diff options
author | Tom Caputi <[email protected]> | 2017-10-13 13:09:04 -0400 |
---|---|---|
committer | Brian Behlendorf <[email protected]> | 2018-08-15 09:48:49 -0700 |
commit | d9c460a0b659c044d4397b7405712f2c9450d3c4 (patch) | |
tree | 973b92b7f835540f5ee722b56ff838828fd53116 /man/man8/zfs.8 | |
parent | fe8a7982ca90c3c9b8a09ec33f032527d7034a7b (diff) |
Added encryption support for zfs recv -o / -x
One small integration that was absent from b52563 was
support for zfs recv -o / -x with regards to encryption
parameters. The main use cases of this are as follows:
* Receiving an unencrypted stream as encrypted without
needing to create a "dummy" encrypted parent so that
encryption can be inheritted.
* Allowing users to change their keylocation on receive,
so long as the receiving dataset is an encryption root.
* Allowing users to explicitly exclude or override the
encryption property from an unencrypted properties stream,
allowing it to be received as encrypted.
* Receiving a recursive heirarchy of unencrypted datasets,
encrypting the top-level one and forcing all children to
inherit the encryption.
Reviewed-by: Jorgen Lundman <[email protected]>
Reviewed by: Matthew Ahrens <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Richard Elling <[email protected]>
Signed-off-by: Tom Caputi <[email protected]>
Closes #7650
Diffstat (limited to 'man/man8/zfs.8')
-rw-r--r-- | man/man8/zfs.8 | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/man/man8/zfs.8 b/man/man8/zfs.8 index f1eed207f..e356fc196 100644 --- a/man/man8/zfs.8 +++ b/man/man8/zfs.8 @@ -3912,6 +3912,34 @@ results if the same property is specified in multiple or .Fl x options. +.Pp +The +.Fl o +option may also be used to override encryption properties upon initial +receive. This allows unencrypted streams to be received as encrypted datasets. +To cause the received dataset (or root dataset of a recursive stream) to be +received as an encryption root, specify encryption properties in the same +manner as is required for +.Nm +.Cm create . +For instance: +.Bd -literal +# zfs send tank/test@snap1 | zfs recv -o encryption=on -o keyformat=passphrase -o keylocation=file:///path/to/keyfile +.Ed +.Pp +Note that +.Op Fl o Ar keylocation Ns = Ns Ar prompt +may not be specified here, since stdin is already being utilized for the send +stream. Once the receive has completed, you can use +.Nm +.Cm set +to change this setting after the fact. Similarly, you can receive a dataset as +an encrypted child by specifying +.Op Fl x Ar encryption +to force the property to be inherited. Overriding encryption properties (except +for +.Sy keylocation Ns ) +is not possible with raw send streams. .It Fl s If the receive is interrupted, save the partially received state, rather than deleting it. |