diff options
| author | наб <[email protected]> | 2021-05-23 22:09:35 +0200 |
|---|---|---|
| committer | Brian Behlendorf <[email protected]> | 2021-06-04 14:01:08 -0700 |
| commit | a0242eceff17abc08910ea9bfe6376ecd85f606f (patch) | |
| tree | 5c133610eaa7f7d4289c94e42bfc02508d23b21e | |
| parent | b2c68bea50bd6fcf03ea01f045bbfeac8a88eb4e (diff) | |
dracut: 90zfs: zfs-load-key: wait for key to appear for up to 10 seconds
Also reduce password retries to 3 to match i-t
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Ahelenia Ziemiańska <[email protected]>
Closes #12065
Closes #12108
| -rwxr-xr-x | contrib/dracut/90zfs/zfs-load-key.sh.in | 36 |
1 files changed, 26 insertions, 10 deletions
diff --git a/contrib/dracut/90zfs/zfs-load-key.sh.in b/contrib/dracut/90zfs/zfs-load-key.sh.in index f15118ad0..2138ff943 100755 --- a/contrib/dracut/90zfs/zfs-load-key.sh.in +++ b/contrib/dracut/90zfs/zfs-load-key.sh.in @@ -42,16 +42,32 @@ if [ "$(zpool list -H -o feature@encryption "${BOOTFS%%/*}")" = 'active' ]; then [ "$KEYSTATUS" = "unavailable" ] || exit 0 KEYLOCATION="$(zfs get -H -o value keylocation "${ENCRYPTIONROOT}")" - if ! [ "${KEYLOCATION}" = "prompt" ]; then - if ! [ "${KEYLOCATION#http}" = "${KEYLOCATION}" ]; then + case "${KEYLOCATION%%://*}" in + prompt) + for _ in 1 2 3; do + systemd-ask-password "Encrypted ZFS password for ${BOOTFS}" --no-tty | zfs load-key "${ENCRYPTIONROOT}" && break + done + ;; + http*) systemctl start network-online.target - fi - zfs load-key "${ENCRYPTIONROOT}" - else - # decrypt them - for _ in 1 2 3 4 5; do - systemd-ask-password "Encrypted ZFS password for ${BOOTFS}" --no-tty | zfs load-key "${ENCRYPTIONROOT}" && break - done - fi + zfs load-key "${ENCRYPTIONROOT}" + ;; + file) + KEYFILE="${KEYLOCATION#file://}" + [ -r "${KEYFILE}" ] || udevadm settle + [ -r "${KEYFILE}" ] || { + info "Waiting for key ${KEYFILE} for ${ENCRYPTIONROOT}..." + for _ in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20; do + sleep 0.5s + [ -r "${KEYFILE}" ] && break + done + } + [ -r "${KEYFILE}" ] || warn "Key ${KEYFILE} for ${ENCRYPTIONROOT} hasn't appeared. Trying anyway." + zfs load-key "${ENCRYPTIONROOT}" + ;; + *) + zfs load-key "${ENCRYPTIONROOT}" + ;; + esac fi fi |