journalctl: output FSS key as QR code on generating
This commit is contained in:
parent
3e4b9b506d
commit
f6a971bc0b
12
Makefile.am
12
Makefile.am
|
@ -2353,6 +2353,18 @@ journalctl_LDADD = \
|
|||
libsystemd-id128-internal.la \
|
||||
libsystemd-logs.la
|
||||
|
||||
if HAVE_QRENCODE
|
||||
journalctl_SOURCES += \
|
||||
src/journal/journal-qrcode.c \
|
||||
src/journal/journal-qrcode.h
|
||||
|
||||
journalctl_CFLAGS += \
|
||||
$(QRENCODE_CFLAGS)
|
||||
|
||||
journalctl_LDADD += \
|
||||
$(QRENCODE_LIBS)
|
||||
endif
|
||||
|
||||
test_journal_SOURCES = \
|
||||
src/journal/test-journal.c
|
||||
|
||||
|
|
13
configure.ac
13
configure.ac
|
@ -383,6 +383,18 @@ if test "x$enable_libcryptsetup" != "xno"; then
|
|||
fi
|
||||
AM_CONDITIONAL(HAVE_LIBCRYPTSETUP, [test "$have_libcryptsetup" = "yes"])
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
have_qrencode=no
|
||||
AC_ARG_ENABLE(qrencode, AS_HELP_STRING([--disable-qrencode], [disable qrencode support]))
|
||||
if test "x$enable_qrencode" != "xno"; then
|
||||
PKG_CHECK_MODULES(QRENCODE, [ libqrencode ],
|
||||
[AC_DEFINE(HAVE_QRENCODE, 1, [Define if qrencode is available]) have_qrencode=yes], have_qrencode=no)
|
||||
if test "x$have_qrencode" = xno -a "x$enable_qrencode" = xyes; then
|
||||
AC_MSG_ERROR([*** qrencode support requested but libraries not found])
|
||||
fi
|
||||
fi
|
||||
AM_CONDITIONAL(HAVE_QRENCODE, [test "$have_qrencode" = "yes"])
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
have_binfmt=no
|
||||
AC_ARG_ENABLE(binfmt, AS_HELP_STRING([--disable-binfmt], [disable binfmt tool]))
|
||||
|
@ -760,6 +772,7 @@ AC_MSG_RESULT([
|
|||
XZ: ${have_xz}
|
||||
ACL: ${have_acl}
|
||||
GCRYPT: ${have_gcrypt}
|
||||
QRENCODE: ${have_qrencode}
|
||||
binfmt: ${have_binfmt}
|
||||
vconsole: ${have_vconsole}
|
||||
readahead: ${have_readahead}
|
||||
|
|
127
src/journal/journal-qrcode.c
Normal file
127
src/journal/journal-qrcode.c
Normal file
|
@ -0,0 +1,127 @@
|
|||
/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
|
||||
|
||||
/***
|
||||
This file is part of systemd.
|
||||
|
||||
Copyright 2012 Lennart Poettering
|
||||
|
||||
systemd is free software; you can redistribute it and/or modify it
|
||||
under the terms of the GNU Lesser General Public License as published by
|
||||
the Free Software Foundation; either version 2.1 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
systemd is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public License
|
||||
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
||||
***/
|
||||
|
||||
#include <assert.h>
|
||||
#include <stdio.h>
|
||||
#include <errno.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdbool.h>
|
||||
|
||||
#include <qrencode.h>
|
||||
|
||||
#include "journal-qrcode.h"
|
||||
|
||||
#define WHITE_ON_BLACK "\033[40;37;1m"
|
||||
#define NORMAL "\033[0m"
|
||||
|
||||
static void print_border(FILE *output, unsigned width) {
|
||||
unsigned x, y;
|
||||
|
||||
/* Four rows of border */
|
||||
for (y = 0; y < 4; y += 2) {
|
||||
fputs(WHITE_ON_BLACK, output);
|
||||
|
||||
for (x = 0; x < 4 + width + 4; x++)
|
||||
fputs("\342\226\210", output);
|
||||
|
||||
fputs(NORMAL "\n", output);
|
||||
}
|
||||
}
|
||||
|
||||
int print_qr_code(FILE *output, const void *seed, size_t seed_size, uint64_t start, uint64_t interval, const char *hn, sd_id128_t mahcine) {
|
||||
FILE *f;
|
||||
char *url = NULL;
|
||||
size_t url_size = 0, i;
|
||||
QRcode* qr;
|
||||
unsigned x, y;
|
||||
|
||||
assert(seed);
|
||||
assert(seed_size > 0);
|
||||
|
||||
f = open_memstream(&url, &url_size);
|
||||
if (!f)
|
||||
return -ENOMEM;
|
||||
|
||||
fputs("fss://", f);
|
||||
|
||||
for (i = 0; i < seed_size; i++) {
|
||||
if (i > 0 && i % 3 == 0)
|
||||
fputc('-', f);
|
||||
fprintf(f, "%02x", ((uint8_t*) seed)[i]);
|
||||
}
|
||||
|
||||
fprintf(f, "/%llx-%llx\n", (unsigned long long) start, (unsigned long long) interval);
|
||||
|
||||
if (hn)
|
||||
fprintf(f, "?hostname=%s", hn);
|
||||
|
||||
if (ferror(f)) {
|
||||
fclose(f);
|
||||
free(url);
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
fclose(f);
|
||||
|
||||
qr = QRcode_encodeString(url, 0, QR_ECLEVEL_L, QR_MODE_8, 1);
|
||||
free(url);
|
||||
|
||||
if (!qr)
|
||||
return -ENOMEM;
|
||||
|
||||
print_border(output, qr->width);
|
||||
|
||||
for (y = 0; y < (unsigned) qr->width; y += 2) {
|
||||
const uint8_t *row1, *row2;
|
||||
|
||||
row1 = qr->data + qr->width * y;
|
||||
row2 = row1 + qr->width;
|
||||
|
||||
fputs(WHITE_ON_BLACK, output);
|
||||
for (x = 0; x < 4; x++)
|
||||
fputs("\342\226\210", output);
|
||||
|
||||
for (x = 0; x < (unsigned) qr->width; x ++) {
|
||||
bool a, b;
|
||||
|
||||
a = row1[x] & 1;
|
||||
b = (y+1) < (unsigned) qr->width ? (row2[x] & 1) : false;
|
||||
|
||||
if (a && b)
|
||||
fputc(' ', output);
|
||||
else if (a)
|
||||
fputs("\342\226\204", output);
|
||||
else if (b)
|
||||
fputs("\342\226\200", output);
|
||||
else
|
||||
fputs("\342\226\210", output);
|
||||
}
|
||||
|
||||
for (x = 0; x < 4; x++)
|
||||
fputs("\342\226\210", output);
|
||||
fputs(NORMAL "\n", output);
|
||||
}
|
||||
|
||||
print_border(output, qr->width);
|
||||
|
||||
QRcode_free(qr);
|
||||
return 0;
|
||||
}
|
30
src/journal/journal-qrcode.h
Normal file
30
src/journal/journal-qrcode.h
Normal file
|
@ -0,0 +1,30 @@
|
|||
/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
|
||||
|
||||
#pragma once
|
||||
|
||||
/***
|
||||
This file is part of systemd.
|
||||
|
||||
Copyright 2012 Lennart Poettering
|
||||
|
||||
systemd is free software; you can redistribute it and/or modify it
|
||||
under the terms of the GNU Lesser General Public License as published by
|
||||
the Free Software Foundation; either version 2.1 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
systemd is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public License
|
||||
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
||||
***/
|
||||
|
||||
#include <inttypes.h>
|
||||
#include <sys/types.h>
|
||||
#include <stdio.h>
|
||||
|
||||
#include <systemd/sd-id128.h>
|
||||
|
||||
int print_qr_code(FILE *f, const void *seed, size_t seed_size, uint64_t start, uint64_t interval, const char *hn, sd_id128_t machine);
|
|
@ -46,6 +46,7 @@
|
|||
#include "journal-def.h"
|
||||
#include "journal-verify.h"
|
||||
#include "journal-authenticate.h"
|
||||
#include "journal-qrcode.h"
|
||||
#include "fsprg.h"
|
||||
|
||||
#define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
|
||||
|
@ -607,12 +608,26 @@ static int setup_keys(void) {
|
|||
printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
|
||||
|
||||
if (isatty(STDOUT_FILENO)) {
|
||||
char tsb[FORMAT_TIMESPAN_MAX];
|
||||
char tsb[FORMAT_TIMESPAN_MAX], *hn;
|
||||
|
||||
fprintf(stderr,
|
||||
ANSI_HIGHLIGHT_OFF "\n"
|
||||
"The sealing key is automatically changed every %s.\n",
|
||||
format_timespan(tsb, sizeof(tsb), arg_interval));
|
||||
|
||||
hn = gethostname_malloc();
|
||||
|
||||
if (hn) {
|
||||
hostname_cleanup(hn);
|
||||
fprintf(stderr, "The keys have been generated for host %s (" SD_ID128_FORMAT_STR ").\n", hn, SD_ID128_FORMAT_VAL(machine));
|
||||
} else
|
||||
fprintf(stderr, "The keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
|
||||
|
||||
#ifdef HAVE_QRENCODE
|
||||
fputc('\n', stderr);
|
||||
print_qr_code(stderr, seed, seed_size, n, arg_interval, hn, machine);
|
||||
#endif
|
||||
free(hn);
|
||||
}
|
||||
|
||||
r = 0;
|
||||
|
|
|
@ -3089,7 +3089,6 @@ bool hostname_is_set(void) {
|
|||
return !isempty(u.nodename) && !streq(u.nodename, "(none)");
|
||||
}
|
||||
|
||||
|
||||
static char *lookup_uid(uid_t uid) {
|
||||
long bufsize;
|
||||
char *buf, *name;
|
||||
|
|
Loading…
Reference in a new issue