1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00

journalctl: reshuffle console message about fss keys

We talked about the verification key, then about sealing keys, and then
about the verification key again. Let's shorten things a bit, and divide
the output in three paragraphs: one about the machine, one about the sealing
keys, and one about verification keys and the qr code with them.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2020-08-04 15:20:08 +02:00
parent 1efe30ded3
commit da012db02d
2 changed files with 23 additions and 26 deletions

View File

@ -46,7 +46,7 @@ int print_qr_code(
_cleanup_(dlclosep) void *dl = NULL;
_cleanup_free_ char *url = NULL;
_cleanup_fclose_ FILE *f = NULL;
size_t url_size = 0, i;
size_t url_size = 0;
unsigned x, y;
QRcode* qr;
int r;
@ -79,7 +79,7 @@ int print_qr_code(
fputs("fss://", f);
for (i = 0; i < seed_size; i++) {
for (size_t i = 0; i < seed_size; i++) {
if (i > 0 && i % 3 == 0)
fputc('-', f);
fprintf(f, "%02x", ((uint8_t*) seed)[i]);

View File

@ -1778,7 +1778,7 @@ static int add_syslog_identifier(sd_journal *j) {
static int setup_keys(void) {
#if HAVE_GCRYPT
size_t mpk_size, seed_size, state_size, i;
size_t mpk_size, seed_size, state_size;
_cleanup_(unlink_and_freep) char *k = NULL;
_cleanup_free_ char *p = NULL;
uint8_t *mpk, *seed, *state;
@ -1890,52 +1890,49 @@ static int setup_keys(void) {
k = mfree(k);
_cleanup_free_ char *hn = NULL;
if (on_tty()) {
hn = gethostname_malloc();
if (hn)
hostname_cleanup(hn);
char tsb[FORMAT_TIMESPAN_MAX];
fprintf(stderr,
"\nNew keys have been generated for host %s%s" SD_ID128_FORMAT_STR ".\n"
"\n"
"The new key pair has been generated. The %ssecret sealing key%s has been written to\n"
"the following local file. This key file is automatically updated when the\n"
"sealing key is advanced. It should not be used on multiple hosts.\n"
"The %ssecret sealing key%s has been written to the following local file.\n"
"This key file is automatically updated when the sealing key is advanced.\n"
"It should not be used on multiple hosts.\n"
"\n"
"\t%s\n"
"\n"
"The sealing key is automatically changed every %s.\n"
"\n"
"Please write down the following %ssecret verification key%s. It should be stored\n"
"at a safe location and should not be saved locally on disk.\n"
"in a safe location and should not be saved locally on disk.\n"
"\n\t%s",
hn ?: "", hn ? "/" : "", SD_ID128_FORMAT_VAL(machine),
ansi_highlight(), ansi_normal(),
p,
format_timespan(tsb, sizeof(tsb), arg_interval, 0),
ansi_highlight(), ansi_normal(),
ansi_highlight_red());
fflush(stderr);
}
for (i = 0; i < seed_size; i++) {
for (size_t i = 0; i < seed_size; i++) {
if (i > 0 && i % 3 == 0)
putchar('-');
printf("%02x", ((uint8_t*) seed)[i]);
}
printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
if (on_tty()) {
_cleanup_free_ char *hn = NULL;
char tsb[FORMAT_TIMESPAN_MAX];
fprintf(stderr,
"%s\n"
"The sealing key is automatically changed every %s.\n",
ansi_normal(),
format_timespan(tsb, sizeof(tsb), arg_interval, 0));
hn = gethostname_malloc();
if (hn) {
hostname_cleanup(hn);
fprintf(stderr, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR ".\n", hn, SD_ID128_FORMAT_VAL(machine));
} else
fprintf(stderr, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
fprintf(stderr, "%s", ansi_normal());
#if HAVE_QRENCODE
(void) print_qr_code(stderr,
"\nTo transfer the verification key to your phone please scan the QR code below:\n\n",
"\nTo transfer the verification key to your phone scan the QR code below:\n",
seed, seed_size,
n, arg_interval,
hn, machine);