Debian

Available patches from Ubuntu

To see Ubuntu differences wrt. to Debian, write down a grep-dctrl query identifying the packages you're interested in:
grep-dctrl -n -sPackage Sources.Debian
(e.g. -FPackage linux-ntfs or linux-ntfs)

Modified packages are listed below:

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: s390-tools

s390-tools (2.15.1-0ubuntu2) hirsute; urgency=medium * Package libekmfweb library. * Do not use /usr/lib64 prefix. -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 18 Nov 2020 14:23:24 +0000 s390-tools (2.15.1-0ubuntu1) hirsute; urgency=medium * New upstream release. LP: #1902865, LP: #1902047, LP: #1892824, LP: #1887920, LP: #1887806 * Drop .triggers, and initramfs override. Triggers to update initramfs are desired in both packages that ship hooks. -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 12 Nov 2020 15:10:44 +0000 s390-tools (2.14.0-2ubuntu1) hirsute; urgency=medium * Merge from Debian unstable (LP: #1903688). Remaining changes: - lower priority to optional - add libsnmp-dev, libglib2.0-dev build-deps - add support for signed zipl - use z Systems branding in descriptions - package cpuplugd, osasnmpd, statd, zkey - drop ziomon package, shipped in the main package - ship zdev in udeb - update copyright file - fix kernel installer script integration, to skip calling zipl without initrd - load monwriter kernel module for mon_statd/mon_fsstatd - do not run dumpconf in lxc - ziomon change exit code to 0 for version and help - add zkey initramfs hook - change zkey default back to argon2i - drop patch that disables building osasnmpd - drop udevadm-path.patch to init script, systemd units are used instead - enable hardening - enable initramfs & dracut integration - setup users/groups for mon_*, iucvterm, zkey - install more utilities and zdev initramfs integration - setup crashkernel integration * Update debian/not-installed file for additional files in debian/tmp * debian/rules: - drop unneeded "--parallel --with systemd" dh args - clean zipl/boot/.stage*.d files - avoid dh_installinitramfs to install additional triggers * s390-tools.docs: ship CHANGELOG.md (as Debian does) -- Lukas Märdian <lukas.maerdian@canonical.com> Mon, 09 Nov 2020 16:04:40 +0100

Modifications :
  1. Download patch zkey/keystore.h

    --- 2.14.0-2/zkey/keystore.h 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/zkey/keystore.h 2020-10-28 14:31:59.000000000 +0000 @@ -3,7 +3,7 @@ * * Keystore handling functions * - * Copyright IBM Corp. 2018 + * Copyright IBM Corp. 2018, 2020 * * s390-tools is free software; you can redistribute it and/or modify * it under the terms of the MIT license. See LICENSE for details. @@ -15,6 +15,7 @@ #include <stdbool.h> #include "pkey.h" +#include "kms.h" struct keystore { bool verbose; @@ -22,9 +23,31 @@ struct keystore { int lock_fd; mode_t mode; gid_t owner; + struct kms_info *kms_info; }; -struct keystore *keystore_new(const char *directory, bool verbose); +#define PROP_NAME_KEY_TYPE "key-type" +#define PROP_NAME_CIPHER "cipher" +#define PROP_NAME_IV_MODE "iv-mode" +#define PROP_NAME_DESCRIPTION "description" +#define PROP_NAME_VOLUMES "volumes" +#define PROP_NAME_APQNS "apqns" +#define PROP_NAME_SECTOR_SIZE "sector-size" +#define PROP_NAME_CREATION_TIME "creation-time" +#define PROP_NAME_CHANGE_TIME "update-time" +#define PROP_NAME_REENC_TIME "reencipher-time" +#define PROP_NAME_KEY_VP "verification-pattern" +#define PROP_NAME_VOLUME_TYPE "volume-type" +#define PROP_NAME_KMS "kms" +#define PROP_NAME_KMS_KEY_ID "kms-key-id" +#define PROP_NAME_KMS_KEY_LABEL "kms-key-label" +#define PROP_NAME_KMS_XTS_KEY1_ID "kms-xts-key1-id" +#define PROP_NAME_KMS_XTS_KEY1_LABEL "kms-xts-key1-label" +#define PROP_NAME_KMS_XTS_KEY2_ID "kms-xts-key2-id" +#define PROP_NAME_KMS_XTS_KEY2_LABEL "kms-xts-key2-label" + +struct keystore *keystore_new(const char *directory, + struct kms_info *kms_info, bool verbose); int keystore_generate_key(struct keystore *keystore, const char *name, const char *description, const char *volumes, @@ -33,6 +56,13 @@ int keystore_generate_key(struct keystor const char *clear_key_file, const char *volume_type, const char *key_type, int pkey_fd); +int keystore_generate_key_kms(struct keystore *keystore, const char *name, + const char *description, const char *volumes, + size_t sector_size, size_t keybits, bool xts, + const char *volume_type, const char *key_type, + struct kms_option *kms_options, + size_t num_kms_options); + int keystore_import_key(struct keystore *keystore, const char *name, const char *description, const char *volumes, const char *apqns, bool noapqncheck, size_t sector_size, @@ -58,17 +88,19 @@ int keystore_reencipher_key(struct keyst struct ext_lib *lib); int keystore_copy_key(struct keystore *keystore, const char *name, - const char *newname, const char *volumes); + const char *newname, const char *volumes, bool local); int keystore_export_key(struct keystore *keystore, const char *name, const char *export_file); int keystore_remove_key(struct keystore *keystore, const char *name, - bool quiet); + bool quiet, struct kms_option *kms_options, + size_t num_kms_options); int keystore_list_keys(struct keystore *keystore, const char *name_filter, const char *volume_filter, const char *apqn_filter, - const char *volume_type, const char *key_type); + const char *volume_type, const char *key_type, + bool local, bool kms_bound); int keystore_cryptsetup(struct keystore *keystore, const char *volume_filter, bool execute, const char *volume_type, @@ -84,6 +116,31 @@ int keystore_convert_key(struct keystore const char *key_type, bool noapqncheck, bool quiet, int pkey_fd, struct ext_lib *lib); +int keystore_kms_keys_set_property(struct keystore *keystore, + const char *key_type, + const char *prop_name, + const char *prop_value); + +int keystore_kms_keys_unbind(struct keystore *keystore); + +int keystore_msg_for_kms_key(struct keystore *keystore, const char *key_type, + const char *msg); + +int keystore_import_kms_keys(struct keystore *keystore, + const char *label_filter, + const char *name_filter, + const char *volume_filter, + const char *volume_type, + struct kms_option *kms_options, + size_t num_kms_options, + bool batch_mode, bool novolcheck); + +int keystore_refresh_kms_keys(struct keystore *keystore, + const char *name_filter, + const char *volume_filter, + const char *volume_type, const char *key_type, + bool refres_properties, bool novolcheck); + void keystore_free(struct keystore *keystore);
  2. Download patch zipl/src/scan.c

    --- 2.14.0-2/zipl/src/scan.c 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/zipl/src/scan.c 2020-10-28 14:31:59.000000000 +0000 @@ -21,6 +21,7 @@ #define _GNU_SOURCE #endif +#include <assert.h> #include <ctype.h> #include <dirent.h> #include <errno.h> @@ -28,6 +29,7 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <stdbool.h> #include <sys/stat.h> @@ -730,6 +732,67 @@ scan_bls_field(struct misc_file_buffer * return 0; } +/** + * find a line with keyword "title" and move it to the top + */ +static int sort_bls_fields(struct misc_file_buffer *file, char *filename) +{ + bool is_title = false; + size_t title_len = 0; + int nr_titles = 0; + size_t title_off; + char *title; + int current; + size_t len; + + while (file->length - file->pos > 4 /* for "title" */) { + if (strncmp("title", &file->buffer[file->pos], 5) == 0) { + is_title = true; + nr_titles++; + title_off = file->pos; + } + for (len = 0;; file->pos++, len++) { + current = misc_get_char(file, 0); + if (current == '\n' || current == EOF) + break; + } + if (is_title == true) + title_len = len; + if (current == EOF) + break; + file->pos++; + } + file->pos = 0; + + if (nr_titles == 0) { + error_reason("no title in %s", filename); + return -1; + } + if (nr_titles > 1) { + error_reason("more than one title in %s", filename); + return -1; + } + if (title_off == 0) + return 0; + + title = misc_malloc(title_len); + if (!title) + return -1; + /* + * copy the title field w/o trailing '\n' to the temporary buffer + */ + memcpy(title, &file->buffer[title_off], title_len); + /* + * shift preceded memory region w/o trailing '\n' to the right + */ + assert(file->buffer[title_off - 1] == '\n'); + memmove(&file->buffer[title_len + 1], &file->buffer[0], title_off - 1); + file->buffer[title_len] = '\n'; + memcpy(&file->buffer[0], title, title_len); + + free(title); + return 0; +} int scan_bls(const char* blsdir, struct scan_token** token, int scan_size) @@ -780,6 +843,10 @@ scan_bls(const char* blsdir, struct scan if (rc) goto err; + rc = sort_bls_fields(&file, filename); + if (rc) + goto err; + while ((size_t)file.pos < file.length) { current = misc_get_char(&file, 0); switch (current) {
  3. Download patch zfcpdump/README.part

    --- 2.14.0-2/zfcpdump/README.part 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/zfcpdump/README.part 2020-10-28 14:31:59.000000000 +0000 @@ -31,7 +31,7 @@ configuration. * Issue "make bzImage" to build the zfcpdump kernel image. In a Linux distribution the zfcpdump enabled kernel image must be copied to -/lib/s390-tools/zfcpdump/zfcpdump_part.image, where the s390 zipl tool is +/lib/s390-tools/zfcpdump/zfcpdump-image, where the s390 zipl tool is looking for the dump kernel when preparing a SCSI dump disk. Create and install initrd
  4. Download patch lsstp/lsstp.8

    --- 2.14.0-2/lsstp/lsstp.8 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/lsstp/lsstp.8 2020-10-28 14:31:59.000000000 +0000 @@ -0,0 +1,79 @@ +.\" Copyright 2020 IBM Corp. +.\" s390-tools is free software; you can redistribute it and/or modify +.\" it under the terms of the MIT license. See LICENSE for details. +.\" +.TH LSSTP 8 "Jul 2020" "s390-tools" "Linux Administrator's Manual" +.SH NAME +.B "lsstp " +\- Show STP configuration information +.SH SYNOPSIS +.BI "lsstp " + +.SH DESCRIPTION +.B lsstp +displays information about the current Server Time Protocol (STP) configuration +like coordinated time network (CTN) ID, timing state and leap seconds. +.SH OUTPUT +.TP +.B STP online +Indication of the online state +.TP +.B CTN ID +The ID of the coordinated time network. If it can be decoded as EBCDIC it is shown as an EBCDIC string, otherwise a hexadecimal representation is shown. +.TP +.B CTN Type +The type of timing network. +.IP +.B No CTN +STP is not configured for attachment to a CTN. +.IP +.B STP-only +STP is configured and attached to a CTN with only STP nodes. +.IP +.B Mixed +STP is configured and attached to a CTN with both STP and external time reference (ETR) nodes. +.TP +.B Stratum +The number of servers in the timing path between the local STP clock and the selected primary time server. +.TP +.B Timing mode +.IP +.B Local +The Time-of-day (TOD) clock is stepped by the local hardware oscillator and is not steered by the STP facility. +.IP +.B ETR +The TOD clock is synchronized with an attached 9037 Sysplex Timer. +.IP +.B STP +The TOD clock is steered by the STP facility to maintain synchronization with a Coordinated Server Time (CST). +.IP +.B Uninitialized +The TOD clock is not initialized. The STP facility is allowed to perform a step adjustment to the TOD clock for synchronization. +.TP +.B Timing state +The synchronization state of the STP facility. Can be unsynchronized, synchronized or stopped. +.TP +.B DST offset +The daylight savings time offset relative to UTC in minutes. +.TP +.B Timezone offset +The offset of the local time relative to UTC in minutes. +.TP +.B Time offset +The total time offset at the server. This field is only valid in mixed CTN configurations. +.TP +.B Active leap seconds +The number of leap seconds that are currently in effect at the STP facility. +.TP +.B Leap second <insertion|deletion> at +If a leap second insertion or deletion is scheduled in the STP facility, this field shows the day and time of the scheduled change. +.SH OPTIONS +.TP +.BI "-v|--version" +Print version number. +.TP +.BI "-h|--help" +Print usage text. + +.SH AUTHORS +Sven Schnelle <svens@linux.ibm.com>
  5. Download patch etc/sysconfig/dumpconf

    --- 2.14.0-2/etc/sysconfig/dumpconf 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/etc/sysconfig/dumpconf 2020-10-28 14:31:59.000000000 +0000 @@ -40,6 +40,16 @@ # BR_LBA=0 # +# Dump on nvme device (NVMe Disk) +# +# ON_PANIC=dump +# DUMP_TYPE=nvme +# FID=0x00000300 +# NSID=0x00000001 +# BOOTPROG=3 +# BR_LBA=0 + +# # Use VMDUMP # # ON_PANIC=vmcmd
  6. Download patch etc/init.d/dumpconf
  7. Download patch zkey/cca.h

    --- 2.14.0-2/zkey/cca.h 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/zkey/cca.h 2020-10-28 14:31:59.000000000 +0000 @@ -123,7 +123,8 @@ int key_token_change(struct cca_lib *cca u8 *secure_key, unsigned int secure_key_size, char *method, bool verbose); -int select_cca_adapter(struct cca_lib *cca, int card, int domain, bool verbose); +int select_cca_adapter(struct cca_lib *cca, unsigned int card, + unsigned int domain, bool verbose); #define FLAG_SEL_CCA_MATCH_CUR_MKVP 0x01 #define FLAG_SEL_CCA_MATCH_OLD_MKVP 0x02
  8. Download patch zconf/zcrypt/chzcrypt.c
  9. Download patch debian/s390-tools-statd.install

    --- 2.14.0-2/debian/s390-tools-statd.install 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/s390-tools-statd.install 2020-11-09 15:04:40.000000000 +0000 @@ -0,0 +1,10 @@ +# extra modules +debian/modules-load.d /usr/lib/ + +# extra units +debian/system/* /lib/systemd/system/ + +usr/sbin/mon_procd +usr/sbin/mon_fsstatd +usr/share/man/man*/mon_procd* +usr/share/man/man*/mon_fsstatd*
  10. Download patch README.md

    --- 2.14.0-2/README.md 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/README.md 2020-10-28 14:31:59.000000000 +0000 @@ -243,6 +243,12 @@ Package contents Provides simple tools to create a binary that can be used to implement simple network boot setups following the PXELINUX conventions. + * libekmfweb: + A shared library that provides functions to communicate with an EKMF Web + server via REST calls over HTTPS. EKMF Web stands for IBM Enterprise Key + Management Foundation - Web Edition, and is used to manage keys in an + enterprise. + For more information refer to the following publications: * "Device Drivers, Features, and Commands" chapter "Useful Linux commands" @@ -267,10 +273,11 @@ build options: | pfm | `HAVE_PFM` | cpacfstats | | net-snmp | `HAVE_SNMP` | osasnmpd | | glibc-static | `HAVE_LIBC_STATIC` | zfcpdump | -| openssl | `HAVE_OPENSSL` | genprotimg,zkey | +| openssl | `HAVE_OPENSSL` | genprotimg, zkey, libekmfweb | | cryptsetup | `HAVE_CRYPTSETUP2` | zkey-cryptsetup | -| json-c | `HAVE_JSONC` | zkey-cryptsetup | +| json-c | `HAVE_JSONC` | zkey-cryptsetup, libekmfweb | | glib2 | `HAVE_GLIB2` | genprotimg | +| libcurl | `HAVE_LIBCURL` | libekmfweb | This table lists additional build or install options: @@ -397,3 +404,11 @@ the different tools are provided: tool must be added to this group. The owner of the default key repository '/etc/zkey/repository' must be set to group 'zkeyadm' with write permission for this group. + +* libekmfweb: + For building the libekmfweb shared library you need openssl version 1.1.1 or + newer installed (openssl-devel.rpm). Also required are json-c version 0.13 or + newer (json-c-devel.rpm), and libcurl version 7.59 or newer + (libcurl-devel.rpm). + Tip: you may skip the libekmfweb build by adding `HAVE_OPENSSL=0`, + `HAVE_JSONC=0`, or `HAVE_LIBCURL=0` to the make invocation.
  11. Download patch libekmfweb/cca.c
  12. Download patch debian/libekmfweb-dev.install

    --- 2.14.0-2/debian/libekmfweb-dev.install 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/libekmfweb-dev.install 2020-11-18 13:56:27.000000000 +0000 @@ -0,0 +1,2 @@ +usr/lib/s390x-linux-gnu/libekmfweb.so +usr/include
  13. Download patch zkey/ekmfweb/zkey-ekmfweb.map

    --- 2.14.0-2/zkey/ekmfweb/zkey-ekmfweb.map 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/zkey/ekmfweb/zkey-ekmfweb.map 2020-10-28 14:31:59.000000000 +0000 @@ -0,0 +1,5 @@ +ZKEY_EKMFWEB_1.0 { + global: + kms_get_functions; + local: *; +};
  14. Download patch debian/s390-tools-udeb.install

    --- 2.14.0-2/debian/s390-tools-udeb.install 2016-12-10 09:26:01.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/s390-tools-udeb.install 2020-11-09 15:04:40.000000000 +0000 @@ -1,2 +1,4 @@ sbin/dasdfmt sbin/fdasd +sbin/chzdev +sbin/lszdev
  15. Download patch ziomon/ziorep_printers.cpp

    --- 2.14.0-2/ziomon/ziorep_printers.cpp 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/ziomon/ziorep_printers.cpp 2020-10-28 14:31:59.000000000 +0000 @@ -420,7 +420,7 @@ void VirtAdapterPrinter::print_virt_adpt int *rc) { if (m_csv) - fprintf(fp, "%x,%x.%x.%04x,", + fprintf(fp, "%x,%x.%x.%04x", m_cfg->get_chpid_by_devno(devno, rc), ZIOREP_BUSID_UNPACKED(devno)); else @@ -517,7 +517,7 @@ void VirtAdapterPrinter::print_num_reque void VirtAdapterPrinter::print_topline(FILE *fp) { if (m_csv) - fprintf(fp, "timestamp,aggregated,CHPID,Bus-ID,qdio utilization max %%,qdio utilization avg %%,queue full,fail erc,throughput read / MS/s,throughput write / MS/s,I/O requests read,I/O requqests write\n"); + fprintf(fp, "timestamp,aggregated,CHPID,Bus-ID,qdio utilization max %%,qdio utilization avg %%,queue full,fail erc,throughput read / MS/s,throughput write / MS/s,I/O requests read,I/O requests write\n"); else { fprintf(fp, "CHP Bus-ID |qdio util.%%|queu|fail|-thp in MB/s-|I/O reqs-|\n"); fprintf(fp, " ID max avg full erc rd wrt rd wrt\n");
  16. Download patch libutil/Makefile

    --- 2.14.0-2/libutil/Makefile 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/libutil/Makefile 2020-10-28 14:31:59.000000000 +0000 @@ -43,6 +43,7 @@ util_prg_example: util_prg_example.o $(l util_rec_example: util_rec_example.o $(lib) $(lib): $(objects) +$(lib): ALL_CFLAGS += -fPIC install: all
  17. Download patch zdump/dfi_s390mv.c

    --- 2.14.0-2/zdump/dfi_s390mv.c 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/zdump/dfi_s390mv.c 2020-10-28 14:31:59.000000000 +0000 @@ -21,6 +21,7 @@ #include <time.h> #include <unistd.h> +#include "lib/util_file.h" #include "lib/util_path.h" #include "zgetdump.h" @@ -98,6 +99,24 @@ static void em_init(struct vol *vol) l.dump_incomplete = 1; } +/* + * Check whether a device with a given busid is online + */ +static unsigned int dev_is_online(const char *busid) +{ + unsigned int online; + char *path; + + path = util_path_sysfs("%s/%s/online", SYSFS_BUSDIR, busid); + if (util_file_read_ui(&online, 10, path) != 0) { + warnx("Could not open \"%s\" (%s)", path, strerror(errno)); + free(path); + exit(EXIT_FAILURE); + } + free(path); + + return online; +} /* * Check sysfs, whether a device specified by its bus ID is defined and online. @@ -106,67 +125,40 @@ static void em_init(struct vol *vol) static enum dev_status dev_from_busid(char *bus_id, dev_t *dev) { struct dirent *direntp; - int fh, minor, major; + int minor, major; char buf[10]; DIR *fh_dir; char *sysfs; sysfs = util_path_sysfs("%s/%s", SYSFS_BUSDIR, bus_id); - fh_dir = opendir(sysfs); - free(sysfs); - if (!fh_dir) + if (!util_path_is_dir(sysfs)) { + free(sysfs); return DEV_UNDEFINED; - - sysfs = util_path_sysfs("%s/%s/online", SYSFS_BUSDIR, bus_id); - fh = open(sysfs, O_RDONLY); - if (fh == -1) { - warnx("Could not open \"%s\" (%s)", sysfs, strerror(errno)); - goto err; } free(sysfs); - if (read(fh, buf, 1) == -1) - ERR_EXIT_ERRNO("Could not read online attribute"); - close(fh); - if (buf[0] != '1') + if (!dev_is_online(bus_id)) return DEV_OFFLINE; + sysfs = util_path_sysfs("%s/%s/block", SYSFS_BUSDIR, bus_id); + fh_dir = opendir(sysfs); + if (!fh_dir) { + warnx("Could not open \"%s\" (%s) ", sysfs, strerror(errno)); + goto err; + } while ((direntp = readdir(fh_dir))) - if (strncmp(direntp->d_name, "block:", 6) == 0) + if (strncmp(direntp->d_name, "dasd", 4) == 0) break; - closedir(fh_dir); - if (direntp == NULL) { - sysfs = util_path_sysfs("%s/%s/block", SYSFS_BUSDIR, bus_id); - fh_dir = opendir(sysfs); - if (!fh_dir) { - warnx("Could not open \"%s\" (%s) ", - sysfs, strerror(errno)); - goto err; - } - while ((direntp = readdir(fh_dir))) - if (strncmp(direntp->d_name, "dasd", 4) == 0) - break; - closedir(fh_dir); - if (direntp == NULL) { - warnx("Problem with contents of \"%s\"", sysfs); - goto err; - } - free(sysfs); - } - - sysfs = util_path_sysfs("%s/%s/%s/dev", - SYSFS_BUSDIR, bus_id, direntp->d_name); - fh = open(sysfs, O_RDONLY); - if (fh == -1) { - warnx("Could not open \"%s\" (%s)", sysfs, strerror(errno)); + warnx("Problem with contents of \"%s\"", sysfs); goto err; } - if (read(fh, buf, sizeof(buf)) == -1) { + if (util_file_read_line(buf, sizeof(buf), "%s/%s/dev", sysfs, direntp->d_name)) { warnx("Could not read dev file (%s)", strerror(errno)); goto err; } - close(fh); + closedir(fh_dir); + if (sscanf(buf, "%i:%i", &major, &minor) != 2) { warnx("Malformed content of \"%s\": %s", sysfs, buf); goto err; @@ -178,6 +170,8 @@ static enum dev_status dev_from_busid(ch return DEV_ONLINE; err: + if (fh_dir) + closedir(fh_dir); free(sysfs); exit(EXIT_FAILURE); }
  18. Download patch libekmfweb/cca.h
  19. Download patch include/lib/util_file.h

    --- 2.14.0-2/include/lib/util_file.h 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/include/lib/util_file.h 2020-10-28 14:31:59.000000000 +0000 @@ -12,8 +12,10 @@ #define LIB_UTIL_FILE_H int util_file_read_line(char *str, size_t size, const char *fmt, ...); +int util_file_read_i(int *val, int base, const char *fmt, ...); int util_file_read_l(long *val, int base, const char *fmt, ...); int util_file_read_ll(long long *val, int base, const char *fmt, ...); +int util_file_read_ui(unsigned int *val, int base, const char *fmt, ...); int util_file_read_ul(unsigned long *val, int base, const char *fmt, ...); int util_file_read_ull(unsigned long long *val, int base, const char *fmt, ...); @@ -23,4 +25,5 @@ int util_file_write_ll(long long val, in int util_file_write_ul(unsigned long val, int base, const char *fmt, ...); int util_file_write_ull(unsigned long long val, int base, const char *fmt, ...); +int util_file_read_va(const char *path, const char *fmt, ...); #endif /** LIB_UTIL_FILE_H @} */
  20. Download patch debian/s390-tools-zkey-udeb.install

    --- 2.14.0-2/debian/s390-tools-zkey-udeb.install 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/s390-tools-zkey-udeb.install 2020-11-09 15:04:40.000000000 +0000 @@ -0,0 +1,2 @@ +usr/bin/zkey +usr/bin/zkey-cryptsetup
  21. Download patch zkey/ep11.c

    --- 2.14.0-2/zkey/ep11.c 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/zkey/ep11.c 2020-10-28 14:31:59.000000000 +0000 @@ -182,8 +182,9 @@ int load_ep11_library(struct ep11_lib *e * * @returns 0 on success, a negative errno in case of errors */ -int get_ep11_target_for_apqn(struct ep11_lib *ep11, int card, int domain, - target_t *target, bool verbose) +int get_ep11_target_for_apqn(struct ep11_lib *ep11, unsigned int card, + unsigned int domain, target_t *target, + bool verbose) { ep11_target_t *target_list; struct XCP_Module module; @@ -248,12 +249,12 @@ struct find_mkvp_info { u8 mkvp[MKVP_LENGTH]; unsigned int flags; bool found; - int card; - int domain; + unsigned int card; + unsigned int domain; bool verbose; }; -static int find_mkvp(int card, int domain, void *handler_data) +static int find_mkvp(unsigned int card, unsigned int domain, void *handler_data) { struct find_mkvp_info *info = (struct find_mkvp_info *)handler_data; struct mk_info mk_info; @@ -312,8 +313,8 @@ static int find_mkvp(int card, int domai */ int select_ep11_apqn_by_mkvp(struct ep11_lib *ep11, u8 *mkvp, const char *apqns, unsigned int flags, - target_t *target, int *card, int *domain, - bool verbose) + target_t *target, unsigned int *card, + unsigned int *domain, bool verbose) { struct find_mkvp_info info; int rc; @@ -323,7 +324,7 @@ int select_ep11_apqn_by_mkvp(struct ep11 pr_verbose(verbose, "Select mkvp %s in APQNs %s for the EP11 host " "library", printable_mkvp(CARD_TYPE_EP11, mkvp), - apqns == 0 ? "ANY" : apqns); + apqns == NULL ? "ANY" : apqns); memcpy(info.mkvp, mkvp, sizeof(info.mkvp)); info.flags = flags; @@ -369,8 +370,9 @@ int select_ep11_apqn_by_mkvp(struct ep11 * * @returns 0 on success, a negative errno in case of errors */ -static int ep11_adm_reencrypt(struct ep11_lib *ep11, target_t target, int card, - int domain, struct ep11keytoken *ep11key, +static int ep11_adm_reencrypt(struct ep11_lib *ep11, target_t target, + unsigned int card, unsigned int domain, + struct ep11keytoken *ep11key, unsigned int ep11key_size, bool verbose) { CK_BYTE resp[MAX_BLOBSIZE]; @@ -406,8 +408,8 @@ static int ep11_adm_reencrypt(struct ep1 return -EIO; } - rv = ep11->dll_m_admin(resp, &resp_len, NULL, 0, req, req_len, NULL, 0, - target); + rv = ep11->dll_m_admin(resp, &resp_len, NULL, NULL, req, req_len, NULL, + 0, target); if (rv != CKR_OK || resp_len == 0) { pr_verbose(verbose, "Command XCP_ADM_REENCRYPT failed. " "rc = 0x%lx, resp_len = %ld", rv, resp_len); @@ -461,8 +463,8 @@ static int ep11_adm_reencrypt(struct ep1 * * @returns 0 on success, a negative errno in case of errors */ -int reencipher_ep11_key(struct ep11_lib *ep11, target_t target, int card, - int domain, u8 *secure_key, +int reencipher_ep11_key(struct ep11_lib *ep11, target_t target, + unsigned int card, unsigned int domain, u8 *secure_key, unsigned int secure_key_size, bool verbose) { struct ep11keytoken *ep11key = (struct ep11keytoken *)secure_key;
  22. Download patch libutil/util_sys.c

    --- 2.14.0-2/libutil/util_sys.c 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/libutil/util_sys.c 2020-10-28 14:31:59.000000000 +0000 @@ -11,17 +11,114 @@ #include <err.h> #include <errno.h> +#include <linux/fs.h> #include <stdlib.h> +#include <stdio.h> #include <string.h> #include <sys/stat.h> #include <sys/sysmacros.h> #include <unistd.h> +#include "lib/util_file.h" +#include "lib/util_libc.h" #include "lib/util_path.h" #include "lib/util_sys.h" /* lstat() doesn't work for sysfs files, a fixed size is therefore inevitable */ #define READLINK_SIZE 256 +#define PAGE_SIZE 4096 + +/** + * Return the partition number of a given partition. + * + * @param[in] dev Device node of interest + * + * @retval int Partition number of the device + * @retval -1 Error when trying to read the partition number. + */ +int util_sys_get_partnum(dev_t dev) +{ + int partnum = -1; + char *path; + + path = util_path_sysfs("dev/block/%u:%u/partition", + major(dev), minor(dev)); + if (util_file_read_i(&partnum, 10, path)) { + warnx("Could not read from path '%s'", path); + goto out; + } + if (partnum <= 0) { + warnx("Bad partition number in '%s'", path); + partnum = -1; + goto out; + } + +out: + free(path); + return partnum; +} + +/** + * Determine if the given device is a partition. + * + * @param[in] dev Device node of interest + * + * @retval true Device is partition + * @retval false Device is not a partition + */ +bool util_sys_dev_is_partition(dev_t dev) +{ + bool is_part; + char *path; + + path = util_path_sysfs("dev/block/%u:%u/partition", + major(dev), minor(dev)); + is_part = util_path_exists(path); + free(path); + + return is_part; +} + +/** + * Determine base device + * + * This function determines the base device \p base_dev of a given + * device \p dev. If \p dev is a base device, \p base_dev becomes \p dev. + * + * @param[in] dev Device node of interest + * @param[out] base_dev Identified base device + * + * @retval 0 Success + * @retval -1 Error while reading device information or + * constructed path + */ +int util_sys_get_base_dev(dev_t dev, dev_t *base_dev) +{ + int base_major, base_minor; + char buf[PAGE_SIZE]; + char *path; + + /* check if the device already is a base device */ + if (!util_sys_dev_is_partition(dev)) { + *base_dev = makedev(major(dev), minor(dev)); + return 0; + } + path = util_path_sysfs("dev/block/%d:%d/../dev", + major(dev), minor(dev)); + if (util_file_read_line(buf, sizeof(buf), path)) { + warnx("Could not read from path '%s'", path); + free(path); + return -1; + } + free(path); + if (sscanf(buf, "%i:%i", &base_major, &base_minor) != 2) { + warn("Could not parse major:minor from string '%s'", buf); + return -1; + } + *base_dev = makedev(base_major, base_minor); + + return 0; +} /** * Identify device address @@ -44,13 +141,17 @@ int util_sys_get_dev_addr(const char *de unsigned int maj, min; struct stat s; ssize_t len; + dev_t base; char *path; if (stat(dev, &s) != 0) return -1; - maj = major(s.st_rdev); - min = minor(s.st_rdev); + if (util_sys_get_base_dev(s.st_rdev, &base)) + return -1; + + maj = major(base); + min = minor(base); if (S_ISBLK(s.st_mode)) path = util_path_sysfs("dev/block/%u:%u/device", maj, min);
  23. Download patch zkey/pkey.c

    --- 2.14.0-2/zkey/pkey.c 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/zkey/pkey.c 2020-10-28 14:31:59.000000000 +0000 @@ -45,8 +45,6 @@ #define MAX_CIPHER_LEN 32 -#define DEFAULT_KEYBITS 256 - #define INITIAL_APQN_ENTRIES 16 /** @@ -1394,7 +1392,7 @@ int generate_key_verification_pattern(co goto out; } - opfd = accept(tfmfd, NULL, 0); + opfd = accept(tfmfd, NULL, NULL); if (opfd < 0) { rc = -errno; pr_verbose(verbose, "Failed to accept on the AF_ALG socket"); @@ -1775,10 +1773,6 @@ int check_aes_cipher_key(const u8 *key, "decryption\n"); mismatch = true; } - if (cipherkey->kuf1 & 0x2000) { - printf("INFO: The secure key can be used for data translate\n"); - mismatch = true; - } if (cipherkey->kuf1 & 0x1000) { printf("WARNING: The secure key can only be used in UDXs\n"); mismatch = true; @@ -1929,8 +1923,8 @@ static int reencipher_ep11_secure_key(st u8 *mkvp, bool *apqn_selected, bool verbose) { + unsigned int card, domain; unsigned int flags; - int card, domain; target_t target; int rc;
  24. Download patch debian/rules

    --- 2.14.0-2/debian/rules 2020-08-23 13:16:15.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/rules 2020-11-12 15:02:14.000000000 +0000 @@ -1,22 +1,54 @@ #!/usr/bin/make -f +export DEB_BUILD_MAINT_OPTIONS=hardening=+all export DEB_CPPFLAGS_MAINT_APPEND = -D_GNU_SOURCE -export DEB_CPPFLAGS_LDFLAGS_APPEND = -rdynamic +export DEB_LDFLAGS_MAINT_APPEND=-rdynamic +DPKG_EXPORT_BUILDFLAGS = 1 +include /usr/share/dpkg/default.mk + +options= V=1 HAVE_SNMP=1 SYSTEMDSYSTEMUNITDIR=/lib/systemd/system + +# Enable signing in Launchpad Only for now +SIGN_SIPL= +ifneq (,$(wildcard /CurrentlyBuilding)) +SIGN_SIPL=yes +endif +SIGN_SIPL=yes %: dh $@ +override_dh_install: + # no dracut + rm -f debian/tmp/lib/s390-tools/zdev-root-update + chmod -x debian/tmp/etc/*/*.conf debian/tmp/lib/s390-tools/zfcpdump/zfcpdump-initrd + dh_install -ps390-tools-cpuplugd + dh_install -ps390-tools-statd + dh_install -ps390-tools-osasnmpd + dh_install -ps390-tools-zkey -ps390-tools-zkey-udeb + dh_install $(if $(SIGN_SIPL),-Xstage3.bin) -Xcpuplugd -Xosasnmpd -Xprocd -Xfsstatd -X60-readahead.rules -Xzkey + $(if $(SIGN_SIPL),echo 'signing:Depends=s390-tools-signed (= $(DEB_VERSION))') >> debian/s390-tools.substvars + override_dh_auto_clean: rm -f zipl/boot/.*.d - dh_auto_clean + dh_auto_clean -- $(options) override_dh_auto_build: - make V=1 + dh_auto_build -- $(options) override_dh_auto_install: - make install DESTDIR=$(CURDIR)/debian/tmp - dh_install + HAVE_INITRAMFS=1 HAVE_DRACUT=1 dh_auto_install -- $(options) -override_dh_fixperms: - chmod 0644 $(CURDIR)/debian/s390-tools/lib/s390-tools/stage3.bin - dh_fixperms +signing=debian/s390-tools-$(DEB_VERSION)-signing/ +signingv=$(signing)/$(DEB_VERSION) +signing_tar=$(DEB_SOURCE)_$(DEB_VERSION)_$(DEB_HOST_ARCH).tar.gz +override_dh_builddeb: + dh_builddeb + mkdir -p $(signingv)/control + echo 'tarball' >$(signingv)/control/options + cp debian/tmp/lib/s390-tools/stage3.bin $(signingv)/stage3.bin.sipl + tar -C $(signing) -czvf $(CURDIR)/../$(signing_tar) . + dpkg-distaddfile $(signing_tar) raw-signing - +override_dh_clean: + dh_clean + rm -rf $(signing)
  25. Download patch debian/patches/0001-dumpconf-Don-t-run-the-service-in-LXC.patch

    --- 2.14.0-2/debian/patches/0001-dumpconf-Don-t-run-the-service-in-LXC.patch 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/patches/0001-dumpconf-Don-t-run-the-service-in-LXC.patch 2020-11-09 15:04:40.000000000 +0000 @@ -0,0 +1,27 @@ +From 4b03c9249d4f28597b1736f08183c44d3d1c75ff Mon Sep 17 00:00:00 2001 +From: Balint Reczey <balint.reczey@canonical.com> +Date: Wed, 20 May 2020 14:31:16 +0200 +Subject: [PATCH] dumpconf: Don't run the service in LXC + +It just fails to start in unprivileged containers + +Signed-off-by: Balint Reczey <balint.reczey@canonical.com> +--- + systemd/dumpconf.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/systemd/dumpconf.service.in b/systemd/dumpconf.service.in +index 6b1b140..f27dc35 100644 +--- a/systemd/dumpconf.service.in ++++ b/systemd/dumpconf.service.in +@@ -9,6 +9,7 @@ + + [Unit] + Description=Configure dump on panic for System z ++ConditionVirtualization=!lxc + After=network.target + + [Service] +-- +2.25.1 +
  26. Download patch zconf/zcrypt/lszcrypt.c

    --- 2.14.0-2/zconf/zcrypt/lszcrypt.c 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/zconf/zcrypt/lszcrypt.c 2020-10-28 14:31:59.000000000 +0000 @@ -1,7 +1,7 @@ /** * lszcrypt - Display zcrypt devices and configuration settings * - * Copyright IBM Corp. 2008, 2019 + * Copyright IBM Corp. 2008, 2020 * * s390-tools is free software; you can redistribute it and/or modify * it under the terms of the MIT license. See LICENSE for details. @@ -86,7 +86,7 @@ const struct util_prg prg = { { .owner = "IBM Corp.", .pub_first = 2008, - .pub_last = 2019, + .pub_last = 2020, }, UTIL_PRG_COPYRIGHT_END } @@ -339,6 +339,7 @@ static void show_capability(const char * static void read_subdev_rec_default(struct util_rec *rec, const char *grp_dev, const char *sub_dev) { + long value; char buf[256]; unsigned long facility; @@ -347,14 +348,25 @@ static void read_subdev_rec_default(stru else util_rec_set(rec, "type", buf); - if (util_file_read_line(buf, sizeof(buf), "%s/%s/online", - grp_dev, sub_dev)) - util_rec_set(rec, "online", "-"); - else - if (strcmp(buf, "0") == 0) - util_rec_set(rec, "online", "offline"); - else + if (util_path_is_readable("%s/%s/online", grp_dev, sub_dev)) { + util_file_read_l(&value, 10, "%s/%s/online", grp_dev, sub_dev); + if (value > 0) util_rec_set(rec, "online", "online"); + else { + /* device is offline, check config (if available) */ + if (util_path_is_readable("%s/%s/config", grp_dev, sub_dev)) { + util_file_read_l(&value, 10, "%s/%s/config", grp_dev, sub_dev); + if (value > 0) + util_rec_set(rec, "online", "offline"); + else + util_rec_set(rec, "online", "deconfig"); + } else + util_rec_set(rec, "online", "offline"); + } + } else { + /* no online attribute */ + util_rec_set(rec, "online", "-"); + } util_file_read_ul(&facility, 16, "%s/ap_functions", grp_dev); if (facility & MASK_COPRO) @@ -457,6 +469,7 @@ static void show_subdevices(struct util_ */ static void read_rec_default(struct util_rec *rec, const char *grp_dev) { + long value; char buf[256]; unsigned long facility; @@ -475,13 +488,21 @@ static void read_rec_default(struct util else util_rec_set(rec, "mode", "Unknown"); - if (util_file_read_line(buf, sizeof(buf), "%s/online", grp_dev)) - util_rec_set(rec, "online", "-"); - else - if (strcmp(buf, "0") == 0) - util_rec_set(rec, "online", "offline"); - else + if (util_path_is_readable("%s/online", grp_dev)) { + util_file_read_l(&value, 10, "%s/online", grp_dev); + if (value > 0) util_rec_set(rec, "online", "online"); + else { + if (util_path_is_readable("%s/config", grp_dev)) { + util_file_read_l(&value, 10, "%s/config", grp_dev); + if (value > 0) + util_rec_set(rec, "online", "offline"); + else + util_rec_set(rec, "online", "deconfig"); + } else + util_rec_set(rec, "online", "offline"); + } + } util_file_read_line(buf, sizeof(buf), "%s/request_count", grp_dev); util_rec_set(rec, "requests", buf); @@ -567,7 +588,7 @@ static void define_rec_default(struct ut util_rec_def(rec, "card", UTIL_REC_ALIGN_LEFT, 11, "CARD.DOMAIN"); util_rec_def(rec, "type", UTIL_REC_ALIGN_LEFT, 5, "TYPE"); util_rec_def(rec, "mode", UTIL_REC_ALIGN_LEFT, 11, "MODE"); - util_rec_def(rec, "online", UTIL_REC_ALIGN_LEFT, 7, "STATUS"); + util_rec_def(rec, "online", UTIL_REC_ALIGN_LEFT, 8, "STATUS"); util_rec_def(rec, "requests", UTIL_REC_ALIGN_RIGHT, 8, "REQUESTS"); }
  27. Download patch debian/s390-tools-statd.postinst

    --- 2.14.0-2/debian/s390-tools-statd.postinst 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/s390-tools-statd.postinst 2020-11-09 15:04:40.000000000 +0000 @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +if [ "$1" = configure ]; then + /lib/systemd/systemd-modules-load /usr/lib/modules-load.d/s390-tools.conf || true +fi + +#DEBHELPER# + +exit 0 +
  28. Download patch zkey/ep11.h

    --- 2.14.0-2/zkey/ep11.h 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/zkey/ep11.h 2020-10-28 14:31:59.000000000 +0000 @@ -158,8 +158,9 @@ struct ep11_lib { int load_ep11_library(struct ep11_lib *ep11, bool verbose); -int get_ep11_target_for_apqn(struct ep11_lib *ep11, int card, int domain, - target_t *target, bool verbose); +int get_ep11_target_for_apqn(struct ep11_lib *ep11, unsigned int card, + unsigned int domain, target_t *target, + bool verbose); void free_ep11_target_for_apqn(struct ep11_lib *ep11, target_t target); @@ -168,11 +169,11 @@ void free_ep11_target_for_apqn(struct ep int select_ep11_apqn_by_mkvp(struct ep11_lib *ep11, u8 *mkvp, const char *apqns, unsigned int flags, - target_t *target, int *card, int *domain, - bool verbose); + target_t *target, unsigned int *card, + unsigned int *domain, bool verbose); -int reencipher_ep11_key(struct ep11_lib *ep11, target_t target, int card, - int domain, u8 *secure_key, +int reencipher_ep11_key(struct ep11_lib *ep11, target_t target, + unsigned int card, unsigned int domain, u8 *secure_key, unsigned int secure_key_size, bool verbose); #endif
  29. Download patch zkey/ekmfweb/Makefile

    --- 2.14.0-2/zkey/ekmfweb/Makefile 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/zkey/ekmfweb/Makefile 2020-10-28 14:31:59.000000000 +0000 @@ -0,0 +1,56 @@ +include ../../common.mak + +VERSION = 1.0 +VERM = $(shell echo $(VERSION) | cut -d '.' -f 1) + +all: zkey-ekmfweb.so + +libs = $(rootdir)/libutil/libutil.a + +export LIBRARY_PATH = $(rootdir)/libekmfweb:$LIBRARY_PATH + +zkey-ekmfweb.o: zkey-ekmfweb.c zkey-ekmfweb.h ../kms-plugin.h \ + ../cca.h ../utils.h ../pkey.h ../properties.h \ + $(rootdir)include/ekmfweb/ekmfweb.h libekmfweb.dep + +properties.o: ../properties.c ../properties.h + $(CC) $(ALL_CPPFLAGS) $(ALL_CFLAGS) -fPIC -c $< -o $@ + +pkey.o: ../pkey.c ../pkey.h ../cca.h ../ep11.h ../utils.h + $(CC) $(ALL_CPPFLAGS) $(ALL_CFLAGS) -fPIC -c $< -o $@ + +cca.o: ../cca.c ../cca.h ../pkey.h ../ep11.h ../utils.h + $(CC) $(ALL_CPPFLAGS) $(ALL_CFLAGS) -fPIC -c $< -o $@ + +ep11.o: ../ep11.c ../ep11.h ../pkey.h ../cca.h ../utils.h + $(CC) $(ALL_CPPFLAGS) $(ALL_CFLAGS) -fPIC -c $< -o $@ + +utils.o: ../utils.c ../utils.h ../pkey.h ../cca.h ../ep11.h + $(CC) $(ALL_CPPFLAGS) $(ALL_CFLAGS) -fPIC -c $< -o $@ + +zkey-ekmfweb.so: ALL_CFLAGS += -fPIC +zkey-ekmfweb.so: LDLIBS = -lekmfweb -ldl -lcrypto +zkey-ekmfweb.so: ALL_LDFLAGS += -shared -Wl,--version-script=zkey-ekmfweb.map \ + -Wl,-z,defs,-Bsymbolic -Wl,-soname,zkey-ekmfweb.so.$(VERM) +zkey-ekmfweb.so: zkey-ekmfweb.o properties.o pkey.o cca.o ep11.o utils.o $(libs) + $(LINK) $(ALL_LDFLAGS) $^ $(LDLIBS) -o $@ + +install-libekmfweb.dep: + $(MAKE) -C $(rootdir)/libekmfweb/ TOPDIR=$(TOPDIR) ARCH=$(ARCH) install + touch install-libekmfweb.dep + +libekmfweb.dep: + $(MAKE) -C $(rootdir)/libekmfweb/ TOPDIR=$(TOPDIR) ARCH=$(ARCH) all + touch libekmfweb.dep + +install: all install-libekmfweb.dep zkey-ekmfweb.so + $(INSTALL) -d -m 755 $(DESTDIR)$(MANDIR)/man1 + $(INSTALL) -m 644 -c zkey-ekmfweb.1 $(DESTDIR)$(MANDIR)/man1 + $(INSTALL) -d -m 755 $(DESTDIR)$(USRLIB64DIR) + $(INSTALL) -d -m 755 $(DESTDIR)$(USRLIB64DIR)/zkey + $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 -T zkey-ekmfweb.so $(DESTDIR)$(USRLIB64DIR)/zkey/zkey-ekmfweb.so + +clean: + rm -f *.o zkey-ekmfweb.so install-libekmfweb.dep libekmfweb.dep + +.PHONY: all install clean \ No newline at end of file
  30. Download patch debian/ziomon.install

    --- 2.14.0-2/debian/ziomon.install 2018-02-04 18:24:02.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/ziomon.install 1970-01-01 00:00:00.000000000 +0000 @@ -1,4 +0,0 @@ -usr/sbin/ziomon* -usr/sbin/ziorep* -usr/share/man/man*/ziomon* -usr/share/man/man*/ziorep*
  31. Download patch zkey/ekmfweb/zkey-ekmfweb.c
  32. Download patch libekmfweb/libekmfweb.map

    --- 2.14.0-2/libekmfweb/libekmfweb.map 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/libekmfweb/libekmfweb.map 2020-10-28 14:31:59.000000000 +0000 @@ -0,0 +1,30 @@ +LIBEKMFWEB_1.0 { + global: + ekmf_get_server_cert_chain; + ekmf_print_certificates; + ekmf_check_login_token; + ekmf_login; + ekmf_generate_identity_key; + ekmf_reencipher_identity_key; + ekmf_generate_csr; + ekmf_generate_ss_cert; + ekmf_get_public_key; + ekmf_get_settings; + ekmf_check_feature; + ekmf_retrieve_key; + ekmf_list_templates; + ekmf_get_template; + ekmf_get_last_seq_no; + ekmf_clone_template_info; + ekmf_free_template_info; + ekmf_list_keys; + ekmf_get_key_info; + ekmf_set_key_state; + ekmf_set_key_tags; + ekmf_delete_key_tags; + ekmf_clone_key_info; + ekmf_free_key_info; + ekmf_generate_key; + ekmf_curl_destroy; + local: *; +};
  33. Download patch debian/s390-tools.install

    --- 2.14.0-2/debian/s390-tools.install 2020-08-23 14:48:00.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/s390-tools.install 2020-11-09 15:04:40.000000000 +0000 @@ -1,165 +1,33 @@ -# dasdfmt -/sbin/dasdfmt -/usr/share/man/man8/dasdfmt.8 - -# dasdinfo -/sbin/dasdinfo -/usr/share/man/man8/dasdinfo.8 - -# dasdview -/sbin/dasdview -/usr/share/man/man8/dasdview.8 - -# dasdstat -/sbin/dasdstat -/usr/share/man/man8/dasdstat.8 - -# fdasd -/sbin/fdasd -/usr/share/man/man8/fdasd.8 - -# ipl_tools -/usr/sbin/chreipl -/usr/sbin/lsreipl -/usr/sbin/chshut -/usr/sbin/lsshut -/lib/s390-tools/chreipl_helper.device-mapper -/usr/share/man/man8/chreipl.8 -/usr/share/man/man8/lsreipl.8 -/usr/share/man/man8/chshut.8 -/usr/share/man/man8/lsshut.8 - -# iucvterm -/usr/bin/iucvconn -/usr/share/man/man1/iucvconn.1 -/sbin/iucvtty -/usr/share/man/man8/iucvtty.8 -/usr/sbin/lsiucvallow -/usr/sbin/chiucvallow -/usr/share/man/man8/chiucvallow.8 -/usr/share/man/man7/af_iucv.7 -/usr/share/man/man9/hvc_iucv.9 -/usr/bin/ts-shell -/usr/share/man/man1/ts-shell.1 - -# CPU-measurement facility -/sbin/lscpumf /usr/bin -/usr/share/man/man1/lscpumf.1 -/sbin/chcpumf /usr/sbin -/usr/share/man/man8/chcpumf.8 - -# qetharp -/sbin/qetharp -/usr/share/man/man8/qetharp.8 - -# qethconf -/sbin/qethconf -/usr/share/man/man8/qethconf.8 - -# znetconf -/sbin/znetconf -/lib/s390-tools/lsznet.raw -/lib/s390-tools/znetcontrolunits -/usr/share/man/man8/znetconf.8 - -# lsluns -/usr/sbin/lsluns -/usr/share/man/man8/lsluns.8 - -# channel path management -/sbin/lschp -/usr/share/man/man8/lschp.8 -/sbin/chchp -/usr/share/man/man8/chchp.8 - -# tape390 -/sbin/tape390_display -/usr/share/man/man8/tape390_display.8 - -# tunedasd -/sbin/tunedasd -/usr/share/man/man8/tunedasd.8 - -# vmcp -/sbin/vmcp -/usr/share/man/man8/vmcp.8 - -# vmur -/usr/sbin/vmur -/usr/share/man/man8/vmur.8 - -# zconf -/sbin/chccwdev -/usr/share/man/man8/chccwdev.8 -/sbin/cio_ignore -/usr/share/man/man8/cio_ignore.8 -/sbin/chzcrypt -/usr/share/man/man8/chzcrypt.8 -/sbin/lscss -/usr/share/man/man8/lscss.8 -/sbin/lsdasd -/usr/share/man/man8/lsdasd.8 -/sbin/lsqeth -/usr/share/man/man8/lsqeth.8 -/sbin/lstape -/usr/share/man/man8/lstape.8 -/sbin/lszcrypt -/usr/share/man/man8/lszcrypt.8 -/sbin/lszfcp -/usr/share/man/man8/lszfcp.8 -/sbin/lsscm -/usr/share/man/man8/lsscm.8 -/sbin/zcryptctl -/usr/share/man/man8/zcryptctl.8 -/sbin/zcryptstats -/usr/share/man/man8/zcryptstats.8 - -# zdev -/sbin/chzdev -/usr/share/man/man8/chzdev.8 -/sbin/lszdev -/usr/share/man/man8/lszdev.8 - -# zdump -/sbin/zgetdump -/usr/share/man/man8/zgetdump.8 - -# zipl -/sbin/zipl -/lib/s390-tools/zipl_helper.device-mapper -/lib/s390-tools/stage3.bin -/usr/share/man/man5/zipl.conf.5 -/usr/share/man/man8/zipl.8 - -# hyptop -/usr/sbin/hyptop -/usr/share/man/man8/hyptop.8 - -# cmsfs-fuse -/usr/bin/cmsfs-fuse -/usr/share/man/man1/cmsfs-fuse.1 -/etc/cmsfs-fuse/filetypes.conf - -# HMC removable media access -/usr/bin/hmcdrvfs -/usr/share/man/man1/hmcdrvfs.1 -/usr/sbin/lshmc -/usr/share/man/man8/lshmc.8 - -# zdsfs -/usr/bin/zdsfs -/usr/share/man/man1/zdsfs.1 +# tools +sbin/ +usr/bin/ +usr/sbin/ +usr/share/man/ +lib/ +usr/share/s390-tools # kernel stuff -../kernel/zz-zipl /etc/initramfs/post-update.d -../kernel/zz-zipl /etc/kernel/postinst.d -../kernel/zz-zipl /etc/kernel/postrm.d +debian/kernel/zz-zipl /etc/initramfs/post-update.d +debian/kernel/zz-zipl /etc/kernel/postinst.d +debian/kernel/zz-zipl /etc/kernel/postrm.d # udev rules -../../etc/udev/rules.d/60-readahead.rules /lib/udev/rules.d -../../etc/udev/rules.d/59-dasd.rules /lib/udev/rules.d -../../etc/udev/rules.d/40-z90crypt.rules /lib/udev/rules.d - -# debugging -/sbin/zfcpdbf -/usr/share/man/man1/zfcpdbf.1 +etc/udev/rules.d/*.rules /lib/udev/rules.d + +# good configs (no sysconfig, no init.d) + +etc/cmsfs-fuse/ +etc/iucvterm/ + +# dumpconf +etc/sysconfig/dumpconf +etc/init.d/dumpconf + +# cpl +etc/sysconfig/cpi + +# update-initramfs -u integration +debian/zdev-root-update /lib/s390-tools/ +debian/s390-cpi-vars /lib/systemd/system-generators +usr/share/initramfs-tools/ +usr/lib/dracut/
  34. Download patch libutil/util_file.c

    --- 2.14.0-2/libutil/util_file.c 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/libutil/util_file.c 2020-10-28 14:31:59.000000000 +0000 @@ -282,6 +282,44 @@ int util_file_write_ull(unsigned long lo } /** + * Read a file and convert it to signed int according to given base + * + * @param[out] val Buffer for value + * @param[in] base Base for conversion, either 8, 10, or 16 + * @param[in] fmt Format string for generation of the path name + * @param[in] ... Parameters for format string + * + * @retval 0 Integer has been read correctly + * @retval -1 Error while reading file + */ +int util_file_read_i(int *val, int base, const char *fmt, ...) +{ + char path[PATH_MAX], buf[512]; + va_list ap; + int count; + + /* Construct the file name */ + UTIL_VSPRINTF(path, fmt, ap); + + if (file_gets(buf, sizeof(buf), path)) + return -1; + switch (base) { + case 8: + count = sscanf(buf, "%do", val); + break; + case 10: + count = sscanf(buf, "%dd", val); + break; + case 16: + count = sscanf(buf, "%dx", val); + break; + default: + util_panic("Invalid base: %d\n", base); + } + return (count == 1) ? 0 : -1; +} + +/** * Read a file and convert it to signed long according to given base * * @param[out] val Buffer for value @@ -358,6 +396,44 @@ int util_file_read_ll(long long *val, in } /** + * Read a file and convert it to unsigned int according to given base + * + * @param[out] val Buffer for value + * @param[in] base Base for conversion, either 8, 10, or 16 + * @param[in] fmt Format string for generation of the path name + * @param[in] ... Parameters for format string + * + * @retval 0 Integer has been read correctly + * @retval -1 Error while reading file + */ +int util_file_read_ui(unsigned int *val, int base, const char *fmt, ...) +{ + char path[PATH_MAX], buf[512]; + va_list ap; + int count; + + /* Construct the file name */ + UTIL_VSPRINTF(path, fmt, ap); + + if (file_gets(buf, sizeof(buf), path)) + return -1; + switch (base) { + case 8: + count = sscanf(buf, "%uo", val); + break; + case 10: + count = sscanf(buf, "%uu", val); + break; + case 16: + count = sscanf(buf, "%ux", val); + break; + default: + util_panic("Invalid base: %d\n", base); + } + return (count == 1) ? 0 : -1; +} + +/** * Read a file and convert it to unsigned long according to given base * * @param[out] val Buffer for value @@ -432,3 +508,31 @@ int util_file_read_ull(unsigned long lon } return (count == 1) ? 0 : -1; } + +/** + * Read a file and convert it according to format string + * + * @param[in] path File name to read + * @param[in] fmt Format string for parsing the content + * @param[out] ... Parameters for format string + * + * @retval != -1 Number of values parsed correctly + * @retval -1 Error while reading file + */ + +int util_file_read_va(const char *path, const char *fmt, ...) +{ + char buf[512]; + va_list ap; + int ret; + + if (file_gets(buf, sizeof(buf), path)) + return -1; + + va_start(ap, fmt); + ret = vsscanf(buf, fmt, ap); + va_end(ap); + if (ret == EOF) + return -1; + return ret; +}
  35. Download patch include/lib/util_sys.h

    --- 2.14.0-2/include/lib/util_sys.h 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/include/lib/util_sys.h 2020-10-28 14:31:59.000000000 +0000 @@ -12,6 +12,11 @@ #ifndef LIB_UTIL_SYS_H #define LIB_UTIL_SYS_H +#include <stdbool.h> + int util_sys_get_dev_addr(const char *dev, char *addr); +bool util_sys_dev_is_partition(dev_t dev); +int util_sys_get_partnum(dev_t dev); +int util_sys_get_base_dev(dev_t dev, dev_t *base_dev); #endif /** LIB_UTIL_SYS_H @} */
  36. Download patch debian/patches/install-iucvterm.patch

    --- 2.14.0-2/debian/patches/install-iucvterm.patch 2018-01-14 14:36:29.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/patches/install-iucvterm.patch 2020-11-09 15:04:40.000000000 +0000 @@ -1,8 +1,6 @@ -Index: s390-tools-2.2.0/iucvterm/src/Makefile -=================================================================== ---- s390-tools-2.2.0.orig/iucvterm/src/Makefile -+++ s390-tools-2.2.0/iucvterm/src/Makefile -@@ -10,8 +10,8 @@ ALL_CPPFLAGS += -I../include +--- a/iucvterm/src/Makefile ++++ b/iucvterm/src/Makefile +@@ -10,8 +10,8 @@ ALL_CPPFLAGS += -DUSE_NLS -DGETTEXT_TEXTDOMAIN=\"$(GETTEXT_TEXTDOMAIN)\" #ALL_CPPFLAGS += -D__DEBUG__ @@ -13,10 +11,8 @@ Index: s390-tools-2.2.0/iucvterm/src/Mak all: $(PROGRAMS) $(SYSTOOLS) check: -Index: s390-tools-2.2.0/iucvterm/doc/Makefile -=================================================================== ---- s390-tools-2.2.0.orig/iucvterm/doc/Makefile -+++ s390-tools-2.2.0/iucvterm/doc/Makefile +--- a/iucvterm/doc/Makefile ++++ b/iucvterm/doc/Makefile @@ -2,7 +2,10 @@ include ../../common.mak @@ -29,7 +25,7 @@ Index: s390-tools-2.2.0/iucvterm/doc/Mak all: -@@ -17,6 +20,7 @@ install-man: $(MANS) +@@ -17,6 +20,7 @@ done clean: @@ -37,10 +33,8 @@ Index: s390-tools-2.2.0/iucvterm/doc/Mak pdf: $(MANS) for man in $(MANS); do \ -Index: s390-tools-2.2.0/iucvterm/doc/iucvtty.1 -=================================================================== ---- s390-tools-2.2.0.orig/iucvterm/doc/iucvtty.1 -+++ s390-tools-2.2.0/iucvterm/doc/iucvtty.1 +--- a/iucvterm/doc/iucvtty.1 ++++ b/iucvterm/doc/iucvtty.1 @@ -1,11 +1,11 @@ -.\" iucvtty.1 +.\" iucvtty.8 @@ -55,7 +49,7 @@ Index: s390-tools-2.2.0/iucvterm/doc/iuc . .ds t \fBiucvtty\fP .ds i \fBiucvconn\fP -@@ -139,7 +139,7 @@ with \fB/bin/login\fP could be: +@@ -139,7 +139,7 @@ .ft CW .in +0.25in .nf @@ -64,7 +58,7 @@ Index: s390-tools-2.2.0/iucvterm/doc/iuc .fi .in -0.25in .ft -@@ -150,7 +150,7 @@ with \fB/sbin/sulogin\fP in single user +@@ -150,7 +150,7 @@ .ft CW .in +0.25in .nf
  37. Download patch debian/control

    --- 2.14.0-2/debian/control 2020-08-23 14:36:37.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/control 2020-11-18 13:43:49.000000000 +0000 @@ -1,17 +1,20 @@ Source: s390-tools Section: admin -Priority: important -Maintainer: Debian S/390 Team <debian-s390@lists.debian.org> +Priority: optional +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: Debian S/390 Team <debian-s390@lists.debian.org> Uploaders: Bastian Blank <waldi@debian.org>, Philipp Kern <pkern@debian.org> -Build-Depends: debhelper-compat (= 13), libz-dev, quilt, gcc-multilib, libfuse-dev, libncurses-dev, libpfm4-dev, libssl-dev, libcurl4-openssl-dev, libcryptsetup-dev, libjson-c-dev -Standards-Version: 3.8.3 +Build-Depends: debhelper-compat (= 13), libz-dev, quilt, gcc-multilib, libfuse-dev, libncurses-dev, libpfm4-dev, libssl-dev, libcurl4-openssl-dev, libcryptsetup-dev, libjson-c-dev, libsnmp-dev, libglib2.0-dev +Standards-Version: 3.9.7 Homepage: http://www.ibm.com/developerworks/linux/linux390/s390-tools.html Package: s390-tools -Architecture: s390x -Depends: ${shlibs:Depends}, ${misc:Depends}, perl, gawk +Architecture: s390 s390x +Priority: important +Depends: ${shlibs:Depends}, ${misc:Depends}, perl, ${signing:Depends}, gawk Recommends: sg3-utils -Description: Set of fundamental utilities for Linux on S/390 +Suggests: s390-tools-cpuplugd, s390-tools-osasnmpd, s390-tools-statd, multipath-tools, lsscsi, rsync, blktrace +Description: fundamental utilities for Linux on z Systems The package contains: * dasdfmt, which is used to low-level format ECKD-DASDs with either the classic disk layout or the new zSeries compatible disk layout. @@ -24,21 +27,73 @@ Description: Set of fundamental utilitie * zgetdump, which is used to retrieve system dumps from either tapes or dasds. +Package: s390-tools-cpuplugd +Architecture: s390 s390x +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: cpuplugd utility for Linux on z Systems + The package contains cpuplugd hotplug daemon from the s390-tools + collection of utilities. + +Package: s390-tools-statd +Architecture: s390 s390x +Depends: ${shlibs:Depends}, ${misc:Depends} +Breaks: s390-tools (<<1.34.0-0ubuntu7~) +Replaces: s390-tools (<<1.34.0-0ubuntu7~) +Description: mon_statd monitoring daemons for Linux on z Systems + The package contains mon_procd and mon_fsstatd z/VM monitoring + daemons for Linux on z Systems from the s390-tools collection of + utilities. These tools are also known as mon_statd. + +Package: s390-tools-osasnmpd +Architecture: s390 s390x +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: osasnmpd utility for Linux on z Systems + The package contains osasnmpd monitoring daemon from the s390-tools + collection of utilities. + +Package: s390-tools-zkey +Architecture: s390 s390x +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: zkey utilities for Linux on z Systems + The package contains zkey and zkey-cryptsetup from the s390-tools + collection of utilities. + +Package: libekmfweb1 +Architecture: s390 s390x +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: integration with IBM Enterprise Key Management Foundation + This package contains library to integrate with IBM Enterprise Key + Management Foundation. It is used by zkey plugin for pervasive + encryption support. + . + This package contains the runtime library. + +Package: libekmfweb-dev +Architecture: s390 s390x +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: integration with IBM Enterprise Key Management Foundation (development) + This package contains library to integrate with IBM Enterprise Key + Management Foundation. It is used by zkey plugin for pervasive + encryption support. + . + This package contains the development library and headers. + Package: s390-tools-udeb XC-Package-Type: udeb Section: debian-installer -Priority: optional -Architecture: s390x +Architecture: s390 s390x Depends: ${shlibs:Depends}, ${misc:Depends} -Description: Set of utilities for Linux on S/390 +Description: utilities for Linux on z Systems This is a minimal package used by debian-installer. - This package contains only the binaries dasdfmt and fdasd. + This package contains only the binaries chzdev, lszdev, dasdfmt and + fdasd. -Package: ziomon -Priority: optional -Architecture: s390x -Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}, blktrace, rsync -Recommends: multipath-tools, lsscsi -Description: Performance analysis and reports for zFCP devices - Tool set to collect data from zFCP devices for performance analysis - and reporting. +Package: s390-tools-zkey-udeb +XC-Package-Type: udeb +Section: debian-installer +Priority: standard +Architecture: s390 s390x +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: zkey utilities for Linux on z Systems + The package contains zkey and zkey-cryptsetup from the s390-tools + collection of utilities for the debian-installer
  38. Download patch ipl_tools/cmd_chreipl.c

    --- 2.14.0-2/ipl_tools/cmd_chreipl.c 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/ipl_tools/cmd_chreipl.c 2020-10-28 14:31:59.000000000 +0000 @@ -79,6 +79,7 @@ static const char *const usage_chreipl = " -s --nsid <NAMESPACE_ID> Namespace ID of NVME IPL device (decimal, default 1)\n" " -b, --bootprog <BPROG> Bootprog specification\n" " -L, --loadparm <PARM> Loadparm specification\n" +" -c, --clear 0|1 Control if memory is cleared on re-IPL\n" "\n" "Options for nss target:\n" " -n, --name <NAME> Identifier of the NSS\n" @@ -794,6 +795,11 @@ static void chreipl_nvme(void) strlen(l.bootparms), BOOTPARMS_FCP_MAX); } + if (l.reipl_clear >= 0) { + check_exists("reipl/nvme/clear", "NVME re-IPL clear attribute"); + write_str(l.reipl_clear ? "1" : "0", "reipl/nvme/clear"); + } + write_str_optional(l.loadparm, "reipl/nvme/loadparm", l.loadparm_set, "loadparm"); write_str_optional(l.bootparms, "reipl/nvme/scp_data", l.bootparms_set,
  39. Download patch libekmfweb/Makefile

    --- 2.14.0-2/libekmfweb/Makefile 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/libekmfweb/Makefile 2020-10-28 14:31:59.000000000 +0000 @@ -0,0 +1,92 @@ +include ../common.mak + +VERSION = 1.0 +VERM = $(shell echo $(VERSION) | cut -d '.' -f 1) + +ifneq (${HAVE_OPENSSL},0) + ifneq (${HAVE_JSONC},0) + ifneq (${HAVE_LIBCURL},0) + BUILD_TARGETS += libekmfweb.so.$(VERSION) + INSTALL_TARGETS += install-libekmfweb.so.$(VERSION) + else + BUILD_TARGETS += skip-libekmfweb-curl + INSTALL_TARGETS += skip-libekmfweb-curl + endif + else + BUILD_TARGETS += skip-libekmfweb-jsonc + INSTALL_TARGETS += skip-libekmfweb-jsonc + endif +else + BUILD_TARGETS += skip-libekmfweb-openssl + INSTALL_TARGETS += skip-libekmfweb-openssl +endif + +libs = $(rootdir)/libutil/libutil.a + +detect-openssl-version.dep: + echo "#include <openssl/opensslv.h>" > detect-openssl-version.dep + echo "#include <openssl/evp.h>" >> detect-openssl-version.dep + echo "#if OPENSSL_VERSION_NUMBER < 0x10101000L" >> detect-openssl-version.dep + echo " #error openssl version 1.1.1 is required" >> detect-openssl-version.dep + echo "#endif" >> detect-openssl-version.dep + echo "static void __attribute__((unused)) test(void) {" >> detect-openssl-version.dep + echo " EVP_PKEY_meth_remove(NULL);" >> detect-openssl-version.dep + echo "}" >> detect-openssl-version.dep + +check-dep-libekmfweb: detect-openssl-version.dep + $(call check_dep, \ + "libekmfweb", \ + "detect-openssl-version.dep", \ + "openssl-devel version >= 1.1.1", \ + "HAVE_OPENSSL=0", \ + -I. -lcrypto) + $(call check_dep, \ + "libekmfweb", \ + "json-c/json.h", \ + "json-c-devel", \ + "HAVE_JSONC=0") + $(call check_dep, \ + "libekmfweb", \ + "curl/curl.h", \ + "libcurl-devel", \ + "HAVE_LIBCURL=0") + touch check-dep-libekmfweb + +skip-libekmfweb-openssl: + echo " SKIP libekmfweb due to HAVE_OPENSSL=0" + +skip-libekmfweb-jsonc: + echo " SKIP libekmfweb due to HAVE_JSONC=0" + +skip-libekmfweb-curl: + echo " SKIP libekmfweb due to HAVE_LIBCURL=0" + +all: $(BUILD_TARGETS) + +ekmfweb.o: check-dep-libekmfweb ekmfweb.c utilities.h cca.h $(rootdir)include/ekmfweb/ekmfweb.h +utilities.o: check-dep-libekmfweb utilities.c utilities.h $(rootdir)include/ekmfweb/ekmfweb.h +cca.o: check-dep-libekmfweb cca.c cca.h utilities.h $(rootdir)include/ekmfweb/ekmfweb.h + +libekmfweb.so.$(VERSION): ALL_CFLAGS += -fPIC +libekmfweb.so.$(VERSION): LDLIBS = -ljson-c -lcrypto -lssl -lcurl -ldl +libekmfweb.so.$(VERSION): ALL_LDFLAGS += -shared -Wl,--version-script=libekmfweb.map \ + -Wl,-z,defs,-Bsymbolic -Wl,-soname,libekmfweb.so.$(VERM) +libekmfweb.so.$(VERSION): ekmfweb.o utilities.o cca.o + $(LINK) $(ALL_LDFLAGS) $^ $(LDLIBS) -o $@ + ln -srf libekmfweb.so.$(VERSION) libekmfweb.so.$(VERM) + ln -srf libekmfweb.so.$(VERSION) libekmfweb.so + +install-libekmfweb.so.$(VERSION): libekmfweb.so.$(VERSION) + $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 -T libekmfweb.so.$(VERSION) $(DESTDIR)$(USRLIB64DIR)/libekmfweb.so.$(VERSION) + ln -srf $(DESTDIR)$(USRLIB64DIR)/libekmfweb.so.$(VERSION) $(DESTDIR)$(USRLIB64DIR)/libekmfweb.so.$(VERM) + ln -srf $(DESTDIR)$(USRLIB64DIR)/libekmfweb.so.$(VERSION) $(DESTDIR)$(USRLIB64DIR)/libekmfweb.so + $(INSTALL) -d -m 770 $(DESTDIR)$(USRINCLUDEDIR)/ekmfweb + $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 $(rootdir)include/ekmfweb/ekmfweb.h $(DESTDIR)$(USRINCLUDEDIR)/ekmfweb + +install: all $(INSTALL_TARGETS) + +clean: + rm -f *.o libekmfweb.so* check-dep-libekmfweb detect-openssl-version.dep + +.PHONY: all install clean skip-libekmfweb-openssl skip-libekmfweb-jsonc \ + skip-libekmfweb-curl install-libekmfweb.so.$(VERSION)
  40. Download patch zkey/ekmfweb/zkey-ekmfweb.h

    --- 2.14.0-2/zkey/ekmfweb/zkey-ekmfweb.h 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/zkey/ekmfweb/zkey-ekmfweb.h 2020-10-28 14:31:59.000000000 +0000 @@ -0,0 +1,108 @@ +/* + * zkey-ekmfweb - EKMFWeb zkey KMS plugin + * + * Copyright IBM Corp. 2020 + * + * s390-tools is free software; you can redistribute it and/or modify + * it under the terms of the MIT license. See LICENSE for details. + */ + +#ifndef ZKEY_EKMFWEB_H +#define ZKEY_EKMFWEB_H + +#include <stddef.h> +#include <stdbool.h> +#include <sys/stat.h> + +#include "ekmfweb/ekmfweb.h" + +struct plugin_handle { + const char *config_path; + mode_t config_path_mode; + gid_t config_path_owner; + struct properties *properties; + bool apqns_configured; + bool connection_configured; + bool settings_retrieved; + bool templates_retrieved; + bool identity_key_generated; + bool registered; + bool config_complete; + struct ekmf_ext_lib ext_lib; + struct ekmf_cca_lib cca; + struct ekmf_config ekmf_config; + CURL *curl_handle; + char error_msg[1024]; + bool verbose; +}; + +#define EKMFWEB_CONFIG_FILE "ekmfweb.conf" +#define EKMFWEB_CONFIG_SERVER_CERT_FILE "server-cert.pem" +#define EKMFWEB_CONFIG_SERVER_PUBKEY_FILE "server-pubkey.pem" +#define EKMFWEB_CONFIG_LOGIN_TOKEN_FILE "login.token" +#define EKMFWEB_CONFIG_EKMFWEB_PUBKEY_FILE "ekmfweb-pubkey.pem" +#define EKMFWEB_CONFIG_IDENTITY_KEY_FILE "identity-key.skey" +#define EKMFWEB_CONFIG_IDENTITY_KEY_REENC_FILE "identity-key.reenc" + +#define EKMFWEB_CONFIG_APQNS "apqns" +#define EKMFWEB_CONFIG_URL "url" +#define EKMFWEB_CONFIG_CA_BUNDLE "ca-bundle" +#define EKMFWEB_CONFIG_CLIENT_CERT "client-cert" +#define EKMFWEB_CONFIG_CLIENT_KEY "client-key" +#define EKMFWEB_CONFIG_CLIENT_KEY_PASSPHRASE "client-key-passphrase" +#define EKMFWEB_CONFIG_SERVER_CERT "server-cert" +#define EKMFWEB_CONFIG_SERVER_PUBKEY "server-pubkey" +#define EKMFWEB_CONFIG_VERIFY_SERVER_CERT "verify-server-cert" +#define EKMFWEB_CONFIG_VERIFY_HOSTNAME "verify-hostname" +#define EKMFWEB_CONFIG_LOGIN_TOKEN "login-token" +#define EKMFWEB_CONFIG_PASSCODE_URL "passcode-url" +#define EKMFWEB_CONFIG_EKMFWEB_PUBKEY "ekmfweb-pubkey" +#define EKMFWEB_CONFIG_TEMPLATE_XTS1 "template-xts1" +#define EKMFWEB_CONFIG_TEMPLATE_XTS2 "template-xts2" +#define EKMFWEB_CONFIG_TEMPLATE_NONXTS "template-nonxts" +#define EKMFWEB_CONFIG_TEMPLATE_IDENTITY "template-identity" +#define EKMFWEB_CONFIG_TEMPLATE_XTS1_LABEL "template-xts1-label" +#define EKMFWEB_CONFIG_TEMPLATE_XTS2_LABEL "template-xts2-label" +#define EKMFWEB_CONFIG_TEMPLATE_NONXTS_LABEL "template-nonxts-label" +#define EKMFWEB_CONFIG_TEMPLATE_IDENTITY_LABEL "template-identity-label" +#define EKMFWEB_CONFIG_TEMPLATE_XTS1_ID "template-xts1-id" +#define EKMFWEB_CONFIG_TEMPLATE_XTS2_ID "template-xts2-id" +#define EKMFWEB_CONFIG_TEMPLATE_NONXTS_ID "template-nonxts-id" +#define EKMFWEB_CONFIG_TEMPLATE_IDENTITY_ID "template-identity-id" +#define EKMFWEB_CONFIG_IDENTITY_KEY "identity-key" +#define EKMFWEB_CONFIG_IDENTITY_KEY_ALGORITHM "identity-key-algorithm" +#define EKMFWEB_CONFIG_IDENTITY_KEY_PARAMS "identity-key-params" +#define EKMFWEB_CONFIG_IDENTITY_KEY_REENC "identity-key-reenc" +#define EKMFWEB_CONFIG_IDENTITY_KEY_LABEL "identity-key-label" +#define EKMFWEB_CONFIG_IDENTITY_KEY_ID "identity-key-id" +#define EKMFWEB_CONFIG_SESSION_KEY_CURVE "session-key-curve" +#ifdef EKMFWEB_SUPPORTS_RSA_DIGESTS_AND_PSS_SIGNATURES +#define EKMFWEB_CONFIG_SESSION_RSA_SIGN_DIGEST "session-rsa-sign-digest" +#define EKMFWEB_CONFIG_SESSION_RSA_SIGN_PSS "session-rsa-sign-pss" +#endif + +#define EKMFWEB_PASSCODE_URL "/administration/passcode" +#define EKMFWEB_TEMPLATE_STATE_ACTIVE "ACTIVE" +#define EKMFWEB_TEMPLATE_STATE_HISTORY "HISTORY" +#define EKMFWEB_KEYSTORE_TYPE_PERV_ENCR "PERVASIVE_ENCRYPTION" +#define EKMFWEB_KEYSTORE_TYPE_IDENTITY "IDENTITY" +#define EKMFWEB_KEY_ALGORITHM_AES "AES" +#define EKMFWEB_KEY_ALGORITHM_ECC "ECC" +#define EKMFWEB_KEY_ALGORITHM_RSA "RSA" +#define EKMFWEB_KEY_TYPE_CIPHER "CIPHER" +#define EKMFWEB_KEY_STATE_PRE_ACTIVATION "PRE-ACTIVATION" +#define EKMFWEB_KEY_STATE_ACTIVE "ACTIVE" +#define EKMFWEB_KEY_STATE_DEACTIVATED "DEACTIVATED" +#define EKMFWEB_KEY_STATE_COMPROMISED "COMPROMISED" +#define EKMFWEB_KEY_STATE_DESTROYED "DESTROYED" +#define EKMFWEB_KEY_STATE_DESTROYED_COMPROMISED "DESTROYED-COMPROMISED" +#define EKMFWEB_CURVE_PRIME "PRIME_CURVE" +#define EKMFWEB_CURVE_BAINPOOL "BRAINPOOL_CURVE" +#define EKMFWEB_SEQNO_TAG "seqno" + +#define DEFAULT_IDENTITY_KEY_PUBLIC_EXPONENT 65537 + +#define CCA_LIBRARY_NAME "libcsulcca.so" +#define CCA_WEB_PAGE "http://www.ibm.com/security/cryptocards" + +#endif
  41. Download patch zkey/Makefile

    --- 2.14.0-2/zkey/Makefile 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/zkey/Makefile 2020-10-28 14:31:59.000000000 +0000 @@ -3,6 +3,11 @@ include ../common.mak ifneq (${HAVE_OPENSSL},0) BUILD_TARGETS += zkey INSTALL_TARGETS += install-zkey + ifneq (${HAVE_JSONC},0) + ifneq (${HAVE_LIBCURL},0) + SUB_DIRS += ekmfweb + endif + endif else BUILD_TARGETS += zkey-skip INSTALL_TARGETS += zkey-skip @@ -10,9 +15,14 @@ endif ifneq (${HAVE_CRYPTSETUP2},0) ifneq (${HAVE_JSONC},0) - BUILD_TARGETS += zkey-cryptsetup - INSTALL_TARGETS += install-zkey-cryptsetup - CPPFLAGS += -DHAVE_LUKS2_SUPPORT + ifneq (${HAVE_OPENSSL},0) + BUILD_TARGETS += zkey-cryptsetup + INSTALL_TARGETS += install-zkey-cryptsetup + CPPFLAGS += -DHAVE_LUKS2_SUPPORT + else + BUILD_TARGETS += zkey-cryptsetup-skip-openssl + INSTALL_TARGETS += zkey-cryptsetup-skip-openssl + endif else BUILD_TARGETS += zkey-cryptsetup-skip-jsonc INSTALL_TARGETS += zkey-cryptsetup-skip-jsonc @@ -62,7 +72,10 @@ zkey-cryptsetup-skip-cryptsetup2: zkey-cryptsetup-skip-jsonc: echo " SKIP zkey-cryptsetup due to HAVE_JSONC=0" -all: $(BUILD_TARGETS) +zkey-cryptsetup-skip-openssl: + echo " SKIP zkey-cryptsetup due to HAVE_OPENSSL=0" + +all: $(BUILD_TARGETS) $(SUB_DIRS) zkey.o: zkey.c pkey.h cca.h ep11.h misc.h pkey.o: pkey.c pkey.h cca.h ep11.h utils.h @@ -73,9 +86,10 @@ properties.o: check-dep-zkey properties. keystore.o: keystore.c keystore.h properties.h pkey.h cca.h ep11.h utils.h zkey-cryptsetup.o: check-dep-zkey-cryptsetup zkey-cryptsetup.c pkey.h cca.h \ ep11.h misc.h utils.h +kms.o: kms.c kms.h kms-plugin.h utils.h pkey.h zkey: LDLIBS = -ldl -lcrypto -zkey: zkey.o pkey.o cca.o ep11.o properties.o keystore.o utils.o $(libs) +zkey: zkey.o pkey.o cca.o ep11.o properties.o keystore.o utils.o kms.o $(libs) $(LINK) $(ALL_LDFLAGS) $^ $(LDLIBS) -o $@ zkey-cryptsetup: LDLIBS = -ldl -lcryptsetup -ljson-c -lcrypto @@ -86,22 +100,35 @@ install-common: $(INSTALL) -d -m 755 $(DESTDIR)$(USRBINDIR) $(INSTALL) -d -m 755 $(DESTDIR)$(MANDIR)/man1 -install-zkey: +install-zkey: zkey $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 zkey $(DESTDIR)$(USRBINDIR) $(INSTALL) -m 644 -c zkey.1 $(DESTDIR)$(MANDIR)/man1 $(INSTALL) -d -m 770 $(DESTDIR)$(SYSCONFDIR)/zkey $(INSTALL) -d -m 770 $(DESTDIR)$(SYSCONFDIR)/zkey/repository + $(INSTALL) -m 644 -c kms-plugins.conf $(DESTDIR)$(SYSCONFDIR)/zkey -install-zkey-cryptsetup: +install-zkey-cryptsetup: zkey-cryptsetup $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 zkey-cryptsetup $(DESTDIR)$(USRBINDIR) $(INSTALL) -m 644 -c zkey-cryptsetup.1 $(DESTDIR)$(MANDIR)/man1 -install: all install-common $(INSTALL_TARGETS) +install: all install-common $(INSTALL_TARGETS) $(SUB_DIRS) -clean: +clean: $(SUB_DIRS) rm -f *.o zkey zkey-cryptsetup detect-libcryptsetup.dep \ check-dep-zkey check-dep-zkey-cryptsetup +# +# For simple "make" we explicitly set the MAKECMDGOALS to "all". +# +ifeq ($(MAKECMDGOALS),) +MAKECMDGOALS = all +endif + +$(SUB_DIRS): + $(foreach goal,$(MAKECMDGOALS), \ + $(MAKE) -C $@ TOPDIR=$(TOPDIR) ARCH=$(ARCH) $(goal) ;) +.PHONY: $(SUB_DIRS) + .PHONY: all install clean zkey-skip zkey-cryptsetup-skip-cryptsetup2 \ zkey-cryptsetup-skip-jsonc install-common install-zkey \ install-zkey-cryptsetup
  42. Download patch cpumf/man/lscpumf.1

    --- 2.14.0-2/cpumf/man/lscpumf.1 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/cpumf/man/lscpumf.1 2020-10-28 14:31:59.000000000 +0000 @@ -19,9 +19,11 @@ lscpumf \- display information about CPU .RB [ \-i | \-\-info ] .br .B lscpumf -.RB [ \-c | \-\-list\-counters ] [ \-n ] -.RB [ \-C | \-\-list\-all\-counters ] [ \-n ] -.RB [ \-s | \-\-list\-sampling\-events ] +.RB \-c | \-\-list\-counters | \-C | \-\-list\-all\-counters +.RB [ \-n ] +.br +.B lscpumf +.RB \-s | \-\-list\-sampling\-events .br .B lscpumf .BR \-h | \-\-help
  43. Download patch debian/libekmfweb1.install

    --- 2.14.0-2/debian/libekmfweb1.install 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/libekmfweb1.install 2020-11-18 13:44:15.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/s390x-linux-gnu/libekmfweb.so.1*
  44. Download patch zkey/kms-plugin.h
  45. Download patch debian/s390-tools-zkey.postinst

    --- 2.14.0-2/debian/s390-tools-zkey.postinst 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/s390-tools-zkey.postinst 2020-11-09 15:04:40.000000000 +0000 @@ -0,0 +1,14 @@ +#!/bin/sh +set -e + +if [ "$1" = configure ]; then + if ! getent group zkeyadm >/dev/null; then + addgroup --system zkeyadm + fi + chown root:zkeyadm /etc/zkey /etc/zkey/repository + chmod 0770 /etc/zkey /etc/zkey/repository +fi + +#DEBHELPER# + +exit 0
  46. Download patch zipl/boot/Makefile

    --- 2.14.0-2/zipl/boot/Makefile 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/zipl/boot/Makefile 2020-10-28 14:31:59.000000000 +0000 @@ -7,7 +7,7 @@ INCLUDE_PARMS := $(addprefix -I,$(INCLUD ALL_CFLAGS = $(NO_PIE_CFLAGS) -Os -g $(INCLUDE_PARMS) \ -DS390_TOOLS_RELEASE=$(S390_TOOLS_RELEASE) \ -fno-builtin -ffreestanding -fno-asynchronous-unwind-tables \ - -fno-delete-null-pointer-checks \ + -fno-delete-null-pointer-checks -fno-stack-protector \ -fexec-charset=IBM1047 -m64 -mpacked-stack \ -mstack-size=4096 -mstack-guard=128 -msoft-float \ -W -Wall -Wformat-security
  47. Download patch genprotimg/boot/Makefile

    --- 2.14.0-2/genprotimg/boot/Makefile 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/genprotimg/boot/Makefile 2020-10-28 14:31:59.000000000 +0000 @@ -12,7 +12,7 @@ ALL_CFLAGS := $(NO_PIE_CFLAGS) -Os -g \ -DENABLE_SCLP_ASCII=1 \ -DS390_TOOLS_RELEASE=$(S390_TOOLS_RELEASE) \ -fno-builtin -ffreestanding -fno-asynchronous-unwind-tables \ - -fno-delete-null-pointer-checks \ + -fno-delete-null-pointer-checks -fno-stack-protector \ -fexec-charset=IBM1047 -m64 -mpacked-stack \ -mstack-size=4096 -mstack-guard=128 -msoft-float \ -Wall -Wformat-security -Wextra -Werror
  48. Download patch debian/zdev-root-update

    --- 2.14.0-2/debian/zdev-root-update 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/zdev-root-update 2020-11-09 15:04:40.000000000 +0000 @@ -0,0 +1,2 @@ +#!/bin/sh +exec update-initramfs -u
  49. Download patch zconf/zcrypt/chzcrypt.8

    --- 2.14.0-2/zconf/zcrypt/chzcrypt.8 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/zconf/zcrypt/chzcrypt.8 2020-10-28 14:31:59.000000000 +0000 @@ -1,8 +1,10 @@ -.\" Copyright 2019 IBM Corp. +.\" chzcrypt.8 +.\" +.\" Copyright 2020 IBM Corp. .\" s390-tools is free software; you can redistribute it and/or modify .\" it under the terms of the MIT license. See LICENSE for details. .\" -.TH CHZCRYPT 8 "AUG 2019" "s390-tools" +.TH CHZCRYPT 8 "OCT 2020" "s390-tools" .SH NAME chzcrypt \- modify zcrypt configuration .SH SYNOPSIS @@ -16,6 +18,14 @@ chzcrypt \- modify zcrypt configuration [...] ) .TP .B chzcrypt +.B --config-on +.RB "|" +.B --config-off +.RB "( " -a " | " +.I <device id> +[...] ) +.TP +.B chzcrypt .RB "[ " -p " | " -n " ] [ " -t .I <timeout> ] @@ -54,11 +64,22 @@ Set the given cryptographic device(s) of .B -a, --all Set all available cryptographic device(s) online or offline. .TP 8 +.B --config-on +Set the given cryptographic card device(s) config on ('configured'). +.TP 8 +.B --config-off +Set the given cryptographic card device(s) config off ('deconfigured'). +.TP 8 .B <device id> -Specifies a cryptographic device which will be set either online or offline. -The device can either be a card device or a queue device. -A queue device can only get switched online when the providing card is online. - +Specifies a cryptographic device which will be set either online or +offline or configured on or off. For online and offline the device can +either be a card device or a queue device. A queue device can only get +switched online when the providing card is online. +.br +For config on/off the device needs to be a card device. A card or +queue device cannot get switched online if the card is in deconfigured +state. +.br Please note that the card device and queue device representation are both in hexadecimal notation. .TP 8 @@ -103,11 +124,25 @@ Will set the cryptographic device '10.00 .B chzcrypt -d -a Will set all available cryptographic devices offline. .TP +.B chzcrypt --config-on -a -V +Set all available crypto cards to config on, be verbose. +.TP +.B chzcrypt -V --config-off card01 card03 +Switch the two crypto cards 1 and 3 to deconfigured, be verbose. +.TP .B chzcrypt -c 60 -n Will set configuration timer for re-scanning the AP bus to 60 seconds and disable zcrypt's poll thread. .TP .B chzcrypt -q 67 Will set the default domain to 67. +.SH NOTES +Support for crypto cards to get switched config on or off requires a +Linux kernel supporting this. If the required sysfs attribute file +does not exist, it is assumed there is an older kernel running and +chzcrypt exits with an appropriate message. Even more config on/off +may require support from a hypervisor like KVM or zVM and may fail if +the Linux kernel is unable to perform the SCLP command. Check syslog +on failure. .SH SEE ALSO \fBlszcrypt\fR(8)
  50. Download patch ipl_tools/man/chreipl.8

    --- 2.14.0-2/ipl_tools/man/chreipl.8 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/ipl_tools/man/chreipl.8 2020-10-28 14:31:59.000000000 +0000 @@ -238,6 +238,13 @@ configuration that is defined by the boot menu. Instead it can be used to control higher level boot loaders like GRUB. For more details refer to distribution specific documentation. +.TP +.BR "\-c" " or " "\-\-clear" +Specify whether memory should be cleared on re-IPL. Possible values are 0 to +disable and 1 to enable memory clearing on re-IPL. +Memory clearing is supported if the "clear" attribute is present in +/sys/firmware/reipl/nvme/. + .PP \fBExamples:\fP .br
  51. Download patch .gitignore

    --- 2.14.0-2/.gitignore 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/.gitignore 2020-10-28 14:31:59.000000000 +0000 @@ -34,6 +34,11 @@ iucvterm/src/iucvconn iucvterm/src/iucvtty iucvterm/src/ttyrun iucvterm/test/test_afiucv +libekmfweb/check-dep-libekmfweb +libekmfweb/detect-openssl-version.dep +libekmfweb/libekmfweb.so +libekmfweb/libekmfweb.so.1 +libekmfweb/libekmfweb.so.1.0 libutil/util_base_example libutil/util_file_example libutil/util_libc_example @@ -44,8 +49,9 @@ libutil/util_path_example libutil/util_prg_example libutil/util_rec_example libutil/util_scandir_example -libzds/libzds.a libvmcp/vmcp_example +libzds/libzds.a +lsstp/lsstp mon_tools/mon_fsstatd mon_tools/mon_procd osasnmpd/osasnmpd @@ -75,10 +81,10 @@ zdev/src/lszdev zdev/src/lszdev_usage.c zdsfs/zdsfs zdump/zgetdump +zfcpdump/10-zfcpdump.install zfcpdump/cpioinit -zfcpdump/zfcpdump_part zfcpdump/zfcpdump-initrd -zfcpdump/10-zfcpdump.install +zfcpdump/zfcpdump_part ziomon/ziomon_mgr ziomon/ziomon_util ziomon/ziomon_zfcpdd @@ -90,9 +96,11 @@ zipl/boot/data.h zipl/src/chreipl_helper.device-mapper zipl/src/zipl zipl/src/zipl_helper.device-mapper -zkey/zkey -zkey/zkey-cryptsetup zkey/check-dep-zkey zkey/check-dep-zkey-cryptsetup zkey/detect-libcryptsetup.dep +zkey/ekmfweb/libekmfweb.dep +zkey/ekmfweb/zkey-ekmfweb.so +zkey/zkey +zkey/zkey-cryptsetup zpcictl/zpcictl
  52. Download patch debian/patches/disable.patch

    --- 2.14.0-2/debian/patches/disable.patch 2020-08-23 12:19:12.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/patches/disable.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,13 +0,0 @@ -Index: s390-tools-2.14.0/Makefile -=================================================================== ---- s390-tools-2.14.0.orig/Makefile -+++ s390-tools-2.14.0/Makefile -@@ -5,7 +5,7 @@ include common.mak - - LIB_DIRS = libvtoc libutil libzds libdasd libvmdump libccw libvmcp - TOOL_DIRS = zipl zdump fdasd dasdfmt dasdview tunedasd \ -- tape390 osasnmpd qetharp ip_watcher qethconf scripts zconf \ -+ tape390 qetharp ip_watcher qethconf scripts zconf \ - vmconvert vmcp man mon_tools dasdinfo vmur cpuplugd ipl_tools \ - ziomon iucvterm hyptop cmsfs-fuse qethqoat zfcpdump zdsfs cpumf \ - systemd hmcdrvfs cpacfstats zdev dump2tar zkey netboot etc zpcictl \
  53. Download patch debian/not-installed

    --- 2.14.0-2/debian/not-installed 2020-08-23 14:48:11.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/not-installed 2020-11-09 15:04:40.000000000 +0000 @@ -1,7 +1,12 @@ +etc/cpuplugd.conf etc/iucvterm/ts-audit-systems.conf etc/iucvterm/ts-authorization.conf etc/iucvterm/ts-shell.conf etc/iucvterm/unrestricted.conf +etc/sysconfig/cpi +etc/sysconfig/dumpconf +etc/sysconfig/mon_fsstatd +etc/sysconfig/mon_procd lib/s390-tools/cpictl lib/s390-tools/zfcpdump/zfcpdump-initrd lib/s390-tools/zipl.conf @@ -16,13 +21,8 @@ usr/bin/cpacfstats usr/bin/dump2tar usr/bin/genprotimg usr/bin/vmconvert -usr/bin/zkey -usr/bin/zkey-cryptsetup usr/sbin/cpacfstatsd -usr/sbin/cpuplugd usr/sbin/ip_watcher.pl -usr/sbin/mon_fsstatd -usr/sbin/mon_procd usr/sbin/start_hsnc.sh usr/sbin/xcec-bridge usr/share/man/man1/cpacfstats.1 @@ -30,16 +30,10 @@ usr/share/man/man1/dbginfo.sh.1 usr/share/man/man1/dump2tar.1 usr/share/man/man1/vmconvert.1 usr/share/man/man1/zipl-switch-to-blscfg.1 -usr/share/man/man1/zkey-cryptsetup.1 -usr/share/man/man1/zkey.1 usr/share/man/man4/prandom.4 -usr/share/man/man5/cpuplugd.conf.5 usr/share/man/man8/cpacfstatsd.8 -usr/share/man/man8/cpuplugd.8 usr/share/man/man8/dumpconf.8 usr/share/man/man8/genprotimg.8 -usr/share/man/man8/mon_fsstatd.8 -usr/share/man/man8/mon_procd.8 usr/share/man/man8/qethqoat.8 usr/share/man/man8/tape390_crypt.8 usr/share/man/man8/ttyrun.8
  54. Download patch include/ekmfweb/ekmfweb.h
  55. Download patch zipl/src/disk.c

    --- 2.14.0-2/zipl/src/disk.c 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/zipl/src/disk.c 2020-10-28 14:31:59.000000000 +0000 @@ -25,6 +25,7 @@ #include <linux/fiemap.h> #include "lib/util_proc.h" +#include "lib/util_sys.h" #include "disk.h" #include "error.h" @@ -89,88 +90,6 @@ disk_determine_dasd_type(struct disk_inf return 0; } -static int blkext_get_partnum(dev_t dev) -{ - char path[PATH_MAX], *buf; - int dev_major, dev_minor, partnum = -1; - - dev_major = major(dev); - dev_minor = minor(dev); - snprintf(path, PATH_MAX, "/sys/dev/block/%d:%d/partition", - dev_major, dev_minor); - - if (misc_read_special_file(path, &buf, NULL, 1)) { - error_text("Could not read from path '%s'", path); - return -1; - } - - partnum = atoi(buf); - free(buf); - if (partnum < 0) { - error_text("Bad partition number in '%s'", path); - return -1; - } - - return partnum; -} - -static int blkext_is_base_device(dev_t dev) -{ - int dev_major, dev_minor; - char path[PATH_MAX]; - struct stat stats; - - dev_major = major(dev); - dev_minor = minor(dev); - - snprintf(path, PATH_MAX, "/sys/dev/block/%d:%d/partition", - dev_major, dev_minor); - return (stat(path, &stats)); -} - -static int blkext_get_base_dev(dev_t dev, dev_t *base_dev) -{ - int base_major, base_minor; - char dev_path[PATH_MAX], base_path[PATH_MAX]; - char *temp_path, *buf; - - misc_asprintf(&temp_path, "/sys/dev/block/%d:%d", major(dev), minor(dev)); - if (!realpath(temp_path, dev_path)) { - error_reason(strerror(errno)); - error_text("Could not resolve link %s", temp_path); - free(temp_path); - return -1; - } - free(temp_path); - - misc_asprintf(&temp_path, "%s/..", dev_path); - if (!realpath(temp_path, base_path)) { - error_reason(strerror(errno)); - error_text("Could not resolve path %s", temp_path); - free(temp_path); - return -1; - } - free(temp_path); - - misc_asprintf(&temp_path, "%s/dev", base_path); - if (misc_read_special_file(temp_path, &buf, NULL, 1)) { - error_text("Could not read from path '%s'", temp_path); - free(temp_path); - return -1; - } - free(temp_path); - - if (sscanf(buf, "%i:%i", &base_major, &base_minor) != 2) { - error_text("Could not parse major:minor from string '%s'", buf); - free(buf); - return -1; - } - - free(buf); - *base_dev = makedev(base_major, base_minor); - return 0; -} - /* Return non-zero for ECKD type. */ int disk_is_eckd(disk_type_t type) @@ -492,15 +411,15 @@ disk_get_info(const char* device, struct data->devno = -1; data->type = disk_type_scsi; - if (blkext_is_base_device(stats.st_rdev)) { - data->device = stats.st_rdev; - data->partnum = 0; - } else { - if (blkext_get_base_dev(stats.st_rdev, &data->device)) + if (util_sys_dev_is_partition(stats.st_rdev)) { + if (util_sys_get_base_dev(stats.st_rdev, &data->device)) goto out_close; - data->partnum = blkext_get_partnum(stats.st_rdev); + data->partnum = util_sys_get_partnum(stats.st_rdev); if (data->partnum == -1) goto out_close; + } else { + data->device = stats.st_rdev; + data->partnum = 0; } } else { /* Driver name is unknown */
  56. Download patch debian/patches/sg3-utils.patch

    --- 2.14.0-2/debian/patches/sg3-utils.patch 2020-08-23 12:19:14.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/patches/sg3-utils.patch 2020-11-09 15:04:40.000000000 +0000 @@ -4,11 +4,11 @@ Forwarded: no Last-Update: 2015-12-08 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ -Index: s390-tools-2.14.0/zconf/lsluns +Index: s390-tools-1.32.0/zconf/lsluns =================================================================== ---- s390-tools-2.14.0.orig/zconf/lsluns -+++ s390-tools-2.14.0/zconf/lsluns -@@ -342,7 +342,7 @@ push @port, map { @{$res_hash{$_}} } key +--- s390-tools-1.32.0.orig/zconf/lsluns ++++ s390-tools-1.32.0/zconf/lsluns +@@ -321,7 +321,7 @@ push @port, map { @{$res_hash{$_}} } key # checking for helper progs
  57. Download patch debian/s390-tools.postinst

    --- 2.14.0-2/debian/s390-tools.postinst 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/s390-tools.postinst 2020-11-09 15:04:40.000000000 +0000 @@ -0,0 +1,33 @@ +#!/bin/sh +set -e + +if [ "$1" = configure ]; then + if dpkg --compare-versions "$2" lt-nl 1.34.0-0ubuntu2; then + sed '/^parameters/s/$/ crashkernel=196M/' -i /etc/zipl.conf || true + elif dpkg --compare-versions "$2" lt-nl 1.34.0-0ubuntu5; then + sed '/^parameters/s/crashkernel=128M/crashkernel=196M/' -i /etc/zipl.conf || true + fi + if ! getent group cpacfstats >/dev/null; then + addgroup --system cpacfstats + fi + # Add each sudo user to the cpacfstats group + for u in $(getent group sudo | sed -e "s/^.*://" -e "s/,/ /g"); do + adduser "$u" cpacfstats >/dev/null || true + done + if ! getent group ts-shell >/dev/null; then + addgroup --system ts-shell + fi + chown root:ts-shell /etc/iucvterm/*.conf + chmod 0640 /etc/iucvterm/*.conf + if dpkg --compare-versions "$2" lt-nl 1.34.0-0ubuntu10; then + rmdir /3770 || : + fi + mkdir -p /var/log/ts-shell + chmod 3770 /var/log/ts-shell + chgrp -R ts-shell /var/log/ts-shell >/dev/null 2>&1 || true + chmod 0660 /var/log/ts-shell/* >/dev/null 2>&1 || true +fi + +#DEBHELPER# + +exit 0
  58. Download patch debian/s390-tools-osasnmpd.install

    --- 2.14.0-2/debian/s390-tools-osasnmpd.install 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/s390-tools-osasnmpd.install 2020-11-09 15:04:40.000000000 +0000 @@ -0,0 +1,3 @@ +usr/sbin/osasnmpd +usr/share/man/man*/osasnmpd* +etc/udev/rules.d/57-osasnmpd.rules /lib/udev/rules.d
  59. Download patch zkey/ekmfweb/zkey-ekmfweb.1
  60. Download patch debian/s390-tools-cpuplugd.install

    --- 2.14.0-2/debian/s390-tools-cpuplugd.install 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/s390-tools-cpuplugd.install 2020-11-09 15:04:40.000000000 +0000 @@ -0,0 +1,4 @@ +etc/cpuplugd.conf +usr/sbin/cpuplugd +usr/share/man/man*/cpuplugd* +lib/systemd/system/cpuplugd.service
  61. Download patch common.mak

    --- 2.14.0-2/common.mak 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/common.mak 2020-10-28 14:31:59.000000000 +0000 @@ -5,8 +5,8 @@ COMMON_INCLUDED = true # The variable "DISTRELEASE" should be overwritten in rpm spec files with: # "make DISTRELEASE=%{release}" and "make install DISTRELEASE=%{release}" VERSION = 2 -RELEASE = 14 -PATCHLEVEL = 0 +RELEASE = 15 +PATCHLEVEL = 1 DISTRELEASE = build-$(shell date +%Y%m%d) S390_TOOLS_RELEASE = $(VERSION).$(RELEASE).$(PATCHLEVEL)-$(DISTRELEASE) export S390_TOOLS_RELEASE @@ -163,6 +163,7 @@ USRSBINDIR = $(INSTALLDIR)/usr/sbin USRBINDIR = $(INSTALLDIR)/usr/bin BINDIR = $(INSTALLDIR)/sbin LIBDIR = $(INSTALLDIR)/lib +USRLIB64DIR = $(INSTALLDIR)/usr/lib64 SYSCONFDIR = $(INSTALLDIR)/etc MANDIR = $(INSTALLDIR)/usr/share/man VARDIR = $(INSTALLDIR)/var @@ -172,14 +173,16 @@ ZFCPDUMP_DIR = $(TOOLS_LIBDIR)/zfcpdu # Systemd support files are installed only if a directory is specified # for SYSTEMDSYSTEMUNITDIR (e.g. /lib/systemd/system) SYSTEMDSYSTEMUNITDIR = +USRINCLUDEDIR = $(INSTALLDIR)/usr/include INSTDIRS = $(USRSBINDIR) $(USRBINDIR) $(BINDIR) $(LIBDIR) $(MANDIR) \ $(SYSCONFDIR) $(SYSCONFDIR)/sysconfig \ $(TOOLS_LIBDIR) $(TOOLS_DATADIR) \ - $(ZFCPDUMP_DIR) $(SYSTEMDSYSTEMUNITDIR) + $(ZFCPDUMP_DIR) $(SYSTEMDSYSTEMUNITDIR) \ + $(USRLIB64DIR) $(USRINCLUDEDIR) OWNER = $(shell id -un) GROUP = $(shell id -gn) -export INSTALLDIR BINDIR LIBDIR MANDIR OWNER GROUP +export INSTALLDIR BINDIR LIBDIR USRLIB64DIR MANDIR OWNER GROUP # Special defines for zfcpdump ZFCPDUMP_IMAGE = zfcpdump-image @@ -339,6 +342,10 @@ $(rootdir)/libvmcp/libvmcp.a: $(rootdir) $(MAKE) -C $(rootdir)/libvmcp/ libvmcp.a .PHONY: $(rootdir)/libvmcp +$(rootdir)/libekmfweb/libekmfweb.so: $(rootdir)/libekmfweb + $(MAKE) -C $(rootdir)/libekmfweb/ libekmfweb.so +.PHONY: $(rootdir)/libekmfweb + $(rootdir)/zipl/boot/data.o: $(MAKE) -C $(rootdir)/zipl/boot/ data.o
  62. Download patch libdasd/dasd_sys.c

    --- 2.14.0-2/libdasd/dasd_sys.c 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/libdasd/dasd_sys.c 2020-10-28 14:31:59.000000000 +0000 @@ -214,7 +214,7 @@ int dasd_get_host_access_count(char *dev char *path; long value; - if (!util_sys_get_dev_addr(device, busid)) + if (util_sys_get_dev_addr(device, busid) != 0) return 0; path = util_path_sysfs("bus/ccw/devices/%s/host_access_count", busid);
  63. Download patch debian/s390-tools-zkey.install

    --- 2.14.0-2/debian/s390-tools-zkey.install 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/s390-tools-zkey.install 2020-11-18 14:03:19.000000000 +0000 @@ -0,0 +1,5 @@ +usr/bin/zkey* +usr/share/man/man*/zkey* +usr/share/initramfs-tools/hooks/s390-tools-zkey +etc/zkey/kms-plugins.conf +usr/libexec/zkey/zkey-ekmfweb.so
  64. Download patch debian/s390-tools-zkey.dirs

    --- 2.14.0-2/debian/s390-tools-zkey.dirs 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/s390-tools-zkey.dirs 2020-11-09 15:04:40.000000000 +0000 @@ -0,0 +1,2 @@ +/etc/zkey +/etc/zkey/repository
  65. Download patch debian/watch

    --- 2.14.0-2/debian/watch 2020-08-23 13:20:23.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/watch 2020-11-09 15:04:40.000000000 +0000 @@ -1,3 +1,4 @@ version=4 -opts=filenamemangle=s/.+\/v?(\d\S+)\.tar\.gz/s390-tools-$1\.tar\.gz/ \ - https://github.com/ibm-s390-tools/s390-tools/tags .*/v?(\d\S+)\.tar\.gz +opts="filenamemangle=s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%s390-tools-$1.tar.gz%" \ + https://github.com/ibm-s390-tools/s390-tools/tags \ + (?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate
  66. Download patch debian/kernel/zz-zipl

    --- 2.14.0-2/debian/kernel/zz-zipl 2016-12-10 09:26:01.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/kernel/zz-zipl 2020-11-09 15:04:40.000000000 +0000 @@ -14,8 +14,28 @@ if [ -n "$DEB_MAINT_PARAMS" ];then fi fi +which zipl >/dev/null 2>&1 || exit 0 + if [ -f /etc/zipl.conf ] then + for initrd in $(awk ' + function emit() { + if (optional == "0" && ramdisk != "") { + print(ramdisk); + }; + ramdisk=""; + optional="0"; + } + /^optional[ ]*=/ { optional=$0; sub("^optional[ ]*=[ ]*", "", optional); } + /^ramdisk[ ]*=/ { ramdisk=$0; sub("^ramdisk[ ]*=[ ]*", "", ramdisk); } + /^\[/ { emit(); } + END { emit(); } + ' < /etc/zipl.conf); do + if [ ! -f "$initrd" ]; then + echo "Not invoking zipl: initrd doesn't exist yet" >&2 + exit 0 + fi + done zipl </dev/null >&2 else echo "WARNING, not invoking zipl: /etc/zipl.conf not found" >&2
  67. Download patch zkey/kms-plugins.conf

    --- 2.14.0-2/zkey/kms-plugins.conf 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/zkey/kms-plugins.conf 2020-10-28 14:31:59.000000000 +0000 @@ -0,0 +1,4 @@ +# List of zkey KMS plugins +# Format: +# <plugin-name>=<shared-library-file> +EKMFWeb=zkey-ekmfweb.so \ No newline at end of file
  68. Download patch zconf/zcrypt/lszcrypt.8

    --- 2.14.0-2/zconf/zcrypt/lszcrypt.8 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/zconf/zcrypt/lszcrypt.8 2020-10-28 14:31:59.000000000 +0000 @@ -10,7 +10,7 @@ .\" nroff -man lszcrypt.8 .\" to process this source .\" -.TH LSZCRYPT 8 "AUG 2019" "s390-tools" +.TH LSZCRYPT 8 "OCT 2020" "s390-tools" .SH NAME lszcrypt \- display zcrypt device and configuration information .SH SYNOPSIS @@ -111,9 +111,9 @@ Displays help text and exits. .TP 8 .B -v, --version Displays version information and exits. -.SH VERBOSE LISTING DETAILS -Some of the columns showing up in verbose listing mode may need some -explanation: +.SH LISTING DETAILS +Here is an explanation of the columns displayed. Please note that some +of the columns show up in verbose mode only. .TP .B TYPE and HWTYPE The HWTYPE is a numeric value showing which type of hardware the zcrypt @@ -124,6 +124,31 @@ The TYPE is a human readable value showi function type (A=Accelerator, C=CCA Coprocessor, P=EP11 Coprocessor). So for example CEX6P means a CEX6 card in EP11 Coprocessor mode. .TP +.B MODE +A crypto card can be configured to run into one of 3 modes: +.br +Accelerator - Acceleration of clear key RSA (CRT and ME) cryptographic +operations. +.br +CCA Coprocessor - Support CCA secure key cryptographic operations. +.br +EP11 Coprocessor - Support EP11 secure key cryptographic operations. +.TP +.B STATUS +A crypto card and/or a crypto queue may be switched offline to +prohibit it's use. There are two levels of offline state. A software +online/offline state is kept by the zcrypt device driver and can be +switched on or off with the help of the chzcrypt application. +.br +A crypto card can also be 'configured' or 'deconfigured'. This state +may be adjusted on the HMC or SE. The chzcrypt application can also +trigger this state with the --config-on and --config-off options. +.br +lszcrypt shows 'online' when a card or queue is available for +cryptograhic operations. 'offline' is displayed when a card or queue +is switched to (software) offline. If a card is 'deconfigured' via +HMC, SE or chzcrypt the field shows 'deconfig'. +.TP .B REQUESTS This is the counter value of successful processed requests on card or queue level. Successful here means the request was processed without any failure
  69. Download patch CHANGELOG.md

    --- 2.14.0-2/CHANGELOG.md 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/CHANGELOG.md 2020-10-28 14:31:59.000000000 +0000 @@ -1,5 +1,48 @@ Release history for s390-tools (MIT version) -------------------------------------------- +* __v2.15.1 (2020-10-28)__ + + For Linux kernel version: 5.9 + + Changes of existing tools: + - lsstp: Improve wording and fix typos in man page + - zkey: Ensure zkey and friends are skipped with HAVE_OPENSSL=0 + - zkey: Add library versioning for libekmfweb and zkey-ekmfweb + - libutil: Add function to determine base device of a partition block device + + Bug Fixes: + - dasdfmt: Fix bad file descriptor error when running on symlinks + - libdasd: Fix dasd_get_host_access_count() + - zipl: Fix multivolume dump + - zgetdump: Fix device node determination via sysfs to work with multivolume again + - genprotimg/boot: Fix build by disabling SSP + - zipl/boot: Fix build by disabling SSP + +* __v2.15.0 (2020-10-15)__ + + For Linux kernel version: 5.9 + + Add new tool: + - lsstp: A small utility to display the Server Time Protocol (STP) information present in sysfs + + Changes of existing tools: + - dumpconf: support NVMe dump/reipl device + - ipl_tools: support clear attribute for nvme re-IPL + - zcrypt: Support new config state with lszcrypt and chzcrypt + - zkey: Add support for key management system plugins + including the KMS commands: + bind, unbind, info, configure, rencipher, list, import, refresh + - zkey: Add EKMFWeb support to remotely generate secure keys + - libekmfweb: Add new EKMFWeb client library + - libutil: Add util_file_read_va() + - libutil: Add util_file_read_i()/util_file_read_ui() + + Bug Fixes: + - cpumf: Fix version and help printout when CPUMF is not installed + - ziomon/ziorep_printers: fix virtual adapter CSV output + - zipl: Fix Error when title is not the first field in BLS file + + * __v2.14.0 (2020-08-21)__ For Linux kernel version: 5.7 / 5.8
  70. Download patch zkey/kms.c
  71. Download patch debian/patches/series

    --- 2.14.0-2/debian/patches/series 2018-02-04 16:28:02.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/patches/series 2020-11-18 13:38:03.000000000 +0000 @@ -1,6 +1,9 @@ -udevadm-path.patch install-iucvterm.patch bashism.patch zipl-optional.patch -disable.patch sg3-utils.patch +0001-ziomon-Use-exit-code-0-for-version-and-help.patch +0001-zkey-add-initramfs-hook.patch +0001-zkey-on-Ubuntu-use-default-benchmarked-Argon2i-with-.patch +0001-dumpconf-Don-t-run-the-service-in-LXC.patch +update-install-paths.patch
  72. Download patch lsstp/lsstp.c
  73. Download patch dasdfmt/dasdfmt.c
  74. Download patch debian/patches/zipl-optional.patch

    --- 2.14.0-2/debian/patches/zipl-optional.patch 2020-08-23 12:19:07.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/patches/zipl-optional.patch 2020-11-09 15:04:40.000000000 +0000 @@ -1,8 +1,8 @@ -Index: s390-tools-2.14.0/zipl/src/bootmap.c +Index: s390-tools-2.8.0/zipl/src/bootmap.c =================================================================== ---- s390-tools-2.14.0.orig/zipl/src/bootmap.c -+++ s390-tools-2.14.0/zipl/src/bootmap.c -@@ -1006,6 +1006,12 @@ build_program_table(int fd, struct job_d +--- s390-tools-2.8.0.orig/zipl/src/bootmap.c ++++ s390-tools-2.8.0/zipl/src/bootmap.c +@@ -998,6 +998,12 @@ build_program_table(int fd, struct job_d for (i=0; i < job->data.menu.num; i++) { switch (job->data.menu.entry[i].id) { case job_ipl: @@ -15,10 +15,10 @@ Index: s390-tools-2.14.0/zipl/src/bootma printf("Adding #%d: IPL section '%s'%s", job->data.menu.entry[i].pos, job->data.menu.entry[i].name, -Index: s390-tools-2.14.0/zipl/src/scan.c +Index: s390-tools-2.8.0/zipl/src/scan.c =================================================================== ---- s390-tools-2.14.0.orig/zipl/src/scan.c -+++ s390-tools-2.14.0/zipl/src/scan.c +--- s390-tools-2.8.0.orig/zipl/src/scan.c ++++ s390-tools-2.8.0/zipl/src/scan.c @@ -45,45 +45,45 @@ enum scan_key_state scan_key_table[SCAN_ * ult to tofs e mete file isk ent et pt out ultm dump * rs enu @@ -85,10 +85,10 @@ Index: s390-tools-2.14.0/zipl/src/scan.c }; /* List of keywords that are used without an assignment */ -Index: s390-tools-2.14.0/zipl/include/job.h +Index: s390-tools-2.8.0/zipl/include/job.h =================================================================== ---- s390-tools-2.14.0.orig/zipl/include/job.h -+++ s390-tools-2.14.0/zipl/include/job.h +--- s390-tools-2.8.0.orig/zipl/include/job.h ++++ s390-tools-2.8.0/zipl/include/job.h @@ -13,6 +13,8 @@ #ifndef JOB_H #define JOB_H @@ -107,11 +107,11 @@ Index: s390-tools-2.14.0/zipl/include/jo }; struct job_segment_data { -Index: s390-tools-2.14.0/zipl/src/job.c +Index: s390-tools-2.8.0/zipl/src/job.c =================================================================== ---- s390-tools-2.14.0.orig/zipl/src/job.c -+++ s390-tools-2.14.0/zipl/src/job.c -@@ -825,14 +825,20 @@ out_free: +--- s390-tools-2.8.0.orig/zipl/src/job.c ++++ s390-tools-2.8.0/zipl/src/job.c +@@ -800,14 +800,20 @@ out_free: static int @@ -134,7 +134,7 @@ Index: s390-tools-2.14.0/zipl/src/job.c error_text("Image file '%s'", ipl->image); } else { error_text("Image file '%s' in section '%s'", -@@ -844,7 +850,13 @@ check_job_ipl_data(struct job_ipl_data * +@@ -819,7 +825,13 @@ check_job_ipl_data(struct job_ipl_data * if (ipl->ramdisk != NULL) { rc = misc_check_readable_file(ipl->ramdisk); if (rc) { @@ -149,7 +149,7 @@ Index: s390-tools-2.14.0/zipl/src/job.c error_text("Ramdisk file '%s'", ipl->ramdisk); } else { error_text("Ramdisk file '%s' in section '%s'", -@@ -941,9 +953,13 @@ check_job_menu_data(struct job_menu_data +@@ -916,9 +928,13 @@ check_job_menu_data(struct job_menu_data switch (menu->entry[i].id) { case job_ipl: rc = check_job_ipl_data(&menu->entry[i].data.ipl, @@ -164,7 +164,7 @@ Index: s390-tools-2.14.0/zipl/src/job.c break; case job_print_usage: case job_print_version: -@@ -1107,7 +1123,7 @@ check_job_data(struct job_data* job) +@@ -1067,7 +1083,7 @@ check_job_data(struct job_data* job) rc = 0; break; case job_ipl: @@ -173,7 +173,7 @@ Index: s390-tools-2.14.0/zipl/src/job.c break; case job_menu: rc = check_job_menu_data(&job->data.menu); -@@ -1399,6 +1415,8 @@ get_job_from_section_data(char* data[], +@@ -1378,6 +1394,8 @@ get_job_from_section_data(char* data[], if (rc) return rc; } @@ -182,11 +182,11 @@ Index: s390-tools-2.14.0/zipl/src/job.c break; case section_ipl_tape: /* Tape IPL job */ -Index: s390-tools-2.14.0/zipl/man/zipl.conf.5.in +Index: s390-tools-2.8.0/zipl/man/zipl.conf.5.in =================================================================== ---- s390-tools-2.14.0.orig/zipl/man/zipl.conf.5.in -+++ s390-tools-2.14.0/zipl/man/zipl.conf.5.in -@@ -447,6 +447,22 @@ This option cannot be used together with +--- s390-tools-2.8.0.orig/zipl/man/zipl.conf.5.in ++++ s390-tools-2.8.0/zipl/man/zipl.conf.5.in +@@ -436,6 +436,22 @@ This option cannot be used together with .BR 'segment' . .PP @@ -209,10 +209,10 @@ Index: s390-tools-2.14.0/zipl/man/zipl.c .B parameters = .I kernel\-parameters -Index: s390-tools-2.14.0/zipl/include/scan.h +Index: s390-tools-2.8.0/zipl/include/scan.h =================================================================== ---- s390-tools-2.14.0.orig/zipl/include/scan.h -+++ s390-tools-2.14.0/zipl/include/scan.h +--- s390-tools-2.8.0.orig/zipl/include/scan.h ++++ s390-tools-2.8.0/zipl/include/scan.h @@ -16,7 +16,7 @@
  75. Download patch debian/patches/0001-zkey-on-Ubuntu-use-default-benchmarked-Argon2i-with-.patch

    --- 2.14.0-2/debian/patches/0001-zkey-on-Ubuntu-use-default-benchmarked-Argon2i-with-.patch 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/patches/0001-zkey-on-Ubuntu-use-default-benchmarked-Argon2i-with-.patch 2020-11-12 15:10:44.000000000 +0000 @@ -0,0 +1,53 @@ +From bafb0d3ee98301607b6c06e67cc8860edca4185e Mon Sep 17 00:00:00 2001 +From: Dimitri John Ledkov <xnox@ubuntu.com> +Date: Fri, 15 Mar 2019 13:48:34 +0000 +Subject: [PATCH] zkey: on Ubuntu, use default benchmarked Argon2i with LUKS2. + +LP: #1820049 +--- + zkey/keystore.c | 8 +------- + zkey/zkey.1 | 9 --------- + 2 files changed, 1 insertion(+), 16 deletions(-) + +Index: s390-tools-2.15.1/zkey/keystore.c +=================================================================== +--- s390-tools-2.15.1.orig/zkey/keystore.c ++++ s390-tools-2.15.1/zkey/keystore.c +@@ -4006,16 +4006,10 @@ static int _keystore_process_cryptsetup( + printf("%s\n", cmd); + } + } else { +- /* +- * Use PBKDF2 as key derivation function for LUKS2 +- * volumes. LUKS2 uses Argon2i as default, but this +- * might cause out-of-memory errors when multiple LUKS2 +- * volumes are opened automatically via /etc/crypttab +- */ + util_asprintf(&cmd, + "cryptsetup luksFormat %s%s--type luks2 " + "--master-key-file '%s' --key-size %lu " +- "--cipher %s --pbkdf pbkdf2 %s%s%s", ++ "--cipher %s %s%s%s", + info->batch_mode ? "-q " : "", + keystore->verbose ? "-v " : "", + key_file_name, key_file_size * 8, +Index: s390-tools-2.15.1/zkey/zkey.1 +=================================================================== +--- s390-tools-2.15.1.orig/zkey/zkey.1 ++++ s390-tools-2.15.1/zkey/zkey.1 +@@ -722,15 +722,6 @@ option to generate \fBcryptsetup luksFor + type, this is the default. If specified for the plain volume type, then no + command is generated. + .P +-For LUKS2 volumes, the generated \fBcryptsetup luksFormat\fP contains +-option \fB\-\-pbkdf pbkdf2\fP to set \fBPBKDF2\fP as password based key +-derivation function. LUKS2 volumes typically default to \fBArgon2i\fP as +-password based key derivation function, but this might cause out-of-memory +-errors when multiple encrypted volumes are unlocked automatically at boot +-through /etc/crypttab. Because PAES uses secure AES keys as volume keys, the +-security of the key derivation function used to encrypt the volume key in the +-LUKS key slots is of less relevance. +-.P + For LUKS2 volumes, a passphrase is required. You are prompted for the + passphrase when running the generated commands, unless option + .B \-\-key\-file
  76. Download patch zkey/kms.h

    --- 2.14.0-2/zkey/kms.h 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/zkey/kms.h 2020-10-28 14:31:59.000000000 +0000 @@ -0,0 +1,123 @@ +/* + * zkey - Generate, re-encipher, and validate secure keys + * + * This header file defines functions for Key Management System (KMS) plugin + * handling + * + * Copyright IBM Corp. 2020 + * + * s390-tools is free software; you can redistribute it and/or modify + * it under the terms of the MIT license. See LICENSE for details. + */ + +#ifndef KMS_H +#define KMS_H + +#include "kms-plugin.h" +#include "properties.h" +#include "keystore.h" + +struct kms_info { + void *plugin_lib; + const struct kms_functions *funcs; + char *plugin_name; + struct properties *props; + struct kms_apqn *apqns; + size_t num_apqns; + kms_handle_t handle; +}; + +struct keystore; + +int list_kms_plugins(bool verbose); + +int check_for_kms_plugin(struct kms_info *kms_info, bool verbose); + +int init_kms_plugin(struct kms_info *kms_info, bool verbose); + +void free_kms_plugin(struct kms_info *kms_info); + +void print_last_kms_error(const struct kms_info *kms_info); + +int bind_kms_plugin(struct keystore *keystore, const char *plugin, + bool verbose); + +int unbind_kms_plugin(struct kms_info *kms_info, struct keystore *keystore, + bool verbose); + +int print_kms_info(struct kms_info *kms_info); + +int get_kms_options(struct kms_info *kms_info, struct util_opt *opt_vec, + const char *placeholder_cmd, const char *plugin_command, + const char *opt_vec_command, int *first_plugin_opt, + bool verbose); + +int handle_kms_option(struct kms_info *kms_info, struct util_opt *opt_vec, + int first_kms_option, const char *command, int option, + const char *optarg, struct kms_option **kms_options, + size_t *num_kms_options, bool verbose); + +int configure_kms_plugin(struct keystore *keystore, const char *apqns, + struct kms_option *kms_options, size_t num_kms_options, + bool has_plugin_optins, bool verbose); + +int reencipher_kms(struct kms_info *kms_info, bool from_old, bool to_new, + bool inplace, bool staged, bool complete, + struct kms_option *kms_options, size_t num_kms_options, + bool verbose); + +int perform_kms_login(struct kms_info *kms_info, bool verbose); + +int get_kms_apqns_for_key_type(struct kms_info *kms_info, const char *key_type, + bool cross_check, char **apqns, bool verbose); + +int generate_kms_key(struct kms_info *kms_info, const char *name, + const char *key_type, struct properties *key_props, + bool xts, size_t keybits, const char *filename, + struct kms_option *kms_options, size_t num_kms_options, + bool verbose); + +int set_kms_key_properties(struct kms_info *kms_info, + struct properties *key_props, + const char *name, const char *description, + const char *volumes, const char *vol_type, + const char *sector_size, bool verbose); + +int remove_kms_key(struct kms_info *kms_info, struct properties *key_props, + struct kms_option *kms_options, size_t num_kms_options, + bool verbose); + +typedef int (*kms_process_callback)(const char *key1_id, const char *key1_label, + const char *key2_id, const char *key2_label, + bool xts, const char *name, + const char *key_type, size_t key_bits, + const char *description, const char *cipher, + const char *iv_mode, const char *volumes, + const char *volume_type, size_t sector_size, + const char *addl_info_argz, + size_t addl_info_len, + void *private_data); + +int process_kms_keys(struct kms_info *kms_info, + const char *label_filter, const char *name_filter, + const char *volume_filter, const char *volume_type, + struct kms_option *kms_options, size_t num_kms_options, + kms_process_callback callback, void *private_data, + bool verbose); + +int list_kms_keys(struct kms_info *kms_info, const char *label_filter, + const char *name_filter, const char *volume_filter, + const char *volume_type, struct kms_option *kms_options, + size_t num_kms_options, bool verbose); + +int import_kms_key(struct kms_info *kms_info, const char *key1_id, + const char *key2_id, bool xts, const char *name, + unsigned char *key_blob, size_t *key_blob_length, + bool verbose); + +int refresh_kms_key(struct kms_info *kms_info, struct properties *key_props, + char **description, char **cipher, char **iv_mode, + char **volumes, char **volume_type, ssize_t *sector_size, + const char *filename, bool verbose); + +#endif
  77. Download patch debian/patches/0001-zkey-add-initramfs-hook.patch

    --- 2.14.0-2/debian/patches/0001-zkey-add-initramfs-hook.patch 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/patches/0001-zkey-add-initramfs-hook.patch 2020-11-12 15:10:44.000000000 +0000 @@ -0,0 +1,102 @@ +From 1ae3089c05cbcebd033c7ff21f2f1ef00a0690b4 Mon Sep 17 00:00:00 2001 +From: Dimitri John Ledkov <xnox@ubuntu.com> +Date: Tue, 2 Oct 2018 15:29:09 +0100 +Subject: [PATCH] zkey: add initramfs hook. + +Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> +--- + zkey/Makefile | 1 + + zkey/initramfs/Makefile | 21 +++++++++++++ + zkey/initramfs/hooks/s390-tools-zkey | 45 ++++++++++++++++++++++++++++ + 3 files changed, 67 insertions(+) + create mode 100644 zkey/initramfs/Makefile + create mode 100644 zkey/initramfs/hooks/s390-tools-zkey + +Index: s390-tools-2.15.1/zkey/Makefile +=================================================================== +--- s390-tools-2.15.1.orig/zkey/Makefile ++++ s390-tools-2.15.1/zkey/Makefile +@@ -99,6 +99,7 @@ zkey-cryptsetup: zkey-cryptsetup.o pkey. + install-common: + $(INSTALL) -d -m 755 $(DESTDIR)$(USRBINDIR) + $(INSTALL) -d -m 755 $(DESTDIR)$(MANDIR)/man1 ++ $(MAKE) -C initramfs install + + install-zkey: zkey + $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 zkey $(DESTDIR)$(USRBINDIR) +Index: s390-tools-2.15.1/zkey/initramfs/Makefile +=================================================================== +--- /dev/null ++++ s390-tools-2.15.1/zkey/initramfs/Makefile +@@ -0,0 +1,21 @@ ++# Common definitions ++include ../../common.mak ++ ++INITRAMFSDIR := /usr/share/initramfs-tools ++HOOKDIR := $(INITRAMFSDIR)/hooks ++INITTOP := $(INITRAMFSDIR)/scripts/init-top ++ ++# HAVE_INITRAMFS ++# ++# This install time parameter determines whether the zkey initramfs support is ++# installed (HAVE_INITRAMFS=1) or not (default). When installed, the module ++# performs the following functions when mkinitramfs is run: ++# ++# - install a hook to include zkey related utilities and zkey repository in ++# the initramfs ++# ++ifeq ($(HAVE_INITRAMFS),1) ++install: ++ $(INSTALL) -m 755 -d $(DESTDIR)/$(HOOKDIR) $(DESTDIR)/$(INITTOP) ++ $(INSTALL) -m 755 hooks/s390-tools-zkey $(DESTDIR)/$(HOOKDIR) ++endif +Index: s390-tools-2.15.1/zkey/initramfs/hooks/s390-tools-zkey +=================================================================== +--- /dev/null ++++ s390-tools-2.15.1/zkey/initramfs/hooks/s390-tools-zkey +@@ -0,0 +1,45 @@ ++#!/bin/sh ++# ++# Copyright IBM Corp. 2016, 2017 ++# Copyright Canonical Ltd 2018 ++# ++# s390-tools is free software; you can redistribute it and/or modify ++# it under the terms of the MIT license. See LICENSE for details. ++# ++# hooks/s390-tools-zkey ++# This hook script adds zkey related utilities and zkey repository ++# in the initramfs ++# ++ ++# Needs to run after udev or resulting udev rules could be overwritten ++PREREQ="udev" ++ ++prereqs() ++{ ++ echo "$PREREQ" ++} ++ ++case $1 in ++ prereqs) ++ prereqs ++ exit 0 ++ ;; ++esac ++ ++. /usr/share/initramfs-tools/hook-functions ++ ++# Add zcrypt modules ++zdev_modules="pkey paes_s390 zcrypt zcrypt_cex2a zcrypt_cex4 zcrypt_pcixcc" ++ ++for x in $zdev_modules ; do ++ manual_add_modules ${x} ++done ++ ++# copy utils ++copy_exec /sbin/chzcrypt ++copy_exec /sbin/lszcrypt ++copy_exec /usr/bin/zkey ++copy_exec /usr/bin/zkey-cryptsetup ++ ++mkdir -p "${DESTDIR}/etc" ++cp -a /etc/zkey "${DESTDIR}/etc/"
  78. Download patch dasdfmt/dasdfmt.h

    --- 2.14.0-2/dasdfmt/dasdfmt.h 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/dasdfmt/dasdfmt.h 2020-10-28 14:31:59.000000000 +0000 @@ -65,47 +65,24 @@ static const char mode_str[3][10] = { "is in invalid format\n",prog_name);} typedef struct bootstrap1 { - u_int32_t key; - u_int32_t data[6]; + u_int32_t key; + u_int32_t data[6]; } __attribute__ ((packed)) bootstrap1_t; typedef struct bootstrap2 { - u_int32_t key; - u_int32_t data[36]; + u_int32_t key; + u_int32_t data[36]; } __attribute__ ((packed)) bootstrap2_t; -typedef struct dasdfmt_info { - dasd_information2_t dasd_info; - int verbosity; - int testmode; - int withoutprompt; - int print_progressbar; - int print_hashmarks, hashstep; - int print_percentage; - int force; - int writenolabel; - int labelspec; - int cdl_format; - int blksize_specified; - int reqsize_specified; - int keep_volser; - int force_host; - int layout_specified; - int check; - int mode_specified; - int ese; - int no_discard; -} dasdfmt_info_t; - /* C9D7D3F1 000A0000 0000000F 03000000 00000001 00000000 00000000 */ static bootstrap1_t ipl1 = { - 0xC9D7D3F1, { - 0x000A0000, 0x0000000F, 0x03000000, - 0x00000001, 0x00000000, 0x00000000 - } + 0xC9D7D3F1, { + 0x000A0000, 0x0000000F, 0x03000000, + 0x00000001, 0x00000000, 0x00000000 + } }; /* @@ -116,21 +93,20 @@ C9D7D3F2 07003AB8 40000006 31003ABE 400 00000000 00000000 00000000 00000000 00000000 */ static bootstrap2_t ipl2 = { - 0xC9D7D3F2, { - 0x07003AB8, 0x40000006, 0x31003ABE, - 0x40000005, 0x08003AA0, 0x00000000, - 0x06000000, 0x20000000, 0x00000000, - 0x00000000, 0x00000400, 0x00000000, - 0x00000000, 0x00000000, 0x00000000, - 0x00000000, 0x00000000, 0x00000000, - 0x00000000, 0x00000000, 0x00000000, - 0x00000000, 0x00000000, 0x00000000, - 0x00000000, 0x00000000, 0x00000000, - 0x00000000, 0x00000000, 0x00000000, - 0x00000000, 0x00000000, 0x00000000, - 0x00000000, 0x00000000, 0x00000000 - } + 0xC9D7D3F2, { + 0x07003AB8, 0x40000006, 0x31003ABE, + 0x40000005, 0x08003AA0, 0x00000000, + 0x06000000, 0x20000000, 0x00000000, + 0x00000000, 0x00000400, 0x00000000, + 0x00000000, 0x00000000, 0x00000000, + 0x00000000, 0x00000000, 0x00000000, + 0x00000000, 0x00000000, 0x00000000, + 0x00000000, 0x00000000, 0x00000000, + 0x00000000, 0x00000000, 0x00000000, + 0x00000000, 0x00000000, 0x00000000, + 0x00000000, 0x00000000, 0x00000000, + 0x00000000, 0x00000000, 0x00000000 + } }; #endif /* DASDFMT_H */ -
  79. Download patch man/dumpconf.8

    --- 2.14.0-2/man/dumpconf.8 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/man/dumpconf.8 2020-10-28 14:31:59.000000000 +0000 @@ -45,7 +45,7 @@ vmcmd: Trigger CP command according to t .TP \fB - DUMP_TYPE:\fR -Type of dump device. Possible values are 'ccw' and 'fcp'. +Type of dump device. Possible values are 'ccw', 'fcp' and 'nvme'. .TP \fB - DEVICE:\fR @@ -60,6 +60,14 @@ WWPN for SCSI dump device. LUN for SCSI dump device. .TP +\fB - FID\fR +Function ID for NVMe dump device. + +.TP +\fB - NSID\fR +Namespace ID for NVMe dump device. + +.TP \fB - BOOTPROG:\fR Boot program selector. @@ -156,6 +164,25 @@ LUN=0x4713000000000000 .br BOOTPROG=0 .br +BR_LBA=0 +.br + +# +.br +# Example configuration for an NVMe dump device (NVMe Disk) +.br +# +.br +ON_PANIC=dump +.br +DUMP_TYPE=nvme +.br +FID=0x0300 +.br +NSID=0x0001 +.br +BOOTPROG=0 +.br BR_LBA=0 .br
  80. Download patch Makefile

    --- 2.14.0-2/Makefile 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/Makefile 2020-10-28 14:31:59.000000000 +0000 @@ -3,13 +3,13 @@ ARCH := $(shell uname -m | sed -e s/i.86 # Include common definitions include common.mak -LIB_DIRS = libvtoc libutil libzds libdasd libvmdump libccw libvmcp +LIB_DIRS = libvtoc libutil libzds libdasd libvmdump libccw libvmcp libekmfweb TOOL_DIRS = zipl zdump fdasd dasdfmt dasdview tunedasd \ tape390 osasnmpd qetharp ip_watcher qethconf scripts zconf \ vmconvert vmcp man mon_tools dasdinfo vmur cpuplugd ipl_tools \ ziomon iucvterm hyptop cmsfs-fuse qethqoat zfcpdump zdsfs cpumf \ systemd hmcdrvfs cpacfstats zdev dump2tar zkey netboot etc zpcictl \ - genprotimg + genprotimg lsstp SUB_DIRS = $(LIB_DIRS) $(TOOL_DIRS)
  81. Download patch debian/modules-load.d/s390-tools.conf

    --- 2.14.0-2/debian/modules-load.d/s390-tools.conf 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/modules-load.d/s390-tools.conf 2020-11-09 15:04:40.000000000 +0000 @@ -0,0 +1,2 @@ +# for mon_statd/mon_fsstatd +monwriter
  82. Download patch debian/s390-tools-zkey-udeb.dirs

    --- 2.14.0-2/debian/s390-tools-zkey-udeb.dirs 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/s390-tools-zkey-udeb.dirs 2020-11-09 15:04:40.000000000 +0000 @@ -0,0 +1,2 @@ +/etc/zkey +/etc/zkey/repository
  83. Download patch debian/system/mon_fsstatd.service

    --- 2.14.0-2/debian/system/mon_fsstatd.service 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/system/mon_fsstatd.service 2020-11-09 15:04:40.000000000 +0000 @@ -0,0 +1,10 @@ +[Unit] +Description=mon_fsstatd service for Linux on z Systems +Documentation=man:mon_fsstatd(8) +ConditionVirtualization=zvm + +[Service] +ExecStart=/usr/sbin/mon_fsstatd -a + +[Install] +WantedBy=multi-user.target
  84. Download patch debian/libekmfweb1.symbols

    --- 2.14.0-2/debian/libekmfweb1.symbols 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/libekmfweb1.symbols 2020-11-18 14:04:52.000000000 +0000 @@ -0,0 +1,28 @@ +libekmfweb.so.1 libekmfweb1 #MINVER# + LIBEKMFWEB_1.0@LIBEKMFWEB_1.0 2.15.1 + ekmf_check_feature@LIBEKMFWEB_1.0 2.15.1 + ekmf_check_login_token@LIBEKMFWEB_1.0 2.15.1 + ekmf_clone_key_info@LIBEKMFWEB_1.0 2.15.1 + ekmf_clone_template_info@LIBEKMFWEB_1.0 2.15.1 + ekmf_curl_destroy@LIBEKMFWEB_1.0 2.15.1 + ekmf_delete_key_tags@LIBEKMFWEB_1.0 2.15.1 + ekmf_free_key_info@LIBEKMFWEB_1.0 2.15.1 + ekmf_free_template_info@LIBEKMFWEB_1.0 2.15.1 + ekmf_generate_csr@LIBEKMFWEB_1.0 2.15.1 + ekmf_generate_identity_key@LIBEKMFWEB_1.0 2.15.1 + ekmf_generate_key@LIBEKMFWEB_1.0 2.15.1 + ekmf_generate_ss_cert@LIBEKMFWEB_1.0 2.15.1 + ekmf_get_key_info@LIBEKMFWEB_1.0 2.15.1 + ekmf_get_last_seq_no@LIBEKMFWEB_1.0 2.15.1 + ekmf_get_public_key@LIBEKMFWEB_1.0 2.15.1 + ekmf_get_server_cert_chain@LIBEKMFWEB_1.0 2.15.1 + ekmf_get_settings@LIBEKMFWEB_1.0 2.15.1 + ekmf_get_template@LIBEKMFWEB_1.0 2.15.1 + ekmf_list_keys@LIBEKMFWEB_1.0 2.15.1 + ekmf_list_templates@LIBEKMFWEB_1.0 2.15.1 + ekmf_login@LIBEKMFWEB_1.0 2.15.1 + ekmf_print_certificates@LIBEKMFWEB_1.0 2.15.1 + ekmf_reencipher_identity_key@LIBEKMFWEB_1.0 2.15.1 + ekmf_retrieve_key@LIBEKMFWEB_1.0 2.15.1 + ekmf_set_key_state@LIBEKMFWEB_1.0 2.15.1 + ekmf_set_key_tags@LIBEKMFWEB_1.0 2.15.1
  85. Download patch AUTHORS.md

    --- 2.14.0-2/AUTHORS.md 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/AUTHORS.md 2020-10-28 14:31:59.000000000 +0000 @@ -19,6 +19,7 @@ List of all individuals having contribut - Despina Papadopoulou - Dimitri John Ledkov - Eberhard Pasch +- Eduard Shishkin - Einar Lueck - Eric Sandeen - Erwin Vicari @@ -97,6 +98,7 @@ List of all individuals having contribut - Steffen Maier - Steffen Thoss - Susanne Wintenberger +- Sven Schnelle - Sven Schuetz - Swen Schillig - Taraka R. Bodireddy
  86. Download patch debian/system/mon_procd.service

    --- 2.14.0-2/debian/system/mon_procd.service 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/system/mon_procd.service 2020-11-09 15:04:40.000000000 +0000 @@ -0,0 +1,10 @@ +[Unit] +Description=mon_procd service for Linux on z Systems +Documentation=man:mon_procd(8) +ConditionVirtualization=zvm + +[Service] +ExecStart=/usr/sbin/mon_procd -a + +[Install] +WantedBy=multi-user.target
  87. Download patch cpumf/chcpumf.c

    --- 2.14.0-2/cpumf/chcpumf.c 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/cpumf/chcpumf.c 2020-10-28 14:31:59.000000000 +0000 @@ -60,10 +60,6 @@ static const struct util_prg prg = { } }; -/* Parse tool parameters. Fill in global variables keep_case, buffersize and - * command according to parameters. Return VMCP_OK on success, VMCP_OPT - * in case of parameter errors. In case of --help or --version, print - * respective text to stdout and exit. */ static long parse_buffersize(char *string) { char *suffix; @@ -91,6 +87,7 @@ static long parse_buffersize(char *strin static int read_sfb(unsigned long *min, unsigned long *max) { + unsigned long cur_min_sdb, cur_max_sdb; int rc = EXIT_SUCCESS; FILE *fp; @@ -99,9 +96,14 @@ static int read_sfb(unsigned long *min, linux_error(PERF_SFB_SIZE); return EXIT_FAILURE; } - if (fscanf(fp, "%ld,%ld", min, max) != 2) { + if (fscanf(fp, "%ld,%ld", &cur_min_sdb, &cur_max_sdb) != 2) { fprintf(stderr, "Error: Can not parse file " PERF_SFB_SIZE); rc = EXIT_FAILURE; + } else { + if (*min == 0) + *min = cur_min_sdb; + if (*max == 0) + *max = cur_max_sdb; } fclose(fp); return rc; @@ -196,6 +198,7 @@ int main(int argc, char **argv) util_prg_init(&prg); util_opt_init(opt_vec, NULL); + parse_args(argc, argv); if (stat(PERF_PATH PERF_SF, &sbuf) != 0) { fprintf(stderr, "No CPU-measurement sampling facility detected\n"); @@ -203,8 +206,6 @@ int main(int argc, char **argv) } if (read_sfb(&min_sdb, &max_sdb)) return ret; - /* Overwrite min_sdb and/or max_sdb */ - parse_args(argc, argv); if (min_sdb >= max_sdb) { fprintf(stderr, "The specified maximum must be greater " "than the minimum\n");
  88. Download patch ipl_tools/cmd_lsreipl.c

    --- 2.14.0-2/ipl_tools/cmd_lsreipl.c 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/ipl_tools/cmd_lsreipl.c 2020-10-28 14:31:59.000000000 +0000 @@ -92,6 +92,7 @@ void print_nvme(int show_ipl, int dump) char *path_loadparm = show_ipl ? "/sys/firmware/ipl/loadparm" : "/sys/firmware/reipl/nvme/loadparm"; char loadparm[9], loadparm_path[PATH_MAX]; + char *path_reipl_clear = "/sys/firmware/reipl/nvme/clear"; if (dump) printf("%-12s nvme_dump\n", get_ipl_banner(show_ipl)); @@ -111,6 +112,8 @@ void print_nvme(int show_ipl, int dump) } if (access(path_bootparms, R_OK) == 0) print_fw_str("Bootparms: \"%s\"\n", dir, "scp_data"); + if (!show_ipl && access(path_reipl_clear, R_OK) == 0) + print_fw_str("clear: %s\n", dir, "clear"); } void print_ccw(int show_ipl)
  89. Download patch lsstp/Makefile

    --- 2.14.0-2/lsstp/Makefile 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/lsstp/Makefile 2020-10-28 14:31:59.000000000 +0000 @@ -0,0 +1,18 @@ +include ../common.mak + +libs = $(rootdir)/libutil/libutil.a +all: lsstp + +lsstp: lsstp.o $(libs) + +install: all + $(INSTALL) -d -m 755 $(DESTDIR)$(BINDIR) \ + $(DESTDIR)$(MANDIR)/man8 + $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 lsstp $(DESTDIR)$(BINDIR) + $(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 lsstp.8 \ + $(DESTDIR)$(MANDIR)/man8 + +clean: + rm -f *.o *~ lsstp core + +.PHONY: all install clean
  90. Download patch debian/patches/udevadm-path.patch

    --- 2.14.0-2/debian/patches/udevadm-path.patch 2020-08-23 12:12:19.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/patches/udevadm-path.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,13 +0,0 @@ -Index: s390-tools-2.14.0/etc/init.d/mon_statd -=================================================================== ---- s390-tools-2.14.0.orig/etc/init.d/mon_statd -+++ s390-tools-2.14.0/etc/init.d/mon_statd -@@ -31,7 +31,7 @@ if [ -f $CONFIG_FILE ]; then - . $CONFIG_FILE - fi - --UDEVSETTLE=/usr/bin/udevadm -+UDEVSETTLE=/bin/udevadm - if [ ! -e $UDEVSETTLE ] - then - UDEVSETTLE=/sbin/udevsettle
  91. Download patch libekmfweb/utilities.c
  92. Download patch debian/patches/0001-ziomon-Use-exit-code-0-for-version-and-help.patch

    --- 2.14.0-2/debian/patches/0001-ziomon-Use-exit-code-0-for-version-and-help.patch 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/patches/0001-ziomon-Use-exit-code-0-for-version-and-help.patch 2020-11-09 15:04:40.000000000 +0000 @@ -0,0 +1,134 @@ +From 68787def1dde5fe07ee3ff48ed16500e46c1fd87 Mon Sep 17 00:00:00 2001 +From: Michael Holzheu <holzheu@linux.vnet.ibm.com> +Date: Tue, 6 Sep 2016 14:26:38 +0200 +Subject: [PATCH] ziomon: Use exit code 0 for --version and --help + +Besides of this also unify the exit codes for help in case of wrong +number of parameters: + + # /usr/sbin/ziomon_util + Usage: ziomon_util [-h] [-v] [-V] [-i n] [-s n] [-Q <msgq_path> ... + # echo $? + 255 + + # /usr/sbin/ziomon_mgr + Usage: ziomon_util [-h] [-v] [-V] [-i n] [-s n] [-Q <msgq_path> ... + # echo $? + 0 + +With this patch we use exit code 1 (EXIT_FAILURE) in this case: + + # ./ziomon_util + Usage: ziomon_util [-h] [-v] [-V] [-i n] [-s n] [-Q <msgq_path> ... + # echo $? + 1 + +Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com> +--- + ziomon/ziomon_mgr.c | 6 +++--- + ziomon/ziomon_util.c | 6 +++--- + ziomon/ziorep_traffic.cpp | 6 +++--- + ziomon/ziorep_utilization.cpp | 6 +++--- + 4 files changed, 12 insertions(+), 12 deletions(-) + +--- a/ziomon/ziomon_mgr.c ++++ b/ziomon/ziomon_mgr.c +@@ -304,7 +304,7 @@ + + if (argc <= 1) { + print_help(); +- return 1; ++ exit(EXIT_FAILURE); + } + + while ((c = getopt_long(argc, argv, "r:Q:q:u:b:z:i:l:o:x:Vhfev", +@@ -359,7 +359,7 @@ + break; + case 'h': + print_help(); +- return 1; ++ exit(EXIT_SUCCESS); + case 'e': + print_bin_struct_sizes(); + return 1; +@@ -443,7 +443,7 @@ + break; + case 'v': + print_version(); +- return 1; ++ exit(EXIT_SUCCESS); + default: + fprintf(stderr, "Try '%s --help' for" + " more information.\n", toolname); +--- a/ziomon/ziomon_util.c ++++ b/ziomon/ziomon_util.c +@@ -1009,7 +1009,7 @@ + + if (argc <= 1) { + print_help(); +- return -1; ++ exit(EXIT_FAILURE); + } + + /* this is too much, but argc/2 is a reliable upper boundary +@@ -1080,10 +1080,10 @@ + break; + case 'v': + print_version(); +- return 1; ++ exit(EXIT_SUCCESS); + case 'h': + print_help(); +- return 1; ++ exit(EXIT_SUCCESS); + default: + fprintf(stderr, "%s: Try '%s --help' for more" + " information.\n", toolname, toolname); +--- a/ziomon/ziorep_traffic.cpp ++++ b/ziomon/ziorep_traffic.cpp +@@ -148,7 +148,7 @@ + + if (argc < 2) { + print_help(); +- return 1; ++ exit(EXIT_FAILURE); + } + + assert(sizeof(long long int) == sizeof(__u64)); +@@ -160,10 +160,10 @@ + break; + case 'h': + print_help(); +- return 1; ++ exit(EXIT_SUCCESS); + case 'v': + print_version(); +- return 1; ++ exit(EXIT_SUCCESS); + case 'b': + if (get_datetime_val(optarg, &opts->begin)) + return -1; +--- a/ziomon/ziorep_utilization.cpp ++++ b/ziomon/ziorep_utilization.cpp +@@ -126,7 +126,7 @@ + + if (argc < 2) { + print_help(); +- return 1; ++ exit(EXIT_FAILURE); + } + + assert(sizeof(long long int) == sizeof(__u64)); +@@ -138,10 +138,10 @@ + break; + case 'h': + print_help(); +- return 1; ++ exit(EXIT_SUCCESS); + case 'v': + print_version(); +- return 1; ++ exit(EXIT_SUCCESS); + case 'b': + if (get_datetime_val(optarg, &opts->begin)) + return -1;
  93. Download patch zkey/keystore.c
  94. Download patch debian/s390-cpi-vars

    --- 2.14.0-2/debian/s390-cpi-vars 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/s390-cpi-vars 2020-11-09 15:04:40.000000000 +0000 @@ -0,0 +1,12 @@ +#!/bin/sh +set -e +# safeguard, against wiping bits +if ! grep -q '^0x0*$' /sys/firmware/cpi/system_level; then + exit 0 +fi +. /etc/os-release +echo "$NAME" >/sys/firmware/cpi/system_name +echo "LINUX" >/sys/firmware/cpi/system_type +printf "0x%02x%02x%02x" $(uname -r | sed 's/-.*//;s/\./ /g') >/sys/firmware/cpi/system_level +echo "$VERSION" | sed 's/ .*//;s/\./ /g' >/sys/firmware/cpi/sysplex_name +echo 1 >/sys/firmware/cpi/set
  95. Download patch debian/copyright
  96. Download patch zkey/misc.h

    --- 2.14.0-2/zkey/misc.h 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/zkey/misc.h 2020-10-28 14:31:59.000000000 +0000 @@ -3,7 +3,7 @@ * * Local helper functions * - * Copyright IBM Corp. 2017, 2018 + * Copyright IBM Corp. 2017, 2020 * * s390-tools is free software; you can redistribute it and/or modify * it under the terms of the MIT license. See LICENSE for details. @@ -26,9 +26,18 @@ static inline void misc_print_missing_co } /** + * Subcommand is missing + */ +static inline void misc_print_missing_sub_command(void) +{ + warnx("Subcommand is required"); + util_prg_print_parse_error(); +} + +/** * Invalid command specified (for 'git' like tools) */ -void misc_print_invalid_command(const char *command) +static void misc_print_invalid_command(const char *command) { warnx("Invalid command '%s'", command); util_prg_print_parse_error(); @@ -39,7 +48,7 @@ void misc_print_invalid_command(const ch * * @param[in] parm_name Parameter string */ -void misc_print_required_parm(const char *parm_name) +static void misc_print_required_parm(const char *parm_name) { warnx("Parameter '%s' is required", parm_name); util_prg_print_parse_error();
  97. Download patch libekmfweb/ekmfweb.c
  98. Download patch zkey/cca.c

    --- 2.14.0-2/zkey/cca.c 2020-08-21 10:12:02.000000000 +0000 +++ 2.15.1-0ubuntu2/zkey/cca.c 2020-10-28 14:31:59.000000000 +0000 @@ -554,7 +554,8 @@ static int get_cca_adapter_version(struc * because the zcrypt kernel module is on an older level. -ENODEV is * returned if the APQN is not available. */ -int select_cca_adapter(struct cca_lib *cca, int card, int domain, bool verbose) +int select_cca_adapter(struct cca_lib *cca, unsigned int card, + unsigned int domain, bool verbose) { unsigned int adapters, adapter; char adapter_serialnr[9]; @@ -633,12 +634,12 @@ struct find_mkvp_info { u8 mkvp[MKVP_LENGTH]; unsigned int flags; bool found; - int card; - int domain; + unsigned int card; + unsigned int domain; bool verbose; }; -static int find_mkvp(int card, int domain, void *handler_data) +static int find_mkvp(unsigned int card, unsigned int domain, void *handler_data) { struct find_mkvp_info *info = (struct find_mkvp_info *)handler_data; struct mk_info mk_info; @@ -711,7 +712,7 @@ int select_cca_adapter_by_mkvp(struct cc pr_verbose(verbose, "Select mkvp %s in APQNs %s for the CCA host " "library", printable_mkvp(CARD_TYPE_CCA, mkvp), - apqns == 0 ? "ANY" : apqns); + apqns == NULL ? "ANY" : apqns); memcpy(info.mkvp, mkvp, sizeof(info.mkvp)); info.flags = flags;
  99. Download patch debian/patches/update-install-paths.patch

    --- 2.14.0-2/debian/patches/update-install-paths.patch 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/debian/patches/update-install-paths.patch 2020-11-18 13:38:15.000000000 +0000 @@ -0,0 +1,44 @@ +Description: update install paths +Author: Dimitri John Ledkov <xnox@ubuntu.com> + +--- s390-tools-2.15.1.orig/common.mak ++++ s390-tools-2.15.1/common.mak +@@ -163,7 +163,7 @@ USRSBINDIR = $(INSTALLDIR)/usr/sbin + USRBINDIR = $(INSTALLDIR)/usr/bin + BINDIR = $(INSTALLDIR)/sbin + LIBDIR = $(INSTALLDIR)/lib +-USRLIB64DIR = $(INSTALLDIR)/usr/lib64 ++USRLIB64DIR = $(INSTALLDIR)/usr/lib/s390x-linux-gnu + SYSCONFDIR = $(INSTALLDIR)/etc + MANDIR = $(INSTALLDIR)/usr/share/man + VARDIR = $(INSTALLDIR)/var +--- s390-tools-2.15.1.orig/zkey/ekmfweb/Makefile ++++ s390-tools-2.15.1/zkey/ekmfweb/Makefile +@@ -46,11 +46,11 @@ libekmfweb.dep: + install: all install-libekmfweb.dep zkey-ekmfweb.so + $(INSTALL) -d -m 755 $(DESTDIR)$(MANDIR)/man1 + $(INSTALL) -m 644 -c zkey-ekmfweb.1 $(DESTDIR)$(MANDIR)/man1 +- $(INSTALL) -d -m 755 $(DESTDIR)$(USRLIB64DIR) +- $(INSTALL) -d -m 755 $(DESTDIR)$(USRLIB64DIR)/zkey +- $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 -T zkey-ekmfweb.so $(DESTDIR)$(USRLIB64DIR)/zkey/zkey-ekmfweb.so ++ $(INSTALL) -d -m 755 $(DESTDIR)/usr/libexec ++ $(INSTALL) -d -m 755 $(DESTDIR)/usr/libexec/zkey ++ $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 -T zkey-ekmfweb.so $(DESTDIR)/usr/libexec/zkey/zkey-ekmfweb.so + + clean: + rm -f *.o zkey-ekmfweb.so install-libekmfweb.dep libekmfweb.dep + +-.PHONY: all install clean +\ No newline at end of file ++.PHONY: all install clean +--- s390-tools-2.15.1.orig/zkey/kms.c ++++ s390-tools-2.15.1/zkey/kms.c +@@ -40,7 +40,7 @@ + + #define ENVVAR_ZKEY_KMS_PLUGINS "ZKEY_KMS_PLUGINS" + #define DEFAULT_KMS_PLUGINS "/etc/zkey/kms-plugins.conf" +-#define KMS_PLUGIN_LOCATION "/usr/lib64/zkey" ++#define KMS_PLUGIN_LOCATION "/usr/libexec/zkey" + + #define KMS_CONFIG_FILE "kms.conf" + #define KMS_CONFIG_PROP_KMS "kms"
  100. Download patch libekmfweb/utilities.h

    --- 2.14.0-2/libekmfweb/utilities.h 1970-01-01 00:00:00.000000000 +0000 +++ 2.15.1-0ubuntu2/libekmfweb/utilities.h 2020-10-28 14:31:59.000000000 +0000 @@ -0,0 +1,179 @@ +/* + * libekmfweb - EKMFWeb client library + * + * Copyright IBM Corp. 2020 + * + * s390-tools is free software; you can redistribute it and/or modify + * it under the terms of the MIT license. See LICENSE for details. + */ + +#ifndef UTILITIES_H +#define UTILITIES_H + +#include <stddef.h> +#include <stdbool.h> + +#include <openssl/x509.h> +#include <openssl/obj_mac.h> +#include <openssl/evp.h> + +#include <json-c/json.h> +#include <curl/curl.h> + +#include "ekmfweb/ekmfweb.h" + +int decode_base64url(unsigned char *output, size_t *outlen, + const char *input, size_t inlen); + +int encode_base64url(char *output, size_t *outlen, + const unsigned char *input, size_t inlen); + +int parse_json_web_token(const char *token, json_object **header_obj, + json_object **payload_obj, unsigned char **signature, + size_t *signature_len); + +int create_json_web_signature(const char *algorithm, bool b64, const char *kid, + const unsigned char *payload, size_t payload_len, + bool detached_payload, EVP_MD_CTX *md_ctx, + char **jws); + +int verify_json_web_signature(const char *jws, const unsigned char *payload, + size_t payload_len, EVP_PKEY *pkey); + +json_object *get_json_timestamp(void); + +int json_build_tag_def_list(json_object *array, + struct ekmf_tag_def_list *tag_def_list, + bool copy); +int clone_tag_def_list(const struct ekmf_tag_def_list *src, + struct ekmf_tag_def_list *dest); +void free_tag_def_list(struct ekmf_tag_def_list *tag_def_list, bool free_tags); + +int json_build_template_info(json_object *obj, + struct ekmf_template_info *template, + bool copy); +int clone_template_info(const struct ekmf_template_info *src, + struct ekmf_template_info *dest); +void free_template_info(struct ekmf_template_info *template); + +int json_build_tag_list(json_object *array, struct ekmf_tag_list *tag_list, + bool copy); +int build_json_tag_list(const struct ekmf_tag_list *tag_list, + json_object **tags_obj); +int clone_tag_list(const struct ekmf_tag_list *src, + struct ekmf_tag_list *dest); +void free_tag_list(struct ekmf_tag_list *tag_list, bool free_tags); + +int json_build_export_control(json_object *export_control, + struct ekmf_export_control *export_info, + bool copy); +int clone_export_control(const struct ekmf_export_control *src, + struct ekmf_export_control *dest); +void free_export_control(struct ekmf_export_control *export_control, + bool free_keys); + +int json_build_key_info(json_object *obj, json_object *custom_tags, + json_object *export_control, + struct ekmf_key_info *key, bool copy); +int clone_key_info(const struct ekmf_key_info *src, + struct ekmf_key_info *dest); +void free_key_info(struct ekmf_key_info *key); + +char *get_http_header_value(const struct curl_slist *headers, const char *name); + +size_t ecc_get_curve_prime_bits(int curve_nid); +size_t ecc_get_curve_prime_length(int curve_nid); +const char *ecc_get_curve_id(int curve_nid); +bool ecc_is_prime_curve(int curve_nid); +bool ecc_is_brainpool_curve(int curve_nid); +int ecc_get_curve_by_id(const char *curve_id); +int ecc_get_prime_curve_by_prime_bits(size_t prime_bits); +int ecc_get_brainpool_curve_by_prime_bits(size_t prime_bits); + +int ecc_calculate_y_coordinate(int nid, size_t prime_len, + const unsigned char *x, int y_bit, + unsigned char *y); + +int ecc_pub_key_as_pkey(int nid, size_t prime_len, const unsigned char *x, + const unsigned char *y, EVP_PKEY **pkey); + +int rsa_pub_key_as_pkey(const unsigned char *modulus, size_t modulus_length, + const unsigned char *pub_exp, size_t pub_exp_length, + int pkey_type, EVP_PKEY **pkey); + +int json_web_key_as_pkey(json_object *jwk, int pkey_type, EVP_PKEY **pkey); + +int write_key_blob(const char *filename, unsigned char *key_blob, + size_t key_blob_len); + +int read_key_blob(const char *filename, unsigned char *key_blob, + size_t *key_blob_len); + +int read_x509_certificate(const char *pem_filename, X509 **cert); + +int write_x509_certificate(const char *pem_filename, X509 *cert); + +int write_x509_request(const char *pem_filename, X509_REQ *req, bool new_hdr); + +int read_public_key(const char *pem_filename, EVP_PKEY **pkey); + +int write_public_key(const char *pem_filename, EVP_PKEY *pkey); + +typedef int (*rsa_sign_t)(const unsigned char *key_blob, size_t key_blob_length, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen, + int padding_type, int md_nid, + void *private); +typedef int (*rsa_pss_sign_t)(const unsigned char *key_blob, + size_t key_blob_length, unsigned char *sig, + size_t *siglen, const unsigned char *tbs, + size_t tbslen, int md_nid, int mfgmd_nid, + int saltlen, void *private); +typedef int (*ecdsa_sign_t)(const unsigned char *key_blob, + size_t key_blob_length, unsigned char *sig, + size_t *siglen, const unsigned char *tbs, + size_t tbslen, int md_nid, void *private); + +struct sk_pkey_sign_func { + rsa_sign_t rsa_sign; + rsa_pss_sign_t rsa_pss_sign; + ecdsa_sign_t ecdsa_sign; +}; + +int setup_secure_key_pkey_method(int pkey_id); +int cleanup_secure_key_pkey_method(int pkey_id); +int setup_secure_key_pkey_context(EVP_PKEY_CTX *pkey_ctx, + const unsigned char *key_blob, + size_t key_blob_len, + struct sk_pkey_sign_func *sign_funcs, + void *private); + +int setup_rsa_pss_pkey_context(EVP_PKEY_CTX *pkey_ctx, + struct ekmf_rsa_pss_params *rsa_pss_params); + +int build_subject_name(X509_NAME **name, const char *rdns[], size_t num_rdns, + bool utf8); + +int build_certificate_extensions(X509 *cert, X509_REQ *req, + const char *exts[], size_t num_exts, + const STACK_OF(X509_EXTENSION) *addl_exts); + +int generate_x509_serial_number(X509 *cert, size_t sn_bit_size); + +const char *json_get_string(json_object *obj, const char *name); + +int json_object_get_base64url(json_object *obj, const char *name, + unsigned char *data, size_t *data_len); + +json_object *json_object_new_base64url(const unsigned char *data, size_t len); + +#ifndef JSON_C_OBJECT_ADD_KEY_IS_NEW +#define JSON_C_OBJECT_ADD_KEY_IS_NEW (1 << 1) +#define IMPLEMENT_LOCAL_JSON_OBJECT_OBJECT_ADD + +int json_object_object_add_ex(struct json_object *obj, const char *const key, + struct json_object *const val, + const unsigned int opts); +#endif + +#endif
  101. ...
  1. s390-tools