1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2019 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu packages cryptsetup)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix build-system gnu)
#:use-module (guix utils)
#:use-module (gnu packages)
#:use-module (gnu packages gnupg)
#:use-module (gnu packages password-utils)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages popt)
#:use-module (gnu packages linux)
#:use-module (gnu packages web))
(define-public cryptsetup
(package
(name "cryptsetup")
(version "2.2.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://kernel.org/linux/utils/cryptsetup/v"
(version-major+minor version)
"/cryptsetup-" version ".tar.xz"))
(sha256
(base32
"0ija889kfhg4n2fshpq9yh2b1jl2ipvd7sfafh08g75ba6ayrw1a"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
(list
;; Argon2 is always enabled, this just selects the (faster) full version.
"--enable-libargon2"
;; The default is OpenSSL which provides better PBKDF performance.
"--with-crypto_backend=gcrypt"
;; GRUB as of 2.04 still can't read LUKS2 containers.
"--with-default-luks-format=LUKS1")))
(native-inputs
`(("pkg-config" ,pkg-config)))
(inputs
`(("argon2" ,argon2)
("json-c" ,json-c)
("libgcrypt" ,libgcrypt)
("lvm2" ,lvm2) ; device-mapper
("popt" ,popt)
("util-linux" ,util-linux))) ; libuuid
(synopsis "Hard disk encryption tool")
(description
"LUKS (Linux Unified Key Setup)/Cryptsetup provides a standard on-disk
encryption format, which does not only facilitate compatibility among
distributions, but which also provides secure management of multiple user
passwords. In contrast to existing solutions, LUKS stores all setup necessary
setup information in the partition header, enabling the users to transport
or migrate their data seamlessly.")
(license license:gpl2)
(home-page "https://gitlab.com/cryptsetup/cryptsetup")))
(define (static-library library)
"Return a variant of package LIBRARY that provides static libraries ('.a'
files). This assumes LIBRARY uses Libtool."
(package
(inherit library)
(name (string-append (package-name library) "-static"))
(arguments
(substitute-keyword-arguments (package-arguments library)
((#:configure-flags flags ''())
`(append '("--disable-shared" "--enable-static")
,flags))))))
(define-public cryptsetup-static
;; Stripped-down statically-linked 'cryptsetup' command for use in initrds.
(package
(inherit cryptsetup)
(name "cryptsetup-static")
(arguments
'(#:configure-flags '("--disable-shared"
"--enable-static-cryptsetup"
"--disable-veritysetup"
"--disable-cryptsetup-reencrypt"
"--disable-integritysetup"
;; The default is OpenSSL which provides better PBKDF performance.
"--with-crypto_backend=gcrypt"
"--disable-blkid"
;; 'libdevmapper.a' pulls in libpthread, libudev and libm.
"LIBS=-ludev -pthread -lm")
#:allowed-references () ;this should be self-contained
#:modules ((ice-9 ftw)
(ice-9 match)
(guix build utils)
(guix build gnu-build-system))
#:phases (modify-phases %standard-phases
(add-after 'install 'remove-cruft
(lambda* (#:key outputs #:allow-other-keys)
;; Remove everything except the 'cryptsetup' command.
(let ((out (assoc-ref outputs "out")))
(with-directory-excursion out
(let ((dirs (scandir "."
(match-lambda
((or "." "..") #f)
(_ #t)))))
(for-each delete-file-recursively
(delete "sbin" dirs))
(for-each (lambda (file)
(rename-file (string-append file
".static")
file)
(remove-store-references file))
'("sbin/cryptsetup"))
#t))))))))
(inputs
(let ((libgcrypt-static
(package
(inherit (static-library libgcrypt))
(propagated-inputs
`(("libgpg-error-host" ,(static-library libgpg-error)))))))
`(("json-c" ,json-c)
("libgcrypt" ,libgcrypt-static)
("lvm2" ,lvm2-static)
("util-linux" ,util-linux "static")
("util-linux" ,util-linux)
("popt" ,popt))))
(synopsis "Hard disk encryption tool (statically linked)")))
|
