[PATCH core-updates 0/7] Cryptsetup woes

  • Open
  • quality assurance status badge
Details
2 participants
  • Josselin Poiret
  • Maxim Cournoyer
Owner
unassigned
Submitted by
Josselin Poiret
Severity
normal
J
J
Josselin Poiret wrote on 22 Jan 14:33 +0100
(address . guix-patches@gnu.org)(name . Josselin Poiret)(address . dev@jpoiret.xyz)
cover.1705762361.git.dev@jpoiret.xyz
Hi everyone,

I'm working on core-updates, trying to build gnome and the desktop
configuration example. I've already pushed some fixes, but cryptsetup and
lvm2 are proving to be quite annoying: for the same reason as the recent mpv
patches [1], the Require.private fields of pkg-config files are actually used
even when dynamic linking [2]. This means we need to propagate some
transitive dependencies for users of the library, but here the packages also
contain binaries for end-users and we don't want to propagate to them.

So in the meantime, I just added some new functions
libdevmapper-propagated-inputs and libcryptsetup-propagated-inputs that I then
manually included in the dependents's inputs. I am not satisfied by this, but
this is better than manually adding each needed transitive input, or
propagating to end-users.

Any ideas?

[1] mid:521d0ba6e3d10b3b8aa98b35862d819c82223412.1704430613.git.hako@ultrarare.space

Best,

Josselin Poiret (7):
gnu: cryptsetup: Update to 2.6.1.
gnu: Add libdevmapper-propagated-inputs.
gnu: Add libcryptsetup-propagated-inputs.
gnu: volume-key: Add required transitive dependencies.
gnu: libblockdev: Add libcryptsetup propagated inputs.
gnu: lvm2-static: Properly handle eudev dependency in pkg-config.
gnu: cryptsetup-static: Fix static build.

gnu/packages/cryptsetup.scm | 104 +++++++++++++++++++++---------------
gnu/packages/disk.scm | 46 ++++++++--------
gnu/packages/linux.scm | 42 +++++++++------
3 files changed, 111 insertions(+), 81 deletions(-)


base-commit: a5735488d3917ccb95fa975385ff294c4e3b9521
--
2.41.0
J
J
Josselin Poiret wrote on 22 Jan 14:36 +0100
[PATCH core-updates 1/7] gnu: cryptsetup: Update to 2.6.1.
(address . 68656@debbugs.gnu.org)(name . Josselin Poiret)(address . dev@jpoiret.xyz)
9939efb9bb6e769d0a0298183128e4b6c34771d2.1705762361.git.dev@jpoiret.xyz
From: Josselin Poiret <dev@jpoiret.xyz>

* gnu/packages/cryptsetup.scm (cryptsetup): Update to 2.6.1. Disable external
tokens for now.

Change-Id: I5610cabfbd46d010a8241430d8d90f5920847c04
---
gnu/packages/cryptsetup.scm | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)

Toggle diff (48 lines)
diff --git a/gnu/packages/cryptsetup.scm b/gnu/packages/cryptsetup.scm
index 3bdc68ae5a..3cb669206a 100644
--- a/gnu/packages/cryptsetup.scm
+++ b/gnu/packages/cryptsetup.scm
@@ -30,12 +30,13 @@ (define-module (gnu packages cryptsetup)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages popt)
#:use-module (gnu packages linux)
+ #:use-module (gnu packages ruby)
#:use-module (gnu packages web))
(define-public cryptsetup
(package
(name "cryptsetup")
- (version "2.3.7")
+ (version "2.6.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://kernel.org/linux/utils/cryptsetup/v"
@@ -43,7 +44,7 @@ (define-public cryptsetup
"/cryptsetup-" version ".tar.xz"))
(sha256
(base32
- "1a97rvi6arsj8dikh1qsvixx9rizm89k155q2ypifqlqllr530v1"))))
+ "14s6vbb9llpgnhmv0badxxzhi73jp4vyvp8swk4bjah7l5jys3a1"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
@@ -54,12 +55,16 @@ (define-public cryptsetup
"--with-crypto_backend=gcrypt"
;; GRUB 2.06 supports LUKS2, but does it reliably support all set-ups…?
"--with-default-luks-format=LUKS1"
+ ;; External tokens would need an env variable to work on Guix, and we
+ ;; don't have users for it yet.
+ "--disable-external-tokens"
+ "--disable-ssh-token"
;; libgcrypt is not found otherwise when cross-compiling.
;; <https://issues.guix.gnu.org/63864>
(string-append "--with-libgcrypt-prefix="
(assoc-ref %build-inputs "libgcrypt")))))
(native-inputs
- (list pkg-config))
+ (list pkg-config ruby-asciidoctor))
(inputs
(list argon2
json-c
--
2.41.0
J
J
Josselin Poiret wrote on 22 Jan 14:36 +0100
[PATCH core-updates 2/7] gnu: Add libdevmapper-propagated-inputs.
(address . 68656@debbugs.gnu.org)(name . Josselin Poiret)(address . dev@jpoiret.xyz)
04d8f33027a67a32de0460a490bd2be727650070.1705762361.git.dev@jpoiret.xyz
From: Josselin Poiret <dev@jpoiret.xyz>

* gnu/packages/linux.scm (libdevmapper-propagated-inputs): Record needed
inputs for libdevmapper.

Change-Id: I6db51ea2ce640f77198fd67f0e2480052907f28e
---
gnu/packages/linux.scm | 3 +++
1 file changed, 3 insertions(+)

Toggle diff (16 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 5cfd2025f6..2977b8f88e 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -4588,6 +4588,9 @@ (define-public lvm2
;; Command-line tools are GPLv2.
(license (list license:gpl2 license:lgpl2.1))))
+(define-public (libdevmapper-propagated-inputs)
+ (list eudev))
+
(define-public lvm2-static
(package
(inherit lvm2)
--
2.41.0
J
J
Josselin Poiret wrote on 22 Jan 14:36 +0100
[PATCH core-updates 3/7] gnu: Add libcryptsetup-propagated-inputs.
(address . 68656@debbugs.gnu.org)(name . Josselin Poiret)(address . dev@jpoiret.xyz)
cbe5ba7a852f836ddead50d728a4139d1a74e799.1705762361.git.dev@jpoiret.xyz
From: Josselin Poiret <dev@jpoiret.xyz>

* gnu/packages/cryptsetup.scm (libcryptsetup-propagated-inputs): Record needed
inputs for libcryptsetup.

Change-Id: Ia630f2d5f180536d997af93e57aa547379b2c010
---
gnu/packages/cryptsetup.scm | 7 +++++++
1 file changed, 7 insertions(+)

Toggle diff (20 lines)
diff --git a/gnu/packages/cryptsetup.scm b/gnu/packages/cryptsetup.scm
index 3cb669206a..8e2bdb6d9e 100644
--- a/gnu/packages/cryptsetup.scm
+++ b/gnu/packages/cryptsetup.scm
@@ -91,6 +91,13 @@ (define-public cryptsetup
(license license:gpl2)
(home-page "https://gitlab.com/cryptsetup/cryptsetup")))
+(define-public (libcryptsetup-propagated-inputs)
+ (list argon2
+ json-c
+ libgcrypt
+ lvm2
+ `(,util-linux "lib")))
+
(define (static-library library)
"Return a variant of package LIBRARY that provides static libraries ('.a'
files). This assumes LIBRARY uses Libtool."
--
2.41.0
J
J
Josselin Poiret wrote on 22 Jan 14:36 +0100
[PATCH core-updates 4/7] gnu: volume-key: Add required transitive dependencies.
(address . 68656@debbugs.gnu.org)(name . Josselin Poiret)(address . dev@jpoiret.xyz)
feea14dac4f0ade45673c0971da4a3d2badb2d43.1705762361.git.dev@jpoiret.xyz
From: Josselin Poiret <dev@jpoiret.xyz>

* gnu/packages/disk.scm (volume-key): Add transitive dependencies for
libdevmapper and libcryptsetup.

Change-Id: Iaced5bedd2f6ec8e67118b2ee4d01f14704a3694
---
gnu/packages/disk.scm | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)

Toggle diff (26 lines)
diff --git a/gnu/packages/disk.scm b/gnu/packages/disk.scm
index 4582ad3555..6cc191ff25 100644
--- a/gnu/packages/disk.scm
+++ b/gnu/packages/disk.scm
@@ -1036,12 +1036,13 @@ (define-public volume-key
(native-inputs
(list pkg-config swig python-3)) ; used to generate the Python bindings
(inputs
- `(("cryptsetup" ,cryptsetup)
- ("nss" ,nss)
- ("libblkid" ,util-linux "lib")
- ("lvm2" ,lvm2) ; for "-ldevmapper"
- ("glib" ,glib)
- ("gpgme" ,gpgme)))
+ (append
+ (cons cryptsetup (libcryptsetup-propagated-inputs))
+ (cons lvm2 (libdevmapper-propagated-inputs))
+ (list nss
+ (list util-linux "lib")
+ glib
+ gpgme)))
(arguments
`(#:tests? #f ; not sure how tests are supposed to pass, even when run manually
#:phases
--
2.41.0
J
J
Josselin Poiret wrote on 22 Jan 14:36 +0100
[PATCH core-updates 5/7] gnu: libblockdev: Add libcryptsetup propagated inputs.
(address . 68656@debbugs.gnu.org)(name . Josselin Poiret)(address . dev@jpoiret.xyz)
e900748bbe06a2f3f594986fdc73e5848935a9ac.1705762361.git.dev@jpoiret.xyz
From: Josselin Poiret <dev@jpoiret.xyz>

* gnu/packages/disk.scm (libblockdev): Add propagated inputs from libcryptsetup.

Change-Id: I4e1a6330f093d7829b1cd97921d078c524f5f9fc
---
gnu/packages/disk.scm | 33 +++++++++++++++++----------------
1 file changed, 17 insertions(+), 16 deletions(-)

Toggle diff (46 lines)
diff --git a/gnu/packages/disk.scm b/gnu/packages/disk.scm
index 6cc191ff25..20956c1bda 100644
--- a/gnu/packages/disk.scm
+++ b/gnu/packages/disk.scm
@@ -1198,22 +1198,23 @@ (define-public libblockdev
python-wrapper
util-linux))
(inputs
- (list btrfs-progs
- cryptsetup
- dosfstools
- dmraid
- eudev
- glib
- kmod
- libbytesize
- libyaml
- lvm2
- mdadm
- ndctl
- nss
- parted
- volume-key
- xfsprogs))
+ (append
+ (cons cryptsetup (libcryptsetup-propagated-inputs))
+ (list btrfs-progs
+ dosfstools
+ dmraid
+ eudev
+ glib
+ kmod
+ libbytesize
+ libyaml
+ lvm2
+ mdadm
+ ndctl
+ nss
+ parted
+ volume-key
+ xfsprogs)))
(home-page "https://github.com/storaged-project/libblockdev")
(synopsis "Library for manipulating block devices")
(description
--
2.41.0
J
J
Josselin Poiret wrote on 22 Jan 14:36 +0100
[PATCH core-updates 6/7] gnu: lvm2-static: Properly handle eudev dependency in pkg-config.
(address . 68656@debbugs.gnu.org)(name . Josselin Poiret)(address . dev@jpoiret.xyz)
d478510e9c40735ea53cebead0651e4a6baa4ed4.1705762361.git.dev@jpoiret.xyz
From: Josselin Poiret <dev@jpoiret.xyz>

* gnu/packages/linux.scm (lvm2-static): Add linking flags for the static eudev
output.

Change-Id: Ic43be600f0569a8ffa69544cbf661f05d82e2084
---
gnu/packages/linux.scm | 39 ++++++++++++++++++++++++---------------
1 file changed, 24 insertions(+), 15 deletions(-)

Toggle diff (59 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 2977b8f88e..38a7caf71b 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -4596,8 +4596,8 @@ (define-public lvm2-static
(inherit lvm2)
(name "lvm2-static")
- ;; Propagate udev because libdevmapper.a depends on libudev.
- (propagated-inputs `(("udev:static" ,eudev "static")))
+ (inputs `(,@(package-inputs lvm2)
+ ("udev:static" ,eudev "static")))
(arguments
(substitute-keyword-arguments (package-arguments lvm2)
@@ -4611,19 +4611,28 @@ (define-public lvm2-static
;; it until the situation improves.
(delete "--enable-dmeventd" ,flags)))
((#:phases phases)
- `(modify-phases ,phases
- (add-before 'configure 'adjust-Makefile
- (lambda _
- ;; These fixes are related to the upstream libdm->device_mapper
- ;; migration and will hopefully be fixed upstream in due time.
- (substitute* "tools/Makefile.in"
- ;; This variable is empty in a static configuration and causes
- ;; an erroneous GCC command line.
- (("-L\\$\\(interfacebuilddir\\)") "")
- ;; Remove obsolete reference to libdevmapper.a.
- (("-ldevmapper") ""))
- #t))))))
- (synopsis "Logical volume management for Linux (statically linked)")))
+ #~(modify-phases #$phases
+ (add-before 'configure 'adjust-Makefile
+ (lambda _
+ ;; These fixes are related to the upstream libdm->device_mapper
+ ;; migration and will hopefully be fixed upstream in due time.
+ (substitute* "tools/Makefile.in"
+ ;; This variable is empty in a static configuration and causes
+ ;; an erroneous GCC command line.
+ (("-L\\$\\(interfacebuilddir\\)") "")
+ ;; Remove obsolete reference to libdevmapper.a.
+ (("-ldevmapper") ""))
+ #t))
+ (add-after 'install 'adjust-pkgconfig
+ ;; The static eudev is missing its pkg config file, and I am not
+ ;; rebuilding it at this point.
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* (string-append #$output "/lib/pkgconfig/devmapper.pc")
+ (("Requires.private: .*") "")
+ (("Libs.private:")
+ (format #f "Libs.private: -L~a -ludev"
+ (dirname (search-input-file inputs "lib/libudev.a")))))))))))
+ (synopsis "Logical volume management for Linux (statically linked)")))
(define-public thin-provisioning-tools
(package
--
2.41.0
J
J
Josselin Poiret wrote on 22 Jan 14:36 +0100
[PATCH core-updates 7/7] gnu: cryptsetup-static: Fix static build.
(address . 68656@debbugs.gnu.org)(name . Josselin Poiret)(address . dev@jpoiret.xyz)
3b0266f455e3789bc3eb9eaa5f9e26551312852c.1705762361.git.dev@jpoiret.xyz
From: Josselin Poiret <dev@jpoiret.xyz>

* gnu/packages/cryptsetup.scm (cryptsetup-static): Pass static variants of
dependencies. Also work around wrong pkg-config paths of util-linux for the
static output.

Change-Id: I025f241b02ee0ea80227ef7d31789571e635ef2c
---
gnu/packages/cryptsetup.scm | 86 +++++++++++++++++++------------------
1 file changed, 45 insertions(+), 41 deletions(-)

Toggle diff (115 lines)
diff --git a/gnu/packages/cryptsetup.scm b/gnu/packages/cryptsetup.scm
index 8e2bdb6d9e..8ff649bccc 100644
--- a/gnu/packages/cryptsetup.scm
+++ b/gnu/packages/cryptsetup.scm
@@ -23,6 +23,7 @@ (define-module (gnu packages cryptsetup)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix build-system gnu)
+ #:use-module (guix gexp)
#:use-module (guix utils)
#:use-module (gnu packages)
#:use-module (gnu packages gnupg)
@@ -116,56 +117,59 @@ (define-public cryptsetup-static
(inherit cryptsetup)
(name "cryptsetup-static")
(arguments
- '(#:configure-flags '("--disable-shared"
- "--enable-static-cryptsetup"
-
- "--disable-veritysetup"
- "--disable-cryptsetup-reencrypt"
- "--disable-integritysetup"
-
- ;; The default is OpenSSL which provides better PBKDF performance.
- "--with-crypto_backend=gcrypt"
-
- "--disable-blkid"
- ;; 'libdevmapper.a' pulls in libpthread, libudev and libm.
- "LIBS=-ludev -pthread -lm")
-
- #:allowed-references () ;this should be self-contained
-
- #:modules ((ice-9 ftw)
- (ice-9 match)
- (guix build utils)
- (guix build gnu-build-system))
+ (substitute-keyword-arguments (package-arguments cryptsetup)
+ ((#:configure-flags flags ''())
+ `(cons* "--disable-shared"
+ "--enable-static-cryptsetup"
- #:phases (modify-phases %standard-phases
- (add-after 'install 'remove-cruft
- (lambda* (#:key outputs #:allow-other-keys)
- ;; Remove everything except the 'cryptsetup' command.
- (let ((out (assoc-ref outputs "out")))
- (with-directory-excursion out
- (let ((dirs (scandir "."
- (match-lambda
- ((or "." "..") #f)
- (_ #t)))))
- (for-each delete-file-recursively
- (delete "sbin" dirs))
- (for-each (lambda (file)
- (rename-file (string-append file
- ".static")
- file)
- (remove-store-references file))
- '("sbin/cryptsetup"))
- #t))))))))
+ "--disable-veritysetup"
+ "--disable-integritysetup"
+ ;; Bypass broken pkg-config paths for the static output of
+ ;; util-linux. Only blkid is located through pkg-config, not
+ ;; uuid.
+ (format #f "BLKID_CFLAGS=-I~a"
+ (search-input-directory %build-inputs "include/blkid"))
+ (format #f "BLKID_LIBS=-L~a -lblkid"
+ (dirname (search-input-file %build-inputs "lib/libblkid.a")))
+ ,flags))
+ ((#:allowed-references refs '())
+ '())
+ ((#:modules modules '())
+ '((ice-9 ftw)
+ (ice-9 match)
+ (guix build utils)
+ (guix build gnu-build-system)))
+ ((#:phases phases #~%standard-phases)
+ #~(modify-phases #$phases
+ (add-after 'install 'remove-cruft
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Remove everything except the 'cryptsetup' command.
+ (let ((out (assoc-ref outputs "out")))
+ (with-directory-excursion out
+ (let ((dirs (scandir "."
+ (match-lambda
+ ((or "." "..") #f)
+ (_ #t)))))
+ (for-each delete-file-recursively
+ (delete "sbin" dirs))
+ (for-each (lambda (file)
+ (rename-file (string-append file
+ ".static")
+ file)
+ (remove-store-references file))
+ '("sbin/cryptsetup"))
+ #t)))))))))
(inputs
(let ((libgcrypt-static
(package
(inherit (static-library libgcrypt))
(propagated-inputs
`(("libgpg-error-host" ,(static-library libgpg-error)))))))
- `(("json-c" ,json-c-0.13)
+ `(("argon2" ,(static-library argon2))
+ ("json-c" ,(static-library json-c-0.13))
("libgcrypt" ,libgcrypt-static)
("lvm2" ,lvm2-static)
("util-linux" ,util-linux "static")
("util-linux" ,util-linux "lib")
- ("popt" ,popt))))
+ ("popt" ,(static-library popt)))))
(synopsis "Hard disk encryption tool (statically linked)")))
--
2.41.0
M
M
Maxim Cournoyer wrote on 24 Jan 17:42 +0100
Re: [bug#68656] [PATCH core-updates 0/7] Cryptsetup woes
(name . Josselin Poiret)(address . dev@jpoiret.xyz)(address . 68656@debbugs.gnu.org)
87wmrywun5.fsf@gmail.com
Hi Josselin,

Josselin Poiret <dev@jpoiret.xyz> writes:

Toggle quote (8 lines)
> Hi everyone,
>
> I'm working on core-updates, trying to build gnome and the desktop
> configuration example. I've already pushed some fixes, but cryptsetup and
> lvm2 are proving to be quite annoying: for the same reason as the recent mpv
> patches [1], the Require.private fields of pkg-config files are actually used
> even when dynamic linking [2].

Ooof. I've read this whole thread, and if I got something right, our
best options would be:

1. try using pkgconf instead of pkg-config, which supports
Requires.internal as a correct way to define Requires.private for truly
private libraries, and may have a different handling (more correct?) of
the Requires.private field.

2. Specify the -Ddefault_library=shared in the default configure-flags
of Meson; when done that way, Meson doesn't add the libs to
Requires.private in its generated .pc files. That obviously means
building static libraries is not supported, but that's not a concern too
great for Guix, I would think.

Thoughts?

--
Thanks,
Maxim
?