Recommended update for kiwi

SUSE Recommended Update: Recommended update for kiwi
Announcement ID: SUSE-RU-2016:1392-1
Rating: moderate
References: #946648 #956484 #961334 #963276 #964204 #964472 #964474 #965830 #965831 #966293 #968270 #968475 #968601 #971621 #975898
Affected Products:
  • SUSE Linux Enterprise Server for SAP 12-SP1
  • SUSE Linux Enterprise Server 12-SP1
  • SUSE Linux Enterprise Desktop 12-SP1
    		•

    An update that has 15 recommended fixes can now be installed.

    Description:


    This update provides KIWI v7.02.96, which brings several fixes and
    enhancements:

    - Add part_msdos module for self build EFI image: On ARM we have a few
    hooks in kiwi that allow us to adapt the resulting image to target
    boards. On some systems, we need to install the firmware to hardware
    specified sector offsets on the image target (sd card). Unfortunately
    some systems demand firmware at sector 1 which is where the GPT would
    usually reside. So we need to use an MBR partition layout. We can
    convert the GPT into an MBR using gdisk in our ARM scripts, but at that
    point grub2 would have to be able to interpret the MBR as well. So we
    need the "msdos_part" module included. (bnc#975898)

    - Don't copy initial ram disk content to /run/initramfs: We should avoid
    copying the initial ram disk content to a tmpfs filesystem, especially
    on low memory systems. (bsc#963276)

    - Execute haveged in udevStart: This ensure there is at least a source of
    entropy for /dev/random when FIPS mode is enabled. Without it, VMware
    virtual machines hang at boot. (bsc#964204)

    - Run dracut as background process for vmx images: The dracut process
    takes quite some time and blocks the boot process. In cloud frameworks
    instance boot time matters and with this patch the dracut process runs
    in parallel with the rest of the boot process. (bsc#971621)

    - Use shim-install to setup EFI secure boot. (bsc#968475)

    - Don't write grub.cfg to EFI directory: Originally the file was written
    there as reference, but nothing will ever update that file if the real
    grub configuration changes. Thus it doesn't make sense to provide this
    information. (bsc#968270)

    - Avoid lvcreate to ask for wiping swap signature: When kiwi creates the
    logical volume for the swap space and there is already a swap signature
    at the place on disk, lvm stops and asks what to do with it. This should
    be generally avoided at that stage in the boot process. (bsc#968601)

    - Enable pvops builds for EC2: The pvops kernel comes first with SLES12
    SP2 and provides Xen HVM and Xen paravirtual operations. The paravirtual
    block drivers are new to this kernel and must be addressed in kiwi. In
    addition the setup of the root device in the kernel commandline cannot
    be a fixed device name anymore since the device node names are different
    depending which virtualization mode is used. Therefore the root device
    setup for ec2 builds is now based on the rootfs label. (bsc#966293)

    - Fix shell syntax in grub2 template. (bsc#961334)

    - Support by-label mount entries for btrfs subvolumes. (bsc#964474)

    - Don't add kernel file systems to fstab: Systems with systemd which this
    kiwi version aims for, don't need proc, sysfs, debugfs and friends to be
    part of the fstab. (bsc#964472)

    - Allow system to be installed on btrfs snapshot. (bsc#946648)

    - Evaluate kiwi_btrfs_root_is_snapshot in boot code: If set it's required
    to mount the subvolumes like it is done with lvm volumes. In addition
    this patch fixes the update of the fstab file which has to contain an
    entry for each subvolume excluding snapshots and the toplevel.
    (bsc#946648)

    - Add btrfs_root_is_snapshot attribute and its get/set(er) methods.
    (bsc#946648)

    - Improve validation of targetDevice: If called with --targetdevice the
    target must be a device block special and nothing else, no symlink, no
    other node type. (bsc#956484)

    - Fixed creation of /var/run vs. /run: It should not be kiwi's task to
    handle that but it seems we will not be able to fix this in a clean way
    on the package level. Thus, KIWI now checks for the desired distro from
    the value of the boot attribute and create either /run with a symlink
    /var/run or /var/run.

    - Fixed spec file requirements: for older systems (SLE11), the pidof
    program as used by kiwi is provided with the sysvinit package not with
    sysvinit-tools.

    - Prevent prefix setup in grub.cfg for Xen: Xen PV guests boot via a first
    stage loader pygrub/pvgrub and interpret the grub config file
    differently. One inconsistency is that pvgrub searches for the grub
    modules at a different place. Setting up the prefix will point pvgrub to
    the wrong place and the system fail to boot. (bsc#965831)

    - Prevent command variables for Xen domU grub2 setup: Xen PV images which
    boot via pvgrub have the problem that pvgrub is not able to correctly
    read in the grub.cfg file written by kiwi. This is because kiwi uses a
    variable which contains the loader command (e.g $linux) instead of the
    loader command directly. grub2 supports this but pvgrub is not able to
    interpret this information. This patch prevents the use of the variable
    if the target image is Xen, domU and the firmware type is set to bios.
    (bsc#965831)

    - Refactor suseStripKernel: The way the method downsizes the kernel tree
    is wrong in several places and very hard to read. Therefore the code has
    been refactored and splitted into task methods which can run
    independently from each other. As one result the kernel tree is not
    missing any metadata and/or update weak-updates paths anymore.
    (bsc#965830)

    - Fixed validation of updates/weak-updates modules: suseStripKernel took
    the update and weak-update modules only into account if they are
    mentioned in the drivers list. But these modules are considered p1 and
    should always be included and also checked against its dependencies.
    (bsc#965830)

    Patch Instructions:

    To install this SUSE Recommended Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Server for SAP 12-SP1:
      zypper in -t patch SUSE-SLE-SAP-12-SP1-2016-831=1
    • SUSE Linux Enterprise Server 12-SP1:
      zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-831=1
    • SUSE Linux Enterprise Desktop 12-SP1:
      zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-831=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Server for SAP 12-SP1 (noarch):
      • kiwi-pxeboot-7.02.96-27.1
    • SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
      • kiwi-7.02.96-27.1
      • kiwi-debugsource-7.02.96-27.1
      • kiwi-desc-netboot-7.02.96-27.1
      • kiwi-desc-oemboot-7.02.96-27.1
      • kiwi-desc-vmxboot-7.02.96-27.1
      • kiwi-templates-7.02.96-27.1
      • kiwi-tools-7.02.96-27.1
      • kiwi-tools-debuginfo-7.02.96-27.1
    • SUSE Linux Enterprise Server 12-SP1 (x86_64):
      • kiwi-desc-isoboot-7.02.96-27.1
    • SUSE Linux Enterprise Server 12-SP1 (noarch):
      • kiwi-doc-7.02.96-27.1
    • SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
      • kiwi-debugsource-7.02.96-27.1
      • kiwi-tools-7.02.96-27.1
      • kiwi-tools-debuginfo-7.02.96-27.1

    References: