diff options
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 623 |
1 files changed, 355 insertions, 268 deletions
diff --git a/configure.ac b/configure.ac index e93fcb8aa..eda69d4f0 100644 --- a/configure.ac +++ b/configure.ac @@ -33,19 +33,20 @@ m4_define([my_issvn], [yes]) m4_define([svn_revision], m4_esyscmd([echo -n $((svn info 2>/dev/null \ || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q}')])) AC_INIT([gnupg], my_version[]m4_if(my_issvn,[yes],[-svn[]svn_revision]), - [[email protected]]) + [[email protected]]) # Set development_version to yes if the minor number is odd or you # feel that the default check for a development version is not # sufficient. development_version=yes -NEED_GPG_ERROR_VERSION=1.0 + +NEED_GPG_ERROR_VERSION=1.2 NEED_LIBGCRYPT_API=1 NEED_LIBGCRYPT_VERSION=1.1.94 NEED_LIBASSUAN_VERSION=0.6.10 -NEED_KSBA_VERSION=0.9.13 +NEED_KSBA_VERSION=0.9.16 PACKAGE=$PACKAGE_NAME @@ -61,20 +62,24 @@ AB_INIT AC_GNU_SOURCE -# Some status variables to give feedback at the end of a configure run +# Some status variables. have_gpg_error=no have_libgcrypt=no have_libassuan=no have_ksba=no have_pth=no +use_bzip2=yes +use_exec=yes +disable_keyserver_path=no + + GNUPG_BUILD_PROGRAM(gpg, no) GNUPG_BUILD_PROGRAM(gpgsm, yes) GNUPG_BUILD_PROGRAM(agent, yes) GNUPG_BUILD_PROGRAM(scdaemon, yes) GNUPG_BUILD_PROGRAM(symcryptrun, no) - AC_SUBST(PACKAGE) AC_SUBST(PACKAGE_GT) AC_SUBST(VERSION) @@ -140,8 +145,7 @@ test -n "$GNUPG_PROTECT_TOOL_PGM" \ && show_gnupg_protect_tool_pgm="$GNUPG_PROTECT_TOOL_PGM" - -# Some folks want to use only the agent form this packet. Make it +# Some folks want to use only the agent from this packet. Make it # easier for them by providing the configure option # --enable-only-agent. AC_ARG_ENABLE(agent-only, @@ -149,9 +153,17 @@ AC_ARG_ENABLE(agent-only, build_agent_only=$enableval) +# SELinux support includes tracking of sensitive files to avoid +# leaking their contents through processing these files by gpg itself +AC_MSG_CHECKING([whether SELinux support is requested]) +AC_ARG_ENABLE(selinux-support, + AC_HELP_STRING([--enable-selinux-support], + [enable SELinux support]), + selinux_support=$enableval, selinux_support=no) +AC_MSG_RESULT($selinux_support) + # Allow disabling of bzib2 support. # It is defined only after we confirm the library is available later -use_bzip2=yes AC_MSG_CHECKING([whether to enable the BZIP2 compression algorithm]) AC_ARG_ENABLE(bzip2, AC_HELP_STRING([--disable-bzip2],[disable the BZIP2 compression algorithm]), @@ -204,92 +216,102 @@ if test "$use_exec" = yes ; then AC_MSG_RESULT($enableval) if test "$gnupg_cv_enable_keyserver_helpers" = yes ; then + # LDAP is defined only after we confirm the library is available later AC_MSG_CHECKING([whether LDAP keyserver support is requested]) AC_ARG_ENABLE(ldap, - [ --disable-ldap disable LDAP keyserver interface], - try_ldap=$enableval, try_ldap=yes) + AC_HELP_STRING([--disable-ldap],[disable LDAP keyserver interface only]), + try_ldap=$enableval, try_ldap=yes) AC_MSG_RESULT($try_ldap) AC_MSG_CHECKING([whether HKP keyserver support is requested]) AC_ARG_ENABLE(hkp, - [ --disable-hkp disable HKP keyserver interface], - try_hkp=$enableval, try_hkp=yes) + AC_HELP_STRING([--disable-hkp],[disable HKP keyserver interface only]), + try_hkp=$enableval, try_hkp=yes) AC_MSG_RESULT($try_hkp) - if test "$try_hkp" = yes ; then - AC_SUBST(GPGKEYS_HKP,"gpgkeys_hkp$EXEEXT") - fi + AC_MSG_CHECKING([whether finger key fetching support is requested]) + AC_ARG_ENABLE(finger, + AC_HELP_STRING([--disable-finger], + [disable finger key fetching interface only]), + try_finger=$enableval, try_finger=yes) + AC_MSG_RESULT($try_finger) + + AC_MSG_CHECKING([whether generic object key fetching support is requested]) + AC_ARG_ENABLE(generic, + AC_HELP_STRING([--disable-generic], + [disable generic object key fetching interface only]), + try_generic=$enableval, try_generic=yes) + AC_MSG_RESULT($try_generic) AC_MSG_CHECKING([whether email keyserver support is requested]) AC_ARG_ENABLE(mailto, - [ --disable-mailto disable email keyserver interface], - try_mailto=$enableval, try_mailto=yes) + AC_HELP_STRING([--enable-mailto], + [enable email keyserver interface only]), + try_mailto=$enableval, try_mailto=no) AC_MSG_RESULT($try_mailto) fi AC_MSG_CHECKING([whether keyserver exec-path is enabled]) AC_ARG_ENABLE(keyserver-path, - [ --disable-keyserver-path disable the exec-path option for keyserver helpers], - [if test "$enableval" = no ; then - AC_DEFINE(DISABLE_KEYSERVER_PATH,1,[define to disable exec-path for keyserver helpers]) - fi],enableval=yes) + AC_HELP_STRING([--disable-keyserver-path], + [disable the exec-path option for keyserver helpers]), + [if test "$enableval" = no ; then + disable_keyserver_path=yes + fi],enableval=yes) AC_MSG_RESULT($enableval) fi -dnl -dnl Check for the key/uid cache size. This can't be zero, but can be -dnl pretty small on embedded systems. -dnl +# +# Check for the key/uid cache size. This can't be zero, but can be +# pretty small on embedded systems. This is used for the gpg part. +# AC_MSG_CHECKING([for the size of the key and uid cache]) AC_ARG_ENABLE(key-cache, - AC_HELP_STRING([--enable-key-cache=SIZE],[Set key cache to SIZE (default 4096)]),,enableval=4096) - + AC_HELP_STRING([--enable-key-cache=SIZE], + [Set key cache to SIZE (default 4096)]),,enableval=4096) if test "$enableval" = "no"; then enableval=5 elif test "$enableval" = "yes" || test "$enableval" = ""; then enableval=4096 fi - changequote(,)dnl key_cache_size=`echo "$enableval" | sed 's/[A-Za-z]//g'` changequote([,])dnl - if test "$enableval" != "$key_cache_size" || test "$key_cache_size" -lt 5; then AC_MSG_ERROR([invalid key-cache size]) fi - AC_MSG_RESULT($key_cache_size) -AC_DEFINE_UNQUOTED(PK_UID_CACHE_SIZE,$key_cache_size,[Size of the key and UID caches]) +AC_DEFINE_UNQUOTED(PK_UID_CACHE_SIZE,$key_cache_size, + [Size of the key and UID caches]) -dnl -dnl Check whether we want to use Linux capabilities -dnl +# +# Check whether we want to use Linux capabilities +# AC_MSG_CHECKING([whether use of capabilities is requested]) AC_ARG_WITH(capabilities, [ --with-capabilities use linux capabilities [default=no]], [use_capabilities="$withval"],[use_capabilities=no]) AC_MSG_RESULT($use_capabilities) +# +# To avoid double inclusion of config.h which might happen at some +# places, we add the usual double inclusion protection at the top of +# config.h. +# +AH_TOP([ +#ifndef GNUPG_CONFIG_H_INCLUDED +#define GNUPG_CONFIG_H_INCLUDED +]) +# +# Stuff which goes at the bottom of config.h. +# AH_BOTTOM([ -/* Some global constants. */ -#ifdef HAVE_DRIVE_LETTERS -#define GNUPG_DEFAULT_HOMEDIR "c:/gnupg" -#elif defined(__VMS) -#define GNUPG_DEFAULT_HOMEDIR "/SYS\$LOGIN/gnupg" -#else -#define GNUPG_DEFAULT_HOMEDIR "~/.gnupg" -#endif -#define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d" - -/* Tell libgcrypt not to use its own libgpg-error implementation. */ -#define USE_LIBGPG_ERROR 1 - /* This is the major version number of GnuPG so that - source included files can test for this. Note, that\ + source included files can test for this. Note, that we use 2 here even for GnuPG 1.9.x. */ #define GNUPG_MAJOR_VERSION 2 @@ -322,6 +344,16 @@ AH_BOTTOM([ #define SAFE_VERSION_DOT '.' #define SAFE_VERSION_DASH '-' +/* Some global constants. */ +#ifdef HAVE_DRIVE_LETTERS +#define GNUPG_DEFAULT_HOMEDIR "c:/gnupg" +#elif defined(__VMS) +#define GNUPG_DEFAULT_HOMEDIR "/SYS\$LOGIN/gnupg" +#else +#define GNUPG_DEFAULT_HOMEDIR "~/.gnupg" +#endif +#define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d" + /* For some systems (DOS currently), we hardcode the path here. For POSIX systems the values are constructed by the Makefiles, so that the values may be overridden by the make invocations; this is to @@ -357,13 +389,37 @@ AH_BOTTOM([ #define EXEC_TEMPFILE_ONLY #endif -/* Temporary hacks to avoid requring a libgpg-error update. */ -#if !HAVE_DECL_GPG_ERR_LOCKED -#define GPG_ERR_LOCKED 173 + +/* We didn't define endianness above, so get it from OS macros. This + is intended for making fat binary builds on OS X. */ +#if !defined(BIG_ENDIAN_HOST) && !defined(LITTLE_ENDIAN_HOST) +#if defined(__BIG_ENDIAN__) +#define BIG_ENDIAN_HOST 1 +#elif defined(__LITTLE_ENDIAN__) +#define LITTLE_ENDIAN_HOST 1 +#else +#error "No endianness found" #endif +#endif + + +/* Tell libgcrypt not to use its own libgpg-error implementation. */ +#define USE_LIBGPG_ERROR 1 +/* We use jnlib, so tell other modules about it. */ +#define HAVE_JNLIB_LOGGING 1 + +/* Our HTTP code is used in estream mode. */ +#define HTTP_USE_ESTREAM 1 + +/* We always include support for the OpenPGP card. */ +#define ENABLE_CARD_SUPPORT 1 + + +#endif /*GNUPG_CONFIG_H_INCLUDED*/ ]) + AM_MAINTAINER_MODE # Checks for programs. @@ -380,7 +436,6 @@ AC_PROG_CC AC_PROG_CPP AC_PROG_INSTALL AC_PROG_LN_S -AC_PROG_MAKE_SET AC_PROG_RANLIB AC_CHECK_TOOL(AR, ar, :) AC_PATH_PROG(PERL,"perl") @@ -391,11 +446,13 @@ AC_CHECK_PROG(DOCBOOK_TO_MAN, docbook-to-man, yes, no) AM_CONDITIONAL(HAVE_DOCBOOK_TO_MAN, test "$ac_cv_prog_DOCBOOK_TO_MAN" = yes) GNUPG_CHECK_FAQPROG GNUPG_CHECK_DOCBOOK_TO_TEXI +GNUPG_CHECK_USTAR try_gettext=yes have_dosish_system=no have_w32_system=no +use_simple_gettext=no case "${host}" in *-mingw32*) # special stuff for Windoze NT @@ -408,9 +465,11 @@ case "${host}" in [because the Unix gettext has too much overhead on MingW32 systems and these systems lack Posix functions, we use a simplified version of gettext]) + disable_keyserver_path=yes have_dosish_system=yes have_w32_system=yes try_gettext="no" + use_simple_gettext=yes ;; i?86-emx-os2 | i?86-*-os2*emx ) # OS/2 with the EMX environment @@ -448,11 +507,11 @@ case "${host}" in ;; *-dec-osf5*) if test -z "$GCC" ; then - # Use the newer compiler `-msg_disable ptrmismatch' to + # Use the newer compiler `-msg_disable ptrmismatch1' to # get rid of the unsigned/signed char mismatch warnings. # Using this may hide other pointer mismatch warnings, but # it at least lets other warning classes through - CFLAGS="$CFLAGS -msg_disable ptrmismatch" + CFLAGS="$CFLAGS -msg_disable ptrmismatch1" fi ;; m68k-atari-mint) @@ -469,14 +528,30 @@ if test "$have_dosish_system" = yes; then fi AM_CONDITIONAL(HAVE_DOSISH_SYSTEM, test "$have_dosish_system" = yes) +AM_CONDITIONAL(USE_SIMPLE_GETTEXT, test x"$use_simple_gettext" = xyes) + if test "$have_w32_system" = yes; then AC_DEFINE(HAVE_W32_SYSTEM,1, [Defined if we run on a W32 API based system]) fi AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes) -# These need to go after AC_PROG_CC so that $EXEEXT is defined +if test "$disable_keyserver_path" = yes; then + AC_DEFINE(DISABLE_KEYSERVER_PATH,1, + [Defined to disable exec-path for keyserver helpers]) +fi + +# (These need to go after AC_PROG_CC so that $EXEEXT is defined) AC_DEFINE_UNQUOTED(EXEEXT,"$EXEEXT",[The executable file extension, if any]) +if test x"$try_hkp" = xyes ; then + AC_SUBST(GPGKEYS_HKP,"gpg2keys_hkp$EXEEXT") +fi + +if test x"$try_finger" = xyes ; then + AC_SUBST(GPGKEYS_FINGER,"gpg2keys_finger$EXEEXT") +fi + + # # Checks for libraries. @@ -513,15 +588,12 @@ AM_PATH_LIBASSUAN("$NEED_LIBASSUAN_VERSION", # libksba is our X.509 support library # AM_PATH_KSBA("$NEED_KSBA_VERSION",have_ksba=yes,have_ksba=no) -# fixme: Remove the following test and require newer libksba instead. -_ksba_save_libs=$LIBS -LIBS=$KSBA_LIBS -AC_CHECK_FUNCS(ksba_dn_teststr) -LIBS=$_ksba_save_libs + # # libusb allows us to use the integrated CCID smartcard reader driver. # +# FiXME: Use GNUPG_CHECK_LIBUSB and modify to use separate AC_SUBSTs. AC_CHECK_LIB(usb, usb_bulk_write, [ LIBUSB_LIBS="$LIBUSB_LIBS -lusb" AC_DEFINE(HAVE_LIBUSB,1, @@ -556,8 +628,9 @@ AC_DEFINE_UNQUOTED(SHRED, "${SHRED}", [defines the filename of the shred program]) + # -# Check whether the (highly desirable) GNU Pth library is available +# Check whether the GNU Pth library is available # Note, that we include a Pth emulation for W32. # AC_ARG_WITH(pth-prefix, @@ -601,163 +674,166 @@ AC_SUBST(PTH_CFLAGS) AC_SUBST(PTH_LIBS) -dnl Must check for network library requirements before doing link tests -dnl for ldap, for example. If ldap libs are static (or dynamic and without -dnl ELF runtime link paths), then link will fail and LDAP support won't -dnl be detected. - +# +# Must check for network library requirements before doing link tests +# for ldap, for example. If ldap libs are static (or dynamic and without +# ELF runtime link paths), then link will fail and LDAP support won't +# be detected. +# AC_CHECK_FUNC(gethostbyname, , AC_CHECK_LIB(nsl, gethostbyname, [NETLIBS="-lnsl $NETLIBS"])) AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt, [NETLIBS="-lsocket $NETLIBS"])) -dnl Now try for the resolver functions so we can use DNS SRV +# +# Now try for the resolver functions so we can use DNS for SRV, PA and CERT. +# +if test x"$try_hkp" = xyes || test x"$try_http" = xyes ; then + AC_ARG_ENABLE(dns-srv, + AC_HELP_STRING([--disable-dns-srv], + [disable the use of DNS SRV in HKP and HTTP]), + use_dns_srv=$enableval,use_dns_srv=yes) +fi -AC_ARG_ENABLE(dns-srv, - AC_HELP_STRING([--disable-dns-srv],[disable the use of DNS SRV in HKP]), - use_dns_srv=$enableval,use_dns_srv=yes) +AC_ARG_ENABLE(dns-pka, + AC_HELP_STRING([--disable-dns-pka], + [disable the use of PKA records in DNS]), + use_dns_pka=$enableval,use_dns_pka=yes) -if test x"$try_hkp" = xyes && test x"$use_dns_srv" = xyes ; then - _srv_save_libs=$LIBS +AC_ARG_ENABLE(dns-cert, + AC_HELP_STRING([--disable-dns-cert], + [disable the use of CERT records in DNS]), + use_dns_cert=$enableval,use_dns_cert=yes) + +if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes \ + || test x"$use_dns_cert" = xyes; then + _dns_save_libs=$LIBS LIBS="" # the double underscore thing is a glibc-ism? AC_SEARCH_LIBS(res_query,resolv bind,, - AC_SEARCH_LIBS(__res_query,resolv bind,,use_dns_srv=no)) + AC_SEARCH_LIBS(__res_query,resolv bind,,have_resolver=no)) AC_SEARCH_LIBS(dn_expand,resolv bind,, - AC_SEARCH_LIBS(__dn_expand,resolv bind,,use_dns_srv=no)) + AC_SEARCH_LIBS(__dn_expand,resolv bind,,have_resolver=no)) AC_SEARCH_LIBS(dn_skipname,resolv bind,, - AC_SEARCH_LIBS(__dn_skipname,resolv bind,,use_dns_srv=no)) - - if test x"$use_dns_srv" = xyes ; then - AC_DEFINE(USE_DNS_SRV,1,[define to use DNS SRV]) - SRVLIBS=$LIBS - else - AC_MSG_WARN([Resolver functions not found. Disabling DNS SRV.]) + AC_SEARCH_LIBS(__dn_skipname,resolv bind,,have_resolver=no)) + + if test x"$have_resolver" != xno ; then + + # Make sure that the BIND 4 resolver interface is workable before + # enabling any code that calls it. At some point I'll rewrite the + # code to use the BIND 8 resolver API. + + AC_MSG_CHECKING([whether the resolver is usable]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <sys/types.h> +#include <netinet/in.h> +#include <arpa/nameser.h> +#include <resolv.h>], +[[unsigned char answer[PACKETSZ]; + res_query("foo.bar",C_IN,T_A,answer,PACKETSZ); + dn_skipname(0,0); + dn_expand(0,0,0,0,0); +]])],have_resolver=yes,have_resolver=no) + AC_MSG_RESULT($have_resolver) + + # This is Apple-specific and somewhat bizarre as they changed the + # define in bind 8 for some reason. + + if test x"$have_resolver" != xyes ; then + AC_MSG_CHECKING( + [whether I can make the resolver usable with BIND_8_COMPAT]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([#define BIND_8_COMPAT +#include <sys/types.h> +#include <netinet/in.h> +#include <arpa/nameser.h> +#include <resolv.h>], +[[unsigned char answer[PACKETSZ]; + res_query("foo.bar",C_IN,T_A,answer,PACKETSZ); + dn_skipname(0,0); dn_expand(0,0,0,0,0); +]])],[have_resolver=yes ; need_compat=yes]) + AC_MSG_RESULT($have_resolver) + fi fi - LIBS=$_srv_save_libs -fi -AC_SUBST(SRVLIBS) + if test x"$have_resolver" = xyes ; then + DNSLIBS=$LIBS -# Try and link a LDAP test program to weed out unusable LDAP -# libraries. -lldap [-llber [-lresolv]] is for OpenLDAP. OpenLDAP in -# general is terrible with creating weird dependencies. If all else -# fails, the user can play guess-the-dependency by using something -# like ./configure LDAPLIBS="-Lfoo -lbar" - -if test "$try_ldap" = yes ; then - for MY_LDAPLIBS in ${LDAPLIBS+"$LDAPLIBS"} "-lldap" "-lldap -llber" "-lldap -llber -lresolv"; do - _ldap_save_libs=$LIBS - LIBS="$MY_LDAPLIBS $NETLIBS $LIBS" - - AC_MSG_CHECKING([whether LDAP via \"$MY_LDAPLIBS\" is present and sane]) - AC_TRY_LINK([#include <ldap.h>],[ldap_open("foobar",1234);], - [gnupg_cv_func_ldap_init=yes],[gnupg_cv_func_ldap_init=no]) - AC_MSG_RESULT([$gnupg_cv_func_ldap_init]) - - if test $gnupg_cv_func_ldap_init = no; then - AC_MSG_CHECKING([whether I can make LDAP be sane with lber.h]) - AC_TRY_LINK([#include <lber.h> -#include <ldap.h>],[ldap_open("foobar",1234);], - [gnupg_cv_func_ldaplber_init=yes],[gnupg_cv_func_ldaplber_init=no]) - AC_MSG_RESULT([$gnupg_cv_func_ldaplber_init]) - fi + if test x"$use_dns_srv" = xyes ; then + AC_DEFINE(USE_DNS_SRV,1,[define to use DNS SRV]) + fi - if test "$gnupg_cv_func_ldaplber_init" = yes ; then - AC_DEFINE(NEED_LBER_H,1,[Define if the LDAP library requires including lber.h before ldap.h]) - fi + if test x"$use_dns_pka" = xyes ; then + AC_DEFINE(USE_DNS_PKA,1,[define to use our experimental DNS PKA]) + fi - if test "$gnupg_cv_func_ldap_init" = yes || \ - test "$gnupg_cv_func_ldaplber_init" = yes ; then - LDAPLIBS=$MY_LDAPLIBS - GPGKEYS_LDAP="gpgkeys_ldap$EXEEXT" - - AC_MSG_CHECKING([whether LDAP supports ldap_get_option]) - - if test "$gnupg_cv_func_ldap_init" = yes ; then - AC_TRY_LINK([#include <ldap.h>], - [ldap_get_option((void *)0,0,(void *)0);], - [gnupg_cv_func_ldap_get_option=yes], - [gnupg_cv_func_ldap_get_option=no]) - else - AC_TRY_LINK([#include <lber.h> -#include <ldap.h>],[ldap_get_option((void *)0,0,(void *)0);], - [gnupg_cv_func_ldap_get_option=yes], - [gnupg_cv_func_ldap_get_option=no]) - fi - - AC_MSG_RESULT([$gnupg_cv_func_ldap_get_option]) - - if test "$gnupg_cv_func_ldap_get_option" = yes ; then - AC_DEFINE(HAVE_LDAP_GET_OPTION,1,[Define if the LDAP library has ldap_get_option]) - else - AC_MSG_CHECKING([whether LDAP supports ld_errno]) - - if test "$gnupg_cv_func_ldap_init" = yes ; then - AC_TRY_COMPILE([#include <ldap.h>], - [LDAP *ldap; ldap->ld_errno;], - [gnupg_cv_func_ldap_ld_errno=yes], - [gnupg_cv_func_ldap_ld_errno=no]) - else - AC_TRY_LINK([#include <lber.h> -#include <ldap.h>],[LDAP *ldap; ldap->ld_errno;], - [gnupg_cv_func_ldap_ld_errno=yes], - [gnupg_cv_func_ldap_ld_errno=no]) - fi - - AC_MSG_RESULT([$gnupg_cv_func_ldap_ld_errno]) - - if test "$gnupg_cv_func_ldap_ld_errno" = yes ; then - AC_DEFINE(HAVE_LDAP_LD_ERRNO,1,[Define if the LDAP library supports ld_errno]) - fi - fi - fi + if test x"$use_dns_cert" = xyes ; then + AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT]) + fi - LIBS=$_ldap_save_libs + if test x"$need_compat" = xyes ; then + AC_DEFINE(BIND_8_COMPAT,1,[an Apple OSXism]) + fi + else + use_dns_srv=no + use_dns_pka=no + use_dns_cert=no + fi - if test "$GPGKEYS_LDAP" != "" ; then break; fi - done + LIBS=$_dns_save_libs fi -AC_SUBST(GPGKEYS_LDAP) -AC_SUBST(LDAPLIBS) +AC_SUBST(DNSLIBS) +AM_CONDITIONAL(USE_DNS_SRV, test x"$use_dns_srv" = xyes) -# Check for curl. We fake the curl API if libcurl isn't installed. +# +# Check for LDAP +# +if test "$try_ldap" = yes ; then + GNUPG_CHECK_LDAP($NETLIBS) +fi -# fixme: need to add this -#LIBCURL_CHECK_CONFIG([yes],,,[fake_curl=yes]) -#AM_CONDITIONAL(FAKE_CURL,test x"$fake_curl" = xyes) -AM_CONDITIONAL(FAKE_CURL,1) +# +# Check for curl. We fake the curl API if libcurl isn't installed. +# +LIBCURL_CHECK_CONFIG([yes],,,[fake_curl=yes]) +AM_CONDITIONAL(FAKE_CURL,test x"$fake_curl" = xyes) # Generic, for us, means curl if test x"$try_generic" = xyes ; then - AC_SUBST(GPGKEYS_CURL,"gpgkeys_curl$EXEEXT") + AC_SUBST(GPGKEYS_CURL,"gpg2keys_curl$EXEEXT") fi -dnl This isn't necessarily sendmail itself, but anything that gives a -dnl sendmail-ish interface to the outside world. That includes qmail, -dnl postfix, etc. Basically, anything that can handle "sendmail -t". - +# +# Check for sendmail +# +# This isn't necessarily sendmail itself, but anything that gives a +# sendmail-ish interface to the outside world. That includes Exim, +# Postfix, etc. Basically, anything that can handle "sendmail -t". if test "$try_mailto" = yes ; then - AC_ARG_WITH(mailprog,[ --with-mailprog=NAME use "NAME -t" for mail transport],,with_mailprog=yes) + AC_ARG_WITH(mailprog, + AC_HELP_STRING([--with-mailprog=NAME], + [use "NAME -t" for mail transport]), + ,with_mailprog=yes) - if test "$with_mailprog" = yes ; then + if test x"$with_mailprog" = xyes ; then AC_PATH_PROG(SENDMAIL,sendmail,,$PATH:/usr/sbin:/usr/libexec:/usr/lib) if test "$ac_cv_path_SENDMAIL" ; then - GPGKEYS_MAILTO="gpgkeys_mailto" + GPGKEYS_MAILTO="gpg2keys_mailto" fi - elif test "$with_mailprog" != no ; then + elif test x"$with_mailprog" != xno ; then AC_MSG_CHECKING([for a mail transport program]) AC_SUBST(SENDMAIL,$with_mailprog) AC_MSG_RESULT($with_mailprog) - GPGKEYS_MAILTO="gpgkeys_mailto" + GPGKEYS_MAILTO="gpg2keys_mailto" fi fi AC_SUBST(GPGKEYS_MAILTO) +# +# Construct a printable name of the OS +# case "${host}" in *-mingw32*) PRINTABLE_OS_NAME="MingW32" @@ -783,6 +859,9 @@ AC_DEFINE_UNQUOTED(PRINTABLE_OS_NAME, "$PRINTABLE_OS_NAME", [A human readable text with the name of the OS]) +# +# Check for gettext +# AM_GNU_GETTEXT_VERSION(0.14.1) if test "$try_gettext" = yes; then AM_GNU_GETTEXT(,[need-ngettext]) @@ -799,21 +878,50 @@ else AC_SUBST(USE_NLS) AC_SUBST(USE_INCLUDED_LIBINTL) AC_SUBST(BUILD_INCLUDED_LIBINTL) + AM_PO_SUBDIRS +fi + + +# +# SELinux support +# +if test "$selinux_support" = yes ; then + AC_DEFINE(ENABLE_SELINUX_HACKS,1,[Define to enable SELinux support]) fi + +# # Checks for header files. +# AC_HEADER_STDC -AC_CHECK_HEADERS(string.h unistd.h langinfo.h termio.h locale.h) +AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h]) +AC_CHECK_HEADERS([pwd.h inttypes.h]) +# Note that we do not check for iconv here because this is done anyway +# by the gettext checks and thus it allows us to disable the use of +# iconv by using --disable-nls. + +# # Checks for typedefs, structures, and compiler characteristics. +# AC_C_CONST AC_C_INLINE +AC_C_VOLATILE AC_TYPE_SIZE_T +AC_TYPE_MODE_T AC_TYPE_SIGNAL AC_DECL_SYS_SIGLIST -GNUPG_CHECK_ENDIAN +AC_ARG_ENABLE(endian-check, + AC_HELP_STRING([--disable-endian-check], + [disable the endian check and trust the OS provided macros]), + endiancheck=$enableval,endiancheck=yes) + +if test x"$endiancheck" = xyes ; then + GNUPG_CHECK_ENDIAN +fi +# fixme: we should get rid of the byte type GNUPG_CHECK_TYPEDEF(byte, HAVE_BYTE_TYPEDEF) GNUPG_CHECK_TYPEDEF(ushort, HAVE_USHORT_TYPEDEF) GNUPG_CHECK_TYPEDEF(ulong, HAVE_ULONG_TYPEDEF) @@ -825,16 +933,14 @@ AC_CHECK_SIZEOF(unsigned int) AC_CHECK_SIZEOF(unsigned long) AC_CHECK_SIZEOF(unsigned long long) # Ensure that we have UINT64_C before we bother to check for uint64_t -# fixme: really needed in gnupg? I think it is only useful in libcgrypt. +# Fixme: really needed in gnupg? I think it is only useful in libcgrypt. AC_CACHE_CHECK([for UINT64_C],[gnupg_cv_uint64_c_works], AC_COMPILE_IFELSE(AC_LANG_PROGRAM([#include <inttypes.h> -uint64_t foo=UINT64_C(42);]),gnupg_cv_uint64_c_works=yes,gnupg_cv_uint64_c_works=no)) + uint64_t foo=UINT64_C(42);]), + gnupg_cv_uint64_c_works=yes,gnupg_cv_uint64_c_works=no)) if test "$gnupg_cv_uint64_c_works" = "yes" ; then AC_CHECK_SIZEOF(uint64_t) fi - - - if test "$ac_cv_sizeof_unsigned_short" = "0" \ || test "$ac_cv_sizeof_unsigned_int" = "0" \ @@ -842,92 +948,54 @@ if test "$ac_cv_sizeof_unsigned_short" = "0" \ AC_MSG_WARN([Hmmm, something is wrong with the sizes - using defaults]); fi -dnl Do we have any 64-bit data types? -if test "$ac_cv_sizeof_unsigned_int" != "8" \ - && test "$ac_cv_sizeof_unsigned_long" != "8" \ - && test "$ac_cv_sizeof_unsigned_long_long" != "8" \ - && test "$ac_cv_sizeof_uint64_t" != "8"; then - AC_MSG_WARN([No 64-bit types. Disabling SHA-384, and SHA-512]) -else - if test x"$use_sha512" = xyes ; then - AC_SUBST(SHA512_O,sha512.o) - AC_DEFINE(USE_SHA512,1,[Define to include the SHA-384 and SHA-512 digests]) - fi -fi - +# # fixme: do we really need this - it should be encapsulated in libassuan +# GNUPG_SYS_SO_PEERCRED + +# # Checks for library functions. +# +AC_CHECK_DECLS(getpagesize) AC_FUNC_FSEEKO AC_FUNC_VPRINTF AC_FUNC_FORK -AC_CHECK_FUNCS(strerror stpcpy strsep strlwr tcgetattr strtoul mmap) -AC_CHECK_FUNCS(strcasecmp strncasecmp ctermid times gmtime_r) -AC_CHECK_FUNCS(memmove gettimeofday getrusage setrlimit clock_gettime) -AC_CHECK_FUNCS(atexit raise getpagesize strftime nl_langinfo setlocale) -AC_CHECK_FUNCS(waitpid wait4 sigaction sigprocmask rand pipe stat getaddrinfo) -AC_CHECK_FUNCS(fseeko ftello ttyname isascii) +AC_CHECK_FUNCS([strerror stpcpy strsep strlwr tcgetattr strtoul mmap]) +AC_CHECK_FUNCS([strcasecmp strncasecmp ctermid times timegm gmtime_r]) +AC_CHECK_FUNCS([unsetenv getpwnam getpwuid fcntl ftruncate]) +AC_CHECK_FUNCS([memmove gettimeofday getrusage setrlimit clock_gettime]) +AC_CHECK_FUNCS([atexit raise getpagesize strftime nl_langinfo setlocale]) +AC_CHECK_FUNCS([waitpid wait4 sigaction sigprocmask pipe stat getaddrinfo]) +AC_CHECK_FUNCS([ttyname isascii memrchr rand ftello]) AC_CHECK_TYPES([struct sigaction, sigset_t],,,[#include <signal.h>]) +# # gnulib checks +# gl_SOURCE_BASE(gl) gl_M4_BASE(gl/m4) gl_MODULES(setenv strsep mkdtemp vasprintf xsize) gl_INIT + +# # These are needed by libjnlib - fixme: we should have macros for them -AC_CHECK_FUNCS(memicmp stpcpy strlwr strtoul memmove stricmp strtol) -AC_CHECK_FUNCS(getrusage setrlimit stat setlocale) -AC_CHECK_FUNCS(flockfile funlockfile fopencookie funopen) - - -# -# check for gethrtime and run a testprogram to see whether -# it is broken. It has been reported that some Solaris and HP UX systems -# raise an SIGILL -# -# fixme: Do we need this - iirc, this is only used by libgcrypt. -# -AC_CACHE_CHECK([for gethrtime], - [gnupg_cv_func_gethrtime], - [AC_TRY_LINK([#include <sys/times.h>],[ - hrtime_t tv; - tv = gethrtime(); - ], - [gnupg_cv_func_gethrtime=yes], - [gnupg_cv_func_gethrtime=no]) - ]) -if test $gnupg_cv_func_gethrtime = yes; then - AC_DEFINE([HAVE_GETHRTIME], 1, - [Define if you have the `gethrtime(2)' function.]) - AC_CACHE_CHECK([whether gethrtime is broken], - [gnupg_cv_func_broken_gethrtime], - [AC_TRY_RUN([ - #include <sys/times.h> - int main () { - hrtime_t tv; - tv = gethrtime(); - } - ], - [gnupg_cv_func_broken_gethrtime=no], - [gnupg_cv_func_broken_gethrtime=yes], - [gnupg_cv_func_broken_gethrtime=assume-no]) - ]) - if test $gnupg_cv_func_broken_gethrtime = yes; then - AC_DEFINE([HAVE_BROKEN_GETHRTIME], 1, - [Define if `gethrtime(2)' does not work correctly i.e. issues a SIGILL.]) - fi -fi - +# +AC_CHECK_FUNCS([memicmp stpcpy strlwr strtoul memmove stricmp strtol]) +AC_CHECK_FUNCS([getrusage setrlimit stat setlocale]) +AC_CHECK_FUNCS([flockfile funlockfile fopencookie funopen]) + + GNUPG_CHECK_MLOCK + GNUPG_FUNC_MKDIR_TAKES_ONE_ARG -dnl -dnl Check whether we can use Linux capabilities as requested -dnl +# +# Check whether we can use Linux capabilities as requested +# # fixme: Still required? # if test "$use_capabilities" = "yes" ; then @@ -956,13 +1024,15 @@ if test "$use_capabilities" = "no" ; then fi fi - +# # Sanity check regex. Tests adapted from mutt. - +# FIXME: We should use the the regex from gnulib +# AC_MSG_CHECKING([whether regular expression support is requested]) AC_ARG_ENABLE(regex, -[ --disable-regex do not handle regular expressions in trust sigs], - use_regex=$enableval, use_regex=yes) + AC_HELP_STRING([--disable-regex], + [do not handle regular expressions in trust signatures]), + use_regex=$enableval, use_regex=yes) AC_MSG_RESULT($use_regex) if test "$use_regex" = yes ; then @@ -994,14 +1064,16 @@ main() { regex_t blah ; regmatch_t p; p.rm_eo = p.rm_eo; return regcomp(&blah, " fi if test $gnupg_cv_included_regex = yes; then - AC_DEFINE(USE_GNU_REGEX,1,[ Define if you want to use the included regex lib ]) - AC_SUBST(REGEX_O,regex.o) + AC_DEFINE(USE_INTERNAL_REGEX,1,[ Define if you want to use the included regex lib ]) fi else - AC_DEFINE(DISABLE_REGEX,1,[ Define to disable regular expression support ]) fi +AM_CONDITIONAL(USE_INTERNAL_REGEX, test x"$gnupg_cv_included_regex" = xyes) + + + # # Do we have zlib? Must do it here because Solaris failed # when compiling a conftest (due to the "-lz" from LIBS). @@ -1058,16 +1130,20 @@ AM_CONDITIONAL(ENABLE_BZIP2_SUPPORT,test x"$have_bz2" = "xyes") AC_SUBST(ZLIBS) +# Check for readline support +GNUPG_CHECK_READLINE + # See wether we want to run the long test suite. AC_ARG_WITH(pkits-tests, AC_HELP_STRING([--with-pkits-tests],[run the PKITS based tests]), [run_pkits_tests=$withval], [run_pkits_tests=no]) AM_CONDITIONAL(RUN_PKITS_TESTS, test "$run_pkits_tests" = "yes") - +# # Allow users to append something to the version string without # flagging it as development version. The user version parts is # considered everything after a dash. +# if test "$development_version" != yes; then changequote(,)dnl tmp_pat='[a-zA-Z]' @@ -1091,16 +1167,36 @@ if test "$have_w32_system" = yes; then W32LIBS="-lwsock32" fi +AC_SUBST(NETLIBS) +AC_SUBST(W32LIBS) + +# +# Setup gcc specific options +# if test "$GCC" = yes; then + # Note that it is okay to use CFLAGS here because this are just + # warning options and the user should have a chance of overriding + # them. if test "$USE_MAINTAINER_MODE" = "yes"; then CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes" - CFLAGS="$CFLAGS -Wno-format-y2k -Wformat-security" + CFLAGS="$CFLAGS -Wno-format-y2k -Wformat-security -Wformat-nonliteral" else CFLAGS="$CFLAGS -Wall" fi + + AC_MSG_CHECKING([if gcc supports -Wno-pointer-sign]) + _gcc_cflags_save=$CFLAGS + CFLAGS="-Wno-pointer-sign" + AC_COMPILE_IFELSE(AC_LANG_PROGRAM([]),_gcc_psign=yes,_gcc_psign=no) + AC_MSG_RESULT($_gcc_psign) + CFLAGS=$_gcc_cflags_save; + if test x"$_gcc_psign" = xyes ; then + CFLAGS="$CFLAGS -Wno-pointer-sign" + fi fi + # # This is handy for debugging so the compiler doesn't rearrange # things and eliminate variables. @@ -1112,18 +1208,9 @@ AC_ARG_ENABLE(optimization, CFLAGS=`echo $CFLAGS | sed 's/-O[[0-9]]//'` fi]) - - - -AC_SUBST(NETLIBS) -AC_SUBST(W32LIBS) - - -# We use jnlib, so tell other modules about it -AC_DEFINE(HAVE_JNLIB_LOGGING, 1, - [Defined if jnlib style logging functions are available]) - +# # For W32 we need to use our Pth emulation code +# if test "$have_w32_system" = yes; then AC_CONFIG_LINKS(pth.h:jnlib/w32-pth.h) fi @@ -1254,13 +1341,13 @@ g10/Makefile sm/Makefile agent/Makefile scd/Makefile +keyserver/Makefile tools/Makefile doc/Makefile tests/Makefile ]) AC_OUTPUT -#./autogen keyserver/Makefile #tests/pkits/Makefile |