<listitem><para>Credentials prefixed with <literal>systemd.unit-dropin.</literal> add drop-ins for
the corresponding units in the final system. Each credential must be suffixed with the full unit name
- including the unit extension. Its contents must be a valid unit drop-in file. Only one drop-in per
- unit can be specified. The name of the generated drop-in will be
+ including the unit extension. Its contents must be a valid unit drop-in file. Optionally, the unit
+ name may be followed with <literal>~</literal>, followed by the drop-in name without the
+ <literal>.conf</literal> suffix. If not specified, the name of the generated drop-in will be
<literal>50-credential.conf</literal>. Note that these additional drop-ins are added to both the
initrd and the final system.</para>
if (!unit && !dropin)
continue;
- if (!unit_name_is_valid(unit ?: dropin, UNIT_NAME_ANY)) {
- log_warning("Invalid unit name '%s' in credential '%s', ignoring.",
- unit ?: dropin, de->d_name);
- continue;
- }
-
_cleanup_free_ char *d = NULL;
r = read_credential_with_decryption(de->d_name, (void**) &d, NULL);
if (unit) {
_cleanup_free_ char *p = NULL;
+ if (!unit_name_is_valid(unit, UNIT_NAME_ANY)) {
+ log_warning("Invalid unit name '%s' in credential '%s', ignoring.",
+ unit, de->d_name);
+ continue;
+ }
+
p = path_join(arg_dest, unit);
if (!p)
return log_oom();
log_debug("Wrote unit file '%s' from credential '%s'", unit, de->d_name);
} else if (dropin) {
- r = write_drop_in(arg_dest, dropin, 50, "credential", d);
+ _cleanup_free_ char *dropin_unit = NULL;
+ const char *tilde, *dropin_name;
+
+ tilde = strchrnul(dropin, '~');
+ dropin_unit = strndup(dropin, tilde - dropin);
+ if (!dropin_unit)
+ return log_oom();
+
+ if (!unit_name_is_valid(dropin_unit, UNIT_NAME_ANY)) {
+ log_warning("Invalid unit name '%s' in credential '%s', ignoring.",
+ dropin_unit, de->d_name);
+ continue;
+ }
+
+ dropin_name = isempty(tilde) ? "50-credential" : tilde + 1;
+ if (isempty(dropin_name)) {
+ log_warning("Empty drop-in name for unit '%s' in credential '%s', ignoring.",
+ dropin_unit, de->d_name);
+ continue;
+ }
+
+ r = write_drop_in(arg_dest, dropin_unit, /* level = */ UINT_MAX, dropin_name, d);
if (r < 0) {
- log_warning_errno(r, "Failed to write drop-in for unit '%s' from credential '%s', ignoring: %m",
- dropin, de->d_name);
+ log_warning_errno(r, "Failed to write drop-in '%s' for unit '%s' from credential '%s', ignoring: %m",
+ dropin_name, dropin_unit, de->d_name);
continue;
}
- log_debug("Wrote drop-in for unit '%s' from credential '%s'", dropin, de->d_name);
+ log_debug("Wrote drop-in '%s' for unit '%s' from credential '%s'", dropin_name, dropin_unit, de->d_name);
} else
assert_not_reached();
}
int drop_in_file(const char *dir, const char *unit, unsigned level,
const char *name, char **ret_p, char **ret_q) {
- char prefix[DECIMAL_STR_MAX(unsigned)];
+ char prefix[DECIMAL_STR_MAX(unsigned) + 1] = {};
_cleanup_free_ char *b = NULL, *p = NULL, *q = NULL;
assert(unit);
assert(ret_p);
assert(ret_q);
- sprintf(prefix, "%u", level);
+ if (level != UINT_MAX)
+ xsprintf(prefix, "%u-", level);
b = xescape(name, "/.");
if (!b)
return -EINVAL;
p = strjoin(dir, "/", unit, ".d");
- q = strjoin(p, "/", prefix, "-", b, ".conf");
+ q = strjoin(p, "/", prefix, b, ".conf");
if (!p || !q)
return -ENOMEM;
)
DROPIN_CRED=$(base64 -w 0 <<EOF
[Service]
-ExecStart=
ExecStart=touch /tmp/unit-dropin
EOF
)
+NAMED_DROPIN_CRED=$(base64 -w 0 <<EOF
+[Service]
+ExecStart=touch /tmp/unit-named-dropin
+EOF
+)
QEMU_CREDS=(
"-fw_cfg name=opt/io.systemd.credentials/myqemucredential,string=othervalue"
"-smbios type=11,value=io.systemd.credential:getty.ttys.container=idontexist"
"-smbios type=11,value=io.systemd.credential.binary:systemd.extra-unit.my-service.service=$UNIT_CRED"
"-smbios type=11,value=io.systemd.credential.binary:systemd.unit-dropin.my-service.service=$DROPIN_CRED"
+ "-smbios type=11,value=io.systemd.credential.binary:systemd.unit-dropin.my-service.service~30-named=$NAMED_DROPIN_CRED"
)
QEMU_OPTIONS="${QEMU_OPTIONS:-} ${QEMU_CREDS[*]}"
projects / thirdparty / systemd.git / commitdiff
