diff options
| author | Lennart Poettering <lennart@poettering.net> | 2022-07-15 16:33:20 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2022-07-21 00:06:22 +0200 |
| commit | a0f4426d0f1205d118e5938cdc28f063044ad5b9 (patch) | |
| tree | dbd73a1daa6858dd2fb0ec4cc97dd1cb988cd6ff | |
| parent | 67ff6b3031a31b6d912d8668f501c2fdba8fe5a9 (diff) | |
| download | systemd-a0f4426d0f1205d118e5938cdc28f063044ad5b9.tar.gz | |
tmpfiles: automatically provision /etc/issue.d/ + /etc/motd.d/ + /etc/hosts from credentials
| -rwxr-xr-x | test/TEST-54-CREDS/test.sh | 26 | ||||
| -rwxr-xr-x | test/units/testsuite-54.sh | 2 | ||||
| -rw-r--r-- | tmpfiles.d/meson.build | 1 | ||||
| -rw-r--r-- | tmpfiles.d/provision.conf | 17 | ||||
| -rw-r--r-- | units/systemd-tmpfiles-setup.service | 3 |
5 files changed, 46 insertions, 3 deletions
diff --git a/test/TEST-54-CREDS/test.sh b/test/TEST-54-CREDS/test.sh index ac6777be31..5269eaa437 100755 --- a/test/TEST-54-CREDS/test.sh +++ b/test/TEST-54-CREDS/test.sh @@ -3,9 +3,29 @@ set -e TEST_DESCRIPTION="test credentials" -NSPAWN_ARGUMENTS="${NSPAWN_ARGUMENTS:-} --set-credential=mynspawncredential:strangevalue" -QEMU_OPTIONS="${QEMU_OPTIONS:-} -fw_cfg name=opt/io.systemd.credentials/myqemucredential,string=othervalue -smbios type=11,value=io.systemd.credential:smbioscredential=magicdata -smbios type=11,value=io.systemd.credential.binary:binarysmbioscredential=bWFnaWNiaW5hcnlkYXRh -smbios type=11,value=io.systemd.credential.binary:sysusers.extra=dSBjcmVkdGVzdHVzZXIK -smbios type=11,value=io.systemd.credential.binary:tmpfiles.extra=ZiAvdG1wL3NvdXJjZWRmcm9tY3JlZGVudGlhbCAtIC0gLSAtIHRtcGZpbGVzc2VjcmV0Cg==" -KERNEL_APPEND="${KERNEL_APPEND:-} systemd.set_credential=kernelcmdlinecred:uff systemd.set_credential=sysctl.extra:kernel.domainname=sysctltest rd.systemd.import_credentials=no" + +NSPAWN_CREDS=( + "--set-credential=mynspawncredential:strangevalue" +) +NSPAWN_ARGUMENTS="${NSPAWN_ARGUMENTS:-} ${NSPAWN_CREDS[*]}" + +QEMU_CREDS=( + "-fw_cfg name=opt/io.systemd.credentials/myqemucredential,string=othervalue" + "-smbios type=11,value=io.systemd.credential:smbioscredential=magicdata" + "-smbios type=11,value=io.systemd.credential.binary:binarysmbioscredential=bWFnaWNiaW5hcnlkYXRh" + "-smbios type=11,value=io.systemd.credential.binary:sysusers.extra=dSBjcmVkdGVzdHVzZXIK" + "-smbios type=11,value=io.systemd.credential.binary:tmpfiles.extra=ZiAvdG1wL3NvdXJjZWRmcm9tY3JlZGVudGlhbCAtIC0gLSAtIHRtcGZpbGVzc2VjcmV0Cg==" +) +QEMU_OPTIONS="${QEMU_OPTIONS:-} ${QEMU_CREDS[*]}" + +KERNEL_CREDS=( + "systemd.set_credential=kernelcmdlinecred:uff" + "systemd.set_credential=sysctl.extra:kernel.domainname=sysctltest" + "systemd.set_credential=login.motd:hello" + "systemd.set_credential=login.issue:welcome" + "rd.systemd.import_credentials=no" +) +KERNEL_APPEND="${KERNEL_APPEND:-} ${KERNEL_CREDS[*]}" # shellcheck source=test/test-functions . "${TEST_BASE_DIR:?}/test-functions" diff --git a/test/units/testsuite-54.sh b/test/units/testsuite-54.sh index 8eff47028d..dc0c5f554f 100755 --- a/test/units/testsuite-54.sh +++ b/test/units/testsuite-54.sh @@ -46,6 +46,8 @@ elif [ -d /sys/firmware/qemu_fw_cfg/by_name ]; then # Verify that writing a file via tmpfiles worked [ "$(cat /tmp/sourcedfromcredential)" = "tmpfilessecret" ] + [ "$(cat /etc/motd.d/50-provision.conf)" = "hello" ] + [ "$(cat /etc/issue.d/50-provision.conf)" = "welcome" ] else echo "qemu_fw_cfg support missing in kernel. Sniff!" expected_credential="" diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build index 4546169694..ca1abbf3fe 100644 --- a/tmpfiles.d/meson.build +++ b/tmpfiles.d/meson.build @@ -14,6 +14,7 @@ files = [['README', ''], ['systemd-tmp.conf', ''], ['tmp.conf', ''], ['x11.conf', ''], + ['provision.conf', ''], ] foreach pair : files diff --git a/tmpfiles.d/provision.conf b/tmpfiles.d/provision.conf new file mode 100644 index 0000000000..9a4783868f --- /dev/null +++ b/tmpfiles.d/provision.conf @@ -0,0 +1,17 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +# Provision additional loging messages from credentials, if they are set. Note +# that these lines are NOPs if the credentials are not set or if the files +# already exist. +f^ /etc/motd.d/50-provision.conf - - - - login.motd +f^ /etc/issue.d/50-provision.conf - - - - login.issue + +# Provision a /etc/hosts file from credentials. +f^ /etc/hosts - - - - network.hosts diff --git a/units/systemd-tmpfiles-setup.service b/units/systemd-tmpfiles-setup.service index 6c1ee91a40..fc6a4a0e0b 100644 --- a/units/systemd-tmpfiles-setup.service +++ b/units/systemd-tmpfiles-setup.service @@ -22,3 +22,6 @@ RemainAfterExit=yes ExecStart=systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev SuccessExitStatus=DATAERR CANTCREAT LoadCredential=tmpfiles.extra +LoadCredential=login.motd +LoadCredential=login.issue +LoadCredential=network.hosts |