diff --git a/meson.build b/meson.build index 889669b5d2..ab0d7da1e9 100644 --- a/meson.build +++ b/meson.build @@ -2297,7 +2297,6 @@ if conf.get('HAVE_LIBCRYPTSETUP') == 1 'src/cryptsetup/cryptsetup-generator.c', include_directories : includes, link_with : [libshared], - dependencies : [libcryptsetup], install_rpath : rootlibexecdir, install : true, install_dir : systemgeneratordir) @@ -2317,7 +2316,6 @@ if conf.get('HAVE_LIBCRYPTSETUP') == 1 'src/veritysetup/veritysetup-generator.c', include_directories : includes, link_with : [libshared], - dependencies : [libcryptsetup], install_rpath : rootlibexecdir, install : true, install_dir : systemgeneratordir) @@ -2672,7 +2670,6 @@ if conf.get('ENABLE_REPART') == 1 include_directories : includes, link_with : [libshared], dependencies : [threads, - libcryptsetup, libblkid, libfdisk, libopenssl], @@ -2755,7 +2752,6 @@ executable('systemd-growfs', 'src/partition/growfs.c', include_directories : includes, link_with : [libshared], - dependencies : [libcryptsetup], install_rpath : rootlibexecdir, install : true, install_dir : rootlibexecdir) diff --git a/src/partition/growfs.c b/src/partition/growfs.c index daadf9ef43..c097963e0c 100644 --- a/src/partition/growfs.c +++ b/src/partition/growfs.c @@ -30,11 +30,15 @@ static bool arg_dry_run = false; #if HAVE_LIBCRYPTSETUP static int resize_crypt_luks_device(dev_t devno, const char *fstype, dev_t main_devno) { _cleanup_free_ char *devpath = NULL, *main_devpath = NULL; - _cleanup_(crypt_freep) struct crypt_device *cd = NULL; + _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL; _cleanup_close_ int main_devfd = -1; uint64_t size; int r; + r = dlopen_cryptsetup(); + if (r < 0) + return log_error_errno(r, "Cannot resize LUKS device: %m"); + r = device_path_make_major_minor(S_IFBLK, main_devno, &main_devpath); if (r < 0) return log_error_errno(r, "Failed to format device major/minor path: %m"); @@ -52,20 +56,20 @@ static int resize_crypt_luks_device(dev_t devno, const char *fstype, dev_t main_ if (r < 0) return log_error_errno(r, "Failed to format major/minor path: %m"); - r = crypt_init(&cd, devpath); + r = sym_crypt_init(&cd, devpath); if (r < 0) return log_error_errno(r, "crypt_init(\"%s\") failed: %m", devpath); cryptsetup_enable_logging(cd); - r = crypt_load(cd, CRYPT_LUKS, NULL); + r = sym_crypt_load(cd, CRYPT_LUKS, NULL); if (r < 0) return log_debug_errno(r, "Failed to load LUKS metadata for %s: %m", devpath); if (arg_dry_run) return 0; - r = crypt_resize(cd, main_devpath, 0); + r = sym_crypt_resize(cd, main_devpath, 0); if (r < 0) return log_error_errno(r, "crypt_resize() of %s failed: %m", devpath); diff --git a/src/partition/repart.c b/src/partition/repart.c index 5ddfdfa635..bcbf2273e8 100644 --- a/src/partition/repart.c +++ b/src/partition/repart.c @@ -2370,7 +2370,7 @@ static int partition_encrypt( char **ret_volume, int *ret_fd) { - _cleanup_(crypt_freep) struct crypt_device *cd = NULL; + _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL; _cleanup_(erase_and_freep) void *volume_key = NULL; _cleanup_free_ char *dm_name = NULL, *vol = NULL; char suuid[ID128_UUID_STRING_MAX]; @@ -2381,6 +2381,10 @@ static int partition_encrypt( assert(p); assert(p->encrypt); + r = dlopen_cryptsetup(); + if (r < 0) + return log_error_errno(r, "libcryptsetup not found, cannot encrypt: %m"); + if (asprintf(&dm_name, "luks-repart-%08" PRIx64, random_u64()) < 0) return log_oom(); @@ -2404,13 +2408,13 @@ static int partition_encrypt( if (r < 0) return log_error_errno(r, "Failed to generate volume key: %m"); - r = crypt_init(&cd, node); + r = sym_crypt_init(&cd, node); if (r < 0) return log_error_errno(r, "Failed to allocate libcryptsetup context: %m"); cryptsetup_enable_logging(cd); - r = crypt_format(cd, + r = sym_crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", @@ -2424,7 +2428,7 @@ static int partition_encrypt( if (r < 0) return log_error_errno(r, "Failed to LUKS2 format future partition: %m"); - r = crypt_keyslot_add_by_volume_key( + r = sym_crypt_keyslot_add_by_volume_key( cd, CRYPT_ANY_SLOT, volume_key, @@ -2434,7 +2438,7 @@ static int partition_encrypt( if (r < 0) return log_error_errno(r, "Failed to add LUKS2 key: %m"); - r = crypt_activate_by_volume_key( + r = sym_crypt_activate_by_volume_key( cd, dm_name, volume_key, @@ -2474,7 +2478,7 @@ static int deactivate_luks(struct crypt_device *cd, const char *node) { /* udev or so might access out block device in the background while we are done. Let's hence force * detach the volume. We sync'ed before, hence this should be safe. */ - r = crypt_deactivate_by_name(cd, basename(node), CRYPT_DEACTIVATE_FORCE); + r = sym_crypt_deactivate_by_name(cd, basename(node), CRYPT_DEACTIVATE_FORCE); if (r < 0) return log_error_errno(r, "Failed to deactivate LUKS device: %m"); @@ -2490,7 +2494,7 @@ static int context_copy_blocks(Context *context) { /* Copy in file systems on the block level */ LIST_FOREACH(partitions, p, context->partitions) { - _cleanup_(crypt_freep) struct crypt_device *cd = NULL; + _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL; _cleanup_(loop_device_unrefp) LoopDevice *d = NULL; _cleanup_free_ char *encrypted = NULL; _cleanup_close_ int encrypted_dev_fd = -1; @@ -2553,7 +2557,7 @@ static int context_copy_blocks(Context *context) { if (r < 0) return r; - crypt_free(cd); + sym_crypt_free(cd); cd = NULL; r = loop_device_sync(d); @@ -2694,7 +2698,7 @@ static int context_mkfs(Context *context) { /* Make a file system */ LIST_FOREACH(partitions, p, context->partitions) { - _cleanup_(crypt_freep) struct crypt_device *cd = NULL; + _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL; _cleanup_(loop_device_unrefp) LoopDevice *d = NULL; _cleanup_free_ char *encrypted = NULL; _cleanup_close_ int encrypted_dev_fd = -1; @@ -2781,7 +2785,7 @@ static int context_mkfs(Context *context) { if (r < 0) return r; - crypt_free(cd); + sym_crypt_free(cd); cd = NULL; } diff --git a/src/shared/cryptsetup-util.c b/src/shared/cryptsetup-util.c index 9bc85a1739..9d86478b06 100644 --- a/src/shared/cryptsetup-util.c +++ b/src/shared/cryptsetup-util.c @@ -1,10 +1,79 @@ /* SPDX-License-Identifier: LGPL-2.1+ */ #if HAVE_LIBCRYPTSETUP +#include "alloc-util.h" #include "cryptsetup-util.h" +#include "dlfcn-util.h" #include "log.h" +static void *cryptsetup_dl = NULL; + +int (*sym_crypt_activate_by_passphrase)(struct crypt_device *cd, const char *name, int keyslot, const char *passphrase, size_t passphrase_size, uint32_t flags); +#if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY +int (*sym_crypt_activate_by_signed_key)(struct crypt_device *cd, const char *name, const char *volume_key, size_t volume_key_size, const char *signature, size_t signature_size, uint32_t flags); +#endif +int (*sym_crypt_activate_by_volume_key)(struct crypt_device *cd, const char *name, const char *volume_key, size_t volume_key_size, uint32_t flags); +int (*sym_crypt_deactivate_by_name)(struct crypt_device *cd, const char *name, uint32_t flags); +int (*sym_crypt_format)(struct crypt_device *cd, const char *type, const char *cipher, const char *cipher_mode, const char *uuid, const char *volume_key, size_t volume_key_size, void *params); +void (*sym_crypt_free)(struct crypt_device *cd); +const char *(*sym_crypt_get_dir)(void); +int (*sym_crypt_get_verity_info)(struct crypt_device *cd, struct crypt_params_verity *vp); +int (*sym_crypt_init)(struct crypt_device **cd, const char *device); +int (*sym_crypt_init_by_name)(struct crypt_device **cd, const char *name); +int (*sym_crypt_keyslot_add_by_volume_key)(struct crypt_device *cd, int keyslot, const char *volume_key, size_t volume_key_size, const char *passphrase, size_t passphrase_size); +int (*sym_crypt_load)(struct crypt_device *cd, const char *requested_type, void *params); +int (*sym_crypt_resize)(struct crypt_device *cd, const char *name, uint64_t new_size); +int (*sym_crypt_set_data_device)(struct crypt_device *cd, const char *device); +void (*sym_crypt_set_debug_level)(int level); +void (*sym_crypt_set_log_callback)(struct crypt_device *cd, void (*log)(int level, const char *msg, void *usrptr), void *usrptr); +int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size); + +int dlopen_cryptsetup(void) { + _cleanup_(dlclosep) void *dl = NULL; + int r; + + if (cryptsetup_dl) + return 0; /* Already loaded */ + + dl = dlopen("libcryptsetup.so.12", RTLD_LAZY); + if (!dl) + return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), + "libcryptsetup support is not installed: %s", dlerror()); + + r = dlsym_many_and_warn( + dl, + LOG_DEBUG, + &sym_crypt_activate_by_passphrase, "crypt_activate_by_passphrase", +#if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY + &sym_crypt_activate_by_signed_key, "crypt_activate_by_signed_key", +#endif + &sym_crypt_activate_by_volume_key, "crypt_activate_by_volume_key", + &sym_crypt_deactivate_by_name, "crypt_deactivate_by_name", + &sym_crypt_format, "crypt_format", + &sym_crypt_free, "crypt_free", + &sym_crypt_get_dir, "crypt_get_dir", + &sym_crypt_get_verity_info, "crypt_get_verity_info", + &sym_crypt_init, "crypt_init", + &sym_crypt_init_by_name, "crypt_init_by_name", + &sym_crypt_keyslot_add_by_volume_key, "crypt_keyslot_add_by_volume_key", + &sym_crypt_load, "crypt_load", + &sym_crypt_resize, "crypt_resize", + &sym_crypt_set_data_device, "crypt_set_data_device", + &sym_crypt_set_debug_level, "crypt_set_debug_level", + &sym_crypt_set_log_callback, "crypt_set_log_callback", + &sym_crypt_volume_key_get, "crypt_volume_key_get", + NULL); + if (r < 0) + return r; + + /* Note that we never release the reference here, because there's no real reason to, after all this + * was traditionally a regular shared library dependency which lives forever too. */ + cryptsetup_dl = TAKE_PTR(dl); + return 1; +} + static void cryptsetup_log_glue(int level, const char *msg, void *usrptr) { + switch (level) { case CRYPT_LOG_NORMAL: level = LOG_NOTICE; @@ -27,8 +96,16 @@ static void cryptsetup_log_glue(int level, const char *msg, void *usrptr) { } void cryptsetup_enable_logging(struct crypt_device *cd) { - crypt_set_log_callback(cd, cryptsetup_log_glue, NULL); - crypt_set_debug_level(DEBUG_LOGGING ? CRYPT_DEBUG_ALL : CRYPT_DEBUG_NONE); + if (!cd) + return; + + if (dlopen_cryptsetup() < 0) /* If this fails, let's gracefully ignore the issue, this is just debug + * logging after all, and if this failed we already generated a debug + * log message that should help to track things down. */ + return; + + sym_crypt_set_log_callback(cd, cryptsetup_log_glue, NULL); + sym_crypt_set_debug_level(DEBUG_LOGGING ? CRYPT_DEBUG_ALL : CRYPT_DEBUG_NONE); } #endif diff --git a/src/shared/cryptsetup-util.h b/src/shared/cryptsetup-util.h index b9f465fbc1..046953b8cc 100644 --- a/src/shared/cryptsetup-util.h +++ b/src/shared/cryptsetup-util.h @@ -1,12 +1,36 @@ /* SPDX-License-Identifier: LGPL-2.1+ */ #pragma once +#include "macro.h" + #if HAVE_LIBCRYPTSETUP #include -#include "macro.h" +extern int (*sym_crypt_activate_by_passphrase)(struct crypt_device *cd, const char *name, int keyslot, const char *passphrase, size_t passphrase_size, uint32_t flags); +#if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY +extern int (*sym_crypt_activate_by_signed_key)(struct crypt_device *cd, const char *name, const char *volume_key, size_t volume_key_size, const char *signature, size_t signature_size, uint32_t flags); +#endif +extern int (*sym_crypt_activate_by_volume_key)(struct crypt_device *cd, const char *name, const char *volume_key, size_t volume_key_size, uint32_t flags); +extern int (*sym_crypt_deactivate_by_name)(struct crypt_device *cd, const char *name, uint32_t flags); +extern int (*sym_crypt_format)(struct crypt_device *cd, const char *type, const char *cipher, const char *cipher_mode, const char *uuid, const char *volume_key, size_t volume_key_size, void *params); +extern void (*sym_crypt_free)(struct crypt_device *cd); +extern const char *(*sym_crypt_get_dir)(void); +extern int (*sym_crypt_get_verity_info)(struct crypt_device *cd, struct crypt_params_verity *vp); +extern int (*sym_crypt_init)(struct crypt_device **cd, const char *device); +extern int (*sym_crypt_init_by_name)(struct crypt_device **cd, const char *name); +extern int (*sym_crypt_keyslot_add_by_volume_key)(struct crypt_device *cd, int keyslot, const char *volume_key, size_t volume_key_size, const char *passphrase, size_t passphrase_size); +extern int (*sym_crypt_load)(struct crypt_device *cd, const char *requested_type, void *params); +extern int (*sym_crypt_resize)(struct crypt_device *cd, const char *name, uint64_t new_size); +extern int (*sym_crypt_set_data_device)(struct crypt_device *cd, const char *device); +extern void (*sym_crypt_set_debug_level)(int level); +extern void (*sym_crypt_set_log_callback)(struct crypt_device *cd, void (*log)(int level, const char *msg, void *usrptr), void *usrptr); +extern int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size); + +int dlopen_cryptsetup(void); DEFINE_TRIVIAL_CLEANUP_FUNC(struct crypt_device *, crypt_free); +DEFINE_TRIVIAL_CLEANUP_FUNC(struct crypt_device *, sym_crypt_free); void cryptsetup_enable_logging(struct crypt_device *cd); + #endif diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index a035e8de5a..15c3f55de0 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -1225,13 +1225,13 @@ DecryptedImage* decrypted_image_unref(DecryptedImage* d) { DecryptedPartition *p = d->decrypted + i; if (p->device && p->name && !p->relinquished) { - r = crypt_deactivate(p->device, p->name); + r = sym_crypt_deactivate_by_name(p->device, p->name, 0); if (r < 0) log_debug_errno(r, "Failed to deactivate encrypted partition %s", p->name); } if (p->device) - crypt_free(p->device); + sym_crypt_free(p->device); free(p->name); } @@ -1265,7 +1265,7 @@ static int make_dm_name_and_node(const void *original_node, const char *suffix, if (!filename_is_valid(name)) return -EINVAL; - node = path_join(crypt_get_dir(), name); + node = path_join(sym_crypt_get_dir(), name); if (!node) return -ENOMEM; @@ -1282,7 +1282,7 @@ static int decrypt_partition( DecryptedImage *d) { _cleanup_free_ char *node = NULL, *name = NULL; - _cleanup_(crypt_freep) struct crypt_device *cd = NULL; + _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL; int r; assert(m); @@ -1297,6 +1297,10 @@ static int decrypt_partition( if (!passphrase) return -ENOKEY; + r = dlopen_cryptsetup(); + if (r < 0) + return r; + r = make_dm_name_and_node(m->node, "-decrypted", &name, &node); if (r < 0) return r; @@ -1304,19 +1308,19 @@ static int decrypt_partition( if (!GREEDY_REALLOC0(d->decrypted, d->n_allocated, d->n_decrypted + 1)) return -ENOMEM; - r = crypt_init(&cd, m->node); + r = sym_crypt_init(&cd, m->node); if (r < 0) return log_debug_errno(r, "Failed to initialize dm-crypt: %m"); cryptsetup_enable_logging(cd); - r = crypt_load(cd, CRYPT_LUKS, NULL); + r = sym_crypt_load(cd, CRYPT_LUKS, NULL); if (r < 0) return log_debug_errno(r, "Failed to load LUKS metadata: %m"); - r = crypt_activate_by_passphrase(cd, name, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), - ((flags & DISSECT_IMAGE_READ_ONLY) ? CRYPT_ACTIVATE_READONLY : 0) | - ((flags & DISSECT_IMAGE_DISCARD_ON_CRYPTO) ? CRYPT_ACTIVATE_ALLOW_DISCARDS : 0)); + r = sym_crypt_activate_by_passphrase(cd, name, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), + ((flags & DISSECT_IMAGE_READ_ONLY) ? CRYPT_ACTIVATE_READONLY : 0) | + ((flags & DISSECT_IMAGE_DISCARD_ON_CRYPTO) ? CRYPT_ACTIVATE_ALLOW_DISCARDS : 0)); if (r < 0) { log_debug_errno(r, "Failed to activate LUKS device: %m"); return r == -EPERM ? -EKEYREJECTED : r; @@ -1334,23 +1338,26 @@ static int decrypt_partition( static int verity_can_reuse(const void *root_hash, size_t root_hash_size, bool has_sig, const char *name, struct crypt_device **ret_cd) { /* If the same volume was already open, check that the root hashes match, and reuse it if they do */ _cleanup_free_ char *root_hash_existing = NULL; - _cleanup_(crypt_freep) struct crypt_device *cd = NULL; + _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL; struct crypt_params_verity crypt_params = {}; size_t root_hash_existing_size = root_hash_size; int r; assert(ret_cd); - r = crypt_init_by_name(&cd, name); + r = sym_crypt_init_by_name(&cd, name); if (r < 0) return log_debug_errno(r, "Error opening verity device, crypt_init_by_name failed: %m"); - r = crypt_get_verity_info(cd, &crypt_params); + + r = sym_crypt_get_verity_info(cd, &crypt_params); if (r < 0) return log_debug_errno(r, "Error opening verity device, crypt_get_verity_info failed: %m"); + root_hash_existing = malloc0(root_hash_size); if (!root_hash_existing) return -ENOMEM; - r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, root_hash_existing, &root_hash_existing_size, NULL, 0); + + r = sym_crypt_volume_key_get(cd, CRYPT_ANY_SLOT, root_hash_existing, &root_hash_existing_size, NULL, 0); if (r < 0) return log_debug_errno(r, "Error opening verity device, crypt_volume_key_get failed: %m"); if (root_hash_size != root_hash_existing_size || memcmp(root_hash_existing, root_hash, root_hash_size) != 0) @@ -1370,7 +1377,8 @@ static int verity_can_reuse(const void *root_hash, size_t root_hash_size, bool h static inline void dm_deferred_remove_clean(char *name) { if (!name) return; - (void) crypt_deactivate_by_name(NULL, name, CRYPT_DEACTIVATE_DEFERRED); + + (void) sym_crypt_deactivate_by_name(NULL, name, CRYPT_DEACTIVATE_DEFERRED); free(name); } DEFINE_TRIVIAL_CLEANUP_FUNC(char *, dm_deferred_remove_clean); @@ -1388,7 +1396,7 @@ static int verity_partition( DecryptedImage *d) { _cleanup_free_ char *node = NULL, *name = NULL, *hash_sig_from_file = NULL; - _cleanup_(crypt_freep) struct crypt_device *cd = NULL; + _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL; _cleanup_(dm_deferred_remove_cleanp) char *restore_deferred_remove = NULL; int r; @@ -1408,11 +1416,17 @@ static int verity_partition( return 0; } + r = dlopen_cryptsetup(); + if (r < 0) + return r; + if (FLAGS_SET(flags, DISSECT_IMAGE_VERITY_SHARE)) { /* Use the roothash, which is unique per volume, as the device node name, so that it can be reused */ _cleanup_free_ char *root_hash_encoded = NULL; + root_hash_encoded = hexmem(root_hash, root_hash_size); if (!root_hash_encoded) + return -ENOMEM; r = make_dm_name_and_node(root_hash_encoded, "-verity", &name, &node); } else @@ -1426,17 +1440,17 @@ static int verity_partition( return r; } - r = crypt_init(&cd, verity_data ?: v->node); + r = sym_crypt_init(&cd, verity_data ?: v->node); if (r < 0) return r; cryptsetup_enable_logging(cd); - r = crypt_load(cd, CRYPT_VERITY, NULL); + r = sym_crypt_load(cd, CRYPT_VERITY, NULL); if (r < 0) return r; - r = crypt_set_data_device(cd, m->node); + r = sym_crypt_set_data_device(cd, m->node); if (r < 0) return r; @@ -1449,12 +1463,12 @@ static int verity_partition( for (unsigned i = 0; i < N_DEVICE_NODE_LIST_ATTEMPTS; i++) { if (root_hash_sig || hash_sig_from_file) { #if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY - r = crypt_activate_by_signed_key(cd, name, root_hash, root_hash_size, root_hash_sig ?: hash_sig_from_file, root_hash_sig_size, CRYPT_ACTIVATE_READONLY); + r = sym_crypt_activate_by_signed_key(cd, name, root_hash, root_hash_size, root_hash_sig ?: hash_sig_from_file, root_hash_sig_size, CRYPT_ACTIVATE_READONLY); #else r = log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "activation of verity device with signature requested, but not supported by cryptsetup due to missing crypt_activate_by_signed_key()"); #endif } else - r = crypt_activate_by_volume_key(cd, name, root_hash, root_hash_size, CRYPT_ACTIVATE_READONLY); + r = sym_crypt_activate_by_volume_key(cd, name, root_hash, root_hash_size, CRYPT_ACTIVATE_READONLY); /* libdevmapper can return EINVAL when the device is already in the activation stage. * There's no way to distinguish this situation from a genuine error due to invalid * parameters, so immediately fall back to activating the device with a unique name. @@ -1500,7 +1514,7 @@ static int verity_partition( return r; if (cd) - crypt_free(cd); + sym_crypt_free(cd); cd = existing_cd; } } @@ -1664,7 +1678,7 @@ int decrypted_image_relinquish(DecryptedImage *d) { if (p->relinquished) continue; - r = crypt_deactivate_by_name(NULL, p->name, CRYPT_DEACTIVATE_DEFERRED); + r = sym_crypt_deactivate_by_name(NULL, p->name, CRYPT_DEACTIVATE_DEFERRED); if (r < 0) return log_debug_errno(r, "Failed to mark %s for auto-removal: %m", p->name); diff --git a/src/shared/meson.build b/src/shared/meson.build index 5416c68bf5..723e00e437 100644 --- a/src/shared/meson.build +++ b/src/shared/meson.build @@ -354,7 +354,6 @@ libshared_deps = [threads, libblkid, libcap, libcrypt, - libcryptsetup, libgcrypt, libidn, libiptc,