aboutsummaryrefslogtreecommitdiffstats
path: root/contrib
Commit message (Collapse)AuthorAgeFilesLines
* Move dracut specifics to dracut moduleMichael Niewöhner2019-04-024-3/+25
| | | | | | | | | | | | Dracut depends on the environment variable BOOTFS to be set after pool import. This dracut specific systemd ExecStartPost command should not be called for any non-dracut systems, so let's move it to a static systemd unit that. Reviewed-by: Manuel Amador (Rudd-O) <[email protected]> Reviewed-by: Matthew Thode <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Michael Niewöhner <[email protected]> Closes #8510
* initramfs/debian: use panic() instead of directly calling /bin/shMichael Niewöhner2019-02-281-8/+22
| | | | | | | | | Debian has a panic() function which makes it possible to disable shell access in initramfs by setting the panic kernel parameter. Use it. Reviewed-by: Brian Behlendorf <[email protected]> Reviewed-by: Kash Pande <[email protected]> Signed-off-by: Michael Niewöhner <[email protected]> Closes #8448
* ZVOLs should not be allowed to have childrenloli10K2019-02-085-65/+139
| | | | | | | | | | | | | | | zfs create, receive and rename can bypass this hierarchy rule. Update both userland and kernel module to prevent this issue and use pyzfs unit tests to exercise the ioctls directly. Note: this commit slightly changes zfs_ioc_create() ABI. This allow to differentiate a generic error (EINVAL) from the specific case where we tried to create a dataset below a ZVOL (ZFS_ERR_WRONG_PARENT). Reviewed-by: Paul Dagnelie <[email protected]> Reviewed-by: Matt Ahrens <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Reviewed-by: Tom Caputi <[email protected]> Signed-off-by: loli10K <[email protected]>
* Add contrib/pyzfs/setup.py to .gitignoreTom Caputi2019-01-131-0/+1
| | | | | | | | | | As of 9ef798b77, setup.py is now generated from setup.py.in, but this file was never moved to the .gitignore. This patch simply corrects this issue. Reviewed-by: Neal Gompa <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Tom Caputi <[email protected]> Closes #8268
* Removed suggestion to use root dataset as bootfsGregor Kopka2019-01-081-6/+0
| | | | | | | | | | | | | | | | | The dracut howto proposed to boot from the root dataset of a pool. Apart from this giving problems when booting (as the code seems to expect a child dataset and creates an illegal dataset name when using the root dataset) the technical limitations of the root dataset (among others the inability to rename or destroy through the `zfs` command) resulted in the general consensus to only use it as a container for the datasets in the pool - not as a filesystem itself. Removed the idea to boot from the root dataset. Reviewed-by: George Melikov <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Reviewed-by: bunder2015 <[email protected]> Signed-off-by: Gregor Kopka <[email protected]> Closes #8247
* Use ZFS version for pyzfs & drop unused reqs fileNeal Gompa (ニール・ゴンパ)2019-01-083-3/+2
| | | | | | | | | | | | | | | | | Now that 'pyzfs' is part of the ZFS codebase, it should be versioned the same as the rest of the source tree. This eliminates confusion on what version of the bindings are being used, especially for dependent Python projects that may use the Python dist metadata to identify compatible versions of pyzfs to work from. In addition, a trivial change to drop the unused requirements.txt file is included, simply because it's unused and a leftover from before it was imported into the ZFS codebase and wired into the autotools build scripts. Reviewed-by: loli10K <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Neal Gompa <[email protected]> Closes #8243
* pyzfs: python3 support (build system)Brian Behlendorf2019-01-062-3/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Almost all of the Python code in the respository has been updated to be compatibile with Python 2.6, Python 3.4, or newer. The only exceptions are arc_summery3.py which requires Python 3, and pyzfs which requires at least Python 2.7. This allows us to maintain a single version of the code and support most default versions of python. This change does the following: * Sets the default shebang for all Python scripts to python3. If only Python 2 is available, then at install time scripts which are compatible with Python 2 will have their shebangs replaced with /usr/bin/python. This is done for compatibility until Python 2 goes end of life. Since only the installed versions are changed this means Python 3 must be installed on the system for test-runner when testing in-tree. * Added --with-python=<2|3|3.4,etc> configure option which sets the PYTHON environment variable to target a specific python version. By default the newest installed version of Python will be used or the preferred distribution version when creating pacakges. * Fixed --enable-pyzfs configure checks so they are run when --enable-pyzfs=check and --enable-pyzfs=yes. * Enabled pyzfs for Python 3.4 and newer, which is now supported. * Renamed pyzfs package to python<VERSION>-pyzfs and updated to install in the appropriate site location. For example, when building with --with-python=3.4 a python34-pyzfs will be created which installs in /usr/lib/python3.4/site-packages/. * Renamed the following python scripts according to the Fedora guidance for packaging utilities in /bin - dbufstat.py -> dbufstat - arcstat.py -> arcstat - arc_summary.py -> arc_summary - arc_summary3.py -> arc_summary3 * Updated python-cffi package name. On CentOS 6, CentOS 7, and Amazon Linux it's called python-cffi, not python2-cffi. For Python3 it's called python3-cffi or python3x-cffi. * Install one version of arc_summary. Depending on the version of Python available install either arc_summary2 or arc_summary3 as arc_summary. The user output is only slightly different. Reviewed-by: John Ramsden <[email protected]> Reviewed-by: Neal Gompa <[email protected]> Reviewed-by: loli10K <[email protected]> Signed-off-by: Brian Behlendorf <[email protected]> Closes #8096
* pyzfs: python3 support (unit tests)Brian Behlendorf2019-01-062-944/+978
| | | | | | | | | | | | | | | | | | * Updated unit tests to be compatbile with python 2 or 3. In most cases all that was required was to add the 'b' prefix to existing strings to convert them to type bytes for python 3 compatibility. * There were several places where the python version need to be checked to remain compatible with pythong 2 and 3. Some one more seasoned with Python may be able to find a way to rewrite these statements in a compatible fashion. Reviewed-by: John Ramsden <[email protected]> Reviewed-by: Neal Gompa <[email protected]> Reviewed-by: loli10K <[email protected]> Signed-off-by: John Wren Kennedy <[email protected]> Signed-off-by: Brian Behlendorf <[email protected]> Closes #8096
* pyzfs: python3 support (library 2/2)Brian Behlendorf2019-01-064-23/+23
| | | | | | | | | | | * All pool, dataset, and nvlist keys must be of type bytes. Reviewed-by: John Ramsden <[email protected]> Reviewed-by: Neal Gompa <[email protected]> Reviewed-by: loli10K <[email protected]> Signed-off-by: John Kennedy <[email protected]> Signed-off-by: Brian Behlendorf <[email protected]> Closes #8096
* pyzfs: python3 support (library 1/2)Antonio Russo2019-01-0613-122/+141
| | | | | | | | | | | | | | | | | | These changes are efficient and valid in python 2 and 3. For the most part, they are also pythonic. * 2to3 conversion * add __future__ imports * iterator changes * integer division * relative import fixes Reviewed-by: John Ramsden <[email protected]> Reviewed-by: Neal Gompa <[email protected]> Reviewed-by: loli10K <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Antonio Russo <[email protected]> Closes #8096
* OpenZFS 9630 - add lzc_rename and lzc_destroy to libzfs_coreAndriy Gapon2018-12-142-13/+5
| | | | | | | | | | | | | | | | | | | | Porting Notes: * Additional changes to recv_rename_impl() were required due to encryption code not being merged in OpenZFS yet. * libzfs_core python bindings (pyzfs) were updated to fully support both lzc_rename() and lzc_destroy() Authored by: Andriy Gapon <[email protected]> Reviewed by: Andy Stormont <[email protected]> Reviewed by: Matt Ahrens <[email protected]> Reviewed by: Serapheim Dimitropoulos <[email protected]> Reviewed by: Brian Behlendorf <[email protected]> Approved by: Dan McDonald <[email protected]> Ported-by: loli10K <[email protected]> OpenZFS-issue: https://www.illumos.org/issues/9630 OpenZFS-commit: https://github.com/openzfs/openzfs/commit/049ba63 Closes #8207
* Add `cut` binary to the initramfsBen Cordero2018-12-132-2/+3
| | | | | | | | | | | | | | Since the `cut -b` command is used by `parse-zfs.sh`, ensure that it is copied to the initramfs. Fix spl_hostid when set by cmdline. This follows a similar logic from the `zgenhostid` script, using `echo` instead of `printf`. Reviewed-by: Olaf Faaland <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Ben Cordero <[email protected]> Closes #8197
* Allow spaces in pool names for cmdline argumentkpande2018-11-111-0/+3
| | | | | | | | | | | | | | | | | | | | | PR #8114 quoted the ${ENCRYPTIONROOT} parameter to ensure we don't lose spaces when unlocking root filesystem in the off chance that it has a space in its name. Unfortunately, dracut and initramfs-tools do not actually get the quotes from the cmdline. If we use root=ZFS="root pool/filesystem name" the script still only sees root=ZFS=root and no quotation marks. Because + is a reserved character in ZFS, it's used as a placeholder for spaces in the kernel cmdline. In this way, root=ZFS=root+pool/filesystem+name will properly expand by replacing the character with sed (POSIX compliant method). Reviewed-by: Brian Behlendorf <[email protected]> Reviewed-by: bunder2015 <[email protected]> Signed-off-by: Kash Pande <[email protected]> Issue #8114 Closes #8117
* Make initramfs-tools script encryption awareGarrett Fields2018-11-091-64/+34
| | | | | | | | | | | | | | | | | Changed decrypt_fs zfs command to "load-key" Plymouth case code based on "contrib/dracut/90zfs/zfs-lib.sh.in" Systemd case based on "contrib/dracut/90zfs/zfs-load-key.sh.in" Cleaned up misspelling of "available" throughout Code style fixes Single quote for ${ENCRYPTIONROOT} Changed "${DECRYPT_CMD}" to "eval ${DECRYPT_CMD}" Reviewed-by: Kash Pande <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Reviewed-by: Tom Caputi <[email protected]> Reviewed-by: Richard Laager <[email protected]> Signed-off-by: Garrett Fields <[email protected]> Closes #8093
* Add quotations for ${ENCRYPTIONROOT}kpande2018-11-091-1/+1
| | | | | | | | | | | | Add quotations for ${ENCRYPTIONROOT} to avoid breaking systems with a space in the name. Reviewed-by: bunder2015 <[email protected]> Reviewed-by: Tom Caputi <[email protected]> Reviewed-by: George Melikov <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Kash Pande <[email protected]> Related-to: #8093 Closes #8114
* Allow use of pool GUID as root poolGeorge Melikov2018-10-231-1/+10
| | | | | | | | | | | | | It's helpful if there are pools with same names, but you need to use only one of them. Main case is twin servers, meanwhile some software requires the same name of pools (e.g. Proxmox). Reviewed-by: Kash Pande <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: George Melikov <[email protected]> Signed-off-by: Igor ‘guardian’ Lidin of Moscow, Russia Closes #8052
* Check scheduler for "noop" before setting "noop"Garrett Fields2018-10-101-1/+1
| | | | | | | | | | | | | | | Originally code only checked for presence of "/sys/block/$i/queue/ scheduler". "sh: write error: Invalid argument" was produced when trying to set "noop" on certain devices (eg. virtio) when it isn't a listed option. This modification continues to check for the presence of "/sys/block/$i/queue/scheduler" and also checks that it contains "noop" as an option before setting "noop". Reviewed-by: Richard Laager <[email protected]> Reviewed-by: Tony Hutter <[email protected]> Reviewed-by: George Melikov <[email protected]> Reviewed-by: Richard Elling <[email protected]> Signed-off-by: Garrett Fields <[email protected]> Closes #8004
* pyzfs: add missing libzfs_core functionsLOLi2018-08-207-1/+148
| | | | | | | | | This change adds the following libzfs_core functions to pyzfs: lzc_remap, lzc_pool_checkpoint, lzc_pool_checkpoint_discard Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: loli10K <[email protected]> Closes #7793 Closes #7800
* Added encryption support for zfs recv -o / -xTom Caputi2018-08-152-7/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | One small integration that was absent from b52563 was support for zfs recv -o / -x with regards to encryption parameters. The main use cases of this are as follows: * Receiving an unencrypted stream as encrypted without needing to create a "dummy" encrypted parent so that encryption can be inheritted. * Allowing users to change their keylocation on receive, so long as the receiving dataset is an encryption root. * Allowing users to explicitly exclude or override the encryption property from an unencrypted properties stream, allowing it to be received as encrypted. * Receiving a recursive heirarchy of unencrypted datasets, encrypting the top-level one and forcing all children to inherit the encryption. Reviewed-by: Jorgen Lundman <[email protected]> Reviewed by: Matthew Ahrens <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Reviewed-by: Richard Elling <[email protected]> Signed-off-by: Tom Caputi <[email protected]> Closes #7650
* Use zfs-import.target in contrib/dracutAntonio Russo2018-07-312-5/+10
| | | | | | | | | The new zfs-import.target should be used in place of the zfs-import-*.service units. Reviewed by: Brian Behlendorf <[email protected]> Reviewed-by: Manuel Amador (Rudd-O) <[email protected]> Signed-off-by: Antonio Russo <[email protected]> Closes #6964
* Fix initramfs missing systemd binariesGeorge Diamantopoulos2018-07-271-0/+2
| | | | | | | | | | | | | Systemd binaries necessary for mounting an encrypted root dataset weren't copied to initramfs generated by dracut. This patch fixes this and copies these binaries unconditionally, that is regardless of whether native ZFS encryption is used for the root dataset. Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: George Diamantopoulos <[email protected]> Closes #7607 Closes #7719
* Add pyzfs build directories to gitignoreTom Caputi2018-06-112-0/+3
| | | | | | | | | | | The recent addition of pyzfs does not include the generated 'build' and 'pyzfs.egg-info' directories in the pyzfs .gitignore or the 'make clean' target. This patch simply corrects this problem. Reviewed-by: George Melikov <[email protected]> Reviewed-by: loli10K <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Tom Caputi <[email protected]> Closes #7612
* Install basename utility into dracut initramfsSteffen Müthing2018-05-291-0/+1
| | | | | | | | | | | | | vdev_id requires the program `basename` when handling short aliases defined in `vdev_id.conf` (those defined without a leading path), but `basename` is not always available in the dracut environment. This causes the pool device names to change when using `by-vdev/` devices or (in extreme cases) can make the pool import fail in dracut. This commit fixes the problem by explicitly installing `basename`. Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Steffen Müthing <[email protected]> Closes #7562
* Prevent `make distclean` removing 0 sized fileTomohiro Kusumi2018-05-061-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | __init__.py used by Python packages typically has nothing in it including contrib/pyzfs/libzfs_core/test/__init__.py, however this causes `make distclean` to delete the file. This is the only file with size 0, and it seems reasonable to have a comment to avoid being deleted, rather than trying to modify distclean behavior. # find . -size 0 ./contrib/pyzfs/libzfs_core/test/__init__.py # ./autogen.sh ; ./configure ; make -j8 # make distclean # ls contrib/pyzfs/libzfs_core/test/__init__.py ls: cannot access 'contrib/pyzfs/libzfs_core/test/__init__.py': No such file or directory # git diff diff --git a/contrib/pyzfs/libzfs_core/test/__init__.py b/contrib/pyzfs/libzfs_core/test/__init__.py deleted file mode 100644 Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Tomohiro Kusumi <[email protected]> Closes #7505
* Adopt pyzfs from ClusterHQloli10K2018-05-0119-568/+2320
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit introduces several changes: * Update LICENSE and project information * Give a good PEP8 talk to existing Python source code * Add RPM/DEB packaging for pyzfs * Fix some outstanding issues with the existing pyzfs code caused by changes in the ABI since the last time the code was updated * Integrate pyzfs Python unittest with the ZFS Test Suite * Add missing libzfs_core functions: lzc_change_key, lzc_channel_program, lzc_channel_program_nosync, lzc_load_key, lzc_receive_one, lzc_receive_resumable, lzc_receive_with_cmdprops, lzc_receive_with_header, lzc_reopen, lzc_send_resume, lzc_sync, lzc_unload_key, lzc_remap Note: this commit slightly changes zfs_ioc_unload_key() ABI. This allow to differentiate the case where we tried to unload a key on a non-existing dataset (ENOENT) from the situation where a dataset has no key loaded: this is consistent with the "change" case where trying to zfs_ioc_change_key() from a dataset with no key results in EACCES. Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: loli10K <[email protected]> Closes #7230
* Import pyzfs source code from ClusterHQAndriy Gapon2018-05-0118-0/+7965
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | libzfs_core is intended to be a stable interface for programmatic administration of ZFS. This wrapper provides one-to-one wrappers for libzfs_core API functions, but the signatures and types are more natural to Python. nvlists are wrapped as dictionaries or lists depending on their usage. Some parameters have default values depending on typical use for increased convenience. Enumerations and bit flags become strings and lists of strings in Python. Errors are reported as exceptions rather than integer errno-style error codes. The wrapper takes care to provide one-to-many mapping of the error codes to the exceptions by interpreting a context in which the error code is produced. Unit tests and automated test for the libzfs_core API are provided with this package. Please note that the API tests perform lots of ZFS dataset level operations and ZFS tries hard to ensure that any modifications do reach stable storage. That means that the operations are done synchronously and that, for example, disk caches are flushed. Thus, the tests can be very slow on real hardware. It is recommended to place the default temporary directory or a temporary directory specified by, for instance, TMP environment variable on a memory backed filesystem. Original-patch-by: Andriy Gapon <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Ported-by: loli10K <[email protected]> Signed-off-by: loli10K <[email protected]> Closes #7230
* Fix "file is executable, but no shebang" warningsTony Hutter2018-04-061-2/+2
| | | | | | | | | | | | | Fedora 28's RPM build checks warn when executable files don't have a shebang line. These warnings are caused when we (incorrectly) include data & config files in the_SCRIPTS automake lines. Files in _SCRIPTS are marked executable by automake. This patch fixes the issue by including non-executable scripts in a _DATA line instead. Reviewed-by: Brian Behlendorf <[email protected]> Reviewed-by: Giuseppe Di Natale <[email protected]> Signed-off-by: Tony Hutter <[email protected]> Closes #7359 Closes #7395
* modprobe zfs during dracut mountkpande2018-03-221-0/+1
| | | | | | | | | | | Resolves importing root pool during boot in dracut. This case was inadvertently broken with the module autoloading change in #7287. Reviewed-by: Matthew Thode <[email protected]> Reviewed-by: George Melikov <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Reviewed-by: Giuseppe Di Natale <[email protected]> Signed-off-by: Kash Pande <[email protected]> Closes #7322
* Fix some typosJohn Eismeier2018-02-281-1/+1
| | | | | | | Reviewed-by: Giuseppe Di Natale <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Reviewed by: George Melikov <[email protected]> Signed-off-by: John Eismeier <[email protected]> Closes #7237
* Shellcheck cleanup for initrd scriptsKash Pande2018-02-236-101/+98
| | | | | | | | | Reviewed-by: Brian Behlendorf <[email protected]> Co-authored-by: Kash Pande <[email protected]> Co-authored-by: Matthew Thode <[email protected]> Signed-off-by: Kash Pande <[email protected]> Signed-off-by: Matthew Thode <[email protected]> Closes #7214
* Enable booting from nested encrypted datasetsKash Pande2018-02-233-33/+82
| | | | | | | | | | | | - enable booting from nested encrypted datasets - fix plymouth boot splash passphrase entry - optimize unlock process Co-authored-by: Kash Pande <[email protected]> Co-authored-by: Matthew Thode <[email protected]> Signed-off-by: Kash Pande <[email protected]> Signed-off-by: Matthew Thode <[email protected]> Closes #7214
* contrib/initramfs: add missing conf.d/zfsLOLi2018-02-122-2/+12
| | | | | | | | | | When upgrading from the distribution-provided zfs-initramfs package on root-on-zfs Ubuntu and Debian the system may fail to boot: this change adds the missing initramfs configuration file. Reviewed-by: Brian Behlendorf <[email protected]> Reviewed-by: Richard Laager <[email protected]> Signed-off-by: loli10K <[email protected]> Closes #7158
* OpenZFS 7431 - ZFS Channel ProgramsChris Williamson2018-02-082-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Authored by: Chris Williamson <[email protected]> Reviewed by: Matthew Ahrens <[email protected]> Reviewed by: George Wilson <[email protected]> Reviewed by: John Kennedy <[email protected]> Reviewed by: Dan Kimmel <[email protected]> Approved by: Garrett D'Amore <[email protected]> Ported-by: Don Brady <[email protected]> Ported-by: John Kennedy <[email protected]> OpenZFS-issue: https://www.illumos.org/issues/7431 OpenZFS-commit: https://github.com/openzfs/openzfs/commit/dfc11533 Porting Notes: * The CLI long option arguments for '-t' and '-m' don't parse on linux * Switched from kmem_alloc to vmem_alloc in zcp_lua_alloc * Lua implementation is built as its own module (zlua.ko) * Lua headers consumed directly by zfs code moved to 'include/sys/lua/' * There is no native setjmp/longjump available in stock Linux kernel. Brought over implementations from illumos and FreeBSD * The get_temporary_prop() was adapted due to VFS platform differences * Use of inline functions in lua parser to reduce stack usage per C call * Skip some ZFS Test Suite ZCP tests on sparc64 to avoid stack overflow
* Only run pre-mount hook zfs-load-key on systemdMatthew Thode2018-02-071-0/+3
| | | | | | | | Reviewed-by: Kash Pande <[email protected]> Reviewed-by: bunder2015 <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Matthew Thode <[email protected]> Closes #7136 Closes #7140
* Add zfs-load-key.sh to .gitignoreBrian Behlendorf2018-02-062-53/+2
| | | | | | | | | | | The generated zfs-load-key.sh file should have been added to the .gitignore file as part of commit 7da8f8d8. And the generated file should not be included in the repo. Reviewed-by: Matthew Thode <[email protected]> Reviewed-by: Giuseppe Di Natale <[email protected]> Reviewed by: George Melikov <[email protected]> Signed-off-by: Brian Behlendorf <[email protected]> Closes #7134
* Encryption Stability and On-Disk Format FixesTom Caputi2018-02-021-0/+52
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The on-disk format for encrypted datasets protects not only the encrypted and authenticated blocks themselves, but also the order and interpretation of these blocks. In order to make this work while maintaining the ability to do raw sends, the indirect bps maintain a secure checksum of all the MACs in the block below it along with a few other fields that determine how the data is interpreted. Unfortunately, the current on-disk format erroneously includes some fields which are not portable and thus cannot support raw sends. It is not possible to easily work around this issue due to a separate and much smaller bug which causes indirect blocks for encrypted dnodes to not be compressed, which conflicts with the previous bug. In addition, the current code generates incompatible on-disk formats on big endian and little endian systems due to an issue with how block pointers are authenticated. Finally, raw send streams do not currently include dn_maxblkid when sending both the metadnode and normal dnodes which are needed in order to ensure that we are correctly maintaining the portable objset MAC. This patch zero's out the offending fields when computing the bp MAC and ensures that these MACs are always calculated in little endian order (regardless of the host system's byte order). This patch also registers an errata for the old on-disk format, which we detect by adding a "version" field to newly created DSL Crypto Keys. We allow datasets without a version (version 0) to only be mounted for read so that they can easily be migrated. We also now include dn_maxblkid in raw send streams to ensure the MAC can be maintained correctly. This patch also contains minor bug fixes and cleanups. Reviewed-by: Jorgen Lundman <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Reviewed by: Matthew Ahrens <[email protected]> Signed-off-by: Tom Caputi <[email protected]> Closes #6845 Closes #6864 Closes #7052
* Update README.initramfs.markdownBrian Behlendorf2018-01-261-5/+5
| | | | | | | | | Fix several typos and grammar. Reviewed-by: Giuseppe Di Natale <[email protected]> Reviewed by: George Melikov <[email protected]> Signed-off-by: Arno van Wyk <[email protected]> Signed-off-by: Brian Behlendorf <[email protected]> Closes #7080
* Run zfs load-key if needed in dracutMatthew Thode2018-01-186-11/+90
| | | | | | | | | | | | | | | | 'zfs load-key -a' will only be called if needed. If a dataset not needed for boot does not have its key loaded (home directories for example) boot can still continue. zfs:AUTO was not working via dracut, so we still need the generator script to do its thing. Reviewed-by: Richard Yao <[email protected]> Reviewed-by: Manuel Amador (Rudd-O) <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Reviewed-by: loli10K <[email protected]> Signed-off-by: Matthew Thode <[email protected]> Closes #6982 Closes #7004
* Honor --with-mounthelperdir where applicableLOLi2017-12-174-6/+6
| | | | | | Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Giuseppe Di Natale <[email protected]> Signed-off-by: loli10K <[email protected]> Closes #6962
* Add /usr/bin/env to COPY_EXEC_LIST initramfs hookJKDingwall2017-12-041-0/+1
| | | | | | | | | | | | | 5dc1ff29 changed the user space program to mount a zfs snapshot from /bin/sh to /usr/bin/env. If the executable is not present in the initramfs then snapshots cannot be automounted. Reviewed-by: George Melikov <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Reviewed-by: Richard Laager <[email protected]> Reviewed-by: Giuseppe Di Natale <[email protected]> Signed-off-by: James Dingwall <[email protected]> Closes #5360 Closes #6913
* initramfs: Honor canmount=offRichard Laager2017-11-281-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | The initramfs script was not honoring canmount=off. With this change, it does. If the administrator has asked that a filesystem not be mounted, that should be honored. As an exception, the initramfs script ignores canmount=off on the rootfs. The rootfs should not have canmount=off set either. However, mounting it anyway seems harmless because it is being asked for explicitly. The point of this exception is to avoid the risk of breaking existing systems, just in case someone has canmount=off set on their rootfs. The initramfs still mounts filesystems with canmount=noauto. This is necessary because it is typical to set that on the rootfs so that it can be cloned. Without canmount=noauto, the clones' duplicate mountpoints would conflict. This is the remainder of the fix for: https://github.com/zfsonlinux/pkg-zfs/issues/221 Reviewed-by: Brian Behlendorf <[email protected]> Reviewed-by: George Melikov <[email protected]> Signed-off-by: Richard Laager <[email protected]> Closes #6897
* initramfs: Honor mountpoint=none/legacyRichard Laager2017-11-281-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For filesystems that are children of the rootfs, when mountpoint=none or mountpoint=legacy, the initrafms script would assume a mountpoint based on the dataset path. Given that the rootfs should have mountpoint=/ and mountpoint inheritance is is the default behavior of ZFS, this behavior seems unnecessary. In any event, it turns mountpoint=none into a no-op. That removes this option from the administrator, and if someone uses it, it does not work as expected. Worse yet, if the mountpoint directory does not exist (which is the typical case for mountpoint=none), the mounting and thus the boot process will fail. For the case of mountpoint=legacy, the assumed mountpoint may not be the correct value set in /etc/fstab. This change makes the initramfs script not mount the filesystem in either case. For mountpoint=none, this means we are correctly honoring the setting. For mountpoint=legacy, there are two scenarios: If canmount=on, the filesystem will be mounted by the normal mechanisms later in the boot process. If canmount=noauto, the filesystem will not be mounted at all, unless the administrator has done something special. If they're not doing something special and they want it mounted by the initramfs, they can simply not set mountpoint=legacy. This is part of the fix for: https://github.com/zfsonlinux/pkg-zfs/issues/221 Reviewed-by: Brian Behlendorf <[email protected]> Reviewed-by: George Melikov <[email protected]> Signed-off-by: Richard Laager <[email protected]> Closes #6897
* contrib/initramfs: switch to automakeLOLi2017-11-078-14/+62
| | | | | | | Use automake to build initramfs scripts and hooks. Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: loli10K <[email protected]> Closes #6761
* initramfs: Set elevator=noop on the rpool's disksRichard Laager2017-11-011-0/+18
| | | | | | | | | | | ZFS already sets elevator=noop for wholedisk vdevs (for all pools), but typical root-on-ZFS installations use partitions. This sets elevator=noop on the disks in the root pool. Ubuntu 16.04 and 16.10 had this. It was lost in 17.04 due to Debian switching to this upstream initramfs script. Signed-off-by: Richard Laager <[email protected]>
* initramfs: Fix a spelling errorRichard Laager2017-11-011-1/+1
| | | | | | This fixes a typo in a comment. Signed-off-by: Richard Laager <[email protected]>
* initramfs: Fix inconsistent whitespaceRichard Laager2017-11-011-1/+1
| | | | | | This fixes one instance of inconsistent whitespace. Signed-off-by: Richard Laager <[email protected]>
* Post-Encryption FollowupBrian Behlendorf2017-10-131-0/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR includes fixes for bugs and documentation issues found after the encryption patch was merged and general code improvements for long-term maintainability. Reviewed-by: Jorgen Lundman <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Tom Caputi <[email protected]> Issue #6526 Closes #6639 Closes #6703 Cloese #6706 Closes #6714 Closes #6595
| * Encryption patch follow-upTom Caputi2017-10-111-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PBKDF2 implementation changed to OpenSSL implementation. * HKDF implementation moved to its own file and tests added to ensure correctness. * Removed libzfs's now unnecessary dependency on libzpool and libicp. * Ztest can now create and test encrypted datasets. This is currently disabled until issue #6526 is resolved, but otherwise functions as advertised. * Several small bug fixes discovered after enabling ztest to run on encrypted datasets. * Fixed coverity defects added by the encryption patch. * Updated man pages for encrypted send / receive behavior. * Fixed a bug where encrypted datasets could receive DRR_WRITE_EMBEDDED records. * Minor code cleanups / consolidation. Signed-off-by: Tom Caputi <[email protected]>
* | Explicitly depend on icp module in initramfs hookAntonio Russo2017-10-121-1/+1
| | | | | | | | | | | | | | | | | | | | Automatic dependency resolution is unreliable on many systems. Follow suit with existing code, and explicitly include icp in module dependencies. Reviewed-by: George Melikov <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Antonio Russo <[email protected]> Closes #6751
* | Fix boot from ZFS issuesaun2017-10-112-3/+3
|/ | | | | | | | | | * Correct ZFS snapshot listing * Disable "lvm is not available" message on quiet boot Reviewed-by: George Melikov <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Alar Aun <[email protected]> Closes #6700 Closes #6747