[Bug 262468] (13038) zfskeys_enable: encryption key not loaded for a file system within a pool that imports automatically at startup

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 262468] (13038) zfskeys_enable: encryption key not loaded for a file system within a pool that imports automatically at startup"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 18 Mar 2022 13:55:57 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262468

--- Comment #3 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=97aeda2243568b386d792514996a06daec55eece

commit 97aeda2243568b386d792514996a06daec55eece
Author:     Mateusz Piotrowski <0mp@FreeBSD.org>
AuthorDate: 2022-03-18 12:35:16 +0000
Commit:     Mateusz Piotrowski <0mp@FreeBSD.org>
CommitDate: 2022-03-18 13:53:52 +0000

    zfskeys: Support autoloading of keys stored on ZFS

    The zfskeys service script starts before the zfs service script, so that
    dataset decryption keys are available when `zfs mount -a` is run. One of
    the potential edge cases of this design is that if a key is stored on
    ZFS it won't be loaded until `zfs mount -a` is issued.

    In order to address that let's try to load the additional keys and mount
    related ZFS datasets after the zfs script finishes its standard mounting
    procedure.

    PR:             262468
    Reported by:    Graham Perrin <grahamperrin@gmail.com>
    Reviewed by:    allanjude
    Approved by:    allanjude (src)
    Fixes:  33ff39796ffe Add zfskeys rc.d script for auto-loading encryption
keys
    MFC after:      3 days
    Sponsored by:   Modirum
    Sponsored by:   Klara Inc.
    Differential Revision: https://reviews.freebsd.org/D34601

 libexec/rc/rc.d/zfs | 12 ++++++++++++
 1 file changed, 12 insertions(+)

-- 
You are receiving this mail because:
You are on the CC list for the bug.