Commit Graph

9136 Commits

Author SHA1 Message Date
Lennart Poettering
feb12d3ed2 journal: make libgcrypt dependency optional 2012-08-20 16:51:46 +02:00
Lennart Poettering
8088cbd3cf journal: use a macro to check for file header flags 2012-08-20 16:11:42 +02:00
Lennart Poettering
f7fab8a5ae journal: fix tag ordering check 2012-08-20 15:59:33 +02:00
Lennart Poettering
a2e99cdf94 journal: fix bisection algorithm 2012-08-19 15:16:32 +02:00
Lennart Poettering
fc89a13992 journal: validate timestamps as well 2012-08-19 15:16:11 +02:00
Lennart Poettering
84168d8068 mmap: resize arrays dynamically 2012-08-18 01:46:20 +02:00
Lennart Poettering
fb9a24b6b1 journal: even more simple static object tests 2012-08-18 01:45:39 +02:00
Lennart Poettering
97147f8c1f journal: refuse verification of files with unknown flags 2012-08-18 00:41:06 +02:00
Lennart Poettering
b72631e59c jounral: write bit fiddling test
This test goes through every single bit in a journal file, toggles it,
and checks if this change is detected by the verification.
2012-08-18 00:40:03 +02:00
Lennart Poettering
c586dbf110 journal: fix verification without key 2012-08-18 00:38:57 +02:00
Lennart Poettering
db11ac1ab5 journald: add additional simple static tests to verifier 2012-08-18 00:37:21 +02:00
Lennart Poettering
a010801297 journal: be fine with opening rotated/corrupted journal files 2012-08-17 22:10:36 +02:00
Lennart Poettering
f982e6f761 journal: set secure deletion flags for FSS file 2012-08-17 22:10:11 +02:00
Lennart Poettering
6c7be122ac journal: after verification output validated time range 2012-08-17 03:30:22 +02:00
Lennart Poettering
356fe3e6c6 journal: reword verification messages a bit 2012-08-17 03:01:07 +02:00
Lennart Poettering
7b5fd91c54 journal: ensure that entries and tags are properly ordered 2012-08-17 03:00:09 +02:00
Lennart Poettering
3223f44f23 journal: show new header fields in header dump 2012-08-17 02:29:20 +02:00
Lennart Poettering
e627440b41 journal: don't write tag objects if nothing has been written since the last time 2012-08-17 01:19:32 +02:00
Lennart Poettering
31094aae09 man: add man pages for new FSS stuff 2012-08-17 01:09:43 +02:00
Lennart Poettering
baed47c3c2 journal: rework terminology
Let's clean up our terminology a bit. New terminology:

FSS = Forward Secure Sealing
FSPRG = Forward Secure Pseudo-Random Generator

FSS is the combination of FSPRG and a HMAC.

Sealing = process of adding authentication tags to the journal.
Verification = process of checking authentication tags to the journal.

Sealing Key = The key used for adding authentication tags to the journal.
Verification Key = The key used for checking authentication tags of the journal.
Key pair = The pair of Sealing Key and Verification Key

Internally, the Sealing Key is the combination of the FSPRG State plus
change interval/start time.

Internally, the Verification Key is the combination of the FSPRG Seed
plus change interval/start time.
2012-08-17 00:45:18 +02:00
Lennart Poettering
14d10188de journal: add FSPRG journal authentication 2012-08-16 23:58:14 +02:00
Lennart Poettering
a8e5f51484 journal: fix tag sequence number verification 2012-08-16 21:22:11 +02:00
Lennart Poettering
56e81f7ca8 journalctl: immeidately terminate on invalid seed 2012-08-16 21:00:47 +02:00
Lennart Poettering
b7c9ae91d1 journal: parse fsprg seed 2012-08-16 21:00:47 +02:00
Lennart Poettering
2dee23ebe0 journal: count number of entry arrays in header 2012-08-16 21:00:47 +02:00
Kay Sievers
45b51b6b71 keymap: fix map name reference 2012-08-16 21:00:06 +02:00
Zbigniew Jędrzejewski-Szmek
2737027897 journal: rename 'mmap' to 'mmap_cache' to appease gcc
warning: declaration of 'mmap' shadows a global declaration [-Wshadow]
2012-08-16 19:44:51 +02:00
Lennart Poettering
1137e6c73b journal: fix variable initialization 2012-08-16 17:39:00 +02:00
Lennart Poettering
2a7273ef92 journal: fix unitialized var 2012-08-16 17:22:58 +02:00
Lennart Poettering
f5028bfaf0 journal: journal-send.h doesn't actually exist 2012-08-16 17:19:47 +02:00
Lennart Poettering
86adf873be journal: verify structural consistency 2012-08-16 17:10:58 +02:00
Lennart Poettering
f9fffc31cd journal: add color to verification progress bar 2012-08-16 17:10:57 +02:00
Lennart Poettering
fd5dc3204d journal: verify compressed objects 2012-08-16 17:10:57 +02:00
Lennart Poettering
4da416aa20 journalctl: add --verify-seed= switch to specify seed value 2012-08-16 17:10:57 +02:00
Lennart Poettering
f59a5f6b87 journal: verify hashes only during actual verification, not all the time 2012-08-16 17:10:57 +02:00
Lennart Poettering
0284adc6a6 journal: split up journal-file.c 2012-08-16 17:10:57 +02:00
Lennart Poettering
f65425cbc4 journal: add superficial structure verifier 2012-08-16 17:10:57 +02:00
Lennart Poettering
beec008561 journal: implement basic journal file verification logic 2012-08-16 17:10:57 +02:00
Lennart Poettering
07cacf5f3b conf-parser: make parsing exit status lists non-fatal 2012-08-16 17:10:57 +02:00
Lennart Poettering
16e9f408fa journal: implement generic sharable mmap caching logic
instead of having one simple per-file cache implement an more
comprehensive one that works for multiple files and can actually
maintain multiple maps per file and per object type.
2012-08-16 17:10:56 +02:00
Martin Pitt
405053fafa keymap: Add Sony VGN
https://launchpad.net/bugs/939868
2012-08-15 08:46:03 +02:00
Lennart Poettering
d046b20b11 conf-parser: simplify a few things by using set_ensure_allocated() rather than set_new() 2012-08-14 18:42:26 +02:00
Lennart Poettering
abdf799316 man: extend documentation for RestartPreventExitStatus= and SuccessExitStatus= a bit 2012-08-14 18:37:45 +02:00
Lukas Nykryn
96342de68d service: add options RestartPreventExitStatus and SuccessExitStatus
In some cases, like wrong configuration, restarting after error
does not help, so administrator can specify statuses by RestartPreventExitStatus
which will not cause restart of a service.

Sometimes you have non-standart exit status, so this can be specified
by SuccessfulExitStatus.
2012-08-14 14:46:03 +02:00
Lennart Poettering
d98cc1f29f journal: include tag object header in hmac 2012-08-13 21:52:58 +02:00
Lennart Poettering
b0af6f41ea journal: add all objects we add to HMAC 2012-08-13 20:57:38 +02:00
Lennart Poettering
7560fffcd2 journald: initial version of FSPRG hookup
This adds forward-secure authentication of journal files. This patch
includes key generation as well as tagging of journal files,
Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
Lennart Poettering
8caf9d6836 umount: MS_MGC_VAL is so 90s 2012-08-13 16:30:10 +02:00
Lennart Poettering
5a7e959984 update TODO 2012-08-13 16:27:17 +02:00
Lennart Poettering
1e41be2015 nspawn,namespaces: make sure we recursively bind mount things in
We want to make sure that everything from the host is also visible in
the sandbox.
2012-08-13 16:25:03 +02:00