summaryrefslogtreecommitdiffstats
path: root/configure.ac
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--configure.ac773
1 files changed, 773 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac
new file mode 100644
index 0000000..ccf2112
--- /dev/null
+++ b/configure.ac
@@ -0,0 +1,773 @@
+AC_PREREQ([2.67])
+AC_INIT([cryptsetup],[2.6.1])
+
+dnl library version from <major>.<minor>.<release>[-<suffix>]
+LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)
+LIBCRYPTSETUP_VERSION_INFO=21:0:9
+
+AM_SILENT_RULES([yes])
+AC_CONFIG_SRCDIR(src/cryptsetup.c)
+AC_CONFIG_MACRO_DIR([m4])
+
+AC_CONFIG_HEADERS([config.h:config.h.in])
+
+# We do not want to run test in parallel. Really.
+# http://lists.gnu.org/archive/html/automake/2013-01/msg00060.html
+
+# For old automake use this
+#AM_INIT_AUTOMAKE(dist-xz subdir-objects)
+AM_INIT_AUTOMAKE([dist-xz 1.12 serial-tests subdir-objects foreign])
+
+if test "x$prefix" = "xNONE"; then
+ sysconfdir=/etc
+fi
+AC_PREFIX_DEFAULT(/usr)
+
+AC_CANONICAL_HOST
+AC_USE_SYSTEM_EXTENSIONS
+AC_PROG_CC
+AM_PROG_CC_C_O
+AC_PROG_CPP
+AC_PROG_CXX
+AC_PROG_INSTALL
+AC_PROG_MAKE_SET
+AC_PROG_MKDIR_P
+AC_ENABLE_STATIC(no)
+LT_INIT
+PKG_PROG_PKG_CONFIG
+
+dnl ==========================================================================
+dnl define PKG_CHECK_VAR for old pkg-config <= 0.28
+m4_ifndef([AS_VAR_COPY],
+[m4_define([AS_VAR_COPY],
+[AS_LITERAL_IF([$1[]$2], [$1=$$2], [eval $1=\$$2])])
+])
+m4_ifndef([PKG_CHECK_VAR], [
+AC_DEFUN([PKG_CHECK_VAR],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])
+
+_PKG_CONFIG([$1], [variable="][$3]["], [$2])
+AS_VAR_COPY([$1], [pkg_cv_][$1])
+
+AS_VAR_IF([$1], [""], [$5], [$4])
+])
+])
+dnl ==========================================================================
+dnl AsciiDoc manual pages
+
+AC_ARG_ENABLE([asciidoc],
+ AS_HELP_STRING([--disable-asciidoc], [do not generate man pages from asciidoc]),
+ [], [enable_asciidoc=yes]
+)
+
+AC_PATH_PROG([ASCIIDOCTOR], [asciidoctor])
+if test "x$enable_asciidoc" = xyes -a "x$ASCIIDOCTOR" = x; then
+ AC_MSG_ERROR([Building man pages requires asciidoctor installed.])
+fi
+AM_CONDITIONAL([ENABLE_ASCIIDOC], [test "x$enable_asciidoc" = xyes])
+
+have_manpages=no
+AS_IF([test -f "$srcdir/man/cryptsetup-open.8"], [
+ AC_MSG_NOTICE([re-use already generated man-pages.])
+ have_manpages=yes]
+)
+AM_CONDITIONAL([HAVE_MANPAGES], [test "x$have_manpages" = xyes])
+
+dnl ==========================================================================
+
+AC_C_RESTRICT
+
+AC_HEADER_DIRENT
+AC_CHECK_HEADERS(fcntl.h malloc.h inttypes.h uchar.h sys/ioctl.h sys/mman.h \
+ sys/sysmacros.h sys/statvfs.h ctype.h unistd.h locale.h byteswap.h endian.h stdint.h)
+AC_CHECK_DECLS([O_CLOEXEC],,[AC_DEFINE([O_CLOEXEC],[0], [Defined to 0 if not provided])],
+[[
+#ifdef HAVE_FCNTL_H
+# include <fcntl.h>
+#endif
+]])
+
+AC_CHECK_HEADERS(uuid/uuid.h,,[AC_MSG_ERROR([You need the uuid library.])])
+AC_CHECK_HEADER(libdevmapper.h,,[AC_MSG_ERROR([You need the device-mapper library.])])
+
+AC_ARG_ENABLE([keyring],
+ AS_HELP_STRING([--disable-keyring], [disable kernel keyring support and builtin kernel keyring token]),
+ [], [enable_keyring=yes])
+if test "x$enable_keyring" = "xyes"; then
+ AC_CHECK_HEADERS(linux/keyctl.h,,[AC_MSG_ERROR([You need Linux kernel headers with kernel keyring service compiled.])])
+
+ dnl ==========================================================================
+ dnl check whether kernel is compiled with kernel keyring service syscalls
+ AC_CHECK_DECL(__NR_add_key,,[AC_MSG_ERROR([The kernel is missing add_key syscall.])], [#include <syscall.h>])
+ AC_CHECK_DECL(__NR_keyctl,,[AC_MSG_ERROR([The kernel is missing keyctl syscall.])], [#include <syscall.h>])
+ AC_CHECK_DECL(__NR_request_key,,[AC_MSG_ERROR([The kernel is missing request_key syscall.])], [#include <syscall.h>])
+
+ dnl ==========================================================================
+ dnl check that key_serial_t hasn't been adopted yet in stdlib
+ AC_CHECK_TYPES([key_serial_t], [], [], [
+ AC_INCLUDES_DEFAULT
+ #ifdef HAVE_LINUX_KEYCTL_H
+ # include <linux/keyctl.h>
+ #endif
+ ])
+
+ AC_DEFINE(KERNEL_KEYRING, 1, [Enable kernel keyring service support])
+fi
+AM_CONDITIONAL(KERNEL_KEYRING, test "x$enable_keyring" = "xyes")
+
+saved_LIBS=$LIBS
+AC_CHECK_LIB(uuid, uuid_clear, ,[AC_MSG_ERROR([You need the uuid library.])])
+AC_SUBST(UUID_LIBS, $LIBS)
+LIBS=$saved_LIBS
+
+AC_SEARCH_LIBS([clock_gettime],[rt posix4])
+AC_CHECK_FUNCS([posix_memalign clock_gettime posix_fallocate explicit_bzero])
+
+if test "x$enable_largefile" = "xno"; then
+ AC_MSG_ERROR([Building with --disable-largefile is not supported, it can cause data corruption.])
+fi
+
+AC_C_CONST
+AC_C_BIGENDIAN
+AC_TYPE_OFF_T
+AC_SYS_LARGEFILE
+AC_FUNC_FSEEKO
+AC_PROG_GCC_TRADITIONAL
+AC_FUNC_STRERROR_R
+
+dnl ==========================================================================
+dnl LUKS2 external tokens
+
+AC_ARG_ENABLE([external-tokens],
+ AS_HELP_STRING([--disable-external-tokens], [disable external LUKS2 tokens]),
+ [], [enable_external_tokens=yes])
+if test "x$enable_external_tokens" = "xyes"; then
+ AC_DEFINE(USE_EXTERNAL_TOKENS, 1, [Use external tokens])
+ dnl we need dynamic library loading here
+ saved_LIBS=$LIBS
+ AC_SEARCH_LIBS([dlsym],[dl])
+ AC_CHECK_FUNCS([dlvsym])
+ AC_SUBST(DL_LIBS, $LIBS)
+ LIBS=$saved_LIBS
+fi
+AM_CONDITIONAL(EXTERNAL_TOKENS, test "x$enable_external_tokens" = "xyes")
+
+AC_ARG_ENABLE([ssh-token],
+ AS_HELP_STRING([--disable-ssh-token], [disable LUKS2 ssh-token]),
+ [], [enable_ssh_token=yes])
+AM_CONDITIONAL(SSHPLUGIN_TOKEN, test "x$enable_ssh_token" = "xyes")
+
+if test "x$enable_ssh_token" = "xyes" -a "x$enable_external_tokens" = "xno"; then
+ AC_MSG_ERROR([Requested LUKS2 ssh-token build, but external tokens are disabled.])
+fi
+
+dnl LUKS2 online reencryption
+AC_ARG_ENABLE([luks2-reencryption],
+ AS_HELP_STRING([--disable-luks2-reencryption], [disable LUKS2 online reencryption extension]),
+ [], [enable_luks2_reencryption=yes])
+if test "x$enable_luks2_reencryption" = "xyes"; then
+ AC_DEFINE(USE_LUKS2_REENCRYPTION, 1, [Use LUKS2 online reencryption extension])
+fi
+
+dnl ==========================================================================
+
+AM_GNU_GETTEXT([external],[need-ngettext])
+AM_GNU_GETTEXT_VERSION([0.18.3])
+
+dnl ==========================================================================
+
+saved_LIBS=$LIBS
+AC_CHECK_LIB(popt, poptConfigFileToString,,
+ [AC_MSG_ERROR([You need popt 1.7 or newer to compile.])])
+AC_SUBST(POPT_LIBS, $LIBS)
+LIBS=$saved_LIBS
+
+dnl ==========================================================================
+dnl FIPS extensions
+AC_ARG_ENABLE([fips],
+ AS_HELP_STRING([--enable-fips], [enable FIPS mode restrictions]))
+if test "x$enable_fips" = "xyes"; then
+ AC_DEFINE(ENABLE_FIPS, 1, [Enable FIPS mode restrictions])
+
+ if test "x$enable_static" = "xyes" -o "x$enable_static_cryptsetup" = "xyes" ; then
+ AC_MSG_ERROR([Static build is not compatible with FIPS.])
+ fi
+fi
+
+AC_DEFUN([NO_FIPS], [
+ if test "x$enable_fips" = "xyes"; then
+ AC_MSG_ERROR([This option is not compatible with FIPS.])
+ fi
+])
+
+dnl ==========================================================================
+dnl pwquality library (cryptsetup CLI only)
+AC_ARG_ENABLE([pwquality],
+ AS_HELP_STRING([--enable-pwquality], [enable password quality checking using pwquality library]))
+
+if test "x$enable_pwquality" = "xyes"; then
+ AC_DEFINE(ENABLE_PWQUALITY, 1, [Enable password quality checking using pwquality library])
+ PKG_CHECK_MODULES([PWQUALITY], [pwquality >= 1.0.0],,
+ AC_MSG_ERROR([You need pwquality library.]))
+
+ dnl FIXME: this is really hack for now
+ PWQUALITY_STATIC_LIBS="$PWQUALITY_LIBS -lcrack -lz"
+fi
+
+dnl ==========================================================================
+dnl fuzzers, it requires own static library compilation later
+AC_ARG_ENABLE([fuzz-targets],
+ AS_HELP_STRING([--enable-fuzz-targets], [enable building fuzz targets]))
+AM_CONDITIONAL(ENABLE_FUZZ_TARGETS, test "x$enable_fuzz_targets" = "xyes")
+
+if test "x$enable_fuzz_targets" = "xyes"; then
+ AX_CHECK_COMPILE_FLAG([-fsanitize=fuzzer-no-link],,
+ AC_MSG_ERROR([Required compiler options not supported; use clang.]), [-Werror])
+fi
+
+dnl ==========================================================================
+dnl passwdqc library (cryptsetup CLI only)
+AC_ARG_ENABLE([passwdqc],
+ AS_HELP_STRING([--enable-passwdqc@<:@=CONFIG_PATH@:>@],
+ [enable password quality checking using passwdqc library (optionally with CONFIG_PATH)]))
+
+case "$enable_passwdqc" in
+ ""|yes|no) use_passwdqc_config="" ;;
+ /*) use_passwdqc_config="$enable_passwdqc"; enable_passwdqc=yes ;;
+ *) AC_MSG_ERROR([Unrecognized --enable-passwdqc parameter.]) ;;
+esac
+AC_DEFINE_UNQUOTED([PASSWDQC_CONFIG_FILE], ["$use_passwdqc_config"], [passwdqc library config file])
+
+if test "x$enable_passwdqc" = "xyes"; then
+ AC_DEFINE(ENABLE_PASSWDQC, 1, [Enable password quality checking using passwdqc library])
+
+ saved_LIBS="$LIBS"
+ AC_SEARCH_LIBS([passwdqc_check], [passwdqc])
+ case "$ac_cv_search_passwdqc_check" in
+ no) AC_MSG_ERROR([failed to find passwdqc_check]) ;;
+ -l*) PASSWDQC_LIBS="$ac_cv_search_passwdqc_check" ;;
+ *) PASSWDQC_LIBS= ;;
+ esac
+ AC_CHECK_FUNCS([passwdqc_params_free])
+ LIBS="$saved_LIBS"
+fi
+
+if test "x$enable_pwquality$enable_passwdqc" = "xyesyes"; then
+ AC_MSG_ERROR([--enable-pwquality and --enable-passwdqc are mutually incompatible.])
+fi
+
+dnl ==========================================================================
+dnl Crypto backend functions
+
+AC_DEFUN([CONFIGURE_GCRYPT], [
+ if test "x$enable_fips" = "xyes"; then
+ GCRYPT_REQ_VERSION=1.4.5
+ else
+ GCRYPT_REQ_VERSION=1.1.42
+ fi
+
+ dnl libgcrypt rejects to use pkgconfig, use AM_PATH_LIBGCRYPT from gcrypt-devel here.
+ dnl Do not require gcrypt-devel if other crypto backend is used.
+ m4_ifdef([AM_PATH_LIBGCRYPT],[
+ AC_ARG_ENABLE([gcrypt-pbkdf2],
+ dnl Check if we can use gcrypt PBKDF2 (1.6.0 supports empty password)
+ AS_HELP_STRING([--enable-gcrypt-pbkdf2], [force enable internal gcrypt PBKDF2]),
+ if test "x$enableval" = "xyes"; then
+ [use_internal_pbkdf2=0]
+ else
+ [use_internal_pbkdf2=1]
+ fi,
+ [AM_PATH_LIBGCRYPT([1.6.1], [use_internal_pbkdf2=0], [use_internal_pbkdf2=1])])
+ AM_PATH_LIBGCRYPT($GCRYPT_REQ_VERSION,,[AC_MSG_ERROR([You need the gcrypt library.])])],
+ AC_MSG_ERROR([Missing support for gcrypt: install gcrypt and regenerate configure.]))
+
+ AC_MSG_CHECKING([if internal cryptsetup PBKDF2 is compiled-in])
+ if test $use_internal_pbkdf2 = 0; then
+ AC_MSG_RESULT([no])
+ else
+ AC_MSG_RESULT([yes])
+ NO_FIPS([])
+ fi
+
+ AC_CHECK_DECLS([GCRY_CIPHER_MODE_XTS], [], [], [#include <gcrypt.h>])
+
+ if test "x$enable_static_cryptsetup" = "xyes"; then
+ saved_LIBS=$LIBS
+ LIBS="$saved_LIBS $LIBGCRYPT_LIBS -static"
+ AC_CHECK_LIB(gcrypt, gcry_check_version,,
+ AC_MSG_ERROR([Cannot find static gcrypt library.]),
+ [-lgpg-error])
+ LIBGCRYPT_STATIC_LIBS="$LIBGCRYPT_LIBS -lgpg-error"
+ LIBS=$saved_LIBS
+ fi
+
+ CRYPTO_CFLAGS=$LIBGCRYPT_CFLAGS
+ CRYPTO_LIBS=$LIBGCRYPT_LIBS
+ CRYPTO_STATIC_LIBS=$LIBGCRYPT_STATIC_LIBS
+
+ AC_DEFINE_UNQUOTED(GCRYPT_REQ_VERSION, ["$GCRYPT_REQ_VERSION"], [Requested gcrypt version])
+])
+
+AC_DEFUN([CONFIGURE_OPENSSL], [
+ PKG_CHECK_MODULES([OPENSSL], [openssl >= 0.9.8],,
+ AC_MSG_ERROR([You need openssl library.]))
+ CRYPTO_CFLAGS=$OPENSSL_CFLAGS
+ CRYPTO_LIBS=$OPENSSL_LIBS
+ use_internal_pbkdf2=0
+
+ if test "x$enable_static_cryptsetup" = "xyes"; then
+ saved_PKG_CONFIG=$PKG_CONFIG
+ PKG_CONFIG="$PKG_CONFIG --static"
+ PKG_CHECK_MODULES([OPENSSL_STATIC], [openssl])
+ CRYPTO_STATIC_LIBS=$OPENSSL_STATIC_LIBS
+ PKG_CONFIG=$saved_PKG_CONFIG
+ fi
+])
+
+AC_DEFUN([CONFIGURE_NSS], [
+ if test "x$enable_static_cryptsetup" = "xyes"; then
+ AC_MSG_ERROR([Static build of cryptsetup is not supported with NSS.])
+ fi
+
+ AC_MSG_WARN([NSS backend does NOT provide backward compatibility (missing ripemd160 hash).])
+
+ PKG_CHECK_MODULES([NSS], [nss],,
+ AC_MSG_ERROR([You need nss library.]))
+
+ saved_CFLAGS=$CFLAGS
+ CFLAGS="$CFLAGS $NSS_CFLAGS"
+ AC_CHECK_DECLS([NSS_GetVersion], [], [], [#include <nss.h>])
+ CFLAGS=$saved_CFLAGS
+
+ CRYPTO_CFLAGS=$NSS_CFLAGS
+ CRYPTO_LIBS=$NSS_LIBS
+ use_internal_pbkdf2=1
+ NO_FIPS([])
+])
+
+AC_DEFUN([CONFIGURE_KERNEL], [
+ AC_CHECK_HEADERS(linux/if_alg.h,,
+ [AC_MSG_ERROR([You need Linux kernel headers with userspace crypto interface.])])
+# AC_CHECK_DECLS([AF_ALG],,
+# [AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])],
+# [#include <sys/socket.h>])
+ use_internal_pbkdf2=1
+ NO_FIPS([])
+])
+
+AC_DEFUN([CONFIGURE_NETTLE], [
+ AC_CHECK_HEADERS(nettle/sha.h,,
+ [AC_MSG_ERROR([You need Nettle cryptographic library.])])
+ AC_CHECK_HEADERS(nettle/version.h)
+
+ saved_LIBS=$LIBS
+ AC_CHECK_LIB(nettle, nettle_pbkdf2_hmac_sha256,,
+ [AC_MSG_ERROR([You need Nettle library version 2.6 or more recent.])])
+ CRYPTO_LIBS=$LIBS
+ LIBS=$saved_LIBS
+
+ CRYPTO_STATIC_LIBS=$CRYPTO_LIBS
+ use_internal_pbkdf2=0
+ NO_FIPS([])
+])
+
+dnl ==========================================================================
+saved_LIBS=$LIBS
+
+AC_ARG_ENABLE([static-cryptsetup],
+ AS_HELP_STRING([--enable-static-cryptsetup], [enable build of static version of tools]))
+if test "x$enable_static_cryptsetup" = "xyes"; then
+ if test "x$enable_static" = "xno"; then
+ AC_MSG_WARN([Requested static cryptsetup build, enabling static library.])
+ enable_static=yes
+ fi
+fi
+AM_CONDITIONAL(STATIC_TOOLS, test "x$enable_static_cryptsetup" = "xyes")
+
+AC_ARG_ENABLE([cryptsetup],
+ AS_HELP_STRING([--disable-cryptsetup], [disable cryptsetup support]),
+ [], [enable_cryptsetup=yes])
+AM_CONDITIONAL(CRYPTSETUP, test "x$enable_cryptsetup" = "xyes")
+
+AC_ARG_ENABLE([veritysetup],
+ AS_HELP_STRING([--disable-veritysetup], [disable veritysetup support]),
+ [], [enable_veritysetup=yes])
+AM_CONDITIONAL(VERITYSETUP, test "x$enable_veritysetup" = "xyes")
+
+AC_ARG_ENABLE([integritysetup],
+ AS_HELP_STRING([--disable-integritysetup], [disable integritysetup support]),
+ [], [enable_integritysetup=yes])
+AM_CONDITIONAL(INTEGRITYSETUP, test "x$enable_integritysetup" = "xyes")
+
+AC_ARG_ENABLE([selinux],
+ AS_HELP_STRING([--disable-selinux], [disable selinux support [default=auto]]),
+ [], [enable_selinux=yes])
+
+AC_ARG_ENABLE([udev],
+ AS_HELP_STRING([--disable-udev], [disable udev support]),
+ [], [enable_udev=yes])
+
+dnl Try to use pkg-config for devmapper, but fallback to old detection
+PKG_CHECK_MODULES([DEVMAPPER], [devmapper >= 1.02.03],, [
+ AC_CHECK_LIB(devmapper, dm_task_set_name,,
+ [AC_MSG_ERROR([You need the device-mapper library.])])
+ AC_CHECK_LIB(devmapper, dm_task_set_message,,
+ [AC_MSG_ERROR([The device-mapper library on your system is too old.])])
+ DEVMAPPER_LIBS=$LIBS
+])
+LIBS=$saved_LIBS
+
+LIBS="$LIBS $DEVMAPPER_LIBS"
+AC_CHECK_DECLS([dm_task_secure_data], [], [], [#include <libdevmapper.h>])
+AC_CHECK_DECLS([dm_task_retry_remove], [], [], [#include <libdevmapper.h>])
+AC_CHECK_DECLS([dm_task_deferred_remove], [], [], [#include <libdevmapper.h>])
+AC_CHECK_DECLS([dm_device_has_mounted_fs], [], [], [#include <libdevmapper.h>])
+AC_CHECK_DECLS([dm_device_has_holders], [], [], [#include <libdevmapper.h>])
+AC_CHECK_DECLS([dm_device_get_name], [], [], [#include <libdevmapper.h>])
+AC_CHECK_DECLS([DM_DEVICE_GET_TARGET_VERSION], [], [], [#include <libdevmapper.h>])
+AC_CHECK_DECLS([DM_UDEV_DISABLE_DISK_RULES_FLAG], [have_cookie=yes], [have_cookie=no], [#include <libdevmapper.h>])
+if test "x$enable_udev" = xyes; then
+ if test "x$have_cookie" = xno; then
+ AC_MSG_WARN([The device-mapper library on your system has no udev support, udev support disabled.])
+ else
+ AC_DEFINE(USE_UDEV, 1, [Try to use udev synchronisation?])
+ fi
+fi
+LIBS=$saved_LIBS
+
+dnl Check for JSON-C used in LUKS2
+PKG_CHECK_MODULES([JSON_C], [json-c])
+AC_CHECK_DECLS([json_object_object_add_ex], [], [], [#include <json-c/json.h>])
+AC_CHECK_DECLS([json_object_deep_copy], [], [], [#include <json-c/json.h>])
+
+dnl Check for libssh and argp for SSH plugin
+if test "x$enable_ssh_token" = "xyes"; then
+ PKG_CHECK_MODULES([LIBSSH], [libssh])
+ AC_CHECK_DECLS([ssh_session_is_known_server], [], [], [#include <libssh/libssh.h>])
+ AC_CHECK_HEADER([argp.h], [], AC_MSG_ERROR([You need argp library.]))
+ saved_LIBS=$LIBS
+ AC_SEARCH_LIBS([argp_parse],[argp])
+ AC_SUBST(ARGP_LIBS, $LIBS)
+ LIBS=$saved_LIBS
+fi
+
+dnl Crypto backend configuration.
+AC_ARG_WITH([crypto_backend],
+ AS_HELP_STRING([--with-crypto_backend=BACKEND], [crypto backend (gcrypt/openssl/nss/kernel/nettle) [openssl]]),
+ [], [with_crypto_backend=openssl])
+
+dnl Kernel crypto API backend needed for benchmark and tcrypt
+AC_ARG_ENABLE([kernel_crypto],
+ AS_HELP_STRING([--disable-kernel_crypto], [disable kernel userspace crypto (no benchmark and tcrypt)]),
+ [], [enable_kernel_crypto=yes])
+
+if test "x$enable_kernel_crypto" = "xyes"; then
+ AC_CHECK_HEADERS(linux/if_alg.h,,
+ [AC_MSG_ERROR([You need Linux kernel headers with userspace crypto interface. (Or use --disable-kernel_crypto.)])])
+ AC_DEFINE(ENABLE_AF_ALG, 1, [Enable using of kernel userspace crypto])
+fi
+
+case $with_crypto_backend in
+ gcrypt) CONFIGURE_GCRYPT([]) ;;
+ openssl) CONFIGURE_OPENSSL([]) ;;
+ nss) CONFIGURE_NSS([]) ;;
+ kernel) CONFIGURE_KERNEL([]) ;;
+ nettle) CONFIGURE_NETTLE([]) ;;
+ *) AC_MSG_ERROR([Unknown crypto backend.]) ;;
+esac
+AM_CONDITIONAL(CRYPTO_BACKEND_GCRYPT, test "$with_crypto_backend" = "gcrypt")
+AM_CONDITIONAL(CRYPTO_BACKEND_OPENSSL, test "$with_crypto_backend" = "openssl")
+AM_CONDITIONAL(CRYPTO_BACKEND_NSS, test "$with_crypto_backend" = "nss")
+AM_CONDITIONAL(CRYPTO_BACKEND_KERNEL, test "$with_crypto_backend" = "kernel")
+AM_CONDITIONAL(CRYPTO_BACKEND_NETTLE, test "$with_crypto_backend" = "nettle")
+
+AM_CONDITIONAL(CRYPTO_INTERNAL_PBKDF2, test $use_internal_pbkdf2 = 1)
+AC_DEFINE_UNQUOTED(USE_INTERNAL_PBKDF2, [$use_internal_pbkdf2], [Use internal PBKDF2])
+
+dnl Argon2 implementation
+AC_ARG_ENABLE([internal-argon2],
+ AS_HELP_STRING([--disable-internal-argon2], [disable internal implementation of Argon2 PBKDF]),
+ [], [enable_internal_argon2=yes])
+
+AC_ARG_ENABLE([libargon2],
+ AS_HELP_STRING([--enable-libargon2], [enable external libargon2 (PHC) library (disables internal bundled version)]))
+
+if test "x$enable_libargon2" = "xyes" ; then
+ AC_CHECK_HEADERS(argon2.h,,
+ [AC_MSG_ERROR([You need libargon2 development library installed.])])
+ AC_CHECK_DECL(Argon2_id,,[AC_MSG_ERROR([You need more recent Argon2 library with support for Argon2id.])], [#include <argon2.h>])
+ PKG_CHECK_MODULES([LIBARGON2], [libargon2],,[LIBARGON2_LIBS="-largon2"])
+ enable_internal_argon2=no
+else
+ AC_MSG_WARN([Argon2 bundled (slow) reference implementation will be used, please consider to use system library with --enable-libargon2.])
+
+ AC_ARG_ENABLE([internal-sse-argon2],
+ AS_HELP_STRING([--enable-internal-sse-argon2], [enable internal SSE implementation of Argon2 PBKDF]))
+
+ if test "x$enable_internal_sse_argon2" = "xyes"; then
+ AC_MSG_CHECKING(if Argon2 SSE optimization can be used)
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+ #include <emmintrin.h>
+ __m128i testfunc(__m128i *a, __m128i *b) {
+ return _mm_xor_si128(_mm_loadu_si128(a), _mm_loadu_si128(b));
+ }
+ ]])],,[enable_internal_sse_argon2=no])
+ AC_MSG_RESULT($enable_internal_sse_argon2)
+ fi
+fi
+
+if test "x$enable_internal_argon2" = "xyes"; then
+ AC_DEFINE(USE_INTERNAL_ARGON2, 1, [Use internal Argon2])
+fi
+AM_CONDITIONAL(CRYPTO_INTERNAL_ARGON2, test "x$enable_internal_argon2" = "xyes")
+AM_CONDITIONAL(CRYPTO_INTERNAL_SSE_ARGON2, test "x$enable_internal_sse_argon2" = "xyes")
+
+dnl Link with blkid to check for other device types
+AC_ARG_ENABLE([blkid],
+ AS_HELP_STRING([--disable-blkid], [disable use of blkid for device signature detection and wiping]),
+ [], [enable_blkid=yes])
+
+if test "x$enable_blkid" = "xyes"; then
+ PKG_CHECK_MODULES([BLKID], [blkid],[AC_DEFINE([HAVE_BLKID], 1, [Define to 1 to use blkid for detection of disk signatures.])],[LIBBLKID_LIBS="-lblkid"])
+
+ AC_CHECK_HEADERS(blkid/blkid.h,,[AC_MSG_ERROR([You need blkid development library installed.])])
+ AC_CHECK_DECL([blkid_do_wipe],
+ [ AC_DEFINE([HAVE_BLKID_WIPE], 1, [Define to 1 to use blkid_do_wipe.])
+ enable_blkid_wipe=yes
+ ],,
+ [#include <blkid/blkid.h>])
+ AC_CHECK_DECL([blkid_probe_step_back],
+ [ AC_DEFINE([HAVE_BLKID_STEP_BACK], 1, [Define to 1 to use blkid_probe_step_back.])
+ enable_blkid_step_back=yes
+ ],,
+ [#include <blkid/blkid.h>])
+ AC_CHECK_DECLS([ blkid_reset_probe,
+ blkid_probe_set_device,
+ blkid_probe_filter_superblocks_type,
+ blkid_do_safeprobe,
+ blkid_do_probe,
+ blkid_probe_lookup_value
+ ],,
+ [AC_MSG_ERROR([Can not compile with blkid support, disable it by --disable-blkid.])],
+ [#include <blkid/blkid.h>])
+fi
+AM_CONDITIONAL(HAVE_BLKID, test "x$enable_blkid" = "xyes")
+AM_CONDITIONAL(HAVE_BLKID_WIPE, test "x$enable_blkid_wipe" = "xyes")
+AM_CONDITIONAL(HAVE_BLKID_STEP_BACK, test "x$enable_blkid_step_back" = "xyes")
+
+dnl Magic for cryptsetup.static build.
+if test "x$enable_static_cryptsetup" = "xyes"; then
+ saved_PKG_CONFIG=$PKG_CONFIG
+ PKG_CONFIG="$PKG_CONFIG --static"
+
+ LIBS="$saved_LIBS -static"
+ AC_CHECK_LIB(popt, poptGetContext,,
+ AC_MSG_ERROR([Cannot find static popt library.]))
+
+ dnl Try to detect needed device-mapper static libraries, try pkg-config first.
+ LIBS="$saved_LIBS -static"
+ PKG_CHECK_MODULES([DEVMAPPER_STATIC], [devmapper >= 1.02.27],,[
+ DEVMAPPER_STATIC_LIBS=$DEVMAPPER_LIBS
+ if test "x$enable_selinux" = "xyes"; then
+ AC_CHECK_LIB(sepol, sepol_bool_set)
+ AC_CHECK_LIB(selinux, is_selinux_enabled)
+ DEVMAPPER_STATIC_LIBS="$DEVMAPPER_STATIC_LIBS $LIBS"
+ fi
+ ])
+ LIBS="$saved_LIBS $DEVMAPPER_STATIC_LIBS"
+ AC_CHECK_LIB(devmapper, dm_task_set_uuid,,
+ AC_MSG_ERROR([Cannot link with static device-mapper library.]))
+
+ dnl Try to detect uuid static library.
+ LIBS="$saved_LIBS -static"
+ AC_CHECK_LIB(uuid, uuid_generate,,
+ AC_MSG_ERROR([Cannot find static uuid library.]))
+
+ LIBS=$saved_LIBS
+ PKG_CONFIG=$saved_PKG_CONFIG
+fi
+
+dnl Check compiler support for symver function attribute
+AC_MSG_CHECKING([for symver attribute support])
+saved_CFLAGS=$CFLAGS
+CFLAGS="-O0 -Werror"
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+ void _test_sym(void);
+ __attribute__((__symver__("sym@VERSION_4.2"))) void _test_sym(void) {}
+]],
+[[ _test_sym() ]]
+)],[
+ AC_DEFINE([HAVE_ATTRIBUTE_SYMVER], 1, [Define to 1 to use __attribute__((symver))])
+ AC_MSG_RESULT([yes])
+], [
+ AC_MSG_RESULT([no])
+])
+CFLAGS=$saved_CFLAGS
+
+AC_MSG_CHECKING([for systemd tmpfiles config directory])
+PKG_CHECK_VAR([systemd_tmpfilesdir], [systemd], [tmpfilesdir], [], [systemd_tmpfilesdir=no])
+AC_MSG_RESULT([$systemd_tmpfilesdir])
+
+AC_SUBST([DEVMAPPER_LIBS])
+AC_SUBST([DEVMAPPER_STATIC_LIBS])
+
+AC_SUBST([PWQUALITY_LIBS])
+AC_SUBST([PWQUALITY_STATIC_LIBS])
+
+AC_SUBST([PASSWDQC_LIBS])
+
+AC_SUBST([CRYPTO_CFLAGS])
+AC_SUBST([CRYPTO_LIBS])
+AC_SUBST([CRYPTO_STATIC_LIBS])
+
+AC_SUBST([JSON_C_LIBS])
+AC_SUBST([LIBARGON2_LIBS])
+AC_SUBST([BLKID_LIBS])
+
+AC_SUBST([LIBSSH_LIBS])
+
+AC_SUBST([LIBCRYPTSETUP_VERSION])
+AC_SUBST([LIBCRYPTSETUP_VERSION_INFO])
+
+dnl Set Requires.private for libcryptsetup.pc
+dnl pwquality is used only by tools
+PKGMODULES="uuid devmapper json-c"
+case $with_crypto_backend in
+ gcrypt) PKGMODULES+=" libgcrypt" ;;
+ openssl) PKGMODULES+=" openssl" ;;
+ nss) PKGMODULES+=" nss" ;;
+ nettle) PKGMODULES+=" nettle" ;;
+esac
+if test "x$enable_libargon2" = "xyes"; then
+ PKGMODULES+=" libargon2"
+fi
+if test "x$enable_blkid" = "xyes"; then
+ PKGMODULES+=" blkid"
+fi
+AC_SUBST([PKGMODULES])
+dnl ==========================================================================
+AC_ARG_ENABLE([dev-random],
+ AS_HELP_STRING([--enable-dev-random], [use /dev/random by default for key generation (otherwise use /dev/urandom)]))
+if test "x$enable_dev_random" = "xyes"; then
+ default_rng=/dev/random
+else
+ default_rng=/dev/urandom
+fi
+AC_DEFINE_UNQUOTED(DEFAULT_RNG, ["$default_rng"], [default RNG type for key generator])
+
+dnl ==========================================================================
+AC_DEFUN([CS_DEFINE],
+ [AC_DEFINE_UNQUOTED(DEFAULT_[]m4_translit([$1], [-a-z], [_A-Z]), [$2], [$3])
+])
+
+AC_DEFUN([CS_STR_WITH], [AC_ARG_WITH([$1],
+ [AS_HELP_STRING(--with-[$1], [default $2 [$3]])],
+ [CS_DEFINE([$1], ["$withval"], [$2])],
+ [CS_DEFINE([$1], ["$3"], [$2])]
+)])
+
+AC_DEFUN([CS_NUM_WITH], [AC_ARG_WITH([$1],
+ [AS_HELP_STRING(--with-[$1], [default $2 [$3]])],
+ [CS_DEFINE([$1], [$withval], [$2])],
+ [CS_DEFINE([$1], [$3], [$2])]
+)])
+
+AC_DEFUN([CS_ABSPATH], [
+ case "$1" in
+ /*) ;;
+ *) AC_MSG_ERROR([$2 argument must be an absolute path.]);;
+ esac
+])
+
+dnl ==========================================================================
+CS_STR_WITH([plain-hash], [password hashing function for plain mode], [ripemd160])
+CS_STR_WITH([plain-cipher], [cipher for plain mode], [aes])
+CS_STR_WITH([plain-mode], [cipher mode for plain mode], [cbc-essiv:sha256])
+CS_NUM_WITH([plain-keybits],[key length in bits for plain mode], [256])
+
+CS_STR_WITH([luks1-hash], [hash function for LUKS1 header], [sha256])
+CS_STR_WITH([luks1-cipher], [cipher for LUKS1], [aes])
+CS_STR_WITH([luks1-mode], [cipher mode for LUKS1], [xts-plain64])
+CS_NUM_WITH([luks1-keybits],[key length in bits for LUKS1], [256])
+
+AC_ARG_ENABLE([luks_adjust_xts_keysize], AS_HELP_STRING([--disable-luks-adjust-xts-keysize],
+ [XTS mode requires two keys, double default LUKS keysize if needed]),
+ [], [enable_luks_adjust_xts_keysize=yes])
+if test "x$enable_luks_adjust_xts_keysize" = "xyes"; then
+ AC_DEFINE(ENABLE_LUKS_ADJUST_XTS_KEYSIZE, 1, [XTS mode - double default LUKS keysize if needed])
+fi
+
+CS_STR_WITH([luks2-pbkdf], [Default PBKDF algorithm (pbkdf2 or argon2i/argon2id) for LUKS2], [argon2id])
+CS_NUM_WITH([luks1-iter-time], [PBKDF2 iteration time for LUKS1 (in ms)], [2000])
+CS_NUM_WITH([luks2-iter-time], [Argon2 PBKDF iteration time for LUKS2 (in ms)], [2000])
+CS_NUM_WITH([luks2-memory-kb], [Argon2 PBKDF memory cost for LUKS2 (in kB)], [1048576])
+CS_NUM_WITH([luks2-parallel-threads],[Argon2 PBKDF max parallel cost for LUKS2 (if CPUs available)], [4])
+
+CS_STR_WITH([luks2-keyslot-cipher], [fallback cipher for LUKS2 keyslot (if data encryption is incompatible)], [aes-xts-plain64])
+CS_NUM_WITH([luks2-keyslot-keybits],[fallback key size for LUKS2 keyslot (if data encryption is incompatible)], [512])
+
+CS_STR_WITH([loopaes-cipher], [cipher for loop-AES mode], [aes])
+CS_NUM_WITH([loopaes-keybits],[key length in bits for loop-AES mode], [256])
+
+CS_NUM_WITH([keyfile-size-maxkb],[maximum keyfile size (in KiB)], [8192])
+CS_NUM_WITH([integrity-keyfile-size-maxkb],[maximum integritysetup keyfile size (in KiB)], [4])
+CS_NUM_WITH([passphrase-size-max],[maximum passphrase size (in characters)], [512])
+
+CS_STR_WITH([verity-hash], [hash function for verity mode], [sha256])
+CS_NUM_WITH([verity-data-block], [data block size for verity mode], [4096])
+CS_NUM_WITH([verity-hash-block], [hash block size for verity mode], [4096])
+CS_NUM_WITH([verity-salt-size], [salt size for verity mode], [32])
+CS_NUM_WITH([verity-fec-roots], [parity bytes for verity FEC], [2])
+
+CS_STR_WITH([tmpfilesdir], [override default path to directory with systemd temporary files], [])
+test -z "$with_tmpfilesdir" && with_tmpfilesdir=$systemd_tmpfilesdir
+test "x$with_tmpfilesdir" = "xno" || {
+ CS_ABSPATH([${with_tmpfilesdir}],[with-tmpfilesdir])
+ DEFAULT_TMPFILESDIR=$with_tmpfilesdir
+ AC_SUBST(DEFAULT_TMPFILESDIR)
+}
+AM_CONDITIONAL(CRYPTSETUP_TMPFILE, test -n "$DEFAULT_TMPFILESDIR")
+
+CS_STR_WITH([luks2-lock-path], [path to directory for LUKSv2 locks], [/run/cryptsetup])
+test -z "$with_luks2_lock_path" && with_luks2_lock_path=/run/cryptsetup
+CS_ABSPATH([${with_luks2_lock_path}],[with-luks2-lock-path])
+DEFAULT_LUKS2_LOCK_PATH=$with_luks2_lock_path
+AC_SUBST(DEFAULT_LUKS2_LOCK_PATH)
+
+CS_NUM_WITH([luks2-lock-dir-perms], [default luks2 locking directory permissions], [0700])
+test -z "$with_luks2_lock_dir_perms" && with_luks2_lock_dir_perms=0700
+DEFAULT_LUKS2_LOCK_DIR_PERMS=$with_luks2_lock_dir_perms
+AC_SUBST(DEFAULT_LUKS2_LOCK_DIR_PERMS)
+
+CS_STR_WITH([luks2-external-tokens-path], [path to directory with LUKSv2 external token handlers (plugins)], [LIBDIR/cryptsetup])
+if test -n "$with_luks2_external_tokens_path"; then
+ CS_ABSPATH([${with_luks2_external_tokens_path}],[with-luks2-external-tokens-path])
+ EXTERNAL_LUKS2_TOKENS_PATH=$with_luks2_external_tokens_path
+else
+ EXTERNAL_LUKS2_TOKENS_PATH="\${libdir}/cryptsetup"
+fi
+AC_SUBST(EXTERNAL_LUKS2_TOKENS_PATH)
+
+dnl Override default LUKS format version (for cryptsetup or cryptsetup-reencrypt format actions only).
+AC_ARG_WITH([default_luks_format],
+ AS_HELP_STRING([--with-default-luks-format=FORMAT], [default LUKS format version (LUKS1/LUKS2) [LUKS2]]),
+ [], [with_default_luks_format=LUKS2])
+
+case $with_default_luks_format in
+ LUKS1) default_luks=CRYPT_LUKS1 ;;
+ LUKS2) default_luks=CRYPT_LUKS2 ;;
+ *) AC_MSG_ERROR([Unknown default LUKS format. Use LUKS1 or LUKS2 only.]) ;;
+esac
+AC_DEFINE_UNQUOTED([DEFAULT_LUKS_FORMAT], [$default_luks], [default LUKS format version])
+
+dnl ==========================================================================
+
+AC_CONFIG_FILES([ Makefile
+lib/libcryptsetup.pc
+po/Makefile.in
+scripts/cryptsetup.conf
+tests/Makefile
+tests/fuzz/Makefile
+])
+AC_OUTPUT