xref: /freebsd/sys/contrib/openzfs/etc/init.d/zfs-load-key.in (revision 61145dc2b94f12f6a47344fb9aac702321880e43) 
1#!@DEFAULT_INIT_SHELL@
2# SPDX-License-Identifier: BSD-2-Clause
3# shellcheck disable=SC2154
4#
5# zfs-load-key  This script will load/unload the zfs filesystems keys.
6#
7# chkconfig:    2345 06 99
8# description:  This script will load or unload the zfs filesystems keys during
9#               system boot/shutdown. Only filesystems with key path set
10#               in keylocation property. See the zfs(8) man page for details.
11# probe: true
12#
13### BEGIN INIT INFO
14# Provides:          zfs-load-key
15# Required-Start:    $local_fs zfs-import
16# Required-Stop:     $local_fs zfs-import
17# Default-Start:     2 3 4 5
18# Default-Stop:      0 1 6
19# X-Start-Before:    zfs-mount
20# X-Stop-After:      zfs-zed
21# Short-Description: Load ZFS keys for filesystems and volumes
22# Description: Run the `zfs load-key` or `zfs unload-key` commands.
23### END INIT INFO
24#
25# Released under the 2-clause BSD license.
26#
27# This script is based on debian/zfsutils.zfs.init from the
28# Debian GNU/kFreeBSD zfsutils 8.1-3 package, written by Aurelien Jarno.
29
30# Source the common init script
31. @sysconfdir@/zfs/zfs-functions
32
33# ----------------------------------------------------
34
35do_depend()
36{
37	# bootmisc will log to /var which may be a different zfs than root.
38	before bootmisc logger zfs-mount
39
40	after zfs-import sysfs
41	keyword -lxc -openvz -prefix -vserver
42}
43
44# Load keys for all datasets/filesystems
45do_load_keys()
46{
47	zfs_log_begin_msg "Load ZFS filesystem(s) keys"
48
49	"$ZFS" list -Ho name,encryptionroot,keystatus,keylocation |
50	    while IFS="	" read -r name encryptionroot keystatus keylocation; do
51		if [ "$encryptionroot" != "-" ] &&
52			[ "$name" = "$encryptionroot" ] &&
53			[ "$keystatus" = "unavailable" ] &&
54			[ "$keylocation" != "prompt" ] &&
55			[ "$keylocation" != "none" ]
56		then
57			zfs_action "Load key for $encryptionroot" \
58			    "$ZFS" load-key "$encryptionroot"
59		fi
60	done
61
62	zfs_log_end_msg 0
63
64	return 0
65}
66
67# Unload keys for all datasets/filesystems
68do_unload_keys()
69{
70	zfs_log_begin_msg "Unload ZFS filesystem(s) key"
71
72	"$ZFS" list -Ho name,encryptionroot,keystatus | sed '1!G;h;$!d' |
73	    while IFS="	" read -r name encryptionroot keystatus; do
74		if [ "$encryptionroot" != "-" ] &&
75			[ "$name" = "$encryptionroot" ] &&
76			[ "$keystatus" = "available" ]
77		then
78			zfs_action "Unload key for $encryptionroot" \
79			    "$ZFS" unload-key "$encryptionroot"
80		fi
81	done
82
83	zfs_log_end_msg 0
84
85	return 0
86}
87
88do_start()
89{
90	check_boolean "$ZFS_LOAD_KEY" || exit 0
91
92	check_module_loaded "zfs" || exit 0
93
94	do_load_keys
95}
96
97do_stop()
98{
99	check_boolean "$ZFS_UNLOAD_KEY" || exit 0
100
101	check_module_loaded "zfs" || exit 0
102
103	do_unload_keys
104}
105
106# ----------------------------------------------------
107
108if @IS_SYSV_RC@
109then
110	case "$1" in
111		start)
112			do_start
113			;;
114		stop)
115			do_stop
116			;;
117		force-reload|condrestart|reload|restart|status)
118			# no-op
119			;;
120		*)
121			[ -n "$1" ] && echo "Error: Unknown command $1."
122			echo "Usage: $0 {start|stop}"
123			exit 3
124			;;
125	esac
126
127	exit $?
128else
129	# Create wrapper functions since Gentoo don't use the case part.
130	depend() { do_depend; }
131	start() { do_start; }
132	stop() { do_stop; }
133fi
134