pkgs/os-specific/linux/cryptsetup/default.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / pkgs / os-specific / linux / cryptsetup / default.nix
at 24.11-pre 88 lines 3.1 kB view raw
 1{ lib, stdenv, fetchurl, lvm2, json_c, asciidoctor
 2, openssl, libuuid, pkg-config, popt, nixosTests
 3, libargon2, withInternalArgon2 ? false
 4
 5  # Programs enabled by default upstream are implicitly enabled unless
 6  # manually set to false.
 7, programs ? {}
 8  # The release tarballs contain precomputed manpage files, so we don't need
 9  # to run asciidoctor on the man sources. By avoiding asciidoctor, we make
10  # the bare NixOS build hash independent of changes to the ruby ecosystem,
11  # saving mass-rebuilds.
12, rebuildMan ? false
13}:
14
15stdenv.mkDerivation rec {
16  pname = "cryptsetup";
17  version = "2.7.1";
18
19  outputs = [ "bin" "out" "dev" "man" ];
20  separateDebugInfo = true;
21
22  src = fetchurl {
23    url = "mirror://kernel/linux/utils/cryptsetup/v${lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
24    hash = "sha256-2l0UGeKobgGqMv15WCzVTSCIV8tUG8ov1Cal/xqqu8M=";
25  };
26
27  patches = [
28    # Allow reading tokens from a relative path, see #167994
29    ./relative-token-path.patch
30  ];
31
32  postPatch = ''
33    patchShebangs tests
34
35    # O_DIRECT is filesystem dependent and fails in a sandbox (on tmpfs)
36    # and on several filesystem types (btrfs, zfs) without sandboxing.
37    # Remove it, see discussion in #46151
38    substituteInPlace tests/unit-utils-io.c --replace "| O_DIRECT" ""
39  '';
40
41  NIX_LDFLAGS = lib.optionalString (stdenv.cc.isGNU && !stdenv.hostPlatform.isStatic) "-lgcc_s";
42
43  configureFlags = [
44    "--with-crypto_backend=openssl"
45    "--disable-ssh-token"
46  ] ++ lib.optionals (!rebuildMan) [
47    "--disable-asciidoc"
48  ] ++ lib.optionals (!withInternalArgon2) [
49    "--enable-libargon2"
50  ] ++ lib.optionals stdenv.hostPlatform.isStatic [
51    "--disable-external-tokens"
52    # We have to override this even though we're removing token
53    # support, because the path still gets included in the binary even
54    # though it isn't used.
55    "--with-luks2-external-tokens-path=/"
56  ] ++ (with lib; mapAttrsToList (flip enableFeature)) programs;
57
58  nativeBuildInputs = [ pkg-config ] ++ lib.optionals rebuildMan [ asciidoctor ];
59  buildInputs = [ lvm2 json_c openssl libuuid popt ] ++ lib.optional (!withInternalArgon2) libargon2;
60
61  # The test [7] header backup in compat-test fails with a mysterious
62  # "out of memory" error, even though tons of memory is available.
63  # Issue filed upstream: https://gitlab.com/cryptsetup/cryptsetup/-/issues/763
64  doCheck = !stdenv.hostPlatform.isMusl;
65
66  passthru = {
67    tests = {
68      nixos =
69        lib.optionalAttrs stdenv.hostPlatform.isLinux (
70          lib.recurseIntoAttrs (
71            lib.filterAttrs
72              (name: _value: lib.hasPrefix "luks" name)
73              nixosTests.installer
74          )
75        );
76    };
77  };
78
79  meta = {
80    homepage = "https://gitlab.com/cryptsetup/cryptsetup/";
81    description = "LUKS for dm-crypt";
82    changelog = "https://gitlab.com/cryptsetup/cryptsetup/-/raw/v${version}/docs/v${version}-ReleaseNotes";
83    license = lib.licenses.gpl2;
84    mainProgram = "cryptsetup";
85    maintainers = with lib.maintainers; [ raitobezarius ];
86    platforms = with lib.platforms; linux;
87  };
88}