Using SysCare
This chapter describes how to use SysCare on openEuler.
Prerequisites
openEuler 22.03 LTS SP1 has been installed.
Using SysCare CLI Tools
You can use syscare build
to create patches and use syscare patch
to manage patches, including installing, activating, deactivating, and uninstalling patches.
Creating Patches
syscare-build
is used to create patches, for example:
syscare-build --name redis_cve_2021_32675 \
--source redis-6.2.5-1.src.rpm \
--debuginfo redis-debuginfo-6.2.5-1.x86_64.rpm \
--target-elfname redis-server \
--summary CVE-2021-32675 \
0001-Prevent-unauthenticated-client-from-easily-consuming.patch
Managing Patches
The format of a patch name is TARGET_PACKAGE_NAME/PATCH_NAME. If PATCH_NAME is unique, TARGET_PACKAGE_NAME/ can be omitted.
Installing a patch:
syscare apply PATCH_NAME
Activating a patch:
syscare active PATCH_NAME
Deactivating a patch:
syscare deactive PATCH_NAME
Uninstalling/removing a patch:
syscare remove PATCH_NAME
Querying the status of a patch:
syscare status PATCH_NAME
Querying all SysCare patches:
syscare list
Patch Making Module
Installing from Source
The syscare/build directory stores the source code of the SysCare patch making module.
cd syscare/build
cargo build
SysCare Patch Making Tool
syscare-build
is a CLI tool that creates kernel- and user-mode live patches from RPM packages. Patches are encapsulated into RPM packages.
Command Parameters
usage: syscare-build [OPTIONS] --patch-name <PATCH_NAME> --source <SOURCE> --debuginfo <DEBUGINFO> <PATCHES>...
Arguments:
<PATCHES>... Patch file(s)
Options:
-n, --patch-name <PATCH_NAME> Patch name
--patch-arch <PATCH_ARCH> Patch architecture [default: x86_64]
--patch-version <PATCH_VERSION> Patch version [default: 1]
--patch-description <PATCH_DESCRIPTION> Patch description [default: (none)]
--target-name <TARGET_NAME> Patch target name
-t, --target-elfname <TARGET_ELFNAME> Patch target executable name
--target-arch <TARGET_ARCH> parch target architecture
--target-epoch <TARGET_EPOCH> Patch target epoch
--target-version <TARGET_VERSION> Patch target version
--target-release <TARGET_RELEASE> Patch target release
--target-license <TARGET_LICENSE> Patch target license
-s, --source <SOURCE> Source package
-d, --debuginfo <DEBUGINFO> Debuginfo package
--workdir <WORKDIR> Working directory [default: .]
-o, --output <OUTPUT> Generated patch output directory [default: .]
--kjobs <N> Kernel make jobs [default: 32]
--skip-compiler-check Skip compiler version check (not recommended)
--skip-cleanup Skip post-build cleanup
-v, --verbose Provide more detailed info
-h, --help Print help information
-V, --version Print version information
Mandatory parameters:
Field | Description |
---|---|
--patch-name | Patch name |
--source | Source package of the target software |
--debuginfo | Debugging information package of the target software |
--target-elfname | Name of the executable file of the target software, which can be omitted for kernel patches |
--PATCHES | Patch list |
An example command is as follows:
syscare-build \
--patch-name CVE-2021-32675 \
--source redis-6.2.5-1.src.rpm \
--debuginfo redis-debuginfo-6.2.5-1.x86_64.rpm \
--target-elfname redis-server \
--output output \
0001-Prevent-unauthenticated-client-from-easily-consuming.patch
Patch Output
- A patch package that contains the binary file of SysCare and meta information. This package is used to install the live patch.
- A patch source package that contains the target software source code and the new patch. This package is used to create live patches for new versions.
Naming rules:
- Patch package: patch-TARGET_SOFTWARE_FULL_NAME-PATCH_NAME-PATCH_VERSION-PATCH_RELEASE.PATCH_ARCHITECTURE.rpm
- Patch source code package: TARGET_SOFTWARE_FULL_NAME.patched.PATCH_NAME.PATCH_VERSION.PATCH_RELEASE.src.rpm
Patch Information
The patch meta information contains the following fields:
Field | Description |
---|---|
name | Patch name |
type | Patch type |
arch | Patch architecture |
target | Target software name |
elf_name | Name of the executable file of the target software |
license | Target software license |
version | Patch version |
release | Patch release |
description | Patch description |
builder | Version of the patch making tool |
Example:
Collecting patch info
------------------------------
name: CVE-2021-32675
type: UserPatch
target: redis-6.2.5-1
elf_name: redis-server
license: BSD and MIT
version: 1
release: 31fc7544
description: None
patch list:
0001-Prevent-unauthenticated-client-from-easily-consuming.patch 31fc7544
------------------------------
Patch Making Process
Prepare the source package (source RPM) and debugging information package (debuginfo RPM) of the target software.
Example:
yumdownloader kernel --source yumdownloader kernel --debuginfo
Ensure that the related software build dependencies are installed.
Example:
dnf install make gcc bison flex openssl-devel dwarves python3-devel elfutils-libelf-devel
Run the
syscare-build
command.Example:
syscare-build \ --patch-name kernel_version \ --source kernel-5.10.0-60.66.0.91.oe2203.src.rpm \ --debuginfo kernel-debuginfo-5.10.0-60.66.0.91.oe2203.x86_64.rpm \ --output output \ 001-kernel-patch-test.patch
During patch making, a temporary folder whose name starts with syscare-build is created in the directory specified by
--workdir
(the current directory by default) to store temporary files and build logs.Example:
dev@openeuler-dev:[~]$ ls -l syscare-build.111602/ total 100 -rw-r--r--. 1 dev dev 92303 Nov 12 00:00 build.log drwxr-xr-x. 6 dev dev 4096 Nov 12 00:00 package drwxr-xr-x. 4 dev dev 4096 Nov 12 00:00 patch
Build logs (build.log) are generated in the temporary folder.
dev@openeuler-dev:[~]$ cat syscare-build.111602/build.log | less ...
If the patch is created successfully, the temporary folder will be deleted after patch making.
Check the build result.
Example:
dev@openeuler-dev:[~]$ ls -l total 189680 -rw-r--r--. 1 dev dev 194218767 Nov 12 00:00 kernel-5.10.0-60.66.0.91.oe2203.patched.kernel_version.1.c15c1a6a.src.rpm -rw-r--r--. 1 dev dev 10937 Nov 12 00:00 patch-kernel-5.10.0-60.66.0.91.oe2203-kernel_version-1-c15c1a6a.x86_64.rpm
In the output:
patch-kernel-5.10.0-60.66.0.91.oe2203-kernel_version-1-c15c1a6a.x86_64.rpm is the patch package.
kernel-5.10.0-60.66.0.91.oe2203.patched.kernel_version.1.c15c1a6a.src.rpm is the patch source package.
Install the patch.
rpm -ivh patch-xxx.rpm
After the patch is installed, files in the patch are stored in the /usr/lib/syscare/patches/target_software_package_name/patch_name directory
Uninstall the patch.
rpm -e patch-xxx.rpm
The patch package can be uninstalled only when the patch is in the not-apply state.
Error Handling
If an error occurs, see the build logs:
Error output example:
...
Building patch, this may take a while
ERROR: Process '/usr/libexec/syscare/upatch-build' exited unsuccessfully, exit_code=255