From e1b8e22f8e72601ec05e823827c3d5c9368a3f55 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Tue, 2 Nov 2021 03:25:00 +0100 Subject: package: cryptsetup: Update to 2.4.1 There is a new (optional) dependency libargon2 - a builtin fallback exists but is supposed to be slow. Add mandatory kernel modules for kernel crypto backend and the default cipher choice when creating new LUKS mappings. Signed-off-by: Phil Sutter --- package/cryptsetup/Makefile | 51 ++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 46 insertions(+), 5 deletions(-) diff --git a/package/cryptsetup/Makefile b/package/cryptsetup/Makefile index 2661ac0ae..1a24306ac 100644 --- a/package/cryptsetup/Makefile +++ b/package/cryptsetup/Makefile @@ -4,22 +4,63 @@ include ${ADK_TOPDIR}/rules.mk PKG_NAME:= cryptsetup -PKG_VERSION:= 2.0.3 +PKG_VERSION:= 2.4.1 PKG_RELEASE:= 1 -PKG_HASH:= 4d6cca04c1f5ff4a68d045d190efb2623087eda0274ded92f92a4b6911e501d4 -PKG_DESCR:= utility used to conveniently setup disk encryption +PKG_HASH:= a356a727a83a464ade566e95239622a22dbe4e0f482b198fdb04ab0d3a5a9c5f +PKG_DESCR:= utility used to conveniently setup disk encryption PKG_SECTION:= app/crypto PKG_DEPENDS:= libgcrypt device-mapper libuuid libpopt json-c libncurses PKG_BUILDDEP:= libgcrypt popt e2fsprogs lvm json-c ncurses +PKG_NEEDS:= iconv +PKG_KDEPENDS:= crypto-user-api-hash crypto-user-api-skcipher +PKG_KDEPENDS+= crypto-user-api-rng crypto-user-api-aead +# these are the default algorithms used by older and newer cryptsetup versions +PKG_KDEPENDS+= dm-crypt crypto-essiv crypto-cbc crypto-xts +PKG_KDEPENDS+= crypto-aes crypto-sha1 crypto-sha256 PKG_URL:= https://gitlab.com/cryptsetup/cryptsetup -PKG_SITES:= https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/ +PKG_SITES:= https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/ PKG_OPTS:= dev +PKG_FLAVOURS_CRYPTSETUP:= WITH_LIBARGON2 +PKGFD_WITH_LIBARGON2:= use libargon2 instead of the slow internal one +PKGFS_WITH_LIBARGON2:= libargon2 +PKGFB_WITH_LIBARGON2:= libargon2 +PKGFX_WITH_LIBARGON2:= y + +PKG_CHOICES_CRYPTSETUP:= WITH_GCRYPT WITH_KERNEL WITH_NETTLE WITH_OPENSSL +PKGCD_WITH_GCRYPT:= use libgcrypt crypto backend +PKGCS_WITH_GCRYPT:= libgcrypt libgpg-error +PKGCB_WITH_GCRYPT:= libgcrypt libgpg-error +PKGCD_WITH_KERNEL:= use kernel user API crypto backend (slow) +PKGCD_WITH_NETTLE:= use libnettle crypto backend +PKGCS_WITH_NETTLE:= libnettle +PKGCB_WITH_NETTLE:= libnettle +PKGCD_WITH_OPENSSL:= use OpenSSL crypto backend +PKGCS_WITH_OPENSSL:= libressl +PKGCB_WITH_OPENSSL:= libressl + include ${ADK_TOPDIR}/mk/package.mk $(eval $(call PKG_template,CRYPTSETUP,${PKG_NAME},${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION},${PKG_OPTS})) -CONFIGURE_ARGS+= --disable-selinux +CONFIGURE_ARGS+= --disable-selinux \ + --disable-ssh-token \ + --disable-udev \ + --disable-nls \ + --enable-libargon2 + +ifeq (${ADK_PACKAGE_CRYPTSETUP_WITH_GCRYPT},y) +CONFIGURE_ARGS+= --with-crypto_backend=gcrypt +endif +ifeq (${ADK_PACKAGE_CRYPTSETUP_WITH_KERNEL},y) +CONFIGURE_ARGS+= --with-crypto_backend=kernel +endif +ifeq (${ADK_PACKAGE_CRYPTSETUP_WITH_NETTLE},y) +CONFIGURE_ARGS+= --with-crypto_backend=nettle +endif +ifeq (${ADK_PACKAGE_CRYPTSETUP_WITH_OPENSSL},y) +CONFIGURE_ARGS+= --with-crypto_backend=openssl +endif cryptsetup-install: ${INSTALL_DIR} ${IDIR_CRYPTSETUP}/usr/sbin ${IDIR_CRYPTSETUP}/usr/lib -- cgit v1.2.3