[thirdparty/systemd.git] / src / debug-generator / debug-generator.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <unistd.h>

#include "alloc-util.h"
#include "bitfield.h"
#include "creds-util.h"
#include "dropin.h"
#include "errno-util.h"
#include "extract-word.h"
#include "fileio.h"
#include "log.h"
#include "generator.h"
#include "initrd-util.h"
#include "parse-util.h"
#include "path-util.h"
#include "proc-cmdline.h"
#include "recurse-dir.h"
#include "special.h"
#include "string-util.h"
#include "strv.h"
#include "unit-file.h"
#include "unit-name.h"

static const char *arg_dest = NULL;
static char *arg_default_unit = NULL;
static char **arg_mask = NULL;
static char **arg_wants = NULL;
static bool arg_debug_shell = false;
static char *arg_debug_tty = NULL;
static char *arg_default_debug_tty = NULL;
static uint32_t arg_breakpoints = 0;

STATIC_DESTRUCTOR_REGISTER(arg_default_unit, freep);
STATIC_DESTRUCTOR_REGISTER(arg_mask, strv_freep);
STATIC_DESTRUCTOR_REGISTER(arg_wants, strv_freep);
STATIC_DESTRUCTOR_REGISTER(arg_debug_tty, freep);
STATIC_DESTRUCTOR_REGISTER(arg_default_debug_tty, freep);

typedef enum BreakpointType {
        BREAKPOINT_PRE_UDEV,
        BREAKPOINT_PRE_BASIC,
        BREAKPOINT_PRE_SYSROOT_MOUNT,
        BREAKPOINT_PRE_SWITCH_ROOT,
        _BREAKPOINT_TYPE_MAX,
        _BREAKPOINT_TYPE_INVALID = -EINVAL,
} BreakpointType;

typedef enum BreakpointValidity {
        BREAKPOINT_DEFAULT   = 1 << 0,
        BREAKPOINT_IN_INITRD = 1 << 1,
        BREAKPOINT_ON_HOST   = 1 << 2,
} BreakpointValidity;

typedef struct BreakpointInfo {
        BreakpointType type;
        const char *name;
        const char *unit;
        BreakpointValidity validity;
} BreakpointInfo;

static const struct BreakpointInfo breakpoint_info_table[_BREAKPOINT_TYPE_MAX] = {
        { BREAKPOINT_PRE_UDEV,          "pre-udev",        "breakpoint-pre-udev.service",        BREAKPOINT_IN_INITRD | BREAKPOINT_ON_HOST },
        { BREAKPOINT_PRE_BASIC,         "pre-basic",       "breakpoint-pre-basic.service",       BREAKPOINT_IN_INITRD | BREAKPOINT_ON_HOST },
        { BREAKPOINT_PRE_SYSROOT_MOUNT, "pre-mount",       "breakpoint-pre-mount.service",       BREAKPOINT_IN_INITRD                      },
        { BREAKPOINT_PRE_SWITCH_ROOT,   "pre-switch-root", "breakpoint-pre-switch-root.service", BREAKPOINT_IN_INITRD | BREAKPOINT_DEFAULT },
};

static bool breakpoint_applies(const BreakpointInfo *info, int log_level) {
        assert(info);

        if (in_initrd() && !FLAGS_SET(info->validity, BREAKPOINT_IN_INITRD))
                log_full(log_level, "Breakpoint '%s' not valid in the initrd, ignoring.", info->name);
        else if (!in_initrd() && !FLAGS_SET(info->validity, BREAKPOINT_ON_HOST))
                log_full(log_level, "Breakpoint '%s' not valid on the host, ignoring.", info->name);
        else
                return true;

        return false;
}

static BreakpointType parse_breakpoint_from_string_one(const char *s) {
        assert(s);

        FOREACH_ELEMENT(i, breakpoint_info_table)
                if (streq(i->name, s))
                        return i->type;

        return _BREAKPOINT_TYPE_INVALID;
}

static int parse_breakpoint_from_string(const char *s, uint32_t *ret_breakpoints) {
        uint32_t breakpoints = 0;
        int r;

        assert(ret_breakpoints);

        /* Empty value? set default breakpoint */
        if (isempty(s)) {
                bool found_default = false;

                FOREACH_ELEMENT(i, breakpoint_info_table)
                        if (FLAGS_SET(i->validity, BREAKPOINT_DEFAULT) && breakpoint_applies(i, INT_MAX)) {
                                breakpoints |= 1 << i->type;
                                found_default = true;
                                break;
                        }

                if (!found_default)
                        log_warning("No default breakpoint defined %s, ignoring.",
                                    in_initrd() ? "in the initrd" : "on the host");
        } else
                for (;;) {
                        _cleanup_free_ char *t = NULL;
                        BreakpointType tt;

                        r = extract_first_word(&s, &t, ",", EXTRACT_DONT_COALESCE_SEPARATORS);
                        if (r < 0)
                                return r;
                        if (r == 0)
                                break;

                        tt = parse_breakpoint_from_string_one(t);
                        if (tt < 0) {
                                log_warning("Invalid breakpoint value '%s', ignoring.", t);
                                continue;
                        }

                        if (breakpoint_applies(&breakpoint_info_table[tt], LOG_WARNING))
                                breakpoints |= 1 << tt;
                }

        *ret_breakpoints = breakpoints;

        return 0;
}

static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
        int r;

        assert(key);

        if (streq(key, "systemd.mask")) {
                char *n;

                if (proc_cmdline_value_missing(key, value))
                        return 0;

                r = unit_name_mangle(value, UNIT_NAME_MANGLE_WARN, &n);
                if (r < 0)
                        return log_error_errno(r, "Failed to glob unit name: %m");

                if (strv_consume(&arg_mask, n) < 0)
                        return log_oom();

        } else if (streq(key, "systemd.wants")) {
                char *n;

                if (proc_cmdline_value_missing(key, value))
                        return 0;

                r = unit_name_mangle(value, UNIT_NAME_MANGLE_WARN, &n);
                if (r < 0)
                        return log_error_errno(r, "Failed to glob unit name: %m");

                if (strv_consume(&arg_wants, n) < 0)
                        return log_oom();

        } else if (proc_cmdline_key_streq(key, "systemd.debug_shell")) {

                r = value ? parse_boolean(value) : 1;
                arg_debug_shell = r != 0;
                if (r >= 0)
                        return 0;

                return free_and_strdup_warn(&arg_debug_tty, skip_dev_prefix(value));

        } else if (proc_cmdline_key_streq(key, "systemd.default_debug_tty")) {

                if (proc_cmdline_value_missing(key, value))
                        return 0;

                return free_and_strdup_warn(&arg_default_debug_tty, skip_dev_prefix(value));

        } else if (streq(key, "systemd.unit")) {

                if (proc_cmdline_value_missing(key, value))
                        return 0;

                return free_and_strdup_warn(&arg_default_unit, value);

        } else if (streq(key, "systemd.break")) {
                uint32_t breakpoints = 0;

                r = parse_breakpoint_from_string(value, &breakpoints);
                if (r < 0)
                        return log_warning_errno(r, "Failed to parse breakpoint value '%s': %m", value);

                arg_breakpoints |= breakpoints;

        } else if (!value) {
                const char *target;

                target = runlevel_to_target(key);
                if (target)
                        return free_and_strdup_warn(&arg_default_unit, target);
        }

        return 0;
}

static int generate_mask_symlinks(void) {
        int r = 0;

        STRV_FOREACH(u, arg_mask) {
                _cleanup_free_ char *p = NULL;

                p = path_join(arg_dest, *u);
                if (!p)
                        return log_oom();

                if (symlink("/dev/null", p) < 0)
                        RET_GATHER(r, log_error_errno(errno, "Failed to create mask symlink '%s': %m", p));
        }

        return r;
}

static int generate_wants_symlinks(void) {
        int r = 0;

        STRV_FOREACH(u, arg_wants) {
                _cleanup_free_ char *f = NULL;
                const char *target;

                /* This should match what do_queue_default_job() in core/main.c does. */
                if (arg_default_unit)
                        target = arg_default_unit;
                else if (in_initrd())
                        target = SPECIAL_INITRD_TARGET;
                else
                        target = SPECIAL_DEFAULT_TARGET;

                f = path_join(SYSTEM_DATA_UNIT_DIR, *u);
                if (!f)
                        return log_oom();

                RET_GATHER(r, generator_add_symlink(arg_dest, target, "wants", f));
        }

        return r;
}

static int install_debug_shell_dropin(void) {
        const char *tty = arg_debug_tty ?: arg_default_debug_tty;
        int r;

        if (!tty || path_equal(tty, skip_dev_prefix(DEBUGTTY)))
                return 0;

        r = write_drop_in_format(arg_dest, "debug-shell.service", 50, "tty",
                                 "# Automatically generated by systemd-debug-generator\n\n"
                                 "[Unit]\n"
                                 "Description=Early root shell on /dev/%s FOR DEBUGGING ONLY\n"
                                 "ConditionPathExists=\n"
                                 "\n[Service]\n"
                                 "TTYPath=/dev/%s\n",
                                 tty, tty);
        if (r < 0)
                return log_warning_errno(r, "Failed to write drop-in for debug-shell.service: %m");

        return 1;
}

static int process_unit_credentials(const char *credentials_dir) {
        _cleanup_free_ DirectoryEntries *des = NULL;
        int r;

        assert(credentials_dir);

        r = readdir_all_at(AT_FDCWD, credentials_dir, RECURSE_DIR_SORT|RECURSE_DIR_IGNORE_DOT|RECURSE_DIR_ENSURE_TYPE, &des);
        if (r < 0)
                return log_error_errno(r, "Failed to enumerate credentials from credentials directory '%s': %m", credentials_dir);

        FOREACH_ARRAY(i, des->entries, des->n_entries) {
                struct dirent *de = *i;
                const char *unit, *dropin;

                if (de->d_type != DT_REG)
                        continue;

                unit = startswith(de->d_name, "systemd.extra-unit.");
                dropin = startswith(de->d_name, "systemd.unit-dropin.");

                if (!unit && !dropin)
                        continue;

                _cleanup_free_ char *d = NULL;

                r = read_credential_with_decryption(de->d_name, (void**) &d, NULL);
                if (r < 0) {
                        log_warning_errno(r, "Failed to read credential '%s', ignoring: %m", de->d_name);
                        continue;
                }

                if (unit) {
                        _cleanup_free_ char *p = NULL;

                        if (!unit_name_is_valid(unit, UNIT_NAME_ANY)) {
                                log_warning("Invalid unit name '%s' in credential '%s', ignoring.",
                                            unit, de->d_name);
                                continue;
                        }

                        p = path_join(arg_dest, unit);
                        if (!p)
                                return log_oom();

                        r = write_string_file(p, d, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_MKDIR_0755|WRITE_STRING_FILE_LABEL);
                        if (r < 0) {
                                log_warning_errno(r, "Failed to write unit file '%s' from credential '%s', ignoring: %m",
                                                  unit, de->d_name);
                                continue;
                        }

                        log_debug("Wrote unit file '%s' from credential '%s'", unit, de->d_name);

                } else if (dropin) {
                        _cleanup_free_ char *dropin_unit = NULL;
                        const char *tilde, *dropin_name;

                        tilde = strchrnul(dropin, '~');
                        dropin_unit = strndup(dropin, tilde - dropin);
                        if (!dropin_unit)
                                return log_oom();

                        if (!unit_name_is_valid(dropin_unit, UNIT_NAME_ANY)) {
                                log_warning("Invalid unit name '%s' in credential '%s', ignoring.",
                                            dropin_unit, de->d_name);
                                continue;
                        }

                        dropin_name = isempty(tilde) ? "50-credential" : tilde + 1;
                        if (isempty(dropin_name)) {
                                log_warning("Empty drop-in name for unit '%s' in credential '%s', ignoring.",
                                            dropin_unit, de->d_name);
                                continue;
                        }

                        r = write_drop_in(arg_dest, dropin_unit, /* level = */ UINT_MAX, dropin_name, d);
                        if (r < 0) {
                                log_warning_errno(r, "Failed to write drop-in '%s' for unit '%s' from credential '%s', ignoring: %m",
                                                  dropin_name, dropin_unit, de->d_name);
                                continue;
                        }

                        log_debug("Wrote drop-in '%s' for unit '%s' from credential '%s'", dropin_name, dropin_unit, de->d_name);
                } else
                        assert_not_reached();
        }

        return 0;
}

static int run(const char *dest, const char *dest_early, const char *dest_late) {
        const char *credentials_dir;
        int r;

        assert_se(arg_dest = dest_early);

        r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, PROC_CMDLINE_RD_STRICT | PROC_CMDLINE_STRIP_RD_PREFIX);
        if (r < 0)
                log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");

        if (arg_debug_shell) {
                if (strv_extend(&arg_wants, "debug-shell.service") < 0)
                        return log_oom();

                RET_GATHER(r, install_debug_shell_dropin());
        }

        BIT_FOREACH(i, arg_breakpoints)
                if (strv_extend(&arg_wants, breakpoint_info_table[i].unit) < 0)
                        return log_oom();

        if (get_credentials_dir(&credentials_dir) >= 0)
                RET_GATHER(r, process_unit_credentials(credentials_dir));

        if (get_encrypted_credentials_dir(&credentials_dir) >= 0)
                RET_GATHER(r, process_unit_credentials(credentials_dir));

        RET_GATHER(r, generate_mask_symlinks());
        RET_GATHER(r, generate_wants_symlinks());

        return r;
}

DEFINE_MAIN_GENERATOR_FUNCTION(run);
Commit	Line	Data
	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
	2
	3	#include <unistd.h>
	4
	5	#include "alloc-util.h"
	6	#include "bitfield.h"
	7	#include "creds-util.h"
	8	#include "dropin.h"
	9	#include "errno-util.h"
	10	#include "extract-word.h"
	11	#include "fileio.h"
	12	#include "log.h"
	13	#include "generator.h"
	14	#include "initrd-util.h"
	15	#include "parse-util.h"
	16	#include "path-util.h"
	17	#include "proc-cmdline.h"
	18	#include "recurse-dir.h"
	19	#include "special.h"
	20	#include "string-util.h"
	21	#include "strv.h"
	22	#include "unit-file.h"
	23	#include "unit-name.h"
	24
	25	static const char *arg_dest = NULL;
	26	static char *arg_default_unit = NULL;
	27	static char **arg_mask = NULL;
	28	static char **arg_wants = NULL;
	29	static bool arg_debug_shell = false;
	30	static char *arg_debug_tty = NULL;
	31	static char *arg_default_debug_tty = NULL;
	32	static uint32_t arg_breakpoints = 0;
	33
	34	STATIC_DESTRUCTOR_REGISTER(arg_default_unit, freep);
	35	STATIC_DESTRUCTOR_REGISTER(arg_mask, strv_freep);
	36	STATIC_DESTRUCTOR_REGISTER(arg_wants, strv_freep);
	37	STATIC_DESTRUCTOR_REGISTER(arg_debug_tty, freep);
	38	STATIC_DESTRUCTOR_REGISTER(arg_default_debug_tty, freep);
	39
	40	typedef enum BreakpointType {
	41	BREAKPOINT_PRE_UDEV,
	42	BREAKPOINT_PRE_BASIC,
	43	BREAKPOINT_PRE_SYSROOT_MOUNT,
	44	BREAKPOINT_PRE_SWITCH_ROOT,
	45	_BREAKPOINT_TYPE_MAX,
	46	_BREAKPOINT_TYPE_INVALID = -EINVAL,
	47	} BreakpointType;
	48
	49	typedef enum BreakpointValidity {
	50	BREAKPOINT_DEFAULT = 1 << 0,
	51	BREAKPOINT_IN_INITRD = 1 << 1,
	52	BREAKPOINT_ON_HOST = 1 << 2,
	53	} BreakpointValidity;
	54
	55	typedef struct BreakpointInfo {
	56	BreakpointType type;
	57	const char *name;
	58	const char *unit;
	59	BreakpointValidity validity;
	60	} BreakpointInfo;
	61
	62	static const struct BreakpointInfo breakpoint_info_table[_BREAKPOINT_TYPE_MAX] = {
	63	{ BREAKPOINT_PRE_UDEV, "pre-udev", "breakpoint-pre-udev.service", BREAKPOINT_IN_INITRD \| BREAKPOINT_ON_HOST },
	64	{ BREAKPOINT_PRE_BASIC, "pre-basic", "breakpoint-pre-basic.service", BREAKPOINT_IN_INITRD \| BREAKPOINT_ON_HOST },
	65	{ BREAKPOINT_PRE_SYSROOT_MOUNT, "pre-mount", "breakpoint-pre-mount.service", BREAKPOINT_IN_INITRD },
	66	{ BREAKPOINT_PRE_SWITCH_ROOT, "pre-switch-root", "breakpoint-pre-switch-root.service", BREAKPOINT_IN_INITRD \| BREAKPOINT_DEFAULT },
	67	};
	68
	69	static bool breakpoint_applies(const BreakpointInfo *info, int log_level) {
	70	assert(info);
	71
	72	if (in_initrd() && !FLAGS_SET(info->validity, BREAKPOINT_IN_INITRD))
	73	log_full(log_level, "Breakpoint '%s' not valid in the initrd, ignoring.", info->name);
	74	else if (!in_initrd() && !FLAGS_SET(info->validity, BREAKPOINT_ON_HOST))
	75	log_full(log_level, "Breakpoint '%s' not valid on the host, ignoring.", info->name);
	76	else
	77	return true;
	78
	79	return false;
	80	}
	81
	82	static BreakpointType parse_breakpoint_from_string_one(const char *s) {
	83	assert(s);
	84
	85	FOREACH_ELEMENT(i, breakpoint_info_table)
	86	if (streq(i->name, s))
	87	return i->type;
	88
	89	return _BREAKPOINT_TYPE_INVALID;
	90	}
	91
	92	static int parse_breakpoint_from_string(const char s, uint32_t ret_breakpoints) {
	93	uint32_t breakpoints = 0;
	94	int r;
	95
	96	assert(ret_breakpoints);
	97
	98	/* Empty value? set default breakpoint */
	99	if (isempty(s)) {
	100	bool found_default = false;
	101
	102	FOREACH_ELEMENT(i, breakpoint_info_table)
	103	if (FLAGS_SET(i->validity, BREAKPOINT_DEFAULT) && breakpoint_applies(i, INT_MAX)) {
	104	breakpoints \|= 1 << i->type;
	105	found_default = true;
	106	break;
	107	}
	108
	109	if (!found_default)
	110	log_warning("No default breakpoint defined %s, ignoring.",
	111	in_initrd() ? "in the initrd" : "on the host");
	112	} else
	113	for (;;) {
	114	_cleanup_free_ char *t = NULL;
	115	BreakpointType tt;
	116
	117	r = extract_first_word(&s, &t, ",", EXTRACT_DONT_COALESCE_SEPARATORS);
	118	if (r < 0)
	119	return r;
	120	if (r == 0)
	121	break;
	122
	123	tt = parse_breakpoint_from_string_one(t);
	124	if (tt < 0) {
	125	log_warning("Invalid breakpoint value '%s', ignoring.", t);
	126	continue;
	127	}
	128
	129	if (breakpoint_applies(&breakpoint_info_table[tt], LOG_WARNING))
	130	breakpoints \|= 1 << tt;
	131	}
	132
	133	*ret_breakpoints = breakpoints;
	134
	135	return 0;
	136	}
	137
	138	static int parse_proc_cmdline_item(const char key, const char value, void *data) {
	139	int r;
	140
	141	assert(key);
	142
	143	if (streq(key, "systemd.mask")) {
	144	char *n;
	145
	146	if (proc_cmdline_value_missing(key, value))
	147	return 0;
	148
	149	r = unit_name_mangle(value, UNIT_NAME_MANGLE_WARN, &n);
	150	if (r < 0)
	151	return log_error_errno(r, "Failed to glob unit name: %m");
	152
	153	if (strv_consume(&arg_mask, n) < 0)
	154	return log_oom();
	155
	156	} else if (streq(key, "systemd.wants")) {
	157	char *n;
	158
	159	if (proc_cmdline_value_missing(key, value))
	160	return 0;
	161
	162	r = unit_name_mangle(value, UNIT_NAME_MANGLE_WARN, &n);
	163	if (r < 0)
	164	return log_error_errno(r, "Failed to glob unit name: %m");
	165
	166	if (strv_consume(&arg_wants, n) < 0)
	167	return log_oom();
	168
	169	} else if (proc_cmdline_key_streq(key, "systemd.debug_shell")) {
	170
	171	r = value ? parse_boolean(value) : 1;
	172	arg_debug_shell = r != 0;
	173	if (r >= 0)
	174	return 0;
	175
	176	return free_and_strdup_warn(&arg_debug_tty, skip_dev_prefix(value));
	177
	178	} else if (proc_cmdline_key_streq(key, "systemd.default_debug_tty")) {
	179
	180	if (proc_cmdline_value_missing(key, value))
	181	return 0;
	182
	183	return free_and_strdup_warn(&arg_default_debug_tty, skip_dev_prefix(value));
	184
	185	} else if (streq(key, "systemd.unit")) {
	186
	187	if (proc_cmdline_value_missing(key, value))
	188	return 0;
	189
	190	return free_and_strdup_warn(&arg_default_unit, value);
	191
	192	} else if (streq(key, "systemd.break")) {
	193	uint32_t breakpoints = 0;
	194
	195	r = parse_breakpoint_from_string(value, &breakpoints);
	196	if (r < 0)
	197	return log_warning_errno(r, "Failed to parse breakpoint value '%s': %m", value);
	198
	199	arg_breakpoints \|= breakpoints;
	200
	201	} else if (!value) {
	202	const char *target;
	203
	204	target = runlevel_to_target(key);
	205	if (target)
	206	return free_and_strdup_warn(&arg_default_unit, target);
	207	}
	208
	209	return 0;
	210	}
	211
	212	static int generate_mask_symlinks(void) {
	213	int r = 0;
	214
	215	STRV_FOREACH(u, arg_mask) {
	216	_cleanup_free_ char *p = NULL;
	217
	218	p = path_join(arg_dest, *u);
	219	if (!p)
	220	return log_oom();
	221
	222	if (symlink("/dev/null", p) < 0)
	223	RET_GATHER(r, log_error_errno(errno, "Failed to create mask symlink '%s': %m", p));
	224	}
	225
	226	return r;
	227	}
	228
	229	static int generate_wants_symlinks(void) {
	230	int r = 0;
	231
	232	STRV_FOREACH(u, arg_wants) {
	233	_cleanup_free_ char *f = NULL;
	234	const char *target;
	235
	236	/* This should match what do_queue_default_job() in core/main.c does. */
	237	if (arg_default_unit)
	238	target = arg_default_unit;
	239	else if (in_initrd())
	240	target = SPECIAL_INITRD_TARGET;
	241	else
	242	target = SPECIAL_DEFAULT_TARGET;
	243
	244	f = path_join(SYSTEM_DATA_UNIT_DIR, *u);
	245	if (!f)
	246	return log_oom();
	247
	248	RET_GATHER(r, generator_add_symlink(arg_dest, target, "wants", f));
	249	}
	250
	251	return r;
	252	}
	253
	254	static int install_debug_shell_dropin(void) {
	255	const char *tty = arg_debug_tty ?: arg_default_debug_tty;
	256	int r;
	257
	258	if (!tty \|\| path_equal(tty, skip_dev_prefix(DEBUGTTY)))
	259	return 0;
	260
	261	r = write_drop_in_format(arg_dest, "debug-shell.service", 50, "tty",
	262	"# Automatically generated by systemd-debug-generator\n\n"
	263	"[Unit]\n"
	264	"Description=Early root shell on /dev/%s FOR DEBUGGING ONLY\n"
	265	"ConditionPathExists=\n"
	266	"\n[Service]\n"
	267	"TTYPath=/dev/%s\n",
	268	tty, tty);
	269	if (r < 0)
	270	return log_warning_errno(r, "Failed to write drop-in for debug-shell.service: %m");
	271
	272	return 1;
	273	}
	274
	275	static int process_unit_credentials(const char *credentials_dir) {
	276	_cleanup_free_ DirectoryEntries *des = NULL;
	277	int r;
	278
	279	assert(credentials_dir);
	280
	281	r = readdir_all_at(AT_FDCWD, credentials_dir, RECURSE_DIR_SORT\|RECURSE_DIR_IGNORE_DOT\|RECURSE_DIR_ENSURE_TYPE, &des);
	282	if (r < 0)
	283	return log_error_errno(r, "Failed to enumerate credentials from credentials directory '%s': %m", credentials_dir);
	284
	285	FOREACH_ARRAY(i, des->entries, des->n_entries) {
	286	struct dirent de = i;
	287	const char unit, dropin;
	288
	289	if (de->d_type != DT_REG)
	290	continue;
	291
	292	unit = startswith(de->d_name, "systemd.extra-unit.");
	293	dropin = startswith(de->d_name, "systemd.unit-dropin.");
	294
	295	if (!unit && !dropin)
	296	continue;
	297
	298	_cleanup_free_ char *d = NULL;
	299
	300	r = read_credential_with_decryption(de->d_name, (void**) &d, NULL);
	301	if (r < 0) {
	302	log_warning_errno(r, "Failed to read credential '%s', ignoring: %m", de->d_name);
	303	continue;
	304	}
	305
	306	if (unit) {
	307	_cleanup_free_ char *p = NULL;
	308
	309	if (!unit_name_is_valid(unit, UNIT_NAME_ANY)) {
	310	log_warning("Invalid unit name '%s' in credential '%s', ignoring.",
	311	unit, de->d_name);
	312	continue;
	313	}
	314
	315	p = path_join(arg_dest, unit);
	316	if (!p)
	317	return log_oom();
	318
	319	r = write_string_file(p, d, WRITE_STRING_FILE_CREATE\|WRITE_STRING_FILE_ATOMIC\|WRITE_STRING_FILE_MKDIR_0755\|WRITE_STRING_FILE_LABEL);
	320	if (r < 0) {
	321	log_warning_errno(r, "Failed to write unit file '%s' from credential '%s', ignoring: %m",
	322	unit, de->d_name);
	323	continue;
	324	}
	325
	326	log_debug("Wrote unit file '%s' from credential '%s'", unit, de->d_name);
	327
	328	} else if (dropin) {
	329	_cleanup_free_ char *dropin_unit = NULL;
	330	const char tilde, dropin_name;
	331
	332	tilde = strchrnul(dropin, '~');
	333	dropin_unit = strndup(dropin, tilde - dropin);
	334	if (!dropin_unit)
	335	return log_oom();
	336
	337	if (!unit_name_is_valid(dropin_unit, UNIT_NAME_ANY)) {
	338	log_warning("Invalid unit name '%s' in credential '%s', ignoring.",
	339	dropin_unit, de->d_name);
	340	continue;
	341	}
	342
	343	dropin_name = isempty(tilde) ? "50-credential" : tilde + 1;
	344	if (isempty(dropin_name)) {
	345	log_warning("Empty drop-in name for unit '%s' in credential '%s', ignoring.",
	346	dropin_unit, de->d_name);
	347	continue;
	348	}
	349
	350	r = write_drop_in(arg_dest, dropin_unit, /* level = */ UINT_MAX, dropin_name, d);
	351	if (r < 0) {
	352	log_warning_errno(r, "Failed to write drop-in '%s' for unit '%s' from credential '%s', ignoring: %m",
	353	dropin_name, dropin_unit, de->d_name);
	354	continue;
	355	}
	356
	357	log_debug("Wrote drop-in '%s' for unit '%s' from credential '%s'", dropin_name, dropin_unit, de->d_name);
	358	} else
	359	assert_not_reached();
	360	}
	361
	362	return 0;
	363	}
	364
	365	static int run(const char dest, const char dest_early, const char *dest_late) {
	366	const char *credentials_dir;
	367	int r;
	368
	369	assert_se(arg_dest = dest_early);
	370
	371	r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, PROC_CMDLINE_RD_STRICT \| PROC_CMDLINE_STRIP_RD_PREFIX);
	372	if (r < 0)
	373	log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
	374
	375	if (arg_debug_shell) {
	376	if (strv_extend(&arg_wants, "debug-shell.service") < 0)
	377	return log_oom();
	378
	379	RET_GATHER(r, install_debug_shell_dropin());
	380	}
	381
	382	BIT_FOREACH(i, arg_breakpoints)
	383	if (strv_extend(&arg_wants, breakpoint_info_table[i].unit) < 0)
	384	return log_oom();
	385
	386	if (get_credentials_dir(&credentials_dir) >= 0)
	387	RET_GATHER(r, process_unit_credentials(credentials_dir));
	388
	389	if (get_encrypted_credentials_dir(&credentials_dir) >= 0)
	390	RET_GATHER(r, process_unit_credentials(credentials_dir));
	391
	392	RET_GATHER(r, generate_mask_symlinks());
	393	RET_GATHER(r, generate_wants_symlinks());
	394
	395	return r;
	396	}
	397
	398	DEFINE_MAIN_GENERATOR_FUNCTION(run);