From e0b5ba54798162d18ce2dbc42911f18facae1707 Mon Sep 17 00:00:00 2001 From: Will Fancher Date: Tue, 3 May 2022 13:39:54 -0400 Subject: [PATCH] nixos: Don't use grep to request ZFS credentials, and consider keystatus --- nixos/modules/tasks/filesystems/zfs.nix | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index 4675c06cfdec..3bc05f56dc36 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -97,6 +97,11 @@ let in map (x: "${mountPoint x}.mount") (getPoolFilesystems pool); + getKeyLocations = pool: + if isBool cfgZfs.requestEncryptionCredentials + then "${cfgZfs.package}/sbin/zfs list -rHo name,keylocation,keystatus ${pool}" + else "${cfgZfs.package}/sbin/zfs list -Ho name,keylocation,keystatus ${toString (filter (x: datasetToPool x == pool) cfgZfs.requestEncryptionCredentials)}"; + createImportService = { pool, systemd, force, prefix ? "" }: nameValuePair "zfs-import-${pool}" { description = "Import ZFS pool \"${pool}\""; @@ -137,13 +142,11 @@ let ${optionalString (if isBool cfgZfs.requestEncryptionCredentials then cfgZfs.requestEncryptionCredentials else cfgZfs.requestEncryptionCredentials != []) '' - ${cfgZfs.package}/sbin/zfs list -rHo name,keylocation ${pool} | while IFS=$'\t' read ds kl; do + ${getKeyLocations pool} | while IFS=$'\t' read ds kl ks; do { - ${optionalString (!isBool cfgZfs.requestEncryptionCredentials) '' - if ! echo '${concatStringsSep "\n" cfgZfs.requestEncryptionCredentials}' | grep -qFx "$ds"; then - continue - fi - ''} + if [[ "$ks" != unavailable ]]; then + continue + fi case "$kl" in none ) ;;