diff options
| author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-03-31 22:18:19 +0200 |
|---|---|---|
| committer | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-04-04 16:17:38 +0200 |
| commit | 8595f578fedb0fa7ee7ae06476aefa87aa094100 (patch) | |
| tree | 705023a95c9a5e7fc9036e63a01f93cacdc7a53d /src/debug-generator/debug-generator.c | |
| parent | debug-generator: Drop unnecessary include (diff) | |
| download | systemd-8595f578fedb0fa7ee7ae06476aefa87aa094100.tar.xz systemd-8595f578fedb0fa7ee7ae06476aefa87aa094100.zip | |
debug-generator: Add unit and drop-in credentials
These allow adding extra units and drop-ins via credentials.
Diffstat (limited to 'src/debug-generator/debug-generator.c')
| -rw-r--r-- | src/debug-generator/debug-generator.c | 85 |
1 files changed, 81 insertions, 4 deletions
diff --git a/src/debug-generator/debug-generator.c b/src/debug-generator/debug-generator.c index ed3dc20f72..3526b84dee 100644 --- a/src/debug-generator/debug-generator.c +++ b/src/debug-generator/debug-generator.c @@ -3,12 +3,17 @@ #include <unistd.h> #include "alloc-util.h" +#include "creds-util.h" #include "dropin.h" +#include "errno-util.h" +#include "fd-util.h" +#include "fileio-label.h" #include "generator.h" #include "initrd-util.h" #include "parse-util.h" #include "path-util.h" #include "proc-cmdline.h" +#include "recurse-dir.h" #include "special.h" #include "string-util.h" #include "strv.h" @@ -158,8 +163,74 @@ static void install_debug_shell_dropin(void) { log_warning_errno(r, "Failed to write drop-in for debug-shell.service, ignoring: %m"); } +static int process_unit_credentials(const char *credentials_dir) { + int r; + + assert(credentials_dir); + + _cleanup_free_ DirectoryEntries *des = NULL; + r = readdir_all_at(AT_FDCWD, credentials_dir, RECURSE_DIR_SORT|RECURSE_DIR_IGNORE_DOT|RECURSE_DIR_ENSURE_TYPE, &des); + if (r < 0) + return log_error_errno(r, "Failed to enumerate credentials from credentials directory '%s': %m", credentials_dir); + + FOREACH_ARRAY(i, des->entries, des->n_entries) { + _cleanup_free_ void *d = NULL; + struct dirent *de = *i; + const char *unit, *dropin; + + if (de->d_type != DT_REG) + continue; + + unit = startswith(de->d_name, "systemd.extra-unit."); + dropin = startswith(de->d_name, "systemd.unit-dropin."); + + if (!unit && !dropin) + continue; + + if (!unit_name_is_valid(unit ?: dropin, UNIT_NAME_ANY)) { + log_warning("Invalid unit name '%s' in credential '%s', ignoring.", + unit ?: dropin, de->d_name); + continue; + } + + r = read_credential_with_decryption(de->d_name, &d, NULL); + if (r < 0) + continue; + + if (unit) { + _cleanup_free_ char *p = NULL; + + p = path_join(arg_dest, unit); + if (!p) + return log_oom(); + + r = write_string_file_atomic_label(p, d); + if (r < 0) { + log_warning_errno(r, "Failed to write unit file '%s' from credential '%s', ignoring: %m", + unit, de->d_name); + continue; + } + + log_debug("Wrote unit file '%s' from credential '%s'", unit, de->d_name); + + } else { + r = write_drop_in(arg_dest, dropin, 50, "credential", d); + if (r < 0) { + log_warning_errno(r, "Failed to write drop-in for unit '%s' from credential '%s', ignoring: %m", + dropin, de->d_name); + continue; + } + + log_debug("Wrote drop-in for unit '%s' from credential '%s'", dropin, de->d_name); + } + } + + return 0; +} + static int run(const char *dest, const char *dest_early, const char *dest_late) { - int r, q; + const char *credentials_dir; + int r = 0; assert_se(arg_dest = dest_early); @@ -175,10 +246,16 @@ static int run(const char *dest, const char *dest_early, const char *dest_late) install_debug_shell_dropin(); } - r = generate_mask_symlinks(); - q = generate_wants_symlinks(); + if (get_credentials_dir(&credentials_dir) >= 0) + RET_GATHER(r, process_unit_credentials(credentials_dir)); + + if (get_encrypted_credentials_dir(&credentials_dir) >= 0) + RET_GATHER(r, process_unit_credentials(credentials_dir)); - return r < 0 ? r : q; + RET_GATHER(r, generate_mask_symlinks()); + RET_GATHER(r, generate_wants_symlinks()); + + return r; } DEFINE_MAIN_GENERATOR_FUNCTION(run); |