| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Check for some required parameters in the 'dhcp' handler, and in the
'add' handler return an error if parse_user_event() fails rather than
charging ahead into a segfault.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
Drop the requirement for the ID_NET_NAME_PATH property since it prevents
Petitboot from recognising virtio network devices, and is not otherwise
used.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The fields from a BootLoaderSpec file can contain environment variables,
in GRUB 2 these are show verbatim and are evaluated later when an entry
is selected. But on Petitboot these have to be expanded before creating
the GRUB 2 resources and show in the UI the values after the evaluation.
The current blscfg handler had a very limited support for variables, it
only had support for the options field and also didn't take into account
that variables could be mixed with literal values.
So for example the following fields were not expanded correctly:
linux $bootprefix/vmlinuz
options $kernelopts foo=bar
options foo=bar $kernelopts
options $kernelopts $debugopts
Also change some of the tests to cover mixing variables and literals.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currenlty the BLS fragments are only searched in the /loader/entries
directory, but this assumes that there is a boot partition mounted
in /boot. This may not always be the case, /boot may not be a mount
point and just a directory inside the root partition.
To cover this case, Petitboot tries to find a GRUB 2 config file in
different paths. So let's do the same for the BLS files directory.
Also change some of the unit tests to use /boot/loader/entries as a
BLS directory instead of /loader/entries.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
| |
In signed-boot environments consistent handling of kernel commandline
options is essential as they must be pre-signed. In the syslinux parser
ensure that in the absence of a global APPEND they are processed
exactly as found and not with the leading space that the current APPEND
processing has as a shortcut.
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GCC 8 produces the following warning for network.c:
In function ‘network_handle_nlmsg’,
inlined from ‘network_netlink_process’ at ../discover/network.c:726:3:
../discover/network.c:568:3: warning: ‘strncpy’ output may be truncated copying 15 bytes from a string of length 16 [-Wstringop-truncation]
strncpy(interface->name, ifname, sizeof(interface->name) - 1);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../discover/network.c:586:3: warning: ‘strncpy’ output may be truncated copying 15 bytes from a string of length 16 [-Wstringop-truncation]
strncpy(interface->name, ifname, sizeof(interface->name) - 1);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The code is safe since interface is allocated with talloc_zero() and we
could use -Wno-stringop-truncation to hide this but since this is the
only offender instead just copy the whole IFNAMSIZ bytes and explicitly
terminate the ifname buffer to be safe.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
Explicitly rescan SCSI devices on reinit rather than just remounting
them in case a device did not init properly on boot.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I was seeing list corruption and segfaults in pb-discover on my Talos
II when using both yaboot and kboot config files on the same device.
My assumption is that discover_context_add_boot_option() was being
called on the same pointer more than once.
So, null the pointer right after the call. The ownership was transferred
anyway so the parsers should not keep it around.
Signed-off-by: Brandon Bergren <git@bdragon.rtk0.net>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
| |
gpg_validate_boot_files() can return error codes for a variety of
reasons but kexec_load only aborts for signature or decryption failure.
In any other failure case like unable to open LOCKDOWN_FILE or do the
secure copy the validation is bypassed by an early return but kexec_load
does not abort.
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
Follow along the way the linux builtin does it.
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
in case insensitive filesystems like vfat the duplicate conf file list
will create duplicate boot options. to filter that out strore the
struct stat of each parsed conf file and compare inodes
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
in finalize loop or we can get duplicate boot entries as well as the
memory leak
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the BLS support was added, the conclusion was that default indexes
didn't apply for BLS snippets. But for GRUB 2 the indexes refers to the
boot menu entries in memory, regardless of how these were generated.
Since in GRUB 2 is valid to set a default index even for menu entries
generated from BLS fragments, allow this to also be done in Petitboot.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
Instead of adding a boot option explicitly, just add it to the grub script
boot option list and increment the number of options. That way BLS entries
will be known by the grub script handler and can check if is a valid index.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The BLS entries were sorted so that the latest entry was at the top in the
Petitboot UI, since it matches how menu entries are sorted in GRUB2 config
and the GRUB2 UI.
But in the Petitboot's UI, the latest entry is expected to be at the bottom
and the older one at the top. Sort the BLS entries to match what's expected.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
| |
The default path to search for BootLoaderSpec configuration files is
/loader/entries but in some setups a different directory may be used.
So allow this to be chosen by using a blsdir GRUB environment variable.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
for musl libc
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
for musl libc
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The BootLoaderSpec (BLS) defines a file format for boot configurations,
so bootloaders can parse these files and create their boot menu entries
by using the information provided by them [0].
This allow to configure the boot items as drop-in files in a directory
instead of having to parse and modify a bootloader configuration file.
The GRUB 2 bootloader provides a blscfg command that parses these files
and creates menu entries using this information. Add support for it.
[0]: https://www.freedesktop.org/wiki/Specifications/BootLoaderSpec/
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
| |
Fixes Coverity defect CID 149918
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In dc85de97 "Allow load_async_url() to call callback for local paths"
several load_url_result fields of the boot_task struct were deprecated
but were accidentally left in the struct. This caused the now out of
date code in cleanup_cancellations() to go unnoticed since it can return
safely if these fields are NULL. However freeing the boot task can free
the memory associated with each load before it is complete, resulting in
a confusing segfault.
This brings cleanup_cancellations() up to date and along the way
implicitly includes the signature resources in cleanup which were missed
originally.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When result is null, we may end up in the error handling path where we
try to dereference null to call cleanup_local. This adds a check for
result.
Found with scan-build.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Cyril Bur <cyrilbur@gmail.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
[Fixed up commit message typo]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
clang errors out about an unused have_busybox function:
discover/paths.c:44:13: error: unused function 'have_busybox' [-Werror,-Wunused-function]
static bool have_busybox(void)
^
Move have_busybox() to inside the #ifndef PETITBOOT_TEST scope to
eliminate the warning and avoid having #ifdefs in load_url_async().
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
[Moved definition into #ifndef PETITBOOT_TEST instead of using
#ifdef at the call site]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clang says this:
discover/device-handler.c:1564:27: warning: size argument in 'strncmp' call is a comparison [-Wmemsize-comparison]
strlen(opt->version) == 0)) {
~~~~~~~~~~~~~~~~~~~~~^~~~
discover/device-handler.c:1563:5: note: did you mean to compare the result of 'strncmp' instead?
strncmp(opt->version, tmp->version,
^
It looks like it's correct. However, we can go one better and drop the
pointless strncmp(foo, bar, strlen(bar)), as this is equivalent to
strcmp(foo, bar).
Signed-off-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Cyril Bur <cyrilbur@gmail.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we have a static network config with a URL set but not a gateway we
can confuse the URL as the gateway due to how we write the network
string in NVRAM.
To avoid changing the parameter format if we only have one of the two
tokens check whether or not it's actually a URL; the gateway and the URL
will have distinct formats.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Several pxe-parser tests fail because the test harness's version of
load_async_url() will call the callback directly, but in pxe-parser the
caller checks if the path was local and calls the callback immediately.
Being called twice, a use-after-free occurs in the callback.
For consistency change the load_async_url() semantics such that it is
possible for load_async_url() to call the callback before it returns in
the case of local paths. Callers need to know this is possible, but now
won't need to check to call it manually.
This requires a slight reorganisation of the boot_process() code, since
it checks the result of several asynchronous load operations in the same
callback, and with this change not all of those results will necessarily
be initialised at callback time. Add a list of 'boot_resources' which
carry the required information for the resource and allow the boot
handler to treat different resources generically.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
| |
Fixes Coverity defect CID 182828.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
It is possible to have autoboot enabled with an empty boot order.
Currently this acts as if autoboot is disabled, but it likely makes more
sense to the user for this to behave as "autoboot any device".
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
| |
The Yocto wic grub support will generate a grub.cfg with no whitespace
between the ending quote of the menuentry label and the opening bracket.
There doesn't seem to be anything in the specification that this is
illegal so accept it here.
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
Fixes build warnings like these when building 32 bit programs:
warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument has type ‘uint64_t’
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manually specified config files are asynchronously downloaded by
device_handler_process_url() before being parsed. This overwrites the
'pxeconffile' parameter, causing the parser to create relative paths
relative to the downloaded file's path, not the original remote path.
Work around this by setting 'pxeconffile-local' instead to differentiate
between the original config file's location and the local copy.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Petitboot provides a method for a user to manually specify a
configuration file that should be retrieved. Petitboot also has a
global proxy configuration.
This patch aims to marry the two so that a custom configuration file
can specify that a specific proxy should be used to access one (or all)
of the options within it.
This makes custom configuration files more powerful as they can point
to files behind proxies without the user needing to also specify the
global proxy for that specific custom configuration file to work.
This adds parsing for a `proxy` option which will apply to all boot
items found after.
Signed-off-by: Cyril Bur <cyrilbur@gmail.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On OpenBMC platforms IPMI requests can take over five seconds to
complete. OpenBMC does inform OPAL in BT init that it may take up to
ten seconds to respond to any requests, so update our timeout value to
accommodate this extra delay.
On other platforms this will won't change anything (AMI- and SMC- based
BMCs for example respond in under a second), but on OpenBMC platforms
such as Witherspoon this will delay Petitboot significantly while we
wait for the response. This is not ideal but we need to wait in order to
receive important information such as a safe mode request.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
In the event that a snapshot fails to mount, destroy it and fall back to
the actual source device. While this loses the protection afforded by a
snapshot it avoids users being greeted with an empty boot menu and
unable to continue booting.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
| |
If a user pressed "Rescan Devices" in safe mode the reinit would
complete successfully, but the big warning that safe mode is active
would remain. On reinit clear the safe_mode flag properly.
This has no functional change aside from clearing the UI warning - the
IPMI override remains active until cleared or a successful boot occurs.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Environment variables are not platform-specific so move
set_proxy_variables to device-handler and call it at handler init.
At the same time set LVM_SUPPRESS_FD_WARNINGS to ignore the "file
descriptor leaked" warnings when calling LVM-utilities, since we must
keep some file descriptors open in lib/process.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
The IPMI device node is kept open for the life of the platform - include
the O_CLOEXEC flag so it is not kept open for child processes.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
Actions performed in network and udev init may result in pb-event
callbacks (such as from udhcpc or pb-plugin), so make sure the user
event interface is set up beforehand.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
Handle "_PLUGIN_INSTALL" requests from clients. Calling the pb-plugin
script from pb-discover ensures different clients don't trip over each
other. Successfully installed plugins are automatically communicated
back to clients once pb-plugin sends a 'plugin' user event.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new user event to advertise pb-plugins and add them to the
device_handler. Plugins described by this event can either be
uninstalled pb-plugin files or successfully installed pb-plugins
depending on the associated parameters.
The is primarily intended for use by the pb-plugin utility itself to
notify Petitboot as it operates on pb-plugin files.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
| |
Track plugin_options in the device_handler. Plugins can be added with
device_handler_add_plugin_option() and accessed via
device_handler_get_plugin().
Extend discover_server to support the new 'add' and 'remove' pb-protocol
actions and advertise new plugins to connecting clients.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Extend the pxe-parser to recognise 'PLUGIN' as well as the usual 'LABEL'
when parsing a config file. 'PLUGIN' will be used to specify an option
that provides the location of an installable pb-plugin file, named by
the 'TARBALL' label.
Since plugin options are discovered via the same mechanism as boot
options treat them the same as boot options and at the 'type' field to
the boot_option struct to differentiate between them.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If pb-discover is started before udev has settled there is a race
between Petitboot configuring interfaces and udev renaming them. If an
interface is set "up" the name change will fail and interfaces can be
inconsistently named, eg:
Device: (*) eth0 [0c:c4:7a:f4:1c:50, link up]
( ) enP1p9s0f1 [0c:c4:7a:f4:1c:51, link down]
( ) enP1p9s0f2 [0c:c4:7a:f4:1c:52, link down]
( ) enP1p9s0f3 [0c:c4:7a:f4:1c:53, link down]
Add "net" devices to the udev filter and wait for them to be announced
by udev before configuring them.
udev_enumerate_add_match_is_initialized() ensures that by the time an
interface appears via udev its name will be consistent.
This also swaps the network and udev init order, but since interfaces
now will not be configured until after udev is ready this should not
have a user-visible effect.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
| |
If logical volumes are active and recognised by udev, no longer ignore
them. We also do some extra handling to use user-friendly device names
and mount the /dev/mapper/foo device rather than the /dev/dm-xx device.
Additionally if we see "LMV2_member" devices start a rescan in case
LVM-formatted disks came up after the LVM initscript.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|