diff options
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 222 |
1 files changed, 116 insertions, 106 deletions
diff --git a/configure.ac b/configure.ac index 4690028..f827992 100644 --- a/configure.ac +++ b/configure.ac @@ -54,7 +54,9 @@ m4_define([serial_tests], [ awk '{split ($NF,a,"."); if (a[1] == 1 && a[2] >= 12) { print "serial-tests" }}' ]) ]) -AM_INIT_AUTOMAKE(foreign serial_tests) dnl NB: Do not [quote] this parameter. +# This foreign option prevents autoreconf from overriding our COPYING and +# INSTALL targets: +AM_INIT_AUTOMAKE(foreign serial_tests 1.9) dnl NB: Do not [quote] this parameter. AC_CANONICAL_HOST AC_USE_SYSTEM_EXTENSIONS @@ -78,13 +80,6 @@ AC_ARG_ENABLE(comp-stub, ) AC_ARG_ENABLE( - [crypto], - [AS_HELP_STRING([--disable-crypto], [disable crypto support @<:@default=yes@:>@])], - , - [enable_crypto="yes"] -) - -AC_ARG_ENABLE( [ofb-cfb], [AS_HELP_STRING([--disable-ofb-cfb], [disable support for OFB and CFB cipher modes @<:@default=yes@:>@])], , @@ -99,13 +94,6 @@ AC_ARG_ENABLE( ) AC_ARG_ENABLE( - [server], - [AS_HELP_STRING([--disable-server], [disable server support only (but retain client support) @<:@default=yes@:>@])], - , - [enable_server="yes"] -) - -AC_ARG_ENABLE( [plugins], [AS_HELP_STRING([--disable-plugins], [disable plug-in support @<:@default=yes@:>@])], , @@ -251,7 +239,7 @@ AC_ARG_ENABLE( AC_ARG_ENABLE( [systemd], - [AS_HELP_STRING([--enable-systemd], [enable systemd suppport @<:@default=no@:>@])], + [AS_HELP_STRING([--enable-systemd], [enable systemd support @<:@default=no@:>@])], , [enable_systemd="no"] ) @@ -301,15 +289,19 @@ else fi AC_DEFINE_UNQUOTED([TARGET_ALIAS], ["${host}"], [A string representing our host]) +AM_CONDITIONAL([TARGET_LINUX], [false]) case "$host" in *-*-linux*) AC_DEFINE([TARGET_LINUX], [1], [Are we running on Linux?]) + AM_CONDITIONAL([TARGET_LINUX], [true]) AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["L"], [Target prefix]) + have_sitnl="yes" ;; *-*-solaris*) AC_DEFINE([TARGET_SOLARIS], [1], [Are we running on Solaris?]) AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["S"], [Target prefix]) CPPFLAGS="$CPPFLAGS -D_XPG4_2" + test -x /bin/bash && SHELL="/bin/bash" ;; *-*-openbsd*) AC_DEFINE([TARGET_OPENBSD], [1], [Are we running on OpenBSD?]) @@ -364,7 +356,6 @@ AC_ARG_VAR([IFCONFIG], [full path to ipconfig utility]) AC_ARG_VAR([ROUTE], [full path to route utility]) AC_ARG_VAR([IPROUTE], [full path to ip utility]) AC_ARG_VAR([NETSTAT], [path to netstat utility]) # tests -AC_ARG_VAR([MAN2HTML], [path to man2html utility]) AC_ARG_VAR([GIT], [path to git utility]) AC_ARG_VAR([SYSTEMD_ASK_PASSWORD], [path to systemd-ask-password utility]) AC_ARG_VAR([SYSTEMD_UNIT_DIR], [Path of systemd unit directory @<:@default=LIBDIR/systemd/system@:>@]) @@ -374,13 +365,21 @@ AC_PATH_PROGS([ROUTE], [route],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin]) AC_PATH_PROGS([IPROUTE], [ip],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin]) AC_PATH_PROGS([SYSTEMD_ASK_PASSWORD], [systemd-ask-password],, [$PATH:/usr/local/bin:/usr/bin:/bin]) AC_CHECK_PROGS([NETSTAT], [netstat], [netstat], [$PATH:/usr/local/sbin:/usr/sbin:/sbin:/etc]) # tests -AC_CHECK_PROGS([MAN2HTML], [man2html]) AC_CHECK_PROGS([GIT], [git]) # optional AC_DEFINE_UNQUOTED([IFCONFIG_PATH], ["$IFCONFIG"], [Path to ifconfig tool]) AC_DEFINE_UNQUOTED([IPROUTE_PATH], ["$IPROUTE"], [Path to iproute tool]) AC_DEFINE_UNQUOTED([ROUTE_PATH], ["$ROUTE"], [Path to route tool]) AC_DEFINE_UNQUOTED([SYSTEMD_ASK_PASSWORD_PATH], ["$SYSTEMD_ASK_PASSWORD"], [Path to systemd-ask-password tool]) +# +# man page generation - based on python-docutils +# +AC_ARG_VAR([RST2MAN], [path to rst2man utility]) +AC_ARG_VAR([RST2HTML], [path to rst2html utility]) +AC_CHECK_PROGS([RST2MAN], [rst2man]) +AC_CHECK_PROGS([RST2HTML], [rst2html]) +AM_CONDITIONAL([HAVE_PYDOCUTILS], [test "${RST2MAN}" -a "${RST2HTML}"]) + # Set -std=c99 unless user already specified a -std= case "${CFLAGS}" in *-std=*) ;; @@ -441,7 +440,7 @@ AC_CHECK_HEADERS([ \ unistd.h signal.h libgen.h stropts.h \ syslog.h pwd.h grp.h \ sys/sockio.h sys/uio.h linux/sockios.h \ - linux/types.h sys/poll.h sys/epoll.h err.h \ + linux/types.h poll.h sys/epoll.h err.h \ ]) SOCKET_INCLUDES=" @@ -658,7 +657,7 @@ AC_CHECK_FUNCS([ \ ctime memset vsnprintf strdup \ setsid chdir putenv getpeername unlink \ chsize ftruncate execve getpeereid umask basename dirname access \ - epoll_create \ + epoll_create strsep \ ]) AC_CHECK_LIB( @@ -841,7 +840,7 @@ PKG_CHECK_MODULES( [] ) -if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then +if test "${with_crypto_library}" = "openssl"; then AC_ARG_VAR([OPENSSL_CFLAGS], [C compiler flags for OpenSSL]) AC_ARG_VAR([OPENSSL_LIBS], [linker flags for OpenSSL]) @@ -849,11 +848,10 @@ if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then # if the user did not explicitly specify flags, try to autodetect PKG_CHECK_MODULES( [OPENSSL], - [libcrypto >= 0.9.8, libssl >= 0.9.8], - [have_openssl="yes"], - [have_openssl="no"] # Provide if-not-found to prevent erroring out + [openssl >= 1.0.2], + [have_openssl="yes"], + [] # If this fails, we will do another test next ) - OPENSSL_LIBS=${OPENSSL_LIBS:--lssl -lcrypto} fi @@ -862,6 +860,27 @@ if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}" LIBS="${LIBS} ${OPENSSL_LIBS}" + # If pkgconfig check failed or OPENSSL_CFLAGS/OPENSSL_LIBS env vars + # are used, check the version directly in the OpenSSL include file + if test "${have_openssl}" != "yes"; then + AC_MSG_CHECKING([additionally if OpenSSL is available and version >= 1.0.2]) + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [[ +#include <openssl/opensslv.h> + ]], + [[ +/* Version encoding: MNNFFPPS - see opensslv.h for details */ +#if OPENSSL_VERSION_NUMBER < 0x10002000L +#error OpenSSL too old +#endif + ]] + )], + [AC_MSG_RESULT([ok])], + [AC_MSG_ERROR([OpenSSL version too old])] + ) + fi + AC_CHECK_FUNCS([SSL_CTX_new EVP_CIPHER_CTX_set_key_length], , [AC_MSG_ERROR([openssl check failed])] @@ -888,13 +907,16 @@ if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then AC_DEFINE([HAVE_OPENSSL_ENGINE], [1], [OpenSSL engine support available]) fi - have_crypto_aead_modes="yes" - AC_CHECK_FUNCS( + AC_CHECK_FUNC( [EVP_aes_256_gcm], , - [have_crypto_aead_modes="no"; break] + [AC_MSG_ERROR([OpenSSL check for AES-256-GCM support failed])] ) + # All supported OpenSSL version (>= 1.0.2) + # have this feature + have_export_keying_material="yes" + AC_CHECK_FUNCS( [ \ HMAC_CTX_new \ @@ -904,8 +926,10 @@ if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then EVP_MD_CTX_free \ EVP_MD_CTX_reset \ EVP_CIPHER_CTX_reset \ + OpenSSL_version \ SSL_CTX_get_default_passwd_cb \ SSL_CTX_get_default_passwd_cb_userdata \ + SSL_CTX_set1_groups \ SSL_CTX_set_security_level \ X509_get0_notBefore \ X509_get0_notAfter \ @@ -913,7 +937,6 @@ if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then X509_STORE_get0_objects \ X509_OBJECT_free \ X509_OBJECT_get_type \ - EVP_PKEY_id \ EVP_PKEY_get0_RSA \ EVP_PKEY_get0_DSA \ EVP_PKEY_get0_EC_KEY \ @@ -941,11 +964,10 @@ if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then CFLAGS="${saved_CFLAGS}" LIBS="${saved_LIBS}" - have_crypto="yes" AC_DEFINE([ENABLE_CRYPTO_OPENSSL], [1], [Use OpenSSL library]) CRYPTO_CFLAGS="${OPENSSL_CFLAGS}" CRYPTO_LIBS="${OPENSSL_LIBS}" -elif test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "mbedtls"; then +elif test "${with_crypto_library}" = "mbedtls"; then AC_ARG_VAR([MBEDTLS_CFLAGS], [C compiler flags for mbedtls]) AC_ARG_VAR([MBEDTLS_LIBS], [linker flags for mbedtls]) @@ -983,52 +1005,28 @@ elif test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "mbedtls"; th [AC_MSG_ERROR([mbed TLS 2.y.z required])] ) - mbedtls_with_pkcs11="no" - AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM( - [[ -#include <mbedtls/config.h> - ]], - [[ -#ifndef MBEDTLS_PKCS11_C -#error pkcs11 wrapper missing -#endif - ]] - )], - mbedtls_with_pkcs11="yes") - - AC_MSG_CHECKING([mbedtls pkcs11 support]) - if test "${enable_pkcs11}" = "yes"; then - if test "${mbedtls_with_pkcs11}" = "yes"; then - AC_MSG_RESULT([ok]) - else - AC_MSG_ERROR([mbedtls has no pkcs11 wrapper compiled in]) - fi - else - if test "${mbedtls_with_pkcs11}" != "yes"; then - AC_MSG_RESULT([ok]) - else - AC_MSG_ERROR([mbed TLS compiled with PKCS11, while OpenVPN is not]) - fi - fi - - have_crypto_aead_modes="yes" AC_CHECK_FUNCS( [ \ mbedtls_cipher_write_tag \ mbedtls_cipher_check_tag \ ], , - [have_crypto_aead_modes="no"; break] + [AC_MSG_ERROR([mbed TLS check for AEAD support failed])] + ) + + have_export_keying_material="yes" + AC_CHECK_FUNC( + [mbedtls_ssl_conf_export_keys_ext_cb], + , + [have_export_keying_material="no"] ) CFLAGS="${saved_CFLAGS}" LIBS="${saved_LIBS}" - have_crypto="yes" AC_DEFINE([ENABLE_CRYPTO_MBEDTLS], [1], [Use mbed TLS library]) CRYPTO_CFLAGS="${MBEDTLS_CFLAGS}" CRYPTO_LIBS="${MBEDTLS_LIBS}" -elif test "${enable_crypto}" = "yes"; then +else AC_MSG_ERROR([Invalid crypto library: ${with_crypto_library}]) fi @@ -1217,7 +1215,6 @@ if test "${enable_x509_alt_username}" = "yes"; then fi test "${ac_cv_header_sys_uio_h}" = "yes" && AC_DEFINE([HAVE_IOVEC], [1], [struct iovec needed for IPv6 support]) -test "${enable_server}" = "no" && AC_DEFINE([ENABLE_CLIENT_ONLY], [1], [Enable client capability only]) test "${enable_management}" = "yes" && AC_DEFINE([ENABLE_MANAGEMENT], [1], [Enable management server capability]) test "${enable_multihome}" = "yes" && AC_DEFINE([ENABLE_MULTIHOME], [1], [Enable multi-homed UDP server capability]) test "${enable_debug}" = "yes" && AC_DEFINE([ENABLE_DEBUG], [1], [Enable debugging support]) @@ -1228,14 +1225,15 @@ test "${enable_def_auth}" = "yes" && AC_DEFINE([ENABLE_DEF_AUTH], [1], [Enable d test "${enable_pf}" = "yes" && AC_DEFINE([ENABLE_PF], [1], [Enable internal packet filter]) test "${enable_strict_options}" = "yes" && AC_DEFINE([ENABLE_STRICT_OPTIONS_CHECK], [1], [Enable strict options check between peers]) -if test "${enable_crypto}" = "yes"; then - test "${have_crypto}" != "yes" && AC_MSG_ERROR([${with_crypto_library} crypto is required but missing]) - test "${enable_crypto_ofb_cfb}" = "yes" && AC_DEFINE([ENABLE_OFB_CFB_MODE], [1], [Enable OFB and CFB cipher modes]) - test "${have_crypto_aead_modes}" = "yes" && AC_DEFINE([HAVE_AEAD_CIPHER_MODES], [1], [Use crypto library]) - OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_CFLAGS}" - OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_LIBS}" - AC_DEFINE([ENABLE_CRYPTO], [1], [Enable crypto library]) +test "${enable_crypto_ofb_cfb}" = "yes" && AC_DEFINE([ENABLE_OFB_CFB_MODE], [1], [Enable OFB and CFB cipher modes]) +if test "${have_export_keying_material}" = "yes"; then + AC_DEFINE( + [HAVE_EXPORT_KEYING_MATERIAL], [1], + [Crypto library supports keying material exporter] + ) fi +OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_CFLAGS}" +OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_LIBS}" if test "${enable_plugins}" = "yes"; then OPTIONAL_DL_LIBS="${DL_LIBS}" @@ -1245,14 +1243,19 @@ else enable_plugin_down_root="no" fi +AM_CONDITIONAL([HAVE_SITNL], [false]) + if test "${enable_iproute2}" = "yes"; then test -z "${IPROUTE}" && AC_MSG_ERROR([ip utility is required but missing]) AC_DEFINE([ENABLE_IPROUTE], [1], [enable iproute2 support]) -else - if test "${WIN32}" != "yes"; then - test -z "${ROUTE}" && AC_MSG_ERROR([route utility is required but missing]) - test -z "${IFCONFIG}" && AC_MSG_ERROR([ifconfig utility is required but missing]) - fi +else if test "${have_sitnl}" = "yes"; then + AC_DEFINE([ENABLE_SITNL], [1], [enable sitnl support]) + AM_CONDITIONAL([HAVE_SITNL], [true]) +else if test "${WIN32}" != "yes" -a "${have_sitnl}" != "yes"; then + test -z "${ROUTE}" && AC_MSG_ERROR([route utility is required but missing]) + test -z "${IFCONFIG}" && AC_MSG_ERROR([ifconfig utility is required but missing]) +fi +fi fi if test "${enable_selinux}" = "yes"; then @@ -1275,7 +1278,6 @@ fi if test "${enable_pkcs11}" = "yes"; then test "${have_pkcs11_helper}" != "yes" && AC_MSG_ERROR([PKCS11 enabled but libpkcs11-helper is missing]) - test "${enable_crypto}" != "yes" && AC_MSG_ERROR([PKCS11 can be enabled only if crypto is enabled]) OPTIONAL_PKCS11_HELPER_CFLAGS="${PKCS11_HELPER_CFLAGS}" OPTIONAL_PKCS11_HELPER_LIBS="${PKCS11_HELPER_LIBS}" AC_DEFINE([ENABLE_PKCS11], [1], [Enable PKCS11]) @@ -1288,14 +1290,18 @@ if test "${enable_pkcs11}" = "yes"; then ) fi +# When testing a compiler option, we add -Werror to force +# an error when the option is unsupported. This is not +# required for gcc, but some compilers such as clang needs it. AC_DEFUN([ACL_CHECK_ADD_COMPILE_FLAGS], [ old_cflags="$CFLAGS" - CFLAGS="$1 $CFLAGS" - AC_MSG_CHECKING([whether the compiler acceppts $1]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM()], [AC_MSG_RESULT([yes])], + CFLAGS="$1 -Werror $CFLAGS" + AC_MSG_CHECKING([whether the compiler accepts $1]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM()], [AC_MSG_RESULT([yes])]; CFLAGS="$1 $old_cflags", [AC_MSG_RESULT([no]); CFLAGS="$old_cflags"])] ) +ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-stringop-truncation]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-unused-function]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-unused-parameter]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wall]) @@ -1312,10 +1318,6 @@ if test "${enable_werror}" = "yes"; then CFLAGS="${CFLAGS} -Werror" fi -if test "${WIN32}" = "yes"; then - test -z "${MAN2HTML}" && AC_MSG_ERROR([man2html is required for win32]) -fi - if test "${enable_plugin_auth_pam}" = "yes"; then PLUGIN_AUTH_PAM_CFLAGS="${LIBPAM_CFLAGS}" if test "${enable_pam_dlopen}" = "yes"; then @@ -1383,8 +1385,8 @@ AM_CONDITIONAL([WIN32], [test "${WIN32}" = "yes"]) AM_CONDITIONAL([GIT_CHECKOUT], [test "${GIT_CHECKOUT}" = "yes"]) AM_CONDITIONAL([ENABLE_PLUGIN_AUTH_PAM], [test "${enable_plugin_auth_pam}" = "yes"]) AM_CONDITIONAL([ENABLE_PLUGIN_DOWN_ROOT], [test "${enable_plugin_down_root}" = "yes"]) -AM_CONDITIONAL([ENABLE_CRYPTO], [test "${enable_crypto}" = "yes"]) AM_CONDITIONAL([HAVE_LD_WRAP_SUPPORT], [test "${have_ld_wrap_support}" = "yes"]) +AM_CONDITIONAL([OPENSSL_ENGINE], [test "${have_openssl_engine}" = "yes"]) sampledir="\$(docdir)/sample" AC_SUBST([plugindir]) @@ -1393,27 +1395,31 @@ AC_SUBST([sampledir]) AC_SUBST([systemdunitdir]) AC_SUBST([tmpfilesdir]) -TEST_LDFLAGS="${OPTIONAL_CRYPTO_LIBS} ${OPTIONAL_PKCS11_HELPER_LIBS} -lcmocka -L\$(top_builddir)/vendor/dist/lib -Wl,-rpath,\$(top_builddir)/vendor/dist/lib" -TEST_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${OPTIONAL_PKCS11_HELPER_CFLAGS} -I\$(top_srcdir)/include -I\$(top_builddir)/vendor/dist/include" +AC_ARG_ENABLE( + [unit-tests], + [AS_HELP_STRING([--disable-unit-tests], + [Disables building and running the unit tests suite])], + [], + [enable_unit_tests="yes"] +) -AC_SUBST([TEST_LDFLAGS]) -AC_SUBST([TEST_CFLAGS]) +# Check if cmocka is available - needed for unit testing +PKG_CHECK_MODULES( + [CMOCKA], [cmocka], + [have_cmocka="yes"], + [AC_MSG_WARN([cmocka.pc not found on the system. Unit tests disabled])] +) +AM_CONDITIONAL([ENABLE_UNITTESTS], [test "${enable_unit_tests}" = "yes" -a "${have_cmocka}" = "yes" ]) +AC_SUBST([ENABLE_UNITTESTS]) -# Check if cmake is available and cmocka git submodule is initialized, -# needed for unit testing -AC_CHECK_PROGS([CMAKE], [cmake]) -if test -n "${CMAKE}"; then - if test -f "${srcdir}/vendor/cmocka/CMakeLists.txt"; then - AM_CONDITIONAL([CMOCKA_INITIALIZED], [true]) - else - AM_CONDITIONAL([CMOCKA_INITIALIZED], [false]) - AC_MSG_RESULT([!! WARNING !! The cmoka git submodule has not been initialized or updated. Unit testing cannot be performed.]) - fi -else - AC_MSG_RESULT([!! WARNING !! CMake is NOT available. Unit testing cannot be performed.]) - AM_CONDITIONAL([CMOCKA_INITIALIZED], [false]) -fi +TEST_LDFLAGS="${OPTIONAL_CRYPTO_LIBS} ${OPTIONAL_PKCS11_HELPER_LIBS}" +TEST_LDFLAGS="${TEST_LDFLAGS} ${OPTIONAL_LZO_LIBS} ${CMOCKA_LIBS}" +TEST_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${OPTIONAL_PKCS11_HELPER_CFLAGS}" +TEST_CFLAGS="${TEST_CFLAGS} ${OPTIONAL_LZO_CFLAGS}" +TEST_CFLAGS="${TEST_CFLAGS} -I\$(top_srcdir)/include ${CMOCKA_CFLAGS}" +AC_SUBST([TEST_LDFLAGS]) +AC_SUBST([TEST_CFLAGS]) AC_CONFIG_FILES([ version.sh @@ -1423,23 +1429,27 @@ AC_CONFIG_FILES([ build/msvc/msvc-generate/Makefile distro/Makefile distro/systemd/Makefile + doc/Makefile + doc/doxygen/Makefile + doc/doxygen/openvpn.doxyfile include/Makefile src/Makefile src/compat/Makefile src/openvpn/Makefile + src/openvpnmsica/Makefile src/openvpnserv/Makefile src/plugins/Makefile src/plugins/auth-pam/Makefile src/plugins/down-root/Makefile + src/tapctl/Makefile tests/Makefile tests/unit_tests/Makefile tests/unit_tests/example_test/Makefile tests/unit_tests/openvpn/Makefile tests/unit_tests/plugins/Makefile tests/unit_tests/plugins/auth-pam/Makefile - vendor/Makefile + tests/unit_tests/engine-key/Makefile sample/Makefile - doc/Makefile ]) AC_CONFIG_FILES([tests/t_client.sh], [chmod +x tests/t_client.sh]) AC_OUTPUT |