]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d73fe91)
Add Seal option in the configuration file for journald-remote 2197/head
authorMichael Scherer <misc@redhat.com>
Sun, 20 Dec 2015 12:23:33 +0000 (13:23 +0100)
committerMichael Scherer <misc@redhat.com>
Sun, 20 Dec 2015 12:23:33 +0000 (13:23 +0100)
While journal received remotely can be sealed, it can only be done
on the command line using --seal, so for consistency, we will
also permit to set it in the configuration file.

man/journal-remote.conf.xml patch | blob | blame | history
src/journal-remote/journal-remote.c patch | blob | blame | history
src/journal-remote/journal-remote.conf.in patch | blob | blame | history

diff --git a/man/journal-remote.conf.xml b/man/journal-remote.conf.xml
index b7c5e6ac5c7c7fa886c6a00065c4bf02ed73ee11..2d345963d946d0e4c95097becce3ef9123419719 100644 (file)
--- a/man/journal-remote.conf.xml
+++ b/man/journal-remote.conf.xml
@@ -72,6 +72,13 @@
     <literal>[Remote]</literal> section:</para>
 
     <variablelist>
+      <varlistentry>
+        <term><varname>Seal=</varname></term>
+
+        <listitem><para>Periodically sign the data in the journal using Forward Secure Sealing.
+        </para></listitem>
+      </varlistentry>
+
 
       <varlistentry>
         <term><varname>SplitMode=</varname></term>
diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
index b2f5fbf6b4caddaad2e0182893807ff563bf4594..3f93e8523264c520d04eb6202f3c0ab2fcfafb6b 100644 (file)
--- a/src/journal-remote/journal-remote.c
+++ b/src/journal-remote/journal-remote.c
@@ -1181,6 +1181,7 @@ static DEFINE_CONFIG_PARSE_ENUM(config_parse_write_split_mode,
 
 static int parse_config(void) {
         const ConfigTableItem items[] = {
+                { "Remote",  "Seal",                   config_parse_bool,             0, &arg_seal       },
                 { "Remote",  "SplitMode",              config_parse_write_split_mode, 0, &arg_split_mode },
                 { "Remote",  "ServerKeyFile",          config_parse_path,             0, &arg_key        },
                 { "Remote",  "ServerCertificateFile",  config_parse_path,             0, &arg_cert       },
diff --git a/src/journal-remote/journal-remote.conf.in b/src/journal-remote/journal-remote.conf.in
index 3e32f34def6f661768005273b78033304234e0a2..7122d633625d81f7d7bf70eb14bbfc47eb5e107c 100644 (file)
--- a/src/journal-remote/journal-remote.conf.in
+++ b/src/journal-remote/journal-remote.conf.in
@@ -1,4 +1,5 @@
 [Remote]
+# Seal=false
 # SplitMode=host
 # ServerKeyFile=@CERTIFICATEROOT@/private/journal-remote.pem
 # ServerCertificateFile=@CERTIFICATEROOT@/certs/journal-remote.pem
Unnamed repository; edit this file 'description' to name the repository.