Commit Graph

72 Commits

Author SHA1 Message Date
044d8a3457 Create /run/citadel/realms/current if it does not exist or inotify watch will fail 2020-08-05 16:07:47 -04:00
04df758fbb Use correct format string 2020-08-05 11:22:48 -04:00
7b8cc0c9d4 Fixes a panic() during mkimage 2020-08-03 20:48:50 -04:00
3c195032bb Refactor how mountpoint filenames are parsed into realmfs name and tag.
The old way was more complex and didn't work if realmfs name contains hyphen character.
2020-08-03 19:18:49 -04:00
c9d36aca59 Refactor of error handling to replace 'failure' and to display more context for some errors. 2020-08-03 19:18:49 -04:00
b759e761d3 Initial commit of GTK realm manager 2020-08-03 19:18:49 -04:00
61d5e10034 RealmFS refactored. Much Simpler.
The concept of an 'unsealed' RealmFS no longer exists so support for this has been
removed. The result is much less complex and easier to understand and maintain.
2020-08-03 19:18:49 -04:00
b1f5827096 Clean up some warnings 2020-08-03 19:18:49 -04:00
44d5ce660f Put lockfile in /tmp so that unprivileged users can aquire it 2019-09-20 18:38:21 -04:00
4ce5d439d8 Look up realm by pid.
Added RealmManager::realm_by_pid() and dbus method RealmFromCitadelPid
2019-08-26 18:18:26 -04:00
d0eada1e3b Initial commit of realms dbus daemon 2019-08-25 17:15:13 -04:00
9fb11e3317 Enhanced flexibility in how resource images are mounted.
Can now choose location at which resource image is mounted with
mount_at() method. This method also returns a handle which can be
used to later unmount the image.
2019-08-21 00:39:41 -04:00
2e781e2183 Add verity-tag field to verity devices for image types other than realmfs
This prevents device name collision when multiple images of the same
type are mounted.
2019-08-21 00:39:41 -04:00
d1f93e9f34 Refactor realm launching code into separate module. 2019-08-21 00:39:41 -04:00
79a52b7a46 fix typo in sha256sum path 2019-08-21 00:39:41 -04:00
dma
f02a9ab4c5 fix realmfs resize calculation bug on update + add e2fsck prior to ext4 resize 2019-08-21 04:28:54 +00:00
7d89c47eb2 Clippy fixes 2019-04-03 16:05:09 -04:00
92cd59eb65 updated with changes to library 2019-04-02 15:17:46 -04:00
8a65aa1708 refactored scattered functions into a class 2019-04-02 15:16:49 -04:00
81e9e224fc updated to use new ImageHeader correctly 2019-04-02 15:16:12 -04:00
cf85d10055 method added to construct keypair from raw bytes 2019-04-02 15:15:28 -04:00
e493e5180d implemented some extra functionality 2019-04-02 15:14:41 -04:00
533ed4b8be ImageHeader refactored to be thread safe and shareable 2019-04-02 15:13:13 -04:00
025d7f3aa4 functions for manipulating symlinks 2019-04-02 15:12:34 -04:00
f9311fa35e improved logging system and macros 2019-04-02 15:12:10 -04:00
f1ff4e6e20 A new Command wrapper 2019-04-02 15:11:29 -04:00
6f007692dc added citadel.debug as a recognized kernel command line var 2019-04-02 15:10:27 -04:00
b7d4f1e570 refactor of RealmFS into several components 2019-04-02 15:09:41 -04:00
fcbf63db8e refactor of Realm into a module with various components 2019-04-02 15:08:55 -04:00
4b4e5f31e7 various low level system utils moved into system module 2019-04-02 15:00:01 -04:00
4bd8c3626f a module for terminal colors and escape sequences 2019-04-02 14:57:29 -04:00
43800cdc6e Initial implementation of keyring
Keyring is an encrypted file to store secrets. The encryption key is
derived from the disk decryption passphrase so that the file can be
automatically decrypted and processed during boot.

The keys contained in the keyring file are loaded into the kernel key
store so that they can later be retrieved by other components.

Currenly during installation a signing key is generated and stored in
the keyring so that the system can transparently sign RealmFS images
when the user modifies or updates them.
2019-02-02 20:42:42 -05:00
0e1a06ae7f goodbye Ring hello sodiumoxide 2019-02-02 20:33:50 -05:00
2dc32d1f20 Refactor multiple tools into a single binary.
citadel-tool now installed with a hardlink for each binary tool and
dispatches on the exe path to the tool implementation. This makes
the build faster, uses less disk space, and makes it easier to
create new small tools.
2019-01-30 21:31:13 -05:00
e7151f8de2 Initial implementation of RealmFS 2019-01-30 14:26:46 -05:00
884d056420 refactor for realmfs implementation 2019-01-30 14:21:54 -05:00
a0d39431e8 bless method added to mark partition which has booted successfully 2019-01-30 14:13:24 -05:00
6215b58167 realmfs-owner is name of realm that can write to unsealed realm 2019-01-30 14:06:18 -05:00
191b580440 refactor verity module to work on images without removing header first 2019-01-30 14:05:11 -05:00
e7e75061a1 Everything optional except 'image-type' now. Also removed a couple fields.
When a RealmFS image is not sealed it has a very simple header and
doesn't use most of the metainfo fields.
2019-01-29 13:53:22 -05:00
d23e488aaa method to write header to a path 2019-01-29 13:42:17 -05:00
322fa97f6a add 'realmfs-name' as a potential metainfo field 2019-01-29 13:41:50 -05:00
c13fb5fb61 method to clear signature field 2019-01-29 13:39:30 -05:00
0299d2814f function added to also find mounts by target path 2019-01-29 11:56:56 -05:00
41708c870e Added option to enable sealed realmfs images from kernel command line 2019-01-29 11:51:24 -05:00
e4665f3f5c function to test for valid names of things 2019-01-29 11:42:27 -05:00
f5bf92f488 function for piping section of a file to a command
This makes it possible to calculate sha256sum in place on an image file
which has both a header and an appended dm-verity tree. Before this
required a message process of extracting the body into a temporary file.
2019-01-29 11:40:20 -05:00
c864e58f6d external crate declarations no longer needed 2019-01-17 09:39:06 -05:00
b258604fd0 Updated everything for Rust 2018 with cargo fix --edition 2019-01-17 09:25:24 -05:00
8f8cbab72f refactor partition signature verification 2019-01-17 09:05:53 -05:00