diff --git a/_service b/_service index fbee1b9..4a4786b 100644 --- a/_service +++ b/_service @@ -2,10 +2,6 @@ s390-tools-2.29.0.tar.gz zst - s390-tools/rust/pv/Cargo.toml - s390-tools/rust/pv/openssl_extentions/Cargo.toml - s390-tools/rust/utils/Cargo.toml - s390-tools/rust/pvsecret/Cargo.toml true diff --git a/read_values.c b/read_values.c index 9ee5b92..d8da006 100644 --- a/read_values.c +++ b/read_values.c @@ -1,7 +1,7 @@ /********************************************************************************/ -/* */ -/* Copyright (C) 2014-2015, 2019-2023 SUSE LLC */ -/* */ +/* */ +/* Copyright (C) 2014-2015, 2019-2023 SUSE LLC */ +/* */ /* All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -37,9 +37,9 @@ enum datatypes { #define WITHOUT_KEY 0 #define WITH_KEY 1 -static char *versionstring = "Version 1.0.3 2023-02-16 17:00"; +static char *versionstring = "Version 1.0.4 2023-12-17 06:58"; -static char *version = "1.0.3"; +static char *version = "1.0.4"; void *configuration_handle = NULL; int layers = -1; @@ -85,18 +85,18 @@ struct machinetype { int debug = 0; /******************************************************************************/ -/* */ -/* Print the program version */ -/* */ +/* */ +/* Print the program version */ +/* */ /******************************************************************************/ void print_version() { printf("Version: %s\n", version); } /******************************************************************************/ -/* */ -/* Look for one attribute and print it */ -/* */ +/* */ +/* Look for one attribute and print it */ +/* */ /******************************************************************************/ void print_attribute(char *user_string, int level, enum qc_attr_id attribute, enum datatypes type, int print_key) { @@ -121,7 +121,7 @@ float result_float = 0.0; } if (erg == 1) { if (print_key == WITH_KEY) { - printf("%s: ",(user_string == NULL? "NULL": user_string)); + printf("%s : ",(user_string == NULL? "NULL": user_string)); } /* endif */ switch (type) { @@ -139,15 +139,22 @@ float result_float = 0.0; } } /* endif */ else { - printf("Error: erg = %d, result_string = %s \n", erg, (result_string == NULL? "NULL": result_string)); + if ( erg == 0 ) { + /* printf("%s : Attribute exists, but is not set. \n", (user_string == NULL? "NULL": user_string)); */ + } /* endif */ + else if ( erg < 0) { + printf("%s: An error occurred retrieving the attribute. Error: erg = %d, result_string = %s \n", user_string, erg, (result_string == NULL? "NULL": result_string)); + } /* end else if */ + /* */ /* TODO qc_get_attribute_string returned error */ + /* */ } } /* print_attribute */ /********************************************************************************/ -/* */ -/* Open the lib and get the handle */ -/* */ +/* */ +/* Open the lib and get the handle */ +/* */ /********************************************************************************/ int read_sysinfo() { @@ -175,10 +182,10 @@ int return_code; } /* read_sysinfo */ /********************************************************************************/ -/* */ -/* Look at the type of machine we're running on and print out a user */ -/* friendly string */ -/* */ +/* */ +/* Look at the type of machine we're running on and print out a user */ +/* friendly string */ +/* */ /********************************************************************************/ void print_cputype() { @@ -217,26 +224,26 @@ Please file a bug report with this output:\n" , cpu_type); } /* print_cputype */ /********************************************************************************/ -/* */ -/* Print out the values for SCC */ -/* */ -/* To uniquely identify a machine the following information is used: */ -/* */ -/* Type */ -/* Sequence code */ -/* CPUs total */ -/* CPUs IFL */ -/* LPAR Number */ -/* LPAR Characteristics: */ -/* LPAR CPUs */ -/* LPAR IFLs */ -/* */ -/* Optional: */ -/* */ -/* VM00 Name */ -/* VM00 Control Programm */ -/* VM00 CPUs */ -/* */ +/* */ +/* Print out the values for SCC */ +/* */ +/* To uniquely identify a machine the following information is used: */ +/* */ +/* Type */ +/* Sequence code */ +/* CPUs total */ +/* CPUs IFL */ +/* LPAR Number */ +/* LPAR Characteristics: */ +/* LPAR CPUs */ +/* LPAR IFLs */ +/* */ +/* Optional: */ +/* */ +/* VM00 Name */ +/* VM00 Control Programm */ +/* VM00 CPUs */ +/* */ /********************************************************************************/ void print_scc() { @@ -288,18 +295,18 @@ int check_model (const char *cpu) { for ( i = 0; i < models; i++) { - if ( !strcmp(cpu,types[i]) ) { - return 1; - }; + if ( !strcmp(cpu,types[i]) ) { + return 1; + }; } return 0; } /* check_model */ /******************************************************************************/ -/* */ -/* print out whether secure boot is enabled */ -/* */ +/* */ +/* print out whether secure boot is enabled */ +/* */ /******************************************************************************/ void print_secure_mode() { @@ -308,6 +315,9 @@ int release_major; int release_sub; int release_minor; const char *cpu_type = NULL; +int cpu_okay = 0; +int Layer = 0; +int i = 0; /* * First we have to check whether we have the appropriate kernel Level (>= 5.3) */ @@ -346,35 +356,40 @@ struct utsname uts; printf("Print_secure called\n"); #endif /* - * Only the following machines support secure boot: z14, z14 ZR1, z15, z16 + * Only the following machines support secure boot: + * z14, z15, z16 * 3906, 3907, 8561, 8562, 3931, 3932 */ erg = qc_get_attribute_string(configuration_handle, qc_type, 0, &cpu_type); if (erg == 1 && cpu_type != NULL) { - - if ( !check_model(cpu_type) ) { + cpu_okay = check_model(cpu_type); + if ( cpu_okay == 0 ) { goto return_does_not_exist; } /* endif */ } /* endif */ - print_attribute("Secure mode on", 1, qc_has_secure, integer, WITH_KEY); - print_attribute("Secure mode used", 1, qc_secure, integer, WITH_KEY); + + for ( i = 0; i < 8; i++) { + erg = qc_get_attribute_int(configuration_handle, qc_layer_type_num, i, &Layer); + if (erg == 1) { + print_attribute("Secure mode on ", i, qc_has_secure, integer, WITH_KEY); + print_attribute("Secure mode used", i, qc_secure, integer, WITH_KEY); + } /* endif */ + } /* endfor */ return; return_does_not_exist: /* * Software or hardware does not support secure boot. */ - puts("Secure mode on: 0\nSecure mode used: 0"); + puts("Secure mode on : 0\nSecure mode used : 0"); return; } /* print_secure_mode */ /******************************************************************************/ -/* */ -/* print out the uuid for this machine */ -/* */ -/* */ -/* */ +/* */ +/* print out the uuid for this machine */ +/* */ /******************************************************************************/ int print_uuid() { @@ -417,9 +432,9 @@ int print_uuid() } /* print_uuid */ /******************************************************************************/ -/* */ -/* print out the list of valid / found symbols */ -/* */ +/* */ +/* print out the list of valid / found symbols */ +/* */ /******************************************************************************/ void list(char * list_attribute_param) { @@ -427,9 +442,9 @@ return; } /* list */ /******************************************************************************/ -/* */ -/* print out the requested attribute */ -/* */ +/* */ +/* print out the requested attribute */ +/* */ /******************************************************************************/ void print_user_attribute(char *key, char *attribute_param, int layer) { @@ -438,9 +453,9 @@ return; /******************************************************************************/ -/* */ -/* Help Function */ -/* */ +/* */ +/* Help Function */ +/* */ /******************************************************************************/ void help() { @@ -470,9 +485,9 @@ Valid values for debug:\n\ } /* help */ /******************************************************************************/ -/* */ -/* Main */ -/* */ +/* */ +/* Main */ +/* */ /******************************************************************************/ int main(int argc, char **argv, char **envp) { @@ -569,7 +584,7 @@ void *configuration_handle_tmp = NULL; fputs("Only one of the options a, c, L, s, S or u can be specified.\n",stderr); return 1; } /* endif */ - /* still not im[plemented thatfore set to zero */ + /* still not implemented thatfore set to zero */ list_attr = print_attr = 0; if (print_attr != 0) { print_user_attribute(NULL, print_attribute_param, layers); diff --git a/s390-tools-2.29.0.tar.gz b/s390-tools-2.29.0.tar.gz deleted file mode 100644 index 95d81d9..0000000 --- a/s390-tools-2.29.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:849ff400dc6c1eb7eebe4aa3e7a4871721c25bcee6cfdd0535a056a038fd3ab0 -size 1950182 diff --git a/s390-tools-2.30.0.tar.gz b/s390-tools-2.30.0.tar.gz new file mode 100644 index 0000000..94d0a3e --- /dev/null +++ b/s390-tools-2.30.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9e565701cc6df4808243027706ee0a76c5fc0c7f9aae0afce1479fd4ff68bcdf +size 2007594 diff --git a/s390-tools-ALP-zdev-live.patch b/s390-tools-ALP-zdev-live.patch index c9881d4..fee9f2b 100644 --- a/s390-tools-ALP-zdev-live.patch +++ b/s390-tools-ALP-zdev-live.patch @@ -5,10 +5,10 @@ zdev/dracut/Makefile | 15 ++++++++++-- 4 files changed, 92 insertions(+), 2 deletions(-) -Index: s390-tools-2.29.0/zdev/dracut/96zdev-live/module-setup.sh +Index: s390-tools-2.30.0/zdev/dracut/96zdev-live/module-setup.sh =================================================================== --- /dev/null -+++ s390-tools-2.29.0/zdev/dracut/96zdev-live/module-setup.sh ++++ s390-tools-2.30.0/zdev/dracut/96zdev-live/module-setup.sh @@ -0,0 +1,32 @@ +#!/bin/bash + @@ -42,10 +42,10 @@ Index: s390-tools-2.29.0/zdev/dracut/96zdev-live/module-setup.sh + inst_hook cleanup 41 "$moddir/write-udev-live.sh" + inst_multiple chzdev +} -Index: s390-tools-2.29.0/zdev/dracut/96zdev-live/parse-zdev-live.sh +Index: s390-tools-2.30.0/zdev/dracut/96zdev-live/parse-zdev-live.sh =================================================================== --- /dev/null -+++ s390-tools-2.29.0/zdev/dracut/96zdev-live/parse-zdev-live.sh ++++ s390-tools-2.30.0/zdev/dracut/96zdev-live/parse-zdev-live.sh @@ -0,0 +1,36 @@ +#!/bin/bash +# @@ -83,10 +83,10 @@ Index: s390-tools-2.29.0/zdev/dracut/96zdev-live/parse-zdev-live.sh + fi +done + -Index: s390-tools-2.29.0/zdev/dracut/96zdev-live/write-udev-live.sh +Index: s390-tools-2.30.0/zdev/dracut/96zdev-live/write-udev-live.sh =================================================================== --- /dev/null -+++ s390-tools-2.29.0/zdev/dracut/96zdev-live/write-udev-live.sh ++++ s390-tools-2.30.0/zdev/dracut/96zdev-live/write-udev-live.sh @@ -0,0 +1,11 @@ +#!/bin/sh +# @@ -99,10 +99,10 @@ Index: s390-tools-2.29.0/zdev/dracut/96zdev-live/write-udev-live.sh +if [ -w /sysroot/etc/udev/rules.d ]; then + cp -p /etc/udev/rules.d/41-* /sysroot/etc/udev/rules.d +fi -Index: s390-tools-2.29.0/zdev/dracut/Makefile +Index: s390-tools-2.30.0/zdev/dracut/Makefile =================================================================== ---- s390-tools-2.29.0.orig/zdev/dracut/Makefile -+++ s390-tools-2.29.0/zdev/dracut/Makefile +--- s390-tools-2.30.0.orig/zdev/dracut/Makefile ++++ s390-tools-2.30.0/zdev/dracut/Makefile @@ -3,17 +3,23 @@ include ../../common.mak ZDEVDIR := 95zdev @@ -137,5 +137,5 @@ Index: s390-tools-2.29.0/zdev/dracut/Makefile + $(INSTALL) -m 755 $(ZDEVLIVEDIR)/module-setup.sh \ + $(ZDEVLIVEDIR)/parse-zdev-live.sh \ + $(ZDEVLIVEDIR)/write-udev-live.sh \ -+ $(DESTDIR)$(DRACUTMODDIR)/$(ZDEVLIVEDIR)/ ++ $(DESTDIR)$(DRACUTMODDIR)/$(ZDEVLIVEDIR)/ endif diff --git a/s390-tools-sles12-create-filesystem-links.patch b/s390-tools-sles12-create-filesystem-links.patch index d2482d0..420bc92 100644 --- a/s390-tools-sles12-create-filesystem-links.patch +++ b/s390-tools-sles12-create-filesystem-links.patch @@ -1,7 +1,7 @@ -Index: s390-tools-2.29.0/etc/udev/rules.d/59-dasd.rules +Index: s390-tools-2.30.0/etc/udev/rules.d/59-dasd.rules =================================================================== ---- s390-tools-2.29.0.orig/etc/udev/rules.d/59-dasd.rules -+++ s390-tools-2.29.0/etc/udev/rules.d/59-dasd.rules +--- s390-tools-2.30.0.orig/etc/udev/rules.d/59-dasd.rules ++++ s390-tools-2.30.0/etc/udev/rules.d/59-dasd.rules @@ -15,7 +15,7 @@ KERNEL=="dasd*[!0-9]", ENV{ID_XUID}=="?* LABEL="dasd_block_end" diff --git a/s390-tools-sles12-fdasd-skip-partition-check-and-BLKRRPART-ioctl.patch b/s390-tools-sles12-fdasd-skip-partition-check-and-BLKRRPART-ioctl.patch index 1a47183..1b55c37 100644 --- a/s390-tools-sles12-fdasd-skip-partition-check-and-BLKRRPART-ioctl.patch +++ b/s390-tools-sles12-fdasd-skip-partition-check-and-BLKRRPART-ioctl.patch @@ -15,10 +15,10 @@ Signed-off-by: Hannes Reinecke fdasd/fdasd.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) -Index: s390-tools-2.29.0/fdasd/fdasd.c +Index: s390-tools-2.30.0/fdasd/fdasd.c =================================================================== ---- s390-tools-2.29.0.orig/fdasd/fdasd.c -+++ s390-tools-2.29.0/fdasd/fdasd.c +--- s390-tools-2.30.0.orig/fdasd/fdasd.c ++++ s390-tools-2.30.0/fdasd/fdasd.c @@ -1231,10 +1231,12 @@ static int fdasd_get_volser(fdasd_anchor */ static void fdasd_reread_partition_table(fdasd_anchor_t *anc) diff --git a/s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.suse b/s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.suse index 7e766e8..ca35bee 100644 --- a/s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.suse +++ b/s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.suse @@ -13,10 +13,10 @@ Signed-off-by: Robert Milasan etc/udev/rules.d/59-dasd.rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: s390-tools-2.29.0/etc/udev/rules.d/59-dasd.rules +Index: s390-tools-2.30.0/etc/udev/rules.d/59-dasd.rules =================================================================== ---- s390-tools-2.29.0.orig/etc/udev/rules.d/59-dasd.rules -+++ s390-tools-2.29.0/etc/udev/rules.d/59-dasd.rules +--- s390-tools-2.30.0.orig/etc/udev/rules.d/59-dasd.rules ++++ s390-tools-2.30.0/etc/udev/rules.d/59-dasd.rules @@ -6,7 +6,7 @@ SUBSYSTEM!="block", GOTO="dasd_symlinks_end" KERNEL!="dasd*", GOTO="dasd_symlinks_end" diff --git a/s390-tools-sles12-zipl_boot_msg.patch b/s390-tools-sles12-zipl_boot_msg.patch index ec70cf5..fc2ddfc 100644 --- a/s390-tools-sles12-zipl_boot_msg.patch +++ b/s390-tools-sles12-zipl_boot_msg.patch @@ -1,7 +1,7 @@ -Index: s390-tools-2.29.0/zipl/boot/menu.c +Index: s390-tools-2.30.0/zipl/boot/menu.c =================================================================== ---- s390-tools-2.29.0.orig/zipl/boot/menu.c -+++ s390-tools-2.29.0/zipl/boot/menu.c +--- s390-tools-2.30.0.orig/zipl/boot/menu.c ++++ s390-tools-2.30.0/zipl/boot/menu.c @@ -168,8 +168,11 @@ int menu(void) /* print config list */ menu_list(); diff --git a/s390-tools-sles15-sysconfig-compatible-dumpconf.patch b/s390-tools-sles15-sysconfig-compatible-dumpconf.patch index 1392e38..49cd4ab 100644 --- a/s390-tools-sles15-sysconfig-compatible-dumpconf.patch +++ b/s390-tools-sles15-sysconfig-compatible-dumpconf.patch @@ -1,7 +1,7 @@ -Index: s390-tools-2.29.0/etc/sysconfig/dumpconf +Index: s390-tools-2.30.0/etc/sysconfig/dumpconf =================================================================== ---- s390-tools-2.29.0.orig/etc/sysconfig/dumpconf -+++ s390-tools-2.29.0/etc/sysconfig/dumpconf +--- s390-tools-2.30.0.orig/etc/sysconfig/dumpconf ++++ s390-tools-2.30.0/etc/sysconfig/dumpconf @@ -1,71 +1,137 @@ +## Path: System/Dumpconf +## Description: Configures the actions which should be performed after a kernel panic diff --git a/s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch b/s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch index 0572a92..d8b4a57 100644 --- a/s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch +++ b/s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch @@ -35,10 +35,10 @@ Signed-off-by: Peter Oberparleiter zdev/src/zdev-root-update.dracut | 6 ------ 1 file changed, 6 deletions(-) -Index: s390-tools-2.29.0/zdev/src/zdev-root-update.dracut +Index: s390-tools-2.30.0/zdev/src/zdev-root-update.dracut =================================================================== ---- s390-tools-2.29.0.orig/zdev/src/zdev-root-update.dracut -+++ s390-tools-2.29.0/zdev/src/zdev-root-update.dracut +--- s390-tools-2.30.0.orig/zdev/src/zdev-root-update.dracut ++++ s390-tools-2.30.0/zdev/src/zdev-root-update.dracut @@ -20,10 +20,4 @@ dracut -f || { exit 1 } diff --git a/s390-tools-sles15sp3-Allow-multiple-device-arguments.patch b/s390-tools-sles15sp3-Allow-multiple-device-arguments.patch index 172bc89..9f8c579 100644 --- a/s390-tools-sles15sp3-Allow-multiple-device-arguments.patch +++ b/s390-tools-sles15sp3-Allow-multiple-device-arguments.patch @@ -11,10 +11,10 @@ Signed-off-by: Hannes Reinecke dasdfmt/dasdfmt.c | 175 ++++++++++++++++++++++++++++++------------------------ 2 files changed, 100 insertions(+), 80 deletions(-) -Index: s390-tools-2.29.0/dasdfmt/dasdfmt.8 +Index: s390-tools-2.30.0/dasdfmt/dasdfmt.8 =================================================================== ---- s390-tools-2.29.0.orig/dasdfmt/dasdfmt.8 -+++ s390-tools-2.29.0/dasdfmt/dasdfmt.8 +--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.8 ++++ s390-tools-2.30.0/dasdfmt/dasdfmt.8 @@ -11,14 +11,15 @@ dasdfmt \- formatting of DASD (ECKD) dis .br [-r \fIcylinder\fR] [-b \fIblksize\fR] [-l \fIvolser\fR] [-d \fIlayout\fR] @@ -25,18 +25,18 @@ Index: s390-tools-2.29.0/dasdfmt/dasdfmt.8 .SH DESCRIPTION -\fBdasdfmt\fR formats a DASD (ECKD) disk drive to prepare it +\fBdasdfmt\fR formats one or several DASD (ECKD) disk drive to prepare it - for usage with Linux for S/390. + for usage with Linux for S/390. The \fIdevice\fR is the node of the device (e.g. '/dev/dasda'). - Any device node created by udev for kernel 2.6 can be used + Any device node created by udev for kernel 2.6 can be used (e.g. '/dev/dasd/0.0.b100/disc'). +It is possible to specify up to 512 devices. .br - \fBWARNING\fR: Careless usage of \fBdasdfmt\fR can result in -Index: s390-tools-2.29.0/dasdfmt/dasdfmt.c + \fBWARNING\fR: Careless usage of \fBdasdfmt\fR can result in +Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c =================================================================== ---- s390-tools-2.29.0.orig/dasdfmt/dasdfmt.c -+++ s390-tools-2.29.0/dasdfmt/dasdfmt.c +--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.c ++++ s390-tools-2.30.0/dasdfmt/dasdfmt.c @@ -25,6 +25,8 @@ #include "dasdfmt.h" @@ -461,7 +461,7 @@ Index: s390-tools-2.29.0/dasdfmt/dasdfmt.c + for (i = 0; i < numdev; i++) + { + strncpy(g.dev_path, g.dev_path_array[i], strlen(g.dev_path_array[i])+1); -+ strncpy(g.dev_node, g.dev_node_array[i], strlen(g.dev_node_array[i])+1); ++ strncpy(g.dev_node, g.dev_node_array[i], strlen(g.dev_node_array[i])+1); + process_dasd(&vlabel, format_params); + } diff --git a/s390-tools-sles15sp3-Format-devices-in-parallel.patch b/s390-tools-sles15sp3-Format-devices-in-parallel.patch index 01ef6ff..ab53115 100644 --- a/s390-tools-sles15sp3-Format-devices-in-parallel.patch +++ b/s390-tools-sles15sp3-Format-devices-in-parallel.patch @@ -12,10 +12,10 @@ Signed-off-by: Hannes Reinecke dasdfmt/dasdfmt.h | 1 + 3 files changed, 58 insertions(+), 9 deletions(-) -Index: s390-tools-2.29.0/dasdfmt/dasdfmt.8 +Index: s390-tools-2.30.0/dasdfmt/dasdfmt.8 =================================================================== ---- s390-tools-2.29.0.orig/dasdfmt/dasdfmt.8 -+++ s390-tools-2.29.0/dasdfmt/dasdfmt.8 +--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.8 ++++ s390-tools-2.30.0/dasdfmt/dasdfmt.8 @@ -7,7 +7,7 @@ dasdfmt \- formatting of DASD (ECKD) disk drives. @@ -51,12 +51,12 @@ Index: s390-tools-2.29.0/dasdfmt/dasdfmt.8 + +.TP \fB-l\fR \fIvolser\fR or \fB--label\fR=\fIvolser\fR - Specify the volume serial number or volume identifier to be written - to disk after formatting. If no label is specified, a sensible default -Index: s390-tools-2.29.0/dasdfmt/dasdfmt.c + Specify the volume serial number or volume identifier to be written + to disk after formatting. If no label is specified, a sensible default +Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c =================================================================== ---- s390-tools-2.29.0.orig/dasdfmt/dasdfmt.c -+++ s390-tools-2.29.0/dasdfmt/dasdfmt.c +--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.c ++++ s390-tools-2.30.0/dasdfmt/dasdfmt.c @@ -13,6 +13,7 @@ #include #include @@ -142,7 +142,7 @@ Index: s390-tools-2.29.0/dasdfmt/dasdfmt.c - for (i = 0; i < numdev; i++) - { - strncpy(g.dev_path, g.dev_path_array[i], strlen(g.dev_path_array[i])+1); -- strncpy(g.dev_node, g.dev_node_array[i], strlen(g.dev_node_array[i])+1); +- strncpy(g.dev_node, g.dev_node_array[i], strlen(g.dev_node_array[i])+1); - process_dasd(&vlabel, format_params); + for (numproc = 0; numproc < numdev; numproc++) { + chpid = fork(); diff --git a/s390-tools-sles15sp3-Implement-Y-yast_mode.patch b/s390-tools-sles15sp3-Implement-Y-yast_mode.patch index 5e6473f..ac0d6c5 100644 --- a/s390-tools-sles15sp3-Implement-Y-yast_mode.patch +++ b/s390-tools-sles15sp3-Implement-Y-yast_mode.patch @@ -12,10 +12,10 @@ Signed-off-by: Hannes Reinecke dasdfmt/dasdfmt.h | 1 + 3 files changed, 27 insertions(+), 8 deletions(-) -Index: s390-tools-2.29.0/dasdfmt/dasdfmt.8 +Index: s390-tools-2.30.0/dasdfmt/dasdfmt.8 =================================================================== ---- s390-tools-2.29.0.orig/dasdfmt/dasdfmt.8 -+++ s390-tools-2.29.0/dasdfmt/dasdfmt.8 +--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.8 ++++ s390-tools-2.30.0/dasdfmt/dasdfmt.8 @@ -7,7 +7,7 @@ dasdfmt \- formatting of DASD (ECKD) disk drives. @@ -37,10 +37,10 @@ Index: s390-tools-2.29.0/dasdfmt/dasdfmt.8 \fB-M\fR \fImode\fR or \fB--mode\fR=\fImode\fR Specify the \fImode\fR to be used to format the device. Valid modes are: .RS -Index: s390-tools-2.29.0/dasdfmt/dasdfmt.c +Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c =================================================================== ---- s390-tools-2.29.0.orig/dasdfmt/dasdfmt.c -+++ s390-tools-2.29.0/dasdfmt/dasdfmt.c +--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.c ++++ s390-tools-2.30.0/dasdfmt/dasdfmt.c @@ -83,6 +83,7 @@ static struct dasdfmt_globals { int ese; int no_discard; diff --git a/s390-tools-sles15sp3-Implement-f-for-backwards-compability.patch b/s390-tools-sles15sp3-Implement-f-for-backwards-compability.patch index 602d9f0..ae8ced6 100644 --- a/s390-tools-sles15sp3-Implement-f-for-backwards-compability.patch +++ b/s390-tools-sles15sp3-Implement-f-for-backwards-compability.patch @@ -13,10 +13,10 @@ Signed-off-by: Hannes Reinecke dasdfmt/dasdfmt.c | 8 ++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) -Index: s390-tools-2.29.0/dasdfmt/dasdfmt.8 +Index: s390-tools-2.30.0/dasdfmt/dasdfmt.8 =================================================================== ---- s390-tools-2.29.0.orig/dasdfmt/dasdfmt.8 -+++ s390-tools-2.29.0/dasdfmt/dasdfmt.8 +--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.8 ++++ s390-tools-2.30.0/dasdfmt/dasdfmt.8 @@ -11,7 +11,7 @@ dasdfmt \- formatting of DASD (ECKD) dis .br [-r \fIcylinder\fR] [-b \fIblksize\fR] [-l \fIvolser\fR] [-d \fIlayout\fR] @@ -34,13 +34,13 @@ Index: s390-tools-2.29.0/dasdfmt/dasdfmt.8 +Specify device to format. For backwards compability only. + +.TP - \fB-y\fR + \fB-y\fR Start formatting without further user-confirmation. -Index: s390-tools-2.29.0/dasdfmt/dasdfmt.c +Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c =================================================================== ---- s390-tools-2.29.0.orig/dasdfmt/dasdfmt.c -+++ s390-tools-2.29.0/dasdfmt/dasdfmt.c +--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.c ++++ s390-tools-2.30.0/dasdfmt/dasdfmt.c @@ -113,6 +113,10 @@ static struct util_opt opt_vec[] = { .desc = "Format devices in parallel", .flags = UTIL_OPT_FLAG_NOLONG, diff --git a/s390-tools-sles15sp3-dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch b/s390-tools-sles15sp3-dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch index 2899e21..f66ffc1 100644 --- a/s390-tools-sles15sp3-dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch +++ b/s390-tools-sles15sp3-dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch @@ -19,10 +19,10 @@ Signed-off-by: Hannes Reinecke dasdfmt/dasdfmt.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) -Index: s390-tools-2.29.0/dasdfmt/dasdfmt.c +Index: s390-tools-2.30.0/dasdfmt/dasdfmt.c =================================================================== ---- s390-tools-2.29.0.orig/dasdfmt/dasdfmt.c -+++ s390-tools-2.29.0/dasdfmt/dasdfmt.c +--- s390-tools-2.30.0.orig/dasdfmt/dasdfmt.c ++++ s390-tools-2.30.0/dasdfmt/dasdfmt.c @@ -621,7 +621,7 @@ static void check_layout(unsigned int in */ static void check_disk(void) diff --git a/s390-tools-sles15sp5-remove-no-pie-link-arguments.patch b/s390-tools-sles15sp5-remove-no-pie-link-arguments.patch index 0c155d9..22cbbb8 100644 --- a/s390-tools-sles15sp5-remove-no-pie-link-arguments.patch +++ b/s390-tools-sles15sp5-remove-no-pie-link-arguments.patch @@ -1,7 +1,7 @@ -Index: s390-tools-2.29.0/common.mak +Index: s390-tools-2.30.0/common.mak =================================================================== ---- s390-tools-2.29.0.orig/common.mak -+++ s390-tools-2.29.0/common.mak +--- s390-tools-2.30.0.orig/common.mak ++++ s390-tools-2.30.0/common.mak @@ -338,8 +338,8 @@ export INSTALL CFLAGS CXXFLAGS \ LDFLAGS CPPFLAGS ALL_CFLAGS ALL_CXXFLAGS ALL_LDFLAGS ALL_CPPFLAGS diff --git a/s390-tools-sles15sp6-zkey-Support-EP11-AES-keys-with-prepended-header-to-.patch b/s390-tools-sles15sp6-zkey-Support-EP11-AES-keys-with-prepended-header-to-.patch deleted file mode 100644 index a36ac96..0000000 --- a/s390-tools-sles15sp6-zkey-Support-EP11-AES-keys-with-prepended-header-to-.patch +++ /dev/null @@ -1,691 +0,0 @@ ---- - zkey/ep11.c | 48 +++++++++++----- - zkey/keystore.c | 4 + - zkey/kmip/zkey-kmip.c | 74 +++++++++++++++++++++---- - zkey/kms.c | 9 ++- - zkey/pkey.c | 141 +++++++++++++++++++++++++++++++++++++++++++++++-- - zkey/pkey.h | 45 +++++++++++---- - zkey/zkey-cryptsetup.c | 15 ++++- - zkey/zkey.c | 8 ++ - 8 files changed, 294 insertions(+), 50 deletions(-) - ---- a/zkey/ep11.c -+++ b/zkey/ep11.c -@@ -365,8 +365,9 @@ int select_ep11_apqn_by_mkvp(struct ep11 - * @param[in] target the target handle to use for the re-encipher operation - * @param[in] card the card that corresponds to the target handle - * @param[in] domain the domain that corresponds to the target handle -- * @param[in/out] ep11key the EP11 key token to reencipher. The re-enciphered -- * secure key will be returned in this buffer. -+ * @param[in/out] ep11key_blob the EP11 key token to reencipher. The -+ * re-enciphered secure key will be returned in this -+ * buffer. - * @param[in] ep11key_size the size of the secure key - * @param[in] verbose if true, verbose messages are printed - * -@@ -374,21 +375,29 @@ int select_ep11_apqn_by_mkvp(struct ep11 - */ - static int ep11_adm_reencrypt(struct ep11_lib *ep11, target_t target, - unsigned int card, unsigned int domain, -- struct ep11keytoken *ep11key, -+ u8 *ep11key_blob, - unsigned int ep11key_size, bool verbose) - { -+ struct ep11kblob_header *hdr = (struct ep11kblob_header *)ep11key_blob; -+ struct ep11keytoken *ep11key; - CK_BYTE resp[MAX_BLOBSIZE]; - CK_BYTE req[MAX_BLOBSIZE]; -- char ep11_token_header[sizeof(ep11key->head)]; -+ char ep11_token_header[sizeof(ep11key->head)] = { 0 }; - struct XCPadmresp lrb; - struct XCPadmresp rb; -+ bool with_header; - size_t resp_len; - size_t blob_len; - long req_len; - CK_RV rv; - int rc; - -- blob_len = ep11key->head.length; -+ with_header = is_ep11_aes_key_with_header(ep11key_blob, ep11key_size); -+ ep11key = (struct ep11keytoken *)(with_header ? -+ ep11key_blob + sizeof(struct ep11kblob_header) : -+ ep11key_blob); -+ blob_len = with_header ? hdr->len - sizeof(struct ep11kblob_header) : -+ ep11key->head.len; - if (blob_len > ep11key_size) { - pr_verbose(verbose, "Blob length larger than secure key size"); - return -EINVAL; -@@ -397,9 +406,14 @@ static int ep11_adm_reencrypt(struct ep1 - rb.domain = domain; - lrb.domain = domain; - -- /* The token header is an overlay over the (all zero) session field */ -- memcpy(ep11_token_header, ep11key, sizeof(ep11_token_header)); -- memset(ep11key->session, 0, sizeof(ep11key->session)); -+ if (!with_header) { -+ /* -+ * The token header is an overlay over the (all zero) session -+ * field -+ */ -+ memcpy(ep11_token_header, ep11key, sizeof(ep11_token_header)); -+ memset(ep11key->session, 0, sizeof(ep11key->session)); -+ } - - resp_len = sizeof(resp); - req_len = ep11->dll_xcpa_cmdblock(req, sizeof(req), XCP_ADM_REENCRYPT, -@@ -446,7 +460,8 @@ static int ep11_adm_reencrypt(struct ep1 - } - - memcpy(ep11key, lrb.payload, blob_len); -- memcpy(ep11key, ep11_token_header, sizeof(ep11_token_header)); -+ if (!with_header) -+ memcpy(ep11key, ep11_token_header, sizeof(ep11_token_header)); - - return 0; - } -@@ -469,7 +484,6 @@ int reencipher_ep11_key(struct ep11_lib - unsigned int card, unsigned int domain, u8 *secure_key, - unsigned int secure_key_size, bool verbose) - { -- struct ep11keytoken *ep11key = (struct ep11keytoken *)secure_key; - CK_IBM_DOMAIN_INFO dinf; - CK_ULONG dinf_len = sizeof(dinf); - CK_RV rv; -@@ -493,17 +507,21 @@ int reencipher_ep11_key(struct ep11_lib - return -ENODEV; - } - -- rc = ep11_adm_reencrypt(ep11, target, card, domain, ep11key, -+ rc = ep11_adm_reencrypt(ep11, target, card, domain, secure_key, - secure_key_size, verbose); - if (rc != 0) - return rc; - - if (is_xts_key(secure_key, secure_key_size)) { -- secure_key += EP11_KEY_SIZE; -- secure_key_size -= EP11_KEY_SIZE; -- ep11key = (struct ep11keytoken *)secure_key; -+ if (is_ep11_aes_key_with_header(secure_key, secure_key_size)) { -+ secure_key += EP11_AES_KEY_SIZE; -+ secure_key_size -= EP11_AES_KEY_SIZE; -+ } else { -+ secure_key += EP11_KEY_SIZE; -+ secure_key_size -= EP11_KEY_SIZE; -+ } - -- rc = ep11_adm_reencrypt(ep11, target, card, domain, ep11key, -+ rc = ep11_adm_reencrypt(ep11, target, card, domain, secure_key, - secure_key_size, verbose); - if (rc != 0) - return rc; ---- a/zkey/keystore.c -+++ b/zkey/keystore.c -@@ -3398,7 +3398,9 @@ static int _keystore_perform_reencipher( - "CURRENT master key", name); - if (!selected && - !is_ep11_aes_key(secure_key, -- secure_key_size)) -+ secure_key_size) && -+ !is_ep11_aes_key_with_header(secure_key, -+ secure_key_size)) - print_msg_for_cca_envvars( - "secure AES key"); - } ---- a/zkey/kmip/zkey-kmip.c -+++ b/zkey/kmip/zkey-kmip.c -@@ -5278,9 +5278,11 @@ static int _ep11_unwrap_key_rsa(struct p - m_UnwrapKey_t dll_m_UnwrapKey; - const unsigned char *key_blob; - struct ep11keytoken *ep11key; -+ struct ep11kblob_header *hdr; - CK_MECHANISM mech = { 0 }; - CK_BYTE csum[7] = { 0 }; - CK_BBOOL ck_true = true; -+ int pkey_fd, rc; - CK_RV rv; - - CK_ATTRIBUTE template[] = { -@@ -5306,7 +5308,8 @@ static int _ep11_unwrap_key_rsa(struct p - pr_verbose(&ph->pd, "Wrap hashing algorithm: %d", - ph->profile->wrap_hashing_algo); - -- if (*unwrapped_key_len < sizeof(struct ep11keytoken)) { -+ if (*unwrapped_key_len < sizeof(struct ep11kblob_header) + -+ sizeof(struct ep11keytoken)) { - _set_error(ph, "Key buffer is too small"); - return -EINVAL; - } -@@ -5381,19 +5384,68 @@ static int _ep11_unwrap_key_rsa(struct p - 256 * 256 * csum[csum_len - 3] + - 256 * 256 * 256 * csum[csum_len - 4]; - -- /* Setup the EP11 token header */ -- ep11key = (struct ep11keytoken *)unwrapped_key; -- memset(&ep11key->session, 0, sizeof(ep11key->session)); -- ep11key->head.type = TOKEN_TYPE_NON_CCA; -- ep11key->head.length = *unwrapped_key_len; -- ep11key->head.version = TOKEN_VERSION_EP11_AES; -- ep11key->head.keybitlen = bit_len; -+ /* Prepend and setup the EP11 token header */ -+ hdr = (struct ep11kblob_header *)unwrapped_key; -+ ep11key = (struct ep11keytoken *) -+ (unwrapped_key + sizeof(struct ep11kblob_header)); -+ memmove(ep11key, unwrapped_key, *unwrapped_key_len); -+ *unwrapped_key_len += sizeof(struct ep11kblob_header); -+ memset(hdr, 0, sizeof(struct ep11kblob_header)); -+ hdr->type = TOKEN_TYPE_NON_CCA; -+ hdr->hver = 0; -+ hdr->len = *unwrapped_key_len; -+ hdr->version = TOKEN_VERSION_EP11_AES_WITH_HEADER; -+ hdr->bitlen = bit_len; - -- pr_verbose(&ph->pd, "unwrapped bit length: %u", -- ep11key->head.keybitlen); -+ pr_verbose(&ph->pd, "unwrapped bit length: %u", hdr->bitlen); - - /* return full length, blob is already zero padded */ -- *unwrapped_key_len = sizeof(struct ep11keytoken); -+ *unwrapped_key_len = -+ sizeof(struct ep11kblob_header) + sizeof(struct ep11keytoken); -+ -+ /* -+ * Check if the pkey module supports keys of type -+ * TOKEN_VERSION_EP11_AES_WITH_HEADER, older kernels may not support -+ * such keys. If it does not support such keys, convert the key to -+ * TOKEN_VERSION_EP11_AES type, if its session field is all zero -+ * (i.e. the key is not session bound). -+ */ -+ pkey_fd = open_pkey_device(ph->pd.verbose); -+ if (pkey_fd < 0) { -+ _set_error(ph, "Failed to open pkey device"); -+ return -EIO; -+ } -+ -+ rc = validate_secure_key(pkey_fd, unwrapped_key, *unwrapped_key_len, -+ NULL, NULL, NULL, ph->pd.verbose); -+ close(pkey_fd); -+ if (rc == -EINVAL || rc == -ENODEV) { -+ pr_verbose(&ph->pd, "The pkey kernel module does not support " -+ "PKEY_TYPE_EP11_AES, fall back to PKEY_TYPE_EP11"); -+ -+ if (is_ep11_key_session_bound(unwrapped_key, -+ *unwrapped_key_len)) { -+ _set_error(ph, "The unwrapped key is session bound. " -+ "Kernel support is required for such keys"); -+ return -EIO; -+ } -+ -+ key_blob_len = hdr->len; -+ *unwrapped_key_len -= sizeof(struct ep11kblob_header); -+ memmove(unwrapped_key, -+ unwrapped_key + sizeof(struct ep11kblob_header), -+ *unwrapped_key_len); -+ ep11key = (struct ep11keytoken *)unwrapped_key; -+ memset(&ep11key->session, 0, sizeof(ep11key->session)); -+ ep11key->head.type = TOKEN_TYPE_NON_CCA; -+ ep11key->head.len = key_blob_len - -+ sizeof(struct ep11kblob_header); -+ ep11key->head.version = TOKEN_VERSION_EP11_AES; -+ ep11key->head.bitlen = bit_len; -+ } else if (rc != 0) { -+ _set_error(ph, "Failed to validate unwrapped key"); -+ return rc; -+ } - - return 0; - } ---- a/zkey/kms.c -+++ b/zkey/kms.c -@@ -2175,7 +2175,7 @@ int generate_kms_key(struct kms_info *km - else if (strcasecmp(key_type, KEY_TYPE_CCA_AESCIPHER) == 0) - key_size = AESCIPHER_KEY_SIZE; - else if (strcasecmp(key_type, KEY_TYPE_EP11_AES) == 0) -- key_size = EP11_KEY_SIZE; -+ key_size = EP11_AES_KEY_SIZE; - else - return -ENOTSUP; - -@@ -2248,6 +2248,9 @@ int generate_kms_key(struct kms_info *km - if (verbose) - util_hexdump_grp(stderr, NULL, key_blob, 4, key_blob_size, 0); - -+ if (is_ep11_aes_key(key_blob, key_blob_size)) -+ key_size = EP11_KEY_SIZE; -+ - /* Save ID and label of 1st key */ - rc = properties_set(key_props, xts ? PROP_NAME_KMS_XTS_KEY1_ID : - PROP_NAME_KMS_KEY_ID, key1_id); -@@ -3132,6 +3135,8 @@ int import_kms_key(struct kms_info *kms_ - key_size = AESCIPHER_KEY_SIZE; - else if (is_ep11_aes_key(key_blob, key_blob_size)) - key_size = EP11_KEY_SIZE; -+ else if (is_ep11_aes_key_with_header(key_blob, key_blob_size)) -+ key_size = EP11_AES_KEY_SIZE; - - if (key_size == 0 || key_blob_size > key_size) { - pr_verbose(verbose, "Key '%s' has an unknown or unsupported " -@@ -3366,6 +3371,8 @@ int refresh_kms_key(struct kms_info *kms - key_size = AESCIPHER_KEY_SIZE; - else if (is_ep11_aes_key(key_blob, key_blob_size)) - key_size = EP11_KEY_SIZE; -+ else if (is_ep11_aes_key_with_header(key_blob, key_blob_size)) -+ key_size = EP11_AES_KEY_SIZE; - - if (key_size == 0 || key_blob_size > key_size) { - pr_verbose(verbose, "Key '%s' has an unknown or unsupported " ---- a/zkey/pkey.c -+++ b/zkey/pkey.c -@@ -858,7 +858,7 @@ static enum pkey_key_type key_type_to_pk - if (strcasecmp(key_type, KEY_TYPE_CCA_AESCIPHER) == 0) - return PKEY_TYPE_CCA_CIPHER; - if (strcasecmp(key_type, KEY_TYPE_EP11_AES) == 0) -- return PKEY_TYPE_EP11; -+ return PKEY_TYPE_EP11_AES; - - return 0; - } -@@ -879,6 +879,8 @@ static size_t key_size_for_type(enum pke - return AESCIPHER_KEY_SIZE; - case PKEY_TYPE_EP11: - return EP11_KEY_SIZE; -+ case PKEY_TYPE_EP11_AES: -+ return EP11_AES_KEY_SIZE; - default: - return 0; - } -@@ -924,6 +926,7 @@ int generate_secure_key_random(int pkey_ - return -ENOTSUP; - } - -+retry: - genseck2.size = keybits_to_keysize(keybits); - if (genseck2.size == 0) { - warnx("Invalid value for '--keybits'/'-c': '%lu'", keybits); -@@ -957,10 +960,33 @@ int generate_secure_key_random(int pkey_ - genseck2.keylen = size; - - rc = pkey_genseck2(pkey_fd, &genseck2, verbose); -+ if (rc == -EINVAL && genseck2.type == PKEY_TYPE_EP11_AES) { -+ /* -+ * Older kernels may not support gensek2 with key type -+ * PKEY_TYPE_EP11_AES, retry with PKEY_TYPE_EP11. -+ */ -+ pr_verbose(verbose, -+ "ioctl PKEY_GENSECK2 does not support " -+ "PKEY_TYPE_EP11_AES, fall back to PKEY_TYPE_EP11"); -+ -+ genseck2.type = PKEY_TYPE_EP11; -+ free(genseck2.apqns); -+ genseck2.apqns = NULL; -+ genseck2.apqn_entries = 0; -+ free(secure_key); -+ goto retry; -+ } - if (rc != 0) { - warnx("Failed to generate a secure key: %s", strerror(-rc)); - goto out; - } -+ if (rc == 0 && genseck2.type == PKEY_TYPE_EP11) { -+ if (is_ep11_key_session_bound(secure_key, size)) { -+ warnx("The generated key is session bound. Kernel " -+ "support is required for such keys"); -+ goto out; -+ } -+ } - - if (xts) { - free(genseck2.apqns); -@@ -1062,6 +1088,7 @@ int generate_secure_key_clear(int pkey_f - return -ENOTSUP; - } - -+retry: - clr2seck2.size = keybits_to_keysize(HALF_KEYSIZE_FOR_XTS( - clear_key_size * 8, xts)); - if (clr2seck2.size == 0) { -@@ -1096,10 +1123,33 @@ int generate_secure_key_clear(int pkey_f - clr2seck2.keylen = size; - - rc = pkey_clr2seck2(pkey_fd, &clr2seck2, verbose); -+ if (rc == -EINVAL && clr2seck2.type == PKEY_TYPE_EP11_AES) { -+ /* -+ * Older kernels may not support clr2seck2 with key type -+ * PKEY_TYPE_EP11_AES, retry with PKEY_TYPE_EP11. -+ */ -+ pr_verbose(verbose, -+ "ioctl PKEY_CLR2SECK2 does not support " -+ "PKEY_TYPE_EP11_AES, fall back to PKEY_TYPE_EP11"); -+ -+ clr2seck2.type = PKEY_TYPE_EP11; -+ free(clr2seck2.apqns); -+ clr2seck2.apqns = NULL; -+ clr2seck2.apqn_entries = 0; -+ free(secure_key); -+ goto retry; -+ } - if (rc != 0) { - warnx("Failed to generate a secure key: %s", strerror(-rc)); - goto out; - } -+ if (rc == 0 && clr2seck2.type == PKEY_TYPE_EP11) { -+ if (is_ep11_key_session_bound(secure_key, size)) { -+ warnx("The generated key is session bound. Kernel " -+ "support is required for such keys"); -+ goto out; -+ } -+ } - - if (xts) { - free(clr2seck2.apqns); -@@ -1486,6 +1536,8 @@ int get_master_key_verification_pattern( - struct aesdatakeytoken *datakey = (struct aesdatakeytoken *)key; - struct aescipherkeytoken *cipherkey = (struct aescipherkeytoken *)key; - struct ep11keytoken *ep11key = (struct ep11keytoken *)key; -+ struct ep11keytoken *ep11key2 = -+ (struct ep11keytoken *)(key + sizeof(struct ep11kblob_header)); - - util_assert(key != NULL, "Internal error: secure_key is NULL"); - util_assert(mkvp != NULL, "Internal error: mkvp is NULL"); -@@ -1497,6 +1549,8 @@ int get_master_key_verification_pattern( - memcpy(mkvp, &cipherkey->kvp, sizeof(cipherkey->kvp)); - else if (is_ep11_aes_key(key, key_size)) - memcpy(mkvp, &ep11key->wkvp, sizeof(ep11key->wkvp)); -+ else if (is_ep11_aes_key_with_header(key, key_size)) -+ memcpy(mkvp, &ep11key2->wkvp, sizeof(ep11key2->wkvp)); - else - return -EINVAL; - -@@ -1593,9 +1647,11 @@ bool is_ep11_aes_key(const u8 *key, size - - if (ep11key->head.type != TOKEN_TYPE_NON_CCA) - return false; -+ if (ep11key->head.hver != 0) -+ return false; - if (ep11key->head.version != TOKEN_VERSION_EP11_AES) - return false; -- if (ep11key->head.length > key_size) -+ if (ep11key->head.len > key_size) - return false; - - if (ep11key->version != 0x1234) -@@ -1605,6 +1661,65 @@ bool is_ep11_aes_key(const u8 *key, size - } - - /** -+ * Check if the specified key is a EP11 AES key token with external header. -+ * -+ * @param[in] key the secure key token -+ * @param[in] key_size the size of the secure key -+ * -+ * @returns true if the key is an EP11 AES token with external header type -+ */ -+bool is_ep11_aes_key_with_header(const u8 *key, size_t key_size) -+{ -+ struct ep11kblob_header *header = (struct ep11kblob_header *)key; -+ struct ep11keytoken *ep11key = -+ (struct ep11keytoken *)(key + sizeof(struct ep11kblob_header)); -+ -+ if (key == NULL || key_size < EP11_AES_KEY_SIZE) -+ return false; -+ -+ if (header->type != TOKEN_TYPE_NON_CCA) -+ return false; -+ if (header->hver != 0) -+ return false; -+ if (header->version != TOKEN_VERSION_EP11_AES_WITH_HEADER) -+ return false; -+ if (header->len > key_size) -+ return false; -+ -+ if (ep11key->version != 0x1234) -+ return false; -+ -+ return true; -+} -+ -+/** -+ * Check if the specified EP11 AES key is session bound. -+ * -+ * @param[in] key the secure key token -+ * @param[in] key_size the size of the secure key -+ * -+ * @returns true if the key is an EP11 AES token type -+ */ -+bool is_ep11_key_session_bound(const u8 *key, size_t key_size) -+{ -+ struct ep11keytoken *ep11key; -+ -+ if (is_ep11_aes_key(key, key_size)) { -+ ep11key = (struct ep11keytoken *)key; -+ return memcmp(ep11key->session + sizeof(ep11key->head), -+ ZERO_SESSION, sizeof(ep11key->session) - -+ sizeof(ep11key->head)) != 0; -+ } else if (is_ep11_aes_key_with_header(key, key_size)) { -+ ep11key = (struct ep11keytoken *) -+ (key + sizeof(struct ep11kblob_header)); -+ return memcmp(ep11key->session, ZERO_SESSION, -+ sizeof(ep11key->session)) != 0; -+ } else { -+ return false; -+ } -+} -+ -+/** - * Check if the specified key is an XTS type key - * - * @param[in] key the secure key token -@@ -1629,6 +1744,11 @@ bool is_xts_key(const u8 *key, size_t ke - is_ep11_aes_key(key + EP11_KEY_SIZE, - key_size - EP11_KEY_SIZE)) - return true; -+ } else if (is_ep11_aes_key_with_header(key, key_size)) { -+ if (key_size == 2 * EP11_AES_KEY_SIZE && -+ is_ep11_aes_key_with_header(key + EP11_AES_KEY_SIZE, -+ key_size - EP11_AES_KEY_SIZE)) -+ return true; - } - - return false; -@@ -1650,6 +1770,7 @@ int get_key_bit_size(const u8 *key, size - struct aesdatakeytoken *datakey = (struct aesdatakeytoken *)key; - struct aescipherkeytoken *cipherkey = (struct aescipherkeytoken *)key; - struct ep11keytoken *ep11key = (struct ep11keytoken *)key; -+ struct ep11kblob_header *hdr = (struct ep11kblob_header *)key; - - util_assert(bitsize != NULL, "Internal error: bitsize is NULL"); - -@@ -1672,10 +1793,17 @@ int get_key_bit_size(const u8 *key, size - *bitsize += cipherkey->pl - 384; - } - } else if (is_ep11_aes_key(key, key_size)) { -- *bitsize = ep11key->head.keybitlen; -+ *bitsize = ep11key->head.bitlen; - if (key_size == 2 * EP11_KEY_SIZE) { - ep11key = (struct ep11keytoken *)(key + EP11_KEY_SIZE); -- *bitsize += ep11key->head.keybitlen; -+ *bitsize += ep11key->head.bitlen; -+ } -+ } else if (is_ep11_aes_key_with_header(key, key_size)) { -+ *bitsize = hdr->bitlen; -+ if (key_size == 2 * EP11_AES_KEY_SIZE) { -+ hdr = (struct ep11kblob_header *) -+ (key + EP11_AES_KEY_SIZE); -+ *bitsize += hdr->bitlen; - } - } else { - return -EINVAL; -@@ -1700,6 +1828,8 @@ const char *get_key_type(const u8 *key, - return KEY_TYPE_CCA_AESCIPHER; - if (is_ep11_aes_key(key, key_size)) - return KEY_TYPE_EP11_AES; -+ if (is_ep11_aes_key_with_header(key, key_size)) -+ return KEY_TYPE_EP11_AES; - return NULL; - } - -@@ -2016,7 +2146,8 @@ int reencipher_secure_key(struct ext_lib - return rc; - } - -- if (is_ep11_aes_key(secure_key, secure_key_size)) { -+ if (is_ep11_aes_key(secure_key, secure_key_size) || -+ is_ep11_aes_key_with_header(secure_key, secure_key_size)) { - /* EP11 secure key: need the EP11 host library */ - if (lib->ep11->lib_ep11 == NULL) { - rc = load_ep11_library(lib->ep11, verbose); ---- a/zkey/pkey.h -+++ b/zkey/pkey.h -@@ -39,6 +39,8 @@ struct tokenheader { - #define TOKEN_VERSION_PROTECTED_KEY 0x01 - #define TOKEN_VERSION_CLEAR_KEY 0x02 - #define TOKEN_VERSION_EP11_AES 0x03 -+#define TOKEN_VERSION_EP11_AES_WITH_HEADER 0x06 -+#define TOKEN_VERSION_EP11_ECC_WITH_HEADER 0x07 - - struct aesdatakeytoken { - u8 type; /* TOKEN_TYPE_INTERNAL (0x01) for internal key token */ -@@ -89,17 +91,20 @@ struct aescipherkeytoken { - u8 varpart[80]; /* variable part */ - } __packed; - -+struct ep11kblob_header { -+ u8 type; /* always 0x00 */ -+ u8 hver; /* header version, currently needs to be 0x00 */ -+ u16 len; /* total length in bytes (including this header) */ -+ u8 version; /* PKEY_TYPE_EP11_AES or PKEY_TYPE_EP11_ECC */ -+ u8 res0; /* unused */ -+ u16 bitlen; /* clear key bit len, 0 for unknown */ -+ u8 res1[8]; /* unused */ -+} __packed; -+ - struct ep11keytoken { - union { - u8 session[32]; -- struct { -- u8 type; /* TOKEN_TYPE_NON_CCA (0x00) */ -- u8 res0; /* unused */ -- u16 length; /* length of token */ -- u8 version; /* TOKEN_VERSION_EP11_AES (0x03) */ -- u8 res1; /* unused */ -- u16 keybitlen; /* clear key bit len, 0 for unknown */ -- } head; -+ struct ep11kblob_header head; - }; - u8 wkvp[16]; /* wrapping key verification pattern */ - u64 attr; /* boolean key attributes */ -@@ -111,18 +116,29 @@ struct ep11keytoken { - u8 padding[64]; - } __packed; - -+#define ZERO_SESSION \ -+ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" -+ - #define AESDATA_KEY_SIZE sizeof(struct aesdatakeytoken) - #define AESCIPHER_KEY_SIZE sizeof(struct aescipherkeytoken) - #define EP11_KEY_SIZE sizeof(struct ep11keytoken) -+#define EP11_AES_KEY_SIZE (sizeof(struct ep11kblob_header) + \ -+ sizeof(struct ep11keytoken)) - - /* MAX/MIN from zt_common.h produces warnings for variable length arrays */ - #define _MIN(a, b) ((a) < (b) ? (a) : (b)) - #define _MAX(a, b) ((a) > (b) ? (a) : (b)) - --#define MAX_SECURE_KEY_SIZE _MAX(EP11_KEY_SIZE, \ -- _MAX(AESDATA_KEY_SIZE, AESCIPHER_KEY_SIZE)) --#define MIN_SECURE_KEY_SIZE _MIN(EP11_KEY_SIZE, \ -- _MIN(AESDATA_KEY_SIZE, AESCIPHER_KEY_SIZE)) -+#define MAX_SECURE_KEY_SIZE _MAX( \ -+ _MAX(EP11_KEY_SIZE, \ -+ EP11_AES_KEY_SIZE), \ -+ _MAX(AESDATA_KEY_SIZE, \ -+ AESCIPHER_KEY_SIZE)) -+#define MIN_SECURE_KEY_SIZE _MIN( \ -+ _MIN(EP11_KEY_SIZE, \ -+ EP11_AES_KEY_SIZE), \ -+ _MIN(AESDATA_KEY_SIZE, \ -+ AESCIPHER_KEY_SIZE)) - - struct pkey_seckey { - u8 seckey[AESDATA_KEY_SIZE]; /* the secure key blob */ -@@ -175,6 +191,9 @@ enum pkey_key_type { - PKEY_TYPE_CCA_DATA = (u32) 1, - PKEY_TYPE_CCA_CIPHER = (u32) 2, - PKEY_TYPE_EP11 = (u32) 3, -+ PKEY_TYPE_CCA_ECC = (u32) 0x1f, -+ PKEY_TYPE_EP11_AES = (u32) 6, -+ PKEY_TYPE_EP11_ECC = (u32) 7, - }; - - enum pkey_key_size { -@@ -321,6 +340,8 @@ int get_master_key_verification_pattern( - bool is_cca_aes_data_key(const u8 *key, size_t key_size); - bool is_cca_aes_cipher_key(const u8 *key, size_t key_size); - bool is_ep11_aes_key(const u8 *key, size_t key_size); -+bool is_ep11_aes_key_with_header(const u8 *key, size_t key_size); -+bool is_ep11_key_session_bound(const u8 *key, size_t key_size); - bool is_xts_key(const u8 *key, size_t key_size); - int get_key_bit_size(const u8 *key, size_t key_size, size_t *bitsize); - const char *get_key_type(const u8 *key, size_t key_size); ---- a/zkey/zkey-cryptsetup.c -+++ b/zkey/zkey-cryptsetup.c -@@ -1673,7 +1673,10 @@ static int reencipher_prepare(int token) - warnx("Failed to re-encipher the secure volume " - "key for device '%s'\n", g.pos_arg); - if (!selected && -- !is_ep11_aes_key((u8 *)key, securekeysize)) -+ !is_ep11_aes_key((u8 *)key, -+ securekeysize) && -+ !is_ep11_aes_key_with_header((u8 *)key, -+ securekeysize)) - print_msg_for_cca_envvars( - "secure AES volume key"); - rc = -EINVAL; -@@ -1696,7 +1699,10 @@ static int reencipher_prepare(int token) - warnx("Failed to re-encipher the secure volume " - "key for device '%s'\n", g.pos_arg); - if (!selected && -- !is_ep11_aes_key((u8 *)key, securekeysize)) -+ !is_ep11_aes_key((u8 *)key, -+ securekeysize) && -+ !is_ep11_aes_key_with_header((u8 *)key, -+ securekeysize)) - print_msg_for_cca_envvars( - "secure AES volume key"); - rc = -EINVAL; -@@ -1836,7 +1842,10 @@ static int reencipher_complete(int token - warnx("Failed to re-encipher the secure volume " - "key for device '%s'\n", g.pos_arg); - if (!selected && -- !is_ep11_aes_key((u8 *)key, securekeysize)) -+ !is_ep11_aes_key((u8 *)key, -+ securekeysize) && -+ !is_ep11_aes_key_with_header((u8 *)key, -+ securekeysize)) - print_msg_for_cca_envvars( - "secure AES volume key"); - rc = -EINVAL; ---- a/zkey/zkey.c -+++ b/zkey/zkey.c -@@ -1968,7 +1968,9 @@ static int command_reencipher_file(void) - "master key has failed\n"); - if (!selected && - !is_ep11_aes_key(secure_key, -- secure_key_size)) -+ secure_key_size) && -+ !is_ep11_aes_key_with_header(secure_key, -+ secure_key_size)) - print_msg_for_cca_envvars( - "secure AES key"); - } -@@ -1993,7 +1995,9 @@ static int command_reencipher_file(void) - "master key has failed\n"); - if (!selected && - !is_ep11_aes_key(secure_key, -- secure_key_size)) -+ secure_key_size) && -+ !is_ep11_aes_key_with_header(secure_key, -+ secure_key_size)) - print_msg_for_cca_envvars( - "secure AES key"); - } diff --git a/s390-tools.changes b/s390-tools.changes index 06d9e07..938f62a 100644 --- a/s390-tools.changes +++ b/s390-tools.changes @@ -1,5 +1,53 @@ ------------------------------------------------------------------- -Wed Nov 15 07:55:09 UTC 2023 - Nikolay Gueorguiev +Sun Dec 17 05:48:56 UTC 2023 - Nikolay Gueorguiev + +- Updated the .spec file to use gcc13 (bsc#1217838) +- Amended read_values for '-S' option (bsc#1217923) + +------------------------------------------------------------------- +Mon Dec 4 13:34:09 UTC 2023 - Nikolay Gueorguiev + +- Upgrade s390-tools to version 2.30 + (jsc#PED-5783, jsc#PED-6785, jsc#PED-7136, jsc#PED-6539, jsc#PED-4604, + jsc#PED-6649, jsc#PED-7138 ) +- Add new tools / libraries: + * lspai: Tool to display PAI counter sets + * s390-tools: Provide a ShellCheck configuration +- Changes of existing tools / libraries: + * cpumf/pai: Add command line option for realtime scheduling + * dbginfo.sh: enhance ethtool collection for ROCE + * libutil/util_lockfile: add routine to return owning pid of file lock + * lszcrypt: Improve lszcrypt output on SE guests + * rust: Use a single workspace for all rust tools + * zdev: limit the derivation of ZDEV_SITE_ID + * zdump/df_s390: Update 'zgetdump -i' output with zlib info + * zdump/dfi_s390: Support reading compressed s390_ext dumps + * zipl/boot: Integrate zlib compression to single volume DASD dumper + * zipl/boot: compile the bootloaders only if HOST_ARCH is s390x + * zipl: Add --no-compress option to zipl command + * zkey: Also check for deconfigured and check-stopped cards +- Bug Fixes: + * ap_tools/ap-check: handle get-attributes between pre and post event + * libutil: fix util_file_read_*() using wrong format specifiers + * rust/pv: fix Invalid write of size +- Amended the SUSE patches for version 2.30 +- Revendored vendor.tar.gz + +------------------------------------------------------------------- +Fri Nov 24 07:51:10 UTC 2023 - Nikolay Gueorguiev + +- Provide s390-tools on x86_64 to enable Secure Execution in the Cloud + (jsc#PED-578, jsc#PED-7136, and jsc#PED-7138) + * Selected tools from the s390-tools package need to be made available on x86_64. + This will enable the integration of IBM Z machines running Secure Execution in a + cloud environment where users don't necessarily need to have an s390x environment. + - genprotimg - (for building secure images) + - pvsecret - + - pvattest - (for external attestation) + - pvextract-hdr - + +------------------------------------------------------------------- +Wed Nov 15 07:31:45 UTC 2023 - Nikolay Gueorguiev - Fixed a logic error in read_values.c diff --git a/s390-tools.spec b/s390-tools.spec index f677d00..673a9bc 100644 --- a/s390-tools.spec +++ b/s390-tools.spec @@ -33,7 +33,7 @@ %endif Name: s390-tools -Version: 2.29.0 +Version: 2.30.0 Release: 0 Summary: S/390 tools like zipl and dasdfmt License: MIT @@ -152,17 +152,16 @@ Patch909: s390-tools-sles12-fdasd-skip-partition-check-and-BLKRRPART-ioctl Patch910: s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch Patch911: s390-tools-sles15sp5-remove-no-pie-link-arguments.patch Patch912: s390-tools-ALP-zdev-live.patch -Patch913: s390-tools-sles15sp6-zkey-Support-EP11-AES-keys-with-prepended-header-to-.patch ### BuildRequires: curl-devel BuildRequires: dracut BuildRequires: fuse3-devel -BuildRequires: gcc-c++ +BuildRequires: gcc13 +BuildRequires: gcc13-c++ BuildRequires: gettext-tools BuildRequires: glib2-devel BuildRequires: glibc-devel-static -BuildRequires: kernel-zfcpdump BuildRequires: libcryptsetup-devel > 2.0.3 BuildRequires: libjson-c-devel BuildRequires: libxml2-devel @@ -171,10 +170,14 @@ BuildRequires: ncurses-devel BuildRequires: net-snmp-devel BuildRequires: openssl-devel >= 1.1.1l BuildRequires: pesign-obs-integration -BuildRequires: qclib-devel-static BuildRequires: systemd-devel BuildRequires: tcpd-devel BuildRequires: zlib-devel-static +### x86_64 +%ifarch s390x +BuildRequires: kernel-zfcpdump +BuildRequires: qclib-devel-static +%endif ### Cargo BuildRequires: rust BuildRequires: cargo @@ -195,7 +198,7 @@ Requires(post): permissions Requires(pre): shadow Recommends: blktrace Provides: s390utils:/sbin/dasdfmt -ExclusiveArch: s390x +### ExclusiveArch: s390x x86_64 %description This package contains the tools needed to use Linux on IBM z Systems @@ -315,15 +318,16 @@ unavailable, the toolset checks for operational paths to the same volume. If available, it reconfigures the FCP re-IPL settings to use an operational path. +### *** s390x ************************************************************************* ### +%ifarch s390x + %prep %autosetup -p1 cp -vi %{SOURCE22} CAUTION -### install -D -m 0644 %{SOURCE200} .cargo/config -tar -xzvf %{SOURCE201} -### +tar -xzf %{SOURCE201} %build @@ -333,13 +337,17 @@ tar -xzvf %{SOURCE201} export OPT_FLAGS="%{optflags}" export KERNELIMAGE_MAKEFLAGS="%%{?_smp_mflags}" -%make_build \ + +%make_build -v \ ZFCPDUMP_DIR=%{_prefix}/lib/s390-tools/zfcpdump \ DISTRELEASE=%{release} \ UDEVRUNDIR=/run/udev \ HAVE_CARGO=1 \ - HAVE_DRACUT=1 -gcc -static -o read_values ${OPT_FLAGS} %{SOURCE86} -lqc + HAVE_DRACUT=1 \ + CC=gcc-13 \ + CXX=g++-13 +### all +gcc-13 -v -static -o read_values ${OPT_FLAGS} %{SOURCE86} -lqc %install mkdir -p %{buildroot}/boot/zipl @@ -350,7 +358,10 @@ mkdir -p %{buildroot}%{_sysconfdir}/zkey/repository SYSTEMDSYSTEMUNITDIR=%{_unitdir} \ UDEVRUNDIR=/run/udev \ HAVE_CARGO=1 \ - HAVE_DRACUT=1 + HAVE_DRACUT=1 \ + CC=gcc-13 \ + CXX=g++-13 +### all # The make install command puts things in /etc/sysconfig and not the # fillup-templates directory. Let's try moving them where they belong @@ -735,4 +746,44 @@ done %{_udevrulesdir}/70-chreipl-fcp-mpath.rules %{_mandir}/man7/chreipl-fcp-mpath.7%{?ext_man} +### _endif +### *** !s390x ************************************************************************* ### +### _ifarch x86_64 +%else + +%prep +%autosetup -p1 + +install -D -m 0644 %{SOURCE200} .cargo/config +tar -xzf %{SOURCE201} + +%build +export OPT_FLAGS="%{optflags}" +export KERNELIMAGE_MAKEFLAGS="%%{?_smp_mflags}" +%make_build \ + DISTRELEASE=%{release} \ + UDEVRUNDIR=/run/udev \ + HAVE_CARGO=1 \ + HAVE_DRACUT=1 + +%install +%make_install \ + DISTRELEASE=%{release} \ + SYSTEMDSYSTEMUNITDIR=%{_unitdir} \ + UDEVRUNDIR=/run/udev \ + HAVE_CARGO=1 \ + HAVE_DRACUT=1 + +%files +%{_prefix}/bin/* +%{_prefix}/share/s390-tools/* +%dir /usr/share/s390-tools +%{_mandir}/man1/* + +%files debuginfo +%dir %{_prefix}/lib/debug +%dir %{_prefix}/lib/debug/usr/bin + +%endif + %changelog diff --git a/vendor.tar.gz b/vendor.tar.gz index 253cde9..1739e52 100644 --- a/vendor.tar.gz +++ b/vendor.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6fba8bcb49456ba6ef765899deaeed187324a7bfc90a76b4b718bbb502cecee7 -size 37525174 +oid sha256:a2a48140a8f2bf37d79e054c24763831b488bebc6a7ff91abb50d1b87354cc02 +size 39766421