diff options
| author | наб <[email protected]> | 2021-05-13 06:21:35 +0200 |
|---|---|---|
| committer | Tony Hutter <[email protected]> | 2022-02-16 17:58:37 -0800 |
| commit | 9cbc2ed20f710326d16e8fe7357999eaa3f90142 (patch) | |
| tree | c02322a179938cb917608e5404e0f8eff85eaaca /contrib/initramfs | |
| parent | 9b185de6fa9f1b3a7614448fe0116ed370ec7e2f (diff) | |
libzfs: add keylocation=https://, backed by fetch(3) or libcurl
Add support for http and https to the keylocation properly to
allow encryption keys to be fetched from the specified URL.
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Ryan Moeller <[email protected]>
Signed-off-by: Ahelenia Ziemiańska <[email protected]>
Issue #9543
Closes #9947
Closes #11956
Diffstat (limited to 'contrib/initramfs')
| -rwxr-xr-x | contrib/initramfs/hooks/zfs.in | 7 | ||||
| -rw-r--r-- | contrib/initramfs/scripts/zfs | 11 |
2 files changed, 11 insertions, 7 deletions
diff --git a/contrib/initramfs/hooks/zfs.in b/contrib/initramfs/hooks/zfs.in index 32331b264..bdf169fd9 100755 --- a/contrib/initramfs/hooks/zfs.in +++ b/contrib/initramfs/hooks/zfs.in @@ -30,6 +30,13 @@ find /lib/ -type f -name "libgcc_s.so.[1-9]" | while read -r libgcc; do copy_exec "$libgcc" done +# shellcheck disable=SC2050 +if [ @LIBFETCH_DYNAMIC@ != 0 ]; then + find /lib/ -name @LIBFETCH_SONAME@ | while read -r libfetch; do + copy_exec "$libfetch" + done +fi + copy_file config "/etc/hostid" copy_file cache "@sysconfdir@/zfs/zpool.cache" copy_file config "@initconfdir@/zfs" diff --git a/contrib/initramfs/scripts/zfs b/contrib/initramfs/scripts/zfs index 82eceaedb..306e6e157 100644 --- a/contrib/initramfs/scripts/zfs +++ b/contrib/initramfs/scripts/zfs @@ -403,28 +403,25 @@ decrypt_fs() KEYSTATUS="$(get_fs_value "${ENCRYPTIONROOT}" keystatus)" # Continue only if the key needs to be loaded [ "$KEYSTATUS" = "unavailable" ] || return 0 - TRY_COUNT=3 - # If key is stored in a file, do not prompt + # Do not prompt if key is stored noninteractively, if ! [ "${KEYLOCATION}" = "prompt" ]; then $ZFS load-key "${ENCRYPTIONROOT}" # Prompt with plymouth, if active - elif [ -e /bin/plymouth ] && /bin/plymouth --ping 2>/dev/null; then + elif /bin/plymouth --ping 2>/dev/null; then echo "plymouth" > /run/zfs_console_askpwd_cmd - while [ $TRY_COUNT -gt 0 ]; do + for _ in 1 2 3; do plymouth ask-for-password --prompt "Encrypted ZFS password for ${ENCRYPTIONROOT}" | \ $ZFS load-key "${ENCRYPTIONROOT}" && break - TRY_COUNT=$((TRY_COUNT - 1)) done # Prompt with systemd, if active elif [ -e /run/systemd/system ]; then echo "systemd-ask-password" > /run/zfs_console_askpwd_cmd - while [ $TRY_COUNT -gt 0 ]; do + for _ in 1 2 3; do systemd-ask-password "Encrypted ZFS password for ${ENCRYPTIONROOT}" --no-tty | \ $ZFS load-key "${ENCRYPTIONROOT}" && break - TRY_COUNT=$((TRY_COUNT - 1)) done # Prompt with ZFS tty, otherwise |