mirror of
https://git.proxmox.com/git/mirror_zfs.git
synced 2024-12-27 11:29:36 +03:00
6fc3099248
Before, make shellcheck checked scripts/{commitcheck,make_gitrev,man-dates,paxcheck,zfs-helpers,zfs, zfs-tests,zimport,zloop}.sh cmd/zed/zed.d/{{all-debug,all-syslog,data-notify,generic-notify, resilver_finish-start-scrub,scrub_finish-notify, statechange-led,statechange-notify,trim_finish-notify, zed-functions}.sh,history_event-zfs-list-cacher.sh.in} cmd/zpool/zpool.d/{dm-deps,iostat,lsblk,media,ses,smart,upath} now it also checks contrib/dracut/{02zfsexpandknowledge/module-setup, 90zfs/{export-zfs,parse-zfs,zfs-needshutdown, zfs-load-key,zfs-lib,module-setup, mount-zfs,zfs-generator}}.sh.in cmd/zed/zed.d/{pool_import-led,vdev_attach-led, resilver_finish-notify,vdev_clear-led}.sh contrib/initramfs/{zfsunlock,hooks/zfs.in,scripts/local-top/zfs} tests/zfs-tests/tests/perf/scripts/prefetch_io.sh scripts/common.sh.in contrib/bpftrace/zfs-trace.sh autogen.sh Reviewed-by: John Kennedy <john.kennedy@delphix.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Closes #12042
59 lines
2.6 KiB
Bash
Executable File
59 lines
2.6 KiB
Bash
Executable File
#!/bin/sh
|
|
# shellcheck disable=SC2154
|
|
|
|
# only run this on systemd systems, we handle the decrypt in mount-zfs.sh in the mount hook otherwise
|
|
[ -e /bin/systemctl ] || [ -e /usr/bin/systemctl ] || return 0
|
|
|
|
# This script only gets executed on systemd systems, see mount-zfs.sh for non-systemd systems
|
|
|
|
# import the libs now that we know the pool imported
|
|
[ -f /lib/dracut-lib.sh ] && dracutlib=/lib/dracut-lib.sh
|
|
[ -f /usr/lib/dracut/modules.d/99base/dracut-lib.sh ] && dracutlib=/usr/lib/dracut/modules.d/99base/dracut-lib.sh
|
|
# shellcheck source=./lib-zfs.sh.in
|
|
. "$dracutlib"
|
|
|
|
# load the kernel command line vars
|
|
[ -z "$root" ] && root="$(getarg root=)"
|
|
# If root is not ZFS= or zfs: or rootfstype is not zfs then we are not supposed to handle it.
|
|
[ "${root##zfs:}" = "${root}" ] && [ "${root##ZFS=}" = "${root}" ] && [ "$rootfstype" != "zfs" ] && exit 0
|
|
|
|
# There is a race between the zpool import and the pre-mount hooks, so we wait for a pool to be imported
|
|
while [ "$(zpool list -H)" = "" ]; do
|
|
systemctl is-failed --quiet zfs-import-cache.service zfs-import-scan.service && exit 1
|
|
sleep 0.1s
|
|
done
|
|
|
|
# run this after import as zfs-import-cache/scan service is confirmed good
|
|
# we do not overwrite the ${root} variable, but create a new one, BOOTFS, to hold the dataset
|
|
if [ "${root}" = "zfs:AUTO" ] ; then
|
|
BOOTFS="$(zpool list -H -o bootfs | awk '$1 != "-" {print; exit}')"
|
|
else
|
|
BOOTFS="${root##zfs:}"
|
|
BOOTFS="${BOOTFS##ZFS=}"
|
|
fi
|
|
|
|
# if pool encryption is active and the zfs command understands '-o encryption'
|
|
if [ "$(zpool list -H -o feature@encryption "$(echo "${BOOTFS}" | awk -F/ '{print $1}')")" = 'active' ]; then
|
|
# if the root dataset has encryption enabled
|
|
ENCRYPTIONROOT="$(zfs get -H -o value encryptionroot "${BOOTFS}")"
|
|
# where the key is stored (in a file or loaded via prompt)
|
|
KEYLOCATION="$(zfs get -H -o value keylocation "${ENCRYPTIONROOT}")"
|
|
if ! [ "${ENCRYPTIONROOT}" = "-" ]; then
|
|
KEYSTATUS="$(zfs get -H -o value keystatus "${ENCRYPTIONROOT}")"
|
|
# continue only if the key needs to be loaded
|
|
[ "$KEYSTATUS" = "unavailable" ] || exit 0
|
|
# if key is stored in a file, do not prompt
|
|
if ! [ "${KEYLOCATION}" = "prompt" ]; then
|
|
if ! [ "${KEYLOCATION#http}" = "${KEYLOCATION}" ]; then
|
|
systemctl start network-online.target
|
|
fi
|
|
zfs load-key "${ENCRYPTIONROOT}"
|
|
else
|
|
# decrypt them
|
|
for _ in 1 2 3 4 5; do
|
|
systemd-ask-password "Encrypted ZFS password for ${BOOTFS}" --no-tty | zfs load-key "${ENCRYPTIONROOT}" && break
|
|
done
|
|
fi
|
|
fi
|
|
fi
|