From dbd13627a96a6d25d3bc8dcb1f479171a77cd2c2 Mon Sep 17 00:00:00 2001
From: tschettervictor <85497460+tschettervictor@users.noreply.github.com>
Date: Tue, 25 Feb 2025 15:37:44 -0700
Subject: [PATCH] create: Send without -R for encrypted bastilleroot

---
 usr/local/share/bastille/create.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh
index e0c7ef21..4bc8b2b1 100644
--- a/usr/local/share/bastille/create.sh
+++ b/usr/local/share/bastille/create.sh
@@ -453,6 +453,12 @@ create_jail() {
 
                         ## sane bastille zfs options
                         ZFS_OPTIONS=$(echo ${bastille_zfs_options} | sed 's/-o//g')
+			## send without -R if encryption is enabled
+                        if [ $(zfs get -H -o value encryption "${bastille_zfs_zpool}/${bastille_zfs_prefix}") = "off" ]; then
+			    OPT_SEND="-R"
+                        else
+			    OPT_SEND=""
+                        fi
 
                         ## take a temp snapshot of the base release
                         SNAP_NAME="bastille-$(date +%Y-%m-%d-%H%M%S)"
@@ -461,7 +467,7 @@ create_jail() {
 
                         ## replicate the release base to the new thickjail and set the default mountpoint
 						# shellcheck disable=SC2140
-                        zfs send -R "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE}"@"${SNAP_NAME}" | \
+                        zfs send ${OPT_SEND} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE}"@"${SNAP_NAME}" | \
                         zfs receive "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}/root"
                         zfs set ${ZFS_OPTIONS} mountpoint=none "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}/root"
                         zfs inherit mountpoint "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}/root"