[swtpm.git] / configure.ac

#
# configure.ac
#
#       The Initial Developer of the Original Code is International
#       Business Machines Corporation. Portions created by IBM
#       Corporation are Copyright (C) 2014 International Business
#       Machines Corporation. All Rights Reserved.
#
#       This program is free software; you can redistribute it and/or modify
#       it under the terms of the Common Public License as published by
#       IBM Corporation; either version 1 of the License, or (at your option)
#       any later version.
#
#       This program is distributed in the hope that it will be useful,
#       but WITHOUT ANY WARRANTY; without even the implied warranty of
#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#       Common Public License for more details.
#
#       You should have received a copy of the Common Public License
#       along with this program; if not, a copy can be viewed at
#       http://www.opensource.org/licenses/cpl1.0.php.
#
#       This file is derived from tpm-tool's configure.in.
#

AC_INIT(swtpm, 0.1.0)
AC_PREREQ(2.12)
AC_CONFIG_SRCDIR(Makefile.am)
AC_CONFIG_HEADER(config.h)

SWTPM_VER_MAJOR=`echo $PACKAGE_VERSION | cut -d "." -f1`
SWTPM_VER_MINOR=`echo $PACKAGE_VERSION | cut -d "." -f2`
SWTPM_VER_MICRO=`echo $PACKAGE_VERSION | cut -d "." -f3`

AC_SUBST([SWTPM_VER_MAJOR])
AC_SUBST([SWTPM_VER_MINOR])
AC_SUBST([SWTPM_VER_MICRO])

dnl Check for programs
AC_PROG_CC
AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_LIBTOOL

AC_CONFIG_MACRO_DIR([m4])
AC_CANONICAL_TARGET
AM_INIT_AUTOMAKE([foreign 1.6])

DEBUG=""
AC_MSG_CHECKING([for debug-enabled build])
AC_ARG_ENABLE(debug, AC_HELP_STRING([--enable-debug], [create a debug build]),
  [if test "$enableval" = "yes"; then
     DEBUG="yes"
     AC_MSG_RESULT([yes])
   else
     DEBUG="no"
     AC_MSG_RESULT([no])
   fi],
  [DEBUG="no",
   AC_MSG_RESULT([no])])

# If the user has not set CFLAGS, do something appropriate
test_CFLAGS=${CFLAGS+set}
if test "$test_CFLAGS" != set; then
	if test "$DEBUG" == "yes"; then
		CFLAGS="-O0 -g -DDEBUG"
	else
		CFLAGS="-g -O2"
	fi
elif test "$DEBUG" == "yes"; then
	CFLAGS="$CFLAGS -O0 -g -DDEBUG"
fi

AC_HEADER_STDC
AC_C_CONST
AC_C_INLINE

AC_TYPE_SIZE_T
AC_TYPE_SIGNAL

AC_PROG_CC
AC_PROG_INSTALL
AC_PROG_MKDIR_P

AC_ARG_WITH([selinux],
   AS_HELP_STRING([--with-selinux],
      [add SELinux policy extensions @<:@default=check@:>@]))
m4_divert_text([DEFAULTS], [with_selinux=check])

dnl Check for SELinux policy support

if test "$with_selinux" != "no"; then
    if test "$with_selinux" = "check" || test "$with_selinux" = "yes"; then
        if ! test -f /usr/share/selinux/devel/Makefile; then
            if test "$with_selinux" = "yes"; then
                AC_MSG_ERROR("Is selinux-policy-devel installed?")
            else
                with_selinux="no"
            fi
        fi
        AC_PATH_PROG([SEMODULE], semodule)
        if test "x$SEMODULE" == "x"; then
            if test "$with_selinux" = "yes"; then
	        AC_MSG_ERROR("Is selinux-policy-devel installed?")
	    else
	        with_selinux="no"
	    fi
        fi
        if test "$with_selinux" = "check"; then
            with_selinux="yes"
        fi
    fi
fi
AM_CONDITIONAL([WITH_SELINUX], [test "x$with_selinux" == "xyes"])

GLIB_CFLAGS=$(pkg-config --cflags glib-2.0)
if test $? -ne 0; then
	AC_MSG_ERROR("Is glib-2.0 installed? -- could not get cflags")
fi
AC_SUBST([GLIB_CFLAGS])

GLIB_LIBS=$(pkg-config --libs glib-2.0)
if test $? -ne 0; then
	AC_MSG_ERROR("Is glib-2.0 installed? -- could not get libs")
fi
AC_SUBST([GLIB_LIBS])

GTHREAD_LIBS=$(pkg-config --libs gthread-2.0)
if test $? -ne 0; then
	AC_MSG_ERROR("Is glib-2.0 installed? -- could not get libs for gthread-2.0")
fi
AC_SUBST([GTHREAD_LIBS])

cryptolib=freebl

AC_ARG_WITH([openssl],
            AC_HELP_STRING([--with-openssl],
                           [build with openssl library]),
              [AC_CHECK_LIB(crypto,
                            [AES_set_encrypt_key],
                            [],
                            AC_MSG_ERROR(Faulty openssl crypto library))
               AC_CHECK_HEADERS([openssl/aes.h],[],
                            AC_MSG_ERROR(Is openssl-devel/libssl-dev installed?))
               AC_MSG_RESULT([Building with openssl crypto library])
               cryptolib=openssl
              ]
)

case "$cryptolib" in
freebl)
    AM_CONDITIONAL(SWTPM_USE_FREEBL, true)
    AM_CONDITIONAL(SWTPM_USE_OPENSSL, false)
    AC_DEFINE([USE_FREEBL_CRYPTO_LIBRARY],
              [1],
              [use freebl crypto library])

    NSPR_CFLAGS=$(nspr-config --cflags)
    if test $? -ne 0; then
        AC_MSG_ERROR("Could not find nspr-config. Is nspr-devel/libnspr4-dev installed?")
    fi
    AC_SUBST([NSPR_CFLAGS])

    NSS_CFLAGS=$(nss-config --cflags)
    if test $? -ne 0; then
        AC_MSG_ERROR("Could not find nss-config. Is nss-devel/libnss3-dev installed?")
    fi
    AC_SUBST([NSS_CFLAGS])

    NSS_LIBS=$(nss-config --libs)
    if test $? -ne 0; then
        AC_MSG_ERROR("Is nss-devel/libnss3-dev installed? -- could not get libs for nss")
    fi
    dnl On RHEL 7 ppc64 we need an explicit -lfreebl
    NSS_LIBS="$NSS_LIBS -lfreebl"
    AC_SUBST([NSS_LIBS])

    CPPFLAGS="$NSS_CFLAGS $NSPR_CFLAGS"
    AC_CHECK_HEADERS([sslerr.h],[],
                     AC_MSG_ERROR(nss-devel/libnss3-dev is bad))

    # Check for missing headers
    CFLAGS_save="$CFLAGS"
    CFLAGS="$NSS_CFLAGS $NSPR_CFLAGS"
    AC_CHECK_HEADERS([blapi.h],[],
                     AC_MSG_ERROR(nss-softokn-freebl-devel/libnss3-dev is missing blapi.h))
    # Check for missing freebl library or missing library functions
    LIBS_save="$LIBS"
    LIBS="$(nss-config --libs) $(nspr-config --libs)"
    AC_SEARCH_LIBS([AES_CreateContext], [freebl],[],
                   AC_MSG_ERROR("Could not find AES_CreateContext(). Is nss-softokn-freebl-devel/libnss3-dev installed?"),
                   [])
    LIBS="$LIBS_save"
    CPPFLAGS=""
    CFLAGS="$CFLAGS_save"

    ;;
openssl)
    AM_CONDITIONAL(SWTPM_USE_FREEBL, false)
    AM_CONDITIONAL(SWTPM_USE_OPENSSL, true)
    AC_DEFINE([USE_OPENSSL_CRYPTO_LIBRARY],
              [1],
              [use openssl crypto library])
    ;;
esac

LIBTASN1_LIBS=$(pkg-config --libs libtasn1)
if test $? -ne 0; then
	AC_MSG_ERROR("Is libtasn1-devel installed? -- could not get libs for libtasn1")
fi
AC_SUBST([LIBTASN1_LIBS])

LIBTPMS_LIBS=$(pkg-config --libs libtpms)
if test $? -ne 0; then
	AC_MSG_ERROR("Is libtpms-devel installed? -- could not get libs for libtpms")
fi
AC_SUBST([LIBTPMS_LIBS])

AC_PATH_PROG([TPM_NVDEFINE], tpm_nvdefine)
if test "x$TPM_NVDEFINE" == "x"; then
	AC_MSG_ERROR([NVRAM area tools are need: tpm-tools package])
fi

LIBFUSE_CFLAGS=$(pkg-config fuse --cflags)
if test $? -ne 0; then
	AC_MSG_ERROR("Is fuse-devel installed? -- could not get cflags for libfuse")
fi
AC_SUBST([LIBFUSE_CFLAGS])

LIBFUSE_LIBS=$(pkg-config fuse --libs)
if test $? -ne 0; then
	AC_MSG_ERROR("Is fuse-devel installed? -- could not get libs for libfuse")
fi
AC_SUBST([LIBFUSE_LIBS])

AC_ARG_WITH([gnutls],
            AC_HELP_STRING([--with-gnutls],
                           [build with gnutls library]),
            [],
            [with_gnutls=check]
)

if test "x$with_gnutls" != "xno"; then
    GNUTLS_LDFLAGS=$(pkg-config --libs gnutls)
    if test $? -ne 0; then
        if "x$with_gnutls" == "xyes"; then
            AC_MSG_ERROR("Is gnutls installed? -- could not get libs for gnutls")
        else
            with_gnutls=no
        fi
    fi
fi

if test "x$with_gnutls" != "xno"; then
    GNUTLS_CFLAGS=$(pkg-config gnutls --cflags)
    AC_CHECK_LIB([gnutls], [gnutls_load_file], [
                 GNUTLS_LIBS=-lgnutls
             ],
             [if test "x$with_gnutls" == "xyes"; then
                 AC_MSG_ERROR([GNUTLS >= 3.1.0 library not found: libgnutls.so])
              else
                 with_gnutls="no"
              fi])
fi

if test "x$with_gnutls" != "xno"; then
    AC_CHECK_HEADER(gnutls/abstract.h, [], \
             [if test "x$with_gnutls" == "xyes"; then
                 AC_MSG_ERROR([GNUTLS >= 3.1.0 library header not found: gnutls/abstract.h])
              else
                 with_gnutls="no"
              fi])
fi

if test "x$with_gnutls" != "xno"; then
    with_gnutls="yes"
fi
AM_CONDITIONAL([WITH_GNUTLS], [test "x$with_gnutls" == "xyes"])
AC_SUBST([GNUTLS_LIBS])

AC_PATH_PROG([EXPECT], expect)
if test "x$EXPECT" == "x"; then
	AC_MSG_ERROR([expect is required: expect package])
fi

AC_PATH_PROG([GAWK], gawk)
if test "x$GAWK" == "x"; then
	AC_MSG_ERROR([gawk is required: gawk package])
fi

AC_PATH_PROG([SOCAT], socat)
if test "x$SOCAT" == "x"; then
	AC_MSG_ERROR([socat is required: socat package])
fi

TMP="$($CC -fstack-protector-strong 2>&1)"
if echo $TMP | $GREP 'unrecognized command line option' >/dev/null; then
  HARDENING_CFLAGS="-fstack-protector -Wstack-protector "
else
  HARDENING_CFLAGS="-fstack-protector-strong -Wstack-protector "
fi

dnl Must not have -O0 but must have a -O for -D_FORTIFY_SOURCE=2
TMP1="$(echo $CFLAGS | sed -n 's/.*\(-O0\).*/\1/p')"
TMP2="$(echo $CFLAGS | sed -n 's/.*\(-O\).*/\1/p')"
if test -z "$TMP1" && test -n "$TPM2"; then
    HARDENING_CFLAGS+="-D_FORTIFY_SOURCE=2 "
fi
dnl Check ld for 'relro' and 'now'
if $LD --help 2>&1 | $GREP '\-z relro ' > /dev/null; then
  HARDENING_CFLAGS+="-Wl,-z,relro "
fi
if $LD --help 2>&1 | $GREP '\-z now ' > /dev/null; then
  HARDENING_CFLAGS+="-Wl,-z,now "
fi
AC_SUBST([HARDENING_CFLAGS])

AC_ARG_WITH([tss-user],
            AC_HELP_STRING([--with-tss-user=TSS_USER],
                           [The tss user to use]),
            [TSS_USER="$withval"],
            [TSS_USER="tss"]
)

AC_ARG_WITH([tss-group],
            AC_HELP_STRING([--with-tss-group=TSS_GROUP],
                           [The tss group to use]),
            [TSS_GROUP="$withval"],
            [TSS_GROUP="tss"]
)
AC_SUBST([TSS_USER])
AC_SUBST([TSS_GROUP])

CFLAGS="$CFLAGS -Wreturn-type -Wsign-compare -Wswitch-enum"
CFLAGS="$CFLAGS -Wmissing-prototypes -Wall -Werror"
CFLAGS="$CFLAGS -Wformat -Wformat-security"

AC_CONFIG_FILES([Makefile                    \
		dist/swtpm.spec             \
		etc/Makefile                \
		samples/Makefile            \
		include/Makefile            \
		include/swtpm/Makefile      \
		include/swtpm.h             \
		src/Makefile                \
		src/selinux/Makefile        \
		src/swtpm/Makefile          \
		src/swtpm_bios/Makefile     \
		src/swtpm_cert/Makefile     \
		src/swtpm_ioctl/Makefile    \
		src/swtpm_setup/Makefile    \
		src/swtpm_setup/swtpm_setup.h  \
		man/Makefile                \
		man/man3/Makefile           \
		man/man8/Makefile           \
		tests/Makefile              \
		tests/test_config           \
		])
AC_CONFIG_FILES([src/swtpm_setup/swtpm_setup.sh],
		[chmod 755 src/swtpm_setup/swtpm_setup.sh])
AC_OUTPUT

echo
printf "with_gnutls : %5s  (no = swtpm_cert will NOT be built)\n" $with_gnutls
printf "with_selinux: %5s  (no = SELinux policy extenions will NOT be build)\n" $with_selinux
echo
echo "cryptolib: $cryptolib"
echo
echo "CFLAGS=$CFLAGS"
echo "HARDENING_CFLAGS=$HARDENING_CFLAGS"
echo "LDFLAGS=$LDFLAGS"
echo
echo "TSS_USER=$TSS_USER"
echo "TSS_GROUP=$TSS_GROUP"
echo
Commit	Line	Data
f163b202 SB	1	#
	2	# configure.ac
	3	#
	4	# The Initial Developer of the Original Code is International
	5	# Business Machines Corporation. Portions created by IBM
	6	# Corporation are Copyright (C) 2014 International Business
	7	# Machines Corporation. All Rights Reserved.
	8	#
	9	# This program is free software; you can redistribute it and/or modify
	10	# it under the terms of the Common Public License as published by
	11	# IBM Corporation; either version 1 of the License, or (at your option)
	12	# any later version.
	13	#
	14	# This program is distributed in the hope that it will be useful,
	15	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	17	# Common Public License for more details.
	18	#
	19	# You should have received a copy of the Common Public License
	20	# along with this program; if not, a copy can be viewed at
	21	# http://www.opensource.org/licenses/cpl1.0.php.
	22	#
	23	# This file is derived from tpm-tool's configure.in.
	24	#
	25
	26	AC_INIT(swtpm, 0.1.0)
	27	AC_PREREQ(2.12)
	28	AC_CONFIG_SRCDIR(Makefile.am)
	29	AC_CONFIG_HEADER(config.h)
	30
	31	SWTPM_VER_MAJOR=`echo $PACKAGE_VERSION \| cut -d "." -f1`
	32	SWTPM_VER_MINOR=`echo $PACKAGE_VERSION \| cut -d "." -f2`
	33	SWTPM_VER_MICRO=`echo $PACKAGE_VERSION \| cut -d "." -f3`
	34
	35	AC_SUBST([SWTPM_VER_MAJOR])
	36	AC_SUBST([SWTPM_VER_MINOR])
	37	AC_SUBST([SWTPM_VER_MICRO])
	38
	39	dnl Check for programs
	40	AC_PROG_CC
	41	AC_PROG_INSTALL
	42	AC_PROG_LN_S
	43	AC_PROG_LIBTOOL
	44
f163b202 SB	45	AC_CONFIG_MACRO_DIR([m4])
	46	AC_CANONICAL_TARGET
	47	AM_INIT_AUTOMAKE([foreign 1.6])
	48
	49	DEBUG=""
	50	AC_MSG_CHECKING([for debug-enabled build])
	51	AC_ARG_ENABLE(debug, AC_HELP_STRING([--enable-debug], [create a debug build]),
	52	[if test "$enableval" = "yes"; then
	53	DEBUG="yes"
	54	AC_MSG_RESULT([yes])
	55	else
	56	DEBUG="no"
	57	AC_MSG_RESULT([no])
	58	fi],
	59	[DEBUG="no",
	60	AC_MSG_RESULT([no])])
	61
	62	# If the user has not set CFLAGS, do something appropriate
	63	test_CFLAGS=${CFLAGS+set}
	64	if test "$test_CFLAGS" != set; then
	65	if test "$DEBUG" == "yes"; then
	66	CFLAGS="-O0 -g -DDEBUG"
	67	else
	68	CFLAGS="-g -O2"
	69	fi
	70	elif test "$DEBUG" == "yes"; then
	71	CFLAGS="$CFLAGS -O0 -g -DDEBUG"
	72	fi
	73
e46a2b66 SB	74	AC_HEADER_STDC
	75	AC_C_CONST
	76	AC_C_INLINE
	77
	78	AC_TYPE_SIZE_T
	79	AC_TYPE_SIGNAL
	80
baecda40 SB	81	AC_PROG_CC
baecda40 SB	82	AC_PROG_INSTALL
3cb54a5d	83	AC_PROG_MKDIR_P
e46a2b66	84
ec37bb56 SB	85	AC_ARG_WITH([selinux],
	86	AS_HELP_STRING([--with-selinux],
	87	[add SELinux policy extensions @<:@default=check@:>@]))
	88	m4_divert_text([DEFAULTS], [with_selinux=check])
	89
	90	dnl Check for SELinux policy support
	91
	92	if test "$with_selinux" != "no"; then
	93	if test "$with_selinux" = "check" \|\| test "$with_selinux" = "yes"; then
	94	if ! test -f /usr/share/selinux/devel/Makefile; then
	95	if test "$with_selinux" = "yes"; then
	96	AC_MSG_ERROR("Is selinux-policy-devel installed?")
	97	else
	98	with_selinux="no"
	99	fi
	100	fi
	101	AC_PATH_PROG([SEMODULE], semodule)
	102	if test "x$SEMODULE" == "x"; then
	103	if test "$with_selinux" = "yes"; then
	104	AC_MSG_ERROR("Is selinux-policy-devel installed?")
	105	else
	106	with_selinux="no"
	107	fi
	108	fi
	109	if test "$with_selinux" = "check"; then
	110	with_selinux="yes"
	111	fi
	112	fi
	113	fi
	114	AM_CONDITIONAL([WITH_SELINUX], [test "x$with_selinux" == "xyes"])
	115
f163b202 SB	116	GLIB_CFLAGS=$(pkg-config --cflags glib-2.0)
	117	if test $? -ne 0; then
	118	AC_MSG_ERROR("Is glib-2.0 installed? -- could not get cflags")
	119	fi
baecda40	120	AC_SUBST([GLIB_CFLAGS])
f163b202	121
baecda40	122	GLIB_LIBS=$(pkg-config --libs glib-2.0)
f163b202 SB	123	if test $? -ne 0; then
	124	AC_MSG_ERROR("Is glib-2.0 installed? -- could not get libs")
	125	fi
baecda40	126	AC_SUBST([GLIB_LIBS])
f163b202	127
baecda40	128	GTHREAD_LIBS=$(pkg-config --libs gthread-2.0)
f163b202 SB	129	if test $? -ne 0; then
	130	AC_MSG_ERROR("Is glib-2.0 installed? -- could not get libs for gthread-2.0")
	131	fi
baecda40	132	AC_SUBST([GTHREAD_LIBS])
f163b202	133
3bbdd7bc SB	134	cryptolib=freebl
	135
	136	AC_ARG_WITH([openssl],
	137	AC_HELP_STRING([--with-openssl],
213677a2	138	[build with openssl library]),
3bbdd7bc SB	139	[AC_CHECK_LIB(crypto,
	140	[AES_set_encrypt_key],
	141	[],
	142	AC_MSG_ERROR(Faulty openssl crypto library))
	143	AC_CHECK_HEADERS([openssl/aes.h],[],
	144	AC_MSG_ERROR(Is openssl-devel/libssl-dev installed?))
	145	AC_MSG_RESULT([Building with openssl crypto library])
	146	cryptolib=openssl
	147	]
	148	)
	149
	150	case "$cryptolib" in
	151	freebl)
	152	AM_CONDITIONAL(SWTPM_USE_FREEBL, true)
	153	AM_CONDITIONAL(SWTPM_USE_OPENSSL, false)
	154	AC_DEFINE([USE_FREEBL_CRYPTO_LIBRARY],
	155	[1],
	156	[use freebl crypto library])
	157
	158	NSPR_CFLAGS=$(nspr-config --cflags)
	159	if test $? -ne 0; then
	160	AC_MSG_ERROR("Could not find nspr-config. Is nspr-devel/libnspr4-dev installed?")
	161	fi
	162	AC_SUBST([NSPR_CFLAGS])
	163
	164	NSS_CFLAGS=$(nss-config --cflags)
	165	if test $? -ne 0; then
	166	AC_MSG_ERROR("Could not find nss-config. Is nss-devel/libnss3-dev installed?")
	167	fi
	168	AC_SUBST([NSS_CFLAGS])
	169
	170	NSS_LIBS=$(nss-config --libs)
	171	if test $? -ne 0; then
	172	AC_MSG_ERROR("Is nss-devel/libnss3-dev installed? -- could not get libs for nss")
	173	fi
	174	dnl On RHEL 7 ppc64 we need an explicit -lfreebl
	175	NSS_LIBS="$NSS_LIBS -lfreebl"
	176	AC_SUBST([NSS_LIBS])
	177
	178	CPPFLAGS="$NSS_CFLAGS $NSPR_CFLAGS"
	179	AC_CHECK_HEADERS([sslerr.h],[],
	180	AC_MSG_ERROR(nss-devel/libnss3-dev is bad))
	181
	182	# Check for missing headers
	183	CFLAGS_save="$CFLAGS"
	184	CFLAGS="$NSS_CFLAGS $NSPR_CFLAGS"
	185	AC_CHECK_HEADERS([blapi.h],[],
	186	AC_MSG_ERROR(nss-softokn-freebl-devel/libnss3-dev is missing blapi.h))
	187	# Check for missing freebl library or missing library functions
	188	LIBS_save="$LIBS"
	189	LIBS="$(nss-config --libs) $(nspr-config --libs)"
	190	AC_SEARCH_LIBS([AES_CreateContext], [freebl],[],
	191	AC_MSG_ERROR("Could not find AES_CreateContext(). Is nss-softokn-freebl-devel/libnss3-dev installed?"),
	192	[])
	193	LIBS="$LIBS_save"
	194	CPPFLAGS=""
	195	CFLAGS="$CFLAGS_save"
	196
	197	;;
	198	openssl)
	199	AM_CONDITIONAL(SWTPM_USE_FREEBL, false)
	200	AM_CONDITIONAL(SWTPM_USE_OPENSSL, true)
	201	AC_DEFINE([USE_OPENSSL_CRYPTO_LIBRARY],
	202	[1],
203	[use openssl crypto library])
204	;;
205	esac
833a5416	206
baecda40 SB	207	LIBTASN1_LIBS=$(pkg-config --libs libtasn1)
	208	if test $? -ne 0; then
	209	AC_MSG_ERROR("Is libtasn1-devel installed? -- could not get libs for libtasn1")
	210	fi
	211	AC_SUBST([LIBTASN1_LIBS])
f163b202	212
baecda40 SB	213	LIBTPMS_LIBS=$(pkg-config --libs libtpms)
	214	if test $? -ne 0; then
	215	AC_MSG_ERROR("Is libtpms-devel installed? -- could not get libs for libtpms")
	216	fi
	217	AC_SUBST([LIBTPMS_LIBS])
f163b202	218
e46a2b66 SB	219	AC_PATH_PROG([TPM_NVDEFINE], tpm_nvdefine)
	220	if test "x$TPM_NVDEFINE" == "x"; then
	221	AC_MSG_ERROR([NVRAM area tools are need: tpm-tools package])
	222	fi
	223
baecda40 SB	224	LIBFUSE_CFLAGS=$(pkg-config fuse --cflags)
	225	if test $? -ne 0; then
	226	AC_MSG_ERROR("Is fuse-devel installed? -- could not get cflags for libfuse")
	227	fi
	228	AC_SUBST([LIBFUSE_CFLAGS])
f163b202	229
baecda40 SB	230	LIBFUSE_LIBS=$(pkg-config fuse --libs)
	231	if test $? -ne 0; then
	232	AC_MSG_ERROR("Is fuse-devel installed? -- could not get libs for libfuse")
	233	fi
	234	AC_SUBST([LIBFUSE_LIBS])
f163b202	235
10002933 SB	236	AC_ARG_WITH([gnutls],
	237	AC_HELP_STRING([--with-gnutls],
	238	[build with gnutls library]),
	239	[],
	240	[with_gnutls=check]
	241	)
	242
e46a2b66 SB	243	if test "x$with_gnutls" != "xno"; then
	244	GNUTLS_LDFLAGS=$(pkg-config --libs gnutls)
	245	if test $? -ne 0; then
	246	if "x$with_gnutls" == "xyes"; then
	247	AC_MSG_ERROR("Is gnutls installed? -- could not get libs for gnutls")
	248	else
	249	with_gnutls=no
	250	fi
	251	fi
	252	fi
f163b202	253
e46a2b66	254	if test "x$with_gnutls" != "xno"; then
baecda40	255	GNUTLS_CFLAGS=$(pkg-config gnutls --cflags)
10002933	256	AC_CHECK_LIB([gnutls], [gnutls_load_file], [
baecda40 SB	257	GNUTLS_LIBS=-lgnutls
baecda40 SB	258	],
e46a2b66 SB	259	[if test "x$with_gnutls" == "xyes"; then
	260	AC_MSG_ERROR([GNUTLS >= 3.1.0 library not found: libgnutls.so])
	261	else
	262	with_gnutls="no"
	263	fi])
	264	fi
	265
	266	if test "x$with_gnutls" != "xno"; then
	267	AC_CHECK_HEADER(gnutls/abstract.h, [], \
	268	[if test "x$with_gnutls" == "xyes"; then
	269	AC_MSG_ERROR([GNUTLS >= 3.1.0 library header not found: gnutls/abstract.h])
	270	else
	271	with_gnutls="no"
	272	fi])
	273	fi
	274
	275	if test "x$with_gnutls" != "xno"; then
	276	with_gnutls="yes"
	277	fi
	278	AM_CONDITIONAL([WITH_GNUTLS], [test "x$with_gnutls" == "xyes"])
baecda40	279	AC_SUBST([GNUTLS_LIBS])
f163b202	280
48abfbb1 SB	281	AC_PATH_PROG([EXPECT], expect)
	282	if test "x$EXPECT" == "x"; then
	283	AC_MSG_ERROR([expect is required: expect package])
	284	fi
	285
b080afb5 SB	286	AC_PATH_PROG([GAWK], gawk)
	287	if test "x$GAWK" == "x"; then
	288	AC_MSG_ERROR([gawk is required: gawk package])
	289	fi
	290
8cb126e4 SB	291	AC_PATH_PROG([SOCAT], socat)
	292	if test "x$SOCAT" == "x"; then
	293	AC_MSG_ERROR([socat is required: socat package])
	294	fi
	295
08f1e70d SB	296	TMP="$($CC -fstack-protector-strong 2>&1)"
	297	if echo $TMP \| $GREP 'unrecognized command line option' >/dev/null; then
	298	HARDENING_CFLAGS="-fstack-protector -Wstack-protector "
f77427eb	299	else
08f1e70d	300	HARDENING_CFLAGS="-fstack-protector-strong -Wstack-protector "
f77427eb	301	fi
a76b4eeb SB	302
	303	dnl Must not have -O0 but must have a -O for -D_FORTIFY_SOURCE=2
	304	TMP1="$(echo $CFLAGS \| sed -n 's/.\(-O0\)./\1/p')"
	305	TMP2="$(echo $CFLAGS \| sed -n 's/.\(-O\)./\1/p')"
	306	if test -z "$TMP1" && test -n "$TPM2"; then
	307	HARDENING_CFLAGS+="-D_FORTIFY_SOURCE=2 "
	308	fi
	309	dnl Check ld for 'relro' and 'now'
	310	if $LD --help 2>&1 \| $GREP '\-z relro ' > /dev/null; then
	311	HARDENING_CFLAGS+="-Wl,-z,relro "
	312	fi
	313	if $LD --help 2>&1 \| $GREP '\-z now ' > /dev/null; then
	314	HARDENING_CFLAGS+="-Wl,-z,now "
	315	fi
e6085e96 SB	316	AC_SUBST([HARDENING_CFLAGS])
e6085e96 SB	317
c4ac0a11 SB	318	AC_ARG_WITH([tss-user],
	319	AC_HELP_STRING([--with-tss-user=TSS_USER],
	320	[The tss user to use]),
	321	[TSS_USER="$withval"],
	322	[TSS_USER="tss"]
	323	)
	324
	325	AC_ARG_WITH([tss-group],
	326	AC_HELP_STRING([--with-tss-group=TSS_GROUP],
	327	[The tss group to use]),
	328	[TSS_GROUP="$withval"],
	329	[TSS_GROUP="tss"]
	330	)
	331	AC_SUBST([TSS_USER])
	332	AC_SUBST([TSS_GROUP])
	333
f163b202 SB	334	CFLAGS="$CFLAGS -Wreturn-type -Wsign-compare -Wswitch-enum"
f163b202 SB	335	CFLAGS="$CFLAGS -Wmissing-prototypes -Wall -Werror"
e6085e96	336	CFLAGS="$CFLAGS -Wformat -Wformat-security"
f163b202	337
58774fd6	338	AC_CONFIG_FILES([Makefile \
f163b202	339	dist/swtpm.spec \
e46a2b66 SB	340	etc/Makefile \
e46a2b66 SB	341	samples/Makefile \
f163b202 SB	342	include/Makefile \
f163b202 SB	343	include/swtpm/Makefile \
a1fa5d77	344	include/swtpm.h \
f163b202 SB	345	src/Makefile \
	346	src/selinux/Makefile \
	347	src/swtpm/Makefile \
e46a2b66 SB	348	src/swtpm_bios/Makefile \
	349	src/swtpm_cert/Makefile \
	350	src/swtpm_ioctl/Makefile \
	351	src/swtpm_setup/Makefile \
c4ac0a11	352	src/swtpm_setup/swtpm_setup.h \
f163b202	353	man/Makefile \
39d0c3de	354	man/man3/Makefile \
f163b202	355	man/man8/Makefile \
e46a2b66	356	tests/Makefile \
c4ac0a11	357	tests/test_config \
10002933 SB	358	])
	359	AC_CONFIG_FILES([src/swtpm_setup/swtpm_setup.sh],
	360	[chmod 755 src/swtpm_setup/swtpm_setup.sh])
f163b202 SB	361	AC_OUTPUT
f163b202 SB	362
e46a2b66	363	echo
ec37bb56 SB	364	printf "with_gnutls : %5s (no = swtpm_cert will NOT be built)\n" $with_gnutls
ec37bb56 SB	365	printf "with_selinux: %5s (no = SELinux policy extenions will NOT be build)\n" $with_selinux
e46a2b66	366	echo
10002933 SB	367	echo "cryptolib: $cryptolib"
10002933 SB	368	echo
f163b202	369	echo "CFLAGS=$CFLAGS"
a76b4eeb	370	echo "HARDENING_CFLAGS=$HARDENING_CFLAGS"
f163b202	371	echo "LDFLAGS=$LDFLAGS"
c4ac0a11 SB	372	echo
	373	echo "TSS_USER=$TSS_USER"
	374	echo "TSS_GROUP=$TSS_GROUP"
	375	echo