4 # The Initial Developer of the Original Code is International
5 # Business Machines Corporation. Portions created by IBM
6 # Corporation are Copyright (C) 2014 International Business
7 # Machines Corporation. All Rights Reserved.
9 # This program is free software; you can redistribute it and/or modify
10 # it under the terms of the Common Public License as published by
11 # IBM Corporation; either version 1 of the License, or (at your option)
14 # This program is distributed in the hope that it will be useful,
15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 # Common Public License for more details.
19 # You should have received a copy of the Common Public License
20 # along with this program; if not, a copy can be viewed at
21 # http://www.opensource.org/licenses/cpl1.0.php.
23 # This file is derived from tpm-tool's configure.in.
28 AC_CONFIG_SRCDIR(Makefile.am)
29 AC_CONFIG_HEADER(config.h)
31 SWTPM_VER_MAJOR=`echo $PACKAGE_VERSION | cut -d "." -f1`
32 SWTPM_VER_MINOR=`echo $PACKAGE_VERSION | cut -d "." -f2`
33 SWTPM_VER_MICRO=`echo $PACKAGE_VERSION | cut -d "." -f3`
35 AC_SUBST([SWTPM_VER_MAJOR])
36 AC_SUBST([SWTPM_VER_MINOR])
37 AC_SUBST([SWTPM_VER_MICRO])
39 dnl Check for programs
45 AC_CONFIG_MACRO_DIR([m4])
48 AM_INIT_AUTOMAKE([foreign 1.6])
51 AC_MSG_CHECKING([for debug-enabled build])
52 AC_ARG_ENABLE(debug, AC_HELP_STRING([--enable-debug], [create a debug build]),
53 [if test "$enableval" = "yes"; then
63 # If the user has not set CFLAGS, do something appropriate
64 test_CFLAGS=${CFLAGS+set}
65 if test "$test_CFLAGS" != set; then
66 if test "$DEBUG" == "yes"; then
67 CFLAGS="-O0 -g -DDEBUG"
71 elif test "$DEBUG" == "yes"; then
72 CFLAGS="$CFLAGS -O0 -g -DDEBUG"
86 AC_ARG_WITH([selinux],
87 AS_HELP_STRING([--with-selinux],
88 [add SELinux policy extensions @<:@default=check@:>@]))
89 m4_divert_text([DEFAULTS], [with_selinux=check])
91 dnl Check for SELinux policy support
93 if test "$with_selinux" != "no"; then
94 if test "$with_selinux" = "check" || test "$with_selinux" = "yes"; then
95 if ! test -f /usr/share/selinux/devel/Makefile; then
96 if test "$with_selinux" = "yes"; then
97 AC_MSG_ERROR("Is selinux-policy-devel installed?")
102 AC_PATH_PROG([SEMODULE], semodule)
103 if test "x$SEMODULE" == "x"; then
104 if test "$with_selinux" = "yes"; then
105 AC_MSG_ERROR("Is selinux-policy-devel installed?")
110 if test "$with_selinux" = "check"; then
115 AM_CONDITIONAL([WITH_SELINUX], [test "x$with_selinux" == "xyes"])
117 GLIB_CFLAGS=$(pkg-config --cflags glib-2.0)
118 if test $? -ne 0; then
119 AC_MSG_ERROR("Is glib-2.0 installed? -- could not get cflags")
121 AC_SUBST([GLIB_CFLAGS])
123 GLIB_LIBS=$(pkg-config --libs glib-2.0)
124 if test $? -ne 0; then
125 AC_MSG_ERROR("Is glib-2.0 installed? -- could not get libs")
127 AC_SUBST([GLIB_LIBS])
129 GTHREAD_LIBS=$(pkg-config --libs gthread-2.0)
130 if test $? -ne 0; then
131 AC_MSG_ERROR("Is glib-2.0 installed? -- could not get libs for gthread-2.0")
133 AC_SUBST([GTHREAD_LIBS])
137 AC_ARG_WITH([openssl],
138 AC_HELP_STRING([--with-openssl],
139 [build with openssl library]),
140 [AC_CHECK_LIB(crypto,
141 [AES_set_encrypt_key],
143 AC_MSG_ERROR(Faulty openssl crypto library))
144 AC_CHECK_HEADERS([openssl/aes.h],[],
145 AC_MSG_ERROR(Is openssl-devel/libssl-dev installed?))
146 AC_MSG_RESULT([Building with openssl crypto library])
153 AM_CONDITIONAL(SWTPM_USE_FREEBL, true)
154 AM_CONDITIONAL(SWTPM_USE_OPENSSL, false)
155 AC_DEFINE([USE_FREEBL_CRYPTO_LIBRARY],
157 [use freebl crypto library])
159 NSPR_CFLAGS=$(nspr-config --cflags)
160 if test $? -ne 0; then
161 AC_MSG_ERROR("Could not find nspr-config. Is nspr-devel/libnspr4-dev installed?")
163 AC_SUBST([NSPR_CFLAGS])
165 NSS_CFLAGS=$(nss-config --cflags)
166 if test $? -ne 0; then
167 AC_MSG_ERROR("Could not find nss-config. Is nss-devel/libnss3-dev installed?")
169 AC_SUBST([NSS_CFLAGS])
171 NSS_LIBS=$(nss-config --libs)
172 if test $? -ne 0; then
173 AC_MSG_ERROR("Is nss-devel/libnss3-dev installed? -- could not get libs for nss")
175 dnl On RHEL 7 ppc64 we need an explicit -lfreebl
176 NSS_LIBS="$NSS_LIBS -lfreebl"
179 CPPFLAGS="$NSS_CFLAGS $NSPR_CFLAGS"
180 AC_CHECK_HEADERS([sslerr.h],[],
181 AC_MSG_ERROR(nss-devel/libnss3-dev is bad))
183 # Check for missing headers
184 CFLAGS_save="$CFLAGS"
185 CFLAGS="$NSS_CFLAGS $NSPR_CFLAGS"
186 AC_CHECK_HEADERS([blapi.h],[],
187 AC_MSG_ERROR(nss-softokn-freebl-devel/libnss3-dev is missing blapi.h))
188 # Check for missing freebl library or missing library functions
190 LIBS="$(nss-config --libs) $(nspr-config --libs)"
191 AC_SEARCH_LIBS([AES_CreateContext], [freebl],[],
192 AC_MSG_ERROR("Could not find AES_CreateContext(). Is nss-softokn-freebl-devel/libnss3-dev installed?"),
196 CFLAGS="$CFLAGS_save"
200 AM_CONDITIONAL(SWTPM_USE_FREEBL, false)
201 AM_CONDITIONAL(SWTPM_USE_OPENSSL, true)
202 AC_DEFINE([USE_OPENSSL_CRYPTO_LIBRARY],
204 [use openssl crypto library])
208 LIBTASN1_LIBS=$(pkg-config --libs libtasn1)
209 if test $? -ne 0; then
210 AC_MSG_ERROR("Is libtasn1-devel installed? -- could not get libs for libtasn1")
212 AC_SUBST([LIBTASN1_LIBS])
214 LIBTPMS_LIBS=$(pkg-config --libs libtpms)
215 if test $? -ne 0; then
216 AC_MSG_ERROR("Is libtpms-devel installed? -- could not get libs for libtpms")
218 AC_SUBST([LIBTPMS_LIBS])
220 AC_PATH_PROG([TPM_NVDEFINE], tpm_nvdefine)
223 if test "x$TPM_NVDEFINE" == "x"; then
224 AC_MSG_ERROR([NVRAM area tools are needed: tpm-tools package])
231 with_swtpm_setup=$with_tcsd
232 AM_CONDITIONAL([WITH_SWTPM_SETUP], test "$with_swtpm_setup" != "no")
234 AC_MSG_CHECKING([for whether to build with CUSE interface])
236 AC_HELP_STRING([--with-cuse],
237 [build with CUSE interface]),
242 if test "$with_cuse" != "no"; then
243 LIBFUSE_CFLAGS=$(pkg-config fuse --cflags 2>/dev/null)
244 if test $? -ne 0; then
245 if test "$with_cuse" = "yes"; then
246 AC_MSG_ERROR("Is fuse-devel installed? -- could not get cflags for libfuse")
255 dnl with_cuse is now yes or no
256 if test "$with_cuse" != "no"; then
257 LIBFUSE_LIBS=$(pkg-config fuse --libs)
258 if test $? -ne 0; then
259 AC_MSG_ERROR("Is fuse-devel installed? -- could not get libs for libfuse")
261 AC_SUBST([LIBFUSE_CFLAGS])
262 AC_SUBST([LIBFUSE_LIBS])
263 AC_DEFINE_UNQUOTED([WITH_CUSE], 1,
264 [whether to build with CUSE interface])
266 AM_CONDITIONAL([WITH_CUSE],[test "$with_cuse" = "yes"])
267 AC_MSG_RESULT($with_cuse)
269 AC_MSG_CHECKING([for whether to build with chardev interface])
273 AC_DEFINE_UNQUOTED([WITH_CHARDEV], 1,
274 [whether to build with chardev interface])
279 AM_CONDITIONAL([WITH_CHARDEV],[test "$with_chardev" = "yes"])
280 AC_MSG_RESULT($with_cuse)
282 AC_ARG_WITH([gnutls],
283 AC_HELP_STRING([--with-gnutls],
284 [build with gnutls library]),
289 if test "x$with_gnutls" != "xno"; then
290 GNUTLS_LDFLAGS=$(pkg-config --libs gnutls)
291 if test $? -ne 0; then
292 if test "x$with_gnutls" == "xyes"; then
293 AC_MSG_ERROR("Is gnutls installed? -- could not get libs for gnutls")
300 if test "x$with_gnutls" != "xno"; then
301 AC_PATH_PROG([GNUTLS_CERTTOOL], certtool)
302 if test "x$GNUTLS_CERTTOOL" == "x"; then
303 if test "x$with_gnutls" == "xyes"; then
304 AC_MSG_ERROR("Could not find certtool. Is gnutls-utils/gnutls-bin installed?")
311 if test "x$with_gnutls" != "xno"; then
312 GNUTLS_CFLAGS=$(pkg-config gnutls --cflags)
313 AC_CHECK_LIB([gnutls], [gnutls_load_file], [
316 [if test "x$with_gnutls" == "xyes"; then
317 AC_MSG_ERROR([GNUTLS >= 3.1.0 library not found: libgnutls.so])
323 if test "x$with_gnutls" != "xno"; then
324 AC_CHECK_HEADER(gnutls/abstract.h, [], \
325 [if test "x$with_gnutls" == "xyes"; then
326 AC_MSG_ERROR([GNUTLS >= 3.1.0 library header not found: gnutls/abstract.h])
332 if test "x$with_gnutls" != "xno"; then
335 AM_CONDITIONAL([WITH_GNUTLS], [test "x$with_gnutls" == "xyes"])
336 AC_SUBST([GNUTLS_LIBS])
338 AC_PATH_PROG([EXPECT], expect)
339 if test "x$EXPECT" == "x"; then
340 AC_MSG_ERROR([expect is required: expect package])
343 AC_PATH_PROG([GAWK], gawk)
344 if test "x$GAWK" == "x"; then
345 AC_MSG_ERROR([gawk is required: gawk package])
348 AC_PATH_PROG([SOCAT], socat)
349 if test "x$SOCAT" == "x"; then
350 AC_MSG_ERROR([socat is required: socat package])
353 TMP="$($CC -fstack-protector-strong 2>&1)"
354 if echo $TMP | $GREP 'unrecognized command line option' >/dev/null; then
355 HARDENING_CFLAGS="-fstack-protector -Wstack-protector "
357 HARDENING_CFLAGS="-fstack-protector-strong -Wstack-protector "
360 dnl Must not have -O0 but must have a -O for -D_FORTIFY_SOURCE=2
361 TMP1="$(echo $CFLAGS | sed -n 's/.*\(-O0\).*/\1/p')"
362 TMP2="$(echo $CFLAGS | sed -n 's/.*\(-O\).*/\1/p')"
363 if test -z "$TMP1" && test -n "$TPM2"; then
364 HARDENING_CFLAGS+="-D_FORTIFY_SOURCE=2 "
366 dnl Check ld for 'relro' and 'now'
367 if $LD --help 2>&1 | $GREP '\-z relro ' > /dev/null; then
368 HARDENING_CFLAGS+="-Wl,-z,relro "
370 if $LD --help 2>&1 | $GREP '\-z now ' > /dev/null; then
371 HARDENING_CFLAGS+="-Wl,-z,now "
373 AC_SUBST([HARDENING_CFLAGS])
375 AC_ARG_WITH([tss-user],
376 AC_HELP_STRING([--with-tss-user=TSS_USER],
377 [The tss user to use]),
378 [TSS_USER="$withval"],
382 AC_ARG_WITH([tss-group],
383 AC_HELP_STRING([--with-tss-group=TSS_GROUP],
384 [The tss group to use]),
385 [TSS_GROUP="$withval"],
389 AC_SUBST([TSS_GROUP])
391 CFLAGS="$CFLAGS -Wreturn-type -Wsign-compare -Wswitch-enum"
392 CFLAGS="$CFLAGS -Wmissing-prototypes -Wall -Werror"
393 CFLAGS="$CFLAGS -Wformat -Wformat-security"
395 dnl We have to make sure libtpms is using the same crypto library
396 dnl to avoid problems
397 AC_MSG_CHECKING([the crypto library libtpms is using])
398 dirs=$($CC $CFLAGS -Xlinker --verbose 2>/dev/null | \
399 sed -n '/SEARCH_DIR/p' | \
400 sed 's/SEARCH_DIR("=\?\(@<:@^"@:>@\+\)"); */\1\n/g')
401 for dir in $dirs $LIBRARY_PATH; do
402 if test -r $dir/libtpms.so; then
403 if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
404 libtpms_cryptolib="openssl"
407 if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
408 libtpms_cryptolib="freebl"
414 if test -r $dir/libtpms.a; then
415 if test -n "$(nm $dir/libtpms.a | grep "U AES_encrypt")"; then
416 libtpms_cryptolib="openssl"
422 if test -z "$libtpms_cryptolib"; then
423 AC_MSG_ERROR([Could not determine libtpms crypto library.])
426 AC_MSG_RESULT([$libtpms_cryptolib])
428 if test "$libtpms_cryptolib" != "$cryptolib"; then
429 echo "libtpms is using $libtpms_cryptolib; we have to use the same"
430 if test "$cryptolib" == "openssl"; then
431 AC_MSG_ERROR([do not use --with-openssl])
433 AC_MSG_ERROR([use --with-openssl])
441 AC_DEFINE_UNQUOTED([WITH_VTPM_PROXY], 1,
442 [whether to build in vTPM proxy support (Linux only)])
447 CFLAGS="$CFLAGS -D__USE_LINUX_IOCTL_DEFS"
450 AC_CONFIG_FILES([Makefile \
455 include/swtpm/Makefile \
458 src/selinux/Makefile \
460 src/swtpm_bios/Makefile \
461 src/swtpm_cert/Makefile \
462 src/swtpm_ioctl/Makefile \
463 src/swtpm_setup/Makefile \
464 src/swtpm_setup/swtpm_setup.h \
471 AC_CONFIG_FILES([src/swtpm_setup/swtpm_setup.sh],
472 [chmod 755 src/swtpm_setup/swtpm_setup.sh])
476 printf "with_gnutls : %5s (no = swtpm_cert will NOT be built)\n" $with_gnutls
477 printf "with_selinux : %5s (no = SELinux policy extenions will NOT be built)\n" $with_selinux
478 printf "with_cuse : %5s (no = no CUSE interface)\n" $with_cuse
479 printf "with_chardev : %5s (no = no chardev interface)\n" $with_chardev
480 printf "with_swtpm_setup: %5s (no = swtpm_setup will NOT be built)\n" $with_swtpm_setup
481 printf "with_vtpm_proxy : %5s (no = no vtpm proxy support; Linux only)\n" $with_vtpm_proxy
483 echo "cryptolib: $cryptolib"
485 echo "CFLAGS=$CFLAGS"
486 echo "HARDENING_CFLAGS=$HARDENING_CFLAGS"
487 echo "LDFLAGS=$LDFLAGS"
489 echo "TSS_USER=$TSS_USER"
490 echo "TSS_GROUP=$TSS_GROUP"