pyrox.dev / nixpkgs
lol
fork atom

zfs: add migration path for new crypto format

fixes #34559

authored by sjau and committed by Jörg Thalheim 0d65e2e0 4442a377

+68 -14
unified split
+26 -1
nixos/modules/tasks/filesystems/zfs.nix
··· 24 25 kernel = config.boot.kernelPackages; 26 27 - packages = if config.boot.zfs.enableUnstable then { 28 spl = kernel.splUnstable; 29 zfs = kernel.zfsUnstable; 30 zfsUser = pkgs.zfsUnstable; ··· 72 version will have already passed an extensive test suite, but it is 73 more likely to hit an undiscovered bug compared to running a released 74 version of ZFS on Linux. 75 ''; 76 }; 77
··· 24 25 kernel = config.boot.kernelPackages; 26 27 + packages = if config.boot.zfs.enableLegacyCrypto then { 28 + spl = kernel.splLegacyCrypto; 29 + zfs = kernel.zfsLegacyCrypto; 30 + zfsUser = pkgs.zfsLegacyCrypto; 31 + } else if config.boot.zfs.enableUnstable then { 32 spl = kernel.splUnstable; 33 zfs = kernel.zfsUnstable; 34 zfsUser = pkgs.zfsUnstable; ··· 76 version will have already passed an extensive test suite, but it is 77 more likely to hit an undiscovered bug compared to running a released 78 version of ZFS on Linux. 79 + ''; 80 + }; 81 + 82 + enableLegacyCrypto = mkOption { 83 + type = types.bool; 84 + default = false; 85 + description = '' 86 + Enabling this option will allow you to continue to use the old format for 87 + encrypted datasets. With the inclusion of stability patches the format of 88 + encrypted datasets has changed. They can still be access and mounted but 89 + in read-only mode mounted. It is highly recommended to convert them to 90 + the new format. 91 + 92 + This option is only for convenience to people that cannot convert their 93 + datasets to the new format yet and it will be removed in due time. 94 + 95 + For migration strategies from old format to this new one, check the Wiki: 96 + https://nixos.wiki/wiki/NixOS_on_ZFS#Encrypted_Dataset_Format_Change 97 + 98 + See https://github.com/zfsonlinux/zfs/pull/6864 for more details about 99 + the stability patches. 100 ''; 101 }; 102
+9 -3
pkgs/os-specific/linux/spl/default.nix
··· 66 }; 67 68 splUnstable = common { 69 - version = "2017-12-21"; 70 - rev = "c9821f1ccc647dfbd506f381b736c664d862d126"; 71 - sha256 = "08r6sa36jaj6n54ap18npm6w85v5yn3x8ljg792h37f49b8kir6c"; 72 }; 73 }
··· 66 }; 67 68 splUnstable = common { 69 + version = "2018-01-24"; 70 + rev = "23602fdb39e1254c669707ec9d2d0e6bcdbf1771"; 71 + sha256 = "09py2dwj77f6s2qcnkwdslg5nxb3hq2bq39zpxpm6msqyifhl69h"; 72 + }; 73 + 74 + splLegacyCrypto = common { 75 + version = "2018-01-24"; 76 + rev = "23602fdb39e1254c669707ec9d2d0e6bcdbf1771"; 77 + sha256 = "09py2dwj77f6s2qcnkwdslg5nxb3hq2bq39zpxpm6msqyifhl69h"; 78 }; 79 }
+30 -7
pkgs/os-specific/linux/zfs/default.nix
··· 5 , zlib, libuuid, python, attr, openssl 6 7 # Kernel dependencies 8 - , kernel ? null, spl ? null, splUnstable ? null 9 }: 10 11 with stdenv.lib; ··· 19 , spl 20 , rev ? "zfs-${version}" 21 , isUnstable ? false 22 , incompatibleKernelVersion ? null } @ args: 23 if buildKernel && 24 (incompatibleKernelVersion != null) && ··· 43 buildInputs = 44 optionals buildKernel [ spl ] 45 ++ optionals buildUser [ zlib libuuid python attr ] 46 - ++ optionals (buildUser && isUnstable) [ openssl ]; 47 48 # for zdb to get the rpath to libgcc_s, needed for pthread_cancel to work 49 NIX_CFLAGS_LINK = "-lgcc_s"; ··· 160 incompatibleKernelVersion = null; 161 162 # this package should point to a version / git revision compatible with the latest kernel release 163 - version = "2018-01-10"; 164 165 - rev = "1d53657bf561564162e2ad6449f80fa0140f1dd6"; 166 - sha256 = "0ibkhfz06cypgl2c869dzdbdx2i3m8ywwdmnzscv0cin5gm31vhx"; 167 isUnstable = true; 168 169 extraPatches = [ 170 (fetchpatch { 171 - url = "https://github.com/Mic92/zfs/compare/ded8f06a3cfee...nixos-zfs-2017-09-12.patch"; 172 - sha256 = "033wf4jn0h0kp0h47ai98rywnkv5jwvf3xwym30phnaf8xxdx8aj"; 173 }) 174 ]; 175 176 spl = splUnstable; 177 }; 178 }
··· 5 , zlib, libuuid, python, attr, openssl 6 7 # Kernel dependencies 8 + , kernel ? null, spl ? null, splUnstable ? null, splLegacyCrypto ? null 9 }: 10 11 with stdenv.lib; ··· 19 , spl 20 , rev ? "zfs-${version}" 21 , isUnstable ? false 22 + , isLegacyCrypto ? false 23 , incompatibleKernelVersion ? null } @ args: 24 if buildKernel && 25 (incompatibleKernelVersion != null) && ··· 44 buildInputs = 45 optionals buildKernel [ spl ] 46 ++ optionals buildUser [ zlib libuuid python attr ] 47 + ++ optionals (buildUser && (isUnstable || isLegacyCrypto)) [ openssl ]; 48 49 # for zdb to get the rpath to libgcc_s, needed for pthread_cancel to work 50 NIX_CFLAGS_LINK = "-lgcc_s"; ··· 161 incompatibleKernelVersion = null; 162 163 # this package should point to a version / git revision compatible with the latest kernel release 164 + version = "2018-02-02"; 165 166 + rev = "fbd42542686af053f0d162ec4630ffd4fff1cc30"; 167 + sha256 = "0qzkwnnk7kz1hwvcaqlpzi5yspfhhmd2alklc07k056ddzbx52qb"; 168 isUnstable = true; 169 170 extraPatches = [ 171 (fetchpatch { 172 + url = "https://github.com/Mic92/zfs/compare/fbd42542686af053f0d162ec4630ffd4fff1cc30...nixos-zfs-2018-02-02.patch"; 173 + sha256 = "05wqwjm9648x60vkwxbp8l6z1q73r2a5l2ni28i2f4pla8s3ahln"; 174 }) 175 ]; 176 177 spl = splUnstable; 178 }; 179 + 180 + zfsLegacyCrypto = common { 181 + # comment/uncomment if breaking kernel versions are known 182 + incompatibleKernelVersion = null; 183 + 184 + # this package should point to a version / git revision compatible with the latest kernel release 185 + version = "2018-02-01"; 186 + 187 + rev = "4c46b99d24a6e71b3c72462c11cb051d0930ad60"; 188 + sha256 = "011lcp2x44jgfzqqk2gjmyii1v7rxcprggv20prxa3c552drsx3c"; 189 + isUnstable = true; 190 + 191 + extraPatches = [ 192 + (fetchpatch { 193 + url = "https://github.com/Mic92/zfs/compare/4c46b99d24a6e71b3c72462c11cb051d0930ad60...nixos-zfs-2018-02-01.patch"; 194 + sha256 = "1gqmgqi39qhk5kbbvidh8f2xqq25vj58i9x0wjqvcx6a71qj49ch"; 195 + }) 196 + ]; 197 + 198 + spl = splLegacyCrypto; 199 + }; 200 + 201 }
+3 -3
pkgs/top-level/all-packages.nix
··· 13120 sch_cake = callPackage ../os-specific/linux/sch_cake { }; 13121 13122 inherit (callPackage ../os-specific/linux/spl {}) 13123 - splStable splUnstable; 13124 13125 spl = splStable; 13126 ··· 13151 inherit (callPackage ../os-specific/linux/zfs { 13152 configFile = "kernel"; 13153 inherit kernel spl; 13154 - }) zfsStable zfsUnstable; 13155 13156 zfs = zfsStable; 13157 }); ··· 13657 13658 inherit (callPackage ../os-specific/linux/zfs { 13659 configFile = "user"; 13660 - }) zfsStable zfsUnstable; 13661 13662 zfs = zfsStable; 13663
··· 13120 sch_cake = callPackage ../os-specific/linux/sch_cake { }; 13121 13122 inherit (callPackage ../os-specific/linux/spl {}) 13123 + splStable splUnstable splLegacyCrypto; 13124 13125 spl = splStable; 13126 ··· 13151 inherit (callPackage ../os-specific/linux/zfs { 13152 configFile = "kernel"; 13153 inherit kernel spl; 13154 + }) zfsStable zfsUnstable zfsLegacyCrypto; 13155 13156 zfs = zfsStable; 13157 }); ··· 13657 13658 inherit (callPackage ../os-specific/linux/zfs { 13659 configFile = "user"; 13660 + }) zfsStable zfsUnstable zfsLegacyCrypto; 13661 13662 zfs = zfsStable; 13663