Re: [meta-oe][PATCH] cryptsetup: Add support for building without SSH tokens


Peter Kjellerstedt
 

-----Original Message-----
From: openembedded-devel@... <openembedded-devel@...> On Behalf Of Peter Kjellerstedt
Sent: den 8 juni 2022 20:27
To: openembedded-devel@...
Subject: [oe] [meta-oe][PATCH] cryptsetup: Add support for building without SSH tokens
This is now on master. Please backport it to Kirkstone.

//Peter


Cryptsetup SSH tokens is the only feature that has a dependency on
libssh. Add a packageconfig to control this dependency.

Change-Id: Iac4f91e099ad2e3a79aab183734108f8bfbff57f
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@...>
---
.../recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb
index 435b55477..652fd6661 100644
--- a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb
+++ b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb
@@ -14,7 +14,6 @@ DEPENDS = " \
libdevmapper \
popt \
util-linux-libuuid \
- libssh \
"

DEPENDS:append:libc-musl = " argp-standalone"
@@ -39,6 +38,7 @@ PACKAGECONFIG ??= " \
blkid \
luks-adjust-xts-keysize \
openssl \
+ ssh-token \
"
PACKAGECONFIG:append:class-target = " \
udev \
@@ -69,7 +69,7 @@ PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss"
PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel"
PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle"
PACKAGECONFIG[luks2] = "--with-default-luks-format=LUKS2,--with-default-luks-format=LUKS1"
-
+PACKAGECONFIG[ssh-token] = "--enable-ssh-token,--disable-ssh-token,libssh"

EXTRA_OECONF = "--enable-static"
# Building without largefile is not supported by upstream
@@ -90,6 +90,14 @@ EXTRA_OECONF += "--with-luks2-pbkdf=${LUKS2_PBKDF} \
--with-luks2-parallel-threads=${LUKS2_PARALLEL_THREADS} \
--with-luks2-iter-time=${LUKS2_ITERTIME}"

+do_install:append() {
+ # The /usr/lib/cryptsetup directory is always created, even when ssh-token
+ # is disabled. In that case it is empty and causes a packaging error. Since
+ # there is no reason to distribute the empty directory, the easiest solution
+ # is to remove it if it is empty.
+ rmdir -p --ignore-fail-on-non-empty ${D}${libdir}/${BPN}
+}
+
FILES:${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}"

RDEPENDS:${PN} = " \

Join {openembedded-devel@lists.openembedded.org to automatically receive all group messages.