X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fjournal-remote%2Fjournal-upload.c;h=b178df2d34bb0e24cfcff9905fbdc771d3de6955;hb=249968612f16a71df909d6e73785c18a9ff36a65;hp=76855373d36351d505dcdcb3eb507c996a47b328;hpb=722b6795655149a68277b3cffeba711e1d440e5a;p=elogind.git diff --git a/src/journal-remote/journal-upload.c b/src/journal-remote/journal-upload.c index 76855373d..b178df2d3 100644 --- a/src/journal-remote/journal-upload.c +++ b/src/journal-remote/journal-upload.c @@ -31,8 +31,13 @@ #include "util.h" #include "build.h" #include "fileio.h" +#include "conf-parser.h" #include "journal-upload.h" +#define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-upload.pem" +#define CERT_FILE CERTIFICATE_ROOT "/certs/journal-upload.pem" +#define TRUST_FILE CERTIFICATE_ROOT "/ca/trusted.pem" + static const char* arg_url; static void close_fd_input(Uploader *u); @@ -214,17 +219,17 @@ int start_upload(Uploader *u, "systemd-journal-upload " PACKAGE_STRING, LOG_WARNING, ); - if (arg_key) { + if (arg_key || startswith(u->url, "https://")) { assert(arg_cert); - easy_setopt(curl, CURLOPT_SSLKEY, arg_key, + easy_setopt(curl, CURLOPT_SSLKEY, arg_key ?: PRIV_KEY_FILE, LOG_ERR, return -EXFULL); - easy_setopt(curl, CURLOPT_SSLCERT, arg_cert, + easy_setopt(curl, CURLOPT_SSLCERT, arg_cert ?: CERT_FILE, LOG_ERR, return -EXFULL); } - if (arg_trust) - easy_setopt(curl, CURLOPT_CAINFO, arg_trust, + if (arg_trust || startswith(u->url, "https://")) + easy_setopt(curl, CURLOPT_CAINFO, arg_trust ?: TRUST_FILE, LOG_ERR, return -EXFULL); if (arg_key || arg_trust) @@ -297,9 +302,19 @@ static int dispatch_fd_input(sd_event_source *event, Uploader *u = userp; assert(u); - assert(revents & EPOLLIN); assert(fd >= 0); + if (revents & EPOLLHUP) { + log_debug("Received HUP"); + close_fd_input(u); + return 0; + } + + if (!(revents & EPOLLIN)) { + log_warning("Unexpected poll event %"PRIu32".", revents); + return -EINVAL; + } + if (u->uploading) { log_warning("dispatch_fd_input called when uploading, ignoring."); return 0; @@ -340,6 +355,43 @@ static int open_file_for_upload(Uploader *u, const char *filename) { return r; } +static int dispatch_sigterm(sd_event_source *event, + const struct signalfd_siginfo *si, + void *userdata) { + Uploader *u = userdata; + + assert(u); + + log_received_signal(LOG_INFO, si); + + close_fd_input(u); + close_journal_input(u); + + sd_event_exit(u->events, 0); + return 0; +} + +static int setup_signals(Uploader *u) { + sigset_t mask; + int r; + + assert(u); + + assert_se(sigemptyset(&mask) == 0); + sigset_add_many(&mask, SIGINT, SIGTERM, -1); + assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0); + + r = sd_event_add_signal(u->events, &u->sigterm_event, SIGTERM, dispatch_sigterm, u); + if (r < 0) + return r; + + r = sd_event_add_signal(u->events, &u->sigint_event, SIGINT, dispatch_sigterm, u); + if (r < 0) + return r; + + return 0; +} + static int setup_uploader(Uploader *u, const char *url, const char *state_file) { int r; @@ -349,7 +401,13 @@ static int setup_uploader(Uploader *u, const char *url, const char *state_file) memzero(u, sizeof(Uploader)); u->input = -1; - u->url = url; + if (!startswith(url, "http://") && !startswith(url, "https://")) + url = strappenda("https://", url); + + u->url = strappend(url, "/upload"); + if (!u->url) + return log_oom(); + u->state_file = state_file; r = sd_event_default(&u->events); @@ -358,6 +416,12 @@ static int setup_uploader(Uploader *u, const char *url, const char *state_file) return r; } + r = setup_signals(u); + if (r < 0) { + log_error("Failed to set up signals: %s", strerror(-r)); + return r; + } + return load_cursor_state(u); } @@ -371,11 +435,15 @@ static void destroy_uploader(Uploader *u) { free(u->last_cursor); free(u->current_cursor); + free(u->url); + u->input_event = sd_event_source_unref(u->input_event); close_fd_input(u); close_journal_input(u); + sd_event_source_unref(u->sigterm_event); + sd_event_source_unref(u->sigint_event); sd_event_unref(u->events); } @@ -420,11 +488,25 @@ static int perform_upload(Uploader *u) { return update_cursor_state(u); } +static int parse_config(void) { + const ConfigTableItem items[] = { + { "Upload", "URL", config_parse_string, 0, &arg_url }, + { "Upload", "ServerKeyFile", config_parse_path, 0, &arg_key }, + { "Upload", "ServerCertificateFile", config_parse_path, 0, &arg_cert }, + { "Upload", "TrustedCertificateFile", config_parse_path, 0, &arg_trust }, + {}}; + + return config_parse(NULL, PKGSYSCONFDIR "/journal-upload.conf", NULL, + "Upload\0", + config_item_table_lookup, items, + false, false, true, NULL); +} + static void help(void) { printf("%s -u URL {FILE|-}...\n\n" "Upload journal events to a remote server.\n\n" "Options:\n" - " --url=URL Upload to this address\n" + " -u --url=URL Upload to this address\n" " --key=FILENAME Specify key in PEM format\n" " --cert=FILENAME Specify certificate in PEM format\n" " --trust=FILENAME Specify CA certificate in PEM format\n" @@ -660,6 +742,10 @@ int main(int argc, char **argv) { log_show_color(true); log_parse_environment(); + r = parse_config(); + if (r <= 0) + goto finish; + r = parse_argv(argc, argv); if (r <= 0) goto finish; @@ -668,6 +754,8 @@ int main(int argc, char **argv) { if (r < 0) goto cleanup; + sd_event_set_watchdog(u.events, true); + log_debug("%s running as pid "PID_FMT, program_invocation_short_name, getpid());