From: Daan De Meyer Date: Sat, 11 May 2024 14:42:24 +0000 (+0200) Subject: debug-generator: Allow specifying name of unit-dropin credential X-Git-Tag: v256-rc2~42 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=82c2214539c9d65c029f4658c9cf2c7be53b9480;p=thirdparty%2Fsystemd.git debug-generator: Allow specifying name of unit-dropin credential A fixed name is too rigid, let's give users the ability to define custom drop-in names which at the same time also allows defining multiple dropins per unit. We use ~ as the separator because: - ':' is not allowed in credential names - '=' is used to separate credential from value in mkosi's --credential argument. - '-' is commonly used in filenames - '@' already has meaning as the unit template specifier which might be confusing when adding dropins for template units --- diff --git a/man/systemd-debug-generator.xml b/man/systemd-debug-generator.xml index 126d1efc002..744fcb9c7a3 100644 --- a/man/systemd-debug-generator.xml +++ b/man/systemd-debug-generator.xml @@ -91,8 +91,9 @@ Credentials prefixed with systemd.unit-dropin. add drop-ins for the corresponding units in the final system. Each credential must be suffixed with the full unit name - including the unit extension. Its contents must be a valid unit drop-in file. Only one drop-in per - unit can be specified. The name of the generated drop-in will be + including the unit extension. Its contents must be a valid unit drop-in file. Optionally, the unit + name may be followed with ~, followed by the drop-in name without the + .conf suffix. If not specified, the name of the generated drop-in will be 50-credential.conf. Note that these additional drop-ins are added to both the initrd and the final system. diff --git a/src/debug-generator/debug-generator.c b/src/debug-generator/debug-generator.c index 1b14f1222ab..76379806896 100644 --- a/src/debug-generator/debug-generator.c +++ b/src/debug-generator/debug-generator.c @@ -185,12 +185,6 @@ static int process_unit_credentials(const char *credentials_dir) { if (!unit && !dropin) continue; - if (!unit_name_is_valid(unit ?: dropin, UNIT_NAME_ANY)) { - log_warning("Invalid unit name '%s' in credential '%s', ignoring.", - unit ?: dropin, de->d_name); - continue; - } - _cleanup_free_ char *d = NULL; r = read_credential_with_decryption(de->d_name, (void**) &d, NULL); @@ -202,6 +196,12 @@ static int process_unit_credentials(const char *credentials_dir) { if (unit) { _cleanup_free_ char *p = NULL; + if (!unit_name_is_valid(unit, UNIT_NAME_ANY)) { + log_warning("Invalid unit name '%s' in credential '%s', ignoring.", + unit, de->d_name); + continue; + } + p = path_join(arg_dest, unit); if (!p) return log_oom(); @@ -216,14 +216,35 @@ static int process_unit_credentials(const char *credentials_dir) { log_debug("Wrote unit file '%s' from credential '%s'", unit, de->d_name); } else if (dropin) { - r = write_drop_in(arg_dest, dropin, 50, "credential", d); + _cleanup_free_ char *dropin_unit = NULL; + const char *tilde, *dropin_name; + + tilde = strchrnul(dropin, '~'); + dropin_unit = strndup(dropin, tilde - dropin); + if (!dropin_unit) + return log_oom(); + + if (!unit_name_is_valid(dropin_unit, UNIT_NAME_ANY)) { + log_warning("Invalid unit name '%s' in credential '%s', ignoring.", + dropin_unit, de->d_name); + continue; + } + + dropin_name = isempty(tilde) ? "50-credential" : tilde + 1; + if (isempty(dropin_name)) { + log_warning("Empty drop-in name for unit '%s' in credential '%s', ignoring.", + dropin_unit, de->d_name); + continue; + } + + r = write_drop_in(arg_dest, dropin_unit, /* level = */ UINT_MAX, dropin_name, d); if (r < 0) { - log_warning_errno(r, "Failed to write drop-in for unit '%s' from credential '%s', ignoring: %m", - dropin, de->d_name); + log_warning_errno(r, "Failed to write drop-in '%s' for unit '%s' from credential '%s', ignoring: %m", + dropin_name, dropin_unit, de->d_name); continue; } - log_debug("Wrote drop-in for unit '%s' from credential '%s'", dropin, de->d_name); + log_debug("Wrote drop-in '%s' for unit '%s' from credential '%s'", dropin_name, dropin_unit, de->d_name); } else assert_not_reached(); } diff --git a/src/shared/dropin.c b/src/shared/dropin.c index d46e8380440..9a786d06039 100644 --- a/src/shared/dropin.c +++ b/src/shared/dropin.c @@ -26,7 +26,7 @@ int drop_in_file(const char *dir, const char *unit, unsigned level, const char *name, char **ret_p, char **ret_q) { - char prefix[DECIMAL_STR_MAX(unsigned)]; + char prefix[DECIMAL_STR_MAX(unsigned) + 1] = {}; _cleanup_free_ char *b = NULL, *p = NULL, *q = NULL; assert(unit); @@ -34,7 +34,8 @@ int drop_in_file(const char *dir, const char *unit, unsigned level, assert(ret_p); assert(ret_q); - sprintf(prefix, "%u", level); + if (level != UINT_MAX) + xsprintf(prefix, "%u-", level); b = xescape(name, "/."); if (!b) @@ -44,7 +45,7 @@ int drop_in_file(const char *dir, const char *unit, unsigned level, return -EINVAL; p = strjoin(dir, "/", unit, ".d"); - q = strjoin(p, "/", prefix, "-", b, ".conf"); + q = strjoin(p, "/", prefix, b, ".conf"); if (!p || !q) return -ENOMEM; diff --git a/test/TEST-54-CREDS/test.sh b/test/TEST-54-CREDS/test.sh index afcb3481668..99c44e30122 100755 --- a/test/TEST-54-CREDS/test.sh +++ b/test/TEST-54-CREDS/test.sh @@ -17,10 +17,14 @@ EOF ) DROPIN_CRED=$(base64 -w 0 <