Recursive munin-run call with systemd-run fails with empty EnvironmentFile

[ogmueller]

Describe the bug
Executing munin-run, will recursively start itself using systemd-run. It takes all the systemd properties and puts them to the run command. The problem is with the property EnvironmentFile. In Ubuntu 24.04 the munin-node.service has a minus sign as a prefix to the value of EnvironmentFile:
EnvironmentFile=-/etc/default/munin-node

When this file does not exists, munin-node will still start, but munin-run will not execute anything anymore.

To Reproduce
When I execute munin-run apache_volume for example, it will create the following systemd-run command:

systemd-run --collect --pipe --quiet --wait --property EnvironmentFile=/tmp/td_Zqup_xO --property UMask=0022 --property LimitCPU=infinity --property LimitFSIZE=infinity --property LimitDATA=infinity --property LimitSTACK=infinity --property LimitCORE=infinity --property LimitRSS=infinity --property LimitNOFILE=524288 --property LimitAS=infinity --property LimitNPROC=514374 --property LimitMEMLOCK=8388608 --property LimitLOCKS=infinity --property LimitSIGPENDING=514374 --property LimitMSGQUEUE=819200 --property LimitNICE=0 --property LimitRTPRIO=0 --property LimitRTTIME=infinity --property SecureBits=0 --property 'CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore' --property DynamicUser=no --property PrivateTmp=no --property PrivateDevices=no --property ProtectClock=no --property ProtectKernelTunables=no --property ProtectKernelModules=no --property ProtectKernelLogs=no --property ProtectControlGroups=no --property PrivateNetwork=no --property PrivateUsers=no --property PrivateMounts=no --property PrivateIPC=no --property ProtectHome=yes --property ProtectSystem=full --property NoNewPrivileges=no --property LockPersonality=no --property MemoryDenyWriteExecute=no --property RestrictRealtime=no --property RestrictSUIDSGID=no --property RestrictNamespaces=no --property ProtectProc=default --property ProtectHostname=no -- /usr/sbin/munin-run --ignore-systemd-properties apache_volume
root@abbe ~ #  hstr -- systemd-run --collect --pipe --quiet --wait --property EnvironmentFile=-/tmp/td_Zqup_xO --property UMask=0022 --property LimitCPU=infinity --property LimitFSIZE=infinity --property LimitDATA=infinity --property LimitSTACK=infinity --property LimitCORE=infinity --property LimitRSS=infinity --property LimitNOFILE=524288 --property LimitAS=infinity --property LimitNPROC=514374 --property LimitMEMLOCK=8388608 --property LimitLOCKS=infinity --property LimitSIGPENDING=514374 --property LimitMSGQUEUE=819200 --property LimitNICE=0 --property LimitRTPRIO=0 --property LimitRTTIME=infinity --property SecureBits=0 --property 'CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore' --property DynamicUser=no --property PrivateTmp=no --property PrivateDevices=no --property ProtectClock=no --property ProtectKernelTunables=no --property ProtectKernelModules=no --property ProtectKernelLogs=no --property ProtectControlGroups=no --property PrivateNetwork=no --property PrivateUsers=no --property PrivateMounts=no --property PrivateIPC=no --property ProtectHome=yes --property ProtectSystem=full --property NoNewPrivileges=no --property LockPersonality=no --property MemoryDenyWriteExecute=no --property RestrictRealtime=no --property RestrictSUIDSGID=no --property RestrictNamespaces=no --property ProtectProc=default --property ProtectHostname=no -- /usr/sbin/munin-run --ignore-systemd-properties apache_volume

This command is going to fail, because the temp file EnvironmentFile=/tmp/td_Zqup_xO is not always there, depending on your environment.

Expected behavior
The systemd-run command should use a minus prefix for the value like EnvironmentFile=-/tmp/td_Zqup_xO, so a missing file will not crash the execution of the run.

Screenshots & Logs

Mar 25 10:46:27 abbe systemd[1]: Failed to start run-u8512.service - /usr/sbin/munin-run --ignore-systemd-properties apache_volume.

[2025-03-25T11:00:30+0100] error    : 'munin_run_all' status failed (1) -- Warning: the execution of 'munin-run' via 'systemd-run' returned an error. This may either be caused by a problem with the plugin to be executed or a failure of the 'systemd-run' wrapper. Details of the latter can be found via 'journalctl'.

Desktop (please complete the following information):

• OS+Distribution Version: Ubuntu 24.04
• Munin Version v2.0.75