| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
When the user tries to perform actions that require authentication a new
subscreen 'nc-auth' is launched which accepts a password and will send
an authentication request before performing the action.
This also adds a button in nc-config which launches an nc-auth screen
allowing the user to set or change the system password.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
| |
Instead of calling sh twice to echo the 'exiting' message just call sh
by itself and leave any welcome message to the shell's interactive
config.
Also drop the explicit nc_scr_unpost() in cui_run_cmd() since clear()
will blank out the screen anyway.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
Fix up a spot where we forgot to translate the "Plugins" label on update
and make the check for that label more resilient.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ncurses UI sets a few console options at startup that are needed for
ncurses to work properly. These aren't reset however and can lead to
quirks like the cursor being invisible after kexecing to the next
kernel.
The UI process doesn't have time to reset these when it is killed by
kexec, so instead add a 'boot_active' field to status updates. This is
set by boot.c's update handler so the UI can assume it is about to boot
if it receives a status update with this field, and resets the console
options. If the boot is cancelled for any reason the status update will
reflect that and the console options are restored.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In a lockdown situation in the ncurses menu there is a switch to replace
the 'Exit to shell' option with 'Reboot', so the intent seems to be to
not allow the user the option to exit to shell in a lockdown situation.
However the associated foreced reboot logic is in the process atexit so
is only triggered when completely exiting the menu system. The default
menu item logic to exit to shell is still in place though so the menu
exit never occurs and shell access is still available.
Add a switch to a different menu exit callback to force a menu abort
using the same mechanism as a signal in lockdown situations so the shell
can never be entered. This also affects the 'x' or esc shortcut keys.
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
To prepare for other configure platform names.
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
The only functional change should be an additional '/n' to
a few log messagees that seemed to be missing it.
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a few mappings to specify temporary autoboot settings:
F10: Only autoboot from disk
F11: Only autoboot from USB devices
F12: Only autoboot from network
These use the new code to prevent cancelling autoboot.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
Allow some keys to not cancel the default-boot process.
For the moment, this is just the screen refresh (ctrl+L).
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently if signed-boot is enabled in configure the presence of the
LOCKDOWN_FILE is used as a runtime determination to perform the actual
verification. In some environments this may be acceptable or even the
intended operation but in other environments could be a security hole
since the removal of the file will then cause boot task verification.
Add a 'hard_lockdown' enable flag to generate a HARD_LOCKDOWN
preprocessor definition to force the system to always do a signed boot
verification for each boot task, which in the case of a missing file the
boot will fail.
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ui/ncurses/nc-cui.c:967:58: warning: size argument in 'strncmp' call is a comparison [-Wmemsize-comparison]
if (strncmp(cod->opt->id, "dummy", strlen("dummy") == 0 &&
~~~~~~~~~~~~~~~~~~~~~^~
ui/ncurses/nc-cui.c:967:6: note: did you mean to compare the result of 'strncmp' instead?
if (strncmp(cod->opt->id, "dummy", strlen("dummy") == 0 &&
^
There appears to be two bonus conditions inside the length field. I
chose to drop the pointless strncmp(foo, bar, strlen(bar)), as this is
equivalent to strcmp(foo, bar).
Signed-off-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Cyril Bur <cyrilbur@gmail.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
[Fixed up commit message typo]
|
|
|
|
|
|
|
| |
Make sure the URL field is a valid URL before allowing the user to
proceed.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The boot option editor screen segfaults on a system info update since it
loses track of which fields actually exist.
The boot editor screen's setup and drawing logic is a bit different from
other screens, so to fix this bug and preserve the maintainer's sanity,
bring the screen setup and redraw into line with other screens. This
includes a full teardown of the widgets on update, so save the content
of any textboxes on update so the user's changes are not lost.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
It is possible to have autoboot enabled with an empty boot order.
Currently this acts as if autoboot is disabled, but it likely makes more
sense to the user for this to behave as "autoboot any device".
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
When drawing the screen's help line clear each character after the new
help line to avoid stale parts of the previous screen's help line
remaining on the screen.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
| |
add missing #inlcude <locale.h>
musl libc can segfault with a NULL format string so need to add a
redundant "%s", "" to keep it happy
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The main menu and plugin menu are separate screens but they share the
pmenu_process_key() handler. This means all the key shortcuts intended
for the main menu can also be used in the plugin menu, which is
particularly odd for "add new boot option" for example.
To work around this extend the 'hot_key' functionality in pmenu to allow
multiple handlers. This allows all pmenus to have the usual navigation
and action keys, and then add extra handlers as needed. For example,
ps3_mm_init() needs main menu shortcuts as well as some PS3-specific
shortcuts, whereas plugin_menu_init() only needs the generic key
handler.
This changes the functionality of pmenu_process_key() such that if a
hot_key_fn successfully handles a key, pmenu_process_key() returns
instead of continuing to process the key. This does not affect the
current usage.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the ncurses UI exits before it has contacted the server it is meant
to fork a process to wait until the connection is made and cancel
autoboot. This prevents users dropping to the shell and then having the
machine boot out from underneath them.
In e1e2ca68 "Spawn shell in exit handler" the UI doesn't actually exit
on "exit", but it isn't listening to server events either while the
shell is active. In this case make sure we still fork to notify the
server.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
| |
In the vt100 'application' cursor mode arrow keys produce ^[Ox rather
than the usual ^[[x. Add this pattern to our defined keys so we don't
accidentally catch the escape key.
For reference:
http://www.tldp.org/HOWTO/Keyboard-and-Console-HOWTO-21.html
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Normally terminal control commands are caught and handled before ncurses
or Petitboot could see them. However several combinations of broken
terminal emulators or console connections can cause these command
sequences to be seen by Petitboot, usually resulting in Petitboot
exiting due to the ESC character and then the rest printed to the
console.
Aside from confusing the user this can also cancel autoboot, so it's
important we don't let these sequences go unnoticed if possible.
In ui/ncurses/console-codes we add a state machine that recognises the
syntax of these control/escape sequences and handles the lost
characters. We don't try to emulate the functionality of these commands,
instead just logging them for reference.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
Subset screens do not include a help screen, so remove the misleading
"h=help" shortcut from the lower frame title.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In nc-textscreen each line of text is capped at a certain length to
avoid running off the side of the viewable screen. However it appears
the ncurses function mvwaddnstr() counts by byte instead of actual
character, causing strings which contain multibyte characters to be cut
short.
To avoid this check the displayed length of each string against the
screen width, and if under instruct mvwaddnstr() to print the whole
string.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
In cui_on_exit()_ instead of exiting the program spawn a sh instance.
This allows the user to drop to the shell and return without losing any
custom boot options, for example.
SIGINT still calls cui_abort() to properly exit Petitboot.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When safe mode is active the config displayed in nc-config is only a
subset of the actual config since device init has not yet occurred.
However when the "clear override" checkbox is ticked and the config
saved, the form will set the config as it is displayed, resulting in
device-specific config (eg. boot order and network settings) being
cleared. If the user only ticked the "clear override" checkbox this most
likely isn't what they intended.
Instead change the checkbox to a button which when pressed clears the
override and exits safe mode if active, without modifying the rest of
the configuration.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a second pmenu accessible via the main menu which displays
uninstalled and installed pb-plugins. Uninstalled options can be
selected to trigger pb-plugin to install them, after which they are
updated and marked as installed in the menu.
Installed plugins can be investigated by entering the new plugin screen,
where plugin metadata and executables are displayed. Executables can be
run from this screen via cui_run_cmd().
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
Update cui_run_cmd() to setup a process that uses 'raw_stdout' so that
output is displayed on the screen instead of being caught in the log.
Also update cui_run_cmd() to take a more generic list of arguments, and
add a cui_run_cmd_from_item() wrapper for the existing user.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
Bring setup for the add-url screen into line with other screens. This
fixes an issue with a proper redraw not occurring on help screen init or
screen exit, and facilitates other work on simplifying screen init.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
Similarly to nc-subset, extend the maximum height of the boot-editor pad
to account for the fields of the device select potentially wrapping due
to long device names.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
The nc-subset screen can exceed its maximum height if some options are
long enough to wrap around to two lines. Increaes the maximum size of
the pad to account for every line potentially wrapping once.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
The "Connected to pb-discover!" message is more useful for development
than actual use; for users the more important messages are related to
device and configuration parsing. Drop the message to slightly reduce
the level of noise on start up.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
Add status updates to a persistent list in the discover_server struct,
and send each client the backlog on connect. This avoids clients missing
useful messages from early init. Clients will only show this in the
backlog screen to avoid flooding the client's status line.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a text_screen is given a long line, it'll wrap to the next,
overstepping the left margin.
We already have folded text for flowed text screens, so just trim long
lines at the correct column.
This exposes an off-by-one with the automatic wrapping in
text_screen_set_text(), where we may overrun the last char, so fix that
too.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, status messages from the server are displayed in a single
line at the bottom of the main menu UI, and are lost once a new status
is reported.
This change adds a facility for the UI to collect and display the status
messages from the server, in a dedicated UI screen. This allows a user
to look back through the discovery & boot process.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
| |
struct boot_status is a bit misnamed; we report status on things that
aren't just the boot status (eg, discovery).
This change refactors struct boot_status into just struct status. We
give the type enum a name, and shorten the enum values to suit.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
The current message mentions a "server" which can give the misleading
impression that the UI is waiting for a remote network server. The delay
is actually in waiting for the pb-discover process to be ready, so
update the message to reflect that.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
Allow the user to specify a HTTP and HTTPS proxy server. The discover
server will set the http_proxy and https_proxy environment variables,
enabling the proxy servers for any further HTTP(S) requests.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
| |
If the client is not connected to the server instance when exiting, fork
and have the child process spin until the server is available and can be
told to cancel autoboot. This prevents the scenario of a user exiting
the UI and having the server continue to autoboot while they are using
the command line.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit ce54f86 "Add petitboot,tty and track available consoles" added
the petitboot,tty parameter, but the petitboot,console parameter is also
recognised by Petitboot. These are ultimately handled by the 30-add-offb
and 80-set-stdout hooks respectively, but exist for mostly the same
purpose.
We consolidate these down to just the original petitboot,console
parameter. If the contents of petitboot,console have been configured by
Petitboot (ie. it is of the form /dev/dev# [ Description ]) we behave as
normal, otherwise we assume that petitboot,console contains a full
OF path to the intended console device and do not allow it to be
modified. This follows petitboot,console's original intent to be a debug
aid, and takes precedence over any other use.
The 80-set-stdout hook is removed as 30-add-offb now accounts for both
use cases.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
'Console' is more readily understandable and technically more correct
than 'tty' for referring to the interfaces that Petitboot starts a UI on.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
If the current interface config has been set by an IPMI network
override, display a warning in nc-config that saving the current config
will overwrite any saved interface config.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
This patch disables direct command line access when the /etc/pb-lockdown
file is present.
Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
kernels and related blobs
This can be used to implement a form of organization-controlled secure boot,
whereby kernels may be loaded from a variety of sources but they will only
boot if a valid signature file is found for each component, and only if the
signature is listed in the /etc/pb-lockdown file.
Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
(Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)
|