From 714bda41fe928aac2024bd012b8152e2f9e31ddd1437f17d58b0f667f87abf3e Mon Sep 17 00:00:00 2001 From: Mark Post Date: Mon, 14 Jan 2019 17:16:03 +0000 Subject: [PATCH] Accepting request 666019 from home:markkp:branches:Base:System - Added the following two patches from IBM (bsc#1121719): * s390-tools-sles15sp1-01-zkey-Include-sbin-into-PATH-when-executing-commands.patch * s390-tools-sles15sp1-zkey-Enhance-error-message-about-missing-CCA-library.patch OBS-URL: https://build.opensuse.org/request/show/666019 OBS-URL: https://build.opensuse.org/package/show/Base:System/s390-tools?expand=0&rev=67 --- ...in-into-PATH-when-executing-commands.patch | 30 +++++++ ...or-message-about-missing-CCA-library.patch | 85 +++++++++++++++++++ s390-tools.changes | 7 ++ s390-tools.spec | 8 +- 4 files changed, 128 insertions(+), 2 deletions(-) create mode 100644 s390-tools-sles15sp1-01-zkey-Include-sbin-into-PATH-when-executing-commands.patch create mode 100644 s390-tools-sles15sp1-zkey-Enhance-error-message-about-missing-CCA-library.patch diff --git a/s390-tools-sles15sp1-01-zkey-Include-sbin-into-PATH-when-executing-commands.patch b/s390-tools-sles15sp1-01-zkey-Include-sbin-into-PATH-when-executing-commands.patch new file mode 100644 index 0000000..e726963 --- /dev/null +++ b/s390-tools-sles15sp1-01-zkey-Include-sbin-into-PATH-when-executing-commands.patch @@ -0,0 +1,30 @@ +Subject: zkey: Fails to run commands generated by 'zkey cryptsetup' +From: Ingo Franzki + +Description: zkey: Fails to run commands generated by 'zkey cryptsetup' +Symptom: Fails to run commands generated by 'zkey cryptsetup'. +Problem: When using 'zkey cryptsetup' with --run option the + execution of the generated commands may fail, when + the executable to be run is located in '/sbin'. +Solution: Include /sbin into PATH when executing commands. +Reproduction: Use 'zkey cryptsetup' with option --run on a distribution + where 'cryptsetup' is located in '/sbin'. +Upstream-ID: - +Problem-ID: 173155 + +Signed-off-by: Ingo Franzki +--- + zkey/keystore.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/zkey/keystore.c ++++ b/zkey/keystore.c +@@ -3235,7 +3235,7 @@ static int _keystore_execute_cmd(const c + { + int rc; + +- rc = setenv("PATH", "/bin:/usr/bin:/usr/sbin", 1); ++ rc = setenv("PATH", "/bin:/sbin:/usr/bin:/usr/sbin", 1); + if (rc < 0) + return rc; + diff --git a/s390-tools-sles15sp1-zkey-Enhance-error-message-about-missing-CCA-library.patch b/s390-tools-sles15sp1-zkey-Enhance-error-message-about-missing-CCA-library.patch new file mode 100644 index 0000000..047b957 --- /dev/null +++ b/s390-tools-sles15sp1-zkey-Enhance-error-message-about-missing-CCA-library.patch @@ -0,0 +1,85 @@ +Subject: zkey: Enhance error message about missing CCA library. +From: Ingo Franzki + +Description: zkey: Enhance error message about missing CCA library. +Symptom: "zkey-cryptsetup reencipher" fails with missing + library and confusing error message. +Problem: The "zkey reencipher" command as well as the "zkey-cryptsetup + reencipher" command requires the IBM CCA Host Libraries and + Tools package to be installed. This is a closed source + library that is not distributed by the distributions, but + must be downloaded separately from an IBM web page. +Solution: Enhance the error message to point to the web page where + the package can be downloaded. +Reproduction: Run the "zkey-cryptsetup reencipher" or "zkey reencipher" + command without having installed the IBM CCA Host Libraries + and Tools package. +Upstream-ID: - +Problem-ID: 173878 + +Signed-off-by: Ingo Franzki +--- + zkey/pkey.c | 13 +++++++++---- + zkey/zkey-cryptsetup.1 | 3 ++- + zkey/zkey.1 | 3 ++- + 3 files changed, 13 insertions(+), 6 deletions(-) + +--- a/zkey/pkey.c ++++ b/zkey/pkey.c +@@ -48,6 +48,7 @@ + * Definitions for the CCA library + */ + #define CCA_LIBRARY_NAME "libcsulcca.so" ++#define CCA_WEB_PAGE "http://www.ibm.com/security/cryptocards" + + #define DEFAULT_KEYBITS 256 + +@@ -71,16 +72,20 @@ int load_cca_library(void **lib_csulcca, + /* Load the CCA library */ + *lib_csulcca = dlopen(CCA_LIBRARY_NAME, RTLD_GLOBAL | RTLD_NOW); + if (*lib_csulcca == NULL) { +- warnx("%s\nEnsure that the IBM CCA Host Libraries and " +- "Tools are installed properly", dlerror()); ++ pr_verbose(verbose, "%s", dlerror()); ++ warnx("The command requires the IBM CCA Host Libraries and " ++ "Tools.\nFor the supported environments and downloads, " ++ "see:\n%s", CCA_WEB_PAGE); + return -ELIBACC; + } + + /* Get the Key Token Change function */ + *dll_CSNBKTC = (t_CSNBKTC)dlsym(*lib_csulcca, "CSNBKTC"); + if (*dll_CSNBKTC == NULL) { +- warnx("%s\nEnsure that the IBM CCA Host Libraries and " +- "Tools are installed properly", dlerror()); ++ pr_verbose(verbose, "%s", dlerror()); ++ warnx("The command requires the IBM CCA Host Libraries and " ++ "Tools.\nFor the supported environments and downloads, " ++ "see:\n%s", CCA_WEB_PAGE); + dlclose(*lib_csulcca); + *lib_csulcca = NULL; + return -ELIBACC; +--- a/zkey/zkey-cryptsetup.1 ++++ b/zkey/zkey-cryptsetup.1 +@@ -182,7 +182,8 @@ behave in the same way as with \fBcrypts + .PP + .B Note: + The \fBreencipher\fP command requires the CCA host library (libcsulcca.so) +-to be installed. ++to be installed. For the supported environments and downloads, see: ++\fIhttp://www.ibm.com/security/cryptocards\fP + . + . + . +--- a/zkey/zkey.1 ++++ b/zkey/zkey.1 +@@ -282,7 +282,8 @@ a staged re-enciphering for the \fBOLD\f + .PP + .B Note: + The \fBreencipher\fP command requires the CCA host library (libcsulcca.so) +-to be installed. ++to be installed. For the supported environments and downloads, see: ++\fIhttp://www.ibm.com/security/cryptocards\fP + . + .SS "Import existing AES secure keys into the secure key repository" + . diff --git a/s390-tools.changes b/s390-tools.changes index f0607c1..426c66a 100644 --- a/s390-tools.changes +++ b/s390-tools.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Jan 14 17:03:37 UTC 2019 - mpost@suse.com + +- Added the following two patches from IBM (bsc#1121719): + * s390-tools-sles15sp1-01-zkey-Include-sbin-into-PATH-when-executing-commands.patch + * s390-tools-sles15sp1-zkey-Enhance-error-message-about-missing-CCA-library.patch + ------------------------------------------------------------------- Wed Jan 9 23:17:22 UTC 2019 - mpost@suse.com diff --git a/s390-tools.spec b/s390-tools.spec index 8388e4d..09b12e2 100644 --- a/s390-tools.spec +++ b/s390-tools.spec @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -27,7 +27,7 @@ Release: 0 Summary: S/390 tools like zipl and dasdfmt License: MIT Group: System/Kernel -URL: https://github.com/ibm-s390-tools/s390-tools +Url: https://github.com/ibm-s390-tools/s390-tools Source: s390-tools-%{version}.tar.gz Source1: s390-tools-rpmlintrc Source2: zipl.conf @@ -184,6 +184,8 @@ Patch95: s390-tools-sles15sp1-10-zdev-Implement-support-for-early-device- Patch96: s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch Patch97: s390-tools-sles15sp1-zdev-fix-qeth-BridgePort-and-VNICC-conflict-checking.patch Patch98: s390-tools-sles15sp1-qethqoat-add-OSA-Express7S-support.patch +Patch99: s390-tools-sles15sp1-01-zkey-Include-sbin-into-PATH-when-executing-commands.patch +Patch100: s390-tools-sles15sp1-zkey-Enhance-error-message-about-missing-CCA-library.patch BuildRequires: dracut BuildRequires: fuse-devel @@ -361,6 +363,8 @@ to list files and directories. %patch96 -p1 %patch97 -p1 %patch98 -p1 +%patch99 -p1 +%patch100 -p1 cp -vi %{SOURCE22} CAUTION