pool/s390-tools
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1041154 from Base:System

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/1041154
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/s390-tools?expand=0&rev=48
This commit is contained in:
Dominique Leuenberger 2022-12-07 16:35:52 +00:00 committed by Git OBS Bridge
commit b578ec1859
43 changed files with 2245 additions and 1130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
59-graf.rules → 59-graf.rules.opensuse
View File

13
59-graf.rules.suse Normal file
View File

@ -0,0 +1,13 @@
#
# Rules for unique 3270 device nodes created in /dev/3270/
# This file should be installed in /usr/lib/udev/rules.d
#
SUBSYSTEM!="ccw", GOTO="graf_end"
DRIVER!="3270", GOTO="graf_end"
# Configure 3270 device
ACTION=="add", SUBSYSTEM=="ccw", PROGRAM="/sbin/chccwdev -e $kernel"
ACTION=="remove", SUBSYSTEM=="ccw", PROGRAM="/sbin/chccwdev -d $kernel"
LABEL="graf_end"

0
README.SUSE → README.SUSE.opensuse
View File

57
README.SUSE.suse Normal file
View File

@ -0,0 +1,57 @@
ls - Addons by SUSE
The following utility and its man page have been added to make it
easier to determine the machine type on which Linux is running.
* cputype
Usage: cputype
The following utilities and their man pages have been added by SUSE to
ease the activation and deactivation of devices. These scripts are also
used by YaST. Functionality not provided by these scripts cannot be
provided by YaST.
These scripts also create/delete the needed udev rules.
Detailed information on some parameters are in the
"Device Drivers, Features and Commands" for this release.
General parameters
channel numbers are with lower letters
parameters switching things on or off are
1 for on and 0 for off
* ctc_configure
Usage: /sbin/ctc_configure <read channel> <write channel> <online> [<protocol>]
To configure CTC connections
Valid Parameters for the protocal are 0, 1 and 3
For a detailed explanation please look in the Device Driver book
* dasd_configure
Usage: dasd_configure <ccwid> <online> <use_diag>
To set DASDs online/offline
The use_diag makes only sense under z/VM. In an
LPAR just set it to 0
* iucv_configure
Usage: /sbin/iucv_configure <router> <online>
To set an IUCV IP-network online/offline
* qeth_configure
Usage: /sbin/qeth_configure [options] <read chan> <write chan> <control chan> <online>
Set qeth, hipersocket adapter online/offline.
options could be one of the following:
-i Configure IP takeover
-l Configure Layer2 support
-p NAME QETH Portname to use
-n 1/0 QETH port number to use
* zfcp_disk_configure
Usage: /sbin/zfcp_disk_configure <ccwid> <wwpn> <lun> <online>
set a disk online/offline. This require that the repective
Adapter is online. See command below.
* zfcp_host_configure
Usage: /sbin/zfcp_host_configure <ccwid> <online>
Set a zfcp Adapter online/offline

0
dasd_configure → dasd_configure.opensuse
View File

173
dasd_configure.suse Normal file
View File

@ -0,0 +1,173 @@
#! /bin/sh
#
# dasd_configure
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# Configures a DASD device by calling the IBM-provided chzdev command.
# Whereas this script used to validate the parameters provided to it,
# we now rely on chzdev to do that instead. The script is intended only
# as a "translation layer" to provide backward compatability for older
# scripts and tools that invoke it.
#
# Usage:
# dasd_configure [-f -t <dasd_type> ] <ccwid> <online> [use_diag]
#
# -f Override safety checks
# -t DASD type. Must be provided if -f is used. Only dasd-eckd and
# dasd-fba are supported - Deprecated
# ccwid = x.y.ssss where
# x is always 0 until IBM creates something that uses that number
# y is the logical channel subsystem (lcss) number. Most often
# this is 0, but it could be non-zero
# ssss is the four digit subchannel address of the device, in
# hexidecimal, with leading zeros.
# online = 0 to take the device offline
# 1 to bring the device online
# use_diag = 0 to _not_ use z/VM DIAG250 I/O, which is the default
# 1 to use z/VM DIAG250 I/O
#
# Return values:
# Return codes are determined by the chzdev command, with one exception: If a
# DASD volume is not formatted, we will issue a return code of 8.
#
mesg () {
echo "$@"
}
debug_mesg () {
case "${DEBUG}" in
yes) mesg "$@" ;;
*) ;;
esac
}
add_cio_channel() {
echo "$* # ${DATE}" >> /boot/zipl/active_devices.txt
}
remove_cio_channel() {
[ -w /boot/zipl/active_devices.txt ] && sed -i -e "/^${1}/d" /boot/zipl/active_devices.txt
}
usage(){
echo "Usage: ${0} [-f -t <dasd_type> ] <ccwid> <online> [use_diag]"
echo
echo " -f Override safety checks"
echo " -t DASD type. Must be provided if -f is used. Only dasd-eckd and"
echo " dasd-fba are supported - Deprecated"
echo " ccwid = x.y.ssss where"
echo " x is always 0 until IBM creates something that uses that number"
echo " y is the logical channel subsystem (lcss) number. Most often"
echo " this is 0, but it could be non-zero"
echo " ssss is the four digit subchannel address of the device, in"
echo " hexidecimal, with leading zeros."
echo " online = 0 to take the device offline"
echo " 1 to bring the device online"
echo " use_diag = 0 to _not_ use z/VM DIAG250 I/O, which is the default"
echo " 1 to use z/VM DIAG250 I/O"
}
if [ "${DEBUG}" != "yes" ]; then
DEBUG="no"
fi
DATE=$(date)
DASD_FORCE=0
############################################################
# Parse the parameters from the command line
#
ARGS=$(getopt --options ft: -n "dasd_configure" -- "$@")
if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi
eval set -- "${ARGS}"
debug_mesg "All the parms passed were ${ARGS}"
while true; do
case "${1}" in
-f) debug_mesg "This used to mean udev rules will always be generated."
debug_mesg "For chzdev, it means safety checks will be overridden."
debug_mesg "Kinda sorta the same thing, really."
PARM_LIST="${PARM_LIST} -f"
DASD_FORCE=1
shift 1
;;
-t) debug_mesg "This used to set the card type to ${2}"
debug_mesg "Now it gets ignored."
shift 2
;;
--) debug_mesg "Found the end of parms indicator: --"
shift 1
break
;;
*) debug_mesg "At the catch-all select entry"
debug_mesg "What was selected was ${1}"
shift 1
;;
esac
done
CCW_CHAN_ID=${1}
ON_OFF=${2}
USE_DIAG=${3}
if [ -z "${CCW_CHAN_ID}" ] || [ -z "${ON_OFF}" ]; then
mesg "You didn't specify all the needed parameters."
usage
exit 1
fi
if [ -n "${USE_DIAG}" ]; then
PARM_LIST="${PARM_LIST} use_diag=${USE_DIAG}"
else PARM_LIST="${PARM_LIST} use_diag=0"
fi
if [ "${ON_OFF}" == 0 ]; then
debug_mesg "chzdev -d dasd --no-root-update ${CCW_CHAN_ID}"
chzdev -d dasd --no-root-update ${CCW_CHAN_ID}
elif [ "${ON_OFF}" == 1 ]; then
debug_mesg "chzdev -e dasd --no-root-update ${CCW_CHAN_ID} ${PARM_LIST}"
chzdev -e dasd --no-root-update ${CCW_CHAN_ID} ${PARM_LIST}
else mesg "You must specify a 0 or a 1 for the online/offline attribute."
usage
exit 1
fi
RC=${?}
if [ ${RC} -ne 0 ]; then
exit ${RC}
elif [ ${ON_OFF} == 1 ]; then
exitcode=0
# Extract the full busid so that we can reference the proper entries in /sys
BUSID=$(/sbin/lszdev dasd ${CCW_CHAN_ID} | /usr/bin/sed -e 1d | /usr/bin/tr -s " " | /usr/bin/cut -f2 -d" " )
# Make sure the DASD volume came online
for ((counter=0; counter<30; counter++)); do
sleep 0.1
read online < /sys/bus/ccw/devices/${BUSID}/online
if [ ${online} -eq 1 ] ; then
break
fi
done
if [ ${online} -ne 1 ]; then
debug_mesg "DASD ${CCW_CHAN_ID} did not come online."
exit 17
fi
# Check to see if the DASD volume is unformatted. If so, let YaST know.
read status < /sys/bus/ccw/devices/${BUSID}/status
if [ "${status}" == "unformatted" ]; then
mesg "DASD ${CCW_CHAN_ID} is unformatted."
exitcode=8
fi
fi
if [ ${ON_OFF} == 1 ]; then
add_cio_channel "${CCW_CHAN_ID}"
else remove_cio_channel "${CCW_CHAN_ID}"
fi
exit ${exitcode}

0
dasd_reload → dasd_reload.opensuse
View File

156
dasd_reload.suse Normal file
View File

@ -0,0 +1,156 @@
#!/bin/sh
#
# dasd_reload
# $Id: dasd_reload,v 1.2 2004/05/26 15:17:09 hare Exp $
#
# Deconfigures all active DASDs, unloads the modules
# and activates the configured DASDs again.
# Needed to establish an identical device mapping
# in the installation system and in the running system.
# All DASD access need to be cancelled prior to running
# this script.
#
# Usage:
# dasd_reload
#
# Return values:
# 1 Cannot read /proc/modules
# 2 Missing module programs
# 3 /sys not mounted
# 4 Failure on deactivate DASDs
#
if [ ! -r /proc/modules ]; then
echo "Cannot read /proc/modules"
exit 1
fi
if [ ! -x /sbin/rmmod -o ! -x /sbin/modprobe ]; then
echo "Missing module programs"
exit 2
fi
if [ ! -d /sys/bus ]; then
echo "sysfs not mounted"
exit 3
fi
let anymd=0
if [ -f /proc/mdstat ]; then
for mddevice in $(grep active /proc/mdstat | cut -f1 -d:); do
mdadm -S /dev/${mddevice}
let anymd=1
done
udevadm settle
fi
#
# Setting HyperPAV alias devices offline
#
dasd_alias=
let EXITRC=0
for dev in /sys/bus/ccw/devices/*; do
if [ -f ${dev}/use_diag ]; then
read _online < ${dev}/online
read _alias < ${dev}/alias
if [ "$_online" -eq 1 -a "$_alias" -eq 1 ]; then
echo "setting DASD HyperPAV alias $(basename ${dev}) offline"
echo "0" > ${dev}/online
read _online < ${dev}/online
dasd_alias="${dasd_alias} $(basename ${dev})"
if [ "$_online" -eq 1 ]; then
echo "failure on setting DASD HyperPAV alias $(basename ${dev}) offline !"
let EXITRC=4
fi
fi
fi
done
#
# Setting "normal" DASD and HyperPAV base devices offline
#
dasd_base=
for dev in /sys/bus/ccw/devices/*; do
if [ -f ${dev}/use_diag ]; then
read _online < ${dev}/online
read _alias < ${dev}/alias
if [ "$_online" -eq 1 -a "$_alias" -eq 0 ]; then
echo "setting DASD $(basename ${dev}) offline"
echo "0" > ${dev}/online
read _online < ${dev}/online
dasd_base="${dasd_base} $(basename ${dev})"
if [ "$_online" -eq 1 ]; then
echo "failure on setting DASD $(basename ${dev}) offline !"
let EXITRC=4
fi
fi
fi
done
udevadm settle
module_list=
module_test_list="dasd_diag_mod dasd_eckd_mod dasd_fba_mod dasd_mod"
for module in ${module_test_list}; do
if grep -q "${module}" /proc/modules; then
module_list="${module} ${module_list}"
: Unloading ${module}
/sbin/rmmod ${module}
fi
done
udevadm settle
sleep 2
if [ -d /etc/udev/rules.d ]; then
cd /etc/udev/rules.d
#
# Re-activating "normal" DASD and HyperPAV base devices
#
# We need to move all the DASD udev rules out from /etc/udev/rules.d
# because if we don't, then when the first DASD volume gets brought
# back online, they are all brought back online, in a non-deterministic
# order, not the numeric order we expect.
#
mv -i 41-dasd-*.rules 51-dasd-*.rules /tmp
cd /tmp
for dasd in ${dasd_base}; do
for file in 41-dasd-*-${dasd}.rules 51-dasd-${dasd}.rules; do
[ -f "${file}" ] || continue
#
# Special handling is needed for old udev rules that start with 51-
# since the chzdev command won't look for that name
#
prefix="$(echo ${file} | cut -f1 -d-)"
if [ "${prefix}" == "51" ]; then
if [ -h /sys/bus/ccw/drivers/dasd-eckd/${dasd} ]; then
mv -i ${file} 41-dasd-eckd-${dasd}.rules
elif [ -h /sys/bus/ccw/drivers/dasd-fba/${dasd} ]; then
mv -i ${file} 41-dasd-fba-${dasd}.rules
else echo "DASD volume ${dasd} is neither an ECKD or FBA device."
let EXITRC=4
fi
fi
echo Activating ${dasd}
mv -i "${file}" /etc/udev/rules.d/
/sbin/chzdev dasd --apply --configured -q --no-root-update ${dasd}
lsdasd
break
done
done
#
# Re-activating HyperPAV alias devices
#
for dasd in ${dasd_alias}; do
for file in 41-dasd-*-${dasd}.rules 51-dasd-${dasd}.rules; do
[ -f "${file}" ] || continue
echo Activating ${dasd}
mv -i "${file}" /etc/udev/rules.d/
/sbin/chzdev dasd --apply --configured -q --no-root-update ${dasd}
break
done
done
fi
exit ${EXITRC}

0
detach_disks.sh → detach_disks.sh.opensuse
View File

157
detach_disks.sh.suse Normal file
View File

@ -0,0 +1,157 @@
#!/bin/sh
DASDFILE=/tmp/dasd.list.$(mcookie)
DETFILE=/tmp/detach.disks.$(mcookie)
KEEPFILE=/tmp/keep.disks.$(mcookie)
NICFILE=/tmp/nic.list.$(mcookie)
FAILFILE=/tmp/error.$(mcookie)
function expand_RANGE(){
local RANGE=${1}
local RANGE_SAVE=${RANGE}
local DEVNO
local BEGIN=0
local END=0
RANGE=$(IFS=":-"; echo ${RANGE} | cut -f1-2 -d" " )
set -- ${RANGE}
let BEGIN=0x$1 2>/dev/null
let END=0x$2 2>/dev/null
if [ ${BEGIN} -eq 0 ] || [ ${END} -eq 0 ]; then
${msg} "An invalid device number range was specified: ${RANGE_SAVE}" >&2
touch ${FAILFILE}
return
fi
for DEVNO in $(eval echo {${BEGIN}..${END}})
do printf "%d\n" ${DEVNO}
done
}
function usage(){
echo "Usage: ${0} [ -F ] [ -q ] [ -h ]"
echo " -F Exit with failure if any invalid parms are detected."
echo " -q Don't generate any output."
echo " -h Display this help message."
}
msg="echo"
let FORCE_FAIL=0
############################################################
# Parse the parameters from the command line
#
ARGS=$(getopt -a --options Fhq -n "detach_devices" -- "$@")
if [ $? -ne 0 ]; then
usage
exit 3
fi
eval set -- "${ARGS}"
for ARG; do
case "${ARG}" in
-F) let FORCE_FAIL=1
shift 1
;;
-h) usage;
exit 0
;;
-q) msg="/bin/true"
shift 1
;;
--) shift 1
;;
*) ${msg} "Extraneous input detected: ${1}"
shift 1
;;
esac
done
if [ -r /etc/sysconfig/virtsetup ]; then
. /etc/sysconfig/virtsetup
else ${msg} "No /etc/sysconfig/virtsetup file was found."
exit 1
fi
# First, get a list of all the DASD devices we have for this guest, in decimal.
# (Trying to handle things in hex gets complicated.)
/sbin/vmcp -b1048576 q v dasd | cut -f2 -d" " |\
while read HEXNO
do let DECNO=0x${HEXNO}
echo ${DECNO}
done > ${DASDFILE} 2>/dev/null
# If the system administrator specified certain devices to be detached
# let's put those device numbers in a file, one per line.
touch ${DETFILE}
for ADDR in $(IFS=", " ; echo ${ZVM_DISKS_TO_DETACH})
do if $(echo ${ADDR} | grep -iqE ":|-" 2>/dev/null)
then expand_RANGE ${ADDR} >> ${DETFILE}
else let DEVNO=0
let DEVNO=0x${ADDR} 2>/dev/null
if [ ${DEVNO} -eq 0 ]; then
${msg} "An invalid device number was specified: ${ADDR}" >&2
touch ${FAILFILE}
else printf "%d\n" ${DEVNO}
fi
fi
done > ${DETFILE}
# If the system administrator specified certain devices that should _not_
# be detached, let's put those in another file, one per line.
touch ${KEEPFILE}
for ADDR in $(IFS=", " ; echo ${ZVM_DISKS_TO_NOT_DETACH})
do if $(echo ${ADDR} | grep -iqE ":|-" 2>/dev/null)
then expand_RANGE ${ADDR} >> ${KEEPFILE}
else let DEVNO=0
let DEVNO=0x${ADDR} 2>/dev/null
if [ ${DEVNO} -eq 0 ]; then
${msg} "An invalid device number was specified: ${ADDR}" >&2
touch ${FAILFILE}
else printf "%d\n" ${DEVNO}
fi
fi
done > ${KEEPFILE}
if [ ${FORCE_FAIL} -eq 1 ] && [ -e ${FAILFILE} ]; then
let RETURN_CODE=1
${msg} "Terminating detach_disk because of input errors."
else
# If the system administrator specified that all "unused" disks should be
# detached, compare the disks lsdasd show as activated to the complete
# list of disks we have currently, and add the inactive ones to the
# file containing devices to be detached
if [ "${ZVM_DETACH_ALL_UNUSED}" == "yes" ]; then
lsdasd -s | sed -e 1,2d | cut -f1 -d" " | \
while read ADDR
do let DEVNO=0x${ADDR}
sed -i -e "/^${DEVNO}$/d" ${DASDFILE}
done
cat ${DASDFILE} >> ${DETFILE}
fi
# Now remove any "to be kept" disks from the detach file
while read DEVNO
do sed -i -e "/^${DEVNO}/d" ${DETFILE}
done < ${KEEPFILE}
# Get a list of all the virtual NICs since they require an
# extra keyword to detach. Contrary to what we've done before
# these will be hex values
/sbin/vmcp -b1048576 q nic | grep Adapter | cut -f2 -d" " | cut -f1 -d. > ${NICFILE}
# Now we sort the device numbers and detach them.
sort -un ${DETFILE} | \
while read DEVNO
do HEXNO=$(printf %04X ${DEVNO})
if grep -q ^${HEXNO}$ ${NICFILE} 2>/dev/null ; then
vmcp detach nic ${HEXNO} 2>/dev/null
else vmcp detach ${HEXNO} 2>/dev/null
fi
done
let RETURN_CODE=0
fi
rm -f ${DASDFILE} ${DETFILE} ${KEEPFILE} ${NICFILE} ${FAILFILE}
exit ${RETURN_CODE}

0
iucv_configure → iucv_configure.opensuse
View File

133
iucv_configure.suse Normal file
View File

@ -0,0 +1,133 @@
#! /bin/sh
#
# iucv_configure
#
# Configures a z/VM IUCV network adapter
#
# Usage:
# iucv_configure <peer_userid> <online>
#
# peer_userid = z/VM userid of the IUCV peer
# online = 0 to take the device offline
# 1 to bring the device online
#
# Return values:
# 1 sysfs not mounted
# 2 Invalid status for <online>
# 3 Could not create iucv device
# 4 Could not remove iucv device
#
if [ "${DEBUG}" != "yes" ]; then
DEBUG="no"
fi
mesg () {
echo "$@"
}
debug_mesg () {
case "$DEBUG" in
yes) mesg "$@" ;;
*) ;;
esac
}
if [ $# -ne 2 ] ; then
echo "Usage: $0 <peer_userid> <online>"
echo " peer_userid = z/VM userid of the IUCV peer"
echo " online = 0 to take the device offline"
echo " 1 to bring the device online"
exit 1
fi
# Get the mount point for sysfs
while read MNTPT MNTDIR MNTSYS MNTTYPE; do
if test "$MNTSYS" = "sysfs"; then
SYSFS="$MNTDIR"
break;
fi
done </proc/mounts
if [ -z "$SYSFS" ]; then
mesg "/sysfs not present"
exit 1
fi
PEER_USERID_LOWER=$1
PEER_USERID=$(echo $1 | tr "a-z" "A-Z")
ONLINE=$2
if [ -z "$PEER_USERID" ] ; then
mesg "No IUCV user name given"
exit 2
fi
if [ -z "$ONLINE" ] ; then
ONLINE=1
fi
_iucv_dir=${SYSFS}/bus/iucv/devices
_iucv_drv=${SYSFS}/bus/iucv/drivers/netiucv
if [ ! -d "$_iucv_drv" ] ; then
modprobe -q netiucv
fi
debug_mesg "Configuring IUCV device ${PEER_USERID}"
for _iucv_dev in $_iucv_dir/netiucv?* ; do
[ -d $_iucv_dev ] || continue
read user < $_iucv_dev/user
if [ "$user" = "$PEER_USERID" ] ; then
# Already configured, ok
iucvdev=${_iucv_dev##*/}
break;
fi
done
if [ -z "$iucvdev" -a $ONLINE -eq 1 ] ; then
echo $PEER_USERID > $_iucv_drv/connection
if [ $? -ne 0 ] ; then
mesg "Unable to connect to $PEER_USERID"
exit 3
fi
for _iucv_dev in $_iucv_dir/netiucv?* ; do
[ -d $_iucv_dev ] || continue
read user < $_iucv_dev/user
if [ "$user" = "$PEER_USERID" ] ; then
iucvdev=${_iucv_dev##*/}
break;
fi
done
if [ "$iucvdev" ] ; then
debug_mesg "Configured device $iucvdev"
fi
elif [ "$iucvdev" -a $ONLINE -eq 0 ] ; then
for _net_dev in $_iucv_dir/$iucvdev/net/* ; do
[ -d $_net_dev ] || continue
netdev=${_net_dev##*/}
break;
done
if [ "$netdev" ] ; then
echo $netdev > $_iucv_drv/remove
if [ $? -ne 0 ] ; then
mesg "Unable to remove device $netdev"
exit 4
else
debug_mesg "Removed device $iucvdev"
rm -f /etc/udev/rules.d/51-iucv-$PEER_USERID.rules /etc/udev/rules.d/51-iucv-$PEER_USERID_LOWER.rules
iucvdev=
fi
fi
fi
if [ "$iucvdev" ] ; then
cat > /etc/udev/rules.d/51-iucv-$PEER_USERID.rules <<EOF
ACTION=="add", SUBSYSTEM=="subsystem", KERNEL=="iucv", RUN+="/sbin/modprobe netiucv"
ACTION=="add", SUBSYSTEM=="drivers", KERNEL=="netiucv", ATTR{connection}="$PEER_USERID"
EOF
fi
exit

0
killcdl → killcdl.opensuse
View File

217
killcdl.suse Normal file
View File

@ -0,0 +1,217 @@
#!/bin/sh
#
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
# Released under the GNU General Public License version 2.
#
let FORCE=0
DEVPARM=""
usage(){
echo "Usage: ${0} [ -f ] devno|busid"
echo " -f Force unformatting for DASD volumes in the CMS device range of 19x."
echo " devno The \"plain\" device number of the volume, e.g. 3184."
echo " busid The full specification of the volume, e.g., 0.0.3184."
}
ARCH="$(/bin/uname -m)"
if [ "${ARCH}" != "s390x" ] && [ "${ARCH}" != "s390" ]; then
echo "This script is only useful on IBM mainframes."
exit 1
fi
############################################################
# Parse the parameters from the command line
#
ARGS=$(getopt -a --options f -n "killcdl" -- "$@")
if [ $? -ne 0 ]; then
usage
exit 3
fi
eval set -- "${ARGS}"
for ARG; do
case "${ARG}" in
-f) FORCE=1
shift 1
;;
--) shift 1
;;
[0-9a-fA-F]*) if [ ! -z "${DEVPARM}" ]; then
echo "More than one parameter specified."
usage
exit 4
fi
DEVPARM=${1}
shift 1
;;
*) echo "That looks invalid"
usage
exit 5
;;
esac
done
if [ -z "${DEVPARM}" ]; then
echo "You must specify the device number of the DASD volume to be unformatted."
usage
exit 6
fi
DEVNO=$(echo "${DEVPARM}" | tr A-Z a-z)
# Validate the device number or busid provided
set -- $(IFS='.'; echo ${DEVNO})
let NUMPARMS=${#}
if [ ${NUMPARMS} -ne 1 ] && [ ${NUMPARMS} -ne 3 ]; then
echo "You have not specified the device number in a recognizable format."
echo "It must either be the plain device number, e.g., 0123, or in"
echo "so-called busid format, e.g., 0.0.0123"
exit 7
fi
# Just a device number, SIMPLE=1. A busid, SIMPLE=0
SIMPLE=0
if [ ${NUMPARMS} -eq 1 ]; then
let SIMPLE=1
let FIRST=0
let FIRSTLEN=1
let SECOND=0
let SECONDLEN=1
DEVNO="${1}"
let DEVNOLEN=${#1}
else FIRST="${1}"
let FIRSTLEN=${#FIRST}
SECOND="${2}"
let SECONDLEN=${#SECOND}
DEVNO="${3}"
let DEVNOLEN=${#3}
fi
if [ ${FIRSTLEN} -ne 1 ] || [ ${SECONDLEN} -ne 1 ]; then
echo "The first and second fields of the busid may only be one digit long."
exit 8
fi
if [ ${DEVNOLEN} -gt 4 ]; then
echo "The device number may only be 4 digits long."
exit 9
fi
if [ ${DEVNOLEN} -lt 4 ]; then
DEVNO=$(echo "0000${DEVNO}" | rev | cut -c1-4 | rev)
fi
BUSID="${FIRST}.${SECOND}.${DEVNO}"
if [ ! -h /sys/bus/ccw/devices/${BUSID} ]; then
echo "Busid ${BUSID} was not found."
/sbin/cio_ignore -i ${BUSID} > /dev/null
if [ $? -eq 0 ]; then
echo "That device is in the cio_ignore list."
echo "Please remove it with \"cio_ignore -r ${BUSID}\" before trying again."
fi
exit 10
fi
case ${DEVNO:0:3} in
019) if grep -q "version = FF" /proc/cpuinfo 2>/dev/null; then
echo "That looks like a CMS disk."
if [ ${FORCE} -eq 0 ]; then
echo "Specify the -f option to force the operation."
exit 11
fi
echo "But you specified -f so we'll kill it anyway."
fi
;;
esac
read ORIG_ONLINE_STATUS < /sys/bus/ccw/devices/${BUSID}/online
DISCIPLINE="none"
if [ -r /sys/bus/ccw/devices/${BUSID}/discipline ]; then
# We have to bring the device online before the kernel will fill in
# the value for discipline.
if [ ${ORIG_ONLINE_STATUS} -eq 0 ]; then
/sbin/chccwdev -e ${BUSID}
/sbin/udevadm settle
fi
read STATUS < /sys/bus/ccw/devices/${BUSID}/status
if [ "${STATUS}" == "unformatted" ]; then
echo "DASD device ${BUSID} is already in an unformatted state."
if [ ${ORIG_ONLINE_STATUS} -eq 0 ]; then
/sbin/chccwdev -d -s ${BUSID}
/sbin/udevadm settle
fi
exit 0
fi
read DISCIPLINE < /sys/bus/ccw/devices/${BUSID}/discipline
else read CU_TYPE < /sys/bus/ccw/devices/${BUSID}/cutype
read DEV_TYPE < /sys/bus/ccw/devices/${BUSID}/devtype
case "${CU_TYPE}" in
3990/*|2105/*|2107/*|1750/*|9343/*)
DISCIPLINE=ECKD
;;
3880/*)
case "${DEV_TYPE}" in
3390/*)
DISCIPLINE=ECKD
;;
esac
;;
esac
fi
if [ "${DISCIPLINE}" != "ECKD" ]; then
echo "This script only works on ECKD DASD."
if [ ${ORIG_ONLINE_STATUS} -eq 0 ]; then
/sbin/chccwdev -d -s ${BUSID}
fi
exit 12
fi
read STATUS < /sys/bus/ccw/devices/${BUSID}/online
if [ ${STATUS} -eq 1 ]; then
if [ ! -h /dev/disk/by-path/ccw-${BUSID} ]; then
echo "The udev-generated symbolic link in /dev/disk/by-path was not found."
exit 13
fi
/sbin/chccwdev -d -s ${BUSID}
/sbin/udevadm settle
read STATUS < /sys/bus/ccw/devices/${BUSID}/online
if [ ${STATUS} -ne 0 ]; then
echo "Device number ${DEVNO} didn't go offline. Unable to continue."
exit 14
fi
fi
/sbin/chccwdev -a raw_track_access=1 -e ${BUSID}
/sbin/udevadm settle
read STATUS < /sys/bus/ccw/devices/${BUSID}/online
if [ ${STATUS} -ne 1 ]; then
echo "Unable to bring ${DEVNO} online. Unable to continue."
exit 15
fi
# After this point, we will kill the formatting on the device
perl -e 'for ($h=0;$h<2;$h++){printf "\0\0\0%c\0\0\0\x8%s",$h,(("\0"x8).("\xff"x8).("\0"x65512))}' | dd bs=65536 count=2 oflag=direct of=/dev/disk/by-path/ccw-${BUSID} >/dev/null 2>&1
if [ "$?" -ne 0 ]; then
echo "The writing of the null record 0 failed."
exit 16
fi
echo "Setting ${BUSID} back offline with raw track access disabled."
/sbin/chccwdev -d -s -a raw_track_access=0 ${BUSID}
/sbin/udevadm settle
if [ ${ORIG_ONLINE_STATUS} -eq 1 ]; then
/sbin/chccwdev -e ${BUSID}
/sbin/udevadm settle
fi

0
mkdump.pl → mkdump.pl.opensuse
View File

577
mkdump.pl.suse Normal file
View File

@ -0,0 +1,577 @@
#!/usr/bin/perl
########################################################################
#
# mkdump.pl - Preparing disks for use as S/390 dump device
#
# Copyright (c) 2011 Tim Hardeck, SUSE LINUX Products GmbH
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# Based on mkdump.sh (c) 2004 Hannes Reinecke, SuSE AG
#
# License:
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301 USA
#
########################################################################
use strict;
use warnings;
use Fcntl;
use Getopt::Long;
my $VERSION = "2.0.3";
my $BLKID = "/sbin/blkid";
my $PARTED = "/usr/sbin/parted";
my $FDASD = "/sbin/fdasd";
my $DASDVIEW = "/sbin/dasdview";
my $DASDFMT = "/sbin/dasdfmt";
my $ZIPL = "/sbin/zipl";
my $UDEVADM = "/sbin/udevadm";
my $ZGETDUMP = "/sbin/zgetdump";
# temporary DASD device configuration file for Zipl
my $MDPATH = "/tmp/mvdump.conf.".`mcookie`;
# zFCP dump dir, without a leading '/'
my $ZFCP_DUMP_DIR = "mydumps";
my $OPT_DEBUG = 0;
my $OPT_FORCE = 0;
my $OPT_VERBOSE = 0;
sub cleanup
{
# DASD
if (-e $MDPATH) {
system("rm -f $MDPATH");
}
}
sub exit_with
{
my $message = shift();
my $exitcode = shift();
print STDERR "$message Exiting...\n";
cleanup();
# fdasd isn't able to create volume label interactively
# could be fixed with a reformat
if ($exitcode == 65280) {
$exitcode = 12;
}
# bigger exit codes are not supported
if ($exitcode > 255) {
$exitcode = 255;
}
exit($exitcode);
}
sub run_cmd
{
my $cmd = shift();
my $output = "";
if (! $OPT_DEBUG) {
my ($app) = $cmd =~ /\/(\w+) /;
# run command
$output = `$cmd`;
my $exit_code = $?;
# wait for udev to finish processing
system("$UDEVADM settle");
# only print output in case of an error or in verbose mode
if ($output and ($exit_code != 0 or $OPT_VERBOSE)) {
print("$output\n");
}
if ($exit_code != 0) {
exit_with("$app failed with exit code $exit_code", $exit_code);
}
} else {
# only print the command in debug mode
print("\`$cmd\`\n");
}
return($output);
}
sub check_paths
{
for my $path ($BLKID, $PARTED, $FDASD, $DASDVIEW, $DASDFMT, $ZIPL, $UDEVADM, $ZGETDUMP) {
unless ( -x $path) {
exit_with("Command $path is not available.", 13);
}
}
}
sub read_file
{
my $path = shift();
open(my $file, "<", "$path") or exit_with("Unable to access $path: $!.", 15);
my @content = <$file>;
close($file);
# no need for arrays in case of single lines
if (@content > 1) {
return @content;
} else {
chomp($content[0]);
return($content[0]);
}
}
sub is_dasd
{
# remove leading /dev/
my $device = substr(shift(), 5);
if (-r "/sys/block/$device/device/discipline") {
return(1);
} else {
return(0);
}
}
sub is_zfcp
{
# remove leading /dev/
my $device = substr(shift(), 5);
my $devpath = "/sys/block/$device/device";
unless (-r "$devpath/hba_id" or -r "$devpath/type") {
return(0);
}
my $devtype = read_file("$devpath/type");
# SCSI type '0' means disk
if ($devtype == 0) {
return(1);
} else {
return(0);
}
}
sub get_partition_num
{
# remove leading /dev/
my $device = substr(shift, 5);
my $part_num = grep(/\s+$device\d+/, read_file("/proc/partitions"));
return($part_num);
}
sub print_device
{
my $device = shift();
my $only_dump_disks = shift();
my $devpath = "/sys/block/" . substr($device, 5);
my $output = $device;
my $dump_device = 0;
my $size = int(read_file("$devpath/size") / 2048); # 512 Byte blocks
# size can't be read this way in case of unformatted devices
if ($size != 0) {
$output .= "\t${size}MB";
} else {
$output .= "\tunknown";
}
if (is_dasd($device)) {
my ($busid) = readlink("$devpath/device") =~ /(\w\.\w\.\w{4})/;
$output .= "\t$busid";
# check for dump record and list multi volumes
my $zgetdump_output = `$ZGETDUMP -d $device 2>&1`;
my @dump_devs = $zgetdump_output =~ /(\w\.\w\.\w{4})/g;
if (@dump_devs) {
$dump_device = 1;
$output .= "\tdumpdevice";
# no need to output the dump ids for a single device
if (@dump_devs > 1) {
for my $id (@dump_devs) {
$output .= "|$id";
}
}
} else {
# check for single volume dump devices
if ($zgetdump_output =~ /Single-volume DASD dump tool/) {
$dump_device = 1;
$output .= "\tdumpdevice";
}
}
} else {
my $adapter = read_file("$devpath/device/hba_id");
my $wwpn = read_file("$devpath/device/wwpn");
my $lun = read_file("$devpath/device/fcp_lun");
$output .= "\t$adapter\t$wwpn\t$lun";
# check for dump record
my $zgetdump = `$ZGETDUMP -d $device 2>&1`;
if ($? == 0) {
my ($dsize) = ($zgetdump =~ /Maximum dump size\.:\s+([0-9]+) MB/m);
$dsize = $size unless (defined($dsize));
$output = "$device\t${dsize}MB\t$adapter\t$wwpn\t$lun\tdumpdevice";
$dump_device = 1;
}
}
if ($only_dump_disks) {
if ($dump_device) {
print("$output\n");
}
} else {
print("$output\n");
}
}
sub list_free_disks
{
my $devices_ref = shift();
my $type = shift();
if (@$devices_ref) {
for my $device (@$devices_ref) {
print_device($device);
}
} else {
print STDERR "No free $type devices available!\n";
}
}
sub list_dump_disks
{
my @devices = @_;
if (@devices) {
for my $device (@devices) {
print_device($device, 1);
}
} else {
print STDERR "No dump devices available!\n";
}
}
sub determine_free_disks
{
my @dasd;
my @zfcp;
my @devices;
# gather block devices
my $path="/sys/block/";
opendir(DIR, $path) or exit_with("Unable to find $path: $!", 15);
while (defined(my $file = readdir(DIR))) {
# no need to add other devices then dasd* or sd*
if ($file =~ /^dasd[a-z]+$/ or $file =~ /^sd[a-z]+$/) {
push(@devices, $file);
}
}
closedir(DIR);
for my $entry (@devices) {
# only allow disks, no partitions
my ($device) = $entry =~ /^([a-z]+)$/;
next unless ($device);
$device = "/dev/$device";
# determine if the block device could be accessed exclusively
if(-b $device and sysopen(my $blockdev, $device, O_RDWR|O_EXCL)) {
close($blockdev);
if (is_dasd($device)) {
push(@dasd, $device);
}
if (is_zfcp($device)) {
push(@zfcp, $device);
}
}
# wait for udev to process all events triggered by sysopen(,O_EXCL)
system("$UDEVADM settle");
}
return(\@dasd, \@zfcp);
}
sub prepare_dasd
{
my @devices = @_;
my $format_disks = "";
# check formatting
for my $device (@devices) {
# determine disk layout
my ($fmtstr) = `$DASDVIEW -x $device` =~ /(\w\w\w) formatted/;
SWITCH:
for($fmtstr) {
if (/NOT/) {
print("Unformatted disk, formatting $device.\n");
$format_disks .= " $device";
last SWITCH;
}
if (/LDL/) {
if ($OPT_FORCE) {
print("Linux disk layout, reformatting $device.\n");
$format_disks .= " $device";
} else {
print("$device was formatted with the Linux disk layout.\n");
print("Unable to use it without reformatting.\n");
exit_with("Re-issue the mkdump command with the --force option.", 12);
}
last SWITCH;
}
if (/CDL/) {
# allow reformatting with force, since fdasd isn't able to create volume label interactively
if ($OPT_FORCE) {
print("Compatible disk layout, force reformatting $device.\n");
$format_disks .= " $device";
} else {
print("$device: Compatible disk layout, Ok to use.\n");
}
last SWITCH;
}
exit_with("Unknown layout ($fmtstr), cannot use disk.", 11);
}
}
# format devices
if ($format_disks) {
#up to eight devices in parallel
run_cmd("$DASDFMT -P 8 -b 4096 -y -f $format_disks");
}
# check partitioning and partition
for my $device (@devices) {
my $part_num = get_partition_num($device);
if ($part_num == 0 or $OPT_FORCE) {
print("Re-partitioning disk $device.\n");
run_cmd("$FDASD -a $device");
} else {
# allow disk with one partition if it don't consist a file system
if ($part_num == 1) {
my ($fstype) = `$BLKID ${device}1` =~ /TYPE=\"(\w+)\"/;
if ($fstype) {
exit_with("Device ${device}1 already contains a filesystem of type $fstype.", 12);
}
} else {
exit_with("$part_num partitions detected, cannot use disk $device.", 12);
}
}
}
}
sub setup_dasddump
{
my @devices = @_;
prepare_dasd(@devices);
# create zipl device configuration file
# don't create files in debug mode
unless ($OPT_DEBUG) {
open(my $file, ">", $MDPATH) or exit_with("Unable to access $MDPATH: $!.", 15);
for my $device (@devices) {
print{$file}("${device}1\n");
}
close($file);
}
print("Creating dump record.\n");
run_cmd("${ZIPL} -V -n -M $MDPATH");
cleanup();
}
sub setup_zfcpdump
{
my $device = shift();
# check partitioning
my $part_num = get_partition_num($device);
if ($part_num == 0 or $OPT_FORCE) {
print("Re-partitioning disk $device.\n");
run_cmd("$PARTED -s -- $device mklabel gpt mkpart primary 0 -1");
} else {
if ($part_num > 1) {
exit_with("$part_num partitions detected, cannot use disk $device.", 12);
}
}
# install bootloader
print("Creating dump record.\n");
run_cmd("${ZIPL} -V -d ${device}1");
cleanup();
}
sub print_version
{
print << "EOF";
mkdump $VERSION
Copyright (c) 2011 SUSE LINUX Products GmbH
License GPLv2 or (at your option) any later version.
<http://www.gnu.org/licenses/gpl-2.0.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Written by Tim Hardeck <thardeck\@suse.de>.
EOF
exit(0);
}
sub print_usage
{
my $exitcode = shift();
print << "EOF";
Usage: mkdump [OPTIONS] [DEVICE]...
mkdump $VERSION
Prepare one or more volumes for use as S/390 dump device. Supported devices
are ECKD DASD and SCSI over zFCP disks, while multi-volumes are limited to DASD.
Only whole disks can be used, no partitions! If the device is incompatible
formatted/partioned, the script will refuse to install the dump record
unless the --force switch is given.
Disks which are in use or have mounted partitions will not be listed and can't be used.
The mentioning of "dumpdevice" after a disk indicates that it is an already usable dump device. Additionally multi-volume dump devices are indicated by the list of including DASD ids.
Options:
-h, --help display this help and exit
-V, --version display version information and exit
-d, --debug debug mode, do not run programs which commit changes
-v, --verbose be verbose and show command outputs
-f, --force force overwrite of the disk
-l, --list-dump display dump disks
-D, --list-dasd display usable DASD disks (Device, Size, ID, Dump)
-Z, --list-zfcp display usable SCSI over zFCP disks (Device, Size, ID, WWPN, LUN, Dump)
Report bugs on https://bugzilla.novell.com/
EOF
exit($exitcode);
}
sub analyze_cmd_parameters
{
#verbose, debug and force are global
my $opt_help = 0;
my $opt_version = 0;
my $opt_dump = 0;
my $opt_dasd = 0;
my $opt_zfcp = 0;
if (@ARGV == 0) {
print_usage(14);
}
Getopt::Long::Configure('bundling');
GetOptions(
'h|help' => \$opt_help,
'V|version' => \$opt_version,
'd|debug' => \$OPT_DEBUG,
'v|verbose' => \$OPT_VERBOSE,
'f|force' => \$OPT_FORCE,
'l|list-dump' => \$opt_dump,
'D|list-dasd' => \$opt_dasd,
'Z|list-zfcp' => \$opt_zfcp,
) or print_usage(14);
if ($opt_help) {
print_usage(0);
}
if ($opt_version) {
print_version();
}
# determine free dasd and zfcp devices
my ($dasd_ref, $zfcp_ref) = determine_free_disks();
if ($opt_dump) {
list_dump_disks(@$dasd_ref, @$zfcp_ref);
exit 0;
}
if ($opt_dasd) {
list_free_disks(\@$dasd_ref, "dasd");
}
if ($opt_zfcp) {
list_free_disks(\@$zfcp_ref, "zfcp");
}
# allow listing of both device types at the same time
if ($opt_dasd or $opt_zfcp) {
exit 0;
}
# check provided devices and be strict
my @devices;
for my $device (@ARGV) {
if (grep(/$device/, @devices)) {
exit_with("$device is mentioned more than once.", 14);
}
if ( $device =~ /^\/dev\/[a-z]+$/ == 0) {
exit_with("The device parameter $device is inaccurate. Only whole disks are allowed.", 14);
}
if (grep(/$device/, (@$dasd_ref, @$zfcp_ref))) {
if (is_zfcp($device) and @ARGV > 1) {
exit_with("Multi-volume dumps aren't supported with zFCP.", 14);
}
push(@devices, $device);
} else {
if (-b $device) {
exit_with("$device is in use or not a DASD/zFCP disk!", 14);
} else {
exit_with("$device does not exist!", 14);
}
}
}
if (@devices == 0) {
exit_with("No usable devices where provided.", 14);
}
return(@devices);
}
sub main
{
check_paths();
my @devices = analyze_cmd_parameters();
# only one dump device is possible with zFCP which is enforced in analyze_cmd_parameters
if (is_zfcp($devices[0])) {
setup_zfcpdump($devices[0]);
} else {
setup_dasddump(@devices);
}
print("Creating the dump device was successful.\n");
}
main();

3
s390-tools-2.19.0.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:17dc163e6a1e940f895c64955c130058600e1df834e1ab134410be7266ef724a
size 1681093

3
s390-tools-2.24.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:af5268147f725a9a9ec54df8fe1b2e3e4e8d256199d542456f0b2275e560d005
size 1840869

2
s390-tools-rpmlintrc
View File

@ -2,3 +2,5 @@ addFilter("statically-linked-binary /usr/lib/s390-tools/.*")
addFilter("statically-linked-binary /usr/bin/read_values")
addFilter("systemd-service-without-service_.* *@.service")
addFilter("position-independent-executable-suggested ")
addFilter("non-etc-or-var-file-marked-as-conffile /boot/zipl/active_devices.txt")
addFilter("zero-length /boot/zipl/active_devices.txt")

0
s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch → s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.opensuse
View File

31
s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.suse Normal file
View File

@ -0,0 +1,31 @@
From f7a0f391f2c4e8acc96b21ab5de54a178aa60088 Mon Sep 17 00:00:00 2001
From: Hannes Reinecke <hare@suse.de>
Date: Fri, 22 Nov 2013 15:39:38 +0100
Subject: [PATCH] 59-dasd.rules: generate by-id links on 'change' and 'add'
The by-id rules need to be triggered on both, 'change' and 'add',
to work correctly during restarting udev.
References: bnc#808042
Signed-off-by: Robert Milasan <rmilasan@suse.de>
---
etc/udev/rules.d/59-dasd.rules | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/etc/udev/rules.d/59-dasd.rules b/etc/udev/rules.d/59-dasd.rules
index 2b1435c..a08cb7c 100644
--- a/etc/udev/rules.d/59-dasd.rules
+++ b/etc/udev/rules.d/59-dasd.rules
@@ -6,7 +6,7 @@
SUBSYSTEM!="block", GOTO="dasd_symlinks_end"
KERNEL!="dasd*", GOTO="dasd_symlinks_end"
-ACTION!="change", GOTO="dasd_block_end"
+ACTION!="change|add", GOTO="dasd_block_end"
# by-id (hardware serial number)
KERNEL=="dasd*[!0-9]", ATTRS{status}=="online", IMPORT{program}="/sbin/dasdinfo -a -e -b $kernel"
KERNEL=="dasd*[!0-9]", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_SERIAL}"
--
1.8.1.4

13
s390-tools-sles15sp3-remove-no-pie-link-arguments.patch
View File

@ -1,13 +0,0 @@
--- s390-tools-2.15.1/common.mak 2020-10-28 10:31:59.000000000 -0400
+++ s390-tools-2.15.1/common.mak 2021-03-01 11:16:20.285597140 -0500
@@ -252,8 +252,8 @@
ifneq ($(shell $(CC_SILENT) -dumpspecs 2>/dev/null | grep -e '[^f]no-pie'),)
NO_PIE_CFLAGS := -fno-pie
- NO_PIE_LINKFLAGS := -no-pie
- NO_PIE_LDFLAGS := -no-pie
+ NO_PIE_LINKFLAGS :=
+ NO_PIE_LDFLAGS :=
else
NO_PIE_CFLAGS :=
NO_PIE_LINKFLAGS :=

271
s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinning.patch
View File

@ -1,271 +0,0 @@
Subject: [PATCH] [BZ 197604] genprotimg: remove DigiCert root CA pinning
From: Marc Hartmayer <mhartmay@linux.ibm.com>
Description: genprotimg/check_hostkeydoc: cert. verification is too strict
Symptom: Verification failures will occur for newer host key documents
Problem: The certificate verification of check_hostkeydoc is too strict
and doesn't match the checking performed by genprotimg. This
applies to the OU field in the issuer DN of the host key
document. As a consequence verification failures will occur for
host key documents issued for hardware generations newer than
IBM z15.
DigiCert is the CA issuing the signing certificate for Secure
Execution host key documents. This certificate is used for the
verification of the host key document validity. Recently,
DigiCert has changed the root CA certificate used for issuance
of the signing certificates. As genprotimg is checking the CA
serial, the verification of the chain of trust will fail. As a
workaround, it is possible to disable certificate verification,
but this is not recommended because it makes it easier to
provide a fake host key document. Since the previously issued
host key documents are expiring in April 2022, it is necessary
to fix genprotimg to accept the newly issued host key
documents.
Solution: Relax the certificate verification
Reproduction: Use a new host key document
Upstream-ID: 78b053326c504c0535b5ec1c244ad7bb5a1df29d
Problem-ID: 197604
Upstream-Description:
genprotimg: remove DigiCert root CA pinning
Remove the DigiCert root CA pinning. The root CA used for the chain of trust can
change in the future therefore let's remove this check. If someone wants to
enforce the usage of a specific root CA it can be selected by the genprotimg
command line option `--root-ca $CA`. Make it transparent to the user which root
CA is actually being used by printing the subject name of the root CA to stdout
in verbose mode.
Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Acked-by: Viktor Mihajlovski <mihajlov@linux.ibm.com>
Reviewed-and-tested-by: Nico Boehr <nrb@linux.ibm.com>
Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Index: s390-tools-service/genprotimg/man/genprotimg.8
===================================================================
--- s390-tools-service.orig/genprotimg/man/genprotimg.8
+++ s390-tools-service/genprotimg/man/genprotimg.8
@@ -87,7 +87,7 @@ CRLs. Optional.
.TP
\fB\-\-root\-ca\fR=\fI\,FILE\/\fR
Specifies the root CA certificate for the verification. If omitted,
-the DigiCert root CA certificate installed on the system is used. Use
+the system wide root CAs installed on the system is used. Use
this only if you trust the specified certificate. Optional.
.TP
\fB\-\-no-verify\fR
Index: s390-tools-service/genprotimg/src/include/pv_crypto_def.h
===================================================================
--- s390-tools-service.orig/genprotimg/src/include/pv_crypto_def.h
+++ s390-tools-service/genprotimg/src/include/pv_crypto_def.h
@@ -29,9 +29,6 @@
*/
#define PV_CERTS_SECURITY_LEVEL 2
-/* SKID for DigiCert Assured ID Root CA */
-#define DIGICERT_ASSURED_ID_ROOT_CA_SKID "45EBA2AFF492CB82312D518BA7A7219DF36DC80F"
-
union ecdh_pub_key {
struct {
uint8_t x[80];
Index: s390-tools-service/genprotimg/src/pv/pv_args.c
===================================================================
--- s390-tools-service.orig/genprotimg/src/pv/pv_args.c
+++ s390-tools-service/genprotimg/src/pv/pv_args.c
@@ -111,7 +111,7 @@ static gint pv_args_validate_options(PvA
g_strv_length(args->untrusted_cert_paths) == 0)) {
g_set_error(
err, PV_PARSE_ERROR, PR_PARSE_ERROR_MISSING_ARGUMENT,
- _("Either specify the IBM Z signing key and (DigiCert) intermediate CA certificate\n"
+ _("Either specify the IBM Z signing key and intermediate CA certificate\n"
"by using the '--cert' option, or use the '--no-verify' flag to disable the\n"
"host-key document verification completely (at your own risk)."));
return -1;
Index: s390-tools-service/genprotimg/src/pv/pv_image.c
===================================================================
--- s390-tools-service.orig/genprotimg/src/pv/pv_image.c
+++ s390-tools-service/genprotimg/src/pv/pv_image.c
@@ -304,9 +304,10 @@ static gint pv_img_hostkey_verify(GSList
}
/* Load all untrusted certificates (e.g. IBM Z signing key and
- * DigiCert intermediate CA) that are required to establish a chain of
- * trust starting from the host-key document up to the root CA (if not
- * otherwise specified that's the DigiCert Assured ID Root CA).
+ * intermediate CA) that are required to establish a chain of trust
+ * starting from the host-key document up to the root CA (if not
+ * otherwise specified that can be one of the system wide installed
+ * root CAs, e.g. DigiCert).
*/
untrusted_certs_with_path = load_certificates(untrusted_cert_paths, err);
if (!untrusted_certs_with_path)
@@ -341,9 +342,8 @@ static gint pv_img_hostkey_verify(GSList
* For this we must check:
*
* 1. Can a chain of trust be established ending in a root CA
- * 2. Is the correct root CA ued? It has either to be the
- * 'DigiCert Assured ID Root CA' or the root CA specified via
- * command line.
+ * 2. Is the correct root CA used? It has either to be a system CA
+ * or the root CA specified via command line.
*/
for (gint i = 0; i < sk_X509_num(ibm_signing_certs); ++i) {
X509 *ibm_signing_cert = sk_X509_value(ibm_signing_certs, i);
@@ -364,17 +364,12 @@ static gint pv_img_hostkey_verify(GSList
if (verify_cert(ibm_signing_cert, ctx, err) < 0)
goto error;
- /* Verify the build chain of trust chain. If the user passes a
- * trusted root CA on the command line then the check for the
- * Subject Key Identifier (SKID) is skipped, otherwise let's
- * check if the SKID meets our expectation.
+ /* If there is a chain of trust using either the provided root
+ * CA on the command line or a system wide trusted root CA.
*/
- if (!root_ca_path &&
- check_chain_parameters(X509_STORE_CTX_get0_chain(ctx),
- get_digicert_assured_id_root_ca_skid(),
- err) < 0) {
+ if (check_chain_parameters(X509_STORE_CTX_get0_chain(ctx),
+ err) < 0)
goto error;
- }
ibm_signing_crls = store_ctx_find_valid_crls(ctx, ibm_signing_cert, err);
if (!ibm_signing_crls) {
@@ -588,7 +583,7 @@ PvImage *pv_img_new(PvArgs *args, const
g_warning(_("host-key document verification is disabled. Your workload is not secured."));
if (args->root_ca_path)
- g_warning(_("A different root CA than the default DigiCert root CA is selected. Ensure that this root CA is trusted."));
+ g_warning(_("The root CA is selected through the command line. Ensure that this root CA is trusted."));
ret->comps = pv_img_comps_new(EVP_sha512(), EVP_sha512(), EVP_sha512(), err);
if (!ret->comps)
Index: s390-tools-service/genprotimg/src/utils/crypto.c
===================================================================
--- s390-tools-service.orig/genprotimg/src/utils/crypto.c
+++ s390-tools-service/genprotimg/src/utils/crypto.c
@@ -1079,8 +1079,8 @@ int store_set_verify_param(X509_STORE *s
g_abort();
/* The maximum depth level of the chain of trust for the verification of
- * the IBM Z signing key is 2, i.e. IBM Z signing key -> (DigiCert)
- * intermediate CA -> (DigiCert) root CA
+ * the IBM Z signing key is 2, i.e. IBM Z signing key -> intermediate CA
+ * -> root CA
*/
X509_VERIFY_PARAM_set_depth(param, 2);
@@ -1267,46 +1267,38 @@ static int security_level_to_bits(int le
return security_bits[level];
}
-static ASN1_OCTET_STRING *digicert_assured_id_root_ca;
-
-const ASN1_OCTET_STRING *get_digicert_assured_id_root_ca_skid(void)
-{
- pv_crypto_init();
- return digicert_assured_id_root_ca;
-}
-
/* Used for the caching of the downloaded CRLs */
static GHashTable *cached_crls;
void pv_crypto_init(void)
{
- if (digicert_assured_id_root_ca)
+ if (cached_crls)
return;
-
cached_crls = g_hash_table_new_full(g_str_hash, g_str_equal, g_free,
(GDestroyNotify)X509_CRL_free);
- digicert_assured_id_root_ca = s2i_ASN1_OCTET_STRING(
- NULL, NULL, DIGICERT_ASSURED_ID_ROOT_CA_SKID);
}
void pv_crypto_cleanup(void)
{
- if (!digicert_assured_id_root_ca)
+ if (!cached_crls)
return;
g_clear_pointer(&cached_crls, g_hash_table_destroy);
- g_clear_pointer(&digicert_assured_id_root_ca, ASN1_OCTET_STRING_free);
}
gint check_chain_parameters(const STACK_OF_X509 *chain,
- const ASN1_OCTET_STRING *skid, GError **err)
+ GError **err)
{
- const ASN1_OCTET_STRING *ca_skid = NULL;
+ const X509_NAME *ca_x509_subject = NULL;
+ g_autofree gchar *ca_subject = NULL;
gint len = sk_X509_num(chain);
X509 *ca = NULL;
- g_assert(skid);
/* at least one root and one leaf certificate must be defined */
- g_assert(len >= 2);
+ if (len < 2) {
+ g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_INTERNAL,
+ _("there must be at least on root and one leaf certificate in the chain of trust"));
+ return -1;
+ }
/* get the root certificate of the chain of trust */
ca = sk_X509_value(chain, len - 1);
@@ -1316,19 +1308,21 @@ gint check_chain_parameters(const STACK_
return -1;
}
- ca_skid = X509_get0_subject_key_id(ca);
- if (!ca_skid) {
- g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_MALFORMED_ROOT_CA,
- _("malformed root certificate"));
+ ca_x509_subject = X509_get_subject_name(ca);
+ if (!ca_x509_subject) {
+ g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_INTERNAL,
+ _("subject of the root CA cannot be retrieved"));
return -1;
}
- if (ASN1_STRING_cmp(ca_skid, skid) != 0) {
- g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_WRONG_CA_USED,
- _("expecting DigiCert root CA to be used"));
+ ca_subject = X509_NAME_oneline(ca_x509_subject, NULL, 0);
+ if (!ca_subject) {
+ g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_INTERNAL,
+ _("subject name of the root CA cannot be retrieved"));
return -1;
}
+ g_info("Root CA used: '%s'", ca_subject);
return 0;
}
Index: s390-tools-service/genprotimg/src/utils/crypto.h
===================================================================
--- s390-tools-service.orig/genprotimg/src/utils/crypto.h
+++ s390-tools-service/genprotimg/src/utils/crypto.h
@@ -125,7 +125,6 @@ int check_crl_valid_for_cert(X509_CRL *c
gint verify_flags, GError **err);
void pv_crypto_init(void);
void pv_crypto_cleanup(void);
-const ASN1_OCTET_STRING *get_digicert_assured_id_root_ca_skid(void);
gint verify_host_key(X509 *host_key, GSList *issuer_pairs,
gint verify_flags, int level, GError **err);
X509 *load_cert_from_file(const char *path, GError **err);
@@ -138,8 +137,7 @@ X509_STORE *store_setup(const gchar *roo
int store_set_verify_param(X509_STORE *store, GError **err);
X509_CRL *load_crl_by_cert(X509 *cert, GError **err);
STACK_OF_X509_CRL *try_load_crls_by_certs(GSList *certs_with_path);
-gint check_chain_parameters(const STACK_OF_X509 *chain,
- const ASN1_OCTET_STRING *skid, GError **err);
+gint check_chain_parameters(const STACK_OF_X509 *chain, GError **err);
X509_NAME *c2b_name(const X509_NAME *name);
STACK_OF_X509 *delete_ibm_signing_certs(STACK_OF_X509 *certs);

102
s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch
View File

@ -1,102 +0,0 @@
Subject: [PATCH] [BZ 197604] genprotimg/check_hostkeydoc: relax default issuer check
From: Marc Hartmayer <mhartmay@linux.ibm.com>
Description: genprotimg/check_hostkeydoc: cert. verification is too strict
Symptom: Verification failures will occur for newer host key documents
Problem: The certificate verification of check_hostkeydoc is too strict
and doesn't match the checking performed by genprotimg. This
applies to the OU field in the issuer DN of the host key
document. As a consequence verification failures will occur for
host key documents issued for hardware generations newer than
IBM z15.
DigiCert is the CA issuing the signing certificate for Secure
Execution host key documents. This certificate is used for the
verification of the host key document validity. Recently,
DigiCert has changed the root CA certificate used for issuance
of the signing certificates. As genprotimg is checking the CA
serial, the verification of the chain of trust will fail. As a
workaround, it is possible to disable certificate verification,
but this is not recommended because it makes it easier to
provide a fake host key document. Since the previously issued
host key documents are expiring in April 2022, it is necessary
to fix genprotimg to accept the newly issued host key
documents.
Solution: Relax the certificate verification
Reproduction: Use a new host key document
Upstream-ID: 673ff375d939d3cde674f8f99a62d456f8b1673d
Problem-ID: 197604
Upstream-Description:
genprotimg/check_hostkeydoc: relax default issuer check
While the original default issuer's organizationalUnitName (OU)
was defined as "IBM Z Host Key Signing Service", any OU ending
with "Key Signing Service" is considered legal.
Let's relax the default issuer check by stripping off characters
preceding "Key Signing Service".
Signed-off-by: Viktor Mihajlovski <mihajlov@linux.ibm.com>
Reviewed-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Index: s390-tools-service/genprotimg/samples/check_hostkeydoc
===================================================================
--- s390-tools-service.orig/genprotimg/samples/check_hostkeydoc
+++ s390-tools-service/genprotimg/samples/check_hostkeydoc
@@ -23,6 +23,7 @@ BODY_FILE=$(mktemp)
ISSUER_DN_FILE=$(mktemp)
SUBJECT_DN_FILE=$(mktemp)
DEF_ISSUER_DN_FILE=$(mktemp)
+CANONICAL_ISSUER_DN_FILE=$(mktemp)
CRL_SERIAL_FILE=$(mktemp)
# Cleanup on exit
@@ -30,7 +31,7 @@ cleanup()
{
rm -f $ISSUER_PUBKEY_FILE $SIGNATURE_FILE $BODY_FILE \
$ISSUER_DN_FILE $SUBJECT_DN_FILE $DEF_ISSUER_DN_FILE \
- $CRL_SERIAL_FILE
+ $CANONICAL_ISSUER_DN_FILE $CRL_SERIAL_FILE
}
trap cleanup EXIT
@@ -121,20 +122,31 @@ default_issuer()
commonName = International Business Machines Corporation
countryName = US
localityName = Poughkeepsie
- organizationalUnitName = IBM Z Host Key Signing Service
+ organizationalUnitName = Key Signing Service
organizationName = International Business Machines Corporation
stateOrProvinceName = New York
EOF
}
-verify_issuer_files()
+# As organizationalUnitName can have an arbitrary prefix but must
+# end with "Key Signing Service" let's normalize the OU name by
+# stripping off the prefix
+verify_default_issuer()
{
default_issuer > $DEF_ISSUER_DN_FILE
- if ! diff $ISSUER_DN_FILE $DEF_ISSUER_DN_FILE
+ sed "s/\(^[ ]*organizationalUnitName[ ]*=[ ]*\).*\(Key Signing Service$\)/\1\2/" \
+ $ISSUER_DN_FILE > $CANONICAL_ISSUER_DN_FILE
+
+ if ! diff $CANONICAL_ISSUER_DN_FILE $DEF_ISSUER_DN_FILE
then
echo Incorrect default issuer >&2 && exit 1
fi
+}
+
+verify_issuer_files()
+{
+ verify_default_issuer
if diff $ISSUER_DN_FILE $SUBJECT_DN_FILE
then

116
s390-tools-sles15sp4-chreipl-fcp-mpath-don-t-compress-the-manpage-before-.patch
View File

@ -1,116 +0,0 @@
From 1bbd34e500980b9ea2514776bb2dbd745247e651 Mon Sep 17 00:00:00 2001
From: Benjamin Block <bblock@linux.ibm.com>
Date: Fri, 12 Nov 2021 13:34:22 +0100
Subject: [PATCH] chreipl-fcp-mpath: don't compress the manpage before
installing it
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Remove the call to `gzip` before installing the manpage during the
`make install` call. What and if compression is done should be handled by
the distribution tooling.
This also removes a dependency for the build process.
Reviewed-by: Steffen Maier <maier@linux.ibm.com>
Signed-off-by: Benjamin Block <bblock@linux.ibm.com>
Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
---
CHANGELOG.md | 1 +
README.md | 2 +-
chreipl-fcp-mpath/.gitignore | 1 -
chreipl-fcp-mpath/Makefile | 11 +----------
chreipl-fcp-mpath/README.md | 5 ++---
5 files changed, 5 insertions(+), 15 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 94817e1..8cac1cb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,7 @@
- dbginfo.sh: Add retry timeout and remove possible blocking "blockdev --report"
- dbginfo.sh: Collect config- and debug-data for chreipl-fcp-mpath
- hsci: Add support for multiple MAC addresses
+ - chreipl-fcp-mpath: don't compress the manpage before installing it
Bug Fixes:
- lshwc: Fix compile error for gcc <8.1
diff --git a/README.md b/README.md
index eb5c81f..62e4c11 100644
--- a/README.md
+++ b/README.md
@@ -479,4 +479,4 @@ the different tools are provided:
util-linux, udev, and multipath-tools. When using `HAVE_DRACUT=1` with the
make invocation, it also requires dracut. When using `ENABLE_DOC=1` with the
make invocation to build a man page and render the README.md as HTML, make
- further requires pandoc, GNU awk, and GNU Gzip for the build process.
+ further requires pandoc and GNU awk for the build process.
diff --git a/chreipl-fcp-mpath/.gitignore b/chreipl-fcp-mpath/.gitignore
index 4611195..ecd49ee 100644
--- a/chreipl-fcp-mpath/.gitignore
+++ b/chreipl-fcp-mpath/.gitignore
@@ -10,4 +10,3 @@
/README.pdf
/chreipl-fcp-mpath.md
/chreipl-fcp-mpath.7
-/chreipl-fcp-mpath.7.gz
diff --git a/chreipl-fcp-mpath/Makefile b/chreipl-fcp-mpath/Makefile
index 80cab7f..9b4aae0 100644
--- a/chreipl-fcp-mpath/Makefile
+++ b/chreipl-fcp-mpath/Makefile
@@ -12,8 +12,6 @@
# bash:
# - bash
# If $(ENABLE_DOC) is `1`:
-# GNU Gzip:
-# - gzip
# GNU awk:
# - gawk
@@ -186,18 +184,11 @@ INSTDIRS += $(MANDIR)
.PHONY: chreipl-fcp-mpath-install-man-page
chreipl-fcp-mpath-install-man-page: | $(DESTDIR)$(MANDIR)/man7
chreipl-fcp-mpath-install-man-page: chreipl-fcp-mpath.7
- $(GZIP) -fk --best chreipl-fcp-mpath.7
$(INSTALL_DATA) -t $(DESTDIR)$(MANDIR)/man7 \
- chreipl-fcp-mpath.7.gz
+ chreipl-fcp-mpath.7
chreipl-fcp-mpath-install: chreipl-fcp-mpath-install-man-page
-.PHONY: chreipl-fcp-mpath-install-man-page-clean
-chreipl-fcp-mpath-install-man-page-clean:
- rm -f chreipl-fcp-mpath.7.gz
-
-chreipl-fcp-mpath-clean: chreipl-fcp-mpath-install-man-page-clean
-
endif
#
diff --git a/chreipl-fcp-mpath/README.md b/chreipl-fcp-mpath/README.md
index 3943f73..d58ccd2 100644
--- a/chreipl-fcp-mpath/README.md
+++ b/chreipl-fcp-mpath/README.md
@@ -131,8 +131,7 @@ To build and install the documentation (man page) you need:
- pandoc;
- GNU Core Utilities (date);
- - GNU awk;
- - GNU Gzip.
+ - GNU awk.
INSTALLATION
============
@@ -207,7 +206,7 @@ files to these default locations:
/usr/lib/udev/chreipl-fcp-mpath-record-volume-identifier
/usr/lib/udev/chreipl-fcp-mpath-try-change-ipl-path
/usr/lib/udev/rules.d/70-chreipl-fcp-mpath.rules
- /usr/share/man/man7/chreipl-fcp-mpath.7.gz
+ /usr/share/man/man7/chreipl-fcp-mpath.7
UNINSTALL
=========
--
2.26.2

36
s390-tools-sles15sp4-chreipl-fcp-mpath-remove-shebang-from-chreipl-fcp-mp.patch
View File

@ -1,36 +0,0 @@
From c2f8988444d0ed8274256c1990bb7f8866c265e2 Mon Sep 17 00:00:00 2001
From: Benjamin Block <bblock@linux.ibm.com>
Date: Fri, 12 Nov 2021 12:38:10 +0100
Subject: [PATCH] chreipl-fcp-mpath: remove shebang from
chreipl-fcp-mpath-common.sh.in
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
`chreipl-fcp-mpath-common.sh.in` is never executed, only used as argument
for `source` in the udev helper scripts, so the shebang is unnecessary, and
might be confusing.
Also, tools like `rpmlint` from the rpm software management will complain
about this; e.g.:
s390-tools-chreipl-fcp-mpath.s390x: W: non-executable-script /usr/lib/chreipl-fcp-mpath/chreipl-fcp-mpath-common.sh 644 /bin/bash
Reviewed-by: Steffen Maier <maier@linux.ibm.com>
Signed-off-by: Benjamin Block <bblock@linux.ibm.com>
Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
---
chreipl-fcp-mpath/chreipl-fcp-mpath-common.sh.in | 1 -
1 file changed, 1 deletion(-)
diff --git a/chreipl-fcp-mpath/chreipl-fcp-mpath-common.sh.in b/chreipl-fcp-mpath/chreipl-fcp-mpath-common.sh.in
index 83c4361..0a54322 100644
--- a/chreipl-fcp-mpath/chreipl-fcp-mpath-common.sh.in
+++ b/chreipl-fcp-mpath/chreipl-fcp-mpath-common.sh.in
@@ -1,4 +1,3 @@
-#!/bin/bash
# SPDX-License-Identifier: MIT
#
# chreipl-fcp-mpath: use multipath information to change FCP IPL target
--
2.26.2

50
s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch
View File

@ -1,50 +0,0 @@
From 9e620058184cfdf026241b953bfbb095256198a0 Mon Sep 17 00:00:00 2001
From: Marc Hartmayer <mhartmay@linux.ibm.com>
Date: Tue, 26 Apr 2022 09:22:10 +0000
Subject: [PATCH] genprotimg/boot: disable `-Warray-bounds` for now
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This work around fixes the gcc-12 false positive by disabling `Warray-bounds`:
CC genprotimg/boot/stage3a.o
In file included from stage3a.c:14:
In function __test_facility,
inlined from test_facility at ../../include/boot/s390.h:428:9,
inlined from start at stage3a.c:42:7:
../../include/boot/s390.h:418:17: error: array subscript 0 is outside array bounds of void[0] [-Werror=array-bounds]
418 | return (*ptr & (0x80 >> (nr & 7))) != 0;
| ^~~~
Unfortunately, there is currently no better fix available that doesn't result
in larger boot loader code sizes. Given the importancy of the boot loader file
sizes the other fixes aren't acceptable. The Linux kernel shares the
problem (but for performance reasons), take a look at the discussion
https://lore.kernel.org/lkml/yt9dzgkelelc.fsf@linux.ibm.com/ for details.
Fixes: https://github.com/ibm-s390-linux/s390-tools/issues/130
Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Reviewed-by: Jan Höppner <hoeppner@linux.ibm.com>
Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
---
genprotimg/boot/Makefile | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/genprotimg/boot/Makefile b/genprotimg/boot/Makefile
index f957a70..95bd6cc 100644
--- a/genprotimg/boot/Makefile
+++ b/genprotimg/boot/Makefile
@@ -15,7 +15,8 @@ ALL_CFLAGS := $(NO_PIE_CFLAGS) -Os -g \
-fno-delete-null-pointer-checks -fno-stack-protector \
-fexec-charset=IBM1047 -m64 -mpacked-stack \
-mstack-size=4096 -mstack-guard=128 -msoft-float \
- -Wall -Wformat-security -Wextra -Werror
+ -Wall -Wformat-security -Wextra -Werror \
+ -Wno-array-bounds
FILES := stage3a.bin stage3b.bin stage3b_reloc.bin
--
2.35.3

94
s390-tools-sles15sp4-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch
View File

@ -1,94 +0,0 @@
Subject: [PATCH] [BZ 198268] libseckey: Adapt keymgmt_match() implementation to OpenSSL
From: Ingo Franzki <ifranzki@linux.ibm.com>
Description: zkey: KMIP plugin fails to connection to KMIP server
Symptom: When a zkey key repository is bound to the KMIP plugin, and the
connection to the KMIP server is to be configired using command
'zkey kms configure --kmip-server <server>', it fails to connect
to the specified KMIP server.
Problem: When trying to establish a TSL connection to the KMIP server,
the KMIP client sets up an OpenSSL SSL context with its
certificate and its private key (which is a secure key) using
OpenSSL function SSL_CTX_use_PrivateKey(). When running with
OpenSSL 3.0, This calls the secure key provider's match
function to check if the private key specified matches the
public key of the certificate using EVP_PKEY_eq(). EVP_PKEY_eq()
includes the private key into the selector bits for the match
call, although the certificate only contains the public key
part.
OpenSSL commit ee22a3741e3fc27c981e7f7e9bcb8d3342b0c65a changed
the OpenSSL provider's keymgmt_match() function to be not so
strict with the selector bits in regards to matching different
key parts.
This means, that if the public key is selected to be matched,
and the public key matches (together with any also selected
parameters), then the private key is no longer checked, although
it may also be selected to be matched. This is according to how
the OpenSSL function EVP_PKEY_eq() is supposed to behave.
Solution: Adapt the secure key provider's match function to behave like
the match functions of the providers coming with OpenSSL.
Reproduction: Configure a connection to a KMIP server on a system that comes
with OpenSSL 3.0.
Upstream-ID: 6c5c5f7e558c114ddaa475e96c9ec708049aa423
Problem-ID: 198268
Upstream-Description:
libseckey: Adapt keymgmt_match() implementation to OpenSSL
OpenSSL commit ee22a3741e3fc27c981e7f7e9bcb8d3342b0c65a changed the
OpenSSL provider's keymgmt_match() function to be not so strict with
the selector bits in regards to matching different key parts.
Adapt the secure key provider's match function accordingly.
This means, that if the public key is selected to be matched, and
the public key matches (together with any also selected parameters),
then the private key is no longer checked, although it may also be
selected to be matched. This is according to how the OpenSSL function
EVP_PKEY_eq() is supposed to behave.
OpenSSL function SSL_CTX_use_PrivateKey() calls the providers match
function to check if the private key specified matches the public key
of the certificate using EVP_PKEY_eq(). EVP_PKEY_eq() includes the
private key into the selector bits here, although the certificate
only contains the public key part.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
libseckey/sk_provider.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
--- a/libseckey/sk_provider.c
+++ b/libseckey/sk_provider.c
@@ -2216,13 +2216,23 @@ static int sk_prov_keymgmt_match(const s
if (key1->type != key2->type)
return 0;
+
+ if (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) {
+ /* match everything except private key */
+ return default_match_fn(key1->default_key, key2->default_key,
+ selection &
+ (~OSSL_KEYMGMT_SELECT_PRIVATE_KEY));
+ }
+
if (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) {
if (key1->secure_key_size != key2->secure_key_size)
return 0;
- if (key1->secure_key_size > 0 &&
- memcmp(key1->secure_key, key2->secure_key,
- key1->secure_key_size) != 0)
- return 0;
+ if (key1->secure_key_size > 0) {
+ if (memcmp(key1->secure_key, key2->secure_key,
+ key1->secure_key_size) != 0)
+ return 0;
+ selection &= (~OSSL_KEYMGMT_SELECT_PRIVATE_KEY);
+ }
}
return default_match_fn(key1->default_key, key2->default_key,

103
s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch
View File

@ -1,103 +0,0 @@
Subject: [PATCH] [BZ 197605] libseckey: Fix re-enciphering of EP11 secure key
From: Ingo Franzki <ifranzki@linux.ibm.com>
Description: zkey: Fix re-enciphering of EP11 identity key of KMIP plugin
Symptom: When re-enciphering the identity key and/or wrapping key of the
zkey KMIP plugin via 'zkey kms reencipher', the operation
completes without an error, but the secure keys are left
un-reenciphered. A subsequent connection attempt with the KMIP
server will fail because the identity key is no longer valid.
Problem: The re-enciphered secure key is not copied back into the
key token buffer. Also, the the public key part, i.e. the MACed
SubjectPublicKeyInfo (SPKI) structure must also be re-
enciphered (i.e. re-MACed), since the MAC is calculated with
the EP11 master key.
Solution: Copy the re-enciphered secure key back into the key toke
buffer, and also re-encipher the public key part.
Reproduction: Perform a master key change on the EP11 APQNs used with the
KMIP plugin.
Upstream-ID: 4e2ebe0370d9fb036b7554d5ac5df4418dbe0397
Problem-ID: 197605
Upstream-Description:
libseckey: Fix re-enciphering of EP11 secure key
The re-enciphering of EP11 asymmetric secure keys does not work.
First, the result of the re-encipher operation of the private key
part must be copied back into the user supplied key token buffer.
Second, the public key part, i.e. the MACed SubjectPublicKeyInfo
(SPKI) structure must also be re-enciphered (i.e. re-MACed), since
the MAC is calculated with the EP11 master key.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
libseckey/sk_ep11.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 53 insertions(+)
--- a/libseckey/sk_ep11.c
+++ b/libseckey/sk_ep11.c
@@ -1549,6 +1549,59 @@ int SK_EP11_reencipher_key(const struct
return -EIO;
}
+ memcpy(blob, lrb.payload, lrb.pllen);
+
+ /* re-encipher MACed SPKI */
+ rb.domain = domain;
+ lrb.domain = domain;
+
+ resp_len = sizeof(resp);
+ req_len = ep11.dll_xcpa_cmdblock(req, sizeof(req), XCP_ADM_REENCRYPT,
+ &rb, NULL, key_token + hdr->len,
+ key_token_length - hdr->len);
+ if (req_len < 0) {
+ sk_debug(debug, "Failed to build XCP command block");
+ return -EIO;
+ }
+
+ rv = ep11.dll_m_admin(resp, &resp_len, NULL, NULL, req, req_len, NULL,
+ 0, ep11_lib->target);
+ if (rv != CKR_OK || resp_len == 0) {
+ sk_debug(debug, "Command XCP_ADM_REENCRYPT failed. "
+ "rc = 0x%lx, resp_len = %ld", rv, resp_len);
+ return -EIO;
+ }
+
+ rc = ep11.dll_xcpa_internal_rv(resp, resp_len, &lrb, &rv);
+ if (rc != 0) {
+ sk_debug(debug, "Failed to parse response. rc = %d", rc);
+ return -EIO;
+ }
+
+ if (rv != CKR_OK) {
+ sk_debug(debug, "Failed to re-encrypt the EP11 secure key. "
+ "rc = 0x%lx", rv);
+ switch (rv) {
+ case CKR_IBM_WKID_MISMATCH:
+ sk_debug(debug, "The EP11 secure key is currently "
+ "encrypted under a different master that does "
+ "not match the master key in the CURRENT "
+ "master key register of APQN %02X.%04X",
+ card, domain);
+ break;
+ }
+ return -EIO;
+ }
+
+ if (key_token_length - hdr->len != lrb.pllen) {
+ sk_debug(debug, "Re-encrypted EP11 secure key size has "
+ "changed: org-len: %lu, new-len: %lu",
+ hdr->len - sizeof(*hdr), lrb.pllen);
+ return -EIO;
+ }
+
+ memcpy(key_token + hdr->len, lrb.payload, lrb.pllen);
+
return 0;
}

169
s390-tools-sles15sp4-zdev-Fix-path-resolution-for-multi-mount-point-file-.patch
View File

@ -1,169 +0,0 @@
Subject: [PATCH] [BZ 196440] zdev: Fix path resolution for multi-mount point file systems
From: Peter Oberparleiter <oberpar@linux.ibm.com>
Description: zdev: Fix path resolution for multi-mount point file systems
Symptom: Path resolution fails when a device provides multiple mount
points such as, for example, when using btrfs subvolumes, or
when mounting the same file system at multiple mount points.
Problem: The failure is caused by zdev relying on the MOUNTPOINT
attribute of lsblk's output which only contains a single
mount point.
Solution: Fix this by making use of lsblk's MOUNTPOINTS attribute that
contains the full list of mount points.
Reproduction: chzdev -f -e <dev_id_a> <dev_id_b> <dev_id_c>: In this case, if
the rootfs is soread across multiple devices, zdev adds only the
first device in to the initrd and the system does not boot.
Upstream-ID: 1faa5d2957eb82ab235778959d70a38062b7aa7d
Problem-ID: 196440
Upstream-Description:
zdev: Fix path resolution for multi-mount point file systems
zdev provides path resolution logic to determine which z-specific
devices contribute to the file system mounted at a specific mount point.
This logic is used by command-line option --by-path, but also to
determine the list of devices needed to enable the root file system.
Path resolution fails when a device provides multiple mount points such
as, for example, when using btrfs subvolumes, or when mounting the same
file system at multiple mount points. The failure is caused by zdev
relying on the MOUNTPOINT attribute of lsblk's output which only
contains a single mount point.
Fix this by making use of lsblk's MOUNTPOINTS attribute that contains
the full list of mount points. Note that MOUNTPOINTS was only introduced
with util-linux v2.37, therefore a fall-back to the old format is
needed.
Fixes: https://github.com/ibm-s390-linux/s390-tools/issues/129
Signed-off-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Reviewed-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Reviewed-by: Vineeth Vijayan <vneethv@linux.ibm.com>
Reviewed-by: Eduard Shishkin <edward6@linux.ibm.com>
Reported-by: Dan Horak <dan@danny.cz>
Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Signed-off-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Index: s390-tools-service/zdev/src/blkinfo.c
===================================================================
--- s390-tools-service.orig/zdev/src/blkinfo.c
+++ s390-tools-service/zdev/src/blkinfo.c
@@ -7,6 +7,7 @@
* it under the terms of the MIT license. See LICENSE for details.
*/
+#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -16,6 +17,7 @@
#include "misc.h"
#define LSBLK_CMDLINE "lsblk -P -o NAME,MAJ:MIN,FSTYPE,UUID,MOUNTPOINT,PKNAME 2>/dev/null"
+#define LSBLK_CMDLINE2 "lsblk -P -o NAME,MAJ:MIN,FSTYPE,UUID,MOUNTPOINTS,PKNAME 2>/dev/null"
struct blkinfo {
struct devnode *devnode;
@@ -82,6 +84,26 @@ void blkinfo_print(struct blkinfo *blkin
printf("%*sparent=%s\n", level, "", blkinfo->parent);
}
+/* Convert each occurrence of '\xnn' in @str to character with hex code <nn>. */
+static void hex_unescape(char *str)
+{
+ unsigned int c;
+
+ while ((str = strstr(str, "\\x"))) {
+ if (isxdigit(str[2]) && isxdigit(str[3]) &&
+ sscanf(str + 2, "%2x", &c) == 1) {
+ str[0] = (char)c;
+
+ /* Move remainder of str including nul behind <c>. */
+ memmove(str + /* <c> */ 1,
+ str + /* '\xnn' */ 4,
+ strlen(str + 4) + /* <nul> */ 1);
+ }
+
+ str++;
+ }
+}
+
static char *isolate_keyword(char **line_ptr, const char *keyword)
{
char *start, *end;
@@ -102,9 +124,11 @@ static char *isolate_keyword(char **line
return start;
}
-static struct blkinfo *blkinfo_from_line(char *line)
+static void add_blkinfos_from_line(struct util_list *blkinfos,
+ char *line)
{
- char *name, *majmin, *fstype, *uuid, *mountpoint, *parent;
+ char *name, *majmin, *fstype, *uuid, *mountpoint, *mountpoints, *parent;
+ struct blkinfo *blkinfo;
name = isolate_keyword(&line, "NAME=\"");
majmin = isolate_keyword(&line, "MAJ:MIN=\"");
@@ -113,21 +137,45 @@ static struct blkinfo *blkinfo_from_line
fstype = isolate_keyword(&line, "FSTYPE=\"");
uuid = isolate_keyword(&line, "UUID=\"");
mountpoint = isolate_keyword(&line, "MOUNTPOINT=\"");
+ mountpoints = isolate_keyword(&line, "MOUNTPOINTS=\"");
parent = isolate_keyword(&line, "PKNAME=\"");
- return blkinfo_new(name, majmin, fstype, uuid, mountpoint, parent);
+ if (!mountpoints) {
+ /* Handle old lsblk output format. */
+ blkinfo = blkinfo_new(name, majmin, fstype, uuid, mountpoint,
+ parent);
+ ptrlist_add(blkinfos, blkinfo);
+ return;
+ }
+
+ /* Restore newline mount point separator encoded as hex. */
+ hex_unescape(mountpoints);
+
+ /* Represent each mount point as a separate blkinfo to support
+ * resolution of multi-mount point file systems like btrfs
+ * subvolumes. */
+ while ((mountpoint = strsep(&mountpoints, "\n"))) {
+ blkinfo = blkinfo_new(name, majmin, fstype, uuid, mountpoint,
+ parent);
+ ptrlist_add(blkinfos, blkinfo);
+ }
}
static struct util_list *blkinfos_read(void)
{
char *output, *curr, *next;
struct util_list *blkinfos;
- struct blkinfo *blkinfo;
if (cached_blkinfos)
return cached_blkinfos;
- output = misc_read_cmd_output(LSBLK_CMDLINE, 0, 1);
+ output = misc_read_cmd_output(LSBLK_CMDLINE2, 0, 1);
+ if (output && !*output) {
+ /* No output might indicate no support for new lsblk command-
+ * line format - fall back to old format. */
+ free(output);
+ output = misc_read_cmd_output(LSBLK_CMDLINE, 0, 1);
+ }
if (!output)
return NULL;
@@ -136,9 +184,7 @@ static struct util_list *blkinfos_read(v
/* Iterate over each line. */
next = output;
while ((curr = strsep(&next, "\n"))) {
- blkinfo = blkinfo_from_line(curr);
- if (blkinfo)
- ptrlist_add(blkinfos, blkinfo);
+ add_blkinfos_from_line(blkinfos, curr);
}
free(output);

44
s390-tools-sles15sp4-zdev-modify-the-lsblk-output-parser-in-lszdev.patch
View File

@ -1,44 +0,0 @@
Subject: [PATCH] [BZ 196072] zdev: modify the lsblk output parser in lszdev
From: Vineeth Vijayan <vneethv@linux.ibm.com>
Description: zdev: modify the lsblk output parser in lszdev
Symptom: lsblk parser function in lszdev not working
Problem: Version 2.37+ of util-linux modified the output
characters of lsblk,which breaks the parser function.
Solution: Align the parser function to support latest changes
Reproduction: execute lszdev --by-path / command
Upstream-ID: ad024c06e16ec4bba31d19fb848b42c67113143d
Problem-ID: 196072
Upstream-Description:
zdev: modify the lsblk output parser in lszdev
Since version 2.37.x, with the commit 58b510e58 ("libsmartcols: sanitize
variable names on export output"), util-linux changes the output
characters of lsblk, where the ":" is replaced with an "_". Align the
lsblk output parser function in lszdev as per this change.
Signed-off-by: Vineeth Vijayan <vneethv@linux.ibm.com>
Suggested-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Reported-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Tested-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Signed-off-by: Vineeth Vijayan <vneethv@linux.ibm.com>
Index: s390-tools-service/zdev/src/blkinfo.c
===================================================================
--- s390-tools-service.orig/zdev/src/blkinfo.c
+++ s390-tools-service/zdev/src/blkinfo.c
@@ -108,6 +108,8 @@ static struct blkinfo *blkinfo_from_line
name = isolate_keyword(&line, "NAME=\"");
majmin = isolate_keyword(&line, "MAJ:MIN=\"");
+ if (!majmin)
+ majmin = isolate_keyword(&line, "MAJ_MIN=\"");
fstype = isolate_keyword(&line, "FSTYPE=\"");
uuid = isolate_keyword(&line, "UUID=\"");
mountpoint = isolate_keyword(&line, "MOUNTPOINT=\"");

70
s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch
View File

@ -1,70 +0,0 @@
Subject: [PATCH] [BZ 197814] zdump/dfi: Fix segfault due to double free
From: Mikhail Zaslonko <zaslonko@linux.ibm.com>
Description: zdump: segfault on zgetdump -i for multi-volume dump
Symptom: zgetdump --info may lead to the core dump when issued for
the device node (not a partition) right after installing
multi-volume dump tool (without taking actual dump).
Problem: Double free condition occurs on zg_close() call at the end of
the while loop in dfi_init() in scope of zgetdump processing.
Solution: Do not call zg_close() at the end of open_dump() function during
multi-volume dump initialization.
Reproduction: 1) Install multi-volume dump tool
2) Run zgetdump -i using the device node of one of the dump
volumes as a parameter without taking actual dump.
Upstream-ID: c4e4b926b471da9c488a6468e6bd966512d1d14c
Problem-ID: 197814
Upstream-Description:
zdump/dfi: Fix segfault due to double free
The problem can happen when dfi_s390mv_init_gen() returns with an error
code to dfi_init() in dfi.c.
Double free condition occurs on zg_close() call at the end of the
while loop in dfi_init() if zg_close() has already been called for the
same file handle at the end of open_dump() function in scope of
dfi_s390mv_init_gen() processing.
This global file handle is not closed during init() call for any
other dump formats. Since it is not reopened/reused after open_dump() call
during multi-volume dump initialization, we should not close it at all.
The problem can be reproduced in the following steps:
1) Install multi-volume dump tool
# zipl -M mvdump.conf
Dump target: 2 partitions with a total size of 4732 MB.
Warning: All information on the following partitions will be lost!
/dev/dasdb2
/dev/dasdb3
Do you want to continue creating multi-volume dump partitions (y/n)?y
Done.
2) Run zgetdump -i using device (not partition) as a parameter without
taking actual dump.
# zgetdump -i /dev/dasdb
free(): double free detected in tcache 2
Aborted (core dumped)
Signed-off-by: Mikhail Zaslonko <zaslonko@linux.ibm.com>
Reviewed-by: Alexander Egorenkov <egorenar@linux.ibm.com>
Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Signed-off-by: Mikhail Zaslonko <zaslonko@linux.ibm.com>
---
zdump/dfi_s390mv.c | 1 -
1 file changed, 1 deletion(-)
--- a/zdump/dfi_s390mv.c
+++ b/zdump/dfi_s390mv.c
@@ -556,7 +556,6 @@ static int open_dump(void)
}
if (mv_dumper_read() != 0)
return -ENODEV;
- zg_close(g.fh);
return 0;
}

92
s390-tools-sles15sp5-ap_tools-ap-check-use-new-mdevctl-install-location.patch Normal file
View File

@ -0,0 +1,92 @@
From 4b5937f142c7381e8cdad3ea3f55a4931a862488 Mon Sep 17 00:00:00 2001
From: Matthew Rosato <mjrosato@linux.ibm.com>
Date: Tue, 15 Nov 2022 12:40:35 -0500
Subject: [PATCH] ap_tools/ap-check: use new mdevctl install location
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
mdevctl has been updated to use /usr/lib/mdevctl/scripts.d/callouts/
instead of /etc/mdevctl.d/scripts.d/callouts/. The /etc location
is considered deprecated, meaning mdevctl will also look at that
location for now but might eventually stop looking in /etc for
callout scripts.
Based on that, update the installation location for the ap-check
callout. However, because older versions of mdevctl will still
only look in /etc, let's also put a wrapper script in /etc for now
to provide backward compatibility, and plan to remove it at a
later time.
Link: https://github.com/mdevctl/mdevctl/commit/df6bb57429ba7425e8b7901b0580ed7e616b6c4f
Fixes: https://github.com/ibm-s390-linux/s390-tools/issues/139
Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Reviewed-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
---
ap_tools/Makefile | 20 +++++++++++++++++---
ap_tools/ap-check.sh | 15 +++++++++++++++
2 files changed, 32 insertions(+), 3 deletions(-)
create mode 100644 ap_tools/ap-check.sh
diff --git a/ap_tools/Makefile b/ap_tools/Makefile
index 77fe4c3..a79624a 100644
--- a/ap_tools/Makefile
+++ b/ap_tools/Makefile
@@ -1,8 +1,11 @@
include ../common.mak
-MDEVCTL_DIR = /etc/mdevctl.d/
-MDEVCTL_SCRIPTS = /etc/mdevctl.d/scripts.d/
-MDEVCTL_CALLOUTS = /etc/mdevctl.d/scripts.d/callouts/
+MDEVCTL_DIR = /usr/lib/mdevctl/
+MDEVCTL_SCRIPTS = /usr/lib/mdevctl/scripts.d/
+MDEVCTL_CALLOUTS = /usr/lib/mdevctl/scripts.d/callouts/
+MDEVCTL_DEP_DIR = /etc/mdevctl.d/
+MDEVCTL_DEP_SCRIPTS = /etc/mdevctl.d/scripts.d/
+MDEVCTL_DEP_CALLOUTS = /etc/mdevctl.d/scripts.d/callouts/
libs = $(rootdir)/libap/libap.a \
$(rootdir)/libutil/libutil.a
@@ -32,6 +35,17 @@ install: all
fi; \
$(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 ap-check \
$(DESTDIR)$(MDEVCTL_CALLOUTS)
+ @if [ ! -d $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS) ]; then \
+ mkdir -p $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS); \
+ chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_DIR); \
+ chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_SCRIPTS); \
+ chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS); \
+ chmod 755 $(DESTDIR)$(MDEVCTL_DEP_DIR); \
+ chmod 755 $(DESTDIR)$(MDEVCTL_DEP_SCRIPTS); \
+ chmod 755 $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS); \
+ fi; \
+ $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 ap-check.sh \
+ $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS)
endif
clean:
diff --git a/ap_tools/ap-check.sh b/ap_tools/ap-check.sh
new file mode 100644
index 0000000..d8a4e77
--- /dev/null
+++ b/ap_tools/ap-check.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+#
+# ap-check.sh - Wrapper script for 'ap-check' binary
+#
+# mdevctl has deprecated the /etc/mdevctl.d/scripts.d/callouts/ location in
+# newer releases. This wrapper ensures that mdevctl 1.2.0 and older can
+# still access 'ap-check' for now, and will be removed at a later time.
+#
+# Copyright 2022 IBM Corp.
+#
+# s390-tools is free software; you can redistribute it and/or modify
+# it under the terms of the MIT license. See LICENSE for details.
+#
+
+[ -e /usr/lib/mdevctl/scripts.d/callouts/ap-check ] && /usr/lib/mdevctl/scripts.d/callouts/ap-check "$@"
--
2.35.3

143
s390-tools-sles15sp5-fix-chown-commands-syntax.patch Normal file
View File

@ -0,0 +1,143 @@
--- s390-tools-2.24.0/ap_tools/Makefile 2022-11-09 11:11:48.000000000 -0500
+++ s390-tools-2.24.0/ap_tools/Makefile 2022-12-01 15:33:30.953373912 -0500
@@ -26,9 +26,9 @@
install: all
@if [ ! -d $(DESTDIR)$(MDEVCTL_CALLOUTS) ]; then \
mkdir -p $(DESTDIR)$(MDEVCTL_CALLOUTS); \
- chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_DIR); \
- chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_SCRIPTS); \
- chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_CALLOUTS); \
+ chown $(OWNER):$(GROUP) $(DESTDIR)$(MDEVCTL_DIR); \
+ chown $(OWNER):$(GROUP) $(DESTDIR)$(MDEVCTL_SCRIPTS); \
+ chown $(OWNER):$(GROUP) $(DESTDIR)$(MDEVCTL_CALLOUTS); \
chmod 755 $(DESTDIR)$(MDEVCTL_DIR); \
chmod 755 $(DESTDIR)$(MDEVCTL_SCRIPTS); \
chmod 755 $(DESTDIR)$(MDEVCTL_CALLOUTS); \
@@ -37,9 +37,9 @@
$(DESTDIR)$(MDEVCTL_CALLOUTS)
@if [ ! -d $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS) ]; then \
mkdir -p $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS); \
- chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_DIR); \
- chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_SCRIPTS); \
- chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS); \
+ chown $(OWNER):$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_DIR); \
+ chown $(OWNER):$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_SCRIPTS); \
+ chown $(OWNER):$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS); \
chmod 755 $(DESTDIR)$(MDEVCTL_DEP_DIR); \
chmod 755 $(DESTDIR)$(MDEVCTL_DEP_SCRIPTS); \
chmod 755 $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS); \
--- s390-tools-2.24.0/hmcdrvfs/Makefile2022-11-09 11:11:48.000000000 -0500
+++ s390-tools-2.24.0/hmcdrvfs/Makefile 2022-12-01 15:33:42.825238489 -0500
@@ -52,7 +52,7 @@
cat $$i | \
sed -e 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \
>$(DESTDIR)$(USRSBINDIR)/$$i; \
- chown $(OWNER).$(GROUP) $(DESTDIR)$(USRSBINDIR)/$$i; \
+ chown $(OWNER):$(GROUP) $(DESTDIR)$(USRSBINDIR)/$$i; \
chmod 755 $(DESTDIR)$(USRSBINDIR)/$$i; \
done
--- s390-tools-2.24.0/hsci/Makefile 2022-11-09 11:11:48.000000000 -0500
+++ s390-tools-2.24.0/hsci/Makefile 2022-12-01 15:33:53.029122092 -0500
@@ -5,7 +5,7 @@
install: hsci
$(SED) -e 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \
< hsci >$(DESTDIR)$(BINDIR)/hsci; \
- chown $(OWNER).$(GROUP) $(DESTDIR)$(BINDIR)/hsci; \
+ chown $(OWNER):$(GROUP) $(DESTDIR)$(BINDIR)/hsci; \
chmod 755 $(DESTDIR)$(BINDIR)/hsci; \
$(INSTALL) -d -m 755 $(DESTDIR)$(BINDIR) $(DESTDIR)$(MANDIR)/man8
$(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 hsci.8 \
--- s390-tools-2.24.0/ip_watcher/Makefile 2022-11-09 11:11:48.000000000 -0500
+++ s390-tools-2.24.0/ip_watcher/Makefile 2022-12-01 15:34:09.116938576 -0500
@@ -12,7 +12,7 @@
install: ip_watcher.pl xcec-bridge start_hsnc.sh
$(SED) -e 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \
< start_hsnc.sh >$(DESTDIR)$(USRSBINDIR)/start_hsnc.sh; \
- chown $(OWNER).$(GROUP) $(DESTDIR)$(USRSBINDIR)/start_hsnc.sh; \
+ chown $(OWNER):$(GROUP) $(DESTDIR)$(USRSBINDIR)/start_hsnc.sh; \
chmod 755 $(DESTDIR)$(USRSBINDIR)/start_hsnc.sh; \
$(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 ip_watcher.pl \
$(DESTDIR)$(USRSBINDIR)
--- s390-tools-2.24.0/netboot/Makefile 2022-11-09 11:11:48.000000000 -0500
+++ s390-tools-2.24.0/netboot/Makefile 2022-12-01 15:34:28.212720750 -0500
@@ -15,13 +15,13 @@
install-scripts: $(SCRIPTS)
@if [ ! -d $(DESTDIR)$(NETBOOT_SAMPLEDIR) ]; then \
mkdir -p $(DESTDIR)$(NETBOOT_SAMPLEDIR); \
- chown $(OWNER).$(GROUP) $(DESTDIR)$(NETBOOT_SAMPLEDIR); \
+ chown $(OWNER):$(GROUP) $(DESTDIR)$(NETBOOT_SAMPLEDIR); \
chmod 755 $(DESTDIR)$(NETBOOT_SAMPLEDIR); \
fi; \
for i in $^; do \
$(SED) -e 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \
< $$i >$(DESTDIR)$(NETBOOT_SAMPLEDIR)/$$i; \
- chown $(OWNER).$(GROUP) $(DESTDIR)$(NETBOOT_SAMPLEDIR)/$$i; \
+ chown $(OWNER):$(GROUP) $(DESTDIR)$(NETBOOT_SAMPLEDIR)/$$i; \
chmod 755 $(DESTDIR)$(NETBOOT_SAMPLEDIR)/$$i; \
done
--- s390-tools-2.24.0/qethconf/Makefile 2022-11-09 11:11:48.000000000 -0500
+++ s390-tools-2.24.0/qethconf/Makefile 2022-12-01 15:34:39.356593630 -0500
@@ -5,7 +5,7 @@
install: qethconf
$(SED) -e 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \
< qethconf >$(DESTDIR)$(BINDIR)/qethconf; \
- chown $(OWNER).$(GROUP) $(DESTDIR)$(BINDIR)/qethconf; \
+ chown $(OWNER):$(GROUP) $(DESTDIR)$(BINDIR)/qethconf; \
chmod 755 $(DESTDIR)$(BINDIR)/qethconf; \
$(INSTALL) -d -m 755 $(DESTDIR)$(BINDIR) $(DESTDIR)$(MANDIR)/man8
$(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 qethconf.8 \
--- s390-tools-2.24.0/zconf/Makefile 2022-11-09 11:11:48.000000000 -0500
+++ s390-tools-2.24.0/zconf/Makefile 2022-12-01 15:36:10.583552975 -0500
@@ -25,7 +25,7 @@
cat $$i | \
sed -e 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \
>$(DESTDIR)$(BINDIR)/$$i; \
- chown $(OWNER).$(GROUP) $(DESTDIR)$(BINDIR)/$$i; \
+ chown $(OWNER):$(GROUP) $(DESTDIR)$(BINDIR)/$$i; \
chmod 755 $(DESTDIR)$(BINDIR)/$$i; \
done
@@ -34,15 +34,15 @@
cat $$i | \
sed -e 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \
>$(DESTDIR)$(USRSBINDIR)/$$i; \
- chown $(OWNER).$(GROUP) $(DESTDIR)$(USRSBINDIR)/$$i; \
+ chown $(OWNER):$(GROUP) $(DESTDIR)$(USRSBINDIR)/$$i; \
chmod 755 $(DESTDIR)$(USRSBINDIR)/$$i; \
done
install-manpages: $(MANPAGES)
@if [ ! -d $(DESTDIR)$(MANDIR) ]; then \
mkdir -p $(DESTDIR)$(MANDIR)/man8; \
- chown $(OWNER).$(GROUP) $(DESTDIR)$(MANDIR); \
- chown $(OWNER).$(GROUP) $(DESTDIR)$(MANDIR)/man8; \
+ chown $(OWNER):$(GROUP) $(DESTDIR)$(MANDIR); \
+ chown $(OWNER):$(GROUP) $(DESTDIR)$(MANDIR)/man8; \
chmod 755 $(DESTDIR)$(MANDIR); \
chmod 755 $(DESTDIR)$(MANDIR)/man8; \
fi; \
--- s390-tools-2.24.0/ziomon/Makefile 2022-11-09 11:11:48.000000000 -0500
+++ s390-tools-2.24.0/ziomon/Makefile 2022-12-01 15:36:38.159238416 -0500
@@ -43,17 +43,17 @@
install: all
$(SED) -e 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \
< ziomon > $(DESTDIR)$(USRSBINDIR)/ziomon;
- chown $(OWNER).$(GROUP) $(DESTDIR)$(USRSBINDIR)/ziomon;
+ chown $(OWNER):$(GROUP) $(DESTDIR)$(USRSBINDIR)/ziomon;
chmod 755 $(DESTDIR)$(USRSBINDIR)/ziomon;
$(SED) -e \
's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \
< ziomon_fcpconf > $(DESTDIR)$(USRSBINDIR)/ziomon_fcpconf;
- chown $(OWNER).$(GROUP) $(DESTDIR)$(USRSBINDIR)/ziomon_fcpconf;
+ chown $(OWNER):$(GROUP) $(DESTDIR)$(USRSBINDIR)/ziomon_fcpconf;
chmod 755 $(DESTDIR)$(USRSBINDIR)/ziomon_fcpconf;
$(SED) -e \
's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \
< ziorep_config > $(DESTDIR)$(USRSBINDIR)/ziorep_config;
- chown $(OWNER).$(GROUP) $(DESTDIR)$(USRSBINDIR)/ziorep_config;
+ chown $(OWNER):$(GROUP) $(DESTDIR)$(USRSBINDIR)/ziorep_config;
chmod 755 $(DESTDIR)$(USRSBINDIR)/ziorep_config;
$(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 ziomon.8 \
$(DESTDIR)$(MANDIR)/man8

13
s390-tools-sles15sp5-remove-no-pie-link-arguments.patch Normal file
View File

@ -0,0 +1,13 @@
--- s390-tools-2.24.0/common.mak 2022-11-09 11:11:48.000000000 -0500
+++ s390-tools-2.24.0/common.mak 2022-11-28 09:46:19.055653319 -0500
@@ -254,8 +254,8 @@
LDFLAGS CPPFLAGS ALL_CFLAGS ALL_CXXFLAGS ALL_LDFLAGS ALL_CPPFLAGS
ifneq ($(shell $(CC_SILENT) -dumpspecs 2>/dev/null | grep -e '[^f]no-pie'),)
- NO_PIE_CFLAGS := -fno-pie
- NO_PIE_LDFLAGS := -no-pie
+ NO_PIE_CFLAGS :=
+ NO_PIE_LDFLAGS :=
else
NO_PIE_CFLAGS :=
NO_PIE_LDFLAGS :=

35
s390-tools-sles15sp5-util_lockfile-fix-includes.patch Normal file
View File

@ -0,0 +1,35 @@
From 5e0056db8d7e8aaa252388fea0752071bd3667ec Mon Sep 17 00:00:00 2001
From: Steffen Eiden <seiden@linux.ibm.com>
Date: Wed, 30 Nov 2022 15:22:15 +0100
Subject: [PATCH] util_lockfile: fix includes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The 'unistd.h' header was missing. Under some circumstances the
-D_GNU_SOURCE gcc flag does not trigger including that file.
Therefore, explicitly include this file here.
Fixes: e1aec24e8436 ("libutil: introduce util_lockfile")
Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>
Reviewed-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
---
libutil/util_lockfile.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libutil/util_lockfile.c b/libutil/util_lockfile.c
index d657664..5440442 100644
--- a/libutil/util_lockfile.c
+++ b/libutil/util_lockfile.c
@@ -18,6 +18,7 @@
#include <string.h>
#include <sys/stat.h>
#include <time.h>
+#include <unistd.h>
#include "lib/util_libc.h"
#include "lib/util_lockfile.h"
--
2.35.3

16
s390-tools-sles15sp5-zipl-boot-disable-Warray-bounds-for-now.patch Normal file
View File

@ -0,0 +1,16 @@
This work around fixes a gcc-12 false positive by disabling `Warray-bounds`.
It is similar in intent as the previous
s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch
--- s390-tools-2.24.0/zipl/boot/Makefile 2022-11-09 17:11:48.000000000 +0100
+++ s390-tools-2.24.0/zipl/boot/Makefile 2022-12-02 23:16:30.513062000 +0100
@@ -10,7 +10,8 @@
-fno-delete-null-pointer-checks -fno-stack-protector \
-fexec-charset=IBM1047 -m64 -mpacked-stack \
-mstack-size=4096 -mstack-guard=128 -msoft-float \
- -W -Wall -Wformat-security -fno-sanitize=all
+ -W -Wall -Wformat-security -fno-sanitize=all \
+ -Wno-array-bounds
ALL_LDFLAGS += -fno-sanitize=all
FILES = fba0.bin fba1b.bin fba2.bin \

211
s390-tools.changes
View File

@ -1,3 +1,214 @@
-------------------------------------------------------------------
Tue Dec 6 19:39:22 UTC 2022 - Mark Post <mpost@suse.com>
- Made extensive changes to the spec file to accomodate building
this package on both openSUSE, which has implemented the
"usrmerge" project, and SLES, which has not. This was accomplished
by checking the usrmerged variable, and setting the value of the
_mysbindir variable, accordingly. The files identified in the
Thu May 26 2022 changelog entry, and also listed below, now have
two versions. One for SLES, and one for openSUSE, with either
".suse" or ".opensuse" appended to the file name. The appropriate
SOURCE variable is selected based on the usrmerged variable, and
installed with the ".suse" or ".opensuse" suffix stripped from
the name.
* 59-graf.rules
* dasd_configure
* dasd_reload
* detach_disks.sh
* iucv_configure
* killcdl
* mkdump.pl
* README.SUSE
* s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch
* virtsetup.sh
* vmlogrdr.service
-------------------------------------------------------------------
Mon Nov 28 14:26:18 UTC 2022 - Mark Post <mpost@suse.com>
- Updated to version 2.24.0 (jsc#PED-627)
* __v2.24.0 (2022-11-09)__
For Linux kernel version: 6.0
Add new tools / libraries:
- Provide config files for checkpatch, codespell, and clang-format
Changes of existing tools:
- dbginfo.sh: Collect log from various distro tools (YaST, DNF, Anaconda)
- dbginfo.sh: add Kubernetes data collection
- libutil: Introduce util_lockfile
- zdev: Add site-aware device configuration
- zdump: Add support to read Protected Virtualization dumps
- zipl/boot: Add secure boot trailer
Bug Fixes:
- ap_tools/ap-check: Reject start for control domains without usage
- cpumf/lshwc: Fix incremented counter output
- cpumf/pai: Fix core dump when summary flag set
- dbginfo.sh: Ensure compatibility with /bin/dash shell
- dbginfo.sh: Save dbginfo.sh version to dbginfo.log
- zipl/src/zipl_helper.device-mapper: Fix bug in error path
* __v2.23.0 (2022-08-18)__
For Linux kernel version: 5.19
Changes of existing tools:
- Makefile: use common Make definition for DRACUTDIR
- Makefile: use common Make definition for UDEVDIR and UDEVRULESDIR
- cpacfstats: Add PAI and hotplug support
- cpumf/pai: Omit file write progress information
- dbginfo.sh: Get more details on lspci command
- dumpconf: Prevent running the service in containers
- libcpumf: Detect PMU named pai_ext
- pvattest: Improve error reporting and logging
- zdev: Add some --type ap examples to manpages
- zkey: Use default benchmarked Argon2i with LUKS2
Bug Fixes:
- dbginfo.sh: Fix accidental ftrace buffer shrinkage/free
- genprotimg: Fix BIO_reset() returncode handling
- libpv: Fix dependency checking
- pvattest: Fix dependency checking
- zipl: Fix segmentation fault when no parmline is provided
* __v2.22.0 (2022-06-20)__
For Linux kernel version: 5.18
Add new tools / libraries:
- ap_tools: Introduce ap_tools and the ap-check tool
- cpumf/pai: Add Processor Activity Instrumentation tool
- libpv: New library for PV tools
- pvattest: Add new tool to create, perform, and verify attestation measurements
- zipl/zdump: Add Next Gen Dump (NGDump) support
Changes of existing tools:
- Move man pages to System commands section (lscpumf, lshwc, pai, dbginfo.sh, zfcpdbf, zipl-switch-to-blscfg)
- README.md: Add 70-chreipl-fcp-mpath.rules to the list of udev rule descriptions
- Remove SysV related daemon scripts (cpacfstatsd, cpuplugd, mon_statd)
- genprotimg: Move man page to section 1 for user commands
- hyptop: increase initial update interval
- libseckey: Adapt keymgmt_match() implementation to OpenSSL
- libutil: Add util_exit_code
- libutil: Introduce util_udev
- zdev: Introduce the ap device type
- zipl-editenv: Add zIPL multienvironment support
- zipl: Implement sorting BLS entries by versions
- zkey: Add initramfs hook
Bug Fixes:
- cmsfs-fuse: Fix enabling of hard_remove option
- s390-tools: Fix typos that were detected by lintian as 'typo-in-manual-page'
- zkey-kmip: Fix possible use after free
- zkey: Fix EP11 host library version checking
- zkey_kmip: Setup ext-lib once the APQNs have been configured
* __v2.21.0 (2022-04-20)__
For Linux kernel version: 5.17
Add new tools / libraries:
- libcpumf: Create library libcpumf for CPU Measurement functions
Changes of existing tools:
- chreipl-fcp-mpath: bundle a pre-cooked version of the manpage for build
environments without access to `pandoc`
- dbginfo.sh: Add multipath info to map paths to FC addressing and prio group
- dbginfo.sh: Collect config files of systemd-modules-load.service
- dbginfo.sh: Sort list of environment variables for readability
- dbginfo.sh: Replace "which" by builtin command "type"
- dbginfo.sh: Rework script formatting (indents, order)
- dbginfo.sh: Update sysfs collection (excludes, messages)
- genprotimg: Add Protected Virtualization (PV) dump support
- genprotimg: Remove DigiCert root CA pinning
- lszcrypt: Add CEX8S support
- zcryptctl: Add control domain handling
- zcryptstats: Add CEX8 support
- zipl: Allow optional entries that are left out when files are missing
- zipl: make IPL sections defined with BLS to inherit a target field
- zpcictl: Add option to trigger firmware reset
Bug Fixes:
- cpictl: Handle excessive kernel version numbers
- dbginfo.sh: Collect all places where modprobe.d config files could exist
- fdasd: Fix endless menu loop on EOF
- zdump/dfi: Fix segfault due to double free
- zdump: Fix /dev/mem reading
- zpcictl: Fix race of SCLP reset and Linux recovery
* __v2.20.0 (2022-02-04)__
For Linux kernel version: 5.16
Add new tools / libraries:
- Add EditorConfig configuration
Changes of existing tools:
- s390-tools switches to Fuse 3 as Fuse 2 is deprecated.
Affected tools: cmsfs, hmcdrvfs, hsavmcore, zdsfs, zdump
- chreipl-fcp-mpath: don't compress the manpage before installing it
- cpictl: Report extended version information
- genprotimg: Add extended kernel command line support
- zdev: modify the lsblk output parser in lszdev
- zipl: Add support for longer kernel command lines (now supports up to 64k length)
Bug Fixes:
- cpictl: Suppress messages for unwritable sysfs files
- dbginfo.sh: Fix missing syslog for step create_package
- lshwc: Fix CPU list parameter setup for device driver
- zdev: Check for errors when removing a devtype setting
- zdev: Fix path resolution for multi-mount point file systems
- Updated s390-tools-sles15sp3-remove-no-pie-link-arguments.patch
to fit the new version, and renamed it to
s390-tools-sles15sp5-remove-no-pie-link-arguments.patch.
- Added s390-tools-sles15sp5-util_lockfile-fix-includes.patch to fix a
compilation problem. One source file was missing an include statement
for unistd.h.
- Added s390-tools-sles15sp5-ap_tools-ap-check-use-new-mdevctl-install-location.patch
An executable binary was being installed under /etc, which is
an FHS violation.
- Modified spec file to
* Change BuildRequires for fuse-devel to fuse3-devel.
* Remove obsolete BuildRequires for libpfm-devel
* Add a BuildRequires for mdevctl and systemd-devel
* Added a %files entry for dir %{_prefix}/lib/dracut/modules.d/99ngdump
* Added %config(noreplace) for the new file %{_sysconfdir}/ziplenv
* Uncomment the %files entry for %{_mandir}/man7/chreipl-fcp-mpath.7%{?ext_man}
Specifying ENABLE_DOC=1 is no longer needed for it to be generated.
* Add %dir entries for
%{_prefix}/lib/mdevctl,
%{_prefix}/lib/mdevctl/scripts.d, and
%{_prefix}/lib/mdevctl/scripts.d/callouts
NOTE that these directories do not belong to this package, but
the mdevctl package has yet to be updated to claim them. So,
until that happens, we have to temporarily claim ownership of
them for the s390-tools package to build.
- Updated the s390-tools-rpmlintrc file to suppress two warnings about
the /boot/zipl/active_devices.txt file.
- Removed the following obsolete patches:
* s390-tools-sles15sp4-chreipl-fcp-mpath-don-t-compress-the-manpage-before-.patch
* s390-tools-sles15sp4-chreipl-fcp-mpath-remove-shebang-from-chreipl-fcp-mp.patch
* s390-tools-sles15sp4-zdev-modify-the-lsblk-output-parser-in-lszdev.patch
* s390-tools-sles15sp4-zdev-Fix-path-resolution-for-multi-mount-point-file-.patch
* s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinning.patch
* s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch
* s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch
* s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch
* s390-tools-sles15sp4-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch
* s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch
* s390-tools-sles15sp4-hyptop-increase-initial-update-interval.patch
* s390-tools-sles15sp4-zipl-boot-add-secure-boot-trailer.patch
- Added s390-tools-sles15sp5-zipl-boot-disable-Warray-bounds-for-now.patch
With this version, the same false positive of "array subscript 0
is outside array bounds" that was previously seen in the
genprotimage/boot directory is now happening in zipl/boot.
- Added s390-tools-sles15sp5-fix-chown-commands-syntax.patch to
eliminate a bunch of warnings. The new version of chown complains
if the deprecated 'owner.group' syntax is used instead of the
'owner:group' syntax.
-------------------------------------------------------------------
Thu Nov 3 16:17:13 UTC 2022 - Mark Post <mpost@suse.com>
- Added s390-tools-sles15sp4-zipl-boot-add-secure-boot-trailer.patch
for bsc#1204965. New IBM Z firmware requires all signed boot
images to contain a trailing data block with a specific format.
-------------------------------------------------------------------
Mon Jul 18 15:41:43 UTC 2022 - Mark Post <mpost@suse.com>
- Added s390-tools-sles15sp4-hyptop-increase-initial-update-interval.patch
for bsc#1201412. Initial iteration of hyptop can produce bloated values
independent from the update delay set by the user.
-------------------------------------------------------------------
Thu Jun 2 16:45:38 UTC 2022 - Mark Post <mpost@suse.com>
- Added s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch
to fix a build failure with gcc12. With gcc12, a "false positive"
of "array subscript 0 is outside array bounds" is seen in
genprotimg/boot/stage3a.c (bsc#1200131).
-------------------------------------------------------------------
Thu May 26 17:03:32 UTC 2022 - Mark Post <mpost@suse.com>

168
s390-tools.spec
View File

@ -26,9 +26,14 @@
%define _modprobedir /lib/modprobe.d
%endif
%global modprobe_d_files 90-s390-tools.conf
%if 0%{?usrmerged}
%define _mysbindir %{_sbindir}
%else
%define _mysbindir /sbin
%endif
Name: s390-tools
Version: 2.19.0
Version: 2.24.0
Release: 0
Summary: S/390 tools like zipl and dasdfmt
License: MIT
@ -44,17 +49,30 @@ Source6: sysconfig.xpram
Source7: appldata
Source8: sysconfig.appldata
Source10: dasdro
Source11: dasd_reload
Source12: mkdump.pl
%if 0%{?usrmerged}
Source11: dasd_reload.opensuse
Source12: mkdump.pl.opensuse
%else
Source11: dasd_reload.suse
Source12: mkdump.pl.suse
%endif
Source13: sysconfig.osasnmpd
Source14: zfcp_san_disc
Source15: mkdump.8
Source18: zpxe.rexx
Source19: rules.xpram
Source20: rules.hw_random
Source21: 59-graf.rules
%if 0%{?usrmerged}
Source21: 59-graf.rules.opensuse
%else
Source21: 59-graf.rules.suse
%endif
Source22: s390-tools-zdsfs.caution.txt
Source23: README.SUSE
%if 0%{?usrmerged}
Source23: README.SUSE.opensuse
%else
Source23: README.SUSE.suse
%endif
Source24: cputype
Source25: cputype.1
Source26: cio_ignore.service
@ -62,15 +80,28 @@ Source27: setup_cio_ignore.sh
Source28: 59-prng.rules
Source29: 59-zfcp-compat.rules
Source30: 90-s390-tools.conf
Source31: detach_disks.sh
Source32: killcdl
%if 0%{?usrmerged}
Source31: detach_disks.sh.opensuse
Source32: killcdl.opensuse
%else
Source31: detach_disks.sh.suse
Source32: killcdl.suse
%endif
Source33: lgr_check
Source34: sysconfig.virtsetup
Source35: virtsetup.service
Source36: virtsetup.sh
%if 0%{?usrmerged}
Source36: virtsetup.sh.opensuse
%else
Source36: virtsetup.sh.suse
%endif
Source37: appldata.service
Source38: hsnc.service
Source39: vmlogrdr.service
%if 0%{?usrmerged}
Source39: vmlogrdr.service.opensuse
%else
Source39: vmlogrdr.service.suse
%endif
Source40: xpram.service
Source41: pkey.conf
@ -79,8 +110,13 @@ Source41: pkey.conf
Source86: read_values.c
Source87: read_values.8
Source88: ctc_configure
Source89: dasd_configure
Source90: iucv_configure
%if 0%{?usrmerged}
Source89: dasd_configure.opensuse
Source90: iucv_configure.opensuse
%else
Source89: dasd_configure.suse
Source90: iucv_configure.suse
%endif
Source91: qeth_configure
Source92: zfcp_disk_configure
Source93: zfcp_host_configure
@ -93,22 +129,18 @@ Source99: zfcp_host_configure.8
###
# IBM patches
Patch001: s390-tools-sles15sp4-chreipl-fcp-mpath-don-t-compress-the-manpage-before-.patch
Patch002: s390-tools-sles15sp4-chreipl-fcp-mpath-remove-shebang-from-chreipl-fcp-mp.patch
Patch003: s390-tools-sles15sp4-zdev-modify-the-lsblk-output-parser-in-lszdev.patch
Patch004: s390-tools-sles15sp4-zdev-Fix-path-resolution-for-multi-mount-point-file-.patch
Patch005: s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinning.patch
Patch006: s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch
Patch007: s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch
Patch008: s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch
Patch009: s390-tools-sles15sp4-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch
Patch010: s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch
Patch001: s390-tools-sles15sp5-zipl-boot-disable-Warray-bounds-for-now.patch
Patch002: s390-tools-sles15sp5-util_lockfile-fix-includes.patch
Patch003: s390-tools-sles15sp5-ap_tools-ap-check-use-new-mdevctl-install-location.patch
# SUSE patches
Patch900: s390-tools-sles12-zipl_boot_msg.patch
Patch901: s390-tools-sles15-sysconfig-compatible-dumpconf.patch
Patch902: s390-tools-sles12-create-filesystem-links.patch
Patch903: s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch
%if 0%{?usrmerged}
Patch903: s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.opensuse
%else
Patch903: s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.suse
%endif
Patch904: s390-tools-sles15sp3-Allow-multiple-device-arguments.patch
Patch905: s390-tools-sles15sp3-Format-devices-in-parallel.patch
Patch906: s390-tools-sles15sp3-Implement-Y-yast_mode.patch
@ -116,11 +148,12 @@ Patch907: s390-tools-sles15sp3-Implement-f-for-backwards-compability.patch
Patch908: s390-tools-sles15sp3-dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch
Patch909: s390-tools-sles12-fdasd-skip-partition-check-and-BLKRRPART-ioctl.patch
Patch910: s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch
Patch911: s390-tools-sles15sp3-remove-no-pie-link-arguments.patch
Patch911: s390-tools-sles15sp5-remove-no-pie-link-arguments.patch
Patch999: s390-tools-sles15sp5-fix-chown-commands-syntax.patch
BuildRequires: curl-devel
BuildRequires: dracut
BuildRequires: fuse-devel
BuildRequires: fuse3-devel
BuildRequires: gcc-c++
BuildRequires: gettext-tools
BuildRequires: glib2-devel
@ -128,13 +161,14 @@ BuildRequires: glibc-devel-static
BuildRequires: kernel-zfcpdump
BuildRequires: libcryptsetup-devel > 2.0.3
BuildRequires: libjson-c-devel
BuildRequires: libpfm-devel
BuildRequires: libxml2-devel
BuildRequires: mdevctl
BuildRequires: ncurses-devel
BuildRequires: net-snmp-devel
BuildRequires: openssl-devel >= 1.1.1l
BuildRequires: pesign-obs-integration
BuildRequires: qclib-devel-static
BuildRequires: systemd-devel
BuildRequires: tcpd-devel
BuildRequires: zlib-devel-static
# Don't build with pie to avoid problems with zipl
@ -312,7 +346,14 @@ popd
install -m 755 read_values %{buildroot}/%{_bindir}/
install -m644 -t %{buildroot}/%{_mandir}/man8 %{SOURCE87}
# The "usrmerge" has happened in openSUSE:Factory, but not yet in SLES.
# Make sure we look for the zfcpdump kernel image in the right place.
%if 0%{?usrmerged}
install -D -m600 %{_prefix}/lib/modules/*-zfcpdump/image %{buildroot}%{_prefix}/lib/s390-tools/zfcpdump/zfcpdump-image
%else
install -D -m600 /boot/image-*-zfcpdump %{buildroot}%{_prefix}/lib/s390-tools/zfcpdump/zfcpdump-image
%endif
install -D -m644 etc/cpuplugd.conf %{buildroot}%{_sysconfdir}/cpuplugd.conf
install -D -m644 etc/udev/rules.d/40-z90crypt.rules %{buildroot}%{_prefix}/lib/udev/rules.d/40-z90crypt.rules
@ -342,11 +383,11 @@ install -D -m755 %{SOURCE5} %{buildroot}%{_prefix}/lib/systemd/scripts/xpram
install -D -m644 %{SOURCE6} %{buildroot}%{_fillupdir}/sysconfig.xpram
install -D -m755 %{SOURCE7} %{buildroot}%{_prefix}/lib/systemd/scripts/appldata
install -D -m644 %{SOURCE8} %{buildroot}%{_fillupdir}/sysconfig.appldata
install -D -m755 %{SOURCE10} %{buildroot}%{_sbindir}/dasdro
install -D -m755 %{SOURCE11} %{buildroot}%{_sbindir}/dasd_reload
install -D -m755 %{SOURCE12} %{buildroot}%{_sbindir}/mkdump
install -D -m755 %{SOURCE10} %{buildroot}%{_mysbindir}/dasdro
install -D -m755 %{SOURCE11} %{buildroot}%{_mysbindir}/dasd_reload
install -D -m755 %{SOURCE12} %{buildroot}%{_mysbindir}/mkdump
install -D -m644 %{SOURCE13} %{buildroot}%{_fillupdir}/sysconfig.osasnmpd
install -D -m755 %{SOURCE14} %{buildroot}%{_sbindir}/zfcp_san_disc
install -D -m755 %{SOURCE14} %{buildroot}%{_mysbindir}/zfcp_san_disc
install -D -m644 %{SOURCE15} %{buildroot}/%{_mandir}/man8
install -D -m644 %{SOURCE19} %{buildroot}%{_prefix}/lib/udev/rules.d/52-xpram.rules
install -D -m644 %{SOURCE20} %{buildroot}%{_prefix}/lib/udev/rules.d/52-hw_random.rules
@ -354,26 +395,26 @@ install -D -m644 %{SOURCE21} %{buildroot}%{_prefix}/lib/udev/rules.d/59-graf.rul
install -D -m644 %{SOURCE28} %{buildroot}%{_prefix}/lib/udev/rules.d/59-prng.rules
install -D -m644 %{SOURCE29} %{buildroot}%{_prefix}/lib/udev/rules.d/59-zfcp-compat.rules
install -D -m644 %{SOURCE30} %{buildroot}%{_modprobedir}/90-s390-tools.conf
install -D -m755 %{SOURCE32} %{buildroot}%{_sbindir}/killcdl
install -D -m755 %{SOURCE33} %{buildroot}%{_sbindir}/lgr_check
install -D -m755 %{SOURCE32} %{buildroot}%{_mysbindir}/killcdl
install -D -m755 %{SOURCE33} %{buildroot}%{_mysbindir}/lgr_check
install -D -m644 %{SOURCE34} %{buildroot}%{_fillupdir}/sysconfig.virtsetup
if [ ! -d %{_sbindir} ]; then
rm -f %{_sbindir}
mkdir -p %{_sbindir}
if [ ! -d %{_mysbindir} ]; then
rm -f %{_mysbindir}
mkdir -p %{_mysbindir}
fi
(cd usr/sbin; ln -s service rcappldata)
(cd usr/sbin; ln -s service rchsnc)
(cd usr/sbin; ln -s service rcvmlogrdr)
(cd usr/sbin; ln -s service rcxpram)
(cd usr/sbin; ln -s service rccio_ignore)
(cd usr/sbin; ln -s service rccpacfstatsd)
(cd usr/sbin; ln -s service rccpi)
(cd usr/sbin; ln -s service rccpuplugd)
(cd usr/sbin; ln -s service rcdumpconf)
(cd usr/sbin; ln -s service rcmon_fsstatd)
(cd usr/sbin; ln -s service rcmon_procd)
(cd usr/sbin; ln -s service rcvirtsetup)
(cd %{buildroot}%{_sbindir}; ln -s service rcappldata)
(cd %{buildroot}%{_sbindir}; ln -s service rchsnc)
(cd %{buildroot}%{_sbindir}; ln -s service rcvmlogrdr)
(cd %{buildroot}%{_sbindir}; ln -s service rcxpram)
(cd %{buildroot}%{_sbindir}; ln -s service rccio_ignore)
(cd %{buildroot}%{_sbindir}; ln -s service rccpacfstatsd)
(cd %{buildroot}%{_sbindir}; ln -s service rccpi)
(cd %{buildroot}%{_sbindir}; ln -s service rccpuplugd)
(cd %{buildroot}%{_sbindir}; ln -s service rcdumpconf)
(cd %{buildroot}%{_sbindir}; ln -s service rcmon_fsstatd)
(cd %{buildroot}%{_sbindir}; ln -s service rcmon_procd)
(cd %{buildroot}%{_sbindir}; ln -s service rcvirtsetup)
if [ ! -d %{_bindir} ]; then
rm -f %{_bindir}
@ -383,24 +424,29 @@ install -D -m755 %{SOURCE24} %{buildroot}%{_bindir}/cputype
install -m644 -t %{buildroot}/%{_mandir}/man8 %{SOURCE25}
# Move all the binaries installed via the IBM-provided Makefile from /sbin to
# /usr/sbin/ to align with the openSUSE "usrmerge" project
mv -vi %{buildroot}/sbin/* %{buildroot}%{_sbindir}/
# If building for openSUSE, move all the binaries installed via
# the IBM-provided Makefile from /sbin to /usr/sbin/ to
# align with the openSUSE "usrmerge" project
%if 0%{?usrmerged}
mv -vi %{buildroot}/sbin/* %{buildroot}%{_mysbindir}/
%endif
### Obsolete scripts and man pages to be removed once changes in other tools are made
install -m755 -t %{buildroot}/%{_sbindir}/ %{SOURCE88} %{SOURCE89} %{SOURCE90} %{SOURCE91} %{SOURCE92} %{SOURCE93}
install -m755 -t %{buildroot}%{_mysbindir}/ %{SOURCE88} %{SOURCE91} %{SOURCE92} %{SOURCE93}
install %{SOURCE89} %{buildroot}%{_mysbindir}/dasd_configure
install %{SOURCE90} %{buildroot}%{_mysbindir}/iucv_configure
install -m644 -t %{buildroot}/%{_mandir}/man8 %{SOURCE94} %{SOURCE95} %{SOURCE96} %{SOURCE97} %{SOURCE98} %{SOURCE99}
###
### lsmem/chmem have been added to util-linux
rm -fv %{buildroot}/%{_mandir}/man8/lsmem.8*
rm -fv %{buildroot}/%{_mandir}/man8/chmem.8*
rm -fv %{buildroot}/%{_sbindir}/lsmem
rm -fv %{buildroot}/%{_sbindir}/chmem
rm -fv %{buildroot}%{_mandir}/man8/lsmem.8*
rm -fv %{buildroot}%{_mandir}/man8/chmem.8*
rm -fv %{buildroot}%{_mysbindir}/lsmem
rm -fv %{buildroot}%{_mysbindir}/chmem
find . ! -type d |
sed 's/^.//;\-/man/-s/^.*$/%doc &.gz/' > %{_builddir}/%{name}-filelist
grep -v -E 'osasnmp|*\.conf$|ekmfweb.so|ekmfweb.h|kmipclient|kmip/profiles/*\.profile|chreipl-fcp-mpath' %{_builddir}/%{name}-filelist >%{_builddir}/%{name}.list
grep -v -E 'osasnmp|etc/ziplenv|\.conf$|ekmfweb.so|ekmfweb.h|kmipclient|kmip/profiles/.*profile$|chreipl-fcp-mpath' %{_builddir}/%{name}-filelist >%{_builddir}/%{name}.list
grep osasnmp[^-] %{_builddir}/%{name}-filelist >%{_builddir}/%{name}.osasnmp
touch boot/zipl/active_devices.txt
@ -417,7 +463,7 @@ function cleanup
. %{_sysconfdir}/sysconfig/osasnmpd
trap cleanup 0
echo \$\$ >\$PIDFILE
%{_sbindir}/osasnmpd -f -P %{_localstatedir}/run/osasnmpd.real.pid \$OSASNMPD_PARAMETERS "\$@"
%{_mysbindir}/osasnmpd -f -P %{_localstatedir}/run/osasnmpd.real.pid \$OSASNMPD_PARAMETERS "\$@"
EOT
chmod 755 osasnmpd
@ -589,6 +635,7 @@ done
%dir %attr(0770,root,zkeyadm) %{_sysconfdir}/zkey/kmip/profiles
%dir %attr(0770,root,zkeyadm) %{_sysconfdir}/zkey/repository
%config %{_sysconfdir}/zkey/kmip/profiles/*
%config(noreplace) %{_sysconfdir}/ziplenv
%dir %{_modprobedir}
%{_modprobedir}/90-s390-tools.conf
%config %{_sysconfdir}/cpuplugd.conf
@ -597,6 +644,9 @@ done
%dir %attr(2770,root,ts-shell) %{_localstatedir}/log/ts-shell
%dir %{_sysconfdir}/cmsfs-fuse
%config %attr(0640,root,root) %{_sysconfdir}/cmsfs-fuse/filetypes.conf
%dir %{_prefix}/lib/mdevctl
%dir %{_prefix}/lib/mdevctl/scripts.d
%dir %{_prefix}/lib/mdevctl/scripts.d/callouts
%dir %{_prefix}/lib/s390-tools
%dir %{_prefix}/lib/s390-tools/zfcpdump
%dir %{_prefix}/lib/udev/rules.d
@ -605,6 +655,7 @@ done
%dir %{_datadir}/s390-tools/netboot
%dir %{_datadir}/s390-tools/genprotimg
%dir %{_prefix}/lib/dracut/modules.d/95zdev
%dir %{_prefix}/lib/dracut/modules.d/99ngdump
%dir /boot/zipl
%dir %{_libdir}/zkey
%{_libdir}/zkey/zkey-ekmfweb.so
@ -662,7 +713,6 @@ done
%{_prefix}/lib/udev/chreipl-fcp-mpath-record-volume-identifier
%{_prefix}/lib/udev/chreipl-fcp-mpath-try-change-ipl-path
%{_udevrulesdir}/70-chreipl-fcp-mpath.rules
## Requires build+install with ENABLE_DOC=1
#{_mandir}/man7/chreipl-fcp-mpath.7.gz
%{_mandir}/man7/chreipl-fcp-mpath.7%{?ext_man}
%changelog

0
virtsetup.sh → virtsetup.sh.opensuse
View File

92
virtsetup.sh.suse Normal file
View File

@ -0,0 +1,92 @@
#!/bin/sh
#
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# Perform setup tasks based on what hypervisor is in charge.
#
# Source the sysconfig file
if [ -r /etc/sysconfig/virtsetup ]; then
. /etc/sysconfig/virtsetup
else echo "No /etc/sysconfig/virtsetup file was found."
exit 1
fi
#
# Get our hostname
#
my_hostname="$(hostname)"
#
# Find out the hypervisor we're running on/under.
#
hypervisor="$(/usr/bin/systemd-detect-virt)"
case "${hypervisor}" in
zvm)
if [ ! -c /dev/vmcp ]; then
modprobe vmcp
sleep 1
if [ ! -c /dev/vmcp ]; then
echo "Unable to load the vmcp kernel module."
exit 1
fi
fi
echo "The vmcp device driver is ready."
if [ "${ZVM_DETACH_DISKS}" == "yes" ]; then
echo "Detaching devices to prepare for Live Guest Relocation."
/usr/lib/systemd/scripts/detach_disks.sh
fi
if [ "${ZVM_WARN_ABOUT_POSSIBLE_LGR_PROBLEMS}" == yes ]; then
/sbin/lgr_check
fi
;;
none)
hypervisor="lpar"
if [ "${LPAR_SCLP_HOSTNAME}" == "yes" ]; then
# If the sclp_cpi module is already loaded, we have to unload it
# so we can be sure it has the correct system name specified
# when we reload it again.
if grep -qw sclp_cpi /proc/modules 2>/dev/null; then
rmmod sclp_cpi
sleep 1
fi
if grep -qw sclp_cpi /proc/modules 2>/dev/null; then
echo "Unable to unload the sclp_cpi kernel module."
exit 1
fi
echo "Setting the LPAR name via the sclp_cpi module."
modprobe sclp_cpi system_name="$my_hostname"
if ! grep -qw sclp_cpi /proc/modules 2>/dev/null; then
echo "We were unable to load the sclp_cpi module to set the LPAR name."
exit 2
fi
fi
;;
kvm)
;;
*)
echo "An unknown hypervisor, \"${hypervisor}\" was detected."
echo "Please report this to your support provider."
exit 3
;;
esac
#
# Now let's check for any scripts that other packages may have provided
# to do specific things they need. The scripts must be marked executable
# and have a suffix indicating which hypervisor for which they are to be run.
# Currently that is one of: kvm, lpar, or zvm.
# E.g., 01-test.script.zvm would only be run if the system is a z/VM guest.
#
for script in $(ls /lib/s390-tools/virtsetup/*.${hypervisor} 2>/dev/null)
do if [ -x "${script}" ]; then
echo "Executing ${script}..."
"${script}"
echo "Done."
echo
fi
done
exit 0

0
vmlogrdr.service → vmlogrdr.service.opensuse
View File

15
vmlogrdr.service.suse Normal file
View File

@ -0,0 +1,15 @@
[Unit]
Description=System startup script for the Linux - z/VM Log reader
After=network-online.target remote-fs.target
Wants=network-online.target remote-fs.target
ConditionPathExists=!/dev/vmlogrdr_LOGREC
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/sbin/modprobe vmlogrdr
ExecStop=/sbin/modprobe -r vmlogrdr
[Install]
WantedBy=default.target