]>
Commit | Line | Data |
---|---|---|
f163b202 SB |
1 | # |
2 | # configure.ac | |
3 | # | |
4 | # The Initial Developer of the Original Code is International | |
5 | # Business Machines Corporation. Portions created by IBM | |
6 | # Corporation are Copyright (C) 2014 International Business | |
7 | # Machines Corporation. All Rights Reserved. | |
8 | # | |
9 | # This program is free software; you can redistribute it and/or modify | |
10 | # it under the terms of the Common Public License as published by | |
11 | # IBM Corporation; either version 1 of the License, or (at your option) | |
12 | # any later version. | |
13 | # | |
14 | # This program is distributed in the hope that it will be useful, | |
15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
17 | # Common Public License for more details. | |
18 | # | |
19 | # You should have received a copy of the Common Public License | |
20 | # along with this program; if not, a copy can be viewed at | |
21 | # http://www.opensource.org/licenses/cpl1.0.php. | |
22 | # | |
23 | # This file is derived from tpm-tool's configure.in. | |
24 | # | |
25 | ||
3115dff0 | 26 | AC_INIT([swtpm],[0.8.0]) |
b295c768 | 27 | AC_PREREQ([2.69]) |
f163b202 | 28 | AC_CONFIG_SRCDIR(Makefile.am) |
b295c768 | 29 | AC_CONFIG_HEADERS([config.h]) |
f163b202 SB |
30 | |
31 | SWTPM_VER_MAJOR=`echo $PACKAGE_VERSION | cut -d "." -f1` | |
32 | SWTPM_VER_MINOR=`echo $PACKAGE_VERSION | cut -d "." -f2` | |
33 | SWTPM_VER_MICRO=`echo $PACKAGE_VERSION | cut -d "." -f3` | |
34 | ||
35 | AC_SUBST([SWTPM_VER_MAJOR]) | |
36 | AC_SUBST([SWTPM_VER_MINOR]) | |
37 | AC_SUBST([SWTPM_VER_MICRO]) | |
38 | ||
39 | dnl Check for programs | |
40 | AC_PROG_CC | |
41 | AC_PROG_INSTALL | |
42 | AC_PROG_LN_S | |
908afaf5 | 43 | LT_INIT |
f163b202 | 44 | |
f163b202 SB |
45 | AC_CONFIG_MACRO_DIR([m4]) |
46 | AC_CANONICAL_TARGET | |
c3fdf688 | 47 | AC_CANONICAL_HOST |
f163b202 | 48 | AM_INIT_AUTOMAKE([foreign 1.6]) |
13cb26d8 | 49 | AM_SILENT_RULES([yes]) |
f163b202 SB |
50 | |
51 | DEBUG="" | |
52 | AC_MSG_CHECKING([for debug-enabled build]) | |
b295c768 | 53 | AC_ARG_ENABLE(debug, AS_HELP_STRING([--enable-debug],[create a debug build]), |
f163b202 SB |
54 | [if test "$enableval" = "yes"; then |
55 | DEBUG="yes" | |
56 | AC_MSG_RESULT([yes]) | |
57 | else | |
58 | DEBUG="no" | |
59 | AC_MSG_RESULT([no]) | |
60 | fi], | |
61 | [DEBUG="no", | |
62 | AC_MSG_RESULT([no])]) | |
63 | ||
64 | # If the user has not set CFLAGS, do something appropriate | |
65 | test_CFLAGS=${CFLAGS+set} | |
66 | if test "$test_CFLAGS" != set; then | |
33be7be2 | 67 | if test "$DEBUG" = "yes"; then |
f163b202 SB |
68 | CFLAGS="-O0 -g -DDEBUG" |
69 | else | |
70 | CFLAGS="-g -O2" | |
71 | fi | |
33be7be2 | 72 | elif test "$DEBUG" = "yes"; then |
f163b202 SB |
73 | CFLAGS="$CFLAGS -O0 -g -DDEBUG" |
74 | fi | |
75 | ||
e46a2b66 SB |
76 | AC_C_CONST |
77 | AC_C_INLINE | |
78 | ||
79 | AC_TYPE_SIZE_T | |
e46a2b66 | 80 | |
baecda40 SB |
81 | AC_PROG_CC |
82 | AC_PROG_INSTALL | |
3cb54a5d | 83 | AC_PROG_MKDIR_P |
e46a2b66 | 84 | |
ec37bb56 SB |
85 | AC_ARG_WITH([selinux], |
86 | AS_HELP_STRING([--with-selinux], | |
87 | [add SELinux policy extensions @<:@default=check@:>@])) | |
88 | m4_divert_text([DEFAULTS], [with_selinux=check]) | |
89 | ||
90 | dnl Check for SELinux policy support | |
91 | ||
92 | if test "$with_selinux" != "no"; then | |
93 | if test "$with_selinux" = "check" || test "$with_selinux" = "yes"; then | |
94 | if ! test -f /usr/share/selinux/devel/Makefile; then | |
95 | if test "$with_selinux" = "yes"; then | |
96 | AC_MSG_ERROR("Is selinux-policy-devel installed?") | |
97 | else | |
98 | with_selinux="no" | |
99 | fi | |
100 | fi | |
101 | AC_PATH_PROG([SEMODULE], semodule) | |
33be7be2 | 102 | if test "x$SEMODULE" = "x"; then |
ec37bb56 SB |
103 | if test "$with_selinux" = "yes"; then |
104 | AC_MSG_ERROR("Is selinux-policy-devel installed?") | |
105 | else | |
106 | with_selinux="no" | |
107 | fi | |
108 | fi | |
109 | if test "$with_selinux" = "check"; then | |
110 | with_selinux="yes" | |
111 | fi | |
112 | fi | |
113 | fi | |
33be7be2 | 114 | AM_CONDITIONAL([WITH_SELINUX], [test "x$with_selinux" = "xyes"]) |
ec37bb56 | 115 | |
b096be26 SB |
116 | if test "$prefix" = "/usr" && test "$sysconfdir" = '${prefix}/etc'; then |
117 | sysconfdir="/etc" | |
118 | fi | |
119 | if test "$prefix" = "" && test "$datarootdir" = '${prefix}/share'; then | |
120 | datarootdir="/usr/share" | |
121 | fi | |
d16b86b7 SB |
122 | if test "$prefix" = "/usr" && test "$localstatedir" = '${prefix}/var'; then |
123 | localstatedir="/var" | |
124 | fi | |
5d35321e SB |
125 | if test "x$prefix" = "xNONE"; then |
126 | prefix="/usr/local" | |
127 | fi | |
fd00c5ff SB |
128 | if test "x$exec_prefix" = "xNONE"; then |
129 | exec_prefix=$prefix | |
130 | fi | |
0432b653 SB |
131 | SYSCONFDIR=`eval echo $sysconfdir` |
132 | DATAROOTDIR=`eval echo $datarootdir` | |
d16b86b7 | 133 | LOCALSTATEDIR=`eval echo $localstatedir` |
fd00c5ff | 134 | BINDIR=`eval echo $bindir` |
0432b653 SB |
135 | AC_SUBST([SYSCONFDIR]) |
136 | AC_SUBST([DATAROOTDIR]) | |
d16b86b7 | 137 | AC_SUBST([LOCALSTATEDIR]) |
fd00c5ff | 138 | AC_SUBST([BINDIR]) |
b096be26 | 139 | |
7849b6c6 | 140 | cryptolib=openssl |
3bbdd7bc SB |
141 | |
142 | AC_ARG_WITH([openssl], | |
7849b6c6 SB |
143 | [AS_HELP_STRING([--with-openssl], |
144 | [build with openssl library])], | |
145 | [], | |
146 | []) | |
3bbdd7bc SB |
147 | |
148 | case "$cryptolib" in | |
3bbdd7bc | 149 | openssl) |
7849b6c6 SB |
150 | AC_CHECK_LIB(crypto, |
151 | [AES_set_encrypt_key], | |
b78b6af2 | 152 | [true], |
7849b6c6 SB |
153 | AC_MSG_ERROR(Faulty openssl crypto library)) |
154 | AC_CHECK_HEADERS([openssl/aes.h],[], | |
155 | AC_MSG_ERROR(Is openssl-devel/libssl-dev installed?)) | |
156 | AC_MSG_RESULT([Building with openssl crypto library]) | |
0371b63b SB |
157 | LIBCRYPTO_LIBS=$(pkg-config --libs libcrypto) |
158 | AC_SUBST([LIBCRYPTO_LIBS]) | |
a39c3792 SB |
159 | AC_CHECK_HEADERS([openssl/fips.h], |
160 | [AC_DEFINE_UNQUOTED([HAVE_OPENSSL_FIPS_H], 1, | |
161 | [whether openssl/fips.h is available])] | |
162 | ) | |
163 | AC_CHECK_LIB(crypto, | |
164 | [FIPS_mode_set], | |
165 | [AC_DEFINE_UNQUOTED([HAVE_OPENSSL_FIPS_MODE_SET_API], 1, | |
166 | [whether FIPS_mode_set API is available])] | |
167 | ) | |
7849b6c6 | 168 | ;; |
3bbdd7bc | 169 | esac |
833a5416 | 170 | |
baecda40 SB |
171 | LIBTASN1_LIBS=$(pkg-config --libs libtasn1) |
172 | if test $? -ne 0; then | |
173 | AC_MSG_ERROR("Is libtasn1-devel installed? -- could not get libs for libtasn1") | |
174 | fi | |
175 | AC_SUBST([LIBTASN1_LIBS]) | |
f163b202 | 176 | |
3b33116d SB |
177 | PKG_CHECK_MODULES( |
178 | [LIBTPMS], | |
179 | [libtpms], | |
180 | , | |
181 | AC_MSG_ERROR("no libtpms.pc found; please set PKG_CONFIG_PATH to the directory where libtpms.pc is located") | |
182 | ) | |
8d086ee9 | 183 | LDFLAGS="$LDFLAGS $LIBTPMS_LIBS" |
b4374c33 | 184 | CFLAGS="$CFLAGS $LIBTPMS_CFLAGS" |
fbc596ab | 185 | AC_CHECK_LIB(tpms, |
b78b6af2 | 186 | TPMLIB_ChooseTPMVersion,[true], |
fbc596ab SB |
187 | AC_MSG_ERROR("libtpms 0.6 or later is required") |
188 | ) | |
baecda40 | 189 | AC_SUBST([LIBTPMS_LIBS]) |
f163b202 | 190 | |
5478de0a SB |
191 | AC_CHECK_LIB(c, clock_gettime, LIBRT_LIBS="", LIBRT_LIBS="-lrt") |
192 | AC_SUBST([LIBRT_LIBS]) | |
193 | ||
cc410ca9 SB |
194 | AC_PATH_PROG([TCSD], tcsd) |
195 | if test "x$TCSD" = "x"; then | |
64faf455 | 196 | have_tcsd=no |
cc410ca9 | 197 | AC_MSG_WARN([tcsd could not be found; typically need it for tss user account and tests]) |
ef606d4a SB |
198 | else |
199 | have_tcsd=yes | |
200 | fi | |
64faf455 | 201 | AM_CONDITIONAL([HAVE_TCSD], test "$have_tcsd" != "no") |
e46a2b66 | 202 | |
d4c60e44 | 203 | dnl We either need netstat (more common across systems) or 'ss' for test cases |
5cd844d0 | 204 | AC_PATH_PROG([NETSTAT], [netstat]) |
d4c60e44 SB |
205 | if test "x$NETSTAT" = "x"; then |
206 | AC_PATH_PROG([SS], [ss]) | |
207 | if test "x$SS" = "x"; then | |
208 | AC_MSG_ERROR(['netstat' and 'ss' tools are missing for tests: net-tools OR iproute/iproute2 package]) | |
209 | fi | |
210 | fi | |
5cd844d0 | 211 | |
09d1a532 SB |
212 | AC_MSG_CHECKING([for whether to build with CUSE interface]) |
213 | AC_ARG_WITH([cuse], | |
b295c768 | 214 | AS_HELP_STRING([--with-cuse],[build with CUSE interface]), |
09d1a532 SB |
215 | [], |
216 | [with_cuse=check] | |
217 | ) | |
f163b202 | 218 | |
09d1a532 SB |
219 | if test "$with_cuse" != "no"; then |
220 | LIBFUSE_CFLAGS=$(pkg-config fuse --cflags 2>/dev/null) | |
221 | if test $? -ne 0; then | |
222 | if test "$with_cuse" = "yes"; then | |
223 | AC_MSG_ERROR("Is fuse-devel installed? -- could not get cflags for libfuse") | |
224 | else | |
225 | with_cuse=no | |
226 | fi | |
227 | else | |
228 | with_cuse=yes | |
229 | fi | |
498433f7 | 230 | fi |
09d1a532 | 231 | |
2579038d SB |
232 | dnl with_cuse is now yes or no |
233 | if test "$with_cuse" != "no"; then | |
234 | LIBFUSE_LIBS=$(pkg-config fuse --libs) | |
235 | if test $? -ne 0; then | |
236 | AC_MSG_ERROR("Is fuse-devel installed? -- could not get libs for libfuse") | |
237 | fi | |
238 | AC_SUBST([LIBFUSE_CFLAGS]) | |
239 | AC_SUBST([LIBFUSE_LIBS]) | |
240 | AC_DEFINE_UNQUOTED([WITH_CUSE], 1, | |
241 | [whether to build with CUSE interface]) | |
242 | ||
243 | GTHREAD_LIBS=$(pkg-config --libs gthread-2.0) | |
244 | if test $? -ne 0; then | |
245 | AC_MSG_ERROR("Is glib-2.0 installed? -- could not get libs for gthread-2.0") | |
246 | fi | |
247 | AC_SUBST([GTHREAD_LIBS]) | |
248 | fi | |
249 | AM_CONDITIONAL([WITH_CUSE],[test "$with_cuse" = "yes"]) | |
250 | AC_MSG_RESULT($with_cuse) | |
251 | ||
c125e34b SB |
252 | JSON_GLIB_CFLAGS=$(pkg-config --cflags json-glib-1.0) |
253 | if test $? -ne 0; then | |
254 | AC_MSG_ERROR("Is libjson-glib-dev/json-glib-devel installed? -- could not get cflags") | |
255 | fi | |
256 | AC_SUBST([JSON_GLIB_CFLAGS]) | |
257 | ||
258 | JSON_GLIB_LIBS=$(pkg-config --libs json-glib-1.0) | |
259 | if test $? -ne 0; then | |
260 | AC_MSG_ERROR("Is libjson-glib-dev/json-glib-devel installed? -- could not get libs") | |
261 | fi | |
262 | AC_SUBST([JSON_GLIB_LIBS]) | |
263 | ||
264 | GLIB_CFLAGS=$(pkg-config --cflags glib-2.0) | |
265 | if test $? -ne 0; then | |
266 | AC_MSG_ERROR("Is libglib-2.0-dev/glib2-devel installed? -- could not get cflags") | |
267 | fi | |
268 | AC_SUBST([GLIB_CFLAGS]) | |
269 | ||
270 | GLIB_LIBS=$(pkg-config --libs glib-2.0) | |
271 | if test $? -ne 0; then | |
4e1ce735 | 272 | AC_MSG_ERROR("Is libglib-2.0-dev/glib2-devel installed? -- could not get libs") |
c125e34b SB |
273 | fi |
274 | AC_SUBST([GLIB_LIBS]) | |
275 | ||
498433f7 SB |
276 | AC_MSG_CHECKING([for whether to build with chardev interface]) |
277 | case $host_os in | |
278 | linux-*) | |
279 | with_chardev=yes | |
280 | AC_DEFINE_UNQUOTED([WITH_CHARDEV], 1, | |
281 | [whether to build with chardev interface]) | |
282 | ;; | |
283 | *) | |
284 | with_chardev=no | |
285 | esac | |
286 | AM_CONDITIONAL([WITH_CHARDEV],[test "$with_chardev" = "yes"]) | |
b7f55fd0 | 287 | AC_MSG_RESULT($with_chardev) |
498433f7 | 288 | |
10002933 | 289 | AC_ARG_WITH([gnutls], |
b295c768 | 290 | AS_HELP_STRING([--with-gnutls],[build with gnutls library]), |
10002933 SB |
291 | [], |
292 | [with_gnutls=check] | |
293 | ) | |
294 | ||
e46a2b66 SB |
295 | if test "x$with_gnutls" != "xno"; then |
296 | GNUTLS_LDFLAGS=$(pkg-config --libs gnutls) | |
297 | if test $? -ne 0; then | |
33be7be2 | 298 | if test "x$with_gnutls" = "xyes"; then |
e46a2b66 SB |
299 | AC_MSG_ERROR("Is gnutls installed? -- could not get libs for gnutls") |
300 | else | |
301 | with_gnutls=no | |
302 | fi | |
303 | fi | |
304 | fi | |
f163b202 | 305 | |
1828edee | 306 | if test "x$with_gnutls" != "xno"; then |
e9fd0142 SB |
307 | AC_PATH_PROG([GNUTLS_CERTTOOL], certtool) |
308 | if test "x$GNUTLS_CERTTOOL" = "x"; then | |
309 | if test "x$with_gnutls" = "xyes"; then | |
310 | AC_MSG_ERROR("Could not find certtool. Is gnutls-utils/gnutls-bin installed?") | |
311 | else | |
312 | with_gnutls=no | |
313 | fi | |
314 | fi | |
315 | dnl certtool changed how it takes private key passwords | |
316 | dnl 3.3.29 is too old (RHEL 7); we need at least gnutls 3.4.0 | |
317 | AC_MSG_CHECKING([for gnutls 3.4.0 or later]) | |
318 | $(pkg-config gnutls --atleast-version=3.4.0) | |
319 | if test $? -ne 0; then | |
320 | AC_MSG_ERROR([gnutls 3.4.0 is required]) | |
321 | fi | |
322 | AC_MSG_RESULT([yes]) | |
1828edee SB |
323 | fi |
324 | ||
e46a2b66 | 325 | if test "x$with_gnutls" != "xno"; then |
571a8eed | 326 | ORIG_CFLAGS="$CFLAGS" |
baecda40 | 327 | GNUTLS_CFLAGS=$(pkg-config gnutls --cflags) |
571a8eed | 328 | CFLAGS="$CFLAGS $GNUTLS_CFLAGS $GNUTLS_LDFLAGS" |
10002933 | 329 | AC_CHECK_LIB([gnutls], [gnutls_load_file], [ |
e735328e | 330 | GNUTLS_LIBS=$(pkg-config gnutls --libs) |
baecda40 | 331 | ], |
33be7be2 | 332 | [if test "x$with_gnutls" = "xyes"; then |
e46a2b66 SB |
333 | AC_MSG_ERROR([GNUTLS >= 3.1.0 library not found: libgnutls.so]) |
334 | else | |
335 | with_gnutls="no" | |
336 | fi]) | |
571a8eed | 337 | CFLAGS="$ORIG_CFLAGS" |
e46a2b66 SB |
338 | fi |
339 | ||
340 | if test "x$with_gnutls" != "xno"; then | |
571a8eed SB |
341 | ORIG_CFLAGS="$CFLAGS" |
342 | CFLAGS="$CFLAGS $GNUTLS_CFLAGS" | |
e46a2b66 | 343 | AC_CHECK_HEADER(gnutls/abstract.h, [], \ |
33be7be2 | 344 | [if test "x$with_gnutls" = "xyes"; then |
e46a2b66 SB |
345 | AC_MSG_ERROR([GNUTLS >= 3.1.0 library header not found: gnutls/abstract.h]) |
346 | else | |
347 | with_gnutls="no" | |
348 | fi]) | |
571a8eed | 349 | CFLAGS="$ORIG_CFLAGS" |
e46a2b66 SB |
350 | fi |
351 | ||
352 | if test "x$with_gnutls" != "xno"; then | |
353 | with_gnutls="yes" | |
354 | fi | |
33be7be2 | 355 | AM_CONDITIONAL([WITH_GNUTLS], [test "x$with_gnutls" = "xyes"]) |
baecda40 | 356 | AC_SUBST([GNUTLS_LIBS]) |
f163b202 | 357 | |
df4046d0 SB |
358 | DEFAULT_PCR_BANKS="sha256" |
359 | AC_ARG_ENABLE([default-pcr-banks], | |
360 | AS_HELP_STRING( | |
361 | [--enable-default-pcr-banks=list of PCR banks], | |
362 | [Have swtpm_setup activate the given PCR banks by default; | |
363 | default is sha256] | |
364 | ), | |
365 | [], | |
366 | [] | |
367 | ) | |
368 | ||
b91fc6e6 WR |
369 | AC_DEFUN([pcr_bank_checks], [ |
370 | AC_CHECK_PROG([bash], [bash], [yes], [no]) | |
371 | AS_IF([test "x$bash" != "xyes"], | |
372 | [AC_MSG_ERROR([PCR bank verification requires bash, but executable not found.])]) | |
373 | ||
374 | AC_MSG_CHECKING([which PCR banks to activate by default]) | |
375 | REGEX="^(sha1|sha256|sha384|sha512)(,(sha1|sha256|sha384|sha512)){0,3}\$" | |
376 | AS_IF([bash -c "[[[ $DEFAULT_PCR_BANKS =~ $REGEX ]]] && exit 0 || exit 1"], | |
377 | [AC_MSG_RESULT([$DEFAULT_PCR_BANKS])], | |
378 | [AC_MSG_ERROR([$DEFAULT_PCR_BANKS is an invalid list of PCR banks])]) | |
379 | ]) | |
380 | ||
381 | AS_IF([test "x$enable_default_pcr_banks" != "x"],[ | |
382 | DEFAULT_PCR_BANKS="$enable_default_pcr_banks" | |
383 | ]) | |
384 | pcr_bank_checks | |
df4046d0 SB |
385 | AC_SUBST([DEFAULT_PCR_BANKS]) |
386 | ||
48abfbb1 | 387 | AC_PATH_PROG([EXPECT], expect) |
33be7be2 | 388 | if test "x$EXPECT" = "x"; then |
48abfbb1 SB |
389 | AC_MSG_ERROR([expect is required: expect package]) |
390 | fi | |
391 | ||
b080afb5 | 392 | AC_PATH_PROG([GAWK], gawk) |
33be7be2 | 393 | if test "x$GAWK" = "x"; then |
b080afb5 SB |
394 | AC_MSG_ERROR([gawk is required: gawk package]) |
395 | fi | |
396 | ||
8cb126e4 | 397 | AC_PATH_PROG([SOCAT], socat) |
33be7be2 | 398 | if test "x$SOCAT" = "x"; then |
8cb126e4 SB |
399 | AC_MSG_ERROR([socat is required: socat package]) |
400 | fi | |
401 | ||
cc410ca9 SB |
402 | AC_PATH_PROG([BASE64], base64) |
403 | if test "x$BASE64" = "x"; then | |
404 | AC_MSG_ERROR([base64 is required: base64 package]) | |
dbb399de SB |
405 | fi |
406 | ||
cc410ca9 SB |
407 | AC_PATH_PROG([CP], cp) |
408 | if test "x$CP" = "x"; then | |
409 | AC_MSG_ERROR([cp is required]) | |
410 | fi | |
411 | ||
412 | AM_PATH_PYTHON([3.3]) | |
413 | ||
5eeea357 SB |
414 | AC_ARG_ENABLE([hardening], |
415 | AS_HELP_STRING([--disable-hardening], [Disable hardening flags])) | |
a76b4eeb | 416 | |
5eeea357 | 417 | if test "x$enable_hardening" != "xno"; then |
8a05e8fd SB |
418 | # Some versions of gcc fail with -Wstack-protector, |
419 | # some with -Wstack-protector-strong enabled | |
420 | if ! $CC -fstack-protector-strong -Wstack-protector $srcdir/include/swtpm/tpm_ioctl.h 2>/dev/null; then | |
421 | if $CC -fstack-protector -Wstack-protector $srcdir/include/swtpm/tpm_ioctl.h 2>/dev/null; then | |
422 | HARDENING_CFLAGS="-fstack-protector -Wstack-protector" | |
423 | fi | |
5eeea357 | 424 | else |
5e73e324 | 425 | HARDENING_CFLAGS="-fstack-protector-strong -Wstack-protector" |
5eeea357 SB |
426 | fi |
427 | ||
607f1f80 SB |
428 | dnl Only support -D_FORTIFY_SOURCE=2 and have higher levels passed in by user |
429 | dnl since they may create more overhead | |
430 | if $CC $CFLAGS -Werror -D_FORTIFY_SOURCE=2 $srcdir/include/swtpm/tpm_ioctl.h 2>/dev/null; then | |
5e73e324 | 431 | HARDENING_CFLAGS="$HARDENING_CFLAGS -D_FORTIFY_SOURCE=2" |
5eeea357 | 432 | fi |
b381e1eb SB |
433 | dnl Check linker for 'relro' and 'now' |
434 | save_CFLAGS="$CFLAGS" | |
435 | CFLAGS="-Wl,-z,relro -Werror" | |
436 | AC_MSG_CHECKING([whether linker supports -Wl,-z,relro]) | |
2ba23cee | 437 | AC_LINK_IFELSE( |
b381e1eb | 438 | [AC_LANG_SOURCE([[int main() { return 0; }]])], |
0586d2f5 | 439 | [HARDENING_LDFLAGS="$HARDENING_LDFLAGS -Wl,-z,relro" |
b381e1eb SB |
440 | AC_MSG_RESULT(yes)], |
441 | [AC_MSG_RESULT(no)] | |
442 | ) | |
443 | CFLAGS="-Wl,-z,now -Werror" | |
444 | AC_MSG_CHECKING([whether linker supports -Wl,-z,now]) | |
2ba23cee | 445 | AC_LINK_IFELSE( |
b381e1eb | 446 | [AC_LANG_SOURCE([[int main() { return 0; }]])], |
0586d2f5 | 447 | [HARDENING_LDFLAGS="$HARDENING_LDFLAGS -Wl,-z,now" |
b381e1eb SB |
448 | AC_MSG_RESULT(yes)], |
449 | [AC_MSG_RESULT(no)] | |
450 | ) | |
451 | CFLAGS="$save_CFLAGS" | |
5eeea357 | 452 | AC_SUBST([HARDENING_CFLAGS]) |
0586d2f5 | 453 | AC_SUBST([HARDENING_LDFLAGS]) |
a76b4eeb | 454 | fi |
e6085e96 | 455 | |
b8421f3d SB |
456 | AC_ARG_ENABLE([test-coverage], |
457 | AS_HELP_STRING([--enable-test-coverage], [Enable test coverage flags])) | |
458 | ||
459 | if test "x$enable_test_coverage" = "xyes"; then | |
460 | COVERAGE_CFLAGS="-fprofile-arcs -ftest-coverage" | |
461 | COVERAGE_LDFLAGS="-fprofile-arcs" | |
462 | fi | |
463 | ||
0b9c2a05 ET |
464 | AC_ARG_ENABLE([sanitizers], |
465 | AS_HELP_STRING([--enable-sanitizers], [Enable address/undefined sanitizers])) | |
466 | ||
467 | if test "x$enable_sanitizers" = "xyes"; then | |
468 | save_CFLAGS="$CFLAGS" | |
469 | CFLAGS="-fsanitize=address,undefined -fno-omit-frame-pointer" | |
470 | AC_MSG_CHECKING([whether linker supports sanitizer]) | |
471 | AC_LINK_IFELSE( | |
472 | [AC_LANG_SOURCE([[int main() { return 0; }]])], | |
473 | [SANITIZER_CFLAGS="-fsanitize=address,undefined -fno-omit-frame-pointer" | |
474 | SANITIZER_LDFLAGS="-fsanitize=address,undefined" | |
475 | AC_MSG_RESULT(yes)], | |
476 | [AC_MSG_RESULT(no)] | |
477 | ) | |
478 | CFLAGS="$save_CFLAGS" | |
479 | fi | |
480 | ||
c4ac0a11 | 481 | AC_ARG_WITH([tss-user], |
b295c768 | 482 | AS_HELP_STRING([--with-tss-user=TSS_USER],[The tss user to use]), |
c4ac0a11 SB |
483 | [TSS_USER="$withval"], |
484 | [TSS_USER="tss"] | |
485 | ) | |
486 | ||
487 | AC_ARG_WITH([tss-group], | |
b295c768 | 488 | AS_HELP_STRING([--with-tss-group=TSS_GROUP],[The tss group to use]), |
c4ac0a11 SB |
489 | [TSS_GROUP="$withval"], |
490 | [TSS_GROUP="tss"] | |
491 | ) | |
aa88eebe SB |
492 | |
493 | case $have_tcsd in | |
494 | yes) | |
495 | AC_MSG_CHECKING([whether TSS_USER $TSS_USER is available]) | |
496 | if ! test $(id -u $TSS_USER); then | |
497 | AC_MSG_ERROR(["$TSS_USER is not available"]) | |
498 | else | |
499 | AC_MSG_RESULT([yes]) | |
500 | fi | |
501 | AC_MSG_CHECKING([whether TSS_GROUP $TSS_GROUP is available]) | |
502 | if ! test $(id -g $TSS_GROUP); then | |
503 | AC_MSG_ERROR(["$TSS_GROUP is not available"]) | |
504 | else | |
505 | AC_MSG_RESULT([yes]) | |
506 | fi | |
507 | ;; | |
508 | esac | |
509 | ||
c4ac0a11 SB |
510 | AC_SUBST([TSS_USER]) |
511 | AC_SUBST([TSS_GROUP]) | |
512 | ||
f163b202 SB |
513 | CFLAGS="$CFLAGS -Wreturn-type -Wsign-compare -Wswitch-enum" |
514 | CFLAGS="$CFLAGS -Wmissing-prototypes -Wall -Werror" | |
e6085e96 | 515 | CFLAGS="$CFLAGS -Wformat -Wformat-security" |
0b9c2a05 | 516 | CFLAGS="$CFLAGS $GNUTLS_CFLAGS $COVERAGE_CFLAGS $SANITIZER_CFLAGS" |
b8421f3d | 517 | |
0b9c2a05 | 518 | LDFLAGS="$LDFLAGS $COVERAGE_LDFLAGS $SANITIZER_LDFLAGS" |
f163b202 | 519 | |
f2458ef7 SB |
520 | dnl Simulate the following for systems with pkg-config < 0.28: |
521 | dnl PKG_CHECK_VAR([libtpms_cryptolib], [libtpms], [cryptolib], | |
522 | dnl [], AC_MSG_ERROR([Could not determine libtpms crypto library.])) | |
523 | PKG_PROG_PKG_CONFIG | |
524 | ||
525 | AC_MSG_CHECKING([Checking the crypto library libtpms is linked to]) | |
526 | libtpms_cryptolib=`$PKG_CONFIG --variable cryptolib libtpms` | |
33be7be2 | 527 | if test "x$libtpms_cryptolib" = "x"; then |
b4374c33 JB |
528 | AC_MSG_WARN([Could not determine the crypto library libtpms is using, assuming ${cryptolib}]) |
529 | libtpms_cryptolib=${cryptolib} | |
f2458ef7 SB |
530 | fi |
531 | AC_MSG_RESULT($libtpms_cryptolib) | |
86cc4527 SB |
532 | |
533 | if test "$libtpms_cryptolib" != "$cryptolib"; then | |
534 | echo "libtpms is using $libtpms_cryptolib; we have to use the same" | |
33be7be2 | 535 | if test "$cryptolib" = "openssl"; then |
86cc4527 SB |
536 | AC_MSG_ERROR([do not use --with-openssl]) |
537 | else | |
538 | AC_MSG_ERROR([use --with-openssl]) | |
539 | fi | |
540 | fi | |
541 | ||
c751e32e SB |
542 | with_vtpm_proxy=no |
543 | case $host_os in | |
f071d820 | 544 | linux-*) |
c751e32e SB |
545 | with_vtpm_proxy=yes |
546 | AC_DEFINE_UNQUOTED([WITH_VTPM_PROXY], 1, | |
547 | [whether to build in vTPM proxy support (Linux only)]) | |
548 | esac | |
549 | ||
761df6cd SB |
550 | dnl Seccomp profile using -lseccomp (Linux only) |
551 | case $host_os in | |
552 | linux-*) | |
553 | with_seccomp_default=yes | |
554 | ;; | |
555 | *) | |
556 | with_seccomp_default=no | |
557 | ;; | |
558 | esac | |
559 | ||
560 | AC_MSG_CHECKING([for whether to build with seccomp profile]) | |
561 | AC_ARG_WITH([seccomp], | |
b295c768 | 562 | AS_HELP_STRING([--with-seccomp],[build with seccomp profile]), |
0232f78f | 563 | AC_MSG_RESULT([$with_seccomp]), |
761df6cd | 564 | [with_seccomp=$with_seccomp_default] |
0232f78f | 565 | AC_MSG_RESULT([$with_seccomp]) |
761df6cd SB |
566 | ) |
567 | ||
568 | if test "$with_seccomp" != "no"; then | |
569 | LIBSECCOMP_CFLAGS=$(pkg-config libseccomp --cflags 2>/dev/null) | |
570 | if test $? -ne 0; then | |
571 | AC_MSG_ERROR("Is libseccomp-devel installed? -- could not get cflags for libseccomp") | |
572 | else | |
573 | with_libseccomp=yes | |
574 | fi | |
575 | LIBSECCOMP_LIBS=$(pkg-config --libs libseccomp) | |
576 | AC_SUBST([LIBSECCOMP_LIBS]) | |
577 | AC_SUBST([LIBSECCOMP_CFLAGS]) | |
578 | AC_DEFINE_UNQUOTED([WITH_SECCOMP], 1, | |
579 | [whether to build in seccomp profile (Linux only)]) | |
580 | fi | |
581 | ||
da733896 SB |
582 | MY_CFLAGS="$CFLAGS" |
583 | MY_LDFLAGS="$LDFLAGS" | |
584 | AC_SUBST([MY_CFLAGS]) | |
585 | AC_SUBST([MY_LDFLAGS]) | |
cbaf04b4 | 586 | |
44b92d43 SB |
587 | AC_CONFIG_FILES([Makefile \ |
588 | debian/swtpm-tools.postinst \ | |
4608cc33 | 589 | swtpm.spec \ |
e46a2b66 | 590 | samples/Makefile \ |
d16b86b7 | 591 | samples/swtpm-localca.conf \ |
a12b09b1 | 592 | samples/swtpm-create-user-config-files \ |
edfb8d8a | 593 | samples/swtpm_setup.conf \ |
f163b202 SB |
594 | include/Makefile \ |
595 | include/swtpm/Makefile \ | |
a1fa5d77 | 596 | include/swtpm.h \ |
f163b202 SB |
597 | src/Makefile \ |
598 | src/selinux/Makefile \ | |
a772d48c SB |
599 | src/selinux/swtpm.fc \ |
600 | src/selinux/swtpmcuse.fc \ | |
f163b202 | 601 | src/swtpm/Makefile \ |
e46a2b66 SB |
602 | src/swtpm_bios/Makefile \ |
603 | src/swtpm_cert/Makefile \ | |
604 | src/swtpm_ioctl/Makefile \ | |
ddc75216 NC |
605 | src/swtpm_localca/Makefile \ |
606 | src/swtpm_localca/swtpm_localca_conf.h \ | |
e46a2b66 | 607 | src/swtpm_setup/Makefile \ |
c125e34b SB |
608 | src/swtpm_setup/swtpm_setup_conf.h \ |
609 | src/utils/Makefile \ | |
f163b202 | 610 | man/Makefile \ |
39d0c3de | 611 | man/man3/Makefile \ |
33aa1355 | 612 | man/man5/Makefile \ |
f163b202 | 613 | man/man8/Makefile \ |
e46a2b66 | 614 | tests/Makefile \ |
c4ac0a11 | 615 | tests/test_config \ |
10002933 | 616 | ]) |
fd00c5ff SB |
617 | AC_CONFIG_FILES([samples/swtpm-localca], |
618 | [chmod 755 samples/swtpm-localca]) | |
f163b202 SB |
619 | AC_OUTPUT |
620 | ||
e46a2b66 | 621 | echo |
c3fdf688 | 622 | printf "with_gnutls : %5s (no = swtpm_cert will NOT be built)\n" $with_gnutls |
040c7097 | 623 | printf "with_selinux : %5s (no = SELinux policy extensions will NOT be built)\n" $with_selinux |
c3fdf688 | 624 | printf "with_cuse : %5s (no = no CUSE interface)\n" $with_cuse |
498433f7 | 625 | printf "with_chardev : %5s (no = no chardev interface)\n" $with_chardev |
c751e32e | 626 | printf "with_vtpm_proxy : %5s (no = no vtpm proxy support; Linux only)\n" $with_vtpm_proxy |
761df6cd | 627 | printf "with_seccomp : %5s (no = no seccomp profile; Linux only)\n" $with_seccomp |
df4046d0 SB |
628 | printf "\n" |
629 | printf "active PCR banks : %s\n" $DEFAULT_PCR_BANKS | |
e46a2b66 | 630 | echo |
040c7097 SB |
631 | echo "Version to build : $PACKAGE_VERSION" |
632 | echo "Crypto library : $cryptolib" | |
10002933 | 633 | echo |
da733896 | 634 | echo " MY_CFLAGS = $MY_CFLAGS" |
b5701034 SB |
635 | echo " HARDENING_CFLAGS = $HARDENING_CFLAGS" |
636 | echo "HARDENING_LDFLAGS = $HARDENING_LDFLAGS" | |
da733896 | 637 | echo " MY_LDFLAGS = $MY_LDFLAGS" |
b5701034 SB |
638 | echo " LIBSECCOMP_LIBS = $LIBSECCOMP_LIBS" |
639 | echo " JSON_GLIB_CFLAGS = $JSON_GLIB_CFLAGS" | |
640 | echo " JSON_GLIB_LIBS = $JSON_GLIB_LIBS" | |
641 | echo " GLIB_CFLAGS = $GLIB_CFLAGS" | |
642 | echo " GLIB_LIBS = $GLIB_LIBS" | |
e735328e | 643 | echo " GNUTLS_LIBS = $GNUTLS_LIBS" |
c4ac0a11 SB |
644 | echo |
645 | echo "TSS_USER=$TSS_USER" | |
646 | echo "TSS_GROUP=$TSS_GROUP" | |
647 | echo |