1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-22 13:33:56 +03:00

docs: mention tmpfiles.d in CREDENTIALS.md and add example

This commit is contained in:
Luca Boccassi 2022-09-08 16:33:24 +01:00
parent 87d1886346
commit b60d3016eb

View File

@ -342,6 +342,10 @@ Various services shipped with `systemd` consume credentials for tweaking behavio
`firstboot.keymap`, `firstboot.timezone`, that configure locale, keymap or
timezone settings in case the data is not yet set in `/etc/`.
* [`tmpfiles.d(5)`](https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html)
will look for the credentials `tmpfiles.extra` with arbitrary tmpfiles.d lines.
Can be encoded in base64 to allow easily passing it on the command line.
In future more services are likely to gain support for consuming credentials.
Example:
@ -377,6 +381,23 @@ qemu-system-x86_64 \
-smbios type=11,value=io.systemd.credential:firstboot.locale=C.UTF-8
```
This boots the specified disk image via qemu, provisioning public key SSH access
for the root user from the caller's key:
```
qemu-system-x86_64 \
-machine type=q35,accel=kvm,smm=on \
-smp 2 \
-m 1G \
-cpu host \
-nographic \
-nodefaults \
-serial mon:stdio \
-drive if=none,id=hd,file=test.raw,format=raw \
-device virtio-scsi-pci,id=scsi \
-device scsi-hd,drive=hd,bootindex=1 \
-smbios type=11,value=io.systemd.credential.binary:tmpfiles.extra=$(echo "f~ /root/.ssh/authorized_keys 700 root root - $(ssh-add -L | base64 -w 0)" | base64 -w 0)
```
## Relevant Paths
From *service* perspective the runtime path to find loaded credentials in is