| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Upcoming changes will need a method to parse a secondary file (to
support the 'source' command), but not execute it as a new script.
This change exposes the parsing code, separate from the execution code.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
| |
Future commands will need to access the parser, so add a reference from
struct grub2_script.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently, we have support for grub2 (device)/path syntax for boot
resources. This change allows this syntax for general paths in grub2
scripts (for example, -f tests).
This involves exposing grub2_lookup_device, to allow the script
execution code to resolve pathnames.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This change incorporates the grub2-style (device)/path specifiers in the
grub2 parser's resource code. This allows the boot option paths to use
device-specific references.
Device names are looked-up using the UUID and kernel IDs, but with the
lookup logic specific to a new function (grub2_lookup_device), so that
can be extended in a future change.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
| |
This change adds a (currently unused) function to parse (device)/path
references from grub scripts.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, we have struct grub2_resource_info to keep references to boot
payloads that may be returned in boot options, and be (conditionally)
resolved by the parser.
We'd also like to use the same semantics for other file references in
the grub2 parser, for arbitrary usage in scripts - where files are
also referenced by a path and an optional device.
To do this, this change moves struct grub2_resource_info to grub2.h, and
renames to struct grub2_file. Future changes will use this for
script-internal file handling.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
| |
This change adds support for searching by UUID and filesystem label.
We still fall back to passthrough if the UUID is not found, but we now
resolve to device ID strings.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
| |
--no-floppy is used almost everywhere, so add it to the tests. The code
will already ignore unknown arguments, but ensure that this works OK.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The search command will be extended to add the full set of grub2-style
arguments, so switch to using getopt, rather than manual parsing.
This means we now support `--set=foo` and `--set foo` style arguments,
both of which appear in the docs and common grub configs.
Also, add a small test for the search argument handling.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
| |
If no --set= argument is specified, default to the variable named
'root', as per current grub docs.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
| |
This patch adds code that takes into account the size of the IANA
identifier number in the mailbox and doesn't copy it into the data
buffer
Signed-off-by: Maxim Polyakov <m.polyakov@yadro.com>
|
| |
|
|
|
|
|
|
| |
Use structure for the IPMI response mailbox message instead of raw byte
array as its done in the ipmitool utility:
https://github.com/ipmitool/ipmitool/commit/62a04390e10f8e62ce16b7bc95bf6ced419b80eb
Signed-off-by: Maxim Polyakov <m.polyakov@yadro.com>
|
| |
|
|
|
|
|
| |
get_ipmi_boot_mailbox_block() should return the actual size
of the received IPMI mailbox data
Signed-off-by: Maxim Polyakov <m.polyakov@yadro.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The maximum size of the mailbox with Boot Initiator info is defined in
the specification (1). The code should not extract data from the IPMI
response message if its size exceeds the maximum limit from the
specification.
[1] page 398, IPMI Specification v2.0, Revision 1.1, October 1, 2013
Signed-off-by: Maxim Polyakov <m.polyakov@yadro.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to IPMI Specification, in the IPMI response message with
boot initiator mailbox information block, byte 4 should be used as
the block selector (1). However, this parameter isn`t taken into
account in the code and bytes 4-6 in the block 0 are defined as the
IANA enterprise ID number. Thus, IANA contains an invalid value and
doesn`t match the IBM ID. For this reason, the get_ipmi_boot_mailbox()
procedure fails with error and the boot options from mailbox doesn`t
apply.
/var/log/petitboot/pb-discover.log:
IANA number unrecognised: 0x00:0x02:0x00
This patch adds the missing block selector parameter.
It has been tested on the YADRO Vesnin P8 Server with the Openbmc
[1] page 398, IPMI Specification v2.0, Revision 1.1, October 1, 2013
Signed-off-by: Maxim Polyakov <m.polyakov@yadro.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We're now running pb-console through a proper login shell, so we
shouldn't need to modify PATH, as we expect it to be properly set up by
the shell profile.
This change removes the unconditional PATH modification, so we only set
a basic PATH if it's currently empty.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The environment that pb-console starts is minimal, as we have likely
been run by udev.
Because we're starting a shell, we want the proper profile set up, so
run as a login shell.
This assumes the shell accepts -l, but we already have an assumption for
supporting -m (as /bin/ash does).
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The GRUB menuentry command allows to separate the arguments for options
using either a '=' or a ' '. The latter is the convention used when the
menu entries are defined in the GRUB config file, but this is currently
not supported by Petitboot.
Add tests to cover both using '--id=foo' and '--id foo' as options.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A default menu entry can be chosen using any of the following attributes:
index, title or id (if the entry was defined with the --id option).
But Petitboot doesn't honor this correctly and only compares the default
with the menu entry title if the entry doesn't have an id defined. This
is wrong since an index or title can be used even if an id was defined.
This issue wasn't covered by the test that sets a default using a title
because the menu entries didn't have an id defined. Add an id to them.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
| |
Use Travis to build and publish the Sphinx docs automatically.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Use sphinx-docs to start adding some proper in-tree documentation that
will be easy to generate and display.
Documentation exists in various places around the internet but there
isn't a consolidated, up-to-date source. This starts to sketch out the
framework for a good central source of documentation.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
| |
There's still plenty to do and patches are still very welcome, but the
TODO file departed from reality a very long time ago; better to start
over again.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
| |
In particular this fixes running pb-plugin executables from the UI since
the wrapper requires root to set up the environment.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
| |
Otherwise we only get the first word displayed in the UI.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
| |
Use -m to have the shell spawned by pb-console run it its own process
group, allowing commands such as Ctrl-C (SIGINT) to behave as expected
rather than killing the shell.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement device_add() in cui_client_ops and use this interface to
recognise when the server notifies the client of an encrypted device. A
"device header" will be created for this device and added to the menu
with no associated boot options.
The nc-auth prompt is extended to ask for a disk password when the device
header for an encrypted device is selected.
Assuming the password is correct pb-discover will remove the original
device and notify the client about the newly opened device, which will
be reflected in the menu.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Handle devices encrypted with LUKS and call cryptsetup to open them if a
client sends the associated password.
If a new device has the "crypto_LUKS" filesystem type it is marked as a
LUKS device and sent to clients but further discovery is not performed.
Once a client sends the device's password cryptsetup is called to open
it. The opened device will appear separately, so the source device is
"forgotten" at this point and then the newly opened device is treated as
a normal partition. On destruction the device is "closed" with
cryptsetup so that discovery can start from the beginning.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
| |
Extend the auth_message struct to support the AUTH_MSG_DECRYPT
operation, allowing the existing authentications methods to be used for
passing a disk password from the UI to pb-discover.
In addition add DEVICE_TYPE_LUKS to identify encrypted disk devices.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
| |
If pipe_stdin exists, create a second pipe to write to the child
process's STDIN. This allows Petitboot to pipe information to a process,
for example piping a LUKS password to cryptsetup.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On kexec all processes will be sent a SIGTERM and SIGKILL. By default
there are messages on the console alerting the user to this, however in
some implementations these messages are disabled. This can have the
effect of the UI seemingly exiting to the shell on boot and hanging for
a short while before the kexec actually jumps into the next kernel.
Trap the SIGTERM sent to the pb-console parent process and print a short
message to the screen instead of momentarily dropping to the shell and
printing the usual help messages.
While here also cleanup the shell help messages below which are now
handled in the shell's .shrc file.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
For some reason our version script removes the leading 'v' from the git
tag. This confuses some other tools such as Buildroot and is different
to most other projects, so include it again.
Additionally now that we have tagged releases just use git describe
rather than using a SHA and date to describe non-tag commits.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
| |
And include a pxe-parser test which uses a port in the path prefix to
exercise this. This could cause PXE discovery failures if parameters
such as pathprefix included a port in the URL.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Buildroot's libdm is not built with --enable-udev_sync, so device-mapper
actions are not able to sync or wait for udev events.
(see 185676316, "discover/devmapper: Disable libdm udev sync support")
This can cause an issue when tearing down a snapshot in
devmapper_destroy_snapshot() which performs a DM_DEVICE_REMOVE task
against the snapshot, origin, and base devices one after the other. In
some cases if the interval between these actions is too short the action
can fail as the preceding device hasn't disappeared yet and the device
being removed is still busy.
Since we don't yet have a way to tell exactly when the device is ready,
pause for a short time and retry the action, letting
devmapper_destroy_snapshot() continue and, for example, letting
mount_device() fall back to the physical device.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
| |
If there is an IPMI boot mailbox configuration present display a message
in the System Configuration screen and provide the option to clear the
mailbox.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
| |
A simple script to set, display, and clear a BMC's boot initiator mailbox.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The IPMI Get System Boot Options commands includes parameter 7, the
"boot initiator mailbox". This can be used to hold arbitrary data to
influence the boot order.
Use this to provide an alternate bootdev configuration to Petitboot that
will override the one saved to NVRAM. This provides more fine grained
override options than the existing device-type based overrides.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
| |
Keep track of the default boot option, and prefix its display name with
a '(*)' to point it out to the user.
This avoids having to authenticate with pb-discover even if only booting
the default option.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
| |
When the user tries to perform actions that require authentication a new
subscreen 'nc-auth' is launched which accepts a password and will send
an authentication request before performing the action.
This also adds a button in nc-config which launches an nc-auth screen
allowing the user to set or change the system password.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
| |
Track the client's authentication status and provide methods for the
client to send authentication requests to the server.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
| |
Instead of calling sh twice to echo the 'exiting' message just call sh
by itself and leave any welcome message to the shell's interactive
config.
Also drop the explicit nc_scr_unpost() in cui_run_cmd() since clear()
will blank out the screen anyway.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
| |
If petitboot,password exists set it as the root password. This will be
the password used to authenticate clients.
This is the *hash* of a password as it would appear in /etc/shadow, not
the password itself.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If crypt support is enabled restrict what actions clients can perform by
default. Initial authorisation is set at connection time; clients
running as root are unrestricted, anything else runs as restricted until
it makes an authentication to pb-discover.
Unprivileged clients may only perform the following actions:
- Boot the default boot option.
- Cancel the autoboot timeout.
- Make an authentication request.
If a group named "petitgroup" exists then the socket permissions are
also modified so that only clients running as root or in that group may
connect to the socket.
The user-event socket is only usable by root since the two main
usecases are by utilities called by pb-discover or by a user in the
shell who will need to su to root anyway.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
| |
Add a new "authenticate" action. Depending on the 'op' field this is
either a) an authentication request, b) a response indicating the
result, or c) a request to change the password.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
| |
Provides helper functions for reading, writing, and checking against
/etc/shadow. The main use case if for authenticating clients against the
"system" password, which is set as the root password.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
| |
Trap and ignore SIGINT to avoid a SIGINT intended for petitboot-nc also
exiting the parent pb-console script.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
| |
Enabling job control in the shell.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
| |
If running in a non-root shell the user will not be able to create or
access files in / so operate in the current directory instead.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
