From 4bc401b30f0de084219b09cf314c747506862671 Mon Sep 17 00:00:00 2001 From: InsanePrawn Date: Mon, 9 Mar 2020 19:09:09 +0100 Subject: [PATCH] Systemd mount generator: don't fail keyload from file if already loaded Previously the generated keyload units for encryption roots with keylocation=file://* didn't contain the code to detect if the key was already loaded and would be marked failed in such situations. Move the code to check whether the key is already loaded from keylocation=prompt handling to general key loading code. Reviewed-by: Richard Laager Reviewed-by: Brian Behlendorf Signed-off-by: InsanePrawn Closes #10103 --- .../system-generators/zfs-mount-generator.in | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/etc/systemd/system-generators/zfs-mount-generator.in b/etc/systemd/system-generators/zfs-mount-generator.in index bb735112da..1478551805 100755 --- a/etc/systemd/system-generators/zfs-mount-generator.in +++ b/etc/systemd/system-generators/zfs-mount-generator.in @@ -151,13 +151,9 @@ process_line() { else keymountdep="RequiresMountsFor='${p_keyloc#file://}'" fi - keyloadcmd="@sbindir@/zfs load-key '${dataset}'" + keyloadscript="@sbindir@/zfs load-key \"${dataset}\"" elif [ "${p_keyloc}" = "prompt" ] ; then - keyloadcmd="\ -/bin/sh -c '\ -set -eu;\ -keystatus=\"\$\$(@sbindir@/zfs get -H -o value keystatus \"${dataset}\")\";\ -[ \"\$\$keystatus\" = \"unavailable\" ] || exit 0;\ + keyloadscript="\ count=0;\ while [ \$\$count -lt 3 ];do\ systemd-ask-password --id=\"zfs:${dataset}\"\ @@ -165,11 +161,19 @@ while [ \$\$count -lt 3 ];do\ @sbindir@/zfs load-key \"${dataset}\" && exit 0;\ count=\$\$((count + 1));\ done;\ -exit 1'" +exit 1" else printf 'zfs-mount-generator: (%s) invalid keylocation\n' \ "${dataset}" >/dev/kmsg fi + keyloadcmd="\ +/bin/sh -c '\ +set -eu;\ +keystatus=\"\$\$(@sbindir@/zfs get -H -o value keystatus \"${dataset}\")\";\ +[ \"\$\$keystatus\" = \"unavailable\" ] || exit 0;\ +${keyloadscript}'" + + # Generate the key-load .service unit #