#define REMOTE_JOURNAL_PATH "/var/log/journal/remote"
-#define KEY_FILE CERTIFICATE_ROOT "/private/journal-remote.pem"
-#define CERT_FILE CERTIFICATE_ROOT "/certs/journal-remote.pem"
-#define TRUST_FILE CERTIFICATE_ROOT "/ca/trusted.pem"
+#define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-remote.pem"
+#define CERT_FILE CERTIFICATE_ROOT "/certs/journal-remote.pem"
+#define TRUST_FILE CERTIFICATE_ROOT "/ca/trusted.pem"
static char* arg_url = NULL;
static char* arg_getter = NULL;
_cleanup_strv_free_ char **words = NULL;
assert(getter);
- words = strv_split_quoted(getter);
- if (!words)
- return log_oom();
+ r = strv_split_quoted(&words, getter);
+ if (r < 0) {
+ log_error("Failed to split getter option: %s", strerror(-r));
+ return r;
+ }
r = strv_extend(&words, url);
if (r < 0) {
log_error("MHD_get_connection_info failed: cannot get remote fd");
return mhd_respond(connection, MHD_HTTP_INTERNAL_SERVER_ERROR,
"Cannot check remote address");
- return code;
}
fd = ci->connect_fd;
r = safe_atoi(spec, &fd);
if (r < 0)
return r;
+ if (fd < 0)
+ return -EINVAL;
- return -1;
+ return fd;
}
-
static int remoteserver_init(RemoteServer *s,
const char* key,
const char* cert,
assert(s);
-
if ((arg_listen_raw || arg_listen_http) && trust) {
log_error("Option --trust makes all non-HTTPS connections untrusted.");
return -EINVAL;
static void help(void) {
printf("%s [OPTIONS...] {FILE|-}...\n\n"
"Write external journal events to journal file(s).\n\n"
- "Options:\n"
- " --url=URL Read events from systemd-journal-gatewayd at URL\n"
- " --getter=COMMAND Read events from the output of COMMAND\n"
- " --listen-raw=ADDR Listen for connections at ADDR\n"
- " --listen-http=ADDR Listen for HTTP connections at ADDR\n"
- " --listen-https=ADDR Listen for HTTPS connections at ADDR\n"
+ " -h --help Show this help\n"
+ " --version Show package version\n"
+ " --url=URL Read events from systemd-journal-gatewayd at URL\n"
+ " --getter=COMMAND Read events from the output of COMMAND\n"
+ " --listen-raw=ADDR Listen for connections at ADDR\n"
+ " --listen-http=ADDR Listen for HTTP connections at ADDR\n"
+ " --listen-https=ADDR Listen for HTTPS connections at ADDR\n"
" -o --output=FILE|DIR Write output to FILE or DIR/external-*.journal\n"
- " --[no-]compress Use XZ-compression in the output journal (default: yes)\n"
- " --[no-]seal Use Event sealing in the output journal (default: no)\n"
- " --key=FILENAME Specify key in PEM format (default:\n"
- " \"" KEY_FILE "\")\n"
- " --cert=FILENAME Specify certificate in PEM format (default:\n"
- " \"" CERT_FILE "\")\n"
- " --trust=FILENAME|all Specify CA certificate or disable checking (default:\n"
- " \"" TRUST_FILE "\")\n"
- " --gnutls-log=CATEGORY...\n"
- " Specify a list of gnutls logging categories\n"
- " -h --help Show this help and exit\n"
- " --version Print version string and exit\n"
+ " --compress[=BOOL] Use XZ-compression in the output journal (default: yes)\n"
+ " --seal[=BOOL] Use Event sealing in the output journal (default: no)\n"
+ " --key=FILENAME Specify key in PEM format (default:\n"
+ " \"" PRIV_KEY_FILE "\")\n"
+ " --cert=FILENAME Specify certificate in PEM format (default:\n"
+ " \"" CERT_FILE "\")\n"
+ " --trust=FILENAME|all Specify CA certificate or disable checking (default:\n"
+ " \"" TRUST_FILE "\")\n"
+ " --gnutls-log=CATEGORY...\n"
+ " Specify a list of gnutls logging categories\n"
"\n"
"Note: file descriptors from sd_listen_fds() will be consumed, too.\n"
, program_invocation_short_name);
ARG_GETTER,
ARG_SPLIT_MODE,
ARG_COMPRESS,
- ARG_NO_COMPRESS,
ARG_SEAL,
- ARG_NO_SEAL,
ARG_KEY,
ARG_CERT,
ARG_TRUST,
{ "listen-https", required_argument, NULL, ARG_LISTEN_HTTPS },
{ "output", required_argument, NULL, 'o' },
{ "split-mode", required_argument, NULL, ARG_SPLIT_MODE },
- { "compress", no_argument, NULL, ARG_COMPRESS },
- { "no-compress", no_argument, NULL, ARG_NO_COMPRESS },
- { "seal", no_argument, NULL, ARG_SEAL },
- { "no-seal", no_argument, NULL, ARG_NO_SEAL },
+ { "compress", optional_argument, NULL, ARG_COMPRESS },
+ { "seal", optional_argument, NULL, ARG_SEAL },
{ "key", required_argument, NULL, ARG_KEY },
{ "cert", required_argument, NULL, ARG_CERT },
{ "trust", required_argument, NULL, ARG_TRUST },
break;
case ARG_COMPRESS:
- arg_compress = true;
- break;
- case ARG_NO_COMPRESS:
- arg_compress = false;
+ if (optarg) {
+ r = parse_boolean(optarg);
+ if (r < 0) {
+ log_error("Failed to parse --compress= parameter.");
+ return -EINVAL;
+ }
+
+ arg_compress = !!r;
+ } else
+ arg_compress = true;
+
break;
+
case ARG_SEAL:
- arg_seal = true;
- break;
- case ARG_NO_SEAL:
- arg_seal = false;
+ if (optarg) {
+ r = parse_boolean(optarg);
+ if (r < 0) {
+ log_error("Failed to parse --seal= parameter.");
+ return -EINVAL;
+ }
+
+ arg_seal = !!r;
+ } else
+ arg_seal = true;
+
break;
case ARG_GNUTLS_LOG: {
return -EINVAL;
default:
- log_error("Unknown option code %c", c);
- return -EINVAL;
+ assert_not_reached("Unknown option code.");
}
if (optind < argc)
static int load_certificates(char **key, char **cert, char **trust) {
int r;
- r = read_full_file(arg_key ?: KEY_FILE, key, NULL);
+ r = read_full_file(arg_key ?: PRIV_KEY_FILE, key, NULL);
if (r < 0) {
log_error("Failed to read key from file '%s': %s",
- arg_key ?: KEY_FILE, strerror(-r));
+ arg_key ?: PRIV_KEY_FILE, strerror(-r));
return r;
}
}
}
- server_destroy(&s);
+ sd_notifyf(false,
+ "STOPPING=1\n"
+ "STATUS=Shutting down after writing %" PRIu64 " entries...", s.event_count);
log_info("Finishing after writing %" PRIu64 " entries", s.event_count);
- sd_notify(false, "STATUS=Shutting down...");
+ server_destroy(&s);
free(arg_key);
free(arg_cert);