rpms / systemd

Clone
Source Code
GIT

Blame SOURCES/0308-Add-Seal-option-in-the-configuration-file-for-journa.patch

c7-beta c8s
  1.   17b0f1690830b73bd2a879e0d8db4bb714885bfb
  2.   SOURCES
  3.   0308-Add-Seal-option-in-the-configuration-file-for-journa.patch
Blob History Raw
17b0f1 
From f6a8db04fb20d142e514d805c613a1b3e70c454d Mon Sep 17 00:00:00 2001
17b0f1 
From: Michael Scherer <misc@redhat.com>
17b0f1 
Date: Sun, 20 Dec 2015 13:23:33 +0100
17b0f1 
Subject: [PATCH] Add Seal option in the configuration file for journald-remote
17b0f1
17b0f1 
While journal received remotely can be sealed, it can only be done
17b0f1 
on the command line using --seal, so for consistency, we will
17b0f1 
also permit to set it in the configuration file.
17b0f1
17b0f1 
Cherry-picked from: 9d3737f13e9b38f88ed7acc800db66c2f025fac9
17b0f1 
Resolves: #1329233
17b0f1 
---
17b0f1 
 man/journal-remote.conf.xml               | 7 +++++++
17b0f1 
 src/journal-remote/journal-remote.c       | 1 +
17b0f1 
 src/journal-remote/journal-remote.conf.in | 1 +
17b0f1 
 3 files changed, 9 insertions(+)
17b0f1
17b0f1 
diff --git a/man/journal-remote.conf.xml b/man/journal-remote.conf.xml
17b0f1 
index a7b2227182..9a385c7e5e 100644
17b0f1 
--- a/man/journal-remote.conf.xml
17b0f1 
+++ b/man/journal-remote.conf.xml
17b0f1 
@@ -72,6 +72,13 @@
17b0f1 
     <literal>[Remote]</literal> section:</para>
17b0f1
17b0f1 
     <variablelist>
17b0f1 
+      <varlistentry>
17b0f1 
+        <term><varname>Seal=</varname></term>
17b0f1 
+
17b0f1 
+        <listitem><para>Periodically sign the data in the journal using Forward Secure Sealing.
17b0f1 
+        </para></listitem>
17b0f1 
+      </varlistentry>
17b0f1 
+
17b0f1
17b0f1 
       <varlistentry>
17b0f1 
         <term><varname>SplitMode=</varname></term>
17b0f1 
diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
17b0f1 
index b7cc6d7172..9c515f9c8f 100644
17b0f1 
--- a/src/journal-remote/journal-remote.c
17b0f1 
+++ b/src/journal-remote/journal-remote.c
17b0f1 
@@ -1174,6 +1174,7 @@ static DEFINE_CONFIG_PARSE_ENUM(config_parse_write_split_mode,
17b0f1
17b0f1 
 static int parse_config(void) {
17b0f1 
         const ConfigTableItem items[] = {
17b0f1 
+                { "Remote",  "Seal",                   config_parse_bool,             0, &arg_seal       },
17b0f1 
                 { "Remote",  "SplitMode",              config_parse_write_split_mode, 0, &arg_split_mode },
17b0f1 
                 { "Remote",  "ServerKeyFile",          config_parse_path,             0, &arg_key        },
17b0f1 
                 { "Remote",  "ServerCertificateFile",  config_parse_path,             0, &arg_cert       },
17b0f1 
diff --git a/src/journal-remote/journal-remote.conf.in b/src/journal-remote/journal-remote.conf.in
17b0f1 
index 3e32f34def..7122d63362 100644
17b0f1 
--- a/src/journal-remote/journal-remote.conf.in
17b0f1 
+++ b/src/journal-remote/journal-remote.conf.in
17b0f1 
@@ -1,4 +1,5 @@
17b0f1 
 [Remote]
17b0f1 
+# Seal=false
17b0f1 
 # SplitMode=host
17b0f1 
 # ServerKeyFile=@CERTIFICATEROOT@/private/journal-remote.pem
17b0f1 
 # ServerCertificateFile=@CERTIFICATEROOT@/certs/journal-remote.pem

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation