From f6a8db04fb20d142e514d805c613a1b3e70c454d Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Sun, 20 Dec 2015 13:23:33 +0100 Subject: [PATCH] Add Seal option in the configuration file for journald-remote While journal received remotely can be sealed, it can only be done on the command line using --seal, so for consistency, we will also permit to set it in the configuration file. Cherry-picked from: 9d3737f13e9b38f88ed7acc800db66c2f025fac9 Resolves: #1329233 --- man/journal-remote.conf.xml | 7 +++++++ src/journal-remote/journal-remote.c | 1 + src/journal-remote/journal-remote.conf.in | 1 + 3 files changed, 9 insertions(+) diff --git a/man/journal-remote.conf.xml b/man/journal-remote.conf.xml index a7b222718..9a385c7e5 100644 --- a/man/journal-remote.conf.xml +++ b/man/journal-remote.conf.xml @@ -72,6 +72,13 @@ [Remote] section: + + Seal= + + Periodically sign the data in the journal using Forward Secure Sealing. + + + SplitMode= diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c index b7cc6d717..9c515f9c8 100644 --- a/src/journal-remote/journal-remote.c +++ b/src/journal-remote/journal-remote.c @@ -1174,6 +1174,7 @@ static DEFINE_CONFIG_PARSE_ENUM(config_parse_write_split_mode, static int parse_config(void) { const ConfigTableItem items[] = { + { "Remote", "Seal", config_parse_bool, 0, &arg_seal }, { "Remote", "SplitMode", config_parse_write_split_mode, 0, &arg_split_mode }, { "Remote", "ServerKeyFile", config_parse_path, 0, &arg_key }, { "Remote", "ServerCertificateFile", config_parse_path, 0, &arg_cert }, diff --git a/src/journal-remote/journal-remote.conf.in b/src/journal-remote/journal-remote.conf.in index 3e32f34de..7122d6336 100644 --- a/src/journal-remote/journal-remote.conf.in +++ b/src/journal-remote/journal-remote.conf.in @@ -1,4 +1,5 @@ [Remote] +# Seal=false # SplitMode=host # ServerKeyFile=@CERTIFICATEROOT@/private/journal-remote.pem # ServerCertificateFile=@CERTIFICATEROOT@/certs/journal-remote.pem