Merge pull request #32294 from yuwata/network-generator-creds

network-generator: also load drop-ins for networkd.conf from credentials
2024-07-21 18:24:38 +00:00 · 2024-04-16 16:42:59 +09:00 · 2024-04-16 16:42:59 +09:00 · 78d5bad2f5
parent 30d10a08be 9a4a8fbe48
commit 78d5bad2f5
4 changed files with 28 additions and 14 deletions
--- a/man/systemd-network-generator.service.xml
+++ b/man/systemd-network-generator.service.xml
@ -128,13 +128,15 @@

    <variablelist class='system-credentials'>
      <varlistentry>
-        <term><varname>network.netdev.*</varname></term>
+        <term><varname>network.conf.*</varname></term>
        <term><varname>network.link.*</varname></term>
+        <term><varname>network.netdev.*</varname></term>
        <term><varname>network.network.*</varname></term>

        <listitem><para>These credentials should contain valid
-        <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+        <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
        <citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+        <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
        <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        configuration data. From each matching credential a separate file is created. Example: a passed
        credential <filename>network.link.50-foobar</filename> will be copied into a configuration file
--- a/man/systemd.system-credentials.xml
+++ b/man/systemd.system-credentials.xml
@ -138,20 +138,21 @@
      </varlistentry>

      <varlistentry>
-        <term><varname>network.netdev.*</varname></term>
+        <term><varname>network.conf.*</varname></term>
        <term><varname>network.link.*</varname></term>
+        <term><varname>network.netdev.*</varname></term>
        <term><varname>network.network.*</varname></term>
        <listitem>
          <para>Configures network devices. Read by
-          <citerefentry><refentrytitle>systemd-network-generator.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. These
-          credentials directly translate to a matching <filename>*.netdev</filename>,
-          <filename>*.link</filename> or <filename>*.network</filename> file. Example: the contents of a
-          credential <filename>network.link.50-foobar</filename> will be copied into a file
-          <filename>50-foobar.link</filename>. See
-          <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+          <citerefentry><refentrytitle>systemd-network-generator.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
+          These credentials should contain valid
+          <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
          <citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+          <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
          <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
-          for details.</para>
+          configuration data. From each matching credential a separate file is created. Example: the contents
+          of a credential <filename>network.link.50-foobar</filename> will be copied into a file
+          <filename>50-foobar.link</filename>.</para>

          <para>Note that the resulting files are created world-readable, it's hence recommended to not include
          secrets in these credentials, but supply them via separate credentials directly to
--- a/src/network/generator/main.c
+++ b/src/network/generator/main.c
@ -234,9 +234,10 @@ static int run(int argc, char *argv[]) {
        RET_GATHER(ret, context_save(&context));

        static const PickUpCredential table[] = {
-                { "network.link.",    NETWORK_UNIT_DIRECTORY, ".link"    },
-                { "network.netdev.",  NETWORK_UNIT_DIRECTORY, ".netdev"  },
-                { "network.network.", NETWORK_UNIT_DIRECTORY, ".network" },
+                { "network.conf.",    "/run/systemd/networkd.conf.d/", ".conf"    },
+                { "network.link.",    NETWORK_UNIT_DIRECTORY,          ".link"    },
+                { "network.netdev.",  NETWORK_UNIT_DIRECTORY,          ".netdev"  },
+                { "network.network.", NETWORK_UNIT_DIRECTORY,          ".network" },
        };
        RET_GATHER(ret, pick_up_credentials(table, ELEMENTSOF(table)));

--- a/test/units/testsuite-74.network-generator.sh
+++ b/test/units/testsuite-74.network-generator.sh
@ -5,13 +5,21 @@ set -eux
 set -o pipefail

 at_exit() {
+    rm -f /run/credstore/network.conf.50-testme
    rm -f /run/credstore/network.network.50-testme
+    rm -f /run/systemd/networkd.conf.d/50-testme.conf
+    rm -f /run/systemd/network/50-testme.network
    rm -f /run/systemd/system/systemd-network-generator.service.d/50-testme.conf
 }

 trap at_exit EXIT

 mkdir -p /run/credstore
+cat > /run/credstore/network.conf.50-testme <<EOF
+[Network]
+SpeedMeter=yes
+EOF
+
 cat > /run/credstore/network.network.50-testme <<EOF
 [Match]
 Property=IDONTEXIST
@ -19,9 +27,11 @@ EOF

 systemctl edit systemd-network-generator.service --stdin --drop-in=50-testme.conf <<EOF
 [Service]
+LoadCredential=network.conf.50-testme
 LoadCredential=network.network.50-testme
 EOF

 systemctl restart systemd-network-generator

-test -f /run/systemd/network/50-testme.network
+diff /run/credstore/network.conf.50-testme /run/systemd/networkd.conf.d/50-testme.conf
+diff /run/credstore/network.network.50-testme /run/systemd/network/50-testme.network