diff --git a/man/journalctl.xml b/man/journalctl.xml
index 7d8f159fbf9..5881a52eaf0 100644
--- a/man/journalctl.xml
+++ b/man/journalctl.xml
@@ -834,6 +834,9 @@
with . Shorter intervals increase CPU consumption but shorten the time
range of undetectable journal alterations. Defaults to 15min.
+ Note, and are silently
+ migrated to .
+
diff --git a/src/journal/journalctl-authenticate.c b/src/journal/journalctl-authenticate.c
index 865814cd032..7aaa340cd3c 100644
--- a/src/journal/journalctl-authenticate.c
+++ b/src/journal/journalctl-authenticate.c
@@ -1,5 +1,7 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#include "sd-json.h"
+
#include "ansi-color.h"
#include "chattr-util.h"
#include "errno-util.h"
@@ -97,17 +99,20 @@ int action_setup_keys(void) {
state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
state = alloca_safe(state_size);
- log_info("Generating seed...");
+ if (!arg_quiet)
+ log_info("Generating seed...");
r = crypto_random_bytes(seed, seed_size);
if (r < 0)
return log_error_errno(r, "Failed to acquire random seed: %m");
- log_info("Generating key pair...");
+ if (!arg_quiet)
+ log_info("Generating key pair...");
r = FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR);
if (r < 0)
return log_error_errno(r, "Failed to generate key pair: %m");
- log_info("Generating sealing key...");
+ if (!arg_quiet)
+ log_info("Generating sealing key...");
r = FSPRG_GenState0(state, mpk, seed, seed_size);
if (r < 0)
return log_error_errno(r, "Failed to generate sealing key: %m");
@@ -122,7 +127,7 @@ int action_setup_keys(void) {
r = chattr_secret(fd, CHATTR_WARN_UNSUPPORTED_FLAGS);
if (r < 0)
- log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) ? LOG_DEBUG : LOG_WARNING,
+ log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) || arg_quiet ? LOG_DEBUG : LOG_WARNING,
r, "Failed to set file attributes on a temporary file for '%s', ignoring: %m", path);
struct FSSHeader h = {
@@ -155,7 +160,7 @@ int action_setup_keys(void) {
if (r < 0)
return r;
- if (!on_tty()) {
+ if ((!on_tty() || arg_quiet) && !sd_json_format_enabled(arg_json_format_flags)) {
/* If we are not on a TTY, show only the key. */
puts(key);
return 0;
@@ -166,6 +171,32 @@ int action_setup_keys(void) {
if (hn)
hostname_cleanup(hn);
+ if (sd_json_format_enabled(arg_json_format_flags)) {
+ _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
+
+ if (arg_json_format_flags & (SD_JSON_FORMAT_SSE | SD_JSON_FORMAT_SEQ)) {
+ log_debug("Specified --output=%s with --setup-keys, migrating to --output=json.",
+ FLAGS_SET(arg_json_format_flags, SD_JSON_FORMAT_SSE) ? "json-sse" : "json-seq");
+ arg_json_format_flags &= ~(SD_JSON_FORMAT_SSE | SD_JSON_FORMAT_SEQ);
+ arg_json_format_flags |= SD_JSON_FORMAT_NEWLINE;
+ }
+
+ r = sd_json_buildo(
+ &v,
+ SD_JSON_BUILD_PAIR_ID128("machine", machine),
+ SD_JSON_BUILD_PAIR_STRING("hostname", hn),
+ SD_JSON_BUILD_PAIR_STRING("path", path),
+ SD_JSON_BUILD_PAIR_STRING("key", key));
+ if (r < 0)
+ return log_error_errno(r, "Failed to build json object: %m");
+
+ r = sd_json_variant_dump(v, arg_json_format_flags, /* f = */ NULL, /* prefix = */ NULL);
+ if (r < 0)
+ return log_error_errno(r, "Failed to dump json object: %m");
+
+ return 0;
+ }
+
fprintf(stderr,
"\nNew keys have been generated for host %s%s" SD_ID128_FORMAT_STR ".\n"
"\n"
diff --git a/test/units/TEST-04-JOURNAL.fss.sh b/test/units/TEST-04-JOURNAL.fss.sh
index 03351b812fa..7edcbf95b09 100755
--- a/test/units/TEST-04-JOURNAL.fss.sh
+++ b/test/units/TEST-04-JOURNAL.fss.sh
@@ -10,8 +10,15 @@ if ! journalctl --version | grep -qF +GCRYPT; then
exit 0
fi
-journalctl --force --setup-keys --interval=2 |& tee /tmp/fss
-FSS_VKEY="$(sed -rn '/([a-f0-9]{6}\-){3}[a-f0-9]{6}\/[a-f0-9]+\-[a-f0-9]+/p' /tmp/fss)"
+# output key and related info in json format
+for mode in json json-pretty json-seq json-sse; do
+ journalctl --force --setup-keys --interval=2 --output="$mode" | jq . >/dev/null
+done
+
+# without --quiet, should be effectively equivalent to the below, as we are not on tty
+journalctl --force --setup-keys --interval=2
+
+FSS_VKEY=$(journalctl --force --setup-keys --interval=2 --quiet)
[[ -n "$FSS_VKEY" ]]
# Generate some buzz in the journal and wait until the FSS key is changed