From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 23 Jun 2023 20:50:34 +0000 (+0200)
Subject: getty-generator: allow configuring additional gettys via credentials
X-Git-Tag: v254-rc1~33^2~8
X-Git-Url: http://git-history.diyao.me/?a=commitdiff_plain;h=cdd133b3dd31661419470242a7275a60b2ab71d7;p=systemd%2F.git

getty-generator: allow configuring additional gettys via credentials
---

diff --git a/man/systemd-getty-generator.xml b/man/systemd-getty-generator.xml
index a31ed660bb..d2e05dc82f 100644
--- a/man/systemd-getty-generator.xml
+++ b/man/systemd-getty-generator.xml
@@ -85,11 +85,29 @@
     </variablelist>
   </refsect1>
 
+  <refsect1>
+    <title>System Credentials</title>
+
+    <variablelist class='system-credentials'>
+      <varlistentry>
+        <term><varname>getty.ttys.serial</varname></term>
+        <term><varname>getty.ttys.container</varname></term>
+
+        <listitem><para>These system credentials may be used to spawn additional login prompts on selected
+        TTYs. The two credentials should contain a newline-separated list of TTY names to spawn instances of
+        <filename>serial-getty@.service</filename> (in case of <varname>getty.ttys.serial</varname>) and
+        <filename>container-getty@.service</filename> (in case of <varname>getty.ttys.container</varname>)
+        on.</para></listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
   <refsect1>
     <title>See Also</title>
     <para>
       <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>systemd.system-credentials</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
       <citerefentry project='man-pages'><refentrytitle>agetty</refentrytitle><manvolnum>8</manvolnum></citerefentry>
     </para>
   </refsect1>
diff --git a/man/systemd.system-credentials.xml b/man/systemd.system-credentials.xml
index 6fd69ead30..0e64b45df0 100644
--- a/man/systemd.system-credentials.xml
+++ b/man/systemd.system-credentials.xml
@@ -207,6 +207,14 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><varname>getty.ttys.serial</varname></term>
+        <term><varname>getty.ttys.container</varname></term>
+
+        <listitem><para>Used for spawning additional login prompts, see
+        <citerefentry><refentrytitle>systemd-getty-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry> for details.</para></listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><varname>vmm.notify_socket</varname></term>
         <listitem>
diff --git a/src/getty-generator/getty-generator.c b/src/getty-generator/getty-generator.c
index d255e90db5..e327b375cd 100644
--- a/src/getty-generator/getty-generator.c
+++ b/src/getty-generator/getty-generator.c
@@ -5,6 +5,7 @@
 #include <unistd.h>
 
 #include "alloc-util.h"
+#include "creds-util.h"
 #include "errno-util.h"
 #include "fd-util.h"
 #include "fileio.h"
@@ -13,8 +14,8 @@
 #include "mkdir-label.h"
 #include "parse-util.h"
 #include "path-util.h"
-#include "process-util.h"
 #include "proc-cmdline.h"
+#include "process-util.h"
 #include "strv.h"
 #include "terminal-util.h"
 #include "unit-name.h"
@@ -141,6 +142,56 @@ static int run_container(void) {
         }
 }
 
+static int add_credential_gettys(void) {
+        static const struct {
+                const char *credential_name;
+                int (*func)(const char *tty);
+        } table[] = {
+                { "getty.ttys.serial",    add_serial_getty     },
+                { "getty.ttys.container", add_container_getty  },
+        };
+        int r;
+
+        FOREACH_ARRAY(t, table, ELEMENTSOF(table)) {
+                _cleanup_free_ char *b = NULL;
+                size_t sz = 0;
+
+                r = read_credential_with_decryption(t->credential_name, (void*) &b, &sz);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        continue;
+
+                _cleanup_fclose_ FILE *f = NULL;
+                f = fmemopen_unlocked(b, sz, "r");
+                if (!f)
+                        return log_oom();
+
+                for (;;) {
+                        _cleanup_free_ char *tty = NULL;
+                        char *s;
+
+                        r = read_line(f, PATH_MAX, &tty);
+                        if (r == 0)
+                                break;
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to parse credential %s: %m", t->credential_name);
+                                break;
+                        }
+
+                        s = strstrip(tty);
+                        if (startswith(s, "#"))
+                                continue;
+
+                        r = t->func(s);
+                        if (r < 0)
+                                return r;
+                }
+        }
+
+        return 0;
+}
+
 static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
         int r;
 
@@ -183,6 +234,10 @@ static int run(const char *dest, const char *dest_early, const char *dest_late)
                 return 0;
         }
 
+        r = add_credential_gettys();
+        if (r < 0)
+                return r;
+
         if (detect_container() > 0)
                 /* Add console shell and look at $container_ttys, but don't do add any
                  * further magic if we are in a container. */