summaryrefslogtreecommitdiffstats
path: root/man/man8/zfs.8
diff options
context:
space:
mode:
authorTom Caputi <[email protected]>2017-10-13 13:09:04 -0400
committerBrian Behlendorf <[email protected]>2018-08-15 09:48:49 -0700
commitd9c460a0b659c044d4397b7405712f2c9450d3c4 (patch)
tree973b92b7f835540f5ee722b56ff838828fd53116 /man/man8/zfs.8
parentfe8a7982ca90c3c9b8a09ec33f032527d7034a7b (diff)
Added encryption support for zfs recv -o / -x
One small integration that was absent from b52563 was support for zfs recv -o / -x with regards to encryption parameters. The main use cases of this are as follows: * Receiving an unencrypted stream as encrypted without needing to create a "dummy" encrypted parent so that encryption can be inheritted. * Allowing users to change their keylocation on receive, so long as the receiving dataset is an encryption root. * Allowing users to explicitly exclude or override the encryption property from an unencrypted properties stream, allowing it to be received as encrypted. * Receiving a recursive heirarchy of unencrypted datasets, encrypting the top-level one and forcing all children to inherit the encryption. Reviewed-by: Jorgen Lundman <[email protected]> Reviewed by: Matthew Ahrens <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Reviewed-by: Richard Elling <[email protected]> Signed-off-by: Tom Caputi <[email protected]> Closes #7650
Diffstat (limited to 'man/man8/zfs.8')
-rw-r--r--man/man8/zfs.828
1 files changed, 28 insertions, 0 deletions
diff --git a/man/man8/zfs.8 b/man/man8/zfs.8
index f1eed207f..e356fc196 100644
--- a/man/man8/zfs.8
+++ b/man/man8/zfs.8
@@ -3912,6 +3912,34 @@ results if the same property is specified in multiple
or
.Fl x
options.
+.Pp
+The
+.Fl o
+option may also be used to override encryption properties upon initial
+receive. This allows unencrypted streams to be received as encrypted datasets.
+To cause the received dataset (or root dataset of a recursive stream) to be
+received as an encryption root, specify encryption properties in the same
+manner as is required for
+.Nm
+.Cm create .
+For instance:
+.Bd -literal
+# zfs send tank/test@snap1 | zfs recv -o encryption=on -o keyformat=passphrase -o keylocation=file:///path/to/keyfile
+.Ed
+.Pp
+Note that
+.Op Fl o Ar keylocation Ns = Ns Ar prompt
+may not be specified here, since stdin is already being utilized for the send
+stream. Once the receive has completed, you can use
+.Nm
+.Cm set
+to change this setting after the fact. Similarly, you can receive a dataset as
+an encrypted child by specifying
+.Op Fl x Ar encryption
+to force the property to be inherited. Overriding encryption properties (except
+for
+.Sy keylocation Ns )
+is not possible with raw send streams.
.It Fl s
If the receive is interrupted, save the partially received state, rather
than deleting it.