[systemd-devel] CREDENTIALS_DIRECTORY vs %d

Gesh gesh at gesh.uni.cx
Thu Aug 22 11:44:17 UTC 2024


On Thu, Aug 22, 2024 at 11:57:58AM GMT, Lennart Poettering wrote:
> On Di, 13.08.24 01:28, Gesh (gesh at gesh.uni.cx) wrote:
>
> > systemd.exec(5) reads:
> > > In order to reference the path a credential may be read from within a
> > > ExecStart= command line use "${CREDENTIALS_DIRECTORY}/mycred", e.g.
> > > "ExecStart=cat ${CREDENTIALS_DIRECTORY}/mycred". In order to reference the
> > > path a credential may be read from within a Environment= line use "%d/mycred",
> > > e.g.  "Environment=MYCREDPATH=%d/mycred".
> >
> > Is there a reason that the `ExecStart=` line should specifically refer to
> > `$CREDENTIALS_DIRECTORY` and not `%d`? Surely these are equivalent?
>
> They are mostly equivalent. But note that people can override
> CREDENTIALS_DIRECTORY locally via Environment=, if they really wish
> to. %d would be unaffected by that.
>
> Also, if you do "systemctl show" on that unit, the %d thing will be
> resolved at that time, but $CREDENTIALS_DIRECTORY will not be.

Ah, fair enough, and this makes sense given the semantics.
That gets us closer, but I still don't fully grasp the implications --
is there a reason to recommend using one over the other?
At a guess, the `Environment=` directive would either be unaffected or
have unclear semantics (in case of loops) if a user attempted to
override `CREDENTIALS_DIRECTORY`, hence there's no harm in freezing
its resolution; but the `Exec*` directives should be left
influenceable in case the user's configuration requires moving
`CREDENTIALS_DIRECTORY`?
(Of course, similar questions could be asked of the other
directive/envvar pairs (%C, %D, E, %L, %t, %T, %V))

Thanks,
Gesh

P.S. Lennart, sorry for the double-post -- forgot to send this to the mailing
list originally


More information about the systemd-devel mailing list