| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
The current message mentions a "server" which can give the misleading
impression that the UI is waiting for a remote network server. The delay
is actually in waiting for the pb-discover process to be ready, so
update the message to reflect that.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
| |
If a "uuid:" label is set in the petitboot,bootdevs parameter without a
matching UUID, the UUID is unintentionally accepted and set to NULL.
This can cause a segfault in nc-config when device UUIDs are compared
against the autoboot option. Instead treat options like this as
malformed.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
| |
The "petitboot,bootdevs" parameter has been around long enough now that
there shouldn't be anyone still transitioning over from the old
"petitboot,bootdev" parameter. Drop this parameter to simplify the
populate_bootdev_config() logic.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
| |
Allow the user to specify a HTTP and HTTPS proxy server. The discover
server will set the http_proxy and https_proxy environment variables,
enabling the proxy servers for any further HTTP(S) requests.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
| |
If the client is not connected to the server instance when exiting, fork
and have the child process spin until the server is available and can be
told to cancel autoboot. This prevents the scenario of a user exiting
the UI and having the server continue to autoboot while they are using
the command line.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
| |
This is more consistent with other files in utils/hooks.
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 2163af5 "discover/pxe-parser: Retrieve configs asynchronously"
added asynchronous loading of remote pxe filenames, but made an
unintended change in behaviour to the PXE parser. Previously the parser
would try a list of possible filenames, and parse the first one it
found. However the above commit spawns an asynchronous job for every
filename, and parses any that can be retrieved. It is a common
configuration to have a machine-specific config and a 'fallback' default
config, and the change means we could erroneously retrieve and parse
both configs.
Update the PXE parser so that asynchronous jobs are spawned
sequentially. That is, spawn a job for the first filename and if not
successful spawn another job for the next filename, and so on. Once a
remote config is successfully retrieved, parse it and stop.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix several errors in copy_file_secure_dest() found by Coverity and some
minor formatting issues:
143603: Correctly handle mkstemp() return value
143605: Avoid accessing dest_filename[-1] on readlink() error
143606, 143610: Avoid accessing dest_filename[sizeof(dest_filename)]
143607: Fix incorrectly passing sizeof(pointer) to fread()
143608, 143611: Cleanup resources on early exit
143609: Explicitly set umask before calling mkstemp()
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
| |
30-add-offb now performs functions other than just setting offb
information, so rename it to a more accurate '30-dtb-updates'.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit ce54f86 "Add petitboot,tty and track available consoles" added
the petitboot,tty parameter, but the petitboot,console parameter is also
recognised by Petitboot. These are ultimately handled by the 30-add-offb
and 80-set-stdout hooks respectively, but exist for mostly the same
purpose.
We consolidate these down to just the original petitboot,console
parameter. If the contents of petitboot,console have been configured by
Petitboot (ie. it is of the form /dev/dev# [ Description ]) we behave as
normal, otherwise we assume that petitboot,console contains a full
OF path to the intended console device and do not allow it to be
modified. This follows petitboot,console's original intent to be a debug
aid, and takes precedence over any other use.
The 80-set-stdout hook is removed as 30-add-offb now accounts for both
use cases.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
| |
'Console' is more readily understandable and technically more correct
than 'tty' for referring to the interfaces that Petitboot starts a UI on.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
| |
If the current interface config has been set by an IPMI network
override, display a warning in nc-config that saving the current config
will overwrite any saved interface config.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
| |
Explicitly keep track of whether the current interface config was set by
an IPMI network override, and avoid overwriting any saved config unless
the override was marked persistent.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
| |
Currently in network_register_device() and network_unregister_device()
the appropriate interface is searched for by name. However it is
possible in some scenarios for multiple interfaces to have the same
name, so instead search by UUID to be sure that the correct interface is
being selected.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently discover_device_create() will search for existing discover
devices by id to determine if a new device is required. However it is
possible under some circumstances for distinct devices to have the same
name. This is especially troublesome if the following network events are
seen in network_handle_nlmsg():
- New interface, 'foo' with uuid x:x:x:x:x:x
-> new discover device created with
dev->device->id = 'foo'
dev->uuid = x:x:x:x:x:x
- New interface, 'foo' with uuid y:y:y:y:y:y
-> existing device 'foo' found
dev->uuid = y:y:y:y:y:y
This can occur if an interface rename event arrives *after* an old name
is reused, where temporarily Petitboot will see two distinct network
interfaces with the same name. Now the two interfaces point to the same
discover device, which can quickly result in a segfault if a 'remove'
event occurs for one of the interfaces and the discover device is freed.
To generally avoid this a 'uuid' parameter is added to
discover_device_create(), which if present allows existing devices to be
looked up by UUID rather than just their name.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
| |
pb-udhcpc currently only passes the interface's MAC address for an 'add'
event, however it is useful to know it for any user event concerning a
network interface. Pass it to pb-event in all cases.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The 'conf' user event is functionally very similar to the 'url' event,
in that both events result in downloading a specified configuration file
and passing it to iterate_parsers().
The 'url' event additionally allows downloading files from a directory
path and is also accessed by the UI via pb-protocol, so remove the
'conf' event and associated functions in favour of 'url' and
device_handler_process_url().
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When handling an event, user_event_handle_message() creates an event
struct with relevant parameters. Once user_event_handle_message() is
finished it frees the struct.
However in the case of a dhcp or add_url event, asynchronous jobs may be
spawned that will later reference the event struct. In particular this
becomes a problem when pxe_process_pair() handles an IPAPPEND name/value
pair and tries to access event->device.
In the case of dhcp and add_url events, we avoid this by changing the
event struct's talloc parent to the discover_context struct which
persists until all async pxe jobs have completed.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In certain cases, such as network booting over an untrusted connection,
it may be useful to fully encrypt and sign the kernel files.
Enable fully encrypted boot using builtin keyring via the addition of
the string "ENCRYPTED" to the first line of the /etc/pb-lockdown file.
This disables detached (plaintext) signature verification.
Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
| |
This patch disables direct command line access when the /etc/pb-lockdown
file is present.
Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
kernels and related blobs
This can be used to implement a form of organization-controlled secure boot,
whereby kernels may be loaded from a variety of sources but they will only
boot if a valid signature file is found for each component, and only if the
signature is listed in the /etc/pb-lockdown file.
Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
(Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)
|
| |
|
|
|
|
|
|
| |
In some environments a default 'tun' device is created. Petitboot
doesn't use this and it clutters up the list of network devices, so
ignore it if it is encountered.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
| |
It turns out ncurses helpfully provides REQ_LEFT_FIELD and
REQ_RIGHT_FIELD to navigate between visually horizontal fields. Update
widgetset_process_key() to use these for KEY_LEFT and KEY_RIGHT
respectively.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
| |
If we don't specify command line arguments for the next kernel, kexec
will add the contents of /chosen/bootargs if present. This is unintended
and not obvious to the user, so explicitly add append="" to the kexec
arguments if we have none to add instead.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
| |
If a console is defined in NVRAM, we want it to take precedence over
anything that 30-add-offb calculates automatically. This change shifts
the 20-set-stdout script to later in the hook processing, so that it
will override any automatic settings.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
| |
We need an absolute path to the serial@N device. It looks like some
kernels aren't reading the current path correctly, leading to no console
output.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Acked-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a user event named 'sync' that causes the discover server to merge
the devicemapper snapshots of mounted devices. This is particularly
useful as a debug aid (for example, when copying logs to a USB device),
as the server will otherwise only sync changes to mounted devices in
response to parser actions.
The command can be called as
pb-event sync@device
to sync a particular device, or as
pb-event sync@all
to sync all devices with snapshots.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adding KEY_LEFT and KEY_RIGHT brought to light the problem that
widgetset_process_keys() may handle keystrokes that would have also been
handled by a widget's process_keys function. In particular the cursor
in a textbox widget could no longer be moved with the left/right keys.
This updates widgetset_process_keys() to call the focussed widget's
process_keys function before handling the key in any other way. All of
the widget process_keys functions correctly return false if the key is
not relevant to the widget except for textbox_process_key() which is
updated to ignore the main navigational keys.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
| |
If one of a device's boot options is the current default boot option,
make sure the default boot is cancelled before the device is removed.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
| |
In some cases additional netlink messages can be received for an
already-configured interface without any relevant changes. This can
result in multiple DHCP requests for the same interface.
Once an interface has been configured mark it as IFSTATE_CONFIGURED
to avoid configuring it again.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
| |
With a kernel that has IPMI support Petitboot will try to use direct
IPMI, however on FSP machines this is not fully functional. Use direct
IPMI only on BMC-based machines, and use sysparams otherwise.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
| |
All boot options must at least have a boot image; ignore any options
that do not before trying to resolve them.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When a subset widget is made empty focus is switched to the first
visible field. It should actually be set to the first visible and active
field, otherwise we can try to focus an un-selectable label.
While we're here, also properly set the visibility for the autoboot
enable/disable widget.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
| |
We now use KEY_LEFT and KEY_RIGHT for general navigation; update
subset_process_key() to use the following keybindings:
Reorder items up/down: Minus/Plus keys (-/+)
Delete item: Delete or Backspace
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
| |
If the boot_tty environment variable is set, determine which device path
to set in the linux,stdout-path property, which will instruct the next
kernel to use it as the primary console.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
| |
Include a list of available consoles as specified by the discover server
in nc-config from which the user can select a default. The selected
console specifies the which console to be set as the primary console
when a kernel is kexec'd.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
| |
If boot_tty is set or a boot command is sent manually from a certain
console, set the boot_tty environment variable to be used by a boot hook
before kexec.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add the NVRAM parameter petitboot,tty which sets the default console to
use when booting a kernel.
In load_config() construct a list of available consoles depending on the
current platform. A future patch depending on firmware changes will
allow this list to be constructed dynamically.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add tty_list and boot_tty to the config struct to keep track of
available console interfaces and the default console to set as primary
respectively.
Also add a tty field to the boot_command struct so that the current
console can be sent to the discover server during a manual boot command.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Depending on the configuration of the DHCP server and the network, tftp
requests made by the pxe parser can timeout. The pxe parser makes these
requests synchronously so several timeouts can block the server
completely for several minutes, leaving the server unresponsive to UI
requests.
Rework the pxe parser such that it handles the result of each tftp
request in a callback, which can complete after iterate_parsers() has
returned. Each callback is allocated its own conf_context which takes a
talloc reference on the discover_context so that each callback can
commit new boot options after the initial iterate loop has completed.
This also means talloc_unlink must be used instead by the original
parent of the discover_context.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Substitute load_url_async() when running tests to support direct
callers of load_url_async() who will expect to read a file in a
callback.
Stub out device_handler_discover_context_commit() since it will remove
discover_options from the given discover_context, but the tests will
check the discover_context to count boot_options.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
| |
Rename boot_status() to device_handler_boot_status() and make it
accessible by files that include device-handler.h. This enables the boot
status to be updated from additional callers, in particular within
parser functions.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The addition of the "url" field is not reflected in
config_copy_interface() which leaves the pointer uninitialised, causing
a potential segfault later on.
Copy the field from the source config, and use talloc_zero() for the
interface_config struct to prevent this more generally.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In one case get_ipmi_bootdev_ipmi() can return 0 on an error, which
leads to bootdev being treated as a valid bootdev despite being
uninitialised. If the planets line up correctly and bootdev is less than
or equal to IPMI_BOOTDEV_SETUP, Petitboot will incorrectly apply an IPMI
override.
Update the error return value in get_ipmi_bootdev_ipmi(), and properly
initialise bootdev.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
| |
The UI can now come up before the server, but in order for a key press
to cancel autoboot a key has to be pressed once the server connects.
Instead remember to cancel autoboot if a key has been pressed at any
point.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a simple script to gather up useful information in the unlikely
event a user runs into trouble.
Usage:
pb-sos [-v] [-f file] [-d user@host:/path]
Options
-v verbose output
-f file Supply filename for tar archive (default pb-sos.tar)
-d host Supply user, hostname, and path to transfer archive to a
remote host
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
