diff options
-rw-r--r-- | man/journalctl.xml | 8 | ||||
-rw-r--r-- | src/journal/journalctl.c | 24 |
2 files changed, 29 insertions, 3 deletions
diff --git a/man/journalctl.xml b/man/journalctl.xml index 8dbfb3f0f3..71b1babb10 100644 --- a/man/journalctl.xml +++ b/man/journalctl.xml @@ -601,6 +601,14 @@ </varlistentry> <varlistentry> + <term><option>--force</option></term> + + <listitem><para>When --setup-keys is passed and + Forward Secure Sealing has already been set up, + recreate FSS keys.</para></listitem> + </varlistentry> + + <varlistentry> <term><option>--interval=</option></term> <listitem><para>Specifies the change diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c index 32665b7f78..5f44fce080 100644 --- a/src/journal/journalctl.c +++ b/src/journal/journalctl.c @@ -79,6 +79,7 @@ static int arg_priorities = 0xFF; static const char *arg_verify_key = NULL; #ifdef HAVE_GCRYPT static usec_t arg_interval = DEFAULT_FSS_INTERVAL_USEC; +static bool arg_force = false; #endif static usec_t arg_since, arg_until; static bool arg_since_set = false, arg_until_set = false; @@ -149,6 +150,7 @@ static int help(void) { " --update-catalog Update the message catalog database\n" #ifdef HAVE_GCRYPT " --setup-keys Generate new FSS key pair\n" + " --force Force overriding new FSS key pair with --setup-keys\n" " --verify Verify journal file consistency\n" #endif , program_invocation_short_name); @@ -179,6 +181,7 @@ static int parse_argv(int argc, char *argv[]) { ARG_LIST_CATALOG, ARG_DUMP_CATALOG, ARG_UPDATE_CATALOG, + ARG_FORCE, }; static const struct option options[] = { @@ -187,6 +190,7 @@ static int parse_argv(int argc, char *argv[]) { { "no-pager", no_argument, NULL, ARG_NO_PAGER }, { "pager-end", no_argument, NULL, 'e' }, { "follow", no_argument, NULL, 'f' }, + { "force", no_argument, NULL, ARG_FORCE }, { "output", required_argument, NULL, 'o' }, { "all", no_argument, NULL, 'a' }, { "full", no_argument, NULL, 'l' }, @@ -375,6 +379,10 @@ static int parse_argv(int argc, char *argv[]) { break; #ifdef HAVE_GCRYPT + case ARG_FORCE: + arg_force = true; + break; + case ARG_SETUP_KEYS: arg_action = ACTION_SETUP_KEYS; break; @@ -397,6 +405,7 @@ static int parse_argv(int argc, char *argv[]) { case ARG_SETUP_KEYS: case ARG_VERIFY_KEY: case ARG_INTERVAL: + case ARG_FORCE: log_error("Forward-secure sealing not available."); return -ENOTSUP; #endif @@ -756,9 +765,18 @@ static int setup_keys(void) { return log_oom(); if (access(p, F_OK) >= 0) { - log_error("Sealing key file %s exists already.", p); - r = -EEXIST; - goto finish; + if (arg_force) { + r = unlink(p); + if (r < 0) { + log_error("unlink(\"%s\") failed: %m", p); + r = -errno; + goto finish; + } + } else { + log_error("Sealing key file %s exists already. (--force to recreate)", p); + r = -EEXIST; + goto finish; + } } if (asprintf(&k, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss.tmp.XXXXXX", |