Accepting request 980530 from Base:System

OBS-URL: https://build.opensuse.org/request/show/980530
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/s390-tools?expand=0&rev=47

59-graf.rules

@@ -7,7 +7,7 @@ SUBSYSTEM!="ccw", GOTO="graf_end"
 DRIVER!="3270", GOTO="graf_end"
 
 # Configure 3270 device
-ACTION=="add",    SUBSYSTEM=="ccw", PROGRAM="/sbin/chccwdev -e $kernel"
-ACTION=="remove", SUBSYSTEM=="ccw", PROGRAM="/sbin/chccwdev -d $kernel"
+ACTION=="add",    SUBSYSTEM=="ccw", PROGRAM="/usr/sbin/chccwdev -e $kernel"
+ACTION=="remove", SUBSYSTEM=="ccw", PROGRAM="/usr/sbin/chccwdev -d $kernel"
 
 LABEL="graf_end"

README.SUSE

@@ -21,7 +21,7 @@ ls - Addons by SUSE
 	    1 for on and 0 for off
 
 	* ctc_configure
-	  Usage: /sbin/ctc_configure <read channel> <write channel> <online> [<protocol>]
+	  Usage: /usr/sbin/ctc_configure <read channel> <write channel> <online> [<protocol>]
 	  To configure CTC connections 
 	  Valid Parameters for the protocal are 0, 1 and 3
 	  For a detailed explanation please look in the Device Driver book
@@ -33,11 +33,11 @@ ls - Addons by SUSE
 	  LPAR just set it to 0
 
 	* iucv_configure
-	  Usage: /sbin/iucv_configure  <router> <online>
+	  Usage: /usr/sbin/iucv_configure  <router> <online>
 	  To set an IUCV IP-network online/offline
 
 	* qeth_configure
-	  Usage: /sbin/qeth_configure [options] <read chan> <write chan> <control chan> <online>
+	  Usage: /usr/sbin/qeth_configure [options] <read chan> <write chan> <control chan> <online>
 	  Set qeth, hipersocket adapter online/offline.
 	  options could be one of the following:
 
@@ -48,10 +48,10 @@ ls - Addons by SUSE
 	  
 
 	* zfcp_disk_configure
-	  Usage: /sbin/zfcp_disk_configure  <ccwid> <wwpn> <lun> <online>
+	  Usage: /usr/sbin/zfcp_disk_configure  <ccwid> <wwpn> <lun> <online>
 	  set a disk online/offline. This require that the repective
 	  Adapter is online. See command below.
 
 	* zfcp_host_configure
-	  Usage: /sbin/zfcp_host_configure  <ccwid> <online>
+	  Usage: /usr/sbin/zfcp_host_configure  <ccwid> <online>
 	  Set a zfcp Adapter online/offline

dasd_configure

@@ -142,7 +142,7 @@ if [ ${RC} -ne 0 ]; then
 elif [ ${ON_OFF} == 1 ]; then
     exitcode=0
     # Extract the full busid so that we can reference the proper entries in /sys
-    BUSID=$(/sbin/lszdev dasd ${CCW_CHAN_ID} | /usr/bin/sed -e 1d | /usr/bin/tr -s " " | /usr/bin/cut -f2 -d" " )
+    BUSID=$(/usr/sbin/lszdev dasd ${CCW_CHAN_ID} | /usr/bin/sed -e 1d | /usr/bin/tr -s " " | /usr/bin/cut -f2 -d" " )
     # Make sure the DASD volume came online
     for ((counter=0; counter<30; counter++)); do
       sleep 0.1

dasd_reload

@@ -25,7 +25,7 @@ if [ ! -r /proc/modules ]; then
     exit 1
 fi
 
-if [ ! -x /sbin/rmmod -o ! -x /sbin/modprobe ]; then
+if [ ! -x /usr/sbin/rmmod -o ! -x /usr/sbin/modprobe ]; then
     echo "Missing module programs"
     exit 2
 fi
@@ -95,7 +95,7 @@ for module in ${module_test_list}; do
     if grep -q "${module}" /proc/modules; then
 	module_list="${module} ${module_list}"
 	: Unloading ${module}
-	/sbin/rmmod ${module}
+	/usr/sbin/rmmod ${module}
     fi
 done
 
@@ -133,7 +133,7 @@ if [ -d /etc/udev/rules.d ]; then
 	    fi
 	    echo Activating ${dasd}
 	    mv -i "${file}" /etc/udev/rules.d/
-	    /sbin/chzdev dasd --apply --configured -q --no-root-update ${dasd}
+	    /usr/sbin/chzdev dasd --apply --configured -q --no-root-update ${dasd}
 	    lsdasd
 	    break
 	done
@@ -147,7 +147,7 @@ if [ -d /etc/udev/rules.d ]; then
 	    [ -f "${file}" ] || continue
 	    echo Activating ${dasd}
 	    mv -i "${file}" /etc/udev/rules.d/
-	    /sbin/chzdev dasd --apply --configured -q --no-root-update ${dasd}
+	    /usr/sbin/chzdev dasd --apply --configured -q --no-root-update ${dasd}
 	    break
 	done
     done

detach_disks.sh

@@ -76,7 +76,7 @@ fi
 
 # First, get a list of all the DASD devices we have for this guest, in decimal.
 # (Trying to handle things in hex gets complicated.)
-/sbin/vmcp -b1048576 q v dasd | cut -f2 -d" "  |\
+/usr/sbin/vmcp -b1048576 q v dasd | cut -f2 -d" "  |\
   while read HEXNO
     do let DECNO=0x${HEXNO}
        echo ${DECNO}
@@ -139,7 +139,7 @@ else
 # Get a list of all the virtual NICs since they require an
 # extra keyword to detach. Contrary to what we've done before
 # these will be hex values
-     /sbin/vmcp -b1048576 q nic | grep Adapter | cut -f2 -d" "  | cut -f1 -d. > ${NICFILE}
+     /usr/sbin/vmcp -b1048576 q nic | grep Adapter | cut -f2 -d" "  | cut -f1 -d. > ${NICFILE}
 
 # Now we sort the device numbers and detach them.
      sort -un ${DETFILE} | \

iucv_configure

@@ -125,7 +125,7 @@ fi
 
 if [ "$iucvdev" ] ; then
     cat > /etc/udev/rules.d/51-iucv-$PEER_USERID.rules <<EOF
-ACTION=="add", SUBSYSTEM=="subsystem", KERNEL=="iucv", RUN+="/sbin/modprobe netiucv"
+ACTION=="add", SUBSYSTEM=="subsystem", KERNEL=="iucv", RUN+="/usr/sbin/modprobe netiucv"
 ACTION=="add", SUBSYSTEM=="drivers", KERNEL=="netiucv", ATTR{connection}="$PEER_USERID"
 EOF
 fi

killcdl

@@ -15,7 +15,7 @@ usage(){
   echo "	busid	The full specification of the volume, e.g., 0.0.3184."
 }
 
-ARCH="$(/bin/uname -m)"
+ARCH="$(/usr/bin/uname -m)"
 if [ "${ARCH}" != "s390x" ] && [ "${ARCH}" != "s390" ]; then
   echo "This script is only useful on IBM mainframes."
   exit 1
@@ -107,7 +107,7 @@ BUSID="${FIRST}.${SECOND}.${DEVNO}"
 
 if [ ! -h /sys/bus/ccw/devices/${BUSID} ]; then
   echo "Busid ${BUSID} was not found."
-  /sbin/cio_ignore -i ${BUSID} > /dev/null
+  /usr/sbin/cio_ignore -i ${BUSID} > /dev/null
   if [ $? -eq 0 ]; then
     echo "That device is in the cio_ignore list."
     echo "Please remove it with \"cio_ignore -r ${BUSID}\" before trying again."
@@ -134,16 +134,16 @@ if [ -r /sys/bus/ccw/devices/${BUSID}/discipline ]; then
   # We have to bring the device online before the kernel will fill in
   # the value for discipline.
   if [ ${ORIG_ONLINE_STATUS} -eq 0 ]; then
-    /sbin/chccwdev -e ${BUSID}
-    /sbin/udevadm settle
+    /usr/sbin/chccwdev -e ${BUSID}
+    /usr/sbin/udevadm settle
   fi
 
   read STATUS < /sys/bus/ccw/devices/${BUSID}/status
   if [ "${STATUS}" == "unformatted" ]; then
     echo "DASD device ${BUSID} is already in an unformatted state."
     if [ ${ORIG_ONLINE_STATUS} -eq 0 ]; then
-      /sbin/chccwdev -d -s ${BUSID}
-      /sbin/udevadm settle
+      /usr/sbin/chccwdev -d -s ${BUSID}
+      /usr/sbin/udevadm settle
     fi
     exit 0
   fi
@@ -168,7 +168,7 @@ fi
 if [ "${DISCIPLINE}" != "ECKD" ]; then
   echo "This script only works on ECKD DASD."
   if [ ${ORIG_ONLINE_STATUS} -eq 0 ]; then
-    /sbin/chccwdev -d -s ${BUSID}
+    /usr/sbin/chccwdev -d -s ${BUSID}
   fi
   exit 12
 fi
@@ -180,8 +180,8 @@ if [ ${STATUS} -eq 1 ]; then
     exit 13
   fi
 
-  /sbin/chccwdev -d -s ${BUSID}
-  /sbin/udevadm settle
+  /usr/sbin/chccwdev -d -s ${BUSID}
+  /usr/sbin/udevadm settle
 
   read STATUS < /sys/bus/ccw/devices/${BUSID}/online
   if [ ${STATUS} -ne 0 ]; then
@@ -190,8 +190,8 @@ if [ ${STATUS} -eq 1 ]; then
   fi
 fi
 
-/sbin/chccwdev -a raw_track_access=1 -e ${BUSID}
-/sbin/udevadm settle
+/usr/sbin/chccwdev -a raw_track_access=1 -e ${BUSID}
+/usr/sbin/udevadm settle
 
 read STATUS < /sys/bus/ccw/devices/${BUSID}/online
 if [ ${STATUS} -ne 1 ]; then
@@ -208,10 +208,10 @@ if [ "$?" -ne 0 ]; then
 fi
 
 echo "Setting ${BUSID} back offline with raw track access disabled."
-/sbin/chccwdev -d -s -a raw_track_access=0 ${BUSID}
-/sbin/udevadm settle
+/usr/sbin/chccwdev -d -s -a raw_track_access=0 ${BUSID}
+/usr/sbin/udevadm settle
 
 if [ ${ORIG_ONLINE_STATUS} -eq 1 ]; then
-  /sbin/chccwdev -e ${BUSID}
-  /sbin/udevadm settle
+  /usr/sbin/chccwdev -e ${BUSID}
+  /usr/sbin/udevadm settle
 fi

mkdump.pl

@@ -33,14 +33,14 @@ use Getopt::Long;
 
 my $VERSION = "2.0.3";
 
-my $BLKID = "/sbin/blkid";
+my $BLKID = "/usr/sbin/blkid";
 my $PARTED = "/usr/sbin/parted";
-my $FDASD = "/sbin/fdasd";
-my $DASDVIEW = "/sbin/dasdview";
-my $DASDFMT = "/sbin/dasdfmt";
-my $ZIPL = "/sbin/zipl";
-my $UDEVADM = "/sbin/udevadm";
-my $ZGETDUMP = "/sbin/zgetdump";
+my $FDASD = "/usr/sbin/fdasd";
+my $DASDVIEW = "/usr/sbin/dasdview";
+my $DASDFMT = "/usr/sbin/dasdfmt";
+my $ZIPL = "/usr/sbin/zipl";
+my $UDEVADM = "/usr/sbin/udevadm";
+my $ZGETDUMP = "/usr/sbin/zgetdump";
 
 # temporary DASD device configuration file for Zipl
 my $MDPATH = "/tmp/mvdump.conf.".`mcookie`;

s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch

@@ -17,15 +17,18 @@ diff --git a/etc/udev/rules.d/59-dasd.rules b/etc/udev/rules.d/59-dasd.rules
 index 2b1435c..a08cb7c 100644
 --- a/etc/udev/rules.d/59-dasd.rules
 +++ b/etc/udev/rules.d/59-dasd.rules
-@@ -6,7 +6,7 @@
+@@ -6,9 +6,9 @@
  SUBSYSTEM!="block", GOTO="dasd_symlinks_end"
  KERNEL!="dasd*", GOTO="dasd_symlinks_end"
  
 -ACTION!="change", GOTO="dasd_block_end"
 +ACTION!="change|add", GOTO="dasd_block_end"
  # by-id (hardware serial number)
- KERNEL=="dasd*[!0-9]", ATTRS{status}=="online", IMPORT{program}="/sbin/dasdinfo -a -e -b $kernel"
+-KERNEL=="dasd*[!0-9]", ATTRS{status}=="online", IMPORT{program}="/sbin/dasdinfo -a -e -b $kernel"
++KERNEL=="dasd*[!0-9]", ATTRS{status}=="online", IMPORT{program}="/usr/sbin/dasdinfo -a -e -b $kernel"
  KERNEL=="dasd*[!0-9]", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_SERIAL}"
+ KERNEL=="dasd*[!0-9]", ENV{ID_UID}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_UID}"
+ KERNEL=="dasd*[!0-9]", ENV{ID_XUID}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_XUID}"
 -- 
 1.8.1.4
 

s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch

@@ -0,0 +1,50 @@
+From 9e620058184cfdf026241b953bfbb095256198a0 Mon Sep 17 00:00:00 2001
+From: Marc Hartmayer <mhartmay@linux.ibm.com>
+Date: Tue, 26 Apr 2022 09:22:10 +0000
+Subject: [PATCH] genprotimg/boot: disable `-Warray-bounds` for now
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This work around fixes the gcc-12 false positive by disabling `Warray-bounds`:
+
+  CC      genprotimg/boot/stage3a.o
+  In file included from stage3a.c:14:
+  In function ‘__test_facility’,
+      inlined from ‘test_facility’ at ../../include/boot/s390.h:428:9,
+      inlined from ‘start’ at stage3a.c:42:7:
+  ../../include/boot/s390.h:418:17: error: array subscript 0 is outside array bounds of ‘void[0]’ [-Werror=array-bounds]
+    418 |         return (*ptr & (0x80 >> (nr & 7))) != 0;
+	|                 ^~~~
+
+Unfortunately, there is currently no better fix available that doesn't result
+in larger boot loader code sizes. Given the importancy of the boot loader file
+sizes the other fixes aren't acceptable. The Linux kernel shares the
+problem (but for performance reasons), take a look at the discussion
+https://lore.kernel.org/lkml/yt9dzgkelelc.fsf@linux.ibm.com/ for details.
+
+Fixes: https://github.com/ibm-s390-linux/s390-tools/issues/130
+Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
+Reviewed-by: Jan Höppner <hoeppner@linux.ibm.com>
+Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
+---
+ genprotimg/boot/Makefile | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/genprotimg/boot/Makefile b/genprotimg/boot/Makefile
+index f957a70..95bd6cc 100644
+--- a/genprotimg/boot/Makefile
++++ b/genprotimg/boot/Makefile
+@@ -15,7 +15,8 @@ ALL_CFLAGS := $(NO_PIE_CFLAGS) -Os -g \
+ 	-fno-delete-null-pointer-checks -fno-stack-protector \
+ 	-fexec-charset=IBM1047 -m64 -mpacked-stack \
+ 	-mstack-size=4096 -mstack-guard=128 -msoft-float \
+-	-Wall -Wformat-security -Wextra -Werror
++	-Wall -Wformat-security -Wextra -Werror \
++	-Wno-array-bounds
+ 
+ FILES := stage3a.bin stage3b.bin stage3b_reloc.bin
+ 
+-- 
+2.35.3
+

s390-tools-sles15sp4-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch

@@ -0,0 +1,94 @@
+Subject: [PATCH] [BZ 198268] libseckey: Adapt keymgmt_match() implementation to OpenSSL
+From: Ingo Franzki <ifranzki@linux.ibm.com>
+
+Description:   zkey: KMIP plugin fails to connection to KMIP server
+Symptom:       When a zkey key repository is bound to the KMIP plugin, and the
+               connection to the KMIP server is to be configired using command 
+               'zkey kms configure --kmip-server <server>', it fails to connect
+               to the specified KMIP server. 
+Problem:       When trying to establish a TSL connection to the KMIP server, 
+               the KMIP client sets up an OpenSSL SSL context with its 
+               certificate and its private key (which is a secure key) using 
+               OpenSSL function SSL_CTX_use_PrivateKey(). When running with 
+               OpenSSL 3.0, This calls the secure key provider's match
+               function to check if the private key specified matches the
+               public key of the certificate using EVP_PKEY_eq(). EVP_PKEY_eq()
+               includes the private key into the selector bits for the match
+               call, although the certificate only contains the public key 
+               part.
+               OpenSSL commit ee22a3741e3fc27c981e7f7e9bcb8d3342b0c65a changed
+               the OpenSSL provider's keymgmt_match() function to be not so
+               strict with the selector bits in regards to matching different
+               key parts.
+               This means, that if the public key is selected to be matched,
+               and the public key matches (together with any also selected
+               parameters), then the private key is no longer checked, although
+               it may also be selected to be matched. This is according to how 
+               the OpenSSL function EVP_PKEY_eq() is supposed to behave.
+Solution:      Adapt the secure key provider's match function to behave like
+               the match functions of the providers coming with OpenSSL.
+Reproduction:  Configure a connection to a KMIP server on a system that comes
+               with OpenSSL 3.0.
+Upstream-ID:   6c5c5f7e558c114ddaa475e96c9ec708049aa423
+Problem-ID:    198268
+
+Upstream-Description:
+
+              libseckey: Adapt keymgmt_match() implementation to OpenSSL
+
+              OpenSSL commit ee22a3741e3fc27c981e7f7e9bcb8d3342b0c65a changed the
+              OpenSSL provider's keymgmt_match() function to be not so strict with
+              the selector bits in regards to matching different key parts.
+
+              Adapt the secure key provider's match function accordingly.
+              This means, that if the public key is selected to be matched, and
+              the public key matches (together with any also selected parameters),
+              then the private key is no longer checked, although it may also be
+              selected to be matched. This is according to how the OpenSSL function
+              EVP_PKEY_eq() is supposed to behave.
+
+              OpenSSL function SSL_CTX_use_PrivateKey() calls the providers match
+              function to check if the private key specified matches the public key
+              of the certificate using EVP_PKEY_eq(). EVP_PKEY_eq() includes the
+              private key into the selector bits here, although the certificate
+              only contains the public key part.
+
+              Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
+              Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>
+
+
+Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
+---
+ libseckey/sk_provider.c |   18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+--- a/libseckey/sk_provider.c
++++ b/libseckey/sk_provider.c
+@@ -2216,13 +2216,23 @@ static int sk_prov_keymgmt_match(const s
+ 
+ 	if (key1->type != key2->type)
+ 		return 0;
++
++	if (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) {
++		/* match everything except private key */
++		return default_match_fn(key1->default_key, key2->default_key,
++					selection &
++					    (~OSSL_KEYMGMT_SELECT_PRIVATE_KEY));
++	}
++
+ 	if (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) {
+ 		if (key1->secure_key_size != key2->secure_key_size)
+ 			return 0;
+-		if (key1->secure_key_size > 0 &&
+-		    memcmp(key1->secure_key, key2->secure_key,
+-			    key1->secure_key_size) != 0)
+-			return 0;
++		if (key1->secure_key_size > 0) {
++			if (memcmp(key1->secure_key, key2->secure_key,
++				   key1->secure_key_size) != 0)
++				return 0;
++			selection &= (~OSSL_KEYMGMT_SELECT_PRIVATE_KEY);
++		}
+ 	}
+ 
+ 	return default_match_fn(key1->default_key, key2->default_key,

s390-tools.changes

@@ -1,3 +1,32 @@
+-------------------------------------------------------------------
+Thu May 26 17:03:32 UTC 2022 - Mark Post <mpost@suse.com>
+
+- Modifed the spec file to install all binaires in /usr/sbin instead of /sbin
+  to align with the "usrmerge" initiative in openSUSE. (bsc#1195914) Also
+  modified the following files that SUSE provides that need to reflect this
+  change:
+  *  59-graf.rules
+  *  dasd_configure
+  *  dasd_reload
+  *  detach_disks.sh
+  *  iucv_configure
+  *  killcdl
+  *  mkdump.pl
+  *  README.SUSE
+  *  s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch
+  *  virtsetup.sh
+  *  vmlogrdr.service
+- Added s390-tools-sles15sp4-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch
+  for bsc#1199649. zkey: KMIP plugin fails to connection to KMIP server
+  When a zkey key repository is bound to the KMIP plugin, and the
+  connection to the KMIP server is to be configired using command 
+  'zkey kms configure --kmip-server <server>', it fails to connect
+  to the specified KMIP server. 
+- Added s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch
+  to fix a build failure with gcc12. With gcc12, a "false positive"
+  of "array subscript 0 is outside array bounds" is seen in
+  genprotimg/boot/stage3a.c (bsc#1200131).
+
 -------------------------------------------------------------------
 Tue May  3 18:10:58 UTC 2022 - Mark Post <mpost@suse.com>
 

s390-tools.spec

@@ -101,6 +101,8 @@ Patch005:       s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinni
 Patch006:       s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch
 Patch007:       s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch
 Patch008:       s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch
+Patch009:       s390-tools-sles15sp4-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch
+Patch010:       s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch
 
 # SUSE patches
 Patch900:       s390-tools-sles12-zipl_boot_msg.patch
@@ -310,14 +312,7 @@ popd
 
 install -m 755 read_values %{buildroot}/%{_bindir}/
 install -m644 -t %{buildroot}/%{_mandir}/man8 %{SOURCE87}
-
-# The "usrmerge" has happened in openSUSE:Factory, but not yet in SLES.
-# Make sure we look for the zfcpdump kernel image in the right place.
-%if 0%{?usrmerged}
 install -D -m600 %{_prefix}/lib/modules/*-zfcpdump/image %{buildroot}%{_prefix}/lib/s390-tools/zfcpdump/zfcpdump-image
-%else
-install -D -m600 /boot/image-*-zfcpdump %{buildroot}%{_prefix}/lib/s390-tools/zfcpdump/zfcpdump-image
-%endif
 
 install -D -m644 etc/cpuplugd.conf %{buildroot}%{_sysconfdir}/cpuplugd.conf
 install -D -m644 etc/udev/rules.d/40-z90crypt.rules %{buildroot}%{_prefix}/lib/udev/rules.d/40-z90crypt.rules
@@ -347,11 +342,11 @@ install -D -m755 %{SOURCE5} %{buildroot}%{_prefix}/lib/systemd/scripts/xpram
 install -D -m644 %{SOURCE6} %{buildroot}%{_fillupdir}/sysconfig.xpram
 install -D -m755 %{SOURCE7} %{buildroot}%{_prefix}/lib/systemd/scripts/appldata
 install -D -m644 %{SOURCE8} %{buildroot}%{_fillupdir}/sysconfig.appldata
-install -D -m755 %{SOURCE10} sbin/dasdro
-install -D -m755 %{SOURCE11} sbin/dasd_reload
-install -D -m755 %{SOURCE12} sbin/mkdump
+install -D -m755 %{SOURCE10} %{buildroot}%{_sbindir}/dasdro
+install -D -m755 %{SOURCE11} %{buildroot}%{_sbindir}/dasd_reload
+install -D -m755 %{SOURCE12} %{buildroot}%{_sbindir}/mkdump
 install -D -m644 %{SOURCE13} %{buildroot}%{_fillupdir}/sysconfig.osasnmpd
-install -D -m755 %{SOURCE14} sbin/zfcp_san_disc
+install -D -m755 %{SOURCE14} %{buildroot}%{_sbindir}/zfcp_san_disc
 install -D -m644 %{SOURCE15} %{buildroot}/%{_mandir}/man8
 install -D -m644 %{SOURCE19} %{buildroot}%{_prefix}/lib/udev/rules.d/52-xpram.rules
 install -D -m644 %{SOURCE20} %{buildroot}%{_prefix}/lib/udev/rules.d/52-hw_random.rules
@@ -359,8 +354,8 @@ install -D -m644 %{SOURCE21} %{buildroot}%{_prefix}/lib/udev/rules.d/59-graf.rul
 install -D -m644 %{SOURCE28} %{buildroot}%{_prefix}/lib/udev/rules.d/59-prng.rules
 install -D -m644 %{SOURCE29} %{buildroot}%{_prefix}/lib/udev/rules.d/59-zfcp-compat.rules
 install -D -m644 %{SOURCE30} %{buildroot}%{_modprobedir}/90-s390-tools.conf
-install -D -m755 %{SOURCE32} %{buildroot}/sbin/killcdl
-install -D -m755 %{SOURCE33} %{buildroot}/sbin/lgr_check
+install -D -m755 %{SOURCE32} %{buildroot}%{_sbindir}/killcdl
+install -D -m755 %{SOURCE33} %{buildroot}%{_sbindir}/lgr_check
 install -D -m644 %{SOURCE34} %{buildroot}%{_fillupdir}/sysconfig.virtsetup
 
 if [ ! -d %{_sbindir} ]; then
@@ -388,8 +383,12 @@ install -D -m755 %{SOURCE24} %{buildroot}%{_bindir}/cputype
 
 install -m644 -t %{buildroot}/%{_mandir}/man8 %{SOURCE25}
 
+# Move all the binaries installed via the IBM-provided Makefile from /sbin to
+# /usr/sbin/ to align with the openSUSE "usrmerge" project
+mv -vi %{buildroot}/sbin/* %{buildroot}%{_sbindir}/
+
 ### Obsolete scripts and man pages to be removed once changes in other tools are made
-install -m755 -t sbin/ %{SOURCE88} %{SOURCE89} %{SOURCE90} %{SOURCE91} %{SOURCE92} %{SOURCE93}
+install -m755 -t %{buildroot}/%{_sbindir}/ %{SOURCE88} %{SOURCE89} %{SOURCE90} %{SOURCE91} %{SOURCE92} %{SOURCE93}
 install -m644 -t %{buildroot}/%{_mandir}/man8 %{SOURCE94} %{SOURCE95} %{SOURCE96} %{SOURCE97} %{SOURCE98} %{SOURCE99}
 ###
 

virtsetup.sh

@@ -38,7 +38,7 @@ case "${hypervisor}" in
 		  /usr/lib/systemd/scripts/detach_disks.sh
 		fi
 		if [ "${ZVM_WARN_ABOUT_POSSIBLE_LGR_PROBLEMS}" == yes ]; then
-		  /sbin/lgr_check
+		  /usr/sbin/lgr_check
 		fi
 	;;
 	none)

vmlogrdr.service

@@ -8,8 +8,8 @@ ConditionPathExists=!/dev/vmlogrdr_LOGREC
 Type=oneshot
 RemainAfterExit=yes
 
-ExecStart=/sbin/modprobe vmlogrdr
-ExecStop=/sbin/modprobe -r vmlogrdr
+ExecStart=/usr/sbin/modprobe vmlogrdr
+ExecStop=/usr/sbin/modprobe -r vmlogrdr
 
 [Install]
 WantedBy=default.target