From ff2f960b2492ecb3db6a2614251240a77874ab93 Mon Sep 17 00:00:00 2001 From: InsanePrawn Date: Mon, 9 Mar 2020 19:09:09 +0100 Subject: [PATCH] Systemd mount generator: don't fail keyload from file if already loaded Previously the generated keyload units for encryption roots with keylocation=file://* didn't contain the code to detect if the key was already loaded and would be marked failed in such situations. Move the code to check whether the key is already loaded from keylocation=prompt handling to general key loading code. Reviewed-by: Richard Laager Reviewed-by: Brian Behlendorf Signed-off-by: InsanePrawn Closes #10103 --- .../system-generators/zfs-mount-generator.in | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/etc/systemd/system-generators/zfs-mount-generator.in b/etc/systemd/system-generators/zfs-mount-generator.in index bb735112da..1478551805 100755 --- a/etc/systemd/system-generators/zfs-mount-generator.in +++ b/etc/systemd/system-generators/zfs-mount-generator.in @@ -151,13 +151,9 @@ process_line() { else keymountdep="RequiresMountsFor='${p_keyloc#file://}'" fi - keyloadcmd="@sbindir@/zfs load-key '${dataset}'" + keyloadscript="@sbindir@/zfs load-key \"${dataset}\"" elif [ "${p_keyloc}" = "prompt" ] ; then - keyloadcmd="\ -/bin/sh -c '\ -set -eu;\ -keystatus=\"\$\$(@sbindir@/zfs get -H -o value keystatus \"${dataset}\")\";\ -[ \"\$\$keystatus\" = \"unavailable\" ] || exit 0;\ + keyloadscript="\ count=0;\ while [ \$\$count -lt 3 ];do\ systemd-ask-password --id=\"zfs:${dataset}\"\ @@ -165,11 +161,19 @@ while [ \$\$count -lt 3 ];do\ @sbindir@/zfs load-key \"${dataset}\" && exit 0;\ count=\$\$((count + 1));\ done;\ -exit 1'" +exit 1" else printf 'zfs-mount-generator: (%s) invalid keylocation\n' \ "${dataset}" >/dev/kmsg fi + keyloadcmd="\ +/bin/sh -c '\ +set -eu;\ +keystatus=\"\$\$(@sbindir@/zfs get -H -o value keystatus \"${dataset}\")\";\ +[ \"\$\$keystatus\" = \"unavailable\" ] || exit 0;\ +${keyloadscript}'" + + # Generate the key-load .service unit #