diff options
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 868 |
1 files changed, 506 insertions, 362 deletions
diff --git a/configure.ac b/configure.ac index 3177782753..6fb101bf9b 100644 --- a/configure.ac +++ b/configure.ac @@ -1,19 +1,27 @@ dnl Copyright (c) 2001-2004, Roger Dingledine dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson -dnl Copyright (c) 2007-2013, The Tor Project, Inc. +dnl Copyright (c) 2007-2015, The Tor Project, Inc. dnl See LICENSE for licensing information -AC_INIT([tor],[0.2.5.15-dev]) +AC_PREREQ([2.63]) +AC_INIT([tor],[0.2.8.16-dev]) AC_CONFIG_SRCDIR([src/or/main.c]) AC_CONFIG_MACRO_DIR([m4]) -AM_INIT_AUTOMAKE + +# "foreign" means we don't follow GNU package layout standards +# "1.11" means we require automake version 1.11 or newer +# "subdir-objects" means put .o files in the same directory as the .c files +AM_INIT_AUTOMAKE([foreign 1.11 subdir-objects]) + m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) AC_CONFIG_HEADERS([orconfig.h]) AC_CANONICAL_HOST -if test -f /etc/redhat-release ; then - if test -f /usr/kerberos/include ; then +PKG_PROG_PKG_CONFIG + +if test -f "/etc/redhat-release"; then + if test -f "/usr/kerberos/include"; then CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include" fi fi @@ -23,31 +31,34 @@ fi CPPFLAGS="$CPPFLAGS -I\${top_srcdir}/src/common" #XXXX020 We should make these enabled or not, before 0.2.0.x-final -AC_ARG_ENABLE(buf-freelists, - AS_HELP_STRING(--enable-buf-freelists, enable freelists for buffer RAM)) -AC_ARG_ENABLE(mempools, - AS_HELP_STRING(--enable-mempools, enable mempools for relay cells)) AC_ARG_ENABLE(openbsd-malloc, - AS_HELP_STRING(--enable-openbsd-malloc, Use malloc code from openbsd. Linux only)) + AS_HELP_STRING(--enable-openbsd-malloc, [use malloc code from OpenBSD. Linux only])) AC_ARG_ENABLE(instrument-downloads, - AS_HELP_STRING(--enable-instrument-downloads, Instrument downloads of directory resources etc.)) + AS_HELP_STRING(--enable-instrument-downloads, [instrument downloads of directory resources etc.])) AC_ARG_ENABLE(static-openssl, - AS_HELP_STRING(--enable-static-openssl, Link against a static openssl library. Requires --with-openssl-dir)) + AS_HELP_STRING(--enable-static-openssl, [link against a static openssl library. Requires --with-openssl-dir])) AC_ARG_ENABLE(static-libevent, - AS_HELP_STRING(--enable-static-libevent, Link against a static libevent library. Requires --with-libevent-dir)) + AS_HELP_STRING(--enable-static-libevent, [link against a static libevent library. Requires --with-libevent-dir])) AC_ARG_ENABLE(static-zlib, - AS_HELP_STRING(--enable-static-zlib, Link against a static zlib library. Requires --with-zlib-dir)) + AS_HELP_STRING(--enable-static-zlib, [link against a static zlib library. Requires --with-zlib-dir])) AC_ARG_ENABLE(static-tor, - AS_HELP_STRING(--enable-static-tor, Create an entirely static Tor binary. Requires --with-openssl-dir and --with-libevent-dir and --with-zlib-dir)) -AC_ARG_ENABLE(curve25519, - AS_HELP_STRING(--disable-curve25519, Build Tor with no curve25519 elliptic-curve crypto support)) + AS_HELP_STRING(--enable-static-tor, [create an entirely static Tor binary. Requires --with-openssl-dir and --with-libevent-dir and --with-zlib-dir])) AC_ARG_ENABLE(unittests, - AS_HELP_STRING(--disable-unittests, [Don't build unit tests for Tor. Risky!])) + AS_HELP_STRING(--disable-unittests, [don't build unit tests for Tor. Risky!])) AC_ARG_ENABLE(coverage, - AS_HELP_STRING(--enable-coverage, [Enable coverage support in the unit-test build])) + AS_HELP_STRING(--enable-coverage, [enable coverage support in the unit-test build])) +AC_ARG_ENABLE(asserts-in-tests, + AS_HELP_STRING(--disable-asserts-in-tests, [disable tor_assert() calls in the unit tests, for branch coverage])) +AC_ARG_ENABLE(system-torrc, + AS_HELP_STRING(--disable-system-torrc, [don't look for a system-wide torrc file])) + +if test "x$enable_coverage" != "xyes" -a "x$enable_asserts_in_tests" = "xno" ; then + AC_MSG_ERROR([Can't disable assertions outside of coverage build]) +fi -AM_CONDITIONAL(UNITTESTS_ENABLED, test x$enable_unittests != xno) -AM_CONDITIONAL(COVERAGE_ENABLED, test x$enable_coverage = xyes) +AM_CONDITIONAL(UNITTESTS_ENABLED, test "x$enable_unittests" != "xno") +AM_CONDITIONAL(COVERAGE_ENABLED, test "x$enable_coverage" = "xyes") +AM_CONDITIONAL(DISABLE_ASSERTS_IN_UNIT_TESTS, test "x$enable_asserts_in_tests" = "xno") if test "$enable_static_tor" = "yes"; then enable_static_libevent="yes"; @@ -56,102 +67,100 @@ if test "$enable_static_tor" = "yes"; then CFLAGS="$CFLAGS -static" fi -if test x$enable_buf_freelists = xyes; then - AC_DEFINE(ENABLE_BUF_FREELISTS, 1, - [Defined if we try to use freelists for buffer RAM chunks]) -fi - -AM_CONDITIONAL(USE_MEMPOOLS, test x$enable_mempools = xyes) -if test x$enable_mempools = xyes; then - AC_DEFINE(ENABLE_MEMPOOLS, 1, - [Defined if we try to use mempools for cells being relayed]) +if test "$enable_system_torrc" = "no"; then + AC_DEFINE(DISABLE_SYSTEM_TORRC, 1, + [Defined if we're not going to look for a torrc in SYSCONF]) fi -AM_CONDITIONAL(USE_OPENBSD_MALLOC, test x$enable_openbsd_malloc = xyes) -if test x$enable_instrument_downloads = xyes; then +AM_CONDITIONAL(USE_OPENBSD_MALLOC, test "x$enable_openbsd_malloc" = "xyes") +if test "x$enable_instrument_downloads" = "xyes"; then AC_DEFINE(INSTRUMENT_DOWNLOADS, 1, [Defined if we want to keep track of how much of each kind of resource we download.]) fi AC_ARG_ENABLE(transparent, - AS_HELP_STRING(--disable-transparent, disable transparent proxy support), + AS_HELP_STRING(--disable-transparent, [disable transparent proxy support]), [case "${enableval}" in - yes) transparent=true ;; - no) transparent=false ;; + "yes") transparent=true ;; + "no") transparent=false ;; *) AC_MSG_ERROR(bad value for --enable-transparent) ;; esac], [transparent=true]) AC_ARG_ENABLE(asciidoc, - AS_HELP_STRING(--disable-asciidoc, don't use asciidoc (disables building of manpages)), + AS_HELP_STRING(--disable-asciidoc, [don't use asciidoc (disables building of manpages)]), [case "${enableval}" in - yes) asciidoc=true ;; - no) asciidoc=false ;; + "yes") asciidoc=true ;; + "no") asciidoc=false ;; *) AC_MSG_ERROR(bad value for --disable-asciidoc) ;; esac], [asciidoc=true]) -# By default, we're not ready to ship a NAT-PMP aware Tor -AC_ARG_ENABLE(nat-pmp, - AS_HELP_STRING(--enable-nat-pmp, enable NAT-PMP support), - [case "${enableval}" in - yes) natpmp=true ;; - no) natpmp=false ;; - * ) AC_MSG_ERROR(bad value for --enable-nat-pmp) ;; - esac], [natpmp=false]) - -# By default, we're not ready to ship a UPnP aware Tor -AC_ARG_ENABLE(upnp, - AS_HELP_STRING(--enable-upnp, enable UPnP support), - [case "${enableval}" in - yes) upnp=true ;; - no) upnp=false ;; - * ) AC_MSG_ERROR(bad value for --enable-upnp) ;; - esac], [upnp=false]) - - -AC_ARG_ENABLE(threads, - AS_HELP_STRING(--disable-threads, disable multi-threading support)) - -if test x$enable_threads = x; then - case $host in - *-*-solaris* ) - # Don't try multithreading on solaris -- cpuworkers seem to lock. - AC_MSG_NOTICE([You are running Solaris; Sometimes threading makes -cpu workers lock up here, so I will disable threads.]) - enable_threads="no";; - *) - enable_threads="yes";; - esac +# systemd notify support +AC_ARG_ENABLE(systemd, + AS_HELP_STRING(--enable-systemd, [enable systemd notification support]), + [case "${enableval}" in + "yes") systemd=true ;; + "no") systemd=false ;; + * ) AC_MSG_ERROR(bad value for --enable-systemd) ;; + esac], [systemd=auto]) + + + +# systemd support +if test "x$enable_systemd" = "xno"; then + have_systemd=no; +else + PKG_CHECK_MODULES(SYSTEMD, + [libsystemd-daemon], + have_systemd=yes, + have_systemd=no) + if test "x$have_systemd" = "xno"; then + AC_MSG_NOTICE([Okay, checking for systemd a different way...]) + PKG_CHECK_MODULES(SYSTEMD, + [libsystemd], + have_systemd=yes, + have_systemd=no) + fi +fi + +if test "x$have_systemd" = "xyes"; then + AC_DEFINE(HAVE_SYSTEMD,1,[Have systemd]) + TOR_SYSTEMD_CFLAGS="${SYSTEMD_CFLAGS}" + TOR_SYSTEMD_LIBS="${SYSTEMD_LIBS}" + PKG_CHECK_MODULES(LIBSYSTEMD209, [libsystemd >= 209], + [AC_DEFINE(HAVE_SYSTEMD_209,1,[Have systemd v209 or more])], []) fi +AC_SUBST(TOR_SYSTEMD_CFLAGS) +AC_SUBST(TOR_SYSTEMD_LIBS) -if test "$enable_threads" = "yes"; then - AC_DEFINE(ENABLE_THREADS, 1, [Defined if we will try to use multithreading]) +if test "x$enable_systemd" = "xyes" -a "x$have_systemd" != "xyes" ; then + AC_MSG_ERROR([Explicitly requested systemd support, but systemd not found]) fi -case $host in +case "$host" in *-*-solaris* ) AC_DEFINE(_REENTRANT, 1, [Define on some platforms to activate x_r() functions in time.h]) ;; esac AC_ARG_ENABLE(gcc-warnings, - AS_HELP_STRING(--enable-gcc-warnings, enable verbose warnings)) + AS_HELP_STRING(--enable-gcc-warnings, [enable verbose warnings])) AC_ARG_ENABLE(gcc-warnings-advisory, AS_HELP_STRING(--enable-gcc-warnings-advisory, [enable verbose warnings, excluding -Werror])) dnl Others suggest '/gs /safeseh /nxcompat /dynamicbase' for non-gcc on Windows AC_ARG_ENABLE(gcc-hardening, - AS_HELP_STRING(--disable-gcc-hardening, disable compiler security checks)) + AS_HELP_STRING(--disable-gcc-hardening, [disable compiler security checks])) AC_ARG_ENABLE(expensive-hardening, - AS_HELP_STRING(--enable-expensive-hardening, enable more expensive compiler hardening; makes Tor slower)) + AS_HELP_STRING(--enable-expensive-hardening, [enable more expensive compiler hardening; makes Tor slower])) dnl Linker hardening options dnl Currently these options are ELF specific - you can't use this with MacOSX AC_ARG_ENABLE(linker-hardening, - AS_HELP_STRING(--disable-linker-hardening, disable linker security fixups)) + AS_HELP_STRING(--disable-linker-hardening, [disable linker security fixups])) AC_ARG_ENABLE(local-appdata, - AS_HELP_STRING(--enable-local-appdata, default to host local application data paths on Windows)) + AS_HELP_STRING(--enable-local-appdata, [default to host local application data paths on Windows])) if test "$enable_local_appdata" = "yes"; then AC_DEFINE(ENABLE_LOCAL_APPDATA, 1, [Defined if we default to host local appdata paths on Windows]) @@ -159,19 +168,22 @@ fi # Tor2web mode flag AC_ARG_ENABLE(tor2web-mode, - AS_HELP_STRING(--enable-tor2web-mode, support tor2web non-anonymous mode), -[if test x$enableval = xyes; then + AS_HELP_STRING(--enable-tor2web-mode, [support tor2web non-anonymous mode]), +[if test "x$enableval" = "xyes"; then CFLAGS="$CFLAGS -D ENABLE_TOR2WEB_MODE=1" fi]) AC_ARG_ENABLE(bufferevents, - AS_HELP_STRING(--enable-bufferevents, use Libevent's buffered IO.)) + AS_HELP_STRING(--enable-bufferevents, [use Libevent's buffered IO])) AC_ARG_ENABLE(tool-name-check, - AS_HELP_STRING(--disable-tool-name-check, check for sanely named toolchain when cross-compiling)) + AS_HELP_STRING(--disable-tool-name-check, [check for sanely named toolchain when cross-compiling])) AC_ARG_ENABLE(seccomp, - AS_HELP_STRING(--disable-seccomp, do not attempt to use libseccomp)) + AS_HELP_STRING(--disable-seccomp, [do not attempt to use libseccomp])) + +AC_ARG_ENABLE(libscrypt, + AS_HELP_STRING(--disable-libscrypt, [do not attempt to use libscrypt])) dnl check for the correct "ar" when cross-compiling AN_MAKEVAR([AR], [AC_PROG_AR]) @@ -185,10 +197,10 @@ dnl because that will find any cc on the system, not only the cross-compiler, dnl and then verify that a binary built with this compiler runs on the dnl build system. It will then come to the false conclusion that we're not dnl cross-compiling. -if test x$enable_tool_name_check != xno; then - if test x$ac_tool_warned = xyes; then +if test "x$enable_tool_name_check" != "xno"; then + if test "x$ac_tool_warned" = "xyes"; then AC_MSG_ERROR([We are cross compiling but could not find a properly named toolchain. Do you have your cross-compiling toolchain in PATH? (You can --disable-tool-name-check to ignore this.)]) - elif test "x$ac_ct_AR" != x -a x$cross_compiling = xmaybe; then + elif test "x$ac_ct_AR" != "x" -a "x$cross_compiling" = "xmaybe"; then AC_MSG_ERROR([We think we are cross compiling but could not find a properly named toolchain. Do you have your cross-compiling toolchain in PATH? (You can --disable-tool-name-check to ignore this.)]) fi fi @@ -198,6 +210,8 @@ AC_PROG_CPP AC_PROG_MAKE_SET AC_PROG_RANLIB +AC_PATH_PROG([PERL], [perl]) + dnl autoconf 2.59 appears not to support AC_PROG_SED AC_CHECK_PROG([SED],[sed],[sed],[/bin/false]) @@ -205,14 +219,15 @@ dnl check for asciidoc and a2x AC_PATH_PROG([ASCIIDOC], [asciidoc], none) AC_PATH_PROGS([A2X], [a2x a2x.py], none) -AM_CONDITIONAL(USE_ASCIIDOC, test x$asciidoc = xtrue) +AM_CONDITIONAL(USE_ASCIIDOC, test "x$asciidoc" = "xtrue") -AM_CONDITIONAL(USE_FW_HELPER, test x$natpmp = xtrue || test x$upnp = xtrue) -AM_CONDITIONAL(NAT_PMP, test x$natpmp = xtrue) -AM_CONDITIONAL(MINIUPNPC, test x$upnp = xtrue) +AM_CONDITIONAL(USE_FW_HELPER, test "x$natpmp" = "xtrue" || test "x$upnp" = "xtrue") +AM_CONDITIONAL(NAT_PMP, test "x$natpmp" = "xtrue") +AM_CONDITIONAL(MINIUPNPC, test "x$upnp" = "xtrue") AM_PROG_CC_C_O +AC_PROG_CC_C99 -AC_ARG_VAR(PYTHON) +AC_ARG_VAR([PYTHON], [path to Python binary]) AC_CHECK_PROGS(PYTHON, [python python2 python2.7 python3 python3.3]) if test "x$PYTHON" = "x"; then AC_MSG_WARN([Python unavailable; some tests will not be run.]) @@ -234,19 +249,38 @@ AC_C_FLEXIBLE_ARRAY_MEMBER ]), [tor_cv_c_flexarray=yes], [tor_cv_c_flexarray=no])]) - if test $tor_cv_flexarray = yes ; then + if test "$tor_cv_flexarray" = "yes"; then AC_DEFINE([FLEXIBLE_ARRAY_MEMBER], [], [Define to nothing if C supports flexible array members, and to 1 if it does not.]) else AC_DEFINE([FLEXIBLE_ARRAY_MEMBER], [1], [Define to nothing if C supports flexible array members, and to 1 if it does not.]) fi ]) -AC_PATH_PROG([SHA1SUM], [sha1sum], none) -AC_PATH_PROG([OPENSSL], [openssl], none) +AC_CACHE_CHECK([for working C99 mid-block declaration syntax], + tor_cv_c_c99_decl, + [AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([], [int x; x = 3; int y; y = 4 + x;])], + [tor_cv_c_c99_decl=yes], + [tor_cv_c_c99_decl=no] )]) +if test "$tor_cv_c_c99_decl" != "yes"; then + AC_MSG_ERROR([Your compiler doesn't support c99 mid-block declarations. This is required as of Tor 0.2.6.x]) +fi + +AC_CACHE_CHECK([for working C99 designated initializers], + tor_cv_c_c99_designated_init, + [AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([struct s { int a; int b; };], + [[ struct s ss = { .b = 5, .a = 6 }; ]])], + [tor_cv_c_c99_designated_init=yes], + [tor_cv_c_c99_designated_init=no] )]) + +if test "$tor_cv_c_c99_designated_init" != "yes"; then + AC_MSG_ERROR([Your compiler doesn't support c99 designated initializers. This is required as of Tor 0.2.6.x]) +fi TORUSER=_tor AC_ARG_WITH(tor-user, - [ --with-tor-user=NAME Specify username for tor daemon ], + AS_HELP_STRING(--with-tor-user=NAME, [specify username for tor daemon]), [ TORUSER=$withval ] @@ -255,7 +289,7 @@ AC_SUBST(TORUSER) TORGROUP=_tor AC_ARG_WITH(tor-group, - [ --with-tor-group=NAME Specify group name for tor daemon ], + AS_HELP_STRING(--with-tor-group=NAME, [specify group name for tor daemon]), [ TORGROUP=$withval ] @@ -282,7 +316,7 @@ bwin32=false; AC_MSG_RESULT([no]), bwin32=cross; AC_MSG_RESULT([cross]) ) -if test "$bwin32" = cross; then +if test "$bwin32" = "cross"; then AC_MSG_CHECKING([for win32 (cross)]) AC_COMPILE_IFELSE([AC_LANG_SOURCE([ #ifdef _WIN32 @@ -296,7 +330,27 @@ bwin32=true; AC_MSG_RESULT([yes]), bwin32=false; AC_MSG_RESULT([no])) fi -AM_CONDITIONAL(BUILD_NT_SERVICES, test x$bwin32 = xtrue) +AH_BOTTOM([ +#ifdef _WIN32 +/* Defined to access windows functions and definitions for >=WinXP */ +# ifndef WINVER +# define WINVER 0x0501 +# endif + +/* Defined to access _other_ windows functions and definitions for >=WinXP */ +# ifndef _WIN32_WINNT +# define _WIN32_WINNT 0x0501 +# endif + +/* Defined to avoid including some windows headers as part of Windows.h */ +# ifndef WIN32_LEAN_AND_MEAN +# define WIN32_LEAN_AND_MEAN 1 +# endif +#endif +]) + + +AM_CONDITIONAL(BUILD_NT_SERVICES, test "x$bwin32" = "xtrue") dnl Enable C99 when compiling with MIPSpro AC_MSG_CHECKING([for MIPSpro compiler]) @@ -309,7 +363,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM(, [ bmipspro=false; AC_MSG_RESULT(no), bmipspro=true; AC_MSG_RESULT(yes)) -if test "$bmipspro" = true; then +if test "$bmipspro" = "true"; then CFLAGS="$CFLAGS -c99" fi @@ -319,6 +373,7 @@ AC_SEARCH_LIBS(socket, [socket network]) AC_SEARCH_LIBS(gethostbyname, [nsl]) AC_SEARCH_LIBS(dlopen, [dl]) AC_SEARCH_LIBS(inet_aton, [resolv]) +AC_SEARCH_LIBS(backtrace, [execinfo]) saved_LIBS="$LIBS" AC_SEARCH_LIBS([clock_gettime], [rt]) if test "$LIBS" != "$saved_LIBS"; then @@ -326,28 +381,31 @@ if test "$LIBS" != "$saved_LIBS"; then have_rt=yes fi -if test "$enable_threads" = "yes"; then - AC_SEARCH_LIBS(pthread_create, [pthread]) - AC_SEARCH_LIBS(pthread_detach, [pthread]) -fi +AC_SEARCH_LIBS(pthread_create, [pthread]) +AC_SEARCH_LIBS(pthread_detach, [pthread]) -dnl ------------------------------------------------------------------- -dnl Check for functions before libevent, since libevent-1.2 apparently -dnl exports strlcpy without defining it in a header. +AM_CONDITIONAL(THREADS_WIN32, test "$bwin32" = "true") +AM_CONDITIONAL(THREADS_PTHREADS, test "$bwin32" = "false") AC_CHECK_FUNCS( _NSGetEnviron \ + RtlSecureZeroMemory \ + SecureZeroMemory \ accept4 \ backtrace \ backtrace_symbols_fd \ - clock_gettime \ + eventfd \ + explicit_bzero \ + timingsafe_memcmp \ flock \ ftime \ getaddrinfo \ getifaddrs \ + getpass \ getrlimit \ gettimeofday \ gmtime_r \ + htonll \ inet_aton \ ioctl \ issetugid \ @@ -355,32 +413,78 @@ AC_CHECK_FUNCS( localtime_r \ lround \ memmem \ + memset_s \ + pipe \ + pipe2 \ prctl \ + readpassphrase \ rint \ sigaction \ socketpair \ + statvfs \ strlcat \ strlcpy \ + strnlen \ strptime \ strtok_r \ strtoull \ sysconf \ sysctl \ uname \ - usleep \ + usleep \ vasprintf \ _vscprintf ) -if test "$enable_threads" = "yes"; then +# Apple messed up when they added two functions functions in Sierra: they +# forgot to decorate them with appropriate AVAILABLE_MAC_OS_VERSION +# checks. So we should only probe for those functions if we are sure that we +# are not targetting OSX 10.11 or earlier. +AC_MSG_CHECKING([for a pre-Sierra OSX build target]) +AC_TRY_COMPILE([ +#ifdef __APPLE__ +# include <AvailabilityMacros.h> +# ifndef MAC_OS_VERSION_10_12 +# define MAC_OS_VERSION_10_12 101200 +# endif +# if defined(MAC_OS_X_VERSION_MIN_REQUIRED) +# if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_VERSION_10_12 +# error "Running on Mac OSX 10.11 or earlier" +# endif +# endif +#endif +], [], + [on_macos_pre_10_12=no ; AC_MSG_RESULT([no])], + [on_macos_pre_10_12=yes; AC_MSG_RESULT([yes])]) + +if test "$on_macos_pre_10_12" = "no"; then + AC_CHECK_FUNCS( + clock_gettime \ + getentropy \ + ) +fi + +if test "$bwin32" != "true"; then AC_CHECK_HEADERS(pthread.h) AC_CHECK_FUNCS(pthread_create) + AC_CHECK_FUNCS(pthread_condattr_setclock) fi +if test "$bwin32" = "true"; then + AC_CHECK_DECLS([SecureZeroMemory, _getwch], , , [ +#include <windows.h> +#include <conio.h> +#include <wchar.h> + ]) +fi + +AM_CONDITIONAL(BUILD_READPASSPHRASE_C, + test "x$ac_cv_func_readpassphrase" = "xno" && test "$bwin32" = "false") + dnl ------------------------------------------------------ dnl Where do you live, libevent? And how do we call you? -if test "$bwin32" = true; then +if test "$bwin32" = "true"; then TOR_LIB_WS32=-lws2_32 TOR_LIB_IPHLPAPI=-liphlpapi # Some of the cargo-cults recommend -lwsock32 as well, but I don't @@ -394,15 +498,6 @@ AC_SUBST(TOR_LIB_WS32) AC_SUBST(TOR_LIB_GDI) AC_SUBST(TOR_LIB_IPHLPAPI) -dnl We need to do this before we try our disgusting hack below. -AC_CHECK_HEADERS([sys/types.h]) - -dnl This is a disgusting hack so we safely include older libevent headers. -AC_CHECK_TYPE(u_int64_t, unsigned long long) -AC_CHECK_TYPE(u_int32_t, unsigned long) -AC_CHECK_TYPE(u_int16_t, unsigned short) -AC_CHECK_TYPE(u_int8_t, unsigned char) - tor_libevent_pkg_redhat="libevent" tor_libevent_pkg_debian="libevent-dev" tor_libevent_devpkg_redhat="libevent-devel" @@ -412,7 +507,7 @@ dnl On Gnu/Linux or any place we require it, we'll add librt to the Libevent dnl linking for static builds. STATIC_LIBEVENT_FLAGS="" if test "$enable_static_libevent" = "yes"; then - if test "$have_rt" = yes; then + if test "$have_rt" = "yes"; then STATIC_LIBEVENT_FLAGS=" -lrt " fi fi @@ -421,19 +516,18 @@ TOR_SEARCH_LIBRARY(libevent, $trylibeventdir, [-levent $STATIC_LIBEVENT_FLAGS $T #ifdef _WIN32 #include <winsock2.h> #endif -#include <stdlib.h> #include <sys/time.h> #include <sys/types.h> #include <event.h>], [ #ifdef _WIN32 #include <winsock2.h> #endif -void exit(int); void *event_init(void);], +void *event_init(void);], [ #ifdef _WIN32 {WSADATA d; WSAStartup(0x101,&d); } #endif -event_init(); exit(0); +event_init(); ], [--with-libevent-dir], [/opt/libevent]) dnl Now check for particular libevent functions. @@ -443,25 +537,20 @@ save_CPPFLAGS="$CPPFLAGS" LIBS="-levent $STATIC_LIBEVENT_FLAGS $TOR_LIB_WS32 $LIBS" LDFLAGS="$TOR_LDFLAGS_libevent $LDFLAGS" CPPFLAGS="$TOR_CPPFLAGS_libevent $CPPFLAGS" -AC_CHECK_FUNCS([event_get_version \ - event_get_version_number \ - event_get_method \ - event_set_log_callback \ +AC_CHECK_FUNCS([event_get_version_number \ evutil_secure_rng_set_urandom_device_file \ evutil_secure_rng_init \ - event_base_loopexit]) + ]) AC_CHECK_MEMBERS([struct event.min_heap_idx], , , [#include <event.h> ]) AC_CHECK_HEADERS(event2/event.h event2/dns.h event2/bufferevent_ssl.h) -LIBS="$save_LIBS" -LDFLAGS="$save_LDFLAGS" -CPPFLAGS="$save_CPPFLAGS" - +LIBS="$STATIC_LIBEVENT_FLAGS $TOR_LIB_WS32 $save_LIBS" -AM_CONDITIONAL(USE_EXTERNAL_EVDNS, test x$ac_cv_header_event2_dns_h = xyes) +AM_CONDITIONAL(USE_EXTERNAL_EVDNS, + test "x$ac_cv_header_event2_dns_h" = "xyes") if test "$enable_static_libevent" = "yes"; then if test "$tor_cv_library_libevent_dir" = "(system)"; then @@ -470,13 +559,29 @@ if test "$enable_static_libevent" = "yes"; then TOR_LIBEVENT_LIBS="$TOR_LIBDIR_libevent/libevent.a $STATIC_LIBEVENT_FLAGS" fi else - TOR_LIBEVENT_LIBS="-levent" + if test "x$ac_cv_header_event2_event_h" = "xyes"; then + AC_SEARCH_LIBS(event_new, [event event_core], , AC_MSG_ERROR("libevent2 is installed but linking it failed while searching for event_new")) + AC_SEARCH_LIBS(evdns_base_new, [event event_extra], , AC_MSG_ERROR("libevent2 is installed but linking it failed while searching for evdns_base_new")) + + if test "$ac_cv_search_event_new" != "none required"; then + TOR_LIBEVENT_LIBS="$ac_cv_search_event_new" + fi + if test "$ac_cv_search_evdns_base_new" != "none required"; then + TOR_LIBEVENT_LIBS="$ac_cv_search_evdns_base_new $TOR_LIBEVENT_LIBS" + fi + else + TOR_LIBEVENT_LIBS="-levent" + fi fi +LIBS="$save_LIBS" +LDFLAGS="$save_LDFLAGS" +CPPFLAGS="$save_CPPFLAGS" + dnl This isn't the best test for Libevent 2.0.3-alpha. Once it's released, dnl we can do much better. -if test "$enable_bufferevents" = "yes" ; then - if test "$ac_cv_header_event2_bufferevent_ssl_h" != "yes" ; then +if test "$enable_bufferevents" = "yes"; then + if test "$ac_cv_header_event2_bufferevent_ssl_h" != "yes"; then AC_MSG_ERROR([You've asked for bufferevent support, but you're using a version of Libevent without SSL support. This won't work. We need Libevent 2.0.8-rc or later, and you don't seem to even have Libevent 2.0.3-alpha.]) else @@ -494,7 +599,7 @@ int x = 1; #endif ])], [event_version_number_works=yes; AC_MSG_RESULT([yes]) ], [event_version_number_works=no; AC_MSG_RESULT([no])]) - if test "$event_version_number_works" != 'yes'; then + if test "$event_version_number_works" != "yes"; then AC_MSG_WARN([Version detection on Libevent seems broken. Your Libevent installation is probably screwed up or very old.]) else AC_MSG_CHECKING([whether Libevent is new enough for bufferevents]) @@ -552,9 +657,9 @@ tor_openssl_devpkg_debian="libssl-dev" ALT_openssl_WITHVAL="" AC_ARG_WITH(ssl-dir, - [ --with-ssl-dir=PATH Obsolete alias for --with-openssl-dir ], + AS_HELP_STRING(--with-ssl-dir=PATH, [obsolete alias for --with-openssl-dir]), [ - if test "x$withval" != xno && test "x$withval" != "x" ; then + if test "x$withval" != "xno" && test "x$withval" != "x"; then ALT_openssl_WITHVAL="$withval" fi ]) @@ -562,7 +667,7 @@ AC_ARG_WITH(ssl-dir, TOR_SEARCH_LIBRARY(openssl, $tryssldir, [-lssl -lcrypto $TOR_LIB_GDI], [#include <openssl/rand.h>], [void RAND_add(const void *buf, int num, double entropy);], - [RAND_add((void*)0,0,0); exit(0);], [], + [RAND_add((void*)0,0,0);], [], [/usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/athena /opt/openssl]) dnl XXXX check for OPENSSL_VERSION_NUMBER == SSLeay() @@ -578,10 +683,56 @@ else fi AC_SUBST(TOR_OPENSSL_LIBS) +dnl Now check for particular openssl functions. +save_LIBS="$LIBS" +save_LDFLAGS="$LDFLAGS" +save_CPPFLAGS="$CPPFLAGS" +LIBS="$TOR_OPENSSL_LIBS $LIBS" +LDFLAGS="$TOR_LDFLAGS_openssl $LDFLAGS" +CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS" + +AC_TRY_COMPILE([ +#include <openssl/opensslv.h> +#if OPENSSL_VERSION_NUMBER < 0x1000000fL +#error "too old" +#endif + ], [], + [ : ], + [ AC_ERROR([OpenSSL is too old. We require 1.0.0 or later. You can specify a path to a newer one with --with-openssl-dir.]) ]) + +AC_TRY_COMPILE([ +#include <openssl/opensslv.h> +#include <openssl/evp.h> +#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_ECDSA) +#error "no ECC" +#endif +#if !defined(NID_X9_62_prime256v1) || !defined(NID_secp224r1) +#error "curves unavailable" +#endif + ], [], + [ : ], + [ AC_ERROR([OpenSSL is built without full ECC support, including curves P256 and P224. You can specify a path to one with ECC support with --with-openssl-dir.]) ]) + AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , , [#include <openssl/ssl.h> ]) +AC_CHECK_FUNCS([ \ + SSL_SESSION_get_master_key \ + SSL_get_server_random \ + SSL_get_client_ciphers \ + SSL_get_client_random \ + SSL_CIPHER_find \ + TLS_method + ]) + +dnl Check if OpenSSL has scrypt implementation. +AC_CHECK_FUNCS([ EVP_PBE_scrypt ]) + +LIBS="$save_LIBS" +LDFLAGS="$save_LDFLAGS" +CPPFLAGS="$save_CPPFLAGS" + dnl ------------------------------------------------------ dnl Where do you live, zlib? And how do we call you? @@ -593,7 +744,7 @@ tor_zlib_devpkg_debian="zlib1g-dev" TOR_SEARCH_LIBRARY(zlib, $tryzlibdir, [-lz], [#include <zlib.h>], [const char * zlibVersion(void);], - [zlibVersion(); exit(0);], [--with-zlib-dir], + [zlibVersion();], [--with-zlib-dir], [/opt/zlib]) if test "$enable_static_zlib" = "yes"; then @@ -608,6 +759,19 @@ else fi AC_SUBST(TOR_ZLIB_LIBS) +dnl ---------------------------------------------------------------------- +dnl Check if libcap is available for capabilities. + +tor_cap_pkg_debian="libcap2" +tor_cap_pkg_redhat="libcap" +tor_cap_devpkg_debian="libcap-dev" +tor_cap_devpkg_redhat="libcap-devel" + +AC_CHECK_LIB([cap], [cap_init], [], + AC_MSG_NOTICE([Libcap was not found. Capabilities will not be usable.]) +) +AC_CHECK_FUNCS(cap_set_proc) + dnl --------------------------------------------------------------------- dnl Now that we know about our major libraries, we can check for compiler dnl and linker hardening options. We need to do this with the libraries known, @@ -615,26 +779,27 @@ dnl since sometimes the linker will like an option but not be willing to dnl use it with a build of a library. all_ldflags_for_check="$TOR_LDFLAGS_zlib $TOR_LDFLAGS_openssl $TOR_LDFLAGS_libevent" -all_libs_for_check="$TOR_ZLIB_LIBS $TOR_LIB_MATH $TOR_LIBEVENT_LIBS $TOR_OPENSSL_LIBS $TOR_LIB_WS32 $TOR_LIB_GDI" +all_libs_for_check="$TOR_ZLIB_LIBS $TOR_LIB_MATH $TOR_LIBEVENT_LIBS $TOR_OPENSSL_LIBS $TOR_SYSTEMD_LIBS $TOR_LIB_WS32 $TOR_LIB_GDI $TOR_CAP_LIBS" AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [ #if !defined(__clang__) #error #endif])], have_clang=yes, have_clang=no) -if test x$enable_gcc_hardening != xno; then - CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2" - if test x$have_clang = xyes; then +if test "x$enable_gcc_hardening" != "xno"; then + CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2" + if test "x$have_clang" = "xyes"; then TOR_CHECK_CFLAGS(-Qunused-arguments) fi TOR_CHECK_CFLAGS(-fstack-protector-all, also_link) AS_VAR_PUSHDEF([can_compile], [tor_cv_cflags_-fstack-protector-all]) AS_VAR_PUSHDEF([can_link], [tor_can_link_-fstack-protector-all]) +m4_ifdef([AS_VAR_IF],[ AS_VAR_IF(can_compile, [yes], AS_VAR_IF(can_link, [yes], [], AC_MSG_ERROR([We tried to build with stack protection; it looks like your compiler supports it but your libc does not provide it. Are you missing libssp? (You can --disable-gcc-hardening to ignore this error.)])) - ) + )]) AS_VAR_POPDEF([can_link]) AS_VAR_POPDEF([can_compile]) TOR_CHECK_CFLAGS(-Wstack-protector) @@ -646,13 +811,13 @@ if test x$enable_gcc_hardening != xno; then fi fi -if test x$enable_expensive_hardening = xyes ; then +if test "x$enable_expensive_hardening" = "xyes"; then TOR_CHECK_CFLAGS([-fsanitize=address]) TOR_CHECK_CFLAGS([-fsanitize=undefined]) TOR_CHECK_CFLAGS([-fno-omit-frame-pointer]) fi -if test x$enable_linker_hardening != xno; then +if test "x$enable_linker_hardening" != "xno"; then TOR_CHECK_LDFLAGS(-z relro -z now, "$all_ldflags_for_check", "$all_libs_for_check") fi @@ -666,7 +831,7 @@ saved_CFLAGS="$CFLAGS" TOR_CHECK_CFLAGS(-fomit-frame-pointer) F_OMIT_FRAME_POINTER='' if test "$saved_CFLAGS" != "$CFLAGS"; then - if test x$enable_expensive_hardening != xyes ; then + if test "x$enable_expensive_hardening" != "xyes"; then F_OMIT_FRAME_POINTER='-fomit-frame-pointer' fi fi @@ -680,65 +845,6 @@ dnl we should try to add -fasynchronous-unwind-tables so that our backtrace dnl code will work. TOR_CHECK_CFLAGS(-fasynchronous-unwind-tables) -dnl ------------------------------------------------------ -dnl Where do you live, libnatpmp? And how do we call you? -dnl There are no packages for Debian or Redhat as of this patch - -if test "$natpmp" = "true"; then - AC_DEFINE(NAT_PMP, 1, [Define to 1 if we are building with nat-pmp.]) - TOR_SEARCH_LIBRARY(libnatpmp, $trylibnatpmpdir, [-lnatpmp $TOR_LIB_WS32 $TOR_LIB_IPHLPAPI], - [#include <natpmp.h>], - [#ifdef _WIN32 - #define STATICLIB - #endif - #include <natpmp.h>], - [ int r; - natpmp_t natpmp; - natpmpresp_t response; - r = initnatpmp(&natpmp, 0, 0);], - [printf("initnatpmp() returned %d (%s)\n", r, r?"FAILED":"SUCCESS"); - exit(0);], - [--with-libnatpmp-dir], - [/usr/lib/]) -fi - - -dnl ------------------------------------------------------ -dnl Where do you live, libminiupnpc? And how do we call you? -dnl There are no packages for Debian or Redhat as of this patch - -if test "$upnp" = "true"; then - AC_DEFINE(MINIUPNPC, 1, [Define to 1 if we are building with UPnP.]) - - dnl Before we call TOR_SEARCH_LIBRARY we'll do a quick compile test - dnl to see if we have miniupnpc-1.5 or -1.6 - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <miniupnpc/miniupnpc.h>], - [upnpDiscover(1, 0, 0, 0);exit(0);])],[miniupnpc15="true"],[miniupnpc15="false"]) - - if test "$miniupnpc15" = "true" ; then - AC_DEFINE([MINIUPNPC15],[1],[libminiupnpc version 1.5 found]) - TOR_SEARCH_LIBRARY(libminiupnpc, $trylibminiupnpcdir, [-lminiupnpc $TOR_LIB_WS32 $TOR_LIB_IPHLPAPI], - [#include <miniupnpc/miniwget.h> - #include <miniupnpc/miniupnpc.h> - #include <miniupnpc/upnpcommands.h>], - [void upnpDiscover(int delay, const char * multicastif, - const char * minissdpdsock, int sameport);], - [upnpDiscover(1, 0, 0, 0); exit(0);], - [--with-libminiupnpc-dir], - [/usr/lib/]) - else - TOR_SEARCH_LIBRARY(libminiupnpc, $trylibminiupnpcdir, [-lminiupnpc $TOR_LIB_WS32 $TOR_LIB_IPHLPAPI], - [#include <miniupnpc/miniwget.h> - #include <miniupnpc/miniupnpc.h> - #include <miniupnpc/upnpcommands.h>], - [void upnpDiscover(int delay, const char * multicastif, - const char * minissdpdsock, int sameport, int ipv6, int * error);], - [upnpDiscover(1, 0, 0, 0, 0, 0); exit(0);], - [--with-libminiupnpc-dir], - [/usr/lib/]) - fi -fi - dnl ============================================================ dnl Check for libseccomp @@ -748,115 +854,116 @@ if test "x$enable_seccomp" != "xno"; then fi dnl ============================================================ +dnl Check for libscrypt + +if test "x$enable_libscrypt" != "xno"; then + AC_CHECK_HEADERS([libscrypt.h]) + AC_SEARCH_LIBS(libscrypt_scrypt, [scrypt]) + AC_CHECK_FUNCS([libscrypt_scrypt]) +fi + +dnl ============================================================ dnl We need an implementation of curve25519. dnl set these defaults. -have_a_curve25519=no build_curve25519_donna=no build_curve25519_donna_c64=no use_curve25519_donna=no use_curve25519_nacl=no CURVE25519_LIBS= -if test x$enable_curve25519 != xno; then - - dnl The best choice is using curve25519-donna-c64, but that requires - dnl that we - AC_CACHE_CHECK([whether we can use curve25519-donna-c64], - tor_cv_can_use_curve25519_donna_c64, - [AC_RUN_IFELSE( - [AC_LANG_PROGRAM([dnl - #include <stdint.h> - typedef unsigned uint128_t __attribute__((mode(TI))); - int func(uint64_t a, uint64_t b) { - uint128_t c = ((uint128_t)a) * b; - int ok = ((uint64_t)(c>>96)) == 522859 && - (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L && - (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L && - (((uint64_t)(c))&0xffffffffL) == 0; - return ok; - } - ], [dnl - int ok = func( ((uint64_t)2000000000) * 1000000000, - ((uint64_t)1234567890) << 24); - return !ok; - ])], - [tor_cv_can_use_curve25519_donna_c64=yes], - [tor_cv_can_use_curve25519_donna_c64=no], - [AC_LINK_IFELSE( - [AC_LANG_PROGRAM([dnl - #include <stdint.h> - typedef unsigned uint128_t __attribute__((mode(TI))); - int func(uint64_t a, uint64_t b) { - uint128_t c = ((uint128_t)a) * b; - int ok = ((uint64_t)(c>>96)) == 522859 && - (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L && - (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L && - (((uint64_t)(c))&0xffffffffL) == 0; - return ok; - } - ], [dnl - int ok = func( ((uint64_t)2000000000) * 1000000000, - ((uint64_t)1234567890) << 24); - return !ok; - ])], - [tor_cv_can_use_curve25519_donna_c64=cross], - [tor_cv_can_use_curve25519_donna_c64=no])])]) - - AC_CHECK_HEADERS([crypto_scalarmult_curve25519.h \ - nacl/crypto_scalarmult_curve25519.h]) - - AC_CACHE_CHECK([for nacl compiled with a fast curve25519 implementation], - tor_cv_can_use_curve25519_nacl, - [tor_saved_LIBS="$LIBS" - LIBS="$LIBS -lnacl" - AC_LINK_IFELSE( - [AC_LANG_PROGRAM([dnl - #ifdef HAVE_CRYPTO_SCALARMULT_CURVE25519_H - #include <crypto_scalarmult_curve25519.h> - #elif defined(HAVE_NACL_CRYPTO_SCALARMULT_CURVE25519_H) - #include <nacl/crypto_scalarmult_curve25519.h> - #endif - #ifdef crypto_scalarmult_curve25519_ref_BYTES - #error Hey, this is the reference implementation! That's not fast. - #endif - ], [ - unsigned char *a, *b, *c; crypto_scalarmult_curve25519(a,b,c); - ])], [tor_cv_can_use_curve25519_nacl=yes], - [tor_cv_can_use_curve25519_nacl=no]) - LIBS="$tor_saved_LIBS" ]) - - dnl Okay, now we need to figure out which one to actually use. Fall back - dnl to curve25519-donna.c - - if test x$tor_cv_can_use_curve25519_donna_c64 != xno; then - build_curve25519_donna_c64=yes - use_curve25519_donna=yes - elif test x$tor_cv_can_use_curve25519_nacl = xyes; then - use_curve25519_nacl=yes - CURVE25519_LIBS=-lnacl - else - build_curve25519_donna=yes - use_curve25519_donna=yes - fi - have_a_curve25519=yes -fi +dnl The best choice is using curve25519-donna-c64, but that requires +dnl that we +AC_CACHE_CHECK([whether we can use curve25519-donna-c64], + tor_cv_can_use_curve25519_donna_c64, + [AC_RUN_IFELSE( + [AC_LANG_PROGRAM([dnl + #include <stdint.h> + typedef unsigned uint128_t __attribute__((mode(TI))); + int func(uint64_t a, uint64_t b) { + uint128_t c = ((uint128_t)a) * b; + int ok = ((uint64_t)(c>>96)) == 522859 && + (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L && + (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L && + (((uint64_t)(c))&0xffffffffL) == 0; + return ok; + } + ], [dnl + int ok = func( ((uint64_t)2000000000) * 1000000000, + ((uint64_t)1234567890) << 24); + return !ok; + ])], + [tor_cv_can_use_curve25519_donna_c64=yes], + [tor_cv_can_use_curve25519_donna_c64=no], + [AC_LINK_IFELSE( + [AC_LANG_PROGRAM([dnl + #include <stdint.h> + typedef unsigned uint128_t __attribute__((mode(TI))); + int func(uint64_t a, uint64_t b) { + uint128_t c = ((uint128_t)a) * b; + int ok = ((uint64_t)(c>>96)) == 522859 && + (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L && + (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L && + (((uint64_t)(c))&0xffffffffL) == 0; + return ok; + } + ], [dnl + int ok = func( ((uint64_t)2000000000) * 1000000000, + ((uint64_t)1234567890) << 24); + return !ok; + ])], + [tor_cv_can_use_curve25519_donna_c64=cross], + [tor_cv_can_use_curve25519_donna_c64=no])])]) + +AC_CHECK_HEADERS([crypto_scalarmult_curve25519.h \ + nacl/crypto_scalarmult_curve25519.h]) + +AC_CACHE_CHECK([for nacl compiled with a fast curve25519 implementation], + tor_cv_can_use_curve25519_nacl, + [tor_saved_LIBS="$LIBS" + LIBS="$LIBS -lnacl" + AC_LINK_IFELSE( + [AC_LANG_PROGRAM([dnl + #ifdef HAVE_CRYPTO_SCALARMULT_CURVE25519_H + #include <crypto_scalarmult_curve25519.h> + #elif defined(HAVE_NACL_CRYPTO_SCALARMULT_CURVE25519_H) + #include <nacl/crypto_scalarmult_curve25519.h> + #endif + #ifdef crypto_scalarmult_curve25519_ref_BYTES + #error Hey, this is the reference implementation! That's not fast. + #endif + ], [ + unsigned char *a, *b, *c; crypto_scalarmult_curve25519(a,b,c); + ])], [tor_cv_can_use_curve25519_nacl=yes], + [tor_cv_can_use_curve25519_nacl=no]) + LIBS="$tor_saved_LIBS" ]) + + dnl Okay, now we need to figure out which one to actually use. Fall back + dnl to curve25519-donna.c + + if test "x$tor_cv_can_use_curve25519_donna_c64" != "xno"; then + build_curve25519_donna_c64=yes + use_curve25519_donna=yes + elif test "x$tor_cv_can_use_curve25519_nacl" = "xyes"; then + use_curve25519_nacl=yes + CURVE25519_LIBS=-lnacl + else + build_curve25519_donna=yes + use_curve25519_donna=yes + fi -if test x$have_a_curve25519 = xyes; then - AC_DEFINE(CURVE25519_ENABLED, 1, - [Defined if we have a curve25519 implementation]) -fi -if test x$use_curve25519_donna = xyes; then +if test "x$use_curve25519_donna" = "xyes"; then AC_DEFINE(USE_CURVE25519_DONNA, 1, [Defined if we should use an internal curve25519_donna{,_c64} implementation]) fi -if test x$use_curve25519_nacl = xyes; then +if test "x$use_curve25519_nacl" = "xyes"; then AC_DEFINE(USE_CURVE25519_NACL, 1, [Defined if we should use a curve25519 from nacl]) fi -AM_CONDITIONAL(BUILD_CURVE25519_DONNA, test x$build_curve25519_donna = xyes) -AM_CONDITIONAL(BUILD_CURVE25519_DONNA_C64, test x$build_curve25519_donna_c64 = xyes) -AM_CONDITIONAL(CURVE25519_ENABLED, test x$have_a_curve25519 = xyes) +AM_CONDITIONAL(BUILD_CURVE25519_DONNA, + test "x$build_curve25519_donna" = "xyes") +AM_CONDITIONAL(BUILD_CURVE25519_DONNA_C64, + test "x$build_curve25519_donna_c64" = "xyes") AC_SUBST(CURVE25519_LIBS) dnl Make sure to enable support for large off_t if available. @@ -868,6 +975,7 @@ AC_CHECK_HEADERS( fcntl.h \ signal.h \ string.h \ + sys/capability.h \ sys/fcntl.h \ sys/stat.h \ sys/time.h \ @@ -895,7 +1003,9 @@ AC_CHECK_HEADERS( netinet/in.h \ netinet/in6.h \ pwd.h \ + readpassphrase.h \ stdint.h \ + sys/eventfd.h \ sys/file.h \ sys/ioctl.h \ sys/limits.h \ @@ -905,6 +1015,8 @@ AC_CHECK_HEADERS( sys/resource.h \ sys/select.h \ sys/socket.h \ + sys/statvfs.h \ + sys/syscall.h \ sys/sysctl.h \ sys/syslimits.h \ sys/time.h \ @@ -934,7 +1046,18 @@ AC_CHECK_HEADERS(net/pfvar.h, net_pfvar_found=1, net_pfvar_found=0, #endif #ifdef HAVE_NET_IF_H #include <net/if.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> #endif]) + +AC_CHECK_HEADERS(linux/if.h,[],[], +[ +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +]) + AC_CHECK_HEADERS(linux/netfilter_ipv4.h, linux_netfilter_ipv4=1, linux_netfilter_ipv4=0, [#ifdef HAVE_SYS_TYPES_H @@ -956,17 +1079,44 @@ AC_CHECK_HEADERS(linux/netfilter_ipv4.h, #include <netinet/in.h> #endif]) -if test x$transparent = xtrue ; then +AC_CHECK_HEADERS(linux/netfilter_ipv6/ip6_tables.h, + linux_netfilter_ipv6_ip6_tables=1, linux_netfilter_ipv6_ip6_tables=0, +[#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_LIMITS_H +#include <limits.h> +#endif +#ifdef HAVE_LINUX_TYPES_H +#include <linux/types.h> +#endif +#ifdef HAVE_NETINET_IN6_H +#include <netinet/in6.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_LINUX_IF_H +#include <linux/if.h> +#endif]) + +if test "x$transparent" = "xtrue"; then transparent_ok=0 - if test x$net_if_found = x1 && test x$net_pfvar_found = x1 ; then + if test "x$net_if_found" = "x1" && test "x$net_pfvar_found" = "x1"; then + transparent_ok=1 + fi + if test "x$linux_netfilter_ipv4" = "x1"; then transparent_ok=1 fi - if test x$linux_netfilter_ipv4 = x1 ; then + if test "x$linux_netfilter_ipv6_ip6_tables" = "x1"; then transparent_ok=1 fi - if test x$transparent_ok = x1 ; then + if test "x$transparent_ok" = "x1"; then AC_DEFINE(USE_TRANSPARENT, 1, "Define to enable transparent proxy support") - case $host in + case "$host" in *-*-openbsd* | *-*-bitrig*) AC_DEFINE(OPENBSD, 1, "Define to handle pf on OpenBSD properly") ;; esac @@ -1012,7 +1162,7 @@ AC_CHECK_SIZEOF(pid_t) AC_CHECK_TYPES([uint, u_char, ssize_t]) -AC_PC_FROM_UCONTEXT([/bin/true]) +AC_PC_FROM_UCONTEXT([:]) dnl used to include sockaddr_storage, but everybody has that. AC_CHECK_TYPES([struct in6_addr, struct sockaddr_in6, sa_family_t], , , @@ -1031,13 +1181,9 @@ AC_CHECK_TYPES([struct in6_addr, struct sockaddr_in6, sa_family_t], , , #ifdef _WIN32 #define _WIN32_WINNT 0x0501 #define WIN32_LEAN_AND_MEAN -#if defined(_MSC_VER) && (_MSC_VER < 1300) -#include <winsock.h> -#else #include <winsock2.h> #include <ws2tcpip.h> #endif -#endif ]) AC_CHECK_MEMBERS([struct in6_addr.s6_addr32, struct in6_addr.s6_addr16, struct sockaddr_in.sin_len, struct sockaddr_in6.sin6_len], , , [#ifdef HAVE_SYS_TYPES_H @@ -1055,13 +1201,9 @@ AC_CHECK_MEMBERS([struct in6_addr.s6_addr32, struct in6_addr.s6_addr16, struct s #ifdef _WIN32 #define _WIN32_WINNT 0x0501 #define WIN32_LEAN_AND_MEAN -#if defined(_MSC_VER) && (_MSC_VER < 1300) -#include <winsock.h> -#else #include <winsock2.h> #include <ws2tcpip.h> #endif -#endif ]) AC_CHECK_TYPES([rlim_t], , , @@ -1077,7 +1219,7 @@ AC_CHECK_TYPES([rlim_t], , , ]) AX_CHECK_SIGN([time_t], - [ AC_DEFINE(TIME_T_IS_SIGNED, 1, [Define if time_t is signed]) ], + [ : ], [ : ], [ #ifdef HAVE_SYS_TYPES_H #include <sys/types.h> @@ -1090,8 +1232,8 @@ AX_CHECK_SIGN([time_t], #endif ]) -if test "$ax_cv_decl_time_t_signed" = no; then - AC_MSG_WARN([You have an unsigned time_t; some things will probably break. Please tell the Tor developers about your interesting platform.]) +if test "$ax_cv_decl_time_t_signed" = "no"; then + AC_MSG_ERROR([You have an unsigned time_t; Tor does not support that. Please tell the Tor developers about your interesting platform.]) fi AX_CHECK_SIGN([size_t], @@ -1102,7 +1244,7 @@ AX_CHECK_SIGN([size_t], #endif ]) -if test "$ax_cv_decl_size_t_signed" = yes; then +if test "$ax_cv_decl_size_t_signed" = "yes"; then AC_MSG_ERROR([You have a signed size_t; that's grossly nonconformant.]) fi @@ -1137,12 +1279,12 @@ return memcmp(&p1,&p2,sizeof(char*))?1:0; }]])], [tor_cv_null_is_zero=no], [tor_cv_null_is_zero=cross])]) -if test "$tor_cv_null_is_zero" = cross ; then +if test "$tor_cv_null_is_zero" = "cross"; then # Cross-compiling; let's hope that the target isn't raving mad. AC_MSG_NOTICE([Cross-compiling: we'll assume that NULL is represented as a sequence of 0-valued bytes.]) fi -if test "$tor_cv_null_is_zero" != no; then +if test "$tor_cv_null_is_zero" != "no"; then AC_DEFINE([NULL_REP_IS_ZERO_BYTES], 1, [Define to 1 iff memset(0) sets pointers to NULL]) fi @@ -1161,12 +1303,12 @@ return memcmp(&d1,&d2,sizeof(d1))?1:0; }]])], [tor_cv_dbl0_is_zero=no], [tor_cv_dbl0_is_zero=cross])]) -if test "$tor_cv_dbl0_is_zero" = cross ; then +if test "$tor_cv_dbl0_is_zero" = "cross"; then # Cross-compiling; let's hope that the target isn't raving mad. AC_MSG_NOTICE([Cross-compiling: we'll assume that 0.0 can be represented as a sequence of 0-valued bytes.]) fi -if test "$tor_cv_dbl0_is_zero" != no; then +if test "$tor_cv_dbl0_is_zero" != "no"; then AC_DEFINE([DOUBLE_0_REP_IS_ZERO_BYTES], 1, [Define to 1 iff memset(0) sets doubles to 0.0]) fi @@ -1185,12 +1327,12 @@ int main () { return malloc(0)?0:1; }]])], [tor_cv_malloc_zero_works=no], [tor_cv_malloc_zero_works=cross])]) -if test "$tor_cv_malloc_zero_works" = cross; then +if test "$tor_cv_malloc_zero_works" = "cross"; then # Cross-compiling; let's hope that the target isn't raving mad. AC_MSG_NOTICE([Cross-compiling: we'll assume that we need to check malloc() arguments for 0.]) fi -if test "$tor_cv_malloc_zero_works" = yes; then +if test "$tor_cv_malloc_zero_works" = "yes"; then AC_DEFINE([MALLOC_ZERO_WORKS], 1, [Define to 1 iff malloc(0) returns a pointer]) fi @@ -1204,14 +1346,15 @@ return problem ? 1 : 0; }]])], [tor_cv_twos_complement=no], [tor_cv_twos_complement=cross])]) -if test "$tor_cv_twos_complement" = cross ; then +if test "$tor_cv_twos_complement" = "cross"; then # Cross-compiling; let's hope that the target isn't raving mad. AC_MSG_NOTICE([Cross-compiling: we'll assume that negative integers are represented with two's complement.]) fi -if test "$tor_cv_twos_complement" != no ; then +if test "$tor_cv_twos_complement" != "no"; then AC_DEFINE([USING_TWOS_COMPLEMENT], 1, - [Define to 1 iff we represent negative integers with two's complement]) + [Define to 1 iff we represent negative integers with + two's complement]) fi # What does shifting a negative value do? @@ -1222,12 +1365,12 @@ AC_CACHE_CHECK([whether right-shift on negative values does sign-extension], tor [tor_cv_sign_extend=no], [tor_cv_sign_extend=cross])]) -if test "$tor_cv_sign_extend" = cross ; then +if test "$tor_cv_sign_extend" = "cross"; then # Cross-compiling; let's hope that the target isn't raving mad. AC_MSG_NOTICE([Cross-compiling: we'll assume that right-shifting negative integers causes sign-extension]) fi -if test "$tor_cv_sign_extend" != no ; then +if test "$tor_cv_sign_extend" != "no"; then AC_DEFINE([RSHIFT_DOES_SIGN_EXTEND], 1, [Define to 1 iff right-shifting a negative value performs sign-extension]) fi @@ -1235,7 +1378,7 @@ fi # Whether we should use the dmalloc memory allocation debugging library. AC_MSG_CHECKING(whether to use dmalloc (debug memory allocation library)) AC_ARG_WITH(dmalloc, -[ --with-dmalloc Use debug memory allocation library. ], +AS_HELP_STRING(--with-dmalloc, [use debug memory allocation library]), [if [[ "$withval" = "yes" ]]; then dmalloc=1 AC_MSG_RESULT(yes) @@ -1253,21 +1396,21 @@ if [[ $dmalloc -eq 1 ]]; then fi AC_ARG_WITH(tcmalloc, -[ --with-tcmalloc Use tcmalloc memory allocation library. ], +AS_HELP_STRING(--with-tcmalloc, [use tcmalloc memory allocation library]), [ tcmalloc=yes ], [ tcmalloc=no ]) -if test x$tcmalloc = xyes ; then +if test "x$tcmalloc" = "xyes"; then LDFLAGS="-ltcmalloc $LDFLAGS" fi using_custom_malloc=no -if test x$enable_openbsd_malloc = xyes ; then +if test "x$enable_openbsd_malloc" = "xyes"; then using_custom_malloc=yes fi -if test x$tcmalloc = xyes ; then +if test "x$tcmalloc" = "xyes"; then using_custom_malloc=yes fi -if test $using_custom_malloc = no ; then +if test "$using_custom_malloc" = "no"; then AC_CHECK_FUNCS(mallinfo) fi @@ -1283,7 +1426,7 @@ AC_CHECK_DECLS([mlockall], , , [ # Allow user to specify an alternate syslog facility AC_ARG_WITH(syslog-facility, -[ --with-syslog-facility=LOG syslog facility to use (default=LOG_DAEMON)], +AS_HELP_STRING(--with-syslog-facility=LOG, [syslog facility to use (default=LOG_DAEMON)]), syslog_facility="$withval", syslog_facility="LOG_DAEMON") AC_DEFINE_UNQUOTED(LOGFACILITY,$syslog_facility,[name of the syslog facility]) AC_SUBST(LOGFACILITY) @@ -1384,20 +1527,20 @@ int main(int c, char **v) { char **t = environ; }])], tor_cv_have_environ_declared=yes, tor_cv_have_environ_declared=no)) -if test "$tor_cv_have_func_macro" = 'yes'; then +if test "$tor_cv_have_func_macro" = "yes"; then AC_DEFINE(HAVE_MACRO__func__, 1, [Defined if the compiler supports __func__]) fi -if test "$tor_cv_have_FUNC_macro" = 'yes'; then +if test "$tor_cv_have_FUNC_macro" = "yes"; then AC_DEFINE(HAVE_MACRO__FUNC__, 1, [Defined if the compiler supports __FUNC__]) fi -if test "$tor_cv_have_FUNCTION_macro" = 'yes'; then +if test "$tor_cv_have_FUNCTION_macro" = "yes"; then AC_DEFINE(HAVE_MACRO__FUNCTION__, 1, [Defined if the compiler supports __FUNCTION__]) fi -if test "$tor_cv_have_environ_declared" = 'yes'; then +if test "$tor_cv_have_environ_declared" = "yes"; then AC_DEFINE(HAVE_EXTERN_ENVIRON_DECLARED, 1, [Defined if we have extern char **environ already declared]) fi @@ -1433,7 +1576,7 @@ AC_SUBST(BINDIR) LOCALSTATEDIR=`eval echo $localstatedir` AC_SUBST(LOCALSTATEDIR) -if test "$bwin32" = true; then +if test "$bwin32" = "true"; then # Test if the linker supports the --nxcompat and --dynamicbase options # for Windows save_LDFLAGS="$LDFLAGS" @@ -1449,13 +1592,12 @@ fi # Set CFLAGS _after_ all the above checks, since our warnings are stricter # than autoconf's macros like. -if test "$GCC" = yes; then +if test "$GCC" = "yes"; then # Disable GCC's strict aliasing checks. They are an hours-to-debug # accident waiting to happen. CFLAGS="$CFLAGS -Wall -fno-strict-aliasing" else - # Autoconf sets -g -O2 by default. Override optimization level - # for non-gcc compilers + # Override optimization level for non-gcc compilers CFLAGS="$CFLAGS -O" enable_gcc_warnings=no enable_gcc_warnings_advisory=no @@ -1473,7 +1615,8 @@ esac # Add some more warnings which we use in development but not in the # released versions. (Some relevant gcc versions can't handle these.) -if test x$enable_gcc_warnings = xyes || test x$enable_gcc_warnings_advisory = xyes; then +if test "x$enable_gcc_warnings" = "xyes" || + test "x$enable_gcc_warnings_advisory" = "xyes"; then AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [ #if !defined(__GNUC__) || (__GNUC__ < 4) @@ -1502,7 +1645,7 @@ if test x$enable_gcc_warnings = xyes || test x$enable_gcc_warnings_advisory = xy have_shorten64_flag=no) CFLAGS="$save_CFLAGS" - case $host in + case "$host" in *-*-openbsd* | *-*-bitrig*) # Some OpenBSD versions (like 4.8) have -Wsystem-headers by default. # That's fine, except that the headers don't pass -Wredundant-decls. @@ -1517,18 +1660,18 @@ if test x$enable_gcc_warnings = xyes || test x$enable_gcc_warnings_advisory = xy CFLAGS="$CFLAGS -Wwrite-strings -Wmissing-declarations -Wredundant-decls" CFLAGS="$CFLAGS -Wnested-externs -Wbad-function-cast -Wswitch-enum" - if test x$enable_gcc_warnings = xyes; then + if test "x$enable_gcc_warnings" = "xyes"; then CFLAGS="$CFLAGS -Werror" fi # Disabled, so we can use mallinfo(): -Waggregate-return - if test x$have_gcc4 = xyes ; then + if test "x$have_gcc4" = "xyes"; then # These warnings break gcc 3.3.5 and work on gcc 4.0.2 - CFLAGS="$CFLAGS -Winit-self -Wmissing-field-initializers -Wdeclaration-after-statement -Wold-style-definition" + CFLAGS="$CFLAGS -Winit-self -Wmissing-field-initializers -Wold-style-definition" fi - if test x$have_gcc42 = xyes ; then + if test "x$have_gcc42" = "xyes"; then # These warnings break gcc 4.0.2 and work on gcc 4.2 # XXXX020 See if any of these work with earlier versions. CFLAGS="$CFLAGS -Waddress -Wmissing-noreturn -Wstrict-overflow=1" @@ -1536,24 +1679,24 @@ if test x$enable_gcc_warnings = xyes || test x$enable_gcc_warnings_advisory = xy # We used to use -Wstrict-overflow=5, but that breaks us heavily under 4.3. fi - if test x$have_gcc42 = xyes && test x$have_clang = xno; then + if test "x$have_gcc42" = "xyes" && test "x$have_clang" = "xno"; then # These warnings break gcc 4.0.2 and clang, but work on gcc 4.2 CFLAGS="$CFLAGS -Wnormalized=id -Woverride-init" fi - if test x$have_gcc43 = xyes ; then + if test "x$have_gcc43" = "xyes"; then # These warnings break gcc 4.2 and work on gcc 4.3 # XXXX020 See if any of these work with earlier versions. CFLAGS="$CFLAGS -Wextra -Warray-bounds" fi - if test x$have_gcc46 = xyes ; then + if test "x$have_gcc46" = "xyes"; then # This warning was added in gcc 4.3, but it appears to generate # spurious warnings in gcc 4.4. I don't know if it works in 4.5. CFLAGS="$CFLAGS -Wlogical-op" fi - if test x$have_shorten64_flag = xyes ; then + if test "x$have_shorten64_flag" = "xyes"; then CFLAGS="$CFLAGS -Wshorten-64-to-32" fi @@ -1563,7 +1706,7 @@ if test x$enable_gcc_warnings = xyes || test x$enable_gcc_warnings_advisory = xy # CFLAGS="$CFLAGS -Winline" fi -if test "$enable_coverage" = yes && test "$have_clang" = "no"; then +if test "$enable_coverage" = "yes" && test "$have_clang" = "no"; then case "$host_os" in darwin*) AC_MSG_WARN([Tried to enable coverage on OSX without using the clang compiler. This might not work! If coverage fails, use CC=clang when configuring with --enable-profiling.]) @@ -1581,15 +1724,20 @@ AC_CONFIG_FILES([ contrib/dist/torctl contrib/dist/tor.service src/config/torrc.sample + src/config/torrc.minimal + scripts/maint/checkOptionDocs.pl + scripts/maint/updateVersions.pl ]) -if test x$asciidoc = xtrue && test "$ASCIIDOC" = "none" ; then +if test "x$asciidoc" = "xtrue" && test "$ASCIIDOC" = "none"; then regular_mans="doc/tor doc/tor-gencert doc/tor-resolve doc/torify" for file in $regular_mans ; do if ! [[ -f "$srcdir/$file.1.in" ]] || ! [[ -f "$srcdir/$file.html.in" ]] ; then echo "=================================="; echo; - echo "You need asciidoc installed to be able to build the manpage."; + echo "Building Tor has failed since manpages cannot be built."; + echo; + echo "You need asciidoc installed to be able to build the manpages."; echo "To build without manpages, use the --disable-asciidoc argument"; echo "when calling configure."; echo; @@ -1600,7 +1748,3 @@ if test x$asciidoc = xtrue && test "$ASCIIDOC" = "none" ; then fi AC_OUTPUT - -if test -x /usr/bin/perl && test -x ./scripts/maint/updateVersions.pl ; then - ./scripts/maint/updateVersions.pl -fi |