From 4d5f62b904ee02148867f073ba952290ebbfb9b0 Mon Sep 17 00:00:00 2001
From: Alyssa Ross <hi@alyssa.is>
Date: Mon, 24 Jan 2022 12:53:19 +0000
Subject: cryptsetup: separate binaries from libraries

This reduces closure sizes by making the libraries not depend on the
binaries, which is good for static builds, and (when statically
linked) making the binaries not depend on the libraries, which is good
for static builds.

When static building, we additionally have to disable loading LUKS
plugins from $lib to avoid a reference, which probably wouldn't have
worked anyway.
---
 pkgs/os-specific/linux/cryptsetup/default.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pkgs/os-specific/linux/cryptsetup/default.nix b/pkgs/os-specific/linux/cryptsetup/default.nix
index a9bd508d16e..be819802394 100644
--- a/pkgs/os-specific/linux/cryptsetup/default.nix
+++ b/pkgs/os-specific/linux/cryptsetup/default.nix
@@ -5,7 +5,7 @@ stdenv.mkDerivation rec {
   pname = "cryptsetup";
   version = "2.4.3";
 
-  outputs = [ "out" "dev" "man" ];
+  outputs = [ "bin" "out" "dev" "man" ];
   separateDebugInfo = true;
 
   src = fetchurl {
@@ -31,6 +31,12 @@ stdenv.mkDerivation rec {
     "--enable-cryptsetup-reencrypt"
     "--with-crypto_backend=openssl"
     "--disable-ssh-token"
+  ] ++ lib.optionals stdenv.hostPlatform.isStatic [
+    "--disable-external-tokens"
+    # We have to override this even though we're removing token
+    # support, because the path still gets included in the binary even
+    # though it isn't used.
+    "--with-luks2-external-tokens-path=/"
   ];
 
   nativeBuildInputs = [ pkg-config ];
-- 
cgit 1.4.1