From 282215ddeece1b1504d4efc842f880fd95f6ba6c Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Dec 2019 15:08:50 +0100 Subject: [minilinux] Make Linux fast again Add boot option that adds all the KCL options to disable CPU security flaw mitigations. --- modules-available/minilinux/inc/linuxbootentryhook.inc.php | 12 ++++++++++-- modules-available/minilinux/lang/de/module.json | 1 + 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/modules-available/minilinux/inc/linuxbootentryhook.inc.php b/modules-available/minilinux/inc/linuxbootentryhook.inc.php index 56f66502..41d70b17 100644 --- a/modules-available/minilinux/inc/linuxbootentryhook.inc.php +++ b/modules-available/minilinux/inc/linuxbootentryhook.inc.php @@ -20,10 +20,12 @@ class LinuxBootEntryHook extends BootEntryHook /* For translate module: * Dictionary::translate('ipxe-kcl-extra'); * Dictionary::translate('ipxe-debug'); + * Dictionary::translate('ipxe-insecure-cpu'); */ return [ new HookExtraField('kcl-extra', 'string', ''), new HookExtraField('debug', 'bool', false), + new HookExtraField('insecure-cpu', 'bool', false), ]; } @@ -123,14 +125,20 @@ class LinuxBootEntryHook extends BootEntryHook } } // KCL hacks - if (isset($localData['debug']) && $localData['debug']) { + if (!empty($localData['debug'])) { + // Debug boot enabled $exec->commandLine = IPxe::modifyCommandLine($exec->commandLine, isset($remoteData['debugCommandLineModifier']) ? $remoteData['debugCommandLineModifier'] : '-vga -quiet -splash -loglevel loglevel=7' ); } - if (isset($localData['kcl-extra'])) { + // disable all CPU sidechannel attack mitigations etc. + if (!empty($localData['insecure-cpu'])) { + $exec->commandLine = IPxe::modifyCommandLine($exec->commandLine, + 'noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off mitigations=off'); + } + if (!empty($localData['kcl-extra'])) { $exec->commandLine = IPxe::modifyCommandLine($exec->commandLine, $localData['kcl-extra']); } $exec->commandLine = str_replace('%ID%', $effectiveId, $exec->commandLine); diff --git a/modules-available/minilinux/lang/de/module.json b/modules-available/minilinux/lang/de/module.json index 3e5ed495..133e428f 100644 --- a/modules-available/minilinux/lang/de/module.json +++ b/modules-available/minilinux/lang/de/module.json @@ -6,6 +6,7 @@ "file-ok": "OK", "file-size-mismatch": "Dateigr\u00f6\u00dfe stimmt nicht", "ipxe-debug": "Debug-Ausgaben statt Bootlogo", + "ipxe-insecure-cpu": "Alle Mitigations for CPU-Sicherheitsl\u00fccken deaktivieren", "ipxe-kcl-extra": "Modifikation der Kernel-Command-Line", "menu-sources": "Update-Quellen", "menu-versions": "Verf\u00fcgbare Versionen", -- cgit v1.2.3-55-g7522 From bbf6f356c119d26febf2c6aa562c87f72d7254ca Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Dec 2019 15:10:15 +0100 Subject: [minilinux] Remove debug output --- modules-available/minilinux/inc/minilinux.inc.php | 1 - 1 file changed, 1 deletion(-) diff --git a/modules-available/minilinux/inc/minilinux.inc.php b/modules-available/minilinux/inc/minilinux.inc.php index ca81eafa..005b81fa 100644 --- a/modules-available/minilinux/inc/minilinux.inc.php +++ b/modules-available/minilinux/inc/minilinux.inc.php @@ -23,7 +23,6 @@ class MiniLinux { $stamp = time(); $last = Property::get(self::PROPERTY_KEY_FETCHTIME); - error_log('Last: ' . $last); if ($last !== false && $last + 10 > $stamp) return 0; // In progress... Property::set(self::PROPERTY_KEY_FETCHTIME, $stamp, 1); -- cgit v1.2.3-55-g7522 From e7cc4e9d0e9a40274c8e337d0330e19dc450d929 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Dec 2019 15:10:31 +0100 Subject: [serversetup-bwlp-ipxe/minilinux] Add comments, fix minor logic bug Saving a boot entry didn't properly check the validity of a hook's ID, which was broken anyways, so the invalid check didn't uncover that the actual cheking code didn't work either. --- .../minilinux/inc/linuxbootentryhook.inc.php | 2 ++ .../inc/bootentryhook.inc.php | 22 ++++++++++++++++++++-- .../serversetup-bwlp-ipxe/page.inc.php | 5 ++--- 3 files changed, 24 insertions(+), 5 deletions(-) diff --git a/modules-available/minilinux/inc/linuxbootentryhook.inc.php b/modules-available/minilinux/inc/linuxbootentryhook.inc.php index 41d70b17..324ffc7e 100644 --- a/modules-available/minilinux/inc/linuxbootentryhook.inc.php +++ b/modules-available/minilinux/inc/linuxbootentryhook.inc.php @@ -154,6 +154,8 @@ class LinuxBootEntryHook extends BootEntryHook public function isValidId($id) { + if ($id === 'default') + return true; // Meta-version that links to whatever the default is set to $res = Database::queryFirst('SELECT installed FROM minilinux_version WHERE versionid = :id', ['id' => $id]); return $res !== false && $res['installed']; } diff --git a/modules-available/serversetup-bwlp-ipxe/inc/bootentryhook.inc.php b/modules-available/serversetup-bwlp-ipxe/inc/bootentryhook.inc.php index cf180006..73611b0a 100644 --- a/modules-available/serversetup-bwlp-ipxe/inc/bootentryhook.inc.php +++ b/modules-available/serversetup-bwlp-ipxe/inc/bootentryhook.inc.php @@ -26,6 +26,10 @@ abstract class BootEntryHook */ public abstract function extraFields(); + /** + * @param string $id + * @return bool + */ public abstract function isValidId($id); /** @@ -63,16 +67,30 @@ abstract class BootEntryHook return $this->getBootEntryInternal($data); } - public function setSelected($id) + /** + * @param string $mixed either the plain ID if the entry to be marked as selected, or the JSON string representing + * the entire entry, which must have a key called 'id' that will be used as the ID then. + */ + public function setSelected($mixed) { - $json = @json_decode($id, true); + $json = @json_decode($mixed, true); if (is_array($json)) { $id = $json['id']; $this->data = $json; + } else { + $id = $mixed; } $this->selectedId = $id; } + /** + * @return string ID of entry that was marked as selected by setSelected() + */ + public function getSelected() + { + return $this->selectedId; + } + public function renderExtraFields() { $list = $this->extraFields(); diff --git a/modules-available/serversetup-bwlp-ipxe/page.inc.php b/modules-available/serversetup-bwlp-ipxe/page.inc.php index cc5fdbe5..a636665e 100644 --- a/modules-available/serversetup-bwlp-ipxe/page.inc.php +++ b/modules-available/serversetup-bwlp-ipxe/page.inc.php @@ -527,7 +527,7 @@ class Page_ServerSetup extends Page if ($he->moduleId === $row['module']) { $he->setSelected($row['data']); $he->checked = 'checked'; - if ($he->getBootEntry($row['data']) === null) { + if (!$he->isValidId($he->getSelected())) { Message::addError('invalid-custom-entry-id', $row['module'], $row['data']); } break; @@ -848,8 +848,7 @@ class Page_ServerSetup extends Page /** @var BootEntryHook $module */ $module = $hook->run(); $id = Request::post('selection-' . $type, false, 'string'); - $entry = $module->isValidId($id); - if ($entry === null) { + if (!$module->isValidId($id)) { Message::addError('invalid-custom-entry-id', $type, $id); return; } -- cgit v1.2.3-55-g7522 From 5a814c388bfc5d933150eb519800206623b5aba4 Mon Sep 17 00:00:00 2001 From: Udo Walter Date: Wed, 11 Dec 2019 13:20:28 +0100 Subject: [locationinfo] fix calendar start date when using a custom start week day --- .../locationinfo/templates/frontend-default.html | 26 ++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/modules-available/locationinfo/templates/frontend-default.html b/modules-available/locationinfo/templates/frontend-default.html index 9bca1ccb..2388af42 100755 --- a/modules-available/locationinfo/templates/frontend-default.html +++ b/modules-available/locationinfo/templates/frontend-default.html @@ -746,15 +746,32 @@ optional: return room; } + /** + * Calculate the correct start date based on the number of days shown in the calendar + * @param startDay Start week day (0 = current day, 1 = Monday, 7 = Sunday) + * @param daysToShow Number of days to show in the calendar + * @return {Date} Start date + */ + function getStartDate(startDay, daysToShow) { + var now = new Date(); + var startDate = new Date(now.getTime()); + if (startDay > 0) { + startDate.setDate(startDate.getDate() - startDate.getDay() + (startDay % 7)); + if (startDate > now) startDate.setDate(startDate.getDate() - 7); + var endDayDate = new Date(startDate.getTime()); + endDayDate.setDate(endDayDate.getDate() + daysToShow); + if (endDayDate <= now) startDate.setDate(startDate.getDate() + 7); + } + return startDate; + } + /** * inilizes the Calendar for an room * @param room Room Object */ function setUpCalendar(room) { var daysToShow = room.config.daystoshow; - var startDay = room.config.startday; - var startDayDate = new Date(); - if (startDay > 0) startDayDate.setDate((startDayDate.getDate() - (startDayDate.getDay() + 6) % 7) + (startDay - 1)); + var startDate = getStartDate(room.config.startday, daysToShow); generateCalendarDiv(room); room.$.calendar.weekCalendar({ timeslotsPerHour: 1, @@ -782,7 +799,7 @@ optional: $event.find(".time").css({"backgroundColor": "#25B002", "border": "1px solid #888"}); } }, - date: startDayDate, + date: startDate, dateFormat: "j.n", timeFormat: "G:i", scrollToHourMillis: 500, @@ -1043,6 +1060,7 @@ optional: result = Math.min(Math.max(Math.abs(result), 1), 7); if (result !== $cal.weekCalendar("option", "daysToShow")) { $cal.weekCalendar("option", "daysToShow", result); + $cal.weekCalendar("gotoDate", getStartDate(room.config.startday, result)); columnWidth = $cal.find(".wc-day-1").width(); } } -- cgit v1.2.3-55-g7522 From 4d1c0bead2340bfab95c50e4a36b6cd985491b53 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 11 Dec 2019 15:16:51 +0100 Subject: [statistics/roomplanner] Update translations --- modules-available/roomplanner/lang/de/messages.json | 2 ++ modules-available/roomplanner/lang/de/template-tags.json | 7 +++++++ modules-available/statistics/lang/de/template-tags.json | 1 + 3 files changed, 10 insertions(+) diff --git a/modules-available/roomplanner/lang/de/messages.json b/modules-available/roomplanner/lang/de/messages.json index 3943c2c3..dca2c770 100644 --- a/modules-available/roomplanner/lang/de/messages.json +++ b/modules-available/roomplanner/lang/de/messages.json @@ -1,5 +1,7 @@ { + "db-error": "Datenbankfehler", "invalid-tutor-uuid": "Ung\u00fcltige ID f\u00fcr den Tutor festgelegt", "json-data-invalid": "\u00dcbermittelte Daten sind kein g\u00fcltiges JSON", + "leaf-mode-mismatch": "Falscher Raumtyp: Versuche zusammengesetzten Raum als normalen Raum zu speichern, oder umgekehrt!", "need-locationid": "Keine locationid angegeben" } \ No newline at end of file diff --git a/modules-available/roomplanner/lang/de/template-tags.json b/modules-available/roomplanner/lang/de/template-tags.json index 3d9db40c..967322e6 100644 --- a/modules-available/roomplanner/lang/de/template-tags.json +++ b/modules-available/roomplanner/lang/de/template-tags.json @@ -17,16 +17,22 @@ "lang_classroomdeskchair": "Klassenzimmertisch mit Stuhl", "lang_classroomtable": "Klassenzimmertisch", "lang_coatrack": "Garderobe", + "lang_composedLayout": "Zusammengesetztes Layout", "lang_conferencetable": "Konferenztisch", "lang_confirmDiscardChanges": "Wollen Sie alle \u00c4nderungen verwerfen?", + "lang_controlRoomDesc": "Dies ist der Raum, dessen PVS-Manager bei logischer Zusammenlegung der Unterr\u00e4ume der kontrollierende PVS-Manager sein wird.", + "lang_controllingRoom": "Kontrollierender Raum", "lang_couch": "Couch", "lang_dedicatedManager": "Exklusiv", "lang_descriptionBySearch": "Hier k\u00f6nnen aus der Liste aller bekannter Rechner suchen.", "lang_descriptionBySubnet": "Hier sehen Sie Computer, die sich in den zum Raum geh\u00f6renden Subnetzen befinden.", "lang_deskLamp": "Tischlampe", "lang_door": "T\u00fcr", + "lang_editComposedRoom": "Zusammengesetzten Raum bearbeiten", + "lang_exposeAsComposedRoom": "Als zusammengesetzten Raum im PVS-Manager anbieten", "lang_flatscreen": "Flatscreeen", "lang_greenchair": "Gr\u00fcner Stuhl", + "lang_horizontal": "Horizontal", "lang_labelBySearch": "Alle Rechner", "lang_labelBySubnet": "Rechner im Subnetz", "lang_lecturetheaterrow": "Stuhlreihe", @@ -53,5 +59,6 @@ "lang_titleAddMachine": "Rechner hinzuf\u00fcgen", "lang_titleBySearch": "Suche", "lang_titleBySubnet": "Subnetz", + "lang_vertical": "Vertikal", "lang_wastecan": "M\u00fclleimer" } \ No newline at end of file diff --git a/modules-available/statistics/lang/de/template-tags.json b/modules-available/statistics/lang/de/template-tags.json index 277ac651..1e92aeed 100644 --- a/modules-available/statistics/lang/de/template-tags.json +++ b/modules-available/statistics/lang/de/template-tags.json @@ -82,6 +82,7 @@ "lang_reboot": "Neustart", "lang_rebootConfirm": "Ausgew\u00e4hlte Rechner wirklich neustarten?", "lang_rebootKexecCheck": "Schneller Reboot direkt in bwLehrpool (kexec)", + "lang_remoteExec": "Befehl Ausf\u00fchren...", "lang_replace": "Ersetzen", "lang_replaceInstructions": "Hier k\u00f6nnen Sie Metadaten automatisch \u00fcbertragen, wenn in einem Raum die Rechner ausgetauscht wurden. Dies setzt voraus, dass alle neuen Rechner die gleiche IP Adresse erhalten haben wie der Rechner, der zuvor am entsprechenden Platz stand, und die neuen Rechner alle einmal gestartet wurden. In der Liste unten sehen Sie alle Rechnerpaare, auf die folgendes zutrifft: 1) Die IP-Adressen sind identisch 2) Der letzte Boot des einen Rechners liegt vor dem ersten Boot des anderen Rechners. W\u00e4hlen Sie alle Rechnerpaare aus, f\u00fcr die eine Ersetzung stattfinden soll. Bei der Ersetzung werden alle Logeintr\u00e4ge, Sitzungslogs, Position im Raumplan und evtl. spezielle Betriebsmodi vom alten Rechner auf den neuen \u00dcbertragen.", "lang_replaceMachinesHeading": "Rechner ersetzen", -- cgit v1.2.3-55-g7522