Fix Plymouth passphrase prompt in initramfs script

[belperite]

Motivation and Context

In issue #9193 I found that entering the ZFS encryption passphrase under Plymouth wasn't working because in the ZFS initrd script, Plymouth was calling zfs via --command, which wasn't passing through the filesystem argument to zfs load-key properly (it was passing through the single quotes around the filesystem name intended to handle spaces literally, which zfs load-key couldn't understand).

Description

I have updated the script to have Plymouth and systemd pipe the key to zfs load-key instead, which removes the obstacle of Plymouth passing through arguments which contain spaces via --command.

How Has This Been Tested?

I have tested this on my own desktop machine, updating the initramfs and rebooting upon each change to ensure the script continues working in a real environment.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Performance enhancement (non-breaking change which improves efficiency)
• Code cleanup (non-breaking change which makes code smaller or more readable)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation (a change to man pages or other documentation)

Checklist:

• My code follows the ZFS on Linux code style requirements.
• I have updated the documentation accordingly.
• I have read the contributing document.
• I have added tests to cover my changes.
• All new and existing tests passed.
• All commit messages are properly formatted and contain Signed-off-by.

[behlendorf]

@ghfields @rlaager would you mind reviewing this.

[rlaager]

This looks generally correct. Why is the loadkey_stdin function required, as opposed to just piping to ${ZFS} load-key "${ENCRYPTIONROOT}" directly?

[codecov]

Codecov Report

Merging #9202 into master will increase coverage by 0.05%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #9202      +/-   ##
==========================================
+ Coverage   79.22%   79.27%   +0.05%     
==========================================
  Files         400      400              
  Lines      122001   122001              
==========================================
+ Hits        96656    96718      +62     
+ Misses      25345    25283      -62

Flag	Coverage Δ
#kernel	79.77% <ø> (+0.02%)	⬆️
#user	67.29% <ø> (+0.25%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a9ebdfd...88f5469. Read the comment docs.

[ghfields]

I agree with @rlaager . It would be preferred if we can get by without another function.

Additionally, the single quote was added during code review. It was also added to dracut in #8114 . Is it functioning properly over there?

Stepping back, could this have to do with which shell used? Not an argument for not fixing, but an explanation why only some people are experiencing it (see #8306 (comment)). I also have a coworker reporting that he believes this broke on his system after updates. He just removed the single quotes since he didn't have to worry about spaces.

[belperite]

@rlaager The function was just to try and keep in with the idea of the original DECRYPT_CMD - having the command defined in one place whilst being used in multiple places. Am happy to change to direct piping though if that's what is preferred?

@ghfields The shell I use is the default one in Buster at installation time. I didn't have time to test Dracut sadly - I just needed my desktop up and running ASAP for work. However, see below:

contrib/dracut/90zfs/mount-zfs.sh.in:

                        ask_for_password \
                                --tries 5 \
                                --prompt "Encrypted ZFS password for ${ENCRYPTIONROOT}: " \
                                --cmd "zfs load-key '${ENCRYPTIONROOT}'"

Unfortunately, it looks like ask_for_password in Dracut (dracut/modules.d/90crypt/crypt-lib.sh) is a wrapper that calls Plymouth like so:

        if [ -x /bin/plymouth ] && /bin/plymouth --ping; then
            /bin/plymouth ask-for-password \
                --prompt "$ply_prompt" --number-of-tries=$ply_tries \
                --command="$ply_cmd"

If broken, fixing this for Dracut may have wider implications?

[belperite]

@rlaager @ghfields have changed to direct pipe for zfs load-key in initramfs as per your suggestion. Dracut may need a different approach.

[rlaager]

LGTM

[ghfields]

Approved. Like the more uniform look.