Implement decryption #24
Conversation
| char *linebuffer; | ||
| size_t size; | ||
| int nRead; | ||
| char **cmdline; |
There was a problem hiding this comment.
I need to take another look at this
|
Thank you very much for your pull request. It looks good so far, and I would have probably never done it. Your C isn't that awful, I know my C which isn't that good as well. But learning by doing I guess ;) |
|
I agree with adding the additional features. I already wanted to add retry logic as a frequently typo my passwords, and the key file isn't a bad idea to add either, though that's a different flow. Also will take some thinking about if you want to allow external devices like a flash drive for the key source, but I've never used key files for system encryption, so I don't know how that flow normally goes. I do think that would be best addressed in a followup PR, to isolate the changes. When this PR gets far enough, we can just merge it into decryption branch and use that as a dev branch. I'll be pushing some changes shortly to fix the first two comments. |
ashfire908
force-pushed
the
decryption
branch
from
14a2a7e to
1fcfb7f
Compare
|
As zfs 0.8.0 is coming up with native encryption, I'd like to help out to push this onward. @ashfire908 Are you still working on the changes mentioned above? |
|
@freswa No. I have stopped using ZFS (with or without native encryption) as I found it to be too much trouble, especially after my ZFS-based NAS box recently experienced file corruption + driver errors that corrupted the OS (and a couple non-critical files). |
|
@dasJ I have been using this PR on my machine for a long time without any issues. Could you merge this PR, please? |
| @@ -316,6 +316,10 @@ int generateSysrootUnit(char *directory, int bootfs, char *dataset, char *snapsh | |||
| return 1; | |||
| } | |||
| fprintf(fp, "# This file was generated by sd-zfs\n\ | |||
| [Unit]\n\ | |||
| Requires=systemd-ask-password-console.service\n\ | |||
There was a problem hiding this comment.
This should be Wants.
Implemented the stubbed-out decryption methods using
systemd-ask-password. Also made some tweaks to some error output as well as returning exit code 1 when mounting fails.Currently it doesn't have any retry logic so if you enter the wrong password, it'll fail and you'll get dropped to the shell during boot. Also the code is probably horrible - I don't actually know C, but I managed to get this working over the weekend within my testing VM for ZFS stuff.
Side note: I had to hack this at one point to scan based on
/dev/disk/by-partlabelinstead of the default ofby-idsince my VM software (VMware Workstation) doesn't expose IDs for it's SCSI disks 🙁. That might be useful to have in the future as a config parameter somewhere.