meson: Create credstore directories

Let's make the creds directories a bit more discoverable and make it easier for users to use them. This also allows us to fix the mode to 0700 for /etc instead of the usual 0755 which is what probably would happen if users had to create this directory themselves.
2024-10-01 13:55:20 +00:00 · 2023-05-24 15:32:17 +02:00 · 2023-05-24 15:32:17 +02:00 · 24039e1207
parent 19038903e1
commit 24039e1207
1 changed files with 10 additions and 0 deletions
--- a/meson.build
+++ b/meson.build
@ -208,6 +208,7 @@ catalogstatedir = systemdstatedir / 'catalog'
 randomseeddir = localstatedir / 'lib/systemd'
 profiledir = rootlibexecdir / 'portable' / 'profile'
 ntpservicelistdir = rootprefixdir / 'lib/systemd/ntp-units.d'
+credstoredir = prefixdir / 'lib/credstore'

 docdir = get_option('docdir')
 if docdir == ''
@ -709,6 +710,7 @@ find = find_program('find')
 meson_make_symlink = project_source_root + '/tools/meson-make-symlink.sh'

 mkdir_p = 'mkdir -p $DESTDIR/@0@'
+mkdir_p_mode = 'mkdir -p $DESTDIR/@0@ -m @1@'

 # If -Dxxx-path option is found, use that. Otherwise, check in $PATH,
 # /usr/sbin, /sbin, and fall back to the default from middle column.
@ -3844,6 +3846,14 @@ public_programs += executable(
        install : true,
        install_dir : rootbindir)

+# Protecting files from the distro in /usr doesn't make sense since they can be trivially accessed otherwise,
+# so don't restrict the access mode in /usr. That doesn't apply to /etc, so we do restrict the access mode
+# there.
+meson.add_install_script('sh', '-c', mkdir_p.format(credstoredir))
+if install_sysconfdir
+        meson.add_install_script('sh', '-c', mkdir_p_mode.format(sysconfdir / 'credstore', '0700'))
+endif
+
 executable(
        'systemd-volatile-root',
        'src/volatile-root/volatile-root.c',