SUSE-RU-2016:1392-1: moderate: Recommended update for kiwi

sle-updates at sle-updates at
Wed May 25 09:08:03 MDT 2016

   SUSE Recommended Update: Recommended update for kiwi

Announcement ID:    SUSE-RU-2016:1392-1
Rating:             moderate
References:         #946648 #956484 #961334 #963276 #964204 #964472 
                    #964474 #965830 #965831 #966293 #968270 #968475 
                    #968601 #971621 #975898 
Affected Products:
                    SUSE Linux Enterprise Server for SAP 12-SP1
                    SUSE Linux Enterprise Server 12-SP1
                    SUSE Linux Enterprise Desktop 12-SP1

   An update that has 15 recommended fixes can now be


   This update provides KIWI v7.02.96, which brings several fixes and

   - Add part_msdos module for self build EFI image: On ARM we have a few
     hooks in kiwi that allow us to adapt the resulting image to target
     boards. On some systems, we need to install the firmware to hardware
     specified sector offsets on the image target (sd card). Unfortunately
     some systems demand firmware at sector 1 which is where the GPT would
     usually reside. So we need to use an MBR partition layout.  We can
     convert the GPT into an MBR using gdisk in our ARM scripts, but at that
     point grub2 would have to be able to interpret the MBR as well. So we
     need the "msdos_part" module included. (bnc#975898)

   - Don't copy initial ram disk content to /run/initramfs: We should avoid
     copying the initial ram disk content to a tmpfs filesystem, especially
     on low memory systems. (bsc#963276)

   - Execute haveged in udevStart: This ensure there is at least a source of
     entropy for /dev/random when FIPS mode is enabled. Without it, VMware
     virtual machines hang at boot. (bsc#964204)

   - Run dracut as background process for vmx images: The dracut process
     takes quite some time and blocks the boot process. In cloud frameworks
     instance boot time matters and with this patch the dracut process runs
     in parallel with the rest of the boot process. (bsc#971621)

   - Use shim-install to setup EFI secure boot. (bsc#968475)

   - Don't write grub.cfg to EFI directory: Originally the file was written
     there as reference, but nothing will ever update that file if the real
     grub configuration changes.  Thus it doesn't make sense to provide this
     information. (bsc#968270)

   - Avoid lvcreate to ask for wiping swap signature: When kiwi creates the
     logical volume for the swap space and there is already a swap signature
     at the place on disk, lvm stops and asks what to do with it. This should
     be generally avoided at that stage in the boot process. (bsc#968601)

   - Enable pvops builds for EC2: The pvops kernel comes first with SLES12
     SP2 and provides Xen HVM and Xen paravirtual operations. The paravirtual
     block drivers are new to this kernel and must be addressed in kiwi. In
     addition the setup of the root device in the kernel commandline cannot
     be a fixed device name anymore since the device node names are different
     depending which virtualization mode is used. Therefore the root device
     setup for ec2 builds is now based on the rootfs label. (bsc#966293)

   - Fix shell syntax in grub2 template. (bsc#961334)

   - Support by-label mount entries for btrfs subvolumes. (bsc#964474)

   - Don't add kernel file systems to fstab: Systems with systemd which this
     kiwi version aims for, don't need proc, sysfs, debugfs and friends to be
     part of the fstab. (bsc#964472)

   - Allow system to be installed on btrfs snapshot. (bsc#946648)

   - Evaluate kiwi_btrfs_root_is_snapshot in boot code: If set it's required
     to mount the subvolumes like it is done with lvm volumes. In addition
     this patch fixes the update of the fstab file which has to contain an
     entry for each subvolume excluding snapshots and the toplevel.

   - Add btrfs_root_is_snapshot attribute and its get/set(er) methods.

   - Improve validation of targetDevice: If called with --targetdevice the
     target must be a device block special and nothing else, no symlink, no
     other node type. (bsc#956484)

   - Fixed creation of /var/run vs. /run: It should not be kiwi's task to
     handle that but it seems we will not be able to fix this in a clean way
     on the package level. Thus, KIWI now checks for the desired distro from
     the value of the boot attribute and create either /run with a symlink
     /var/run or /var/run.

   - Fixed spec file requirements: for older systems (SLE11), the pidof
     program as used by kiwi is provided with the sysvinit package not with

   - Prevent prefix setup in grub.cfg for Xen: Xen PV guests boot via a first
     stage loader pygrub/pvgrub and interpret the grub config file
     differently. One inconsistency is that pvgrub searches for the grub
     modules at a different place. Setting up the prefix will point pvgrub to
     the wrong place and the system fail to boot. (bsc#965831)

   - Prevent command variables for Xen domU grub2 setup: Xen PV images which
     boot via pvgrub have the problem that pvgrub is not able to correctly
     read in the grub.cfg file written by kiwi. This is because kiwi uses a
     variable which contains the loader command (e.g $linux) instead of the
     loader command directly. grub2 supports this but pvgrub is not able to
     interpret this information. This patch prevents the use of the variable
     if the target image is Xen, domU and the firmware type is set to bios.

   - Refactor suseStripKernel: The way the method downsizes the kernel tree
     is wrong in several places and very hard to read. Therefore the code has
     been refactored and splitted into task methods which can run
     independently from each other. As one result the kernel tree is not
     missing any metadata and/or update weak-updates paths anymore.

   - Fixed validation of updates/weak-updates modules: suseStripKernel took
     the update and weak-update modules only into account if they are
     mentioned in the drivers list. But these modules are considered p1 and
     should always be included and also checked against its dependencies.

Patch Instructions:

   To install this SUSE Recommended Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 12-SP1:

      zypper in -t patch SUSE-SLE-SAP-12-SP1-2016-831=1

   - SUSE Linux Enterprise Server 12-SP1:

      zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-831=1

   - SUSE Linux Enterprise Desktop 12-SP1:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-831=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch):


   - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):


   - SUSE Linux Enterprise Server 12-SP1 (x86_64):


   - SUSE Linux Enterprise Server 12-SP1 (noarch):


   - SUSE Linux Enterprise Desktop 12-SP1 (x86_64):



More information about the sle-updates mailing list