]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/journal/journalctl.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
service: clean up watchdog logic a bit
[thirdparty/systemd.git] / src / journal / journalctl.c
CommitLineData
87d2c1ff
LP		 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3/***
4 This file is part of systemd.
5
6 Copyright 2011 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
87d2c1ff
LP		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
87d2c1ff 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
87d2c1ff
LP		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
a9cdc94f 22#include <locale.h>
87d2c1ff
LP		 23#include <fcntl.h>
24#include <errno.h>
25#include <stddef.h>
3fbf9cbb
LP		 26#include <string.h>
27#include <stdio.h>
28#include <unistd.h>
29#include <stdlib.h>
72f59706 30#include <time.h>
0d43c694 31#include <getopt.h>
585314e8 32#include <signal.h>
50940700 33#include <sys/stat.h>
f982e6f7
LP		 34#include <sys/ioctl.h>
35#include <linux/fs.h>
87d2c1ff 36
4468addc
LP		 37#ifdef HAVE_ACL
38#include <sys/acl.h>
478c8269 39#include "acl-util.h"
4468addc
LP		 40#endif
41
81527be1
LP		 42#include <systemd/sd-journal.h>
43
3fbf9cbb 44#include "log.h"
7199aa96 45#include "logs-show.h"
72f59706 46#include "util.h"
e5124088 47#include "path-util.h"
68fee104 48#include "fileio.h"
0d43c694
LP		 49#include "build.h"
50#include "pager.h"
a963990f 51#include "strv.h"
dca6219e 52#include "journal-internal.h"
7560fffc 53#include "journal-def.h"
0284adc6 54#include "journal-verify.h"
4da416aa 55#include "journal-authenticate.h"
f6a971bc 56#include "journal-qrcode.h"
4da416aa 57#include "fsprg.h"
c3f60ec5 58#include "unit-name.h"
d4205751 59#include "catalog.h"
7560fffc 60
baed47c3 61#define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
250d54b5 62
df50185b 63static OutputMode arg_output = OUTPUT_SHORT;
1b12a7b5 64static bool arg_pager_end = false;
72f59706 65static bool arg_follow = false;
2b8f6883 66static bool arg_full = true;
cd4b13e0 67static bool arg_all = false;
0d43c694 68static bool arg_no_pager = false;
67e04a48 69static int arg_lines = -1;
e91af489 70static bool arg_no_tail = false;
43673799 71static bool arg_quiet = false;
9e8a535f 72static bool arg_merge = false;
d121b396
ZJS		 73static bool arg_boot = false;
74static char *arg_boot_descriptor = NULL;
99271804 75static bool arg_dmesg = false;
8f14c832 76static const char *arg_cursor = NULL;
248fc619
ZJS		 77static const char *arg_after_cursor = NULL;
78static bool arg_show_cursor = false;
a963990f 79static const char *arg_directory = NULL;
8d98da3f 80static char **arg_file = NULL;
941e990d 81static int arg_priorities = 0xFF;
baed47c3 82static const char *arg_verify_key = NULL;
feb12d3e 83#ifdef HAVE_GCRYPT
baed47c3 84static usec_t arg_interval = DEFAULT_FSS_INTERVAL_USEC;
b8547c10 85static bool arg_force = false;
feb12d3e 86#endif
cfbc22ab
LP		 87static usec_t arg_since, arg_until;
88static bool arg_since_set = false, arg_until_set = false;
b9e40524
HH		 89static char **arg_system_units = NULL;
90static char **arg_user_units = NULL;
3c1668da 91static const char *arg_field = NULL;
d4205751 92static bool arg_catalog = false;
d89d6c86 93static bool arg_reverse = false;
3f3a438f 94static int arg_journal_type = 0;
13cbf3a5 95static const char *arg_root = NULL;
50f20cfd 96
7560fffc
LP		 97static enum {
98 ACTION_SHOW,
99 ACTION_NEW_ID128,
100 ACTION_PRINT_HEADER,
beec0085 101 ACTION_SETUP_KEYS,
a1a03e30
LP		 102 ACTION_VERIFY,
103 ACTION_DISK_USAGE,
d4205751 104 ACTION_LIST_CATALOG,
54b7254c 105 ACTION_DUMP_CATALOG,
f1188074
ZJS		 106 ACTION_UPDATE_CATALOG,
107 ACTION_LIST_BOOTS,
7560fffc
LP		 108} arg_action = ACTION_SHOW;
109
a331b5e6
JJ		 110typedef struct boot_id_t {
111 sd_id128_t id;
f1188074
ZJS		 112 uint64_t first;
113 uint64_t last;
a331b5e6
JJ		 114} boot_id_t;
115
0d43c694
LP		 116static int help(void) {
117
cd4b13e0 118 printf("%s [OPTIONS...] [MATCHES...]\n\n"
15119c16
LP		 119 "Query the journal.\n\n"
120 "Flags:\n"
248fc619
ZJS		 121 " --system Show only the system journal\n"
122 " --user Show only the user journal for current user\n"
123 " --since=DATE Start showing entries newer or of the specified date\n"
124 " --until=DATE Stop showing entries older or of the specified date\n"
125 " -c --cursor=CURSOR Start showing entries from specified cursor\n"
126 " --after-cursor=CURSOR Start showing entries from specified cursor\n"
127 " --show-cursor Print the cursor after all the entries\n"
128 " -b --boot[=ID] Show data only from ID or current boot if unspecified\n"
f1188074 129 " --list-boots Show terse information about recorded boots\n"
248fc619
ZJS		 130 " -k --dmesg Show kernel message log from current boot\n"
131 " -u --unit=UNIT Show data only from the specified unit\n"
132 " --user-unit=UNIT Show data only from the specified user session unit\n"
133 " -p --priority=RANGE Show only messages within the specified priority range\n"
134 " -e --pager-end Immediately jump to end of the journal in the pager\n"
135 " -f --follow Follow journal\n"
136 " -n --lines[=INTEGER] Number of journal entries to show\n"
137 " --no-tail Show all lines, even in follow mode\n"
138 " -r --reverse Show the newest entries first\n"
f02d8367
ZJS		 139 " -o --output=STRING Change journal output mode (short, short-iso,\n"
140 " short-precise, short-monotonic, verbose,\n"
141 " export, json, json-pretty, json-sse, cat)\n"
248fc619 142 " -x --catalog Add message explanations where available\n"
2b8f6883 143 " --no-full Ellipsize fields\n"
248fc619
ZJS		 144 " -a --all Show all fields, including long and unprintable\n"
145 " -q --quiet Don't show privilege warning\n"
146 " --no-pager Do not pipe output into a pager\n"
147 " -m --merge Show entries from all available journals\n"
148 " -D --directory=PATH Show journal files from directory\n"
149 " --file=PATH Show journal file\n"
150 " --root=ROOT Operate on catalog files underneath the root ROOT\n"
15119c16 151#ifdef HAVE_GCRYPT
248fc619
ZJS		 152 " --interval=TIME Time interval for changing the FSS sealing key\n"
153 " --verify-key=KEY Specify FSS verification key\n"
154 " --force Force overriding new FSS key pair with --setup-keys\n"
15119c16
LP		 155#endif
156 "\nCommands:\n"
248fc619
ZJS		 157 " -h --help Show this help\n"
158 " --version Show package version\n"
159 " --new-id128 Generate a new 128 Bit ID\n"
160 " --header Show journal header information\n"
161 " --disk-usage Show total disk usage\n"
162 " -F --field=FIELD List all values a certain field takes\n"
163 " --list-catalog Show message IDs of all entries in the message catalog\n"
164 " --dump-catalog Show entries in the message catalog\n"
165 " --update-catalog Update the message catalog database\n"
feb12d3e 166#ifdef HAVE_GCRYPT
248fc619
ZJS		 167 " --setup-keys Generate new FSS key pair\n"
168 " --verify Verify journal file consistency\n"
feb12d3e
LP		 169#endif
170 , program_invocation_short_name);
0d43c694
LP		 171
172 return 0;
173}
174
175static int parse_argv(int argc, char *argv[]) {
176
177 enum {
178 ARG_VERSION = 0x100,
e91af489 179 ARG_NO_PAGER,
2b8f6883 180 ARG_NO_FULL,
55ee336c 181 ARG_NO_TAIL,
dca6219e 182 ARG_NEW_ID128,
f1188074 183 ARG_LIST_BOOTS,
3f3a438f
ZJS		 184 ARG_USER,
185 ARG_SYSTEM,
13cbf3a5 186 ARG_ROOT,
7560fffc 187 ARG_HEADER,
beec0085 188 ARG_SETUP_KEYS,
8d98da3f 189 ARG_FILE,
baed47c3 190 ARG_INTERVAL,
4da416aa 191 ARG_VERIFY,
a1a03e30 192 ARG_VERIFY_KEY,
cfbc22ab
LP		 193 ARG_DISK_USAGE,
194 ARG_SINCE,
d4205751 195 ARG_UNTIL,
248fc619
ZJS		 196 ARG_AFTER_CURSOR,
197 ARG_SHOW_CURSOR,
ffa7cd15 198 ARG_USER_UNIT,
d4205751 199 ARG_LIST_CATALOG,
54b7254c 200 ARG_DUMP_CATALOG,
3f3a438f 201 ARG_UPDATE_CATALOG,
b8547c10 202 ARG_FORCE,
0d43c694
LP		 203 };
204
205 static const struct option options[] = {
248fc619
ZJS		 206 { "help", no_argument, NULL, 'h' },
207 { "version" , no_argument, NULL, ARG_VERSION },
208 { "no-pager", no_argument, NULL, ARG_NO_PAGER },
209 { "pager-end", no_argument, NULL, 'e' },
210 { "follow", no_argument, NULL, 'f' },
211 { "force", no_argument, NULL, ARG_FORCE },
212 { "output", required_argument, NULL, 'o' },
213 { "all", no_argument, NULL, 'a' },
214 { "full", no_argument, NULL, 'l' },
2b8f6883 215 { "no-full", no_argument, NULL, ARG_NO_FULL },
248fc619
ZJS		 216 { "lines", optional_argument, NULL, 'n' },
217 { "no-tail", no_argument, NULL, ARG_NO_TAIL },
218 { "new-id128", no_argument, NULL, ARG_NEW_ID128 },
219 { "quiet", no_argument, NULL, 'q' },
220 { "merge", no_argument, NULL, 'm' },
221 { "boot", optional_argument, NULL, 'b' },
f1188074 222 { "list-boots", no_argument, NULL, ARG_LIST_BOOTS },
248fc619
ZJS		 223 { "this-boot", optional_argument, NULL, 'b' }, /* deprecated */
224 { "dmesg", no_argument, NULL, 'k' },
225 { "system", no_argument, NULL, ARG_SYSTEM },
226 { "user", no_argument, NULL, ARG_USER },
227 { "directory", required_argument, NULL, 'D' },
228 { "file", required_argument, NULL, ARG_FILE },
229 { "root", required_argument, NULL, ARG_ROOT },
230 { "header", no_argument, NULL, ARG_HEADER },
231 { "priority", required_argument, NULL, 'p' },
232 { "setup-keys", no_argument, NULL, ARG_SETUP_KEYS },
233 { "interval", required_argument, NULL, ARG_INTERVAL },
234 { "verify", no_argument, NULL, ARG_VERIFY },
235 { "verify-key", required_argument, NULL, ARG_VERIFY_KEY },
236 { "disk-usage", no_argument, NULL, ARG_DISK_USAGE },
237 { "cursor", required_argument, NULL, 'c' },
238 { "after-cursor", required_argument, NULL, ARG_AFTER_CURSOR },
239 { "show-cursor", no_argument, NULL, ARG_SHOW_CURSOR },
240 { "since", required_argument, NULL, ARG_SINCE },
241 { "until", required_argument, NULL, ARG_UNTIL },
242 { "unit", required_argument, NULL, 'u' },
243 { "user-unit", required_argument, NULL, ARG_USER_UNIT },
244 { "field", required_argument, NULL, 'F' },
245 { "catalog", no_argument, NULL, 'x' },
246 { "list-catalog", no_argument, NULL, ARG_LIST_CATALOG },
247 { "dump-catalog", no_argument, NULL, ARG_DUMP_CATALOG },
248 { "update-catalog", no_argument, NULL, ARG_UPDATE_CATALOG },
249 { "reverse", no_argument, NULL, 'r' },
eb9da376 250 {}
0d43c694
LP		 251 };
252
2100675e 253 int c, r;
0d43c694
LP		 254
255 assert(argc >= 0);
256 assert(argv);
257
a331b5e6 258 while ((c = getopt_long(argc, argv, "hefo:aln::qmb::kD:p:c:u:F:xr", options, NULL)) >= 0) {
0d43c694
LP		 259
260 switch (c) {
261
262 case 'h':
eb9da376 263 return help();
0d43c694
LP		 264
265 case ARG_VERSION:
266 puts(PACKAGE_STRING);
0d43c694
LP		 267 puts(SYSTEMD_FEATURES);
268 return 0;
269
270 case ARG_NO_PAGER:
271 arg_no_pager = true;
272 break;
273
1b12a7b5
HH		 274 case 'e':
275 arg_pager_end = true;
fe59e38b
LP		 276
277 if (arg_lines < 0)
278 arg_lines = 1000;
279
1b12a7b5
HH		 280 break;
281
0d43c694
LP		 282 case 'f':
283 arg_follow = true;
284 break;
285
286 case 'o':
1705594f 287 arg_output = output_mode_from_string(optarg);
df50185b 288 if (arg_output < 0) {
edfb521a 289 log_error("Unknown output format '%s'.", optarg);
0d43c694
LP		 290 return -EINVAL;
291 }
df50185b 292
edfb521a
ZJS		 293 if (arg_output == OUTPUT_EXPORT ||
294 arg_output == OUTPUT_JSON ||
295 arg_output == OUTPUT_JSON_PRETTY ||
296 arg_output == OUTPUT_JSON_SSE ||
297 arg_output == OUTPUT_CAT)
298 arg_quiet = true;
299
0d43c694
LP		 300 break;
301
98a6e132 302 case 'l':
e3657ecd
ZJS		 303 arg_full = true;
304 break;
305
2b8f6883
ZJS		 306 case ARG_NO_FULL:
307 arg_full = false;
308 break;
309
0d43c694 310 case 'a':
cd4b13e0 311 arg_all = true;
0d43c694
LP		 312 break;
313
2100675e 314 case 'n':
1705594f 315 if (optarg) {
67e04a48
ZJS		 316 r = safe_atoi(optarg, &arg_lines);
317 if (r < 0 || arg_lines < 0) {
1705594f
LP		 318 log_error("Failed to parse lines '%s'", optarg);
319 return -EINVAL;
320 }
96088db0
LP		 321 } else {
322 int n;
323
324 /* Hmm, no argument? Maybe the next
325 * word on the command line is
326 * supposed to be the argument? Let's
327 * see if there is one, and is
328 * parsable as a positive
329 * integer... */
330
331 if (optind < argc &&
332 safe_atoi(argv[optind], &n) >= 0 &&
333 n >= 0) {
334
335 arg_lines = n;
336 optind++;
337 } else
338 arg_lines = 10;
339 }
1705594f 340
2100675e
LP		 341 break;
342
e91af489
LP		 343 case ARG_NO_TAIL:
344 arg_no_tail = true;
345 break;
346
39f7f5c1 347 case ARG_NEW_ID128:
7560fffc 348 arg_action = ACTION_NEW_ID128;
55ee336c
LP		 349 break;
350
43673799
LP		 351 case 'q':
352 arg_quiet = true;
490e567d 353 break;
43673799 354
9e8a535f
LP		 355 case 'm':
356 arg_merge = true;
2bd3c38a
LP		 357 break;
358
59cea26a 359 case 'b':
d121b396
ZJS		 360 arg_boot = true;
361
a331b5e6 362 if (optarg)
d121b396
ZJS		 363 arg_boot_descriptor = optarg;
364 else if (optind < argc) {
365 int boot;
366
367 if (argv[optind][0] != '-' ||
368 safe_atoi(argv[optind], &boot) >= 0) {
369 arg_boot_descriptor = argv[optind];
370 optind++;
371 }
a331b5e6 372 }
d121b396 373
59cea26a
LP		 374 break;
375
f1188074
ZJS		 376 case ARG_LIST_BOOTS:
377 arg_action = ACTION_LIST_BOOTS;
378 break;
379
99271804 380 case 'k':
d121b396 381 arg_boot = arg_dmesg = true;
99271804
ZJS		 382 break;
383
3f3a438f
ZJS		 384 case ARG_SYSTEM:
385 arg_journal_type |= SD_JOURNAL_SYSTEM;
386 break;
387
388 case ARG_USER:
389 arg_journal_type |= SD_JOURNAL_CURRENT_USER;
390 break;
391
a963990f
LP		 392 case 'D':
393 arg_directory = optarg;
394 break;
395
8d98da3f
ZJS		 396 case ARG_FILE:
397 r = glob_extend(&arg_file, optarg);
398 if (r < 0) {
399 log_error("Failed to add paths: %s", strerror(-r));
400 return r;
401 };
402 break;
403
13cbf3a5
ZJS		 404 case ARG_ROOT:
405 arg_root = optarg;
406 break;
407
8f14c832
LP		 408 case 'c':
409 arg_cursor = optarg;
410 break;
411
248fc619
ZJS		 412 case ARG_AFTER_CURSOR:
413 arg_after_cursor = optarg;
414 break;
415
416 case ARG_SHOW_CURSOR:
417 arg_show_cursor = true;
418 break;
419
dca6219e 420 case ARG_HEADER:
7560fffc
LP		 421 arg_action = ACTION_PRINT_HEADER;
422 break;
423
feb12d3e
LP		 424 case ARG_VERIFY:
425 arg_action = ACTION_VERIFY;
426 break;
427
a1a03e30
LP		 428 case ARG_DISK_USAGE:
429 arg_action = ACTION_DISK_USAGE;
430 break;
431
feb12d3e 432#ifdef HAVE_GCRYPT
b8547c10
SL		 433 case ARG_FORCE:
434 arg_force = true;
435 break;
436
7560fffc
LP		 437 case ARG_SETUP_KEYS:
438 arg_action = ACTION_SETUP_KEYS;
dca6219e
LP		 439 break;
440
beec0085 441
baed47c3 442 case ARG_VERIFY_KEY:
4da416aa 443 arg_action = ACTION_VERIFY;
baed47c3 444 arg_verify_key = optarg;
9e8a535f 445 arg_merge = false;
4da416aa
LP		 446 break;
447
baed47c3 448 case ARG_INTERVAL:
7f602784 449 r = parse_sec(optarg, &arg_interval);
baed47c3
LP		 450 if (r < 0 || arg_interval <= 0) {
451 log_error("Failed to parse sealing key change interval: %s", optarg);
14d10188
LP		 452 return -EINVAL;
453 }
454 break;
feb12d3e
LP		 455#else
456 case ARG_SETUP_KEYS:
457 case ARG_VERIFY_KEY:
458 case ARG_INTERVAL:
b8547c10 459 case ARG_FORCE:
feb12d3e
LP		 460 log_error("Forward-secure sealing not available.");
461 return -ENOTSUP;
462#endif
14d10188 463
941e990d
LP		 464 case 'p': {
465 const char *dots;
466
467 dots = strstr(optarg, "..");
468 if (dots) {
469 char *a;
470 int from, to, i;
471
472 /* a range */
473 a = strndup(optarg, dots - optarg);
474 if (!a)
475 return log_oom();
476
477 from = log_level_from_string(a);
478 to = log_level_from_string(dots + 2);
479 free(a);
480
481 if (from < 0 || to < 0) {
482 log_error("Failed to parse log level range %s", optarg);
483 return -EINVAL;
484 }
485
486 arg_priorities = 0;
487
488 if (from < to) {
489 for (i = from; i <= to; i++)
490 arg_priorities |= 1 << i;
491 } else {
492 for (i = to; i <= from; i++)
493 arg_priorities |= 1 << i;
494 }
495
496 } else {
497 int p, i;
498
499 p = log_level_from_string(optarg);
500 if (p < 0) {
501 log_error("Unknown log level %s", optarg);
502 return -EINVAL;
503 }
504
505 arg_priorities = 0;
506
507 for (i = 0; i <= p; i++)
508 arg_priorities |= 1 << i;
509 }
510
511 break;
512 }
513
cfbc22ab
LP		 514 case ARG_SINCE:
515 r = parse_timestamp(optarg, &arg_since);
516 if (r < 0) {
517 log_error("Failed to parse timestamp: %s", optarg);
518 return -EINVAL;
519 }
520 arg_since_set = true;
521 break;
522
523 case ARG_UNTIL:
524 r = parse_timestamp(optarg, &arg_until);
525 if (r < 0) {
526 log_error("Failed to parse timestamp: %s", optarg);
527 return -EINVAL;
528 }
529 arg_until_set = true;
530 break;
531
7199aa96 532 case 'u':
b9e40524
HH		 533 r = strv_extend(&arg_system_units, optarg);
534 if (r < 0)
535 return log_oom();
ffa7cd15
DW		 536 break;
537
7199aa96 538 case ARG_USER_UNIT:
b9e40524
HH		 539 r = strv_extend(&arg_user_units, optarg);
540 if (r < 0)
541 return log_oom();
c3f60ec5
LP		 542 break;
543
15119c16
LP		 544 case 'F':
545 arg_field = optarg;
546 break;
547
d4205751
LP		 548 case 'x':
549 arg_catalog = true;
550 break;
551
552 case ARG_LIST_CATALOG:
553 arg_action = ACTION_LIST_CATALOG;
554 break;
555
54b7254c
ZJS		 556 case ARG_DUMP_CATALOG:
557 arg_action = ACTION_DUMP_CATALOG;
558 break;
559
d4205751
LP		 560 case ARG_UPDATE_CATALOG:
561 arg_action = ACTION_UPDATE_CATALOG;
562 break;
563
d89d6c86
LN		 564 case 'r':
565 arg_reverse = true;
566 break;
567
eb9da376 568 case '?':
0d43c694 569 return -EINVAL;
eb9da376
LP		 570
571 default:
572 assert_not_reached("Unhandled option");
0d43c694
LP		 573 }
574 }
575
67e04a48 576 if (arg_follow && !arg_no_tail && arg_lines < 0)
e91af489
LP		 577 arg_lines = 10;
578
8d98da3f
ZJS		 579 if (arg_directory && arg_file) {
580 log_error("Please specify either -D/--directory= or --file=, not both.");
581 return -EINVAL;
582 }
583
3ba09ee8 584 if (arg_since_set && arg_until_set && arg_since > arg_until) {
cfbc22ab
LP		 585 log_error("--since= must be before --until=.");
586 return -EINVAL;
587 }
588
248fc619
ZJS		 589 if (!!arg_cursor + !!arg_after_cursor + !!arg_since_set > 1) {
590 log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
cfbc22ab
LP		 591 return -EINVAL;
592 }
593
d89d6c86
LN		 594 if (arg_follow && arg_reverse) {
595 log_error("Please specify either --reverse= or --follow=, not both.");
596 return -EINVAL;
597 }
598
0d43c694
LP		 599 return 1;
600}
601
39f7f5c1 602static int generate_new_id128(void) {
55ee336c
LP		 603 sd_id128_t id;
604 int r;
605 unsigned i;
606
607 r = sd_id128_randomize(&id);
608 if (r < 0) {
609 log_error("Failed to generate ID: %s", strerror(-r));
610 return r;
611 }
612
613 printf("As string:\n"
614 SD_ID128_FORMAT_STR "\n\n"
615 "As UUID:\n"
616 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n\n"
617 "As macro:\n"
d489071f 618 "#define MESSAGE_XYZ SD_ID128_MAKE(",
55ee336c
LP		 619 SD_ID128_FORMAT_VAL(id),
620 SD_ID128_FORMAT_VAL(id));
55ee336c
LP		 621 for (i = 0; i < 16; i++)
622 printf("%02x%s", id.bytes[i], i != 15 ? "," : "");
d489071f 623 fputs(")\n\n", stdout);
55ee336c 624
d489071f
ZJS		 625 printf("As Python constant:\n"
626 ">>> import uuid\n"
627 ">>> MESSAGE_XYZ = uuid.UUID('" SD_ID128_FORMAT_STR "')\n",
628 SD_ID128_FORMAT_VAL(id));
55ee336c
LP		 629
630 return 0;
631}
632
a963990f
LP		 633static int add_matches(sd_journal *j, char **args) {
634 char **i;
59cea26a 635
a963990f 636 assert(j);
59cea26a 637
a963990f 638 STRV_FOREACH(i, args) {
52aeb63c 639 int r;
59cea26a 640
cbdca852
LP		 641 if (streq(*i, "+"))
642 r = sd_journal_add_disjunction(j);
643 else if (path_is_absolute(*i)) {
68fee104 644 _cleanup_free_ char *p, *t = NULL, *t2 = NULL;
e5124088 645 const char *path;
68fee104 646 _cleanup_free_ char *interpreter = NULL;
a963990f 647 struct stat st;
e5124088 648
a963990f
LP		 649 p = canonicalize_file_name(*i);
650 path = p ? p : *i;
e5124088
LP		 651
652 if (stat(path, &st) < 0) {
e5124088 653 log_error("Couldn't stat file: %m");
a963990f 654 return -errno;
e5124088
LP		 655 }
656
68fee104
ZJS		 657 if (S_ISREG(st.st_mode) && (0111 & st.st_mode)) {
658 if (executable_is_script(path, &interpreter) > 0) {
659 _cleanup_free_ char *comm;
660
2b6bf07d 661 comm = strndup(basename(path), 15);
68fee104
ZJS		 662 if (!comm)
663 return log_oom();
664
665 t = strappend("_COMM=", comm);
666
667 /* Append _EXE only if the interpreter is not a link.
668 Otherwise it might be outdated often. */
669 if (lstat(interpreter, &st) == 0 &&
670 !S_ISLNK(st.st_mode)) {
671 t2 = strappend("_EXE=", interpreter);
672 if (!t2)
673 return log_oom();
674 }
675 } else
676 t = strappend("_EXE=", path);
677 } else if (S_ISCHR(st.st_mode))
b6a34514
LP		 678 asprintf(&t, "_KERNEL_DEVICE=c%u:%u", major(st.st_rdev), minor(st.st_rdev));
679 else if (S_ISBLK(st.st_mode))
680 asprintf(&t, "_KERNEL_DEVICE=b%u:%u", major(st.st_rdev), minor(st.st_rdev));
681 else {
fb93cf73 682 log_error("File is neither a device node, nor regular file, nor executable: %s", *i);
a963990f 683 return -EINVAL;
50940700 684 }
e5124088 685
b6a34514
LP		 686 if (!t)
687 return log_oom();
688
689 r = sd_journal_add_match(j, t, 0);
68fee104
ZJS		 690 if (t2)
691 r = sd_journal_add_match(j, t2, 0);
e5124088 692 } else
cbdca852 693 r = sd_journal_add_match(j, *i, 0);
e5124088 694
de7b95cd 695 if (r < 0) {
cbdca852 696 log_error("Failed to add match '%s': %s", *i, strerror(-r));
a963990f 697 return r;
de7b95cd
LP		 698 }
699 }
700
a963990f
LP		 701 return 0;
702}
703
a331b5e6
JJ		 704static int boot_id_cmp(const void *a, const void *b) {
705 uint64_t _a, _b;
706
f1188074
ZJS		 707 _a = ((const boot_id_t *)a)->first;
708 _b = ((const boot_id_t *)b)->first;
a331b5e6
JJ		 709
710 return _a < _b ? -1 : (_a > _b ? 1 : 0);
711}
712
f1188074
ZJS		 713static int list_boots(sd_journal *j) {
714 int r;
715 const void *data;
716 unsigned int count = 0;
717 int w, i;
718 size_t length, allocated = 0;
719 boot_id_t *id;
720 _cleanup_free_ boot_id_t *all_ids = NULL;
721
722 r = sd_journal_query_unique(j, "_BOOT_ID");
723 if (r < 0)
724 return r;
725
726 SD_JOURNAL_FOREACH_UNIQUE(j, data, length) {
727 if (length < strlen("_BOOT_ID="))
728 continue;
729
730 if (!GREEDY_REALLOC(all_ids, allocated, count + 1))
731 return log_oom();
732
733 id = &all_ids[count];
734
735 r = sd_id128_from_string(((const char *)data) + strlen("_BOOT_ID="), &id->id);
736 if (r < 0)
737 continue;
738
739 r = sd_journal_add_match(j, data, length);
740 if (r < 0)
741 return r;
742
743 r = sd_journal_seek_head(j);
744 if (r < 0)
745 return r;
746
747 r = sd_journal_next(j);
748 if (r < 0)
749 return r;
750 else if (r == 0)
751 goto flush;
752
753 r = sd_journal_get_realtime_usec(j, &id->first);
754 if (r < 0)
755 return r;
756
757 r = sd_journal_seek_tail(j);
758 if (r < 0)
759 return r;
760
761 r = sd_journal_previous(j);
762 if (r < 0)
763 return r;
764 else if (r == 0)
765 goto flush;
766
767 r = sd_journal_get_realtime_usec(j, &id->last);
768 if (r < 0)
769 return r;
770
771 count++;
772 flush:
773 sd_journal_flush_matches(j);
774 }
775
776 qsort_safe(all_ids, count, sizeof(boot_id_t), boot_id_cmp);
777
778 /* numbers are one less, but we need an extra char for the sign */
779 w = DECIMAL_STR_WIDTH(count - 1) + 1;
780
781 for (id = all_ids, i = 0; id < all_ids + count; id++, i++) {
782 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX];
783
784 printf("% *i " SD_ID128_FORMAT_STR " %s—%s\n",
785 w, i - count + 1,
786 SD_ID128_FORMAT_VAL(id->id),
787 format_timestamp(a, sizeof(a), id->first),
788 format_timestamp(b, sizeof(b), id->last));
789 }
790
791 return 0;
792}
793
a331b5e6
JJ		 794static int get_relative_boot_id(sd_journal *j, sd_id128_t *boot_id, int relative) {
795 int r;
796 const void *data;
d121b396 797 unsigned int count = 0;
a331b5e6 798 size_t length, allocated = 0;
d121b396 799 boot_id_t ref_boot_id = {SD_ID128_NULL}, *id;
a331b5e6 800 _cleanup_free_ boot_id_t *all_ids = NULL;
a331b5e6
JJ		 801
802 assert(j);
803 assert(boot_id);
804
d121b396 805 if (relative == 0 && !sd_id128_equal(*boot_id, SD_ID128_NULL))
a331b5e6
JJ		 806 return 0;
807
a331b5e6
JJ		 808 r = sd_journal_query_unique(j, "_BOOT_ID");
809 if (r < 0)
810 return r;
811
812 SD_JOURNAL_FOREACH_UNIQUE(j, data, length) {
813 if (length < strlen("_BOOT_ID="))
814 continue;
815
d121b396 816 if (!GREEDY_REALLOC(all_ids, allocated, count + 1))
a331b5e6
JJ		 817 return log_oom();
818
d121b396 819 id = &all_ids[count];
a331b5e6
JJ		 820
821 r = sd_id128_from_string(((const char *)data) + strlen("_BOOT_ID="), &id->id);
d121b396 822 if (r < 0)
a331b5e6 823 continue;
a331b5e6 824
a331b5e6
JJ		 825 r = sd_journal_add_match(j, data, length);
826 if (r < 0)
d121b396 827 return r;
a331b5e6
JJ		 828
829 r = sd_journal_seek_head(j);
830 if (r < 0)
d121b396 831 return r;
a331b5e6
JJ		 832
833 r = sd_journal_next(j);
d121b396
ZJS		 834 if (r < 0)
835 return r;
836 else if (r == 0)
837 goto flush;
a331b5e6 838
f1188074 839 r = sd_journal_get_realtime_usec(j, &id->first);
a331b5e6 840 if (r < 0)
d121b396 841 return r;
a331b5e6 842
d121b396 843 if (sd_id128_equal(id->id, *boot_id))
a331b5e6 844 ref_boot_id = *id;
a331b5e6 845
d121b396
ZJS		 846 count++;
847 flush:
848 sd_journal_flush_matches(j);
a331b5e6
JJ		 849 }
850
7ff7394d 851 qsort_safe(all_ids, count, sizeof(boot_id_t), boot_id_cmp);
a331b5e6 852
d121b396
ZJS		 853 if (sd_id128_equal(*boot_id, SD_ID128_NULL)) {
854 if (relative > (int) count || relative <= -(int)count)
855 return -EADDRNOTAVAIL;
a331b5e6 856
d121b396
ZJS		 857 *boot_id = all_ids[(relative <= 0)*count + relative - 1].id;
858 } else {
859 id = bsearch(&ref_boot_id, all_ids, count, sizeof(boot_id_t), boot_id_cmp);
a331b5e6 860
d121b396
ZJS		 861 if (!id ||
862 relative <= 0 ? (id - all_ids) + relative < 0 :
a54e3b3d 863 (id - all_ids) + relative >= (int) count)
d121b396
ZJS		 864 return -EADDRNOTAVAIL;
865
866 *boot_id = (id + relative)->id;
867 }
a963990f 868
a331b5e6
JJ		 869 return 0;
870}
871
872static int add_boot(sd_journal *j) {
873 char match[9+32+1] = "_BOOT_ID=";
d121b396
ZJS		 874 char *offset;
875 sd_id128_t boot_id = SD_ID128_NULL;
a331b5e6
JJ		 876 int r, relative = 0;
877
878 assert(j);
879
d121b396 880 if (!arg_boot)
a331b5e6
JJ		 881 return 0;
882
d121b396
ZJS		 883 if (!arg_boot_descriptor)
884 return add_match_this_boot(j);
a331b5e6 885
d121b396
ZJS		 886 if (strlen(arg_boot_descriptor) >= 32) {
887 char tmp = arg_boot_descriptor[32];
888 arg_boot_descriptor[32] = '\0';
889 r = sd_id128_from_string(arg_boot_descriptor, &boot_id);
890 arg_boot_descriptor[32] = tmp;
891
892 if (r < 0) {
893 log_error("Failed to parse boot ID '%.32s': %s",
894 arg_boot_descriptor, strerror(-r));
895 return r;
a331b5e6 896 }
a331b5e6 897
d121b396
ZJS		 898 offset = arg_boot_descriptor + 32;
899
a54e3b3d 900 if (*offset && *offset != '-' && *offset != '+') {
d121b396
ZJS		 901 log_error("Relative boot ID offset must start with a '+' or a '-', found '%s' ", offset);
902 return -EINVAL;
a331b5e6 903 }
d121b396
ZJS		 904 } else
905 offset = arg_boot_descriptor;
906
907 if (*offset) {
908 r = safe_atoi(offset, &relative);
a331b5e6 909 if (r < 0) {
d121b396
ZJS		 910 log_error("Failed to parse relative boot ID number '%s'", offset);
911 return -EINVAL;
a331b5e6
JJ		 912 }
913 }
914
915 r = get_relative_boot_id(j, &boot_id, relative);
916 if (r < 0) {
d121b396
ZJS		 917 if (sd_id128_equal(boot_id, SD_ID128_NULL))
918 log_error("Failed to look up boot %+d: %s", relative, strerror(-r));
919 else
920 log_error("Failed to look up boot ID "SD_ID128_FORMAT_STR"%+d: %s",
921 SD_ID128_FORMAT_VAL(boot_id), relative, strerror(-r));
a331b5e6 922 return r;
a331b5e6
JJ		 923 }
924
925 sd_id128_to_string(boot_id, match + 9);
d121b396
ZJS		 926
927 r = sd_journal_add_match(j, match, sizeof(match) - 1);
a331b5e6
JJ		 928 if (r < 0) {
929 log_error("Failed to add match: %s", strerror(-r));
930 return r;
931 }
932
933 r = sd_journal_add_conjunction(j);
934 if (r < 0)
935 return r;
936
937 return 0;
a963990f
LP		 938}
939
99271804
ZJS		 940static int add_dmesg(sd_journal *j) {
941 int r;
942 assert(j);
943
944 if (!arg_dmesg)
945 return 0;
946
947 r = sd_journal_add_match(j, "_TRANSPORT=kernel", strlen("_TRANSPORT=kernel"));
948 if (r < 0) {
949 log_error("Failed to add match: %s", strerror(-r));
950 return r;
951 }
952
953 r = sd_journal_add_conjunction(j);
954 if (r < 0)
955 return r;
956
957 return 0;
958}
959
b9e40524 960static int add_units(sd_journal *j) {
4750fade 961 _cleanup_free_ char *u = NULL;
c3f60ec5 962 int r;
b9e40524 963 char **i;
c3f60ec5
LP		 964
965 assert(j);
966
b9e40524
HH		 967 STRV_FOREACH(i, arg_system_units) {
968 u = unit_name_mangle(*i);
969 if (!u)
970 return log_oom();
971 r = add_matches_for_unit(j, u);
972 if (r < 0)
973 return r;
974 r = sd_journal_add_disjunction(j);
975 if (r < 0)
976 return r;
977 }
c3f60ec5 978
b9e40524
HH		 979 STRV_FOREACH(i, arg_user_units) {
980 u = unit_name_mangle(*i);
981 if (!u)
982 return log_oom();
c3f60ec5 983
7199aa96 984 r = add_matches_for_user_unit(j, u, getuid());
b9e40524
HH		 985 if (r < 0)
986 return r;
987
988 r = sd_journal_add_disjunction(j);
989 if (r < 0)
990 return r;
991
992 }
c3f60ec5 993
cd34b3c6
HH		 994 r = sd_journal_add_conjunction(j);
995 if (r < 0)
996 return r;
997
c3f60ec5
LP		 998 return 0;
999}
1000
941e990d
LP		 1001static int add_priorities(sd_journal *j) {
1002 char match[] = "PRIORITY=0";
1003 int i, r;
941e990d
LP		 1004 assert(j);
1005
1006 if (arg_priorities == 0xFF)
1007 return 0;
1008
1009 for (i = LOG_EMERG; i <= LOG_DEBUG; i++)
1010 if (arg_priorities & (1 << i)) {
1011 match[sizeof(match)-2] = '0' + i;
1012
941e990d
LP		 1013 r = sd_journal_add_match(j, match, strlen(match));
1014 if (r < 0) {
1015 log_error("Failed to add match: %s", strerror(-r));
1016 return r;
1017 }
1018 }
1019
cd34b3c6
HH		 1020 r = sd_journal_add_conjunction(j);
1021 if (r < 0)
1022 return r;
1023
941e990d
LP		 1024 return 0;
1025}
1026
7560fffc
LP		 1027static int setup_keys(void) {
1028#ifdef HAVE_GCRYPT
1029 size_t mpk_size, seed_size, state_size, i;
1030 uint8_t *mpk, *seed, *state;
1031 ssize_t l;
f982e6f7 1032 int fd = -1, r, attr = 0;
7560fffc
LP		 1033 sd_id128_t machine, boot;
1034 char *p = NULL, *k = NULL;
baed47c3 1035 struct FSSHeader h;
14d10188 1036 uint64_t n;
b98e3866
SL		 1037 struct stat st;
1038
1039 r = stat("/var/log/journal", &st);
1040 if (r < 0 && errno != ENOENT && errno != ENOTDIR) {
1041 log_error("stat(\"%s\") failed: %m", "/var/log/journal");
1042 return -errno;
1043 }
1044
1045 if (r < 0 || !S_ISDIR(st.st_mode)) {
1046 log_error("%s is not a directory, must be using persistent logging for FSS.",
1047 "/var/log/journal");
1048 return r < 0 ? -errno : -ENOTDIR;
1049 }
7560fffc
LP		 1050
1051 r = sd_id128_get_machine(&machine);
1052 if (r < 0) {
1053 log_error("Failed to get machine ID: %s", strerror(-r));
1054 return r;
1055 }
1056
1057 r = sd_id128_get_boot(&boot);
1058 if (r < 0) {
1059 log_error("Failed to get boot ID: %s", strerror(-r));
1060 return r;
1061 }
1062
baed47c3 1063 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss",
7560fffc
LP		 1064 SD_ID128_FORMAT_VAL(machine)) < 0)
1065 return log_oom();
1066
1067 if (access(p, F_OK) >= 0) {
b8547c10
SL		 1068 if (arg_force) {
1069 r = unlink(p);
1070 if (r < 0) {
1071 log_error("unlink(\"%s\") failed: %m", p);
1072 r = -errno;
1073 goto finish;
1074 }
1075 } else {
1076 log_error("Sealing key file %s exists already. (--force to recreate)", p);
1077 r = -EEXIST;
1078 goto finish;
1079 }
7560fffc
LP		 1080 }
1081
baed47c3 1082 if (asprintf(&k, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss.tmp.XXXXXX",
7560fffc
LP		 1083 SD_ID128_FORMAT_VAL(machine)) < 0) {
1084 r = log_oom();
1085 goto finish;
1086 }
1087
1088 mpk_size = FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR);
1089 mpk = alloca(mpk_size);
1090
1091 seed_size = FSPRG_RECOMMENDED_SEEDLEN;
1092 seed = alloca(seed_size);
1093
1094 state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
1095 state = alloca(state_size);
1096
1097 fd = open("/dev/random", O_RDONLY|O_CLOEXEC|O_NOCTTY);
1098 if (fd < 0) {
1099 log_error("Failed to open /dev/random: %m");
1100 r = -errno;
1101 goto finish;
1102 }
1103
1104 log_info("Generating seed...");
1105 l = loop_read(fd, seed, seed_size, true);
1106 if (l < 0 || (size_t) l != seed_size) {
1107 log_error("Failed to read random seed: %s", strerror(EIO));
1108 r = -EIO;
1109 goto finish;
1110 }
1111
1112 log_info("Generating key pair...");
1113 FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR);
1114
baed47c3 1115 log_info("Generating sealing key...");
7560fffc
LP		 1116 FSPRG_GenState0(state, mpk, seed, seed_size);
1117
baed47c3
LP		 1118 assert(arg_interval > 0);
1119
7560fffc 1120 n = now(CLOCK_REALTIME);
baed47c3 1121 n /= arg_interval;
7560fffc
LP		 1122
1123 close_nointr_nofail(fd);
1124 fd = mkostemp(k, O_WRONLY|O_CLOEXEC|O_NOCTTY);
1125 if (fd < 0) {
1126 log_error("Failed to open %s: %m", k);
1127 r = -errno;
1128 goto finish;
1129 }
1130
f982e6f7
LP		 1131 /* Enable secure remove, exclusion from dump, synchronous
1132 * writing and in-place updating */
1133 if (ioctl(fd, FS_IOC_GETFLAGS, &attr) < 0)
1134 log_warning("FS_IOC_GETFLAGS failed: %m");
1135
1136 attr |= FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL;
1137
1138 if (ioctl(fd, FS_IOC_SETFLAGS, &attr) < 0)
1139 log_warning("FS_IOC_SETFLAGS failed: %m");
1140
7560fffc
LP		 1141 zero(h);
1142 memcpy(h.signature, "KSHHRHLP", 8);
1143 h.machine_id = machine;
1144 h.boot_id = boot;
1145 h.header_size = htole64(sizeof(h));
baed47c3
LP		 1146 h.start_usec = htole64(n * arg_interval);
1147 h.interval_usec = htole64(arg_interval);
1148 h.fsprg_secpar = htole16(FSPRG_RECOMMENDED_SECPAR);
1149 h.fsprg_state_size = htole64(state_size);
7560fffc
LP		 1150
1151 l = loop_write(fd, &h, sizeof(h), false);
1152 if (l < 0 || (size_t) l != sizeof(h)) {
1153 log_error("Failed to write header: %s", strerror(EIO));
1154 r = -EIO;
1155 goto finish;
1156 }
1157
1158 l = loop_write(fd, state, state_size, false);
1159 if (l < 0 || (size_t) l != state_size) {
1160 log_error("Failed to write state: %s", strerror(EIO));
1161 r = -EIO;
1162 goto finish;
1163 }
1164
1165 if (link(k, p) < 0) {
1166 log_error("Failed to link file: %m");
1167 r = -errno;
1168 goto finish;
1169 }
1170
8481248b 1171 if (on_tty()) {
7560fffc
LP		 1172 fprintf(stderr,
1173 "\n"
baed47c3 1174 "The new key pair has been generated. The " ANSI_HIGHLIGHT_ON "secret sealing key" ANSI_HIGHLIGHT_OFF " has been written to\n"
c05276f2
LP		 1175 "the following local file. This key file is automatically updated when the\n"
1176 "sealing key is advanced. It should not be used on multiple hosts.\n"
7560fffc
LP		 1177 "\n"
1178 "\t%s\n"
1179 "\n"
baed47c3
LP		 1180 "Please write down the following " ANSI_HIGHLIGHT_ON "secret verification key" ANSI_HIGHLIGHT_OFF ". It should be stored\n"
1181 "at a safe location and should not be saved locally on disk.\n"
7560fffc
LP		 1182 "\n\t" ANSI_HIGHLIGHT_RED_ON, p);
1183 fflush(stderr);
1184 }
1185 for (i = 0; i < seed_size; i++) {
1186 if (i > 0 && i % 3 == 0)
1187 putchar('-');
1188 printf("%02x", ((uint8_t*) seed)[i]);
1189 }
1190
baed47c3
LP		 1191 printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
1192
8481248b 1193 if (on_tty()) {
f6a971bc 1194 char tsb[FORMAT_TIMESPAN_MAX], *hn;
7560fffc 1195
baed47c3
LP		 1196 fprintf(stderr,
1197 ANSI_HIGHLIGHT_OFF "\n"
1198 "The sealing key is automatically changed every %s.\n",
2fa4092c 1199 format_timespan(tsb, sizeof(tsb), arg_interval, 0));
f6a971bc
LP		 1200
1201 hn = gethostname_malloc();
1202
1203 if (hn) {
e724b063 1204 hostname_cleanup(hn, false);
adac1c93 1205 fprintf(stderr, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR ".\n", hn, SD_ID128_FORMAT_VAL(machine));
f6a971bc 1206 } else
adac1c93 1207 fprintf(stderr, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
f6a971bc
LP		 1208
1209#ifdef HAVE_QRENCODE
cf5a3432 1210 /* If this is not an UTF-8 system don't print any QR codes */
09017585 1211 if (is_locale_utf8()) {
cf5a3432
LP		 1212 fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr);
1213 print_qr_code(stderr, seed, seed_size, n, arg_interval, hn, machine);
1214 }
f6a971bc
LP		 1215#endif
1216 free(hn);
baed47c3 1217 }
7560fffc
LP		 1218
1219 r = 0;
1220
1221finish:
1222 if (fd >= 0)
1223 close_nointr_nofail(fd);
1224
1225 if (k) {
1226 unlink(k);
1227 free(k);
1228 }
1229
1230 free(p);
1231
1232 return r;
1233#else
feb12d3e
LP		 1234 log_error("Forward-secure sealing not available.");
1235 return -ENOTSUP;
7560fffc
LP		 1236#endif
1237}
1238
beec0085
LP		 1239static int verify(sd_journal *j) {
1240 int r = 0;
1241 Iterator i;
1242 JournalFile *f;
1243
1244 assert(j);
1245
cedb42bb
LP		 1246 log_show_color(true);
1247
beec0085
LP		 1248 HASHMAP_FOREACH(f, j->files, i) {
1249 int k;
2a7b539a 1250 usec_t first, validated, last;
beec0085 1251
56e81f7c 1252#ifdef HAVE_GCRYPT
feb12d3e 1253 if (!arg_verify_key && JOURNAL_HEADER_SEALED(f->header))
cedb42bb 1254 log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f->path);
56e81f7c 1255#endif
4da416aa 1256
2a7b539a 1257 k = journal_file_verify(f, arg_verify_key, &first, &validated, &last, true);
56e81f7c 1258 if (k == -EINVAL) {
baed47c3 1259 /* If the key was invalid give up right-away. */
56e81f7c
LP		 1260 return k;
1261 } else if (k < 0) {
beec0085 1262 log_warning("FAIL: %s (%s)", f->path, strerror(-k));
56e81f7c 1263 r = k;
6c7be122
LP		 1264 } else {
1265 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX], c[FORMAT_TIMESPAN_MAX];
beec0085 1266 log_info("PASS: %s", f->path);
6c7be122 1267
c0ca7aee 1268 if (arg_verify_key && JOURNAL_HEADER_SEALED(f->header)) {
2a7b539a 1269 if (validated > 0) {
c0ca7aee 1270 log_info("=> Validated from %s to %s, final %s entries not sealed.",
2a7b539a
LP		 1271 format_timestamp(a, sizeof(a), first),
1272 format_timestamp(b, sizeof(b), validated),
2fa4092c 1273 format_timespan(c, sizeof(c), last > validated ? last - validated : 0, 0));
2a7b539a 1274 } else if (last > 0)
c0ca7aee 1275 log_info("=> No sealing yet, %s of entries not sealed.",
2fa4092c 1276 format_timespan(c, sizeof(c), last - first, 0));
c0ca7aee
LP		 1277 else
1278 log_info("=> No sealing yet, no entries in file.");
1279 }
6c7be122 1280 }
beec0085
LP		 1281 }
1282
1283 return r;
1284}
1285
15804ceb 1286#ifdef HAVE_ACL
6fe391c5
ZJS		 1287static int access_check_var_log_journal(sd_journal *j) {
1288 _cleanup_strv_free_ char **g = NULL;
1289 bool have_access;
1290 int r;
1291
1292 assert(j);
1293
1294 have_access = in_group("systemd-journal") > 0;
1295
1296 if (!have_access) {
1297 /* Let's enumerate all groups from the default ACL of
1298 * the directory, which generally should allow access
1299 * to most journal files too */
1300 r = search_acl_groups(&g, "/var/log/journal/", &have_access);
1301 if (r < 0)
1302 return r;
15804ceb
LP		 1303 }
1304
6fe391c5 1305 if (!have_access) {
4468addc 1306
6fe391c5 1307 if (strv_isempty(g))
3ac251b8
LP		 1308 log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
1309 " Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
1310 " turn off this notice.");
6fe391c5
ZJS		 1311 else {
1312 _cleanup_free_ char *s = NULL;
4468addc 1313
6fe391c5 1314 r = strv_extend(&g, "systemd-journal");
478c8269 1315 if (r < 0)
6fe391c5
ZJS		 1316 return log_oom();
1317
1318 strv_sort(g);
1319 strv_uniq(g);
1320
1321 s = strv_join(g, "', '");
1322 if (!s)
1323 return log_oom();
1324
1325 log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
3ac251b8
LP		 1326 " Users in the groups '%s' can see all messages.\n"
1327 " Pass -q to turn off this notice.", s);
4468addc 1328 }
6fe391c5 1329 }
4468addc 1330
6fe391c5
ZJS		 1331 return 0;
1332}
1333#endif
4468addc 1334
6fe391c5 1335static int access_check(sd_journal *j) {
6fe391c5 1336 Iterator it;
3ac251b8 1337 void *code;
6fe391c5 1338 int r = 0;
4468addc 1339
6fe391c5 1340 assert(j);
4468addc 1341
6fe391c5
ZJS		 1342 if (set_isempty(j->errors)) {
1343 if (hashmap_isempty(j->files))
3ac251b8 1344 log_notice("No journal files were found.");
6fe391c5
ZJS		 1345 return 0;
1346 }
4468addc 1347
3ac251b8 1348 if (set_contains(j->errors, INT_TO_PTR(-EACCES))) {
6fe391c5
ZJS		 1349#ifdef HAVE_ACL
1350 /* If /var/log/journal doesn't even exist,
3ac251b8 1351 * unprivileged users have no access at all */
6fe391c5
ZJS		 1352 if (access("/var/log/journal", F_OK) < 0 &&
1353 geteuid() != 0 &&
1354 in_group("systemd-journal") <= 0) {
3ac251b8
LP		 1355 log_error("Unprivileged users cannot access messages, unless persistent log storage is\n"
1356 "enabled. Users in the 'systemd-journal' group may always access messages.");
6fe391c5
ZJS		 1357 return -EACCES;
1358 }
4468addc 1359
6fe391c5
ZJS		 1360 /* If /var/log/journal exists, try to pring a nice
1361 notice if the user lacks access to it */
1362 if (!arg_quiet && geteuid() != 0) {
1363 r = access_check_var_log_journal(j);
1364 if (r < 0)
1365 return r;
4468addc 1366 }
15804ceb 1367#else
3ac251b8
LP		 1368 if (geteuid() != 0 && in_group("systemd-journal") <= 0) {
1369 log_error("Unprivileged users cannot access messages. Users in the 'systemd-journal' group\n"
1370 "group may access messages.");
1371 return -EACCES;
1372 }
15804ceb 1373#endif
3ac251b8 1374
6fe391c5 1375 if (hashmap_isempty(j->files)) {
3ac251b8 1376 log_error("No journal files were opened due to insufficient permissions.");
6fe391c5
ZJS		 1377 r = -EACCES;
1378 }
1379 }
15804ceb 1380
6fe391c5 1381 SET_FOREACH(code, j->errors, it) {
3ac251b8
LP		 1382 int err;
1383
1384 err = -PTR_TO_INT(code);
6fe391c5 1385 assert(err > 0);
3ac251b8 1386
6fe391c5
ZJS		 1387 if (err != EACCES)
1388 log_warning("Error was encountered while opening journal files: %s",
1389 strerror(err));
1390 }
1391
6fe391c5 1392 return r;
15804ceb
LP		 1393}
1394
a963990f
LP		 1395int main(int argc, char *argv[]) {
1396 int r;
289f910e 1397 _cleanup_journal_close_ sd_journal *j = NULL;
a963990f 1398 bool need_seek = false;
14a65d65 1399 sd_id128_t previous_boot_id;
67e04a48
ZJS		 1400 bool previous_boot_id_valid = false, first_line = true;
1401 int n_shown = 0;
94e0bd7d 1402 bool ellipsized = false;
a963990f 1403
a9cdc94f 1404 setlocale(LC_ALL, "");
a963990f
LP		 1405 log_parse_environment();
1406 log_open();
1407
1408 r = parse_argv(argc, argv);
1409 if (r <= 0)
1410 goto finish;
1411
ed757c0c
LP		 1412 signal(SIGWINCH, columns_lines_cache_reset);
1413
7560fffc 1414 if (arg_action == ACTION_NEW_ID128) {
a963990f
LP		 1415 r = generate_new_id128();
1416 goto finish;
1417 }
1418
7560fffc
LP		 1419 if (arg_action == ACTION_SETUP_KEYS) {
1420 r = setup_keys();
1421 goto finish;
1422 }
1423
844ec79b
ZJS		 1424 if (arg_action == ACTION_UPDATE_CATALOG ||
1425 arg_action == ACTION_LIST_CATALOG ||
1426 arg_action == ACTION_DUMP_CATALOG) {
1427
0db80948 1428 const char* database = CATALOG_DATABASE;
7fd1b19b 1429 _cleanup_free_ char *copy = NULL;
0db80948
ZJS		 1430 if (arg_root) {
1431 copy = strjoin(arg_root, "/", CATALOG_DATABASE, NULL);
3a819b1b 1432 if (!copy) {
0db80948
ZJS		 1433 r = log_oom();
1434 goto finish;
1435 }
1436 path_kill_slashes(copy);
1437 database = copy;
13cbf3a5
ZJS		 1438 }
1439
844ec79b 1440 if (arg_action == ACTION_UPDATE_CATALOG) {
13cbf3a5 1441 r = catalog_update(database, arg_root, catalog_file_dirs);
844ec79b
ZJS		 1442 if (r < 0)
1443 log_error("Failed to list catalog: %s", strerror(-r));
1444 } else {
1445 bool oneline = arg_action == ACTION_LIST_CATALOG;
1446
1447 if (optind < argc)
13cbf3a5 1448 r = catalog_list_items(stdout, database,
844ec79b
ZJS		 1449 oneline, argv + optind);
1450 else
13cbf3a5 1451 r = catalog_list(stdout, database, oneline);
844ec79b
ZJS		 1452 if (r < 0)
1453 log_error("Failed to list catalog: %s", strerror(-r));
1454 }
d4205751 1455
d4205751
LP		 1456 goto finish;
1457 }
1458
a963990f 1459 if (arg_directory)
3f3a438f 1460 r = sd_journal_open_directory(&j, arg_directory, arg_journal_type);
8d98da3f
ZJS		 1461 else if (arg_file)
1462 r = sd_journal_open_files(&j, (const char**) arg_file, 0);
a963990f 1463 else
3f3a438f 1464 r = sd_journal_open(&j, !arg_merge*SD_JOURNAL_LOCAL_ONLY + arg_journal_type);
a963990f 1465 if (r < 0) {
8d98da3f
ZJS		 1466 log_error("Failed to open %s: %s",
1467 arg_directory ? arg_directory : arg_file ? "files" : "journal",
1468 strerror(-r));
763c7aa2 1469 return EXIT_FAILURE;
a963990f
LP		 1470 }
1471
6fe391c5
ZJS		 1472 r = access_check(j);
1473 if (r < 0)
1474 return EXIT_FAILURE;
1475
beec0085
LP		 1476 if (arg_action == ACTION_VERIFY) {
1477 r = verify(j);
1478 goto finish;
1479 }
1480
7560fffc 1481 if (arg_action == ACTION_PRINT_HEADER) {
dca6219e 1482 journal_print_header(j);
763c7aa2 1483 return EXIT_SUCCESS;
dca6219e
LP		 1484 }
1485
a1a03e30
LP		 1486 if (arg_action == ACTION_DISK_USAGE) {
1487 uint64_t bytes;
1488 char sbytes[FORMAT_BYTES_MAX];
1489
1490 r = sd_journal_get_usage(j, &bytes);
1491 if (r < 0)
763c7aa2 1492 return EXIT_FAILURE;
a1a03e30 1493
763c7aa2
ZJS		 1494 printf("Journals take up %s on disk.\n",
1495 format_bytes(sbytes, sizeof(sbytes), bytes));
1496 return EXIT_SUCCESS;
a1a03e30
LP		 1497 }
1498
f1188074
ZJS		 1499 if (arg_action == ACTION_LIST_BOOTS) {
1500 r = list_boots(j);
1501 goto finish;
1502 }
1503
a331b5e6
JJ		 1504 /* add_boot() must be called first!
1505 * It may need to seek the journal to find parent boot IDs. */
1506 r = add_boot(j);
a963990f 1507 if (r < 0)
763c7aa2 1508 return EXIT_FAILURE;
a963990f 1509
99271804
ZJS		 1510 r = add_dmesg(j);
1511 if (r < 0)
1512 return EXIT_FAILURE;
1513
b9e40524
HH		 1514 r = add_units(j);
1515 strv_free(arg_system_units);
1516 strv_free(arg_user_units);
1517
c3f60ec5 1518 if (r < 0)
763c7aa2 1519 return EXIT_FAILURE;
c3f60ec5 1520
cd34b3c6 1521 r = add_priorities(j);
a963990f 1522 if (r < 0)
763c7aa2 1523 return EXIT_FAILURE;
a963990f 1524
cd34b3c6 1525 r = add_matches(j, argv + optind);
941e990d 1526 if (r < 0)
763c7aa2 1527 return EXIT_FAILURE;
941e990d 1528
4ad16808
ZJS		 1529 if (_unlikely_(log_get_max_level() >= LOG_PRI(LOG_DEBUG))) {
1530 _cleanup_free_ char *filter;
1531
1532 filter = journal_make_match_string(j);
1533 log_debug("Journal filter: %s", filter);
1534 }
67e04a48 1535
15119c16
LP		 1536 if (arg_field) {
1537 const void *data;
1538 size_t size;
1539
21ae4593
ZJS		 1540 r = sd_journal_set_data_threshold(j, 0);
1541 if (r < 0) {
1542 log_error("Failed to unset data size threshold");
1543 return EXIT_FAILURE;
1544 }
1545
15119c16
LP		 1546 r = sd_journal_query_unique(j, arg_field);
1547 if (r < 0) {
1548 log_error("Failed to query unique data objects: %s", strerror(-r));
763c7aa2 1549 return EXIT_FAILURE;
15119c16
LP		 1550 }
1551
1552 SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
1553 const void *eq;
1554
67e04a48 1555 if (arg_lines >= 0 && n_shown >= arg_lines)
fd6e8875
LP		 1556 break;
1557
15119c16
LP		 1558 eq = memchr(data, '=', size);
1559 if (eq)
1560 printf("%.*s\n", (int) (size - ((const uint8_t*) eq - (const uint8_t*) data + 1)), (const char*) eq + 1);
1561 else
1562 printf("%.*s\n", (int) size, (const char*) data);
fd6e8875
LP		 1563
1564 n_shown ++;
15119c16
LP		 1565 }
1566
763c7aa2 1567 return EXIT_SUCCESS;
15119c16
LP		 1568 }
1569
8d98da3f
ZJS		 1570 /* Opening the fd now means the first sd_journal_wait() will actually wait */
1571 if (arg_follow) {
1572 r = sd_journal_get_fd(j);
1573 if (r < 0)
1574 return EXIT_FAILURE;
1575 }
1576
248fc619
ZJS		 1577 if (arg_cursor || arg_after_cursor) {
1578 r = sd_journal_seek_cursor(j, arg_cursor ? arg_cursor : arg_after_cursor);
08984293 1579 if (r < 0) {
cfbc22ab 1580 log_error("Failed to seek to cursor: %s", strerror(-r));
763c7aa2 1581 return EXIT_FAILURE;
08984293 1582 }
d89d6c86 1583 if (!arg_reverse)
248fc619 1584 r = sd_journal_next_skip(j, 1 + !!arg_after_cursor);
d89d6c86 1585 else
248fc619
ZJS		 1586 r = sd_journal_previous_skip(j, 1 + !!arg_after_cursor);
1587
1588 if (arg_after_cursor && r < 2 && !arg_follow)
1589 /* We couldn't find the next entry after the cursor. */
1590 arg_lines = 0;
08984293 1591
d89d6c86 1592 } else if (arg_since_set && !arg_reverse) {
cfbc22ab 1593 r = sd_journal_seek_realtime_usec(j, arg_since);
8f14c832 1594 if (r < 0) {
cfbc22ab 1595 log_error("Failed to seek to date: %s", strerror(-r));
763c7aa2 1596 return EXIT_FAILURE;
8f14c832 1597 }
8f14c832
LP		 1598 r = sd_journal_next(j);
1599
d89d6c86
LN		 1600 } else if (arg_until_set && arg_reverse) {
1601 r = sd_journal_seek_realtime_usec(j, arg_until);
1602 if (r < 0) {
1603 log_error("Failed to seek to date: %s", strerror(-r));
763c7aa2 1604 return EXIT_FAILURE;
d89d6c86
LN		 1605 }
1606 r = sd_journal_previous(j);
1607
67e04a48 1608 } else if (arg_lines >= 0) {
2100675e
LP		 1609 r = sd_journal_seek_tail(j);
1610 if (r < 0) {
1611 log_error("Failed to seek to tail: %s", strerror(-r));
763c7aa2 1612 return EXIT_FAILURE;
2100675e
LP		 1613 }
1614
1615 r = sd_journal_previous_skip(j, arg_lines);
8f14c832 1616
d89d6c86
LN		 1617 } else if (arg_reverse) {
1618 r = sd_journal_seek_tail(j);
1619 if (r < 0) {
1620 log_error("Failed to seek to tail: %s", strerror(-r));
763c7aa2 1621 return EXIT_FAILURE;
d89d6c86
LN		 1622 }
1623
1624 r = sd_journal_previous(j);
1625
2100675e
LP		 1626 } else {
1627 r = sd_journal_seek_head(j);
1628 if (r < 0) {
1629 log_error("Failed to seek to head: %s", strerror(-r));
763c7aa2 1630 return EXIT_FAILURE;
2100675e 1631 }
6f003b43
LP		 1632
1633 r = sd_journal_next(j);
1634 }
1635
1636 if (r < 0) {
1637 log_error("Failed to iterate through journal: %s", strerror(-r));
763c7aa2 1638 return EXIT_FAILURE;
50f20cfd 1639 }
87d2c1ff 1640
f89a3b6f 1641 if (!arg_no_pager && !arg_follow)
1b12a7b5 1642 pager_open(arg_pager_end);
0d43c694 1643
cfbc22ab
LP		 1644 if (!arg_quiet) {
1645 usec_t start, end;
1646 char start_buf[FORMAT_TIMESTAMP_MAX], end_buf[FORMAT_TIMESTAMP_MAX];
1647
1648 r = sd_journal_get_cutoff_realtime_usec(j, &start, &end);
1649 if (r < 0) {
1650 log_error("Failed to get cutoff: %s", strerror(-r));
1651 goto finish;
1652 }
1653
1654 if (r > 0) {
1655 if (arg_follow)
9048b11f
LP		 1656 printf("-- Logs begin at %s. --\n",
1657 format_timestamp(start_buf, sizeof(start_buf), start));
cfbc22ab 1658 else
9048b11f 1659 printf("-- Logs begin at %s, end at %s. --\n",
cfbc22ab
LP		 1660 format_timestamp(start_buf, sizeof(start_buf), start),
1661 format_timestamp(end_buf, sizeof(end_buf), end));
1662 }
1663 }
1664
50f20cfd 1665 for (;;) {
67e04a48 1666 while (arg_lines < 0 || n_shown < arg_lines || (arg_follow && !first_line)) {
cfbc22ab
LP		 1667 int flags;
1668
6f003b43 1669 if (need_seek) {
99613ec5 1670 if (!arg_reverse)
d89d6c86
LN		 1671 r = sd_journal_next(j);
1672 else
1673 r = sd_journal_previous(j);
6f003b43
LP		 1674 if (r < 0) {
1675 log_error("Failed to iterate through journal: %s", strerror(-r));
1676 goto finish;
1677 }
a72b6353
ZJS		 1678 if (r == 0)
1679 break;
0d43c694
LP		 1680 }
1681
d89d6c86 1682 if (arg_until_set && !arg_reverse) {
cfbc22ab
LP		 1683 usec_t usec;
1684
1685 r = sd_journal_get_realtime_usec(j, &usec);
1686 if (r < 0) {
1687 log_error("Failed to determine timestamp: %s", strerror(-r));
1688 goto finish;
1689 }
3ba09ee8
PF		 1690 if (usec > arg_until)
1691 goto finish;
cfbc22ab
LP		 1692 }
1693
d89d6c86
LN		 1694 if (arg_since_set && arg_reverse) {
1695 usec_t usec;
1696
1697 r = sd_journal_get_realtime_usec(j, &usec);
1698 if (r < 0) {
1699 log_error("Failed to determine timestamp: %s", strerror(-r));
1700 goto finish;
1701 }
1702 if (usec < arg_since)
1703 goto finish;
1704 }
1705
cd931c0a
LP		 1706 if (!arg_merge) {
1707 sd_id128_t boot_id;
14a65d65 1708
cd931c0a
LP		 1709 r = sd_journal_get_monotonic_usec(j, NULL, &boot_id);
1710 if (r >= 0) {
1711 if (previous_boot_id_valid &&
1712 !sd_id128_equal(boot_id, previous_boot_id))
0b5a519c
DS		 1713 printf("%s-- Reboot --%s\n",
1714 ansi_highlight(), ansi_highlight_off());
cd931c0a
LP		 1715
1716 previous_boot_id = boot_id;
1717 previous_boot_id_valid = true;
1718 }
14a65d65
LP		 1719 }
1720
cfbc22ab 1721 flags =
cd4b13e0 1722 arg_all * OUTPUT_SHOW_ALL |
2b8f6883 1723 arg_full * OUTPUT_FULL_WIDTH |
d4205751
LP		 1724 on_tty() * OUTPUT_COLOR |
1725 arg_catalog * OUTPUT_CATALOG;
cfbc22ab 1726
94e0bd7d 1727 r = output_journal(stdout, j, arg_output, 0, flags, &ellipsized);
a72b6353
ZJS		 1728 need_seek = true;
1729 if (r == -EADDRNOTAVAIL)
1730 break;
1731 else if (r < 0 || ferror(stdout))
72f59706 1732 goto finish;
6f003b43 1733
cfbc22ab 1734 n_shown++;
87d2c1ff
LP		 1735 }
1736
248fc619
ZJS		 1737 if (!arg_follow) {
1738 if (arg_show_cursor) {
1739 _cleanup_free_ char *cursor = NULL;
1740
1741 r = sd_journal_get_cursor(j, &cursor);
1742 if (r < 0 && r != -EADDRNOTAVAIL)
1743 log_error("Failed to get cursor: %s", strerror(-r));
1744 else if (r >= 0)
1745 printf("-- cursor: %s\n", cursor);
1746 }
1747
50f20cfd 1748 break;
248fc619 1749 }
50f20cfd 1750
e02d1cf7 1751 r = sd_journal_wait(j, (uint64_t) -1);
50f20cfd 1752 if (r < 0) {
7a69007a 1753 log_error("Couldn't wait for journal event: %s", strerror(-r));
50f20cfd
LP		 1754 goto finish;
1755 }
67e04a48
ZJS		 1756
1757 first_line = false;
de190aef 1758 }
87d2c1ff
LP		 1759
1760finish:
0d43c694
LP		 1761 pager_close();
1762
3fbf9cbb 1763 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
87d2c1ff 1764}
Unnamed repository; edit this file 'description' to name the repository.