diff options
author | InsanePrawn <[email protected]> | 2020-03-09 19:09:09 +0100 |
---|---|---|
committer | GitHub <[email protected]> | 2020-03-09 11:09:09 -0700 |
commit | ff2f960b2492ecb3db6a2614251240a77874ab93 (patch) | |
tree | 40519b32aea28b3d88a7035b784dd303ef9c743d | |
parent | 2b95e91132880309d67a537fe727bdef9f4af463 (diff) |
Systemd mount generator: don't fail keyload from file if already loaded
Previously the generated keyload units for encryption roots with
keylocation=file://* didn't contain the code to detect if the key
was already loaded and would be marked failed in such situations.
Move the code to check whether the key is already loaded
from keylocation=prompt handling to general key loading code.
Reviewed-by: Richard Laager <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: InsanePrawn <[email protected]>
Closes #10103
-rwxr-xr-x | etc/systemd/system-generators/zfs-mount-generator.in | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/etc/systemd/system-generators/zfs-mount-generator.in b/etc/systemd/system-generators/zfs-mount-generator.in index bb735112d..147855180 100755 --- a/etc/systemd/system-generators/zfs-mount-generator.in +++ b/etc/systemd/system-generators/zfs-mount-generator.in @@ -151,13 +151,9 @@ process_line() { else keymountdep="RequiresMountsFor='${p_keyloc#file://}'" fi - keyloadcmd="@sbindir@/zfs load-key '${dataset}'" + keyloadscript="@sbindir@/zfs load-key \"${dataset}\"" elif [ "${p_keyloc}" = "prompt" ] ; then - keyloadcmd="\ -/bin/sh -c '\ -set -eu;\ -keystatus=\"\$\$(@sbindir@/zfs get -H -o value keystatus \"${dataset}\")\";\ -[ \"\$\$keystatus\" = \"unavailable\" ] || exit 0;\ + keyloadscript="\ count=0;\ while [ \$\$count -lt 3 ];do\ systemd-ask-password --id=\"zfs:${dataset}\"\ @@ -165,11 +161,19 @@ while [ \$\$count -lt 3 ];do\ @sbindir@/zfs load-key \"${dataset}\" && exit 0;\ count=\$\$((count + 1));\ done;\ -exit 1'" +exit 1" else printf 'zfs-mount-generator: (%s) invalid keylocation\n' \ "${dataset}" >/dev/kmsg fi + keyloadcmd="\ +/bin/sh -c '\ +set -eu;\ +keystatus=\"\$\$(@sbindir@/zfs get -H -o value keystatus \"${dataset}\")\";\ +[ \"\$\$keystatus\" = \"unavailable\" ] || exit 0;\ +${keyloadscript}'" + + # Generate the key-load .service unit # |