WebSVN – zfs_utils – Diff – /trunk/ZFS_Utils.pm

     return $yaml;
+}
+# Mount a GELI-encrypted ZFS pool.
+# $geliConfig - hashref containing configuration for geli
+# Returns the pool name on success, empty string on error.
 sub mountGeli {
    my $geliConfig = shift;
+   # Can't continue at all if no pool name
-   unless ( $geliConfig->{'localKey'} ) {
+   unless ( $geliConfig->{'poolname'} ) {
-      logMsg "Could not find local key in configuration file\n";
+      logMsg "Could not find pool name in configuration file\n";
       return '';
+   }
    # find the keyfile disk and mount it
-   my $path = mountDriveByLabel( $geliConfig->{'keydiskname'} );
+   $geliConfig->{secureKey}->{path} = mountDriveByLabel( $geliConfig->{secureKey}->{label} );
-   unless ( $path ne '' and -e "$path/" . $geliConfig->{'keyfile'} ) {
+   unless ( $geliConfig->{secureKey}->{path} ne '' ) {
-      logMsg "Could not find or mount keyfile disk with label: " . $geliConfig->{'keydiskname'} . "\n";
+      logMsg "Could not find or mount keyfile disk with label: " . $geliConfig->{secureKey}->{label};
       return '';
+   }
    # create the combined geli keyfile in target location
-   unless ( makeGeliKey( "$path/" . $geliConfig->{'keyfile'}, $geliConfig->{'localKey'}, $geliConfig->{'target'} ) ) {
+   unless ( makeGeliKey( $geliConfig ) ) {
          logMsg "Could not create geli keyfile\n";
          return '';
+      }
    # decrypt and mount the geli disks and zfs pool
+   die;
    my $poolname = decryptAndMountGeli( $geliConfig );
    return $poolname;
+}
 ## Decrypt each GELI disk from $geliConfig->{'diskList'} using the keyfile,
 ## then import and mount the ZFS pool specified in $geliConfig->{'poolname'}.
 ##
 ## Returns the pool name on success, empty on error.
 sub decryptAndMountGeli {
-   my ($geliConfig) = @_;
+   my ($geliConfig) = shift;
-   # Can't continue at all if no pool name
-   die "No pool name specified in config\n" unless $geliConfig->{'poolname'};
    # if no list of disks provided, try to find them
    $geliConfig->{'diskList'} //= findGeliDisks();
    my $diskList = $geliConfig->{'diskList'};
    my $poolname = $geliConfig->{'poolname'};
 ##   $localKeyHexOrPath - hex string (64 hex chars) or path to file containing hex
 ##   $target - path to write the resulting 32-byte binary key
 ##
 ## Returns true on success, dies on fatal error.
 sub makeGeliKey {
-   my ($remote_keyfile, $localKeyHexOrPath, $target) = @_;
+   my ( $geliConfig ) = @_;
-   die "remote keyfile not provided" unless defined $remote_keyfile;
+   $geliConfig->{secureKey}->{keyfile} //= '';
-   die "local key not provided" unless defined $localKeyHexOrPath;
+   $geliConfig->{localKey} //= '';
-   die "target not provided" unless defined $target;
+   $geliConfig->{target} //= '';
+   if ( $geliConfig->{target} && -f $geliConfig->{target} ) {
+      logMsg "GELI target keyfile $geliConfig->{target} already exists. Not overwriting.\n";
+      return 1;
+   }
+   my $remote_keyfile = "$geliConfig->{secureKey}->{path}/$geliConfig->{secureKey}->{keyfile}";
+   my $localKeyHexOrPath = $geliConfig->{localKey};
+   my $target = $geliConfig->{target};
+   if ( $geliConfig->{secureKey}->{keyfile} && $geliConfig->{localKey} ) {
+      # we have what we need to proceed
+      if ( -f $remote_keyfile ) {
+         logMsg "Creating GELI keyfile at $geliConfig->{target} using remote keyfile " . $geliConfig->{secureKey}->{keyfile} . " and local key\n";
+      } else {
-   die "Remote keyfile $remote_keyfile does not exist\n" unless -e $remote_keyfile;
+         die "Remote keyfile " . $geliConfig->{secureKey}->{keyfile} . " does not exist\n";
+      }
+   }
    # Read remote binary key
    open my $rh, '<:raw', $remote_keyfile or die "Unable to open $remote_keyfile: $!\n";
    my $rbuf;
    my $read = read($rh, $rbuf, 32);

Subversion Repositories zfs_utils

(root)/trunk/ZFS_Utils.pm – Rev 37 → 38