gnu/packages/cryptsetup.scm

   1 ;;; GNU Guix --- Functional package management for GNU
   2 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
   3 ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
   4 ;;; Copyright © 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
   5 ;;;
   6 ;;; This file is part of GNU Guix.
   7 ;;;
   8 ;;; GNU Guix is free software; you can redistribute it and/or modify it
   9 ;;; under the terms of the GNU General Public License as published by
  10 ;;; the Free Software Foundation; either version 3 of the License, or (at
  11 ;;; your option) any later version.
  12 ;;;
  13 ;;; GNU Guix is distributed in the hope that it will be useful, but
  14 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
  15 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16 ;;; GNU General Public License for more details.
  17 ;;;
  18 ;;; You should have received a copy of the GNU General Public License
  19 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
  20
  21 (define-module (gnu packages cryptsetup)
  22   #:use-module ((guix licenses) #:prefix license:)
  23   #:use-module (guix packages)
  24   #:use-module (guix download)
  25   #:use-module (guix build-system gnu)
  26   #:use-module (guix utils)
  27   #:use-module (gnu packages)
  28   #:use-module (gnu packages gnupg)
  29   #:use-module (gnu packages password-utils)
  30   #:use-module (gnu packages pkg-config)
  31   #:use-module (gnu packages popt)
  32   #:use-module (gnu packages linux)
  33   #:use-module (gnu packages web))
  34
  35 (define-public cryptsetup
  36   (package
  37    (name "cryptsetup")
  38    (version "2.3.4")
  39    (source (origin
  40             (method url-fetch)
  41             (uri (string-append "mirror://kernel.org/linux/utils/cryptsetup/v"
  42                                 (version-major+minor version)
  43                                 "/cryptsetup-" version ".tar.xz"))
  44             (sha256
  45              (base32
  46               "0wrpz2fzbsszmsgxxbssxjgylpyiindh24z8g13m2fxmjsxyw5lx"))))
  47    (build-system gnu-build-system)
  48    (arguments
  49     `(#:configure-flags
  50       (list
  51        ;; Argon2 is always enabled, this just selects the (faster) full version.
  52        "--enable-libargon2"
  53        ;; The default is OpenSSL which provides better PBKDF performance.
  54        "--with-crypto_backend=gcrypt"
  55        ;; GRUB as of 2.04 still can't read LUKS2 containers.
  56        "--with-default-luks-format=LUKS1")))
  57    (native-inputs
  58     `(("pkg-config" ,pkg-config)))
  59    (inputs
  60     `(("argon2" ,argon2)
  61       ("json-c" ,json-c)
  62       ("libgcrypt" ,libgcrypt)
  63       ("lvm2" ,lvm2)                    ; device-mapper
  64       ("popt" ,popt)
  65       ("util-linux" ,util-linux "lib"))) ;libuuid
  66    (synopsis "Hard disk encryption tool")
  67    (description
  68     "LUKS (Linux Unified Key Setup)/Cryptsetup provides a standard on-disk
  69 encryption format, which does not only facilitate compatibility among
  70 distributions, but which also provides secure management of multiple user
  71 passwords.  In contrast to existing solutions, LUKS stores all setup necessary
  72 setup information in the partition header, enabling the users to transport
  73 or migrate their data seamlessly.")
  74    (license license:gpl2)
  75    (home-page "https://gitlab.com/cryptsetup/cryptsetup")))
  76
  77 (define (static-library library)
  78   "Return a variant of package LIBRARY that provides static libraries ('.a'
  79 files).  This assumes LIBRARY uses Libtool."
  80   (package
  81     (inherit library)
  82     (name (string-append (package-name library) "-static"))
  83     (arguments
  84      (substitute-keyword-arguments (package-arguments library)
  85        ((#:configure-flags flags ''())
  86         `(append '("--disable-shared" "--enable-static")
  87                  ,flags))))))
  88
  89 (define-public cryptsetup-static
  90   ;; Stripped-down statically-linked 'cryptsetup' command for use in initrds.
  91   (package
  92     (inherit cryptsetup)
  93     (name "cryptsetup-static")
  94     (arguments
  95      '(#:configure-flags '("--disable-shared"
  96                            "--enable-static-cryptsetup"
  97
  98                            "--disable-veritysetup"
  99                            "--disable-cryptsetup-reencrypt"
 100                            "--disable-integritysetup"
 101
 102                            ;; The default is OpenSSL which provides better PBKDF performance.
 103                            "--with-crypto_backend=gcrypt"
 104
 105                            "--disable-blkid"
 106                            ;; 'libdevmapper.a' pulls in libpthread, libudev and libm.
 107                            "LIBS=-ludev -pthread -lm")
 108
 109        #:allowed-references ()                  ;this should be self-contained
 110
 111        #:modules ((ice-9 ftw)
 112                   (ice-9 match)
 113                   (guix build utils)
 114                   (guix build gnu-build-system))
 115
 116        #:phases (modify-phases %standard-phases
 117                   (add-after 'install 'remove-cruft
 118                     (lambda* (#:key outputs #:allow-other-keys)
 119                       ;; Remove everything except the 'cryptsetup' command.
 120                       (let ((out (assoc-ref outputs "out")))
 121                         (with-directory-excursion out
 122                           (let ((dirs (scandir "."
 123                                                (match-lambda
 124                                                  ((or "." "..") #f)
 125                                                  (_ #t)))))
 126                             (for-each delete-file-recursively
 127                                       (delete "sbin" dirs))
 128                             (for-each (lambda (file)
 129                                         (rename-file (string-append file
 130                                                                     ".static")
 131                                                      file)
 132                                         (remove-store-references file))
 133                                       '("sbin/cryptsetup"))
 134                             #t))))))))
 135     (inputs
 136      (let ((libgcrypt-static
 137             (package
 138               (inherit (static-library libgcrypt))
 139               (propagated-inputs
 140                `(("libgpg-error-host" ,(static-library libgpg-error)))))))
 141        `(("json-c" ,json-c-0.13)
 142          ("libgcrypt" ,libgcrypt-static)
 143          ("lvm2" ,lvm2-static)
 144          ("util-linux" ,util-linux "static")
 145          ("util-linux" ,util-linux "lib")
 146          ("popt" ,popt))))
 147     (synopsis "Hard disk encryption tool (statically linked)")))