cryptsetup: separate binaries from libraries

This reduces closure sizes by making the libraries not depend on the binaries, which is good for dynamic builds, and (when statically linked) making the binaries not depend on the libraries, which is good for static builds. When static building, we additionally have to disable loading LUKS plugins from $lib to avoid a reference, which probably wouldn't have worked anyway.
2 years ago · f8be98b2cb
parent fb079c3110
commit f8be98b2cb
1 changed files with 7 additions and 1 deletions
--- a/pkgs/os-specific/linux/cryptsetup/default.nix
+++ b/pkgs/os-specific/linux/cryptsetup/default.nix
@ -5,7 +5,7 @@ stdenv.mkDerivation rec {
  pname = "cryptsetup";
  version = "2.4.3";

-  outputs = [ "out" "dev" "man" ];
+  outputs = [ "bin" "out" "dev" "man" ];
  separateDebugInfo = true;

  src = fetchurl {
@ -31,6 +31,12 @@ stdenv.mkDerivation rec {
    "--enable-cryptsetup-reencrypt"
    "--with-crypto_backend=openssl"
    "--disable-ssh-token"
+  ] ++ lib.optionals stdenv.hostPlatform.isStatic [
+    "--disable-external-tokens"
+    # We have to override this even though we're removing token
+    # support, because the path still gets included in the binary even
+    # though it isn't used.
+    "--with-luks2-external-tokens-path=/"
  ];

  nativeBuildInputs = [ pkg-config ];