initramfs: source user scripts from /e/z/initramfs-tools-load-key{,.d/*}

By dropping in a file in a directory (for packages) or by making a file (for local administrators), custom key loading methods may be provided for the rootfs and necessities. Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Nicholas Morris <[email protected]> Signed-off-by: Ahelenia Ziemiańska <[email protected]> Co-authored-by: Nicholas Morris <[email protected]> Supersedes: #14704 Closes: #13757 Closes #14733
author: наб <[email protected]> 2023-04-12 19:08:49 +0200
committer: GitHub <[email protected]> 2023-04-12 10:08:49 -0700
commit: 6e015933f88fe7ba5de45cf263028de1ee04460a (patch)
tree: c6aef3c180daa8b9aebf67234b3c29b7a105c45d /contrib/initramfs/scripts/zfs
parent: 574e09d8c6b49f223417e9aadb14367ac9db18f6 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/contrib/initramfs/scripts/zfs b/contrib/initramfs/scripts/zfs
index 23aa95efc..7f977a30f 100644
--- a/contrib/initramfs/scripts/zfs
+++ b/contrib/initramfs/scripts/zfs
@@ -420,6 +420,16 @@ decrypt_fs()
 			# Continue only if the key needs to be loaded
 			[ "$KEYSTATUS" = "unavailable" ] || return 0
 
+			# Try extensions first
+			for f in "/etc/zfs/initramfs-tools-load-key" "/etc/zfs/initramfs-tools-load-key.d/"*; do
+				[ -r "$f" ] || continue
+				(. "$f") && {
+					# Successful return and actually-loaded key: we're done
+					KEYSTATUS="$(get_fs_value "${ENCRYPTIONROOT}" keystatus)"
+					[ "$KEYSTATUS" = "unavailable" ] || return 0
+				}
+			done
+
 			# Do not prompt if key is stored noninteractively,
 			if ! [ "${KEYLOCATION}" = "prompt" ]; then
 				$ZFS load-key "${ENCRYPTIONROOT}"
author	наб <[email protected]>	2023-04-12 19:08:49 +0200
committer	GitHub <[email protected]>	2023-04-12 10:08:49 -0700
commit	6e015933f88fe7ba5de45cf263028de1ee04460a (patch)
tree	c6aef3c180daa8b9aebf67234b3c29b7a105c45d /contrib/initramfs/scripts/zfs
parent	574e09d8c6b49f223417e9aadb14367ac9db18f6 (diff)