#include "journal-def.h"
#include "journal-verify.h"
#include "journal-authenticate.h"
+#include "journal-qrcode.h"
#include "fsprg.h"
#define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
case ARG_VERIFY_KEY:
arg_action = ACTION_VERIFY;
arg_verify_key = optarg;
+ arg_local = true;
break;
case ARG_INTERVAL:
fprintf(stderr,
"\n"
"The new key pair has been generated. The " ANSI_HIGHLIGHT_ON "secret sealing key" ANSI_HIGHLIGHT_OFF " has been written to\n"
- "the following local file. It should not be used on multiple hosts.\n"
+ "the following local file. This key file is automatically updated when the\n"
+ "sealing key is advanced. It should not be used on multiple hosts.\n"
"\n"
"\t%s\n"
"\n"
printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
if (isatty(STDOUT_FILENO)) {
- char tsb[FORMAT_TIMESPAN_MAX];
+ char tsb[FORMAT_TIMESPAN_MAX], *hn;
fprintf(stderr,
ANSI_HIGHLIGHT_OFF "\n"
"The sealing key is automatically changed every %s.\n",
format_timespan(tsb, sizeof(tsb), arg_interval));
+
+ hn = gethostname_malloc();
+
+ if (hn) {
+ hostname_cleanup(hn);
+ fprintf(stderr, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR ".\n", hn, SD_ID128_FORMAT_VAL(machine));
+ } else
+ fprintf(stderr, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
+
+#ifdef HAVE_QRENCODE
+ fprintf(stderr, "\nTo transfer the verification key to your phone please scan the QR code below:\n\n");
+ print_qr_code(stderr, seed, seed_size, n, arg_interval, hn, machine);
+#endif
+ free(hn);
}
r = 0;
assert(j);
+ log_show_color(true);
+
HASHMAP_FOREACH(f, j->files, i) {
int k;
usec_t from, to, total;
#ifdef HAVE_GCRYPT
if (!arg_verify_key && JOURNAL_HEADER_SEALED(f->header))
- log_warning("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f->path);
+ log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f->path);
#endif
k = journal_file_verify(f, arg_verify_key, &from, &to, &total, true);
char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX], c[FORMAT_TIMESPAN_MAX];
log_info("PASS: %s", f->path);
- if (arg_verify_key && JOURNAL_HEADER_SEALED(f->header))
- log_info("=> Validated from %s to %s, %s missing",
- format_timestamp(a, sizeof(a), from),
- format_timestamp(b, sizeof(b), to),
- format_timespan(c, sizeof(c), total > to ? total - to : 0));
+ if (arg_verify_key && JOURNAL_HEADER_SEALED(f->header)) {
+ if (from > 0) {
+ log_info("=> Validated from %s to %s, final %s entries not sealed.",
+ format_timestamp(a, sizeof(a), from),
+ format_timestamp(b, sizeof(b), to),
+ format_timespan(c, sizeof(c), total > to ? total - to : 0));
+ } else if (total > 0)
+ log_info("=> No sealing yet, %s of entries not sealed.",
+ format_timespan(c, sizeof(c), total));
+ else
+ log_info("=> No sealing yet, no entries in file.");
+ }
}
}
~ianmdlvl / elogind.git / blobdiff