1#!@DEFAULT_INIT_SHELL@ 2# shellcheck disable=SC2154 3# 4# zfs-load-key This script will load/unload the zfs filesystems keys. 5# 6# chkconfig: 2345 06 99 7# description: This script will load or unload the zfs filesystems keys during 8# system boot/shutdown. Only filesystems with key path set 9# in keylocation property. See the zfs(8) man page for details. 10# probe: true 11# 12### BEGIN INIT INFO 13# Provides: zfs-load-key 14# Required-Start: $local_fs zfs-import 15# Required-Stop: $local_fs zfs-import 16# Default-Start: 2 3 4 5 17# Default-Stop: 0 1 6 18# X-Start-Before: zfs-mount 19# X-Stop-After: zfs-zed 20# Short-Description: Load ZFS keys for filesystems and volumes 21# Description: Run the `zfs load-key` or `zfs unload-key` commands. 22### END INIT INFO 23# 24# Released under the 2-clause BSD license. 25# 26# This script is based on debian/zfsutils.zfs.init from the 27# Debian GNU/kFreeBSD zfsutils 8.1-3 package, written by Aurelien Jarno. 28 29# Source the common init script 30. @sysconfdir@/zfs/zfs-functions 31 32# ---------------------------------------------------- 33 34do_depend() 35{ 36 # bootmisc will log to /var which may be a different zfs than root. 37 before bootmisc logger zfs-mount 38 39 after zfs-import sysfs 40 keyword -lxc -openvz -prefix -vserver 41} 42 43# Load keys for all datasets/filesystems 44do_load_keys() 45{ 46 zfs_log_begin_msg "Load ZFS filesystem(s) keys" 47 48 "$ZFS" list -Ho name,encryptionroot,keystatus,keylocation | 49 while IFS=" " read -r name encryptionroot keystatus keylocation; do 50 if [ "$encryptionroot" != "-" ] && 51 [ "$name" = "$encryptionroot" ] && 52 [ "$keystatus" = "unavailable" ] && 53 [ "$keylocation" != "prompt" ] && 54 [ "$keylocation" != "none" ] 55 then 56 zfs_action "Load key for $encryptionroot" \ 57 "$ZFS" load-key "$encryptionroot" 58 fi 59 done 60 61 zfs_log_end_msg 0 62 63 return 0 64} 65 66# Unload keys for all datasets/filesystems 67do_unload_keys() 68{ 69 zfs_log_begin_msg "Unload ZFS filesystem(s) key" 70 71 "$ZFS" list -Ho name,encryptionroot,keystatus | sed '1!G;h;$!d' | 72 while IFS=" " read -r name encryptionroot keystatus; do 73 if [ "$encryptionroot" != "-" ] && 74 [ "$name" = "$encryptionroot" ] && 75 [ "$keystatus" = "available" ] 76 then 77 zfs_action "Unload key for $encryptionroot" \ 78 "$ZFS" unload-key "$encryptionroot" 79 fi 80 done 81 82 zfs_log_end_msg 0 83 84 return 0 85} 86 87do_start() 88{ 89 check_boolean "$ZFS_LOAD_KEY" || exit 0 90 91 check_module_loaded "zfs" || exit 0 92 93 do_load_keys 94} 95 96do_stop() 97{ 98 check_boolean "$ZFS_UNLOAD_KEY" || exit 0 99 100 check_module_loaded "zfs" || exit 0 101 102 do_unload_keys 103} 104 105# ---------------------------------------------------- 106 107if [ ! -e /sbin/openrc-run ] 108then 109 case "$1" in 110 start) 111 do_start 112 ;; 113 stop) 114 do_stop 115 ;; 116 force-reload|condrestart|reload|restart|status) 117 # no-op 118 ;; 119 *) 120 [ -n "$1" ] && echo "Error: Unknown command $1." 121 echo "Usage: $0 {start|stop}" 122 exit 3 123 ;; 124 esac 125 126 exit $? 127else 128 # Create wrapper functions since Gentoo don't use the case part. 129 depend() { do_depend; } 130 start() { do_start; } 131 stop() { do_stop; } 132fi 133