diff --git a/Makefile.am b/Makefile.am index b7cc4ce85655..97728b130b8b 100644 --- a/Makefile.am +++ b/Makefile.am @@ -153,6 +153,7 @@ checkbashisms: -o -name 'config' -prune \ -o -name 'zed-functions.sh*' -prune \ -o -name 'zfs-import*' -prune \ + -o -name 'zfs-load-key*' -prune \ -o -name 'zfs-mount*' -prune \ -o -name 'zfs-zed*' -prune \ -o -name 'smart' -prune \ diff --git a/etc/default/zfs.in b/etc/default/zfs.in index 3b6e5486dd33..0af4f469e12e 100644 --- a/etc/default/zfs.in +++ b/etc/default/zfs.in @@ -9,6 +9,12 @@ # To enable a boolean setting, set it to yes, on, true, or 1. # Anything else will be interpreted as unset. +# Run `zfs load-key` during system start? +ZFS_LOAD_KEY='yes' + +# Run `zfs unload-key` during system stop? +ZFS_UNLOAD_KEY='no' + # Run `zfs mount -a` during system start? ZFS_MOUNT='yes' diff --git a/etc/init.d/Makefile.am b/etc/init.d/Makefile.am index 9285a995a1cf..aaa73caf4468 100644 --- a/etc/init.d/Makefile.am +++ b/etc/init.d/Makefile.am @@ -2,6 +2,6 @@ include $(top_srcdir)/config/Substfiles.am EXTRA_DIST += README.md -init_SCRIPTS = zfs-import zfs-mount zfs-share zfs-zed +init_SCRIPTS = zfs-import zfs-load-key zfs-mount zfs-share zfs-zed SUBSTFILES += $(init_SCRIPTS) diff --git a/etc/init.d/README.md b/etc/init.d/README.md index c14b01937db2..f417b24c5923 100644 --- a/etc/init.d/README.md +++ b/etc/init.d/README.md @@ -42,14 +42,16 @@ INSTALLING INIT SCRIPT LINKS To setup the init script links in /etc/rc?.d manually on a Debian GNU/Linux (or derived) system, run the following commands (the order is important!): - update-rc.d zfs-import start 07 S . stop 07 0 1 6 . - update-rc.d zfs-mount start 02 2 3 4 5 . stop 06 0 1 6 . - update-rc.d zfs-zed start 07 2 3 4 5 . stop 08 0 1 6 . - update-rc.d zfs-share start 27 2 3 4 5 . stop 05 0 1 6 . + update-rc.d zfs-import start 07 S . stop 07 0 1 6 . + update-rc.d zfs-load-key start 02 2 3 4 5 . stop 06 0 1 6 . + update-rc.d zfs-mount start 02 2 3 4 5 . stop 06 0 1 6 . + update-rc.d zfs-zed start 07 2 3 4 5 . stop 08 0 1 6 . + update-rc.d zfs-share start 27 2 3 4 5 . stop 05 0 1 6 . To do the same on RedHat, Fedora and/or CentOS: chkconfig zfs-import + chkconfig zfs-load-key chkconfig zfs-mount chkconfig zfs-zed chkconfig zfs-share @@ -57,6 +59,7 @@ INSTALLING INIT SCRIPT LINKS On Gentoo: rc-update add zfs-import boot + rc-update add zfs-load-key boot rc-update add zfs-mount boot rc-update add zfs-zed default rc-update add zfs-share default diff --git a/etc/init.d/zfs-load-key.in b/etc/init.d/zfs-load-key.in new file mode 100755 index 000000000000..c88a69aa3390 --- /dev/null +++ b/etc/init.d/zfs-load-key.in @@ -0,0 +1,166 @@ +#!@DEFAULT_INIT_SHELL@ +# +# zfs-load-key This script will load/unload the zfs filesystems keys. +# +# chkconfig: 2345 06 99 +# description: This script will load or unload the zfs filesystems keys during +# system boot/shutdown. Only filesystems with key path set +# in keylocation property. See the zfs(8) man page for details. +# probe: true +# +### BEGIN INIT INFO +# Provides: zfs-load-key +# Required-Start: $local_fs zfs-import +# Required-Stop: $local_fs zfs-import +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# X-Start-Before: zfs-mount +# X-Stop-After: zfs-zed +# Short-Description: Load ZFS keys for filesystems and volumes +# Description: Run the `zfs load-key` or `zfs load-key` commands. +### END INIT INFO +# +# Released under the 2-clause BSD license. +# +# The original script that acted as a template for this script came from +# the Debian GNU/Linux kFreeBSD ZFS packages (which did not include a +# licensing stansa) in the commit dated Mar 24, 2011: +# https://github.com/zfsonlinux/pkg-zfs/commit/80a3ae582b59c0250d7912ba794dca9e669e605a + +# Source the common init script +. @sysconfdir@/zfs/zfs-functions + +# ---------------------------------------------------- + +do_depend() +{ + # bootmisc will log to /var which may be a different zfs than root. + before bootmisc logger zfs-mount + + after zfs-import sysfs + keyword -lxc -openvz -prefix -vserver +} + +# Load keys for all datasets/filesystems +do_load_keys() +{ + local encryptionroot + + zfs_log_begin_msg "Load ZFS filesystem(s) keys" + + for encryptionroot in $("$ZFS" get -H -o value encryptionroot | uniq) + do + if [ "$encryptionroot" = "-" ] + then + continue + fi + + if [ "$("$ZFS" get -H -o value keystatus $encryptionroot)" != "unavailable" ] + then + continue + fi + + case "$("$ZFS" get -H -o value keylocation $encryptionroot)" in + "file://"*) + ;; + *) + continue + ;; + esac + + zfs_action "Load key for $encryptionroot" \ + "$ZFS" load-key "$encryptionroot" + done + + zfs_log_end_msg 0 + + return 0 +} + +# Unload keys for all datasets/filesystems +do_unload_keys() +{ + local encryptionroot + + check_boolean "$VERBOSE_MOUNT" && \ + zfs_log_begin_msg "Unload ZFS filesystem(s) key" + + + for encryptionroot in $("$ZFS" get -H -o value encryptionroot | uniq | rev) + do + if [ "$encryptionroot" = "-" ] + then + continue + fi + + if [ "$("$ZFS" get -H -o value keystatus $encryptionroot)" != "unavailable" ] + then + continue + fi + + case "$("$ZFS" get -H -o value keylocation $encryptionroot)" in + "file://"*) + ;; + *) + continue + ;; + esac + + check_boolean "$VERBOSE_MOUNT" && \ + zfs_log_progress_msg "Unload ZFS key for $encryptionroot" + + zfs_action "Load key for $encryptionroot" \ + "$ZFS" unload-key "$encryptionroot" + done + + check_boolean "$VERBOSE_MOUNT" && zfs_log_end_msg 0 + + return 0 +} + +do_start() +{ + check_boolean "$ZFS_LOAD_KEY" || exit 0 + + check_module_loaded "zfs" || exit 0 + + do_load_keys +} + +do_stop() +{ + check_boolean "$ZFS_UNLOAD_KEY" || exit 0 + + check_module_loaded "zfs" || exit 0 + + do_unload_keys +} + +# ---------------------------------------------------- + +if [ ! -e /sbin/openrc-run ] +then + case "$1" in + start) + do_start + ;; + stop) + do_stop + ;; + force-reload|condrestart|reload|restart|status) + # no-op + ;; + *) + [ -n "$1" ] && echo "Error: Unknown command $1." + echo "Usage: $0 {start|stop}" + exit 3 + ;; + esac + + exit $? +else + # Create wrapper functions since Gentoo don't use the case part. + depend() { do_depend; } + start() { do_start; } + stop() { do_stop; } +fi diff --git a/etc/zfs/zfs-functions.in b/etc/zfs/zfs-functions.in index c2ce6157c6e0..fc7f3520864f 100644 --- a/etc/zfs/zfs-functions.in +++ b/etc/zfs/zfs-functions.in @@ -1,5 +1,5 @@ -# This is a script with common functions etc used by zfs-import, zfs-mount, -# zfs-share and zfs-zed. +# This is a script with common functions etc used by zfs-import,zfs-load-key, +# zfs-mount, zfs-share and zfs-zed. # # It is _NOT_ to be called independently # @@ -94,6 +94,8 @@ ZPOOL="@sbindir@/zpool" ZPOOL_CACHE="@sysconfdir@/zfs/zpool.cache" # Sensible defaults +ZFS_LOAD_KEY='yes' +ZFS_UNLOAD_KEY='no' ZFS_MOUNT='yes' ZFS_UNMOUNT='yes' ZFS_SHARE='yes' @@ -106,7 +108,8 @@ fi # ---------------------------------------------------- -export ZFS ZED ZPOOL ZPOOL_CACHE ZFS_MOUNT ZFS_UNMOUNT ZFS_SHARE ZFS_UNSHARE +export ZFS ZED ZPOOL ZPOOL_CACHE ZFS_LOAD_KEY ZFS_UNLOAD_KEY ZFS_MOUNT ZFS_UNMOUNT\ + ZFS_SHARE ZFS_UNSHARE zfs_action() { diff --git a/rpm/generic/zfs.spec.in b/rpm/generic/zfs.spec.in index f46a633db6b6..54349fd4d0ab 100644 --- a/rpm/generic/zfs.spec.in +++ b/rpm/generic/zfs.spec.in @@ -392,6 +392,7 @@ fi %else if [ -x /sbin/chkconfig ]; then /sbin/chkconfig --add zfs-import + /sbin/chkconfig --add zfs-load-key /sbin/chkconfig --add zfs-mount /sbin/chkconfig --add zfs-share /sbin/chkconfig --add zfs-zed @@ -422,6 +423,7 @@ fi %else if [ "$1" = "0" -o "$1" = "remove" ] && [ -x /sbin/chkconfig ]; then /sbin/chkconfig --del zfs-import + /sbin/chkconfig --del zfs-load-key /sbin/chkconfig --del zfs-mount /sbin/chkconfig --del zfs-share /sbin/chkconfig --del zfs-zed