), ++ flat_map_collect(insert(mvca.clone(), vec![CliOption::new("enable-image-encryption", ["--enable-image-encryption"]), ++ CliOption::new("disable-image-encryption", ["--disable-image-encryption"])])), + ]; + + let mut genprotimg_valid_args = vec![ +diff --git a/rust/pvimg/src/cmd/create.rs b/rust/pvimg/src/cmd/create.rs +index b696d790..475d3523 100644 +--- a/rust/pvimg/src/cmd/create.rs ++++ b/rust/pvimg/src/cmd/create.rs +@@ -80,6 +80,12 @@ fn parse_flags( + lf.enable_backup_keys + .filter(|x| *x) + .and(Some(PcfV1::all_enabled([PcfV1::BackupTargetKeys]))), ++ lf.disable_image_encryption ++ .filter(|x| *x) ++ .and(Some(PcfV1::all_enabled([PcfV1::NoComponentEncryption]))), ++ lf.enable_image_encryption ++ .filter(|x| *x) ++ .and(Some(PcfV1::all_disabled([PcfV1::NoComponentEncryption]))), + ] + .into_iter() + .flatten() +@@ -135,6 +141,10 @@ pub fn create(opt: &CreateBootImageArgs) -> Result { + read_user_provided_keys(opt.comm_key.as_deref(), &opt.experimental_args)?; + let (plaintext_flags, secret_flags) = parse_flags(opt)?; + ++ if plaintext_flags.is_set(PcfV1::NoComponentEncryption) { ++ warn!("The components encryption is disabled, make sure that the components do not contain any confidential content."); ++ } ++ + let mut components = components(&opt.component_paths)?; + if opt.no_component_check { + warn!("The component check is turned off!"); diff --git a/s390-tools-2.31.0.tar.gz b/s390-tools-2.31.0.tar.gz new file mode 100644 index 0000000..3f5dfab --- /dev/null +++ b/s390-tools-2.31.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:83550c05f4fdb631376ad980df058de84292a9e5fbbce631ba3de5749c4f1c5e +size 2059068 diff --git a/s390-tools-2.34-Fix-Rust-compilation-errors.patch b/s390-tools-2.34-Fix-Rust-compilation-errors.patch new file mode 100644 index 0000000..af89ed0 --- /dev/null +++ b/s390-tools-2.34-Fix-Rust-compilation-errors.patch @@ -0,0 +1,51 @@ +From 6a55d0c2e57952600164822dd100e8247b4b010f Mon Sep 17 00:00:00 2001 +From: Steffen Eiden +Date: Fri, 23 Aug 2024 09:16:26 +0200 +Subject: [PATCH] rust/pv: Lower most lints to warn +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Lower the lint level to warn for the styling lints. +This avoids compile issues during packaging for newer tooling with +potential more lint findings. +Still deny compiling if a public symbol has no documentation. + +Fixes: https://github.com/ibm-s390-linux/s390-tools/issues/173 +Reviewed-by: Jan Höppner +Signed-off-by: Steffen Eiden +--- + rust/pv/src/lib.rs | 4 ++-- + rust/pv_core/src/lib.rs | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/rust/pv/src/lib.rs b/rust/pv/src/lib.rs +index 9a647617..1084f8e8 100644 +--- a/rust/pv/src/lib.rs ++++ b/rust/pv/src/lib.rs +@@ -2,8 +2,8 @@ + // + // Copyright IBM Corp. 2023, 2024 + +-#![deny( +- missing_docs, ++#![deny(missing_docs)] ++#![warn( + missing_debug_implementations, + trivial_numeric_casts, + unstable_features, +diff --git a/rust/pv_core/src/lib.rs b/rust/pv_core/src/lib.rs +index 1356c1b7..b617b8f9 100644 +--- a/rust/pv_core/src/lib.rs ++++ b/rust/pv_core/src/lib.rs +@@ -1,8 +1,8 @@ + // SPDX-License-Identifier: MIT + // + // Copyright IBM Corp. 2023, 2024 +-#![deny( +- missing_docs, ++#![deny(missing_docs)] ++#![warn( + missing_debug_implementations, + trivial_numeric_casts, + unstable_features, diff --git a/s390-tools-2.34.0.tar.gz b/s390-tools-2.34.0.tar.gz new file mode 100644 index 0000000..35a8601 --- /dev/null +++ b/s390-tools-2.34.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ea4758c4e460d7f7e040e6aedf68b1be32d63fecb733358b08182f6b9b7440a2 +size 2114507 diff --git a/s390-tools-2.35.0.tar.gz b/s390-tools-2.35.0.tar.gz new file mode 100644 index 0000000..99e5cfb --- /dev/null +++ b/s390-tools-2.35.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2b00d49d2fd649308ad385a80da4cfdfacc1fa642b6949431adf41689ac4848a +size 2125787 diff --git a/s390-tools-2.36.0.tar.gz b/s390-tools-2.36.0.tar.gz new file mode 100644 index 0000000..261eabe --- /dev/null +++ b/s390-tools-2.36.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:53d5ee7adce0fe3f22a5e869f953cff3a655e8b13aff64b0998bce3e0e3c2a43 +size 2184500 diff --git a/s390-tools-ALP-zdev-live.patch b/s390-tools-ALP-zdev-live.patch new file mode 100644 index 0000000..5d45a79 --- /dev/null +++ b/s390-tools-ALP-zdev-live.patch @@ -0,0 +1,133 @@ +--- + zdev/dracut/96zdev-live/module-setup.sh | 32 +++++++++++++++++++++++++ + zdev/dracut/96zdev-live/parse-zdev-live.sh | 36 +++++++++++++++++++++++++++++ + zdev/dracut/96zdev-live/write-udev-live.sh | 11 ++++++++ + zdev/dracut/Makefile | 15 ++++++++++-- + 4 files changed, 92 insertions(+), 2 deletions(-) + +--- /dev/null ++++ b/zdev/dracut/96zdev-live/module-setup.sh +@@ -0,0 +1,32 @@ ++#!/bin/bash ++ ++# called by dracut ++check() { ++ arch=${DRACUT_ARCH:-$(uname -m)} ++ [ "$arch" = "s390" -o "$arch" = "s390x" ] || return 1 ++ ++ require_binaries chzdev || return 1 ++ ++ [[ $hostonly ]] || return 0 ++ ++ # or on request ++ return 255 ++} ++ ++# called by dracut ++depends() { ++ echo bash ++ return 0 ++} ++ ++# called by dracut ++installkernel() { ++ instmods ctcm lcs qeth qeth_l2 qeth_l3 dasd_diag_mod dasd_eckd_mod dasd_fba_mod ++} ++ ++# called by dracut ++install() { ++ inst_hook cmdline 41 "$moddir/parse-zdev-live.sh" ++ inst_hook cleanup 41 "$moddir/write-udev-live.sh" ++ inst_multiple chzdev ++} +--- /dev/null ++++ b/zdev/dracut/96zdev-live/parse-zdev-live.sh +@@ -0,0 +1,36 @@ ++#!/bin/bash ++# ++# 96zdev-live/parse-zdev-live.sh ++# Parse the kernel command line for rd.zdev kernel parameters. These ++# parameters are evaluated and used to configure z Systems specific devices ++# with chzdev(8), especially for use on live/installation type media. ++# Note: this is only active on no-hostonly initrds (by default). ++# ++# Format: ++# rd.zdev=TYPE,DEVICE[,SETTINGS] ++# ++# where ++# ++# TYPE: all device types supported by chzdev(8), like qeth and dasd ++# DEVICE: device specification as supported by chzdev(8) '--enable', ++# with the exception of specifying multiple devices, which ++# need to be separated by commas. Channel group members ++# (or zFCP parameters) in turn are separated by colons. ++# SETTINGS: Settings are positional arguments of chzdev in the form ++# KEY=VALUE separated by commas. ++ ++zdev_enable="--persistent --enable" ++zdev_base_args="--yes --no-root-update --no-settle" ++ ++for zdevs in $(getargs rd.zdev) ; do ++ IFS=',' read -r -a zdev <<< "$zdevs" ++ if [ -n "$zdev" ] && [ "$zdev" = "no-auto" -o "$zdev" = "auto" ] ; then ++ : # ignore, as it's handled by 95zdev ++ elif [ -z "$zdev" ] || [ -z "${zdev[1]}" ] ; then ++ warn "Unsupported usage of rd.zdev=$zdevs" ++ else ++ info "+ chzdev $zdev_enable [...] ${zdev[@]}" ++ chzdev $zdev_enable $zdev_base_args "${zdev[@]}" ++ fi ++done ++ +--- /dev/null ++++ b/zdev/dracut/96zdev-live/write-udev-live.sh +@@ -0,0 +1,11 @@ ++#!/bin/sh ++# ++# 96zdev-live/write-udev-live.sh ++# Copy udeve rules generated by chzdev for device activation starting with 41 ++# to a *writable* /sysroot -- this is primarily useful for live/installation- ++# type media (and by default only active on no-hostonly initrds) ++# ++ ++if [ -w /sysroot/etc/udev/rules.d ]; then ++ cp -p /etc/udev/rules.d/41-* /sysroot/etc/udev/rules.d ++fi +--- a/zdev/dracut/Makefile ++++ b/zdev/dracut/Makefile +@@ -3,17 +3,23 @@ + + ZDEVDIR := 95zdev + ZDEVKDUMPDIR := 95zdev-kdump ++ZDEVLIVEDIR := 96zdev-live + + # HAVE_DRACUT + # +-# This install time parameter determines whether the zdev dracut module is +-# installed (HAVE_DRACUT=1) or not (default). When installed, the module ++# This install time parameter determines whether the zdev dracut modules are ++# installed (HAVE_DRACUT=1) or not (default). When installed, the 95zdev module + # performs the following functions when dracut is run: + # + # - copy the persistent root device configuration to the initial ram disk + # - install a boot-time hook to apply firmware-provided configuration data + # to the system + # ++# The 96zdev-live module performs the following functions when dracut is run: ++# ++# - install a boot-time hook to apply command-line-provided configuration data ++# to a no-hostonly built initial ram disk for use in live/installation media ++# + ifeq ($(HAVE_DRACUT),1) + install: + $(INSTALL) -m 755 -d $(DESTDIR)$(DRACUTMODDIR)/ +@@ -29,4 +35,9 @@ + $(INSTALL) -m 755 -d $(DESTDIR)$(DRACUTMODDIR)/$(ZDEVKDUMPDIR) + $(INSTALL) -m 755 $(ZDEVKDUMPDIR)/module-setup.sh \ + $(DESTDIR)$(DRACUTMODDIR)/$(ZDEVKDUMPDIR)/ ++ $(INSTALL) -m 755 -d $(DESTDIR)$(DRACUTMODDIR)/$(ZDEVLIVEDIR) ++ $(INSTALL) -m 755 $(ZDEVLIVEDIR)/module-setup.sh \ ++ $(ZDEVLIVEDIR)/parse-zdev-live.sh \ ++ $(ZDEVLIVEDIR)/write-udev-live.sh \ ++ $(DESTDIR)$(DRACUTMODDIR)/$(ZDEVLIVEDIR)/ + endif diff --git a/s390-tools-Additional-update-01.patch b/s390-tools-Additional-update-01.patch new file mode 100644 index 0000000..1433eb5 --- /dev/null +++ b/s390-tools-Additional-update-01.patch @@ -0,0 +1,64 @@ +From dff965465ca9d9c4edaf0f90eadd9a6de335b354 Mon Sep 17 00:00:00 2001 +From: Niklas Schnelle +Date: Fri, 6 Dec 2024 15:28:08 +0100 +Subject: [PATCH] opticsmon: Fix runaway loop in on_link_change() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When on_link_change() gets called with a netdev that would be monitored +but hasn't entered zpci_list yet, reloads is 1 after the loops and +a reload occurs. Then the netdev is found in the list and reloads +becomes -1 which incorrectly triggers more reloads until underflow. +Fix this by returning once the device is found. Also just check for +reloads being larger than zero. + +Fixes: c34adb9cabee ("opticsmon: Introduce opticsmon tool") +Reviewed-by: Halil Pasic +Signed-off-by: Niklas Schnelle +Signed-off-by: Jan Höppner +--- + opticsmon/opticsmon.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/opticsmon/opticsmon.c b/opticsmon/opticsmon.c +index c2f355e2..50dd8d7f 100644 +--- a/opticsmon/opticsmon.c ++++ b/opticsmon/opticsmon.c +@@ -280,16 +280,15 @@ void on_link_change(struct zpci_netdev *netdev, void *arg) + if (!ctx->zpci_list || util_list_is_empty(ctx->zpci_list)) + zpci_list_reload(&ctx->zpci_list); + +-reload: ++find: + util_list_iterate(ctx->zpci_list, zdev) { + for (i = 0; i < zdev->num_netdevs; i++) { + if (!strcmp(zdev->netdevs[i].name, netdev->name)) { +- reloads--; + /* Skip data collection if operational state is + * unchanged + */ + if (zdev->netdevs[i].operstate == netdev->operstate) +- continue; ++ return; + /* Update operation state for VFs even though + * they are skipped just for a consistent view + */ +@@ -297,14 +296,15 @@ void on_link_change(struct zpci_netdev *netdev, void *arg) + /* Only collect optics data for PFs */ + if (!zpci_is_vf(zdev)) + dump_adapter_data(ctx, zdev); ++ return; + } + } + } + /* Might be a new device, reload list of devices and retry */ +- if (reloads) { ++ if (reloads > 0) { + zpci_list_reload(&ctx->zpci_list); + reloads--; +- goto reload; ++ goto find; + } + } + diff --git a/s390-tools-Additional-update-02.patch b/s390-tools-Additional-update-02.patch new file mode 100644 index 0000000..7c711cc --- /dev/null +++ b/s390-tools-Additional-update-02.patch @@ -0,0 +1,129 @@ +From cf5560a100b5552e2eeeaac9c60a88ae77233530 Mon Sep 17 00:00:00 2001 +From: Niklas Schnelle +Date: Mon, 9 Dec 2024 15:08:03 +0100 +Subject: [PATCH] libzpci: opticsmon: Refactor on_link_change() using new + zpci_find_by_netdev() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Finding a PCI device given the name of a netdev seems generally useful +so pull this out into a new zpci_find_by_netdev() function in libzpci +and use this to simplify on_link_change() removing the need for +backwards goto. + +Reviewed-by: Halil Pasic +Reviewed-by: Jan Höppner +Signed-off-by: Niklas Schnelle +Signed-off-by: Jan Höppner +--- + include/lib/pci_list.h | 3 +++ + libzpci/pci_list.c | 31 +++++++++++++++++++++++++++++++ + opticsmon/opticsmon.c | 27 +++++++++++---------------- + 3 files changed, 45 insertions(+), 16 deletions(-) + +diff --git a/include/lib/pci_list.h b/include/lib/pci_list.h +index 829ec244..5b2918bc 100644 +--- a/include/lib/pci_list.h ++++ b/include/lib/pci_list.h +@@ -93,4 +93,7 @@ const char *zpci_pft_str(struct zpci_dev *zdev); + const char *zpci_operstate_str(operstate_t state); + operstate_t zpci_operstate_from_str(const char *oper_str); + ++struct zpci_dev *zpci_find_by_netdev(struct util_list *zpci_list, char *netdev_name, ++ struct zpci_netdev **netdev); ++ + #endif /* LIB_ZPCI_PCI_LIST_H */ +diff --git a/libzpci/pci_list.c b/libzpci/pci_list.c +index 10f64e89..e0d56e44 100644 +--- a/libzpci/pci_list.c ++++ b/libzpci/pci_list.c +@@ -356,3 +356,34 @@ void zpci_free_dev_list(struct util_list *zpci_list) + } + util_list_free(zpci_list); + } ++ ++/** ++ * Find a PCI device given the name of a netdev ++ * ++ * This function allows finding a PCI device when only the name of one ++ * of its netdevs is known. ++ * ++ * @param[in] zpci_list The device list to search ++ * @param[in] netdev_name The name of the netdev ++ * @param[out] netdev Pointer to store the netdev or NULL if ++ * only the PCI device is needed ++ * ++ * @return The PCI device if one is found NULL otherwise ++ */ ++struct zpci_dev *zpci_find_by_netdev(struct util_list *zpci_list, char *netdev_name, ++ struct zpci_netdev **netdev) ++{ ++ struct zpci_dev *zdev = NULL; ++ int i; ++ ++ util_list_iterate(zpci_list, zdev) { ++ for (i = 0; i < zdev->num_netdevs; i++) { ++ if (!strcmp(zdev->netdevs[i].name, netdev_name)) { ++ if (netdev) ++ *netdev = &zdev->netdevs[i]; ++ return zdev; ++ } ++ } ++ } ++ return NULL; ++} +diff --git a/opticsmon/opticsmon.c b/opticsmon/opticsmon.c +index 50dd8d7f..7ecaa125 100644 +--- a/opticsmon/opticsmon.c ++++ b/opticsmon/opticsmon.c +@@ -274,38 +274,33 @@ static int oneshot_mode(struct opticsmon_ctx *ctx) + void on_link_change(struct zpci_netdev *netdev, void *arg) + { + struct opticsmon_ctx *ctx = arg; +- struct zpci_dev *zdev; +- int i, reloads = 1; +- +- if (!ctx->zpci_list || util_list_is_empty(ctx->zpci_list)) +- zpci_list_reload(&ctx->zpci_list); ++ struct zpci_netdev *found_netdev; ++ struct zpci_dev *zdev = NULL; ++ int reloads = 1; + +-find: +- util_list_iterate(ctx->zpci_list, zdev) { +- for (i = 0; i < zdev->num_netdevs; i++) { +- if (!strcmp(zdev->netdevs[i].name, netdev->name)) { ++ do { ++ if (ctx->zpci_list) { ++ zdev = zpci_find_by_netdev(ctx->zpci_list, netdev->name, &found_netdev); ++ if (zdev) { + /* Skip data collection if operational state is + * unchanged + */ +- if (zdev->netdevs[i].operstate == netdev->operstate) ++ if (found_netdev->operstate == netdev->operstate) + return; + /* Update operation state for VFs even though + * they are skipped just for a consistent view + */ +- zdev->netdevs[i].operstate = netdev->operstate; ++ found_netdev->operstate = netdev->operstate; + /* Only collect optics data for PFs */ + if (!zpci_is_vf(zdev)) + dump_adapter_data(ctx, zdev); + return; + } + } +- } +- /* Might be a new device, reload list of devices and retry */ +- if (reloads > 0) { ++ /* Could be uninitalized list or a new device, retry after reload */ + zpci_list_reload(&ctx->zpci_list); + reloads--; +- goto find; +- } ++ } while (reloads > 0); + } + + #define MAX_EVENTS 8 diff --git a/s390-tools-General-update-01.patch b/s390-tools-General-update-01.patch new file mode 100644 index 0000000..fadf386 --- /dev/null +++ b/s390-tools-General-update-01.patch @@ -0,0 +1,147 @@ +From 1e44ace41de3cbd744b22a8f9835473b091186e0 Mon Sep 17 00:00:00 2001 +From: Steffen Eiden +Date: Thu, 18 Jul 2024 10:55:45 +0200 +Subject: [PATCH] rust/pvsecret: Refactor writing secret +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Refactor the writing of secret-type dependent output files to ease +extensions. + +Reviewed-by: Marc Hartmayer +Reviewed-by: Christoph Schlameuss +Signed-off-by: Steffen Eiden +Signed-off-by: Jan Höppner +--- + rust/pv/src/uvsecret/guest_secret.rs | 2 +- + rust/pvsecret/src/cmd/create.rs | 89 +++++++++++++++------------- + 2 files changed, 48 insertions(+), 43 deletions(-) + +diff --git a/rust/pv/src/uvsecret/guest_secret.rs b/rust/pv/src/uvsecret/guest_secret.rs +index 509691fa..4f1db31c 100644 +--- a/rust/pv/src/uvsecret/guest_secret.rs ++++ b/rust/pv/src/uvsecret/guest_secret.rs +@@ -68,7 +68,7 @@ impl GuestSecret { + } + + /// Reference to the confidential data +- pub(crate) fn confidential(&self) -> &[u8] { ++ pub fn confidential(&self) -> &[u8] { + match &self { + Self::Null => &[], + Self::Association { secret, .. } => secret.value().as_slice(), +diff --git a/rust/pvsecret/src/cmd/create.rs b/rust/pvsecret/src/cmd/create.rs +index 808b29e1..9251c38c 100644 +--- a/rust/pvsecret/src/cmd/create.rs ++++ b/rust/pvsecret/src/cmd/create.rs +@@ -62,7 +62,7 @@ pub fn create(opt: &CreateSecretOpt) -> Result<()> { + write_out(&opt.output, ser_asrbc, "add-secret request")?; + info!("Successfully wrote the request to '{}'", &opt.output); + +- write_secret(&opt.secret, &asrcb, &opt.output) ++ write_secret(&opt.secret, asrcb.guest_secret(), &opt.output) + } + + /// Read+parse the first key from the buffer. +@@ -206,54 +206,59 @@ fn read_cuid(asrcb: &mut AddSecretRequest, opt: &CreateSecretOpt) -> Result<()> + Ok(()) + } + ++// Write non confidential data (=name+id) to a yaml stdout ++fn write_yaml>( ++ name: &str, ++ guest_secret: &GuestSecret, ++ stdout: &bool, ++ outp_path: P, ++) -> Result<()> { ++ debug!("Non-confidential secret information: {guest_secret:x?}"); ++ ++ let secret_info = serde_yaml::to_string(guest_secret)?; ++ if stdout.to_owned() { ++ println!("{secret_info}"); ++ return Ok(()); ++ } ++ ++ let gen_name: String = name ++ .chars() ++ .map(|c| if c.is_whitespace() { '_' } else { c }) ++ .collect(); ++ let mut yaml_path = outp_path ++ .as_ref() ++ .parent() ++ .with_context(|| format!("Cannot open directory of {:?}", outp_path.as_ref()))? ++ .to_owned(); ++ yaml_path.push(gen_name); ++ yaml_path.set_extension("yaml"); ++ write_out(&yaml_path, secret_info, "secret information")?; ++ warn!( ++ "Successfully wrote secret info to '{}'", ++ yaml_path.display().to_string() ++ ); ++ Ok(()) ++} ++ + /// Write the generated secret (if any) to the specified output stream + fn write_secret>( + secret: &AddSecretType, +- asrcb: &AddSecretRequest, ++ guest_secret: &GuestSecret, + outp_path: P, + ) -> Result<()> { +- if let AddSecretType::Association { +- name, +- stdout, +- output_secret: secret_out, +- .. +- } = secret +- { +- let gen_name: String = name +- .chars() +- .map(|c| if c.is_whitespace() { '_' } else { c }) +- .collect(); +- let mut gen_path = outp_path +- .as_ref() +- .parent() +- .with_context(|| format!("Cannot open directory of {:?}", outp_path.as_ref()))? +- .to_owned(); +- gen_path.push(format!("{gen_name}.yaml")); +- +- // write non confidential data (=name+id) to a yaml +- let secret_info = serde_yaml::to_string(asrcb.guest_secret())?; +- if stdout.to_owned() { +- println!("{secret_info}"); +- } else { +- write_out(&gen_path, secret_info, "association secret info")?; +- debug!( +- "Non-confidential secret information: {:x?}", +- asrcb.guest_secret() +- ); +- warn!( +- "Successfully wrote association info to '{}'", +- gen_path.display() +- ); +- } +- +- if let Some(path) = secret_out { +- if let GuestSecret::Association { secret, .. } = asrcb.guest_secret() { +- write_out(path, secret.value(), "Association secret")? +- } else { +- unreachable!("The secret type has to be `association` at this point (bug)!") ++ match secret { ++ AddSecretType::Association { ++ name, ++ stdout, ++ output_secret, ++ .. ++ } => { ++ write_yaml(name, guest_secret, stdout, outp_path)?; ++ if let Some(path) = output_secret { ++ write_out(path, guest_secret.confidential(), "Association secret")? + } +- info!("Successfully wrote generated association secret to '{path}'"); + } ++ _ => (), + }; + Ok(()) + } diff --git a/s390-tools-General-update-02.patch b/s390-tools-General-update-02.patch new file mode 100644 index 0000000..a1a1ac1 --- /dev/null +++ b/s390-tools-General-update-02.patch @@ -0,0 +1,467 @@ +From d1636168b26cc842bc0766235c8a4f2da9663f20 Mon Sep 17 00:00:00 2001 +From: Steffen Eiden +Date: Tue, 5 Mar 2024 10:46:29 +0100 +Subject: [PATCH] rust/pv: Support for writing data in PEM format +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Use existing OpenSSL functionalities to create PEM files containing +arbitrary data. + +Acked-by: Marc Hartmayer +Acked-by: Christoph Schlameuss +Signed-off-by: Steffen Eiden +Signed-off-by: Jan Höppner +--- + rust/pv/src/error.rs | 3 + + rust/pv/src/lib.rs | 6 + + rust/pv/src/openssl_extensions/bio.rs | 85 +++++++ + rust/pv/src/openssl_extensions/mod.rs | 2 + + .../src/openssl_extensions/stackable_crl.rs | 41 +--- + rust/pv/src/pem_utils.rs | 222 ++++++++++++++++++ + 6 files changed, 321 insertions(+), 38 deletions(-) + create mode 100644 rust/pv/src/openssl_extensions/bio.rs + create mode 100644 rust/pv/src/pem_utils.rs + +diff --git a/rust/pv/src/error.rs b/rust/pv/src/error.rs +index af85e93e..3ba808f2 100644 +--- a/rust/pv/src/error.rs ++++ b/rust/pv/src/error.rs +@@ -106,6 +106,9 @@ pub enum Error { + )] + AddDataMissing(&'static str), + ++ #[error("An ASCII string was expected, but non-ASCII characters were received.")] ++ NonAscii, ++ + // errors from other crates + #[error(transparent)] + PvCore(#[from] pv_core::Error), +diff --git a/rust/pv/src/lib.rs b/rust/pv/src/lib.rs +index 7a33210c..ec31b9a4 100644 +--- a/rust/pv/src/lib.rs ++++ b/rust/pv/src/lib.rs +@@ -37,6 +37,7 @@ mod brcb; + mod crypto; + mod error; + mod openssl_extensions; ++mod pem_utils; + mod req; + mod utils; + mod uvattest; +@@ -71,6 +72,11 @@ pub mod attest { + }; + } + ++/// Definitions and functions to write objects in PEM format ++pub mod pem { ++ pub use crate::pem_utils::Pem; ++} ++ + /// Miscellaneous functions and definitions + pub mod misc { + pub use pv_core::misc::*; +diff --git a/rust/pv/src/openssl_extensions/bio.rs b/rust/pv/src/openssl_extensions/bio.rs +new file mode 100644 +index 00000000..73528eed +--- /dev/null ++++ b/rust/pv/src/openssl_extensions/bio.rs +@@ -0,0 +1,85 @@ ++// SPDX-License-Identifier: MIT ++// ++// Copyright IBM Corp. 2024 ++ ++use core::slice; ++use openssl::error::ErrorStack; ++use openssl_sys::BIO_new_mem_buf; ++use std::ffi::c_int; ++use std::{marker::PhantomData, ptr}; ++ ++pub struct BioMem(*mut openssl_sys::BIO); ++ ++impl Drop for BioMem { ++ fn drop(&mut self) { ++ // SAFETY: Pointer is valid. The pointer value is dropped after the free. ++ unsafe { ++ openssl_sys::BIO_free_all(self.0); ++ } ++ } ++} ++ ++impl BioMem { ++ pub fn new() -> Result { ++ openssl_sys::init(); ++ ++ // SAFETY: Returns a valid pointer or null. null-case is tested right after this. ++ let bio = unsafe { openssl_sys::BIO_new(openssl_sys::BIO_s_mem()) }; ++ match bio.is_null() { ++ true => Err(ErrorStack::get()), ++ false => Ok(Self(bio)), ++ } ++ } ++ ++ pub fn as_ptr(&self) -> *mut openssl_sys::BIO { ++ self.0 ++ } ++ ++ /// Copies the content of this slice into a Vec ++ pub fn to_vec(&self) -> Vec { ++ let buf; ++ // SAFTEY: BIO provides a continuous memory that can be used to build a slice. ++ unsafe { ++ let mut ptr = ptr::null_mut(); ++ let len = openssl_sys::BIO_get_mem_data(self.0, &mut ptr); ++ buf = slice::from_raw_parts(ptr as *const _ as *const _, len as usize) ++ } ++ buf.to_vec() ++ } ++} ++ ++pub struct BioMemSlice<'a>(*mut openssl_sys::BIO, PhantomData<&'a [u8]>); ++impl Drop for BioMemSlice<'_> { ++ fn drop(&mut self) { ++ // SAFETY: Pointer is valid. The pointer value is dropped after the free. ++ unsafe { ++ openssl_sys::BIO_free_all(self.0); ++ } ++ } ++} ++ ++impl<'a> BioMemSlice<'a> { ++ pub fn new(buf: &'a [u8]) -> Result, ErrorStack> { ++ openssl_sys::init(); ++ ++ // SAFETY: `buf` is a slice (i.e. pointer+size) pointing to a valid memory region. ++ // So the resulting bio is valid. Lifetime of the slice is connected by this Rust ++ // structure. ++ assert!(buf.len() <= c_int::MAX as usize); ++ let bio = unsafe { ++ { ++ let r = BIO_new_mem_buf(buf.as_ptr() as *const _, buf.len() as c_int); ++ match r.is_null() { ++ true => Err(ErrorStack::get()), ++ false => Ok(r), ++ } ++ }? ++ }; ++ ++ Ok(BioMemSlice(bio, PhantomData)) ++ } ++ ++ pub fn as_ptr(&self) -> *mut openssl_sys::BIO { ++ self.0 ++ } ++} +diff --git a/rust/pv/src/openssl_extensions/mod.rs b/rust/pv/src/openssl_extensions/mod.rs +index fab26638..f6234e5d 100644 +--- a/rust/pv/src/openssl_extensions/mod.rs ++++ b/rust/pv/src/openssl_extensions/mod.rs +@@ -6,8 +6,10 @@ + + /// Extensions to the rust-openssl crate + mod akid; ++mod bio; + mod crl; + mod stackable_crl; + + pub use akid::*; ++pub use bio::*; + pub use crl::*; +diff --git a/rust/pv/src/openssl_extensions/stackable_crl.rs b/rust/pv/src/openssl_extensions/stackable_crl.rs +index aef7cf86..12a9f9de 100644 +--- a/rust/pv/src/openssl_extensions/stackable_crl.rs ++++ b/rust/pv/src/openssl_extensions/stackable_crl.rs +@@ -2,16 +2,14 @@ + // + // Copyright IBM Corp. 2023 + +-use std::{marker::PhantomData, ptr}; +- ++use crate::openssl_extensions::bio::BioMemSlice; + use foreign_types::{ForeignType, ForeignTypeRef}; + use openssl::{ + error::ErrorStack, + stack::Stackable, + x509::{X509Crl, X509CrlRef}, + }; +-use openssl_sys::BIO_new_mem_buf; +-use std::ffi::c_int; ++use std::ptr; + + #[derive(Debug)] + pub struct StackableX509Crl(*mut openssl_sys::X509_CRL); +@@ -62,44 +60,11 @@ impl Stackable for StackableX509Crl { + type StackType = openssl_sys::stack_st_X509_CRL; + } + +-pub struct MemBioSlice<'a>(*mut openssl_sys::BIO, PhantomData<&'a [u8]>); +-impl Drop for MemBioSlice<'_> { +- fn drop(&mut self) { +- unsafe { +- openssl_sys::BIO_free_all(self.0); +- } +- } +-} +- +-impl<'a> MemBioSlice<'a> { +- pub fn new(buf: &'a [u8]) -> Result, ErrorStack> { +- openssl_sys::init(); +- +- assert!(buf.len() <= c_int::MAX as usize); +- let bio = unsafe { +- { +- let r = BIO_new_mem_buf(buf.as_ptr() as *const _, buf.len() as c_int); +- if r.is_null() { +- Err(ErrorStack::get()) +- } else { +- Ok(r) +- } +- }? +- }; +- +- Ok(MemBioSlice(bio, PhantomData)) +- } +- +- pub fn as_ptr(&self) -> *mut openssl_sys::BIO { +- self.0 +- } +-} +- + impl StackableX509Crl { + pub fn stack_from_pem(pem: &[u8]) -> Result, ErrorStack> { + unsafe { + openssl_sys::init(); +- let bio = MemBioSlice::new(pem)?; ++ let bio = BioMemSlice::new(pem)?; + + let mut crls = vec![]; + loop { +diff --git a/rust/pv/src/pem_utils.rs b/rust/pv/src/pem_utils.rs +new file mode 100644 +index 00000000..e6462519 +--- /dev/null ++++ b/rust/pv/src/pem_utils.rs +@@ -0,0 +1,222 @@ ++// SPDX-License-Identifier: MIT ++// ++// Copyright IBM Corp. 2024 ++ ++use crate::Result; ++use crate::{openssl_extensions::BioMem, Error}; ++use openssl::error::ErrorStack; ++use pv_core::request::Confidential; ++use std::{ ++ ffi::{c_char, CString}, ++ fmt::Display, ++}; ++ ++mod ffi { ++ use openssl_sys::BIO; ++ use std::ffi::{c_char, c_int, c_long, c_uchar}; ++ extern "C" { ++ pub fn PEM_write_bio( ++ bio: *mut BIO, ++ name: *const c_char, ++ header: *const c_char, ++ data: *const c_uchar, ++ len: c_long, ++ ) -> c_int; ++ } ++} ++ ++/// Thin wrapper around [`CString`] only containing ASCII chars. ++#[derive(Debug)] ++struct AsciiCString(CString); ++ ++impl AsciiCString { ++ /// Convert from string ++ /// ++ /// # Returns ++ /// Error if string is not ASCII or contains null chars ++ pub(crate) fn from_str(s: &str) -> Result { ++ match s.is_ascii() { ++ true => Ok(Self(CString::new(s).map_err(|_| Error::NonAscii)?)), ++ false => Err(Error::NonAscii), ++ } ++ } ++ ++ fn as_ptr(&self) -> *const c_char { ++ self.0.as_ptr() ++ } ++} ++ ++/// Helper struct to construct the PEM format ++#[derive(Debug)] ++struct InnerPem<'d> { ++ name: AsciiCString, ++ header: Option, ++ data: &'d [u8], ++} ++ ++impl<'d> InnerPem<'d> { ++ fn new(name: &str, header: Option, data: &'d [u8]) -> Result { ++ Ok(Self { ++ name: AsciiCString::from_str(name)?, ++ header: match header { ++ Some(h) => Some(AsciiCString::from_str(&h)?), ++ None => None, ++ }, ++ data, ++ }) ++ } ++ ++ /// Generate PEM representation of the data ++ fn to_pem(&self) -> Result> { ++ let bio = BioMem::new()?; ++ let hdr_ptr = match self.header { ++ // avoid moving variable -> use reference ++ Some(ref h) => h.as_ptr(), ++ None => std::ptr::null(), ++ }; ++ ++ // SAFETY: ++ // All pointers point to valid C strings or memory regions ++ let rc = unsafe { ++ ffi::PEM_write_bio( ++ bio.as_ptr(), ++ self.name.as_ptr(), ++ hdr_ptr, ++ self.data.as_ptr(), ++ self.data.len() as std::ffi::c_long, ++ ) ++ }; ++ ++ match rc { ++ 1 => Err(Error::InternalSsl("Could not write PEM", ErrorStack::get())), ++ _ => Ok(bio.to_vec()), ++ } ++ } ++} ++ ++/// Data in PEM format ++/// ++/// Displays into a printable PEM structure. ++/// Must be constructed from another structure in this library. ++/// ++/// ```rust,ignore ++/// let pem: Pem = ...; ++/// println!("PEM {pem}"); ++/// ``` ++/// ```PEM ++///-----BEGIN ----- ++///
++/// ++/// ++///-----END ----- ++ ++#[derive(Debug)] ++pub struct Pem { ++ pem: Confidential, ++} ++ ++#[allow(unused)] ++impl Pem { ++ /// Create a new PEM structure. ++ /// ++ /// # Errors ++ /// ++ /// This function will return an error if name or header contain non-ASCII chars, or OpenSSL ++ /// could not generate the PEM (very likely due to OOM). ++ pub(crate) fn new(name: &str, header: H, data: D) -> Result ++ where ++ D: AsRef<[u8]>, ++ H: Into>, ++ { ++ let mut header = header.into(); ++ let header = match header { ++ Some(h) if h.ends_with('\n') => Some(h), ++ Some(h) if h.is_empty() => None, ++ Some(mut h) => { ++ h.push('\n'); ++ Some(h) ++ } ++ None => None, ++ }; ++ ++ let inner_pem = InnerPem::new(name, header, data.as_ref())?; ++ ++ // Create the PEM format eagerly so that to_string/display cannot fail because of ASCII or OpenSSL Errors ++ // Both error should be very unlikely ++ // OpenSSL should be able to create PEM if there is enough memory and produce a non-null ++ // terminated ASCII-string ++ // Unwrap succeeds it's all ASCII ++ // Std lib implements all the conversations without a copy ++ let pem = CString::new(inner_pem.to_pem()?) ++ .map_err(|_| Error::NonAscii)? ++ .into_string() ++ .unwrap() ++ .into(); ++ ++ Ok(Self { pem }) ++ } ++ ++ /// Converts the PEM-data into a byte vector. ++ /// ++ /// This consumes the `PEM`. ++ #[inline] ++ #[must_use = "`self` will be dropped if the result is not used"] ++ pub fn into_bytes(self) -> Confidential> { ++ self.pem.into_inner().into_bytes().into() ++ } ++} ++ ++impl Display for Pem { ++ fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { ++ self.pem.value().fmt(f) ++ } ++} ++ ++#[cfg(test)] ++mod test { ++ use super::*; ++ ++ #[test] ++ fn no_data() { ++ const EXP: &str = ++ "-----BEGIN PEM test-----\ntest hdr value: 17\n\n-----END PEM test-----\n"; ++ let test_pem = Pem::new("PEM test", "test hdr value: 17".to_string(), []).unwrap(); ++ let pem_str = test_pem.to_string(); ++ assert_eq!(pem_str, EXP); ++ } ++ ++ #[test] ++ fn no_hdr() { ++ const EXP: &str = ++ "-----BEGIN PEM test-----\ndmVyeSBzZWNyZXQga2V5\n-----END PEM test-----\n"; ++ let test_pem = Pem::new("PEM test", None, "very secret key").unwrap(); ++ let pem_str = test_pem.to_string(); ++ assert_eq!(pem_str, EXP); ++ } ++ ++ #[test] ++ fn some_data() { ++ const EXP: &str= "-----BEGIN PEM test-----\ntest hdr value: 17\n\ndmVyeSBzZWNyZXQga2V5\n-----END PEM test-----\n"; ++ let test_pem = Pem::new( ++ "PEM test", ++ "test hdr value: 17".to_string(), ++ "very secret key", ++ ) ++ .unwrap(); ++ let pem_str = test_pem.to_string(); ++ assert_eq!(pem_str, EXP); ++ } ++ ++ #[test] ++ fn data_linebreak() { ++ const EXP: &str= "-----BEGIN PEM test-----\ntest hdr value: 17\n\ndmVyeSBzZWNyZXQga2V5\n-----END PEM test-----\n"; ++ let test_pem = Pem::new( ++ "PEM test", ++ "test hdr value: 17\n".to_string(), ++ "very secret key", ++ ) ++ .unwrap(); ++ let pem_str = test_pem.to_string(); ++ assert_eq!(pem_str, EXP); ++ } ++} diff --git a/s390-tools-General-update-03.patch b/s390-tools-General-update-03.patch new file mode 100644 index 0000000..70364cc --- /dev/null +++ b/s390-tools-General-update-03.patch @@ -0,0 +1,57 @@ +From 69eb06f39e5134565babfe96c66a3786c0a571cf Mon Sep 17 00:00:00 2001 +From: Steffen Eiden +Date: Tue, 20 Feb 2024 14:50:47 +0100 +Subject: [PATCH] rust/pv_core: Update ffi.rs to linux/uvdevice.h v6.13 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +While at it, add a file global #[allow(dead_code)]. +The file is a rustified copy of linux/arch/s390/include/uapi/asm/uvdevice.h +and there might be things that are not needed here but are defined in that header. + +Acked-by: Marc Hartmayer +Reviewed-by: Christoph Schlameuss +Signed-off-by: Steffen Eiden +Signed-off-by: Jan Höppner +--- + rust/pv_core/src/uvdevice/ffi.rs | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/rust/pv_core/src/uvdevice/ffi.rs b/rust/pv_core/src/uvdevice/ffi.rs +index bbcc5867..3d9998db 100644 +--- a/rust/pv_core/src/uvdevice/ffi.rs ++++ b/rust/pv_core/src/uvdevice/ffi.rs +@@ -2,6 +2,13 @@ + // + // Copyright IBM Corp. 2023 + ++// This file is a rustified copy of linux/arch/s390/include/uapi/asm/uvdevice.h ++// There might be things that are not needed here but nontheless defined in that header. ++// Those two files should be in sync -> there might be unused/dead code. ++// ++// The `UVIO_IOCTL_*` and `UVIO_SUPP_*` macros ++#![allow(dead_code)] ++ + use std::mem::size_of; + + use crate::{assert_size, static_assert}; +@@ -11,9 +18,8 @@ pub const UVIO_ATT_ARCB_MAX_LEN: usize = 0x100000; + pub const UVIO_ATT_MEASUREMENT_MAX_LEN: usize = 0x8000; + pub const UVIO_ATT_ADDITIONAL_MAX_LEN: usize = 0x8000; + pub const UVIO_ADD_SECRET_MAX_LEN: usize = 0x100000; +-#[allow(unused)] +-// here for completeness + pub const UVIO_LIST_SECRETS_LEN: usize = 0x1000; ++pub const UVIO_RETR_SECRET_MAX_LEN: usize = 0x2000; + + // equal to ascii 'u' + pub const UVIO_TYPE_UVC: u8 = 117u8; +@@ -23,6 +29,7 @@ pub const UVIO_IOCTL_ATT_NR: u8 = 1; + pub const UVIO_IOCTL_ADD_SECRET_NR: u8 = 2; + pub const UVIO_IOCTL_LIST_SECRETS_NR: u8 = 3; + pub const UVIO_IOCTL_LOCK_SECRETS_NR: u8 = 4; ++pub const UVIO_IOCTL_RETR_SECRET_NR: u8 = 5; + + /// Uvdevice IOCTL control block + /// Programs can use this struct to communicate with the uvdevice via IOCTLs diff --git a/s390-tools-General-update-04.patch b/s390-tools-General-update-04.patch new file mode 100644 index 0000000..88e1007 --- /dev/null +++ b/s390-tools-General-update-04.patch @@ -0,0 +1,204 @@ +From 01cd81ecf5d1a7e1e504ae1b67692cf63cd4b51d Mon Sep 17 00:00:00 2001 +From: Steffen Eiden +Date: Tue, 5 Mar 2024 11:56:57 +0100 +Subject: [PATCH] rust/pv_core: Retrieve Secret UVC +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Create the uvdevice-IOCTL functionality for the new Retrieve Secret UVC. + +Reviewed-by: Christoph Schlameuss +Acked-by: Marc Hartmayer +Signed-off-by: Steffen Eiden +Signed-off-by: Jan Höppner +--- + rust/pv_core/src/error.rs | 7 ++ + rust/pv_core/src/lib.rs | 2 +- + rust/pv_core/src/uvdevice/secret.rs | 97 +++++++++++++++++++++++- + rust/pv_core/src/uvdevice/secret_list.rs | 15 ++++ + 4 files changed, 118 insertions(+), 3 deletions(-) + +diff --git a/rust/pv_core/src/error.rs b/rust/pv_core/src/error.rs +index 20fca24d..ba7b7e26 100644 +--- a/rust/pv_core/src/error.rs ++++ b/rust/pv_core/src/error.rs +@@ -4,6 +4,8 @@ + + use std::path::PathBuf; + ++use crate::uv::SecretId; ++ + /// Result type for this crate + pub type Result = std::result::Result; + +@@ -70,6 +72,11 @@ pub enum Error { + #[error("The attestation request does not specify a measurement size or measurement data.")] + BinArcbNoMeasurement, + ++ #[error( ++ "The secret with the ID {id} cannot be retrieved. The requested size is too large ({size})" ++ )] ++ InvalidRetrievableSecretType { id: SecretId, size: usize }, ++ + // errors from other crates + #[error(transparent)] + Io(#[from] std::io::Error), +diff --git a/rust/pv_core/src/lib.rs b/rust/pv_core/src/lib.rs +index 349c0b28..5922211f 100644 +--- a/rust/pv_core/src/lib.rs ++++ b/rust/pv_core/src/lib.rs +@@ -32,7 +32,7 @@ pub mod misc { + /// [`crate::uv::UvCmd`] + pub mod uv { + pub use crate::uvdevice::attest::AttestationCmd; +- pub use crate::uvdevice::secret::{AddCmd, ListCmd, LockCmd}; ++ pub use crate::uvdevice::secret::{AddCmd, ListCmd, LockCmd, RetrieveCmd}; + pub use crate::uvdevice::secret_list::{ListableSecretType, SecretEntry, SecretId, SecretList}; + pub use crate::uvdevice::{ConfigUid, UvCmd, UvDevice, UvDeviceInfo, UvFlags, UvcSuccess}; + } +diff --git a/rust/pv_core/src/uvdevice/secret.rs b/rust/pv_core/src/uvdevice/secret.rs +index 6c22b6ed..263f17d5 100644 +--- a/rust/pv_core/src/uvdevice/secret.rs ++++ b/rust/pv_core/src/uvdevice/secret.rs +@@ -3,8 +3,15 @@ + // Copyright IBM Corp. 2023 + + use super::ffi; +-use crate::{request::MagicValue, uv::UvCmd, uvsecret::AddSecretMagic, Error, Result, PAGESIZE}; +-use std::io::Read; ++use crate::{ ++ request::{Confidential, MagicValue}, ++ uv::{SecretEntry, UvCmd}, ++ uvsecret::AddSecretMagic, ++ Error, Result, PAGESIZE, ++}; ++use log::debug; ++use std::{io::Read, mem::size_of_val}; ++use zerocopy::AsBytes; + + /// _List Secrets_ Ultravisor command. + /// +@@ -116,3 +123,89 @@ impl UvCmd for LockCmd { + } + } + } ++ ++/// Retrieve a secret value from UV store ++#[derive(Debug)] ++pub struct RetrieveCmd { ++ entry: SecretEntry, ++ key: Confidential>, ++} ++ ++impl RetrieveCmd { ++ /// Maximum size of a retrieved key (=2 pages) ++ pub const MAX_SIZE: usize = ffi::UVIO_RETR_SECRET_MAX_LEN; ++ ++ /// Create a retrieve-secret UVC from a [`SecretEntry`]. ++ /// ++ /// This uses the index of the secret entry for the UVC. ++ pub fn from_entry(entry: SecretEntry) -> Result { ++ entry.try_into() ++ } ++ ++ /// Transform a [`RetrieveCmd`] into a key-vector. ++ /// ++ /// Only makes sense to call after a successful UVC execution. ++ pub fn into_key(self) -> Confidential> { ++ self.key ++ } ++ ++ /// Get the secret entry ++ /// ++ /// Get the secret entry that is used as metadata to retrieve the secret ++ pub fn meta_data(&self) -> &SecretEntry { ++ &self.entry ++ } ++} ++ ++impl TryFrom for RetrieveCmd { ++ type Error = Error; ++ ++ fn try_from(entry: SecretEntry) -> Result { ++ let len = entry.secret_size() as usize; ++ ++ // Next to impossible if the secret entry is a valid response from UV ++ if len > Self::MAX_SIZE { ++ return Err(Error::InvalidRetrievableSecretType { ++ id: entry.secret_id().to_owned(), ++ size: len, ++ }); ++ } ++ ++ // Ensure that an u16 fits into the buffer. ++ let size = std::cmp::max(size_of_val(&entry.index()), len); ++ debug!("Create a buf with {} elements", size); ++ let mut buf = vec![0; size]; ++ // The IOCTL expects the secret index in the first two bytes of the buffer. They will be ++ // overwritten in the response ++ entry.index_be().write_to_prefix(&mut buf).unwrap(); ++ Ok(Self { ++ entry, ++ key: buf.into(), ++ }) ++ } ++} ++ ++impl UvCmd for RetrieveCmd { ++ const UV_IOCTL_NR: u8 = ffi::UVIO_IOCTL_RETR_SECRET_NR; ++ ++ fn rc_fmt(&self, rc: u16, _: u16) -> Option<&'static str> { ++ match rc { ++ // should not appear (TM), software creates request from a list item ++ 0x0009 => Some("the allocated buffer is to small to store the secret"), ++ // should not appear (TM), kernel allocates the memory ++ 0x0102 => { ++ Some("access exception recognized when accessing retrieved secret storage area") ++ } ++ // should not appear (TM), software creates request from a list item ++ 0x010f => Some("the Secret Store is empty"), ++ // should not appear (TM), software creates request from a list item ++ 0x0110 => Some("the Secret Store does not contain a secret with the specified index"), ++ 0x0111 => Some("the secret is not retrievable"), ++ _ => None, ++ } ++ } ++ ++ fn data(&mut self) -> Option<&mut [u8]> { ++ Some(self.key.value_mut()) ++ } ++} +diff --git a/rust/pv_core/src/uvdevice/secret_list.rs b/rust/pv_core/src/uvdevice/secret_list.rs +index d20928b5..0a8af504 100644 +--- a/rust/pv_core/src/uvdevice/secret_list.rs ++++ b/rust/pv_core/src/uvdevice/secret_list.rs +@@ -110,6 +110,11 @@ impl SecretEntry { + self.index.get() + } + ++ /// Returns the index of this [`SecretEntry`] in BE. ++ pub(crate) fn index_be(&self) -> &U16 { ++ &self.index ++ } ++ + /// Returns the secret type of this [`SecretEntry`]. + pub fn stype(&self) -> ListableSecretType { + self.stype.into() +@@ -127,6 +132,16 @@ impl SecretEntry { + pub fn id(&self) -> &[u8] { + self.id.as_ref() + } ++ ++ /// Get the id as [`SecretId`] reference ++ pub(crate) fn secret_id(&self) -> &SecretId { ++ &self.id ++ } ++ ++ /// Returns the secret size of this [`SecretEntry`]. ++ pub fn secret_size(&self) -> u32 { ++ self.len.get() ++ } + } + + impl Display for SecretEntry { diff --git a/s390-tools-General-update-05.patch b/s390-tools-General-update-05.patch new file mode 100644 index 0000000..4750656 --- /dev/null +++ b/s390-tools-General-update-05.patch @@ -0,0 +1,710 @@ +From 4af137f4fad8638169ccf0ddcb6dc4b0fe8fb1c1 Mon Sep 17 00:00:00 2001 +From: Steffen Eiden +Date: Tue, 5 Mar 2024 12:16:44 +0100 +Subject: [PATCH] rust/pv_core: Support for listing Retrievable Secrets +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Add support for listing retrievable secrets in the List Secrets UVC. + +Acked-by: Marc Hartmayer +Reviewed-by: Christoph Schlameuss +Signed-off-by: Steffen Eiden +Signed-off-by: Jan Höppner +--- + rust/pv_core/src/lib.rs | 2 + + rust/pv_core/src/uvdevice.rs | 1 + + rust/pv_core/src/uvdevice/retr_secret.rs | 399 +++++++++++++++++++++++ + rust/pv_core/src/uvdevice/secret_list.rs | 157 +++++++-- + 4 files changed, 536 insertions(+), 23 deletions(-) + create mode 100644 rust/pv_core/src/uvdevice/retr_secret.rs + +diff --git a/rust/pv_core/src/lib.rs b/rust/pv_core/src/lib.rs +index 5922211f..caebfcea 100644 +--- a/rust/pv_core/src/lib.rs ++++ b/rust/pv_core/src/lib.rs +@@ -32,6 +32,8 @@ pub mod misc { + /// [`crate::uv::UvCmd`] + pub mod uv { + pub use crate::uvdevice::attest::AttestationCmd; ++ pub use crate::uvdevice::retr_secret::RetrievableSecret; ++ pub use crate::uvdevice::retr_secret::{AesSizes, AesXtsSizes, EcCurves, HmacShaSizes}; + pub use crate::uvdevice::secret::{AddCmd, ListCmd, LockCmd, RetrieveCmd}; + pub use crate::uvdevice::secret_list::{ListableSecretType, SecretEntry, SecretId, SecretList}; + pub use crate::uvdevice::{ConfigUid, UvCmd, UvDevice, UvDeviceInfo, UvFlags, UvcSuccess}; +diff --git a/rust/pv_core/src/uvdevice.rs b/rust/pv_core/src/uvdevice.rs +index d4176815..e9848243 100644 +--- a/rust/pv_core/src/uvdevice.rs ++++ b/rust/pv_core/src/uvdevice.rs +@@ -25,6 +25,7 @@ mod info; + mod test; + pub(crate) use ffi::uv_ioctl; + pub mod attest; ++pub mod retr_secret; + pub mod secret; + pub mod secret_list; + +diff --git a/rust/pv_core/src/uvdevice/retr_secret.rs b/rust/pv_core/src/uvdevice/retr_secret.rs +new file mode 100644 +index 00000000..490152b4 +--- /dev/null ++++ b/rust/pv_core/src/uvdevice/retr_secret.rs +@@ -0,0 +1,399 @@ ++// SPDX-License-Identifier: MIT ++// ++// Copyright IBM Corp. 2024 ++ ++use crate::uv::{ListableSecretType, RetrieveCmd}; ++use serde::{Deserialize, Serialize, Serializer}; ++use std::fmt::Display; ++ ++/// Allowed sizes for AES keys ++#[non_exhaustive] ++#[derive(PartialEq, Eq, Debug)] ++pub enum AesSizes { ++ /// 128 bit key ++ Bits128, ++ /// 192 bit key ++ Bits192, ++ /// 256 bit key ++ Bits256, ++} ++ ++impl AesSizes { ++ /// Construct the key-size from the bit-size. ++ /// ++ /// Returns [`None`] if the bit-size is not supported. ++ pub fn from_bits(bits: u32) -> Option { ++ match bits { ++ 128 => Some(Self::Bits128), ++ 192 => Some(Self::Bits192), ++ 256 => Some(Self::Bits256), ++ _ => None, ++ } ++ } ++ ++ /// Returns the bit-size for the key-type ++ const fn bit_size(&self) -> u32 { ++ match self { ++ Self::Bits128 => 128, ++ Self::Bits192 => 192, ++ Self::Bits256 => 256, ++ } ++ } ++} ++ ++impl Display for AesSizes { ++ fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { ++ write!(f, "{}", self.bit_size()) ++ } ++} ++ ++/// Allowed sizes for AES-XTS keys ++#[non_exhaustive] ++#[derive(PartialEq, Eq, Debug)] ++pub enum AesXtsSizes { ++ /// Two AES 128 bit keys ++ Bits128, ++ /// Two AES 256 bit keys ++ Bits256, ++} ++ ++impl AesXtsSizes { ++ /// Construct the key-size from the bit-size. ++ /// ++ /// It's a key containing two keys; bit-size is half the number of bits it has ++ /// Returns [`None`] if the bit-size is not supported. ++ pub fn from_bits(bits: u32) -> Option { ++ match bits { ++ 128 => Some(Self::Bits128), ++ 256 => Some(Self::Bits256), ++ _ => None, ++ } ++ } ++ ++ /// Returns the bit-size for the key-type ++ /// ++ /// It's a key containing two keys: bit-size is half the number of bits it has ++ const fn bit_size(&self) -> u32 { ++ match self { ++ Self::Bits128 => 128, ++ Self::Bits256 => 256, ++ } ++ } ++} ++ ++impl Display for AesXtsSizes { ++ fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { ++ write!(f, "{}", self.bit_size()) ++ } ++} ++ ++/// Allowed sizes for HMAC-SHA keys ++#[non_exhaustive] ++#[derive(PartialEq, Eq, Debug)] ++pub enum HmacShaSizes { ++ /// SHA 256 bit ++ Sha256, ++ /// SHA 512 bit ++ Sha512, ++} ++ ++impl HmacShaSizes { ++ /// Construct the key-size from the sha-size. ++ /// ++ /// FW expects maximum resistance keys (double the SHA size). ++ /// The `sha_size` is half of the number of bits in the key ++ /// Returns [`None`] if the `sha_size` is not supported. ++ pub fn from_sha_size(sha_size: u32) -> Option { ++ match sha_size { ++ 256 => Some(Self::Sha256), ++ 512 => Some(Self::Sha512), ++ _ => None, ++ } ++ } ++ ++ /// Returns the sha-size for the key-type ++ /// ++ /// FW expects maximum resistance keys (double the SHA size). ++ /// The `sha_size` is half of the number of bits in the key ++ const fn sha_size(&self) -> u32 { ++ match self { ++ Self::Sha256 => 256, ++ Self::Sha512 => 512, ++ } ++ } ++} ++ ++impl Display for HmacShaSizes { ++ fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { ++ write!(f, "{}", self.sha_size()) ++ } ++} ++ ++/// Allowed curves for EC private keys ++#[non_exhaustive] ++#[derive(PartialEq, Eq, Debug)] ++pub enum EcCurves { ++ /// secp256r1 or prime256v1 curve ++ Secp256R1, ++ /// secp384p1 curve ++ Secp384R1, ++ /// secp521r1 curve ++ Secp521R1, ++ /// ed25519 curve ++ Ed25519, ++ /// ed448 curve ++ Ed448, ++} ++ ++impl EcCurves { ++ const fn exp_size(&self) -> usize { ++ match self { ++ Self::Secp256R1 => 32, ++ Self::Secp384R1 => 48, ++ Self::Secp521R1 => 80, ++ Self::Ed25519 => 32, ++ Self::Ed448 => 64, ++ } ++ } ++ ++ /// Resizes the raw key to the expected size. ++ /// ++ /// See [`Vec::resize`] ++ pub fn resize_raw_key(&self, mut raw: Vec) -> Vec { ++ raw.resize(self.exp_size(), 0); ++ raw ++ } ++} ++ ++// The names have to stay constant, otherwise the PEM contains invalid types ++impl Display for EcCurves { ++ fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { ++ match self { ++ Self::Secp256R1 => write!(f, "SECP256R1"), ++ Self::Secp384R1 => write!(f, "SECP384R1"), ++ Self::Secp521R1 => write!(f, "SECP521R1"), ++ Self::Ed25519 => write!(f, "ED25519"), ++ Self::Ed448 => write!(f, "ED448"), ++ } ++ } ++} ++ ++/// Retrievable Secret types ++#[non_exhaustive] ++#[derive(PartialEq, Eq, Debug)] ++pub enum RetrievableSecret { ++ /// Plain-text secret ++ PlainText, ++ /// Protected AES key ++ Aes(AesSizes), ++ /// Protected AES-XTS key ++ AesXts(AesXtsSizes), ++ /// Protected HMAC-SHA key ++ HmacSha(HmacShaSizes), ++ /// Protected EC-private key ++ Ec(EcCurves), ++} ++ ++// The names have to stay constant, otherwise the PEM contains invalid/unknown types ++impl Display for RetrievableSecret { ++ fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { ++ // Alternate representation: Omit sizes/curves ++ if f.alternate() { ++ match self { ++ Self::PlainText => write!(f, "PLAINTEXT"), ++ Self::Aes(_) => write!(f, "AES-KEY"), ++ Self::AesXts(_) => write!(f, "AES-XTS-KEY"), ++ Self::HmacSha(_) => write!(f, "HMAC-SHA-KEY"), ++ Self::Ec(_) => write!(f, "EC-PRIVATE-KEY"), ++ } ++ } else { ++ match self { ++ Self::PlainText => write!(f, "PLAINTEXT"), ++ Self::Aes(s) => write!(f, "AES-{s}-KEY"), ++ Self::AesXts(s) => write!(f, "AES-XTS-{s}-KEY"), ++ Self::HmacSha(s) => write!(f, "HMAC-SHA-{s}-KEY"), ++ Self::Ec(c) => write!(f, "EC-{c}-PRIVATE-KEY"), ++ } ++ } ++ } ++} ++ ++impl RetrievableSecret { ++ /// Report expected input types ++ pub fn expected(&self) -> String { ++ match self { ++ Self::PlainText => format!("less than {}", RetrieveCmd::MAX_SIZE), ++ Self::Aes(_) => "128, 192, or 256".to_string(), ++ Self::AesXts(_) => "128 or 256".to_string(), ++ Self::HmacSha(_) => "256 or 512".to_string(), ++ Self::Ec(_) => "secp256r1, secp384r1, secp521r1, ed25519, or ed448".to_string(), ++ } ++ } ++} ++ ++impl From<&RetrievableSecret> for u16 { ++ fn from(value: &RetrievableSecret) -> Self { ++ match value { ++ RetrievableSecret::PlainText => ListableSecretType::PLAINTEXT, ++ RetrievableSecret::Aes(AesSizes::Bits128) => ListableSecretType::AES_128_KEY, ++ RetrievableSecret::Aes(AesSizes::Bits192) => ListableSecretType::AES_192_KEY, ++ RetrievableSecret::Aes(AesSizes::Bits256) => ListableSecretType::AES_256_KEY, ++ RetrievableSecret::AesXts(AesXtsSizes::Bits128) => ListableSecretType::AES_128_XTS_KEY, ++ RetrievableSecret::AesXts(AesXtsSizes::Bits256) => ListableSecretType::AES_256_XTS_KEY, ++ RetrievableSecret::HmacSha(HmacShaSizes::Sha256) => { ++ ListableSecretType::HMAC_SHA_256_KEY ++ } ++ RetrievableSecret::HmacSha(HmacShaSizes::Sha512) => { ++ ListableSecretType::HMAC_SHA_512_KEY ++ } ++ RetrievableSecret::Ec(EcCurves::Secp256R1) => ListableSecretType::ECDSA_P256_KEY, ++ RetrievableSecret::Ec(EcCurves::Secp384R1) => ListableSecretType::ECDSA_P384_KEY, ++ RetrievableSecret::Ec(EcCurves::Secp521R1) => ListableSecretType::ECDSA_P521_KEY, ++ RetrievableSecret::Ec(EcCurves::Ed25519) => ListableSecretType::ECDSA_ED25519_KEY, ++ RetrievableSecret::Ec(EcCurves::Ed448) => ListableSecretType::ECDSA_ED448_KEY, ++ } ++ } ++} ++ ++// serializes to: (String name) ++impl Serialize for RetrievableSecret { ++ fn serialize(&self, serializer: S) -> Result ++ where ++ S: Serializer, ++ { ++ let id: u16 = self.into(); ++ serializer.serialize_str(&format!("{id} ({self})")) ++ } ++} ++ ++/// deserializes from the secret type nb only ++impl<'de> Deserialize<'de> for RetrievableSecret { ++ fn deserialize(de: D) -> Result ++ where ++ D: serde::Deserializer<'de>, ++ { ++ struct RetrSecretVisitor; ++ impl<'de> serde::de::Visitor<'de> for RetrSecretVisitor { ++ type Value = RetrievableSecret; ++ ++ fn expecting(&self, fmt: &mut std::fmt::Formatter) -> std::fmt::Result { ++ fmt.write_str( ++ "a retrievable secret type: ` (String name)` number in [3,10]|[17,21]", ++ ) ++ } ++ fn visit_str(self, s: &str) -> Result ++ where ++ E: serde::de::Error, ++ { ++ let (n, _) = s.split_once(' ').ok_or(serde::de::Error::invalid_value( ++ serde::de::Unexpected::Str(s), ++ &self, ++ ))?; ++ let id: u16 = n.parse().map_err(|_| { ++ serde::de::Error::invalid_value(serde::de::Unexpected::Str(n), &self) ++ })?; ++ let listable: ListableSecretType = id.into(); ++ match listable { ++ ListableSecretType::Retrievable(r) => Ok(r), ++ _ => Err(serde::de::Error::invalid_value( ++ serde::de::Unexpected::Unsigned(id.into()), ++ &self, ++ )), ++ } ++ } ++ } ++ de.deserialize_str(RetrSecretVisitor) ++ } ++} ++ ++#[cfg(test)] ++mod test { ++ use serde_test::{assert_tokens, Token}; ++ ++ use super::*; ++ ++ #[test] ++ fn retr_serde_plain() { ++ let retr = RetrievableSecret::PlainText; ++ assert_tokens(&retr, &[Token::Str("3 (PLAINTEXT)")]); ++ } ++ ++ #[test] ++ fn retr_serde_aes() { ++ let retr = RetrievableSecret::Aes(AesSizes::Bits192); ++ assert_tokens(&retr, &[Token::Str("5 (AES-192-KEY)")]); ++ } ++ ++ #[test] ++ fn retr_serde_aes_xts() { ++ let retr = RetrievableSecret::AesXts(AesXtsSizes::Bits128); ++ assert_tokens(&retr, &[Token::Str("7 (AES-XTS-128-KEY)")]); ++ } ++ ++ #[test] ++ fn retr_serde_hmac() { ++ let retr = RetrievableSecret::HmacSha(HmacShaSizes::Sha256); ++ assert_tokens(&retr, &[Token::Str("9 (HMAC-SHA-256-KEY)")]); ++ } ++ ++ #[test] ++ fn retr_serde_es() { ++ let retr = RetrievableSecret::Ec(EcCurves::Secp521R1); ++ assert_tokens(&retr, &[Token::Str("19 (EC-SECP521R1-PRIVATE-KEY)")]); ++ } ++ ++ // Ensure that the string representation of the retrievable types stay constant, or PEM will have ++ // different, incompatible types ++ #[test] ++ fn stable_type_names() { ++ assert_eq!("PLAINTEXT", RetrievableSecret::PlainText.to_string()); ++ assert_eq!( ++ "AES-128-KEY", ++ RetrievableSecret::Aes(AesSizes::Bits128).to_string() ++ ); ++ assert_eq!( ++ "AES-192-KEY", ++ RetrievableSecret::Aes(AesSizes::Bits192).to_string() ++ ); ++ assert_eq!( ++ "AES-256-KEY", ++ RetrievableSecret::Aes(AesSizes::Bits256).to_string() ++ ); ++ assert_eq!( ++ "AES-XTS-128-KEY", ++ RetrievableSecret::AesXts(AesXtsSizes::Bits128).to_string() ++ ); ++ assert_eq!( ++ "AES-XTS-256-KEY", ++ RetrievableSecret::AesXts(AesXtsSizes::Bits256).to_string() ++ ); ++ assert_eq!( ++ "HMAC-SHA-256-KEY", ++ RetrievableSecret::HmacSha(HmacShaSizes::Sha256).to_string() ++ ); ++ assert_eq!( ++ "HMAC-SHA-512-KEY", ++ RetrievableSecret::HmacSha(HmacShaSizes::Sha512).to_string() ++ ); ++ assert_eq!( ++ "EC-SECP256R1-PRIVATE-KEY", ++ RetrievableSecret::Ec(EcCurves::Secp256R1).to_string() ++ ); ++ assert_eq!( ++ "EC-SECP384R1-PRIVATE-KEY", ++ RetrievableSecret::Ec(EcCurves::Secp384R1).to_string() ++ ); ++ assert_eq!( ++ "EC-SECP521R1-PRIVATE-KEY", ++ RetrievableSecret::Ec(EcCurves::Secp521R1).to_string() ++ ); ++ assert_eq!( ++ "EC-ED25519-PRIVATE-KEY", ++ RetrievableSecret::Ec(EcCurves::Ed25519).to_string() ++ ); ++ assert_eq!( ++ "EC-ED448-PRIVATE-KEY", ++ RetrievableSecret::Ec(EcCurves::Ed448).to_string() ++ ); ++ } ++} +diff --git a/rust/pv_core/src/uvdevice/secret_list.rs b/rust/pv_core/src/uvdevice/secret_list.rs +index 0a8af504..4e955010 100644 +--- a/rust/pv_core/src/uvdevice/secret_list.rs ++++ b/rust/pv_core/src/uvdevice/secret_list.rs +@@ -2,9 +2,14 @@ + // + // Copyright IBM Corp. 2024 + +-use crate::assert_size; +-use crate::{misc::to_u16, uv::ListCmd, uvdevice::UvCmd, Error, Result}; +-use byteorder::{BigEndian, ReadBytesExt, WriteBytesExt}; ++use crate::{ ++ assert_size, ++ misc::to_u16, ++ uv::{AesSizes, AesXtsSizes, EcCurves, HmacShaSizes, ListCmd, RetrievableSecret}, ++ uvdevice::UvCmd, ++ Error, Result, ++}; ++use byteorder::{BigEndian, ByteOrder, ReadBytesExt, WriteBytesExt}; + use serde::{Deserialize, Serialize, Serializer}; + use std::{ + fmt::Display, +@@ -18,7 +23,7 @@ use zerocopy::{AsBytes, FromBytes, FromZeroes, U16, U32}; + /// + /// (de)serializes itself in/from a hex-string + #[repr(C)] +-#[derive(PartialEq, Eq, AsBytes, FromZeroes, FromBytes, Debug, Clone)] ++#[derive(PartialEq, Eq, AsBytes, FromZeroes, FromBytes, Debug, Clone, Default)] + pub struct SecretId([u8; Self::ID_SIZE]); + assert_size!(SecretId, SecretId::ID_SIZE); + +@@ -94,11 +99,11 @@ impl SecretEntry { + /// Create a new entry for a [`SecretList`]. + /// + /// The content of this entry will very likely not represent the status of the guest in the +- /// Ultravisor. Use of [`SecretList::decode`] in any non-test environments is encuraged. ++ /// Ultravisor. Use of [`SecretList::decode`] in any non-test environments is encouraged. + pub fn new(index: u16, stype: ListableSecretType, id: SecretId, secret_len: u32) -> Self { + Self { + index: index.into(), +- stype: stype.into(), ++ stype: U16::new(stype.into()), + len: secret_len.into(), + res_8: 0, + id, +@@ -117,7 +122,7 @@ impl SecretEntry { + + /// Returns the secret type of this [`SecretEntry`]. + pub fn stype(&self) -> ListableSecretType { +- self.stype.into() ++ self.stype.get().into() + } + + /// Returns a reference to the id of this [`SecretEntry`]. +@@ -146,7 +151,7 @@ impl SecretEntry { + + impl Display for SecretEntry { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { +- let stype: ListableSecretType = self.stype.into(); ++ let stype: ListableSecretType = self.stype.get().into(); + writeln!(f, "{} {}:", self.index, stype)?; + write!(f, " ")?; + for b in self.id.as_ref() { +@@ -298,51 +303,115 @@ fn ser_u16(v: &U16, ser: S) -> Result + pub enum ListableSecretType { + /// Association Secret + Association, ++ /// Retrievable key ++ Retrievable(RetrievableSecret), ++ + /// Invalid secret type, that should never appear in a list + /// + /// 0 is reserved +- /// 1 is Null secret, with no id and not listable ++ /// 1 is Null secret, with no id and not list-able + Invalid(u16), + /// Unknown secret type + Unknown(u16), + } + + impl ListableSecretType { +- /// UV type id for an association secret +- pub const ASSOCIATION: u16 = 0x0002; +- /// UV type id for a null secret +- pub const NULL: u16 = 0x0001; + const RESERVED_0: u16 = 0x0000; ++ /// UV secret-type id for a null secret ++ pub const NULL: u16 = 0x0001; ++ /// UV secret-type id for an association secret ++ pub const ASSOCIATION: u16 = 0x0002; ++ /// UV secret-type id for a plain text secret ++ pub const PLAINTEXT: u16 = 0x0003; ++ /// UV secret-type id for an aes-128-key secret ++ pub const AES_128_KEY: u16 = 0x0004; ++ /// UV secret-type id for an aes-192-key secret ++ pub const AES_192_KEY: u16 = 0x0005; ++ /// UV secret-type id for an aes-256-key secret ++ pub const AES_256_KEY: u16 = 0x0006; ++ /// UV secret-type id for an aes-xts-128-key secret ++ pub const AES_128_XTS_KEY: u16 = 0x0007; ++ /// UV secret-type id for an aes-xts-256-key secret ++ pub const AES_256_XTS_KEY: u16 = 0x0008; ++ /// UV secret-type id for an hmac-sha-256-key secret ++ pub const HMAC_SHA_256_KEY: u16 = 0x0009; ++ /// UV secret-type id for an hmac-sha-512-key secret ++ pub const HMAC_SHA_512_KEY: u16 = 0x000a; ++ // 0x000b - 0x0010 reserved ++ /// UV secret-type id for an ecdsa-p256-private-key secret ++ pub const ECDSA_P256_KEY: u16 = 0x0011; ++ /// UV secret-type id for an ecdsa-p384-private-key secret ++ pub const ECDSA_P384_KEY: u16 = 0x0012; ++ /// UV secret-type id for an ecdsa-p521-private-key secret ++ pub const ECDSA_P521_KEY: u16 = 0x0013; ++ /// UV secret-type id for an ed25519-private-key secret ++ pub const ECDSA_ED25519_KEY: u16 = 0x0014; ++ /// UV secret-type id for an ed448-private-key secret ++ pub const ECDSA_ED448_KEY: u16 = 0x0015; + } + + impl Display for ListableSecretType { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + match self { + Self::Association => write!(f, "Association"), +- Self::Invalid(n) => write!(f, "Invalid({n})"), +- Self::Unknown(n) => write!(f, "Unknown({n})"), ++ Self::Invalid(n) => write!(f, "Invalid(0x{n:04x})"), ++ Self::Unknown(n) => write!(f, "Unknown(0x{n:04x})"), ++ Self::Retrievable(r) => write!(f, "{r}"), + } + } + } + +-impl From> for ListableSecretType { +- fn from(value: U16) -> Self { +- match value.get() { ++impl From> for ListableSecretType { ++ fn from(value: U16) -> Self { ++ value.get().into() ++ } ++} ++ ++impl From for ListableSecretType { ++ fn from(value: u16) -> Self { ++ match value { + Self::RESERVED_0 => Self::Invalid(Self::RESERVED_0), + Self::NULL => Self::Invalid(Self::NULL), + Self::ASSOCIATION => Self::Association, ++ Self::PLAINTEXT => Self::Retrievable(RetrievableSecret::PlainText), ++ Self::AES_128_KEY => Self::Retrievable(RetrievableSecret::Aes(AesSizes::Bits128)), ++ Self::AES_192_KEY => Self::Retrievable(RetrievableSecret::Aes(AesSizes::Bits192)), ++ Self::AES_256_KEY => Self::Retrievable(RetrievableSecret::Aes(AesSizes::Bits256)), ++ Self::AES_128_XTS_KEY => { ++ Self::Retrievable(RetrievableSecret::AesXts(AesXtsSizes::Bits128)) ++ } ++ Self::AES_256_XTS_KEY => { ++ Self::Retrievable(RetrievableSecret::AesXts(AesXtsSizes::Bits256)) ++ } ++ Self::HMAC_SHA_256_KEY => { ++ Self::Retrievable(RetrievableSecret::HmacSha(HmacShaSizes::Sha256)) ++ } ++ Self::HMAC_SHA_512_KEY => { ++ Self::Retrievable(RetrievableSecret::HmacSha(HmacShaSizes::Sha512)) ++ } ++ Self::ECDSA_P256_KEY => Self::Retrievable(RetrievableSecret::Ec(EcCurves::Secp256R1)), ++ Self::ECDSA_P384_KEY => Self::Retrievable(RetrievableSecret::Ec(EcCurves::Secp384R1)), ++ Self::ECDSA_P521_KEY => Self::Retrievable(RetrievableSecret::Ec(EcCurves::Secp521R1)), ++ Self::ECDSA_ED25519_KEY => Self::Retrievable(RetrievableSecret::Ec(EcCurves::Ed25519)), ++ Self::ECDSA_ED448_KEY => Self::Retrievable(RetrievableSecret::Ec(EcCurves::Ed448)), + n => Self::Unknown(n), + } + } + } + +-impl From for U16 { ++impl From for U16 { ++ fn from(value: ListableSecretType) -> Self { ++ Self::new(value.into()) ++ } ++} ++ ++impl From for u16 { + fn from(value: ListableSecretType) -> Self { + match value { + ListableSecretType::Association => ListableSecretType::ASSOCIATION, + ListableSecretType::Invalid(n) | ListableSecretType::Unknown(n) => n, ++ ListableSecretType::Retrievable(r) => (&r).into(), + } +- .into() + } + } + +@@ -363,8 +432,8 @@ where + where + E: serde::de::Error, + { +- if s.len() != SecretId::ID_SIZE * 2 + 2 { +- return Err(serde::de::Error::invalid_length(s.len(), &self)); ++ if s.len() != SecretId::ID_SIZE * 2 + "0x".len() { ++ return Err(serde::de::Error::invalid_length(s.len() - 2, &self)); + } + let nb = s.strip_prefix("0x").ok_or_else(|| { + serde::de::Error::invalid_value(serde::de::Unexpected::Str(s), &self) +@@ -385,7 +454,6 @@ mod test { + + use super::*; + use std::io::{BufReader, BufWriter, Cursor}; +- + #[test] + fn dump_secret_entry() { + const EXP: &[u8] = &[ +@@ -516,4 +584,47 @@ mod test { + )], + ) + } ++ ++ #[test] ++ fn secret_list_ser() { ++ let list = SecretList { ++ total_num_secrets: 0x112, ++ secrets: vec![SecretEntry { ++ index: 1.into(), ++ stype: 2.into(), ++ len: 32.into(), ++ res_8: 0, ++ id: SecretId::from([0; 32]), ++ }], ++ }; ++ ++ assert_ser_tokens( ++ &list, ++ &[ ++ Token::Struct { ++ name: "SecretList", ++ len: 2, ++ }, ++ Token::String("total_num_secrets"), ++ Token::U64(0x112), ++ Token::String("secrets"), ++ Token::Seq { len: Some(1) }, ++ Token::Struct { ++ name: "SecretEntry", ++ len: (4), ++ }, ++ Token::String("index"), ++ Token::U16(1), ++ Token::String("stype"), ++ Token::U16(2), ++ Token::String("len"), ++ Token::U32(32), ++ Token::String("id"), ++ Token::String("0x0000000000000000000000000000000000000000000000000000000000000000"), ++ Token::StructEnd, ++ Token::SeqEnd, ++ Token::StructEnd, ++ ], ++ ) ++ } + } diff --git a/s390-tools-General-update-06.patch b/s390-tools-General-update-06.patch new file mode 100644 index 0000000..a6a9708 --- /dev/null +++ b/s390-tools-General-update-06.patch @@ -0,0 +1,877 @@ +From fd024387d710887bd2016658c44d4762a08c791c Mon Sep 17 00:00:00 2001 +From: Steffen Eiden +Date: Tue, 5 Mar 2024 12:19:22 +0100 +Subject: [PATCH] rust/pv: Retrievable secrets support +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Support retrievable secret for Add-Secret requests. + +Acked-by: Marc Hartmayer +Reviewed-by: Christoph Schlameuss +Signed-off-by: Steffen Eiden +Signed-off-by: Jan Höppner +--- + rust/pv/src/crypto.rs | 3 +- + rust/pv/src/error.rs | 8 + + rust/pv/src/lib.rs | 8 +- + rust/pv/src/uvsecret.rs | 1 + + rust/pv/src/uvsecret/guest_secret.rs | 399 +++++++++++++++++++++++++-- + rust/pv/src/uvsecret/retr_secret.rs | 234 ++++++++++++++++ + 6 files changed, 631 insertions(+), 22 deletions(-) + create mode 100644 rust/pv/src/uvsecret/retr_secret.rs + +diff --git a/rust/pv/src/crypto.rs b/rust/pv/src/crypto.rs +index 8f11d2b4..ebc85f72 100644 +--- a/rust/pv/src/crypto.rs ++++ b/rust/pv/src/crypto.rs +@@ -29,7 +29,6 @@ pub type Aes256XtsKey = Confidential<[u8; SymKeyType::AES_256_XTS_KEY_LEN]>; + + /// SHA-512 digest length (in bytes) + pub const SHA_512_HASH_LEN: usize = 64; +- + #[allow(dead_code)] + pub(crate) const SHA_256_HASH_LEN: u32 = 32; + #[allow(dead_code)] +@@ -60,6 +59,8 @@ impl SymKeyType { + pub const AES_256_XTS_KEY_LEN: usize = 64; + /// AES256-XTS tweak length (in bytes) + pub const AES_256_XTS_TWEAK_LEN: usize = 16; ++ /// AES256 GCM Block length ++ pub const AES_256_GCM_BLOCK_LEN: usize = 16; + + /// Returns the tag length of the [`SymKeyType`] if it is an AEAD key + pub const fn tag_len(&self) -> Option { +diff --git a/rust/pv/src/error.rs b/rust/pv/src/error.rs +index 3ba808f2..601b40f0 100644 +--- a/rust/pv/src/error.rs ++++ b/rust/pv/src/error.rs +@@ -109,6 +109,14 @@ pub enum Error { + #[error("An ASCII string was expected, but non-ASCII characters were received.")] + NonAscii, + ++ #[error("Incorrect {what} for a {kind}. Is: {value}; expected: {exp}")] ++ RetrInvKey { ++ what: &'static str, ++ kind: String, ++ value: String, ++ exp: String, ++ }, ++ + // errors from other crates + #[error(transparent)] + PvCore(#[from] pv_core::Error), +diff --git a/rust/pv/src/lib.rs b/rust/pv/src/lib.rs +index ec31b9a4..43375669 100644 +--- a/rust/pv/src/lib.rs ++++ b/rust/pv/src/lib.rs +@@ -104,7 +104,12 @@ pub mod request { + + /// Reexports some useful OpenSSL symbols + pub mod openssl { +- pub use openssl::{error::ErrorStack, hash::DigestBytes, pkey, x509}; ++ pub use openssl::{error::ErrorStack, hash::DigestBytes, nid::Nid, pkey, x509}; ++ // rust-OpenSSL does not define these NIDs ++ #[allow(missing_docs)] ++ pub const NID_ED25519: Nid = Nid::from_raw(openssl_sys::NID_ED25519); ++ #[allow(missing_docs)] ++ pub const NID_ED448: Nid = Nid::from_raw(openssl_sys::NID_ED448); + } + + pub use pv_core::request::*; +@@ -118,6 +123,7 @@ pub mod secret { + asrcb::{AddSecretFlags, AddSecretRequest, AddSecretVersion}, + ext_secret::ExtSecret, + guest_secret::GuestSecret, ++ retr_secret::{IbmProtectedKey, RetrievedSecret}, + user_data::verify_asrcb_and_get_user_data, + }; + } +diff --git a/rust/pv/src/uvsecret.rs b/rust/pv/src/uvsecret.rs +index 343e4b05..c3b43bba 100644 +--- a/rust/pv/src/uvsecret.rs ++++ b/rust/pv/src/uvsecret.rs +@@ -10,4 +10,5 @@ + pub mod asrcb; + pub mod ext_secret; + pub mod guest_secret; ++pub mod retr_secret; + pub mod user_data; +diff --git a/rust/pv/src/uvsecret/guest_secret.rs b/rust/pv/src/uvsecret/guest_secret.rs +index 4f1db31c..3bad6d3c 100644 +--- a/rust/pv/src/uvsecret/guest_secret.rs ++++ b/rust/pv/src/uvsecret/guest_secret.rs +@@ -4,20 +4,34 @@ + + #[allow(unused_imports)] // used for more convenient docstring + use super::asrcb::AddSecretRequest; +-use crate::assert_size; + use crate::{ +- crypto::{hash, random_array}, +- request::Confidential, +- Result, ++ assert_size, ++ crypto::{hash, random_array, SymKeyType}, ++ request::{ ++ openssl::{NID_ED25519, NID_ED448}, ++ Confidential, ++ }, ++ uv::{ ++ AesSizes, AesXtsSizes, EcCurves, HmacShaSizes, ListableSecretType, RetrievableSecret, ++ RetrieveCmd, SecretId, ++ }, ++ Error, Result, + }; + use byteorder::BigEndian; +-use openssl::hash::MessageDigest; +-use pv_core::uv::{ListableSecretType, SecretId}; ++use openssl::{ ++ hash::MessageDigest, ++ nid::Nid, ++ pkey::{Id, PKey, Private}, ++}; ++use pv_core::static_assert; + use serde::{Deserialize, Serialize}; +-use std::{convert::TryInto, fmt::Display}; ++use std::fmt::Display; + use zerocopy::{AsBytes, U16, U32}; + + const ASSOC_SECRET_SIZE: usize = 32; ++/// Maximum size of a plain-text secret payload (8190) ++pub(crate) const MAX_SIZE_PLAIN_PAYLOAD: usize = RetrieveCmd::MAX_SIZE - 2; ++static_assert!(MAX_SIZE_PLAIN_PAYLOAD == 8190); + + /// A Secret to be added in [`AddSecretRequest`] + #[derive(Debug, Serialize, Deserialize, PartialEq, Eq)] +@@ -36,13 +50,60 @@ pub enum GuestSecret { + #[serde(skip)] + secret: Confidential<[u8; ASSOC_SECRET_SIZE]>, + }, ++ /// Retrievable key ++ /// ++ /// Create Retrievables using [`GuestSecret::retrievable`] ++ /// Secret size is always valid for the type/kind ++ Retrievable { ++ /// Retrievable secret type ++ kind: RetrievableSecret, ++ /// Name of the secret ++ name: String, ++ /// SHA256 hash of [`GuestSecret::RetrievableKey::name`] ++ id: SecretId, ++ /// Confidential actual retrievable secret (32 bytes) ++ #[serde(skip)] ++ secret: Confidential>, ++ }, ++} ++ ++macro_rules! retr_constructor { ++ ($(#[$err:meta])* | $(#[$kind:meta])* => $type: ty, $func: ident) => { ++ /// Create a new ++ $(#[$kind])* ++ /// [`GuestSecret::Retrievable`] secret. ++ /// ++ /// * `name` - Name of the secret. Will be hashed into a 32 byte id ++ /// * `secret` - the secret value ++ /// ++ /// # Errors ++ /// ++ $(#[$err])* ++ pub fn $func(name: &str, secret: $type) -> Result { ++ let (kind, secret) = $func(secret)?; ++ Ok(Self::Retrievable { ++ kind, ++ name: name.to_string(), ++ id: Self::name_to_id(name)?, ++ secret, ++ }) ++ } ++ }; + } + + impl GuestSecret { ++ fn name_to_id(name: &str) -> Result { ++ let id: [u8; SecretId::ID_SIZE] = hash(MessageDigest::sha256(), name.as_bytes())? ++ .to_vec() ++ .try_into() ++ .unwrap(); ++ Ok(id.into()) ++ } ++ + /// Create a new [`GuestSecret::Association`]. + /// + /// * `name` - Name of the secret. Will be hashed into a 32 byte id +- /// * `secret` - Value of the secret. Ranom if [`Option::None`] ++ /// * `secret` - Value of the secret. Random if [`Option::None`] + /// + /// # Errors + /// +@@ -51,10 +112,6 @@ impl GuestSecret { + where + O: Into>, + { +- let id: [u8; SecretId::ID_SIZE] = hash(MessageDigest::sha256(), name.as_bytes())? +- .to_vec() +- .try_into() +- .unwrap(); + let secret = match secret.into() { + Some(s) => s, + None => random_array()?, +@@ -62,16 +119,28 @@ impl GuestSecret { + + Ok(Self::Association { + name: name.to_string(), +- id: id.into(), ++ id: Self::name_to_id(name)?, + secret: secret.into(), + }) + } + ++ retr_constructor!(#[doc = r"This function will return an error if the secret is larger than 8 pages"] ++ | #[doc = r"plaintext"] => Confidential>, plaintext); ++ retr_constructor!(#[doc = r"This function will return an error if OpenSSL cannot create a hash or the secret size is invalid"] ++ | #[doc = r"AES Key"] => Confidential>, aes); ++ retr_constructor!(#[doc = r"This function will return an error if OpenSSL cannot create a hash or the secret size is invalid"] ++ | #[doc = r"AES-XTS Key"] => Confidential>, aes_xts); ++ retr_constructor!(#[doc = r"This function will return an error if OpenSSL cannot create a hash or the secret size is invalid"] ++ | #[doc = r"HMAC-SHA Key"] => Confidential>, hmac_sha); ++ retr_constructor!(#[doc = r"This function will return an error if OpenSSL cannot create a hash or the curve is invalid"] ++ | #[doc = r"EC PRIVATE Key"] => PKey, ec); ++ + /// Reference to the confidential data + pub fn confidential(&self) -> &[u8] { + match &self { + Self::Null => &[], + Self::Association { secret, .. } => secret.value().as_slice(), ++ Self::Retrievable { secret, .. } => secret.value(), + } + } + +@@ -79,7 +148,7 @@ impl GuestSecret { + pub(crate) fn auth(&self) -> SecretAuth { + match &self { + Self::Null => SecretAuth::Null, +- // Panic: every non null secret type is listable -> no panic ++ // Panic: every non null secret type is list-able -> no panic + listable => { + SecretAuth::Listable(ListableSecretHdr::from_guest_secret(listable).unwrap()) + } +@@ -92,6 +161,7 @@ impl GuestSecret { + // Null is not listable, but the ListableSecretType provides the type constant (1) + Self::Null => ListableSecretType::NULL, + Self::Association { .. } => ListableSecretType::ASSOCIATION, ++ Self::Retrievable { kind, .. } => kind.into(), + } + } + +@@ -100,6 +170,7 @@ impl GuestSecret { + match self { + Self::Null => 0, + Self::Association { secret, .. } => secret.value().len() as u32, ++ Self::Retrievable { secret, .. } => secret.value().len() as u32, + } + } + +@@ -107,18 +178,157 @@ impl GuestSecret { + fn id(&self) -> Option { + match self { + Self::Null => None, +- Self::Association { id, .. } => Some(id.to_owned()), ++ Self::Association { id, .. } | Self::Retrievable { id, .. } => Some(id.to_owned()), + } + } + } + ++type RetrKeyInfo = (RetrievableSecret, Confidential>); ++ ++fn extend_to_multiple(mut key: Vec, multiple: usize) -> Confidential> { ++ match key.len().checked_rem(multiple) { ++ Some(0) | None => key, ++ Some(m) => { ++ key.resize(key.len() + multiple - m, 0); ++ key ++ } ++ } ++ .into() ++} ++ ++/// Get a plain-text key ++/// ++/// ```none ++/// size U16 | payload (0-8190) bytes ++/// ``` ++fn plaintext(inp: Confidential>) -> Result { ++ let key_len = inp.value().len(); ++ if key_len > RetrieveCmd::MAX_SIZE { ++ return Err(Error::RetrInvKey { ++ what: "key size", ++ value: key_len.to_string(), ++ kind: RetrievableSecret::PlainText.to_string(), ++ exp: RetrievableSecret::PlainText.expected(), ++ }); ++ } ++ let mut key = Vec::with_capacity(2 + inp.value().len()); ++ let key_len: U16 = (key_len as u16).into(); ++ key.extend_from_slice(key_len.as_bytes()); ++ key.extend_from_slice(inp.value()); ++ let key = extend_to_multiple(key, SymKeyType::AES_256_GCM_BLOCK_LEN); ++ ++ Ok((RetrievableSecret::PlainText, key)) ++} ++ ++/// Get an AES-key ++fn aes(key: Confidential>) -> Result { ++ let key_len = key.value().len() as u32; ++ let bit_size = bitsize(key_len); ++ match AesSizes::from_bits(bit_size) { ++ Some(size) => Ok((RetrievableSecret::Aes(size), key)), ++ None => { ++ // Use some AES type to get exp sizes and name ++ let kind = RetrievableSecret::Aes(AesSizes::Bits128); ++ Err(Error::RetrInvKey { ++ what: "key size", ++ value: bit_size.to_string(), ++ kind: format!("{kind:#}"), ++ exp: kind.expected(), ++ }) ++ } ++ } ++} ++ ++/// Get an AES-XTS-key ++fn aes_xts(key: Confidential>) -> Result { ++ let key_len = key.value().len() as u32; ++ let bit_size = bitsize(key_len / 2); ++ match AesXtsSizes::from_bits(bit_size) { ++ Some(size) => Ok((RetrievableSecret::AesXts(size), key)), ++ None => { ++ // Use some AES-XTS type to get exp sizes and name ++ let kind = RetrievableSecret::AesXts(AesXtsSizes::Bits128); ++ Err(Error::RetrInvKey { ++ what: "key size", ++ value: bit_size.to_string(), ++ kind: format!("{kind:#}"), ++ exp: kind.expected(), ++ }) ++ } ++ } ++} ++ ++/// Get an HMAC-SHA-key ++fn hmac_sha(key: Confidential>) -> Result { ++ let key_len = key.value().len() as u32; ++ let size = bitsize(key_len / 2); ++ match HmacShaSizes::from_sha_size(size) { ++ Some(size) => Ok((RetrievableSecret::HmacSha(size), key)), ++ None => { ++ // Use some HMAC type to get exp sizes and name ++ let kind = RetrievableSecret::HmacSha(HmacShaSizes::Sha256); ++ Err(Error::RetrInvKey { ++ what: "key size", ++ value: size.to_string(), ++ kind: format!("{kind:#}"), ++ exp: kind.expected(), ++ }) ++ } ++ } ++} ++ ++/// Get an EC-private-key ++fn ec(key: PKey) -> Result { ++ let (key, nid) = match key.id() { ++ Id::EC => { ++ let ec_key = key.ec_key()?; ++ let key = ec_key.private_key().to_vec(); ++ let nid = ec_key.group().curve_name().unwrap_or(Nid::UNDEF); ++ (key, nid) ++ } ++ // ED keys are not handled via the EC struct in OpenSSL. ++ id @ (Id::ED25519 | Id::ED448) => { ++ let key = key.raw_private_key()?; ++ let nid = Nid::from_raw(id.as_raw()); ++ (key, nid) ++ } ++ _ => (vec![], Nid::UNDEF), ++ }; ++ ++ let kind = match nid { ++ Nid::X9_62_PRIME256V1 => EcCurves::Secp256R1, ++ Nid::SECP384R1 => EcCurves::Secp384R1, ++ Nid::SECP521R1 => EcCurves::Secp521R1, ++ NID_ED25519 => EcCurves::Ed25519, ++ NID_ED448 => EcCurves::Ed448, ++ nid => { ++ // Use some EC type to get exp sizes and name ++ let ec = RetrievableSecret::Ec(EcCurves::Secp521R1); ++ return Err(Error::RetrInvKey { ++ what: "curve or format", ++ kind: format!("{ec:#}"), ++ value: nid.long_name()?.to_string(), ++ exp: ec.expected(), ++ }); ++ } ++ }; ++ ++ let key = kind.resize_raw_key(key); ++ Ok((RetrievableSecret::Ec(kind), key.into())) ++} ++ ++#[inline(always)] ++const fn bitsize(bytesize: u32) -> u32 { ++ bytesize * 8 ++} ++ + impl Display for GuestSecret { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + match self { + Self::Null => write!(f, "Meta"), + gs => { + let kind: U16 = gs.kind().into(); +- let st: ListableSecretType = kind.into(); ++ let st: ListableSecretType = kind.get().into(); + write!(f, "{st}") + } + } +@@ -153,20 +363,24 @@ assert_size!(ListableSecretHdr, 0x30); + + impl ListableSecretHdr { + fn from_guest_secret(gs: &GuestSecret) -> Option { +- let id = gs.id()?; + Some(Self { + res0: 0, + kind: gs.kind().into(), + secret_len: gs.secret_len().into(), + res8: 0, +- id, ++ id: gs.id()?, + }) + } + } + + #[cfg(test)] + mod test { ++ ++ use super::HmacShaSizes as HmacSizes; ++ use super::RetrievableSecret::*; + use super::*; ++ use openssl::ec::{EcGroup, EcKey}; ++ use pv_core::uv::AesSizes; + use serde_test::{assert_tokens, Token}; + + #[test] +@@ -187,8 +401,103 @@ mod test { + assert_eq!(secret, exp); + } + ++ macro_rules! retr_test { ++ ($name: ident, $func: ident, $size: expr, $exp_kind: expr) => { ++ #[test] ++ fn $name() { ++ let secret_value = vec![0x11; $size]; ++ let name = "test retr secret".to_string(); ++ let secret = GuestSecret::$func(&name, secret_value.clone().into()).unwrap(); ++ let exp_id = [ ++ 0x61, 0x2c, 0xd6, 0x3e, 0xa8, 0xf2, 0xc1, 0x15, 0xc1, 0xe, 0x15, 0xb8, 0x8a, ++ 0x90, 0x16, 0xc1, 0x55, 0xef, 0x9c, 0x7c, 0x2c, 0x8e, 0x56, 0xd0, 0x78, 0x4c, ++ 0x8a, 0x1d, 0xc9, 0x3a, 0x80, 0xba, ++ ]; ++ let exp = GuestSecret::Retrievable { ++ kind: $exp_kind, ++ name, ++ id: exp_id.into(), ++ secret: secret_value.into(), ++ }; ++ assert_eq!(exp, secret); ++ } ++ }; ++ } ++ ++ retr_test!(retr_aes_128, aes, 16, Aes(AesSizes::Bits128)); ++ retr_test!(retr_aes_192, aes, 24, Aes(AesSizes::Bits192)); ++ retr_test!(retr_aes_256, aes, 32, Aes(AesSizes::Bits256)); ++ retr_test!(retr_aes_xts_128, aes_xts, 32, AesXts(AesXtsSizes::Bits128)); ++ retr_test!(retr_aes_xts_256, aes_xts, 64, AesXts(AesXtsSizes::Bits256)); ++ retr_test!(retr_aes_hmac_256, hmac_sha, 64, HmacSha(HmacSizes::Sha256)); ++ retr_test!(retr_aes_hmac_512, hmac_sha, 128, HmacSha(HmacSizes::Sha512)); ++ ++ #[test] ++ fn plaintext_no_pad() { ++ let key = vec![0, 14, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7]; ++ let name = "PLAINTEXT_PAD".to_string(); ++ let secret = GuestSecret::plaintext(&name, key[2..].to_vec().into()).unwrap(); ++ let exp_id = [ ++ 15, 123, 176, 210, 135, 231, 220, 232, 148, 93, 198, 195, 165, 212, 214, 129, 45, 1, ++ 94, 11, 167, 18, 151, 15, 120, 254, 13, 109, 173, 186, 37, 74, ++ ]; ++ let exp = GuestSecret::Retrievable { ++ kind: PlainText, ++ name, ++ id: exp_id.into(), ++ secret: key.into(), ++ }; ++ ++ assert_eq!(secret, exp); ++ } ++ + #[test] +- fn ap_asc_parse() { ++ fn plaintext_pad() { ++ let key = vec![0, 10, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 0, 0, 0, 0]; ++ let name = "PLAINTEXT_PAD".to_string(); ++ let secret = GuestSecret::plaintext(&name, key[2..12].to_vec().into()).unwrap(); ++ let exp_id = [ ++ 15, 123, 176, 210, 135, 231, 220, 232, 148, 93, 198, 195, 165, 212, 214, 129, 45, 1, ++ 94, 11, 167, 18, 151, 15, 120, 254, 13, 109, 173, 186, 37, 74, ++ ]; ++ let exp = GuestSecret::Retrievable { ++ kind: PlainText, ++ name, ++ id: exp_id.into(), ++ secret: key.into(), ++ }; ++ ++ assert_eq!(secret, exp); ++ } ++ ++ #[track_caller] ++ fn test_ec(grp: Nid, exp_kind: EcCurves, exp_len: usize) { ++ let key = match grp { ++ NID_ED25519 => PKey::generate_ed25519().unwrap(), ++ NID_ED448 => PKey::generate_ed448().unwrap(), ++ nid => { ++ let group = EcGroup::from_curve_name(nid).unwrap(); ++ let key = EcKey::generate(&group).unwrap(); ++ PKey::from_ec_key(key).unwrap() ++ } ++ }; ++ let (kind, key) = ec(key).unwrap(); ++ ++ assert_eq!(kind, Ec(exp_kind)); ++ assert_eq!(key.value().len(), exp_len); ++ } ++ ++ #[test] ++ fn retr_ec() { ++ test_ec(Nid::X9_62_PRIME256V1, EcCurves::Secp256R1, 32); ++ test_ec(Nid::SECP384R1, EcCurves::Secp384R1, 48); ++ test_ec(Nid::SECP521R1, EcCurves::Secp521R1, 80); ++ test_ec(NID_ED25519, EcCurves::Ed25519, 32); ++ test_ec(NID_ED448, EcCurves::Ed448, 64); ++ } ++ ++ #[test] ++ fn asc_parse() { + let id = [ + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, + 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, +@@ -217,6 +526,39 @@ mod test { + ); + } + ++ #[test] ++ fn retrievable_parse() { ++ let id = [ ++ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, ++ 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, ++ 0x89, 0xab, 0xcd, 0xef, ++ ]; ++ let asc = GuestSecret::Retrievable { ++ kind: PlainText, ++ name: "test123".to_string(), ++ id: id.into(), ++ secret: vec![].into(), ++ }; ++ ++ assert_tokens( ++ &asc, ++ &[ ++ Token::StructVariant { ++ name: "GuestSecret", ++ variant: "Retrievable", ++ len: 3, ++ }, ++ Token::String("kind"), ++ Token::String("3 (PLAINTEXT)"), ++ Token::String("name"), ++ Token::String("test123"), ++ Token::String("id"), ++ Token::String("0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"), ++ Token::StructVariantEnd, ++ ], ++ ); ++ } ++ + #[test] + fn guest_secret_bin_null() { + let gs = GuestSecret::Null; +@@ -228,7 +570,7 @@ mod test { + } + + #[test] +- fn guest_secret_bin_ap() { ++ fn guest_secret_bin_asoc() { + let gs = GuestSecret::Association { + name: "test".to_string(), + id: [1; 32].into(), +@@ -241,4 +583,21 @@ mod test { + assert_eq!(exp, gs_bytes_auth.get()); + assert_eq!(&[2; 32], gs.confidential()); + } ++ ++ #[test] ++ fn guest_secret_bin_retr() { ++ let gs = GuestSecret::Retrievable { ++ kind: PlainText, ++ name: "test".to_string(), ++ id: [1; 32].into(), ++ secret: vec![2; 32].into(), ++ }; ++ let auth = gs.auth(); ++ let gs_bytes_auth = auth.get(); ++ let mut exp = vec![0u8, 0, 0, 3, 0, 0, 0, 0x20, 0, 0, 0, 0, 0, 0, 0, 0]; ++ exp.extend([1; 32]); ++ ++ assert_eq!(exp, gs_bytes_auth); ++ assert_eq!(&[2; 32], gs.confidential()); ++ } + } +diff --git a/rust/pv/src/uvsecret/retr_secret.rs b/rust/pv/src/uvsecret/retr_secret.rs +new file mode 100644 +index 00000000..5fad016f +--- /dev/null ++++ b/rust/pv/src/uvsecret/retr_secret.rs +@@ -0,0 +1,234 @@ ++// SPDX-License-Identifier: MIT ++// ++// Copyright IBM Corp. 2024 ++ ++use crate::{pem::Pem, uvsecret::guest_secret::MAX_SIZE_PLAIN_PAYLOAD, Result}; ++ ++use byteorder::BigEndian; ++use log::warn; ++use pv_core::{ ++ request::Confidential, ++ uv::{ListableSecretType, RetrievableSecret, RetrieveCmd}, ++}; ++use zerocopy::{FromBytes, U16}; ++ ++/// An IBM Protected Key ++/// ++/// A protected key, writeable as pem. ++/// ++/// Will convert into PEM as: ++/// ```PEM ++///-----BEGIN IBM PROTECTED KEY----- ++///kind: ++/// ++/// ++///-----END IBM PROTECTED KEY----- ++/// ``` ++#[derive(Debug, PartialEq, Eq)] ++pub struct IbmProtectedKey { ++ kind: ListableSecretType, ++ key: Confidential>, ++} ++ ++impl IbmProtectedKey { ++ /// Get the binary representation of the key. ++ pub fn data(&self) -> &[u8] { ++ self.key.value() ++ } ++ ++ /// Converts a [`IbmProtectedKey`] into a vector. ++ pub fn into_bytes(self) -> Confidential> { ++ self.key ++ } ++ ++ /// Get the data in PEM format. ++ /// ++ /// # Errors ++ /// ++ /// This function will return an error if the PEM conversion failed (very unlikely). ++ pub fn to_pem(&self) -> Result { ++ Pem::new( ++ "IBM PROTECTED KEY", ++ format!("kind: {}", self.kind), ++ self.key.value(), ++ ) ++ } ++ ++ fn new(kind: ListableSecretType, key: K) -> Self ++ where ++ K: Into>>, ++ { ++ Self { ++ kind, ++ key: key.into(), ++ } ++ } ++} ++ ++impl From for RetrievedSecret { ++ fn from(value: RetrieveCmd) -> Self { ++ let kind = value.meta_data().stype(); ++ let key = value.into_key(); ++ ++ match kind { ++ ListableSecretType::Retrievable(RetrievableSecret::PlainText) => { ++ // Will not run into default, retrieve has a granularity of 16 bytes and 16 bytes is the ++ // minimum size ++ let len = U16::::read_from_prefix(key.value()) ++ .unwrap_or_default() ++ .get() as usize; ++ ++ // Test if the plain text secret has a size: ++ // 1. len <= 8190 ++ // 2. first two bytes are max 15 less than buffer-size+2 ++ // 3. bytes after len + 2 are zero ++ match len <= MAX_SIZE_PLAIN_PAYLOAD ++ && key.value().len() - (len + 2) < 15 ++ && key.value()[len + 2..].iter().all(|c| *c == 0) ++ { ++ false => Self::Plaintext(key), ++ true => Self::Plaintext(key.value()[2..len + 2].to_vec().into()), ++ } ++ } ++ kind => { ++ match kind { ++ ListableSecretType::Retrievable(_) => (), ++ _ => warn!("Retrieved an unretrievable Secret! Will continue; interpreting it as a protected key."), ++ } ++ Self::ProtectedKey(IbmProtectedKey::new(kind, key)) ++ } ++ } ++ } ++} ++ ++/// A retrieved Secret. ++#[derive(Debug, PartialEq, Eq)] ++pub enum RetrievedSecret { ++ /// A plaintext secret ++ Plaintext(Confidential>), ++ /// An [`IbmProtectedKey`] ++ ProtectedKey(IbmProtectedKey), ++} ++ ++impl RetrievedSecret { ++ /// Create a new IBM PROTECTED KEY object ++ pub fn from_cmd(cmd: RetrieveCmd) -> Self { ++ cmd.into() ++ } ++ ++ /// Get the binary representation of the key. ++ pub fn data(&self) -> &[u8] { ++ match self { ++ RetrievedSecret::Plaintext(p) => p.value(), ++ RetrievedSecret::ProtectedKey(p) => p.data(), ++ } ++ } ++ ++ /// Converts a [`IbmProtectedKey`] into a vector. ++ pub fn into_bytes(self) -> Confidential> { ++ match self { ++ RetrievedSecret::Plaintext(p) => p, ++ RetrievedSecret::ProtectedKey(p) => p.into_bytes(), ++ } ++ } ++ /// Get the data in PEM format. ++ /// ++ /// # Errors ++ /// ++ /// This function will return an error if the PEM conversion failed (very unlikely). ++ pub fn to_pem(&self) -> Result { ++ match self { ++ RetrievedSecret::Plaintext(p) => Pem::new("PLAINTEXT SECRET", None, p.value()), ++ RetrievedSecret::ProtectedKey(p) => p.to_pem(), ++ } ++ } ++} ++ ++#[cfg(test)] ++mod test { ++ use super::*; ++ use pv_core::uv::*; ++ ++ fn mk_retr(secret: &[u8]) -> RetrievedSecret { ++ let entry = SecretEntry::new( ++ 0, ++ ListableSecretType::Retrievable(RetrievableSecret::PlainText), ++ SecretId::default(), ++ secret.len() as u32, ++ ); ++ let mut cmd = RetrieveCmd::from_entry(entry).unwrap(); ++ cmd.data().unwrap().copy_from_slice(secret); ++ RetrievedSecret::from_cmd(cmd) ++ } ++ ++ #[test] ++ fn from_retr_cmd() { ++ let secret = vec![0, 10, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xa, 0, 0, 0, 0]; ++ let prot_key = mk_retr(&secret); ++ let exp = RetrievedSecret::Plaintext(secret[2..12].to_vec().into()); ++ assert_eq!(prot_key, exp); ++ } ++ ++ #[test] ++ fn from_retr_inv_size() { ++ let secret = vec![0x20; 32]; ++ let prot_key = mk_retr(&secret); ++ let exp = RetrievedSecret::Plaintext(secret.into()); ++ assert_eq!(prot_key, exp); ++ } ++ ++ #[test] ++ fn from_retr_inv_no_zero_after_end() { ++ let secret = vec![0, 10, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xa, 1, 0, 0, 0]; ++ let prot_key = mk_retr(&secret); ++ let exp = RetrievedSecret::Plaintext(secret.into()); ++ assert_eq!(prot_key, exp); ++ } ++ ++ #[test] ++ fn from_retr_inv_to_much_padding() { ++ let secret = vec![ ++ 0, 10, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xa, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, ++ ]; ++ let prot_key = mk_retr(&secret); ++ let exp = RetrievedSecret::Plaintext(secret.into()); ++ assert_eq!(prot_key, exp); ++ } ++ ++ #[test] ++ fn from_retr_0_size() { ++ let secret = vec![0x00; 32]; ++ let prot_key = mk_retr(&secret); ++ let exp = RetrievedSecret::Plaintext(secret.into()); ++ assert_eq!(prot_key, exp); ++ } ++ ++ #[test] ++ fn plain_text_pem() { ++ let exp = "\ ++ -----BEGIN PLAINTEXT SECRET-----\n\ ++ ERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERER\n\ ++ -----END PLAINTEXT SECRET-----\n"; ++ let prot = RetrievedSecret::Plaintext(vec![17; 48].into()); ++ let pem = prot.to_pem().unwrap(); ++ let pem_str = pem.to_string(); ++ assert_eq!(pem_str, exp); ++ } ++ ++ #[test] ++ fn prot_key_pem() { ++ let exp = "\ ++ -----BEGIN IBM PROTECTED KEY-----\n\ ++ kind: AES-128-KEY\n\n\ ++ ERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERER\n\ ++ -----END IBM PROTECTED KEY-----\n"; ++ let prot = IbmProtectedKey::new( ++ ListableSecretType::Retrievable(RetrievableSecret::Aes(AesSizes::Bits128)), ++ vec![17; 48], ++ ); ++ let pem = prot.to_pem().unwrap(); ++ let pem_str = pem.to_string(); ++ assert_eq!(pem_str, exp); ++ } ++} diff --git a/s390-tools-General-update-07.patch b/s390-tools-General-update-07.patch new file mode 100644 index 0000000..d468f05 --- /dev/null +++ b/s390-tools-General-update-07.patch @@ -0,0 +1,95 @@ +From a14f9d4edcc5db0d54e4fbe3ec3d98c7c270bf8e Mon Sep 17 00:00:00 2001 +From: Steffen Eiden +Date: Fri, 13 Dec 2024 15:04:02 +0100 +Subject: [PATCH] rust/pvsecret: Improve CLI +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Improve the wording of the help/man text/ + +Acked-by: Marc Hartmayer +Reviewed-by: Christoph Schlameuss +Signed-off-by: Steffen Eiden +Signed-off-by: Jan Höppner +--- + rust/pvsecret/src/cli.rs | 26 +++++++++++++------------- + 1 file changed, 13 insertions(+), 13 deletions(-) + +diff --git a/rust/pvsecret/src/cli.rs b/rust/pvsecret/src/cli.rs +index 6deaaebd..c4b9f2b3 100644 +--- a/rust/pvsecret/src/cli.rs ++++ b/rust/pvsecret/src/cli.rs +@@ -37,8 +37,8 @@ pub struct CreateSecretOpt { + + /// Specifies the header of the guest image. + /// +- /// Can be an IBM Secure Execution image created by genprotimg or an extracted IBM Secure +- /// Execution header. The header must start at a page boundary. ++ /// Can be an IBM Secure Execution image created by 'pvimg/genprotimg' or an ++ /// extracted IBM Secure Execution header. + #[arg(long, value_name = "FILE", value_hint = ValueHint::FilePath)] + pub hdr: String, + +@@ -150,12 +150,12 @@ pub enum AddSecretType { + + /// Create an association secret. + /// +- /// Use an association secret to connect a trusted I/O device to a guest. The `pvapconfig` tool ++ /// Use an association secret to connect a trusted I/O device to a guest. The 'pvapconfig' tool + /// provides more information about association secrets. + Association { +- /// String to identify the new secret. ++ /// String that identifies the new secret. + /// +- /// The actual secret is set with --input-secret. The name is saved in `NAME.yaml` with ++ /// The actual secret is set with '--input-secret'. The name is saved in `NAME.yaml` with + /// white-spaces mapped to `_`. + name: String, + +@@ -166,15 +166,15 @@ pub enum AddSecretType { + stdout: bool, + + /// Path from which to read the plaintext secret. Uses a random secret if not specified. +- #[arg(long, value_name = "FILE", value_hint = ValueHint::FilePath, conflicts_with("output_secret"))] ++ #[arg(long, value_name = "SECRET-FILE", value_hint = ValueHint::FilePath, conflicts_with("output_secret"))] + input_secret: Option, + +- /// Save the generated secret as plaintext in FILE. ++ /// Save the generated secret as plaintext in SECRET-FILE. + /// + /// The generated secret can be used to generate add-secret requests for a different guest +- /// with the same secret using --input-secret. Destroy the secret when it is not used ++ /// with the same secret using '--input-secret'. Destroy the secret when it is not used + /// anymore. +- #[arg(long, value_name = "FILE", value_hint = ValueHint::FilePath,)] ++ #[arg(long, value_name = "SECRET-FILE", value_hint = ValueHint::FilePath,)] + output_secret: Option, + }, + } +@@ -243,13 +243,13 @@ pub enum Command { + /// Create a new add-secret request. + /// + /// Create add-secret requests for IBM Secure Execution guests. Only create these requests in a +- /// trusted environment, such as your workstation. The `pvattest create` command creates a ++ /// trusted environment, such as your workstation. The 'pvattest create' command creates a + /// randomly generated key to protect the request. The generated requests can then be added on +- /// an IBM Secure Execution guest using `pvsecret add`. The guest can then use the secrets with ++ /// an IBM Secure Execution guest using 'pvsecret add'. The guest can then use the secrets with + /// the use case depending on the secret type. + Create(Box), + +- /// Perform an add-secret request (s390x only). ++ /// Submit an add-secret request to the Ultravisor (s390x only). + /// + /// Perform an add-secret request using a previously generated add-secret request. Only + /// available on s390x. +@@ -258,7 +258,7 @@ pub enum Command { + /// Lock the secret-store (s390x only). + /// + /// Lock the secret store (s390x only). After this command executed successfully, all +- /// add-secret requests will fail. Only available on s390x. ++ /// subsequent add-secret requests will fail. Only available on s390x. + Lock, + + /// List all ultravisor secrets (s390x only). diff --git a/s390-tools-General-update-08.patch b/s390-tools-General-update-08.patch new file mode 100644 index 0000000..6fdd2d3 --- /dev/null +++ b/s390-tools-General-update-08.patch @@ -0,0 +1,423 @@ +From 93da795520ca2f0a73cfbfc951a9b16437a1b95b Mon Sep 17 00:00:00 2001 +From: Steffen Eiden +Date: Mon, 19 Feb 2024 15:15:16 +0100 +Subject: [PATCH] rust/pvsecret: Add support for retrievable secrets +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Support for creating and retrieving retrievable secrets. + +Acked-by: Marc Hartmayer +Reviewed-by: Christoph Schlameuss +Signed-off-by: Steffen Eiden +Signed-off-by: Jan Höppner +--- + rust/pvsecret/src/cli.rs | 129 +++++++++++++++++++++++++++++++- + rust/pvsecret/src/cmd.rs | 6 +- + rust/pvsecret/src/cmd/create.rs | 30 +++++++- + rust/pvsecret/src/cmd/list.rs | 12 ++- + rust/pvsecret/src/cmd/retr.rs | 62 +++++++++++++++ + rust/pvsecret/src/main.rs | 1 + + 6 files changed, 230 insertions(+), 10 deletions(-) + create mode 100644 rust/pvsecret/src/cmd/retr.rs + +diff --git a/rust/pvsecret/src/cli.rs b/rust/pvsecret/src/cli.rs +index c4b9f2b3..4e747682 100644 +--- a/rust/pvsecret/src/cli.rs ++++ b/rust/pvsecret/src/cli.rs +@@ -1,7 +1,10 @@ + // SPDX-License-Identifier: MIT + // +-// Copyright IBM Corp. 2023 ++// Copyright IBM Corp. 2023, 2024 + ++use std::fmt::Display; ++ ++use clap::error::ErrorKind::ValueValidation; + use clap::{ArgGroup, Args, CommandFactory, Parser, Subcommand, ValueEnum, ValueHint}; + use utils::{CertificateOptions, DeprecatedVerbosityOptions, STDOUT}; + +@@ -177,6 +180,72 @@ pub enum AddSecretType { + #[arg(long, value_name = "SECRET-FILE", value_hint = ValueHint::FilePath,)] + output_secret: Option, + }, ++ ++ /// Create a retrievable secret. ++ /// ++ /// A retrievable secret is stored in the per-guest storage of the Ultravisor. A SE-guest can ++ /// retrieve the secret at runtime and use it. All retrievable secrets, but the plaintext ++ /// secret, are retrieved as wrapped/protected key objects and only usable inside the current, ++ /// running SE-guest instance. ++ #[command(visible_alias = "retr")] ++ Retrievable { ++ /// String that identifies the new secret. ++ /// ++ /// The actual secret is set with '--secret'. The name is saved in `NAME.yaml` with ++ /// white-spaces mapped to `_`. ++ name: String, ++ ++ /// Print the hashed name to stdout. ++ /// ++ /// The hashed name is not written to `NAME.yaml` ++ #[arg(long)] ++ stdout: bool, ++ ++ /// Use SECRET-FILE as retrievable secret ++ #[arg(long, value_name = "SECRET-FILE", value_hint = ValueHint::FilePath)] ++ secret: String, ++ ++ /// Specify the secret type. ++ /// ++ /// Limitations to the input data apply depending on the secret type. ++ #[arg(long = "type", value_name = "TYPE")] ++ kind: RetrieveableSecretInpKind, ++ }, ++} ++ ++#[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, ValueEnum, Debug)] ++pub enum RetrieveableSecretInpKind { ++ /// A plaintext secret. ++ /// Can be any file up to 8190 bytes long ++ Plain, ++ /// An AES key. ++ /// Must be a plain byte file 128, 192, or 256 bit long. ++ Aes, ++ /// An AES-XTS key. ++ /// Must be a plain byte file 512, or 1024 bit long. ++ AesXts, ++ /// A HMAC-SHA key. ++ /// Must be a plain byte file 512, or 1024 bit long. ++ HmacSha, ++ /// An elliptic curve private key. ++ /// Must be a PEM or DER file. ++ Ec, ++} ++ ++impl Display for RetrieveableSecretInpKind { ++ fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { ++ write!( ++ f, ++ "{}", ++ match self { ++ Self::Plain => "PLAINTEXT", ++ Self::Aes => "AES KEY", ++ Self::AesXts => "AES-XTS KEY", ++ Self::HmacSha => "HMAC-SHA KEY", ++ Self::Ec => "EC PRIVATE KEY", ++ } ++ ) ++ } + } + + // all members s390x only +@@ -238,6 +307,56 @@ pub struct VerifyOpt { + pub output: String, + } + ++// all members s390x only ++#[derive(Args, Debug)] ++pub struct RetrSecretOptions { ++ /// Specify the secret ID to be retrieved. ++ /// ++ /// Input type depends on '--inform'. If `yaml` (default) is specified, it must be a yaml ++ /// created by the create subcommand of this tool. If `hex` is specified, it must be a hex ++ /// 32-byte unsigned big endian number string. Leading zeros are required. ++ #[cfg(target_arch = "s390x")] ++ #[arg(value_name = "ID", value_hint = ValueHint::FilePath)] ++ pub input: String, ++ ++ /// Specify the output path to place the secret value ++ #[cfg(target_arch = "s390x")] ++ #[arg(short, long, value_name = "FILE", default_value = STDOUT, value_hint = ValueHint::FilePath)] ++ pub output: String, ++ ++ /// Define input type for the Secret ID ++ #[cfg(target_arch = "s390x")] ++ #[arg(long, value_enum, default_value_t)] ++ pub inform: RetrInpFmt, ++ ++ /// Define the output format for the retrieved secret ++ #[cfg(target_arch = "s390x")] ++ #[arg(long, value_enum, default_value_t)] ++ pub outform: RetrOutFmt, ++} ++ ++#[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, ValueEnum, Debug, Default)] ++pub enum RetrInpFmt { ++ /// Use a yaml file ++ #[default] ++ Yaml, ++ /// Use a hex string. ++ Hex, ++} ++ ++#[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, ValueEnum, Debug, Default)] ++pub enum RetrOutFmt { ++ /// Write the secret as PEM. ++ /// ++ /// File starts with `-----BEGIN IBM PROTECTED KEY----` and `-----BEGIN ++ /// PLAINTEXT SECRET-----` for plaintext secrets it contains one header ++ /// line with the type information and the base64 protected key ++ #[default] ++ Pem, ++ /// Write the secret in binary. ++ Bin, ++} ++ + #[derive(Subcommand, Debug)] + pub enum Command { + /// Create a new add-secret request. +@@ -274,6 +393,10 @@ pub enum Command { + /// provided key. Outputs the arbitrary user-data. + Verify(VerifyOpt), + ++ /// Retrieve a secret from the UV secret store (s390x only). ++ #[command(visible_alias = "retr")] ++ Retrieve(RetrSecretOptions), ++ + /// Print version information and exit. + #[command(aliases(["--version"]), hide(true))] + Version, +@@ -294,13 +417,13 @@ pub fn validate_cli(cli: &CliOptions) -> Result<(), clap::Error> { + } + if secret_out == &Some(format!("{name}.yaml")) { + return Err(CliOptions::command().error( +- clap::error::ErrorKind::ValueValidation, ++ ValueValidation, + format!("Secret output file and the secret name '{name}.yaml' are the same."), + )); + } + if format!("{name}.yaml") == opt.output { + return Err(CliOptions::command().error( +- clap::error::ErrorKind::ValueValidation, ++ ValueValidation, + format!( + "output file and the secret name '{}' are the same.", + &opt.output +diff --git a/rust/pvsecret/src/cmd.rs b/rust/pvsecret/src/cmd.rs +index a826fb31..10d99a5b 100644 +--- a/rust/pvsecret/src/cmd.rs ++++ b/rust/pvsecret/src/cmd.rs +@@ -16,6 +16,8 @@ mod add; + mod list; + #[cfg(target_arch = "s390x")] + mod lock; ++#[cfg(target_arch = "s390x")] ++mod retr; + + // Commands (directly) related to UVCs are only available on s389x + #[cfg(target_arch = "s390x")] +@@ -24,12 +26,13 @@ mod uv_cmd { + pub use add::add; + pub use list::list; + pub use lock::lock; ++ pub use retr::retr; + pub const UV_CMD_FN: &[&str] = &["+add", "+lock", "+list"]; + } + + #[cfg(not(target_arch = "s390x"))] + mod uv_cmd { +- use crate::cli::{AddSecretOpt, ListSecretOpt}; ++ use crate::cli::{AddSecretOpt, ListSecretOpt, RetrSecretOptions}; + use anyhow::{bail, Result}; + macro_rules! not_supp { + ($name: ident $( ,$opt: ty )?) => { +@@ -40,6 +43,7 @@ mod uv_cmd { + } + not_supp!(add, AddSecretOpt); + not_supp!(list, ListSecretOpt); ++ not_supp!(retr, RetrSecretOptions); + not_supp!(lock); + pub const UV_CMD_FN: &[&str] = &[]; + } +diff --git a/rust/pvsecret/src/cmd/create.rs b/rust/pvsecret/src/cmd/create.rs +index 9251c38c..73089a12 100644 +--- a/rust/pvsecret/src/cmd/create.rs ++++ b/rust/pvsecret/src/cmd/create.rs +@@ -4,7 +4,6 @@ + + use std::path::Path; + +-use crate::cli::{AddSecretType, CreateSecretFlags, CreateSecretOpt}; + use anyhow::{anyhow, bail, Context, Error, Result}; + use log::{debug, info, trace, warn}; + use pv::{ +@@ -22,6 +21,8 @@ use pv::{ + use serde_yaml::Value; + use utils::get_writer_from_cli_file_arg; + ++use crate::cli::{AddSecretType, CreateSecretFlags, CreateSecretOpt, RetrieveableSecretInpKind}; ++ + fn write_out(path: &P, data: D, ctx: &str) -> pv::Result<()> + where + P: AsRef, +@@ -32,6 +33,23 @@ where + Ok(()) + } + ++fn retrievable(name: &str, secret: &str, kind: &RetrieveableSecretInpKind) -> Result { ++ let secret_data = read_file(secret, &format!("retrievable {kind}"))?.into(); ++ ++ match kind { ++ RetrieveableSecretInpKind::Plain => GuestSecret::plaintext(name, secret_data), ++ RetrieveableSecretInpKind::Aes => GuestSecret::aes(name, secret_data), ++ RetrieveableSecretInpKind::AesXts => GuestSecret::aes_xts(name, secret_data), ++ RetrieveableSecretInpKind::HmacSha => GuestSecret::hmac_sha(name, secret_data), ++ RetrieveableSecretInpKind::Ec => GuestSecret::ec( ++ name, ++ read_private_key(secret_data.value()) ++ .with_context(|| format!("Cannot read {secret} as {kind} from PEM or DER"))?, ++ ), ++ } ++ .map_err(Error::from) ++} ++ + /// Prepare an add-secret request + pub fn create(opt: &CreateSecretOpt) -> Result<()> { + if pv_guest_bit_set() { +@@ -88,6 +106,9 @@ fn build_asrcb(opt: &CreateSecretOpt) -> Result { + input_secret: None, + .. + } => GuestSecret::association(name, None)?, ++ AddSecretType::Retrievable { ++ name, secret, kind, .. ++ } => retrievable(name, secret, kind)?, + }; + trace!("AddSecret: {secret:x?}"); + +@@ -136,7 +157,9 @@ fn build_asrcb(opt: &CreateSecretOpt) -> Result { + .as_ref() + .map(|p| read_file(p, "User-signing key")) + .transpose()? +- .map(|buf| read_private_key(&buf)) ++ .map(|buf| { ++ read_private_key(&buf).context("Cannot read {secret} as private key from PEM or DER") ++ }) + .transpose()?; + + if user_data.is_some() || user_key.is_some() { +@@ -258,6 +281,9 @@ fn write_secret>( + write_out(path, guest_secret.confidential(), "Association secret")? + } + } ++ AddSecretType::Retrievable { name, stdout, .. } => { ++ write_yaml(name, guest_secret, stdout, outp_path)? ++ } + _ => (), + }; + Ok(()) +diff --git a/rust/pvsecret/src/cmd/list.rs b/rust/pvsecret/src/cmd/list.rs +index f7e3a72b..0bd9eca4 100644 +--- a/rust/pvsecret/src/cmd/list.rs ++++ b/rust/pvsecret/src/cmd/list.rs +@@ -3,21 +3,25 @@ + // Copyright IBM Corp. 2023 + + use crate::cli::{ListSecretOpt, ListSecretOutputType}; +-use anyhow::{Context, Result}; ++use anyhow::{Context, Error, Result}; + use log::warn; + use pv::uv::{ListCmd, SecretList, UvDevice, UvcSuccess}; + use utils::{get_writer_from_cli_file_arg, STDOUT}; + + /// Do a List Secrets UVC +-pub fn list(opt: &ListSecretOpt) -> Result<()> { +- let uv = UvDevice::open()?; ++pub fn list_uvc(uv: &UvDevice) -> Result { + let mut cmd = ListCmd::default(); + match uv.send_cmd(&mut cmd)? { + UvcSuccess::RC_SUCCESS => (), + UvcSuccess::RC_MORE_DATA => warn!("There is more data available than expected"), + }; ++ cmd.try_into().map_err(Error::new) ++} + +- let secret_list: SecretList = cmd.try_into()?; ++/// Do a List Secrets UVC and output the list in the requested format ++pub fn list(opt: &ListSecretOpt) -> Result<()> { ++ let uv = UvDevice::open()?; ++ let secret_list = list_uvc(&uv)?; + let mut wr_out = get_writer_from_cli_file_arg(&opt.output)?; + + match &opt.format { +diff --git a/rust/pvsecret/src/cmd/retr.rs b/rust/pvsecret/src/cmd/retr.rs +new file mode 100644 +index 00000000..7f7704cc +--- /dev/null ++++ b/rust/pvsecret/src/cmd/retr.rs +@@ -0,0 +1,62 @@ ++// SPDX-License-Identifier: MIT ++// ++// Copyright IBM Corp. 2024 ++ ++use super::list::list_uvc; ++use crate::cli::{RetrInpFmt, RetrOutFmt, RetrSecretOptions}; ++use anyhow::{anyhow, bail, Context, Result}; ++use log::{debug, info}; ++use pv::{ ++ misc::open_file, ++ misc::write, ++ secret::{GuestSecret, RetrievedSecret}, ++ uv::{RetrieveCmd, SecretId, UvDevice}, ++}; ++use utils::get_writer_from_cli_file_arg; ++ ++fn retrieve(id: &SecretId) -> Result { ++ let uv = UvDevice::open()?; ++ let secrets = list_uvc(&uv)?; ++ let secret = secrets ++ .into_iter() ++ .find(|s| s.id() == id.as_ref()) ++ .ok_or(anyhow!( ++ "The UV secret-store has no secret with the ID {id}" ++ ))?; ++ ++ info!("Try to retrieve secret at index: {}", secret.index()); ++ debug!("Try to retrieve: {secret:?}"); ++ ++ let mut uv_cmd = RetrieveCmd::from_entry(secret)?; ++ uv.send_cmd(&mut uv_cmd)?; ++ ++ Ok(RetrievedSecret::from_cmd(uv_cmd)) ++} ++ ++pub fn retr(opt: &RetrSecretOptions) -> Result<()> { ++ let mut output = get_writer_from_cli_file_arg(&opt.output)?; ++ let id = match &opt.inform { ++ RetrInpFmt::Yaml => match serde_yaml::from_reader(&mut open_file(&opt.input)?)? { ++ GuestSecret::Retrievable { id, .. } => id, ++ gs => bail!("The file contains a {gs}-secret, which is not retrievable."), ++ }, ++ RetrInpFmt::Hex => { ++ serde_yaml::from_str(&opt.input).context("Cannot parse SecretId information")? ++ } ++ }; ++ ++ let retr_secret = ++ retrieve(&id).context("Could not retrieve the secret from the UV secret store.")?; ++ ++ let out_data = match opt.outform { ++ RetrOutFmt::Bin => retr_secret.into_bytes(), ++ RetrOutFmt::Pem => retr_secret.to_pem()?.into_bytes(), ++ }; ++ write( ++ &mut output, ++ out_data.value(), ++ &opt.output, ++ "IBM Protected Key", ++ )?; ++ Ok(()) ++} +diff --git a/rust/pvsecret/src/main.rs b/rust/pvsecret/src/main.rs +index 502a6ea0..883a3ee2 100644 +--- a/rust/pvsecret/src/main.rs ++++ b/rust/pvsecret/src/main.rs +@@ -45,6 +45,7 @@ fn main() -> ExitCode { + Command::Create(opt) => cmd::create(opt), + Command::Version => Ok(print_version!("2024", log_level; FEATURES.concat())), + Command::Verify(opt) => cmd::verify(opt), ++ Command::Retrieve(opt) => cmd::retr(opt), + }; + + match res { diff --git a/s390-tools-General-update-09.patch b/s390-tools-General-update-09.patch new file mode 100644 index 0000000..ee9844f --- /dev/null +++ b/s390-tools-General-update-09.patch @@ -0,0 +1,313 @@ +From 256289a30aa5d3f6a4d2631dea69d1dc47205150 Mon Sep 17 00:00:00 2001 +From: Steffen Eiden +Date: Wed, 12 Jun 2024 16:23:31 +0200 +Subject: [PATCH] rust/pv_core: Refactor secret list +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Improve the secret list implementation. Use structs+{As,From}Bytes +instead of arbitrary seeks and reads/writes to parse the secret list. + +Acked-by: Marc Hartmayer +Reviewed-by: Christoph Schlameuss +Signed-off-by: Steffen Eiden +Signed-off-by: Jan Höppner +--- + rust/pv_core/src/uvdevice.rs | 10 ++ + rust/pv_core/src/uvdevice/secret_list.rs | 124 ++++++++++++++--------- + 2 files changed, 86 insertions(+), 48 deletions(-) + +diff --git a/rust/pv_core/src/uvdevice.rs b/rust/pv_core/src/uvdevice.rs +index e9848243..e701366d 100644 +--- a/rust/pv_core/src/uvdevice.rs ++++ b/rust/pv_core/src/uvdevice.rs +@@ -163,6 +163,16 @@ pub enum UvcSuccess { + RC_MORE_DATA = UvDevice::RC_MORE_DATA, + } + ++impl UvcSuccess { ++ /// Returns true if there is more data available ++ pub fn more_data(&self) -> bool { ++ match self { ++ Self::RC_SUCCESS => false, ++ Self::RC_MORE_DATA => true, ++ } ++ } ++} ++ + /// The `UvDevice` is a (virtual) device on s390 machines to send Ultravisor commands(UVCs) from + /// userspace. + /// +diff --git a/rust/pv_core/src/uvdevice/secret_list.rs b/rust/pv_core/src/uvdevice/secret_list.rs +index 4e955010..d7c268c9 100644 +--- a/rust/pv_core/src/uvdevice/secret_list.rs ++++ b/rust/pv_core/src/uvdevice/secret_list.rs +@@ -4,16 +4,16 @@ + + use crate::{ + assert_size, +- misc::to_u16, + uv::{AesSizes, AesXtsSizes, EcCurves, HmacShaSizes, ListCmd, RetrievableSecret}, + uvdevice::UvCmd, + Error, Result, + }; +-use byteorder::{BigEndian, ByteOrder, ReadBytesExt, WriteBytesExt}; ++use byteorder::{BigEndian, ByteOrder}; + use serde::{Deserialize, Serialize, Serializer}; + use std::{ + fmt::Display, + io::{Cursor, Read, Seek, Write}, ++ mem::size_of, + slice::Iter, + vec::IntoIter, + }; +@@ -31,7 +31,7 @@ impl SecretId { + /// Size in bytes of the [`SecretId`] + pub const ID_SIZE: usize = 32; + +- /// Create a [`SecretId`] forom a buffer. ++ /// Create a [`SecretId`] from a buffer. + pub fn from(buf: [u8; Self::ID_SIZE]) -> Self { + buf.into() + } +@@ -120,7 +120,7 @@ impl SecretEntry { + &self.index + } + +- /// Returns the secret type of this [`SecretEntry`]. ++ /// Returns the secret type of this [`SecretEntry`] + pub fn stype(&self) -> ListableSecretType { + self.stype.get().into() + } +@@ -161,12 +161,45 @@ impl Display for SecretEntry { + } + } + ++#[repr(C)] ++#[derive(Debug, FromBytes, AsBytes, FromZeroes, Clone, PartialEq, Eq, Default, Serialize)] ++struct SecretListHdr { ++ #[serde(skip)] ++ num_secrets_stored: U16, ++ #[serde(serialize_with = "ser_u16")] ++ total_num_secrets: U16, ++ #[serde(skip)] ++ next_secret_idx: U16, ++ #[serde(skip)] ++ reserved_06: u16, ++ #[serde(skip)] ++ reserved_08: u64, ++} ++ ++impl SecretListHdr { ++ fn new(num_secrets_stored: u16, total_num_secrets: u16, next_secret_idx: u16) -> Self { ++ Self { ++ num_secrets_stored: num_secrets_stored.into(), ++ total_num_secrets: total_num_secrets.into(), ++ next_secret_idx: next_secret_idx.into(), ++ reserved_06: 0, ++ reserved_08: 0, ++ } ++ } ++} ++assert_size!(SecretListHdr, 16); ++ + /// List of secrets used to parse the [`crate::uv::ListCmd`] result. + /// +-/// The list should not hold more than 0xffffffff elements +-#[derive(Debug, PartialEq, Eq, Serialize)] ++/// The list should ONLY be created from an UV-Call result using either: ++/// - [`TryInto::try_into`] from [`ListCmd`] ++/// - [`SecretList::decode`] ++/// Any other ways can create invalid lists that do not represent the UV secret store. ++/// The list must not hold more than [`u32::MAX`] elements ++#[derive(Debug, PartialEq, Eq, Serialize, Default)] + pub struct SecretList { +- total_num_secrets: usize, ++ #[serde(flatten)] ++ hdr: SecretListHdr, + secrets: Vec, + } + +@@ -202,10 +235,14 @@ impl SecretList { + /// The content of this list will very likely not represent the status of the guest in the + /// Ultravisor. Use of [`SecretList::decode`] in any non-test environments is encuraged. + pub fn new(total_num_secrets: u16, secrets: Vec) -> Self { +- Self { +- total_num_secrets: total_num_secrets as usize, ++ Self::new_with_hdr( ++ SecretListHdr::new(total_num_secrets, total_num_secrets, 0), + secrets, +- } ++ ) ++ } ++ ++ fn new_with_hdr(hdr: SecretListHdr, secrets: Vec) -> Self { ++ Self { hdr, secrets } + } + + /// Returns an iterator over the slice. +@@ -229,19 +266,12 @@ impl SecretList { + /// + /// This number may be not equal to the provided number of [`SecretEntry`] + pub fn total_num_secrets(&self) -> usize { +- self.total_num_secrets ++ self.hdr.total_num_secrets.get() as usize + } + + /// Encodes the list in the same binary format the UV would do + pub fn encode(&self, w: &mut T) -> Result<()> { +- let num_s = to_u16(self.secrets.len()).ok_or(Error::ManySecrets)?; +- w.write_u16::(num_s)?; +- w.write_u16::( +- self.total_num_secrets +- .try_into() +- .map_err(|_| Error::ManySecrets)?, +- )?; +- w.write_all(&[0u8; 12])?; ++ w.write_all(self.hdr.as_bytes())?; + for secret in &self.secrets { + w.write_all(secret.as_bytes())?; + } +@@ -250,19 +280,20 @@ impl SecretList { + + /// Decodes the list from the binary format of the UV into this internal representation + pub fn decode(r: &mut R) -> std::io::Result { +- let num_s = r.read_u16::()?; +- let total_num_secrets = r.read_u16::()? as usize; +- let mut v: Vec = Vec::with_capacity(num_s as usize); +- r.seek(std::io::SeekFrom::Current(12))?; // skip reserved bytes ++ let mut buf = [0u8; size_of::()]; ++ r.read_exact(&mut buf)?; ++ let hdr = SecretListHdr::ref_from(&buf).unwrap(); ++ + let mut buf = [0u8; SecretEntry::STRUCT_SIZE]; +- for _ in 0..num_s { ++ let mut v = Vec::with_capacity(hdr.num_secrets_stored.get() as usize); ++ for _ in 0..hdr.num_secrets_stored.get() { + r.read_exact(&mut buf)?; + // cannot fail. buffer has the same size as the secret entry + let secr = SecretEntry::read_from(buf.as_slice()).unwrap(); + v.push(secr); + } + Ok(Self { +- total_num_secrets, ++ hdr: hdr.clone(), + secrets: v, + }) + } +@@ -278,7 +309,7 @@ impl TryFrom for SecretList { + + impl Display for SecretList { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { +- writeln!(f, "Total number of secrets: {}", self.total_num_secrets)?; ++ writeln!(f, "Total number of secrets: {}", self.total_num_secrets())?; + if !self.secrets.is_empty() { + writeln!(f)?; + } +@@ -481,8 +512,8 @@ mod test { + let buf = [ + 0x00u8, 0x01, // num secr stored + 0x01, 0x12, // total num secrets +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, // reserved ++ 0x01, 0x01, // next valid idx ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // reserved + // secret + 0x00, 0x01, 0x00, 0x02, // idx + type + 0x00, 0x00, 0x00, 0x20, // len +@@ -493,16 +524,16 @@ mod test { + 0x00, 0x00, 0x00, 0x00, + ]; + +- let exp = SecretList { +- total_num_secrets: 0x112, +- secrets: vec![SecretEntry { ++ let exp = SecretList::new_with_hdr( ++ SecretListHdr::new(0x001, 0x112, 0x101), ++ vec![SecretEntry { + index: 1.into(), + stype: 2.into(), + len: 32.into(), + res_8: 0, + id: SecretId::from([0; 32]), + }], +- }; ++ ); + + let mut br = BufReader::new(Cursor::new(buf)); + let sl = SecretList::decode(&mut br).unwrap(); +@@ -514,8 +545,8 @@ mod test { + const EXP: &[u8] = &[ + 0x00, 0x01, // num secr stored + 0x01, 0x12, // total num secrets +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, // reserved ++ 0x01, 0x01, // next valid idx ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // reserved + // secret + 0x00, 0x01, 0x00, 0x02, // idx + type + 0x00, 0x00, 0x00, 0x20, // len +@@ -526,16 +557,16 @@ mod test { + 0x00, 0x00, 0x00, 0x00, + ]; + +- let sl = SecretList { +- total_num_secrets: 0x112, +- secrets: vec![SecretEntry { ++ let sl = SecretList::new_with_hdr( ++ SecretListHdr::new(0x001, 0x112, 0x101), ++ vec![SecretEntry { + index: 1.into(), + stype: 2.into(), + len: 32.into(), + res_8: 0, + id: SecretId::from([0; 32]), + }], +- }; ++ ); + + let mut buf = [0u8; 0x40]; + { +@@ -587,26 +618,23 @@ mod test { + + #[test] + fn secret_list_ser() { +- let list = SecretList { +- total_num_secrets: 0x112, +- secrets: vec![SecretEntry { ++ let list = SecretList::new_with_hdr( ++ SecretListHdr::new(0x001, 0x112, 0x101), ++ vec![SecretEntry { + index: 1.into(), + stype: 2.into(), + len: 32.into(), + res_8: 0, + id: SecretId::from([0; 32]), + }], +- }; ++ ); + + assert_ser_tokens( + &list, + &[ +- Token::Struct { +- name: "SecretList", +- len: 2, +- }, ++ Token::Map { len: None }, + Token::String("total_num_secrets"), +- Token::U64(0x112), ++ Token::U16(0x112), + Token::String("secrets"), + Token::Seq { len: Some(1) }, + Token::Struct { +@@ -623,7 +651,7 @@ mod test { + Token::String("0x0000000000000000000000000000000000000000000000000000000000000000"), + Token::StructEnd, + Token::SeqEnd, +- Token::StructEnd, ++ Token::MapEnd, + ], + ) + } diff --git a/s390-tools-General-update-10.patch b/s390-tools-General-update-10.patch new file mode 100644 index 0000000..01b0dbc --- /dev/null +++ b/s390-tools-General-update-10.patch @@ -0,0 +1,111 @@ +From 93216d916c479ee1292aa1d598ac9c0e7f585bd8 Mon Sep 17 00:00:00 2001 +From: Steffen Eiden +Date: Wed, 12 Jun 2024 16:35:15 +0200 +Subject: [PATCH] rust/pv*: Support longer secret lists +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Make use of the enhanced list secrets UAPI for the uvdevice in the latest kernel +version. This allows fetching secret lists with more than 85 entries via +reserving more userspace memory in the IOCTL argument. + +While at it, move the errno readout next to the ioctl-syscall. + +Acked-by: Marc Hartmayer +Reviewed-by: Christoph Schlameuss +Signed-off-by: Steffen Eiden +Signed-off-by: Jan Höppner +--- + rust/pv_core/src/uvdevice.rs | 6 ++++-- + rust/pv_core/src/uvdevice/secret.rs | 11 +++++++++++ + rust/pvsecret/src/cmd/list.rs | 28 +++++++++++++++++++++------- + 3 files changed, 36 insertions(+), 9 deletions(-) + +diff --git a/rust/pv_core/src/uvdevice.rs b/rust/pv_core/src/uvdevice.rs +index e701366d..689748a1 100644 +--- a/rust/pv_core/src/uvdevice.rs ++++ b/rust/pv_core/src/uvdevice.rs +@@ -59,11 +59,13 @@ fn ioctl_raw(raw_fd: RawFd, cmd: c_ulong, cb: &mut IoctlCb) -> Result<()> { + rc = ioctl(raw_fd, cmd, cb.as_ptr_mut()); + } + ++ // NOTE io::Error handles all errnos ioctl uses ++ let errno = std::io::Error::last_os_error(); ++ + debug!("ioctl resulted with {cb:?}"); + match rc { + 0 => Ok(()), +- // NOTE io::Error handles all errnos ioctl uses +- _ => Err(std::io::Error::last_os_error().into()), ++ _ => Err(errno.into()), + } + } + +diff --git a/rust/pv_core/src/uvdevice/secret.rs b/rust/pv_core/src/uvdevice/secret.rs +index 263f17d5..cb5b7233 100644 +--- a/rust/pv_core/src/uvdevice/secret.rs ++++ b/rust/pv_core/src/uvdevice/secret.rs +@@ -24,6 +24,17 @@ impl ListCmd { + Self(vec![0; size]) + } + ++ /// Create a new list secrets command with `pages` capacity. ++ /// ++ /// * `pages` - number pf pages to allocate for this IOCTL ++ /// ++ /// # Panic ++ /// This function will trigger a panic if the allocation size is larger than [`usize::MAX`]. ++ /// Very likely an OOM situation occurs way before this! ++ pub fn with_pages(pages: usize) -> Self { ++ Self::with_size(pages * PAGESIZE) ++ } ++ + /// Create a new list secrets command with a one page capacity + pub fn new() -> Self { + Self::with_size(PAGESIZE) +diff --git a/rust/pvsecret/src/cmd/list.rs b/rust/pvsecret/src/cmd/list.rs +index 0bd9eca4..56294cac 100644 +--- a/rust/pvsecret/src/cmd/list.rs ++++ b/rust/pvsecret/src/cmd/list.rs +@@ -2,19 +2,33 @@ + // + // Copyright IBM Corp. 2023 + ++use std::io::ErrorKind; ++ + use crate::cli::{ListSecretOpt, ListSecretOutputType}; + use anyhow::{Context, Error, Result}; +-use log::warn; +-use pv::uv::{ListCmd, SecretList, UvDevice, UvcSuccess}; ++use log::{info, warn}; ++use pv::uv::{ListCmd, SecretList, UvDevice}; + use utils::{get_writer_from_cli_file_arg, STDOUT}; + ++const SECRET_LIST_BUF_SIZE: usize = 4; ++ + /// Do a List Secrets UVC + pub fn list_uvc(uv: &UvDevice) -> Result { +- let mut cmd = ListCmd::default(); +- match uv.send_cmd(&mut cmd)? { +- UvcSuccess::RC_SUCCESS => (), +- UvcSuccess::RC_MORE_DATA => warn!("There is more data available than expected"), +- }; ++ let mut cmd = ListCmd::with_pages(SECRET_LIST_BUF_SIZE); ++ let more_data = match uv.send_cmd(&mut cmd) { ++ Ok(v) => Ok(v), ++ Err(pv::PvCoreError::Io(e)) if e.kind() == ErrorKind::InvalidInput => { ++ info!("Uvdevice does not suport longer list. Fallback to one page list."); ++ cmd = ListCmd::default(); ++ uv.send_cmd(&mut cmd) ++ } ++ Err(e) => Err(e), ++ }? ++ .more_data(); ++ if more_data { ++ warn!("The secret list contains more data but the uvdevice cannot show all."); ++ } ++ + cmd.try_into().map_err(Error::new) + } + diff --git a/s390-tools-General-update-11.patch b/s390-tools-General-update-11.patch new file mode 100644 index 0000000..8bb5da9 --- /dev/null +++ b/s390-tools-General-update-11.patch @@ -0,0 +1,387 @@ +From ff04f76257791593c8f92374f295a0c478e3b0f7 Mon Sep 17 00:00:00 2001 +From: Steffen Eiden +Date: Mon, 5 Aug 2024 09:34:47 +0200 +Subject: [PATCH] rust/pv*: Allow the use of non-hashes secret IDs +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Secret IDs identify a secret in the store. Tooling (pvsecret) calculates +them by hashing a user-defined string. With this patch it is now +possible to skip the hash step and directly use the input string as the +ID. Up to the first 31 bytes of the input ASCII-string are used. The last byte +is the NUL char. During list pvsecret tries to interpret the secret +as ASCII string and if possible displays the ASCII characters alongside +the hex number. + +Also, use the Upper/Lower Hex formatters for the hexstring formatting of +SecretId. Display will, additionally show the ASCII representation if +applicable. + +While at it, use Self wherever possible. + +Acked-by: Marc Hartmayer +Reviewed-by: Christoph Schlameuss +Signed-off-by: Steffen Eiden +Signed-off-by: Jan Höppner +--- + rust/pv/src/uvsecret/guest_secret.rs | 16 ++- + rust/pv_core/src/uvdevice/secret_list.rs | 163 ++++++++++++++++++++--- + rust/pvsecret/src/cli.rs | 8 ++ + rust/pvsecret/src/cmd/create.rs | 4 +- + rust/pvsecret/src/cmd/retr.rs | 14 +- + 5 files changed, 184 insertions(+), 21 deletions(-) + +diff --git a/rust/pv/src/uvsecret/guest_secret.rs b/rust/pv/src/uvsecret/guest_secret.rs +index 3bad6d3c..87b58bb8 100644 +--- a/rust/pv/src/uvsecret/guest_secret.rs ++++ b/rust/pv/src/uvsecret/guest_secret.rs +@@ -92,7 +92,8 @@ macro_rules! retr_constructor { + } + + impl GuestSecret { +- fn name_to_id(name: &str) -> Result { ++ /// Hashes the name with sha256 ++ pub fn name_to_id(name: &str) -> Result { + let id: [u8; SecretId::ID_SIZE] = hash(MessageDigest::sha256(), name.as_bytes())? + .to_vec() + .try_into() +@@ -135,6 +136,19 @@ impl GuestSecret { + retr_constructor!(#[doc = r"This function will return an error if OpenSSL cannot create a hash or the curve is invalid"] + | #[doc = r"EC PRIVATE Key"] => PKey, ec); + ++ /// Use the name as ID, do not hash it ++ pub fn no_hash_name(&mut self) { ++ match self { ++ Self::Null => (), ++ Self::Association { ++ name, ref mut id, .. ++ } ++ | Self::Retrievable { ++ name, ref mut id, .. ++ } => id.clone_from(&SecretId::from_string(name)), ++ } ++ } ++ + /// Reference to the confidential data + pub fn confidential(&self) -> &[u8] { + match &self { +diff --git a/rust/pv_core/src/uvdevice/secret_list.rs b/rust/pv_core/src/uvdevice/secret_list.rs +index d7c268c9..7c7e63b5 100644 +--- a/rust/pv_core/src/uvdevice/secret_list.rs ++++ b/rust/pv_core/src/uvdevice/secret_list.rs +@@ -11,7 +11,9 @@ use crate::{ + use byteorder::{BigEndian, ByteOrder}; + use serde::{Deserialize, Serialize, Serializer}; + use std::{ +- fmt::Display, ++ cmp::min, ++ ffi::CStr, ++ fmt::{Debug, Display, LowerHex, UpperHex}, + io::{Cursor, Read, Seek, Write}, + mem::size_of, + slice::Iter, +@@ -35,6 +37,33 @@ impl SecretId { + pub fn from(buf: [u8; Self::ID_SIZE]) -> Self { + buf.into() + } ++ ++ /// Create a Id from a string ++ /// ++ /// Uses the first 31 bytes from `name` as id ++ /// Does not hash anything. Byte 32 is the NUL char ++ pub fn from_string(name: &str) -> Self { ++ let len = min(name.len(), Self::ID_SIZE - 1); ++ let mut res = Self::default(); ++ res.0[0..len].copy_from_slice(&name.as_bytes()[0..len]); ++ res ++ } ++ ++ /// Tries to represent the Id as printable-ASCII string ++ pub fn as_ascii(&self) -> Option<&str> { ++ if let Ok(t) = CStr::from_bytes_until_nul(&self.0) { ++ if let Ok(t) = t.to_str() { ++ if !t.is_empty() ++ && t.chars() ++ .all(|c| c.is_ascii_whitespace() | c.is_ascii_graphic()) ++ && self.0[t.len()..].iter().all(|b| *b == 0) ++ { ++ return Some(t); ++ } ++ } ++ }; ++ None ++ } + } + + impl Serialize for SecretId { +@@ -42,8 +71,8 @@ impl Serialize for SecretId { + where + S: Serializer, + { +- // calls Display at one point +- ser.serialize_str(&self.to_string()) ++ // calls LowerHex at one point ++ ser.serialize_str(&format!("{self:#x}")) + } + } + +@@ -56,12 +85,36 @@ impl<'de> Deserialize<'de> for SecretId { + } + } + ++impl UpperHex for SecretId { ++ fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { ++ if f.alternate() { ++ write!(f, "0x")?; ++ } ++ for b in self.0 { ++ write!(f, "{b:02X}")?; ++ } ++ Ok(()) ++ } ++} ++ ++impl LowerHex for SecretId { ++ fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { ++ if f.alternate() { ++ write!(f, "0x")?; ++ } ++ for b in self.0 { ++ write!(f, "{b:02x}")?; ++ } ++ Ok(()) ++ } ++} ++ + impl Display for SecretId { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { +- let mut s = String::with_capacity(32 * 2 + 2); +- s.push_str("0x"); +- let s = self.0.iter().fold(s, |acc, e| acc + &format!("{e:02x}")); +- write!(f, "{s}") ++ if let Some(s) = self.as_ascii() { ++ write!(f, "{s} | ")?; ++ } ++ write!(f, "{self:#x}") + } + } + +@@ -79,7 +132,7 @@ impl AsRef<[u8]> for SecretId { + + /// A secret in a [`SecretList`] + #[repr(C)] +-#[derive(Debug, PartialEq, Eq, AsBytes, FromZeroes, FromBytes, Serialize)] ++#[derive(Debug, Clone, PartialEq, Eq, AsBytes, FromZeroes, FromBytes, Serialize)] + pub struct SecretEntry { + #[serde(serialize_with = "ser_u16")] + index: U16, +@@ -153,11 +206,7 @@ impl Display for SecretEntry { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + let stype: ListableSecretType = self.stype.get().into(); + writeln!(f, "{} {}:", self.index, stype)?; +- write!(f, " ")?; +- for b in self.id.as_ref() { +- write!(f, "{b:02x}")?; +- } +- Ok(()) ++ write!(f, " {}", self.id) + } + } + +@@ -269,6 +318,11 @@ impl SecretList { + self.hdr.total_num_secrets.get() as usize + } + ++ /// Find the first [`SecretEntry`] that has the provided [`SecretId`] ++ pub fn find(&self, id: &SecretId) -> Option { ++ self.iter().find(|e| e.id() == id.as_ref()).cloned() ++ } ++ + /// Encodes the list in the same binary format the UV would do + pub fn encode(&self, w: &mut T) -> Result<()> { + w.write_all(self.hdr.as_bytes())?; +@@ -456,7 +510,7 @@ where + type Value = [u8; SecretId::ID_SIZE]; + + fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result { +- formatter.write_str("a `32 bytes long hexstring` prepended with 0x") ++ formatter.write_str("a `32 bytes (=64 character) long hexstring` prepended with 0x") + } + + fn visit_str(self, s: &str) -> Result +@@ -464,7 +518,10 @@ where + E: serde::de::Error, + { + if s.len() != SecretId::ID_SIZE * 2 + "0x".len() { +- return Err(serde::de::Error::invalid_length(s.len() - 2, &self)); ++ return Err(serde::de::Error::invalid_length( ++ s.len().saturating_sub("0x".len()), ++ &self, ++ )); + } + let nb = s.strip_prefix("0x").ok_or_else(|| { + serde::de::Error::invalid_value(serde::de::Unexpected::Str(s), &self) +@@ -655,4 +712,80 @@ mod test { + ], + ) + } ++ ++ #[test] ++ fn secret_id_display() { ++ let text = "Fancy secret ID"; ++ let id = SecretId::from_string(text); ++ ++ let exp = ++ "Fancy secret ID | 0x46616e6379207365637265742049440000000000000000000000000000000000"; ++ assert_eq!(id.to_string(), exp); ++ } ++ ++ #[test] ++ fn secret_id_long_name() { ++ let text = "the most fanciest secret ID you ever seen in the time the universe exists"; ++ let id = SecretId::from_string(text); ++ let exp = ++ "the most fanciest secret ID you | 0x746865206d6f73742066616e63696573742073656372657420494420796f7500"; ++ assert_eq!(id.to_string(), exp); ++ } ++ ++ #[test] ++ fn secret_id_no_ascii_name() { ++ let text = [0; 32]; ++ let id = SecretId::from(text); ++ ++ let exp = "0x0000000000000000000000000000000000000000000000000000000000000000"; ++ assert_eq!(id.to_string(), exp); ++ } ++ ++ #[test] ++ fn secret_id_no_ascii_name2() { ++ let text = [ ++ 0x25, 0x55, 3, 4, 50, 0, 6, 0, 8, 0, 0, 0, 0, 0, 0, 0, 90, 0, 0xa, 0, 0, 0, 0, 0xf, 0, ++ 0, 0, 0, 0, 0, 0, 0, ++ ]; ++ let id = SecretId::from(text); ++ assert_eq!(id.as_ascii(), None); ++ } ++ ++ #[test] ++ fn secret_id_no_ascii_name3() { ++ let text = [ ++ 0x25, 0x55, 0, 4, 50, 0, 6, 0, 8, 0, 0, 0, 0, 0, 0, 0, 90, 0, 0xa, 0, 0, 0, 0, 0xf, 0, ++ 0, 0, 0, 0, 0, 0, 0, ++ ]; ++ let id = SecretId::from(text); ++ assert_eq!(id.as_ascii(), None); ++ } ++ ++ #[test] ++ fn secret_id_hex() { ++ let id_str = "Nice Test 123"; ++ let id = SecretId::from_string(id_str); ++ ++ let s = format!("{id:#x}"); ++ assert_eq!( ++ s, ++ "0x4e69636520546573742031323300000000000000000000000000000000000000" ++ ); ++ let s = format!("{id:x}"); ++ assert_eq!( ++ s, ++ "4e69636520546573742031323300000000000000000000000000000000000000" ++ ); ++ let s = format!("{id:#X}"); ++ assert_eq!( ++ s, ++ "0x4E69636520546573742031323300000000000000000000000000000000000000" ++ ); ++ ++ let s = format!("{id:X}"); ++ assert_eq!( ++ s, ++ "4E69636520546573742031323300000000000000000000000000000000000000" ++ ); ++ } + } +diff --git a/rust/pvsecret/src/cli.rs b/rust/pvsecret/src/cli.rs +index 4e747682..d858fc29 100644 +--- a/rust/pvsecret/src/cli.rs ++++ b/rust/pvsecret/src/cli.rs +@@ -141,6 +141,12 @@ pub struct CreateSecretOpt { + /// by default. + #[arg(long, value_name = "FILE", value_hint = ValueHint::FilePath,)] + pub user_sign_key: Option, ++ ++ /// Do not hash the name, use it directly as secret ID. ++ /// ++ /// Ignored for meta-secrets. ++ #[arg(long)] ++ pub use_name: bool, + } + + #[derive(Subcommand, Debug)] +@@ -342,6 +348,8 @@ pub enum RetrInpFmt { + Yaml, + /// Use a hex string. + Hex, ++ /// Use a name-string. Will hash it if no secret with the name found. ++ Name, + } + + #[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, ValueEnum, Debug, Default)] +diff --git a/rust/pvsecret/src/cmd/create.rs b/rust/pvsecret/src/cmd/create.rs +index 73089a12..fab37e67 100644 +--- a/rust/pvsecret/src/cmd/create.rs ++++ b/rust/pvsecret/src/cmd/create.rs +@@ -94,7 +94,7 @@ fn read_private_key(buf: &[u8]) -> Result> { + fn build_asrcb(opt: &CreateSecretOpt) -> Result { + debug!("Build add-secret request"); + +- let secret = match &opt.secret { ++ let mut secret = match &opt.secret { + AddSecretType::Meta => GuestSecret::Null, + AddSecretType::Association { + name, +@@ -112,6 +112,8 @@ fn build_asrcb(opt: &CreateSecretOpt) -> Result { + }; + trace!("AddSecret: {secret:x?}"); + ++ opt.use_name.then(|| secret.no_hash_name()); ++ + let mut flags = match &opt.pcf { + Some(v) => (&try_parse_u64(v, "pcf")?).into(), + None => AddSecretFlags::default(), +diff --git a/rust/pvsecret/src/cmd/retr.rs b/rust/pvsecret/src/cmd/retr.rs +index 7f7704cc..ad3e91c3 100644 +--- a/rust/pvsecret/src/cmd/retr.rs ++++ b/rust/pvsecret/src/cmd/retr.rs +@@ -17,12 +17,17 @@ use utils::get_writer_from_cli_file_arg; + fn retrieve(id: &SecretId) -> Result { + let uv = UvDevice::open()?; + let secrets = list_uvc(&uv)?; +- let secret = secrets +- .into_iter() +- .find(|s| s.id() == id.as_ref()) ++ let secret = match secrets.find(id) { ++ Some(s) => s, ++ // hash it + try again if it is ASCII-representable ++ None => match id.as_ascii() { ++ Some(s) => secrets.find(&GuestSecret::name_to_id(s)?), ++ None => None, ++ } + .ok_or(anyhow!( + "The UV secret-store has no secret with the ID {id}" +- ))?; ++ ))?, ++ }; + + info!("Try to retrieve secret at index: {}", secret.index()); + debug!("Try to retrieve: {secret:?}"); +@@ -43,6 +48,7 @@ pub fn retr(opt: &RetrSecretOptions) -> Result<()> { + RetrInpFmt::Hex => { + serde_yaml::from_str(&opt.input).context("Cannot parse SecretId information")? + } ++ RetrInpFmt::Name => SecretId::from_string(&opt.input), + }; + + let retr_secret = diff --git a/s390-tools-General-update-12.patch b/s390-tools-General-update-12.patch new file mode 100644 index 0000000..6e679a9 --- /dev/null +++ b/s390-tools-General-update-12.patch @@ -0,0 +1,1207 @@ +From a8a3e7d49cb0d3a069dacbe54c91a31b76876846 Mon Sep 17 00:00:00 2001 +From: Steffen Eiden +Date: Tue, 22 Oct 2024 17:53:17 +0200 +Subject: [PATCH] rust/pvsecret: Update manuals and README +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Acked-by: Marc Hartmayer +Reviewed-by: Christoph Schlameuss +Signed-off-by: Steffen Eiden +Signed-off-by: Jan Höppner +--- + rust/pvsecret/README.md | 222 ++++++++++++++---- + rust/pvsecret/man/pvsecret-add.1 | 9 +- + .../man/pvsecret-create-association.1 | 26 +- + rust/pvsecret/man/pvsecret-create-meta.1 | 7 +- + .../man/pvsecret-create-retrievable.1 | 74 ++++++ + rust/pvsecret/man/pvsecret-create.1 | 111 +++++---- + rust/pvsecret/man/pvsecret-list.1 | 17 +- + rust/pvsecret/man/pvsecret-lock.1 | 7 +- + rust/pvsecret/man/pvsecret-retrieve.1 | 77 ++++++ + rust/pvsecret/man/pvsecret-verify.1 | 17 +- + rust/pvsecret/man/pvsecret.1 | 34 ++- + 11 files changed, 449 insertions(+), 152 deletions(-) + create mode 100644 rust/pvsecret/man/pvsecret-create-retrievable.1 + create mode 100644 rust/pvsecret/man/pvsecret-retrieve.1 + +diff --git a/rust/pvsecret/README.md b/rust/pvsecret/README.md +index b31d3deb..711f81d7 100644 +--- a/rust/pvsecret/README.md ++++ b/rust/pvsecret/README.md +@@ -32,7 +32,7 @@ Create a new add-secret request + + - **add** +
    +-Perform an add-secret request (s390x only) ++Submit an add-secret request to the Ultravisor (s390x only) +
+ + - **lock** +@@ -50,23 +50,34 @@ List all ultravisor secrets (s390x only) + Verify that an add-secret request is sane + + ++- **retrieve** ++
    ++Retrieve a secret from the UV secret store (s390x only) ++
++ + ## Options + + `-v`, `--verbose` +
    +-Provide more detailed output ++Provide more detailed output. ++
++ ++ ++`-q`, `--quiet` ++
    ++Provide less output. +
+ + + `--version` +
    +-Print version information and exit ++Print version information and exit. +
+ + + `-h`, `--help` +
    +-Print help ++Print help (see a summary with '-h'). +
+ + +@@ -95,12 +106,17 @@ Create a meta secret + Create an association secret + + ++- **retrievable** ++
    ++Create a retrievable secret ++
++ + ### Options + + `-k`, `--host-key-document ` +
    + Use FILE as a host-key document. Can be specified multiple times and must be +-used at least once. ++specified at least once. +
+ + +@@ -114,7 +130,7 @@ the host-key document beforehand. + + `-C`, `--cert ` +
    +-Use FILE as a certificate to verify the host key or keys. The certificates are ++Use FILE as a certificate to verify the host-key or keys. The certificates are + used to establish a chain of trust for the verification of the host-key + documents. Specify this option twice to specify the IBM Z signing key and the + intermediate CA certificate (signed by the root CA). +@@ -123,15 +139,15 @@ intermediate CA certificate (signed by the root CA). + + `--crl ` +
      +-Use FILE as a certificate revocation list. The list is used to check whether a +-certificate of the chain of trust is revoked. Specify this option multiple times +-to use multiple CRLs. ++Use FILE as a certificate revocation list (CRL). The list is used to check ++whether a certificate of the chain of trust is revoked. Specify this option ++multiple times to use multiple CRLs. +
    + + + `--offline` +
      +-Make no attempt to download CRLs ++Make no attempt to download CRLs. +
    + + +@@ -146,8 +162,7 @@ specified certificate. + `--hdr ` +
      + Specifies the header of the guest image. Can be an IBM Secure Execution image +-created by genprotimg or an extracted IBM Secure Execution header. The header +-must start at a page boundary. ++created by 'pvimg/genprotimg' or an extracted IBM Secure Execution header. +
    + + +@@ -162,7 +177,7 @@ behavior. + + `-o`, `--output ` +
      +-Write the generated request to FILE ++Write the generated request to FILE. +
    + + +@@ -209,15 +224,15 @@ the request. + + `--flags ` +
      +-Flags for the add-secret request ++Flags for the add-secret request. + Possible values: +- - **disable-dump**: Disables host-initiated dumping for the target guest instance ++ - **disable-dump**: Disables host-initiated dumping for the target guest instance. +
    + + + `--user-data ` +
      +-Use the content of FILE as user-data. Passes user data defined in through ++Use the content of FILE as user-data. Passes user data defined in FILE through + the add-secret request to the ultravisor. The user data can be up to 512 bytes + of arbitrary data, and the maximum size depends on the size of the user-signing + key: +@@ -236,19 +251,25 @@ Optional. No user-data by default. + `--user-sign-key ` +
        + Use the content of FILE as user signing key. Adds a signature calculated from +-the key in to the add-secret request. The file must be in DER or PEM +-format containing a private key. Supported are RSA 2048 & 3072-bit and +-EC(secp521r1) keys. The firmware ignores the content, but the request tag +-protects the signature. The user-signing key signs the request. The location of +-the signature is filled with zeros during the signature calculation. The request +-tag also secures the signature. See man pvsecret verify for more details. +-Optional. No signature by default. ++the key in FILE to the add-secret request. The file must be in DER or PEM format ++containing a private key. Supported are RSA 2048 & 3072-bit and EC(secp521r1) ++keys. The firmware ignores the content, but the request tag protects the ++signature. The user-signing key signs the request. The location of the signature ++is filled with zeros during the signature calculation. The request tag also ++secures the signature. See man pvsecret verify for more details. Optional. No ++signature by default. ++
      ++ ++ ++`--use-name` ++
        ++Do not hash the name, use it directly as secret ID. Ignored for meta-secrets. +
      + + + `-h`, `--help` +
        +-Print help ++Print help (see a summary with '-h'). +
      + + +@@ -265,14 +286,15 @@ of secrets. + `pvsecret create association [OPTIONS] ` + #### Description + Create an association secret. Use an association secret to connect a trusted I/O +-device to a guest. The `pvapconfig` tool provides more information about ++device to a guest. The 'pvapconfig' tool provides more information about + association secrets. + #### Arguments + + `` +
        +-String to identify the new secret. The actual secret is set with --input-secret. +-The name is saved in `NAME.yaml` with white-spaces mapped to `_`. ++String that identifies the new secret. The actual secret is set with ++'--input-secret'. The name is saved in `NAME.yaml` with white-spaces mapped to ++`_`. +
      + + +@@ -284,24 +306,76 @@ Print the hashed name to stdout. The hashed name is not written to `NAME.yaml` +
    + + +-`--input-secret ` ++`--input-secret ` +
      + Path from which to read the plaintext secret. Uses a random secret if not +-specified ++specified. ++
    ++ ++ ++`--output-secret ` ++
      ++Save the generated secret as plaintext in SECRET-FILE. The generated secret can ++be used to generate add-secret requests for a different guest with the same ++secret using '--input-secret'. Destroy the secret when it is not used anymore. ++
    ++ ++ ++`-h`, `--help` ++
      ++Print help (see a summary with '-h'). ++
    ++ ++ ++### pvsecret create retrievable ++#### Synopsis ++`pvsecret create retrievable [OPTIONS] --secret --type ` ++`pvsecret create retr [OPTIONS] --secret --type ` ++#### Description ++Create a retrievable secret. A retrievable secret is stored in the per-guest ++storage of the Ultravisor. A SE-guest can retrieve the secret at runtime and use ++it. All retrievable secrets, but the plaintext secret, are retrieved as ++wrapped/protected key objects and only usable inside the current, running ++SE-guest instance. ++#### Arguments ++ ++`` ++
      ++String that identifies the new secret. The actual secret is set with '--secret'. ++The name is saved in `NAME.yaml` with white-spaces mapped to `_`. ++
    ++ ++ ++#### Options ++ ++`--stdout` ++
      ++Print the hashed name to stdout. The hashed name is not written to `NAME.yaml` ++
    ++ ++ ++`--secret ` ++
      ++Use SECRET-FILE as retrievable secret. +
    + + +-`--output-secret ` ++`--type ` +
      +-Save the generated secret as plaintext in FILE. The generated secret can be used +-to generate add-secret requests for a different guest with the same secret using +---input-secret. Destroy the secret when it is not used anymore. ++Specify the secret type. Limitations to the input data apply depending on the ++secret type. ++ Possible values: ++ - **plain**: A plaintext secret. Can be any file up to 8190 bytes long. ++ - **aes**: An AES key. Must be a plain byte file 128, 192, or 256 bit long. ++ - **aes-xts**: An AES-XTS key. Must be a plain byte file 512, or 1024 bit long. ++ - **hmac-sha**: A HMAC-SHA key. Must be a plain byte file 512, or 1024 bit long. ++ - **ec**: An elliptic curve private key. Must be a PEM or DER file. +
    + + + `-h`, `--help` +
      +-Print help ++Print help (see a summary with '-h'). +
    + + +@@ -309,13 +383,14 @@ Print help + ### Synopsis + `pvsecret add ` + ### Description +-Perform an add-secret request (s390x only). Perform an add-secret request using +-a previously generated add-secret request. Only available on s390x. ++Submit an add-secret request to the Ultravisor (s390x only). Perform an ++add-secret request using a previously generated add-secret request. Only ++available on s390x. + ### Arguments + + `` +
      +-Specify the request to be sent ++Specify the request to be sent. +
    + + +@@ -325,8 +400,8 @@ Specify the request to be sent + `pvsecret lock` + ### Description + Lock the secret-store (s390x only). Lock the secret store (s390x only). After +-this command executed successfully, all add-secret requests will fail. Only +-available on s390x. ++this command executed successfully, all subsequent add-secret requests will ++fail. Only available on s390x. + + ## pvsecret list + ### Synopsis +@@ -339,7 +414,7 @@ Execution guest. Only available on s390x. + + `` +
      +-Store the result in FILE ++Store the result in FILE. + Default value: '-' +
    + +@@ -348,18 +423,18 @@ Store the result in FILE + + `--format ` +
      +-Define the output format of the list ++Define the output format of the list. + Default value: 'human' + Possible values: +- - **human**: Human-focused, non-parsable output format +- - **yaml**: Use yaml format +- - **bin**: Use the format the ultravisor uses to pass the list ++ - **human**: Human-focused, non-parsable output format. ++ - **yaml**: Use yaml format. ++ - **bin**: Use the format the ultravisor uses to pass the list. +
    + + + `-h`, `--help` +
      +-Print help ++Print help (see a summary with '-h'). +
    + + +@@ -407,7 +482,7 @@ The verification process works as follows: + + `` +
      +-Specify the request to be checked ++Specify the request to be checked. +
    + + +@@ -435,5 +510,58 @@ contains this user-data with padded zeros if available. + + `-h`, `--help` +
      +-Print help ++Print help (see a summary with '-h'). ++
    ++ ++ ++## pvsecret retrieve ++### Synopsis ++`pvsecret retrieve [OPTIONS] ` ++`pvsecret retr [OPTIONS] ` ++### Description ++Retrieve a secret from the UV secret store (s390x only) ++### Arguments ++ ++`` ++
      ++Specify the secret ID to be retrieved. Input type depends on '--inform'. If ++`yaml` (default) is specified, it must be a yaml created by the create ++subcommand of this tool. If `hex` is specified, it must be a hex 32-byte ++unsigned big endian number string. Leading zeros are required. ++
    ++ ++ ++### Options ++ ++`-o`, `--output ` ++
      ++Specify the output path to place the secret value. ++ Default value: '-' ++
    ++ ++ ++`--inform ` ++
      ++Define input type for the Secret ID. ++ Default value: 'yaml' ++ Possible values: ++ - **yaml**: Use a yaml file. ++ - **hex**: Use a hex string. ++ - **name**: Use a name-string. Will hash it if no secret with the name found. ++
    ++ ++ ++`--outform ` ++
      ++Define the output format for the retrieved secret. ++ Default value: 'pem' ++ Possible values: ++ - **pem**: Write the secret as PEM. ++ - **bin**: Write the secret in binary. ++
    ++ ++ ++`-h`, `--help` ++
      ++Print help (see a summary with '-h'). +
    +diff --git a/rust/pvsecret/man/pvsecret-add.1 b/rust/pvsecret/man/pvsecret-add.1 +index a84702f5..5ac54a91 100644 +--- a/rust/pvsecret/man/pvsecret-add.1 ++++ b/rust/pvsecret/man/pvsecret-add.1 +@@ -3,12 +3,11 @@ + .\" it under the terms of the MIT license. See LICENSE for details. + .\" + +-.TH pvsecret-add 1 "2024-05-21" "s390-tools" "UV-Secret Manual" ++.TH "PVSECRET-ADD" "1" "2024-12-19" "s390-tools" "UV-Secret Manual" + .nh + .ad l + .SH NAME +-\fBpvsecret add\fP - Perform an add-secret request (s390x only) +-\fB ++pvsecret-add \- Submit an add-secret request to the Ultravisor (s390x only) + .SH SYNOPSIS + .nf + .fam C +@@ -16,7 +15,7 @@ pvsecret add + .fam C + .fi + .SH DESCRIPTION +-Perform an add-secret request using a previously generated add-secret request. ++Perform an add\-secret request using a previously generated add\-secret request. + Only available on s390x. + .SH OPTIONS + .PP +@@ -29,7 +28,7 @@ Specify the request to be sent. + .PP + \-h, \-\-help + .RS 4 +-Print help. ++Print help (see a summary with \fB\-h\fR). + .RE + .RE + +diff --git a/rust/pvsecret/man/pvsecret-create-association.1 b/rust/pvsecret/man/pvsecret-create-association.1 +index 5704d30c..87a411e5 100644 +--- a/rust/pvsecret/man/pvsecret-create-association.1 ++++ b/rust/pvsecret/man/pvsecret-create-association.1 +@@ -3,12 +3,11 @@ + .\" it under the terms of the MIT license. See LICENSE for details. + .\" + +-.TH pvsecret-create-association 1 "2024-05-21" "s390-tools" "UV-Secret Manual" ++.TH "PVSECRET-CREATE-ASSOCIATION" "1" "2024-12-19" "s390-tools" "UV-Secret Manual" + .nh + .ad l + .SH NAME +-\fBpvsecret create association\fP - Create an association secret +-\fB ++pvsecret-create-association \- Create an association secret + .SH SYNOPSIS + .nf + .fam C +@@ -17,14 +16,14 @@ pvsecret create association [OPTIONS] + .fi + .SH DESCRIPTION + Use an association secret to connect a trusted I/O device to a guest. The +-`pvapconfig` tool provides more information about association secrets. ++\fBpvapconfig\fR tool provides more information about association secrets. + .SH OPTIONS + .PP + + .RS 4 +-String to identify the new secret. The actual secret is set with +-\fB--input-secret\fR. The name is saved in `NAME.yaml` with white-spaces mapped +-to `_`. ++String that identifies the new secret. The actual secret is set with ++\fB\-\-input\-secret\fR. The name is saved in `NAME.yaml` with white\-spaces ++mapped to `_`. + .RE + .RE + +@@ -35,24 +34,25 @@ Print the hashed name to stdout. The hashed name is not written to `NAME.yaml` + .RE + .RE + .PP +-\-\-input-secret ++\-\-input\-secret + .RS 4 + Path from which to read the plaintext secret. Uses a random secret if not + specified. + .RE + .RE + .PP +-\-\-output-secret ++\-\-output\-secret + .RS 4 +-Save the generated secret as plaintext in FILE. The generated secret can be used +-to generate add-secret requests for a different guest with the same secret using +-\fB--input-secret\fR. Destroy the secret when it is not used anymore. ++Save the generated secret as plaintext in SECRET\-FILE. The generated secret can ++be used to generate add\-secret requests for a different guest with the same ++secret using \fB\-\-input\-secret\fR. Destroy the secret when it is not used ++anymore. + .RE + .RE + .PP + \-h, \-\-help + .RS 4 +-Print help. ++Print help (see a summary with \fB\-h\fR). + .RE + .RE + +diff --git a/rust/pvsecret/man/pvsecret-create-meta.1 b/rust/pvsecret/man/pvsecret-create-meta.1 +index c89cee77..78a57a22 100644 +--- a/rust/pvsecret/man/pvsecret-create-meta.1 ++++ b/rust/pvsecret/man/pvsecret-create-meta.1 +@@ -1,14 +1,13 @@ +-.\" Copyright 2023 IBM Corp. ++.\" Copyright 2023, 2024 IBM Corp. + .\" s390-tools is free software; you can redistribute it and/or modify + .\" it under the terms of the MIT license. See LICENSE for details. + .\" + +-.TH pvsecret-create-meta 1 "2024-01-30" "s390-tools" "UV-Secret Manual" ++.TH "PVSECRET-CREATE-META" "1" "2024-12-19" "s390-tools" "UV-Secret Manual" + .nh + .ad l + .SH NAME +-\fBpvsecret create meta\fP - Create a meta secret +-\fB ++pvsecret-create-meta \- Create a meta secret + .SH SYNOPSIS + .nf + .fam C +diff --git a/rust/pvsecret/man/pvsecret-create-retrievable.1 b/rust/pvsecret/man/pvsecret-create-retrievable.1 +new file mode 100644 +index 00000000..0d7575eb +--- /dev/null ++++ b/rust/pvsecret/man/pvsecret-create-retrievable.1 +@@ -0,0 +1,74 @@ ++.\" Copyright 2024 IBM Corp. ++.\" s390-tools is free software; you can redistribute it and/or modify ++.\" it under the terms of the MIT license. See LICENSE for details. ++.\" ++ ++.TH "PVSECRET-CREATE-RETRIEVABLE" "1" "2024-12-19" "s390-tools" "UV-Secret Manual" ++.nh ++.ad l ++.SH NAME ++pvsecret-create-retrievable \- Create a retrievable secret ++.SH SYNOPSIS ++.nf ++.fam C ++pvsecret create retrievable [OPTIONS] --secret --type ++pvsecret create retr [OPTIONS] --secret --type ++.fam C ++.fi ++.SH DESCRIPTION ++A retrievable secret is stored in the per\-guest storage of the Ultravisor. A ++SE\-guest can retrieve the secret at runtime and use it. All retrievable ++secrets, but the plaintext secret, are retrieved as wrapped/protected key ++objects and only usable inside the current, running SE\-guest instance. ++.SH OPTIONS ++.PP ++ ++.RS 4 ++String that identifies the new secret. The actual secret is set with ++\fB\-\-secret\fR. The name is saved in `NAME.yaml` with white\-spaces mapped to ++`_`. ++.RE ++.RE ++ ++.PP ++\-\-stdout ++.RS 4 ++Print the hashed name to stdout. The hashed name is not written to `NAME.yaml` ++.RE ++.RE ++.PP ++\-\-secret ++.RS 4 ++Use SECRET\-FILE as retrievable secret. ++.RE ++.RE ++.PP ++\-\-type ++.RS 4 ++Specify the secret type. Limitations to the input data apply depending on the ++secret type. ++ ++Possible values: ++.RS 4 ++\- \fBplain\fP: A plaintext secret. Can be any file up to 8190 bytes long. ++ ++\- \fBaes\fP: An AES key. Must be a plain byte file 128, 192, or 256 bit long. ++ ++\- \fBaes-xts\fP: An AES-XTS key. Must be a plain byte file 512, or 1024 bit long. ++ ++\- \fBhmac-sha\fP: A HMAC-SHA key. Must be a plain byte file 512, or 1024 bit long. ++ ++\- \fBec\fP: An elliptic curve private key. Must be a PEM or DER file. ++ ++.RE ++.RE ++.PP ++\-h, \-\-help ++.RS 4 ++Print help (see a summary with \fB\-h\fR). ++.RE ++.RE ++ ++.SH "SEE ALSO" ++.sp ++\fBpvsecret\fR(1) \fBpvsecret-create\fR(1) +diff --git a/rust/pvsecret/man/pvsecret-create.1 b/rust/pvsecret/man/pvsecret-create.1 +index 8237c06c..87c8d8bd 100644 +--- a/rust/pvsecret/man/pvsecret-create.1 ++++ b/rust/pvsecret/man/pvsecret-create.1 +@@ -3,12 +3,11 @@ + .\" it under the terms of the MIT license. See LICENSE for details. + .\" + +-.TH pvsecret-create 1 "2024-05-21" "s390-tools" "UV-Secret Manual" ++.TH "PVSECRET-CREATE" "1" "2024-12-19" "s390-tools" "UV-Secret Manual" + .nh + .ad l + .SH NAME +-\fBpvsecret create\fP - Create a new add-secret request +-\fB ++pvsecret-create \- Create a new add-secret request + .SH SYNOPSIS + .nf + .fam C +@@ -29,39 +28,46 @@ bound to the Configuration Unique ID from \fBpvattest\fR using \fB--cuid\fR + .SH "PVSECRET CREATE COMMANDS" + .PP + +-\fBmeta\fR ++\fBpvsecret create-meta(1)\fR + .RS 4 + Create a meta secret + .RE + + .PP + +-\fBassociation\fR ++\fBpvsecret create-association(1)\fR + .RS 4 + Create an association secret + .RE + ++.PP ++ ++\fBpvsecret create-retrievable(1)\fR ++.RS 4 ++Create a retrievable secret ++.RE ++ + .SH OPTIONS + .PP +-\-k, \-\-host-key-document ++\-k, \-\-host\-key\-document + .RS 4 +-Use FILE as a host-key document. Can be specified multiple times and must be +-used at least once. ++Use FILE as a host\-key document. Can be specified multiple times and must be ++specified at least once. + .RE + .RE + .PP +-\-\-no-verify ++\-\-no\-verify + .RS 4 +-Disable the host-key document verification. Does not require the host-key ++Disable the host\-key document verification. Does not require the host\-key + documents to be valid. Do not use for a production request unless you verified +-the host-key document beforehand. ++the host\-key document beforehand. + .RE + .RE + .PP + \-C, \-\-cert + .RS 4 +-Use FILE as a certificate to verify the host key or keys. The certificates are +-used to establish a chain of trust for the verification of the host-key ++Use FILE as a certificate to verify the host\-key or keys. The certificates are ++used to establish a chain of trust for the verification of the host\-key + documents. Specify this option twice to specify the IBM Z signing key and the + intermediate CA certificate (signed by the root CA). + .RE +@@ -69,9 +75,9 @@ intermediate CA certificate (signed by the root CA). + .PP + \-\-crl + .RS 4 +-Use FILE as a certificate revocation list. The list is used to check whether a +-certificate of the chain of trust is revoked. Specify this option multiple times +-to use multiple CRLs. ++Use FILE as a certificate revocation list (CRL). The list is used to check ++whether a certificate of the chain of trust is revoked. Specify this option ++multiple times to use multiple CRLs. + .RE + .RE + .PP +@@ -81,27 +87,26 @@ Make no attempt to download CRLs. + .RE + .RE + .PP +-\-\-root-ca ++\-\-root\-ca + .RS 4 +-Use FILE as the root-CA certificate for the verification. If omitted, the system +-wide-root CAs installed on the system are used. Use this only if you trust the +-specified certificate. ++Use FILE as the root\-CA certificate for the verification. If omitted, the ++system wide\-root CAs installed on the system are used. Use this only if you ++trust the specified certificate. + .RE + .RE + .PP + \-\-hdr + .RS 4 + Specifies the header of the guest image. Can be an IBM Secure Execution image +-created by genprotimg or an extracted IBM Secure Execution header. The header +-must start at a page boundary. ++created by \fBpvimg/genprotimg\fR or an extracted IBM Secure Execution header. + .RE + .RE + .PP + \-f, \-\-force + .RS 4 +-Force the generation of add-secret requests on IBM Secure Execution guests. If ++Force the generation of add\-secret requests on IBM Secure Execution guests. If + the program detects that it is running on an IBM Secure Execution guest, it +-denies the generation of add-secret requests. The force flag overwrites this ++denies the generation of add\-secret requests. The force flag overwrites this + behavior. + .RE + .RE +@@ -112,7 +117,7 @@ Write the generated request to FILE. + .RE + .RE + .PP +-\-\-extension-secret ++\-\-extension\-secret + .RS 4 + Use the content of FILE as an extension secret. The file must be exactly 32 + bytes long. If this request is the first, all subsequent requests must have the +@@ -124,7 +129,7 @@ request. + .PP + \-\-cck + .RS 4 +-Use the content of FILE as the customer-communication key (CCK) to derive the ++Use the content of FILE as the customer\-communication key (CCK) to derive the + extension secret. The file must contain exactly 32 bytes of data. If the target + guest was started with bit 1 of the secret control flag set, the ultravisor also + derives the secret from the CCK. Otherwise, the ultravisor interprets the +@@ -133,13 +138,13 @@ all requests. + .RE + .RE + .PP +-\-\-cuid-hex ++\-\-cuid\-hex + .RS 4 +-Use HEXSTRING as the Configuration Unique ID. Must be a hex 128-bit unsigned big +-endian number string. Leading zeros must be provided. If specified, the value +-must match with the Config-UID from the attestation result of that guest. If not +-specified, the CUID will be ignored by the ultravisor during the verification of +-the request. ++Use HEXSTRING as the Configuration Unique ID. Must be a hex 128\-bit unsigned ++big endian number string. Leading zeros must be provided. If specified, the ++value must match with the Config\-UID from the attestation result of that guest. ++If not specified, the CUID will be ignored by the ultravisor during the ++verification of the request. + .RE + .RE + .PP +@@ -147,7 +152,7 @@ the request. + .RS 4 + Use the content of FILE as the Configuration Unique ID. The file must contain + exactly 128 bit of data or a yaml with a `cuid` entry. If specified, the value +-must match the Config-UID from the attestation result of that guest. If not ++must match the Config\-UID from the attestation result of that guest. If not + specified, the CUID will be ignored by the Ultravisor during the verification of + the request. + .RE +@@ -155,52 +160,58 @@ the request. + .PP + \-\-flags + .RS 4 +-Flags for the add-secret request. ++Flags for the add\-secret request. + + Possible values: + .RS 4 +-- \fBdisable-dump\fP: Disables host-initiated dumping for the target guest instance. ++\- \fBdisable-dump\fP: Disables host-initiated dumping for the target guest instance. + + .RE + .RE + .PP +-\-\-user-data ++\-\-user\-data + .RS 4 +-Use the content of FILE as user-data. Passes user data defined in through +-the add-secret request to the ultravisor. The user data can be up to 512 bytes +-of arbitrary data, and the maximum size depends on the size of the user-signing ++Use the content of FILE as user\-data. Passes user data defined in FILE through ++the add\-secret request to the ultravisor. The user data can be up to 512 bytes ++of arbitrary data, and the maximum size depends on the size of the user\-signing + key: + +- - No key: user data can be 512 bytes. ++ \- No key: user data can be 512 bytes. + +- - EC(secp521r1) or RSA 2048 keys: user data can be 256 bytes. ++ \- EC(secp521r1) or RSA 2048 keys: user data can be 256 bytes. + +- - RSA 3072 key: user data can be 128 bytes. ++ \- RSA 3072 key: user data can be 128 bytes. + +-The firmware ignores this data, but the request tag protects the user-data. +-Optional. No user-data by default. ++The firmware ignores this data, but the request tag protects the user\-data. ++Optional. No user\-data by default. + .RE + .RE + .PP +-\-\-user-sign-key ++\-\-user\-sign\-key + .RS 4 + Use the content of FILE as user signing key. Adds a signature calculated from +-the key in to the add-secret request. The file must be in DER or PEM +-format containing a private key. Supported are RSA 2048 & 3072-bit and ++the key in FILE to the add\-secret request. The file must be in DER or PEM ++format containing a private key. Supported are RSA 2048 & 3072\-bit and + EC(secp521r1) keys. The firmware ignores the content, but the request tag +-protects the signature. The user-signing key signs the request. The location of ++protects the signature. The user\-signing key signs the request. The location of + the signature is filled with zeros during the signature calculation. The request + tag also secures the signature. See man pvsecret verify for more details. + Optional. No signature by default. + .RE + .RE + .PP ++\-\-use\-name ++.RS 4 ++Do not hash the name, use it directly as secret ID. Ignored for meta\-secrets. ++.RE ++.RE ++.PP + \-h, \-\-help + .RS 4 +-Print help. ++Print help (see a summary with \fB\-h\fR). + .RE + .RE + + .SH "SEE ALSO" + .sp +-\fBpvsecret\fR(1) \fBpvsecret-create-meta\fR(1) \fBpvsecret-create-association\fR(1) ++\fBpvsecret\fR(1) \fBpvsecret-create-meta\fR(1) \fBpvsecret-create-association\fR(1) \fBpvsecret-create-retrievable\fR(1) +diff --git a/rust/pvsecret/man/pvsecret-list.1 b/rust/pvsecret/man/pvsecret-list.1 +index 2828179a..4dfc3033 100644 +--- a/rust/pvsecret/man/pvsecret-list.1 ++++ b/rust/pvsecret/man/pvsecret-list.1 +@@ -3,12 +3,11 @@ + .\" it under the terms of the MIT license. See LICENSE for details. + .\" + +-.TH pvsecret-list 1 "2024-05-21" "s390-tools" "UV-Secret Manual" ++.TH "PVSECRET-LIST" "1" "2024-12-19" "s390-tools" "UV-Secret Manual" + .nh + .ad l + .SH NAME +-\fBpvsecret list\fP - List all ultravisor secrets (s390x only) +-\fB ++pvsecret-list \- List all ultravisor secrets (s390x only) + .SH SYNOPSIS + .nf + .fam C +@@ -16,8 +15,8 @@ pvsecret list [OPTIONS] [FILE] + .fam C + .fi + .SH DESCRIPTION +-Lists the IDs of all non-null secrets currently stored in the ultravisor for the +-currently running IBM Secure Execution guest. Only available on s390x. ++Lists the IDs of all non\-null secrets currently stored in the ultravisor for ++the currently running IBM Secure Execution guest. Only available on s390x. + .SH OPTIONS + .PP + +@@ -35,18 +34,18 @@ Define the output format of the list. + + Possible values: + .RS 4 +-- \fBhuman\fP: Human-focused, non-parsable output format. ++\- \fBhuman\fP: Human-focused, non-parsable output format. + +-- \fByaml\fP: Use yaml format. ++\- \fByaml\fP: Use yaml format. + +-- \fBbin\fP: Use the format the ultravisor uses to pass the list. ++\- \fBbin\fP: Use the format the ultravisor uses to pass the list. + + .RE + .RE + .PP + \-h, \-\-help + .RS 4 +-Print help. ++Print help (see a summary with \fB\-h\fR). + .RE + .RE + +diff --git a/rust/pvsecret/man/pvsecret-lock.1 b/rust/pvsecret/man/pvsecret-lock.1 +index c59c34d8..d5b1ab25 100644 +--- a/rust/pvsecret/man/pvsecret-lock.1 ++++ b/rust/pvsecret/man/pvsecret-lock.1 +@@ -3,12 +3,11 @@ + .\" it under the terms of the MIT license. See LICENSE for details. + .\" + +-.TH pvsecret-lock 1 "2024-05-15" "s390-tools" "UV-Secret Manual" ++.TH "PVSECRET-LOCK" "1" "2024-12-19" "s390-tools" "UV-Secret Manual" + .nh + .ad l + .SH NAME +-\fBpvsecret lock\fP - Lock the secret-store (s390x only) +-\fB ++pvsecret-lock \- Lock the secret-store (s390x only) + .SH SYNOPSIS + .nf + .fam C +@@ -17,7 +16,7 @@ pvsecret lock + .fi + .SH DESCRIPTION + Lock the secret store (s390x only). After this command executed successfully, +-all add-secret requests will fail. Only available on s390x. ++all subsequent add\-secret requests will fail. Only available on s390x. + .SH "SEE ALSO" + .sp + \fBpvsecret\fR(1) +diff --git a/rust/pvsecret/man/pvsecret-retrieve.1 b/rust/pvsecret/man/pvsecret-retrieve.1 +new file mode 100644 +index 00000000..369037fa +--- /dev/null ++++ b/rust/pvsecret/man/pvsecret-retrieve.1 +@@ -0,0 +1,77 @@ ++.\" Copyright 2024 IBM Corp. ++.\" s390-tools is free software; you can redistribute it and/or modify ++.\" it under the terms of the MIT license. See LICENSE for details. ++.\" ++ ++.TH "PVSECRET-RETRIEVE" "1" "2024-12-19" "s390-tools" "UV-Secret Manual" ++.nh ++.ad l ++.SH NAME ++pvsecret-retrieve \- Retrieve a secret from the UV secret store (s390x only) ++.SH SYNOPSIS ++.nf ++.fam C ++pvsecret retrieve [OPTIONS] ++pvsecret retr [OPTIONS] ++.fam C ++.fi ++.SH DESCRIPTION ++Retrieve a secret from the UV secret store (s390x only) ++.SH OPTIONS ++.PP ++ ++.RS 4 ++Specify the secret ID to be retrieved. Input type depends on \fB\-\-inform\fR. ++If `yaml` (default) is specified, it must be a yaml created by the create ++subcommand of this tool. If `hex` is specified, it must be a hex 32\-byte ++unsigned big endian number string. Leading zeros are required. ++.RE ++.RE ++ ++.PP ++\-o, \-\-output ++.RS 4 ++Specify the output path to place the secret value. ++[default: '-'] ++.RE ++.RE ++.PP ++\-\-inform ++.RS 4 ++Define input type for the Secret ID. ++[default: 'yaml'] ++ ++Possible values: ++.RS 4 ++\- \fByaml\fP: Use a yaml file. ++ ++\- \fBhex\fP: Use a hex string. ++ ++\- \fBname\fP: Use a name-string. Will hash it if no secret with the name found. ++ ++.RE ++.RE ++.PP ++\-\-outform ++.RS 4 ++Define the output format for the retrieved secret. ++[default: 'pem'] ++ ++Possible values: ++.RS 4 ++\- \fBpem\fP: Write the secret as PEM. ++ ++\- \fBbin\fP: Write the secret in binary. ++ ++.RE ++.RE ++.PP ++\-h, \-\-help ++.RS 4 ++Print help (see a summary with \fB\-h\fR). ++.RE ++.RE ++ ++.SH "SEE ALSO" ++.sp ++\fBpvsecret\fR(1) +diff --git a/rust/pvsecret/man/pvsecret-verify.1 b/rust/pvsecret/man/pvsecret-verify.1 +index a9d636fc..136ecadc 100644 +--- a/rust/pvsecret/man/pvsecret-verify.1 ++++ b/rust/pvsecret/man/pvsecret-verify.1 +@@ -3,12 +3,11 @@ + .\" it under the terms of the MIT license. See LICENSE for details. + .\" + +-.TH pvsecret-verify 1 "2024-05-21" "s390-tools" "UV-Secret Manual" ++.TH "PVSECRET-VERIFY" "1" "2024-12-19" "s390-tools" "UV-Secret Manual" + .nh + .ad l + .SH NAME +-\fBpvsecret verify\fP - Verify that an add-secret request is sane +-\fB ++pvsecret-verify \- Verify that an add-secret request is sane + .SH SYNOPSIS + .nf + .fam C +@@ -89,12 +88,12 @@ Specify the request to be checked. + .RE + + .PP +-\-\-user-cert ++\-\-user\-cert + .RS 4 + Certificate containing a public key used to verify the user data signature. +-Specifies a public key used to verify the user-data signature. The file must be ++Specifies a public key used to verify the user\-data signature. The file must be + a X509 certificate in DSA or PEM format. The certificate must hold the public +-EC, RSA 2048, or RSA 3072 key corresponding to the private user-key used during ++EC, RSA 2048, or RSA 3072 key corresponding to the private user\-key used during + `create`. No chain of trust is established. Ensuring that the certificate can be + trusted is the responsibility of the user. The EC key must use the NIST/SECG + curve over a 521 bit prime field (secp521r1). +@@ -103,15 +102,15 @@ curve over a 521 bit prime field (secp521r1). + .PP + \-o, \-\-output + .RS 4 +-Store the result in FILE If the request contained abirtary user-data the output +-contains this user-data with padded zeros if available. ++Store the result in FILE If the request contained abirtary user\-data the output ++contains this user\-data with padded zeros if available. + [default: '-'] + .RE + .RE + .PP + \-h, \-\-help + .RS 4 +-Print help. ++Print help (see a summary with \fB\-h\fR). + .RE + .RE + +diff --git a/rust/pvsecret/man/pvsecret.1 b/rust/pvsecret/man/pvsecret.1 +index b2a1d0f6..e8cb1327 100644 +--- a/rust/pvsecret/man/pvsecret.1 ++++ b/rust/pvsecret/man/pvsecret.1 +@@ -3,12 +3,11 @@ + .\" it under the terms of the MIT license. See LICENSE for details. + .\" + +-.TH pvsecret 1 "2024-05-21" "s390-tools" "UV-Secret Manual" ++.TH "PVSECRET" "1" "2024-12-19" "s390-tools" "UV-Secret Manual" + .nh + .ad l + .SH NAME +-\fBpvsecret\fP - Manage secrets for IBM Secure Execution guests +-\fB ++pvsecret \- Manage secrets for IBM Secure Execution guests + .SH SYNOPSIS + .nf + .fam C +@@ -36,39 +35,46 @@ both the PEM and DER input formats are supported. + .SH "PVSECRET COMMANDS" + .PP + +-\fBcreate\fR ++\fBpvsecret-create(1)\fR + .RS 4 + Create a new add-secret request + .RE + + .PP + +-\fBadd\fR ++\fBpvsecret-add(1)\fR + .RS 4 +-Perform an add-secret request (s390x only) ++Submit an add-secret request to the Ultravisor (s390x only) + .RE + + .PP + +-\fBlock\fR ++\fBpvsecret-lock(1)\fR + .RS 4 + Lock the secret-store (s390x only) + .RE + + .PP + +-\fBlist\fR ++\fBpvsecret-list(1)\fR + .RS 4 + List all ultravisor secrets (s390x only) + .RE + + .PP + +-\fBverify\fR ++\fBpvsecret-verify(1)\fR + .RS 4 + Verify that an add-secret request is sane + .RE + ++.PP ++ ++\fBpvsecret-retrieve(1)\fR ++.RS 4 ++Retrieve a secret from the UV secret store (s390x only) ++.RE ++ + .SH OPTIONS + .PP + \-v, \-\-verbose +@@ -77,6 +83,12 @@ Provide more detailed output. + .RE + .RE + .PP ++\-q, \-\-quiet ++.RS 4 ++Provide less output. ++.RE ++.RE ++.PP + \-\-version + .RS 4 + Print version information and exit. +@@ -85,7 +97,7 @@ Print version information and exit. + .PP + \-h, \-\-help + .RS 4 +-Print help. ++Print help (see a summary with \fB\-h\fR). + .RE + .RE + +@@ -138,4 +150,4 @@ On the SE-guest, \fIlock\fP the secret store. + .fi + .SH "SEE ALSO" + .sp +-\fBpvsecret-create\fR(1) \fBpvsecret-add\fR(1) \fBpvsecret-lock\fR(1) \fBpvsecret-list\fR(1) \fBpvsecret-verify\fR(1) ++\fBpvsecret-create\fR(1) \fBpvsecret-add\fR(1) \fBpvsecret-lock\fR(1) \fBpvsecret-list\fR(1) \fBpvsecret-verify\fR(1) \fBpvsecret-retrieve\fR(1) diff --git a/s390-tools-Support-unencrypted-SE-images-01.patch b/s390-tools-Support-unencrypted-SE-images-01.patch new file mode 100644 index 0000000..446e3e7 --- /dev/null +++ b/s390-tools-Support-unencrypted-SE-images-01.patch @@ -0,0 +1,334 @@ +From cf51ac786095f2a1a17d04fea9ee73271438d247 Mon Sep 17 00:00:00 2001 +From: Marc Hartmayer +Date: Wed, 11 Dec 2024 19:25:59 +0100 +Subject: [PATCH] rust/pvimg: Add '--(enable|disable)-image-encryption' flags + to 'pvimg create' +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +With runtime attestation it might be useful to have non-encrypted Secure +Execution images. This patch adds the support for this to the 'pvimg +create' and 'genprotimg' commands. + +Reviewed-by: Steffen Eiden +Acked-by: Hendrik Brueckner +Signed-off-by: Marc Hartmayer +Signed-off-by: Jan Höppner +--- + rust/pvimg/man/genprotimg.1 | 26 +++++++++++++++++++++----- + rust/pvimg/man/pvimg-create.1 | 26 +++++++++++++++++++++----- + rust/pvimg/man/pvimg-info.1 | 10 +++++----- + rust/pvimg/man/pvimg-test.1 | 10 +++++----- + rust/pvimg/man/pvimg.1 | 10 +++++----- + rust/pvimg/src/cli.rs | 18 ++++++++++++++++++ + rust/pvimg/src/cmd/create.rs | 10 ++++++++++ + 7 files changed, 85 insertions(+), 25 deletions(-) + +diff --git a/rust/pvimg/man/genprotimg.1 b/rust/pvimg/man/genprotimg.1 +index 46a91aa4..3f4949e9 100644 +--- a/rust/pvimg/man/genprotimg.1 ++++ b/rust/pvimg/man/genprotimg.1 +@@ -3,11 +3,11 @@ + .\" it under the terms of the MIT license. See LICENSE for details. + .\" + +-.TH genprotimg 1 "2024-12-05" "s390-tools" "Genprotimg Manual" ++.TH genprotimg 1 "2024-12-11" "s390-tools" "Genprotimg Manual" + .nh + .ad l + .SH NAME +-\fBgenprotimg\fP - Create an IBM Secure Execution image ++\fBgenprotimg\fP \- Create an IBM Secure Execution image + \fB + .SH SYNOPSIS + .nf +@@ -196,6 +196,22 @@ Disable the support for backup target keys (default). + .RE + .RE + .PP ++\-\-enable\-image\-encryption ++.RS 4 ++Enable encryption of the image components (default). The image components are: ++the kernel, ramdisk, and kernel command line. ++.RE ++.RE ++.PP ++\-\-disable\-image\-encryption ++.RS 4 ++Disable encryption of the image components. The image components are: the ++kernel, ramdisk, and kernel command line. Use only if the components used do not ++contain any confidential content (for example, secrets like non\-public ++cryptographic keys). ++.RE ++.RE ++.PP + \-v, \-\-verbose + .RS 4 + Provide more detailed output. +@@ -222,16 +238,16 @@ Print help (see a summary with \fB\-h\fR). + + .SH EXIT STATUS + .TP 8 +-.B 0 - Program finished successfully ++.B 0 \- Program finished successfully + The command was executed successfully. + .RE + .TP 8 +-.B 1 - Generic error ++.B 1 \- Generic error + Something went wrong during the operation. Refer to the error + message. + .RE + .TP 8 +-.B 2 - Usage error ++.B 2 \- Usage error + The command was used incorrectly, for example: unsupported command + line flag, or wrong number of arguments. + .RE +diff --git a/rust/pvimg/man/pvimg-create.1 b/rust/pvimg/man/pvimg-create.1 +index aba197fa..dae1cf18 100644 +--- a/rust/pvimg/man/pvimg-create.1 ++++ b/rust/pvimg/man/pvimg-create.1 +@@ -3,11 +3,11 @@ + .\" it under the terms of the MIT license. See LICENSE for details. + .\" + +-.TH pvimg-create 1 "2024-12-05" "s390-tools" "Pvimg Manual" ++.TH pvimg-create 1 "2024-12-11" "s390-tools" "Pvimg Manual" + .nh + .ad l + .SH NAME +-\fBpvimg create\fP - Create an IBM Secure Execution image ++\fBpvimg create\fP \- Create an IBM Secure Execution image + \fB + .SH SYNOPSIS + .nf +@@ -195,6 +195,22 @@ Disable the support for backup target keys (default). + .RE + .RE + .PP ++\-\-enable\-image\-encryption ++.RS 4 ++Enable encryption of the image components (default). The image components are: ++the kernel, ramdisk, and kernel command line. ++.RE ++.RE ++.PP ++\-\-disable\-image\-encryption ++.RS 4 ++Disable encryption of the image components. The image components are: the ++kernel, ramdisk, and kernel command line. Use only if the components used do not ++contain any confidential content (for example, secrets like non\-public ++cryptographic keys). ++.RE ++.RE ++.PP + \-h, \-\-help + .RS 4 + Print help (see a summary with \fB\-h\fR). +@@ -203,16 +219,16 @@ Print help (see a summary with \fB\-h\fR). + + .SH EXIT STATUS + .TP 8 +-.B 0 - Program finished successfully ++.B 0 \- Program finished successfully + The command was executed successfully. + .RE + .TP 8 +-.B 1 - Generic error ++.B 1 \- Generic error + Something went wrong during the operation. Refer to the error + message. + .RE + .TP 8 +-.B 2 - Usage error ++.B 2 \- Usage error + The command was used incorrectly, for example: unsupported command + line flag, or wrong number of arguments. + .RE +diff --git a/rust/pvimg/man/pvimg-info.1 b/rust/pvimg/man/pvimg-info.1 +index e88cbe49..d2726c35 100644 +--- a/rust/pvimg/man/pvimg-info.1 ++++ b/rust/pvimg/man/pvimg-info.1 +@@ -3,11 +3,11 @@ + .\" it under the terms of the MIT license. See LICENSE for details. + .\" + +-.TH pvimg-info 1 "2024-12-05" "s390-tools" "Pvimg Manual" ++.TH pvimg-info 1 "2024-12-11" "s390-tools" "Pvimg Manual" + .nh + .ad l + .SH NAME +-\fBpvimg info\fP - Print information about the IBM Secure Execution image ++\fBpvimg info\fP \- Print information about the IBM Secure Execution image + \fB + .SH SYNOPSIS + .nf +@@ -51,16 +51,16 @@ Print help (see a summary with \fB\-h\fR). + + .SH EXIT STATUS + .TP 8 +-.B 0 - Program finished successfully ++.B 0 \- Program finished successfully + The command was executed successfully. + .RE + .TP 8 +-.B 1 - Generic error ++.B 1 \- Generic error + Something went wrong during the operation. Refer to the error + message. + .RE + .TP 8 +-.B 2 - Usage error ++.B 2 \- Usage error + The command was used incorrectly, for example: unsupported command + line flag, or wrong number of arguments. + .RE +diff --git a/rust/pvimg/man/pvimg-test.1 b/rust/pvimg/man/pvimg-test.1 +index 901c7edb..4fb7d73f 100644 +--- a/rust/pvimg/man/pvimg-test.1 ++++ b/rust/pvimg/man/pvimg-test.1 +@@ -3,11 +3,11 @@ + .\" it under the terms of the MIT license. See LICENSE for details. + .\" + +-.TH pvimg-test 1 "2024-12-05" "s390-tools" "Pvimg Manual" ++.TH pvimg-test 1 "2024-12-11" "s390-tools" "Pvimg Manual" + .nh + .ad l + .SH NAME +-\fBpvimg test\fP - Test different aspects of an existing IBM Secure Execution image ++\fBpvimg test\fP \- Test different aspects of an existing IBM Secure Execution image + \fB + .SH SYNOPSIS + .nf +@@ -54,16 +54,16 @@ Print help (see a summary with \fB\-h\fR). + + .SH EXIT STATUS + .TP 8 +-.B 0 - Program finished successfully ++.B 0 \- Program finished successfully + The command was executed successfully. + .RE + .TP 8 +-.B 1 - Generic error ++.B 1 \- Generic error + Something went wrong during the operation. Refer to the error + message. + .RE + .TP 8 +-.B 2 - Usage error ++.B 2 \- Usage error + The command was used incorrectly, for example: unsupported command + line flag, or wrong number of arguments. + .RE +diff --git a/rust/pvimg/man/pvimg.1 b/rust/pvimg/man/pvimg.1 +index 37c8e978..5676b61d 100644 +--- a/rust/pvimg/man/pvimg.1 ++++ b/rust/pvimg/man/pvimg.1 +@@ -3,11 +3,11 @@ + .\" it under the terms of the MIT license. See LICENSE for details. + .\" + +-.TH pvimg 1 "2024-12-05" "s390-tools" "Pvimg Manual" ++.TH pvimg 1 "2024-12-11" "s390-tools" "Pvimg Manual" + .nh + .ad l + .SH NAME +-\fBpvimg\fP - Create and inspect IBM Secure Execution images ++\fBpvimg\fP \- Create and inspect IBM Secure Execution images + \fB + .SH SYNOPSIS + .nf +@@ -69,16 +69,16 @@ Print help (see a summary with \fB\-h\fR). + + .SH EXIT STATUS + .TP 8 +-.B 0 - Program finished successfully ++.B 0 \- Program finished successfully + The command was executed successfully. + .RE + .TP 8 +-.B 1 - Generic error ++.B 1 \- Generic error + Something went wrong during the operation. Refer to the error + message. + .RE + .TP 8 +-.B 2 - Usage error ++.B 2 \- Usage error + The command was used incorrectly, for example: unsupported command + line flag, or wrong number of arguments. + .RE +diff --git a/rust/pvimg/src/cli.rs b/rust/pvimg/src/cli.rs +index 2ca4e901..12f0b764 100644 +--- a/rust/pvimg/src/cli.rs ++++ b/rust/pvimg/src/cli.rs +@@ -140,6 +140,20 @@ pub struct CreateBootImageLegacyFlags { + /// Disable the support for backup target keys (default). + #[arg(long, action = clap::ArgAction::SetTrue, conflicts_with="enable_backup_keys", group="header-flags")] + pub disable_backup_keys: Option, ++ ++ /// Enable encryption of the image components (default). ++ /// ++ /// The image components are: the kernel, ramdisk, and kernel command line. ++ #[arg(long, action = clap::ArgAction::SetTrue, group="header-flags")] ++ pub enable_image_encryption: Option, ++ ++ /// Disable encryption of the image components. ++ /// ++ /// The image components are: the kernel, ramdisk, and kernel command line. ++ /// Use only if the components used do not contain any confidential content ++ /// (for example, secrets like non-public cryptographic keys). ++ #[arg(long, action = clap::ArgAction::SetTrue, conflicts_with="enable_image_encryption", group="header-flags")] ++ pub disable_image_encryption: Option, + } + + #[non_exhaustive] +@@ -476,6 +490,8 @@ mod test { + flat_map_collect(insert(mvca.clone(), vec![CliOption::new("enable-pckmo", ["--enable-pckmo"])])), + flat_map_collect(insert(mvca.clone(), vec![CliOption::new("enable-pckmo-hmac", ["--enable-pckmo-hmac"])])), + flat_map_collect(insert(mvca.clone(), vec![CliOption::new("enable-backup-keys", ["--enable-backup-keys"])])), ++ flat_map_collect(insert(mvca.clone(), vec![CliOption::new("disable-image-encryption", ["--disable-image-encryption"])])), ++ flat_map_collect(insert(mvca.clone(), vec![CliOption::new("enable-image-encryption", ["--enable-image-encryption"])])), + ]; + let invalid_create_args = [ + flat_map_collect(remove(mvcanv.clone(), "no-verify")), +@@ -501,6 +517,8 @@ mod test { + CliOption::new("x-pcf2", ["--x-pcf", "0x0"])])), + flat_map_collect(insert(mvca.clone(), vec![CliOption::new("enable-pckmo", ["--enable-pckmo"]), + CliOption::new("disable-pckmo", ["--disable-pckmo"])])), ++ flat_map_collect(insert(mvca.clone(), vec![CliOption::new("enable-image-encryption", ["--enable-image-encryption"]), ++ CliOption::new("disable-image-encryption", ["--disable-image-encryption"])])), + ]; + + let mut genprotimg_valid_args = vec![ +diff --git a/rust/pvimg/src/cmd/create.rs b/rust/pvimg/src/cmd/create.rs +index b696d790..475d3523 100644 +--- a/rust/pvimg/src/cmd/create.rs ++++ b/rust/pvimg/src/cmd/create.rs +@@ -80,6 +80,12 @@ fn parse_flags( + lf.enable_backup_keys + .filter(|x| *x) + .and(Some(PcfV1::all_enabled([PcfV1::BackupTargetKeys]))), ++ lf.disable_image_encryption ++ .filter(|x| *x) ++ .and(Some(PcfV1::all_enabled([PcfV1::NoComponentEncryption]))), ++ lf.enable_image_encryption ++ .filter(|x| *x) ++ .and(Some(PcfV1::all_disabled([PcfV1::NoComponentEncryption]))), + ] + .into_iter() + .flatten() +@@ -135,6 +141,10 @@ pub fn create(opt: &CreateBootImageArgs) -> Result { + read_user_provided_keys(opt.comm_key.as_deref(), &opt.experimental_args)?; + let (plaintext_flags, secret_flags) = parse_flags(opt)?; + ++ if plaintext_flags.is_set(PcfV1::NoComponentEncryption) { ++ warn!("The components encryption is disabled, make sure that the components do not contain any confidential content."); ++ } ++ + let mut components = components(&opt.component_paths)?; + if opt.no_component_check { + warn!("The component check is turned off!"); diff --git a/s390-tools-pvimg-additional-01.patch b/s390-tools-pvimg-additional-01.patch new file mode 100644 index 0000000..cda88c4 --- /dev/null +++ b/s390-tools-pvimg-additional-01.patch @@ -0,0 +1,167 @@ +From 5b6d7a467dc342c9c25a0af72b2d5546798cdc94 Mon Sep 17 00:00:00 2001 +From: Marc Hartmayer +Date: Thu, 12 Dec 2024 20:19:56 +0100 +Subject: [PATCH] rust/pvimg: Add '--cck ' command line option and make + '--comm-key' an alias +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Add '--cck ' as an command line option and make '--comm-key' an +alias of it. This makes the command line more similar to the other +Secure Execution related PV-tools (e.g. pvattest and pvsecret). + +Suggested-by: Reinhard Bündgen +Reviewed-by: Steffen Eiden +Signed-off-by: Marc Hartmayer +Signed-off-by: Jan Höppner +--- + rust/pvimg/man/genprotimg.1 | 11 +++++------ + rust/pvimg/man/pvimg-create.1 | 11 +++++------ + rust/pvimg/src/cli.rs | 14 ++++++++------ + rust/pvimg/src/cmd/create.rs | 3 +-- + 4 files changed, 19 insertions(+), 20 deletions(-) + +Index: s390-tools-2.36.0/rust/pvimg/man/genprotimg.1 +=================================================================== +--- s390-tools-2.36.0.orig/rust/pvimg/man/genprotimg.1 ++++ s390-tools-2.36.0/rust/pvimg/man/genprotimg.1 +@@ -123,7 +123,7 @@ Overwrite an existing Secure Execution b + .RE + .RE + .PP +-\-\-comm\-key ++\-\-cck, \-\-comm\-key + .RS 4 + Use the content of FILE as the customer\-communication key (CCK). The file must + contain exactly 32 bytes of data. +@@ -133,7 +133,7 @@ contain exactly 32 bytes of data. + \-\-enable\-dump + .RS 4 + Enable Secure Execution guest dump support. This option requires the +-\fB\-\-comm\-key\fR option. ++\fB\-\-cck\fR option. + .RE + .RE + .PP +@@ -146,8 +146,7 @@ Disable Secure Execution guest dump supp + \-\-enable\-cck\-extension\-secret + .RS 4 + Add\-secret requests must provide an extension secret that matches the +-CCK\-derived extension secret. This option requires the \fB\-\-comm\-key\fR +-option. ++CCK\-derived extension secret. This option requires the \fB\-\-cck\fR option. + .RE + .RE + .PP +@@ -268,7 +267,7 @@ Generate an IBM Secure Execution image: + + Generate an IBM Secure Execution image with Secure Execution guest dump support: + .PP +-.B genprotimg \-i \fI\,/boot/vmlinuz\/\fR \-r \fI\,/boot/initrd.img\/\fR \-p \fI\,parmfile\/\fR \-k \fI\,host_key.crt\/\fR \-C \fI\,ibm-z-host-key-signing.crt\/\fR \-C \fI\,DigiCertCA.crt\fR \-o \fI\,/boot/secure-linux\/\fR \-\-enable\-dump \-\-comm\-key \fI\,comm-key\fR ++.B genprotimg \-i \fI\,/boot/vmlinuz\/\fR \-r \fI\,/boot/initrd.img\/\fR \-p \fI\,parmfile\/\fR \-k \fI\,host_key.crt\/\fR \-C \fI\,ibm-z-host-key-signing.crt\/\fR \-C \fI\,DigiCertCA.crt\fR \-o \fI\,/boot/secure-linux\/\fR \-\-enable\-dump \-\-cck \fI\,comm-key\fR + .SH NOTES + .IP "1." 4 + The \fBgenprotimg\fR(1) command is a symbolic link to the \fBpvimg-create\fR(1) command. +Index: s390-tools-2.36.0/rust/pvimg/man/pvimg-create.1 +=================================================================== +--- s390-tools-2.36.0.orig/rust/pvimg/man/pvimg-create.1 ++++ s390-tools-2.36.0/rust/pvimg/man/pvimg-create.1 +@@ -122,7 +122,7 @@ Overwrite an existing Secure Execution b + .RE + .RE + .PP +-\-\-comm\-key ++\-\-cck, \-\-comm\-key + .RS 4 + Use the content of FILE as the customer\-communication key (CCK). The file must + contain exactly 32 bytes of data. +@@ -132,7 +132,7 @@ contain exactly 32 bytes of data. + \-\-enable\-dump + .RS 4 + Enable Secure Execution guest dump support. This option requires the +-\fB\-\-comm\-key\fR option. ++\fB\-\-cck\fR option. + .RE + .RE + .PP +@@ -145,8 +145,7 @@ Disable Secure Execution guest dump supp + \-\-enable\-cck\-extension\-secret + .RS 4 + Add\-secret requests must provide an extension secret that matches the +-CCK\-derived extension secret. This option requires the \fB\-\-comm\-key\fR +-option. ++CCK\-derived extension secret. This option requires the \fB\-\-cck\fR option. + .RE + .RE + .PP +@@ -249,7 +248,7 @@ Generate an IBM Secure Execution image: + + Generate an IBM Secure Execution image with Secure Execution guest dump support: + .PP +-.B pvimg create \-i \fI\,/boot/vmlinuz\/\fR \-r \fI\,/boot/initrd.img\/\fR \-p \fI\,parmfile\/\fR \-k \fI\,host_key.crt\/\fR \-C \fI\,ibm-z-host-key-signing.crt\/\fR \-C \fI\,DigiCertCA.crt\fR \-o \fI\,/boot/secure-linux\/\fR \-\-enable\-dump \-\-comm\-key \fI\,comm-key\fR ++.B pvimg create \-i \fI\,/boot/vmlinuz\/\fR \-r \fI\,/boot/initrd.img\/\fR \-p \fI\,parmfile\/\fR \-k \fI\,host_key.crt\/\fR \-C \fI\,ibm-z-host-key-signing.crt\/\fR \-C \fI\,DigiCertCA.crt\fR \-o \fI\,/boot/secure-linux\/\fR \-\-enable\-dump \-\-cck \fI\,comm-key\fR + .SH NOTES + .IP "1." 4 + The \fBgenprotimg\fR(1) command is a symbolic link to the \fBpvimg-create\fR(1) command. +Index: s390-tools-2.36.0/rust/pvimg/src/cli.rs +=================================================================== +--- s390-tools-2.36.0.orig/rust/pvimg/src/cli.rs ++++ s390-tools-2.36.0/rust/pvimg/src/cli.rs +@@ -96,8 +96,8 @@ pub struct ComponentPaths { + #[command(group(ArgGroup::new("header-flags").multiple(true).conflicts_with_all(["x_pcf", "x_scf"])))] + pub struct CreateBootImageLegacyFlags { + /// Enable Secure Execution guest dump support. This option requires the +- /// '--comm-key' option. +- #[arg(long, action = clap::ArgAction::SetTrue, requires="comm_key", group="header-flags")] ++ /// '--cck' option. ++ #[arg(long, action = clap::ArgAction::SetTrue, requires="cck", group="header-flags")] + pub enable_dump: Option, + + /// Disable Secure Execution guest dump support (default). +@@ -105,9 +105,9 @@ pub struct CreateBootImageLegacyFlags { + pub disable_dump: Option, + + /// Add-secret requests must provide an extension secret that matches the +- /// CCK-derived extension secret. This option requires the '--comm-key' ++ /// CCK-derived extension secret. This option requires the '--cck' + /// option. +- #[arg(long, action = clap::ArgAction::SetTrue, requires="comm_key", group="header-flags")] ++ #[arg(long, action = clap::ArgAction::SetTrue, requires="cck", group="header-flags")] + pub enable_cck_extension_secret: Option, + + /// Add-secret requests don't have to provide the CCK-derived extension +@@ -328,8 +328,8 @@ pub struct CreateBootImageArgs { + /// Use the content of FILE as the customer-communication key (CCK). + /// + /// The file must contain exactly 32 bytes of data. +- #[arg(long, value_name = "FILE")] +- pub comm_key: Option, ++ #[arg(long, value_name = "FILE", visible_alias = "comm-key")] ++ pub cck: Option, + + #[clap(flatten)] + pub legacy_flags: CreateBootImageLegacyFlags, +@@ -482,6 +482,8 @@ mod test { + flat_map_collect(insert(mvca.clone(), vec![CliOption::new("enable-dump", ["--enable-dump"]), + CliOption::new("comm-key", ["--comm-key", "/dev/null"])])), + flat_map_collect(insert(mvca.clone(), vec![CliOption::new("enable-dump", ["--enable-dump"]), ++ CliOption::new("comm-key", ["--cck", "/dev/null"])])), ++ flat_map_collect(insert(mvca.clone(), vec![CliOption::new("enable-dump", ["--enable-dump"]), + CliOption::new("comm-key", ["--comm-key", "/dev/null"])])), + flat_map_collect(insert(mvca.clone(), vec![CliOption::new("x-pcf", ["--x-pcf", "0x0"]), + CliOption::new("x-scf", ["--x-scf", "0x0"])])), +Index: s390-tools-2.36.0/rust/pvimg/src/cmd/create.rs +=================================================================== +--- s390-tools-2.36.0.orig/rust/pvimg/src/cmd/create.rs ++++ s390-tools-2.36.0/rust/pvimg/src/cmd/create.rs +@@ -137,8 +137,7 @@ pub fn create(opt: &CreateBootImageArgs) + let verified_host_keys = opt + .certificate_args + .get_verified_hkds("Secure Execution image")?; +- let user_provided_keys = +- read_user_provided_keys(opt.comm_key.as_deref(), &opt.experimental_args)?; ++ let user_provided_keys = read_user_provided_keys(opt.cck.as_deref(), &opt.experimental_args)?; + let (plaintext_flags, secret_flags) = parse_flags(opt)?; + + if plaintext_flags.is_set(PcfV1::NoComponentEncryption) { diff --git a/s390-tools-pvimg-info-command-01.patch b/s390-tools-pvimg-info-command-01.patch new file mode 100644 index 0000000..09c8b18 --- /dev/null +++ b/s390-tools-pvimg-info-command-01.patch @@ -0,0 +1,58 @@ +From 560b276f7e9938475af921c8ebd4cd05910dbf31 Mon Sep 17 00:00:00 2001 +From: Marc Hartmayer +Date: Fri, 6 Dec 2024 20:45:36 +0100 +Subject: [PATCH] rust/pvimg: Fix possible 'range start index out of range for + slice' error +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fix possible 'range start index 16 out of range for slice of length 0' +error by adding a check of the slice data length. + +Fixes: f4cf4ae6ebb1 ("rust: Add a new tool called 'pvimg'") +Reviewed-by: Steffen Eiden +Signed-off-by: Marc Hartmayer +Signed-off-by: Jan Höppner +--- + rust/pvimg/src/pv_utils/se_hdr/brb.rs | 23 +++++++++++++++++++++++ + 1 file changed, 23 insertions(+) + +diff --git a/rust/pvimg/src/pv_utils/se_hdr/brb.rs b/rust/pvimg/src/pv_utils/se_hdr/brb.rs +index f7ae1bc9..ac3a2e6e 100644 +--- a/rust/pvimg/src/pv_utils/se_hdr/brb.rs ++++ b/rust/pvimg/src/pv_utils/se_hdr/brb.rs +@@ -259,6 +259,10 @@ impl SeHdr { + return Err(Error::InvalidSeHdr); + } + ++ if sehs <= common_size { ++ return Err(Error::InvalidSeHdr); ++ } ++ + data.resize(sehs, 0); + reader.read_exact(&mut data[common_size..])?; + Self::try_from_data(&data) +@@ -366,3 +370,22 @@ impl AeadCipherTrait for SeHdrPlain { + self.data.aead_tag_size() + } + } ++ ++#[cfg(test)] ++mod tests { ++ use std::io::Cursor; ++ ++ use super::SeHdr; ++ use crate::error::Error; ++ ++ #[test] ++ fn test_sehdr_try_from_io() { ++ // Invalid SeHdr as `sehs` is set to 0 ++ assert!(matches!( ++ SeHdr::try_from_io(Cursor::new([ ++ 73, 66, 77, 83, 101, 99, 69, 120, 0, 0, 1, 0, 0, 0, 0, 0, 2, 0, 8 ++ ])), ++ Err(Error::InvalidSeHdr) ++ )); ++ } ++} diff --git a/s390-tools-pvimg-info-command-02.patch b/s390-tools-pvimg-info-command-02.patch new file mode 100644 index 0000000..6e0589b --- /dev/null +++ b/s390-tools-pvimg-info-command-02.patch @@ -0,0 +1,51 @@ +From 3f6572e901ddcc654021c4302cb2a99999acb87a Mon Sep 17 00:00:00 2001 +From: Marc Hartmayer +Date: Wed, 18 Dec 2024 13:41:13 +0100 +Subject: [PATCH] rust/utils: mkdtemp: fix memory leak +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fix memory leak of @template_raw. The documentation of CString::into_raw +reads: + +"Consumes the CString and transfers ownership of the string to a C +caller. +... +Failure to call CString::from_raw will lead to a memory leak." [1] + +Let's fix the memory leak by always calling `CString::from_raw` and +therefore reclaim the ownership. + +[1] https://doc.rust-lang.org/std/ffi/struct.CString.html#method.into_raw + +Fixes: e56acf4f14b0 ("pv_core: add `TemporaryDirectory`") +Reviewed-by: Steffen Eiden +Signed-off-by: Marc Hartmayer +Signed-off-by: Jan Höppner +--- + rust/utils/src/tmpfile.rs | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/rust/utils/src/tmpfile.rs b/rust/utils/src/tmpfile.rs +index 07acdba8..883d5586 100644 +--- a/rust/utils/src/tmpfile.rs ++++ b/rust/utils/src/tmpfile.rs +@@ -16,13 +16,14 @@ fn mkdtemp>(template: P) -> Result { + // SAFETY: template_raw is a valid CString because it was generated by + // the `CString::new`. + let ret = libc::mkdtemp(template_raw); ++ // SAFETY: `template_raw` is still a valid CString because it was ++ // generated by `CString::new` and modified by `libc::mkdtemp`. ++ let path_cstr = std::ffi::CString::from_raw(template_raw); + + if ret.is_null() { ++ drop(path_cstr); + Err(std::io::Error::last_os_error()) + } else { +- // SAFETY: `template_raw` is still a valid CString because it was +- // generated by `CString::new` and modified by `libc::mkdtemp`. +- let path_cstr = std::ffi::CString::from_raw(template_raw); + let path = OsStr::from_bytes(path_cstr.as_bytes()); + let path = std::path::PathBuf::from(path); + diff --git a/s390-tools-pvimg-info-command-03.patch b/s390-tools-pvimg-info-command-03.patch new file mode 100644 index 0000000..7f19275 --- /dev/null +++ b/s390-tools-pvimg-info-command-03.patch @@ -0,0 +1,334 @@ +From 944581eaefe4c6887790f2b8ed39c9ee76146c55 Mon Sep 17 00:00:00 2001 +From: Marc Hartmayer +Date: Tue, 17 Dec 2024 11:58:01 +0100 +Subject: [PATCH] rust/pvimg: Add upper estimates for the Secure Execution + header +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +A Secure Execution header V1 can be at maximum two pages large, optional +items are not supported, and the size of the encrypted part cannot be +larger than the total size of the Secure Execution header add this as +Deku assertions and additional conditions to the code. In addition, add +a check for the number of key slots. + +Fixes: f4cf4ae6ebb1 ("rust: Add a new tool called 'pvimg'") +Reviewed-by: Steffen Eiden +Signed-off-by: Marc Hartmayer +Signed-off-by: Jan Höppner +--- + rust/pvimg/src/pv_utils/error.rs | 3 + + rust/pvimg/src/pv_utils/se_hdr/brb.rs | 50 +++++++++++++--- + rust/pvimg/src/pv_utils/se_hdr/builder.rs | 10 +++- + rust/pvimg/src/pv_utils/se_hdr/hdr_v1.rs | 71 ++++++++++++++++++++--- + rust/pvimg/src/pv_utils/uvdata.rs | 18 ++++-- + 5 files changed, 130 insertions(+), 22 deletions(-) + +diff --git a/rust/pvimg/src/pv_utils/error.rs b/rust/pvimg/src/pv_utils/error.rs +index 2a176276..a12c4a22 100644 +--- a/rust/pvimg/src/pv_utils/error.rs ++++ b/rust/pvimg/src/pv_utils/error.rs +@@ -30,6 +30,9 @@ pub enum Error { + #[error("Invalid Secure Execution header")] + InvalidSeHdr, + ++ #[error("Secure Execution header size {given} is larger than the maximum of {maximum} bytes")] ++ InvalidSeHdrTooLarge { given: usize, maximum: usize }, ++ + #[error("Invalid component metadata.")] + InvalidComponentMetadata, + +diff --git a/rust/pvimg/src/pv_utils/se_hdr/brb.rs b/rust/pvimg/src/pv_utils/se_hdr/brb.rs +index ac3a2e6e..b8dadba1 100644 +--- a/rust/pvimg/src/pv_utils/se_hdr/brb.rs ++++ b/rust/pvimg/src/pv_utils/se_hdr/brb.rs +@@ -171,8 +171,8 @@ impl AeadCipherTrait for SeHdr { + } + + impl AeadDataTrait for SeHdr { +- fn aad(&self) -> Vec { +- [serialize_to_bytes(&self.common).unwrap(), self.data.aad()].concat() ++ fn aad(&self) -> Result> { ++ Ok([serialize_to_bytes(&self.common)?, self.data.aad()?].concat()) + } + + fn data(&self) -> Vec { +@@ -265,7 +265,7 @@ impl SeHdr { + + data.resize(sehs, 0); + reader.read_exact(&mut data[common_size..])?; +- Self::try_from_data(&data) ++ Self::try_from_data(&data).map_err(|_| Error::InvalidSeHdr) + } + } + +@@ -342,13 +342,13 @@ impl UvDataPlainTrait for SeHdrPlain { + } + + impl AeadPlainDataTrait for SeHdrPlain { +- fn aad(&self) -> Vec { +- let data_aad = self.data.aad(); ++ fn aad(&self) -> Result> { ++ let data_aad = self.data.aad()?; + +- [serialize_to_bytes(&self.common).unwrap(), data_aad].concat() ++ Ok([serialize_to_bytes(&self.common)?, data_aad].concat()) + } + +- fn data(&self) -> Confidential> { ++ fn data(&self) -> Result>> { + self.data.data() + } + +@@ -387,5 +387,41 @@ mod tests { + ])), + Err(Error::InvalidSeHdr) + )); ++ ++ // Invalid SeHdr as the `sehs` is too large. ++ assert!(matches!( ++ SeHdr::try_from_io(Cursor::new([ ++ 73, 66, 77, 83, 101, 99, 69, 120, 0, 0, 1, 0, 0, 0, 1, 255, 65, 65, 65, 65, 67, 0, ++ 65, 17, 65, 0, 65, 65, 65, 65, 65, 65, 91, 91, 180, 91, 91, 91, 91, 91, 91, 91, 91, ++ 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, ++ 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, ++ 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, ++ 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 241, 241, ++ 241, 241, 241, 91, 91, 91, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, ++ 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 80, ++ 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, ++ 112, 112, 112, 112, 91, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, ++ 112, 112, 112, 112, 112, 112, 112, 0, 0, 0, 0, 101, 99, 255, 255, 255, 255, 255, ++ 255, 255, 255, 255, 255, 255, 65, 65, 65, 65, 67, 0, 65, 17, 65, 0, 65, 65, 65, 65, ++ 65, 65, 91, 91, 180, 91, 91, 91, 91, 91, 91, 91, 91, 255, 255, 255, 255, 255, 255, ++ 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, ++ 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, ++ 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, ++ 255, 255, 255, 255, 255, 255, 255, 255, 241, 241, 241, 241, 241, 91, 91, 91, 112, ++ 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, ++ 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 80, 112, 112, 112, 112, 112, 112, ++ 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 91, 112, 112, ++ 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 73, 66, 77, 83, 101, 99, 69, 120, ++ 0, 112, 112, 0, 1, 0, 0, 0, 0, 101, 99, 255, 255, 255, 255, 255, 255, 255, 255, ++ 255, 255, 255, 65, 65, 65, 65, 67, 0, 65, 17, 65, 0, 65, 65, 65, 65, 65, 65, 91, ++ 91, 180, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, ++ 91, 91, 112, 112, 112, 112, 112, 73, 66, 77, 83, 101, 99, 69, 120, 0, 0, 1, 0, 0, ++ 0, 0, 48, 53, 53, 53, 53, 53, 53, 53, 91, 91, 91, 241, 241, 46, 49, 49, 0, 49, 49, ++ 0, 0, 112, 112, 112, 91, 0, 0, 0, 0, 9, 0, 49, 50, 22, 241, 241, 241, 241, 241, ++ 241, 241, 241, 241, 241, 241, 91, 91, 91, 91, 91, 255, 251, 0, 0, 91, 91, 91, 91, ++ 91, 91, 91, 91, 91, 91, 91, 0, 0, 91, 0, 0, 10, 91, 91, 91, 65, 65, 65, 65 ++ ])), ++ Err(Error::InvalidSeHdr) ++ )); + } + } +diff --git a/rust/pvimg/src/pv_utils/se_hdr/builder.rs b/rust/pvimg/src/pv_utils/se_hdr/builder.rs +index ba6de898..93bcc7af 100644 +--- a/rust/pvimg/src/pv_utils/se_hdr/builder.rs ++++ b/rust/pvimg/src/pv_utils/se_hdr/builder.rs +@@ -230,8 +230,14 @@ mod tests { + + let decrypted = bin.decrypt(&prot_key).expect("BUG"); + assert_eq!(bin.common, decrypted.common); +- assert_eq!(bin.aad(), decrypted.aad()); +- assert_ne!(&bin.data(), decrypted.data().value()); ++ assert_eq!( ++ bin.aad().expect("should not fail"), ++ decrypted.aad().expect("should not fail") ++ ); ++ assert_ne!( ++ &bin.data(), ++ decrypted.data().expect("should not fail").value() ++ ); + let _decrypted_hdrv1: SeHdrDataV1 = decrypted.data.try_into().expect("BUG"); + } + +diff --git a/rust/pvimg/src/pv_utils/se_hdr/hdr_v1.rs b/rust/pvimg/src/pv_utils/se_hdr/hdr_v1.rs +index a7f2f609..b179d50d 100644 +--- a/rust/pvimg/src/pv_utils/se_hdr/hdr_v1.rs ++++ b/rust/pvimg/src/pv_utils/se_hdr/hdr_v1.rs +@@ -19,6 +19,7 @@ use serde::{Serialize, Serializer}; + use super::keys::phkh_v1; + use crate::{ + error::Error, ++ misc::PAGESIZE, + pv_utils::{ + error::Result, + se_hdr::{ +@@ -51,11 +52,14 @@ struct HdrSizesV1 { + #[derive(Debug, Clone, PartialEq, Eq, DekuRead, DekuWrite, Serialize)] + #[deku(endian = "endian", ctx = "endian: Endian", ctx_default = "Endian::Big")] + struct SeHdrAadV1 { ++ #[deku(assert = "*sehs <= SeHdrDataV1::MAX_SIZE.try_into().unwrap()")] + sehs: u32, + #[serde(serialize_with = "ser_hex")] + iv: [u8; SymKeyType::AES_256_GCM_IV_LEN], + res1: u32, ++ #[deku(assert = "*nks <= (*sehs).into()", update = "self.keyslots.len()")] + nks: u64, ++ #[deku(assert = "*sea <= (*sehs).into()")] + sea: u64, + nep: u64, + #[serde(serialize_with = "ser_lower_hex")] +@@ -118,6 +122,7 @@ pub struct SeHdrConfV1 { + psw: PSW, + #[serde(serialize_with = "ser_lower_hex")] + scf: u64, ++ #[deku(assert_eq = "0")] + noi: u32, + res2: u32, + #[deku(count = "noi")] +@@ -200,6 +205,7 @@ where + } + + impl SeHdrDataV1 { ++ const MAX_SIZE: usize = 2 * PAGESIZE; + const PCF_DEFAULT: u64 = 0x0; + const SCF_DEFAULT: u64 = 0x0; + +@@ -241,7 +247,14 @@ impl SeHdrDataV1 { + tag: SeHdrTagV1::default(), + }; + let hdr_size = ret.size()?; +- ret.aad.sehs = hdr_size.phs.try_into()?; ++ let phs = hdr_size.phs.try_into()?; ++ if phs > Self::MAX_SIZE { ++ return Err(Error::InvalidSeHdrTooLarge { ++ given: phs, ++ maximum: Self::MAX_SIZE, ++ }); ++ } ++ ret.aad.sehs = phs.try_into()?; + ret.aad.sea = hdr_size.sea; + Ok(ret) + } +@@ -494,8 +507,8 @@ impl KeyExchangeTrait for SeHdrBinV1 { + } + + impl AeadDataTrait for SeHdrBinV1 { +- fn aad(&self) -> Vec { +- serialize_to_bytes(&self.aad).unwrap() ++ fn aad(&self) -> Result> { ++ serialize_to_bytes(&self.aad) + } + + fn data(&self) -> Vec { +@@ -508,12 +521,12 @@ impl AeadDataTrait for SeHdrBinV1 { + } + + impl AeadPlainDataTrait for SeHdrDataV1 { +- fn aad(&self) -> Vec { +- serialize_to_bytes(&self.aad).unwrap() ++ fn aad(&self) -> Result> { ++ serialize_to_bytes(&self.aad) + } + +- fn data(&self) -> Confidential> { +- serialize_to_bytes(self.data.value()).unwrap().into() ++ fn data(&self) -> Result>> { ++ Ok(serialize_to_bytes(self.data.value())?.into()) + } + + fn tag(&self) -> Vec { +@@ -610,4 +623,48 @@ mod tests { + assert_eq!(psw, hdr_data_v1.data.value().psw); + assert_eq!(cck.value(), hdr_data_v1.data.value().cck.value()); + } ++ ++ #[test] ++ fn max_size_sehdr_test() { ++ const MAX_HOST_KEYS: usize = 95; ++ ++ let (_, host_key) = get_test_key_and_cert(); ++ let pub_key = host_key.public_key().unwrap(); ++ let host_keys_max: Vec<_> = (0..MAX_HOST_KEYS).map(|_| pub_key.clone()).collect(); ++ let too_many_host_keys: Vec<_> = (0..MAX_HOST_KEYS + 1).map(|_| pub_key.clone()).collect(); ++ let xts_key = Confidential::new([0x3; SymKeyType::AES_256_XTS_KEY_LEN]); ++ let meta = ComponentMetadataV1 { ++ ald: [0x1; SHA_512_HASH_LEN], ++ pld: [0x2; SHA_512_HASH_LEN], ++ tld: [0x3; SHA_512_HASH_LEN], ++ nep: 3, ++ key: xts_key, ++ }; ++ let psw = PSW { ++ addr: 1234, ++ mask: 5678, ++ }; ++ ++ let mut builder = SeHdrBuilder::new(SeHdrVersion::V1, psw.clone(), meta.clone()) ++ .expect("should not fail"); ++ builder ++ .add_hostkeys(&host_keys_max) ++ .expect("should not fail") ++ .with_components(meta.clone()) ++ .expect("should not fail"); ++ let bin = builder.build().expect("should not fail"); ++ assert_eq!(bin.common.version, SeHdrVersion::V1); ++ let hdr_v1: SeHdrBinV1 = bin.data.try_into().expect("should not fail"); ++ assert_eq!(hdr_v1.aad.sehs, 8160); ++ ++ let mut builder = SeHdrBuilder::new(SeHdrVersion::V1, psw.clone(), meta.clone()) ++ .expect("should not fail"); ++ ++ builder ++ .add_hostkeys(&too_many_host_keys) ++ .expect("should not fail") ++ .with_components(meta) ++ .expect("should not fail"); ++ assert!(matches!(builder.build(), Err(Error::InvalidSeHdr))); ++ } + } +diff --git a/rust/pvimg/src/pv_utils/uvdata.rs b/rust/pvimg/src/pv_utils/uvdata.rs +index b0ec355a..c6ed9567 100644 +--- a/rust/pvimg/src/pv_utils/uvdata.rs ++++ b/rust/pvimg/src/pv_utils/uvdata.rs +@@ -34,7 +34,7 @@ pub trait AeadCipherTrait { + #[enum_dispatch] + pub trait AeadDataTrait { + /// Returns the authenticated associated data. +- fn aad(&self) -> Vec; ++ fn aad(&self) -> Result>; + + /// Returns the encrypted data. + fn data(&self) -> Vec; +@@ -47,10 +47,10 @@ pub trait AeadDataTrait { + #[enum_dispatch] + pub trait AeadPlainDataTrait { + /// Returns the authenticated associated data. +- fn aad(&self) -> Vec; ++ fn aad(&self) -> Result>; + + /// Returns the unencrypted data. +- fn data(&self) -> Confidential>; ++ fn data(&self) -> Result>>; + + /// Returns the tag data. + fn tag(&self) -> Vec; +@@ -124,8 +124,14 @@ pub trait UvDataPlainTrait: + expected: self.aead_key_type().to_string(), + }); + } +- let aad = self.aad(); +- let unecrypted_data = self.data(); ++ let aad = self.aad().map_err(|err| match err { ++ Error::Deku(_) => Error::InvalidSeHdr, ++ err => err, ++ })?; ++ let unecrypted_data = self.data().map_err(|err| match err { ++ Error::Deku(_) => Error::InvalidSeHdr, ++ err => err, ++ })?; + let iv = self.iv(); + let result = encrypt_aead(key, iv, &aad, unecrypted_data.value())?; + Self::C::try_from_data(&result.into_buf()) +@@ -169,7 +175,7 @@ pub trait UvDataTrait: AeadDataTrait + AeadCipherTrait + KeyExchangeTrait + Clon + } + + let tag_size = self.aead_tag_size(); +- let aad = self.aad(); ++ let aad = self.aad()?; + let unecrypted_data = self.data(); + let iv = self.iv(); + let tag = self.tag(); diff --git a/s390-tools-pvimg-info-command-04.patch b/s390-tools-pvimg-info-command-04.patch new file mode 100644 index 0000000..6a05f76 --- /dev/null +++ b/s390-tools-pvimg-info-command-04.patch @@ -0,0 +1,101 @@ +From 6e48c5ebaa26c6bd2a1bc33ccf36ed8bd6946358 Mon Sep 17 00:00:00 2001 +From: Marc Hartmayer +Date: Tue, 17 Dec 2024 18:13:31 +0100 +Subject: [PATCH] pvimg: info: Rename '--key' into '--hdr-key' and use '--key' + as an alias +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Rename '--key' into '--hdr-key' and use '--key' as an (non-visible) +alias for '--hdr-key' in order to keep the command line backwards +compatible. The chances of someone using '--key' are very low, as this +version has not yet been released by any OS distribution. + +This change makes the command line options for the different subcommands +more consistent and therefore easier to use. + +Suggested-by: Reinhard Bündgen +Acked-by: Hendrik Brueckner +Reviewed-by: Steffen Eiden +Signed-off-by: Marc Hartmayer +Signed-off-by: Jan Höppner +--- + rust/pvimg/man/pvimg-info.1 | 2 +- + rust/pvimg/src/cli.rs | 22 +++++++++++++++++++--- + rust/pvimg/src/cmd/info.rs | 2 +- + 3 files changed, 21 insertions(+), 5 deletions(-) + +Index: s390-tools-2.36.0/rust/pvimg/man/pvimg-info.1 +=================================================================== +--- s390-tools-2.36.0.orig/rust/pvimg/man/pvimg-info.1 ++++ s390-tools-2.36.0/rust/pvimg/man/pvimg-info.1 +@@ -37,7 +37,7 @@ Possible values: + .RE + .RE + .PP +-\-\-key ++\-\-hdr\-key + .RS 4 + Use the key in FILE to decrypt the Secure Execution header. + .RE +Index: s390-tools-2.36.0/rust/pvimg/src/cli.rs +=================================================================== +--- s390-tools-2.36.0.orig/rust/pvimg/src/cli.rs ++++ s390-tools-2.36.0/rust/pvimg/src/cli.rs +@@ -192,8 +192,8 @@ pub struct InfoArgs { + pub format: OutputFormat, + + /// Use the key in FILE to decrypt the Secure Execution header. +- #[arg(long, value_name = "FILE", value_hint = ValueHint::FilePath,)] +- pub key: Option, ++ #[arg(long, value_name = "FILE", value_hint = ValueHint::FilePath, alias = "key")] ++ pub hdr_key: Option, + } + + #[derive(Args, Debug)] +@@ -710,6 +710,22 @@ mod test { + CliOption::new("image", ["/dev/null"]), + ], + )), ++ flat_map_collect(insert( ++ args.clone(), ++ vec![ ++ CliOption::new("hdr-key", ["--hdr-key", "/dev/null"]), ++ CliOption::new("format", ["--format=json"]), ++ CliOption::new("image", ["/dev/null"]), ++ ], ++ )), ++ flat_map_collect(insert( ++ args.clone(), ++ vec![ ++ CliOption::new("hdr-key", ["--key", "/dev/null"]), ++ CliOption::new("format", ["--format=json"]), ++ CliOption::new("image", ["/dev/null"]), ++ ], ++ )), + // separation between keyword and positional args works + flat_map_collect(insert( + args.clone(), +@@ -750,7 +766,7 @@ mod test { + + // Test for invalid combinations + // Input is missing +- let mut pvimg_invalid_args = vec![vec!["pvimg", "test"]]; ++ let mut pvimg_invalid_args = vec![vec!["pvimg", "info"]]; + + for create_args in &valid_test_args { + pvimg_valid_args.push( +Index: s390-tools-2.36.0/rust/pvimg/src/cmd/info.rs +=================================================================== +--- s390-tools-2.36.0.orig/rust/pvimg/src/cmd/info.rs ++++ s390-tools-2.36.0/rust/pvimg/src/cmd/info.rs +@@ -27,7 +27,7 @@ pub fn info(opt: &InfoArgs) -> Result +Date: Wed, 20 May 2015 11:57:11 +0200 +Subject: [PATCH] fdasd: skip partition check and BLKRRPART ioctl for emulated + devices + +If 'fdasd -f' is called we cannot rely on the partition detection +via a simple check of the minor number, so the check should be +suppressed. +Similarly, not every emulated device supports the BLKRRPART ioctl, +so we should be suppressing the error message for these devices, too. + +Signed-off-by: Hannes Reinecke +--- + fdasd/fdasd.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/fdasd/fdasd.c ++++ b/fdasd/fdasd.c +@@ -1231,10 +1231,12 @@ + */ + static void fdasd_reread_partition_table(fdasd_anchor_t *anc) + { ++ int rc = 0 ; + if (!anc->silent) + printf("rereading partition table...\n"); + +- if (dasd_reread_partition_table(options.device, 5) != 0) { ++ rc = dasd_reread_partition_table(options.device, 1); ++ if (rc == EINVAL && !anc->force_virtual) { + fdasd_error(anc, unable_to_ioctl, "Error while rereading " + "partition table.\nPlease reboot!"); + } diff --git a/s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.opensuse b/s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.opensuse new file mode 100644 index 0000000..3b47e4a --- /dev/null +++ b/s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.opensuse @@ -0,0 +1,34 @@ +From f7a0f391f2c4e8acc96b21ab5de54a178aa60088 Mon Sep 17 00:00:00 2001 +From: Hannes Reinecke +Date: Fri, 22 Nov 2013 15:39:38 +0100 +Subject: [PATCH] 59-dasd.rules: generate by-id links on 'change' and 'add' + +The by-id rules need to be triggered on both, 'change' and 'add', +to work correctly during restarting udev. + +References: bnc#808042 + +Signed-off-by: Robert Milasan +--- + etc/udev/rules.d/59-dasd.rules | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/etc/udev/rules.d/59-dasd.rules b/etc/udev/rules.d/59-dasd.rules +index 2b1435c..a08cb7c 100644 +--- a/etc/udev/rules.d/59-dasd.rules ++++ b/etc/udev/rules.d/59-dasd.rules +@@ -6,9 +6,9 @@ + SUBSYSTEM!="block", GOTO="dasd_symlinks_end" + KERNEL!="dasd*", GOTO="dasd_symlinks_end" + +-ACTION!="change", GOTO="dasd_block_end" ++ACTION!="change|add", GOTO="dasd_block_end" + # by-id (hardware serial number) +-KERNEL=="dasd*[!0-9]", ATTRS{status}=="online", IMPORT{program}="/sbin/dasdinfo -a -e -b $kernel" ++KERNEL=="dasd*[!0-9]", ATTRS{status}=="online", IMPORT{program}="/usr/sbin/dasdinfo -a -e -b $kernel" + KERNEL=="dasd*[!0-9]", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_SERIAL}" + KERNEL=="dasd*[!0-9]", ENV{ID_UID}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_UID}" + KERNEL=="dasd*[!0-9]", ENV{ID_XUID}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_XUID}" +-- +1.8.1.4 + diff --git a/s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.suse b/s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.suse new file mode 100644 index 0000000..d8ec409 --- /dev/null +++ b/s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.suse @@ -0,0 +1,26 @@ +From f7a0f391f2c4e8acc96b21ab5de54a178aa60088 Mon Sep 17 00:00:00 2001 +From: Hannes Reinecke +Date: Fri, 22 Nov 2013 15:39:38 +0100 +Subject: [PATCH] 59-dasd.rules: generate by-id links on 'change' and 'add' + +The by-id rules need to be triggered on both, 'change' and 'add', +to work correctly during restarting udev. + +References: bnc#808042 + +Signed-off-by: Robert Milasan +--- + etc/udev/rules.d/59-dasd.rules | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/etc/udev/rules.d/59-dasd.rules ++++ b/etc/udev/rules.d/59-dasd.rules +@@ -6,7 +6,7 @@ + SUBSYSTEM!="block", GOTO="dasd_symlinks_end" + KERNEL!="dasd*", GOTO="dasd_symlinks_end" + +-ACTION!="change", GOTO="dasd_block_end" ++ACTION!="change|add", GOTO="dasd_block_end" + # by-id (hardware serial number) + KERNEL=="dasd*[!0-9]", ATTRS{status}=="online", IMPORT{program}="/sbin/dasdinfo -a -e -b $kernel" + KERNEL=="dasd*[!0-9]", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_SERIAL}" diff --git a/s390-tools-sles12-zipl_boot_msg.patch b/s390-tools-sles12-zipl_boot_msg.patch new file mode 100644 index 0000000..4cd2231 --- /dev/null +++ b/s390-tools-sles12-zipl_boot_msg.patch @@ -0,0 +1,20 @@ +--- + zipl/boot/menu.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/zipl/boot/menu.c ++++ b/zipl/boot/menu.c +@@ -168,8 +168,11 @@ + /* print config list */ + menu_list(); + +- if (is_zvm()) +- printf("Note: VM users please use '#cp vi vmsg '\n"); ++ if (is_zvm()) { ++ printf(" \n"); ++ printf("Note: VM users please use '#cp vi vmsg '\n"); ++ printf(" \n"); ++ } + + value = menu_read(); + diff --git a/s390-tools-sles15-sysconfig-compatible-dumpconf.patch b/s390-tools-sles15-sysconfig-compatible-dumpconf.patch new file mode 100644 index 0000000..61e9f97 --- /dev/null +++ b/s390-tools-sles15-sysconfig-compatible-dumpconf.patch @@ -0,0 +1,148 @@ +--- + etc/sysconfig/dumpconf | 133 +++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 133 insertions(+) + +--- a/etc/sysconfig/dumpconf ++++ b/etc/sysconfig/dumpconf +@@ -1,3 +1,4 @@ ++########################################################################################### + # + # s390 dump config + # +@@ -78,3 +79,135 @@ + # dumpconf becomes active immediately during system startup. + # + # ON_PANIC=reipl ++ ++############################ Begin Definitions ########################################### ++## Path: System/Dumpconf ++## Description: Configures the actions which should be performed after a kernel panic ++## Type: list(stop,dump,vmcmd,reipl,dump_reipl) ++## Default: "stop" ++## ServiceRestart: dumpconf ++# ++# Define the action that should be taken if a kernel panic happens. ++# ++ON_PANIC="stop" ++ ++## Type: integer(0:300) ++## Default: 5 ++## ServiceRestart: dumpconf ++# ++# Using reipl or dump_reipl actions with ON_PANIC can lead to the system ++# looping with alternating IPLs and crashes. Use DELAY_MINUTES to prevent ++# such a loop. DELAY_MINUTES delays activating the specified panic action ++# for a newly started system. When the specified time has elapsed, dumpconf ++# activates the specified panic action. This action is taken should the ++# system subsequently crash. If the system crashes before the time has ++# elapsed the previously defined action is taken. If no previous action has ++# been defined the default action (STOP) is performed. ++# ++DELAY_MINUTES="5" ++ ++## Type: list(ccw,fcp,nvme) ++## Default: "" ++## ServiceRestart: dumpconf ++# ++# Define the type, ccw for DASD, fcp for zFCP, or nvme for NVMe Disk. ++# ++DUMP_TYPE="" ++ ++## Type: string ++## Default: "" ++## ServiceRestart: dumpconf ++# ++# Define the device id for a DASD or SCSI over zFCP dump device. ++# ++# For example (DASD and SCSI over zFCP have the same structure): DEVICE=0.0.4711 ++# ++DEVICE="" ++ ++# Type: string ++## Default: "" ++## ServiceRestart: dumpconf ++# ++# Define the WWPN for a zFCP dump device. ++# ++# For example: WWPN=0x5005076303004711 ++# ++WWPN="" ++ ++## Type: string ++## Default: "" ++## ServiceRestart: dumpconf ++# ++# Define the LUN for a zFCP dump device. ++# ++# For example: LUN=0x4711000000000000 ++# ++LUN="" ++ ++## Type: integer(0:30) ++## Default: "0" ++## ServiceRestart: dumpconf ++# ++# Define the Boot program selector for a zFCP dump device. ++# ++# A decimal value between 0 and 30 specifying the program to be loaded from ++# the FCP-I/O device. ++# ++BOOTPROG="0" ++ ++## Type: string ++## Default: "0" ++## ServiceRestart: dumpconf ++# ++# Define the Boot record logical block address for a zFCP dump device. ++# ++# The hexadecimal digits designating the logical-block address of the boot record of the FCP-I/O device. ++# It must be a value from 0-FFFFFFFF FFFFFFFF. For values longer than 8 hex characters at least one separator ++# blank is required after the 8th character. ++# ++BR_LBA="0" ++ ++## Type: string ++## Default: "" ++## ServiceRestart: dumpconf ++# ++# Define the Function ID for NVMe dump device. ++# ++# The hexadecimal digits designating the Function ID for the NMVe disk. ++# ++# For example: FID=0x00000300 ++# ++FID="" ++ ++## Type: string ++## Default: "" ++## ServiceRestart: dumpconf ++# ++# Define the Namespace ID for the NVMe dump device ++# ++# The hexadecimal digits designating the Namespace ID for the NMVe disk. ++# ++# For example: NSID=0x00000001 ++# ++NSID="" ++ ++## Type: string ++## Default: "" ++## ServiceRestart: dumpconf ++# ++# VMCMD_ ++# Specifies a CP command, is a number from one to eight. You can ++# specify up to eight CP commands that are executed in case of a kernel ++# panic. Note that VM commands, device adresses, and VM guest names ++# must be uppercase. ++# ++VMCMD_1="" ++VMCMD_2="" ++VMCMD_3="" ++VMCMD_4="" ++VMCMD_5="" ++VMCMD_6="" ++VMCMD_7="" ++VMCMD_8="" ++ ++############################### End Definitions ############################################## +\ No newline at end of file diff --git a/s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch b/s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch new file mode 100644 index 0000000..4b32289 --- /dev/null +++ b/s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch @@ -0,0 +1,50 @@ +Subject: zdev: Add support for handling I/O configuration data +From: Peter Oberparleiter + +Summary: zdev: Add support for handling I/O configuration data +Description: LPARs that are running in IBM Dynamic Partition Manager (DPM) mode + can access a firmware-generated I/O configuration data file that + contains s390-specific information about available I/O devices + such as qeth device numbers and parameters, and FCP device IDs. + + This data file is intended to remove the need for users to + manually enter the corresponding device data during installation. + + Linux kernels with the corresponding support make the I/O + configuration data available at the following location: + + /sys/firmware/sclp_sd/config/data + + This patch set adds support for handling this data file using the + chzdev and lszdev tools: + + - I/O configuration data can be applied using chzdev's --import + option + - Initial RAM-Disk scripts automatically apply the + I/O configuration data to the system configuration + - lszdev can be used to display the applied auto-configuration + data + - chzdev can be used to manually override the + auto-configuration data + +Upstream-ID: - +Problem-ID: LS1604 + +Signed-off-by: Peter Oberparleiter +--- + zdev/src/zdev-root-update.dracut | 6 ------ + 1 file changed, 6 deletions(-) + +--- a/zdev/src/zdev-root-update.dracut ++++ b/zdev/src/zdev-root-update.dracut +@@ -20,10 +20,4 @@ + exit 1 + } + +-echo "Installing IPL record" +-zipl --noninteractive || { +- echo "${TOOLNAME}: Error: Could not install IPL record" >&2 +- exit 1 +-} +- + exit 0 diff --git a/s390-tools-sles15sp3-Allow-multiple-device-arguments.patch b/s390-tools-sles15sp3-Allow-multiple-device-arguments.patch new file mode 100644 index 0000000..a68246f --- /dev/null +++ b/s390-tools-sles15sp3-Allow-multiple-device-arguments.patch @@ -0,0 +1,465 @@ +From d6582bbaf0f3986a42f562046dc0caa9de89c75e Mon Sep 17 00:00:00 2001 +From: Hannes Reinecke +Date: Fri, 6 Oct 2017 08:58:17 +0200 +Subject: [PATCH] dasdfmt: Allow multiple device arguments + +Allow the user to specify several devices as arguments to dasdfmt. + +Signed-off-by: Hannes Reinecke +--- + dasdfmt/dasdfmt.8 | 6 - + dasdfmt/dasdfmt.c | 197 +++++++++++++++++++++++++++++++----------------------- + 2 files changed, 119 insertions(+), 84 deletions(-) + +--- a/dasdfmt/dasdfmt.8 ++++ b/dasdfmt/dasdfmt.8 +@@ -11,14 +11,14 @@ + .br + [\-r \fIcylinder\fR] [\-b \fIblksize\fR] [\-l \fIvolser\fR] [\-d \fIlayout\fR] + .br +- [\-L] [\-V] [\-F] [\-k] [\-C] [\-M \fImode\fR] \fIdevice\fR ++ [\-L] [\-V] [\-F] [\-k] [\-C] [\-M \fImode\fR] \fIdevice\fR [\fIdevice\fR] + + .SH DESCRIPTION +-\fBdasdfmt\fR formats a DASD (ECKD) disk drive to prepare it ++\fBdasdfmt\fR formats one or several DASD (ECKD) disk drive(s) to prepare them + for usage with Linux for S/390. + The \fIdevice\fR is the node of the device (e.g. '/dev/dasda'). + Any device node created by udev for kernel 2.6 can be used +-(e.g. '/dev/dasd/0.0.b100/disc'). ++(e.g. '/dev/dasd/0.0.b100/disc'). It is possible to specify up to 512 devices. + .br + + \fBWARNING\fR: Careless usage of \fBdasdfmt\fR can result in +--- a/dasdfmt/dasdfmt.c ++++ b/dasdfmt/dasdfmt.c +@@ -25,6 +25,8 @@ + + #include "dasdfmt.h" + ++#define MAX_DEVICES 512 ++#define MAX_LENGTH 256 + #define BUSIDSIZE 8 + #define SEC_PER_DAY (60 * 60 * 24) + #define SEC_PER_HOUR (60 * 60) +@@ -57,7 +59,9 @@ + static struct dasdfmt_globals { + dasd_information2_t dasd_info; + char *dev_path; /* device path entered by user */ ++ char dev_path_array[MAX_DEVICES][MAX_LENGTH]; /* Array of device paths entered by user */ + char *dev_node; /* reliable device node determined by dasdfmt */ ++ char dev_node_array[MAX_DEVICES][MAX_LENGTH]; /* Array of reliable device nodes determined by dasdfmt */ + int verbosity; + int testmode; + int withoutprompt; +@@ -484,15 +488,15 @@ + program_interrupt_in_progress = 1; + + if (disk_disabled) { +- printf("Re-accessing the device...\n"); ++ printf("Re-accessing %s...\n", g.dev_path); + disk_enable(); + } + +- printf("Rereading the partition table...\n"); ++ printf("Rereading the partition table for %s...\n", g.dev_path); + rc = dasd_reread_partition_table(g.dev_node, 5); + if (rc) { + ERRMSG("%s: (signal handler) Re-reading partition table " +- "failed. (%s)\n", prog_name, strerror(rc)); ++ "for %s failed. (%s)\n", prog_name, g.dev_path, strerror(rc)); + } else { + printf("Exiting...\n"); + } +@@ -512,9 +516,6 @@ + unsigned int maj, min; + struct stat dev_stat; + +- if (optind + 1 < argc) +- error("More than one device specified!"); +- + if (optind >= argc) + error("No device specified!"); + +@@ -610,10 +611,10 @@ + error("the ioctl call to retrieve read/write status information failed: %s", + strerror(err)); + if (ro) +- error("Disk is read only!"); ++ error("Disk %s is read only!", g.dev_path); + if (!g.force) { + if (g.dasd_info.open_count > 1) +- error("Disk in use!"); ++ error("Disk %s is in use!", g.dev_path); + } + if (strncmp(g.dasd_info.type, "ECKD", 4) != 0) { + warnx("Unsupported disk type"); +@@ -700,7 +701,7 @@ + struct dasd_eckd_characteristics *characteristics; + + if (g.verbosity > 0) +- printf("Retrieving disk geometry...\n"); ++ printf("Retrieving disk geometry for %s...\n", g.dev_path); + + characteristics = (struct dasd_eckd_characteristics *) + &g.dasd_info.characteristics; +@@ -728,13 +729,13 @@ + "Cylinders above this limit will not be" + " accessible as a linux partition!\n" + "Type \"yes\" to continue, no will leave" +- " the disk untouched: ", LV_COMPAT_CYL); ++ " the %s disk untouched: ", LV_COMPAT_CYL, g.dev_path); + if (fgets(inp_buffer, sizeof(inp_buffer), stdin) == NULL) + return; + if (strcasecmp(inp_buffer, "yes") && + strcasecmp(inp_buffer, "yes\n")) { +- printf("Omitting ioctl call (disk will " +- "NOT be formatted).\n"); ++ printf("Omitting ioctl call (disk %s will " ++ "NOT be formatted).\n", g.dev_path); + return; + } + } +@@ -872,7 +873,7 @@ + check_params->start_unit = 0; + check_params->stop_unit = (cylinders * heads) - 1; + +- printf("Checking format of the entire disk...\n"); ++ printf("Checking format of the entire %s disk...\n", g.dev_path); + + if (g.testmode) { + printf("Test mode active, omitting ioctl.\n"); +@@ -896,7 +897,7 @@ + if (process_tracks(cylinders, heads, check_params)) + error("Use --mode=full to perform a clean format."); + +- printf("Done. Disk is fine.\n"); ++ printf("Done. Disk %s is fine.\n", g.dev_path); + } + + /* +@@ -946,8 +947,8 @@ + + printf("Device Type: %s Provisioned\n", + g.ese ? "Thinly" : "Fully"); +- printf("\nI am going to format the device "); +- printf("%s in the following way:\n", g.dev_path); ++ printf("\nI am going to format %s ", g.dev_path); ++ printf("in the following way:\n"); + printf(" Device number of device : 0x%x\n", g.dasd_info.devno); + printf(" Labelling device : %s\n", + (g.writenolabel) ? "no" : "yes"); +@@ -1012,7 +1013,7 @@ + int ipl1_record_len, ipl2_record_len; + + if (g.verbosity > 0) +- printf("Retrieving dasd information... "); ++ printf("Retrieving dasd information for %s... ", g.dev_path); + + get_blocksize(&blksize); + +@@ -1030,7 +1031,7 @@ + + /* write empty bootstrap (initial IPL records) */ + if (g.verbosity > 0) +- printf("Writing empty bootstrap...\n"); ++ printf("Writing empty bootstrap to %s...\n", g.dev_path); + + /* + * Note: ldl labels do not contain the key field +@@ -1089,7 +1090,7 @@ + label_position = g.dasd_info.label_block * blksize; + + if (g.verbosity > 0) +- printf("Writing label...\n"); ++ printf("Writing label to %s...\n", g.dev_path); + + rc = lseek(fd, label_position, SEEK_SET); + if (rc != label_position) { +@@ -1120,7 +1121,7 @@ + } + + if (g.verbosity > 0) +- printf("Writing VTOC... "); ++ printf("Writing VTOC to %s... ", g.dev_path); + + label_position = (VTOC_START_CC * heads + VTOC_START_HH) * + geo.sectors * blksize; +@@ -1242,7 +1243,7 @@ + if (!g.ese || g.no_discard) + return; + +- printf("Releasing space for the entire device...\n"); ++ printf("Releasing space for the entire %s device...\n", g.dev_path); + err = dasd_release_space(g.dev_node, &r); + if (err) + error("Could not release space: %s", strerror(err)); +@@ -1261,20 +1262,21 @@ + int err; + + if (!(g.withoutprompt && g.verbosity < 1)) +- printf("Formatting the device. This may take a while " +- "(get yourself a coffee).\n"); ++ printf("Formatting the %s device. This may take a while " ++ "(get yourself a coffee).\n", g.dev_path); + + if (g.verbosity > 0) +- printf("Detaching the device...\n"); ++ printf("Detaching the %s device...\n", g.dev_path); + + disk_disable(g.dev_node); + + if (g.verbosity > 0) +- printf("Invalidate first track...\n"); ++ printf("Invalidate first track on %s...\n", g.dev_path); + + err = dasd_format_disk(filedes, &temp); + if (err != 0) +- error("(invalidate first track) IOCTL BIODASDFMT failed: %s", strerror(err)); ++ error("(invalidate first track) IOCTL BIODASDFMT failed for %s: %s", ++ g.dev_path, strerror(err)); + + /* except track 0 from standard formatting procss */ + p->start_unit = 1; +@@ -1282,19 +1284,19 @@ + process_tracks(cylinders, heads, p); + + if (g.verbosity > 0) +- printf("formatting tracks complete...\n"); ++ printf("formatting tracks for %s complete...\n", g.dev_path); + + temp.intensity = p->intensity; + + if (g.verbosity > 0) +- printf("Revalidate first track...\n"); ++ printf("Revalidate first track on %s...\n", g.dev_path); + + err = dasd_format_disk(filedes, &temp); + if (err != 0) + error("(re-validate first track) IOCTL BIODASDFMT failed: %s", strerror(err)); + + if (g.verbosity > 0) +- printf("Re-accessing the device...\n"); ++ printf("Re-accessing the %s device...\n", g.dev_path); + + disk_enable(); + } +@@ -1306,18 +1308,18 @@ + format_data_t *p) + { + if (!(g.withoutprompt && g.verbosity < 1)) +- printf("Formatting the device. This may take a while " +- "(get yourself a coffee).\n"); ++ printf("Formatting the %s device. This may take a while " ++ "(get yourself a coffee).\n", g.dev_path); + + if (g.verbosity > 0) +- printf("Detaching the device...\n"); ++ printf("Detaching the %s device...\n", g.dev_path); + + disk_disable(g.dev_node); + + process_tracks(cylinders, heads, p); + + if (g.verbosity > 0) +- printf("Formatting tracks complete...\n"); ++ printf("formatting tracks for %s complete...\n", g.dev_path); + + if (g.verbosity > 0) + printf("Re-accessing the device...\n"); +@@ -1426,16 +1428,16 @@ + if (!g.withoutprompt) { + printf("\n"); + if (mode != EXPAND) +- printf("--->> ATTENTION! <<---\nAll data of " +- "that device will be lost.\n"); ++ printf("--->> ATTENTION! <<---\nAll data on " ++ "the %s device will be lost.\n", g.dev_path); + printf("Type \"yes\" to continue, no will leave the " + "disk untouched: "); + if (fgets(inp_buffer, sizeof(inp_buffer), stdin) == NULL) + return; + if (strcasecmp(inp_buffer, "yes") && + strcasecmp(inp_buffer, "yes\n")) { +- printf("Omitting ioctl call (disk will " +- "NOT be formatted).\n"); ++ printf("Omitting ioctl call (disk %s will " ++ "NOT be formatted).\n", g.dev_path); + return; + } + } +@@ -1453,12 +1455,12 @@ + break; + } + +- printf("Finished formatting the device.\n"); ++ printf("Finished formatting the %s device.\n", g.dev_path); + + if (!(g.writenolabel || mode == EXPAND)) + dasdfmt_write_labels(vlabel, cylinders, heads); + +- printf("Rereading the partition table... "); ++ printf("Rereading the partition table for %s... ", g.dev_path); + err = dasd_reread_partition_table(g.dev_node, 5); + if (err != 0) { + ERRMSG("%s: error during rereading the partition " +@@ -1472,7 +1474,7 @@ + static void eval_format_mode(void) + { + if (!g.force && g.mode_specified && g.ese && mode == EXPAND) { +- warnx("WARNING: The specified device is thin-provisioned"); ++ warnx("WARNING: The specified device, %s, is thin-provisioned", g.dev_path); + warnx("Format mode 'expand' is not feasible."); + error("Use --mode=full or --mode=quick to perform a clean format"); + } +@@ -1495,20 +1497,70 @@ + prog_name = p + 1; + } + +-int main(int argc, char *argv[]) ++void process_dasd(volume_label_t *orig_vlabel, format_data_t format_params) + { + volume_label_t vlabel; + char old_volser[7]; +- + char str[ERR_LENGTH]; ++ unsigned int cylinders, heads; int rc; ++ ++ rc = dasd_get_info(g.dev_node, &g.dasd_info); ++ if (rc != 0) ++ error("the ioctl call to retrieve device information failed: %s", strerror(rc)); ++ ++ g.ese = dasd_sys_ese(g.dev_node); ++ eval_format_mode(); ++ ++ /* Not sure this next line is needed in the new version of the code. */ ++ memcpy(&vlabel, orig_vlabel, sizeof(vlabel)); ++ ++ /* Either let the user specify the blksize or get it from the kernel */ ++ if (!g.blksize_specified) { ++ if (!(mode == FULL || ++ g.dasd_info.format == DASD_FORMAT_NONE) || g.check) ++ get_blocksize(&format_params.blksize); ++ else ++ format_params = ask_user_for_blksize(format_params); ++ } ++ ++ if (g.keep_volser) { ++ if (g.labelspec) ++ error("The -k and -l options are mutually exclusive"); ++ if (!(format_params.intensity & DASD_FMT_INT_COMPAT)) ++ error("WARNING: VOLSER cannot be kept when using the ldl format!"); ++ ++ if (dasdfmt_get_volser(old_volser) == 0) ++ vtoc_volume_label_set_volser(&vlabel, old_volser); ++ else ++ error("VOLSER not found on device %s", g.dev_path); ++ } ++ ++ check_disk(); ++ ++ if (check_param(str, ERR_LENGTH, &format_params) < 0) ++ error("%s", str); ++ ++ set_geo(&cylinders, &heads); ++ set_label(&vlabel, &format_params, cylinders); ++ ++ if (g.check) ++ check_disk_format(cylinders, heads, &format_params); ++ else ++ do_format_dasd(&vlabel, &format_params, cylinders, heads); ++ ++} ++ ++int main(int argc, char *argv[]) ++{ ++ volume_label_t vlabel; ++ + char buf[7]; + + char *blksize_param_str = NULL; + char *reqsize_param_str = NULL; + char *hashstep_str = NULL; + +- int rc; +- unsigned int cylinders, heads; ++ int rc, numdev = 0, i; + + /* Establish a handler for interrupt signals. */ + signal(SIGTERM, program_interrupt_signal); +@@ -1644,6 +1696,9 @@ + break; /* exit loop if finished */ + } + ++ /* Reset the value of rc since we're going to use it again later. */ ++ rc = 0; ++ + CHECK_SPEC_MAX_ONCE(g.blksize_specified, "blocksize"); + CHECK_SPEC_MAX_ONCE(g.labelspec, "label"); + CHECK_SPEC_MAX_ONCE(g.writenolabel, "omit-label-writing flag"); +@@ -1662,48 +1717,28 @@ + if (g.print_hashmarks) + PARSE_PARAM_INTO(g.hashstep, hashstep_str, 10, "hashstep"); + +- get_device_name(optind, argc, argv); +- +- rc = dasd_get_info(g.dev_node, &g.dasd_info); +- if (rc != 0) +- error("the ioctl call to retrieve device information failed: %s", strerror(rc)); +- +- g.ese = dasd_sys_ese(g.dev_node); +- eval_format_mode(); ++ while (optind < argc) { ++ get_device_name(optind, argc, argv); ++ strncpy(g.dev_path_array[numdev], g.dev_path, strlen(g.dev_path)); ++ strncpy(g.dev_node_array[numdev], g.dev_node, strlen(g.dev_node)); + +- /* Either let the user specify the blksize or get it from the kernel */ +- if (!g.blksize_specified) { +- if (!(mode == FULL || +- g.dasd_info.format == DASD_FORMAT_NONE) || g.check) +- get_blocksize(&format_params.blksize); +- else +- format_params = ask_user_for_blksize(format_params); ++ optind++; ++ numdev++; + } + +- if (g.keep_volser) { +- if (g.labelspec) +- error("The -k and -l options are mutually exclusive"); +- if (!(format_params.intensity & DASD_FMT_INT_COMPAT)) +- error("WARNING: VOLSER cannot be kept when using the ldl format!"); +- +- if (dasdfmt_get_volser(old_volser) == 0) +- vtoc_volume_label_set_volser(&vlabel, old_volser); +- else +- error("VOLSER not found on device %s", g.dev_path); +- } ++ if (!numdev) ++ error("%s: No device specified!\n", ++ prog_name); + +- check_disk(); ++ if (numdev > 1 && g.labelspec) ++ error("Specifying a volser to be written doesn't make sense when formatting multiple DASD volumes."); + +- if (check_param(str, ERR_LENGTH, &format_params) < 0) +- error("%s", str); +- +- set_geo(&cylinders, &heads); +- set_label(&vlabel, &format_params, cylinders); +- +- if (g.check) +- check_disk_format(cylinders, heads, &format_params); +- else +- do_format_dasd(&vlabel, &format_params, cylinders, heads); ++ for (i = 0; i < numdev; i++) ++ { ++ strncpy(g.dev_path, g.dev_path_array[i], strlen(g.dev_path_array[i])+1); ++ strncpy(g.dev_node, g.dev_node_array[i], strlen(g.dev_node_array[i])+1); ++ process_dasd(&vlabel, format_params); ++ } + + free(g.dev_path); + free(g.dev_node); diff --git a/s390-tools-sles15sp3-Format-devices-in-parallel.patch b/s390-tools-sles15sp3-Format-devices-in-parallel.patch new file mode 100644 index 0000000..8ec3f2e --- /dev/null +++ b/s390-tools-sles15sp3-Format-devices-in-parallel.patch @@ -0,0 +1,176 @@ +From a61154fd93122f5a0f2b74f21c3ac29eb437f150 Mon Sep 17 00:00:00 2001 +From: Hannes Reinecke +Date: Fri, 6 Oct 2017 09:39:36 +0200 +Subject: [PATCH] dasdfmt: Format devices in parallel + +Allow dasdfmt to run in parallel when several devices are specified. + +Signed-off-by: Hannes Reinecke +--- + dasdfmt/dasdfmt.8 | 16 +++++++++++++- + dasdfmt/dasdfmt.c | 58 ++++++++++++++++++++++++++++++++++++++++++------------ + 2 files changed, 60 insertions(+), 14 deletions(-) + +--- a/dasdfmt/dasdfmt.8 ++++ b/dasdfmt/dasdfmt.8 +@@ -7,7 +7,7 @@ + dasdfmt \- formatting of DASD (ECKD) disk drives. + + .SH SYNOPSIS +-\fBdasdfmt\fR [\-h] [\-t] [\-v] [\-y] [\-p] [\-P] [\-m \fIstep\fR] ++\fBdasdfmt\fR [\-h] [\-t] [\-v] [\-y] [\-p] [\-Q] [\-P] [\-m \fIstep\fR] + .br + [\-r \fIcylinder\fR] [\-b \fIblksize\fR] [\-l \fIvolser\fR] [\-d \fIlayout\fR] + .br +@@ -95,7 +95,7 @@ + running in background or redirecting the output to a file. + + .TP +-\fB\-P\fR or \fB\-\-percentage\fR ++\fB\-Q\fR or \fB\-\-percentage\fR + Print one line for each formatted cylinder showing the number of the + cylinder and percentage of formatting process. + Intended to be used by higher level interfaces. +@@ -164,6 +164,18 @@ + + .TP + \fB\-l\fR \fIvolser\fR or \fB\-\-label\fR=\fIvolser\fR ++\fB-P\fR \fInumdisks\fR or \fB--max_parallel\fR=\fInumdisks\fR ++Specify the number of disks to be formatted in parallel. ++\fInumdisks\fR specifies the number of formatting processed, ++independent on the overall number of disks to be formatted. ++The maximum value for \fInumdisks\fR is 512. Default is 1. ++.br ++Using this option can decrease overall processing time when formatting ++several disks. Please note that the I/O throughput will dramatically ++increase when using this option. Use with care. ++.br ++ ++.TP + Specify the volume serial number or volume identifier to be written + to disk after formatting. If no label is specified, a sensible default + is used. \fIvolser\fR is interpreted as ASCII string and is automatically +--- a/dasdfmt/dasdfmt.c ++++ b/dasdfmt/dasdfmt.c +@@ -13,6 +13,7 @@ + #include + #include + #include ++#include + + #include "lib/dasd_base.h" + #include "lib/dasd_sys.h" +@@ -81,6 +82,7 @@ + int mode_specified; + int ese; + int no_discard; ++ int procnum; + } g = { + .dasd_info = { 0 }, + }; +@@ -105,6 +107,11 @@ + .desc = "Perform complete format check on device", + .flags = UTIL_OPT_FLAG_NOSHORT, + }, ++ { ++ .option = { "max_parallel", required_argument, NULL, 'P' }, ++ .desc = "Format devices in parallel", ++ .flags = UTIL_OPT_FLAG_NOLONG, ++ }, + UTIL_OPT_SECTION("FORMAT OPTIONS"), + { + .option = { "blocksize", required_argument, NULL, 'b' }, +@@ -162,7 +169,7 @@ + .desc = "Show a progressbar", + }, + { +- .option = { "percentage", no_argument, NULL, 'P' }, ++ .option = { "percentage", no_argument, NULL, 'Q' }, + .desc = "Show progress in percent", + }, + UTIL_OPT_SECTION("MISC"), +@@ -311,7 +318,7 @@ + } + + if (g.print_hashmarks && (cyl / g.hashstep - hashcount) != 0) { +- printf("#"); ++ printf("%d|", g.procnum); + fflush(stdout); + hashcount++; + } +@@ -1560,7 +1567,11 @@ + char *reqsize_param_str = NULL; + char *hashstep_str = NULL; + +- int rc, numdev = 0, i; ++ int rc, numdev = 0, numproc = 0, status; ++ int max_parallel =1 ; ++ int running = 0; ++ int chpid; ++ int tmp; + + /* Establish a handler for interrupt signals. */ + signal(SIGTERM, program_interrupt_signal); +@@ -1623,7 +1634,7 @@ + g.print_hashmarks = 1; + } + break; +- case 'P': ++ case 'Q': + if (!(g.print_hashmarks || g.print_progressbar)) + g.print_percentage = 1; + break; +@@ -1682,6 +1693,9 @@ + case OPT_NODISCARD: + g.no_discard = 1; + break; ++ case 'P': ++ max_parallel = atoi(optarg); ++ break; + case OPT_CHECK: + g.check = 1; + break; +@@ -1733,15 +1747,35 @@ + if (numdev > 1 && g.labelspec) + error("Specifying a volser to be written doesn't make sense when formatting multiple DASD volumes."); + +- for (i = 0; i < numdev; i++) +- { +- strncpy(g.dev_path, g.dev_path_array[i], strlen(g.dev_path_array[i])+1); +- strncpy(g.dev_node, g.dev_node_array[i], strlen(g.dev_node_array[i])+1); +- process_dasd(&vlabel, format_params); ++ for (numproc = 0; numproc < numdev; numproc++) { ++ chpid = fork(); ++ if (chpid == -1 ) ++ ERRMSG_EXIT(EXIT_FAILURE, ++ "%s: Unable to create child process: %s\n", ++ prog_name, strerror(errno)); ++ if (!chpid) { ++ g.procnum = numproc; ++ strncpy(g.dev_path, g.dev_path_array[numproc], strlen(g.dev_path_array[numproc])+1); ++ strncpy(g.dev_node, g.dev_node_array[numproc], strlen(g.dev_node_array[numproc])+1); ++ process_dasd(&vlabel, format_params); ++ ++ free(g.dev_path); ++ free(g.dev_node); ++ exit(0); ++ } else { ++ running++; ++ if (running >= max_parallel) { ++ if (wait(&tmp) > 0 && WEXITSTATUS(tmp)) ++ rc = WEXITSTATUS(tmp); ++ running--; ++ } ++ } + } + +- free(g.dev_path); +- free(g.dev_node); ++ /* wait until all formatting children have finished */ ++ while(wait(&status) > 0) ++ if (WEXITSTATUS(status)) ++ rc = WEXITSTATUS(status); + +- return 0; ++ return rc; + } diff --git a/s390-tools-sles15sp3-Implement-Y-yast_mode.patch b/s390-tools-sles15sp3-Implement-Y-yast_mode.patch new file mode 100644 index 0000000..39f4dd4 --- /dev/null +++ b/s390-tools-sles15sp3-Implement-Y-yast_mode.patch @@ -0,0 +1,196 @@ +From eabcb26fa4a91d410a6f75a9915a9ebb9f702c6b Mon Sep 17 00:00:00 2001 +From: Hannes Reinecke +Date: Fri, 6 Oct 2017 09:55:40 +0200 +Subject: [PATCH] dasdfmt: Implement '-Y/--yast_mode' + +Implement an option '-Y' to suppress most output. + +Signed-off-by: Hannes Reinecke +--- + dasdfmt/dasdfmt.8 | 7 ++++- + dasdfmt/dasdfmt.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++------ + 2 files changed, 72 insertions(+), 8 deletions(-) + +--- a/dasdfmt/dasdfmt.8 ++++ b/dasdfmt/dasdfmt.8 +@@ -7,7 +7,7 @@ + dasdfmt \- formatting of DASD (ECKD) disk drives. + + .SH SYNOPSIS +-\fBdasdfmt\fR [\-h] [\-t] [\-v] [\-y] [\-p] [\-Q] [\-P] [\-m \fIstep\fR] ++\fBdasdfmt\fR [\-h] [\-t] [\-v] [\-y] [\-p] [\-Q] [\-P] [\-Y] [\-m \fIstep\fR] + .br + [\-r \fIcylinder\fR] [\-b \fIblksize\fR] [\-l \fIvolser\fR] [\-d \fIlayout\fR] + .br +@@ -112,6 +112,11 @@ + .br + + .TP ++\fB-Y\fR or \fB--yast_mode\fR ++YaST mode; suppress most output. ++.br ++ ++.TP + \fB\-M\fR \fImode\fR or \fB\-\-mode\fR=\fImode\fR + Specify the \fImode\fR to be used to format the device. Valid modes are: + .RS +--- a/dasdfmt/dasdfmt.c ++++ b/dasdfmt/dasdfmt.c +@@ -83,6 +83,7 @@ + int ese; + int no_discard; + int procnum; ++ int yast_mode; + } g = { + .dasd_info = { 0 }, + }; +@@ -172,6 +173,10 @@ + .option = { "percentage", no_argument, NULL, 'Q' }, + .desc = "Show progress in percent", + }, ++ { ++ .option = { "yast_mode", no_argument, NULL, 'Y' }, ++ .desc = "YaST mode", ++ }, + UTIL_OPT_SECTION("MISC"), + { + .option = { "check_host_count", no_argument, NULL, 'C' }, +@@ -318,7 +323,9 @@ + } + + if (g.print_hashmarks && (cyl / g.hashstep - hashcount) != 0) { +- printf("%d|", g.procnum); ++ if (g.yast_mode) ++ printf("%d|", g.procnum); ++ else printf("#"); + fflush(stdout); + hashcount++; + } +@@ -392,7 +399,7 @@ + unsigned int kl = 0; + int blksize = cdata->expect.blksize; + +- if (g.print_progressbar || g.print_hashmarks) ++ if ((g.print_progressbar || g.print_hashmarks) && !g.yast_mode) + printf("\n"); + + /* +@@ -780,8 +787,9 @@ + g.hashstep = 10; + } + +- printf("Printing hashmark every %d cylinders.\n", +- g.hashstep); ++ if (!g.yast_mode) ++ printf("Printing hashmark every %d cylinders.\n", ++ g.hashstep); + } + } + +@@ -1462,17 +1470,19 @@ + break; + } + +- printf("Finished formatting the %s device.\n", g.dev_path); ++ if (!g.yast_mode) ++ printf("Finished formatting the %s device.\n", g.dev_path); + + if (!(g.writenolabel || mode == EXPAND)) + dasdfmt_write_labels(vlabel, cylinders, heads); + +- printf("Rereading the partition table for %s... ", g.dev_path); ++ if (!g.yast_mode) ++ printf("Rereading the partition table for %s... ", g.dev_path); + err = dasd_reread_partition_table(g.dev_node, 5); + if (err != 0) { + ERRMSG("%s: error during rereading the partition " + "table: %s.\n", prog_name, strerror(err)); +- } else { ++ } else if (!g.yast_mode) { + printf("ok\n"); + } + } +@@ -1548,6 +1558,7 @@ + error("%s", str); + + set_geo(&cylinders, &heads); ++ + set_label(&vlabel, &format_params, cylinders); + + if (g.check) +@@ -1557,6 +1568,29 @@ + + } + ++static void yast_print_cylinfo(const char *dev_filename) ++{ ++ unsigned int cylinders = -1u; ++ int fd; ++ dasd_information2_t dasd_info; ++ struct dasd_eckd_characteristics *characteristics; ++ ++ fd = open(dev_filename, O_RDONLY); ++ if ((fd != -1) && ( ! ioctl(fd, BIODASDINFO2, &dasd_info))) { ++ ++ characteristics = (struct dasd_eckd_characteristics *) &dasd_info.characteristics; ++ if (characteristics->no_cyl == LV_COMPAT_CYL && characteristics->long_no_cyl) ++ cylinders = characteristics->long_no_cyl; ++ else ++ cylinders = characteristics->no_cyl; ++ } ++ ++ if (fd != -1) ++ close(fd); ++ printf("%u\n", cylinders); ++ fflush(stdout); ++} ++ + int main(int argc, char *argv[]) + { + volume_label_t vlabel; +@@ -1693,6 +1727,10 @@ + case OPT_NODISCARD: + g.no_discard = 1; + break; ++ case 'Y': ++ /* YaST mode */ ++ g.yast_mode = 1; ++ break; + case 'P': + max_parallel = atoi(optarg); + break; +@@ -1728,6 +1766,21 @@ + reqsize = DEFAULT_REQUESTSIZE; + } + ++/* If -Y (YaST mode) was specified by the caller, then we need to suppress ++ * most of all the other output that might be generated. But, we _do_ want ++ * hashmarks printed so that YaST can track what's going on. If it wasn't ++ * specified on the command line, set it to a default of 10 cylinders. ++ */ ++ if (g.yast_mode) { ++ g.verbosity = 0; ++ g.print_progressbar = 0; ++ g.print_percentage = 0; ++ if (! g.print_hashmarks) { ++ g.print_hashmarks = 1; ++ hashstep_str = "10"; ++ } ++ } ++ + if (g.print_hashmarks) + PARSE_PARAM_INTO(g.hashstep, hashstep_str, 10, "hashstep"); + +@@ -1747,6 +1800,12 @@ + if (numdev > 1 && g.labelspec) + error("Specifying a volser to be written doesn't make sense when formatting multiple DASD volumes."); + ++ if (g.yast_mode) { ++ for (numproc = 0; numproc < numdev; numproc++) ++ yast_print_cylinfo(g.dev_path_array[numproc]); ++ ++ } ++ + for (numproc = 0; numproc < numdev; numproc++) { + chpid = fork(); + if (chpid == -1 ) diff --git a/s390-tools-sles15sp3-Implement-f-for-backwards-compability.patch b/s390-tools-sles15sp3-Implement-f-for-backwards-compability.patch new file mode 100644 index 0000000..ee1a9b9 --- /dev/null +++ b/s390-tools-sles15sp3-Implement-f-for-backwards-compability.patch @@ -0,0 +1,62 @@ +From 8f05578d90df49dce6e13ee850fdc8bab84916ba Mon Sep 17 00:00:00 2001 +From: Hannes Reinecke +Date: Fri, 6 Oct 2017 12:23:32 +0200 +Subject: [PATCH] dasdfmt: Implement '-f' for backwards compability + +YaST is calling dasdfmt with '-f device', which used to be the old +calling convention. So to not keel over when used with an older +version of YaST we should accept this option, too. + +Signed-off-by: Hannes Reinecke +--- + dasdfmt/dasdfmt.8 | 5 ++++- + dasdfmt/dasdfmt.c | 10 ++++++++++ + 2 files changed, 14 insertions(+), 1 deletion(-) + +--- a/dasdfmt/dasdfmt.8 ++++ b/dasdfmt/dasdfmt.8 +@@ -11,7 +11,7 @@ + .br + [\-r \fIcylinder\fR] [\-b \fIblksize\fR] [\-l \fIvolser\fR] [\-d \fIlayout\fR] + .br +- [\-L] [\-V] [\-F] [\-k] [\-C] [\-M \fImode\fR] \fIdevice\fR [\fIdevice\fR] ++ [\-L] [\-V] [\-F] [\-k] [\-C] [\-M \fImode\fR] [-f \fIdevice\fR] [\fIdevice\fR] + + .SH DESCRIPTION + \fBdasdfmt\fR formats one or several DASD (ECKD) disk drive(s) to prepare them +@@ -39,6 +39,9 @@ + .TP + \fB\-v\fR + Increases verbosity. ++.TP ++\fB-f\fR \fIdevice\fR or \fB--device\fR=\fIdevice\fR ++Specify device to format. For backwards compability only. + + .TP + \fB\-y\fR +--- a/dasdfmt/dasdfmt.c ++++ b/dasdfmt/dasdfmt.c +@@ -113,6 +113,10 @@ + .desc = "Format devices in parallel", + .flags = UTIL_OPT_FLAG_NOLONG, + }, ++ { ++ .option = { "device", required_argument, NULL, 'f' }, ++ .desc = "Specify device to format", ++ }, + UTIL_OPT_SECTION("FORMAT OPTIONS"), + { + .option = { "blocksize", required_argument, NULL, 'b' }, +@@ -1649,6 +1653,12 @@ + } + g.layout_specified = 1; + break; ++ case 'f': ++ get_device_name(optind-1, argc, argv); ++ strncpy(g.dev_path_array[numdev], g.dev_path, strlen(g.dev_path)); ++ strncpy(g.dev_node_array[numdev], g.dev_node, strlen(g.dev_node)); ++ numdev++; ++ break; + case 'y': + g.withoutprompt = 1; + break; diff --git a/s390-tools-sles15sp3-dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch b/s390-tools-sles15sp3-dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch new file mode 100644 index 0000000..f0e79a5 --- /dev/null +++ b/s390-tools-sles15sp3-dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch @@ -0,0 +1,56 @@ +From 943e577440d74ad7f8787af2590c8ab4579a459b Mon Sep 17 00:00:00 2001 +From: Hannes Reinecke +Date: Thu, 5 Nov 2015 10:57:38 +0100 +Subject: [PATCH] dasdfmt: retry BIODASDINFO if device is busy + +Modern udev have the wonderful 'feature' to sending a 'change' +event whenever a device opened with O_RDWR is closed again. +The reasoning is that the said program _might_ have changed +the partition table and hence we _might_ have missed a partition +update. +But in doing so it not only generated tons of pointless events +but also confused the hell out of other programs. +Idiots. + +References: bsc#937340 + +Signed-off-by: Hannes Reinecke +--- + dasdfmt/dasdfmt.c | 19 ++++++++++++++++++- + 1 file changed, 18 insertions(+), 1 deletion(-) + +--- a/dasdfmt/dasdfmt.c ++++ b/dasdfmt/dasdfmt.c +@@ -621,7 +621,7 @@ + */ + static void check_disk(void) + { +- int err; ++ int err, index = 0 ; + bool ro; + + err = dasd_is_ro(g.dev_node, &ro); +@@ -631,6 +631,23 @@ + if (ro) + error("Disk %s is read only!", g.dev_path); + if (!g.force) { ++ /* ++ * udev strikes again. ++ * Modern udev will issue a 'change' event whenever ++ * a device opened with O_RDWR is closed again. ++ * On the grounds that program _might_ have changed ++ * the partition table. ++ * And confusing the hell out ouf anyone else. ++ * Bah. ++ */ ++ for ( index = 0 ; index < 6 ; index++ ) { ++ if (g.dasd_info.open_count > 1) { ++ dasd_get_info(g.dev_node, &g.dasd_info); ++ sleep(1); ++ } ++ else break; ++ ++ } + if (g.dasd_info.open_count > 1) + error("Disk %s is in use!", g.dev_path); + } diff --git a/s390-tools-sles15sp5-01-rust-pv-support-Armonk-in-IBM-signing-key-subject.patch b/s390-tools-sles15sp5-01-rust-pv-support-Armonk-in-IBM-signing-key-subject.patch new file mode 100644 index 0000000..e4704df --- /dev/null +++ b/s390-tools-sles15sp5-01-rust-pv-support-Armonk-in-IBM-signing-key-subject.patch @@ -0,0 +1,286 @@ +Index: s390-tools-service/rust/pv/src/verify.rs +=================================================================== +--- s390-tools-service.orig/rust/pv/src/verify.rs ++++ s390-tools-service/rust/pv/src/verify.rs +@@ -3,10 +3,11 @@ + // Copyright IBM Corp. 2023 + + use core::slice; +-use log::debug; ++use log::{debug, trace}; ++use openssl::error::ErrorStack; + use openssl::stack::Stack; + use openssl::x509::store::X509Store; +-use openssl::x509::{CrlStatus, X509Ref, X509StoreContext, X509}; ++use openssl::x509::{CrlStatus, X509NameRef, X509Ref, X509StoreContext, X509StoreContextRef, X509}; + use openssl_extensions::crl::StackableX509Crl; + use openssl_extensions::crl::X509StoreContextExtension; + +@@ -82,8 +83,8 @@ impl HkdVerifier for CertVerifier { + if verified_crls.is_empty() { + bail_hkd_verify!(NoCrl); + } +- for crl in &verified_crls { +- match crl.get_by_cert(&hkd.to_owned()) { ++ for crl in verified_crls { ++ match crl.get_by_serial(hkd.serial_number()) { + CrlStatus::NotRevoked => (), + _ => bail_hkd_verify!(HdkRevoked), + } +@@ -94,21 +95,54 @@ impl HkdVerifier for CertVerifier { + } + + impl CertVerifier { ++ fn quirk_crls( ++ ctx: &mut X509StoreContextRef, ++ subject: &X509NameRef, ++ ) -> Result, ErrorStack> { ++ match ctx.crls(subject) { ++ Ok(ret) if !ret.is_empty() => return Ok(ret), ++ _ => (), ++ } ++ ++ // Armonk/Poughkeepsie fixup ++ trace!("quirk_crls: Try Locality"); ++ if let Some(locality_subject) = helper::armonk_locality_fixup(subject) { ++ match ctx.crls(&locality_subject) { ++ Ok(ret) if !ret.is_empty() => return Ok(ret), ++ _ => (), ++ } ++ ++ // reorder ++ trace!("quirk_crls: Try Locality+Reorder"); ++ if let Ok(locality_ordered_subject) = helper::reorder_x509_names(&locality_subject) { ++ match ctx.crls(&locality_ordered_subject) { ++ Ok(ret) if !ret.is_empty() => return Ok(ret), ++ _ => (), ++ } ++ } ++ } ++ ++ // reorder unchanged loaciliy subject ++ trace!("quirk_crls: Try Reorder"); ++ if let Ok(ordered_subject) = helper::reorder_x509_names(subject) { ++ match ctx.crls(&ordered_subject) { ++ Ok(ret) if !ret.is_empty() => return Ok(ret), ++ _ => (), ++ } ++ } ++ // nothing found, return empty stack ++ Stack::new() ++ } ++ + ///Download the CLRs that a HKD refers to. + pub fn hkd_crls(&self, hkd: &X509Ref) -> Result> { + let mut ctx = X509StoreContext::new()?; + // Unfortunately we cannot use a dedicated function here and have to use a closure (E0434) + // Otherwise, we cannot refer to self ++ // Search for local CRLs + let mut crls = ctx.init_opt(&self.store, None, None, |ctx| { + let subject = self.ibm_z_sign_key.subject_name(); +- match ctx.crls(subject) { +- Ok(crls) => Ok(crls), +- _ => { +- // reorder the name and try again +- let broken_subj = helper::reorder_x509_names(subject)?; +- ctx.crls(&broken_subj).or_else(helper::stack_err_hlp) +- } +- } ++ Self::quirk_crls(ctx, subject) + })?; + + if !self.offline { +Index: s390-tools-service/rust/pv/src/verify/helper.rs +=================================================================== +--- s390-tools-service.orig/rust/pv/src/verify/helper.rs ++++ s390-tools-service/rust/pv/src/verify/helper.rs +@@ -13,7 +13,7 @@ use openssl::{ + error::ErrorStack, + nid::Nid, + ssl::SslFiletype, +- stack::{Stack, Stackable}, ++ stack::Stack, + x509::{ + store::{File, X509Lookup, X509StoreBuilder, X509StoreBuilderRef, X509StoreRef}, + verify::{X509VerifyFlags, X509VerifyParam}, +@@ -25,6 +25,7 @@ use openssl_extensions::{ + akid::{AkidCheckResult, AkidExtension}, + crl::X509StoreExtension, + }; ++use std::str::from_utf8; + use std::{cmp::Ordering, ffi::c_int, time::Duration, usize}; + + /// Minimum security level for the keys/certificates used to establish a chain of +@@ -39,7 +40,6 @@ const SECURITY_CHAIN_MAX_LEN: c_int = 2; + /// verifies that the HKD + /// * has enough security bits + /// * is inside its validity period +-/// * issuer name is the subject name of the [`sign_key`] + /// * the Authority Key ID matches the Signing Key ID of the [`sign_key`] + pub fn verify_hkd_options(hkd: &X509Ref, sign_key: &X509Ref) -> Result<()> { + let hk_pkey = hkd.public_key()?; +@@ -53,9 +53,6 @@ pub fn verify_hkd_options(hkd: &X509Ref, + // verify that the hkd is still valid + check_validity_period(hkd.not_before(), hkd.not_after())?; + +- // check if hkd.issuer_name == issuer.subject +- check_x509_name_equal(sign_key.subject_name(), hkd.issuer_name())?; +- + // verify that the AKID of the hkd matches the SKID of the issuer + if let Some(akid) = hkd.akid() { + if akid.check(sign_key) != AkidCheckResult::OK { +@@ -75,9 +72,6 @@ pub fn verify_crl(crl: &X509CrlRef, issu + return None; + } + } +- +- check_x509_name_equal(crl.issuer_name(), issuer.subject_name()).ok()?; +- + match crl.verify(issuer.public_key().ok()?.as_ref()).ok()? { + true => Some(()), + false => None, +@@ -207,7 +201,8 @@ pub fn download_crls_into_store(store: & + //Asn1StringRef::as_slice aka ASN1_STRING_get0_data gives a string without \0 delimiter + const IBM_Z_COMMON_NAME: &[u8; 43usize] = b"International Business Machines Corporation"; + const IBM_Z_COUNTRY_NAME: &[u8; 2usize] = b"US"; +-const IBM_Z_LOCALITY_NAME: &[u8; 12usize] = b"Poughkeepsie"; ++const IBM_Z_LOCALITY_NAME_POUGHKEEPSIE: &[u8; 12usize] = b"Poughkeepsie"; ++const IBM_Z_LOCALITY_NAME_ARMONK: &[u8; 6usize] = b"Armonk"; + const IBM_Z_ORGANIZATIONAL_UNIT_NAME_SUFFIX: &str = "Key Signing Service"; + const IBM_Z_ORGANIZATION_NAME: &[u8; 43usize] = b"International Business Machines Corporation"; + const IBM_Z_STATE: &[u8; 8usize] = b"New York"; +@@ -226,7 +221,8 @@ fn is_ibm_signing_cert(cert: &X509) -> b + if subj.entries().count() != IMB_Z_ENTRY_COUNT + || !name_data_eq(subj, Nid::COUNTRYNAME, IBM_Z_COUNTRY_NAME) + || !name_data_eq(subj, Nid::STATEORPROVINCENAME, IBM_Z_STATE) +- || !name_data_eq(subj, Nid::LOCALITYNAME, IBM_Z_LOCALITY_NAME) ++ || !(name_data_eq(subj, Nid::LOCALITYNAME, IBM_Z_LOCALITY_NAME_POUGHKEEPSIE) ++ || name_data_eq(subj, Nid::LOCALITYNAME, IBM_Z_LOCALITY_NAME_ARMONK)) + || !name_data_eq(subj, Nid::ORGANIZATIONNAME, IBM_Z_ORGANIZATION_NAME) + || !name_data_eq(subj, Nid::COMMONNAME, IBM_Z_COMMON_NAME) + { +@@ -367,24 +363,6 @@ fn check_validity_period(not_before: &As + } + } + +-fn check_x509_name_equal(lhs: &X509NameRef, rhs: &X509NameRef) -> Result<()> { +- if lhs.entries().count() != rhs.entries().count() { +- bail_hkd_verify!(IssuerMismatch); +- } +- +- for l in lhs.entries() { +- // search for the matching value in the rhs names +- // found none? -> names are not equal +- if !rhs +- .entries() +- .any(|r| l.data().as_slice() == r.data().as_slice()) +- { +- bail_hkd_verify!(IssuerMismatch); +- } +- } +- Ok(()) +-} +- + const NIDS_CORRECT_ORDER: [Nid; 6] = [ + Nid::COUNTRYNAME, + Nid::ORGANIZATIONNAME, +@@ -407,13 +385,28 @@ pub fn reorder_x509_names(subject: &X509 + Ok(correct_subj.build()) + } + +-pub fn stack_err_hlp( +- e: ErrorStack, +-) -> std::result::Result, openssl::error::ErrorStack> { +- match e.errors().len() { +- 0 => Stack::::new(), +- _ => Err(e), ++/** ++* Workaround for potential locality mismatches between CRLs and Certs ++* # Return ++* fixed subject or none if locality was not Armonk or any OpenSSL error ++*/ ++pub fn armonk_locality_fixup(subject: &X509NameRef) -> Option { ++ if !name_data_eq(subject, Nid::LOCALITYNAME, IBM_Z_LOCALITY_NAME_ARMONK) { ++ return None; ++ } ++ ++ let mut ret = X509Name::builder().ok()?; ++ for entry in subject.entries() { ++ match entry.object().nid() { ++ nid @ Nid::LOCALITYNAME => ret ++ .append_entry_by_nid(nid, from_utf8(IBM_Z_LOCALITY_NAME_POUGHKEEPSIE).ok()?) ++ .ok()?, ++ _ => { ++ ret.append_entry(entry).ok()?; ++ } ++ } + } ++ Some(ret.build()) + } + + #[cfg(test)] +@@ -451,20 +444,6 @@ mod test { + )); + } + +- #[test] +- fn x509_name_equal() { +- let sign_crt = load_gen_cert("ibm.crt"); +- let hkd = load_gen_cert("host.crt"); +- let other = load_gen_cert("inter_ca.crt"); +- +- assert!(super::check_x509_name_equal(sign_crt.subject_name(), hkd.issuer_name()).is_ok(),); +- +- assert!(matches!( +- super::check_x509_name_equal(other.subject_name(), hkd.subject_name()), +- Err(Error::HkdVerify(IssuerMismatch)) +- )); +- } +- + #[test] + fn is_ibm_z_sign_key() { + let ibm_crt = load_gen_cert("ibm.crt"); +Index: s390-tools-service/rust/pv/src/verify/test.rs +=================================================================== +--- s390-tools-service.orig/rust/pv/src/verify/test.rs ++++ s390-tools-service/rust/pv/src/verify/test.rs +@@ -84,7 +84,6 @@ fn verify_online() { + let inter_crt = get_cert_asset_path_string("inter_ca.crt"); + let ibm_crt = get_cert_asset_path_string("ibm.crt"); + let hkd_revoked = load_gen_cert("host_rev.crt"); +- let hkd_inv = load_gen_cert("host_invalid_signing_key.crt"); + let hkd_exp = load_gen_cert("host_crt_expired.crt"); + let hkd = load_gen_cert("host.crt"); + +@@ -112,11 +111,6 @@ fn verify_online() { + )); + + assert!(matches!( +- verifier.verify(&hkd_inv), +- Err(Error::HkdVerify(IssuerMismatch)) +- )); +- +- assert!(matches!( + verifier.verify(&hkd_exp), + Err(Error::HkdVerify(AfterValidity)) + )); +@@ -130,7 +124,6 @@ fn verify_offline() { + let ibm_crt = get_cert_asset_path_string("ibm.crt"); + let ibm_crl = get_cert_asset_path_string("ibm.crl"); + let hkd_revoked = load_gen_cert("host_rev.crt"); +- let hkd_inv = load_gen_cert("host_invalid_signing_key.crt"); + let hkd_exp = load_gen_cert("host_crt_expired.crt"); + let hkd = load_gen_cert("host.crt"); + +@@ -149,11 +142,6 @@ fn verify_offline() { + )); + + assert!(matches!( +- verifier.verify(&hkd_inv), +- Err(Error::HkdVerify(IssuerMismatch)) +- )); +- +- assert!(matches!( + verifier.verify(&hkd_exp), + Err(Error::HkdVerify(AfterValidity)) + )); diff --git a/s390-tools-sles15sp5-remove-no-pie-link-arguments.patch b/s390-tools-sles15sp5-remove-no-pie-link-arguments.patch new file mode 100644 index 0000000..862f2f9 --- /dev/null +++ b/s390-tools-sles15sp5-remove-no-pie-link-arguments.patch @@ -0,0 +1,17 @@ +--- + common.mak | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/common.mak ++++ b/common.mak +@@ -338,8 +338,8 @@ + LDFLAGS CPPFLAGS ALL_CFLAGS ALL_CXXFLAGS ALL_LDFLAGS ALL_CPPFLAGS + + ifneq ($(shell $(CC_SILENT) -dumpspecs 2>/dev/null | grep -e '[^f]no-pie'),) +- NO_PIE_CFLAGS := -fno-pie +- NO_PIE_LDFLAGS := -no-pie ++ NO_PIE_CFLAGS := ++ NO_PIE_LDFLAGS := + else + NO_PIE_CFLAGS := + NO_PIE_LDFLAGS := diff --git a/s390-tools-sles15sp6-01-parse-ipl-device-for-activation.patch b/s390-tools-sles15sp6-01-parse-ipl-device-for-activation.patch new file mode 100644 index 0000000..b97575b --- /dev/null +++ b/s390-tools-sles15sp6-01-parse-ipl-device-for-activation.patch @@ -0,0 +1,97 @@ +From 3ea6d6dfd2eb120ffee4c44ff51b7e9e7a9097a6 Mon Sep 17 00:00:00 2001 +From: Thomas Blume +Date: Thu, 28 Mar 2024 13:32:46 +0100 +Subject: [PATCH] parse ipl device for activation + +ported from dracut modules +--- + zdev/dracut/95zdev/parse-dasd.sh | 15 ++++++++--- + zdev/dracut/95zdev/parse-zfcp.sh | 46 +++++++++++++++++++------------- + 2 files changed, 39 insertions(+), 22 deletions(-) + +diff --git a/zdev/dracut/95zdev/parse-dasd.sh b/zdev/dracut/95zdev/parse-dasd.sh +index a97801f..eb2fa64 100644 +--- a/zdev/dracut/95zdev/parse-dasd.sh ++++ b/zdev/dracut/95zdev/parse-dasd.sh +@@ -27,9 +27,18 @@ zdev_vinfo() { + + zdev_parse_rd_dasd() { + local _zdev_dasd _zdev_dasd_list +- for _zdev_dasd in $(getargs rd.dasd -d 'rd_DASD='); do +- _zdev_dasd_list="${_zdev_dasd_list:+${_zdev_dasd_list},}$_zdev_dasd" +- done ++ # autodetect active bootdev from zipl device ++ if ! getargbool 0 'rd.dasd' \ ++ && [[ -f /sys/firmware/ipl/ipl_type ]] \ ++ && [[ $(< /sys/firmware/ipl/ipl_type) == "ccw" ]]; then ++ read -r _ccw < /sys/firmware/ipl/device ++ ++ chzdev --offline --existing --enable --active dasd "$_ccw" ++ else ++ for _zdev_dasd in $(getargs rd.dasd -d 'rd_DASD='); do ++ _zdev_dasd_list="${_zdev_dasd_list:+${_zdev_dasd_list},}$_zdev_dasd" ++ done ++ fi + echo "$_zdev_dasd_list" + } + +diff --git a/zdev/dracut/95zdev/parse-zfcp.sh b/zdev/dracut/95zdev/parse-zfcp.sh +index 715aa00..6279beb 100644 +--- a/zdev/dracut/95zdev/parse-zfcp.sh ++++ b/zdev/dracut/95zdev/parse-zfcp.sh +@@ -12,25 +12,33 @@ + + zdev_zfcp_base_args="--no-settle --yes --no-root-update --force" + +-for zdev_zfcp_arg in $(getargs rd.zfcp -d 'rd_ZFCP='); do +- ( +- IFS_SAVED="$IFS" +- IFS="," # did not work in front of built-in set command below +- # shellcheck disable=SC2086 +- set -- $zdev_zfcp_arg +- IFS=":" args="$*" +- IFS="$IFS_SAVED" +- echo "rd.zfcp ${zdev_zfcp_arg} :" | zdev_vinfo +- if [ "$#" -eq 1 ]; then ++# autodetect active bootdev from zipl device ++if ! getargbool 0 'rd.zfcp' \ ++ && [[ -f /sys/firmware/ipl/ipl_type ]] \ ++ && [[ $(< /sys/firmware/ipl/ipl_type) == "fcp" ]]; then ++ chzdev --offline --existing --enable --active zfcp-host 2>&1 | zdev_vinfo ++else ++ for zdev_zfcp_arg in $(getargs rd.zfcp -d 'rd_ZFCP='); do ++ ( ++ IFS_SAVED="$IFS" ++ IFS="," # did not work in front of built-in set command below + # shellcheck disable=SC2086 +- chzdev --enable --persistent $zdev_zfcp_base_args \ +- zfcp-host "$args" 2>&1 | zdev_vinfo +- else +- # shellcheck disable=SC2086 +- chzdev --enable --persistent $zdev_zfcp_base_args \ +- zfcp-lun "$args" 2>&1 | zdev_vinfo +- fi +- ) +-done ++ set -- $zdev_zfcp_arg ++ IFS=":" args="$*" ++ IFS="$IFS_SAVED" ++ echo "rd.zfcp ${zdev_zfcp_arg} :" | zdev_vinfo ++ if [ "$#" -eq 1 ]; then ++ # shellcheck disable=SC2086 ++ chzdev --enable --persistent $zdev_zfcp_base_args \ ++ zfcp-host "$args" 2>&1 | zdev_vinfo ++ else ++ # shellcheck disable=SC2086 ++ chzdev --enable --persistent $zdev_zfcp_base_args \ ++ zfcp-lun "$args" 2>&1 | zdev_vinfo ++ fi ++ ) ++ done ++fi ++ + unset zdev_zfcp_arg + unset zdev_zfcp_base_args +-- +2.44.0 + diff --git a/s390-tools-sles15sp6-02-genprotimg-support-Armonk-in-IBM-signing-key-subject.patch b/s390-tools-sles15sp6-02-genprotimg-support-Armonk-in-IBM-signing-key-subject.patch new file mode 100644 index 0000000..8b09d05 --- /dev/null +++ b/s390-tools-sles15sp6-02-genprotimg-support-Armonk-in-IBM-signing-key-subject.patch @@ -0,0 +1,304 @@ +Index: s390-tools-service/genprotimg/src/include/pv_crypto_def.h +=================================================================== +--- s390-tools-service.orig/genprotimg/src/include/pv_crypto_def.h ++++ s390-tools-service/genprotimg/src/include/pv_crypto_def.h +@@ -17,7 +17,8 @@ + /* IBM signing key subject */ + #define PV_IBM_Z_SUBJECT_COMMON_NAME "International Business Machines Corporation" + #define PV_IBM_Z_SUBJECT_COUNTRY_NAME "US" +-#define PV_IBM_Z_SUBJECT_LOCALITY_NAME "Poughkeepsie" ++#define PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE "Poughkeepsie" ++#define PV_IBM_Z_SUBJECT_LOCALITY_NAME_ARMONK "Armonk" + #define PV_IBM_Z_SUBJECT_ORGANIZATIONONAL_UNIT_NAME_SUFFIX "Key Signing Service" + #define PV_IBM_Z_SUBJECT_ORGANIZATION_NAME "International Business Machines Corporation" + #define PV_IBM_Z_SUBJECT_STATE "New York" +Index: s390-tools-service/genprotimg/src/utils/crypto.c +=================================================================== +--- s390-tools-service.orig/genprotimg/src/utils/crypto.c ++++ s390-tools-service/genprotimg/src/utils/crypto.c +@@ -664,62 +664,9 @@ static gboolean x509_name_data_by_nid_eq + return memcmp(data, y, data_len) == 0; + } + +-static gboolean own_X509_NAME_ENTRY_equal(const X509_NAME_ENTRY *x, +- const X509_NAME_ENTRY *y) +-{ +- const ASN1_OBJECT *x_obj = X509_NAME_ENTRY_get_object(x); +- const ASN1_STRING *x_data = X509_NAME_ENTRY_get_data(x); +- const ASN1_OBJECT *y_obj = X509_NAME_ENTRY_get_object(y); +- const ASN1_STRING *y_data = X509_NAME_ENTRY_get_data(y); +- gint x_len = ASN1_STRING_length(x_data); +- gint y_len = ASN1_STRING_length(y_data); +- +- if (x_len < 0 || x_len != y_len) +- return FALSE; +- +- /* ASN1_STRING_cmp(x_data, y_data) == 0 doesn't work because it also +- * compares the type, which is sometimes different. +- */ +- return OBJ_cmp(x_obj, y_obj) == 0 && +- memcmp(ASN1_STRING_get0_data(x_data), +- ASN1_STRING_get0_data(y_data), +- (unsigned long)x_len) == 0; +-} +- +-static gboolean own_X509_NAME_equal(const X509_NAME *x, const X509_NAME *y) +-{ +- gint x_count = X509_NAME_entry_count(x); +- gint y_count = X509_NAME_entry_count(y); +- +- if (x != y && (!x || !y)) +- return FALSE; +- +- if (x_count != y_count) +- return FALSE; +- +- for (gint i = 0; i < x_count; i++) { +- const X509_NAME_ENTRY *entry_i = X509_NAME_get_entry(x, i); +- gboolean entry_found = FALSE; +- +- for (gint j = 0; j < y_count; j++) { +- const X509_NAME_ENTRY *entry_j = +- X509_NAME_get_entry(y, j); +- +- if (own_X509_NAME_ENTRY_equal(entry_i, entry_j)) { +- entry_found = TRUE; +- break; +- } +- } +- +- if (!entry_found) +- return FALSE; +- } +- return TRUE; +-} +- + /* Checks whether the subject of @cert is a IBM signing key subject. For this we + * must check that the subject is equal to: 'C = US, ST = New York, L = +- * Poughkeepsie, O = International Business Machines Corporation, CN = ++ * Poughkeepsie or Armonk, O = International Business Machines Corporation, CN = + * International Business Machines Corporation' and the organization unit (OUT) + * must end with the suffix ' Key Signing Service'. + */ +@@ -743,8 +690,10 @@ static gboolean has_ibm_signing_subject( + PV_IBM_Z_SUBJECT_STATE)) + return FALSE; + +- if (!x509_name_data_by_nid_equal(subject, NID_localityName, +- PV_IBM_Z_SUBJECT_LOCALITY_NAME)) ++ if (!(x509_name_data_by_nid_equal(subject, NID_localityName, ++ PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE) || ++ x509_name_data_by_nid_equal(subject, NID_localityName, ++ PV_IBM_Z_SUBJECT_LOCALITY_NAME_ARMONK))) + return FALSE; + + if (!x509_name_data_by_nid_equal(subject, NID_organizationName, +@@ -806,6 +755,39 @@ static X509_NAME *x509_name_reorder_attr + return g_steal_pointer(&ret); + } + ++/** Replace locality 'Armonk' with 'Pougkeepsie'. If Armonk was not set return ++ * `NULL`. ++ */ ++static X509_NAME *x509_armonk_locality_fixup(const X509_NAME *name) ++{ ++ g_autoptr(X509_NAME) ret = NULL; ++ int pos; ++ ++ /* Check if ``L=Armonk`` */ ++ if (!x509_name_data_by_nid_equal((X509_NAME *)name, NID_localityName, ++ PV_IBM_Z_SUBJECT_LOCALITY_NAME_ARMONK)) ++ return NULL; ++ ++ ret = X509_NAME_dup(name); ++ if (!ret) ++ g_abort(); ++ ++ pos = X509_NAME_get_index_by_NID(ret, NID_localityName, -1); ++ if (pos == -1) ++ return NULL; ++ ++ X509_NAME_ENTRY_free(X509_NAME_delete_entry(ret, pos)); ++ ++ /* Create a new name entry at the same position as before */ ++ if (X509_NAME_add_entry_by_NID( ++ ret, NID_localityName, MBSTRING_UTF8, ++ (const unsigned char *)&PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE, ++ sizeof(PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE) - 1, pos, 0) != 1) ++ return NULL; ++ ++ return g_steal_pointer(&ret); ++} ++ + /* In RFC 5280 the attributes of a (subject/issuer) name is not mandatory + * ordered. The problem is that our certificates are not consistent in the order + * (see https://tools.ietf.org/html/rfc5280#section-4.1.2.4 for details). +@@ -828,24 +810,10 @@ X509_NAME *c2b_name(const X509_NAME *nam + return X509_NAME_dup((X509_NAME *)name); + } + +-/* Verify that: subject(issuer) == issuer(crl) and SKID(issuer) == AKID(crl) */ ++/* Verify that SKID(issuer) == AKID(crl) if available */ + static gint check_crl_issuer(X509_CRL *crl, X509 *issuer, GError **err) + { +- const X509_NAME *crl_issuer = X509_CRL_get_issuer(crl); +- const X509_NAME *issuer_subject = X509_get_subject_name(issuer); +- AUTHORITY_KEYID *akid = NULL; +- +- if (!own_X509_NAME_equal(issuer_subject, crl_issuer)) { +- g_autofree char *issuer_subject_str = X509_NAME_oneline(issuer_subject, +- NULL, 0); +- g_autofree char *crl_issuer_str = X509_NAME_oneline(crl_issuer, NULL, 0); +- +- g_set_error(err, PV_CRYPTO_ERROR, +- PV_CRYPTO_ERROR_CRL_SUBJECT_ISSUER_MISMATCH, +- _("issuer mismatch:\n%s\n%s"), +- issuer_subject_str, crl_issuer_str); +- return -1; +- } ++ g_autoptr(AUTHORITY_KEYID) akid = NULL; + + /* If AKID(@crl) is specified it must match with SKID(@issuer) */ + akid = X509_CRL_get_ext_d2i(crl, NID_authority_key_identifier, NULL, NULL); +@@ -881,7 +849,6 @@ gint check_crl_valid_for_cert(X509_CRL * + return -1; + } + +- /* check that the @crl issuer matches with the subject name of @cert*/ + if (check_crl_issuer(crl, cert, err) < 0) + return -1; + +@@ -910,6 +877,60 @@ gint check_crl_valid_for_cert(X509_CRL * + return 0; + } + ++/* This function contains work-arounds for some known subject(CRT)<->issuer(CRL) ++ * issues. ++ */ ++static STACK_OF_X509_CRL *quirk_X509_STORE_ctx_get1_crls(X509_STORE_CTX *ctx, ++ const X509_NAME *subject, GError **err) ++{ ++ g_autoptr(X509_NAME) fixed_subject = NULL; ++ g_autoptr(STACK_OF_X509_CRL) ret = NULL; ++ ++ ret = Pv_X509_STORE_CTX_get1_crls(ctx, subject); ++ if (ret && sk_X509_CRL_num(ret) > 0) ++ return g_steal_pointer(&ret); ++ ++ /* Workaround to fix the mismatch between issuer name of the * IBM ++ * signing CRLs and the IBM signing key subject name. Locality name has ++ * changed from Poughkeepsie to Armonk. ++ */ ++ fixed_subject = x509_armonk_locality_fixup(subject); ++ /* Was the locality replaced? */ ++ if (fixed_subject) { ++ X509_NAME *tmp; ++ ++ sk_X509_CRL_free(ret); ++ ret = Pv_X509_STORE_CTX_get1_crls(ctx, fixed_subject); ++ if (ret && sk_X509_CRL_num(ret) > 0) ++ return g_steal_pointer(&ret); ++ ++ /* Workaround to fix the ordering mismatch between issuer name ++ * of the IBM signing CRLs and the IBM signing key subject name. ++ */ ++ tmp = fixed_subject; ++ fixed_subject = c2b_name(fixed_subject); ++ X509_NAME_free(tmp); ++ sk_X509_CRL_free(ret); ++ ret = Pv_X509_STORE_CTX_get1_crls(ctx, fixed_subject); ++ if (ret && sk_X509_CRL_num(ret) > 0) ++ return g_steal_pointer(&ret); ++ X509_NAME_free(fixed_subject); ++ fixed_subject = NULL; ++ } ++ ++ /* Workaround to fix the ordering mismatch between issuer name of the ++ * IBM signing CRLs and the IBM signing key subject name. ++ */ ++ fixed_subject = c2b_name(subject); ++ sk_X509_CRL_free(ret); ++ ret = Pv_X509_STORE_CTX_get1_crls(ctx, fixed_subject); ++ if (ret && sk_X509_CRL_num(ret) > 0) ++ return g_steal_pointer(&ret); ++ ++ g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_NO_CRL, _("no CRL found")); ++ return NULL; ++} ++ + /* Given a certificate @cert try to find valid revocation lists in @ctx. If no + * valid CRL was found NULL is returned. + */ +@@ -927,20 +948,9 @@ STACK_OF_X509_CRL *store_ctx_find_valid_ + return NULL; + } + +- ret = X509_STORE_CTX_get1_crls(ctx, subject); +- if (!ret) { +- /* Workaround to fix the mismatch between issuer name of the +- * IBM Z signing CRLs and the IBM Z signing key subject name. +- */ +- g_autoptr(X509_NAME) broken_subject = c2b_name(subject); +- +- ret = X509_STORE_CTX_get1_crls(ctx, broken_subject); +- if (!ret) { +- g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_NO_CRL, +- _("no CRL found")); +- return NULL; +- } +- } ++ ret = quirk_X509_STORE_ctx_get1_crls(ctx, subject, err); ++ if (!ret) ++ return NULL; + + /* Filter out non-valid CRLs for @cert */ + for (gint i = 0; i < sk_X509_CRL_num(ret); i++) { +@@ -1328,32 +1338,14 @@ gint check_chain_parameters(const STACK_ + + /* It's almost the same as X509_check_issed from OpenSSL does except that we + * don't check the key usage of the potential issuer. This means we check: +- * 1. issuer_name(cert) == subject_name(issuer) +- * 2. Check whether the akid(cert) (if available) matches the issuer skid +- * 3. Check that the cert algrithm matches the subject algorithm +- * 4. Verify the signature of certificate @cert is using the public key of ++ * 1. Check whether the akid(cert) (if available) matches the issuer skid ++ * 2. Check that the cert algrithm matches the subject algorithm ++ * 3. Verify the signature of certificate @cert is using the public key of + * @issuer. + */ + static gint check_host_key_issued(X509 *cert, X509 *issuer, GError **err) + { +- const X509_NAME *issuer_subject = X509_get_subject_name(issuer); +- const X509_NAME *cert_issuer = X509_get_issuer_name(cert); +- AUTHORITY_KEYID *akid = NULL; +- +- /* We cannot use X509_NAME_cmp() because it considers the order of the +- * X509_NAME_Entries. +- */ +- if (!own_X509_NAME_equal(issuer_subject, cert_issuer)) { +- g_autofree char *issuer_subject_str = +- X509_NAME_oneline(issuer_subject, NULL, 0); +- g_autofree char *cert_issuer_str = +- X509_NAME_oneline(cert_issuer, NULL, 0); +- g_set_error(err, PV_CRYPTO_ERROR, +- PV_CRYPTO_ERROR_CERT_SUBJECT_ISSUER_MISMATCH, +- _("Subject issuer mismatch:\n'%s'\n'%s'"), +- issuer_subject_str, cert_issuer_str); +- return -1; +- } ++ g_autoptr(AUTHORITY_KEYID) akid = NULL; + + akid = X509_get_ext_d2i(cert, NID_authority_key_identifier, NULL, NULL); + if (akid && X509_check_akid(issuer, akid) != X509_V_OK) { +Index: s390-tools-service/genprotimg/src/utils/crypto.h +=================================================================== +--- s390-tools-service.orig/genprotimg/src/utils/crypto.h ++++ s390-tools-service/genprotimg/src/utils/crypto.h +@@ -75,6 +75,7 @@ void x509_pair_free(x509_pair *pair); + /* Register auto cleanup functions */ + WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(ASN1_INTEGER, ASN1_INTEGER_free) + WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(ASN1_OCTET_STRING, ASN1_OCTET_STRING_free) ++WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(AUTHORITY_KEYID, AUTHORITY_KEYID_free) + WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(BIGNUM, BN_free) + WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(BIO, BIO_free_all) + WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(BN_CTX, BN_CTX_free) diff --git a/s390-tools-sles15sp6-03-libpv-support-Armonk-in-IBM-signing-key-subject.patch b/s390-tools-sles15sp6-03-libpv-support-Armonk-in-IBM-signing-key-subject.patch new file mode 100644 index 0000000..b4d41d8 --- /dev/null +++ b/s390-tools-sles15sp6-03-libpv-support-Armonk-in-IBM-signing-key-subject.patch @@ -0,0 +1,224 @@ +Index: s390-tools-service/include/libpv/cert.h +=================================================================== +--- s390-tools-service.orig/include/libpv/cert.h ++++ s390-tools-service/include/libpv/cert.h +@@ -16,7 +16,8 @@ + + #define PV_IBM_Z_SUBJECT_COMMON_NAME "International Business Machines Corporation" + #define PV_IBM_Z_SUBJECT_COUNTRY_NAME "US" +-#define PV_IBM_Z_SUBJECT_LOCALITY_NAME "Poughkeepsie" ++#define PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE "Poughkeepsie" ++#define PV_IBM_Z_SUBJECT_LOCALITY_NAME_ARMONK "Armonk" + #define PV_IBM_Z_SUBJECT_ORGANIZATIONAL_UNIT_NAME_SUFFIX "Key Signing Service" + #define PV_IBM_Z_SUBJECT_ORGANIZATION_NAME "International Business Machines Corporation" + #define PV_IBM_Z_SUBJECT_STATE "New York" +Index: s390-tools-service/libpv/cert.c +=================================================================== +--- s390-tools-service.orig/libpv/cert.c ++++ s390-tools-service/libpv/cert.c +@@ -857,7 +857,7 @@ static gboolean x509_name_data_by_nid_eq + + /* Checks whether the subject of @cert is a IBM signing key subject. For this we + * must check that the subject is equal to: 'C = US, ST = New York, L = +- * Poughkeepsie, O = International Business Machines Corporation, CN = ++ * Poughkeepsie or Armonk, O = International Business Machines Corporation, CN = + * International Business Machines Corporation' and the organization unit (OUT) + * must end with the suffix ' Key Signing Service'. + */ +@@ -879,7 +879,10 @@ static gboolean has_ibm_signing_subject( + if (!x509_name_data_by_nid_equal(subject, NID_stateOrProvinceName, PV_IBM_Z_SUBJECT_STATE)) + return FALSE; + +- if (!x509_name_data_by_nid_equal(subject, NID_localityName, PV_IBM_Z_SUBJECT_LOCALITY_NAME)) ++ if (!(x509_name_data_by_nid_equal(subject, NID_localityName, ++ PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE) || ++ x509_name_data_by_nid_equal(subject, NID_localityName, ++ PV_IBM_Z_SUBJECT_LOCALITY_NAME_ARMONK))) + return FALSE; + + if (!x509_name_data_by_nid_equal(subject, NID_organizationName, +@@ -1085,10 +1088,9 @@ static int check_signature_algo_match(co + + /* It's almost the same as X509_check_issed from OpenSSL does except that we + * don't check the key usage of the potential issuer. This means we check: +- * 1. issuer_name(cert) == subject_name(issuer) +- * 2. Check whether the akid(cert) (if available) matches the issuer skid +- * 3. Check that the cert algrithm matches the subject algorithm +- * 4. Verify the signature of certificate @cert is using the public key of ++ * 1. Check whether the akid(cert) (if available) matches the issuer skid ++ * 2. Check that the cert algrithm matches the subject algorithm ++ * 3. Verify the signature of certificate @cert is using the public key of + * @issuer. + */ + static int check_host_key_issued(X509 *cert, X509 *issuer, GError **error) +@@ -1097,19 +1099,6 @@ static int check_host_key_issued(X509 *c + const X509_NAME *cert_issuer = X509_get_issuer_name(cert); + g_autoptr(AUTHORITY_KEYID) akid = NULL; + +- /* We cannot use X509_NAME_cmp() because it considers the order of the +- * X509_NAME_Entries. +- */ +- if (!own_X509_NAME_equal(issuer_subject, cert_issuer)) { +- g_autofree char *issuer_subject_str = pv_X509_NAME_oneline(issuer_subject); +- g_autofree char *cert_issuer_str = pv_X509_NAME_oneline(cert_issuer); +- +- g_set_error(error, PV_CERT_ERROR, PV_CERT_ERROR_CERT_SUBJECT_ISSUER_MISMATCH, +- _("Subject issuer mismatch:\n'%s'\n'%s'"), issuer_subject_str, +- cert_issuer_str); +- return -1; +- } +- + akid = X509_get_ext_d2i(cert, NID_authority_key_identifier, NULL, NULL); + if (akid && X509_check_akid(issuer, akid) != X509_V_OK) { + g_set_error(error, PV_CERT_ERROR, PV_CERT_ERROR_SKID_AKID_MISMATCH, +@@ -1286,21 +1275,10 @@ int pv_verify_cert(X509_STORE_CTX *ctx, + return 0; + } + +-/* Verify that: subject(issuer) == issuer(crl) and SKID(issuer) == AKID(crl) */ ++/* Verify that SKID(issuer) == AKID(crl) */ + static int check_crl_issuer(X509_CRL *crl, X509 *issuer, GError **error) + { +- const X509_NAME *crl_issuer = X509_CRL_get_issuer(crl); +- const X509_NAME *issuer_subject = X509_get_subject_name(issuer); +- AUTHORITY_KEYID *akid = NULL; +- +- if (!own_X509_NAME_equal(issuer_subject, crl_issuer)) { +- g_autofree char *issuer_subject_str = pv_X509_NAME_oneline(issuer_subject); +- g_autofree char *crl_issuer_str = pv_X509_NAME_oneline(crl_issuer); +- +- g_set_error(error, PV_CERT_ERROR, PV_CERT_ERROR_CRL_SUBJECT_ISSUER_MISMATCH, +- _("issuer mismatch:\n%s\n%s"), issuer_subject_str, crl_issuer_str); +- return -1; +- } ++ g_autoptr(AUTHORITY_KEYID) akid = NULL; + + /* If AKID(@crl) is specified it must match with SKID(@issuer) */ + akid = X509_CRL_get_ext_d2i(crl, NID_authority_key_identifier, NULL, NULL); +@@ -1325,7 +1303,6 @@ int pv_verify_crl(X509_CRL *crl, X509 *c + return -1; + } + +- /* check that the @crl issuer matches with the subject name of @cert*/ + if (check_crl_issuer(crl, cert, error) < 0) + return -1; + +@@ -1393,6 +1370,93 @@ int pv_check_chain_parameters(const STAC + return 0; + } + ++/** Replace locality 'Armonk' with 'Pougkeepsie'. If Armonk was not set return ++ * `NULL`. ++ */ ++static X509_NAME *x509_armonk_locality_fixup(const X509_NAME *name) ++{ ++ g_autoptr(X509_NAME) ret = NULL; ++ int pos; ++ ++ /* Check if ``L=Armonk`` */ ++ if (!x509_name_data_by_nid_equal((X509_NAME *)name, NID_localityName, ++ PV_IBM_Z_SUBJECT_LOCALITY_NAME_ARMONK)) ++ return NULL; ++ ++ ret = X509_NAME_dup(name); ++ if (!ret) ++ g_abort(); ++ ++ pos = X509_NAME_get_index_by_NID(ret, NID_localityName, -1); ++ if (pos == -1) ++ return NULL; ++ ++ X509_NAME_ENTRY_free(X509_NAME_delete_entry(ret, pos)); ++ ++ /* Create a new name entry at the same position as before */ ++ if (X509_NAME_add_entry_by_NID( ++ ret, NID_localityName, MBSTRING_UTF8, ++ (const unsigned char *)&PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE, ++ sizeof(PV_IBM_Z_SUBJECT_LOCALITY_NAME_POUGHKEEPSIE) - 1, pos, 0) != 1) ++ return NULL; ++ ++ return g_steal_pointer(&ret); ++} ++ ++/* This function contains work-arounds for some known subject(CRT)<->issuer(CRL) ++ * issues. ++ */ ++static STACK_OF_X509_CRL *quirk_X509_STORE_ctx_get1_crls(X509_STORE_CTX *ctx, ++ const X509_NAME *subject, GError **err) ++{ ++ g_autoptr(X509_NAME) fixed_subject = NULL; ++ g_autoptr(STACK_OF_X509_CRL) ret = NULL; ++ ++ ret = pv_X509_STORE_CTX_get1_crls(ctx, subject); ++ if (ret && sk_X509_CRL_num(ret) > 0) ++ return g_steal_pointer(&ret); ++ ++ /* Workaround to fix the mismatch between issuer name of the * IBM ++ * signing CRLs and the IBM signing key subject name. Locality name has ++ * changed from Poughkeepsie to Armonk. ++ */ ++ fixed_subject = x509_armonk_locality_fixup(subject); ++ /* Was the locality replaced? */ ++ if (fixed_subject) { ++ X509_NAME *tmp; ++ ++ sk_X509_CRL_free(ret); ++ ret = pv_X509_STORE_CTX_get1_crls(ctx, fixed_subject); ++ if (ret && sk_X509_CRL_num(ret) > 0) ++ return g_steal_pointer(&ret); ++ ++ /* Workaround to fix the ordering mismatch between issuer name ++ * of the IBM signing CRLs and the IBM signing key subject name. ++ */ ++ tmp = fixed_subject; ++ fixed_subject = pv_c2b_name(fixed_subject); ++ X509_NAME_free(tmp); ++ sk_X509_CRL_free(ret); ++ ret = pv_X509_STORE_CTX_get1_crls(ctx, fixed_subject); ++ if (ret && sk_X509_CRL_num(ret) > 0) ++ return g_steal_pointer(&ret); ++ X509_NAME_free(fixed_subject); ++ fixed_subject = NULL; ++ } ++ ++ /* Workaround to fix the ordering mismatch between issuer name of the ++ * IBM signing CRLs and the IBM signing key subject name. ++ */ ++ fixed_subject = pv_c2b_name(subject); ++ sk_X509_CRL_free(ret); ++ ret = pv_X509_STORE_CTX_get1_crls(ctx, fixed_subject); ++ if (ret && sk_X509_CRL_num(ret) > 0) ++ return g_steal_pointer(&ret); ++ ++ g_set_error(err, PV_CERT_ERROR, PV_CERT_ERROR_NO_CRL, _("no CRL found")); ++ return NULL; ++} ++ + /* Given a certificate @cert try to find valid revocation lists in @ctx. If no + * valid CRL was found NULL is returned. + */ +@@ -1412,21 +1476,9 @@ STACK_OF_X509_CRL *pv_store_ctx_find_val + return NULL; + } + +- ret = pv_X509_STORE_CTX_get1_crls(ctx, subject); +- if (!ret) { +- /* Workaround to fix the mismatch between issuer name of the +- * IBM Z signing CRLs and the IBM Z signing key subject name. +- */ +- g_autoptr(X509_NAME) broken_subject = pv_c2b_name(subject); +- +- ret = pv_X509_STORE_CTX_get1_crls(ctx, broken_subject); +- if (!ret) { +- g_set_error(error, PV_CERT_ERROR, PV_CERT_ERROR_NO_CRL, _("no CRL found")); +- g_info("ERROR: %s", (*error)->message); +- return NULL; +- } +- } +- ++ ret = quirk_X509_STORE_ctx_get1_crls(ctx, subject, error); ++ if (!ret) ++ return NULL; + /* Filter out non-valid CRLs for @cert */ + for (int i = 0; i < sk_X509_CRL_num(ret); i++) { + X509_CRL *crl = sk_X509_CRL_value(ret, i); diff --git a/s390-tools-sles15sp6-04-pvattest-Fix-root-ca-parsing.patch b/s390-tools-sles15sp6-04-pvattest-Fix-root-ca-parsing.patch new file mode 100644 index 0000000..f584399 --- /dev/null +++ b/s390-tools-sles15sp6-04-pvattest-Fix-root-ca-parsing.patch @@ -0,0 +1,25 @@ +Index: s390-tools-service/pvattest/src/argparse.c +=================================================================== +--- s390-tools-service.orig/pvattest/src/argparse.c ++++ s390-tools-service/pvattest/src/argparse.c +@@ -190,13 +190,13 @@ static gboolean hex_str_toull(const char + } + + /* NOTE REQUIRED */ +-#define _entry_root_ca(__arg_data, __indent) \ +- { \ +- .long_name = "root-ca", .short_name = 0, .flags = G_OPTION_FLAG_NONE, \ +- .arg = G_OPTION_ARG_FILENAME_ARRAY, .arg_data = __arg_data, \ +- .description = "Use FILE as the trusted root CA instead the\n" __indent \ +- "root CAs that are installed on the system (optional).\n", \ +- .arg_description = "FILE", \ ++#define _entry_root_ca(__arg_data, __indent) \ ++ { \ ++ .long_name = "root-ca", .short_name = 0, .flags = G_OPTION_FLAG_NONE, \ ++ .arg = G_OPTION_ARG_FILENAME, .arg_data = __arg_data, \ ++ .description = "Use FILE as the trusted root CA instead the\n" __indent \ ++ "root CAs that are installed on the system (optional).\n", \ ++ .arg_description = "FILE", \ + } + + /* NOTE REQUIRED */ diff --git a/s390-tools-sles15sp6-genprotimg-makefile.patch b/s390-tools-sles15sp6-genprotimg-makefile.patch new file mode 100644 index 0000000..3d0ad08 --- /dev/null +++ b/s390-tools-sles15sp6-genprotimg-makefile.patch @@ -0,0 +1,92 @@ +From 0748d365a60477c96cb9f6a12e9dbe547d549e1f Mon Sep 17 00:00:00 2001 +From: Marc Hartmayer +Date: Tue, 12 Mar 2024 09:33:19 +0000 +Subject: [PATCH] genprotimg/**/Makefile: Fix staged installs + +Fix the support for staged installs. The Makefile variable `PKGDATADIR` +uses `DESTDIR` for all Makefile target, but actually it should only be +used for the `install*` and `uninstall*` targets. [1] Fix this by using +`DESTDIR` only for `install*` targets - uninstall* targets are not +supported by s390-tools. + +Before this change, if `DESTDIR` was set for staged installs, +`genprotimg` has tried to find the bootloader binaries at the temporary +installation path `$DESTDIR$(TOOLS_DATADIR)/genprotimg/` instead of +`$(TOOLS_DATADIR)/genprotimg`. + +[1] https://www.gnu.org/prep/standards/html_node/DESTDIR.html + +Fixes: 65b9fc442c1a ("genprotimg: introduce new tool for the creation of PV images") +Reviewed-by: Steffen Eiden +Signed-off-by: Marc Hartmayer +Signed-off-by: Steffen Eiden +--- + genprotimg/Makefile | 6 +++--- + genprotimg/boot/Makefile | 8 ++++---- + genprotimg/src/Makefile | 2 +- + 3 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/genprotimg/Makefile b/genprotimg/Makefile +index 8c9f7048..6a2e37e4 100644 +--- a/genprotimg/Makefile ++++ b/genprotimg/Makefile +@@ -3,7 +3,7 @@ include ../common.mak + + .DEFAULT_GOAL := all + +-PKGDATADIR := "$(DESTDIR)$(TOOLS_DATADIR)/genprotimg" ++PKGDATADIR := "$(TOOLS_DATADIR)/genprotimg" + TESTS := + SUBDIRS := boot src man + RECURSIVE_TARGETS := all-recursive install-recursive clean-recursive +@@ -11,8 +11,8 @@ RECURSIVE_TARGETS := all-recursive install-recursive clean-recursive + all: all-recursive + + install: install-recursive +- $(INSTALL) -d -m 755 "$(PKGDATADIR)" +- $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 samples/check_hostkeydoc "$(PKGDATADIR)" ++ $(INSTALL) -d -m 755 "$(DESTDIR)$(PKGDATADIR)" ++ $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 samples/check_hostkeydoc "$(DESTDIR)$(PKGDATADIR)" + + clean: clean-recursive + +diff --git a/genprotimg/boot/Makefile b/genprotimg/boot/Makefile +index 799df9cc..73f3c9a8 100644 +--- a/genprotimg/boot/Makefile ++++ b/genprotimg/boot/Makefile +@@ -7,7 +7,7 @@ DEBUG_FILES := $(addsuffix .debug,$(FILES)) + ifeq ($(HOST_ARCH),s390x) + ZIPL_DIR := $(rootdir)/zipl + ZIPL_BOOT_DIR := $(ZIPL_DIR)/boot +-PKGDATADIR := $(DESTDIR)$(TOOLS_DATADIR)/genprotimg ++PKGDATADIR := $(TOOLS_DATADIR)/genprotimg + + INCLUDE_PATHS := $(ZIPL_BOOT_DIR) $(ZIPL_DIR)/include $(rootdir)/include + INCLUDE_PARMS := $(addprefix -I,$(INCLUDE_PATHS)) +@@ -86,9 +86,9 @@ stage3b.elf: head.o $(ZIPL_OBJS) + @chmod a-x $@ + + install: stage3a.bin stage3b_reloc.bin +- $(INSTALL) -d -m 755 "$(PKGDATADIR)" +- $(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 stage3a.bin "$(PKGDATADIR)" +- $(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 stage3b_reloc.bin "$(PKGDATADIR)" ++ $(INSTALL) -d -m 755 "$(DESTDIR)$(PKGDATADIR)" ++ $(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 stage3a.bin "$(DESTDIR)$(PKGDATADIR)" ++ $(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 stage3b_reloc.bin "$(DESTDIR)$(PKGDATADIR)" + + else + # Don't generate the dependency files (see `common.mak` for the +diff --git a/genprotimg/src/Makefile b/genprotimg/src/Makefile +index 08734bff..d447e6cf 100644 +--- a/genprotimg/src/Makefile ++++ b/genprotimg/src/Makefile +@@ -3,7 +3,7 @@ include ../../common.mak + + bin_PROGRAM = genprotimg + +-PKGDATADIR ?= "$(DESTDIR)$(TOOLS_DATADIR)/genprotimg" ++PKGDATADIR ?= "$(TOOLS_DATADIR)/genprotimg" + SRC_DIR := $(dir $(realpath $(firstword $(MAKEFILE_LIST)))) + TOP_SRCDIR := $(SRC_DIR)/../ + ROOT_DIR = $(TOP_SRC_DIR)/../../ + diff --git a/s390-tools-sles15sp6-kdump-initrd-59-zfcp-compat-rules.patch b/s390-tools-sles15sp6-kdump-initrd-59-zfcp-compat-rules.patch new file mode 100644 index 0000000..740ced7 --- /dev/null +++ b/s390-tools-sles15sp6-kdump-initrd-59-zfcp-compat-rules.patch @@ -0,0 +1,28 @@ +From: Jiri Bohac +References: bsc#1219471 +Subject: include 59-zfcp-compat.rules in kdump initrd + +kdump uses a random one of the by-path symlinks to refer to the target +partition. + +With 59-zfcp-compat.rules added to the SUSE package, symlinks in the form +/dev/disk/by-path/ccw-*.*.*-zfcp-*:*-part* are created. If kdump uses this symlink when generating +the kdump initrd it will fail on boot beacause the udev rule is missing in the kdump initrd +and the symlink not created in the kdump environment. + +Fix this by including 59-zfcp-compat.rules in the kdump initrd. + +--- + zdev/dracut/95zdev-kdump/module-setup.sh | 1 + + 1 file changed, 1 insertion(+) + +--- a/zdev/dracut/95zdev-kdump/module-setup.sh ++++ b/zdev/dracut/95zdev-kdump/module-setup.sh +@@ -78,6 +78,7 @@ + inst_multiple /lib/s390-tools/zdev-from-dasd_mod.dasd + + inst_rules "59-dasd.rules" ++ inst_rules "59-zfcp-compat.rules" + + # Obtain kdump target device configuration + diff --git a/s390-tools-slfo-01-parse-ipl-device-for-activation.patch b/s390-tools-slfo-01-parse-ipl-device-for-activation.patch new file mode 100644 index 0000000..7dfec98 --- /dev/null +++ b/s390-tools-slfo-01-parse-ipl-device-for-activation.patch @@ -0,0 +1,112 @@ +From 001c5aa5d40ffa7a40d64416c43c67004de29b8f Mon Sep 17 00:00:00 2001 +From: Thomas Blume +Date: Thu, 28 Mar 2024 13:32:46 +0100 +Subject: [PATCH] parse ipl device for activation + +ported from dracut modules +--- + zdev/dracut/95zdev/parse-dasd.sh | 20 +++++++++++-- + zdev/dracut/95zdev/parse-zfcp.sh | 56 +++++++++++++++++++++++++-------------- + 2 files changed, 54 insertions(+), 22 deletions(-) + +--- a/zdev/dracut/95zdev/parse-dasd.sh ++++ b/zdev/dracut/95zdev/parse-dasd.sh +@@ -10,6 +10,8 @@ + # parameters are evaluated and used to configure dasd devices. + # + ++zdev_dasd_base_args="--no-settle --yes --no-root-update --force" ++ + # shellcheck source=/dev/null + type zdev_parse_dasd_list > /dev/null 2>&1 || . /lib/s390-tools/zdev-from-dasd_mod.dasd + +@@ -27,9 +29,21 @@ + + zdev_parse_rd_dasd() { + local _zdev_dasd _zdev_dasd_list +- for _zdev_dasd in $(getargs rd.dasd -d 'rd_DASD='); do +- _zdev_dasd_list="${_zdev_dasd_list:+${_zdev_dasd_list},}$_zdev_dasd" +- done ++ # autodetect active bootdev from zipl device ++ if ! getargbool 0 'rd.dasd' \ ++ && [[ -f /sys/firmware/ipl/ipl_type ]] \ ++ && [[ $(< /sys/firmware/ipl/ipl_type) == "ccw" ]]; then ++ read -r _ccw < /sys/firmware/ipl/device ++ ++ if lszdev --offline "$_ccw" &>/dev/null; then ++ chzdev --offline --existing --enable --active $zdev_dasd_base_args \ ++ dasd "$_ccw" ++ fi ++ else ++ for _zdev_dasd in $(getargs rd.dasd -d 'rd_DASD='); do ++ _zdev_dasd_list="${_zdev_dasd_list:+${_zdev_dasd_list},}$_zdev_dasd" ++ done ++ fi + echo "$_zdev_dasd_list" + } + +--- a/zdev/dracut/95zdev/parse-zfcp.sh ++++ b/zdev/dracut/95zdev/parse-zfcp.sh +@@ -12,25 +12,43 @@ + + zdev_zfcp_base_args="--no-settle --yes --no-root-update --force" + +-for zdev_zfcp_arg in $(getargs rd.zfcp -d 'rd_ZFCP='); do +- ( +- IFS_SAVED="$IFS" +- IFS="," # did not work in front of built-in set command below +- # shellcheck disable=SC2086 +- set -- $zdev_zfcp_arg +- IFS=":" args="$*" +- IFS="$IFS_SAVED" +- echo "rd.zfcp ${zdev_zfcp_arg} :" | zdev_vinfo +- if [ "$#" -eq 1 ]; then +- # shellcheck disable=SC2086 +- chzdev --enable --persistent $zdev_zfcp_base_args \ +- zfcp-host "$args" 2>&1 | zdev_vinfo +- else ++zdev_vinfo() { ++ local _zdev_vinfo_line ++ while read -r _zdev_vinfo_line || [ -n "$_zdev_vinfo_line" ]; do ++ # Prefix "<30>" represents facility LOG_DAEMON 3 and loglevel INFO 6: ++ # (facility << 3) | level. ++ echo "<30>dracut: $_zdev_vinfo_line" > /dev/kmsg ++ done ++} ++ ++# autodetect active bootdev from zipl device ++if ! getargbool 0 'rd.zfcp' \ ++ && [[ -f /sys/firmware/ipl/ipl_type ]] \ ++ && [[ $(< /sys/firmware/ipl/ipl_type) == "fcp" ]]; then ++ chzdev --offline --existing --enable --active $zdev_zfcp_base_args \ ++ zfcp-host 2>&1 | zdev_vinfo ++else ++ for zdev_zfcp_arg in $(getargs rd.zfcp -d 'rd_ZFCP='); do ++ ( ++ IFS_SAVED="$IFS" ++ IFS="," # did not work in front of built-in set command below + # shellcheck disable=SC2086 +- chzdev --enable --persistent $zdev_zfcp_base_args \ +- zfcp-lun "$args" 2>&1 | zdev_vinfo +- fi +- ) +-done ++ set -- $zdev_zfcp_arg ++ IFS=":" args="$*" ++ IFS="$IFS_SAVED" ++ echo "rd.zfcp ${zdev_zfcp_arg} :" | zdev_vinfo ++ if [ "$#" -eq 1 ]; then ++ # shellcheck disable=SC2086 ++ chzdev --enable --persistent $zdev_zfcp_base_args \ ++ zfcp-host "$args" 2>&1 | zdev_vinfo ++ else ++ # shellcheck disable=SC2086 ++ chzdev --enable --persistent $zdev_zfcp_base_args \ ++ zfcp-lun "$args" 2>&1 | zdev_vinfo ++ fi ++ ) ++ done ++fi ++ + unset zdev_zfcp_arg + unset zdev_zfcp_base_args diff --git a/s390-tools-zdsfs.caution.txt b/s390-tools-zdsfs.caution.txt new file mode 100644 index 0000000..8c5681d --- /dev/null +++ b/s390-tools-zdsfs.caution.txt @@ -0,0 +1,19 @@ +We strongly recommend that you get your z/OS support teams involved before installing this package. + +The zdsfs command is a new feature provided by IBM with the s390-tools package in SLES12. The zdsfs command allows Linux systems to mount z/OS DASD volumes as a Linux file system. The zdsfs file system translates the z/OS data sets into Linux semantics. + +Through the zdsfs file system, applications on Linux can read z/OS physical sequential data sets (PS) and partitioned data sets (PDS) on the DASD. If implemented improperly, or without the knowledge and cooperation of the systems programmers and information security professionals responsible for the z/OS system, the zdsfs command represents a potentially very serious security and data integrity exposure. + +There are a number of factors to consider if you choose to install this package. A necessarily incomplete list of these would be: +- Through the zdsfs file system, whole DASD volumes are accessible to Linux +- This access is not controlled or detectable by any z/OS security or auditing mechanisms. +- This access is not controlled by any z/OS "locking" facility such as provided by ENQ, GRS, etc. +- To avoid data inconsistencies, ensure the DASD volumes are offline to z/OS before you mount them in Linux. +- To minimize security problems, you should dedicate the z/OS DASD volumes for the sole purpose of providing data to Linux. +- To share z/OS data with Linux, copy it to a dataset on that separate volume. +- Because the datasets will be accessed outside of z/OS, they will appear to have never been read after creation. +- You should ensure the datasets that Linux is to access are on a separate volume that is not used for automatic dataset allocation and that is not under System Managed Storage (SMS) control. This prevents dataset migration since they will appear to never be used (except when you update them), and it avoids unaudited access to datasets that are not intended for access by the Linux server. +- When running Linux native in an LPAR, ensure that the LPAR has access only to the specific z/OS volumes that contain the data to be accessed by Linux. +- By default, only the Linux user who mounts the zdsfs file system has access to it. + +By confirming this caution, you are acknowledging that you are aware there are potential data security and integrity exposures involved in the use of this package, and that you want to install it anyway. diff --git a/s390-tools.changes b/s390-tools.changes new file mode 100644 index 0000000..c526eba --- /dev/null +++ b/s390-tools.changes @@ -0,0 +1,4781 @@ +------------------------------------------------------------------- +Thu Jan 9 07:05:53 UTC 2025 - Nikolay Gueorguiev + +- Applied backport patches from s390-tools 2.37 to 2.36 ( jsc#PED-11870 ) + ( jsc#IBM-1447, jsc#IBM-1062 ) + * s390-tools-General-update-01.patch + * s390-tools-General-update-02.patch + * s390-tools-General-update-03.patch + * s390-tools-General-update-04.patch + * s390-tools-General-update-05.patch + * s390-tools-General-update-06.patch + * s390-tools-General-update-07.patch + * s390-tools-General-update-08.patch + * s390-tools-General-update-09.patch + * s390-tools-General-update-10.patch + * s390-tools-General-update-11.patch + * s390-tools-General-update-12.patch + * s390-tools-Additional-update-01.patch + * s390-tools-Additional-update-02.patch + ( jsc#IBM-1570, jsc#IBM-1571 ) + * s390-tools-Support-unencrypted-SE-images-01.patch + ( jsc#IBM-1572, jsc#IBM-1573 ) + * s390-tools-pvimg-info-command-01.patch + * s390-tools-pvimg-info-command-02.patch + * s390-tools-pvimg-info-command-03.patch + * s390-tools-pvimg-info-command-04.patch + ( jsc#IBM-1576, jsc#IBM-1577 ) + * s390-tools-pvimg-additional-01.patch +- Renamed patches from - to + * s390-tools-01-opticsmon-Fix-runaway-loop-in-on_link_change.patch + to + s390-tools-Additional-update-01.patch + * s390-tools-02-libzpci-opticsmon-Refactor-on_link_change-using-new.patch + to + s390-tools-Additional-update-02.patch + * s390-tools-03-rust-pvimg-Add-enable-disable-image-encryption-flags-to-pvimg-create.patch + to + s390-tools-Support-unencrypted-SE-images-01.patch +- Revendored vendor.tar.gz + +------------------------------------------------------------------- +Tue Jan 7 08:59:16 UTC 2025 - Nikolay Gueorguiev + +- Applied a patch for '--(enable|disable)-image-encryption' flags for 'pvimg create' (jsc#PED-11870) + * s390-tools-03-rust-pvimg-Add-enable-disable-image-encryption-flags-to-pvimg-create.patch + +------------------------------------------------------------------- +Tue Dec 31 09:59:27 UTC 2024 - Nikolay Gueorguiev + +- Applied patches (jsc#PED-9591, jsc#PED-10303) + * s390-tools-01-opticsmon-Fix-runaway-loop-in-on_link_change.patch + * s390-tools-02-libzpci-opticsmon-Refactor-on_link_change-using-new.patch + +------------------------------------------------------------------- +Mon Dec 9 09:49:52 UTC 2024 - Nikolay Gueorguiev + +- Upgrade s390-tools to version 2.36 (jsc#PED-10303, jsc#PED-9591) + * s390-tools: Define Rust MSRV as 1.75.0 + * Add new tools / libraries: + - cpacfinfo: Tool to provide CPACF information + - opticsmon: Tools to monitor optical modules for directly attached PCI based NICs + - pvimg: Rust rewrite of genprotimg + * Changes of existing tools: + - chpstat: Add data bandwidth utilization column + - chpstat: Add support for full CMCB + - chpstat: Add support for new CMG types + - dbginfo.sh: add overview commands and crypto update + - hyptop: Support for structured output (json, json-seq, csv) + - lszfcp: Add missing fallback marker for non-good fc_host port_state + - lszfcp: Improve speed with many SCSI devices + - pvattest: Add attestation policy check command + - zipl: Add support of partitions of mirror md-devices + * Bug Fixes: + - lszcrypt: Fix wrong state showing up for removed AP queue within SE guest + - lszfcp: Show device names line for zfcp_units without SCSI device +- Revendored vendor.tar.gz +- Applied additional patch (bsc#1233889, bsc#1233079) + * s390-tools-02-zipl-src-fix-imprecise-check-that-file-is-on-specifi.patch + +------------------------------------------------------------------- +Thu Dec 5 15:13:49 UTC 2024 - Nikolay Gueorguiev + +- Applied a patch (bsc#1233889) + * s390-tools-01-zipl_helper.device-mapper-add-missed-step-in-logical.patch +- Amended the /usr/lib/modules-load.d/pkey.conf (bsc#1233233). Added + * pkey_cca + * pkey_ep11 + * pkey_pckmo + +------------------------------------------------------------------- +Tue Nov 5 07:39:58 UTC 2024 - Nikolay Gueorguiev + +- Amended the *_configure scripts to update again the SUSE's specific file + '/boot/zipl/active_devices.txt' (bsc#1232474, bsc#1216257) + * ctc_configure + * dasd_configure + * qeth_configure + * zfcp_host_configure + +------------------------------------------------------------------- +Tue Oct 8 10:35:04 UTC 2024 - Nikolay Gueorguiev + +* Upgrade s390-tools to version 2.35 (jsc#PED-9591, jsc#PED-10303) +* Changes of existing tools: + - cpacfstats: Add support for FULL XTS (MSA 10) and HMAC (MSA 11) PAI counter + - cpuplugd: Make cpuplugd compatible with hiperdispatch + - dbginfo.sh: Add network sockstat info + - pvapconfig: s390x exclusive build + - zdev: Add option to select IPL device + - zdump/dfo_s390: Support s390 DFO for vr-kernel dumps + - zipl: Add support of mirror devices +* Bug Fixes: + - (genprotimg|zipl)/boot: discard .note.package ELF section to save memory + - netboot/mk-s390image: Fix size when argument is a symlink + - ziorep_config: Fix warning message when multipath device is not there. + - zipl: Fix problems when target parameters are specified by user + - zipl: Fix segfault when creating device-based dumps with '--dry-run' +* Removed obsolete patches + - s390-tools-2.34-Fix-Rust-compilation-errors.patch + - s390-tools-01-zipl-src-add-basic-support-for-multiple-target-base-disks.patch + - s390-tools-02-zipl-src-add-basic-support-for-multiple-target-base-disks.patch +* Revendored vendor.tar.gz + +------------------------------------------------------------------- +Mon Sep 16 12:49:55 UTC 2024 - Nikolay Gueorguiev + +* Applied patches (bsc#1230345) + - zipl/src: add basic support for multiple target base disks + - s390-tools-01-zipl-src-add-basic-support-for-multiple-target-base-disks.patch + - s390-tools-02-zipl-src-add-basic-support-for-multiple-target-base-disks.patch + +------------------------------------------------------------------- +Mon Aug 26 09:17:17 UTC 2024 - Nikolay Gueorguiev + +* Applied a patch to fix Rust compilation errors (bsc#1229461) + - s390-tools-2.34-Fix-Rust-compilation-errors.patch + - Fix: s390-tools: Rust compilation errors (s390_pv_core), build fails with + "error: unnecessary qualification" +* Added BuildRequieres in the .spec file + - perl-Bootloader >= 0.4.15 + +------------------------------------------------------------------- +Mon Aug 19 08:28:34 UTC 2024 - Nikolay Gueorguiev + +* Upgrade s390-tools to version 2.34 (jsc#PED-3223,jsc#PED-9591) +*** v2.34.0 +* Changes of existing tools: + - ap_tools/ap-check: Add support for vfio-ap dynamic configuration + - dbginfo.sh: Update/Add additional DASD data collection + - dumpconf: Add new parameter 'SCP_DATA' for SCSI/NVMe/ECKD dump devices + - libutil: Make formatted meta-data configurable + - s390-tools: Replace 'which' with built-in 'command -v' + - zdump/dfi_elf: Support core dumps of vr-kernels +* Bug Fixes: + - chzdev: Fix warning about failed ATTR writes by udev + - rust/pv: Try again if first CRL-URI is invalid + - rust/pvattest: Add short option for --arpk + - zdump: Fix 'zgetdump -i' ioctl error on s390 formatted dump file +*** v2.33.1 +* Bug Fixes: + - s390-tools: Fix formatting and typos in README.md + - s390-tools: Fix release string +*** v2.33.0 +* Add new tools / libraries: + - chpstat: New tool for displaying channel path statistics + - libutil: Add output format helpers(util_fmt: JSON, JSON-SEQ, CSV, text pairs) +* Changes of existing tools / libraries: + - chzdev: Add --is-owner to identify files created by zdev + - dasdfmt: Change default mode to always use full-format (Note: affects ESE DASD) + - libap: Significantly reduce delay time between file lock retries + - pvattest: Rewrite from C to Rust + - pvattest: Support additional data & user-data + - rust/pv: Support for Attestation +* Bug Fixes: + - chreipl: Improve disk type detection when running under QEMU + - dbginfo.sh: Use POSIX option with uname + - s390-tools: Fix missing hyphen escapes in the man page for many tools + - zipl/src: Fix bugs in disk_get_info() reproducible in corner cases + *** v2.32.0 +* Changes of existing tools: + - cpumf/lscpumf: add support for machine type 3932 + - genprotimg, pvattest, and pvsecret accept IBM signing key with Armonk as + subject locality + - zdump/zipl: Support for List-Directed dump from ECKD DASD + - zkey: Detect FIPS mode and generate PBKDF for luksFormat according to it +* Bug Fixes: + - dbginfo.sh: dash compatible copy sequence + - rust/pv_core: Fix UvDeviceInfo::get() method + - zipl/src: Fix leak of files if run with a broken configuration + - zkey: Fix convert command to accept only keys of type CCA-AESDATA +* Revendored vendor.tar.gz +* Removed obsolete patches + - s390-tools-sles15sp5-01-rust-pv-support-Armonk-in-IBM-signing-key-subject.patch + - s390-tools-sles15sp6-02-genprotimg-support-Armonk-in-IBM-signing-key-subject.patch + - s390-tools-sles15sp6-03-libpv-support-Armonk-in-IBM-signing-key-subject.patch + - s390-tools-sles15sp6-04-pvattest-Fix-root-ca-parsing.patch + - s390-tools-sles15sp6-genprotimg-makefile.patch + +------------------------------------------------------------------- +Thu Jul 11 14:56:34 UTC 2024 - Nikolay Gueorguiev + +- Applied a new patch (bsc#1227602) + * s390-tools-slfo-01-parse-ipl-device-for-activation.patch +- Removed the old 'initial' patch + * s390-tools-sles15sp6-01-parse-ipl-device-for-activation.patch + +------------------------------------------------------------------- +Thu Jun 20 13:58:08 UTC 2024 - Nikolay Gueorguiev + +- Amended read_values.c (bsc#1226609) + * Added print for 'qc_type_name', amended the layers +- Updated %description in the .spec file + +------------------------------------------------------------------- +Thu Apr 25 14:56:25 UTC 2024 - Dominique Leuenberger + +- s390-tools-genprotimg-data needs to require filesystem in order + to ensure we are not installed before potential UsrMerge + migration code was running (boo#1223090). + +------------------------------------------------------------------- +Thu Apr 18 11:05:53 UTC 2024 - Nikolay Gueorguiev + +- Applied an updated patch (bsc#1220949,bsc#1221873) + * s390-tools-sles15sp6-01-parse-ipl-device-for-activation.patch + +------------------------------------------------------------------- +Tue Apr 16 16:55:05 UTC 2024 - Nikolay Gueorguiev + +- Amended the .spec file for x86_64 + * Recommends: s390-tools-genprotimg-data + +------------------------------------------------------------------- +Tue Apr 16 07:48:20 UTC 2024 - Nikolay Gueorguiev + +- Amended the .spec file for s390-tools-genprotimg-data-*.noarch.rpm + * Removed the dependency on it on x86_64 platform + * Updated the Summary and Description of the *.noarch.rpm (bsc#1222675) + +------------------------------------------------------------------- +Fri Apr 12 15:28:09 UTC 2024 - Nikolay Gueorguiev + +- Updated the .spec file to enable Secure Execution in the Cloud (bsc#1222675) + * Creates a s390-tools-genprotimg-data-*.noarch.rpm package which includes + s390x bootload binaries for x86_64: + - /lib/s390-tools/stage3.bin + - /usr/share/s390-tools/genprotimg/stage3a.bin + - /usr/share/s390-tools/genprotimg/stage3b_reloc.bin + * Excludes the above binaries from the (main) s390-tools-*.s390x.rpm + * Requires: s390-tools-genprotimg-data + +------------------------------------------------------------------- +Thu Apr 4 03:51:55 UTC 2024 - Nikolay Gueorguiev + +- SE-tooling: New IBM host-key subject locality (s390-tools) (bsc#1222282) + * s390-tools-sles15sp5-01-rust-pv-support-Armonk-in-IBM-signing-key-subject.patch + * s390-tools-sles15sp6-02-genprotimg-support-Armonk-in-IBM-signing-key-subject.patch + * s390-tools-sles15sp6-03-libpv-support-Armonk-in-IBM-signing-key-subject.patch + * s390-tools-sles15sp6-04-pvattest-Fix-root-ca-parsing.patch + +------------------------------------------------------------------- +Tue Apr 2 05:32:45 UTC 2024 - Nikolay Gueorguiev + +- Apllied a patch(bsc#1220949,bsc#1221873) + * s390-tools-sles15sp6-01-parse-ipl-device-for-activation.patch + +------------------------------------------------------------------- +Fri Mar 15 16:45:58 UTC 2024 - Nikolay Gueorguiev + +- Applied a patch (bsc#1221072) + * s390-tools-sles15sp6-genprotimg-makefile.patch + +------------------------------------------------------------------- +Tue Mar 12 08:46:19 UTC 2024 - Nikolay Gueorguiev + +- Amended the .spec file for x86_64 (jsc#PED-7135, jsc#IBM-1309) + +------------------------------------------------------------------- +Wed Feb 21 17:02:55 UTC 2024 - Nikolay Gueorguiev + +- Applied a patch for kdump initrd (bsc#1219471) + * s390-tools-sles15sp6-kdump-initrd-59-zfcp-compat-rules.patch + +------------------------------------------------------------------- +Wed Feb 21 11:12:33 CET 2024 - ro@suse.de + +- Provide groups as required by RPM 4.19 + +------------------------------------------------------------------- +Wed Feb 7 07:55:51 UTC 2024 - Nikolay Gueorguiev + +- Upgrade s390-tools to version 2.31 (jsc#PED-3275, jsc#PED-3223) +- General: + * common.mak: Set default C/C++ standard to gnu11/gnu++11 +- Add new tools / libraries: + * pvapconfig: Tool to automatically configure APQNs in SE KVM guests + * s390-tools: Provide pre-commit configuration +- Changes of existing tools: + * cpuplugd: Adjust to CPU 0 being no longer hotpluggable + * dbginfo.sh: Check for Dynamic Partition Mode + * dbginfo.sh: Update man page and copyright + * rust/pv: Add user-data signing and verifying + * rust/pvsecret: Add user defined signatures and verifications + * zdev/dracut: Consolidate device configuration +- Bug Fixes: + * dbginfo.sh: Fix relative path on script copy + * libkmipclient: Fix build with libxml2-2.12.0 + * pvsecret: Fix panic if empty file is used as host key document + * rust/pv: Fix 'elided_lifetimes_in_associated_constant' warning + +------------------------------------------------------------------- +Thu Feb 1 08:31:08 UTC 2024 - Nikolay Gueorguiev + +- Updated read_values.c (bsc#1219227) + +------------------------------------------------------------------- +Wed Jan 24 14:27:00 UTC 2024 - Nikolay Gueorguiev + +- Updated the .spec file + * Explicitly specified 'ExclusiveArch: s390x x86_64' + +------------------------------------------------------------------- +Sun Dec 17 05:48:56 UTC 2023 - Nikolay Gueorguiev + +- Updated the .spec file to use gcc13 (bsc#1217838) +- Amended read_values for '-S' option (bsc#1217923) + +------------------------------------------------------------------- +Mon Dec 4 13:34:09 UTC 2023 - Nikolay Gueorguiev + +- Upgrade s390-tools to version 2.30 + (jsc#PED-5783, jsc#PED-6785, jsc#PED-7136, jsc#PED-6539, jsc#PED-4604, + jsc#PED-6649, jsc#PED-7138 ) +- Add new tools / libraries: + * lspai: Tool to display PAI counter sets + * s390-tools: Provide a ShellCheck configuration +- Changes of existing tools / libraries: + * cpumf/pai: Add command line option for realtime scheduling + * dbginfo.sh: enhance ethtool collection for ROCE + * libutil/util_lockfile: add routine to return owning pid of file lock + * lszcrypt: Improve lszcrypt output on SE guests + * rust: Use a single workspace for all rust tools + * zdev: limit the derivation of ZDEV_SITE_ID + * zdump/df_s390: Update 'zgetdump -i' output with zlib info + * zdump/dfi_s390: Support reading compressed s390_ext dumps + * zipl/boot: Integrate zlib compression to single volume DASD dumper + * zipl/boot: compile the bootloaders only if HOST_ARCH is s390x + * zipl: Add --no-compress option to zipl command + * zkey: Also check for deconfigured and check-stopped cards +- Bug Fixes: + * ap_tools/ap-check: handle get-attributes between pre and post event + * libutil: fix util_file_read_*() using wrong format specifiers + * rust/pv: fix Invalid write of size +- Amended the SUSE patches for version 2.30 +- Revendored vendor.tar.gz +- Removed an obsolete patch + * s390-tools-sles15sp6-zkey-Support-EP11-AES-keys-with-prepended-header-to-.patch + +------------------------------------------------------------------- +Fri Nov 24 07:51:10 UTC 2023 - Nikolay Gueorguiev + +- Provide s390-tools on x86_64 to enable Secure Execution in the Cloud + (jsc#PED-578, jsc#PED-7136, and jsc#PED-7138) + * Selected tools from the s390-tools package need to be made available on x86_64. + This will enable the integration of IBM Z machines running Secure Execution in a + cloud environment where users don't necessarily need to have an s390x environment. + - genprotimg - (for building secure images) + - pvsecret - + - pvattest - (for external attestation) + - pvextract-hdr - + +------------------------------------------------------------------- +Wed Nov 15 07:31:45 UTC 2023 - Nikolay Gueorguiev + +- Fixed a logic error in read_values.c + +------------------------------------------------------------------- +Mon Nov 13 13:13:11 UTC 2023 - Nikolay Gueorguiev + + * Upgrade 390-tools from version 2.25.0 to version v2.29.0 (Latest) + * * * * + - General: + - s390-tools now supports tools written in Rust. + - Add compdb Makefile target to create 'compile_commands.json' to support LSP + - backends in IDEs and editors + - Add new tools / libraries: + * rust/pv: Library for pv tools written in rust + * rust/pvsecret: Tool to manage UV-secrets + * Changes of existing tools: + - dbginfo.sh: Global IFS variable + - genprotimg: Add support for add-secret requests + - genprotimg: Build debuginfo files for bootloader + - hyptop: Add real SMT utilization field + - hyptop: Allow users to set speedup factor + - pvattest: Add yaml-output for verify command + - zipl: Build debuginfo files for bootloader + * Bug Fixes: + - dump2tar: Fix truncated paths + - zdev/dracut: fix kdump build to integrate with site support + * * * * + * v2.28.0 + - Changes of existing tools: + - chzcrypt: Support for SE AP pass-through support + - genprotimg: Add support for non-s390x architectures + - lszcrypt: Support for SE AP pass-through support + - zdev: Add support for autoquiesce related sysfs attributes + * Bug Fixes: + - ap_tools/ap-check: Handle missing 'matrix' and 'control_domains' attrs + - ap_tools/ap-check: Hold ap config file lock over get attributes + - s390-tools: Fix build for ppc64le + - zdev: Add missing label in the udev-rules + - zdev: Add proper value input for the ZDEV_SITE_ID key + - zdev: Use rename-file to avoid any symlinks created + - zipl/dump: fix ngdump dracut helper script + * * * * + * v2.27.0 + * Changes of existing tools: + - s390-tools cross-compile and non-s390x support: + - pkg-config is now mandatory for the build process + - Add PKG_CONFIG Makefile variable to select pkg-config program; + - default pkg-config or $(CROSS_COMPILE)pkg-config if + - CROSS_COMPILE is set + - Rename Makefile variable ARCH to HOST_ARCH. HOST_ARCH is the + architecture that will run the produced (executable) objects + - Add the Makefile variable BUILD_ARCH. BUILD_ARCH is the + architecture of the build system. For each Makefile variable like + CC, LINK, CPP, ... there is a suffixed version of it - e.g. + CC_FOR_BUILD. This is useful for cross compiling, and this naming + convention is very similar to the Meson convention (see + https://mesonbuild.com/Reference-tables.html#environment-variables-per-machine). + - Limit build targets for non-s390x architectures (pvattest) + - dasdfmt: Fall back to full format if space release fails + - dbginfo.sh: Add nstat for network and SNMP stats + - dbginfo.sh: Rework crypto data collection + - hyptop: Show thread util by default + - zipl: Add support for list-directed IPL dump from ECKD DASD + * Bug Fixes: + - lszcrypt: Fix argument parsing + - zdev/dracut: Fix out-of-memory (OOM) situations in the kdump crashkernel environment + - ziomon/ziorep_config: Fix for SCSI devices of type disk without block dev + - pvextract-hdr: Fix parsing issues on little-endian systems + * * * * + * v2.26.0 + * Remove tools / libraries: + - Remove vmconvert and libvmdump in favor of vmdump file support in zdump + * Changes of existing tools: + - ipl_tools: Add support for list-directed IPL from ECKD DASD + - lszcrypt: Display hardware filtering support capability + - vmur: Remove option -c for dump file conversion (See zdump changes) + - zdev: Add zfcp ber_stop parameter handling + - zdump: Add vmdump dfi for vmdump format to elf format + - zkey: Support EP11 host library version + * Bug Fixes: + - zipl: Move dump parmline processing and verification + - zipl/genprotimg: Various build improvements + * * * * + * Removed obsolete IBM patches + - s390-tools-sles15sp5-zipl-boot-disable-Warray-bounds-for-now.patch + - s390-tools-sles15sp5-zkey-Support-EP11-host-library-version-4.patch + * Removed obsolete patches for bug 1208527, and bug 1206173 + - s390-tools-sles15sp5-01-zipl-boot-discard-.eh_frame-and-.interp-input-sectio.patch + - s390-tools-sles15sp5-02-zipl-boot-declare-that-no-executable-stack-is-requir.patch + - s390-tools-sles15sp5-03-zipl-boot-use-no-warn-rwx-segments-linker-flag.patch + - s390-tools-sles15sp5-04-zipl-boot-disable-build-id.patch + - s390-tools-sles15sp5-05-zipl-boot-simplify-objcopy-commands.patch + - s390-tools-sles15sp5-06-zipl-move-STAGE2_MAX_SIZE-and-STAGE1B_LOAD_ADDR-to-l.patch + - s390-tools-sles15sp5-07-zipl-boot-use-linker-scripts-for-all-bootloaders.patch + - s390-tools-sles15sp5-08-genprotimg-boot-declare-that-no-executable-stack-is-.patch + - s390-tools-sles15sp5-09-genprotimg-boot-use-no-warn-rwx-segments-linker-flag.patch + - s390-tools-sles15sp5-10-genprotimg-boot-disable-build-id.patch + - s390-tools-sles15sp5-11-genprotimg-boot-Makefile-simplify-objcopy-command.patch + - s390-tools-sles15sp5-12-genprotimg-boot-improve-linker-scripts.patch + - s390-tools-sles15sp5-13-genprotimg-boot-stage3b-add-size-check-to-the-linker.patch + - s390-tools-sles15sp5-14-genprotimg-boot-stage3b_reloc.bin-add-linker-script.patch + - s390-tools-sles15sp5-15-zipl-Embed-loader-data-directly-into-boot-object.patch + * Removed obsolete patch for bug 1209196 + - s390-tools-sles15sp5-lszcrypt-use-separate-index-for-inner-sub-device-loo.patch + * Removed obsolete patches for bug 1211008 + - s390-tools-sles15sp5-01-ziomon-ziorep_config-fix-missing-SG-major-minor-for-.patch + - s390-tools-sles15sp5-02-ziomon-ziorep_config-fix-for-SCSI-devices-of-type-di.patch + * Removed obsolete patch for bug 1213377 + - s390-tools-sles15sp5-01-zdev-add-missing-label-in-the-udev-rules.patch + * Removed obsolete patches for bug 1213852 + - s390-tools-sles15sp5-01-zdev-add-proper-value-input-for-the-ZDEV_SITE_ID-key.patch + - s390-tools-sles15sp5-02-zdev-use-rename-file-to-avoid-any-symlinks-created.patch + * Removed obsolete patch for bug 1214114 + - s390-tools-sles15sp5-dasdfmt-Fall-back-to-full-format-if-space-release-fa.patch + * Removed obsolete patch + - s390-tools-sles15sp5-fix-chown-commands-syntax.patch + +------------------------------------------------------------------- +Thu Nov 2 09:31:19 UTC 2023 - Nikolay Gueorguiev + +- Applied a patch (jsc#PED-6539, jsc#PED-6373) + * s390-tools-sles15sp6-zkey-Support-EP11-AES-keys-with-prepended-header-to-.patch +- Updated read_values.c (bsc#1214466, bsc#1214534) + * Update read_values.c to support the new IBM z Processors +- Updated SUSE's tools and their corresponding man pages (bsc#1216257) + * ctc_configure + * dasd_configure.opensuse + * dasd_configure.8 + * dasd_configure.suse + * mkdump.pl.opensuse + * mkdump.pl.suse + * qeth_configure + * qeth_configure.8 + * zfcp_disk_configure + * zfcp_disk_configure.8 + * zfcp_host_configure.8 + * zfcp_host_configure +- Updated cputype script + * Amended cputype to support the new IBM z Processors + +------------------------------------------------------------------- +Mon Aug 21 13:29:47 UTC 2023 - Nikolay Gueorguiev + +- Applies patches (bsc#1213377, bsc#1213852, bsc#1214114) + * s390-tools-sles15sp5-01-zdev-add-missing-label-in-the-udev-rules.patch + * s390-tools-sles15sp5-01-zdev-add-proper-value-input-for-the-ZDEV_SITE_ID-key.patch + * s390-tools-sles15sp5-02-zdev-use-rename-file-to-avoid-any-symlinks-created.patch + * s390-tools-sles15sp5-dasdfmt-Fall-back-to-full-format-if-space-release-fa.patch + +------------------------------------------------------------------- +Thu May 4 11:06:54 UTC 2023 - Nikolay Gueorguiev + +- Applied patches for ziomon: fix for SCSI devices of type disk without block dev + (bsc#1211008) + * s390-tools-sles15sp5-01-ziomon-ziorep_config-fix-missing-SG-major-minor-for-.patch + * s390-tools-sles15sp5-02-ziomon-ziorep_config-fix-for-SCSI-devices-of-type-di.patch + +------------------------------------------------------------------- +Tue May 2 11:40:12 UTC 2023 - Nikolay Gueorguiev + +- Applies a fix, splitting of rd.zdev-parameters, in + * s390-tools-ALP-zdev-live.patch + +------------------------------------------------------------------- +Wed Apr 19 11:59:50 UTC 2023 - Nikolay Gueorguiev + +- Tailored the .spec, added a patch + * s390-tools-ALP-zdev-live.patch + +------------------------------------------------------------------- +Thu Mar 23 12:45:57 UTC 2023 - Nikolay Gueorguiev + +- Allow activation of devices at boot via kernel command line + for live installation media (jsc#PED-2975) + * Added a Source dracut-zdev-live-20230321.tar + * Updated the .spec file for the new Source +- Amended read_value.c + +------------------------------------------------------------------- +Mon Mar 13 10:56:44 UTC 2023 - Nikolay Gueorguiev + +- Applied a patch (bsc#1209196) + * s390-tools-sles15sp5-lszcrypt-use-separate-index-for-inner-sub-device-loo.patch + +------------------------------------------------------------------- +Wed Mar 8 09:10:20 UTC 2023 - Nikolay Gueorguiev + +- Updated cputype (bsc#1208983) + * Changed the script to avoid "/usr/bin/cputype: line xx: nnnn: command not found", + when machine type was found more than once in the /proc/cpuinfo. + +------------------------------------------------------------------- +Tue Feb 21 13:46:33 UTC 2023 - Nikolay Gueorguiev + +- Applied the following patches (bsc#1208527, bsc#1206173) + * s390-tools-sles15sp5-01-zipl-boot-discard-.eh_frame-and-.interp-input-sectio.patch + * s390-tools-sles15sp5-02-zipl-boot-declare-that-no-executable-stack-is-requir.patch + * s390-tools-sles15sp5-03-zipl-boot-use-no-warn-rwx-segments-linker-flag.patch + * s390-tools-sles15sp5-04-zipl-boot-disable-build-id.patch + * s390-tools-sles15sp5-05-zipl-boot-simplify-objcopy-commands.patch + * s390-tools-sles15sp5-06-zipl-move-STAGE2_MAX_SIZE-and-STAGE1B_LOAD_ADDR-to-l.patch + * s390-tools-sles15sp5-07-zipl-boot-use-linker-scripts-for-all-bootloaders.patch + * s390-tools-sles15sp5-08-genprotimg-boot-declare-that-no-executable-stack-is-.patch + * s390-tools-sles15sp5-09-genprotimg-boot-use-no-warn-rwx-segments-linker-flag.patch + * s390-tools-sles15sp5-10-genprotimg-boot-disable-build-id.patch + * s390-tools-sles15sp5-11-genprotimg-boot-Makefile-simplify-objcopy-command.patch + * s390-tools-sles15sp5-12-genprotimg-boot-improve-linker-scripts.patch + * s390-tools-sles15sp5-13-genprotimg-boot-stage3b-add-size-check-to-the-linker.patch + * s390-tools-sles15sp5-14-genprotimg-boot-stage3b_reloc.bin-add-linker-script.patch + * s390-tools-sles15sp5-15-zipl-Embed-loader-data-directly-into-boot-object.patch + +------------------------------------------------------------------- +Thu Feb 16 16:24:33 UTC 2023 - José Gómez + +- Implemented read_values -u. The result of -u is a unique identifier composed of: + * Machine Serial Number. + * LPAR Name. + * VM Name (can be optional). + +------------------------------------------------------------------- +Mon Feb 6 17:00:40 UTC 2023 - Nikolay Gueorguiev + +- Added patch (bsc#1207947) + * s390-tools-sles15sp5-zkey-Support-EP11-host-library-version-4.patch + +------------------------------------------------------------------- +Wed Jan 11 15:39:38 UTC 2023 - Nikolay Gueorguiev + +- Updated read_values.c for z16 machine type (bsc#1206832) + * Added the IBM LinuxONE Emperor 4 machine type + * Updated the z16 machine type to IBM z16 A01 + +------------------------------------------------------------------- +Tue Jan 10 08:22:05 UTC 2023 - Nikolay Gueorguiev + +- Updated read_values.c for z16 machine type (bsc#1206832) + +------------------------------------------------------------------- +Tue Dec 27 13:19:41 UTC 2022 - Ludwig Nussel + +- Replace transitional %usrmerged macro with regular version check (boo#1206798) + +------------------------------------------------------------------- +Mon Dec 12 15:05:48 UTC 2022 - Nikolay Gueorguiev + +- Updated to version 2.25.0 (jsc#PED-627) + * __v2.25.0 (2022-12-12)__ + For Linux kernel version: 6.1 + Changes of existing tools: + - ap_tools: Use new mdevctl installation location + - lsdasd/tunedasd/zdev: Add support to handle copy pair relations presented by the DASD driver + - zdev: Add --shell command line switch to generate output suitable for shell environments + - zipl: Add List-Directed IPL from ECKD DASD to support secure boot + Bug Fixes: + - ipl_tools: Fix chreipl node for NVMes with CONFIG_NVME_MULTIPATH + - libdasd: Fix bug that prevented positive ioctl return codes +- Updated s390-tools-sles15sp5-fix-chown-commands-syntax.patch to fit the current version +- Removed obsolete Patch002, and Patch003 + # Patch002: s390-tools-sles15sp5-util_lockfile-fix-includes.patch + # Patch003: s390-tools-sles15sp5-ap_tools-ap-check-use-new-mdevctl-install-location.patch + +------------------------------------------------------------------- +Tue Dec 6 19:39:22 UTC 2022 - Mark Post + +- Made extensive changes to the spec file to accomodate building + this package on both openSUSE, which has implemented the + "usrmerge" project, and SLES, which has not. This was accomplished + by checking the usrmerged variable, and setting the value of the + _mysbindir variable, accordingly. The files identified in the + Thu May 26 2022 changelog entry, and also listed below, now have + two versions. One for SLES, and one for openSUSE, with either + ".suse" or ".opensuse" appended to the file name. The appropriate + SOURCE variable is selected based on the usrmerged variable, and + installed with the ".suse" or ".opensuse" suffix stripped from + the name. + * 59-graf.rules + * dasd_configure + * dasd_reload + * detach_disks.sh + * iucv_configure + * killcdl + * mkdump.pl + * README.SUSE + * s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch + * virtsetup.sh + * vmlogrdr.service + +------------------------------------------------------------------- +Mon Nov 28 14:26:18 UTC 2022 - Mark Post + +- Updated to version 2.24.0 (jsc#PED-627) + * __v2.24.0 (2022-11-09)__ + For Linux kernel version: 6.0 + Add new tools / libraries: + - Provide config files for checkpatch, codespell, and clang-format + Changes of existing tools: + - dbginfo.sh: Collect log from various distro tools (YaST, DNF, Anaconda) + - dbginfo.sh: add Kubernetes data collection + - libutil: Introduce util_lockfile + - zdev: Add site-aware device configuration + - zdump: Add support to read Protected Virtualization dumps + - zipl/boot: Add secure boot trailer + Bug Fixes: + - ap_tools/ap-check: Reject start for control domains without usage + - cpumf/lshwc: Fix incremented counter output + - cpumf/pai: Fix core dump when summary flag set + - dbginfo.sh: Ensure compatibility with /bin/dash shell + - dbginfo.sh: Save dbginfo.sh version to dbginfo.log + - zipl/src/zipl_helper.device-mapper: Fix bug in error path + * __v2.23.0 (2022-08-18)__ + For Linux kernel version: 5.19 + Changes of existing tools: + - Makefile: use common Make definition for DRACUTDIR + - Makefile: use common Make definition for UDEVDIR and UDEVRULESDIR + - cpacfstats: Add PAI and hotplug support + - cpumf/pai: Omit file write progress information + - dbginfo.sh: Get more details on lspci command + - dumpconf: Prevent running the service in containers + - libcpumf: Detect PMU named pai_ext + - pvattest: Improve error reporting and logging + - zdev: Add some --type ap examples to manpages + - zkey: Use default benchmarked Argon2i with LUKS2 + Bug Fixes: + - dbginfo.sh: Fix accidental ftrace buffer shrinkage/free + - genprotimg: Fix BIO_reset() returncode handling + - libpv: Fix dependency checking + - pvattest: Fix dependency checking + - zipl: Fix segmentation fault when no parmline is provided + * __v2.22.0 (2022-06-20)__ + For Linux kernel version: 5.18 + Add new tools / libraries: + - ap_tools: Introduce ap_tools and the ap-check tool + - cpumf/pai: Add Processor Activity Instrumentation tool + - libpv: New library for PV tools + - pvattest: Add new tool to create, perform, and verify attestation measurements + - zipl/zdump: Add Next Gen Dump (NGDump) support + Changes of existing tools: + - Move man pages to System commands section (lscpumf, lshwc, pai, dbginfo.sh, zfcpdbf, zipl-switch-to-blscfg) + - README.md: Add 70-chreipl-fcp-mpath.rules to the list of udev rule descriptions + - Remove SysV related daemon scripts (cpacfstatsd, cpuplugd, mon_statd) + - genprotimg: Move man page to section 1 for user commands + - hyptop: increase initial update interval + - libseckey: Adapt keymgmt_match() implementation to OpenSSL + - libutil: Add util_exit_code + - libutil: Introduce util_udev + - zdev: Introduce the ap device type + - zipl-editenv: Add zIPL multienvironment support + - zipl: Implement sorting BLS entries by versions + - zkey: Add initramfs hook + Bug Fixes: + - cmsfs-fuse: Fix enabling of hard_remove option + - s390-tools: Fix typos that were detected by lintian as 'typo-in-manual-page' + - zkey-kmip: Fix possible use after free + - zkey: Fix EP11 host library version checking + - zkey_kmip: Setup ext-lib once the APQNs have been configured + * __v2.21.0 (2022-04-20)__ + For Linux kernel version: 5.17 + Add new tools / libraries: + - libcpumf: Create library libcpumf for CPU Measurement functions + Changes of existing tools: + - chreipl-fcp-mpath: bundle a pre-cooked version of the manpage for build + environments without access to `pandoc` + - dbginfo.sh: Add multipath info to map paths to FC addressing and prio group + - dbginfo.sh: Collect config files of systemd-modules-load.service + - dbginfo.sh: Sort list of environment variables for readability + - dbginfo.sh: Replace "which" by builtin command "type" + - dbginfo.sh: Rework script formatting (indents, order) + - dbginfo.sh: Update sysfs collection (excludes, messages) + - genprotimg: Add Protected Virtualization (PV) dump support + - genprotimg: Remove DigiCert root CA pinning + - lszcrypt: Add CEX8S support + - zcryptctl: Add control domain handling + - zcryptstats: Add CEX8 support + - zipl: Allow optional entries that are left out when files are missing + - zipl: make IPL sections defined with BLS to inherit a target field + - zpcictl: Add option to trigger firmware reset + Bug Fixes: + - cpictl: Handle excessive kernel version numbers + - dbginfo.sh: Collect all places where modprobe.d config files could exist + - fdasd: Fix endless menu loop on EOF + - zdump/dfi: Fix segfault due to double free + - zdump: Fix /dev/mem reading + - zpcictl: Fix race of SCLP reset and Linux recovery + * __v2.20.0 (2022-02-04)__ + For Linux kernel version: 5.16 + Add new tools / libraries: + - Add EditorConfig configuration + Changes of existing tools: + - s390-tools switches to Fuse 3 as Fuse 2 is deprecated. + Affected tools: cmsfs, hmcdrvfs, hsavmcore, zdsfs, zdump + - chreipl-fcp-mpath: don't compress the manpage before installing it + - cpictl: Report extended version information + - genprotimg: Add extended kernel command line support + - zdev: modify the lsblk output parser in lszdev + - zipl: Add support for longer kernel command lines (now supports up to 64k length) + Bug Fixes: + - cpictl: Suppress messages for unwritable sysfs files + - dbginfo.sh: Fix missing syslog for step create_package + - lshwc: Fix CPU list parameter setup for device driver + - zdev: Check for errors when removing a devtype setting + - zdev: Fix path resolution for multi-mount point file systems +- Updated s390-tools-sles15sp3-remove-no-pie-link-arguments.patch + to fit the new version, and renamed it to + s390-tools-sles15sp5-remove-no-pie-link-arguments.patch. +- Added s390-tools-sles15sp5-util_lockfile-fix-includes.patch to fix a + compilation problem. One source file was missing an include statement + for unistd.h. +- Added s390-tools-sles15sp5-ap_tools-ap-check-use-new-mdevctl-install-location.patch + An executable binary was being installed under /etc, which is + an FHS violation. +- Modified spec file to + * Change BuildRequires for fuse-devel to fuse3-devel. + * Remove obsolete BuildRequires for libpfm-devel + * Add a BuildRequires for mdevctl and systemd-devel + * Added a %files entry for dir %{_prefix}/lib/dracut/modules.d/99ngdump + * Added %config(noreplace) for the new file %{_sysconfdir}/ziplenv + * Uncomment the %files entry for %{_mandir}/man7/chreipl-fcp-mpath.7%{?ext_man} + Specifying ENABLE_DOC=1 is no longer needed for it to be generated. + * Add %dir entries for + %{_prefix}/lib/mdevctl, + %{_prefix}/lib/mdevctl/scripts.d, and + %{_prefix}/lib/mdevctl/scripts.d/callouts + NOTE that these directories do not belong to this package, but + the mdevctl package has yet to be updated to claim them. So, + until that happens, we have to temporarily claim ownership of + them for the s390-tools package to build. +- Updated the s390-tools-rpmlintrc file to suppress two warnings about + the /boot/zipl/active_devices.txt file. +- Removed the following obsolete patches: + * s390-tools-sles15sp4-chreipl-fcp-mpath-don-t-compress-the-manpage-before-.patch + * s390-tools-sles15sp4-chreipl-fcp-mpath-remove-shebang-from-chreipl-fcp-mp.patch + * s390-tools-sles15sp4-zdev-modify-the-lsblk-output-parser-in-lszdev.patch + * s390-tools-sles15sp4-zdev-Fix-path-resolution-for-multi-mount-point-file-.patch + * s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinning.patch + * s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch + * s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch + * s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch + * s390-tools-sles15sp4-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch + * s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch + * s390-tools-sles15sp4-hyptop-increase-initial-update-interval.patch + * s390-tools-sles15sp4-zipl-boot-add-secure-boot-trailer.patch +- Added s390-tools-sles15sp5-zipl-boot-disable-Warray-bounds-for-now.patch + With this version, the same false positive of "array subscript 0 + is outside array bounds" that was previously seen in the + genprotimage/boot directory is now happening in zipl/boot. +- Added s390-tools-sles15sp5-fix-chown-commands-syntax.patch to + eliminate a bunch of warnings. The new version of chown complains + if the deprecated 'owner.group' syntax is used instead of the + 'owner:group' syntax. + +------------------------------------------------------------------- +Thu Nov 3 16:17:13 UTC 2022 - Mark Post + +- Added s390-tools-sles15sp4-zipl-boot-add-secure-boot-trailer.patch + for bsc#1204965. New IBM Z firmware requires all signed boot + images to contain a trailing data block with a specific format. + +------------------------------------------------------------------- +Mon Jul 18 15:41:43 UTC 2022 - Mark Post + +- Added s390-tools-sles15sp4-hyptop-increase-initial-update-interval.patch + for bsc#1201412. Initial iteration of hyptop can produce bloated values + independent from the update delay set by the user. + +------------------------------------------------------------------- +Thu Jun 2 16:45:38 UTC 2022 - Mark Post + +- Added s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch + to fix a build failure with gcc12. With gcc12, a "false positive" + of "array subscript 0 is outside array bounds" is seen in + genprotimg/boot/stage3a.c (bsc#1200131). + +------------------------------------------------------------------- +Thu May 26 17:03:32 UTC 2022 - Mark Post + +- Modifed the spec file to install all binaires in /usr/sbin instead of /sbin + to align with the "usrmerge" initiative in openSUSE. (bsc#1195914) Also + modified the following files that SUSE provides that need to reflect this + change: + * 59-graf.rules + * dasd_configure + * dasd_reload + * detach_disks.sh + * iucv_configure + * killcdl + * mkdump.pl + * README.SUSE + * s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch + * virtsetup.sh + * vmlogrdr.service +- Added s390-tools-sles15sp4-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch + for bsc#1199649. zkey: KMIP plugin fails to connection to KMIP server + When a zkey key repository is bound to the KMIP plugin, and the + connection to the KMIP server is to be configired using command + 'zkey kms configure --kmip-server ', it fails to connect + to the specified KMIP server. +- Added s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch + to fix a build failure with gcc12. With gcc12, a "false positive" + of "array subscript 0 is outside array bounds" is seen in + genprotimg/boot/stage3a.c (bsc#1200131). + +------------------------------------------------------------------- +Tue May 3 18:10:58 UTC 2022 - Mark Post + +- Added s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch + for bsc#1199128. zgetdump --info may lead to a core dump when + issued for the device node (not a partition) right after + installing multi-volume dump tool (without taking actual dump). + +------------------------------------------------------------------- +Thu Apr 14 13:57:12 UTC 2022 - Mark Post + +- Updated the cputype script to include the model number of IBM's + recently announced z16 processor. + +------------------------------------------------------------------- +Mon Apr 11 21:11:48 UTC 2022 - Mark Post + +- Added the following patches for bsc#1198285: + s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinning.patch + s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch + The certificate verification of check_hostkeydoc is too strict and + doesn't match the checking performed by genprotimg. +- Added the following patch for bsc#1198284: + s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch + When re-enciphering the identity key and/or wrapping key of the + zkey KMIP plugin via 'zkey kms reencipher', the operation + completes without an error, but the secure keys are left + un-reenciphered. + +------------------------------------------------------------------- +Fri Mar 4 13:55:43 UTC 2022 - Martin Wilck + +- install modprobe.conf files into %_modprobedir (bsc#1196275, jsc#SLE-20639) + +------------------------------------------------------------------- +Tue Feb 22 19:37:07 UTC 2022 - Mark Post + +- Added s390-tools-sles15sp4-zdev-modify-the-lsblk-output-parser-in-lszdev.patch + for bsc#1196255. Version 2.37+ of util-linux modified the output + characters of lsblk,which breaks the parser function. +- Added s390-tools-sles15sp4-zdev-Fix-path-resolution-for-multi-mount-point-file-.patch + for bsc#1196254. Path resolution fails when a device provides + multiple mount points such as, for example, when using btrfs + subvolumes, or when mounting the same file system at multiple + mount points. + +------------------------------------------------------------------- +Wed Jan 12 21:27:13 UTC 2022 - Mark Post + +- Upgraded to version 2.19.0 (jsc#SLE-18324) + * v2.19.0 (2021-11-10)__ + Add new tools / libraries: + - chreipl-fcp-mpath: New toolset that uses multipath information to change + the configured FCP re-IPL path on detecting issues with the current path + Changes of existing tools: + - dbginfo.sh: Add retry timeout and remove possible blocking "blockdev --report" + - dbginfo.sh: Collect config- and debug-data for chreipl-fcp-mpath + - hsci: Add support for multiple MAC addresses + Bug Fixes: + - lshwc: Fix compile error for gcc <8.1 + - zdump: Various clean-ups and fixes + - ziomon: Correct throughput calculation in ziorep_printers + - zipl: Fix segmentation fault when setting stage3_parms + * v2.18.0 (2021-10-01)__ + Add new tools: + - scripts: Add tool for parsing sclp s390dbf logs + - zdev: Add udev rule helper tool + - zipl-editenv: Add tool to operate with zIPL environment installed in the boot record + Changes of existing tools: + - Makefile: Fix order of build of libraries for parallel builds + - dbginfo.sh: Add collection in area of timedate, coredump and --check option + - dbginfo.sh: Add exception on dump2tar for /sys/kernel/mm/page_idle/bitmap + - dbginfo.sh: Cleanup of outdated sections and general code rework + - dbginfo.sh: Collect zipl boot menu entries from boot loader specification + - lszcrypt: Add support for vfio-ap status field + - lszcrypt: Improved output for deconfig cards and queues + - lszfcp: Add linkdown case to host marker of extended output + - zdev: Add auto-config for PCI and crypto devices + - zdump: Introduce multi-level message logging + - zipl: Add support for environment block interpretation + - zkey-cryptsetup: Support LUKS2 volumes with integrity support enabled + Bug Fixes: + - hsavmcore: Avoid recompilation of overlay during install step + - libkmipclient: Fix parsing of hex values for XML and JSON encoding + - vmur/vmur.cpp: Fix error handling on transfer failure + - zdump: Lots of smaller fixes across the board + * v2.17.0 (2021-07-07)__ + Add new tools / libraries: + - hsavmcore: New utility to make the dump process with kdump more efficient + - libkmipclient: Add KMIP client shared library + - libseckey: Add a secure key library + - lshwc: New tool to extract and list complete counter sets + Changes of existing tools: + - genprotimg: Add '--(enable|disable)-pckmo' options + - genprotimg: Add OpenSSL 3.0 support + - genprotimg: Change plaintext control flags defaults so PCKMO functions are allowed + - libutil: Introduce multi-level message logging (util_log) + - libutil: Introduce util_arch module + - udev/dasd: Change DASD udev-rule to set none scheduler + - zdsfs: Add transparent codepage conversion + - zkey: Add support for KMIP-based key management systems + Bug Fixes: + - ttyrun-getty: Avoid conflicts with serial-getty@ + - dbginfo: add /proc/kallsyms - refresh zVM, lscpu - fix WORKARCHIVE handling + - dbginfo: add KVM data collection for server and guest - fix lszdev + - genprotimg: Add missing return values in error paths + - zkey: Fix conversion of CCA DATA keys to CCA CIPHER keys + - znetconf: avoid conflict with "chzdev -e" + * v2.16.0 (2021-02-19)__ + Add new tool: + - hsci: New tool to manage HSCI (HiperSockets Converged Interfaces) + Changes of existing tools: + - genprotimg: Add host-key document verification support + - genprotimg: boot: Make boot loader -march=z900 compatible + - libekmfweb: Make install directory for shared libraries configurable + - lsdasd: Add FC Endpoint Security information + - make: Add address sanitizer support + - netboot: Add version information to scripts + - netboot: Bump busybox version in pxelinux.0 build + - zdev: Add FC Endpoint Security information for DASD devices + - zdev: Add build option to update initial RAM-disk by default + - zkey-ekmfweb: Avoid sequence number clash when generating keys + - zkey/zkey-ekmfweb: Install KMS plugins into configurable location + - zkey: Add support to store LUKS2 dummy passphrase in key repository + Bug Fixes: + - dasdfmt: Fix segfault when an incorrect option is specified + - genprotimg: Fix several build issues + - genprotimg: Require argument for 'ramdisk' and 'parmfile' options + - zcryptstats: Fix handling of partial results with many domains + - zfcpdbf: Deal with crash 7.2.9 change in caller name formatting + - zipl/boot: Fix memory use after free in stage2 + - zipl/boot: Fix potential heap overflow in stage2 + - zipl: Fix reading 4k disk's geometry +- Added the following two IBM patches: + * s390-tools-sles15sp4-chreipl-fcp-mpath-don-t-compress-the-manpage-before-.patch + * s390-tools-sles15sp4-chreipl-fcp-mpath-remove-shebang-from-chreipl-fcp-mp.patch +- Removed the following obsolete patches + * s390-tools-sles15sp3-dasdfmt-Fix-segfault-when-an-incorrect-option-is-spe.patch + * s390-tools-sles15sp3-libutil-Compare-proc-entries-to-vfstype.patch + * s390-tools-sles15sp3-01-zdev-Add-FC-Endpoint-Security-information-for-DASD-d.patch + * s390-tools-sles15sp3-02-lsdasd-Add-FC-Endpoint-Security-information.patch + * s390-tools-sles15sp3-hsci-Add-new-tool-to-control-HiperSockets-Converged-.patch + * s390-tools-sles15sp3-zcryptstats-Fix-handling-of-partial-results-with-man.patch + * s390-tools-sles15sp3-01-genprotimg-abort-if-one-of-the-recursive-targets-is-.patch + * s390-tools-sles15sp3-02-genprotimg-fix-two-memory-leaks.patch + * s390-tools-sles15sp3-03-genprotimg-require-argument-for-ramdisk-and-parmfile.patch + * s390-tools-sles15sp3-04-genprotimg-add-host-key-document-verification-suppor.patch + * s390-tools-sles15sp3-zkey-Fix-APQN-property-names.patch + * s390-tools-sles15sp3-zipl-fix-4k-scsi-ipl.patch + * s390-tools-sles15sp3-dasd-change-DASD-udev-rule-to-set-none-scheduler.patch + * s390-tools-sles15sp3-check-return-code-from-util_file_read_l.patch + * s390-tools-sles15sp3-dbginfo.sh-exclude-page_idle-bitmap.patch +- Removed an obsolete "export ROOT_BUILD_DIR" statement from the spec file. +- Removed unnecessary defattr statements in the files section. + +------------------------------------------------------------------- +Fri Nov 12 18:05:00 UTC 2021 - Mark Post + +- Added s390-tools-sles15sp3-dbginfo.sh-exclude-page_idle-bitmap.patch + Reading /sys/kernel/mm/page_idle/bitmap can cause hang up on + reading offline pages. (bsc#1192599) +- Added %{version} to the Requires: libekmfweb1 for the + libekmfweb1-devel package. + +------------------------------------------------------------------- +Mon Oct 18 17:51:04 UTC 2021 - Mark Post + +- Updated the spec file to correspond to the changes made to the + location and name of the kernel image in the kernel-zfcpdump + package (bsc#1189841) +- Did some spec file cleanup based on the recommendations from + spec-cleaner. + +------------------------------------------------------------------- +Fri Jun 18 20:55:06 UTC 2021 - Mark Post + +- Reworked s390-tools-sles15sp2-Implement-Y-yast_mode.patch (yet + again). If more DASD volumes are to be formatted than are allowed + by the "maximum number to do in parallel" parameter, dasdfmt + waits until one of the child processes ends before starting another. + For YaST to be able to figure out how many cylinders a particular + DASD volume has, that information has to be output for _all_ of the + volumes, before any of the child processes are spawned. + (bsc#1187012) + +------------------------------------------------------------------- +Wed May 26 21:13:23 UTC 2021 - Mark Post + +- Modified the following patches to correct the output from the + dasdfmt command when *not* using "YaST mode." (bsc#1182816, bsc#1182820) + * s390-tools-sles15sp3-Format-devices-in-parallel.patch + * s390-tools-sles15sp3-Implement-Y-yast_mode.patch + +------------------------------------------------------------------- +Thu May 6 13:59:15 UTC 2021 - Mark Post + +- Modified s390-tools-sles15-Implement-Y-yast_mode.patch by adding + a fflush(stdout) statement so that the dasdfmt command would + produce the correct output for YaST. (bsc#1182816, bsc#1182820) +- Modified s390-tools-sles15-Implement-f-for-backwards-compability.patch + to have the correct offset for hunk #2 to apply without warnings. + +------------------------------------------------------------------- +Wed Apr 14 18:13:27 UTC 2021 - Mark Post + +- Added s390-tools-sles15sp3-dasd-change-DASD-udev-rule-to-set-none-scheduler.patch + dasd: change default scheduler to reduce CPU consumption (bsc#1183810) +- Modified s390-tools-sles12-create-filesystem-links.patch to fit after + applying s390-tools-sles15sp3-dasd-change-DASD-udev-rule-to-set-none-scheduler.patch +- Removed 59-dasd.rules-wait_for.patch obsoleted by bsc#1183810. + +------------------------------------------------------------------- +Mon Mar 8 20:52:57 UTC 2021 - Mark Post + +- Added s390-tools-sles15sp3-zipl-fix-4k-scsi-ipl.patch (bsc#1183039) + IPL is not working when bootloader is installed on a SCSI disk + with 4k physical blocksize without using a devicemapper target. +- Added s390-tools-sles15sp3-remove-no-pie-link-arguments.patch so + that we can build on systems with binutils 2.36 and higher. Without + this, the build fails because that version of the ld command + doesn't recognize "-no-pie" an acceptable argument. +- Updated the mkdump.pl script to make the name of the temporary + configuration file in /tmp/ unpredictable. (bsc#1182876) + +------------------------------------------------------------------- +Sat Feb 27 23:07:46 UTC 2021 - Mark Post + +- Updated detach_disks.sh to not use predictable temporary file + names. (bsc#1182777, CVE-2021-25316) +- Made for the following changes for bsc#1182816: + * Updated s390-tools-sles15sp3-Format-devices-in-parallel.patch to + change all instances of the progress bar from printing "#" to + printing the process number of the DASD volume being formatted. + * Updated s390-tools-sles15sp3-Implement-Y-yast_mode.patch to print + out the numbder of cylinders in a device, as was done in the + prior versions of this patch, but was missed when modifying it + for SLES15 SP3. + * Added s390-tools-sles15sp3-check-return-code-from-util_file_read_l.patch + because otherwise a warning message from dasdfmt is being generated + that could interfere with YaST properly processing the progress + of the formatting process. + +------------------------------------------------------------------- +Wed Feb 17 20:47:26 UTC 2021 - Mark Post + +- Added s390-tools-sles15sp3-zkey-Fix-APQN-property-names.patch + (bsc#1182113) + Problem: The KMS configuration property names to store the CCA and + EP11 APQNs are incorrect, i.e. swapped. + Solution: Correct the KMS configuration property names. + +------------------------------------------------------------------- +Thu Jan 28 21:23:35 UTC 2021 - Mark Post + +- Moved %dir %{_libdir}/zkey and %{_libdir}/zkey/zkey-ekmfweb.so + from the libekfmweb1 package to the main package since it is a + plugin for the zkey command, and not a shared library. + (bsc#1180534) + +------------------------------------------------------------------- +Mon Dec 7 17:53:46 UTC 2020 - Mark Post + +- Upgraded to version 2.15.1. (bsc#1178250, jsc#SLE-13663) +- Added s390-tools-sles15sp3-dasdfmt-Fix-segfault-when-an-incorrect-option-is-spe.patch + (bsc#1178313). When specifying an incorrect program option, dasdfmt segfaults + as the format string for the corresponding error message has no parameter. +- Added s390-tools-sles15sp3-libutil-Compare-proc-entries-to-vfstype.patch + (bsc#1178315). The fdasd command was failing if sysfs was mounted this way: + mount -t sysfs none /sys + To make sure that the mount point of the sysfs is still found when mounted + with a device keyword specified other than 'sysfs', check for the filesystem + type instead, which is more specific. +- Added the following patches for bsc#1178427, and jsc#SLE-13768, + Log DASD info for endpoint security + * s390-tools-sles15sp3-01-zdev-Add-FC-Endpoint-Security-information-for-DASD-d.patch + * s390-tools-sles15sp3-02-lsdasd-Add-FC-Endpoint-Security-information.patch +- Added the following patch for bsc#1178628 and jsc#SLE-13765, Converged + HiperSockets/Ethernet Interface + * s390-tools-sles15sp3-hsci-Add-new-tool-to-control-HiperSockets-Converged-.patch +- Added the following patches for bsc#1178992 and jsc#SLE-13772, Add host-key + document verification support to genprotimg. + * s390-tools-sles15sp3-01-genprotimg-abort-if-one-of-the-recursive-targets-is-.patch + * s390-tools-sles15sp3-02-genprotimg-fix-two-memory-leaks.patch + * s390-tools-sles15sp3-03-genprotimg-require-argument-for-ramdisk-and-parmfile.patch + * s390-tools-sles15sp3-04-genprotimg-add-host-key-document-verification-suppor.patch +- Added the following patch for bsc#1178734. Running zcryptstats when many domains + are available per cryto card does not produce any output, and is hanging in a loop. + * s390-tools-sles15sp3-zcryptstats-Fix-handling-of-partial-results-with-man.patch +- Reworked and renamed the following patches to accommodate changes made by IBM + to the structure of the dasdfmt command. + * s390-tools-sles15-Allow-multiple-device-arguments.patch renamed to + s390-tools-sles15sp3-Allow-multiple-device-arguments.patch. + * s390-tools-sles15-Format-devices-in-parallel.patch renamed to + s390-tools-sles15sp3-Format-devices-in-parallel.patch + * dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch renamed to + s390-tools-sles15sp3-dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch + * s390-tools-sles15-Implement-f-for-backwards-compability.patch renamed to + s390-tools-sles15sp3-Implement-f-for-backwards-compability.patch renamed to + * s390-tools-sles15-Implement-Y-yast_mode.patch + s390-tools-sles15sp3-Implement-Y-yast_mode.patch + +------------------------------------------------------------------- +Tue Oct 27 23:06:45 UTC 2020 - Mark Post + +- Upgraded to version 2.15.0 (jsc#SLE-13662, jsc#SLE-13663, + jsc#SLE-13667, jsc#SLE-13724, jsc#SLE-13728, jsc#SLE-13730, + jsc#SLE-13739, jsc#SLE-13744, jsc#SLE-13751, jsc#SLE-13755, + jsc#SLE-13765, jsc#SLE-13768, jsc#SLE-13777, jsc#SLE-13814, + jsc#SLE-13819, jsc#SLE-13820) +- Reworked s390-tools-sles12-sysconfig-compatible-dumpconf.patch to fit the + current version and renamed it to s390-tools-sles15-sysconfig-compatible-dumpconf.patch +- Removed the following obsolete patches: + * s390-tools-sles15sp2-01-zkey-Separate-and-rework-CCA-host-library-loading.patch + * s390-tools-sles15sp2-02-zkey-Move-utility-functions-into-separate-source-fil.patch + * s390-tools-sles15sp2-03-zkey-Add-utility-function-to-get-the-serial-number-o.patch + * s390-tools-sles15sp2-04-zkey-Add-utility-function-to-get-the-mkvp-of-a-crypt.patch + * s390-tools-sles15sp2-05-zkey-add-function-to-iterate-over-all-available-CCA-.patch + * s390-tools-sles15sp2-06-zkey-Add-function-to-print-the-MKVPs-of-APQNs.patch + * s390-tools-sles15sp2-07-zkey-Add-function-to-cross-check-APQNs-for-valid-mas.patch + * s390-tools-sles15sp2-08-zkey-Add-function-to-obtain-the-mkvp-of-a-secure-key.patch + * s390-tools-sles15sp2-09-zkey-Display-MKVP-when-validating-a-secure-key.patch + * s390-tools-sles15sp2-10-zkey-Cross-check-APQNs-when-generating-secure-keys.patch + * s390-tools-sles15sp2-11-zkey-Cross-check-APQNs-when-validating-secure-keys.patch + * s390-tools-sles15sp2-12-zkey-Cross-check-APQNs-when-importing-secure-keys.patch + * s390-tools-sles15sp2-13-zkey-Cross-check-APQNs-when-changing-APQN-associatio.patch + * s390-tools-sles15sp2-14-zkey-Add-function-to-select-a-specific-CCA-adapter.patch + * s390-tools-sles15sp2-15-zkey-Add-function-to-select-a-CCA-adapter-by-mkvp.patch + * s390-tools-sles15sp2-16-zkey-Select-CCA-adapter-when-re-enciphering.patch + * s390-tools-sles15sp2-17-zkey-cryptsetup-Add-to-new-and-from-old-options.patch + * s390-tools-sles15sp2-18-zkey-Display-key-type-with-list-and-validate-command.patch + * s390-tools-sles15sp2-19-zkey-Allow-to-filter-list-output-by-key-type.patch + * s390-tools-sles15sp2-20-zkey-Allow-to-specify-the-key-type-with-the-generate.patch + * s390-tools-sles15sp2-21-zkey-Preparations-for-introducing-a-new-key-type.patch + * s390-tools-sles15sp2-22-zkey-Introduce-the-CCA-AESCIPHER-key-type.patch + * s390-tools-sles15sp2-23-zkey-Add-wrappers-for-the-new-IOCTLs-with-fallback-t.patch + * s390-tools-sles15sp2-24-zkey-Add-helper-functions-to-build-lists-of-APQNs.patch + * s390-tools-sles15sp2-25-zkey-Add-support-for-generating-AES-CIPHER-keys.patch + * s390-tools-sles15sp2-26-zkey-Add-support-for-validating-AES-CIPHER-keys.patch + * s390-tools-sles15sp2-27-zkey-Add-support-for-re-enciphering-AES-CIPHER-keys.patch + * s390-tools-sles15sp2-28-zkey-Check-crypto-card-level-during-APQN-cross-check.patch + * s390-tools-sles15sp2-29-zkey-Add-helper-function-to-query-the-CCA-firmware-v.patch + * s390-tools-sles15sp2-30-zkey-Add-helper-function-to-convert-secure-keys-betw.patch + * s390-tools-sles15sp2-31-zkey-Add-helper-function-to-restrict-export-of-secur.patch + * s390-tools-sles15sp2-32-zkey-Add-helper-function-to-check-an-AES-CIPHER-key.patch + * s390-tools-sles15sp2-33-zkey-Add-key-checks-when-importing-a-CCA-AESCIPHER-k.patch + * s390-tools-sles15sp2-34-zkey-Add-convert-command-to-convert-keys-from-one-ty.patch + * s390-tools-sles15sp2-35-zkey-Allow-zkey-cryptsetup-setkey-to-set-different-k.patch + * s390-tools-sles15sp2-zcrypt-CEX7S-exploitation-support.patch + * s390-tools-sles15sp2-zcryptstats-Add-support-for-CEX7.patch + * s390-tools-sles15sp2-zkey-Fix-listing-of-keys-on-file-systems-reporting-D.patch + * s390-tools-sles15sp2-zkey-Fix-display-of-clear-key-size-for-XTS-keys.patch + * s390-tools-sles15sp2-zkey-Fix-display-of-XTS-attribute-for-validate-comma.patch + * s390-tools-sles15sp2-zkey-Fix-display-of-clear-key-size-for-CCA-AESCIPHER.patch + * s390-tools-sles15sp2-01-zipl-libc-Introduce-vsnprintf.patch + * s390-tools-sles15sp2-02-zipl-libc-Fix-potential-buffer-overflow-in-printf.patch + * s390-tools-sles15sp2-03-zipl-libc-Replace-sprintf-with-snprintf.patch + * s390-tools-sles15sp2-04-zipl-libc-Indicate-truncated-lines-in-printf-with.patch + * s390-tools-sles15sp2-01-zpcictl-Initiate-recover-after-reset.patch + * s390-tools-sles15sp2-02-zpcictl-Rename-misleading-sysfs_write_data.patch + * s390-tools-sles15sp2-03-zpcitctl-Exit-on-error-in-sysfs_report_error.patch + * s390-tools-sles15sp2-01-zipl-fix-Wdiscarded-qualifiers.patch + * s390-tools-sles15sp2-02-zipl-fix-Waddress-of-packed-member.patch + * s390-tools-sles15sp2-03-zipl-remove-some-useless-__packed___-attributes.patch + * s390-tools-sles15sp2-04-zipl-Fix-entry-point-for-stand-alone-kdump.patch + * s390-tools-sles15sp2-05-zipl-Fix-dependency-generation-in-zipl-boot.patch + * s390-tools-sles15sp2-06-zipl-Make-use-of-__packed-macro.patch + * s390-tools-sles15sp2-07-zipl-define-__section-macro-and-make-use-of-it.patch + * s390-tools-sles15sp2-08-zipl-Make-use-of-__noreturn-macro.patch + * s390-tools-sles15sp2-09-zipl-Define-__noinline-macro-and-make-use-of-it.patch + * s390-tools-sles15sp2-10-zipl-stage3-Mark-start_kernel-__noreturn.patch + * s390-tools-sles15sp2-11-zipl-sclp-Remove-duplicate-macros.patch + * s390-tools-sles15sp2-12-zipl-Make-address-size-mask-macros-UL.patch + * s390-tools-sles15sp2-13-zipl-libc-Use-stdint.h-instead-of-self-defined-macro.patch + * s390-tools-sles15sp2-14-zipl-Consolidate-IMAGE-macros.patch + * s390-tools-sles15sp2-15-zipl-Consolidate-STAGE-2-3-macros.patch + * s390-tools-sles15sp2-16-zipl-stfle-use-uint64_t-instead-of-u64.patch + * s390-tools-sles15sp2-17-zipl-boot-fix-comment-in-stage3.lds.patch + * s390-tools-sles15sp2-18-lib-zt_common-add-STATIC_ASSERT-macro.patch + * s390-tools-sles15sp2-19-zipl-use-STATIC_ASSERT-macro-for-no-padding-verifica.patch + * s390-tools-sles15sp2-20-Support-lib-zt_common.h-to-be-used-in-assembler-and-.patch + * s390-tools-sles15sp2-21-zipl-move-IPL-related-definitions-into-separate-head.patch + * s390-tools-sles15sp2-22-zipl-move-SIGP-related-functions-and-definitions-int.patch + * s390-tools-sles15sp2-23-zipl-add-SIGP_SET_ARCHITECTURE-to-sigp.h-and-use-it.patch + * s390-tools-sles15sp2-24-zipl-stage3-make-IPL_DEVICE-definition-consistent-wi.patch + * s390-tools-sles15sp2-25-zipl-move-Linux-layout-definitions-into-separate-hea.patch + * s390-tools-sles15sp2-26-zipl-tape0-use-constants-defined-in-linux_layout.h.patch + * s390-tools-sles15sp2-27-zipl-use-STAGE3_ENTRY-for-STAGE3_LOAD_ADDRESS.patch + * s390-tools-sles15sp2-28-zipl-move-loaders-layout-definitions-into-separate-h.patch + * s390-tools-sles15sp2-29-zipl-s390.h-rename-inline-macro-into-__always_inline.patch + * s390-tools-sles15sp2-30-zipl-move-__always_inline-barrier-__pa32-pa-to-zt_co.patch + * s390-tools-sles15sp2-31-zipl-make-BLK_PWRT-unsigned-int.patch + * s390-tools-sles15sp2-32-Consolidate-MIN-and-MAX-macros.patch + * s390-tools-sles15sp2-33-zipl-remove-libc.h-include-in-s390.h.patch + * s390-tools-sles15sp2-34-zipl-move-s390.h-to-include-boot-s390.h.patch + * s390-tools-sles15sp2-35-zipl-libc-include-s390.h.patch + * s390-tools-sles15sp2-36-include-boot-s390.h-move-panic-and-panic_notify-to-l.patch + * s390-tools-sles15sp2-37-include-boot-s390.h-fixes-for-Werror-sign-conversion.patch + * s390-tools-sles15sp2-38-zipl-refactor-all-EBCDIC-code-into-separate-files.patch + * s390-tools-sles15sp2-39-zipl-sclp-add-macros-for-the-control-program-masks.patch + * s390-tools-sles15sp2-40-zipl-sclp-add-sclp_print_ascii.patch + * s390-tools-sles15sp2-41-zipl-libc-printf-print-on-linemode-and-ASCII-console.patch + * s390-tools-sles15sp2-42-Consolidate-ALIGN-__ALIGN_MASK-ARRAY_SIZE-macros.patch + * s390-tools-sles15sp2-43-genprotimg-boot-initial-bootloader-support.patch + * s390-tools-sles15sp2-44-genprotimg-boot-use-C-pre-processor-for-linker-scrip.patch + * s390-tools-sles15sp2-45-genprotimg-add-relocator-for-stage3b.patch + * s390-tools-sles15sp2-46-README.md-remove-useless-empty-line.patch + * s390-tools-sles15sp2-47-include-boot-s390.h-add-guard-for-struct-__vector128.patch + * s390-tools-sles15sp2-48-genprotimg-introduce-new-tool-for-the-creation-of-PV.patch + * s390-tools-sles15sp2-01-zipl-Add-missing-options-to-help-output.patch + * s390-tools-sles15sp2-02-zipl-allow-stand-alone-secure-option-on-command-l.patch + * s390-tools-sles15sp2-03-zipl-correct-secure-boot-config-handling.patch + * s390-tools-sles15sp2-04-zipl-fix-zipl.conf-man-page-example-for-secure-boot.patch + * s390-tools-sles15sp2-01-cpumf-add-new-deflate-counters-for-z15.patch + * s390-tools-sles15sp2-vmcp-exit-code.patch + * s390-tools-sles15sp2-zipl-prevent-endless-loop-during-IPL.patch + * s390-tools-sles15sp2-zipl-check-for-valid-ipl-parmblock-lowcore-pointer.patch + * s390-tools-sles15sp2-01-zipl-libc-libc_stop-move-noreturn-to-declaration.patch + * s390-tools-sles15sp2-02-zipl-stage3-correctly-handle-diag308-response-code.patch + * s390-tools-sles15sp2-lsluns-try-harder-to-find-udevadm.patch + * s390-tools-sles15sp2-znetconf-introduce-better-ways-to-locate-udevadm.patch + * s390-tools-sles15sp2-mon_tools-update-udevadm-location.patch + * s390-tools-sles15sp2-lscpumf-change-dflt-ccerror-counter-name.patch + * s390-tools-sles15sp2-01-zdev-Introduce-read-only-attributes.patch + * s390-tools-sles15sp2-02-zdev-Handle-special-case-in-if-case.patch + * s390-tools-sles15sp2-03-zdev-Report-FC-Endpoint-Security-of-zfcp-devices.patch + * s390-tools-sles15sp2-04-zfcpdbf-print-HBA-FC-Endpoint-Security-trace-records.patch + * s390-tools-sles15sp1-zdev-Also-include-the-ctc-driver-in-the-initrd.patch not in spec file + * s390-tools-sles15sp2-Close-file-descriptor-when-checking-for-read-only.patch not in spec file + +------------------------------------------------------------------- +Thu Sep 17 20:16:08 UTC 2020 - Mark Post + +- Added s390-tools-sles15sp2-lscpumf-change-dflt-ccerror-counter-name.patch + (bsc#1176508) + lscpumf displays counter number 265 as DFLT_CCERROR. This is wrong + and differs from the counter name as defined in the Linux kernel + version 5.8 and later. +- Added the following patches to implement the post-GA feature jsc#ECO-2636 + Log FCP link info for endpoint security (bsc#1175477) + * s390-tools-sles15sp2-01-zdev-Introduce-read-only-attributes.patch + * s390-tools-sles15sp2-02-zdev-Handle-special-case-in-if-case.patch + * s390-tools-sles15sp2-03-zdev-Report-FC-Endpoint-Security-of-zfcp-devices.patch + * s390-tools-sles15sp2-04-zfcpdbf-print-HBA-FC-Endpoint-Security-trace-records.patch + +------------------------------------------------------------------- +Tue Sep 15 18:46:04 CEST 2020 - ro@suse.de + +- use libexecdir for net-snmp agent config + +------------------------------------------------------------------- +Fri Jul 24 21:17:36 UTC 2020 - Mark Post + +- The location of the udevadm binary was changed from /sbin/ to /usr/bin + a while back. A symbolic link was added for compatibility. In the latest + versions, that symbolic link has been removed, requiring changes to scripts + that were depending on that. + Added the following patches for bsc#1171587 + * s390-tools-sles15sp2-lsluns-try-harder-to-find-udevadm.patch + * s390-tools-sles15sp2-znetconf-introduce-better-ways-to-locate-udevadm.patch + * s390-tools-sles15sp2-mon_tools-update-udevadm-location.patch + +------------------------------------------------------------------- +Thu Jul 23 19:28:25 UTC 2020 - Mark Post + +- Added s390-tools-sles15sp2-zipl-prevent-endless-loop-during-IPL.patch + (bsc#1174309) zipl: prevent endless loop during secure IPL +- Added s390-tools-sles15sp2-zipl-check-for-valid-ipl-parmblock-lowcore-pointer.patch + (bsc#1174310) zipl: check for valid ipl parmblock lowcore pointer +- Added s390-tools-sles15sp2-01-zipl-libc-libc_stop-move-noreturn-to-declaration.patch + s390-tools-sles15sp2-02-zipl-stage3-correctly-handle-diag308-response-code.patch + (bsc1174311) zipl: Fix KVM IPL without bootindex +- Updated cputype and read_values to recognize the new z15 models. + +------------------------------------------------------------------- +Mon Jun 29 19:45:01 UTC 2020 - Mark Post + +- Added s390-tools-sles15sp2-vmcp-exit-code.patch (bsc#1173481) + Change the vmcp exit code and return 'CP command failed' when both + "CP command failed" and "response buffer is too small" error + conditions are true. + +------------------------------------------------------------------- +Tue Apr 7 18:52:02 UTC 2020 - Mark Post + +- Added s390-tools-sles15sp2-01-cpumf-add-new-deflate-counters-for-z15.patch + (bsc#1167853) + lscpumf: New z15 CPU-MF counters not available, so add the + definition for the new deflate counters. +- Updated read_values (bsc#1167815, jsc#SLE-10675) + * Differentiate between IBM Z and IBM LinuxONE machines + * Query and print the status of secure boot for the LPAR. + +------------------------------------------------------------------- +Thu Mar 19 19:22:19 UTC 2020 - Mark Post + +- Added the following patches for bsc#1166850 + zipl: fix secure boot config handling: + * s390-tools-sles15sp2-01-zipl-Add-missing-options-to-help-output.patch + * s390-tools-sles15sp2-02-zipl-allow-stand-alone-secure-option-on-command-l.patch + * s390-tools-sles15sp2-03-zipl-correct-secure-boot-config-handling.patch + * s390-tools-sles15sp2-04-zipl-fix-zipl.conf-man-page-example-for-secure-boot.patch +- Modified the spec file so that the kernel used for the SCSI dump + tool is named zfcpdump-image instead of zfcpdump_part.image. This + is to match the new version of zipl that expects this new file name. + (bsc#1166851) + +------------------------------------------------------------------- +Wed Mar 18 17:58:57 UTC 2020 - Mark Post + +- Added the following patches to implement jsc#SLE-7471, Enhanced + tooling for kvm guest images (bsc#1165549): + * s390-tools-sles15sp2-01-zipl-fix-Wdiscarded-qualifiers.patch + * s390-tools-sles15sp2-02-zipl-fix-Waddress-of-packed-member.patch + * s390-tools-sles15sp2-03-zipl-remove-some-useless-__packed___-attributes.patch + * s390-tools-sles15sp2-04-zipl-Fix-entry-point-for-stand-alone-kdump.patch + * s390-tools-sles15sp2-05-zipl-Fix-dependency-generation-in-zipl-boot.patch + * s390-tools-sles15sp2-06-zipl-Make-use-of-__packed-macro.patch + * s390-tools-sles15sp2-07-zipl-define-__section-macro-and-make-use-of-it.patch + * s390-tools-sles15sp2-08-zipl-Make-use-of-__noreturn-macro.patch + * s390-tools-sles15sp2-09-zipl-Define-__noinline-macro-and-make-use-of-it.patch + * s390-tools-sles15sp2-10-zipl-stage3-Mark-start_kernel-__noreturn.patch + * s390-tools-sles15sp2-11-zipl-sclp-Remove-duplicate-macros.patch + * s390-tools-sles15sp2-12-zipl-Make-address-size-mask-macros-UL.patch + * s390-tools-sles15sp2-13-zipl-libc-Use-stdint.h-instead-of-self-defined-macro.patch + * s390-tools-sles15sp2-14-zipl-Consolidate-IMAGE-macros.patch + * s390-tools-sles15sp2-15-zipl-Consolidate-STAGE-2-3-macros.patch + * s390-tools-sles15sp2-16-zipl-stfle-use-uint64_t-instead-of-u64.patch + * s390-tools-sles15sp2-17-zipl-boot-fix-comment-in-stage3.lds.patch + * s390-tools-sles15sp2-18-lib-zt_common-add-STATIC_ASSERT-macro.patch + * s390-tools-sles15sp2-19-zipl-use-STATIC_ASSERT-macro-for-no-padding-verifica.patch + * s390-tools-sles15sp2-20-Support-lib-zt_common.h-to-be-used-in-assembler-and-.patch + * s390-tools-sles15sp2-21-zipl-move-IPL-related-definitions-into-separate-head.patch + * s390-tools-sles15sp2-22-zipl-move-SIGP-related-functions-and-definitions-int.patch + * s390-tools-sles15sp2-23-zipl-add-SIGP_SET_ARCHITECTURE-to-sigp.h-and-use-it.patch + * s390-tools-sles15sp2-24-zipl-stage3-make-IPL_DEVICE-definition-consistent-wi.patch + * s390-tools-sles15sp2-25-zipl-move-Linux-layout-definitions-into-separate-hea.patch + * s390-tools-sles15sp2-26-zipl-tape0-use-constants-defined-in-linux_layout.h.patch + * s390-tools-sles15sp2-27-zipl-use-STAGE3_ENTRY-for-STAGE3_LOAD_ADDRESS.patch + * s390-tools-sles15sp2-28-zipl-move-loaders-layout-definitions-into-separate-h.patch + * s390-tools-sles15sp2-29-zipl-s390.h-rename-inline-macro-into-__always_inline.patch + * s390-tools-sles15sp2-30-zipl-move-__always_inline-barrier-__pa32-pa-to-zt_co.patch + * s390-tools-sles15sp2-31-zipl-make-BLK_PWRT-unsigned-int.patch + * s390-tools-sles15sp2-32-Consolidate-MIN-and-MAX-macros.patch + * s390-tools-sles15sp2-33-zipl-remove-libc.h-include-in-s390.h.patch + * s390-tools-sles15sp2-34-zipl-move-s390.h-to-include-boot-s390.h.patch + * s390-tools-sles15sp2-35-zipl-libc-include-s390.h.patch + * s390-tools-sles15sp2-36-include-boot-s390.h-move-panic-and-panic_notify-to-l.patch + * s390-tools-sles15sp2-37-include-boot-s390.h-fixes-for-Werror-sign-conversion.patch + * s390-tools-sles15sp2-38-zipl-refactor-all-EBCDIC-code-into-separate-files.patch + * s390-tools-sles15sp2-39-zipl-sclp-add-macros-for-the-control-program-masks.patch + * s390-tools-sles15sp2-40-zipl-sclp-add-sclp_print_ascii.patch + * s390-tools-sles15sp2-41-zipl-libc-printf-print-on-linemode-and-ASCII-console.patch + * s390-tools-sles15sp2-42-Consolidate-ALIGN-__ALIGN_MASK-ARRAY_SIZE-macros.patch + * s390-tools-sles15sp2-43-genprotimg-boot-initial-bootloader-support.patch + * s390-tools-sles15sp2-44-genprotimg-boot-use-C-pre-processor-for-linker-scrip.patch + * s390-tools-sles15sp2-45-genprotimg-add-relocator-for-stage3b.patch + * s390-tools-sles15sp2-46-README.md-remove-useless-empty-line.patch + * s390-tools-sles15sp2-47-include-boot-s390.h-add-guard-for-struct-__vector128.patch + * s390-tools-sles15sp2-48-genprotimg-introduce-new-tool-for-the-creation-of-PV.patch +- Added a BuildRequires for glib2-devel to support the new feature. +- Added a %dir entry for /usr/share/s390-tools/genprotimg + +------------------------------------------------------------------- +Tue Mar 10 18:25:51 UTC 2020 - Mark Post + +- Added the following patches for bsc#1165978. + zpcictl --reset only issues a SCLP reset and leaves the PCI function + in an error state. + Initiate an OS level recovery by calling /sys/bus/devices//recover + after the SCLP reset. + * s390-tools-sles15sp2-01-zpcictl-Initiate-recover-after-reset.patch + * s390-tools-sles15sp2-02-zpcictl-Rename-misleading-sysfs_write_data.patch + * s390-tools-sles15sp2-03-zpcitctl-Exit-on-error-in-sysfs_report_error.patch + +------------------------------------------------------------------- +Tue Mar 3 22:11:44 UTC 2020 - Mark Post + +- The zipl boot loader may crash during boot. The solution is to + implement vsnprintf and make use of it. (bsc#1165317) + * s390-tools-sles15sp2-01-zipl-libc-Introduce-vsnprintf.patch + * s390-tools-sles15sp2-02-zipl-libc-Fix-potential-buffer-overflow-in-printf.patch + * s390-tools-sles15sp2-03-zipl-libc-Replace-sprintf-with-snprintf.patch + * s390-tools-sles15sp2-04-zipl-libc-Indicate-truncated-lines-in-printf-with.patch + +------------------------------------------------------------------- +Tue Feb 18 20:10:50 UTC 2020 - Mark Post + +- Added s390-tools-sles15sp2-zkey-Fix-display-of-XTS-attribute-for-validate-comma.patch + (bsc#1163002). +- Added s390-tools-sles15sp2-zkey-Fix-display-of-clear-key-size-for-CCA-AESCIPHER.patch + (bsc#1163570). +- Re-categorized s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch + from an IBM patch to a SUSE-maintained patch. (bsc#1162840) + +------------------------------------------------------------------- +Thu Feb 13 13:50:55 UTC 2020 - Marcus Meissner + +- sign the stage3.bin bootloader stage (bsc#1163524) + +------------------------------------------------------------------- +Sat Feb 8 02:25:58 UTC 2020 - Mark Post + +- Added s390-tools-sles15sp1-zdev-Also-include-the-ctc-driver-in-the-initrd.patch + (bsc#1160373). +- Added s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch + (bsc#1162840). +- Added s390-tools-sles15sp2-zkey-Fix-listing-of-keys-on-file-systems-reporting-D.patch + (bsc#1162996). +- Added s390-tools-sles15sp2-zkey-Fix-display-of-clear-key-size-for-XTS-keys.patch + (bsc#1163003). + +------------------------------------------------------------------- +Fri Oct 11 15:30:19 UTC 2019 - Mark Post + +- Upgraded to version 2.11.0 (jsc#7831) +- Updated the cputype script and read_values program to recognize + machine types up through the new z15. +- Added the following patches (bsc#1151859) + * s390-tools-sles15sp2-01-zkey-Separate-and-rework-CCA-host-library-loading.patch + * s390-tools-sles15sp2-02-zkey-Move-utility-functions-into-separate-source-fil.patch + * s390-tools-sles15sp2-03-zkey-Add-utility-function-to-get-the-serial-number-o.patch + * s390-tools-sles15sp2-04-zkey-Add-utility-function-to-get-the-mkvp-of-a-crypt.patch + * s390-tools-sles15sp2-05-zkey-add-function-to-iterate-over-all-available-CCA-.patch + * s390-tools-sles15sp2-06-zkey-Add-function-to-print-the-MKVPs-of-APQNs.patch + * s390-tools-sles15sp2-07-zkey-Add-function-to-cross-check-APQNs-for-valid-mas.patch + * s390-tools-sles15sp2-08-zkey-Add-function-to-obtain-the-mkvp-of-a-secure-key.patch + * s390-tools-sles15sp2-09-zkey-Display-MKVP-when-validating-a-secure-key.patch + * s390-tools-sles15sp2-10-zkey-Cross-check-APQNs-when-generating-secure-keys.patch + * s390-tools-sles15sp2-11-zkey-Cross-check-APQNs-when-validating-secure-keys.patch + * s390-tools-sles15sp2-12-zkey-Cross-check-APQNs-when-importing-secure-keys.patch + * s390-tools-sles15sp2-13-zkey-Cross-check-APQNs-when-changing-APQN-associatio.patch + * s390-tools-sles15sp2-14-zkey-Add-function-to-select-a-specific-CCA-adapter.patch + * s390-tools-sles15sp2-15-zkey-Add-function-to-select-a-CCA-adapter-by-mkvp.patch + * s390-tools-sles15sp2-16-zkey-Select-CCA-adapter-when-re-enciphering.patch + * s390-tools-sles15sp2-17-zkey-cryptsetup-Add-to-new-and-from-old-options.patch +- Added the following patches (bsc#1151858) + * s390-tools-sles15sp2-18-zkey-Display-key-type-with-list-and-validate-command.patch + * s390-tools-sles15sp2-19-zkey-Allow-to-filter-list-output-by-key-type.patch + * s390-tools-sles15sp2-20-zkey-Allow-to-specify-the-key-type-with-the-generate.patch + * s390-tools-sles15sp2-21-zkey-Preparations-for-introducing-a-new-key-type.patch + * s390-tools-sles15sp2-22-zkey-Introduce-the-CCA-AESCIPHER-key-type.patch + * s390-tools-sles15sp2-23-zkey-Add-wrappers-for-the-new-IOCTLs-with-fallback-t.patch + * s390-tools-sles15sp2-24-zkey-Add-helper-functions-to-build-lists-of-APQNs.patch + * s390-tools-sles15sp2-25-zkey-Add-support-for-generating-AES-CIPHER-keys.patch + * s390-tools-sles15sp2-26-zkey-Add-support-for-validating-AES-CIPHER-keys.patch + * s390-tools-sles15sp2-27-zkey-Add-support-for-re-enciphering-AES-CIPHER-keys.patch + * s390-tools-sles15sp2-28-zkey-Check-crypto-card-level-during-APQN-cross-check.patch + * s390-tools-sles15sp2-29-zkey-Add-helper-function-to-query-the-CCA-firmware-v.patch + * s390-tools-sles15sp2-30-zkey-Add-helper-function-to-convert-secure-keys-betw.patch + * s390-tools-sles15sp2-31-zkey-Add-helper-function-to-restrict-export-of-secur.patch + * s390-tools-sles15sp2-32-zkey-Add-helper-function-to-check-an-AES-CIPHER-key.patch + * s390-tools-sles15sp2-33-zkey-Add-key-checks-when-importing-a-CCA-AESCIPHER-k.patch + * s390-tools-sles15sp2-34-zkey-Add-convert-command-to-convert-keys-from-one-ty.patch + * s390-tools-sles15sp2-35-zkey-Allow-zkey-cryptsetup-setkey-to-set-different-k.patch +- Added the following patches (bsc#1153757) + * s390-tools-sles15sp2-zcrypt-CEX7S-exploitation-support.patch + * s390-tools-sles15sp2-zcryptstats-Add-support-for-CEX7.patch +- Added s390-tools-sles15sp2-Close-file-descriptor-when-checking-for-read-only.patch +- Forward-ported the following patches to work with the restructuring IBM did for + this version + * dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch + * s390-tools-sles12-fdasd-skip-partition-check-and-BLKRRPART-ioctl.patch + * s390-tools-sles15-Allow-multiple-device-arguments.patch + * s390-tools-sles15-Format-devices-in-parallel.patch + * s390-tools-sles15-Implement-f-for-backwards-compability.patch + * s390-tools-sles15-Implement-Y-yast_mode.patch +- Removed the following obsolete patches: + * s390-tools-sles15-1-lstape-fix-output-with-SCSI-lin_tape-and-multiple-pa.patch + * s390-tools-sles15-2-lstape-fix-to-prefer-sysfs-to-find-lin_tape-device-n.patch + * s390-tools-sles15-3-lstape-fix-output-without-SCSI-generic-sg.patch + * s390-tools-sles15-4-lsluns-fix-to-prevent-error-messages-if-there-are-no.patch + * s390-tools-sles15-5-lstape-fix-to-prevent-error-messages-if-there-are-no.patch + * s390-tools-sles15-6-lstape-fix-description-of-type-and-devbusid-filter-f.patch + * s390-tools-sles15-7-lstape-fix-SCSI-output-description-in-man-page.patch + * s390-tools-sles15-8-lstape-fix-SCSI-HBA-CCW-device-bus-ID-e.g.-for-virti.patch + * s390-tools-sles15-cpi-add-unit-install-section.patch + * s390-tools-sles15-cpuplugd-Improve-systemctl-start-error-handling.patch + * s390-tools-sles15-dbginfo-add-data-for-ps-cpprot.patch + * s390-tools-sles15-Drop-device_id-parameter.patch + * s390-tools-sles15-Fix-truncation-warning.patch + * s390-tools-sles15-Fixup-dasdfmt_get_volser.patch + * s390-tools-sles15-Fixup-device-name-handling.patch + * s390-tools-sles15-hmcdrvfs-fix-parsing-of-link-count.patch + * s390-tools-sles15-iucvterm-include-ctype-for-toupper.patch + * s390-tools-sles15-lsluns-clarify-discovery-use-case-relation-to-NPIV-a.patch + * s390-tools-sles15-lsluns-complement-alternative-tools-with-lszdev.patch + * s390-tools-sles15-lsluns-document-restriction-to-zfcp-only-systems.patch + * s390-tools-sles15-lsluns-do-not-print-confusing-messages-when-a-filter.patch + * s390-tools-sles15-lsluns-do-not-scan-all-if-filters-match-nothing.patch + * s390-tools-sles15-lsluns-enhance-usage-statement-and-man-page.patch + * s390-tools-sles15-lsluns-fix-flawed-formatting-of-man-page.patch + * s390-tools-sles15-lsluns-point-out-IBM-Storwize-configuration-requirem.patch + * s390-tools-sles15-mon_procd-fix-parsing-of-proc-pid-stat.patch + * s390-tools-sles15-mon_tools-Improve-systemctl-start-error-handling.patch + * s390-tools-sles15sp1-0001-zkey-Add-properties-file-handling-routines.patch + * s390-tools-sles15sp1-0002-zkey-Add-build-dependency-to-OpenSSL-libcrypto.patch + * s390-tools-sles15sp1-0003-zkey-Add-helper-functions-for-comma-separated-string.patch + * s390-tools-sles15sp1-0004-zkey-Externalize-secure-key-back-end-functions.patch + * s390-tools-sles15sp1-0005-zkey-Add-keystore-implementation.patch + * s390-tools-sles15sp1-0006-zkey-Add-keystore-related-commands.patch + * s390-tools-sles15sp1-0007-zkey-Create-key-repository-and-group-during-make-ins.patch + * s390-tools-sles15sp1-0008-zkey-Man-page-updates.patch + * s390-tools-sles15sp1-0009-zkey-let-packaging-create-the-zkeyadm-group-and-perm.patch + * s390-tools-sles15sp1-0010-zkey-Update-README-to-add-info-about-packaging-requi.patch + * s390-tools-sles15sp1-0011-zkey-Typo-in-message.patch + * s390-tools-sles15sp1-0012-zkey-Fix-memory-leak.patch + * s390-tools-sles15sp1-0013-zkey-Fix-APQN-validation-routine.patch + * s390-tools-sles15sp1-0014-zkey-Fix-generate-and-import-leaving-key-in-an-incon.patch + * s390-tools-sles15sp1-0015-zkey-Add-zkey-cryptsetup-tool.patch + * s390-tools-sles15sp1-0016-zkey-Add-man-page-for-zkey-cryptsetup.patch + * s390-tools-sles15sp1-0017-zkey-Add-build-dependency-for-libcryptsetup-and-json.patch + * s390-tools-sles15sp1-0018-zkey-Add-key-verification-pattern-property.patch + * s390-tools-sles15sp1-0019-zkey-Add-volume-type-property-to-support-LUKS2-volum.patch + * s390-tools-sles15sp1-01-chzcrypt-Corrections-at-the-chzcrypt-man-page.patch + * s390-tools-sles15sp1-01-cpumf-Add-extended-counter-defintion-files-for-IBM-z.patch + * s390-tools-sles15sp1-01-lszcrypt-CEX6S-exploitation.patch + * s390-tools-sles15sp1-01-util_path-add-function-to-check-if-a-path-exists.patch + * s390-tools-sles15sp1-01-zcryptctl-new-tool-zcryptctl-for-multiple-zcrypt-node.patch + * s390-tools-sles15sp1-01-zdev-use-libutil-provided-path-functions.patch + * s390-tools-sles15sp1-01-zkey-Include-sbin-into-PATH-when-executing-commands.patch + * s390-tools-sles15sp1-02-cpumf-z14-split-counter-sets-according-to-CFVN-CSVN-.patch + * s390-tools-sles15sp1-02-lszcrypt-fix-date-and-wrong-indentation.patch + * s390-tools-sles15sp1-02-lszcrypt-support-for-alternate-zcrypt-device-drivers.patch + * s390-tools-sles15sp1-02-util_path-Add-description-for-util_path_exists.patch + * s390-tools-sles15sp1-02-zdev-Prepare-for-firmware-configuration-file-support.patch + * s390-tools-sles15sp1-03-cpumf-cpumf_helper-read-split-counter-sets-part-2-2.patch + * s390-tools-sles15sp1-03-util_path-Make-true-false-handling-consistent-with-o.patch + * s390-tools-sles15sp1-03-zdev-Add-support-for-reading-firmware-configuration-.patch + * s390-tools-sles15sp1-04-cpumf-correct-z14-counter-number.patch + * s390-tools-sles15sp1-04-zdev-Implement-no-settle.patch + * s390-tools-sles15sp1-04-zpcictl-Introduce-new-tool-zpcictl.patch + * s390-tools-sles15sp1-05-cpumf-add-missing-Description-tag-for-z13-z14-ctr-12.patch + * s390-tools-sles15sp1-05-zdev-Write-zfcp-lun-udev-rules-to-separate-files.patch + * s390-tools-sles15sp1-05-zpcictl-include-sys-sysmacros.h-to-avoid-minor-major.patch + * s390-tools-sles15sp1-06-cpumf-correct-counter-name-for-z13-and-z14.patch + * s390-tools-sles15sp1-06-zdev-Add-support-for-handling-auto-configuration-dat.patch + * s390-tools-sles15sp1-06-zpcictl-Rephrase-man-page-entries-and-tool-output.patch + * s390-tools-sles15sp1-07-cpumf-Add-IBM-z14-ZR1-to-the-CPU-Measurement-Facilit.patch + * s390-tools-sles15sp1-07-zdev-Integrate-firmware-auto-configuration-with-drac.patch + * s390-tools-sles15sp1-07-zpcictl-Use-fopen-instead-of-open-for-writes.patch + * s390-tools-sles15sp1-08-zdev-Integrate-firmware-auto-configuration-with-init.patch + * s390-tools-sles15sp1-08-zpcictl-Read-device-link-to-obtain-device-address.patch + * s390-tools-sles15sp1-09-zdev-Implement-internal-device-attributes.patch + * s390-tools-sles15sp1-09-zpcictl-Make-device-node-for-NVMe-optional.patch + * s390-tools-sles15sp1-10-zdev-Implement-support-for-early-device-configuratio.patch + * s390-tools-sles15sp1-10-zpcictl-Change-wording-of-man-page-and-help-output.patch + * s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch + * s390-tools-sles15sp1-dbginfo-gather-nvme-related-data.patch + * s390-tools-sles15sp1-qethqoat-add-OSA-Express7S-support.patch + * s390-tools-sles15sp1-zcrypt-refine-lszcrypt-man-page.patch + * s390-tools-sles15sp1-zdev-Also-include-the-ctc-driver-in-the-initrd.patch + * s390-tools-sles15sp1-zdev-fix-qeth-BridgePort-and-VNICC-conflict-checking.patch + * s390-tools-sles15sp1-zkey-Enhance-error-message-about-missing-CCA-library.patch + * s390-tools-sles15-zdev-Enable-running-chzdev-from-unknown-root-devices.patch + * s390-tools-sles15-zdev-Fix-zdev-dracut-module-aborting-on-unknown-root.patch + * s390-tools-sles15-zdev-Use-correct-path-to-vmcp-binary.patch + * s390-tools-sles15-ziomon-re-add-missing-line.patch + * s390-tools-sles15-zipl-remove-invalid-dasdview-command-line-option.patch + +------------------------------------------------------------------- +Mon Jul 22 18:27:28 UTC 2019 - Mark Post + +- Added s390-tools-sles15sp1-ziomon-fix-utilization-data-recording-with-multi-dig.patch + ziomon: fix utilization recording with multi-digit scsi hosts + (bsc#1141876) + +------------------------------------------------------------------- +Thu Feb 21 19:38:18 UTC 2019 - mpost@suse.com + +- Now that IBM has the package on github, use a full source URL. +- Change Pre-Req to Requires(pre) and (post), and remove dracut. +- Changed the group for the hmcdrvfs package from Base:System to + Base/Filesystems +- Institute the %autosetup macro. +- Remove erroneous %dir entry for %_unitdir +- Change bash-specific "==" tests in scriptlets with a more + generic "=". + +------------------------------------------------------------------- +Thu Feb 14 23:53:57 UTC 2019 - mpost@suse.com + +- Modified the spec file to add a group named cpacfstats + (bsc#1123730) + +------------------------------------------------------------------- +Mon Jan 28 17:38:15 UTC 2019 - mpost@suse.com + +- Added s390-tools-sles15sp1-zcrypt-refine-lszcrypt-man-page.patch + Added some explanations about the columns shown with the lszcrypt + verbose output. (bsc#1123041) + +------------------------------------------------------------------- +Thu Jan 24 04:43:39 UTC 2019 - mpost@suse.com + +- Updated the spec file to regenerate the initrd in the post, postun, + and poststrans scriptlets. (bsc#1112018) + +------------------------------------------------------------------- +Tue Jan 15 21:37:32 UTC 2019 - mpost@suse.com + +- Enable cryptsetup now that version 2 is included in SLES15 SP1. + (Fate#325684) + +------------------------------------------------------------------- +Mon Jan 14 17:03:37 UTC 2019 - mpost@suse.com + +- Added the following two patches from IBM (bsc#1121719): + * s390-tools-sles15sp1-01-zkey-Include-sbin-into-PATH-when-executing-commands.patch + * s390-tools-sles15sp1-zkey-Enhance-error-message-about-missing-CCA-library.patch +- Added the following patch to correct a problem with CTC network + interfaces not coming up after a reboot (bsc#1119102) + * s390-tools-sles15sp1-zdev-Also-include-the-ctc-driver-in-the-initrd.patch + +------------------------------------------------------------------- +Wed Jan 9 23:17:22 UTC 2019 - mpost@suse.com + +- Added s390-tools-sles15sp1-qethqoat-add-OSA-Express7S-support.patch + qethqoat: add OSA-Express7S support + (Fate#326805, bsc#1121222) +- Modified the spec file to: (bsc#1119966) + * Add a group named zkeyadm + * Create directory /etc/zkey/repository + * Set the permissions on /etc/zkey and /etc/zkey/repository + * Added /usr/lib/modules-load.d/pkey.conf +- Made numerous changes to the spec file based on the output from + spec-cleaner. + +------------------------------------------------------------------- +Thu Dec 6 21:03:08 UTC 2018 - mpost@suse.com + +- Added the following patches for Fate#326825 (bsc#1113329) + I/O device pre-configuration + * s390-tools-sles15sp1-01-zdev-use-libutil-provided-path-functions.patch + * s390-tools-sles15sp1-02-zdev-Prepare-for-firmware-configuration-file-support.patch + * s390-tools-sles15sp1-03-zdev-Add-support-for-reading-firmware-configuration-.patch + * s390-tools-sles15sp1-04-zdev-Implement-no-settle.patch + * s390-tools-sles15sp1-05-zdev-Write-zfcp-lun-udev-rules-to-separate-files.patch + * s390-tools-sles15sp1-06-zdev-Add-support-for-handling-auto-configuration-dat.patch + * s390-tools-sles15sp1-07-zdev-Integrate-firmware-auto-configuration-with-drac.patch + * s390-tools-sles15sp1-08-zdev-Integrate-firmware-auto-configuration-with-init.patch + * s390-tools-sles15sp1-09-zdev-Implement-internal-device-attributes.patch + * s390-tools-sles15sp1-10-zdev-Implement-support-for-early-device-configuratio.patch + * s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch +- Removed the obsolete customize-zdev-root-update-script.patch +- Replaced s390-tools-sles15-zdev-fix-qeth-BridgePort-and-VNICC-conflict-checking.patch + with s390-tools-sles15sp1-zdev-fix-qeth-BridgePort-and-VNICC-conflict-checking.patch + to fit the current version (bsc#1118618). + +------------------------------------------------------------------- +Thu Nov 29 00:03:01 UTC 2018 - mpost@suse.com + +- Added the following patches for Fate#326862 (bsc#1113328) + zcrypt DD: introduce APQN tags to support deterministic driver binding + * s390-tools-sles15sp1-01-chzcrypt-Corrections-at-the-chzcrypt-man-page.patch + * s390-tools-sles15sp1-02-lszcrypt-support-for-alternate-zcrypt-device-drivers.patch +- Added the following patches for Fate#326804 (bsc#1113330) + Extended access controls for AP queue + * s390-tools-sles15sp1-01-zcryptctl-new-tool-zcryptctl-for-multiple-zcrypt-node.patch + +------------------------------------------------------------------- +Tue Nov 13 19:22:01 UTC 2018 - mpost@suse.com + +- Added s390-tools-sles15-zdev-fix-qeth-BridgePort-and-VNICC-conflict-checking.patch + (bsc#1112536) + zdev: qeth BridgePort and VNICC attribute conflict +- Added the following patches for Fate#326376 (bsc#1113321) + PCI error reporting tool (zpcictl) + * s390-tools-sles15sp1-01-util_path-add-function-to-check-if-a-path-exists.patch + * s390-tools-sles15sp1-02-util_path-Add-description-for-util_path_exists.patch + * s390-tools-sles15sp1-03-util_path-Make-true-false-handling-consistent-with-o.patch + * s390-tools-sles15sp1-04-zpcictl-Introduce-new-tool-zpcictl.patch + * s390-tools-sles15sp1-05-zpcictl-include-sys-sysmacros.h-to-avoid-minor-major.patch + * s390-tools-sles15sp1-06-zpcictl-Rephrase-man-page-entries-and-tool-output.patch + * s390-tools-sles15sp1-07-zpcictl-Use-fopen-instead-of-open-for-writes.patch + * s390-tools-sles15sp1-08-zpcictl-Read-device-link-to-obtain-device-address.patch + * s390-tools-sles15sp1-09-zpcictl-Make-device-node-for-NVMe-optional.patch + * s390-tools-sles15sp1-10-zpcictl-Change-wording-of-man-page-and-help-output.patch +- Added the following patches for Fate#325684 (bsc#1113323) + Protected key dm-crypt key management tool (crypto) + * s390-tools-sles15sp1-0001-zkey-Add-properties-file-handling-routines.patch + * s390-tools-sles15sp1-0002-zkey-Add-build-dependency-to-OpenSSL-libcrypto.patch + * s390-tools-sles15sp1-0003-zkey-Add-helper-functions-for-comma-separated-string.patch + * s390-tools-sles15sp1-0004-zkey-Externalize-secure-key-back-end-functions.patch + * s390-tools-sles15sp1-0005-zkey-Add-keystore-implementation.patch + * s390-tools-sles15sp1-0006-zkey-Add-keystore-related-commands.patch + * s390-tools-sles15sp1-0007-zkey-Create-key-repository-and-group-during-make-ins.patch + * s390-tools-sles15sp1-0008-zkey-Man-page-updates.patch + * s390-tools-sles15sp1-0009-zkey-let-packaging-create-the-zkeyadm-group-and-perm.patch + * s390-tools-sles15sp1-0010-zkey-Update-README-to-add-info-about-packaging-requi.patch +- Added the following patches for Fate#326390 (bsc#1113353) + dm-crypt with protected keys - change master key tool + * s390-tools-sles15sp1-0011-zkey-Typo-in-message.patch + * s390-tools-sles15sp1-0012-zkey-Fix-memory-leak.patch + * s390-tools-sles15sp1-0013-zkey-Fix-APQN-validation-routine.patch + * s390-tools-sles15sp1-0014-zkey-Fix-generate-and-import-leaving-key-in-an-incon.patch + * s390-tools-sles15sp1-0015-zkey-Add-zkey-cryptsetup-tool.patch + * s390-tools-sles15sp1-0016-zkey-Add-man-page-for-zkey-cryptsetup.patch + * s390-tools-sles15sp1-0017-zkey-Add-build-dependency-for-libcryptsetup-and-json.patch + * s390-tools-sles15sp1-0018-zkey-Add-key-verification-pattern-property.patch + * s390-tools-sles15sp1-0019-zkey-Add-volume-type-property-to-support-LUKS2-volum.patch +- Added the following patches for Fate#325691 (bsc#1113324) + Add support for new crypto hardware + * s390-tools-sles15sp1-01-lszcrypt-CEX6S-exploitation.patch + * s390-tools-sles15sp1-02-lszcrypt-fix-date-and-wrong-indentation.patch +- Added the following patches for Fate#326388 (bsc#1113331) + CPUMF Counters for z14 + * s390-tools-sles15sp1-01-cpumf-Add-extended-counter-defintion-files-for-IBM-z.patch + * s390-tools-sles15sp1-02-cpumf-z14-split-counter-sets-according-to-CFVN-CSVN-.patch + * s390-tools-sles15sp1-03-cpumf-cpumf_helper-read-split-counter-sets-part-2-2.patch + * s390-tools-sles15sp1-04-cpumf-correct-z14-counter-number.patch + * s390-tools-sles15sp1-05-cpumf-add-missing-Description-tag-for-z13-z14-ctr-12.patch + * s390-tools-sles15sp1-06-cpumf-correct-counter-name-for-z13-and-z14.patch + * s390-tools-sles15sp1-07-cpumf-Add-IBM-z14-ZR1-to-the-CPU-Measurement-Facilit.patch +- Added the following patch for Fate#326361 (bsc#1113333) + Collect NVMe-related debug data + * s390-tools-sles15sp1-dbginfo-gather-nvme-related-data.patch +- Temporarily added "HAVE_CRYPTSETUP2=0" to the make and make install + commands, because a couple of Fate requests have not been approved + yet, resulting in build failure. +- Added "Recommends: blktrace" to the spec file (bsc#1112855) +- Changed remaining insserv references to systemd entries. +- Changed the Group from the obsolete "System Environment/Base" to + "System/Base." + +------------------------------------------------------------------- +Fri Aug 31 18:57:54 UTC 2018 - mpost@suse.com + +- Added the following patch to remove the call to zipl for bsc#1094354 + * customize-zdev-root-update-script.patch +- Modified ctc_configure to not pass a "protcol=" parameter when + configuring LCS devices. (bsc#1096520) +- Added the following two patches for bsc#1098069 + * dbginfo.sh: Extend data collection + s390-tools-sles15-dbginfo-add-data-for-ps-cpprot.patch + * mon_procd: fix parsing of /proc//stat + s390-tools-sles15-mon_procd-fix-parsing-of-proc-pid-stat.patch +- Added the following patches for "lstape, lsluns: handle non-zfcp; + lin_tape multiple paths" (bsc#1098069) + * s390-tools-sles15-1-lstape-fix-output-with-SCSI-lin_tape-and-multiple-pa.patch + * s390-tools-sles15-2-lstape-fix-to-prefer-sysfs-to-find-lin_tape-device-n.patch + * s390-tools-sles15-3-lstape-fix-output-without-SCSI-generic-sg.patch + * s390-tools-sles15-4-lsluns-fix-to-prevent-error-messages-if-there-are-no.patch + * s390-tools-sles15-5-lstape-fix-to-prevent-error-messages-if-there-are-no.patch + * s390-tools-sles15-6-lstape-fix-description-of-type-and-devbusid-filter-f.patch + * s390-tools-sles15-7-lstape-fix-SCSI-output-description-in-man-page.patch + * s390-tools-sles15-8-lstape-fix-SCSI-HBA-CCW-device-bus-ID-e.g.-for-virti.patch + +------------------------------------------------------------------- +Tue Aug 7 04:44:12 UTC 2018 - mpost@suse.com + +- dasd_reload: Fixed several syntax errors. Changed the script to + ensure that the DASD volume are actually activated in device + number order. If an old 51-dasd-.rules file is found, + rename it to obsolete-51-dasd-.rules, and use chzdev to + generate a new rules file. (bsc#1103407) + +------------------------------------------------------------------- +Mon Aug 6 12:42:14 CEST 2018 - hare@suse.de + +- dasd_reload: Check for 41-dasd--.rules in addition + to the original 51-dasd-.rules (bsc#1103407) + +------------------------------------------------------------------- +Fri Jul 27 17:56:14 UTC 2018 - mpost@suse.com + +- Removed s390 from the ExclusiveArch parameter (bsc#1102906) + +------------------------------------------------------------------- +Wed May 30 10:22:01 CEST 2018 - hare@suse.de + +- mark active_devices.txt as %config(noreplace) (bsc#1090213) + +------------------------------------------------------------------- +Fri Apr 6 17:44:55 UTC 2018 - mpost@suse.com + +- Added s390-tools-sles15-hmcdrvfs-fix-parsing-of-link-count.patch + (bsc#1087452) + * hmcdrvfs: fix parsing of link count >= 1000 + +------------------------------------------------------------------- +Thu Mar 22 21:16:00 UTC 2018 - mpost@suse.com + +- Modified dasd_configure script to set a return code of 8 if a + DASD volume being brought online is not formatted. (bsc#1084503) + +------------------------------------------------------------------- +Tue Dec 12 01:01:09 UTC 2017 - mpost@suse.com + +- Converted the following SysV init scripts to systemd unit files + and scripts (bsc#1050786): + * appldata + * hsnc + * vmlogrdr + * xpram + +------------------------------------------------------------------- +Thu Dec 7 23:08:31 UTC 2017 - mpost@suse.com + +- Added the following two patches (bsc#1071166): + s390-tools-sles15-zdev-Enable-running-chzdev-from-unknown-root-devices.patch + s390-tools-sles15-zdev-Fix-zdev-dracut-module-aborting-on-unknown-root.patch + +------------------------------------------------------------------- +Tue Dec 5 17:49:35 UTC 2017 - mpost@suse.com + +- Added the following patches (bsc#1070836): + s390-tools-sles15-cpuplugd-Improve-systemctl-start-error-handling.patch + s390-tools-sles15-mon_tools-Improve-systemctl-start-error-handling.patch + s390-tools-sles15-lsluns-do-not-scan-all-if-filters-match-nothing.patch + s390-tools-sles15-lsluns-do-not-print-confusing-messages-when-a-filter.patch + s390-tools-sles15-lsluns-fix-flawed-formatting-of-man-page.patch + s390-tools-sles15-lsluns-enhance-usage-statement-and-man-page.patch + s390-tools-sles15-lsluns-clarify-discovery-use-case-relation-to-NPIV-a.patch + s390-tools-sles15-lsluns-point-out-IBM-Storwize-configuration-requirem.patch + s390-tools-sles15-lsluns-document-restriction-to-zfcp-only-systems.patch + s390-tools-sles15-lsluns-complement-alternative-tools-with-lszdev.patch + +------------------------------------------------------------------- +Tue Dec 5 15:46:44 UTC 2017 - mpost@suse.com + +- Added "--no-root-update" to all the chzdev calls in the following + scripts for bsc#1071165: + ctc_configure + dasd_configure + qeth_configure + zfcp_disk_configure + zfcp_host_configure + +------------------------------------------------------------------- +Thu Nov 30 20:22:09 UTC 2017 - mpost@suse.com + +- Added the following patches (bsc#1068538) + * s390-tools-sles15-cpi-add-unit-install-section.patch + * s390-tools-sles15-zipl-remove-invalid-dasdview-command-line-option.patch + * s390-tools-sles15-ziomon-re-add-missing-line.patch +- Modified s390-tools-sles15-zdev-Use-correct-path-to-vmcp-binary.patch to + point to the correct line in the common.mk file. + +------------------------------------------------------------------- +Thu Nov 23 13:41:27 UTC 2017 - rbrown@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Tue Nov 14 21:38:25 UTC 2017 - mpost@suse.com + +- Added "HAVE_DRACUT=1" to the make install command. This will + include the new dracut support module. (bsc#1068040) + +------------------------------------------------------------------- +Tue Nov 14 03:19:55 UTC 2017 - mpost@suse.com + +- Added s390-tools-sles15-zdev-Use-correct-path-to-vmcp-binary.patch + zdev: Use correct path to vmcp binary (bsc#1055909) +- Modified the spec file to also install /etc/cpuplugd.conf + (bsc#1066328) +- Dropped installation of obsolete /etc/sysconfig/mon_statd. +- Removed "-i" option from "fillup_only" macro for osasnmpd to get + rid of a warning message from RPM. + +------------------------------------------------------------------- +Thu Nov 9 20:39:38 UTC 2017 - mpost@suse.com + +- Updated the cputype script to recognize the new IBM z14 + processor (bsc#1049843). +- Re-instated the new versions of ctc_configure, dasd_configure, + qeth_configure, zfcp_disk_configure, zfcp_host_configure. + +------------------------------------------------------------------- +Wed Oct 25 17:21:30 UTC 2017 - mpost@suse.com + +- Modified s390-tools-sles15-Format-devices-in-parallel.patch to + reset the rc variable before using it again (bsc#1063393). +- Reverted the changes to the *_configure scripts until + bsc#1064791 is fixed. + +------------------------------------------------------------------- +Mon Oct 23 23:41:51 UTC 2017 - mpost@suse.com + +- Replaced the following SUSE-written scripts with wrappers that + call the IBM-provided chzdev command in s390-tools. (Fate#322268) + * ctc_configure + * dasd_configure + * qeth_configure + * zfcp_disk_configure + * zfcp_host_configure + +------------------------------------------------------------------- +Wed Oct 18 16:22:27 UTC 2017 - mpost@suse.com + +- Deleted s390-tools-sles12-pardasdfmt.patch and replaced it with + the following patches (bsc#1063393): + * s390-tools-sles15-Allow-multiple-device-arguments.patch + * s390-tools-sles15-Drop-device_id-parameter.patch + * s390-tools-sles15-Fixup-dasdfmt_get_volser.patch + * s390-tools-sles15-Fixup-device-name-handling.patch + * s390-tools-sles15-Format-devices-in-parallel.patch + * s390-tools-sles15-Implement-f-for-backwards-compability.patch + * s390-tools-sles15-Implement-Y-yast_mode.patch +- Reworked dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch to fit + on top of replacement patches. +- Cleaned up the patch headers for the following: + * s390-tools-sles12-sysconfig-compatible-dumpconf.patch + * s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch +- Added the following patches: + * s390-tools-sles15-Fix-truncation-warning.patch + * s390-tools-sles15-iucvterm-include-ctype-for-toupper.patch +- Removed redundant %clean section. Replaced old RPM variables. +- Removed %service* macros for iucvtty-login@.service and + ttyrun-getty@.service since systemd complained about them. +- Replaced all fillup_and_insserv macros with fillup_only since + we weren't running the "insserv" part anyway. + +------------------------------------------------------------------- +Thu Oct 5 20:47:52 UTC 2017 - mpost@suse.com + +- Modified mkdump perl script to work with the updated version + of the IBM tools dasdview, zipl and zgetdump. (bsc#1020336). + Also changed the method used to determine the maximum dump size + for SCSI devices. + +------------------------------------------------------------------- +Wed Oct 4 19:45:29 UTC 2017 - mpost@suse.com + +- Upgraded to version 2.1.0 (Fate#323291). + Changes from 2.0.0 to 2.1.0 + * Added the following tools: + netboot: Scripts for building a PXE-style netboot image for KVM + 90-cpi.rules/cpictl: New udev rule to update CPI when KVM is used + * Modified lsqeth/zdev to add VNIC Characteristics support + Bug fixes + * chzcrypt: Corrected handling of insufficient permissions + * cpacfstats: Add size setting to perf event + * fdasd: Skip partition check with the force option + * ttyrun: Fix deprecated BindTo usage in ttyrun-getty@.service.in + * lszcrypt: Fix core dump caused by stack overwrite + * lszcrypt: Fix random domain printout when no config available + * zdev: Fix segfault with unknown qeth attribute + * zdev: Fix IPv6 NDP proxy description + * zdev: Fix zdev dracut module temp file location + * zkey: Correctly detect abbreviated commands + * zkey: Validate XTS key: ignore domain and card + * zkey: Use octal values instead of S_IRWX* constants + * zkey: Properly set umask to prohibit permissions to group and others + * zkey: Add -ldl to LDLIBS (not LDFLAGS) + * znetconf: Re-add missing line in lsznet.raw + * Fix several gcc 7 warnings +- Modified s390-tools-sles12-fdasd-skip-partition-check-and-BLKRRPART-ioctl.patch + to apply cleanly to this version. +- Removed the following obsolete patches: + * s390-tools-sles15-zgetdump-Fix-gcc-7-warning.patch + * s390-tools-sles15-lscss-Get-rid-of-gcc-7-buffer-truncation-warnings.patch + * s390-tools-sles15-Get-rid-of-gcc-7-fall-through-warnings.patch + * s390-tools-sles15-lszcrypt-Fix-core-dump-caused-by-stack-overwrite.patch + * s390-tools-sles15-dasdinfo-Fix-GCC-7-overflow-warning.patch + +------------------------------------------------------------------- +Thu Sep 8 21:06:37 UTC 2017 - mpost@suse.com + +- Added the following patches (bsc#1056498) + - s390-tools-sles15-zgetdump-Fix-gcc-7-warning.patch + - s390-tools-sles15-lscss-Get-rid-of-gcc-7-buffer-truncation-warnings.patch + - s390-tools-sles15-Get-rid-of-gcc-7-fall-through-warnings.patch + - s390-tools-sles15-lszcrypt-Fix-core-dump-caused-by-stack-overwrite.patch + - s390-tools-sles15-dasdinfo-Fix-GCC-7-overflow-warning.patch + +------------------------------------------------------------------- +Tue Sep 8 20:01:35 UTC 2017 - mpost@suse.com + +- Upgraded to version 2.0.0 (Fate#323291). + - Changes from 1.34.0 to 1.35.0 + - cpuplugd: Make default config file location more distribution agnostic + Add systemd service unit to start/stop the cpuplug daemon + Add force-reload action to init script for LSB-compliance + - mon_statd: Add force-reload action to init script for LSB-compliance + - chiucvallow: corrected verification return code + - lczdev/chzdev: Add support for resolving iSCSI block devices + Bug fixes + - chzdev, lszdev: Fix incorrect zfcp module parameter name + - chreipl: Fix chreipl node for virtio devices + - libus2s: Fix busid parsing + - zipl/boot: Fix failed start subchannel in FBA loader + - Changes from 1.35.0 to 1.36.0 + - chzdev/lszdev: Add device resolution for vlan and bonding devices + - dasdfmt: Add quick format support + - lsdasd/fdasd/dasdfmt/zdsfs: Add query host access to volume support + - zfcpdbf: Make timestamp the first field in record output + Exclude Payload hex field from log message record output + Add Area field to record output + Add missing header fields to area record output + Print the Record id field for Area area class records + Mark oldest and newest trace area records + Mark oldest and newest def_err pseudo area records + Mark oldest and newest foreign area records + Mark oldest and newest log message records + Add a warning about low resolution timestamps + Add Trace Area Statistics table to script output + Add time zone command line option + Add collection of domain xml files + Bug fixes + - zfcpdbf: Move and fix CPU id field output to print_header function + Include microseconds in warning threshold calculation + Fix parsing of precise syslog timestamps + Fix labels for REC ERP action status and ERP step fields + - Changes from 1.36.0 to 1.36.1 + - zfcpdbf: Support basic HBA record type without warning + Restore tracing of handle for port and LUN with HBA records + Print full payload for all SAN traces (req, resp, iels) + Print payload length everywhere applicable + Disambiguate printing of payload record content + Bug fixes + - fdasd: Prevent buffer overflow + - znetconf: Fix detection of chpids as OSX instead of OSM + - Changes from 1.36.1 to 1.37.0 + - Added dump2tar: sysfs collection helper for dbginfo.sh + - qethconf: Remove check for OSN-device + - znetconf: Remove OSN-support + - lsdasd/tunedasd: Add channel path aware erp + - zcrypt: Add multi domain support for zcrypt device driver + - scm: Reimplement lsscm in C + - chp: Reimplement chchp and lschp in C + - dbginfo.sh: Make use of sysinfo collection helper + Bug fixes + - zfcpdbf: Only cap SAN short payload if pl_len exists + - chzdev: Fix bug when configuring QETH devices + - libu2s: Prevent buffer overflow + - ziomon: No blktrace kill which can corrupt kernel blktrace state + - Changes from 1.37.0 to 1.37.1 + - dbginfo.sh: Add Docker debug data + Bug fixes + - lsdasd: Replace continue with return + - lscss: Allow to specify devices from subchannel set 3 + - mon_fsstatd: Only use physical filesystems + Fix double free in error path + - mon_procd: Fix segmentation fault + - Changes from 1.37.1 to 1.38.0 + - systemd: Add new units for cpi, dumpconf, mon_fsstatd, and mon_procd + - fdasd: Add new command action 'l' to list known partition types + - chmem: Try to online memory to zone movable + Starting with kernel 4.13 (commit f1dd2cd1), the default zone for + hotplug memory is changed from zone movable to zone normal. In order + to preserve the previous default behaviour, chmem will now always try + to set memory online to the zone movable, before trying to set it + online to the default zone. + - zfcpdbf: Print high part of "new" 64 bit SCSI LUN + Print payload with full FCP_RSP IU in SCSI trace records + - util_opt: Add command specific command line parsing + - util_rec: Implement util_rec_iterate() function + - util_rec: Record field values can be stored and processed in argz format + Bug fixes + - zipl/zgetdump: Add missing SCSI multipath dump information to man pages + - lsqeth: Fix attributes name: ipa -> ipa_takeover and parp -> rxip + Fix lsqeth output of ipa/vipa/rxip addresses of interfaces + - zfcpdbf: Fix payload length for zfcp_dbf_hba_bit_err + - chzdev: Add implicit qeth layer settings handling + - qethqoat: Fix OSA 6S detection + - Changes from 1.38.0 to 2.0.0 (also known as 1.39.0) + - IBM changed the license to MIT. + - Added zkey: Generate, re-encipher, and validate secure AES keys + - cpumf: Add hardware counters for z13 and z13s + - lscss: Reimplement lscss script in C + - lsqeth: Reimplement lsqeth script in C + Bug fixes + - lscpumf: Fix Perl warnings + - Removed the following obsolete patches: + s390-tools-sles12sp2-chiucvallow-verify.patch + s390-tools-sles12sp2-chreipl-virtio.patch + s390-tools-sles12sp2-chzdev-disable-root-update.patch + s390-tools-sles12sp2-feat-01-dasd-query-host.patch + s390-tools-sles12sp2-lscss-allow-to-specify-devices-from-ssid-3.patch + s390-tools-sles12sp2-zipl-fix-failed-start-subchannel.patch + s390-tools-sles12sp3-chmem-try-to-online-zone-movable.patch + s390-tools-sles12sp3-dasdfmt-01-Fix-behaviour-of-t-combined-with-y.patch + s390-tools-sles12sp3-dasdfmt-02-Fix-trailing-whitespace.patch + s390-tools-sles12sp3-dasdfmt-03-Apply-coding-convention.patch + s390-tools-sles12sp3-dasdfmt-04-Use-enhanced-DASD-information.patch + s390-tools-sles12sp3-dasdfmt-05-Refactor-do_format_dasd.patch + s390-tools-sles12sp3-dasdfmt-06-Make-the-IOCTL-BLKSSZGET-reusable.patch + s390-tools-sles12sp3-dasdfmt-07-Add-quick-format-support.patch + s390-tools-sles12sp3-dasdfmt-08-Make-progress-output-reusable-and-add-ETR.patch + s390-tools-sles12sp3-dasdfmt-09-Add-command-line-argument-check.patch + s390-tools-sles12sp3-dasdfmt-10-Add-expand-format-mode.patch + s390-tools-sles12sp3-dbginfo-01-libutil-Add-utility-functions.patch + s390-tools-sles12sp3-dbginfo-02-dump2tar-Add-sysfs-collection-helper-for-dbginfo.sh-v2.patch + s390-tools-sles12sp3-dbginfo-03-dbginfo.sh-Make-use-of-sysinfo-collection-helper.patch + s390-tools-sles12sp3-dbginfo-Collect-docker-debug-data.patch + s390-tools-sles12sp2-libu2s-Fix-busid-parsing.patch + s390-tools-sles12sp3-lsdasd-tunedasd-Add-channel-path-aware-erp.patch + s390-tools-sles12sp3-mon_fsstatd-fix-double-free-in-error-path-and-skip-virtual-fs.patch + s390-tools-sles12sp3-util_proc-fix-memory-allocation-error-messages.patch + s390-tools-sles12sp3-ziomon-no-blktrace-kill-which-can-corrupt-kernel-blk.patch +- Added s390-tools-sles15-add--ldl-to-LDLIBS.patch to fix a problem with zkey/Makefile. + +------------------------------------------------------------------- +Thu Sep 7 19:41:39 UTC 2017 - mpost@suse.com + +- Temporarily added BuildIgnore: gcc-PIE to the spec file to + avoid a problem with zipl not working. (bsc#1055343) + +------------------------------------------------------------------- +Wed Jul 12 18:14:13 UTC 2017 - mpost@suse.com + +- Added s390-tools-sles12sp3-chmem-try-to-online-zone-movable.patch + (bsc#1048363). + +------------------------------------------------------------------- +Mon Jul 3 17:29:19 CEST 2017 - ro@suse.de + +- Remove lsmem and chmem and their manpages from the package, + both tools have been added to util-linux-2.30 + +------------------------------------------------------------------- +Wed May 31 21:26:50 UTC 2017 - mpost@suse.com + +- Made a number of modification to zpxe.rexx to + - Made several hard-coded values variables. + - Make it more obvious which default values can be modified + - Increased the default size of the FFFF VDISK (bsc#1038255) + - Don't execute the wait if "debug" was specified as a parm. + - Change nodebug variable name to debug for clarity, updated + logic as needed. + +------------------------------------------------------------------- +Tue May 16 00:57:05 UTC 2017 - mpost@suse.com + +- Added s390-tools-sles12sp3-ziomon-no-blktrace-kill-which-can-corrupt-kernel-blk.patch + (bsc#1038861) + +------------------------------------------------------------------- +Tue Apr 18 22:25:10 UTC 2017 - mpost@suse.com + +- Due to the change to qclib packaging, change BuildRequires + from qclib-devel to qclib-devel-static. + +------------------------------------------------------------------- +Wed Feb 22 20:29:57 UTC 2017 - mpost@suse.com + +- Added the following patches (bsc#1026474) + - s390-tools-sles12sp3-mon_fsstatd-fix-double-free-in-error-path-and-skip-virtual-fs.patch + - s390-tools-sles12sp3-dbginfo-Collect-docker-debug-data.patch + +------------------------------------------------------------------- +Mon Feb 20 17:05:45 UTC 2017 - mpost@suse.com + +- Added s390-tools-sles12sp3-util_proc-fix-memory-allocation-error-messages.patch + (bsc#1025247) + +------------------------------------------------------------------- +Thu Feb 16 21:06:41 UTC 2017 - mpost@suse.com + +- Added the following patches for Fate # 322377: + - s390-tools-sles12sp3-dbginfo-01-libutil-Add-utility-functions.patch + - s390-tools-sles12sp3-dbginfo-02-dump2tar-Add-sysfs-collection-helper-for-dbginfo.sh-v2.patch + - s390-tools-sles12sp3-dbginfo-03-dbginfo.sh-Make-use-of-sysinfo-collection-helper.patch + +- Added the following patches for Fate # 322374: + - s390-tools-sles12sp3-lsdasd-tunedasd-Add-channel-path-aware-erp.patch + +- Added the following patches for Fate # 321643: + - s390-tools-sles12sp3-dasdfmt-01-Fix-behaviour-of-t-combined-with-y.patch + - s390-tools-sles12sp3-dasdfmt-02-Fix-trailing-whitespace.patch + - s390-tools-sles12sp3-dasdfmt-03-Apply-coding-convention.patch + - s390-tools-sles12sp3-dasdfmt-04-Use-enhanced-DASD-information.patch + - s390-tools-sles12sp3-dasdfmt-05-Refactor-do_format_dasd.patch + - s390-tools-sles12sp3-dasdfmt-06-Make-the-IOCTL-BLKSSZGET-reusable.patch + - s390-tools-sles12sp3-dasdfmt-07-Add-quick-format-support.patch + - s390-tools-sles12sp3-dasdfmt-08-Make-progress-output-reusable-and-add-ETR.patch + - s390-tools-sles12sp3-dasdfmt-09-Add-command-line-argument-check.patch + - s390-tools-sles12sp3-dasdfmt-10-Add-expand-format-mode.patch + +------------------------------------------------------------------- +Wed Feb 1 22:00:35 UTC 2017 - mpost@suse.com + +- Added s390-tools-sles12sp2-lscss-allow-to-specify-devices-from-ssid-3.patch + (bsc#1023022) + +------------------------------------------------------------------- +Wed Dec 14 16:09:52 UTC 2016 - Thomas.Blume@suse.com + +- cio_ignore.service: change After dependency to local-fs.target to + Before and remove Wants dependency (bsc#965263) + +------------------------------------------------------------------- +Fri Sep 30 16:48:03 UTC 2016 - mpost@suse.com + +- Added s390-tools-sles12sp2-chzdev-disable-root-update.patch + (bsc#1002188) +- Updated cputype to recognize z13s processors. +- Updated boot.cpi to redirect stderr to /dev/null when trying to + set the CPI parameters. (bsc#997479) + +------------------------------------------------------------------- +Wed Jul 20 19:03:26 UTC 2016 - mpost@suse.com + +- Added s390-tools-sles12sp2-chreipl-virtio.patch (bsc#989797) + chreipl/virtio: fix chreipl node for virtio-blk disks + +------------------------------------------------------------------- +Fri Jul 1 16:37:29 UTC 2016 - mpost@suse.com + +- Added s390-tools-sles12sp2-zipl-fix-failed-start-subchannel.patch + (bsc#987385) +- Modified lgr_check script to do a better job of checking: + - Disconnected state of the guest + - Whether a 3270 terminal is active + - Tape ASSIGNment + +------------------------------------------------------------------- +Tue May 24 17:51:02 UTC 2016 - mpost@suse.com + +- Added the following files for Fate#318552 and Fate#320123 + - detach_disks + - killcdl + - lgr_check + - sysconfig.virtsetup + - virtsetup.service + - virtsetup.sh +- Added the following two patches (bsc#981427) + - s390-tools-sles12sp2-chiucvallow-verify.patch + - s390-tools-sles12sp2-libu2s-Fix-busid-parsing.patch +- Some spec file cleanup of macro calls. + +------------------------------------------------------------------- +Wed May 18 20:04:10 UTC 2016 - mpost@suse.com + +- Added s390-tools-sles12-fdasd-skip-partition-check-and-BLKRRPART-ioctl.patch + (bsc#931634). + +------------------------------------------------------------------- +Fri Apr 22 17:20:49 UTC 2016 - mpost@suse.com + +- Modified 59-zfcp-compat rules to include continuation characters + on rules that are continued across multiple lines (bsc#972110) +- Added 59-dasd.rules-wait_for.patch (bsc#972110) +- Don't install 60-readahead.rules (bsc#972110) +- Removed redundant architecture check from the %prep section +- Removed various %service_* calls for iucvtty-login@.service + and ttyrun-getty@.service because they generate "unit name is + not valid" messages from systemctl. + +------------------------------------------------------------------- +Wed Mar 23 21:21:39 UTC 2016 - mpost@suse.com + +- Upgraded to version 1.34.0 + Added libpfm-devel to the list of BuildRequires + Removed references to chzdev that was never implemented by IBM +- Added 59-zfcp-compat.rules (bsc#972110) +- Removed the following obsolete scripts/files + mkinitrd-boot-dasd.sh + mkinitrd-boot-qeth.sh + mkinitrd-boot-zfcp.sh + mkinitrd-setup-dasd.sh + mkinitrd-setup-qeth.sh + mkinitrd-setup-zfcp.sh + zfcpdump.config +- Added s390-tools-sles12sp2-feat-01-dasd-query-host.patch (Fate#319604) +- Reworked s390-tools-sles12-pardasdfmt.patch to fit. +- Reworked dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch to fit. +- Added file /etc/modprobe.d/90-s390-tools.conf to ensure + dasd_diag_mod and dasd_fba_mod kernel modules get loaded together + (bsc#966477). +- Updated zfcp_san_disc so that breaking out of it won't leave + "well known LUNs" in use preventing others from using them. + (bsc#961372) +- Removed the following obsolete patches + s390-tools-sles12-cpuplugd-allow-more-than-64-CPUs.patch + s390-tools-sles12-dasdstat-avoid-inconsistent-data.patch + s390-tools-sles12-dbginfo-collect-journalctl.patch + s390-tools-sles12-dbginfo-libvirt-multipath-extension.patch + s390-tools-sles12-dbginfo-option-for-output-directory.patch + s390-tools-sles12-dbginfo-q-v-nic.patch + s390-tools-sles12-dbginfo-systemd-data-collection.patch + s390-tools-sles12-dumpconf-fix-delay-minutes.patch + s390-tools-sles12-init-scripts-do-not-use-subsys.patch + s390-tools-sles12-ipl_tools-fcp-loadparm.patch + s390-tools-sles12-lsqeth-put-grep-regex-in-quotes.patch + s390-tools-sles12-lsreipl-fix-fcp-reipl-type.patch + s390-tools-sles12-lszcrypt-ep11-support.patch + s390-tools-sles12-qetharp-iface-arg-limit.patch + s390-tools-sles12-qetharp-q-format.patch + s390-tools-sles12-qethqoat-and-qetharp-return-codes-fixed.patch + s390-tools-sles12-qethqoat-fix-buffer-overflow-for-interface-parameter.patch + s390-tools-sles12-remove-FBA-detection-for-virtblk-devices.patch + s390-tools-sles12-systemd-iucvterm-units.patch + s390-tools-sles12-ziorep-busid-fix.patch + s390-tools-sles12-zipl-dump-part-check.patch + s390-tools-sles12-zipl-fix-kernel-parameter-line.patch + s390-tools-sles12-zipl-fix-parmline-zero-termination.patch + s390-tools-sles12-znetconf-r-format.patch + s390-tools-sles12sp1-cmsfs-fuse-time-fix.patch + s390-tools-sles12sp1-feat-01-hyptop-diag0c.patch + s390-tools-sles12sp1-feat-02-hyptop-lpar-smt.patch + s390-tools-sles12sp1-feat-03-zipl-mt-dump.patch + s390-tools-sles12sp1-feat-04-zipl-zgetdump-simd-dump.patch + s390-tools-sles12sp1-feat-05-cpumf.patch + s390-tools-sles12sp1-feat-06-lscpumf-disp-ctrs.patch + s390-tools-sles12sp1-feat-07-lscpumf-cf-sf-check.patch + s390-tools-sles12sp1-feat-08-chreipl-support-virtio_ccw.patch + s390-tools-sles12sp1-feat-09-lsqeth_display_switch_attrs.patch + s390-tools-sles12sp1-feat-10-qethqoat_OSA_Express_5S_support.patch + s390-tools-sles12sp1-feat-11-lszcrypt-CEX5S-support.patch + s390-tools-sles12sp1-feat-12-hmcdrvfs.patch + s390-tools-sles12sp1-lsluns-check-fcp-device-state.patch + s390-tools-sles12sp1-lszfcp-incorrect-device-types.patch + s390-tools-sles12sp1-znetconf-check-ccwgroup-devices-fix.patch + +------------------------------------------------------------------- +Fri Nov 6 18:59:20 UTC 2015 - mpost@suse.com + +- Added 59-prng.rules so that /dev/prandom will have permissions + of 0444. This will allow anyone to access the CPACF hardware + pseudo-random number generator. (bsc#946349) +- Updated the comments in 59-graf.rules to reflect the correct + location for the rule to be installed. + +------------------------------------------------------------------- +Fri Nov 6 00:27:17 UTC 2015 - mpost@suse.com + +- Modified dasd_reload to take HyperPAV alias devices offline + before the "normal" DASD and base devices, and then activate + the "normal" DASD and base devices before the alias devices. + (bsc#942373). + +------------------------------------------------------------------- +Fri Oct 30 22:47:12 UTC 2015 - mpost@suse.com + +- Updated read_values.c to point to the location IBM's makefile + for qclib puts the include file. (bsc#951518). +- Added a filter to s390-tools-rpmlintrc to mask a warning + about read_values being statically linked. This was intentional + since we didn't want to include the qclib-devel shared library + in the distribution since this is the only programt that uses + qclib-devel. + +------------------------------------------------------------------- +Fri Oct 23 16:12:53 CEST 2015 - hare@suse.de + +- Updated zfcp_host_configure to return '10' if the system + is set up for automatic LUN scanning (bsc#951547) + +------------------------------------------------------------------- +Tue Oct 13 21:51:59 UTC 2015 - mpost@suse.com + +- Replaced read_values.c with a newer version that uses the + query capacity library (qclib) from IBM. (FATE#319342) + +------------------------------------------------------------------- +Wed Sep 9 17:55:19 UTC 2015 - mpost@suse.com + +- Updated s390-tools-sles12-pardasdfmt.patch to fix error messages + that didn't have a "\n" on the end. (bsc#940818) +- Updated the spec file to install 40-z90crypt.rules into + /usr/lib/udev/rules.d/ (bsc#943777) +- Added the following patches from IBM (bsc#944390) + - s390-tools-sles12sp1-lszfcp-incorrect-device-types.patch + lszfcp: display of incorrect device types + - s390-tools-sles12sp1-znetconf-check-ccwgroup-devices-fix.patch + znetconf: cannot handle that no device is there + - s390-tools-sles12sp1-lsluns-check-fcp-device-state.patch + lsluns: do not scan FCP devices no longer online or in bad state + - s390-tools-sles12sp1-cmsfs-fuse-time-fix.patch + cmsfs-fuse: Fix time stamp handling for data sets + +------------------------------------------------------------------- +Wed Jul 22 19:17:39 UTC 2015 - mpost@suse.com + +- Removed s390-tools-sles12sp1-feat-13-lsdasd-add-path-information.patch + at the request of IBM. To be re-introduced for SLES12 SP2. +- Added s390-tools-sles12-dumpconf-fix-delay-minutes.patch (bsc#939054) + +------------------------------------------------------------------- +Wed Jun 17 21:28:15 UTC 2015 - mpost@suse.com + +- Split out the SE/HMC file access pieces into a new sub-package + (bsc#934372). + +------------------------------------------------------------------- +Thu Jun 11 22:07:37 UTC 2015 - mpost@suse.com + +- Added the following feature updates for SLES12 SP1 + - s390-tools-sles12sp1-feat-01-hyptop-diag0c.patch (bsc#934359, Fate#318069) + hyptop: Exploit diag 0c data + - s390-tools-sles12sp1-feat-02-hyptop-lpar-smt.patch (bsc#934324, Fate#318054) + hyptop: Support for SMT (SMT base support) + - s390-tools-sles12sp1-feat-03-zipl-mt-dump.patch (bsc#934371, Fate#318047) + zipl: Add MT dump support for zipl dump tools + - s390-tools-sles12sp1-feat-04-zipl-zgetdump-simd-dump.patch (bsc#934360, Fate#318057) + zipl: Add vector register support + - Add support for hardware sampling to the perf tool (bsc#934321, Fate#318025) + - s390-tools-sles12sp1-feat-05-cpumf.patch + s390/perf: add support for the CPU-measurement sampling Facility + - s390-tools-sles12sp1-feat-06-lscpumf-disp-ctrs.patch + cpumf: display counters only if the facility is available + - s390-tools-sles12sp1-feat-07-lscpumf-cf-sf-check.patch + cpumf: lscpumf erroneously reports sampling support + - s390-tools-sles12sp1-feat-08-chreipl-support-virtio_ccw.patch (bsc#934370, Fate#318962) + zipl/chreipl: Basic guest support for KVM hypervisors + - s390-tools-sles12sp1-feat-09-lsqeth_display_switch_attrs.patch (bsc#934364, Fate#318473) + lsqeth: Add support for switch port attributes + - s390-tools-sles12sp1-feat-10-qethqoat_OSA_Express_5S_support.patch (bsc#934350, Fate#318033) + qethqoat: OSA-Express5S Support + - s390-tools-sles12sp1-feat-11-lszcrypt-CEX5S-support.patch (bsc#934325, Fate#318044) + lszcrypt: Add support for CEX5S crypto adapters. + - s390-tools-sles12sp1-feat-12-hmcdrvfs.patch (bsc#934372, Fate#318067) + hmcdrvfs: SE/HMC file access + - s390-tools-sles12sp1-feat-13-lsdasd-add-path-information.patch (bsc#934352, Fate#318031) + lsdasd: add path information + +------------------------------------------------------------------- +Thu Apr 23 20:54:09 UTC 2015 - mpost@suse.com + +- Added three IBM patches (bsc#924973) + - s390-tools-sles12-dbginfo-libvirt-multipath-extension.patch + dbginfo.sh: Extend data collection for libvirt and multipath + - s390-tools-sles12-dbginfo-q-v-nic.patch + dbginfo.sh: Query virtual network settings for VM guests + - s390-tools-sles12-ziorep-busid-fix.patch + ziomon/ziorep: fix wrong assumption of 0.0.xxxx busids + +------------------------------------------------------------------- +Wed Mar 11 19:27:33 UTC 2015 - mpost@suse.com + +- Updated the cputype script to recognize the new z13 processor. +- Modified read_values.c to handle additional values from + /proc/sysinfo and redirect an error message to stderr (bsc#919293) +- Modified read_values.c to convert as much German to English as I could +- Added read_values.8 man page (bsc#919293) +- Added s390-tools-sles12-dasdstat-avoid-inconsistent-data.patch (bsc#920363) + dasdstat: avoid inconsistent data due to multiple reads/seeks +- Added s390-tools-sles12-qethqoat-and-qetharp-return-codes-fixed.patch (bsc#920363) + qethqoat and qetharp: return codes fixed + +------------------------------------------------------------------- +Mon Jan 19 18:53:34 UTC 2015 - mpost@suse.com + +- Added s390-tools-sles12-zipl-dump-part-check.patch (bsc#909524) + zipl dump tools: Fix end of partition check + +------------------------------------------------------------------- +Wed Dec 10 22:36:09 UTC 2014 - mpost@suse.com + +- Added three IBM patches (bsc#903048) + - s390-tools-sles12-dbginfo-option-for-output-directory.patch + dbginfo.sh: Add option to specify directory for data collection + - s390-tools-sles12-dbginfo-systemd-data-collection.patch + dbginfo.sh: Improve data collection for systemd and lsdasd + - s390-tools-sles12-cpuplugd-allow-more-than-64-CPUs.patch + cpuplugd: allow more than 64 CPUs + +------------------------------------------------------------------- +Thu Sep 4 19:01:52 UTC 2014 - mpost@suse.com + +- Modified zfcp_host_configure to write udev rules and update + /boot/zipl/active_devices.txt even if the HBA is already online. + (bnc#894229) +- Modified zfcp_san_disc to properly filter for remote ports. + (bnc#868494) + +------------------------------------------------------------------- +Wed Sep 3 17:08:55 UTC 2014 - mpost@suse.com + +- Added %conf /boot/zipl/active_devices.txt to the spec file. + (bnc#894480) + +------------------------------------------------------------------- +Wed Sep 3 01:43:27 CEST 2014 - ro@suse.de + +- sanitize release line in specfile + +------------------------------------------------------------------- +Tue Sep 2 17:13:38 UTC 2014 - mpost@suse.com + +- Added s390-tools-sles12-ipl_tools-fcp-loadparm.patch (bnc#894071) + ipl_tools: Add missing SCSI loadparm support + +------------------------------------------------------------------- +Mon Aug 18 20:46:11 UTC 2014 - mpost@suse.com + +- Added read_values to the package (Fate#313462). + Changed license from GPL-2.0+ to "GPL-2.0+ and BSD2c" + (BSD 2-Clause License) to account for the new command. + +------------------------------------------------------------------- +Wed Aug 13 16:08:27 UTC 2014 - mpost@suse.com + +- Modified dasd_reload script to deactivate any MD arrays before + trying to take any DASD offline. (bnc#876570) + +------------------------------------------------------------------- +Mon Aug 11 16:01:12 UTC 2014 - mpost@suse.com + +- Added s390-tools-sles12-zipl-fix-parmline-zero-termination.patch (bnc#891090) + zipl: fix zero termination of parmline + +------------------------------------------------------------------- +Mon Jul 28 17:03:39 UTC 2014 - mpost@suse.com + +- Added s390-tools-sles12-init-scripts-do-not-use-subsys.patch (bnc#888592) + init scripts: Do not use /var/lock/subsys + +------------------------------------------------------------------- +Fri Jul 25 14:23:02 CEST 2014 - hare@suse.de + +- Fixup script issues in zfcp_san_disc (bnc#868494) + +------------------------------------------------------------------- +Tue Jul 22 18:08:29 UTC 2014 - mpost@suse.com + +- Updated %post script to remove the warning about running zipl after + installing this package. That hasn't been necessary for quite a + while. (bnc#888248) + +------------------------------------------------------------------- +Fri Jul 11 11:25:53 UTC 2014 - mpost@suse.com + +- Implement cio_ignore.service (bnc#882685, bnc#886833) + Added cio_ignore.service and setup_cio_ignore.sh + Fixup dependencies for cio_ignore service + Fixup setup_cio_ignore.sh to correctly enable devices +- Added s390-tools-sles12-remove-FBA-detection-for-virtblk-devices.patch + (bnc#883989) + zipl: remove heuristic FBA detection for virtblk devices +- Updated mkdump script (bnc#884786): + - Don't create a file system on SCSI disks + - Use GPT partition tables instead of MSDOS to allow dumps > 2TB + - Use "zipl -d" instead of "zipl -D" for partition dumping +- Added a check for the existence of /boot/zipl/active.devices.txt + before trying to write to it in: + ctc_configure, dasd_configure, qeth_configure, and + zfcp_host_configure. +- Modified zfcp_host_configure to completely take the HBA offline + (bnc#872229). + +------------------------------------------------------------------- +Wed Jul 9 14:57:31 UTC 2014 - jjolly@suse.com + +- Now obtaining zfcpdump-part.image from kernel-zfcpdump package + +------------------------------------------------------------------- +Mon Jun 16 17:13:39 UTC 2014 - mpost@suse.com + +- Added a "udevadm settle" command to qeth_configure. + +------------------------------------------------------------------- +Mon Jun 16 13:40:05 CEST 2014 - pth@suse.de + +- Merge the work of John and Mark. + +------------------------------------------------------------------- +Fri Jun 13 23:34:58 UTC 2014 - mpost@suse.com + +- Updated the following scripts to add tracking for the devices + configured on the system for the cio_ignore kernel parameter: + - ctc_configure + - dasd_configure + - qeth_configure + - zfcp_host_configure + - Added an empty /boot/zipl/active_devices.txt file for the + tracking function (bnc#874902). + +------------------------------------------------------------------- +Fri Jun 13 19:33:51 UTC 2014 - jjolly@suse.com + +- zfcpdump.config - Configuration for zfcpdump kernel build +- series.conf - Added kernel build and removed post and postun + scripting to copy image + +------------------------------------------------------------------- +Thu Jun 12 16:27:10 UTC 2014 - mpost@suse.com + +- Added s390-tools-sles12-lsqeth-put-grep-regex-in-quotes.patch. (bnc#877138) + lsqeth: put grep regex in quotes + +------------------------------------------------------------------- +Wed May 28 20:25:49 UTC 2014 - mpost@suse.com + +- Add s390-tools-sles12-qethqoat-fix-buffer-overflow-for-interface-parameter.patch + qethqoat: buffer overflow (bnc#880378) + +------------------------------------------------------------------- +Tue May 13 19:45:59 UTC 2014 - mpost@suse.com + +- Removed all the patches related to the persistent device configuration + tools. The feature in FATE was withdrawn. + s390-tools-sles12-chzdev-creates-invalid-zFCP-udev-rules.patch + s390-tools-sles12-chzdev-fails-to-configure-IUCV.patch + s390-tools-sles12-chzdev-fails-to-group-layer-3-nics.patch + s390-tools-sles12-chzdev-fix-output.patch + s390-tools-sles12-chzdev-Improved-error-handling.patch + s390-tools-sles12-chzdev-lszdev-Compilation-warnings.patch + s390-tools-sles12-chzdev-lszdev-new-tools.1.patch + s390-tools-sles12-chzdev-lszdev-new-tools.2.patch + s390-tools-sles12-chzdev-lszdev-new-tools.3.patch + s390-tools-sles12-chzdev-lszdev-new-tools.4.patch + s390-tools-sles12-chzdev-lszdev-new-tools.5.patch + s390-tools-sles12-chzdev-lszdev-new-tools.6.patch + s390-tools-sles12-chzdev-lszdev-new-tools.7.patch + s390-tools-sles12-chzdev-lszdev-restore-makefile.patch + s390-tools-sles12-chzdev-lszdev-temp-fix.patch + s390-tools-sles12-chzdev-lszdev-temporary-makefile-revert.patch + s390-tools-sles12-chzdev-lun-and-wwpn-now-must-be-16-hex-digits.patch + s390-tools-sles12-chzdev-missing-online.patch + s390-tools-sles12-chzdev-optimize-css-search.patch + s390-tools-sles12-chzdev-revoke-to-specify-no-category.patch + s390-tools-sles12-chzdev-segfault-creating-netiucv-on-lpar.patch + s390-tools-sles12-chzdev-set-online-state-correctly.patch + s390-tools-sles12-chzdev-unable-to-enable-dasd-diag-access.patch + s390-tools-sles12-lszdev-chzdev-corrected-man-page.patch + s390-tools-sles12-lszdev-chzdev-misc-patches.patch + s390-tools-sles12-lszdev-corrected-device-lookup-for-btrfs.patch + s390-tools-sles12-lszdev-manual-page-update.patch + s390-tools-sles12-install-manpages.patch +- Added patch s390-tools-sles12-systemd-iucvterm-units.patch (bnc#877346) + Removed iucvtty@.service file, since the above patch replaces it. +- Added util-linux, gawk, and procps packages to the list of Requires + just to be safe (bnc#86736). + +------------------------------------------------------------------- +Mon May 5 18:53:08 UTC 2014 - mpost@suse.com + +- Added the following patches (bnc#876334) + - s390-tools-sles12-lsreipl-fix-fcp-reipl-type.patch + lsreipl: Show "fcp" instead of "fcp_dump" for fcp re-IPL target + - s390-tools-sles12-chzdev-Improved-error-handling.patch + chzdev: Improved error handling + - s390-tools-sles12-lszdev-corrected-device-lookup-for-btrfs.patch + lszdev: corrected lookup for filesystem on btrfs + - s390-tools-sles12-chzdev-lun-and-wwpn-now-must-be-16-hex-digits.patch + chzdev: LUN and WWPN now must be 16 hex digits + - s390-tools-sles12-chzdev-revoke-to-specify-no-category.patch + chzdev: Revoke to specify no category if needed + - s390-tools-sles12-lszdev-chzdev-corrected-man-page.patch + lszdev/chzdev: Update man page description for FCP LUNs + +------------------------------------------------------------------- +Mon Apr 21 16:28:01 UTC 2014 - mpost@suse.com + +- Added the following patches (bnc#874143) + - s390-tools-sles12-dbginfo-collect-journalctl.patch + dbginfo.sh: Add collection of journalctl + - s390-tools-sles12-chzdev-set-online-state-correctly.patch + chzdev: Did not get the online state correctly + - s390-tools-sles12-lszdev-chzdev-misc-patches.patch + lszdev/chzdev: Miscellaneous patches + +------------------------------------------------------------------- +Mon Apr 14 06:18:41 UTC 2014 - mpost@suse.com + +- Added the following patches (bnc#873239) + - s390-tools-sles12-chzdev-fix-output.patch + chzdev: tools generates numerous error messages + - s390-tools-sles12-lszdev-manual-page-update.patch + lszdev: Update of the manpage + - s390-tools-sles12-chzdev-optimize-css-search.patch + chzdev: Performance optimization to get css information + - s390-tools-sles12-chzdev-missing-online.patch + chzdev: Add missing online attribute +- Updated cputype to also display the IBM model number + +------------------------------------------------------------------- +Thu Apr 10 19:09:22 UTC 2014 - mpost@suse.com + +- Added cputype and cputype.8. Fate#317195. +- Updated and reformatted README.SUSE. It is no longer obsolete. +- Check to see if systemd is running before executing + systemctl daemon-reload in %post and %postun. + +------------------------------------------------------------------- +Mon Apr 7 19:50:41 UTC 2014 - mpost@suse.com + +- Moved the "Requires: perl" back to osasnmpd. +- Added "Requires: perl-base" to the main package. (bnc#871830). + +------------------------------------------------------------------- +Fri Apr 4 22:11:17 UTC 2014 - mpost@suse.com + +- Added s390-tools-sles12-chzdev-segfault-creating-netiucv-on-lpar.patch + chzdev: Segfault when creating netiucv device in lpar (bnc#872092) + +------------------------------------------------------------------- +Thu Apr 3 18:56:58 UTC 2014 - mpost@suse.com + +- Added s390-tools-sles12-chzdev-creates-invalid-zFCP-udev-rules.patch + chzdev: invalid udev rules for zFCP (bnc#871292) +- Added s390-tools-sles12-chzdev-fails-to-group-layer-3-nics.patch + chzdev: fails to create grouped Layer 3 NICs (bnc#871222) (bnc#871223) +- Added s390-tools-sles12-chzdev-fails-to-configure-IUCV.patch + chzdev: fails to configure/deconfigure IUCV interfaces (bnc#871230) +- Added s390-tools-sles12-chzdev-unable-to-enable-dasd-diag-access.patch + chzdev: fails to enable DIAG access mode for DASD (bnc#871226) +- Added s390-tools-sles12-chzdev-lszdev-Compilation-warnings.patch + chzdev/lszdev: warnings about unused functions and others (bnc#871220) + +------------------------------------------------------------------- +Mon Mar 31 15:49:52 UTC 2014 - mpost@suse.com + +- Modified the content of s390-tools-zdsfs.caution.txt slightly to + convey just where the zdsfs feature originated. +- Added "SUSE-NonFree" as the license for the zdsfs sub-package to get + the caution displayed when the package is installed. + +------------------------------------------------------------------- +Sat Mar 29 15:51:02 UTC 2014 - mpost@suse.com + +- Moved the "Requires: perl" from osasnmpd to the main package +- Added, coreutils, rsync, and tar to the list of "Requires." + +------------------------------------------------------------------- +Fri Mar 28 23:42:37 UTC 2014 - mpost@suse.com + +- Add s390-tools-sles12-qetharp-iface-arg-limit.patch (bnc#870948). + qetharp: limit interface name argument to 15 characters +- Added s390-tools-sles12-chzdev-lszdev-new-tools.7.patch (bnc849864). + Reduced the number of supported devices and some options. + The tools have a stripped down but better tested functionality. + +------------------------------------------------------------------- +Thu Mar 27 23:36:10 UTC 2014 - mpost@suse.com + +- Renamed the package containing zdsfs to s390-tools-zdsfs +- Replaced the dummy LICENSE file with s390-tools-zdsfs.caution.txt +- Modified the spec file to rename s390-tools-zdsfs.caution.txt to CAUTION + so it will get installed in /usr/share/doc/packages/s390-tools-zdsfs +- Fixed a bug with iucv_configure that caused any IUCV interfaces past + iucv9 to be ignored. +- Modified dasd_configure so that instead of simply exiting with a + return code of 8 when an unformatted DASD volume was found, it + would continue with writing the udev rules for it. (bnc#864719) + +------------------------------------------------------------------- +Wed Mar 26 00:19:08 UTC 2014 - mpost@suse.com + +- Modified zfcp_san_disc to work with the output from the latest lsscsi + command. (bnc#864417) +- Re-added DISTRELEASE=%{release} to the make and make install commands + in the spec file so that the version number output meets IBM's expectations. + (bnc#869982) + +------------------------------------------------------------------- +Fri Mar 7 06:57:12 UTC 2014 - mpost@suse.com + +- Modified zfcp_san_disc to add a timing loop to wait for the remote + FCP port to appear in sysfs. (bnc#864119) +- Moved the location of zipl.conf.sample from /etc/ to + /usr/share/doc/packages/s390-tools/ now that grub2 is the official + boot loader + +------------------------------------------------------------------- +Fri Feb 28 20:06:14 UTC 2014 - mpost@suse.com + +- Added s390-tools-sles12-chzdev-lszdev-new-tools.6.patch from IBM. + Many improvements on the formatting of the source files, new + options and man pages. Renamed scsi.c to zfcp.c and scsi.h to + zfcp.h. Cleaned up sources. + +------------------------------------------------------------------- +Thu Feb 27 13:14:47 UTC 2014 - thardeck@suse.com + +- Added a short explanation to the iucvtty template header + +------------------------------------------------------------------- +Sun Feb 23 21:30:34 UTC 2014 - thardeck@suse.com + +- Renamed iucvtty@hvc0.service to iucvtty@.service following the + getty template naming scheme +- Added installation section to iucvtty@.service so a iucvtty + instance can be activated for example with + `systemctl enable iucvtty@lxterm1.service` +- Prevented automatic creation of one default iucvtty instance + +------------------------------------------------------------------- +Thu Feb 20 19:29:39 UTC 2014 - mpost@suse.com + +- Added s390-tools-sles12-zipl-fix-kernel-parameter-line.patch (bnc#853930) + zipl: Fix potentially invalid argument in kernel parameter line. + +------------------------------------------------------------------- +Tue Feb 18 18:21:38 UTC 2014 - mpost@suse.com + +- Updated zfcp_disk_configure and zfcp_san_disc to work with NPIV + and auto LUN scanning in newer kernels. (bnc#864119) + +------------------------------------------------------------------- +Thu Feb 13 19:48:41 UTC 2014 - mpost@suse.com + +- Added s390-tools-sles12-chzdev-lszdev-new-tools.5.patch from IBM. + This patch fixes problems with module configuration, check & diff. + +------------------------------------------------------------------- +Tue Feb 11 19:10:15 UTC 2014 - mpost@suse.com + +- Added s390-tools-sles12-chzdev-lszdev-temp-fix.patch to fix a + segfault until IBM can get an update out. + +------------------------------------------------------------------- +Mon Feb 10 22:19:36 UTC 2014 - mpost@suse.com + +- Added s390-tools-sles12-znetconf-r-format.patch (bnc#863076) + qetharp: Allow for 16-char network interface names +- Added s390-tools-sles12-znetconf-r-format.patch (bnc#863076) + znetconf: Allow for 16-char network interface names + +------------------------------------------------------------------- +Fri Feb 7 18:42:08 UTC 2014 - mpost@suse.com + +- Updated to s390-tools-1.24.1. This includes (and obsoletes) the + fixes included in s390-tools-sles12-fix-31bit-compile-warnings.patch + as well as the following which were found during the Alpha phase: + Changes of existing tools: + - dbginfo.sh: Cleanup messages of the script + - dbginfo.sh: Reduced log output for sysfs collection + - dbginfo.sh: Adding data collection from journalctl + Bug Fixes: + - lsdasd: Fix device selection for a given busid + - zipl dump tools: Fix dump device size detection + - zipl dump tools: Ensure that last progress message is printed + - zipl: Fix I/O error recovery + - zipl: Fix FBA boot + - znetconf, lsqeth: Allow for 16-char network interface names +- Updated all patches to refer to 1.24.1 instead of 1.24.0 +- Updated s390-tools-sles12-pardasdfmt.patch to fit the new source code. + +------------------------------------------------------------------- +Fri Feb 7 00:21:49 UTC 2014 - mpost@suse.com + +- Replaced s390-tools-sles12-chzdev-lszdev-new-tools.patch with the original + set of patches from IBM, now that everything compiles: + s390-tools-sles12-chzdev-lszdev-new-tools.1.patch + s390-tools-sles12-chzdev-lszdev-new-tools.2.patch + s390-tools-sles12-chzdev-lszdev-new-tools.3.patch +- Added s390-tools-sles12-chzdev-lszdev-temporary-makefile-revert.patch and + s390-tools-sles12-chzdev-lszdev-restore-makefile.patch since the patches + as shipped from IBM are not being built against the current version of + the s390-tools source. +- Added s390-tools-sles12-chzdev-lszdev-new-tools.4.patch from IBM. +- Updated s390-tools-sles12-install-lszdev-manpage.patch to also + install chzdev.8 and renamed it to s390-tools-sles12-install-manpages.patch + Also explicitly set the file permissions to 644. +- Added %dir entries in the spec file for /var/adm/backup/chzdev + and /var/adm/backup/chzdev/udev +- Removed s390-tools-sles12-chzdev-iucv-typo-fix.patch since the lastest + IBM update included the fix. + +------------------------------------------------------------------- +Wed Feb 5 00:29:24 UTC 2014 - mpost@suse.com + +- Updated and re-added s390-tools-sles12-pardasdfmt.patch. +- Modified mkdump.pl to not use the experimental "switch" feature. + (bnc#861954) +- Modified s390-tools-sles12-zipl_boot_msg.patch to add an extra + blank line before and after the "note" to VM users to have it + look like it does today. +- Added "ZFCPDUMP_DIR=/usr/lib/s390-tools/zfcpdump" to the make + command so that zfcpdump would look in the right directory. +- Removed an unnecessary + "mkdir -p $RPM_BUILD_ROOT%{_datadir}/s390-tools/zfcpdump" from + the spec file +- Removed some of the new code from IBM for the Persistent Device + Configuration tool so that it would compile. This means that the + fixes for bnc#861579 and bnc#861581 can be deployed. +- Added s390-tools-sles12-chzdev-iucv-typo-fix.patch to correct a typo + in a sysfs path name. + +------------------------------------------------------------------- +Tue Jan 21 19:58:35 UTC 2014 - mpost@suse.com + +- Added dracut to the list of BuildRequires. +- Commented out all references to mkinitrd, since we might not have + to do anything in that area with the introduction of dracut. + +------------------------------------------------------------------- +Tue Jan 21 19:53:06 UTC 2014 - mpost@suse.com + +- Changed the licensing of mkdump.pl and mkdump.8 from "GPL2 or GPL3" + to GPL2 or later as requested. + +------------------------------------------------------------------- +Wed Jan 15 17:51:43 UTC 2014 - mpost@suse.com + +- Added s390-tools-sles12-fix-31bit-compile-warnings.patch. (bnc#851123) + +------------------------------------------------------------------- +Wed Dec 18 16:52:10 UTC 2013 - mpost@suse.com + +- Added s390-tools-sles12-lszcrypt-ep11-support.patch + lszcrypt: Support EP11 crypto adapters +- Updated s390-tools-sles12-zipl_boot_msg.patch to fit new source. +- Removed s390-tools-sles12-shorten-dump-msgs.patch. +- Updated s390-tools-sles12-chzdev-lszdev-new-tools.patch to fit + new source. + +------------------------------------------------------------------- +Thu Dec 12 17:00:54 UTC 2013 - mpost@suse.com + +- Added /usr/lib/systemd/system/iucvtty@.service for systemd support +- Renamed sles12.chzdev.lszdev.addition.patch to + s390-tools-sles12-chzdev-lszdev-new-tools.patch + +------------------------------------------------------------------- +Tue Nov 19 19:51:15 UTC 2013 - mpost@suse.com + +- First attempt at building s390-tools 1.24.0 +- Removed the blktrace_api.h as it is no longer needed. +- Removed vmlogrdr.hotplug since that was for Linux 2.4 kernels. + +------------------------------------------------------------------- +Fri Nov 8 21:45:33 UTC 2013 - mpost@suse.com + +- IBM s390-tools-1.15.0 Maintenance Patches (#2) + - s390-tools-sles11sp3-zipl-zfcpdump-possible-cpus.patch + zipl: Use "possible_cpus" kernel parameter + - s390-tools-sles11sp3-dbginfo-missing_man_page.patch + dbginfo.sh: Add missing man page +- qeth_configure: Ensure any user-input hexidecimal numbers are in lower case. (bnc#829513) + +------------------------------------------------------------------- +Fri Sep 6 17:01:23 UTC 2013 - mpost@suse.com + +- [CIO] Add robustness against missing interrupts to non-path-grouped internal IO requests - s390-tools part (bnc#837742) + - s390-tools-sles11sp3-lscss-add_vpm.patch + +------------------------------------------------------------------- +Mon Aug 19 19:45:40 UTC 2013 - mpost@suse.com + +- IBM s390-tools-1.15.0 Maintenance Patches (#1) (bnc#824766) + - s390-tools-sles11sp3-zipl-mvdump-fix-force.patch + zipl: Fix zipl "--force" option for DASD multi-volume dump + - s390-tools-sles11sp3-zgetdump-elf-hdr-alloc-fix.patch + zgetdump: Fix ELF header size calculation + +------------------------------------------------------------------- +Fri Aug 9 17:39:10 UTC 2013 - mpost@suse.com + +- IBM s390-tools-1.15.0 Maintenance Patches (#1) (bnc#824766) + - s390-tools-sles11sp3-dbginfo-handle-pipes-in-sysfs.patch + dbginfo.sh: Avoiding eclusion list for pipes in sysfs + +------------------------------------------------------------------- +Wed Jul 31 21:20:29 UTC 2013 - mpost@suse.com + +- Updated ctc_configure, dasd_configure, iucv_configure, qeth_configure, + zfcp_disk_configure and zfcp_host_configure so that DEBUG is usable as + an environment variable, and not hardcoded in the script. +- Updated ctc_configure to correct some typos. +- Updated iucv_configure + - Changed all instances of ROUTER to PEER_USERID to better reflect + what the value respresents. + - Updated the _iucv_dev loops to point to $_iucv_dir/netiucv?* to avoid + picking up entries for the new hvc_iucv* consoles. (bnc#749094) + - Convert the user-entered PEER_USERID to all upper case so the user + doesn't have to. (bnc#749094) +- Updated qeth_configure + - Changed all references of "control channel" to "data channel" to + match what it's called in the driver code and documentation. + - Fixed a few typos. +- Updated zfcp_host_configure to add a missing udev rule. (bnc#830321) +- Updated mkinitrd-setup-qeth.sh + - It now handles both VLAN and bonded channel interfaces + - Restructured the code to better handle the new functionality. +- Updated zpxe.rexx to correct some whitespace inconsistencies and to + uncomment a screen clearing that wasn't desired during testing, and + left that way by mistake. +- Modified %post script to wipe out any dangling symlinks before + creating new ones. (bnc#830288) +- Added the shadow package to the RPM PreReq list. (bnc#832428) +- Added man pages for ctc_configure, dasd_configure, iucv_configure, + qeth_configure, zfcp_disk_configure and zfcp_host_configure. + +------------------------------------------------------------------- +Tue Jul 30 14:49:01 UTC 2013 - mpost@suse.com + +- Added the shadow package to the list of PreReqs, per problem report from + Duncan Mac-Vicar P. + +------------------------------------------------------------------- +Thu Jun 13 18:33:14 UTC 2013 - mpost@suse.com + +- IBM s390-tools-1.15.0 Maintenance Patches (#1) (bnc#824766) + - dbginfo.sh: Improvements on logging, content and collecting sysfs. + - dbginfo.sh: enhancement for cryptograhic adapters + +------------------------------------------------------------------- +Wed May 8 15:03:22 UTC 2013 - mpost@suse.com + +- Added udev rules (59-graf.rules) for 3270 devices. (bnc#792991) + +------------------------------------------------------------------- +Thu May 2 16:03:07 UTC 2013 - mpost@suse.com + +- Updated qeth_configure to not create a udev entry for the layer2 + attribute on OSN devices. OSN devices don't support Layer 2. (bnc#788924) + +------------------------------------------------------------------- +Fri Apr 26 21:41:37 UTC 2013 - mpost@suse.com + +- Enabled kdump over the network (bnc#807794) + - Updated mkinitrd-setup-qeth to look at $static_interfaces $dhcp_interfaces + instead of $interfaces. + - Changed installation location of mkinitrd-boot-qeth.sh and mkinitrd-setup-qeth.sh + to /lib/mkinitrd/scripts instead of /usr/lib/s390-tools/mkinitrd/scripts. + +------------------------------------------------------------------- +Wed Apr 17 19:03:01 UTC 2013 - mpost@suse.com + +- Updated qeth_configure with the fix in bnc#794577, comment #9. + +------------------------------------------------------------------- +Wed Apr 17 18:31:25 UTC 2013 - mpost@suse.com + +- IBM s390-tools-1.15.0 Maintenance Patches (#13) (bnc#815053) + - zfcpdbf: fix offset and length of fields in trace records with + s390-tools-sles11sp3-zfcpdbf-offset-length-fields-trace-records.patch + +------------------------------------------------------------------- +Tue Apr 2 19:50:38 UTC 2013 - mpost@suse.com + +- Updated mkinitrd-setup-dasd.sh script to include udev rules for DASD + in DIAG mode. (bnc#808256) + +------------------------------------------------------------------- +Tue Mar 26 16:59:03 UTC 2013 - mpost@suse.com + +- Updated zpxe.rexx file. + - Lots more comments and error checking + - Made it more in the style a z/VM systems programmer would expect. + - Made it more generic than just for Cobbler + +------------------------------------------------------------------- +Fri Mar 22 20:36:13 UTC 2013 - mpost@suse.com + +- Updated License entries to GPL-2.0+ to conform with SPDX format (bnc#733581) + +------------------------------------------------------------------- +Mon Mar 18 21:30:34 UTC 2013 - mpost@suse.com + +- Changed all comments and message output in zfcp_host_configure and zfcp_disk_configure wit +h ZFCP to zFCP (3/18/2013) +- Updated ctc_configure, dasd_configure, iucv_configure, qeth_configure, zfcp_disk_configure +, zfcp_host_configure to replace $SYSFS with /sysfs in the one instance where $SYSFS would b +e null.- + +------------------------------------------------------------------- +Fri Mar 15 10:57:54 UTC 2013 - rmilasan@suse.com + +- Add/change links in /dev/disk/by-id on 'change' and 'add' udev + trigger (bnc#808042). + add: s390-tools-sles11sp2-update-by_id-links-on-change-and-add-action.patch + +------------------------------------------------------------------- +Mon Feb 18 18:22:34 UTC 2013 - mpost@suse.com + +- Added s390-tools-sles11sp3-add_lsscm.patch (bnc#792709) + +------------------------------------------------------------------- +Thu Feb 7 18:31:33 UTC 2013 - mpost@suse.com + +- Updated usage information on + - ctc_configure + - dasd_configure + - iucv_configure + - qeth_configure + - zfcp_disk_configure + - zfcp_host_configure (bnc#769561) +- Fixed ctc_configure to not try to bind a CTC or LCS interface + to the right driver module if it already is bound to the right one. + +-------------------------------------------------------------------- +Wed Feb 6 23:55:53 UTC 2013 - mpost@suse.com + +- s390-tools SP2/SP3 patchset #12 (bnc#795513): + - ziomon: follow symlinks to find multipath devices + - dbginfo.sh: Improvements on data collection and speed + - zfcpdump: Release HSA early if Linux kernel supports it + - ziomon: cope with scsi disks not part of multipath device + - zfcpdbf: fix decoding of deferred errors + +------------------------------------------------------------------- +Wed Jan 16 21:10:00 UTC 2013 - mpost@suse.com + +- lszcrypt: Add support for CEX4 crypto cards (bnc#794511, fate#314245) + +------------------------------------------------------------------- +Mon Dec 10 14:46:11 UTC 2012 - uli@suse.com + +- Fuzzy live dump for System z (bnc#789801, fate#314099) +- Add new zconf tool dasdstat (bnc#789803, fate#314076) +- Allow SCM access via EADM subchannels (bnc#792709, fate#314244) +- dasd: add safe offline interface (bnc#792967, fate#312679) + +------------------------------------------------------------------- +Thu Dec 6 13:09:51 UTC 2012 - uli@suse.com + +- kdump: Add s390-tools kdump support (bnc#786472, fate#314079) + +------------------------------------------------------------------- +Wed Nov 28 14:41:59 UTC 2012 - uli@suse.com + +- zfcp_san_disc: added fix for listing of LUNs on SVC/V7000 by + hare (bnc#742352) + +------------------------------------------------------------------- +Thu Nov 22 14:13:20 UTC 2012 - uli@suse.com + +- qeth_configure: add option to udev rule if setting it succeeds, + not if it fails (bnc#744317) + +------------------------------------------------------------------- +Fri Nov 16 14:24:02 UTC 2012 - uli@suse.com + +- zfcp_host_configure: handle non-numeric "online" argument + properly (bnc#769290) + +------------------------------------------------------------------- +Thu Nov 15 14:00:00 UTC 2012 - uli@suse.com + +- *_configure: print meaningful error messages on failure + (bnc#746660) + +------------------------------------------------------------------- +Thu Nov 15 13:50:06 UTC 2012 - uli@suse.com + +- s390-tools-1.15.0 Maintenance Patches #11 (bnc#780272) + - zipl: Flush disk buffers before installing IPL record + +------------------------------------------------------------------- +Fri Jul 20 13:40:01 UTC 2012 - uli@suse.com + +- s390-tools-1.15.0 Maintenance Patches #10 (bnc#760339) + - ziomon: Fix handling of multiple multipath devices + - lsluns: Fix checks for scsi generic (sg) functionality. + - lsluns: Check SCSI registration in loop, after LUN0&WLUN unit_add + +------------------------------------------------------------------- +Thu Apr 12 11:44:15 UTC 2012 - uli@suse.com + +- s390-tools-1.15.0 Maintenance Patches #9 (bnc#751477) + - cmsfs-fuse: Use pread/pwrite if mmap'ing the whole disk fails + - znetconf: layer autodetection not working for IP VSWITCH + - mon_statd: fix error "udevsettle: command not found" + - mon_statd: fix stopping of unused records + +------------------------------------------------------------------- +Tue Mar 27 16:05:33 UTC 2012 - jjolly@suse.com + +- Added /sbin/udevadm settle to zfcp_disk_configure (bnc#593773) + +------------------------------------------------------------------- +Mon Feb 6 10:35:41 CET 2012 - ihno@suse.de + +- Fix CTC device setup (reassigning channels from lcs to ctcm) (bnc#745034) + +------------------------------------------------------------------- +Thu Feb 2 15:55:00 UTC 2012 - uli@suse.com + +- fix LCS device setup in ctc_configure (bnc#741071) +- from SP1: + - updated qeth_configure and dasd_configure to support SUSE Studio Onsite + (bnc#699047) + - qeth_configure: Proper IP takeover during layer 3 operation (bnc#694124) + +------------------------------------------------------------------- +Wed Feb 1 12:02:54 UTC 2012 - uli@suse.com + +- more fixes: (bnc#743407) + - qethconf: fix/improve IPv6 address handling + - znetconf: layer autodetection not working under z/VM 6.x + +------------------------------------------------------------------- +Fri Jan 13 12:19:12 UTC 2012 - stefan.fent@suse.com + +- s390-tools-1.15.0 Maintenace Patches #7 (bnc #740749) + - ttyrun: Introduce verbose option for syslog messages + - HiperSockets Network Concentrator: correct warning + - HiperSockets Network Concentrator: adapt to kernel level + +------------------------------------------------------------------- +Thu Jan 12 21:59:49 UTC 2012 - jjolly@suse.com + +- qeth_configure: Added udevadm trigger to help rewrite necessary + network scripts (bnc#728059) + +------------------------------------------------------------------- +Fri Dec 16 16:49:56 UTC 2011 - uli@suse.com + +- dasdfmt: use proper way to detect DASD cylinder count (bnc#733787) +- build system fix (bnc#737189) + +------------------------------------------------------------------- +Mon Dec 5 12:16:03 UTC 2011 - uli@suse.com + +- dasdfmt: fix cylinder count for large disks in YaST mode + (bnc#733787) + +------------------------------------------------------------------- +Mon Dec 5 10:51:13 UTC 2011 - uli@suse.com + +- qetharp: Man page improvements (bnc#732669) + +------------------------------------------------------------------- +Tue Nov 29 13:05:01 UTC 2011 - uli@suse.com + +- fix dasdfmt usage text (bnc#732503) + +------------------------------------------------------------------- +Tue Nov 8 22:12:41 UTC 2011 - jjolly@suse.com + +- rules.xpram: Added rule to create xpram nodes for each slram + node (bnc#723521,LTC#75884) +- rules.hw_random: Added rule to create hw_random node when hwrng + is created (bnc#724083,LTC#75951) + +------------------------------------------------------------------- +Fri Nov 4 16:10:34 UTC 2011 - uli@suse.com + +- lsdasd: Improve performance when used with many DASDs (bnc#728041) + +------------------------------------------------------------------- +Fri Nov 4 13:02:25 UTC 2011 - uli@suse.com + +- qeth_configure: recognize 1731/02 as qeth device (bnc#720082) + +------------------------------------------------------------------- +Mon Oct 24 10:58:51 UTC 2011 - uli@suse.com + +- more fixes: (bnc#725132) + - zfcpdbf: Include and exclude messages display problem + - zfcpdbf: help option does not list version '-v' option + - cmsfs-fuse: Fix file size calculation for files larger than 2 GB + - cmsfs-fuse: Fix big write requests + - cmsfs-fuse: Multiple write requests for fixed record format files + - cmsfs-fuse: Fix EOF detection for fixed record format files + - zipl: fix scsi dump + - cmsfs-fuse: Fix block allocation on large disks + - cmsfs-fuse: Update the number of records on disk full condition + - cmsfs-fuse: Add support for FBA-512 disks + - dumpconf: Add full path of executable for killproc invocation + - zfcpdbf: Messages with round-trip processing timediff problem + - lsmem/chmem: Fix memory device size calculation + +------------------------------------------------------------------- +Thu Oct 13 12:36:16 UTC 2011 - thardeck@suse.com + +- moved iucvconn_on_login from doc to /usr/bin +- added rcdumpconf link + +------------------------------------------------------------------- +Fri Oct 7 14:08:38 UTC 2011 - uli@suse.com + +- more fixes: (bnc#722508) + - lsmem/chmem: Fix handling of memory holes + - dasdview: fix printing of random characters after busid + +------------------------------------------------------------------- +Fri Sep 16 10:02:32 UTC 2011 - uli@suse.com + +- more fixes: (bnc#718024) + - qetharp: fix buffer overflow + - lsqeth: add hsuid attribute + - af_iucv manpage: add HiperSockets transport + - dbginfo.sh: does not run under kernel 3.x + - lsdasd,lscss: suppress error messages when working on unsettled + sysfs tree. + - lsluns: check for required SCSI generic (sg) functionality. + - zipl: Prevent unsupported parmfile address. + +------------------------------------------------------------------- +Tue Sep 6 17:10:17 CEST 2011 - uli@suse.de + +- update dumpconf patches (bnc#716118) + +------------------------------------------------------------------- +Mon Sep 5 16:23:53 CEST 2011 - uli@suse.de + +- update -> 1.15.0 (obsoletes most patches, bnc#unknown) + +------------------------------------------------------------------- +Mon Aug 29 08:21:38 UTC 2011 - thardeck@suse.de + +- updated mkdump script + - fixed DASD dump device recognition (bnc#713801) + - fixed allow creating dump devices on unformatted DASDs (bnc#713677) +- dumpconf restart doesn't trigger delay minutes + - s390-tools-sles11sp2-01-dumpconf-restart.patch +- dumpconf support for eight vmcmd commands + - s390-tools-sles11sp2-02-dumpconf-8cmds.patch +- updated dumpconf sysconfig accordingly + - s390-tools-sles11sp2-sysconfig-compatible-dumpconf.patch + + +------------------------------------------------------------------- +Tue Aug 12 09:44:54 UTC 2011 - thardeck@novell.com + +- added new mkdump script (fate#304024) + - mkdump.pl: new version - backward compatible with mkdump.sh + - s390-tools-sles11sp2-mkdump-manpage.patch: man page for mkdump +- add sysconfig meta data to /etc/sysconfig/dumpconf + - s390-tools-sles11sp2-sysconfig-compatible-dumpconf.patch: add sysconfig + metadata to dumpconf + +------------------------------------------------------------------- +Fri Aug 12 08:38:04 UTC 2011 - uli@suse.de + +- fdasd: fix generation of disk label for option 'auto' and 'config' + (bnc#708534) +- restored corrupted patch s390-tools-sle11sp1-04-lscss-fix-tr-quoting.patch + +------------------------------------------------------------------- +Wed Aug 3 11:37:22 CEST 2011 - hare@suse.de + +- qeth_configure: Properly deregister with collect during + chpid vary off (bnc#474627) + +------------------------------------------------------------------- +Thu Jul 28 12:16:01 UTC 2011 - uli@suse.de + +- dasd_configure: deactivate DIAG mode properly when told to do so + (bnc#591037) + +------------------------------------------------------------------- +Thu Jul 28 11:47:02 UTC 2011 - uli@suse.de + +- bug fixes (bnc#708534): + - cpuplugd: Fix check for existing variable names + - cpuplugd: Fix typos and wording in man page + +------------------------------------------------------------------- +Fri Jul 22 11:28:55 UTC 2011 - uli@suse.de + +- hyptop didn't build because ncurses-devel was missing from + BuildRequires (bnc#698740) + +------------------------------------------------------------------- +Thu Jul 14 13:56:45 CEST 2011 - uli@suse.de + +- build hyptop and cmsfs-fuse (bnc#698740) +- maintenance patches (bnc#698755): + - dasdinfo: return error code in case of failure. + - lsluns: Fix showing all active LUNs not just well known LUNs. + - lsreipl: Prevent error messages for empty sysfs files + - cpuplugd: add cpu/cmm_min/max sanity checks + - cpuplugd: fix daemon startup race + +------------------------------------------------------------------- +Tue Jun 20 15:39:12 CEST 2011 - thardeck@suse.de + +- added zpxe.rexx script (fate#312134) + +------------------------------------------------------------------- +Tue Jun 14 15:32:29 CEST 2011 - uli@suse.de + +- s390-tools patchset #12 for SP2 (bnc#698740) + - s390-tools-12-sles11sp2-infrastructure.patch: Add infrastructure code + for new features + - s390-tools-12-sles11sp2-ttyrun.patch: ttyrun: run a program if a + terminal device is available (fate#312296) + - s390-tools-12-sles11sp2-hyptop.patch: hyptop: Show hypervisor + performance data on System z (fate#311766) + - s390-tools-12-sles11sp2-chreipl-enhancements.patch: chreipl: Re-IPL tool + "chreipl" enhancements (fate#311861) + - s390-tools-12-sles11sp2-tunedasd-query-reservation-status.patch: + tunedasd: add new option -Q / --query_reserve (fate#311910) + - s390-tools-12-sles11sp2-znetconf-osxosm.patch: znetconf: support for OSA + CHPID types OSX and OSM (fate#311898) + - s390-tools-12-sles11sp2-use-cio_settle.patch: chccwdev,chchp: Use + /proc/cio_settle (fate#311763) + - s390-tools-12-sles11sp2-cio_ignore.patch: cio_ignore: manage the I/O + exclusion list (fate#311763) + - s390-tools-12-sles11sp2-qethconf-msgexpl.patch: qethconf: Indicate + command failure and show message list. (fate#312067) + - s390-tools-12-sles11sp2-zipl-calculate_ramdisk_address.patch: zipl: + Remove DEFAULT_RAMDISK_ADDRESS (fate#311877) + - s390-tools-12-sles11sp2-zipl-automenu.patch: zipl: Add support for + automatic menus (fate#311908) + - s390-tools-12-sles11sp2-fdasd-partition_types.patch: fdasd: Implement + new partition types (fate#311921) + - s390-tools-12-sles11sp2-qetharp-ipv6-support.patch: qetharp: support + ipv6 for query arp cache for HiperSockets (fate#311912) + - s390-tools-12-sles11sp2-zgetdump-zipl-mkdump.patch: zgetdump/zipl: Add + ELF dump support (needed for makedumpfile) (fate#311893, fate#311895) + - s390-tools-12-sles11sp2-dumpconf-prevent-loop.patch: dumpconf: Prevent + re-IPL loop for dump on panic. (fate#311757) + - s390-tools-12-sles11sp2-cmsfs-fuse.patch: cmsfs-fuse: support for CMS + EDF filesystems via fuse. (fate#311847, fate#311858) + - s390-tools-12-sles11sp2-cpuplugd-cmm-improvements.patch: cpuplugd: + Improve memory ballooning with cpuplugd (fate#312069) + +------------------------------------------------------------------- +Tue May 10 15:32:37 UTC 2011 - jjolly@novell.com + +- s390-tools patchset #11 (bnc#689579) + - s390-tools-11-01-fdasd-buffer-overflow-in-error-message.patch: + fdasd: buffer overflow when writing to read-only device + (LTC#70680) + - s390-tools-11-02-cpuplugd-multiplication.patch: cpuplugd: Fix + incorrect multiplication in rules evaluation (LTC#71166) + - s390-tools-11-03-ziomon-outfile-invalid-option.patch: ziomon: + Option '--output' should be '--outfile' as documented + (LTC#71566) + - s390-tools-11-04-ziomon-debugfs-mount-path-checking.patch: + ziomon: Debugfs mount path check at /sys/kernel/debug + (LTC#71749) + +------------------------------------------------------------------- +Tue Apr 26 22:46:39 UTC 2011 - jjolly@novell.com + +- fdasd: added -f options to force execution on non-dasd devices + (bnc#689018) + +------------------------------------------------------------------- +Tue Feb 22 23:37:52 UTC 2011 - jjolly@novell.com + +- s390-tools patchset #10 (bnc#652287) + - s390-tools-10-01-ziomon-returncodes.patch: ziomon: ziomon + tools return 1 when using option -h, --help and -v (LTC#66507) + - s390-tools-10-02-qethconf-subchset.patch: qethconf: process + devices with subchannel set != 0 (LTC#66662) + - s390-tools-10-03-iucvtty-login-h.patch: iucvtty: do not + specify z/VM user ID as argument to login -h (LTC#66393) + - s390-tools-10-04-fdasd-format7-label.patch: fdasd/dasdfmt: fix + format 7 label (LTC#68122) + - s390-tools-10-05-cpuplugd-cmm_pages.patch: cpuplugd: cmm_pages + not set and restored correctly (LTC#68341) + - s390-tools-10-06-lsluns-svc.patch: lsluns: Fix LUN reporting + for SAN volume controller (SVC) (LTC#68559) + - s390-tools-10-07-lsluns-uppercase.patch: lsluns: Accept + uppercase and lowercase hex digits (LTC#68562) + +------------------------------------------------------------------- +Tue Aug 10 15:18:56 CEST 2010 - jjolly@suse.de + +- s390-tools patchset #9 (bnc#621182) + - s390-tools-09-01-ts-shell-group-names.patch: ts-shell: do not + restrict group names to be alphanumeric (LTC#61504) + - s390-tools-09-02-znetconf-driveroption.patch: znetconf: + --drive|-d option returning "unknown driver" for qeth + (LTC#64732) + - s390-tools-09-03-cpuplugd-stack-smash.patch: cpuplugd: fix + stack overwrite (LTC#64733) + - s390-tools-09-04-zfcpdbf-dates.patch: zfcpdbf: Fix --dates + option (LTC#65405) + - s390-tools-09-05-cpuplugd-cmm-limits.patch: cpuplugd: fix + cmm_min/max limit checks (LTC#65220) + - s390-tools-09-06-cpuplugd-cpu_min.patch: cpuplugd: set cpu_min + to 1 by default (LTC#65224) + - s390-tools-09-07-lsluns-adapter-offline.patch: lsluns: + uninitialized value on adapter offline (LTC#65768) + - s390-tools-09-08-zfcpdbf-uninitialized.diff: zfcpdbf: Fix "Use + of uninitialized value" and output issues (LTC#65904) + - s390-tools-09-09-xcec-mc.patch: xcec-bridge: Fix multicast + forwarding (LTC#66141) + +------------------------------------------------------------------- +Wed Jun 2 11:23:55 CEST 2010 - sf@suse.de + +- dasd_reload: iterate over all dasd udev-rules (bnc #606394) + +------------------------------------------------------------------- +Fri May 7 07:26:41 CEST 2010 - jjolly@suse.de + +- s390-tools-08-01-lsqeth-clear-print-array.patch: lsqeth: add + clearing of print array for every qeth device + (bnc#602015,LTC#63091) +- dasd_configure: Properly handling exit when dasd status is + unformatted (bnc#601918) +- dasdfmt.8: removed extra -P reference from man page (bnc#602003) + +------------------------------------------------------------------- +Thu Apr 22 17:11:53 CEST 2010 - jjolly@suse.de + +- s390-tools-07-01-lsdasd-document-option-b.patch: lsdasd: add + missing description of option -b to man page + (bnc#597838,LTC#62575) +- s390-tools-07-02-lsqeth-sysfs.patch: lsqeth: sysfs mount point + not determined (bnc#597838) + +------------------------------------------------------------------- +Mon Apr 19 22:18:40 CEST 2010 - jjolly@suse.de + +- s390-tools-sles11sp1-lsmem-chmem-v2.patch: lsmem/chmem: Tools to + manage memory hotplug. + +------------------------------------------------------------------- +Tue Apr 13 12:48:59 CEST 2010 - ihno@suse.de + +- disabled s390-tools-0001-Zipl-VirtIO-bootloader-code.patch + +------------------------------------------------------------------- +Tue Apr 13 12:30:05 CEST 2010 - agraf@suse.de + +- s390-tools-0001-Zipl-VirtIO-bootloader-code.patch: disable stack + protector (bnc#594445) + +------------------------------------------------------------------- +Fri Apr 9 07:44:50 CEST 2010 - jjolly@suse.de + +- s390-tools-0001-Zipl-VirtIO-bootloader-code.patch: enable virtio + bootloading (bnc#594445) + +------------------------------------------------------------------- +Mon Mar 29 20:33:48 CEST 2010 - jjolly@suse.de + +- IBM 390-tools patchset #6 (bnc#591089) + - s390-tools-sles11sp1-06-01-ziomon_fix_df_output.patch: ziomon: + Fix 'df' command usage (LTC#61794) + - s390-tools-sles11sp1-06-02-ziomon_fix_wrong_install_path.patch: + ziomon: Remove check for ziorep_config availability (LTC#61801) + - s390-tools-sles11sp1-06-03-zipl-force-help.patch: zipl: Option + "--force" is not included in text for "--help" (LTC#61973) + - s390-tools-sles11sp1-06-04-ziomon-fix_multipathing.patch: + ziomon: Fix problem with multipath command output (LTC#61977) + +------------------------------------------------------------------- +Fri Mar 12 04:48:06 CET 2010 - jjolly@suse.de + +- IBM s390-tools patchset #5 (bnc#587152) + - s390-tools-sles11sp1-05-01-zfcpdump-directio.patch: + zfcpdump: Use direct IO in order to increase dump speed + - s390-tools-sles11sp1-05-02-zipl_zfcp_partition.patch: + zipl: zfcp dump partition error + +------------------------------------------------------------------- +Fri Mar 12 04:39:05 CET 2010 - jjolly@suse.de + +- zipl/zfcpdump: Use "cgroup_disable=memory" kernel parameter + (bnc#572716) + +------------------------------------------------------------------- +Fri Mar 12 04:27:08 CET 2010 - jjolly@suse.de + +- mkswap.sh: Using udevadm instead of udevinfo (bnc#585130) + +------------------------------------------------------------------- +Mon Feb 22 07:59:02 CET 2010 - jjolly@suse.de + +- vmconvert: Fix progress bar shows garbage (bnc#580976,LTC#60883) + +------------------------------------------------------------------- +Fri Feb 19 22:05:22 CET 2010 - jjolly@suse.de + +- dasd_configure: do not set unformatted dasd offline (bnc#579584) + +------------------------------------------------------------------- +Mon Feb 8 14:03:39 CET 2010 - uli@suse.de + +- dasd_configure: avoid unnecessary delays (bnc#561876) + +------------------------------------------------------------------- +Tue Feb 2 11:55:58 CET 2010 - jjolly@suse.de + +- Patchset #3 (bnc#575676) including: + - s390-tools-sles11sp1-03-01-zipl-handle-ssch-status.patch: zipl: + handle status during IPL SSCH (LTC#59816) + - s390-tools-sles11sp1-03-02-chshut-disable-panic.patch: chshut: + Mismatch between man and -h (LTC#59864) + - s390-tools-sles11sp1-03-03-znetconf-chpidtypes-hex.patch: + znetconf: index into chpidtype lookup table must be hex. + +------------------------------------------------------------------- +Mon Jan 25 17:16:44 CET 2010 - uli@suse.de + +- add error codes 7 (failed to activate) and 8 (not formatted) + to dasd_configure (bnc#561876) + +------------------------------------------------------------------- +Mon Jan 25 16:59:12 CET 2010 - jjolly@suse.de + +- Add missing check and print NSS name in case an NSS has been + IPLed. (bnc#559509) + - Add missing NULL string termination when reading sysfs attributes + - Fix possible SIGSEGV for "chreipl node /dev/dasdxy" + +------------------------------------------------------------------- +Mon Jan 25 10:54:05 CET 2010 - jjolly@suse.de + +- Patchset #2 (bnc#566684,LTC#59000) including: + - s390-tools-sle11sp1-01-znetconf-returncodes.patch + - s390-tools-sle11sp1-02-ziorep-returncodes.patch (LTC#59379) + - s390-tools-sle11sp1-03-lstape_returncodes.patch (LTC#59386) + - s390-tools-sle11sp1-04-lscss-fix-tr-quoting.patch + - s390-tools-sle11sp1-05-lsqeth-new-attributes.patch +- Init info->yastmode in dasdfmt.c (bnc#571653,LTC#59524) +- zfcpdump: removed static linking (bnc#572716) + +------------------------------------------------------------------- +Tue Jan 12 12:58:03 CET 2010 - uli@suse.de + +- dasd_configure: give DASD some time to warm up (untested, + bnc#561876) + +------------------------------------------------------------------- +Mon Dec 7 12:52:51 CET 2009 - hare@suse.de + +- zipl: Handle device-mapper devices (bnc#556208) + +------------------------------------------------------------------- +Thu Dec 3 16:16:40 CET 2009 - jjolly@suse.de + +- s390-tools, 59-dasd.rules: fix path to vol_id (bnc#554038) +- dasdview, fdasd: fix floating point error for unformatted devices + (bnc#554038) +- ziomon: Fix multipath device detection (bnc#554038) +- zipl: handle status during ipl (bnc#554038) + +------------------------------------------------------------------- +Sat Nov 21 00:26:45 CET 2009 - jjolly@suse.de + +- Reverted last change in order to add s390-tools 1.8.2 features: + - tty terminal server over IUCV (bnc#546431,FATE#307002) + - Large Volume support (bnc#546431,FATE#307003) + - DS8000 Disk Encryption (bnc#546431,FATE#307004) + - show disk encryption status + - FICON - Format Record 0 on ECKD devices (bnc#546431,FATE#307012) + - FCP - Performance data reports (bnc#546431,FATE#307000) + - Automatic IPL after dump (bnc#546431,FATE#307009) + - Add vmconvert option to vmur tool (bnc#546431,FATE#307010) + - Automatic scan of network devices (bnc#546431,FATE#307016) +- Bugfixes: + - general: Fix compile warnings & do minor bugfixes + - general: Adjust code to s390-tools upstream as far as possible + - lsreipl: Show defined vmcmd correctly + - fdasd: Fix auto mode behavior + - general: Corrections to comply with SUSE rpmlint +- Performance enhancements: + - dasd,zfcp: Add udev rule to set increased "default max readahead" + +------------------------------------------------------------------- +Wed Nov 18 17:42:21 CET 2009 - uli@suse.de + +- update -> 1.8.1: + - IUCV terminal server (fate#307002) + - DASD large volume support (fate#307003) + - obsoletes a ton of patches + +------------------------------------------------------------------- +Fri Nov 6 13:24:29 CET 2009 - hare@suse.de + +- Include mkinitrd scripts to setup qeth networking (bnc#541405) +- Fixup vol_id pathname in mkdump.sh (bnc#505553) + +------------------------------------------------------------------- +Sat Oct 17 06:06:07 CEST 2009 - jjolly@suse.de + +- Added s390-tools-sles11sp1-dasdfmt-norecord_r0.patch (bnc#477816) + +------------------------------------------------------------------- +Mon Oct 12 18:20:03 CEST 2009 - jjolly@suse.de + +- s390-tools-02-cpuplugd-cmminit.patch: cpuplugd: fix cmm + configuration file value initialization parser + (bnc#519430,LTC#54629) +- s390-tools-02-cpuplugd-limit.patch: cpuplugd: fix cmm_pages + allocation outside min and max range (bnc#519430,LTC#55472) +- s390-tools-02-cpuplugd-parser.patch: cpuplugd: Daemon does not + work in a memplug only environment (bnc#519430,LTC#54285) +- s390-tools-02-dasdinfo-fix-volume-serial.patch: dasdinfo: spaces + in volume serial break udev device links (bnc#519430,LTC#52881) +- s390-tools-02-dbginfo-remove-cpint.patch: dbginfo.sh: remove + occurences of "cpint" (bnc#519430,LTC#54777) +- s390-tools-02-zipl-fix-unsupported-device-driver.patch: zipl: + zipl does not exit for an unsupported device driver. + (bnc#519430,LTC#53660) + +------------------------------------------------------------------- +Thu Apr 23 21:27:09 CEST 2009 - jjolly@suse.de + +- dasdro: Updated hcp to vmcp (bnc#492504) + +------------------------------------------------------------------- +Tue Mar 31 23:16:37 CEST 2009 - jjolly@suse.de + +- s390-tools-01-dasdfmt-retry-reread-partition-table.patch: + dasdfmt: retry when BLKRRPART fails (bnc#486043,LTC#52233) +- s390-tools-01-dasdinfo_sysfs.patch: dasdinfo: error with new + sysfs layout (bnc#486043,LTC#52309) +- s390-tools-01-dasdview-fix-busid-lookup.patch: dasdview: fix + busid look-up (bnc#486043,LTC#52122) +- s390-tools-01-fdasd-buffer-overflow.patch: fdasd: fix buffer + overflow for long device names (bnc#486043,LTC#51817) +- s390-tools-01-ipl-panic.patch: lsshut: lsshut prints out an + unnecessary error message (bnc#486043) +- s390-tools-01-ziomon-scsi-tapes.patch: ziomon: SCSI tapes do not + work (bnc#486043,LTC#51282) +- s390-tools-01-zipl-fbadump-4gb.patch: zipl: FBA dump tool can + only dump up to 4GB. (bnc#486043,LTC#52257) + +------------------------------------------------------------------- +Tue Feb 24 22:47:45 CET 2009 - ihno@suse.de + +- Add a check in dasd_configure to check environment (LPAR or z/VM) + (bnc#477705) +- Add a general README.SUSE about commands provided by SUSE + (bnc#478009) +- Fix online help of zfcp_san_disc and added online for some + other commands (bnc#471830) + +------------------------------------------------------------------- +Thu Feb 19 14:36:07 CET 2009 - uli@suse.de + +- hsnc: pass OSA IF name to ip_watcher.pl (bnc#472366) + +------------------------------------------------------------------- +Wed Feb 18 11:43:49 CET 2009 - hare@suse.de + +- Fix remaining reference to hard-coded ECKD in dasd_configure + (bnc#470408) + +------------------------------------------------------------------- +Mon Feb 9 16:16:17 CET 2009 - uli@suse.de + +- dasdfmt: propagate child exit codes (bnc#459677) + +------------------------------------------------------------------- +Fri Feb 6 15:44:35 CET 2009 - hare@suse.de + +- Return error code if sg_luns failed in zfcp_san_disc (bnc#472352) +- Correctly configure FBA disks (bnc#470408) + +------------------------------------------------------------------- +Thu Feb 5 13:53:28 CET 2009 - uli@suse.de + +- use sysfs instead of /proc/qeth (bnc#472366) + +------------------------------------------------------------------- +Mon Jan 26 16:11:29 CET 2009 - hare@suse.de + +- Add %triggerin section to create zfcpdump correctly (bnc#446367) + +------------------------------------------------------------------- +Fri Jan 23 14:33:19 CET 2009 - uli@suse.de + +- fix boot.cpi behavior (bnc#457208) +- change CPI_SET default to yes (bnc#455978) + +------------------------------------------------------------------- +Thu Jan 22 15:12:04 CET 2009 - jjolly@suse.de + +- Initialize error value to 0 (bnc#467275) + +------------------------------------------------------------------- +Mon Jan 19 15:29:11 CET 2009 - uli@suse.de + +- run insserv on boot.cpi, write to set attribute to pass CPI + data (bnc#455978) + +------------------------------------------------------------------- +Mon Jan 12 16:26:03 CET 2009 - jjolly@suse.de + +- Added /usr/sbin/osasnmpd link to /usr/sbin/osasnmpd-2.6 + (bnc#458547) + +------------------------------------------------------------------- +Fri Jan 9 17:51:07 CET 2009 - jjolly@suse.de + +- s390-tools-sles11-ziomon-fix-qdio-statistics.patch: Fix qdio + statistics (bnc#417514) + +------------------------------------------------------------------- +Thu Dec 11 17:06:44 CET 2008 - hare@suse.de + +- Create /boot/zipl directory (bnc#457942) + +------------------------------------------------------------------- +Thu Dec 11 12:30:02 CET 2008 - hare@suse.de + +- Update mkinitrd scripts for zfcpdump (bnc#446367) +- Include patches from IBM (bnc#417514): + * Fix lszfcp -P after removal of a port + * Allow zfcpdump to work in more initrds + * tape390_display: Fix stack overwrite + +------------------------------------------------------------------- +Wed Dec 10 20:15:11 CET 2008 - jjolly@suse.de + +- Remove -s option from install sections in Makefiles. (bnc#417514) + +------------------------------------------------------------------- +Wed Dec 10 12:37:25 CET 2008 - hare@suse.de + +- Add mkinitrd requirement [bnc#457945] + +------------------------------------------------------------------- +Mon Dec 8 17:42:51 CET 2008 - kukuk@suse.de + +- Re-enable ExclusiveArchs + +------------------------------------------------------------------- +Fri Dec 5 16:07:01 CET 2008 - hare@suse.de + +- Generate zfcpdump image correctly + +------------------------------------------------------------------- +Fri Dec 5 12:30:04 CET 2008 - hare@suse.de + +- Updated to official 1.8.0 tarball from IBM (bnc#417514) + * lsluns: Do not print full path of tool for error messages - only basename + * ipl_tools: Add some new error messages + * dumpconf: Adjust dumpconf init script to new lsdasd + * ziomon: File header comments cleanup + * dbginfo.sh: Collect more debug info + * lsdasd: Remove CVS $Revision entries + * lszfcp: Throw error message if no devices are configured + * Prevent daemons from starting in single user mode +- Remove rpmlint patch +- Generate correct udev rule for boot from zfcp (bnc#434648) + +------------------------------------------------------------------- +Tue Dec 2 15:14:39 CET 2008 - uli@suse.de + +- fixed broken post/preun scripts (bnc#446367) + +------------------------------------------------------------------- +Fri Nov 21 08:34:29 CET 2008 - hare@suse.de + +- Fixed typo in dasd_configure (bnc#446998) + +------------------------------------------------------------------- +Thu Nov 20 08:32:38 CET 2008 - jjolly@suse.de + +- Moved creation/deletion of zfcpdump.{image,rd} into specfile + %post and %preun sections. (bnc#446367) + +------------------------------------------------------------------- +Thu Nov 20 08:19:33 CET 2008 - jjolly@suse.de + +- Added script to mkdump.sh that creates zfcpdump.{image,rd} + (bnc#446427) + +------------------------------------------------------------------- +Wed Nov 19 14:53:44 CET 2008 - jjolly@suse.de + +- Updated to 1.8.0 v8 tarball from IBM (bnc#417514) + - lstape: Fix problems with new sysfs layout. + - lszfcp: Update search for sysfs mount-point. + - zipl: Fix zipl build process: Copy only text section with objcopy. + - vmconvert: Remove leading newline for error messages. + - ipl_tools: Fix various parser problems. + - cpuplugd: Prevent compile warning. +- Removed link error patch + +------------------------------------------------------------------- +Fri Nov 14 16:18:51 CET 2008 - hare@suse.de + +- Install updated dasd udev rules (bnc#444688) +- Update dasd_configure to call udevadm settle (bnc#444672) +- Install zfcpdump mkinitrd scripts (FATE#304069) + +------------------------------------------------------------------- +Tue Nov 11 16:14:47 CET 2008 - hare@suse.de + +- Updated to 1.8.0 v7 tarball from IBM (bnc#417514) +- Removed obsolete patches +- rpmlint fixes + +------------------------------------------------------------------- +Tue Nov 11 13:40:14 CET 2008 - hare@suse.de + +- Update zfcp_{disk,host}_configure to work with port + auto discovery (bnc#435640) +- Fix zfcp_san_disc to remove the correct sg device + +------------------------------------------------------------------- +Mon Nov 10 11:46:47 CET 2008 - hare@suse.de + +- Update zfcp_san_disc to check for WLUNs first (bnc#437633) + +------------------------------------------------------------------- +Thu Nov 6 15:37:07 CET 2008 - uli@suse.de + +- with all the udev red tape, we forgot to actually set the port + number... (fate #304080) + +------------------------------------------------------------------- +Tue Nov 4 10:35:34 CET 2008 - hare@suse.de + +- Wait for DASD to become online (bnc#436980) + +------------------------------------------------------------------- +Mon Oct 27 14:04:32 CET 2008 - hare@suse.de + +- Update 59-dasd.rules (bnc#436980) +- Use udevadm instead of udevsettle (bnc#437349) + +------------------------------------------------------------------- +Mon Oct 27 13:34:40 CET 2008 - jjolly@suse.de + +- Updated to 1.8.0 v6 tarball from IBM (bnc#417514) + +------------------------------------------------------------------- +Wed Oct 22 10:28:13 CEST 2008 - hare@suse.de + +- Update zfcp_san_disc to work with automatic port discovery + (bnc#433863) + +------------------------------------------------------------------- +Mon Oct 20 15:49:33 CEST 2008 - uli@suse.de + +- restored change in qeth_configure from Sep 11 2008 that was + overwritten by checkin on Sep 23 2008 (bnc #436824) + +------------------------------------------------------------------- +Tue Oct 14 13:15:14 CEST 2008 - uli@suse.de + +- restored change in dasdfmt from May 19 that was overwritten + by subsequent checkins (bnc #368595, #434223) + +------------------------------------------------------------------- +Mon Oct 13 17:42:57 CEST 2008 - jjolly@suse.de + +- Updated to 1.8.0 v5 tarball from IBM (bnc#417514) + +------------------------------------------------------------------- +Thu Oct 9 16:25:50 CEST 2008 - uli@suse.de + +- added init script setting CPI data (fate #304052) + +------------------------------------------------------------------- +Fri Sep 26 15:07:01 CEST 2008 - jjolly@suse.de + +- Patched zipl/boot link to set build-id to none + +------------------------------------------------------------------- +Wed Sep 24 17:48:19 CEST 2008 - jjolly@suse.de + +- Updated to 1.8.0 v4 of the tarball +- Added the blktrace_api.h as it doesn't exist in + linux-kernel-headers at this time. + +------------------------------------------------------------------- +Tue Sep 23 09:52:20 CEST 2008 - hare@suse.de + +- Fix qeth_configure to always set the 'layer2' attribute + (bnc#428352) +- Update ctc_configure to set the protocol number correctly. + +------------------------------------------------------------------- +Fri Sep 19 13:20:28 CEST 2008 - hare@suse.de + +- Update dasd_reload script to work with udev rules (bnc#427458) + +------------------------------------------------------------------- +Thu Sep 18 17:39:46 CEST 2008 - jjolly@suse.de + +- Updated to 1.8.0 v3 of the tarball +- Patched make to remove .note.gnu.build-id header during objcopy + +------------------------------------------------------------------- +Thu Sep 11 15:45:57 CEST 2008 - uli@suse.de + +- qeth_configure: added -n option for specifying the port number + (fate #304080) + +------------------------------------------------------------------- +Wed Sep 3 11:09:34 CEST 2008 - hare@suse.de + +- Call mkinitrd_setup during %post and %postun (bnc#413709) +- Fix qeth_configure script +- Fix iucv_configure script + +------------------------------------------------------------------- +Tue Sep 2 18:08:41 CEST 2008 - jjolly@suse.de + +- Removed lib-zfcp-hbaapi to it's own package. +- Update to 1.8.0 + +------------------------------------------------------------------- +Thu Aug 7 15:26:37 CEST 2008 - hare@suse.de + +- Update ctc_configure to use ctcm module instead of ctc + +------------------------------------------------------------------- +Fri Jul 25 10:42:36 CEST 2008 - hare@suse.de + +- Add network configuration scripts (iucv|ctc|qeth)_configure +- Include mkinitrd scriptlets. +- Fix RPMLint warnings. + +------------------------------------------------------------------- +Tue Jul 22 08:19:02 CEST 2008 - hare@suse.de + +- Compress s390-tools-1.7.0 with bzip2 + +------------------------------------------------------------------- +Mon Jul 21 16:15:57 CEST 2008 - hare@suse.de + +- Update to 1.7.0 +- Build fixes for autobuild +- Build zfcpdump_v2 only + +------------------------------------------------------------------- +Fri Jul 18 16:23:44 CEST 2008 - hare@suse.de + +- Backport from SLES10 SP2 +- Update dasd_configure and zfcp_disk_configure script + +------------------------------------------------------------------- +Mon May 19 13:57:50 CEST 2008 - uli@suse.de + +- make old dasdfmt syntax work again (bnc#368595) + +------------------------------------------------------------------- +Fri Apr 18 10:50:56 CEST 2008 - hare@suse.de + +- Update to 1.6.3-v10 (bnc#380728) + * cpuplugd: cpuplugd could not be stopped + +------------------------------------------------------------------- +Fri Apr 4 09:57:25 CEST 2008 - hare@suse.de + +- Update to 1.6.3-v9 (bnc#376700) + * extend dasdinfo with a new compat-uid option + * cpuplugd: cpuplugd may loop on systems with only 1 cpu + * vmur: Fix man page + +------------------------------------------------------------------- +Mon Mar 17 14:42:33 CET 2008 - hare@suse.de + +- Update to 1.6.3-v8 (bnc#354137) + +------------------------------------------------------------------- +Mon Mar 3 15:02:07 CET 2008 - hare@suse.de + +- Fix build + +------------------------------------------------------------------- +Thu Feb 28 16:34:49 CET 2008 - hare@suse.de + +- Update to 1.6.3-v7 (bnc#365614) +- Update to libzfcp-hbaapi-1.4.2 (bnc#365612) + +------------------------------------------------------------------- +Mon Feb 18 15:44:13 CET 2008 - hare@suse.de + +- update to 1.6.3-v6 tarball +- Install cpuhotplugd (#341388, FATE#302806) +- Add zfcp_san_disc script (#361848) + +------------------------------------------------------------------- +Tue Jan 22 18:15:30 CET 2008 - jjolly@suse.de + +- update to 1.6.3-v3 tarbar (#355355) +- added cpuplugd config file to package (#355355) + +------------------------------------------------------------------- +Tue Nov 20 23:15:40 CET 2007 - jjolly@suse.de + +- update -> 1.6.3 (#341393) + +------------------------------------------------------------------- +Thu Oct 11 19:01:42 CEST 2007 - jjolly@suse.de + +- Modified script to wait for hbaapi module to complete loading + (#332251) + +------------------------------------------------------------------- +Wed Oct 10 14:51:22 CEST 2007 - jjolly@suse.de + +- Added zfcp_san_disc utility (#332458) + +------------------------------------------------------------------- +Thu Sep 13 18:36:46 CEST 2007 - jjolly@suse.de + +- Added priority value for SWAPON within /etc/init.d/xpram + (#308074) + +------------------------------------------------------------------- +Sat Jul 14 00:48:14 CEST 2007 - jjolly@suse.de + +- Correctly return error codes in mkdump.sh (#276429) + +------------------------------------------------------------------- +Thu Mar 8 14:55:03 CET 2007 - hare@suse.de + +- Install mon_fsstatd correctly (#252115) + +------------------------------------------------------------------- +Mon Mar 5 16:24:27 CET 2007 - hare@suse.de + +- update -> 1.6.0 + * Implement dasdinfo and supply own udev rules (#222326) +- Fix major/minor number problem (#245342) +- install mon_fsstatd sysconfig and init scripts + +------------------------------------------------------------------- +Mon Feb 19 14:15:04 CET 2007 - uli@suse.de + +- update -> 1.6.0-v7 (documentation touchups, prevent fs corruption + when running zipl on linear dm targets) + +------------------------------------------------------------------- +Fri Feb 2 14:07:46 CET 2007 - hare@suse.de + +- update -> 1.6.0-v5 + * Expand S390_TOOLS_RELEASE macro correctly (#240667) + * Install the dumpconf utility +- Fix compilation issues. + +------------------------------------------------------------------- +Wed Jan 31 10:29:03 CET 2007 - hare@suse.de + +- update -> 1.6.0-v4: + * tape390_crpyt: Enhanced error handling + * New man page for /dev/prandom + +------------------------------------------------------------------- +Fri Jan 19 15:59:50 CET 2007 - hare@suse.de + +- update -> 1.6.0-v3; + Fixup 3590 crypt support. + +------------------------------------------------------------------- +Tue Jan 16 13:08:28 CET 2007 - hare@suse.de + +- zfcp_host_configure: modify the dev_loss_tmp setting + to 30 (bug #220556) + +------------------------------------------------------------------- +Thu Jan 11 13:18:49 CET 2007 - uli@suse.de + +- update -> 1.6.0-v2 +- fixed regexes in zfcp_disk_configure (bug #185798) + +------------------------------------------------------------------- +Fri Nov 3 15:01:14 CET 2006 - hare@suse.de + +- Fix build against new libsysfs. + +------------------------------------------------------------------- +Mon Jun 19 17:01:59 CEST 2006 - hare@suse.de + +- zfcp_disk_configure: translate the entire WWPN + string (#185798 - LTC24706) + +------------------------------------------------------------------- +Fri Jun 2 13:16:15 CEST 2006 - hare@suse.de + +- mkdump.sh: wait for udev to finish before continuing + (#163258 - LTC22904) + +------------------------------------------------------------------- +Fri May 19 15:26:16 CEST 2006 - hare@suse.de + +- Fix build of zgetdump (#176334 - LTC23955) +- Fix Makefile options +- Fix error messages for zfcp_(disk|host)_configure + (#159552 - LTC22536) + +------------------------------------------------------------------- +Thu May 18 11:44:12 CEST 2006 - hare@suse.de + +- mkdump.sh: fix check_devsize (#165818) + +------------------------------------------------------------------- +Tue May 9 22:31:50 CEST 2006 - ihno@suse.de + +- fixed activation of XPRAM devices. (#161352) + +------------------------------------------------------------------- +Fri Apr 28 13:51:23 CEST 2006 - hare@suse.de + +- mkdump.sh: use sfdisk instead of parted; + Fixup error messages (#165818) + +------------------------------------------------------------------- +Fri Apr 21 15:38:31 CEST 2006 - hare@suse.de + +- dasd_configure: Remove hwcfg file on deconfiguring device even + if no ccw device exists. + +------------------------------------------------------------------- +Wed Apr 19 22:14:54 CEST 2006 - ihno@suse.de + +- create mountpoint, if it does not exist (#157108) +- force the creation of swap/filesystem (#161363) + +------------------------------------------------------------------- +Thu Apr 13 16:06:31 CEST 2006 - uli@suse.de + +- dasdfmt: fixed man page, can now specify >1 device with -n, + support x.x.xxxx notation (bug #160058) + +------------------------------------------------------------------- +Fri Apr 7 11:20:09 CEST 2006 - hare@suse.de + +- Fix zfcp_disk_configure again (#160161 - LTC22622) +- mkdump.sh should wait for udev (#163258 - LTC22904) +- Install all scripts with the rpm (#162939 - LTC22876) + +------------------------------------------------------------------- +Fri Mar 24 16:28:30 CET 2006 - hare@suse.de + +- Update to s390-tools-1.5.3 +- Fix zipl boot message (#145612) +- Fix zfcp_disk_configure to correctly deactivate disks + (#160161 - LTC22622) + +------------------------------------------------------------------- +Thu Mar 23 16:39:39 CET 2006 - uli@suse.de + +- osasnmpd was inadvertently built for ucd-snmp; fixed + (bug #159501) + +------------------------------------------------------------------- +Wed Feb 22 09:58:53 CET 2006 - hare@suse.de + +- Update to s390-tools-1.5.2 +- Update to lib-zfcp-hbaapi-1.4 +- dasd_configure should wait for udev before calling vmcp + (#149490 - LTC21537) +- Fix mkdump to not use blkid +- Minor fixes to mkdump + +------------------------------------------------------------------- +Wed Feb 8 12:40:32 CET 2006 - ihno@suse.de + +- fixed xpram to handle swap and + to keep the existing filesystem (#148662) + +------------------------------------------------------------------- +Wed Jan 25 21:45:00 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Tue Jan 24 17:02:32 CET 2006 - hare@suse.de + +- Unset DEBUG variable in dasd_configure +- Use 'vmcp' command instead of deprecated 'hcp' + +------------------------------------------------------------------- +Wed Jan 18 14:14:54 CET 2006 - hare@suse.de + +- Adding 'devs' to neededforbuild. + +------------------------------------------------------------------- +Thu Dec 15 16:35:12 CET 2005 - uli@suse.de + +- actually apply e2fsprogs patches +- replace get_user macro in kernel with version from 2.6.15 +- fix C++ errors in vmconvert +- create /boot/zipl directory + +------------------------------------------------------------------- +Tue Dec 6 10:32:00 CET 2005 - hare@suse.de + +- Update package to SLES9 SP3 version. + +------------------------------------------------------------------- +Fri Nov 11 11:41:01 CET 2005 - hare@suse.de + +- Write default values from zfcp_disk_configure (#120657 - LTC18813) +- Update to lib-zfcp-hbaapi-1.3 + +------------------------------------------------------------------- +Tue Nov 8 23:19:37 CET 2005 - ihno@suse.de + +- Update to Developer Codedrop 1.5.1 + +------------------------------------------------------------------- +Tue Oct 25 08:52:23 CEST 2005 - hare@suse.de + +- Fixed inconsistencies with lsdasd man page and online help. +- Check command line parameters of zfcpdbf for validity. + +------------------------------------------------------------------- +Fri Oct 21 13:53:42 CEST 2005 - hare@suse.de + +- Fix dasd_configure to handle DIAG mode correctly + (bugs #120166, #129704). + +------------------------------------------------------------------- +Tue Oct 18 17:25:47 CEST 2005 - uli@suse.de + +- start/killproc can't handle wrapper scripts; worked around + (bugs #127534, #127535) + +------------------------------------------------------------------- +Thu Sep 29 14:30:18 CEST 2005 - hare@suse.de + +- Fix vmlogrdr init script (#118581). + +------------------------------------------------------------------- +Fri Sep 23 15:45:36 CEST 2005 - hare@suse.de + +- Fix build of dasdfmt (#118027). +- Use RPM_OPT_FLAGS for build + +------------------------------------------------------------------- +Tue Sep 20 14:58:36 CEST 2005 - hare@suse.de + +- Update to s390-tools-1.5.0 (#117968). + +------------------------------------------------------------------- +Thu Jun 30 18:32:45 CEST 2005 - uli@suse.de + +- fixed neededforbuild + +------------------------------------------------------------------- +Mon Jun 20 11:48:21 CEST 2005 - hare@suse.de + +- Update to s390-tools-1.4.1 (#88526). + +------------------------------------------------------------------- +Wed Jun 15 16:59:48 CEST 2005 - uli@suse.de + +- add sysconfig file for osasnmpd parameters (bug #86631) +- fixed assembler syntax in zipl (stricter checking in new gas) + +------------------------------------------------------------------- +Wed Jun 15 16:17:25 CEST 2005 - yxu@suse.de + +- fix build with GCC4 +- add prebuild images and ramdisk for zfcp + +------------------------------------------------------------------- +Wed Jun 15 10:56:43 CEST 2005 - hare@suse.de + +- Fix start_hsnc.sh (#88526). + +------------------------------------------------------------------- +Tue Apr 19 16:47:18 CEST 2005 - hare@suse.de + +- Update to s390-tools-1.4.0 +- Include lib-zfcp-hbaapi-1.2 + +------------------------------------------------------------------- +Fri Nov 26 16:51:34 CET 2004 - hare@suse.de + +- Added new CU types 2107 and 1750 to dasd_configure (#48587). + +------------------------------------------------------------------- +Thu Nov 18 12:12:27 CET 2004 - hare@suse.de + +- Added /sbin/mkdump script for creating dump devices (#22182). + +------------------------------------------------------------------- +Wed Nov 10 01:14:35 CET 2004 - ro@suse.de + +- fix typo in specfile + +------------------------------------------------------------------- +Fri Nov 5 11:48:09 CET 2004 - hare@suse.de + +- Update to s390-tools-1.3.2 +- Fix output at formatting of >26 disks (#47699). + +------------------------------------------------------------------- +Wed Jul 14 08:39:45 CEST 2004 - hare@suse.de + +- Fixed default polling interval for appldata (#42694). + +------------------------------------------------------------------- +Mon Jul 5 15:21:46 CEST 2004 - uli@suse.de + +- rename osasnmpd-2.6 -> osasnmpd (bug #42588) + +------------------------------------------------------------------- +Mon Jul 5 15:03:45 CEST 2004 - hare@suse.de + +- Fixed init-scripts for appldata (#42694). +- Updated sysconfig files to correctly display variables. + +------------------------------------------------------------------- +Tue Jun 15 15:46:57 CEST 2004 - hare@suse.de + +- Fix cpint usage in initrd (no hcp available). + +------------------------------------------------------------------- +Mon Jun 14 19:57:10 CEST 2004 - ihno@suse.de + +- enabled and fixed osasnmpd generation (#41893) +- removed unused patch (fix is part of update 9 june) + +------------------------------------------------------------------- +Wed Jun 9 16:46:32 CEST 2004 - hare@suse.de + +- Update to s390-tools 1.3.1 (#41736). + +------------------------------------------------------------------- +Mon Jun 7 16:25:56 CEST 2004 - uli@suse.de + +- added missing %fillup_prereq (bug #41732) + +------------------------------------------------------------------- +Fri Jun 4 11:29:16 CEST 2004 - hare@suse.de + +- Check read-only status from dasd_configure (#38817) + +------------------------------------------------------------------- +Tue Jun 1 18:27:15 CEST 2004 - bk@suse.de + +- xpram script updated regarding checking of config settings(#40733) + +------------------------------------------------------------------- +Tue Jun 1 16:05:11 CEST 2004 - uli@suse.de + +- dasdro: do not rely on automatic loading of cpint module (bug #38817) + +------------------------------------------------------------------- +Thu May 27 21:16:37 CEST 2004 - ihno@suse.de + +- fixed uninitialized variable in fdasd (#40032) + +------------------------------------------------------------------- +Wed May 26 17:28:57 CEST 2004 - hare@suse.de + +- Fixed dasd_reload script to correctly reload any + configured DASD devices. +- Fixed zfcp_disk_configure to handle uppercase WWPNs +- Fixed dasd_configure to correctly handle DIAG devices +- Fixed dasd_configure to generate hwcfg files with correct + SCRIPTDOWN values. + +------------------------------------------------------------------- +Tue May 25 16:39:35 CEST 2004 - hare@suse.de + +- Added dasd_reload script for YaST2. + +------------------------------------------------------------------- +Tue May 18 17:16:14 CEST 2004 - uli@suse.de + +- fixed incorrect use of fillup_and_insserv (bug #40733) + +------------------------------------------------------------------- +Mon Apr 26 13:37:03 CEST 2004 - uli@suse.de + +- added dasdro script +- fixed warning in e2fsprogs code + +------------------------------------------------------------------- +Mon Apr 26 09:37:35 CEST 2004 - hare@suse.de + +- Fixed dasd_configure to not write hwcfg file if the + directory does not exist (#39387) + +------------------------------------------------------------------- +Fri Apr 23 16:38:17 CEST 2004 - hare@suse.de + +- Update to final version s390-tools-1.3.0 +- Fixed zfcp_host_configure to use sh instead of bash +- Fixed zfcp_disk_configure to not try to delete hwcfg-file + if the directory does not exist. + +------------------------------------------------------------------- +Tue Apr 6 14:24:56 CEST 2004 - hare@suse.de + +- Update *_configure scripts to only write hwcfg files + if directory exists +- Fix dasd_configure to load modules. + +------------------------------------------------------------------- +Fri Apr 2 16:47:53 CEST 2004 - hare@suse.de + +- Fixed xpram startup script. + +------------------------------------------------------------------- +Fri Mar 12 15:17:22 CET 2004 - uli@suse.de + +- made YaST mode easier to parse as reqd. by jsrain + +------------------------------------------------------------------- +Fri Mar 5 15:58:20 CET 2004 - hare@suse.de + +- Update to pre-Lobster codedrop. +- Added dasd/zfcp configuration scripts. +- Update to allow for preconfigured builds. + +------------------------------------------------------------------- +Fri Dec 19 16:16:50 CET 2003 - uli@suse.de + +- merged bk's changes from SLES8: + change hsnc to use sysconfig configuration style + +------------------------------------------------------------------- +Wed Dec 17 16:37:05 CET 2003 - uli@suse.de + +- dasdfmt: added parallel formatting +- dasdfmt: added easily parseable output mode ("YaST mode") + +------------------------------------------------------------------- +Tue Dec 16 16:39:45 CET 2003 - bk@suse.de + +- fix path of snmp agent directory in the ucd-snmp case + +------------------------------------------------------------------- +Fri Dec 12 16:58:23 CET 2003 - bk@suse.de + +- Version 1.2.3 with hsnc for SLES8(post-SP3-maint) and SLES9! +- add rc script for the HiperSockets Network Concentrator(hsnc) +- add spec support for using ucdsnmp on SLES8 and net-snmp on SLES9 +- add support to build the zfcpdump kernel in parallel using #jobs + +------------------------------------------------------------------- +Fri Nov 28 16:19:49 CET 2003 - bk@suse.de + +- Update to version 1.2.3 + +------------------------------------------------------------------- +Fri Nov 21 17:07:14 CET 2003 - hare@suse.de + +- Added missing '-lwrap' to osasnmpd. + +------------------------------------------------------------------- +Thu Nov 13 08:45:54 CET 2003 - hare@suse.de + +- Update to version 1.2.2 +- Checked in for STABLE / pre-SLES9. +- Update to use net-snmp instead of ucdsnmp. + +------------------------------------------------------------------- +Fri Oct 31 11:15:08 CET 2003 - ihno@suse.de + +- Update to zfcpdump to the one of version 1.2.2 + +------------------------------------------------------------------- +Tue Sep 2 18:27:41 CEST 2003 - hare@suse.de + +- Fixed changelog entry. + +------------------------------------------------------------------- +Wed Aug 27 18:34:23 CEST 2003 - hare@suse.de + +- Fixed zipl to use the correct path for zfcpdump.[image|rd] + (Bugzilla #29147). + +------------------------------------------------------------------- +Mon Jul 28 15:44:25 CEST 2003 - hare@suse.de + +- update from version 1.2.0 to 1.2.1 + - Fixed zfcpdump with ext2 ramdisk + +------------------------------------------------------------------- +Thu Jul 24 15:25:16 CEST 2003 - hare@suse.de + +- update from version 1.1.5 to 1.2.0 + - new zfcpdump for dumping on FC devices + - zipl now handles config files internally + - removed parsecfg + - included linux-2.4.19, busybox and e2fsprogs for + zfcpdump building + +------------------------------------------------------------------- +Wed Feb 5 15:52:31 CET 2003 - ihno@suse.de + +- update from version 1.1.3 to 1.1.5 + - remote gcc3.3 warnings (tape390_display) + - fixed dasdfmt.8 manpage + - fixed "free track" handling of fdasd + +------------------------------------------------------------------- +Wed Oct 23 15:24:03 CEST 2002 - bk@suse.de + +- add s390-tools-1.1.3-dasdviewfix.diff and manpage for /proc/chandev + +------------------------------------------------------------------- +Fri Sep 27 10:53:02 CEST 2002 - bk@suse.de + +- fix error message which will confuse some clients for sure(IBM) + +------------------------------------------------------------------- +Wed Aug 21 16:39:26 CEST 2002 - froh@suse.de + +- fix rcchandev to no longer source rc.config +- update to s390-tools-1.1.3-may2002.tar.gz from 2002-08-08 drop: + * osasnmpd: added new parameter '-x SOCKADDR' + +------------------------------------------------------------------- +Thu Aug 1 16:58:28 CEST 2002 - bk@suse.de + +- update to s390-tools-1.1.2-may2002.tar.gz from 2002-07-31 drop +- new subpackage osasmpd, only new files, so no split is possible. + +------------------------------------------------------------------- +Mon Jul 15 18:45:56 CEST 2002 - bk@suse.de + +- back to static zipl directory and fix uninstall message for updates + +------------------------------------------------------------------- +Fri Jul 12 00:45:24 CEST 2002 - bk@suse.de + +- loader uses versioned directory to avoid boot problems after update +- fix lib64 build problem + +------------------------------------------------------------------- +Tue Jun 11 18:42:55 CEST 2002 - bk@suse.de + +- update for ucdsnmp-4.2.5: + add tcpd to neededforbuild and add -lwarp to cflags of osasnmpd + define allow_severity and deny_severity for tcpd's libwrap + +------------------------------------------------------------------- +Fri Jun 7 23:40:55 CEST 2002 - bk@suse.de + +- update to may2002 stream, version 1.1.1 + +------------------------------------------------------------------- +Thu Feb 28 11:48:40 CET 2002 - froh@suse.de + +- added silo.sh script for YaST1 from the old package s390utils to + drop that package. + +------------------------------------------------------------------- +Mon Feb 11 18:56:25 CET 2002 - bk@suse.de + +- add s390-tools-5.diff to support newer kernels as well(2.4.17) + +------------------------------------------------------------------- +Mon Jan 28 19:00:09 CET 2002 - bk@suse.de + +- install: add _lib support for lib64 + +------------------------------------------------------------------- +Fri Dec 14 18:57:31 CET 2001 - bk@suse.de + +- Update to the Dec12 2001 drop s390-tools (-2, -3 and -4) patches +- zipl.conf: fix target setting of dumptape, add missing dumpdasd + +------------------------------------------------------------------- +Mon Nov 12 14:09:02 CET 2001 - bk@suse.de + +- add IBM diffs s390-tools-2.tar.gz and s390-tools-3.tar.gz + +------------------------------------------------------------------- +Fri Oct 19 00:52:11 CEST 2001 - bk@suse.de + +- fix error with killing tail in rcchandev verbose-reload + /sbin/rcchandev: line 219: 15941 Terminated tail -0f /var/log/warn 1>&2 + (shown in yast) + +------------------------------------------------------------------- +Fri Oct 12 17:09:51 CEST 2001 - bk@suse.de + +- zipl.conf: change obsolete /boot/zilo-kernel to /boot/kernel + +------------------------------------------------------------------- +Mon Sep 17 14:37:17 CEST 2001 - froh@suse.de + +- added the 2001-09-14 codedrop patches, which include these fixes: +- fdasd: + - added VTOC format 5 & 7 DSCB support + - added command line batch options for one partition, for a config + file and to suppress messages + - fixed OS/390 data set name munging (no more blanks, no more + changes after deleting and re-creating a partition) + - read-only disk access now fails + - fixed free space detection while adding partitions + - added command 'r' to re-create the whole VTOC +- dasdfmt: + - added VTOC format 7 DSCB support + - added blksize >4096 or <512 check (complain & fail) + - added marking of dasds as non-bootable during dasdfmt + - added Hashmarks (for 3270 terminals) and Progress bar +- misc: + - added multi volume support for system dump (tape 3480/90) + - added Tape device display support to system dump + - added 64 bit support for dasd and tape dump. + +------------------------------------------------------------------- +Wed Sep 12 18:54:42 CEST 2001 - bk@suse.de + +- Use the source of the 2001-08-20 codedrop for this version + and update the context of the zipl-reiserfs.diff acordingly. +- Also use the original source, let the spec do the unpacking. + This is less error-prone than doing it by hand and is quicker + to check. + +------------------------------------------------------------------- +Wed Aug 29 10:54:08 CEST 2001 - froh@suse.de + +- integrated 2.4.7-based codedrop, which adds a config file to fdisk + +------------------------------------------------------------------- +Mon Aug 13 21:34:43 CEST 2001 - bk@suse.de + +- better mark /etc/chandev.conf not only %config but also noreplace. +- patch zipl to work with reiserfs too. + +------------------------------------------------------------------- +Fri Aug 10 20:13:29 CEST 2001 - bk@suse.de + +- fix no newline at end of /etc/chandev.conf bug and polish text +- fix insserv recursion due to bogus syslog in Required-Start + +------------------------------------------------------------------- +Tue Aug 7 16:06:50 CEST 2001 - froh@suse.de + +- cleaned up docu in /etc/chandev.conf + +------------------------------------------------------------------- +Mon Aug 6 14:22:40 CEST 2001 - froh@suse.de + +- added support for /proc/chandev + +------------------------------------------------------------------- +Thu Jul 19 20:50:28 CEST 2001 - bk@suse.de + +- added Provides: s390utils:/sbin/dasdfmt (split from s390utils) + +------------------------------------------------------------------- +Fri Jul 13 18:31:30 CEST 2001 - mls@suse.de + +- fixed install section + +------------------------------------------------------------------- +Fri Jul 13 16:15:33 CEST 2001 - bk@suse.de + +- new package based on s390utils diff --git a/s390-tools.spec b/s390-tools.spec new file mode 100644 index 0000000..d739f4e --- /dev/null +++ b/s390-tools.spec @@ -0,0 +1,864 @@ +# +# spec file for package s390-tools +# +# Copyright (c) 2025 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# +# needssslcertforbuild + + +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir %{_localstatedir}/adm/fillup-templates +%endif +%if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150300 +# systemd-rpm-macros is wrong in 15.3 and below +%define _modprobedir /lib/modprobe.d +%endif +%global modprobe_d_files 90-s390-tools.conf +%if 0%{?suse_version} >= 1550 +%define _mysbindir %{_sbindir} +%else +%define _mysbindir /sbin +%endif + +Name: s390-tools +Version: 2.36.0 +Release: 0 +Summary: S/390 tools like zipl and dasdfmt for s390x (plus selected tools for x86_64) +License: MIT +Group: System/Kernel +URL: https://github.com/ibm-s390-tools/s390-tools +Source: https://github.com/ibm-s390-tools/s390-tools/archive/v%{version}.tar.gz#/s390-tools-%{version}.tar.gz +Source1: s390-tools-rpmlintrc +Source2: zipl.conf +Source3: hsnc +Source4: sysconfig.hsnc +Source5: xpram +Source6: sysconfig.xpram +Source7: appldata +Source8: sysconfig.appldata +Source10: dasdro +%if 0%{?suse_version} >= 1550 +Source11: dasd_reload.opensuse +Source12: mkdump.pl.opensuse +%else +Source11: dasd_reload.suse +Source12: mkdump.pl.suse +%endif +Source13: sysconfig.osasnmpd +Source14: zfcp_san_disc +Source15: mkdump.8 +Source18: zpxe.rexx +Source19: rules.xpram +Source20: rules.hw_random +%if 0%{?suse_version} >= 1550 +Source21: 59-graf.rules.opensuse +%else +Source21: 59-graf.rules.suse +%endif +Source22: s390-tools-zdsfs.caution.txt +%if 0%{?suse_version} >= 1550 +Source23: README.SUSE.opensuse +%else +Source23: README.SUSE.suse +%endif +Source24: cputype +Source25: cputype.1 +Source26: cio_ignore.service +Source27: setup_cio_ignore.sh +Source28: 59-prng.rules +Source29: 59-zfcp-compat.rules +Source30: 90-s390-tools.conf +%if 0%{?suse_version} >= 1550 +Source31: detach_disks.sh.opensuse +Source32: killcdl.opensuse +%else +Source31: detach_disks.sh.suse +Source32: killcdl.suse +%endif +Source33: lgr_check +Source34: sysconfig.virtsetup +Source35: virtsetup.service +%if 0%{?suse_version} >= 1550 +Source36: virtsetup.sh.opensuse +%else +Source36: virtsetup.sh.suse +%endif +Source37: appldata.service +Source38: hsnc.service +%if 0%{?suse_version} >= 1550 +Source39: vmlogrdr.service.opensuse +%else +Source39: vmlogrdr.service.suse +%endif +Source40: xpram.service +Source41: pkey.conf + +### Obsolete scripts and man pages to be removed once changes in other tools are made +### That's been delayed to at least SLES12 SP1, but I'm leaving the comments here. +Source86: read_values.c +Source87: read_values.8 +Source88: ctc_configure +%if 0%{?suse_version} >= 1550 +Source89: dasd_configure.opensuse +Source90: iucv_configure.opensuse +%else +Source89: dasd_configure.suse +Source90: iucv_configure.suse +%endif +Source91: qeth_configure +Source92: zfcp_disk_configure +Source93: zfcp_host_configure +Source94: ctc_configure.8 +Source95: dasd_configure.8 +Source96: iucv_configure.8 +Source97: qeth_configure.8 +Source98: zfcp_disk_configure.8 +Source99: zfcp_host_configure.8 +### +Source200: cargo_config +Source201: vendor.tar.gz +### + +### +# IBM patches +### +# SUSE patches +Patch900: s390-tools-sles12-zipl_boot_msg.patch +Patch901: s390-tools-sles15-sysconfig-compatible-dumpconf.patch +Patch902: s390-tools-sles12-create-filesystem-links.patch +%if 0%{?suse_version} >= 1550 +Patch903: s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.opensuse +%else +Patch903: s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.suse +%endif +Patch904: s390-tools-sles15sp3-Allow-multiple-device-arguments.patch +Patch905: s390-tools-sles15sp3-Format-devices-in-parallel.patch +Patch906: s390-tools-sles15sp3-Implement-Y-yast_mode.patch +Patch907: s390-tools-sles15sp3-Implement-f-for-backwards-compability.patch +Patch908: s390-tools-sles15sp3-dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch +Patch909: s390-tools-sles12-fdasd-skip-partition-check-and-BLKRRPART-ioctl.patch +Patch910: s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch +Patch911: s390-tools-sles15sp5-remove-no-pie-link-arguments.patch +Patch912: s390-tools-ALP-zdev-live.patch +Patch913: s390-tools-sles15sp6-kdump-initrd-59-zfcp-compat-rules.patch +### +Patch914: s390-tools-01-zipl_helper.device-mapper-add-missed-step-in-logical.patch +Patch915: s390-tools-02-zipl-src-fix-imprecise-check-that-file-is-on-specifi.patch +### +Patch920: s390-tools-General-update-01.patch +Patch921: s390-tools-General-update-02.patch +Patch922: s390-tools-General-update-03.patch +Patch923: s390-tools-General-update-04.patch +Patch924: s390-tools-General-update-05.patch +Patch925: s390-tools-General-update-06.patch +Patch926: s390-tools-General-update-07.patch +Patch927: s390-tools-General-update-08.patch +Patch928: s390-tools-General-update-09.patch +Patch929: s390-tools-General-update-10.patch +Patch930: s390-tools-General-update-11.patch +Patch931: s390-tools-General-update-12.patch +### +Patch935: s390-tools-Additional-update-01.patch +Patch936: s390-tools-Additional-update-02.patch +### +Patch950: s390-tools-pvimg-info-command-01.patch +Patch951: s390-tools-pvimg-info-command-02.patch +Patch952: s390-tools-pvimg-info-command-03.patch +### +Patch960: s390-tools-Support-unencrypted-SE-images-01.patch +Patch961: s390-tools-pvimg-info-command-04.patch +Patch962: s390-tools-pvimg-additional-01.patch +### +Patch990: s390-tools-slfo-01-parse-ipl-device-for-activation.patch +### + +BuildRequires: curl-devel +BuildRequires: dracut +BuildRequires: fuse3-devel +BuildRequires: gcc +BuildRequires: gcc-c++ +BuildRequires: gettext-tools +BuildRequires: glib2-devel +BuildRequires: glibc-devel-static +BuildRequires: libcryptsetup-devel > 2.0.3 +BuildRequires: libjson-c-devel +BuildRequires: libnl3-devel +BuildRequires: libxml2-devel +BuildRequires: mdevctl +BuildRequires: ncurses-devel +BuildRequires: net-snmp-devel +BuildRequires: openssl-devel >= 1.1.1l +BuildRequires: pesign-obs-integration +BuildRequires: systemd-devel +BuildRequires: tcpd-devel +BuildRequires: zlib-devel-static +### s390x +%ifarch s390x +BuildRequires: kernel-zfcpdump +BuildRequires: perl-Bootloader >= 0.4.15 +BuildRequires: qclib-devel-static +%endif +### Cargo +BuildRequires: rust +BuildRequires: cargo +BuildRequires: cargo-packaging +BuildRequires: openssl +### +# Don't build with pie to avoid problems with zipl +#!BuildIgnore: gcc-PIE +Requires: coreutils +Requires: procps +Requires: util-linux +%ifarch s390x +Requires: gawk +Requires: perl-base +Requires: rsync +Requires: s390-tools-genprotimg-data +Requires: tar +%endif +Requires(post): %fillup_prereq +Requires(post): permissions +Requires(pre): shadow +Recommends: blktrace +Provides: s390utils:/sbin/dasdfmt +Provides: group(cpacfstats) +Provides: group(ts-shell) +Provides: group(zkeyadm) +%ifarch x86_64 +Recommends: s390-tools-genprotimg-data +%endif +### +ExclusiveArch: s390x x86_64 + +%description +This package contains the tools (s390x, x86_64) needed to use Linux on IBM z Systems +and exploit many of the various capabilities of the hardware or z/VM. For example: + + - s390x +dasdfmt - low-level format tool for ECKD DASD +fdasd - partitions ECKD DASDs with z/OS compatible disk layout +zipl - boot loader and dump DASD initializer +zgetdump - tool to get linux system dumps from DASD + + - x86_64 +pvimg - create a protected virtualization image (genprotimg) +pvattest - create, perform, and verify protected virtualization attestation measurements +pvsecret - manage secrets for IBM Secure Execution guests. + +Warning: There is an auxiliary data package - s390-tools-genprotimg-data. + To install s390-tools properly, please use: + 'sudo zypper install s390-tools s390-tools-genprotimg-data' + +%package -n osasnmpd +Summary: OSA-Express SNMP subagent +License: GPL-2.0-or-later +Group: Productivity/Networking/Other +Requires: perl + +%description -n osasnmpd +Supports management information bases (MIBs) provided by OSA-Express +Fast Ethernet, Gigabit Ethernet, High Speed Token Ring and ATM Ethernet +LAN Emulation features in QDIO mode. + +It extends the capabilities of the net-snmp master agent (snmpd) and +communicates with him via the AgentX protocol. + +%package zdsfs +Summary: QSAM access to z/OS data +License: GPL-2.0-or-later AND NonFree +Group: Productivity/Networking/Other + +%description zdsfs +Use the zdsfs command for read access to z/OS data sets stored on one or more DASDs. + +The zdsfs file system translates the record-based z/OS data sets to UNIX file system +semantics. After mounting the devices, you can use common Linux tools to access +the files on the disk. Physical sequential data sets are represented as files. +Partitioned data sets are represented as directories, with each member being +represented as a file in that directory. + +%package hmcdrvfs +Summary: HMC drive file system based on FUSE +License: GPL-2.0-only +Group: System/Filesystems +Requires: fuse + +%description hmcdrvfs +This package contains a HMC drive file system based on FUSE and a tool +to list files and directories. + +%package -n libekmfweb1 +Summary: IBM Enterprise Key Management Foundation - Web Edition client library +License: MIT +Group: System/Libraries + +%description -n libekmfweb1 +libekmfweb1 is a client library that provides access to IBM' Enterprise Key +Management Foundation – Web Edition.0 EKMF Web provides efficient and +security-rich centralized key management for IBM z/OS data set encryption +on IBM Z servers. + +%package -n libekmfweb1-devel +Summary: IBM Enterprise Key Management Foundation - Web Edition client library +License: MIT +Group: Development/Libraries/C and C++ +Requires: libekmfweb1 = %{version} + +%description -n libekmfweb1-devel +libekmfweb1 is a client library that provides access to IBM' Enterprise Key +Management Foundation – Web Edition.0 EKMF Web provides efficient and +security-rich centralized key management for IBM z/OS data set encryption +on IBM Z servers. + +%package -n libkmipclient1 +Summary: IBM Key Management Interoperability Protocol (KMIP) client library +License: MIT +Group: System/Libraries + +%description -n libkmipclient1 +Key Management Interoperability Protocol (KMIP) is a client/server +communication protocol for the storage and maintenance of key, +certificate, and secret objects. This client library enables secure +creation and storage of cryptographic objects on the IBM Security Key +Lifecycle Manager server. You must configure client devices to connect +to the server for key management operations. + +%package -n libkmipclient1-devel +Summary: Header files for the IBM Z KMIP client library +License: MIT +Group: Development/Libraries/C and C++ +Requires: libkmipclient1 = %{version} + +%description -n libkmipclient1-devel +This package provides the header files and symbolic link to the +shared library for the IBM Z KMIP client library. + +%package chreipl-fcp-mpath +Summary: Use multipath information for re-IPL path failover +License: MIT +Group: System/Boot +BuildRequires: bash +BuildRequires: coreutils +## Required for build+install with ENABLE_DOC=1 +#BuildRequires: pandoc +BuildRequires: sed +#BuildRequires: gawk +#BuildRequires: gzip +Requires: bash +# Required for use with HAVE_DRACUT=1 +Requires: dracut +Requires: multipath-tools +Requires: udev +Requires(post): udev + +%description chreipl-fcp-mpath +The chreipl-fcp-mpath toolset monitors udev events about paths to the +re-IPL volume. If the currently configured FCP re-IPL path becomes +unavailable, the toolset checks for operational paths to the same +volume. If available, it reconfigures the FCP re-IPL settings to use an +operational path. + +%package genprotimg-data +Summary: Auxiliary data used by genprotimg +License: MIT +Group: System/Boot +BuildArch: noarch +Requires(pre): filesystem + +%description genprotimg-data +The pvimg (genprotimg) allows preparing and analyzing boot images +in the realm of IBM Secure Execution on a trusted environment, +such as the laptop of an admin by limiting the build targets +depending on the defined or detected host architecture. +This package provides auxiliary data used by pvimg(genprotimg). + +### *** s390x ************************************************************************* ### +%ifarch s390x + +%prep +%autosetup -p1 + +cp -vi %{SOURCE22} CAUTION + +install -D -m 0644 %{SOURCE200} .cargo/config.toml +tar -xzf %{SOURCE201} + +%build + +# The "DISTRELEASE=%%{release}" needs to be on both the make and make install +# commands, since make install runs sed commands against various scripts to +# modify the "-v" output appropriately. + +export OPT_FLAGS="%{optflags}" +export KERNELIMAGE_MAKEFLAGS="%%{?_smp_mflags}" + +%make_build \ + ZFCPDUMP_DIR=%{_prefix}/lib/s390-tools/zfcpdump \ + DISTRELEASE=%{release} \ + UDEVRUNDIR=/run/udev \ + HAVE_CARGO=1 \ + HAVE_DRACUT=1 +### all +gcc -static -o read_values ${OPT_FLAGS} %{SOURCE86} -lqc + +%install +mkdir -p %{buildroot}/boot/zipl +mkdir -p %{buildroot}%{_sysconfdir}/zkey/repository +%make_install \ + ZFCPDUMP_DIR=%{_prefix}/lib/s390-tools/zfcpdump \ + DISTRELEASE=%{release} \ + SYSTEMDSYSTEMUNITDIR=%{_unitdir} \ + UDEVRUNDIR=/run/udev \ + HAVE_CARGO=1 \ + HAVE_DRACUT=1 +### all + +# The make install command puts things in /etc/sysconfig and not the +# fillup-templates directory. Let's try moving them where they belong +mkdir -p %{buildroot}%{_fillupdir} +pushd %{buildroot}%{_sysconfdir}/sysconfig/ +for sysconffile in * + do mv -vi $sysconffile %{buildroot}%{_fillupdir}/sysconfig.$sysconffile + done +popd + +install -m 755 read_values %{buildroot}/%{_bindir}/ +install -m644 -t %{buildroot}/%{_mandir}/man8 %{SOURCE87} + +# The "usrmerge" has happened in openSUSE:Factory, but not yet in SLES. +# Make sure we look for the zfcpdump kernel image in the right place. +%if 0%{?suse_version} >= 1550 +install -D -m600 %{_prefix}/lib/modules/*-zfcpdump/image %{buildroot}%{_prefix}/lib/s390-tools/zfcpdump/zfcpdump-image +%else +install -D -m600 /boot/image-*-zfcpdump %{buildroot}%{_prefix}/lib/s390-tools/zfcpdump/zfcpdump-image +%endif + +install -D -m644 etc/cpuplugd.conf %{buildroot}%{_sysconfdir}/cpuplugd.conf +install -D -m644 etc/udev/rules.d/40-z90crypt.rules %{buildroot}%{_prefix}/lib/udev/rules.d/40-z90crypt.rules +install -D -m644 etc/udev/rules.d/57-osasnmpd.rules %{buildroot}%{_prefix}/lib/udev/rules.d/57-osasnmpd.rules +install -D -m644 etc/udev/rules.d/59-dasd.rules %{buildroot}%{_prefix}/lib/udev/rules.d/59-dasd.rules +install -D -m644 etc/udev/rules.d/90-cpi.rules %{buildroot}%{_prefix}/lib/udev/rules.d/90-cpi.rules +mv iucvterm/doc/ts-shell/iucvconn_on_login %{buildroot}%{_bindir}/iucvconn_on_login +install -D -m644 %{SOURCE26} %{buildroot}/%{_unitdir}/cio_ignore.service +install -D -m755 %{SOURCE27} %{buildroot}%{_prefix}/lib/systemd/scripts/setup_cio_ignore.sh +install -D -m755 %{SOURCE31} %{buildroot}%{_prefix}/lib/systemd/scripts/detach_disks.sh +install -D -m644 %{SOURCE35} %{buildroot}/%{_unitdir}/virtsetup.service +install -D -m755 %{SOURCE36} %{buildroot}%{_prefix}/lib/systemd/scripts/virtsetup.sh +install -D -m644 %{SOURCE37} %{buildroot}/%{_unitdir}/appldata.service +install -D -m644 %{SOURCE38} %{buildroot}/%{_unitdir}/hsnc.service +install -D -m644 %{SOURCE39} %{buildroot}/%{_unitdir}/vmlogrdr.service +install -D -m644 %{SOURCE40} %{buildroot}/%{_unitdir}/xpram.service +install -D -m644 %{SOURCE41} %{buildroot}%{_prefix}/lib/modules-load.d/pkey.conf + +cp %{SOURCE18} zpxe.rexx +cp %{SOURCE2} zipl.conf.sample +cp %{SOURCE23} README.SUSE + +cd %{buildroot} +install -D -m755 %{SOURCE3} %{buildroot}%{_prefix}/lib/systemd/scripts/hsnc +install -D -m644 %{SOURCE4} %{buildroot}%{_fillupdir}/sysconfig.hsnc +install -D -m755 %{SOURCE5} %{buildroot}%{_prefix}/lib/systemd/scripts/xpram +install -D -m644 %{SOURCE6} %{buildroot}%{_fillupdir}/sysconfig.xpram +install -D -m755 %{SOURCE7} %{buildroot}%{_prefix}/lib/systemd/scripts/appldata +install -D -m644 %{SOURCE8} %{buildroot}%{_fillupdir}/sysconfig.appldata +install -D -m755 %{SOURCE10} %{buildroot}%{_mysbindir}/dasdro +install -D -m755 %{SOURCE11} %{buildroot}%{_mysbindir}/dasd_reload +install -D -m755 %{SOURCE12} %{buildroot}%{_mysbindir}/mkdump +install -D -m644 %{SOURCE13} %{buildroot}%{_fillupdir}/sysconfig.osasnmpd +install -D -m755 %{SOURCE14} %{buildroot}%{_mysbindir}/zfcp_san_disc +install -D -m644 %{SOURCE15} %{buildroot}/%{_mandir}/man8 +install -D -m644 %{SOURCE19} %{buildroot}%{_prefix}/lib/udev/rules.d/52-xpram.rules +install -D -m644 %{SOURCE20} %{buildroot}%{_prefix}/lib/udev/rules.d/52-hw_random.rules +install -D -m644 %{SOURCE21} %{buildroot}%{_prefix}/lib/udev/rules.d/59-graf.rules +install -D -m644 %{SOURCE28} %{buildroot}%{_prefix}/lib/udev/rules.d/59-prng.rules +install -D -m644 %{SOURCE29} %{buildroot}%{_prefix}/lib/udev/rules.d/59-zfcp-compat.rules +install -D -m644 %{SOURCE30} %{buildroot}%{_modprobedir}/90-s390-tools.conf +install -D -m755 %{SOURCE32} %{buildroot}%{_mysbindir}/killcdl +install -D -m755 %{SOURCE33} %{buildroot}%{_mysbindir}/lgr_check +install -D -m644 %{SOURCE34} %{buildroot}%{_fillupdir}/sysconfig.virtsetup + +if [ ! -d %{_mysbindir} ]; then + rm -f %{_mysbindir} + mkdir -p %{_mysbindir} +fi +(cd %{buildroot}%{_sbindir}; ln -s service rcappldata) +(cd %{buildroot}%{_sbindir}; ln -s service rchsnc) +(cd %{buildroot}%{_sbindir}; ln -s service rcvmlogrdr) +(cd %{buildroot}%{_sbindir}; ln -s service rcxpram) +(cd %{buildroot}%{_sbindir}; ln -s service rccio_ignore) +(cd %{buildroot}%{_sbindir}; ln -s service rccpacfstatsd) +(cd %{buildroot}%{_sbindir}; ln -s service rccpi) +(cd %{buildroot}%{_sbindir}; ln -s service rccpuplugd) +(cd %{buildroot}%{_sbindir}; ln -s service rcdumpconf) +(cd %{buildroot}%{_sbindir}; ln -s service rcmon_fsstatd) +(cd %{buildroot}%{_sbindir}; ln -s service rcmon_procd) +(cd %{buildroot}%{_sbindir}; ln -s service rcvirtsetup) + +if [ ! -d %{_bindir} ]; then + rm -f %{_bindir} + mkdir -p %{_bindir} +fi +install -D -m755 %{SOURCE24} %{buildroot}%{_bindir}/cputype + +install -m644 -t %{buildroot}/%{_mandir}/man8 %{SOURCE25} + +# If building for openSUSE, move all the binaries installed via +# the IBM-provided Makefile from /sbin to /usr/sbin/ to +# align with the openSUSE "usrmerge" project +%if 0%{?suse_version} >= 1550 +mv -vi %{buildroot}/sbin/* %{buildroot}%{_mysbindir}/ +%endif + +### Obsolete scripts and man pages to be removed once changes in other tools are made +install -m755 -t %{buildroot}%{_mysbindir}/ %{SOURCE88} %{SOURCE91} %{SOURCE92} %{SOURCE93} +install %{SOURCE89} %{buildroot}%{_mysbindir}/dasd_configure +install %{SOURCE90} %{buildroot}%{_mysbindir}/iucv_configure +install -m644 -t %{buildroot}/%{_mandir}/man8 %{SOURCE94} %{SOURCE95} %{SOURCE96} %{SOURCE97} %{SOURCE98} %{SOURCE99} +### + +### lsmem/chmem have been added to util-linux +rm -fv %{buildroot}%{_mandir}/man8/lsmem.8* +rm -fv %{buildroot}%{_mandir}/man8/chmem.8* +rm -fv %{buildroot}%{_mysbindir}/lsmem +rm -fv %{buildroot}%{_mysbindir}/chmem + +### +find . ! -type d | + sed 's/^.//;\-/man/-s/^.*$/%doc &.gz/' > %{_builddir}/%{name}-filelist +grep -v -E 'osasnmp|etc/ziplenv|\.conf$|ekmfweb.so|ekmfweb.h|kmipclient|kmip/profiles/.*profile$|chreipl-fcp-mpath' %{_builddir}/%{name}-filelist >%{_builddir}/%{name}.list +grep osasnmp[^-] %{_builddir}/%{name}-filelist >%{_builddir}/%{name}.osasnmp + +touch boot/zipl/active_devices.txt +mkdir -p ./%{_libexecdir}/net-snmp/agents +cd ./%{_libexecdir}/net-snmp/agents +cat <osasnmpd +#!/bin/sh +PIDFILE=%{_localstatedir}/run/osasnmpd.pid +function cleanup +{ + rm -f \$PIDFILE + kill \`cat %{_localstatedir}/run/osasnmpd.real.pid\` +} +. %{_sysconfdir}/sysconfig/osasnmpd +trap cleanup 0 +echo \$\$ >\$PIDFILE +%{_mysbindir}/osasnmpd -f -P %{_localstatedir}/run/osasnmpd.real.pid \$OSASNMPD_PARAMETERS "\$@" +EOT +chmod 755 osasnmpd + +export BRP_PESIGN_FILES='/lib/s390-tools/stage3.bin' + +%verifyscript +%verify_permissions -e %{_localstatedir}/log/ts-shell/ + +%pre +# check for ts-shell group or create it +getent group ts-shell >/dev/null 2>&1 || groupadd -r ts-shell +# check for zkeyadm group or create it +getent group zkeyadm >/dev/null 2>&1 || groupadd -r zkeyadm +# check for cpacfstats group or create it +getent group cpacfstats >/dev/null 2>&1 || groupadd -r cpacfstats +%service_add_pre appldata.service +%service_add_pre cio_ignore.service +%service_add_pre cpacfstatsd.service +%service_add_pre cpi.service +%service_add_pre cpuplugd.service +%service_add_pre dumpconf.service +%service_add_pre hsnc.service +%service_add_pre mon_fsstatd.service +%service_add_pre mon_procd.service +%service_add_pre virtsetup.service +%service_add_pre vmlogrdr.service +%service_add_pre xpram.service +# Avoid restoring outdated stuff in posttrans +for _f in %{?modprobe_d_files}; do + [ ! -f "/etc/modprobe.d/${_f}.rpmsave" ] || \ + mv -f "/etc/modprobe.d/${_f}.rpmsave" "/etc/modprobe.d/${_f}.rpmsave.old" || : +done + +%post +read INITPGM < /proc/1/comm +if [ "${INITPGM}" = "systemd" ]; then + echo "Running systemctl daemon-reload." + systemctl daemon-reload +fi + +%set_permissions %{_localstatedir}/log/ts-shell/ + +# Create symbolic links to the scripts from setup and boot directories +%service_add_post appldata.service +%service_add_post cio_ignore.service +%service_add_post cpacfstatsd.service +%service_add_post cpi.service +%service_add_post cpuplugd.service +%service_add_post dumpconf.service +%service_add_post hsnc.service +%service_add_post mon_fsstatd.service +%service_add_post mon_procd.service +%service_add_post virtsetup.service +%service_add_post vmlogrdr.service +%service_add_post xpram.service + +# Create the initial versions of the sysconfig files: +%{fillup_only -n appldata} +%{fillup_only -n cpi} +%{fillup_only -n dumpconf} +%{fillup_only -n hsnc} +%{fillup_only -n mon_fsstatd} +%{fillup_only -n mon_procd} +%{fillup_only -n mon_statd} +%{fillup_only -n virtsetup} +%{fillup_only -n xpram} + +%triggerin -- kernel-default +grep -q '^%{_bindir}/ts-shell$' %{_sysconfdir}/shells \ + || echo "%{_bindir}/ts-shell" >> %{_sysconfdir}/shells + +%{?regenerate_initrd_post} + +%post -n osasnmpd +%{fillup_only -n osasnmpd} + +%post -n libekmfweb1 +ldconfig + +%post -n libkmipclient1 +ldconfig + +%post chreipl-fcp-mpath +%udev_rules_update + +%preun +%service_del_preun appldata.service +%service_del_preun cio_ignore.service +%service_del_preun cpacfstatsd.service +%service_del_preun cpi.service +%service_del_preun cpuplugd.service +%service_del_preun dumpconf.service +%service_del_preun hsnc.service +%service_del_preun mon_fsstatd.service +%service_del_preun mon_procd.service +%service_del_preun virtsetup.service +%service_del_preun vmlogrdr.service +%service_del_preun xpram.service + +%postun +%service_del_postun appldata.service +%service_del_postun cio_ignore.service +%service_del_postun cpacfstatsd.service +%service_del_postun cpi.service +%service_del_postun cpuplugd.service +%service_del_postun dumpconf.service +%service_del_postun hsnc.service +%service_del_postun mon_fsstatd.service +%service_del_postun mon_procd.service +%service_del_postun virtsetup.service +%service_del_postun vmlogrdr.service +%service_del_postun xpram.service + +%postun -n libekmfweb1 +ldconfig + +%postun -n libkmipclient1 +ldconfig + +# Even though SLES15+ is systemd based, the build service doesn't +# run it, so we have to make sure we can safely issue the +# systemctl command. +read INITPGM < /proc/1/comm +if [ "${INITPGM}" = "systemd" ]; then + echo "Running systemctl daemon-reload." + systemctl daemon-reload +fi + +if [ ! -x /boot/zipl ]; then + echo "Attention, after uninstalling this package," + echo "you will NOT be able to IPL from DASD anymore!!!" +fi + +if test x$1 = x0; then + # remove ts-shell from /etc/shells + grep -v '^%{_bindir}/ts-shell$' %{_sysconfdir}/shells > %{_sysconfdir}/shells.ts-new + mv %{_sysconfdir}/shells.ts-new %{_sysconfdir}/shells + chmod 0644 %{_sysconfdir}/shells +fi + +%{?regenerate_initrd_post} + +%posttrans +# Migration of modprobe.conf files to _modprobedir +for _f in %{?modprobe_d_files}; do + [ ! -f "/etc/modprobe.d/${_f}.rpmsave" ] || \ + mv -fv "/etc/modprobe.d/${_f}.rpmsave" "/etc/modprobe.d/${_f}" || : +done +%{?regenerate_initrd_posttrans} + +%preun -n osasnmpd +%{stop_on_removal osasnmpd} + +%files -f %{_builddir}/%{name}.list + +%doc README.md +%doc README.SUSE + +%doc iucvterm/doc/ts-shell +%doc zpxe.rexx +%doc zipl.conf.sample +%dir %{_sysconfdir}/iucvterm +%config %attr(0640,root,ts-shell) %{_sysconfdir}/iucvterm/ts-audit-systems.conf +%config %attr(0640,root,ts-shell) %{_sysconfdir}/iucvterm/ts-authorization.conf +%config %attr(0640,root,ts-shell) %{_sysconfdir}/iucvterm/ts-shell.conf +%config %attr(0640,root,ts-shell) %{_sysconfdir}/iucvterm/unrestricted.conf +%dir %attr(0770,root,zkeyadm) %{_sysconfdir}/zkey +%dir %attr(0770,root,zkeyadm) %{_sysconfdir}/zkey/kmip +%dir %attr(0770,root,zkeyadm) %{_sysconfdir}/zkey/kmip/profiles +%dir %attr(0770,root,zkeyadm) %{_sysconfdir}/zkey/repository +%config %{_sysconfdir}/zkey/kmip/profiles/* +%config(noreplace) %{_sysconfdir}/ziplenv +%dir %{_modprobedir} +%{_modprobedir}/90-s390-tools.conf +%config %{_sysconfdir}/cpuplugd.conf +%config %{_sysconfdir}/zkey/kms-plugins.conf +%config(noreplace) /boot/zipl/active_devices.txt +%dir %attr(2770,root,ts-shell) %{_localstatedir}/log/ts-shell +%dir %{_sysconfdir}/cmsfs-fuse +%config %attr(0640,root,root) %{_sysconfdir}/cmsfs-fuse/filetypes.conf +%dir %{_prefix}/lib/mdevctl +%dir %{_prefix}/lib/mdevctl/scripts.d +%dir %{_prefix}/lib/mdevctl/scripts.d/callouts +%dir %{_prefix}/lib/s390-tools +%dir %{_prefix}/lib/s390-tools/zfcpdump +%dir %{_prefix}/lib/udev/rules.d +%dir %{_prefix}/lib/systemd/scripts +%dir %{_datadir}/s390-tools +%dir %{_datadir}/s390-tools/netboot +%dir %{_prefix}/lib/dracut/modules.d/95zdev +%dir %{_prefix}/lib/dracut/modules.d/95zdev-kdump +%dir %{_prefix}/lib/dracut/modules.d/96zdev-live +%dir %{_prefix}/lib/dracut/modules.d/99ngdump +%dir /boot/zipl +%dir %{_libdir}/zkey +%{_libdir}/zkey/zkey-ekmfweb.so +%dir /lib/s390-tools/ +/lib/s390-tools/zipl.conf +%{_prefix}/lib/modules-load.d/pkey.conf +%exclude %{_prefix}/lib/udev/rules.d/57-osasnmpd.rules +%exclude %{_bindir}/zdsfs +%exclude %{_bindir}/hmcdrvfs +%exclude %{_sbindir}/lshmc +%exclude %{_mandir}/man1/zdsfs.1.gz +%exclude %{_mandir}/man1/hmcdrvfs.1.gz +%exclude %{_mandir}/man8/lshmc.8.gz +### +%dir /etc/mdevctl.d/scripts.d/ +%dir /etc/mdevctl.d/scripts.d/callouts/ +### +%exclude /lib/s390-tools/stage3.bin +%exclude %{_datadir}/s390-tools/pvimg/stage3a.bin +%exclude %{_datadir}/s390-tools/pvimg/stage3b_reloc.bin +### + +%files -n osasnmpd -f %{_builddir}/%{name}.osasnmp +%{_libexecdir}/net-snmp/agents/osasnmpd + +%files zdsfs +%doc CAUTION +%{_bindir}/zdsfs +%{_mandir}/man1/zdsfs.1%{?ext_man} + +%files hmcdrvfs +%{_bindir}/hmcdrvfs +%{_sbindir}/lshmc +%{_mandir}/man1/hmcdrvfs.1%{?ext_man} +%{_mandir}/man8/lshmc.8%{?ext_man} + +%files -n libekmfweb1 +%{_libdir}/libekmfweb.so.* + +%files -n libekmfweb1-devel +%{_libdir}/libekmfweb.so +%dir %attr(755,root,root) %{_includedir}/ekmfweb +%attr(644,root,root) %{_includedir}/ekmfweb/ekmfweb.h + +%files -n libkmipclient1 +%{_libdir}/libkmipclient.so.* + +%files -n libkmipclient1-devel +%{_libdir}/libkmipclient.so +%dir %attr(755,root,root) %{_includedir}/kmipclient +%attr(644,root,root) %{_includedir}/kmipclient/kmipclient.h + +%files chreipl-fcp-mpath +%doc chreipl-fcp-mpath/README.md +## Requires build+install with ENABLE_DOC=1 +#doc chreipl-fcp-mpath/README.html +%dir %{_prefix}/lib/chreipl-fcp-mpath/ +%{_prefix}/lib/chreipl-fcp-mpath/* +%{_prefix}/lib/dracut/dracut.conf.d/70-chreipl-fcp-mpath.conf +%{_prefix}/lib/udev/chreipl-fcp-mpath-is-ipl-tgt +%{_prefix}/lib/udev/chreipl-fcp-mpath-is-ipl-vol +%{_prefix}/lib/udev/chreipl-fcp-mpath-is-reipl-zfcp +%{_prefix}/lib/udev/chreipl-fcp-mpath-record-volume-identifier +%{_prefix}/lib/udev/chreipl-fcp-mpath-try-change-ipl-path +%{_udevrulesdir}/70-chreipl-fcp-mpath.rules +%{_mandir}/man7/chreipl-fcp-mpath.7%{?ext_man} + +### genprotimg +%files genprotimg-data +/lib/s390-tools/stage3.bin +%dir %{_datadir}/s390-tools/pvimg +%{_datadir}/s390-tools/pvimg/stage3a.bin +%{_datadir}/s390-tools/pvimg/stage3b_reloc.bin + +### _endif +### *** !s390x ************************************************************************* ### +### _ifarch x86_64 +%else + +%prep +%autosetup -p1 + +install -D -m 0644 %{SOURCE200} .cargo/config.toml +tar -xzf %{SOURCE201} + +%build +export OPT_FLAGS="%{optflags}" +export KERNELIMAGE_MAKEFLAGS="%%{?_smp_mflags}" + +%make_build \ + DISTRELEASE=%{release} \ + UDEVRUNDIR=/run/udev \ + HAVE_CARGO=1 \ + HAVE_DRACUT=1 + +%install + +%make_install \ + DISTRELEASE=%{release} \ + SYSTEMDSYSTEMUNITDIR=%{_unitdir} \ + UDEVRUNDIR=/run/udev \ + HAVE_CARGO=1 \ + HAVE_DRACUT=1 + +%files +%{_prefix}/bin/* +%dir %{_datadir}/s390-tools +%dir %{_datadir}/s390-tools/pvimg +%{_datadir}/s390-tools/pvimg/check_hostkeydoc +%{_mandir}/man1/* + +%endif + +%changelog diff --git a/setup_cio_ignore.sh b/setup_cio_ignore.sh new file mode 100644 index 0000000..621e2b1 --- /dev/null +++ b/setup_cio_ignore.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# +# setup_cio_ignore +# +# Remove the device ids found in /boot/zipl/active_devices.txt +# from cio_ignore +# + +if [ -e /boot/zipl/active_devices.txt ] ; then + while read dev etc ; do + [ "$dev" = "#" -o "$dev" = "" ] && continue; + cio_ignore -r $dev + done < /boot/zipl/active_devices.txt +fi + +exit 0 diff --git a/sysconfig.appldata b/sysconfig.appldata new file mode 100644 index 0000000..4d10342 --- /dev/null +++ b/sysconfig.appldata @@ -0,0 +1,35 @@ +# /etc/sysconfig/appldata + +## Path: Kernel/APPLDATA +## Description: Linux - z/VM Monitor Stream + +## Type: integer +## Default: 10000 +# +# Polling interval in milliseconds +# +APPLDATA_INTERVAL=10000 + +## Type: list(yes,no) +## Default: yes +# +# Load module for collecting data related +# to memory management. +# +APPLDATA_MEM="yes" + +## Type: list(yes,no) +## Default: yes +# +# Load module for collecting OS information +# (CPU utilization, running processes). +APPLDATA_OS="yes" + +## Type: list(yes,no) +## Default: no +# +# Load module for collecting accumulated +# network statistics (Packets received/transmitted, +# dropped, errors, ...) +# +APPLDATA_NET_SUM="no" diff --git a/sysconfig.hsnc b/sysconfig.hsnc new file mode 100644 index 0000000..4b8524a --- /dev/null +++ b/sysconfig.hsnc @@ -0,0 +1,23 @@ +## Path: Hardware/Network +## Description: HiperSockets Network Concentrator Configuration +## Type: list(unicast,full) +## Default: unicast +# +# unicast means, only unicast forwarded between the hsint's and osaint's. +# this is the default mode +# full means, unicast, multicast and broadcast are forwarded, if supported +# by the hardware +# +operating_mode="unicast" +## Type: string +## Default: "" +# +# describes all HiperSockets interfaces involved in the HSN +# +hsi_int="" +## Type: string +## Default: "" +# +# describes the OSA interface connecting to other LANs +# +osa_int="" diff --git a/sysconfig.osasnmpd b/sysconfig.osasnmpd new file mode 100644 index 0000000..eaa3db7 --- /dev/null +++ b/sysconfig.osasnmpd @@ -0,0 +1,14 @@ +## Path: Network/SNMP/OSA Express SNMP agent +## Description: OSA Express SNMP agent parameters +## Type: string +## Default: "" +## ServiceRestart: snmpd +# +# OSA Express SNMP agent command-line parameters +# +# Enter the parameters you want to be passed on to the OSA Express SNMP +# agent. +# +# Example: OSASNMPD_PARAMETERS="-l /var/log/my_private_logfile" +# +OSASNMPD_PARAMETERS="" diff --git a/sysconfig.virtsetup b/sysconfig.virtsetup new file mode 100644 index 0000000..167c79c --- /dev/null +++ b/sysconfig.virtsetup @@ -0,0 +1,48 @@ +## Path: System/Virtualization/Virtsetup +## Description: System preparation for z/VM Live Guest Relocation +## Type: yesno +## Default: no +# +# Whether disks should be automatically detached from the guest or not +# +ZVM_DETACH_DISKS="no" + +## Type: yesno +## Default: no +# +# If detaching disks from the guest, detach all disks not currently +# activated by Linux (as shown by lsdasd)? +ZVM_DETACH_ALL_UNUSED="no" + +## Type: string +## Default: "" +# +# If detaching disks from the guest, which ones should be detached +# +ZVM_DISKS_TO_DETACH="" + +## Type: string +## Default: "" +# +# If detaching disks from the guest, which ones should NOT be detached. +# If a disk is in this and ZVM_DISKS_TO_DETACH, the entry in this +# list takes precedence. +# +ZVM_DISKS_TO_NOT_DETACH="" + +## Type: yesno +## Default: yes +# +# Should we check various conditions that might prevent relocation? +# Only conditions that can be determined by an unprivileged guest +# will be checked. +# +ZVM_WARN_ABOUT_POSSIBLE_LGR_PROBLEMS="yes" + +## Type: yesno +## Default: yes +# +# Should we use the SCLP interface to inform PR/SM of the +# hostname of this system? +# +LPAR_SCLP_HOSTNAME="yes" diff --git a/sysconfig.xpram b/sysconfig.xpram new file mode 100644 index 0000000..edc5a26 --- /dev/null +++ b/sysconfig.xpram @@ -0,0 +1,48 @@ +## Path: Kernel/XPRAM +## Description: configure XPRAM device + +## Type: list(yes,no) +## Default: no +# +# Create an XPRAM device on this machine +# +XPRAM_START="no" + +## Type: list(yes,no) +## Default: no +# +# Create the new device even if there is valid data on the device. +# +XPRAM_FORCE="no" + +## Type: string +## Default: "xpram" +# +# Kernel module to load for the xpram device +# +XPRAM_MODULE="xpram" + +## Type: string +## Default: "/dev/slram0" +# +# Device node for the xpram device +# +XPRAM_DEVNODE="/dev/slram0" + +## Type: string +## Default: "" +# +# Mount point for the xpram device +# +XPRAM_MNTPATH="/abuild" + +## Type: string +## Default: "ext2" +# +# Filesystem type for the xpram device +# +XPRAM_FSTYPE="ext2" + +# Fix for SWAP priority setting +XPRAM_SWAP_PRI="42" + diff --git a/vendor.tar.gz b/vendor.tar.gz new file mode 100644 index 0000000..b20eaf3 --- /dev/null +++ b/vendor.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c5844b1b0c04b5d882966d8a3335385f39a0bcca0693b87c018d8a7949b87739 +size 46334305 diff --git a/virtsetup.service b/virtsetup.service new file mode 100644 index 0000000..59f3bfe --- /dev/null +++ b/virtsetup.service @@ -0,0 +1,13 @@ +[Unit] +Description=Perform hypervisor-specific setup and cleanup tasks +DefaultDependencies=no +Wants=default.target +After=default.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/lib/systemd/scripts/virtsetup.sh + +[Install] +WantedBy=default.target diff --git a/virtsetup.sh.opensuse b/virtsetup.sh.opensuse new file mode 100644 index 0000000..67af676 --- /dev/null +++ b/virtsetup.sh.opensuse @@ -0,0 +1,92 @@ +#!/bin/sh +# +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# +# Perform setup tasks based on what hypervisor is in charge. +# + +# Source the sysconfig file +if [ -r /etc/sysconfig/virtsetup ]; then + . /etc/sysconfig/virtsetup +else echo "No /etc/sysconfig/virtsetup file was found." + exit 1 +fi + +# +# Get our hostname +# +my_hostname="$(hostname)" + +# +# Find out the hypervisor we're running on/under. +# +hypervisor="$(/usr/bin/systemd-detect-virt)" + +case "${hypervisor}" in + zvm) + if [ ! -c /dev/vmcp ]; then + modprobe vmcp + sleep 1 + if [ ! -c /dev/vmcp ]; then + echo "Unable to load the vmcp kernel module." + exit 1 + fi + fi + echo "The vmcp device driver is ready." + if [ "${ZVM_DETACH_DISKS}" == "yes" ]; then + echo "Detaching devices to prepare for Live Guest Relocation." + /usr/lib/systemd/scripts/detach_disks.sh + fi + if [ "${ZVM_WARN_ABOUT_POSSIBLE_LGR_PROBLEMS}" == yes ]; then + /usr/sbin/lgr_check + fi + ;; + none) + hypervisor="lpar" + if [ "${LPAR_SCLP_HOSTNAME}" == "yes" ]; then + # If the sclp_cpi module is already loaded, we have to unload it + # so we can be sure it has the correct system name specified + # when we reload it again. + if grep -qw sclp_cpi /proc/modules 2>/dev/null; then + rmmod sclp_cpi + sleep 1 + fi + if grep -qw sclp_cpi /proc/modules 2>/dev/null; then + echo "Unable to unload the sclp_cpi kernel module." + exit 1 + fi + echo "Setting the LPAR name via the sclp_cpi module." + modprobe sclp_cpi system_name="$my_hostname" + if ! grep -qw sclp_cpi /proc/modules 2>/dev/null; then + echo "We were unable to load the sclp_cpi module to set the LPAR name." + exit 2 + fi + fi + ;; + kvm) + ;; + *) + echo "An unknown hypervisor, \"${hypervisor}\" was detected." + echo "Please report this to your support provider." + exit 3 + ;; +esac + +# +# Now let's check for any scripts that other packages may have provided +# to do specific things they need. The scripts must be marked executable +# and have a suffix indicating which hypervisor for which they are to be run. +# Currently that is one of: kvm, lpar, or zvm. +# E.g., 01-test.script.zvm would only be run if the system is a z/VM guest. +# + +for script in $(ls /lib/s390-tools/virtsetup/*.${hypervisor} 2>/dev/null) + do if [ -x "${script}" ]; then + echo "Executing ${script}..." + "${script}" + echo "Done." + echo + fi + done + +exit 0 diff --git a/virtsetup.sh.suse b/virtsetup.sh.suse new file mode 100644 index 0000000..fe7c7b8 --- /dev/null +++ b/virtsetup.sh.suse @@ -0,0 +1,92 @@ +#!/bin/sh +# +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# +# Perform setup tasks based on what hypervisor is in charge. +# + +# Source the sysconfig file +if [ -r /etc/sysconfig/virtsetup ]; then + . /etc/sysconfig/virtsetup +else echo "No /etc/sysconfig/virtsetup file was found." + exit 1 +fi + +# +# Get our hostname +# +my_hostname="$(hostname)" + +# +# Find out the hypervisor we're running on/under. +# +hypervisor="$(/usr/bin/systemd-detect-virt)" + +case "${hypervisor}" in + zvm) + if [ ! -c /dev/vmcp ]; then + modprobe vmcp + sleep 1 + if [ ! -c /dev/vmcp ]; then + echo "Unable to load the vmcp kernel module." + exit 1 + fi + fi + echo "The vmcp device driver is ready." + if [ "${ZVM_DETACH_DISKS}" == "yes" ]; then + echo "Detaching devices to prepare for Live Guest Relocation." + /usr/lib/systemd/scripts/detach_disks.sh + fi + if [ "${ZVM_WARN_ABOUT_POSSIBLE_LGR_PROBLEMS}" == yes ]; then + /sbin/lgr_check + fi + ;; + none) + hypervisor="lpar" + if [ "${LPAR_SCLP_HOSTNAME}" == "yes" ]; then + # If the sclp_cpi module is already loaded, we have to unload it + # so we can be sure it has the correct system name specified + # when we reload it again. + if grep -qw sclp_cpi /proc/modules 2>/dev/null; then + rmmod sclp_cpi + sleep 1 + fi + if grep -qw sclp_cpi /proc/modules 2>/dev/null; then + echo "Unable to unload the sclp_cpi kernel module." + exit 1 + fi + echo "Setting the LPAR name via the sclp_cpi module." + modprobe sclp_cpi system_name="$my_hostname" + if ! grep -qw sclp_cpi /proc/modules 2>/dev/null; then + echo "We were unable to load the sclp_cpi module to set the LPAR name." + exit 2 + fi + fi + ;; + kvm) + ;; + *) + echo "An unknown hypervisor, \"${hypervisor}\" was detected." + echo "Please report this to your support provider." + exit 3 + ;; +esac + +# +# Now let's check for any scripts that other packages may have provided +# to do specific things they need. The scripts must be marked executable +# and have a suffix indicating which hypervisor for which they are to be run. +# Currently that is one of: kvm, lpar, or zvm. +# E.g., 01-test.script.zvm would only be run if the system is a z/VM guest. +# + +for script in $(ls /lib/s390-tools/virtsetup/*.${hypervisor} 2>/dev/null) + do if [ -x "${script}" ]; then + echo "Executing ${script}..." + "${script}" + echo "Done." + echo + fi + done + +exit 0 diff --git a/vmlogrdr.service.opensuse b/vmlogrdr.service.opensuse new file mode 100644 index 0000000..8549e53 --- /dev/null +++ b/vmlogrdr.service.opensuse @@ -0,0 +1,15 @@ +[Unit] +Description=System startup script for the Linux - z/VM Log reader +After=network-online.target remote-fs.target +Wants=network-online.target remote-fs.target +ConditionPathExists=!/dev/vmlogrdr_LOGREC + +[Service] +Type=oneshot +RemainAfterExit=yes + +ExecStart=/usr/sbin/modprobe vmlogrdr +ExecStop=/usr/sbin/modprobe -r vmlogrdr + +[Install] +WantedBy=default.target diff --git a/vmlogrdr.service.suse b/vmlogrdr.service.suse new file mode 100644 index 0000000..6382b36 --- /dev/null +++ b/vmlogrdr.service.suse @@ -0,0 +1,15 @@ +[Unit] +Description=System startup script for the Linux - z/VM Log reader +After=network-online.target remote-fs.target +Wants=network-online.target remote-fs.target +ConditionPathExists=!/dev/vmlogrdr_LOGREC + +[Service] +Type=oneshot +RemainAfterExit=yes + +ExecStart=/sbin/modprobe vmlogrdr +ExecStop=/sbin/modprobe -r vmlogrdr + +[Install] +WantedBy=default.target diff --git a/xpram b/xpram new file mode 100644 index 0000000..7124e29 --- /dev/null +++ b/xpram @@ -0,0 +1,181 @@ +#! /bin/sh +# Copyright (c) 2004 SUSE LINUX AG Nuernberg, Germany. +# +# Submit feedback to http://www.suse.de/feedback/ +# +# System startup script for XPRAM device driver + +XPRAM_CONFIG_FILE=/etc/sysconfig/xpram + +read_config_file() { + if [ config_read = 1 ]; then + return 0 + fi + file=$XPRAM_CONFIG_FILE + + if [ -s "$file" ]; then + source $file + config_read=1 + else + echo -ne "Cannot read $file: empty or nonexistant! " + # Means not configured: + return 6 + fi +} + +prepare_xpram() { + if [ -z "$XPRAM_MNTPATH" -o -z "$XPRAM_DEVNODE" ]; then + echo -n "Cannot mkfs/mount XPRAM: Missing parameters! " + exit 6 + fi + grep -q $XPRAM_DEVNODE /proc/mounts 2>&1 > /dev/null + if [ $? -eq 0 ] ; then + echo -n "$service: $XPRAM_DEVNODE already mounted! " + return + fi + current_fstype=`vol_id -t $XPRAM_DEVNODE 2> /dev/null` + if [ $? -ne 0 -o "$XPRAM_FORCE" = "yes" ] + then +# Does not contain a valid filesystem/swap space + if [ "$XPRAM_FSTYPE" = swap ] + then + mkswap $XPRAM_DEVNODE + else + mkfs -t "$XPRAM_FSTYPE" -b 4096 "$XPRAM_DEVNODE" + fi + sleep 1 # workaround + current_fstype=$XPRAM_FSTYPE + fi + if [ ! "$current_fstype" = "$XPRAM_FSTYPE" ] + then + echo + echo -n "Warning: current filessystem and configured filesystem are not the same!" + exit 6 + fi + if [ "$XPRAM_FSTYPE" = swap ] + then + if [ "$XPRAM_SWAP_PRI" = "" ] + then + swapon $XPRAM_DEVNODE + else + swapon -p $XPRAM_SWAP_PRI $XPRAM_DEVNODE + fi + else + if [ ! -d "$XPRAM_MNTPATH" ] + then + mkdir -p "$XPRAM_MNTPATH" + fi + mount "$XPRAM_DEVNODE" "$XPRAM_MNTPATH" + if [ $? -ne 0 ] + then + echo -n "Mount failed with error code $?" + exit 6 + fi + fi +} + +# Return values acc. to LSB for all commands but status: +# 0 - success +# 1 - generic or unspecified error +# 2 - invalid or excess argument(s) +# 3 - unimplemented feature (e.g. "reload") +# 4 - insufficient privilege +# 5 - program is not installed +# 6 - program is not configured +# 7 - program is not running +# +# Note that starting an already running service, stopping +# or restarting a not-running service as well as the restart +# with force-reload (in case signalling is not supported) are +# considered a success. + +check_config () { + if [ -z "$XPRAM_MODULE" ]; then + echo -n "$file: parameters XPRAM_MODULE missing! " + exit 6 + fi +} + +quit_disabled() { + if [ "$XPRAM_START" != "yes" ]; then + # Config file exists but xpram not enabled, do not complain, + # but note with exit status 6 that we are not configured. + echo "xpram not enabled" + exit 0 + fi +} + +service="xpram" +case "$1" in + start) + # Read in configuration + read_config_file || exit 6 + + quit_disabled + check_config + + echo -n "Creating $service device " + modprobe "$XPRAM_MODULE" + if [ $? -ne 0 ]; then + echo -n "- failed to load $XPRAM_MODULE " + exit 1 + else + prepare_xpram + fi + + ;; + stop) + # Read in configuration + read_config_file || exit 6 + + # check_enabled + # quit_disabled + + echo -n "Removing $service device " + + check_config + + if [ "$XPRAM_DEVNODE" ]; then + if grep -q $XPRAM_DEVNODE /proc/mounts; then + umount $XPRAM_DEVNODE + fi + if swapon -s | grep -q $XPRAM_DEVNODE; then + swapoff $XPRAM_DEVNODE + fi + fi + + if grep -q "$XPRAM_MODULE" /proc/modules; then + rmmod "$XPRAM_MODULE" + else + exit 7 + fi + + ;; + status) + echo -n "Checking $service " + + # Status has a slightly different meaning for the status command: + # 0 - service running + # 1 - service dead, but /var/run/ pid file exists + # 3 - service not running + + # Read in configuration + read_config_file || exit 3 + + check_config + + lsmod | grep -q $XPRAM_MODULE + if [ $? -eq 0 ]; then + if [ "$XPRAM_DEVNODE" ]; then + if ! grep -q $XPRAM_DEVNODE /proc/mounts && ! swapon -s | grep -q $XPRAM_DEVNODE; then + xpram_result=3 + echo -n "loaded, but $XPRAM_DEVNODE not used" + exit 3 + fi + fi + else + exit 3 + fi + + ;; +esac diff --git a/xpram.service b/xpram.service new file mode 100644 index 0000000..7702d4f --- /dev/null +++ b/xpram.service @@ -0,0 +1,18 @@ +[Unit] +Description=Linux - z/VM Monitor Stream +After=network-online.target remote-fs.target +Wants=network-online.target remote-fs.target +ConditionPathExists=/proc/sys/appldata/interval +ConditionPathExists=!/var/lock/appldata + +[Service] +Type=oneshot +RemainAfterExit=yes +SuccessExitStatus=3 + +ExecStart=/usr/lib/systemd/scripts/xpram start +ExecStartPost=/usr/lib/systemd/scripts/xpram status +ExecStop=/usr/lib/systemd/scripts/xpram stop + +[Install] +WantedBy=default.target diff --git a/zfcp_disk_configure b/zfcp_disk_configure new file mode 100644 index 0000000..b11e014 --- /dev/null +++ b/zfcp_disk_configure @@ -0,0 +1,73 @@ +#!/bin/sh +# +# zfcp_disk_configure +# +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# +# Configures a zfcp-attached Logical Unit by calling the IBM-provided chzdev command. +# Whereas this script used to validate the parameters provided to it, +# we now rely on chzdev to do that instead. The script is intended only +# as a "translation layer" to provide backward compatability for older +# scripts and tools that invoke it. +# +# Usage: +# zfcp_disk_configure +# +# ccwid = x.y.ssss where +# x is always 0 until IBM creates something that uses that number +# y is the subchannel set ID (SSID). Most often +# this is 0, but it could be non-zero +# ssss is the four digit device address of the subchannel, in +# hexidecimal, with leading zeros. +# online = 0 to take the device offline +# 1 to bring the device online +# +# Return values: +# Return codes are determined by the chzdev command. +# + +mesg () { + echo "$@" +} + +debug_mesg () { + case "${DEBUG}" in + yes) mesg "$@" ;; + *) ;; + esac +} + +usage(){ + echo "Usage: ${0} " + echo " ccwid = x.y.ssss where" + echo " x is always 0 until IBM creates something that uses that number" + echo " y is the subchannel set ID (SSID). Most often" + echo " this is 0, but it could be non-zero" + echo " ssss is the four digit device address of the subchannel, in" + echo " hexidecimal, with leading zeros." + echo " online = 0 to take the device offline" + echo " 1 to bring the device online" +} + +if [ "${DEBUG}" != "yes" ]; then + DEBUG="no" +fi + +CCW_CHAN_ID=${1} +FCP_WWPN="${2}" +FCP_LUN="${3}" +ON_OFF=${4} +# normalise to lower case +FCP_WWPN=$(echo ${FCP_WWPN} | tr "A-Z" "a-z") +FCP_LUN=$(echo ${FCP_LUN} | tr "A-Z" "a-z") + +if [ "${ON_OFF}" == 0 ]; then + debug_mesg "chzdev -d zfcp-lun --no-root-update ${CCW_CHAN_ID}:${FCP_WWPN}:${FCP_LUN}" + chzdev -d zfcp-lun --no-root-update ${CCW_CHAN_ID}:${FCP_WWPN}:${FCP_LUN} +elif [ "${ON_OFF}" == 1 ]; then + debug_mesg "chzdev -e zfcp-lun --no-root-update ${CCW_CHAN_ID}:${FCP_WWPN}:${FCP_LUN}" + chzdev -e zfcp-lun --no-root-update ${CCW_CHAN_ID}:${FCP_WWPN}:${FCP_LUN} +else mesg "You must specify a 0 or a 1 for the online/offline attribute." + usage + exit 1 +fi diff --git a/zfcp_disk_configure.8 b/zfcp_disk_configure.8 new file mode 100644 index 0000000..61605f9 --- /dev/null +++ b/zfcp_disk_configure.8 @@ -0,0 +1,46 @@ +.TH zfcp_disk_configure "8" "February 2013" "s390-tools" +.SH NAME +zfcp_disk_configure \- Configures or deconfigures a zfcp-attached SCSI Logical Unit (LU). +.SH SYNOPSIS +.B zfcp_disk_configure ccwid wwpn lun online +.SH DESCRIPTION +.B zfcp_disk_configure +is intended to make it easy to persistently add and remove zfcp-attached SCSI Logical Units. In addition to bringing the LU online or offline, it will also create or delete the necessary udev rules for the LU. +.SH PARAMETERS +.IP ccwid +The device number of the zFCP adapter. Takes the form x.y.ssss where +.RS +.B x +is always 0 until IBM creates something that uses that number. +.RE +.RS +.B y +is the subchannel set ID (SSID). Most often this is 0, but it could be non-zero. +.RE +.RS +.B ssss +is the four digit device address of the subchannel, in hexidecimal, with leading zeros. If entered in upper/mixed case, this is automatically converted to lower case. +.RE +.IP wwpn +Is the World Wide Port Number of the storage array in which the LUN resides. This will be a 16 digit hexidecimal number of the form 0x0123456789abcdef. You must obtain this number from the administrator of the storage array. +.IP lun +Is the Logical Unit Number of the specific disk in the storage array. This will also be a 16 digit hexidecimal number of the form 0x0123456789abcdef. You must obtain this number from the administrator of the storage array. Be careful in that some storage array administrator interfaces disply the LUN in decimal, and must be converted to hexidecimal to be used in this command. +.IP online +Either a literal 1 to attach the LU or a literal 0 to detach the LU. +.SH FILES +Please see the documentation of +.B chzdev. +.RE +.SH ENVIRONMENT +.IP DEBUG +If set to "yes" some minimal debugging information is output during execution. +.SH DIAGNOSTICS +Messages and return codes are determined by the +.B chzdev +command. +If environment variable DEBUG is set to "yes," it shows the command line of the invoked +.B chzdev. +.SH BUGS +Gotta be some, I'm sure. If you find one, please open a bug report. +.SH SEE ALSO +zfcp_host_configure(8), zfcp_san_disc(8), chzdev(8) diff --git a/zfcp_host_configure b/zfcp_host_configure new file mode 100644 index 0000000..047560b --- /dev/null +++ b/zfcp_host_configure @@ -0,0 +1,95 @@ +#!/bin/sh +# +# zfcp_host_configure +# +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# +# Configures a zfcp host adapter by calling the IBM-provided chzdev command. +# Whereas this script used to validate the parameters provided to it, +# we now rely on chzdev to do that instead. The script is intended only +# as a "translation layer" to provide backward compatability for older +# scripts and tools that invoke it. +# +# +# Usage: +# zfcp_host_configure +# +# ccwid = x.y.ssss where +# x is always 0 until IBM creates something that uses that number +# y is the subchannel set ID (SSID). Most often +# this is 0, but it could be non-zero +# ssss is the four digit device address of the subchannel, in +# hexidecimal, with leading zeros. +# online = 0 to take the device offline +# 1 to bring the device online +# +# Return codes +# Return codes are determined by the chzdev command. +# + +mesg () { + echo "$@" +} + +debug_mesg () { + case "${DEBUG}" in + yes) mesg "$@" ;; + *) ;; + esac +} + +add_cio_channel() { + echo "$* # ${DATE}" >> /boot/zipl/active_devices.txt +} + +remove_cio_channel() { + [ -w /boot/zipl/active_devices.txt ] && sed -i -e "/^${1}/d" /boot/zipl/active_devices.txt +} + +usage(){ + echo "Usage: ${0} " + echo " ccwid = x.y.ssss where" + echo " x is always 0 until IBM creates something that uses that number" + echo " y is the subchannel set ID (SSID). Most often" + echo " this is 0, but it could be non-zero" + echo " ssss is the four digit device address of the subchannel, in" + echo " hexidecimal, with leading zeros." + echo " online = 0 to take the device offline" + echo " 1 to bring the device online" +} + +if [ "${DEBUG}" != "yes" ]; then + DEBUG="no" +fi + +DATE=$(date) + +CCW_CHAN_ID=${1} +ON_OFF=${2} + +if [ -z "${CCW_CHAN_ID}" ] || [ -z "${ON_OFF}" ]; then + mesg "You didn't specify all the needed parameters." + usage + exit 1 +fi + +if [ "${ON_OFF}" == 0 ]; then + debug_mesg "chzdev -d zfcp-host --no-root-update ${CCW_CHAN_ID}" + chzdev -d zfcp-host --no-root-update ${CCW_CHAN_ID} +elif [ "${ON_OFF}" == 1 ]; then + debug_mesg "chzdev -e zfcp-host --no-root-update ${CCW_CHAN_ID}" + chzdev -e zfcp-host --no-root-update ${CCW_CHAN_ID} +else mesg "You must specify a 0 or a 1 for the online/offline attribute." + usage + exit 1 +fi + +RC=${?} +if [ ${RC} -ne 0 ]; then + exit ${RC} +fi + +if [ ${ON_OFF} == 1 ]; then + add_cio_channel "${CCW_CHAN_ID}" +else remove_cio_channel "${CCW_CHAN_ID}" +fi diff --git a/zfcp_host_configure.8 b/zfcp_host_configure.8 new file mode 100644 index 0000000..b1d7b95 --- /dev/null +++ b/zfcp_host_configure.8 @@ -0,0 +1,42 @@ +.TH zfcp_host_configure "8" "February 2013" "s390-tools" +.SH NAME +zfcp_host_configure \- Configures or deconfigures a zFCP host bus adapter (HBA). +.SH SYNOPSIS +.B zfcp_host_configure ccwid online +.SH DESCRIPTION +.B zfcp_host_configure +is intended to make it easy to persistently add and remove IBM zFCP adapters. In addition to bringing the adapter online or offline, it will also create or delete the necessary udev rules for the adapter. +.SH PARAMETERS +.IP ccwid +The device number of the zFCP adapter. Takes the form x.y.ssss where +.RS +.B x +is always 0 until IBM creates something that uses that number. +.RE +.RS +.B y +is the subchannel set ID (SSID). Most often this is 0, but it could be non-zero. +.RE +.RS +.B ssss +is the four digit device address of the subchannel, in hexidecimal, with leading zeros. If entered in upper/mixed case, this is automatically converted to lower case. +.RE +.IP online +Either a literal 1 to bring the adapter online or a literal 0 to take it offline +.SH FILES +Please see the documentation of +.B chzdev. +.RE +.SH ENVIRONMENT +.IP DEBUG +If set to "yes" some minimal debugging information is output during execution. +.SH DIAGNOSTICS +Messages and return codes are determined by the +.B chzdev +command. +If environment variable DEBUG is set to "yes," it shows the command line of the invoked +.B chzdev. +.SH BUGS +Gotta be some, I'm sure. If you find one, please open a bug report. +.SH SEE ALSO +zfcp_disk_configure(8), zfcp_san_disc(8), chzdev(8) diff --git a/zfcp_san_disc b/zfcp_san_disc new file mode 100644 index 0000000..ec518e5 --- /dev/null +++ b/zfcp_san_disc @@ -0,0 +1,330 @@ +#!/bin/bash +# +# zfcp_san_disc +# +# Outputs a list of zFCP WWPNs or LUNs +# +# Usage: +# zfcp_san_disc [-h | -W | -L -p ] -b +# +# Return codes +# 1 zFCP sysfs directory not available +# 2 Invalid command line parameter +# 3 Too many commands used +# 4 Error retrieving HBA list +# 5 Bus ID not found +# 6 Error retrieving Port list +# 7 WWPN not found +# 8 Bus ID sysfs directory not available +# 9 WWPN sysfs directory not available/unable to add port to Bus ID +# 10 Error retrieving LUN list +# 11 HBA API device not available +# + +START_DIR=`pwd` +SCRIPT_NAME=`basename $0` +cd `dirname $0` +SCRIPT_DIR=`pwd` +cd "${START_DIR}" + +FCP_SYS_DIR='/sys/bus/ccw/drivers/zfcp' + +# Commands available +LIST_WWPN='-W' +LIST_LUN='-L' + +COMMAND='' +BUSID='' +WWPN='' + +echo_err() +{ + echo "$SCRIPT_NAME: $1" 1>&2 +} + +usage() +{ + echo "$0 [-h | $LIST_WWPN | $LIST_LUN -p ] -b " 1>&2 + echo 1>&2 + echo "Commands:" 1>&2 + echo " $LIST_WWPN List WWPNs for the given BUS_ID" 1>&2 + echo " $LIST_LUN List LUNs for the given BUS_ID and WWPN" 1>&2 + echo " -h This usage information" 1>&2 + echo "Options:" 1>&2 + echo " -b BUSID Bus ID to use for listing" 1>&2 + echo " -p WWPN WWPN to use for listing" 1>&2 +} + +list_lun() +{ + local PRINT_WWPN + local BUSID_DIR + local WWPN_DIR + local ADDED_PORT + +} + +deactivate() +{ + local ccw=$1 + + echo 0 > /sys/bus/ccw/devices/$ccw/online +} + +lun_remove() +{ + local syspath=$1 + local lun=$2 + + echo "$lun" > $syspath/unit_remove +} + +sg_remove() +{ + local sg=$1 + local sgnum + + sgnum=${sg#/dev/sg} + : deactivate /sys/class/scsi_generic/sg$sgnum/device/delete + echo 1 > /sys/class/scsi_generic/sg$sgnum/device/delete + udevadm settle +} + +while [ $# -gt 0 ] +do + case "$1" in + -b* ) + if [ "$1" == "-b" ] + then + shift + BUSID="$1" + else + BUSID="${1:2}" + fi + BUSID=`echo $BUSID | tr A-F a-f` + ;; + -p* ) + if [ "$1" == "-p" ] + then + shift + WWPN="$1" + else + WWPN="${1:2}" + fi + WWPN=`echo $WWPN | tr A-FX a-fx` + ;; + "$LIST_WWPN"|"$LIST_LUN" ) + if [ -z "$COMMAND" -o "$1" == "$COMMAND" ] + then + COMMAND=$1 + else + echo_err "You have already specified the $COMMAND command, and cannot use the $1 command also." + exit 3 + fi + ;; + -h ) + usage + exit 0 + ;; + * ) + usage + echo_err "Unknown command line parameter : $1" + exit 2 + ;; + esac + shift +done + +if [ -z "$BUSID" ] ; then + echo_err "No bus ID given" + exit 2 +fi + +if [ -z "$COMMAND" ] ; then + echo_err "Please specify either -W or -L" + exit 2 +fi + +if [ ! -d /sys/bus/ccw/devices/$BUSID ] ; then + echo_err "Unknown bus ID $BUSID" + exit 2 +fi + +read devtype < /sys/bus/ccw/devices/$BUSID/devtype +read cutype < /sys/bus/ccw/devices/$BUSID/cutype + +if [ "$cutype" != "1731/03" ] ; then + echo_err "Bus ID $BUSID is not an zfcp adapter" + exit 2 +fi + +if [ "$devtype" != "1732/03" -a "$devtype" != "1732/04" ] ; then + echo_err "Bus ID $BUSID is not an zfcp adapter" + exit 2 +fi + +# Now we're sure we're dealing with zfcp devices +if [ ! -d "$FCP_SYS_DIR" ] ; then + modprobe zfcp +fi + +[ "$COMMAND" == "$LIST_LUN" -a -z "$WWPN" ] && usage && exit 2 + +read online < /sys/bus/ccw/devices/$BUSID/online + +if [ "$online" != 1 ] ; then + # Activate adapter + echo 1 > /sys/bus/ccw/devices/$BUSID/online + read online < /sys/bus/ccw/devices/$BUSID/online + + if [ "$online" != 1 ] ; then + echo_err "Cannot activate zfcp adapter at $BUSID" + exit 2 + fi + trapcmd="deactivate $BUSID" + trap "$trapcmd" EXIT +fi + +for loop in 1 2 3 4 5 ; do + read status < /sys/bus/ccw/devices/$BUSID/status + (( $status & 0x10000000 )) && break; +done +read wwpn_status < /sys/bus/ccw/devices/$BUSID/status +if !(( $wwpn_status & 0x10000000 )) ; then + echo_err "Adapter activation failed, status $wwpn_status" + exit 3 +fi + +for host in /sys/bus/ccw/devices/$BUSID/host* ; do + if [ -d $host ] ; then + hba_num=${host##*host} + fi +done +if [ -z "$hba_num" ] ; then + echo_err "No SCSI host allocated" + exit 3 +fi + +if [ "$COMMAND" == "$LIST_WWPN" ] +then + for PRINT_WWPN in /sys/bus/ccw/devices/$BUSID/0x* + do + test -d $PRINT_WWPN && echo ${PRINT_WWPN##*/} + done + exit 0 +elif [ "$COMMAND" != "$LIST_LUN" ] +then + exit 1 +fi + +ERR=0 +read allow_lun_scan < /sys/module/zfcp/parameters/allow_lun_scan +if [ "$allow_lun_scan" = "Y" ] ; then + read port_type < /sys/class/fc_host/host${hba_num}/port_type + if [ "$port_type" = "NPIV VPORT" ] ; then + skip_activation=1 + fi +fi +if [ -z "$skip_activation" ] ; then + WWPN_DIR=/sys/bus/ccw/devices/$BUSID/$WWPN + if [ ! -d "${WWPN_DIR}" ] + then + echo_err "port $WWPN not found on zfcp $BUSID" + exit 9 + fi + + # Activate WLUN + if [ ! -d $WWPN_DIR/0xc101000000000000 ] ; then + echo 0xc101000000000000 > $WWPN_DIR/unit_add + orig_trapcmd="$trapcmd" + trapcmd="lun_remove $WWPN_DIR 0xc101000000000000; $trapcmd" + trap "$trapcmd" EXIT + activated=1 + + # Wait for udev to catch up + udevadm settle + sleep 1 + fi + # Find corresponding sg device + sgdev=$(lsscsi -t -g $hba_num:-:-:49409 | sed -n "s/.* fc:$WWPN.* \(\/dev\/sg[0-9]*\)[[:blank:]]*$/\1/p") + if [ -c "$sgdev" ] ; then + if sg_luns $sgdev > /dev/null 2>&1 ; then + LUN_LIST=`sg_luns $sgdev | sed -n 's/^ \(.*\)/\1/p'` + trapcmd="sg_remove $sgdev; $trapcmd" + trap "$trapcmd" EXIT + wlun=1 + else + wlun= + fi + fi + if [ -z "$wlun" ] ; then + if [ -n "$activated" ] ; then + trapcmd=$orig_trapcmd + trap "$trapcmd" EXIT + lun_remove $WWPN_DIR 0xc101000000000000 + activated= + fi + # Activate LUN 0 + if [ ! -d $WWPN_DIR/0x0000000000000000 ] ; then + echo 0 > $WWPN_DIR/unit_add + orig_trapcmd=$trapcmd + trapcmd="lun_remove $WWPN_DIR 0x0000000000000000; $trapcmd" + trap "$trapcmd" EXIT + activated=1 + # Wait for udev to catch up + udevadm settle + sleep 1 + fi + + # Find corresponding sg device + sgdev=$(lsscsi -t -g $hba_num:-:-:0 | sed -n "s/.* fc:$WWPN.* \(\/dev\/sg[^[:blank:]]*\)[[:blank:]]*$/\1/p") + if [ -c "$sgdev" ] ; then + if sg_luns $sgdev > /dev/null 2>&1 ; then + LUN_LIST=`sg_luns $sgdev | sed -n 's/^ \(.*\)/\1/p'` + fi + if [ -n "$activated" ] ; then + trapcmd="sg_remove $sgdev; $trapcmd" + trap "$trapcmd" EXIT + fi + else + echo_err "Unable to activate LUN 0" + trap "$trapcmd" EXIT + lun_remove $WWPN_DIR 0x0000000000000000 + activated= + sgdev= + ERR=10 + fi + fi + + for LUN in $LUN_LIST ; do + echo 0x$LUN + done + exit $ERR +else + for loop in 1 2 3 4 5 ; do + if [ -n "$(ls -d /sys/class/fc_remote_ports/rport-${hba_num}:* 2>/dev/null)" ] ; then + break + else + sleep 1 + fi + done + + if [ -z "$(ls -d /sys/class/fc_remote_ports/rport-${hba_num}:* 2>/dev/null)" ]; then + echo "The remote Fiber Channel port has not become available. Exiting" + exit 1 + fi + + for rport in /sys/class/fc_remote_ports/rport-${hba_num}:* ; do + [ -f ${rport}/port_name ] || continue + read port_name < ${rport}/port_name + if [ "$port_name" = "$WWPN" ] ; then + for t in ${rport}/device/target* ; do + [ -f ${t}/uevent ] || continue + targetid=${t#*target} + targetid=${targetid##*:} + break + done + fi + done + lsscsi -xx ${hba_num}:0:${targetid}:- | sed -n "s/\[${hba_num}:0:${targetid}:\(0x[0-9a-f]*\)\].*/\1/p" +fi diff --git a/zipl.conf b/zipl.conf new file mode 100644 index 0000000..ea77031 --- /dev/null +++ b/zipl.conf @@ -0,0 +1,31 @@ +# +# Example zipl.conf file +# + +[defaultboot] +default = linux + +[linux] +target = "/boot/zipl" +image = "/boot/kernel/image" +#ramdisk=/boot/initrd +parameters = "root=/dev/ram0 ro" + +[customized] +target = "/boot/zipl" +image = "/boot/kernel/image-customized" +parmfile = "/boot/kernel/parmfile-customized" + +[dumpdasd] +target = "/boot/zipl" +dumpto = "/dev/dasd??" + +[dumpzfcp] +target = "/boot/zipl" +dumptofs = "/dev/zfcp??" + +:menu1 +target = "/boot/zipl" +1 = linux +2 = customized +default = 1 diff --git a/zpxe.rexx b/zpxe.rexx new file mode 100644 index 0000000..d5b46d6 --- /dev/null +++ b/zpxe.rexx @@ -0,0 +1,528 @@ +/* zPXE: REXX PXE Client for System z + +zPXE is a PXE client used with Cobbler or a just a plain TFTP server. +It must be run under z/VM. zPXE uses TFTP to first download a +user-specific profile (if one exists), or a list of available profiles. +From the profile a specific kernel, initial RAMdisk, and PARM file are +then downloaded and these files are then punched to start the install +process. + +zPXE does not require a writeable 191 A disk. Files are downloaded to a +temporary disk (VDISK). + +zPXE can also IPL from a DASD volume by default. You can specify the +default DASD device in ZPXE CONF, as well as the hostname or IP address +of the Cobbler or TFTP server. +--- + +Copyright 2006-2009, Red Hat, Inc +Brad Hinson + +Copyright 2012, 2017, SUSE Linux, +Mark Post + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA +*/ + + +/* Set the default environment for "safety" reasons. */ +ADDRESS COMMAND + +/* Save the value of the trace state */ +tvar_o=trace() +tvar_c=tvar_o + +/* Was this script invoked with "debug" as one of the parameters? */ +debug=0 +if arg() then + do + parse upper arg uparg + do sub=1 to words(uparg) + if word(uparg,sub) = "DEBUG" then + do + debug=1; + trace i; + tvar_c=trace() + end; + else do /* This is a do/end in case we want to add to it later */ + trace e + tvar_c=trace() + end + end + end + +/* Set some defaults */ +/* These values are intended to be modified by the site using this */ +/* script to match their environment. */ +userid='' +server='' +iplDisk='' +server_def = 'internal.tftp.server' /* define default TFTP server */ +iplDisk_def = '150' /* define default IPL DASD */ +FM='T' /* Default file mode is T */ +profilelist = 'PROFILE LIST' FM /* Disk will be accessed as FM later */ +profiledetail = 'PROFILE DETAIL' FM +zpxeparm = 'ZPXE PARM' FM +zpxeconf = 'ZPXE CONF' FM +config = 'ZPXE CONF A' +seconds=10 /* The default amount of time to wait for console input */ + +workDiskType='VFB-512' +workDiskSize=200000 /* This is approximately 97MB of space. */ +/* For TDISK instead of VDISK, comment out the previous two lines and */ +/* uncomment the following two lines.*/ +/* workDisk='T3390' */ +/* workDiskSize=138 */ + +/* Make it possible to interrupt zPXE and to enter CMS no matter how + the guest was started, if there is a system-specific profile + or not, etc. +*/ +if debug then say 'Debugging, so we will skip the wait and just run.' +else do + say + say 'Enter a non-blank character and ENTER (or two ENTERs)', + 'within' seconds 'seconds to interrupt zPXE.' + ADDRESS CMS 'WAKEUP +00:'seconds '(CONS' +/* Check for the interrupt code */ + if rc = 6 then do + say 'Interrupt received: exiting to CMS...' + ADDRESS CMS 'DESBUF' /* Clear the stack */ + exit + end + end + +/* For translating strings to lowercase */ +lower = xrange('a','i')xrange('j','r')xrange('s','z') +upper = xrange('A','I')xrange('J','R')xrange('S','Z') + +/* Query user ID. This is used to determine: + 1. Whether a user-specific PXE profile exists. + 2. Whether user is disconnected. + The logic that gets followed will vary based on the results. +*/ +ADDRESS CMS 'QUERY USER' userid() '(STACK' +parse pull userid_def dash dsc +if dsc = 'DSC' then disconnected=1 /* user is disconnected */ +else disconnected=0 + +/* Yeah, this call to translate looks backward, but it's not. Sorry. */ +userid_def = translate(userid_def, lower, upper) + +/* Useful settings normally found in PROFILE EXEC */ +'CP SET RUN ON' +'CP SET PF11 RETRIEVE FORWARD' +'CP SET PF12 RETRIEVE' + +/* Useful setting for a script that may run unattended */ +'CP TERM HOLD OFF' + +/* We want to have a way to figure out what went wrong if something + isn't working. */ + +'CP SPOOL CONSOLE STOP CLOSE' /* Close any existing spooled console. */ +'CP SPOOL CONSOLE START' /* Start spooling the console for this run. */ + +if \ debug then ADDRESS CMS 'VMFCLEAR' /* clear screen */ + +/* The following two commands that were in the original script are */ +/* almost certainly not going to work for anyone that only has CP */ +/* privilege class G */ +/* 'set vdisk syslim infinite' */ +/* 'set vdisk userlim infinite' */ + +/* Define a temporary disk to store files and CMS FORMAT it */ +/* If your site doesn't allow this, but does allow TDISKs, change the */ +/* DEFINE command to T3390 instead */ +'CP SET EMSG OFF' +if \ debug then trace off +'CP DETACH FFFF' /* detach ffff if present */ +trace value tvar_c +'CP SET EMSG ON' +'CP DEFINE' workDiskType' AS FFFF' workDiskSize +queue '1' +queue 'tmpdsk' +if \ debug then /* If debug was not specified, then */ + ADDRESS CMS 'set cmstype ht' /* suppress format output */ +ADDRESS CMS 'format ffff' FM /* format VDISK as file mode FM */ +ADDRESS CMS 'set cmstype rt' /* Resume seeing command output */ +say 'DASD FFFF has been CMS formatted' + +/* Check for the ZPXE CONF A config file and use whatever is there in + preference over the defaults in this script */ +call GetZPXECONF + +/* For any values not found in ZPXE CONF A, or if it doesn't exist, use + the default values specified in this script. */ +if server = '' then do + say 'Setting TFTP server to 'server_def + server = server_def +end +if iplDisk = '' then do + say 'Setting IPL disk to default of 'iplDisk_def + iplDisk = iplDisk_def +end +if userid = '' then do + say 'Setting userid to default of 'userid_def + userid = userid_def +end + +/* Link to TCPMAINT's 592 disk for access to the TFTP command */ +say +ADDRESS CMS 'exec vmlink tcpmaint 592' + +say +say 'Connecting to server 'server /* print server name */ + +/* Check whether a user-specific PXE profile exists. */ +call GetTFTP '/s390x/s_'userid 'profile.detail.'FM +if lines(profiledetail) > 0 then call ProcessUserProfile +else do /* no user-specific profile was found */ + say 'No profile found for' userid + if disconnected then do /* user is disconnected */ + ADDRESS CMS 'release' FM '(detach' + ADDRESS CMS 'exec vmlink tcpmaint 592 ' + say 'User is disconnected. Booting from DASD 'iplDisk'...' + 'CP IPL' iplDisk + end + else call ProcessGenericProfiles /* user is interactive -> prompt */ +end /* no user-specific profile was found */ + +trace value tvar_o + +exit +/* */ +/* Subroutines called from the main script */ +/* */ + + +/* Procedure GetZPXECONF +*/ +GetZPXECONF: + +if lines(config) > 0 then do + say config "was found" + do while lines(config) > 0 + inputline = linein(config) + parse upper var inputline keyword value . + select + when (keyword = 'HOST') then do /* line is server hostname/IP */ + server = value + if server = '' then say config "didn't have an IP address for", + "the TFTP server." + else say ' Setting TFTP server to 'server + end + + when (keyword = 'IPLDISK') then do /* line is default IPL disk */ + iplDisk = value + if iplDisk = '' then say config "didn't have an IPL Disk parm." + else say ' Setting IPL disk to 'iplDisk + end + + otherwise do /* line is userid to use instead of the default */ + userid = translate(keyword,lower,upper) /* Still not backward */ + say ' Setting userid to 'userid + end + + end /* select */ + end /* do while lines(config) > 0 */ +end /* if lines(config) > 0 */ +return /* GetZPXECONF */ + + +/* Procedure ProcessUserProfile +*/ +ProcessUserProfile: + +say 'Profile for 'userid' found' +say +bootRc = ParseSystemRecord() /* parse file for boot action */ +if bootRc = 0 then do + say 'The profile said we should boot from local disk.' + ADDRESS CMS 'release' FM '(detach' + ADDRESS CMS 'exec vmlink tcpmaint 592 ' + say 'IPLing from' iplDisk + 'CP IPL' iplDisk /* boot from default DASD */ +end /* if bootRc = 0 */ +else do /* The profile should contain pointers to kernel, etc.*/ + abort=0 + + /* Get the user PARM file that contains network info */ + say 'Downloading parameter file [/s390x/s_'userid'_parm]...' + call GetTFTP '/s390x/s_'userid'_parm' 'zpxe.parm.'FM + if CheckDownload('s_'userid'_parm' zpxeparm) <> 0 then + abort=1 + + /* Get the user CONF file that currently isn't used for anything */ + say 'Downloading conf file [/s390x/s_'userid'_conf]...' + call GetTFTP '/s390x/s_'userid'_conf' 'zpxe.conf.'FM + if CheckDownload('s_'userid'_conf' zpxeconf) <> 0 then + abort=1 + + if abort then do + say 'Aborting PXE boot.' + exit 99 + end + + call DownloadBinaries /* download kernel and initrd */ + say 'Starting install...' + say + call PunchFiles /* punch files to begin install */ + exit +end /* he profile should contain pointers to kernel, etc */ + + +/* ProcessGenericProfiles +*/ +ProcessGenericProfiles: +/* Download the list of generic profiles available */ +say 'Downloading the profile list [/s390x/profile_list]...' +call GetTFTP '/s390x/profile_list' 'profile.list.'FM +if CheckDownload('profile_list' profilelist) <> 0 then do + say '** **' + say '** No profile list found **' + say '** Possible error connecting to server? **' + say '** **' + exit 99 +end + +/* Display a menu of the generic profiles */ +say +say 'zPXE MENU' +say '---------' + +/* Display one profile per line */ +do count = 1 by 1 while lines(profilelist) > 0 + inputline = linein(profilelist) + parse var inputline profile.count + say count'. 'profile.count +end + +/* Add two non-profile selections to the menu */ +say count'. Don''t continue, exit to CMS' +say +say +say 'Enter Choice -->' +say 'or press to boot from disk [DASD 'iplDisk']' + +parse pull answer . +select + when answer = count then do /* Exit to CMS was selected */ + say + say 'Exiting to CMS...' + exit + end + + when answer = '' then do /* IPL from default disk */ + ADDRESS CMS 'release' FM '(detach' + ADDRESS CMS 'exec vmlink tcpmaint 592 ' + say 'Booting from DASD 'iplDisk'...' + 'CP IPL' iplDisk + end + + when (answer > 0) & (answer < count) then do /* valid response */ + abort=0 + + say 'Downloading generic profile [/s390x/p_'profile.answer']...' + call GetTFTP '/s390x/p_'profile.answer 'profile.detail.'FM + if CheckDownload('p_'profile.answer profiledetail) <> 0 then + abort=1 + + say 'Downloading generic parameter file', + '[/s390x/p_'profile.answer'_parm]...' + call GetTFTP '/s390x/p_'profile.answer'_parm' 'zpxe.parm.'FM + if CheckDownload('p_'profile.answer'_parm' zpxeparm) <> 0 then + abort=1 + + say 'Downloading generic conf file', + '[/s390x/p_'profile.answer'_conf]...' + call GetTFTP '/s390x/p_'profile.answer'_conf' 'zpxe.conf.'FM + if CheckDownload('p_'profile.answer'_conf' zpxeconf) <> 0 then + abort=1 + + if abort then do + say 'Aborting PXE boot.' + exit 99 + end + +/* We have to add the HostIP parameter to the parm file, since that is + going to vary for each guest, so we can't hard-code it in the generic + profiles. We use the numeric part of the guest name, which starts in + column 6, after "LINUX". But we have to watch out for leading zeros, + since that will appear as an octal number to Linux. So, we use the + fact that Rexx/Regina doesn't care about leading zeros, but will + remove them when used in an arithmetic statement, such as follows. */ + lastoctet=substr(userid,6) + lastoctet=lastoctet+0 /* Adding a zero won't change the value */ + hostipparm=' HostIP=10.121.157.'lastoctet + call lineout zpxeparm, hostipparm + call lineout zpxeparm /* close the output file */ + + if \ debug then ADDRESS CMS 'VMFCLEAR' /* clear screen */ + say + say 'Using profile 'answer' ['profile.answer']' + say + call DownloadBinaries /* download kernel and initrd */ + + say 'Starting install...' + say + + call PunchFiles + + end /* valid response */ + + otherwise do /* The user entered something that wasn't in the list */ + say 'Invalid choice, exiting to CMS...' + exit + end + +end /* Select */ + + +/* Procedure GetTFTP + Use CMS TFTP client to download files + path: remote file location + filename: local file name + transfermode [optional]: 'ascii' or 'octet' +*/ +GetTFTP: + + parse arg path filename transfermode + + if transfermode <> '' then + queue 'mode' transfermode + + queue 'get 'path filename + queue 'quit' + + if \ debug then + ADDRESS CMS 'set cmstype ht' /* suppress TFTP output */ + + ADDRESS CMS 'tftp' server + ADDRESS CMS 'set cmstype rt' + +return /* GetTFTP */ + + +/* Procedure CheckDownload + TFTP is dumb, so you can't ever tell if a file was actually retrieved + or not from the return code. + path: The filename (including path) that was to be retrieved + via TFTP + filename: The local CMS filename that should have received it. +*/ +CheckDownload: + + parse arg path filename + if lines(filename) = 0 then do + say 'The' path 'file was not successfully retrieved' + return 99 + end + else return 0 + +/* End CheckDownload */ + + +/* Procedure DownloadBinaries + Download kernel and initial RAMdisk. Convert both + to fixed record length 80. +*/ +DownloadBinaries: + + inputline = linein(profiledetail) /* first line is kernel */ + parse var inputline kernelpath + if kernelpath = '' then do + say 'The path to the kernel is null. Aborting...' + exit 99 + end + say 'Downloading kernel ['kernelpath']...' + call GetTFTP kernelpath 'kernel.img.'FM octet + if CheckDownload(kernelpath kernel img FM) <> 0 then do + say 'Aborting PXE boot.' + exit 99 + end + + inputline = linein(profiledetail) /* second line is initrd */ + parse var inputline initrdpath + if initrdpath = '' then do + say 'The path to the initrd is null. Aborting...' + exit 99 + end + say 'Downloading initrd ['initrdpath']...' + call GetTFTP initrdpath 'initrd.img.'FM octet + if CheckDownload(initrdpath initrd img FM) <> 0 then do + say 'Aborting PXE boot.' + exit 99 + end + + inputline = linein(profiledetail) /* third line is kernel parms */ + parse var inputline kparms + if kparms <> '' then do /* If there are parms, add them to the end */ + call lineout zpxeparm, kparms /* add ks line to end of parm */ + call lineout zpxeparm /* close file */ + end + + /* Convert to fixed record length since they're going to be run + through the virtual card reader. */ + ADDRESS CMS 'pipe < KERNEL IMG 'FM' | fblock 80 00 | > KERNEL IMG' FM + ADDRESS CMS 'pipe < INITRD IMG 'FM' | fblock 80 00 | > INITRD IMG' FM + ADDRESS CMS 'pipe < ' zpxeparm ' | fblock 80 SPACE | > ' zpxeparm + +return /* DownloadBinaries */ + + +/* Procedure PunchFiles + Punch the kernel, initial RAMdisk, and PARM file. + Then IPL to start the install process. +*/ +PunchFiles: + + 'CP SPOOL PUNCH *' + 'CP CLOSE READER' + 'CP PURGE READER ALL' /* clear reader contents */ + + ADDRESS CMS 'punch kernel img' FM '( noheader' /* punch kernel */ + ADDRESS CMS 'punch zpxe parm' FM '( noheader' /* punch PARM file */ + ADDRESS CMS 'punch initrd img' FM '( noheader' /* punch initrd */ + ADDRESS CMS 'release' FM '(detach' /* release and detach the VDISK */ + ADDRESS CMS 'exec vmlink tcpmaint 592 ' /* and this disk */ + + 'CP CHANGE READER ALL KEEP NOHOLD' /* keep files in reader */ + 'CP IPL 00C CLEAR' /* IPL the reader */ + +return /* PunchFiles */ + + +/* Procedure ParseSystemRecord + Open system record file to look for local boot flag. + Return 0 if local flag found (guest will IPL default DASD). + Return 1 otherwise (guest will download kernel/initrd and install). +*/ +ParseSystemRecord: + + inputline = linein(profiledetail) /* get first line */ + parse var inputline systemaction . + /* Close the file to reset the read pointer to the beginning. Yes I + know that calling lineout to close a file seems weird, but it's + how Rexx/Regina works. */ + call lineout profiledetail + + if systemaction = 'local' then + return 0 + else + return 1 + +/* End ParseSystemRecord */