| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
| |
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
| |
The completion messages are unconditional, so don't really indicate
anything. In fact, the dhcp completion status is misleading, as we may
still be processing the context through pxe callbacks.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
| |
We may want to access the loaded URL in a async handler.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Since the device handler provides the status message functions, we need
a pointer to it for device discovery (which we use a struct
discover_context for).
This change adds a 'handler' member to struct discover_context, to allow
status reporting. Since we now have a handler, there's no need for the
network pointer, so provide an accessor function instead.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
| |
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
| |
Most of our status reporting is against a specific device, so add
status reporting functions that take a struct discover_device and use a
stnadard prefix.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
| |
Now that we have helpers for simpler status reporting, use those instead
of constructing a struct status everywhere.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
| |
This change adds a couple of helpers for the status reporting API,
allowing callers to provide just a set of printf-style arguments, rather
than having to build up a struct status.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Currently, the device_discover_boot_status function is both used for
internal status updates, as well as the callback passed to boot().
This change splits this into two functions; one for the latter and one
for the former. The latter just has a void * for its first argument, to
match the boot_status_fn type.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
| |
Nothing used these, and the serialisation was buggy anyway.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
struct boot_status is a bit misnamed; we report status on things that
aren't just the boot status (eg, discovery).
This change refactors struct boot_status into just struct status. We
give the type enum a name, and shorten the enum values to suit.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
| |
If a "uuid:" label is set in the petitboot,bootdevs parameter without a
matching UUID, the UUID is unintentionally accepted and set to NULL.
This can cause a segfault in nc-config when device UUIDs are compared
against the autoboot option. Instead treat options like this as
malformed.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
| |
The "petitboot,bootdevs" parameter has been around long enough now that
there shouldn't be anyone still transitioning over from the old
"petitboot,bootdev" parameter. Drop this parameter to simplify the
populate_bootdev_config() logic.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
| |
Allow the user to specify a HTTP and HTTPS proxy server. The discover
server will set the http_proxy and https_proxy environment variables,
enabling the proxy servers for any further HTTP(S) requests.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 2163af5 "discover/pxe-parser: Retrieve configs asynchronously"
added asynchronous loading of remote pxe filenames, but made an
unintended change in behaviour to the PXE parser. Previously the parser
would try a list of possible filenames, and parse the first one it
found. However the above commit spawns an asynchronous job for every
filename, and parses any that can be retrieved. It is a common
configuration to have a machine-specific config and a 'fallback' default
config, and the change means we could erroneously retrieve and parse
both configs.
Update the PXE parser so that asynchronous jobs are spawned
sequentially. That is, spawn a job for the first filename and if not
successful spawn another job for the next filename, and so on. Once a
remote config is successfully retrieved, parse it and stop.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit ce54f86 "Add petitboot,tty and track available consoles" added
the petitboot,tty parameter, but the petitboot,console parameter is also
recognised by Petitboot. These are ultimately handled by the 30-add-offb
and 80-set-stdout hooks respectively, but exist for mostly the same
purpose.
We consolidate these down to just the original petitboot,console
parameter. If the contents of petitboot,console have been configured by
Petitboot (ie. it is of the form /dev/dev# [ Description ]) we behave as
normal, otherwise we assume that petitboot,console contains a full
OF path to the intended console device and do not allow it to be
modified. This follows petitboot,console's original intent to be a debug
aid, and takes precedence over any other use.
The 80-set-stdout hook is removed as 30-add-offb now accounts for both
use cases.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
| |
'Console' is more readily understandable and technically more correct
than 'tty' for referring to the interfaces that Petitboot starts a UI on.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
| |
Explicitly keep track of whether the current interface config was set by
an IPMI network override, and avoid overwriting any saved config unless
the override was marked persistent.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
| |
Currently in network_register_device() and network_unregister_device()
the appropriate interface is searched for by name. However it is
possible in some scenarios for multiple interfaces to have the same
name, so instead search by UUID to be sure that the correct interface is
being selected.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently discover_device_create() will search for existing discover
devices by id to determine if a new device is required. However it is
possible under some circumstances for distinct devices to have the same
name. This is especially troublesome if the following network events are
seen in network_handle_nlmsg():
- New interface, 'foo' with uuid x:x:x:x:x:x
-> new discover device created with
dev->device->id = 'foo'
dev->uuid = x:x:x:x:x:x
- New interface, 'foo' with uuid y:y:y:y:y:y
-> existing device 'foo' found
dev->uuid = y:y:y:y:y:y
This can occur if an interface rename event arrives *after* an old name
is reused, where temporarily Petitboot will see two distinct network
interfaces with the same name. Now the two interfaces point to the same
discover device, which can quickly result in a segfault if a 'remove'
event occurs for one of the interfaces and the discover device is freed.
To generally avoid this a 'uuid' parameter is added to
discover_device_create(), which if present allows existing devices to be
looked up by UUID rather than just their name.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The 'conf' user event is functionally very similar to the 'url' event,
in that both events result in downloading a specified configuration file
and passing it to iterate_parsers().
The 'url' event additionally allows downloading files from a directory
path and is also accessed by the UI via pb-protocol, so remove the
'conf' event and associated functions in favour of 'url' and
device_handler_process_url().
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When handling an event, user_event_handle_message() creates an event
struct with relevant parameters. Once user_event_handle_message() is
finished it frees the struct.
However in the case of a dhcp or add_url event, asynchronous jobs may be
spawned that will later reference the event struct. In particular this
becomes a problem when pxe_process_pair() handles an IPAPPEND name/value
pair and tries to access event->device.
In the case of dhcp and add_url events, we avoid this by changing the
event struct's talloc parent to the discover_context struct which
persists until all async pxe jobs have completed.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In certain cases, such as network booting over an untrusted connection,
it may be useful to fully encrypt and sign the kernel files.
Enable fully encrypted boot using builtin keyring via the addition of
the string "ENCRYPTED" to the first line of the /etc/pb-lockdown file.
This disables detached (plaintext) signature verification.
Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
kernels and related blobs
This can be used to implement a form of organization-controlled secure boot,
whereby kernels may be loaded from a variety of sources but they will only
boot if a valid signature file is found for each component, and only if the
signature is listed in the /etc/pb-lockdown file.
Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
(Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)
|
| |
|
|
|
|
|
|
| |
In some environments a default 'tun' device is created. Petitboot
doesn't use this and it clutters up the list of network devices, so
ignore it if it is encountered.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
| |
If we don't specify command line arguments for the next kernel, kexec
will add the contents of /chosen/bootargs if present. This is unintended
and not obvious to the user, so explicitly add append="" to the kexec
arguments if we have none to add instead.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a user event named 'sync' that causes the discover server to merge
the devicemapper snapshots of mounted devices. This is particularly
useful as a debug aid (for example, when copying logs to a USB device),
as the server will otherwise only sync changes to mounted devices in
response to parser actions.
The command can be called as
pb-event sync@device
to sync a particular device, or as
pb-event sync@all
to sync all devices with snapshots.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
| |
If one of a device's boot options is the current default boot option,
make sure the default boot is cancelled before the device is removed.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
| |
In some cases additional netlink messages can be received for an
already-configured interface without any relevant changes. This can
result in multiple DHCP requests for the same interface.
Once an interface has been configured mark it as IFSTATE_CONFIGURED
to avoid configuring it again.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
| |
With a kernel that has IPMI support Petitboot will try to use direct
IPMI, however on FSP machines this is not fully functional. Use direct
IPMI only on BMC-based machines, and use sysparams otherwise.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
| |
All boot options must at least have a boot image; ignore any options
that do not before trying to resolve them.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
| |
If boot_tty is set or a boot command is sent manually from a certain
console, set the boot_tty environment variable to be used by a boot hook
before kexec.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add the NVRAM parameter petitboot,tty which sets the default console to
use when booting a kernel.
In load_config() construct a list of available consoles depending on the
current platform. A future patch depending on firmware changes will
allow this list to be constructed dynamically.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Depending on the configuration of the DHCP server and the network, tftp
requests made by the pxe parser can timeout. The pxe parser makes these
requests synchronously so several timeouts can block the server
completely for several minutes, leaving the server unresponsive to UI
requests.
Rework the pxe parser such that it handles the result of each tftp
request in a callback, which can complete after iterate_parsers() has
returned. Each callback is allocated its own conf_context which takes a
talloc reference on the discover_context so that each callback can
commit new boot options after the initial iterate loop has completed.
This also means talloc_unlink must be used instead by the original
parent of the discover_context.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Substitute load_url_async() when running tests to support direct
callers of load_url_async() who will expect to read a file in a
callback.
Stub out device_handler_discover_context_commit() since it will remove
discover_options from the given discover_context, but the tests will
check the discover_context to count boot_options.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
| |
Rename boot_status() to device_handler_boot_status() and make it
accessible by files that include device-handler.h. This enables the boot
status to be updated from additional callers, in particular within
parser functions.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In one case get_ipmi_bootdev_ipmi() can return 0 on an error, which
leads to bootdev being treated as a valid bootdev despite being
uninitialised. If the planets line up correctly and bootdev is less than
or equal to IPMI_BOOTDEV_SETUP, Petitboot will incorrectly apply an IPMI
override.
Update the error return value in get_ipmi_bootdev_ipmi(), and properly
initialise bootdev.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows URLs of the form file:///path/to/local/file.conf to be used
in nc-add-url, in order to access configuration files relative
to the root directory. This is primarily a debugging tool aimed at
developers rather than an expected use case.
The DEVICE_TYPE_ANY enum is used in this case to represent that a
resulting boot option is not associated with any device in the
traditional sense, and in the UI is represented as a "Custom Local
Option".
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently there is no way to manually specify a DTB file when with a PXE
network boot configuration file. This makes it difficult when you need
to work with or emulate a special snowflake machines with special snowflake
hardware.
Some ARM systems provide this feature with the "fdt" option so this patch
adds support for using the ftd or dtb configuration options to the PXE
config parser.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add a user event to send a boot command to the discover server.
The format of the boot command is similar to the add command, eg:
pb-event boot@eth0 image="http://host/image" initrd="http://host/initrd"
and also recognises "id", "dtb", and "args" arguments.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GRUB2 does not set $0 in functions, so don't set it in our GRUB2
script parser. (As it doesn't have a value in GRUB2 scripts, probably
no GRUB2 script depends on the value of $0.) Additionally, dash and
bash set environment variable 0 to the name of the script (even in
functions), so the current behavior of $0 doesn't really match shell
scripts either.
Tested:
Existing tests pass.
Signed-off-by: Alan Dunn <amdunn@google.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GRUB2 allows essentially arbitrary numbers of positional arguments, so
ensure that they can be evaluated within scripts. GRUB2 also appears
to support arbitrary numbers of leading 0's in positional parameters
(i.e., $01 should evalute the same as $1), but this doesn't seem like
a particularly important case to support.
Tested:
Modified test-grub2-pos-param to cover higher-numbered positional
arguments.
Signed-off-by: Alan Dunn <amdunn@google.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
| |
Fix some sparse warnings by using NULL instead of 0 and static-ifying a
variable not used outside its file.
Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
| |
As of libudev 218 udev_set_log_fn() is deprecated, causing a
-Wdeprecated-declarations warning when building, and is otherwise a
noop.
Add a configure check for libudev, and only call udev_set_log_fn() if
using a version older than 218.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When a default boot timeout expires boot() is called via
default_timeout() rather than device_handler_boot(). default_timeout()
doesn't call platform_pre_boot() beforehand, which means steps such as
clearing a temporary boot device override are skipped.
Add a call to platform_pre_boot() immediately before boot() to ensure
these steps are performed regardless of boot type.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If udev doesn't export the ID_PART_ENTRY_SIZE variable for a device we
skip creating a snapshot for it. However in most cases the sysfs
attribute which udev reads to find ID_PART_ENTRY_SIZE is still
available. Therefore if we don't have access to ID_PART_ENTRY_SIZE try
to find the size in sysfs directly.
This allows us to create snapshots for devices which often don't have
this udev variable set, such as software raid (md) devices and NVMe
devices.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
| |
libdevmapper is a hard dependency since snapshots were introduced, so
add an unconditional configure-time check for it.
Also add a check for libflash library and headers if --enable-mtd is
set.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
