1SUMMARY = "Manage plain dm-crypt and LUKS encrypted volumes" 2DESCRIPTION = "Cryptsetup is used to conveniently setup dm-crypt managed \ 3device-mapper mappings. These include plain dm-crypt volumes and \ 4LUKS volumes. The difference is that LUKS uses a metadata header \ 5and can hence offer more features than plain dm-crypt. On the other \ 6hand, the header is visible and vulnerable to damage." 7HOMEPAGE = "https://gitlab.com/cryptsetup/cryptsetup" 8SECTION = "console" 9LICENSE = "GPL-2.0-with-OpenSSL-exception" 10LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326" 11 12DEPENDS = " \ 13 json-c \ 14 libdevmapper \ 15 popt \ 16 util-linux-libuuid \ 17" 18 19DEPENDS:append:libc-musl = " argp-standalone" 20LDFLAGS:append:libc-musl = " -largp" 21 22SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz" 23SRC_URI[sha256sum] = "da5d1419e2a86e01aa32fd79582cd54d208857cb541bca2fd426a5ff1aaabbc3" 24 25inherit autotools gettext pkgconfig 26 27# Use openssl because libgcrypt drops root privileges 28# if libgcrypt is linked with libcap support 29PACKAGECONFIG ??= " \ 30 keyring \ 31 cryptsetup \ 32 veritysetup \ 33 luks2-reencryption \ 34 integritysetup \ 35 ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \ 36 kernel_crypto \ 37 internal-argon2 \ 38 blkid \ 39 luks-adjust-xts-keysize \ 40 openssl \ 41 ssh-token \ 42" 43PACKAGECONFIG:append:class-target = " \ 44 udev \ 45" 46 47PACKAGECONFIG[keyring] = "--enable-keyring,--disable-keyring" 48PACKAGECONFIG[fips] = "--enable-fips,--disable-fips" 49PACKAGECONFIG[pwquality] = "--enable-pwquality,--disable-pwquality,libpwquality" 50PACKAGECONFIG[passwdqc] = "--enable-passwdqc,--disable-passwdqc,passwdqc" 51PACKAGECONFIG[cryptsetup] = "--enable-cryptsetup,--disable-cryptsetup" 52PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-veritysetup" 53PACKAGECONFIG[luks2-reencryption] = "--enable-luks2-reencryption,--disable-luks2-reencryption" 54PACKAGECONFIG[integritysetup] = "--enable-integritysetup,--disable-integritysetup" 55PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux" 56PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,,udev lvm2-udevrules" 57PACKAGECONFIG[kernel_crypto] = "--enable-kernel_crypto,--disable-kernel_crypto" 58# gcrypt-pkbdf2 requries --with-crypto_backend=gcrypt or the flag isn't 59# recognized. 60PACKAGECONFIG[gcrypt-pbkdf2] = "--enable-gcrypt-pbkdf2" 61PACKAGECONFIG[internal-argon2] = "--enable-internal-argon2,--disable-internal-argon2" 62PACKAGECONFIG[internal-sse-argon2] = "--enable-internal-sse-argon2,--disable-internal-sse-argon2" 63PACKAGECONFIG[blkid] = "--enable-blkid,--disable-blkid,util-linux" 64PACKAGECONFIG[dev-random] = "--enable-dev-random,--disable-dev-random" 65PACKAGECONFIG[luks-adjust-xts-keysize] = "--enable-luks-adjust-xts-keysize,--disable-luks-adjust-xts-keysize" 66PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl" 67PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt" 68PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss" 69PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel" 70PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle" 71PACKAGECONFIG[luks2] = "--with-default-luks-format=LUKS2,--with-default-luks-format=LUKS1" 72PACKAGECONFIG[ssh-token] = "--enable-ssh-token,--disable-ssh-token,libssh" 73 74EXTRA_OECONF = "--enable-static" 75# Building without largefile is not supported by upstream 76EXTRA_OECONF += "--enable-largefile" 77# Requires a static popt library 78EXTRA_OECONF += "--disable-static-cryptsetup" 79# There's no recipe for libargon2 yet 80EXTRA_OECONF += "--disable-libargon2" 81# Disable documentation, there is no asciidoctor-native available in OE 82EXTRA_OECONF += "--disable-asciidoc" 83# libcryptsetup default PBKDF algorithm, Argon2 memory cost (KB), parallel threads and iteration time (ms) 84LUKS2_PBKDF ?= "argon2i" 85LUKS2_MEMORYKB ?= "1048576" 86LUKS2_PARALLEL_THREADS ?= "4" 87LUKS2_ITERTIME ?= "2000" 88 89EXTRA_OECONF += "--with-luks2-pbkdf=${LUKS2_PBKDF} \ 90 --with-luks2-memory-kb=${LUKS2_MEMORYKB} \ 91 --with-luks2-parallel-threads=${LUKS2_PARALLEL_THREADS} \ 92 --with-luks2-iter-time=${LUKS2_ITERTIME}" 93 94do_install:append() { 95 # The /usr/lib/cryptsetup directory is always created, even when ssh-token 96 # is disabled. In that case it is empty and causes a packaging error. Since 97 # there is no reason to distribute the empty directory, the easiest solution 98 # is to remove it if it is empty. 99 rmdir -p --ignore-fail-on-non-empty ${D}${libdir}/${BPN} 100} 101 102FILES:${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}" 103 104RDEPENDS:${PN} = " \ 105 libdevmapper \ 106" 107 108RRECOMMENDS:${PN}:class-target = " \ 109 kernel-module-aes-generic \ 110 kernel-module-dm-crypt \ 111 kernel-module-md5 \ 112 kernel-module-cbc \ 113 kernel-module-sha256-generic \ 114 kernel-module-xts \ 115" 116 117BBCLASSEXTEND = "native nativesdk" 118