diff --git a/_service b/_service
index fbee1b9..4a4786b 100644
--- a/_service
+++ b/_service
@@ -2,10 +2,6 @@
s390-tools-2.29.0.tar.gz
zst
- s390-tools/rust/pv/Cargo.toml
- s390-tools/rust/pv/openssl_extentions/Cargo.toml
- s390-tools/rust/utils/Cargo.toml
- s390-tools/rust/pvsecret/Cargo.toml
true
diff --git a/read_values.c b/read_values.c
index 9ee5b92..d8da006 100644
--- a/read_values.c
+++ b/read_values.c
@@ -1,7 +1,7 @@
/********************************************************************************/
-/* */
-/* Copyright (C) 2014-2015, 2019-2023 SUSE LLC */
-/* */
+/* */
+/* Copyright (C) 2014-2015, 2019-2023 SUSE LLC */
+/* */
/* All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
@@ -37,9 +37,9 @@ enum datatypes {
#define WITHOUT_KEY 0
#define WITH_KEY 1
-static char *versionstring = "Version 1.0.3 2023-02-16 17:00";
+static char *versionstring = "Version 1.0.4 2023-12-17 06:58";
-static char *version = "1.0.3";
+static char *version = "1.0.4";
void *configuration_handle = NULL;
int layers = -1;
@@ -85,18 +85,18 @@ struct machinetype {
int debug = 0;
/******************************************************************************/
-/* */
-/* Print the program version */
-/* */
+/* */
+/* Print the program version */
+/* */
/******************************************************************************/
void print_version()
{
printf("Version: %s\n", version);
}
/******************************************************************************/
-/* */
-/* Look for one attribute and print it */
-/* */
+/* */
+/* Look for one attribute and print it */
+/* */
/******************************************************************************/
void print_attribute(char *user_string, int level, enum qc_attr_id attribute, enum datatypes type, int print_key)
{
@@ -121,7 +121,7 @@ float result_float = 0.0;
}
if (erg == 1) {
if (print_key == WITH_KEY) {
- printf("%s: ",(user_string == NULL? "NULL": user_string));
+ printf("%s : ",(user_string == NULL? "NULL": user_string));
} /* endif */
switch (type)
{
@@ -139,15 +139,22 @@ float result_float = 0.0;
}
} /* endif */
else {
- printf("Error: erg = %d, result_string = %s \n", erg, (result_string == NULL? "NULL": result_string));
+ if ( erg == 0 ) {
+ /* printf("%s : Attribute exists, but is not set. \n", (user_string == NULL? "NULL": user_string)); */
+ } /* endif */
+ else if ( erg < 0) {
+ printf("%s: An error occurred retrieving the attribute. Error: erg = %d, result_string = %s \n", user_string, erg, (result_string == NULL? "NULL": result_string));
+ } /* end else if */
+ /* */
/* TODO qc_get_attribute_string returned error */
+ /* */
}
} /* print_attribute */
/********************************************************************************/
-/* */
-/* Open the lib and get the handle */
-/* */
+/* */
+/* Open the lib and get the handle */
+/* */
/********************************************************************************/
int read_sysinfo()
{
@@ -175,10 +182,10 @@ int return_code;
} /* read_sysinfo */
/********************************************************************************/
-/* */
-/* Look at the type of machine we're running on and print out a user */
-/* friendly string */
-/* */
+/* */
+/* Look at the type of machine we're running on and print out a user */
+/* friendly string */
+/* */
/********************************************************************************/
void print_cputype()
{
@@ -217,26 +224,26 @@ Please file a bug report with this output:\n" , cpu_type);
} /* print_cputype */
/********************************************************************************/
-/* */
-/* Print out the values for SCC */
-/* */
-/* To uniquely identify a machine the following information is used: */
-/* */
-/* Type */
-/* Sequence code */
-/* CPUs total */
-/* CPUs IFL */
-/* LPAR Number */
-/* LPAR Characteristics: */
-/* LPAR CPUs */
-/* LPAR IFLs */
-/* */
-/* Optional: */
-/* */
-/* VM00 Name */
-/* VM00 Control Programm */
-/* VM00 CPUs */
-/* */
+/* */
+/* Print out the values for SCC */
+/* */
+/* To uniquely identify a machine the following information is used: */
+/* */
+/* Type */
+/* Sequence code */
+/* CPUs total */
+/* CPUs IFL */
+/* LPAR Number */
+/* LPAR Characteristics: */
+/* LPAR CPUs */
+/* LPAR IFLs */
+/* */
+/* Optional: */
+/* */
+/* VM00 Name */
+/* VM00 Control Programm */
+/* VM00 CPUs */
+/* */
/********************************************************************************/
void print_scc()
{
@@ -288,18 +295,18 @@ int check_model (const char *cpu) {
for ( i = 0; i < models; i++) {
- if ( !strcmp(cpu,types[i]) ) {
- return 1;
- };
+ if ( !strcmp(cpu,types[i]) ) {
+ return 1;
+ };
}
return 0;
} /* check_model */
/******************************************************************************/
-/* */
-/* print out whether secure boot is enabled */
-/* */
+/* */
+/* print out whether secure boot is enabled */
+/* */
/******************************************************************************/
void print_secure_mode()
{
@@ -308,6 +315,9 @@ int release_major;
int release_sub;
int release_minor;
const char *cpu_type = NULL;
+int cpu_okay = 0;
+int Layer = 0;
+int i = 0;
/*
* First we have to check whether we have the appropriate kernel Level (>= 5.3)
*/
@@ -346,35 +356,40 @@ struct utsname uts;
printf("Print_secure called\n");
#endif
/*
- * Only the following machines support secure boot: z14, z14 ZR1, z15, z16
+ * Only the following machines support secure boot:
+ * z14, z15, z16
* 3906, 3907, 8561, 8562, 3931, 3932
*/
erg = qc_get_attribute_string(configuration_handle, qc_type, 0, &cpu_type);
if (erg == 1 && cpu_type != NULL) {
-
- if ( !check_model(cpu_type) ) {
+ cpu_okay = check_model(cpu_type);
+ if ( cpu_okay == 0 ) {
goto return_does_not_exist;
} /* endif */
} /* endif */
- print_attribute("Secure mode on", 1, qc_has_secure, integer, WITH_KEY);
- print_attribute("Secure mode used", 1, qc_secure, integer, WITH_KEY);
+
+ for ( i = 0; i < 8; i++) {
+ erg = qc_get_attribute_int(configuration_handle, qc_layer_type_num, i, &Layer);
+ if (erg == 1) {
+ print_attribute("Secure mode on ", i, qc_has_secure, integer, WITH_KEY);
+ print_attribute("Secure mode used", i, qc_secure, integer, WITH_KEY);
+ } /* endif */
+ } /* endfor */
return;
return_does_not_exist:
/*
* Software or hardware does not support secure boot.
*/
- puts("Secure mode on: 0\nSecure mode used: 0");
+ puts("Secure mode on : 0\nSecure mode used : 0");
return;
} /* print_secure_mode */
/******************************************************************************/
-/* */
-/* print out the uuid for this machine */
-/* */
-/* */
-/* */
+/* */
+/* print out the uuid for this machine */
+/* */
/******************************************************************************/
int print_uuid()
{
@@ -417,9 +432,9 @@ int print_uuid()
} /* print_uuid */
/******************************************************************************/
-/* */
-/* print out the list of valid / found symbols */
-/* */
+/* */
+/* print out the list of valid / found symbols */
+/* */
/******************************************************************************/
void list(char * list_attribute_param)
{
@@ -427,9 +442,9 @@ return;
} /* list */
/******************************************************************************/
-/* */
-/* print out the requested attribute */
-/* */
+/* */
+/* print out the requested attribute */
+/* */
/******************************************************************************/
void print_user_attribute(char *key, char *attribute_param, int layer)
{
@@ -438,9 +453,9 @@ return;
/******************************************************************************/
-/* */
-/* Help Function */
-/* */
+/* */
+/* Help Function */
+/* */
/******************************************************************************/
void help()
{
@@ -470,9 +485,9 @@ Valid values for debug:\n\
} /* help */
/******************************************************************************/
-/* */
-/* Main */
-/* */
+/* */
+/* Main */
+/* */
/******************************************************************************/
int main(int argc, char **argv, char **envp)
{
@@ -569,7 +584,7 @@ void *configuration_handle_tmp = NULL;
fputs("Only one of the options a, c, L, s, S or u can be specified.\n",stderr);
return 1;
} /* endif */
- /* still not im[plemented thatfore set to zero */
+ /* still not implemented thatfore set to zero */
list_attr = print_attr = 0;
if (print_attr != 0) {
print_user_attribute(NULL, print_attribute_param, layers);
diff --git a/s390-tools-2.29.0.tar.gz b/s390-tools-2.29.0.tar.gz
deleted file mode 100644
index 95d81d9..0000000
--- a/s390-tools-2.29.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:849ff400dc6c1eb7eebe4aa3e7a4871721c25bcee6cfdd0535a056a038fd3ab0
-size 1950182
diff --git a/s390-tools-2.30.0.tar.gz b/s390-tools-2.30.0.tar.gz
new file mode 100644
index 0000000..94d0a3e
--- /dev/null
+++ b/s390-tools-2.30.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9e565701cc6df4808243027706ee0a76c5fc0c7f9aae0afce1479fd4ff68bcdf
+size 2007594
diff --git a/s390-tools-ALP-zdev-live.patch b/s390-tools-ALP-zdev-live.patch
index c9881d4..fee9f2b 100644
--- a/s390-tools-ALP-zdev-live.patch
+++ b/s390-tools-ALP-zdev-live.patch
@@ -5,10 +5,10 @@
zdev/dracut/Makefile | 15 ++++++++++--
4 files changed, 92 insertions(+), 2 deletions(-)
-Index: s390-tools-2.29.0/zdev/dracut/96zdev-live/module-setup.sh
+Index: s390-tools-2.30.0/zdev/dracut/96zdev-live/module-setup.sh
===================================================================
--- /dev/null
-+++ s390-tools-2.29.0/zdev/dracut/96zdev-live/module-setup.sh
++++ s390-tools-2.30.0/zdev/dracut/96zdev-live/module-setup.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
@@ -42,10 +42,10 @@ Index: s390-tools-2.29.0/zdev/dracut/96zdev-live/module-setup.sh
+ inst_hook cleanup 41 "$moddir/write-udev-live.sh"
+ inst_multiple chzdev
+}
-Index: s390-tools-2.29.0/zdev/dracut/96zdev-live/parse-zdev-live.sh
+Index: s390-tools-2.30.0/zdev/dracut/96zdev-live/parse-zdev-live.sh
===================================================================
--- /dev/null
-+++ s390-tools-2.29.0/zdev/dracut/96zdev-live/parse-zdev-live.sh
++++ s390-tools-2.30.0/zdev/dracut/96zdev-live/parse-zdev-live.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+#
@@ -83,10 +83,10 @@ Index: s390-tools-2.29.0/zdev/dracut/96zdev-live/parse-zdev-live.sh
+ fi
+done
+
-Index: s390-tools-2.29.0/zdev/dracut/96zdev-live/write-udev-live.sh
+Index: s390-tools-2.30.0/zdev/dracut/96zdev-live/write-udev-live.sh
===================================================================
--- /dev/null
-+++ s390-tools-2.29.0/zdev/dracut/96zdev-live/write-udev-live.sh
++++ s390-tools-2.30.0/zdev/dracut/96zdev-live/write-udev-live.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+#
@@ -99,10 +99,10 @@ Index: s390-tools-2.29.0/zdev/dracut/96zdev-live/write-udev-live.sh
+if [ -w /sysroot/etc/udev/rules.d ]; then
+ cp -p /etc/udev/rules.d/41-* /sysroot/etc/udev/rules.d
+fi
-Index: s390-tools-2.29.0/zdev/dracut/Makefile
+Index: s390-tools-2.30.0/zdev/dracut/Makefile
===================================================================
---- s390-tools-2.29.0.orig/zdev/dracut/Makefile
-+++ s390-tools-2.29.0/zdev/dracut/Makefile
+--- s390-tools-2.30.0.orig/zdev/dracut/Makefile
++++ s390-tools-2.30.0/zdev/dracut/Makefile
@@ -3,17 +3,23 @@ include ../../common.mak
ZDEVDIR := 95zdev
@@ -137,5 +137,5 @@ Index: s390-tools-2.29.0/zdev/dracut/Makefile
+ $(INSTALL) -m 755 $(ZDEVLIVEDIR)/module-setup.sh \
+ $(ZDEVLIVEDIR)/parse-zdev-live.sh \
+ $(ZDEVLIVEDIR)/write-udev-live.sh \
-+ $(DESTDIR)$(DRACUTMODDIR)/$(ZDEVLIVEDIR)/
++ $(DESTDIR)$(DRACUTMODDIR)/$(ZDEVLIVEDIR)/
endif
diff --git a/s390-tools-sles12-create-filesystem-links.patch b/s390-tools-sles12-create-filesystem-links.patch
index d2482d0..420bc92 100644
--- a/s390-tools-sles12-create-filesystem-links.patch
+++ b/s390-tools-sles12-create-filesystem-links.patch
@@ -1,7 +1,7 @@
-Index: s390-tools-2.29.0/etc/udev/rules.d/59-dasd.rules
+Index: s390-tools-2.30.0/etc/udev/rules.d/59-dasd.rules
===================================================================
---- s390-tools-2.29.0.orig/etc/udev/rules.d/59-dasd.rules
-+++ s390-tools-2.29.0/etc/udev/rules.d/59-dasd.rules
+--- s390-tools-2.30.0.orig/etc/udev/rules.d/59-dasd.rules
++++ s390-tools-2.30.0/etc/udev/rules.d/59-dasd.rules
@@ -15,7 +15,7 @@ KERNEL=="dasd*[!0-9]", ENV{ID_XUID}=="?*
LABEL="dasd_block_end"
diff --git a/s390-tools-sles12-fdasd-skip-partition-check-and-BLKRRPART-ioctl.patch b/s390-tools-sles12-fdasd-skip-partition-check-and-BLKRRPART-ioctl.patch
index 1a47183..1b55c37 100644
--- a/s390-tools-sles12-fdasd-skip-partition-check-and-BLKRRPART-ioctl.patch
+++ b/s390-tools-sles12-fdasd-skip-partition-check-and-BLKRRPART-ioctl.patch
@@ -15,10 +15,10 @@ Signed-off-by: Hannes Reinecke
fdasd/fdasd.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
-Index: s390-tools-2.29.0/fdasd/fdasd.c
+Index: s390-tools-2.30.0/fdasd/fdasd.c
===================================================================
---- s390-tools-2.29.0.orig/fdasd/fdasd.c
-+++ s390-tools-2.29.0/fdasd/fdasd.c
+--- s390-tools-2.30.0.orig/fdasd/fdasd.c
++++ s390-tools-2.30.0/fdasd/fdasd.c
@@ -1231,10 +1231,12 @@ static int fdasd_get_volser(fdasd_anchor
*/
static void fdasd_reread_partition_table(fdasd_anchor_t *anc)
diff --git a/s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.suse b/s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.suse
index 7e766e8..ca35bee 100644
--- a/s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.suse
+++ b/s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.suse
@@ -13,10 +13,10 @@ Signed-off-by: Robert Milasan
etc/udev/rules.d/59-dasd.rules | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
-Index: s390-tools-2.29.0/etc/udev/rules.d/59-dasd.rules
+Index: s390-tools-2.30.0/etc/udev/rules.d/59-dasd.rules
===================================================================
---- s390-tools-2.29.0.orig/etc/udev/rules.d/59-dasd.rules
-+++ s390-tools-2.29.0/etc/udev/rules.d/59-dasd.rules
+--- s390-tools-2.30.0.orig/etc/udev/rules.d/59-dasd.rules
++++ s390-tools-2.30.0/etc/udev/rules.d/59-dasd.rules
@@ -6,7 +6,7 @@
SUBSYSTEM!="block", GOTO="dasd_symlinks_end"
KERNEL!="dasd*", GOTO="dasd_symlinks_end"
diff --git a/s390-tools-sles12-zipl_boot_msg.patch b/s390-tools-sles12-zipl_boot_msg.patch
index ec70cf5..fc2ddfc 100644
--- a/s390-tools-sles12-zipl_boot_msg.patch
+++ b/s390-tools-sles12-zipl_boot_msg.patch
@@ -1,7 +1,7 @@
-Index: s390-tools-2.29.0/zipl/boot/menu.c
+Index: s390-tools-2.30.0/zipl/boot/menu.c
===================================================================
---- s390-tools-2.29.0.orig/zipl/boot/menu.c
-+++ s390-tools-2.29.0/zipl/boot/menu.c
+--- s390-tools-2.30.0.orig/zipl/boot/menu.c
++++ s390-tools-2.30.0/zipl/boot/menu.c
@@ -168,8 +168,11 @@ int menu(void)
/* print config list */
menu_list();
diff --git a/s390-tools-sles15-sysconfig-compatible-dumpconf.patch b/s390-tools-sles15-sysconfig-compatible-dumpconf.patch
index 1392e38..49cd4ab 100644
--- a/s390-tools-sles15-sysconfig-compatible-dumpconf.patch
+++ b/s390-tools-sles15-sysconfig-compatible-dumpconf.patch
@@ -1,7 +1,7 @@
-Index: s390-tools-2.29.0/etc/sysconfig/dumpconf
+Index: s390-tools-2.30.0/etc/sysconfig/dumpconf
===================================================================
---- s390-tools-2.29.0.orig/etc/sysconfig/dumpconf
-+++ s390-tools-2.29.0/etc/sysconfig/dumpconf
+--- s390-tools-2.30.0.orig/etc/sysconfig/dumpconf
++++ s390-tools-2.30.0/etc/sysconfig/dumpconf
@@ -1,71 +1,137 @@
+## Path: System/Dumpconf
+## Description: Configures the actions which should be performed after a kernel panic
diff --git a/s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch b/s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch
index 0572a92..d8b4a57 100644
--- a/s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch
+++ b/s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch
@@ -35,10 +35,10 @@ Signed-off-by: Peter Oberparleiter
zdev/src/zdev-root-update.dracut | 6 ------
1 file changed, 6 deletions(-)
-Index: s390-tools-2.29.0/zdev/src/zdev-root-update.dracut
+Index: s390-tools-2.30.0/zdev/src/zdev-root-update.dracut
===================================================================
---- s390-tools-2.29.0.orig/zdev/src/zdev-root-update.dracut
-+++ s390-tools-2.29.0/zdev/src/zdev-root-update.dracut
+--- s390-tools-2.30.0.orig/zdev/src/zdev-root-update.dracut
++++ s390-tools-2.30.0/zdev/src/zdev-root-update.dracut
@@ -20,10 +20,4 @@ dracut -f || {
exit 1
}
diff --git a/s390-tools-sles15sp3-Allow-multiple-device-arguments.patch b/s390-tools-sles15sp3-Allow-multiple-device-arguments.patch
index 172bc89..9f8c579 100644
--- a/s390-tools-sles15sp3-Allow-multiple-device-arguments.patch
+++ b/s390-tools-sles15sp3-Allow-multiple-device-arguments.patch
@@ -11,10 +11,10 @@ Signed-off-by: Hannes Reinecke
dasdfmt/dasdfmt.c | 175 ++++++++++++++++++++++++++++++------------------------
2 files changed, 100 insertions(+), 80 deletions(-)
-Index: s390-tools-2.29.0/dasdfmt/dasdfmt.8
+Index: s390-tools-2.30.0/dasdfmt/dasdfmt.8
===================================================================
---- s390-tools-2.29.0.orig/dasdfmt/dasdfmt.8
-+++ s390-tools-2.29.0/dasdfmt/dasdfmt.8
+--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.8
++++ s390-tools-2.30.0/dasdfmt/dasdfmt.8
@@ -11,14 +11,15 @@ dasdfmt \- formatting of DASD (ECKD) dis
.br
[-r \fIcylinder\fR] [-b \fIblksize\fR] [-l \fIvolser\fR] [-d \fIlayout\fR]
@@ -25,18 +25,18 @@ Index: s390-tools-2.29.0/dasdfmt/dasdfmt.8
.SH DESCRIPTION
-\fBdasdfmt\fR formats a DASD (ECKD) disk drive to prepare it
+\fBdasdfmt\fR formats one or several DASD (ECKD) disk drive to prepare it
- for usage with Linux for S/390.
+ for usage with Linux for S/390.
The \fIdevice\fR is the node of the device (e.g. '/dev/dasda').
- Any device node created by udev for kernel 2.6 can be used
+ Any device node created by udev for kernel 2.6 can be used
(e.g. '/dev/dasd/0.0.b100/disc').
+It is possible to specify up to 512 devices.
.br
- \fBWARNING\fR: Careless usage of \fBdasdfmt\fR can result in
-Index: s390-tools-2.29.0/dasdfmt/dasdfmt.c
+ \fBWARNING\fR: Careless usage of \fBdasdfmt\fR can result in
+Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
===================================================================
---- s390-tools-2.29.0.orig/dasdfmt/dasdfmt.c
-+++ s390-tools-2.29.0/dasdfmt/dasdfmt.c
+--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.c
++++ s390-tools-2.30.0/dasdfmt/dasdfmt.c
@@ -25,6 +25,8 @@
#include "dasdfmt.h"
@@ -461,7 +461,7 @@ Index: s390-tools-2.29.0/dasdfmt/dasdfmt.c
+ for (i = 0; i < numdev; i++)
+ {
+ strncpy(g.dev_path, g.dev_path_array[i], strlen(g.dev_path_array[i])+1);
-+ strncpy(g.dev_node, g.dev_node_array[i], strlen(g.dev_node_array[i])+1);
++ strncpy(g.dev_node, g.dev_node_array[i], strlen(g.dev_node_array[i])+1);
+ process_dasd(&vlabel, format_params);
+ }
diff --git a/s390-tools-sles15sp3-Format-devices-in-parallel.patch b/s390-tools-sles15sp3-Format-devices-in-parallel.patch
index 01ef6ff..ab53115 100644
--- a/s390-tools-sles15sp3-Format-devices-in-parallel.patch
+++ b/s390-tools-sles15sp3-Format-devices-in-parallel.patch
@@ -12,10 +12,10 @@ Signed-off-by: Hannes Reinecke
dasdfmt/dasdfmt.h | 1 +
3 files changed, 58 insertions(+), 9 deletions(-)
-Index: s390-tools-2.29.0/dasdfmt/dasdfmt.8
+Index: s390-tools-2.30.0/dasdfmt/dasdfmt.8
===================================================================
---- s390-tools-2.29.0.orig/dasdfmt/dasdfmt.8
-+++ s390-tools-2.29.0/dasdfmt/dasdfmt.8
+--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.8
++++ s390-tools-2.30.0/dasdfmt/dasdfmt.8
@@ -7,7 +7,7 @@
dasdfmt \- formatting of DASD (ECKD) disk drives.
@@ -51,12 +51,12 @@ Index: s390-tools-2.29.0/dasdfmt/dasdfmt.8
+
+.TP
\fB-l\fR \fIvolser\fR or \fB--label\fR=\fIvolser\fR
- Specify the volume serial number or volume identifier to be written
- to disk after formatting. If no label is specified, a sensible default
-Index: s390-tools-2.29.0/dasdfmt/dasdfmt.c
+ Specify the volume serial number or volume identifier to be written
+ to disk after formatting. If no label is specified, a sensible default
+Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
===================================================================
---- s390-tools-2.29.0.orig/dasdfmt/dasdfmt.c
-+++ s390-tools-2.29.0/dasdfmt/dasdfmt.c
+--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.c
++++ s390-tools-2.30.0/dasdfmt/dasdfmt.c
@@ -13,6 +13,7 @@
#include
#include
@@ -142,7 +142,7 @@ Index: s390-tools-2.29.0/dasdfmt/dasdfmt.c
- for (i = 0; i < numdev; i++)
- {
- strncpy(g.dev_path, g.dev_path_array[i], strlen(g.dev_path_array[i])+1);
-- strncpy(g.dev_node, g.dev_node_array[i], strlen(g.dev_node_array[i])+1);
+- strncpy(g.dev_node, g.dev_node_array[i], strlen(g.dev_node_array[i])+1);
- process_dasd(&vlabel, format_params);
+ for (numproc = 0; numproc < numdev; numproc++) {
+ chpid = fork();
diff --git a/s390-tools-sles15sp3-Implement-Y-yast_mode.patch b/s390-tools-sles15sp3-Implement-Y-yast_mode.patch
index 5e6473f..ac0d6c5 100644
--- a/s390-tools-sles15sp3-Implement-Y-yast_mode.patch
+++ b/s390-tools-sles15sp3-Implement-Y-yast_mode.patch
@@ -12,10 +12,10 @@ Signed-off-by: Hannes Reinecke
dasdfmt/dasdfmt.h | 1 +
3 files changed, 27 insertions(+), 8 deletions(-)
-Index: s390-tools-2.29.0/dasdfmt/dasdfmt.8
+Index: s390-tools-2.30.0/dasdfmt/dasdfmt.8
===================================================================
---- s390-tools-2.29.0.orig/dasdfmt/dasdfmt.8
-+++ s390-tools-2.29.0/dasdfmt/dasdfmt.8
+--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.8
++++ s390-tools-2.30.0/dasdfmt/dasdfmt.8
@@ -7,7 +7,7 @@
dasdfmt \- formatting of DASD (ECKD) disk drives.
@@ -37,10 +37,10 @@ Index: s390-tools-2.29.0/dasdfmt/dasdfmt.8
\fB-M\fR \fImode\fR or \fB--mode\fR=\fImode\fR
Specify the \fImode\fR to be used to format the device. Valid modes are:
.RS
-Index: s390-tools-2.29.0/dasdfmt/dasdfmt.c
+Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
===================================================================
---- s390-tools-2.29.0.orig/dasdfmt/dasdfmt.c
-+++ s390-tools-2.29.0/dasdfmt/dasdfmt.c
+--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.c
++++ s390-tools-2.30.0/dasdfmt/dasdfmt.c
@@ -83,6 +83,7 @@ static struct dasdfmt_globals {
int ese;
int no_discard;
diff --git a/s390-tools-sles15sp3-Implement-f-for-backwards-compability.patch b/s390-tools-sles15sp3-Implement-f-for-backwards-compability.patch
index 602d9f0..ae8ced6 100644
--- a/s390-tools-sles15sp3-Implement-f-for-backwards-compability.patch
+++ b/s390-tools-sles15sp3-Implement-f-for-backwards-compability.patch
@@ -13,10 +13,10 @@ Signed-off-by: Hannes Reinecke
dasdfmt/dasdfmt.c | 8 ++++++++
2 files changed, 13 insertions(+), 1 deletion(-)
-Index: s390-tools-2.29.0/dasdfmt/dasdfmt.8
+Index: s390-tools-2.30.0/dasdfmt/dasdfmt.8
===================================================================
---- s390-tools-2.29.0.orig/dasdfmt/dasdfmt.8
-+++ s390-tools-2.29.0/dasdfmt/dasdfmt.8
+--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.8
++++ s390-tools-2.30.0/dasdfmt/dasdfmt.8
@@ -11,7 +11,7 @@ dasdfmt \- formatting of DASD (ECKD) dis
.br
[-r \fIcylinder\fR] [-b \fIblksize\fR] [-l \fIvolser\fR] [-d \fIlayout\fR]
@@ -34,13 +34,13 @@ Index: s390-tools-2.29.0/dasdfmt/dasdfmt.8
+Specify device to format. For backwards compability only.
+
+.TP
- \fB-y\fR
+ \fB-y\fR
Start formatting without further user-confirmation.
-Index: s390-tools-2.29.0/dasdfmt/dasdfmt.c
+Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
===================================================================
---- s390-tools-2.29.0.orig/dasdfmt/dasdfmt.c
-+++ s390-tools-2.29.0/dasdfmt/dasdfmt.c
+--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.c
++++ s390-tools-2.30.0/dasdfmt/dasdfmt.c
@@ -113,6 +113,10 @@ static struct util_opt opt_vec[] = {
.desc = "Format devices in parallel",
.flags = UTIL_OPT_FLAG_NOLONG,
diff --git a/s390-tools-sles15sp3-dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch b/s390-tools-sles15sp3-dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch
index 2899e21..f66ffc1 100644
--- a/s390-tools-sles15sp3-dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch
+++ b/s390-tools-sles15sp3-dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch
@@ -19,10 +19,10 @@ Signed-off-by: Hannes Reinecke
dasdfmt/dasdfmt.c | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
-Index: s390-tools-2.29.0/dasdfmt/dasdfmt.c
+Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c
===================================================================
---- s390-tools-2.29.0.orig/dasdfmt/dasdfmt.c
-+++ s390-tools-2.29.0/dasdfmt/dasdfmt.c
+--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.c
++++ s390-tools-2.30.0/dasdfmt/dasdfmt.c
@@ -621,7 +621,7 @@ static void check_layout(unsigned int in
*/
static void check_disk(void)
diff --git a/s390-tools-sles15sp5-remove-no-pie-link-arguments.patch b/s390-tools-sles15sp5-remove-no-pie-link-arguments.patch
index 0c155d9..22cbbb8 100644
--- a/s390-tools-sles15sp5-remove-no-pie-link-arguments.patch
+++ b/s390-tools-sles15sp5-remove-no-pie-link-arguments.patch
@@ -1,7 +1,7 @@
-Index: s390-tools-2.29.0/common.mak
+Index: s390-tools-2.30.0/common.mak
===================================================================
---- s390-tools-2.29.0.orig/common.mak
-+++ s390-tools-2.29.0/common.mak
+--- s390-tools-2.30.0.orig/common.mak
++++ s390-tools-2.30.0/common.mak
@@ -338,8 +338,8 @@ export INSTALL CFLAGS CXXFLAGS \
LDFLAGS CPPFLAGS ALL_CFLAGS ALL_CXXFLAGS ALL_LDFLAGS ALL_CPPFLAGS
diff --git a/s390-tools-sles15sp6-zkey-Support-EP11-AES-keys-with-prepended-header-to-.patch b/s390-tools-sles15sp6-zkey-Support-EP11-AES-keys-with-prepended-header-to-.patch
deleted file mode 100644
index a36ac96..0000000
--- a/s390-tools-sles15sp6-zkey-Support-EP11-AES-keys-with-prepended-header-to-.patch
+++ /dev/null
@@ -1,691 +0,0 @@
----
- zkey/ep11.c | 48 +++++++++++-----
- zkey/keystore.c | 4 +
- zkey/kmip/zkey-kmip.c | 74 +++++++++++++++++++++----
- zkey/kms.c | 9 ++-
- zkey/pkey.c | 141 +++++++++++++++++++++++++++++++++++++++++++++++--
- zkey/pkey.h | 45 +++++++++++----
- zkey/zkey-cryptsetup.c | 15 ++++-
- zkey/zkey.c | 8 ++
- 8 files changed, 294 insertions(+), 50 deletions(-)
-
---- a/zkey/ep11.c
-+++ b/zkey/ep11.c
-@@ -365,8 +365,9 @@ int select_ep11_apqn_by_mkvp(struct ep11
- * @param[in] target the target handle to use for the re-encipher operation
- * @param[in] card the card that corresponds to the target handle
- * @param[in] domain the domain that corresponds to the target handle
-- * @param[in/out] ep11key the EP11 key token to reencipher. The re-enciphered
-- * secure key will be returned in this buffer.
-+ * @param[in/out] ep11key_blob the EP11 key token to reencipher. The
-+ * re-enciphered secure key will be returned in this
-+ * buffer.
- * @param[in] ep11key_size the size of the secure key
- * @param[in] verbose if true, verbose messages are printed
- *
-@@ -374,21 +375,29 @@ int select_ep11_apqn_by_mkvp(struct ep11
- */
- static int ep11_adm_reencrypt(struct ep11_lib *ep11, target_t target,
- unsigned int card, unsigned int domain,
-- struct ep11keytoken *ep11key,
-+ u8 *ep11key_blob,
- unsigned int ep11key_size, bool verbose)
- {
-+ struct ep11kblob_header *hdr = (struct ep11kblob_header *)ep11key_blob;
-+ struct ep11keytoken *ep11key;
- CK_BYTE resp[MAX_BLOBSIZE];
- CK_BYTE req[MAX_BLOBSIZE];
-- char ep11_token_header[sizeof(ep11key->head)];
-+ char ep11_token_header[sizeof(ep11key->head)] = { 0 };
- struct XCPadmresp lrb;
- struct XCPadmresp rb;
-+ bool with_header;
- size_t resp_len;
- size_t blob_len;
- long req_len;
- CK_RV rv;
- int rc;
-
-- blob_len = ep11key->head.length;
-+ with_header = is_ep11_aes_key_with_header(ep11key_blob, ep11key_size);
-+ ep11key = (struct ep11keytoken *)(with_header ?
-+ ep11key_blob + sizeof(struct ep11kblob_header) :
-+ ep11key_blob);
-+ blob_len = with_header ? hdr->len - sizeof(struct ep11kblob_header) :
-+ ep11key->head.len;
- if (blob_len > ep11key_size) {
- pr_verbose(verbose, "Blob length larger than secure key size");
- return -EINVAL;
-@@ -397,9 +406,14 @@ static int ep11_adm_reencrypt(struct ep1
- rb.domain = domain;
- lrb.domain = domain;
-
-- /* The token header is an overlay over the (all zero) session field */
-- memcpy(ep11_token_header, ep11key, sizeof(ep11_token_header));
-- memset(ep11key->session, 0, sizeof(ep11key->session));
-+ if (!with_header) {
-+ /*
-+ * The token header is an overlay over the (all zero) session
-+ * field
-+ */
-+ memcpy(ep11_token_header, ep11key, sizeof(ep11_token_header));
-+ memset(ep11key->session, 0, sizeof(ep11key->session));
-+ }
-
- resp_len = sizeof(resp);
- req_len = ep11->dll_xcpa_cmdblock(req, sizeof(req), XCP_ADM_REENCRYPT,
-@@ -446,7 +460,8 @@ static int ep11_adm_reencrypt(struct ep1
- }
-
- memcpy(ep11key, lrb.payload, blob_len);
-- memcpy(ep11key, ep11_token_header, sizeof(ep11_token_header));
-+ if (!with_header)
-+ memcpy(ep11key, ep11_token_header, sizeof(ep11_token_header));
-
- return 0;
- }
-@@ -469,7 +484,6 @@ int reencipher_ep11_key(struct ep11_lib
- unsigned int card, unsigned int domain, u8 *secure_key,
- unsigned int secure_key_size, bool verbose)
- {
-- struct ep11keytoken *ep11key = (struct ep11keytoken *)secure_key;
- CK_IBM_DOMAIN_INFO dinf;
- CK_ULONG dinf_len = sizeof(dinf);
- CK_RV rv;
-@@ -493,17 +507,21 @@ int reencipher_ep11_key(struct ep11_lib
- return -ENODEV;
- }
-
-- rc = ep11_adm_reencrypt(ep11, target, card, domain, ep11key,
-+ rc = ep11_adm_reencrypt(ep11, target, card, domain, secure_key,
- secure_key_size, verbose);
- if (rc != 0)
- return rc;
-
- if (is_xts_key(secure_key, secure_key_size)) {
-- secure_key += EP11_KEY_SIZE;
-- secure_key_size -= EP11_KEY_SIZE;
-- ep11key = (struct ep11keytoken *)secure_key;
-+ if (is_ep11_aes_key_with_header(secure_key, secure_key_size)) {
-+ secure_key += EP11_AES_KEY_SIZE;
-+ secure_key_size -= EP11_AES_KEY_SIZE;
-+ } else {
-+ secure_key += EP11_KEY_SIZE;
-+ secure_key_size -= EP11_KEY_SIZE;
-+ }
-
-- rc = ep11_adm_reencrypt(ep11, target, card, domain, ep11key,
-+ rc = ep11_adm_reencrypt(ep11, target, card, domain, secure_key,
- secure_key_size, verbose);
- if (rc != 0)
- return rc;
---- a/zkey/keystore.c
-+++ b/zkey/keystore.c
-@@ -3398,7 +3398,9 @@ static int _keystore_perform_reencipher(
- "CURRENT master key", name);
- if (!selected &&
- !is_ep11_aes_key(secure_key,
-- secure_key_size))
-+ secure_key_size) &&
-+ !is_ep11_aes_key_with_header(secure_key,
-+ secure_key_size))
- print_msg_for_cca_envvars(
- "secure AES key");
- }
---- a/zkey/kmip/zkey-kmip.c
-+++ b/zkey/kmip/zkey-kmip.c
-@@ -5278,9 +5278,11 @@ static int _ep11_unwrap_key_rsa(struct p
- m_UnwrapKey_t dll_m_UnwrapKey;
- const unsigned char *key_blob;
- struct ep11keytoken *ep11key;
-+ struct ep11kblob_header *hdr;
- CK_MECHANISM mech = { 0 };
- CK_BYTE csum[7] = { 0 };
- CK_BBOOL ck_true = true;
-+ int pkey_fd, rc;
- CK_RV rv;
-
- CK_ATTRIBUTE template[] = {
-@@ -5306,7 +5308,8 @@ static int _ep11_unwrap_key_rsa(struct p
- pr_verbose(&ph->pd, "Wrap hashing algorithm: %d",
- ph->profile->wrap_hashing_algo);
-
-- if (*unwrapped_key_len < sizeof(struct ep11keytoken)) {
-+ if (*unwrapped_key_len < sizeof(struct ep11kblob_header) +
-+ sizeof(struct ep11keytoken)) {
- _set_error(ph, "Key buffer is too small");
- return -EINVAL;
- }
-@@ -5381,19 +5384,68 @@ static int _ep11_unwrap_key_rsa(struct p
- 256 * 256 * csum[csum_len - 3] +
- 256 * 256 * 256 * csum[csum_len - 4];
-
-- /* Setup the EP11 token header */
-- ep11key = (struct ep11keytoken *)unwrapped_key;
-- memset(&ep11key->session, 0, sizeof(ep11key->session));
-- ep11key->head.type = TOKEN_TYPE_NON_CCA;
-- ep11key->head.length = *unwrapped_key_len;
-- ep11key->head.version = TOKEN_VERSION_EP11_AES;
-- ep11key->head.keybitlen = bit_len;
-+ /* Prepend and setup the EP11 token header */
-+ hdr = (struct ep11kblob_header *)unwrapped_key;
-+ ep11key = (struct ep11keytoken *)
-+ (unwrapped_key + sizeof(struct ep11kblob_header));
-+ memmove(ep11key, unwrapped_key, *unwrapped_key_len);
-+ *unwrapped_key_len += sizeof(struct ep11kblob_header);
-+ memset(hdr, 0, sizeof(struct ep11kblob_header));
-+ hdr->type = TOKEN_TYPE_NON_CCA;
-+ hdr->hver = 0;
-+ hdr->len = *unwrapped_key_len;
-+ hdr->version = TOKEN_VERSION_EP11_AES_WITH_HEADER;
-+ hdr->bitlen = bit_len;
-
-- pr_verbose(&ph->pd, "unwrapped bit length: %u",
-- ep11key->head.keybitlen);
-+ pr_verbose(&ph->pd, "unwrapped bit length: %u", hdr->bitlen);
-
- /* return full length, blob is already zero padded */
-- *unwrapped_key_len = sizeof(struct ep11keytoken);
-+ *unwrapped_key_len =
-+ sizeof(struct ep11kblob_header) + sizeof(struct ep11keytoken);
-+
-+ /*
-+ * Check if the pkey module supports keys of type
-+ * TOKEN_VERSION_EP11_AES_WITH_HEADER, older kernels may not support
-+ * such keys. If it does not support such keys, convert the key to
-+ * TOKEN_VERSION_EP11_AES type, if its session field is all zero
-+ * (i.e. the key is not session bound).
-+ */
-+ pkey_fd = open_pkey_device(ph->pd.verbose);
-+ if (pkey_fd < 0) {
-+ _set_error(ph, "Failed to open pkey device");
-+ return -EIO;
-+ }
-+
-+ rc = validate_secure_key(pkey_fd, unwrapped_key, *unwrapped_key_len,
-+ NULL, NULL, NULL, ph->pd.verbose);
-+ close(pkey_fd);
-+ if (rc == -EINVAL || rc == -ENODEV) {
-+ pr_verbose(&ph->pd, "The pkey kernel module does not support "
-+ "PKEY_TYPE_EP11_AES, fall back to PKEY_TYPE_EP11");
-+
-+ if (is_ep11_key_session_bound(unwrapped_key,
-+ *unwrapped_key_len)) {
-+ _set_error(ph, "The unwrapped key is session bound. "
-+ "Kernel support is required for such keys");
-+ return -EIO;
-+ }
-+
-+ key_blob_len = hdr->len;
-+ *unwrapped_key_len -= sizeof(struct ep11kblob_header);
-+ memmove(unwrapped_key,
-+ unwrapped_key + sizeof(struct ep11kblob_header),
-+ *unwrapped_key_len);
-+ ep11key = (struct ep11keytoken *)unwrapped_key;
-+ memset(&ep11key->session, 0, sizeof(ep11key->session));
-+ ep11key->head.type = TOKEN_TYPE_NON_CCA;
-+ ep11key->head.len = key_blob_len -
-+ sizeof(struct ep11kblob_header);
-+ ep11key->head.version = TOKEN_VERSION_EP11_AES;
-+ ep11key->head.bitlen = bit_len;
-+ } else if (rc != 0) {
-+ _set_error(ph, "Failed to validate unwrapped key");
-+ return rc;
-+ }
-
- return 0;
- }
---- a/zkey/kms.c
-+++ b/zkey/kms.c
-@@ -2175,7 +2175,7 @@ int generate_kms_key(struct kms_info *km
- else if (strcasecmp(key_type, KEY_TYPE_CCA_AESCIPHER) == 0)
- key_size = AESCIPHER_KEY_SIZE;
- else if (strcasecmp(key_type, KEY_TYPE_EP11_AES) == 0)
-- key_size = EP11_KEY_SIZE;
-+ key_size = EP11_AES_KEY_SIZE;
- else
- return -ENOTSUP;
-
-@@ -2248,6 +2248,9 @@ int generate_kms_key(struct kms_info *km
- if (verbose)
- util_hexdump_grp(stderr, NULL, key_blob, 4, key_blob_size, 0);
-
-+ if (is_ep11_aes_key(key_blob, key_blob_size))
-+ key_size = EP11_KEY_SIZE;
-+
- /* Save ID and label of 1st key */
- rc = properties_set(key_props, xts ? PROP_NAME_KMS_XTS_KEY1_ID :
- PROP_NAME_KMS_KEY_ID, key1_id);
-@@ -3132,6 +3135,8 @@ int import_kms_key(struct kms_info *kms_
- key_size = AESCIPHER_KEY_SIZE;
- else if (is_ep11_aes_key(key_blob, key_blob_size))
- key_size = EP11_KEY_SIZE;
-+ else if (is_ep11_aes_key_with_header(key_blob, key_blob_size))
-+ key_size = EP11_AES_KEY_SIZE;
-
- if (key_size == 0 || key_blob_size > key_size) {
- pr_verbose(verbose, "Key '%s' has an unknown or unsupported "
-@@ -3366,6 +3371,8 @@ int refresh_kms_key(struct kms_info *kms
- key_size = AESCIPHER_KEY_SIZE;
- else if (is_ep11_aes_key(key_blob, key_blob_size))
- key_size = EP11_KEY_SIZE;
-+ else if (is_ep11_aes_key_with_header(key_blob, key_blob_size))
-+ key_size = EP11_AES_KEY_SIZE;
-
- if (key_size == 0 || key_blob_size > key_size) {
- pr_verbose(verbose, "Key '%s' has an unknown or unsupported "
---- a/zkey/pkey.c
-+++ b/zkey/pkey.c
-@@ -858,7 +858,7 @@ static enum pkey_key_type key_type_to_pk
- if (strcasecmp(key_type, KEY_TYPE_CCA_AESCIPHER) == 0)
- return PKEY_TYPE_CCA_CIPHER;
- if (strcasecmp(key_type, KEY_TYPE_EP11_AES) == 0)
-- return PKEY_TYPE_EP11;
-+ return PKEY_TYPE_EP11_AES;
-
- return 0;
- }
-@@ -879,6 +879,8 @@ static size_t key_size_for_type(enum pke
- return AESCIPHER_KEY_SIZE;
- case PKEY_TYPE_EP11:
- return EP11_KEY_SIZE;
-+ case PKEY_TYPE_EP11_AES:
-+ return EP11_AES_KEY_SIZE;
- default:
- return 0;
- }
-@@ -924,6 +926,7 @@ int generate_secure_key_random(int pkey_
- return -ENOTSUP;
- }
-
-+retry:
- genseck2.size = keybits_to_keysize(keybits);
- if (genseck2.size == 0) {
- warnx("Invalid value for '--keybits'/'-c': '%lu'", keybits);
-@@ -957,10 +960,33 @@ int generate_secure_key_random(int pkey_
- genseck2.keylen = size;
-
- rc = pkey_genseck2(pkey_fd, &genseck2, verbose);
-+ if (rc == -EINVAL && genseck2.type == PKEY_TYPE_EP11_AES) {
-+ /*
-+ * Older kernels may not support gensek2 with key type
-+ * PKEY_TYPE_EP11_AES, retry with PKEY_TYPE_EP11.
-+ */
-+ pr_verbose(verbose,
-+ "ioctl PKEY_GENSECK2 does not support "
-+ "PKEY_TYPE_EP11_AES, fall back to PKEY_TYPE_EP11");
-+
-+ genseck2.type = PKEY_TYPE_EP11;
-+ free(genseck2.apqns);
-+ genseck2.apqns = NULL;
-+ genseck2.apqn_entries = 0;
-+ free(secure_key);
-+ goto retry;
-+ }
- if (rc != 0) {
- warnx("Failed to generate a secure key: %s", strerror(-rc));
- goto out;
- }
-+ if (rc == 0 && genseck2.type == PKEY_TYPE_EP11) {
-+ if (is_ep11_key_session_bound(secure_key, size)) {
-+ warnx("The generated key is session bound. Kernel "
-+ "support is required for such keys");
-+ goto out;
-+ }
-+ }
-
- if (xts) {
- free(genseck2.apqns);
-@@ -1062,6 +1088,7 @@ int generate_secure_key_clear(int pkey_f
- return -ENOTSUP;
- }
-
-+retry:
- clr2seck2.size = keybits_to_keysize(HALF_KEYSIZE_FOR_XTS(
- clear_key_size * 8, xts));
- if (clr2seck2.size == 0) {
-@@ -1096,10 +1123,33 @@ int generate_secure_key_clear(int pkey_f
- clr2seck2.keylen = size;
-
- rc = pkey_clr2seck2(pkey_fd, &clr2seck2, verbose);
-+ if (rc == -EINVAL && clr2seck2.type == PKEY_TYPE_EP11_AES) {
-+ /*
-+ * Older kernels may not support clr2seck2 with key type
-+ * PKEY_TYPE_EP11_AES, retry with PKEY_TYPE_EP11.
-+ */
-+ pr_verbose(verbose,
-+ "ioctl PKEY_CLR2SECK2 does not support "
-+ "PKEY_TYPE_EP11_AES, fall back to PKEY_TYPE_EP11");
-+
-+ clr2seck2.type = PKEY_TYPE_EP11;
-+ free(clr2seck2.apqns);
-+ clr2seck2.apqns = NULL;
-+ clr2seck2.apqn_entries = 0;
-+ free(secure_key);
-+ goto retry;
-+ }
- if (rc != 0) {
- warnx("Failed to generate a secure key: %s", strerror(-rc));
- goto out;
- }
-+ if (rc == 0 && clr2seck2.type == PKEY_TYPE_EP11) {
-+ if (is_ep11_key_session_bound(secure_key, size)) {
-+ warnx("The generated key is session bound. Kernel "
-+ "support is required for such keys");
-+ goto out;
-+ }
-+ }
-
- if (xts) {
- free(clr2seck2.apqns);
-@@ -1486,6 +1536,8 @@ int get_master_key_verification_pattern(
- struct aesdatakeytoken *datakey = (struct aesdatakeytoken *)key;
- struct aescipherkeytoken *cipherkey = (struct aescipherkeytoken *)key;
- struct ep11keytoken *ep11key = (struct ep11keytoken *)key;
-+ struct ep11keytoken *ep11key2 =
-+ (struct ep11keytoken *)(key + sizeof(struct ep11kblob_header));
-
- util_assert(key != NULL, "Internal error: secure_key is NULL");
- util_assert(mkvp != NULL, "Internal error: mkvp is NULL");
-@@ -1497,6 +1549,8 @@ int get_master_key_verification_pattern(
- memcpy(mkvp, &cipherkey->kvp, sizeof(cipherkey->kvp));
- else if (is_ep11_aes_key(key, key_size))
- memcpy(mkvp, &ep11key->wkvp, sizeof(ep11key->wkvp));
-+ else if (is_ep11_aes_key_with_header(key, key_size))
-+ memcpy(mkvp, &ep11key2->wkvp, sizeof(ep11key2->wkvp));
- else
- return -EINVAL;
-
-@@ -1593,9 +1647,11 @@ bool is_ep11_aes_key(const u8 *key, size
-
- if (ep11key->head.type != TOKEN_TYPE_NON_CCA)
- return false;
-+ if (ep11key->head.hver != 0)
-+ return false;
- if (ep11key->head.version != TOKEN_VERSION_EP11_AES)
- return false;
-- if (ep11key->head.length > key_size)
-+ if (ep11key->head.len > key_size)
- return false;
-
- if (ep11key->version != 0x1234)
-@@ -1605,6 +1661,65 @@ bool is_ep11_aes_key(const u8 *key, size
- }
-
- /**
-+ * Check if the specified key is a EP11 AES key token with external header.
-+ *
-+ * @param[in] key the secure key token
-+ * @param[in] key_size the size of the secure key
-+ *
-+ * @returns true if the key is an EP11 AES token with external header type
-+ */
-+bool is_ep11_aes_key_with_header(const u8 *key, size_t key_size)
-+{
-+ struct ep11kblob_header *header = (struct ep11kblob_header *)key;
-+ struct ep11keytoken *ep11key =
-+ (struct ep11keytoken *)(key + sizeof(struct ep11kblob_header));
-+
-+ if (key == NULL || key_size < EP11_AES_KEY_SIZE)
-+ return false;
-+
-+ if (header->type != TOKEN_TYPE_NON_CCA)
-+ return false;
-+ if (header->hver != 0)
-+ return false;
-+ if (header->version != TOKEN_VERSION_EP11_AES_WITH_HEADER)
-+ return false;
-+ if (header->len > key_size)
-+ return false;
-+
-+ if (ep11key->version != 0x1234)
-+ return false;
-+
-+ return true;
-+}
-+
-+/**
-+ * Check if the specified EP11 AES key is session bound.
-+ *
-+ * @param[in] key the secure key token
-+ * @param[in] key_size the size of the secure key
-+ *
-+ * @returns true if the key is an EP11 AES token type
-+ */
-+bool is_ep11_key_session_bound(const u8 *key, size_t key_size)
-+{
-+ struct ep11keytoken *ep11key;
-+
-+ if (is_ep11_aes_key(key, key_size)) {
-+ ep11key = (struct ep11keytoken *)key;
-+ return memcmp(ep11key->session + sizeof(ep11key->head),
-+ ZERO_SESSION, sizeof(ep11key->session) -
-+ sizeof(ep11key->head)) != 0;
-+ } else if (is_ep11_aes_key_with_header(key, key_size)) {
-+ ep11key = (struct ep11keytoken *)
-+ (key + sizeof(struct ep11kblob_header));
-+ return memcmp(ep11key->session, ZERO_SESSION,
-+ sizeof(ep11key->session)) != 0;
-+ } else {
-+ return false;
-+ }
-+}
-+
-+/**
- * Check if the specified key is an XTS type key
- *
- * @param[in] key the secure key token
-@@ -1629,6 +1744,11 @@ bool is_xts_key(const u8 *key, size_t ke
- is_ep11_aes_key(key + EP11_KEY_SIZE,
- key_size - EP11_KEY_SIZE))
- return true;
-+ } else if (is_ep11_aes_key_with_header(key, key_size)) {
-+ if (key_size == 2 * EP11_AES_KEY_SIZE &&
-+ is_ep11_aes_key_with_header(key + EP11_AES_KEY_SIZE,
-+ key_size - EP11_AES_KEY_SIZE))
-+ return true;
- }
-
- return false;
-@@ -1650,6 +1770,7 @@ int get_key_bit_size(const u8 *key, size
- struct aesdatakeytoken *datakey = (struct aesdatakeytoken *)key;
- struct aescipherkeytoken *cipherkey = (struct aescipherkeytoken *)key;
- struct ep11keytoken *ep11key = (struct ep11keytoken *)key;
-+ struct ep11kblob_header *hdr = (struct ep11kblob_header *)key;
-
- util_assert(bitsize != NULL, "Internal error: bitsize is NULL");
-
-@@ -1672,10 +1793,17 @@ int get_key_bit_size(const u8 *key, size
- *bitsize += cipherkey->pl - 384;
- }
- } else if (is_ep11_aes_key(key, key_size)) {
-- *bitsize = ep11key->head.keybitlen;
-+ *bitsize = ep11key->head.bitlen;
- if (key_size == 2 * EP11_KEY_SIZE) {
- ep11key = (struct ep11keytoken *)(key + EP11_KEY_SIZE);
-- *bitsize += ep11key->head.keybitlen;
-+ *bitsize += ep11key->head.bitlen;
-+ }
-+ } else if (is_ep11_aes_key_with_header(key, key_size)) {
-+ *bitsize = hdr->bitlen;
-+ if (key_size == 2 * EP11_AES_KEY_SIZE) {
-+ hdr = (struct ep11kblob_header *)
-+ (key + EP11_AES_KEY_SIZE);
-+ *bitsize += hdr->bitlen;
- }
- } else {
- return -EINVAL;
-@@ -1700,6 +1828,8 @@ const char *get_key_type(const u8 *key,
- return KEY_TYPE_CCA_AESCIPHER;
- if (is_ep11_aes_key(key, key_size))
- return KEY_TYPE_EP11_AES;
-+ if (is_ep11_aes_key_with_header(key, key_size))
-+ return KEY_TYPE_EP11_AES;
- return NULL;
- }
-
-@@ -2016,7 +2146,8 @@ int reencipher_secure_key(struct ext_lib
- return rc;
- }
-
-- if (is_ep11_aes_key(secure_key, secure_key_size)) {
-+ if (is_ep11_aes_key(secure_key, secure_key_size) ||
-+ is_ep11_aes_key_with_header(secure_key, secure_key_size)) {
- /* EP11 secure key: need the EP11 host library */
- if (lib->ep11->lib_ep11 == NULL) {
- rc = load_ep11_library(lib->ep11, verbose);
---- a/zkey/pkey.h
-+++ b/zkey/pkey.h
-@@ -39,6 +39,8 @@ struct tokenheader {
- #define TOKEN_VERSION_PROTECTED_KEY 0x01
- #define TOKEN_VERSION_CLEAR_KEY 0x02
- #define TOKEN_VERSION_EP11_AES 0x03
-+#define TOKEN_VERSION_EP11_AES_WITH_HEADER 0x06
-+#define TOKEN_VERSION_EP11_ECC_WITH_HEADER 0x07
-
- struct aesdatakeytoken {
- u8 type; /* TOKEN_TYPE_INTERNAL (0x01) for internal key token */
-@@ -89,17 +91,20 @@ struct aescipherkeytoken {
- u8 varpart[80]; /* variable part */
- } __packed;
-
-+struct ep11kblob_header {
-+ u8 type; /* always 0x00 */
-+ u8 hver; /* header version, currently needs to be 0x00 */
-+ u16 len; /* total length in bytes (including this header) */
-+ u8 version; /* PKEY_TYPE_EP11_AES or PKEY_TYPE_EP11_ECC */
-+ u8 res0; /* unused */
-+ u16 bitlen; /* clear key bit len, 0 for unknown */
-+ u8 res1[8]; /* unused */
-+} __packed;
-+
- struct ep11keytoken {
- union {
- u8 session[32];
-- struct {
-- u8 type; /* TOKEN_TYPE_NON_CCA (0x00) */
-- u8 res0; /* unused */
-- u16 length; /* length of token */
-- u8 version; /* TOKEN_VERSION_EP11_AES (0x03) */
-- u8 res1; /* unused */
-- u16 keybitlen; /* clear key bit len, 0 for unknown */
-- } head;
-+ struct ep11kblob_header head;
- };
- u8 wkvp[16]; /* wrapping key verification pattern */
- u64 attr; /* boolean key attributes */
-@@ -111,18 +116,29 @@ struct ep11keytoken {
- u8 padding[64];
- } __packed;
-
-+#define ZERO_SESSION \
-+ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
-+
- #define AESDATA_KEY_SIZE sizeof(struct aesdatakeytoken)
- #define AESCIPHER_KEY_SIZE sizeof(struct aescipherkeytoken)
- #define EP11_KEY_SIZE sizeof(struct ep11keytoken)
-+#define EP11_AES_KEY_SIZE (sizeof(struct ep11kblob_header) + \
-+ sizeof(struct ep11keytoken))
-
- /* MAX/MIN from zt_common.h produces warnings for variable length arrays */
- #define _MIN(a, b) ((a) < (b) ? (a) : (b))
- #define _MAX(a, b) ((a) > (b) ? (a) : (b))
-
--#define MAX_SECURE_KEY_SIZE _MAX(EP11_KEY_SIZE, \
-- _MAX(AESDATA_KEY_SIZE, AESCIPHER_KEY_SIZE))
--#define MIN_SECURE_KEY_SIZE _MIN(EP11_KEY_SIZE, \
-- _MIN(AESDATA_KEY_SIZE, AESCIPHER_KEY_SIZE))
-+#define MAX_SECURE_KEY_SIZE _MAX( \
-+ _MAX(EP11_KEY_SIZE, \
-+ EP11_AES_KEY_SIZE), \
-+ _MAX(AESDATA_KEY_SIZE, \
-+ AESCIPHER_KEY_SIZE))
-+#define MIN_SECURE_KEY_SIZE _MIN( \
-+ _MIN(EP11_KEY_SIZE, \
-+ EP11_AES_KEY_SIZE), \
-+ _MIN(AESDATA_KEY_SIZE, \
-+ AESCIPHER_KEY_SIZE))
-
- struct pkey_seckey {
- u8 seckey[AESDATA_KEY_SIZE]; /* the secure key blob */
-@@ -175,6 +191,9 @@ enum pkey_key_type {
- PKEY_TYPE_CCA_DATA = (u32) 1,
- PKEY_TYPE_CCA_CIPHER = (u32) 2,
- PKEY_TYPE_EP11 = (u32) 3,
-+ PKEY_TYPE_CCA_ECC = (u32) 0x1f,
-+ PKEY_TYPE_EP11_AES = (u32) 6,
-+ PKEY_TYPE_EP11_ECC = (u32) 7,
- };
-
- enum pkey_key_size {
-@@ -321,6 +340,8 @@ int get_master_key_verification_pattern(
- bool is_cca_aes_data_key(const u8 *key, size_t key_size);
- bool is_cca_aes_cipher_key(const u8 *key, size_t key_size);
- bool is_ep11_aes_key(const u8 *key, size_t key_size);
-+bool is_ep11_aes_key_with_header(const u8 *key, size_t key_size);
-+bool is_ep11_key_session_bound(const u8 *key, size_t key_size);
- bool is_xts_key(const u8 *key, size_t key_size);
- int get_key_bit_size(const u8 *key, size_t key_size, size_t *bitsize);
- const char *get_key_type(const u8 *key, size_t key_size);
---- a/zkey/zkey-cryptsetup.c
-+++ b/zkey/zkey-cryptsetup.c
-@@ -1673,7 +1673,10 @@ static int reencipher_prepare(int token)
- warnx("Failed to re-encipher the secure volume "
- "key for device '%s'\n", g.pos_arg);
- if (!selected &&
-- !is_ep11_aes_key((u8 *)key, securekeysize))
-+ !is_ep11_aes_key((u8 *)key,
-+ securekeysize) &&
-+ !is_ep11_aes_key_with_header((u8 *)key,
-+ securekeysize))
- print_msg_for_cca_envvars(
- "secure AES volume key");
- rc = -EINVAL;
-@@ -1696,7 +1699,10 @@ static int reencipher_prepare(int token)
- warnx("Failed to re-encipher the secure volume "
- "key for device '%s'\n", g.pos_arg);
- if (!selected &&
-- !is_ep11_aes_key((u8 *)key, securekeysize))
-+ !is_ep11_aes_key((u8 *)key,
-+ securekeysize) &&
-+ !is_ep11_aes_key_with_header((u8 *)key,
-+ securekeysize))
- print_msg_for_cca_envvars(
- "secure AES volume key");
- rc = -EINVAL;
-@@ -1836,7 +1842,10 @@ static int reencipher_complete(int token
- warnx("Failed to re-encipher the secure volume "
- "key for device '%s'\n", g.pos_arg);
- if (!selected &&
-- !is_ep11_aes_key((u8 *)key, securekeysize))
-+ !is_ep11_aes_key((u8 *)key,
-+ securekeysize) &&
-+ !is_ep11_aes_key_with_header((u8 *)key,
-+ securekeysize))
- print_msg_for_cca_envvars(
- "secure AES volume key");
- rc = -EINVAL;
---- a/zkey/zkey.c
-+++ b/zkey/zkey.c
-@@ -1968,7 +1968,9 @@ static int command_reencipher_file(void)
- "master key has failed\n");
- if (!selected &&
- !is_ep11_aes_key(secure_key,
-- secure_key_size))
-+ secure_key_size) &&
-+ !is_ep11_aes_key_with_header(secure_key,
-+ secure_key_size))
- print_msg_for_cca_envvars(
- "secure AES key");
- }
-@@ -1993,7 +1995,9 @@ static int command_reencipher_file(void)
- "master key has failed\n");
- if (!selected &&
- !is_ep11_aes_key(secure_key,
-- secure_key_size))
-+ secure_key_size) &&
-+ !is_ep11_aes_key_with_header(secure_key,
-+ secure_key_size))
- print_msg_for_cca_envvars(
- "secure AES key");
- }
diff --git a/s390-tools.changes b/s390-tools.changes
index 06d9e07..938f62a 100644
--- a/s390-tools.changes
+++ b/s390-tools.changes
@@ -1,5 +1,53 @@
-------------------------------------------------------------------
-Wed Nov 15 07:55:09 UTC 2023 - Nikolay Gueorguiev
+Sun Dec 17 05:48:56 UTC 2023 - Nikolay Gueorguiev
+
+- Updated the .spec file to use gcc13 (bsc#1217838)
+- Amended read_values for '-S' option (bsc#1217923)
+
+-------------------------------------------------------------------
+Mon Dec 4 13:34:09 UTC 2023 - Nikolay Gueorguiev
+
+- Upgrade s390-tools to version 2.30
+ (jsc#PED-5783, jsc#PED-6785, jsc#PED-7136, jsc#PED-6539, jsc#PED-4604,
+ jsc#PED-6649, jsc#PED-7138 )
+- Add new tools / libraries:
+ * lspai: Tool to display PAI counter sets
+ * s390-tools: Provide a ShellCheck configuration
+- Changes of existing tools / libraries:
+ * cpumf/pai: Add command line option for realtime scheduling
+ * dbginfo.sh: enhance ethtool collection for ROCE
+ * libutil/util_lockfile: add routine to return owning pid of file lock
+ * lszcrypt: Improve lszcrypt output on SE guests
+ * rust: Use a single workspace for all rust tools
+ * zdev: limit the derivation of ZDEV_SITE_ID
+ * zdump/df_s390: Update 'zgetdump -i' output with zlib info
+ * zdump/dfi_s390: Support reading compressed s390_ext dumps
+ * zipl/boot: Integrate zlib compression to single volume DASD dumper
+ * zipl/boot: compile the bootloaders only if HOST_ARCH is s390x
+ * zipl: Add --no-compress option to zipl command
+ * zkey: Also check for deconfigured and check-stopped cards
+- Bug Fixes:
+ * ap_tools/ap-check: handle get-attributes between pre and post event
+ * libutil: fix util_file_read_*() using wrong format specifiers
+ * rust/pv: fix Invalid write of size
+- Amended the SUSE patches for version 2.30
+- Revendored vendor.tar.gz
+
+-------------------------------------------------------------------
+Fri Nov 24 07:51:10 UTC 2023 - Nikolay Gueorguiev
+
+- Provide s390-tools on x86_64 to enable Secure Execution in the Cloud
+ (jsc#PED-578, jsc#PED-7136, and jsc#PED-7138)
+ * Selected tools from the s390-tools package need to be made available on x86_64.
+ This will enable the integration of IBM Z machines running Secure Execution in a
+ cloud environment where users don't necessarily need to have an s390x environment.
+ - genprotimg - (for building secure images)
+ - pvsecret -
+ - pvattest - (for external attestation)
+ - pvextract-hdr -
+
+-------------------------------------------------------------------
+Wed Nov 15 07:31:45 UTC 2023 - Nikolay Gueorguiev
- Fixed a logic error in read_values.c
diff --git a/s390-tools.spec b/s390-tools.spec
index f677d00..673a9bc 100644
--- a/s390-tools.spec
+++ b/s390-tools.spec
@@ -33,7 +33,7 @@
%endif
Name: s390-tools
-Version: 2.29.0
+Version: 2.30.0
Release: 0
Summary: S/390 tools like zipl and dasdfmt
License: MIT
@@ -152,17 +152,16 @@ Patch909: s390-tools-sles12-fdasd-skip-partition-check-and-BLKRRPART-ioctl
Patch910: s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch
Patch911: s390-tools-sles15sp5-remove-no-pie-link-arguments.patch
Patch912: s390-tools-ALP-zdev-live.patch
-Patch913: s390-tools-sles15sp6-zkey-Support-EP11-AES-keys-with-prepended-header-to-.patch
###
BuildRequires: curl-devel
BuildRequires: dracut
BuildRequires: fuse3-devel
-BuildRequires: gcc-c++
+BuildRequires: gcc13
+BuildRequires: gcc13-c++
BuildRequires: gettext-tools
BuildRequires: glib2-devel
BuildRequires: glibc-devel-static
-BuildRequires: kernel-zfcpdump
BuildRequires: libcryptsetup-devel > 2.0.3
BuildRequires: libjson-c-devel
BuildRequires: libxml2-devel
@@ -171,10 +170,14 @@ BuildRequires: ncurses-devel
BuildRequires: net-snmp-devel
BuildRequires: openssl-devel >= 1.1.1l
BuildRequires: pesign-obs-integration
-BuildRequires: qclib-devel-static
BuildRequires: systemd-devel
BuildRequires: tcpd-devel
BuildRequires: zlib-devel-static
+### x86_64
+%ifarch s390x
+BuildRequires: kernel-zfcpdump
+BuildRequires: qclib-devel-static
+%endif
### Cargo
BuildRequires: rust
BuildRequires: cargo
@@ -195,7 +198,7 @@ Requires(post): permissions
Requires(pre): shadow
Recommends: blktrace
Provides: s390utils:/sbin/dasdfmt
-ExclusiveArch: s390x
+### ExclusiveArch: s390x x86_64
%description
This package contains the tools needed to use Linux on IBM z Systems
@@ -315,15 +318,16 @@ unavailable, the toolset checks for operational paths to the same
volume. If available, it reconfigures the FCP re-IPL settings to use an
operational path.
+### *** s390x ************************************************************************* ###
+%ifarch s390x
+
%prep
%autosetup -p1
cp -vi %{SOURCE22} CAUTION
-###
install -D -m 0644 %{SOURCE200} .cargo/config
-tar -xzvf %{SOURCE201}
-###
+tar -xzf %{SOURCE201}
%build
@@ -333,13 +337,17 @@ tar -xzvf %{SOURCE201}
export OPT_FLAGS="%{optflags}"
export KERNELIMAGE_MAKEFLAGS="%%{?_smp_mflags}"
-%make_build \
+
+%make_build -v \
ZFCPDUMP_DIR=%{_prefix}/lib/s390-tools/zfcpdump \
DISTRELEASE=%{release} \
UDEVRUNDIR=/run/udev \
HAVE_CARGO=1 \
- HAVE_DRACUT=1
-gcc -static -o read_values ${OPT_FLAGS} %{SOURCE86} -lqc
+ HAVE_DRACUT=1 \
+ CC=gcc-13 \
+ CXX=g++-13
+### all
+gcc-13 -v -static -o read_values ${OPT_FLAGS} %{SOURCE86} -lqc
%install
mkdir -p %{buildroot}/boot/zipl
@@ -350,7 +358,10 @@ mkdir -p %{buildroot}%{_sysconfdir}/zkey/repository
SYSTEMDSYSTEMUNITDIR=%{_unitdir} \
UDEVRUNDIR=/run/udev \
HAVE_CARGO=1 \
- HAVE_DRACUT=1
+ HAVE_DRACUT=1 \
+ CC=gcc-13 \
+ CXX=g++-13
+### all
# The make install command puts things in /etc/sysconfig and not the
# fillup-templates directory. Let's try moving them where they belong
@@ -735,4 +746,44 @@ done
%{_udevrulesdir}/70-chreipl-fcp-mpath.rules
%{_mandir}/man7/chreipl-fcp-mpath.7%{?ext_man}
+### _endif
+### *** !s390x ************************************************************************* ###
+### _ifarch x86_64
+%else
+
+%prep
+%autosetup -p1
+
+install -D -m 0644 %{SOURCE200} .cargo/config
+tar -xzf %{SOURCE201}
+
+%build
+export OPT_FLAGS="%{optflags}"
+export KERNELIMAGE_MAKEFLAGS="%%{?_smp_mflags}"
+%make_build \
+ DISTRELEASE=%{release} \
+ UDEVRUNDIR=/run/udev \
+ HAVE_CARGO=1 \
+ HAVE_DRACUT=1
+
+%install
+%make_install \
+ DISTRELEASE=%{release} \
+ SYSTEMDSYSTEMUNITDIR=%{_unitdir} \
+ UDEVRUNDIR=/run/udev \
+ HAVE_CARGO=1 \
+ HAVE_DRACUT=1
+
+%files
+%{_prefix}/bin/*
+%{_prefix}/share/s390-tools/*
+%dir /usr/share/s390-tools
+%{_mandir}/man1/*
+
+%files debuginfo
+%dir %{_prefix}/lib/debug
+%dir %{_prefix}/lib/debug/usr/bin
+
+%endif
+
%changelog
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 253cde9..1739e52 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:6fba8bcb49456ba6ef765899deaeed187324a7bfc90a76b4b718bbb502cecee7
-size 37525174
+oid sha256:a2a48140a8f2bf37d79e054c24763831b488bebc6a7ff91abb50d1b87354cc02
+size 39766421