Added initcpio module allowing to decrypt zfs root filesystem over SSH

7 years ago · 036669a711
parent 11aae3b0e3
commit 036669a711
2 changed files with 38 additions and 0 deletions
--- a/src/zfs-utils/PKGBUILD.sh
+++ b/src/zfs-utils/PKGBUILD.sh
@ -64,6 +64,7 @@ package() {
    # Install the support files
    install -D -m644 "\${srcdir}"/zfs-utils.initcpio.hook "\${pkgdir}"/usr/lib/initcpio/hooks/zfs
    install -D -m644 "\${srcdir}"/zfs-utils.initcpio.install "\${pkgdir}"/usr/lib/initcpio/install/zfs
+    install -D -m644 "\${srcdir}"/zfs-utils.initcpio.zfsencryptssh.install "\${pkgdir}"/usr/lib/initcpio/install/zfsencryptssh
    install -D -m644 "\${srcdir}"/zfs-utils.bash-completion-r1 "\${pkgdir}"/usr/share/bash-completion/completions/zfs
 }
 EOF
--- a/src/zfs-utils/zfs-utils.initcpio.zfsencryptssh.install
+++ b/src/zfs-utils/zfs-utils.initcpio.zfsencryptssh.install
@ -0,0 +1,37 @@
+#!/bin/bash
+
+make_etc_passwd() {
+    echo 'root:x:0:0:root:/root:/bin/bash' > "${BUILDROOT}"/etc/passwd
+    echo '/bin/bash' > "${BUILDROOT}"/etc/shells
+}
+
+make_profile() {
+    profile_file='# get bootfs (dataset must have bootfs flag set to work)
+dataset=$(zpool list -H -o bootfs)
+# source zfs hook functions
+. /hooks/zfs
+# decrypt bootfs
+zfs_decrypt_fs $dataset
+# kill pending decryption attempt to allow the boot process to continue
+killall zfs
+# exit properly
+exit'
+    printf '%s' "$profile_file" > "${BUILDROOT}"/root/.profile
+}
+
+build ()
+{
+    make_etc_passwd
+    make_profile
+}
+
+help ()
+{
+    cat<<HELPEOF
+This hook is meant to be used in conjunction with mkinitcpio-dropbear, 
+mkinitcpio-netconf and/ormkinitcpio-ppp. This will provide a way to unlock 
+your encrypted ZFS root filesystem remotely.
+HELPEOF
+}
+
+# vim: set ts=4 sw=4 ft=sh et: