c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2026-05-31 03:04:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

Browse Source 
Add support for http and https to the keylocation properly to
allow encryption keys to be fetched from the specified URL.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Ryan Moeller <ryan@ixsystems.com>
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Issue #9543
Closes #9947
Closes #11956
This commit is contained in:
наб
2021-05-13 06:21:35 +02:00
committed by Tony Hutter
parent 9b185de6fa
commit 9cbc2ed20f
31 changed files with 585 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files
contrib/dracut/90zfs/zfs-load-key.sh.in
+4 -3
View File
@@ -43,13 +43,14 @@ if [ "$(zpool list -H -o feature@encryption "${BOOTFS%%/*}")" = 'active' ]; then
KEYLOCATION="$(zfs get -H -o value keylocation "${ENCRYPTIONROOT}")"
if ! [ "${KEYLOCATION}" = "prompt" ]; then
if ! [ "${KEYLOCATION#http}" = "${KEYLOCATION}" ]; then
systemctl start network-online.target
fi
zfs load-key "${ENCRYPTIONROOT}"
else
# decrypt them
TRY_COUNT=5
while [ $TRY_COUNT -gt 0 ]; do
for _ in 1 2 3 4 5; do
systemd-ask-password "Encrypted ZFS password for ${BOOTFS}" --no-tty | zfs load-key "${ENCRYPTIONROOT}" && break
TRY_COUNT=$((TRY_COUNT - 1))
done
fi
fi