[jackhill/guix/guix.git] / gnu / packages / cryptsetup.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2019–2021 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu packages cryptsetup)
  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (guix build-system gnu)
  #:use-module (guix utils)
  #:use-module (gnu packages)
  #:use-module (gnu packages gnupg)
  #:use-module (gnu packages password-utils)
  #:use-module (gnu packages pkg-config)
  #:use-module (gnu packages popt)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages web))

(define-public cryptsetup
  (package
   (name "cryptsetup")
   (version "2.3.5")
   (source (origin
            (method url-fetch)
            (uri (string-append "mirror://kernel.org/linux/utils/cryptsetup/v"
                                (version-major+minor version)
                                "/cryptsetup-" version ".tar.xz"))
            (sha256
             (base32
              "1hbhzlv4vbib1da20vnrqaikhxi7ljnchbzrv8v2a4sd8ipr9nff"))))
   (build-system gnu-build-system)
   (arguments
    `(#:configure-flags
      (list
       ;; Argon2 is always enabled, this just selects the (faster) full version.
       "--enable-libargon2"
       ;; The default is OpenSSL which provides better PBKDF performance.
       "--with-crypto_backend=gcrypt"
       ;; GRUB as of 2.04 still can't read LUKS2 containers.
       "--with-default-luks-format=LUKS1")))
   (native-inputs
    `(("pkg-config" ,pkg-config)))
   (inputs
    `(("argon2" ,argon2)
      ("json-c" ,json-c)
      ("libgcrypt" ,libgcrypt)
      ("lvm2" ,lvm2)                    ; device-mapper
      ("popt" ,popt)
      ("util-linux" ,util-linux "lib"))) ;libuuid
   (synopsis "Hard disk encryption tool")
   (description
    "LUKS (Linux Unified Key Setup)/Cryptsetup provides a standard on-disk
encryption format, which does not only facilitate compatibility among
distributions, but which also provides secure management of multiple user
passwords.  In contrast to existing solutions, LUKS stores all setup necessary
setup information in the partition header, enabling the users to transport
or migrate their data seamlessly.")
   (license license:gpl2)
   (home-page "https://gitlab.com/cryptsetup/cryptsetup")))

(define (static-library library)
  "Return a variant of package LIBRARY that provides static libraries ('.a'
files).  This assumes LIBRARY uses Libtool."
  (package
    (inherit library)
    (name (string-append (package-name library) "-static"))
    (arguments
     (substitute-keyword-arguments (package-arguments library)
       ((#:configure-flags flags ''())
        `(append '("--disable-shared" "--enable-static")
                 ,flags))))))

(define-public cryptsetup-static
  ;; Stripped-down statically-linked 'cryptsetup' command for use in initrds.
  (package
    (inherit cryptsetup)
    (name "cryptsetup-static")
    (arguments
     '(#:configure-flags '("--disable-shared"
                           "--enable-static-cryptsetup"

                           "--disable-veritysetup"
                           "--disable-cryptsetup-reencrypt"
                           "--disable-integritysetup"

                           ;; The default is OpenSSL which provides better PBKDF performance.
                           "--with-crypto_backend=gcrypt"

                           "--disable-blkid"
                           ;; 'libdevmapper.a' pulls in libpthread, libudev and libm.
                           "LIBS=-ludev -pthread -lm")

       #:allowed-references ()                  ;this should be self-contained

       #:modules ((ice-9 ftw)
                  (ice-9 match)
                  (guix build utils)
                  (guix build gnu-build-system))

       #:phases (modify-phases %standard-phases
                  (add-after 'install 'remove-cruft
                    (lambda* (#:key outputs #:allow-other-keys)
                      ;; Remove everything except the 'cryptsetup' command.
                      (let ((out (assoc-ref outputs "out")))
                        (with-directory-excursion out
                          (let ((dirs (scandir "."
                                               (match-lambda
                                                 ((or "." "..") #f)
                                                 (_ #t)))))
                            (for-each delete-file-recursively
                                      (delete "sbin" dirs))
                            (for-each (lambda (file)
                                        (rename-file (string-append file
                                                                    ".static")
                                                     file)
                                        (remove-store-references file))
                                      '("sbin/cryptsetup"))
                            #t))))))))
    (inputs
     (let ((libgcrypt-static
            (package
              (inherit (static-library libgcrypt))
              (propagated-inputs
               `(("libgpg-error-host" ,(static-library libgpg-error)))))))
       `(("json-c" ,json-c-0.13)
         ("libgcrypt" ,libgcrypt-static)
         ("lvm2" ,lvm2-static)
         ("util-linux" ,util-linux "static")
         ("util-linux" ,util-linux "lib")
         ("popt" ,popt))))
    (synopsis "Hard disk encryption tool (statically linked)")))
Commit	Line	Data
e3c5f293 AE	1	;;; GNU Guix --- Functional package management for GNU
e3c5f293 AE	2	;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
106b389e	3	;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
61746650	4	;;; Copyright © 2019–2021 Tobias Geerinckx-Rice <me@tobias.gr>
e3c5f293 AE	5	;;;
	6	;;; This file is part of GNU Guix.
	7	;;;
	8	;;; GNU Guix is free software; you can redistribute it and/or modify it
	9	;;; under the terms of the GNU General Public License as published by
	10	;;; the Free Software Foundation; either version 3 of the License, or (at
	11	;;; your option) any later version.
	12	;;;
	13	;;; GNU Guix is distributed in the hope that it will be useful, but
	14	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	15	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	16	;;; GNU General Public License for more details.
	17	;;;
	18	;;; You should have received a copy of the GNU General Public License
	19	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	20
	21	(define-module (gnu packages cryptsetup)
b5b73a82	22	#:use-module ((guix licenses) #:prefix license:)
e3c5f293 AE	23	#:use-module (guix packages)
	24	#:use-module (guix download)
	25	#:use-module (guix build-system gnu)
491dbac4	26	#:use-module (guix utils)
e3c5f293 AE	27	#:use-module (gnu packages)
e3c5f293 AE	28	#:use-module (gnu packages gnupg)
c11caf20 TGR	29	#:use-module (gnu packages password-utils)
c11caf20 TGR	30	#:use-module (gnu packages pkg-config)
e3c5f293	31	#:use-module (gnu packages popt)
c11caf20 TGR	32	#:use-module (gnu packages linux)
c11caf20 TGR	33	#:use-module (gnu packages web))
e3c5f293 AE	34
	35	(define-public cryptsetup
	36	(package
	37	(name "cryptsetup")
61746650	38	(version "2.3.5")
e3c5f293 AE	39	(source (origin
e3c5f293 AE	40	(method url-fetch)
491dbac4 LF	41	(uri (string-append "mirror://kernel.org/linux/utils/cryptsetup/v"
491dbac4 LF	42	(version-major+minor version)
d5e445e1	43	"/cryptsetup-" version ".tar.xz"))
e3c5f293 AE	44	(sha256
e3c5f293 AE	45	(base32
61746650	46	"1hbhzlv4vbib1da20vnrqaikhxi7ljnchbzrv8v2a4sd8ipr9nff"))))
e3c5f293	47	(build-system gnu-build-system)
c11caf20 TGR	48	(arguments
	49	`(#:configure-flags
	50	(list
	51	;; Argon2 is always enabled, this just selects the (faster) full version.
	52	"--enable-libargon2"
	53	;; The default is OpenSSL which provides better PBKDF performance.
	54	"--with-crypto_backend=gcrypt"
	55	;; GRUB as of 2.04 still can't read LUKS2 containers.
	56	"--with-default-luks-format=LUKS1")))
c4c4cc05	57	(native-inputs
c11caf20 TGR	58	`(("pkg-config" ,pkg-config)))
	59	(inputs
	60	`(("argon2" ,argon2)
b324c5b2	61	("json-c" ,json-c)
c11caf20 TGR	62	("libgcrypt" ,libgcrypt)
	63	("lvm2" ,lvm2) ; device-mapper
	64	("popt" ,popt)
bb93042c	65	("util-linux" ,util-linux "lib"))) ;libuuid
35b9e423	66	(synopsis "Hard disk encryption tool")
e3c5f293 AE	67	(description
	68	"LUKS (Linux Unified Key Setup)/Cryptsetup provides a standard on-disk
	69	encryption format, which does not only facilitate compatibility among
	70	distributions, but which also provides secure management of multiple user
35b9e423	71	passwords. In contrast to existing solutions, LUKS stores all setup necessary
e3c5f293 AE	72	setup information in the partition header, enabling the users to transport
	73	or migrate their data seamlessly.")
	74	(license license:gpl2)
491dbac4	75	(home-page "https://gitlab.com/cryptsetup/cryptsetup")))
106b389e LC	76
	77	(define (static-library library)
	78	"Return a variant of package LIBRARY that provides static libraries ('.a'
	79	files). This assumes LIBRARY uses Libtool."
	80	(package
	81	(inherit library)
	82	(name (string-append (package-name library) "-static"))
	83	(arguments
	84	(substitute-keyword-arguments (package-arguments library)
	85	((#:configure-flags flags ''())
	86	`(append '("--disable-shared" "--enable-static")
	87	,flags))))))
	88
	89	(define-public cryptsetup-static
	90	;; Stripped-down statically-linked 'cryptsetup' command for use in initrds.
	91	(package
	92	(inherit cryptsetup)
	93	(name "cryptsetup-static")
	94	(arguments
	95	'(#:configure-flags '("--disable-shared"
	96	"--enable-static-cryptsetup"
	97
b5c84b8a	98	"--disable-veritysetup"
c11caf20 TGR	99	"--disable-cryptsetup-reencrypt"
	100	"--disable-integritysetup"
	101
	102	;; The default is OpenSSL which provides better PBKDF performance.
	103	"--with-crypto_backend=gcrypt"
b5c84b8a	104
c11caf20	105	"--disable-blkid"
2253477e MB	106	;; 'libdevmapper.a' pulls in libpthread, libudev and libm.
2253477e MB	107	"LIBS=-ludev -pthread -lm")
106b389e LC	108
	109	#:allowed-references () ;this should be self-contained
	110
	111	#:modules ((ice-9 ftw)
	112	(ice-9 match)
	113	(guix build utils)
	114	(guix build gnu-build-system))
	115
	116	#:phases (modify-phases %standard-phases
	117	(add-after 'install 'remove-cruft
	118	(lambda* (#:key outputs #:allow-other-keys)
b5c84b8a	119	;; Remove everything except the 'cryptsetup' command.
106b389e LC	120	(let ((out (assoc-ref outputs "out")))
	121	(with-directory-excursion out
	122	(let ((dirs (scandir "."
	123	(match-lambda
	124	((or "." "..") #f)
	125	(_ #t)))))
	126	(for-each delete-file-recursively
	127	(delete "sbin" dirs))
	128	(for-each (lambda (file)
	129	(rename-file (string-append file
	130	".static")
	131	file)
	132	(remove-store-references file))
b5c84b8a	133	'("sbin/cryptsetup"))
106b389e LC	134	#t))))))))
	135	(inputs
	136	(let ((libgcrypt-static
	137	(package
	138	(inherit (static-library libgcrypt))
	139	(propagated-inputs
	140	`(("libgpg-error-host" ,(static-library libgpg-error)))))))
beec29da	141	`(("json-c" ,json-c-0.13)
c11caf20	142	("libgcrypt" ,libgcrypt-static)
106b389e LC	143	("lvm2" ,lvm2-static)
106b389e LC	144	("util-linux" ,util-linux "static")
bb93042c	145	("util-linux" ,util-linux "lib")
106b389e LC	146	("popt" ,popt))))
106b389e LC	147	(synopsis "Hard disk encryption tool (statically linked)")))