mirror of
https://git.proxmox.com/git/mirror_zfs.git
synced 2024-12-28 11:59:34 +03:00
64025fa3a1
Commit d2bce6d03
added the 'make checkbashisms' target but did not
resolve all of the bashisms in the scripts. This commit doesn't
resolve them all either but it does fix up a few, and it excludes
the others so 'make checkstyle' no longer prints warnings. It's
a small step in the right direction.
* Dracut is Linux specific and itself depends on bash. Therefore
all dracut support scripts can be bash specific, update their
shebang accordingly.
* zed-functions.sh, zfs-import, zfs-mount, zfs-zed, smart
paxcheck.sh, make_gitrev.sh - these scripts were excuded from
the check until they can be updated and properly tested.
* zfsunlock - only whole values for sleep are allowed.
* vdev_id - removed unneeded locals; use && instead of -a.
* dkms.mkconf, dkms.postbuil - use || instead of -o.
Reviewed-by: InsanePrawn <insane.prawny@gmail.com>
Reviewed-by: Gabriel A. Devenyi <gdevenyi@gmail.com>
Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: George Melikov <mail@gmelikov.ru>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #10755
59 lines
2.6 KiB
Bash
Executable File
59 lines
2.6 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# only run this on systemd systems, we handle the decrypt in mount-zfs.sh in the mount hook otherwise
|
|
[ -e /bin/systemctl ] || return 0
|
|
|
|
# This script only gets executed on systemd systems, see mount-zfs.sh for non-systemd systems
|
|
|
|
# import the libs now that we know the pool imported
|
|
[ -f /lib/dracut-lib.sh ] && dracutlib=/lib/dracut-lib.sh
|
|
[ -f /usr/lib/dracut/modules.d/99base/dracut-lib.sh ] && dracutlib=/usr/lib/dracut/modules.d/99base/dracut-lib.sh
|
|
# shellcheck source=./lib-zfs.sh.in
|
|
. "$dracutlib"
|
|
|
|
# load the kernel command line vars
|
|
[ -z "$root" ] && root="$(getarg root=)"
|
|
# If root is not ZFS= or zfs: or rootfstype is not zfs then we are not supposed to handle it.
|
|
[ "${root##zfs:}" = "${root}" ] && [ "${root##ZFS=}" = "${root}" ] && [ "$rootfstype" != "zfs" ] && exit 0
|
|
|
|
# There is a race between the zpool import and the pre-mount hooks, so we wait for a pool to be imported
|
|
while true; do
|
|
zpool list -H | grep -q -v '^$' && break
|
|
[ "$(systemctl is-failed zfs-import-cache.service)" = 'failed' ] && exit 1
|
|
[ "$(systemctl is-failed zfs-import-scan.service)" = 'failed' ] && exit 1
|
|
sleep 0.1s
|
|
done
|
|
|
|
# run this after import as zfs-import-cache/scan service is confirmed good
|
|
# we do not overwrite the ${root} variable, but create a new one, BOOTFS, to hold the dataset
|
|
if [ "${root}" = "zfs:AUTO" ] ; then
|
|
BOOTFS="$(zpool list -H -o bootfs | awk '$1 != "-" {print; exit}')"
|
|
else
|
|
BOOTFS="${root##zfs:}"
|
|
BOOTFS="${BOOTFS##ZFS=}"
|
|
fi
|
|
|
|
# if pool encryption is active and the zfs command understands '-o encryption'
|
|
if [ "$(zpool list -H -o feature@encryption $(echo "${BOOTFS}" | awk -F\/ '{print $1}'))" = 'active' ]; then
|
|
# if the root dataset has encryption enabled
|
|
ENCRYPTIONROOT=$(zfs get -H -o value encryptionroot "${BOOTFS}")
|
|
# where the key is stored (in a file or loaded via prompt)
|
|
KEYLOCATION=$(zfs get -H -o value keylocation "${ENCRYPTIONROOT}")
|
|
if ! [ "${ENCRYPTIONROOT}" = "-" ]; then
|
|
KEYSTATUS="$(zfs get -H -o value keystatus "${ENCRYPTIONROOT}")"
|
|
# continue only if the key needs to be loaded
|
|
[ "$KEYSTATUS" = "unavailable" ] || exit 0
|
|
# if key is stored in a file, do not prompt
|
|
if ! [ "${KEYLOCATION}" = "prompt" ]; then
|
|
zfs load-key "${ENCRYPTIONROOT}"
|
|
else
|
|
# decrypt them
|
|
TRY_COUNT=5
|
|
while [ $TRY_COUNT -gt 0 ]; do
|
|
systemd-ask-password "Encrypted ZFS password for ${BOOTFS}" --no-tty | zfs load-key "${ENCRYPTIONROOT}" && break
|
|
TRY_COUNT=$((TRY_COUNT - 1))
|
|
done
|
|
fi
|
|
fi
|
|
fi
|