extern/zrepl
1
0
Fork 0
mirror of https://github.com/zrepl/zrepl.git synced 2024-11-21 16:03:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
problame/develop
zrepl/zfs
History
Christian Schwarz fb6a9be954 fix encrypt-on-receive with placeholders 
fixes https://github.com/zrepl/zrepl/issues/504

Problem:
  plain send + recv with root_fs encrypted + placeholders causes plain recvs
  whereas user would expect encrypt-on-recv
Reason:
  We create placeholder filesytems with -o encryption=off.
  Thus, children received below those placeholders won't inherit
  encryption of root_fs.
Fix:
  We'll have three values for `recv.placeholders.encryption: unspecified (default) | off | inherit`.
  When we create a placeholder, we will fail the operation if  `recv.placeholders.encryption = unspecified`.
  The exception is if the placeholder filesystem is to encode the client identity ($root_fs/$client_identity) in a pull job.
  Those are created in `inherit` mode if the config field is `unspecified` so that users who don't need
  placeholders are not bothered by these details.

Future Work:
  Automatically warn existing users of encrypt-on-recv about the problem
  if they are affected.
  The problem that I hit during implementation of this is that the
  `encryption` prop's `source` doesn't quite behave like other props:
  `source` is `default` for `encryption=off` and `-` when `encryption=on`.
  Hence, we can't use `source` to distinguish the following 2x2 cases:
  (1) placeholder created with explicit -o encryption=off
  (2) placeholder created without specifying -o encryption
  with
  (A) an encrypted parent at creation time
  (B) an unencrypted parent at creation time
2021-12-18 15:12:47 +01:00
..
property [#285] support setting zfs send / recv flags in the config (send: -wLcepbS, recv: -ox) 2021-02-20 17:20:45 +01:00
test_helpers Implement DatasetMapping + basic ZFS list functionality. 2017-04-26 17:39:16 +02:00
zfscmd zfs: rewrite SendStream, fix bug in Close() on FreeBSD, add platformtests 2021-09-19 20:11:31 +02:00
datasetpath_visitor_test.go [#342] endpoint: always create unencrypted placeholder filesystems 2020-07-26 20:32:35 +02:00
datasetpath_visitor.go [#342] endpoint: always create unencrypted placeholder filesystems 2020-07-26 20:32:35 +02:00
encryption.go [#285] support setting zfs send / recv flags in the config (send: -wLcepbS, recv: -ox) 2021-02-20 17:20:45 +01:00
filesystemplaceholdercreateencryptionvalue_enumer.go fix encrypt-on-receive with placeholders 2021-12-18 15:12:47 +01:00
holds.go endpoint: refactor, fix stale holds on initial replication failure, zfs-abstractions subcmd, more efficient ZFS queries 2020-04-18 12:26:03 +02:00
mapping.go endpoint: refactor, fix stale holds on initial replication failure, zfs-abstractions subcmd, more efficient ZFS queries 2020-04-18 12:26:03 +02:00
namecheck_test.go new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold 2020-02-14 22:00:13 +01:00
namecheck.go new features: {resumable,encrypted,hold-protected} send-recv, last-received-hold 2020-02-14 22:00:13 +01:00
placeholder.go fix encrypt-on-receive with placeholders 2021-12-18 15:12:47 +01:00
prometheus.go bring back prometheus metrics, with new metrics for replication state machine 2018-09-07 22:22:34 -07:00
propertysource_enumer.go zfs: PropertySource: set type to uint32 so that enumer-generated code is platform-independent 2021-03-14 22:32:45 +01:00
resume_token.go zfs: ResumeToken: parse embedok, largeblockok, savedok if available 2021-02-20 17:04:57 +01:00
versions_destroy_test.go zfs: use exec.CommandContext everywhere 2020-03-27 13:08:43 +01:00
versions_destroy.go [#307] add package trace, integrate it with logging, and adopt it throughout zrepl 2020-05-19 11:30:02 +02:00
versions.go [#285] support setting zfs send / recv flags in the config (send: -wLcepbS, recv: -ox) 2021-02-20 17:20:45 +01:00
zfs_debug.go run golangci-lint and apply suggested fixes 2019-03-27 13:12:26 +01:00
zfs_pipe_linux.go zfs: pipe size: default to value of /proc/sys/fs/pipe-max-siz 2021-03-25 22:24:50 +01:00
zfs_pipe.go go1.17: run goimports to supports the new //go:build lines 2021-10-09 16:51:08 +02:00
zfs_test.go [#285] support setting zfs send / recv flags in the config (send: -wLcepbS, recv: -ox) 2021-02-20 17:20:45 +01:00
zfs.go fix encrypt-on-receive with placeholders 2021-12-18 15:12:47 +01:00