X-Git-Url: http://git.ozlabs.org/?p=petitboot;a=blobdiff_plain;f=configure.ac;h=2cf94efb0f546ef9974052122528b181307a2360;hp=f394de6369cf2c3f54c67bf91d92b0ef52546e00;hb=e2185d2c52325bd6695f79eff38dfab63cb0d49c;hpb=e3f78333a2a16760d6a497b84329c103208e921e diff --git a/configure.ac b/configure.ac index f394de6..2cf94ef 100644 --- a/configure.ac +++ b/configure.ac @@ -16,7 +16,7 @@ AC_INIT([petitboot], [m4_esyscmd_s([./version.sh])], - [Geoff Levand ]) + [https://lists.ozlabs.org/listinfo/petitboot]) AC_CONFIG_MACRO_DIR([m4]) @@ -39,6 +39,9 @@ AM_INIT_AUTOMAKE AC_GNU_SOURCE AM_GNU_GETTEXT([external]) AM_GNU_GETTEXT_VERSION(0.18.1) +if test "$USE_NLS" = "yes" -a -z "$($MSGFMT --version)"; then + AC_MSG_ERROR([[Please install gettext]]) +fi LT_INIT AM_SILENT_RULES([yes]) @@ -113,7 +116,7 @@ AC_ARG_WITH( [build x11 GUI programs using the twin window system [default=yes]] )], [], - [with_twin_x11=yes] + [with_twin_x11=no] ) AM_CONDITIONAL([WITH_TWIN_X11], [test "x$with_twin_x11" = "xyes"]) @@ -124,7 +127,7 @@ AC_ARG_WITH( [build frame buffer GUI programs using the twin window system [default=no]] )], [], - [with_twin_fbdev=yes] + [with_twin_fbdev=no] ) AM_CONDITIONAL([WITH_TWIN_FBDEV], [test "x$with_twin_fbdev" = "xyes"]) @@ -132,6 +135,13 @@ AM_CONDITIONAL( [WITH_TWIN], [test "x$with_twin_x11" = "xyes" || test "x$with_twin_fbdev" = "xyes"]) +AS_IF( + [test "x$with_twin_x11" != "xyes" && \ + test "x$with_twin_fbdev" != "xyes" && \ + test "x$ax_cv_curses" != "xyes"], + [AC_MSG_WARN([ No user interface programs configured. Consider using --with-ncurses, --with-twin-x11 or --with-twin-fbdev'])] +) + AS_IF( [test "x$with_twin_x11" = "xyes" || test "x$with_twin_fbdev" = "xyes"], [PKG_CHECK_MODULES( @@ -178,59 +188,42 @@ AS_IF( AC_ARG_WITH( [signed-boot], - [AS_HELP_STRING([--with-signed-boot], - [build kernel signature checking support [default=no]] + [AS_HELP_STRING([--with-signed-boot=@<:@no|yes|gpgme|openssl@:>@], + [Build kernel signature checking support with specified + crypto pacakge. A @<:@yes@:>@ value will first check + for gpgme then openssl and use the first found. + @<:@default=no@:>@] + )], + [AS_IF([test "x$with_signed_boot" = xno],[], + [test "x$with_signed_boot" = xyes], + [AM_PATH_GPGME([1.0.0], + [sboot=gpgme], + [AX_CHECK_OPENSSL( + [sboot=openssl], + [AC_MSG_FAILURE([--with-signed-boot=yes specified but gpgme or openssl not found])] + )] + )], + [test "x$with_signed_boot" = xgpgme], + [AM_PATH_GPGME([1.0.0], + [sboot=gpgme], + [AC_MSG_FAILURE([--with-signed-boot=gpgme specified but gpgme not found])] + )], + [test "x$with_signed_boot" = xopenssl], + [AX_CHECK_OPENSSL( + [sboot=openssl], + [AC_MSG_FAILURE([--with-signed-boot=openssl specified but openssl not found])] + )], + [AC_MSG_FAILURE([--with-signed-boot given invalid option: $with_signed_boot])] )], - [], [with_signed_boot=no] ) -AM_CONDITIONAL( - [WITH_SIGNED_BOOT], - [test "x$with_signed_boot" = "xyes"]) - -AS_IF( - [test "x$with_signed_boot" = "xyes"], - [PKG_CHECK_MODULES( - [GPGME], - [gpgme >= 1.0.0], - [SAVE_LIBS="$LIBS" LIBS="$LIBS $gpgme_LIBS" - AC_CHECK_LIB( - [gpgme], - [gpgme_op_verify], - [], - [AC_MSG_FAILURE([--with-signed-boot was given but the test for gpgme failed.])] - ) - LIBS="$SAVE_LIBS" - ], - [AM_PATH_GPGME([1.0.0], [SAVE_LIBS="$LIBS" LIBS="$LIBS $gpgme_LIBS" - AC_CHECK_LIB( - [gpgme], - [gpgme_op_verify], - [], - [AC_MSG_FAILURE([--with-signed-boot was given but the test for gpgme failed.])] - ) - LIBS="$SAVE_LIBS"], - [AC_MSG_RESULT([$gpgme_PKG_ERRORS]) - AC_MSG_FAILURE([ Consider adjusting PKG_CONFIG_PATH environment variable]) - ]) - ] - )] -) - -AS_IF( - [test "x$with_signed_boot" = "xyes"], - [SAVE_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS $gpgme_CFLAGS" - AC_CHECK_HEADERS( - [gpgme.h], - [], - [AC_MSG_FAILURE([ --with-signed-boot given but gpgme.h not found])] - ) - CPPFLAGS="$SAVE_CPPFLAGS" - ] -) - -AM_CONDITIONAL([WITH_GPGME], [test "x$with_signed_boot" = "xyes"]) +AM_CONDITIONAL([WITH_GPGME], [test "x$sboot" = xgpgme]) +AM_CONDITIONAL([WITH_OPENSSL], [test "x$sboot" = xopenssl]) +AM_CONDITIONAL([WITH_SIGNED_BOOT], [test "x$with_signed_boot" != xno]) +AM_COND_IF([WITH_SIGNED_BOOT], + [AC_DEFINE([SIGNED_BOOT], 1, [Define if you have signed boot enabled])], + []) AC_ARG_VAR( [lockdown_file], @@ -239,6 +232,28 @@ AC_ARG_VAR( AS_IF([test "x$lockdown_file" = x], [lockdown_file="/etc/pb-lockdown"]) AC_DEFINE_UNQUOTED(LOCKDOWN_FILE, "$lockdown_file", [Lockdown file location]) +AC_ARG_VAR( + [KEYRING_PATH], + [Path to keyring (gpgme home dir) @<:@default="/etc/gpg"@:>@] +) +AS_IF([test "x$KEYRING_PATH" = x], [KEYRING_PATH="/etc/gpg"]) +AC_DEFINE_UNQUOTED(KEYRING_PATH, "$KEYRING_PATH", [gpgme home dir]) + +AC_ARG_VAR( + [VERIFY_DIGEST], + [Signed boot signature verification digest algorithm to use (only valid in openssl) @<:@default="sha256"@:>@] +) +AS_IF([test "x$VERIFY_DIGEST" = x], [VERIFY_DIGEST="sha256"]) +AC_DEFINE_UNQUOTED(VERIFY_DIGEST, "$VERIFY_DIGEST", [openssl verify dgst]) + +AC_ARG_ENABLE([hard-lockdown], + [AS_HELP_STRING([--enable-hard-lockdown], + [if signed boot configured, the absence of the + LOCKDOWN_FILE does not disable signed boot at + runtime @<:@default=no@:>@])], + [AC_DEFINE(HARD_LOCKDOWN, 1, [Enable hard lockdown])], + []) + AC_ARG_ENABLE( [busybox], [AS_HELP_STRING( @@ -307,7 +322,6 @@ AC_ARG_ENABLE( [], [enable_debug=check] ) -#AM_CONDITIONAL([ENABLE_DEBUG], [test "x$enable_debug" = "xyes"]) AC_ARG_ENABLE( [test-valgrind], @@ -338,11 +352,13 @@ DEFINE_HOST_PROG(UMOUNT, umount, [/bin/umount]) DEFINE_HOST_PROG(WGET, wget, [/usr/bin/wget]) DEFINE_HOST_PROG(IP, ip, [/sbin/ip]) DEFINE_HOST_PROG(UDHCPC, udhcpc, [/sbin/udhcpc]) +DEFINE_HOST_PROG(UDHCPC6, udhcpc6, [/usr/bin/udhcpc6]) DEFINE_HOST_PROG(VGSCAN, vgscan, [/usr/sbin/vgscan]) DEFINE_HOST_PROG(VGCHANGE, vgchange, [/usr/sbin/vgchange]) DEFINE_HOST_PROG(PB_PLUGIN, pb-plugin, [/usr/sbin/pb-plugin]) DEFINE_HOST_PROG(PB_EXEC, pb-exec, [/usr/sbin/pb-exec]) DEFINE_HOST_PROG(SH, sh, [/bin/sh]) +DEFINE_HOST_PROG(SCSI_RESCAN, scsi-rescan, [/usr/sbin/scsi-rescan]) AC_ARG_WITH( [tftp],