diff options
| author |   Georgy Yakovlev <gyakovlev@gentoo.org> | 2020-11-02 20:39:36 -0800 |
|---|---|---|
| committer | Georgy Yakovlev <gyakovlev@gentoo.org> | 2020-11-02 20:39:36 -0800 |
| commit | 151a75dd0917279e72f74d55bb6409eed095b2e0 (patch) | |
| tree | 96a5665d226b1b489653217d58ac629f13a60750 /sys-apps/opal-utils | |
| parent | sys-apps/opal-utils: bump to 6.7 (diff) | |
| download | gentoo-151a75dd0917279e72f74d55bb6409eed095b2e0.tar.gz gentoo-151a75dd0917279e72f74d55bb6409eed095b2e0.tar.bz2 gentoo-151a75dd0917279e72f74d55bb6409eed095b2e0.zip | |
sys-apps/opal-utils: cleanup
Package-Manager: Portage-3.0.9, Repoman-3.0.2
Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>
Diffstat (limited to 'sys-apps/opal-utils')
| -rw-r--r-- | sys-apps/opal-utils/Manifest | 1 | ||||
| -rw-r--r-- | sys-apps/opal-utils/files/devtmpfs-noexec.patch | 87 | ||||
| -rw-r--r-- | sys-apps/opal-utils/opal-utils-6.6.3-r1.ebuild | 95 | ||||
| -rw-r--r-- | sys-apps/opal-utils/opal-utils-6.6.3.ebuild | 103 |
4 files changed, 0 insertions, 286 deletions
diff --git a/sys-apps/opal-utils/Manifest b/sys-apps/opal-utils/Manifest index 1bdf1480a80f..09689a416f42 100644 --- a/sys-apps/opal-utils/Manifest +++ b/sys-apps/opal-utils/Manifest @@ -1,4 +1,3 @@ DIST opal-utils-6.5.2.tar.gz 2082426 BLAKE2B 20256f13f95da73bcccae670627c9786229e756183fad33ff45ecf2d91f1039c73a0f881b3ac794abad35d51b7bef0b780bd0f8260818c84a262ce7bb0c45b2e SHA512 765e568ad60f5cd7df8868eb3faea841d37c75cb14f33ab30f9419550ea146aeec0d02d622752af1e09a36e744f93be3a56fe6cbc8ac91a94effba9754a24091 DIST opal-utils-6.6.2.tar.gz 2121790 BLAKE2B 3f1ec80baa112ba0d01fcb9a64b45592da03addd067484ef237204fd712359c04796353f47a32ac943e0e135a580c3c5ad7a5843ee4d5259cde3cbaf1bbefcc4 SHA512 a864e4120ffac4065b89d5da7c959ac20643be42e83f4186a778355f3ea0b36cbd1e02c91b1460b6fa6550fceec9034cce096b89f840b4051d65c7f0ab70dc27 -DIST opal-utils-6.6.3.tar.gz 2121842 BLAKE2B 06ecd73dea54cd8455da32fdd88163c283554e49b380c371705fdba4fef169a1e3022ed4845f33594c0188e11e60f49af1ee0d5062a2e483f0b874e62a567245 SHA512 94af7a389e05627b26a3f79ebdeb55a6bf9e99f530667724c3112df25bc113c9520944a1d8e3847fe7210efa9eed0b8facab95f1f16757ff92038aa7812ce79e DIST opal-utils-6.7.tar.gz 5320182 BLAKE2B e2fa86a7d5d96afda8f8266875687fb3c2e61ca2932ea5585921b2e5cffe30cb3554d85d078448cda032cbc0438d188ea40b5aad6e7f4c923e77fa4e42e6f364 SHA512 1626d64554c608cd823dc27b58f35206cf6d011afde124746e06fd5f1e8c714c199d9f2b60417415daf01cfbc46208d08d49eef29538a515b539a551b8c5e5c3 diff --git a/sys-apps/opal-utils/files/devtmpfs-noexec.patch b/sys-apps/opal-utils/files/devtmpfs-noexec.patch deleted file mode 100644 index 45e97308a1f2..000000000000 --- a/sys-apps/opal-utils/files/devtmpfs-noexec.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 47005e8d4c9aeda5826c17c4a013cfbda1a3f2de Mon Sep 17 00:00:00 2001 -From: Georgy Yakovlev <gyakovlev@gentoo.org> -Date: Mon, 12 Oct 2020 14:29:17 -0700 -Subject: [PATCH] opal-prd: handle devtmpfs mounted with noexec - -On systems using recent versions of systemd /dev (devtmpfs) is mounted with -noexec option. Such mount prevents mapping HBRT image code region as RWX -from /dev. This commit, as suggested in github PR linked below, attempts to -work around the situation by copying HBRT image to anon mmaped memory -region and sets mprotect rwx on it, allowing opal-prd to sucessfully -execute the code region. - -Having memory region set as RWX is not ideal for security, but fixing that -is a separate and hard to solve problem. Original code also mmaped region -as RWX, so this PR does not make things worse at least. - -Closes: https://github.com/open-power/skiboot/issues/258 -Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> -Reviewed-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com> -[oliver: whitespace fix, add a comment, reflow commit message] -Signed-off-by: Oliver O'Halloran <oohall@gmail.com> ---- - external/opal-prd/opal-prd.c | 36 ++++++++++++++++++++++++++++++++++-- - 1 file changed, 34 insertions(+), 2 deletions(-) - -diff --git a/external/opal-prd/opal-prd.c b/external/opal-prd/opal-prd.c -index d74d80398d..12269e8ebb 100644 ---- a/external/opal-prd/opal-prd.c -+++ b/external/opal-prd/opal-prd.c -@@ -973,7 +973,9 @@ static int map_hbrt_file(struct opal_prd_ctx *ctx, const char *name) - static int map_hbrt_physmem(struct opal_prd_ctx *ctx, const char *name) - { - struct prd_range *range; -+ int rc; - void *buf; -+ void *ro_buf; - - range = find_range(name, 0); - if (!range) { -@@ -981,15 +983,45 @@ static int map_hbrt_physmem(struct opal_prd_ctx *ctx, const char *name) - return -1; - } - -- buf = mmap(NULL, range->size, PROT_READ | PROT_WRITE | PROT_EXEC, -+ ro_buf = mmap(NULL, range->size, PROT_READ, - MAP_PRIVATE, ctx->fd, range->physaddr); -- if (buf == MAP_FAILED) { -+ if (ro_buf == MAP_FAILED) { - pr_log(LOG_ERR, "IMAGE: mmap(range:%s, " - "phys:0x%016lx, size:0x%016lx) failed: %m", - name, range->physaddr, range->size); - return -1; - } - -+ buf = mmap(NULL, range->size, PROT_READ | PROT_WRITE, -+ MAP_SHARED | MAP_ANONYMOUS, -1 , 0); -+ if (buf == MAP_FAILED) { -+ pr_log(LOG_ERR, "IMAGE: anon mmap(size:0x%016lx) failed: %m", -+ range->size); -+ return -1; -+ } -+ -+ memcpy(buf, ro_buf, range->size); -+ -+ rc = munmap(ro_buf, range->size); -+ if (rc < 0) { -+ pr_log(LOG_ERR, "IMAGE: munmap(" -+ "phys:0x%016lx, size:0x%016lx) failed: %m", -+ range->physaddr, range->size); -+ return -1; -+ } -+ -+ /* -+ * FIXME: We shouldn't be mapping the memory as RWX, but HBRT appears to -+ * require the ability to write into the image at runtime. -+ */ -+ rc = mprotect(buf, range->size, PROT_READ | PROT_WRITE | PROT_EXEC); -+ if (rc < 0) { -+ pr_log(LOG_ERR, "IMAGE: mprotect(phys:%p, " -+ "size:0x%016lx, rwx) failed: %m", -+ buf, range->size); -+ return -1; -+ } -+ - ctx->code_addr = buf; - ctx->code_size = range->size; - return 0; diff --git a/sys-apps/opal-utils/opal-utils-6.6.3-r1.ebuild b/sys-apps/opal-utils/opal-utils-6.6.3-r1.ebuild deleted file mode 100644 index 5dca4f59dc1f..000000000000 --- a/sys-apps/opal-utils/opal-utils-6.6.3-r1.ebuild +++ /dev/null @@ -1,95 +0,0 @@ -# Copyright 2019-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{6,7,8} ) - -inherit linux-info python-any-r1 systemd toolchain-funcs - -DESCRIPTION="OPAL firmware utilities" -HOMEPAGE="https://github.com/open-power/skiboot" -SRC_URI="https://github.com/open-power/skiboot/archive/v${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="Apache-2.0 GPL-2+" -SLOT="0" -KEYWORDS="~ppc64" -IUSE="doc" - -DEPEND="" -RDEPEND="${DEPEND}" -BDEPEND="doc? ( - $(python_gen_any_dep ' - dev-python/sphinx[${PYTHON_USEDEP}] - dev-python/recommonmark[${PYTHON_USEDEP}] - ') -)" - -CONFIG_CHECK="~MTD_POWERNV_FLASH ~OPAL_PRD ~PPC_DT_CPU_FTRS ~SCOM_DEBUGFS" -ERROR_MTD_POWERND_FLASH="CONFIG_MTD_POWERND_FLASH is required to use pflash and opal-gard" -ERROR_OPAL_PRD="CONFIG_OPAL_PRD is required to run opal-prd daemon" -ERROR_SCOM_DEBUGFS="CONFIG_SCOM_DEBUGFS is required to use xscom-utils" - -S="${WORKDIR}/skiboot-${PV}" - -PATCHES=( - "${FILESDIR}/flags.patch" - "${FILESDIR}/devtmpfs-noexec.patch" -) - -python_check_deps() { - has_version "dev-python/recommonmark[${PYTHON_USEDEP}]" && - has_version "dev-python/sphinx[${PYTHON_USEDEP}]" -} - -pkg_setup() { - linux-info_pkg_setup - use doc && python-any-r1_pkg_setup -} - -src_configure() { - tc-export CC LD - export OPAL_PRD_VERSION="${PV}" - export GARD_VERSION="${PV}" - export PFLASH_VERSION="${PV}" - export XSCOM_VERSION="${PV}" - export FFSPART_VERSION="${PV}" -} - -src_compile() { - emake V=1 -C external/opal-prd - emake V=1 -C external/gard - emake V=1 -C external/pflash - emake V=1 -C external/xscom-utils - emake V=1 -C external/ffspart - - use doc && emake V=1 -C doc html -} - -src_install() { - emake -C external/opal-prd DESTDIR="${D}" prefix="${EPREFIX}/usr" install - emake -C external/gard DESTDIR="${D}" prefix="${EPREFIX}/usr" install - emake -C external/pflash DESTDIR="${D}" prefix="${EPREFIX}/usr" install - emake -C external/xscom-utils DESTDIR="${D}" prefix="${EPREFIX}/usr" install - dosbin external/ffspart/ffspart - - newinitd "${FILESDIR}"/opal-prd.initd opal-prd - newconfd "${FILESDIR}"/opal-prd.confd opal-prd - - systemd_dounit external/opal-prd/opal-prd.service - - if use doc; then - rm -r doc/_build/html/_sources || die - local HTML_DOCS=( doc/_build/html/. ) - fi - einstalldocs -} - -src_test() { - emake V=1 -C external/opal-prd test - emake V=1 -C external/gard check - # this test is fragile and fails because of filename path - rm external/pflash/test/tests/01-info || die - emake V=1 -C external/pflash check - emake V=1 -C external/ffspart check -} diff --git a/sys-apps/opal-utils/opal-utils-6.6.3.ebuild b/sys-apps/opal-utils/opal-utils-6.6.3.ebuild deleted file mode 100644 index b7976592cb25..000000000000 --- a/sys-apps/opal-utils/opal-utils-6.6.3.ebuild +++ /dev/null @@ -1,103 +0,0 @@ -# Copyright 2019-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{6,7,8} ) - -inherit linux-info python-any-r1 systemd toolchain-funcs - -DESCRIPTION="OPAL firmware utilities" -HOMEPAGE="https://github.com/open-power/skiboot" -SRC_URI="https://github.com/open-power/skiboot/archive/v${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="Apache-2.0 GPL-2+" -SLOT="0" -KEYWORDS="~ppc64" -IUSE="doc" - -DEPEND="" -RDEPEND="${DEPEND}" -BDEPEND="doc? ( - $(python_gen_any_dep ' - dev-python/sphinx[${PYTHON_USEDEP}] - dev-python/recommonmark[${PYTHON_USEDEP}] - ') -)" - -CONFIG_CHECK="~MTD_POWERNV_FLASH ~OPAL_PRD ~PPC_DT_CPU_FTRS ~SCOM_DEBUGFS" -ERROR_MTD_POWERND_FLASH="CONFIG_MTD_POWERND_FLASH is required to use pflash and opal-gard" -ERROR_OPAL_PRD="CONFIG_OPAL_PRD is required to run opal-prd daemon" -ERROR_SCOM_DEBUGFS="CONFIG_SCOM_DEBUGFS is required to use xscom-utils" - -S="${WORKDIR}/skiboot-${PV}" - -PATCHES=( "${FILESDIR}/flags.patch" ) - -python_check_deps() { - has_version "dev-python/recommonmark[${PYTHON_USEDEP}]" && - has_version "dev-python/sphinx[${PYTHON_USEDEP}]" -} - -pkg_setup() { - linux-info_pkg_setup - use doc && python-any-r1_pkg_setup -} - -src_configure() { - tc-export CC LD - export OPAL_PRD_VERSION="${PV}" - export GARD_VERSION="${PV}" - export PFLASH_VERSION="${PV}" - export XSCOM_VERSION="${PV}" - export FFSPART_VERSION="${PV}" -} - -src_compile() { - emake V=1 -C external/opal-prd - emake V=1 -C external/gard - emake V=1 -C external/pflash - emake V=1 -C external/xscom-utils - emake V=1 -C external/ffspart - - use doc && emake V=1 -C doc html -} - -src_install() { - emake -C external/opal-prd DESTDIR="${D}" prefix="${EPREFIX}/usr" install - emake -C external/gard DESTDIR="${D}" prefix="${EPREFIX}/usr" install - emake -C external/pflash DESTDIR="${D}" prefix="${EPREFIX}/usr" install - emake -C external/xscom-utils DESTDIR="${D}" prefix="${EPREFIX}/usr" install - dosbin external/ffspart/ffspart - - newinitd "${FILESDIR}"/opal-prd.initd opal-prd - newconfd "${FILESDIR}"/opal-prd.confd opal-prd - - systemd_dounit external/opal-prd/opal-prd.service - - if use doc; then - rm -r doc/_build/html/_sources || die - local HTML_DOCS=( doc/_build/html/. ) - fi - einstalldocs -} - -src_test() { - emake V=1 -C external/opal-prd test - emake V=1 -C external/gard check - # this test is fragile and fails because of filename path - rm external/pflash/test/tests/01-info || die - emake V=1 -C external/pflash check - emake V=1 -C external/ffspart check -} - -pkg_postinst() { - if systemd_is_booted || has_version sys-apps/systemd; then - echo - ewarn "With systemd opal-prd.service will fail to start" - ewarn "with 'mmap failed: Operation not permitted' error" - ewarn "if /dev filesystem is mounted with 'noexec' option" - ewarn "see https://github.com/open-power/skiboot/issues/258" - echo - fi -} |