"Fossies" - the Fresh Open Source Software Archive

Member "cryptsetup-2.4.3/configure.ac" (13 Jan 2022, 26739 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "configure.ac": 2.4.2_vs_2.4.3.

    1 AC_PREREQ([2.67])
    2 AC_INIT([cryptsetup],[2.4.3])
    3 
    4 dnl library version from <major>.<minor>.<release>[-<suffix>]
    5 LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)
    6 LIBCRYPTSETUP_VERSION_INFO=19:0:7
    7 
    8 AM_SILENT_RULES([yes])
    9 AC_CONFIG_SRCDIR(src/cryptsetup.c)
   10 AC_CONFIG_MACRO_DIR([m4])
   11 
   12 AC_CONFIG_HEADERS([config.h:config.h.in])
   13 
   14 # We do not want to run test in parallel. Really.
   15 # http://lists.gnu.org/archive/html/automake/2013-01/msg00060.html
   16 
   17 # For old automake use this
   18 #AM_INIT_AUTOMAKE(dist-xz subdir-objects)
   19 AM_INIT_AUTOMAKE([dist-xz 1.12 serial-tests subdir-objects foreign])
   20 
   21 if test "x$prefix" = "xNONE"; then
   22 	sysconfdir=/etc
   23 fi
   24 AC_PREFIX_DEFAULT(/usr)
   25 
   26 AC_CANONICAL_HOST
   27 AC_USE_SYSTEM_EXTENSIONS
   28 AC_PROG_CC
   29 AM_PROG_CC_C_O
   30 AC_PROG_CPP
   31 AC_PROG_INSTALL
   32 AC_PROG_MAKE_SET
   33 AC_PROG_MKDIR_P
   34 AC_ENABLE_STATIC(no)
   35 LT_INIT
   36 PKG_PROG_PKG_CONFIG
   37 AM_ICONV
   38 
   39 dnl ==========================================================================
   40 dnl define PKG_CHECK_VAR for old pkg-config <= 0.28
   41 m4_ifndef([AS_VAR_COPY],
   42 [m4_define([AS_VAR_COPY],
   43 [AS_LITERAL_IF([$1[]$2], [$1=$$2], [eval $1=\$$2])])
   44 ])
   45 m4_ifndef([PKG_CHECK_VAR], [
   46 AC_DEFUN([PKG_CHECK_VAR],
   47 [AC_REQUIRE([PKG_PROG_PKG_CONFIG])
   48 AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])
   49 
   50 _PKG_CONFIG([$1], [variable="][$3]["], [$2])
   51 AS_VAR_COPY([$1], [pkg_cv_][$1])
   52 
   53 AS_VAR_IF([$1], [""], [$5], [$4])
   54 ])
   55 ])
   56 dnl ==========================================================================
   57 
   58 AC_C_RESTRICT
   59 
   60 AC_HEADER_DIRENT
   61 AC_CHECK_HEADERS(fcntl.h malloc.h inttypes.h sys/ioctl.h sys/mman.h \
   62 	sys/sysmacros.h sys/statvfs.h ctype.h unistd.h locale.h byteswap.h endian.h stdint.h)
   63 AC_CHECK_DECLS([O_CLOEXEC],,[AC_DEFINE([O_CLOEXEC],[0], [Defined to 0 if not provided])],
   64 [[
   65 #ifdef HAVE_FCNTL_H
   66 # include <fcntl.h>
   67 #endif
   68 ]])
   69 
   70 AC_CHECK_HEADERS(uuid/uuid.h,,[AC_MSG_ERROR([You need the uuid library.])])
   71 AC_CHECK_HEADER(libdevmapper.h,,[AC_MSG_ERROR([You need the device-mapper library.])])
   72 
   73 AC_ARG_ENABLE([keyring],
   74 	AS_HELP_STRING([--disable-keyring], [disable kernel keyring support and builtin kernel keyring token]),
   75 	[], [enable_keyring=yes])
   76 if test "x$enable_keyring" = "xyes"; then
   77 	AC_CHECK_HEADERS(linux/keyctl.h,,[AC_MSG_ERROR([You need Linux kernel headers with kernel keyring service compiled.])])
   78 
   79 	dnl ==========================================================================
   80 	dnl check whether kernel is compiled with kernel keyring service syscalls
   81 	AC_CHECK_DECL(__NR_add_key,,[AC_MSG_ERROR([The kernel is missing add_key syscall.])], [#include <syscall.h>])
   82 	AC_CHECK_DECL(__NR_keyctl,,[AC_MSG_ERROR([The kernel is missing keyctl syscall.])], [#include <syscall.h>])
   83 	AC_CHECK_DECL(__NR_request_key,,[AC_MSG_ERROR([The kernel is missing request_key syscall.])], [#include <syscall.h>])
   84 
   85 	dnl ==========================================================================
   86 	dnl check that key_serial_t hasn't been adopted yet in stdlib
   87 	AC_CHECK_TYPES([key_serial_t], [], [], [
   88 	AC_INCLUDES_DEFAULT
   89 	#ifdef HAVE_LINUX_KEYCTL_H
   90 	# include <linux/keyctl.h>
   91 	#endif
   92 	])
   93 
   94 	AC_DEFINE(KERNEL_KEYRING, 1, [Enable kernel keyring service support])
   95 fi
   96 AM_CONDITIONAL(KERNEL_KEYRING, test "x$enable_keyring" = "xyes")
   97 
   98 saved_LIBS=$LIBS
   99 AC_CHECK_LIB(uuid, uuid_clear, ,[AC_MSG_ERROR([You need the uuid library.])])
  100 AC_SUBST(UUID_LIBS, $LIBS)
  101 LIBS=$saved_LIBS
  102 
  103 AC_SEARCH_LIBS([clock_gettime],[rt posix4])
  104 AC_CHECK_FUNCS([posix_memalign clock_gettime posix_fallocate explicit_bzero])
  105 
  106 if test "x$enable_largefile" = "xno"; then
  107   AC_MSG_ERROR([Building with --disable-largefile is not supported, it can cause data corruption.])
  108 fi
  109 
  110 AC_C_CONST
  111 AC_C_BIGENDIAN
  112 AC_TYPE_OFF_T
  113 AC_SYS_LARGEFILE
  114 AC_FUNC_FSEEKO
  115 AC_PROG_GCC_TRADITIONAL
  116 AC_FUNC_STRERROR_R
  117 
  118 dnl ==========================================================================
  119 dnl LUKS2 external tokens
  120 
  121 AC_ARG_ENABLE([external-tokens],
  122 	AS_HELP_STRING([--disable-external-tokens], [disable external LUKS2 tokens]),
  123 	[], [enable_external_tokens=yes])
  124 if test "x$enable_external_tokens" = "xyes"; then
  125 	AC_DEFINE(USE_EXTERNAL_TOKENS, 1, [Use external tokens])
  126 	dnl we need dynamic library loading here
  127 	saved_LIBS=$LIBS
  128 	AC_SEARCH_LIBS([dlsym],[dl])
  129 	AC_CHECK_FUNCS([dlvsym])
  130 	AC_SUBST(DL_LIBS, $LIBS)
  131 	LIBS=$saved_LIBS
  132 fi
  133 
  134 AC_ARG_ENABLE([ssh-token],
  135 	AS_HELP_STRING([--disable-ssh-token], [disable LUKS2 ssh-token]),
  136 	[], [enable_ssh_token=yes])
  137 AM_CONDITIONAL(SSHPLUGIN_TOKEN, test "x$enable_ssh_token" = "xyes")
  138 
  139 if test "x$enable_ssh_token" = "xyes" -a "x$enable_external_tokens" = "xno"; then
  140 	AC_MSG_ERROR([Requested LUKS2 ssh-token build, but external tokens are disabled.])
  141 fi
  142 
  143 dnl LUKS2 online reencryption
  144 AC_ARG_ENABLE([luks2-reencryption],
  145 	AS_HELP_STRING([--disable-luks2-reencryption], [disable LUKS2 online reencryption extension]),
  146 	[], [enable_luks2_reencryption=yes])
  147 if test "x$enable_luks2_reencryption" = "xyes"; then
  148 	AC_DEFINE(USE_LUKS2_REENCRYPTION, 1, [Use LUKS2 online reencryption extension])
  149 fi
  150 
  151 dnl ==========================================================================
  152 
  153 AM_GNU_GETTEXT([external],[need-ngettext])
  154 AM_GNU_GETTEXT_VERSION([0.18.3])
  155 
  156 dnl ==========================================================================
  157 
  158 saved_LIBS=$LIBS
  159 AC_CHECK_LIB(popt, poptConfigFileToString,,
  160 	[AC_MSG_ERROR([You need popt 1.7 or newer to compile.])])
  161 AC_SUBST(POPT_LIBS, $LIBS)
  162 LIBS=$saved_LIBS
  163 
  164 dnl ==========================================================================
  165 dnl FIPS extensions
  166 AC_ARG_ENABLE([fips],
  167 	AS_HELP_STRING([--enable-fips], [enable FIPS mode restrictions]))
  168 if test "x$enable_fips" = "xyes"; then
  169 	AC_DEFINE(ENABLE_FIPS, 1, [Enable FIPS mode restrictions])
  170 
  171 	if test "x$enable_static" = "xyes" -o "x$enable_static_cryptsetup" = "xyes" ; then
  172 		AC_MSG_ERROR([Static build is not compatible with FIPS.])
  173 	fi
  174 fi
  175 
  176 AC_DEFUN([NO_FIPS], [
  177 	if test "x$enable_fips" = "xyes"; then
  178 		AC_MSG_ERROR([This option is not compatible with FIPS.])
  179 	fi
  180 ])
  181 
  182 dnl ==========================================================================
  183 dnl pwquality library (cryptsetup CLI only)
  184 AC_ARG_ENABLE([pwquality],
  185 	AS_HELP_STRING([--enable-pwquality], [enable password quality checking using pwquality library]))
  186 
  187 if test "x$enable_pwquality" = "xyes"; then
  188 	AC_DEFINE(ENABLE_PWQUALITY, 1, [Enable password quality checking using pwquality library])
  189 	PKG_CHECK_MODULES([PWQUALITY], [pwquality >= 1.0.0],,
  190 		AC_MSG_ERROR([You need pwquality library.]))
  191 
  192 	dnl FIXME: this is really hack for now
  193 	PWQUALITY_STATIC_LIBS="$PWQUALITY_LIBS -lcrack -lz"
  194 fi
  195 
  196 dnl ==========================================================================
  197 dnl passwdqc library (cryptsetup CLI only)
  198 AC_ARG_ENABLE([passwdqc],
  199 	AS_HELP_STRING([--enable-passwdqc@<:@=CONFIG_PATH@:>@],
  200 		       [enable password quality checking using passwdqc library (optionally with CONFIG_PATH)]))
  201 
  202 case "$enable_passwdqc" in
  203 	""|yes|no) use_passwdqc_config="" ;;
  204 	/*) use_passwdqc_config="$enable_passwdqc"; enable_passwdqc=yes ;;
  205 	*) AC_MSG_ERROR([Unrecognized --enable-passwdqc parameter.]) ;;
  206 esac
  207 AC_DEFINE_UNQUOTED([PASSWDQC_CONFIG_FILE], ["$use_passwdqc_config"], [passwdqc library config file])
  208 
  209 if test "x$enable_passwdqc" = "xyes"; then
  210 	AC_DEFINE(ENABLE_PASSWDQC, 1, [Enable password quality checking using passwdqc library])
  211 
  212 	saved_LIBS="$LIBS"
  213 	AC_SEARCH_LIBS([passwdqc_check], [passwdqc])
  214 	case "$ac_cv_search_passwdqc_check" in
  215 		no) AC_MSG_ERROR([failed to find passwdqc_check]) ;;
  216 		-l*) PASSWDQC_LIBS="$ac_cv_search_passwdqc_check" ;;
  217 		*) PASSWDQC_LIBS= ;;
  218 	esac
  219 	AC_CHECK_FUNCS([passwdqc_params_free])
  220 	LIBS="$saved_LIBS"
  221 fi
  222 
  223 if test "x$enable_pwquality$enable_passwdqc" = "xyesyes"; then
  224 	AC_MSG_ERROR([--enable-pwquality and --enable-passwdqc are mutually incompatible.])
  225 fi
  226 
  227 dnl ==========================================================================
  228 dnl Crypto backend functions
  229 
  230 AC_DEFUN([CONFIGURE_GCRYPT], [
  231 	if test "x$enable_fips" = "xyes"; then
  232 		GCRYPT_REQ_VERSION=1.4.5
  233 	else
  234 		GCRYPT_REQ_VERSION=1.1.42
  235 	fi
  236 
  237 	dnl libgcrypt rejects to use pkgconfig, use AM_PATH_LIBGCRYPT from gcrypt-devel here.
  238 	dnl Do not require gcrypt-devel if other crypto backend is used.
  239 	m4_ifdef([AM_PATH_LIBGCRYPT],[
  240 	AC_ARG_ENABLE([gcrypt-pbkdf2],
  241 		dnl Check if we can use gcrypt PBKDF2 (1.6.0 supports empty password)
  242 		AS_HELP_STRING([--enable-gcrypt-pbkdf2], [force enable internal gcrypt PBKDF2]),
  243 		if test "x$enableval" = "xyes"; then
  244 			[use_internal_pbkdf2=0]
  245 		else
  246 			[use_internal_pbkdf2=1]
  247 		fi,
  248 		[AM_PATH_LIBGCRYPT([1.6.1], [use_internal_pbkdf2=0], [use_internal_pbkdf2=1])])
  249 	AM_PATH_LIBGCRYPT($GCRYPT_REQ_VERSION,,[AC_MSG_ERROR([You need the gcrypt library.])])],
  250 	AC_MSG_ERROR([Missing support for gcrypt: install gcrypt and regenerate configure.]))
  251 
  252 	AC_MSG_CHECKING([if internal cryptsetup PBKDF2 is compiled-in])
  253 	if test $use_internal_pbkdf2 = 0; then
  254 		AC_MSG_RESULT([no])
  255 	else
  256 		AC_MSG_RESULT([yes])
  257 		NO_FIPS([])
  258 	fi
  259 
  260 	AC_CHECK_DECLS([GCRY_CIPHER_MODE_XTS], [], [], [#include <gcrypt.h>])
  261 
  262 	if test "x$enable_static_cryptsetup" = "xyes"; then
  263 		saved_LIBS=$LIBS
  264 		LIBS="$saved_LIBS $LIBGCRYPT_LIBS -static"
  265 		AC_CHECK_LIB(gcrypt, gcry_check_version,,
  266 			AC_MSG_ERROR([Cannot find static gcrypt library.]),
  267 			[-lgpg-error])
  268 		LIBGCRYPT_STATIC_LIBS="$LIBGCRYPT_LIBS -lgpg-error"
  269 		LIBS=$saved_LIBS
  270         fi
  271 
  272 	CRYPTO_CFLAGS=$LIBGCRYPT_CFLAGS
  273 	CRYPTO_LIBS=$LIBGCRYPT_LIBS
  274 	CRYPTO_STATIC_LIBS=$LIBGCRYPT_STATIC_LIBS
  275 
  276 	AC_DEFINE_UNQUOTED(GCRYPT_REQ_VERSION, ["$GCRYPT_REQ_VERSION"], [Requested gcrypt version])
  277 ])
  278 
  279 AC_DEFUN([CONFIGURE_OPENSSL], [
  280 	PKG_CHECK_MODULES([OPENSSL], [openssl >= 0.9.8],,
  281 		AC_MSG_ERROR([You need openssl library.]))
  282 	CRYPTO_CFLAGS=$OPENSSL_CFLAGS
  283 	CRYPTO_LIBS=$OPENSSL_LIBS
  284 	use_internal_pbkdf2=0
  285 
  286 	if test "x$enable_static_cryptsetup" = "xyes"; then
  287 		saved_PKG_CONFIG=$PKG_CONFIG
  288 		PKG_CONFIG="$PKG_CONFIG --static"
  289 		PKG_CHECK_MODULES([OPENSSL_STATIC], [openssl])
  290 		CRYPTO_STATIC_LIBS=$OPENSSL_STATIC_LIBS
  291 		PKG_CONFIG=$saved_PKG_CONFIG
  292 	fi
  293 ])
  294 
  295 AC_DEFUN([CONFIGURE_NSS], [
  296 	if test "x$enable_static_cryptsetup" = "xyes"; then
  297 		AC_MSG_ERROR([Static build of cryptsetup is not supported with NSS.])
  298 	fi
  299 
  300 	AC_MSG_WARN([NSS backend does NOT provide backward compatibility (missing ripemd160 hash).])
  301 
  302 	PKG_CHECK_MODULES([NSS], [nss],,
  303 		AC_MSG_ERROR([You need nss library.]))
  304 
  305 	saved_CFLAGS=$CFLAGS
  306 	CFLAGS="$CFLAGS $NSS_CFLAGS"
  307 	AC_CHECK_DECLS([NSS_GetVersion], [], [], [#include <nss.h>])
  308 	CFLAGS=$saved_CFLAGS
  309 
  310 	CRYPTO_CFLAGS=$NSS_CFLAGS
  311 	CRYPTO_LIBS=$NSS_LIBS
  312 	use_internal_pbkdf2=1
  313 	NO_FIPS([])
  314 ])
  315 
  316 AC_DEFUN([CONFIGURE_KERNEL], [
  317 	AC_CHECK_HEADERS(linux/if_alg.h,,
  318 		[AC_MSG_ERROR([You need Linux kernel headers with userspace crypto interface.])])
  319 #	AC_CHECK_DECLS([AF_ALG],,
  320 #		[AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])],
  321 #		[#include <sys/socket.h>])
  322 	use_internal_pbkdf2=1
  323 	NO_FIPS([])
  324 ])
  325 
  326 AC_DEFUN([CONFIGURE_NETTLE], [
  327 	AC_CHECK_HEADERS(nettle/sha.h,,
  328 		[AC_MSG_ERROR([You need Nettle cryptographic library.])])
  329 	AC_CHECK_HEADERS(nettle/version.h)
  330 
  331 	saved_LIBS=$LIBS
  332 	AC_CHECK_LIB(nettle, nettle_pbkdf2_hmac_sha256,,
  333 		[AC_MSG_ERROR([You need Nettle library version 2.6 or more recent.])])
  334 	CRYPTO_LIBS=$LIBS
  335 	LIBS=$saved_LIBS
  336 
  337 	CRYPTO_STATIC_LIBS=$CRYPTO_LIBS
  338 	use_internal_pbkdf2=0
  339 	NO_FIPS([])
  340 ])
  341 
  342 dnl ==========================================================================
  343 saved_LIBS=$LIBS
  344 
  345 AC_ARG_ENABLE([static-cryptsetup],
  346 	AS_HELP_STRING([--enable-static-cryptsetup], [enable build of static version of tools]))
  347 if test "x$enable_static_cryptsetup" = "xyes"; then
  348 	if test "x$enable_static" = "xno"; then
  349 		AC_MSG_WARN([Requested static cryptsetup build, enabling static library.])
  350 		enable_static=yes
  351 	fi
  352 fi
  353 AM_CONDITIONAL(STATIC_TOOLS, test "x$enable_static_cryptsetup" = "xyes")
  354 
  355 AC_ARG_ENABLE([cryptsetup],
  356 	AS_HELP_STRING([--disable-cryptsetup], [disable cryptsetup support]),
  357 	[], [enable_cryptsetup=yes])
  358 AM_CONDITIONAL(CRYPTSETUP, test "x$enable_cryptsetup" = "xyes")
  359 
  360 AC_ARG_ENABLE([veritysetup],
  361 	AS_HELP_STRING([--disable-veritysetup], [disable veritysetup support]),
  362 	[], [enable_veritysetup=yes])
  363 AM_CONDITIONAL(VERITYSETUP, test "x$enable_veritysetup" = "xyes")
  364 
  365 AC_ARG_ENABLE([cryptsetup-reencrypt],
  366 	AS_HELP_STRING([--disable-cryptsetup-reencrypt], [disable cryptsetup-reencrypt tool]),
  367 	[], [enable_cryptsetup_reencrypt=yes])
  368 AM_CONDITIONAL(REENCRYPT, test "x$enable_cryptsetup_reencrypt" = "xyes")
  369 
  370 AC_ARG_ENABLE([integritysetup],
  371 	AS_HELP_STRING([--disable-integritysetup], [disable integritysetup support]),
  372 	[], [enable_integritysetup=yes])
  373 AM_CONDITIONAL(INTEGRITYSETUP, test "x$enable_integritysetup" = "xyes")
  374 
  375 AC_ARG_ENABLE([selinux],
  376 	AS_HELP_STRING([--disable-selinux], [disable selinux support [default=auto]]),
  377 	[], [enable_selinux=yes])
  378 
  379 AC_ARG_ENABLE([udev],
  380 	AS_HELP_STRING([--disable-udev], [disable udev support]),
  381 	[], [enable_udev=yes])
  382 
  383 dnl Try to use pkg-config for devmapper, but fallback to old detection
  384 PKG_CHECK_MODULES([DEVMAPPER], [devmapper >= 1.02.03],, [
  385 	AC_CHECK_LIB(devmapper, dm_task_set_name,,
  386 		[AC_MSG_ERROR([You need the device-mapper library.])])
  387 	AC_CHECK_LIB(devmapper, dm_task_set_message,,
  388 		[AC_MSG_ERROR([The device-mapper library on your system is too old.])])
  389 	DEVMAPPER_LIBS=$LIBS
  390 ])
  391 LIBS=$saved_LIBS
  392 
  393 LIBS="$LIBS $DEVMAPPER_LIBS"
  394 AC_CHECK_DECLS([dm_task_secure_data], [], [], [#include <libdevmapper.h>])
  395 AC_CHECK_DECLS([dm_task_retry_remove], [], [], [#include <libdevmapper.h>])
  396 AC_CHECK_DECLS([dm_task_deferred_remove], [], [], [#include <libdevmapper.h>])
  397 AC_CHECK_DECLS([dm_device_has_mounted_fs], [], [], [#include <libdevmapper.h>])
  398 AC_CHECK_DECLS([dm_device_has_holders], [], [], [#include <libdevmapper.h>])
  399 AC_CHECK_DECLS([dm_device_get_name], [], [], [#include <libdevmapper.h>])
  400 AC_CHECK_DECLS([DM_DEVICE_GET_TARGET_VERSION], [], [], [#include <libdevmapper.h>])
  401 AC_CHECK_DECLS([DM_UDEV_DISABLE_DISK_RULES_FLAG], [have_cookie=yes], [have_cookie=no], [#include <libdevmapper.h>])
  402 if test "x$enable_udev" = xyes; then
  403 	if test "x$have_cookie" = xno; then
  404 		AC_MSG_WARN([The device-mapper library on your system has no udev support, udev support disabled.])
  405 	else
  406 		AC_DEFINE(USE_UDEV, 1, [Try to use udev synchronisation?])
  407 	fi
  408 fi
  409 LIBS=$saved_LIBS
  410 
  411 dnl Check for JSON-C used in LUKS2
  412 PKG_CHECK_MODULES([JSON_C], [json-c])
  413 AC_CHECK_DECLS([json_object_object_add_ex], [], [], [#include <json-c/json.h>])
  414 AC_CHECK_DECLS([json_object_deep_copy], [], [], [#include <json-c/json.h>])
  415 
  416 dnl Check for libssh and argp for SSH plugin
  417 if test "x$enable_ssh_token" = "xyes"; then
  418 	PKG_CHECK_MODULES([LIBSSH], [libssh])
  419 	AC_CHECK_DECLS([ssh_session_is_known_server], [], [], [#include <libssh/libssh.h>])
  420 	AC_CHECK_HEADER([argp.h], [], AC_MSG_ERROR([You need argp library.]))
  421 	saved_LIBS=$LIBS
  422 	AC_SEARCH_LIBS([argp_usage],[argp])
  423 	AC_SUBST(ARGP_LIBS, $LIBS)
  424 	LIBS=$saved_LIBS
  425 fi
  426 
  427 dnl Crypto backend configuration.
  428 AC_ARG_WITH([crypto_backend],
  429 	AS_HELP_STRING([--with-crypto_backend=BACKEND], [crypto backend (gcrypt/openssl/nss/kernel/nettle) [openssl]]),
  430 	[], [with_crypto_backend=openssl])
  431 
  432 dnl Kernel crypto API backend needed for benchmark and tcrypt
  433 AC_ARG_ENABLE([kernel_crypto],
  434 	AS_HELP_STRING([--disable-kernel_crypto], [disable kernel userspace crypto (no benchmark and tcrypt)]),
  435 	[], [enable_kernel_crypto=yes])
  436 
  437 if test "x$enable_kernel_crypto" = "xyes"; then
  438 	AC_CHECK_HEADERS(linux/if_alg.h,,
  439 		[AC_MSG_ERROR([You need Linux kernel headers with userspace crypto interface. (Or use --disable-kernel_crypto.)])])
  440 	AC_DEFINE(ENABLE_AF_ALG, 1, [Enable using of kernel userspace crypto])
  441 fi
  442 
  443 case $with_crypto_backend in
  444 	gcrypt)  CONFIGURE_GCRYPT([]) ;;
  445 	openssl) CONFIGURE_OPENSSL([]) ;;
  446 	nss)     CONFIGURE_NSS([]) ;;
  447 	kernel)  CONFIGURE_KERNEL([]) ;;
  448 	nettle)  CONFIGURE_NETTLE([]) ;;
  449 	*) AC_MSG_ERROR([Unknown crypto backend.]) ;;
  450 esac
  451 AM_CONDITIONAL(CRYPTO_BACKEND_GCRYPT,  test "$with_crypto_backend" = "gcrypt")
  452 AM_CONDITIONAL(CRYPTO_BACKEND_OPENSSL, test "$with_crypto_backend" = "openssl")
  453 AM_CONDITIONAL(CRYPTO_BACKEND_NSS,     test "$with_crypto_backend" = "nss")
  454 AM_CONDITIONAL(CRYPTO_BACKEND_KERNEL,  test "$with_crypto_backend" = "kernel")
  455 AM_CONDITIONAL(CRYPTO_BACKEND_NETTLE,  test "$with_crypto_backend" = "nettle")
  456 
  457 AM_CONDITIONAL(CRYPTO_INTERNAL_PBKDF2, test $use_internal_pbkdf2 = 1)
  458 AC_DEFINE_UNQUOTED(USE_INTERNAL_PBKDF2, [$use_internal_pbkdf2], [Use internal PBKDF2])
  459 
  460 dnl Argon2 implementation
  461 AC_ARG_ENABLE([internal-argon2],
  462 	AS_HELP_STRING([--disable-internal-argon2], [disable internal implementation of Argon2 PBKDF]),
  463 	[], [enable_internal_argon2=yes])
  464 
  465 AC_ARG_ENABLE([libargon2],
  466 	AS_HELP_STRING([--enable-libargon2], [enable external libargon2 (PHC) library (disables internal bundled version)]))
  467 
  468 if test "x$enable_libargon2" = "xyes" ; then
  469 	AC_CHECK_HEADERS(argon2.h,,
  470 		[AC_MSG_ERROR([You need libargon2 development library installed.])])
  471 	AC_CHECK_DECL(Argon2_id,,[AC_MSG_ERROR([You need more recent Argon2 library with support for Argon2id.])], [#include <argon2.h>])
  472 	PKG_CHECK_MODULES([LIBARGON2], [libargon2],,[LIBARGON2_LIBS="-largon2"])
  473 	enable_internal_argon2=no
  474 else
  475 	AC_MSG_WARN([Argon2 bundled (slow) reference implementation will be used, please consider to use system library with --enable-libargon2.])
  476 
  477 	AC_ARG_ENABLE([internal-sse-argon2],
  478 		AS_HELP_STRING([--enable-internal-sse-argon2], [enable internal SSE implementation of Argon2 PBKDF]))
  479 
  480 	if test "x$enable_internal_sse_argon2" = "xyes"; then
  481 		AC_MSG_CHECKING(if Argon2 SSE optimization can be used)
  482 		AC_LINK_IFELSE([AC_LANG_PROGRAM([[
  483 			#include <emmintrin.h>
  484 			__m128i testfunc(__m128i *a, __m128i *b) {
  485 			  return _mm_xor_si128(_mm_loadu_si128(a), _mm_loadu_si128(b));
  486 			}
  487 		]])],,[enable_internal_sse_argon2=no])
  488 		AC_MSG_RESULT($enable_internal_sse_argon2)
  489 	fi
  490 fi
  491 
  492 if test "x$enable_internal_argon2" = "xyes"; then
  493 	AC_DEFINE(USE_INTERNAL_ARGON2, 1, [Use internal Argon2])
  494 fi
  495 AM_CONDITIONAL(CRYPTO_INTERNAL_ARGON2, test "x$enable_internal_argon2" = "xyes")
  496 AM_CONDITIONAL(CRYPTO_INTERNAL_SSE_ARGON2, test "x$enable_internal_sse_argon2" = "xyes")
  497 
  498 dnl Link with blkid to check for other device types
  499 AC_ARG_ENABLE([blkid],
  500 	AS_HELP_STRING([--disable-blkid], [disable use of blkid for device signature detection and wiping]),
  501 	[], [enable_blkid=yes])
  502 
  503 if test "x$enable_blkid" = "xyes"; then
  504 	PKG_CHECK_MODULES([BLKID], [blkid],[AC_DEFINE([HAVE_BLKID], 1, [Define to 1 to use blkid for detection of disk signatures.])],[LIBBLKID_LIBS="-lblkid"])
  505 
  506 	AC_CHECK_HEADERS(blkid/blkid.h,,[AC_MSG_ERROR([You need blkid development library installed.])])
  507 	AC_CHECK_DECL([blkid_do_wipe],
  508 		      [ AC_DEFINE([HAVE_BLKID_WIPE], 1, [Define to 1 to use blkid_do_wipe.])
  509 			enable_blkid_wipe=yes
  510 		      ],,
  511 		      [#include <blkid/blkid.h>])
  512 	AC_CHECK_DECL([blkid_probe_step_back],
  513 		      [ AC_DEFINE([HAVE_BLKID_STEP_BACK], 1, [Define to 1 to use blkid_probe_step_back.])
  514 			enable_blkid_step_back=yes
  515 		      ],,
  516 		      [#include <blkid/blkid.h>])
  517 	AC_CHECK_DECLS([ blkid_reset_probe,
  518 			 blkid_probe_set_device,
  519 			 blkid_probe_filter_superblocks_type,
  520 			 blkid_do_safeprobe,
  521 			 blkid_do_probe,
  522 			 blkid_probe_lookup_value
  523 		       ],,
  524 		       [AC_MSG_ERROR([Can not compile with blkid support, disable it by --disable-blkid.])],
  525 		       [#include <blkid/blkid.h>])
  526 fi
  527 AM_CONDITIONAL(HAVE_BLKID, test "x$enable_blkid" = "xyes")
  528 AM_CONDITIONAL(HAVE_BLKID_WIPE, test "x$enable_blkid_wipe" = "xyes")
  529 AM_CONDITIONAL(HAVE_BLKID_STEP_BACK, test "x$enable_blkid_step_back" = "xyes")
  530 
  531 dnl Magic for cryptsetup.static build.
  532 if test "x$enable_static_cryptsetup" = "xyes"; then
  533 	saved_PKG_CONFIG=$PKG_CONFIG
  534 	PKG_CONFIG="$PKG_CONFIG --static"
  535 
  536 	LIBS="$saved_LIBS -static"
  537 	AC_CHECK_LIB(popt, poptGetContext,,
  538 		AC_MSG_ERROR([Cannot find static popt library.]))
  539 
  540 	dnl Try to detect needed device-mapper static libraries, try pkg-config first.
  541 	LIBS="$saved_LIBS -static"
  542 	PKG_CHECK_MODULES([DEVMAPPER_STATIC], [devmapper >= 1.02.27],,[
  543 		DEVMAPPER_STATIC_LIBS=$DEVMAPPER_LIBS
  544 		if test "x$enable_selinux" = "xyes"; then
  545 			AC_CHECK_LIB(sepol, sepol_bool_set)
  546 			AC_CHECK_LIB(selinux, is_selinux_enabled)
  547 			DEVMAPPER_STATIC_LIBS="$DEVMAPPER_STATIC_LIBS $LIBS"
  548 		fi
  549 	])
  550 	LIBS="$saved_LIBS $DEVMAPPER_STATIC_LIBS"
  551 	AC_CHECK_LIB(devmapper, dm_task_set_uuid,,
  552 		AC_MSG_ERROR([Cannot link with static device-mapper library.]))
  553 
  554 	dnl Try to detect uuid static library.
  555 	LIBS="$saved_LIBS -static"
  556 	AC_CHECK_LIB(uuid, uuid_generate,,
  557 		AC_MSG_ERROR([Cannot find static uuid library.]))
  558 
  559 	LIBS=$saved_LIBS
  560 	PKG_CONFIG=$saved_PKG_CONFIG
  561 fi
  562 
  563 AC_MSG_CHECKING([for systemd tmpfiles config directory])
  564 PKG_CHECK_VAR([systemd_tmpfilesdir], [systemd], [tmpfilesdir], [], [systemd_tmpfilesdir=no])
  565 AC_MSG_RESULT([$systemd_tmpfilesdir])
  566 
  567 AC_SUBST([DEVMAPPER_LIBS])
  568 AC_SUBST([DEVMAPPER_STATIC_LIBS])
  569 
  570 AC_SUBST([PWQUALITY_LIBS])
  571 AC_SUBST([PWQUALITY_STATIC_LIBS])
  572 
  573 AC_SUBST([PASSWDQC_LIBS])
  574 
  575 AC_SUBST([CRYPTO_CFLAGS])
  576 AC_SUBST([CRYPTO_LIBS])
  577 AC_SUBST([CRYPTO_STATIC_LIBS])
  578 
  579 AC_SUBST([JSON_C_LIBS])
  580 AC_SUBST([LIBARGON2_LIBS])
  581 AC_SUBST([BLKID_LIBS])
  582 
  583 AC_SUBST([LIBSSH_LIBS])
  584 
  585 AC_SUBST([LIBCRYPTSETUP_VERSION])
  586 AC_SUBST([LIBCRYPTSETUP_VERSION_INFO])
  587 
  588 dnl ==========================================================================
  589 AC_ARG_ENABLE([dev-random],
  590 	AS_HELP_STRING([--enable-dev-random], [use /dev/random by default for key generation (otherwise use /dev/urandom)]))
  591 if test "x$enable_dev_random" = "xyes"; then
  592 	default_rng=/dev/random
  593 else
  594 	default_rng=/dev/urandom
  595 fi
  596 AC_DEFINE_UNQUOTED(DEFAULT_RNG, ["$default_rng"], [default RNG type for key generator])
  597 
  598 dnl ==========================================================================
  599 AC_DEFUN([CS_DEFINE],
  600 	[AC_DEFINE_UNQUOTED(DEFAULT_[]m4_translit([$1], [-a-z], [_A-Z]), [$2], [$3])
  601 ])
  602 
  603 AC_DEFUN([CS_STR_WITH], [AC_ARG_WITH([$1],
  604 	[AS_HELP_STRING(--with-[$1], [default $2 [$3]])],
  605 	[CS_DEFINE([$1], ["$withval"], [$2])],
  606 	[CS_DEFINE([$1], ["$3"], [$2])]
  607 )])
  608 
  609 AC_DEFUN([CS_NUM_WITH], [AC_ARG_WITH([$1],
  610 	[AS_HELP_STRING(--with-[$1], [default $2 [$3]])],
  611 	[CS_DEFINE([$1], [$withval], [$2])],
  612 	[CS_DEFINE([$1], [$3], [$2])]
  613 )])
  614 
  615 AC_DEFUN([CS_ABSPATH], [
  616 	case "$1" in
  617 		/*) ;;
  618 		*) AC_MSG_ERROR([$2 argument must be an absolute path.]);;
  619 	esac
  620 ])
  621 
  622 dnl ==========================================================================
  623 CS_STR_WITH([plain-hash],   [password hashing function for plain mode], [ripemd160])
  624 CS_STR_WITH([plain-cipher], [cipher for plain mode], [aes])
  625 CS_STR_WITH([plain-mode],   [cipher mode for plain mode], [cbc-essiv:sha256])
  626 CS_NUM_WITH([plain-keybits],[key length in bits for plain mode], [256])
  627 
  628 CS_STR_WITH([luks1-hash],   [hash function for LUKS1 header], [sha256])
  629 CS_STR_WITH([luks1-cipher], [cipher for LUKS1], [aes])
  630 CS_STR_WITH([luks1-mode],   [cipher mode for LUKS1], [xts-plain64])
  631 CS_NUM_WITH([luks1-keybits],[key length in bits for LUKS1], [256])
  632 
  633 AC_ARG_ENABLE([luks_adjust_xts_keysize], AS_HELP_STRING([--disable-luks-adjust-xts-keysize],
  634 	[XTS mode requires two keys, double default LUKS keysize if needed]),
  635 	[], [enable_luks_adjust_xts_keysize=yes])
  636 if test "x$enable_luks_adjust_xts_keysize" = "xyes"; then
  637 	AC_DEFINE(ENABLE_LUKS_ADJUST_XTS_KEYSIZE, 1, [XTS mode - double default LUKS keysize if needed])
  638 fi
  639 
  640 CS_STR_WITH([luks2-pbkdf],           [Default PBKDF algorithm (pbkdf2 or argon2i/argon2id) for LUKS2], [argon2id])
  641 CS_NUM_WITH([luks1-iter-time],       [PBKDF2 iteration time for LUKS1 (in ms)], [2000])
  642 CS_NUM_WITH([luks2-iter-time],       [Argon2 PBKDF iteration time for LUKS2 (in ms)], [2000])
  643 CS_NUM_WITH([luks2-memory-kb],       [Argon2 PBKDF memory cost for LUKS2 (in kB)], [1048576])
  644 CS_NUM_WITH([luks2-parallel-threads],[Argon2 PBKDF max parallel cost for LUKS2 (if CPUs available)], [4])
  645 
  646 CS_STR_WITH([luks2-keyslot-cipher], [fallback cipher for LUKS2 keyslot (if data encryption is incompatible)], [aes-xts-plain64])
  647 CS_NUM_WITH([luks2-keyslot-keybits],[fallback key size for LUKS2 keyslot (if data encryption is incompatible)], [512])
  648 
  649 CS_STR_WITH([loopaes-cipher], [cipher for loop-AES mode], [aes])
  650 CS_NUM_WITH([loopaes-keybits],[key length in bits for loop-AES mode], [256])
  651 
  652 CS_NUM_WITH([keyfile-size-maxkb],[maximum keyfile size (in KiB)], [8192])
  653 CS_NUM_WITH([integrity-keyfile-size-maxkb],[maximum integritysetup keyfile size (in KiB)], [4])
  654 CS_NUM_WITH([passphrase-size-max],[maximum passphrase size (in characters)], [512])
  655 
  656 CS_STR_WITH([verity-hash],       [hash function for verity mode], [sha256])
  657 CS_NUM_WITH([verity-data-block], [data block size for verity mode], [4096])
  658 CS_NUM_WITH([verity-hash-block], [hash block size for verity mode], [4096])
  659 CS_NUM_WITH([verity-salt-size],  [salt size for verity mode], [32])
  660 CS_NUM_WITH([verity-fec-roots],  [parity bytes for verity FEC], [2])
  661 
  662 CS_STR_WITH([tmpfilesdir], [override default path to directory with systemd temporary files], [])
  663 test -z "$with_tmpfilesdir" && with_tmpfilesdir=$systemd_tmpfilesdir
  664 test "x$with_tmpfilesdir" = "xno" || {
  665 	CS_ABSPATH([${with_tmpfilesdir}],[with-tmpfilesdir])
  666 	DEFAULT_TMPFILESDIR=$with_tmpfilesdir
  667 	AC_SUBST(DEFAULT_TMPFILESDIR)
  668 }
  669 AM_CONDITIONAL(CRYPTSETUP_TMPFILE, test -n "$DEFAULT_TMPFILESDIR")
  670 
  671 CS_STR_WITH([luks2-lock-path], [path to directory for LUKSv2 locks], [/run/cryptsetup])
  672 test -z "$with_luks2_lock_path" && with_luks2_lock_path=/run/cryptsetup
  673 CS_ABSPATH([${with_luks2_lock_path}],[with-luks2-lock-path])
  674 DEFAULT_LUKS2_LOCK_PATH=$with_luks2_lock_path
  675 AC_SUBST(DEFAULT_LUKS2_LOCK_PATH)
  676 
  677 CS_NUM_WITH([luks2-lock-dir-perms], [default luks2 locking directory permissions], [0700])
  678 test -z "$with_luks2_lock_dir_perms" && with_luks2_lock_dir_perms=0700
  679 DEFAULT_LUKS2_LOCK_DIR_PERMS=$with_luks2_lock_dir_perms
  680 AC_SUBST(DEFAULT_LUKS2_LOCK_DIR_PERMS)
  681 
  682 CS_STR_WITH([luks2-external-tokens-path], [path to directory with LUKSv2 external token handlers (plugins)], [LIBDIR/cryptsetup])
  683 if test -n "$with_luks2_external_tokens_path"; then
  684 	CS_ABSPATH([${with_luks2_external_tokens_path}],[with-luks2-external-tokens-path])
  685 	EXTERNAL_LUKS2_TOKENS_PATH=$with_luks2_external_tokens_path
  686 else
  687 	EXTERNAL_LUKS2_TOKENS_PATH="\${libdir}/cryptsetup"
  688 fi
  689 AC_SUBST(EXTERNAL_LUKS2_TOKENS_PATH)
  690 
  691 dnl Override default LUKS format version (for cryptsetup or cryptsetup-reencrypt format actions only).
  692 AC_ARG_WITH([default_luks_format],
  693 	AS_HELP_STRING([--with-default-luks-format=FORMAT], [default LUKS format version (LUKS1/LUKS2) [LUKS2]]),
  694 	[], [with_default_luks_format=LUKS2])
  695 
  696 case $with_default_luks_format in
  697 	LUKS1) default_luks=CRYPT_LUKS1 ;;
  698 	LUKS2) default_luks=CRYPT_LUKS2 ;;
  699 	*) AC_MSG_ERROR([Unknown default LUKS format. Use LUKS1 or LUKS2 only.]) ;;
  700 esac
  701 AC_DEFINE_UNQUOTED([DEFAULT_LUKS_FORMAT], [$default_luks], [default LUKS format version])
  702 
  703 dnl ==========================================================================
  704 
  705 AC_CONFIG_FILES([ Makefile
  706 lib/libcryptsetup.pc
  707 po/Makefile.in
  708 scripts/cryptsetup.conf
  709 tests/Makefile
  710 ])
  711 AC_OUTPUT