[systemd-commits] 2 commits - man/journalctl.xml src/journal src/shared
Zbigniew Jędrzejewski-Szmek
zbyszek at kemper.freedesktop.org
Sun Jul 14 20:57:40 PDT 2013
man/journalctl.xml | 8 ++++++++
src/journal/journalctl.c | 24 +++++++++++++++++++++---
src/shared/install.c | 38 ++++++++++++++++++++++++++------------
3 files changed, 55 insertions(+), 15 deletions(-)
New commits:
commit b8547c10c82994f2b8eab4510629139439b49371
Author: Shawn Landden <shawnlandden at gmail.com>
Date: Sun Jul 14 20:13:09 2013 -0700
journalctl: add --force option to recreate FSS
diff --git a/man/journalctl.xml b/man/journalctl.xml
index 8dbfb3f..71b1bab 100644
--- a/man/journalctl.xml
+++ b/man/journalctl.xml
@@ -601,6 +601,14 @@
</varlistentry>
<varlistentry>
+ <term><option>--force</option></term>
+
+ <listitem><para>When --setup-keys is passed and
+ Forward Secure Sealing has already been set up,
+ recreate FSS keys.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><option>--interval=</option></term>
<listitem><para>Specifies the change
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index 32665b7..5f44fce 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -79,6 +79,7 @@ static int arg_priorities = 0xFF;
static const char *arg_verify_key = NULL;
#ifdef HAVE_GCRYPT
static usec_t arg_interval = DEFAULT_FSS_INTERVAL_USEC;
+static bool arg_force = false;
#endif
static usec_t arg_since, arg_until;
static bool arg_since_set = false, arg_until_set = false;
@@ -149,6 +150,7 @@ static int help(void) {
" --update-catalog Update the message catalog database\n"
#ifdef HAVE_GCRYPT
" --setup-keys Generate new FSS key pair\n"
+ " --force Force overriding new FSS key pair with --setup-keys\n"
" --verify Verify journal file consistency\n"
#endif
, program_invocation_short_name);
@@ -179,6 +181,7 @@ static int parse_argv(int argc, char *argv[]) {
ARG_LIST_CATALOG,
ARG_DUMP_CATALOG,
ARG_UPDATE_CATALOG,
+ ARG_FORCE,
};
static const struct option options[] = {
@@ -187,6 +190,7 @@ static int parse_argv(int argc, char *argv[]) {
{ "no-pager", no_argument, NULL, ARG_NO_PAGER },
{ "pager-end", no_argument, NULL, 'e' },
{ "follow", no_argument, NULL, 'f' },
+ { "force", no_argument, NULL, ARG_FORCE },
{ "output", required_argument, NULL, 'o' },
{ "all", no_argument, NULL, 'a' },
{ "full", no_argument, NULL, 'l' },
@@ -375,6 +379,10 @@ static int parse_argv(int argc, char *argv[]) {
break;
#ifdef HAVE_GCRYPT
+ case ARG_FORCE:
+ arg_force = true;
+ break;
+
case ARG_SETUP_KEYS:
arg_action = ACTION_SETUP_KEYS;
break;
@@ -397,6 +405,7 @@ static int parse_argv(int argc, char *argv[]) {
case ARG_SETUP_KEYS:
case ARG_VERIFY_KEY:
case ARG_INTERVAL:
+ case ARG_FORCE:
log_error("Forward-secure sealing not available.");
return -ENOTSUP;
#endif
@@ -756,9 +765,18 @@ static int setup_keys(void) {
return log_oom();
if (access(p, F_OK) >= 0) {
- log_error("Sealing key file %s exists already.", p);
- r = -EEXIST;
- goto finish;
+ if (arg_force) {
+ r = unlink(p);
+ if (r < 0) {
+ log_error("unlink(\"%s\") failed: %m", p);
+ r = -errno;
+ goto finish;
+ }
+ } else {
+ log_error("Sealing key file %s exists already. (--force to recreate)", p);
+ r = -EEXIST;
+ goto finish;
+ }
}
if (asprintf(&k, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss.tmp.XXXXXX",
commit 6c5a28255bea4385289149b4617c86a24eec519f
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Sun Jul 14 23:36:14 2013 -0400
systemd: fix NULL dereference when disabling a nonexistent instance
Assertion 'p' failed at src/shared/path-util.c:51, function path_get_file_name(). Aborting.
The unit file could not be found, and i->path would not be set.
In 02b9e969 a code path was added which attempts to remove symlinks
to a nonexistent (removed) unit file. This worked OK in case of
non-instance services, but broke in the case of instance services.
Behaviour wrt. to instance units is changed in the way that 02b9e969
changed it for non-instance units: it is now possible to remove
instance symlinks to a template unit that has been removed.
This patch isn't a full fix, because the behaviour wrt. to enabling
and disabling instance units is still broken: e.g it is possible to
start autovt at tty5.service, but it is not possible to enable it,
because autovt at .service is a symlink, and on the other hand, disabling
getty at tty5.service removes all symlinks to getty at .service, which is
wrong too. But segfaults make bad pr, so let's add at least this
partial fix for now.
diff --git a/src/shared/install.c b/src/shared/install.c
index 1161068..07e06c4 100644
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -1062,8 +1062,8 @@ static int unit_file_search(
info->path = path;
else {
if (r == -ENOENT && unit_name_is_instance(info->name)) {
- /* unit file doesn't exist, however instance enablement was request */
- /* we will check if it is possible to load template unit file */
+ /* Unit file doesn't exist, however instance enablement was requested.
+ * We will check if it is possible to load template unit file. */
char *template = NULL,
*template_path = NULL,
*template_dir = NULL;
@@ -1074,7 +1074,7 @@ static int unit_file_search(
return -ENOMEM;
}
- /* we will reuse path variable since we don't need it anymore */
+ /* We will reuse path variable since we don't need it anymore. */
template_dir = path;
*(strrchr(path, '/') + 1) = '\0';
@@ -1085,7 +1085,7 @@ static int unit_file_search(
return -ENOMEM;
}
- /* let's try to load template unit */
+ /* Let's try to load template unit. */
r = unit_file_load(c, info, template_path, allow_symlink);
if (r >= 0) {
info->path = strdup(template_path);
@@ -1425,16 +1425,30 @@ static int install_context_mark_for_removal(
r += q;
if (unit_name_is_instance(i->name)) {
- char *unit_file = NULL;
+ char *unit_file;
+
+ if (i->path) {
+ unit_file = path_get_file_name(i->path);
+
+ if (unit_name_is_instance(unit_file))
+ /* unit file named as instance exists, thus all symlinks
+ * pointing to it will be removed */
+ q = mark_symlink_for_removal(remove_symlinks_to, i->name);
+ else
+ /* does not exist, thus we will mark for removal symlinks
+ * to template unit file */
+ q = mark_symlink_for_removal(remove_symlinks_to, unit_file);
+ } else {
+ /* If i->path is not set, it means that we didn't actually find
+ * the unit file. But we can still remove symlinks to the
+ * nonexistent template. */
+ unit_file = unit_name_template(i->name);
+ if (!unit_file)
+ return log_oom();
- unit_file = path_get_file_name(i->path);
-
- if (unit_name_is_instance(unit_file))
- /* unit file named as instance exists, thus all symlinks pointing to it, will be removed */
- q = mark_symlink_for_removal(remove_symlinks_to, i->name);
- else
- /* does not exist, thus we will mark for removal symlinks to template unit file */
q = mark_symlink_for_removal(remove_symlinks_to, unit_file);
+ free(unit_file);
+ }
} else
q = mark_symlink_for_removal(remove_symlinks_to, i->name);
More information about the systemd-commits
mailing list