Skip to content

Commit

Permalink
Only try to unlock locked datasets
Browse files Browse the repository at this point in the history
  • Loading branch information
@niall-daley
niall-daley committed Oct 17, 2023
1 parent ac4cbc7 commit 8165d5c
Showing 1 changed file with 14 additions and 6 deletions.
20 changes: 14 additions & 6 deletions fetch-keys.sh
View file
Original file line number Diff line number Diff line change
@@ -1,19 +1,27 @@
#!/bin/bash

(
command -v zfs > /dev/null|| exit -1
command -v clevis > /dev/null || exit -1

echo "##### Unlocking ZFS encrypted volumes"

while read -u 3 ds enc key
while read -u 3 ds enc keystatus key
do
if [ "${enc}" != "off" -a "${key}" != "-" ]
then
echo "Loading key for ${ds}"
if (echo -n "${key}" | clevis decrypt | zfs load-key -L prompt "${ds}")
if [ "${keystatus}" = "available" ]
then
echo "Dataset ${ds} unlocked"
echo "Dataset ${ds} already unlocked"
else
echo "FAILED TO UNLOCK ${ds}"
echo "Loading key for ${ds}"
if (echo -n "${key}" | clevis decrypt | zfs load-key -L prompt "${ds}")
then
echo "Dataset ${ds} unlocked"
else
echo "FAILED TO UNLOCK ${ds}"
fi
fi
fi
done 3< <(zfs list -H -o name,encryption,zfs-clevis:key)
done 3< <(zfs list -H -o name,encryption,keystatus,zfs-clevis:key)
) 1>&2

0 comments on commit 8165d5c

Please sign in to comment.