1681ce946SMartin Matuska#!@DEFAULT_INIT_SHELL@ 2e92ffd9bSMartin Matuska# shellcheck disable=SC2154 3681ce946SMartin Matuska# 4681ce946SMartin Matuska# zfs-load-key This script will load/unload the zfs filesystems keys. 5681ce946SMartin Matuska# 6681ce946SMartin Matuska# chkconfig: 2345 06 99 7681ce946SMartin Matuska# description: This script will load or unload the zfs filesystems keys during 8681ce946SMartin Matuska# system boot/shutdown. Only filesystems with key path set 9681ce946SMartin Matuska# in keylocation property. See the zfs(8) man page for details. 10681ce946SMartin Matuska# probe: true 11681ce946SMartin Matuska# 12681ce946SMartin Matuska### BEGIN INIT INFO 13681ce946SMartin Matuska# Provides: zfs-load-key 14681ce946SMartin Matuska# Required-Start: $local_fs zfs-import 15681ce946SMartin Matuska# Required-Stop: $local_fs zfs-import 16681ce946SMartin Matuska# Default-Start: 2 3 4 5 17681ce946SMartin Matuska# Default-Stop: 0 1 6 18681ce946SMartin Matuska# X-Start-Before: zfs-mount 19681ce946SMartin Matuska# X-Stop-After: zfs-zed 20681ce946SMartin Matuska# Short-Description: Load ZFS keys for filesystems and volumes 21681ce946SMartin Matuska# Description: Run the `zfs load-key` or `zfs unload-key` commands. 22681ce946SMartin Matuska### END INIT INFO 23681ce946SMartin Matuska# 24681ce946SMartin Matuska# Released under the 2-clause BSD license. 25681ce946SMartin Matuska# 26681ce946SMartin Matuska# This script is based on debian/zfsutils.zfs.init from the 27681ce946SMartin Matuska# Debian GNU/kFreeBSD zfsutils 8.1-3 package, written by Aurelien Jarno. 28681ce946SMartin Matuska 29681ce946SMartin Matuska# Source the common init script 30681ce946SMartin Matuska. @sysconfdir@/zfs/zfs-functions 31681ce946SMartin Matuska 32681ce946SMartin Matuska# ---------------------------------------------------- 33681ce946SMartin Matuska 34681ce946SMartin Matuskado_depend() 35681ce946SMartin Matuska{ 36681ce946SMartin Matuska # bootmisc will log to /var which may be a different zfs than root. 37681ce946SMartin Matuska before bootmisc logger zfs-mount 38681ce946SMartin Matuska 39681ce946SMartin Matuska after zfs-import sysfs 40681ce946SMartin Matuska keyword -lxc -openvz -prefix -vserver 41681ce946SMartin Matuska} 42681ce946SMartin Matuska 43681ce946SMartin Matuska# Load keys for all datasets/filesystems 44681ce946SMartin Matuskado_load_keys() 45681ce946SMartin Matuska{ 46681ce946SMartin Matuska zfs_log_begin_msg "Load ZFS filesystem(s) keys" 47681ce946SMartin Matuska 48681ce946SMartin Matuska "$ZFS" list -Ho name,encryptionroot,keystatus,keylocation | 49681ce946SMartin Matuska while IFS=" " read -r name encryptionroot keystatus keylocation; do 50681ce946SMartin Matuska if [ "$encryptionroot" != "-" ] && 51681ce946SMartin Matuska [ "$name" = "$encryptionroot" ] && 52681ce946SMartin Matuska [ "$keystatus" = "unavailable" ] && 53681ce946SMartin Matuska [ "$keylocation" != "prompt" ] && 54681ce946SMartin Matuska [ "$keylocation" != "none" ] 55681ce946SMartin Matuska then 56681ce946SMartin Matuska zfs_action "Load key for $encryptionroot" \ 57681ce946SMartin Matuska "$ZFS" load-key "$encryptionroot" 58681ce946SMartin Matuska fi 59681ce946SMartin Matuska done 60681ce946SMartin Matuska 61681ce946SMartin Matuska zfs_log_end_msg 0 62681ce946SMartin Matuska 63681ce946SMartin Matuska return 0 64681ce946SMartin Matuska} 65681ce946SMartin Matuska 66681ce946SMartin Matuska# Unload keys for all datasets/filesystems 67681ce946SMartin Matuskado_unload_keys() 68681ce946SMartin Matuska{ 69681ce946SMartin Matuska zfs_log_begin_msg "Unload ZFS filesystem(s) key" 70681ce946SMartin Matuska 71681ce946SMartin Matuska "$ZFS" list -Ho name,encryptionroot,keystatus | sed '1!G;h;$!d' | 72681ce946SMartin Matuska while IFS=" " read -r name encryptionroot keystatus; do 73681ce946SMartin Matuska if [ "$encryptionroot" != "-" ] && 74681ce946SMartin Matuska [ "$name" = "$encryptionroot" ] && 75681ce946SMartin Matuska [ "$keystatus" = "available" ] 76681ce946SMartin Matuska then 77681ce946SMartin Matuska zfs_action "Unload key for $encryptionroot" \ 78681ce946SMartin Matuska "$ZFS" unload-key "$encryptionroot" 79681ce946SMartin Matuska fi 80681ce946SMartin Matuska done 81681ce946SMartin Matuska 82681ce946SMartin Matuska zfs_log_end_msg 0 83681ce946SMartin Matuska 84681ce946SMartin Matuska return 0 85681ce946SMartin Matuska} 86681ce946SMartin Matuska 87681ce946SMartin Matuskado_start() 88681ce946SMartin Matuska{ 89681ce946SMartin Matuska check_boolean "$ZFS_LOAD_KEY" || exit 0 90681ce946SMartin Matuska 91681ce946SMartin Matuska check_module_loaded "zfs" || exit 0 92681ce946SMartin Matuska 93681ce946SMartin Matuska do_load_keys 94681ce946SMartin Matuska} 95681ce946SMartin Matuska 96681ce946SMartin Matuskado_stop() 97681ce946SMartin Matuska{ 98681ce946SMartin Matuska check_boolean "$ZFS_UNLOAD_KEY" || exit 0 99681ce946SMartin Matuska 100681ce946SMartin Matuska check_module_loaded "zfs" || exit 0 101681ce946SMartin Matuska 102681ce946SMartin Matuska do_unload_keys 103681ce946SMartin Matuska} 104681ce946SMartin Matuska 105681ce946SMartin Matuska# ---------------------------------------------------- 106681ce946SMartin Matuska 107*1719886fSMartin Matuskaif @IS_SYSV_RC@ 108681ce946SMartin Matuskathen 109681ce946SMartin Matuska case "$1" in 110681ce946SMartin Matuska start) 111681ce946SMartin Matuska do_start 112681ce946SMartin Matuska ;; 113681ce946SMartin Matuska stop) 114681ce946SMartin Matuska do_stop 115681ce946SMartin Matuska ;; 116681ce946SMartin Matuska force-reload|condrestart|reload|restart|status) 117681ce946SMartin Matuska # no-op 118681ce946SMartin Matuska ;; 119681ce946SMartin Matuska *) 120681ce946SMartin Matuska [ -n "$1" ] && echo "Error: Unknown command $1." 121681ce946SMartin Matuska echo "Usage: $0 {start|stop}" 122681ce946SMartin Matuska exit 3 123681ce946SMartin Matuska ;; 124681ce946SMartin Matuska esac 125681ce946SMartin Matuska 126681ce946SMartin Matuska exit $? 127681ce946SMartin Matuskaelse 128681ce946SMartin Matuska # Create wrapper functions since Gentoo don't use the case part. 129681ce946SMartin Matuska depend() { do_depend; } 130681ce946SMartin Matuska start() { do_start; } 131681ce946SMartin Matuska stop() { do_stop; } 132681ce946SMartin Matuskafi 133