| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement device_add() in cui_client_ops and use this interface to
recognise when the server notifies the client of an encrypted device. A
"device header" will be created for this device and added to the menu
with no associated boot options.
The nc-auth prompt is extended to ask for a disk password when the device
header for an encrypted device is selected.
Assuming the password is correct pb-discover will remove the original
device and notify the client about the newly opened device, which will
be reflected in the menu.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
Keep track of the default boot option, and prefix its display name with
a '(*)' to point it out to the user.
This avoids having to authenticate with pb-discover even if only booting
the default option.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
| |
When the user tries to perform actions that require authentication a new
subscreen 'nc-auth' is launched which accepts a password and will send
an authentication request before performing the action.
This also adds a button in nc-config which launches an nc-auth screen
allowing the user to set or change the system password.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
| |
Instead of calling sh twice to echo the 'exiting' message just call sh
by itself and leave any welcome message to the shell's interactive
config.
Also drop the explicit nc_scr_unpost() in cui_run_cmd() since clear()
will blank out the screen anyway.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
Fix up a spot where we forgot to translate the "Plugins" label on update
and make the check for that label more resilient.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ncurses UI sets a few console options at startup that are needed for
ncurses to work properly. These aren't reset however and can lead to
quirks like the cursor being invisible after kexecing to the next
kernel.
The UI process doesn't have time to reset these when it is killed by
kexec, so instead add a 'boot_active' field to status updates. This is
set by boot.c's update handler so the UI can assume it is about to boot
if it receives a status update with this field, and resets the console
options. If the boot is cancelled for any reason the status update will
reflect that and the console options are restored.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In a lockdown situation in the ncurses menu there is a switch to replace
the 'Exit to shell' option with 'Reboot', so the intent seems to be to
not allow the user the option to exit to shell in a lockdown situation.
However the associated foreced reboot logic is in the process atexit so
is only triggered when completely exiting the menu system. The default
menu item logic to exit to shell is still in place though so the menu
exit never occurs and shell access is still available.
Add a switch to a different menu exit callback to force a menu abort
using the same mechanism as a signal in lockdown situations so the shell
can never be entered. This also affects the 'x' or esc shortcut keys.
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
The only functional change should be an additional '/n' to
a few log messagees that seemed to be missing it.
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a few mappings to specify temporary autoboot settings:
F10: Only autoboot from disk
F11: Only autoboot from USB devices
F12: Only autoboot from network
These use the new code to prevent cancelling autoboot.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
Allow some keys to not cancel the default-boot process.
For the moment, this is just the screen refresh (ctrl+L).
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently if signed-boot is enabled in configure the presence of the
LOCKDOWN_FILE is used as a runtime determination to perform the actual
verification. In some environments this may be acceptable or even the
intended operation but in other environments could be a security hole
since the removal of the file will then cause boot task verification.
Add a 'hard_lockdown' enable flag to generate a HARD_LOCKDOWN
preprocessor definition to force the system to always do a signed boot
verification for each boot task, which in the case of a missing file the
boot will fail.
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ui/ncurses/nc-cui.c:967:58: warning: size argument in 'strncmp' call is a comparison [-Wmemsize-comparison]
if (strncmp(cod->opt->id, "dummy", strlen("dummy") == 0 &&
~~~~~~~~~~~~~~~~~~~~~^~
ui/ncurses/nc-cui.c:967:6: note: did you mean to compare the result of 'strncmp' instead?
if (strncmp(cod->opt->id, "dummy", strlen("dummy") == 0 &&
^
There appears to be two bonus conditions inside the length field. I
chose to drop the pointless strncmp(foo, bar, strlen(bar)), as this is
equivalent to strcmp(foo, bar).
Signed-off-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Cyril Bur <cyrilbur@gmail.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
[Fixed up commit message typo]
|
|
|
|
|
| |
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
| |
add missing #inlcude <locale.h>
musl libc can segfault with a NULL format string so need to add a
redundant "%s", "" to keep it happy
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The main menu and plugin menu are separate screens but they share the
pmenu_process_key() handler. This means all the key shortcuts intended
for the main menu can also be used in the plugin menu, which is
particularly odd for "add new boot option" for example.
To work around this extend the 'hot_key' functionality in pmenu to allow
multiple handlers. This allows all pmenus to have the usual navigation
and action keys, and then add extra handlers as needed. For example,
ps3_mm_init() needs main menu shortcuts as well as some PS3-specific
shortcuts, whereas plugin_menu_init() only needs the generic key
handler.
This changes the functionality of pmenu_process_key() such that if a
hot_key_fn successfully handles a key, pmenu_process_key() returns
instead of continuing to process the key. This does not affect the
current usage.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the ncurses UI exits before it has contacted the server it is meant
to fork a process to wait until the connection is made and cancel
autoboot. This prevents users dropping to the shell and then having the
machine boot out from underneath them.
In e1e2ca68 "Spawn shell in exit handler" the UI doesn't actually exit
on "exit", but it isn't listening to server events either while the
shell is active. In this case make sure we still fork to notify the
server.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
| |
In the vt100 'application' cursor mode arrow keys produce ^[Ox rather
than the usual ^[[x. Add this pattern to our defined keys so we don't
accidentally catch the escape key.
For reference:
http://www.tldp.org/HOWTO/Keyboard-and-Console-HOWTO-21.html
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Normally terminal control commands are caught and handled before ncurses
or Petitboot could see them. However several combinations of broken
terminal emulators or console connections can cause these command
sequences to be seen by Petitboot, usually resulting in Petitboot
exiting due to the ESC character and then the rest printed to the
console.
Aside from confusing the user this can also cancel autoboot, so it's
important we don't let these sequences go unnoticed if possible.
In ui/ncurses/console-codes we add a state machine that recognises the
syntax of these control/escape sequences and handles the lost
characters. We don't try to emulate the functionality of these commands,
instead just logging them for reference.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
In cui_on_exit()_ instead of exiting the program spawn a sh instance.
This allows the user to drop to the shell and return without losing any
custom boot options, for example.
SIGINT still calls cui_abort() to properly exit Petitboot.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a second pmenu accessible via the main menu which displays
uninstalled and installed pb-plugins. Uninstalled options can be
selected to trigger pb-plugin to install them, after which they are
updated and marked as installed in the menu.
Installed plugins can be investigated by entering the new plugin screen,
where plugin metadata and executables are displayed. Executables can be
run from this screen via cui_run_cmd().
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
Update cui_run_cmd() to setup a process that uses 'raw_stdout' so that
output is displayed on the screen instead of being caught in the log.
Also update cui_run_cmd() to take a more generic list of arguments, and
add a cui_run_cmd_from_item() wrapper for the existing user.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
The "Connected to pb-discover!" message is more useful for development
than actual use; for users the more important messages are related to
device and configuration parsing. Drop the message to slightly reduce
the level of noise on start up.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
Add status updates to a persistent list in the discover_server struct,
and send each client the backlog on connect. This avoids clients missing
useful messages from early init. Clients will only show this in the
backlog screen to avoid flooding the client's status line.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, status messages from the server are displayed in a single
line at the bottom of the main menu UI, and are lost once a new status
is reported.
This change adds a facility for the UI to collect and display the status
messages from the server, in a dedicated UI screen. This allows a user
to look back through the discovery & boot process.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
| |
struct boot_status is a bit misnamed; we report status on things that
aren't just the boot status (eg, discovery).
This change refactors struct boot_status into just struct status. We
give the type enum a name, and shorten the enum values to suit.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
The current message mentions a "server" which can give the misleading
impression that the UI is waiting for a remote network server. The delay
is actually in waiting for the pb-discover process to be ready, so
update the message to reflect that.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
| |
If the client is not connected to the server instance when exiting, fork
and have the child process spin until the server is available and can be
told to cancel autoboot. This prevents the scenario of a user exiting
the UI and having the server continue to autoboot while they are using
the command line.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
This patch disables direct command line access when the /etc/pb-lockdown
file is present.
Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
kernels and related blobs
This can be used to implement a form of organization-controlled secure boot,
whereby kernels may be loaded from a variety of sources but they will only
boot if a valid signature file is found for each component, and only if the
signature is listed in the /etc/pb-lockdown file.
Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
(Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
The UI can now come up before the server, but in order for a key press
to cancel autoboot a key has to be pressed once the server connects.
Instead remember to cancel autoboot if a key has been pressed at any
point.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If petitboot-nc starts before the discover server it will try to
connect for a short while waiting for the server to appear. However in
some scenarios the server can take longer than expected to come up, for
example if the kernel is compiled with modules and the system has many
disks, and the process will timeout and exit before the server is ready.
The UI does not appear during this time so it can appear as if Petitboot
failed to start at all.
Change the default behaviour to start the UI first, and then wait for
the server to appear. The UI will not timeout in this mode. The
"--timeout" option is added to start with the old behaviour.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Several screens in petitboot-nc require an update if a config or sysinfo
update is received. However if those screens exist but are not the
current screen they will incorrectly try to draw to the screen.
Where the currently active screen is a textscreen (eg. a help screen)
the update is delayed until after the screen is exited.
In the particular case of nc-config where the current screen can be an
nc-subset screen, the nc-subset screen is exited immediately so the
update can be performed, since the nc-subset screen depends on the
information in the previous screen.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
|
|
|
|
|
|
|
|
| |
The currently selected item in the main menu can be set to an item off
the visible portion of the menu after the additional or removal of a
boot option. Update the currently selected item and/or the current view
such that the item remains in the visible area.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
|
|
|
|
|
|
|
|
|
| |
The nc-subset screen is intended to be used as a sub-screen from the
current screen (eg. nc-config) which passes a pointer to a
nc_widget_subset struct. The nc-subset screen allows the user to select
an option from a list of 'inactive' options, before returning control
back to the current screen.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
Creates a menu option to specify a remote conf file url to send to
the server for parsing.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
| |
This change adds a language selector UI, and allows language changes
from incoming configuration messages.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
|
|
|
|
| |
We'll want to re-initialise the petitboot main menu (when the language
is changed), which we can't do if the items are populated entirely from
the main() function.
This change moves the menu initilisation to the cui code, we we can
re-init when necessary.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
| |
No translation necessary.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Because it's initialised statically, help text won't be directly
gettext()-ed. Instead, we need to perform the gettext translation at
runtime, and pass untranslated strings into the help_screen code.
Instead of trusting callers to pass the untranslated strings though, we
encapsulate the help text data into struct help_text, so we know we have
an unstranslated string.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
| |
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
| |
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
|
| |
Boot options are now listed under their matching boot device in the
ncurses UI to help differentitate similar boot option names
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|