File 1020-core-create-the-credential-directory-even-if-it-s-em.patch of Package systemd.38170

From fb180e4472b9f198df23b710a08a07949f0e6926 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Tue, 14 Jan 2025 17:29:05 +0100
Subject: [PATCH] core: create the credential directory even if it's empty

Otherwise it might confuse users of credentials such as util-linux.

Upstream addressed this issue in commit
cfbf7538d87023840c5574fa5b0452e5b0f42149, although it is unclear whether this
was intentional, as the commit message does not explicitly state so.

Backporting this commit is not feasible due to the significant number of
changes and reworks that have occurred in this area since version 254. This
also indicates that modifying this part of the code is relatively tricky.

Therefore, let's opt for the simplest approach and always mount the final
location even if the mount is empty.

[fbui: fixes bsc#1229228]
---
 src/core/execute.c | 23 +++++++----------------
 1 file changed, 7 insertions(+), 16 deletions(-)

diff --git a/src/core/execute.c b/src/core/execute.c
index 7b7b97ae9c..1a61726939 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -3424,24 +3424,15 @@ static int setup_credentials_internal(
                 return r;
 
         if (workspace_mounted) {
-                bool install;
-
                 /* Determine if we should actually install the prepared mount in the final location by bind
-                 * mounting it there. We do so only if the mount is not established there already, and if the
-                 * mount is actually non-empty (i.e. carries at least one credential). Not that in the best
-                 * case we are doing all this in a mount namespace, thus no one else will see that we
-                 * allocated a file system we are getting rid of again here. */
-                if (final_mounted)
-                        install = false; /* already installed */
-                else {
-                        r = dir_is_empty(where, /* ignore_hidden_or_backup= */ false);
-                        if (r < 0)
-                                return r;
-
-                        install = r == 0; /* install only if non-empty */
-                }
+                 * mounting it there. We do so only if the mount is not established there already. Note that
+                 * in the best case we are doing all this in a mount namespace, thus no one else will see
+                 * that we allocated a file system we are getting rid of again here.
+                 *
+                 * SUSE: install even if not empty so $CREDENTIALS_DIRECTORY always points to an existing
+                 * directory (bsc#1229228). */
 
-                if (install) {
+                if (!final_mounted) { /* not already installed */
                         /* Make workspace read-only now, so that any bind mount we make from it defaults to read-only too */
                         r = mount_nofollow_verbose(LOG_DEBUG, NULL, workspace, NULL, MS_BIND|MS_REMOUNT|credentials_fs_mount_flags(/* ro= */ true), NULL);
                         if (r < 0)
-- 
2.43.0