xref: /OK3568_Linux_fs/yocto/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593SmuzhiyunSUMMARY = "Manage plain dm-crypt and LUKS encrypted volumes"
2*4882a593SmuzhiyunDESCRIPTION = "Cryptsetup is used to conveniently setup dm-crypt managed \
3*4882a593Smuzhiyundevice-mapper mappings. These include plain dm-crypt volumes and \
4*4882a593SmuzhiyunLUKS volumes. The difference is that LUKS uses a metadata header \
5*4882a593Smuzhiyunand can hence offer more features than plain dm-crypt. On the other \
6*4882a593Smuzhiyunhand, the header is visible and vulnerable to damage."
7*4882a593SmuzhiyunHOMEPAGE = "https://gitlab.com/cryptsetup/cryptsetup"
8*4882a593SmuzhiyunSECTION = "console"
9*4882a593SmuzhiyunLICENSE = "GPL-2.0-with-OpenSSL-exception"
10*4882a593SmuzhiyunLIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326"
11*4882a593Smuzhiyun
12*4882a593SmuzhiyunDEPENDS = " \
13*4882a593Smuzhiyun    json-c \
14*4882a593Smuzhiyun    libdevmapper \
15*4882a593Smuzhiyun    popt \
16*4882a593Smuzhiyun    util-linux-libuuid \
17*4882a593Smuzhiyun"
18*4882a593Smuzhiyun
19*4882a593SmuzhiyunDEPENDS:append:libc-musl = " argp-standalone"
20*4882a593SmuzhiyunLDFLAGS:append:libc-musl = " -largp"
21*4882a593Smuzhiyun
22*4882a593SmuzhiyunSRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz"
23*4882a593SmuzhiyunSRC_URI[sha256sum] = "fc0df945188172264ec5bf1d0bda08264fadc8a3f856d47eba91f31fe354b507"
24*4882a593Smuzhiyun
25*4882a593Smuzhiyuninherit autotools gettext pkgconfig
26*4882a593Smuzhiyun
27*4882a593Smuzhiyun# Use openssl because libgcrypt drops root privileges
28*4882a593Smuzhiyun# if libgcrypt is linked with libcap support
29*4882a593SmuzhiyunPACKAGECONFIG ??= " \
30*4882a593Smuzhiyun    keyring \
31*4882a593Smuzhiyun    cryptsetup \
32*4882a593Smuzhiyun    veritysetup \
33*4882a593Smuzhiyun    cryptsetup-reencrypt \
34*4882a593Smuzhiyun    integritysetup \
35*4882a593Smuzhiyun    ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \
36*4882a593Smuzhiyun    kernel_crypto \
37*4882a593Smuzhiyun    internal-argon2 \
38*4882a593Smuzhiyun    blkid \
39*4882a593Smuzhiyun    luks-adjust-xts-keysize \
40*4882a593Smuzhiyun    openssl \
41*4882a593Smuzhiyun    ssh-token \
42*4882a593Smuzhiyun"
43*4882a593SmuzhiyunPACKAGECONFIG:append:class-target = " \
44*4882a593Smuzhiyun    udev \
45*4882a593Smuzhiyun"
46*4882a593Smuzhiyun
47*4882a593SmuzhiyunPACKAGECONFIG[keyring] = "--enable-keyring,--disable-keyring"
48*4882a593SmuzhiyunPACKAGECONFIG[fips] = "--enable-fips,--disable-fips"
49*4882a593SmuzhiyunPACKAGECONFIG[pwquality] = "--enable-pwquality,--disable-pwquality,libpwquality"
50*4882a593SmuzhiyunPACKAGECONFIG[passwdqc] = "--enable-passwdqc,--disable-passwdqc,passwdqc"
51*4882a593SmuzhiyunPACKAGECONFIG[cryptsetup] = "--enable-cryptsetup,--disable-cryptsetup"
52*4882a593SmuzhiyunPACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-veritysetup"
53*4882a593SmuzhiyunPACKAGECONFIG[cryptsetup-reencrypt] = "--enable-cryptsetup-reencrypt,--disable-cryptsetup-reencrypt"
54*4882a593SmuzhiyunPACKAGECONFIG[integritysetup] = "--enable-integritysetup,--disable-integritysetup"
55*4882a593SmuzhiyunPACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux"
56*4882a593SmuzhiyunPACKAGECONFIG[udev] = "--enable-udev,--disable-udev,,udev lvm2-udevrules"
57*4882a593SmuzhiyunPACKAGECONFIG[kernel_crypto] = "--enable-kernel_crypto,--disable-kernel_crypto"
58*4882a593Smuzhiyun# gcrypt-pkbdf2 requries --with-crypto_backend=gcrypt or the flag isn't
59*4882a593Smuzhiyun# recognized.
60*4882a593SmuzhiyunPACKAGECONFIG[gcrypt-pbkdf2] = "--enable-gcrypt-pbkdf2"
61*4882a593SmuzhiyunPACKAGECONFIG[internal-argon2] = "--enable-internal-argon2,--disable-internal-argon2"
62*4882a593SmuzhiyunPACKAGECONFIG[internal-sse-argon2] = "--enable-internal-sse-argon2,--disable-internal-sse-argon2"
63*4882a593SmuzhiyunPACKAGECONFIG[blkid] = "--enable-blkid,--disable-blkid,util-linux"
64*4882a593SmuzhiyunPACKAGECONFIG[dev-random] = "--enable-dev-random,--disable-dev-random"
65*4882a593SmuzhiyunPACKAGECONFIG[luks-adjust-xts-keysize] = "--enable-luks-adjust-xts-keysize,--disable-luks-adjust-xts-keysize"
66*4882a593SmuzhiyunPACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl"
67*4882a593SmuzhiyunPACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt"
68*4882a593SmuzhiyunPACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss"
69*4882a593SmuzhiyunPACKAGECONFIG[kernel] = "--with-crypto_backend=kernel"
70*4882a593SmuzhiyunPACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle"
71*4882a593SmuzhiyunPACKAGECONFIG[luks2] = "--with-default-luks-format=LUKS2,--with-default-luks-format=LUKS1"
72*4882a593SmuzhiyunPACKAGECONFIG[ssh-token] = "--enable-ssh-token,--disable-ssh-token,libssh"
73*4882a593Smuzhiyun
74*4882a593SmuzhiyunEXTRA_OECONF = "--enable-static"
75*4882a593Smuzhiyun# Building without largefile is not supported by upstream
76*4882a593SmuzhiyunEXTRA_OECONF += "--enable-largefile"
77*4882a593Smuzhiyun# Requires a static popt library
78*4882a593SmuzhiyunEXTRA_OECONF += "--disable-static-cryptsetup"
79*4882a593Smuzhiyun# There's no recipe for libargon2 yet
80*4882a593SmuzhiyunEXTRA_OECONF += "--disable-libargon2"
81*4882a593Smuzhiyun
82*4882a593Smuzhiyundo_install:append() {
83*4882a593Smuzhiyun    # The /usr/lib/cryptsetup directory is always created, even when ssh-token
84*4882a593Smuzhiyun    # is disabled. In that case it is empty and causes a packaging error. Since
85*4882a593Smuzhiyun    # there is no reason to distribute the empty directory, the easiest solution
86*4882a593Smuzhiyun    # is to remove it if it is empty.
87*4882a593Smuzhiyun    rmdir -p --ignore-fail-on-non-empty ${D}${libdir}/${BPN}
88*4882a593Smuzhiyun}
89*4882a593Smuzhiyun
90*4882a593SmuzhiyunFILES:${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}"
91*4882a593Smuzhiyun
92*4882a593SmuzhiyunRDEPENDS:${PN} = " \
93*4882a593Smuzhiyun    libdevmapper \
94*4882a593Smuzhiyun"
95*4882a593Smuzhiyun
96*4882a593SmuzhiyunRRECOMMENDS:${PN}:class-target = " \
97*4882a593Smuzhiyun    kernel-module-aes-generic \
98*4882a593Smuzhiyun    kernel-module-dm-crypt \
99*4882a593Smuzhiyun    kernel-module-md5 \
100*4882a593Smuzhiyun    kernel-module-cbc \
101*4882a593Smuzhiyun    kernel-module-sha256-generic \
102*4882a593Smuzhiyun    kernel-module-xts \
103*4882a593Smuzhiyun"
104*4882a593Smuzhiyun
105*4882a593SmuzhiyunBBCLASSEXTEND = "native nativesdk"
106