X-Git-Url: http://git.ozlabs.org/?p=petitboot;a=blobdiff_plain;f=configure.ac;h=f12e48d0c7ceec9ca6c31213f9ee29ed610deaf2;hp=1b9b980920d16ba9876dc2ec3b79ae3ac5f4810f;hb=a30e4ac8a8e38f9b972bf6670f91b0e372e00777;hpb=3b286d116f8fb8438b8ae52669d2c1778b7a370b diff --git a/configure.ac b/configure.ac index 1b9b980..f12e48d 100644 --- a/configure.ac +++ b/configure.ac @@ -16,7 +16,7 @@ AC_INIT([petitboot], [m4_esyscmd_s([./version.sh])], - [Geoff Levand ]) + [https://lists.ozlabs.org/listinfo/petitboot]) AC_CONFIG_MACRO_DIR([m4]) @@ -26,13 +26,22 @@ AS_IF([test "x$CFLAGS" = "x"], [AC_SUBST([CFLAGS], [""])]) AC_PROG_CC AC_PROG_LEX +if test -z "$($LEX --version)"; then + AC_MSG_ERROR([[Please install flex/lex]]) +fi AC_PROG_YACC +if test -z "$($YACC --version)"; then + AC_MSG_ERROR([[Please install bison/yacc]]) +fi AC_PROG_INSTALL AM_INIT_AUTOMAKE AC_GNU_SOURCE AM_GNU_GETTEXT([external]) AM_GNU_GETTEXT_VERSION(0.18.1) +if test "$USE_NLS" = "yes" -a -z "$($MSGFMT --version)"; then + AC_MSG_ERROR([[Please install gettext]]) +fi LT_INIT AM_SILENT_RULES([yes]) @@ -57,9 +66,14 @@ AC_CHECK_LIB([udev], [udev_new], [AC_MSG_FAILURE([The libudev development library is required by petitboot. Try installing the package libudev-dev or libudev-devel.])] ) +PKG_CHECK_EXISTS(libudev >= 218, [old_udev=no], [old_udev=yes]) +if test "$old_udev" = "yes" ; then + AC_DEFINE(UDEV_LOGGING, 1, [Support old udev logging interface]) +fi + AC_CHECK_LIB([devmapper], [dm_task_create], [DEVMAPPER_LIBS=-ldevmapper], - [AC_MSG_FAILURE([The libdevmapper development library is required by petitboot. Try installing the package libdevmapper-dev or libdevmapper-devel.])] + [AC_MSG_FAILURE([The libdevmapper development library is required by petitboot. Try installing the package libdevmapper-dev or device-mapper-devel.])] ) AC_ARG_WITH([fdt], @@ -102,7 +116,7 @@ AC_ARG_WITH( [build x11 GUI programs using the twin window system [default=yes]] )], [], - [with_twin_x11=yes] + [with_twin_x11=no] ) AM_CONDITIONAL([WITH_TWIN_X11], [test "x$with_twin_x11" = "xyes"]) @@ -113,7 +127,7 @@ AC_ARG_WITH( [build frame buffer GUI programs using the twin window system [default=no]] )], [], - [with_twin_fbdev=yes] + [with_twin_fbdev=no] ) AM_CONDITIONAL([WITH_TWIN_FBDEV], [test "x$with_twin_fbdev" = "xyes"]) @@ -165,6 +179,74 @@ AS_IF( ] ) +AC_ARG_WITH( + [signed-boot], + [AS_HELP_STRING([--with-signed-boot=@<:@no|yes|gpgme|openssl@:>@], + [Build kernel signature checking support with specified + crypto pacakge. A @<:@yes@:>@ value will first check + for gpgme then openssl and use the first found. + @<:@default=no@:>@] + )], + [AS_IF([test "x$with_signed_boot" = xno],[], + [test "x$with_signed_boot" = xyes], + [AM_PATH_GPGME([1.0.0], + [sboot=gpgme], + [AX_CHECK_OPENSSL( + [sboot=openssl], + [AC_MSG_FAILURE([--with-signed-boot=yes specified but gpgme or openssl not found])] + )] + )], + [test "x$with_signed_boot" = xgpgme], + [AM_PATH_GPGME([1.0.0], + [sboot=gpgme], + [AC_MSG_FAILURE([--with-signed-boot=gpgme specified but gpgme not found])] + )], + [test "x$with_signed_boot" = xopenssl], + [AX_CHECK_OPENSSL( + [sboot=openssl], + [AC_MSG_FAILURE([--with-signed-boot=openssl specified but openssl not found])] + )], + [AC_MSG_FAILURE([--with-signed-boot given invalid option: $with_signed_boot])] + )], + [with_signed_boot=no] +) + +AM_CONDITIONAL([WITH_GPGME], [test "x$sboot" = xgpgme]) +AM_CONDITIONAL([WITH_OPENSSL], [test "x$sboot" = xopenssl]) +AM_CONDITIONAL([WITH_SIGNED_BOOT], [test "x$with_signed_boot" != xno]) +AM_COND_IF([WITH_SIGNED_BOOT], + [AC_DEFINE([SIGNED_BOOT], 1, [Define if you have signed boot enabled])], + []) + +AC_ARG_VAR( + [lockdown_file], + [Location of authorized signature file [default = "/etc/pb-lockdown"]] +) +AS_IF([test "x$lockdown_file" = x], [lockdown_file="/etc/pb-lockdown"]) +AC_DEFINE_UNQUOTED(LOCKDOWN_FILE, "$lockdown_file", [Lockdown file location]) + +AC_ARG_VAR( + [KEYRING_PATH], + [Path to keyring (gpgme home dir) @<:@default="/etc/gpg"@:>@] +) +AS_IF([test "x$KEYRING_PATH" = x], [KEYRING_PATH="/etc/gpg"]) +AC_DEFINE_UNQUOTED(KEYRING_PATH, "$KEYRING_PATH", [gpgme home dir]) + +AC_ARG_VAR( + [VERIFY_DIGEST], + [Signed boot signature verification digest algorithm to use (only valid in openssl) @<:@default="sha256"@:>@] +) +AS_IF([test "x$VERIFY_DIGEST" = x], [VERIFY_DIGEST="sha256"]) +AC_DEFINE_UNQUOTED(VERIFY_DIGEST, "$VERIFY_DIGEST", [openssl verify dgst]) + +AC_ARG_ENABLE([hard-lockdown], + [AS_HELP_STRING([--enable-hard-lockdown], + [if signed boot configured, the absence of the + LOCKDOWN_FILE does not disable signed boot at + runtime @<:@default=no@:>@])], + [AC_DEFINE(HARD_LOCKDOWN, 1, [Enable hard lockdown])], + []) + AC_ARG_ENABLE( [busybox], [AS_HELP_STRING( @@ -174,7 +256,11 @@ AC_ARG_ENABLE( [], [enable_busybox=no] ) -#AM_CONDITIONAL([ENABLE_BUSYBOX], [test "x$enable_busybox" = "xyes"]) +AM_CONDITIONAL([ENABLE_BUSYBOX], [test "x$enable_busybox" = "xyes"]) +AS_IF([test "x$enable_busybox" = "xyes"], + [AC_DEFINE(WITH_BUSYBOX, 1, [Busybox environment enabled])], + [] +) AC_ARG_ENABLE( [mtd], @@ -260,6 +346,13 @@ DEFINE_HOST_PROG(UMOUNT, umount, [/bin/umount]) DEFINE_HOST_PROG(WGET, wget, [/usr/bin/wget]) DEFINE_HOST_PROG(IP, ip, [/sbin/ip]) DEFINE_HOST_PROG(UDHCPC, udhcpc, [/sbin/udhcpc]) +DEFINE_HOST_PROG(UDHCPC6, udhcpc6, [/usr/bin/udhcpc6]) +DEFINE_HOST_PROG(VGSCAN, vgscan, [/usr/sbin/vgscan]) +DEFINE_HOST_PROG(VGCHANGE, vgchange, [/usr/sbin/vgchange]) +DEFINE_HOST_PROG(PB_PLUGIN, pb-plugin, [/usr/sbin/pb-plugin]) +DEFINE_HOST_PROG(PB_EXEC, pb-exec, [/usr/sbin/pb-exec]) +DEFINE_HOST_PROG(SH, sh, [/bin/sh]) +DEFINE_HOST_PROG(SCSI_RESCAN, scsi-rescan, [/usr/sbin/scsi-rescan]) AC_ARG_WITH( [tftp],