[swtpm.git] / configure.ac

#
# configure.ac
#
#       The Initial Developer of the Original Code is International
#       Business Machines Corporation. Portions created by IBM
#       Corporation are Copyright (C) 2014 International Business
#       Machines Corporation. All Rights Reserved.
#
#       This program is free software; you can redistribute it and/or modify
#       it under the terms of the Common Public License as published by
#       IBM Corporation; either version 1 of the License, or (at your option)
#       any later version.
#
#       This program is distributed in the hope that it will be useful,
#       but WITHOUT ANY WARRANTY; without even the implied warranty of
#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#       Common Public License for more details.
#
#       You should have received a copy of the Common Public License
#       along with this program; if not, a copy can be viewed at
#       http://www.opensource.org/licenses/cpl1.0.php.
#
#       This file is derived from tpm-tool's configure.in.
#

AC_INIT(swtpm, 0.2.0)
AC_PREREQ(2.12)
AC_CONFIG_SRCDIR(Makefile.am)
AC_CONFIG_HEADER(config.h)

SWTPM_VER_MAJOR=`echo $PACKAGE_VERSION | cut -d "." -f1`
SWTPM_VER_MINOR=`echo $PACKAGE_VERSION | cut -d "." -f2`
SWTPM_VER_MICRO=`echo $PACKAGE_VERSION | cut -d "." -f3`

AC_SUBST([SWTPM_VER_MAJOR])
AC_SUBST([SWTPM_VER_MINOR])
AC_SUBST([SWTPM_VER_MICRO])

dnl Check for programs
AC_PROG_CC
AC_PROG_INSTALL
AC_PROG_LN_S
LT_INIT

AC_CONFIG_MACRO_DIR([m4])
AC_CANONICAL_TARGET
AC_CANONICAL_HOST
AM_INIT_AUTOMAKE([foreign 1.6])

DEBUG=""
AC_MSG_CHECKING([for debug-enabled build])
AC_ARG_ENABLE(debug, AC_HELP_STRING([--enable-debug], [create a debug build]),
  [if test "$enableval" = "yes"; then
     DEBUG="yes"
     AC_MSG_RESULT([yes])
   else
     DEBUG="no"
     AC_MSG_RESULT([no])
   fi],
  [DEBUG="no",
   AC_MSG_RESULT([no])])

# If the user has not set CFLAGS, do something appropriate
test_CFLAGS=${CFLAGS+set}
if test "$test_CFLAGS" != set; then
	if test "$DEBUG" = "yes"; then
		CFLAGS="-O0 -g -DDEBUG"
	else
		CFLAGS="-g -O2"
	fi
elif test "$DEBUG" = "yes"; then
	CFLAGS="$CFLAGS -O0 -g -DDEBUG"
fi

AC_HEADER_STDC
AC_C_CONST
AC_C_INLINE

AC_TYPE_SIZE_T
AC_TYPE_SIGNAL

AC_PROG_CC
AC_PROG_INSTALL
AC_PROG_MKDIR_P

AC_ARG_WITH([selinux],
   AS_HELP_STRING([--with-selinux],
      [add SELinux policy extensions @<:@default=check@:>@]))
m4_divert_text([DEFAULTS], [with_selinux=check])

dnl Check for SELinux policy support

if test "$with_selinux" != "no"; then
    if test "$with_selinux" = "check" || test "$with_selinux" = "yes"; then
        if ! test -f /usr/share/selinux/devel/Makefile; then
            if test "$with_selinux" = "yes"; then
                AC_MSG_ERROR("Is selinux-policy-devel installed?")
            else
                with_selinux="no"
            fi
        fi
        AC_PATH_PROG([SEMODULE], semodule)
        if test "x$SEMODULE" = "x"; then
            if test "$with_selinux" = "yes"; then
	        AC_MSG_ERROR("Is selinux-policy-devel installed?")
	    else
	        with_selinux="no"
	    fi
        fi
        if test "$with_selinux" = "check"; then
            with_selinux="yes"
        fi
    fi
fi
AM_CONDITIONAL([WITH_SELINUX], [test "x$with_selinux" = "xyes"])

if test "$prefix" = "/usr" && test "$sysconfdir" = '${prefix}/etc'; then
	sysconfdir="/etc"
fi
if test "$prefix" = "" && test "$datarootdir" = '${prefix}/share'; then
	datarootdir="/usr/share"
fi
if test "$prefix" = "/usr" && test "$localstatedir" = '${prefix}/var'; then
	localstatedir="/var"
fi
SYSCONFDIR=`eval echo $sysconfdir`
DATAROOTDIR=`eval echo $datarootdir`
LOCALSTATEDIR=`eval echo $localstatedir`
AC_SUBST([SYSCONFDIR])
AC_SUBST([DATAROOTDIR])
AC_SUBST([LOCALSTATEDIR])

cryptolib=openssl

AC_ARG_WITH([openssl],
            [AS_HELP_STRING([--with-openssl],
                           [build with openssl library])],
            [],
            [])

case "$cryptolib" in
openssl)
	AC_CHECK_LIB(crypto,
		      [AES_set_encrypt_key],
		      [true],
		      AC_MSG_ERROR(Faulty openssl crypto library))
	AC_CHECK_HEADERS([openssl/aes.h],[],
			 AC_MSG_ERROR(Is openssl-devel/libssl-dev installed?))
	AC_MSG_RESULT([Building with openssl crypto library])
	;;
esac

LIBTASN1_LIBS=$(pkg-config --libs libtasn1)
if test $? -ne 0; then
	AC_MSG_ERROR("Is libtasn1-devel installed? -- could not get libs for libtasn1")
fi
AC_SUBST([LIBTASN1_LIBS])

LIBTPMS_LIBS=$(pkg-config --libs libtpms)
if test $? -ne 0; then
	AC_MSG_ERROR("Is libtpms-devel installed? -- could not get libs for libtpms")
fi
AC_CHECK_LIB(tpms,
             TPMLIB_ChooseTPMVersion,[true],
             AC_MSG_ERROR("libtpms 0.6 or later is required")
)
AC_SUBST([LIBTPMS_LIBS])

AC_CHECK_LIB(c, clock_gettime, LIBRT_LIBS="", LIBRT_LIBS="-lrt")
AC_SUBST([LIBRT_LIBS])

AC_PATH_PROG([TPM_NVDEFINE], tpm_nvdefine)
if test "x$TPM_NVDEFINE" = "x"; then
    have_tcsd=no
    AC_MSG_WARN([NVRAM area tools are needed for TPM 1.2 certificate injection: tpm-tools package])
else
    have_tcsd=yes
fi
with_swtpm_setup=yes
AM_CONDITIONAL([HAVE_TCSD], test "$have_tcsd" != "no")

dnl If we have the tcsd package, we can build swtpm_setup, but need netstat also
AC_PATH_PROG([NETSTAT], [netstat])
case $host_os in
linux-*)
    if test "x$NETSTAT" = "x" && test "have_tcsd" != "no"; then
        AC_MSG_ERROR([netstat tool is missing for tests: net-tools package])
    fi
    ;;
esac

AC_MSG_CHECKING([for whether to build with CUSE interface])
AC_ARG_WITH([cuse],
            AC_HELP_STRING([--with-cuse],
                           [build with CUSE interface]),
            [],
            [with_cuse=check]
)

if test "$with_cuse" != "no"; then
    LIBFUSE_CFLAGS=$(pkg-config fuse --cflags 2>/dev/null)
    if test $? -ne 0; then
        if test "$with_cuse" = "yes"; then
            AC_MSG_ERROR("Is fuse-devel installed? -- could not get cflags for libfuse")
        else
            with_cuse=no
        fi
    else
        with_cuse=yes
    fi
fi

dnl with_cuse is now yes or no
if test "$with_cuse" != "no"; then
    LIBFUSE_LIBS=$(pkg-config fuse --libs)
    if test $? -ne 0; then
        AC_MSG_ERROR("Is fuse-devel installed? -- could not get libs for libfuse")
    fi
    AC_SUBST([LIBFUSE_CFLAGS])
    AC_SUBST([LIBFUSE_LIBS])
    AC_DEFINE_UNQUOTED([WITH_CUSE], 1,
                       [whether to build with CUSE interface])

    GLIB_CFLAGS=$(pkg-config --cflags glib-2.0)
    if test $? -ne 0; then
        AC_MSG_ERROR("Is glib-2.0 installed? -- could not get cflags")
    fi
    AC_SUBST([GLIB_CFLAGS])

    GLIB_LIBS=$(pkg-config --libs glib-2.0)
    if test $? -ne 0; then
        AC_MSG_ERROR("Is glib-2.0 installed? -- could not get libs")
    fi
    AC_SUBST([GLIB_LIBS])

    GTHREAD_LIBS=$(pkg-config --libs gthread-2.0)
    if test $? -ne 0; then
        AC_MSG_ERROR("Is glib-2.0 installed? -- could not get libs for gthread-2.0")
    fi
    AC_SUBST([GTHREAD_LIBS])
fi
AM_CONDITIONAL([WITH_CUSE],[test "$with_cuse" = "yes"])
AC_MSG_RESULT($with_cuse)

AC_MSG_CHECKING([for whether to build with chardev interface])
case $host_os in
linux-*)
    with_chardev=yes
    AC_DEFINE_UNQUOTED([WITH_CHARDEV], 1,
                       [whether to build with chardev interface])
    ;;
*)
    with_chardev=no
esac
AM_CONDITIONAL([WITH_CHARDEV],[test "$with_chardev" = "yes"])
AC_MSG_RESULT($with_cuse)

AC_ARG_WITH([gnutls],
            AC_HELP_STRING([--with-gnutls],
                           [build with gnutls library]),
            [],
            [with_gnutls=check]
)

if test "x$with_gnutls" != "xno"; then
    GNUTLS_LDFLAGS=$(pkg-config --libs gnutls)
    if test $? -ne 0; then
        if test "x$with_gnutls" = "xyes"; then
            AC_MSG_ERROR("Is gnutls installed? -- could not get libs for gnutls")
        else
            with_gnutls=no
        fi
    fi
fi

if test "x$with_gnutls" != "xno"; then
     AC_PATH_PROG([GNUTLS_CERTTOOL], certtool)
     if test "x$GNUTLS_CERTTOOL" = "x"; then
         if test "x$with_gnutls" = "xyes"; then
             AC_MSG_ERROR("Could not find certtool. Is gnutls-utils/gnutls-bin installed?")
         else
             with_gnutls=no
         fi
     fi
fi

if test "x$with_gnutls" != "xno"; then
    ORIG_CFLAGS="$CFLAGS"
    GNUTLS_CFLAGS=$(pkg-config gnutls --cflags)
    CFLAGS="$CFLAGS $GNUTLS_CFLAGS $GNUTLS_LDFLAGS"
    AC_CHECK_LIB([gnutls], [gnutls_load_file], [
                 GNUTLS_LIBS=-lgnutls
             ],
             [if test "x$with_gnutls" = "xyes"; then
                 AC_MSG_ERROR([GNUTLS >= 3.1.0 library not found: libgnutls.so])
              else
                 with_gnutls="no"
              fi])
    CFLAGS="$ORIG_CFLAGS"
fi

if test "x$with_gnutls" != "xno"; then
    ORIG_CFLAGS="$CFLAGS"
    CFLAGS="$CFLAGS $GNUTLS_CFLAGS"
    AC_CHECK_HEADER(gnutls/abstract.h, [], \
             [if test "x$with_gnutls" = "xyes"; then
                 AC_MSG_ERROR([GNUTLS >= 3.1.0 library header not found: gnutls/abstract.h])
              else
                 with_gnutls="no"
              fi])
    CFLAGS="$ORIG_CFLAGS"
fi

if test "x$with_gnutls" != "xno"; then
    with_gnutls="yes"
fi
AM_CONDITIONAL([WITH_GNUTLS], [test "x$with_gnutls" = "xyes"])
AC_SUBST([GNUTLS_LIBS])

AC_PATH_PROG([EXPECT], expect)
if test "x$EXPECT" = "x"; then
	AC_MSG_ERROR([expect is required: expect package])
fi

AC_PATH_PROG([GAWK], gawk)
if test "x$GAWK" = "x"; then
	AC_MSG_ERROR([gawk is required: gawk package])
fi

AC_PATH_PROG([SOCAT], socat)
if test "x$SOCAT" = "x"; then
	AC_MSG_ERROR([socat is required: socat package])
fi

AC_PATH_PROG([PYTHON], python3)
if test "x$PYTHON" = "x"; then
	AC_MSG_ERROR([python3 is required])
fi

AC_ARG_ENABLE([hardening],
  AS_HELP_STRING([--disable-hardening], [Disable hardening flags]))

if test "x$enable_hardening" != "xno"; then
	TMP="$($CC -fstack-protector-strong $srcdir/include/swtpm/tpm_ioctl.h 2>&1)"
	if echo $TMP | $GREP 'unrecognized command line option' >/dev/null; then
		HARDENING_CFLAGS="-fstack-protector -Wstack-protector "
	else
		HARDENING_CFLAGS="-fstack-protector-strong -Wstack-protector "
	fi

	dnl Must not have -O0 but must have a -O for -D_FORTIFY_SOURCE=2
	TMP1="$(echo $CFLAGS | sed -n 's/.*\(-O0\).*/\1/p')"
	TMP2="$(echo $CFLAGS | sed -n 's/.*\(-O\).*/\1/p')"
	if test -z "$TMP1" && test -n "$TPM2"; then
		HARDENING_CFLAGS="$HARDENING_CFLAGS -D_FORTIFY_SOURCE=2 "
	fi
	dnl Check ld for 'relro' and 'now'
	if $LD --help 2>&1 | $GREP '\-z relro ' > /dev/null; then
		HARDENING_CFLAGS="$HARDENING_CFLAGS -Wl,-z,relro "
	fi
	if $LD --help 2>&1 | $GREP '\-z now ' > /dev/null; then
		HARDENING_CFLAGS="$HARDENING_CFLAGS -Wl,-z,now "
	fi
	AC_SUBST([HARDENING_CFLAGS])
fi

AC_ARG_ENABLE([test-coverage],
  AS_HELP_STRING([--enable-test-coverage], [Enable test coverage flags]))

if test "x$enable_test_coverage" = "xyes"; then
	COVERAGE_CFLAGS="-fprofile-arcs -ftest-coverage"
	COVERAGE_LDFLAGS="-fprofile-arcs"
fi

AC_ARG_WITH([tss-user],
            AC_HELP_STRING([--with-tss-user=TSS_USER],
                           [The tss user to use]),
            [TSS_USER="$withval"],
            [TSS_USER="tss"]
)

AC_ARG_WITH([tss-group],
            AC_HELP_STRING([--with-tss-group=TSS_GROUP],
                           [The tss group to use]),
            [TSS_GROUP="$withval"],
            [TSS_GROUP="tss"]
)
AC_SUBST([TSS_USER])
AC_SUBST([TSS_GROUP])

CFLAGS="$CFLAGS -Wreturn-type -Wsign-compare -Wswitch-enum"
CFLAGS="$CFLAGS -Wmissing-prototypes -Wall -Werror"
CFLAGS="$CFLAGS -Wformat -Wformat-security"
CFLAGS="$CFLAGS $GNUTLS_CFLAGS $COVERAGE_CFLAGS"

LDFLAGS="$LDFLAGS $COVERAGE_LDFLAGS"

dnl Simulate the following for systems with pkg-config < 0.28:
dnl PKG_CHECK_VAR([libtpms_cryptolib], [libtpms], [cryptolib],
dnl  [], AC_MSG_ERROR([Could not determine libtpms crypto library.]))
PKG_PROG_PKG_CONFIG

AC_MSG_CHECKING([Checking the crypto library libtpms is linked to])
libtpms_cryptolib=`$PKG_CONFIG --variable cryptolib libtpms`
if test "x$libtpms_cryptolib" = "x"; then
  AC_MSG_ERROR([Could not determine the crypto library libtpms is using])
fi
AC_MSG_RESULT($libtpms_cryptolib)

if test "$libtpms_cryptolib" != "$cryptolib"; then
  echo "libtpms is using $libtpms_cryptolib; we have to use the same"
  if test "$cryptolib" = "openssl"; then
    AC_MSG_ERROR([do not use --with-openssl])
  else
    AC_MSG_ERROR([use --with-openssl])
  fi
fi

with_vtpm_proxy=no
case $host_os in
linux-*)
  with_vtpm_proxy=yes
  AC_DEFINE_UNQUOTED([WITH_VTPM_PROXY], 1,
                     [whether to build in vTPM proxy support (Linux only)])
esac

case $host_os in
cygwin)
  CFLAGS="$CFLAGS -D__USE_LINUX_IOCTL_DEFS"
esac

dnl Seccomp profile using -lseccomp (Linux only)
case $host_os in
linux-*)
  with_seccomp_default=yes
  ;;
*)
  with_seccomp_default=no
  ;;
esac

AC_MSG_CHECKING([for whether to build with seccomp profile])
AC_ARG_WITH([seccomp],
  AC_HELP_STRING([--with-seccomp],
                 [build with seccomp profile]),
  [],
  [with_seccomp=$with_seccomp_default]
)

if test "$with_seccomp" != "no"; then
  LIBSECCOMP_CFLAGS=$(pkg-config libseccomp --cflags 2>/dev/null)
  if test $? -ne 0; then
    AC_MSG_ERROR("Is libseccomp-devel installed? -- could not get cflags for libseccomp")
  else
    with_libseccomp=yes
  fi
  LIBSECCOMP_LIBS=$(pkg-config --libs libseccomp)
  AC_SUBST([LIBSECCOMP_LIBS])
  AC_SUBST([LIBSECCOMP_CFLAGS])
  AC_DEFINE_UNQUOTED([WITH_SECCOMP], 1,
                     [whether to build in seccomp profile (Linux only)])
fi

AC_CONFIG_FILES([Makefile                   \
		debian/swtpm-tools.postinst \
		dist/swtpm.spec             \
		etc/Makefile                \
		etc/swtpm_setup.conf        \
		samples/Makefile            \
		samples/swtpm-localca.conf  \
		include/Makefile            \
		include/swtpm/Makefile      \
		include/swtpm.h             \
		src/Makefile                \
		src/selinux/Makefile        \
		src/swtpm/Makefile          \
		src/swtpm_bios/Makefile     \
		src/swtpm_cert/Makefile     \
		src/swtpm_ioctl/Makefile    \
		src/swtpm_setup/Makefile    \
		src/swtpm_setup/swtpm_setup.h  \
		man/Makefile                \
		man/man3/Makefile           \
		man/man8/Makefile           \
		tests/Makefile              \
		tests/test_config           \
		])
AC_CONFIG_FILES([src/swtpm_setup/swtpm_setup.sh],
		[chmod 755 src/swtpm_setup/swtpm_setup.sh])
AC_CONFIG_FILES([samples/swtpm-localca],
		[chmod 755 samples/swtpm-localca])
AC_OUTPUT

echo
printf "with_gnutls     : %5s  (no = swtpm_cert will NOT be built)\n" $with_gnutls
printf "with_selinux    : %5s  (no = SELinux policy extenions will NOT be built)\n" $with_selinux
printf "with_cuse       : %5s  (no = no CUSE interface)\n" $with_cuse
printf "with_chardev    : %5s  (no = no chardev interface)\n" $with_chardev
printf "with_swtpm_setup: %5s  (no = swtpm_setup will NOT be built)\n" $with_swtpm_setup
printf "with_vtpm_proxy : %5s  (no = no vtpm proxy support; Linux only)\n" $with_vtpm_proxy
printf "with_seccomp    : %5s  (no = no seccomp profile; Linux only)\n" $with_seccomp
echo
echo "cryptolib: $cryptolib"
echo
echo "CFLAGS=$CFLAGS"
echo "HARDENING_CFLAGS=$HARDENING_CFLAGS"
echo "LDFLAGS=$LDFLAGS"
echo "LIBSECCOMP_LIBS=$LIBSECCOMP_LIBS"
echo
echo "TSS_USER=$TSS_USER"
echo "TSS_GROUP=$TSS_GROUP"
echo
Commit	Line	Data
f163b202 SB	1	#
	2	# configure.ac
	3	#
	4	# The Initial Developer of the Original Code is International
	5	# Business Machines Corporation. Portions created by IBM
	6	# Corporation are Copyright (C) 2014 International Business
	7	# Machines Corporation. All Rights Reserved.
	8	#
	9	# This program is free software; you can redistribute it and/or modify
	10	# it under the terms of the Common Public License as published by
	11	# IBM Corporation; either version 1 of the License, or (at your option)
	12	# any later version.
	13	#
	14	# This program is distributed in the hope that it will be useful,
	15	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	17	# Common Public License for more details.
	18	#
	19	# You should have received a copy of the Common Public License
	20	# along with this program; if not, a copy can be viewed at
	21	# http://www.opensource.org/licenses/cpl1.0.php.
	22	#
	23	# This file is derived from tpm-tool's configure.in.
	24	#
	25
f1a8a1cb	26	AC_INIT(swtpm, 0.2.0)
f163b202 SB	27	AC_PREREQ(2.12)
	28	AC_CONFIG_SRCDIR(Makefile.am)
	29	AC_CONFIG_HEADER(config.h)
	30
	31	SWTPM_VER_MAJOR=`echo $PACKAGE_VERSION \| cut -d "." -f1`
	32	SWTPM_VER_MINOR=`echo $PACKAGE_VERSION \| cut -d "." -f2`
	33	SWTPM_VER_MICRO=`echo $PACKAGE_VERSION \| cut -d "." -f3`
	34
	35	AC_SUBST([SWTPM_VER_MAJOR])
	36	AC_SUBST([SWTPM_VER_MINOR])
	37	AC_SUBST([SWTPM_VER_MICRO])
	38
	39	dnl Check for programs
	40	AC_PROG_CC
	41	AC_PROG_INSTALL
	42	AC_PROG_LN_S
908afaf5	43	LT_INIT
f163b202	44
f163b202 SB	45	AC_CONFIG_MACRO_DIR([m4])
f163b202 SB	46	AC_CANONICAL_TARGET
c3fdf688	47	AC_CANONICAL_HOST
f163b202 SB	48	AM_INIT_AUTOMAKE([foreign 1.6])
	49
	50	DEBUG=""
	51	AC_MSG_CHECKING([for debug-enabled build])
	52	AC_ARG_ENABLE(debug, AC_HELP_STRING([--enable-debug], [create a debug build]),
	53	[if test "$enableval" = "yes"; then
	54	DEBUG="yes"
	55	AC_MSG_RESULT([yes])
	56	else
	57	DEBUG="no"
	58	AC_MSG_RESULT([no])
	59	fi],
	60	[DEBUG="no",
	61	AC_MSG_RESULT([no])])
	62
	63	# If the user has not set CFLAGS, do something appropriate
	64	test_CFLAGS=${CFLAGS+set}
	65	if test "$test_CFLAGS" != set; then
33be7be2	66	if test "$DEBUG" = "yes"; then
f163b202 SB	67	CFLAGS="-O0 -g -DDEBUG"
	68	else
	69	CFLAGS="-g -O2"
	70	fi
33be7be2	71	elif test "$DEBUG" = "yes"; then
f163b202 SB	72	CFLAGS="$CFLAGS -O0 -g -DDEBUG"
	73	fi
	74
e46a2b66 SB	75	AC_HEADER_STDC
	76	AC_C_CONST
	77	AC_C_INLINE
	78
	79	AC_TYPE_SIZE_T
	80	AC_TYPE_SIGNAL
	81
baecda40 SB	82	AC_PROG_CC
baecda40 SB	83	AC_PROG_INSTALL
3cb54a5d	84	AC_PROG_MKDIR_P
e46a2b66	85
ec37bb56 SB	86	AC_ARG_WITH([selinux],
	87	AS_HELP_STRING([--with-selinux],
	88	[add SELinux policy extensions @<:@default=check@:>@]))
	89	m4_divert_text([DEFAULTS], [with_selinux=check])
	90
	91	dnl Check for SELinux policy support
	92
	93	if test "$with_selinux" != "no"; then
	94	if test "$with_selinux" = "check" \|\| test "$with_selinux" = "yes"; then
	95	if ! test -f /usr/share/selinux/devel/Makefile; then
	96	if test "$with_selinux" = "yes"; then
	97	AC_MSG_ERROR("Is selinux-policy-devel installed?")
	98	else
	99	with_selinux="no"
	100	fi
	101	fi
	102	AC_PATH_PROG([SEMODULE], semodule)
33be7be2	103	if test "x$SEMODULE" = "x"; then
ec37bb56 SB	104	if test "$with_selinux" = "yes"; then
	105	AC_MSG_ERROR("Is selinux-policy-devel installed?")
	106	else
	107	with_selinux="no"
	108	fi
	109	fi
	110	if test "$with_selinux" = "check"; then
	111	with_selinux="yes"
	112	fi
	113	fi
	114	fi
33be7be2	115	AM_CONDITIONAL([WITH_SELINUX], [test "x$with_selinux" = "xyes"])
ec37bb56	116
b096be26 SB	117	if test "$prefix" = "/usr" && test "$sysconfdir" = '${prefix}/etc'; then
	118	sysconfdir="/etc"
	119	fi
	120	if test "$prefix" = "" && test "$datarootdir" = '${prefix}/share'; then
	121	datarootdir="/usr/share"
	122	fi
d16b86b7 SB	123	if test "$prefix" = "/usr" && test "$localstatedir" = '${prefix}/var'; then
	124	localstatedir="/var"
	125	fi
0432b653 SB	126	SYSCONFDIR=`eval echo $sysconfdir`
0432b653 SB	127	DATAROOTDIR=`eval echo $datarootdir`
d16b86b7	128	LOCALSTATEDIR=`eval echo $localstatedir`
0432b653 SB	129	AC_SUBST([SYSCONFDIR])
0432b653 SB	130	AC_SUBST([DATAROOTDIR])
d16b86b7	131	AC_SUBST([LOCALSTATEDIR])
b096be26	132
7849b6c6	133	cryptolib=openssl
3bbdd7bc SB	134
3bbdd7bc SB	135	AC_ARG_WITH([openssl],
7849b6c6 SB	136	[AS_HELP_STRING([--with-openssl],
	137	[build with openssl library])],
	138	[],
	139	[])
3bbdd7bc SB	140
3bbdd7bc SB	141	case "$cryptolib" in
3bbdd7bc	142	openssl)
7849b6c6 SB	143	AC_CHECK_LIB(crypto,
7849b6c6 SB	144	[AES_set_encrypt_key],
b78b6af2	145	[true],
7849b6c6 SB	146	AC_MSG_ERROR(Faulty openssl crypto library))
	147	AC_CHECK_HEADERS([openssl/aes.h],[],
	148	AC_MSG_ERROR(Is openssl-devel/libssl-dev installed?))
	149	AC_MSG_RESULT([Building with openssl crypto library])
	150	;;
3bbdd7bc	151	esac
833a5416	152
baecda40 SB	153	LIBTASN1_LIBS=$(pkg-config --libs libtasn1)
	154	if test $? -ne 0; then
	155	AC_MSG_ERROR("Is libtasn1-devel installed? -- could not get libs for libtasn1")
	156	fi
	157	AC_SUBST([LIBTASN1_LIBS])
f163b202	158
baecda40 SB	159	LIBTPMS_LIBS=$(pkg-config --libs libtpms)
	160	if test $? -ne 0; then
	161	AC_MSG_ERROR("Is libtpms-devel installed? -- could not get libs for libtpms")
	162	fi
fbc596ab	163	AC_CHECK_LIB(tpms,
b78b6af2	164	TPMLIB_ChooseTPMVersion,[true],
fbc596ab SB	165	AC_MSG_ERROR("libtpms 0.6 or later is required")
fbc596ab SB	166	)
baecda40	167	AC_SUBST([LIBTPMS_LIBS])
f163b202	168
5478de0a SB	169	AC_CHECK_LIB(c, clock_gettime, LIBRT_LIBS="", LIBRT_LIBS="-lrt")
	170	AC_SUBST([LIBRT_LIBS])
	171
e46a2b66	172	AC_PATH_PROG([TPM_NVDEFINE], tpm_nvdefine)
ef606d4a	173	if test "x$TPM_NVDEFINE" = "x"; then
64faf455	174	have_tcsd=no
ef606d4a SB	175	AC_MSG_WARN([NVRAM area tools are needed for TPM 1.2 certificate injection: tpm-tools package])
	176	else
	177	have_tcsd=yes
	178	fi
64faf455 SB	179	with_swtpm_setup=yes
64faf455 SB	180	AM_CONDITIONAL([HAVE_TCSD], test "$have_tcsd" != "no")
e46a2b66	181
5cd844d0 SB	182	dnl If we have the tcsd package, we can build swtpm_setup, but need netstat also
	183	AC_PATH_PROG([NETSTAT], [netstat])
	184	case $host_os in
	185	linux-*)
33be7be2	186	if test "x$NETSTAT" = "x" && test "have_tcsd" != "no"; then
64faf455	187	AC_MSG_ERROR([netstat tool is missing for tests: net-tools package])
5cd844d0 SB	188	fi
	189	;;
	190	esac
	191
09d1a532 SB	192	AC_MSG_CHECKING([for whether to build with CUSE interface])
	193	AC_ARG_WITH([cuse],
	194	AC_HELP_STRING([--with-cuse],
	195	[build with CUSE interface]),
	196	[],
	197	[with_cuse=check]
	198	)
f163b202	199
09d1a532 SB	200	if test "$with_cuse" != "no"; then
	201	LIBFUSE_CFLAGS=$(pkg-config fuse --cflags 2>/dev/null)
	202	if test $? -ne 0; then
	203	if test "$with_cuse" = "yes"; then
	204	AC_MSG_ERROR("Is fuse-devel installed? -- could not get cflags for libfuse")
	205	else
	206	with_cuse=no
	207	fi
	208	else
	209	with_cuse=yes
	210	fi
498433f7	211	fi
09d1a532 SB	212
	213	dnl with_cuse is now yes or no
	214	if test "$with_cuse" != "no"; then
	215	LIBFUSE_LIBS=$(pkg-config fuse --libs)
	216	if test $? -ne 0; then
	217	AC_MSG_ERROR("Is fuse-devel installed? -- could not get libs for libfuse")
	218	fi
	219	AC_SUBST([LIBFUSE_CFLAGS])
	220	AC_SUBST([LIBFUSE_LIBS])
	221	AC_DEFINE_UNQUOTED([WITH_CUSE], 1,
	222	[whether to build with CUSE interface])
ebf1557d SB	223
	224	GLIB_CFLAGS=$(pkg-config --cflags glib-2.0)
	225	if test $? -ne 0; then
	226	AC_MSG_ERROR("Is glib-2.0 installed? -- could not get cflags")
	227	fi
	228	AC_SUBST([GLIB_CFLAGS])
	229
	230	GLIB_LIBS=$(pkg-config --libs glib-2.0)
	231	if test $? -ne 0; then
	232	AC_MSG_ERROR("Is glib-2.0 installed? -- could not get libs")
	233	fi
	234	AC_SUBST([GLIB_LIBS])
	235
	236	GTHREAD_LIBS=$(pkg-config --libs gthread-2.0)
	237	if test $? -ne 0; then
	238	AC_MSG_ERROR("Is glib-2.0 installed? -- could not get libs for gthread-2.0")
	239	fi
	240	AC_SUBST([GTHREAD_LIBS])
baecda40	241	fi
09d1a532 SB	242	AM_CONDITIONAL([WITH_CUSE],[test "$with_cuse" = "yes"])
09d1a532 SB	243	AC_MSG_RESULT($with_cuse)
f163b202	244
498433f7 SB	245	AC_MSG_CHECKING([for whether to build with chardev interface])
	246	case $host_os in
	247	linux-*)
	248	with_chardev=yes
	249	AC_DEFINE_UNQUOTED([WITH_CHARDEV], 1,
	250	[whether to build with chardev interface])
	251	;;
	252	*)
	253	with_chardev=no
	254	esac
	255	AM_CONDITIONAL([WITH_CHARDEV],[test "$with_chardev" = "yes"])
	256	AC_MSG_RESULT($with_cuse)
	257
10002933 SB	258	AC_ARG_WITH([gnutls],
	259	AC_HELP_STRING([--with-gnutls],
	260	[build with gnutls library]),
	261	[],
	262	[with_gnutls=check]
	263	)
	264
e46a2b66 SB	265	if test "x$with_gnutls" != "xno"; then
	266	GNUTLS_LDFLAGS=$(pkg-config --libs gnutls)
	267	if test $? -ne 0; then
33be7be2	268	if test "x$with_gnutls" = "xyes"; then
e46a2b66 SB	269	AC_MSG_ERROR("Is gnutls installed? -- could not get libs for gnutls")
	270	else
	271	with_gnutls=no
	272	fi
	273	fi
	274	fi
f163b202	275
1828edee SB	276	if test "x$with_gnutls" != "xno"; then
1828edee SB	277	AC_PATH_PROG([GNUTLS_CERTTOOL], certtool)
33be7be2 SB	278	if test "x$GNUTLS_CERTTOOL" = "x"; then
33be7be2 SB	279	if test "x$with_gnutls" = "xyes"; then
1828edee SB	280	AC_MSG_ERROR("Could not find certtool. Is gnutls-utils/gnutls-bin installed?")
	281	else
	282	with_gnutls=no
	283	fi
	284	fi
	285	fi
	286
e46a2b66	287	if test "x$with_gnutls" != "xno"; then
571a8eed	288	ORIG_CFLAGS="$CFLAGS"
baecda40	289	GNUTLS_CFLAGS=$(pkg-config gnutls --cflags)
571a8eed	290	CFLAGS="$CFLAGS $GNUTLS_CFLAGS $GNUTLS_LDFLAGS"
10002933	291	AC_CHECK_LIB([gnutls], [gnutls_load_file], [
baecda40 SB	292	GNUTLS_LIBS=-lgnutls
baecda40 SB	293	],
33be7be2	294	[if test "x$with_gnutls" = "xyes"; then
e46a2b66 SB	295	AC_MSG_ERROR([GNUTLS >= 3.1.0 library not found: libgnutls.so])
	296	else
	297	with_gnutls="no"
	298	fi])
571a8eed	299	CFLAGS="$ORIG_CFLAGS"
e46a2b66 SB	300	fi
	301
	302	if test "x$with_gnutls" != "xno"; then
571a8eed SB	303	ORIG_CFLAGS="$CFLAGS"
571a8eed SB	304	CFLAGS="$CFLAGS $GNUTLS_CFLAGS"
e46a2b66	305	AC_CHECK_HEADER(gnutls/abstract.h, [], \
33be7be2	306	[if test "x$with_gnutls" = "xyes"; then
e46a2b66 SB	307	AC_MSG_ERROR([GNUTLS >= 3.1.0 library header not found: gnutls/abstract.h])
	308	else
	309	with_gnutls="no"
	310	fi])
571a8eed	311	CFLAGS="$ORIG_CFLAGS"
e46a2b66 SB	312	fi
	313
	314	if test "x$with_gnutls" != "xno"; then
	315	with_gnutls="yes"
	316	fi
33be7be2	317	AM_CONDITIONAL([WITH_GNUTLS], [test "x$with_gnutls" = "xyes"])
baecda40	318	AC_SUBST([GNUTLS_LIBS])
f163b202	319
48abfbb1	320	AC_PATH_PROG([EXPECT], expect)
33be7be2	321	if test "x$EXPECT" = "x"; then
48abfbb1 SB	322	AC_MSG_ERROR([expect is required: expect package])
	323	fi
	324
b080afb5	325	AC_PATH_PROG([GAWK], gawk)
33be7be2	326	if test "x$GAWK" = "x"; then
b080afb5 SB	327	AC_MSG_ERROR([gawk is required: gawk package])
	328	fi
	329
8cb126e4	330	AC_PATH_PROG([SOCAT], socat)
33be7be2	331	if test "x$SOCAT" = "x"; then
8cb126e4 SB	332	AC_MSG_ERROR([socat is required: socat package])
	333	fi
	334
b4372fe5	335	AC_PATH_PROG([PYTHON], python3)
33be7be2	336	if test "x$PYTHON" = "x"; then
b4372fe5	337	AC_MSG_ERROR([python3 is required])
dbb399de SB	338	fi
dbb399de SB	339
5eeea357 SB	340	AC_ARG_ENABLE([hardening],
5eeea357 SB	341	AS_HELP_STRING([--disable-hardening], [Disable hardening flags]))
a76b4eeb	342
5eeea357 SB	343	if test "x$enable_hardening" != "xno"; then
	344	TMP="$($CC -fstack-protector-strong $srcdir/include/swtpm/tpm_ioctl.h 2>&1)"
	345	if echo $TMP \| $GREP 'unrecognized command line option' >/dev/null; then
	346	HARDENING_CFLAGS="-fstack-protector -Wstack-protector "
	347	else
	348	HARDENING_CFLAGS="-fstack-protector-strong -Wstack-protector "
	349	fi
	350
	351	dnl Must not have -O0 but must have a -O for -D_FORTIFY_SOURCE=2
	352	TMP1="$(echo $CFLAGS \| sed -n 's/.\(-O0\)./\1/p')"
	353	TMP2="$(echo $CFLAGS \| sed -n 's/.\(-O\)./\1/p')"
	354	if test -z "$TMP1" && test -n "$TPM2"; then
	355	HARDENING_CFLAGS="$HARDENING_CFLAGS -D_FORTIFY_SOURCE=2 "
	356	fi
	357	dnl Check ld for 'relro' and 'now'
	358	if $LD --help 2>&1 \| $GREP '\-z relro ' > /dev/null; then
	359	HARDENING_CFLAGS="$HARDENING_CFLAGS -Wl,-z,relro "
	360	fi
	361	if $LD --help 2>&1 \| $GREP '\-z now ' > /dev/null; then
	362	HARDENING_CFLAGS="$HARDENING_CFLAGS -Wl,-z,now "
	363	fi
	364	AC_SUBST([HARDENING_CFLAGS])
a76b4eeb	365	fi
e6085e96	366
b8421f3d SB	367	AC_ARG_ENABLE([test-coverage],
	368	AS_HELP_STRING([--enable-test-coverage], [Enable test coverage flags]))
	369
	370	if test "x$enable_test_coverage" = "xyes"; then
	371	COVERAGE_CFLAGS="-fprofile-arcs -ftest-coverage"
	372	COVERAGE_LDFLAGS="-fprofile-arcs"
	373	fi
	374
c4ac0a11 SB	375	AC_ARG_WITH([tss-user],
	376	AC_HELP_STRING([--with-tss-user=TSS_USER],
	377	[The tss user to use]),
	378	[TSS_USER="$withval"],
	379	[TSS_USER="tss"]
	380	)
	381
	382	AC_ARG_WITH([tss-group],
	383	AC_HELP_STRING([--with-tss-group=TSS_GROUP],
	384	[The tss group to use]),
	385	[TSS_GROUP="$withval"],
	386	[TSS_GROUP="tss"]
	387	)
	388	AC_SUBST([TSS_USER])
	389	AC_SUBST([TSS_GROUP])
	390
f163b202 SB	391	CFLAGS="$CFLAGS -Wreturn-type -Wsign-compare -Wswitch-enum"
f163b202 SB	392	CFLAGS="$CFLAGS -Wmissing-prototypes -Wall -Werror"
e6085e96	393	CFLAGS="$CFLAGS -Wformat -Wformat-security"
b8421f3d SB	394	CFLAGS="$CFLAGS $GNUTLS_CFLAGS $COVERAGE_CFLAGS"
	395
	396	LDFLAGS="$LDFLAGS $COVERAGE_LDFLAGS"
f163b202	397
f2458ef7 SB	398	dnl Simulate the following for systems with pkg-config < 0.28:
	399	dnl PKG_CHECK_VAR([libtpms_cryptolib], [libtpms], [cryptolib],
	400	dnl [], AC_MSG_ERROR([Could not determine libtpms crypto library.]))
	401	PKG_PROG_PKG_CONFIG
	402
	403	AC_MSG_CHECKING([Checking the crypto library libtpms is linked to])
	404	libtpms_cryptolib=`$PKG_CONFIG --variable cryptolib libtpms`
33be7be2	405	if test "x$libtpms_cryptolib" = "x"; then
f2458ef7 SB	406	AC_MSG_ERROR([Could not determine the crypto library libtpms is using])
	407	fi
	408	AC_MSG_RESULT($libtpms_cryptolib)
86cc4527 SB	409
	410	if test "$libtpms_cryptolib" != "$cryptolib"; then
	411	echo "libtpms is using $libtpms_cryptolib; we have to use the same"
33be7be2	412	if test "$cryptolib" = "openssl"; then
86cc4527 SB	413	AC_MSG_ERROR([do not use --with-openssl])
	414	else
	415	AC_MSG_ERROR([use --with-openssl])
	416	fi
	417	fi
	418
c751e32e SB	419	with_vtpm_proxy=no
c751e32e SB	420	case $host_os in
f071d820	421	linux-*)
c751e32e SB	422	with_vtpm_proxy=yes
	423	AC_DEFINE_UNQUOTED([WITH_VTPM_PROXY], 1,
	424	[whether to build in vTPM proxy support (Linux only)])
	425	esac
	426
6286beac SB	427	case $host_os in
	428	cygwin)
	429	CFLAGS="$CFLAGS -D__USE_LINUX_IOCTL_DEFS"
	430	esac
	431
761df6cd SB	432	dnl Seccomp profile using -lseccomp (Linux only)
	433	case $host_os in
	434	linux-*)
	435	with_seccomp_default=yes
	436	;;
	437	*)
	438	with_seccomp_default=no
	439	;;
	440	esac
	441
	442	AC_MSG_CHECKING([for whether to build with seccomp profile])
	443	AC_ARG_WITH([seccomp],
	444	AC_HELP_STRING([--with-seccomp],
	445	[build with seccomp profile]),
	446	[],
	447	[with_seccomp=$with_seccomp_default]
	448	)
	449
	450	if test "$with_seccomp" != "no"; then
	451	LIBSECCOMP_CFLAGS=$(pkg-config libseccomp --cflags 2>/dev/null)
	452	if test $? -ne 0; then
	453	AC_MSG_ERROR("Is libseccomp-devel installed? -- could not get cflags for libseccomp")
	454	else
	455	with_libseccomp=yes
	456	fi
	457	LIBSECCOMP_LIBS=$(pkg-config --libs libseccomp)
	458	AC_SUBST([LIBSECCOMP_LIBS])
	459	AC_SUBST([LIBSECCOMP_CFLAGS])
	460	AC_DEFINE_UNQUOTED([WITH_SECCOMP], 1,
	461	[whether to build in seccomp profile (Linux only)])
	462	fi
	463
44b92d43 SB	464	AC_CONFIG_FILES([Makefile \
44b92d43 SB	465	debian/swtpm-tools.postinst \
f163b202	466	dist/swtpm.spec \
e46a2b66	467	etc/Makefile \
0432b653	468	etc/swtpm_setup.conf \
e46a2b66	469	samples/Makefile \
d16b86b7	470	samples/swtpm-localca.conf \
f163b202 SB	471	include/Makefile \
f163b202 SB	472	include/swtpm/Makefile \
a1fa5d77	473	include/swtpm.h \
f163b202 SB	474	src/Makefile \
	475	src/selinux/Makefile \
	476	src/swtpm/Makefile \
e46a2b66 SB	477	src/swtpm_bios/Makefile \
	478	src/swtpm_cert/Makefile \
	479	src/swtpm_ioctl/Makefile \
	480	src/swtpm_setup/Makefile \
c4ac0a11	481	src/swtpm_setup/swtpm_setup.h \
f163b202	482	man/Makefile \
39d0c3de	483	man/man3/Makefile \
f163b202	484	man/man8/Makefile \
e46a2b66	485	tests/Makefile \
c4ac0a11	486	tests/test_config \
10002933 SB	487	])
	488	AC_CONFIG_FILES([src/swtpm_setup/swtpm_setup.sh],
	489	[chmod 755 src/swtpm_setup/swtpm_setup.sh])
0432b653 SB	490	AC_CONFIG_FILES([samples/swtpm-localca],
0432b653 SB	491	[chmod 755 samples/swtpm-localca])
f163b202 SB	492	AC_OUTPUT
f163b202 SB	493
e46a2b66	494	echo
c3fdf688 SB	495	printf "with_gnutls : %5s (no = swtpm_cert will NOT be built)\n" $with_gnutls
	496	printf "with_selinux : %5s (no = SELinux policy extenions will NOT be built)\n" $with_selinux
	497	printf "with_cuse : %5s (no = no CUSE interface)\n" $with_cuse
498433f7	498	printf "with_chardev : %5s (no = no chardev interface)\n" $with_chardev
c3fdf688	499	printf "with_swtpm_setup: %5s (no = swtpm_setup will NOT be built)\n" $with_swtpm_setup
c751e32e	500	printf "with_vtpm_proxy : %5s (no = no vtpm proxy support; Linux only)\n" $with_vtpm_proxy
761df6cd	501	printf "with_seccomp : %5s (no = no seccomp profile; Linux only)\n" $with_seccomp
e46a2b66	502	echo
10002933 SB	503	echo "cryptolib: $cryptolib"
10002933 SB	504	echo
f163b202	505	echo "CFLAGS=$CFLAGS"
a76b4eeb	506	echo "HARDENING_CFLAGS=$HARDENING_CFLAGS"
f163b202	507	echo "LDFLAGS=$LDFLAGS"
761df6cd	508	echo "LIBSECCOMP_LIBS=$LIBSECCOMP_LIBS"
c4ac0a11 SB	509	echo
	510	echo "TSS_USER=$TSS_USER"
	511	echo "TSS_GROUP=$TSS_GROUP"
	512	echo