configure.ac

   1 #
   2 # configure.ac
   3 #
   4 #       The Initial Developer of the Original Code is International
   5 #       Business Machines Corporation. Portions created by IBM
   6 #       Corporation are Copyright (C) 2014 International Business
   7 #       Machines Corporation. All Rights Reserved.
   8 #
   9 #       This program is free software; you can redistribute it and/or modify
  10 #       it under the terms of the Common Public License as published by
  11 #       IBM Corporation; either version 1 of the License, or (at your option)
  12 #       any later version.
  13 #
  14 #       This program is distributed in the hope that it will be useful,
  15 #       but WITHOUT ANY WARRANTY; without even the implied warranty of
  16 #       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17 #       Common Public License for more details.
  18 #
  19 #       You should have received a copy of the Common Public License
  20 #       along with this program; if not, a copy can be viewed at
  21 #       http://www.opensource.org/licenses/cpl1.0.php.
  22 #
  23 #       This file is derived from tpm-tool's configure.in.
  24 #
  25
  26 AC_INIT(swtpm, 0.1.0)
  27 AC_PREREQ(2.12)
  28 AC_CONFIG_SRCDIR(Makefile.am)
  29 AC_CONFIG_HEADER(config.h)
  30
  31 SWTPM_VER_MAJOR=`echo $PACKAGE_VERSION | cut -d "." -f1`
  32 SWTPM_VER_MINOR=`echo $PACKAGE_VERSION | cut -d "." -f2`
  33 SWTPM_VER_MICRO=`echo $PACKAGE_VERSION | cut -d "." -f3`
  34
  35 AC_SUBST([SWTPM_VER_MAJOR])
  36 AC_SUBST([SWTPM_VER_MINOR])
  37 AC_SUBST([SWTPM_VER_MICRO])
  38
  39 dnl Check for programs
  40 AC_PROG_CC
  41 AC_PROG_INSTALL
  42 AC_PROG_LN_S
  43 AC_PROG_LIBTOOL
  44
  45 AC_CONFIG_MACRO_DIR([m4])
  46 AC_CANONICAL_TARGET
  47 AC_CANONICAL_HOST
  48 AM_INIT_AUTOMAKE([foreign 1.6])
  49
  50 DEBUG=""
  51 AC_MSG_CHECKING([for debug-enabled build])
  52 AC_ARG_ENABLE(debug, AC_HELP_STRING([--enable-debug], [create a debug build]),
  53   [if test "$enableval" = "yes"; then
  54      DEBUG="yes"
  55      AC_MSG_RESULT([yes])
  56    else
  57      DEBUG="no"
  58      AC_MSG_RESULT([no])
  59    fi],
  60   [DEBUG="no",
  61    AC_MSG_RESULT([no])])
  62
  63 # If the user has not set CFLAGS, do something appropriate
  64 test_CFLAGS=${CFLAGS+set}
  65 if test "$test_CFLAGS" != set; then
  66         if test "$DEBUG" == "yes"; then
  67                 CFLAGS="-O0 -g -DDEBUG"
  68         else
  69                 CFLAGS="-g -O2"
  70         fi
  71 elif test "$DEBUG" == "yes"; then
  72         CFLAGS="$CFLAGS -O0 -g -DDEBUG"
  73 fi
  74
  75 AC_HEADER_STDC
  76 AC_C_CONST
  77 AC_C_INLINE
  78
  79 AC_TYPE_SIZE_T
  80 AC_TYPE_SIGNAL
  81
  82 AC_PROG_CC
  83 AC_PROG_INSTALL
  84 AC_PROG_MKDIR_P
  85
  86 AC_ARG_WITH([selinux],
  87    AS_HELP_STRING([--with-selinux],
  88       [add SELinux policy extensions @<:@default=check@:>@]))
  89 m4_divert_text([DEFAULTS], [with_selinux=check])
  90
  91 dnl Check for SELinux policy support
  92
  93 if test "$with_selinux" != "no"; then
  94     if test "$with_selinux" = "check" || test "$with_selinux" = "yes"; then
  95         if ! test -f /usr/share/selinux/devel/Makefile; then
  96             if test "$with_selinux" = "yes"; then
  97                 AC_MSG_ERROR("Is selinux-policy-devel installed?")
  98             else
  99                 with_selinux="no"
 100             fi
 101         fi
 102         AC_PATH_PROG([SEMODULE], semodule)
 103         if test "x$SEMODULE" == "x"; then
 104             if test "$with_selinux" = "yes"; then
 105                 AC_MSG_ERROR("Is selinux-policy-devel installed?")
 106             else
 107                 with_selinux="no"
 108             fi
 109         fi
 110         if test "$with_selinux" = "check"; then
 111             with_selinux="yes"
 112         fi
 113     fi
 114 fi
 115 AM_CONDITIONAL([WITH_SELINUX], [test "x$with_selinux" == "xyes"])
 116
 117 GLIB_CFLAGS=$(pkg-config --cflags glib-2.0)
 118 if test $? -ne 0; then
 119         AC_MSG_ERROR("Is glib-2.0 installed? -- could not get cflags")
 120 fi
 121 AC_SUBST([GLIB_CFLAGS])
 122
 123 GLIB_LIBS=$(pkg-config --libs glib-2.0)
 124 if test $? -ne 0; then
 125         AC_MSG_ERROR("Is glib-2.0 installed? -- could not get libs")
 126 fi
 127 AC_SUBST([GLIB_LIBS])
 128
 129 GTHREAD_LIBS=$(pkg-config --libs gthread-2.0)
 130 if test $? -ne 0; then
 131         AC_MSG_ERROR("Is glib-2.0 installed? -- could not get libs for gthread-2.0")
 132 fi
 133 AC_SUBST([GTHREAD_LIBS])
 134
 135 cryptolib=freebl
 136
 137 AC_ARG_WITH([openssl],
 138             AC_HELP_STRING([--with-openssl],
 139                            [build with openssl library]),
 140               [AC_CHECK_LIB(crypto,
 141                             [AES_set_encrypt_key],
 142                             [],
 143                             AC_MSG_ERROR(Faulty openssl crypto library))
 144                AC_CHECK_HEADERS([openssl/aes.h],[],
 145                             AC_MSG_ERROR(Is openssl-devel/libssl-dev installed?))
 146                AC_MSG_RESULT([Building with openssl crypto library])
 147                cryptolib=openssl
 148               ]
 149 )
 150
 151 case "$cryptolib" in
 152 freebl)
 153     AM_CONDITIONAL(SWTPM_USE_FREEBL, true)
 154     AM_CONDITIONAL(SWTPM_USE_OPENSSL, false)
 155     AC_DEFINE([USE_FREEBL_CRYPTO_LIBRARY],
 156               [1],
 157               [use freebl crypto library])
 158
 159     NSPR_CFLAGS=$(nspr-config --cflags)
 160     if test $? -ne 0; then
 161         AC_MSG_ERROR("Could not find nspr-config. Is nspr-devel/libnspr4-dev installed?")
 162     fi
 163     AC_SUBST([NSPR_CFLAGS])
 164
 165     NSS_CFLAGS=$(nss-config --cflags)
 166     if test $? -ne 0; then
 167         AC_MSG_ERROR("Could not find nss-config. Is nss-devel/libnss3-dev installed?")
 168     fi
 169     AC_SUBST([NSS_CFLAGS])
 170
 171     NSS_LIBS=$(nss-config --libs)
 172     if test $? -ne 0; then
 173         AC_MSG_ERROR("Is nss-devel/libnss3-dev installed? -- could not get libs for nss")
 174     fi
 175     dnl On RHEL 7 ppc64 we need an explicit -lfreebl
 176     NSS_LIBS="$NSS_LIBS -lfreebl"
 177     AC_SUBST([NSS_LIBS])
 178
 179     CPPFLAGS="$NSS_CFLAGS $NSPR_CFLAGS"
 180     AC_CHECK_HEADERS([sslerr.h],[],
 181                      AC_MSG_ERROR(nss-devel/libnss3-dev is bad))
 182
 183     # Check for missing headers
 184     CFLAGS_save="$CFLAGS"
 185     CFLAGS="$NSS_CFLAGS $NSPR_CFLAGS"
 186     AC_CHECK_HEADERS([blapi.h],[],
 187                      AC_MSG_ERROR(nss-softokn-freebl-devel/libnss3-dev is missing blapi.h))
 188     # Check for missing freebl library or missing library functions
 189     LIBS_save="$LIBS"
 190     LIBS="$(nss-config --libs) $(nspr-config --libs)"
 191     AC_SEARCH_LIBS([AES_CreateContext], [freebl],[],
 192                    AC_MSG_ERROR("Could not find AES_CreateContext(). Is nss-softokn-freebl-devel/libnss3-dev installed?"),
 193                    [])
 194     LIBS="$LIBS_save"
 195     CPPFLAGS=""
 196     CFLAGS="$CFLAGS_save"
 197
 198     ;;
 199 openssl)
 200     AM_CONDITIONAL(SWTPM_USE_FREEBL, false)
 201     AM_CONDITIONAL(SWTPM_USE_OPENSSL, true)
 202     AC_DEFINE([USE_OPENSSL_CRYPTO_LIBRARY],
 203               [1],
 204               [use openssl crypto library])
 205     ;;
 206 esac
 207
 208 LIBTASN1_LIBS=$(pkg-config --libs libtasn1)
 209 if test $? -ne 0; then
 210         AC_MSG_ERROR("Is libtasn1-devel installed? -- could not get libs for libtasn1")
 211 fi
 212 AC_SUBST([LIBTASN1_LIBS])
 213
 214 LIBTPMS_LIBS=$(pkg-config --libs libtpms)
 215 if test $? -ne 0; then
 216         AC_MSG_ERROR("Is libtpms-devel installed? -- could not get libs for libtpms")
 217 fi
 218 AC_SUBST([LIBTPMS_LIBS])
 219
 220 AC_PATH_PROG([TPM_NVDEFINE], tpm_nvdefine)
 221 case $host_os in
 222 linux-*)
 223     if test "x$TPM_NVDEFINE" == "x"; then
 224         AC_MSG_ERROR([NVRAM area tools are needed: tpm-tools package])
 225     fi
 226     with_tcsd=yes
 227     ;;
 228 *)
 229     with_tcsd=no
 230 esac
 231 with_swtpm_setup=$with_tcsd
 232 AM_CONDITIONAL([WITH_SWTPM_SETUP], test "$with_swtpm_setup" != "no")
 233
 234 AC_MSG_CHECKING([for whether to build with CUSE interface])
 235 AC_ARG_WITH([cuse],
 236             AC_HELP_STRING([--with-cuse],
 237                            [build with CUSE interface]),
 238             [],
 239             [with_cuse=check]
 240 )
 241
 242 if test "$with_cuse" != "no"; then
 243     LIBFUSE_CFLAGS=$(pkg-config fuse --cflags 2>/dev/null)
 244     if test $? -ne 0; then
 245         if test "$with_cuse" = "yes"; then
 246             AC_MSG_ERROR("Is fuse-devel installed? -- could not get cflags for libfuse")
 247         else
 248             with_cuse=no
 249         fi
 250     else
 251         with_cuse=yes
 252     fi
 253 fi
 254
 255 dnl with_cuse is now yes or no
 256 if test "$with_cuse" != "no"; then
 257     LIBFUSE_LIBS=$(pkg-config fuse --libs)
 258     if test $? -ne 0; then
 259         AC_MSG_ERROR("Is fuse-devel installed? -- could not get libs for libfuse")
 260     fi
 261     AC_SUBST([LIBFUSE_CFLAGS])
 262     AC_SUBST([LIBFUSE_LIBS])
 263     AC_DEFINE_UNQUOTED([WITH_CUSE], 1,
 264                        [whether to build with CUSE interface])
 265 fi
 266 AM_CONDITIONAL([WITH_CUSE],[test "$with_cuse" = "yes"])
 267 AC_MSG_RESULT($with_cuse)
 268
 269 AC_MSG_CHECKING([for whether to build with chardev interface])
 270 case $host_os in
 271 linux-*)
 272     with_chardev=yes
 273     AC_DEFINE_UNQUOTED([WITH_CHARDEV], 1,
 274                        [whether to build with chardev interface])
 275     ;;
 276 *)
 277     with_chardev=no
 278 esac
 279 AM_CONDITIONAL([WITH_CHARDEV],[test "$with_chardev" = "yes"])
 280 AC_MSG_RESULT($with_cuse)
 281
 282 AC_ARG_WITH([gnutls],
 283             AC_HELP_STRING([--with-gnutls],
 284                            [build with gnutls library]),
 285             [],
 286             [with_gnutls=check]
 287 )
 288
 289 if test "x$with_gnutls" != "xno"; then
 290     GNUTLS_LDFLAGS=$(pkg-config --libs gnutls)
 291     if test $? -ne 0; then
 292         if test "x$with_gnutls" == "xyes"; then
 293             AC_MSG_ERROR("Is gnutls installed? -- could not get libs for gnutls")
 294         else
 295             with_gnutls=no
 296         fi
 297     fi
 298 fi
 299
 300 if test "x$with_gnutls" != "xno"; then
 301      AC_PATH_PROG([GNUTLS_CERTTOOL], certtool)
 302      if test "x$GNUTLS_CERTTOOL" == "x"; then
 303          if test "x$with_gnutls" == "xyes"; then
 304              AC_MSG_ERROR("Could not find certtool. Is gnutls-utils/gnutls-bin installed?")
 305          else
 306              with_gnutls=no
 307          fi
 308      fi
 309 fi
 310
 311 if test "x$with_gnutls" != "xno"; then
 312     GNUTLS_CFLAGS=$(pkg-config gnutls --cflags)
 313     AC_CHECK_LIB([gnutls], [gnutls_load_file], [
 314                  GNUTLS_LIBS=-lgnutls
 315              ],
 316              [if test "x$with_gnutls" == "xyes"; then
 317                  AC_MSG_ERROR([GNUTLS >= 3.1.0 library not found: libgnutls.so])
 318               else
 319                  with_gnutls="no"
 320               fi])
 321 fi
 322
 323 if test "x$with_gnutls" != "xno"; then
 324     AC_CHECK_HEADER(gnutls/abstract.h, [], \
 325              [if test "x$with_gnutls" == "xyes"; then
 326                  AC_MSG_ERROR([GNUTLS >= 3.1.0 library header not found: gnutls/abstract.h])
 327               else
 328                  with_gnutls="no"
 329               fi])
 330 fi
 331
 332 if test "x$with_gnutls" != "xno"; then
 333     with_gnutls="yes"
 334 fi
 335 AM_CONDITIONAL([WITH_GNUTLS], [test "x$with_gnutls" == "xyes"])
 336 AC_SUBST([GNUTLS_LIBS])
 337
 338 AC_PATH_PROG([EXPECT], expect)
 339 if test "x$EXPECT" == "x"; then
 340         AC_MSG_ERROR([expect is required: expect package])
 341 fi
 342
 343 AC_PATH_PROG([GAWK], gawk)
 344 if test "x$GAWK" == "x"; then
 345         AC_MSG_ERROR([gawk is required: gawk package])
 346 fi
 347
 348 AC_PATH_PROG([SOCAT], socat)
 349 if test "x$SOCAT" == "x"; then
 350         AC_MSG_ERROR([socat is required: socat package])
 351 fi
 352
 353 TMP="$($CC -fstack-protector-strong 2>&1)"
 354 if echo $TMP | $GREP 'unrecognized command line option' >/dev/null; then
 355   HARDENING_CFLAGS="-fstack-protector -Wstack-protector "
 356 else
 357   HARDENING_CFLAGS="-fstack-protector-strong -Wstack-protector "
 358 fi
 359
 360 dnl Must not have -O0 but must have a -O for -D_FORTIFY_SOURCE=2
 361 TMP1="$(echo $CFLAGS | sed -n 's/.*\(-O0\).*/\1/p')"
 362 TMP2="$(echo $CFLAGS | sed -n 's/.*\(-O\).*/\1/p')"
 363 if test -z "$TMP1" && test -n "$TPM2"; then
 364     HARDENING_CFLAGS+="-D_FORTIFY_SOURCE=2 "
 365 fi
 366 dnl Check ld for 'relro' and 'now'
 367 if $LD --help 2>&1 | $GREP '\-z relro ' > /dev/null; then
 368   HARDENING_CFLAGS+="-Wl,-z,relro "
 369 fi
 370 if $LD --help 2>&1 | $GREP '\-z now ' > /dev/null; then
 371   HARDENING_CFLAGS+="-Wl,-z,now "
 372 fi
 373 AC_SUBST([HARDENING_CFLAGS])
 374
 375 AC_ARG_WITH([tss-user],
 376             AC_HELP_STRING([--with-tss-user=TSS_USER],
 377                            [The tss user to use]),
 378             [TSS_USER="$withval"],
 379             [TSS_USER="tss"]
 380 )
 381
 382 AC_ARG_WITH([tss-group],
 383             AC_HELP_STRING([--with-tss-group=TSS_GROUP],
 384                            [The tss group to use]),
 385             [TSS_GROUP="$withval"],
 386             [TSS_GROUP="tss"]
 387 )
 388 AC_SUBST([TSS_USER])
 389 AC_SUBST([TSS_GROUP])
 390
 391 CFLAGS="$CFLAGS -Wreturn-type -Wsign-compare -Wswitch-enum"
 392 CFLAGS="$CFLAGS -Wmissing-prototypes -Wall -Werror"
 393 CFLAGS="$CFLAGS -Wformat -Wformat-security"
 394
 395 dnl We have to make sure libtpms is using the same crypto library
 396 dnl to avoid problems
 397 AC_MSG_CHECKING([the crypto library libtpms is using])
 398 dirs=$($CC $CFLAGS -Xlinker --verbose 2>/dev/null | \
 399        sed -n '/SEARCH_DIR/p' | \
 400        sed 's/SEARCH_DIR("=\?\(@<:@^"@:>@\+\)"); */\1\n/g')
 401 for dir in $dirs $LIBRARY_PATH; do
 402   if test -r $dir/libtpms.so; then
 403     if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
 404       libtpms_cryptolib="openssl"
 405       break
 406     fi
 407     if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
 408       libtpms_cryptolib="freebl"
 409       break
 410     fi
 411   fi
 412   case $host_os in
 413   cygwin)
 414     if test -r $dir/libtpms.a; then
 415       if test -n "$(nm $dir/libtpms.a | grep "U AES_encrypt")"; then
 416         libtpms_cryptolib="openssl"
 417       fi
 418     fi
 419   esac
 420 done
 421
 422 if test -z "$libtpms_cryptolib"; then
 423   AC_MSG_ERROR([Could not determine libtpms crypto library.])
 424 fi
 425
 426 AC_MSG_RESULT([$libtpms_cryptolib])
 427
 428 if test "$libtpms_cryptolib" != "$cryptolib"; then
 429   echo "libtpms is using $libtpms_cryptolib; we have to use the same"
 430   if test "$cryptolib" == "openssl"; then
 431     AC_MSG_ERROR([do not use --with-openssl])
 432   else
 433     AC_MSG_ERROR([use --with-openssl])
 434   fi
 435 fi
 436
 437 with_vtpm_proxy=no
 438 case $host_os in
 439 linux-gnu)
 440   with_vtpm_proxy=yes
 441   AC_DEFINE_UNQUOTED([WITH_VTPM_PROXY], 1,
 442                      [whether to build in vTPM proxy support (Linux only)])
 443 esac
 444
 445 case $host_os in
 446 cygwin)
 447   CFLAGS="$CFLAGS -D__USE_LINUX_IOCTL_DEFS"
 448 esac
 449
 450 AC_CONFIG_FILES([Makefile                    \
 451                 dist/swtpm.spec             \
 452                 etc/Makefile                \
 453                 samples/Makefile            \
 454                 include/Makefile            \
 455                 include/swtpm/Makefile      \
 456                 include/swtpm.h             \
 457                 src/Makefile                \
 458                 src/selinux/Makefile        \
 459                 src/swtpm/Makefile          \
 460                 src/swtpm_bios/Makefile     \
 461                 src/swtpm_cert/Makefile     \
 462                 src/swtpm_ioctl/Makefile    \
 463                 src/swtpm_setup/Makefile    \
 464                 src/swtpm_setup/swtpm_setup.h  \
 465                 man/Makefile                \
 466                 man/man3/Makefile           \
 467                 man/man8/Makefile           \
 468                 tests/Makefile              \
 469                 tests/test_config           \
 470                 ])
 471 AC_CONFIG_FILES([src/swtpm_setup/swtpm_setup.sh],
 472                 [chmod 755 src/swtpm_setup/swtpm_setup.sh])
 473 AC_OUTPUT
 474
 475 echo
 476 printf "with_gnutls     : %5s  (no = swtpm_cert will NOT be built)\n" $with_gnutls
 477 printf "with_selinux    : %5s  (no = SELinux policy extenions will NOT be built)\n" $with_selinux
 478 printf "with_cuse       : %5s  (no = no CUSE interface)\n" $with_cuse
 479 printf "with_chardev    : %5s  (no = no chardev interface)\n" $with_chardev
 480 printf "with_swtpm_setup: %5s  (no = swtpm_setup will NOT be built)\n" $with_swtpm_setup
 481 printf "with_vtpm_proxy : %5s  (no = no vtpm proxy support; Linux only)\n" $with_vtpm_proxy
 482 echo
 483 echo "cryptolib: $cryptolib"
 484 echo
 485 echo "CFLAGS=$CFLAGS"
 486 echo "HARDENING_CFLAGS=$HARDENING_CFLAGS"
 487 echo "LDFLAGS=$LDFLAGS"
 488 echo
 489 echo "TSS_USER=$TSS_USER"
 490 echo "TSS_GROUP=$TSS_GROUP"
 491 echo