summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* utils/pb-console: Use -m to run shell in own process groupHEADv1.10.3masterSamuel Mendoza-Jonas2019-04-011-1/+1
| | | | | | | | Use -m to have the shell spawned by pb-console run it its own process group, allowing commands such as Ctrl-C (SIGINT) to behave as expected rather than killing the shell. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* ui/ncurses: Add prompt for LUKS device passwordSamuel Mendoza-Jonas2019-03-266-8/+219
| | | | | | | | | | | | | | | Implement device_add() in cui_client_ops and use this interface to recognise when the server notifies the client of an encrypted device. A "device header" will be created for this device and added to the menu with no associated boot options. The nc-auth prompt is extended to ask for a disk password when the device header for an encrypted device is selected. Assuming the password is correct pb-discover will remove the original device and notify the client about the newly opened device, which will be reflected in the menu. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* discover: Recognise and open LUKS encrypted partitionsSamuel Mendoza-Jonas2019-03-265-7/+206
| | | | | | | | | | | | | | Handle devices encrypted with LUKS and call cryptsetup to open them if a client sends the associated password. If a new device has the "crypto_LUKS" filesystem type it is marked as a LUKS device and sent to clients but further discovery is not performed. Once a client sends the device's password cryptsetup is called to open it. The opened device will appear separately, so the source device is "forgotten" at this point and then the newly opened device is treated as a normal partition. On destruction the device is "closed" with cryptsetup so that discovery can start from the beginning. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* lib: Add AUTH_MSG_DECRYPTSamuel Mendoza-Jonas2019-03-065-0/+31
| | | | | | | | | Extend the auth_message struct to support the AUTH_MSG_DECRYPT operation, allowing the existing authentications methods to be used for passing a disk password from the UI to pb-discover. In addition add DEVICE_TYPE_LUKS to identify encrypted disk devices. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* lib/process: Add option to pipe to process stdinSamuel Mendoza-Jonas2019-03-062-0/+34
| | | | | | | | If pipe_stdin exists, create a second pipe to write to the child process's STDIN. This allows Petitboot to pipe information to a process, for example piping a LUKS password to cryptsetup. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* lib/system: Add cryptsetup utilitySamuel Mendoza-Jonas2019-03-063-0/+3
| | | | Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* utils/pb-console: Trap SIGTERM on bootv1.10.2Samuel Mendoza-Jonas2019-03-061-2/+1
| | | | | | | | | | | | | | | | On kexec all processes will be sent a SIGTERM and SIGKILL. By default there are messages on the console alerting the user to this, however in some implementations these messages are disabled. This can have the effect of the UI seemingly exiting to the shell on boot and hanging for a short while before the kexec actually jumps into the next kernel. Trap the SIGTERM sent to the pb-console parent process and print a short message to the screen instead of momentarily dropping to the shell and printing the usual help messages. While here also cleanup the shell help messages below which are now handled in the shell's .shrc file. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* version.sh: Include leading 'v' from git describeSamuel Mendoza-Jonas2019-03-061-10/+2
| | | | | | | | | | | For some reason our version script removes the leading 'v' from the git tag. This confuses some other tools such as Buildroot and is different to most other projects, so include it again. Additionally now that we have tagged releases just use git describe rather than using a SHA and date to describe non-tag commits. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* lib/url: Include port in pb_url_to_string()v1.10.1Samuel Mendoza-Jonas2019-02-013-4/+52
| | | | | | | | And include a pxe-parser test which uses a port in the path prefix to exercise this. This could cause PXE discovery failures if parameters such as pathprefix included a port in the URL. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* discover/devmapper: Retry dm-device remove if busyv1.10.0Samuel Mendoza-Jonas2018-12-131-5/+19
| | | | | | | | | | | | | | | | | | | | Buildroot's libdm is not built with --enable-udev_sync, so device-mapper actions are not able to sync or wait for udev events. (see 185676316, "discover/devmapper: Disable libdm udev sync support") This can cause an issue when tearing down a snapshot in devmapper_destroy_snapshot() which performs a DM_DEVICE_REMOVE task against the snapshot, origin, and base devices one after the other. In some cases if the interval between these actions is too short the action can fail as the preceding device hasn't disappeared yet and the device being removed is still busy. Since we don't yet have a way to tell exactly when the device is ready, pause for a short time and retry the action, letting devmapper_destroy_snapshot() continue and, for example, letting mount_device() fall back to the physical device. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* ui/ncurses: Add option to clear IPMI boot mailboxSamuel Mendoza-Jonas2018-12-133-1/+55
| | | | | | | | If there is an IPMI boot mailbox configuration present display a message in the System Configuration screen and provide the option to clear the mailbox. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* utils: Add helper to send mailbox requestSamuel Mendoza-Jonas2018-12-131-0/+166
| | | | | | A simple script to set, display, and clear a BMC's boot initiator mailbox. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* discover/platform-powerpc: read bootdev config from IPMI boot mailboxSamuel Mendoza-Jonas2018-12-134-1/+261
| | | | | | | | | | | | The IPMI Get System Boot Options commands includes parameter 7, the "boot initiator mailbox". This can be used to hold arbitrary data to influence the boot order. Use this to provide an alternate bootdev configuration to Petitboot that will override the one saved to NVRAM. This provides more fine grained override options than the existing device-type based overrides. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* ui/ncurses: Keep track of the default boot optionSamuel Mendoza-Jonas2018-12-034-2/+44
| | | | | | | | | Keep track of the default boot option, and prefix its display name with a '(*)' to point it out to the user. This avoids having to authenticate with pb-discover even if only booting the default option. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* ui/ncurses: Add nc-auth and authenticate when required.Samuel Mendoza-Jonas2018-12-0313-105/+705
| | | | | | | | | | When the user tries to perform actions that require authentication a new subscreen 'nc-auth' is launched which accepts a password and will send an authentication request before performing the action. This also adds a button in nc-config which launches an nc-auth screen allowing the user to set or change the system password. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* ui/common: Client authentication helpersSamuel Mendoza-Jonas2018-12-032-0/+93
| | | | | | | Track the client's authentication status and provide methods for the client to send authentication requests to the server. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* ui/ncurses: Simplify starting shellSamuel Mendoza-Jonas2018-12-031-17/+1
| | | | | | | | | | Instead of calling sh twice to echo the 'exiting' message just call sh by itself and leave any welcome message to the shell's interactive config. Also drop the explicit nc_scr_unpost() in cui_run_cmd() since clear() will blank out the screen anyway. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* discover/platform-powerpc: Read and write password hash from NVRAMSamuel Mendoza-Jonas2018-12-032-0/+30
| | | | | | | | | If petitboot,password exists set it as the root password. This will be the password used to authenticate clients. This is the *hash* of a password as it would appear in /etc/shadow, not the password itself. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* discover/device-handler: Prevent normal users changing boot targetSamuel Mendoza-Jonas2018-12-032-2/+14
| | | | Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* discover/discover-server: Restrict clients based on uidSamuel Mendoza-Jonas2018-12-036-3/+274
| | | | | | | | | | | | | | | | | | | | | If crypt support is enabled restrict what actions clients can perform by default. Initial authorisation is set at connection time; clients running as root are unrestricted, anything else runs as restricted until it makes an authentication to pb-discover. Unprivileged clients may only perform the following actions: - Boot the default boot option. - Cancel the autoboot timeout. - Make an authentication request. If a group named "petitgroup" exists then the socket permissions are also modified so that only clients running as root or in that group may connect to the socket. The user-event socket is only usable by root since the two main usecases are by utilities called by pb-discover or by a user in the shell who will need to su to root anyway. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* lib/pb-protocol: Add PB_PROTOCOL_ACTION_AUTHENTICATESamuel Mendoza-Jonas2018-12-032-0/+114
| | | | | | | | Add a new "authenticate" action. Depending on the 'op' field this is either a) an authentication request, b) a response indicating the result, or c) a request to change the password. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* lib/crypt: Add helpers for operating on /etc/shadowSamuel Mendoza-Jonas2018-12-034-0/+297
| | | | | | | | Provides helper functions for reading, writing, and checking against /etc/shadow. The main use case if for authenticating clients against the "system" password, which is set as the root password. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* utils/pb-console: Ignore SIGINTSamuel Mendoza-Jonas2018-12-031-0/+2
| | | | | | | Trap and ignore SIGINT to avoid a SIGINT intended for petitboot-nc also exiting the parent pb-console script. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* utils/pb-console: Set up controlling terminalSamuel Mendoza-Jonas2018-12-031-1/+1
| | | | | | Enabling job control in the shell. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* utils/pb-sos: Don't create files in root by defaultSamuel Mendoza-Jonas2018-12-031-7/+6
| | | | | | | If running in a non-root shell the user will not be able to create or access files in / so operate in the current directory instead. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* utils/pb-console: Support agetty's autologin optionSamuel Mendoza-Jonas2018-12-031-2/+14
| | | | | | | | If the getty arguments include '-a' do not set the '-l' option. This implies the environment has been configured with users and will launch the subsequent pb-console instance itself. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* ui/ncurses: Add a missing gettext call & update translationsSamuel Mendoza-Jonas2018-12-0312-114/+444
| | | | | | | Fix up a spot where we forgot to translate the "Plugins" label on update and make the check for that label more resilient. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* discover/platform-powerpc: Remove unused variableSamuel Mendoza-Jonas2018-11-291-1/+0
| | | | Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* discover: Display warning if saving config failsSamuel Mendoza-Jonas2018-11-291-1/+4
| | | | Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* discover/boot: Fix talloc parent for resource URLsSamuel Mendoza-Jonas2018-11-291-7/+9
| | | | | | | | | The pb_urls for the boot resources use 'opt' as the talloc parent but this may be NULL, for example if this is a user-created boot option. Move the boot_task initialisation so it can be used as the talloc parent instead. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* discover/grub2: Add support for initrd16 builtinShawn Anastasio2018-11-221-0/+4
| | | | | | | | | This commit adds support for the initrd16 builtin which compliments the existing linux16 support and improves usability on x86 platforms. Signed-off-by: Shawn Anastasio <shawn@anastas.io> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* discover: Nicely format IPMI response buffersv1.9.2Samuel Mendoza-Jonas2018-11-164-33/+41
| | | | | | | | | | | | | | | A few places where we print out the response buffer from an IPMI command weren't updated when log timestamps were added, resulting in very hard to read output. Add a little helper to format buffers and use it to print these with only one timestamp. Example: [04:59:01] ipmi_get_bmc_versions: BMC version resp [0][16]: 0x00 0x20 0x01 0x02 0x13 0x02 0xbf 0x00 0x00 0x00 0xbb 0xaa 0x58 0x98 0x01 0x00 Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* ui/ncurses: Reset console options on bootSamuel Mendoza-Jonas2018-11-166-12/+56
| | | | | | | | | | | | | | | The ncurses UI sets a few console options at startup that are needed for ncurses to work properly. These aren't reset however and can lead to quirks like the cursor being invisible after kexecing to the next kernel. The UI process doesn't have time to reset these when it is killed by kexec, so instead add a 'boot_active' field to status updates. This is set by boot.c's update handler so the UI can assume it is about to boot if it receives a status update with this field, and resets the console options. If the boot is cancelled for any reason the status update will reflect that and the console options are restored. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* discover: Reimplement native-parser as a Bison parserSamuel Mendoza-Jonas2018-11-1614-134/+553
| | | | | | | | | | | | | | | | | | | Occasionally you look at some code and realise that a) this never gets built, and b) even if it did it would never compile. Today's example is native-parser.c which we must have just assumed worked for quite a while. The native parser has bitrotted entirely and needs to be brought up to date. While we're here, lets take the chance to implement a proper grammar for it. This helps us reason more effectively about the parser, lets us extend it easily in the future, and.. I wanted to write a Bison parser too. This implements most of the old functionality, but drops off some smaller details like settings icons which needs some separate attention to bring up to date. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* discover: Remove unused params.cSamuel Mendoza-Jonas2018-11-143-603/+0
| | | | | | | The discover/params code is an artifact from a long time ago, and isn't used by anything today: remove it. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* lib/flash: Check if the partition is signedSamuel Mendoza-Jonas2018-11-141-0/+16
| | | | | | | | In more recent firmware images built by op-build the VERSION partition is signed, and includes a 'secure header'. Check for this and skip it if found so we parse the version strings properly. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* docker: Change into docker directoryGeoff Levand2018-10-021-1/+1
| | | | | | | | | To avoid sending all the files in the top most project directory tree down to the docker daemon, change into the docker directory when running 'docker build'. Signed-off-by: Geoff Levand <geoff@infradead.org> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* docker: Allow CC and make command to be customisedSamuel Mendoza-Jonas2018-08-313-5/+18
| | | | | | | | | | Allow CC to be passed through to change the default compiler, and also allow the invocation of 'make' to be customised. An example use case of this is to set CC=/usr/bin/clang and use --make-command 'scan-build make' to build Petitboot with the clang static analyzer. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* discover/kboot-parser: Recognise 'default' parameterv1.9.1Samuel Mendoza-Jonas2018-08-283-1/+36
| | | | | | | | | | | | | The kboot parser doesn't set a default option. Change it so that if we see the 'default' parameter we match against this value when deciding if an option should be set as default. For example: default=linux linux='/vmlinux initrd=/initrd arg1=value1 arg2' Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* discover/device-handler: Restore autoboot setting on requerySamuel Mendoza-Jonas2018-08-281-1/+9
| | | | | | | | | | | | | | | | When a device requery is triggered we cancel any default boot option on the device. This also disables autoboot which we don't want; any boot options found after the requery will not be able to autoboot. To avoid this restore the existing autoboot setting after checking for default options. This prevents a particular corner case where a default boot option has been selected for boot but one of its boot files has stalled or is taking more time to download than the requery timeout and the requery accidentally cancels autoboot preventing Petitboot from trying to boot again. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* ui/ncurses: in lockdown ensure system reboot in ncurses menu exitBrett Grandbois2018-08-282-1/+13
| | | | | | | | | | | | | | | | In a lockdown situation in the ncurses menu there is a switch to replace the 'Exit to shell' option with 'Reboot', so the intent seems to be to not allow the user the option to exit to shell in a lockdown situation. However the associated foreced reboot logic is in the process atexit so is only triggered when completely exiting the menu system. The default menu item logic to exit to shell is still in place though so the menu exit never occurs and shell access is still available. Add a switch to a different menu exit callback to force a menu abort using the same mechanism as a signal in lockdown situations so the shell can never be entered. This also affects the 'x' or esc shortcut keys. Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* discover: Let 'boot' user-event boot by nameSamuel Mendoza-Jonas2018-08-283-6/+48
| | | | | | | | | If a 'name' parameter is used for a boot user event, search existing boot options for one that matches that name on the given device. This allows a pb-event user to boot based on name rather than having to specify the exact boot arguments. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* travis: Update to job matrixGeoff Levand2018-08-281-5/+9
| | | | | | | | | | o Set language to bash (same as generic), so just the scrip steps run. o Move build-builder to 'before_script'. o Switch to a job matrix of 'os' entries with names. Signed-off-by: Geoff Levand <geoff@infradead.org> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* docker: Update to Ubuntu 18.04 LTSJoel Stanley2018-08-281-4/+4
| | | | | | | | Ubuntu 17.10 was end of life in July. Update to the latest LTS. Signed-off-by: Joel Stanley <joel@jms.id.au> [Docker tag bumped] Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* discover/network: Stop udhcpc6 process on requerySamuel Mendoza-Jonas2018-08-281-0/+6
| | | | Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* README: UpdateGeoff Levand2018-08-281-10/+16
| | | | | Signed-off-by: Geoff Levand <geoff@infradead.org> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* travis: Use docker scriptsv1.9.0Samuel Mendoza-Jonas2018-08-162-8/+4
| | | | | | | Update the Travis config to use Petitboot's own docker scripts, and add ppc64le to the list of recognised architectures. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* discover/arm64: Update to struct efi_mountGeoff Levand2018-08-151-32/+25
| | | | | Signed-off-by: Geoff Levand <geoff@infradead.org> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* test/efivar: Rework for efi_mountGeoff Levand2018-08-151-79/+49
| | | | | Signed-off-by: Geoff Levand <geoff@infradead.org> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* lib/efi: Move magic to implementationGeoff Levand2018-08-142-6/+5
| | | | | | | | efi_check_mount now does a magic number check by default, so move the magic number related code from efivar.h to efivar.c. Signed-off-by: Geoff Levand <geoff@infradead.org> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
OpenPOWER on IntegriCloud