Hi, I've been unsuccessfully trying to migrate my user units to use credentials for storing gpg passphrases to encrypt stored state. I've reduced this to the following MWE: > [Service] > # generated by > # printf %s test | systemd-creds encrypt --user --name=test-password -p - - > SetCredentialEncrypted=test-password: \ > 70rBNnmpSA6n22iJf58WXSAAAAABAAAADAAAABAAAAB6rVkJL5nM+F5NRvYAAAAAgAAAA \ > AAAAAALACMA0AAAACAAAAAAfgAghijOoUw1lKX9BioGUmvKXDN69osbd2So8speZ/Z+xL \ > wAENrIkYRenzlbEGpX0v2fDYkkLrdlXO8uqfdIptqgJSisID5vIyqWICPH59LcC66LUeZ \ > Hq4+p3D//0tbKw95QfQCIlFb21tVytit4NFPueisKb81AD4IbtyG7RABOAAgACwAABBIA \ > IM9O3Zs/eqFefF0Yu2eq2Q7qe6mpPjCsyQfMjGWkJmvGABAAIGtogyNYFOsRpAaVuwQDu \ > GHbOedElZmvBpLxQsHzduoYz07dmz96oV58XRi7Z6rZDup7qak+MKzJB8yMZaQma8YAAA \ > AABwAAAAAAAACnvgUY0faB0COAsMCgUAvznFtWFnIyDPx+u52ls8hW2ajtq5xmkSMnNbz \ > 7ICryM/DCPmN8GcJZy01ZA+I= > ExecStart=cat %d/test-password > > [Install] > WantedBy=default.target which yields the following log > Aug 13 00:51:15 telcontar systemd[1259]: Started test.service. > Aug 13 00:51:20 telcontar (cat)[166546]: Failed to determine local credential key: Permission denied > Aug 13 00:51:20 telcontar (cat)[166546]: test.service: Failed to set up credentials: Permission denied > Aug 13 00:51:20 telcontar (cat)[166546]: test.service: Failed at step CREDENTIALS spawning cat: Permission denied > Aug 13 00:51:20 telcontar systemd[1259]: test.service: Main process exited, code=exited, status=243/CREDENTIALS > Aug 13 00:51:20 telcontar systemd[1259]: test.service: Failed with result 'exit-code'. However, roundtripping through `systemd-creds` does work: > $ printf %s test | systemd-creds encrypt --user --name=test-password - - \ > > | systemd-creds decrypt --user --name=test-password - > test which brings me to the workaround of using the following instead: > [Service] > ExecStart=systemd-creds --user decrypt %S/test.enc > > [Install] > WantedBy=default.target Is this the intended usage? Thanks, Gesh
Using credential directives in user units always exits 243/CREDENTIALS
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Using credential directives in user units always exits 243/CREDENTIALS
- From: Gesh <gesh@xxxxxxxxxxx>
- Date: Tue, 13 Aug 2024 01:28:43 +0300
- Prev by Date: CREDENTIALS_DIRECTORY vs %d
- Next by Date: Re: CREDENTIALS_DIRECTORY vs %d
- Previous by thread: CREDENTIALS_DIRECTORY vs %d
- Next by thread: Mechanism to know when all services are finished preparing for resume
- Index(es):
 |