Allow receiver to override encryption properties in case of replication

Currently, the receiver fails to override the encryption
property for the plain replicated dataset with the error:
"cannot receive incremental stream: encryption property
'encryption' cannot be set for incremental streams.". The
problem is resolved by allowing the receiver to override
the encryption property for plain replicated send.

Signed-off-by: Ameer Hamza <ahamza@ixsystems.com>
This commit is contained in:
Ameer Hamza 2022-12-02 01:29:49 +05:00 committed by Brian Behlendorf
parent 2f2d6bece8
commit d0f350c962
2 changed files with 25 additions and 1 deletions

View File

@ -3966,6 +3966,15 @@ zfs_setup_cmdline_props(libzfs_handle_t *hdl, zfs_type_t type,
goto error; goto error;
} }
/*
* For plain replicated send, we can ignore encryption
* properties other than first stream
*/
if ((zfs_prop_encryption_key_param(prop) || prop ==
ZFS_PROP_ENCRYPTION) && !newfs && recursive && !raw) {
continue;
}
/* incremental streams can only exclude encryption properties */ /* incremental streams can only exclude encryption properties */
if ((zfs_prop_encryption_key_param(prop) || if ((zfs_prop_encryption_key_param(prop) ||
prop == ZFS_PROP_ENCRYPTION) && !newfs && prop == ZFS_PROP_ENCRYPTION) && !newfs &&
@ -4065,7 +4074,8 @@ zfs_setup_cmdline_props(libzfs_handle_t *hdl, zfs_type_t type,
if (cp != NULL) if (cp != NULL)
*cp = '\0'; *cp = '\0';
if (!raw && zfs_crypto_create(hdl, namebuf, voprops, NULL, if (!raw && !(!newfs && recursive) &&
zfs_crypto_create(hdl, namebuf, voprops, NULL,
B_FALSE, wkeydata_out, wkeylen_out) != 0) { B_FALSE, wkeydata_out, wkeylen_out) != 0) {
fnvlist_free(voprops); fnvlist_free(voprops);
ret = zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf); ret = zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf);

View File

@ -41,6 +41,9 @@ verify_runnable "both"
function cleanup function cleanup
{ {
datasetexists $TESTPOOL/encrypted && \
destroy_dataset $TESTPOOL/encrypted -r
snapexists $snap && destroy_dataset $snap -f snapexists $snap && destroy_dataset $snap -f
snapexists $snap2 && destroy_dataset $snap2 -f snapexists $snap2 && destroy_dataset $snap2 -f
@ -97,4 +100,15 @@ log_note "Verifying ZFS will not receive to an encrypted child when the" \
"parent key is unloaded" "parent key is unloaded"
log_mustnot eval "zfs send $snap | zfs receive $TESTPOOL/$TESTFS1/c4" log_mustnot eval "zfs send $snap | zfs receive $TESTPOOL/$TESTFS1/c4"
# Verify that replication can override encryption properties
log_note "Verifying replication can override encryption properties for plain dataset"
typeset key_location="/$TESTPOOL/pkey1"
log_must eval "echo $passphrase > $key_location"
log_must eval "zfs send -R $snap2 | zfs recv -s -F -o encryption=on" \
"-o keyformat=passphrase -o keylocation=file://$key_location" \
"-o mountpoint=none $TESTPOOL/encrypted"
log_must test "$(get_prop 'encryption' $TESTPOOL/encrypted)" != "off"
log_must test "$(get_prop 'keyformat' $TESTPOOL/encrypted)" == "passphrase"
log_must test "$(get_prop 'keylocation' $TESTPOOL/encrypted)" == "file://$key_location"
log_pass "ZFS can receive encrypted filesystems into child dataset" log_pass "ZFS can receive encrypted filesystems into child dataset"