Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revert "core/exec-credential: complain louder if inherited credential is missing" #32754

Closed
wants to merge 1 commit into from
Closed

Revert "core/exec-credential: complain louder if inherited credential is missing" #32754

wants to merge 1 commit into from

Conversation

poettering
Copy link
Member

Reverts #32689

I don't get what the point of that PR was? can somebody enlighten me?

@poettering poettering added this to the v256 milestone May 10, 2024
@github-actions github-actions bot added documentation please-review PR is ready for (re-)review by a maintainer labels May 10, 2024
@poettering
Copy link
Member Author

(this is just a placeholder. it's not supposed to be merged, or at least not like this, i just want that to make sure this is not forgotten before 256-rc2)

YHNdnzj
YHNdnzj reviewed May 10, 2024
View reviewed changes
Copy link
Member

@YHNdnzj YHNdnzj left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, my idea is like this: LoadCredential= should and should only be used when people are sure what they want. When a path is also specified, the missing cred is considered fatal, otherwise a warning is emitted. OTOH, if people want generic/completely optional stuff, they're better off using ImportCredential=. Our units are actually doing great, by always using ImportCredential= for acquiring credentials passed to service manager, no matter if globs are needed.

We could also just make LoadCredential= mandatory. However, that would become a complete compat break, which is something I'd like to avoid.

man/systemd.exec.xml
@@ -3385,9 +3385,6 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX
a terse way to declare credentials to inherit from the service manager into a service. This option
may be used multiple times, each time defining an additional credential to pass to the unit.</para>

<para>Note that if the path is not specified or a valid credential identifier is given, i.e.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At least this should really be kept?

@YHNdnzj YHNdnzj added needs-discussion 🤔 and removed please-review PR is ready for (re-)review by a maintainer labels May 10, 2024
@YHNdnzj
Copy link
Member

YHNdnzj commented May 10, 2024

IOW, I wouldn't think a warning makes much sense if we didn't have ImportCredential=. But we do, and thus the semantics of LoadCredential= and that can have a clear separation.

@bluca
Copy link
Member

bluca commented May 10, 2024

What about just downgrading to info level?

keszybz
keszybz reviewed May 14, 2024
View reviewed changes
src/core/exec-credential.c
if (asprintf(&bindname, "@%" PRIx64 "/unit/%s/%s", random_u64(), unit, id) < 0)
if (asprintf(&bindname, "@%" PRIx64"/unit/%s/%s", random_u64(), unit, id) < 0)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This also. It is strange to have asymmetrical whitespace.

@keszybz
Copy link
Member

keszybz commented May 14, 2024

Let's continue the discussion in #32815. This revert also reverts the cleanups, which we don't want.

@keszybz keszybz closed this May 14, 2024
@YHNdnzj YHNdnzj mentioned this pull request May 14, 2024
Merged
@YHNdnzj YHNdnzj deleted the revert-32689-cred-missing branch May 14, 2024 16:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@keszybz keszybz keszybz left review comments

@YHNdnzj YHNdnzj YHNdnzj left review comments

Assignees
No one assigned
Labels
documentation pid1 replaced-by-newer-pr
Milestone
v256
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@poettering @YHNdnzj @bluca @keszybz