summaryrefslogtreecommitdiff
path: root/configure.ac
diff options
context:
space:
mode:
Diffstat (limited to 'configure.ac')
-rw-r--r--configure.ac219
1 files changed, 184 insertions, 35 deletions
diff --git a/configure.ac b/configure.ac
index 39d2470ee3..b5385857b7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2019, The Tor Project, Inc.
dnl See LICENSE for licensing information
AC_PREREQ([2.63])
-AC_INIT([tor],[0.4.4.6-dev])
+AC_INIT([tor],[0.4.5.1-alpha-dev])
AC_CONFIG_SRCDIR([src/app/main/tor_main.c])
AC_CONFIG_MACRO_DIR([m4])
@@ -16,7 +16,7 @@ configure_flags="$*"
# version number changes. Tor uses it to make sure that it
# only shuts down for missing "required protocols" when those protocols
# are listed as required by a consensus after this date.
-AC_DEFINE(APPROX_RELEASE_DATE, ["2020-11-12"], # for 0.4.4.6-dev
+AC_DEFINE(APPROX_RELEASE_DATE, ["2020-11-01"], # for 0.4.5.1-alpha-dev
[Approximate date when this software was released. (Updated when the version changes.)])
# "foreign" means we don't follow GNU package layout standards
@@ -24,6 +24,11 @@ AC_DEFINE(APPROX_RELEASE_DATE, ["2020-11-12"], # for 0.4.4.6-dev
# "subdir-objects" means put .o files in the same directory as the .c files
AM_INIT_AUTOMAKE([foreign 1.11 subdir-objects -Wall -Werror])
+tor_ac_n_warnings=0
+tor_incr_n_warnings() {
+ tor_ac_n_warnings=`expr $tor_ac_n_warnings + 1`
+}
+
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
AC_CONFIG_HEADERS([orconfig.h])
@@ -256,16 +261,84 @@ AC_ARG_ENABLE(seccomp,
AC_ARG_ENABLE(libscrypt,
AS_HELP_STRING(--disable-libscrypt, [do not attempt to use libscrypt]))
-dnl Enable event tracing which are transformed to debug log statement.
-AC_ARG_ENABLE(event-tracing-debug,
- AS_HELP_STRING(--enable-event-tracing-debug, [build with event tracing to debug log]))
-AM_CONDITIONAL([USE_EVENT_TRACING_DEBUG], [test "x$enable_event_tracing_debug" = "xyes"])
+dnl --- Tracing Options. ---
+
+TOR_TRACE_LIBS=
+
+dnl LTTng instrumentation option.
+AC_ARG_ENABLE(tracing-instrumentation-lttng,
+ AS_HELP_STRING([--enable-tracing-instrumentation-lttng],
+ [build with LTTng-UST instrumentation]))
+AM_CONDITIONAL([USE_TRACING_INSTRUMENTATION_LTTNG],
+ [test "x$enable_tracing_instrumentation_lttng" = "xyes"])
+
+if test "x$enable_tracing_instrumentation_lttng" = "xyes"; then
+ AC_CHECK_HEADERS([lttng/tracepoint.h], [],
+ [AC_MSG_ERROR([LTTng instrumentation headers not found.
+ On Debian, apt install liblttng-ust-dev"])], [])
+ AC_DEFINE([USE_TRACING_INSTRUMENTATION_LTTNG], [1], [Using LTTng instrumentation])
+ TOR_TRACE_LIBS="-llttng-ust -ldl"
+ have_tracing=1
+fi
+
+dnl USDT instrumentation option.
+AC_ARG_ENABLE(tracing-instrumentation-usdt,
+ AS_HELP_STRING([--enable-tracing-instrumentation-usdt],
+ [build with tracing USDT instrumentation]))
+AM_CONDITIONAL([USE_TRACING_INSTRUMENTATION_USDT],
+ [test "x$enable_tracing_instrumentation_usdt" = "xyes"])
+
+if test "x$enable_tracing_instrumentation_usdt" = "xyes"; then
+ AC_CHECK_HEADERS([sys/sdt.h], [],
+ [AC_MSG_ERROR([USDT instrumentation requires sys/sdt.h header.
+ On Debian, apt install systemtap-sdt-dev])], [])
+ AC_MSG_CHECKING([STAP_PROBEV()])
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
+ #define SDT_USE_VARIADIC
+ #include <sys/sdt.h>
+ void test(void)
+ {
+ STAP_PROBEV(p, n, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12);
+ }
+ ]])], [
+ AC_MSG_RESULT([yes])
+ dnl LTTng generates USDT probes if the UST library was built with
+ dnl --with-sdt. There is unfortunately no way to check that so we always
+ dnl build the USDT probes even though LTTng instrumentation was requested.
+ AC_DEFINE([USE_TRACING_INSTRUMENTATION_USDT], [1], [Using USDT instrumentation])
+ have_tracing=1
+ ], [
+ AC_MSG_RESULT([no])
+ AC_MSG_ERROR([USDT tracing support requires STAP_PROBEV()])
+ ])
+fi
-if test x$enable_event_tracing_debug = xyes; then
- AC_DEFINE([USE_EVENT_TRACING_DEBUG], [1], [Tracing framework to log debug])
- AC_DEFINE([TOR_EVENT_TRACING_ENABLED], [1], [Compile the event tracing instrumentation])
+dnl Tracepoints event to debug logs.
+AC_ARG_ENABLE(tracing-instrumentation-log-debug,
+ AS_HELP_STRING([--enable-tracing-instrumentation-log-debug],
+ [build with tracing event to debug log]),
+ AC_DEFINE([USE_TRACING_INSTRUMENTATION_LOG_DEBUG], [1],
+ [Tracepoints to log debug]), [])
+AM_CONDITIONAL([USE_TRACING_INSTRUMENTATION_LOG_DEBUG],
+ [test "x$enable_tracing_instrumentation_log_debug" = "xyes"])
+if test "x$enable_tracing_instrumentation_log_debug" = "xyes"; then
+ have_tracing=1
fi
+dnl Define that tracing is supported if any instrumentation is used.
+AM_COND_IF([USE_TRACING_INSTRUMENTATION_LOG_DEBUG],
+ AC_DEFINE([HAVE_TRACING], [1], [Compiled with tracing support]))
+AM_COND_IF([USE_TRACING_INSTRUMENTATION_USDT],
+ AC_DEFINE([HAVE_TRACING], [1], [Compiled with tracing support]))
+AM_COND_IF([USE_TRACING_INSTRUMENTATION_LTTNG],
+ AC_DEFINE([HAVE_TRACING], [1], [Compiled with tracing support]))
+AM_CONDITIONAL([USE_TRACING], [test "x$have_tracing" = x1 ])
+
+dnl Finally, define the trace libs.
+AC_SUBST([TOR_TRACE_LIBS])
+
+dnl -- End Tracing Options. --
+
dnl Enable Android only features.
AC_ARG_ENABLE(android,
AS_HELP_STRING(--enable-android, [build with Android features enabled]))
@@ -274,10 +347,6 @@ AM_CONDITIONAL([USE_ANDROID], [test "x$enable_android" = "xyes"])
if test "x$enable_android" = "xyes"; then
AC_DEFINE([USE_ANDROID], [1], [Compile with Android specific features enabled])
- dnl Check if the Android log library is available.
- AC_CHECK_HEADERS([android/log.h])
- AC_SEARCH_LIBS(__android_log_write, [log])
-
fi
dnl ---
@@ -378,6 +447,7 @@ AC_SUBST([PYTHON], [$tor_cv_PYTHON])
PYTHON="$tor_cv_PYTHON"
if test "x$PYTHON" = "x"; then
+ tor_incr_n_warnings
AC_MSG_WARN([Python 3 unavailable; some tests will not be run.])
fi
@@ -504,14 +574,14 @@ fi
AH_BOTTOM([
#ifdef _WIN32
-/* Defined to access windows functions and definitions for >=WinXP */
+/* Defined to access windows functions and definitions for >=WinVista */
# ifndef WINVER
-# define WINVER 0x0501
+# define WINVER 0x0600
# endif
-/* Defined to access _other_ windows functions and definitions for >=WinXP */
+/* Defined to access _other_ windows functions and definitions for >=WinVista */
# ifndef _WIN32_WINNT
-# define _WIN32_WINNT 0x0501
+# define _WIN32_WINNT 0x0600
# endif
/* Defined to avoid including some windows headers as part of Windows.h */
@@ -679,12 +749,10 @@ AC_CHECK_FUNCS(
getdelim \
getifaddrs \
getline \
- getpass \
getrlimit \
gettimeofday \
gmtime_r \
gnu_get_libc_version \
- htonll \
inet_aton \
ioctl \
issetugid \
@@ -793,6 +861,8 @@ fi
AM_CONDITIONAL(BUILD_READPASSPHRASE_C,
test "x$ac_cv_func_readpassphrase" = "xno" && test "$bwin32" = "false")
+AC_CHECK_FUNCS(glob)
+
AC_MSG_CHECKING([whether free(NULL) works])
AC_RUN_IFELSE([AC_LANG_PROGRAM([
#include <stdlib.h>
@@ -814,10 +884,13 @@ dnl Where do you live, libevent? And how do we call you?
if test "$bwin32" = "true"; then
TOR_LIB_WS32=-lws2_32
TOR_LIB_IPHLPAPI=-liphlpapi
+ TOR_LIB_SHLWAPI=-lshlwapi
# Some of the cargo-cults recommend -lwsock32 as well, but I don't
# think it's actually necessary.
TOR_LIB_GDI=-lgdi32
TOR_LIB_USERENV=-luserenv
+ TOR_LIB_BCRYPT=-lbcrypt
+ TOR_LIB_CRYPT32=-lcrypt32
else
TOR_LIB_WS32=
TOR_LIB_GDI=
@@ -826,6 +899,9 @@ fi
AC_SUBST(TOR_LIB_WS32)
AC_SUBST(TOR_LIB_GDI)
AC_SUBST(TOR_LIB_IPHLPAPI)
+AC_SUBST(TOR_LIB_BCRYPT)
+AC_SUBST(TOR_LIB_CRYPT32)
+AC_SUBST(TOR_LIB_SHLWAPI)
AC_SUBST(TOR_LIB_USERENV)
tor_libevent_pkg_redhat="libevent"
@@ -842,7 +918,7 @@ if test "$enable_static_libevent" = "yes"; then
fi
fi
-TOR_SEARCH_LIBRARY(libevent, $trylibeventdir, [-levent $STATIC_LIBEVENT_FLAGS $TOR_LIB_WS32], [
+TOR_SEARCH_LIBRARY(libevent, $trylibeventdir, [-levent $STATIC_LIBEVENT_FLAGS $TOR_LIB_IPHLPAPI $TOR_LIB_BCRYPT $TOR_LIB_WS32], [
#ifdef _WIN32
#include <winsock2.h>
#endif
@@ -973,7 +1049,7 @@ AC_ARG_WITH(ssl-dir,
])
AC_MSG_NOTICE([Now, we'll look for OpenSSL >= 1.0.1])
-TOR_SEARCH_LIBRARY(openssl, $tryssldir, [-lssl -lcrypto $TOR_LIB_GDI $TOR_LIB_WS32],
+TOR_SEARCH_LIBRARY(openssl, $tryssldir, [-lssl -lcrypto $TOR_LIB_GDI $TOR_LIB_WS32 $TOR_LIB_CRYPT32],
[#include <openssl/ssl.h>
char *getenv(const char *);],
[struct ssl_cipher_st;
@@ -988,20 +1064,18 @@ TOR_SEARCH_LIBRARY(openssl, $tryssldir, [-lssl -lcrypto $TOR_LIB_GDI $TOR_LIB_WS
[if (getenv("THIS_SHOULDNT_BE_SET_X201803")) SSL_CIPHER_get_id((void *)0);], [],
[/usr/local/opt/openssl /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /opt/openssl])
-dnl XXXX check for OPENSSL_VERSION_NUMBER == SSLeay()
-
if test "$enable_static_openssl" = "yes"; then
if test "$tor_cv_library_openssl_dir" = "(system)"; then
AC_MSG_ERROR("You must specify an explicit --with-openssl-dir=x option when using --enable-static-openssl")
else
- TOR_OPENSSL_LIBS="$TOR_LIBDIR_openssl/libssl.a $TOR_LIBDIR_openssl/libcrypto.a"
+ TOR_OPENSSL_LIBS="$TOR_LIBDIR_openssl/libssl.a $TOR_LIBDIR_openssl/libcrypto.a $TOR_LIB_WS32 $TOR_LIB_CRYPT32 $TOR_LIB_BCRYPT"
fi
else
TOR_OPENSSL_LIBS="-lssl -lcrypto"
fi
AC_SUBST(TOR_OPENSSL_LIBS)
-dnl Now check for particular openssl functions.
+dnl Now validate openssl, and check for particular openssl functions.
save_LIBS="$LIBS"
save_LDFLAGS="$LDFLAGS"
save_CPPFLAGS="$CPPFLAGS"
@@ -1009,13 +1083,30 @@ LIBS="$TOR_OPENSSL_LIBS $LIBS"
LDFLAGS="$TOR_LDFLAGS_openssl $LDFLAGS"
CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS"
+dnl Tor currently uses a number of APIs that are deprecated in OpenSSL 3.0.0
+dnl and later. We want to migrate away from them, but that will be a lot of
+dnl work. (See ticket tor#40166.) For now, we disable the deprecation
+dnl warnings.
+
+AC_MSG_CHECKING([for OpenSSL >= 3.0.0])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <openssl/opensslv.h>
+#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER <= 0x30000000L
+#error "you_have_version_3"
+#endif
+ ]], [[]])],
+ [ AC_MSG_RESULT([no]) ],
+ [ AC_MSG_RESULT([yes]);
+ AC_DEFINE(OPENSSL_SUPPRESS_DEPRECATED, 1, [disable openssl deprecated-function warnings]) ])
+
+AC_MSG_CHECKING([for OpenSSL < 1.0.1])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <openssl/opensslv.h>
#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL
#error "too old"
#endif
]], [[]])],
- [ : ],
+ [ AC_MSG_RESULT([no]) ],
[ AC_MSG_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
@@ -1031,6 +1122,28 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
[ : ],
[ AC_MSG_ERROR([OpenSSL is built without full ECC support, including curves P256 and P224. You can specify a path to one with ECC support with --with-openssl-dir.]) ])
+dnl Let's see if we have a version mismatch between includes and libs.
+AC_MSG_CHECKING([for significant mismatch between openssl headers and libraries])
+ac_retval=foo
+AC_RUN_IFELSE([AC_LANG_SOURCE([AC_LANG_PROGRAM([[
+ #include <openssl/opensslv.h>
+ #include <openssl/crypto.h>
+]], [[
+ /* Include major, minor, and fix, but not patch or status. */
+ unsigned long mask = 0xfffff000;
+ unsigned long linking = OpenSSL_version_num() & mask;
+ unsigned long running = OPENSSL_VERSION_NUMBER & mask;
+ return !(linking==running);
+]])])], [openssl_ver_mismatch=no], [
+ # This is a kludge to figure out whether compilation failed, or whether
+ # running the program failed.
+ if test "$ac_retval" == "1"; then
+ openssl_ver_mismatch=inconclusive
+ else
+ openssl_ver_mismatch=yes
+ fi], [openssl_ver_mismatch=cross])
+AC_MSG_RESULT([$openssl_ver_mismatch])
+
AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , ,
[#include <openssl/ssl.h>
])
@@ -1042,7 +1155,6 @@ dnl to them.
AC_CHECK_FUNCS([ \
ERR_load_KDF_strings \
EVP_PBE_scrypt \
- EVP_sha3_256 \
SSL_CIPHER_find \
SSL_CTX_set1_groups_list \
SSL_CTX_set_security_level \
@@ -1154,6 +1266,7 @@ else
have_lzma=no)
if test "x$have_lzma" = "xno" ; then
+ tor_incr_n_warnings
AC_MSG_WARN([Unable to find liblzma, $pkg_config_user_action, or set LZMA_CFLAGS and LZMA_LIBS.])
fi
fi
@@ -1186,6 +1299,7 @@ else
have_zstd=no)
if test "x$have_zstd" = "xno" ; then
+ tor_incr_n_warnings
AC_MSG_WARN([Unable to find libzstd, $pkg_config_user_action, or set ZSTD_CFLAGS and ZSTD_LIBS.])
fi
fi
@@ -1290,6 +1404,7 @@ fi
if test "$fragile_hardening" = "yes"; then
TOR_TRY_COMPILE_WITH_CFLAGS(-ftrapv, also_link, CFLAGS_FTRAPV="-ftrapv", true)
if test "$tor_cv_cflags__ftrapv" = "yes" && test "$tor_can_link__ftrapv" != "yes"; then
+ tor_incr_n_warnings
AC_MSG_WARN([The compiler supports -ftrapv, but for some reason I was not able to link with -ftrapv. Are you missing run-time support? Run-time hardening will not work as well as it should.])
fi
@@ -1390,7 +1505,7 @@ dnl These cflags add bunches of branches, and we haven't been able to
dnl persuade ourselves that they're suitable for code that needs to be
dnl constant time.
AC_SUBST(CFLAGS_BUGTRAP)
-dnl These cflags are variant ones sutable for code that needs to be
+dnl These cflags are variant ones suitable for code that needs to be
dnl constant-time.
AC_SUBST(CFLAGS_CONSTTIME)
@@ -1569,8 +1684,6 @@ AC_CHECK_HEADERS([errno.h \
mach/vm_inherit.h \
machine/limits.h \
malloc.h \
- malloc/malloc.h \
- malloc_np.h \
netdb.h \
netinet/in.h \
netinet/in6.h \
@@ -1591,14 +1704,14 @@ AC_CHECK_HEADERS([errno.h \
sys/statvfs.h \
sys/syscall.h \
sys/sysctl.h \
- sys/syslimits.h \
sys/time.h \
sys/types.h \
sys/un.h \
sys/utime.h \
sys/wait.h \
syslog.h \
- utime.h])
+ utime.h \
+ glob.h])
AC_CHECK_HEADERS(sys/param.h)
@@ -1832,6 +1945,7 @@ void try_atomic_init(struct x *xx)
if test "$tor_cv_stdatomic_works" = "yes"; then
AC_DEFINE(STDATOMIC_WORKS, 1, [Set to 1 if we can compile a simple stdatomic example.])
elif test "$ac_cv_header_stdatomic_h" = "yes"; then
+ tor_incr_n_warnings
AC_MSG_WARN([Your compiler provides the stdatomic.h header, but it doesn't seem to work. I'll pretend it isn't there. If you are using Clang on Debian, maybe this is because of https://bugs.debian.org/903709 ])
fi
@@ -2015,6 +2129,7 @@ AS_CASE([$malloc],
],
[openbsd], [
+ tor_incr_n_warnings
AC_MSG_WARN([The openbsd malloc port is deprecated in Tor 0.3.5 and will be removed in a future version.])
enable_openbsd_malloc=yes
],
@@ -2543,6 +2658,7 @@ TOR_TRY_COMPILE_WITH_CFLAGS([@warning_flags], [],
if test "$enable_coverage" = "yes" && test "$have_clang" = "no"; then
case "$host_os" in
darwin*)
+ tor_incr_n_warnings
AC_MSG_WARN([Tried to enable coverage on OSX without using the clang compiler. This might not work! If coverage fails, use CC=clang when configuring with --enable-coverage.])
esac
fi
@@ -2554,7 +2670,6 @@ AC_CONFIG_FILES([
Makefile
config.rust
contrib/operator-tools/tor.logrotate
- contrib/dist/tor.service
src/config/torrc.sample
src/config/torrc.minimal
src/rust/.cargo/config
@@ -2563,7 +2678,7 @@ AC_CONFIG_FILES([
])
if test "x$asciidoc" = "xtrue" && test "$ASCIIDOC" = "none"; then
- regular_mans="doc/tor doc/tor-gencert doc/tor-resolve doc/torify"
+ regular_mans="doc/man/tor doc/man/tor-gencert doc/man/tor-resolve doc/man/torify"
for file in $regular_mans ; do
if ! [[ -f "$srcdir/$file.1.in" ]] || ! [[ -f "$srcdir/$file.html.in" ]] ; then
echo "==================================";
@@ -2581,6 +2696,7 @@ if test "x$asciidoc" = "xtrue" && test "$ASCIIDOC" = "none"; then
fi
if test "$fragile_hardening" = "yes"; then
+ tor_incr_n_warnings
AC_MSG_WARN([
============
@@ -2590,13 +2706,27 @@ other kinds of attacks easier. A Tor instance build with this option will be
somewhat less vulnerable to remote code execution, arithmetic overflow, or
out-of-bounds read/writes... but at the cost of becoming more vulnerable to
denial of service attacks. For more information, see
-https://trac.torproject.org/projects/tor/wiki/doc/TorFragileHardening
+https://gitlab.torproject.org/tpo/core/team/-/wikis/TorFragileHardening
============
])
fi
AC_OUTPUT
+if test "$openssl_ver_mismatch" = "yes"; then
+ tor_incr_n_warnings
+ AC_MSG_WARN([
+============
+Warning! The version OpenSSL headers we get from compiling with
+ "${TOR_CPPFLAGS_OPENSSL:-(no extra options)}"
+do not match version of the OpenSSL library we get when linking with
+ "$TOR_LDFLAGS_OPENSSL $TOR_OPENSSL_LIBS".
+This might cause compilation to fail. Try using --with-openssl-dir to specify
+the exact OpenSSL path you want.
+============
+])
+fi
+
#
# Mini-report on what will be built.
#
@@ -2725,6 +2855,18 @@ test "x$enable_oss_fuzz" = "xyes" && value=1 || value=0
PPRINT_PROP_BOOL([OSS-Fuzz support (--enable-oss-fuzz)], $value)
AS_ECHO
+PPRINT_SUBTITLE([Tracing (--enable-tracing-instrumentation-<type>)])
+
+test "x$enable_tracing_instrumentation_log_debug" = "xyes" && value=1 || value=0
+PPRINT_PROP_BOOL([Tracepoints to log_debug() (log-debug)], $value)
+
+test "x$enable_tracing_instrumentation_usdt" = "xyes" && value=1 || value=0
+PPRINT_PROP_BOOL([USDT Instrumentation (usdt)], $value)
+
+test "x$enable_tracing_instrumentation_lttng" = "xyes" && value=1 || value=0
+PPRINT_PROP_BOOL([LTTng Instrumentation (lttng)], $value)
+
+AS_ECHO
PPRINT_SUBTITLE([Install Directories])
report_mandir="`eval eval echo $mandir`"
@@ -2734,3 +2876,10 @@ PPRINT_PROP_STRING([Man Pages], [$report_mandir])
AS_ECHO
AS_ECHO(["Configure Line: ./configure $configure_flags"])
+
+if test "$tor_ac_n_warnings" != "0"; then
+ AS_ECHO
+ PPRINT_WARN([
+Encountered $tor_ac_n_warnings warning(s). See messages above for more info.
+ ])
+fi