goto error;
}
+ /*
+ * For plain replicated send, we can ignore encryption
+ * properties other than first stream
+ */
+ if ((zfs_prop_encryption_key_param(prop) || prop ==
+ ZFS_PROP_ENCRYPTION) && !newfs && recursive && !raw) {
+ continue;
+ }
+
/* incremental streams can only exclude encryption properties */
if ((zfs_prop_encryption_key_param(prop) ||
prop == ZFS_PROP_ENCRYPTION) && !newfs &&
if (cp != NULL)
*cp = '\0';
- if (!raw && zfs_crypto_create(hdl, namebuf, voprops, NULL,
+ if (!raw && !(!newfs && recursive) &&
+ zfs_crypto_create(hdl, namebuf, voprops, NULL,
B_FALSE, wkeydata_out, wkeylen_out) != 0) {
fnvlist_free(voprops);
ret = zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf);
function cleanup
{
+ datasetexists $TESTPOOL/encrypted && \
+ destroy_dataset $TESTPOOL/encrypted -r
+
snapexists $snap && destroy_dataset $snap -f
snapexists $snap2 && destroy_dataset $snap2 -f
"parent key is unloaded"
log_mustnot eval "zfs send $snap | zfs receive $TESTPOOL/$TESTFS1/c4"
+# Verify that replication can override encryption properties
+log_note "Verifying replication can override encryption properties for plain dataset"
+typeset key_location="/$TESTPOOL/pkey1"
+log_must eval "echo $passphrase > $key_location"
+log_must eval "zfs send -R $snap2 | zfs recv -s -F -o encryption=on" \
+ "-o keyformat=passphrase -o keylocation=file://$key_location" \
+ "-o mountpoint=none $TESTPOOL/encrypted"
+log_must test "$(get_prop 'encryption' $TESTPOOL/encrypted)" != "off"
+log_must test "$(get_prop 'keyformat' $TESTPOOL/encrypted)" == "passphrase"
+log_must test "$(get_prop 'keylocation' $TESTPOOL/encrypted)" == "file://$key_location"
+
log_pass "ZFS can receive encrypted filesystems into child dataset"