mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
journalctl: make --setup-keys honor --output=json and --quiet (#35507)
Closes #35503. Closes #35504.
This commit is contained in:
commit
ed803ee195
@ -834,6 +834,9 @@
|
|||||||
with <option>--setup-keys</option>. Shorter intervals increase CPU consumption but shorten the time
|
with <option>--setup-keys</option>. Shorter intervals increase CPU consumption but shorten the time
|
||||||
range of undetectable journal alterations. Defaults to 15min.</para>
|
range of undetectable journal alterations. Defaults to 15min.</para>
|
||||||
|
|
||||||
|
<para>Note, <option>--output=json-sse</option> and <option>--output=json-seq</option> are silently
|
||||||
|
migrated to <option>--output=json</option>.</para>
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v189"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v189"/></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
@ -1,5 +1,7 @@
|
|||||||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||||
|
|
||||||
|
#include "sd-json.h"
|
||||||
|
|
||||||
#include "ansi-color.h"
|
#include "ansi-color.h"
|
||||||
#include "chattr-util.h"
|
#include "chattr-util.h"
|
||||||
#include "errno-util.h"
|
#include "errno-util.h"
|
||||||
@ -97,17 +99,20 @@ int action_setup_keys(void) {
|
|||||||
state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
|
state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
|
||||||
state = alloca_safe(state_size);
|
state = alloca_safe(state_size);
|
||||||
|
|
||||||
log_info("Generating seed...");
|
if (!arg_quiet)
|
||||||
|
log_info("Generating seed...");
|
||||||
r = crypto_random_bytes(seed, seed_size);
|
r = crypto_random_bytes(seed, seed_size);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to acquire random seed: %m");
|
return log_error_errno(r, "Failed to acquire random seed: %m");
|
||||||
|
|
||||||
log_info("Generating key pair...");
|
if (!arg_quiet)
|
||||||
|
log_info("Generating key pair...");
|
||||||
r = FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR);
|
r = FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to generate key pair: %m");
|
return log_error_errno(r, "Failed to generate key pair: %m");
|
||||||
|
|
||||||
log_info("Generating sealing key...");
|
if (!arg_quiet)
|
||||||
|
log_info("Generating sealing key...");
|
||||||
r = FSPRG_GenState0(state, mpk, seed, seed_size);
|
r = FSPRG_GenState0(state, mpk, seed, seed_size);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to generate sealing key: %m");
|
return log_error_errno(r, "Failed to generate sealing key: %m");
|
||||||
@ -122,7 +127,7 @@ int action_setup_keys(void) {
|
|||||||
|
|
||||||
r = chattr_secret(fd, CHATTR_WARN_UNSUPPORTED_FLAGS);
|
r = chattr_secret(fd, CHATTR_WARN_UNSUPPORTED_FLAGS);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) ? LOG_DEBUG : LOG_WARNING,
|
log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) || arg_quiet ? LOG_DEBUG : LOG_WARNING,
|
||||||
r, "Failed to set file attributes on a temporary file for '%s', ignoring: %m", path);
|
r, "Failed to set file attributes on a temporary file for '%s', ignoring: %m", path);
|
||||||
|
|
||||||
struct FSSHeader h = {
|
struct FSSHeader h = {
|
||||||
@ -155,7 +160,7 @@ int action_setup_keys(void) {
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
if (!on_tty()) {
|
if ((!on_tty() || arg_quiet) && !sd_json_format_enabled(arg_json_format_flags)) {
|
||||||
/* If we are not on a TTY, show only the key. */
|
/* If we are not on a TTY, show only the key. */
|
||||||
puts(key);
|
puts(key);
|
||||||
return 0;
|
return 0;
|
||||||
@ -166,6 +171,32 @@ int action_setup_keys(void) {
|
|||||||
if (hn)
|
if (hn)
|
||||||
hostname_cleanup(hn);
|
hostname_cleanup(hn);
|
||||||
|
|
||||||
|
if (sd_json_format_enabled(arg_json_format_flags)) {
|
||||||
|
_cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
|
||||||
|
|
||||||
|
if (arg_json_format_flags & (SD_JSON_FORMAT_SSE | SD_JSON_FORMAT_SEQ)) {
|
||||||
|
log_debug("Specified --output=%s with --setup-keys, migrating to --output=json.",
|
||||||
|
FLAGS_SET(arg_json_format_flags, SD_JSON_FORMAT_SSE) ? "json-sse" : "json-seq");
|
||||||
|
arg_json_format_flags &= ~(SD_JSON_FORMAT_SSE | SD_JSON_FORMAT_SEQ);
|
||||||
|
arg_json_format_flags |= SD_JSON_FORMAT_NEWLINE;
|
||||||
|
}
|
||||||
|
|
||||||
|
r = sd_json_buildo(
|
||||||
|
&v,
|
||||||
|
SD_JSON_BUILD_PAIR_ID128("machine", machine),
|
||||||
|
SD_JSON_BUILD_PAIR_STRING("hostname", hn),
|
||||||
|
SD_JSON_BUILD_PAIR_STRING("path", path),
|
||||||
|
SD_JSON_BUILD_PAIR_STRING("key", key));
|
||||||
|
if (r < 0)
|
||||||
|
return log_error_errno(r, "Failed to build json object: %m");
|
||||||
|
|
||||||
|
r = sd_json_variant_dump(v, arg_json_format_flags, /* f = */ NULL, /* prefix = */ NULL);
|
||||||
|
if (r < 0)
|
||||||
|
return log_error_errno(r, "Failed to dump json object: %m");
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
fprintf(stderr,
|
fprintf(stderr,
|
||||||
"\nNew keys have been generated for host %s%s" SD_ID128_FORMAT_STR ".\n"
|
"\nNew keys have been generated for host %s%s" SD_ID128_FORMAT_STR ".\n"
|
||||||
"\n"
|
"\n"
|
||||||
|
@ -10,8 +10,15 @@ if ! journalctl --version | grep -qF +GCRYPT; then
|
|||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
journalctl --force --setup-keys --interval=2 |& tee /tmp/fss
|
# output key and related info in json format
|
||||||
FSS_VKEY="$(sed -rn '/([a-f0-9]{6}\-){3}[a-f0-9]{6}\/[a-f0-9]+\-[a-f0-9]+/p' /tmp/fss)"
|
for mode in json json-pretty json-seq json-sse; do
|
||||||
|
journalctl --force --setup-keys --interval=2 --output="$mode" | jq . >/dev/null
|
||||||
|
done
|
||||||
|
|
||||||
|
# without --quiet, should be effectively equivalent to the below, as we are not on tty
|
||||||
|
journalctl --force --setup-keys --interval=2
|
||||||
|
|
||||||
|
FSS_VKEY=$(journalctl --force --setup-keys --interval=2 --quiet)
|
||||||
[[ -n "$FSS_VKEY" ]]
|
[[ -n "$FSS_VKEY" ]]
|
||||||
|
|
||||||
# Generate some buzz in the journal and wait until the FSS key is changed
|
# Generate some buzz in the journal and wait until the FSS key is changed
|
||||||
|
Loading…
Reference in New Issue
Block a user