| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
| |
The dockerfile for each architecture is the same except for the 'FROM' image.
Add a new Dockerfile argument DOCKER_FROM that allows for a commom dockerfile.
If the docker version is older than 17.05 generate a docker file from
the common one.
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
| |
gpg_validate_boot_files() can return error codes for a variety of
reasons but kexec_load only aborts for signature or decryption failure.
In any other failure case like unable to open LOCKDOWN_FILE or do the
secure copy the validation is bypassed by an early return but kexec_load
does not abort.
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
in environments where --disable-nls is specified msgfmt is unnecessary
and therefore may not be available
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
mkstemp will generate the temp file with permissions 0600 so the
umask(0644) is causing the file to have permissions of 0000, making
signature files unreadable
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
Follow along the way the linux builtin does it.
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
Add dockerfiles and helper scripts that create a docker image
with the tools needed to build petitboot. See the docker/README.md
file for more info.
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
Travis now supports building on ppc64le. Given that Power machines are
currently the largest use case of petitboot, it seems appropriate that we
enable this.
Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
in case insensitive filesystems like vfat the duplicate conf file list
will create duplicate boot options. to filter that out strore the
struct stat of each parsed conf file and compare inodes
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
in finalize loop or we can get duplicate boot entries as well as the
memory leak
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the BLS support was added, the conclusion was that default indexes
didn't apply for BLS snippets. But for GRUB 2 the indexes refers to the
boot menu entries in memory, regardless of how these were generated.
Since in GRUB 2 is valid to set a default index even for menu entries
generated from BLS fragments, allow this to also be done in Petitboot.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
Instead of adding a boot option explicitly, just add it to the grub script
boot option list and increment the number of options. That way BLS entries
will be known by the grub script handler and can check if is a valid index.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The BLS entries were sorted so that the latest entry was at the top in the
Petitboot UI, since it matches how menu entries are sorted in GRUB2 config
and the GRUB2 UI.
But in the Petitboot's UI, the latest entry is expected to be at the bottom
and the older one at the top. Sort the BLS entries to match what's expected.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
| |
The default path to search for BootLoaderSpec configuration files is
/loader/entries but in some setups a different directory may be used.
So allow this to be chosen by using a blsdir GRUB environment variable.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
for musl libc
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
for musl libc
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
for musl libc
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The BootLoaderSpec (BLS) defines a file format for boot configurations,
so bootloaders can parse these files and create their boot menu entries
by using the information provided by them [0].
This allow to configure the boot items as drop-in files in a directory
instead of having to parse and modify a bootloader configuration file.
The GRUB 2 bootloader provides a blscfg command that parses these files
and creates menu entries using this information. Add support for it.
[0]: https://www.freedesktop.org/wiki/Specifications/BootLoaderSpec/
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch ccb478ac "Add encrypted file support" removes two
result = KEXEC_LOAD_SIGNATURE_FAILURE;
statements from after the `if (verify_file_signature)` lines for the
kernel and cmdline signatures. This appears to have been a mistake that
snuck through testing, and would allow incorrect signatures to pass
validation.
Also fix up some confusing indenting in the decryption section.
Reported-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
| |
Fixes Coverity defect CIDs 143606, 143610
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
| |
Fixes Coverity defect CID 149918
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
Include the CCAN endian.h header in build sources and change the
--with-twin-foo options to default off - most users are not building
with libtwin so avoid having configure fail for them.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In dc85de97 "Allow load_async_url() to call callback for local paths"
several load_url_result fields of the boot_task struct were deprecated
but were accidentally left in the struct. This caused the now out of
date code in cleanup_cancellations() to go unnoticed since it can return
safely if these fields are NULL. However freeing the boot task can free
the memory associated with each load before it is complete, resulting in
a confusing segfault.
This brings cleanup_cancellations() up to date and along the way
implicitly includes the signature resources in cleanup which were missed
originally.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When result is null, we may end up in the error handling path where we
try to dereference null to call cleanup_local. This adds a check for
result.
Found with scan-build.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Cyril Bur <cyrilbur@gmail.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
[Fixed up commit message typo]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clang has a problem with list_for_each_entry:
test/parser/utils.c:290:36: error: variable 'file' is used uninitialized whenever 'for' loop exits because its condition is false [-Werror,-Wsometimes-uninitialized]
list_for_each_entry(&test->files, f, list) {
^
./lib/list/list.h:30:3: note: expanded from macro 'list_for_each_entry'
_pos; _pos = list_next_entry(_list, _pos, _member))
^~~~
test/parser/utils.c:300:7: note: uninitialized use occurs here
if (!file) {
^~~~
test/parser/utils.c:290:36: note: remove the condition if it is always true
list_for_each_entry(&test->files, f, list) {
^
./lib/list/list.h:30:3: note: expanded from macro 'list_for_each_entry'
_pos; _pos = list_next_entry(_list, _pos, _member))
^
test/parser/utils.c:288:28: note: initialize the variable 'file' to silence this warning
struct test_file *f, *file;
^
= NULL
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
clang errors out about an unused have_busybox function:
discover/paths.c:44:13: error: unused function 'have_busybox' [-Werror,-Wunused-function]
static bool have_busybox(void)
^
Move have_busybox() to inside the #ifndef PETITBOOT_TEST scope to
eliminate the warning and avoid having #ifdefs in load_url_async().
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
[Moved definition into #ifndef PETITBOOT_TEST instead of using
#ifdef at the call site]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ui/ncurses/nc-cui.c:967:58: warning: size argument in 'strncmp' call is a comparison [-Wmemsize-comparison]
if (strncmp(cod->opt->id, "dummy", strlen("dummy") == 0 &&
~~~~~~~~~~~~~~~~~~~~~^~
ui/ncurses/nc-cui.c:967:6: note: did you mean to compare the result of 'strncmp' instead?
if (strncmp(cod->opt->id, "dummy", strlen("dummy") == 0 &&
^
There appears to be two bonus conditions inside the length field. I
chose to drop the pointless strncmp(foo, bar, strlen(bar)), as this is
equivalent to strcmp(foo, bar).
Signed-off-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Cyril Bur <cyrilbur@gmail.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
[Fixed up commit message typo]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clang says this:
discover/device-handler.c:1564:27: warning: size argument in 'strncmp' call is a comparison [-Wmemsize-comparison]
strlen(opt->version) == 0)) {
~~~~~~~~~~~~~~~~~~~~~^~~~
discover/device-handler.c:1563:5: note: did you mean to compare the result of 'strncmp' instead?
strncmp(opt->version, tmp->version,
^
It looks like it's correct. However, we can go one better and drop the
pointless strncmp(foo, bar, strlen(bar)), as this is equivalent to
strcmp(foo, bar).
Signed-off-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Cyril Bur <cyrilbur@gmail.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
The linux,stdout-path property was deprecated in favour of stdout-path
in the v3.14 kernel. 'stdout-path' takes priority in newer kernels but
older kernels won't be aware of it, so set both at boot time.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
Make sure the URL field is a valid URL before allowing the user to
proceed.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we have a static network config with a URL set but not a gateway we
can confuse the URL as the gateway due to how we write the network
string in NVRAM.
To avoid changing the parameter format if we only have one of the two
tokens check whether or not it's actually a URL; the gateway and the URL
will have distinct formats.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The boot option editor screen segfaults on a system info update since it
loses track of which fields actually exist.
The boot editor screen's setup and drawing logic is a bit different from
other screens, so to fix this bug and preserve the maintainer's sanity,
bring the screen setup and redraw into line with other screens. This
includes a full teardown of the widgets on update, so save the content
of any textboxes on update so the user's changes are not lost.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Several pxe-parser tests fail because the test harness's version of
load_async_url() will call the callback directly, but in pxe-parser the
caller checks if the path was local and calls the callback immediately.
Being called twice, a use-after-free occurs in the callback.
For consistency change the load_async_url() semantics such that it is
possible for load_async_url() to call the callback before it returns in
the case of local paths. Callers need to know this is possible, but now
won't need to check to call it manually.
This requires a slight reorganisation of the boot_process() code, since
it checks the result of several asynchronous load operations in the same
callback, and with this change not all of those results will necessarily
be initialised at callback time. Add a list of 'boot_resources' which
carry the required information for the resource and allow the boot
handler to treat different resources generically.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
| |
Fixes Coverity defect CID 182828.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
It is possible to have autoboot enabled with an empty boot order.
Currently this acts as if autoboot is disabled, but it likely makes more
sense to the user for this to behave as "autoboot any device".
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
When drawing the screen's help line clear each character after the new
help line to avoid stale parts of the previous screen's help line
remaining on the screen.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
| |
The Yocto wic grub support will generate a grub.cfg with no whitespace
between the ending quote of the menuentry label and the opening bracket.
There doesn't seem to be anything in the specification that this is
illegal so accept it here.
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
| |
add missing #inlcude <locale.h>
musl libc can segfault with a NULL format string so need to add a
redundant "%s", "" to keep it happy
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
Fixes build warnings like these when building 32 bit programs:
warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument has type ‘uint64_t’
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The main menu and plugin menu are separate screens but they share the
pmenu_process_key() handler. This means all the key shortcuts intended
for the main menu can also be used in the plugin menu, which is
particularly odd for "add new boot option" for example.
To work around this extend the 'hot_key' functionality in pmenu to allow
multiple handlers. This allows all pmenus to have the usual navigation
and action keys, and then add extra handlers as needed. For example,
ps3_mm_init() needs main menu shortcuts as well as some PS3-specific
shortcuts, whereas plugin_menu_init() only needs the generic key
handler.
This changes the functionality of pmenu_process_key() such that if a
hot_key_fn successfully handles a key, pmenu_process_key() returns
instead of continuing to process the key. This does not affect the
current usage.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|