nixpkgs/pkgs/os-specific/linux/cryptsetup/default.nix

{ lib, stdenv, fetchurl, lvm2, json_c, asciidoctor
, openssl, libuuid, pkg-config, popt, nixosTests
, libargon2, withInternalArgon2 ? false

  # Programs enabled by default upstream are implicitly enabled unless
  # manually set to false.
, programs ? {}
  # The release tarballs contain precomputed manpage files, so we don't need
  # to run asciidoctor on the man sources. By avoiding asciidoctor, we make
  # the bare NixOS build hash independent of changes to the ruby ecosystem,
  # saving mass-rebuilds.
, rebuildMan ? false
}:

stdenv.mkDerivation rec {
  pname = "cryptsetup";
  version = "2.6.1";

  outputs = [ "bin" "out" "dev" "man" ];
  separateDebugInfo = true;

  src = fetchurl {
    url = "mirror://kernel/linux/utils/cryptsetup/v${lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
    hash = "sha256-QQ3tZaEHKrnI5Brd7Te5cpwIf+9NLbArtO9SmtbaRpM=";
  };

  patches = [
    # Allow reading tokens from a relative path, see #167994
    ./relative-token-path.patch
  ];

  postPatch = ''
    patchShebangs tests

    # O_DIRECT is filesystem dependent and fails in a sandbox (on tmpfs)
    # and on several filesystem types (btrfs, zfs) without sandboxing.
    # Remove it, see discussion in #46151
    substituteInPlace tests/unit-utils-io.c --replace "| O_DIRECT" ""
  '';

  NIX_LDFLAGS = lib.optionalString (stdenv.cc.isGNU && !stdenv.hostPlatform.isStatic) "-lgcc_s";

  configureFlags = [
    "--with-crypto_backend=openssl"
    "--disable-ssh-token"
  ] ++ lib.optionals (!rebuildMan) [
    "--disable-asciidoc"
  ] ++ lib.optionals (!withInternalArgon2) [
    "--enable-libargon2"
  ] ++ lib.optionals stdenv.hostPlatform.isStatic [
    "--disable-external-tokens"
    # We have to override this even though we're removing token
    # support, because the path still gets included in the binary even
    # though it isn't used.
    "--with-luks2-external-tokens-path=/"
  ] ++ (with lib; mapAttrsToList (flip enableFeature)) programs;

  nativeBuildInputs = [ pkg-config ] ++ lib.optionals rebuildMan [ asciidoctor ];
  buildInputs = [ lvm2 json_c openssl libuuid popt ] ++ lib.optional (!withInternalArgon2) libargon2;

  # The test [7] header backup in compat-test fails with a mysterious
  # "out of memory" error, even though tons of memory is available.
  # Issue filed upstream: https://gitlab.com/cryptsetup/cryptsetup/-/issues/763
  doCheck = !stdenv.hostPlatform.isMusl;

  passthru = {
    tests = {
      nixos =
        lib.optionalAttrs stdenv.hostPlatform.isLinux (
          lib.recurseIntoAttrs (
            lib.filterAttrs
              (name: _value: lib.hasPrefix "luks" name)
              nixosTests.installer
          )
        );
    };
  };

  meta = {
    homepage = "https://gitlab.com/cryptsetup/cryptsetup/";
    description = "LUKS for dm-crypt";
    changelog = "https://gitlab.com/cryptsetup/cryptsetup/-/raw/v${version}/docs/v${version}-ReleaseNotes";
    license = lib.licenses.gpl2;
    mainProgram = "cryptsetup";
    maintainers = with lib.maintainers; [ raitobezarius ];
    platforms = with lib.platforms; linux;
  };
}
cryptsetup: 2.4.3 -> 2.5.0 (#186249) 2022-08-14 09:40:43 +00:00			`{ lib, stdenv, fetchurl, lvm2, json_c, asciidoctor`
cryptsetup: Add tests.nixos 2022-09-23 14:08:35 +00:00			`, openssl, libuuid, pkg-config, popt, nixosTests`
cryptsetup: compile against libargon2 by default This will provide a nice fast Argon2 implementation rather than the slow internal one. 2023-06-19 00:32:52 +00:00			`, libargon2, withInternalArgon2 ? false`
cryptsetup: Remove ruby build dependency from NixOS Removing this build dependency makes most NixOS tests completely independent of the ruby ecosystem. This helps reduce mass-rebuilds, which is especially useful when bisecting the staging branch using a NixOS test. 2022-09-23 13:59:16 +00:00
cryptsetup: make all programs optional (#254767) Some use cases (think appliances) call for veritysetup but not cryptsetup, and others (like NixOS) don't need veritysetup and usually not integritysetup. This is especially useful for pkgsStatic where each program contains a whole copy of the libraries it needs so is quite large. 2023-09-12 18:31:50 +00:00			`# Programs enabled by default upstream are implicitly enabled unless`
			`# manually set to false.`
			`, programs ? {}`
cryptsetup: Remove ruby build dependency from NixOS Removing this build dependency makes most NixOS tests completely independent of the ruby ecosystem. This helps reduce mass-rebuilds, which is especially useful when bisecting the staging branch using a NixOS test. 2022-09-23 13:59:16 +00:00			`# The release tarballs contain precomputed manpage files, so we don't need`
			`# to run asciidoctor on the man sources. By avoiding asciidoctor, we make`
			`# the bare NixOS build hash independent of changes to the ruby ecosystem,`
			`# saving mass-rebuilds.`
			`, rebuildMan ? false`
			`}:`
Adding LUKS cryptsetup for the devicemapper. svn path=/nixpkgs/trunk/; revision=14289 2009-03-01 11:11:21 +00:00
cryptsetup-1.4.1 Thanks to Mathijs Kwik and Peter Simons for preparing this. Make sure you have nixos r31132. svn path=/nixpkgs/trunk/; revision=31134 2011-12-28 21:48:58 +00:00			`stdenv.mkDerivation rec {`
cryptsetup: 2.1.0 -> 2.3.3 Changes: - https://gitlab.com/cryptsetup/cryptsetup/-/blob/master/docs/v2.2.0-ReleaseNotes - https://gitlab.com/cryptsetup/cryptsetup/-/blob/master/docs/v2.2.1-ReleaseNotes - https://gitlab.com/cryptsetup/cryptsetup/-/blob/master/docs/v2.2.2-ReleaseNotes - https://gitlab.com/cryptsetup/cryptsetup/-/blob/master/docs/v2.3.0-ReleaseNotes - https://gitlab.com/cryptsetup/cryptsetup/-/blob/master/docs/v2.3.1-ReleaseNotes - https://gitlab.com/cryptsetup/cryptsetup/-/blob/master/docs/v2.3.2-ReleaseNotes - https://gitlab.com/cryptsetup/cryptsetup/-/blob/master/docs/v2.3.3-ReleaseNotes The python bindings were removed in 2.1.0. 2020-06-17 23:54:43 +00:00			`pname = "cryptsetup";`
cryptsetup: 2.5.0 -> 2.6.1 2023-02-01 14:19:04 +00:00			`version = "2.6.1";`
cryptsetup: Update to 1.5.0 2012-08-10 20:42:29 +00:00
cryptsetup: separate binaries from libraries This reduces closure sizes by making the libraries not depend on the binaries, which is good for dynamic builds, and (when statically linked) making the binaries not depend on the libraries, which is good for static builds. When static building, we additionally have to disable loading LUKS plugins from $lib to avoid a reference, which probably wouldn't have worked anyway. 2022-01-24 12:53:19 +00:00			`outputs = [ "bin" "out" "dev" "man" ];`
cryptsetup: enable debug info 2022-01-24 12:57:15 +00:00			`separateDebugInfo = true;`
Split outputs to out, dev and man 2018-08-20 14:43:48 +00:00
Adding LUKS cryptsetup for the devicemapper. svn path=/nixpkgs/trunk/; revision=14289 2009-03-01 11:11:21 +00:00			`src = fetchurl {`
cryptsetup: 2.5.0 -> 2.6.1 2023-02-01 14:19:04 +00:00			`url = "mirror://kernel/linux/utils/cryptsetup/v${lib.versions.majorMinor version}/${pname}-${version}.tar.xz";`
			`hash = "sha256-QQ3tZaEHKrnI5Brd7Te5cpwIf+9NLbArtO9SmtbaRpM=";`
Adding LUKS cryptsetup for the devicemapper. svn path=/nixpkgs/trunk/; revision=14289 2009-03-01 11:11:21 +00:00			`};`

cryptsetup: Allow reading tokens from relative path Co-authored-by: Janne Heß <janne@hess.ooo> Co-authored-by: Ilan Joselevich <personal@ilanjoselevich.com> 2022-09-23 21:47:05 +00:00			`patches = [`
			`# Allow reading tokens from a relative path, see #167994`
			`./relative-token-path.patch`
			`];`

cryptsetup: fix tests 2018-08-08 21:18:19 +00:00			`postPatch = ''`
			`patchShebangs tests`
cryptsetup: enable and fix tests (#46346) Some tests use O_DIRECT which is filesystem dependent and fails in a sandbox as well as on some filesystems without sandboxing. Patch out O_DIRECT and disable the 4 test cases that still fail in a sandbox. See discussion in #46151. 2018-09-08 19:24:15 +00:00
			`# O_DIRECT is filesystem dependent and fails in a sandbox (on tmpfs)`
			`# and on several filesystem types (btrfs, zfs) without sandboxing.`
			`# Remove it, see discussion in #46151`
			`substituteInPlace tests/unit-utils-io.c --replace "\| O_DIRECT" ""`
cryptsetup: fix tests 2018-08-08 21:18:19 +00:00			`'';`

cryptsetup: don't look at targetPlatform targetPlatform refers to the platform the program being compiled will produce binaries for, which only makes sense for things like compilers, not cryptsetup. The correct platform to look at to check static support is hostPlatform, which refers to the architecture the program being compiled will run on. 2022-01-24 10:20:24 +00:00			`NIX_LDFLAGS = lib.optionalString (stdenv.cc.isGNU && !stdenv.hostPlatform.isStatic) "-lgcc_s";`
cryptsetup: apply Matías Lang's patch 2018-06-15 23:20:53 +00:00
			`configureFlags = [`
			`"--with-crypto_backend=openssl"`
cryptsetup: 2.3.6 -> 2.4.0 - https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.4/v2.4.0-ReleaseNotes 2021-09-01 16:57:13 +00:00			`"--disable-ssh-token"`
cryptsetup: Remove ruby build dependency from NixOS Removing this build dependency makes most NixOS tests completely independent of the ruby ecosystem. This helps reduce mass-rebuilds, which is especially useful when bisecting the staging branch using a NixOS test. 2022-09-23 13:59:16 +00:00			`] ++ lib.optionals (!rebuildMan) [`
			`"--disable-asciidoc"`
cryptsetup: compile against libargon2 by default This will provide a nice fast Argon2 implementation rather than the slow internal one. 2023-06-19 00:32:52 +00:00			`] ++ lib.optionals (!withInternalArgon2) [`
			`"--enable-libargon2"`
cryptsetup: separate binaries from libraries This reduces closure sizes by making the libraries not depend on the binaries, which is good for dynamic builds, and (when statically linked) making the binaries not depend on the libraries, which is good for static builds. When static building, we additionally have to disable loading LUKS plugins from $lib to avoid a reference, which probably wouldn't have worked anyway. 2022-01-24 12:53:19 +00:00			`] ++ lib.optionals stdenv.hostPlatform.isStatic [`
			`"--disable-external-tokens"`
			`# We have to override this even though we're removing token`
			`# support, because the path still gets included in the binary even`
			`# though it isn't used.`
			`"--with-luks2-external-tokens-path=/"`
cryptsetup: make all programs optional (#254767) Some use cases (think appliances) call for veritysetup but not cryptsetup, and others (like NixOS) don't need veritysetup and usually not integritysetup. This is especially useful for pkgsStatic where each program contains a whole copy of the libraries it needs so is quite large. 2023-09-12 18:31:50 +00:00			`] ++ (with lib; mapAttrsToList (flip enableFeature)) programs;`
cryptsetup: Update to 1.5.0 2012-08-10 20:42:29 +00:00
cryptsetup: Remove ruby build dependency from NixOS Removing this build dependency makes most NixOS tests completely independent of the ruby ecosystem. This helps reduce mass-rebuilds, which is especially useful when bisecting the staging branch using a NixOS test. 2022-09-23 13:59:16 +00:00			`nativeBuildInputs = [ pkg-config ] ++ lib.optionals rebuildMan [ asciidoctor ];`
cryptsetup: compile against libargon2 by default This will provide a nice fast Argon2 implementation rather than the slow internal one. 2023-06-19 00:32:52 +00:00			`buildInputs = [ lvm2 json_c openssl libuuid popt ] ++ lib.optional (!withInternalArgon2) libargon2;`
Adding LUKS cryptsetup for the devicemapper. svn path=/nixpkgs/trunk/; revision=14289 2009-03-01 11:11:21 +00:00
cryptsetup: skip tests on musl The test [7] header backup in compat-test fails with a mysterious "out of memory" error, even though tons of memory is available. Issue filed upstream: https://gitlab.com/cryptsetup/cryptsetup/-/issues/763 2022-08-13 12:34:25 +00:00			`# The test [7] header backup in compat-test fails with a mysterious`
			`# "out of memory" error, even though tons of memory is available.`
			`# Issue filed upstream: https://gitlab.com/cryptsetup/cryptsetup/-/issues/763`
			`doCheck = !stdenv.hostPlatform.isMusl;`
cryptsetup: enable and fix tests (#46346) Some tests use O_DIRECT which is filesystem dependent and fails in a sandbox as well as on some filesystems without sandboxing. Patch out O_DIRECT and disable the 4 test cases that still fail in a sandbox. See discussion in #46151. 2018-09-08 19:24:15 +00:00
cryptsetup: Add tests.nixos 2022-09-23 14:08:35 +00:00			`passthru = {`
			`tests = {`
			`nixos =`
			`lib.optionalAttrs stdenv.hostPlatform.isLinux (`
			`lib.recurseIntoAttrs (`
			`lib.filterAttrs`
			`(name: _value: lib.hasPrefix "luks" name)`
			`nixosTests.installer`
			`)`
			`);`
			`};`
			`};`

Adding LUKS cryptsetup for the devicemapper. svn path=/nixpkgs/trunk/; revision=14289 2009-03-01 11:11:21 +00:00			`meta = {`
treewide: Per RFC45, remove all unquoted URLs 2020-04-01 01:11:51 +00:00			`homepage = "https://gitlab.com/cryptsetup/cryptsetup/";`
Adding LUKS cryptsetup for the devicemapper. svn path=/nixpkgs/trunk/; revision=14289 2009-03-01 11:11:21 +00:00			`description = "LUKS for dm-crypt";`
cryptsetup: 2.5.0 -> 2.6.1 2023-02-01 14:19:04 +00:00			`changelog = "https://gitlab.com/cryptsetup/cryptsetup/-/raw/v${version}/docs/v${version}-ReleaseNotes";`
pkgs/os-specific: stdenv.lib -> lib 2021-01-15 14:45:37 +00:00			`license = lib.licenses.gpl2;`
cryptsetup: add meta.mainProgram 2023-08-16 15:10:09 +00:00			`mainProgram = "cryptsetup";`
cryptsetup: add raitobezarius as a maintainer Here we go again. :) 2023-06-19 00:33:03 +00:00			`maintainers = with lib.maintainers; [ raitobezarius ];`
pkgs/os-specific: stdenv.lib -> lib 2021-01-15 14:45:37 +00:00			`platforms = with lib.platforms; linux;`
Adding LUKS cryptsetup for the devicemapper. svn path=/nixpkgs/trunk/; revision=14289 2009-03-01 11:11:21 +00:00			`};`
			`}`