]>
Commit | Line | Data |
---|---|---|
16692e6b | 1 | #!/bin/sh |
6fc30992 | 2 | # shellcheck disable=SC2154 |
7da8f8d8 | 3 | |
6f259b59 | 4 | # only run this on systemd systems, we handle the decrypt in mount-zfs.sh in the mount hook otherwise |
984362a7 | 5 | [ -e /bin/systemctl ] || [ -e /usr/bin/systemctl ] || return 0 |
6f259b59 | 6 | |
245529d8 AZ |
7 | # shellcheck source=zfs-lib.sh.in |
8 | . /lib/dracut-zfs-lib.sh | |
7da8f8d8 | 9 | |
245529d8 | 10 | decode_root_args || return 0 |
7da8f8d8 MT |
11 | |
12 | # There is a race between the zpool import and the pre-mount hooks, so we wait for a pool to be imported | |
245529d8 AZ |
13 | while ! systemctl is-active --quiet zfs-import.target; do |
14 | systemctl is-failed --quiet zfs-import-cache.service zfs-import-scan.service && return 1 | |
7da8f8d8 MT |
15 | sleep 0.1s |
16 | done | |
17 | ||
245529d8 AZ |
18 | BOOTFS="$root" |
19 | if [ "$BOOTFS" = "zfs:AUTO" ]; then | |
20 | BOOTFS="$(zpool get -Ho value bootfs | grep -m1 -vFx -)" | |
7da8f8d8 MT |
21 | fi |
22 | ||
fec2c613 AZ |
23 | [ "$(zpool get -Ho value feature@encryption "${BOOTFS%%/*}")" = 'active' ] || return 0 |
24 | ||
30c6dce7 AZ |
25 | _load_key_cb() { |
26 | dataset="$1" | |
27 | ||
28 | ENCRYPTIONROOT="$(zfs get -Ho value encryptionroot "${dataset}")" | |
29 | [ "${ENCRYPTIONROOT}" = "-" ] && return 0 | |
30 | ||
31 | [ "$(zfs get -Ho value keystatus "${ENCRYPTIONROOT}")" = "unavailable" ] || return 0 | |
32 | ||
33 | KEYLOCATION="$(zfs get -Ho value keylocation "${ENCRYPTIONROOT}")" | |
34 | case "${KEYLOCATION%%://*}" in | |
35 | prompt) | |
36 | for _ in 1 2 3; do | |
37 | systemd-ask-password --no-tty "Encrypted ZFS password for ${dataset}" | zfs load-key "${ENCRYPTIONROOT}" && break | |
fec2c613 | 38 | done |
30c6dce7 AZ |
39 | ;; |
40 | http*) | |
41 | systemctl start network-online.target | |
42 | zfs load-key "${ENCRYPTIONROOT}" | |
43 | ;; | |
44 | file) | |
45 | KEYFILE="${KEYLOCATION#file://}" | |
46 | [ -r "${KEYFILE}" ] || udevadm settle | |
47 | [ -r "${KEYFILE}" ] || { | |
48 | info "ZFS: Waiting for key ${KEYFILE} for ${ENCRYPTIONROOT}..." | |
49 | for _ in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20; do | |
50 | sleep 0.5s | |
51 | [ -r "${KEYFILE}" ] && break | |
52 | done | |
53 | } | |
54 | [ -r "${KEYFILE}" ] || warn "ZFS: Key ${KEYFILE} for ${ENCRYPTIONROOT} hasn't appeared. Trying anyway." | |
55 | zfs load-key "${ENCRYPTIONROOT}" | |
56 | ;; | |
57 | *) | |
58 | zfs load-key "${ENCRYPTIONROOT}" | |
59 | ;; | |
60 | esac | |
61 | } | |
62 | ||
63 | _load_key_cb "$BOOTFS" | |
64 | for_relevant_root_children "$BOOTFS" _load_key_cb |