diff options
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 311 |
1 files changed, 270 insertions, 41 deletions
diff --git a/configure.ac b/configure.ac index 5f25c7dc4236..b7c6c811be40 100644 --- a/configure.ac +++ b/configure.ac @@ -5,17 +5,35 @@ sinclude(acx_nlnetlabs.m4) # must be numbers. ac_defun because of later processing. m4_define([VERSION_MAJOR],[1]) -m4_define([VERSION_MINOR],[6]) -m4_define([VERSION_MICRO],[17]) +m4_define([VERSION_MINOR],[7]) +m4_define([VERSION_MICRO],[0]) AC_INIT(ldns, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), libdns@nlnetlabs.nl, libdns) AC_CONFIG_SRCDIR([packet.c]) # needed to build correct soname AC_SUBST(LDNS_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(LDNS_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(LDNS_VERSION_MICRO, [VERSION_MICRO]) -AC_SUBST(VERSION_INFO, [VERSION_MAJOR:VERSION_MINOR:VERSION_MICRO]) + +# Library version +# --------------- +# current:revision:age +# (binary-api-number):(which-binary-api-version):(how-many-nrs-backwardscompat) +# if source code changes increment revision +# if any interfaces have been added/removed/changed since last update then +# increment current and set revision to 0 +# if any interfaces have been added since the last public release then increment age +# if any interfaces have been removed or changed since the last public release then +# set age to 0 +# +# ldns-1.6.17 and before had a .so with version same as VERSION_INFO +# ldns-1.7.0 will have libversion 2:0:0 +# +AC_SUBST(VERSION_INFO, [2:0:0]) AC_AIX +if test "$ac_cv_header_minix_config_h" = "yes"; then + AC_DEFINE(_NETBSD_SOURCE,1, [Enable for compile on Minix]) +fi LT_INIT AC_CONFIG_MACRO_DIR([m4]) @@ -74,7 +92,9 @@ ACX_CHECK_COMPILER_FLAG(Wall, [CFLAGS="-Wall $CFLAGS"]) ACX_CHECK_COMPILER_FLAG(W, [CFLAGS="-W $CFLAGS"]) ACX_CHECK_COMPILER_FLAG(Wwrite-strings, [CFLAGS="-Wwrite-strings $CFLAGS"]) ACX_CHECK_COMPILER_FLAG(Wstrict-prototypes, [CFLAGS="-Wstrict-prototypes $CFLAGS"]) - +#ACX_CHECK_COMPILER_FLAG(Wshadow, [CFLAGS="-Wshadow $CFLAGS"]) +ACX_CHECK_COMPILER_FLAG(Wunused-function, [CFLAGS="-Wunused-function $CFLAGS"]) +ACX_CHECK_COMPILER_FLAG(Wmissing-prototypes, [CFLAGS="-Wmissing-prototypes $CFLAGS"]) AC_CHECK_HEADERS([getopt.h time.h],,, [AC_INCLUDES_DEFAULT]) @@ -118,14 +138,12 @@ This does not work with the --with-drill option. Please remove the config.h from the drill subdirectory or do not use the --with-drill option.]) fi - DRILL_CONFIG=" drill/drill.1" else AC_SUBST(DRILL,[""]) AC_SUBST(INSTALL_DRILL,[""]) AC_SUBST(UNINSTALL_DRILL,[""]) AC_SUBST(CLEAN_DRILL,[""]) AC_SUBST(LINT_DRILL,[""]) - DRILL_CONFIG="" fi @@ -145,14 +163,12 @@ This does not work with the --with-examples option. Please remove the config.h from the examples subdirectory or do not use the --with-examples option.]) fi - EXAMPLES_CONFIG=" examples/ldns-dane.1 examples/ldns-verify-zone.1" else AC_SUBST(EXAMPLES,[""]) AC_SUBST(INSTALL_EXAMPLES,[""]) AC_SUBST(UNINSTALL_EXAMPLES,[""]) AC_SUBST(CLEAN_EXAMPLES,[""]) AC_SUBST(LINT_EXAMPLES,[""]) - EXAMPLES_CONFIG="" fi # add option to disable installation of ldns-config script @@ -180,6 +196,13 @@ case "$enable_stderr_msgs" in ;; esac +AX_HAVE_POLL( + [AX_CONFIG_FEATURE_ENABLE(poll)], + [AX_CONFIG_FEATURE_DISABLE(poll)]) +AX_CONFIG_FEATURE( + [poll], [This platform supports poll(7)], + [HAVE_POLL], [This platform supports poll(7).]) + # check for python PYTHON_X_CFLAGS="" ldns_with_pyldns=no @@ -301,8 +324,14 @@ tmp_LDFLAGS=$LDFLAGS tmp_LIBS=$LIBS ACX_WITH_SSL_OPTIONAL - -AC_CHECK_FUNCS([EVP_sha256]) +AC_MSG_CHECKING([for LibreSSL]) +if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then + AC_MSG_RESULT([yes]) + AC_DEFINE([HAVE_LIBRESSL], [1], [Define if we have LibreSSL]) +else + AC_MSG_RESULT([no]) +fi +AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id DSA_SIG_set0 DSA_SIG_get0 EVP_dss1 DSA_get0_pqg DSA_get0_key]) # for macosx, see if glibtool exists and use that # BSD's need to know the version... @@ -325,6 +354,103 @@ case "$enable_sha2" in ;; esac +# check wether gost also works +AC_DEFUN([AC_CHECK_GOST_WORKS], +[AC_REQUIRE([AC_PROG_CC]) +AC_MSG_CHECKING([if GOST works]) +if test c${cross_compiling} = cno; then +BAKCFLAGS="$CFLAGS" +if test -n "$ssldir"; then + CFLAGS="$CFLAGS -Wl,-rpath,$ssldir/lib" +fi +AC_RUN_IFELSE([AC_LANG_SOURCE([[ +#include <string.h> +#include <openssl/ssl.h> +#include <openssl/evp.h> +#include <openssl/engine.h> +#include <openssl/conf.h> +/* routine to load gost (from sldns) */ +int load_gost_id(void) +{ + static int gost_id = 0; + const EVP_PKEY_ASN1_METHOD* meth; + ENGINE* e; + + if(gost_id) return gost_id; + + /* see if configuration loaded gost implementation from other engine*/ + meth = EVP_PKEY_asn1_find_str(NULL, "gost2001", -1); + if(meth) { + EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth); + return gost_id; + } + + /* see if engine can be loaded already */ + e = ENGINE_by_id("gost"); + if(!e) { + /* load it ourself, in case statically linked */ + ENGINE_load_builtin_engines(); + ENGINE_load_dynamic(); + e = ENGINE_by_id("gost"); + } + if(!e) { + /* no gost engine in openssl */ + return 0; + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { + ENGINE_finish(e); + ENGINE_free(e); + return 0; + } + + meth = EVP_PKEY_asn1_find_str(&e, "gost2001", -1); + if(!meth) { + /* algo not found */ + ENGINE_finish(e); + ENGINE_free(e); + return 0; + } + EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth); + return gost_id; +} +int main(void) { + EVP_MD_CTX* ctx; + const EVP_MD* md; + unsigned char digest[64]; /* its a 256-bit digest, so uses 32 bytes */ + const char* str = "Hello world"; + const unsigned char check[] = { + 0x40 , 0xed , 0xf8 , 0x56 , 0x5a , 0xc5 , 0x36 , 0xe1 , + 0x33 , 0x7c , 0x7e , 0x87 , 0x62 , 0x1c , 0x42 , 0xe0 , + 0x17 , 0x1b , 0x5e , 0xce , 0xa8 , 0x46 , 0x65 , 0x4d , + 0x8d , 0x3e , 0x22 , 0x9b , 0xe1 , 0x30 , 0x19 , 0x9d + }; + OPENSSL_config(NULL); + (void)load_gost_id(); + md = EVP_get_digestbyname("md_gost94"); + if(!md) return 1; + memset(digest, 0, sizeof(digest)); + ctx = EVP_MD_CTX_create(); + if(!ctx) return 2; + if(!EVP_DigestInit_ex(ctx, md, NULL)) return 3; + if(!EVP_DigestUpdate(ctx, str, 10)) return 4; + if(!EVP_DigestFinal_ex(ctx, digest, NULL)) return 5; + /* uncomment to see the hash calculated. + {int i; + for(i=0; i<32; i++) + printf(" %2.2x", (int)digest[i]); + printf("\n");} + */ + if(memcmp(digest, check, sizeof(check)) != 0) + return 6; + return 0; +} +]])] , [eval "ac_cv_c_gost_works=yes"], [eval "ac_cv_c_gost_works=no"]) +CFLAGS="$BAKCFLAGS" +else +eval "ac_cv_c_gost_works=maybe" +fi +])dnl + AC_ARG_ENABLE(gost, AC_HELP_STRING([--disable-gost], [Disable GOST support])) case "$enable_gost" in no) @@ -336,7 +462,22 @@ case "$enable_gost" in AC_MSG_CHECKING(for GOST) AC_CHECK_FUNC(EVP_PKEY_set_type_str, [],[AC_MSG_ERROR([OpenSSL >= 1.0.0 is needed for GOST support or rerun with --disable-gost])]) AC_CHECK_FUNC(EC_KEY_new, [], [AC_MSG_ERROR([No ECC functions found in OpenSSL: please upgrade OpenSSL or rerun with --disable-gost])]) - AC_DEFINE_UNQUOTED([USE_GOST], [1], [Define this to enable GOST support.]) + AC_CHECK_GOST_WORKS + AC_ARG_ENABLE(gost-anyway, AC_HELP_STRING([--enable-gost-anyway], [Enable GOST even whithout a GOST engine installed])) + if test "$ac_cv_c_gost_works" != "no" -o "$enable_gost_anyway" = "yes"; then + if test "$ac_cv_c_gost_works" = "no"; then + AC_MSG_RESULT([no, but compiling with GOST support anyway]) + else + AC_MSG_RESULT([yes]) + fi + use_gost="yes" + AC_DEFINE([USE_GOST], [1], [Define this to enable GOST support.]) + else + AC_MSG_RESULT([no]) + AC_MSG_WARN([Gost support does not work because the engine is missing.]) + AC_MSG_WARN([Install gost-engine first or use the --enable-gost-anyway to compile with GOST support anyway]) + AC_MSG_WARN([See also https://github.com/gost-engine/engine/wiki for information about gost-engine]) + fi ;; esac @@ -358,18 +499,102 @@ case "$enable_ecdsa" in ;; esac +AC_ARG_ENABLE(dsa, AC_HELP_STRING([--disable-dsa], [Disable DSA support])) +case "$enable_dsa" in + no) + ;; + *) dnl default + # detect if DSA is supported, and turn it off if not. + AC_CHECK_FUNC(DSA_SIG_new, [ + AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.]) + ], [if test "x$enable_dsa" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support DSA and you used --enable-dsa.]) + fi ]) + ;; +esac + +AC_ARG_ENABLE(ed25519, AC_HELP_STRING([--enable-ed25519], [Enable ED25519 support (experimental)])) +case "$enable_ed25519" in + yes) + if test "x$HAVE_SSL" != "xyes"; then + AC_MSG_ERROR([ED25519 enabled, but no SSL support]) + fi + AC_CHECK_DECLS([NID_X25519], [], [AC_MSG_ERROR([OpenSSL does not support the EDDSA curve: please upgrade OpenSSL or rerun with --disable-ed25519])], [AC_INCLUDES_DEFAULT +#include <openssl/evp.h> + ]) + AC_DEFINE_UNQUOTED([USE_ED25519], [1], [Define this to enable ED25519 support.]) + ;; + *|no) dnl default + ;; +esac + +AC_ARG_ENABLE(ed448, AC_HELP_STRING([--enable-ed448], [Enable ED448 support (experimental)])) +case "$enable_ed448" in + yes) + if test "x$HAVE_SSL" != "xyes"; then + AC_MSG_ERROR([ED448 enabled, but no SSL support]) + fi + AC_CHECK_DECLS([NID_X448], [], [AC_MSG_ERROR([OpenSSL does not support the EDDSA curve: please upgrade OpenSSL or rerun with --disable-ed448])], [AC_INCLUDES_DEFAULT +#include <openssl/evp.h> + ]) + AC_DEFINE_UNQUOTED([USE_ED448], [1], [Define this to enable ED448 support.]) + ;; + *|no) dnl default + ;; +esac + AC_ARG_ENABLE(dane, AC_HELP_STRING([--disable-dane], [Disable DANE support])) +AC_ARG_ENABLE(dane-verify, AC_HELP_STRING([--disable-dane-verify], [Disable DANE verify support])) +AC_ARG_ENABLE(dane-ta-usage, AC_HELP_STRING([--disable-dane-ta-usage], [Disable DANE-TA usage type support])) + +AC_ARG_ENABLE(full-dane,, [ + enable_dane_ta_usage=yes + enable_dane_verify=yes + enable_dane=yes +]) +AC_ARG_ENABLE(no-dane-ta-usage,, [ + enable_dane_ta_usage=no + enable_dane_verify=yes + enable_dane=yes +]) +AC_ARG_ENABLE(no-dane-verify,, [ + enable_dane_ta_usage=no + enable_dane_verify=no + enable_dane=yes +]) case "$enable_dane" in no) AC_SUBST(ldns_build_config_use_dane, 0) + AC_SUBST(ldns_build_config_use_dane_verify, 0) + AC_SUBST(ldns_build_config_use_dane_ta_usage, 0) ;; *) dnl default if test "x$HAVE_SSL" != "xyes"; then AC_MSG_ERROR([DANE enabled, but no SSL support]) fi AC_CHECK_FUNC(X509_check_ca, [], [AC_MSG_ERROR([OpenSSL does not support DANE: please upgrade OpenSSL or rerun with --disable-dane])]) - AC_DEFINE_UNQUOTED([USE_DANE], [1], [Define this to enable DANE support.]) AC_SUBST(ldns_build_config_use_dane, 1) + AC_DEFINE_UNQUOTED([USE_DANE], [1], [Define this to enable DANE support.]) + case "$enable_dane_verify" in + no) + AC_SUBST(ldns_build_config_use_dane_verify, 0) + AC_SUBST(ldns_build_config_use_dane_ta_usage, 0) + ;; + *) + AC_SUBST(ldns_build_config_use_dane_verify, 1) + AC_DEFINE_UNQUOTED([USE_DANE_VERIFY], [1], [Define this to enable DANE verify support.]) + case "$enable_dane_ta_usage" in + no) + AC_SUBST(ldns_build_config_use_dane_ta_usage, 0) + ;; + *) dnl default + LIBS="-lssl $LIBS" + AC_CHECK_FUNC(SSL_get0_dane, [], [AC_MSG_ERROR([OpenSSL does not support offline DANE verification (Needed for the DANE-TA usage type). Please upgrade OpenSSL to version >= 1.1.0 or rerun with --disable-dane-verify or --disable-dane-ta-usage])]) + LIBSSL_LIBS="$LIBSSL_LIBS -lssl" + AC_SUBST(ldns_build_config_use_dane_ta_usage, 1) + AC_DEFINE_UNQUOTED([USE_DANE_TA_USAGE], [1], [Define this to enable DANE-TA usage type support.]) + ;; + esac + esac ;; esac @@ -389,26 +614,26 @@ case "$enable_rrtype_rkey" in no|*) ;; esac -AC_ARG_ENABLE(rrtype-cds, AC_HELP_STRING([--enable-rrtype-cds], [Enable draft RR type cds.])) -case "$enable_rrtype_cds" in - yes) - AC_DEFINE_UNQUOTED([RRTYPE_CDS], [], [Define this to enable RR type CDS.]) +AC_ARG_ENABLE(rrtype-openpgpkey, AC_HELP_STRING([--disable-rrtype-openpgpkey], [Disable openpgpkey RR type.])) +case "$enable_rrtype_openpgpkey" in + no) ;; - no|*) + yes|*) + AC_DEFINE_UNQUOTED([RRTYPE_OPENPGPKEY], [], [Define this to enable RR type OPENPGPKEY.]) ;; esac -AC_ARG_ENABLE(rrtype-uri, AC_HELP_STRING([--enable-rrtype-uri], [Enable draft RR type uri.])) -case "$enable_rrtype_uri" in +AC_ARG_ENABLE(rrtype-ta, AC_HELP_STRING([--enable-rrtype-ta], [Enable draft RR type ta.])) +case "$enable_rrtype_ta" in yes) - AC_DEFINE_UNQUOTED([RRTYPE_URI], [], [Define this to enable RR type URI.]) + AC_DEFINE_UNQUOTED([RRTYPE_TA], [], [Define this to enable RR type TA.]) ;; no|*) ;; esac -AC_ARG_ENABLE(rrtype-ta, AC_HELP_STRING([--enable-rrtype-ta], [Enable draft RR type ta.])) -case "$enable_rrtype_ta" in +AC_ARG_ENABLE(rrtype-avc, AC_HELP_STRING([--enable-rrtype-avc], [Enable draft RR type avc.])) +case "$enable_rrtype_avc" in yes) - AC_DEFINE_UNQUOTED([RRTYPE_TA], [], [Define this to enable RR type TA.]) + AC_DEFINE_UNQUOTED([RRTYPE_AVC], [], [Define this to enable RR type AVC.]) ;; no|*) ;; @@ -616,31 +841,26 @@ ACX_FUNC_IOCTLSOCKET ACX_CHECK_FORMAT_ATTRIBUTE ACX_CHECK_UNUSED_ATTRIBUTE -# check OSX deployment target which is needed +# check OSX deployment target, if needed if echo $build_os | grep darwin > /dev/null; then - export MACOSX_DEPLOYMENT_TARGET="10.4" + sdk_p=`xcode-select -print-path`; + sdk_v="$( /usr/bin/xcrun --show-sdk-version )"; + case $sdk_v in + 10.9|10.8) sdk_c="10.7";; + 10.11|10.10|*) sdk_c="10.10";; + esac + export MACOSX_DEPLOYMENT_TARGET="${sdk_c}"; + export CFLAGS="$CFLAGS -mmacosx-version-min=${sdk_c} -isysroot ${sdk_p}/Platforms/MacOSX.platform/Developer/SDKs/MacOSX${sdk_v}.sdk"; fi AC_DEFINE([SYSCONFDIR], [sysconfdir], [System configuration dir]) AC_ARG_WITH(trust-anchor, AC_HELP_STRING([--with-trust-anchor=KEYFILE], [Default location of the trust anchor file for drill and ldns-dane. [default=SYSCONFDIR/unbound/root.key]]), [ - LDNS_TRUST_ANCHOR_FILE="$withval" + AC_SUBST([LDNS_TRUST_ANCHOR_FILE], ["$withval"]) + AC_MSG_NOTICE([Default trust anchor: $withval]) ],[ - if test "x$LDNS_TRUST_ANCHOR_FILE" = "x"; then - if test "x$sysconfdir" = 'x${prefix}/etc' ; then - if test "x$prefix" = 'xNONE' ; then - LDNS_TRUST_ANCHOR_FILE="/etc/unbound/root.key" - else - LDNS_TRUST_ANCHOR_FILE="${prefix}/etc/unbound/root.key" - fi - else - LDNS_TRUST_ANCHOR_FILE="${sysconfdir}/unbound/root.key" - fi - fi + AC_SUBST([LDNS_TRUST_ANCHOR_FILE], ["\$(sysconfdir)/unbound/root.key"]) ]) -AC_DEFINE_UNQUOTED([LDNS_TRUST_ANCHOR_FILE], ["$LDNS_TRUST_ANCHOR_FILE"], [Default trust anchor file]) -AC_SUBST(LDNS_TRUST_ANCHOR_FILE) -AC_MSG_NOTICE([Default trust anchor: $LDNS_TRUST_ANCHOR_FILE]) AC_ARG_WITH(ca-file, AC_HELP_STRING([--with-ca-file=CAFILE], [File containing CA certificates for ldns-dane]), [ AC_DEFINE([HAVE_DANE_CA_FILE], [1], [Is a CAFILE given at configure time]) @@ -793,6 +1013,15 @@ void *memmove(void *dest, const void *src, size_t n); #ifndef HAVE_STRLCPY size_t strlcpy(char *dst, const char *src, size_t siz); #endif + +#ifdef USE_WINSOCK +#define SOCK_INVALID INVALID_SOCKET +#define close_socket(_s) do { if (_s > SOCK_INVALID) {closesocket(_s); _s = SOCK_INVALID;} } while(0) +#else +#define SOCK_INVALID -1 +#define close_socket(_s) do { if (_s > SOCK_INVALID) {close(_s); _s = SOCK_INVALID;} } while(0) +#endif + #ifdef __cplusplus } #endif @@ -820,7 +1049,7 @@ else AC_SUBST(ldns_build_config_have_attr_unused, 0) fi -CONFIG_FILES="Makefile ldns/common.h ldns/net.h ldns/util.h packaging/libldns.pc packaging/ldns-config $DRILL_CONFIG $EXAMPLES_CONFIG" +CONFIG_FILES="Makefile ldns/common.h ldns/net.h ldns/util.h packaging/libldns.pc packaging/ldns-config" AC_SUBST(CONFIG_FILES) AC_CONFIG_FILES([$CONFIG_FILES]) |