1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00

journalctl: make --setup-keys honor --output=json and --quiet (#35507)

Closes #35503.
Closes #35504.
This commit is contained in:
Luca Boccassi 2024-12-13 13:40:09 +00:00 committed by GitHub
commit ed803ee195
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 48 additions and 7 deletions

View File

@ -834,6 +834,9 @@
with <option>--setup-keys</option>. Shorter intervals increase CPU consumption but shorten the time with <option>--setup-keys</option>. Shorter intervals increase CPU consumption but shorten the time
range of undetectable journal alterations. Defaults to 15min.</para> range of undetectable journal alterations. Defaults to 15min.</para>
<para>Note, <option>--output=json-sse</option> and <option>--output=json-seq</option> are silently
migrated to <option>--output=json</option>.</para>
<xi:include href="version-info.xml" xpointer="v189"/></listitem> <xi:include href="version-info.xml" xpointer="v189"/></listitem>
</varlistentry> </varlistentry>

View File

@ -1,5 +1,7 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */ /* SPDX-License-Identifier: LGPL-2.1-or-later */
#include "sd-json.h"
#include "ansi-color.h" #include "ansi-color.h"
#include "chattr-util.h" #include "chattr-util.h"
#include "errno-util.h" #include "errno-util.h"
@ -97,17 +99,20 @@ int action_setup_keys(void) {
state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR); state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
state = alloca_safe(state_size); state = alloca_safe(state_size);
log_info("Generating seed..."); if (!arg_quiet)
log_info("Generating seed...");
r = crypto_random_bytes(seed, seed_size); r = crypto_random_bytes(seed, seed_size);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to acquire random seed: %m"); return log_error_errno(r, "Failed to acquire random seed: %m");
log_info("Generating key pair..."); if (!arg_quiet)
log_info("Generating key pair...");
r = FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR); r = FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to generate key pair: %m"); return log_error_errno(r, "Failed to generate key pair: %m");
log_info("Generating sealing key..."); if (!arg_quiet)
log_info("Generating sealing key...");
r = FSPRG_GenState0(state, mpk, seed, seed_size); r = FSPRG_GenState0(state, mpk, seed, seed_size);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to generate sealing key: %m"); return log_error_errno(r, "Failed to generate sealing key: %m");
@ -122,7 +127,7 @@ int action_setup_keys(void) {
r = chattr_secret(fd, CHATTR_WARN_UNSUPPORTED_FLAGS); r = chattr_secret(fd, CHATTR_WARN_UNSUPPORTED_FLAGS);
if (r < 0) if (r < 0)
log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) ? LOG_DEBUG : LOG_WARNING, log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) || arg_quiet ? LOG_DEBUG : LOG_WARNING,
r, "Failed to set file attributes on a temporary file for '%s', ignoring: %m", path); r, "Failed to set file attributes on a temporary file for '%s', ignoring: %m", path);
struct FSSHeader h = { struct FSSHeader h = {
@ -155,7 +160,7 @@ int action_setup_keys(void) {
if (r < 0) if (r < 0)
return r; return r;
if (!on_tty()) { if ((!on_tty() || arg_quiet) && !sd_json_format_enabled(arg_json_format_flags)) {
/* If we are not on a TTY, show only the key. */ /* If we are not on a TTY, show only the key. */
puts(key); puts(key);
return 0; return 0;
@ -166,6 +171,32 @@ int action_setup_keys(void) {
if (hn) if (hn)
hostname_cleanup(hn); hostname_cleanup(hn);
if (sd_json_format_enabled(arg_json_format_flags)) {
_cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
if (arg_json_format_flags & (SD_JSON_FORMAT_SSE | SD_JSON_FORMAT_SEQ)) {
log_debug("Specified --output=%s with --setup-keys, migrating to --output=json.",
FLAGS_SET(arg_json_format_flags, SD_JSON_FORMAT_SSE) ? "json-sse" : "json-seq");
arg_json_format_flags &= ~(SD_JSON_FORMAT_SSE | SD_JSON_FORMAT_SEQ);
arg_json_format_flags |= SD_JSON_FORMAT_NEWLINE;
}
r = sd_json_buildo(
&v,
SD_JSON_BUILD_PAIR_ID128("machine", machine),
SD_JSON_BUILD_PAIR_STRING("hostname", hn),
SD_JSON_BUILD_PAIR_STRING("path", path),
SD_JSON_BUILD_PAIR_STRING("key", key));
if (r < 0)
return log_error_errno(r, "Failed to build json object: %m");
r = sd_json_variant_dump(v, arg_json_format_flags, /* f = */ NULL, /* prefix = */ NULL);
if (r < 0)
return log_error_errno(r, "Failed to dump json object: %m");
return 0;
}
fprintf(stderr, fprintf(stderr,
"\nNew keys have been generated for host %s%s" SD_ID128_FORMAT_STR ".\n" "\nNew keys have been generated for host %s%s" SD_ID128_FORMAT_STR ".\n"
"\n" "\n"

View File

@ -10,8 +10,15 @@ if ! journalctl --version | grep -qF +GCRYPT; then
exit 0 exit 0
fi fi
journalctl --force --setup-keys --interval=2 |& tee /tmp/fss # output key and related info in json format
FSS_VKEY="$(sed -rn '/([a-f0-9]{6}\-){3}[a-f0-9]{6}\/[a-f0-9]+\-[a-f0-9]+/p' /tmp/fss)" for mode in json json-pretty json-seq json-sse; do
journalctl --force --setup-keys --interval=2 --output="$mode" | jq . >/dev/null
done
# without --quiet, should be effectively equivalent to the below, as we are not on tty
journalctl --force --setup-keys --interval=2
FSS_VKEY=$(journalctl --force --setup-keys --interval=2 --quiet)
[[ -n "$FSS_VKEY" ]] [[ -n "$FSS_VKEY" ]]
# Generate some buzz in the journal and wait until the FSS key is changed # Generate some buzz in the journal and wait until the FSS key is changed