From e69792e0afae06da69e6ea445b791525559b6518 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= Date: Sun, 23 May 2021 15:48:26 +0200 Subject: [PATCH 1/5] dracut: 90zfs: module-setup: try /lib*/libgcc_s.so*, relax /u/l/gcc path MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit SUSE stores the library at /lib64/libgcc_s.so.1 (/lib/libgcc_s.so.1 for i686 glibc), which is in the search path Also relax the /usr/lib path to catch systems similar to SUSE (/usr/lib64/gcc/x86_64-suse-linux/10/libgcc_s.so) but without the top-level lib64 Signed-off-by: Ahelenia Ziemiańska Closes #11750 --- contrib/dracut/90zfs/module-setup.sh.in | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/contrib/dracut/90zfs/module-setup.sh.in b/contrib/dracut/90zfs/module-setup.sh.in index 6122551c3ae7..817da5b2b4a9 100755 --- a/contrib/dracut/90zfs/module-setup.sh.in +++ b/contrib/dracut/90zfs/module-setup.sh.in @@ -49,13 +49,16 @@ install() { # On systems with gcc-config (Gentoo, Funtoo, etc.): # Use the current profile to resolve the appropriate path s="$(gcc-config -c)" - dracut_install "/usr/lib/gcc/${s%-*}/${s##*-}/libgcc_s.so.1" - elif ls /usr/lib/libgcc_s.so* >/dev/null 2>&1; then + dracut_install "/usr/lib/gcc/${s%-*}/${s##*-}/libgcc_s.so"* + elif [ "$(echo /usr/lib/libgcc_s.so*)" != "/usr/lib/libgcc_s.so*" ]; then # Try a simple path first dracut_install /usr/lib/libgcc_s.so* + elif [ "$(echo /lib*/libgcc_s.so*)" != "/lib*/libgcc_s.so*" ]; then + # SUSE + dracut_install /lib*/libgcc_s.so* else # Fallback: Guess the path and include all matches - dracut_install /usr/lib/gcc/*/*/libgcc_s.so* + dracut_install /usr/lib*/gcc/**/libgcc_s.so* fi # shellcheck disable=SC2050 if [ @LIBFETCH_DYNAMIC@ != 0 ]; then From f181d1b8f0ce8ba89a718fefe92121e2eb172142 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= Date: Sun, 23 May 2021 16:39:58 +0200 Subject: [PATCH 2/5] dracut: 90zfs: zfs-load-key: don't load unencrypted bootfs' keylocation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Ahelenia Ziemiańska Closes #11800 --- contrib/dracut/90zfs/zfs-load-key.sh.in | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/contrib/dracut/90zfs/zfs-load-key.sh.in b/contrib/dracut/90zfs/zfs-load-key.sh.in index 8fd3e5fd52c8..2f0c7ea0b61c 100755 --- a/contrib/dracut/90zfs/zfs-load-key.sh.in +++ b/contrib/dracut/90zfs/zfs-load-key.sh.in @@ -36,13 +36,12 @@ fi if [ "$(zpool list -H -o feature@encryption "$(echo "${BOOTFS}" | awk -F/ '{print $1}')")" = 'active' ]; then # if the root dataset has encryption enabled ENCRYPTIONROOT="$(zfs get -H -o value encryptionroot "${BOOTFS}")" - # where the key is stored (in a file or loaded via prompt) - KEYLOCATION="$(zfs get -H -o value keylocation "${ENCRYPTIONROOT}")" if ! [ "${ENCRYPTIONROOT}" = "-" ]; then KEYSTATUS="$(zfs get -H -o value keystatus "${ENCRYPTIONROOT}")" # continue only if the key needs to be loaded [ "$KEYSTATUS" = "unavailable" ] || exit 0 - # if key is stored in a file, do not prompt + + KEYLOCATION="$(zfs get -H -o value keylocation "${ENCRYPTIONROOT}")" if ! [ "${KEYLOCATION}" = "prompt" ]; then if ! [ "${KEYLOCATION#http}" = "${KEYLOCATION}" ]; then systemctl start network-online.target From 16f85f23c2f44814e08a40ae0cef2a43a7ec08e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= Date: Sun, 23 May 2021 18:04:14 +0200 Subject: [PATCH 3/5] Use %%/* instead of awk -F/ {print $1} to strip datasets MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Ahelenia Ziemiańska --- contrib/dracut/90zfs/mount-zfs.sh.in | 2 +- contrib/dracut/90zfs/zfs-load-key.sh.in | 2 +- contrib/initramfs/scripts/zfs | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/contrib/dracut/90zfs/mount-zfs.sh.in b/contrib/dracut/90zfs/mount-zfs.sh.in index 4f2a51ca66f4..68e3f0e0d60b 100755 --- a/contrib/dracut/90zfs/mount-zfs.sh.in +++ b/contrib/dracut/90zfs/mount-zfs.sh.in @@ -58,7 +58,7 @@ ZFS_POOL="${ZFS_DATASET%%/*}" if import_pool "${ZFS_POOL}" ; then # Load keys if we can or if we need to - if [ "$(zpool list -H -o feature@encryption "$(echo "${ZFS_POOL}" | awk -F/ '{print $1}')")" = 'active' ]; then + if [ "$(zpool list -H -o feature@encryption "${ZFS_POOL}")" = 'active' ]; then # if the root dataset has encryption enabled ENCRYPTIONROOT="$(zfs get -H -o value encryptionroot "${ZFS_DATASET}")" if ! [ "${ENCRYPTIONROOT}" = "-" ]; then diff --git a/contrib/dracut/90zfs/zfs-load-key.sh.in b/contrib/dracut/90zfs/zfs-load-key.sh.in index 2f0c7ea0b61c..f15118ad02ca 100755 --- a/contrib/dracut/90zfs/zfs-load-key.sh.in +++ b/contrib/dracut/90zfs/zfs-load-key.sh.in @@ -33,7 +33,7 @@ else fi # if pool encryption is active and the zfs command understands '-o encryption' -if [ "$(zpool list -H -o feature@encryption "$(echo "${BOOTFS}" | awk -F/ '{print $1}')")" = 'active' ]; then +if [ "$(zpool list -H -o feature@encryption "${BOOTFS%%/*}")" = 'active' ]; then # if the root dataset has encryption enabled ENCRYPTIONROOT="$(zfs get -H -o value encryptionroot "${BOOTFS}")" if ! [ "${ENCRYPTIONROOT}" = "-" ]; then diff --git a/contrib/initramfs/scripts/zfs b/contrib/initramfs/scripts/zfs index 38122594b943..cfc099e6cdd2 100644 --- a/contrib/initramfs/scripts/zfs +++ b/contrib/initramfs/scripts/zfs @@ -390,7 +390,7 @@ decrypt_fs() fs="$1" # If pool encryption is active and the zfs command understands '-o encryption' - if [ "$(zpool list -H -o feature@encryption "$(echo "${fs}" | awk -F/ '{print $1}')")" = 'active' ]; then + if [ "$(zpool list -H -o feature@encryption "${fs%%/*}")" = 'active' ]; then # Determine dataset that holds key for root dataset ENCRYPTIONROOT="$(get_fs_value "${fs}" encryptionroot)" From 5a31f5d9e9883621fb65fa6f00033db8b6684060 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= Date: Sun, 23 May 2021 22:09:35 +0200 Subject: [PATCH 4/5] dracut: 90zfs: zfs-load-key: wait for key to appear for up to 10 seconds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also reduce password retries to 3 to match i-t Signed-off-by: Ahelenia Ziemiańska Closes #12065 --- contrib/dracut/90zfs/zfs-load-key.sh.in | 36 ++++++++++++++++++------- 1 file changed, 26 insertions(+), 10 deletions(-) diff --git a/contrib/dracut/90zfs/zfs-load-key.sh.in b/contrib/dracut/90zfs/zfs-load-key.sh.in index f15118ad02ca..2138ff943c64 100755 --- a/contrib/dracut/90zfs/zfs-load-key.sh.in +++ b/contrib/dracut/90zfs/zfs-load-key.sh.in @@ -42,16 +42,32 @@ if [ "$(zpool list -H -o feature@encryption "${BOOTFS%%/*}")" = 'active' ]; then [ "$KEYSTATUS" = "unavailable" ] || exit 0 KEYLOCATION="$(zfs get -H -o value keylocation "${ENCRYPTIONROOT}")" - if ! [ "${KEYLOCATION}" = "prompt" ]; then - if ! [ "${KEYLOCATION#http}" = "${KEYLOCATION}" ]; then + case "${KEYLOCATION%%://*}" in + prompt) + for _ in 1 2 3; do + systemd-ask-password "Encrypted ZFS password for ${BOOTFS}" --no-tty | zfs load-key "${ENCRYPTIONROOT}" && break + done + ;; + http*) systemctl start network-online.target - fi - zfs load-key "${ENCRYPTIONROOT}" - else - # decrypt them - for _ in 1 2 3 4 5; do - systemd-ask-password "Encrypted ZFS password for ${BOOTFS}" --no-tty | zfs load-key "${ENCRYPTIONROOT}" && break - done - fi + zfs load-key "${ENCRYPTIONROOT}" + ;; + file) + KEYFILE="${KEYLOCATION#file://}" + [ -r "${KEYFILE}" ] || udevadm settle + [ -r "${KEYFILE}" ] || { + info "Waiting for key ${KEYFILE} for ${ENCRYPTIONROOT}..." + for _ in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20; do + sleep 0.5s + [ -r "${KEYFILE}" ] && break + done + } + [ -r "${KEYFILE}" ] || warn "Key ${KEYFILE} for ${ENCRYPTIONROOT} hasn't appeared. Trying anyway." + zfs load-key "${ENCRYPTIONROOT}" + ;; + *) + zfs load-key "${ENCRYPTIONROOT}" + ;; + esac fi fi From 4d112509296e254a3bd4a17bc528e93f8bc760f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= Date: Wed, 26 May 2021 13:13:08 +0200 Subject: [PATCH 5/5] i-t: don't try to import from empty cache MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Chases 7c64ee9e7731b7ad39e300b4a422892dbe8d4b23 ("zfs-import-{cache,scan}: change condition to FileNotEmpty") Signed-off-by: Ahelenia Ziemiańska --- contrib/initramfs/scripts/zfs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/contrib/initramfs/scripts/zfs b/contrib/initramfs/scripts/zfs index cfc099e6cdd2..306e6e157e62 100644 --- a/contrib/initramfs/scripts/zfs +++ b/contrib/initramfs/scripts/zfs @@ -706,7 +706,8 @@ mountroot() # ------------ # Look for the cache file (if any). - [ ! -f "${ZPOOL_CACHE}" ] && unset ZPOOL_CACHE + [ -f "${ZPOOL_CACHE}" ] || unset ZPOOL_CACHE + [ -s "${ZPOOL_CACHE}" ] || unset ZPOOL_CACHE # ------------ # Compatibility: 'ROOT' is for Debian GNU/Linux (etc),