tribes/guix-tribes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
24cb6694d04b74c58a3906cfacb70fe20a77022d
guix-tribes/nbde/packages/crypto.scm

183 lines
6.7 KiB
Scheme
Raw Blame History

(define-module (nbde packages crypto)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix build-system gnu)
#:use-module (guix build-system meson)
#:use-module (guix download)
#:use-module (guix gexp)
#:use-module (guix packages)
#:use-module (guix utils)
#:use-module (gnu packages admin)
#:use-module (gnu packages autotools)
#:use-module (gnu packages bash)
#:use-module (gnu packages base)
#:use-module (gnu packages build-tools)
#:use-module (gnu packages compression)
#:use-module (gnu packages curl)
#:use-module (gnu packages cryptsetup)
#:use-module (gnu packages documentation)
#:use-module (gnu packages hardware)
#:use-module (gnu packages jose)
#:use-module (gnu packages linux)
#:use-module (gnu packages ninja)
#:use-module (gnu packages networking)
#:use-module (gnu packages password-utils)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages tls)
#:use-module (gnu packages web)
#:export (luksmeta tang clevis))
(define-public luksmeta
(package
(name "luksmeta")
(version "10")
(source
(origin
(method url-fetch)
(uri (string-append "https://github.com/latchset/luksmeta/archive/refs/tags/v"
version
".tar.gz"))
(sha256
(base32 "18mkb5xl2aln61gnqf9v2245akcmh8cbmmhs3p8v5qysgk1qns3d"))))
(build-system gnu-build-system)
(native-inputs
(list autoconf automake libtool pkg-config asciidoc))
(inputs
(append
(list cryptsetup
eudev)
(libcryptsetup-propagated-inputs)))
(arguments
(list
#:phases
#~(modify-phases %standard-phases
(add-before 'configure 'bootstrap
(lambda _
(invoke "autoreconf" "-vfi"))))))
(home-page "https://github.com/latchset/luksmeta/")
(synopsis "Metadata helper for LUKS headers")
(description
"LUKSMeta stores small pieces of metadata in the LUKS header. Clevis
uses it to manage bindings on LUKS1 devices.")
(license license:lgpl2.1+)))
(define-public tang
(package
(name "tang")
(version "15")
(source
(origin
(method url-fetch)
(uri (string-append "https://github.com/latchset/tang/archive/refs/tags/v"
version
".tar.gz"))
(sha256
(base32 "1abx1ajmakhyi8697lwhsbmn0zvhrlnwi79b208wqv73rnkfmfhb"))))
(build-system meson-build-system)
(native-inputs
(list asciidoc curl iproute meson ninja pkg-config))
(inputs
(list http-parser jansson jose openssl zlib))
(arguments
(list
#:tests? #f
#:phases
#~(modify-phases %standard-phases
(add-after 'unpack 'patch-http-parser-detection
(lambda _
(substitute* "meson.build"
(("inc_dir = meson.get_external_property\\('inc_dir', '-I/usr/local/include'\\)")
"inc_dir = ''")
(("lib_dir = meson.get_external_property\\('lib_dir','/usr/local/lib'\\)")
"lib_dir = ''")
(("if compiler.has_header\\('llhttp.h', args: inc_dir\\)")
"if compiler.has_header('llhttp.h')")
(("if not compiler.has_header\\('http_parser.h', args: inc_dir\\)")
"if not compiler.has_header('http_parser.h')")
(("http_parser = compiler.find_library\\(http_lib, dirs: \\[lib_dir\\]\\)")
"http_parser = compiler.find_library(http_lib)"))))
(add-after 'install 'wrap-tools
(lambda _
(use-modules (guix build utils))
(let ((jose-bin (string-append #$jose "/bin"))
(out #$output))
(wrap-program (string-append out "/bin/tang-show-keys")
`("PATH" ":" prefix (,jose-bin)))
(wrap-program (string-append out "/libexec/tangd-keygen")
`("PATH" ":" prefix (,jose-bin)))
(wrap-program (string-append out "/libexec/tangd-rotate-keys")
`("PATH" ":" prefix (,jose-bin)))))))))
(home-page "https://github.com/latchset/tang")
(synopsis "Server for binding data to network presence")
(description
"Tang is a stateless server for network-bound encryption. It provides
the server side of the Clevis and Tang NBDE workflow and can run in standalone
mode without systemd.")
(license license:gpl3+)))
(define-public clevis
(package
(name "clevis")
;; Nixpkgs currently packages v21. Bump once the v22 release hash is
;; confirmed in the channel workflow.
(version "21")
(source
(origin
(method url-fetch)
(uri (string-append "https://github.com/latchset/clevis/archive/refs/tags/v"
version
".tar.gz"))
(sha256
(base32 "04q0xzi4c3b8nhlgdwdm7v0wh33763543az1k2g7jyik7028z8qb"))))
(build-system meson-build-system)
(native-inputs
(list asciidoc meson ninja pkg-config))
(inputs
(append
(list bash-minimal
coreutils
cryptsetup
curl
eudev
grep
jansson
jose
libpwquality
luksmeta
openssl
sed
tpm2-tools
zlib)
(libcryptsetup-propagated-inputs)))
(arguments
(list
#:tests? #f
#:phases
#~(modify-phases %standard-phases
(add-after 'unpack 'patch-absolute-cat
(lambda _
(substitute* (find-files "src" ".*")
(("/bin/cat") (string-append #$coreutils "/bin/cat")))))
(add-after 'install 'wrap-clevis
(lambda _
(use-modules (guix build utils))
(let ((out #$output))
(wrap-program (string-append out "/bin/clevis")
`("PATH" ":" prefix
(,(string-append out "/bin")
,(string-append #$coreutils "/bin")
,(string-append #$cryptsetup "/bin")
,(string-append #$cryptsetup "/sbin")
,(string-append #$curl "/bin")
,(string-append #$grep "/bin")
,(string-append #$jose "/bin")
,(string-append #$luksmeta "/bin")
,(string-append #$sed "/bin")
,(string-append #$tpm2-tools "/bin"))))))))))
(home-page "https://github.com/latchset/clevis")
(synopsis "Automated decryption framework")
(description
"Clevis is a pluggable framework for automated decryption. It can bind
LUKS devices to Tang, TPM2, and other pins, and provides the client-side
commands needed for unattended unlock.")
(license license:gpl3+)))
Reference in New Issue View Git Blame Copy Permalink