From fb8d67cd3481c21ce45b17eb4fb52a54cafc0944 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 22 Sep 2023 18:47:05 +0200
Subject: [PATCH] meson: move systemd-cryptsetup to /usr/bin

This was requested, though I think an issue was never filed. If people are
supposed to invoke it, even for testing, then it's reasonable to make it
"public".
---
 man/fido2-crypttab.sh               |  2 +-
 man/systemd-cryptsetup@.service.xml |  2 +-
 man/systemd-measure.xml             |  2 +-
 man/tpm2-crypttab.sh                |  4 ++--
 man/yubikey-crypttab.sh             |  2 +-
 meson.build                         |  2 +-
 src/cryptsetup/meson.build          | 10 +++++++++-
 7 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/man/fido2-crypttab.sh b/man/fido2-crypttab.sh
index c29c0245f42..43654a52364 100644
--- a/man/fido2-crypttab.sh
+++ b/man/fido2-crypttab.sh
@@ -5,7 +5,7 @@
 sudo systemd-cryptenroll --fido2-device=auto /dev/sdXn
 
 # Test: Let's run systemd-cryptsetup to test if this worked.
-sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - fido2-device=auto
+sudo systemd-cryptsetup attach mytest /dev/sdXn - fido2-device=auto
 
 # If that worked, let's now add the same line persistently to /etc/crypttab,
 # for the future. We don't want to use the (unstable) /dev/sdX name, so let's
diff --git a/man/systemd-cryptsetup@.service.xml b/man/systemd-cryptsetup@.service.xml
index 1697ccc0f3c..91a4f2eb9d8 100644
--- a/man/systemd-cryptsetup@.service.xml
+++ b/man/systemd-cryptsetup@.service.xml
@@ -27,7 +27,7 @@
   <refsynopsisdiv>
     <para><filename>systemd-cryptsetup@.service</filename></para>
     <para><filename>system-systemd\x2dcryptsetup.slice</filename></para>
-    <para><filename>/usr/lib/systemd/systemd-cryptsetup</filename></para>
+    <para><filename>systemd-cryptsetup</filename></para>
   </refsynopsisdiv>
 
   <refsect1>
diff --git a/man/systemd-measure.xml b/man/systemd-measure.xml
index 3568fb54350..4d5595e721b 100644
--- a/man/systemd-measure.xml
+++ b/man/systemd-measure.xml
@@ -294,7 +294,7 @@ $ openssl rsa -pubout -in tpm2-pcr-private.pem -out tpm2-pcr-public.pem
 
      <para>And then unlock the device with the signature:</para>
 
-     <programlisting># /usr/lib/systemd/systemd-cryptsetup attach \
+     <programlisting># systemd-cryptsetup attach \
      volume5 /dev/sda5 - \
      tpm2-device=auto,tpm2-signature=/path/to/tpm2-pcr-signature.json</programlisting>
 
diff --git a/man/tpm2-crypttab.sh b/man/tpm2-crypttab.sh
index b457fc2306f..2be349959fd 100644
--- a/man/tpm2-crypttab.sh
+++ b/man/tpm2-crypttab.sh
@@ -5,7 +5,7 @@
 sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/sdXn
 
 # Test: Let's run systemd-cryptsetup to test if this worked.
-sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - tpm2-device=auto
+sudo systemd-cryptsetup attach mytest /dev/sdXn - tpm2-device=auto
 
 # If that worked, let's now add the same line persistently to /etc/crypttab,
 # for the future. We don't want to use the (unstable) /dev/sdX name, so let's
@@ -16,7 +16,7 @@ udevadm info -q -r symlink /dev/sdXn
 sudo bash -c 'echo "mytest /dev/disk/by-uuid/... - tpm2-device=auto" >>/etc/crypttab'
 
 # And now let's check that automatic unlocking works:
-sudo /usr/lib/systemd/systemd-cryptsetup detach mytest
+sudo systemd-cryptsetup detach mytest
 sudo systemctl daemon-reload
 sudo systemctl start cryptsetup.target
 systemctl is-active systemd-cryptsetup@mytest.service
diff --git a/man/yubikey-crypttab.sh b/man/yubikey-crypttab.sh
index d355afbd1b2..a66a88fe1ce 100644
--- a/man/yubikey-crypttab.sh
+++ b/man/yubikey-crypttab.sh
@@ -21,7 +21,7 @@ rm pubkey.pem
 sudo systemd-cryptenroll --pkcs11-token-uri=auto /dev/sdXn
 
 # Test: Let's run systemd-cryptsetup to test if this all worked.
-sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - pkcs11-uri=auto
+sudo systemd-cryptsetup attach mytest /dev/sdXn - pkcs11-uri=auto
 
 # If that worked, let's now add the same line persistently to /etc/crypttab,
 # for the future. We don't want to use the (unstable) /dev/sdX name, so let's
diff --git a/meson.build b/meson.build
index bf25bcba43e..df506b78735 100644
--- a/meson.build
+++ b/meson.build
@@ -226,7 +226,7 @@ conf.set_quoted('SYSTEMCTL_BINARY_PATH',                      bindir / 'systemct
 conf.set_quoted('SYSTEMD_BINARY_PATH',                        libexecdir / 'systemd')
 conf.set_quoted('SYSTEMD_CATALOG_DIR',                        catalogdir)
 conf.set_quoted('SYSTEMD_CGROUPS_AGENT_PATH',                 libexecdir / 'systemd-cgroups-agent')
-conf.set_quoted('SYSTEMD_CRYPTSETUP_PATH',                    libexecdir / 'systemd-cryptsetup')
+conf.set_quoted('SYSTEMD_CRYPTSETUP_PATH',                    bindir / 'systemd-cryptsetup')
 conf.set_quoted('SYSTEMD_EXPORT_PATH',                        libexecdir / 'systemd-export')
 conf.set_quoted('SYSTEMD_FSCK_PATH',                          libexecdir / 'systemd-fsck')
 conf.set_quoted('SYSTEMD_GROWFS_PATH',                        libexecdir / 'systemd-growfs')
diff --git a/src/cryptsetup/meson.build b/src/cryptsetup/meson.build
index 6f7aa3c796d..e034cb7d244 100644
--- a/src/cryptsetup/meson.build
+++ b/src/cryptsetup/meson.build
@@ -16,8 +16,9 @@ if conf.get('HAVE_TPM2') == 1
 endif
 
 executables += [
-        libexec_template + {
+        executable_template + {
                 'name' : 'systemd-cryptsetup',
+                'public' : true,
                 'conditions' : ['HAVE_LIBCRYPTSETUP'],
                 'sources' : systemd_cryptsetup_sources,
                 'dependencies' : [
@@ -32,3 +33,10 @@ executables += [
                 'sources' : files('cryptsetup-generator.c'),
         },
 ]
+
+if conf.get('HAVE_LIBCRYPTSETUP') == 1
+        # symlink for backwards compatibility after rename
+        meson.add_install_script(sh, '-c',
+                                 ln_s.format(bindir / 'systemd-cryptsetup',
+                                             libexecdir / 'systemd-cryptsetup'))
+endif