| Git Clone URL: | https://aur.archlinux.org/zfs-utils.git (read-only, click to copy) |
|---|---|
| Package Base: | zfs-utils |
| Description: | Userspace utilities for the Zettabyte File System. |
| Upstream URL: | https://zfsonlinux.org/ |
| Licenses: | CDDL |
| Submitter: | eschwartz |
| Maintainer: | kstolp |
| Last Packager: | kstolp |
| Votes: | 74 |
| Popularity: | 1.36 |
| First Submitted: | 2018-10-28 22:49 (UTC) |
| Last Updated: | 2025-05-03 09:40 (UTC) |
@timemaster
This code sets zfsdecrypt_shell as root's shell inside boot initcpio. So when you connect to the machine via SSH as root during boot, you'll be presented with ZFS encryption unlock prompt. Thus, you unlock the encrypted dataset in order to continue the boot process.
You may read about Generate new checksums on Arch Wiki.
Security issue/question : could someone explain to me if this is safe ? \\ make_etc_passwd() { echo 'root:x:0:0:root:/root:/bin/zfsdecrypt_shell' >> "${BUILDROOT}"/etc/passwd echo '/bin/zfsdecrypt_shell' > "${BUILDROOT}"/etc/shells }\\ from the zfs.initcpio.zfsencryptssh.install of this package ? Myabe it's a hack/workaround, but it does not looks proper.
if I disable the code when building locally, I end up failing the PGK signature check and the build fail. Thanks !
I can't get the source to build aarch64 either. Might raise upstream if ./configure can't be tweaked here
I'm having the same problem. Can you make CARCH=aarch64 build aarch64 binaries please?
My build server made an aarch64 package and bricked my raspberry pi zfs rootfs because its initramfs tried to use /sbin/zpool but that was actually an x86_64 binary not aarch64.
This package needs to package the architecture its been asked to or fail. Not put bad binaries in.
CARCH=aarch64 makepkg packages an x86_64 binary inside the aarch64-named package which cannot be used by an aarch64 host.
@mikezackles, Thanks for the reminder. I've disabled its inclusion since no one commented about it since the last time it was brought up.
I see someone already mentioned that libunwind gets linked by default if present. Unless you want to add it as a package dependency, I think it'd be a good idea to disable it unconditionally by passing --without-libunwind to configure. (I got bitten by this adding this package to an iso.) Thanks for maintaining.
Thanks a bunch! :)
The zfsencryptssh hook has been added.
I also second adding the zfsencryptssh hook to this package. Both the -git and -rc zfs-utils packages on AUR include it and it would be awesome for all those of us that are migrating away from the now defunct archzfs repo.
Pinned Comments
eschwartz commented on 2020-12-27 22:43 (UTC)
@Win8Error,
This package doesn't support people who have failed to read the wiki page https://wiki.archlinux.org/index.php/Makepkg, or cannot interpret error messages.
eschwartz commented on 2019-10-16 03:49 (UTC)
aarch64 is not an officially supported architecture for this PKGBUILD, since I don't exactly test it on such architectures. It failing to work is therefore not very surprising.
I guess you can do any necessary followup in that upstream bug report, hopefully upstream can get it into a state of "working out of the box" so that makepkg --ignorearch works. But I'm not investing any of my own time in this...