Lennart Poettering
feb12d3ed2
journal: make libgcrypt dependency optional
2012-08-20 16:51:46 +02:00
Lennart Poettering
8088cbd3cf
journal: use a macro to check for file header flags
2012-08-20 16:11:42 +02:00
Lennart Poettering
f7fab8a5ae
journal: fix tag ordering check
2012-08-20 15:59:33 +02:00
Lennart Poettering
a2e99cdf94
journal: fix bisection algorithm
2012-08-19 15:16:32 +02:00
Lennart Poettering
fc89a13992
journal: validate timestamps as well
2012-08-19 15:16:11 +02:00
Lennart Poettering
84168d8068
mmap: resize arrays dynamically
2012-08-18 01:46:20 +02:00
Lennart Poettering
fb9a24b6b1
journal: even more simple static object tests
2012-08-18 01:45:39 +02:00
Lennart Poettering
97147f8c1f
journal: refuse verification of files with unknown flags
2012-08-18 00:41:06 +02:00
Lennart Poettering
b72631e59c
jounral: write bit fiddling test
...
This test goes through every single bit in a journal file, toggles it,
and checks if this change is detected by the verification.
2012-08-18 00:40:03 +02:00
Lennart Poettering
c586dbf110
journal: fix verification without key
2012-08-18 00:38:57 +02:00
Lennart Poettering
db11ac1ab5
journald: add additional simple static tests to verifier
2012-08-18 00:37:21 +02:00
Lennart Poettering
a010801297
journal: be fine with opening rotated/corrupted journal files
2012-08-17 22:10:36 +02:00
Lennart Poettering
f982e6f761
journal: set secure deletion flags for FSS file
2012-08-17 22:10:11 +02:00
Lennart Poettering
6c7be122ac
journal: after verification output validated time range
2012-08-17 03:30:22 +02:00
Lennart Poettering
356fe3e6c6
journal: reword verification messages a bit
2012-08-17 03:01:07 +02:00
Lennart Poettering
7b5fd91c54
journal: ensure that entries and tags are properly ordered
2012-08-17 03:00:09 +02:00
Lennart Poettering
3223f44f23
journal: show new header fields in header dump
2012-08-17 02:29:20 +02:00
Lennart Poettering
e627440b41
journal: don't write tag objects if nothing has been written since the last time
2012-08-17 01:19:32 +02:00
Lennart Poettering
31094aae09
man: add man pages for new FSS stuff
2012-08-17 01:09:43 +02:00
Lennart Poettering
baed47c3c2
journal: rework terminology
...
Let's clean up our terminology a bit. New terminology:
FSS = Forward Secure Sealing
FSPRG = Forward Secure Pseudo-Random Generator
FSS is the combination of FSPRG and a HMAC.
Sealing = process of adding authentication tags to the journal.
Verification = process of checking authentication tags to the journal.
Sealing Key = The key used for adding authentication tags to the journal.
Verification Key = The key used for checking authentication tags of the journal.
Key pair = The pair of Sealing Key and Verification Key
Internally, the Sealing Key is the combination of the FSPRG State plus
change interval/start time.
Internally, the Verification Key is the combination of the FSPRG Seed
plus change interval/start time.
2012-08-17 00:45:18 +02:00
Lennart Poettering
14d10188de
journal: add FSPRG journal authentication
2012-08-16 23:58:14 +02:00
Lennart Poettering
a8e5f51484
journal: fix tag sequence number verification
2012-08-16 21:22:11 +02:00
Lennart Poettering
56e81f7ca8
journalctl: immeidately terminate on invalid seed
2012-08-16 21:00:47 +02:00
Lennart Poettering
b7c9ae91d1
journal: parse fsprg seed
2012-08-16 21:00:47 +02:00
Lennart Poettering
2dee23ebe0
journal: count number of entry arrays in header
2012-08-16 21:00:47 +02:00
Kay Sievers
45b51b6b71
keymap: fix map name reference
2012-08-16 21:00:06 +02:00
Zbigniew Jędrzejewski-Szmek
2737027897
journal: rename 'mmap' to 'mmap_cache' to appease gcc
...
warning: declaration of 'mmap' shadows a global declaration [-Wshadow]
2012-08-16 19:44:51 +02:00
Lennart Poettering
1137e6c73b
journal: fix variable initialization
2012-08-16 17:39:00 +02:00
Lennart Poettering
2a7273ef92
journal: fix unitialized var
2012-08-16 17:22:58 +02:00
Lennart Poettering
f5028bfaf0
journal: journal-send.h doesn't actually exist
2012-08-16 17:19:47 +02:00
Lennart Poettering
86adf873be
journal: verify structural consistency
2012-08-16 17:10:58 +02:00
Lennart Poettering
f9fffc31cd
journal: add color to verification progress bar
2012-08-16 17:10:57 +02:00
Lennart Poettering
fd5dc3204d
journal: verify compressed objects
2012-08-16 17:10:57 +02:00
Lennart Poettering
4da416aa20
journalctl: add --verify-seed= switch to specify seed value
2012-08-16 17:10:57 +02:00
Lennart Poettering
f59a5f6b87
journal: verify hashes only during actual verification, not all the time
2012-08-16 17:10:57 +02:00
Lennart Poettering
0284adc6a6
journal: split up journal-file.c
2012-08-16 17:10:57 +02:00
Lennart Poettering
f65425cbc4
journal: add superficial structure verifier
2012-08-16 17:10:57 +02:00
Lennart Poettering
beec008561
journal: implement basic journal file verification logic
2012-08-16 17:10:57 +02:00
Lennart Poettering
07cacf5f3b
conf-parser: make parsing exit status lists non-fatal
2012-08-16 17:10:57 +02:00
Lennart Poettering
16e9f408fa
journal: implement generic sharable mmap caching logic
...
instead of having one simple per-file cache implement an more
comprehensive one that works for multiple files and can actually
maintain multiple maps per file and per object type.
2012-08-16 17:10:56 +02:00
Martin Pitt
405053fafa
keymap: Add Sony VGN
...
https://launchpad.net/bugs/939868
2012-08-15 08:46:03 +02:00
Lennart Poettering
d046b20b11
conf-parser: simplify a few things by using set_ensure_allocated() rather than set_new()
2012-08-14 18:42:26 +02:00
Lennart Poettering
abdf799316
man: extend documentation for RestartPreventExitStatus= and SuccessExitStatus= a bit
2012-08-14 18:37:45 +02:00
Lukas Nykryn
96342de68d
service: add options RestartPreventExitStatus and SuccessExitStatus
...
In some cases, like wrong configuration, restarting after error
does not help, so administrator can specify statuses by RestartPreventExitStatus
which will not cause restart of a service.
Sometimes you have non-standart exit status, so this can be specified
by SuccessfulExitStatus.
2012-08-14 14:46:03 +02:00
Lennart Poettering
d98cc1f29f
journal: include tag object header in hmac
2012-08-13 21:52:58 +02:00
Lennart Poettering
b0af6f41ea
journal: add all objects we add to HMAC
2012-08-13 20:57:38 +02:00
Lennart Poettering
7560fffcd2
journald: initial version of FSPRG hookup
...
This adds forward-secure authentication of journal files. This patch
includes key generation as well as tagging of journal files,
Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
Lennart Poettering
8caf9d6836
umount: MS_MGC_VAL is so 90s
2012-08-13 16:30:10 +02:00
Lennart Poettering
5a7e959984
update TODO
2012-08-13 16:27:17 +02:00
Lennart Poettering
1e41be2015
nspawn,namespaces: make sure we recursively bind mount things in
...
We want to make sure that everything from the host is also visible in
the sandbox.
2012-08-13 16:25:03 +02:00