forked from openzfs/zfs
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add new init scripts which allow automatic loading of keys if keylocation proerty is set to a URI. Signed-off-by: Benedikt Neuffer <[email protected]> Closes openzfs#11659
- Loading branch information
Showing
7 changed files
with
155 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,5 @@ | ||
zfs-import | ||
zfs-load-key | ||
zfs-mount | ||
zfs-share | ||
zfs-zed | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,131 @@ | ||
#!@DEFAULT_INIT_SHELL@ | ||
# | ||
# zfs-load-key This script will load/unload the zfs filesystems keys. | ||
# | ||
# chkconfig: 2345 06 99 | ||
# description: This script will load or unload the zfs filesystems keys during | ||
# system boot/shutdown. Only filesystems with key path set | ||
# in keylocation property. See the zfs(8) man page for details. | ||
# probe: true | ||
# | ||
### BEGIN INIT INFO | ||
# Provides: zfs-load-key | ||
# Required-Start: $local_fs zfs-import | ||
# Required-Stop: $local_fs zfs-import | ||
# Default-Start: 2 3 4 5 | ||
# Default-Stop: 0 1 6 | ||
# X-Start-Before: zfs-mount | ||
# X-Stop-After: zfs-zed | ||
# Short-Description: Load ZFS keys for filesystems and volumes | ||
# Description: Run the `zfs load-key` or `zfs unload-key` commands. | ||
### END INIT INFO | ||
# | ||
# Released under the 2-clause BSD license. | ||
# | ||
# This script is based on debian/zfsutils.zfs.init from the | ||
# Debian GNU/kFreeBSD zfsutils 8.1-3 package, written by Aurelien Jarno. | ||
|
||
# Source the common init script | ||
. @sysconfdir@/zfs/zfs-functions | ||
|
||
# ---------------------------------------------------- | ||
|
||
do_depend() | ||
{ | ||
# bootmisc will log to /var which may be a different zfs than root. | ||
before bootmisc logger zfs-mount | ||
|
||
after zfs-import sysfs | ||
keyword -lxc -openvz -prefix -vserver | ||
} | ||
|
||
# Load keys for all datasets/filesystems | ||
do_load_keys() | ||
{ | ||
zfs_log_begin_msg "Load ZFS filesystem(s) keys" | ||
|
||
"$ZFS" list -Ho name,encryptionroot,keystatus,keylocation | | ||
while IFS=" " read -r name encryptionroot keystatus keylocation; do | ||
if [ "$encryptionroot" != "-" ] && | ||
[ "$name" = "$encryptionroot" ] && | ||
[ "$keystatus" = "unavailable" ] && | ||
[ "$keylocation" != "prompt" ] && | ||
[ "$keylocation" != "none" ] | ||
then | ||
zfs_action "Load key for $encryptionroot" \ | ||
"$ZFS" load-key "$encryptionroot" | ||
fi | ||
done | ||
|
||
zfs_log_end_msg 0 | ||
|
||
return 0 | ||
} | ||
|
||
# Unload keys for all datasets/filesystems | ||
do_unload_keys() | ||
{ | ||
zfs_log_begin_msg "Unload ZFS filesystem(s) key" | ||
|
||
"$ZFS" list -Ho name,encryptionroot,keystatus | nl | sort -nr | cut -f 2- | | ||
while IFS=" " read -r name encryptionroot keystatus; do | ||
if [ "$encryptionroot" != "-" ] && | ||
[ "$name" = "$encryptionroot" ] && | ||
[ "$keystatus" = "available" ] | ||
then | ||
zfs_action "Unload key for $encryptionroot" \ | ||
"$ZFS" unload-key "$encryptionroot" | ||
fi | ||
done | ||
|
||
zfs_log_end_msg 0 | ||
|
||
return 0 | ||
} | ||
|
||
do_start() | ||
{ | ||
check_boolean "$ZFS_LOAD_KEY" || exit 0 | ||
|
||
check_module_loaded "zfs" || exit 0 | ||
|
||
do_load_keys | ||
} | ||
|
||
do_stop() | ||
{ | ||
check_boolean "$ZFS_UNLOAD_KEY" || exit 0 | ||
|
||
check_module_loaded "zfs" || exit 0 | ||
|
||
do_unload_keys | ||
} | ||
|
||
# ---------------------------------------------------- | ||
|
||
if [ ! -e /sbin/openrc-run ] | ||
then | ||
case "$1" in | ||
start) | ||
do_start | ||
;; | ||
stop) | ||
do_stop | ||
;; | ||
force-reload|condrestart|reload|restart|status) | ||
# no-op | ||
;; | ||
*) | ||
[ -n "$1" ] && echo "Error: Unknown command $1." | ||
echo "Usage: $0 {start|stop}" | ||
exit 3 | ||
;; | ||
esac | ||
|
||
exit $? | ||
else | ||
# Create wrapper functions since Gentoo don't use the case part. | ||
depend() { do_depend; } | ||
start() { do_start; } | ||
stop() { do_stop; } | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters