]>
Commit | Line | Data |
---|---|---|
f163b202 SB |
1 | # |
2 | # configure.ac | |
3 | # | |
4 | # The Initial Developer of the Original Code is International | |
5 | # Business Machines Corporation. Portions created by IBM | |
6 | # Corporation are Copyright (C) 2014 International Business | |
7 | # Machines Corporation. All Rights Reserved. | |
8 | # | |
9 | # This program is free software; you can redistribute it and/or modify | |
10 | # it under the terms of the Common Public License as published by | |
11 | # IBM Corporation; either version 1 of the License, or (at your option) | |
12 | # any later version. | |
13 | # | |
14 | # This program is distributed in the hope that it will be useful, | |
15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
17 | # Common Public License for more details. | |
18 | # | |
19 | # You should have received a copy of the Common Public License | |
20 | # along with this program; if not, a copy can be viewed at | |
21 | # http://www.opensource.org/licenses/cpl1.0.php. | |
22 | # | |
23 | # This file is derived from tpm-tool's configure.in. | |
24 | # | |
25 | ||
3115dff0 | 26 | AC_INIT([swtpm],[0.8.0]) |
b295c768 | 27 | AC_PREREQ([2.69]) |
f163b202 | 28 | AC_CONFIG_SRCDIR(Makefile.am) |
b295c768 | 29 | AC_CONFIG_HEADERS([config.h]) |
f163b202 SB |
30 | |
31 | SWTPM_VER_MAJOR=`echo $PACKAGE_VERSION | cut -d "." -f1` | |
32 | SWTPM_VER_MINOR=`echo $PACKAGE_VERSION | cut -d "." -f2` | |
33 | SWTPM_VER_MICRO=`echo $PACKAGE_VERSION | cut -d "." -f3` | |
34 | ||
35 | AC_SUBST([SWTPM_VER_MAJOR]) | |
36 | AC_SUBST([SWTPM_VER_MINOR]) | |
37 | AC_SUBST([SWTPM_VER_MICRO]) | |
38 | ||
39 | dnl Check for programs | |
40 | AC_PROG_CC | |
41 | AC_PROG_INSTALL | |
42 | AC_PROG_LN_S | |
908afaf5 | 43 | LT_INIT |
f163b202 | 44 | |
f163b202 SB |
45 | AC_CONFIG_MACRO_DIR([m4]) |
46 | AC_CANONICAL_TARGET | |
c3fdf688 | 47 | AC_CANONICAL_HOST |
f163b202 | 48 | AM_INIT_AUTOMAKE([foreign 1.6]) |
13cb26d8 | 49 | AM_SILENT_RULES([yes]) |
f163b202 SB |
50 | |
51 | DEBUG="" | |
52 | AC_MSG_CHECKING([for debug-enabled build]) | |
b295c768 | 53 | AC_ARG_ENABLE(debug, AS_HELP_STRING([--enable-debug],[create a debug build]), |
f163b202 SB |
54 | [if test "$enableval" = "yes"; then |
55 | DEBUG="yes" | |
56 | AC_MSG_RESULT([yes]) | |
57 | else | |
58 | DEBUG="no" | |
59 | AC_MSG_RESULT([no]) | |
60 | fi], | |
61 | [DEBUG="no", | |
62 | AC_MSG_RESULT([no])]) | |
63 | ||
64 | # If the user has not set CFLAGS, do something appropriate | |
65 | test_CFLAGS=${CFLAGS+set} | |
66 | if test "$test_CFLAGS" != set; then | |
33be7be2 | 67 | if test "$DEBUG" = "yes"; then |
f163b202 SB |
68 | CFLAGS="-O0 -g -DDEBUG" |
69 | else | |
70 | CFLAGS="-g -O2" | |
71 | fi | |
33be7be2 | 72 | elif test "$DEBUG" = "yes"; then |
f163b202 SB |
73 | CFLAGS="$CFLAGS -O0 -g -DDEBUG" |
74 | fi | |
75 | ||
e46a2b66 SB |
76 | AC_C_CONST |
77 | AC_C_INLINE | |
78 | ||
79 | AC_TYPE_SIZE_T | |
e46a2b66 | 80 | |
baecda40 SB |
81 | AC_PROG_CC |
82 | AC_PROG_INSTALL | |
3cb54a5d | 83 | AC_PROG_MKDIR_P |
e46a2b66 | 84 | |
ec37bb56 SB |
85 | AC_ARG_WITH([selinux], |
86 | AS_HELP_STRING([--with-selinux], | |
87 | [add SELinux policy extensions @<:@default=check@:>@])) | |
88 | m4_divert_text([DEFAULTS], [with_selinux=check]) | |
89 | ||
90 | dnl Check for SELinux policy support | |
91 | ||
92 | if test "$with_selinux" != "no"; then | |
93 | if test "$with_selinux" = "check" || test "$with_selinux" = "yes"; then | |
94 | if ! test -f /usr/share/selinux/devel/Makefile; then | |
95 | if test "$with_selinux" = "yes"; then | |
96 | AC_MSG_ERROR("Is selinux-policy-devel installed?") | |
97 | else | |
98 | with_selinux="no" | |
99 | fi | |
100 | fi | |
101 | AC_PATH_PROG([SEMODULE], semodule) | |
33be7be2 | 102 | if test "x$SEMODULE" = "x"; then |
ec37bb56 SB |
103 | if test "$with_selinux" = "yes"; then |
104 | AC_MSG_ERROR("Is selinux-policy-devel installed?") | |
105 | else | |
106 | with_selinux="no" | |
107 | fi | |
108 | fi | |
109 | if test "$with_selinux" = "check"; then | |
110 | with_selinux="yes" | |
111 | fi | |
112 | fi | |
113 | fi | |
33be7be2 | 114 | AM_CONDITIONAL([WITH_SELINUX], [test "x$with_selinux" = "xyes"]) |
ec37bb56 | 115 | |
b096be26 SB |
116 | if test "$prefix" = "/usr" && test "$sysconfdir" = '${prefix}/etc'; then |
117 | sysconfdir="/etc" | |
118 | fi | |
119 | if test "$prefix" = "" && test "$datarootdir" = '${prefix}/share'; then | |
120 | datarootdir="/usr/share" | |
121 | fi | |
d16b86b7 SB |
122 | if test "$prefix" = "/usr" && test "$localstatedir" = '${prefix}/var'; then |
123 | localstatedir="/var" | |
124 | fi | |
5d35321e SB |
125 | if test "x$prefix" = "xNONE"; then |
126 | prefix="/usr/local" | |
127 | fi | |
fd00c5ff SB |
128 | if test "x$exec_prefix" = "xNONE"; then |
129 | exec_prefix=$prefix | |
130 | fi | |
0432b653 SB |
131 | SYSCONFDIR=`eval echo $sysconfdir` |
132 | DATAROOTDIR=`eval echo $datarootdir` | |
d16b86b7 | 133 | LOCALSTATEDIR=`eval echo $localstatedir` |
fd00c5ff | 134 | BINDIR=`eval echo $bindir` |
0432b653 SB |
135 | AC_SUBST([SYSCONFDIR]) |
136 | AC_SUBST([DATAROOTDIR]) | |
d16b86b7 | 137 | AC_SUBST([LOCALSTATEDIR]) |
fd00c5ff | 138 | AC_SUBST([BINDIR]) |
b096be26 | 139 | |
7849b6c6 | 140 | cryptolib=openssl |
3bbdd7bc SB |
141 | |
142 | AC_ARG_WITH([openssl], | |
7849b6c6 SB |
143 | [AS_HELP_STRING([--with-openssl], |
144 | [build with openssl library])], | |
145 | [], | |
146 | []) | |
3bbdd7bc SB |
147 | |
148 | case "$cryptolib" in | |
3bbdd7bc | 149 | openssl) |
7849b6c6 SB |
150 | AC_CHECK_LIB(crypto, |
151 | [AES_set_encrypt_key], | |
b78b6af2 | 152 | [true], |
7849b6c6 SB |
153 | AC_MSG_ERROR(Faulty openssl crypto library)) |
154 | AC_CHECK_HEADERS([openssl/aes.h],[], | |
155 | AC_MSG_ERROR(Is openssl-devel/libssl-dev installed?)) | |
156 | AC_MSG_RESULT([Building with openssl crypto library]) | |
0371b63b SB |
157 | LIBCRYPTO_LIBS=$(pkg-config --libs libcrypto) |
158 | AC_SUBST([LIBCRYPTO_LIBS]) | |
7849b6c6 | 159 | ;; |
3bbdd7bc | 160 | esac |
833a5416 | 161 | |
baecda40 SB |
162 | LIBTASN1_LIBS=$(pkg-config --libs libtasn1) |
163 | if test $? -ne 0; then | |
164 | AC_MSG_ERROR("Is libtasn1-devel installed? -- could not get libs for libtasn1") | |
165 | fi | |
166 | AC_SUBST([LIBTASN1_LIBS]) | |
f163b202 | 167 | |
3b33116d SB |
168 | PKG_CHECK_MODULES( |
169 | [LIBTPMS], | |
170 | [libtpms], | |
171 | , | |
172 | AC_MSG_ERROR("no libtpms.pc found; please set PKG_CONFIG_PATH to the directory where libtpms.pc is located") | |
173 | ) | |
8d086ee9 | 174 | LDFLAGS="$LDFLAGS $LIBTPMS_LIBS" |
b4374c33 | 175 | CFLAGS="$CFLAGS $LIBTPMS_CFLAGS" |
fbc596ab | 176 | AC_CHECK_LIB(tpms, |
b78b6af2 | 177 | TPMLIB_ChooseTPMVersion,[true], |
fbc596ab SB |
178 | AC_MSG_ERROR("libtpms 0.6 or later is required") |
179 | ) | |
baecda40 | 180 | AC_SUBST([LIBTPMS_LIBS]) |
f163b202 | 181 | |
5478de0a SB |
182 | AC_CHECK_LIB(c, clock_gettime, LIBRT_LIBS="", LIBRT_LIBS="-lrt") |
183 | AC_SUBST([LIBRT_LIBS]) | |
184 | ||
cc410ca9 SB |
185 | AC_PATH_PROG([TCSD], tcsd) |
186 | if test "x$TCSD" = "x"; then | |
64faf455 | 187 | have_tcsd=no |
cc410ca9 | 188 | AC_MSG_WARN([tcsd could not be found; typically need it for tss user account and tests]) |
ef606d4a SB |
189 | else |
190 | have_tcsd=yes | |
191 | fi | |
64faf455 | 192 | AM_CONDITIONAL([HAVE_TCSD], test "$have_tcsd" != "no") |
e46a2b66 | 193 | |
d4c60e44 | 194 | dnl We either need netstat (more common across systems) or 'ss' for test cases |
5cd844d0 | 195 | AC_PATH_PROG([NETSTAT], [netstat]) |
d4c60e44 SB |
196 | if test "x$NETSTAT" = "x"; then |
197 | AC_PATH_PROG([SS], [ss]) | |
198 | if test "x$SS" = "x"; then | |
199 | AC_MSG_ERROR(['netstat' and 'ss' tools are missing for tests: net-tools OR iproute/iproute2 package]) | |
200 | fi | |
201 | fi | |
5cd844d0 | 202 | |
09d1a532 SB |
203 | AC_MSG_CHECKING([for whether to build with CUSE interface]) |
204 | AC_ARG_WITH([cuse], | |
b295c768 | 205 | AS_HELP_STRING([--with-cuse],[build with CUSE interface]), |
09d1a532 SB |
206 | [], |
207 | [with_cuse=check] | |
208 | ) | |
f163b202 | 209 | |
09d1a532 SB |
210 | if test "$with_cuse" != "no"; then |
211 | LIBFUSE_CFLAGS=$(pkg-config fuse --cflags 2>/dev/null) | |
212 | if test $? -ne 0; then | |
213 | if test "$with_cuse" = "yes"; then | |
214 | AC_MSG_ERROR("Is fuse-devel installed? -- could not get cflags for libfuse") | |
215 | else | |
216 | with_cuse=no | |
217 | fi | |
218 | else | |
219 | with_cuse=yes | |
220 | fi | |
498433f7 | 221 | fi |
09d1a532 | 222 | |
c125e34b SB |
223 | JSON_GLIB_CFLAGS=$(pkg-config --cflags json-glib-1.0) |
224 | if test $? -ne 0; then | |
225 | AC_MSG_ERROR("Is libjson-glib-dev/json-glib-devel installed? -- could not get cflags") | |
226 | fi | |
227 | AC_SUBST([JSON_GLIB_CFLAGS]) | |
228 | ||
229 | JSON_GLIB_LIBS=$(pkg-config --libs json-glib-1.0) | |
230 | if test $? -ne 0; then | |
231 | AC_MSG_ERROR("Is libjson-glib-dev/json-glib-devel installed? -- could not get libs") | |
232 | fi | |
233 | AC_SUBST([JSON_GLIB_LIBS]) | |
234 | ||
235 | GLIB_CFLAGS=$(pkg-config --cflags glib-2.0) | |
236 | if test $? -ne 0; then | |
237 | AC_MSG_ERROR("Is libglib-2.0-dev/glib2-devel installed? -- could not get cflags") | |
238 | fi | |
239 | AC_SUBST([GLIB_CFLAGS]) | |
240 | ||
241 | GLIB_LIBS=$(pkg-config --libs glib-2.0) | |
242 | if test $? -ne 0; then | |
4e1ce735 | 243 | AC_MSG_ERROR("Is libglib-2.0-dev/glib2-devel installed? -- could not get libs") |
c125e34b SB |
244 | fi |
245 | AC_SUBST([GLIB_LIBS]) | |
246 | ||
09d1a532 SB |
247 | dnl with_cuse is now yes or no |
248 | if test "$with_cuse" != "no"; then | |
249 | LIBFUSE_LIBS=$(pkg-config fuse --libs) | |
250 | if test $? -ne 0; then | |
251 | AC_MSG_ERROR("Is fuse-devel installed? -- could not get libs for libfuse") | |
252 | fi | |
253 | AC_SUBST([LIBFUSE_CFLAGS]) | |
254 | AC_SUBST([LIBFUSE_LIBS]) | |
255 | AC_DEFINE_UNQUOTED([WITH_CUSE], 1, | |
256 | [whether to build with CUSE interface]) | |
ebf1557d | 257 | |
ebf1557d SB |
258 | GTHREAD_LIBS=$(pkg-config --libs gthread-2.0) |
259 | if test $? -ne 0; then | |
260 | AC_MSG_ERROR("Is glib-2.0 installed? -- could not get libs for gthread-2.0") | |
261 | fi | |
262 | AC_SUBST([GTHREAD_LIBS]) | |
baecda40 | 263 | fi |
09d1a532 SB |
264 | AM_CONDITIONAL([WITH_CUSE],[test "$with_cuse" = "yes"]) |
265 | AC_MSG_RESULT($with_cuse) | |
f163b202 | 266 | |
498433f7 SB |
267 | AC_MSG_CHECKING([for whether to build with chardev interface]) |
268 | case $host_os in | |
269 | linux-*) | |
270 | with_chardev=yes | |
271 | AC_DEFINE_UNQUOTED([WITH_CHARDEV], 1, | |
272 | [whether to build with chardev interface]) | |
273 | ;; | |
274 | *) | |
275 | with_chardev=no | |
276 | esac | |
277 | AM_CONDITIONAL([WITH_CHARDEV],[test "$with_chardev" = "yes"]) | |
b7f55fd0 | 278 | AC_MSG_RESULT($with_chardev) |
498433f7 | 279 | |
10002933 | 280 | AC_ARG_WITH([gnutls], |
b295c768 | 281 | AS_HELP_STRING([--with-gnutls],[build with gnutls library]), |
10002933 SB |
282 | [], |
283 | [with_gnutls=check] | |
284 | ) | |
285 | ||
e46a2b66 SB |
286 | if test "x$with_gnutls" != "xno"; then |
287 | GNUTLS_LDFLAGS=$(pkg-config --libs gnutls) | |
288 | if test $? -ne 0; then | |
33be7be2 | 289 | if test "x$with_gnutls" = "xyes"; then |
e46a2b66 SB |
290 | AC_MSG_ERROR("Is gnutls installed? -- could not get libs for gnutls") |
291 | else | |
292 | with_gnutls=no | |
293 | fi | |
294 | fi | |
295 | fi | |
f163b202 | 296 | |
1828edee | 297 | if test "x$with_gnutls" != "xno"; then |
e9fd0142 SB |
298 | AC_PATH_PROG([GNUTLS_CERTTOOL], certtool) |
299 | if test "x$GNUTLS_CERTTOOL" = "x"; then | |
300 | if test "x$with_gnutls" = "xyes"; then | |
301 | AC_MSG_ERROR("Could not find certtool. Is gnutls-utils/gnutls-bin installed?") | |
302 | else | |
303 | with_gnutls=no | |
304 | fi | |
305 | fi | |
306 | dnl certtool changed how it takes private key passwords | |
307 | dnl 3.3.29 is too old (RHEL 7); we need at least gnutls 3.4.0 | |
308 | AC_MSG_CHECKING([for gnutls 3.4.0 or later]) | |
309 | $(pkg-config gnutls --atleast-version=3.4.0) | |
310 | if test $? -ne 0; then | |
311 | AC_MSG_ERROR([gnutls 3.4.0 is required]) | |
312 | fi | |
313 | AC_MSG_RESULT([yes]) | |
1828edee SB |
314 | fi |
315 | ||
e46a2b66 | 316 | if test "x$with_gnutls" != "xno"; then |
571a8eed | 317 | ORIG_CFLAGS="$CFLAGS" |
baecda40 | 318 | GNUTLS_CFLAGS=$(pkg-config gnutls --cflags) |
571a8eed | 319 | CFLAGS="$CFLAGS $GNUTLS_CFLAGS $GNUTLS_LDFLAGS" |
10002933 | 320 | AC_CHECK_LIB([gnutls], [gnutls_load_file], [ |
e735328e | 321 | GNUTLS_LIBS=$(pkg-config gnutls --libs) |
baecda40 | 322 | ], |
33be7be2 | 323 | [if test "x$with_gnutls" = "xyes"; then |
e46a2b66 SB |
324 | AC_MSG_ERROR([GNUTLS >= 3.1.0 library not found: libgnutls.so]) |
325 | else | |
326 | with_gnutls="no" | |
327 | fi]) | |
571a8eed | 328 | CFLAGS="$ORIG_CFLAGS" |
e46a2b66 SB |
329 | fi |
330 | ||
331 | if test "x$with_gnutls" != "xno"; then | |
571a8eed SB |
332 | ORIG_CFLAGS="$CFLAGS" |
333 | CFLAGS="$CFLAGS $GNUTLS_CFLAGS" | |
e46a2b66 | 334 | AC_CHECK_HEADER(gnutls/abstract.h, [], \ |
33be7be2 | 335 | [if test "x$with_gnutls" = "xyes"; then |
e46a2b66 SB |
336 | AC_MSG_ERROR([GNUTLS >= 3.1.0 library header not found: gnutls/abstract.h]) |
337 | else | |
338 | with_gnutls="no" | |
339 | fi]) | |
571a8eed | 340 | CFLAGS="$ORIG_CFLAGS" |
e46a2b66 SB |
341 | fi |
342 | ||
343 | if test "x$with_gnutls" != "xno"; then | |
344 | with_gnutls="yes" | |
345 | fi | |
33be7be2 | 346 | AM_CONDITIONAL([WITH_GNUTLS], [test "x$with_gnutls" = "xyes"]) |
baecda40 | 347 | AC_SUBST([GNUTLS_LIBS]) |
f163b202 | 348 | |
df4046d0 SB |
349 | DEFAULT_PCR_BANKS="sha256" |
350 | AC_ARG_ENABLE([default-pcr-banks], | |
351 | AS_HELP_STRING( | |
352 | [--enable-default-pcr-banks=list of PCR banks], | |
353 | [Have swtpm_setup activate the given PCR banks by default; | |
354 | default is sha256] | |
355 | ), | |
356 | [], | |
357 | [] | |
358 | ) | |
359 | ||
360 | if test "x$enable_default_pcr_banks" != "x"; then | |
361 | DEFAULT_PCR_BANKS="$enable_default_pcr_banks" | |
362 | fi | |
363 | AC_MSG_CHECKING([which PCR banks to activate by default]) | |
9726af51 SB |
364 | REGEX="^(sha1|sha256|sha384|sha512)(,(sha1|sha256|sha384|sha512)){0,3}\$" |
365 | if bash -c "[[[ $DEFAULT_PCR_BANKS =~ $REGEX ]]] && exit 0 || exit 1"; then | |
df4046d0 SB |
366 | AC_MSG_RESULT([$DEFAULT_PCR_BANKS]) |
367 | else | |
368 | AC_MSG_ERROR([$DEFAULT_PCR_BANKS is an invalid list of PCR banks]) | |
369 | fi | |
370 | AC_SUBST([DEFAULT_PCR_BANKS]) | |
371 | ||
48abfbb1 | 372 | AC_PATH_PROG([EXPECT], expect) |
33be7be2 | 373 | if test "x$EXPECT" = "x"; then |
48abfbb1 SB |
374 | AC_MSG_ERROR([expect is required: expect package]) |
375 | fi | |
376 | ||
b080afb5 | 377 | AC_PATH_PROG([GAWK], gawk) |
33be7be2 | 378 | if test "x$GAWK" = "x"; then |
b080afb5 SB |
379 | AC_MSG_ERROR([gawk is required: gawk package]) |
380 | fi | |
381 | ||
8cb126e4 | 382 | AC_PATH_PROG([SOCAT], socat) |
33be7be2 | 383 | if test "x$SOCAT" = "x"; then |
8cb126e4 SB |
384 | AC_MSG_ERROR([socat is required: socat package]) |
385 | fi | |
386 | ||
cc410ca9 SB |
387 | AC_PATH_PROG([BASE64], base64) |
388 | if test "x$BASE64" = "x"; then | |
389 | AC_MSG_ERROR([base64 is required: base64 package]) | |
dbb399de SB |
390 | fi |
391 | ||
cc410ca9 SB |
392 | AC_PATH_PROG([CP], cp) |
393 | if test "x$CP" = "x"; then | |
394 | AC_MSG_ERROR([cp is required]) | |
395 | fi | |
396 | ||
397 | AM_PATH_PYTHON([3.3]) | |
398 | ||
5eeea357 SB |
399 | AC_ARG_ENABLE([hardening], |
400 | AS_HELP_STRING([--disable-hardening], [Disable hardening flags])) | |
a76b4eeb | 401 | |
5eeea357 | 402 | if test "x$enable_hardening" != "xno"; then |
8a05e8fd SB |
403 | # Some versions of gcc fail with -Wstack-protector, |
404 | # some with -Wstack-protector-strong enabled | |
405 | if ! $CC -fstack-protector-strong -Wstack-protector $srcdir/include/swtpm/tpm_ioctl.h 2>/dev/null; then | |
406 | if $CC -fstack-protector -Wstack-protector $srcdir/include/swtpm/tpm_ioctl.h 2>/dev/null; then | |
407 | HARDENING_CFLAGS="-fstack-protector -Wstack-protector" | |
408 | fi | |
5eeea357 | 409 | else |
5e73e324 | 410 | HARDENING_CFLAGS="-fstack-protector-strong -Wstack-protector" |
5eeea357 SB |
411 | fi |
412 | ||
413 | dnl Must not have -O0 but must have a -O for -D_FORTIFY_SOURCE=2 | |
414 | TMP1="$(echo $CFLAGS | sed -n 's/.*\(-O0\).*/\1/p')" | |
415 | TMP2="$(echo $CFLAGS | sed -n 's/.*\(-O\).*/\1/p')" | |
502cb112 | 416 | if test -z "$TMP1" && test -n "$TMP2"; then |
5e73e324 | 417 | HARDENING_CFLAGS="$HARDENING_CFLAGS -D_FORTIFY_SOURCE=2" |
5eeea357 | 418 | fi |
b381e1eb SB |
419 | dnl Check linker for 'relro' and 'now' |
420 | save_CFLAGS="$CFLAGS" | |
421 | CFLAGS="-Wl,-z,relro -Werror" | |
422 | AC_MSG_CHECKING([whether linker supports -Wl,-z,relro]) | |
2ba23cee | 423 | AC_LINK_IFELSE( |
b381e1eb | 424 | [AC_LANG_SOURCE([[int main() { return 0; }]])], |
0586d2f5 | 425 | [HARDENING_LDFLAGS="$HARDENING_LDFLAGS -Wl,-z,relro" |
b381e1eb SB |
426 | AC_MSG_RESULT(yes)], |
427 | [AC_MSG_RESULT(no)] | |
428 | ) | |
429 | CFLAGS="-Wl,-z,now -Werror" | |
430 | AC_MSG_CHECKING([whether linker supports -Wl,-z,now]) | |
2ba23cee | 431 | AC_LINK_IFELSE( |
b381e1eb | 432 | [AC_LANG_SOURCE([[int main() { return 0; }]])], |
0586d2f5 | 433 | [HARDENING_LDFLAGS="$HARDENING_LDFLAGS -Wl,-z,now" |
b381e1eb SB |
434 | AC_MSG_RESULT(yes)], |
435 | [AC_MSG_RESULT(no)] | |
436 | ) | |
437 | CFLAGS="$save_CFLAGS" | |
5eeea357 | 438 | AC_SUBST([HARDENING_CFLAGS]) |
0586d2f5 | 439 | AC_SUBST([HARDENING_LDFLAGS]) |
a76b4eeb | 440 | fi |
e6085e96 | 441 | |
b8421f3d SB |
442 | AC_ARG_ENABLE([test-coverage], |
443 | AS_HELP_STRING([--enable-test-coverage], [Enable test coverage flags])) | |
444 | ||
445 | if test "x$enable_test_coverage" = "xyes"; then | |
446 | COVERAGE_CFLAGS="-fprofile-arcs -ftest-coverage" | |
447 | COVERAGE_LDFLAGS="-fprofile-arcs" | |
448 | fi | |
449 | ||
0b9c2a05 ET |
450 | AC_ARG_ENABLE([sanitizers], |
451 | AS_HELP_STRING([--enable-sanitizers], [Enable address/undefined sanitizers])) | |
452 | ||
453 | if test "x$enable_sanitizers" = "xyes"; then | |
454 | save_CFLAGS="$CFLAGS" | |
455 | CFLAGS="-fsanitize=address,undefined -fno-omit-frame-pointer" | |
456 | AC_MSG_CHECKING([whether linker supports sanitizer]) | |
457 | AC_LINK_IFELSE( | |
458 | [AC_LANG_SOURCE([[int main() { return 0; }]])], | |
459 | [SANITIZER_CFLAGS="-fsanitize=address,undefined -fno-omit-frame-pointer" | |
460 | SANITIZER_LDFLAGS="-fsanitize=address,undefined" | |
461 | AC_MSG_RESULT(yes)], | |
462 | [AC_MSG_RESULT(no)] | |
463 | ) | |
464 | CFLAGS="$save_CFLAGS" | |
465 | fi | |
466 | ||
c4ac0a11 | 467 | AC_ARG_WITH([tss-user], |
b295c768 | 468 | AS_HELP_STRING([--with-tss-user=TSS_USER],[The tss user to use]), |
c4ac0a11 SB |
469 | [TSS_USER="$withval"], |
470 | [TSS_USER="tss"] | |
471 | ) | |
472 | ||
473 | AC_ARG_WITH([tss-group], | |
b295c768 | 474 | AS_HELP_STRING([--with-tss-group=TSS_GROUP],[The tss group to use]), |
c4ac0a11 SB |
475 | [TSS_GROUP="$withval"], |
476 | [TSS_GROUP="tss"] | |
477 | ) | |
aa88eebe SB |
478 | |
479 | case $have_tcsd in | |
480 | yes) | |
481 | AC_MSG_CHECKING([whether TSS_USER $TSS_USER is available]) | |
482 | if ! test $(id -u $TSS_USER); then | |
483 | AC_MSG_ERROR(["$TSS_USER is not available"]) | |
484 | else | |
485 | AC_MSG_RESULT([yes]) | |
486 | fi | |
487 | AC_MSG_CHECKING([whether TSS_GROUP $TSS_GROUP is available]) | |
488 | if ! test $(id -g $TSS_GROUP); then | |
489 | AC_MSG_ERROR(["$TSS_GROUP is not available"]) | |
490 | else | |
491 | AC_MSG_RESULT([yes]) | |
492 | fi | |
493 | ;; | |
494 | esac | |
495 | ||
c4ac0a11 SB |
496 | AC_SUBST([TSS_USER]) |
497 | AC_SUBST([TSS_GROUP]) | |
498 | ||
f163b202 SB |
499 | CFLAGS="$CFLAGS -Wreturn-type -Wsign-compare -Wswitch-enum" |
500 | CFLAGS="$CFLAGS -Wmissing-prototypes -Wall -Werror" | |
e6085e96 | 501 | CFLAGS="$CFLAGS -Wformat -Wformat-security" |
0b9c2a05 | 502 | CFLAGS="$CFLAGS $GNUTLS_CFLAGS $COVERAGE_CFLAGS $SANITIZER_CFLAGS" |
b8421f3d | 503 | |
0b9c2a05 | 504 | LDFLAGS="$LDFLAGS $COVERAGE_LDFLAGS $SANITIZER_LDFLAGS" |
f163b202 | 505 | |
f2458ef7 SB |
506 | dnl Simulate the following for systems with pkg-config < 0.28: |
507 | dnl PKG_CHECK_VAR([libtpms_cryptolib], [libtpms], [cryptolib], | |
508 | dnl [], AC_MSG_ERROR([Could not determine libtpms crypto library.])) | |
509 | PKG_PROG_PKG_CONFIG | |
510 | ||
511 | AC_MSG_CHECKING([Checking the crypto library libtpms is linked to]) | |
512 | libtpms_cryptolib=`$PKG_CONFIG --variable cryptolib libtpms` | |
33be7be2 | 513 | if test "x$libtpms_cryptolib" = "x"; then |
b4374c33 JB |
514 | AC_MSG_WARN([Could not determine the crypto library libtpms is using, assuming ${cryptolib}]) |
515 | libtpms_cryptolib=${cryptolib} | |
f2458ef7 SB |
516 | fi |
517 | AC_MSG_RESULT($libtpms_cryptolib) | |
86cc4527 SB |
518 | |
519 | if test "$libtpms_cryptolib" != "$cryptolib"; then | |
520 | echo "libtpms is using $libtpms_cryptolib; we have to use the same" | |
33be7be2 | 521 | if test "$cryptolib" = "openssl"; then |
86cc4527 SB |
522 | AC_MSG_ERROR([do not use --with-openssl]) |
523 | else | |
524 | AC_MSG_ERROR([use --with-openssl]) | |
525 | fi | |
526 | fi | |
527 | ||
c751e32e SB |
528 | with_vtpm_proxy=no |
529 | case $host_os in | |
f071d820 | 530 | linux-*) |
c751e32e SB |
531 | with_vtpm_proxy=yes |
532 | AC_DEFINE_UNQUOTED([WITH_VTPM_PROXY], 1, | |
533 | [whether to build in vTPM proxy support (Linux only)]) | |
534 | esac | |
535 | ||
6286beac SB |
536 | case $host_os in |
537 | cygwin) | |
538 | CFLAGS="$CFLAGS -D__USE_LINUX_IOCTL_DEFS" | |
539 | esac | |
540 | ||
761df6cd SB |
541 | dnl Seccomp profile using -lseccomp (Linux only) |
542 | case $host_os in | |
543 | linux-*) | |
544 | with_seccomp_default=yes | |
545 | ;; | |
546 | *) | |
547 | with_seccomp_default=no | |
548 | ;; | |
549 | esac | |
550 | ||
551 | AC_MSG_CHECKING([for whether to build with seccomp profile]) | |
552 | AC_ARG_WITH([seccomp], | |
b295c768 | 553 | AS_HELP_STRING([--with-seccomp],[build with seccomp profile]), |
0232f78f | 554 | AC_MSG_RESULT([$with_seccomp]), |
761df6cd | 555 | [with_seccomp=$with_seccomp_default] |
0232f78f | 556 | AC_MSG_RESULT([$with_seccomp]) |
761df6cd SB |
557 | ) |
558 | ||
559 | if test "$with_seccomp" != "no"; then | |
560 | LIBSECCOMP_CFLAGS=$(pkg-config libseccomp --cflags 2>/dev/null) | |
561 | if test $? -ne 0; then | |
562 | AC_MSG_ERROR("Is libseccomp-devel installed? -- could not get cflags for libseccomp") | |
563 | else | |
564 | with_libseccomp=yes | |
565 | fi | |
566 | LIBSECCOMP_LIBS=$(pkg-config --libs libseccomp) | |
567 | AC_SUBST([LIBSECCOMP_LIBS]) | |
568 | AC_SUBST([LIBSECCOMP_CFLAGS]) | |
569 | AC_DEFINE_UNQUOTED([WITH_SECCOMP], 1, | |
570 | [whether to build in seccomp profile (Linux only)]) | |
571 | fi | |
572 | ||
da733896 SB |
573 | MY_CFLAGS="$CFLAGS" |
574 | MY_LDFLAGS="$LDFLAGS" | |
575 | AC_SUBST([MY_CFLAGS]) | |
576 | AC_SUBST([MY_LDFLAGS]) | |
cbaf04b4 | 577 | |
44b92d43 SB |
578 | AC_CONFIG_FILES([Makefile \ |
579 | debian/swtpm-tools.postinst \ | |
4608cc33 | 580 | swtpm.spec \ |
e46a2b66 | 581 | samples/Makefile \ |
d16b86b7 | 582 | samples/swtpm-localca.conf \ |
a12b09b1 | 583 | samples/swtpm-create-user-config-files \ |
edfb8d8a | 584 | samples/swtpm_setup.conf \ |
f163b202 SB |
585 | include/Makefile \ |
586 | include/swtpm/Makefile \ | |
a1fa5d77 | 587 | include/swtpm.h \ |
f163b202 SB |
588 | src/Makefile \ |
589 | src/selinux/Makefile \ | |
590 | src/swtpm/Makefile \ | |
e46a2b66 SB |
591 | src/swtpm_bios/Makefile \ |
592 | src/swtpm_cert/Makefile \ | |
593 | src/swtpm_ioctl/Makefile \ | |
ddc75216 NC |
594 | src/swtpm_localca/Makefile \ |
595 | src/swtpm_localca/swtpm_localca_conf.h \ | |
e46a2b66 | 596 | src/swtpm_setup/Makefile \ |
c125e34b SB |
597 | src/swtpm_setup/swtpm_setup_conf.h \ |
598 | src/utils/Makefile \ | |
f163b202 | 599 | man/Makefile \ |
39d0c3de | 600 | man/man3/Makefile \ |
33aa1355 | 601 | man/man5/Makefile \ |
f163b202 | 602 | man/man8/Makefile \ |
e46a2b66 | 603 | tests/Makefile \ |
c4ac0a11 | 604 | tests/test_config \ |
10002933 | 605 | ]) |
fd00c5ff SB |
606 | AC_CONFIG_FILES([samples/swtpm-localca], |
607 | [chmod 755 samples/swtpm-localca]) | |
f163b202 SB |
608 | AC_OUTPUT |
609 | ||
e46a2b66 | 610 | echo |
c3fdf688 | 611 | printf "with_gnutls : %5s (no = swtpm_cert will NOT be built)\n" $with_gnutls |
040c7097 | 612 | printf "with_selinux : %5s (no = SELinux policy extensions will NOT be built)\n" $with_selinux |
c3fdf688 | 613 | printf "with_cuse : %5s (no = no CUSE interface)\n" $with_cuse |
498433f7 | 614 | printf "with_chardev : %5s (no = no chardev interface)\n" $with_chardev |
c751e32e | 615 | printf "with_vtpm_proxy : %5s (no = no vtpm proxy support; Linux only)\n" $with_vtpm_proxy |
761df6cd | 616 | printf "with_seccomp : %5s (no = no seccomp profile; Linux only)\n" $with_seccomp |
df4046d0 SB |
617 | printf "\n" |
618 | printf "active PCR banks : %s\n" $DEFAULT_PCR_BANKS | |
e46a2b66 | 619 | echo |
040c7097 SB |
620 | echo "Version to build : $PACKAGE_VERSION" |
621 | echo "Crypto library : $cryptolib" | |
10002933 | 622 | echo |
da733896 | 623 | echo " MY_CFLAGS = $MY_CFLAGS" |
b5701034 SB |
624 | echo " HARDENING_CFLAGS = $HARDENING_CFLAGS" |
625 | echo "HARDENING_LDFLAGS = $HARDENING_LDFLAGS" | |
da733896 | 626 | echo " MY_LDFLAGS = $MY_LDFLAGS" |
b5701034 SB |
627 | echo " LIBSECCOMP_LIBS = $LIBSECCOMP_LIBS" |
628 | echo " JSON_GLIB_CFLAGS = $JSON_GLIB_CFLAGS" | |
629 | echo " JSON_GLIB_LIBS = $JSON_GLIB_LIBS" | |
630 | echo " GLIB_CFLAGS = $GLIB_CFLAGS" | |
631 | echo " GLIB_LIBS = $GLIB_LIBS" | |
e735328e | 632 | echo " GNUTLS_LIBS = $GNUTLS_LIBS" |
c4ac0a11 SB |
633 | echo |
634 | echo "TSS_USER=$TSS_USER" | |
635 | echo "TSS_GROUP=$TSS_GROUP" | |
636 | echo |