chiark / gitweb /
journal-upload: add config file
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Wed, 16 Jul 2014 02:22:05 +0000 (22:22 -0400)
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Wed, 16 Jul 2014 02:34:41 +0000 (22:34 -0400)
Makefile.am
src/journal-remote/.gitignore
src/journal-remote/journal-upload.c
src/journal-remote/journal-upload.conf.in [new file with mode: 0644]

index cc1d423..a492a1f 100644 (file)
@@ -3531,6 +3531,15 @@ nodist_systemunit_DATA += \
 
 EXTRA_DIST += \
        units/systemd-journal-upload.service.in
+
+nodist_pkgsysconf_DATA += \
+       src/journal-remote/journal-upload.conf
+
+EXTRA_DIST += \
+       src/journal-remote/journal-upload.conf.in
+
+CLEANFILES += \
+       src/journal-remote/journal-upload.conf
 endif
 
 # using _CFLAGS = in the conditional below would suppress AM_CFLAGS
index 8112c3c..06847b6 100644 (file)
@@ -1 +1,2 @@
 /journal-remote.conf
+/journal-upload.conf
index c5a3e19..a381ec5 100644 (file)
 #include "util.h"
 #include "build.h"
 #include "fileio.h"
+#include "conf-parser.h"
 #include "journal-upload.h"
 
+#define KEY_FILE   CERTIFICATE_ROOT "/private/journal-upload.pem"
+#define CERT_FILE  CERTIFICATE_ROOT "/certs/journal-upload.pem"
+#define TRUST_FILE CERTIFICATE_ROOT "/ca/trusted.pem"
+
 static const char* arg_url;
 
 static void close_fd_input(Uploader *u);
@@ -214,17 +219,17 @@ int start_upload(Uploader *u,
                             "systemd-journal-upload " PACKAGE_STRING,
                             LOG_WARNING, );
 
-                if (arg_key) {
+                if (arg_key || startswith(u->url, "https://")) {
                         assert(arg_cert);
 
-                        easy_setopt(curl, CURLOPT_SSLKEY, arg_key,
+                        easy_setopt(curl, CURLOPT_SSLKEY, arg_key ?: KEY_FILE,
                                     LOG_ERR, return -EXFULL);
-                        easy_setopt(curl, CURLOPT_SSLCERT, arg_cert,
+                        easy_setopt(curl, CURLOPT_SSLCERT, arg_cert ?: CERT_FILE,
                                     LOG_ERR, return -EXFULL);
                 }
 
-                if (arg_trust)
-                        easy_setopt(curl, CURLOPT_CAINFO, arg_trust,
+                if (arg_trust || startswith(u->url, "https://"))
+                        easy_setopt(curl, CURLOPT_CAINFO, arg_trust ?: TRUST_FILE,
                                     LOG_ERR, return -EXFULL);
 
                 if (arg_key || arg_trust)
@@ -483,6 +488,25 @@ static int perform_upload(Uploader *u) {
         return update_cursor_state(u);
 }
 
+static int parse_config(void) {
+        const ConfigTableItem items[] = {
+                { "Upload",  "URL",                    config_parse_string, 0, &arg_url    },
+                { "Upload",  "ServerKeyFile",          config_parse_path,   0, &arg_key    },
+                { "Upload",  "ServerCertificateFile",  config_parse_path,   0, &arg_cert   },
+                { "Upload",  "TrustedCertificateFile", config_parse_path,   0, &arg_trust  },
+                {}};
+        int r;
+
+        r = config_parse(NULL, PKGSYSCONFDIR "/journal-upload.conf", NULL,
+                         "Upload\0",
+                         config_item_table_lookup, items,
+                         false, false, NULL);
+        if (r < 0)
+                log_error("Failed to parse configuration file: %s", strerror(-r));
+
+        return r;
+}
+
 static void help(void) {
         printf("%s -u URL {FILE|-}...\n\n"
                "Upload journal events to a remote server.\n\n"
@@ -723,6 +747,10 @@ int main(int argc, char **argv) {
         log_show_color(true);
         log_parse_environment();
 
+        r = parse_config();
+        if (r <= 0)
+                goto finish;
+
         r = parse_argv(argc, argv);
         if (r <= 0)
                 goto finish;
diff --git a/src/journal-remote/journal-upload.conf.in b/src/journal-remote/journal-upload.conf.in
new file mode 100644 (file)
index 0000000..c567068
--- /dev/null
@@ -0,0 +1,5 @@
+[Upload]
+# URL=
+# ServerKeyFile=@CERTIFICATEROOT@/private/journal-upload.pem
+# ServerCertificateFile=@CERTIFICATEROOT@/certs/journal-upload.pem
+# TrustedCertificateFile=@CERTIFICATEROOT@/ca/trusted.pem