From a5b2973850e5952b9dffdfa3f6a0ef486957cb17 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 10 Dec 2024 09:40:43 +0900 Subject: [PATCH 1/2] journalctl: honor --quiet with --setup-keys Closes #35504. --- src/journal/journalctl-authenticate.c | 13 ++++++++----- test/units/TEST-04-JOURNAL.fss.sh | 6 ++++-- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/src/journal/journalctl-authenticate.c b/src/journal/journalctl-authenticate.c index 865814cd032..87374816b48 100644 --- a/src/journal/journalctl-authenticate.c +++ b/src/journal/journalctl-authenticate.c @@ -97,17 +97,20 @@ int action_setup_keys(void) { state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR); state = alloca_safe(state_size); - log_info("Generating seed..."); + if (!arg_quiet) + log_info("Generating seed..."); r = crypto_random_bytes(seed, seed_size); if (r < 0) return log_error_errno(r, "Failed to acquire random seed: %m"); - log_info("Generating key pair..."); + if (!arg_quiet) + log_info("Generating key pair..."); r = FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR); if (r < 0) return log_error_errno(r, "Failed to generate key pair: %m"); - log_info("Generating sealing key..."); + if (!arg_quiet) + log_info("Generating sealing key..."); r = FSPRG_GenState0(state, mpk, seed, seed_size); if (r < 0) return log_error_errno(r, "Failed to generate sealing key: %m"); @@ -122,7 +125,7 @@ int action_setup_keys(void) { r = chattr_secret(fd, CHATTR_WARN_UNSUPPORTED_FLAGS); if (r < 0) - log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) ? LOG_DEBUG : LOG_WARNING, + log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) || arg_quiet ? LOG_DEBUG : LOG_WARNING, r, "Failed to set file attributes on a temporary file for '%s', ignoring: %m", path); struct FSSHeader h = { @@ -155,7 +158,7 @@ int action_setup_keys(void) { if (r < 0) return r; - if (!on_tty()) { + if (!on_tty() || arg_quiet) { /* If we are not on a TTY, show only the key. */ puts(key); return 0; diff --git a/test/units/TEST-04-JOURNAL.fss.sh b/test/units/TEST-04-JOURNAL.fss.sh index 03351b812fa..140bd9fd67d 100755 --- a/test/units/TEST-04-JOURNAL.fss.sh +++ b/test/units/TEST-04-JOURNAL.fss.sh @@ -10,8 +10,10 @@ if ! journalctl --version | grep -qF +GCRYPT; then exit 0 fi -journalctl --force --setup-keys --interval=2 |& tee /tmp/fss -FSS_VKEY="$(sed -rn '/([a-f0-9]{6}\-){3}[a-f0-9]{6}\/[a-f0-9]+\-[a-f0-9]+/p' /tmp/fss)" +# without --quiet, should be effectively equivalent to the below, as we are not on tty +journalctl --force --setup-keys --interval=2 + +FSS_VKEY=$(journalctl --force --setup-keys --interval=2 --quiet) [[ -n "$FSS_VKEY" ]] # Generate some buzz in the journal and wait until the FSS key is changed From 5c9da83004f0f62b5ecfa1503a561859888f8e1f Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 9 Dec 2024 05:22:05 +0900 Subject: [PATCH 2/2] journalctl: allow to dump generated key in json format Closes #35503. --- man/journalctl.xml | 3 +++ src/journal/journalctl-authenticate.c | 30 ++++++++++++++++++++++++++- test/units/TEST-04-JOURNAL.fss.sh | 5 +++++ 3 files changed, 37 insertions(+), 1 deletion(-) diff --git a/man/journalctl.xml b/man/journalctl.xml index 0cc2b72acc5..1f9ca364f30 100644 --- a/man/journalctl.xml +++ b/man/journalctl.xml @@ -835,6 +835,9 @@ with . Shorter intervals increase CPU consumption but shorten the time range of undetectable journal alterations. Defaults to 15min. + Note, and are silently + migrated to . + diff --git a/src/journal/journalctl-authenticate.c b/src/journal/journalctl-authenticate.c index 87374816b48..7aaa340cd3c 100644 --- a/src/journal/journalctl-authenticate.c +++ b/src/journal/journalctl-authenticate.c @@ -1,5 +1,7 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ +#include "sd-json.h" + #include "ansi-color.h" #include "chattr-util.h" #include "errno-util.h" @@ -158,7 +160,7 @@ int action_setup_keys(void) { if (r < 0) return r; - if (!on_tty() || arg_quiet) { + if ((!on_tty() || arg_quiet) && !sd_json_format_enabled(arg_json_format_flags)) { /* If we are not on a TTY, show only the key. */ puts(key); return 0; @@ -169,6 +171,32 @@ int action_setup_keys(void) { if (hn) hostname_cleanup(hn); + if (sd_json_format_enabled(arg_json_format_flags)) { + _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL; + + if (arg_json_format_flags & (SD_JSON_FORMAT_SSE | SD_JSON_FORMAT_SEQ)) { + log_debug("Specified --output=%s with --setup-keys, migrating to --output=json.", + FLAGS_SET(arg_json_format_flags, SD_JSON_FORMAT_SSE) ? "json-sse" : "json-seq"); + arg_json_format_flags &= ~(SD_JSON_FORMAT_SSE | SD_JSON_FORMAT_SEQ); + arg_json_format_flags |= SD_JSON_FORMAT_NEWLINE; + } + + r = sd_json_buildo( + &v, + SD_JSON_BUILD_PAIR_ID128("machine", machine), + SD_JSON_BUILD_PAIR_STRING("hostname", hn), + SD_JSON_BUILD_PAIR_STRING("path", path), + SD_JSON_BUILD_PAIR_STRING("key", key)); + if (r < 0) + return log_error_errno(r, "Failed to build json object: %m"); + + r = sd_json_variant_dump(v, arg_json_format_flags, /* f = */ NULL, /* prefix = */ NULL); + if (r < 0) + return log_error_errno(r, "Failed to dump json object: %m"); + + return 0; + } + fprintf(stderr, "\nNew keys have been generated for host %s%s" SD_ID128_FORMAT_STR ".\n" "\n" diff --git a/test/units/TEST-04-JOURNAL.fss.sh b/test/units/TEST-04-JOURNAL.fss.sh index 140bd9fd67d..7edcbf95b09 100755 --- a/test/units/TEST-04-JOURNAL.fss.sh +++ b/test/units/TEST-04-JOURNAL.fss.sh @@ -10,6 +10,11 @@ if ! journalctl --version | grep -qF +GCRYPT; then exit 0 fi +# output key and related info in json format +for mode in json json-pretty json-seq json-sse; do + journalctl --force --setup-keys --interval=2 --output="$mode" | jq . >/dev/null +done + # without --quiet, should be effectively equivalent to the below, as we are not on tty journalctl --force --setup-keys --interval=2