X-Git-Url: https://git.hcoop.net/jackhill/guix/guix.git/blobdiff_plain/ae836e513e366744aa57fcb0104ffc95e47080ad..44d66cf764df1a5f92e32c101bc88b20b8ac96b1:/gnu/packages/cryptsetup.scm diff --git a/gnu/packages/cryptsetup.scm b/gnu/packages/cryptsetup.scm index 9df26edc77..57333ea13d 100644 --- a/gnu/packages/cryptsetup.scm +++ b/gnu/packages/cryptsetup.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013 Andreas Enge ;;; Copyright © 2016 Ludovic Courtès +;;; Copyright © 2019 Tobias Geerinckx-Rice ;;; ;;; This file is part of GNU Guix. ;;; @@ -25,30 +26,43 @@ #:use-module (guix utils) #:use-module (gnu packages) #:use-module (gnu packages gnupg) + #:use-module (gnu packages password-utils) + #:use-module (gnu packages pkg-config) #:use-module (gnu packages popt) - #:use-module (gnu packages python) - #:use-module (gnu packages linux)) + #:use-module (gnu packages linux) + #:use-module (gnu packages web)) (define-public cryptsetup (package (name "cryptsetup") - (version "1.7.5") + (version "2.3.3") (source (origin (method url-fetch) (uri (string-append "mirror://kernel.org/linux/utils/cryptsetup/v" (version-major+minor version) - "/" name "-" version ".tar.xz")) + "/cryptsetup-" version ".tar.xz")) (sha256 (base32 - "1gail831j826lmpdx2gsc83lp3br6wfnwh3vqwxaa1nn1lfwsc1b")))) + "1pw2bq4nv2z3xyycckxkbp7dp9kkp2n6bspna3plryg277z4zjiv")))) (build-system gnu-build-system) - (inputs - `(("libgcrypt" ,libgcrypt) - ("lvm2" ,lvm2) - ("util-linux" ,util-linux) - ("popt" ,popt))) + (arguments + `(#:configure-flags + (list + ;; Argon2 is always enabled, this just selects the (faster) full version. + "--enable-libargon2" + ;; The default is OpenSSL which provides better PBKDF performance. + "--with-crypto_backend=gcrypt" + ;; GRUB as of 2.04 still can't read LUKS2 containers. + "--with-default-luks-format=LUKS1"))) (native-inputs - `(("python" ,python-wrapper))) + `(("pkg-config" ,pkg-config))) + (inputs + `(("argon2" ,argon2) + ("json-c" ,json-c) + ("libgcrypt" ,libgcrypt) + ("lvm2" ,lvm2) ; device-mapper + ("popt" ,popt) + ("util-linux" ,util-linux "lib"))) ;libuuid (synopsis "Hard disk encryption tool") (description "LUKS (Linux Unified Key Setup)/Cryptsetup provides a standard on-disk @@ -81,6 +95,14 @@ files). This assumes LIBRARY uses Libtool." '(#:configure-flags '("--disable-shared" "--enable-static-cryptsetup" + "--disable-veritysetup" + "--disable-cryptsetup-reencrypt" + "--disable-integritysetup" + + ;; The default is OpenSSL which provides better PBKDF performance. + "--with-crypto_backend=gcrypt" + + "--disable-blkid" ;; 'libdevmapper.a' pulls in libpthread, libudev and libm. "LIBS=-ludev -pthread -lm") @@ -94,8 +116,7 @@ files). This assumes LIBRARY uses Libtool." #:phases (modify-phases %standard-phases (add-after 'install 'remove-cruft (lambda* (#:key outputs #:allow-other-keys) - ;; Remove everything except the 'cryptsetup' command and - ;; its friend. + ;; Remove everything except the 'cryptsetup' command. (let ((out (assoc-ref outputs "out"))) (with-directory-excursion out (let ((dirs (scandir "." @@ -109,7 +130,7 @@ files). This assumes LIBRARY uses Libtool." ".static") file) (remove-store-references file)) - '("sbin/cryptsetup" "sbin/veritysetup")) + '("sbin/cryptsetup")) #t)))))))) (inputs (let ((libgcrypt-static @@ -117,9 +138,10 @@ files). This assumes LIBRARY uses Libtool." (inherit (static-library libgcrypt)) (propagated-inputs `(("libgpg-error-host" ,(static-library libgpg-error))))))) - `(("libgcrypt" ,libgcrypt-static) + `(("json-c" ,json-c-0.13) + ("libgcrypt" ,libgcrypt-static) ("lvm2" ,lvm2-static) ("util-linux" ,util-linux "static") - ("util-linux" ,util-linux) + ("util-linux" ,util-linux "lib") ("popt" ,popt)))) (synopsis "Hard disk encryption tool (statically linked)")))