commit 0d65e2e0e5b318614bf967c71308355939d9aaaf · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

zfs: add migration path for new crypto format

fixes #34559

authored by sjau and committed by Jörg Thalheim 8 years ago 0d65e2e0 4442a377

+68 -14

4 changed files

expand all

unified split

nixos

modules

tasks

filesystems

zfs.nix

pkgs

os-specific

linux

spl

default.nix

zfs

default.nix

top-level

all-packages.nix

+26 -1

nixos/modules/tasks/filesystems/zfs.nix

··· 24 24 25 25 kernel = config.boot.kernelPackages; 26 26 27 - packages = if config.boot.zfs.enableUnstable then { 27 + packages = if config.boot.zfs.enableLegacyCrypto then { 28 + spl = kernel.splLegacyCrypto; 29 + zfs = kernel.zfsLegacyCrypto; 30 + zfsUser = pkgs.zfsLegacyCrypto; 31 + } else if config.boot.zfs.enableUnstable then { 28 32 spl = kernel.splUnstable; 29 33 zfs = kernel.zfsUnstable; 30 34 zfsUser = pkgs.zfsUnstable; ··· 72 76 version will have already passed an extensive test suite, but it is 73 77 more likely to hit an undiscovered bug compared to running a released 74 78 version of ZFS on Linux. 79 + ''; 80 + }; 81 + 82 + enableLegacyCrypto = mkOption { 83 + type = types.bool; 84 + default = false; 85 + description = '' 86 + Enabling this option will allow you to continue to use the old format for 87 + encrypted datasets. With the inclusion of stability patches the format of 88 + encrypted datasets has changed. They can still be access and mounted but 89 + in read-only mode mounted. It is highly recommended to convert them to 90 + the new format. 91 + 92 + This option is only for convenience to people that cannot convert their 93 + datasets to the new format yet and it will be removed in due time. 94 + 95 + For migration strategies from old format to this new one, check the Wiki: 96 + https://nixos.wiki/wiki/NixOS_on_ZFS#Encrypted_Dataset_Format_Change 97 + 98 + See https://github.com/zfsonlinux/zfs/pull/6864 for more details about 99 + the stability patches. 75 100 ''; 76 101 }; 77 102

+9 -3

pkgs/os-specific/linux/spl/default.nix

··· 66 66 }; 67 67 68 68 splUnstable = common { 69 - version = "2017-12-21"; 70 - rev = "c9821f1ccc647dfbd506f381b736c664d862d126"; 71 - sha256 = "08r6sa36jaj6n54ap18npm6w85v5yn3x8ljg792h37f49b8kir6c"; 69 + version = "2018-01-24"; 70 + rev = "23602fdb39e1254c669707ec9d2d0e6bcdbf1771"; 71 + sha256 = "09py2dwj77f6s2qcnkwdslg5nxb3hq2bq39zpxpm6msqyifhl69h"; 72 + }; 73 + 74 + splLegacyCrypto = common { 75 + version = "2018-01-24"; 76 + rev = "23602fdb39e1254c669707ec9d2d0e6bcdbf1771"; 77 + sha256 = "09py2dwj77f6s2qcnkwdslg5nxb3hq2bq39zpxpm6msqyifhl69h"; 72 78 }; 73 79 }

+30 -7

pkgs/os-specific/linux/zfs/default.nix

··· 5 5 , zlib, libuuid, python, attr, openssl 6 6 7 7 # Kernel dependencies 8 - , kernel ? null, spl ? null, splUnstable ? null 8 + , kernel ? null, spl ? null, splUnstable ? null, splLegacyCrypto ? null 9 9 }: 10 10 11 11 with stdenv.lib; ··· 19 19 , spl 20 20 , rev ? "zfs-${version}" 21 21 , isUnstable ? false 22 + , isLegacyCrypto ? false 22 23 , incompatibleKernelVersion ? null } @ args: 23 24 if buildKernel && 24 25 (incompatibleKernelVersion != null) && ··· 43 44 buildInputs = 44 45 optionals buildKernel [ spl ] 45 46 ++ optionals buildUser [ zlib libuuid python attr ] 46 - ++ optionals (buildUser && isUnstable) [ openssl ]; 47 + ++ optionals (buildUser && (isUnstable || isLegacyCrypto)) [ openssl ]; 47 48 48 49 # for zdb to get the rpath to libgcc_s, needed for pthread_cancel to work 49 50 NIX_CFLAGS_LINK = "-lgcc_s"; ··· 160 161 incompatibleKernelVersion = null; 161 162 162 163 # this package should point to a version / git revision compatible with the latest kernel release 163 - version = "2018-01-10"; 164 + version = "2018-02-02"; 164 165 165 - rev = "1d53657bf561564162e2ad6449f80fa0140f1dd6"; 166 - sha256 = "0ibkhfz06cypgl2c869dzdbdx2i3m8ywwdmnzscv0cin5gm31vhx"; 166 + rev = "fbd42542686af053f0d162ec4630ffd4fff1cc30"; 167 + sha256 = "0qzkwnnk7kz1hwvcaqlpzi5yspfhhmd2alklc07k056ddzbx52qb"; 167 168 isUnstable = true; 168 169 169 170 extraPatches = [ 170 171 (fetchpatch { 171 - url = "https://github.com/Mic92/zfs/compare/ded8f06a3cfee...nixos-zfs-2017-09-12.patch"; 172 - sha256 = "033wf4jn0h0kp0h47ai98rywnkv5jwvf3xwym30phnaf8xxdx8aj"; 172 + url = "https://github.com/Mic92/zfs/compare/fbd42542686af053f0d162ec4630ffd4fff1cc30...nixos-zfs-2018-02-02.patch"; 173 + sha256 = "05wqwjm9648x60vkwxbp8l6z1q73r2a5l2ni28i2f4pla8s3ahln"; 173 174 }) 174 175 ]; 175 176 176 177 spl = splUnstable; 177 178 }; 179 + 180 + zfsLegacyCrypto = common { 181 + # comment/uncomment if breaking kernel versions are known 182 + incompatibleKernelVersion = null; 183 + 184 + # this package should point to a version / git revision compatible with the latest kernel release 185 + version = "2018-02-01"; 186 + 187 + rev = "4c46b99d24a6e71b3c72462c11cb051d0930ad60"; 188 + sha256 = "011lcp2x44jgfzqqk2gjmyii1v7rxcprggv20prxa3c552drsx3c"; 189 + isUnstable = true; 190 + 191 + extraPatches = [ 192 + (fetchpatch { 193 + url = "https://github.com/Mic92/zfs/compare/4c46b99d24a6e71b3c72462c11cb051d0930ad60...nixos-zfs-2018-02-01.patch"; 194 + sha256 = "1gqmgqi39qhk5kbbvidh8f2xqq25vj58i9x0wjqvcx6a71qj49ch"; 195 + }) 196 + ]; 197 + 198 + spl = splLegacyCrypto; 199 + }; 200 + 178 201 }

+3 -3

pkgs/top-level/all-packages.nix

··· 13120 13120 sch_cake = callPackage ../os-specific/linux/sch_cake { }; 13121 13121 13122 13122 inherit (callPackage ../os-specific/linux/spl {}) 13123 - splStable splUnstable; 13123 + splStable splUnstable splLegacyCrypto; 13124 13124 13125 13125 spl = splStable; 13126 13126 ··· 13151 13151 inherit (callPackage ../os-specific/linux/zfs { 13152 13152 configFile = "kernel"; 13153 13153 inherit kernel spl; 13154 - }) zfsStable zfsUnstable; 13154 + }) zfsStable zfsUnstable zfsLegacyCrypto; 13155 13155 13156 13156 zfs = zfsStable; 13157 13157 }); ··· 13657 13657 13658 13658 inherit (callPackage ../os-specific/linux/zfs { 13659 13659 configFile = "user"; 13660 - }) zfsStable zfsUnstable; 13660 + }) zfsStable zfsUnstable zfsLegacyCrypto; 13661 13661 13662 13662 zfs = zfsStable; 13663 13663