A fix is available
APAR status
Closed as new function.
Error description
Ensure that service packages transferred to a z/VM system are authentic by verifying the digital signature of the order. The verification is done automatically by GETSHOPZ for direct to host transfer and workstation upload. GETSHOPZ can also verify any service packages transferred by another process. The GIMPAF2.XML file now included with service packages contains the digital signature to verify the service package.
Local fix
n/a
Problem summary
**************************************************************** * USERS AFFECTED: All users of z/VM installing service. * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: APPLY PTF * **************************************************************** When using GETSHOPZ to transfer a service package to z/VM, authenticity of the service is ensured by verification of the digital signature. The verification is done automatically when using the "direct to host" transfer or when uploaded from the workstation. GETSHOPZ can also be used to unpack and verify service that was transferred to z/VM by another process. A log file will also be retained as reference to identify the service files produced by GETSHOPZ.
Problem conclusion
Temporary fix
Comments
GETSHOPZ has been enhanced to use the GIMPAF2 XML cover letter provided with each service package. The cover letter includes the digital signature that is verified to determine that the service package is authentic. The digital signature verification is done automatically when using GETSHOPZ to transfer the service with "direct to host" or upload from the workstation. The status display in the web application has been enhanced to show that the signature has verified. The status also shows the SHA1 value for the order to compare with the Shopz order confirmation. For clients not using GETSHOPZ to transfer the service, a new EXTRACT function is provided to unpack service and verify the digital signature. When GETSHOPZ ends, a summary of the received service files is shown in the CMS session to use in a SERVICE command. The summary includes the information about the digital signature and the SHA1 value of the service package. The summary is also appended to GETSHOPZ LOGFILE on the output disk to serve as later reference on the service received. For clients using a workstation without Internet connectivity, an option is provided to run a simplified web application in the browser that does not need additional public web resources. The z/VM Service Guide GC24-6325 Appendix A has been updated to document the new options and functions provided. This publication is available at the z/VM web site https://www.ibm.com/docs/en/zvm/7.3
APAR Information
APAR number
VM66732
Reported component name
VM CMS
Reported component ID
568411201
Reported release
730
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
YesSpecatt / New Function / Xsystem
Submitted date
2023-10-20
Closed date
2024-03-08
Last modified date
2024-06-19
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UM90411
Modules/Macros
GETSHOPZ GSZUTILX
GC24628673 | GC24629473 | SC24632305 | GC24632573 |
Fix information
Fixed component name
VM CMS
Fixed component ID
568411201
Applicable component levels
R730 PSY UM90451
UP24/06/19 I 1000
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU011","label":"Systems - zSystems software"},"Product":{"code":"SG27M"},"Platform":[{"code":"PF054","label":"z Systems"}],"Version":"730"}]
Document Information
Modified date:
20 June 2024