discover: Recognise and open LUKS encrypted partitions Handle devices encrypted with LUKS and call cryptsetup to open them if a client sends the associated password. If a new device has the "crypto_LUKS" filesystem type it is marked as a LUKS device and sent to clients but further discovery is not performed. Once a client sends the device's password cryptsetup is called to open it. The opened device will appear separately, so the source device is "forgotten" at this point and then the newly opened device is treated as a normal partition. On destruction the device is "closed" with cryptsetup so that discovery can start from the beginning. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/device-handler: Prevent normal users changing boot target Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover: Let 'boot' user-event boot by name If a 'name' parameter is used for a boot user event, search existing boot options for one that matches that name on the given device. This allows a pb-event user to boot based on name rather than having to specify the exact boot arguments. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/handler: Implement temporary autoboot messages Handle incoming requests for temporary autoboot settings. Signed-off-by: Jeremy Kerr <jk@ozlabs.org> [indenting fixup] Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover: implement a periodic requery for network devices If we boot a machine before external (network) dependencies are properly configured, it will have tried once to download configuration, and possibly failed due to that configuration not being present. This change introduces a periodic requery of network resources. After a timeout, petitboot will either re-acquire its DHCP lease (causing any downloads to be re-processed, possibly with different parameters from the new lease), or re-download a statically defined URL. This timeout defaults to five minutes (similar to pxelinux), and is configurable by DHCP option 211, "reboot time". Signed-off-by: Jeremy Kerr <jk@ozlabs.org> [added test stub] Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/pxe-parser: Fine grained proxy control Petitboot provides a method for a user to manually specify a configuration file that should be retrieved. Petitboot also has a global proxy configuration. This patch aims to marry the two so that a custom configuration file can specify that a specific proxy should be used to access one (or all) of the options within it. This makes custom configuration files more powerful as they can point to files behind proxies without the user needing to also specify the global proxy for that specific custom configuration file to work. This adds parsing for a `proxy` option which will apply to all boot items found after. Signed-off-by: Cyril Bur <cyrilbur@gmail.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover: Handle plugin install request Handle "_PLUGIN_INSTALL" requests from clients. Calling the pb-plugin script from pb-discover ensures different clients don't trip over each other. Successfully installed plugins are automatically communicated back to clients once pb-plugin sends a 'plugin' user event. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover: Handle and track plugin_options Track plugin_options in the device_handler. Plugins can be added with device_handler_add_plugin_option() and accessed via device_handler_get_plugin(). Extend discover_server to support the new 'add' and 'remove' pb-protocol actions and advertise new plugins to connecting clients. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/device-handler: Add aggregated download progress updates Several processes run by Petitboot output progress information while running. Add device_handler_status_download() which process callers can call to register and update progress information (percentage and current size). A list of 'progress_info' structs holds this progress information, and on each call to device_handler_status_download() the information is combined and displayed as a single status update for readability. On completion device_handler_status_download_remove() is called to remove old progress information from the list. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover: add handler reference to struct discover_context Since the device handler provides the status message functions, we need a pointer to it for device discovery (which we use a struct discover_context for). This change adds a 'handler' member to struct discover_context, to allow status reporting. Since we now have a handler, there's no need for the network pointer, so provide an accessor function instead. Signed-off-by: Jeremy Kerr <jk@ozlabs.org> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover: Add device-specific status reporting functions Most of our status reporting is against a specific device, so add status reporting functions that take a struct discover_device and use a stnadard prefix. Signed-off-by: Jeremy Kerr <jk@ozlabs.org> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover: Add helpers for status reporting This change adds a couple of helpers for the status reporting API, allowing callers to provide just a set of printf-style arguments, rather than having to build up a struct status. Signed-off-by: Jeremy Kerr <jk@ozlabs.org> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover: separate status-reporting function from boot() callback Currently, the device_discover_boot_status function is both used for internal status updates, as well as the callback passed to boot(). This change splits this into two functions; one for the latter and one for the former. The latter just has a void * for its first argument, to match the boot_status_fn type. Signed-off-by: Jeremy Kerr <jk@ozlabs.org> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
types: shorten boot_status definitions struct boot_status is a bit misnamed; we report status on things that aren't just the boot status (eg, discovery). This change refactors struct boot_status into just struct status. We give the type enum a name, and shorten the enum values to suit. Signed-off-by: Jeremy Kerr <jk@ozlabs.org> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover: Pass UUID to discover_device_create() Currently discover_device_create() will search for existing discover devices by id to determine if a new device is required. However it is possible under some circumstances for distinct devices to have the same name. This is especially troublesome if the following network events are seen in network_handle_nlmsg(): - New interface, 'foo' with uuid x:x:x:x:x:x -> new discover device created with dev->device->id = 'foo' dev->uuid = x:x:x:x:x:x - New interface, 'foo' with uuid y:y:y:y:y:y -> existing device 'foo' found dev->uuid = y:y:y:y:y:y This can occur if an interface rename event arrives *after* an old name is reused, where temporarily Petitboot will see two distinct network interfaces with the same name. Now the two interfaces point to the same discover device, which can quickly result in a segfault if a 'remove' event occurs for one of the interfaces and the discover device is freed. To generally avoid this a 'uuid' parameter is added to discover_device_create(), which if present allows existing devices to be looked up by UUID rather than just their name. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover: Deprecate 'conf' user event The 'conf' user event is functionally very similar to the 'url' event, in that both events result in downloading a specified configuration file and passing it to iterate_parsers(). The 'url' event additionally allows downloading files from a directory path and is also accessed by the UI via pb-protocol, so remove the 'conf' event and associated functions in favour of 'url' and device_handler_process_url(). Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Add support for GPG signature enforcement on booted kernels and related blobs This can be used to implement a form of organization-controlled secure boot, whereby kernels may be loaded from a variety of sources but they will only boot if a valid signature file is found for each component, and only if the signature is listed in the /etc/pb-lockdown file. Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com> (Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)
discover: Add 'sync' user event Add a user event named 'sync' that causes the discover server to merge the devicemapper snapshots of mounted devices. This is particularly useful as a debug aid (for example, when copying logs to a USB device), as the server will otherwise only sync changes to mounted devices in response to parser actions. The command can be called as pb-event sync@device to sync a particular device, or as pb-event sync@all to sync all devices with snapshots. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/device-handler: Make boot_status() public Rename boot_status() to device_handler_boot_status() and make it accessible by files that include device-handler.h. This enables the boot status to be updated from additional callers, in particular within parser functions. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover: Handle BTRFS root subvolumes During install some distributions[0] will create subvolumes when formatting the root filesystem with BTRFS. In particular this can mean that bootloader config files will appear (in the case of GRUB) under /var/petitboot/mnt/dev/$device/@/boot/grub/ rather than the expected /var/petitboot/mnt/dev/$device/boot/grub/ If this is the case, perform all file operations from the parser relative to this subvolume rather than the mount point. At the moment this only supports the trivial case where the subvolume name for root is blank (ie. '@'). [0] In particular, Ubuntu from at least 14.04 Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>