Bug 262468
| Summary: | (13038) zfskeys_enable: encryption key file stored on ZFS not found during normal system startup | ||
|---|---|---|---|
| Product: | Base System | Reporter: | Graham Perrin <grahamperrin> |
| Component: | misc | Assignee: | Mateusz Piotrowski <0mp> |
| Status: | Closed FIXED | ||
| Severity: | Affects Some People | CC: | 0mp, fs |
| Priority: | --- | Flags: | 0mp:
mfc-stable13+
0mp: mfc-stable12- |
| Version: | 13.1-RELEASE | ||
| Hardware: | Any | ||
| OS: | Any | ||
| URL: | https://github.com/freebsd/freebsd-src/commit/33ff39796ffe469a764e485ac49c31700a51fd6f | ||
| See Also: |
https://github.com/openzfs/zfs/issues/13038 https://reviews.freebsd.org/D34601 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268162 |
||
|
Description
Graham Perrin
2022-03-10 14:26:30 UTC
Cross-reference <https://github.com/freebsd/freebsd-doc/commit/24f305c3c644baec1fe12c0ad34c4726ca68aacb#commitcomment-68634628> for release notes for 13.1. Is kern the proper component for this bug? freqlabs@ wrote (in the OpenZFS repo): > The zfskeys script and other zfs rc sripts are part of FreeBSD. … > You'll want to get in touch with whoever wrote that … I'll take a look at it. A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=97aeda2243568b386d792514996a06daec55eece commit 97aeda2243568b386d792514996a06daec55eece Author: Mateusz Piotrowski <0mp@FreeBSD.org> AuthorDate: 2022-03-18 12:35:16 +0000 Commit: Mateusz Piotrowski <0mp@FreeBSD.org> CommitDate: 2022-03-18 13:53:52 +0000 zfskeys: Support autoloading of keys stored on ZFS The zfskeys service script starts before the zfs service script, so that dataset decryption keys are available when `zfs mount -a` is run. One of the potential edge cases of this design is that if a key is stored on ZFS it won't be loaded until `zfs mount -a` is issued. In order to address that let's try to load the additional keys and mount related ZFS datasets after the zfs script finishes its standard mounting procedure. PR: 262468 Reported by: Graham Perrin <grahamperrin@gmail.com> Reviewed by: allanjude Approved by: allanjude (src) Fixes: 33ff39796ffe Add zfskeys rc.d script for auto-loading encryption keys MFC after: 3 days Sponsored by: Modirum Sponsored by: Klara Inc. Differential Revision: https://reviews.freebsd.org/D34601 libexec/rc/rc.d/zfs | 12 ++++++++++++ 1 file changed, 12 insertions(+) (In reply to commit-hook from comment #3) Thank you! Essentially: fixed. There remains a (debatably) spurious line reporting that the file is not found, before the file is found. From /var/log/console.log – the first of the lines at 08:14:59: ---- … Mar 19 08:08:07 mowa219-gjp4-8570p-freebsd kernel: Stopping devd. Mar 19 08:08:07 mowa219-gjp4-8570p-freebsd kernel: Waiting for PIDS: 81691. Mar 19 08:08:07 mowa219-gjp4-8570p-freebsd kernel: Writing entropy file: . Mar 19 08:08:07 mowa219-gjp4-8570p-freebsd kernel: Writing early boot entropy file: . Mar 19 08:14:59 mowa219-gjp4-8570p-freebsd kernel: Key file /usr/home/grahamperrin/Documents/personal/VirtualBox.key not found, empty or unreadable. Skipping Transcend/VirtualBox.. Mar 19 08:14:59 mowa219-gjp4-8570p-freebsd kernel: Loading key for Transcend/VirtualBox from file:///usr/home/grahamperrin/Documents/personal/VirtualBox.key.. Mar 19 08:14:59 mowa219-gjp4-8570p-freebsd kernel: Loading kernel modules: … ---- A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=2411090f69401998569f24144b08ffc050e3cebc commit 2411090f69401998569f24144b08ffc050e3cebc Author: Mateusz Piotrowski <0mp@FreeBSD.org> AuthorDate: 2022-03-18 12:35:16 +0000 Commit: Mateusz Piotrowski <0mp@FreeBSD.org> CommitDate: 2022-03-21 14:47:20 +0000 zfskeys: Support autoloading of keys stored on ZFS The zfskeys service script starts before the zfs service script, so that dataset decryption keys are available when `zfs mount -a` is run. One of the potential edge cases of this design is that if a key is stored on ZFS it won't be loaded until `zfs mount -a` is issued. In order to address that let's try to load the additional keys and mount related ZFS datasets after the zfs script finishes its standard mounting procedure. PR: 262468 Reported by: Graham Perrin <grahamperrin@gmail.com> Reviewed by: allanjude Approved by: allanjude (src) Fixes: 33ff39796ffe Add zfskeys rc.d script for auto-loading encryption keys MFC after: 3 days Sponsored by: Modirum Sponsored by: Klara Inc. Differential Revision: https://reviews.freebsd.org/D34601 (cherry picked from commit 97aeda2243568b386d792514996a06daec55eece) libexec/rc/rc.d/zfs | 12 ++++++++++++ 1 file changed, 12 insertions(+) A commit in branch releng/13.1 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=f23b24655f7cb3626d69f64f60b215a4870c3722 commit f23b24655f7cb3626d69f64f60b215a4870c3722 Author: Mateusz Piotrowski <0mp@FreeBSD.org> AuthorDate: 2022-03-18 12:35:16 +0000 Commit: Glen Barber <gjb@FreeBSD.org> CommitDate: 2022-03-23 20:27:44 +0000 zfskeys: Support autoloading of keys stored on ZFS The zfskeys service script starts before the zfs service script, so that dataset decryption keys are available when `zfs mount -a` is run. One of the potential edge cases of this design is that if a key is stored on ZFS it won't be loaded until `zfs mount -a` is issued. In order to address that let's try to load the additional keys and mount related ZFS datasets after the zfs script finishes its standard mounting procedure. PR: 262468 Reported by: Graham Perrin <grahamperrin@gmail.com> Reviewed by: allanjude Approved by: re (delphij) Approved by: allanjude (src) Fixes: 33ff39796ffe Add zfskeys rc.d script for auto-loading encryption keys Sponsored by: Modirum Sponsored by: Klara Inc. Differential Revision: https://reviews.freebsd.org/D34601 (cherry picked from commit 97aeda2243568b386d792514996a06daec55eece) (cherry picked from commit 2411090f69401998569f24144b08ffc050e3cebc) libexec/rc/rc.d/zfs | 12 ++++++++++++ 1 file changed, 12 insertions(+) |