diff --git a/59-graf.rules b/59-graf.rules.opensuse similarity index 100% rename from 59-graf.rules rename to 59-graf.rules.opensuse diff --git a/59-graf.rules.suse b/59-graf.rules.suse new file mode 100644 index 0000000..c1e1fc7 --- /dev/null +++ b/59-graf.rules.suse @@ -0,0 +1,13 @@ +# +# Rules for unique 3270 device nodes created in /dev/3270/ +# This file should be installed in /usr/lib/udev/rules.d +# + +SUBSYSTEM!="ccw", GOTO="graf_end" +DRIVER!="3270", GOTO="graf_end" + +# Configure 3270 device +ACTION=="add", SUBSYSTEM=="ccw", PROGRAM="/sbin/chccwdev -e $kernel" +ACTION=="remove", SUBSYSTEM=="ccw", PROGRAM="/sbin/chccwdev -d $kernel" + +LABEL="graf_end" diff --git a/README.SUSE b/README.SUSE.opensuse similarity index 100% rename from README.SUSE rename to README.SUSE.opensuse diff --git a/README.SUSE.suse b/README.SUSE.suse new file mode 100644 index 0000000..1d98ca5 --- /dev/null +++ b/README.SUSE.suse @@ -0,0 +1,57 @@ + +ls - Addons by SUSE + + The following utility and its man page have been added to make it + easier to determine the machine type on which Linux is running. + + * cputype + Usage: cputype + + The following utilities and their man pages have been added by SUSE to + ease the activation and deactivation of devices. These scripts are also + used by YaST. Functionality not provided by these scripts cannot be + provided by YaST. + These scripts also create/delete the needed udev rules. + Detailed information on some parameters are in the + "Device Drivers, Features and Commands" for this release. + + General parameters + channel numbers are with lower letters + parameters switching things on or off are + 1 for on and 0 for off + + * ctc_configure + Usage: /sbin/ctc_configure [] + To configure CTC connections + Valid Parameters for the protocal are 0, 1 and 3 + For a detailed explanation please look in the Device Driver book + + * dasd_configure + Usage: dasd_configure + To set DASDs online/offline + The use_diag makes only sense under z/VM. In an + LPAR just set it to 0 + + * iucv_configure + Usage: /sbin/iucv_configure + To set an IUCV IP-network online/offline + + * qeth_configure + Usage: /sbin/qeth_configure [options] + Set qeth, hipersocket adapter online/offline. + options could be one of the following: + + -i Configure IP takeover + -l Configure Layer2 support + -p NAME QETH Portname to use + -n 1/0 QETH port number to use + + + * zfcp_disk_configure + Usage: /sbin/zfcp_disk_configure + set a disk online/offline. This require that the repective + Adapter is online. See command below. + + * zfcp_host_configure + Usage: /sbin/zfcp_host_configure + Set a zfcp Adapter online/offline diff --git a/dasd_configure b/dasd_configure.opensuse similarity index 100% rename from dasd_configure rename to dasd_configure.opensuse diff --git a/dasd_configure.suse b/dasd_configure.suse new file mode 100644 index 0000000..9603173 --- /dev/null +++ b/dasd_configure.suse @@ -0,0 +1,173 @@ +#! /bin/sh +# +# dasd_configure +# +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# +# Configures a DASD device by calling the IBM-provided chzdev command. +# Whereas this script used to validate the parameters provided to it, +# we now rely on chzdev to do that instead. The script is intended only +# as a "translation layer" to provide backward compatability for older +# scripts and tools that invoke it. +# +# Usage: +# dasd_configure [-f -t ] [use_diag] +# +# -f Override safety checks +# -t DASD type. Must be provided if -f is used. Only dasd-eckd and +# dasd-fba are supported - Deprecated +# ccwid = x.y.ssss where +# x is always 0 until IBM creates something that uses that number +# y is the logical channel subsystem (lcss) number. Most often +# this is 0, but it could be non-zero +# ssss is the four digit subchannel address of the device, in +# hexidecimal, with leading zeros. +# online = 0 to take the device offline +# 1 to bring the device online +# use_diag = 0 to _not_ use z/VM DIAG250 I/O, which is the default +# 1 to use z/VM DIAG250 I/O +# +# Return values: +# Return codes are determined by the chzdev command, with one exception: If a +# DASD volume is not formatted, we will issue a return code of 8. +# + +mesg () { + echo "$@" +} + +debug_mesg () { + case "${DEBUG}" in + yes) mesg "$@" ;; + *) ;; + esac +} + +add_cio_channel() { + echo "$* # ${DATE}" >> /boot/zipl/active_devices.txt +} + +remove_cio_channel() { + [ -w /boot/zipl/active_devices.txt ] && sed -i -e "/^${1}/d" /boot/zipl/active_devices.txt +} + +usage(){ + echo "Usage: ${0} [-f -t ] [use_diag]" + echo + echo " -f Override safety checks" + echo " -t DASD type. Must be provided if -f is used. Only dasd-eckd and" + echo " dasd-fba are supported - Deprecated" + echo " ccwid = x.y.ssss where" + echo " x is always 0 until IBM creates something that uses that number" + echo " y is the logical channel subsystem (lcss) number. Most often" + echo " this is 0, but it could be non-zero" + echo " ssss is the four digit subchannel address of the device, in" + echo " hexidecimal, with leading zeros." + echo " online = 0 to take the device offline" + echo " 1 to bring the device online" + echo " use_diag = 0 to _not_ use z/VM DIAG250 I/O, which is the default" + echo " 1 to use z/VM DIAG250 I/O" +} + +if [ "${DEBUG}" != "yes" ]; then + DEBUG="no" +fi + +DATE=$(date) + +DASD_FORCE=0 + +############################################################ +# Parse the parameters from the command line +# +ARGS=$(getopt --options ft: -n "dasd_configure" -- "$@") +if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi + +eval set -- "${ARGS}" +debug_mesg "All the parms passed were ${ARGS}" + +while true; do + case "${1}" in + -f) debug_mesg "This used to mean udev rules will always be generated." + debug_mesg "For chzdev, it means safety checks will be overridden." + debug_mesg "Kinda sorta the same thing, really." + PARM_LIST="${PARM_LIST} -f" + DASD_FORCE=1 + shift 1 + ;; + -t) debug_mesg "This used to set the card type to ${2}" + debug_mesg "Now it gets ignored." + shift 2 + ;; + --) debug_mesg "Found the end of parms indicator: --" + shift 1 + break + ;; + *) debug_mesg "At the catch-all select entry" + debug_mesg "What was selected was ${1}" + shift 1 + ;; + esac +done + +CCW_CHAN_ID=${1} +ON_OFF=${2} +USE_DIAG=${3} + +if [ -z "${CCW_CHAN_ID}" ] || [ -z "${ON_OFF}" ]; then + mesg "You didn't specify all the needed parameters." + usage + exit 1 +fi + +if [ -n "${USE_DIAG}" ]; then + PARM_LIST="${PARM_LIST} use_diag=${USE_DIAG}" +else PARM_LIST="${PARM_LIST} use_diag=0" +fi + +if [ "${ON_OFF}" == 0 ]; then + debug_mesg "chzdev -d dasd --no-root-update ${CCW_CHAN_ID}" + chzdev -d dasd --no-root-update ${CCW_CHAN_ID} +elif [ "${ON_OFF}" == 1 ]; then + debug_mesg "chzdev -e dasd --no-root-update ${CCW_CHAN_ID} ${PARM_LIST}" + chzdev -e dasd --no-root-update ${CCW_CHAN_ID} ${PARM_LIST} +else mesg "You must specify a 0 or a 1 for the online/offline attribute." + usage + exit 1 +fi + +RC=${?} +if [ ${RC} -ne 0 ]; then + exit ${RC} +elif [ ${ON_OFF} == 1 ]; then + exitcode=0 + # Extract the full busid so that we can reference the proper entries in /sys + BUSID=$(/sbin/lszdev dasd ${CCW_CHAN_ID} | /usr/bin/sed -e 1d | /usr/bin/tr -s " " | /usr/bin/cut -f2 -d" " ) + # Make sure the DASD volume came online + for ((counter=0; counter<30; counter++)); do + sleep 0.1 + read online < /sys/bus/ccw/devices/${BUSID}/online + if [ ${online} -eq 1 ] ; then + break + fi + done + + if [ ${online} -ne 1 ]; then + debug_mesg "DASD ${CCW_CHAN_ID} did not come online." + exit 17 + fi + + # Check to see if the DASD volume is unformatted. If so, let YaST know. + read status < /sys/bus/ccw/devices/${BUSID}/status + if [ "${status}" == "unformatted" ]; then + mesg "DASD ${CCW_CHAN_ID} is unformatted." + exitcode=8 + fi +fi + +if [ ${ON_OFF} == 1 ]; then + add_cio_channel "${CCW_CHAN_ID}" +else remove_cio_channel "${CCW_CHAN_ID}" +fi + +exit ${exitcode} diff --git a/dasd_reload b/dasd_reload.opensuse similarity index 100% rename from dasd_reload rename to dasd_reload.opensuse diff --git a/dasd_reload.suse b/dasd_reload.suse new file mode 100644 index 0000000..33abc04 --- /dev/null +++ b/dasd_reload.suse @@ -0,0 +1,156 @@ +#!/bin/sh +# +# dasd_reload +# $Id: dasd_reload,v 1.2 2004/05/26 15:17:09 hare Exp $ +# +# Deconfigures all active DASDs, unloads the modules +# and activates the configured DASDs again. +# Needed to establish an identical device mapping +# in the installation system and in the running system. +# All DASD access need to be cancelled prior to running +# this script. +# +# Usage: +# dasd_reload +# +# Return values: +# 1 Cannot read /proc/modules +# 2 Missing module programs +# 3 /sys not mounted +# 4 Failure on deactivate DASDs +# + +if [ ! -r /proc/modules ]; then + echo "Cannot read /proc/modules" + exit 1 +fi + +if [ ! -x /sbin/rmmod -o ! -x /sbin/modprobe ]; then + echo "Missing module programs" + exit 2 +fi + +if [ ! -d /sys/bus ]; then + echo "sysfs not mounted" + exit 3 +fi + +let anymd=0 +if [ -f /proc/mdstat ]; then + for mddevice in $(grep active /proc/mdstat | cut -f1 -d:); do + mdadm -S /dev/${mddevice} + let anymd=1 + done + udevadm settle +fi + +# +# Setting HyperPAV alias devices offline +# +dasd_alias= +let EXITRC=0 +for dev in /sys/bus/ccw/devices/*; do + if [ -f ${dev}/use_diag ]; then + read _online < ${dev}/online + read _alias < ${dev}/alias + if [ "$_online" -eq 1 -a "$_alias" -eq 1 ]; then + echo "setting DASD HyperPAV alias $(basename ${dev}) offline" + echo "0" > ${dev}/online + read _online < ${dev}/online + dasd_alias="${dasd_alias} $(basename ${dev})" + if [ "$_online" -eq 1 ]; then + echo "failure on setting DASD HyperPAV alias $(basename ${dev}) offline !" + let EXITRC=4 + fi + fi + fi +done + +# +# Setting "normal" DASD and HyperPAV base devices offline +# +dasd_base= +for dev in /sys/bus/ccw/devices/*; do + if [ -f ${dev}/use_diag ]; then + read _online < ${dev}/online + read _alias < ${dev}/alias + if [ "$_online" -eq 1 -a "$_alias" -eq 0 ]; then + echo "setting DASD $(basename ${dev}) offline" + echo "0" > ${dev}/online + read _online < ${dev}/online + dasd_base="${dasd_base} $(basename ${dev})" + if [ "$_online" -eq 1 ]; then + echo "failure on setting DASD $(basename ${dev}) offline !" + let EXITRC=4 + fi + fi + fi +done + +udevadm settle + +module_list= +module_test_list="dasd_diag_mod dasd_eckd_mod dasd_fba_mod dasd_mod" +for module in ${module_test_list}; do + if grep -q "${module}" /proc/modules; then + module_list="${module} ${module_list}" + : Unloading ${module} + /sbin/rmmod ${module} + fi +done + +udevadm settle +sleep 2 + +if [ -d /etc/udev/rules.d ]; then + cd /etc/udev/rules.d +# +# Re-activating "normal" DASD and HyperPAV base devices +# +# We need to move all the DASD udev rules out from /etc/udev/rules.d +# because if we don't, then when the first DASD volume gets brought +# back online, they are all brought back online, in a non-deterministic +# order, not the numeric order we expect. +# + mv -i 41-dasd-*.rules 51-dasd-*.rules /tmp + cd /tmp + for dasd in ${dasd_base}; do + for file in 41-dasd-*-${dasd}.rules 51-dasd-${dasd}.rules; do + [ -f "${file}" ] || continue +# +# Special handling is needed for old udev rules that start with 51- +# since the chzdev command won't look for that name +# + prefix="$(echo ${file} | cut -f1 -d-)" + if [ "${prefix}" == "51" ]; then + if [ -h /sys/bus/ccw/drivers/dasd-eckd/${dasd} ]; then + mv -i ${file} 41-dasd-eckd-${dasd}.rules + elif [ -h /sys/bus/ccw/drivers/dasd-fba/${dasd} ]; then + mv -i ${file} 41-dasd-fba-${dasd}.rules + else echo "DASD volume ${dasd} is neither an ECKD or FBA device." + let EXITRC=4 + fi + fi + echo Activating ${dasd} + mv -i "${file}" /etc/udev/rules.d/ + /sbin/chzdev dasd --apply --configured -q --no-root-update ${dasd} + lsdasd + break + done + done + +# +# Re-activating HyperPAV alias devices +# + for dasd in ${dasd_alias}; do + for file in 41-dasd-*-${dasd}.rules 51-dasd-${dasd}.rules; do + [ -f "${file}" ] || continue + echo Activating ${dasd} + mv -i "${file}" /etc/udev/rules.d/ + /sbin/chzdev dasd --apply --configured -q --no-root-update ${dasd} + break + done + done +fi + +exit ${EXITRC} diff --git a/detach_disks.sh b/detach_disks.sh.opensuse similarity index 100% rename from detach_disks.sh rename to detach_disks.sh.opensuse diff --git a/detach_disks.sh.suse b/detach_disks.sh.suse new file mode 100644 index 0000000..c514208 --- /dev/null +++ b/detach_disks.sh.suse @@ -0,0 +1,157 @@ +#!/bin/sh + +DASDFILE=/tmp/dasd.list.$(mcookie) +DETFILE=/tmp/detach.disks.$(mcookie) +KEEPFILE=/tmp/keep.disks.$(mcookie) +NICFILE=/tmp/nic.list.$(mcookie) +FAILFILE=/tmp/error.$(mcookie) + +function expand_RANGE(){ +local RANGE=${1} +local RANGE_SAVE=${RANGE} +local DEVNO +local BEGIN=0 +local END=0 + +RANGE=$(IFS=":-"; echo ${RANGE} | cut -f1-2 -d" " ) +set -- ${RANGE} +let BEGIN=0x$1 2>/dev/null +let END=0x$2 2>/dev/null + +if [ ${BEGIN} -eq 0 ] || [ ${END} -eq 0 ]; then + ${msg} "An invalid device number range was specified: ${RANGE_SAVE}" >&2 + touch ${FAILFILE} + return +fi + +for DEVNO in $(eval echo {${BEGIN}..${END}}) + do printf "%d\n" ${DEVNO} + done +} + +function usage(){ + echo "Usage: ${0} [ -F ] [ -q ] [ -h ]" + echo " -F Exit with failure if any invalid parms are detected." + echo " -q Don't generate any output." + echo " -h Display this help message." +} + +msg="echo" +let FORCE_FAIL=0 + +############################################################ +# Parse the parameters from the command line +# +ARGS=$(getopt -a --options Fhq -n "detach_devices" -- "$@") +if [ $? -ne 0 ]; then + usage + exit 3 +fi + +eval set -- "${ARGS}" +for ARG; do + case "${ARG}" in + -F) let FORCE_FAIL=1 + shift 1 + ;; + -h) usage; + exit 0 + ;; + -q) msg="/bin/true" + shift 1 + ;; + --) shift 1 + ;; + *) ${msg} "Extraneous input detected: ${1}" + shift 1 + ;; + esac +done + +if [ -r /etc/sysconfig/virtsetup ]; then + . /etc/sysconfig/virtsetup +else ${msg} "No /etc/sysconfig/virtsetup file was found." + exit 1 +fi + +# First, get a list of all the DASD devices we have for this guest, in decimal. +# (Trying to handle things in hex gets complicated.) +/sbin/vmcp -b1048576 q v dasd | cut -f2 -d" " |\ + while read HEXNO + do let DECNO=0x${HEXNO} + echo ${DECNO} + done > ${DASDFILE} 2>/dev/null + +# If the system administrator specified certain devices to be detached +# let's put those device numbers in a file, one per line. +touch ${DETFILE} +for ADDR in $(IFS=", " ; echo ${ZVM_DISKS_TO_DETACH}) + do if $(echo ${ADDR} | grep -iqE ":|-" 2>/dev/null) + then expand_RANGE ${ADDR} >> ${DETFILE} + else let DEVNO=0 + let DEVNO=0x${ADDR} 2>/dev/null + if [ ${DEVNO} -eq 0 ]; then + ${msg} "An invalid device number was specified: ${ADDR}" >&2 + touch ${FAILFILE} + else printf "%d\n" ${DEVNO} + fi + fi + done > ${DETFILE} + +# If the system administrator specified certain devices that should _not_ +# be detached, let's put those in another file, one per line. +touch ${KEEPFILE} +for ADDR in $(IFS=", " ; echo ${ZVM_DISKS_TO_NOT_DETACH}) + do if $(echo ${ADDR} | grep -iqE ":|-" 2>/dev/null) + then expand_RANGE ${ADDR} >> ${KEEPFILE} + else let DEVNO=0 + let DEVNO=0x${ADDR} 2>/dev/null + if [ ${DEVNO} -eq 0 ]; then + ${msg} "An invalid device number was specified: ${ADDR}" >&2 + touch ${FAILFILE} + else printf "%d\n" ${DEVNO} + fi + fi + done > ${KEEPFILE} + +if [ ${FORCE_FAIL} -eq 1 ] && [ -e ${FAILFILE} ]; then + let RETURN_CODE=1 + ${msg} "Terminating detach_disk because of input errors." +else +# If the system administrator specified that all "unused" disks should be +# detached, compare the disks lsdasd show as activated to the complete +# list of disks we have currently, and add the inactive ones to the +# file containing devices to be detached + if [ "${ZVM_DETACH_ALL_UNUSED}" == "yes" ]; then + lsdasd -s | sed -e 1,2d | cut -f1 -d" " | \ + while read ADDR + do let DEVNO=0x${ADDR} + sed -i -e "/^${DEVNO}$/d" ${DASDFILE} + done + cat ${DASDFILE} >> ${DETFILE} + fi + +# Now remove any "to be kept" disks from the detach file + while read DEVNO + do sed -i -e "/^${DEVNO}/d" ${DETFILE} + done < ${KEEPFILE} + +# Get a list of all the virtual NICs since they require an +# extra keyword to detach. Contrary to what we've done before +# these will be hex values + /sbin/vmcp -b1048576 q nic | grep Adapter | cut -f2 -d" " | cut -f1 -d. > ${NICFILE} + +# Now we sort the device numbers and detach them. + sort -un ${DETFILE} | \ + while read DEVNO + do HEXNO=$(printf %04X ${DEVNO}) + if grep -q ^${HEXNO}$ ${NICFILE} 2>/dev/null ; then + vmcp detach nic ${HEXNO} 2>/dev/null + else vmcp detach ${HEXNO} 2>/dev/null + fi + done + let RETURN_CODE=0 +fi + +rm -f ${DASDFILE} ${DETFILE} ${KEEPFILE} ${NICFILE} ${FAILFILE} +exit ${RETURN_CODE} diff --git a/iucv_configure b/iucv_configure.opensuse similarity index 100% rename from iucv_configure rename to iucv_configure.opensuse diff --git a/iucv_configure.suse b/iucv_configure.suse new file mode 100644 index 0000000..416389d --- /dev/null +++ b/iucv_configure.suse @@ -0,0 +1,133 @@ +#! /bin/sh +# +# iucv_configure +# +# Configures a z/VM IUCV network adapter +# +# Usage: +# iucv_configure +# +# peer_userid = z/VM userid of the IUCV peer +# online = 0 to take the device offline +# 1 to bring the device online +# +# Return values: +# 1 sysfs not mounted +# 2 Invalid status for +# 3 Could not create iucv device +# 4 Could not remove iucv device +# + +if [ "${DEBUG}" != "yes" ]; then + DEBUG="no" +fi + +mesg () { + echo "$@" +} + +debug_mesg () { + case "$DEBUG" in + yes) mesg "$@" ;; + *) ;; + esac +} + +if [ $# -ne 2 ] ; then + echo "Usage: $0 " + echo " peer_userid = z/VM userid of the IUCV peer" + echo " online = 0 to take the device offline" + echo " 1 to bring the device online" + exit 1 +fi + +# Get the mount point for sysfs +while read MNTPT MNTDIR MNTSYS MNTTYPE; do + if test "$MNTSYS" = "sysfs"; then + SYSFS="$MNTDIR" + break; + fi +done $_iucv_drv/connection + if [ $? -ne 0 ] ; then + mesg "Unable to connect to $PEER_USERID" + exit 3 + fi + for _iucv_dev in $_iucv_dir/netiucv?* ; do + [ -d $_iucv_dev ] || continue + read user < $_iucv_dev/user + if [ "$user" = "$PEER_USERID" ] ; then + iucvdev=${_iucv_dev##*/} + break; + fi + done + if [ "$iucvdev" ] ; then + debug_mesg "Configured device $iucvdev" + fi +elif [ "$iucvdev" -a $ONLINE -eq 0 ] ; then + for _net_dev in $_iucv_dir/$iucvdev/net/* ; do + [ -d $_net_dev ] || continue + netdev=${_net_dev##*/} + break; + done + if [ "$netdev" ] ; then + echo $netdev > $_iucv_drv/remove + if [ $? -ne 0 ] ; then + mesg "Unable to remove device $netdev" + exit 4 + else + debug_mesg "Removed device $iucvdev" + rm -f /etc/udev/rules.d/51-iucv-$PEER_USERID.rules /etc/udev/rules.d/51-iucv-$PEER_USERID_LOWER.rules + iucvdev= + fi + fi + +fi + +if [ "$iucvdev" ] ; then + cat > /etc/udev/rules.d/51-iucv-$PEER_USERID.rules < /dev/null + if [ $? -eq 0 ]; then + echo "That device is in the cio_ignore list." + echo "Please remove it with \"cio_ignore -r ${BUSID}\" before trying again." + fi + exit 10 +fi + +case ${DEVNO:0:3} in + 019) if grep -q "version = FF" /proc/cpuinfo 2>/dev/null; then + echo "That looks like a CMS disk." + if [ ${FORCE} -eq 0 ]; then + echo "Specify the -f option to force the operation." + exit 11 + fi + echo "But you specified -f so we'll kill it anyway." + fi + ;; +esac + +read ORIG_ONLINE_STATUS < /sys/bus/ccw/devices/${BUSID}/online + +DISCIPLINE="none" +if [ -r /sys/bus/ccw/devices/${BUSID}/discipline ]; then + # We have to bring the device online before the kernel will fill in + # the value for discipline. + if [ ${ORIG_ONLINE_STATUS} -eq 0 ]; then + /sbin/chccwdev -e ${BUSID} + /sbin/udevadm settle + fi + + read STATUS < /sys/bus/ccw/devices/${BUSID}/status + if [ "${STATUS}" == "unformatted" ]; then + echo "DASD device ${BUSID} is already in an unformatted state." + if [ ${ORIG_ONLINE_STATUS} -eq 0 ]; then + /sbin/chccwdev -d -s ${BUSID} + /sbin/udevadm settle + fi + exit 0 + fi + + read DISCIPLINE < /sys/bus/ccw/devices/${BUSID}/discipline +else read CU_TYPE < /sys/bus/ccw/devices/${BUSID}/cutype + read DEV_TYPE < /sys/bus/ccw/devices/${BUSID}/devtype + case "${CU_TYPE}" in + 3990/*|2105/*|2107/*|1750/*|9343/*) + DISCIPLINE=ECKD + ;; + 3880/*) + case "${DEV_TYPE}" in + 3390/*) + DISCIPLINE=ECKD + ;; + esac + ;; + esac +fi + +if [ "${DISCIPLINE}" != "ECKD" ]; then + echo "This script only works on ECKD DASD." + if [ ${ORIG_ONLINE_STATUS} -eq 0 ]; then + /sbin/chccwdev -d -s ${BUSID} + fi + exit 12 +fi + +read STATUS < /sys/bus/ccw/devices/${BUSID}/online +if [ ${STATUS} -eq 1 ]; then + if [ ! -h /dev/disk/by-path/ccw-${BUSID} ]; then + echo "The udev-generated symbolic link in /dev/disk/by-path was not found." + exit 13 + fi + + /sbin/chccwdev -d -s ${BUSID} + /sbin/udevadm settle + + read STATUS < /sys/bus/ccw/devices/${BUSID}/online + if [ ${STATUS} -ne 0 ]; then + echo "Device number ${DEVNO} didn't go offline. Unable to continue." + exit 14 + fi +fi + +/sbin/chccwdev -a raw_track_access=1 -e ${BUSID} +/sbin/udevadm settle + +read STATUS < /sys/bus/ccw/devices/${BUSID}/online +if [ ${STATUS} -ne 1 ]; then + echo "Unable to bring ${DEVNO} online. Unable to continue." + exit 15 +fi + +# After this point, we will kill the formatting on the device +perl -e 'for ($h=0;$h<2;$h++){printf "\0\0\0%c\0\0\0\x8%s",$h,(("\0"x8).("\xff"x8).("\0"x65512))}' | dd bs=65536 count=2 oflag=direct of=/dev/disk/by-path/ccw-${BUSID} >/dev/null 2>&1 + +if [ "$?" -ne 0 ]; then + echo "The writing of the null record 0 failed." + exit 16 +fi + +echo "Setting ${BUSID} back offline with raw track access disabled." +/sbin/chccwdev -d -s -a raw_track_access=0 ${BUSID} +/sbin/udevadm settle + +if [ ${ORIG_ONLINE_STATUS} -eq 1 ]; then + /sbin/chccwdev -e ${BUSID} + /sbin/udevadm settle +fi diff --git a/mkdump.pl b/mkdump.pl.opensuse similarity index 100% rename from mkdump.pl rename to mkdump.pl.opensuse diff --git a/mkdump.pl.suse b/mkdump.pl.suse new file mode 100644 index 0000000..d1483d3 --- /dev/null +++ b/mkdump.pl.suse @@ -0,0 +1,577 @@ +#!/usr/bin/perl +######################################################################## +# +# mkdump.pl - Preparing disks for use as S/390 dump device +# +# Copyright (c) 2011 Tim Hardeck, SUSE LINUX Products GmbH +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Based on mkdump.sh (c) 2004 Hannes Reinecke, SuSE AG +# +# License: +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +######################################################################## + +use strict; +use warnings; +use Fcntl; +use Getopt::Long; + +my $VERSION = "2.0.3"; + +my $BLKID = "/sbin/blkid"; +my $PARTED = "/usr/sbin/parted"; +my $FDASD = "/sbin/fdasd"; +my $DASDVIEW = "/sbin/dasdview"; +my $DASDFMT = "/sbin/dasdfmt"; +my $ZIPL = "/sbin/zipl"; +my $UDEVADM = "/sbin/udevadm"; +my $ZGETDUMP = "/sbin/zgetdump"; + +# temporary DASD device configuration file for Zipl +my $MDPATH = "/tmp/mvdump.conf.".`mcookie`; +# zFCP dump dir, without a leading '/' +my $ZFCP_DUMP_DIR = "mydumps"; + +my $OPT_DEBUG = 0; +my $OPT_FORCE = 0; +my $OPT_VERBOSE = 0; + +sub cleanup +{ + # DASD + if (-e $MDPATH) { + system("rm -f $MDPATH"); + } +} + +sub exit_with +{ + my $message = shift(); + my $exitcode = shift(); + + print STDERR "$message Exiting...\n"; + cleanup(); + + # fdasd isn't able to create volume label interactively + # could be fixed with a reformat + if ($exitcode == 65280) { + $exitcode = 12; + } + + # bigger exit codes are not supported + if ($exitcode > 255) { + $exitcode = 255; + } + + exit($exitcode); +} + +sub run_cmd +{ + my $cmd = shift(); + + my $output = ""; + if (! $OPT_DEBUG) { + my ($app) = $cmd =~ /\/(\w+) /; + + # run command + $output = `$cmd`; + my $exit_code = $?; + # wait for udev to finish processing + system("$UDEVADM settle"); + + # only print output in case of an error or in verbose mode + if ($output and ($exit_code != 0 or $OPT_VERBOSE)) { + print("$output\n"); + } + + if ($exit_code != 0) { + exit_with("$app failed with exit code $exit_code", $exit_code); + } + } else { + # only print the command in debug mode + print("\`$cmd\`\n"); + } + return($output); +} + +sub check_paths +{ + for my $path ($BLKID, $PARTED, $FDASD, $DASDVIEW, $DASDFMT, $ZIPL, $UDEVADM, $ZGETDUMP) { + unless ( -x $path) { + exit_with("Command $path is not available.", 13); + } + } +} + +sub read_file +{ + my $path = shift(); + + open(my $file, "<", "$path") or exit_with("Unable to access $path: $!.", 15); + my @content = <$file>; + close($file); + + # no need for arrays in case of single lines + if (@content > 1) { + return @content; + } else { + chomp($content[0]); + return($content[0]); + } +} + +sub is_dasd +{ + # remove leading /dev/ + my $device = substr(shift(), 5); + + if (-r "/sys/block/$device/device/discipline") { + return(1); + } else { + return(0); + } +} + +sub is_zfcp +{ + # remove leading /dev/ + my $device = substr(shift(), 5); + my $devpath = "/sys/block/$device/device"; + + unless (-r "$devpath/hba_id" or -r "$devpath/type") { + return(0); + } + + my $devtype = read_file("$devpath/type"); + + # SCSI type '0' means disk + if ($devtype == 0) { + return(1); + } else { + return(0); + } +} + +sub get_partition_num +{ + # remove leading /dev/ + my $device = substr(shift, 5); + + my $part_num = grep(/\s+$device\d+/, read_file("/proc/partitions")); + + return($part_num); +} + +sub print_device +{ + my $device = shift(); + my $only_dump_disks = shift(); + + my $devpath = "/sys/block/" . substr($device, 5); + my $output = $device; + my $dump_device = 0; + + my $size = int(read_file("$devpath/size") / 2048); # 512 Byte blocks + # size can't be read this way in case of unformatted devices + if ($size != 0) { + $output .= "\t${size}MB"; + } else { + $output .= "\tunknown"; + } + + if (is_dasd($device)) { + my ($busid) = readlink("$devpath/device") =~ /(\w\.\w\.\w{4})/; + $output .= "\t$busid"; + + # check for dump record and list multi volumes + my $zgetdump_output = `$ZGETDUMP -d $device 2>&1`; + my @dump_devs = $zgetdump_output =~ /(\w\.\w\.\w{4})/g; + if (@dump_devs) { + $dump_device = 1; + $output .= "\tdumpdevice"; + # no need to output the dump ids for a single device + if (@dump_devs > 1) { + for my $id (@dump_devs) { + $output .= "|$id"; + } + } + } else { + # check for single volume dump devices + if ($zgetdump_output =~ /Single-volume DASD dump tool/) { + $dump_device = 1; + $output .= "\tdumpdevice"; + } + } + } else { + my $adapter = read_file("$devpath/device/hba_id"); + my $wwpn = read_file("$devpath/device/wwpn"); + my $lun = read_file("$devpath/device/fcp_lun"); + $output .= "\t$adapter\t$wwpn\t$lun"; + + # check for dump record + my $zgetdump = `$ZGETDUMP -d $device 2>&1`; + if ($? == 0) { + my ($dsize) = ($zgetdump =~ /Maximum dump size\.:\s+([0-9]+) MB/m); + $dsize = $size unless (defined($dsize)); + $output = "$device\t${dsize}MB\t$adapter\t$wwpn\t$lun\tdumpdevice"; + $dump_device = 1; + } + } + if ($only_dump_disks) { + if ($dump_device) { + print("$output\n"); + } + } else { + print("$output\n"); + } +} + +sub list_free_disks +{ + my $devices_ref = shift(); + my $type = shift(); + + if (@$devices_ref) { + for my $device (@$devices_ref) { + print_device($device); + } + } else { + print STDERR "No free $type devices available!\n"; + } +} + +sub list_dump_disks +{ + my @devices = @_; + + if (@devices) { + for my $device (@devices) { + print_device($device, 1); + } + } else { + print STDERR "No dump devices available!\n"; + } +} + +sub determine_free_disks +{ + my @dasd; + my @zfcp; + my @devices; + + # gather block devices + my $path="/sys/block/"; + opendir(DIR, $path) or exit_with("Unable to find $path: $!", 15); + while (defined(my $file = readdir(DIR))) { + # no need to add other devices then dasd* or sd* + if ($file =~ /^dasd[a-z]+$/ or $file =~ /^sd[a-z]+$/) { + push(@devices, $file); + } + } + closedir(DIR); + + for my $entry (@devices) { + # only allow disks, no partitions + my ($device) = $entry =~ /^([a-z]+)$/; + next unless ($device); + + $device = "/dev/$device"; + + # determine if the block device could be accessed exclusively + if(-b $device and sysopen(my $blockdev, $device, O_RDWR|O_EXCL)) { + close($blockdev); + if (is_dasd($device)) { + push(@dasd, $device); + } + if (is_zfcp($device)) { + push(@zfcp, $device); + } + } + # wait for udev to process all events triggered by sysopen(,O_EXCL) + system("$UDEVADM settle"); + } + + return(\@dasd, \@zfcp); +} + +sub prepare_dasd +{ + my @devices = @_; + + my $format_disks = ""; + + # check formatting + for my $device (@devices) { + # determine disk layout + my ($fmtstr) = `$DASDVIEW -x $device` =~ /(\w\w\w) formatted/; + + SWITCH: + for($fmtstr) { + if (/NOT/) { + print("Unformatted disk, formatting $device.\n"); + $format_disks .= " $device"; + last SWITCH; + } + if (/LDL/) { + if ($OPT_FORCE) { + print("Linux disk layout, reformatting $device.\n"); + $format_disks .= " $device"; + } else { + print("$device was formatted with the Linux disk layout.\n"); + print("Unable to use it without reformatting.\n"); + exit_with("Re-issue the mkdump command with the --force option.", 12); + } + last SWITCH; + } + if (/CDL/) { + # allow reformatting with force, since fdasd isn't able to create volume label interactively + if ($OPT_FORCE) { + print("Compatible disk layout, force reformatting $device.\n"); + $format_disks .= " $device"; + } else { + print("$device: Compatible disk layout, Ok to use.\n"); + } + last SWITCH; + } + exit_with("Unknown layout ($fmtstr), cannot use disk.", 11); + } + } + + # format devices + if ($format_disks) { + #up to eight devices in parallel + run_cmd("$DASDFMT -P 8 -b 4096 -y -f $format_disks"); + } + + # check partitioning and partition + for my $device (@devices) { + my $part_num = get_partition_num($device); + if ($part_num == 0 or $OPT_FORCE) { + print("Re-partitioning disk $device.\n"); + run_cmd("$FDASD -a $device"); + } else { + # allow disk with one partition if it don't consist a file system + if ($part_num == 1) { + my ($fstype) = `$BLKID ${device}1` =~ /TYPE=\"(\w+)\"/; + if ($fstype) { + exit_with("Device ${device}1 already contains a filesystem of type $fstype.", 12); + } + } else { + exit_with("$part_num partitions detected, cannot use disk $device.", 12); + } + } + } +} + +sub setup_dasddump +{ + my @devices = @_; + + prepare_dasd(@devices); + + # create zipl device configuration file + # don't create files in debug mode + unless ($OPT_DEBUG) { + open(my $file, ">", $MDPATH) or exit_with("Unable to access $MDPATH: $!.", 15); + for my $device (@devices) { + print{$file}("${device}1\n"); + } + close($file); + } + + print("Creating dump record.\n"); + run_cmd("${ZIPL} -V -n -M $MDPATH"); + + cleanup(); +} + +sub setup_zfcpdump +{ + my $device = shift(); + + # check partitioning + my $part_num = get_partition_num($device); + if ($part_num == 0 or $OPT_FORCE) { + print("Re-partitioning disk $device.\n"); + run_cmd("$PARTED -s -- $device mklabel gpt mkpart primary 0 -1"); + } else { + if ($part_num > 1) { + exit_with("$part_num partitions detected, cannot use disk $device.", 12); + } + } + + # install bootloader + print("Creating dump record.\n"); + run_cmd("${ZIPL} -V -d ${device}1"); + + cleanup(); +} + +sub print_version +{ + print << "EOF"; +mkdump $VERSION + +Copyright (c) 2011 SUSE LINUX Products GmbH +License GPLv2 or (at your option) any later version. + +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. + +Written by Tim Hardeck . +EOF + exit(0); +} + +sub print_usage +{ + my $exitcode = shift(); + + print << "EOF"; +Usage: mkdump [OPTIONS] [DEVICE]... +mkdump $VERSION + +Prepare one or more volumes for use as S/390 dump device. Supported devices +are ECKD DASD and SCSI over zFCP disks, while multi-volumes are limited to DASD. + +Only whole disks can be used, no partitions! If the device is incompatible +formatted/partioned, the script will refuse to install the dump record +unless the --force switch is given. + +Disks which are in use or have mounted partitions will not be listed and can't be used. +The mentioning of "dumpdevice" after a disk indicates that it is an already usable dump device. Additionally multi-volume dump devices are indicated by the list of including DASD ids. + +Options: + -h, --help display this help and exit + -V, --version display version information and exit + + -d, --debug debug mode, do not run programs which commit changes + -v, --verbose be verbose and show command outputs + -f, --force force overwrite of the disk + + -l, --list-dump display dump disks + -D, --list-dasd display usable DASD disks (Device, Size, ID, Dump) + -Z, --list-zfcp display usable SCSI over zFCP disks (Device, Size, ID, WWPN, LUN, Dump) + +Report bugs on https://bugzilla.novell.com/ +EOF + + exit($exitcode); +} + +sub analyze_cmd_parameters +{ + #verbose, debug and force are global + my $opt_help = 0; + my $opt_version = 0; + my $opt_dump = 0; + my $opt_dasd = 0; + my $opt_zfcp = 0; + + if (@ARGV == 0) { + print_usage(14); + } + + Getopt::Long::Configure('bundling'); + GetOptions( + 'h|help' => \$opt_help, + 'V|version' => \$opt_version, + 'd|debug' => \$OPT_DEBUG, + 'v|verbose' => \$OPT_VERBOSE, + 'f|force' => \$OPT_FORCE, + 'l|list-dump' => \$opt_dump, + 'D|list-dasd' => \$opt_dasd, + 'Z|list-zfcp' => \$opt_zfcp, + ) or print_usage(14); + + if ($opt_help) { + print_usage(0); + } + + if ($opt_version) { + print_version(); + } + + # determine free dasd and zfcp devices + my ($dasd_ref, $zfcp_ref) = determine_free_disks(); + + if ($opt_dump) { + list_dump_disks(@$dasd_ref, @$zfcp_ref); + exit 0; + } + + if ($opt_dasd) { + list_free_disks(\@$dasd_ref, "dasd"); + } + + if ($opt_zfcp) { + list_free_disks(\@$zfcp_ref, "zfcp"); + } + + # allow listing of both device types at the same time + if ($opt_dasd or $opt_zfcp) { + exit 0; + } + + # check provided devices and be strict + my @devices; + for my $device (@ARGV) { + if (grep(/$device/, @devices)) { + exit_with("$device is mentioned more than once.", 14); + } + if ( $device =~ /^\/dev\/[a-z]+$/ == 0) { + exit_with("The device parameter $device is inaccurate. Only whole disks are allowed.", 14); + } + if (grep(/$device/, (@$dasd_ref, @$zfcp_ref))) { + if (is_zfcp($device) and @ARGV > 1) { + exit_with("Multi-volume dumps aren't supported with zFCP.", 14); + } + push(@devices, $device); + } else { + if (-b $device) { + exit_with("$device is in use or not a DASD/zFCP disk!", 14); + } else { + exit_with("$device does not exist!", 14); + } + } + } + + if (@devices == 0) { + exit_with("No usable devices where provided.", 14); + } + + return(@devices); +} + +sub main +{ + check_paths(); + my @devices = analyze_cmd_parameters(); + + # only one dump device is possible with zFCP which is enforced in analyze_cmd_parameters + if (is_zfcp($devices[0])) { + setup_zfcpdump($devices[0]); + } else { + setup_dasddump(@devices); + } + + print("Creating the dump device was successful.\n"); +} + +main(); diff --git a/s390-tools-2.19.0.tar.gz b/s390-tools-2.19.0.tar.gz deleted file mode 100644 index 135797f..0000000 --- a/s390-tools-2.19.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:17dc163e6a1e940f895c64955c130058600e1df834e1ab134410be7266ef724a -size 1681093 diff --git a/s390-tools-2.24.0.tar.gz b/s390-tools-2.24.0.tar.gz new file mode 100644 index 0000000..2a83ebe --- /dev/null +++ b/s390-tools-2.24.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:af5268147f725a9a9ec54df8fe1b2e3e4e8d256199d542456f0b2275e560d005 +size 1840869 diff --git a/s390-tools-rpmlintrc b/s390-tools-rpmlintrc index d7d8c9a..525a34a 100644 --- a/s390-tools-rpmlintrc +++ b/s390-tools-rpmlintrc @@ -2,3 +2,5 @@ addFilter("statically-linked-binary /usr/lib/s390-tools/.*") addFilter("statically-linked-binary /usr/bin/read_values") addFilter("systemd-service-without-service_.* *@.service") addFilter("position-independent-executable-suggested ") +addFilter("non-etc-or-var-file-marked-as-conffile /boot/zipl/active_devices.txt") +addFilter("zero-length /boot/zipl/active_devices.txt") diff --git a/s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch b/s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.opensuse similarity index 100% rename from s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch rename to s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.opensuse diff --git a/s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.suse b/s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.suse new file mode 100644 index 0000000..e5059e0 --- /dev/null +++ b/s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.suse @@ -0,0 +1,31 @@ +From f7a0f391f2c4e8acc96b21ab5de54a178aa60088 Mon Sep 17 00:00:00 2001 +From: Hannes Reinecke +Date: Fri, 22 Nov 2013 15:39:38 +0100 +Subject: [PATCH] 59-dasd.rules: generate by-id links on 'change' and 'add' + +The by-id rules need to be triggered on both, 'change' and 'add', +to work correctly during restarting udev. + +References: bnc#808042 + +Signed-off-by: Robert Milasan +--- + etc/udev/rules.d/59-dasd.rules | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/etc/udev/rules.d/59-dasd.rules b/etc/udev/rules.d/59-dasd.rules +index 2b1435c..a08cb7c 100644 +--- a/etc/udev/rules.d/59-dasd.rules ++++ b/etc/udev/rules.d/59-dasd.rules +@@ -6,7 +6,7 @@ + SUBSYSTEM!="block", GOTO="dasd_symlinks_end" + KERNEL!="dasd*", GOTO="dasd_symlinks_end" + +-ACTION!="change", GOTO="dasd_block_end" ++ACTION!="change|add", GOTO="dasd_block_end" + # by-id (hardware serial number) + KERNEL=="dasd*[!0-9]", ATTRS{status}=="online", IMPORT{program}="/sbin/dasdinfo -a -e -b $kernel" + KERNEL=="dasd*[!0-9]", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_SERIAL}" +-- +1.8.1.4 + diff --git a/s390-tools-sles15sp3-remove-no-pie-link-arguments.patch b/s390-tools-sles15sp3-remove-no-pie-link-arguments.patch deleted file mode 100644 index 5050ce2..0000000 --- a/s390-tools-sles15sp3-remove-no-pie-link-arguments.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- s390-tools-2.15.1/common.mak 2020-10-28 10:31:59.000000000 -0400 -+++ s390-tools-2.15.1/common.mak 2021-03-01 11:16:20.285597140 -0500 -@@ -252,8 +252,8 @@ - - ifneq ($(shell $(CC_SILENT) -dumpspecs 2>/dev/null | grep -e '[^f]no-pie'),) - NO_PIE_CFLAGS := -fno-pie -- NO_PIE_LINKFLAGS := -no-pie -- NO_PIE_LDFLAGS := -no-pie -+ NO_PIE_LINKFLAGS := -+ NO_PIE_LDFLAGS := - else - NO_PIE_CFLAGS := - NO_PIE_LINKFLAGS := diff --git a/s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinning.patch b/s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinning.patch deleted file mode 100644 index 5733fda..0000000 --- a/s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinning.patch +++ /dev/null @@ -1,271 +0,0 @@ -Subject: [PATCH] [BZ 197604] genprotimg: remove DigiCert root CA pinning -From: Marc Hartmayer - -Description: genprotimg/check_hostkeydoc: cert. verification is too strict -Symptom: Verification failures will occur for newer host key documents -Problem: The certificate verification of check_hostkeydoc is too strict - and doesn't match the checking performed by genprotimg. This - applies to the OU field in the issuer DN of the host key - document. As a consequence verification failures will occur for - host key documents issued for hardware generations newer than - IBM z15. - - DigiCert is the CA issuing the signing certificate for Secure - Execution host key documents. This certificate is used for the - verification of the host key document validity. Recently, - DigiCert has changed the root CA certificate used for issuance - of the signing certificates. As genprotimg is checking the CA - serial, the verification of the chain of trust will fail. As a - workaround, it is possible to disable certificate verification, - but this is not recommended because it makes it easier to - provide a fake host key document. Since the previously issued - host key documents are expiring in April 2022, it is necessary - to fix genprotimg to accept the newly issued host key - documents. -Solution: Relax the certificate verification -Reproduction: Use a new host key document -Upstream-ID: 78b053326c504c0535b5ec1c244ad7bb5a1df29d -Problem-ID: 197604 - -Upstream-Description: - - genprotimg: remove DigiCert root CA pinning - - Remove the DigiCert root CA pinning. The root CA used for the chain of trust can - change in the future therefore let's remove this check. If someone wants to - enforce the usage of a specific root CA it can be selected by the genprotimg - command line option `--root-ca $CA`. Make it transparent to the user which root - CA is actually being used by printing the subject name of the root CA to stdout - in verbose mode. - - Signed-off-by: Marc Hartmayer - Acked-by: Viktor Mihajlovski - Reviewed-and-tested-by: Nico Boehr - Signed-off-by: Jan Hoeppner - - -Signed-off-by: Marc Hartmayer -Index: s390-tools-service/genprotimg/man/genprotimg.8 -=================================================================== ---- s390-tools-service.orig/genprotimg/man/genprotimg.8 -+++ s390-tools-service/genprotimg/man/genprotimg.8 -@@ -87,7 +87,7 @@ CRLs. Optional. - .TP - \fB\-\-root\-ca\fR=\fI\,FILE\/\fR - Specifies the root CA certificate for the verification. If omitted, --the DigiCert root CA certificate installed on the system is used. Use -+the system wide root CAs installed on the system is used. Use - this only if you trust the specified certificate. Optional. - .TP - \fB\-\-no-verify\fR -Index: s390-tools-service/genprotimg/src/include/pv_crypto_def.h -=================================================================== ---- s390-tools-service.orig/genprotimg/src/include/pv_crypto_def.h -+++ s390-tools-service/genprotimg/src/include/pv_crypto_def.h -@@ -29,9 +29,6 @@ - */ - #define PV_CERTS_SECURITY_LEVEL 2 - --/* SKID for DigiCert Assured ID Root CA */ --#define DIGICERT_ASSURED_ID_ROOT_CA_SKID "45EBA2AFF492CB82312D518BA7A7219DF36DC80F" -- - union ecdh_pub_key { - struct { - uint8_t x[80]; -Index: s390-tools-service/genprotimg/src/pv/pv_args.c -=================================================================== ---- s390-tools-service.orig/genprotimg/src/pv/pv_args.c -+++ s390-tools-service/genprotimg/src/pv/pv_args.c -@@ -111,7 +111,7 @@ static gint pv_args_validate_options(PvA - g_strv_length(args->untrusted_cert_paths) == 0)) { - g_set_error( - err, PV_PARSE_ERROR, PR_PARSE_ERROR_MISSING_ARGUMENT, -- _("Either specify the IBM Z signing key and (DigiCert) intermediate CA certificate\n" -+ _("Either specify the IBM Z signing key and intermediate CA certificate\n" - "by using the '--cert' option, or use the '--no-verify' flag to disable the\n" - "host-key document verification completely (at your own risk).")); - return -1; -Index: s390-tools-service/genprotimg/src/pv/pv_image.c -=================================================================== ---- s390-tools-service.orig/genprotimg/src/pv/pv_image.c -+++ s390-tools-service/genprotimg/src/pv/pv_image.c -@@ -304,9 +304,10 @@ static gint pv_img_hostkey_verify(GSList - } - - /* Load all untrusted certificates (e.g. IBM Z signing key and -- * DigiCert intermediate CA) that are required to establish a chain of -- * trust starting from the host-key document up to the root CA (if not -- * otherwise specified that's the DigiCert Assured ID Root CA). -+ * intermediate CA) that are required to establish a chain of trust -+ * starting from the host-key document up to the root CA (if not -+ * otherwise specified that can be one of the system wide installed -+ * root CAs, e.g. DigiCert). - */ - untrusted_certs_with_path = load_certificates(untrusted_cert_paths, err); - if (!untrusted_certs_with_path) -@@ -341,9 +342,8 @@ static gint pv_img_hostkey_verify(GSList - * For this we must check: - * - * 1. Can a chain of trust be established ending in a root CA -- * 2. Is the correct root CA ued? It has either to be the -- * 'DigiCert Assured ID Root CA' or the root CA specified via -- * command line. -+ * 2. Is the correct root CA used? It has either to be a system CA -+ * or the root CA specified via command line. - */ - for (gint i = 0; i < sk_X509_num(ibm_signing_certs); ++i) { - X509 *ibm_signing_cert = sk_X509_value(ibm_signing_certs, i); -@@ -364,17 +364,12 @@ static gint pv_img_hostkey_verify(GSList - if (verify_cert(ibm_signing_cert, ctx, err) < 0) - goto error; - -- /* Verify the build chain of trust chain. If the user passes a -- * trusted root CA on the command line then the check for the -- * Subject Key Identifier (SKID) is skipped, otherwise let's -- * check if the SKID meets our expectation. -+ /* If there is a chain of trust using either the provided root -+ * CA on the command line or a system wide trusted root CA. - */ -- if (!root_ca_path && -- check_chain_parameters(X509_STORE_CTX_get0_chain(ctx), -- get_digicert_assured_id_root_ca_skid(), -- err) < 0) { -+ if (check_chain_parameters(X509_STORE_CTX_get0_chain(ctx), -+ err) < 0) - goto error; -- } - - ibm_signing_crls = store_ctx_find_valid_crls(ctx, ibm_signing_cert, err); - if (!ibm_signing_crls) { -@@ -588,7 +583,7 @@ PvImage *pv_img_new(PvArgs *args, const - g_warning(_("host-key document verification is disabled. Your workload is not secured.")); - - if (args->root_ca_path) -- g_warning(_("A different root CA than the default DigiCert root CA is selected. Ensure that this root CA is trusted.")); -+ g_warning(_("The root CA is selected through the command line. Ensure that this root CA is trusted.")); - - ret->comps = pv_img_comps_new(EVP_sha512(), EVP_sha512(), EVP_sha512(), err); - if (!ret->comps) -Index: s390-tools-service/genprotimg/src/utils/crypto.c -=================================================================== ---- s390-tools-service.orig/genprotimg/src/utils/crypto.c -+++ s390-tools-service/genprotimg/src/utils/crypto.c -@@ -1079,8 +1079,8 @@ int store_set_verify_param(X509_STORE *s - g_abort(); - - /* The maximum depth level of the chain of trust for the verification of -- * the IBM Z signing key is 2, i.e. IBM Z signing key -> (DigiCert) -- * intermediate CA -> (DigiCert) root CA -+ * the IBM Z signing key is 2, i.e. IBM Z signing key -> intermediate CA -+ * -> root CA - */ - X509_VERIFY_PARAM_set_depth(param, 2); - -@@ -1267,46 +1267,38 @@ static int security_level_to_bits(int le - return security_bits[level]; - } - --static ASN1_OCTET_STRING *digicert_assured_id_root_ca; -- --const ASN1_OCTET_STRING *get_digicert_assured_id_root_ca_skid(void) --{ -- pv_crypto_init(); -- return digicert_assured_id_root_ca; --} -- - /* Used for the caching of the downloaded CRLs */ - static GHashTable *cached_crls; - - void pv_crypto_init(void) - { -- if (digicert_assured_id_root_ca) -+ if (cached_crls) - return; -- - cached_crls = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, - (GDestroyNotify)X509_CRL_free); -- digicert_assured_id_root_ca = s2i_ASN1_OCTET_STRING( -- NULL, NULL, DIGICERT_ASSURED_ID_ROOT_CA_SKID); - } - - void pv_crypto_cleanup(void) - { -- if (!digicert_assured_id_root_ca) -+ if (!cached_crls) - return; - g_clear_pointer(&cached_crls, g_hash_table_destroy); -- g_clear_pointer(&digicert_assured_id_root_ca, ASN1_OCTET_STRING_free); - } - - gint check_chain_parameters(const STACK_OF_X509 *chain, -- const ASN1_OCTET_STRING *skid, GError **err) -+ GError **err) - { -- const ASN1_OCTET_STRING *ca_skid = NULL; -+ const X509_NAME *ca_x509_subject = NULL; -+ g_autofree gchar *ca_subject = NULL; - gint len = sk_X509_num(chain); - X509 *ca = NULL; - -- g_assert(skid); - /* at least one root and one leaf certificate must be defined */ -- g_assert(len >= 2); -+ if (len < 2) { -+ g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_INTERNAL, -+ _("there must be at least on root and one leaf certificate in the chain of trust")); -+ return -1; -+ } - - /* get the root certificate of the chain of trust */ - ca = sk_X509_value(chain, len - 1); -@@ -1316,19 +1308,21 @@ gint check_chain_parameters(const STACK_ - return -1; - } - -- ca_skid = X509_get0_subject_key_id(ca); -- if (!ca_skid) { -- g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_MALFORMED_ROOT_CA, -- _("malformed root certificate")); -+ ca_x509_subject = X509_get_subject_name(ca); -+ if (!ca_x509_subject) { -+ g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_INTERNAL, -+ _("subject of the root CA cannot be retrieved")); - return -1; - } - -- if (ASN1_STRING_cmp(ca_skid, skid) != 0) { -- g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_WRONG_CA_USED, -- _("expecting DigiCert root CA to be used")); -+ ca_subject = X509_NAME_oneline(ca_x509_subject, NULL, 0); -+ if (!ca_subject) { -+ g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_INTERNAL, -+ _("subject name of the root CA cannot be retrieved")); - return -1; - } - -+ g_info("Root CA used: '%s'", ca_subject); - return 0; - } - -Index: s390-tools-service/genprotimg/src/utils/crypto.h -=================================================================== ---- s390-tools-service.orig/genprotimg/src/utils/crypto.h -+++ s390-tools-service/genprotimg/src/utils/crypto.h -@@ -125,7 +125,6 @@ int check_crl_valid_for_cert(X509_CRL *c - gint verify_flags, GError **err); - void pv_crypto_init(void); - void pv_crypto_cleanup(void); --const ASN1_OCTET_STRING *get_digicert_assured_id_root_ca_skid(void); - gint verify_host_key(X509 *host_key, GSList *issuer_pairs, - gint verify_flags, int level, GError **err); - X509 *load_cert_from_file(const char *path, GError **err); -@@ -138,8 +137,7 @@ X509_STORE *store_setup(const gchar *roo - int store_set_verify_param(X509_STORE *store, GError **err); - X509_CRL *load_crl_by_cert(X509 *cert, GError **err); - STACK_OF_X509_CRL *try_load_crls_by_certs(GSList *certs_with_path); --gint check_chain_parameters(const STACK_OF_X509 *chain, -- const ASN1_OCTET_STRING *skid, GError **err); -+gint check_chain_parameters(const STACK_OF_X509 *chain, GError **err); - X509_NAME *c2b_name(const X509_NAME *name); - - STACK_OF_X509 *delete_ibm_signing_certs(STACK_OF_X509 *certs); diff --git a/s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch b/s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch deleted file mode 100644 index 22dcd26..0000000 --- a/s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch +++ /dev/null @@ -1,102 +0,0 @@ -Subject: [PATCH] [BZ 197604] genprotimg/check_hostkeydoc: relax default issuer check -From: Marc Hartmayer - -Description: genprotimg/check_hostkeydoc: cert. verification is too strict -Symptom: Verification failures will occur for newer host key documents -Problem: The certificate verification of check_hostkeydoc is too strict - and doesn't match the checking performed by genprotimg. This - applies to the OU field in the issuer DN of the host key - document. As a consequence verification failures will occur for - host key documents issued for hardware generations newer than - IBM z15. - - DigiCert is the CA issuing the signing certificate for Secure - Execution host key documents. This certificate is used for the - verification of the host key document validity. Recently, - DigiCert has changed the root CA certificate used for issuance - of the signing certificates. As genprotimg is checking the CA - serial, the verification of the chain of trust will fail. As a - workaround, it is possible to disable certificate verification, - but this is not recommended because it makes it easier to - provide a fake host key document. Since the previously issued - host key documents are expiring in April 2022, it is necessary - to fix genprotimg to accept the newly issued host key - documents. -Solution: Relax the certificate verification -Reproduction: Use a new host key document -Upstream-ID: 673ff375d939d3cde674f8f99a62d456f8b1673d -Problem-ID: 197604 - -Upstream-Description: - - genprotimg/check_hostkeydoc: relax default issuer check - - While the original default issuer's organizationalUnitName (OU) - was defined as "IBM Z Host Key Signing Service", any OU ending - with "Key Signing Service" is considered legal. - - Let's relax the default issuer check by stripping off characters - preceding "Key Signing Service". - - Signed-off-by: Viktor Mihajlovski - Reviewed-by: Marc Hartmayer - Signed-off-by: Jan Hoeppner - - -Signed-off-by: Marc Hartmayer -Index: s390-tools-service/genprotimg/samples/check_hostkeydoc -=================================================================== ---- s390-tools-service.orig/genprotimg/samples/check_hostkeydoc -+++ s390-tools-service/genprotimg/samples/check_hostkeydoc -@@ -23,6 +23,7 @@ BODY_FILE=$(mktemp) - ISSUER_DN_FILE=$(mktemp) - SUBJECT_DN_FILE=$(mktemp) - DEF_ISSUER_DN_FILE=$(mktemp) -+CANONICAL_ISSUER_DN_FILE=$(mktemp) - CRL_SERIAL_FILE=$(mktemp) - - # Cleanup on exit -@@ -30,7 +31,7 @@ cleanup() - { - rm -f $ISSUER_PUBKEY_FILE $SIGNATURE_FILE $BODY_FILE \ - $ISSUER_DN_FILE $SUBJECT_DN_FILE $DEF_ISSUER_DN_FILE \ -- $CRL_SERIAL_FILE -+ $CANONICAL_ISSUER_DN_FILE $CRL_SERIAL_FILE - } - trap cleanup EXIT - -@@ -121,20 +122,31 @@ default_issuer() - commonName = International Business Machines Corporation - countryName = US - localityName = Poughkeepsie -- organizationalUnitName = IBM Z Host Key Signing Service -+ organizationalUnitName = Key Signing Service - organizationName = International Business Machines Corporation - stateOrProvinceName = New York - EOF - } - --verify_issuer_files() -+# As organizationalUnitName can have an arbitrary prefix but must -+# end with "Key Signing Service" let's normalize the OU name by -+# stripping off the prefix -+verify_default_issuer() - { - default_issuer > $DEF_ISSUER_DN_FILE - -- if ! diff $ISSUER_DN_FILE $DEF_ISSUER_DN_FILE -+ sed "s/\(^[ ]*organizationalUnitName[ ]*=[ ]*\).*\(Key Signing Service$\)/\1\2/" \ -+ $ISSUER_DN_FILE > $CANONICAL_ISSUER_DN_FILE -+ -+ if ! diff $CANONICAL_ISSUER_DN_FILE $DEF_ISSUER_DN_FILE - then - echo Incorrect default issuer >&2 && exit 1 - fi -+} -+ -+verify_issuer_files() -+{ -+ verify_default_issuer - - if diff $ISSUER_DN_FILE $SUBJECT_DN_FILE - then diff --git a/s390-tools-sles15sp4-chreipl-fcp-mpath-don-t-compress-the-manpage-before-.patch b/s390-tools-sles15sp4-chreipl-fcp-mpath-don-t-compress-the-manpage-before-.patch deleted file mode 100644 index 6594bc2..0000000 --- a/s390-tools-sles15sp4-chreipl-fcp-mpath-don-t-compress-the-manpage-before-.patch +++ /dev/null @@ -1,116 +0,0 @@ -From 1bbd34e500980b9ea2514776bb2dbd745247e651 Mon Sep 17 00:00:00 2001 -From: Benjamin Block -Date: Fri, 12 Nov 2021 13:34:22 +0100 -Subject: [PATCH] chreipl-fcp-mpath: don't compress the manpage before - installing it -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Remove the call to `gzip` before installing the manpage during the -`make install` call. What and if compression is done should be handled by -the distribution tooling. - -This also removes a dependency for the build process. - -Reviewed-by: Steffen Maier -Signed-off-by: Benjamin Block -Signed-off-by: Jan Höppner ---- - CHANGELOG.md | 1 + - README.md | 2 +- - chreipl-fcp-mpath/.gitignore | 1 - - chreipl-fcp-mpath/Makefile | 11 +---------- - chreipl-fcp-mpath/README.md | 5 ++--- - 5 files changed, 5 insertions(+), 15 deletions(-) - -diff --git a/CHANGELOG.md b/CHANGELOG.md -index 94817e1..8cac1cb 100644 ---- a/CHANGELOG.md -+++ b/CHANGELOG.md -@@ -12,6 +12,7 @@ - - dbginfo.sh: Add retry timeout and remove possible blocking "blockdev --report" - - dbginfo.sh: Collect config- and debug-data for chreipl-fcp-mpath - - hsci: Add support for multiple MAC addresses -+ - chreipl-fcp-mpath: don't compress the manpage before installing it - - Bug Fixes: - - lshwc: Fix compile error for gcc <8.1 -diff --git a/README.md b/README.md -index eb5c81f..62e4c11 100644 ---- a/README.md -+++ b/README.md -@@ -479,4 +479,4 @@ the different tools are provided: - util-linux, udev, and multipath-tools. When using `HAVE_DRACUT=1` with the - make invocation, it also requires dracut. When using `ENABLE_DOC=1` with the - make invocation to build a man page and render the README.md as HTML, make -- further requires pandoc, GNU awk, and GNU Gzip for the build process. -+ further requires pandoc and GNU awk for the build process. -diff --git a/chreipl-fcp-mpath/.gitignore b/chreipl-fcp-mpath/.gitignore -index 4611195..ecd49ee 100644 ---- a/chreipl-fcp-mpath/.gitignore -+++ b/chreipl-fcp-mpath/.gitignore -@@ -10,4 +10,3 @@ - /README.pdf - /chreipl-fcp-mpath.md - /chreipl-fcp-mpath.7 --/chreipl-fcp-mpath.7.gz -diff --git a/chreipl-fcp-mpath/Makefile b/chreipl-fcp-mpath/Makefile -index 80cab7f..9b4aae0 100644 ---- a/chreipl-fcp-mpath/Makefile -+++ b/chreipl-fcp-mpath/Makefile -@@ -12,8 +12,6 @@ - # bash: - # - bash - # If $(ENABLE_DOC) is `1`: --# GNU Gzip: --# - gzip - # GNU awk: - # - gawk - -@@ -186,18 +184,11 @@ INSTDIRS += $(MANDIR) - .PHONY: chreipl-fcp-mpath-install-man-page - chreipl-fcp-mpath-install-man-page: | $(DESTDIR)$(MANDIR)/man7 - chreipl-fcp-mpath-install-man-page: chreipl-fcp-mpath.7 -- $(GZIP) -fk --best chreipl-fcp-mpath.7 - $(INSTALL_DATA) -t $(DESTDIR)$(MANDIR)/man7 \ -- chreipl-fcp-mpath.7.gz -+ chreipl-fcp-mpath.7 - - chreipl-fcp-mpath-install: chreipl-fcp-mpath-install-man-page - --.PHONY: chreipl-fcp-mpath-install-man-page-clean --chreipl-fcp-mpath-install-man-page-clean: -- rm -f chreipl-fcp-mpath.7.gz -- --chreipl-fcp-mpath-clean: chreipl-fcp-mpath-install-man-page-clean -- - endif - - # -diff --git a/chreipl-fcp-mpath/README.md b/chreipl-fcp-mpath/README.md -index 3943f73..d58ccd2 100644 ---- a/chreipl-fcp-mpath/README.md -+++ b/chreipl-fcp-mpath/README.md -@@ -131,8 +131,7 @@ To build and install the documentation (man page) you need: - - - pandoc; - - GNU Core Utilities (date); -- - GNU awk; -- - GNU Gzip. -+ - GNU awk. - - INSTALLATION - ============ -@@ -207,7 +206,7 @@ files to these default locations: - /usr/lib/udev/chreipl-fcp-mpath-record-volume-identifier - /usr/lib/udev/chreipl-fcp-mpath-try-change-ipl-path - /usr/lib/udev/rules.d/70-chreipl-fcp-mpath.rules -- /usr/share/man/man7/chreipl-fcp-mpath.7.gz -+ /usr/share/man/man7/chreipl-fcp-mpath.7 - - UNINSTALL - ========= --- -2.26.2 - diff --git a/s390-tools-sles15sp4-chreipl-fcp-mpath-remove-shebang-from-chreipl-fcp-mp.patch b/s390-tools-sles15sp4-chreipl-fcp-mpath-remove-shebang-from-chreipl-fcp-mp.patch deleted file mode 100644 index a25a837..0000000 --- a/s390-tools-sles15sp4-chreipl-fcp-mpath-remove-shebang-from-chreipl-fcp-mp.patch +++ /dev/null @@ -1,36 +0,0 @@ -From c2f8988444d0ed8274256c1990bb7f8866c265e2 Mon Sep 17 00:00:00 2001 -From: Benjamin Block -Date: Fri, 12 Nov 2021 12:38:10 +0100 -Subject: [PATCH] chreipl-fcp-mpath: remove shebang from - chreipl-fcp-mpath-common.sh.in -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -`chreipl-fcp-mpath-common.sh.in` is never executed, only used as argument -for `source` in the udev helper scripts, so the shebang is unnecessary, and -might be confusing. - -Also, tools like `rpmlint` from the rpm software management will complain -about this; e.g.: - s390-tools-chreipl-fcp-mpath.s390x: W: non-executable-script /usr/lib/chreipl-fcp-mpath/chreipl-fcp-mpath-common.sh 644 /bin/bash - -Reviewed-by: Steffen Maier -Signed-off-by: Benjamin Block -Signed-off-by: Jan Höppner ---- - chreipl-fcp-mpath/chreipl-fcp-mpath-common.sh.in | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/chreipl-fcp-mpath/chreipl-fcp-mpath-common.sh.in b/chreipl-fcp-mpath/chreipl-fcp-mpath-common.sh.in -index 83c4361..0a54322 100644 ---- a/chreipl-fcp-mpath/chreipl-fcp-mpath-common.sh.in -+++ b/chreipl-fcp-mpath/chreipl-fcp-mpath-common.sh.in -@@ -1,4 +1,3 @@ --#!/bin/bash - # SPDX-License-Identifier: MIT - # - # chreipl-fcp-mpath: use multipath information to change FCP IPL target --- -2.26.2 - diff --git a/s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch b/s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch deleted file mode 100644 index 1cbb06a..0000000 --- a/s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 9e620058184cfdf026241b953bfbb095256198a0 Mon Sep 17 00:00:00 2001 -From: Marc Hartmayer -Date: Tue, 26 Apr 2022 09:22:10 +0000 -Subject: [PATCH] genprotimg/boot: disable `-Warray-bounds` for now -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This work around fixes the gcc-12 false positive by disabling `Warray-bounds`: - - CC genprotimg/boot/stage3a.o - In file included from stage3a.c:14: - In function ‘__test_facility’, - inlined from ‘test_facility’ at ../../include/boot/s390.h:428:9, - inlined from ‘start’ at stage3a.c:42:7: - ../../include/boot/s390.h:418:17: error: array subscript 0 is outside array bounds of ‘void[0]’ [-Werror=array-bounds] - 418 | return (*ptr & (0x80 >> (nr & 7))) != 0; - | ^~~~ - -Unfortunately, there is currently no better fix available that doesn't result -in larger boot loader code sizes. Given the importancy of the boot loader file -sizes the other fixes aren't acceptable. The Linux kernel shares the -problem (but for performance reasons), take a look at the discussion -https://lore.kernel.org/lkml/yt9dzgkelelc.fsf@linux.ibm.com/ for details. - -Fixes: https://github.com/ibm-s390-linux/s390-tools/issues/130 -Signed-off-by: Marc Hartmayer -Reviewed-by: Jan Höppner -Signed-off-by: Jan Höppner ---- - genprotimg/boot/Makefile | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/genprotimg/boot/Makefile b/genprotimg/boot/Makefile -index f957a70..95bd6cc 100644 ---- a/genprotimg/boot/Makefile -+++ b/genprotimg/boot/Makefile -@@ -15,7 +15,8 @@ ALL_CFLAGS := $(NO_PIE_CFLAGS) -Os -g \ - -fno-delete-null-pointer-checks -fno-stack-protector \ - -fexec-charset=IBM1047 -m64 -mpacked-stack \ - -mstack-size=4096 -mstack-guard=128 -msoft-float \ -- -Wall -Wformat-security -Wextra -Werror -+ -Wall -Wformat-security -Wextra -Werror \ -+ -Wno-array-bounds - - FILES := stage3a.bin stage3b.bin stage3b_reloc.bin - --- -2.35.3 - diff --git a/s390-tools-sles15sp4-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch b/s390-tools-sles15sp4-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch deleted file mode 100644 index 78dbb0a..0000000 --- a/s390-tools-sles15sp4-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch +++ /dev/null @@ -1,94 +0,0 @@ -Subject: [PATCH] [BZ 198268] libseckey: Adapt keymgmt_match() implementation to OpenSSL -From: Ingo Franzki - -Description: zkey: KMIP plugin fails to connection to KMIP server -Symptom: When a zkey key repository is bound to the KMIP plugin, and the - connection to the KMIP server is to be configired using command - 'zkey kms configure --kmip-server ', it fails to connect - to the specified KMIP server. -Problem: When trying to establish a TSL connection to the KMIP server, - the KMIP client sets up an OpenSSL SSL context with its - certificate and its private key (which is a secure key) using - OpenSSL function SSL_CTX_use_PrivateKey(). When running with - OpenSSL 3.0, This calls the secure key provider's match - function to check if the private key specified matches the - public key of the certificate using EVP_PKEY_eq(). EVP_PKEY_eq() - includes the private key into the selector bits for the match - call, although the certificate only contains the public key - part. - OpenSSL commit ee22a3741e3fc27c981e7f7e9bcb8d3342b0c65a changed - the OpenSSL provider's keymgmt_match() function to be not so - strict with the selector bits in regards to matching different - key parts. - This means, that if the public key is selected to be matched, - and the public key matches (together with any also selected - parameters), then the private key is no longer checked, although - it may also be selected to be matched. This is according to how - the OpenSSL function EVP_PKEY_eq() is supposed to behave. -Solution: Adapt the secure key provider's match function to behave like - the match functions of the providers coming with OpenSSL. -Reproduction: Configure a connection to a KMIP server on a system that comes - with OpenSSL 3.0. -Upstream-ID: 6c5c5f7e558c114ddaa475e96c9ec708049aa423 -Problem-ID: 198268 - -Upstream-Description: - - libseckey: Adapt keymgmt_match() implementation to OpenSSL - - OpenSSL commit ee22a3741e3fc27c981e7f7e9bcb8d3342b0c65a changed the - OpenSSL provider's keymgmt_match() function to be not so strict with - the selector bits in regards to matching different key parts. - - Adapt the secure key provider's match function accordingly. - This means, that if the public key is selected to be matched, and - the public key matches (together with any also selected parameters), - then the private key is no longer checked, although it may also be - selected to be matched. This is according to how the OpenSSL function - EVP_PKEY_eq() is supposed to behave. - - OpenSSL function SSL_CTX_use_PrivateKey() calls the providers match - function to check if the private key specified matches the public key - of the certificate using EVP_PKEY_eq(). EVP_PKEY_eq() includes the - private key into the selector bits here, although the certificate - only contains the public key part. - - Signed-off-by: Ingo Franzki - Signed-off-by: Jan Hoeppner - - -Signed-off-by: Ingo Franzki ---- - libseckey/sk_provider.c | 18 ++++++++++++++---- - 1 file changed, 14 insertions(+), 4 deletions(-) - ---- a/libseckey/sk_provider.c -+++ b/libseckey/sk_provider.c -@@ -2216,13 +2216,23 @@ static int sk_prov_keymgmt_match(const s - - if (key1->type != key2->type) - return 0; -+ -+ if (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) { -+ /* match everything except private key */ -+ return default_match_fn(key1->default_key, key2->default_key, -+ selection & -+ (~OSSL_KEYMGMT_SELECT_PRIVATE_KEY)); -+ } -+ - if (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) { - if (key1->secure_key_size != key2->secure_key_size) - return 0; -- if (key1->secure_key_size > 0 && -- memcmp(key1->secure_key, key2->secure_key, -- key1->secure_key_size) != 0) -- return 0; -+ if (key1->secure_key_size > 0) { -+ if (memcmp(key1->secure_key, key2->secure_key, -+ key1->secure_key_size) != 0) -+ return 0; -+ selection &= (~OSSL_KEYMGMT_SELECT_PRIVATE_KEY); -+ } - } - - return default_match_fn(key1->default_key, key2->default_key, diff --git a/s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch b/s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch deleted file mode 100644 index 7b328eb..0000000 --- a/s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch +++ /dev/null @@ -1,103 +0,0 @@ -Subject: [PATCH] [BZ 197605] libseckey: Fix re-enciphering of EP11 secure key -From: Ingo Franzki - -Description: zkey: Fix re-enciphering of EP11 identity key of KMIP plugin -Symptom: When re-enciphering the identity key and/or wrapping key of the - zkey KMIP plugin via 'zkey kms reencipher', the operation - completes without an error, but the secure keys are left - un-reenciphered. A subsequent connection attempt with the KMIP - server will fail because the identity key is no longer valid. -Problem: The re-enciphered secure key is not copied back into the - key token buffer. Also, the the public key part, i.e. the MACed - SubjectPublicKeyInfo (SPKI) structure must also be re- - enciphered (i.e. re-MACed), since the MAC is calculated with - the EP11 master key. -Solution: Copy the re-enciphered secure key back into the key toke - buffer, and also re-encipher the public key part. -Reproduction: Perform a master key change on the EP11 APQNs used with the - KMIP plugin. -Upstream-ID: 4e2ebe0370d9fb036b7554d5ac5df4418dbe0397 -Problem-ID: 197605 - -Upstream-Description: - - libseckey: Fix re-enciphering of EP11 secure key - - The re-enciphering of EP11 asymmetric secure keys does not work. - First, the result of the re-encipher operation of the private key - part must be copied back into the user supplied key token buffer. - Second, the public key part, i.e. the MACed SubjectPublicKeyInfo - (SPKI) structure must also be re-enciphered (i.e. re-MACed), since - the MAC is calculated with the EP11 master key. - - Signed-off-by: Ingo Franzki - Signed-off-by: Jan Hoeppner - - -Signed-off-by: Ingo Franzki ---- - libseckey/sk_ep11.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 53 insertions(+) - ---- a/libseckey/sk_ep11.c -+++ b/libseckey/sk_ep11.c -@@ -1549,6 +1549,59 @@ int SK_EP11_reencipher_key(const struct - return -EIO; - } - -+ memcpy(blob, lrb.payload, lrb.pllen); -+ -+ /* re-encipher MACed SPKI */ -+ rb.domain = domain; -+ lrb.domain = domain; -+ -+ resp_len = sizeof(resp); -+ req_len = ep11.dll_xcpa_cmdblock(req, sizeof(req), XCP_ADM_REENCRYPT, -+ &rb, NULL, key_token + hdr->len, -+ key_token_length - hdr->len); -+ if (req_len < 0) { -+ sk_debug(debug, "Failed to build XCP command block"); -+ return -EIO; -+ } -+ -+ rv = ep11.dll_m_admin(resp, &resp_len, NULL, NULL, req, req_len, NULL, -+ 0, ep11_lib->target); -+ if (rv != CKR_OK || resp_len == 0) { -+ sk_debug(debug, "Command XCP_ADM_REENCRYPT failed. " -+ "rc = 0x%lx, resp_len = %ld", rv, resp_len); -+ return -EIO; -+ } -+ -+ rc = ep11.dll_xcpa_internal_rv(resp, resp_len, &lrb, &rv); -+ if (rc != 0) { -+ sk_debug(debug, "Failed to parse response. rc = %d", rc); -+ return -EIO; -+ } -+ -+ if (rv != CKR_OK) { -+ sk_debug(debug, "Failed to re-encrypt the EP11 secure key. " -+ "rc = 0x%lx", rv); -+ switch (rv) { -+ case CKR_IBM_WKID_MISMATCH: -+ sk_debug(debug, "The EP11 secure key is currently " -+ "encrypted under a different master that does " -+ "not match the master key in the CURRENT " -+ "master key register of APQN %02X.%04X", -+ card, domain); -+ break; -+ } -+ return -EIO; -+ } -+ -+ if (key_token_length - hdr->len != lrb.pllen) { -+ sk_debug(debug, "Re-encrypted EP11 secure key size has " -+ "changed: org-len: %lu, new-len: %lu", -+ hdr->len - sizeof(*hdr), lrb.pllen); -+ return -EIO; -+ } -+ -+ memcpy(key_token + hdr->len, lrb.payload, lrb.pllen); -+ - return 0; - } - diff --git a/s390-tools-sles15sp4-zdev-Fix-path-resolution-for-multi-mount-point-file-.patch b/s390-tools-sles15sp4-zdev-Fix-path-resolution-for-multi-mount-point-file-.patch deleted file mode 100644 index afde233..0000000 --- a/s390-tools-sles15sp4-zdev-Fix-path-resolution-for-multi-mount-point-file-.patch +++ /dev/null @@ -1,169 +0,0 @@ -Subject: [PATCH] [BZ 196440] zdev: Fix path resolution for multi-mount point file systems -From: Peter Oberparleiter - -Description: zdev: Fix path resolution for multi-mount point file systems -Symptom: Path resolution fails when a device provides multiple mount - points such as, for example, when using btrfs subvolumes, or - when mounting the same file system at multiple mount points. -Problem: The failure is caused by zdev relying on the MOUNTPOINT - attribute of lsblk's output which only contains a single - mount point. -Solution: Fix this by making use of lsblk's MOUNTPOINTS attribute that - contains the full list of mount points. -Reproduction: chzdev -f -e : In this case, if - the rootfs is soread across multiple devices, zdev adds only the - first device in to the initrd and the system does not boot. -Upstream-ID: 1faa5d2957eb82ab235778959d70a38062b7aa7d -Problem-ID: 196440 - -Upstream-Description: - - zdev: Fix path resolution for multi-mount point file systems - - zdev provides path resolution logic to determine which z-specific - devices contribute to the file system mounted at a specific mount point. - This logic is used by command-line option --by-path, but also to - determine the list of devices needed to enable the root file system. - - Path resolution fails when a device provides multiple mount points such - as, for example, when using btrfs subvolumes, or when mounting the same - file system at multiple mount points. The failure is caused by zdev - relying on the MOUNTPOINT attribute of lsblk's output which only - contains a single mount point. - - Fix this by making use of lsblk's MOUNTPOINTS attribute that contains - the full list of mount points. Note that MOUNTPOINTS was only introduced - with util-linux v2.37, therefore a fall-back to the old format is - needed. - - Fixes: https://github.com/ibm-s390-linux/s390-tools/issues/129 - Signed-off-by: Peter Oberparleiter - Reviewed-by: Jan Hoeppner - Reviewed-by: Vineeth Vijayan - Reviewed-by: Eduard Shishkin - Reported-by: Dan Horak - Signed-off-by: Jan Hoeppner - - -Signed-off-by: Peter Oberparleiter -Index: s390-tools-service/zdev/src/blkinfo.c -=================================================================== ---- s390-tools-service.orig/zdev/src/blkinfo.c -+++ s390-tools-service/zdev/src/blkinfo.c -@@ -7,6 +7,7 @@ - * it under the terms of the MIT license. See LICENSE for details. - */ - -+#include - #include - #include - #include -@@ -16,6 +17,7 @@ - #include "misc.h" - - #define LSBLK_CMDLINE "lsblk -P -o NAME,MAJ:MIN,FSTYPE,UUID,MOUNTPOINT,PKNAME 2>/dev/null" -+#define LSBLK_CMDLINE2 "lsblk -P -o NAME,MAJ:MIN,FSTYPE,UUID,MOUNTPOINTS,PKNAME 2>/dev/null" - - struct blkinfo { - struct devnode *devnode; -@@ -82,6 +84,26 @@ void blkinfo_print(struct blkinfo *blkin - printf("%*sparent=%s\n", level, "", blkinfo->parent); - } - -+/* Convert each occurrence of '\xnn' in @str to character with hex code . */ -+static void hex_unescape(char *str) -+{ -+ unsigned int c; -+ -+ while ((str = strstr(str, "\\x"))) { -+ if (isxdigit(str[2]) && isxdigit(str[3]) && -+ sscanf(str + 2, "%2x", &c) == 1) { -+ str[0] = (char)c; -+ -+ /* Move remainder of str including nul behind . */ -+ memmove(str + /* */ 1, -+ str + /* '\xnn' */ 4, -+ strlen(str + 4) + /* */ 1); -+ } -+ -+ str++; -+ } -+} -+ - static char *isolate_keyword(char **line_ptr, const char *keyword) - { - char *start, *end; -@@ -102,9 +124,11 @@ static char *isolate_keyword(char **line - return start; - } - --static struct blkinfo *blkinfo_from_line(char *line) -+static void add_blkinfos_from_line(struct util_list *blkinfos, -+ char *line) - { -- char *name, *majmin, *fstype, *uuid, *mountpoint, *parent; -+ char *name, *majmin, *fstype, *uuid, *mountpoint, *mountpoints, *parent; -+ struct blkinfo *blkinfo; - - name = isolate_keyword(&line, "NAME=\""); - majmin = isolate_keyword(&line, "MAJ:MIN=\""); -@@ -113,21 +137,45 @@ static struct blkinfo *blkinfo_from_line - fstype = isolate_keyword(&line, "FSTYPE=\""); - uuid = isolate_keyword(&line, "UUID=\""); - mountpoint = isolate_keyword(&line, "MOUNTPOINT=\""); -+ mountpoints = isolate_keyword(&line, "MOUNTPOINTS=\""); - parent = isolate_keyword(&line, "PKNAME=\""); - -- return blkinfo_new(name, majmin, fstype, uuid, mountpoint, parent); -+ if (!mountpoints) { -+ /* Handle old lsblk output format. */ -+ blkinfo = blkinfo_new(name, majmin, fstype, uuid, mountpoint, -+ parent); -+ ptrlist_add(blkinfos, blkinfo); -+ return; -+ } -+ -+ /* Restore newline mount point separator encoded as hex. */ -+ hex_unescape(mountpoints); -+ -+ /* Represent each mount point as a separate blkinfo to support -+ * resolution of multi-mount point file systems like btrfs -+ * subvolumes. */ -+ while ((mountpoint = strsep(&mountpoints, "\n"))) { -+ blkinfo = blkinfo_new(name, majmin, fstype, uuid, mountpoint, -+ parent); -+ ptrlist_add(blkinfos, blkinfo); -+ } - } - - static struct util_list *blkinfos_read(void) - { - char *output, *curr, *next; - struct util_list *blkinfos; -- struct blkinfo *blkinfo; - - if (cached_blkinfos) - return cached_blkinfos; - -- output = misc_read_cmd_output(LSBLK_CMDLINE, 0, 1); -+ output = misc_read_cmd_output(LSBLK_CMDLINE2, 0, 1); -+ if (output && !*output) { -+ /* No output might indicate no support for new lsblk command- -+ * line format - fall back to old format. */ -+ free(output); -+ output = misc_read_cmd_output(LSBLK_CMDLINE, 0, 1); -+ } - if (!output) - return NULL; - -@@ -136,9 +184,7 @@ static struct util_list *blkinfos_read(v - /* Iterate over each line. */ - next = output; - while ((curr = strsep(&next, "\n"))) { -- blkinfo = blkinfo_from_line(curr); -- if (blkinfo) -- ptrlist_add(blkinfos, blkinfo); -+ add_blkinfos_from_line(blkinfos, curr); - } - - free(output); diff --git a/s390-tools-sles15sp4-zdev-modify-the-lsblk-output-parser-in-lszdev.patch b/s390-tools-sles15sp4-zdev-modify-the-lsblk-output-parser-in-lszdev.patch deleted file mode 100644 index 5932192..0000000 --- a/s390-tools-sles15sp4-zdev-modify-the-lsblk-output-parser-in-lszdev.patch +++ /dev/null @@ -1,44 +0,0 @@ -Subject: [PATCH] [BZ 196072] zdev: modify the lsblk output parser in lszdev -From: Vineeth Vijayan - -Description: zdev: modify the lsblk output parser in lszdev -Symptom: lsblk parser function in lszdev not working -Problem: Version 2.37+ of util-linux modified the output - characters of lsblk,which breaks the parser function. -Solution: Align the parser function to support latest changes -Reproduction: execute lszdev --by-path / command -Upstream-ID: ad024c06e16ec4bba31d19fb848b42c67113143d -Problem-ID: 196072 - -Upstream-Description: - - zdev: modify the lsblk output parser in lszdev - - Since version 2.37.x, with the commit 58b510e58 ("libsmartcols: sanitize - variable names on export output"), util-linux changes the output - characters of lsblk, where the ":" is replaced with an "_". Align the - lsblk output parser function in lszdev as per this change. - - Signed-off-by: Vineeth Vijayan - Suggested-by: Peter Oberparleiter - Reported-by: Boris Fiuczynski - Reviewed-by: Peter Oberparleiter - Reviewed-by: Boris Fiuczynski - Tested-by: Boris Fiuczynski - Signed-off-by: Jan Hoeppner - - -Signed-off-by: Vineeth Vijayan -Index: s390-tools-service/zdev/src/blkinfo.c -=================================================================== ---- s390-tools-service.orig/zdev/src/blkinfo.c -+++ s390-tools-service/zdev/src/blkinfo.c -@@ -108,6 +108,8 @@ static struct blkinfo *blkinfo_from_line - - name = isolate_keyword(&line, "NAME=\""); - majmin = isolate_keyword(&line, "MAJ:MIN=\""); -+ if (!majmin) -+ majmin = isolate_keyword(&line, "MAJ_MIN=\""); - fstype = isolate_keyword(&line, "FSTYPE=\""); - uuid = isolate_keyword(&line, "UUID=\""); - mountpoint = isolate_keyword(&line, "MOUNTPOINT=\""); diff --git a/s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch b/s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch deleted file mode 100644 index 137a151..0000000 --- a/s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch +++ /dev/null @@ -1,70 +0,0 @@ -Subject: [PATCH] [BZ 197814] zdump/dfi: Fix segfault due to double free -From: Mikhail Zaslonko - -Description: zdump: segfault on zgetdump -i for multi-volume dump -Symptom: zgetdump --info may lead to the core dump when issued for - the device node (not a partition) right after installing - multi-volume dump tool (without taking actual dump). -Problem: Double free condition occurs on zg_close() call at the end of - the while loop in dfi_init() in scope of zgetdump processing. -Solution: Do not call zg_close() at the end of open_dump() function during - multi-volume dump initialization. -Reproduction: 1) Install multi-volume dump tool - 2) Run zgetdump -i using the device node of one of the dump - volumes as a parameter without taking actual dump. -Upstream-ID: c4e4b926b471da9c488a6468e6bd966512d1d14c -Problem-ID: 197814 - -Upstream-Description: - - zdump/dfi: Fix segfault due to double free - - The problem can happen when dfi_s390mv_init_gen() returns with an error - code to dfi_init() in dfi.c. - Double free condition occurs on zg_close() call at the end of the - while loop in dfi_init() if zg_close() has already been called for the - same file handle at the end of open_dump() function in scope of - dfi_s390mv_init_gen() processing. - This global file handle is not closed during init() call for any - other dump formats. Since it is not reopened/reused after open_dump() call - during multi-volume dump initialization, we should not close it at all. - - The problem can be reproduced in the following steps: - - 1) Install multi-volume dump tool - - # zipl -M mvdump.conf - Dump target: 2 partitions with a total size of 4732 MB. - Warning: All information on the following partitions will be lost! - /dev/dasdb2 - /dev/dasdb3 - Do you want to continue creating multi-volume dump partitions (y/n)?y - Done. - - 2) Run zgetdump -i using device (not partition) as a parameter without - taking actual dump. - - # zgetdump -i /dev/dasdb - free(): double free detected in tcache 2 - Aborted (core dumped) - - Signed-off-by: Mikhail Zaslonko - Reviewed-by: Alexander Egorenkov - Signed-off-by: Jan Hoeppner - - -Signed-off-by: Mikhail Zaslonko ---- - zdump/dfi_s390mv.c | 1 - - 1 file changed, 1 deletion(-) - ---- a/zdump/dfi_s390mv.c -+++ b/zdump/dfi_s390mv.c -@@ -556,7 +556,6 @@ static int open_dump(void) - } - if (mv_dumper_read() != 0) - return -ENODEV; -- zg_close(g.fh); - return 0; - } - diff --git a/s390-tools-sles15sp5-ap_tools-ap-check-use-new-mdevctl-install-location.patch b/s390-tools-sles15sp5-ap_tools-ap-check-use-new-mdevctl-install-location.patch new file mode 100644 index 0000000..fb88f3c --- /dev/null +++ b/s390-tools-sles15sp5-ap_tools-ap-check-use-new-mdevctl-install-location.patch @@ -0,0 +1,92 @@ +From 4b5937f142c7381e8cdad3ea3f55a4931a862488 Mon Sep 17 00:00:00 2001 +From: Matthew Rosato +Date: Tue, 15 Nov 2022 12:40:35 -0500 +Subject: [PATCH] ap_tools/ap-check: use new mdevctl install location +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +mdevctl has been updated to use /usr/lib/mdevctl/scripts.d/callouts/ +instead of /etc/mdevctl.d/scripts.d/callouts/. The /etc location +is considered deprecated, meaning mdevctl will also look at that +location for now but might eventually stop looking in /etc for +callout scripts. +Based on that, update the installation location for the ap-check +callout. However, because older versions of mdevctl will still +only look in /etc, let's also put a wrapper script in /etc for now +to provide backward compatibility, and plan to remove it at a +later time. + +Link: https://github.com/mdevctl/mdevctl/commit/df6bb57429ba7425e8b7901b0580ed7e616b6c4f +Fixes: https://github.com/ibm-s390-linux/s390-tools/issues/139 +Signed-off-by: Matthew Rosato +Reviewed-by: Jan Hoeppner +Reviewed-by: Boris Fiuczynski +Signed-off-by: Jan Höppner +--- + ap_tools/Makefile | 20 +++++++++++++++++--- + ap_tools/ap-check.sh | 15 +++++++++++++++ + 2 files changed, 32 insertions(+), 3 deletions(-) + create mode 100644 ap_tools/ap-check.sh + +diff --git a/ap_tools/Makefile b/ap_tools/Makefile +index 77fe4c3..a79624a 100644 +--- a/ap_tools/Makefile ++++ b/ap_tools/Makefile +@@ -1,8 +1,11 @@ + include ../common.mak + +-MDEVCTL_DIR = /etc/mdevctl.d/ +-MDEVCTL_SCRIPTS = /etc/mdevctl.d/scripts.d/ +-MDEVCTL_CALLOUTS = /etc/mdevctl.d/scripts.d/callouts/ ++MDEVCTL_DIR = /usr/lib/mdevctl/ ++MDEVCTL_SCRIPTS = /usr/lib/mdevctl/scripts.d/ ++MDEVCTL_CALLOUTS = /usr/lib/mdevctl/scripts.d/callouts/ ++MDEVCTL_DEP_DIR = /etc/mdevctl.d/ ++MDEVCTL_DEP_SCRIPTS = /etc/mdevctl.d/scripts.d/ ++MDEVCTL_DEP_CALLOUTS = /etc/mdevctl.d/scripts.d/callouts/ + + libs = $(rootdir)/libap/libap.a \ + $(rootdir)/libutil/libutil.a +@@ -32,6 +35,17 @@ install: all + fi; \ + $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 ap-check \ + $(DESTDIR)$(MDEVCTL_CALLOUTS) ++ @if [ ! -d $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS) ]; then \ ++ mkdir -p $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS); \ ++ chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_DIR); \ ++ chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_SCRIPTS); \ ++ chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS); \ ++ chmod 755 $(DESTDIR)$(MDEVCTL_DEP_DIR); \ ++ chmod 755 $(DESTDIR)$(MDEVCTL_DEP_SCRIPTS); \ ++ chmod 755 $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS); \ ++ fi; \ ++ $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 ap-check.sh \ ++ $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS) + endif + + clean: +diff --git a/ap_tools/ap-check.sh b/ap_tools/ap-check.sh +new file mode 100644 +index 0000000..d8a4e77 +--- /dev/null ++++ b/ap_tools/ap-check.sh +@@ -0,0 +1,15 @@ ++#!/bin/sh ++# ++# ap-check.sh - Wrapper script for 'ap-check' binary ++# ++# mdevctl has deprecated the /etc/mdevctl.d/scripts.d/callouts/ location in ++# newer releases. This wrapper ensures that mdevctl 1.2.0 and older can ++# still access 'ap-check' for now, and will be removed at a later time. ++# ++# Copyright 2022 IBM Corp. ++# ++# s390-tools is free software; you can redistribute it and/or modify ++# it under the terms of the MIT license. See LICENSE for details. ++# ++ ++[ -e /usr/lib/mdevctl/scripts.d/callouts/ap-check ] && /usr/lib/mdevctl/scripts.d/callouts/ap-check "$@" +-- +2.35.3 + diff --git a/s390-tools-sles15sp5-fix-chown-commands-syntax.patch b/s390-tools-sles15sp5-fix-chown-commands-syntax.patch new file mode 100644 index 0000000..8299b7f --- /dev/null +++ b/s390-tools-sles15sp5-fix-chown-commands-syntax.patch @@ -0,0 +1,143 @@ +--- s390-tools-2.24.0/ap_tools/Makefile 2022-11-09 11:11:48.000000000 -0500 ++++ s390-tools-2.24.0/ap_tools/Makefile 2022-12-01 15:33:30.953373912 -0500 +@@ -26,9 +26,9 @@ + install: all + @if [ ! -d $(DESTDIR)$(MDEVCTL_CALLOUTS) ]; then \ + mkdir -p $(DESTDIR)$(MDEVCTL_CALLOUTS); \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_DIR); \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_SCRIPTS); \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_CALLOUTS); \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(MDEVCTL_DIR); \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(MDEVCTL_SCRIPTS); \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(MDEVCTL_CALLOUTS); \ + chmod 755 $(DESTDIR)$(MDEVCTL_DIR); \ + chmod 755 $(DESTDIR)$(MDEVCTL_SCRIPTS); \ + chmod 755 $(DESTDIR)$(MDEVCTL_CALLOUTS); \ +@@ -37,9 +37,9 @@ + $(DESTDIR)$(MDEVCTL_CALLOUTS) + @if [ ! -d $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS) ]; then \ + mkdir -p $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS); \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_DIR); \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_SCRIPTS); \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS); \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_DIR); \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_SCRIPTS); \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS); \ + chmod 755 $(DESTDIR)$(MDEVCTL_DEP_DIR); \ + chmod 755 $(DESTDIR)$(MDEVCTL_DEP_SCRIPTS); \ + chmod 755 $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS); \ +--- s390-tools-2.24.0/hmcdrvfs/Makefile2022-11-09 11:11:48.000000000 -0500 ++++ s390-tools-2.24.0/hmcdrvfs/Makefile 2022-12-01 15:33:42.825238489 -0500 +@@ -52,7 +52,7 @@ + cat $$i | \ + sed -e 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \ + >$(DESTDIR)$(USRSBINDIR)/$$i; \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(USRSBINDIR)/$$i; \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(USRSBINDIR)/$$i; \ + chmod 755 $(DESTDIR)$(USRSBINDIR)/$$i; \ + done + +--- s390-tools-2.24.0/hsci/Makefile 2022-11-09 11:11:48.000000000 -0500 ++++ s390-tools-2.24.0/hsci/Makefile 2022-12-01 15:33:53.029122092 -0500 +@@ -5,7 +5,7 @@ + install: hsci + $(SED) -e 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \ + < hsci >$(DESTDIR)$(BINDIR)/hsci; \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(BINDIR)/hsci; \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(BINDIR)/hsci; \ + chmod 755 $(DESTDIR)$(BINDIR)/hsci; \ + $(INSTALL) -d -m 755 $(DESTDIR)$(BINDIR) $(DESTDIR)$(MANDIR)/man8 + $(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 hsci.8 \ +--- s390-tools-2.24.0/ip_watcher/Makefile 2022-11-09 11:11:48.000000000 -0500 ++++ s390-tools-2.24.0/ip_watcher/Makefile 2022-12-01 15:34:09.116938576 -0500 +@@ -12,7 +12,7 @@ + install: ip_watcher.pl xcec-bridge start_hsnc.sh + $(SED) -e 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \ + < start_hsnc.sh >$(DESTDIR)$(USRSBINDIR)/start_hsnc.sh; \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(USRSBINDIR)/start_hsnc.sh; \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(USRSBINDIR)/start_hsnc.sh; \ + chmod 755 $(DESTDIR)$(USRSBINDIR)/start_hsnc.sh; \ + $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 ip_watcher.pl \ + $(DESTDIR)$(USRSBINDIR) +--- s390-tools-2.24.0/netboot/Makefile 2022-11-09 11:11:48.000000000 -0500 ++++ s390-tools-2.24.0/netboot/Makefile 2022-12-01 15:34:28.212720750 -0500 +@@ -15,13 +15,13 @@ + install-scripts: $(SCRIPTS) + @if [ ! -d $(DESTDIR)$(NETBOOT_SAMPLEDIR) ]; then \ + mkdir -p $(DESTDIR)$(NETBOOT_SAMPLEDIR); \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(NETBOOT_SAMPLEDIR); \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(NETBOOT_SAMPLEDIR); \ + chmod 755 $(DESTDIR)$(NETBOOT_SAMPLEDIR); \ + fi; \ + for i in $^; do \ + $(SED) -e 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \ + < $$i >$(DESTDIR)$(NETBOOT_SAMPLEDIR)/$$i; \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(NETBOOT_SAMPLEDIR)/$$i; \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(NETBOOT_SAMPLEDIR)/$$i; \ + chmod 755 $(DESTDIR)$(NETBOOT_SAMPLEDIR)/$$i; \ + done + +--- s390-tools-2.24.0/qethconf/Makefile 2022-11-09 11:11:48.000000000 -0500 ++++ s390-tools-2.24.0/qethconf/Makefile 2022-12-01 15:34:39.356593630 -0500 +@@ -5,7 +5,7 @@ + install: qethconf + $(SED) -e 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \ + < qethconf >$(DESTDIR)$(BINDIR)/qethconf; \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(BINDIR)/qethconf; \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(BINDIR)/qethconf; \ + chmod 755 $(DESTDIR)$(BINDIR)/qethconf; \ + $(INSTALL) -d -m 755 $(DESTDIR)$(BINDIR) $(DESTDIR)$(MANDIR)/man8 + $(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 qethconf.8 \ +--- s390-tools-2.24.0/zconf/Makefile 2022-11-09 11:11:48.000000000 -0500 ++++ s390-tools-2.24.0/zconf/Makefile 2022-12-01 15:36:10.583552975 -0500 +@@ -25,7 +25,7 @@ + cat $$i | \ + sed -e 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \ + >$(DESTDIR)$(BINDIR)/$$i; \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(BINDIR)/$$i; \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(BINDIR)/$$i; \ + chmod 755 $(DESTDIR)$(BINDIR)/$$i; \ + done + +@@ -34,15 +34,15 @@ + cat $$i | \ + sed -e 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \ + >$(DESTDIR)$(USRSBINDIR)/$$i; \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(USRSBINDIR)/$$i; \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(USRSBINDIR)/$$i; \ + chmod 755 $(DESTDIR)$(USRSBINDIR)/$$i; \ + done + + install-manpages: $(MANPAGES) + @if [ ! -d $(DESTDIR)$(MANDIR) ]; then \ + mkdir -p $(DESTDIR)$(MANDIR)/man8; \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(MANDIR); \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(MANDIR)/man8; \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(MANDIR); \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(MANDIR)/man8; \ + chmod 755 $(DESTDIR)$(MANDIR); \ + chmod 755 $(DESTDIR)$(MANDIR)/man8; \ + fi; \ +--- s390-tools-2.24.0/ziomon/Makefile 2022-11-09 11:11:48.000000000 -0500 ++++ s390-tools-2.24.0/ziomon/Makefile 2022-12-01 15:36:38.159238416 -0500 +@@ -43,17 +43,17 @@ + install: all + $(SED) -e 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \ + < ziomon > $(DESTDIR)$(USRSBINDIR)/ziomon; +- chown $(OWNER).$(GROUP) $(DESTDIR)$(USRSBINDIR)/ziomon; ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(USRSBINDIR)/ziomon; + chmod 755 $(DESTDIR)$(USRSBINDIR)/ziomon; + $(SED) -e \ + 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \ + < ziomon_fcpconf > $(DESTDIR)$(USRSBINDIR)/ziomon_fcpconf; +- chown $(OWNER).$(GROUP) $(DESTDIR)$(USRSBINDIR)/ziomon_fcpconf; ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(USRSBINDIR)/ziomon_fcpconf; + chmod 755 $(DESTDIR)$(USRSBINDIR)/ziomon_fcpconf; + $(SED) -e \ + 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \ + < ziorep_config > $(DESTDIR)$(USRSBINDIR)/ziorep_config; +- chown $(OWNER).$(GROUP) $(DESTDIR)$(USRSBINDIR)/ziorep_config; ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(USRSBINDIR)/ziorep_config; + chmod 755 $(DESTDIR)$(USRSBINDIR)/ziorep_config; + $(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 ziomon.8 \ + $(DESTDIR)$(MANDIR)/man8 diff --git a/s390-tools-sles15sp5-remove-no-pie-link-arguments.patch b/s390-tools-sles15sp5-remove-no-pie-link-arguments.patch new file mode 100644 index 0000000..bccd52a --- /dev/null +++ b/s390-tools-sles15sp5-remove-no-pie-link-arguments.patch @@ -0,0 +1,13 @@ +--- s390-tools-2.24.0/common.mak 2022-11-09 11:11:48.000000000 -0500 ++++ s390-tools-2.24.0/common.mak 2022-11-28 09:46:19.055653319 -0500 +@@ -254,8 +254,8 @@ + LDFLAGS CPPFLAGS ALL_CFLAGS ALL_CXXFLAGS ALL_LDFLAGS ALL_CPPFLAGS + + ifneq ($(shell $(CC_SILENT) -dumpspecs 2>/dev/null | grep -e '[^f]no-pie'),) +- NO_PIE_CFLAGS := -fno-pie +- NO_PIE_LDFLAGS := -no-pie ++ NO_PIE_CFLAGS := ++ NO_PIE_LDFLAGS := + else + NO_PIE_CFLAGS := + NO_PIE_LDFLAGS := diff --git a/s390-tools-sles15sp5-util_lockfile-fix-includes.patch b/s390-tools-sles15sp5-util_lockfile-fix-includes.patch new file mode 100644 index 0000000..1b7664b --- /dev/null +++ b/s390-tools-sles15sp5-util_lockfile-fix-includes.patch @@ -0,0 +1,35 @@ +From 5e0056db8d7e8aaa252388fea0752071bd3667ec Mon Sep 17 00:00:00 2001 +From: Steffen Eiden +Date: Wed, 30 Nov 2022 15:22:15 +0100 +Subject: [PATCH] util_lockfile: fix includes +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The 'unistd.h' header was missing. Under some circumstances the +-D_GNU_SOURCE gcc flag does not trigger including that file. +Therefore, explicitly include this file here. + +Fixes: e1aec24e8436 ("libutil: introduce util_lockfile") +Signed-off-by: Steffen Eiden +Reviewed-by: Jan Hoeppner +Signed-off-by: Jan Höppner +--- + libutil/util_lockfile.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libutil/util_lockfile.c b/libutil/util_lockfile.c +index d657664..5440442 100644 +--- a/libutil/util_lockfile.c ++++ b/libutil/util_lockfile.c +@@ -18,6 +18,7 @@ + #include + #include + #include ++#include + + #include "lib/util_libc.h" + #include "lib/util_lockfile.h" +-- +2.35.3 + diff --git a/s390-tools-sles15sp5-zipl-boot-disable-Warray-bounds-for-now.patch b/s390-tools-sles15sp5-zipl-boot-disable-Warray-bounds-for-now.patch new file mode 100644 index 0000000..54c7901 --- /dev/null +++ b/s390-tools-sles15sp5-zipl-boot-disable-Warray-bounds-for-now.patch @@ -0,0 +1,16 @@ +This work around fixes a gcc-12 false positive by disabling `Warray-bounds`. +It is similar in intent as the previous +s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch + +--- s390-tools-2.24.0/zipl/boot/Makefile 2022-11-09 17:11:48.000000000 +0100 ++++ s390-tools-2.24.0/zipl/boot/Makefile 2022-12-02 23:16:30.513062000 +0100 +@@ -10,7 +10,8 @@ + -fno-delete-null-pointer-checks -fno-stack-protector \ + -fexec-charset=IBM1047 -m64 -mpacked-stack \ + -mstack-size=4096 -mstack-guard=128 -msoft-float \ +- -W -Wall -Wformat-security -fno-sanitize=all ++ -W -Wall -Wformat-security -fno-sanitize=all \ ++ -Wno-array-bounds + ALL_LDFLAGS += -fno-sanitize=all + + FILES = fba0.bin fba1b.bin fba2.bin \ diff --git a/s390-tools.changes b/s390-tools.changes index 911d047..44890bb 100644 --- a/s390-tools.changes +++ b/s390-tools.changes @@ -1,3 +1,214 @@ +------------------------------------------------------------------- +Tue Dec 6 19:39:22 UTC 2022 - Mark Post + +- Made extensive changes to the spec file to accomodate building + this package on both openSUSE, which has implemented the + "usrmerge" project, and SLES, which has not. This was accomplished + by checking the usrmerged variable, and setting the value of the + _mysbindir variable, accordingly. The files identified in the + Thu May 26 2022 changelog entry, and also listed below, now have + two versions. One for SLES, and one for openSUSE, with either + ".suse" or ".opensuse" appended to the file name. The appropriate + SOURCE variable is selected based on the usrmerged variable, and + installed with the ".suse" or ".opensuse" suffix stripped from + the name. + * 59-graf.rules + * dasd_configure + * dasd_reload + * detach_disks.sh + * iucv_configure + * killcdl + * mkdump.pl + * README.SUSE + * s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch + * virtsetup.sh + * vmlogrdr.service + +------------------------------------------------------------------- +Mon Nov 28 14:26:18 UTC 2022 - Mark Post + +- Updated to version 2.24.0 (jsc#PED-627) + * __v2.24.0 (2022-11-09)__ + For Linux kernel version: 6.0 + Add new tools / libraries: + - Provide config files for checkpatch, codespell, and clang-format + Changes of existing tools: + - dbginfo.sh: Collect log from various distro tools (YaST, DNF, Anaconda) + - dbginfo.sh: add Kubernetes data collection + - libutil: Introduce util_lockfile + - zdev: Add site-aware device configuration + - zdump: Add support to read Protected Virtualization dumps + - zipl/boot: Add secure boot trailer + Bug Fixes: + - ap_tools/ap-check: Reject start for control domains without usage + - cpumf/lshwc: Fix incremented counter output + - cpumf/pai: Fix core dump when summary flag set + - dbginfo.sh: Ensure compatibility with /bin/dash shell + - dbginfo.sh: Save dbginfo.sh version to dbginfo.log + - zipl/src/zipl_helper.device-mapper: Fix bug in error path + * __v2.23.0 (2022-08-18)__ + For Linux kernel version: 5.19 + Changes of existing tools: + - Makefile: use common Make definition for DRACUTDIR + - Makefile: use common Make definition for UDEVDIR and UDEVRULESDIR + - cpacfstats: Add PAI and hotplug support + - cpumf/pai: Omit file write progress information + - dbginfo.sh: Get more details on lspci command + - dumpconf: Prevent running the service in containers + - libcpumf: Detect PMU named pai_ext + - pvattest: Improve error reporting and logging + - zdev: Add some --type ap examples to manpages + - zkey: Use default benchmarked Argon2i with LUKS2 + Bug Fixes: + - dbginfo.sh: Fix accidental ftrace buffer shrinkage/free + - genprotimg: Fix BIO_reset() returncode handling + - libpv: Fix dependency checking + - pvattest: Fix dependency checking + - zipl: Fix segmentation fault when no parmline is provided + * __v2.22.0 (2022-06-20)__ + For Linux kernel version: 5.18 + Add new tools / libraries: + - ap_tools: Introduce ap_tools and the ap-check tool + - cpumf/pai: Add Processor Activity Instrumentation tool + - libpv: New library for PV tools + - pvattest: Add new tool to create, perform, and verify attestation measurements + - zipl/zdump: Add Next Gen Dump (NGDump) support + Changes of existing tools: + - Move man pages to System commands section (lscpumf, lshwc, pai, dbginfo.sh, zfcpdbf, zipl-switch-to-blscfg) + - README.md: Add 70-chreipl-fcp-mpath.rules to the list of udev rule descriptions + - Remove SysV related daemon scripts (cpacfstatsd, cpuplugd, mon_statd) + - genprotimg: Move man page to section 1 for user commands + - hyptop: increase initial update interval + - libseckey: Adapt keymgmt_match() implementation to OpenSSL + - libutil: Add util_exit_code + - libutil: Introduce util_udev + - zdev: Introduce the ap device type + - zipl-editenv: Add zIPL multienvironment support + - zipl: Implement sorting BLS entries by versions + - zkey: Add initramfs hook + Bug Fixes: + - cmsfs-fuse: Fix enabling of hard_remove option + - s390-tools: Fix typos that were detected by lintian as 'typo-in-manual-page' + - zkey-kmip: Fix possible use after free + - zkey: Fix EP11 host library version checking + - zkey_kmip: Setup ext-lib once the APQNs have been configured + * __v2.21.0 (2022-04-20)__ + For Linux kernel version: 5.17 + Add new tools / libraries: + - libcpumf: Create library libcpumf for CPU Measurement functions + Changes of existing tools: + - chreipl-fcp-mpath: bundle a pre-cooked version of the manpage for build + environments without access to `pandoc` + - dbginfo.sh: Add multipath info to map paths to FC addressing and prio group + - dbginfo.sh: Collect config files of systemd-modules-load.service + - dbginfo.sh: Sort list of environment variables for readability + - dbginfo.sh: Replace "which" by builtin command "type" + - dbginfo.sh: Rework script formatting (indents, order) + - dbginfo.sh: Update sysfs collection (excludes, messages) + - genprotimg: Add Protected Virtualization (PV) dump support + - genprotimg: Remove DigiCert root CA pinning + - lszcrypt: Add CEX8S support + - zcryptctl: Add control domain handling + - zcryptstats: Add CEX8 support + - zipl: Allow optional entries that are left out when files are missing + - zipl: make IPL sections defined with BLS to inherit a target field + - zpcictl: Add option to trigger firmware reset + Bug Fixes: + - cpictl: Handle excessive kernel version numbers + - dbginfo.sh: Collect all places where modprobe.d config files could exist + - fdasd: Fix endless menu loop on EOF + - zdump/dfi: Fix segfault due to double free + - zdump: Fix /dev/mem reading + - zpcictl: Fix race of SCLP reset and Linux recovery + * __v2.20.0 (2022-02-04)__ + For Linux kernel version: 5.16 + Add new tools / libraries: + - Add EditorConfig configuration + Changes of existing tools: + - s390-tools switches to Fuse 3 as Fuse 2 is deprecated. + Affected tools: cmsfs, hmcdrvfs, hsavmcore, zdsfs, zdump + - chreipl-fcp-mpath: don't compress the manpage before installing it + - cpictl: Report extended version information + - genprotimg: Add extended kernel command line support + - zdev: modify the lsblk output parser in lszdev + - zipl: Add support for longer kernel command lines (now supports up to 64k length) + Bug Fixes: + - cpictl: Suppress messages for unwritable sysfs files + - dbginfo.sh: Fix missing syslog for step create_package + - lshwc: Fix CPU list parameter setup for device driver + - zdev: Check for errors when removing a devtype setting + - zdev: Fix path resolution for multi-mount point file systems +- Updated s390-tools-sles15sp3-remove-no-pie-link-arguments.patch + to fit the new version, and renamed it to + s390-tools-sles15sp5-remove-no-pie-link-arguments.patch. +- Added s390-tools-sles15sp5-util_lockfile-fix-includes.patch to fix a + compilation problem. One source file was missing an include statement + for unistd.h. +- Added s390-tools-sles15sp5-ap_tools-ap-check-use-new-mdevctl-install-location.patch + An executable binary was being installed under /etc, which is + an FHS violation. +- Modified spec file to + * Change BuildRequires for fuse-devel to fuse3-devel. + * Remove obsolete BuildRequires for libpfm-devel + * Add a BuildRequires for mdevctl and systemd-devel + * Added a %files entry for dir %{_prefix}/lib/dracut/modules.d/99ngdump + * Added %config(noreplace) for the new file %{_sysconfdir}/ziplenv + * Uncomment the %files entry for %{_mandir}/man7/chreipl-fcp-mpath.7%{?ext_man} + Specifying ENABLE_DOC=1 is no longer needed for it to be generated. + * Add %dir entries for + %{_prefix}/lib/mdevctl, + %{_prefix}/lib/mdevctl/scripts.d, and + %{_prefix}/lib/mdevctl/scripts.d/callouts + NOTE that these directories do not belong to this package, but + the mdevctl package has yet to be updated to claim them. So, + until that happens, we have to temporarily claim ownership of + them for the s390-tools package to build. +- Updated the s390-tools-rpmlintrc file to suppress two warnings about + the /boot/zipl/active_devices.txt file. +- Removed the following obsolete patches: + * s390-tools-sles15sp4-chreipl-fcp-mpath-don-t-compress-the-manpage-before-.patch + * s390-tools-sles15sp4-chreipl-fcp-mpath-remove-shebang-from-chreipl-fcp-mp.patch + * s390-tools-sles15sp4-zdev-modify-the-lsblk-output-parser-in-lszdev.patch + * s390-tools-sles15sp4-zdev-Fix-path-resolution-for-multi-mount-point-file-.patch + * s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinning.patch + * s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch + * s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch + * s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch + * s390-tools-sles15sp4-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch + * s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch + * s390-tools-sles15sp4-hyptop-increase-initial-update-interval.patch + * s390-tools-sles15sp4-zipl-boot-add-secure-boot-trailer.patch +- Added s390-tools-sles15sp5-zipl-boot-disable-Warray-bounds-for-now.patch + With this version, the same false positive of "array subscript 0 + is outside array bounds" that was previously seen in the + genprotimage/boot directory is now happening in zipl/boot. +- Added s390-tools-sles15sp5-fix-chown-commands-syntax.patch to + eliminate a bunch of warnings. The new version of chown complains + if the deprecated 'owner.group' syntax is used instead of the + 'owner:group' syntax. + +------------------------------------------------------------------- +Thu Nov 3 16:17:13 UTC 2022 - Mark Post + +- Added s390-tools-sles15sp4-zipl-boot-add-secure-boot-trailer.patch + for bsc#1204965. New IBM Z firmware requires all signed boot + images to contain a trailing data block with a specific format. + +------------------------------------------------------------------- +Mon Jul 18 15:41:43 UTC 2022 - Mark Post + +- Added s390-tools-sles15sp4-hyptop-increase-initial-update-interval.patch + for bsc#1201412. Initial iteration of hyptop can produce bloated values + independent from the update delay set by the user. + +------------------------------------------------------------------- +Thu Jun 2 16:45:38 UTC 2022 - Mark Post + +- Added s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch + to fix a build failure with gcc12. With gcc12, a "false positive" + of "array subscript 0 is outside array bounds" is seen in + genprotimg/boot/stage3a.c (bsc#1200131). + ------------------------------------------------------------------- Thu May 26 17:03:32 UTC 2022 - Mark Post diff --git a/s390-tools.spec b/s390-tools.spec index 8a0cabb..520a7d0 100644 --- a/s390-tools.spec +++ b/s390-tools.spec @@ -26,9 +26,14 @@ %define _modprobedir /lib/modprobe.d %endif %global modprobe_d_files 90-s390-tools.conf +%if 0%{?usrmerged} +%define _mysbindir %{_sbindir} +%else +%define _mysbindir /sbin +%endif Name: s390-tools -Version: 2.19.0 +Version: 2.24.0 Release: 0 Summary: S/390 tools like zipl and dasdfmt License: MIT @@ -44,17 +49,30 @@ Source6: sysconfig.xpram Source7: appldata Source8: sysconfig.appldata Source10: dasdro -Source11: dasd_reload -Source12: mkdump.pl +%if 0%{?usrmerged} +Source11: dasd_reload.opensuse +Source12: mkdump.pl.opensuse +%else +Source11: dasd_reload.suse +Source12: mkdump.pl.suse +%endif Source13: sysconfig.osasnmpd Source14: zfcp_san_disc Source15: mkdump.8 Source18: zpxe.rexx Source19: rules.xpram Source20: rules.hw_random -Source21: 59-graf.rules +%if 0%{?usrmerged} +Source21: 59-graf.rules.opensuse +%else +Source21: 59-graf.rules.suse +%endif Source22: s390-tools-zdsfs.caution.txt -Source23: README.SUSE +%if 0%{?usrmerged} +Source23: README.SUSE.opensuse +%else +Source23: README.SUSE.suse +%endif Source24: cputype Source25: cputype.1 Source26: cio_ignore.service @@ -62,15 +80,28 @@ Source27: setup_cio_ignore.sh Source28: 59-prng.rules Source29: 59-zfcp-compat.rules Source30: 90-s390-tools.conf -Source31: detach_disks.sh -Source32: killcdl +%if 0%{?usrmerged} +Source31: detach_disks.sh.opensuse +Source32: killcdl.opensuse +%else +Source31: detach_disks.sh.suse +Source32: killcdl.suse +%endif Source33: lgr_check Source34: sysconfig.virtsetup Source35: virtsetup.service -Source36: virtsetup.sh +%if 0%{?usrmerged} +Source36: virtsetup.sh.opensuse +%else +Source36: virtsetup.sh.suse +%endif Source37: appldata.service Source38: hsnc.service -Source39: vmlogrdr.service +%if 0%{?usrmerged} +Source39: vmlogrdr.service.opensuse +%else +Source39: vmlogrdr.service.suse +%endif Source40: xpram.service Source41: pkey.conf @@ -79,8 +110,13 @@ Source41: pkey.conf Source86: read_values.c Source87: read_values.8 Source88: ctc_configure -Source89: dasd_configure -Source90: iucv_configure +%if 0%{?usrmerged} +Source89: dasd_configure.opensuse +Source90: iucv_configure.opensuse +%else +Source89: dasd_configure.suse +Source90: iucv_configure.suse +%endif Source91: qeth_configure Source92: zfcp_disk_configure Source93: zfcp_host_configure @@ -93,22 +129,18 @@ Source99: zfcp_host_configure.8 ### # IBM patches -Patch001: s390-tools-sles15sp4-chreipl-fcp-mpath-don-t-compress-the-manpage-before-.patch -Patch002: s390-tools-sles15sp4-chreipl-fcp-mpath-remove-shebang-from-chreipl-fcp-mp.patch -Patch003: s390-tools-sles15sp4-zdev-modify-the-lsblk-output-parser-in-lszdev.patch -Patch004: s390-tools-sles15sp4-zdev-Fix-path-resolution-for-multi-mount-point-file-.patch -Patch005: s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinning.patch -Patch006: s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch -Patch007: s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch -Patch008: s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch -Patch009: s390-tools-sles15sp4-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch -Patch010: s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch - +Patch001: s390-tools-sles15sp5-zipl-boot-disable-Warray-bounds-for-now.patch +Patch002: s390-tools-sles15sp5-util_lockfile-fix-includes.patch +Patch003: s390-tools-sles15sp5-ap_tools-ap-check-use-new-mdevctl-install-location.patch # SUSE patches Patch900: s390-tools-sles12-zipl_boot_msg.patch Patch901: s390-tools-sles15-sysconfig-compatible-dumpconf.patch Patch902: s390-tools-sles12-create-filesystem-links.patch -Patch903: s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch +%if 0%{?usrmerged} +Patch903: s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.opensuse +%else +Patch903: s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.suse +%endif Patch904: s390-tools-sles15sp3-Allow-multiple-device-arguments.patch Patch905: s390-tools-sles15sp3-Format-devices-in-parallel.patch Patch906: s390-tools-sles15sp3-Implement-Y-yast_mode.patch @@ -116,11 +148,12 @@ Patch907: s390-tools-sles15sp3-Implement-f-for-backwards-compability.patch Patch908: s390-tools-sles15sp3-dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch Patch909: s390-tools-sles12-fdasd-skip-partition-check-and-BLKRRPART-ioctl.patch Patch910: s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch -Patch911: s390-tools-sles15sp3-remove-no-pie-link-arguments.patch +Patch911: s390-tools-sles15sp5-remove-no-pie-link-arguments.patch +Patch999: s390-tools-sles15sp5-fix-chown-commands-syntax.patch BuildRequires: curl-devel BuildRequires: dracut -BuildRequires: fuse-devel +BuildRequires: fuse3-devel BuildRequires: gcc-c++ BuildRequires: gettext-tools BuildRequires: glib2-devel @@ -128,13 +161,14 @@ BuildRequires: glibc-devel-static BuildRequires: kernel-zfcpdump BuildRequires: libcryptsetup-devel > 2.0.3 BuildRequires: libjson-c-devel -BuildRequires: libpfm-devel BuildRequires: libxml2-devel +BuildRequires: mdevctl BuildRequires: ncurses-devel BuildRequires: net-snmp-devel BuildRequires: openssl-devel >= 1.1.1l BuildRequires: pesign-obs-integration BuildRequires: qclib-devel-static +BuildRequires: systemd-devel BuildRequires: tcpd-devel BuildRequires: zlib-devel-static # Don't build with pie to avoid problems with zipl @@ -312,7 +346,14 @@ popd install -m 755 read_values %{buildroot}/%{_bindir}/ install -m644 -t %{buildroot}/%{_mandir}/man8 %{SOURCE87} + +# The "usrmerge" has happened in openSUSE:Factory, but not yet in SLES. +# Make sure we look for the zfcpdump kernel image in the right place. +%if 0%{?usrmerged} install -D -m600 %{_prefix}/lib/modules/*-zfcpdump/image %{buildroot}%{_prefix}/lib/s390-tools/zfcpdump/zfcpdump-image +%else +install -D -m600 /boot/image-*-zfcpdump %{buildroot}%{_prefix}/lib/s390-tools/zfcpdump/zfcpdump-image +%endif install -D -m644 etc/cpuplugd.conf %{buildroot}%{_sysconfdir}/cpuplugd.conf install -D -m644 etc/udev/rules.d/40-z90crypt.rules %{buildroot}%{_prefix}/lib/udev/rules.d/40-z90crypt.rules @@ -342,11 +383,11 @@ install -D -m755 %{SOURCE5} %{buildroot}%{_prefix}/lib/systemd/scripts/xpram install -D -m644 %{SOURCE6} %{buildroot}%{_fillupdir}/sysconfig.xpram install -D -m755 %{SOURCE7} %{buildroot}%{_prefix}/lib/systemd/scripts/appldata install -D -m644 %{SOURCE8} %{buildroot}%{_fillupdir}/sysconfig.appldata -install -D -m755 %{SOURCE10} %{buildroot}%{_sbindir}/dasdro -install -D -m755 %{SOURCE11} %{buildroot}%{_sbindir}/dasd_reload -install -D -m755 %{SOURCE12} %{buildroot}%{_sbindir}/mkdump +install -D -m755 %{SOURCE10} %{buildroot}%{_mysbindir}/dasdro +install -D -m755 %{SOURCE11} %{buildroot}%{_mysbindir}/dasd_reload +install -D -m755 %{SOURCE12} %{buildroot}%{_mysbindir}/mkdump install -D -m644 %{SOURCE13} %{buildroot}%{_fillupdir}/sysconfig.osasnmpd -install -D -m755 %{SOURCE14} %{buildroot}%{_sbindir}/zfcp_san_disc +install -D -m755 %{SOURCE14} %{buildroot}%{_mysbindir}/zfcp_san_disc install -D -m644 %{SOURCE15} %{buildroot}/%{_mandir}/man8 install -D -m644 %{SOURCE19} %{buildroot}%{_prefix}/lib/udev/rules.d/52-xpram.rules install -D -m644 %{SOURCE20} %{buildroot}%{_prefix}/lib/udev/rules.d/52-hw_random.rules @@ -354,26 +395,26 @@ install -D -m644 %{SOURCE21} %{buildroot}%{_prefix}/lib/udev/rules.d/59-graf.rul install -D -m644 %{SOURCE28} %{buildroot}%{_prefix}/lib/udev/rules.d/59-prng.rules install -D -m644 %{SOURCE29} %{buildroot}%{_prefix}/lib/udev/rules.d/59-zfcp-compat.rules install -D -m644 %{SOURCE30} %{buildroot}%{_modprobedir}/90-s390-tools.conf -install -D -m755 %{SOURCE32} %{buildroot}%{_sbindir}/killcdl -install -D -m755 %{SOURCE33} %{buildroot}%{_sbindir}/lgr_check +install -D -m755 %{SOURCE32} %{buildroot}%{_mysbindir}/killcdl +install -D -m755 %{SOURCE33} %{buildroot}%{_mysbindir}/lgr_check install -D -m644 %{SOURCE34} %{buildroot}%{_fillupdir}/sysconfig.virtsetup -if [ ! -d %{_sbindir} ]; then - rm -f %{_sbindir} - mkdir -p %{_sbindir} +if [ ! -d %{_mysbindir} ]; then + rm -f %{_mysbindir} + mkdir -p %{_mysbindir} fi -(cd usr/sbin; ln -s service rcappldata) -(cd usr/sbin; ln -s service rchsnc) -(cd usr/sbin; ln -s service rcvmlogrdr) -(cd usr/sbin; ln -s service rcxpram) -(cd usr/sbin; ln -s service rccio_ignore) -(cd usr/sbin; ln -s service rccpacfstatsd) -(cd usr/sbin; ln -s service rccpi) -(cd usr/sbin; ln -s service rccpuplugd) -(cd usr/sbin; ln -s service rcdumpconf) -(cd usr/sbin; ln -s service rcmon_fsstatd) -(cd usr/sbin; ln -s service rcmon_procd) -(cd usr/sbin; ln -s service rcvirtsetup) +(cd %{buildroot}%{_sbindir}; ln -s service rcappldata) +(cd %{buildroot}%{_sbindir}; ln -s service rchsnc) +(cd %{buildroot}%{_sbindir}; ln -s service rcvmlogrdr) +(cd %{buildroot}%{_sbindir}; ln -s service rcxpram) +(cd %{buildroot}%{_sbindir}; ln -s service rccio_ignore) +(cd %{buildroot}%{_sbindir}; ln -s service rccpacfstatsd) +(cd %{buildroot}%{_sbindir}; ln -s service rccpi) +(cd %{buildroot}%{_sbindir}; ln -s service rccpuplugd) +(cd %{buildroot}%{_sbindir}; ln -s service rcdumpconf) +(cd %{buildroot}%{_sbindir}; ln -s service rcmon_fsstatd) +(cd %{buildroot}%{_sbindir}; ln -s service rcmon_procd) +(cd %{buildroot}%{_sbindir}; ln -s service rcvirtsetup) if [ ! -d %{_bindir} ]; then rm -f %{_bindir} @@ -383,24 +424,29 @@ install -D -m755 %{SOURCE24} %{buildroot}%{_bindir}/cputype install -m644 -t %{buildroot}/%{_mandir}/man8 %{SOURCE25} -# Move all the binaries installed via the IBM-provided Makefile from /sbin to -# /usr/sbin/ to align with the openSUSE "usrmerge" project -mv -vi %{buildroot}/sbin/* %{buildroot}%{_sbindir}/ +# If building for openSUSE, move all the binaries installed via +# the IBM-provided Makefile from /sbin to /usr/sbin/ to +# align with the openSUSE "usrmerge" project +%if 0%{?usrmerged} +mv -vi %{buildroot}/sbin/* %{buildroot}%{_mysbindir}/ +%endif ### Obsolete scripts and man pages to be removed once changes in other tools are made -install -m755 -t %{buildroot}/%{_sbindir}/ %{SOURCE88} %{SOURCE89} %{SOURCE90} %{SOURCE91} %{SOURCE92} %{SOURCE93} +install -m755 -t %{buildroot}%{_mysbindir}/ %{SOURCE88} %{SOURCE91} %{SOURCE92} %{SOURCE93} +install %{SOURCE89} %{buildroot}%{_mysbindir}/dasd_configure +install %{SOURCE90} %{buildroot}%{_mysbindir}/iucv_configure install -m644 -t %{buildroot}/%{_mandir}/man8 %{SOURCE94} %{SOURCE95} %{SOURCE96} %{SOURCE97} %{SOURCE98} %{SOURCE99} ### ### lsmem/chmem have been added to util-linux -rm -fv %{buildroot}/%{_mandir}/man8/lsmem.8* -rm -fv %{buildroot}/%{_mandir}/man8/chmem.8* -rm -fv %{buildroot}/%{_sbindir}/lsmem -rm -fv %{buildroot}/%{_sbindir}/chmem +rm -fv %{buildroot}%{_mandir}/man8/lsmem.8* +rm -fv %{buildroot}%{_mandir}/man8/chmem.8* +rm -fv %{buildroot}%{_mysbindir}/lsmem +rm -fv %{buildroot}%{_mysbindir}/chmem find . ! -type d | sed 's/^.//;\-/man/-s/^.*$/%doc &.gz/' > %{_builddir}/%{name}-filelist -grep -v -E 'osasnmp|*\.conf$|ekmfweb.so|ekmfweb.h|kmipclient|kmip/profiles/*\.profile|chreipl-fcp-mpath' %{_builddir}/%{name}-filelist >%{_builddir}/%{name}.list +grep -v -E 'osasnmp|etc/ziplenv|\.conf$|ekmfweb.so|ekmfweb.h|kmipclient|kmip/profiles/.*profile$|chreipl-fcp-mpath' %{_builddir}/%{name}-filelist >%{_builddir}/%{name}.list grep osasnmp[^-] %{_builddir}/%{name}-filelist >%{_builddir}/%{name}.osasnmp touch boot/zipl/active_devices.txt @@ -417,7 +463,7 @@ function cleanup . %{_sysconfdir}/sysconfig/osasnmpd trap cleanup 0 echo \$\$ >\$PIDFILE -%{_sbindir}/osasnmpd -f -P %{_localstatedir}/run/osasnmpd.real.pid \$OSASNMPD_PARAMETERS "\$@" +%{_mysbindir}/osasnmpd -f -P %{_localstatedir}/run/osasnmpd.real.pid \$OSASNMPD_PARAMETERS "\$@" EOT chmod 755 osasnmpd @@ -589,6 +635,7 @@ done %dir %attr(0770,root,zkeyadm) %{_sysconfdir}/zkey/kmip/profiles %dir %attr(0770,root,zkeyadm) %{_sysconfdir}/zkey/repository %config %{_sysconfdir}/zkey/kmip/profiles/* +%config(noreplace) %{_sysconfdir}/ziplenv %dir %{_modprobedir} %{_modprobedir}/90-s390-tools.conf %config %{_sysconfdir}/cpuplugd.conf @@ -597,6 +644,9 @@ done %dir %attr(2770,root,ts-shell) %{_localstatedir}/log/ts-shell %dir %{_sysconfdir}/cmsfs-fuse %config %attr(0640,root,root) %{_sysconfdir}/cmsfs-fuse/filetypes.conf +%dir %{_prefix}/lib/mdevctl +%dir %{_prefix}/lib/mdevctl/scripts.d +%dir %{_prefix}/lib/mdevctl/scripts.d/callouts %dir %{_prefix}/lib/s390-tools %dir %{_prefix}/lib/s390-tools/zfcpdump %dir %{_prefix}/lib/udev/rules.d @@ -605,6 +655,7 @@ done %dir %{_datadir}/s390-tools/netboot %dir %{_datadir}/s390-tools/genprotimg %dir %{_prefix}/lib/dracut/modules.d/95zdev +%dir %{_prefix}/lib/dracut/modules.d/99ngdump %dir /boot/zipl %dir %{_libdir}/zkey %{_libdir}/zkey/zkey-ekmfweb.so @@ -662,7 +713,6 @@ done %{_prefix}/lib/udev/chreipl-fcp-mpath-record-volume-identifier %{_prefix}/lib/udev/chreipl-fcp-mpath-try-change-ipl-path %{_udevrulesdir}/70-chreipl-fcp-mpath.rules -## Requires build+install with ENABLE_DOC=1 -#{_mandir}/man7/chreipl-fcp-mpath.7.gz +%{_mandir}/man7/chreipl-fcp-mpath.7%{?ext_man} %changelog diff --git a/virtsetup.sh b/virtsetup.sh.opensuse similarity index 100% rename from virtsetup.sh rename to virtsetup.sh.opensuse diff --git a/virtsetup.sh.suse b/virtsetup.sh.suse new file mode 100644 index 0000000..fe7c7b8 --- /dev/null +++ b/virtsetup.sh.suse @@ -0,0 +1,92 @@ +#!/bin/sh +# +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# +# Perform setup tasks based on what hypervisor is in charge. +# + +# Source the sysconfig file +if [ -r /etc/sysconfig/virtsetup ]; then + . /etc/sysconfig/virtsetup +else echo "No /etc/sysconfig/virtsetup file was found." + exit 1 +fi + +# +# Get our hostname +# +my_hostname="$(hostname)" + +# +# Find out the hypervisor we're running on/under. +# +hypervisor="$(/usr/bin/systemd-detect-virt)" + +case "${hypervisor}" in + zvm) + if [ ! -c /dev/vmcp ]; then + modprobe vmcp + sleep 1 + if [ ! -c /dev/vmcp ]; then + echo "Unable to load the vmcp kernel module." + exit 1 + fi + fi + echo "The vmcp device driver is ready." + if [ "${ZVM_DETACH_DISKS}" == "yes" ]; then + echo "Detaching devices to prepare for Live Guest Relocation." + /usr/lib/systemd/scripts/detach_disks.sh + fi + if [ "${ZVM_WARN_ABOUT_POSSIBLE_LGR_PROBLEMS}" == yes ]; then + /sbin/lgr_check + fi + ;; + none) + hypervisor="lpar" + if [ "${LPAR_SCLP_HOSTNAME}" == "yes" ]; then + # If the sclp_cpi module is already loaded, we have to unload it + # so we can be sure it has the correct system name specified + # when we reload it again. + if grep -qw sclp_cpi /proc/modules 2>/dev/null; then + rmmod sclp_cpi + sleep 1 + fi + if grep -qw sclp_cpi /proc/modules 2>/dev/null; then + echo "Unable to unload the sclp_cpi kernel module." + exit 1 + fi + echo "Setting the LPAR name via the sclp_cpi module." + modprobe sclp_cpi system_name="$my_hostname" + if ! grep -qw sclp_cpi /proc/modules 2>/dev/null; then + echo "We were unable to load the sclp_cpi module to set the LPAR name." + exit 2 + fi + fi + ;; + kvm) + ;; + *) + echo "An unknown hypervisor, \"${hypervisor}\" was detected." + echo "Please report this to your support provider." + exit 3 + ;; +esac + +# +# Now let's check for any scripts that other packages may have provided +# to do specific things they need. The scripts must be marked executable +# and have a suffix indicating which hypervisor for which they are to be run. +# Currently that is one of: kvm, lpar, or zvm. +# E.g., 01-test.script.zvm would only be run if the system is a z/VM guest. +# + +for script in $(ls /lib/s390-tools/virtsetup/*.${hypervisor} 2>/dev/null) + do if [ -x "${script}" ]; then + echo "Executing ${script}..." + "${script}" + echo "Done." + echo + fi + done + +exit 0 diff --git a/vmlogrdr.service b/vmlogrdr.service.opensuse similarity index 100% rename from vmlogrdr.service rename to vmlogrdr.service.opensuse diff --git a/vmlogrdr.service.suse b/vmlogrdr.service.suse new file mode 100644 index 0000000..6382b36 --- /dev/null +++ b/vmlogrdr.service.suse @@ -0,0 +1,15 @@ +[Unit] +Description=System startup script for the Linux - z/VM Log reader +After=network-online.target remote-fs.target +Wants=network-online.target remote-fs.target +ConditionPathExists=!/dev/vmlogrdr_LOGREC + +[Service] +Type=oneshot +RemainAfterExit=yes + +ExecStart=/sbin/modprobe vmlogrdr +ExecStop=/sbin/modprobe -r vmlogrdr + +[Install] +WantedBy=default.target