mirror of
git://git.openembedded.org/meta-openembedded
synced 2026-01-01 13:58:06 +00:00
6f41c5872d
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
122 lines
5.3 KiB
BlitzBasic
122 lines
5.3 KiB
BlitzBasic
SUMMARY = "Manage plain dm-crypt and LUKS encrypted volumes"
|
|
DESCRIPTION = "Cryptsetup is used to conveniently setup dm-crypt managed \
|
|
device-mapper mappings. These include plain dm-crypt volumes and \
|
|
LUKS volumes. The difference is that LUKS uses a metadata header \
|
|
and can hence offer more features than plain dm-crypt. On the other \
|
|
hand, the header is visible and vulnerable to damage."
|
|
HOMEPAGE = "https://gitlab.com/cryptsetup/cryptsetup"
|
|
SECTION = "console"
|
|
LICENSE = "LGPL-2.1-or-later & GPL-2.0-or-later & GPL-2.0-with-OpenSSL-exception & Apache-2.0"
|
|
LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326 \
|
|
file://docs/licenses/COPYING.Apache-2.0;md5=3b83ef96387f14655fc854ddc3c6bd57 \
|
|
file://docs/licenses/COPYING.GPL-2.0-or-later-WITH-cryptsetup-OpenSSL-exception;md5=32107dd283b1dfeb66c9b3e6be312326 \
|
|
file://docs/licenses/COPYING.LGPL-2.1-or-later-WITH-cryptsetup-OpenSSL-exception;md5=1960515788100ce5f9c98ea78a65dc52 \
|
|
file://README.licensing;md5=45c1ba157f18d08991819f41f56d72e9"
|
|
|
|
DEPENDS = " \
|
|
json-c \
|
|
libdevmapper \
|
|
popt \
|
|
util-linux-libuuid \
|
|
"
|
|
|
|
DEPENDS:append:libc-musl = " argp-standalone"
|
|
LDFLAGS:append:libc-musl = " -largp"
|
|
|
|
SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz"
|
|
SRC_URI[sha256sum] = "4a8a23b8b9d1a3250452e40acead4421a03e45a38954ad0595634f4266aa800f"
|
|
|
|
inherit autotools gettext pkgconfig
|
|
|
|
# Use openssl because libgcrypt drops root privileges
|
|
# if libgcrypt is linked with libcap support
|
|
PACKAGECONFIG ??= " \
|
|
keyring \
|
|
cryptsetup \
|
|
veritysetup \
|
|
luks2-reencryption \
|
|
integritysetup \
|
|
${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \
|
|
kernel_crypto \
|
|
internal-argon2 \
|
|
blkid \
|
|
luks-adjust-xts-keysize \
|
|
openssl \
|
|
ssh-token \
|
|
"
|
|
PACKAGECONFIG:append:class-target = " \
|
|
udev \
|
|
"
|
|
|
|
PACKAGECONFIG[keyring] = "--enable-keyring,--disable-keyring"
|
|
PACKAGECONFIG[fips] = "--enable-fips,--disable-fips"
|
|
PACKAGECONFIG[pwquality] = "--enable-pwquality,--disable-pwquality,libpwquality"
|
|
PACKAGECONFIG[passwdqc] = "--enable-passwdqc,--disable-passwdqc,passwdqc"
|
|
PACKAGECONFIG[cryptsetup] = "--enable-cryptsetup,--disable-cryptsetup"
|
|
PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-veritysetup"
|
|
PACKAGECONFIG[luks2-reencryption] = "--enable-luks2-reencryption,--disable-luks2-reencryption"
|
|
PACKAGECONFIG[integritysetup] = "--enable-integritysetup,--disable-integritysetup"
|
|
PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux"
|
|
PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,,,udev lvm2"
|
|
PACKAGECONFIG[kernel_crypto] = "--enable-kernel_crypto,--disable-kernel_crypto"
|
|
# gcrypt-pkbdf2 requries --with-crypto_backend=gcrypt or the flag isn't
|
|
# recognized.
|
|
PACKAGECONFIG[gcrypt-pbkdf2] = "--enable-gcrypt-pbkdf2"
|
|
PACKAGECONFIG[internal-argon2] = "--enable-internal-argon2,--disable-internal-argon2"
|
|
PACKAGECONFIG[internal-sse-argon2] = "--enable-internal-sse-argon2,--disable-internal-sse-argon2"
|
|
PACKAGECONFIG[blkid] = "--enable-blkid,--disable-blkid,util-linux"
|
|
PACKAGECONFIG[dev-random] = "--enable-dev-random,--disable-dev-random"
|
|
PACKAGECONFIG[luks-adjust-xts-keysize] = "--enable-luks-adjust-xts-keysize,--disable-luks-adjust-xts-keysize"
|
|
PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl"
|
|
PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt"
|
|
PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss"
|
|
PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel"
|
|
PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle"
|
|
PACKAGECONFIG[luks2] = "--with-default-luks-format=LUKS2,--with-default-luks-format=LUKS1"
|
|
PACKAGECONFIG[ssh-token] = "--enable-ssh-token,--disable-ssh-token,libssh"
|
|
|
|
EXTRA_OECONF = "--enable-static"
|
|
# Building without largefile is not supported by upstream
|
|
EXTRA_OECONF += "--enable-largefile"
|
|
# Requires a static popt library
|
|
EXTRA_OECONF += "--disable-static-cryptsetup"
|
|
# There's no recipe for libargon2 yet
|
|
EXTRA_OECONF += "--disable-libargon2"
|
|
# Disable documentation, there is no asciidoctor-native available in OE
|
|
EXTRA_OECONF += "--disable-asciidoc"
|
|
# libcryptsetup default PBKDF algorithm, Argon2 memory cost (KB), parallel threads and iteration time (ms)
|
|
LUKS2_PBKDF ?= "argon2i"
|
|
LUKS2_MEMORYKB ?= "1048576"
|
|
LUKS2_PARALLEL_THREADS ?= "4"
|
|
LUKS2_ITERTIME ?= "2000"
|
|
|
|
EXTRA_OECONF += "--with-luks2-pbkdf=${LUKS2_PBKDF} \
|
|
--with-luks2-memory-kb=${LUKS2_MEMORYKB} \
|
|
--with-luks2-parallel-threads=${LUKS2_PARALLEL_THREADS} \
|
|
--with-luks2-iter-time=${LUKS2_ITERTIME}"
|
|
|
|
do_install:append() {
|
|
# The /usr/lib/cryptsetup directory is always created, even when ssh-token
|
|
# is disabled. In that case it is empty and causes a packaging error. Since
|
|
# there is no reason to distribute the empty directory, the easiest solution
|
|
# is to remove it if it is empty.
|
|
rmdir -p --ignore-fail-on-non-empty ${D}${libdir}/${BPN}
|
|
}
|
|
|
|
FILES:${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}"
|
|
|
|
RDEPENDS:${PN} = " \
|
|
libdevmapper \
|
|
"
|
|
|
|
RRECOMMENDS:${PN}:class-target = " \
|
|
kernel-module-aes-generic \
|
|
kernel-module-dm-crypt \
|
|
kernel-module-md5 \
|
|
kernel-module-cbc \
|
|
kernel-module-sha256-generic \
|
|
kernel-module-xts \
|
|
"
|
|
|
|
BBCLASSEXTEND = "native nativesdk"
|