From cab6866186f632bb76c4b0c20e5040d1504aaa4241ea9a884937980a6de132ef Mon Sep 17 00:00:00 2001 From: Mark Post Date: Wed, 7 Dec 2022 15:36:05 +0000 Subject: [PATCH] Accepting request 1041153 from home:markkp:branches:Base:System - Made extensive changes to the spec file to accomodate building this package on both openSUSE, which has implemented the "usrmerge" project, and SLES, which has not. This was accomplished by checking the usrmerged variable, and setting the value of the _mysbindir variable, accordingly. The files identified in the two versions. One for SLES, and one for openSUSE, with either ".suse" or ".opensuse" appended to the file name. The appropriate SOURCE variable is selected based on the usrmerged variable, and installed with the ".suse" or ".opensuse" suffix stripped from the name. * 59-graf.rules * dasd_configure * dasd_reload * detach_disks.sh * iucv_configure * killcdl * mkdump.pl * README.SUSE * s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch * virtsetup.sh * vmlogrdr.service - Updated to version 2.24.0 (jsc#PED-627) * __v2.24.0 (2022-11-09)__ For Linux kernel version: 6.0 Add new tools / libraries: - Provide config files for checkpatch, codespell, and clang-format Changes of existing tools: - dbginfo.sh: Collect log from various distro tools (YaST, DNF, Anaconda) - dbginfo.sh: add Kubernetes data collection - libutil: Introduce util_lockfile - zdev: Add site-aware device configuration - zdump: Add support to read Protected Virtualization dumps - zipl/boot: Add secure boot trailer Bug Fixes: - ap_tools/ap-check: Reject start for control domains without usage - cpumf/lshwc: Fix incremented counter output - cpumf/pai: Fix core dump when summary flag set - dbginfo.sh: Ensure compatibility with /bin/dash shell - dbginfo.sh: Save dbginfo.sh version to dbginfo.log - zipl/src/zipl_helper.device-mapper: Fix bug in error path * __v2.23.0 (2022-08-18)__ For Linux kernel version: 5.19 Changes of existing tools: - Makefile: use common Make definition for DRACUTDIR - Makefile: use common Make definition for UDEVDIR and UDEVRULESDIR - cpacfstats: Add PAI and hotplug support - cpumf/pai: Omit file write progress information - dbginfo.sh: Get more details on lspci command - dumpconf: Prevent running the service in containers - libcpumf: Detect PMU named pai_ext - pvattest: Improve error reporting and logging - zdev: Add some --type ap examples to manpages - zkey: Use default benchmarked Argon2i with LUKS2 Bug Fixes: - dbginfo.sh: Fix accidental ftrace buffer shrinkage/free - genprotimg: Fix BIO_reset() returncode handling - libpv: Fix dependency checking - pvattest: Fix dependency checking - zipl: Fix segmentation fault when no parmline is provided * __v2.22.0 (2022-06-20)__ For Linux kernel version: 5.18 Add new tools / libraries: - ap_tools: Introduce ap_tools and the ap-check tool - cpumf/pai: Add Processor Activity Instrumentation tool - libpv: New library for PV tools - pvattest: Add new tool to create, perform, and verify attestation measurements - zipl/zdump: Add Next Gen Dump (NGDump) support Changes of existing tools: - Move man pages to System commands section (lscpumf, lshwc, pai, dbginfo.sh, zfcpdbf, zipl-switch-to-blscfg) - README.md: Add 70-chreipl-fcp-mpath.rules to the list of udev rule descriptions - Remove SysV related daemon scripts (cpacfstatsd, cpuplugd, mon_statd) - genprotimg: Move man page to section 1 for user commands - hyptop: increase initial update interval - libseckey: Adapt keymgmt_match() implementation to OpenSSL - libutil: Add util_exit_code - libutil: Introduce util_udev - zdev: Introduce the ap device type - zipl-editenv: Add zIPL multienvironment support - zipl: Implement sorting BLS entries by versions - zkey: Add initramfs hook Bug Fixes: - cmsfs-fuse: Fix enabling of hard_remove option - s390-tools: Fix typos that were detected by lintian as 'typo-in-manual-page' - zkey-kmip: Fix possible use after free - zkey: Fix EP11 host library version checking - zkey_kmip: Setup ext-lib once the APQNs have been configured * __v2.21.0 (2022-04-20)__ For Linux kernel version: 5.17 Add new tools / libraries: - libcpumf: Create library libcpumf for CPU Measurement functions Changes of existing tools: - chreipl-fcp-mpath: bundle a pre-cooked version of the manpage for build environments without access to `pandoc` - dbginfo.sh: Add multipath info to map paths to FC addressing and prio group - dbginfo.sh: Collect config files of systemd-modules-load.service - dbginfo.sh: Sort list of environment variables for readability - dbginfo.sh: Replace "which" by builtin command "type" - dbginfo.sh: Rework script formatting (indents, order) - dbginfo.sh: Update sysfs collection (excludes, messages) - genprotimg: Add Protected Virtualization (PV) dump support - genprotimg: Remove DigiCert root CA pinning - lszcrypt: Add CEX8S support - zcryptctl: Add control domain handling - zcryptstats: Add CEX8 support - zipl: Allow optional entries that are left out when files are missing - zipl: make IPL sections defined with BLS to inherit a target field - zpcictl: Add option to trigger firmware reset Bug Fixes: - cpictl: Handle excessive kernel version numbers - dbginfo.sh: Collect all places where modprobe.d config files could exist - fdasd: Fix endless menu loop on EOF - zdump/dfi: Fix segfault due to double free - zdump: Fix /dev/mem reading - zpcictl: Fix race of SCLP reset and Linux recovery * __v2.20.0 (2022-02-04)__ For Linux kernel version: 5.16 Add new tools / libraries: - Add EditorConfig configuration Changes of existing tools: - s390-tools switches to Fuse 3 as Fuse 2 is deprecated. Affected tools: cmsfs, hmcdrvfs, hsavmcore, zdsfs, zdump - chreipl-fcp-mpath: don't compress the manpage before installing it - cpictl: Report extended version information - genprotimg: Add extended kernel command line support - zdev: modify the lsblk output parser in lszdev - zipl: Add support for longer kernel command lines (now supports up to 64k length) Bug Fixes: - cpictl: Suppress messages for unwritable sysfs files - dbginfo.sh: Fix missing syslog for step create_package - lshwc: Fix CPU list parameter setup for device driver - zdev: Check for errors when removing a devtype setting - zdev: Fix path resolution for multi-mount point file systems - Updated s390-tools-sles15sp3-remove-no-pie-link-arguments.patch to fit the new version, and renamed it to s390-tools-sles15sp5-remove-no-pie-link-arguments.patch. - Added s390-tools-sles15sp5-util_lockfile-fix-includes.patch to fix a compilation problem. One source file was missing an include statement for unistd.h. - Added s390-tools-sles15sp5-ap_tools-ap-check-use-new-mdevctl-install-location.patch An executable binary was being installed under /etc, which is an FHS violation. - Modified spec file to * Change BuildRequires for fuse-devel to fuse3-devel. * Remove obsolete BuildRequires for libpfm-devel * Add a BuildRequires for mdevctl and systemd-devel * Added a %files entry for dir %{_prefix}/lib/dracut/modules.d/99ngdump * Added %config(noreplace) for the new file %{_sysconfdir}/ziplenv * Uncomment the %files entry for %{_mandir}/man7/chreipl-fcp-mpath.7%{?ext_man} Specifying ENABLE_DOC=1 is no longer needed for it to be generated. * Add %dir entries for %{_prefix}/lib/mdevctl, %{_prefix}/lib/mdevctl/scripts.d, and %{_prefix}/lib/mdevctl/scripts.d/callouts NOTE that these directories do not belong to this package, but the mdevctl package has yet to be updated to claim them. So, until that happens, we have to temporarily claim ownership of them for the s390-tools package to build. - Updated the s390-tools-rpmlintrc file to suppress two warnings about the /boot/zipl/active_devices.txt file. - Removed the following obsolete patches: * s390-tools-sles15sp4-chreipl-fcp-mpath-don-t-compress-the-manpage-before-.patch * s390-tools-sles15sp4-chreipl-fcp-mpath-remove-shebang-from-chreipl-fcp-mp.patch * s390-tools-sles15sp4-zdev-modify-the-lsblk-output-parser-in-lszdev.patch * s390-tools-sles15sp4-zdev-Fix-path-resolution-for-multi-mount-point-file-.patch * s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinning.patch * s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch * s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch * s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch * s390-tools-sles15sp4-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch * s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch * s390-tools-sles15sp4-hyptop-increase-initial-update-interval.patch * s390-tools-sles15sp4-zipl-boot-add-secure-boot-trailer.patch - Added s390-tools-sles15sp5-zipl-boot-disable-Warray-bounds-for-now.patch With this version, the same false positive of "array subscript 0 is outside array bounds" that was previously seen in the genprotimage/boot directory is now happening in zipl/boot. - Added s390-tools-sles15sp5-fix-chown-commands-syntax.patch to eliminate a bunch of warnings. The new version of chown complains if the deprecated 'owner.group' syntax is used instead of the 'owner:group' syntax. - Added s390-tools-sles15sp4-zipl-boot-add-secure-boot-trailer.patch for bsc#1204965. New IBM Z firmware requires all signed boot images to contain a trailing data block with a specific format. - Added s390-tools-sles15sp4-hyptop-increase-initial-update-interval.patch for bsc#1201412. Initial iteration of hyptop can produce bloated values independent from the update delay set by the user. - Added s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch to fix a build failure with gcc12. With gcc12, a "false positive" of "array subscript 0 is outside array bounds" is seen in genprotimg/boot/stage3a.c (bsc#1200131). OBS-URL: https://build.opensuse.org/request/show/1041153 OBS-URL: https://build.opensuse.org/package/show/Base:System/s390-tools?expand=0&rev=139 --- 59-graf.rules => 59-graf.rules.opensuse | 0 59-graf.rules.suse | 13 + README.SUSE => README.SUSE.opensuse | 0 README.SUSE.suse | 57 ++ dasd_configure => dasd_configure.opensuse | 0 dasd_configure.suse | 173 ++++++ dasd_reload => dasd_reload.opensuse | 0 dasd_reload.suse | 156 +++++ detach_disks.sh => detach_disks.sh.opensuse | 0 detach_disks.sh.suse | 157 +++++ iucv_configure => iucv_configure.opensuse | 0 iucv_configure.suse | 133 ++++ killcdl => killcdl.opensuse | 0 killcdl.suse | 217 +++++++ mkdump.pl => mkdump.pl.opensuse | 0 mkdump.pl.suse | 577 ++++++++++++++++++ s390-tools-2.19.0.tar.gz | 3 - s390-tools-2.24.0.tar.gz | 3 + s390-tools-rpmlintrc | 2 + ...ks-on-change-and-add-action.patch.opensuse | 0 ...-links-on-change-and-add-action.patch.suse | 31 + ...es15sp3-remove-no-pie-link-arguments.patch | 13 - ...timg-remove-DigiCert-root-CA-pinning.patch | 271 -------- ..._hostkeydoc-relax-default-issuer-che.patch | 102 ---- ...h-don-t-compress-the-manpage-before-.patch | 116 ---- ...h-remove-shebang-from-chreipl-fcp-mp.patch | 36 -- ...g-boot-disable-Warray-bounds-for-now.patch | 50 -- ...keymgmt_match-implementation-to-Open.patch | 94 --- ...ix-re-enciphering-of-EP11-secure-key.patch | 103 ---- ...solution-for-multi-mount-point-file-.patch | 169 ----- ...fy-the-lsblk-output-parser-in-lszdev.patch | 44 -- ...dump-fix-segfault-due-to-double-free.patch | 70 --- ...eck-use-new-mdevctl-install-location.patch | 92 +++ ...-sles15sp5-fix-chown-commands-syntax.patch | 143 +++++ ...es15sp5-remove-no-pie-link-arguments.patch | 13 + ...sles15sp5-util_lockfile-fix-includes.patch | 35 ++ ...l-boot-disable-Warray-bounds-for-now.patch | 16 + s390-tools.changes | 211 +++++++ s390-tools.spec | 168 +++-- virtsetup.sh => virtsetup.sh.opensuse | 0 virtsetup.sh.suse | 92 +++ vmlogrdr.service => vmlogrdr.service.opensuse | 0 vmlogrdr.service.suse | 15 + 43 files changed, 2245 insertions(+), 1130 deletions(-) rename 59-graf.rules => 59-graf.rules.opensuse (100%) create mode 100644 59-graf.rules.suse rename README.SUSE => README.SUSE.opensuse (100%) create mode 100644 README.SUSE.suse rename dasd_configure => dasd_configure.opensuse (100%) create mode 100644 dasd_configure.suse rename dasd_reload => dasd_reload.opensuse (100%) create mode 100644 dasd_reload.suse rename detach_disks.sh => detach_disks.sh.opensuse (100%) create mode 100644 detach_disks.sh.suse rename iucv_configure => iucv_configure.opensuse (100%) create mode 100644 iucv_configure.suse rename killcdl => killcdl.opensuse (100%) create mode 100644 killcdl.suse rename mkdump.pl => mkdump.pl.opensuse (100%) create mode 100644 mkdump.pl.suse delete mode 100644 s390-tools-2.19.0.tar.gz create mode 100644 s390-tools-2.24.0.tar.gz rename s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch => s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.opensuse (100%) create mode 100644 s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.suse delete mode 100644 s390-tools-sles15sp3-remove-no-pie-link-arguments.patch delete mode 100644 s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinning.patch delete mode 100644 s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch delete mode 100644 s390-tools-sles15sp4-chreipl-fcp-mpath-don-t-compress-the-manpage-before-.patch delete mode 100644 s390-tools-sles15sp4-chreipl-fcp-mpath-remove-shebang-from-chreipl-fcp-mp.patch delete mode 100644 s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch delete mode 100644 s390-tools-sles15sp4-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch delete mode 100644 s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch delete mode 100644 s390-tools-sles15sp4-zdev-Fix-path-resolution-for-multi-mount-point-file-.patch delete mode 100644 s390-tools-sles15sp4-zdev-modify-the-lsblk-output-parser-in-lszdev.patch delete mode 100644 s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch create mode 100644 s390-tools-sles15sp5-ap_tools-ap-check-use-new-mdevctl-install-location.patch create mode 100644 s390-tools-sles15sp5-fix-chown-commands-syntax.patch create mode 100644 s390-tools-sles15sp5-remove-no-pie-link-arguments.patch create mode 100644 s390-tools-sles15sp5-util_lockfile-fix-includes.patch create mode 100644 s390-tools-sles15sp5-zipl-boot-disable-Warray-bounds-for-now.patch rename virtsetup.sh => virtsetup.sh.opensuse (100%) create mode 100644 virtsetup.sh.suse rename vmlogrdr.service => vmlogrdr.service.opensuse (100%) create mode 100644 vmlogrdr.service.suse diff --git a/59-graf.rules b/59-graf.rules.opensuse similarity index 100% rename from 59-graf.rules rename to 59-graf.rules.opensuse diff --git a/59-graf.rules.suse b/59-graf.rules.suse new file mode 100644 index 0000000..c1e1fc7 --- /dev/null +++ b/59-graf.rules.suse @@ -0,0 +1,13 @@ +# +# Rules for unique 3270 device nodes created in /dev/3270/ +# This file should be installed in /usr/lib/udev/rules.d +# + +SUBSYSTEM!="ccw", GOTO="graf_end" +DRIVER!="3270", GOTO="graf_end" + +# Configure 3270 device +ACTION=="add", SUBSYSTEM=="ccw", PROGRAM="/sbin/chccwdev -e $kernel" +ACTION=="remove", SUBSYSTEM=="ccw", PROGRAM="/sbin/chccwdev -d $kernel" + +LABEL="graf_end" diff --git a/README.SUSE b/README.SUSE.opensuse similarity index 100% rename from README.SUSE rename to README.SUSE.opensuse diff --git a/README.SUSE.suse b/README.SUSE.suse new file mode 100644 index 0000000..1d98ca5 --- /dev/null +++ b/README.SUSE.suse @@ -0,0 +1,57 @@ + +ls - Addons by SUSE + + The following utility and its man page have been added to make it + easier to determine the machine type on which Linux is running. + + * cputype + Usage: cputype + + The following utilities and their man pages have been added by SUSE to + ease the activation and deactivation of devices. These scripts are also + used by YaST. Functionality not provided by these scripts cannot be + provided by YaST. + These scripts also create/delete the needed udev rules. + Detailed information on some parameters are in the + "Device Drivers, Features and Commands" for this release. + + General parameters + channel numbers are with lower letters + parameters switching things on or off are + 1 for on and 0 for off + + * ctc_configure + Usage: /sbin/ctc_configure [] + To configure CTC connections + Valid Parameters for the protocal are 0, 1 and 3 + For a detailed explanation please look in the Device Driver book + + * dasd_configure + Usage: dasd_configure + To set DASDs online/offline + The use_diag makes only sense under z/VM. In an + LPAR just set it to 0 + + * iucv_configure + Usage: /sbin/iucv_configure + To set an IUCV IP-network online/offline + + * qeth_configure + Usage: /sbin/qeth_configure [options] + Set qeth, hipersocket adapter online/offline. + options could be one of the following: + + -i Configure IP takeover + -l Configure Layer2 support + -p NAME QETH Portname to use + -n 1/0 QETH port number to use + + + * zfcp_disk_configure + Usage: /sbin/zfcp_disk_configure + set a disk online/offline. This require that the repective + Adapter is online. See command below. + + * zfcp_host_configure + Usage: /sbin/zfcp_host_configure + Set a zfcp Adapter online/offline diff --git a/dasd_configure b/dasd_configure.opensuse similarity index 100% rename from dasd_configure rename to dasd_configure.opensuse diff --git a/dasd_configure.suse b/dasd_configure.suse new file mode 100644 index 0000000..9603173 --- /dev/null +++ b/dasd_configure.suse @@ -0,0 +1,173 @@ +#! /bin/sh +# +# dasd_configure +# +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# +# Configures a DASD device by calling the IBM-provided chzdev command. +# Whereas this script used to validate the parameters provided to it, +# we now rely on chzdev to do that instead. The script is intended only +# as a "translation layer" to provide backward compatability for older +# scripts and tools that invoke it. +# +# Usage: +# dasd_configure [-f -t ] [use_diag] +# +# -f Override safety checks +# -t DASD type. Must be provided if -f is used. Only dasd-eckd and +# dasd-fba are supported - Deprecated +# ccwid = x.y.ssss where +# x is always 0 until IBM creates something that uses that number +# y is the logical channel subsystem (lcss) number. Most often +# this is 0, but it could be non-zero +# ssss is the four digit subchannel address of the device, in +# hexidecimal, with leading zeros. +# online = 0 to take the device offline +# 1 to bring the device online +# use_diag = 0 to _not_ use z/VM DIAG250 I/O, which is the default +# 1 to use z/VM DIAG250 I/O +# +# Return values: +# Return codes are determined by the chzdev command, with one exception: If a +# DASD volume is not formatted, we will issue a return code of 8. +# + +mesg () { + echo "$@" +} + +debug_mesg () { + case "${DEBUG}" in + yes) mesg "$@" ;; + *) ;; + esac +} + +add_cio_channel() { + echo "$* # ${DATE}" >> /boot/zipl/active_devices.txt +} + +remove_cio_channel() { + [ -w /boot/zipl/active_devices.txt ] && sed -i -e "/^${1}/d" /boot/zipl/active_devices.txt +} + +usage(){ + echo "Usage: ${0} [-f -t ] [use_diag]" + echo + echo " -f Override safety checks" + echo " -t DASD type. Must be provided if -f is used. Only dasd-eckd and" + echo " dasd-fba are supported - Deprecated" + echo " ccwid = x.y.ssss where" + echo " x is always 0 until IBM creates something that uses that number" + echo " y is the logical channel subsystem (lcss) number. Most often" + echo " this is 0, but it could be non-zero" + echo " ssss is the four digit subchannel address of the device, in" + echo " hexidecimal, with leading zeros." + echo " online = 0 to take the device offline" + echo " 1 to bring the device online" + echo " use_diag = 0 to _not_ use z/VM DIAG250 I/O, which is the default" + echo " 1 to use z/VM DIAG250 I/O" +} + +if [ "${DEBUG}" != "yes" ]; then + DEBUG="no" +fi + +DATE=$(date) + +DASD_FORCE=0 + +############################################################ +# Parse the parameters from the command line +# +ARGS=$(getopt --options ft: -n "dasd_configure" -- "$@") +if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi + +eval set -- "${ARGS}" +debug_mesg "All the parms passed were ${ARGS}" + +while true; do + case "${1}" in + -f) debug_mesg "This used to mean udev rules will always be generated." + debug_mesg "For chzdev, it means safety checks will be overridden." + debug_mesg "Kinda sorta the same thing, really." + PARM_LIST="${PARM_LIST} -f" + DASD_FORCE=1 + shift 1 + ;; + -t) debug_mesg "This used to set the card type to ${2}" + debug_mesg "Now it gets ignored." + shift 2 + ;; + --) debug_mesg "Found the end of parms indicator: --" + shift 1 + break + ;; + *) debug_mesg "At the catch-all select entry" + debug_mesg "What was selected was ${1}" + shift 1 + ;; + esac +done + +CCW_CHAN_ID=${1} +ON_OFF=${2} +USE_DIAG=${3} + +if [ -z "${CCW_CHAN_ID}" ] || [ -z "${ON_OFF}" ]; then + mesg "You didn't specify all the needed parameters." + usage + exit 1 +fi + +if [ -n "${USE_DIAG}" ]; then + PARM_LIST="${PARM_LIST} use_diag=${USE_DIAG}" +else PARM_LIST="${PARM_LIST} use_diag=0" +fi + +if [ "${ON_OFF}" == 0 ]; then + debug_mesg "chzdev -d dasd --no-root-update ${CCW_CHAN_ID}" + chzdev -d dasd --no-root-update ${CCW_CHAN_ID} +elif [ "${ON_OFF}" == 1 ]; then + debug_mesg "chzdev -e dasd --no-root-update ${CCW_CHAN_ID} ${PARM_LIST}" + chzdev -e dasd --no-root-update ${CCW_CHAN_ID} ${PARM_LIST} +else mesg "You must specify a 0 or a 1 for the online/offline attribute." + usage + exit 1 +fi + +RC=${?} +if [ ${RC} -ne 0 ]; then + exit ${RC} +elif [ ${ON_OFF} == 1 ]; then + exitcode=0 + # Extract the full busid so that we can reference the proper entries in /sys + BUSID=$(/sbin/lszdev dasd ${CCW_CHAN_ID} | /usr/bin/sed -e 1d | /usr/bin/tr -s " " | /usr/bin/cut -f2 -d" " ) + # Make sure the DASD volume came online + for ((counter=0; counter<30; counter++)); do + sleep 0.1 + read online < /sys/bus/ccw/devices/${BUSID}/online + if [ ${online} -eq 1 ] ; then + break + fi + done + + if [ ${online} -ne 1 ]; then + debug_mesg "DASD ${CCW_CHAN_ID} did not come online." + exit 17 + fi + + # Check to see if the DASD volume is unformatted. If so, let YaST know. + read status < /sys/bus/ccw/devices/${BUSID}/status + if [ "${status}" == "unformatted" ]; then + mesg "DASD ${CCW_CHAN_ID} is unformatted." + exitcode=8 + fi +fi + +if [ ${ON_OFF} == 1 ]; then + add_cio_channel "${CCW_CHAN_ID}" +else remove_cio_channel "${CCW_CHAN_ID}" +fi + +exit ${exitcode} diff --git a/dasd_reload b/dasd_reload.opensuse similarity index 100% rename from dasd_reload rename to dasd_reload.opensuse diff --git a/dasd_reload.suse b/dasd_reload.suse new file mode 100644 index 0000000..33abc04 --- /dev/null +++ b/dasd_reload.suse @@ -0,0 +1,156 @@ +#!/bin/sh +# +# dasd_reload +# $Id: dasd_reload,v 1.2 2004/05/26 15:17:09 hare Exp $ +# +# Deconfigures all active DASDs, unloads the modules +# and activates the configured DASDs again. +# Needed to establish an identical device mapping +# in the installation system and in the running system. +# All DASD access need to be cancelled prior to running +# this script. +# +# Usage: +# dasd_reload +# +# Return values: +# 1 Cannot read /proc/modules +# 2 Missing module programs +# 3 /sys not mounted +# 4 Failure on deactivate DASDs +# + +if [ ! -r /proc/modules ]; then + echo "Cannot read /proc/modules" + exit 1 +fi + +if [ ! -x /sbin/rmmod -o ! -x /sbin/modprobe ]; then + echo "Missing module programs" + exit 2 +fi + +if [ ! -d /sys/bus ]; then + echo "sysfs not mounted" + exit 3 +fi + +let anymd=0 +if [ -f /proc/mdstat ]; then + for mddevice in $(grep active /proc/mdstat | cut -f1 -d:); do + mdadm -S /dev/${mddevice} + let anymd=1 + done + udevadm settle +fi + +# +# Setting HyperPAV alias devices offline +# +dasd_alias= +let EXITRC=0 +for dev in /sys/bus/ccw/devices/*; do + if [ -f ${dev}/use_diag ]; then + read _online < ${dev}/online + read _alias < ${dev}/alias + if [ "$_online" -eq 1 -a "$_alias" -eq 1 ]; then + echo "setting DASD HyperPAV alias $(basename ${dev}) offline" + echo "0" > ${dev}/online + read _online < ${dev}/online + dasd_alias="${dasd_alias} $(basename ${dev})" + if [ "$_online" -eq 1 ]; then + echo "failure on setting DASD HyperPAV alias $(basename ${dev}) offline !" + let EXITRC=4 + fi + fi + fi +done + +# +# Setting "normal" DASD and HyperPAV base devices offline +# +dasd_base= +for dev in /sys/bus/ccw/devices/*; do + if [ -f ${dev}/use_diag ]; then + read _online < ${dev}/online + read _alias < ${dev}/alias + if [ "$_online" -eq 1 -a "$_alias" -eq 0 ]; then + echo "setting DASD $(basename ${dev}) offline" + echo "0" > ${dev}/online + read _online < ${dev}/online + dasd_base="${dasd_base} $(basename ${dev})" + if [ "$_online" -eq 1 ]; then + echo "failure on setting DASD $(basename ${dev}) offline !" + let EXITRC=4 + fi + fi + fi +done + +udevadm settle + +module_list= +module_test_list="dasd_diag_mod dasd_eckd_mod dasd_fba_mod dasd_mod" +for module in ${module_test_list}; do + if grep -q "${module}" /proc/modules; then + module_list="${module} ${module_list}" + : Unloading ${module} + /sbin/rmmod ${module} + fi +done + +udevadm settle +sleep 2 + +if [ -d /etc/udev/rules.d ]; then + cd /etc/udev/rules.d +# +# Re-activating "normal" DASD and HyperPAV base devices +# +# We need to move all the DASD udev rules out from /etc/udev/rules.d +# because if we don't, then when the first DASD volume gets brought +# back online, they are all brought back online, in a non-deterministic +# order, not the numeric order we expect. +# + mv -i 41-dasd-*.rules 51-dasd-*.rules /tmp + cd /tmp + for dasd in ${dasd_base}; do + for file in 41-dasd-*-${dasd}.rules 51-dasd-${dasd}.rules; do + [ -f "${file}" ] || continue +# +# Special handling is needed for old udev rules that start with 51- +# since the chzdev command won't look for that name +# + prefix="$(echo ${file} | cut -f1 -d-)" + if [ "${prefix}" == "51" ]; then + if [ -h /sys/bus/ccw/drivers/dasd-eckd/${dasd} ]; then + mv -i ${file} 41-dasd-eckd-${dasd}.rules + elif [ -h /sys/bus/ccw/drivers/dasd-fba/${dasd} ]; then + mv -i ${file} 41-dasd-fba-${dasd}.rules + else echo "DASD volume ${dasd} is neither an ECKD or FBA device." + let EXITRC=4 + fi + fi + echo Activating ${dasd} + mv -i "${file}" /etc/udev/rules.d/ + /sbin/chzdev dasd --apply --configured -q --no-root-update ${dasd} + lsdasd + break + done + done + +# +# Re-activating HyperPAV alias devices +# + for dasd in ${dasd_alias}; do + for file in 41-dasd-*-${dasd}.rules 51-dasd-${dasd}.rules; do + [ -f "${file}" ] || continue + echo Activating ${dasd} + mv -i "${file}" /etc/udev/rules.d/ + /sbin/chzdev dasd --apply --configured -q --no-root-update ${dasd} + break + done + done +fi + +exit ${EXITRC} diff --git a/detach_disks.sh b/detach_disks.sh.opensuse similarity index 100% rename from detach_disks.sh rename to detach_disks.sh.opensuse diff --git a/detach_disks.sh.suse b/detach_disks.sh.suse new file mode 100644 index 0000000..c514208 --- /dev/null +++ b/detach_disks.sh.suse @@ -0,0 +1,157 @@ +#!/bin/sh + +DASDFILE=/tmp/dasd.list.$(mcookie) +DETFILE=/tmp/detach.disks.$(mcookie) +KEEPFILE=/tmp/keep.disks.$(mcookie) +NICFILE=/tmp/nic.list.$(mcookie) +FAILFILE=/tmp/error.$(mcookie) + +function expand_RANGE(){ +local RANGE=${1} +local RANGE_SAVE=${RANGE} +local DEVNO +local BEGIN=0 +local END=0 + +RANGE=$(IFS=":-"; echo ${RANGE} | cut -f1-2 -d" " ) +set -- ${RANGE} +let BEGIN=0x$1 2>/dev/null +let END=0x$2 2>/dev/null + +if [ ${BEGIN} -eq 0 ] || [ ${END} -eq 0 ]; then + ${msg} "An invalid device number range was specified: ${RANGE_SAVE}" >&2 + touch ${FAILFILE} + return +fi + +for DEVNO in $(eval echo {${BEGIN}..${END}}) + do printf "%d\n" ${DEVNO} + done +} + +function usage(){ + echo "Usage: ${0} [ -F ] [ -q ] [ -h ]" + echo " -F Exit with failure if any invalid parms are detected." + echo " -q Don't generate any output." + echo " -h Display this help message." +} + +msg="echo" +let FORCE_FAIL=0 + +############################################################ +# Parse the parameters from the command line +# +ARGS=$(getopt -a --options Fhq -n "detach_devices" -- "$@") +if [ $? -ne 0 ]; then + usage + exit 3 +fi + +eval set -- "${ARGS}" +for ARG; do + case "${ARG}" in + -F) let FORCE_FAIL=1 + shift 1 + ;; + -h) usage; + exit 0 + ;; + -q) msg="/bin/true" + shift 1 + ;; + --) shift 1 + ;; + *) ${msg} "Extraneous input detected: ${1}" + shift 1 + ;; + esac +done + +if [ -r /etc/sysconfig/virtsetup ]; then + . /etc/sysconfig/virtsetup +else ${msg} "No /etc/sysconfig/virtsetup file was found." + exit 1 +fi + +# First, get a list of all the DASD devices we have for this guest, in decimal. +# (Trying to handle things in hex gets complicated.) +/sbin/vmcp -b1048576 q v dasd | cut -f2 -d" " |\ + while read HEXNO + do let DECNO=0x${HEXNO} + echo ${DECNO} + done > ${DASDFILE} 2>/dev/null + +# If the system administrator specified certain devices to be detached +# let's put those device numbers in a file, one per line. +touch ${DETFILE} +for ADDR in $(IFS=", " ; echo ${ZVM_DISKS_TO_DETACH}) + do if $(echo ${ADDR} | grep -iqE ":|-" 2>/dev/null) + then expand_RANGE ${ADDR} >> ${DETFILE} + else let DEVNO=0 + let DEVNO=0x${ADDR} 2>/dev/null + if [ ${DEVNO} -eq 0 ]; then + ${msg} "An invalid device number was specified: ${ADDR}" >&2 + touch ${FAILFILE} + else printf "%d\n" ${DEVNO} + fi + fi + done > ${DETFILE} + +# If the system administrator specified certain devices that should _not_ +# be detached, let's put those in another file, one per line. +touch ${KEEPFILE} +for ADDR in $(IFS=", " ; echo ${ZVM_DISKS_TO_NOT_DETACH}) + do if $(echo ${ADDR} | grep -iqE ":|-" 2>/dev/null) + then expand_RANGE ${ADDR} >> ${KEEPFILE} + else let DEVNO=0 + let DEVNO=0x${ADDR} 2>/dev/null + if [ ${DEVNO} -eq 0 ]; then + ${msg} "An invalid device number was specified: ${ADDR}" >&2 + touch ${FAILFILE} + else printf "%d\n" ${DEVNO} + fi + fi + done > ${KEEPFILE} + +if [ ${FORCE_FAIL} -eq 1 ] && [ -e ${FAILFILE} ]; then + let RETURN_CODE=1 + ${msg} "Terminating detach_disk because of input errors." +else +# If the system administrator specified that all "unused" disks should be +# detached, compare the disks lsdasd show as activated to the complete +# list of disks we have currently, and add the inactive ones to the +# file containing devices to be detached + if [ "${ZVM_DETACH_ALL_UNUSED}" == "yes" ]; then + lsdasd -s | sed -e 1,2d | cut -f1 -d" " | \ + while read ADDR + do let DEVNO=0x${ADDR} + sed -i -e "/^${DEVNO}$/d" ${DASDFILE} + done + cat ${DASDFILE} >> ${DETFILE} + fi + +# Now remove any "to be kept" disks from the detach file + while read DEVNO + do sed -i -e "/^${DEVNO}/d" ${DETFILE} + done < ${KEEPFILE} + +# Get a list of all the virtual NICs since they require an +# extra keyword to detach. Contrary to what we've done before +# these will be hex values + /sbin/vmcp -b1048576 q nic | grep Adapter | cut -f2 -d" " | cut -f1 -d. > ${NICFILE} + +# Now we sort the device numbers and detach them. + sort -un ${DETFILE} | \ + while read DEVNO + do HEXNO=$(printf %04X ${DEVNO}) + if grep -q ^${HEXNO}$ ${NICFILE} 2>/dev/null ; then + vmcp detach nic ${HEXNO} 2>/dev/null + else vmcp detach ${HEXNO} 2>/dev/null + fi + done + let RETURN_CODE=0 +fi + +rm -f ${DASDFILE} ${DETFILE} ${KEEPFILE} ${NICFILE} ${FAILFILE} +exit ${RETURN_CODE} diff --git a/iucv_configure b/iucv_configure.opensuse similarity index 100% rename from iucv_configure rename to iucv_configure.opensuse diff --git a/iucv_configure.suse b/iucv_configure.suse new file mode 100644 index 0000000..416389d --- /dev/null +++ b/iucv_configure.suse @@ -0,0 +1,133 @@ +#! /bin/sh +# +# iucv_configure +# +# Configures a z/VM IUCV network adapter +# +# Usage: +# iucv_configure +# +# peer_userid = z/VM userid of the IUCV peer +# online = 0 to take the device offline +# 1 to bring the device online +# +# Return values: +# 1 sysfs not mounted +# 2 Invalid status for +# 3 Could not create iucv device +# 4 Could not remove iucv device +# + +if [ "${DEBUG}" != "yes" ]; then + DEBUG="no" +fi + +mesg () { + echo "$@" +} + +debug_mesg () { + case "$DEBUG" in + yes) mesg "$@" ;; + *) ;; + esac +} + +if [ $# -ne 2 ] ; then + echo "Usage: $0 " + echo " peer_userid = z/VM userid of the IUCV peer" + echo " online = 0 to take the device offline" + echo " 1 to bring the device online" + exit 1 +fi + +# Get the mount point for sysfs +while read MNTPT MNTDIR MNTSYS MNTTYPE; do + if test "$MNTSYS" = "sysfs"; then + SYSFS="$MNTDIR" + break; + fi +done $_iucv_drv/connection + if [ $? -ne 0 ] ; then + mesg "Unable to connect to $PEER_USERID" + exit 3 + fi + for _iucv_dev in $_iucv_dir/netiucv?* ; do + [ -d $_iucv_dev ] || continue + read user < $_iucv_dev/user + if [ "$user" = "$PEER_USERID" ] ; then + iucvdev=${_iucv_dev##*/} + break; + fi + done + if [ "$iucvdev" ] ; then + debug_mesg "Configured device $iucvdev" + fi +elif [ "$iucvdev" -a $ONLINE -eq 0 ] ; then + for _net_dev in $_iucv_dir/$iucvdev/net/* ; do + [ -d $_net_dev ] || continue + netdev=${_net_dev##*/} + break; + done + if [ "$netdev" ] ; then + echo $netdev > $_iucv_drv/remove + if [ $? -ne 0 ] ; then + mesg "Unable to remove device $netdev" + exit 4 + else + debug_mesg "Removed device $iucvdev" + rm -f /etc/udev/rules.d/51-iucv-$PEER_USERID.rules /etc/udev/rules.d/51-iucv-$PEER_USERID_LOWER.rules + iucvdev= + fi + fi + +fi + +if [ "$iucvdev" ] ; then + cat > /etc/udev/rules.d/51-iucv-$PEER_USERID.rules < /dev/null + if [ $? -eq 0 ]; then + echo "That device is in the cio_ignore list." + echo "Please remove it with \"cio_ignore -r ${BUSID}\" before trying again." + fi + exit 10 +fi + +case ${DEVNO:0:3} in + 019) if grep -q "version = FF" /proc/cpuinfo 2>/dev/null; then + echo "That looks like a CMS disk." + if [ ${FORCE} -eq 0 ]; then + echo "Specify the -f option to force the operation." + exit 11 + fi + echo "But you specified -f so we'll kill it anyway." + fi + ;; +esac + +read ORIG_ONLINE_STATUS < /sys/bus/ccw/devices/${BUSID}/online + +DISCIPLINE="none" +if [ -r /sys/bus/ccw/devices/${BUSID}/discipline ]; then + # We have to bring the device online before the kernel will fill in + # the value for discipline. + if [ ${ORIG_ONLINE_STATUS} -eq 0 ]; then + /sbin/chccwdev -e ${BUSID} + /sbin/udevadm settle + fi + + read STATUS < /sys/bus/ccw/devices/${BUSID}/status + if [ "${STATUS}" == "unformatted" ]; then + echo "DASD device ${BUSID} is already in an unformatted state." + if [ ${ORIG_ONLINE_STATUS} -eq 0 ]; then + /sbin/chccwdev -d -s ${BUSID} + /sbin/udevadm settle + fi + exit 0 + fi + + read DISCIPLINE < /sys/bus/ccw/devices/${BUSID}/discipline +else read CU_TYPE < /sys/bus/ccw/devices/${BUSID}/cutype + read DEV_TYPE < /sys/bus/ccw/devices/${BUSID}/devtype + case "${CU_TYPE}" in + 3990/*|2105/*|2107/*|1750/*|9343/*) + DISCIPLINE=ECKD + ;; + 3880/*) + case "${DEV_TYPE}" in + 3390/*) + DISCIPLINE=ECKD + ;; + esac + ;; + esac +fi + +if [ "${DISCIPLINE}" != "ECKD" ]; then + echo "This script only works on ECKD DASD." + if [ ${ORIG_ONLINE_STATUS} -eq 0 ]; then + /sbin/chccwdev -d -s ${BUSID} + fi + exit 12 +fi + +read STATUS < /sys/bus/ccw/devices/${BUSID}/online +if [ ${STATUS} -eq 1 ]; then + if [ ! -h /dev/disk/by-path/ccw-${BUSID} ]; then + echo "The udev-generated symbolic link in /dev/disk/by-path was not found." + exit 13 + fi + + /sbin/chccwdev -d -s ${BUSID} + /sbin/udevadm settle + + read STATUS < /sys/bus/ccw/devices/${BUSID}/online + if [ ${STATUS} -ne 0 ]; then + echo "Device number ${DEVNO} didn't go offline. Unable to continue." + exit 14 + fi +fi + +/sbin/chccwdev -a raw_track_access=1 -e ${BUSID} +/sbin/udevadm settle + +read STATUS < /sys/bus/ccw/devices/${BUSID}/online +if [ ${STATUS} -ne 1 ]; then + echo "Unable to bring ${DEVNO} online. Unable to continue." + exit 15 +fi + +# After this point, we will kill the formatting on the device +perl -e 'for ($h=0;$h<2;$h++){printf "\0\0\0%c\0\0\0\x8%s",$h,(("\0"x8).("\xff"x8).("\0"x65512))}' | dd bs=65536 count=2 oflag=direct of=/dev/disk/by-path/ccw-${BUSID} >/dev/null 2>&1 + +if [ "$?" -ne 0 ]; then + echo "The writing of the null record 0 failed." + exit 16 +fi + +echo "Setting ${BUSID} back offline with raw track access disabled." +/sbin/chccwdev -d -s -a raw_track_access=0 ${BUSID} +/sbin/udevadm settle + +if [ ${ORIG_ONLINE_STATUS} -eq 1 ]; then + /sbin/chccwdev -e ${BUSID} + /sbin/udevadm settle +fi diff --git a/mkdump.pl b/mkdump.pl.opensuse similarity index 100% rename from mkdump.pl rename to mkdump.pl.opensuse diff --git a/mkdump.pl.suse b/mkdump.pl.suse new file mode 100644 index 0000000..d1483d3 --- /dev/null +++ b/mkdump.pl.suse @@ -0,0 +1,577 @@ +#!/usr/bin/perl +######################################################################## +# +# mkdump.pl - Preparing disks for use as S/390 dump device +# +# Copyright (c) 2011 Tim Hardeck, SUSE LINUX Products GmbH +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Based on mkdump.sh (c) 2004 Hannes Reinecke, SuSE AG +# +# License: +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +######################################################################## + +use strict; +use warnings; +use Fcntl; +use Getopt::Long; + +my $VERSION = "2.0.3"; + +my $BLKID = "/sbin/blkid"; +my $PARTED = "/usr/sbin/parted"; +my $FDASD = "/sbin/fdasd"; +my $DASDVIEW = "/sbin/dasdview"; +my $DASDFMT = "/sbin/dasdfmt"; +my $ZIPL = "/sbin/zipl"; +my $UDEVADM = "/sbin/udevadm"; +my $ZGETDUMP = "/sbin/zgetdump"; + +# temporary DASD device configuration file for Zipl +my $MDPATH = "/tmp/mvdump.conf.".`mcookie`; +# zFCP dump dir, without a leading '/' +my $ZFCP_DUMP_DIR = "mydumps"; + +my $OPT_DEBUG = 0; +my $OPT_FORCE = 0; +my $OPT_VERBOSE = 0; + +sub cleanup +{ + # DASD + if (-e $MDPATH) { + system("rm -f $MDPATH"); + } +} + +sub exit_with +{ + my $message = shift(); + my $exitcode = shift(); + + print STDERR "$message Exiting...\n"; + cleanup(); + + # fdasd isn't able to create volume label interactively + # could be fixed with a reformat + if ($exitcode == 65280) { + $exitcode = 12; + } + + # bigger exit codes are not supported + if ($exitcode > 255) { + $exitcode = 255; + } + + exit($exitcode); +} + +sub run_cmd +{ + my $cmd = shift(); + + my $output = ""; + if (! $OPT_DEBUG) { + my ($app) = $cmd =~ /\/(\w+) /; + + # run command + $output = `$cmd`; + my $exit_code = $?; + # wait for udev to finish processing + system("$UDEVADM settle"); + + # only print output in case of an error or in verbose mode + if ($output and ($exit_code != 0 or $OPT_VERBOSE)) { + print("$output\n"); + } + + if ($exit_code != 0) { + exit_with("$app failed with exit code $exit_code", $exit_code); + } + } else { + # only print the command in debug mode + print("\`$cmd\`\n"); + } + return($output); +} + +sub check_paths +{ + for my $path ($BLKID, $PARTED, $FDASD, $DASDVIEW, $DASDFMT, $ZIPL, $UDEVADM, $ZGETDUMP) { + unless ( -x $path) { + exit_with("Command $path is not available.", 13); + } + } +} + +sub read_file +{ + my $path = shift(); + + open(my $file, "<", "$path") or exit_with("Unable to access $path: $!.", 15); + my @content = <$file>; + close($file); + + # no need for arrays in case of single lines + if (@content > 1) { + return @content; + } else { + chomp($content[0]); + return($content[0]); + } +} + +sub is_dasd +{ + # remove leading /dev/ + my $device = substr(shift(), 5); + + if (-r "/sys/block/$device/device/discipline") { + return(1); + } else { + return(0); + } +} + +sub is_zfcp +{ + # remove leading /dev/ + my $device = substr(shift(), 5); + my $devpath = "/sys/block/$device/device"; + + unless (-r "$devpath/hba_id" or -r "$devpath/type") { + return(0); + } + + my $devtype = read_file("$devpath/type"); + + # SCSI type '0' means disk + if ($devtype == 0) { + return(1); + } else { + return(0); + } +} + +sub get_partition_num +{ + # remove leading /dev/ + my $device = substr(shift, 5); + + my $part_num = grep(/\s+$device\d+/, read_file("/proc/partitions")); + + return($part_num); +} + +sub print_device +{ + my $device = shift(); + my $only_dump_disks = shift(); + + my $devpath = "/sys/block/" . substr($device, 5); + my $output = $device; + my $dump_device = 0; + + my $size = int(read_file("$devpath/size") / 2048); # 512 Byte blocks + # size can't be read this way in case of unformatted devices + if ($size != 0) { + $output .= "\t${size}MB"; + } else { + $output .= "\tunknown"; + } + + if (is_dasd($device)) { + my ($busid) = readlink("$devpath/device") =~ /(\w\.\w\.\w{4})/; + $output .= "\t$busid"; + + # check for dump record and list multi volumes + my $zgetdump_output = `$ZGETDUMP -d $device 2>&1`; + my @dump_devs = $zgetdump_output =~ /(\w\.\w\.\w{4})/g; + if (@dump_devs) { + $dump_device = 1; + $output .= "\tdumpdevice"; + # no need to output the dump ids for a single device + if (@dump_devs > 1) { + for my $id (@dump_devs) { + $output .= "|$id"; + } + } + } else { + # check for single volume dump devices + if ($zgetdump_output =~ /Single-volume DASD dump tool/) { + $dump_device = 1; + $output .= "\tdumpdevice"; + } + } + } else { + my $adapter = read_file("$devpath/device/hba_id"); + my $wwpn = read_file("$devpath/device/wwpn"); + my $lun = read_file("$devpath/device/fcp_lun"); + $output .= "\t$adapter\t$wwpn\t$lun"; + + # check for dump record + my $zgetdump = `$ZGETDUMP -d $device 2>&1`; + if ($? == 0) { + my ($dsize) = ($zgetdump =~ /Maximum dump size\.:\s+([0-9]+) MB/m); + $dsize = $size unless (defined($dsize)); + $output = "$device\t${dsize}MB\t$adapter\t$wwpn\t$lun\tdumpdevice"; + $dump_device = 1; + } + } + if ($only_dump_disks) { + if ($dump_device) { + print("$output\n"); + } + } else { + print("$output\n"); + } +} + +sub list_free_disks +{ + my $devices_ref = shift(); + my $type = shift(); + + if (@$devices_ref) { + for my $device (@$devices_ref) { + print_device($device); + } + } else { + print STDERR "No free $type devices available!\n"; + } +} + +sub list_dump_disks +{ + my @devices = @_; + + if (@devices) { + for my $device (@devices) { + print_device($device, 1); + } + } else { + print STDERR "No dump devices available!\n"; + } +} + +sub determine_free_disks +{ + my @dasd; + my @zfcp; + my @devices; + + # gather block devices + my $path="/sys/block/"; + opendir(DIR, $path) or exit_with("Unable to find $path: $!", 15); + while (defined(my $file = readdir(DIR))) { + # no need to add other devices then dasd* or sd* + if ($file =~ /^dasd[a-z]+$/ or $file =~ /^sd[a-z]+$/) { + push(@devices, $file); + } + } + closedir(DIR); + + for my $entry (@devices) { + # only allow disks, no partitions + my ($device) = $entry =~ /^([a-z]+)$/; + next unless ($device); + + $device = "/dev/$device"; + + # determine if the block device could be accessed exclusively + if(-b $device and sysopen(my $blockdev, $device, O_RDWR|O_EXCL)) { + close($blockdev); + if (is_dasd($device)) { + push(@dasd, $device); + } + if (is_zfcp($device)) { + push(@zfcp, $device); + } + } + # wait for udev to process all events triggered by sysopen(,O_EXCL) + system("$UDEVADM settle"); + } + + return(\@dasd, \@zfcp); +} + +sub prepare_dasd +{ + my @devices = @_; + + my $format_disks = ""; + + # check formatting + for my $device (@devices) { + # determine disk layout + my ($fmtstr) = `$DASDVIEW -x $device` =~ /(\w\w\w) formatted/; + + SWITCH: + for($fmtstr) { + if (/NOT/) { + print("Unformatted disk, formatting $device.\n"); + $format_disks .= " $device"; + last SWITCH; + } + if (/LDL/) { + if ($OPT_FORCE) { + print("Linux disk layout, reformatting $device.\n"); + $format_disks .= " $device"; + } else { + print("$device was formatted with the Linux disk layout.\n"); + print("Unable to use it without reformatting.\n"); + exit_with("Re-issue the mkdump command with the --force option.", 12); + } + last SWITCH; + } + if (/CDL/) { + # allow reformatting with force, since fdasd isn't able to create volume label interactively + if ($OPT_FORCE) { + print("Compatible disk layout, force reformatting $device.\n"); + $format_disks .= " $device"; + } else { + print("$device: Compatible disk layout, Ok to use.\n"); + } + last SWITCH; + } + exit_with("Unknown layout ($fmtstr), cannot use disk.", 11); + } + } + + # format devices + if ($format_disks) { + #up to eight devices in parallel + run_cmd("$DASDFMT -P 8 -b 4096 -y -f $format_disks"); + } + + # check partitioning and partition + for my $device (@devices) { + my $part_num = get_partition_num($device); + if ($part_num == 0 or $OPT_FORCE) { + print("Re-partitioning disk $device.\n"); + run_cmd("$FDASD -a $device"); + } else { + # allow disk with one partition if it don't consist a file system + if ($part_num == 1) { + my ($fstype) = `$BLKID ${device}1` =~ /TYPE=\"(\w+)\"/; + if ($fstype) { + exit_with("Device ${device}1 already contains a filesystem of type $fstype.", 12); + } + } else { + exit_with("$part_num partitions detected, cannot use disk $device.", 12); + } + } + } +} + +sub setup_dasddump +{ + my @devices = @_; + + prepare_dasd(@devices); + + # create zipl device configuration file + # don't create files in debug mode + unless ($OPT_DEBUG) { + open(my $file, ">", $MDPATH) or exit_with("Unable to access $MDPATH: $!.", 15); + for my $device (@devices) { + print{$file}("${device}1\n"); + } + close($file); + } + + print("Creating dump record.\n"); + run_cmd("${ZIPL} -V -n -M $MDPATH"); + + cleanup(); +} + +sub setup_zfcpdump +{ + my $device = shift(); + + # check partitioning + my $part_num = get_partition_num($device); + if ($part_num == 0 or $OPT_FORCE) { + print("Re-partitioning disk $device.\n"); + run_cmd("$PARTED -s -- $device mklabel gpt mkpart primary 0 -1"); + } else { + if ($part_num > 1) { + exit_with("$part_num partitions detected, cannot use disk $device.", 12); + } + } + + # install bootloader + print("Creating dump record.\n"); + run_cmd("${ZIPL} -V -d ${device}1"); + + cleanup(); +} + +sub print_version +{ + print << "EOF"; +mkdump $VERSION + +Copyright (c) 2011 SUSE LINUX Products GmbH +License GPLv2 or (at your option) any later version. + +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. + +Written by Tim Hardeck . +EOF + exit(0); +} + +sub print_usage +{ + my $exitcode = shift(); + + print << "EOF"; +Usage: mkdump [OPTIONS] [DEVICE]... +mkdump $VERSION + +Prepare one or more volumes for use as S/390 dump device. Supported devices +are ECKD DASD and SCSI over zFCP disks, while multi-volumes are limited to DASD. + +Only whole disks can be used, no partitions! If the device is incompatible +formatted/partioned, the script will refuse to install the dump record +unless the --force switch is given. + +Disks which are in use or have mounted partitions will not be listed and can't be used. +The mentioning of "dumpdevice" after a disk indicates that it is an already usable dump device. Additionally multi-volume dump devices are indicated by the list of including DASD ids. + +Options: + -h, --help display this help and exit + -V, --version display version information and exit + + -d, --debug debug mode, do not run programs which commit changes + -v, --verbose be verbose and show command outputs + -f, --force force overwrite of the disk + + -l, --list-dump display dump disks + -D, --list-dasd display usable DASD disks (Device, Size, ID, Dump) + -Z, --list-zfcp display usable SCSI over zFCP disks (Device, Size, ID, WWPN, LUN, Dump) + +Report bugs on https://bugzilla.novell.com/ +EOF + + exit($exitcode); +} + +sub analyze_cmd_parameters +{ + #verbose, debug and force are global + my $opt_help = 0; + my $opt_version = 0; + my $opt_dump = 0; + my $opt_dasd = 0; + my $opt_zfcp = 0; + + if (@ARGV == 0) { + print_usage(14); + } + + Getopt::Long::Configure('bundling'); + GetOptions( + 'h|help' => \$opt_help, + 'V|version' => \$opt_version, + 'd|debug' => \$OPT_DEBUG, + 'v|verbose' => \$OPT_VERBOSE, + 'f|force' => \$OPT_FORCE, + 'l|list-dump' => \$opt_dump, + 'D|list-dasd' => \$opt_dasd, + 'Z|list-zfcp' => \$opt_zfcp, + ) or print_usage(14); + + if ($opt_help) { + print_usage(0); + } + + if ($opt_version) { + print_version(); + } + + # determine free dasd and zfcp devices + my ($dasd_ref, $zfcp_ref) = determine_free_disks(); + + if ($opt_dump) { + list_dump_disks(@$dasd_ref, @$zfcp_ref); + exit 0; + } + + if ($opt_dasd) { + list_free_disks(\@$dasd_ref, "dasd"); + } + + if ($opt_zfcp) { + list_free_disks(\@$zfcp_ref, "zfcp"); + } + + # allow listing of both device types at the same time + if ($opt_dasd or $opt_zfcp) { + exit 0; + } + + # check provided devices and be strict + my @devices; + for my $device (@ARGV) { + if (grep(/$device/, @devices)) { + exit_with("$device is mentioned more than once.", 14); + } + if ( $device =~ /^\/dev\/[a-z]+$/ == 0) { + exit_with("The device parameter $device is inaccurate. Only whole disks are allowed.", 14); + } + if (grep(/$device/, (@$dasd_ref, @$zfcp_ref))) { + if (is_zfcp($device) and @ARGV > 1) { + exit_with("Multi-volume dumps aren't supported with zFCP.", 14); + } + push(@devices, $device); + } else { + if (-b $device) { + exit_with("$device is in use or not a DASD/zFCP disk!", 14); + } else { + exit_with("$device does not exist!", 14); + } + } + } + + if (@devices == 0) { + exit_with("No usable devices where provided.", 14); + } + + return(@devices); +} + +sub main +{ + check_paths(); + my @devices = analyze_cmd_parameters(); + + # only one dump device is possible with zFCP which is enforced in analyze_cmd_parameters + if (is_zfcp($devices[0])) { + setup_zfcpdump($devices[0]); + } else { + setup_dasddump(@devices); + } + + print("Creating the dump device was successful.\n"); +} + +main(); diff --git a/s390-tools-2.19.0.tar.gz b/s390-tools-2.19.0.tar.gz deleted file mode 100644 index 135797f..0000000 --- a/s390-tools-2.19.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:17dc163e6a1e940f895c64955c130058600e1df834e1ab134410be7266ef724a -size 1681093 diff --git a/s390-tools-2.24.0.tar.gz b/s390-tools-2.24.0.tar.gz new file mode 100644 index 0000000..2a83ebe --- /dev/null +++ b/s390-tools-2.24.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:af5268147f725a9a9ec54df8fe1b2e3e4e8d256199d542456f0b2275e560d005 +size 1840869 diff --git a/s390-tools-rpmlintrc b/s390-tools-rpmlintrc index d7d8c9a..525a34a 100644 --- a/s390-tools-rpmlintrc +++ b/s390-tools-rpmlintrc @@ -2,3 +2,5 @@ addFilter("statically-linked-binary /usr/lib/s390-tools/.*") addFilter("statically-linked-binary /usr/bin/read_values") addFilter("systemd-service-without-service_.* *@.service") addFilter("position-independent-executable-suggested ") +addFilter("non-etc-or-var-file-marked-as-conffile /boot/zipl/active_devices.txt") +addFilter("zero-length /boot/zipl/active_devices.txt") diff --git a/s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch b/s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.opensuse similarity index 100% rename from s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch rename to s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.opensuse diff --git a/s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.suse b/s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.suse new file mode 100644 index 0000000..e5059e0 --- /dev/null +++ b/s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.suse @@ -0,0 +1,31 @@ +From f7a0f391f2c4e8acc96b21ab5de54a178aa60088 Mon Sep 17 00:00:00 2001 +From: Hannes Reinecke +Date: Fri, 22 Nov 2013 15:39:38 +0100 +Subject: [PATCH] 59-dasd.rules: generate by-id links on 'change' and 'add' + +The by-id rules need to be triggered on both, 'change' and 'add', +to work correctly during restarting udev. + +References: bnc#808042 + +Signed-off-by: Robert Milasan +--- + etc/udev/rules.d/59-dasd.rules | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/etc/udev/rules.d/59-dasd.rules b/etc/udev/rules.d/59-dasd.rules +index 2b1435c..a08cb7c 100644 +--- a/etc/udev/rules.d/59-dasd.rules ++++ b/etc/udev/rules.d/59-dasd.rules +@@ -6,7 +6,7 @@ + SUBSYSTEM!="block", GOTO="dasd_symlinks_end" + KERNEL!="dasd*", GOTO="dasd_symlinks_end" + +-ACTION!="change", GOTO="dasd_block_end" ++ACTION!="change|add", GOTO="dasd_block_end" + # by-id (hardware serial number) + KERNEL=="dasd*[!0-9]", ATTRS{status}=="online", IMPORT{program}="/sbin/dasdinfo -a -e -b $kernel" + KERNEL=="dasd*[!0-9]", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_SERIAL}" +-- +1.8.1.4 + diff --git a/s390-tools-sles15sp3-remove-no-pie-link-arguments.patch b/s390-tools-sles15sp3-remove-no-pie-link-arguments.patch deleted file mode 100644 index 5050ce2..0000000 --- a/s390-tools-sles15sp3-remove-no-pie-link-arguments.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- s390-tools-2.15.1/common.mak 2020-10-28 10:31:59.000000000 -0400 -+++ s390-tools-2.15.1/common.mak 2021-03-01 11:16:20.285597140 -0500 -@@ -252,8 +252,8 @@ - - ifneq ($(shell $(CC_SILENT) -dumpspecs 2>/dev/null | grep -e '[^f]no-pie'),) - NO_PIE_CFLAGS := -fno-pie -- NO_PIE_LINKFLAGS := -no-pie -- NO_PIE_LDFLAGS := -no-pie -+ NO_PIE_LINKFLAGS := -+ NO_PIE_LDFLAGS := - else - NO_PIE_CFLAGS := - NO_PIE_LINKFLAGS := diff --git a/s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinning.patch b/s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinning.patch deleted file mode 100644 index 5733fda..0000000 --- a/s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinning.patch +++ /dev/null @@ -1,271 +0,0 @@ -Subject: [PATCH] [BZ 197604] genprotimg: remove DigiCert root CA pinning -From: Marc Hartmayer - -Description: genprotimg/check_hostkeydoc: cert. verification is too strict -Symptom: Verification failures will occur for newer host key documents -Problem: The certificate verification of check_hostkeydoc is too strict - and doesn't match the checking performed by genprotimg. This - applies to the OU field in the issuer DN of the host key - document. As a consequence verification failures will occur for - host key documents issued for hardware generations newer than - IBM z15. - - DigiCert is the CA issuing the signing certificate for Secure - Execution host key documents. This certificate is used for the - verification of the host key document validity. Recently, - DigiCert has changed the root CA certificate used for issuance - of the signing certificates. As genprotimg is checking the CA - serial, the verification of the chain of trust will fail. As a - workaround, it is possible to disable certificate verification, - but this is not recommended because it makes it easier to - provide a fake host key document. Since the previously issued - host key documents are expiring in April 2022, it is necessary - to fix genprotimg to accept the newly issued host key - documents. -Solution: Relax the certificate verification -Reproduction: Use a new host key document -Upstream-ID: 78b053326c504c0535b5ec1c244ad7bb5a1df29d -Problem-ID: 197604 - -Upstream-Description: - - genprotimg: remove DigiCert root CA pinning - - Remove the DigiCert root CA pinning. The root CA used for the chain of trust can - change in the future therefore let's remove this check. If someone wants to - enforce the usage of a specific root CA it can be selected by the genprotimg - command line option `--root-ca $CA`. Make it transparent to the user which root - CA is actually being used by printing the subject name of the root CA to stdout - in verbose mode. - - Signed-off-by: Marc Hartmayer - Acked-by: Viktor Mihajlovski - Reviewed-and-tested-by: Nico Boehr - Signed-off-by: Jan Hoeppner - - -Signed-off-by: Marc Hartmayer -Index: s390-tools-service/genprotimg/man/genprotimg.8 -=================================================================== ---- s390-tools-service.orig/genprotimg/man/genprotimg.8 -+++ s390-tools-service/genprotimg/man/genprotimg.8 -@@ -87,7 +87,7 @@ CRLs. Optional. - .TP - \fB\-\-root\-ca\fR=\fI\,FILE\/\fR - Specifies the root CA certificate for the verification. If omitted, --the DigiCert root CA certificate installed on the system is used. Use -+the system wide root CAs installed on the system is used. Use - this only if you trust the specified certificate. Optional. - .TP - \fB\-\-no-verify\fR -Index: s390-tools-service/genprotimg/src/include/pv_crypto_def.h -=================================================================== ---- s390-tools-service.orig/genprotimg/src/include/pv_crypto_def.h -+++ s390-tools-service/genprotimg/src/include/pv_crypto_def.h -@@ -29,9 +29,6 @@ - */ - #define PV_CERTS_SECURITY_LEVEL 2 - --/* SKID for DigiCert Assured ID Root CA */ --#define DIGICERT_ASSURED_ID_ROOT_CA_SKID "45EBA2AFF492CB82312D518BA7A7219DF36DC80F" -- - union ecdh_pub_key { - struct { - uint8_t x[80]; -Index: s390-tools-service/genprotimg/src/pv/pv_args.c -=================================================================== ---- s390-tools-service.orig/genprotimg/src/pv/pv_args.c -+++ s390-tools-service/genprotimg/src/pv/pv_args.c -@@ -111,7 +111,7 @@ static gint pv_args_validate_options(PvA - g_strv_length(args->untrusted_cert_paths) == 0)) { - g_set_error( - err, PV_PARSE_ERROR, PR_PARSE_ERROR_MISSING_ARGUMENT, -- _("Either specify the IBM Z signing key and (DigiCert) intermediate CA certificate\n" -+ _("Either specify the IBM Z signing key and intermediate CA certificate\n" - "by using the '--cert' option, or use the '--no-verify' flag to disable the\n" - "host-key document verification completely (at your own risk).")); - return -1; -Index: s390-tools-service/genprotimg/src/pv/pv_image.c -=================================================================== ---- s390-tools-service.orig/genprotimg/src/pv/pv_image.c -+++ s390-tools-service/genprotimg/src/pv/pv_image.c -@@ -304,9 +304,10 @@ static gint pv_img_hostkey_verify(GSList - } - - /* Load all untrusted certificates (e.g. IBM Z signing key and -- * DigiCert intermediate CA) that are required to establish a chain of -- * trust starting from the host-key document up to the root CA (if not -- * otherwise specified that's the DigiCert Assured ID Root CA). -+ * intermediate CA) that are required to establish a chain of trust -+ * starting from the host-key document up to the root CA (if not -+ * otherwise specified that can be one of the system wide installed -+ * root CAs, e.g. DigiCert). - */ - untrusted_certs_with_path = load_certificates(untrusted_cert_paths, err); - if (!untrusted_certs_with_path) -@@ -341,9 +342,8 @@ static gint pv_img_hostkey_verify(GSList - * For this we must check: - * - * 1. Can a chain of trust be established ending in a root CA -- * 2. Is the correct root CA ued? It has either to be the -- * 'DigiCert Assured ID Root CA' or the root CA specified via -- * command line. -+ * 2. Is the correct root CA used? It has either to be a system CA -+ * or the root CA specified via command line. - */ - for (gint i = 0; i < sk_X509_num(ibm_signing_certs); ++i) { - X509 *ibm_signing_cert = sk_X509_value(ibm_signing_certs, i); -@@ -364,17 +364,12 @@ static gint pv_img_hostkey_verify(GSList - if (verify_cert(ibm_signing_cert, ctx, err) < 0) - goto error; - -- /* Verify the build chain of trust chain. If the user passes a -- * trusted root CA on the command line then the check for the -- * Subject Key Identifier (SKID) is skipped, otherwise let's -- * check if the SKID meets our expectation. -+ /* If there is a chain of trust using either the provided root -+ * CA on the command line or a system wide trusted root CA. - */ -- if (!root_ca_path && -- check_chain_parameters(X509_STORE_CTX_get0_chain(ctx), -- get_digicert_assured_id_root_ca_skid(), -- err) < 0) { -+ if (check_chain_parameters(X509_STORE_CTX_get0_chain(ctx), -+ err) < 0) - goto error; -- } - - ibm_signing_crls = store_ctx_find_valid_crls(ctx, ibm_signing_cert, err); - if (!ibm_signing_crls) { -@@ -588,7 +583,7 @@ PvImage *pv_img_new(PvArgs *args, const - g_warning(_("host-key document verification is disabled. Your workload is not secured.")); - - if (args->root_ca_path) -- g_warning(_("A different root CA than the default DigiCert root CA is selected. Ensure that this root CA is trusted.")); -+ g_warning(_("The root CA is selected through the command line. Ensure that this root CA is trusted.")); - - ret->comps = pv_img_comps_new(EVP_sha512(), EVP_sha512(), EVP_sha512(), err); - if (!ret->comps) -Index: s390-tools-service/genprotimg/src/utils/crypto.c -=================================================================== ---- s390-tools-service.orig/genprotimg/src/utils/crypto.c -+++ s390-tools-service/genprotimg/src/utils/crypto.c -@@ -1079,8 +1079,8 @@ int store_set_verify_param(X509_STORE *s - g_abort(); - - /* The maximum depth level of the chain of trust for the verification of -- * the IBM Z signing key is 2, i.e. IBM Z signing key -> (DigiCert) -- * intermediate CA -> (DigiCert) root CA -+ * the IBM Z signing key is 2, i.e. IBM Z signing key -> intermediate CA -+ * -> root CA - */ - X509_VERIFY_PARAM_set_depth(param, 2); - -@@ -1267,46 +1267,38 @@ static int security_level_to_bits(int le - return security_bits[level]; - } - --static ASN1_OCTET_STRING *digicert_assured_id_root_ca; -- --const ASN1_OCTET_STRING *get_digicert_assured_id_root_ca_skid(void) --{ -- pv_crypto_init(); -- return digicert_assured_id_root_ca; --} -- - /* Used for the caching of the downloaded CRLs */ - static GHashTable *cached_crls; - - void pv_crypto_init(void) - { -- if (digicert_assured_id_root_ca) -+ if (cached_crls) - return; -- - cached_crls = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, - (GDestroyNotify)X509_CRL_free); -- digicert_assured_id_root_ca = s2i_ASN1_OCTET_STRING( -- NULL, NULL, DIGICERT_ASSURED_ID_ROOT_CA_SKID); - } - - void pv_crypto_cleanup(void) - { -- if (!digicert_assured_id_root_ca) -+ if (!cached_crls) - return; - g_clear_pointer(&cached_crls, g_hash_table_destroy); -- g_clear_pointer(&digicert_assured_id_root_ca, ASN1_OCTET_STRING_free); - } - - gint check_chain_parameters(const STACK_OF_X509 *chain, -- const ASN1_OCTET_STRING *skid, GError **err) -+ GError **err) - { -- const ASN1_OCTET_STRING *ca_skid = NULL; -+ const X509_NAME *ca_x509_subject = NULL; -+ g_autofree gchar *ca_subject = NULL; - gint len = sk_X509_num(chain); - X509 *ca = NULL; - -- g_assert(skid); - /* at least one root and one leaf certificate must be defined */ -- g_assert(len >= 2); -+ if (len < 2) { -+ g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_INTERNAL, -+ _("there must be at least on root and one leaf certificate in the chain of trust")); -+ return -1; -+ } - - /* get the root certificate of the chain of trust */ - ca = sk_X509_value(chain, len - 1); -@@ -1316,19 +1308,21 @@ gint check_chain_parameters(const STACK_ - return -1; - } - -- ca_skid = X509_get0_subject_key_id(ca); -- if (!ca_skid) { -- g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_MALFORMED_ROOT_CA, -- _("malformed root certificate")); -+ ca_x509_subject = X509_get_subject_name(ca); -+ if (!ca_x509_subject) { -+ g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_INTERNAL, -+ _("subject of the root CA cannot be retrieved")); - return -1; - } - -- if (ASN1_STRING_cmp(ca_skid, skid) != 0) { -- g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_WRONG_CA_USED, -- _("expecting DigiCert root CA to be used")); -+ ca_subject = X509_NAME_oneline(ca_x509_subject, NULL, 0); -+ if (!ca_subject) { -+ g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_INTERNAL, -+ _("subject name of the root CA cannot be retrieved")); - return -1; - } - -+ g_info("Root CA used: '%s'", ca_subject); - return 0; - } - -Index: s390-tools-service/genprotimg/src/utils/crypto.h -=================================================================== ---- s390-tools-service.orig/genprotimg/src/utils/crypto.h -+++ s390-tools-service/genprotimg/src/utils/crypto.h -@@ -125,7 +125,6 @@ int check_crl_valid_for_cert(X509_CRL *c - gint verify_flags, GError **err); - void pv_crypto_init(void); - void pv_crypto_cleanup(void); --const ASN1_OCTET_STRING *get_digicert_assured_id_root_ca_skid(void); - gint verify_host_key(X509 *host_key, GSList *issuer_pairs, - gint verify_flags, int level, GError **err); - X509 *load_cert_from_file(const char *path, GError **err); -@@ -138,8 +137,7 @@ X509_STORE *store_setup(const gchar *roo - int store_set_verify_param(X509_STORE *store, GError **err); - X509_CRL *load_crl_by_cert(X509 *cert, GError **err); - STACK_OF_X509_CRL *try_load_crls_by_certs(GSList *certs_with_path); --gint check_chain_parameters(const STACK_OF_X509 *chain, -- const ASN1_OCTET_STRING *skid, GError **err); -+gint check_chain_parameters(const STACK_OF_X509 *chain, GError **err); - X509_NAME *c2b_name(const X509_NAME *name); - - STACK_OF_X509 *delete_ibm_signing_certs(STACK_OF_X509 *certs); diff --git a/s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch b/s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch deleted file mode 100644 index 22dcd26..0000000 --- a/s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch +++ /dev/null @@ -1,102 +0,0 @@ -Subject: [PATCH] [BZ 197604] genprotimg/check_hostkeydoc: relax default issuer check -From: Marc Hartmayer - -Description: genprotimg/check_hostkeydoc: cert. verification is too strict -Symptom: Verification failures will occur for newer host key documents -Problem: The certificate verification of check_hostkeydoc is too strict - and doesn't match the checking performed by genprotimg. This - applies to the OU field in the issuer DN of the host key - document. As a consequence verification failures will occur for - host key documents issued for hardware generations newer than - IBM z15. - - DigiCert is the CA issuing the signing certificate for Secure - Execution host key documents. This certificate is used for the - verification of the host key document validity. Recently, - DigiCert has changed the root CA certificate used for issuance - of the signing certificates. As genprotimg is checking the CA - serial, the verification of the chain of trust will fail. As a - workaround, it is possible to disable certificate verification, - but this is not recommended because it makes it easier to - provide a fake host key document. Since the previously issued - host key documents are expiring in April 2022, it is necessary - to fix genprotimg to accept the newly issued host key - documents. -Solution: Relax the certificate verification -Reproduction: Use a new host key document -Upstream-ID: 673ff375d939d3cde674f8f99a62d456f8b1673d -Problem-ID: 197604 - -Upstream-Description: - - genprotimg/check_hostkeydoc: relax default issuer check - - While the original default issuer's organizationalUnitName (OU) - was defined as "IBM Z Host Key Signing Service", any OU ending - with "Key Signing Service" is considered legal. - - Let's relax the default issuer check by stripping off characters - preceding "Key Signing Service". - - Signed-off-by: Viktor Mihajlovski - Reviewed-by: Marc Hartmayer - Signed-off-by: Jan Hoeppner - - -Signed-off-by: Marc Hartmayer -Index: s390-tools-service/genprotimg/samples/check_hostkeydoc -=================================================================== ---- s390-tools-service.orig/genprotimg/samples/check_hostkeydoc -+++ s390-tools-service/genprotimg/samples/check_hostkeydoc -@@ -23,6 +23,7 @@ BODY_FILE=$(mktemp) - ISSUER_DN_FILE=$(mktemp) - SUBJECT_DN_FILE=$(mktemp) - DEF_ISSUER_DN_FILE=$(mktemp) -+CANONICAL_ISSUER_DN_FILE=$(mktemp) - CRL_SERIAL_FILE=$(mktemp) - - # Cleanup on exit -@@ -30,7 +31,7 @@ cleanup() - { - rm -f $ISSUER_PUBKEY_FILE $SIGNATURE_FILE $BODY_FILE \ - $ISSUER_DN_FILE $SUBJECT_DN_FILE $DEF_ISSUER_DN_FILE \ -- $CRL_SERIAL_FILE -+ $CANONICAL_ISSUER_DN_FILE $CRL_SERIAL_FILE - } - trap cleanup EXIT - -@@ -121,20 +122,31 @@ default_issuer() - commonName = International Business Machines Corporation - countryName = US - localityName = Poughkeepsie -- organizationalUnitName = IBM Z Host Key Signing Service -+ organizationalUnitName = Key Signing Service - organizationName = International Business Machines Corporation - stateOrProvinceName = New York - EOF - } - --verify_issuer_files() -+# As organizationalUnitName can have an arbitrary prefix but must -+# end with "Key Signing Service" let's normalize the OU name by -+# stripping off the prefix -+verify_default_issuer() - { - default_issuer > $DEF_ISSUER_DN_FILE - -- if ! diff $ISSUER_DN_FILE $DEF_ISSUER_DN_FILE -+ sed "s/\(^[ ]*organizationalUnitName[ ]*=[ ]*\).*\(Key Signing Service$\)/\1\2/" \ -+ $ISSUER_DN_FILE > $CANONICAL_ISSUER_DN_FILE -+ -+ if ! diff $CANONICAL_ISSUER_DN_FILE $DEF_ISSUER_DN_FILE - then - echo Incorrect default issuer >&2 && exit 1 - fi -+} -+ -+verify_issuer_files() -+{ -+ verify_default_issuer - - if diff $ISSUER_DN_FILE $SUBJECT_DN_FILE - then diff --git a/s390-tools-sles15sp4-chreipl-fcp-mpath-don-t-compress-the-manpage-before-.patch b/s390-tools-sles15sp4-chreipl-fcp-mpath-don-t-compress-the-manpage-before-.patch deleted file mode 100644 index 6594bc2..0000000 --- a/s390-tools-sles15sp4-chreipl-fcp-mpath-don-t-compress-the-manpage-before-.patch +++ /dev/null @@ -1,116 +0,0 @@ -From 1bbd34e500980b9ea2514776bb2dbd745247e651 Mon Sep 17 00:00:00 2001 -From: Benjamin Block -Date: Fri, 12 Nov 2021 13:34:22 +0100 -Subject: [PATCH] chreipl-fcp-mpath: don't compress the manpage before - installing it -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Remove the call to `gzip` before installing the manpage during the -`make install` call. What and if compression is done should be handled by -the distribution tooling. - -This also removes a dependency for the build process. - -Reviewed-by: Steffen Maier -Signed-off-by: Benjamin Block -Signed-off-by: Jan Höppner ---- - CHANGELOG.md | 1 + - README.md | 2 +- - chreipl-fcp-mpath/.gitignore | 1 - - chreipl-fcp-mpath/Makefile | 11 +---------- - chreipl-fcp-mpath/README.md | 5 ++--- - 5 files changed, 5 insertions(+), 15 deletions(-) - -diff --git a/CHANGELOG.md b/CHANGELOG.md -index 94817e1..8cac1cb 100644 ---- a/CHANGELOG.md -+++ b/CHANGELOG.md -@@ -12,6 +12,7 @@ - - dbginfo.sh: Add retry timeout and remove possible blocking "blockdev --report" - - dbginfo.sh: Collect config- and debug-data for chreipl-fcp-mpath - - hsci: Add support for multiple MAC addresses -+ - chreipl-fcp-mpath: don't compress the manpage before installing it - - Bug Fixes: - - lshwc: Fix compile error for gcc <8.1 -diff --git a/README.md b/README.md -index eb5c81f..62e4c11 100644 ---- a/README.md -+++ b/README.md -@@ -479,4 +479,4 @@ the different tools are provided: - util-linux, udev, and multipath-tools. When using `HAVE_DRACUT=1` with the - make invocation, it also requires dracut. When using `ENABLE_DOC=1` with the - make invocation to build a man page and render the README.md as HTML, make -- further requires pandoc, GNU awk, and GNU Gzip for the build process. -+ further requires pandoc and GNU awk for the build process. -diff --git a/chreipl-fcp-mpath/.gitignore b/chreipl-fcp-mpath/.gitignore -index 4611195..ecd49ee 100644 ---- a/chreipl-fcp-mpath/.gitignore -+++ b/chreipl-fcp-mpath/.gitignore -@@ -10,4 +10,3 @@ - /README.pdf - /chreipl-fcp-mpath.md - /chreipl-fcp-mpath.7 --/chreipl-fcp-mpath.7.gz -diff --git a/chreipl-fcp-mpath/Makefile b/chreipl-fcp-mpath/Makefile -index 80cab7f..9b4aae0 100644 ---- a/chreipl-fcp-mpath/Makefile -+++ b/chreipl-fcp-mpath/Makefile -@@ -12,8 +12,6 @@ - # bash: - # - bash - # If $(ENABLE_DOC) is `1`: --# GNU Gzip: --# - gzip - # GNU awk: - # - gawk - -@@ -186,18 +184,11 @@ INSTDIRS += $(MANDIR) - .PHONY: chreipl-fcp-mpath-install-man-page - chreipl-fcp-mpath-install-man-page: | $(DESTDIR)$(MANDIR)/man7 - chreipl-fcp-mpath-install-man-page: chreipl-fcp-mpath.7 -- $(GZIP) -fk --best chreipl-fcp-mpath.7 - $(INSTALL_DATA) -t $(DESTDIR)$(MANDIR)/man7 \ -- chreipl-fcp-mpath.7.gz -+ chreipl-fcp-mpath.7 - - chreipl-fcp-mpath-install: chreipl-fcp-mpath-install-man-page - --.PHONY: chreipl-fcp-mpath-install-man-page-clean --chreipl-fcp-mpath-install-man-page-clean: -- rm -f chreipl-fcp-mpath.7.gz -- --chreipl-fcp-mpath-clean: chreipl-fcp-mpath-install-man-page-clean -- - endif - - # -diff --git a/chreipl-fcp-mpath/README.md b/chreipl-fcp-mpath/README.md -index 3943f73..d58ccd2 100644 ---- a/chreipl-fcp-mpath/README.md -+++ b/chreipl-fcp-mpath/README.md -@@ -131,8 +131,7 @@ To build and install the documentation (man page) you need: - - - pandoc; - - GNU Core Utilities (date); -- - GNU awk; -- - GNU Gzip. -+ - GNU awk. - - INSTALLATION - ============ -@@ -207,7 +206,7 @@ files to these default locations: - /usr/lib/udev/chreipl-fcp-mpath-record-volume-identifier - /usr/lib/udev/chreipl-fcp-mpath-try-change-ipl-path - /usr/lib/udev/rules.d/70-chreipl-fcp-mpath.rules -- /usr/share/man/man7/chreipl-fcp-mpath.7.gz -+ /usr/share/man/man7/chreipl-fcp-mpath.7 - - UNINSTALL - ========= --- -2.26.2 - diff --git a/s390-tools-sles15sp4-chreipl-fcp-mpath-remove-shebang-from-chreipl-fcp-mp.patch b/s390-tools-sles15sp4-chreipl-fcp-mpath-remove-shebang-from-chreipl-fcp-mp.patch deleted file mode 100644 index a25a837..0000000 --- a/s390-tools-sles15sp4-chreipl-fcp-mpath-remove-shebang-from-chreipl-fcp-mp.patch +++ /dev/null @@ -1,36 +0,0 @@ -From c2f8988444d0ed8274256c1990bb7f8866c265e2 Mon Sep 17 00:00:00 2001 -From: Benjamin Block -Date: Fri, 12 Nov 2021 12:38:10 +0100 -Subject: [PATCH] chreipl-fcp-mpath: remove shebang from - chreipl-fcp-mpath-common.sh.in -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -`chreipl-fcp-mpath-common.sh.in` is never executed, only used as argument -for `source` in the udev helper scripts, so the shebang is unnecessary, and -might be confusing. - -Also, tools like `rpmlint` from the rpm software management will complain -about this; e.g.: - s390-tools-chreipl-fcp-mpath.s390x: W: non-executable-script /usr/lib/chreipl-fcp-mpath/chreipl-fcp-mpath-common.sh 644 /bin/bash - -Reviewed-by: Steffen Maier -Signed-off-by: Benjamin Block -Signed-off-by: Jan Höppner ---- - chreipl-fcp-mpath/chreipl-fcp-mpath-common.sh.in | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/chreipl-fcp-mpath/chreipl-fcp-mpath-common.sh.in b/chreipl-fcp-mpath/chreipl-fcp-mpath-common.sh.in -index 83c4361..0a54322 100644 ---- a/chreipl-fcp-mpath/chreipl-fcp-mpath-common.sh.in -+++ b/chreipl-fcp-mpath/chreipl-fcp-mpath-common.sh.in -@@ -1,4 +1,3 @@ --#!/bin/bash - # SPDX-License-Identifier: MIT - # - # chreipl-fcp-mpath: use multipath information to change FCP IPL target --- -2.26.2 - diff --git a/s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch b/s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch deleted file mode 100644 index 1cbb06a..0000000 --- a/s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 9e620058184cfdf026241b953bfbb095256198a0 Mon Sep 17 00:00:00 2001 -From: Marc Hartmayer -Date: Tue, 26 Apr 2022 09:22:10 +0000 -Subject: [PATCH] genprotimg/boot: disable `-Warray-bounds` for now -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This work around fixes the gcc-12 false positive by disabling `Warray-bounds`: - - CC genprotimg/boot/stage3a.o - In file included from stage3a.c:14: - In function ‘__test_facility’, - inlined from ‘test_facility’ at ../../include/boot/s390.h:428:9, - inlined from ‘start’ at stage3a.c:42:7: - ../../include/boot/s390.h:418:17: error: array subscript 0 is outside array bounds of ‘void[0]’ [-Werror=array-bounds] - 418 | return (*ptr & (0x80 >> (nr & 7))) != 0; - | ^~~~ - -Unfortunately, there is currently no better fix available that doesn't result -in larger boot loader code sizes. Given the importancy of the boot loader file -sizes the other fixes aren't acceptable. The Linux kernel shares the -problem (but for performance reasons), take a look at the discussion -https://lore.kernel.org/lkml/yt9dzgkelelc.fsf@linux.ibm.com/ for details. - -Fixes: https://github.com/ibm-s390-linux/s390-tools/issues/130 -Signed-off-by: Marc Hartmayer -Reviewed-by: Jan Höppner -Signed-off-by: Jan Höppner ---- - genprotimg/boot/Makefile | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/genprotimg/boot/Makefile b/genprotimg/boot/Makefile -index f957a70..95bd6cc 100644 ---- a/genprotimg/boot/Makefile -+++ b/genprotimg/boot/Makefile -@@ -15,7 +15,8 @@ ALL_CFLAGS := $(NO_PIE_CFLAGS) -Os -g \ - -fno-delete-null-pointer-checks -fno-stack-protector \ - -fexec-charset=IBM1047 -m64 -mpacked-stack \ - -mstack-size=4096 -mstack-guard=128 -msoft-float \ -- -Wall -Wformat-security -Wextra -Werror -+ -Wall -Wformat-security -Wextra -Werror \ -+ -Wno-array-bounds - - FILES := stage3a.bin stage3b.bin stage3b_reloc.bin - --- -2.35.3 - diff --git a/s390-tools-sles15sp4-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch b/s390-tools-sles15sp4-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch deleted file mode 100644 index 78dbb0a..0000000 --- a/s390-tools-sles15sp4-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch +++ /dev/null @@ -1,94 +0,0 @@ -Subject: [PATCH] [BZ 198268] libseckey: Adapt keymgmt_match() implementation to OpenSSL -From: Ingo Franzki - -Description: zkey: KMIP plugin fails to connection to KMIP server -Symptom: When a zkey key repository is bound to the KMIP plugin, and the - connection to the KMIP server is to be configired using command - 'zkey kms configure --kmip-server ', it fails to connect - to the specified KMIP server. -Problem: When trying to establish a TSL connection to the KMIP server, - the KMIP client sets up an OpenSSL SSL context with its - certificate and its private key (which is a secure key) using - OpenSSL function SSL_CTX_use_PrivateKey(). When running with - OpenSSL 3.0, This calls the secure key provider's match - function to check if the private key specified matches the - public key of the certificate using EVP_PKEY_eq(). EVP_PKEY_eq() - includes the private key into the selector bits for the match - call, although the certificate only contains the public key - part. - OpenSSL commit ee22a3741e3fc27c981e7f7e9bcb8d3342b0c65a changed - the OpenSSL provider's keymgmt_match() function to be not so - strict with the selector bits in regards to matching different - key parts. - This means, that if the public key is selected to be matched, - and the public key matches (together with any also selected - parameters), then the private key is no longer checked, although - it may also be selected to be matched. This is according to how - the OpenSSL function EVP_PKEY_eq() is supposed to behave. -Solution: Adapt the secure key provider's match function to behave like - the match functions of the providers coming with OpenSSL. -Reproduction: Configure a connection to a KMIP server on a system that comes - with OpenSSL 3.0. -Upstream-ID: 6c5c5f7e558c114ddaa475e96c9ec708049aa423 -Problem-ID: 198268 - -Upstream-Description: - - libseckey: Adapt keymgmt_match() implementation to OpenSSL - - OpenSSL commit ee22a3741e3fc27c981e7f7e9bcb8d3342b0c65a changed the - OpenSSL provider's keymgmt_match() function to be not so strict with - the selector bits in regards to matching different key parts. - - Adapt the secure key provider's match function accordingly. - This means, that if the public key is selected to be matched, and - the public key matches (together with any also selected parameters), - then the private key is no longer checked, although it may also be - selected to be matched. This is according to how the OpenSSL function - EVP_PKEY_eq() is supposed to behave. - - OpenSSL function SSL_CTX_use_PrivateKey() calls the providers match - function to check if the private key specified matches the public key - of the certificate using EVP_PKEY_eq(). EVP_PKEY_eq() includes the - private key into the selector bits here, although the certificate - only contains the public key part. - - Signed-off-by: Ingo Franzki - Signed-off-by: Jan Hoeppner - - -Signed-off-by: Ingo Franzki ---- - libseckey/sk_provider.c | 18 ++++++++++++++---- - 1 file changed, 14 insertions(+), 4 deletions(-) - ---- a/libseckey/sk_provider.c -+++ b/libseckey/sk_provider.c -@@ -2216,13 +2216,23 @@ static int sk_prov_keymgmt_match(const s - - if (key1->type != key2->type) - return 0; -+ -+ if (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) { -+ /* match everything except private key */ -+ return default_match_fn(key1->default_key, key2->default_key, -+ selection & -+ (~OSSL_KEYMGMT_SELECT_PRIVATE_KEY)); -+ } -+ - if (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) { - if (key1->secure_key_size != key2->secure_key_size) - return 0; -- if (key1->secure_key_size > 0 && -- memcmp(key1->secure_key, key2->secure_key, -- key1->secure_key_size) != 0) -- return 0; -+ if (key1->secure_key_size > 0) { -+ if (memcmp(key1->secure_key, key2->secure_key, -+ key1->secure_key_size) != 0) -+ return 0; -+ selection &= (~OSSL_KEYMGMT_SELECT_PRIVATE_KEY); -+ } - } - - return default_match_fn(key1->default_key, key2->default_key, diff --git a/s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch b/s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch deleted file mode 100644 index 7b328eb..0000000 --- a/s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch +++ /dev/null @@ -1,103 +0,0 @@ -Subject: [PATCH] [BZ 197605] libseckey: Fix re-enciphering of EP11 secure key -From: Ingo Franzki - -Description: zkey: Fix re-enciphering of EP11 identity key of KMIP plugin -Symptom: When re-enciphering the identity key and/or wrapping key of the - zkey KMIP plugin via 'zkey kms reencipher', the operation - completes without an error, but the secure keys are left - un-reenciphered. A subsequent connection attempt with the KMIP - server will fail because the identity key is no longer valid. -Problem: The re-enciphered secure key is not copied back into the - key token buffer. Also, the the public key part, i.e. the MACed - SubjectPublicKeyInfo (SPKI) structure must also be re- - enciphered (i.e. re-MACed), since the MAC is calculated with - the EP11 master key. -Solution: Copy the re-enciphered secure key back into the key toke - buffer, and also re-encipher the public key part. -Reproduction: Perform a master key change on the EP11 APQNs used with the - KMIP plugin. -Upstream-ID: 4e2ebe0370d9fb036b7554d5ac5df4418dbe0397 -Problem-ID: 197605 - -Upstream-Description: - - libseckey: Fix re-enciphering of EP11 secure key - - The re-enciphering of EP11 asymmetric secure keys does not work. - First, the result of the re-encipher operation of the private key - part must be copied back into the user supplied key token buffer. - Second, the public key part, i.e. the MACed SubjectPublicKeyInfo - (SPKI) structure must also be re-enciphered (i.e. re-MACed), since - the MAC is calculated with the EP11 master key. - - Signed-off-by: Ingo Franzki - Signed-off-by: Jan Hoeppner - - -Signed-off-by: Ingo Franzki ---- - libseckey/sk_ep11.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 53 insertions(+) - ---- a/libseckey/sk_ep11.c -+++ b/libseckey/sk_ep11.c -@@ -1549,6 +1549,59 @@ int SK_EP11_reencipher_key(const struct - return -EIO; - } - -+ memcpy(blob, lrb.payload, lrb.pllen); -+ -+ /* re-encipher MACed SPKI */ -+ rb.domain = domain; -+ lrb.domain = domain; -+ -+ resp_len = sizeof(resp); -+ req_len = ep11.dll_xcpa_cmdblock(req, sizeof(req), XCP_ADM_REENCRYPT, -+ &rb, NULL, key_token + hdr->len, -+ key_token_length - hdr->len); -+ if (req_len < 0) { -+ sk_debug(debug, "Failed to build XCP command block"); -+ return -EIO; -+ } -+ -+ rv = ep11.dll_m_admin(resp, &resp_len, NULL, NULL, req, req_len, NULL, -+ 0, ep11_lib->target); -+ if (rv != CKR_OK || resp_len == 0) { -+ sk_debug(debug, "Command XCP_ADM_REENCRYPT failed. " -+ "rc = 0x%lx, resp_len = %ld", rv, resp_len); -+ return -EIO; -+ } -+ -+ rc = ep11.dll_xcpa_internal_rv(resp, resp_len, &lrb, &rv); -+ if (rc != 0) { -+ sk_debug(debug, "Failed to parse response. rc = %d", rc); -+ return -EIO; -+ } -+ -+ if (rv != CKR_OK) { -+ sk_debug(debug, "Failed to re-encrypt the EP11 secure key. " -+ "rc = 0x%lx", rv); -+ switch (rv) { -+ case CKR_IBM_WKID_MISMATCH: -+ sk_debug(debug, "The EP11 secure key is currently " -+ "encrypted under a different master that does " -+ "not match the master key in the CURRENT " -+ "master key register of APQN %02X.%04X", -+ card, domain); -+ break; -+ } -+ return -EIO; -+ } -+ -+ if (key_token_length - hdr->len != lrb.pllen) { -+ sk_debug(debug, "Re-encrypted EP11 secure key size has " -+ "changed: org-len: %lu, new-len: %lu", -+ hdr->len - sizeof(*hdr), lrb.pllen); -+ return -EIO; -+ } -+ -+ memcpy(key_token + hdr->len, lrb.payload, lrb.pllen); -+ - return 0; - } - diff --git a/s390-tools-sles15sp4-zdev-Fix-path-resolution-for-multi-mount-point-file-.patch b/s390-tools-sles15sp4-zdev-Fix-path-resolution-for-multi-mount-point-file-.patch deleted file mode 100644 index afde233..0000000 --- a/s390-tools-sles15sp4-zdev-Fix-path-resolution-for-multi-mount-point-file-.patch +++ /dev/null @@ -1,169 +0,0 @@ -Subject: [PATCH] [BZ 196440] zdev: Fix path resolution for multi-mount point file systems -From: Peter Oberparleiter - -Description: zdev: Fix path resolution for multi-mount point file systems -Symptom: Path resolution fails when a device provides multiple mount - points such as, for example, when using btrfs subvolumes, or - when mounting the same file system at multiple mount points. -Problem: The failure is caused by zdev relying on the MOUNTPOINT - attribute of lsblk's output which only contains a single - mount point. -Solution: Fix this by making use of lsblk's MOUNTPOINTS attribute that - contains the full list of mount points. -Reproduction: chzdev -f -e : In this case, if - the rootfs is soread across multiple devices, zdev adds only the - first device in to the initrd and the system does not boot. -Upstream-ID: 1faa5d2957eb82ab235778959d70a38062b7aa7d -Problem-ID: 196440 - -Upstream-Description: - - zdev: Fix path resolution for multi-mount point file systems - - zdev provides path resolution logic to determine which z-specific - devices contribute to the file system mounted at a specific mount point. - This logic is used by command-line option --by-path, but also to - determine the list of devices needed to enable the root file system. - - Path resolution fails when a device provides multiple mount points such - as, for example, when using btrfs subvolumes, or when mounting the same - file system at multiple mount points. The failure is caused by zdev - relying on the MOUNTPOINT attribute of lsblk's output which only - contains a single mount point. - - Fix this by making use of lsblk's MOUNTPOINTS attribute that contains - the full list of mount points. Note that MOUNTPOINTS was only introduced - with util-linux v2.37, therefore a fall-back to the old format is - needed. - - Fixes: https://github.com/ibm-s390-linux/s390-tools/issues/129 - Signed-off-by: Peter Oberparleiter - Reviewed-by: Jan Hoeppner - Reviewed-by: Vineeth Vijayan - Reviewed-by: Eduard Shishkin - Reported-by: Dan Horak - Signed-off-by: Jan Hoeppner - - -Signed-off-by: Peter Oberparleiter -Index: s390-tools-service/zdev/src/blkinfo.c -=================================================================== ---- s390-tools-service.orig/zdev/src/blkinfo.c -+++ s390-tools-service/zdev/src/blkinfo.c -@@ -7,6 +7,7 @@ - * it under the terms of the MIT license. See LICENSE for details. - */ - -+#include - #include - #include - #include -@@ -16,6 +17,7 @@ - #include "misc.h" - - #define LSBLK_CMDLINE "lsblk -P -o NAME,MAJ:MIN,FSTYPE,UUID,MOUNTPOINT,PKNAME 2>/dev/null" -+#define LSBLK_CMDLINE2 "lsblk -P -o NAME,MAJ:MIN,FSTYPE,UUID,MOUNTPOINTS,PKNAME 2>/dev/null" - - struct blkinfo { - struct devnode *devnode; -@@ -82,6 +84,26 @@ void blkinfo_print(struct blkinfo *blkin - printf("%*sparent=%s\n", level, "", blkinfo->parent); - } - -+/* Convert each occurrence of '\xnn' in @str to character with hex code . */ -+static void hex_unescape(char *str) -+{ -+ unsigned int c; -+ -+ while ((str = strstr(str, "\\x"))) { -+ if (isxdigit(str[2]) && isxdigit(str[3]) && -+ sscanf(str + 2, "%2x", &c) == 1) { -+ str[0] = (char)c; -+ -+ /* Move remainder of str including nul behind . */ -+ memmove(str + /* */ 1, -+ str + /* '\xnn' */ 4, -+ strlen(str + 4) + /* */ 1); -+ } -+ -+ str++; -+ } -+} -+ - static char *isolate_keyword(char **line_ptr, const char *keyword) - { - char *start, *end; -@@ -102,9 +124,11 @@ static char *isolate_keyword(char **line - return start; - } - --static struct blkinfo *blkinfo_from_line(char *line) -+static void add_blkinfos_from_line(struct util_list *blkinfos, -+ char *line) - { -- char *name, *majmin, *fstype, *uuid, *mountpoint, *parent; -+ char *name, *majmin, *fstype, *uuid, *mountpoint, *mountpoints, *parent; -+ struct blkinfo *blkinfo; - - name = isolate_keyword(&line, "NAME=\""); - majmin = isolate_keyword(&line, "MAJ:MIN=\""); -@@ -113,21 +137,45 @@ static struct blkinfo *blkinfo_from_line - fstype = isolate_keyword(&line, "FSTYPE=\""); - uuid = isolate_keyword(&line, "UUID=\""); - mountpoint = isolate_keyword(&line, "MOUNTPOINT=\""); -+ mountpoints = isolate_keyword(&line, "MOUNTPOINTS=\""); - parent = isolate_keyword(&line, "PKNAME=\""); - -- return blkinfo_new(name, majmin, fstype, uuid, mountpoint, parent); -+ if (!mountpoints) { -+ /* Handle old lsblk output format. */ -+ blkinfo = blkinfo_new(name, majmin, fstype, uuid, mountpoint, -+ parent); -+ ptrlist_add(blkinfos, blkinfo); -+ return; -+ } -+ -+ /* Restore newline mount point separator encoded as hex. */ -+ hex_unescape(mountpoints); -+ -+ /* Represent each mount point as a separate blkinfo to support -+ * resolution of multi-mount point file systems like btrfs -+ * subvolumes. */ -+ while ((mountpoint = strsep(&mountpoints, "\n"))) { -+ blkinfo = blkinfo_new(name, majmin, fstype, uuid, mountpoint, -+ parent); -+ ptrlist_add(blkinfos, blkinfo); -+ } - } - - static struct util_list *blkinfos_read(void) - { - char *output, *curr, *next; - struct util_list *blkinfos; -- struct blkinfo *blkinfo; - - if (cached_blkinfos) - return cached_blkinfos; - -- output = misc_read_cmd_output(LSBLK_CMDLINE, 0, 1); -+ output = misc_read_cmd_output(LSBLK_CMDLINE2, 0, 1); -+ if (output && !*output) { -+ /* No output might indicate no support for new lsblk command- -+ * line format - fall back to old format. */ -+ free(output); -+ output = misc_read_cmd_output(LSBLK_CMDLINE, 0, 1); -+ } - if (!output) - return NULL; - -@@ -136,9 +184,7 @@ static struct util_list *blkinfos_read(v - /* Iterate over each line. */ - next = output; - while ((curr = strsep(&next, "\n"))) { -- blkinfo = blkinfo_from_line(curr); -- if (blkinfo) -- ptrlist_add(blkinfos, blkinfo); -+ add_blkinfos_from_line(blkinfos, curr); - } - - free(output); diff --git a/s390-tools-sles15sp4-zdev-modify-the-lsblk-output-parser-in-lszdev.patch b/s390-tools-sles15sp4-zdev-modify-the-lsblk-output-parser-in-lszdev.patch deleted file mode 100644 index 5932192..0000000 --- a/s390-tools-sles15sp4-zdev-modify-the-lsblk-output-parser-in-lszdev.patch +++ /dev/null @@ -1,44 +0,0 @@ -Subject: [PATCH] [BZ 196072] zdev: modify the lsblk output parser in lszdev -From: Vineeth Vijayan - -Description: zdev: modify the lsblk output parser in lszdev -Symptom: lsblk parser function in lszdev not working -Problem: Version 2.37+ of util-linux modified the output - characters of lsblk,which breaks the parser function. -Solution: Align the parser function to support latest changes -Reproduction: execute lszdev --by-path / command -Upstream-ID: ad024c06e16ec4bba31d19fb848b42c67113143d -Problem-ID: 196072 - -Upstream-Description: - - zdev: modify the lsblk output parser in lszdev - - Since version 2.37.x, with the commit 58b510e58 ("libsmartcols: sanitize - variable names on export output"), util-linux changes the output - characters of lsblk, where the ":" is replaced with an "_". Align the - lsblk output parser function in lszdev as per this change. - - Signed-off-by: Vineeth Vijayan - Suggested-by: Peter Oberparleiter - Reported-by: Boris Fiuczynski - Reviewed-by: Peter Oberparleiter - Reviewed-by: Boris Fiuczynski - Tested-by: Boris Fiuczynski - Signed-off-by: Jan Hoeppner - - -Signed-off-by: Vineeth Vijayan -Index: s390-tools-service/zdev/src/blkinfo.c -=================================================================== ---- s390-tools-service.orig/zdev/src/blkinfo.c -+++ s390-tools-service/zdev/src/blkinfo.c -@@ -108,6 +108,8 @@ static struct blkinfo *blkinfo_from_line - - name = isolate_keyword(&line, "NAME=\""); - majmin = isolate_keyword(&line, "MAJ:MIN=\""); -+ if (!majmin) -+ majmin = isolate_keyword(&line, "MAJ_MIN=\""); - fstype = isolate_keyword(&line, "FSTYPE=\""); - uuid = isolate_keyword(&line, "UUID=\""); - mountpoint = isolate_keyword(&line, "MOUNTPOINT=\""); diff --git a/s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch b/s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch deleted file mode 100644 index 137a151..0000000 --- a/s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch +++ /dev/null @@ -1,70 +0,0 @@ -Subject: [PATCH] [BZ 197814] zdump/dfi: Fix segfault due to double free -From: Mikhail Zaslonko - -Description: zdump: segfault on zgetdump -i for multi-volume dump -Symptom: zgetdump --info may lead to the core dump when issued for - the device node (not a partition) right after installing - multi-volume dump tool (without taking actual dump). -Problem: Double free condition occurs on zg_close() call at the end of - the while loop in dfi_init() in scope of zgetdump processing. -Solution: Do not call zg_close() at the end of open_dump() function during - multi-volume dump initialization. -Reproduction: 1) Install multi-volume dump tool - 2) Run zgetdump -i using the device node of one of the dump - volumes as a parameter without taking actual dump. -Upstream-ID: c4e4b926b471da9c488a6468e6bd966512d1d14c -Problem-ID: 197814 - -Upstream-Description: - - zdump/dfi: Fix segfault due to double free - - The problem can happen when dfi_s390mv_init_gen() returns with an error - code to dfi_init() in dfi.c. - Double free condition occurs on zg_close() call at the end of the - while loop in dfi_init() if zg_close() has already been called for the - same file handle at the end of open_dump() function in scope of - dfi_s390mv_init_gen() processing. - This global file handle is not closed during init() call for any - other dump formats. Since it is not reopened/reused after open_dump() call - during multi-volume dump initialization, we should not close it at all. - - The problem can be reproduced in the following steps: - - 1) Install multi-volume dump tool - - # zipl -M mvdump.conf - Dump target: 2 partitions with a total size of 4732 MB. - Warning: All information on the following partitions will be lost! - /dev/dasdb2 - /dev/dasdb3 - Do you want to continue creating multi-volume dump partitions (y/n)?y - Done. - - 2) Run zgetdump -i using device (not partition) as a parameter without - taking actual dump. - - # zgetdump -i /dev/dasdb - free(): double free detected in tcache 2 - Aborted (core dumped) - - Signed-off-by: Mikhail Zaslonko - Reviewed-by: Alexander Egorenkov - Signed-off-by: Jan Hoeppner - - -Signed-off-by: Mikhail Zaslonko ---- - zdump/dfi_s390mv.c | 1 - - 1 file changed, 1 deletion(-) - ---- a/zdump/dfi_s390mv.c -+++ b/zdump/dfi_s390mv.c -@@ -556,7 +556,6 @@ static int open_dump(void) - } - if (mv_dumper_read() != 0) - return -ENODEV; -- zg_close(g.fh); - return 0; - } - diff --git a/s390-tools-sles15sp5-ap_tools-ap-check-use-new-mdevctl-install-location.patch b/s390-tools-sles15sp5-ap_tools-ap-check-use-new-mdevctl-install-location.patch new file mode 100644 index 0000000..fb88f3c --- /dev/null +++ b/s390-tools-sles15sp5-ap_tools-ap-check-use-new-mdevctl-install-location.patch @@ -0,0 +1,92 @@ +From 4b5937f142c7381e8cdad3ea3f55a4931a862488 Mon Sep 17 00:00:00 2001 +From: Matthew Rosato +Date: Tue, 15 Nov 2022 12:40:35 -0500 +Subject: [PATCH] ap_tools/ap-check: use new mdevctl install location +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +mdevctl has been updated to use /usr/lib/mdevctl/scripts.d/callouts/ +instead of /etc/mdevctl.d/scripts.d/callouts/. The /etc location +is considered deprecated, meaning mdevctl will also look at that +location for now but might eventually stop looking in /etc for +callout scripts. +Based on that, update the installation location for the ap-check +callout. However, because older versions of mdevctl will still +only look in /etc, let's also put a wrapper script in /etc for now +to provide backward compatibility, and plan to remove it at a +later time. + +Link: https://github.com/mdevctl/mdevctl/commit/df6bb57429ba7425e8b7901b0580ed7e616b6c4f +Fixes: https://github.com/ibm-s390-linux/s390-tools/issues/139 +Signed-off-by: Matthew Rosato +Reviewed-by: Jan Hoeppner +Reviewed-by: Boris Fiuczynski +Signed-off-by: Jan Höppner +--- + ap_tools/Makefile | 20 +++++++++++++++++--- + ap_tools/ap-check.sh | 15 +++++++++++++++ + 2 files changed, 32 insertions(+), 3 deletions(-) + create mode 100644 ap_tools/ap-check.sh + +diff --git a/ap_tools/Makefile b/ap_tools/Makefile +index 77fe4c3..a79624a 100644 +--- a/ap_tools/Makefile ++++ b/ap_tools/Makefile +@@ -1,8 +1,11 @@ + include ../common.mak + +-MDEVCTL_DIR = /etc/mdevctl.d/ +-MDEVCTL_SCRIPTS = /etc/mdevctl.d/scripts.d/ +-MDEVCTL_CALLOUTS = /etc/mdevctl.d/scripts.d/callouts/ ++MDEVCTL_DIR = /usr/lib/mdevctl/ ++MDEVCTL_SCRIPTS = /usr/lib/mdevctl/scripts.d/ ++MDEVCTL_CALLOUTS = /usr/lib/mdevctl/scripts.d/callouts/ ++MDEVCTL_DEP_DIR = /etc/mdevctl.d/ ++MDEVCTL_DEP_SCRIPTS = /etc/mdevctl.d/scripts.d/ ++MDEVCTL_DEP_CALLOUTS = /etc/mdevctl.d/scripts.d/callouts/ + + libs = $(rootdir)/libap/libap.a \ + $(rootdir)/libutil/libutil.a +@@ -32,6 +35,17 @@ install: all + fi; \ + $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 ap-check \ + $(DESTDIR)$(MDEVCTL_CALLOUTS) ++ @if [ ! -d $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS) ]; then \ ++ mkdir -p $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS); \ ++ chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_DIR); \ ++ chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_SCRIPTS); \ ++ chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS); \ ++ chmod 755 $(DESTDIR)$(MDEVCTL_DEP_DIR); \ ++ chmod 755 $(DESTDIR)$(MDEVCTL_DEP_SCRIPTS); \ ++ chmod 755 $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS); \ ++ fi; \ ++ $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 ap-check.sh \ ++ $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS) + endif + + clean: +diff --git a/ap_tools/ap-check.sh b/ap_tools/ap-check.sh +new file mode 100644 +index 0000000..d8a4e77 +--- /dev/null ++++ b/ap_tools/ap-check.sh +@@ -0,0 +1,15 @@ ++#!/bin/sh ++# ++# ap-check.sh - Wrapper script for 'ap-check' binary ++# ++# mdevctl has deprecated the /etc/mdevctl.d/scripts.d/callouts/ location in ++# newer releases. This wrapper ensures that mdevctl 1.2.0 and older can ++# still access 'ap-check' for now, and will be removed at a later time. ++# ++# Copyright 2022 IBM Corp. ++# ++# s390-tools is free software; you can redistribute it and/or modify ++# it under the terms of the MIT license. See LICENSE for details. ++# ++ ++[ -e /usr/lib/mdevctl/scripts.d/callouts/ap-check ] && /usr/lib/mdevctl/scripts.d/callouts/ap-check "$@" +-- +2.35.3 + diff --git a/s390-tools-sles15sp5-fix-chown-commands-syntax.patch b/s390-tools-sles15sp5-fix-chown-commands-syntax.patch new file mode 100644 index 0000000..8299b7f --- /dev/null +++ b/s390-tools-sles15sp5-fix-chown-commands-syntax.patch @@ -0,0 +1,143 @@ +--- s390-tools-2.24.0/ap_tools/Makefile 2022-11-09 11:11:48.000000000 -0500 ++++ s390-tools-2.24.0/ap_tools/Makefile 2022-12-01 15:33:30.953373912 -0500 +@@ -26,9 +26,9 @@ + install: all + @if [ ! -d $(DESTDIR)$(MDEVCTL_CALLOUTS) ]; then \ + mkdir -p $(DESTDIR)$(MDEVCTL_CALLOUTS); \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_DIR); \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_SCRIPTS); \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_CALLOUTS); \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(MDEVCTL_DIR); \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(MDEVCTL_SCRIPTS); \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(MDEVCTL_CALLOUTS); \ + chmod 755 $(DESTDIR)$(MDEVCTL_DIR); \ + chmod 755 $(DESTDIR)$(MDEVCTL_SCRIPTS); \ + chmod 755 $(DESTDIR)$(MDEVCTL_CALLOUTS); \ +@@ -37,9 +37,9 @@ + $(DESTDIR)$(MDEVCTL_CALLOUTS) + @if [ ! -d $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS) ]; then \ + mkdir -p $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS); \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_DIR); \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_SCRIPTS); \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS); \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_DIR); \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_SCRIPTS); \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS); \ + chmod 755 $(DESTDIR)$(MDEVCTL_DEP_DIR); \ + chmod 755 $(DESTDIR)$(MDEVCTL_DEP_SCRIPTS); \ + chmod 755 $(DESTDIR)$(MDEVCTL_DEP_CALLOUTS); \ +--- s390-tools-2.24.0/hmcdrvfs/Makefile2022-11-09 11:11:48.000000000 -0500 ++++ s390-tools-2.24.0/hmcdrvfs/Makefile 2022-12-01 15:33:42.825238489 -0500 +@@ -52,7 +52,7 @@ + cat $$i | \ + sed -e 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \ + >$(DESTDIR)$(USRSBINDIR)/$$i; \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(USRSBINDIR)/$$i; \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(USRSBINDIR)/$$i; \ + chmod 755 $(DESTDIR)$(USRSBINDIR)/$$i; \ + done + +--- s390-tools-2.24.0/hsci/Makefile 2022-11-09 11:11:48.000000000 -0500 ++++ s390-tools-2.24.0/hsci/Makefile 2022-12-01 15:33:53.029122092 -0500 +@@ -5,7 +5,7 @@ + install: hsci + $(SED) -e 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \ + < hsci >$(DESTDIR)$(BINDIR)/hsci; \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(BINDIR)/hsci; \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(BINDIR)/hsci; \ + chmod 755 $(DESTDIR)$(BINDIR)/hsci; \ + $(INSTALL) -d -m 755 $(DESTDIR)$(BINDIR) $(DESTDIR)$(MANDIR)/man8 + $(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 hsci.8 \ +--- s390-tools-2.24.0/ip_watcher/Makefile 2022-11-09 11:11:48.000000000 -0500 ++++ s390-tools-2.24.0/ip_watcher/Makefile 2022-12-01 15:34:09.116938576 -0500 +@@ -12,7 +12,7 @@ + install: ip_watcher.pl xcec-bridge start_hsnc.sh + $(SED) -e 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \ + < start_hsnc.sh >$(DESTDIR)$(USRSBINDIR)/start_hsnc.sh; \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(USRSBINDIR)/start_hsnc.sh; \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(USRSBINDIR)/start_hsnc.sh; \ + chmod 755 $(DESTDIR)$(USRSBINDIR)/start_hsnc.sh; \ + $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 ip_watcher.pl \ + $(DESTDIR)$(USRSBINDIR) +--- s390-tools-2.24.0/netboot/Makefile 2022-11-09 11:11:48.000000000 -0500 ++++ s390-tools-2.24.0/netboot/Makefile 2022-12-01 15:34:28.212720750 -0500 +@@ -15,13 +15,13 @@ + install-scripts: $(SCRIPTS) + @if [ ! -d $(DESTDIR)$(NETBOOT_SAMPLEDIR) ]; then \ + mkdir -p $(DESTDIR)$(NETBOOT_SAMPLEDIR); \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(NETBOOT_SAMPLEDIR); \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(NETBOOT_SAMPLEDIR); \ + chmod 755 $(DESTDIR)$(NETBOOT_SAMPLEDIR); \ + fi; \ + for i in $^; do \ + $(SED) -e 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \ + < $$i >$(DESTDIR)$(NETBOOT_SAMPLEDIR)/$$i; \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(NETBOOT_SAMPLEDIR)/$$i; \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(NETBOOT_SAMPLEDIR)/$$i; \ + chmod 755 $(DESTDIR)$(NETBOOT_SAMPLEDIR)/$$i; \ + done + +--- s390-tools-2.24.0/qethconf/Makefile 2022-11-09 11:11:48.000000000 -0500 ++++ s390-tools-2.24.0/qethconf/Makefile 2022-12-01 15:34:39.356593630 -0500 +@@ -5,7 +5,7 @@ + install: qethconf + $(SED) -e 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \ + < qethconf >$(DESTDIR)$(BINDIR)/qethconf; \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(BINDIR)/qethconf; \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(BINDIR)/qethconf; \ + chmod 755 $(DESTDIR)$(BINDIR)/qethconf; \ + $(INSTALL) -d -m 755 $(DESTDIR)$(BINDIR) $(DESTDIR)$(MANDIR)/man8 + $(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 qethconf.8 \ +--- s390-tools-2.24.0/zconf/Makefile 2022-11-09 11:11:48.000000000 -0500 ++++ s390-tools-2.24.0/zconf/Makefile 2022-12-01 15:36:10.583552975 -0500 +@@ -25,7 +25,7 @@ + cat $$i | \ + sed -e 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \ + >$(DESTDIR)$(BINDIR)/$$i; \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(BINDIR)/$$i; \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(BINDIR)/$$i; \ + chmod 755 $(DESTDIR)$(BINDIR)/$$i; \ + done + +@@ -34,15 +34,15 @@ + cat $$i | \ + sed -e 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \ + >$(DESTDIR)$(USRSBINDIR)/$$i; \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(USRSBINDIR)/$$i; \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(USRSBINDIR)/$$i; \ + chmod 755 $(DESTDIR)$(USRSBINDIR)/$$i; \ + done + + install-manpages: $(MANPAGES) + @if [ ! -d $(DESTDIR)$(MANDIR) ]; then \ + mkdir -p $(DESTDIR)$(MANDIR)/man8; \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(MANDIR); \ +- chown $(OWNER).$(GROUP) $(DESTDIR)$(MANDIR)/man8; \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(MANDIR); \ ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(MANDIR)/man8; \ + chmod 755 $(DESTDIR)$(MANDIR); \ + chmod 755 $(DESTDIR)$(MANDIR)/man8; \ + fi; \ +--- s390-tools-2.24.0/ziomon/Makefile 2022-11-09 11:11:48.000000000 -0500 ++++ s390-tools-2.24.0/ziomon/Makefile 2022-12-01 15:36:38.159238416 -0500 +@@ -43,17 +43,17 @@ + install: all + $(SED) -e 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \ + < ziomon > $(DESTDIR)$(USRSBINDIR)/ziomon; +- chown $(OWNER).$(GROUP) $(DESTDIR)$(USRSBINDIR)/ziomon; ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(USRSBINDIR)/ziomon; + chmod 755 $(DESTDIR)$(USRSBINDIR)/ziomon; + $(SED) -e \ + 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \ + < ziomon_fcpconf > $(DESTDIR)$(USRSBINDIR)/ziomon_fcpconf; +- chown $(OWNER).$(GROUP) $(DESTDIR)$(USRSBINDIR)/ziomon_fcpconf; ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(USRSBINDIR)/ziomon_fcpconf; + chmod 755 $(DESTDIR)$(USRSBINDIR)/ziomon_fcpconf; + $(SED) -e \ + 's/%S390_TOOLS_VERSION%/$(S390_TOOLS_RELEASE)/' \ + < ziorep_config > $(DESTDIR)$(USRSBINDIR)/ziorep_config; +- chown $(OWNER).$(GROUP) $(DESTDIR)$(USRSBINDIR)/ziorep_config; ++ chown $(OWNER):$(GROUP) $(DESTDIR)$(USRSBINDIR)/ziorep_config; + chmod 755 $(DESTDIR)$(USRSBINDIR)/ziorep_config; + $(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 ziomon.8 \ + $(DESTDIR)$(MANDIR)/man8 diff --git a/s390-tools-sles15sp5-remove-no-pie-link-arguments.patch b/s390-tools-sles15sp5-remove-no-pie-link-arguments.patch new file mode 100644 index 0000000..bccd52a --- /dev/null +++ b/s390-tools-sles15sp5-remove-no-pie-link-arguments.patch @@ -0,0 +1,13 @@ +--- s390-tools-2.24.0/common.mak 2022-11-09 11:11:48.000000000 -0500 ++++ s390-tools-2.24.0/common.mak 2022-11-28 09:46:19.055653319 -0500 +@@ -254,8 +254,8 @@ + LDFLAGS CPPFLAGS ALL_CFLAGS ALL_CXXFLAGS ALL_LDFLAGS ALL_CPPFLAGS + + ifneq ($(shell $(CC_SILENT) -dumpspecs 2>/dev/null | grep -e '[^f]no-pie'),) +- NO_PIE_CFLAGS := -fno-pie +- NO_PIE_LDFLAGS := -no-pie ++ NO_PIE_CFLAGS := ++ NO_PIE_LDFLAGS := + else + NO_PIE_CFLAGS := + NO_PIE_LDFLAGS := diff --git a/s390-tools-sles15sp5-util_lockfile-fix-includes.patch b/s390-tools-sles15sp5-util_lockfile-fix-includes.patch new file mode 100644 index 0000000..1b7664b --- /dev/null +++ b/s390-tools-sles15sp5-util_lockfile-fix-includes.patch @@ -0,0 +1,35 @@ +From 5e0056db8d7e8aaa252388fea0752071bd3667ec Mon Sep 17 00:00:00 2001 +From: Steffen Eiden +Date: Wed, 30 Nov 2022 15:22:15 +0100 +Subject: [PATCH] util_lockfile: fix includes +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The 'unistd.h' header was missing. Under some circumstances the +-D_GNU_SOURCE gcc flag does not trigger including that file. +Therefore, explicitly include this file here. + +Fixes: e1aec24e8436 ("libutil: introduce util_lockfile") +Signed-off-by: Steffen Eiden +Reviewed-by: Jan Hoeppner +Signed-off-by: Jan Höppner +--- + libutil/util_lockfile.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libutil/util_lockfile.c b/libutil/util_lockfile.c +index d657664..5440442 100644 +--- a/libutil/util_lockfile.c ++++ b/libutil/util_lockfile.c +@@ -18,6 +18,7 @@ + #include + #include + #include ++#include + + #include "lib/util_libc.h" + #include "lib/util_lockfile.h" +-- +2.35.3 + diff --git a/s390-tools-sles15sp5-zipl-boot-disable-Warray-bounds-for-now.patch b/s390-tools-sles15sp5-zipl-boot-disable-Warray-bounds-for-now.patch new file mode 100644 index 0000000..54c7901 --- /dev/null +++ b/s390-tools-sles15sp5-zipl-boot-disable-Warray-bounds-for-now.patch @@ -0,0 +1,16 @@ +This work around fixes a gcc-12 false positive by disabling `Warray-bounds`. +It is similar in intent as the previous +s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch + +--- s390-tools-2.24.0/zipl/boot/Makefile 2022-11-09 17:11:48.000000000 +0100 ++++ s390-tools-2.24.0/zipl/boot/Makefile 2022-12-02 23:16:30.513062000 +0100 +@@ -10,7 +10,8 @@ + -fno-delete-null-pointer-checks -fno-stack-protector \ + -fexec-charset=IBM1047 -m64 -mpacked-stack \ + -mstack-size=4096 -mstack-guard=128 -msoft-float \ +- -W -Wall -Wformat-security -fno-sanitize=all ++ -W -Wall -Wformat-security -fno-sanitize=all \ ++ -Wno-array-bounds + ALL_LDFLAGS += -fno-sanitize=all + + FILES = fba0.bin fba1b.bin fba2.bin \ diff --git a/s390-tools.changes b/s390-tools.changes index 911d047..44890bb 100644 --- a/s390-tools.changes +++ b/s390-tools.changes @@ -1,3 +1,214 @@ +------------------------------------------------------------------- +Tue Dec 6 19:39:22 UTC 2022 - Mark Post + +- Made extensive changes to the spec file to accomodate building + this package on both openSUSE, which has implemented the + "usrmerge" project, and SLES, which has not. This was accomplished + by checking the usrmerged variable, and setting the value of the + _mysbindir variable, accordingly. The files identified in the + Thu May 26 2022 changelog entry, and also listed below, now have + two versions. One for SLES, and one for openSUSE, with either + ".suse" or ".opensuse" appended to the file name. The appropriate + SOURCE variable is selected based on the usrmerged variable, and + installed with the ".suse" or ".opensuse" suffix stripped from + the name. + * 59-graf.rules + * dasd_configure + * dasd_reload + * detach_disks.sh + * iucv_configure + * killcdl + * mkdump.pl + * README.SUSE + * s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch + * virtsetup.sh + * vmlogrdr.service + +------------------------------------------------------------------- +Mon Nov 28 14:26:18 UTC 2022 - Mark Post + +- Updated to version 2.24.0 (jsc#PED-627) + * __v2.24.0 (2022-11-09)__ + For Linux kernel version: 6.0 + Add new tools / libraries: + - Provide config files for checkpatch, codespell, and clang-format + Changes of existing tools: + - dbginfo.sh: Collect log from various distro tools (YaST, DNF, Anaconda) + - dbginfo.sh: add Kubernetes data collection + - libutil: Introduce util_lockfile + - zdev: Add site-aware device configuration + - zdump: Add support to read Protected Virtualization dumps + - zipl/boot: Add secure boot trailer + Bug Fixes: + - ap_tools/ap-check: Reject start for control domains without usage + - cpumf/lshwc: Fix incremented counter output + - cpumf/pai: Fix core dump when summary flag set + - dbginfo.sh: Ensure compatibility with /bin/dash shell + - dbginfo.sh: Save dbginfo.sh version to dbginfo.log + - zipl/src/zipl_helper.device-mapper: Fix bug in error path + * __v2.23.0 (2022-08-18)__ + For Linux kernel version: 5.19 + Changes of existing tools: + - Makefile: use common Make definition for DRACUTDIR + - Makefile: use common Make definition for UDEVDIR and UDEVRULESDIR + - cpacfstats: Add PAI and hotplug support + - cpumf/pai: Omit file write progress information + - dbginfo.sh: Get more details on lspci command + - dumpconf: Prevent running the service in containers + - libcpumf: Detect PMU named pai_ext + - pvattest: Improve error reporting and logging + - zdev: Add some --type ap examples to manpages + - zkey: Use default benchmarked Argon2i with LUKS2 + Bug Fixes: + - dbginfo.sh: Fix accidental ftrace buffer shrinkage/free + - genprotimg: Fix BIO_reset() returncode handling + - libpv: Fix dependency checking + - pvattest: Fix dependency checking + - zipl: Fix segmentation fault when no parmline is provided + * __v2.22.0 (2022-06-20)__ + For Linux kernel version: 5.18 + Add new tools / libraries: + - ap_tools: Introduce ap_tools and the ap-check tool + - cpumf/pai: Add Processor Activity Instrumentation tool + - libpv: New library for PV tools + - pvattest: Add new tool to create, perform, and verify attestation measurements + - zipl/zdump: Add Next Gen Dump (NGDump) support + Changes of existing tools: + - Move man pages to System commands section (lscpumf, lshwc, pai, dbginfo.sh, zfcpdbf, zipl-switch-to-blscfg) + - README.md: Add 70-chreipl-fcp-mpath.rules to the list of udev rule descriptions + - Remove SysV related daemon scripts (cpacfstatsd, cpuplugd, mon_statd) + - genprotimg: Move man page to section 1 for user commands + - hyptop: increase initial update interval + - libseckey: Adapt keymgmt_match() implementation to OpenSSL + - libutil: Add util_exit_code + - libutil: Introduce util_udev + - zdev: Introduce the ap device type + - zipl-editenv: Add zIPL multienvironment support + - zipl: Implement sorting BLS entries by versions + - zkey: Add initramfs hook + Bug Fixes: + - cmsfs-fuse: Fix enabling of hard_remove option + - s390-tools: Fix typos that were detected by lintian as 'typo-in-manual-page' + - zkey-kmip: Fix possible use after free + - zkey: Fix EP11 host library version checking + - zkey_kmip: Setup ext-lib once the APQNs have been configured + * __v2.21.0 (2022-04-20)__ + For Linux kernel version: 5.17 + Add new tools / libraries: + - libcpumf: Create library libcpumf for CPU Measurement functions + Changes of existing tools: + - chreipl-fcp-mpath: bundle a pre-cooked version of the manpage for build + environments without access to `pandoc` + - dbginfo.sh: Add multipath info to map paths to FC addressing and prio group + - dbginfo.sh: Collect config files of systemd-modules-load.service + - dbginfo.sh: Sort list of environment variables for readability + - dbginfo.sh: Replace "which" by builtin command "type" + - dbginfo.sh: Rework script formatting (indents, order) + - dbginfo.sh: Update sysfs collection (excludes, messages) + - genprotimg: Add Protected Virtualization (PV) dump support + - genprotimg: Remove DigiCert root CA pinning + - lszcrypt: Add CEX8S support + - zcryptctl: Add control domain handling + - zcryptstats: Add CEX8 support + - zipl: Allow optional entries that are left out when files are missing + - zipl: make IPL sections defined with BLS to inherit a target field + - zpcictl: Add option to trigger firmware reset + Bug Fixes: + - cpictl: Handle excessive kernel version numbers + - dbginfo.sh: Collect all places where modprobe.d config files could exist + - fdasd: Fix endless menu loop on EOF + - zdump/dfi: Fix segfault due to double free + - zdump: Fix /dev/mem reading + - zpcictl: Fix race of SCLP reset and Linux recovery + * __v2.20.0 (2022-02-04)__ + For Linux kernel version: 5.16 + Add new tools / libraries: + - Add EditorConfig configuration + Changes of existing tools: + - s390-tools switches to Fuse 3 as Fuse 2 is deprecated. + Affected tools: cmsfs, hmcdrvfs, hsavmcore, zdsfs, zdump + - chreipl-fcp-mpath: don't compress the manpage before installing it + - cpictl: Report extended version information + - genprotimg: Add extended kernel command line support + - zdev: modify the lsblk output parser in lszdev + - zipl: Add support for longer kernel command lines (now supports up to 64k length) + Bug Fixes: + - cpictl: Suppress messages for unwritable sysfs files + - dbginfo.sh: Fix missing syslog for step create_package + - lshwc: Fix CPU list parameter setup for device driver + - zdev: Check for errors when removing a devtype setting + - zdev: Fix path resolution for multi-mount point file systems +- Updated s390-tools-sles15sp3-remove-no-pie-link-arguments.patch + to fit the new version, and renamed it to + s390-tools-sles15sp5-remove-no-pie-link-arguments.patch. +- Added s390-tools-sles15sp5-util_lockfile-fix-includes.patch to fix a + compilation problem. One source file was missing an include statement + for unistd.h. +- Added s390-tools-sles15sp5-ap_tools-ap-check-use-new-mdevctl-install-location.patch + An executable binary was being installed under /etc, which is + an FHS violation. +- Modified spec file to + * Change BuildRequires for fuse-devel to fuse3-devel. + * Remove obsolete BuildRequires for libpfm-devel + * Add a BuildRequires for mdevctl and systemd-devel + * Added a %files entry for dir %{_prefix}/lib/dracut/modules.d/99ngdump + * Added %config(noreplace) for the new file %{_sysconfdir}/ziplenv + * Uncomment the %files entry for %{_mandir}/man7/chreipl-fcp-mpath.7%{?ext_man} + Specifying ENABLE_DOC=1 is no longer needed for it to be generated. + * Add %dir entries for + %{_prefix}/lib/mdevctl, + %{_prefix}/lib/mdevctl/scripts.d, and + %{_prefix}/lib/mdevctl/scripts.d/callouts + NOTE that these directories do not belong to this package, but + the mdevctl package has yet to be updated to claim them. So, + until that happens, we have to temporarily claim ownership of + them for the s390-tools package to build. +- Updated the s390-tools-rpmlintrc file to suppress two warnings about + the /boot/zipl/active_devices.txt file. +- Removed the following obsolete patches: + * s390-tools-sles15sp4-chreipl-fcp-mpath-don-t-compress-the-manpage-before-.patch + * s390-tools-sles15sp4-chreipl-fcp-mpath-remove-shebang-from-chreipl-fcp-mp.patch + * s390-tools-sles15sp4-zdev-modify-the-lsblk-output-parser-in-lszdev.patch + * s390-tools-sles15sp4-zdev-Fix-path-resolution-for-multi-mount-point-file-.patch + * s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinning.patch + * s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch + * s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch + * s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch + * s390-tools-sles15sp4-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch + * s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch + * s390-tools-sles15sp4-hyptop-increase-initial-update-interval.patch + * s390-tools-sles15sp4-zipl-boot-add-secure-boot-trailer.patch +- Added s390-tools-sles15sp5-zipl-boot-disable-Warray-bounds-for-now.patch + With this version, the same false positive of "array subscript 0 + is outside array bounds" that was previously seen in the + genprotimage/boot directory is now happening in zipl/boot. +- Added s390-tools-sles15sp5-fix-chown-commands-syntax.patch to + eliminate a bunch of warnings. The new version of chown complains + if the deprecated 'owner.group' syntax is used instead of the + 'owner:group' syntax. + +------------------------------------------------------------------- +Thu Nov 3 16:17:13 UTC 2022 - Mark Post + +- Added s390-tools-sles15sp4-zipl-boot-add-secure-boot-trailer.patch + for bsc#1204965. New IBM Z firmware requires all signed boot + images to contain a trailing data block with a specific format. + +------------------------------------------------------------------- +Mon Jul 18 15:41:43 UTC 2022 - Mark Post + +- Added s390-tools-sles15sp4-hyptop-increase-initial-update-interval.patch + for bsc#1201412. Initial iteration of hyptop can produce bloated values + independent from the update delay set by the user. + +------------------------------------------------------------------- +Thu Jun 2 16:45:38 UTC 2022 - Mark Post + +- Added s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch + to fix a build failure with gcc12. With gcc12, a "false positive" + of "array subscript 0 is outside array bounds" is seen in + genprotimg/boot/stage3a.c (bsc#1200131). + ------------------------------------------------------------------- Thu May 26 17:03:32 UTC 2022 - Mark Post diff --git a/s390-tools.spec b/s390-tools.spec index 8a0cabb..520a7d0 100644 --- a/s390-tools.spec +++ b/s390-tools.spec @@ -26,9 +26,14 @@ %define _modprobedir /lib/modprobe.d %endif %global modprobe_d_files 90-s390-tools.conf +%if 0%{?usrmerged} +%define _mysbindir %{_sbindir} +%else +%define _mysbindir /sbin +%endif Name: s390-tools -Version: 2.19.0 +Version: 2.24.0 Release: 0 Summary: S/390 tools like zipl and dasdfmt License: MIT @@ -44,17 +49,30 @@ Source6: sysconfig.xpram Source7: appldata Source8: sysconfig.appldata Source10: dasdro -Source11: dasd_reload -Source12: mkdump.pl +%if 0%{?usrmerged} +Source11: dasd_reload.opensuse +Source12: mkdump.pl.opensuse +%else +Source11: dasd_reload.suse +Source12: mkdump.pl.suse +%endif Source13: sysconfig.osasnmpd Source14: zfcp_san_disc Source15: mkdump.8 Source18: zpxe.rexx Source19: rules.xpram Source20: rules.hw_random -Source21: 59-graf.rules +%if 0%{?usrmerged} +Source21: 59-graf.rules.opensuse +%else +Source21: 59-graf.rules.suse +%endif Source22: s390-tools-zdsfs.caution.txt -Source23: README.SUSE +%if 0%{?usrmerged} +Source23: README.SUSE.opensuse +%else +Source23: README.SUSE.suse +%endif Source24: cputype Source25: cputype.1 Source26: cio_ignore.service @@ -62,15 +80,28 @@ Source27: setup_cio_ignore.sh Source28: 59-prng.rules Source29: 59-zfcp-compat.rules Source30: 90-s390-tools.conf -Source31: detach_disks.sh -Source32: killcdl +%if 0%{?usrmerged} +Source31: detach_disks.sh.opensuse +Source32: killcdl.opensuse +%else +Source31: detach_disks.sh.suse +Source32: killcdl.suse +%endif Source33: lgr_check Source34: sysconfig.virtsetup Source35: virtsetup.service -Source36: virtsetup.sh +%if 0%{?usrmerged} +Source36: virtsetup.sh.opensuse +%else +Source36: virtsetup.sh.suse +%endif Source37: appldata.service Source38: hsnc.service -Source39: vmlogrdr.service +%if 0%{?usrmerged} +Source39: vmlogrdr.service.opensuse +%else +Source39: vmlogrdr.service.suse +%endif Source40: xpram.service Source41: pkey.conf @@ -79,8 +110,13 @@ Source41: pkey.conf Source86: read_values.c Source87: read_values.8 Source88: ctc_configure -Source89: dasd_configure -Source90: iucv_configure +%if 0%{?usrmerged} +Source89: dasd_configure.opensuse +Source90: iucv_configure.opensuse +%else +Source89: dasd_configure.suse +Source90: iucv_configure.suse +%endif Source91: qeth_configure Source92: zfcp_disk_configure Source93: zfcp_host_configure @@ -93,22 +129,18 @@ Source99: zfcp_host_configure.8 ### # IBM patches -Patch001: s390-tools-sles15sp4-chreipl-fcp-mpath-don-t-compress-the-manpage-before-.patch -Patch002: s390-tools-sles15sp4-chreipl-fcp-mpath-remove-shebang-from-chreipl-fcp-mp.patch -Patch003: s390-tools-sles15sp4-zdev-modify-the-lsblk-output-parser-in-lszdev.patch -Patch004: s390-tools-sles15sp4-zdev-Fix-path-resolution-for-multi-mount-point-file-.patch -Patch005: s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinning.patch -Patch006: s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch -Patch007: s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch -Patch008: s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch -Patch009: s390-tools-sles15sp4-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch -Patch010: s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch - +Patch001: s390-tools-sles15sp5-zipl-boot-disable-Warray-bounds-for-now.patch +Patch002: s390-tools-sles15sp5-util_lockfile-fix-includes.patch +Patch003: s390-tools-sles15sp5-ap_tools-ap-check-use-new-mdevctl-install-location.patch # SUSE patches Patch900: s390-tools-sles12-zipl_boot_msg.patch Patch901: s390-tools-sles15-sysconfig-compatible-dumpconf.patch Patch902: s390-tools-sles12-create-filesystem-links.patch -Patch903: s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch +%if 0%{?usrmerged} +Patch903: s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.opensuse +%else +Patch903: s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch.suse +%endif Patch904: s390-tools-sles15sp3-Allow-multiple-device-arguments.patch Patch905: s390-tools-sles15sp3-Format-devices-in-parallel.patch Patch906: s390-tools-sles15sp3-Implement-Y-yast_mode.patch @@ -116,11 +148,12 @@ Patch907: s390-tools-sles15sp3-Implement-f-for-backwards-compability.patch Patch908: s390-tools-sles15sp3-dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch Patch909: s390-tools-sles12-fdasd-skip-partition-check-and-BLKRRPART-ioctl.patch Patch910: s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch -Patch911: s390-tools-sles15sp3-remove-no-pie-link-arguments.patch +Patch911: s390-tools-sles15sp5-remove-no-pie-link-arguments.patch +Patch999: s390-tools-sles15sp5-fix-chown-commands-syntax.patch BuildRequires: curl-devel BuildRequires: dracut -BuildRequires: fuse-devel +BuildRequires: fuse3-devel BuildRequires: gcc-c++ BuildRequires: gettext-tools BuildRequires: glib2-devel @@ -128,13 +161,14 @@ BuildRequires: glibc-devel-static BuildRequires: kernel-zfcpdump BuildRequires: libcryptsetup-devel > 2.0.3 BuildRequires: libjson-c-devel -BuildRequires: libpfm-devel BuildRequires: libxml2-devel +BuildRequires: mdevctl BuildRequires: ncurses-devel BuildRequires: net-snmp-devel BuildRequires: openssl-devel >= 1.1.1l BuildRequires: pesign-obs-integration BuildRequires: qclib-devel-static +BuildRequires: systemd-devel BuildRequires: tcpd-devel BuildRequires: zlib-devel-static # Don't build with pie to avoid problems with zipl @@ -312,7 +346,14 @@ popd install -m 755 read_values %{buildroot}/%{_bindir}/ install -m644 -t %{buildroot}/%{_mandir}/man8 %{SOURCE87} + +# The "usrmerge" has happened in openSUSE:Factory, but not yet in SLES. +# Make sure we look for the zfcpdump kernel image in the right place. +%if 0%{?usrmerged} install -D -m600 %{_prefix}/lib/modules/*-zfcpdump/image %{buildroot}%{_prefix}/lib/s390-tools/zfcpdump/zfcpdump-image +%else +install -D -m600 /boot/image-*-zfcpdump %{buildroot}%{_prefix}/lib/s390-tools/zfcpdump/zfcpdump-image +%endif install -D -m644 etc/cpuplugd.conf %{buildroot}%{_sysconfdir}/cpuplugd.conf install -D -m644 etc/udev/rules.d/40-z90crypt.rules %{buildroot}%{_prefix}/lib/udev/rules.d/40-z90crypt.rules @@ -342,11 +383,11 @@ install -D -m755 %{SOURCE5} %{buildroot}%{_prefix}/lib/systemd/scripts/xpram install -D -m644 %{SOURCE6} %{buildroot}%{_fillupdir}/sysconfig.xpram install -D -m755 %{SOURCE7} %{buildroot}%{_prefix}/lib/systemd/scripts/appldata install -D -m644 %{SOURCE8} %{buildroot}%{_fillupdir}/sysconfig.appldata -install -D -m755 %{SOURCE10} %{buildroot}%{_sbindir}/dasdro -install -D -m755 %{SOURCE11} %{buildroot}%{_sbindir}/dasd_reload -install -D -m755 %{SOURCE12} %{buildroot}%{_sbindir}/mkdump +install -D -m755 %{SOURCE10} %{buildroot}%{_mysbindir}/dasdro +install -D -m755 %{SOURCE11} %{buildroot}%{_mysbindir}/dasd_reload +install -D -m755 %{SOURCE12} %{buildroot}%{_mysbindir}/mkdump install -D -m644 %{SOURCE13} %{buildroot}%{_fillupdir}/sysconfig.osasnmpd -install -D -m755 %{SOURCE14} %{buildroot}%{_sbindir}/zfcp_san_disc +install -D -m755 %{SOURCE14} %{buildroot}%{_mysbindir}/zfcp_san_disc install -D -m644 %{SOURCE15} %{buildroot}/%{_mandir}/man8 install -D -m644 %{SOURCE19} %{buildroot}%{_prefix}/lib/udev/rules.d/52-xpram.rules install -D -m644 %{SOURCE20} %{buildroot}%{_prefix}/lib/udev/rules.d/52-hw_random.rules @@ -354,26 +395,26 @@ install -D -m644 %{SOURCE21} %{buildroot}%{_prefix}/lib/udev/rules.d/59-graf.rul install -D -m644 %{SOURCE28} %{buildroot}%{_prefix}/lib/udev/rules.d/59-prng.rules install -D -m644 %{SOURCE29} %{buildroot}%{_prefix}/lib/udev/rules.d/59-zfcp-compat.rules install -D -m644 %{SOURCE30} %{buildroot}%{_modprobedir}/90-s390-tools.conf -install -D -m755 %{SOURCE32} %{buildroot}%{_sbindir}/killcdl -install -D -m755 %{SOURCE33} %{buildroot}%{_sbindir}/lgr_check +install -D -m755 %{SOURCE32} %{buildroot}%{_mysbindir}/killcdl +install -D -m755 %{SOURCE33} %{buildroot}%{_mysbindir}/lgr_check install -D -m644 %{SOURCE34} %{buildroot}%{_fillupdir}/sysconfig.virtsetup -if [ ! -d %{_sbindir} ]; then - rm -f %{_sbindir} - mkdir -p %{_sbindir} +if [ ! -d %{_mysbindir} ]; then + rm -f %{_mysbindir} + mkdir -p %{_mysbindir} fi -(cd usr/sbin; ln -s service rcappldata) -(cd usr/sbin; ln -s service rchsnc) -(cd usr/sbin; ln -s service rcvmlogrdr) -(cd usr/sbin; ln -s service rcxpram) -(cd usr/sbin; ln -s service rccio_ignore) -(cd usr/sbin; ln -s service rccpacfstatsd) -(cd usr/sbin; ln -s service rccpi) -(cd usr/sbin; ln -s service rccpuplugd) -(cd usr/sbin; ln -s service rcdumpconf) -(cd usr/sbin; ln -s service rcmon_fsstatd) -(cd usr/sbin; ln -s service rcmon_procd) -(cd usr/sbin; ln -s service rcvirtsetup) +(cd %{buildroot}%{_sbindir}; ln -s service rcappldata) +(cd %{buildroot}%{_sbindir}; ln -s service rchsnc) +(cd %{buildroot}%{_sbindir}; ln -s service rcvmlogrdr) +(cd %{buildroot}%{_sbindir}; ln -s service rcxpram) +(cd %{buildroot}%{_sbindir}; ln -s service rccio_ignore) +(cd %{buildroot}%{_sbindir}; ln -s service rccpacfstatsd) +(cd %{buildroot}%{_sbindir}; ln -s service rccpi) +(cd %{buildroot}%{_sbindir}; ln -s service rccpuplugd) +(cd %{buildroot}%{_sbindir}; ln -s service rcdumpconf) +(cd %{buildroot}%{_sbindir}; ln -s service rcmon_fsstatd) +(cd %{buildroot}%{_sbindir}; ln -s service rcmon_procd) +(cd %{buildroot}%{_sbindir}; ln -s service rcvirtsetup) if [ ! -d %{_bindir} ]; then rm -f %{_bindir} @@ -383,24 +424,29 @@ install -D -m755 %{SOURCE24} %{buildroot}%{_bindir}/cputype install -m644 -t %{buildroot}/%{_mandir}/man8 %{SOURCE25} -# Move all the binaries installed via the IBM-provided Makefile from /sbin to -# /usr/sbin/ to align with the openSUSE "usrmerge" project -mv -vi %{buildroot}/sbin/* %{buildroot}%{_sbindir}/ +# If building for openSUSE, move all the binaries installed via +# the IBM-provided Makefile from /sbin to /usr/sbin/ to +# align with the openSUSE "usrmerge" project +%if 0%{?usrmerged} +mv -vi %{buildroot}/sbin/* %{buildroot}%{_mysbindir}/ +%endif ### Obsolete scripts and man pages to be removed once changes in other tools are made -install -m755 -t %{buildroot}/%{_sbindir}/ %{SOURCE88} %{SOURCE89} %{SOURCE90} %{SOURCE91} %{SOURCE92} %{SOURCE93} +install -m755 -t %{buildroot}%{_mysbindir}/ %{SOURCE88} %{SOURCE91} %{SOURCE92} %{SOURCE93} +install %{SOURCE89} %{buildroot}%{_mysbindir}/dasd_configure +install %{SOURCE90} %{buildroot}%{_mysbindir}/iucv_configure install -m644 -t %{buildroot}/%{_mandir}/man8 %{SOURCE94} %{SOURCE95} %{SOURCE96} %{SOURCE97} %{SOURCE98} %{SOURCE99} ### ### lsmem/chmem have been added to util-linux -rm -fv %{buildroot}/%{_mandir}/man8/lsmem.8* -rm -fv %{buildroot}/%{_mandir}/man8/chmem.8* -rm -fv %{buildroot}/%{_sbindir}/lsmem -rm -fv %{buildroot}/%{_sbindir}/chmem +rm -fv %{buildroot}%{_mandir}/man8/lsmem.8* +rm -fv %{buildroot}%{_mandir}/man8/chmem.8* +rm -fv %{buildroot}%{_mysbindir}/lsmem +rm -fv %{buildroot}%{_mysbindir}/chmem find . ! -type d | sed 's/^.//;\-/man/-s/^.*$/%doc &.gz/' > %{_builddir}/%{name}-filelist -grep -v -E 'osasnmp|*\.conf$|ekmfweb.so|ekmfweb.h|kmipclient|kmip/profiles/*\.profile|chreipl-fcp-mpath' %{_builddir}/%{name}-filelist >%{_builddir}/%{name}.list +grep -v -E 'osasnmp|etc/ziplenv|\.conf$|ekmfweb.so|ekmfweb.h|kmipclient|kmip/profiles/.*profile$|chreipl-fcp-mpath' %{_builddir}/%{name}-filelist >%{_builddir}/%{name}.list grep osasnmp[^-] %{_builddir}/%{name}-filelist >%{_builddir}/%{name}.osasnmp touch boot/zipl/active_devices.txt @@ -417,7 +463,7 @@ function cleanup . %{_sysconfdir}/sysconfig/osasnmpd trap cleanup 0 echo \$\$ >\$PIDFILE -%{_sbindir}/osasnmpd -f -P %{_localstatedir}/run/osasnmpd.real.pid \$OSASNMPD_PARAMETERS "\$@" +%{_mysbindir}/osasnmpd -f -P %{_localstatedir}/run/osasnmpd.real.pid \$OSASNMPD_PARAMETERS "\$@" EOT chmod 755 osasnmpd @@ -589,6 +635,7 @@ done %dir %attr(0770,root,zkeyadm) %{_sysconfdir}/zkey/kmip/profiles %dir %attr(0770,root,zkeyadm) %{_sysconfdir}/zkey/repository %config %{_sysconfdir}/zkey/kmip/profiles/* +%config(noreplace) %{_sysconfdir}/ziplenv %dir %{_modprobedir} %{_modprobedir}/90-s390-tools.conf %config %{_sysconfdir}/cpuplugd.conf @@ -597,6 +644,9 @@ done %dir %attr(2770,root,ts-shell) %{_localstatedir}/log/ts-shell %dir %{_sysconfdir}/cmsfs-fuse %config %attr(0640,root,root) %{_sysconfdir}/cmsfs-fuse/filetypes.conf +%dir %{_prefix}/lib/mdevctl +%dir %{_prefix}/lib/mdevctl/scripts.d +%dir %{_prefix}/lib/mdevctl/scripts.d/callouts %dir %{_prefix}/lib/s390-tools %dir %{_prefix}/lib/s390-tools/zfcpdump %dir %{_prefix}/lib/udev/rules.d @@ -605,6 +655,7 @@ done %dir %{_datadir}/s390-tools/netboot %dir %{_datadir}/s390-tools/genprotimg %dir %{_prefix}/lib/dracut/modules.d/95zdev +%dir %{_prefix}/lib/dracut/modules.d/99ngdump %dir /boot/zipl %dir %{_libdir}/zkey %{_libdir}/zkey/zkey-ekmfweb.so @@ -662,7 +713,6 @@ done %{_prefix}/lib/udev/chreipl-fcp-mpath-record-volume-identifier %{_prefix}/lib/udev/chreipl-fcp-mpath-try-change-ipl-path %{_udevrulesdir}/70-chreipl-fcp-mpath.rules -## Requires build+install with ENABLE_DOC=1 -#{_mandir}/man7/chreipl-fcp-mpath.7.gz +%{_mandir}/man7/chreipl-fcp-mpath.7%{?ext_man} %changelog diff --git a/virtsetup.sh b/virtsetup.sh.opensuse similarity index 100% rename from virtsetup.sh rename to virtsetup.sh.opensuse diff --git a/virtsetup.sh.suse b/virtsetup.sh.suse new file mode 100644 index 0000000..fe7c7b8 --- /dev/null +++ b/virtsetup.sh.suse @@ -0,0 +1,92 @@ +#!/bin/sh +# +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# +# Perform setup tasks based on what hypervisor is in charge. +# + +# Source the sysconfig file +if [ -r /etc/sysconfig/virtsetup ]; then + . /etc/sysconfig/virtsetup +else echo "No /etc/sysconfig/virtsetup file was found." + exit 1 +fi + +# +# Get our hostname +# +my_hostname="$(hostname)" + +# +# Find out the hypervisor we're running on/under. +# +hypervisor="$(/usr/bin/systemd-detect-virt)" + +case "${hypervisor}" in + zvm) + if [ ! -c /dev/vmcp ]; then + modprobe vmcp + sleep 1 + if [ ! -c /dev/vmcp ]; then + echo "Unable to load the vmcp kernel module." + exit 1 + fi + fi + echo "The vmcp device driver is ready." + if [ "${ZVM_DETACH_DISKS}" == "yes" ]; then + echo "Detaching devices to prepare for Live Guest Relocation." + /usr/lib/systemd/scripts/detach_disks.sh + fi + if [ "${ZVM_WARN_ABOUT_POSSIBLE_LGR_PROBLEMS}" == yes ]; then + /sbin/lgr_check + fi + ;; + none) + hypervisor="lpar" + if [ "${LPAR_SCLP_HOSTNAME}" == "yes" ]; then + # If the sclp_cpi module is already loaded, we have to unload it + # so we can be sure it has the correct system name specified + # when we reload it again. + if grep -qw sclp_cpi /proc/modules 2>/dev/null; then + rmmod sclp_cpi + sleep 1 + fi + if grep -qw sclp_cpi /proc/modules 2>/dev/null; then + echo "Unable to unload the sclp_cpi kernel module." + exit 1 + fi + echo "Setting the LPAR name via the sclp_cpi module." + modprobe sclp_cpi system_name="$my_hostname" + if ! grep -qw sclp_cpi /proc/modules 2>/dev/null; then + echo "We were unable to load the sclp_cpi module to set the LPAR name." + exit 2 + fi + fi + ;; + kvm) + ;; + *) + echo "An unknown hypervisor, \"${hypervisor}\" was detected." + echo "Please report this to your support provider." + exit 3 + ;; +esac + +# +# Now let's check for any scripts that other packages may have provided +# to do specific things they need. The scripts must be marked executable +# and have a suffix indicating which hypervisor for which they are to be run. +# Currently that is one of: kvm, lpar, or zvm. +# E.g., 01-test.script.zvm would only be run if the system is a z/VM guest. +# + +for script in $(ls /lib/s390-tools/virtsetup/*.${hypervisor} 2>/dev/null) + do if [ -x "${script}" ]; then + echo "Executing ${script}..." + "${script}" + echo "Done." + echo + fi + done + +exit 0 diff --git a/vmlogrdr.service b/vmlogrdr.service.opensuse similarity index 100% rename from vmlogrdr.service rename to vmlogrdr.service.opensuse diff --git a/vmlogrdr.service.suse b/vmlogrdr.service.suse new file mode 100644 index 0000000..6382b36 --- /dev/null +++ b/vmlogrdr.service.suse @@ -0,0 +1,15 @@ +[Unit] +Description=System startup script for the Linux - z/VM Log reader +After=network-online.target remote-fs.target +Wants=network-online.target remote-fs.target +ConditionPathExists=!/dev/vmlogrdr_LOGREC + +[Service] +Type=oneshot +RemainAfterExit=yes + +ExecStart=/sbin/modprobe vmlogrdr +ExecStop=/sbin/modprobe -r vmlogrdr + +[Install] +WantedBy=default.target