From patchwork Tue Sep 14 12:13:11 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brendan Tildesley X-Patchwork-Id: 32824 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id DA97A27BBE3; Tue, 14 Sep 2021 13:14:41 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,T_DKIM_INVALID, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 3AC3527BBE1 for ; Tue, 14 Sep 2021 13:14:41 +0100 (BST) Received: from localhost ([::1]:55728 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mQ7Ki-0000ir-2G for patchwork@mira.cbaines.net; Tue, 14 Sep 2021 08:14:40 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52568) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mQ7K6-0000de-Mv for guix-patches@gnu.org; Tue, 14 Sep 2021 08:14:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:36315) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mQ7K6-0005q4-BZ for guix-patches@gnu.org; Tue, 14 Sep 2021 08:14:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1mQ7K6-0005Mj-4H for guix-patches@gnu.org; Tue, 14 Sep 2021 08:14:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#50428] [PATCH] gnu: Add cryfs Resent-From: Brendan Tildesley Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 14 Sep 2021 12:14:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 50428 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Ludovic =?utf-8?q?Court=C3=A8s?= Cc: "50428@debbugs.gnu.org" <50428@debbugs.gnu.org> Received: via spool by 50428-submit@debbugs.gnu.org id=B50428.163162161020565 (code B ref 50428); Tue, 14 Sep 2021 12:14:02 +0000 Received: (at 50428) by debbugs.gnu.org; 14 Sep 2021 12:13:30 +0000 Received: from localhost ([127.0.0.1]:47858 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mQ7JV-0005LX-FX for submit@debbugs.gnu.org; Tue, 14 Sep 2021 08:13:30 -0400 Received: from mout-p-202.mailbox.org ([80.241.56.172]:45982) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mQ7JT-0005LJ-1J for 50428@debbugs.gnu.org; Tue, 14 Sep 2021 08:13:23 -0400 Received: from smtp2.mailbox.org (smtp2.mailbox.org [IPv6:2001:67c:2050:105:465:1:2:0]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4H82LP0V0bzQkBt; Tue, 14 Sep 2021 14:13:17 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brendan.scot; s=MBO0001; t=1631621595; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=QX/OFeLPGhqpkSmaMAgRstXoWd8W1exlQVy5/g62l3g=; b=0mzW2ExZs9pvveuki1+y0q8rLefdyrUndyknFSXgDfVg/fMzi65f187qL+eTgi0H9FlG04 ifbn8p6MEUVKLmq18naC5P5aW8ikOmzBp3eSTKiT2O5vmfSVI0iw8pekCYSNUo74t03fLD 5zhbmaSsiUEgz48si9Kgx+r9nDgbOzjb7jjY3w0ye1fHOk764QeLaegTNyNP/aAMoqVeEd taUs8dNKzqwyGYMnETNCi3iwhlwpkW/I+gO6+IzHbZrzS0Jky3ddiDKN6ZwEaUHJPxh+Ev QUeAJxjpr56NWDws6ThlPqJOYlx6LKvd9mVV+TXPZUlq8W5fbSf8C9EL8Uhw1w== Date: Tue, 14 Sep 2021 14:13:11 +0200 (CEST) From: Brendan Tildesley Message-ID: <1201589804.62472.1631621592628@office.mailbox.org> In-Reply-To: <87tuin5vvs.fsf@gnu.org> References: <20210906133437.3691-1-mail@brendan.scot> <87tuin5vvs.fsf@gnu.org> MIME-Version: 1.0 X-Priority: 3 Importance: Normal X-Rspamd-Queue-Id: E496C1856 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches Update attached. > On 09/14/2021 11:50 AM Ludovic Courtès wrote: > > > Hi, > > Brendan Tildesley skribis: > > > * gnu/packages/crypto.scm (cryfs): New variable. > > Overall LGTM modulo the minor issues below: > > > + '(#:configure-flags > > + `("-DCRYFS_UPDATE_CHECKS=OFF" ;; Note: This also disables checking for security issues. > > + "-DCMAKE_BUILD_TYPE=Release" ;; Build man pages. > > Normally this is set by #:build-type. It defaults to “RelWithDebInfo”, > which is nice because then you get debugging symbols if you pass > ‘--with-debug-info=cryfs’. So I’d suggest removing this second flag. > I found a way to build man pages without it. > > + (replace 'check > > + (lambda* (#:key tests? outputs #:allow-other-keys) > > + (use-modules (srfi srfi-1)) > > Please use #:modules ((srfi srfi-1) …) instead of this non-top-level > ‘use-modules’ form. > done. > > + (when tests? > > + (with-directory-excursion "/tmp/build/test" > > + (let ((tests (find-files "." "-test$")) > > + (tests-output (assoc-ref outputs "tests"))) > > + ;; Install tests to a separate output so users can run them. > > + (copy-recursively "." tests-output) > > Installing tests is unusual. Do you really think it’s going to be > useful? Not sure. I felt since the cryfs is for encrypting peoples files, they may want to run the tests themselves to see if there any nasty issues. Most of the tests fail due to FUSE not being available, which works outside the chroot. Anyways I removed installing them. From 6604ab84de9a38907ca6d930dcb5c0d79de28d88 Mon Sep 17 00:00:00 2001 From: Brendan Tildesley Date: Sat, 4 Sep 2021 16:52:23 +1000 Subject: [PATCH] gnu: Add cryfs. * gnu/packages/crypto.scm (cryfs): New variable. --- gnu/packages/crypto.scm | 77 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm index c511d0a711..af1412c44e 100644 --- a/gnu/packages/crypto.scm +++ b/gnu/packages/crypto.scm @@ -21,6 +21,7 @@ ;;; Copyright © 2020 pukkamustard ;;; Copyright © 2021 Ellis Kenyő ;;; Copyright © 2021 Maxime Devos +;;; Copyright © 2021 Brendan Tildesley ;;; ;;; This file is part of GNU Guix. ;;; @@ -46,8 +47,10 @@ #:use-module (gnu packages boost) #:use-module (gnu packages check) #:use-module (gnu packages compression) + #:use-module (gnu packages cpp) #:use-module (gnu packages crates-io) #:use-module (gnu packages cryptsetup) + #:use-module (gnu packages curl) #:use-module (gnu packages documentation) #:use-module (gnu packages gettext) #:use-module (gnu packages gnupg) @@ -58,6 +61,7 @@ #:use-module (gnu packages libbsd) #:use-module (gnu packages libffi) #:use-module (gnu packages linux) + #:use-module (gnu packages logging) #:use-module (gnu packages lsof) #:use-module (gnu packages man) #:use-module (gnu packages multiprecision) @@ -1385,3 +1389,76 @@ them out. The process will degrade gracefully, so even people without your encryption password can safely commit changes to the repository's non-encrypted files.") (license license:expat))) + +(define-public cryfs + (package + (name "cryfs") + (version "0.11.0") + (source + (origin + (method url-fetch) + (uri (string-append + "https://github.com/cryfs/cryfs/releases/download/" + version "/cryfs-" version ".tar.xz")) + (sha256 + (base32 "0dxphbj5sssm82rkkdb71algrcki16qlpzlvrjyvvm6b7x7zi0sm")))) + (build-system cmake-build-system) + (arguments + '(#:modules ((guix build cmake-build-system) + (guix build utils) + (srfi srfi-1)) + #:configure-flags + ;; Note: This also disables checking for security issues. + `("-DCRYFS_UPDATE_CHECKS=OFF" + ;; This helps us use some dependencies from Guix instead of conan. + ;; crypto++ is still bundled: https://github.com/cryfs/cryfs/issues/369 + ;; Googletest is also since I wasn't sure how to unbundle that. + ,(string-append "-DDEPENDENCY_CONFIG=" (getcwd) + "/cmake-utils/DependenciesFromLocalSystem.cmake")) + #:phases + (modify-phases %standard-phases + (add-before 'configure 'fix-configure + (lambda* (#:key tests? #:allow-other-keys) + ;; Remove junk directory that breaks the build + (chdir "..") (delete-file-recursively ".circleci") + ;; Install documentation with Guix defaults. + (substitute* "doc/CMakeLists.txt" + (("CONFIGURATIONS Release") + "CONFIGURATIONS Release RelWithDebInfo")) + (when tests? + (substitute* "CMakeLists.txt" + (("option.BUILD_TESTING .build test cases. OFF.") + "option(BUILD_TESTING \"build test cases\" ON)"))))) + (replace 'check + (lambda* (#:key tests? #:allow-other-keys) + (when tests? + (let ((tests (find-files "." "-test$"))) + ;; XXX: Disable failing tests. Unfortunately there are a + ;; few. Some only fail in the build environment due to + ;; FUSE not being available. + (for-each invoke + (lset-difference string-contains + tests + '("cpp-utils-test" + "cryfs-cli-test" + "blobstore-test" + "fspp-test"))))) + #t))))) + (native-inputs + `(("python" ,python-wrapper) + ("pkg-config" ,pkg-config))) + (inputs + `(("boost" ,boost) + ("curl" ,curl) + ("fuse" ,fuse) + ("range-v3" ,range-v3) + ("spdlog" ,spdlog))) + (home-page "https://www.cryfs.org/") + (synopsis "Encrypted FUSE filesystem for the cloud") + (description "CryFS encrypts your files, so you can safely store them anywhere. +It works well together with cloud services like Dropbox, iCloud, OneDrive and +others. CryFS creates an encrypted userspace filesystem that can be mounted +via FUSE without root permissions. It is similar to EncFS, but provides +additional security and privacy measures such as hiding file sizes and directory +structure. However CryFS is not considered stable yet by the developers.") + (license license:lgpl3+))) -- 2.33.0