granicus.if.org Git - zfs/commit

author	Antonio Russo <antonio.e.russo@gmail.com>
	Sun, 2 Jun 2019 12:57:10 +0000 (08:57 -0400)
committer	Tony Hutter <hutter2@llnl.gov>
	Wed, 25 Sep 2019 18:27:49 +0000 (11:27 -0700)
commit	af7a5672c3d1ef17d352627e64c24d762da919e3
tree	f5e54a1a7b9cf3184427c5a71f675cc67b13ca56	tree \| snapshot
parent	73e50a7d5ddb20e20fd1eab23f00f26f85bd717a	commit \| diff

systemd encryption key support

Modify zfs-mount-generator to produce a dependency on new
zfs-import-key-*.service units, dynamically created at boot to call
zfs load-key for the encryption root, before attempting to mount any
encrypted datasets.

These units are created by zfs-mount-generator, and RequiresMountsFor on
the keyfile, if present, or call systemd-ask-password if a passphrase is
requested.

This patch includes suggestions from @Fabian-Gruenbichler, @ryanjaeb and
@rlaager, as well an adaptation of @rlaager's script to retry on
incorrect password entry.

Reviewed-by: Richard Laager <rlaager@wiktel.com>
Reviewed-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Antonio Russo <antonio.e.russo@gmail.com>
Closes #8750
Closes #8848

cmd/zed/zed.d/history_event-zfs-list-cacher.sh.in		diff \| blob \| history
etc/systemd/system-generators/zfs-mount-generator.in		diff \| blob \| history
man/man8/zfs-mount-generator.8.in		diff \| blob \| history