| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Keep track of the default boot option, and prefix its display name with
a '(*)' to point it out to the user.
This avoids having to authenticate with pb-discover even if only booting
the default option.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
| |
When the user tries to perform actions that require authentication a new
subscreen 'nc-auth' is launched which accepts a password and will send
an authentication request before performing the action.
This also adds a button in nc-config which launches an nc-auth screen
allowing the user to set or change the system password.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
Track the client's authentication status and provide methods for the
client to send authentication requests to the server.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
| |
Instead of calling sh twice to echo the 'exiting' message just call sh
by itself and leave any welcome message to the shell's interactive
config.
Also drop the explicit nc_scr_unpost() in cui_run_cmd() since clear()
will blank out the screen anyway.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
If petitboot,password exists set it as the root password. This will be
the password used to authenticate clients.
This is the *hash* of a password as it would appear in /etc/shadow, not
the password itself.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If crypt support is enabled restrict what actions clients can perform by
default. Initial authorisation is set at connection time; clients
running as root are unrestricted, anything else runs as restricted until
it makes an authentication to pb-discover.
Unprivileged clients may only perform the following actions:
- Boot the default boot option.
- Cancel the autoboot timeout.
- Make an authentication request.
If a group named "petitgroup" exists then the socket permissions are
also modified so that only clients running as root or in that group may
connect to the socket.
The user-event socket is only usable by root since the two main
usecases are by utilities called by pb-discover or by a user in the
shell who will need to su to root anyway.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
Add a new "authenticate" action. Depending on the 'op' field this is
either a) an authentication request, b) a response indicating the
result, or c) a request to change the password.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
Provides helper functions for reading, writing, and checking against
/etc/shadow. The main use case if for authenticating clients against the
"system" password, which is set as the root password.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
Trap and ignore SIGINT to avoid a SIGINT intended for petitboot-nc also
exiting the parent pb-console script.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
| |
Enabling job control in the shell.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
If running in a non-root shell the user will not be able to create or
access files in / so operate in the current directory instead.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
If the getty arguments include '-a' do not set the '-l' option. This
implies the environment has been configured with users and will launch
the subsequent pb-console instance itself.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
Fix up a spot where we forgot to translate the "Plugins" label on update
and make the check for that label more resilient.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
The pb_urls for the boot resources use 'opt' as the talloc parent but
this may be NULL, for example if this is a user-created boot option.
Move the boot_task initialisation so it can be used as the talloc parent
instead.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
This commit adds support for the initrd16 builtin
which compliments the existing linux16 support and
improves usability on x86 platforms.
Signed-off-by: Shawn Anastasio <shawn@anastas.io>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A few places where we print out the response buffer from an IPMI command
weren't updated when log timestamps were added, resulting in very hard
to read output. Add a little helper to format buffers and use it to
print these with only one timestamp.
Example:
[04:59:01] ipmi_get_bmc_versions: BMC version resp [0][16]:
0x00 0x20 0x01 0x02 0x13 0x02 0xbf 0x00
0x00 0x00 0xbb 0xaa 0x58 0x98 0x01 0x00
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ncurses UI sets a few console options at startup that are needed for
ncurses to work properly. These aren't reset however and can lead to
quirks like the cursor being invisible after kexecing to the next
kernel.
The UI process doesn't have time to reset these when it is killed by
kexec, so instead add a 'boot_active' field to status updates. This is
set by boot.c's update handler so the UI can assume it is about to boot
if it receives a status update with this field, and resets the console
options. If the boot is cancelled for any reason the status update will
reflect that and the console options are restored.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Occasionally you look at some code and realise that a) this never gets
built, and b) even if it did it would never compile. Today's example is
native-parser.c which we must have just assumed worked for quite a
while.
The native parser has bitrotted entirely and needs to be brought up to
date. While we're here, lets take the chance to implement a proper
grammar for it. This helps us reason more effectively about the parser,
lets us extend it easily in the future, and.. I wanted to write a Bison
parser too.
This implements most of the old functionality, but drops off some
smaller details like settings icons which needs some separate attention
to bring up to date.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
The discover/params code is an artifact from a long time ago, and isn't
used by anything today: remove it.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
In more recent firmware images built by op-build the VERSION partition
is signed, and includes a 'secure header'. Check for this and skip it if
found so we parse the version strings properly.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
To avoid sending all the files in the top most project
directory tree down to the docker daemon, change into
the docker directory when running 'docker build'.
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
| |
Allow CC to be passed through to change the default compiler, and also
allow the invocation of 'make' to be customised. An example use case of
this is to set CC=/usr/bin/clang and use
--make-command 'scan-build make' to build Petitboot with the clang
static analyzer.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The kboot parser doesn't set a default option. Change it so that if we
see the 'default' parameter we match against this value when deciding if
an option should be set as default.
For example:
default=linux
linux='/vmlinux initrd=/initrd arg1=value1 arg2'
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a device requery is triggered we cancel any default boot option on
the device. This also disables autoboot which we don't want; any boot
options found after the requery will not be able to autoboot.
To avoid this restore the existing autoboot setting after checking for
default options.
This prevents a particular corner case where a default boot option has
been selected for boot but one of its boot files has stalled or is
taking more time to download than the requery timeout and the requery
accidentally cancels autoboot preventing Petitboot from trying to boot
again.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In a lockdown situation in the ncurses menu there is a switch to replace
the 'Exit to shell' option with 'Reboot', so the intent seems to be to
not allow the user the option to exit to shell in a lockdown situation.
However the associated foreced reboot logic is in the process atexit so
is only triggered when completely exiting the menu system. The default
menu item logic to exit to shell is still in place though so the menu
exit never occurs and shell access is still available.
Add a switch to a different menu exit callback to force a menu abort
using the same mechanism as a signal in lockdown situations so the shell
can never be entered. This also affects the 'x' or esc shortcut keys.
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
If a 'name' parameter is used for a boot user event, search existing
boot options for one that matches that name on the given device.
This allows a pb-event user to boot based on name rather than having to
specify the exact boot arguments.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
| |
o Set language to bash (same as generic), so just the
scrip steps run.
o Move build-builder to 'before_script'.
o Switch to a job matrix of 'os' entries with names.
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
Ubuntu 17.10 was end of life in July. Update to the latest LTS.
Signed-off-by: Joel Stanley <joel@jms.id.au>
[Docker tag bumped]
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
Update the Travis config to use Petitboot's own docker scripts, and add
ppc64le to the list of recognised architectures.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
efi_check_mount now does a magic number check by default, so
move the magic number related code from efivar.h to efivar.c.
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To make it easier to manage EFI variables add a new struct efi_mount
that holds the path to the EFI file system mount and the EFI variable
name GUID. Update the lib/efi routines to use struct efi_mount. Add
a new routine efi_check_mount based on the checks done in
platform-arm64.
This change to using struct efi_mount removes the static variable
efivarfs_path making the lib/efi routines stateless.
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
For convenience, add a new efi data attributes macro
EFI_DEFALT_ATTRIBUTES.
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
Use the host driver by default to simplify networking for build-builder,
especially when DNS settings need to be inherited from the host.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
The efi tests may use a filesystem which does not support
ioctl_iflags. Add a check and skip the ioctl_iflags
operations if not supported.
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current TALLOC_ABORT macro had a number of problems.
Failures were not going to the pb log, but only to stderr.
If the object passed in was not a talloc object the printing
of an object name would be printing random data.
The use of a macro obscured the code.
To clean this up, remove all reference to TALLOC_ABORT and
put the logging and abort calls directly into talloc_chunk_from_ptr.
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
Fixes double timestamp on pb_log_fn, pb_debug_fn.
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
Signed-off-by: Ge Song <ge.song@hxt-semitech.com>
[Split from a larger patch and cleaned up]
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
For use by the arm64 get_sysinfo.
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add configure --enable-platform-XXX options to allow specifying
which platform support to build.
--enable-platform-auto, the default, will use the host
triplet to guess which platforms to build.
--enable-platform-all will build all platforms.
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|