granicus.if.org Git - zfs/commit

author	Antonio Russo <antonio.e.russo@gmail.com>
	Sun, 2 Jun 2019 12:57:10 +0000 (08:57 -0400)
committer	Brian Behlendorf <behlendorf1@llnl.gov>
	Mon, 15 Jul 2019 23:31:47 +0000 (16:31 -0700)
commit	f88d069cbbbdff9a67a9be523cfb470cef707e07
tree	217fbde73bf8b3f58dcc3d76e68ff3a4c97ec1fb	tree \| snapshot
parent	6993e012025c68e4ce0657f84fb47fe96c436735	commit \| diff

systemd encryption key support

Modify zfs-mount-generator to produce a dependency on new
zfs-import-key-*.service units, dynamically created at boot to call
zfs load-key for the encryption root, before attempting to mount any
encrypted datasets.

These units are created by zfs-mount-generator, and RequiresMountsFor on
the keyfile, if present, or call systemd-ask-password if a passphrase is
requested.

This patch includes suggestions from @Fabian-Gruenbichler, @ryanjaeb and
@rlaager, as well an adaptation of @rlaager's script to retry on
incorrect password entry.

Reviewed-by: Richard Laager <rlaager@wiktel.com>
Reviewed-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Antonio Russo <antonio.e.russo@gmail.com>
Closes #8750
Closes #8848

cmd/zed/zed.d/history_event-zfs-list-cacher.sh.in		diff \| blob \| history
etc/systemd/system-generators/zfs-mount-generator.in		diff \| blob \| history
man/man8/zfs-mount-generator.8.in		diff \| blob \| history