]> git.proxmox.com Git - swtpm.git/blob - configure.ac
projects / swtpm.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
build-sys: Support --disable-hardening as an option
[swtpm.git] / configure.ac
1 #
2 # configure.ac
3 #
4 # The Initial Developer of the Original Code is International
5 # Business Machines Corporation. Portions created by IBM
6 # Corporation are Copyright (C) 2014 International Business
7 # Machines Corporation. All Rights Reserved.
8 #
9 # This program is free software; you can redistribute it and/or modify
10 # it under the terms of the Common Public License as published by
11 # IBM Corporation; either version 1 of the License, or (at your option)
12 # any later version.
13 #
14 # This program is distributed in the hope that it will be useful,
15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 # Common Public License for more details.
18 #
19 # You should have received a copy of the Common Public License
20 # along with this program; if not, a copy can be viewed at
21 # http://www.opensource.org/licenses/cpl1.0.php.
22 #
23 # This file is derived from tpm-tool's configure.in.
24 #
25
26 AC_INIT(swtpm, 0.1.0)
27 AC_PREREQ(2.12)
28 AC_CONFIG_SRCDIR(Makefile.am)
29 AC_CONFIG_HEADER(config.h)
30
31 SWTPM_VER_MAJOR=`echo $PACKAGE_VERSION | cut -d "." -f1`
32 SWTPM_VER_MINOR=`echo $PACKAGE_VERSION | cut -d "." -f2`
33 SWTPM_VER_MICRO=`echo $PACKAGE_VERSION | cut -d "." -f3`
34
35 AC_SUBST([SWTPM_VER_MAJOR])
36 AC_SUBST([SWTPM_VER_MINOR])
37 AC_SUBST([SWTPM_VER_MICRO])
38
39 dnl Check for programs
40 AC_PROG_CC
41 AC_PROG_INSTALL
42 AC_PROG_LN_S
43 LT_INIT
44
45 AC_CONFIG_MACRO_DIR([m4])
46 AC_CANONICAL_TARGET
47 AC_CANONICAL_HOST
48 AM_INIT_AUTOMAKE([foreign 1.6])
49
50 DEBUG=""
51 AC_MSG_CHECKING([for debug-enabled build])
52 AC_ARG_ENABLE(debug, AC_HELP_STRING([--enable-debug], [create a debug build]),
53 [if test "$enableval" = "yes"; then
54 DEBUG="yes"
55 AC_MSG_RESULT([yes])
56 else
57 DEBUG="no"
58 AC_MSG_RESULT([no])
59 fi],
60 [DEBUG="no",
61 AC_MSG_RESULT([no])])
62
63 # If the user has not set CFLAGS, do something appropriate
64 test_CFLAGS=${CFLAGS+set}
65 if test "$test_CFLAGS" != set; then
66 if test "$DEBUG" = "yes"; then
67 CFLAGS="-O0 -g -DDEBUG"
68 else
69 CFLAGS="-g -O2"
70 fi
71 elif test "$DEBUG" = "yes"; then
72 CFLAGS="$CFLAGS -O0 -g -DDEBUG"
73 fi
74
75 AC_HEADER_STDC
76 AC_C_CONST
77 AC_C_INLINE
78
79 AC_TYPE_SIZE_T
80 AC_TYPE_SIGNAL
81
82 AC_PROG_CC
83 AC_PROG_INSTALL
84 AC_PROG_MKDIR_P
85
86 AC_ARG_WITH([selinux],
87 AS_HELP_STRING([--with-selinux],
88 [add SELinux policy extensions @<:@default=check@:>@]))
89 m4_divert_text([DEFAULTS], [with_selinux=check])
90
91 dnl Check for SELinux policy support
92
93 if test "$with_selinux" != "no"; then
94 if test "$with_selinux" = "check" || test "$with_selinux" = "yes"; then
95 if ! test -f /usr/share/selinux/devel/Makefile; then
96 if test "$with_selinux" = "yes"; then
97 AC_MSG_ERROR("Is selinux-policy-devel installed?")
98 else
99 with_selinux="no"
100 fi
101 fi
102 AC_PATH_PROG([SEMODULE], semodule)
103 if test "x$SEMODULE" = "x"; then
104 if test "$with_selinux" = "yes"; then
105 AC_MSG_ERROR("Is selinux-policy-devel installed?")
106 else
107 with_selinux="no"
108 fi
109 fi
110 if test "$with_selinux" = "check"; then
111 with_selinux="yes"
112 fi
113 fi
114 fi
115 AM_CONDITIONAL([WITH_SELINUX], [test "x$with_selinux" = "xyes"])
116
117 if test "$prefix" = "/usr" && test "$sysconfdir" = '${prefix}/etc'; then
118 sysconfdir="/etc"
119 fi
120 if test "$prefix" = "" && test "$datarootdir" = '${prefix}/share'; then
121 datarootdir="/usr/share"
122 fi
123
124 cryptolib=openssl
125
126 AC_ARG_WITH([openssl],
127 [AS_HELP_STRING([--with-openssl],
128 [build with openssl library])],
129 [],
130 [])
131
132 case "$cryptolib" in
133 openssl)
134 AC_CHECK_LIB(crypto,
135 [AES_set_encrypt_key],
136 [],
137 AC_MSG_ERROR(Faulty openssl crypto library))
138 AC_CHECK_HEADERS([openssl/aes.h],[],
139 AC_MSG_ERROR(Is openssl-devel/libssl-dev installed?))
140 AC_MSG_RESULT([Building with openssl crypto library])
141 ;;
142 esac
143
144 LIBTASN1_LIBS=$(pkg-config --libs libtasn1)
145 if test $? -ne 0; then
146 AC_MSG_ERROR("Is libtasn1-devel installed? -- could not get libs for libtasn1")
147 fi
148 AC_SUBST([LIBTASN1_LIBS])
149
150 LIBTPMS_LIBS=$(pkg-config --libs libtpms)
151 if test $? -ne 0; then
152 AC_MSG_ERROR("Is libtpms-devel installed? -- could not get libs for libtpms")
153 fi
154 AC_CHECK_LIB(tpms,
155 TPMLIB_ChooseTPMVersion,,
156 AC_MSG_ERROR("libtpms 0.6 or later is required")
157 )
158 AC_SUBST([LIBTPMS_LIBS])
159
160 AC_CHECK_LIB(c, clock_gettime, LIBRT_LIBS="", LIBRT_LIBS="-lrt")
161 AC_SUBST([LIBRT_LIBS])
162
163 AC_PATH_PROG([TPM_NVDEFINE], tpm_nvdefine)
164 case $host_os in
165 linux-*)
166 if test "x$TPM_NVDEFINE" = "x"; then
167 AC_MSG_ERROR([NVRAM area tools are needed: tpm-tools package])
168 fi
169 have_tcsd=yes
170 ;;
171 *)
172 have_tcsd=no
173 esac
174 with_swtpm_setup=yes
175 AM_CONDITIONAL([HAVE_TCSD], test "$have_tcsd" != "no")
176
177 dnl If we have the tcsd package, we can build swtpm_setup, but need netstat also
178 AC_PATH_PROG([NETSTAT], [netstat])
179 case $host_os in
180 linux-*)
181 if test "x$NETSTAT" = "x" && test "have_tcsd" != "no"; then
182 AC_MSG_ERROR([netstat tool is missing for tests: net-tools package])
183 fi
184 ;;
185 esac
186
187 AC_MSG_CHECKING([for whether to build with CUSE interface])
188 AC_ARG_WITH([cuse],
189 AC_HELP_STRING([--with-cuse],
190 [build with CUSE interface]),
191 [],
192 [with_cuse=check]
193 )
194
195 if test "$with_cuse" != "no"; then
196 LIBFUSE_CFLAGS=$(pkg-config fuse --cflags 2>/dev/null)
197 if test $? -ne 0; then
198 if test "$with_cuse" = "yes"; then
199 AC_MSG_ERROR("Is fuse-devel installed? -- could not get cflags for libfuse")
200 else
201 with_cuse=no
202 fi
203 else
204 with_cuse=yes
205 fi
206 fi
207
208 dnl with_cuse is now yes or no
209 if test "$with_cuse" != "no"; then
210 LIBFUSE_LIBS=$(pkg-config fuse --libs)
211 if test $? -ne 0; then
212 AC_MSG_ERROR("Is fuse-devel installed? -- could not get libs for libfuse")
213 fi
214 AC_SUBST([LIBFUSE_CFLAGS])
215 AC_SUBST([LIBFUSE_LIBS])
216 AC_DEFINE_UNQUOTED([WITH_CUSE], 1,
217 [whether to build with CUSE interface])
218
219 GLIB_CFLAGS=$(pkg-config --cflags glib-2.0)
220 if test $? -ne 0; then
221 AC_MSG_ERROR("Is glib-2.0 installed? -- could not get cflags")
222 fi
223 AC_SUBST([GLIB_CFLAGS])
224
225 GLIB_LIBS=$(pkg-config --libs glib-2.0)
226 if test $? -ne 0; then
227 AC_MSG_ERROR("Is glib-2.0 installed? -- could not get libs")
228 fi
229 AC_SUBST([GLIB_LIBS])
230
231 GTHREAD_LIBS=$(pkg-config --libs gthread-2.0)
232 if test $? -ne 0; then
233 AC_MSG_ERROR("Is glib-2.0 installed? -- could not get libs for gthread-2.0")
234 fi
235 AC_SUBST([GTHREAD_LIBS])
236 fi
237 AM_CONDITIONAL([WITH_CUSE],[test "$with_cuse" = "yes"])
238 AC_MSG_RESULT($with_cuse)
239
240 AC_MSG_CHECKING([for whether to build with chardev interface])
241 case $host_os in
242 linux-*)
243 with_chardev=yes
244 AC_DEFINE_UNQUOTED([WITH_CHARDEV], 1,
245 [whether to build with chardev interface])
246 ;;
247 *)
248 with_chardev=no
249 esac
250 AM_CONDITIONAL([WITH_CHARDEV],[test "$with_chardev" = "yes"])
251 AC_MSG_RESULT($with_cuse)
252
253 AC_ARG_WITH([gnutls],
254 AC_HELP_STRING([--with-gnutls],
255 [build with gnutls library]),
256 [],
257 [with_gnutls=check]
258 )
259
260 if test "x$with_gnutls" != "xno"; then
261 GNUTLS_LDFLAGS=$(pkg-config --libs gnutls)
262 if test $? -ne 0; then
263 if test "x$with_gnutls" = "xyes"; then
264 AC_MSG_ERROR("Is gnutls installed? -- could not get libs for gnutls")
265 else
266 with_gnutls=no
267 fi
268 fi
269 fi
270
271 if test "x$with_gnutls" != "xno"; then
272 AC_PATH_PROG([GNUTLS_CERTTOOL], certtool)
273 if test "x$GNUTLS_CERTTOOL" = "x"; then
274 if test "x$with_gnutls" = "xyes"; then
275 AC_MSG_ERROR("Could not find certtool. Is gnutls-utils/gnutls-bin installed?")
276 else
277 with_gnutls=no
278 fi
279 fi
280 fi
281
282 if test "x$with_gnutls" != "xno"; then
283 ORIG_CFLAGS="$CFLAGS"
284 GNUTLS_CFLAGS=$(pkg-config gnutls --cflags)
285 CFLAGS="$CFLAGS $GNUTLS_CFLAGS $GNUTLS_LDFLAGS"
286 AC_CHECK_LIB([gnutls], [gnutls_load_file], [
287 GNUTLS_LIBS=-lgnutls
288 ],
289 [if test "x$with_gnutls" = "xyes"; then
290 AC_MSG_ERROR([GNUTLS >= 3.1.0 library not found: libgnutls.so])
291 else
292 with_gnutls="no"
293 fi])
294 CFLAGS="$ORIG_CFLAGS"
295 fi
296
297 if test "x$with_gnutls" != "xno"; then
298 ORIG_CFLAGS="$CFLAGS"
299 CFLAGS="$CFLAGS $GNUTLS_CFLAGS"
300 AC_CHECK_HEADER(gnutls/abstract.h, [], \
301 [if test "x$with_gnutls" = "xyes"; then
302 AC_MSG_ERROR([GNUTLS >= 3.1.0 library header not found: gnutls/abstract.h])
303 else
304 with_gnutls="no"
305 fi])
306 CFLAGS="$ORIG_CFLAGS"
307 fi
308
309 if test "x$with_gnutls" != "xno"; then
310 with_gnutls="yes"
311 fi
312 AM_CONDITIONAL([WITH_GNUTLS], [test "x$with_gnutls" = "xyes"])
313 AC_SUBST([GNUTLS_LIBS])
314
315 AC_PATH_PROG([EXPECT], expect)
316 if test "x$EXPECT" = "x"; then
317 AC_MSG_ERROR([expect is required: expect package])
318 fi
319
320 AC_PATH_PROG([GAWK], gawk)
321 if test "x$GAWK" = "x"; then
322 AC_MSG_ERROR([gawk is required: gawk package])
323 fi
324
325 AC_PATH_PROG([SOCAT], socat)
326 if test "x$SOCAT" = "x"; then
327 AC_MSG_ERROR([socat is required: socat package])
328 fi
329
330 AC_PATH_PROG([PYTHON], python3)
331 if test "x$PYTHON" = "x"; then
332 AC_MSG_ERROR([python3 is required])
333 fi
334
335 AC_ARG_ENABLE([hardening],
336 AS_HELP_STRING([--disable-hardening], [Disable hardening flags]))
337
338 if test "x$enable_hardening" != "xno"; then
339 TMP="$($CC -fstack-protector-strong $srcdir/include/swtpm/tpm_ioctl.h 2>&1)"
340 if echo $TMP | $GREP 'unrecognized command line option' >/dev/null; then
341 HARDENING_CFLAGS="-fstack-protector -Wstack-protector "
342 else
343 HARDENING_CFLAGS="-fstack-protector-strong -Wstack-protector "
344 fi
345
346 dnl Must not have -O0 but must have a -O for -D_FORTIFY_SOURCE=2
347 TMP1="$(echo $CFLAGS | sed -n 's/.*\(-O0\).*/\1/p')"
348 TMP2="$(echo $CFLAGS | sed -n 's/.*\(-O\).*/\1/p')"
349 if test -z "$TMP1" && test -n "$TPM2"; then
350 HARDENING_CFLAGS="$HARDENING_CFLAGS -D_FORTIFY_SOURCE=2 "
351 fi
352 dnl Check ld for 'relro' and 'now'
353 if $LD --help 2>&1 | $GREP '\-z relro ' > /dev/null; then
354 HARDENING_CFLAGS="$HARDENING_CFLAGS -Wl,-z,relro "
355 fi
356 if $LD --help 2>&1 | $GREP '\-z now ' > /dev/null; then
357 HARDENING_CFLAGS="$HARDENING_CFLAGS -Wl,-z,now "
358 fi
359 AC_SUBST([HARDENING_CFLAGS])
360 fi
361
362 AC_ARG_WITH([tss-user],
363 AC_HELP_STRING([--with-tss-user=TSS_USER],
364 [The tss user to use]),
365 [TSS_USER="$withval"],
366 [TSS_USER="tss"]
367 )
368
369 AC_ARG_WITH([tss-group],
370 AC_HELP_STRING([--with-tss-group=TSS_GROUP],
371 [The tss group to use]),
372 [TSS_GROUP="$withval"],
373 [TSS_GROUP="tss"]
374 )
375 AC_SUBST([TSS_USER])
376 AC_SUBST([TSS_GROUP])
377
378 CFLAGS="$CFLAGS -Wreturn-type -Wsign-compare -Wswitch-enum"
379 CFLAGS="$CFLAGS -Wmissing-prototypes -Wall -Werror"
380 CFLAGS="$CFLAGS -Wformat -Wformat-security"
381 CFLAGS="$CFLAGS $GNUTLS_CFLAGS"
382
383 dnl Simulate the following for systems with pkg-config < 0.28:
384 dnl PKG_CHECK_VAR([libtpms_cryptolib], [libtpms], [cryptolib],
385 dnl [], AC_MSG_ERROR([Could not determine libtpms crypto library.]))
386 PKG_PROG_PKG_CONFIG
387
388 AC_MSG_CHECKING([Checking the crypto library libtpms is linked to])
389 libtpms_cryptolib=`$PKG_CONFIG --variable cryptolib libtpms`
390 if test "x$libtpms_cryptolib" = "x"; then
391 AC_MSG_ERROR([Could not determine the crypto library libtpms is using])
392 fi
393 AC_MSG_RESULT($libtpms_cryptolib)
394
395 if test "$libtpms_cryptolib" != "$cryptolib"; then
396 echo "libtpms is using $libtpms_cryptolib; we have to use the same"
397 if test "$cryptolib" = "openssl"; then
398 AC_MSG_ERROR([do not use --with-openssl])
399 else
400 AC_MSG_ERROR([use --with-openssl])
401 fi
402 fi
403
404 with_vtpm_proxy=no
405 case $host_os in
406 linux-*)
407 with_vtpm_proxy=yes
408 AC_DEFINE_UNQUOTED([WITH_VTPM_PROXY], 1,
409 [whether to build in vTPM proxy support (Linux only)])
410 esac
411
412 case $host_os in
413 cygwin)
414 CFLAGS="$CFLAGS -D__USE_LINUX_IOCTL_DEFS"
415 esac
416
417 AC_CONFIG_FILES([Makefile \
418 dist/swtpm.spec \
419 etc/Makefile \
420 samples/Makefile \
421 include/Makefile \
422 include/swtpm/Makefile \
423 include/swtpm.h \
424 src/Makefile \
425 src/selinux/Makefile \
426 src/swtpm/Makefile \
427 src/swtpm_bios/Makefile \
428 src/swtpm_cert/Makefile \
429 src/swtpm_ioctl/Makefile \
430 src/swtpm_setup/Makefile \
431 src/swtpm_setup/swtpm_setup.h \
432 man/Makefile \
433 man/man3/Makefile \
434 man/man8/Makefile \
435 tests/Makefile \
436 tests/test_config \
437 ])
438 AC_CONFIG_FILES([src/swtpm_setup/swtpm_setup.sh],
439 [chmod 755 src/swtpm_setup/swtpm_setup.sh])
440 AC_OUTPUT
441
442 echo
443 printf "with_gnutls : %5s (no = swtpm_cert will NOT be built)\n" $with_gnutls
444 printf "with_selinux : %5s (no = SELinux policy extenions will NOT be built)\n" $with_selinux
445 printf "with_cuse : %5s (no = no CUSE interface)\n" $with_cuse
446 printf "with_chardev : %5s (no = no chardev interface)\n" $with_chardev
447 printf "with_swtpm_setup: %5s (no = swtpm_setup will NOT be built)\n" $with_swtpm_setup
448 printf "with_vtpm_proxy : %5s (no = no vtpm proxy support; Linux only)\n" $with_vtpm_proxy
449 echo
450 echo "cryptolib: $cryptolib"
451 echo
452 echo "CFLAGS=$CFLAGS"
453 echo "HARDENING_CFLAGS=$HARDENING_CFLAGS"
454 echo "LDFLAGS=$LDFLAGS"
455 echo
456 echo "TSS_USER=$TSS_USER"
457 echo "TSS_GROUP=$TSS_GROUP"
458 echo
Software TPM used for PVE's Virtual Machines