diff options
author | Archzfs Buildbot | 2018-08-18 12:32:27 +0000 |
---|---|---|
committer | Archzfs Buildbot | 2018-08-18 12:32:27 +0000 |
commit | 9cc4bcd561d60ee12db6a73cc4d20e9d2207a588 (patch) | |
tree | fc0021dab8b9437dd3c87df7385c5fa95097f038 | |
parent | 3495a0d0cbc6c608551bb8a82459e410d96c6a40 (diff) | |
download | aur-9cc4bcd561d60ee12db6a73cc4d20e9d2207a588.tar.gz |
Semi-automated update for zfs 0.7.9
-rw-r--r-- | PKGBUILD | 7 | ||||
-rw-r--r-- | zfs-utils.initcpio.hook | 53 | ||||
-rw-r--r-- | zfs-utils.initcpio.zfsencryptssh.install | 39 |
3 files changed, 89 insertions, 10 deletions
@@ -17,11 +17,13 @@ url="http://zfsonlinux.org/" source=("https://github.com/zfsonlinux/zfs/releases/download/zfs-0.7.9/zfs-0.7.9.tar.gz" "zfs-utils.bash-completion-r1" "zfs-utils.initcpio.install" - "zfs-utils.initcpio.hook") + "zfs-utils.initcpio.hook" + "zfs-utils.initcpio.zfsencryptssh.install") sha256sums=("f50ca2441c6abde4fe6b9f54d5583a45813031d6bb72b0011b00fc2683cd9f7a" "b60214f70ffffb62ffe489cbfabd2e069d14ed2a391fac0e36f914238394b540" "335e309ebf5b74fd8956f5e8805939c37d4008b0bcc3b00be6e7ef1d5b7c1669" - "3eb874cf2cbb6c6a0e1c11a98af54f682d6225667af944b43435aeabafa0112f") + "60ca3ce382c404c1c97873d6a352d0e99b28e948fde4e3f67d92e05f6eb216f0" + "29080a84e5d7e36e63c4412b98646043724621245b36e5288f5fed6914da5b68") license=("CDDL") groups=("archzfs-linux") provides=("zfs-utils") @@ -57,5 +59,6 @@ package() { # Install the support files install -D -m644 "${srcdir}"/zfs-utils.initcpio.hook "${pkgdir}"/usr/lib/initcpio/hooks/zfs install -D -m644 "${srcdir}"/zfs-utils.initcpio.install "${pkgdir}"/usr/lib/initcpio/install/zfs + install -D -m644 "${srcdir}"/zfs-utils.initcpio.zfsencryptssh.install "${pkgdir}"/usr/lib/initcpio/install/zfsencryptssh install -D -m644 "${srcdir}"/zfs-utils.bash-completion-r1 "${pkgdir}"/usr/share/bash-completion/completions/zfs } diff --git a/zfs-utils.initcpio.hook b/zfs-utils.initcpio.hook index e2f23d1009f2..bf9c6dc252f5 100644 --- a/zfs-utils.initcpio.hook +++ b/zfs-utils.initcpio.hook @@ -36,14 +36,22 @@ zfs_decrypt_fs() { # check if key is already loaded [ "$(zfs get -H -o value keystatus "${dataset}")" != "available" ] || return 0 - + # get the encryption root encryptionroot=$(zfs get -H -o value encryptionroot "${dataset}") - # loop until we get the correct password - while ! eval zfs load-key "${encryptionroot}"; do + # export encription root to be used by other hooks (SSH) + echo "${encryptionroot}" > /.encryptionroot + + # loop until we get the correct password or key is unlocked by another vector (SSH for instance) + while [ "$(zfs get -H -o value keystatus "${encryptionroot}")" != "available" ] && + ! eval zfs load-key "${encryptionroot}"; do sleep 2 done + + if [ -f /.encryptionroot ]; then + rm /.encryptionroot + fi } zfs_mount_handler () { @@ -103,12 +111,17 @@ zfs_mount_handler () { done } -run_hook() { +set_flags() { # Force import the pools, useful if the pool has not properly been exported using 'zpool export <pool>' [ ! "${zfs_force}" = "" ] && ZPOOL_FORCE="-f" # Add import directory to import command flags [ ! "${zfs_import_dir}" = "" ] && ZPOOL_IMPORT_FLAGS="${ZPOOL_IMPORT_FLAGS} -d ${zfs_import_dir}" + [ "${zfs_import_dir}" = "" ] && [ -f /etc/zfs/zpool.cache ] && ZPOOL_IMPORT_FLAGS="${ZPOOL_IMPORT_FLAGS} -c /etc/zfs/zpool.cache" +} + +run_hook() { + set_flags # Wait 15 seconds for ZFS devices to show up [ "${zfs_wait}" = "" ] && ZFS_WAIT="15" || ZFS_WAIT="${zfs_wait}" @@ -132,22 +145,46 @@ run_hook() { auto|bootfs) ZFS_DATASET="bootfs" mount_handler="zfs_mount_handler" + local pool="[a-zA-Z][^ ]*" ;; *) ZFS_DATASET="${zfs}" mount_handler="zfs_mount_handler" + local pool="${ZFS_DATASET%%/*}" ;; esac - # Allow up to n seconds for zfs device to show up - for i in $(seq 1 ${ZFS_WAIT}); do - [ -c "/dev/zfs" ] && break + # Allow at least n seconds for zfs device to show up. Especially + # when using zfs_import_dir instead of zpool.cache, the listing of + # available pools can be slow, so this loop must be top-tested to + # ensure we do one 'zpool import' pass after the timer has expired. + sleep ${ZFS_WAIT} & pid=$! + local break_after=0 + while :; do + kill -0 $pid > /dev/null 2>&1 || break_after=1 + if [ -c "/dev/zfs" ]; then + zpool import ${ZPOOL_IMPORT_FLAGS} | awk " + BEGIN { pool_found=0; online=0; unavail=0 } + /^ ${pool} .*/ { pool_found=1 } + /^\$/ { pool_found=0 } + /UNAVAIL/ { if (pool_found == 1) { unavail=1 } } + /ONLINE/ { if (pool_found == 1) { online=1 } } + END { if (online == 1 && unavail != 1) + { exit 0 } + else + { exit 1 } + }" && break + fi + [ $break_after == 1 ] && break sleep 1 done + kill $pid > /dev/null 2>&1 } run_latehook () { - zpool import -N -a ${ZPOOL_FORCE} + set_flags + # only run zpool import, if flags were set (cache file found / zfs_import_dir specified) + [ ! "${ZPOOL_IMPORT_FLAGS}" = "" ] && zpool import ${ZPOOL_IMPORT_FLAGS} -N -a ${ZPOOL_FORCE} } # vim:set ts=4 sw=4 ft=sh et: diff --git a/zfs-utils.initcpio.zfsencryptssh.install b/zfs-utils.initcpio.zfsencryptssh.install new file mode 100644 index 000000000000..e0ef04beabfe --- /dev/null +++ b/zfs-utils.initcpio.zfsencryptssh.install @@ -0,0 +1,39 @@ +#!/bin/bash + +make_etc_passwd() { + echo 'root:x:0:0:root:/root:/bin/zfsdecrypt_shell' > "${BUILDROOT}"/etc/passwd + echo '/bin/zfsdecrypt_shell' > "${BUILDROOT}"/etc/shells +} + +make_zfsdecrypt_shell() { + decrypt_shell='#!/bin/sh +if [ -f "/.encryptionroot" ]; then + # source zfs hook functions + . /hooks/zfs + # decrypt bootfs + zfs_decrypt_fs "$(cat /.encryptionroot)" + # kill pending decryption attempt to allow the boot process to continue + killall zfs +else + echo "ZFS is not ready yet. Please wait!" +fi' + printf '%s' "$decrypt_shell" > "${BUILDROOT}"/bin/zfsdecrypt_shell + chmod a+x "${BUILDROOT}"/bin/zfsdecrypt_shell +} + +build () +{ + make_etc_passwd + make_zfsdecrypt_shell +} + +help () +{ + cat<<HELPEOF +This hook is meant to be used in conjunction with mkinitcpio-dropbear, +mkinitcpio-netconf and/ormkinitcpio-ppp. This will provide a way to unlock +your encrypted ZFS root filesystem remotely. +HELPEOF +} + +# vim: set ts=4 sw=4 ft=sh et: |