Hello community, here is the log from the commit of package dracut for openSUSE:Factory checked in at 2017-03-29 13:21:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dracut (Old) and /work/SRC/openSUSE:Factory/.dracut.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "dracut" Wed Mar 29 13:21:53 2017 rev:105 rq:482462 version:044 Changes: -------- --- /work/SRC/openSUSE:Factory/dracut/dracut.changes 2017-02-26 17:00:43.457551821 +0100 +++ /work/SRC/openSUSE:Factory/.dracut.new/dracut.changes 2017-03-29 13:21:55.850859250 +0200 @@ -1,0 +2,30 @@ +Fri Mar 17 10:09:57 UTC 2017 - daniel.molkentin@suse.com + +- 01fips: Make init on non-x86_64, specifically s390x, pass (bsc#1021687) + * add 0510-01fips-Some-modules-use-separators-other-than.patch + * add 0511-01fips-ensure-fips-initialization-succeeds-on-s390-x.patch + +------------------------------------------------------------------- +Thu Mar 16 11:45:01 UTC 2017 - daniel.molkentin@suse.com + +- installkernel: handle make bin-rpmpkg (bsc#1008648) + +------------------------------------------------------------------- +Thu Mar 2 15:06:01 UTC 2017 - daniel.molkentin@suse.com + +- Do not pass ifname for bonding devices (bsc#995812) + * add 0314-nfs_do_not_pass_ifname_for_bonding_devices.patch + +------------------------------------------------------------------- +Thu Mar 2 15:03:26 UTC 2017 - daniel.molkentin@suse.com + +- Find devices by path for S390x (bsc#915218) + * add s390x_persistent_device.conf + +------------------------------------------------------------------- +Wed Mar 1 13:24:19 UTC 2017 - daniel.molkentin@suse.com + +- 01fips: Remove zlib module as requirement (bsc#1020063) + * add 0509-01fips-Remove-zlib-module-as-requirement.patch + +------------------------------------------------------------------- New: ---- 0314-nfs_do_not_pass_ifname_for_bonding_devices.patch 0509-01fips-Remove-zlib-module-as-requirement.patch 0510-01fips-Some-modules-use-separators-other-than.patch 0511-01fips-ensure-fips-initialization-succeeds-on-s390-x.patch s390x_persistent_device.conf ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dracut.spec ++++++ --- /var/tmp/diff_new_pack.cUVz9E/_old 2017-03-29 13:21:57.926565697 +0200 +++ /var/tmp/diff_new_pack.cUVz9E/_new 2017-03-29 13:21:57.926565697 +0200 @@ -32,6 +32,7 @@ Source5: purge-kernels.service Source6: dracut-installkernel Source7: 99-debug.conf +Source8: s390x_persistent_device.conf #Network: Patch12: 0012-40network-Fix-race-condition-when-wait-for-networks.patch @@ -92,6 +93,9 @@ Patch137: 0137-Switch-from-Mozilla-NSS-sha256hmac-checking-to-fipsc.patch Patch138: 0138-fips_add_aesni-intel.patch Patch139: 0139-fips-kernel-4.4-fixes.patch +Patch509: 0509-01fips-Remove-zlib-module-as-requirement.patch +Patch510: 0510-01fips-Some-modules-use-separators-other-than.patch +Patch511: 0511-01fips-ensure-fips-initialization-succeeds-on-s390-x.patch # Others Patch20: 0020-00warpclock-Set-correct-timezone.patch @@ -164,6 +168,7 @@ Patch311: 0311-95iscsi-ip-ibft-is-deprecated.patch Patch312: 0312-40network-Do-not-print-message-about-tmp-net.ibft0.c.patch Patch313: 0313-90mdraid-Use-stock-MD-rules-to-assemble-RAID-arrays.patch +Patch314: 0314-nfs_do_not_pass_ifname_for_bonding_devices.patch # New features/improvements Patch402: 0402-driver-fail-summary.patch @@ -376,6 +381,7 @@ %patch311 -p1 %patch312 -p1 %patch313 -p1 +%patch314 -p1 %patch402 -p1 %patch403 -p1 @@ -397,6 +403,9 @@ %patch506 -p1 %patch507 -p1 %patch508 -p1 +%patch509 -p1 +%patch510 -p1 +%patch511 -p1 %build %configure\ @@ -433,6 +442,10 @@ install -D -m 0644 dracut.conf.d/suse.conf.example %{buildroot}/usr/lib/dracut/dracut.conf.d/01-dist.conf install -m 0644 %{SOURCE7} %{buildroot}%{_sysconfdir}/dracut.conf.d/99-debug.conf install -m 0644 dracut.conf.d/fips.conf.example %{buildroot}%{_sysconfdir}/dracut.conf.d/40-fips.conf +# bsc#915218 +%ifarch s390 s390x +install -m 0644 %{SOURCE8} %{buildroot}%{_sysconfdir}/dracut.conf.d/10-s390x_persistent_device.conf +%endif %ifarch %ix86 x86_64 echo 'early_microcode="yes"' > %{buildroot}%{_sysconfdir}/dracut.conf.d/02-early-microcode.conf ++++++ 0314-nfs_do_not_pass_ifname_for_bonding_devices.patch ++++++ Index: dracut-044/modules.d/95nfs/module-setup.sh =================================================================== --- dracut-044.orig/modules.d/95nfs/module-setup.sh 2016-12-07 11:46:32.799438777 +0100 +++ dracut-044/modules.d/95nfs/module-setup.sh 2016-12-07 11:46:33.519479687 +0100 @@ -57,7 +57,10 @@ cmdline() { nfs_address=${lookup##* } fi ifname=$(ip -o route get to $nfs_address | sed -n 's/.*dev \([^ ]*\).*/\1/p') - if [ -e /sys/class/net/$ifname/address ] ; then + if [ -d /sys/class/net/$ifname/bonding ]; then + dinfo "Found bonded interface '${ifname}'. Make sure to provide an appropriate 'bond=' cmdline." + return + elif [ -e /sys/class/net/$ifname/address ] ; then ifmac=$(cat /sys/class/net/$ifname/address) printf 'ifname=%s:%s ' ${ifname} ${ifmac} fi ++++++ 0509-01fips-Remove-zlib-module-as-requirement.patch ++++++
From 17eff2759ab2d5e3622864fb06a7657c7f95bfd3 Mon Sep 17 00:00:00 2001 From: Daniel Molkentin <dmolkentin@suse.com> Date: Wed, 1 Mar 2017 11:43:39 +0100 Subject: [PATCH] 01fips: Remove zlib module as requirement
zlib has been removed from the upstream kernel, affecting SLE12SP3. This patch must not be backported to SLE12SP2 and earlier (bsc#1020063). --- modules.d/01fips/module-setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh index 0bca7a1..e29af08 100755 --- a/modules.d/01fips/module-setup.sh +++ b/modules.d/01fips/module-setup.sh @@ -17,7 +17,7 @@ installkernel() { _fipsmodules+="ctr cts deflate drbg " _fipsmodules+="ecb fcrypt gcm ghash_generic khazad md4 michael_mic rmd128 " _fipsmodules+="rmd160 rmd256 rmd320 seed " - _fipsmodules+="sha512_generic tcrypt tea wp512 xts zlib " + _fipsmodules+="sha512_generic tcrypt tea wp512 xts " _fipsmodules+="aes_s390 des_s390 sha256_s390 ghash_s390 sha1_s390 sha512_s390 " _fipsmodules+="gf128mul " _fipsmodules+="cmac vmac xcbc salsa20_generic salsa20_x86_64 camellia_generic camellia_x86_64 pcbc tgr192 anubis " -- 2.10.2 ++++++ 0510-01fips-Some-modules-use-separators-other-than.patch ++++++
From e8804fc3d2052000d66661ced4a03103e0176e63 Mon Sep 17 00:00:00 2001 From: Daniel Molkentin <dmolkentin@suse.com> Date: Tue, 7 Mar 2017 11:51:17 +0100 Subject: [PATCH] 01fips: Some modules use separators other than "-"
We need to account for that in our exception list of modules that are fine to fail. This only happened on non-Intel machines, because the intel modules use "_" as separator. Original-Patch-By: Marcus Meissner <meissner@suse.de> Reference: bsc#1021687 --- modules.d/01fips/fips.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh index 055093a..30f53b4 100755 --- a/modules.d/01fips/fips.sh +++ b/modules.d/01fips/fips.sh @@ -105,11 +105,11 @@ do_fips() # If we find some hardware specific modules and cannot load them # it is not a problem, proceed. if [ "$_found" = "0" ]; then - if [ "$_module" != "${_module%-intel}" \ - -o "$_module" != "${_module%-ssse3}" \ - -o "$_module" != "${_module%-x86_64}" \ + if [ "$_module" != "${_module%intel}" \ + -o "$_module" != "${_module%ssse3}" \ + -o "$_module" != "${_module%x86_64}" \ -o "$_module" != "${_module%z90}" \ - -o "$_module" != "${_module%s390}" \ + -o "$_module" != "${_module%s390}" \ ]; then _found=1 fi -- 2.10.2 ++++++ 0511-01fips-ensure-fips-initialization-succeeds-on-s390-x.patch ++++++
From d31f6dc51b26ac4110b2e5357a46f9b74ebd80e2 Mon Sep 17 00:00:00 2001 From: Daniel Molkentin <dmolkentin@suse.com> Date: Wed, 15 Mar 2017 11:59:28 +0100 Subject: [PATCH] 01fips: ensure fips initialization succeeds on s390(x)
More modules are x86_64 only but are not matchable by the generic postfix checks. Others are helper modules that are not strictly needed on all platforms. Ensure we pass FIPS init without them. Finally, cbc is not always compiled into the kernel -- try adding as a module. Relates-to: e8804fc3d2052000d66661ced4a03103e0176e63 Reference: bsc#1021687 --- modules.d/01fips/fips.sh | 3 +++ modules.d/01fips/module-setup.sh | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh index 30f53b4..a005b0f 100755 --- a/modules.d/01fips/fips.sh +++ b/modules.d/01fips/fips.sh @@ -110,6 +110,9 @@ do_fips() -o "$_module" != "${_module%x86_64}" \ -o "$_module" != "${_module%z90}" \ -o "$_module" != "${_module%s390}" \ + -o "$_module" == "twofish_x86_64_3way" \ + -o "$_module" == "ablk_helper" \ + -o "$_module" == "glue_helper" \ ]; then _found=1 fi diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh index e29af08..beeb2f6 100755 --- a/modules.d/01fips/module-setup.sh +++ b/modules.d/01fips/module-setup.sh @@ -23,7 +23,7 @@ installkernel() { _fipsmodules+="cmac vmac xcbc salsa20_generic salsa20_x86_64 camellia_generic camellia_x86_64 pcbc tgr192 anubis " _fipsmodules+="cast6_generic cast5_generic cast_common sha512_ssse3 serpent_sse2_x86_64 serpent_generic twofish_generic " _fipsmodules+="ablk_helper cryptd twofish_x86_64_3way lrw glue_helper twofish_x86_64 twofish_common blowfish_generic " - _fipsmodules+="blowfish_x86_64 blowfish_common des_generic " + _fipsmodules+="blowfish_x86_64 blowfish_common des_generic cbc " mkdir -m 0755 -p "${initdir}/etc/modprobe.d" -- 2.10.2 ++++++ dracut-installkernel ++++++ --- /var/tmp/diff_new_pack.cUVz9E/_old 2017-03-29 13:21:58.414496692 +0200 +++ /var/tmp/diff_new_pack.cUVz9E/_new 2017-03-29 13:21:58.414496692 +0200 @@ -64,8 +64,8 @@ fi -if [ -f $INSTALL_PATH/$CONFIGFILE ]; then - mv $INSTALL_PATH/$CONFIGFILE \ +if [ -f .config ] && [ -f $INSTALL_PATH/$CONFIGFILE ]; then + mv -v $INSTALL_PATH/$CONFIGFILE \ $INSTALL_PATH/$CONFIGFILE.old; fi @@ -75,7 +75,7 @@ cp -fp $BOOTIMAGE $INSTALL_PATH/$BOOTFILE-$KERNEL_VERSION cp -fp $MAPFILE $INSTALL_PATH/System.map-$KERNEL_VERSION -cp -fp .config $INSTALL_PATH/$CONFIGFILE +[ -f .config] && cp -fp .config $INSTALL_PATH/$CONFIGFILE # If the kernel has module support, recreate modules.dep using depmod ++++++ s390x_persistent_device.conf ++++++ # Set persistent policy by-path on s390 platforms, to prevent # the system from hanging during the boot when vDISKs are used # as swap devices (bsc#915218). # # Indeed, they are required to be present early in the boot # process to possibly resume the system. However, since # they are cleared after logoff/logon and the UUID will likely # change after reinitialization, these will not be found with # the default by-uuid policy. persistent_policy=by-path