Add key -u[nloaded]/-l[oaded] to zfs-tpm-list

2025-04-11 09:30:02 +03:00 · 2020-10-31 18:36:14 +01:00 · 2020-10-31 18:36:14 +01:00 · 415c83ab0e
commit 415c83ab0e
parent 321c2cd160
2 changed files with 34 additions and 7 deletions
--- a/man/zfs-tpm-list.md.pp
+++ b/man/zfs-tpm-list.md.pp
@ -3,7 +3,7 @@ zfs-tpm-list(8) -- print dataset tzpfms metadata

 ## SYNOPSIS

-`zfs-tpm-list` [-H] [-r\|-d *depth*] [-a\|-b *back-end*] [*filesystem*\|*volume*]…
+`zfs-tpm-list` [-H] [-r\|-d *depth*] [-a\|-b *back-end*] [-u\|-l] [*filesystem*\|*volume*]…

 ## DESCRIPTION

@ -15,7 +15,7 @@ zfs-tpm-list(8) lists the following properties on encryption roots:
  * `keystatus`: "available" or "unavailable",
  * `coherent`: "yes" if either both `xyz.nabijaczleweli:tzpfms.backend` and `xyz.nabijaczleweli:tzpfms.key` are present or missing, "no" otherwise.

-Incoherent datasets require immediate operator attention, with either the appropriate zfs-tpm\*-clear-key program or zfs(8) change-key —
+Incoherent datasets require immediate operator attention, with either the appropriate zfs-tpm\*-clear-key program or zfs(8) change-key and zfs(8) inherit —
 if the key becomes unloaded, they will require restoration from back-up.
 However, they should never occur, unless something went terribly wrong with the dataset properties.

@ -38,6 +38,11 @@ The `-a` and `-b` [OPTIONS]() can be used to either list all roots or only ones
  * `-b` *back-end*:
    List only encryption roots with tzpfms back-end *back-end*.

+  * `-l`:
+    List only encryption roots whose keys are available.
+  * `-u`:
+    List only encryption roots whose keys are unavailable.
+
 ## EXAMPLES

    $ zfs-tpm-list
@ -60,6 +65,14 @@ The `-a` and `-b` [OPTIONS]() can be used to either list all roots or only ones
    owo/v nc  -         available    yes
    owo/enc   TPM1.X    available    yes

+    $ zfs-tpm-list -al
+    NAME      BACK-END  KEYSTATUS  COHERENT
+    awa       -         available  yes
+    owo/vtnc  -         available  yes
+    owo/v nc  -         available  yes
+    owo/enc   TPM1.X    available  yes
+
+
 #include "common.h"

 ## SEE ALSO
--- a/src/bin/zfs-tpm-list.cpp
+++ b/src/bin/zfs-tpm-list.cpp
@ -11,6 +11,12 @@
 #define TZPFMS_BACKEND_MAX_LEN 16


+enum class key_loadedness : char {
+	none     = -1,
+	unloaded = 0,
+	loaded   = 1,
+};
+
 /// zfs(8) uses struct zprop_get_cbdata_t, which is powerful, but inscrutable; we have a fixed format, which makes this easier
 struct output_line {
 	static const char * const key_available_display[2];
@ -22,8 +28,9 @@ struct output_line {
 	bool key_available : 1;
 	bool coherent : 1;

-	bool included(bool print_nontzpfms, const char * backend_restrixion) const {
-		return (print_nontzpfms || !this->coherent || this->backend[0] != '\0') && (!backend_restrixion || !strcmp(backend_restrixion, this->backend));
+	bool included(bool print_nontzpfms, const char * backend_restrixion, key_loadedness key_loadedness_restrixion) const {
+		return (print_nontzpfms || !this->coherent || this->backend[0] != '\0') && (!backend_restrixion || !strcmp(backend_restrixion, this->backend)) &&
+		       (key_loadedness_restrixion == key_loadedness::none || key_loadedness_restrixion == static_cast<key_loadedness>(this->key_available));
 	}

 	const char * backend_display() const { return (this->backend[0] != '\0') ? this->backend : "-"; }
@ -38,8 +45,9 @@ int main(int argc, char ** argv) {
 	bool print_nontzpfms            = false;
 	size_t maxdepth                 = MAXDEPTH_UNSET;
 	const char * backend_restrixion = nullptr;
+	auto key_loadedness_restrixion  = key_loadedness::none;
 	return do_bare_main(
-	    argc, argv, "Hrd:ab:", "[-H] [-r|-d max] [-a|-b back-end]", "[filesystem|volume]…",
+	    argc, argv, "Hrd:ab:ul", "[-H] [-r|-d max] [-a|-b back-end] [-u|-l]", "[filesystem|volume]…",
 	    [&](auto arg) {
 		    switch(arg) {
 			    case 'H':
@ -60,6 +68,12 @@ int main(int argc, char ** argv) {
 			    case 'b':
 				    backend_restrixion = optarg;
 				    break;
+			    case 'u':
+				    key_loadedness_restrixion = key_loadedness::unloaded;
+				    break;
+			    case 'l':
+				    key_loadedness_restrixion = key_loadedness::loaded;
+				    break;
 		    }
 		    return 0;
 	    },
@ -105,7 +119,7 @@ int main(int argc, char ** argv) {
 			    separator             = "  ";

 			    for(auto cur = lines; cur != lines + lines_len; ++cur)
-				    if(cur->included(print_nontzpfms, backend_restrixion)) {
+				    if(cur->included(print_nontzpfms, backend_restrixion, key_loadedness_restrixion)) {
 					    max_name_len          = std::max(max_name_len, strlen(cur->name));
 					    max_backend_len       = std::max(max_backend_len, strlen(cur->backend_display()));
 					    max_key_available_len = std::max(max_key_available_len, strlen(output_line::key_available_display[cur->key_available]));
@ -122,7 +136,7 @@ int main(int argc, char ** argv) {
 		    if(human)
 			    println("NAME", "BACK-END", "KEYSTATUS", "COHERENT");
 		    for(auto cur = lines; cur != lines + lines_len; ++cur)
-			    if(cur->included(print_nontzpfms, backend_restrixion))
+			    if(cur->included(print_nontzpfms, backend_restrixion, key_loadedness_restrixion))
 				    println(cur->name, cur->backend_display(), output_line::key_available_display[cur->key_available], output_line::coherent_display[cur->coherent]);

 		    return 0;