[systemd-commits] 5 commits - Makefile.am configure.ac man/journald.conf.xml src/journal src/shared
Lennart Poettering
lennart at kemper.freedesktop.org
Mon Aug 20 13:14:30 PDT 2012
Makefile.am | 12 +++
configure.ac | 13 +++
man/journald.conf.xml | 93 ++++++++++++++----------
src/journal/journal-authenticate.c | 2
src/journal/journal-qrcode.c | 138 +++++++++++++++++++++++++++++++++++++
src/journal/journal-qrcode.h | 30 ++++++++
src/journal/journal-verify.c | 1
src/journal/journalctl.c | 18 ++++
src/journal/journald-gperf.gperf | 5 -
src/journal/journald.c | 9 +-
src/journal/journald.conf | 3
src/journal/journald.h | 1
src/shared/util.c | 1
13 files changed, 276 insertions(+), 50 deletions(-)
New commits:
commit eb53b74f7e2f83d936b35107806a157fdffdbf5a
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Aug 20 22:13:22 2012 +0200
journald: add new Seal= configuration option
diff --git a/man/journald.conf.xml b/man/journald.conf.xml
index 2ebbf30..2fa475c 100644
--- a/man/journald.conf.xml
+++ b/man/journald.conf.xml
@@ -69,6 +69,46 @@
<variablelist>
<varlistentry>
+ <term><varname>Storage=</varname></term>
+
+ <listitem><para>Controls where to
+ store journal data. One of
+ <literal>volatile</literal>,
+ <literal>persistent</literal>,
+ <literal>auto</literal> and
+ <literal>none</literal>. If
+ <literal>volatile</literal> journal
+ log data will be stored only in
+ memory, i.e. below the
+ <filename>/run/log/journal</filename>
+ hierarchy (which is created if
+ needed). If
+ <literal>persistent</literal> data will
+ be stored preferably on disk,
+ i.e. below the
+ <filename>/var/log/journal</filename>
+ hierarchy (which is created if
+ needed), with a fallback to
+ <filename>/run/log/journal</filename>
+ (which is created if needed), during
+ early boot and if the disk is not
+ writable. <literal>auto</literal> is
+ similar to
+ <literal>persistent</literal> but the
+ directory
+ <filename>/var/log/journal</filename>
+ is not created if needed, so that its
+ existence controls where log data
+ goes. <literal>none</literal> turns
+ off all storage, all log data received
+ will be dropped. Forwarding to other
+ targets, such as the console, the
+ kernel log buffer or a syslog daemon
+ will still work however. Defaults to
+ <literal>auto</literal>.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><varname>Compress=</varname></term>
<listitem><para>Takes a boolean
@@ -82,6 +122,20 @@
</varlistentry>
<varlistentry>
+ <term><varname>Seal=</varname></term>
+
+ <listitem><para>Takes a boolean
+ value. If enabled (the default) and a
+ sealing key is available (as created
+ by
+ <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
+ <option>--setup-keys</option>
+ command), forward secure sealing (FSS) for
+ all persistent journal files is
+ enabled.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><varname>RateLimitInterval=</varname></term>
<term><varname>RateLimitBurst=</varname></term>
@@ -265,45 +319,6 @@
<filename>/dev/console</filename>.</para></listitem>
</varlistentry>
- <varlistentry>
- <term><varname>Storage=</varname></term>
-
- <listitem><para>Controls where to
- store journal data. One of
- <literal>volatile</literal>,
- <literal>persistent</literal>,
- <literal>auto</literal> and
- <literal>none</literal>. If
- <literal>volatile</literal> journal
- log data will be stored only in
- memory, i.e. below the
- <filename>/run/log/journal</filename>
- hierarchy (which is created if
- needed). If
- <literal>persistent</literal> data will
- be stored preferably on disk,
- i.e. below the
- <filename>/var/log/journal</filename>
- hierarchy (which is created if
- needed), with a fallback to
- <filename>/run/log/journal</filename>
- (which is created if needed), during
- early boot and if the disk is not
- writable. <literal>auto</literal> is
- similar to
- <literal>persistent</literal> but the
- directory
- <filename>/var/log/journal</filename>
- is not created if needed, so that its
- existence controls where log data
- goes. <literal>none</literal> turns
- off all storage, all log data received
- will be dropped. Forwarding to other
- targets, such as the console, the
- kernel log buffer or a syslog daemon
- will still work however. Defaults to
- <literal>auto</literal>.</para></listitem>
- </varlistentry>
</variablelist>
</refsect1>
diff --git a/src/journal/journald-gperf.gperf b/src/journal/journald-gperf.gperf
index d4019dd..2f83cbd 100644
--- a/src/journal/journald-gperf.gperf
+++ b/src/journal/journald-gperf.gperf
@@ -14,9 +14,11 @@ struct ConfigPerfItem;
%struct-type
%includes
%%
+Journal.Storage, config_parse_storage, 0, offsetof(Server, storage)
+Journal.Compress, config_parse_bool, 0, offsetof(Server, compress)
+Journal.Seal, config_parse_bool, 0, offsetof(Server, seal)
Journal.RateLimitInterval, config_parse_usec, 0, offsetof(Server, rate_limit_interval)
Journal.RateLimitBurst, config_parse_unsigned, 0, offsetof(Server, rate_limit_burst)
-Journal.Compress, config_parse_bool, 0, offsetof(Server, compress)
Journal.SystemMaxUse, config_parse_bytes_off, 0, offsetof(Server, system_metrics.max_use)
Journal.SystemMaxFileSize, config_parse_bytes_off, 0, offsetof(Server, system_metrics.max_size)
Journal.SystemMinFileSize, config_parse_bytes_off, 0, offsetof(Server, system_metrics.min_size)
@@ -33,4 +35,3 @@ Journal.MaxLevelStore, config_parse_level, 0, offsetof(Server, max_leve
Journal.MaxLevelSyslog, config_parse_level, 0, offsetof(Server, max_level_syslog)
Journal.MaxLevelKMsg, config_parse_level, 0, offsetof(Server, max_level_kmsg)
Journal.MaxLevelConsole, config_parse_level, 0, offsetof(Server, max_level_console)
-Journal.Storage, config_parse_storage, 0, offsetof(Server, storage)
diff --git a/src/journal/journald.c b/src/journal/journald.c
index f74c461..7b3b647 100644
--- a/src/journal/journald.c
+++ b/src/journal/journald.c
@@ -316,7 +316,7 @@ static JournalFile* find_journal(Server *s, uid_t uid) {
journal_file_close(f);
}
- r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, false, &s->system_metrics, s->mmap, s->system_journal, &f);
+ r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, s->system_journal, &f);
free(p);
if (r < 0)
@@ -353,7 +353,7 @@ static void server_rotate(Server *s) {
}
if (s->system_journal) {
- r = journal_file_rotate(&s->system_journal, s->compress, true);
+ r = journal_file_rotate(&s->system_journal, s->compress, s->seal);
if (r < 0)
if (s->system_journal)
log_error("Failed to rotate %s: %s", s->system_journal->path, strerror(-r));
@@ -365,7 +365,7 @@ static void server_rotate(Server *s) {
}
HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
- r = journal_file_rotate(&f, s->compress, false);
+ r = journal_file_rotate(&f, s->compress, s->seal);
if (r < 0)
if (f->path)
log_error("Failed to rotate %s: %s", f->path, strerror(-r));
@@ -2007,7 +2007,7 @@ static int system_journal_open(Server *s) {
if (!fn)
return -ENOMEM;
- r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, true, &s->system_metrics, s->mmap, NULL, &s->system_journal);
+ r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &s->system_journal);
free(fn);
if (r >= 0)
@@ -2771,6 +2771,7 @@ static int server_init(Server *s) {
zero(*s);
s->syslog_fd = s->native_fd = s->stdout_fd = s->signal_fd = s->epoll_fd = s->dev_kmsg_fd = -1;
s->compress = true;
+ s->seal = true;
s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
diff --git a/src/journal/journald.conf b/src/journal/journald.conf
index ab7b4ab..677f48b 100644
--- a/src/journal/journald.conf
+++ b/src/journal/journald.conf
@@ -8,7 +8,9 @@
# See journald.conf(5) for details
[Journal]
+#Storage=auto
#Compress=yes
+#Seal=yes
#RateLimitInterval=10s
#RateLimitBurst=200
#SystemMaxUse=
@@ -27,4 +29,3 @@
#MaxLevelSyslog=debug
#MaxLevelKMsg=notice
#MaxLevelConsole=info
-#Storage=auto
diff --git a/src/journal/journald.h b/src/journal/journald.h
index 0202893..13f2f1f 100644
--- a/src/journal/journald.h
+++ b/src/journal/journald.h
@@ -68,6 +68,7 @@ typedef struct Server {
JournalMetrics system_metrics;
bool compress;
+ bool seal;
bool forward_to_kmsg;
bool forward_to_syslog;
commit 197c0da22536121acc1377525458844a5ccabb7d
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Aug 20 22:11:55 2012 +0200
journalctl: explain QR code use
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index b0d8258..3fcdf4b 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -626,6 +626,7 @@ static int setup_keys(void) {
#ifdef HAVE_QRENCODE
fputc('\n', stderr);
print_qr_code(stderr, seed, seed_size, n, arg_interval, hn, machine);
+ fprintf(stderr, "\nScan this QR code with your mobile phone to transfer the verification key to it.\n");
#endif
free(hn);
}
commit 92221ed7cbf0323919fc2ae379be2322a3e20558
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Aug 20 22:11:38 2012 +0200
journal: include machine ID in QR code
diff --git a/src/journal/journal-qrcode.c b/src/journal/journal-qrcode.c
index b4dab8e..10a14e4 100644
--- a/src/journal/journal-qrcode.c
+++ b/src/journal/journal-qrcode.c
@@ -46,7 +46,15 @@ static void print_border(FILE *output, unsigned width) {
}
}
-int print_qr_code(FILE *output, const void *seed, size_t seed_size, uint64_t start, uint64_t interval, const char *hn, sd_id128_t mahcine) {
+int print_qr_code(
+ FILE *output,
+ const void *seed,
+ size_t seed_size,
+ uint64_t start,
+ uint64_t interval,
+ const char *hn,
+ sd_id128_t machine) {
+
FILE *f;
char *url = NULL;
size_t url_size = 0, i;
@@ -68,10 +76,13 @@ int print_qr_code(FILE *output, const void *seed, size_t seed_size, uint64_t sta
fprintf(f, "%02x", ((uint8_t*) seed)[i]);
}
- fprintf(f, "/%llx-%llx\n", (unsigned long long) start, (unsigned long long) interval);
+ fprintf(f, "/%llx-%llx?machine=" SD_ID128_FORMAT_STR,
+ (unsigned long long) start,
+ (unsigned long long) interval,
+ SD_ID128_FORMAT_VAL(machine));
if (hn)
- fprintf(f, "?hostname=%s", hn);
+ fprintf(f, ";hostname=%s", hn);
if (ferror(f)) {
fclose(f);
commit f6a971bc0bf1252e9614919ccca0d53db5fc53d9
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Aug 20 22:02:19 2012 +0200
journalctl: output FSS key as QR code on generating
diff --git a/Makefile.am b/Makefile.am
index 166c357..69cdeb7 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2353,6 +2353,18 @@ journalctl_LDADD = \
libsystemd-id128-internal.la \
libsystemd-logs.la
+if HAVE_QRENCODE
+journalctl_SOURCES += \
+ src/journal/journal-qrcode.c \
+ src/journal/journal-qrcode.h
+
+journalctl_CFLAGS += \
+ $(QRENCODE_CFLAGS)
+
+journalctl_LDADD += \
+ $(QRENCODE_LIBS)
+endif
+
test_journal_SOURCES = \
src/journal/test-journal.c
diff --git a/configure.ac b/configure.ac
index 3df43b9..52adb20 100644
--- a/configure.ac
+++ b/configure.ac
@@ -384,6 +384,18 @@ fi
AM_CONDITIONAL(HAVE_LIBCRYPTSETUP, [test "$have_libcryptsetup" = "yes"])
# ------------------------------------------------------------------------------
+have_qrencode=no
+AC_ARG_ENABLE(qrencode, AS_HELP_STRING([--disable-qrencode], [disable qrencode support]))
+if test "x$enable_qrencode" != "xno"; then
+ PKG_CHECK_MODULES(QRENCODE, [ libqrencode ],
+ [AC_DEFINE(HAVE_QRENCODE, 1, [Define if qrencode is available]) have_qrencode=yes], have_qrencode=no)
+ if test "x$have_qrencode" = xno -a "x$enable_qrencode" = xyes; then
+ AC_MSG_ERROR([*** qrencode support requested but libraries not found])
+ fi
+fi
+AM_CONDITIONAL(HAVE_QRENCODE, [test "$have_qrencode" = "yes"])
+
+# ------------------------------------------------------------------------------
have_binfmt=no
AC_ARG_ENABLE(binfmt, AS_HELP_STRING([--disable-binfmt], [disable binfmt tool]))
if test "x$enable_binfmt" != "xno"; then
@@ -760,6 +772,7 @@ AC_MSG_RESULT([
XZ: ${have_xz}
ACL: ${have_acl}
GCRYPT: ${have_gcrypt}
+ QRENCODE: ${have_qrencode}
binfmt: ${have_binfmt}
vconsole: ${have_vconsole}
readahead: ${have_readahead}
diff --git a/src/journal/journal-qrcode.c b/src/journal/journal-qrcode.c
new file mode 100644
index 0000000..b4dab8e
--- /dev/null
+++ b/src/journal/journal-qrcode.c
@@ -0,0 +1,127 @@
+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
+
+/***
+ This file is part of systemd.
+
+ Copyright 2012 Lennart Poettering
+
+ systemd is free software; you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ systemd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <assert.h>
+#include <stdio.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <stdbool.h>
+
+#include <qrencode.h>
+
+#include "journal-qrcode.h"
+
+#define WHITE_ON_BLACK "\033[40;37;1m"
+#define NORMAL "\033[0m"
+
+static void print_border(FILE *output, unsigned width) {
+ unsigned x, y;
+
+ /* Four rows of border */
+ for (y = 0; y < 4; y += 2) {
+ fputs(WHITE_ON_BLACK, output);
+
+ for (x = 0; x < 4 + width + 4; x++)
+ fputs("\342\226\210", output);
+
+ fputs(NORMAL "\n", output);
+ }
+}
+
+int print_qr_code(FILE *output, const void *seed, size_t seed_size, uint64_t start, uint64_t interval, const char *hn, sd_id128_t mahcine) {
+ FILE *f;
+ char *url = NULL;
+ size_t url_size = 0, i;
+ QRcode* qr;
+ unsigned x, y;
+
+ assert(seed);
+ assert(seed_size > 0);
+
+ f = open_memstream(&url, &url_size);
+ if (!f)
+ return -ENOMEM;
+
+ fputs("fss://", f);
+
+ for (i = 0; i < seed_size; i++) {
+ if (i > 0 && i % 3 == 0)
+ fputc('-', f);
+ fprintf(f, "%02x", ((uint8_t*) seed)[i]);
+ }
+
+ fprintf(f, "/%llx-%llx\n", (unsigned long long) start, (unsigned long long) interval);
+
+ if (hn)
+ fprintf(f, "?hostname=%s", hn);
+
+ if (ferror(f)) {
+ fclose(f);
+ free(url);
+ return -ENOMEM;
+ }
+
+ fclose(f);
+
+ qr = QRcode_encodeString(url, 0, QR_ECLEVEL_L, QR_MODE_8, 1);
+ free(url);
+
+ if (!qr)
+ return -ENOMEM;
+
+ print_border(output, qr->width);
+
+ for (y = 0; y < (unsigned) qr->width; y += 2) {
+ const uint8_t *row1, *row2;
+
+ row1 = qr->data + qr->width * y;
+ row2 = row1 + qr->width;
+
+ fputs(WHITE_ON_BLACK, output);
+ for (x = 0; x < 4; x++)
+ fputs("\342\226\210", output);
+
+ for (x = 0; x < (unsigned) qr->width; x ++) {
+ bool a, b;
+
+ a = row1[x] & 1;
+ b = (y+1) < (unsigned) qr->width ? (row2[x] & 1) : false;
+
+ if (a && b)
+ fputc(' ', output);
+ else if (a)
+ fputs("\342\226\204", output);
+ else if (b)
+ fputs("\342\226\200", output);
+ else
+ fputs("\342\226\210", output);
+ }
+
+ for (x = 0; x < 4; x++)
+ fputs("\342\226\210", output);
+ fputs(NORMAL "\n", output);
+ }
+
+ print_border(output, qr->width);
+
+ QRcode_free(qr);
+ return 0;
+}
diff --git a/src/journal/journal-qrcode.h b/src/journal/journal-qrcode.h
new file mode 100644
index 0000000..da6244c
--- /dev/null
+++ b/src/journal/journal-qrcode.h
@@ -0,0 +1,30 @@
+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
+
+#pragma once
+
+/***
+ This file is part of systemd.
+
+ Copyright 2012 Lennart Poettering
+
+ systemd is free software; you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ systemd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <inttypes.h>
+#include <sys/types.h>
+#include <stdio.h>
+
+#include <systemd/sd-id128.h>
+
+int print_qr_code(FILE *f, const void *seed, size_t seed_size, uint64_t start, uint64_t interval, const char *hn, sd_id128_t machine);
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index 551cb31..b0d8258 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -46,6 +46,7 @@
#include "journal-def.h"
#include "journal-verify.h"
#include "journal-authenticate.h"
+#include "journal-qrcode.h"
#include "fsprg.h"
#define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
@@ -607,12 +608,26 @@ static int setup_keys(void) {
printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
if (isatty(STDOUT_FILENO)) {
- char tsb[FORMAT_TIMESPAN_MAX];
+ char tsb[FORMAT_TIMESPAN_MAX], *hn;
fprintf(stderr,
ANSI_HIGHLIGHT_OFF "\n"
"The sealing key is automatically changed every %s.\n",
format_timespan(tsb, sizeof(tsb), arg_interval));
+
+ hn = gethostname_malloc();
+
+ if (hn) {
+ hostname_cleanup(hn);
+ fprintf(stderr, "The keys have been generated for host %s (" SD_ID128_FORMAT_STR ").\n", hn, SD_ID128_FORMAT_VAL(machine));
+ } else
+ fprintf(stderr, "The keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
+
+#ifdef HAVE_QRENCODE
+ fputc('\n', stderr);
+ print_qr_code(stderr, seed, seed_size, n, arg_interval, hn, machine);
+#endif
+ free(hn);
}
r = 0;
diff --git a/src/shared/util.c b/src/shared/util.c
index cbf44eb..041b759 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -3089,7 +3089,6 @@ bool hostname_is_set(void) {
return !isempty(u.nodename) && !streq(u.nodename, "(none)");
}
-
static char *lookup_uid(uid_t uid) {
long bufsize;
char *buf, *name;
commit 3e4b9b506d676d1cb8692306b38c05f8529e5cdb
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Aug 20 19:21:19 2012 +0200
journal: add missing endianess conversion
diff --git a/src/journal/journal-authenticate.c b/src/journal/journal-authenticate.c
index 93cc9d9..4354810 100644
--- a/src/journal/journal-authenticate.c
+++ b/src/journal/journal-authenticate.c
@@ -362,7 +362,7 @@ int journal_file_fss_load(JournalFile *f) {
goto finish;
}
- if (le64toh(m->fsprg_state_size) != FSPRG_stateinbytes(m->fsprg_secpar)) {
+ if (le64toh(m->fsprg_state_size) != FSPRG_stateinbytes(le16toh(m->fsprg_secpar))) {
r = -EBADMSG;
goto finish;
}
diff --git a/src/journal/journal-verify.c b/src/journal/journal-verify.c
index a76384b..29a9229 100644
--- a/src/journal/journal-verify.c
+++ b/src/journal/journal-verify.c
@@ -39,7 +39,6 @@
* - evolve key even if nothing happened in regular intervals
*
* - check with sparse
- * - 64bit conversions
*
* */
More information about the systemd-commits
mailing list