From a0f4426d0f1205d118e5938cdc28f063044ad5b9 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 15 Jul 2022 16:33:20 +0200 Subject: [PATCH] tmpfiles: automatically provision /etc/issue.d/ + /etc/motd.d/ + /etc/hosts from credentials --- test/TEST-54-CREDS/test.sh | 26 +++++++++++++++++++++++--- test/units/testsuite-54.sh | 2 ++ tmpfiles.d/meson.build | 1 + tmpfiles.d/provision.conf | 17 +++++++++++++++++ units/systemd-tmpfiles-setup.service | 3 +++ 5 files changed, 46 insertions(+), 3 deletions(-) create mode 100644 tmpfiles.d/provision.conf diff --git a/test/TEST-54-CREDS/test.sh b/test/TEST-54-CREDS/test.sh index ac6777be31..5269eaa437 100755 --- a/test/TEST-54-CREDS/test.sh +++ b/test/TEST-54-CREDS/test.sh @@ -3,9 +3,29 @@ set -e TEST_DESCRIPTION="test credentials" -NSPAWN_ARGUMENTS="${NSPAWN_ARGUMENTS:-} --set-credential=mynspawncredential:strangevalue" -QEMU_OPTIONS="${QEMU_OPTIONS:-} -fw_cfg name=opt/io.systemd.credentials/myqemucredential,string=othervalue -smbios type=11,value=io.systemd.credential:smbioscredential=magicdata -smbios type=11,value=io.systemd.credential.binary:binarysmbioscredential=bWFnaWNiaW5hcnlkYXRh -smbios type=11,value=io.systemd.credential.binary:sysusers.extra=dSBjcmVkdGVzdHVzZXIK -smbios type=11,value=io.systemd.credential.binary:tmpfiles.extra=ZiAvdG1wL3NvdXJjZWRmcm9tY3JlZGVudGlhbCAtIC0gLSAtIHRtcGZpbGVzc2VjcmV0Cg==" -KERNEL_APPEND="${KERNEL_APPEND:-} systemd.set_credential=kernelcmdlinecred:uff systemd.set_credential=sysctl.extra:kernel.domainname=sysctltest rd.systemd.import_credentials=no" + +NSPAWN_CREDS=( + "--set-credential=mynspawncredential:strangevalue" +) +NSPAWN_ARGUMENTS="${NSPAWN_ARGUMENTS:-} ${NSPAWN_CREDS[*]}" + +QEMU_CREDS=( + "-fw_cfg name=opt/io.systemd.credentials/myqemucredential,string=othervalue" + "-smbios type=11,value=io.systemd.credential:smbioscredential=magicdata" + "-smbios type=11,value=io.systemd.credential.binary:binarysmbioscredential=bWFnaWNiaW5hcnlkYXRh" + "-smbios type=11,value=io.systemd.credential.binary:sysusers.extra=dSBjcmVkdGVzdHVzZXIK" + "-smbios type=11,value=io.systemd.credential.binary:tmpfiles.extra=ZiAvdG1wL3NvdXJjZWRmcm9tY3JlZGVudGlhbCAtIC0gLSAtIHRtcGZpbGVzc2VjcmV0Cg==" +) +QEMU_OPTIONS="${QEMU_OPTIONS:-} ${QEMU_CREDS[*]}" + +KERNEL_CREDS=( + "systemd.set_credential=kernelcmdlinecred:uff" + "systemd.set_credential=sysctl.extra:kernel.domainname=sysctltest" + "systemd.set_credential=login.motd:hello" + "systemd.set_credential=login.issue:welcome" + "rd.systemd.import_credentials=no" +) +KERNEL_APPEND="${KERNEL_APPEND:-} ${KERNEL_CREDS[*]}" # shellcheck source=test/test-functions . "${TEST_BASE_DIR:?}/test-functions" diff --git a/test/units/testsuite-54.sh b/test/units/testsuite-54.sh index 8eff47028d..dc0c5f554f 100755 --- a/test/units/testsuite-54.sh +++ b/test/units/testsuite-54.sh @@ -46,6 +46,8 @@ elif [ -d /sys/firmware/qemu_fw_cfg/by_name ]; then # Verify that writing a file via tmpfiles worked [ "$(cat /tmp/sourcedfromcredential)" = "tmpfilessecret" ] + [ "$(cat /etc/motd.d/50-provision.conf)" = "hello" ] + [ "$(cat /etc/issue.d/50-provision.conf)" = "welcome" ] else echo "qemu_fw_cfg support missing in kernel. Sniff!" expected_credential="" diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build index 4546169694..ca1abbf3fe 100644 --- a/tmpfiles.d/meson.build +++ b/tmpfiles.d/meson.build @@ -14,6 +14,7 @@ files = [['README', ''], ['systemd-tmp.conf', ''], ['tmp.conf', ''], ['x11.conf', ''], + ['provision.conf', ''], ] foreach pair : files diff --git a/tmpfiles.d/provision.conf b/tmpfiles.d/provision.conf new file mode 100644 index 0000000000..9a4783868f --- /dev/null +++ b/tmpfiles.d/provision.conf @@ -0,0 +1,17 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +# Provision additional loging messages from credentials, if they are set. Note +# that these lines are NOPs if the credentials are not set or if the files +# already exist. +f^ /etc/motd.d/50-provision.conf - - - - login.motd +f^ /etc/issue.d/50-provision.conf - - - - login.issue + +# Provision a /etc/hosts file from credentials. +f^ /etc/hosts - - - - network.hosts diff --git a/units/systemd-tmpfiles-setup.service b/units/systemd-tmpfiles-setup.service index 6c1ee91a40..fc6a4a0e0b 100644 --- a/units/systemd-tmpfiles-setup.service +++ b/units/systemd-tmpfiles-setup.service @@ -22,3 +22,6 @@ RemainAfterExit=yes ExecStart=systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev SuccessExitStatus=DATAERR CANTCREAT LoadCredential=tmpfiles.extra +LoadCredential=login.motd +LoadCredential=login.issue +LoadCredential=network.hosts