]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/journal/journalctl.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
journalctl: update hint now that we set ACL everywhere
[thirdparty/systemd.git] / src / journal / journalctl.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2011 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <locale.h>
23 #include <fcntl.h>
24 #include <fnmatch.h>
25 #include <errno.h>
26 #include <stddef.h>
27 #include <string.h>
28 #include <stdio.h>
29 #include <unistd.h>
30 #include <stdlib.h>
31 #include <getopt.h>
32 #include <signal.h>
33 #include <poll.h>
34 #include <sys/stat.h>
35 #include <sys/inotify.h>
36 #include <linux/fs.h>
37
38 #include "sd-journal.h"
39 #include "sd-bus.h"
40
41 #include "log.h"
42 #include "logs-show.h"
43 #include "util.h"
44 #include "acl-util.h"
45 #include "path-util.h"
46 #include "fileio.h"
47 #include "build.h"
48 #include "pager.h"
49 #include "strv.h"
50 #include "set.h"
51 #include "sigbus.h"
52 #include "journal-internal.h"
53 #include "journal-def.h"
54 #include "journal-verify.h"
55 #include "journal-qrcode.h"
56 #include "journal-vacuum.h"
57 #include "fsprg.h"
58 #include "unit-name.h"
59 #include "catalog.h"
60 #include "mkdir.h"
61 #include "bus-util.h"
62 #include "bus-error.h"
63
64 #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
65
66 enum {
67 /* Special values for arg_lines */
68 ARG_LINES_DEFAULT = -2,
69 ARG_LINES_ALL = -1,
70 };
71
72 static OutputMode arg_output = OUTPUT_SHORT;
73 static bool arg_utc = false;
74 static bool arg_pager_end = false;
75 static bool arg_follow = false;
76 static bool arg_full = true;
77 static bool arg_all = false;
78 static bool arg_no_pager = false;
79 static int arg_lines = ARG_LINES_DEFAULT;
80 static bool arg_no_tail = false;
81 static bool arg_quiet = false;
82 static bool arg_merge = false;
83 static bool arg_boot = false;
84 static sd_id128_t arg_boot_id = {};
85 static int arg_boot_offset = 0;
86 static bool arg_dmesg = false;
87 static const char *arg_cursor = NULL;
88 static const char *arg_after_cursor = NULL;
89 static bool arg_show_cursor = false;
90 static const char *arg_directory = NULL;
91 static char **arg_file = NULL;
92 static int arg_priorities = 0xFF;
93 static const char *arg_verify_key = NULL;
94 #ifdef HAVE_GCRYPT
95 static usec_t arg_interval = DEFAULT_FSS_INTERVAL_USEC;
96 static bool arg_force = false;
97 #endif
98 static usec_t arg_since, arg_until;
99 static bool arg_since_set = false, arg_until_set = false;
100 static char **arg_syslog_identifier = NULL;
101 static char **arg_system_units = NULL;
102 static char **arg_user_units = NULL;
103 static const char *arg_field = NULL;
104 static bool arg_catalog = false;
105 static bool arg_reverse = false;
106 static int arg_journal_type = 0;
107 static const char *arg_root = NULL;
108 static const char *arg_machine = NULL;
109 static off_t arg_vacuum_size = (off_t) -1;
110 static usec_t arg_vacuum_time = USEC_INFINITY;
111
112 static enum {
113 ACTION_SHOW,
114 ACTION_NEW_ID128,
115 ACTION_PRINT_HEADER,
116 ACTION_SETUP_KEYS,
117 ACTION_VERIFY,
118 ACTION_DISK_USAGE,
119 ACTION_LIST_CATALOG,
120 ACTION_DUMP_CATALOG,
121 ACTION_UPDATE_CATALOG,
122 ACTION_LIST_BOOTS,
123 ACTION_FLUSH,
124 ACTION_VACUUM,
125 } arg_action = ACTION_SHOW;
126
127 typedef struct boot_id_t {
128 sd_id128_t id;
129 uint64_t first;
130 uint64_t last;
131 } boot_id_t;
132
133 static void pager_open_if_enabled(void) {
134
135 if (arg_no_pager)
136 return;
137
138 pager_open(arg_pager_end);
139 }
140
141 static char *format_timestamp_maybe_utc(char *buf, size_t l, usec_t t) {
142
143 if (arg_utc)
144 return format_timestamp_utc(buf, l, t);
145
146 return format_timestamp(buf, l, t);
147 }
148
149 static int parse_boot_descriptor(const char *x, sd_id128_t *boot_id, int *offset) {
150 sd_id128_t id = SD_ID128_NULL;
151 int off = 0, r;
152
153 if (strlen(x) >= 32) {
154 char *t;
155
156 t = strndupa(x, 32);
157 r = sd_id128_from_string(t, &id);
158 if (r >= 0)
159 x += 32;
160
161 if (*x != '-' && *x != '+' && *x != 0)
162 return -EINVAL;
163
164 if (*x != 0) {
165 r = safe_atoi(x, &off);
166 if (r < 0)
167 return r;
168 }
169 } else {
170 r = safe_atoi(x, &off);
171 if (r < 0)
172 return r;
173 }
174
175 if (boot_id)
176 *boot_id = id;
177
178 if (offset)
179 *offset = off;
180
181 return 0;
182 }
183
184 static void help(void) {
185
186 pager_open_if_enabled();
187
188 printf("%s [OPTIONS...] [MATCHES...]\n\n"
189 "Query the journal.\n\n"
190 "Flags:\n"
191 " --system Show the system journal\n"
192 " --user Show the user journal for the current user\n"
193 " -M --machine=CONTAINER Operate on local container\n"
194 " --since=DATE Show entries not older than the specified date\n"
195 " --until=DATE Show entries not newer than the specified date\n"
196 " -c --cursor=CURSOR Show entries starting at the specified cursor\n"
197 " --after-cursor=CURSOR Show entries after the specified cursor\n"
198 " --show-cursor Print the cursor after all the entries\n"
199 " -b --boot[=ID] Show current boot or the specified boot\n"
200 " --list-boots Show terse information about recorded boots\n"
201 " -k --dmesg Show kernel message log from the current boot\n"
202 " -u --unit=UNIT Show logs from the specified unit\n"
203 " --user-unit=UNIT Show logs from the specified user unit\n"
204 " -t --identifier=STRING Show entries with the specified syslog identifier\n"
205 " -p --priority=RANGE Show entries with the specified priority\n"
206 " -e --pager-end Immediately jump to the end in the pager\n"
207 " -f --follow Follow the journal\n"
208 " -n --lines[=INTEGER] Number of journal entries to show\n"
209 " --no-tail Show all lines, even in follow mode\n"
210 " -r --reverse Show the newest entries first\n"
211 " -o --output=STRING Change journal output mode (short, short-iso,\n"
212 " short-precise, short-monotonic, verbose,\n"
213 " export, json, json-pretty, json-sse, cat)\n"
214 " --utc Express time in Coordinated Universal Time (UTC)\n"
215 " -x --catalog Add message explanations where available\n"
216 " --no-full Ellipsize fields\n"
217 " -a --all Show all fields, including long and unprintable\n"
218 " -q --quiet Do not show privilege warning\n"
219 " --no-pager Do not pipe output into a pager\n"
220 " -m --merge Show entries from all available journals\n"
221 " -D --directory=PATH Show journal files from directory\n"
222 " --file=PATH Show journal file\n"
223 " --root=ROOT Operate on catalog files underneath the root ROOT\n"
224 #ifdef HAVE_GCRYPT
225 " --interval=TIME Time interval for changing the FSS sealing key\n"
226 " --verify-key=KEY Specify FSS verification key\n"
227 " --force Override of the FSS key pair with --setup-keys\n"
228 #endif
229 "\nCommands:\n"
230 " -h --help Show this help text\n"
231 " --version Show package version\n"
232 " -F --field=FIELD List all values that a specified field takes\n"
233 " --new-id128 Generate a new 128-bit ID\n"
234 " --disk-usage Show total disk usage of all journal files\n"
235 " --vacuum-size=BYTES Reduce disk usage below specified size\n"
236 " --vacuum-time=TIME Remove journal files older than specified date\n"
237 " --flush Flush all journal data from /run into /var\n"
238 " --header Show journal header information\n"
239 " --list-catalog Show all message IDs in the catalog\n"
240 " --dump-catalog Show entries in the message catalog\n"
241 " --update-catalog Update the message catalog database\n"
242 #ifdef HAVE_GCRYPT
243 " --setup-keys Generate a new FSS key pair\n"
244 " --verify Verify journal file consistency\n"
245 #endif
246 , program_invocation_short_name);
247 }
248
249 static int parse_argv(int argc, char *argv[]) {
250
251 enum {
252 ARG_VERSION = 0x100,
253 ARG_NO_PAGER,
254 ARG_NO_FULL,
255 ARG_NO_TAIL,
256 ARG_NEW_ID128,
257 ARG_LIST_BOOTS,
258 ARG_USER,
259 ARG_SYSTEM,
260 ARG_ROOT,
261 ARG_HEADER,
262 ARG_SETUP_KEYS,
263 ARG_FILE,
264 ARG_INTERVAL,
265 ARG_VERIFY,
266 ARG_VERIFY_KEY,
267 ARG_DISK_USAGE,
268 ARG_SINCE,
269 ARG_UNTIL,
270 ARG_AFTER_CURSOR,
271 ARG_SHOW_CURSOR,
272 ARG_USER_UNIT,
273 ARG_LIST_CATALOG,
274 ARG_DUMP_CATALOG,
275 ARG_UPDATE_CATALOG,
276 ARG_FORCE,
277 ARG_UTC,
278 ARG_FLUSH,
279 ARG_VACUUM_SIZE,
280 ARG_VACUUM_TIME,
281 };
282
283 static const struct option options[] = {
284 { "help", no_argument, NULL, 'h' },
285 { "version" , no_argument, NULL, ARG_VERSION },
286 { "no-pager", no_argument, NULL, ARG_NO_PAGER },
287 { "pager-end", no_argument, NULL, 'e' },
288 { "follow", no_argument, NULL, 'f' },
289 { "force", no_argument, NULL, ARG_FORCE },
290 { "output", required_argument, NULL, 'o' },
291 { "all", no_argument, NULL, 'a' },
292 { "full", no_argument, NULL, 'l' },
293 { "no-full", no_argument, NULL, ARG_NO_FULL },
294 { "lines", optional_argument, NULL, 'n' },
295 { "no-tail", no_argument, NULL, ARG_NO_TAIL },
296 { "new-id128", no_argument, NULL, ARG_NEW_ID128 },
297 { "quiet", no_argument, NULL, 'q' },
298 { "merge", no_argument, NULL, 'm' },
299 { "boot", optional_argument, NULL, 'b' },
300 { "list-boots", no_argument, NULL, ARG_LIST_BOOTS },
301 { "this-boot", optional_argument, NULL, 'b' }, /* deprecated */
302 { "dmesg", no_argument, NULL, 'k' },
303 { "system", no_argument, NULL, ARG_SYSTEM },
304 { "user", no_argument, NULL, ARG_USER },
305 { "directory", required_argument, NULL, 'D' },
306 { "file", required_argument, NULL, ARG_FILE },
307 { "root", required_argument, NULL, ARG_ROOT },
308 { "header", no_argument, NULL, ARG_HEADER },
309 { "identifier", required_argument, NULL, 't' },
310 { "priority", required_argument, NULL, 'p' },
311 { "setup-keys", no_argument, NULL, ARG_SETUP_KEYS },
312 { "interval", required_argument, NULL, ARG_INTERVAL },
313 { "verify", no_argument, NULL, ARG_VERIFY },
314 { "verify-key", required_argument, NULL, ARG_VERIFY_KEY },
315 { "disk-usage", no_argument, NULL, ARG_DISK_USAGE },
316 { "cursor", required_argument, NULL, 'c' },
317 { "after-cursor", required_argument, NULL, ARG_AFTER_CURSOR },
318 { "show-cursor", no_argument, NULL, ARG_SHOW_CURSOR },
319 { "since", required_argument, NULL, ARG_SINCE },
320 { "until", required_argument, NULL, ARG_UNTIL },
321 { "unit", required_argument, NULL, 'u' },
322 { "user-unit", required_argument, NULL, ARG_USER_UNIT },
323 { "field", required_argument, NULL, 'F' },
324 { "catalog", no_argument, NULL, 'x' },
325 { "list-catalog", no_argument, NULL, ARG_LIST_CATALOG },
326 { "dump-catalog", no_argument, NULL, ARG_DUMP_CATALOG },
327 { "update-catalog", no_argument, NULL, ARG_UPDATE_CATALOG },
328 { "reverse", no_argument, NULL, 'r' },
329 { "machine", required_argument, NULL, 'M' },
330 { "utc", no_argument, NULL, ARG_UTC },
331 { "flush", no_argument, NULL, ARG_FLUSH },
332 { "vacuum-size", required_argument, NULL, ARG_VACUUM_SIZE },
333 { "vacuum-time", required_argument, NULL, ARG_VACUUM_TIME },
334 {}
335 };
336
337 int c, r;
338
339 assert(argc >= 0);
340 assert(argv);
341
342 while ((c = getopt_long(argc, argv, "hefo:aln::qmb::kD:p:c:t:u:F:xrM:", options, NULL)) >= 0)
343
344 switch (c) {
345
346 case 'h':
347 help();
348 return 0;
349
350 case ARG_VERSION:
351 puts(PACKAGE_STRING);
352 puts(SYSTEMD_FEATURES);
353 return 0;
354
355 case ARG_NO_PAGER:
356 arg_no_pager = true;
357 break;
358
359 case 'e':
360 arg_pager_end = true;
361
362 if (arg_lines == ARG_LINES_DEFAULT)
363 arg_lines = 1000;
364
365 break;
366
367 case 'f':
368 arg_follow = true;
369 break;
370
371 case 'o':
372 arg_output = output_mode_from_string(optarg);
373 if (arg_output < 0) {
374 log_error("Unknown output format '%s'.", optarg);
375 return -EINVAL;
376 }
377
378 if (arg_output == OUTPUT_EXPORT ||
379 arg_output == OUTPUT_JSON ||
380 arg_output == OUTPUT_JSON_PRETTY ||
381 arg_output == OUTPUT_JSON_SSE ||
382 arg_output == OUTPUT_CAT)
383 arg_quiet = true;
384
385 break;
386
387 case 'l':
388 arg_full = true;
389 break;
390
391 case ARG_NO_FULL:
392 arg_full = false;
393 break;
394
395 case 'a':
396 arg_all = true;
397 break;
398
399 case 'n':
400 if (optarg) {
401 if (streq(optarg, "all"))
402 arg_lines = ARG_LINES_ALL;
403 else {
404 r = safe_atoi(optarg, &arg_lines);
405 if (r < 0 || arg_lines < 0) {
406 log_error("Failed to parse lines '%s'", optarg);
407 return -EINVAL;
408 }
409 }
410 } else {
411 arg_lines = 10;
412
413 /* Hmm, no argument? Maybe the next
414 * word on the command line is
415 * supposed to be the argument? Let's
416 * see if there is one, and is
417 * parsable. */
418 if (optind < argc) {
419 int n;
420 if (streq(argv[optind], "all")) {
421 arg_lines = ARG_LINES_ALL;
422 optind++;
423 } else if (safe_atoi(argv[optind], &n) >= 0 && n >= 0) {
424 arg_lines = n;
425 optind++;
426 }
427 }
428 }
429
430 break;
431
432 case ARG_NO_TAIL:
433 arg_no_tail = true;
434 break;
435
436 case ARG_NEW_ID128:
437 arg_action = ACTION_NEW_ID128;
438 break;
439
440 case 'q':
441 arg_quiet = true;
442 break;
443
444 case 'm':
445 arg_merge = true;
446 break;
447
448 case 'b':
449 arg_boot = true;
450
451 if (optarg) {
452 r = parse_boot_descriptor(optarg, &arg_boot_id, &arg_boot_offset);
453 if (r < 0) {
454 log_error("Failed to parse boot descriptor '%s'", optarg);
455 return -EINVAL;
456 }
457 } else {
458
459 /* Hmm, no argument? Maybe the next
460 * word on the command line is
461 * supposed to be the argument? Let's
462 * see if there is one and is parsable
463 * as a boot descriptor... */
464
465 if (optind < argc &&
466 parse_boot_descriptor(argv[optind], &arg_boot_id, &arg_boot_offset) >= 0)
467 optind++;
468 }
469
470 break;
471
472 case ARG_LIST_BOOTS:
473 arg_action = ACTION_LIST_BOOTS;
474 break;
475
476 case 'k':
477 arg_boot = arg_dmesg = true;
478 break;
479
480 case ARG_SYSTEM:
481 arg_journal_type |= SD_JOURNAL_SYSTEM;
482 break;
483
484 case ARG_USER:
485 arg_journal_type |= SD_JOURNAL_CURRENT_USER;
486 break;
487
488 case 'M':
489 arg_machine = optarg;
490 break;
491
492 case 'D':
493 arg_directory = optarg;
494 break;
495
496 case ARG_FILE:
497 r = glob_extend(&arg_file, optarg);
498 if (r < 0)
499 return log_error_errno(r, "Failed to add paths: %m");
500 break;
501
502 case ARG_ROOT:
503 arg_root = optarg;
504 break;
505
506 case 'c':
507 arg_cursor = optarg;
508 break;
509
510 case ARG_AFTER_CURSOR:
511 arg_after_cursor = optarg;
512 break;
513
514 case ARG_SHOW_CURSOR:
515 arg_show_cursor = true;
516 break;
517
518 case ARG_HEADER:
519 arg_action = ACTION_PRINT_HEADER;
520 break;
521
522 case ARG_VERIFY:
523 arg_action = ACTION_VERIFY;
524 break;
525
526 case ARG_DISK_USAGE:
527 arg_action = ACTION_DISK_USAGE;
528 break;
529
530 case ARG_VACUUM_SIZE:
531 r = parse_size(optarg, 1024, &arg_vacuum_size);
532 if (r < 0) {
533 log_error("Failed to parse vacuum size: %s", optarg);
534 return r;
535 }
536
537 arg_action = ACTION_VACUUM;
538 break;
539
540 case ARG_VACUUM_TIME:
541 r = parse_sec(optarg, &arg_vacuum_time);
542 if (r < 0) {
543 log_error("Failed to parse vacuum time: %s", optarg);
544 return r;
545 }
546
547 arg_action = ACTION_VACUUM;
548 break;
549
550 #ifdef HAVE_GCRYPT
551 case ARG_FORCE:
552 arg_force = true;
553 break;
554
555 case ARG_SETUP_KEYS:
556 arg_action = ACTION_SETUP_KEYS;
557 break;
558
559
560 case ARG_VERIFY_KEY:
561 arg_action = ACTION_VERIFY;
562 arg_verify_key = optarg;
563 arg_merge = false;
564 break;
565
566 case ARG_INTERVAL:
567 r = parse_sec(optarg, &arg_interval);
568 if (r < 0 || arg_interval <= 0) {
569 log_error("Failed to parse sealing key change interval: %s", optarg);
570 return -EINVAL;
571 }
572 break;
573 #else
574 case ARG_SETUP_KEYS:
575 case ARG_VERIFY_KEY:
576 case ARG_INTERVAL:
577 case ARG_FORCE:
578 log_error("Forward-secure sealing not available.");
579 return -ENOTSUP;
580 #endif
581
582 case 'p': {
583 const char *dots;
584
585 dots = strstr(optarg, "..");
586 if (dots) {
587 char *a;
588 int from, to, i;
589
590 /* a range */
591 a = strndup(optarg, dots - optarg);
592 if (!a)
593 return log_oom();
594
595 from = log_level_from_string(a);
596 to = log_level_from_string(dots + 2);
597 free(a);
598
599 if (from < 0 || to < 0) {
600 log_error("Failed to parse log level range %s", optarg);
601 return -EINVAL;
602 }
603
604 arg_priorities = 0;
605
606 if (from < to) {
607 for (i = from; i <= to; i++)
608 arg_priorities |= 1 << i;
609 } else {
610 for (i = to; i <= from; i++)
611 arg_priorities |= 1 << i;
612 }
613
614 } else {
615 int p, i;
616
617 p = log_level_from_string(optarg);
618 if (p < 0) {
619 log_error("Unknown log level %s", optarg);
620 return -EINVAL;
621 }
622
623 arg_priorities = 0;
624
625 for (i = 0; i <= p; i++)
626 arg_priorities |= 1 << i;
627 }
628
629 break;
630 }
631
632 case ARG_SINCE:
633 r = parse_timestamp(optarg, &arg_since);
634 if (r < 0) {
635 log_error("Failed to parse timestamp: %s", optarg);
636 return -EINVAL;
637 }
638 arg_since_set = true;
639 break;
640
641 case ARG_UNTIL:
642 r = parse_timestamp(optarg, &arg_until);
643 if (r < 0) {
644 log_error("Failed to parse timestamp: %s", optarg);
645 return -EINVAL;
646 }
647 arg_until_set = true;
648 break;
649
650 case 't':
651 r = strv_extend(&arg_syslog_identifier, optarg);
652 if (r < 0)
653 return log_oom();
654 break;
655
656 case 'u':
657 r = strv_extend(&arg_system_units, optarg);
658 if (r < 0)
659 return log_oom();
660 break;
661
662 case ARG_USER_UNIT:
663 r = strv_extend(&arg_user_units, optarg);
664 if (r < 0)
665 return log_oom();
666 break;
667
668 case 'F':
669 arg_field = optarg;
670 break;
671
672 case 'x':
673 arg_catalog = true;
674 break;
675
676 case ARG_LIST_CATALOG:
677 arg_action = ACTION_LIST_CATALOG;
678 break;
679
680 case ARG_DUMP_CATALOG:
681 arg_action = ACTION_DUMP_CATALOG;
682 break;
683
684 case ARG_UPDATE_CATALOG:
685 arg_action = ACTION_UPDATE_CATALOG;
686 break;
687
688 case 'r':
689 arg_reverse = true;
690 break;
691
692 case ARG_UTC:
693 arg_utc = true;
694 break;
695
696 case ARG_FLUSH:
697 arg_action = ACTION_FLUSH;
698 break;
699
700 case '?':
701 return -EINVAL;
702
703 default:
704 assert_not_reached("Unhandled option");
705 }
706
707 if (arg_follow && !arg_no_tail && !arg_since && arg_lines == ARG_LINES_DEFAULT)
708 arg_lines = 10;
709
710 if (!!arg_directory + !!arg_file + !!arg_machine > 1) {
711 log_error("Please specify either -D/--directory= or --file= or -M/--machine=, not more than one.");
712 return -EINVAL;
713 }
714
715 if (arg_since_set && arg_until_set && arg_since > arg_until) {
716 log_error("--since= must be before --until=.");
717 return -EINVAL;
718 }
719
720 if (!!arg_cursor + !!arg_after_cursor + !!arg_since_set > 1) {
721 log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
722 return -EINVAL;
723 }
724
725 if (arg_follow && arg_reverse) {
726 log_error("Please specify either --reverse= or --follow=, not both.");
727 return -EINVAL;
728 }
729
730 if (arg_action != ACTION_SHOW && optind < argc) {
731 log_error("Extraneous arguments starting with '%s'", argv[optind]);
732 return -EINVAL;
733 }
734
735 return 1;
736 }
737
738 static int generate_new_id128(void) {
739 sd_id128_t id;
740 int r;
741 unsigned i;
742
743 r = sd_id128_randomize(&id);
744 if (r < 0)
745 return log_error_errno(r, "Failed to generate ID: %m");
746
747 printf("As string:\n"
748 SD_ID128_FORMAT_STR "\n\n"
749 "As UUID:\n"
750 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n\n"
751 "As macro:\n"
752 "#define MESSAGE_XYZ SD_ID128_MAKE(",
753 SD_ID128_FORMAT_VAL(id),
754 SD_ID128_FORMAT_VAL(id));
755 for (i = 0; i < 16; i++)
756 printf("%02x%s", id.bytes[i], i != 15 ? "," : "");
757 fputs(")\n\n", stdout);
758
759 printf("As Python constant:\n"
760 ">>> import uuid\n"
761 ">>> MESSAGE_XYZ = uuid.UUID('" SD_ID128_FORMAT_STR "')\n",
762 SD_ID128_FORMAT_VAL(id));
763
764 return 0;
765 }
766
767 static int add_matches(sd_journal *j, char **args) {
768 char **i;
769 bool have_term = false;
770
771 assert(j);
772
773 STRV_FOREACH(i, args) {
774 int r;
775
776 if (streq(*i, "+")) {
777 if (!have_term)
778 break;
779 r = sd_journal_add_disjunction(j);
780 have_term = false;
781
782 } else if (path_is_absolute(*i)) {
783 _cleanup_free_ char *p, *t = NULL, *t2 = NULL;
784 const char *path;
785 _cleanup_free_ char *interpreter = NULL;
786 struct stat st;
787
788 p = canonicalize_file_name(*i);
789 path = p ? p : *i;
790
791 if (stat(path, &st) < 0)
792 return log_error_errno(errno, "Couldn't stat file: %m");
793
794 if (S_ISREG(st.st_mode) && (0111 & st.st_mode)) {
795 if (executable_is_script(path, &interpreter) > 0) {
796 _cleanup_free_ char *comm;
797
798 comm = strndup(basename(path), 15);
799 if (!comm)
800 return log_oom();
801
802 t = strappend("_COMM=", comm);
803
804 /* Append _EXE only if the interpreter is not a link.
805 Otherwise, it might be outdated often. */
806 if (lstat(interpreter, &st) == 0 &&
807 !S_ISLNK(st.st_mode)) {
808 t2 = strappend("_EXE=", interpreter);
809 if (!t2)
810 return log_oom();
811 }
812 } else
813 t = strappend("_EXE=", path);
814 } else if (S_ISCHR(st.st_mode)) {
815 if (asprintf(&t, "_KERNEL_DEVICE=c%u:%u",
816 major(st.st_rdev),
817 minor(st.st_rdev)) < 0)
818 return -ENOMEM;
819 } else if (S_ISBLK(st.st_mode)) {
820 if (asprintf(&t, "_KERNEL_DEVICE=b%u:%u",
821 major(st.st_rdev),
822 minor(st.st_rdev)) < 0)
823 return -ENOMEM;
824 } else {
825 log_error("File is neither a device node, nor regular file, nor executable: %s", *i);
826 return -EINVAL;
827 }
828
829 if (!t)
830 return log_oom();
831
832 r = sd_journal_add_match(j, t, 0);
833 if (t2)
834 r = sd_journal_add_match(j, t2, 0);
835 have_term = true;
836
837 } else {
838 r = sd_journal_add_match(j, *i, 0);
839 have_term = true;
840 }
841
842 if (r < 0)
843 return log_error_errno(r, "Failed to add match '%s': %m", *i);
844 }
845
846 if (!strv_isempty(args) && !have_term) {
847 log_error("\"+\" can only be used between terms");
848 return -EINVAL;
849 }
850
851 return 0;
852 }
853
854 static int boot_id_cmp(const void *a, const void *b) {
855 uint64_t _a, _b;
856
857 _a = ((const boot_id_t *)a)->first;
858 _b = ((const boot_id_t *)b)->first;
859
860 return _a < _b ? -1 : (_a > _b ? 1 : 0);
861 }
862
863 static int get_boots(sd_journal *j,
864 boot_id_t **boots,
865 unsigned int *count,
866 boot_id_t *query_ref_boot) {
867 int r;
868 const void *data;
869 size_t length, allocated = 0;
870
871 assert(j);
872 assert(boots);
873 assert(count);
874
875 r = sd_journal_query_unique(j, "_BOOT_ID");
876 if (r < 0)
877 return r;
878
879 *count = 0;
880 SD_JOURNAL_FOREACH_UNIQUE(j, data, length) {
881 boot_id_t *id;
882
883 assert(startswith(data, "_BOOT_ID="));
884
885 if (!GREEDY_REALLOC(*boots, allocated, *count + 1))
886 return log_oom();
887
888 id = *boots + *count;
889
890 r = sd_id128_from_string(((const char *)data) + strlen("_BOOT_ID="), &id->id);
891 if (r < 0)
892 continue;
893
894 r = sd_journal_add_match(j, data, length);
895 if (r < 0)
896 return r;
897
898 r = sd_journal_seek_head(j);
899 if (r < 0)
900 return r;
901
902 r = sd_journal_next(j);
903 if (r < 0)
904 return r;
905 else if (r == 0)
906 goto flush;
907
908 r = sd_journal_get_realtime_usec(j, &id->first);
909 if (r < 0)
910 return r;
911
912 if (query_ref_boot) {
913 id->last = 0;
914 if (sd_id128_equal(id->id, query_ref_boot->id))
915 *query_ref_boot = *id;
916 } else {
917 r = sd_journal_seek_tail(j);
918 if (r < 0)
919 return r;
920
921 r = sd_journal_previous(j);
922 if (r < 0)
923 return r;
924 else if (r == 0)
925 goto flush;
926
927 r = sd_journal_get_realtime_usec(j, &id->last);
928 if (r < 0)
929 return r;
930 }
931
932 (*count)++;
933 flush:
934 sd_journal_flush_matches(j);
935 }
936
937 qsort_safe(*boots, *count, sizeof(boot_id_t), boot_id_cmp);
938 return 0;
939 }
940
941 static int list_boots(sd_journal *j) {
942 int r, w, i;
943 unsigned int count;
944 boot_id_t *id;
945 _cleanup_free_ boot_id_t *all_ids = NULL;
946
947 assert(j);
948
949 r = get_boots(j, &all_ids, &count, NULL);
950 if (r < 0)
951 return r;
952
953 pager_open_if_enabled();
954
955 /* numbers are one less, but we need an extra char for the sign */
956 w = DECIMAL_STR_WIDTH(count - 1) + 1;
957
958 for (id = all_ids, i = 0; id < all_ids + count; id++, i++) {
959 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX];
960
961 printf("% *i " SD_ID128_FORMAT_STR " %s—%s\n",
962 w, i - count + 1,
963 SD_ID128_FORMAT_VAL(id->id),
964 format_timestamp_maybe_utc(a, sizeof(a), id->first),
965 format_timestamp_maybe_utc(b, sizeof(b), id->last));
966 }
967
968 return 0;
969 }
970
971 static int get_boot_id_by_offset(sd_journal *j, sd_id128_t *boot_id, int offset) {
972 int r;
973 unsigned int count;
974 boot_id_t ref_boot_id = {}, *id;
975 _cleanup_free_ boot_id_t *all_ids = NULL;
976
977 assert(j);
978 assert(boot_id);
979
980 ref_boot_id.id = *boot_id;
981 r = get_boots(j, &all_ids, &count, &ref_boot_id);
982 if (r < 0)
983 return r;
984
985 if (sd_id128_equal(*boot_id, SD_ID128_NULL)) {
986 if (offset > (int) count || offset <= -(int)count)
987 return -EADDRNOTAVAIL;
988
989 *boot_id = all_ids[(offset <= 0)*count + offset - 1].id;
990 } else {
991 id = bsearch(&ref_boot_id, all_ids, count, sizeof(boot_id_t), boot_id_cmp);
992
993 if (!id ||
994 offset <= 0 ? (id - all_ids) + offset < 0 :
995 (id - all_ids) + offset >= (int) count)
996 return -EADDRNOTAVAIL;
997
998 *boot_id = (id + offset)->id;
999 }
1000
1001 return 0;
1002 }
1003
1004 static int add_boot(sd_journal *j) {
1005 char match[9+32+1] = "_BOOT_ID=";
1006 int r;
1007
1008 assert(j);
1009
1010 if (!arg_boot)
1011 return 0;
1012
1013 if (arg_boot_offset == 0 && sd_id128_equal(arg_boot_id, SD_ID128_NULL))
1014 return add_match_this_boot(j, arg_machine);
1015
1016 r = get_boot_id_by_offset(j, &arg_boot_id, arg_boot_offset);
1017 if (r < 0) {
1018 if (sd_id128_equal(arg_boot_id, SD_ID128_NULL))
1019 log_error_errno(r, "Failed to look up boot %+i: %m", arg_boot_offset);
1020 else
1021 log_error("Failed to look up boot ID "SD_ID128_FORMAT_STR"%+i: %s",
1022 SD_ID128_FORMAT_VAL(arg_boot_id), arg_boot_offset, strerror(-r));
1023 return r;
1024 }
1025
1026 sd_id128_to_string(arg_boot_id, match + 9);
1027
1028 r = sd_journal_add_match(j, match, sizeof(match) - 1);
1029 if (r < 0)
1030 return log_error_errno(r, "Failed to add match: %m");
1031
1032 r = sd_journal_add_conjunction(j);
1033 if (r < 0)
1034 return r;
1035
1036 return 0;
1037 }
1038
1039 static int add_dmesg(sd_journal *j) {
1040 int r;
1041 assert(j);
1042
1043 if (!arg_dmesg)
1044 return 0;
1045
1046 r = sd_journal_add_match(j, "_TRANSPORT=kernel", strlen("_TRANSPORT=kernel"));
1047 if (r < 0)
1048 return log_error_errno(r, "Failed to add match: %m");
1049
1050 r = sd_journal_add_conjunction(j);
1051 if (r < 0)
1052 return r;
1053
1054 return 0;
1055 }
1056
1057 static int get_possible_units(sd_journal *j,
1058 const char *fields,
1059 char **patterns,
1060 Set **units) {
1061 _cleanup_set_free_free_ Set *found;
1062 const char *field;
1063 int r;
1064
1065 found = set_new(&string_hash_ops);
1066 if (!found)
1067 return log_oom();
1068
1069 NULSTR_FOREACH(field, fields) {
1070 const void *data;
1071 size_t size;
1072
1073 r = sd_journal_query_unique(j, field);
1074 if (r < 0)
1075 return r;
1076
1077 SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
1078 char **pattern, *eq;
1079 size_t prefix;
1080 _cleanup_free_ char *u = NULL;
1081
1082 eq = memchr(data, '=', size);
1083 if (eq)
1084 prefix = eq - (char*) data + 1;
1085 else
1086 prefix = 0;
1087
1088 u = strndup((char*) data + prefix, size - prefix);
1089 if (!u)
1090 return log_oom();
1091
1092 STRV_FOREACH(pattern, patterns)
1093 if (fnmatch(*pattern, u, FNM_NOESCAPE) == 0) {
1094 log_debug("Matched %s with pattern %s=%s", u, field, *pattern);
1095
1096 r = set_consume(found, u);
1097 u = NULL;
1098 if (r < 0 && r != -EEXIST)
1099 return r;
1100
1101 break;
1102 }
1103 }
1104 }
1105
1106 *units = found;
1107 found = NULL;
1108 return 0;
1109 }
1110
1111 /* This list is supposed to return the superset of unit names
1112 * possibly matched by rules added with add_matches_for_unit... */
1113 #define SYSTEM_UNITS \
1114 "_SYSTEMD_UNIT\0" \
1115 "COREDUMP_UNIT\0" \
1116 "UNIT\0" \
1117 "OBJECT_SYSTEMD_UNIT\0" \
1118 "_SYSTEMD_SLICE\0"
1119
1120 /* ... and add_matches_for_user_unit */
1121 #define USER_UNITS \
1122 "_SYSTEMD_USER_UNIT\0" \
1123 "USER_UNIT\0" \
1124 "COREDUMP_USER_UNIT\0" \
1125 "OBJECT_SYSTEMD_USER_UNIT\0"
1126
1127 static int add_units(sd_journal *j) {
1128 _cleanup_strv_free_ char **patterns = NULL;
1129 int r, count = 0;
1130 char **i;
1131
1132 assert(j);
1133
1134 STRV_FOREACH(i, arg_system_units) {
1135 _cleanup_free_ char *u = NULL;
1136
1137 u = unit_name_mangle(*i, MANGLE_GLOB);
1138 if (!u)
1139 return log_oom();
1140
1141 if (string_is_glob(u)) {
1142 r = strv_push(&patterns, u);
1143 if (r < 0)
1144 return r;
1145 u = NULL;
1146 } else {
1147 r = add_matches_for_unit(j, u);
1148 if (r < 0)
1149 return r;
1150 r = sd_journal_add_disjunction(j);
1151 if (r < 0)
1152 return r;
1153 count ++;
1154 }
1155 }
1156
1157 if (!strv_isempty(patterns)) {
1158 _cleanup_set_free_free_ Set *units = NULL;
1159 Iterator it;
1160 char *u;
1161
1162 r = get_possible_units(j, SYSTEM_UNITS, patterns, &units);
1163 if (r < 0)
1164 return r;
1165
1166 SET_FOREACH(u, units, it) {
1167 r = add_matches_for_unit(j, u);
1168 if (r < 0)
1169 return r;
1170 r = sd_journal_add_disjunction(j);
1171 if (r < 0)
1172 return r;
1173 count ++;
1174 }
1175 }
1176
1177 strv_free(patterns);
1178 patterns = NULL;
1179
1180 STRV_FOREACH(i, arg_user_units) {
1181 _cleanup_free_ char *u = NULL;
1182
1183 u = unit_name_mangle(*i, MANGLE_GLOB);
1184 if (!u)
1185 return log_oom();
1186
1187 if (string_is_glob(u)) {
1188 r = strv_push(&patterns, u);
1189 if (r < 0)
1190 return r;
1191 u = NULL;
1192 } else {
1193 r = add_matches_for_user_unit(j, u, getuid());
1194 if (r < 0)
1195 return r;
1196 r = sd_journal_add_disjunction(j);
1197 if (r < 0)
1198 return r;
1199 count ++;
1200 }
1201 }
1202
1203 if (!strv_isempty(patterns)) {
1204 _cleanup_set_free_free_ Set *units = NULL;
1205 Iterator it;
1206 char *u;
1207
1208 r = get_possible_units(j, USER_UNITS, patterns, &units);
1209 if (r < 0)
1210 return r;
1211
1212 SET_FOREACH(u, units, it) {
1213 r = add_matches_for_user_unit(j, u, getuid());
1214 if (r < 0)
1215 return r;
1216 r = sd_journal_add_disjunction(j);
1217 if (r < 0)
1218 return r;
1219 count ++;
1220 }
1221 }
1222
1223 /* Complain if the user request matches but nothing whatsoever was
1224 * found, since otherwise everything would be matched. */
1225 if (!(strv_isempty(arg_system_units) && strv_isempty(arg_user_units)) && count == 0)
1226 return -ENODATA;
1227
1228 r = sd_journal_add_conjunction(j);
1229 if (r < 0)
1230 return r;
1231
1232 return 0;
1233 }
1234
1235 static int add_priorities(sd_journal *j) {
1236 char match[] = "PRIORITY=0";
1237 int i, r;
1238 assert(j);
1239
1240 if (arg_priorities == 0xFF)
1241 return 0;
1242
1243 for (i = LOG_EMERG; i <= LOG_DEBUG; i++)
1244 if (arg_priorities & (1 << i)) {
1245 match[sizeof(match)-2] = '0' + i;
1246
1247 r = sd_journal_add_match(j, match, strlen(match));
1248 if (r < 0)
1249 return log_error_errno(r, "Failed to add match: %m");
1250 }
1251
1252 r = sd_journal_add_conjunction(j);
1253 if (r < 0)
1254 return r;
1255
1256 return 0;
1257 }
1258
1259
1260 static int add_syslog_identifier(sd_journal *j) {
1261 int r;
1262 char **i;
1263
1264 assert(j);
1265
1266 STRV_FOREACH(i, arg_syslog_identifier) {
1267 char *u;
1268
1269 u = strjoina("SYSLOG_IDENTIFIER=", *i);
1270 r = sd_journal_add_match(j, u, 0);
1271 if (r < 0)
1272 return r;
1273 r = sd_journal_add_disjunction(j);
1274 if (r < 0)
1275 return r;
1276 }
1277
1278 r = sd_journal_add_conjunction(j);
1279 if (r < 0)
1280 return r;
1281
1282 return 0;
1283 }
1284
1285 static int setup_keys(void) {
1286 #ifdef HAVE_GCRYPT
1287 size_t mpk_size, seed_size, state_size, i;
1288 uint8_t *mpk, *seed, *state;
1289 ssize_t l;
1290 int fd = -1, r;
1291 sd_id128_t machine, boot;
1292 char *p = NULL, *k = NULL;
1293 struct FSSHeader h;
1294 uint64_t n;
1295 struct stat st;
1296
1297 r = stat("/var/log/journal", &st);
1298 if (r < 0 && errno != ENOENT && errno != ENOTDIR)
1299 return log_error_errno(errno, "stat(\"%s\") failed: %m", "/var/log/journal");
1300
1301 if (r < 0 || !S_ISDIR(st.st_mode)) {
1302 log_error("%s is not a directory, must be using persistent logging for FSS.",
1303 "/var/log/journal");
1304 return r < 0 ? -errno : -ENOTDIR;
1305 }
1306
1307 r = sd_id128_get_machine(&machine);
1308 if (r < 0)
1309 return log_error_errno(r, "Failed to get machine ID: %m");
1310
1311 r = sd_id128_get_boot(&boot);
1312 if (r < 0)
1313 return log_error_errno(r, "Failed to get boot ID: %m");
1314
1315 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss",
1316 SD_ID128_FORMAT_VAL(machine)) < 0)
1317 return log_oom();
1318
1319 if (access(p, F_OK) >= 0) {
1320 if (arg_force) {
1321 r = unlink(p);
1322 if (r < 0) {
1323 log_error_errno(errno, "unlink(\"%s\") failed: %m", p);
1324 r = -errno;
1325 goto finish;
1326 }
1327 } else {
1328 log_error("Sealing key file %s exists already. (--force to recreate)", p);
1329 r = -EEXIST;
1330 goto finish;
1331 }
1332 }
1333
1334 if (asprintf(&k, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss.tmp.XXXXXX",
1335 SD_ID128_FORMAT_VAL(machine)) < 0) {
1336 r = log_oom();
1337 goto finish;
1338 }
1339
1340 mpk_size = FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR);
1341 mpk = alloca(mpk_size);
1342
1343 seed_size = FSPRG_RECOMMENDED_SEEDLEN;
1344 seed = alloca(seed_size);
1345
1346 state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
1347 state = alloca(state_size);
1348
1349 fd = open("/dev/random", O_RDONLY|O_CLOEXEC|O_NOCTTY);
1350 if (fd < 0) {
1351 log_error_errno(errno, "Failed to open /dev/random: %m");
1352 r = -errno;
1353 goto finish;
1354 }
1355
1356 log_info("Generating seed...");
1357 l = loop_read(fd, seed, seed_size, true);
1358 if (l < 0 || (size_t) l != seed_size) {
1359 log_error_errno(EIO, "Failed to read random seed: %m");
1360 r = -EIO;
1361 goto finish;
1362 }
1363
1364 log_info("Generating key pair...");
1365 FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR);
1366
1367 log_info("Generating sealing key...");
1368 FSPRG_GenState0(state, mpk, seed, seed_size);
1369
1370 assert(arg_interval > 0);
1371
1372 n = now(CLOCK_REALTIME);
1373 n /= arg_interval;
1374
1375 safe_close(fd);
1376 fd = mkostemp_safe(k, O_WRONLY|O_CLOEXEC);
1377 if (fd < 0) {
1378 log_error_errno(errno, "Failed to open %s: %m", k);
1379 r = -errno;
1380 goto finish;
1381 }
1382
1383 /* Enable secure remove, exclusion from dump, synchronous
1384 * writing and in-place updating */
1385 r = chattr_fd(fd, true, FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL);
1386 if (r < 0)
1387 log_warning_errno(errno, "Failed to set file attributes: %m");
1388
1389 zero(h);
1390 memcpy(h.signature, "KSHHRHLP", 8);
1391 h.machine_id = machine;
1392 h.boot_id = boot;
1393 h.header_size = htole64(sizeof(h));
1394 h.start_usec = htole64(n * arg_interval);
1395 h.interval_usec = htole64(arg_interval);
1396 h.fsprg_secpar = htole16(FSPRG_RECOMMENDED_SECPAR);
1397 h.fsprg_state_size = htole64(state_size);
1398
1399 r = loop_write(fd, &h, sizeof(h), false);
1400 if (r < 0) {
1401 log_error_errno(r, "Failed to write header: %m");
1402 goto finish;
1403 }
1404
1405 r = loop_write(fd, state, state_size, false);
1406 if (r < 0) {
1407 log_error_errno(r, "Failed to write state: %m");
1408 goto finish;
1409 }
1410
1411 if (link(k, p) < 0) {
1412 log_error_errno(errno, "Failed to link file: %m");
1413 r = -errno;
1414 goto finish;
1415 }
1416
1417 if (on_tty()) {
1418 fprintf(stderr,
1419 "\n"
1420 "The new key pair has been generated. The " ANSI_HIGHLIGHT_ON "secret sealing key" ANSI_HIGHLIGHT_OFF " has been written to\n"
1421 "the following local file. This key file is automatically updated when the\n"
1422 "sealing key is advanced. It should not be used on multiple hosts.\n"
1423 "\n"
1424 "\t%s\n"
1425 "\n"
1426 "Please write down the following " ANSI_HIGHLIGHT_ON "secret verification key" ANSI_HIGHLIGHT_OFF ". It should be stored\n"
1427 "at a safe location and should not be saved locally on disk.\n"
1428 "\n\t" ANSI_HIGHLIGHT_RED_ON, p);
1429 fflush(stderr);
1430 }
1431 for (i = 0; i < seed_size; i++) {
1432 if (i > 0 && i % 3 == 0)
1433 putchar('-');
1434 printf("%02x", ((uint8_t*) seed)[i]);
1435 }
1436
1437 printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
1438
1439 if (on_tty()) {
1440 char tsb[FORMAT_TIMESPAN_MAX], *hn;
1441
1442 fprintf(stderr,
1443 ANSI_HIGHLIGHT_OFF "\n"
1444 "The sealing key is automatically changed every %s.\n",
1445 format_timespan(tsb, sizeof(tsb), arg_interval, 0));
1446
1447 hn = gethostname_malloc();
1448
1449 if (hn) {
1450 hostname_cleanup(hn, false);
1451 fprintf(stderr, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR ".\n", hn, SD_ID128_FORMAT_VAL(machine));
1452 } else
1453 fprintf(stderr, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
1454
1455 #ifdef HAVE_QRENCODE
1456 /* If this is not an UTF-8 system don't print any QR codes */
1457 if (is_locale_utf8()) {
1458 fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr);
1459 print_qr_code(stderr, seed, seed_size, n, arg_interval, hn, machine);
1460 }
1461 #endif
1462 free(hn);
1463 }
1464
1465 r = 0;
1466
1467 finish:
1468 safe_close(fd);
1469
1470 if (k) {
1471 unlink(k);
1472 free(k);
1473 }
1474
1475 free(p);
1476
1477 return r;
1478 #else
1479 log_error("Forward-secure sealing not available.");
1480 return -ENOTSUP;
1481 #endif
1482 }
1483
1484 static int verify(sd_journal *j) {
1485 int r = 0;
1486 Iterator i;
1487 JournalFile *f;
1488
1489 assert(j);
1490
1491 log_show_color(true);
1492
1493 ORDERED_HASHMAP_FOREACH(f, j->files, i) {
1494 int k;
1495 usec_t first, validated, last;
1496
1497 #ifdef HAVE_GCRYPT
1498 if (!arg_verify_key && JOURNAL_HEADER_SEALED(f->header))
1499 log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f->path);
1500 #endif
1501
1502 k = journal_file_verify(f, arg_verify_key, &first, &validated, &last, true);
1503 if (k == -EINVAL) {
1504 /* If the key was invalid give up right-away. */
1505 return k;
1506 } else if (k < 0) {
1507 log_warning("FAIL: %s (%s)", f->path, strerror(-k));
1508 r = k;
1509 } else {
1510 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX], c[FORMAT_TIMESPAN_MAX];
1511 log_info("PASS: %s", f->path);
1512
1513 if (arg_verify_key && JOURNAL_HEADER_SEALED(f->header)) {
1514 if (validated > 0) {
1515 log_info("=> Validated from %s to %s, final %s entries not sealed.",
1516 format_timestamp_maybe_utc(a, sizeof(a), first),
1517 format_timestamp_maybe_utc(b, sizeof(b), validated),
1518 format_timespan(c, sizeof(c), last > validated ? last - validated : 0, 0));
1519 } else if (last > 0)
1520 log_info("=> No sealing yet, %s of entries not sealed.",
1521 format_timespan(c, sizeof(c), last - first, 0));
1522 else
1523 log_info("=> No sealing yet, no entries in file.");
1524 }
1525 }
1526 }
1527
1528 return r;
1529 }
1530
1531 #ifdef HAVE_ACL
1532 static int access_check_var_log_journal(sd_journal *j) {
1533 _cleanup_strv_free_ char **g = NULL;
1534 bool have_access;
1535 int r;
1536
1537 assert(j);
1538
1539 have_access = in_group("systemd-journal") > 0;
1540
1541 if (!have_access) {
1542 const char* dir;
1543
1544 if (access("/run/log/journal", F_OK) >= 0)
1545 dir = "/run/log/journal";
1546 else
1547 dir = "/var/log/journal";
1548
1549 /* Let's enumerate all groups from the default ACL of
1550 * the directory, which generally should allow access
1551 * to most journal files too */
1552 r = search_acl_groups(&g, dir, &have_access);
1553 if (r < 0)
1554 return r;
1555 }
1556
1557 if (!have_access) {
1558
1559 if (strv_isempty(g))
1560 log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
1561 " Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
1562 " turn off this notice.");
1563 else {
1564 _cleanup_free_ char *s = NULL;
1565
1566 r = strv_extend(&g, "systemd-journal");
1567 if (r < 0)
1568 return log_oom();
1569
1570 strv_sort(g);
1571 strv_uniq(g);
1572
1573 s = strv_join(g, "', '");
1574 if (!s)
1575 return log_oom();
1576
1577 log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
1578 " Users in groups '%s' can see all messages.\n"
1579 " Pass -q to turn off this notice.", s);
1580 }
1581 }
1582
1583 return 0;
1584 }
1585 #endif
1586
1587 static int access_check(sd_journal *j) {
1588 Iterator it;
1589 void *code;
1590 int r = 0;
1591
1592 assert(j);
1593
1594 if (set_isempty(j->errors)) {
1595 if (ordered_hashmap_isempty(j->files))
1596 log_notice("No journal files were found.");
1597 return 0;
1598 }
1599
1600 if (set_contains(j->errors, INT_TO_PTR(-EACCES))) {
1601 #ifdef HAVE_ACL
1602 /* If /run/log/journal or /var/log/journal exist, try
1603 to pring a nice notice if the user lacks access to it. */
1604 if (!arg_quiet && geteuid() != 0) {
1605 r = access_check_var_log_journal(j);
1606 if (r < 0)
1607 return r;
1608 }
1609 #else
1610 if (geteuid() != 0 && in_group("systemd-journal") <= 0) {
1611 log_error("Unprivileged users cannot access messages. Users in the 'systemd-journal' group\n"
1612 "group may access messages.");
1613 return -EACCES;
1614 }
1615 #endif
1616
1617 if (ordered_hashmap_isempty(j->files)) {
1618 log_error("No journal files were opened due to insufficient permissions.");
1619 r = -EACCES;
1620 }
1621 }
1622
1623 SET_FOREACH(code, j->errors, it) {
1624 int err;
1625
1626 err = -PTR_TO_INT(code);
1627 assert(err > 0);
1628
1629 if (err != EACCES)
1630 log_warning_errno(err, "Error was encountered while opening journal files: %m");
1631 }
1632
1633 return r;
1634 }
1635
1636 static int flush_to_var(void) {
1637 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1638 _cleanup_bus_close_unref_ sd_bus *bus = NULL;
1639 _cleanup_close_ int watch_fd = -1;
1640 int r;
1641
1642 /* Quick exit */
1643 if (access("/run/systemd/journal/flushed", F_OK) >= 0)
1644 return 0;
1645
1646 /* OK, let's actually do the full logic, send SIGUSR1 to the
1647 * daemon and set up inotify to wait for the flushed file to appear */
1648 r = bus_open_system_systemd(&bus);
1649 if (r < 0)
1650 return log_error_errno(r, "Failed to get D-Bus connection: %m");
1651
1652 r = sd_bus_call_method(
1653 bus,
1654 "org.freedesktop.systemd1",
1655 "/org/freedesktop/systemd1",
1656 "org.freedesktop.systemd1.Manager",
1657 "KillUnit",
1658 &error,
1659 NULL,
1660 "ssi", "systemd-journald.service", "main", SIGUSR1);
1661 if (r < 0) {
1662 log_error("Failed to kill journal service: %s", bus_error_message(&error, r));
1663 return r;
1664 }
1665
1666 mkdir_p("/run/systemd/journal", 0755);
1667
1668 watch_fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
1669 if (watch_fd < 0)
1670 return log_error_errno(errno, "Failed to create inotify watch: %m");
1671
1672 r = inotify_add_watch(watch_fd, "/run/systemd/journal", IN_CREATE|IN_DONT_FOLLOW|IN_ONLYDIR);
1673 if (r < 0)
1674 return log_error_errno(errno, "Failed to watch journal directory: %m");
1675
1676 for (;;) {
1677 if (access("/run/systemd/journal/flushed", F_OK) >= 0)
1678 break;
1679
1680 if (errno != ENOENT)
1681 return log_error_errno(errno, "Failed to check for existence of /run/systemd/journal/flushed: %m");
1682
1683 r = fd_wait_for_event(watch_fd, POLLIN, USEC_INFINITY);
1684 if (r < 0)
1685 return log_error_errno(r, "Failed to wait for event: %m");
1686
1687 r = flush_fd(watch_fd);
1688 if (r < 0)
1689 return log_error_errno(r, "Failed to flush inotify events: %m");
1690 }
1691
1692 return 0;
1693 }
1694
1695 int main(int argc, char *argv[]) {
1696 int r;
1697 _cleanup_journal_close_ sd_journal *j = NULL;
1698 bool need_seek = false;
1699 sd_id128_t previous_boot_id;
1700 bool previous_boot_id_valid = false, first_line = true;
1701 int n_shown = 0;
1702 bool ellipsized = false;
1703
1704 setlocale(LC_ALL, "");
1705 log_parse_environment();
1706 log_open();
1707
1708 r = parse_argv(argc, argv);
1709 if (r <= 0)
1710 goto finish;
1711
1712 signal(SIGWINCH, columns_lines_cache_reset);
1713 sigbus_install();
1714
1715 /* Increase max number of open files to 16K if we can, we
1716 * might needs this when browsing journal files, which might
1717 * be split up into many files. */
1718 setrlimit_closest(RLIMIT_NOFILE, &RLIMIT_MAKE_CONST(16384));
1719
1720 if (arg_action == ACTION_NEW_ID128) {
1721 r = generate_new_id128();
1722 goto finish;
1723 }
1724
1725 if (arg_action == ACTION_FLUSH) {
1726 r = flush_to_var();
1727 goto finish;
1728 }
1729
1730 if (arg_action == ACTION_SETUP_KEYS) {
1731 r = setup_keys();
1732 goto finish;
1733 }
1734
1735 if (arg_action == ACTION_UPDATE_CATALOG ||
1736 arg_action == ACTION_LIST_CATALOG ||
1737 arg_action == ACTION_DUMP_CATALOG) {
1738
1739 _cleanup_free_ char *database;
1740
1741 database = path_join(arg_root, CATALOG_DATABASE, NULL);
1742 if (!database) {
1743 r = log_oom();
1744 goto finish;
1745 }
1746
1747 if (arg_action == ACTION_UPDATE_CATALOG) {
1748 r = catalog_update(database, arg_root, catalog_file_dirs);
1749 if (r < 0)
1750 log_error_errno(r, "Failed to list catalog: %m");
1751 } else {
1752 bool oneline = arg_action == ACTION_LIST_CATALOG;
1753
1754 if (optind < argc)
1755 r = catalog_list_items(stdout, database,
1756 oneline, argv + optind);
1757 else
1758 r = catalog_list(stdout, database, oneline);
1759 if (r < 0)
1760 log_error_errno(r, "Failed to list catalog: %m");
1761 }
1762
1763 goto finish;
1764 }
1765
1766 if (arg_directory)
1767 r = sd_journal_open_directory(&j, arg_directory, arg_journal_type);
1768 else if (arg_file)
1769 r = sd_journal_open_files(&j, (const char**) arg_file, 0);
1770 else if (arg_machine)
1771 r = sd_journal_open_container(&j, arg_machine, 0);
1772 else
1773 r = sd_journal_open(&j, !arg_merge*SD_JOURNAL_LOCAL_ONLY + arg_journal_type);
1774 if (r < 0) {
1775 log_error_errno(r, "Failed to open %s: %m",
1776 arg_directory ? arg_directory : arg_file ? "files" : "journal");
1777 return EXIT_FAILURE;
1778 }
1779
1780 r = access_check(j);
1781 if (r < 0)
1782 return EXIT_FAILURE;
1783
1784 if (arg_action == ACTION_VERIFY) {
1785 r = verify(j);
1786 goto finish;
1787 }
1788
1789 if (arg_action == ACTION_PRINT_HEADER) {
1790 journal_print_header(j);
1791 return EXIT_SUCCESS;
1792 }
1793
1794 if (arg_action == ACTION_DISK_USAGE) {
1795 uint64_t bytes = 0;
1796 char sbytes[FORMAT_BYTES_MAX];
1797
1798 r = sd_journal_get_usage(j, &bytes);
1799 if (r < 0)
1800 return EXIT_FAILURE;
1801
1802 printf("Archived and active journals take up %s on disk.\n",
1803 format_bytes(sbytes, sizeof(sbytes), bytes));
1804 return EXIT_SUCCESS;
1805 }
1806
1807 if (arg_action == ACTION_VACUUM) {
1808 Directory *d;
1809 Iterator i;
1810
1811 HASHMAP_FOREACH(d, j->directories_by_path, i) {
1812 int q;
1813
1814 if (d->is_root)
1815 continue;
1816
1817 q = journal_directory_vacuum(d->path, arg_vacuum_size, arg_vacuum_time, NULL, true);
1818 if (q < 0) {
1819 log_error_errno(q, "Failed to vacuum: %m");
1820 r = q;
1821 }
1822 }
1823
1824 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
1825 }
1826
1827 if (arg_action == ACTION_LIST_BOOTS) {
1828 r = list_boots(j);
1829 goto finish;
1830 }
1831
1832 /* add_boot() must be called first!
1833 * It may need to seek the journal to find parent boot IDs. */
1834 r = add_boot(j);
1835 if (r < 0)
1836 return EXIT_FAILURE;
1837
1838 r = add_dmesg(j);
1839 if (r < 0)
1840 return EXIT_FAILURE;
1841
1842 r = add_units(j);
1843 strv_free(arg_system_units);
1844 strv_free(arg_user_units);
1845
1846 if (r < 0) {
1847 log_error_errno(r, "Failed to add filter for units: %m");
1848 return EXIT_FAILURE;
1849 }
1850
1851 r = add_syslog_identifier(j);
1852 if (r < 0) {
1853 log_error_errno(r, "Failed to add filter for syslog identifiers: %m");
1854 return EXIT_FAILURE;
1855 }
1856
1857 r = add_priorities(j);
1858 if (r < 0) {
1859 log_error_errno(r, "Failed to add filter for priorities: %m");
1860 return EXIT_FAILURE;
1861 }
1862
1863 r = add_matches(j, argv + optind);
1864 if (r < 0) {
1865 log_error_errno(r, "Failed to add filters: %m");
1866 return EXIT_FAILURE;
1867 }
1868
1869 if (_unlikely_(log_get_max_level() >= LOG_DEBUG)) {
1870 _cleanup_free_ char *filter;
1871
1872 filter = journal_make_match_string(j);
1873 log_debug("Journal filter: %s", filter);
1874 }
1875
1876 if (arg_field) {
1877 const void *data;
1878 size_t size;
1879
1880 r = sd_journal_set_data_threshold(j, 0);
1881 if (r < 0) {
1882 log_error("Failed to unset data size threshold");
1883 return EXIT_FAILURE;
1884 }
1885
1886 r = sd_journal_query_unique(j, arg_field);
1887 if (r < 0) {
1888 log_error_errno(r, "Failed to query unique data objects: %m");
1889 return EXIT_FAILURE;
1890 }
1891
1892 SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
1893 const void *eq;
1894
1895 if (arg_lines >= 0 && n_shown >= arg_lines)
1896 break;
1897
1898 eq = memchr(data, '=', size);
1899 if (eq)
1900 printf("%.*s\n", (int) (size - ((const uint8_t*) eq - (const uint8_t*) data + 1)), (const char*) eq + 1);
1901 else
1902 printf("%.*s\n", (int) size, (const char*) data);
1903
1904 n_shown ++;
1905 }
1906
1907 return EXIT_SUCCESS;
1908 }
1909
1910 /* Opening the fd now means the first sd_journal_wait() will actually wait */
1911 if (arg_follow) {
1912 r = sd_journal_get_fd(j);
1913 if (r < 0)
1914 return EXIT_FAILURE;
1915 }
1916
1917 if (arg_cursor || arg_after_cursor) {
1918 r = sd_journal_seek_cursor(j, arg_cursor ?: arg_after_cursor);
1919 if (r < 0) {
1920 log_error_errno(r, "Failed to seek to cursor: %m");
1921 return EXIT_FAILURE;
1922 }
1923 if (!arg_reverse)
1924 r = sd_journal_next_skip(j, 1 + !!arg_after_cursor);
1925 else
1926 r = sd_journal_previous_skip(j, 1 + !!arg_after_cursor);
1927
1928 if (arg_after_cursor && r < 2) {
1929 /* We couldn't find the next entry after the cursor. */
1930 if (arg_follow)
1931 need_seek = true;
1932 else
1933 arg_lines = 0;
1934 }
1935
1936 } else if (arg_since_set && !arg_reverse) {
1937 r = sd_journal_seek_realtime_usec(j, arg_since);
1938 if (r < 0) {
1939 log_error_errno(r, "Failed to seek to date: %m");
1940 return EXIT_FAILURE;
1941 }
1942 r = sd_journal_next(j);
1943
1944 } else if (arg_until_set && arg_reverse) {
1945 r = sd_journal_seek_realtime_usec(j, arg_until);
1946 if (r < 0) {
1947 log_error_errno(r, "Failed to seek to date: %m");
1948 return EXIT_FAILURE;
1949 }
1950 r = sd_journal_previous(j);
1951
1952 } else if (arg_lines >= 0) {
1953 r = sd_journal_seek_tail(j);
1954 if (r < 0) {
1955 log_error_errno(r, "Failed to seek to tail: %m");
1956 return EXIT_FAILURE;
1957 }
1958
1959 r = sd_journal_previous_skip(j, arg_lines);
1960
1961 } else if (arg_reverse) {
1962 r = sd_journal_seek_tail(j);
1963 if (r < 0) {
1964 log_error_errno(r, "Failed to seek to tail: %m");
1965 return EXIT_FAILURE;
1966 }
1967
1968 r = sd_journal_previous(j);
1969
1970 } else {
1971 r = sd_journal_seek_head(j);
1972 if (r < 0) {
1973 log_error_errno(r, "Failed to seek to head: %m");
1974 return EXIT_FAILURE;
1975 }
1976
1977 r = sd_journal_next(j);
1978 }
1979
1980 if (r < 0) {
1981 log_error_errno(r, "Failed to iterate through journal: %m");
1982 return EXIT_FAILURE;
1983 }
1984
1985 if (!arg_follow)
1986 pager_open_if_enabled();
1987
1988 if (!arg_quiet) {
1989 usec_t start, end;
1990 char start_buf[FORMAT_TIMESTAMP_MAX], end_buf[FORMAT_TIMESTAMP_MAX];
1991
1992 r = sd_journal_get_cutoff_realtime_usec(j, &start, &end);
1993 if (r < 0) {
1994 log_error_errno(r, "Failed to get cutoff: %m");
1995 goto finish;
1996 }
1997
1998 if (r > 0) {
1999 if (arg_follow)
2000 printf("-- Logs begin at %s. --\n",
2001 format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start));
2002 else
2003 printf("-- Logs begin at %s, end at %s. --\n",
2004 format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start),
2005 format_timestamp_maybe_utc(end_buf, sizeof(end_buf), end));
2006 }
2007 }
2008
2009 for (;;) {
2010 while (arg_lines < 0 || n_shown < arg_lines || (arg_follow && !first_line)) {
2011 int flags;
2012
2013 if (need_seek) {
2014 if (!arg_reverse)
2015 r = sd_journal_next(j);
2016 else
2017 r = sd_journal_previous(j);
2018 if (r < 0) {
2019 log_error_errno(r, "Failed to iterate through journal: %m");
2020 goto finish;
2021 }
2022 if (r == 0)
2023 break;
2024 }
2025
2026 if (arg_until_set && !arg_reverse) {
2027 usec_t usec;
2028
2029 r = sd_journal_get_realtime_usec(j, &usec);
2030 if (r < 0) {
2031 log_error_errno(r, "Failed to determine timestamp: %m");
2032 goto finish;
2033 }
2034 if (usec > arg_until)
2035 goto finish;
2036 }
2037
2038 if (arg_since_set && arg_reverse) {
2039 usec_t usec;
2040
2041 r = sd_journal_get_realtime_usec(j, &usec);
2042 if (r < 0) {
2043 log_error_errno(r, "Failed to determine timestamp: %m");
2044 goto finish;
2045 }
2046 if (usec < arg_since)
2047 goto finish;
2048 }
2049
2050 if (!arg_merge && !arg_quiet) {
2051 sd_id128_t boot_id;
2052
2053 r = sd_journal_get_monotonic_usec(j, NULL, &boot_id);
2054 if (r >= 0) {
2055 if (previous_boot_id_valid &&
2056 !sd_id128_equal(boot_id, previous_boot_id))
2057 printf("%s-- Reboot --%s\n",
2058 ansi_highlight(), ansi_highlight_off());
2059
2060 previous_boot_id = boot_id;
2061 previous_boot_id_valid = true;
2062 }
2063 }
2064
2065 flags =
2066 arg_all * OUTPUT_SHOW_ALL |
2067 arg_full * OUTPUT_FULL_WIDTH |
2068 on_tty() * OUTPUT_COLOR |
2069 arg_catalog * OUTPUT_CATALOG |
2070 arg_utc * OUTPUT_UTC;
2071
2072 r = output_journal(stdout, j, arg_output, 0, flags, &ellipsized);
2073 need_seek = true;
2074 if (r == -EADDRNOTAVAIL)
2075 break;
2076 else if (r < 0 || ferror(stdout))
2077 goto finish;
2078
2079 n_shown++;
2080 }
2081
2082 if (!arg_follow) {
2083 if (arg_show_cursor) {
2084 _cleanup_free_ char *cursor = NULL;
2085
2086 r = sd_journal_get_cursor(j, &cursor);
2087 if (r < 0 && r != -EADDRNOTAVAIL)
2088 log_error_errno(r, "Failed to get cursor: %m");
2089 else if (r >= 0)
2090 printf("-- cursor: %s\n", cursor);
2091 }
2092
2093 break;
2094 }
2095
2096 r = sd_journal_wait(j, (uint64_t) -1);
2097 if (r < 0) {
2098 log_error_errno(r, "Couldn't wait for journal event: %m");
2099 goto finish;
2100 }
2101
2102 first_line = false;
2103 }
2104
2105 finish:
2106 pager_close();
2107
2108 strv_free(arg_file);
2109
2110 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
2111 }
Unnamed repository; edit this file 'description' to name the repository.