meson: move systemd-cryptsetup to /usr/bin

This was requested, though I think an issue was never filed. If people are supposed to invoke it, even for testing, then it's reasonable to make it "public".
2024-09-29 21:04:12 +00:00 · 2023-09-22 18:47:05 +02:00 · 2023-09-22 18:47:05 +02:00 · fb8d67cd34
parent 5bae80bd44
commit fb8d67cd34
7 changed files with 16 additions and 8 deletions
--- a/man/fido2-crypttab.sh
+++ b/man/fido2-crypttab.sh
@ -5,7 +5,7 @@
 sudo systemd-cryptenroll --fido2-device=auto /dev/sdXn

 # Test: Let's run systemd-cryptsetup to test if this worked.
-sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - fido2-device=auto
+sudo systemd-cryptsetup attach mytest /dev/sdXn - fido2-device=auto

 # If that worked, let's now add the same line persistently to /etc/crypttab,
 # for the future. We don't want to use the (unstable) /dev/sdX name, so let's
--- a/man/systemd-cryptsetup@.service.xml
+++ b/man/systemd-cryptsetup@.service.xml
@ -27,7 +27,7 @@
  <refsynopsisdiv>
    <para><filename>systemd-cryptsetup@.service</filename></para>
    <para><filename>system-systemd\x2dcryptsetup.slice</filename></para>
-    <para><filename>/usr/lib/systemd/systemd-cryptsetup</filename></para>
+    <para><filename>systemd-cryptsetup</filename></para>
  </refsynopsisdiv>

  <refsect1>
--- a/man/systemd-measure.xml
+++ b/man/systemd-measure.xml
@ -294,7 +294,7 @@ $ openssl rsa -pubout -in tpm2-pcr-private.pem -out tpm2-pcr-public.pem

     <para>And then unlock the device with the signature:</para>

-     <programlisting># /usr/lib/systemd/systemd-cryptsetup attach \
+     <programlisting># systemd-cryptsetup attach \
     volume5 /dev/sda5 - \
     tpm2-device=auto,tpm2-signature=/path/to/tpm2-pcr-signature.json</programlisting>

--- a/man/tpm2-crypttab.sh
+++ b/man/tpm2-crypttab.sh
@ -5,7 +5,7 @@
 sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/sdXn

 # Test: Let's run systemd-cryptsetup to test if this worked.
-sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - tpm2-device=auto
+sudo systemd-cryptsetup attach mytest /dev/sdXn - tpm2-device=auto

 # If that worked, let's now add the same line persistently to /etc/crypttab,
 # for the future. We don't want to use the (unstable) /dev/sdX name, so let's
@ -16,7 +16,7 @@ udevadm info -q -r symlink /dev/sdXn
 sudo bash -c 'echo "mytest /dev/disk/by-uuid/... - tpm2-device=auto" >>/etc/crypttab'

 # And now let's check that automatic unlocking works:
-sudo /usr/lib/systemd/systemd-cryptsetup detach mytest
+sudo systemd-cryptsetup detach mytest
 sudo systemctl daemon-reload
 sudo systemctl start cryptsetup.target
 systemctl is-active systemd-cryptsetup@mytest.service
--- a/man/yubikey-crypttab.sh
+++ b/man/yubikey-crypttab.sh
@ -21,7 +21,7 @@ rm pubkey.pem
 sudo systemd-cryptenroll --pkcs11-token-uri=auto /dev/sdXn

 # Test: Let's run systemd-cryptsetup to test if this all worked.
-sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - pkcs11-uri=auto
+sudo systemd-cryptsetup attach mytest /dev/sdXn - pkcs11-uri=auto

 # If that worked, let's now add the same line persistently to /etc/crypttab,
 # for the future. We don't want to use the (unstable) /dev/sdX name, so let's
--- a/meson.build
+++ b/meson.build
@ -226,7 +226,7 @@ conf.set_quoted('SYSTEMCTL_BINARY_PATH',                      bindir / 'systemct
 conf.set_quoted('SYSTEMD_BINARY_PATH',                        libexecdir / 'systemd')
 conf.set_quoted('SYSTEMD_CATALOG_DIR',                        catalogdir)
 conf.set_quoted('SYSTEMD_CGROUPS_AGENT_PATH',                 libexecdir / 'systemd-cgroups-agent')
-conf.set_quoted('SYSTEMD_CRYPTSETUP_PATH',                    libexecdir / 'systemd-cryptsetup')
+conf.set_quoted('SYSTEMD_CRYPTSETUP_PATH',                    bindir / 'systemd-cryptsetup')
 conf.set_quoted('SYSTEMD_EXPORT_PATH',                        libexecdir / 'systemd-export')
 conf.set_quoted('SYSTEMD_FSCK_PATH',                          libexecdir / 'systemd-fsck')
 conf.set_quoted('SYSTEMD_GROWFS_PATH',                        libexecdir / 'systemd-growfs')
--- a/src/cryptsetup/meson.build
+++ b/src/cryptsetup/meson.build
@ -16,8 +16,9 @@ if conf.get('HAVE_TPM2') == 1
 endif

 executables += [
-        libexec_template + {
+        executable_template + {
                'name' : 'systemd-cryptsetup',
+                'public' : true,
                'conditions' : ['HAVE_LIBCRYPTSETUP'],
                'sources' : systemd_cryptsetup_sources,
                'dependencies' : [
@ -32,3 +33,10 @@ executables += [
                'sources' : files('cryptsetup-generator.c'),
        },
 ]
+
+if conf.get('HAVE_LIBCRYPTSETUP') == 1
+        # symlink for backwards compatibility after rename
+        meson.add_install_script(sh, '-c',
+                                 ln_s.format(bindir / 'systemd-cryptsetup',
+                                             libexecdir / 'systemd-cryptsetup'))
+endif