You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
libzfs: add key provider machinery and a keylocation=exec:// impl
This acquires the key material by running the file specified by the URI
with [path, op, fsname], and reading back data from the pipe
located at fd 3 after the child exits (this means, that, i.a.,
children that write Too Much get an I/O error instead of hanging,
exec:// providers can be written in any language that can
write(3, [buf]), and they can be as interactive (or non-interactive)
and as verbose (or terse) as they want)
See zfs-change-key(8) for example statesome providers, or the
abomination below for a trivial stateless one
#!/bin/sh -x
echo "$0" "$@"
[ -z "$2" ] && {
echo "No dataset name (zfs-create?)" >&2
exit 1
}
if command -v sha256 >/dev/null; then
sha256 -qs "$2"
else
echo -n "$2" | sha256sum | awk '{print $1}'
fi | tee /dev/stderr >&3
See zfs-change-key(8) for a user-level description of key-providers,
or below for state machines
load:
* [_ _] => error
* [_ x] => [x _], unseal(x)
* [o x] =>
+ show error
+ let user choose to try either one or the other state
+ instruct what to invoke in either case
* [o _] => unseal(o)
new: into staging area
* fresh : [_ _] => [_ x]
* regenerating: [o _] => [o x]
* dirty: [? x] =>
shift (on success): mark new state as current, free old state
* [_ _] => how?
* [_ x] => [x _]
* [o x] => [x _], free(o)
* [o _] => [_ _], free(o)
i.e.
[a b] => [b _], free(a)
unshift (on deletion): move current state to new
* [_ _] => how?
* [_ x] => wrong
* [o x] => wrong
* [o _] => [_ o]
i.e.
[a b] => [_ a] (technically free(b), i guess, but shouldn't happen)
cancel (on error): free new state if present
* how? : [_ _] =>
* from new : [_ x] => [_ _] free(x)
* from new : [o x] => [o _] free(x)
* from inherit/other executable: [o _] => [o _]
i.e.
[a, b] => [a, _], free(b)
two stable states:
[_ _] -> new: [_ n] --ok----> shift : [n _]
[_ _] -> new: [_ n] --error-> cancel: [n _]
[o _] -> new: [o n] --ok----> shift : [n _], free(o)
[o _] -> new: [o n] --error-> cancel: [o _], free(n)
[o _] (inheriting) --ok----> shift : [_ _], free(o)
[o _] (inheriting) --error-> cancel: [o _]
inheriting homomorphic to switching to something else
[o _] -> unshift: [_ o] --ok----> cancel: [_ _], free(o)
[o _] -> unshift: [_ o] --error-> shift : [o _]
if shift or cancel wasn't called:
[_ o] -> load -> [o, _], unseal
[ó o] -> load -> pick a resolution. should allow loading either to check with zfs load-key -n and instruct what to do in either case
[_ o] -> new -> error? try to load first, and pick a resolution
[ó o] -> new -> error? try to load first, and pick a resolution
i.e. somehow libzfs failed to do the shift after committing
Signed-off-by: Ahelenia Ziemiańska <[email protected]>
0 commit comments