diff --git a/man/journalctl.xml b/man/journalctl.xml index 7d8f159fbf9..5881a52eaf0 100644 --- a/man/journalctl.xml +++ b/man/journalctl.xml @@ -834,6 +834,9 @@ with . Shorter intervals increase CPU consumption but shorten the time range of undetectable journal alterations. Defaults to 15min. + Note, and are silently + migrated to . + diff --git a/src/journal/journalctl-authenticate.c b/src/journal/journalctl-authenticate.c index 865814cd032..7aaa340cd3c 100644 --- a/src/journal/journalctl-authenticate.c +++ b/src/journal/journalctl-authenticate.c @@ -1,5 +1,7 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ +#include "sd-json.h" + #include "ansi-color.h" #include "chattr-util.h" #include "errno-util.h" @@ -97,17 +99,20 @@ int action_setup_keys(void) { state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR); state = alloca_safe(state_size); - log_info("Generating seed..."); + if (!arg_quiet) + log_info("Generating seed..."); r = crypto_random_bytes(seed, seed_size); if (r < 0) return log_error_errno(r, "Failed to acquire random seed: %m"); - log_info("Generating key pair..."); + if (!arg_quiet) + log_info("Generating key pair..."); r = FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR); if (r < 0) return log_error_errno(r, "Failed to generate key pair: %m"); - log_info("Generating sealing key..."); + if (!arg_quiet) + log_info("Generating sealing key..."); r = FSPRG_GenState0(state, mpk, seed, seed_size); if (r < 0) return log_error_errno(r, "Failed to generate sealing key: %m"); @@ -122,7 +127,7 @@ int action_setup_keys(void) { r = chattr_secret(fd, CHATTR_WARN_UNSUPPORTED_FLAGS); if (r < 0) - log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) ? LOG_DEBUG : LOG_WARNING, + log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) || arg_quiet ? LOG_DEBUG : LOG_WARNING, r, "Failed to set file attributes on a temporary file for '%s', ignoring: %m", path); struct FSSHeader h = { @@ -155,7 +160,7 @@ int action_setup_keys(void) { if (r < 0) return r; - if (!on_tty()) { + if ((!on_tty() || arg_quiet) && !sd_json_format_enabled(arg_json_format_flags)) { /* If we are not on a TTY, show only the key. */ puts(key); return 0; @@ -166,6 +171,32 @@ int action_setup_keys(void) { if (hn) hostname_cleanup(hn); + if (sd_json_format_enabled(arg_json_format_flags)) { + _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL; + + if (arg_json_format_flags & (SD_JSON_FORMAT_SSE | SD_JSON_FORMAT_SEQ)) { + log_debug("Specified --output=%s with --setup-keys, migrating to --output=json.", + FLAGS_SET(arg_json_format_flags, SD_JSON_FORMAT_SSE) ? "json-sse" : "json-seq"); + arg_json_format_flags &= ~(SD_JSON_FORMAT_SSE | SD_JSON_FORMAT_SEQ); + arg_json_format_flags |= SD_JSON_FORMAT_NEWLINE; + } + + r = sd_json_buildo( + &v, + SD_JSON_BUILD_PAIR_ID128("machine", machine), + SD_JSON_BUILD_PAIR_STRING("hostname", hn), + SD_JSON_BUILD_PAIR_STRING("path", path), + SD_JSON_BUILD_PAIR_STRING("key", key)); + if (r < 0) + return log_error_errno(r, "Failed to build json object: %m"); + + r = sd_json_variant_dump(v, arg_json_format_flags, /* f = */ NULL, /* prefix = */ NULL); + if (r < 0) + return log_error_errno(r, "Failed to dump json object: %m"); + + return 0; + } + fprintf(stderr, "\nNew keys have been generated for host %s%s" SD_ID128_FORMAT_STR ".\n" "\n" diff --git a/test/units/TEST-04-JOURNAL.fss.sh b/test/units/TEST-04-JOURNAL.fss.sh index 03351b812fa..7edcbf95b09 100755 --- a/test/units/TEST-04-JOURNAL.fss.sh +++ b/test/units/TEST-04-JOURNAL.fss.sh @@ -10,8 +10,15 @@ if ! journalctl --version | grep -qF +GCRYPT; then exit 0 fi -journalctl --force --setup-keys --interval=2 |& tee /tmp/fss -FSS_VKEY="$(sed -rn '/([a-f0-9]{6}\-){3}[a-f0-9]{6}\/[a-f0-9]+\-[a-f0-9]+/p' /tmp/fss)" +# output key and related info in json format +for mode in json json-pretty json-seq json-sse; do + journalctl --force --setup-keys --interval=2 --output="$mode" | jq . >/dev/null +done + +# without --quiet, should be effectively equivalent to the below, as we are not on tty +journalctl --force --setup-keys --interval=2 + +FSS_VKEY=$(journalctl --force --setup-keys --interval=2 --quiet) [[ -n "$FSS_VKEY" ]] # Generate some buzz in the journal and wait until the FSS key is changed