git.ipfire.org Git - thirdparty/systemd.git/commit

author	Lennart Poettering <lennart@poettering.net>
	Thu, 21 Apr 2022 13:32:21 +0000 (15:32 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Thu, 28 Apr 2022 16:12:00 +0000 (18:12 +0200)
commit	2ad591a3a3d0e0da43c0e3252cc15bd00af9bfb7
tree	72be377551326e64391571d4a6cdeaa2f00fa09a	tree \| snapshot
parent	4b9a4b01793170b9b17467711195552ef1f25ab8	commit \| diff

pid1: search for creds in LoadCredential=/LoadCredentialEncrypted=

This adds support for searching for credentials more comprehensively.

Specifically, unless an absolute source path is specified we'll now
search for the credentials in the system credentials first, and then in
/etc/credstore/, /run/credstore/, and /usr/lib/credstore, making these
dirs hence the recommended place for credentials to leave in the system.

For LoadCredentialEncrypted= we'll also look into
/etc/credstore.encrypted/, /run/credstore.encrypted/, …. These dirs are
hence suitable for credentials whose provenience isn't trusted (e.g.
UEFI creds from systemd-stub), and thus require to be authenticated
before use.

src/core/execute.c		diff \| blob \| blame \| history
src/core/execute.h		diff \| blob \| blame \| history
src/core/manager.c		diff \| blob \| blame \| history
src/core/manager.h		diff \| blob \| blame \| history
src/core/unit.c		diff \| blob \| blame \| history