c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2025-10-26 18:05:04 +03:00
Code Issues Packages Projects Releases Wiki Activity

Allow receiver to override encryption properties in case of replication

Browse Source 
Currently, the receiver fails to override the encryption
property for the plain replicated dataset with the error:
"cannot receive incremental stream: encryption property
'encryption' cannot be set for incremental streams.". The
problem is resolved by allowing the receiver to override
the encryption property for plain replicated send.

Signed-off-by: Ameer Hamza <ahamza@ixsystems.com>
This commit is contained in:
Ameer Hamza 2022-12-02 01:29:49 +05:00 committed by Brian Behlendorf
parent 2f2d6bece8
commit d0f350c962
2 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/libzfs/libzfs_sendrecv.c
View File

@ -3966,6 +3966,15 @@ zfs_setup_cmdline_props(libzfs_handle_t *hdl, zfs_type_t type,
goto error; goto error;
} }
/*
* For plain replicated send, we can ignore encryption
* properties other than first stream
*/
if ((zfs_prop_encryption_key_param(prop) || prop ==
ZFS_PROP_ENCRYPTION) && !newfs && recursive && !raw) {
continue;
}
/* incremental streams can only exclude encryption properties */ /* incremental streams can only exclude encryption properties */
if ((zfs_prop_encryption_key_param(prop) || if ((zfs_prop_encryption_key_param(prop) ||
prop == ZFS_PROP_ENCRYPTION) && !newfs && prop == ZFS_PROP_ENCRYPTION) && !newfs &&
@ -4065,7 +4074,8 @@ zfs_setup_cmdline_props(libzfs_handle_t *hdl, zfs_type_t type,
if (cp != NULL) if (cp != NULL)
*cp = '\0'; *cp = '\0';
if (!raw && zfs_crypto_create(hdl, namebuf, voprops, NULL, if (!raw && !(!newfs && recursive) &&
zfs_crypto_create(hdl, namebuf, voprops, NULL,
B_FALSE, wkeydata_out, wkeylen_out) != 0) { B_FALSE, wkeydata_out, wkeylen_out) != 0) {
fnvlist_free(voprops); fnvlist_free(voprops);
ret = zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf); ret = zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf);

14
tests/zfs-tests/tests/functional/cli_root/zfs_receive/zfs_receive_to_encrypted.ksh
View File

@ -41,6 +41,9 @@ verify_runnable "both"
function cleanup function cleanup
{ {
datasetexists $TESTPOOL/encrypted && \
destroy_dataset $TESTPOOL/encrypted -r
snapexists $snap && destroy_dataset $snap -f snapexists $snap && destroy_dataset $snap -f
snapexists $snap2 && destroy_dataset $snap2 -f snapexists $snap2 && destroy_dataset $snap2 -f
@ -97,4 +100,15 @@ log_note "Verifying ZFS will not receive to an encrypted child when the" \
"parent key is unloaded" "parent key is unloaded"
log_mustnot eval "zfs send $snap | zfs receive $TESTPOOL/$TESTFS1/c4" log_mustnot eval "zfs send $snap | zfs receive $TESTPOOL/$TESTFS1/c4"
# Verify that replication can override encryption properties
log_note "Verifying replication can override encryption properties for plain dataset"
typeset key_location="/$TESTPOOL/pkey1"
log_must eval "echo $passphrase > $key_location"
log_must eval "zfs send -R $snap2 | zfs recv -s -F -o encryption=on" \
"-o keyformat=passphrase -o keylocation=file://$key_location" \
"-o mountpoint=none $TESTPOOL/encrypted"
log_must test "$(get_prop 'encryption' $TESTPOOL/encrypted)" != "off"
log_must test "$(get_prop 'keyformat' $TESTPOOL/encrypted)" == "passphrase"
log_must test "$(get_prop 'keylocation' $TESTPOOL/encrypted)" == "file://$key_location"
log_pass "ZFS can receive encrypted filesystems into child dataset" log_pass "ZFS can receive encrypted filesystems into child dataset"