[jackhill/guix/guix.git] / gnu / packages / cryptsetup.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2019–2021 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu packages cryptsetup)
  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (guix build-system gnu)
  #:use-module (guix utils)
  #:use-module (gnu packages)
  #:use-module (gnu packages gnupg)
  #:use-module (gnu packages password-utils)
  #:use-module (gnu packages pkg-config)
  #:use-module (gnu packages popt)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages web))

(define-public cryptsetup
  (package
   (name "cryptsetup")
   (version "2.3.6")
   (source (origin
            (method url-fetch)
            (uri (string-append "mirror://kernel.org/linux/utils/cryptsetup/v"
                                (version-major+minor version)
                                "/cryptsetup-" version ".tar.xz"))
            (sha256
             (base32
              "0pv34l6230ba1i5p0z6zmvfqvv3as0cwn731h2qw4xm53sibg5mj"))))
   (build-system gnu-build-system)
   (arguments
    `(#:configure-flags
      (list
       ;; Argon2 is always enabled, this just selects the (faster) full version.
       "--enable-libargon2"
       ;; The default is OpenSSL which provides better PBKDF performance.
       "--with-crypto_backend=gcrypt"
       ;; GRUB 2.06 supports LUKS2, but does it reliably support all set-ups…?
       "--with-default-luks-format=LUKS1")))
   (native-inputs
    (list pkg-config))
   (inputs
    (list argon2
          json-c
          libgcrypt
          lvm2 ; device-mapper
          popt
          `(,util-linux "lib"))) ;libuuid
   (synopsis "Set up transparent encryption of block devices using dm-crypt")
   (description
    "Cryptsetup is a utility used to conveniently set up disk encryption based
on the @code{dm-crypt} Linux kernel module.  It is most often used to manage
LUKS volumes but also supports plain dm-crypt volumes and loop-AES, TrueCrypt
(including VeraCrypt extension), and BitLocker formats.

@acronym{LUKS, Linux Unified Key Setup} is the standard for hard disk encryption
with the kernel Linux.  It provides a standard on-disk-format compatible amongst
distributions as well as secure management of multiple user passwords.  LUKS
stores all necessary setup information in the partition header to facilitate
data transport and migration.

The package also includes the @command{veritysetup} and @command{integritysetup}
utilities to conveniently configure the @code{dm-verity} and @code{dm-integrity}
block integrity kernel modules.")
   (license license:gpl2)
   (home-page "https://gitlab.com/cryptsetup/cryptsetup")))

(define (static-library library)
  "Return a variant of package LIBRARY that provides static libraries ('.a'
files).  This assumes LIBRARY uses Libtool."
  (package
    (inherit library)
    (name (string-append (package-name library) "-static"))
    (arguments
     (substitute-keyword-arguments (package-arguments library)
       ((#:configure-flags flags ''())
        `(append '("--disable-shared" "--enable-static")
                 ,flags))))))

(define-public cryptsetup-static
  ;; Stripped-down statically-linked 'cryptsetup' command for use in initrds.
  (package
    (inherit cryptsetup)
    (name "cryptsetup-static")
    (arguments
     '(#:configure-flags '("--disable-shared"
                           "--enable-static-cryptsetup"

                           "--disable-veritysetup"
                           "--disable-cryptsetup-reencrypt"
                           "--disable-integritysetup"

                           ;; The default is OpenSSL which provides better PBKDF performance.
                           "--with-crypto_backend=gcrypt"

                           "--disable-blkid"
                           ;; 'libdevmapper.a' pulls in libpthread, libudev and libm.
                           "LIBS=-ludev -pthread -lm")

       #:allowed-references ()                  ;this should be self-contained

       #:modules ((ice-9 ftw)
                  (ice-9 match)
                  (guix build utils)
                  (guix build gnu-build-system))

       #:phases (modify-phases %standard-phases
                  (add-after 'install 'remove-cruft
                    (lambda* (#:key outputs #:allow-other-keys)
                      ;; Remove everything except the 'cryptsetup' command.
                      (let ((out (assoc-ref outputs "out")))
                        (with-directory-excursion out
                          (let ((dirs (scandir "."
                                               (match-lambda
                                                 ((or "." "..") #f)
                                                 (_ #t)))))
                            (for-each delete-file-recursively
                                      (delete "sbin" dirs))
                            (for-each (lambda (file)
                                        (rename-file (string-append file
                                                                    ".static")
                                                     file)
                                        (remove-store-references file))
                                      '("sbin/cryptsetup"))
                            #t))))))))
    (inputs
     (let ((libgcrypt-static
            (package
              (inherit (static-library libgcrypt))
              (propagated-inputs
               `(("libgpg-error-host" ,(static-library libgpg-error)))))))
       `(("json-c" ,json-c-0.13)
         ("libgcrypt" ,libgcrypt-static)
         ("lvm2" ,lvm2-static)
         ("util-linux" ,util-linux "static")
         ("util-linux" ,util-linux "lib")
         ("popt" ,popt))))
    (synopsis "Hard disk encryption tool (statically linked)")))
Commit	Line	Data
e3c5f293 AE	1	;;; GNU Guix --- Functional package management for GNU
e3c5f293 AE	2	;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
106b389e	3	;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
61746650	4	;;; Copyright © 2019–2021 Tobias Geerinckx-Rice <me@tobias.gr>
e3c5f293 AE	5	;;;
	6	;;; This file is part of GNU Guix.
	7	;;;
	8	;;; GNU Guix is free software; you can redistribute it and/or modify it
	9	;;; under the terms of the GNU General Public License as published by
	10	;;; the Free Software Foundation; either version 3 of the License, or (at
	11	;;; your option) any later version.
	12	;;;
	13	;;; GNU Guix is distributed in the hope that it will be useful, but
	14	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	15	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	16	;;; GNU General Public License for more details.
	17	;;;
	18	;;; You should have received a copy of the GNU General Public License
	19	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	20
	21	(define-module (gnu packages cryptsetup)
b5b73a82	22	#:use-module ((guix licenses) #:prefix license:)
e3c5f293 AE	23	#:use-module (guix packages)
	24	#:use-module (guix download)
	25	#:use-module (guix build-system gnu)
491dbac4	26	#:use-module (guix utils)
e3c5f293 AE	27	#:use-module (gnu packages)
e3c5f293 AE	28	#:use-module (gnu packages gnupg)
c11caf20 TGR	29	#:use-module (gnu packages password-utils)
c11caf20 TGR	30	#:use-module (gnu packages pkg-config)
e3c5f293	31	#:use-module (gnu packages popt)
c11caf20 TGR	32	#:use-module (gnu packages linux)
c11caf20 TGR	33	#:use-module (gnu packages web))
e3c5f293 AE	34
	35	(define-public cryptsetup
	36	(package
	37	(name "cryptsetup")
e9cbb97a	38	(version "2.3.6")
e3c5f293 AE	39	(source (origin
e3c5f293 AE	40	(method url-fetch)
491dbac4 LF	41	(uri (string-append "mirror://kernel.org/linux/utils/cryptsetup/v"
491dbac4 LF	42	(version-major+minor version)
d5e445e1	43	"/cryptsetup-" version ".tar.xz"))
e3c5f293 AE	44	(sha256
e3c5f293 AE	45	(base32
e9cbb97a	46	"0pv34l6230ba1i5p0z6zmvfqvv3as0cwn731h2qw4xm53sibg5mj"))))
e3c5f293	47	(build-system gnu-build-system)
c11caf20 TGR	48	(arguments
	49	`(#:configure-flags
	50	(list
	51	;; Argon2 is always enabled, this just selects the (faster) full version.
	52	"--enable-libargon2"
	53	;; The default is OpenSSL which provides better PBKDF performance.
	54	"--with-crypto_backend=gcrypt"
9c441cf3	55	;; GRUB 2.06 supports LUKS2, but does it reliably support all set-ups…?
c11caf20	56	"--with-default-luks-format=LUKS1")))
c4c4cc05	57	(native-inputs
8394619b	58	(list pkg-config))
c11caf20	59	(inputs
8394619b LC	60	(list argon2
	61	json-c
	62	libgcrypt
	63	lvm2 ; device-mapper
	64	popt
	65	`(,util-linux "lib"))) ;libuuid
bf2a3616	66	(synopsis "Set up transparent encryption of block devices using dm-crypt")
e3c5f293	67	(description
bf2a3616 TGR	68	"Cryptsetup is a utility used to conveniently set up disk encryption based
	69	on the @code{dm-crypt} Linux kernel module. It is most often used to manage
	70	LUKS volumes but also supports plain dm-crypt volumes and loop-AES, TrueCrypt
	71	(including VeraCrypt extension), and BitLocker formats.
	72
	73	@acronym{LUKS, Linux Unified Key Setup} is the standard for hard disk encryption
	74	with the kernel Linux. It provides a standard on-disk-format compatible amongst
	75	distributions as well as secure management of multiple user passwords. LUKS
	76	stores all necessary setup information in the partition header to facilitate
	77	data transport and migration.
	78
	79	The package also includes the @command{veritysetup} and @command{integritysetup}
	80	utilities to conveniently configure the @code{dm-verity} and @code{dm-integrity}
	81	block integrity kernel modules.")
e3c5f293	82	(license license:gpl2)
491dbac4	83	(home-page "https://gitlab.com/cryptsetup/cryptsetup")))
106b389e LC	84
	85	(define (static-library library)
	86	"Return a variant of package LIBRARY that provides static libraries ('.a'
	87	files). This assumes LIBRARY uses Libtool."
	88	(package
	89	(inherit library)
	90	(name (string-append (package-name library) "-static"))
	91	(arguments
	92	(substitute-keyword-arguments (package-arguments library)
	93	((#:configure-flags flags ''())
	94	`(append '("--disable-shared" "--enable-static")
	95	,flags))))))
	96
	97	(define-public cryptsetup-static
	98	;; Stripped-down statically-linked 'cryptsetup' command for use in initrds.
	99	(package
	100	(inherit cryptsetup)
	101	(name "cryptsetup-static")
	102	(arguments
	103	'(#:configure-flags '("--disable-shared"
	104	"--enable-static-cryptsetup"
	105
b5c84b8a	106	"--disable-veritysetup"
c11caf20 TGR	107	"--disable-cryptsetup-reencrypt"
	108	"--disable-integritysetup"
	109
	110	;; The default is OpenSSL which provides better PBKDF performance.
	111	"--with-crypto_backend=gcrypt"
b5c84b8a	112
c11caf20	113	"--disable-blkid"
2253477e MB	114	;; 'libdevmapper.a' pulls in libpthread, libudev and libm.
2253477e MB	115	"LIBS=-ludev -pthread -lm")
106b389e LC	116
	117	#:allowed-references () ;this should be self-contained
	118
	119	#:modules ((ice-9 ftw)
	120	(ice-9 match)
	121	(guix build utils)
	122	(guix build gnu-build-system))
	123
	124	#:phases (modify-phases %standard-phases
	125	(add-after 'install 'remove-cruft
	126	(lambda* (#:key outputs #:allow-other-keys)
b5c84b8a	127	;; Remove everything except the 'cryptsetup' command.
106b389e LC	128	(let ((out (assoc-ref outputs "out")))
	129	(with-directory-excursion out
	130	(let ((dirs (scandir "."
	131	(match-lambda
	132	((or "." "..") #f)
	133	(_ #t)))))
	134	(for-each delete-file-recursively
	135	(delete "sbin" dirs))
	136	(for-each (lambda (file)
	137	(rename-file (string-append file
	138	".static")
	139	file)
	140	(remove-store-references file))
b5c84b8a	141	'("sbin/cryptsetup"))
106b389e LC	142	#t))))))))
	143	(inputs
	144	(let ((libgcrypt-static
	145	(package
	146	(inherit (static-library libgcrypt))
	147	(propagated-inputs
	148	`(("libgpg-error-host" ,(static-library libgpg-error)))))))
beec29da	149	`(("json-c" ,json-c-0.13)
c11caf20	150	("libgcrypt" ,libgcrypt-static)
106b389e LC	151	("lvm2" ,lvm2-static)
106b389e LC	152	("util-linux" ,util-linux "static")
bb93042c	153	("util-linux" ,util-linux "lib")
106b389e LC	154	("popt" ,popt))))
106b389e LC	155	(synopsis "Hard disk encryption tool (statically linked)")))