allow the "http" backend for raw encryption key

[oszczech]

Hi!
I wanted to suggest to enable also the HTTP backend for the ZFS keylocation.
This is less interesting for a desktop or notebook, but if the network can be controlled you can for example protect reasonably well your data against theft of the physical system. (ie The http key location will not be available anywhere else)
Since this is already a working part of ZFS, there is networking support in ZFSbootmenu this would be an amazing addition to have it more future complete and to protect a number of headless physical systems. It is also much simpler than having to copy passphrases or need to store them loclally on the system

[zdykstra]

This is part of how ZFS is built. If your local version has it built in, then you're good to build a custom image. The Void package that our pre-built binaries use won't be changing.

[oszczech]

I'd be happy to build it myself, and while the documentations on building the default container is excellent, I have a hard time finding what to edit to enable this feature. This will be somewhere inside of the container that builds ZFS? I'm trying to find a difference on how to build the release and recovery version of the image, but can't find it either :/

I completely understand that you don't want to include features that is requested by a single person. Especially for a default image this would always bloat a project. I just want to leave this here for consideration, maybe I'm not the only stumbling across this missing backend.
Best place I can think would be anyways the recovery image, as it as far as I understand even includes networking and tools.

If you could point me to the right direction on also compiling this feature in I'd be happy to cleanly document the full process in case it works for me

[zdykstra]

The host ZFS kernel modules and tools are installed as-is, they aren't built from scratch each time. If you do a container build you'll need to create a modified ZFS package for Void and then use that in the container in place of the one our build container defaults to.

[ahesford]

Any time you are using esoteric features like keys over HTTP, I recommend you build directly from your host rather than trying to align our build containers with your configuration.