Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 98ccb1903bfb490dc6075e694664d8f1edef74dd / . / meta-openembedded / meta-oe / recipes-crypto / cryptsetup / cryptsetup_2.4.3.bb
blob: 652fd666141af76565b1d273ec41d8d81927a128 [file] [log] [blame]
Andrew Geissler595f6302022-01-24 19:11:47 +0000[diff] [blame]1SUMMARY = "Manage plain dm-crypt and LUKS encrypted volumes"
2DESCRIPTION = "Cryptsetup is used to conveniently setup dm-crypt managed \
3device-mapper mappings. These include plain dm-crypt volumes and \
4LUKS volumes. The difference is that LUKS uses a metadata header \
5and can hence offer more features than plain dm-crypt. On the other \
6hand, the header is visible and vulnerable to damage."
7HOMEPAGE = "https://gitlab.com/cryptsetup/cryptsetup"
8SECTION = "console"
9LICENSE = "GPL-2.0-with-OpenSSL-exception"
10LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326"
11
12DEPENDS = " \
13 json-c \
14 libdevmapper \
15 popt \
16 util-linux-libuuid \
Andrew Geissler595f6302022-01-24 19:11:47 +0000[diff] [blame]17"
18
19DEPENDS:append:libc-musl = " argp-standalone"
20LDFLAGS:append:libc-musl = " -largp"
21
22SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz"
23SRC_URI[sha256sum] = "fc0df945188172264ec5bf1d0bda08264fadc8a3f856d47eba91f31fe354b507"
24
25inherit autotools gettext pkgconfig
26
27# Use openssl because libgcrypt drops root privileges
28# if libgcrypt is linked with libcap support
29PACKAGECONFIG ??= " \
30 keyring \
31 cryptsetup \
32 veritysetup \
33 cryptsetup-reencrypt \
34 integritysetup \
35 ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \
36 kernel_crypto \
37 internal-argon2 \
38 blkid \
39 luks-adjust-xts-keysize \
40 openssl \
Andrew Geissler615f2f12022-07-15 14:00:58 -0500[diff] [blame]41 ssh-token \
Andrew Geissler595f6302022-01-24 19:11:47 +0000[diff] [blame]42"
43PACKAGECONFIG:append:class-target = " \
44 udev \
45"
46
47PACKAGECONFIG[keyring] = "--enable-keyring,--disable-keyring"
48PACKAGECONFIG[fips] = "--enable-fips,--disable-fips"
49PACKAGECONFIG[pwquality] = "--enable-pwquality,--disable-pwquality,libpwquality"
50PACKAGECONFIG[passwdqc] = "--enable-passwdqc,--disable-passwdqc,passwdqc"
51PACKAGECONFIG[cryptsetup] = "--enable-cryptsetup,--disable-cryptsetup"
52PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-veritysetup"
53PACKAGECONFIG[cryptsetup-reencrypt] = "--enable-cryptsetup-reencrypt,--disable-cryptsetup-reencrypt"
54PACKAGECONFIG[integritysetup] = "--enable-integritysetup,--disable-integritysetup"
55PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux"
56PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,,udev lvm2-udevrules"
57PACKAGECONFIG[kernel_crypto] = "--enable-kernel_crypto,--disable-kernel_crypto"
58# gcrypt-pkbdf2 requries --with-crypto_backend=gcrypt or the flag isn't
59# recognized.
60PACKAGECONFIG[gcrypt-pbkdf2] = "--enable-gcrypt-pbkdf2"
61PACKAGECONFIG[internal-argon2] = "--enable-internal-argon2,--disable-internal-argon2"
62PACKAGECONFIG[internal-sse-argon2] = "--enable-internal-sse-argon2,--disable-internal-sse-argon2"
63PACKAGECONFIG[blkid] = "--enable-blkid,--disable-blkid,util-linux"
64PACKAGECONFIG[dev-random] = "--enable-dev-random,--disable-dev-random"
65PACKAGECONFIG[luks-adjust-xts-keysize] = "--enable-luks-adjust-xts-keysize,--disable-luks-adjust-xts-keysize"
66PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl"
67PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt"
68PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss"
69PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel"
70PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle"
71PACKAGECONFIG[luks2] = "--with-default-luks-format=LUKS2,--with-default-luks-format=LUKS1"
Andrew Geissler615f2f12022-07-15 14:00:58 -0500[diff] [blame]72PACKAGECONFIG[ssh-token] = "--enable-ssh-token,--disable-ssh-token,libssh"
Andrew Geisslerd5838332022-05-27 11:33:10 -0500[diff] [blame]73
Andrew Geissler595f6302022-01-24 19:11:47 +0000[diff] [blame]74EXTRA_OECONF = "--enable-static"
75# Building without largefile is not supported by upstream
76EXTRA_OECONF += "--enable-largefile"
77# Requires a static popt library
78EXTRA_OECONF += "--disable-static-cryptsetup"
79# There's no recipe for libargon2 yet
80EXTRA_OECONF += "--disable-libargon2"
81
Andrew Geisslerd5838332022-05-27 11:33:10 -0500[diff] [blame]82# libcryptsetup default PBKDF algorithm, Argon2 memory cost (KB), parallel threads and iteration time (ms)
83LUKS2_PBKDF ?= "argon2i"
84LUKS2_MEMORYKB ?= "1048576"
85LUKS2_PARALLEL_THREADS ?= "4"
86LUKS2_ITERTIME ?= "2000"
87
88EXTRA_OECONF += "--with-luks2-pbkdf=${LUKS2_PBKDF} \
89 --with-luks2-memory-kb=${LUKS2_MEMORYKB} \
90 --with-luks2-parallel-threads=${LUKS2_PARALLEL_THREADS} \
91 --with-luks2-iter-time=${LUKS2_ITERTIME}"
92
Andrew Geissler615f2f12022-07-15 14:00:58 -0500[diff] [blame]93do_install:append() {
94 # The /usr/lib/cryptsetup directory is always created, even when ssh-token
95 # is disabled. In that case it is empty and causes a packaging error. Since
96 # there is no reason to distribute the empty directory, the easiest solution
97 # is to remove it if it is empty.
98 rmdir -p --ignore-fail-on-non-empty ${D}${libdir}/${BPN}
99}
100
Andrew Geissler595f6302022-01-24 19:11:47 +0000[diff] [blame]101FILES:${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}"
102
103RDEPENDS:${PN} = " \
104 libdevmapper \
105"
106
107RRECOMMENDS:${PN}:class-target = " \
108 kernel-module-aes-generic \
109 kernel-module-dm-crypt \
110 kernel-module-md5 \
111 kernel-module-cbc \
112 kernel-module-sha256-generic \
113 kernel-module-xts \
114"
115
116BBCLASSEXTEND = "native nativesdk"