mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-15 06:10:02 +00:00
Alejandro Enedino Hernandez Samaniego
f850d140d7
Cryptsetup allows for certain luks2 related defaults to be set for libcryptsetup, these include the default PBKDF algorithm, memory limit for Argon2, parallel threads and iteration time. Set default variables defined to the same values currently coming from cryptsetup upstream, making this change transparent for the user but allow these values to be customized. Signed-off-by: Alejandro Enedino Hernandez Samaniego <alejandro@enedino.org> Signed-off-by: Khem Raj <raj.khem@gmail.com>
109 lines
4.3 KiB
BlitzBasic
109 lines
4.3 KiB
BlitzBasic
SUMMARY = "Manage plain dm-crypt and LUKS encrypted volumes"
|
|
DESCRIPTION = "Cryptsetup is used to conveniently setup dm-crypt managed \
|
|
device-mapper mappings. These include plain dm-crypt volumes and \
|
|
LUKS volumes. The difference is that LUKS uses a metadata header \
|
|
and can hence offer more features than plain dm-crypt. On the other \
|
|
hand, the header is visible and vulnerable to damage."
|
|
HOMEPAGE = "https://gitlab.com/cryptsetup/cryptsetup"
|
|
SECTION = "console"
|
|
LICENSE = "GPL-2.0-with-OpenSSL-exception"
|
|
LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326"
|
|
|
|
DEPENDS = " \
|
|
json-c \
|
|
libdevmapper \
|
|
popt \
|
|
util-linux-libuuid \
|
|
libssh \
|
|
"
|
|
|
|
DEPENDS:append:libc-musl = " argp-standalone"
|
|
LDFLAGS:append:libc-musl = " -largp"
|
|
|
|
SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz"
|
|
SRC_URI[sha256sum] = "fc0df945188172264ec5bf1d0bda08264fadc8a3f856d47eba91f31fe354b507"
|
|
|
|
inherit autotools gettext pkgconfig
|
|
|
|
# Use openssl because libgcrypt drops root privileges
|
|
# if libgcrypt is linked with libcap support
|
|
PACKAGECONFIG ??= " \
|
|
keyring \
|
|
cryptsetup \
|
|
veritysetup \
|
|
cryptsetup-reencrypt \
|
|
integritysetup \
|
|
${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \
|
|
kernel_crypto \
|
|
internal-argon2 \
|
|
blkid \
|
|
luks-adjust-xts-keysize \
|
|
openssl \
|
|
"
|
|
PACKAGECONFIG:append:class-target = " \
|
|
udev \
|
|
"
|
|
|
|
PACKAGECONFIG[keyring] = "--enable-keyring,--disable-keyring"
|
|
PACKAGECONFIG[fips] = "--enable-fips,--disable-fips"
|
|
PACKAGECONFIG[pwquality] = "--enable-pwquality,--disable-pwquality,libpwquality"
|
|
PACKAGECONFIG[passwdqc] = "--enable-passwdqc,--disable-passwdqc,passwdqc"
|
|
PACKAGECONFIG[cryptsetup] = "--enable-cryptsetup,--disable-cryptsetup"
|
|
PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-veritysetup"
|
|
PACKAGECONFIG[cryptsetup-reencrypt] = "--enable-cryptsetup-reencrypt,--disable-cryptsetup-reencrypt"
|
|
PACKAGECONFIG[integritysetup] = "--enable-integritysetup,--disable-integritysetup"
|
|
PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux"
|
|
PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,,udev lvm2-udevrules"
|
|
PACKAGECONFIG[kernel_crypto] = "--enable-kernel_crypto,--disable-kernel_crypto"
|
|
# gcrypt-pkbdf2 requries --with-crypto_backend=gcrypt or the flag isn't
|
|
# recognized.
|
|
PACKAGECONFIG[gcrypt-pbkdf2] = "--enable-gcrypt-pbkdf2"
|
|
PACKAGECONFIG[internal-argon2] = "--enable-internal-argon2,--disable-internal-argon2"
|
|
PACKAGECONFIG[internal-sse-argon2] = "--enable-internal-sse-argon2,--disable-internal-sse-argon2"
|
|
PACKAGECONFIG[blkid] = "--enable-blkid,--disable-blkid,util-linux"
|
|
PACKAGECONFIG[dev-random] = "--enable-dev-random,--disable-dev-random"
|
|
PACKAGECONFIG[luks-adjust-xts-keysize] = "--enable-luks-adjust-xts-keysize,--disable-luks-adjust-xts-keysize"
|
|
PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl"
|
|
PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt"
|
|
PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss"
|
|
PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel"
|
|
PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle"
|
|
PACKAGECONFIG[luks2] = "--with-default-luks-format=LUKS2,--with-default-luks-format=LUKS1"
|
|
|
|
|
|
EXTRA_OECONF = "--enable-static"
|
|
# Building without largefile is not supported by upstream
|
|
EXTRA_OECONF += "--enable-largefile"
|
|
# Requires a static popt library
|
|
EXTRA_OECONF += "--disable-static-cryptsetup"
|
|
# There's no recipe for libargon2 yet
|
|
EXTRA_OECONF += "--disable-libargon2"
|
|
|
|
# libcryptsetup default PBKDF algorithm, Argon2 memory cost (KB), parallel threads and iteration time (ms)
|
|
LUKS2_PBKDF ?= "argon2i"
|
|
LUKS2_MEMORYKB ?= "1048576"
|
|
LUKS2_PARALLEL_THREADS ?= "4"
|
|
LUKS2_ITERTIME ?= "2000"
|
|
|
|
EXTRA_OECONF += "--with-luks2-pbkdf=${LUKS2_PBKDF} \
|
|
--with-luks2-memory-kb=${LUKS2_MEMORYKB} \
|
|
--with-luks2-parallel-threads=${LUKS2_PARALLEL_THREADS} \
|
|
--with-luks2-iter-time=${LUKS2_ITERTIME}"
|
|
|
|
FILES:${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}"
|
|
|
|
RDEPENDS:${PN} = " \
|
|
libdevmapper \
|
|
"
|
|
|
|
RRECOMMENDS:${PN}:class-target = " \
|
|
kernel-module-aes-generic \
|
|
kernel-module-dm-crypt \
|
|
kernel-module-md5 \
|
|
kernel-module-cbc \
|
|
kernel-module-sha256-generic \
|
|
kernel-module-xts \
|
|
"
|
|
|
|
BBCLASSEXTEND = "native nativesdk"
|