diff options
| author | Archzfs Buildbot | 2018-08-18 12:32:20 +0000 |
|---|---|---|
| committer | Archzfs Buildbot | 2018-08-18 12:32:20 +0000 |
| commit | 231e1dfd496fc7b5c9a4787743cb96b207283ad0 (patch) | |
| tree | 7aaa3f4382994630693c75b5a8d019aa8f50e789 | |
| parent | c3b5823c352f16a6983d018fa651003e701de6b2 (diff) | |
| download | aur-231e1dfd496fc7b5c9a4787743cb96b207283ad0.tar.gz | |
Semi-automated update for latest git commit
| -rw-r--r-- | .SRCINFO | 9 | ||||
| -rw-r--r-- | PKGBUILD | 13 | ||||
| -rw-r--r-- | zfs-utils.initcpio.hook | 53 | ||||
| -rw-r--r-- | zfs-utils.initcpio.zfsencryptssh.install | 39 |
4 files changed, 98 insertions, 16 deletions
@@ -1,6 +1,6 @@ pkgbase = zfs-utils-common-git pkgdesc = Kernel module support files for the Zettabyte File System. - pkgver = 2018.08.03.r4665.gc8c308362 + pkgver = 2018.08.17.r4677.g802715b74 pkgrel = 1 url = http://zfsonlinux.org/ install = zfs-utils.install @@ -11,18 +11,21 @@ pkgbase = zfs-utils-common-git depends = python2 provides = zfs-utils conflicts = zfs-utils-common + conflicts = spl-utils-common conflicts = spl-utils-common-git replaces = spl-utils-common-git backup = etc/zfs/zed.d/zed.rc backup = etc/default/zfs - source = git+https://github.com/zfsonlinux/zfs.git#commit=c8c308362c2f0a43adbe21a44b3443a27d2c7ca9 + source = git+https://github.com/zfsonlinux/zfs.git#commit=802715b74a23a58d66028699a99eb141c85b7447 source = zfs-utils.bash-completion-r1 source = zfs-utils.initcpio.install source = zfs-utils.initcpio.hook + source = zfs-utils.initcpio.zfsencryptssh.install sha256sums = SKIP sha256sums = b60214f70ffffb62ffe489cbfabd2e069d14ed2a391fac0e36f914238394b540 sha256sums = 335e309ebf5b74fd8956f5e8805939c37d4008b0bcc3b00be6e7ef1d5b7c1669 - sha256sums = 3eb874cf2cbb6c6a0e1c11a98af54f682d6225667af944b43435aeabafa0112f + sha256sums = 60ca3ce382c404c1c97873d6a352d0e99b28e948fde4e3f67d92e05f6eb216f0 + sha256sums = 29080a84e5d7e36e63c4412b98646043724621245b36e5288f5fed6914da5b68 pkgname = zfs-utils-common-git @@ -7,26 +7,28 @@ # pkgname="zfs-utils-common-git" -pkgver=2018.08.03.r4665.gc8c308362 +pkgver=2018.08.17.r4677.g802715b74 pkgrel=1 pkgdesc="Kernel module support files for the Zettabyte File System." depends=("python2") makedepends=("git") arch=("x86_64") url="http://zfsonlinux.org/" -source=("git+https://github.com/zfsonlinux/zfs.git#commit=c8c308362c2f0a43adbe21a44b3443a27d2c7ca9" +source=("git+https://github.com/zfsonlinux/zfs.git#commit=802715b74a23a58d66028699a99eb141c85b7447" "zfs-utils.bash-completion-r1" "zfs-utils.initcpio.install" - "zfs-utils.initcpio.hook") + "zfs-utils.initcpio.hook" + "zfs-utils.initcpio.zfsencryptssh.install") sha256sums=("SKIP" "b60214f70ffffb62ffe489cbfabd2e069d14ed2a391fac0e36f914238394b540" "335e309ebf5b74fd8956f5e8805939c37d4008b0bcc3b00be6e7ef1d5b7c1669" - "3eb874cf2cbb6c6a0e1c11a98af54f682d6225667af944b43435aeabafa0112f") + "60ca3ce382c404c1c97873d6a352d0e99b28e948fde4e3f67d92e05f6eb216f0" + "29080a84e5d7e36e63c4412b98646043724621245b36e5288f5fed6914da5b68") license=("CDDL") groups=("archzfs-linux-git") provides=("zfs-utils") install=zfs-utils.install -conflicts=('zfs-utils-common' 'spl-utils-common-git') +conflicts=('zfs-utils-common' 'spl-utils-common' 'spl-utils-common-git') replaces=("spl-utils-common-git") backup=('etc/zfs/zed.d/zed.rc' 'etc/default/zfs') @@ -57,5 +59,6 @@ package() { # Install the support files install -D -m644 "${srcdir}"/zfs-utils.initcpio.hook "${pkgdir}"/usr/lib/initcpio/hooks/zfs install -D -m644 "${srcdir}"/zfs-utils.initcpio.install "${pkgdir}"/usr/lib/initcpio/install/zfs + install -D -m644 "${srcdir}"/zfs-utils.initcpio.zfsencryptssh.install "${pkgdir}"/usr/lib/initcpio/install/zfsencryptssh install -D -m644 "${srcdir}"/zfs-utils.bash-completion-r1 "${pkgdir}"/usr/share/bash-completion/completions/zfs } diff --git a/zfs-utils.initcpio.hook b/zfs-utils.initcpio.hook index e2f23d1009f2..bf9c6dc252f5 100644 --- a/zfs-utils.initcpio.hook +++ b/zfs-utils.initcpio.hook @@ -36,14 +36,22 @@ zfs_decrypt_fs() { # check if key is already loaded [ "$(zfs get -H -o value keystatus "${dataset}")" != "available" ] || return 0 - + # get the encryption root encryptionroot=$(zfs get -H -o value encryptionroot "${dataset}") - # loop until we get the correct password - while ! eval zfs load-key "${encryptionroot}"; do + # export encription root to be used by other hooks (SSH) + echo "${encryptionroot}" > /.encryptionroot + + # loop until we get the correct password or key is unlocked by another vector (SSH for instance) + while [ "$(zfs get -H -o value keystatus "${encryptionroot}")" != "available" ] && + ! eval zfs load-key "${encryptionroot}"; do sleep 2 done + + if [ -f /.encryptionroot ]; then + rm /.encryptionroot + fi } zfs_mount_handler () { @@ -103,12 +111,17 @@ zfs_mount_handler () { done } -run_hook() { +set_flags() { # Force import the pools, useful if the pool has not properly been exported using 'zpool export <pool>' [ ! "${zfs_force}" = "" ] && ZPOOL_FORCE="-f" # Add import directory to import command flags [ ! "${zfs_import_dir}" = "" ] && ZPOOL_IMPORT_FLAGS="${ZPOOL_IMPORT_FLAGS} -d ${zfs_import_dir}" + [ "${zfs_import_dir}" = "" ] && [ -f /etc/zfs/zpool.cache ] && ZPOOL_IMPORT_FLAGS="${ZPOOL_IMPORT_FLAGS} -c /etc/zfs/zpool.cache" +} + +run_hook() { + set_flags # Wait 15 seconds for ZFS devices to show up [ "${zfs_wait}" = "" ] && ZFS_WAIT="15" || ZFS_WAIT="${zfs_wait}" @@ -132,22 +145,46 @@ run_hook() { auto|bootfs) ZFS_DATASET="bootfs" mount_handler="zfs_mount_handler" + local pool="[a-zA-Z][^ ]*" ;; *) ZFS_DATASET="${zfs}" mount_handler="zfs_mount_handler" + local pool="${ZFS_DATASET%%/*}" ;; esac - # Allow up to n seconds for zfs device to show up - for i in $(seq 1 ${ZFS_WAIT}); do - [ -c "/dev/zfs" ] && break + # Allow at least n seconds for zfs device to show up. Especially + # when using zfs_import_dir instead of zpool.cache, the listing of + # available pools can be slow, so this loop must be top-tested to + # ensure we do one 'zpool import' pass after the timer has expired. + sleep ${ZFS_WAIT} & pid=$! + local break_after=0 + while :; do + kill -0 $pid > /dev/null 2>&1 || break_after=1 + if [ -c "/dev/zfs" ]; then + zpool import ${ZPOOL_IMPORT_FLAGS} | awk " + BEGIN { pool_found=0; online=0; unavail=0 } + /^ ${pool} .*/ { pool_found=1 } + /^\$/ { pool_found=0 } + /UNAVAIL/ { if (pool_found == 1) { unavail=1 } } + /ONLINE/ { if (pool_found == 1) { online=1 } } + END { if (online == 1 && unavail != 1) + { exit 0 } + else + { exit 1 } + }" && break + fi + [ $break_after == 1 ] && break sleep 1 done + kill $pid > /dev/null 2>&1 } run_latehook () { - zpool import -N -a ${ZPOOL_FORCE} + set_flags + # only run zpool import, if flags were set (cache file found / zfs_import_dir specified) + [ ! "${ZPOOL_IMPORT_FLAGS}" = "" ] && zpool import ${ZPOOL_IMPORT_FLAGS} -N -a ${ZPOOL_FORCE} } # vim:set ts=4 sw=4 ft=sh et: diff --git a/zfs-utils.initcpio.zfsencryptssh.install b/zfs-utils.initcpio.zfsencryptssh.install new file mode 100644 index 000000000000..e0ef04beabfe --- /dev/null +++ b/zfs-utils.initcpio.zfsencryptssh.install @@ -0,0 +1,39 @@ +#!/bin/bash + +make_etc_passwd() { + echo 'root:x:0:0:root:/root:/bin/zfsdecrypt_shell' > "${BUILDROOT}"/etc/passwd + echo '/bin/zfsdecrypt_shell' > "${BUILDROOT}"/etc/shells +} + +make_zfsdecrypt_shell() { + decrypt_shell='#!/bin/sh +if [ -f "/.encryptionroot" ]; then + # source zfs hook functions + . /hooks/zfs + # decrypt bootfs + zfs_decrypt_fs "$(cat /.encryptionroot)" + # kill pending decryption attempt to allow the boot process to continue + killall zfs +else + echo "ZFS is not ready yet. Please wait!" +fi' + printf '%s' "$decrypt_shell" > "${BUILDROOT}"/bin/zfsdecrypt_shell + chmod a+x "${BUILDROOT}"/bin/zfsdecrypt_shell +} + +build () +{ + make_etc_passwd + make_zfsdecrypt_shell +} + +help () +{ + cat<<HELPEOF +This hook is meant to be used in conjunction with mkinitcpio-dropbear, +mkinitcpio-netconf and/ormkinitcpio-ppp. This will provide a way to unlock +your encrypted ZFS root filesystem remotely. +HELPEOF +} + +# vim: set ts=4 sw=4 ft=sh et: |