From 31094aae09dd5a773e1634334bcd12fc8834a030 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 17 Aug 2012 01:09:43 +0200 Subject: [PATCH] man: add man pages for new FSS stuff --- man/journalctl.xml | 100 ++++++++++++++++++++++++++--------- src/journal/journal-verify.c | 3 +- 2 files changed, 77 insertions(+), 26 deletions(-) diff --git a/man/journalctl.xml b/man/journalctl.xml index 3cfda5b84b..1ea004fc81 100644 --- a/man/journalctl.xml +++ b/man/journalctl.xml @@ -254,31 +254,6 @@ paths. - - - - Instead of showing - journal contents generate a new 128 - bit ID suitable for identifying - messages. This is intended for usage - by developers who need a new - identifier for a new message they - introduce and want to make - recognizable. Will print the new ID in - three different formats which can be - copied into source code or - similar. - - - - - - Instead of showing - journal contents show internal header - information of the journal fiels - accessed. - - @@ -311,6 +286,81 @@ value of the range. + + + + Instead of showing + journal contents generate a new 128 + bit ID suitable for identifying + messages. This is intended for usage + by developers who need a new + identifier for a new message they + introduce and want to make + recognizable. Will print the new ID in + three different formats which can be + copied into source code or + similar. + + + + + + Instead of showing + journal contents show internal header + information of the journal fiels + accessed. + + + + + + Instead of showing + journal contents generate a new key + pair for Forward Secure Sealing + (FSS). This will generate a sealing + key and a verification key. The + sealing key is stored in the journal + data directory and shall remain on the + host. The verification key should be + stored externally. + + + + + + Specifies the change + interval for the sealing key, when + generating an FSS key pair with + . Shorter + intervals increase CPU consumption but + shorten the time range of + undetectable journal + alterations. Defaults to + 15min. + + + + + + Check the journal file + for internal consistency. If the + file has been generated with FSS + enabled, and the FSS verification key + has been specified with + + authenticity of the journal file is + verified. + + + + + + Specifies the FSS + verification key to use for the + + operation. + + diff --git a/src/journal/journal-verify.c b/src/journal/journal-verify.c index b7097e7b01..8eefb841b2 100644 --- a/src/journal/journal-verify.c +++ b/src/journal/journal-verify.c @@ -36,9 +36,10 @@ /* FIXME: * * - write tag only if non-tag objects have been written - * - change terms * - write bit mucking test * - tag timestamps should be between entry timestamps + * - output validated time ranges + * - add missing fields to journal header dump * * - Allow building without libgcrypt * - check with sparse