要向systemd服务注入保密信息,首先将包含保密值的文件放在文件系统上的路径中。例如,要向.service单元公开API密钥,可在/etc/credstore/api-key创建一个文件,并在重启后永久保存该文件,或在/run/credstore/api-key创建一个文件,以避免永久保存该文件(路径可以是任意的,但systemd会将这些credstore路径视为默认值)。在任...
I believe that's the intent but I can't find the documentation on how to do it. Thanks. [Service] LoadCredential=cryptsetup.pkcs11-pin=/etc/credstore/mypin
credstore.conf /usr/lib/tmpfiles.d/debian.conf /usr/lib/tmpfiles.d/home.conf /usr/lib/tmpfiles.d/journal-nocow.conf /usr/lib/tmpfiles.d/legacy.conf /usr/lib/tmpfiles.d/provision.conf /usr/lib/tmpfiles.d/systemd-network.conf /usr/lib/tmpfiles.d/systemd-nologin.conf /usr/lib/tmp...
credstoredir = prefixdir / 'lib/credstore' pcrlockdir = prefixdir / 'lib/pcrlock.d' mimepackagesdir = prefixdir / 'share/mime/packages' configfiledir = get_option('configfiledir') if configfiledir == '' configfiledir = sysconfdir endif ...
test Merge pull request systemd#27916 from yuwata/test-execute-credstore Oct 24, 2024 tmpfiles.d tmpfiles.d: Remove purge flag from lines that don't support it Sep 18, 2024 tools mkosi: add helper script to update mkosi hash Sep 12, 2024 units logind: allow read/write to char-hvc ...
/usr/lib/tmpfiles.d/credstore.conf /usr/lib/tmpfiles.d/provision.conf /usr/lib/environment.d/99-environment.conf %ghost %config(noreplace) /etc/localtime %dir /etc/rc.d %dir /etc/binfmt.d %dir /etc/tmpfiles.d %dir /etc/sysctl.d %ghost %config(noreplace) /etc/locale....
run /usr/bin/systemd-socket-activate /usr/bin/systemd-stdio-bridge /usr/bin/systemd-sysext /usr/bin/systemd-sysusers /usr/bin/systemd-tmpfiles /usr/bin/systemd-tty-ask-password-agent /usr/bin/systemd-umount /usr/bin/systemd-vpick /usr/bin/timedatectl /usr/bin/varlinkctl /usr/lib/...
/usr/lib/tmpfiles.d/credstore.conf /usr/lib/tmpfiles.d/provision.conf /usr/lib/environment.d/99-environment.conf %ghost %config(noreplace) /etc/localtime %dir /etc/rc.d %dir /etc/binfmt.d %dir /etc/tmpfiles.d %dir /etc/sysctl.d %ghost %config(noreplace) /etc/locale....
of creds in /etc/credstore/ for example). Extending on this: allow binding LUKS2 TPM based encryption also to the TPM2 internal clock. Net result: prepare a confext image that can only be activated on a specific host that runs a specific software in a specific time window. confext...
mkosi.cache mkosi.output mkosi distributions installer resources __init__.py console_getty_autologin.conf getty_autologin.conf mkosi.md serial_getty_autologin.conf __init__.py __main__.py architecture.py archive.py config.py install.py ...