Commit | Line | Data |
---|---|---|
e3c5f293 AE |
1 | ;;; GNU Guix --- Functional package management for GNU |
2 | ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr> | |
106b389e | 3 | ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org> |
61746650 | 4 | ;;; Copyright © 2019–2021 Tobias Geerinckx-Rice <me@tobias.gr> |
e3c5f293 AE |
5 | ;;; |
6 | ;;; This file is part of GNU Guix. | |
7 | ;;; | |
8 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
9 | ;;; under the terms of the GNU General Public License as published by | |
10 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
11 | ;;; your option) any later version. | |
12 | ;;; | |
13 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
14 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 | ;;; GNU General Public License for more details. | |
17 | ;;; | |
18 | ;;; You should have received a copy of the GNU General Public License | |
19 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
20 | ||
21 | (define-module (gnu packages cryptsetup) | |
b5b73a82 | 22 | #:use-module ((guix licenses) #:prefix license:) |
e3c5f293 AE |
23 | #:use-module (guix packages) |
24 | #:use-module (guix download) | |
25 | #:use-module (guix build-system gnu) | |
491dbac4 | 26 | #:use-module (guix utils) |
e3c5f293 AE |
27 | #:use-module (gnu packages) |
28 | #:use-module (gnu packages gnupg) | |
c11caf20 TGR |
29 | #:use-module (gnu packages password-utils) |
30 | #:use-module (gnu packages pkg-config) | |
e3c5f293 | 31 | #:use-module (gnu packages popt) |
c11caf20 TGR |
32 | #:use-module (gnu packages linux) |
33 | #:use-module (gnu packages web)) | |
e3c5f293 AE |
34 | |
35 | (define-public cryptsetup | |
36 | (package | |
37 | (name "cryptsetup") | |
e9cbb97a | 38 | (version "2.3.6") |
e3c5f293 AE |
39 | (source (origin |
40 | (method url-fetch) | |
491dbac4 LF |
41 | (uri (string-append "mirror://kernel.org/linux/utils/cryptsetup/v" |
42 | (version-major+minor version) | |
d5e445e1 | 43 | "/cryptsetup-" version ".tar.xz")) |
e3c5f293 AE |
44 | (sha256 |
45 | (base32 | |
e9cbb97a | 46 | "0pv34l6230ba1i5p0z6zmvfqvv3as0cwn731h2qw4xm53sibg5mj")))) |
e3c5f293 | 47 | (build-system gnu-build-system) |
c11caf20 TGR |
48 | (arguments |
49 | `(#:configure-flags | |
50 | (list | |
51 | ;; Argon2 is always enabled, this just selects the (faster) full version. | |
52 | "--enable-libargon2" | |
53 | ;; The default is OpenSSL which provides better PBKDF performance. | |
54 | "--with-crypto_backend=gcrypt" | |
9c441cf3 | 55 | ;; GRUB 2.06 supports LUKS2, but does it reliably support all set-ups…? |
c11caf20 | 56 | "--with-default-luks-format=LUKS1"))) |
c4c4cc05 | 57 | (native-inputs |
8394619b | 58 | (list pkg-config)) |
c11caf20 | 59 | (inputs |
8394619b LC |
60 | (list argon2 |
61 | json-c | |
62 | libgcrypt | |
63 | lvm2 ; device-mapper | |
64 | popt | |
65 | `(,util-linux "lib"))) ;libuuid | |
bf2a3616 | 66 | (synopsis "Set up transparent encryption of block devices using dm-crypt") |
e3c5f293 | 67 | (description |
bf2a3616 TGR |
68 | "Cryptsetup is a utility used to conveniently set up disk encryption based |
69 | on the @code{dm-crypt} Linux kernel module. It is most often used to manage | |
70 | LUKS volumes but also supports plain dm-crypt volumes and loop-AES, TrueCrypt | |
71 | (including VeraCrypt extension), and BitLocker formats. | |
72 | ||
73 | @acronym{LUKS, Linux Unified Key Setup} is the standard for hard disk encryption | |
74 | with the kernel Linux. It provides a standard on-disk-format compatible amongst | |
75 | distributions as well as secure management of multiple user passwords. LUKS | |
76 | stores all necessary setup information in the partition header to facilitate | |
77 | data transport and migration. | |
78 | ||
79 | The package also includes the @command{veritysetup} and @command{integritysetup} | |
80 | utilities to conveniently configure the @code{dm-verity} and @code{dm-integrity} | |
81 | block integrity kernel modules.") | |
e3c5f293 | 82 | (license license:gpl2) |
491dbac4 | 83 | (home-page "https://gitlab.com/cryptsetup/cryptsetup"))) |
106b389e LC |
84 | |
85 | (define (static-library library) | |
86 | "Return a variant of package LIBRARY that provides static libraries ('.a' | |
87 | files). This assumes LIBRARY uses Libtool." | |
88 | (package | |
89 | (inherit library) | |
90 | (name (string-append (package-name library) "-static")) | |
91 | (arguments | |
92 | (substitute-keyword-arguments (package-arguments library) | |
93 | ((#:configure-flags flags ''()) | |
94 | `(append '("--disable-shared" "--enable-static") | |
95 | ,flags)))))) | |
96 | ||
97 | (define-public cryptsetup-static | |
98 | ;; Stripped-down statically-linked 'cryptsetup' command for use in initrds. | |
99 | (package | |
100 | (inherit cryptsetup) | |
101 | (name "cryptsetup-static") | |
102 | (arguments | |
103 | '(#:configure-flags '("--disable-shared" | |
104 | "--enable-static-cryptsetup" | |
105 | ||
b5c84b8a | 106 | "--disable-veritysetup" |
c11caf20 TGR |
107 | "--disable-cryptsetup-reencrypt" |
108 | "--disable-integritysetup" | |
109 | ||
110 | ;; The default is OpenSSL which provides better PBKDF performance. | |
111 | "--with-crypto_backend=gcrypt" | |
b5c84b8a | 112 | |
c11caf20 | 113 | "--disable-blkid" |
2253477e MB |
114 | ;; 'libdevmapper.a' pulls in libpthread, libudev and libm. |
115 | "LIBS=-ludev -pthread -lm") | |
106b389e LC |
116 | |
117 | #:allowed-references () ;this should be self-contained | |
118 | ||
119 | #:modules ((ice-9 ftw) | |
120 | (ice-9 match) | |
121 | (guix build utils) | |
122 | (guix build gnu-build-system)) | |
123 | ||
124 | #:phases (modify-phases %standard-phases | |
125 | (add-after 'install 'remove-cruft | |
126 | (lambda* (#:key outputs #:allow-other-keys) | |
b5c84b8a | 127 | ;; Remove everything except the 'cryptsetup' command. |
106b389e LC |
128 | (let ((out (assoc-ref outputs "out"))) |
129 | (with-directory-excursion out | |
130 | (let ((dirs (scandir "." | |
131 | (match-lambda | |
132 | ((or "." "..") #f) | |
133 | (_ #t))))) | |
134 | (for-each delete-file-recursively | |
135 | (delete "sbin" dirs)) | |
136 | (for-each (lambda (file) | |
137 | (rename-file (string-append file | |
138 | ".static") | |
139 | file) | |
140 | (remove-store-references file)) | |
b5c84b8a | 141 | '("sbin/cryptsetup")) |
106b389e LC |
142 | #t)))))))) |
143 | (inputs | |
144 | (let ((libgcrypt-static | |
145 | (package | |
146 | (inherit (static-library libgcrypt)) | |
147 | (propagated-inputs | |
148 | `(("libgpg-error-host" ,(static-library libgpg-error))))))) | |
beec29da | 149 | `(("json-c" ,json-c-0.13) |
c11caf20 | 150 | ("libgcrypt" ,libgcrypt-static) |
106b389e LC |
151 | ("lvm2" ,lvm2-static) |
152 | ("util-linux" ,util-linux "static") | |
bb93042c | 153 | ("util-linux" ,util-linux "lib") |
106b389e LC |
154 | ("popt" ,popt)))) |
155 | (synopsis "Hard disk encryption tool (statically linked)"))) |