mirror_zfs/etc/init.d/zfs-load-key.in
ogelpre d76917b2ec Add init script to load keys
Add new init scripts which allow automatic loading of keys if
keylocation property is set to a URI.

Reviewed-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Benedikt Neuffer <ogelpre@itfriend.de>
Closes #11659
Closes #11662
2022-02-10 11:04:26 -08:00

132 lines
3.0 KiB
Plaintext
Executable File

#!@DEFAULT_INIT_SHELL@
#
# zfs-load-key This script will load/unload the zfs filesystems keys.
#
# chkconfig: 2345 06 99
# description: This script will load or unload the zfs filesystems keys during
# system boot/shutdown. Only filesystems with key path set
# in keylocation property. See the zfs(8) man page for details.
# probe: true
#
### BEGIN INIT INFO
# Provides: zfs-load-key
# Required-Start: $local_fs zfs-import
# Required-Stop: $local_fs zfs-import
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# X-Start-Before: zfs-mount
# X-Stop-After: zfs-zed
# Short-Description: Load ZFS keys for filesystems and volumes
# Description: Run the `zfs load-key` or `zfs unload-key` commands.
### END INIT INFO
#
# Released under the 2-clause BSD license.
#
# This script is based on debian/zfsutils.zfs.init from the
# Debian GNU/kFreeBSD zfsutils 8.1-3 package, written by Aurelien Jarno.
# Source the common init script
. @sysconfdir@/zfs/zfs-functions
# ----------------------------------------------------
do_depend()
{
# bootmisc will log to /var which may be a different zfs than root.
before bootmisc logger zfs-mount
after zfs-import sysfs
keyword -lxc -openvz -prefix -vserver
}
# Load keys for all datasets/filesystems
do_load_keys()
{
zfs_log_begin_msg "Load ZFS filesystem(s) keys"
"$ZFS" list -Ho name,encryptionroot,keystatus,keylocation |
while IFS=" " read -r name encryptionroot keystatus keylocation; do
if [ "$encryptionroot" != "-" ] &&
[ "$name" = "$encryptionroot" ] &&
[ "$keystatus" = "unavailable" ] &&
[ "$keylocation" != "prompt" ] &&
[ "$keylocation" != "none" ]
then
zfs_action "Load key for $encryptionroot" \
"$ZFS" load-key "$encryptionroot"
fi
done
zfs_log_end_msg 0
return 0
}
# Unload keys for all datasets/filesystems
do_unload_keys()
{
zfs_log_begin_msg "Unload ZFS filesystem(s) key"
"$ZFS" list -Ho name,encryptionroot,keystatus | sed '1!G;h;$!d' |
while IFS=" " read -r name encryptionroot keystatus; do
if [ "$encryptionroot" != "-" ] &&
[ "$name" = "$encryptionroot" ] &&
[ "$keystatus" = "available" ]
then
zfs_action "Unload key for $encryptionroot" \
"$ZFS" unload-key "$encryptionroot"
fi
done
zfs_log_end_msg 0
return 0
}
do_start()
{
check_boolean "$ZFS_LOAD_KEY" || exit 0
check_module_loaded "zfs" || exit 0
do_load_keys
}
do_stop()
{
check_boolean "$ZFS_UNLOAD_KEY" || exit 0
check_module_loaded "zfs" || exit 0
do_unload_keys
}
# ----------------------------------------------------
if [ ! -e /sbin/openrc-run ]
then
case "$1" in
start)
do_start
;;
stop)
do_stop
;;
force-reload|condrestart|reload|restart|status)
# no-op
;;
*)
[ -n "$1" ] && echo "Error: Unknown command $1."
echo "Usage: $0 {start|stop}"
exit 3
;;
esac
exit $?
else
# Create wrapper functions since Gentoo don't use the case part.
depend() { do_depend; }
start() { do_start; }
stop() { do_stop; }
fi