machine: escape % as %% in proxy values written to systemd unit conf#28820
machine: escape % as %% in proxy values written to systemd unit conf#28820crawfordxx wants to merge 1 commit into
Conversation
|
[NON-BLOCKING] Packit jobs failed. @containers/packit-build please check. Everyone else, feel free to ignore. |
|
Thanks for the review, @Honny1! A test case covering the percent-sign escaping is already included in the PR: the "percent sign in proxy value is escaped for systemd" case in |
Honny1
left a comment
Honny1
left a comment
There was a problem hiding this comment.
LGTM, please rebase on upstream main to run new CI. Thanks.
crawfordxx
force-pushed
the
fix-escape-percent-in-systemd-proxy-conf
branch
3 times, most recently
from
e250df5 to
e2429d5
Compare
systemd interprets % as specifier characters in unit configuration files (e.g. %H, %u, %40). Proxy environment variable values that contain percent-encoded URL characters (such as %40 for @ in usernames) cause systemd to emit warnings and fail to parse the generated /etc/systemd/system.conf.d/default-env.conf: system.conf.d/default-env.conf:2: Failed to resolve specifiers in HTTP_PROXY=http://user%40example.com@proxy:3128 Fix by adding a bash variable substitution that doubles every % to %% before writing to the systemd unit conf files. The profile.d and environment.d destinations do not need this escaping and continue to use the original value. Fixes podman-container-tools#28698 Signed-off-by: crawfordxx <crawfordxx@users.noreply.github.com>
crawfordxx
force-pushed
the
fix-escape-percent-in-systemd-proxy-conf
branch
3 times, most recently
from
db2dcd8 to
d0f9798
Compare
|
The branch is already based on the latest upstream main (commit 1388790). The CI failures on the lima/Windows runners appear to be infrastructure-related, not caused by these changes. Could you take another look when the flaky runners recover? |
|
PTAL @podman-container-tools/podman-maintainers @podman-container-tools/podman-reviewers |
3 participants
Problem
systemd treats
%as a specifier character in unit configuration files(e.g.
%H→ hostname,%40→@in percent-encoded strings).When proxy environment variables contain URL-percent-encoded characters
(common in credentials:
http://user%40example.com@proxy:3128), thegenerated
/etc/systemd/system.conf.d/default-env.confcontainsbare
%sequences that systemd tries to expand as specifiers, leading to:Fix
Introduce a bash variable substitution
${proxy//%/%%}that doublesevery
%to%%before writing to the systemd-specific conf files.The
%%is then decoded by systemd back to a literal%, preservingthe original value.
The
/etc/profile.d/default-env.shand/etc/environment.d/default-env.confdestinations do not perform specifier expansion, so they continue to use the
original value without escaping.
A new test case covering a proxy value with a percent-encoded character
is added alongside the update to the existing expected output.
Fixes #28698