petitboot
14 months agodocker: Update to Ubuntu 18.04 LTS
Joel Stanley [Fri, 17 Aug 2018 05:39:32 +0000 (15:09 +0930)]
docker: Update to Ubuntu 18.04 LTS

Ubuntu 17.10 was end of life in July. Update to the latest LTS.

Signed-off-by: Joel Stanley <joel@jms.id.au>
[Docker tag bumped]
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
14 months agodiscover/network: Stop udhcpc6 process on requery
Samuel Mendoza-Jonas [Fri, 17 Aug 2018 00:51:26 +0000 (10:51 +1000)]
discover/network: Stop udhcpc6 process on requery

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
14 months agoREADME: Update
Geoff Levand [Thu, 16 Aug 2018 17:30:08 +0000 (10:30 -0700)]
README: Update

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agotravis: Use docker scripts v1.9.0
Samuel Mendoza-Jonas [Wed, 15 Aug 2018 01:39:31 +0000 (11:39 +1000)]
travis: Use docker scripts

Update the Travis config to use Petitboot's own docker scripts, and add
ppc64le to the list of recognised architectures.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodiscover/arm64: Update to struct efi_mount
Geoff Levand [Fri, 10 Aug 2018 17:29:15 +0000 (17:29 +0000)]
discover/arm64: Update to struct efi_mount

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agotest/efivar: Rework for efi_mount
Geoff Levand [Tue, 14 Aug 2018 14:25:09 +0000 (07:25 -0700)]
test/efivar: Rework for efi_mount

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agolib/efi: Move magic to implementation
Geoff Levand [Fri, 10 Aug 2018 17:29:15 +0000 (17:29 +0000)]
lib/efi: Move magic to implementation

efi_check_mount now does a magic number check by default, so
move the magic number related code from efivar.h to efivar.c.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agolib/efi: Add new struct efi_mount
Geoff Levand [Fri, 10 Aug 2018 17:29:14 +0000 (17:29 +0000)]
lib/efi: Add new struct efi_mount

To make it easier to manage EFI variables add a new struct efi_mount
that holds the path to the EFI file system mount and the EFI variable
name GUID. Update the lib/efi routines to use struct efi_mount.  Add
a new routine efi_check_mount based on the checks done in
platform-arm64.

This change to using struct efi_mount removes the static variable
efivarfs_path making the lib/efi routines stateless.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agolib/efi: Log operations to debug log
Geoff Levand [Fri, 10 Aug 2018 17:29:14 +0000 (17:29 +0000)]
lib/efi: Log operations to debug log

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agolib/efi: Add EFI_DEFALT_ATTRIBUTES macro
Geoff Levand [Fri, 10 Aug 2018 17:29:14 +0000 (17:29 +0000)]
lib/efi: Add EFI_DEFALT_ATTRIBUTES macro

For convenience, add a new efi data attributes macro
EFI_DEFALT_ATTRIBUTES.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodocker: Use host networking
Samuel Mendoza-Jonas [Wed, 8 Aug 2018 01:08:06 +0000 (11:08 +1000)]
docker: Use host networking

Use the host driver by default to simplify networking for build-builder,
especially when DNS settings need to be inherited from the host.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agolib/efi: Add check for ioctl_iflags support
Geoff Levand [Wed, 8 Aug 2018 00:01:10 +0000 (00:01 +0000)]
lib/efi: Add check for ioctl_iflags support

The efi tests may use a filesystem which does not support
ioctl_iflags.  Add a check and skip the ioctl_iflags
operations if not supported.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodiscover/platforms: Fix param_list talloc failure
Geoff Levand [Wed, 8 Aug 2018 00:01:10 +0000 (00:01 +0000)]
discover/platforms: Fix param_list talloc failure

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agolib/talloc: Fix TALLOC_ABORT
Geoff Levand [Wed, 8 Aug 2018 20:24:50 +0000 (13:24 -0700)]
lib/talloc: Fix TALLOC_ABORT

The current TALLOC_ABORT macro had a number of problems.
Failures were not going to the pb log, but only to stderr.
If the object passed in was not a talloc object the printing
of an object name would be printing random data.
The use of a macro obscured the code.

To clean this up, remove all reference to TALLOC_ABORT and
put the logging and abort calls directly into talloc_chunk_from_ptr.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agopb_log: Break out timestamp
Geoff Levand [Mon, 13 Aug 2018 16:23:07 +0000 (09:23 -0700)]
pb_log: Break out timestamp

Fixes double timestamp on pb_log_fn, pb_debug_fn.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodiscover/platform: Use pb_log_fn
Geoff Levand [Wed, 8 Aug 2018 00:01:09 +0000 (00:01 +0000)]
discover/platform: Use pb_log_fn

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodocker: Add strace for interactive debugging
Geoff Levand [Wed, 8 Aug 2018 00:01:09 +0000 (00:01 +0000)]
docker: Add strace for interactive debugging

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodiscover: Add platform-arm64
Ge Song [Thu, 2 Aug 2018 17:29:41 +0000 (17:29 +0000)]
discover: Add platform-arm64

Signed-off-by: Ge Song <ge.song@hxt-semitech.com>
[Split from a larger patch and cleaned up]
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agolib/system: Add dmidecode as system app
Geoff Levand [Thu, 2 Aug 2018 17:29:40 +0000 (17:29 +0000)]
lib/system: Add dmidecode as system app

For use by the arm64 get_sysinfo.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agoconfigure: Add conditional platform builds
Geoff Levand [Thu, 2 Aug 2018 17:29:40 +0000 (17:29 +0000)]
configure: Add conditional platform builds

Add configure --enable-platform-XXX options to allow specifying
which platform support to build.

--enable-platform-auto, the default, will use the host
triplet to guess which platforms to build.
--enable-platform-all will build all platforms.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodiscover: Add platform-dummy
Geoff Levand [Thu, 2 Aug 2018 17:29:40 +0000 (17:29 +0000)]
discover: Add platform-dummy

With the new configure enable-platform parameters it is possible
configure no platform support.  Add a new minimal 'dummy' platform
so that the __start_platforms and __stop_platforms variables needed
by platform_init are created.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agoconfigure: Rename ENABLE_PS3 to PLATFORM_PS3
Geoff Levand [Thu, 2 Aug 2018 17:29:39 +0000 (17:29 +0000)]
configure: Rename ENABLE_PS3 to PLATFORM_PS3

To prepare for other configure platform names.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodiscover: Move generic params routines to platform
Ge Song [Thu, 2 Aug 2018 17:29:39 +0000 (17:29 +0000)]
discover: Move generic params routines to platform

Move the generic params routines from platform-powerpc to platform.
Also, for clarity, add a params prefix to the names.

Signed-off-by: Ge Song <ge.song@hxt-semitech.com>
[Split from a larger patch and cleaned up]
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodiscover: Move generic config routines to platform
Ge Song [Thu, 2 Aug 2018 17:29:39 +0000 (17:29 +0000)]
discover: Move generic config routines to platform

Move the generic config routines from platform-powerpc to platform.
Also, for clarity, add a config_ prefix to the names.

Signed-off-by: Ge Song <ge.song@hxt-semitech.com>
[Split from a larger patch and cleaned up]
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodiscover/powerpc: Switch to new param_list
Geoff Levand [Thu, 2 Aug 2018 17:29:38 +0000 (17:29 +0000)]
discover/powerpc: Switch to new param_list

Signed-off-by: Geoff Levand <geoff@infradead.org>
[Name string fixup]
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodiscover/powerpc: Add param_name arg
Geoff Levand [Thu, 2 Aug 2018 17:29:38 +0000 (17:29 +0000)]
discover/powerpc: Add param_name arg

Update update_network_config and update_bootdev_config to
operate on a generic parameter name passed as an argument.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodiscover/powerpc: Rearange save_config
Ge Song [Thu, 2 Aug 2018 17:29:38 +0000 (17:29 +0000)]
discover/powerpc: Rearange save_config

Rearange update_config and save_config so that update_config
only operates on the platform params list.

Signed-off-by: Ge Song <ge.song@hxt-semitech.com>
[Split from a larger patch and cleaned up]
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agolib/param_list: Add new parameter list routines
Geoff Levand [Thu, 2 Aug 2018 17:29:38 +0000 (17:29 +0000)]
lib/param_list: Add new parameter list routines

Based on the powerpc param routines adds new generic routines
to manage a name + value parameter list.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodiscover/event: Rename param -> event_param
Geoff Levand [Thu, 2 Aug 2018 17:29:37 +0000 (17:29 +0000)]
discover/event: Rename param -> event_param

To avoid name clash with other 'struct param'.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodiscover: Move generic ipmi routines to ipmi
Ge Song [Thu, 2 Aug 2018 17:29:37 +0000 (17:29 +0000)]
discover: Move generic ipmi routines to ipmi

Signed-off-by: Ge Song <ge.song@hxt-semitech.com>
[Split from a larger patch]
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agotest-efivar: Update to latest lib/efi routines
Samuel Mendoza-Jonas [Thu, 2 Aug 2018 17:29:37 +0000 (17:29 +0000)]
test-efivar: Update to latest lib/efi routines

From: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agolib/efi: Cleanup read/write routines
Geoff Levand [Thu, 2 Aug 2018 17:29:36 +0000 (17:29 +0000)]
lib/efi: Cleanup read/write routines

Make a new stucture struct efi_data to hold the info that describes
an efi variable.  Make a common routine efi_open that opens the efi
variable file.  Switch the efi get/set/del routines over to use
efi_open.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agolib/efi: Add new routines to access efi variables
Ge Song [Thu, 2 Aug 2018 17:29:36 +0000 (17:29 +0000)]
lib/efi: Add new routines to access efi variables

Provide methods to load/store petitboot's configuration on efi-based
platforms. A test case is also provided.

Signed-off-by: Ge Song <ge.song@hxt-semitech.com>
[Cleanup file comments, make efivarfs_path static.]
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodiscover/powerpc: Use process_get_stdout
Geoff Levand [Thu, 2 Aug 2018 17:29:36 +0000 (17:29 +0000)]
discover/powerpc: Use process_get_stdout

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agolib/process: Add process_get_stdout
Geoff Levand [Thu, 2 Aug 2018 17:29:35 +0000 (17:29 +0000)]
lib/process: Add process_get_stdout

Add a new structure 'struct process_stdout' and optional parameter
'stdout' to the process_run_simple functions to allow the caller
to get a buffer filled with the stdout from the child process.

Rename the process_run_simple functions to process_get_stdout
and add wrappers for the old process_run_simple function names.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agolib/process: Cleanup stdout callback
Geoff Levand [Thu, 2 Aug 2018 17:29:35 +0000 (17:29 +0000)]
lib/process: Cleanup stdout callback

General cleanup of async stdout processing.

The process_stdout_cb and process_stdout_custom routines were doing the
same thing, so rename process_stdout_custom to process_process_stdout
and make process_stdout_cb a wrapper that calls process_process_stdout.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodiscover/parser: Hookup parser_is_unique
Geoff Levand [Thu, 2 Aug 2018 17:29:35 +0000 (17:29 +0000)]
discover/parser: Hookup parser_is_unique

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agotest/parser: Add parser_is_unique
Geoff Levand [Thu, 2 Aug 2018 17:29:35 +0000 (17:29 +0000)]
test/parser: Add parser_is_unique

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodiscover/parser: Add new parser_is_unique
Geoff Levand [Thu, 2 Aug 2018 17:29:34 +0000 (17:29 +0000)]
discover/parser: Add new parser_is_unique

Add a new routine parser_is_unique that tests a file's inode
against a list of known file inodes.  Useful when searching
case-insensitive filesystems.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodiscover: Add some debug print messages
Geoff Levand [Thu, 2 Aug 2018 17:29:34 +0000 (17:29 +0000)]
discover: Add some debug print messages

To aid in debugging print some additinal discover messages
to the log.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodiscover/kboot-parser: Look in /boot
Geoff Levand [Thu, 2 Aug 2018 17:29:34 +0000 (17:29 +0000)]
discover/kboot-parser: Look in /boot

Other parsers look in /boot for config files, so add
it to the kboot parser.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodiscover: Add --debug to kexec
Geoff Levand [Thu, 2 Aug 2018 17:29:34 +0000 (17:29 +0000)]
discover: Add --debug to kexec

If verbose logging is enabled then add '--debug' to the kexec command line.
Adds a new routine pb_log_get_debug() that can be used to query the log
debug state.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agolib/log: Switch to pb_log_fn
Geoff Levand [Thu, 2 Aug 2018 17:29:34 +0000 (17:29 +0000)]
lib/log: Switch to pb_log_fn

The only functional change should be an additional '/n' to
a few log messagees that seemed to be missing it.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agolib/log: Add verbose logging routines
Geoff Levand [Thu, 2 Aug 2018 17:29:33 +0000 (17:29 +0000)]
lib/log: Add verbose logging routines

Add three new logging routines pb_log_fn and pb_debug_fn, which
print the calling function's name to the log, and pb_debug_fl
which prints the calling function's name and the file line
number to the log.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agoconfigure: Remove unused ENABLE_DEBUG
Geoff Levand [Thu, 2 Aug 2018 17:29:33 +0000 (17:29 +0000)]
configure: Remove unused ENABLE_DEBUG

We setup debug builds in the configure script with DEFAULT_CFLAGS and
DEFAULT_CPPFLAGS.  Remove the unused ENABLE_DEBUG AM conditional.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agoconfigure: Add check for UI build
Geoff Levand [Thu, 2 Aug 2018 17:29:33 +0000 (17:29 +0000)]
configure: Add check for UI build

Emit configure warning if no UI program is to be built.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodocker: Add libfdt-dev
Geoff Levand [Thu, 2 Aug 2018 17:29:33 +0000 (17:29 +0000)]
docker: Add libfdt-dev

Add package libfdt-dev to the pb-builder docker image.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodiscover/paths: Cleanup res after getaddrinfo
Samuel Mendoza-Jonas [Thu, 26 Jul 2018 01:50:33 +0000 (11:50 +1000)]
discover/paths: Cleanup res after getaddrinfo

Fixes Coverity defect #187192.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodocker: Pass extra options to configure
Samuel Mendoza-Jonas [Wed, 1 Aug 2018 04:53:07 +0000 (14:53 +1000)]
docker: Pass extra options to configure

Pass extra configure options and CFLAGS/LDFLAGS to docker to enable
building multiple configurations.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodocker: Pass proxy variables to docker build
Samuel Mendoza-Jonas [Wed, 1 Aug 2018 04:52:43 +0000 (14:52 +1000)]
docker: Pass proxy variables to docker build

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodocker: Add signed boot dependencies
Samuel Mendoza-Jonas [Wed, 1 Aug 2018 04:52:09 +0000 (14:52 +1000)]
docker: Add signed boot dependencies

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodiscover/paths: Set suffix to default value on error.
Samuel Mendoza-Jonas [Mon, 30 Jul 2018 01:48:26 +0000 (11:48 +1000)]
discover/paths: Set suffix to default value on error.

This avoids the log filling up with "Couldn't recognise suffix" messages
if a lot of partial stdout updates are received.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agodiscover: Be more verbose about boot failures
Samuel Mendoza-Jonas [Mon, 30 Jul 2018 01:48:25 +0000 (11:48 +1000)]
discover: Be more verbose about boot failures

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agolib/log: Include timestamp prefix
Samuel Mendoza-Jonas [Mon, 30 Jul 2018 01:48:24 +0000 (11:48 +1000)]
lib/log: Include timestamp prefix

The relative time between logged events is very useful during debugging,
particularly when debugging autoboot failures. Prepend a short HH:MM:SS
timestamp to each line logged.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
15 months agojenkins: Add build jobs
Geoff Levand [Thu, 24 May 2018 00:25:57 +0000 (17:25 -0700)]
jenkins: Add build jobs

Adds two Jenkins pipeline jobs pb-upstream-trigger and pb-build-matrix.
pb-upstream-trigger checks for upstream updates and runs
pb-build-matrix.  pb-build-matrix builds a pb-builder image and runs the
build-pb script.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
16 months agoui/ncurses: Allow IPv6 addresses in address fields
Samuel Mendoza-Jonas [Wed, 23 May 2018 01:39:14 +0000 (11:39 +1000)]
ui/ncurses: Allow IPv6 addresses in address fields

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
16 months agodiscover: Determine connectivity with getaddrinfo()
Samuel Mendoza-Jonas [Wed, 23 May 2018 04:39:17 +0000 (14:39 +1000)]
discover: Determine connectivity with getaddrinfo()

Use getaddrinfo() to determine if a remote URL is reachable instead of
only checking if we have an addresses configured. This avoids, for
example, trying to load an IPv4 URL when only an IPv6 address is
available.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
16 months agodiscover/pxe-parser: Parse simple iPXE scripts
Samuel Mendoza-Jonas [Thu, 10 May 2018 05:48:21 +0000 (15:48 +1000)]
discover/pxe-parser: Parse simple iPXE scripts

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
16 months agodiscover/user-event: Use bootfile_url if available
Samuel Mendoza-Jonas [Thu, 10 May 2018 05:47:56 +0000 (15:47 +1000)]
discover/user-event: Use bootfile_url if available

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
16 months agodiscover: Support IPv6 addresses
Samuel Mendoza-Jonas [Wed, 9 May 2018 01:18:57 +0000 (11:18 +1000)]
discover: Support IPv6 addresses

Support handling IPv6 addresses from user events and call the udhcpc6
client in addition to the udhcpc client.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
16 months agoutils/pb-udhcpc: Recognise DHCPv6 parameters
Samuel Mendoza-Jonas [Wed, 9 May 2018 01:15:03 +0000 (11:15 +1000)]
utils/pb-udhcpc: Recognise DHCPv6 parameters

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
16 months agolib/system: Add udhcpc6
Samuel Mendoza-Jonas [Wed, 9 May 2018 01:14:30 +0000 (11:14 +1000)]
lib/system: Add udhcpc6

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
16 months agodiscover/sysinfo: Set IPv6 addresses
Samuel Mendoza-Jonas [Wed, 23 May 2018 06:25:25 +0000 (16:25 +1000)]
discover/sysinfo: Set IPv6 addresses

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
16 months agolib: Add support and helpers for IPv6 host addresses
Samuel Mendoza-Jonas [Wed, 9 May 2018 01:13:54 +0000 (11:13 +1000)]
lib: Add support and helpers for IPv6 host addresses

Recognise IPv6 addresses and URLs, and allow an interface_info struct to
have both an IPv4 and IPv6 address.
The addr_scheme() helper returns the address family of a given address.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
16 months agoui/ncurses: Implement F10-F12 for autoboot device control
Jeremy Kerr [Tue, 3 Jul 2018 06:34:47 +0000 (16:34 +1000)]
ui/ncurses: Implement F10-F12 for autoboot device control

Add a few mappings to specify temporary autoboot settings:

  F10: Only autoboot from disk
  F11: Only autoboot from USB devices
  F12: Only autoboot from network

These use the new code to prevent cancelling autoboot.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
16 months agoui/ncurses: Implement non-boot-cancelling keys
Jeremy Kerr [Tue, 3 Jul 2018 06:34:46 +0000 (16:34 +1000)]
ui/ncurses: Implement non-boot-cancelling keys

Allow some keys to not cancel the default-boot process.

For the moment, this is just the screen refresh (ctrl+L).

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
16 months agodiscover/handler: Implement temporary autoboot messages
Jeremy Kerr [Tue, 3 Jul 2018 06:34:45 +0000 (16:34 +1000)]
discover/handler: Implement temporary autoboot messages

Handle incoming requests for temporary autoboot settings.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
[indenting fixup]
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
16 months agodiscover/handler: Split autoboot matching into a new function
Jeremy Kerr [Tue, 3 Jul 2018 06:34:44 +0000 (16:34 +1000)]
discover/handler: Split autoboot matching into a new function

A future change will want to match autoboot option settings, so abstract
this into its own function.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
16 months agoprotocol: Add definition and serialisation for temporary autoboot
Jeremy Kerr [Tue, 3 Jul 2018 06:34:43 +0000 (16:34 +1000)]
protocol: Add definition and serialisation for temporary autoboot

Add a new message format for a temporarily-applied autoboot setting.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
16 months agodiscover: implement a periodic requery for network devices
Jeremy Kerr [Tue, 3 Jul 2018 06:24:58 +0000 (16:24 +1000)]
discover: implement a periodic requery for network devices

If we boot a machine before external (network) dependencies are properly
configured, it will have tried once to download configuration, and
possibly failed due to that configuration not being present.

This change introduces a periodic requery of network resources. After a
timeout, petitboot will either re-acquire its DHCP lease (causing any
downloads to be re-processed, possibly with different parameters from
the new lease), or re-download a statically defined URL.

This timeout defaults to five minutes (similar to pxelinux), and is
configurable by DHCP option 211, "reboot time".

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
[added test stub]
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
16 months agopo/en: Fix inconsistencies with trailing colons
Jeremy Kerr [Mon, 2 Jul 2018 05:36:27 +0000 (15:36 +1000)]
po/en: Fix inconsistencies with trailing colons

We have a few cases where the english translations have matched against
strings with/without colon suffixes.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
16 months agodiscover/user-event: Check for required parameters
Samuel Mendoza-Jonas [Thu, 28 Jun 2018 07:21:35 +0000 (17:21 +1000)]
discover/user-event: Check for required parameters

Check for some required parameters in the 'dhcp' handler, and in the
'add' handler return an error if parse_user_event() fails rather than
charging ahead into a segfault.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
16 months agodiscover/udev: Don't require ID_NET_NAME_PATH property
Samuel Mendoza-Jonas [Wed, 20 Jun 2018 04:09:02 +0000 (14:09 +1000)]
discover/udev: Don't require ID_NET_NAME_PATH property

Drop the requirement for the ID_NET_NAME_PATH property since it prevents
Petitboot from recognising virtio network devices, and is not otherwise
used.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
17 months agodiscover/grub: Improve BLS grub environment variables expansion
Javier Martinez Canillas [Tue, 12 Jun 2018 10:18:34 +0000 (12:18 +0200)]
discover/grub: Improve BLS grub environment variables expansion

The fields from a BootLoaderSpec file can contain environment variables,
in GRUB 2 these are show verbatim and are evaluated later when an entry
is selected. But on Petitboot these have to be expanded before creating
the GRUB 2 resources and show in the UI the values after the evaluation.

The current blscfg handler had a very limited support for variables, it
only had support for the options field and also didn't take into account
that variables could be mixed with literal values.

So for example the following fields were not expanded correctly:

  linux   $bootprefix/vmlinuz

  options $kernelopts foo=bar

  options foo=bar $kernelopts

  options $kernelopts $debugopts

Also change some of the tests to cover mixing variables and literals.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
17 months agodiscover/grub: Use different paths to search for the BLS directory
Javier Martinez Canillas [Tue, 12 Jun 2018 10:18:33 +0000 (12:18 +0200)]
discover/grub: Use different paths to search for the BLS directory

Currenlty the BLS fragments are only searched in the /loader/entries
directory, but this assumes that there is a boot partition mounted
in /boot. This may not always be the case, /boot may not be a mount
point and just a directory inside the root partition.

To cover this case, Petitboot tries to find a GRUB 2 config file in
different paths. So let's do the same for the BLS files directory.

Also change some of the unit tests to use /boot/loader/entries as a
BLS directory instead of /loader/entries.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
17 months agotest/parser: Make parser_scandir() ignore files with path len less than dir
Javier Martinez Canillas [Tue, 12 Jun 2018 10:18:32 +0000 (12:18 +0200)]
test/parser: Make parser_scandir() ignore files with path len less than dir

Both the test files and directories added into the test harness are stored
into the same file list. So the parser_scandir() stub compares the absolute
file path of the files and the directory to scan, to know if a file belongs
to the directory.

Files whose absolute file path length isn't bigger than the directory to
scan should just be ignored, since it means they can't be from that dir.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
17 months agodiscover/syslinux-parser: consistent cmdline arg processing
Brett Grandbois [Sun, 10 Jun 2018 21:54:08 +0000 (07:54 +1000)]
discover/syslinux-parser: consistent cmdline arg processing

In signed-boot environments consistent handling of kernel commandline
options is essential as they must be pre-signed.  In the syslinux parser
ensure that in the absence of a global APPEND they are processed
exactly as found and not with the leading space that the current APPEND
processing has as a shortcut.

Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
17 months agolib/security: hard_lockdown flag to stop runtime disable of signed boot
Brett Grandbois [Sun, 10 Jun 2018 21:36:58 +0000 (07:36 +1000)]
lib/security: hard_lockdown flag to stop runtime disable of signed boot

Currently if signed-boot is enabled in configure the presence of the
LOCKDOWN_FILE is used as a runtime determination to perform the actual
verification.  In some environments this may be acceptable or even the
intended operation but in other environments could be a security hole
since the removal of the file will then cause boot task verification.
Add a 'hard_lockdown' enable flag to generate a HARD_LOCKDOWN
preprocessor definition to force the system to always do a signed boot
verification for each boot task, which in the case of a missing file the
boot will fail.

Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
17 months agodiscover/network: Null terminate ifname buffer explicitly
Samuel Mendoza-Jonas [Wed, 30 May 2018 05:37:05 +0000 (15:37 +1000)]
discover/network: Null terminate ifname buffer explicitly

GCC 8 produces the following warning for network.c:

In function ‘network_handle_nlmsg’,
    inlined from ‘network_netlink_process’ at ../discover/network.c:726:3:
../discover/network.c:568:3: warning: ‘strncpy’ output may be truncated copying 15 bytes from a string of length 16 [-Wstringop-truncation]
   strncpy(interface->name, ifname, sizeof(interface->name) - 1);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../discover/network.c:586:3: warning: ‘strncpy’ output may be truncated copying 15 bytes from a string of length 16 [-Wstringop-truncation]
   strncpy(interface->name, ifname, sizeof(interface->name) - 1);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The code is safe since interface is allocated with talloc_zero() and we
could use -Wno-stringop-truncation to hide this but since this is the
only offender instead just copy the whole IFNAMSIZ bytes and explicitly
terminate the ifname buffer to be safe.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
17 months agodiscover: Rescan SCSI devices on reinit
Samuel Mendoza-Jonas [Wed, 30 May 2018 05:36:45 +0000 (15:36 +1000)]
discover: Rescan SCSI devices on reinit

Explicitly rescan SCSI devices on reinit rather than just remounting
them in case a device did not init properly on boot.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
17 months agoFix pb-discover segfaults caused by list corruption.
Brandon Bergren [Sun, 10 Jun 2018 18:21:58 +0000 (13:21 -0500)]
Fix pb-discover segfaults caused by list corruption.

I was seeing list corruption and segfaults in pb-discover on my Talos
II when using both yaboot and kboot config files on the same device.

My assumption is that discover_context_add_boot_option() was being
called on the same pointer more than once.

So, null the pointer right after the call. The ownership was transferred
anyway so the parsers should not keep it around.

Signed-off-by: Brandon Bergren <git@bdragon.rtk0.net>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
17 months agotest/lib: Add OpenSSL verify and decrypt tests
Brett Grandbois [Tue, 15 May 2018 00:55:52 +0000 (10:55 +1000)]
test/lib: Add OpenSSL verify and decrypt tests

Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
17 months agoui/ncurses: Update LOCKDOWN_FILE check to reflect generic SIGNED_BOOT
Brett Grandbois [Tue, 15 May 2018 00:55:51 +0000 (10:55 +1000)]
ui/ncurses: Update LOCKDOWN_FILE check to reflect generic SIGNED_BOOT

Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
17 months agodiscover: Update to reflect generic signed boot API
Brett Grandbois [Tue, 15 May 2018 00:55:50 +0000 (10:55 +1000)]
discover: Update to reflect generic signed boot API

Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
17 months agolib/security: add in openssl support
Brett Grandbois [Tue, 15 May 2018 00:55:49 +0000 (10:55 +1000)]
lib/security: add in openssl support

Refactor to export a generic API rather than specific gpg_ prefixes by
changing gpg.h to security.h and renaming some of the exports.

Break out the common and specific functionality into common.c and
none.c/gpg.c/openssl.c for no/gpgme/openssl modes respectively.

gpgme should work as before

OpenSSL support works like this:

The pb-lockdown file is a PKCS12 file or X509 certificate or PEM-encoded
raw public key.  To follow the current conventions the presence of a
PKCS12 file as a lockdown signals decrypt mode because of the presence
of the private key, anything else signals signature verification mode.
The keyring path is currently ignored but in the future could be used to
point to an X509 certificate chain for validity checking. Because of
this self-signed certificates are currently supported and really just
used as a public key container.

Signature verification mode supports:

* Cryptographic Message Syntax (CMS) as detached S/MIME, this is really
  more for consistency for the encryption mode (see below). This mode
  requires the lockdown file to be an X509 certificate.

  A sample creation command would be:
    openssl cms -sign -in (infile) -out (outfile) -binary -nocerts \
        -inkey (private key) -signer (recipient certificate)

* Raw signature digest as output from openssl dgst -sign command.  This
  mode can have the lockdown file be an X509 certificate or a PEM raw
  public key but the digest algorithm must be pre-defined by the
  VERIFY_DIGEST configure argument. The default is SHA256.

  A sample creation command would be:
    openssl dgst -sign (private key) -out (outfile) -(digest mode) \
         (infile)

Decryption mode supports:

* CMS signed-envelope as attached S/MIME.  This is for consistency with
  the current expectation of no external file for decryption.  Some
  future enhancement could be to come up with some proprietary external
  file format containing the cipher used, the encrypted cipher key, and
  the IV (if necessary).

  A sample creation command would be:
    openssl cms -sign -in (infile) -signer (recipient certificate) \
        -binary -nocerts -nodetach -inkey (private key) | \
        openssl cms -encrypt -(cipher mode) -out (outfile) \
           (recipient certificate)

The PKCS12 file is expecting the private key to have password of NULL or
"" as there is currently no mechanism to supply a custom one.

Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
17 months agoconfigure: Add signed-boot openssl configuration support
Brett Grandbois [Tue, 15 May 2018 00:55:48 +0000 (10:55 +1000)]
configure: Add signed-boot openssl configuration support

Change the with-signed-boot option to take the following values:

no - disable signed boot (as before)
gpgme - configure for gpgme, fail if not found
openssl - configure for openssl, fail if not found
yes - look first for gpgme then openssl using first found, fail on none
      this should behave as before if gpgme has been installed

fail on any other invalid options

add in the ax_check_openssl.m4 macro to facilitate openssl probing

Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
17 months agopo: Regenerate and update bug contact v1.8.0
Samuel Mendoza-Jonas [Tue, 29 May 2018 07:01:19 +0000 (17:01 +1000)]
po: Regenerate and update bug contact

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
18 months agodocker/build-pb: Add --interactive flag
Geoff Levand [Mon, 21 May 2018 19:59:39 +0000 (19:59 +0000)]
docker/build-pb: Add --interactive flag

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
18 months agodocker: Add DOCKER_FROM arg
Geoff Levand [Mon, 21 May 2018 19:59:39 +0000 (19:59 +0000)]
docker: Add DOCKER_FROM arg

The dockerfile for each architecture is the same except for the 'FROM' image.
Add a new Dockerfile argument DOCKER_FROM that allows for a commom dockerfile.
If the docker version is older than 17.05 generate a docker file from
the common one.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
18 months agodiscover/boot: abort kexec on any error from validation
Brett Grandbois [Wed, 16 May 2018 03:23:49 +0000 (13:23 +1000)]
discover/boot: abort kexec on any error from validation

gpg_validate_boot_files() can return error codes for a variety of
reasons but kexec_load only aborts for signature or decryption failure.
In any other failure case like unable to open LOCKDOWN_FILE or do the
secure copy the validation is bypassed by an early return but kexec_load
does not abort.

Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
18 months agoconfigure: only test for msgfmt if NLS enabled
Brett Grandbois [Fri, 11 May 2018 01:12:28 +0000 (11:12 +1000)]
configure: only test for msgfmt if NLS enabled

in environments where --disable-nls is specified msgfmt is unnecessary
and therefore may not be available

Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
18 months agolib/file: remove mkstemp umask in copy_file_secure_dest
Brett Grandbois [Thu, 3 May 2018 06:02:04 +0000 (16:02 +1000)]
lib/file: remove mkstemp umask in copy_file_secure_dest

mkstemp will generate the temp file with permissions 0600 so the
umask(0644) is causing the file to have permissions of 0000, making
signature files unreadable

Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
18 months agodiscover/grub: Add cmdline signature support for BLS entries
Brett Grandbois [Thu, 3 May 2018 05:30:20 +0000 (15:30 +1000)]
discover/grub: Add cmdline signature support for BLS entries

Follow along the way the linux builtin does it.

Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
18 months agodocker: Add build container files
Geoff Levand [Tue, 1 May 2018 19:41:10 +0000 (12:41 -0700)]
docker: Add build container files

Add dockerfiles and helper scripts that create a docker image
with the tools needed to build petitboot.  See the docker/README.md
file for more info.

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
18 months agoconfigure: Add test for msgfmt
Geoff Levand [Tue, 1 May 2018 01:26:10 +0000 (18:26 -0700)]
configure: Add test for msgfmt

Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
18 months agotravis: Enable ppc64le Travis builds
Andrew Donnellan [Mon, 30 Apr 2018 07:29:04 +0000 (17:29 +1000)]
travis: Enable ppc64le Travis builds

Travis now supports building on ppc64le. Given that Power machines are
currently the largest use case of petitboot, it seems appropriate that we
enable this.

Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
19 months agodiscover/syslinux-parser: filter out duplicate conf files
Brett Grandbois [Wed, 18 Apr 2018 21:55:15 +0000 (07:55 +1000)]
discover/syslinux-parser: filter out duplicate conf files

in case insensitive filesystems like vfat the duplicate conf file list
will create duplicate boot options.  to filter that out strore the
struct stat of each parsed conf file and compare inodes

Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
19 months agodiscover/syslinux-parser: clean up boot option list entries
Brett Grandbois [Wed, 18 Apr 2018 21:55:14 +0000 (07:55 +1000)]
discover/syslinux-parser: clean up boot option list entries

in finalize loop or we can get duplicate boot entries as well as the
memory leak

Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
19 months agodiscover/grub: Allow to set a default index for BLS entries
Javier Martinez Canillas [Tue, 17 Apr 2018 17:09:00 +0000 (19:09 +0200)]
discover/grub: Allow to set a default index for BLS entries

When the BLS support was added, the conclusion was that default indexes
didn't apply for BLS snippets. But for GRUB 2 the indexes refers to the
boot menu entries in memory, regardless of how these were generated.

Since in GRUB 2 is valid to set a default index even for menu entries
generated from BLS fragments, allow this to also be done in Petitboot.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
19 months agodiscover/grub: Don't add discover context boot options in blscfg handler
Javier Martinez Canillas [Tue, 17 Apr 2018 17:08:59 +0000 (19:08 +0200)]
discover/grub: Don't add discover context boot options in blscfg handler

Instead of adding a boot option explicitly, just add it to the grub script
boot option list and increment the number of options. That way BLS entries
will be known by the grub script handler and can check if is a valid index.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>