zfs keylocation status

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Oleksandr Kryvulia <shuriku_at_shurik.kiev.ua>
Date: Wed, 10 Apr 2024 10:07:35 UTC

Dear freebsd-fs,

While creating an encrypted dataset with keylocation=https I get an error:

# zfs create -o encryption=on -o keyformat=raw -o 
keylocation=https://_key_URL_ zroot/tmp/enc
cannot create 'zroot/tmp/enc': No keylocation=https:// back-end

In /usr/src/sys/modules/zfs/zfs_config.h it is disabled by default:

/* TBD: fetch(3) support */
#if 0
/* whether the chosen libfetch is to be loaded at run-time */
#define LIBFETCH_DYNAMIC 1

/* libfetch is fetch(3) */
#define LIBFETCH_IS_FETCH 1

/* libfetch is libcurl */
#define LIBFETCH_IS_LIBCURL 0

/* soname of chosen libfetch */
#define LIBFETCH_SONAME "libfetch.so.6"
#endif

Rebuilding a kernel without #if 0 doesn't change anything.
What is a status of keylocation=https/http implementation on freebsd?

P.S. To workaround it I am using custom script to fetch and load keys 
from remote location.