summary refs log tree commit diff
diff options
context:
space:
mode:
authorAlyssa Ross <hi@alyssa.is>2022-01-24 16:54:31 +0000
committerAlyssa Ross <hi@alyssa.is>2022-03-22 21:18:07 +0000
commit6ad38730ae47fe7669ab9307cc5526080074cbe4 (patch)
treeea82eb01923d7cc4f63b66178a87f0455bc293cf
parent4d5f62b904ee02148867f073ba952290ebbfb9b0 (diff)
downloadnixpkgs-6ad38730ae47fe7669ab9307cc5526080074cbe4.tar
nixpkgs-6ad38730ae47fe7669ab9307cc5526080074cbe4.tar.gz
nixpkgs-6ad38730ae47fe7669ab9307cc5526080074cbe4.tar.bz2
nixpkgs-6ad38730ae47fe7669ab9307cc5526080074cbe4.tar.lz
nixpkgs-6ad38730ae47fe7669ab9307cc5526080074cbe4.tar.xz
nixpkgs-6ad38730ae47fe7669ab9307cc5526080074cbe4.tar.zst
nixpkgs-6ad38730ae47fe7669ab9307cc5526080074cbe4.zip
cryptsetup: make all programs optional
Some use cases (think appliances) call for veritysetup but not
cryptsetup, and others (like NixOS) don't need veritysetup and usually
not integritysetup.  This is especially useful for pkgsStatic where
each program contains a whole copy of the libraries it needs so is
quite large.
-rw-r--r--pkgs/os-specific/linux/cryptsetup/default.nix23
1 files changed, 18 insertions, 5 deletions
diff --git a/pkgs/os-specific/linux/cryptsetup/default.nix b/pkgs/os-specific/linux/cryptsetup/default.nix
index be819802394..9f324a2b73b 100644
--- a/pkgs/os-specific/linux/cryptsetup/default.nix
+++ b/pkgs/os-specific/linux/cryptsetup/default.nix
@@ -1,5 +1,9 @@
-{ lib, stdenv, fetchurl, lvm2, json_c
-, openssl, libuuid, pkg-config, popt }:
+{ lib, stdenv, fetchurl, fetchpatch, pkg-config
+, lvm2, json_c, openssl, libuuid, popt
+# Programs enabled by default upstream are implicitly enabled unless
+# manually set to false.
+, programs ? { cryptsetup-reencrypt = true; }
+}:
 
 stdenv.mkDerivation rec {
   pname = "cryptsetup";
@@ -13,8 +17,17 @@ stdenv.mkDerivation rec {
     sha256 = "sha256-/A35RRiBciZOxb8dC9oIJk+tyKP4VtR+upHzH+NUtQc=";
   };
 
-  # Disable 4 test cases that fail in a sandbox
-  patches = [ ./disable-failing-tests.patch ];
+  patches = [
+    # Disable 4 test cases that fail in a sandbox
+    ./disable-failing-tests.patch
+
+    # If the cryptsetup program is disabled, skip tests that require it.
+    # https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/267
+    (fetchpatch {
+      url = "https://gitlab.com/cryptsetup/cryptsetup/-/commit/42e7e4144ce4d0923b3dc4d860fc3b67ce29dbb9.patch";
+      sha256 = "19s0pw5055skjsanf90akppjzs7lbyl7ay09lsn8v65msw7jqr2s";
+    })
+  ];
 
   postPatch = ''
     patchShebangs tests
@@ -37,7 +50,7 @@ stdenv.mkDerivation rec {
     # support, because the path still gets included in the binary even
     # though it isn't used.
     "--with-luks2-external-tokens-path=/"
-  ];
+  ] ++ (with lib; mapAttrsToList (flip enableFeature)) programs;
 
   nativeBuildInputs = [ pkg-config ];
   buildInputs = [ lvm2 json_c openssl libuuid popt ];