add dracut module that works on _my_ debian machine

dracut/60clevis-zfs/clevis-zfs-hook.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+
+
+# import the libs now that we know the pool imported
+[ -f /lib/dracut-lib.sh ] && dracutlib=/lib/dracut-lib.sh
+[ -f /usr/lib/dracut/modules.d/99base/dracut-lib.sh ] && dracutlib=/usr/lib/dracut/modules.d/99base/dracut-lib.sh
+# shellcheck source=./lib-zfs.sh.in
+. "$dracutlib"
+
+# load the kernel command line vars
+[ -z "$root" ] && root="$(getarg root=)"
+# If root is not ZFS= or zfs: or rootfstype is not zfs then we are not supposed to handle it.
+[ "${root##zfs:}" = "${root}" ] && [ "${root##ZFS=}" = "${root}" ] && [ "$rootfstype" != "zfs" ] && exit 0
+
+# There is a race between the zpool import and the pre-mount hooks, so we wait for a pool to be imported
+while true; do
+    zpool list -H | grep -q -v '^$' && break
+    [ "$(systemctl is-failed zfs-import-cache.service)" = 'failed' ] && exit 1
+    [ "$(systemctl is-failed zfs-import-scan.service)" = 'failed' ] && exit 1
+    sleep 0.1s
+done
+
+# run this after import as zfs-import-cache/scan service is confirmed good
+# we do not overwrite the ${root} variable, but create a new one, BOOTFS, to hold the dataset
+if [ "${root}" = "zfs:AUTO" ] ; then
+    BOOTFS="$(zpool list -H -o bootfs | awk '$1 != "-" {print; exit}')"
+else
+    BOOTFS="${root##zfs:}"
+    BOOTFS="${BOOTFS##ZFS=}"
+fi
+
+# if pool encryption is active and the zfs command understands '-o encryption'
+if [ "$(zpool list -H -o feature@encryption $(echo "${BOOTFS}" | awk -F\/ '{print $1}'))" = 'active' ]; then
+    # if the root dataset has encryption enabled
+    ENCRYPTIONROOT=$(zfs get -H -o value encryptionroot "${BOOTFS}")
+    # where the key is stored (in a file or loaded via prompt)
+    KEYLOCATION=$(zfs get -H -o value keylocation "${ENCRYPTIONROOT}")
+    if ! [ "${ENCRYPTIONROOT}" = "-" ]; then
+        KEYSTATUS="$(zfs get -H -o value keystatus "${ENCRYPTIONROOT}")"
+        # continue only if the key needs to be loaded
+        [ "$KEYSTATUS" = "unavailable" ] || exit 0
+        # decrypt them
+        TRY_COUNT=5
+        while [ $TRY_COUNT -gt 0 ]; do
+	    echo >&2 "Attempting to unlock with clevis-zfs-unlock; ${TRY_COUNT} attempts left..."
+	    clevis-zfs-unlock -d "${ENCRYPTIONROOT}" && break
+            TRY_COUNT=$((TRY_COUNT - 1))
+        done
+    fi
+fi
+
+
+

dracut/60clevis-zfs/module-setup.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+# vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
+#
+# Copyright (c) 2016 Red Hat, Inc.
+# Author: Nathaniel McCallum <npmccallum@redhat.com>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+depends() {
+    # do we have a hard dependency on systemd?
+    echo zfs systemd
+    return 255
+}
+
+install() {
+    inst_multiple \
+        /etc/services \
+        grep sed cut \
+        clevis-decrypt \
+        clevis-zfs-common \
+        clevis-zfs-unlock \
+        clevis-zfs-list \
+        clevis \
+        mktemp \
+        jose
+
+    inst_hook pre-mount 90 "${moddir}/clevis-zfs-hook.sh"
+
+    dracut_need_initqueue
+}