diff options
| -rw-r--r-- | Makefile.am | 9 | ||||
| -rw-r--r-- | src/journal-remote/.gitignore | 1 | ||||
| -rw-r--r-- | src/journal-remote/journal-upload.c | 38 | ||||
| -rw-r--r-- | src/journal-remote/journal-upload.conf.in | 5 |
4 files changed, 48 insertions, 5 deletions
diff --git a/Makefile.am b/Makefile.am index cc1d42352f..a492a1f7c0 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3531,6 +3531,15 @@ nodist_systemunit_DATA += \ EXTRA_DIST += \ units/systemd-journal-upload.service.in + +nodist_pkgsysconf_DATA += \ + src/journal-remote/journal-upload.conf + +EXTRA_DIST += \ + src/journal-remote/journal-upload.conf.in + +CLEANFILES += \ + src/journal-remote/journal-upload.conf endif # using _CFLAGS = in the conditional below would suppress AM_CFLAGS diff --git a/src/journal-remote/.gitignore b/src/journal-remote/.gitignore index 8112c3c90f..06847b65d4 100644 --- a/src/journal-remote/.gitignore +++ b/src/journal-remote/.gitignore @@ -1 +1,2 @@ /journal-remote.conf +/journal-upload.conf diff --git a/src/journal-remote/journal-upload.c b/src/journal-remote/journal-upload.c index c5a3e1907b..a381ec59bf 100644 --- a/src/journal-remote/journal-upload.c +++ b/src/journal-remote/journal-upload.c @@ -31,8 +31,13 @@ #include "util.h" #include "build.h" #include "fileio.h" +#include "conf-parser.h" #include "journal-upload.h" +#define KEY_FILE CERTIFICATE_ROOT "/private/journal-upload.pem" +#define CERT_FILE CERTIFICATE_ROOT "/certs/journal-upload.pem" +#define TRUST_FILE CERTIFICATE_ROOT "/ca/trusted.pem" + static const char* arg_url; static void close_fd_input(Uploader *u); @@ -214,17 +219,17 @@ int start_upload(Uploader *u, "systemd-journal-upload " PACKAGE_STRING, LOG_WARNING, ); - if (arg_key) { + if (arg_key || startswith(u->url, "https://")) { assert(arg_cert); - easy_setopt(curl, CURLOPT_SSLKEY, arg_key, + easy_setopt(curl, CURLOPT_SSLKEY, arg_key ?: KEY_FILE, LOG_ERR, return -EXFULL); - easy_setopt(curl, CURLOPT_SSLCERT, arg_cert, + easy_setopt(curl, CURLOPT_SSLCERT, arg_cert ?: CERT_FILE, LOG_ERR, return -EXFULL); } - if (arg_trust) - easy_setopt(curl, CURLOPT_CAINFO, arg_trust, + if (arg_trust || startswith(u->url, "https://")) + easy_setopt(curl, CURLOPT_CAINFO, arg_trust ?: TRUST_FILE, LOG_ERR, return -EXFULL); if (arg_key || arg_trust) @@ -483,6 +488,25 @@ static int perform_upload(Uploader *u) { return update_cursor_state(u); } +static int parse_config(void) { + const ConfigTableItem items[] = { + { "Upload", "URL", config_parse_string, 0, &arg_url }, + { "Upload", "ServerKeyFile", config_parse_path, 0, &arg_key }, + { "Upload", "ServerCertificateFile", config_parse_path, 0, &arg_cert }, + { "Upload", "TrustedCertificateFile", config_parse_path, 0, &arg_trust }, + {}}; + int r; + + r = config_parse(NULL, PKGSYSCONFDIR "/journal-upload.conf", NULL, + "Upload\0", + config_item_table_lookup, items, + false, false, NULL); + if (r < 0) + log_error("Failed to parse configuration file: %s", strerror(-r)); + + return r; +} + static void help(void) { printf("%s -u URL {FILE|-}...\n\n" "Upload journal events to a remote server.\n\n" @@ -723,6 +747,10 @@ int main(int argc, char **argv) { log_show_color(true); log_parse_environment(); + r = parse_config(); + if (r <= 0) + goto finish; + r = parse_argv(argc, argv); if (r <= 0) goto finish; diff --git a/src/journal-remote/journal-upload.conf.in b/src/journal-remote/journal-upload.conf.in new file mode 100644 index 0000000000..c5670682e8 --- /dev/null +++ b/src/journal-remote/journal-upload.conf.in @@ -0,0 +1,5 @@ +[Upload] +# URL= +# ServerKeyFile=@CERTIFICATEROOT@/private/journal-upload.pem +# ServerCertificateFile=@CERTIFICATEROOT@/certs/journal-upload.pem +# TrustedCertificateFile=@CERTIFICATEROOT@/ca/trusted.pem |