-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Systemd mount generator: don't fail keyload from file if already loaded #10103
Systemd mount generator: don't fail keyload from file if already loaded #10103
Conversation
Previously the generated keyload units for encryption roots with keylocation=file://* didn't contain the code to detect if the key was already loaded and would be marked failed in such situations. Move the code to check whether the key is already loaded from keylocation=prompt handling to general key loading code. Signed-off-by: InsanePrawn <insane.prawny@gmail.com>
Codecov Report
@@ Coverage Diff @@
## master #10103 +/- ##
========================================
- Coverage 79% 79% -<1%
========================================
Files 385 385
Lines 122314 122314
========================================
- Hits 97013 97009 -4
- Misses 25301 25305 +4
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me.
You might consider using the same variable (keyloadcmd) for both pieces (i.e. the second part overwrites the keyloadcmd variable).
Thanks for the reviews!
I see. Do you want me to make those changes? I have no strong feelings towards either version; I thought a different variable name might help indicate the different levels of shells/escaping. |
I don’t have strong feelings about it either. It’s probably fine as is. |
I'll go ahead and merge this as is. |
Previously the generated keyload units for encryption roots with keylocation=file://* didn't contain the code to detect if the key was already loaded and would be marked failed in such situations. Move the code to check whether the key is already loaded from keylocation=prompt handling to general key loading code. Reviewed-by: Richard Laager <rlaager@wiktel.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: InsanePrawn <insane.prawny@gmail.com> Closes openzfs#10103
Previously the generated keyload units for encryption roots with keylocation=file://* didn't contain the code to detect if the key was already loaded and would be marked failed in such situations. Move the code to check whether the key is already loaded from keylocation=prompt handling to general key loading code. Reviewed-by: Richard Laager <rlaager@wiktel.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: InsanePrawn <insane.prawny@gmail.com> Closes openzfs#10103
Previously the generated keyload units for encryption roots with keylocation=file://* didn't contain the code to detect if the key was already loaded and would be marked failed in such situations. Move the code to check whether the key is already loaded from keylocation=prompt handling to general key loading code. Reviewed-by: Richard Laager <rlaager@wiktel.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: InsanePrawn <insane.prawny@gmail.com> Closes openzfs#10103
Previously the generated keyload units for encryption roots with keylocation=file://* didn't contain the code to detect if the key was already loaded and would be marked failed in such situations. Move the code to check whether the key is already loaded from keylocation=prompt handling to general key loading code. Reviewed-by: Richard Laager <rlaager@wiktel.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: InsanePrawn <insane.prawny@gmail.com> Closes #10103
Previously the generated keyload units for encryption roots with keylocation=file://* didn't contain the code to detect if the key was already loaded and would be marked failed in such situations. Move the code to check whether the key is already loaded from keylocation=prompt handling to general key loading code. Reviewed-by: Richard Laager <rlaager@wiktel.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: InsanePrawn <insane.prawny@gmail.com> Closes openzfs#10103
Motivation and Context
Previously the generated keyload units for encryption roots with
keylocation=file://* didn't contain the code to detect if the key
was already loaded and would be marked failed in such situations.
This would lead to systemd marking the system as degraded, for example if an initcpio hook already loaded an encryption key in order to mount the rootfs.
-> No more red text during startup! (make sure not to boot with plymouth or the
quiet
kernel arg)Description
Move the code to check whether the key is already loaded
from keylocation=prompt handling to the general key loading code.
How Has This Been Tested?
Manually confirmed the resulting unit files behave correctly tolerate a key already being loaded.
Simple reproducer script here
Types of changes
Checklist:
Signed-off-by
.