SHA256
1
0
forked from pool/s390-tools

Accepting request 666019 from home:markkp:branches:Base:System

- Added the following two patches from IBM (bsc#1121719):
  * s390-tools-sles15sp1-01-zkey-Include-sbin-into-PATH-when-executing-commands.patch
  * s390-tools-sles15sp1-zkey-Enhance-error-message-about-missing-CCA-library.patch

OBS-URL: https://build.opensuse.org/request/show/666019
OBS-URL: https://build.opensuse.org/package/show/Base:System/s390-tools?expand=0&rev=67
This commit is contained in:
Mark Post 2019-01-14 17:16:03 +00:00 committed by Git OBS Bridge
parent da00c9b14c
commit 714bda41fe
4 changed files with 128 additions and 2 deletions

View File

@ -0,0 +1,30 @@
Subject: zkey: Fails to run commands generated by 'zkey cryptsetup'
From: Ingo Franzki <ifranzki@linux.ibm.com>
Description: zkey: Fails to run commands generated by 'zkey cryptsetup'
Symptom: Fails to run commands generated by 'zkey cryptsetup'.
Problem: When using 'zkey cryptsetup' with --run option the
execution of the generated commands may fail, when
the executable to be run is located in '/sbin'.
Solution: Include /sbin into PATH when executing commands.
Reproduction: Use 'zkey cryptsetup' with option --run on a distribution
where 'cryptsetup' is located in '/sbin'.
Upstream-ID: -
Problem-ID: 173155
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
zkey/keystore.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/zkey/keystore.c
+++ b/zkey/keystore.c
@@ -3235,7 +3235,7 @@ static int _keystore_execute_cmd(const c
{
int rc;
- rc = setenv("PATH", "/bin:/usr/bin:/usr/sbin", 1);
+ rc = setenv("PATH", "/bin:/sbin:/usr/bin:/usr/sbin", 1);
if (rc < 0)
return rc;

View File

@ -0,0 +1,85 @@
Subject: zkey: Enhance error message about missing CCA library.
From: Ingo Franzki <ifranzki@linux.ibm.com>
Description: zkey: Enhance error message about missing CCA library.
Symptom: "zkey-cryptsetup reencipher" fails with missing
library and confusing error message.
Problem: The "zkey reencipher" command as well as the "zkey-cryptsetup
reencipher" command requires the IBM CCA Host Libraries and
Tools package to be installed. This is a closed source
library that is not distributed by the distributions, but
must be downloaded separately from an IBM web page.
Solution: Enhance the error message to point to the web page where
the package can be downloaded.
Reproduction: Run the "zkey-cryptsetup reencipher" or "zkey reencipher"
command without having installed the IBM CCA Host Libraries
and Tools package.
Upstream-ID: -
Problem-ID: 173878
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
zkey/pkey.c | 13 +++++++++----
zkey/zkey-cryptsetup.1 | 3 ++-
zkey/zkey.1 | 3 ++-
3 files changed, 13 insertions(+), 6 deletions(-)
--- a/zkey/pkey.c
+++ b/zkey/pkey.c
@@ -48,6 +48,7 @@
* Definitions for the CCA library
*/
#define CCA_LIBRARY_NAME "libcsulcca.so"
+#define CCA_WEB_PAGE "http://www.ibm.com/security/cryptocards"
#define DEFAULT_KEYBITS 256
@@ -71,16 +72,20 @@ int load_cca_library(void **lib_csulcca,
/* Load the CCA library */
*lib_csulcca = dlopen(CCA_LIBRARY_NAME, RTLD_GLOBAL | RTLD_NOW);
if (*lib_csulcca == NULL) {
- warnx("%s\nEnsure that the IBM CCA Host Libraries and "
- "Tools are installed properly", dlerror());
+ pr_verbose(verbose, "%s", dlerror());
+ warnx("The command requires the IBM CCA Host Libraries and "
+ "Tools.\nFor the supported environments and downloads, "
+ "see:\n%s", CCA_WEB_PAGE);
return -ELIBACC;
}
/* Get the Key Token Change function */
*dll_CSNBKTC = (t_CSNBKTC)dlsym(*lib_csulcca, "CSNBKTC");
if (*dll_CSNBKTC == NULL) {
- warnx("%s\nEnsure that the IBM CCA Host Libraries and "
- "Tools are installed properly", dlerror());
+ pr_verbose(verbose, "%s", dlerror());
+ warnx("The command requires the IBM CCA Host Libraries and "
+ "Tools.\nFor the supported environments and downloads, "
+ "see:\n%s", CCA_WEB_PAGE);
dlclose(*lib_csulcca);
*lib_csulcca = NULL;
return -ELIBACC;
--- a/zkey/zkey-cryptsetup.1
+++ b/zkey/zkey-cryptsetup.1
@@ -182,7 +182,8 @@ behave in the same way as with \fBcrypts
.PP
.B Note:
The \fBreencipher\fP command requires the CCA host library (libcsulcca.so)
-to be installed.
+to be installed. For the supported environments and downloads, see:
+\fIhttp://www.ibm.com/security/cryptocards\fP
.
.
.
--- a/zkey/zkey.1
+++ b/zkey/zkey.1
@@ -282,7 +282,8 @@ a staged re-enciphering for the \fBOLD\f
.PP
.B Note:
The \fBreencipher\fP command requires the CCA host library (libcsulcca.so)
-to be installed.
+to be installed. For the supported environments and downloads, see:
+\fIhttp://www.ibm.com/security/cryptocards\fP
.
.SS "Import existing AES secure keys into the secure key repository"
.

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Mon Jan 14 17:03:37 UTC 2019 - mpost@suse.com
- Added the following two patches from IBM (bsc#1121719):
* s390-tools-sles15sp1-01-zkey-Include-sbin-into-PATH-when-executing-commands.patch
* s390-tools-sles15sp1-zkey-Enhance-error-message-about-missing-CCA-library.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jan 9 23:17:22 UTC 2019 - mpost@suse.com Wed Jan 9 23:17:22 UTC 2019 - mpost@suse.com

View File

@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9) # license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative. # published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Please submit bugfixes or comments via http://bugs.opensuse.org/
# #
@ -27,7 +27,7 @@ Release: 0
Summary: S/390 tools like zipl and dasdfmt Summary: S/390 tools like zipl and dasdfmt
License: MIT License: MIT
Group: System/Kernel Group: System/Kernel
URL: https://github.com/ibm-s390-tools/s390-tools Url: https://github.com/ibm-s390-tools/s390-tools
Source: s390-tools-%{version}.tar.gz Source: s390-tools-%{version}.tar.gz
Source1: s390-tools-rpmlintrc Source1: s390-tools-rpmlintrc
Source2: zipl.conf Source2: zipl.conf
@ -184,6 +184,8 @@ Patch95: s390-tools-sles15sp1-10-zdev-Implement-support-for-early-device-
Patch96: s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch Patch96: s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch
Patch97: s390-tools-sles15sp1-zdev-fix-qeth-BridgePort-and-VNICC-conflict-checking.patch Patch97: s390-tools-sles15sp1-zdev-fix-qeth-BridgePort-and-VNICC-conflict-checking.patch
Patch98: s390-tools-sles15sp1-qethqoat-add-OSA-Express7S-support.patch Patch98: s390-tools-sles15sp1-qethqoat-add-OSA-Express7S-support.patch
Patch99: s390-tools-sles15sp1-01-zkey-Include-sbin-into-PATH-when-executing-commands.patch
Patch100: s390-tools-sles15sp1-zkey-Enhance-error-message-about-missing-CCA-library.patch
BuildRequires: dracut BuildRequires: dracut
BuildRequires: fuse-devel BuildRequires: fuse-devel
@ -361,6 +363,8 @@ to list files and directories.
%patch96 -p1 %patch96 -p1
%patch97 -p1 %patch97 -p1
%patch98 -p1 %patch98 -p1
%patch99 -p1
%patch100 -p1
cp -vi %{SOURCE22} CAUTION cp -vi %{SOURCE22} CAUTION