d7162287c1
* Changes of existing tools:
dbginfo.sh: Add details on CPU-measurement
dbginfo.sh: Add new crypto command
dbginfo.sh: Add overview commands and crypto update
dbginfo.sh: Adding kdump info
dbginfo.sh: Removing outdated email references
dbginfo.sh: Rework network section
dbginfo.sh: Update copyright 2nd year
pvimg: Add '--(enable|disable)-image-encryption' flags to 'pvimg create'
pvimg: Add '--cck ' command line option and make '--comm-key' an alias
pvimg: Add '--hdr-key' command line option to 'pvimg create'
pvimg: Rename '--key' into '--hdr-key' and use '--key' as an alias (for 'pvimg info')
pvsecret: Add support for retrievable secrets
ziorep_config: Add PCHID field to adapter report
ziorep_traffic: Add DEVBUSID column to traffic report
ziorep_utilization: Add --fcp-device parameter to print virtual adapter report
ziorep_utilization: Add PCHID column to physical adapter report
ziorep_utilization: Now prints only physical adapter report by default
ziorep_utilization: Swap Bus-ID and CHPID columns in virtual adapter report
zipl/boot: Increase section size for eckd_mv dumper
zkey: Add support for listing and importing protected virtualization secrets
* Bug Fixes:
chpstat: Fix invalid utilization data on older kernels
opticsmon: Fix runaway loop in on_link_change()
zipl: Update inline assembly for GCC 15
zipl_helper.device-mapper: Add missed step in logical device resolution
- Revendored vendor.tar.gz
- Removed obsolete patches:
* s390-tools-01-zipl_helper.device-mapper-add-missed-step-in-logical.patch
* s390-tools-02-zipl-src-fix-imprecise-check-that-file-is-on-specifi.patch
* s390-tools-General-update-01.patch
* s390-tools-General-update-02.patch
* s390-tools-General-update-03.patch
* s390-tools-General-update-04.patch
* s390-tools-General-update-05.patch
* s390-tools-General-update-06.patch
* s390-tools-General-update-07.patch
* s390-tools-General-update-08.patch
* s390-tools-General-update-09.patch
* s390-tools-General-update-10.patch
* s390-tools-General-update-11.patch
* s390-tools-General-update-12.patch
* s390-tools-Additional-update-01.patch
* s390-tools-Additional-update-02.patch
* s390-tools-pvimg-info-command-01.patch
* s390-tools-pvimg-info-command-02.patch
* s390-tools-pvimg-info-command-03.patch
* s390-tools-Support-unencrypted-SE-images-01.patch
* s390-tools-pvimg-info-command-04.patch
* s390-tools-pvimg-additional-01.patch
* s390-tools-01-zkey-Add-support-for-retrieving-a-list-of-ultravisor-secrets.patch
* s390-tools-02-zkey-Add-the--pvsecrets-list-command.patch
* s390-tools-03-zkey-Add-PVSECRETS-AES-key-type.patch
* s390-tools-04-zkey-Add-the-pvsecrets-import-command.patch
* s390-tools-05-zkey-Reject-key-generation-and-APQN-association-for-PVSECRET-AES-keys.patch
* s390-tools-06-zkey-Reject-re-enciphering-of-PVSECRET-AES-keys.patch
* s390-tools-07-zkey-Support-validation-of-key-of-type-PVSECRET-AES.patch
* s390-tools-08-rust-pvimg-Fix-flag-parsing-for-allowing-dump.patch
* s390-tools-09-rust-pvimg-Document-the-change-from--comm-key-to--cck.patch
OBS-URL: https://build.opensuse.org/package/show/Base:System/s390-tools?expand=0&rev=249
148 lines
5.0 KiB
Diff
148 lines
5.0 KiB
Diff
From 1e44ace41de3cbd744b22a8f9835473b091186e0 Mon Sep 17 00:00:00 2001
|
|
From: Steffen Eiden <seiden@linux.ibm.com>
|
|
Date: Thu, 18 Jul 2024 10:55:45 +0200
|
|
Subject: [PATCH] rust/pvsecret: Refactor writing secret
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Refactor the writing of secret-type dependent output files to ease
|
|
extensions.
|
|
|
|
Reviewed-by: Marc Hartmayer <marc@linux.ibm.com>
|
|
Reviewed-by: Christoph Schlameuss <schlameuss@linux.ibm.com>
|
|
Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>
|
|
Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
|
|
---
|
|
rust/pv/src/uvsecret/guest_secret.rs | 2 +-
|
|
rust/pvsecret/src/cmd/create.rs | 89 +++++++++++++++-------------
|
|
2 files changed, 48 insertions(+), 43 deletions(-)
|
|
|
|
diff --git a/rust/pv/src/uvsecret/guest_secret.rs b/rust/pv/src/uvsecret/guest_secret.rs
|
|
index 509691fa..4f1db31c 100644
|
|
--- a/rust/pv/src/uvsecret/guest_secret.rs
|
|
+++ b/rust/pv/src/uvsecret/guest_secret.rs
|
|
@@ -68,7 +68,7 @@ impl GuestSecret {
|
|
}
|
|
|
|
/// Reference to the confidential data
|
|
- pub(crate) fn confidential(&self) -> &[u8] {
|
|
+ pub fn confidential(&self) -> &[u8] {
|
|
match &self {
|
|
Self::Null => &[],
|
|
Self::Association { secret, .. } => secret.value().as_slice(),
|
|
diff --git a/rust/pvsecret/src/cmd/create.rs b/rust/pvsecret/src/cmd/create.rs
|
|
index 808b29e1..9251c38c 100644
|
|
--- a/rust/pvsecret/src/cmd/create.rs
|
|
+++ b/rust/pvsecret/src/cmd/create.rs
|
|
@@ -62,7 +62,7 @@ pub fn create(opt: &CreateSecretOpt) -> Result<()> {
|
|
write_out(&opt.output, ser_asrbc, "add-secret request")?;
|
|
info!("Successfully wrote the request to '{}'", &opt.output);
|
|
|
|
- write_secret(&opt.secret, &asrcb, &opt.output)
|
|
+ write_secret(&opt.secret, asrcb.guest_secret(), &opt.output)
|
|
}
|
|
|
|
/// Read+parse the first key from the buffer.
|
|
@@ -206,54 +206,59 @@ fn read_cuid(asrcb: &mut AddSecretRequest, opt: &CreateSecretOpt) -> Result<()>
|
|
Ok(())
|
|
}
|
|
|
|
+// Write non confidential data (=name+id) to a yaml stdout
|
|
+fn write_yaml<P: AsRef<Path>>(
|
|
+ name: &str,
|
|
+ guest_secret: &GuestSecret,
|
|
+ stdout: &bool,
|
|
+ outp_path: P,
|
|
+) -> Result<()> {
|
|
+ debug!("Non-confidential secret information: {guest_secret:x?}");
|
|
+
|
|
+ let secret_info = serde_yaml::to_string(guest_secret)?;
|
|
+ if stdout.to_owned() {
|
|
+ println!("{secret_info}");
|
|
+ return Ok(());
|
|
+ }
|
|
+
|
|
+ let gen_name: String = name
|
|
+ .chars()
|
|
+ .map(|c| if c.is_whitespace() { '_' } else { c })
|
|
+ .collect();
|
|
+ let mut yaml_path = outp_path
|
|
+ .as_ref()
|
|
+ .parent()
|
|
+ .with_context(|| format!("Cannot open directory of {:?}", outp_path.as_ref()))?
|
|
+ .to_owned();
|
|
+ yaml_path.push(gen_name);
|
|
+ yaml_path.set_extension("yaml");
|
|
+ write_out(&yaml_path, secret_info, "secret information")?;
|
|
+ warn!(
|
|
+ "Successfully wrote secret info to '{}'",
|
|
+ yaml_path.display().to_string()
|
|
+ );
|
|
+ Ok(())
|
|
+}
|
|
+
|
|
/// Write the generated secret (if any) to the specified output stream
|
|
fn write_secret<P: AsRef<Path>>(
|
|
secret: &AddSecretType,
|
|
- asrcb: &AddSecretRequest,
|
|
+ guest_secret: &GuestSecret,
|
|
outp_path: P,
|
|
) -> Result<()> {
|
|
- if let AddSecretType::Association {
|
|
- name,
|
|
- stdout,
|
|
- output_secret: secret_out,
|
|
- ..
|
|
- } = secret
|
|
- {
|
|
- let gen_name: String = name
|
|
- .chars()
|
|
- .map(|c| if c.is_whitespace() { '_' } else { c })
|
|
- .collect();
|
|
- let mut gen_path = outp_path
|
|
- .as_ref()
|
|
- .parent()
|
|
- .with_context(|| format!("Cannot open directory of {:?}", outp_path.as_ref()))?
|
|
- .to_owned();
|
|
- gen_path.push(format!("{gen_name}.yaml"));
|
|
-
|
|
- // write non confidential data (=name+id) to a yaml
|
|
- let secret_info = serde_yaml::to_string(asrcb.guest_secret())?;
|
|
- if stdout.to_owned() {
|
|
- println!("{secret_info}");
|
|
- } else {
|
|
- write_out(&gen_path, secret_info, "association secret info")?;
|
|
- debug!(
|
|
- "Non-confidential secret information: {:x?}",
|
|
- asrcb.guest_secret()
|
|
- );
|
|
- warn!(
|
|
- "Successfully wrote association info to '{}'",
|
|
- gen_path.display()
|
|
- );
|
|
- }
|
|
-
|
|
- if let Some(path) = secret_out {
|
|
- if let GuestSecret::Association { secret, .. } = asrcb.guest_secret() {
|
|
- write_out(path, secret.value(), "Association secret")?
|
|
- } else {
|
|
- unreachable!("The secret type has to be `association` at this point (bug)!")
|
|
+ match secret {
|
|
+ AddSecretType::Association {
|
|
+ name,
|
|
+ stdout,
|
|
+ output_secret,
|
|
+ ..
|
|
+ } => {
|
|
+ write_yaml(name, guest_secret, stdout, outp_path)?;
|
|
+ if let Some(path) = output_secret {
|
|
+ write_out(path, guest_secret.confidential(), "Association secret")?
|
|
}
|
|
- info!("Successfully wrote generated association secret to '{path}'");
|
|
}
|
|
+ _ => (),
|
|
};
|
|
Ok(())
|
|
}
|