diff options
| -rw-r--r-- | man/journalctl.xml | 100 | ||||
| -rw-r--r-- | src/journal/journal-verify.c | 3 |
2 files changed, 77 insertions, 26 deletions
diff --git a/man/journalctl.xml b/man/journalctl.xml index 3cfda5b84b..1ea004fc81 100644 --- a/man/journalctl.xml +++ b/man/journalctl.xml @@ -255,31 +255,6 @@ </varlistentry> <varlistentry> - <term><option>--new-id128</option></term> - - <listitem><para>Instead of showing - journal contents generate a new 128 - bit ID suitable for identifying - messages. This is intended for usage - by developers who need a new - identifier for a new message they - introduce and want to make - recognizable. Will print the new ID in - three different formats which can be - copied into source code or - similar.</para></listitem> - </varlistentry> - - <varlistentry> - <term><option>--header</option></term> - - <listitem><para>Instead of showing - journal contents show internal header - information of the journal fiels - accessed.</para></listitem> - </varlistentry> - - <varlistentry> <term><option>-p</option></term> <term><option>--priority=</option></term> @@ -311,6 +286,81 @@ value of the range.</para></listitem> </varlistentry> + <varlistentry> + <term><option>--new-id128</option></term> + + <listitem><para>Instead of showing + journal contents generate a new 128 + bit ID suitable for identifying + messages. This is intended for usage + by developers who need a new + identifier for a new message they + introduce and want to make + recognizable. Will print the new ID in + three different formats which can be + copied into source code or + similar.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>--header</option></term> + + <listitem><para>Instead of showing + journal contents show internal header + information of the journal fiels + accessed.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>--setup-keys</option></term> + + <listitem><para>Instead of showing + journal contents generate a new key + pair for Forward Secure Sealing + (FSS). This will generate a sealing + key and a verification key. The + sealing key is stored in the journal + data directory and shall remain on the + host. The verification key should be + stored externally.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>--interval=</option></term> + + <listitem><para>Specifies the change + interval for the sealing key, when + generating an FSS key pair with + <option>--setup-keys</option>. Shorter + intervals increase CPU consumption but + shorten the time range of + undetectable journal + alterations. Defaults to + 15min.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>--verify</option></term> + + <listitem><para>Check the journal file + for internal consistency. If the + file has been generated with FSS + enabled, and the FSS verification key + has been specified with + <option>--verify-key=</option> + authenticity of the journal file is + verified.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>--verify-key=</option></term> + + <listitem><para>Specifies the FSS + verification key to use for the + <option>--verify</option> + operation.</para></listitem> + </varlistentry> + </variablelist> </refsect1> diff --git a/src/journal/journal-verify.c b/src/journal/journal-verify.c index b7097e7b01..8eefb841b2 100644 --- a/src/journal/journal-verify.c +++ b/src/journal/journal-verify.c @@ -36,9 +36,10 @@ /* FIXME: * * - write tag only if non-tag objects have been written - * - change terms * - write bit mucking test * - tag timestamps should be between entry timestamps + * - output validated time ranges + * - add missing fields to journal header dump * * - Allow building without libgcrypt * - check with sparse |