#define REMOTE_JOURNAL_PATH "/var/log/journal/remote"
-#define KEY_FILE CERTIFICATE_ROOT "/private/journal-remote.pem"
-#define CERT_FILE CERTIFICATE_ROOT "/certs/journal-remote.pem"
-#define TRUST_FILE CERTIFICATE_ROOT "/ca/trusted.pem"
+#define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-remote.pem"
+#define CERT_FILE CERTIFICATE_ROOT "/certs/journal-remote.pem"
+#define TRUST_FILE CERTIFICATE_ROOT "/ca/trusted.pem"
static char* arg_url = NULL;
static char* arg_getter = NULL;
_cleanup_strv_free_ char **words = NULL;
assert(getter);
- words = strv_split_quoted(getter);
- if (!words)
- return log_oom();
+ r = strv_split_quoted(&words, getter);
+ if (r < 0) {
+ log_error("Failed to split getter option: %s", strerror(-r));
+ return r;
+ }
r = strv_extend(&words, url);
if (r < 0) {
r = safe_atoi(spec, &fd);
if (r < 0)
return r;
+ if (fd < 0)
+ return -EINVAL;
- return -1;
+ return fd;
}
-
static int remoteserver_init(RemoteServer *s,
const char* key,
const char* cert,
assert(s);
-
if ((arg_listen_raw || arg_listen_http) && trust) {
log_error("Option --trust makes all non-HTTPS connections untrusted.");
return -EINVAL;
{ "Remote", "ServerCertificateFile", config_parse_path, 0, &arg_cert },
{ "Remote", "TrustedCertificateFile", config_parse_path, 0, &arg_trust },
{}};
- int r;
-
- r = config_parse(NULL, PKGSYSCONFDIR "/journal-remote.conf", NULL,
- "Remote\0",
- config_item_table_lookup, items,
- false, false, NULL);
- if (r < 0)
- log_error("Failed to parse configuration file: %s", strerror(-r));
- return r;
+ return config_parse(NULL, PKGSYSCONFDIR "/journal-remote.conf", NULL,
+ "Remote\0",
+ config_item_table_lookup, items,
+ false, false, true, NULL);
}
static void help(void) {
" --[no-]compress Use XZ-compression in the output journal (default: yes)\n"
" --[no-]seal Use Event sealing in the output journal (default: no)\n"
" --key=FILENAME Specify key in PEM format (default:\n"
- " \"" KEY_FILE "\")\n"
+ " \"" PRIV_KEY_FILE "\")\n"
" --cert=FILENAME Specify certificate in PEM format (default:\n"
" \"" CERT_FILE "\")\n"
" --trust=FILENAME|all Specify CA certificate or disable checking (default:\n"
case ARG_GNUTLS_LOG: {
#ifdef HAVE_GNUTLS
- char *word, *state;
+ const char *word, *state;
size_t size;
FOREACH_WORD_SEPARATOR(word, size, optarg, ",", state) {
return -EINVAL;
default:
- log_error("Unknown option code %c", c);
- return -EINVAL;
+ assert_not_reached("Unknown option code.");
}
if (optind < argc)
static int load_certificates(char **key, char **cert, char **trust) {
int r;
- r = read_full_file(arg_key ?: KEY_FILE, key, NULL);
+ r = read_full_file(arg_key ?: PRIV_KEY_FILE, key, NULL);
if (r < 0) {
log_error("Failed to read key from file '%s': %s",
- arg_key ?: KEY_FILE, strerror(-r));
+ arg_key ?: PRIV_KEY_FILE, strerror(-r));
return r;
}