diff options
| author | Tom Caputi <[email protected]> | 2017-10-13 13:09:04 -0400 |
|---|---|---|
| committer | Brian Behlendorf <[email protected]> | 2018-08-15 09:48:49 -0700 |
| commit | d9c460a0b659c044d4397b7405712f2c9450d3c4 (patch) | |
| tree | 973b92b7f835540f5ee722b56ff838828fd53116 /contrib/pyzfs | |
| parent | fe8a7982ca90c3c9b8a09ec33f032527d7034a7b (diff) | |
Added encryption support for zfs recv -o / -x
One small integration that was absent from b52563 was
support for zfs recv -o / -x with regards to encryption
parameters. The main use cases of this are as follows:
* Receiving an unencrypted stream as encrypted without
needing to create a "dummy" encrypted parent so that
encryption can be inheritted.
* Allowing users to change their keylocation on receive,
so long as the receiving dataset is an encryption root.
* Allowing users to explicitly exclude or override the
encryption property from an unencrypted properties stream,
allowing it to be received as encrypted.
* Receiving a recursive heirarchy of unencrypted datasets,
encrypting the top-level one and forcing all children to
inherit the encryption.
Reviewed-by: Jorgen Lundman <[email protected]>
Reviewed by: Matthew Ahrens <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Richard Elling <[email protected]>
Signed-off-by: Tom Caputi <[email protected]>
Closes #7650
Diffstat (limited to 'contrib/pyzfs')
| -rw-r--r-- | contrib/pyzfs/libzfs_core/_libzfs_core.py | 16 | ||||
| -rw-r--r-- | contrib/pyzfs/libzfs_core/bindings/libzfs_core.py | 6 |
2 files changed, 15 insertions, 7 deletions
diff --git a/contrib/pyzfs/libzfs_core/_libzfs_core.py b/contrib/pyzfs/libzfs_core/_libzfs_core.py index 1e38a3f32..ffc930812 100644 --- a/contrib/pyzfs/libzfs_core/_libzfs_core.py +++ b/contrib/pyzfs/libzfs_core/_libzfs_core.py @@ -1303,7 +1303,8 @@ def lzc_receive_one( @_uncommitted() def lzc_receive_with_cmdprops( snapname, fd, begin_record, force=False, resumable=False, raw=False, - origin=None, props=None, cmdprops=None, cleanup_fd=-1, action_handle=0 + origin=None, props=None, cmdprops=None, key=None, cleanup_fd=-1, + action_handle=0 ): ''' Like :func:`lzc_receive_one`, but allows the caller to pass an additional @@ -1333,6 +1334,8 @@ def lzc_receive_with_cmdprops( every other value is set locally as if the command "zfs set" was invoked immediately before the receive. :type cmdprops: dict of bytes : Any + :param key: raw bytes representing user's wrapping key + :type key: bytes :param int cleanup_fd: file descriptor used to set a cleanup-on-exit file descriptor. :param int action_handle: variable used to pass the handle for guid/ds @@ -1400,14 +1403,19 @@ def lzc_receive_with_cmdprops( props = {} if cmdprops is None: cmdprops = {} + if key is None: + key = bytes("") + else: + key = bytes(key) + nvlist = nvlist_in(props) cmdnvlist = nvlist_in(cmdprops) properrs = {} with nvlist_out(properrs) as c_errors: ret = _lib.lzc_receive_with_cmdprops( - snapname, nvlist, cmdnvlist, c_origin, force, resumable, raw, fd, - begin_record, cleanup_fd, c_read_bytes, c_errflags, - c_action_handle, c_errors) + snapname, nvlist, cmdnvlist, key, len(key), c_origin, + force, resumable, raw, fd, begin_record, cleanup_fd, c_read_bytes, + c_errflags, c_action_handle, c_errors) errors.lzc_receive_translate_errors( ret, snapname, fd, force, raw, False, False, origin, properrs) return (int(c_read_bytes[0]), action_handle) diff --git a/contrib/pyzfs/libzfs_core/bindings/libzfs_core.py b/contrib/pyzfs/libzfs_core/bindings/libzfs_core.py index a67a01ee7..55899b556 100644 --- a/contrib/pyzfs/libzfs_core/bindings/libzfs_core.py +++ b/contrib/pyzfs/libzfs_core/bindings/libzfs_core.py @@ -108,9 +108,9 @@ CDEF = """ int lzc_receive_resumable(const char *, nvlist_t *, const char *, boolean_t, boolean_t, int); int lzc_receive_with_cmdprops(const char *, nvlist_t *, nvlist_t *, - const char *, boolean_t, boolean_t, boolean_t, int, - const dmu_replay_record_t *, int, uint64_t *, uint64_t *, uint64_t *, - nvlist_t **); + uint8_t *, uint_t, const char *, boolean_t, boolean_t, + boolean_t, int, const dmu_replay_record_t *, int, uint64_t *, + uint64_t *, uint64_t *, nvlist_t **); int lzc_receive_with_header(const char *, nvlist_t *, const char *, boolean_t, boolean_t, boolean_t, int, const dmu_replay_record_t *); int lzc_release(nvlist_t *, nvlist_t **); |