From 2f3aa4d8740237c4159e38bea037b92130838599821148afcc2fdaed3bb4e0bf Mon Sep 17 00:00:00 2001 From: Nikolay Gueorguiev Date: Fri, 12 Apr 2024 09:50:38 +0000 Subject: [PATCH 1/5] Accepting request 1167028 from home:ngueorguiev:branches:Base:System - Updated the .spec file to enable Secure Execution in the Cloud (bsc#1222675) * Creates a s390-tools-genprotimg-data-*.noarch.rpm package which includes s390x bootload binaries for x86_64: - stage3a.bin and - stage3b_reloc.bin - plus check_hostkeydoc script OBS-URL: https://build.opensuse.org/request/show/1167028 OBS-URL: https://build.opensuse.org/package/show/Base:System/s390-tools?expand=0&rev=205 --- s390-tools.changes | 10 ++++++++++ s390-tools.spec | 28 ++++++++++++++++++++++++++-- 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/s390-tools.changes b/s390-tools.changes index daea387..e679b77 100644 --- a/s390-tools.changes +++ b/s390-tools.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Fri Apr 12 08:59:53 UTC 2024 - Nikolay Gueorguiev + +- Updated the .spec file to enable Secure Execution in the Cloud (bsc#1222675) + * Creates a s390-tools-genprotimg-data-*.noarch.rpm package which includes + s390x bootload binaries for x86_64: + - stage3a.bin and + - stage3b_reloc.bin + - plus check_hostkeydoc script + ------------------------------------------------------------------- Thu Apr 4 03:51:55 UTC 2024 - Nikolay Gueorguiev diff --git a/s390-tools.spec b/s390-tools.spec index 644d7ae..86d628d 100644 --- a/s390-tools.spec +++ b/s390-tools.spec @@ -195,12 +195,14 @@ BuildRequires: openssl # Don't build with pie to avoid problems with zipl #!BuildIgnore: gcc-PIE Requires: coreutils +Requires: procps +Requires: util-linux +%ifarch s390x Requires: gawk Requires: perl-base -Requires: procps Requires: rsync Requires: tar -Requires: util-linux +%endif Requires(post): %fillup_prereq Requires(post): permissions Requires(pre): shadow @@ -209,6 +211,8 @@ Provides: s390utils:/sbin/dasdfmt Provides: group(cpacfstats) Provides: group(ts-shell) Provides: group(zkeyadm) +%ifarch x86_64 ### +%endif ### ExclusiveArch: s390x x86_64 %description @@ -333,6 +337,20 @@ unavailable, the toolset checks for operational paths to the same volume. If available, it reconfigures the FCP re-IPL settings to use an operational path. +%package genprotimg-data +Summary: Build of genprotimg for and on x86_64 machines +License: MIT +Group: System/Boot +BuildArch: noarch +Conflicts: s390-tools +# ExpandFlags: ignoreconflicts + +%description genprotimg-data +These tools (genprotimg) would allow to prepare and analyze boot images +in the realm of IBM Secure Execution on a trusted environment, +such as the laptop of an admin. The idea is to limit the build targets +depending on the defined or detected host architecture. + ### *** s390x ************************************************************************* ### %ifarch s390x @@ -765,6 +783,12 @@ done %{_udevrulesdir}/70-chreipl-fcp-mpath.rules %{_mandir}/man7/chreipl-fcp-mpath.7%{?ext_man} +### genprotimg +%files genprotimg-data +%{_datadir}/s390-tools/genprotimg/check_hostkeydoc +%{_datadir}/s390-tools/genprotimg/stage3a.bin +%{_datadir}/s390-tools/genprotimg/stage3b_reloc.bin + ### _endif ### *** !s390x ************************************************************************* ### ### _ifarch x86_64 From 6e6243123dd4ec573393744a4d4dca9f36d05ee316111b2835f28cf3508a1d84 Mon Sep 17 00:00:00 2001 From: Nikolay Gueorguiev Date: Fri, 12 Apr 2024 16:00:17 +0000 Subject: [PATCH 2/5] Accepting request 1167136 from home:ngueorguiev:branches:Base:System - Updated the .spec file to enable Secure Execution in the Cloud (bsc#1222675) * Creates a s390-tools-genprotimg-data-*.noarch.rpm package which includes s390x bootload binaries for x86_64: - /lib/s390-tools/stage3.bin - /usr/share/s390-tools/genprotimg/stage3a.bin - /usr/share/s390-tools/genprotimg/stage3b_reloc.bin * Excludes the above binaries from the (main) s390-tools-*.s390x.rpm * Requires: s390-tools-genprotimg-data - SE-tooling: New IBM host-key subject locality (s390-tools) (bsc#1222282) * s390-tools-sles15sp5-01-rust-pv-support-Armonk-in-IBM-signing-key-subject.patch * s390-tools-sles15sp6-02-genprotimg-support-Armonk-in-IBM-signing-key-subject.patch * s390-tools-sles15sp6-03-libpv-support-Armonk-in-IBM-signing-key-subject.patch * s390-tools-sles15sp6-04-pvattest-Fix-root-ca-parsing.patch - Apllied a patch(bsc#1220949,bsc#1221873) * s390-tools-sles15sp6-01-parse-ipl-device-for-activation.patch - Applied a patch (bsc#1221072) * s390-tools-sles15sp6-genprotimg-makefile.patch OBS-URL: https://build.opensuse.org/request/show/1167136 OBS-URL: https://build.opensuse.org/package/show/Base:System/s390-tools?expand=0&rev=206 --- s390-tools.changes | 10 ++++++---- s390-tools.spec | 9 ++++++--- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/s390-tools.changes b/s390-tools.changes index e679b77..9f44bf8 100644 --- a/s390-tools.changes +++ b/s390-tools.changes @@ -1,12 +1,14 @@ ------------------------------------------------------------------- -Fri Apr 12 08:59:53 UTC 2024 - Nikolay Gueorguiev +Fri Apr 12 15:28:09 UTC 2024 - Nikolay Gueorguiev - Updated the .spec file to enable Secure Execution in the Cloud (bsc#1222675) * Creates a s390-tools-genprotimg-data-*.noarch.rpm package which includes s390x bootload binaries for x86_64: - - stage3a.bin and - - stage3b_reloc.bin - - plus check_hostkeydoc script + - /lib/s390-tools/stage3.bin + - /usr/share/s390-tools/genprotimg/stage3a.bin + - /usr/share/s390-tools/genprotimg/stage3b_reloc.bin + * Excludes the above binaries from the (main) s390-tools-*.s390x.rpm + * Requires: s390-tools-genprotimg-data ------------------------------------------------------------------- Thu Apr 4 03:51:55 UTC 2024 - Nikolay Gueorguiev diff --git a/s390-tools.spec b/s390-tools.spec index 86d628d..b50bd5b 100644 --- a/s390-tools.spec +++ b/s390-tools.spec @@ -196,6 +196,7 @@ BuildRequires: openssl #!BuildIgnore: gcc-PIE Requires: coreutils Requires: procps +Requires: s390-tools-genprotimg-data Requires: util-linux %ifarch s390x Requires: gawk @@ -342,8 +343,6 @@ Summary: Build of genprotimg for and on x86_64 machines License: MIT Group: System/Boot BuildArch: noarch -Conflicts: s390-tools -# ExpandFlags: ignoreconflicts %description genprotimg-data These tools (genprotimg) would allow to prepare and analyze boot images @@ -737,6 +736,10 @@ done %dir /etc/mdevctl.d/scripts.d/ %dir /etc/mdevctl.d/scripts.d/callouts/ ### +%exclude /lib/s390-tools/stage3.bin +%exclude %{_datadir}/s390-tools/genprotimg/stage3a.bin +%exclude %{_datadir}/s390-tools/genprotimg/stage3b_reloc.bin +### %files -n osasnmpd -f %{_builddir}/%{name}.osasnmp %{_libexecdir}/net-snmp/agents/osasnmpd @@ -785,7 +788,7 @@ done ### genprotimg %files genprotimg-data -%{_datadir}/s390-tools/genprotimg/check_hostkeydoc +/lib/s390-tools/stage3.bin %{_datadir}/s390-tools/genprotimg/stage3a.bin %{_datadir}/s390-tools/genprotimg/stage3b_reloc.bin From 6dbc844406b57843d7b940558f3cd6d47953d96c81c0489d01ba00b1417a6897 Mon Sep 17 00:00:00 2001 From: Nikolay Gueorguiev Date: Tue, 16 Apr 2024 08:24:54 +0000 Subject: [PATCH 3/5] Accepting request 1167955 from home:ngueorguiev:branches:Base:System - Amended the .spec file for s390-tools-genprotimg-data-*.noarch.rpm * Removed the dependency on it on x86_64 platform * Updated the Summary and Description of the *.noarch.rpm (bsc#1222675) OBS-URL: https://build.opensuse.org/request/show/1167955 OBS-URL: https://build.opensuse.org/package/show/Base:System/s390-tools?expand=0&rev=207 --- s390-tools.changes | 7 +++++++ s390-tools.spec | 15 ++++++++++----- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/s390-tools.changes b/s390-tools.changes index 9f44bf8..6b0dc87 100644 --- a/s390-tools.changes +++ b/s390-tools.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Apr 16 07:48:20 UTC 2024 - Nikolay Gueorguiev + +- Amended the .spec file for s390-tools-genprotimg-data-*.noarch.rpm + * Removed the dependency on it on x86_64 platform + * Updated the Summary and Description of the *.noarch.rpm (bsc#1222675) + ------------------------------------------------------------------- Fri Apr 12 15:28:09 UTC 2024 - Nikolay Gueorguiev diff --git a/s390-tools.spec b/s390-tools.spec index b50bd5b..70f5d65 100644 --- a/s390-tools.spec +++ b/s390-tools.spec @@ -182,6 +182,10 @@ BuildRequires: systemd-devel BuildRequires: tcpd-devel BuildRequires: zlib-devel-static ### x86_64 +%ifarch x86_64 +BuildRequires: cross-s390x-gcc11 +%endif +### s390x %ifarch s390x BuildRequires: kernel-zfcpdump BuildRequires: qclib-devel-static @@ -196,12 +200,12 @@ BuildRequires: openssl #!BuildIgnore: gcc-PIE Requires: coreutils Requires: procps -Requires: s390-tools-genprotimg-data Requires: util-linux %ifarch s390x Requires: gawk Requires: perl-base Requires: rsync +Requires: s390-tools-genprotimg-data Requires: tar %endif Requires(post): %fillup_prereq @@ -225,7 +229,7 @@ dasdfmt - low-level format tool for ECKD DASD fdasd - partitions ECKD DASDs with z/OS compatible disk layout zipl - boot loader and dump DASD initializer zgetdump - tool to get linux system dumps from DASD - - x86_64 + - x86_64 (it would require - s390-tools-genprotimg-data-*.noarch.rpm - installed) genprotimg - create a protected virtualization image pvattest - create, perform, and verify protected virtualization attestation measurements @@ -339,16 +343,17 @@ volume. If available, it reconfigures the FCP re-IPL settings to use an operational path. %package genprotimg-data -Summary: Build of genprotimg for and on x86_64 machines +Summary: Auxiliary data used by genprotimg License: MIT Group: System/Boot BuildArch: noarch %description genprotimg-data -These tools (genprotimg) would allow to prepare and analyze boot images +The genprotimg allows preparing and analyzing boot images in the realm of IBM Secure Execution on a trusted environment, -such as the laptop of an admin. The idea is to limit the build targets +such as the laptop of an admin by limiting the build targets depending on the defined or detected host architecture. +This package provides auxiliary data used by genprotimg. ### *** s390x ************************************************************************* ### %ifarch s390x From 3dbfffe91f833166266880a458f45840e5a416f52db38e130af1791135ff3d38 Mon Sep 17 00:00:00 2001 From: Nikolay Gueorguiev Date: Tue, 16 Apr 2024 10:39:22 +0000 Subject: [PATCH 4/5] Accepting request 1168007 from home:ngueorguiev:branches:Base:System Amended the .spec file OBS-URL: https://build.opensuse.org/request/show/1168007 OBS-URL: https://build.opensuse.org/package/show/Base:System/s390-tools?expand=0&rev=208 --- s390-tools.spec | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/s390-tools.spec b/s390-tools.spec index 70f5d65..7ae3c13 100644 --- a/s390-tools.spec +++ b/s390-tools.spec @@ -181,10 +181,6 @@ BuildRequires: pesign-obs-integration BuildRequires: systemd-devel BuildRequires: tcpd-devel BuildRequires: zlib-devel-static -### x86_64 -%ifarch x86_64 -BuildRequires: cross-s390x-gcc11 -%endif ### s390x %ifarch s390x BuildRequires: kernel-zfcpdump @@ -216,23 +212,25 @@ Provides: s390utils:/sbin/dasdfmt Provides: group(cpacfstats) Provides: group(ts-shell) Provides: group(zkeyadm) -%ifarch x86_64 ### -%endif ### +### ExclusiveArch: s390x x86_64 %description This package contains the tools (s390x, x86_64) needed to use Linux on IBM z Systems -and exploit many of the various capabilities of the hardware or z/VM. -For example: +and exploit many of the various capabilities of the hardware or z/VM. For example: + - s390x dasdfmt - low-level format tool for ECKD DASD fdasd - partitions ECKD DASDs with z/OS compatible disk layout zipl - boot loader and dump DASD initializer zgetdump - tool to get linux system dumps from DASD - - x86_64 (it would require - s390-tools-genprotimg-data-*.noarch.rpm - installed) + + - x86_64 genprotimg - create a protected virtualization image pvattest - create, perform, and verify protected virtualization attestation measurements +Note: The package requires - s390-tools-genprotimg-data-*.noarch.rpm - installed + %package -n osasnmpd Summary: OSA-Express SNMP subagent License: GPL-2.0-or-later From 3ab90cf26b1ac156ceb7853057294fb6674ed184376e6de22090b1b011427191 Mon Sep 17 00:00:00 2001 From: Nikolay Gueorguiev Date: Tue, 16 Apr 2024 16:59:31 +0000 Subject: [PATCH 5/5] Accepting request 1168392 from home:ngueorguiev:branches:Base:System - Amended the .spec file for x86_64 * Recommends: s390-tools-genprotimg-data OBS-URL: https://build.opensuse.org/request/show/1168392 OBS-URL: https://build.opensuse.org/package/show/Base:System/s390-tools?expand=0&rev=209 --- s390-tools.changes | 6 ++++++ s390-tools.spec | 3 +++ 2 files changed, 9 insertions(+) diff --git a/s390-tools.changes b/s390-tools.changes index 6b0dc87..3916b09 100644 --- a/s390-tools.changes +++ b/s390-tools.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Apr 16 16:55:05 UTC 2024 - Nikolay Gueorguiev + +- Amended the .spec file for x86_64 + * Recommends: s390-tools-genprotimg-data + ------------------------------------------------------------------- Tue Apr 16 07:48:20 UTC 2024 - Nikolay Gueorguiev diff --git a/s390-tools.spec b/s390-tools.spec index 7ae3c13..b599734 100644 --- a/s390-tools.spec +++ b/s390-tools.spec @@ -212,6 +212,9 @@ Provides: s390utils:/sbin/dasdfmt Provides: group(cpacfstats) Provides: group(ts-shell) Provides: group(zkeyadm) +%ifarch x86_64 +Recommends: s390-tools-genprotimg-data +%endif ### ExclusiveArch: s390x x86_64