Merge c5a35d3ea9 into 9bf6ffe166

In the --help text we really should use the official spelling, just like
in the man page.

man/journalctl.xml

@@ -474,8 +474,8 @@
         <term><option>-k</option></term>
         <term><option>--dmesg</option></term>
 
-        <listitem><para>Show only kernel messages. This implies <option>-b</option> and adds the match
+        <listitem><para>Show only kernel messages. This adds the match <literal>_TRANSPORT=kernel</literal>.
-        <literal>_TRANSPORT=kernel</literal>.</para>
+        This implies <option>--boot=0</option> unless explicitly specified otherwise.</para>
 
         <xi:include href="version-info.xml" xpointer="v205"/></listitem>
       </varlistentry>
@@ -809,11 +809,10 @@
         <term><option>--pager-end</option></term>
 
         <listitem><para>Immediately jump to the end of the journal inside the implied pager tool. This
-        implies <option>-n1000</option> to guarantee that the pager will not buffer logs of unbounded
+        implies <option>--lines=1000</option> and <option>--boot=0</option> unless explicitly specified
-        size. This may be overridden with an explicit <option>-n</option> with some other numeric value,
+        otherwise, to guarantee that the pager will not buffer logs of unbounded size. Note that this option
-        while <option>-nall</option> will disable this cap.  Note that this option is only supported for
+        is only supported for the
-        the <citerefentry
+        <citerefentry project='man-pages'><refentrytitle>less</refentrytitle><manvolnum>1</manvolnum></citerefentry>
-        project='man-pages'><refentrytitle>less</refentrytitle><manvolnum>1</manvolnum></citerefentry>
         pager.</para>
 
         <xi:include href="version-info.xml" xpointer="v198"/></listitem>

man/systemd-cryptenroll.xml

@@ -265,32 +265,11 @@
   </refsect1>
 
   <refsect1>
-    <title>Options</title>
+    <title>Unlocking</title>
 
-    <para>The following options are understood:</para>
+    <para>The following options are understood that may be used to unlock the device in preparation of the enrollment operations:</para>
 
     <variablelist>
-      <varlistentry>
-        <term><option>--password</option></term>
-
-        <listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
-        <command>cryptsetup luksAddKey</command>, however may be combined with
-        <option>--wipe-slot=</option> in one call, see below.</para>
-
-        <xi:include href="version-info.xml" xpointer="v248"/></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><option>--recovery-key</option></term>
-
-        <listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
-        computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
-        key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
-        </para>
-
-        <xi:include href="version-info.xml" xpointer="v248"/></listitem>
-      </varlistentry>
-
       <varlistentry>
         <term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term>
 
@@ -328,7 +307,45 @@
 
         <xi:include href="version-info.xml" xpointer="v256"/></listitem>
       </varlistentry>
+    </variablelist>
+  </refsect1>
 
+  <refsect1>
+    <title>Simple Enrollment</title>
+
+    <para>The following options are understood that may be used to enroll simple user input based
+    unlocking:</para>
+
+    <variablelist>
+      <varlistentry>
+        <term><option>--password</option></term>
+
+        <listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
+        <command>cryptsetup luksAddKey</command>, however may be combined with
+        <option>--wipe-slot=</option> in one call, see below.</para>
+
+        <xi:include href="version-info.xml" xpointer="v248"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>--recovery-key</option></term>
+
+        <listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
+        computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
+        key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
+        </para>
+
+        <xi:include href="version-info.xml" xpointer="v248"/></listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1>
+    <title>PKCS#11 Enrollment</title>
+
+    <para>The following option is understood that may be used to enroll PKCS#11 tokens:</para>
+
+    <variablelist>
       <varlistentry>
         <term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term>
 
@@ -361,7 +378,15 @@
 
         <xi:include href="version-info.xml" xpointer="v248"/></listitem>
       </varlistentry>
+    </variablelist>
+  </refsect1>
 
+  <refsect1>
+    <title>FIDO2 Enrollment</title>
+
+    <para>The following options are understood that may be used to enroll PKCS#11 tokens:</para>
+
+    <variablelist>
       <varlistentry>
         <term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
         <listitem><para>Specify COSE algorithm used in credential generation. The default value is
@@ -461,7 +486,15 @@
 
         <xi:include href="version-info.xml" xpointer="v249"/></listitem>
       </varlistentry>
+    </variablelist>
+  </refsect1>
 
+  <refsect1>
+    <title>TPM2 Enrollment</title>
+
+    <para>The following options are understood that may be used to enroll TPM2 devices:</para>
+
+    <variablelist>
       <varlistentry>
         <term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term>
 
@@ -636,7 +669,15 @@
 
         <xi:include href="version-info.xml" xpointer="v255"/></listitem>
       </varlistentry>
+    </variablelist>
+  </refsect1>
 
+  <refsect1>
+    <title>Other Options</title>
+
+    <para>The following additional options are understood:</para>
+
+    <variablelist>
       <varlistentry>
         <term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term>
 

shell-completion/bash/systemd-cryptenroll

@@ -38,19 +38,12 @@ __get_tpm2_devices() {
     done
 }
 
-__get_block_devices() {
-    local i
-    for i in /dev/*; do
-        [ -b "$i" ] && printf '%s\n' "$i"
-    done
-}
-
 _systemd_cryptenroll() {
     local comps
     local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
     local -A OPTS=(
         [STANDALONE]='-h --help --version
-                     --password --recovery-key'
+                     --password --recovery-key --list-devices'
         [ARG]='--unlock-key-file
                --unlock-fido2-device
                --unlock-tpm2-device
@@ -116,7 +109,7 @@ _systemd_cryptenroll() {
         return 0
     fi
 
-    comps=$(__get_block_devices)
+    comps=$(systemd-cryptenroll --list-devices)
     COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
     return 0
 }

src/cryptenroll/cryptenroll.c

@@ -193,7 +193,7 @@ static int help(void) {
                "\n%3$sSimple Enrollment:%4$s\n"
                "     --password        Enroll a user-supplied password\n"
                "     --recovery-key    Enroll a recovery key\n"
-               "\n%3$sPKCS11 Enrollment:%4$s\n"
+               "\n%3$sPKCS#11 Enrollment:%4$s\n"
                "     --pkcs11-token-uri=URI\n"
                "                       Specify PKCS#11 security token URI\n"
                "\n%3$sFIDO2 Enrollment:%4$s\n"

src/journal/journalctl-util.c

@@ -74,12 +74,8 @@ int journal_acquire_boot(sd_journal *j) {
 
         assert(j);
 
-        if (!arg_boot) {
+        if (!arg_boot)
-                /* Clear relevant field for safety. */
-                arg_boot_id = SD_ID128_NULL;
-                arg_boot_offset = 0;
                 return 0;
-        }
 
         /* Take a shortcut and use the current boot_id, which we can do very quickly.
          * We can do this only when the logs are coming from the current machine,

src/journal/journalctl.c

@@ -45,7 +45,7 @@ bool arg_no_tail = false;
 bool arg_truncate_newline = false;
 bool arg_quiet = false;
 bool arg_merge = false;
-bool arg_boot = false;
+int arg_boot = -1; /* tristate */
 sd_id128_t arg_boot_id = {};
 int arg_boot_offset = 0;
 bool arg_dmesg = false;
@@ -452,12 +452,6 @@ static int parse_argv(int argc, char *argv[]) {
 
                 case 'e':
                         arg_pager_flags |= PAGER_JUMP_TO_END;
-
-                        if (arg_lines == ARG_LINES_DEFAULT)
-                                arg_lines = 1000;
-
-                        arg_boot = true;
-
                         break;
 
                 case 'f':
@@ -563,7 +557,7 @@ static int parse_argv(int argc, char *argv[]) {
                         break;
 
                 case 'k':
-                        arg_boot = arg_dmesg = true;
+                        arg_dmesg = true;
                         break;
 
                 case ARG_SYSTEM:
@@ -987,11 +981,19 @@ static int parse_argv(int argc, char *argv[]) {
         if (arg_no_tail)
                 arg_lines = ARG_LINES_ALL;
 
-        if (arg_follow && !arg_since_set && arg_lines == ARG_LINES_DEFAULT)
+        if (arg_lines == ARG_LINES_DEFAULT) {
+                if (arg_follow && !arg_since_set)
                         arg_lines = 10;
+                else if (FLAGS_SET(arg_pager_flags, PAGER_JUMP_TO_END))
+                        arg_lines = 1000;
+        }
 
-        if (arg_follow && !arg_merge && !arg_boot) {
+        if (arg_boot < 0)
-                arg_boot = true;
+                /* Show the current boot if -f/--follow, -k/--dmesg, or -e/--pager-end is specified unless
+                 * -m/--merge is specified. */
+                arg_boot = !arg_merge && (arg_follow || arg_dmesg || FLAGS_SET(arg_pager_flags, PAGER_JUMP_TO_END));
+        if (!arg_boot) {
+                /* Clear the boot ID and offset if -b/--boot is unspecified for safety. */
                 arg_boot_id = SD_ID128_NULL;
                 arg_boot_offset = 0;
         }

src/journal/journalctl.h

@@ -50,7 +50,7 @@ extern bool arg_no_tail;
 extern bool arg_truncate_newline;
 extern bool arg_quiet;
 extern bool arg_merge;
-extern bool arg_boot;
+extern int arg_boot;
 extern sd_id128_t arg_boot_id;
 extern int arg_boot_offset;
 extern bool arg_dmesg;