-
Notifications
You must be signed in to change notification settings - Fork 58
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
systemd: Make use of a configuration file for tangd args
To enable the client authorization directory before this change, the main systemd service unit file needed to be modified. This is less ideal and we can use EnvironmentFile= feature in the unit file to read a file with environmental variables the [email protected] will use for the command line. Signed-off-by: David Sommerseth <[email protected]>
- Loading branch information
Showing
4 changed files
with
30 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -164,10 +164,10 @@ ifdef::freebsd[] | |
| command_args="${_tangd_listen_args} SYSTEM:\"${tangd_executable} ${tangd_jwkdir} ${tangd_jwkdir}/auth 2>> ${tangd_logfile} \" &" | ||
| endif::[] | ||
| ifndef::freebsd[] | ||
| Edit the *ExecStart=* line in the *[email protected]* unit file by | ||
| extending it with */var/db/tang/auth*. Like this: | ||
| In the */etc/tangd/tangd.conf* configuration file, set the TANG_AUTHDIR to the | ||
| directory of the authorization files: | ||
|
|
||
| ExecStart=/usr/libexec/tangd /var/db/tang /var/db/tang/authorized | ||
| TANG_AUTHDIR=/var/db/tang/auth | ||
| endif::[] | ||
|
|
||
| 2. Encrypt some data: | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -3,6 +3,13 @@ tangd_service = configure_file( | |
| output: '[email protected]', | ||
| configuration: data | ||
| ) | ||
| tangd_conf = configure_file( | ||
| input: 'tangd.conf.in', | ||
| output: 'tangd.conf', | ||
| configuration: data, | ||
| install_dir: join_paths(sysconfdir, 'tangd'), | ||
| ) | ||
|
|
||
| if host_machine.system() == 'freebsd' | ||
| tangd_rc = configure_file( | ||
| input: 'tangd.rc.in', | ||
|
|
@@ -14,6 +21,7 @@ if host_machine.system() == 'freebsd' | |
| else | ||
| units += join_paths(meson.current_source_dir(), 'tangd.socket') | ||
| units += tangd_service | ||
| units += tangd_conf | ||
| endif | ||
|
|
||
| # vim:set ts=2 sw=2 et: | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # | ||
| # tangd configuration file | ||
| # | ||
| # | ||
| # This file is read by the [email protected] systemd unit file at startup | ||
| # | ||
|
|
||
| # Base directory for the JSON Web Key storage | ||
| # | ||
| TANG_JWKDIR=@jwkdir@ | ||
|
|
||
| # Directory for Tang authorization files | ||
| # By enabling adding this directory, clients must have their fingerprints | ||
| # registered in this directory to be able to decrypt their secrets. | ||
| # See the tang(8) man page for details. | ||
| # | ||
| # TANG_AUTHDIR=@jwkdir@/auth |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters