me
/
guix
Archived
1
0
Fork 0
This repository has been archived on 2024-08-07. You can view files and clone it, but cannot push or open issues/pull-requests.
guix/gnu/packages/cryptsetup.scm

148 lines
6.1 KiB
Scheme

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2019 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu packages cryptsetup)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix build-system gnu)
#:use-module (guix utils)
#:use-module (gnu packages)
#:use-module (gnu packages gnupg)
#:use-module (gnu packages password-utils)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages popt)
#:use-module (gnu packages linux)
#:use-module (gnu packages web))
(define-public cryptsetup
(package
(name "cryptsetup")
(version "2.3.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://kernel.org/linux/utils/cryptsetup/v"
(version-major+minor version)
"/cryptsetup-" version ".tar.xz"))
(sha256
(base32
"1lp7kwakm3ssp8ww1y33plvfmpas5krf14pdz91p1kx2b7as9awj"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
(list
;; Argon2 is always enabled, this just selects the (faster) full version.
"--enable-libargon2"
;; The default is OpenSSL which provides better PBKDF performance.
"--with-crypto_backend=gcrypt"
;; GRUB as of 2.04 still can't read LUKS2 containers.
"--with-default-luks-format=LUKS1")))
(native-inputs
`(("pkg-config" ,pkg-config)))
(inputs
`(("argon2" ,argon2)
("json-c" ,json-c-0.13) ;XXX update this for cryptsetup >= 2.3
("libgcrypt" ,libgcrypt)
("lvm2" ,lvm2) ; device-mapper
("popt" ,popt)
("util-linux" ,util-linux "lib"))) ;libuuid
(synopsis "Hard disk encryption tool")
(description
"LUKS (Linux Unified Key Setup)/Cryptsetup provides a standard on-disk
encryption format, which does not only facilitate compatibility among
distributions, but which also provides secure management of multiple user
passwords. In contrast to existing solutions, LUKS stores all setup necessary
setup information in the partition header, enabling the users to transport
or migrate their data seamlessly.")
(license license:gpl2)
(home-page "https://gitlab.com/cryptsetup/cryptsetup")))
(define (static-library library)
"Return a variant of package LIBRARY that provides static libraries ('.a'
files). This assumes LIBRARY uses Libtool."
(package
(inherit library)
(name (string-append (package-name library) "-static"))
(arguments
(substitute-keyword-arguments (package-arguments library)
((#:configure-flags flags ''())
`(append '("--disable-shared" "--enable-static")
,flags))))))
(define-public cryptsetup-static
;; Stripped-down statically-linked 'cryptsetup' command for use in initrds.
(package
(inherit cryptsetup)
(name "cryptsetup-static")
(arguments
'(#:configure-flags '("--disable-shared"
"--enable-static-cryptsetup"
"--disable-veritysetup"
"--disable-cryptsetup-reencrypt"
"--disable-integritysetup"
;; The default is OpenSSL which provides better PBKDF performance.
"--with-crypto_backend=gcrypt"
"--disable-blkid"
;; 'libdevmapper.a' pulls in libpthread, libudev and libm.
"LIBS=-ludev -pthread -lm")
#:allowed-references () ;this should be self-contained
#:modules ((ice-9 ftw)
(ice-9 match)
(guix build utils)
(guix build gnu-build-system))
#:phases (modify-phases %standard-phases
(add-after 'install 'remove-cruft
(lambda* (#:key outputs #:allow-other-keys)
;; Remove everything except the 'cryptsetup' command.
(let ((out (assoc-ref outputs "out")))
(with-directory-excursion out
(let ((dirs (scandir "."
(match-lambda
((or "." "..") #f)
(_ #t)))))
(for-each delete-file-recursively
(delete "sbin" dirs))
(for-each (lambda (file)
(rename-file (string-append file
".static")
file)
(remove-store-references file))
'("sbin/cryptsetup"))
#t))))))))
(inputs
(let ((libgcrypt-static
(package
(inherit (static-library libgcrypt))
(propagated-inputs
`(("libgpg-error-host" ,(static-library libgpg-error)))))))
`(("json-c" ,json-c-0.13)
("libgcrypt" ,libgcrypt-static)
("lvm2" ,lvm2-static)
("util-linux" ,util-linux "static")
("util-linux" ,util-linux "lib")
("popt" ,popt))))
(synopsis "Hard disk encryption tool (statically linked)")))