From ed509c72a6b496ea840f5e62f48f413284aef6fa Mon Sep 17 00:00:00 2001
From: illiliti <illiliti@protonmail.com>
Date: Sat, 31 Jul 2021 20:21:52 +0300
Subject: [PATCH] hook/zfs: implement zfs+native encryption support

Closes: #24
---
 hook/zfs/zfs      | 18 ++++++++++++++++++
 hook/zfs/zfs.init | 16 ++++++++++++++++
 2 files changed, 34 insertions(+)
 create mode 100644 hook/zfs/zfs
 create mode 100644 hook/zfs/zfs.init

diff --git a/hook/zfs/zfs b/hook/zfs/zfs
new file mode 100644
index 0000000..56704fc
--- /dev/null
+++ b/hook/zfs/zfs
@@ -0,0 +1,18 @@
+# vim: set ft=sh:
+# shellcheck shell=sh
+#
+# https://shellcheck.net/wiki/SC2154
+# shellcheck disable=2154
+
+[ "$zfs_key" ] && {
+    copy_file "${zfs_key#*=}" /root/zfs_key 0400
+
+    sed "s|${zfs_key#*=}|/root/zfs_key|" \
+        "${tmpdir}/etc/tinyramfs/config" > "${tmpdir}/_"
+
+    mv "${tmpdir}/_" "${tmpdir}/etc/tinyramfs/config"
+}
+
+copy_kmod zfs
+copy_exec zfs
+copy_exec zpool
diff --git a/hook/zfs/zfs.init b/hook/zfs/zfs.init
new file mode 100644
index 0000000..b2da024
--- /dev/null
+++ b/hook/zfs/zfs.init
@@ -0,0 +1,16 @@
+# vim: set ft=sh:
+# shellcheck shell=sh
+#
+# https://shellcheck.net/wiki/SC2154
+# shellcheck disable=2154
+
+modprobe zfs 2> /dev/null
+
+resolve_device "$zfs_root"
+zpool import -Nd "$device" "${root%%/*}"
+
+if [ "$zfs_key" ]; then
+    zfs load-key -L "file://${zfs_key}" "$root"
+elif [ "$(zfs get -Ho value encryption "$root")" != off ]; then
+    zfs load-key -L prompt "$root"
+fi