forked from openzfs/zfs
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add new init scripts which allow automatic loading of keys if keylocation proerty is set to a URI. Signed-off-by: Benedikt Neuffer <[email protected]> Closes openzfs#11659
- Loading branch information
Benedikt Neuffer
committed
Feb 27, 2021
1 parent
778fa36
commit f42af6a
Showing
7 changed files
with
189 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,166 @@ | ||
#!@DEFAULT_INIT_SHELL@ | ||
# | ||
# zfs-load-key This script will load/unload the zfs filesystems keys. | ||
# | ||
# chkconfig: 2345 06 99 | ||
# description: This script will load or unload the zfs filesystems keys during | ||
# system boot/shutdown. Only filesystems with key path set | ||
# in keylocation property. See the zfs(8) man page for details. | ||
# probe: true | ||
# | ||
### BEGIN INIT INFO | ||
# Provides: zfs-load-key | ||
# Required-Start: $local_fs zfs-import | ||
# Required-Stop: $local_fs zfs-import | ||
# Default-Start: 2 3 4 5 | ||
# Default-Stop: 0 1 6 | ||
# X-Start-Before: zfs-mount | ||
# X-Stop-After: zfs-zed | ||
# Short-Description: Load ZFS keys for filesystems and volumes | ||
# Description: Run the `zfs load-key` or `zfs load-key` commands. | ||
### END INIT INFO | ||
# | ||
# Released under the 2-clause BSD license. | ||
# | ||
# The original script that acted as a template for this script came from | ||
# the Debian GNU/Linux kFreeBSD ZFS packages (which did not include a | ||
# licensing stansa) in the commit dated Mar 24, 2011: | ||
# https://github.com/zfsonlinux/pkg-zfs/commit/80a3ae582b59c0250d7912ba794dca9e669e605a | ||
|
||
# Source the common init script | ||
. @sysconfdir@/zfs/zfs-functions | ||
|
||
# ---------------------------------------------------- | ||
|
||
do_depend() | ||
{ | ||
# bootmisc will log to /var which may be a different zfs than root. | ||
before bootmisc logger zfs-mount | ||
|
||
after zfs-import sysfs | ||
keyword -lxc -openvz -prefix -vserver | ||
} | ||
|
||
# Load keys for all datasets/filesystems | ||
do_load_keys() | ||
{ | ||
local encryptionroot | ||
|
||
zfs_log_begin_msg "Load ZFS filesystem(s) keys" | ||
|
||
for encryptionroot in $("$ZFS" get -H -o value encryptionroot | uniq) | ||
do | ||
if [ "$encryptionroot" = "-" ] | ||
then | ||
continue | ||
fi | ||
|
||
if [ "$("$ZFS" get -H -o value keystatus $encryptionroot)" != "unavailable" ] | ||
then | ||
continue | ||
fi | ||
|
||
case "$("$ZFS" get -H -o value keylocation $encryptionroot)" in | ||
"file://"*) | ||
;; | ||
*) | ||
continue | ||
;; | ||
esac | ||
|
||
zfs_action "Load key for $encryptionroot" \ | ||
"$ZFS" load-key "$encryptionroot" | ||
done | ||
|
||
zfs_log_end_msg 0 | ||
|
||
return 0 | ||
} | ||
|
||
# Unload keys for all datasets/filesystems | ||
do_unload_keys() | ||
{ | ||
local encryptionroot | ||
|
||
check_boolean "$VERBOSE_MOUNT" && \ | ||
zfs_log_begin_msg "Unload ZFS filesystem(s) key" | ||
|
||
|
||
for encryptionroot in $("$ZFS" get -H -o value encryptionroot | uniq | rev) | ||
do | ||
if [ "$encryptionroot" = "-" ] | ||
then | ||
continue | ||
fi | ||
|
||
if [ "$("$ZFS" get -H -o value keystatus $encryptionroot)" != "unavailable" ] | ||
then | ||
continue | ||
fi | ||
|
||
case "$("$ZFS" get -H -o value keylocation $encryptionroot)" in | ||
"file://"*) | ||
;; | ||
*) | ||
continue | ||
;; | ||
esac | ||
|
||
check_boolean "$VERBOSE_MOUNT" && \ | ||
zfs_log_progress_msg "Unload ZFS key for $encryptionroot" | ||
|
||
zfs_action "Load key for $encryptionroot" \ | ||
"$ZFS" unload-key "$encryptionroot" | ||
done | ||
|
||
check_boolean "$VERBOSE_MOUNT" && zfs_log_end_msg 0 | ||
|
||
return 0 | ||
} | ||
|
||
do_start() | ||
{ | ||
check_boolean "$ZFS_LOAD_KEY" || exit 0 | ||
|
||
check_module_loaded "zfs" || exit 0 | ||
|
||
do_load_keys | ||
} | ||
|
||
do_stop() | ||
{ | ||
check_boolean "$ZFS_UNLOAD_KEY" || exit 0 | ||
|
||
check_module_loaded "zfs" || exit 0 | ||
|
||
do_unload_keys | ||
} | ||
|
||
# ---------------------------------------------------- | ||
|
||
if [ ! -e /sbin/openrc-run ] | ||
then | ||
case "$1" in | ||
start) | ||
do_start | ||
;; | ||
stop) | ||
do_stop | ||
;; | ||
force-reload|condrestart|reload|restart|status) | ||
# no-op | ||
;; | ||
*) | ||
[ -n "$1" ] && echo "Error: Unknown command $1." | ||
echo "Usage: $0 {start|stop}" | ||
exit 3 | ||
;; | ||
esac | ||
|
||
exit $? | ||
else | ||
# Create wrapper functions since Gentoo don't use the case part. | ||
depend() { do_depend; } | ||
start() { do_start; } | ||
stop() { do_stop; } | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters