X-Git-Url: http://git.ozlabs.org/?p=petitboot;a=blobdiff_plain;f=configure.ac;h=f12e48d0c7ceec9ca6c31213f9ee29ed610deaf2;hp=564cb5da8b40bffb1e779a6d9e940c78232ae0ee;hb=70bb4980b19a4ba1d3f92c18df0b03104c4a9b6b;hpb=80c9b417ea3e450c00aac0e93072b85a2c96a484

diff --git a/configure.ac b/configure.ac
index 564cb5d..f12e48d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -181,59 +181,42 @@ AS_IF(
 
 AC_ARG_WITH(
 	[signed-boot],
-	[AS_HELP_STRING([--with-signed-boot],
-		[build kernel signature checking support [default=no]]
+	[AS_HELP_STRING([--with-signed-boot=@<:@no|yes|gpgme|openssl@:>@],
+			[Build kernel signature checking support with specified
+			 crypto pacakge. A @<:@yes@:>@ value will first check
+			 for gpgme then openssl and use the first found.
+			 @<:@default=no@:>@]
+	)],
+	[AS_IF([test "x$with_signed_boot" = xno],[],
+	       [test "x$with_signed_boot" = xyes],
+			[AM_PATH_GPGME([1.0.0],
+				[sboot=gpgme],
+				[AX_CHECK_OPENSSL(
+					[sboot=openssl],
+					[AC_MSG_FAILURE([--with-signed-boot=yes specified but gpgme or openssl not found])]
+				)]
+			)],
+	       [test "x$with_signed_boot" = xgpgme],
+			[AM_PATH_GPGME([1.0.0],
+				[sboot=gpgme],
+				[AC_MSG_FAILURE([--with-signed-boot=gpgme specified but gpgme not found])]
+			)],
+	       [test "x$with_signed_boot" = xopenssl],
+			[AX_CHECK_OPENSSL(
+				[sboot=openssl],
+				[AC_MSG_FAILURE([--with-signed-boot=openssl specified but openssl not found])]
+			)],
+	       [AC_MSG_FAILURE([--with-signed-boot given invalid option: $with_signed_boot])]
 	)],
-	[],
 	[with_signed_boot=no]
 )
 
-AM_CONDITIONAL(
-	[WITH_SIGNED_BOOT],
-	[test "x$with_signed_boot" = "xyes"])
-
-AS_IF(
-	[test "x$with_signed_boot" = "xyes"],
-	[PKG_CHECK_MODULES(
-		[GPGME],
-		[gpgme >= 1.0.0],
-		[SAVE_LIBS="$LIBS" LIBS="$LIBS $gpgme_LIBS"
-			AC_CHECK_LIB(
-				[gpgme],
-				[gpgme_op_verify],
-				[],
-				[AC_MSG_FAILURE([--with-signed-boot was given but the test for gpgme failed.])]
-			)
-			LIBS="$SAVE_LIBS"
-		],
-		[AM_PATH_GPGME([1.0.0], [SAVE_LIBS="$LIBS" LIBS="$LIBS $gpgme_LIBS"
-			AC_CHECK_LIB(
-				[gpgme],
-				[gpgme_op_verify],
-				[],
-				[AC_MSG_FAILURE([--with-signed-boot was given but the test for gpgme failed.])]
-			)
-			LIBS="$SAVE_LIBS"],
-			[AC_MSG_RESULT([$gpgme_PKG_ERRORS])
-				AC_MSG_FAILURE([ Consider adjusting PKG_CONFIG_PATH environment variable])
-			])
-		]
-	)]
-)
-
-AS_IF(
-	[test "x$with_signed_boot" = "xyes"],
-	[SAVE_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS $gpgme_CFLAGS"
-		AC_CHECK_HEADERS(
-			[gpgme.h],
-			[],
-			[AC_MSG_FAILURE([ --with-signed-boot given but gpgme.h not found])]
-		)
-		CPPFLAGS="$SAVE_CPPFLAGS"
-	]
-)
-
-AM_CONDITIONAL([WITH_GPGME], [test "x$with_signed_boot" = "xyes"])
+AM_CONDITIONAL([WITH_GPGME], [test "x$sboot" = xgpgme])
+AM_CONDITIONAL([WITH_OPENSSL], [test "x$sboot" = xopenssl])
+AM_CONDITIONAL([WITH_SIGNED_BOOT], [test "x$with_signed_boot" != xno])
+AM_COND_IF([WITH_SIGNED_BOOT],
+	   [AC_DEFINE([SIGNED_BOOT], 1, [Define if you have signed boot enabled])],
+	   [])
 
 AC_ARG_VAR(
 	[lockdown_file],
@@ -242,6 +225,28 @@ AC_ARG_VAR(
 AS_IF([test "x$lockdown_file" = x], [lockdown_file="/etc/pb-lockdown"])
 AC_DEFINE_UNQUOTED(LOCKDOWN_FILE, "$lockdown_file", [Lockdown file location])
 
+AC_ARG_VAR(
+	[KEYRING_PATH],
+	[Path to keyring (gpgme home dir) @<:@default="/etc/gpg"@:>@]
+)
+AS_IF([test "x$KEYRING_PATH" = x], [KEYRING_PATH="/etc/gpg"])
+AC_DEFINE_UNQUOTED(KEYRING_PATH, "$KEYRING_PATH", [gpgme home dir])
+
+AC_ARG_VAR(
+	[VERIFY_DIGEST],
+	[Signed boot signature verification digest algorithm to use (only valid in openssl) @<:@default="sha256"@:>@]
+)
+AS_IF([test "x$VERIFY_DIGEST" = x], [VERIFY_DIGEST="sha256"])
+AC_DEFINE_UNQUOTED(VERIFY_DIGEST, "$VERIFY_DIGEST", [openssl verify dgst])
+
+AC_ARG_ENABLE([hard-lockdown],
+	      [AS_HELP_STRING([--enable-hard-lockdown],
+			      [if signed boot configured, the absence of the
+			       LOCKDOWN_FILE does not disable signed boot at
+			       runtime @<:@default=no@:>@])],
+	      [AC_DEFINE(HARD_LOCKDOWN, 1, [Enable hard lockdown])],
+	      [])
+
 AC_ARG_ENABLE(
 	[busybox],
 	[AS_HELP_STRING(
@@ -341,11 +346,13 @@ DEFINE_HOST_PROG(UMOUNT, umount, [/bin/umount])
 DEFINE_HOST_PROG(WGET, wget, [/usr/bin/wget])
 DEFINE_HOST_PROG(IP, ip, [/sbin/ip])
 DEFINE_HOST_PROG(UDHCPC, udhcpc, [/sbin/udhcpc])
+DEFINE_HOST_PROG(UDHCPC6, udhcpc6, [/usr/bin/udhcpc6])
 DEFINE_HOST_PROG(VGSCAN, vgscan, [/usr/sbin/vgscan])
 DEFINE_HOST_PROG(VGCHANGE, vgchange, [/usr/sbin/vgchange])
 DEFINE_HOST_PROG(PB_PLUGIN, pb-plugin, [/usr/sbin/pb-plugin])
 DEFINE_HOST_PROG(PB_EXEC, pb-exec, [/usr/sbin/pb-exec])
 DEFINE_HOST_PROG(SH, sh, [/bin/sh])
+DEFINE_HOST_PROG(SCSI_RESCAN, scsi-rescan, [/usr/sbin/scsi-rescan])
 
 AC_ARG_WITH(
     [tftp],