path: root/discover/device-handler.c
Commit message (Collapse)AuthorAgeFilesLines
* discover: Fix bad check of version stringJoel Stanley2018-03-071-2/+1
| | | | | | | | | | | | | | | | | | | Clang says this: discover/device-handler.c:1564:27: warning: size argument in 'strncmp' call is a comparison [-Wmemsize-comparison] strlen(opt->version) == 0)) { ~~~~~~~~~~~~~~~~~~~~~^~~~ discover/device-handler.c:1563:5: note: did you mean to compare the result of 'strncmp' instead? strncmp(opt->version, tmp->version, ^ It looks like it's correct. However, we can go one better and drop the pointless strncmp(foo, bar, strlen(bar)), as this is equivalent to strcmp(foo, bar). Signed-off-by: Joel Stanley <> Reviewed-by: Cyril Bur <> Signed-off-by: Samuel Mendoza-Jonas <>
* discover/device-handler: Treat empty boot order as 'boot any'Samuel Mendoza-Jonas2018-02-121-0/+3
| | | | | | | | It is possible to have autoboot enabled with an empty boot order. Currently this acts as if autoboot is disabled, but it likely makes more sense to the user for this to behave as "autoboot any device". Signed-off-by: Samuel Mendoza-Jonas <>
* printf: Fix format type warningsGeoff Levand2018-01-101-1/+2
| | | | | | | | | Fixes build warnings like these when building 32 bit programs: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument has type ‘uint64_t’ Signed-off-by: Geoff Levand <> Signed-off-by: Samuel Mendoza-Jonas <>
* discover/pxe-parser: Fix relative parsing for manual config filesSamuel Mendoza-Jonas2017-12-121-1/+1
| | | | | | | | | | | | Manually specified config files are asynchronously downloaded by device_handler_process_url() before being parsed. This overwrites the 'pxeconffile' parameter, causing the parser to create relative paths relative to the downloaded file's path, not the original remote path. Work around this by setting 'pxeconffile-local' instead to differentiate between the original config file's location and the local copy. Signed-off-by: Samuel Mendoza-Jonas <>
* discover/device-handler: Fallback to device if snapshot fails to mountv1.6.1Samuel Mendoza-Jonas2017-10-121-3/+14
| | | | | | | | | In the event that a snapshot fails to mount, destroy it and fall back to the actual source device. While this loses the protection afforded by a snapshot it avoids users being greeted with an empty boot menu and unable to continue booting. Signed-off-by: Samuel Mendoza-Jonas <>
* discover/device-handler: Disable safe mode warning on reinitSamuel Mendoza-Jonas2017-08-231-0/+10
| | | | | | | | | | | If a user pressed "Rescan Devices" in safe mode the reinit would complete successfully, but the big warning that safe mode is active would remain. On reinit clear the safe_mode flag properly. This has no functional change aside from clearing the UI warning - the IPMI override remains active until cleared or a successful boot occurs. Signed-off-by: Samuel Mendoza-Jonas <>
* discover: Update env vars at init and suppress LVM warningsSamuel Mendoza-Jonas2017-08-221-0/+20
| | | | | | | | | | | Environment variables are not platform-specific so move set_proxy_variables to device-handler and call it at handler init. At the same time set LVM_SUPPRESS_FD_WARNINGS to ignore the "file descriptor leaked" warnings when calling LVM-utilities, since we must keep some file descriptors open in lib/process. Signed-off-by: Samuel Mendoza-Jonas <>
* discover/device-handler: Be ready for user events earlierSamuel Mendoza-Jonas2017-08-151-4/+4
| | | | | | | | Actions performed in network and udev init may result in pb-event callbacks (such as from udhcpc or pb-plugin), so make sure the user event interface is set up beforehand. Signed-off-by: Samuel Mendoza-Jonas <>
* discover: Handle plugin install requestSamuel Mendoza-Jonas2017-08-151-0/+56
| | | | | | | | | Handle "_PLUGIN_INSTALL" requests from clients. Calling the pb-plugin script from pb-discover ensures different clients don't trip over each other. Successfully installed plugins are automatically communicated back to clients once pb-plugin sends a 'plugin' user event. Signed-off-by: Samuel Mendoza-Jonas <>
* discover/device-handler: Scan devices for pluginsSamuel Mendoza-Jonas2017-08-151-0/+18
| | | | Signed-off-by: Samuel Mendoza-Jonas <>
* discover: Handle and track plugin_optionsSamuel Mendoza-Jonas2017-08-151-0/+64
| | | | | | | | | | Track plugin_options in the device_handler. Plugins can be added with device_handler_add_plugin_option() and accessed via device_handler_get_plugin(). Extend discover_server to support the new 'add' and 'remove' pb-protocol actions and advertise new plugins to connecting clients. Signed-off-by: Samuel Mendoza-Jonas <>
* discover/device-handler: Mention booting device in timeout statusSamuel Mendoza-Jonas2017-07-131-1/+2
| | | | Signed-off-by: Samuel Mendoza-Jonas <>
* discover: Wait for net interfaces to be marked readySamuel Mendoza-Jonas2017-07-111-6/+6
| | | | | | | | | | | | | | | | | | | | | | | If pb-discover is started before udev has settled there is a race between Petitboot configuring interfaces and udev renaming them. If an interface is set "up" the name change will fail and interfaces can be inconsistently named, eg: Device: (*) eth0 [0c:c4:7a:f4:1c:50, link up] ( ) enP1p9s0f1 [0c:c4:7a:f4:1c:51, link down] ( ) enP1p9s0f2 [0c:c4:7a:f4:1c:52, link down] ( ) enP1p9s0f3 [0c:c4:7a:f4:1c:53, link down] Add "net" devices to the udev filter and wait for them to be announced by udev before configuring them. udev_enumerate_add_match_is_initialized() ensures that by the time an interface appears via udev its name will be consistent. This also swaps the network and udev init order, but since interfaces now will not be configured until after udev is ready this should not have a user-visible effect. Signed-off-by: Samuel Mendoza-Jonas <>
* discover/device-handler: Allow process_url request to be pendingSamuel Mendoza-Jonas2017-07-111-34/+73
| | | | | | | device_handler_process_url() fails immediately if no network is available. For individual files queue the load task for later instead. Signed-off-by: Samuel Mendoza-Jonas <>
* discover/paths: Add network jobs to queueSamuel Mendoza-Jonas2017-07-111-0/+3
| | | | | | | | | Load tasks that start before the network is available will fail. Rather than just fail these tasks, add them to a queue that is processed once the network is ready. This helps users who try to request files early in setup, as well as very early running load tasks. Signed-off-by: Samuel Mendoza-Jonas <>
* discover/sysinfo: Add system_info_reinit()Samuel Mendoza-Jonas2017-07-111-0/+2
| | | | | | | | Currently over reinit events the system info is not affected. However network and block device information can change over reinit, so clear this information. Signed-off-by: Samuel Mendoza-Jonas <>
* discover/device-handler: Include makedev() from sysmacros.hSamuel Mendoza-Jonas2017-06-201-0/+1
| | | | | | | | | | | | | | | | Include sys/sysmacros.h explicitly in response to the following error message: ../discover/device-handler.c:1001:13: warning: In the GNU C Library, "makedev" is defined by <sys/sysmacros.h>. For historical compatibility, it is currently defined by <sys/types.h> as well, but we plan to remove this soon. To use "makedev", include <sys/sysmacros.h> directly. If you did not intend to use a system-defined macro "makedev", you should undefine it after including <sys/types.h>. id = makedev(1, handler->n_ramdisks); ^~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Samuel Mendoza-Jonas <>
* discover: Track both configured and current autoboot settingsSamuel Mendoza-Jonas2017-03-151-1/+1
| | | | | | | | | | | | | | | If autoboot is enabled but later disabled or cancelled by, for example, an IPMI override then the nc-config screen will set the autoboot widget as disabled. If the user then makes and saves a change in nc-config, autoboot will also be saved as disabled. This accidental change is particularly awkward if the user is attempting to remove an IPMI override. Instead only ever change the autoboot setting if the user explicitly changes it. Use a new helper function 'config_autoboot_active()' to determine the current autoboot status where needed. Signed-off-by: Samuel Mendoza-Jonas <>
* process: Cancel all asynchronous jobs on reinitv1.4.1Samuel Mendoza-Jonas2017-01-311-0/+3
| | | | | | | | | | | If an asynchronous job is running over a reinit, the process can return and run its callback function after the reinit. This becomes a problem if the callback function accesses pointers that were only valid before the reinit (eg. device structs). If a reinit is requested explicitly stop all active asynchronous jobs and clear their callback functions before the reinit. Signed-off-by: Samuel Mendoza-Jonas <>
* discover/device-handler: Cancel pending boot on reinitSamuel Mendoza-Jonas2017-01-311-0/+6
| | | | | | | | | | When a reinit is requested device_handler_cancel_default() is called, however as the name suggests this only cancels the boot task if it is the result of a default boot option. We also want to cancel a boot task if it was executed manually because it may have outstanding asynchronous transfers running, so explicitly cancel it during reinit. Signed-off-by: Samuel Mendoza-Jonas <>
* discover/device-handler: Process queue after device addedSamuel Mendoza-Jonas2017-01-311-2/+1
| | | | | | | | | | | | In device_handler_discover() we process the unresolved boot options queue first. However the discover_device in question has not yet been added to handler->devices so when a parser tries to search for a matching device it will fail. The discover_device will be added to the handler if it has not already in device_handler_discover_context_commit() so move the call to process_boot_option_queue() after it. Signed-off-by: Samuel Mendoza-Jonas <>
* discover: Maintain a backlog of status updatesSamuel Mendoza-Jonas2016-12-201-0/+2
| | | | | | | | | Add status updates to a persistent list in the discover_server struct, and send each client the backlog on connect. This avoids clients missing useful messages from early init. Clients will only show this in the backlog screen to avoid flooding the client's status line. Signed-off-by: Samuel Mendoza-Jonas <>
* discover/device-handler: Add aggregated download progress updatesSamuel Mendoza-Jonas2016-12-201-0/+117
| | | | | | | | | | | | | | Several processes run by Petitboot output progress information while running. Add device_handler_status_download() which process callers can call to register and update progress information (percentage and current size). A list of 'progress_info' structs holds this progress information, and on each call to device_handler_status_download() the information is combined and displayed as a single status update for readability. On completion device_handler_status_download_remove() is called to remove old progress information from the list. Signed-off-by: Samuel Mendoza-Jonas <>
* discover/status: Be more specific about DHCP event status messageJeremy Kerr2016-12-201-1/+2
| | | | | Signed-off-by: Jeremy Kerr <> Signed-off-by: Samuel Mendoza-Jonas <>
* discover/status: remove completion messagesJeremy Kerr2016-12-201-4/+0
| | | | | | | | | The completion messages are unconditional, so don't really indicate anything. In fact, the dhcp completion status is misleading, as we may still be processing the context through pxe callbacks. Signed-off-by: Jeremy Kerr <> Signed-off-by: Samuel Mendoza-Jonas <>
* discover: add handler reference to struct discover_contextJeremy Kerr2016-12-201-1/+7
| | | | | | | | | | | | | Since the device handler provides the status message functions, we need a pointer to it for device discovery (which we use a struct discover_context for). This change adds a 'handler' member to struct discover_context, to allow status reporting. Since we now have a handler, there's no need for the network pointer, so provide an accessor function instead. Signed-off-by: Jeremy Kerr <> Signed-off-by: Samuel Mendoza-Jonas <>
* discover: Use device_handler_status_dev_* for device-specific statusJeremy Kerr2016-12-201-27/+12
| | | | | Signed-off-by: Jeremy Kerr <> Signed-off-by: Samuel Mendoza-Jonas <>
* discover: Add device-specific status reporting functionsJeremy Kerr2016-12-201-0/+32
| | | | | | | | | Most of our status reporting is against a specific device, so add status reporting functions that take a struct discover_device and use a stnadard prefix. Signed-off-by: Jeremy Kerr <> Signed-off-by: Samuel Mendoza-Jonas <>
* discover: use helpers for status reportingJeremy Kerr2016-12-201-41/+11
| | | | | | | | Now that we have helpers for simpler status reporting, use those instead of constructing a struct status everywhere. Signed-off-by: Jeremy Kerr <> Signed-off-by: Samuel Mendoza-Jonas <>
* discover: Add helpers for status reportingJeremy Kerr2016-12-201-0/+33
| | | | | | | | | This change adds a couple of helpers for the status reporting API, allowing callers to provide just a set of printf-style arguments, rather than having to build up a struct status. Signed-off-by: Jeremy Kerr <> Signed-off-by: Samuel Mendoza-Jonas <>
* discover: separate status-reporting function from boot() callbackJeremy Kerr2016-12-201-12/+16
| | | | | | | | | | | | Currently, the device_discover_boot_status function is both used for internal status updates, as well as the callback passed to boot(). This change splits this into two functions; one for the latter and one for the former. The latter just has a void * for its first argument, to match the boot_status_fn type. Signed-off-by: Jeremy Kerr <> Signed-off-by: Samuel Mendoza-Jonas <>
* types: Remove detail and progress from struct statusJeremy Kerr2016-12-201-8/+0
| | | | | | | Nothing used these, and the serialisation was buggy anyway. Signed-off-by: Jeremy Kerr <> Signed-off-by: Samuel Mendoza-Jonas <>
* types: shorten boot_status definitionsJeremy Kerr2016-12-201-15/+15
| | | | | | | | | | | struct boot_status is a bit misnamed; we report status on things that aren't just the boot status (eg, discovery). This change refactors struct boot_status into just struct status. We give the type enum a name, and shorten the enum values to suit. Signed-off-by: Jeremy Kerr <> Signed-off-by: Samuel Mendoza-Jonas <>
* discover: Pass UUID to discover_device_create()Samuel Mendoza-Jonas2016-09-081-4/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently discover_device_create() will search for existing discover devices by id to determine if a new device is required. However it is possible under some circumstances for distinct devices to have the same name. This is especially troublesome if the following network events are seen in network_handle_nlmsg(): - New interface, 'foo' with uuid x:x:x:x:x:x -> new discover device created with dev->device->id = 'foo' dev->uuid = x:x:x:x:x:x - New interface, 'foo' with uuid y:y:y:y:y:y -> existing device 'foo' found dev->uuid = y:y:y:y:y:y This can occur if an interface rename event arrives *after* an old name is reused, where temporarily Petitboot will see two distinct network interfaces with the same name. Now the two interfaces point to the same discover device, which can quickly result in a segfault if a 'remove' event occurs for one of the interfaces and the discover device is freed. To generally avoid this a 'uuid' parameter is added to discover_device_create(), which if present allows existing devices to be looked up by UUID rather than just their name. Signed-off-by: Samuel Mendoza-Jonas <>
* discover: Deprecate 'conf' user eventSamuel Mendoza-Jonas2016-09-081-31/+1
| | | | | | | | | | | | The 'conf' user event is functionally very similar to the 'url' event, in that both events result in downloading a specified configuration file and passing it to iterate_parsers(). The 'url' event additionally allows downloading files from a directory path and is also accessed by the UI via pb-protocol, so remove the 'conf' event and associated functions in favour of 'url' and device_handler_process_url(). Signed-off-by: Samuel Mendoza-Jonas <>
* discover/event: Ensure event struct exists for async callersSamuel Mendoza-Jonas2016-09-011-0/+2
| | | | | | | | | | | | | | | | When handling an event, user_event_handle_message() creates an event struct with relevant parameters. Once user_event_handle_message() is finished it frees the struct. However in the case of a dhcp or add_url event, asynchronous jobs may be spawned that will later reference the event struct. In particular this becomes a problem when pxe_process_pair() handles an IPAPPEND name/value pair and tries to access event->device. In the case of dhcp and add_url events, we avoid this by changing the event struct's talloc parent to the discover_context struct which persists until all async pxe jobs have completed. Signed-off-by: Samuel Mendoza-Jonas <>
* Add support for GPG signature enforcement on bootedtpearson@raptorengineering.com2016-08-261-0/+6
| | | | | | | | | | | | | kernels and related blobs This can be used to implement a form of organization-controlled secure boot, whereby kernels may be loaded from a variety of sources but they will only boot if a valid signature file is found for each component, and only if the signature is listed in the /etc/pb-lockdown file. Signed-off-by: Timothy Pearson <> Signed-off-by: Samuel Mendoza-Jonas <> (Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)
* discover: Add 'sync' user eventSamuel Mendoza-Jonas2016-08-081-0/+41
| | | | | | | | | | | | | | | | | | | | Add a user event named 'sync' that causes the discover server to merge the devicemapper snapshots of mounted devices. This is particularly useful as a debug aid (for example, when copying logs to a USB device), as the server will otherwise only sync changes to mounted devices in response to parser actions. The command can be called as pb-event sync@device to sync a particular device, or as pb-event sync@all to sync all devices with snapshots. Signed-off-by: Samuel Mendoza-Jonas <>
* discover/device-handler: Remove default option if device removedv1.2.1Samuel Mendoza-Jonas2016-07-141-0/+9
| | | | | | | If one of a device's boot options is the current default boot option, make sure the default boot is cancelled before the device is removed. Signed-off-by: Samuel Mendoza-Jonas <>
* discover/device-handler: Ignore options without kernelSamuel Mendoza-Jonas2016-07-141-0/+8
| | | | | | | All boot options must at least have a boot image; ignore any options that do not before trying to resolve them. Signed-off-by: Samuel Mendoza-Jonas <>
* discover/pxe-parser: Retrieve configs asynchronouslySamuel Mendoza-Jonas2016-06-281-4/+4
| | | | | | | | | | | | | | | | | | Depending on the configuration of the DHCP server and the network, tftp requests made by the pxe parser can timeout. The pxe parser makes these requests synchronously so several timeouts can block the server completely for several minutes, leaving the server unresponsive to UI requests. Rework the pxe parser such that it handles the result of each tftp request in a callback, which can complete after iterate_parsers() has returned. Each callback is allocated its own conf_context which takes a talloc reference on the discover_context so that each callback can commit new boot options after the initial iterate loop has completed. This also means talloc_unlink must be used instead by the original parent of the discover_context. Signed-off-by: Samuel Mendoza-Jonas <>
* Update tests to support changes to pxe_parserSamuel Mendoza-Jonas2016-06-281-45/+51
| | | | | | | | | | | Substitute load_url_async() when running tests to support direct callers of load_url_async() who will expect to read a file in a callback. Stub out device_handler_discover_context_commit() since it will remove discover_options from the given discover_context, but the tests will check the discover_context to count boot_options. Signed-off-by: Samuel Mendoza-Jonas <>
* discover/device-handler: Make boot_status() publicSamuel Mendoza-Jonas2016-06-281-10/+11
| | | | | | | | | Rename boot_status() to device_handler_boot_status() and make it accessible by files that include device-handler.h. This enables the boot status to be updated from additional callers, in particular within parser functions. Signed-off-by: Samuel Mendoza-Jonas <>
* Extend the "add url" function to allow file:// URLsSamuel Mendoza-Jonas2016-05-241-2/+8
| | | | | | | | | | | | | | This allows URLs of the form file:///path/to/local/file.conf to be used in nc-add-url, in order to access configuration files relative to the root directory. This is primarily a debugging tool aimed at developers rather than an expected use case. The DEVICE_TYPE_ANY enum is used in this case to represent that a resulting boot option is not associated with any device in the traditional sense, and in the UI is represented as a "Custom Local Option". Signed-off-by: Samuel Mendoza-Jonas <>
* discover: Perform pre-boot steps when timeout expiresSamuel Mendoza-Jonas2016-04-131-0/+2
| | | | | | | | | | | When a default boot timeout expires boot() is called via default_timeout() rather than device_handler_boot(). default_timeout() doesn't call platform_pre_boot() beforehand, which means steps such as clearing a temporary boot device override are skipped. Add a call to platform_pre_boot() immediately before boot() to ensure these steps are performed regardless of boot type. Signed-off-by: Samuel Mendoza-Jonas <>
* discover/device-handler: Attempt to retry failed mountsSam Mendoza-Jonas2016-03-231-44/+56
| | | | | | | | | | | | | | | | Commit 6c1a9dd, "discover: Allow fs recovery if snapshot available", forced the use of 'norecovery' for all XFS mounts to avoid failing when a cross-endian journal existed. This is a bit heavy handed, healthy XFS file systems can still be safely mounted, as can dirty filesystems in the same endian as Petitboot. This adds try_mount() which opportunistically mounts devices and falls back to using 'norecovery' where possible on failure. This enables XFS filesystems to be mounted read-write when possible. try_mount() contains the logic previously described by fs_parameters(), and should be used in place of any existing calls to mount(). Signed-off-by: Sam Mendoza-Jonas <>
* discover: Release process resources on errorSamuel Mendoza-Jonas2016-02-091-2/+4
| | | | | | Fixes Coverity defect #30472 Signed-off-by: Sam Mendoza-Jonas <>
* discover: Handle BTRFS root subvolumesSam Mendoza-Jonas2016-02-091-0/+25
| | | | | | | | | | | | | | | | | | During install some distributions[0] will create subvolumes when formatting the root filesystem with BTRFS. In particular this can mean that bootloader config files will appear (in the case of GRUB) under /var/petitboot/mnt/dev/$device/@/boot/grub/ rather than the expected /var/petitboot/mnt/dev/$device/boot/grub/ If this is the case, perform all file operations from the parser relative to this subvolume rather than the mount point. At the moment this only supports the trivial case where the subvolume name for root is blank (ie. '@'). [0] In particular, Ubuntu from at least 14.04 Signed-off-by: Sam Mendoza-Jonas <>
* discover: extend URL in UI to support auto-discoveryNishanth Aravamudan2015-12-181-7/+20
| | | | | | | | | | | | | The URL field currently only supports loading a particular file for static network configurations. But it makes sense in certain static network configurations to 'auto-discover' a file like petitboot does with DHCP -- based off the MAC address and IP. Extend device_handler_process_url to take those as parameters, and toggle off the URL ending in a '/' to indicate whether to 'auto-discover' or directly load the specified URL. Signed-off-by: Nishanth Aravamudan <> Signed-off-by: Samuel Mendoza-Jonas <>
* discover: Properly handle return valuesSamuel Mendoza-Jonas2015-12-171-4/+2
| | | | | | | | Fixes three unchecked return values, and one missing initialisation. Fixes Coverity defects #30450, #30451, #30454, and #30483 Signed-off-by: Samuel Mendoza-Jonas <>
OpenPOWER on IntegriCloud