diff options
author | Alyssa Ross <hi@alyssa.is> | 2022-01-24 16:54:31 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2022-03-22 21:18:07 +0000 |
commit | 6ad38730ae47fe7669ab9307cc5526080074cbe4 (patch) | |
tree | ea82eb01923d7cc4f63b66178a87f0455bc293cf | |
parent | 4d5f62b904ee02148867f073ba952290ebbfb9b0 (diff) | |
download | nixpkgs-6ad38730ae47fe7669ab9307cc5526080074cbe4.tar nixpkgs-6ad38730ae47fe7669ab9307cc5526080074cbe4.tar.gz nixpkgs-6ad38730ae47fe7669ab9307cc5526080074cbe4.tar.bz2 nixpkgs-6ad38730ae47fe7669ab9307cc5526080074cbe4.tar.lz nixpkgs-6ad38730ae47fe7669ab9307cc5526080074cbe4.tar.xz nixpkgs-6ad38730ae47fe7669ab9307cc5526080074cbe4.tar.zst nixpkgs-6ad38730ae47fe7669ab9307cc5526080074cbe4.zip |
cryptsetup: make all programs optional
Some use cases (think appliances) call for veritysetup but not cryptsetup, and others (like NixOS) don't need veritysetup and usually not integritysetup. This is especially useful for pkgsStatic where each program contains a whole copy of the libraries it needs so is quite large.
-rw-r--r-- | pkgs/os-specific/linux/cryptsetup/default.nix | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/pkgs/os-specific/linux/cryptsetup/default.nix b/pkgs/os-specific/linux/cryptsetup/default.nix index be819802394..9f324a2b73b 100644 --- a/pkgs/os-specific/linux/cryptsetup/default.nix +++ b/pkgs/os-specific/linux/cryptsetup/default.nix @@ -1,5 +1,9 @@ -{ lib, stdenv, fetchurl, lvm2, json_c -, openssl, libuuid, pkg-config, popt }: +{ lib, stdenv, fetchurl, fetchpatch, pkg-config +, lvm2, json_c, openssl, libuuid, popt +# Programs enabled by default upstream are implicitly enabled unless +# manually set to false. +, programs ? { cryptsetup-reencrypt = true; } +}: stdenv.mkDerivation rec { pname = "cryptsetup"; @@ -13,8 +17,17 @@ stdenv.mkDerivation rec { sha256 = "sha256-/A35RRiBciZOxb8dC9oIJk+tyKP4VtR+upHzH+NUtQc="; }; - # Disable 4 test cases that fail in a sandbox - patches = [ ./disable-failing-tests.patch ]; + patches = [ + # Disable 4 test cases that fail in a sandbox + ./disable-failing-tests.patch + + # If the cryptsetup program is disabled, skip tests that require it. + # https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/267 + (fetchpatch { + url = "https://gitlab.com/cryptsetup/cryptsetup/-/commit/42e7e4144ce4d0923b3dc4d860fc3b67ce29dbb9.patch"; + sha256 = "19s0pw5055skjsanf90akppjzs7lbyl7ay09lsn8v65msw7jqr2s"; + }) + ]; postPatch = '' patchShebangs tests @@ -37,7 +50,7 @@ stdenv.mkDerivation rec { # support, because the path still gets included in the binary even # though it isn't used. "--with-luks2-external-tokens-path=/" - ]; + ] ++ (with lib; mapAttrsToList (flip enableFeature)) programs; nativeBuildInputs = [ pkg-config ]; buildInputs = [ lvm2 json_c openssl libuuid popt ]; |