Bug 256483 - zfs doesn't automount encrypted datasets
Summary: zfs doesn't automount encrypted datasets
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: misc (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: Mateusz Piotrowski
URL:
Keywords:
: 259892 (view as bug list)
Depends on:
Blocks:
 
Reported: 2021-06-08 15:01 UTC by Justin Hibbits
Modified: 2021-12-06 09:58 UTC (History)
6 users (show)

See Also:


Attachments
Patch to add knob to rc.conf to automount zfs filesystems (1.08 KB, patch)
2021-06-11 22:26 UTC, David Schlachter
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Justin Hibbits freebsd_committer 2021-06-08 15:01:08 UTC
Since at least the import of ZoL/new OpenZFS, zfs has supported encrypted datasets, with password or file keys.  These can be mounted via 'zfs mount -l' or 'zfs load-key -a'.  This isn't automatically done at boot, but could be by adding the '-l' flag to the zfs mount command in the rc script.
Comment 1 David Schlachter 2021-06-11 22:26:03 UTC
Created attachment 225750 [details]
Patch to add knob to rc.conf to automount zfs filesystems

Here's a patch that adds a flag to rc.conf ("zfs_mount_encrypted") that, if enabled, will load keys and automount encrypted ZFS filesystems on boot. By default the option would be disabled to maintain existing behaviour. The patch also includes documentation for the rc.conf man page.
Comment 2 Alan Somers freebsd_committer 2021-06-11 22:36:27 UTC
Comment on attachment 225750 [details]
Patch to add knob to rc.conf to automount zfs filesystems

Does this work with both keylocations, prompt and file?
Comment 3 David Schlachter 2021-06-11 22:48:33 UTC
(In reply to Alan Somers from comment #2)

Good point! I tested this with a file key only. I imagine the desired behavior with passphrase would be to prompt at boot like when using GELI on root. I'll take a look at this tonight.
Comment 4 Graham Perrin 2021-06-12 00:48:11 UTC
Also: 

⚙ D30015 Add zfskeys script to /etc/rc.d for auto-loading zfs keys
<https://reviews.freebsd.org/D30015>
Comment 5 David Schlachter 2021-06-12 01:26:18 UTC
Comment on attachment 225750 [details]
Patch to add knob to rc.conf to automount zfs filesystems

(In reply to Graham Perrin from comment #4)

Yes, that looks much more complete! Once it's merged I think this issue should be closed.
Comment 7 Graham Perrin 2021-10-30 06:55:03 UTC
/libexec/rc/rc.d/zfskeys

– does not exist with my recently built FreeBSD 14.0-CURRENT. I'm confused. 


root@mowa219-gjp4-8570p-freebsd:~ # service zfskeys restart
zfskeys does not exist in /etc/rc.d or the local startup
directories (/usr/local/etc/rc.d), or is not executable
root@mowa219-gjp4-8570p-freebsd:~ # file /libexec/rc/rc.d/zfskeys
/libexec/rc/rc.d/zfskeys: cannot open `/libexec/rc/rc.d/zfskeys' (No such file or directory)
root@mowa219-gjp4-8570p-freebsd:~ # uname -aKU
FreeBSD mowa219-gjp4-8570p-freebsd 14.0-CURRENT FreeBSD 14.0-CURRENT #113 main-n250242-eab5358b908: Mon Oct 25 05:40:35 BST 2021     root@mowa219-gjp4-8570p-freebsd:/usr/obj/usr/src/amd64.amd64/sys/GENERIC-NODEBUG  amd64 1400039 1400039
root@mowa219-gjp4-8570p-freebsd:~ #
Comment 8 Graham Perrin 2021-10-30 07:11:47 UTC
(In reply to Graham Perrin from comment #7)

> /libexec/rc/rc.d/zfskeys
> 
> – does not exist with my recently built FreeBSD 14.0-CURRENT. 
> I'm confused. 

Sorry, PEBKAM above but still, I'm confused by the absence of zfskeys: 

% ls -hl /etc/rc.d/zfs*
-r-xr-xr-x  1 root  wheel   872B  1 Jan  2021 /etc/rc.d/zfs
-r-xr-xr-x  1 root  wheel   1.7K  1 Jan  2021 /etc/rc.d/zfsbe
-r-xr-xr-x  1 root  wheel   209B  1 Jan  2021 /etc/rc.d/zfsd
%
Comment 9 Herbert J. Skuhra 2021-11-13 13:21:38 UTC
zfskeys is not listed in libexec/rc/rc.d/Makefile and tools/build/mk/OptionalObsoleteFiles.inc. Test build running...

diff --git a/libexec/rc/rc.d/Makefile b/libexec/rc/rc.d/Makefile
index 4c7267552526..36b8a91727dc 100644
--- a/libexec/rc/rc.d/Makefile
+++ b/libexec/rc/rc.d/Makefile
@@ -323,6 +323,7 @@ CONFGROUPS+=        ZFS
 ZFS+=          zfs
 ZFS+=          zfsbe
 ZFS+=          zfsd
+ZFS+=          zfskeys
 ZFS+=          zpool
 ZFS+=          zvol
 ZFSPACKAGE=    rc
diff --git a/tools/build/mk/OptionalObsoleteFiles.inc b/tools/build/mk/OptionalObsoleteFiles.inc
index 96156a80f2e3..0cfa3428ee21 100644
--- a/tools/build/mk/OptionalObsoleteFiles.inc
+++ b/tools/build/mk/OptionalObsoleteFiles.inc
@@ -1118,8 +1118,9 @@ OLD_FILES+=boot/gptzfsboot
 OLD_FILES+=boot/zfsboot
 OLD_FILES+=boot/zfsloader
 OLD_FILES+=etc/rc.d/zfs
-OLD_FILES+=etc/rc.d/zfsd
 OLD_FILES+=etc/rc.d/zfsbe
+OLD_FILES+=etc/rc.d/zfsd
+OLD_FILES+=etc/rc.d/zfskeys
 OLD_FILES+=etc/rc.d/zvol
 OLD_FILES+=etc/devd/zfs.conf
 OLD_FILES+=etc/periodic/daily/404.status-zfs
Comment 10 Peter Libassi 2021-11-18 11:43:00 UTC
*** Bug 259892 has been marked as a duplicate of this bug. ***
Comment 11 commit-hook freebsd_committer 2021-12-03 01:07:34 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=a58135eb092748caf383bc82306af522ff311d9d

commit a58135eb092748caf383bc82306af522ff311d9d
Author:     Herbert J. Skuhra <herbert@gojira.at>
AuthorDate: 2021-12-03 00:44:55 +0000
Commit:     Mateusz Piotrowski <0mp@FreeBSD.org>
CommitDate: 2021-12-03 01:05:55 +0000

    OptionalObsoleteFiles.inc: Add rc.d/zfskeys

    While here, sort the etc/rc.d entries.

    PR:             256483
    Reviewed by:    allanjude
    Approved by:    allanjude (src)
    MFC after:      3 days
    Sponsored by:   Modirum MDPay
    Sponsored by:   Klara Inc.
    Differential Revision:  https://reviews.freebsd.org/D33238

 tools/build/mk/OptionalObsoleteFiles.inc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
Comment 12 commit-hook freebsd_committer 2021-12-06 09:58:18 UTC
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=4a10f984d8e54d5115574d1ed354264921dfb2d3

commit 4a10f984d8e54d5115574d1ed354264921dfb2d3
Author:     Herbert J. Skuhra <herbert@gojira.at>
AuthorDate: 2021-12-03 00:44:55 +0000
Commit:     Mateusz Piotrowski <0mp@FreeBSD.org>
CommitDate: 2021-12-06 09:56:28 +0000

    OptionalObsoleteFiles.inc: Add rc.d/zfskeys

    While here, sort the etc/rc.d entries.

    PR:             256483
    Reviewed by:    allanjude
    Approved by:    allanjude (src)
    MFC after:      3 days
    Sponsored by:   Modirum MDPay
    Sponsored by:   Klara Inc.
    Differential Revision:  https://reviews.freebsd.org/D33238

    (cherry picked from commit a58135eb092748caf383bc82306af522ff311d9d)

 tools/build/mk/OptionalObsoleteFiles.inc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)