chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
journal: make libgcrypt dependency optional
[elogind.git]
/
src
/
journal
/
journalctl.c
diff --git
a/src/journal/journalctl.c
b/src/journal/journalctl.c
index 25f41f63222230f06b36312c79382020592368f4..551cb311b54d9dda02e7e5494f78b24771aef349 100644
(file)
--- a/
src/journal/journalctl.c
+++ b/
src/journal/journalctl.c
@@
-62,7
+62,9
@@
static bool arg_this_boot = false;
static const char *arg_directory = NULL;
static int arg_priorities = 0xFF;
static const char *arg_verify_key = NULL;
static const char *arg_directory = NULL;
static int arg_priorities = 0xFF;
static const char *arg_verify_key = NULL;
+#ifdef HAVE_GCRYPT
static usec_t arg_interval = DEFAULT_FSS_INTERVAL_USEC;
static usec_t arg_interval = DEFAULT_FSS_INTERVAL_USEC;
+#endif
static enum {
ACTION_SHOW,
static enum {
ACTION_SHOW,
@@
-93,11
+95,13
@@
static int help(void) {
"Commands:\n"
" --new-id128 Generate a new 128 Bit ID\n"
" --header Show journal header information\n"
"Commands:\n"
" --new-id128 Generate a new 128 Bit ID\n"
" --header Show journal header information\n"
+#ifdef HAVE_GCRYPT
" --setup-keys Generate new FSS key pair\n"
" --interval=TIME Time interval for changing the FSS sealing key\n"
" --verify Verify journal file consistency\n"
" --setup-keys Generate new FSS key pair\n"
" --interval=TIME Time interval for changing the FSS sealing key\n"
" --verify Verify journal file consistency\n"
- " --verify-key=KEY Specify FSS verification key\n",
- program_invocation_short_name);
+ " --verify-key=KEY Specify FSS verification key\n"
+#endif
+ , program_invocation_short_name);
return 0;
}
return 0;
}
@@
-215,13
+219,15
@@
static int parse_argv(int argc, char *argv[]) {
arg_action = ACTION_PRINT_HEADER;
break;
arg_action = ACTION_PRINT_HEADER;
break;
+ case ARG_VERIFY:
+ arg_action = ACTION_VERIFY;
+ break;
+
+#ifdef HAVE_GCRYPT
case ARG_SETUP_KEYS:
arg_action = ACTION_SETUP_KEYS;
break;
case ARG_SETUP_KEYS:
arg_action = ACTION_SETUP_KEYS;
break;
- case ARG_VERIFY:
- arg_action = ACTION_VERIFY;
- break;
case ARG_VERIFY_KEY:
arg_action = ACTION_VERIFY;
case ARG_VERIFY_KEY:
arg_action = ACTION_VERIFY;
@@
-235,6
+241,13
@@
static int parse_argv(int argc, char *argv[]) {
return -EINVAL;
}
break;
return -EINVAL;
}
break;
+#else
+ case ARG_SETUP_KEYS:
+ case ARG_VERIFY_KEY:
+ case ARG_INTERVAL:
+ log_error("Forward-secure sealing not available.");
+ return -ENOTSUP;
+#endif
case 'p': {
const char *dots;
case 'p': {
const char *dots;
@@
-478,7
+491,7
@@
static int setup_keys(void) {
return log_oom();
if (access(p, F_OK) >= 0) {
return log_oom();
if (access(p, F_OK) >= 0) {
- log_error("
Evolv
ing key file %s exists already.", p);
+ log_error("
Seal
ing key file %s exists already.", p);
r = -EEXIST;
goto finish;
}
r = -EEXIST;
goto finish;
}
@@
-617,7
+630,8
@@
finish:
return r;
#else
return r;
#else
- log_error("Forward-secure journal verification not available.");
+ log_error("Forward-secure sealing not available.");
+ return -ENOTSUP;
#endif
}
#endif
}
@@
-633,11
+647,11
@@
static int verify(sd_journal *j) {
usec_t from, to, total;
#ifdef HAVE_GCRYPT
usec_t from, to, total;
#ifdef HAVE_GCRYPT
- if (!arg_verify_key &&
journal_file_fss_enabled(f
))
+ if (!arg_verify_key &&
JOURNAL_HEADER_SEALED(f->header
))
log_warning("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f->path);
#endif
log_warning("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f->path);
#endif
- k = journal_file_verify(f, arg_verify_key, &from, &to, &total);
+ k = journal_file_verify(f, arg_verify_key, &from, &to, &total
, true
);
if (k == -EINVAL) {
/* If the key was invalid give up right-away. */
return k;
if (k == -EINVAL) {
/* If the key was invalid give up right-away. */
return k;
@@
-648,7
+662,7
@@
static int verify(sd_journal *j) {
char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX], c[FORMAT_TIMESPAN_MAX];
log_info("PASS: %s", f->path);
char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX], c[FORMAT_TIMESPAN_MAX];
log_info("PASS: %s", f->path);
- if (
journal_file_fss_enabled(f
))
+ if (
arg_verify_key && JOURNAL_HEADER_SEALED(f->header
))
log_info("=> Validated from %s to %s, %s missing",
format_timestamp(a, sizeof(a), from),
format_timestamp(b, sizeof(b), to),
log_info("=> Validated from %s to %s, %s missing",
format_timestamp(a, sizeof(a), from),
format_timestamp(b, sizeof(b), to),