From b750101eb236130cf056c675997decbac904cc49 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 17:35:18 +0200
Subject: Adding upstream version 252.22.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 man/systemd.system-credentials.xml | 191 +++++++++++++++++++++++++++++++++++++
 1 file changed, 191 insertions(+)
 create mode 100644 man/systemd.system-credentials.xml

(limited to 'man/systemd.system-credentials.xml')

diff --git a/man/systemd.system-credentials.xml b/man/systemd.system-credentials.xml
new file mode 100644
index 0000000..44c553c
--- /dev/null
+++ b/man/systemd.system-credentials.xml
@@ -0,0 +1,191 @@
+<?xml version='1.0'?> <!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
+
+<refentry id="systemd.system-credentials">
+
+  <refentryinfo>
+    <title>systemd.system-credentials</title>
+    <productname>systemd</productname>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>systemd.system-credentials</refentrytitle>
+    <manvolnum>7</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>systemd.system-credentials</refname>
+    <refpurpose>System Credentials</refpurpose>
+  </refnamediv>
+
+  <refsect1>
+    <title>Description</title>
+
+    <para><ulink url="https://systemd.io/CREDENTIALS">System and Service Credentials</ulink> are data objects
+    that may be passed into booted systems or system services as they are invoked. They can be acquired from
+    various external sources, and propagated into the system and from there into system services. Credentials
+    may optionally be encrypted with a machine-specific key and/or locked to the local TPM2 device, and are
+    only decrypted when the consuming service is invoked.</para>
+
+    <para>System credentials may be used to provision and configure various aspects of the system. Depending
+    on the consuming component credentials are only used on initial invocations or are needed for all
+    invocations.</para>
+
+    <para>Credentials may be used for any kind of data, binary or text, and may carry passwords, secrets,
+    certificates, cryptographic key material, identity information, configuration, and more.</para>
+  </refsect1>
+
+  <refsect1>
+    <title>Well known system credentials</title>
+
+    <variablelist>
+      <varlistentry>
+        <term><varname>firstboot.keymap</varname></term>
+        <listitem>
+          <para>The console key mapping to set (e.g. <literal>de</literal>).  Read by
+          <citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+          and only honoured if no console keymap has been configured before.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>firstboot.locale</varname></term>
+        <term><varname>firstboot.locale-message</varname></term>
+        <listitem>
+          <para>The system locale to set (e.g. <literal>de_DE.UTF-8</literal>). Read by
+          <citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+          and only honoured if no locale has been configured before. <varname>firstboot.locale</varname> sets
+          <literal>LANG</literal>, while <varname>firstboot.locale-message</varname> sets
+          <literal>LC_MESSAGES</literal>.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>firstboot.timezone</varname></term>
+        <listitem>
+          <para>The system timezone to set (e.g. <literal>Europe/Berlin</literal>).  Read by
+          <citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+          and only honoured if no system timezone has been configured before.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>login.issue</varname></term>
+        <listitem>
+          <para>The data of this credential is written to
+          <filename>/etc/issue.d/50-provision.conf</filename>, if the file doesn't exist yet.
+          <citerefentry project='man-pages'><refentrytitle>agetty</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+          reads this file and shows its contents at the login prompt of terminal logins. See
+          <citerefentry project='man-pages'><refentrytitle>issue</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+          for details.</para>
+
+          <para>Consumed by <filename>/usr/lib/tmpfiles.d/provision.conf</filename>, see
+          <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>login.motd</varname></term>
+        <listitem>
+          <para>The data of this credential is written to <filename>/etc/motd.d/50-provision.conf</filename>,
+          if the file doesn't exist yet.
+          <citerefentry project='man-pages'><refentrytitle>pam_motd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+          reads this file and shows its contents as "message of the day" during terminal logins. See
+          <citerefentry project='man-pages'><refentrytitle>motd</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+          for details.</para>
+
+          <para>Consumed by <filename>/usr/lib/tmpfiles.d/provision.conf</filename>, see
+          <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>network.hosts</varname></term>
+        <listitem>
+          <para>The data of this credential is written to <filename>/etc/hosts</filename>, if the file
+          doesn't exist yet. See
+          <citerefentry project='man-pages'><refentrytitle>hosts</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+          for details.</para>
+
+          <para>Consumed by <filename>/usr/lib/tmpfiles.d/provision.conf</filename>, see
+          <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>passwd.hashed-password.root</varname></term>
+        <term><varname>passwd.plaintext-password.root</varname></term>
+        <listitem>
+          <para>May contain the password (either in UNIX hashed format, or in plaintext) for the root users.
+          Read by both
+          <citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+          and
+          <citerefentry><refentrytitle>systemd-sysusers</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+          and only honoured if no root password has been configured before.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>passwd.shell.root</varname></term>
+        <listitem>
+          <para>The path to the shell program (e.g. <literal>/bin/bash</literal>) for the root user.  Read by
+          both
+          <citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+          and
+          <citerefentry><refentrytitle>systemd-sysusers</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+          and only honoured if no root shell has been configured before.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>ssh.authorized_keys.root</varname></term>
+        <listitem>
+          <para>The data of this credential is written to <filename>/root/.ssh/authorized_keys</filename>, if
+          the file doesn't exist yet. This allows provisioning SSH access for the system's root user.</para>
+
+          <para>Consumed by <filename>/usr/lib/tmpfiles.d/provision.conf</filename>, see
+          <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>sysusers.extra</varname></term>
+        <listitem>
+          <para>Additional
+          <citerefentry><refentrytitle>sysusers.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+          lines to process during boot.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>sysctl.extra</varname></term>
+        <listitem>
+          <para>Additional
+          <citerefentry><refentrytitle>sysctl.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> lines
+          to process during boot.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>tmpfiles.extra</varname></term>
+        <listitem>
+          <para>Additional
+          <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+          lines to process during boot.</para>
+        </listitem>
+      </varlistentry>
+
+    </variablelist>
+  </refsect1>
+
+  <refsect1>
+      <title>See Also</title>
+      <para>
+        <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+        <citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+      </para>
+  </refsect1>
+
+</refentry>
-- 
cgit v1.2.3