git.ozlabs.org Git - petitboot/log

lib: Add plugin_option type and protocol

Add a new struct 'plugin_option' to represent pb-plugins that are
installed on the system. This consists of plugin metadata and an array
of installed executables.
This also adds two new pb-protocol actions to advertise the addition of
a new plugin_option, and to remove known plugin_options.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

ui/ncurses: Create pad for nc-add-url screen

Bring setup for the add-url screen into line with other screens. This
fixes an issue with a proper redraw not occurring on help screen init or
screen exit, and facilitates other work on simplifying screen init.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

ui/ncurses: Increase height of boot-editor pad

Similarly to nc-subset, extend the maximum height of the boot-editor pad
to account for the fields of the device select potentially wrapping due
to long device names.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/device-handler: Mention booting device in timeout status

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

pb-sos: effectively compress the pb-sos file with gzip

Currently the pb-sos tool creates a TAR file with logs, but without
compressing it using gzip, for example. Even the output of command
says "Compressing...", but in fact no compression is done.

This patch uses gzip to effectively compress the logs. It achieves
83% of compression, observed after a simple experiment.
Also, makes use of $tarflags variable instead of pass the flags
directly in the command call.

Signed-off-by: Guilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

pb-sos: capture Skiboot log

Makes sense to capture Skiboot log in pb-sos, specially since
it might help clarify about HW problems, like PCI initialization
failures.

Signed-off-by: Guilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover: Wait for net interfaces to be marked ready

If pb-discover is started before udev has settled there is a race
between Petitboot configuring interfaces and udev renaming them. If an
interface is set "up" the name change will fail and interfaces can be
inconsistently named, eg:

  Device:        (*) eth0 [0c:c4:7a:f4:1c:50, link up]
                 ( ) enP1p9s0f1 [0c:c4:7a:f4:1c:51, link down]
                 ( ) enP1p9s0f2 [0c:c4:7a:f4:1c:52, link down]
                 ( ) enP1p9s0f3 [0c:c4:7a:f4:1c:53, link down]

Add "net" devices to the udev filter and wait for them to be announced
by udev before configuring them.
udev_enumerate_add_match_is_initialized() ensures that by the time an
interface appears via udev its name will be consistent.

This also swaps the network and udev init order, but since interfaces
now will not be configured until after udev is ready this should not
have a user-visible effect.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/udev: Handle LVM logical volumes

If logical volumes are active and recognised by udev, no longer ignore
them. We also do some extra handling to use user-friendly device names
and mount the /dev/mapper/foo device rather than the /dev/dm-xx device.

Additionally if we see "LMV2_member" devices start a rescan in case
LVM-formatted disks came up after the LVM initscript.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

lib/system: Add vgscan, vgchange utilities

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/devmapper: Add prefix to devmapper device names

Add a 'pb-' prefix to all device mapper devices created by Petitboot.
Beyond helping to identify Petitboot-related devices, this avoids naming
collisions if we create snapshots of LVM logical volumes which also
exist in /dev/mapper.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

ui/ncurses: Extend nc-subset pad height

The nc-subset screen can exceed its maximum height if some options are
long enough to wrap around to two lines. Increaes the maximum size of
the pad to account for every line potentially wrapping once.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/device-handler: Allow process_url request to be pending

device_handler_process_url() fails immediately if no network is
available. For individual files queue the load task for later instead.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/paths: Add network jobs to queue

Load tasks that start before the network is available will fail. Rather
than just fail these tasks, add them to a queue that is processed once
the network is ready. This helps users who try to request files early in
setup, as well as very early running load tasks.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/sysinfo: Add network availability helper

Add a helper function that describes interfaces as available if they
have an assigned address.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/sysinfo: Add system_info_reinit()

Currently over reinit events the system info is not affected. However
network and block device information can change over reinit, so clear
this information.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

configure.ac: correct name of device-mapper-devel for RHEL

The RHEL and Fedora package name for development device mapper library is device-mapper-devel

Signed-off-by: Daniel Black <daniel.black@au.ibm.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/platform-powerpc: Handle optional Get Device ID section

The 'auxiliary' section of the 'Get Device ID' response is optional,
and some platforms exclude it from the response entirely. However
Petitboot only recognises the response as valid if it includes the full
16 bytes.
Update get_ipmi_bmc_versions() to also handle responses of only 12 bytes.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/platform-powerpc: Correct aux revision format

The Auxiliary Firmware Revision Information should be displayed as four
hexadecimal bytes if a manufacturer-specific format is not known. Update
the "Firmware version" format to reflect this.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/device-handler: Include makedev() from sysmacros.h

Include sys/sysmacros.h explicitly in response to the following error
message:

../discover/device-handler.c:1001:13: warning: In the GNU C Library, "makedev" is defined
by <sys/sysmacros.h>. For historical compatibility, it is
currently defined by <sys/types.h> as well, but we plan to
remove this soon. To use "makedev", include <sys/sysmacros.h>
directly. If you did not intend to use a system-defined macro
"makedev", you should undefine it after including <sys/types.h>.
id = makedev(1, handler->n_ramdisks);
^~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/platform-powerpc: Don't fail early if nvram fails

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

util/hooks: Don't update DT when ttyS* console active

Update 30-dtb-updates to not accidentally treat ttyS* consoles as tty*
and update linux,stdout-path with the VGA console details.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

utils/hooks: Don't fail early if fb0 missing

30-dtb-updates would exit early if the 'fb0' file was missing, however
the set_stdout() step does not depend on this.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover: Track both configured and current autoboot settings

If autoboot is enabled but later disabled or cancelled by, for example,
an IPMI override then the nc-config screen will set the autoboot widget
as disabled. If the user then makes and saves a change in nc-config,
autoboot will also be saved as disabled. This accidental change is
particularly awkward if the user is attempting to remove an IPMI
override.

Instead only ever change the autoboot setting if the user explicitly
changes it. Use a new helper function 'config_autoboot_active()' to
determine the current autoboot status where needed.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

ui/ncurses: Fix adding unnecessary leading slashes to paths

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/sysinfo: Fix useless error message

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

process: Cancel all asynchronous jobs on reinit

If an asynchronous job is running over a reinit, the process can return
and run its callback function after the reinit. This becomes a problem
if the callback function accesses pointers that were only valid before
the reinit (eg. device structs).
If a reinit is requested explicitly stop all active asynchronous jobs
and clear their callback functions before the reinit.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/device-handler: Cancel pending boot on reinit

When a reinit is requested device_handler_cancel_default() is
called, however as the name suggests this only cancels the boot task if
it is the result of a default boot option. We also want to cancel a boot
task if it was executed manually because it may have outstanding
asynchronous transfers running, so explicitly cancel it during reinit.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/device-handler: Process queue after device added

In device_handler_discover() we process the unresolved boot options
queue first. However the discover_device in question has not yet been
added to handler->devices so when a parser tries to search for a
matching device it will fail.
The discover_device will be added to the handler if it has not already
in device_handler_discover_context_commit() so move the call to
process_boot_option_queue() after it.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/network: Ignore interfaces with pre-existing MAC address

Petitboot uses the MAC address of network interfaces as a unique
identifier. This can cause a crash in pb-discover on a machine that has
multiple interfaces with the same MAC address.
While duplicate MAC addresses are rare and imply an issue with the
larger system configuration Petitboot should handle this gracefully, so
log a warning and ignore any interfaces other than the first to appear
that share a MAC address.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/network: Ensure interfaces have device before configuring

Reorganise network_handle_nlmsg() slightly to create interface->dev just
before calling configure_interface() rather than only for brand new
interfaces. This ensures existing interfaces which have had ->dev
removed but receive a new configure event do not access a NULL pointer
during the configuration process.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/network: Search by UUID only if available

When registering a new discover device it is possible the device does
not have an associated UUID, for example when created via
device_handler_process_url(). Fall back to find_interface_by_name() in
this case.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

ui/ncurses: Display IP address in nc-sysinfo

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover: Record IP address of network interfaces

If an interface has a valid IP address (either via DHCP or static
config) store it in the interface_info struct so it can be referenced
later.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

ui/ncurses: Don't announce pb-discover connection

The "Connected to pb-discover!" message is more useful for development
than actual use; for users the more important messages are related to
device and configuration parsing. Drop the message to slightly reduce
the level of noise on start up.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover: Maintain a backlog of status updates

Add status updates to a persistent list in the discover_server struct,
and send each client the backlog on connect. This avoids clients missing
useful messages from early init. Clients will only show this in the
backlog screen to avoid flooding the client's status line.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/paths: Announce download completion

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/paths: Parse Busybox progress information

Several busybox utilities (tftp and wget in particular) use a common
format for progress bar output. Add a stdout callback that recognises
this format and passes progress information to
device_handler_status_download().
If Petitboot has been explicitly built with busybox support set
busybox_progress_cb() as the default stdout callback for
load_url_async().

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/device-handler: Add aggregated download progress updates

Several processes run by Petitboot output progress information while
running. Add device_handler_status_download() which process callers can
call to register and update progress information (percentage and current
size).
A list of 'progress_info' structs holds this progress information, and
on each call to device_handler_status_download() the information is
combined and displayed as a single status update for readability.
On completion device_handler_status_download_remove() is called to
remove old progress information from the list.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/paths: Add stdout callback parameter for load_url_async()

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

lib/process: Allow process output to be retrieved on each event

Allow a custom callback function to be set when registering the IO
waiter for asynchronous processes.

To allow output from processes to be parsed as it is received, add
process_stdout_custom() which passes a new "line" parameter to
process_read_stdout_once() in order to consume output as it appears.

Users of a custom IO callback will only have access to the process_info
struct which is internal to lib/process; the function
procinfo_get_process() is added to allow these callers to access process
information.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/boot: Improve kexec error reporting

Update kexec_load() to preserve output from the call to `kexec -l`. On
error retrieve the resulting error message and update the status line
with it to provide a more informative error message.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

ui/ncurses/text-screen: trim long lines

When a text_screen is given a long line, it'll wrap to the next,
overstepping the left margin.

We already have folded text for flowed text screens, so just trim long
lines at the correct column.

This exposes an off-by-one with the automatic wrapping in
text_screen_set_text(), where we may overrun the last char, so fix that
too.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/status: Add status messages for payload download results

... using the URL which is now present in the load_result.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/status: Use full URL in parse status message

->conf_url is the base address, we want the actual loaded URL.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/status: Add parse status for GRUB2, yaboot & kboot parsers

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/status: make boot status calls more consistent

Capitals where suitable, remove underscore from kexec_load, use
translated strings for payload names.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/status: report on PXE download failures

Add dev_err messages on both autoconfiguration and
specified-configuration download failures.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/status: report attempts at PXE configuration download

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/status: Be more specific about DHCP event status message

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/status: report status on link configuration

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/status: remove completion messages

The completion messages are unconditional, so don't really indicate
anything. In fact, the dhcp completion status is misleading, as we may
still be processing the context through pxe callbacks.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover: Add reference to url in load_url_result

We may want to access the loaded URL in a async handler.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover: add handler reference to struct discover_context

Since the device handler provides the status message functions, we need
a pointer to it for device discovery (which we use a struct
discover_context for).

This change adds a 'handler' member to struct discover_context, to allow
status reporting. Since we now have a handler, there's no need for the
network pointer, so provide an accessor function instead.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover: Use device_handler_status_dev_* for device-specific status

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover: Add device-specific status reporting functions

Most of our status reporting is against a specific device, so add
status reporting functions that take a struct discover_device and use a
stnadard prefix.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover: use helpers for status reporting

Now that we have helpers for simpler status reporting, use those instead
of constructing a struct status everywhere.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover: Add helpers for status reporting

This change adds a couple of helpers for the status reporting API,
allowing callers to provide just a set of printf-style arguments, rather
than having to build up a struct status.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover: separate status-reporting function from boot() callback

Currently, the device_discover_boot_status function is both used for
internal status updates, as well as the callback passed to boot().

This change splits this into two functions; one for the latter and one
for the former. The latter just has a void * for its first argument, to
match the boot_status_fn type.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

ui/ncurses: remove "Info:" / "Error:" prefix from status area

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

ui/ncurses: Add status log UI

Currently, status messages from the server are displayed in a single
line at the bottom of the main menu UI, and are lost once a new status
is reported.

This change adds a facility for the UI to collect and display the status
messages from the server, in a dedicated UI screen. This allows a user
to look back through the discovery & boot process.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

types: Remove detail and progress from struct status

Nothing used these, and the serialisation was buggy anyway.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

types: shorten boot_status definitions

struct boot_status is a bit misnamed; we report status on things that
aren't just the boot status (eg, discovery).

This change refactors struct boot_status into just struct status. We
give the type enum a name, and shorten the enum values to suit.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

ui/ncurses: Make server connect message more clear

The current message mentions a "server" which can give the misleading
impression that the UI is waiting for a remote network server. The delay
is actually in waiting for the pb-discover process to be ready, so
update the message to reflect that.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/platform-powerpc: Reject bootdevs with empty UUIDs

If a "uuid:" label is set in the petitboot,bootdevs parameter without a
matching UUID, the UUID is unintentionally accepted and set to NULL.
This can cause a segfault in nc-config when device UUIDs are compared
against the autoboot option. Instead treat options like this as
malformed.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/platform-powerpc: Deprecate petitboot,bootdev parameter

The "petitboot,bootdevs" parameter has been around long enough now that
there shouldn't be anyone still transitioning over from the old
"petitboot,bootdev" parameter. Drop this parameter to simplify the
populate_bootdev_config() logic.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/platform-powerpc: Remove unused max_partition_size

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

Support HTTP(S) proxies when downloading resources

Allow the user to specify a HTTP and HTTPS proxy server. The discover
server will set the http_proxy and https_proxy environment variables,
enabling the proxy servers for any further HTTP(S) requests.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

ui/ncurses: Spin child to ensure autoboot cancelled on exit

If the client is not connected to the server instance when exiting, fork
and have the child process spin until the server is available and can be
told to cancel autoboot. This prevents the scenario of a user exiting
the UI and having the server continue to autoboot while they are using
the command line.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

utils: Rename 30-dtb_updates to 30-dtb-updates

This is more consistent with other files in utils/hooks.

Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/pxe-parser: Parse only the first config

Commit 2163af5 "discover/pxe-parser: Retrieve configs asynchronously"
added asynchronous loading of remote pxe filenames, but made an
unintended change in behaviour to the PXE parser. Previously the parser
would try a list of possible filenames, and parse the first one it
found. However the above commit spawns an asynchronous job for every
filename, and parses any that can be retrieved. It is a common
configuration to have a machine-specific config and a 'fallback' default
config, and the change means we could erroneously retrieve and parse
both configs.

Update the PXE parser so that asynchronous jobs are spawned
sequentially. That is, spawn a job for the first filename and if not
successful spawn another job for the next filename, and so on. Once a
remote config is successfully retrieved, parse it and stop.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

lib/file: Fix errors found by Coverity scan

Fix several errors in copy_file_secure_dest() found by Coverity and some
minor formatting issues:

143603: Correctly handle mkstemp() return value
143605: Avoid accessing dest_filename[-1] on readlink() error
143606, 143610: Avoid accessing dest_filename[sizeof(dest_filename)]
143607: Fix incorrectly passing sizeof(pointer) to fread()
143608, 143611: Cleanup resources on early exit
143609: Explicitly set umask before calling mkstemp()

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

utils/hooks: Rename 30-add-offb to 30-dtb-updates

30-add-offb now performs functions other than just setting offb
information, so rename it to a more accurate '30-dtb-updates'.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

Consolidate petitboot,tty and petitboot,console

Commit ce54f86 "Add petitboot,tty and track available consoles" added
the petitboot,tty parameter, but the petitboot,console parameter is also
recognised by Petitboot. These are ultimately handled by the 30-add-offb
and 80-set-stdout hooks respectively, but exist for mostly the same
purpose.

We consolidate these down to just the original petitboot,console
parameter. If the contents of petitboot,console have been configured by
Petitboot (ie. it is of the form /dev/dev# [ Description ]) we behave as
normal, otherwise we assume that petitboot,console contains a full
OF path to the intended console device and do not allow it to be
modified. This follows petitboot,console's original intent to be a debug
aid, and takes precedence over any other use.
The 80-set-stdout hook is removed as 30-add-offb now accounts for both
use cases.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

Use 'consoles' instead of 'tty' to refer to interfaces

'Console' is more readily understandable and technically more correct
than 'tty' for referring to the interfaces that Petitboot starts a UI on.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

ui/ncurses: Display warning when net override active

If the current interface config has been set by an IPMI network
override, display a warning in nc-config that saving the current config
will overwrite any saved interface config.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover: Avoid writing network overrides to NVRAM

Explicitly keep track of whether the current interface config was set by
an IPMI network override, and avoid overwriting any saved config unless
the override was marked persistent.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/network: Add find_interface_by_uuid

Currently in network_register_device() and network_unregister_device()
the appropriate interface is searched for by name. However it is
possible in some scenarios for multiple interfaces to have the same
name, so instead search by UUID to be sure that the correct interface is
being selected.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover: Pass UUID to discover_device_create()

Currently discover_device_create() will search for existing discover
devices by id to determine if a new device is required. However it is
possible under some circumstances for distinct devices to have the same
name. This is especially troublesome if the following network events are
seen in network_handle_nlmsg():

- New interface, 'foo' with uuid x:x:x:x:x:x
-> new discover device created with
dev->device->id = 'foo'
dev->uuid = x:x:x:x:x:x
- New interface, 'foo' with uuid y:y:y:y:y:y
-> existing device 'foo' found
dev->uuid = y:y:y:y:y:y

This can occur if an interface rename event arrives *after* an old name
is reused, where temporarily Petitboot will see two distinct network
interfaces with the same name. Now the two interfaces point to the same
discover device, which can quickly result in a segfault if a 'remove'
event occurs for one of the interfaces and the discover device is freed.

To generally avoid this a 'uuid' parameter is added to
discover_device_create(), which if present allows existing devices to be
looked up by UUID rather than just their name.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

utils: Always pass MAC address in pb-udhcpc

pb-udhcpc currently only passes the interface's MAC address for an 'add'
event, however it is useful to know it for any user event concerning a
network interface. Pass it to pb-event in all cases.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover: Deprecate 'conf' user event

The 'conf' user event is functionally very similar to the 'url' event,
in that both events result in downloading a specified configuration file
and passing it to iterate_parsers().
The 'url' event additionally allows downloading files from a directory
path and is also accessed by the UI via pb-protocol, so remove the
'conf' event and associated functions in favour of 'url' and
device_handler_process_url().

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/event: Ensure event struct exists for async callers

When handling an event, user_event_handle_message() creates an event
struct with relevant parameters. Once user_event_handle_message() is
finished it frees the struct.
However in the case of a dhcp or add_url event, asynchronous jobs may be
spawned that will later reference the event struct. In particular this
becomes a problem when pxe_process_pair() handles an IPAPPEND name/value
pair and tries to access event->device.

In the case of dhcp and add_url events, we avoid this by changing the
event struct's talloc parent to the discover_context struct which
persists until all async pxe jobs have completed.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

Add encrypted file support

In certain cases, such as network booting over an untrusted connection,
it may be useful to fully encrypt and sign the kernel files.

Enable fully encrypted boot using builtin keyring via the addition of
the string "ENCRYPTED" to the first line of the /etc/pb-lockdown file.
This disables detached (plaintext) signature verification.

Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

Disable shell access when lockdown is active

This patch disables direct command line access when the /etc/pb-lockdown
file is present.

Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

Add support for GPG signature enforcement on booted

kernels and related blobs

This can be used to implement a form of organization-controlled secure boot,
whereby kernels may be loaded from a variety of sources but they will only
boot if a valid signature file is found for each component, and only if the
signature is listed in the /etc/pb-lockdown file.

Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
(Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)

discover/network: Ignore tun devices

In some environments a default 'tun' device is created. Petitboot
doesn't use this and it clutters up the list of network devices, so
ignore it if it is encountered.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

ui/ncurses: Treat left/right arrow keys properly

It turns out ncurses helpfully provides REQ_LEFT_FIELD and
REQ_RIGHT_FIELD to navigate between visually horizontal fields. Update
widgetset_process_key() to use these for KEY_LEFT and KEY_RIGHT
respectively.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/boot: Always pass --append to kexec

If we don't specify command line arguments for the next kernel, kexec
will add the contents of /chosen/bootargs if present. This is unintended
and not obvious to the user, so explicitly add append="" to the kexec
arguments if we have none to add instead.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

hooks/set-stdout: move hook to after automatic stdout settings

If a console is defined in NVRAM, we want it to take precedence over
anything that 30-add-offb calculates automatically. This change shifts
the 20-set-stdout script to later in the hook processing, so that it
will override any automatic settings.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

hooks/add-offb: Add leading slash to HVC node paths

We need an absolute path to the serial@N device. It looks like some
kernels aren't reading the current path correctly, leading to no console
output.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Acked-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

README.md: Add README file

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover: Add 'sync' user event

Add a user event named 'sync' that causes the discover server to merge
the devicemapper snapshots of mounted devices. This is particularly
useful as a debug aid (for example, when copying logs to a USB device),
as the server will otherwise only sync changes to mounted devices in
response to parser actions.

The command can be called as

pb-event sync@device

to sync a particular device, or as

pb-event sync@all

to sync all devices with snapshots.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

ui/ncurses: Call widget process_key handlers first

Adding KEY_LEFT and KEY_RIGHT brought to light the problem that
widgetset_process_keys() may handle keystrokes that would have also been
handled by a widget's process_keys function. In particular the cursor
in a textbox widget could no longer be moved with the left/right keys.

This updates widgetset_process_keys() to call the focussed widget's
process_keys function before handling the key in any other way. All of
the widget process_keys functions correctly return false if the key is
not relevant to the widget except for textbox_process_key() which is
updated to ignore the main navigational keys.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/device-handler: Remove default option if device removed

If one of a device's boot options is the current default boot option,
make sure the default boot is cancelled before the device is removed.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/network: Mark interfaces configured once configured

In some cases additional netlink messages can be received for an
already-configured interface without any relevant changes. This can
result in multiple DHCP requests for the same interface.
Once an interface has been configured mark it as IFSTATE_CONFIGURED
to avoid configuring it again.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/platform-powerpc: Use IPMI on BMC-based machines only

With a kernel that has IPMI support Petitboot will try to use direct
IPMI, however on FSP machines this is not fully functional. Use direct
IPMI only on BMC-based machines, and use sysparams otherwise.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/device-handler: Ignore options without kernel

All boot options must at least have a boot image; ignore any options
that do not before trying to resolve them.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

ui/ncurses: Properly set focus when updating subset

When a subset widget is made empty focus is switched to the first
visible field. It should actually be set to the first visible and active
field, otherwise we can try to focus an un-selectable label.

While we're here, also properly set the visibility for the autoboot
enable/disable widget.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

ui/ncurses: Update keybindings for subsets

We now use KEY_LEFT and KEY_RIGHT for general navigation; update
subset_process_key() to use the following keybindings:

Reorder items up/down: Minus/Plus keys (-/+)
Delete item: Delete or Backspace

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

ui/ncurses: define KEY_DC (delete key)

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

utils/hooks: Set linux,stdout-path for primary console

If the boot_tty environment variable is set, determine which device path
to set in the linux,stdout-path property, which will instruct the next
kernel to use it as the primary console.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>