xref: /freebsd/sys/contrib/openzfs/etc/init.d/zfs-load-key.in (revision 02e9120893770924227138ba49df1edb3896112a) 
1#!@DEFAULT_INIT_SHELL@
2# shellcheck disable=SC2154
3#
4# zfs-load-key  This script will load/unload the zfs filesystems keys.
5#
6# chkconfig:    2345 06 99
7# description:  This script will load or unload the zfs filesystems keys during
8#               system boot/shutdown. Only filesystems with key path set
9#               in keylocation property. See the zfs(8) man page for details.
10# probe: true
11#
12### BEGIN INIT INFO
13# Provides:          zfs-load-key
14# Required-Start:    $local_fs zfs-import
15# Required-Stop:     $local_fs zfs-import
16# Default-Start:     2 3 4 5
17# Default-Stop:      0 1 6
18# X-Start-Before:    zfs-mount
19# X-Stop-After:      zfs-zed
20# Short-Description: Load ZFS keys for filesystems and volumes
21# Description: Run the `zfs load-key` or `zfs unload-key` commands.
22### END INIT INFO
23#
24# Released under the 2-clause BSD license.
25#
26# This script is based on debian/zfsutils.zfs.init from the
27# Debian GNU/kFreeBSD zfsutils 8.1-3 package, written by Aurelien Jarno.
28
29# Source the common init script
30. @sysconfdir@/zfs/zfs-functions
31
32# ----------------------------------------------------
33
34do_depend()
35{
36	# bootmisc will log to /var which may be a different zfs than root.
37	before bootmisc logger zfs-mount
38
39	after zfs-import sysfs
40	keyword -lxc -openvz -prefix -vserver
41}
42
43# Load keys for all datasets/filesystems
44do_load_keys()
45{
46	zfs_log_begin_msg "Load ZFS filesystem(s) keys"
47
48	"$ZFS" list -Ho name,encryptionroot,keystatus,keylocation |
49	    while IFS="	" read -r name encryptionroot keystatus keylocation; do
50		if [ "$encryptionroot" != "-" ] &&
51			[ "$name" = "$encryptionroot" ] &&
52			[ "$keystatus" = "unavailable" ] &&
53			[ "$keylocation" != "prompt" ] &&
54			[ "$keylocation" != "none" ]
55		then
56			zfs_action "Load key for $encryptionroot" \
57			    "$ZFS" load-key "$encryptionroot"
58		fi
59	done
60
61	zfs_log_end_msg 0
62
63	return 0
64}
65
66# Unload keys for all datasets/filesystems
67do_unload_keys()
68{
69	zfs_log_begin_msg "Unload ZFS filesystem(s) key"
70
71	"$ZFS" list -Ho name,encryptionroot,keystatus | sed '1!G;h;$!d' |
72	    while IFS="	" read -r name encryptionroot keystatus; do
73		if [ "$encryptionroot" != "-" ] &&
74			[ "$name" = "$encryptionroot" ] &&
75			[ "$keystatus" = "available" ]
76		then
77			zfs_action "Unload key for $encryptionroot" \
78			    "$ZFS" unload-key "$encryptionroot"
79		fi
80	done
81
82	zfs_log_end_msg 0
83
84	return 0
85}
86
87do_start()
88{
89	check_boolean "$ZFS_LOAD_KEY" || exit 0
90
91	check_module_loaded "zfs" || exit 0
92
93	do_load_keys
94}
95
96do_stop()
97{
98	check_boolean "$ZFS_UNLOAD_KEY" || exit 0
99
100	check_module_loaded "zfs" || exit 0
101
102	do_unload_keys
103}
104
105# ----------------------------------------------------
106
107if [ ! -e /sbin/openrc-run ]
108then
109	case "$1" in
110		start)
111			do_start
112			;;
113		stop)
114			do_stop
115			;;
116		force-reload|condrestart|reload|restart|status)
117			# no-op
118			;;
119		*)
120			[ -n "$1" ] && echo "Error: Unknown command $1."
121			echo "Usage: $0 {start|stop}"
122			exit 3
123			;;
124	esac
125
126	exit $?
127else
128	# Create wrapper functions since Gentoo don't use the case part.
129	depend() { do_depend; }
130	start() { do_start; }
131	stop() { do_stop; }
132fi
133