journal-upload: add config file

2025-03-31 14:50:15 +03:00 · 2014-07-15 22:22:05 -04:00 · 2014-07-15 22:22:05 -04:00 · 29fc0ddcd7
commit 29fc0ddcd7
parent 5bc891206d
4 changed files with 48 additions and 5 deletions
--- a/Makefile.am
+++ b/Makefile.am
@ -3531,6 +3531,15 @@ nodist_systemunit_DATA += \

 EXTRA_DIST += \
 	units/systemd-journal-upload.service.in
+
+nodist_pkgsysconf_DATA += \
+	src/journal-remote/journal-upload.conf
+
+EXTRA_DIST += \
+	src/journal-remote/journal-upload.conf.in
+
+CLEANFILES += \
+	src/journal-remote/journal-upload.conf
 endif

 # using _CFLAGS = in the conditional below would suppress AM_CFLAGS
--- a/src/journal-remote/.gitignore
+++ b/src/journal-remote/.gitignore
@ -1 +1,2 @@
 /journal-remote.conf
+/journal-upload.conf
--- a/src/journal-remote/journal-upload.c
+++ b/src/journal-remote/journal-upload.c
@ -31,8 +31,13 @@
 #include "util.h"
 #include "build.h"
 #include "fileio.h"
+#include "conf-parser.h"
 #include "journal-upload.h"

+#define KEY_FILE   CERTIFICATE_ROOT "/private/journal-upload.pem"
+#define CERT_FILE  CERTIFICATE_ROOT "/certs/journal-upload.pem"
+#define TRUST_FILE CERTIFICATE_ROOT "/ca/trusted.pem"
+
 static const char* arg_url;

 static void close_fd_input(Uploader *u);
@ -214,17 +219,17 @@ int start_upload(Uploader *u,
                            "systemd-journal-upload " PACKAGE_STRING,
                            LOG_WARNING, );

-                if (arg_key) {
+                if (arg_key || startswith(u->url, "https://")) {
                        assert(arg_cert);

-                        easy_setopt(curl, CURLOPT_SSLKEY, arg_key,
+                        easy_setopt(curl, CURLOPT_SSLKEY, arg_key ?: KEY_FILE,
                                    LOG_ERR, return -EXFULL);
-                        easy_setopt(curl, CURLOPT_SSLCERT, arg_cert,
+                        easy_setopt(curl, CURLOPT_SSLCERT, arg_cert ?: CERT_FILE,
                                    LOG_ERR, return -EXFULL);
                }

-                if (arg_trust)
-                        easy_setopt(curl, CURLOPT_CAINFO, arg_trust,
+                if (arg_trust || startswith(u->url, "https://"))
+                        easy_setopt(curl, CURLOPT_CAINFO, arg_trust ?: TRUST_FILE,
                                    LOG_ERR, return -EXFULL);

                if (arg_key || arg_trust)
@ -483,6 +488,25 @@ static int perform_upload(Uploader *u) {
        return update_cursor_state(u);
 }

+static int parse_config(void) {
+        const ConfigTableItem items[] = {
+                { "Upload",  "URL",                    config_parse_string, 0, &arg_url    },
+                { "Upload",  "ServerKeyFile",          config_parse_path,   0, &arg_key    },
+                { "Upload",  "ServerCertificateFile",  config_parse_path,   0, &arg_cert   },
+                { "Upload",  "TrustedCertificateFile", config_parse_path,   0, &arg_trust  },
+                {}};
+        int r;
+
+        r = config_parse(NULL, PKGSYSCONFDIR "/journal-upload.conf", NULL,
+                         "Upload\0",
+                         config_item_table_lookup, items,
+                         false, false, NULL);
+        if (r < 0)
+                log_error("Failed to parse configuration file: %s", strerror(-r));
+
+        return r;
+}
+
 static void help(void) {
        printf("%s -u URL {FILE|-}...\n\n"
               "Upload journal events to a remote server.\n\n"
@ -723,6 +747,10 @@ int main(int argc, char **argv) {
        log_show_color(true);
        log_parse_environment();

+        r = parse_config();
+        if (r <= 0)
+                goto finish;
+
        r = parse_argv(argc, argv);
        if (r <= 0)
                goto finish;
--- a/src/journal-remote/journal-upload.conf.in
+++ b/src/journal-remote/journal-upload.conf.in
@ -0,0 +1,5 @@
+[Upload]
+# URL=
+# ServerKeyFile=@CERTIFICATEROOT@/private/journal-upload.pem
+# ServerCertificateFile=@CERTIFICATEROOT@/certs/journal-upload.pem
+# TrustedCertificateFile=@CERTIFICATEROOT@/ca/trusted.pem