]>
Commit | Line | Data |
---|---|---|
f163b202 SB |
1 | # |
2 | # configure.ac | |
3 | # | |
4 | # The Initial Developer of the Original Code is International | |
5 | # Business Machines Corporation. Portions created by IBM | |
6 | # Corporation are Copyright (C) 2014 International Business | |
7 | # Machines Corporation. All Rights Reserved. | |
8 | # | |
9 | # This program is free software; you can redistribute it and/or modify | |
10 | # it under the terms of the Common Public License as published by | |
11 | # IBM Corporation; either version 1 of the License, or (at your option) | |
12 | # any later version. | |
13 | # | |
14 | # This program is distributed in the hope that it will be useful, | |
15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
17 | # Common Public License for more details. | |
18 | # | |
19 | # You should have received a copy of the Common Public License | |
20 | # along with this program; if not, a copy can be viewed at | |
21 | # http://www.opensource.org/licenses/cpl1.0.php. | |
22 | # | |
23 | # This file is derived from tpm-tool's configure.in. | |
24 | # | |
25 | ||
a451415c | 26 | AC_INIT([swtpm],[0.7.1]) |
b295c768 | 27 | AC_PREREQ([2.69]) |
f163b202 | 28 | AC_CONFIG_SRCDIR(Makefile.am) |
b295c768 | 29 | AC_CONFIG_HEADERS([config.h]) |
f163b202 SB |
30 | |
31 | SWTPM_VER_MAJOR=`echo $PACKAGE_VERSION | cut -d "." -f1` | |
32 | SWTPM_VER_MINOR=`echo $PACKAGE_VERSION | cut -d "." -f2` | |
33 | SWTPM_VER_MICRO=`echo $PACKAGE_VERSION | cut -d "." -f3` | |
34 | ||
35 | AC_SUBST([SWTPM_VER_MAJOR]) | |
36 | AC_SUBST([SWTPM_VER_MINOR]) | |
37 | AC_SUBST([SWTPM_VER_MICRO]) | |
38 | ||
39 | dnl Check for programs | |
40 | AC_PROG_CC | |
41 | AC_PROG_INSTALL | |
42 | AC_PROG_LN_S | |
908afaf5 | 43 | LT_INIT |
f163b202 | 44 | |
f163b202 SB |
45 | AC_CONFIG_MACRO_DIR([m4]) |
46 | AC_CANONICAL_TARGET | |
c3fdf688 | 47 | AC_CANONICAL_HOST |
f163b202 | 48 | AM_INIT_AUTOMAKE([foreign 1.6]) |
13cb26d8 | 49 | AM_SILENT_RULES([yes]) |
f163b202 SB |
50 | |
51 | DEBUG="" | |
52 | AC_MSG_CHECKING([for debug-enabled build]) | |
b295c768 | 53 | AC_ARG_ENABLE(debug, AS_HELP_STRING([--enable-debug],[create a debug build]), |
f163b202 SB |
54 | [if test "$enableval" = "yes"; then |
55 | DEBUG="yes" | |
56 | AC_MSG_RESULT([yes]) | |
57 | else | |
58 | DEBUG="no" | |
59 | AC_MSG_RESULT([no]) | |
60 | fi], | |
61 | [DEBUG="no", | |
62 | AC_MSG_RESULT([no])]) | |
63 | ||
64 | # If the user has not set CFLAGS, do something appropriate | |
65 | test_CFLAGS=${CFLAGS+set} | |
66 | if test "$test_CFLAGS" != set; then | |
33be7be2 | 67 | if test "$DEBUG" = "yes"; then |
f163b202 SB |
68 | CFLAGS="-O0 -g -DDEBUG" |
69 | else | |
70 | CFLAGS="-g -O2" | |
71 | fi | |
33be7be2 | 72 | elif test "$DEBUG" = "yes"; then |
f163b202 SB |
73 | CFLAGS="$CFLAGS -O0 -g -DDEBUG" |
74 | fi | |
75 | ||
e46a2b66 SB |
76 | AC_C_CONST |
77 | AC_C_INLINE | |
78 | ||
79 | AC_TYPE_SIZE_T | |
e46a2b66 | 80 | |
baecda40 SB |
81 | AC_PROG_CC |
82 | AC_PROG_INSTALL | |
3cb54a5d | 83 | AC_PROG_MKDIR_P |
e46a2b66 | 84 | |
ec37bb56 SB |
85 | AC_ARG_WITH([selinux], |
86 | AS_HELP_STRING([--with-selinux], | |
87 | [add SELinux policy extensions @<:@default=check@:>@])) | |
88 | m4_divert_text([DEFAULTS], [with_selinux=check]) | |
89 | ||
90 | dnl Check for SELinux policy support | |
91 | ||
92 | if test "$with_selinux" != "no"; then | |
93 | if test "$with_selinux" = "check" || test "$with_selinux" = "yes"; then | |
94 | if ! test -f /usr/share/selinux/devel/Makefile; then | |
95 | if test "$with_selinux" = "yes"; then | |
96 | AC_MSG_ERROR("Is selinux-policy-devel installed?") | |
97 | else | |
98 | with_selinux="no" | |
99 | fi | |
100 | fi | |
101 | AC_PATH_PROG([SEMODULE], semodule) | |
33be7be2 | 102 | if test "x$SEMODULE" = "x"; then |
ec37bb56 SB |
103 | if test "$with_selinux" = "yes"; then |
104 | AC_MSG_ERROR("Is selinux-policy-devel installed?") | |
105 | else | |
106 | with_selinux="no" | |
107 | fi | |
108 | fi | |
109 | if test "$with_selinux" = "check"; then | |
110 | with_selinux="yes" | |
111 | fi | |
112 | fi | |
113 | fi | |
33be7be2 | 114 | AM_CONDITIONAL([WITH_SELINUX], [test "x$with_selinux" = "xyes"]) |
ec37bb56 | 115 | |
b096be26 SB |
116 | if test "$prefix" = "/usr" && test "$sysconfdir" = '${prefix}/etc'; then |
117 | sysconfdir="/etc" | |
118 | fi | |
119 | if test "$prefix" = "" && test "$datarootdir" = '${prefix}/share'; then | |
120 | datarootdir="/usr/share" | |
121 | fi | |
d16b86b7 SB |
122 | if test "$prefix" = "/usr" && test "$localstatedir" = '${prefix}/var'; then |
123 | localstatedir="/var" | |
124 | fi | |
5d35321e SB |
125 | if test "x$prefix" = "xNONE"; then |
126 | prefix="/usr/local" | |
127 | fi | |
fd00c5ff SB |
128 | if test "x$exec_prefix" = "xNONE"; then |
129 | exec_prefix=$prefix | |
130 | fi | |
0432b653 SB |
131 | SYSCONFDIR=`eval echo $sysconfdir` |
132 | DATAROOTDIR=`eval echo $datarootdir` | |
d16b86b7 | 133 | LOCALSTATEDIR=`eval echo $localstatedir` |
fd00c5ff | 134 | BINDIR=`eval echo $bindir` |
0432b653 SB |
135 | AC_SUBST([SYSCONFDIR]) |
136 | AC_SUBST([DATAROOTDIR]) | |
d16b86b7 | 137 | AC_SUBST([LOCALSTATEDIR]) |
fd00c5ff | 138 | AC_SUBST([BINDIR]) |
b096be26 | 139 | |
7849b6c6 | 140 | cryptolib=openssl |
3bbdd7bc SB |
141 | |
142 | AC_ARG_WITH([openssl], | |
7849b6c6 SB |
143 | [AS_HELP_STRING([--with-openssl], |
144 | [build with openssl library])], | |
145 | [], | |
146 | []) | |
3bbdd7bc SB |
147 | |
148 | case "$cryptolib" in | |
3bbdd7bc | 149 | openssl) |
7849b6c6 SB |
150 | AC_CHECK_LIB(crypto, |
151 | [AES_set_encrypt_key], | |
b78b6af2 | 152 | [true], |
7849b6c6 SB |
153 | AC_MSG_ERROR(Faulty openssl crypto library)) |
154 | AC_CHECK_HEADERS([openssl/aes.h],[], | |
155 | AC_MSG_ERROR(Is openssl-devel/libssl-dev installed?)) | |
156 | AC_MSG_RESULT([Building with openssl crypto library]) | |
0371b63b SB |
157 | LIBCRYPTO_LIBS=$(pkg-config --libs libcrypto) |
158 | AC_SUBST([LIBCRYPTO_LIBS]) | |
7849b6c6 | 159 | ;; |
3bbdd7bc | 160 | esac |
833a5416 | 161 | |
baecda40 SB |
162 | LIBTASN1_LIBS=$(pkg-config --libs libtasn1) |
163 | if test $? -ne 0; then | |
164 | AC_MSG_ERROR("Is libtasn1-devel installed? -- could not get libs for libtasn1") | |
165 | fi | |
166 | AC_SUBST([LIBTASN1_LIBS]) | |
f163b202 | 167 | |
3b33116d SB |
168 | PKG_CHECK_MODULES( |
169 | [LIBTPMS], | |
170 | [libtpms], | |
171 | , | |
172 | AC_MSG_ERROR("no libtpms.pc found; please set PKG_CONFIG_PATH to the directory where libtpms.pc is located") | |
173 | ) | |
8d086ee9 | 174 | LDFLAGS="$LDFLAGS $LIBTPMS_LIBS" |
b4374c33 | 175 | CFLAGS="$CFLAGS $LIBTPMS_CFLAGS" |
fbc596ab | 176 | AC_CHECK_LIB(tpms, |
b78b6af2 | 177 | TPMLIB_ChooseTPMVersion,[true], |
fbc596ab SB |
178 | AC_MSG_ERROR("libtpms 0.6 or later is required") |
179 | ) | |
baecda40 | 180 | AC_SUBST([LIBTPMS_LIBS]) |
f163b202 | 181 | |
5478de0a SB |
182 | AC_CHECK_LIB(c, clock_gettime, LIBRT_LIBS="", LIBRT_LIBS="-lrt") |
183 | AC_SUBST([LIBRT_LIBS]) | |
184 | ||
cc410ca9 SB |
185 | AC_PATH_PROG([TCSD], tcsd) |
186 | if test "x$TCSD" = "x"; then | |
64faf455 | 187 | have_tcsd=no |
cc410ca9 | 188 | AC_MSG_WARN([tcsd could not be found; typically need it for tss user account and tests]) |
ef606d4a SB |
189 | else |
190 | have_tcsd=yes | |
191 | fi | |
64faf455 | 192 | AM_CONDITIONAL([HAVE_TCSD], test "$have_tcsd" != "no") |
e46a2b66 | 193 | |
d4c60e44 | 194 | dnl We either need netstat (more common across systems) or 'ss' for test cases |
5cd844d0 | 195 | AC_PATH_PROG([NETSTAT], [netstat]) |
d4c60e44 SB |
196 | if test "x$NETSTAT" = "x"; then |
197 | AC_PATH_PROG([SS], [ss]) | |
198 | if test "x$SS" = "x"; then | |
199 | AC_MSG_ERROR(['netstat' and 'ss' tools are missing for tests: net-tools OR iproute/iproute2 package]) | |
200 | fi | |
201 | fi | |
5cd844d0 | 202 | |
09d1a532 SB |
203 | AC_MSG_CHECKING([for whether to build with CUSE interface]) |
204 | AC_ARG_WITH([cuse], | |
b295c768 | 205 | AS_HELP_STRING([--with-cuse],[build with CUSE interface]), |
09d1a532 SB |
206 | [], |
207 | [with_cuse=check] | |
208 | ) | |
f163b202 | 209 | |
09d1a532 SB |
210 | if test "$with_cuse" != "no"; then |
211 | LIBFUSE_CFLAGS=$(pkg-config fuse --cflags 2>/dev/null) | |
212 | if test $? -ne 0; then | |
213 | if test "$with_cuse" = "yes"; then | |
214 | AC_MSG_ERROR("Is fuse-devel installed? -- could not get cflags for libfuse") | |
215 | else | |
216 | with_cuse=no | |
217 | fi | |
218 | else | |
219 | with_cuse=yes | |
220 | fi | |
498433f7 | 221 | fi |
09d1a532 | 222 | |
c125e34b SB |
223 | JSON_GLIB_CFLAGS=$(pkg-config --cflags json-glib-1.0) |
224 | if test $? -ne 0; then | |
225 | AC_MSG_ERROR("Is libjson-glib-dev/json-glib-devel installed? -- could not get cflags") | |
226 | fi | |
227 | AC_SUBST([JSON_GLIB_CFLAGS]) | |
228 | ||
229 | JSON_GLIB_LIBS=$(pkg-config --libs json-glib-1.0) | |
230 | if test $? -ne 0; then | |
231 | AC_MSG_ERROR("Is libjson-glib-dev/json-glib-devel installed? -- could not get libs") | |
232 | fi | |
233 | AC_SUBST([JSON_GLIB_LIBS]) | |
234 | ||
235 | GLIB_CFLAGS=$(pkg-config --cflags glib-2.0) | |
236 | if test $? -ne 0; then | |
237 | AC_MSG_ERROR("Is libglib-2.0-dev/glib2-devel installed? -- could not get cflags") | |
238 | fi | |
239 | AC_SUBST([GLIB_CFLAGS]) | |
240 | ||
241 | GLIB_LIBS=$(pkg-config --libs glib-2.0) | |
242 | if test $? -ne 0; then | |
4e1ce735 | 243 | AC_MSG_ERROR("Is libglib-2.0-dev/glib2-devel installed? -- could not get libs") |
c125e34b SB |
244 | fi |
245 | AC_SUBST([GLIB_LIBS]) | |
246 | ||
09d1a532 SB |
247 | dnl with_cuse is now yes or no |
248 | if test "$with_cuse" != "no"; then | |
249 | LIBFUSE_LIBS=$(pkg-config fuse --libs) | |
250 | if test $? -ne 0; then | |
251 | AC_MSG_ERROR("Is fuse-devel installed? -- could not get libs for libfuse") | |
252 | fi | |
253 | AC_SUBST([LIBFUSE_CFLAGS]) | |
254 | AC_SUBST([LIBFUSE_LIBS]) | |
255 | AC_DEFINE_UNQUOTED([WITH_CUSE], 1, | |
256 | [whether to build with CUSE interface]) | |
ebf1557d | 257 | |
ebf1557d SB |
258 | GTHREAD_LIBS=$(pkg-config --libs gthread-2.0) |
259 | if test $? -ne 0; then | |
260 | AC_MSG_ERROR("Is glib-2.0 installed? -- could not get libs for gthread-2.0") | |
261 | fi | |
262 | AC_SUBST([GTHREAD_LIBS]) | |
baecda40 | 263 | fi |
09d1a532 SB |
264 | AM_CONDITIONAL([WITH_CUSE],[test "$with_cuse" = "yes"]) |
265 | AC_MSG_RESULT($with_cuse) | |
f163b202 | 266 | |
498433f7 SB |
267 | AC_MSG_CHECKING([for whether to build with chardev interface]) |
268 | case $host_os in | |
269 | linux-*) | |
270 | with_chardev=yes | |
271 | AC_DEFINE_UNQUOTED([WITH_CHARDEV], 1, | |
272 | [whether to build with chardev interface]) | |
273 | ;; | |
274 | *) | |
275 | with_chardev=no | |
276 | esac | |
277 | AM_CONDITIONAL([WITH_CHARDEV],[test "$with_chardev" = "yes"]) | |
278 | AC_MSG_RESULT($with_cuse) | |
279 | ||
10002933 | 280 | AC_ARG_WITH([gnutls], |
b295c768 | 281 | AS_HELP_STRING([--with-gnutls],[build with gnutls library]), |
10002933 SB |
282 | [], |
283 | [with_gnutls=check] | |
284 | ) | |
285 | ||
e46a2b66 SB |
286 | if test "x$with_gnutls" != "xno"; then |
287 | GNUTLS_LDFLAGS=$(pkg-config --libs gnutls) | |
288 | if test $? -ne 0; then | |
33be7be2 | 289 | if test "x$with_gnutls" = "xyes"; then |
e46a2b66 SB |
290 | AC_MSG_ERROR("Is gnutls installed? -- could not get libs for gnutls") |
291 | else | |
292 | with_gnutls=no | |
293 | fi | |
294 | fi | |
295 | fi | |
f163b202 | 296 | |
1828edee | 297 | if test "x$with_gnutls" != "xno"; then |
e9fd0142 SB |
298 | AC_PATH_PROG([GNUTLS_CERTTOOL], certtool) |
299 | if test "x$GNUTLS_CERTTOOL" = "x"; then | |
300 | if test "x$with_gnutls" = "xyes"; then | |
301 | AC_MSG_ERROR("Could not find certtool. Is gnutls-utils/gnutls-bin installed?") | |
302 | else | |
303 | with_gnutls=no | |
304 | fi | |
305 | fi | |
306 | dnl certtool changed how it takes private key passwords | |
307 | dnl 3.3.29 is too old (RHEL 7); we need at least gnutls 3.4.0 | |
308 | AC_MSG_CHECKING([for gnutls 3.4.0 or later]) | |
309 | $(pkg-config gnutls --atleast-version=3.4.0) | |
310 | if test $? -ne 0; then | |
311 | AC_MSG_ERROR([gnutls 3.4.0 is required]) | |
312 | fi | |
313 | AC_MSG_RESULT([yes]) | |
1828edee SB |
314 | fi |
315 | ||
e46a2b66 | 316 | if test "x$with_gnutls" != "xno"; then |
571a8eed | 317 | ORIG_CFLAGS="$CFLAGS" |
baecda40 | 318 | GNUTLS_CFLAGS=$(pkg-config gnutls --cflags) |
571a8eed | 319 | CFLAGS="$CFLAGS $GNUTLS_CFLAGS $GNUTLS_LDFLAGS" |
10002933 | 320 | AC_CHECK_LIB([gnutls], [gnutls_load_file], [ |
baecda40 SB |
321 | GNUTLS_LIBS=-lgnutls |
322 | ], | |
33be7be2 | 323 | [if test "x$with_gnutls" = "xyes"; then |
e46a2b66 SB |
324 | AC_MSG_ERROR([GNUTLS >= 3.1.0 library not found: libgnutls.so]) |
325 | else | |
326 | with_gnutls="no" | |
327 | fi]) | |
571a8eed | 328 | CFLAGS="$ORIG_CFLAGS" |
e46a2b66 SB |
329 | fi |
330 | ||
331 | if test "x$with_gnutls" != "xno"; then | |
571a8eed SB |
332 | ORIG_CFLAGS="$CFLAGS" |
333 | CFLAGS="$CFLAGS $GNUTLS_CFLAGS" | |
e46a2b66 | 334 | AC_CHECK_HEADER(gnutls/abstract.h, [], \ |
33be7be2 | 335 | [if test "x$with_gnutls" = "xyes"; then |
e46a2b66 SB |
336 | AC_MSG_ERROR([GNUTLS >= 3.1.0 library header not found: gnutls/abstract.h]) |
337 | else | |
338 | with_gnutls="no" | |
339 | fi]) | |
571a8eed | 340 | CFLAGS="$ORIG_CFLAGS" |
e46a2b66 SB |
341 | fi |
342 | ||
343 | if test "x$with_gnutls" != "xno"; then | |
344 | with_gnutls="yes" | |
345 | fi | |
33be7be2 | 346 | AM_CONDITIONAL([WITH_GNUTLS], [test "x$with_gnutls" = "xyes"]) |
baecda40 | 347 | AC_SUBST([GNUTLS_LIBS]) |
f163b202 | 348 | |
df4046d0 SB |
349 | DEFAULT_PCR_BANKS="sha256" |
350 | AC_ARG_ENABLE([default-pcr-banks], | |
351 | AS_HELP_STRING( | |
352 | [--enable-default-pcr-banks=list of PCR banks], | |
353 | [Have swtpm_setup activate the given PCR banks by default; | |
354 | default is sha256] | |
355 | ), | |
356 | [], | |
357 | [] | |
358 | ) | |
359 | ||
360 | if test "x$enable_default_pcr_banks" != "x"; then | |
361 | DEFAULT_PCR_BANKS="$enable_default_pcr_banks" | |
362 | fi | |
363 | AC_MSG_CHECKING([which PCR banks to activate by default]) | |
9726af51 SB |
364 | REGEX="^(sha1|sha256|sha384|sha512)(,(sha1|sha256|sha384|sha512)){0,3}\$" |
365 | if bash -c "[[[ $DEFAULT_PCR_BANKS =~ $REGEX ]]] && exit 0 || exit 1"; then | |
df4046d0 SB |
366 | AC_MSG_RESULT([$DEFAULT_PCR_BANKS]) |
367 | else | |
368 | AC_MSG_ERROR([$DEFAULT_PCR_BANKS is an invalid list of PCR banks]) | |
369 | fi | |
370 | AC_SUBST([DEFAULT_PCR_BANKS]) | |
371 | ||
48abfbb1 | 372 | AC_PATH_PROG([EXPECT], expect) |
33be7be2 | 373 | if test "x$EXPECT" = "x"; then |
48abfbb1 SB |
374 | AC_MSG_ERROR([expect is required: expect package]) |
375 | fi | |
376 | ||
b080afb5 | 377 | AC_PATH_PROG([GAWK], gawk) |
33be7be2 | 378 | if test "x$GAWK" = "x"; then |
b080afb5 SB |
379 | AC_MSG_ERROR([gawk is required: gawk package]) |
380 | fi | |
381 | ||
8cb126e4 | 382 | AC_PATH_PROG([SOCAT], socat) |
33be7be2 | 383 | if test "x$SOCAT" = "x"; then |
8cb126e4 SB |
384 | AC_MSG_ERROR([socat is required: socat package]) |
385 | fi | |
386 | ||
cc410ca9 SB |
387 | AC_PATH_PROG([BASE64], base64) |
388 | if test "x$BASE64" = "x"; then | |
389 | AC_MSG_ERROR([base64 is required: base64 package]) | |
dbb399de SB |
390 | fi |
391 | ||
cc410ca9 SB |
392 | AC_PATH_PROG([CP], cp) |
393 | if test "x$CP" = "x"; then | |
394 | AC_MSG_ERROR([cp is required]) | |
395 | fi | |
396 | ||
397 | AM_PATH_PYTHON([3.3]) | |
398 | ||
5eeea357 SB |
399 | AC_ARG_ENABLE([hardening], |
400 | AS_HELP_STRING([--disable-hardening], [Disable hardening flags])) | |
a76b4eeb | 401 | |
5eeea357 SB |
402 | if test "x$enable_hardening" != "xno"; then |
403 | TMP="$($CC -fstack-protector-strong $srcdir/include/swtpm/tpm_ioctl.h 2>&1)" | |
404 | if echo $TMP | $GREP 'unrecognized command line option' >/dev/null; then | |
5e73e324 | 405 | HARDENING_CFLAGS="-fstack-protector -Wstack-protector" |
5eeea357 | 406 | else |
5e73e324 | 407 | HARDENING_CFLAGS="-fstack-protector-strong -Wstack-protector" |
5eeea357 SB |
408 | fi |
409 | ||
410 | dnl Must not have -O0 but must have a -O for -D_FORTIFY_SOURCE=2 | |
411 | TMP1="$(echo $CFLAGS | sed -n 's/.*\(-O0\).*/\1/p')" | |
412 | TMP2="$(echo $CFLAGS | sed -n 's/.*\(-O\).*/\1/p')" | |
502cb112 | 413 | if test -z "$TMP1" && test -n "$TMP2"; then |
5e73e324 | 414 | HARDENING_CFLAGS="$HARDENING_CFLAGS -D_FORTIFY_SOURCE=2" |
5eeea357 | 415 | fi |
b381e1eb SB |
416 | dnl Check linker for 'relro' and 'now' |
417 | save_CFLAGS="$CFLAGS" | |
418 | CFLAGS="-Wl,-z,relro -Werror" | |
419 | AC_MSG_CHECKING([whether linker supports -Wl,-z,relro]) | |
2ba23cee | 420 | AC_LINK_IFELSE( |
b381e1eb | 421 | [AC_LANG_SOURCE([[int main() { return 0; }]])], |
0586d2f5 | 422 | [HARDENING_LDFLAGS="$HARDENING_LDFLAGS -Wl,-z,relro" |
b381e1eb SB |
423 | AC_MSG_RESULT(yes)], |
424 | [AC_MSG_RESULT(no)] | |
425 | ) | |
426 | CFLAGS="-Wl,-z,now -Werror" | |
427 | AC_MSG_CHECKING([whether linker supports -Wl,-z,now]) | |
2ba23cee | 428 | AC_LINK_IFELSE( |
b381e1eb | 429 | [AC_LANG_SOURCE([[int main() { return 0; }]])], |
0586d2f5 | 430 | [HARDENING_LDFLAGS="$HARDENING_LDFLAGS -Wl,-z,now" |
b381e1eb SB |
431 | AC_MSG_RESULT(yes)], |
432 | [AC_MSG_RESULT(no)] | |
433 | ) | |
434 | CFLAGS="$save_CFLAGS" | |
5eeea357 | 435 | AC_SUBST([HARDENING_CFLAGS]) |
0586d2f5 | 436 | AC_SUBST([HARDENING_LDFLAGS]) |
a76b4eeb | 437 | fi |
e6085e96 | 438 | |
b8421f3d SB |
439 | AC_ARG_ENABLE([test-coverage], |
440 | AS_HELP_STRING([--enable-test-coverage], [Enable test coverage flags])) | |
441 | ||
442 | if test "x$enable_test_coverage" = "xyes"; then | |
443 | COVERAGE_CFLAGS="-fprofile-arcs -ftest-coverage" | |
444 | COVERAGE_LDFLAGS="-fprofile-arcs" | |
445 | fi | |
446 | ||
0b9c2a05 ET |
447 | AC_ARG_ENABLE([sanitizers], |
448 | AS_HELP_STRING([--enable-sanitizers], [Enable address/undefined sanitizers])) | |
449 | ||
450 | if test "x$enable_sanitizers" = "xyes"; then | |
451 | save_CFLAGS="$CFLAGS" | |
452 | CFLAGS="-fsanitize=address,undefined -fno-omit-frame-pointer" | |
453 | AC_MSG_CHECKING([whether linker supports sanitizer]) | |
454 | AC_LINK_IFELSE( | |
455 | [AC_LANG_SOURCE([[int main() { return 0; }]])], | |
456 | [SANITIZER_CFLAGS="-fsanitize=address,undefined -fno-omit-frame-pointer" | |
457 | SANITIZER_LDFLAGS="-fsanitize=address,undefined" | |
458 | AC_MSG_RESULT(yes)], | |
459 | [AC_MSG_RESULT(no)] | |
460 | ) | |
461 | CFLAGS="$save_CFLAGS" | |
462 | fi | |
463 | ||
c4ac0a11 | 464 | AC_ARG_WITH([tss-user], |
b295c768 | 465 | AS_HELP_STRING([--with-tss-user=TSS_USER],[The tss user to use]), |
c4ac0a11 SB |
466 | [TSS_USER="$withval"], |
467 | [TSS_USER="tss"] | |
468 | ) | |
469 | ||
470 | AC_ARG_WITH([tss-group], | |
b295c768 | 471 | AS_HELP_STRING([--with-tss-group=TSS_GROUP],[The tss group to use]), |
c4ac0a11 SB |
472 | [TSS_GROUP="$withval"], |
473 | [TSS_GROUP="tss"] | |
474 | ) | |
aa88eebe SB |
475 | |
476 | case $have_tcsd in | |
477 | yes) | |
478 | AC_MSG_CHECKING([whether TSS_USER $TSS_USER is available]) | |
479 | if ! test $(id -u $TSS_USER); then | |
480 | AC_MSG_ERROR(["$TSS_USER is not available"]) | |
481 | else | |
482 | AC_MSG_RESULT([yes]) | |
483 | fi | |
484 | AC_MSG_CHECKING([whether TSS_GROUP $TSS_GROUP is available]) | |
485 | if ! test $(id -g $TSS_GROUP); then | |
486 | AC_MSG_ERROR(["$TSS_GROUP is not available"]) | |
487 | else | |
488 | AC_MSG_RESULT([yes]) | |
489 | fi | |
490 | ;; | |
491 | esac | |
492 | ||
c4ac0a11 SB |
493 | AC_SUBST([TSS_USER]) |
494 | AC_SUBST([TSS_GROUP]) | |
495 | ||
f163b202 SB |
496 | CFLAGS="$CFLAGS -Wreturn-type -Wsign-compare -Wswitch-enum" |
497 | CFLAGS="$CFLAGS -Wmissing-prototypes -Wall -Werror" | |
e6085e96 | 498 | CFLAGS="$CFLAGS -Wformat -Wformat-security" |
0b9c2a05 | 499 | CFLAGS="$CFLAGS $GNUTLS_CFLAGS $COVERAGE_CFLAGS $SANITIZER_CFLAGS" |
b8421f3d | 500 | |
0b9c2a05 | 501 | LDFLAGS="$LDFLAGS $COVERAGE_LDFLAGS $SANITIZER_LDFLAGS" |
f163b202 | 502 | |
f2458ef7 SB |
503 | dnl Simulate the following for systems with pkg-config < 0.28: |
504 | dnl PKG_CHECK_VAR([libtpms_cryptolib], [libtpms], [cryptolib], | |
505 | dnl [], AC_MSG_ERROR([Could not determine libtpms crypto library.])) | |
506 | PKG_PROG_PKG_CONFIG | |
507 | ||
508 | AC_MSG_CHECKING([Checking the crypto library libtpms is linked to]) | |
509 | libtpms_cryptolib=`$PKG_CONFIG --variable cryptolib libtpms` | |
33be7be2 | 510 | if test "x$libtpms_cryptolib" = "x"; then |
b4374c33 JB |
511 | AC_MSG_WARN([Could not determine the crypto library libtpms is using, assuming ${cryptolib}]) |
512 | libtpms_cryptolib=${cryptolib} | |
f2458ef7 SB |
513 | fi |
514 | AC_MSG_RESULT($libtpms_cryptolib) | |
86cc4527 SB |
515 | |
516 | if test "$libtpms_cryptolib" != "$cryptolib"; then | |
517 | echo "libtpms is using $libtpms_cryptolib; we have to use the same" | |
33be7be2 | 518 | if test "$cryptolib" = "openssl"; then |
86cc4527 SB |
519 | AC_MSG_ERROR([do not use --with-openssl]) |
520 | else | |
521 | AC_MSG_ERROR([use --with-openssl]) | |
522 | fi | |
523 | fi | |
524 | ||
c751e32e SB |
525 | with_vtpm_proxy=no |
526 | case $host_os in | |
f071d820 | 527 | linux-*) |
c751e32e SB |
528 | with_vtpm_proxy=yes |
529 | AC_DEFINE_UNQUOTED([WITH_VTPM_PROXY], 1, | |
530 | [whether to build in vTPM proxy support (Linux only)]) | |
531 | esac | |
532 | ||
6286beac SB |
533 | case $host_os in |
534 | cygwin) | |
535 | CFLAGS="$CFLAGS -D__USE_LINUX_IOCTL_DEFS" | |
536 | esac | |
537 | ||
761df6cd SB |
538 | dnl Seccomp profile using -lseccomp (Linux only) |
539 | case $host_os in | |
540 | linux-*) | |
541 | with_seccomp_default=yes | |
542 | ;; | |
543 | *) | |
544 | with_seccomp_default=no | |
545 | ;; | |
546 | esac | |
547 | ||
548 | AC_MSG_CHECKING([for whether to build with seccomp profile]) | |
549 | AC_ARG_WITH([seccomp], | |
b295c768 | 550 | AS_HELP_STRING([--with-seccomp],[build with seccomp profile]), |
0232f78f | 551 | AC_MSG_RESULT([$with_seccomp]), |
761df6cd | 552 | [with_seccomp=$with_seccomp_default] |
0232f78f | 553 | AC_MSG_RESULT([$with_seccomp]) |
761df6cd SB |
554 | ) |
555 | ||
556 | if test "$with_seccomp" != "no"; then | |
557 | LIBSECCOMP_CFLAGS=$(pkg-config libseccomp --cflags 2>/dev/null) | |
558 | if test $? -ne 0; then | |
559 | AC_MSG_ERROR("Is libseccomp-devel installed? -- could not get cflags for libseccomp") | |
560 | else | |
561 | with_libseccomp=yes | |
562 | fi | |
563 | LIBSECCOMP_LIBS=$(pkg-config --libs libseccomp) | |
564 | AC_SUBST([LIBSECCOMP_LIBS]) | |
565 | AC_SUBST([LIBSECCOMP_CFLAGS]) | |
566 | AC_DEFINE_UNQUOTED([WITH_SECCOMP], 1, | |
567 | [whether to build in seccomp profile (Linux only)]) | |
568 | fi | |
569 | ||
da733896 SB |
570 | MY_CFLAGS="$CFLAGS" |
571 | MY_LDFLAGS="$LDFLAGS" | |
572 | AC_SUBST([MY_CFLAGS]) | |
573 | AC_SUBST([MY_LDFLAGS]) | |
cbaf04b4 | 574 | |
44b92d43 SB |
575 | AC_CONFIG_FILES([Makefile \ |
576 | debian/swtpm-tools.postinst \ | |
4608cc33 | 577 | swtpm.spec \ |
e46a2b66 | 578 | samples/Makefile \ |
d16b86b7 | 579 | samples/swtpm-localca.conf \ |
a12b09b1 | 580 | samples/swtpm-create-user-config-files \ |
edfb8d8a | 581 | samples/swtpm_setup.conf \ |
f163b202 SB |
582 | include/Makefile \ |
583 | include/swtpm/Makefile \ | |
a1fa5d77 | 584 | include/swtpm.h \ |
f163b202 SB |
585 | src/Makefile \ |
586 | src/selinux/Makefile \ | |
587 | src/swtpm/Makefile \ | |
e46a2b66 SB |
588 | src/swtpm_bios/Makefile \ |
589 | src/swtpm_cert/Makefile \ | |
590 | src/swtpm_ioctl/Makefile \ | |
ddc75216 NC |
591 | src/swtpm_localca/Makefile \ |
592 | src/swtpm_localca/swtpm_localca_conf.h \ | |
e46a2b66 | 593 | src/swtpm_setup/Makefile \ |
c125e34b SB |
594 | src/swtpm_setup/swtpm_setup_conf.h \ |
595 | src/utils/Makefile \ | |
f163b202 | 596 | man/Makefile \ |
39d0c3de | 597 | man/man3/Makefile \ |
f163b202 | 598 | man/man8/Makefile \ |
e46a2b66 | 599 | tests/Makefile \ |
c4ac0a11 | 600 | tests/test_config \ |
10002933 | 601 | ]) |
fd00c5ff SB |
602 | AC_CONFIG_FILES([samples/swtpm-localca], |
603 | [chmod 755 samples/swtpm-localca]) | |
f163b202 SB |
604 | AC_OUTPUT |
605 | ||
e46a2b66 | 606 | echo |
c3fdf688 | 607 | printf "with_gnutls : %5s (no = swtpm_cert will NOT be built)\n" $with_gnutls |
040c7097 | 608 | printf "with_selinux : %5s (no = SELinux policy extensions will NOT be built)\n" $with_selinux |
c3fdf688 | 609 | printf "with_cuse : %5s (no = no CUSE interface)\n" $with_cuse |
498433f7 | 610 | printf "with_chardev : %5s (no = no chardev interface)\n" $with_chardev |
c751e32e | 611 | printf "with_vtpm_proxy : %5s (no = no vtpm proxy support; Linux only)\n" $with_vtpm_proxy |
761df6cd | 612 | printf "with_seccomp : %5s (no = no seccomp profile; Linux only)\n" $with_seccomp |
df4046d0 SB |
613 | printf "\n" |
614 | printf "active PCR banks : %s\n" $DEFAULT_PCR_BANKS | |
e46a2b66 | 615 | echo |
040c7097 SB |
616 | echo "Version to build : $PACKAGE_VERSION" |
617 | echo "Crypto library : $cryptolib" | |
10002933 | 618 | echo |
da733896 | 619 | echo " MY_CFLAGS = $MY_CFLAGS" |
b5701034 SB |
620 | echo " HARDENING_CFLAGS = $HARDENING_CFLAGS" |
621 | echo "HARDENING_LDFLAGS = $HARDENING_LDFLAGS" | |
da733896 | 622 | echo " MY_LDFLAGS = $MY_LDFLAGS" |
b5701034 SB |
623 | echo " LIBSECCOMP_LIBS = $LIBSECCOMP_LIBS" |
624 | echo " JSON_GLIB_CFLAGS = $JSON_GLIB_CFLAGS" | |
625 | echo " JSON_GLIB_LIBS = $JSON_GLIB_LIBS" | |
626 | echo " GLIB_CFLAGS = $GLIB_CFLAGS" | |
627 | echo " GLIB_LIBS = $GLIB_LIBS" | |
c4ac0a11 SB |
628 | echo |
629 | echo "TSS_USER=$TSS_USER" | |
630 | echo "TSS_GROUP=$TSS_GROUP" | |
631 | echo |