AC_INIT([petitboot],
[m4_esyscmd_s([./version.sh])],
- [Geoff Levand <geoff@infradead.org>])
+ [https://lists.ozlabs.org/listinfo/petitboot])
AC_CONFIG_MACRO_DIR([m4])
AC_PROG_CC
AC_PROG_LEX
+if test -z "$($LEX --version)"; then
+ AC_MSG_ERROR([[Please install flex/lex]])
+fi
AC_PROG_YACC
+if test -z "$($YACC --version)"; then
+ AC_MSG_ERROR([[Please install bison/yacc]])
+fi
AC_PROG_INSTALL
AM_INIT_AUTOMAKE
AC_GNU_SOURCE
AM_GNU_GETTEXT([external])
AM_GNU_GETTEXT_VERSION(0.18.1)
+if test "$USE_NLS" = "yes" -a -z "$($MSGFMT --version)"; then
+ AC_MSG_ERROR([[Please install gettext]])
+fi
LT_INIT
AM_SILENT_RULES([yes])
[build x11 GUI programs using the twin window system [default=yes]]
)],
[],
- [with_twin_x11=yes]
+ [with_twin_x11=no]
)
AM_CONDITIONAL([WITH_TWIN_X11], [test "x$with_twin_x11" = "xyes"])
[build frame buffer GUI programs using the twin window system [default=no]]
)],
[],
- [with_twin_fbdev=yes]
+ [with_twin_fbdev=no]
)
AM_CONDITIONAL([WITH_TWIN_FBDEV], [test "x$with_twin_fbdev" = "xyes"])
AC_ARG_WITH(
[signed-boot],
- [AS_HELP_STRING([--with-signed-boot],
- [build kernel signature checking support [default=no]]
+ [AS_HELP_STRING([--with-signed-boot=@<:@no|yes|gpgme|openssl@:>@],
+ [Build kernel signature checking support with specified
+ crypto pacakge. A @<:@yes@:>@ value will first check
+ for gpgme then openssl and use the first found.
+ @<:@default=no@:>@]
+ )],
+ [AS_IF([test "x$with_signed_boot" = xno],[],
+ [test "x$with_signed_boot" = xyes],
+ [AM_PATH_GPGME([1.0.0],
+ [sboot=gpgme],
+ [AX_CHECK_OPENSSL(
+ [sboot=openssl],
+ [AC_MSG_FAILURE([--with-signed-boot=yes specified but gpgme or openssl not found])]
+ )]
+ )],
+ [test "x$with_signed_boot" = xgpgme],
+ [AM_PATH_GPGME([1.0.0],
+ [sboot=gpgme],
+ [AC_MSG_FAILURE([--with-signed-boot=gpgme specified but gpgme not found])]
+ )],
+ [test "x$with_signed_boot" = xopenssl],
+ [AX_CHECK_OPENSSL(
+ [sboot=openssl],
+ [AC_MSG_FAILURE([--with-signed-boot=openssl specified but openssl not found])]
+ )],
+ [AC_MSG_FAILURE([--with-signed-boot given invalid option: $with_signed_boot])]
)],
- [],
[with_signed_boot=no]
)
-AM_CONDITIONAL(
- [WITH_SIGNED_BOOT],
- [test "x$with_signed_boot" = "xyes"])
-
-AS_IF(
- [test "x$with_signed_boot" = "xyes"],
- [PKG_CHECK_MODULES(
- [GPGME],
- [gpgme >= 1.0.0],
- [SAVE_LIBS="$LIBS" LIBS="$LIBS $gpgme_LIBS"
- AC_CHECK_LIB(
- [gpgme],
- [gpgme_op_verify],
- [],
- [AC_MSG_FAILURE([--with-signed-boot was given but the test for gpgme failed.])]
- )
- LIBS="$SAVE_LIBS"
- ],
- [AM_PATH_GPGME([1.0.0], [SAVE_LIBS="$LIBS" LIBS="$LIBS $gpgme_LIBS"
- AC_CHECK_LIB(
- [gpgme],
- [gpgme_op_verify],
- [],
- [AC_MSG_FAILURE([--with-signed-boot was given but the test for gpgme failed.])]
- )
- LIBS="$SAVE_LIBS"],
- [AC_MSG_RESULT([$gpgme_PKG_ERRORS])
- AC_MSG_FAILURE([ Consider adjusting PKG_CONFIG_PATH environment variable])
- ])
- ]
- )]
-)
-
-AS_IF(
- [test "x$with_signed_boot" = "xyes"],
- [SAVE_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS $gpgme_CFLAGS"
- AC_CHECK_HEADERS(
- [gpgme.h],
- [],
- [AC_MSG_FAILURE([ --with-signed-boot given but gpgme.h not found])]
- )
- CPPFLAGS="$SAVE_CPPFLAGS"
- ]
-)
-
-AM_CONDITIONAL([WITH_GPGME], [test "x$with_signed_boot" = "xyes"])
+AM_CONDITIONAL([WITH_GPGME], [test "x$sboot" = xgpgme])
+AM_CONDITIONAL([WITH_OPENSSL], [test "x$sboot" = xopenssl])
+AM_CONDITIONAL([WITH_SIGNED_BOOT], [test "x$with_signed_boot" != xno])
+AM_COND_IF([WITH_SIGNED_BOOT],
+ [AC_DEFINE([SIGNED_BOOT], 1, [Define if you have signed boot enabled])],
+ [])
AC_ARG_VAR(
[lockdown_file],
AS_IF([test "x$lockdown_file" = x], [lockdown_file="/etc/pb-lockdown"])
AC_DEFINE_UNQUOTED(LOCKDOWN_FILE, "$lockdown_file", [Lockdown file location])
+AC_ARG_VAR(
+ [KEYRING_PATH],
+ [Path to keyring (gpgme home dir) @<:@default="/etc/gpg"@:>@]
+)
+AS_IF([test "x$KEYRING_PATH" = x], [KEYRING_PATH="/etc/gpg"])
+AC_DEFINE_UNQUOTED(KEYRING_PATH, "$KEYRING_PATH", [gpgme home dir])
+
+AC_ARG_VAR(
+ [VERIFY_DIGEST],
+ [Signed boot signature verification digest algorithm to use (only valid in openssl) @<:@default="sha256"@:>@]
+)
+AS_IF([test "x$VERIFY_DIGEST" = x], [VERIFY_DIGEST="sha256"])
+AC_DEFINE_UNQUOTED(VERIFY_DIGEST, "$VERIFY_DIGEST", [openssl verify dgst])
+
+AC_ARG_ENABLE([hard-lockdown],
+ [AS_HELP_STRING([--enable-hard-lockdown],
+ [if signed boot configured, the absence of the
+ LOCKDOWN_FILE does not disable signed boot at
+ runtime @<:@default=no@:>@])],
+ [AC_DEFINE(HARD_LOCKDOWN, 1, [Enable hard lockdown])],
+ [])
+
AC_ARG_ENABLE(
[busybox],
[AS_HELP_STRING(
DEFINE_HOST_PROG(WGET, wget, [/usr/bin/wget])
DEFINE_HOST_PROG(IP, ip, [/sbin/ip])
DEFINE_HOST_PROG(UDHCPC, udhcpc, [/sbin/udhcpc])
+DEFINE_HOST_PROG(UDHCPC6, udhcpc6, [/usr/bin/udhcpc6])
DEFINE_HOST_PROG(VGSCAN, vgscan, [/usr/sbin/vgscan])
DEFINE_HOST_PROG(VGCHANGE, vgchange, [/usr/sbin/vgchange])
DEFINE_HOST_PROG(PB_PLUGIN, pb-plugin, [/usr/sbin/pb-plugin])
DEFINE_HOST_PROG(PB_EXEC, pb-exec, [/usr/sbin/pb-exec])
DEFINE_HOST_PROG(SH, sh, [/bin/sh])
+DEFINE_HOST_PROG(SCSI_RESCAN, scsi-rescan, [/usr/sbin/scsi-rescan])
AC_ARG_WITH(
[tftp],