diff options
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 182 |
1 files changed, 163 insertions, 19 deletions
diff --git a/configure.ac b/configure.ac index fe830abcb9..4eeb34dca8 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson dnl Copyright (c) 2007-2013, The Tor Project, Inc. dnl See LICENSE for licensing information -AC_INIT([tor],[0.2.4.29-dev]) +AC_INIT([tor],[0.2.5.14-dev]) AC_CONFIG_SRCDIR([src/or/main.c]) AC_CONFIG_MACRO_DIR([m4]) AM_INIT_AUTOMAKE @@ -24,7 +24,9 @@ CPPFLAGS="$CPPFLAGS -I\${top_srcdir}/src/common" #XXXX020 We should make these enabled or not, before 0.2.0.x-final AC_ARG_ENABLE(buf-freelists, - AS_HELP_STRING(--disable-buf-freelists, disable freelists for buffer RAM)) + AS_HELP_STRING(--enable-buf-freelists, enable freelists for buffer RAM)) +AC_ARG_ENABLE(mempools, + AS_HELP_STRING(--enable-mempools, enable mempools for relay cells)) AC_ARG_ENABLE(openbsd-malloc, AS_HELP_STRING(--enable-openbsd-malloc, Use malloc code from openbsd. Linux only)) AC_ARG_ENABLE(instrument-downloads, @@ -39,6 +41,13 @@ AC_ARG_ENABLE(static-tor, AS_HELP_STRING(--enable-static-tor, Create an entirely static Tor binary. Requires --with-openssl-dir and --with-libevent-dir and --with-zlib-dir)) AC_ARG_ENABLE(curve25519, AS_HELP_STRING(--disable-curve25519, Build Tor with no curve25519 elliptic-curve crypto support)) +AC_ARG_ENABLE(unittests, + AS_HELP_STRING(--disable-unittests, [Don't build unit tests for Tor. Risky!])) +AC_ARG_ENABLE(coverage, + AS_HELP_STRING(--enable-coverage, [Enable coverage support in the unit-test build])) + +AM_CONDITIONAL(UNITTESTS_ENABLED, test x$enable_unittests != xno) +AM_CONDITIONAL(COVERAGE_ENABLED, test x$enable_coverage = xyes) if test "$enable_static_tor" = "yes"; then enable_static_libevent="yes"; @@ -47,10 +56,17 @@ if test "$enable_static_tor" = "yes"; then CFLAGS="$CFLAGS -static" fi -if test x$enable_buf_freelists != xno; then +if test x$enable_buf_freelists = xyes; then AC_DEFINE(ENABLE_BUF_FREELISTS, 1, [Defined if we try to use freelists for buffer RAM chunks]) fi + +AM_CONDITIONAL(USE_MEMPOOLS, test x$enable_mempools = xyes) +if test x$enable_mempools = xyes; then + AC_DEFINE(ENABLE_MEMPOOLS, 1, + [Defined if we try to use mempools for cells being relayed]) +fi + AM_CONDITIONAL(USE_OPENBSD_MALLOC, test x$enable_openbsd_malloc = xyes) if test x$enable_instrument_downloads = xyes; then AC_DEFINE(INSTRUMENT_DOWNLOADS, 1, @@ -122,13 +138,13 @@ AC_ARG_ENABLE(gcc-warnings, AC_ARG_ENABLE(gcc-warnings-advisory, AS_HELP_STRING(--enable-gcc-warnings-advisory, [enable verbose warnings, excluding -Werror])) -dnl Adam shostack suggests the following for Windows: -dnl -D_FORTIFY_SOURCE=2 -fstack-protector-all dnl Others suggest '/gs /safeseh /nxcompat /dynamicbase' for non-gcc on Windows -dnl This requires that we use gcc and that we add -O2 to the CFLAGS. AC_ARG_ENABLE(gcc-hardening, AS_HELP_STRING(--disable-gcc-hardening, disable compiler security checks)) +AC_ARG_ENABLE(expensive-hardening, + AS_HELP_STRING(--enable-expensive-hardening, enable more expensive compiler hardening; makes Tor slower)) + dnl Linker hardening options dnl Currently these options are ELF specific - you can't use this with MacOSX AC_ARG_ENABLE(linker-hardening, @@ -151,12 +167,32 @@ fi]) AC_ARG_ENABLE(bufferevents, AS_HELP_STRING(--enable-bufferevents, use Libevent's buffered IO.)) +AC_ARG_ENABLE(tool-name-check, + AS_HELP_STRING(--disable-tool-name-check, check for sanely named toolchain when cross-compiling)) + +AC_ARG_ENABLE(seccomp, + AS_HELP_STRING(--disable-seccomp, do not attempt to use libseccomp)) + dnl check for the correct "ar" when cross-compiling AN_MAKEVAR([AR], [AC_PROG_AR]) AN_PROGRAM([ar], [AC_PROG_AR]) AC_DEFUN([AC_PROG_AR], [AC_CHECK_TOOL([AR], [ar], [ar])]) AC_PROG_AR +dnl Check whether the above macro has settled for a simply named tool even +dnl though we're cross compiling. We must do this before running AC_PROG_CC, +dnl because that will find any cc on the system, not only the cross-compiler, +dnl and then verify that a binary built with this compiler runs on the +dnl build system. It will then come to the false conclusion that we're not +dnl cross-compiling. +if test x$enable_tool_name_check != xno; then + if test x$ac_tool_warned = xyes; then + AC_MSG_ERROR([We are cross compiling but could not find a properly named toolchain. Do you have your cross-compiling toolchain in PATH? (You can --disable-tool-name-check to ignore this.)]) + elif test "x$ac_ct_AR" != x -a x$cross_compiling = xmaybe; then + AC_MSG_ERROR([We think we are cross compiling but could not find a properly named toolchain. Do you have your cross-compiling toolchain in PATH? (You can --disable-tool-name-check to ignore this.)]) + fi +fi + AC_PROG_CC AC_PROG_CPP AC_PROG_MAKE_SET @@ -176,6 +212,13 @@ AM_CONDITIONAL(NAT_PMP, test x$natpmp = xtrue) AM_CONDITIONAL(MINIUPNPC, test x$upnp = xtrue) AM_PROG_CC_C_O +AC_ARG_VAR(PYTHON) +AC_CHECK_PROGS(PYTHON, [python python2 python2.7 python3 python3.3]) +if test "x$PYTHON" = "x"; then + AC_MSG_WARN([Python unavailable; some tests will not be run.]) +fi +AM_CONDITIONAL(USEPYTHON, [test "x$PYTHON" != "x"]) + ifdef([AC_C_FLEXIBLE_ARRAY_MEMBER], [ AC_C_FLEXIBLE_ARRAY_MEMBER ], [ @@ -295,6 +338,8 @@ dnl exports strlcpy without defining it in a header. AC_CHECK_FUNCS( _NSGetEnviron \ accept4 \ + backtrace \ + backtrace_symbols_fd \ clock_gettime \ flock \ ftime \ @@ -312,6 +357,7 @@ AC_CHECK_FUNCS( memmem \ prctl \ rint \ + sigaction \ socketpair \ strlcat \ strlcpy \ @@ -319,7 +365,9 @@ AC_CHECK_FUNCS( strtok_r \ strtoull \ sysconf \ + sysctl \ uname \ + usleep \ vasprintf \ _vscprintf ) @@ -395,7 +443,13 @@ save_CPPFLAGS="$CPPFLAGS" LIBS="-levent $STATIC_LIBEVENT_FLAGS $TOR_LIB_WS32 $LIBS" LDFLAGS="$TOR_LDFLAGS_libevent $LDFLAGS" CPPFLAGS="$TOR_CPPFLAGS_libevent $CPPFLAGS" -AC_CHECK_FUNCS(event_get_version event_get_version_number event_get_method event_set_log_callback evdns_set_outgoing_bind_address event_base_loopexit) +AC_CHECK_FUNCS([event_get_version \ + event_get_version_number \ + event_get_method \ + event_set_log_callback \ + evutil_secure_rng_set_urandom_device_file \ + evutil_secure_rng_init \ + event_base_loopexit]) AC_CHECK_MEMBERS([struct event.min_heap_idx], , , [#include <event.h> ]) @@ -492,7 +546,7 @@ dnl ------------------------------------------------------ dnl Where do you live, openssl? And how do we call you? tor_openssl_pkg_redhat="openssl" -tor_openssl_pkg_debian="libssl" +tor_openssl_pkg_debian="libssl-dev" tor_openssl_devpkg_redhat="openssl-devel" tor_openssl_devpkg_debian="libssl-dev" @@ -524,6 +578,10 @@ else fi AC_SUBST(TOR_OPENSSL_LIBS) +AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , , +[#include <openssl/ssl.h> +]) + dnl ------------------------------------------------------ dnl Where do you live, zlib? And how do we call you? @@ -569,7 +627,16 @@ if test x$enable_gcc_hardening != xno; then if test x$have_clang = xyes; then TOR_CHECK_CFLAGS(-Qunused-arguments) fi - TOR_CHECK_CFLAGS(-fstack-protector-all) + TOR_CHECK_CFLAGS(-fstack-protector-all, also_link) + AS_VAR_PUSHDEF([can_compile], [tor_cv_cflags_-fstack-protector-all]) + AS_VAR_PUSHDEF([can_link], [tor_can_link_-fstack-protector-all]) + AS_VAR_IF(can_compile, [yes], + AS_VAR_IF(can_link, [yes], + [], + AC_MSG_ERROR([We tried to build with stack protection; it looks like your compiler supports it but your libc does not provide it. Are you missing libssp? (You can --disable-gcc-hardening to ignore this error.)])) + ) + AS_VAR_POPDEF([can_link]) + AS_VAR_POPDEF([can_compile]) TOR_CHECK_CFLAGS(-Wstack-protector) TOR_CHECK_CFLAGS(-fwrapv) TOR_CHECK_CFLAGS(--param ssp-buffer-size=1) @@ -579,10 +646,40 @@ if test x$enable_gcc_hardening != xno; then fi fi +if test x$enable_expensive_hardening = xyes ; then + TOR_CHECK_CFLAGS([-fsanitize=address]) + TOR_CHECK_CFLAGS([-fsanitize=undefined]) + TOR_CHECK_CFLAGS([-fno-omit-frame-pointer]) +fi + if test x$enable_linker_hardening != xno; then TOR_CHECK_LDFLAGS(-z relro -z now, "$all_ldflags_for_check", "$all_libs_for_check") fi +# For backtrace support +TOR_CHECK_LDFLAGS(-rdynamic) + +dnl ------------------------------------------------------ +dnl Now see if we have a -fomit-frame-pointer compiler option. + +saved_CFLAGS="$CFLAGS" +TOR_CHECK_CFLAGS(-fomit-frame-pointer) +F_OMIT_FRAME_POINTER='' +if test "$saved_CFLAGS" != "$CFLAGS"; then + if test x$enable_expensive_hardening != xyes ; then + F_OMIT_FRAME_POINTER='-fomit-frame-pointer' + fi +fi +CFLAGS="$saved_CFLAGS" +AC_SUBST(F_OMIT_FRAME_POINTER) + +dnl ------------------------------------------------------ +dnl If we are adding -fomit-frame-pointer (or if the compiler's doing it +dnl for us, as GCC 4.6 and later do at many optimization levels), then +dnl we should try to add -fasynchronous-unwind-tables so that our backtrace +dnl code will work. +TOR_CHECK_CFLAGS(-fasynchronous-unwind-tables) + dnl ------------------------------------------------------ dnl Where do you live, libnatpmp? And how do we call you? dnl There are no packages for Debian or Redhat as of this patch @@ -643,6 +740,14 @@ if test "$upnp" = "true"; then fi dnl ============================================================ +dnl Check for libseccomp + +if test "x$enable_seccomp" != "xno"; then + AC_CHECK_HEADERS([seccomp.h]) + AC_SEARCH_LIBS(seccomp_init, [seccomp]) +fi + +dnl ============================================================ dnl We need an implementation of curve25519. dnl set these defaults. @@ -678,7 +783,7 @@ if test x$enable_curve25519 != xno; then ])], [tor_cv_can_use_curve25519_donna_c64=yes], [tor_cv_can_use_curve25519_donna_c64=no], - [AC_COMPILE_IFELSE( + [AC_LINK_IFELSE( [AC_LANG_PROGRAM([dnl #include <stdint.h> typedef unsigned uint128_t __attribute__((mode(TI))); @@ -776,6 +881,7 @@ dnl These headers are not essential AC_CHECK_HEADERS( arpa/inet.h \ crt_externs.h \ + execinfo.h \ grp.h \ ifaddrs.h \ inttypes.h \ @@ -797,7 +903,9 @@ AC_CHECK_HEADERS( sys/param.h \ sys/prctl.h \ sys/resource.h \ + sys/select.h \ sys/socket.h \ + sys/sysctl.h \ sys/syslimits.h \ sys/time.h \ sys/types.h \ @@ -904,6 +1012,8 @@ AC_CHECK_SIZEOF(pid_t) AC_CHECK_TYPES([uint, u_char, ssize_t]) +AC_PC_FROM_UCONTEXT([/bin/true]) + dnl used to include sockaddr_storage, but everybody has that. AC_CHECK_TYPES([struct in6_addr, struct sockaddr_in6, sa_family_t], , , [#ifdef HAVE_SYS_TYPES_H @@ -1139,7 +1249,6 @@ if [[ $dmalloc -eq 1 ]]; then AC_CHECK_HEADERS(dmalloc.h, , AC_MSG_ERROR(dmalloc header file not found. Do you have the development files for dmalloc installed?)) AC_SEARCH_LIBS(dmalloc_malloc, [dmallocth dmalloc], , AC_MSG_ERROR(Libdmalloc library not found. If you enable it you better have it installed.)) AC_DEFINE(USE_DMALLOC, 1, [Debug memory allocation library]) - AC_DEFINE(DMALLOC_FUNC_CHECK, 1, [Enable dmalloc's malloc function check]) AC_CHECK_FUNCS(dmalloc_strdup dmalloc_strndup) fi @@ -1381,6 +1490,12 @@ if test x$enable_gcc_warnings = xyes || test x$enable_gcc_warnings_advisory = xy #error #endif])], have_gcc43=yes, have_gcc43=no) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [ +#if !defined(__GNUC__) || (__GNUC__ < 4) || (__GNUC__ == 4 && __GNUC_MINOR__ < 6) +#error +#endif])], have_gcc46=yes, have_gcc46=no) + + save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -Wshorten-64-to-32" AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [])], have_shorten64_flag=yes, @@ -1432,31 +1547,60 @@ if test x$enable_gcc_warnings = xyes || test x$enable_gcc_warnings_advisory = xy CFLAGS="$CFLAGS -Wextra -Warray-bounds" fi + if test x$have_gcc46 = xyes ; then + # This warning was added in gcc 4.3, but it appears to generate + # spurious warnings in gcc 4.4. I don't know if it works in 4.5. + CFLAGS="$CFLAGS -Wlogical-op" + fi + if test x$have_shorten64_flag = xyes ; then CFLAGS="$CFLAGS -Wshorten-64-to-32" fi + + ##This will break the world on some 64-bit architectures # CFLAGS="$CFLAGS -Winline" fi - +if test "$enable_coverage" = yes && test "$have_clang" = "no"; then + case "$host_os" in + darwin*) + AC_MSG_WARN([Tried to enable coverage on OSX without using the clang compiler. This might not work! If coverage fails, use CC=clang when configuring with --enable-profiling.]) + esac +fi CPPFLAGS="$CPPFLAGS $TOR_CPPFLAGS_libevent $TOR_CPPFLAGS_openssl $TOR_CPPFLAGS_zlib" AC_CONFIG_FILES([ Doxyfile Makefile - contrib/suse/tor.sh - contrib/tor.logrotate - contrib/tor.sh - contrib/torctl - contrib/torify + contrib/dist/suse/tor.sh + contrib/operator-tools/tor.logrotate + contrib/dist/tor.sh + contrib/dist/torctl + contrib/dist/tor.service src/config/torrc.sample ]) +if test x$asciidoc = xtrue && test "$ASCIIDOC" = "none" ; then + regular_mans="doc/tor doc/tor-gencert doc/tor-resolve doc/torify" + for file in $regular_mans ; do + if ! [[ -f "$srcdir/$file.1.in" ]] || ! [[ -f "$srcdir/$file.html.in" ]] ; then + echo "=================================="; + echo; + echo "You need asciidoc installed to be able to build the manpage."; + echo "To build without manpages, use the --disable-asciidoc argument"; + echo "when calling configure."; + echo; + echo "=================================="; + exit 1; + fi + done +fi + AC_OUTPUT -if test -x /usr/bin/perl && test -x ./contrib/updateVersions.pl ; then - ./contrib/updateVersions.pl +if test -x /usr/bin/perl && test -x ./scripts/maint/updateVersions.pl ; then + ./scripts/maint/updateVersions.pl fi |