diff --git a/configure.ac b/configure.ac index ef0bb6e1e..0955eee99 100644 --- a/configure.ac +++ b/configure.ac @@ -1,1489 +1,1489 @@ # configure.ac script for GnuPG # Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, # 2008, 2009, 2010, 2012 Free Software Foundation, Inc. # # This file is part of GnuPG. # # GnuPG is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # GnuPG is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . # # (Process this file with autoconf to produce a configure script.) AC_PREREQ(2.59) min_automake_version="1.9.3" # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh --force" right before creating a distribution. m4_define([my_version], [1.4.13]) m4_define([my_issvn], [yes]) m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) m4_define([git_revision], m4_esyscmd([git branch -v 2>/dev/null \ | awk '/^\* / {printf "%s",$3}'])) m4_define([my_full_version], [my_version[]m4_if(my_issvn,[yes], [m4_if(git_revision,[],[-svn[]svn_revision],[-git[]git_revision])])]) AC_INIT([gnupg],[my_full_version],[http://bugs.gnupg.org]) # Set development_version to yes if the minor number is odd or you # feel that the default check for a development version is not # sufficient. development_version=no AC_CONFIG_AUX_DIR(scripts) AC_CONFIG_SRCDIR(g10/gpg.c) AC_CANONICAL_HOST AM_INIT_AUTOMAKE([std-options]) AB_INIT AM_CONFIG_HEADER(config.h) AC_GNU_SOURCE dnl dnl Check for random module options dnl AC_MSG_CHECKING([which random module to use]) AC_ARG_ENABLE(static-rnd, AC_HELP_STRING([[--enable-static-rnd=[egd|unix|linux|auto]]], [specify a random number source]), [use_static_rnd=$enableval], [use_static_rnd=default]) if test "$use_static_rnd" = no; then use_static_rnd=default fi case "$use_static_rnd" in egd | linux | unix | default ) AC_MSG_RESULT($use_static_rnd) ;; auto ) AC_MSG_RESULT(automagically selected at runtime) ;; * ) AC_MSG_RESULT(invalid argument) AC_MSG_ERROR(there is no random module rnd$use_static_rnd) ;; esac AC_ARG_WITH(egd-socket, AC_HELP_STRING([--with-egd-socket=NAME],[use NAME for the EGD socket]), egd_socket_name="$withval", egd_socket_name="" ) AC_DEFINE_UNQUOTED(EGD_SOCKET_NAME, "$egd_socket_name", [Define if you don't want the default EGD socket name. For details see cipher/rndegd.c]) dnl dnl See whether the user wants to disable checking for /dev/random AC_MSG_CHECKING([whether use of /dev/random is requested]) AC_ARG_ENABLE(dev-random, AC_HELP_STRING([--disable-dev-random],[disable the use of dev random]), try_dev_random=$enableval, try_dev_random=yes) AC_MSG_RESULT($try_dev_random) dnl dnl Check other options dnl AC_MSG_CHECKING([whether assembler modules are requested]) AC_ARG_ENABLE(asm, AC_HELP_STRING([--disable-asm],[do not use assembler modules]), try_asm_modules=$enableval, try_asm_modules=yes) AC_MSG_RESULT($try_asm_modules) dnl AC_MSG_CHECKING([whether memory guard is requested]) dnl AC_ARG_ENABLE(m-guard, dnl [ --enable-m-guard enable memory guard facility], dnl use_m_guard=$enableval, use_m_guard=no) dnl AC_MSG_RESULT($use_m_guard) dnl if test "$use_m_guard" = yes ; then dnl AC_DEFINE(M_GUARD,1,[Define to use the (obsolete) malloc guarding feature]) dnl fi # SELinux support includes tracking of sensitive files to avoid # leaking their contents through processing these files by gpg itself AC_MSG_CHECKING([whether SELinux support is requested]) AC_ARG_ENABLE(selinux-support, AC_HELP_STRING([--enable-selinux-support], [enable SELinux support]), selinux_support=$enableval, selinux_support=no) AC_MSG_RESULT($selinux_support) AC_MSG_CHECKING([whether the new iconv based code is requested]) AC_ARG_ENABLE(gnupg-iconv, AC_HELP_STRING([--disable-gnupg-iconv], [disable the new iconv code]), gnupg_use_iconv=$enableval, gnupg_use_iconv=yes) AC_MSG_RESULT($gnupg_use_iconv) dnl See if we are disabling any algorithms or features for a smaller dnl binary try_extensions=no try_gettext=yes try_dns=yes use_rsa=yes use_idea=yes use_cast5=yes use_blowfish=yes use_aes=yes use_twofish=yes use_camellia=yes use_sha256=yes use_sha512=yes use_bzip2=yes use_exec=yes card_support=yes agent_support=yes disable_keyserver_path=no AC_ARG_ENABLE(minimal, AC_HELP_STRING([--enable-minimal],[build the smallest gpg binary possible]), try_dns=no use_rsa=no use_idea=no use_cast5=no use_blowfish=no use_aes=no use_twofish=no use_camellia=no use_sha256=no use_sha512=no use_bzip2=no use_exec=no card_support=no agent_support=no) AC_MSG_CHECKING([whether OpenPGP card support is requested]) AC_ARG_ENABLE(card-support, AC_HELP_STRING([--disable-card-support], [disable OpenPGP card support]), card_support=$enableval) AC_MSG_RESULT($card_support) # Note that we may later disable the agent support based on the platform. AC_MSG_CHECKING([whether gpg-agent support is requested]) AC_ARG_ENABLE(agent-support, AC_HELP_STRING([--disable-agent-support], [disable gpg-agent support]), agent_support=$enableval) AC_MSG_RESULT($agent_support) AC_MSG_CHECKING([whether to enable the RSA public key algorithm]) AC_ARG_ENABLE(rsa, AC_HELP_STRING([--disable-rsa],[disable the RSA public key algorithm]), use_rsa=$enableval) AC_MSG_RESULT($use_rsa) if test x"$use_rsa" = xyes ; then AC_DEFINE(USE_RSA,1,[Define to include the RSA public key algorithm]) fi AC_MSG_CHECKING([whether to enable the IDEA cipher]) AC_ARG_ENABLE(idea, AC_HELP_STRING([--disable-idea],[disable the IDEA cipher]), use_idea=$enableval) AC_MSG_RESULT($use_idea) if test x"$use_idea" = xyes ; then AC_DEFINE(USE_IDEA,1,[Define to include the IDEA cipher]) fi AC_MSG_CHECKING([whether to enable the CAST5 cipher]) AC_ARG_ENABLE(cast5, AC_HELP_STRING([--disable-cast5],[disable the CAST5 cipher]), use_cast5=$enableval) AC_MSG_RESULT($use_cast5) if test x"$use_cast5" = xyes ; then AC_DEFINE(USE_CAST5,1,[Define to include the CAST5 cipher]) fi AC_MSG_CHECKING([whether to enable the BLOWFISH cipher]) AC_ARG_ENABLE(blowfish, AC_HELP_STRING([--disable-blowfish],[disable the BLOWFISH cipher]), use_blowfish=$enableval) AC_MSG_RESULT($use_blowfish) if test x"$use_blowfish" = xyes ; then AC_DEFINE(USE_BLOWFISH,1,[Define to include the BLOWFISH cipher]) fi AC_MSG_CHECKING([whether to enable the AES ciphers]) AC_ARG_ENABLE(aes, AC_HELP_STRING([--disable-aes],[disable the AES, AES192, and AES256 ciphers]), use_aes=$enableval) AC_MSG_RESULT($use_aes) if test x"$use_aes" = xyes ; then AC_DEFINE(USE_AES,1,[Define to include the AES, AES192, and AES256 ciphers]) fi AC_MSG_CHECKING([whether to enable the TWOFISH cipher]) AC_ARG_ENABLE(twofish, AC_HELP_STRING([--disable-twofish],[disable the TWOFISH cipher]), use_twofish=$enableval) AC_MSG_RESULT($use_twofish) if test x"$use_twofish" = xyes ; then AC_DEFINE(USE_TWOFISH,1,[Define to include the TWOFISH cipher]) fi AC_MSG_CHECKING([whether to enable the CAMELLIA cipher]) AC_ARG_ENABLE(camellia, AC_HELP_STRING([--enable-camellia],[enable the CAMELLIA cipher]), use_camellia=$enableval) AC_MSG_RESULT($use_camellia) if test x"$use_camellia" = xyes ; then AC_DEFINE(USE_CAMELLIA,1,[Define to include the CAMELLIA cipher]) fi AC_MSG_CHECKING([whether to enable the SHA-224 and SHA-256 digests]) AC_ARG_ENABLE(sha256, AC_HELP_STRING([--disable-sha256],[disable the SHA-224 and SHA-256 digests]), use_sha256=$enableval) AC_MSG_RESULT($use_sha256) if test x"$use_sha256" = xyes ; then AC_DEFINE(USE_SHA256,1,[Define to include the SHA-224 and SHA-256 digests]) fi dnl SHA512 is defined only after we confirm 64-bit support later AC_MSG_CHECKING([whether to enable the SHA-384 and SHA-512 digests]) AC_ARG_ENABLE(sha512, AC_HELP_STRING([--disable-sha512],[disable the SHA-384 and SHA-512 digests]), use_sha512=$enableval) AC_MSG_RESULT($use_sha512) dnl BZLIB is defined only after we confirm the library is available later AC_MSG_CHECKING([whether to enable the BZIP2 compression algorithm]) AC_ARG_ENABLE(bzip2, AC_HELP_STRING([--disable-bzip2],[disable the BZIP2 compression algorithm]), use_bzip2=$enableval) AC_MSG_RESULT($use_bzip2) AC_MSG_CHECKING([whether to enable external program execution]) AC_ARG_ENABLE(exec, AC_HELP_STRING([--disable-exec],[disable all external program execution]), use_exec=$enableval) AC_MSG_RESULT($use_exec) if test "$use_exec" = no ; then AC_DEFINE(NO_EXEC,1,[Define to disable all external program execution]) fi if test "$use_exec" = yes ; then AC_MSG_CHECKING([whether to enable photo ID viewing]) AC_ARG_ENABLE(photo-viewers, AC_HELP_STRING([--disable-photo-viewers],[disable photo ID viewers]), [if test "$enableval" = no ; then AC_DEFINE(DISABLE_PHOTO_VIEWER,1,[define to disable photo viewing]) fi],enableval=yes) gnupg_cv_enable_photo_viewers=$enableval AC_MSG_RESULT($enableval) if test "$gnupg_cv_enable_photo_viewers" = yes ; then AC_MSG_CHECKING([whether to use a fixed photo ID viewer]) AC_ARG_WITH(photo-viewer, AC_HELP_STRING([--with-photo-viewer=FIXED_VIEWER], [set a fixed photo ID viewer]), [if test "$withval" = yes ; then withval=no elif test "$withval" != no ; then AC_DEFINE_UNQUOTED(FIXED_PHOTO_VIEWER,"$withval", [if set, restrict photo-viewer to this]) fi],withval=no) AC_MSG_RESULT($withval) fi AC_MSG_CHECKING([whether to enable external keyserver helpers]) AC_ARG_ENABLE(keyserver-helpers, AC_HELP_STRING([--disable-keyserver-helpers], [disable all external keyserver support]), [if test "$enableval" = no ; then AC_DEFINE(DISABLE_KEYSERVER_HELPERS,1, [define to disable keyserver helpers]) fi],enableval=yes) gnupg_cv_enable_keyserver_helpers=$enableval AC_MSG_RESULT($enableval) if test "$gnupg_cv_enable_keyserver_helpers" = yes ; then dnl LDAP is defined only after we confirm the library is available later AC_MSG_CHECKING([whether LDAP keyserver support is requested]) AC_ARG_ENABLE(ldap, AC_HELP_STRING([--disable-ldap],[disable LDAP keyserver interface only]), try_ldap=$enableval, try_ldap=yes) AC_MSG_RESULT($try_ldap) AC_MSG_CHECKING([whether HKP keyserver support is requested]) AC_ARG_ENABLE(hkp, AC_HELP_STRING([--disable-hkp],[disable HKP keyserver interface only]), try_hkp=$enableval, try_hkp=yes) AC_MSG_RESULT($try_hkp) AC_MSG_CHECKING([whether finger key fetching support is requested]) AC_ARG_ENABLE(finger, AC_HELP_STRING([--disable-finger], [disable finger key fetching interface only]), try_finger=$enableval, try_finger=yes) AC_MSG_RESULT($try_finger) AC_MSG_CHECKING([whether generic object key fetching support is requested]) AC_ARG_ENABLE(generic, AC_HELP_STRING([--disable-generic], [disable generic object key fetching interface only]), try_generic=$enableval, try_generic=yes) AC_MSG_RESULT($try_generic) AC_MSG_CHECKING([whether email keyserver support is requested]) AC_ARG_ENABLE(mailto, AC_HELP_STRING([--enable-mailto], [enable email keyserver interface only]), try_mailto=$enableval, try_mailto=no) AC_MSG_RESULT($try_mailto) fi AC_MSG_CHECKING([whether keyserver exec-path is enabled]) AC_ARG_ENABLE(keyserver-path, AC_HELP_STRING([--disable-keyserver-path], [disable the exec-path option for keyserver helpers]), [if test "$enableval" = no ; then disable_keyserver_path=yes fi],enableval=yes) AC_MSG_RESULT($enableval) fi AC_MSG_CHECKING([whether the included zlib is requested]) AC_ARG_WITH(included-zlib, AC_HELP_STRING([--with-included-zlib],[use the zlib code included here]), [g10_force_zlib="$withval"], [g10_force_zlib=no] ) AC_MSG_RESULT($g10_force_zlib) dnl dnl Check for the key/uid cache size. This can't be zero, but can be dnl pretty small on embedded systems. dnl AC_MSG_CHECKING([for the size of the key and uid cache]) AC_ARG_ENABLE(key-cache, AC_HELP_STRING([--enable-key-cache=SIZE],[Set key cache to SIZE (default 4096)]),,enableval=4096) if test "$enableval" = "no"; then enableval=5 elif test "$enableval" = "yes" || test "$enableval" = ""; then enableval=4096 fi changequote(,)dnl key_cache_size=`echo "$enableval" | sed 's/[A-Za-z]//g'` changequote([,])dnl if test "$enableval" != "$key_cache_size" || test "$key_cache_size" -lt 5; then AC_MSG_ERROR([invalid key-cache size]) fi AC_MSG_RESULT($key_cache_size) AC_DEFINE_UNQUOTED(PK_UID_CACHE_SIZE,$key_cache_size,[Size of the key and UID caches]) dnl dnl Check whether we want to use Linux capabilities dnl AC_MSG_CHECKING([whether use of capabilities is requested]) AC_ARG_WITH(capabilities, AC_HELP_STRING([--with-capabilities], [use linux capabilities [default=no]]), [use_capabilities="$withval"],[use_capabilities=no]) AC_MSG_RESULT($use_capabilities) # To avoid double inclusion of config.h which might happen at some # places, we add the usual double inclusion protection. AH_TOP([ #ifndef GNUPG_CONFIG_H_INCLUDED #define GNUPG_CONFIG_H_INCLUDED ]) AH_BOTTOM([ /* We didn't define endianness above, so get it from OS macros. This is intended for making fat binary builds on OS X. */ #if !defined(BIG_ENDIAN_HOST) && !defined(LITTLE_ENDIAN_HOST) # if defined(__BIG_ENDIAN__) # define BIG_ENDIAN_HOST 1 # elif defined(__LITTLE_ENDIAN__) # define LITTLE_ENDIAN_HOST 1 # else # error "No endianness found" # endif #endif #if !(defined(HAVE_FORK) && defined(HAVE_PIPE) && defined(HAVE_WAITPID)) # define EXEC_TEMPFILE_ONLY #endif /* A macro to help checking the GCC version. */ #ifdef __GNUC__ # define GNUPG_GCC_VERSION (__GNUC__ * 10000 \ + __GNUC_MINOR__ * 100 \ + __GNUC_PATCHLEVEL__) #endif /*__GNUC__*/ /* Please note that the string version must not contain more than one character because the using code assumes strlen()==1 */ #ifdef HAVE_DOSISH_SYSTEM # define DIRSEP_C '\\' # define EXTSEP_C '.' # define DIRSEP_S "\\" # define EXTSEP_S "." # define PATHSEP_C ';' # define PATHSEP_S ";" #else # define DIRSEP_C '/' # define EXTSEP_C '.' # define DIRSEP_S "/" # define EXTSEP_S "." # define PATHSEP_C ':' # define PATHSEP_S ":" #endif #ifdef __VMS # define GNUPG_BAK_SFX "_bak" # define GNUPG_TMP_SFX "_tmp" #else /*!def __VMS */ # define GNUPG_BAK_SFX "~" # define GNUPG_TMP_SFX EXTSEP_S "tmp" #endif /* def __VMS [else] */ /* For some OSes we need to use fixed strings for certain directories. */ #ifdef HAVE_DRIVE_LETTERS # define LOCALEDIR "c:\\\\lib\\\\gnupg\\\\locale" # define GNUPG_LIBDIR "c:\\\\lib\\\\gnupg" # define GNUPG_LIBEXECDIR "c:\\\\lib\\\\gnupg" # define GNUPG_DATADIR "c:\\\\lib\\\\gnupg" # define GNUPG_HOMEDIR "c:\\\\gnupg" #else # ifdef __VMS # define GNUPG_DATADIR "/SYS$MANAGER/gnupg_share" # define GNUPG_HOMEDIR "/SYS$LOGIN/gnupg" # define GNUPG_LIBDIR "/SYS$MANAGER/gnupg_share" # define GNUPG_LIBEXECDIR "" # else # define GNUPG_HOMEDIR "~/.gnupg" # endif #endif /* Hack used for W32: ldap.m4 also tests for the ASCII version of ldap_start_tls_s because that is the actual symbol used in the library. winldap.h redefines it to our commonly used value, thus we define our usual macro here. */ #ifdef HAVE_LDAP_START_TLS_SA # ifndef HAVE_LDAP_START_TLS_S # define HAVE_LDAP_START_TLS_S 1 # endif #endif /* This is the major version number of GnuPG so that source included files can test for this. */ #define GNUPG_MAJOR_VERSION 1 /* This is the same as VERSION, but should be overridden if the platform cannot handle things like dots'.' in filenames. Set SAFE_VERSION_DOT and SAFE_VERSION_DASH to whatever SAFE_VERSION uses for dots and dashes. */ #define SAFE_VERSION VERSION #define SAFE_VERSION_DOT '.' #define SAFE_VERSION_DASH '-' /* We want to use our memory allocator for estream-printf. */ #define _ESTREAM_PRINTF_MALLOC xtrymalloc #define _ESTREAM_PRINTF_FREE xfree #define _ESTREAM_PRINTF_EXTRA_INCLUDE "memory.h" #endif /*GNUPG_CONFIG_H_INCLUDED*/ ]) AM_MAINTAINER_MODE dnl Checks for programs. AC_PROG_MAKE_SET AM_SANITY_CHECK missing_dir=`cd $ac_aux_dir && pwd` AM_MISSING_PROG(ACLOCAL, aclocal, $missing_dir) AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir) AM_MISSING_PROG(AUTOMAKE, automake, $missing_dir) AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir) AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir) AC_PROG_CC AM_PROG_CC_C_O AC_PROG_CPP AC_PROG_RANLIB AC_CHECK_TOOL(AR, ar, :) AC_PATH_PROG(PERL,"perl") AC_ISC_POSIX AC_SYS_LARGEFILE AC_PROG_INSTALL AC_PROG_AWK AC_CHECK_PROG(DOCBOOK_TO_MAN, docbook-to-man, yes, no) AM_CONDITIONAL(HAVE_DOCBOOK_TO_MAN, test "$ac_cv_prog_DOCBOOK_TO_MAN" = yes) GNUPG_CHECK_USTAR # According to a comment by Marcus Brinkman in libgpg-error, the # AC_PROG_CC_FOR_BUILD macro in the AC archive is broken for autoconf # 2.57. Thus we use a simply use "cc" if we are cross-compiling. AC_MSG_CHECKING(for cc for build) if test "$cross_compiling" = "yes"; then CC_FOR_BUILD="${CC_FOR_BUILD-cc}" else CC_FOR_BUILD="${CC_FOR_BUILD-$CC}" fi AC_MSG_RESULT($CC_FOR_BUILD) AC_ARG_VAR(CC_FOR_BUILD,[build system C compiler]) MPI_OPT_FLAGS="" have_dosish_system=no need_dlopen=yes case "${host}" in *-mingw32*) # special stuff for Windoze NT ac_cv_have_dev_random=no AC_DEFINE(USE_ONLY_8DOT3,1, [set this to limit filenames to the 8.3 format]) AC_DEFINE(HAVE_DRIVE_LETTERS,1, [defined if we must run on a stupid file system]) AC_DEFINE(USE_SIMPLE_GETTEXT,1, [because the Unix gettext has too much overhead on MingW32 systems and these systems lack Posix functions, we use a simplified version of gettext]) AC_DEFINE(HAVE_W32_SYSTEM,1, [Defined if we run on a W32 API based system]) disable_keyserver_path=yes have_dosish_system=yes need_dlopen=no try_gettext="no" agent_support=no use_simple_gettext=yes have_w32_system=yes # gcc 4.6 uses by default -fomit-frame-pointer. This # conflicts with mingw runtime's setjmp/longjmp usage. The # actual bug we notice is a segv related to the dlopened # iconv.dll: After returning from set_native_charset the stack # frame is corrupt. if test -n "$GCC" ; then CFLAGS="$CFLAGS -fno-omit-frame-pointer" fi ;; i?86-emx-os2 | i?86-*-os2*emx ) # OS/2 with the EMX environment ac_cv_have_dev_random=no AC_DEFINE(HAVE_DRIVE_LETTERS) have_dosish_system=yes try_gettext="no" agent_support=no ;; i?86-*-msdosdjgpp*) # DOS with the DJGPP environment ac_cv_have_dev_random=no AC_DEFINE(HAVE_DRIVE_LETTERS) have_dosish_system=yes try_gettext="no" agent_support=no ;; *-*-hpux*) if test -z "$GCC" ; then CFLAGS="$CFLAGS -Ae -D_HPUX_SOURCE" fi ;; *-dec-osf4*) if test -z "$GCC" ; then # Suppress all warnings # to get rid of the unsigned/signed char mismatch warnings. CFLAGS="$CFLAGS -w" fi ;; *-dec-osf5*) if test -z "$GCC" ; then # Use the newer compiler `-msg_disable ptrmismatch1' to # get rid of the unsigned/signed char mismatch warnings. # Using this may hide other pointer mismatch warnings, but # it at least lets other warning classes through CFLAGS="$CFLAGS -msg_disable ptrmismatch1" fi ;; m68k-atari-mint) ;; *) ;; esac if test "$have_dosish_system" = yes; then AC_DEFINE(HAVE_DOSISH_SYSTEM,1, [defined if we run on some of the PCDOS like systems (DOS, Windoze. OS/2) with special properties like no file modes]) fi AM_CONDITIONAL(HAVE_DOSISH_SYSTEM, test "$have_dosish_system" = yes) AM_CONDITIONAL(USE_SIMPLE_GETTEXT, test x"$use_simple_gettext" = xyes) AM_CONDITIONAL(HAVE_W32_SYSTEM, test x"$have_w32_system" = xyes) if test "$disable_keyserver_path" = yes; then AC_DEFINE(DISABLE_KEYSERVER_PATH,1, [define to disable exec-path for keyserver helpers]) fi AC_SUBST(MPI_OPT_FLAGS) GNUPG_SYS_SYMBOL_UNDERSCORE dnl These need to go after AC_PROG_CC so that $EXEEXT is defined AC_DEFINE_UNQUOTED(EXEEXT,"$EXEEXT",[The executable file extension, if any]) if test x"$try_hkp" = xyes ; then AC_SUBST(GPGKEYS_HKP,"gpgkeys_hkp$EXEEXT") fi if test x"$try_finger" = xyes ; then AC_SUBST(GPGKEYS_FINGER,"gpgkeys_finger$EXEEXT") fi dnl Must check for network library requirements before doing link tests dnl for ldap, for example. If ldap libs are static (or dynamic and without dnl ELF runtime link paths), then link will fail and LDAP support won't dnl be detected. AC_CHECK_FUNC(gethostbyname, , AC_CHECK_LIB(nsl, gethostbyname, [NETLIBS="-lnsl $NETLIBS"])) AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt, [NETLIBS="-lsocket $NETLIBS"])) dnl Now try for the resolver functions so we can use DNS for SRV, PKA, dnl and CERT. if test x"$try_dns" = xyes ; then if test x"$try_hkp" = xyes || test x"$try_http" = xyes ; then AC_ARG_ENABLE(dns-srv, AC_HELP_STRING([--disable-dns-srv], [disable the use of DNS SRV in HKP and HTTP]), use_dns_srv=$enableval,use_dns_srv=yes) fi AC_ARG_ENABLE(dns-pka, AC_HELP_STRING([--disable-dns-pka], [disable the use of PKA records in DNS]), use_dns_pka=$enableval,use_dns_pka=yes) AC_ARG_ENABLE(dns-cert, AC_HELP_STRING([--disable-dns-cert], [disable the use of CERT records in DNS]), use_dns_cert=$enableval,use_dns_cert=yes) fi if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes || test x"$use_dns_cert" = xyes; then _dns_save_libs=$LIBS LIBS="" # the double underscore thing is a glibc-ism? AC_SEARCH_LIBS(res_query,resolv bind socket,, AC_SEARCH_LIBS(__res_query,resolv bind socket,,have_resolver=no)) AC_SEARCH_LIBS(dn_expand,resolv bind socket,, AC_SEARCH_LIBS(__dn_expand,resolv bind socket,,have_resolver=no)) AC_SEARCH_LIBS(dn_skipname,resolv bind socket,, AC_SEARCH_LIBS(__dn_skipname,resolv bind socket,,have_resolver=no)) if test x"$have_resolver" != xno ; then # Make sure that the BIND 4 resolver interface is workable before # enabling any code that calls it. At some point I'll rewrite the # code to use the BIND 8 resolver API. AC_MSG_CHECKING([whether the resolver is usable]) AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include #include #include #include ]], [[unsigned char answer[PACKETSZ]; res_query("foo.bar",C_IN,T_A,answer,PACKETSZ); dn_skipname(0,0); dn_expand(0,0,0,0,0);]])],have_resolver=yes,have_resolver=no) AC_MSG_RESULT($have_resolver) # This is Apple-specific and somewhat bizarre as they changed the # define in bind 8 for some reason. if test x"$have_resolver" != xyes ; then AC_MSG_CHECKING([whether I can make the resolver usable with BIND_8_COMPAT]) AC_LINK_IFELSE([AC_LANG_PROGRAM([[#define BIND_8_COMPAT #include #include #include #include ]], [[unsigned char answer[PACKETSZ]; res_query("foo.bar",C_IN,T_A,answer,PACKETSZ); dn_skipname(0,0); dn_expand(0,0,0,0,0);]])],[have_resolver=yes ; need_compat=yes]) AC_MSG_RESULT($have_resolver) fi fi if test x"$have_resolver" = xyes ; then DNSLIBS=$LIBS if test x"$use_dns_srv" = xyes ; then AC_DEFINE(USE_DNS_SRV,1,[define to use DNS SRV]) fi if test x"$use_dns_pka" = xyes ; then AC_DEFINE(USE_DNS_PKA,1,[define to use our experimental DNS PKA]) fi if test x"$use_dns_cert" = xyes ; then AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT]) fi if test x"$need_compat" = xyes ; then AC_DEFINE(BIND_8_COMPAT,1,[an Apple OSXism]) fi else use_dns_srv=no use_dns_pka=no use_dns_cert=no fi LIBS=$_dns_save_libs fi AC_SUBST(DNSLIBS) AM_CONDITIONAL(USE_DNS_SRV, test x"$use_dns_srv" = xyes) # Check for LDAP if test "$try_ldap" = yes ; then GNUPG_CHECK_LDAP($NETLIBS) fi # Check for curl. We fake the curl API if libcurl isn't installed. # We require 7.10 or better as we use curl_version_info(). LIBCURL_CHECK_CONFIG([yes],[7.10],,[fake_curl=yes]) AM_CONDITIONAL(FAKE_CURL,test x"$fake_curl" = xyes) # Generic, for us, means curl if test x"$try_generic" = xyes ; then AC_SUBST(GPGKEYS_CURL,"gpgkeys_curl$EXEEXT") fi dnl This isn't necessarily sendmail itself, but anything that gives a dnl sendmail-ish interface to the outside world. That includes qmail, dnl postfix, etc. Basically, anything that can handle "sendmail -t". if test "$try_mailto" = yes ; then AC_ARG_WITH(mailprog, AC_HELP_STRING([--with-mailprog=NAME], [use "NAME -t" for mail transport]),,with_mailprog=yes) if test "$with_mailprog" = yes ; then AC_PATH_PROG(SENDMAIL,sendmail,,$PATH:/usr/sbin:/usr/libexec:/usr/lib) if test "$ac_cv_path_SENDMAIL" ; then GPGKEYS_MAILTO="gpgkeys_mailto" fi elif test "$with_mailprog" != no ; then AC_MSG_CHECKING([for a mail transport program]) AC_SUBST(SENDMAIL,$with_mailprog) AC_MSG_RESULT($with_mailprog) GPGKEYS_MAILTO="gpgkeys_mailto" fi fi AC_SUBST(GPGKEYS_MAILTO) case "${host}" in *-mingw32*) PRINTABLE_OS_NAME="MingW32" ;; *-*-cygwin*) PRINTABLE_OS_NAME="Cygwin" ;; i?86-emx-os2 | i?86-*-os2*emx ) PRINTABLE_OS_NAME="OS/2" ;; i?86-*-msdosdjgpp*) PRINTABLE_OS_NAME="MSDOS/DJGPP" try_extensions=no ;; *-linux*) PRINTABLE_OS_NAME="GNU/Linux" ;; *) PRINTABLE_OS_NAME=`uname -s || echo "Unknown"` ;; esac AC_DEFINE_UNQUOTED(PRINTABLE_OS_NAME, "$PRINTABLE_OS_NAME", [A human readable text with the name of the OS]) # # 1. Set names of random devices # NAME_OF_DEV_RANDOM="/dev/random" NAME_OF_DEV_URANDOM="/dev/urandom" case "${host}" in *-openbsd*) NAME_OF_DEV_RANDOM="/dev/srandom" NAME_OF_DEV_URANDOM="/dev/urandom" ;; esac AC_DEFINE_UNQUOTED(NAME_OF_DEV_RANDOM, "$NAME_OF_DEV_RANDOM", [defined to the name of the strong random device]) AC_DEFINE_UNQUOTED(NAME_OF_DEV_URANDOM, "$NAME_OF_DEV_URANDOM", [defined to the name of the weaker random device]) AC_SUBST(MPI_OPT_FLAGS) dnl Checks for libraries. # This is "GNU gnupg" - The project-id script from gettext # needs to find this string. Without # it "make distcheck" may fail. AM_PO_SUBDIRS AM_GNU_GETTEXT_VERSION([0.18.1]) if test "$try_gettext" = yes; then AM_GNU_GETTEXT(,[need-ngettext]) # gettext requires some extra checks. These really should be part of # the basic AM_GNU_GETTEXT macro. TODO: move other gettext-specific # function checks to here. AC_CHECK_FUNCS(strchr) else enable_nls=no USE_NLS=no USE_INCLUDED_LIBINTL=no BUILD_INCLUDED_LIBINTL=no POSUB=po AC_SUBST(USE_NLS) AC_SUBST(USE_INCLUDED_LIBINTL) AC_SUBST(BUILD_INCLUDED_LIBINTL) AC_SUBST(POSUB) fi if test "$try_extensions" = yes || test x"$card_support" = xyes ; then if test "$need_dlopen" = yes; then _dl_save_libs=$LIBS LIBS="" AC_SEARCH_LIBS(dlopen,dl,found_dlopen=yes) if test x"$found_dlopen" = "xyes" ; then AC_DEFINE(HAVE_DL_DLOPEN,1, [Defined when the dlopen function family is available]) DLLIBS=$LIBS else if test "$try_extensions" = yes ; then AC_MSG_NOTICE([dlopen not found. Disabling extensions.]) try_extensions=no fi if test "$card_support" = yes ; then AC_MSG_WARN([dlopen not found. Disabling OpenPGP card support.]) card_support=no fi fi LIBS=$_dl_save_libs fi fi AC_SUBST(DLLIBS) if test "$card_support" = yes ; then AC_DEFINE(ENABLE_CARD_SUPPORT,1,[Define to include OpenPGP card support]) fi if test "$agent_support" = yes ; then AC_DEFINE(ENABLE_AGENT_SUPPORT,1,[Define to include gpg-agent support]) fi if test "$try_extensions" = yes ; then AC_DEFINE(USE_DYNAMIC_LINKING,1,[Define to enable the use of extensions]) fi if test "$selinux_support" = yes ; then AC_DEFINE(ENABLE_SELINUX_HACKS,1,[Define to enable SELinux support]) fi if test "$gnupg_use_iconv" = yes ; then AC_DEFINE(USE_GNUPG_ICONV,1,[Define to use the new iconv based code]) fi AM_CONDITIONAL(ENABLE_CARD_SUPPORT, test "$card_support" = yes) AM_CONDITIONAL(ENABLE_AGENT_SUPPORT, test "$agent_support" = yes) AM_CONDITIONAL(ENABLE_SELINUX_HACKS, test "$selinux_support" = yes) dnl Checks for header files. AC_HEADER_STDC AC_CHECK_HEADERS([unistd.h langinfo.h termio.h locale.h getopt.h pwd.h \ signal.h]) # Note that we do not check for iconv here because this is done anyway # by the gettext checks and thus it allows us to disable the use of # iconv by using --disable-nls. dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST AC_C_INLINE AC_C_VOLATILE AC_TYPE_SIZE_T AC_TYPE_MODE_T AC_TYPE_SIGNAL AC_DECL_SYS_SIGLIST AC_ARG_ENABLE(endian-check, AC_HELP_STRING([--disable-endian-check], [disable the endian check and trust the OS provided macros]), endiancheck=$enableval,endiancheck=yes) if test x"$endiancheck" = xyes ; then GNUPG_CHECK_ENDIAN fi GNUPG_CHECK_TYPEDEF(byte, HAVE_BYTE_TYPEDEF) GNUPG_CHECK_TYPEDEF(ushort, HAVE_USHORT_TYPEDEF) GNUPG_CHECK_TYPEDEF(ulong, HAVE_ULONG_TYPEDEF) GNUPG_CHECK_TYPEDEF(u16, HAVE_U16_TYPEDEF) GNUPG_CHECK_TYPEDEF(u32, HAVE_U32_TYPEDEF) AC_CHECK_SIZEOF(unsigned short) AC_CHECK_SIZEOF(unsigned int) AC_CHECK_SIZEOF(unsigned long) AC_CHECK_SIZEOF(unsigned long long) AC_HEADER_TIME AC_CHECK_SIZEOF(time_t,,[[ #include #if TIME_WITH_SYS_TIME # include # include #else # if HAVE_SYS_TIME_H # include # else # include # endif #endif ]]) GNUPG_TIME_T_UNSIGNED # Ensure that we have UINT64_C before we bother to check for uint64_t AC_CHECK_HEADERS([inttypes.h]) AC_CACHE_CHECK([for UINT64_C], [gnupg_cv_uint64_c_works], AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]],[[ uint64_t foo=UINT64_C(42);]])],gnupg_cv_uint64_c_works=yes,gnupg_cv_uint64_c_works=no)) if test "$gnupg_cv_uint64_c_works" = "yes" ; then AC_CHECK_SIZEOF(uint64_t) fi if test "$ac_cv_sizeof_unsigned_short" = "0" \ || test "$ac_cv_sizeof_unsigned_int" = "0" \ || test "$ac_cv_sizeof_unsigned_long" = "0"; then AC_MSG_WARN([Hmmm, something is wrong with the sizes - using defaults]); fi dnl Do we have any 64-bit data types? if test x"$use_sha512" = xyes \ && test "$ac_cv_sizeof_unsigned_int" != "8" \ && test "$ac_cv_sizeof_unsigned_long" != "8" \ && test "$ac_cv_sizeof_unsigned_long_long" != "8" \ && test x"$ac_cv_sizeof_uint64_t" != "x8"; then AC_MSG_NOTICE([No 64-bit types. Disabling SHA-384 and SHA-512.]) use_sha512=no fi if test x"$use_sha512" = xyes ; then AC_DEFINE(USE_SHA512,1,[Define to include the SHA-384 and SHA-512 digests]) fi AM_CONDITIONAL(USE_SHA512, test x"$use_sha512" = xyes) dnl Checks for library functions. AC_CHECK_DECLS(getpagesize) AC_FUNC_FSEEKO AC_FUNC_VPRINTF AC_FUNC_FORK AC_CHECK_FUNCS(strerror stpcpy strlwr tcgetattr strtoul mmap sysconf) AC_CHECK_FUNCS(strcasecmp strncasecmp ctermid times unsetenv getpwnam getpwuid) AC_CHECK_FUNCS(memmove gettimeofday getrusage setrlimit clock_gettime) AC_CHECK_FUNCS(atexit raise getpagesize strftime nl_langinfo setlocale) AC_CHECK_FUNCS(waitpid wait4 sigaction sigprocmask rand pipe stat getaddrinfo) -AC_CHECK_FUNCS(fcntl ftruncate) +AC_CHECK_FUNCS(fcntl ftruncate inet_ntop) AC_REPLACE_FUNCS(mkdtemp timegm isascii memrchr strsep) AC_CHECK_TYPES([struct sigaction, sigset_t],,,[#include ]) # See if getopt is in libiberty. This is of course not optimal since # it might be somewhere other than libiberty, but does cover the # mingw32 case. AC_CHECK_FUNC(getopt,,AC_CHECK_LIB(iberty,getopt,AC_SUBST(GETOPT,"-liberty"))) # # check for gethrtime and run a testprogram to see whether # it is broken. It has been reported that some Solaris and HP UX systems # raise an SIGILL # AC_CACHE_CHECK([for gethrtime], [gnupg_cv_func_gethrtime], [AC_TRY_LINK([#include ],[ hrtime_t tv; tv = gethrtime(); ], [gnupg_cv_func_gethrtime=yes], [gnupg_cv_func_gethrtime=no]) ]) if test $gnupg_cv_func_gethrtime = yes; then AC_DEFINE([HAVE_GETHRTIME], 1, [Define if you have the `gethrtime(2)' function.]) AC_CACHE_CHECK([whether gethrtime is broken], [gnupg_cv_func_broken_gethrtime], [AC_TRY_RUN([ #include int main () { hrtime_t tv; tv = gethrtime(); } ], [gnupg_cv_func_broken_gethrtime=no], [gnupg_cv_func_broken_gethrtime=yes], [gnupg_cv_func_broken_gethrtime=assume-no]) ]) if test $gnupg_cv_func_broken_gethrtime = yes; then AC_DEFINE([HAVE_BROKEN_GETHRTIME], 1, [Define if `gethrtime(2)' does not work correctly i.e. issues a SIGILL.]) fi fi GNUPG_CHECK_MLOCK GNUPG_FUNC_MKDIR_TAKES_ONE_ARG # # Prepare building of estream-printf # estream_PRINTF_INIT dnl dnl Check whether we can use Linux capabilities as requested dnl if test "$use_capabilities" = "yes" ; then AC_MSG_WARN([[ *** *** WARNING: using capabilities with GnuPG is experimental code! ***]]) use_capabilities=no AC_CHECK_HEADERS(sys/capability.h) if test "$ac_cv_header_sys_capability_h" = "yes" ; then AC_CHECK_LIB(cap, cap_init, ac_need_libcap=1) if test "$ac_cv_lib_cap_cap_init" = "yes"; then AC_DEFINE(USE_CAPABILITIES,1, [define if capabilities should be used]) AC_SUBST(CAPLIBS,"-lcap") use_capabilities=yes fi fi if test "$use_capabilities" = "no" ; then AC_MSG_WARN([[ *** *** The use of capabilities on this system is not possible. *** You need a recent Linux kernel and some patches: *** fcaps-2.2.9-990610.patch (kernel patch for 2.2.9) *** fcap-module-990613.tar.gz (kernel module) *** libcap-1.92.tar.gz (user mode library and utilities) *** And you have to configure the kernel with CONFIG_VFS_CAP_PLUGIN *** set (filesystems menu). Be warned: This code is *really* ALPHA. ***]]) fi fi GNUPG_CHECK_IPC if test "$ac_cv_header_sys_shm_h" = "yes"; then AC_DEFINE(USE_SHM_COPROCESSING,1, [define if the shared memory interface should be made available]) fi AM_CONDITIONAL(HAVE_SHM, test "$ac_cv_header_sys_shm_h" = yes) dnl dnl check whether we have a random device dnl if test "$try_dev_random" = yes ; then AC_CACHE_CHECK(for random device, ac_cv_have_dev_random, [if test -r "$NAME_OF_DEV_RANDOM" && test -r "$NAME_OF_DEV_URANDOM" ; then ac_cv_have_dev_random=yes; else ac_cv_have_dev_random=no; fi]) if test "$ac_cv_have_dev_random" = yes; then AC_DEFINE(HAVE_DEV_RANDOM,1, [defined if the system supports a random device] ) fi else AC_MSG_CHECKING(for random device) ac_cv_have_dev_random=no AC_MSG_RESULT(has been disabled) fi dnl dnl Figure out the default random module. dnl random_modules="" if test "$use_static_rnd" = default; then if test "$ac_cv_have_dev_random" = yes; then random_modules="rndlinux" else case "${host}" in *-mingw32*|*-*-cygwin*) random_modules="rndw32" ;; i?86-emx-os2|i?86-*-os2*emx) random_modules="rndos2" ;; m68k-atari-mint) random_modules="rndatari" ;; i?86-*-msdosdjgpp*) : ;; *) random_modules="rndlinux rndegd rndunix" AC_DEFINE(USE_ALL_RANDOM_MODULES, 1, [Allow to select random modules at runtime.]) ;; esac fi else if test "$use_static_rnd" = auto; then random_modules="rndlinux rndegd rndunix" AC_DEFINE(USE_ALL_RANDOM_MODULES, 1) else random_modules="rnd$use_static_rnd"; fi fi if test -z "$random_modules"; then AC_MSG_ERROR(no random module available) fi print_egd_warning=no for rndmod in $random_modules "" ; do case "$rndmod" in rndlinux) AC_DEFINE(USE_RNDLINUX,1, [Defined if the /dev/random based RNG should be used.]) use_rndlinux=yes ;; rndunix) AC_DEFINE(USE_RNDUNIX,1, [Defined if the default Unix RNG should be used.]) print_egd_warning=yes use_rndunix=yes ;; rndegd) AC_DEFINE(USE_RNDEGD,1, [Defined if the EGD based RNG should be used.]) use_rndegd=yes ;; rndw32) AC_DEFINE(USE_RNDW32,1, [Defined if the Windows specific RNG should be used.]) use_rndw32=yes ;; esac done AM_CONDITIONAL(USE_RNDLINUX, test "$use_rndlinux" = yes) AM_CONDITIONAL(USE_RNDUNIX, test "$use_rndunix" = yes) AM_CONDITIONAL(USE_RNDEGD, test "$use_rndegd" = yes) AM_CONDITIONAL(USE_RNDW32, test "$use_rndw32" = yes) dnl setup assembler stuff AC_MSG_CHECKING(for mpi assembler functions) if test -f $srcdir/mpi/config.links ; then . $srcdir/mpi/config.links AC_CONFIG_LINKS("$mpi_ln_list") ac_cv_mpi_extra_asm_modules="$mpi_extra_modules" ac_cv_mpi_sflags="$mpi_sflags" ac_cv_mpi_config_done="yes" AC_MSG_RESULT(done) else AC_MSG_RESULT(failed) AC_MSG_ERROR([mpi/config.links missing!]) fi MPI_EXTRA_ASM_OBJS="" show_extraasm="" if test "$ac_cv_mpi_extra_asm_modules" != ""; then for i in $ac_cv_mpi_extra_asm_modules; do show_extraasm="$show_extraasm $i" MPI_EXTRA_ASM_OBJS="$MPI_EXTRA_ASM_OBJS $i.o" done fi AC_SUBST(MPI_EXTRA_ASM_OBJS) MPI_SFLAGS="$ac_cv_mpi_sflags" AC_SUBST(MPI_SFLAGS) # Sanity check regex. Tests adapted from mutt. AC_MSG_CHECKING([whether regular expression support is requested]) AC_ARG_ENABLE(regex, AC_HELP_STRING([--disable-regex], [do not handle regular expressions in trust signatures]), use_regex=$enableval, use_regex=yes) AC_MSG_RESULT($use_regex) if test "$use_regex" = yes ; then AC_MSG_CHECKING([whether the included regex lib is requested]) AC_ARG_WITH(included-regex, AC_HELP_STRING([--with-included-regex], [use the included GNU regex library]), [gnupg_cv_included_regex="$withval"],[gnupg_cv_included_regex=no]) AC_MSG_RESULT($gnupg_cv_included_regex) if test $gnupg_cv_included_regex = no ; then # Does the system have regex functions at all? AC_CHECK_FUNC(regcomp,gnupg_cv_included_regex=no, gnupg_cv_included_regex=yes) fi if test $gnupg_cv_included_regex = no ; then AC_CACHE_CHECK([whether your system's regexp library is broken], [gnupg_cv_regex_broken], AC_TRY_RUN([ #include #include main() { regex_t blah ; regmatch_t p; p.rm_eo = p.rm_eo; return regcomp(&blah, "foo.*bar", REG_NOSUB) || regexec (&blah, "foobar", 0, NULL, 0); }], gnupg_cv_regex_broken=no, gnupg_cv_regex_broken=yes, gnupg_cv_regex_broken=yes)) if test $gnupg_cv_regex_broken = yes ; then AC_MSG_WARN(your regex is broken - using the included GNU regex instead.) gnupg_cv_included_regex=yes fi fi if test $gnupg_cv_included_regex = yes; then AC_DEFINE(USE_INTERNAL_REGEX,1,[ Define if you want to use the included regex lib ]) fi else AC_DEFINE(DISABLE_REGEX,1,[ Define to disable regular expression support ]) fi AM_CONDITIONAL(USE_INTERNAL_REGEX, test x"$gnupg_cv_included_regex" = xyes) dnl Do we have zlib? Must do it here because Solaris failed dnl when compiling a conftest (due to the "-lz" from LIBS). use_local_zlib=yes if test "$g10_force_zlib" = "yes"; then : else _cppflags="${CPPFLAGS}" _ldflags="${LDFLAGS}" AC_ARG_WITH(zlib, AC_HELP_STRING([--with-zlib=DIR],[use libz in DIR]),[ if test -d "$withval"; then CPPFLAGS="${CPPFLAGS} -I$withval/include" LDFLAGS="${LDFLAGS} -L$withval/lib" fi ]) AC_CHECK_HEADER(zlib.h, AC_CHECK_LIB(z, deflateInit2_, use_local_zlib=no ZLIBS="-lz", CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}), CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}) fi if test "$use_local_zlib" = yes ; then AC_CONFIG_LINKS(zlib.h:zlib/zlib.h zconf.h:zlib/zconf.h ) ZLIBS="../zlib/libzlib.a" fi AM_CONDITIONAL(ENABLE_LOCAL_ZLIB, test "$use_local_zlib" = yes) # Under W32 we force the use ofthe included bzip2 code. if test x"$have_w32_system" = xyes ; then have_bz2=yes AC_DEFINE(HAVE_BZIP2,1, [Defined if the bz2 compression library is available]) AC_CONFIG_LINKS(bzlib.h:bzlib/bzlib.h) ZLIBS="$ZLIBS ../bzlib/libbz2.a" else if test "$use_bzip2" = yes ; then _cppflags="${CPPFLAGS}" _ldflags="${LDFLAGS}" AC_ARG_WITH(bzip2, AC_HELP_STRING([--with-bzip2=DIR],[look for bzip2 in DIR]), [ if test -d "$withval" ; then CPPFLAGS="${CPPFLAGS} -I$withval/include" LDFLAGS="${LDFLAGS} -L$withval/lib" fi ],withval="") # Checking alongside stdio.h as an early version of bzip2 (1.0) # required stdio.h to be included before bzlib.h, and Solaris 9 is # woefully out of date. if test "$withval" != no ; then AC_CHECK_HEADER(bzlib.h, AC_CHECK_LIB(bz2,BZ2_bzCompressInit, [ have_bz2=yes ZLIBS="$ZLIBS -lbz2" AC_DEFINE(HAVE_BZIP2,1) ], CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}), CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags},[#include ]) fi fi fi AM_CONDITIONAL(ENABLE_BZIP2_SUPPORT,test x"$have_bz2" = "xyes") AC_SUBST(ZLIBS) # libusb allows us to use the integrated CCID smartcard reader driver. # We don't need it if we don't have card support though. if test "$card_support" = yes ; then GNUPG_CHECK_LIBUSB fi # Check for readline support GNUPG_CHECK_READLINE # Allow users to append something to the version string without # flagging it as development version. The user version parts is # considered everything after a dash. if test "$development_version" != yes; then changequote(,)dnl tmp_pat='[a-zA-Z]' changequote([,])dnl if echo "$VERSION" | sed 's/-.*//' | grep "$tmp_pat" >/dev/null ; then development_version=yes fi fi if test "$development_version" = yes; then AC_DEFINE(IS_DEVELOPMENT_VERSION,1, [Defined if this is not a regular release]) fi AM_CONDITIONAL(CROSS_COMPILING, test x$cross_compiling = xyes) # add some extra libs here so that previous tests don't fail for # mysterious reasons - the final link step should bail out. case "${host}" in *-mingw32*) dnl NETLIBS="$NETLIBS -lwsock32" W32LIBS="-lwsock32" ;; *) ;; esac AC_SUBST(NETLIBS) AC_SUBST(W32LIBS) # Special options used with gcc. if test "$GCC" = yes; then # Note that it is okay to use CFLAGS here because this are just # warning options and the user should have a chance of overriding #them. if test "$USE_MAINTAINER_MODE" = "yes"; then CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes" CFLAGS="$CFLAGS -Wformat-nonliteral" else CFLAGS="$CFLAGS -Wall" fi # This is handy for debugging so the compiler doesn't rearrange # things and eliminate variables. AC_ARG_ENABLE(optimization, AC_HELP_STRING([--disable-optimization], [disable compiler optimization]), [if test $enableval = no ; then CFLAGS=`echo $CFLAGS | sed 's/-O[[0-9]]//'` fi]) AC_MSG_CHECKING([if gcc supports -Wno-pointer-sign]) _gcc_cflags_save=$CFLAGS CFLAGS="-Wno-pointer-sign" AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],_gcc_psign=yes,_gcc_psign=no) AC_MSG_RESULT($_gcc_psign) CFLAGS=$_gcc_cflags_save; if test x"$_gcc_psign" = xyes ; then CFLAGS="$CFLAGS -Wno-pointer-sign" fi fi CL_AS_NOEXECSTACK if test "$print_egd_warning" = yes; then AC_MSG_WARN([[ *** *** The performance of the UNIX random gatherer module is not very good *** and it does not keep the entropy pool over multiple invocations of *** GnuPG. The suggested way to overcome this problem is to use the *** *** Entropy Gathering Daemon (EGD) *** *** which provides a entropy source for the whole system. It is written *** in Perl and available at the GnuPG FTP servers. For more information *** consult the GnuPG webpages: *** *** http://www.gnupg.org/download/#EGD *** *** You may want to run ./configure with --enable-static-rnd=egd or *** --enable-static-rnd=auto to use it. ***]]) fi AC_CONFIG_FILES([ Makefile m4/Makefile intl/Makefile po/Makefile.in util/Makefile mpi/Makefile cipher/Makefile g10/Makefile keyserver/Makefile keyserver/gpgkeys_mailto keyserver/gpgkeys_test doc/Makefile tools/Makefile tools/gpg-zip zlib/Makefile bzlib/Makefile checks/Makefile ]) AC_OUTPUT # Give some feedback echo echo " Version info: $PACKAGE_STRING" echo " Configured for: $PRINTABLE_OS_NAME ($host)" if test -n "$show_extraasm"; then echo " Extra cpu specific functions:$show_extraasm" fi echo diff --git a/keyserver/gpgkeys_hkp.c b/keyserver/gpgkeys_hkp.c index 27d67c6e6..382bee548 100644 --- a/keyserver/gpgkeys_hkp.c +++ b/keyserver/gpgkeys_hkp.c @@ -1,978 +1,1065 @@ /* gpgkeys_hkp.c - talk to an HKP keyserver * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, * 2009, 2012 Free Software Foundation, Inc. * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . * * In addition, as a special exception, the Free Software Foundation * gives permission to link the code of the keyserver helper tools: * gpgkeys_ldap, gpgkeys_curl and gpgkeys_hkp with the OpenSSL * project's "OpenSSL" library (or with modified versions of it that * use the same license as the "OpenSSL" library), and distribute the * linked executables. You must obey the GNU General Public License * in all respects for all of the code used other than "OpenSSL". If * you modify this file, you may extend this exception to your version * of the file, but you are not obligated to do so. If you do not * wish to do so, delete this exception statement from your version. */ #include #include #include #include #include #include #ifdef HAVE_GETOPT_H -#include +# include #endif #ifdef HAVE_LIBCURL -#include +# include +/* This #define rigamarole is to enable a hack to fake DNS SRV using + libcurl. It only works if we have getaddrinfo(), inet_ntop(), and + a modern enough version of libcurl (7.21.3) so we can use + CURLOPT_RESOLVE to feed the resolver from the outside to force + libcurl to pass the right SNI. */ +#if (defined(HAVE_GETADDRINFO) && defined(HAVE_INET_NTOP) \ + && LIBCURL_VERNUM >= 0x071503) +# include +# include +# include +# include #else -#include "curl-shim.h" +# undef USE_DNS_SRV +#endif +#else +# include "curl-shim.h" #endif #ifdef USE_DNS_SRV -#include "srv.h" +# include "srv.h" #endif #include "compat.h" #include "keyserver.h" #include "ksutil.h" extern char *optarg; extern int optind; static FILE *input,*output,*console; static CURL *curl; static struct ks_options *opt; static char errorbuffer[CURL_ERROR_SIZE]; static char *proto,*port; static size_t curl_mrindex_writer(const void *ptr,size_t size,size_t nmemb,void *stream) { - static int checked=0,swallow=0; + static int checked=0; + static int swallow=0; if(!checked) { /* If the document begins with a '<', assume it's a HTML response, which we don't support. Discard the whole message body. GPG can handle it, but this is an optimization to deal with it on this side of the pipe. */ const char *buf=ptr; if(buf[0]=='<') swallow=1; checked=1; } if(swallow || fwrite(ptr,size,nmemb,stream)==nmemb) return size*nmemb; else return 0; } /* Append but avoid creating a double slash // in the path. */ static char * append_path(char *dest,const char *src) { size_t n=strlen(dest); if(src[0]=='/' && n>0 && dest[n-1]=='/') dest[n-1]='\0'; return strcat(dest,src); } int send_key(int *eof) { CURLcode res; char request[MAX_URL+15]; int begin=0,end=0,ret=KEYSERVER_INTERNAL_ERROR; char keyid[17],state[6]; char line[MAX_LINE]; char *key=NULL,*encoded_key=NULL; size_t keysize=1; key = xtrymalloc(1); if(!key) { fprintf(console,"gpgkeys: unable to allocate memory for key\n"); ret=KEYSERVER_NO_MEMORY; goto fail; } key[0]='\0'; /* Read and throw away input until we see the BEGIN */ while(fgets(line,MAX_LINE,input)!=NULL) if(sscanf(line,"KEY%*[ ]%16s%*[ ]%5s\n",keyid,state)==2 && strcmp(state,"BEGIN")==0) { begin=1; break; } if(!begin) { /* i.e. eof before the KEY BEGIN was found. This isn't an error. */ *eof=1; ret=KEYSERVER_OK; goto fail; } /* Now slurp up everything until we see the END */ while(fgets(line,MAX_LINE,input)) if(sscanf(line,"KEY%*[ ]%16s%*[ ]%3s\n",keyid,state)==2 && strcmp(state,"END")==0) { end=1; break; } else { char *tempkey; keysize+=strlen(line); tempkey=realloc(key,keysize); if(tempkey==NULL) { fprintf(console,"gpgkeys: unable to reallocate for key\n"); ret=KEYSERVER_NO_MEMORY; goto fail; } else key=tempkey; strcat(key,line); } if(!end) { fprintf(console,"gpgkeys: no KEY %s END found\n",keyid); *eof=1; ret=KEYSERVER_KEY_INCOMPLETE; goto fail; } encoded_key=curl_easy_escape(curl,key,keysize); if(!encoded_key) { fprintf(console,"gpgkeys: out of memory\n"); ret=KEYSERVER_NO_MEMORY; goto fail; } free(key); key=xtrymalloc(8+strlen(encoded_key)+1); if(!key) { fprintf(console,"gpgkeys: out of memory\n"); ret=KEYSERVER_NO_MEMORY; goto fail; } strcpy(key,"keytext="); strcat(key,encoded_key); strcpy(request,proto); strcat(request,"://"); strcat(request,opt->host); strcat(request,":"); strcat(request,port); strcat(request,opt->path); /* request is MAX_URL+15 bytes long - MAX_URL covers the whole URL, including any supplied path. The 15 covers /pks/add. */ append_path(request,"/pks/add"); if(opt->verbose>2) fprintf(console,"gpgkeys: HTTP URL is `%s'\n",request); curl_easy_setopt(curl,CURLOPT_URL,request); curl_easy_setopt(curl,CURLOPT_POST,1L); curl_easy_setopt(curl,CURLOPT_POSTFIELDS,key); curl_easy_setopt(curl,CURLOPT_FAILONERROR,1L); res=curl_easy_perform(curl); if(res!=0) { fprintf(console,"gpgkeys: HTTP post error %d: %s\n",res,errorbuffer); ret=curl_err_to_gpg_err(res); goto fail; } else fprintf(output,"\nKEY %s SENT\n",keyid); ret=KEYSERVER_OK; fail: free(key); curl_free(encoded_key); if(ret!=0 && begin) fprintf(output,"KEY %s FAILED %d\n",keyid,ret); return ret; } static int get_key(char *getkey) { CURLcode res; char request[MAX_URL+92]; char *offset; struct curl_writer_ctx ctx; size_t keylen; memset(&ctx,0,sizeof(ctx)); /* Build the search string. HKP only uses the short key IDs. */ if(strncmp(getkey,"0x",2)==0) getkey+=2; fprintf(output,"KEY 0x%s BEGIN\n",getkey); if(strlen(getkey)==32) { fprintf(console, "gpgkeys: HKP keyservers do not support v3 fingerprints\n"); fprintf(output,"KEY 0x%s FAILED %d\n",getkey,KEYSERVER_NOT_SUPPORTED); return KEYSERVER_NOT_SUPPORTED; } strcpy(request,proto); strcat(request,"://"); strcat(request,opt->host); strcat(request,":"); strcat(request,port); strcat(request,opt->path); /* request is MAX_URL+55 bytes long - MAX_URL covers the whole URL, including any supplied path. The 92 overcovers this /pks/... etc string plus the 8, 16, or 40 bytes of key id/fingerprint */ append_path(request,"/pks/lookup?op=get&options=mr&search=0x"); /* send only fingerprint, long key id, or short keyid. see: https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00#section-3.1.1.1 */ keylen = strlen(getkey); if(keylen >= 40) offset=&getkey[keylen-40]; else if(keylen >= 16) offset=&getkey[keylen-16]; else if(keylen >= 8) offset=&getkey[keylen-8]; else offset=getkey; strcat(request,offset); if(opt->verbose>2) fprintf(console,"gpgkeys: HTTP URL is `%s'\n",request); curl_easy_setopt(curl,CURLOPT_URL,request); curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,curl_writer); ctx.stream=output; curl_easy_setopt(curl,CURLOPT_FILE,&ctx); res=curl_easy_perform(curl); if(res!=CURLE_OK) { fprintf(console,"gpgkeys: HTTP fetch error %d: %s\n",res,errorbuffer); fprintf(output,"\nKEY 0x%s FAILED %d\n",getkey,curl_err_to_gpg_err(res)); } else { curl_writer_finalize(&ctx); if(!ctx.flags.done) { fprintf(console,"gpgkeys: key %s not found on keyserver\n",getkey); fprintf(output,"\nKEY 0x%s FAILED %d\n", getkey,KEYSERVER_KEY_NOT_FOUND); } else fprintf(output,"\nKEY 0x%s END\n",getkey); } return KEYSERVER_OK; } static int get_name(const char *getkey) { CURLcode res; char *request=NULL; char *searchkey_encoded; int ret=KEYSERVER_INTERNAL_ERROR; struct curl_writer_ctx ctx; memset(&ctx,0,sizeof(ctx)); searchkey_encoded=curl_easy_escape(curl,(char *)getkey,0); if(!searchkey_encoded) { fprintf(console,"gpgkeys: out of memory\n"); ret=KEYSERVER_NO_MEMORY; goto fail; } request=xtrymalloc(MAX_URL+60+strlen(searchkey_encoded)); if(!request) { fprintf(console,"gpgkeys: out of memory\n"); ret=KEYSERVER_NO_MEMORY; goto fail; } fprintf(output,"NAME %s BEGIN\n",getkey); strcpy(request,proto); strcat(request,"://"); strcat(request,opt->host); strcat(request,":"); strcat(request,port); strcat(request,opt->path); append_path(request,"/pks/lookup?op=get&options=mr&search="); strcat(request,searchkey_encoded); if(opt->action==KS_GETNAME) strcat(request,"&exact=on"); if(opt->verbose>2) fprintf(console,"gpgkeys: HTTP URL is `%s'\n",request); curl_easy_setopt(curl,CURLOPT_URL,request); curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,curl_writer); ctx.stream=output; curl_easy_setopt(curl,CURLOPT_FILE,&ctx); res=curl_easy_perform(curl); if(res!=CURLE_OK) { fprintf(console,"gpgkeys: HTTP fetch error %d: %s\n",res,errorbuffer); ret=curl_err_to_gpg_err(res); } else { curl_writer_finalize(&ctx); if(!ctx.flags.done) { fprintf(console,"gpgkeys: key %s not found on keyserver\n",getkey); ret=KEYSERVER_KEY_NOT_FOUND; } else { fprintf(output,"\nNAME %s END\n",getkey); ret=KEYSERVER_OK; } } fail: curl_free(searchkey_encoded); free(request); if(ret!=KEYSERVER_OK) fprintf(output,"\nNAME %s FAILED %d\n",getkey,ret); return ret; } static int search_key(const char *searchkey) { CURLcode res; char *request=NULL; char *searchkey_encoded; int ret=KEYSERVER_INTERNAL_ERROR; enum ks_search_type search_type; search_type=classify_ks_search(&searchkey); if(opt->debug) fprintf(console,"gpgkeys: search type is %d, and key is \"%s\"\n", search_type,searchkey); searchkey_encoded=curl_easy_escape(curl,(char *)searchkey,0); if(!searchkey_encoded) { fprintf(console,"gpgkeys: out of memory\n"); ret=KEYSERVER_NO_MEMORY; goto fail; } request=xtrymalloc(MAX_URL+60+strlen(searchkey_encoded)); if(!request) { fprintf(console,"gpgkeys: out of memory\n"); ret=KEYSERVER_NO_MEMORY; goto fail; } fprintf(output,"SEARCH %s BEGIN\n",searchkey); strcpy(request,proto); strcat(request,"://"); strcat(request,opt->host); strcat(request,":"); strcat(request,port); strcat(request,opt->path); append_path(request,"/pks/lookup?op=index&options=mr&search="); /* HKP keyservers like the 0x to be present when searching by keyid */ if(search_type==KS_SEARCH_KEYID_SHORT || search_type==KS_SEARCH_KEYID_LONG) strcat(request,"0x"); strcat(request,searchkey_encoded); if(search_type!=KS_SEARCH_SUBSTR) strcat(request,"&exact=on"); if(opt->verbose>2) fprintf(console,"gpgkeys: HTTP URL is `%s'\n",request); curl_easy_setopt(curl,CURLOPT_URL,request); curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,curl_mrindex_writer); curl_easy_setopt(curl,CURLOPT_FILE,output); res=curl_easy_perform(curl); if(res!=0) { fprintf(console,"gpgkeys: HTTP search error %d: %s\n",res,errorbuffer); ret=curl_err_to_gpg_err(res); } else { fprintf(output,"\nSEARCH %s END\n",searchkey); ret=KEYSERVER_OK; } fail: curl_free(searchkey_encoded); free(request); if(ret!=KEYSERVER_OK) fprintf(output,"\nSEARCH %s FAILED %d\n",searchkey,ret); return ret; } void fail_all(struct keylist *keylist,int err) { if(!keylist) return; if(opt->action==KS_SEARCH) { fprintf(output,"SEARCH "); while(keylist) { fprintf(output,"%s ",keylist->str); keylist=keylist->next; } fprintf(output,"FAILED %d\n",err); } else while(keylist) { fprintf(output,"KEY %s FAILED %d\n",keylist->str,err); keylist=keylist->next; } } -#ifdef HAVE_LIBCURL +#if defined(HAVE_LIBCURL) && defined(USE_DNS_SRV) /* If there is a SRV record, take the highest ranked possibility. - This is a hack, as we don't proceed downwards. */ + This is a hack, as we don't proceed downwards if we can't + connect(), but only if we can't getaddinfo(). All this should + ideally be replaced by actual SRV support in libcurl someday! */ + +#define HOST_HEADER "Host:" + static void -srv_replace(const char *srvtag) +srv_replace(const char *srvtag, + struct curl_slist **headers, struct curl_slist **resolve) { -#ifdef USE_DNS_SRV struct srventry *srvlist=NULL; + int srvcount, srvindex; + char *portstr; if(!srvtag) return; + portstr=malloc (MAX_PORT); + if(!portstr) + return; + if(1+strlen(srvtag)+6+strlen(opt->host)+1<=MAXDNAME) { char srvname[MAXDNAME]; strcpy(srvname,"_"); strcat(srvname,srvtag); strcat(srvname,"._tcp."); strcat(srvname,opt->host); - getsrv(srvname,&srvlist); + srvcount=getsrv(srvname,&srvlist); } - if(srvlist) + for(srvindex=0 ; srvindextarget); - newport=xtrymalloc(MAX_PORT); - if(newname && newport) + if (getaddrinfo (srvlist[srvindex].target, portstr, &hints, &res) == 0) { - free(opt->host); - free(opt->port); - opt->host=newname; - snprintf(newport,MAX_PORT,"%u",srvlist->port); - opt->port=newport; + /* Very safe */ + char ipaddr[INET_ADDRSTRLEN+INET6_ADDRSTRLEN]; + + if((res->ai_family==AF_INET + && inet_ntop (res->ai_family, + &((struct sockaddr_in *)res->ai_addr)->sin_addr, + ipaddr,sizeof(ipaddr))) + || (res->ai_family==AF_INET6 + && inet_ntop (res->ai_family, + &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr, + ipaddr,sizeof(ipaddr)))) + { + char *entry,*host; + + entry=malloc (strlen(opt->host)+1 + +strlen(portstr)+1+strlen(ipaddr)+1); + + host=malloc (strlen(HOST_HEADER)+1+strlen(opt->host)+1); + + if(entry && host) + { + sprintf (entry, "%s:%s:%s", opt->host, portstr, ipaddr); + sprintf (host, "%s %s", HOST_HEADER, opt->host); + + *resolve=curl_slist_append (*resolve,entry); + *headers=curl_slist_append (*headers,host); + + if(*resolve && *headers) + { + if(curl_easy_setopt (curl, + CURLOPT_RESOLVE,*resolve)==CURLE_OK) + + { + if(opt->debug) + fprintf (console, "gpgkeys: Faking %s SRV from" + " %s to %s:%u\n", + srvtag, opt->host, + srvlist[srvindex].target, + srvlist[srvindex].port); + + free (opt->port); + opt->port=portstr; + portstr=NULL; + } + } + } + + free (entry); + free (host); + } + + freeaddrinfo (res); } else - { - free(newname); - free(newport); - } + continue; /* Not found */ } -#endif + + free (srvlist); + free (portstr); } #endif static void show_help (FILE *fp) { fprintf (fp,"-h, --help\thelp\n"); fprintf (fp,"-V\t\tmachine readable version\n"); fprintf (fp,"--version\thuman readable version\n"); fprintf (fp,"-o\t\toutput to this file\n"); } int main(int argc,char *argv[]) { - int arg,ret=KEYSERVER_INTERNAL_ERROR,try_srv=1; + int arg,ret=KEYSERVER_INTERNAL_ERROR; char line[MAX_LINE]; int failed=0; struct keylist *keylist=NULL,*keyptr=NULL; char *proxy=NULL; struct curl_slist *headers=NULL; + struct curl_slist *resolve=NULL; + + /* Only default this to on if we have SRV support */ +#ifdef USE_DNS_SRV + int try_srv = 1; +#else + int try_srv = 0; +#endif console=stderr; /* Kludge to implement standard GNU options. */ if (argc > 1 && !strcmp (argv[1], "--version")) { printf ("gpgkeys_hkp (GnuPG) %s\n", VERSION); printf ("Uses: %s\n", curl_version()); return 0; } else if (argc > 1 && !strcmp (argv[1], "--help")) { show_help (stdout); return 0; } while((arg=getopt(argc,argv,"hVo:"))!=-1) switch(arg) { default: case 'h': show_help (console); return KEYSERVER_OK; case 'V': fprintf(stdout,"%d\n%s\n",KEYSERVER_PROTO_VERSION,VERSION); return KEYSERVER_OK; case 'o': output=fopen(optarg,"w"); if(output==NULL) { fprintf(console,"gpgkeys: Cannot open output file `%s': %s\n", optarg,strerror(errno)); return KEYSERVER_INTERNAL_ERROR; } break; } if(argc>optind) { input=fopen(argv[optind],"r"); if(input==NULL) { fprintf(console,"gpgkeys: Cannot open input file `%s': %s\n", argv[optind],strerror(errno)); return KEYSERVER_INTERNAL_ERROR; } } if(input==NULL) input=stdin; if(output==NULL) output=stdout; opt=init_ks_options(); if(!opt) return KEYSERVER_NO_MEMORY; /* Get the command and info block */ while(fgets(line,MAX_LINE,input)!=NULL) { int err; char option[MAX_OPTION+1]; if(line[0]=='\n') break; err=parse_ks_options(line,opt); if(err>0) { ret=err; goto fail; } else if(err==0) continue; if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "s\n",option)==1) { int no=0; char *start=&option[0]; option[MAX_OPTION]='\0'; if(ascii_strncasecmp(option,"no-",3)==0) { no=1; start=&option[3]; } if(ascii_strncasecmp(start,"http-proxy",10)==0) { if(no) { free(proxy); proxy=strdup(""); } else if(start[10]=='=') { if(strlen(&start[11])scheme) { fprintf(console,"gpgkeys: no scheme supplied!\n"); ret=KEYSERVER_SCHEME_NOT_FOUND; goto fail; } /* Defaults */ if(ascii_strcasecmp(opt->scheme,"hkps")==0) { proto="https"; port="443"; } else { proto="http"; port="11371"; } if(!opt->host) { fprintf(console,"gpgkeys: no keyserver host provided\n"); goto fail; } if(opt->timeout && register_timeout()==-1) { fprintf(console,"gpgkeys: unable to register timeout handler\n"); return KEYSERVER_INTERNAL_ERROR; } curl_global_init(CURL_GLOBAL_DEFAULT); curl=curl_easy_init(); if(!curl) { fprintf(console,"gpgkeys: unable to initialize curl\n"); ret=KEYSERVER_INTERNAL_ERROR; goto fail; } + if(opt->debug) + { + fprintf(console,"gpgkeys: curl version = %s\n",curl_version()); + curl_easy_setopt(curl,CURLOPT_STDERR,console); + curl_easy_setopt(curl,CURLOPT_VERBOSE,1L); + } + /* Only use SRV if the user does not provide a :port. The semantics of a specified port and SRV do not play well together. */ if(!opt->port && try_srv) { char *srvtag; if(ascii_strcasecmp(opt->scheme,"hkp")==0) srvtag="pgpkey-http"; else if(ascii_strcasecmp(opt->scheme,"hkps")==0) srvtag="pgpkey-https"; else srvtag=NULL; #ifdef HAVE_LIBCURL /* We're using libcurl, so fake SRV support via our wrapper. This isn't as good as true SRV support, as we do not try all possible targets at one particular level and work our way down the list, but it's better than nothing. */ - srv_replace(srvtag); +#ifdef USE_DNS_SRV + srv_replace(srvtag,&headers,&resolve); #else + fprintf(console,"gpgkeys: try-dns-srv was requested, but not SRV capable\n"); +#endif +#else /* !HAVE_LIBCURL */ /* We're using our internal curl shim, so we can use its (true) SRV support. Obviously, CURLOPT_SRVTAG_GPG_HACK isn't a real libcurl option. It's specific to our shim. */ curl_easy_setopt(curl,CURLOPT_SRVTAG_GPG_HACK,srvtag); #endif } /* If the user provided a port (or it came in via SRV, above), replace the default. */ if(opt->port) port=opt->port; curl_easy_setopt(curl,CURLOPT_ERRORBUFFER,errorbuffer); if(opt->auth) curl_easy_setopt(curl,CURLOPT_USERPWD,opt->auth); - if(opt->debug) - { - fprintf(console,"gpgkeys: curl version = %s\n",curl_version()); - curl_easy_setopt(curl,CURLOPT_STDERR,console); - curl_easy_setopt(curl,CURLOPT_VERBOSE,1L); - } - curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert); curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file); /* Avoid caches to get the most recent copy of the key. This is bug #1061. In pre-curl versions of the code, we didn't do it. Then we did do it (as a curl default) until curl changed the default. Now we're doing it again, but in such a way that changing defaults in the future won't impact us. We set both the Pragma and Cache-Control versions of the header, so we're good with both HTTP 1.0 and 1.1. */ headers=curl_slist_append(headers,"Pragma: no-cache"); if(headers) headers=curl_slist_append(headers,"Cache-Control: no-cache"); if(!headers) { fprintf(console,"gpgkeys: out of memory when building HTTP headers\n"); ret=KEYSERVER_NO_MEMORY; goto fail; } curl_easy_setopt(curl,CURLOPT_HTTPHEADER,headers); if(proxy) curl_easy_setopt(curl,CURLOPT_PROXY,proxy); /* If it's a GET or a SEARCH, the next thing to come in is the keyids. If it's a SEND, then there are no keyids. */ if(opt->action==KS_SEND) while(fgets(line,MAX_LINE,input)!=NULL && line[0]!='\n'); else if(opt->action==KS_GET || opt->action==KS_GETNAME || opt->action==KS_SEARCH) { for(;;) { struct keylist *work; if(fgets(line,MAX_LINE,input)==NULL) break; else { if(line[0]=='\n' || line[0]=='\0') break; work=xtrymalloc(sizeof(struct keylist)); if(work==NULL) { fprintf(console,"gpgkeys: out of memory while " "building key list\n"); ret=KEYSERVER_NO_MEMORY; goto fail; } strcpy(work->str,line); /* Trim the trailing \n */ work->str[strlen(line)-1]='\0'; work->next=NULL; /* Always attach at the end to keep the list in proper order for searching */ if(keylist==NULL) keylist=work; else keyptr->next=work; keyptr=work; } } } else { fprintf(console,"gpgkeys: no keyserver command specified\n"); goto fail; } /* Send the response */ fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION); fprintf(output,"PROGRAM %s %s\n\n",VERSION,curl_version()); if(opt->verbose>1) { fprintf(console,"Host:\t\t%s\n",opt->host); if(opt->port) fprintf(console,"Port:\t\t%s\n",opt->port); if(strcmp(opt->path,"/")!=0) fprintf(console,"Path:\t\t%s\n",opt->path); fprintf(console,"Command:\t%s\n",ks_action_to_string(opt->action)); } if(opt->action==KS_GET) { keyptr=keylist; while(keyptr!=NULL) { set_timeout(opt->timeout); if(get_key(keyptr->str)!=KEYSERVER_OK) failed++; keyptr=keyptr->next; } } else if(opt->action==KS_GETNAME) { keyptr=keylist; while(keyptr!=NULL) { set_timeout(opt->timeout); if(get_name(keyptr->str)!=KEYSERVER_OK) failed++; keyptr=keyptr->next; } } else if(opt->action==KS_SEND) { int eof=0; do { set_timeout(opt->timeout); if(send_key(&eof)!=KEYSERVER_OK) failed++; } while(!eof); } else if(opt->action==KS_SEARCH) { char *searchkey=NULL; int len=0; set_timeout(opt->timeout); /* To search, we stick a space in between each key to search for. */ keyptr=keylist; while(keyptr!=NULL) { len+=strlen(keyptr->str)+1; keyptr=keyptr->next; } searchkey=xtrymalloc(len+1); if(searchkey==NULL) { ret=KEYSERVER_NO_MEMORY; fail_all(keylist,KEYSERVER_NO_MEMORY); goto fail; } searchkey[0]='\0'; keyptr=keylist; while(keyptr!=NULL) { strcat(searchkey,keyptr->str); strcat(searchkey," "); keyptr=keyptr->next; } /* Nail that last space */ if(*searchkey) searchkey[strlen(searchkey)-1]='\0'; if(search_key(searchkey)!=KEYSERVER_OK) failed++; free(searchkey); } else abort(); if(!failed) ret=KEYSERVER_OK; fail: while(keylist!=NULL) { struct keylist *current=keylist; keylist=keylist->next; free(current); } if(input!=stdin) fclose(input); if(output!=stdout) fclose(output); free_ks_options(opt); curl_slist_free_all(headers); + curl_slist_free_all(resolve); if(curl) curl_easy_cleanup(curl); free(proxy); return ret; } diff --git a/m4/libcurl.m4 b/m4/libcurl.m4 index c763146a3..ce02add7b 100644 --- a/m4/libcurl.m4 +++ b/m4/libcurl.m4 @@ -1,261 +1,271 @@ # LIBCURL_CHECK_CONFIG ([DEFAULT-ACTION], [MINIMUM-VERSION], # [ACTION-IF-YES], [ACTION-IF-NO]) # ---------------------------------------------------------- # David Shaw Jan-16-2007 # # Checks for libcurl. DEFAULT-ACTION is the string yes or no to # specify whether to default to --with-libcurl or --without-libcurl. # If not supplied, DEFAULT-ACTION is yes. MINIMUM-VERSION is the # minimum version of libcurl to accept. Pass the version as a regular # version number like 7.10.1. If not supplied, any version is # accepted. ACTION-IF-YES is a list of shell commands to run if # libcurl was successfully found and passed the various tests. # ACTION-IF-NO is a list of shell commands that are run otherwise. # Note that using --without-libcurl does run ACTION-IF-NO. # # This macro #defines HAVE_LIBCURL if a working libcurl setup is # found, and sets @LIBCURL@ and @LIBCURL_CPPFLAGS@ to the necessary # values. Other useful defines are LIBCURL_FEATURE_xxx where xxx are # the various features supported by libcurl, and LIBCURL_PROTOCOL_yyy # where yyy are the various protocols supported by libcurl. Both xxx # and yyy are capitalized. See the list of AH_TEMPLATEs at the top of # the macro for the complete list of possible defines. Shell # variables $libcurl_feature_xxx and $libcurl_protocol_yyy are also # defined to 'yes' for those features and protocols that were found. # Note that xxx and yyy keep the same capitalization as in the # curl-config list (e.g. it's "HTTP" and not "http"). # # Users may override the detected values by doing something like: # LIBCURL="-lcurl" LIBCURL_CPPFLAGS="-I/usr/myinclude" ./configure # # For the sake of sanity, this macro assumes that any libcurl that is # found is after version 7.7.2, the first version that included the # curl-config script. Note that it is very important for people # packaging binary versions of libcurl to include this script! # Without curl-config, we can only guess what protocols are available, # or use curl_version_info to figure it out at runtime. AC_DEFUN([LIBCURL_CHECK_CONFIG], [ AH_TEMPLATE([LIBCURL_FEATURE_SSL],[Defined if libcurl supports SSL]) AH_TEMPLATE([LIBCURL_FEATURE_KRB4],[Defined if libcurl supports KRB4]) AH_TEMPLATE([LIBCURL_FEATURE_IPV6],[Defined if libcurl supports IPv6]) AH_TEMPLATE([LIBCURL_FEATURE_LIBZ],[Defined if libcurl supports libz]) AH_TEMPLATE([LIBCURL_FEATURE_ASYNCHDNS],[Defined if libcurl supports AsynchDNS]) AH_TEMPLATE([LIBCURL_FEATURE_IDN],[Defined if libcurl supports IDN]) AH_TEMPLATE([LIBCURL_FEATURE_SSPI],[Defined if libcurl supports SSPI]) AH_TEMPLATE([LIBCURL_FEATURE_NTLM],[Defined if libcurl supports NTLM]) AH_TEMPLATE([LIBCURL_PROTOCOL_HTTP],[Defined if libcurl supports HTTP]) AH_TEMPLATE([LIBCURL_PROTOCOL_HTTPS],[Defined if libcurl supports HTTPS]) AH_TEMPLATE([LIBCURL_PROTOCOL_FTP],[Defined if libcurl supports FTP]) AH_TEMPLATE([LIBCURL_PROTOCOL_FTPS],[Defined if libcurl supports FTPS]) AH_TEMPLATE([LIBCURL_PROTOCOL_FILE],[Defined if libcurl supports FILE]) AH_TEMPLATE([LIBCURL_PROTOCOL_TELNET],[Defined if libcurl supports TELNET]) AH_TEMPLATE([LIBCURL_PROTOCOL_LDAP],[Defined if libcurl supports LDAP]) AH_TEMPLATE([LIBCURL_PROTOCOL_DICT],[Defined if libcurl supports DICT]) AH_TEMPLATE([LIBCURL_PROTOCOL_TFTP],[Defined if libcurl supports TFTP]) AC_ARG_WITH(libcurl, AC_HELP_STRING([--with-libcurl=DIR],[look for the curl library in DIR]), [_libcurl_with=$withval],[_libcurl_with=m4_if([$1],,[yes],[$1])]) if test "$_libcurl_with" != "no" ; then AC_PROG_AWK _libcurl_version_parse="eval $AWK '{split(\$NF,A,\".\"); X=256*256*A[[1]]+256*A[[2]]+A[[3]]; print X;}'" + # More recent versions of curl-config have a direct --vernum + # option, but we'd like this code to work with older versions as + # well, so just convert --version. + _libcurl_vernum_parse="eval $AWK '{printf \"0x%06X\",\$NF}'" + _libcurl_try_link=yes if test -d "$_libcurl_with" ; then LIBCURL_CPPFLAGS="-I$withval/include" _libcurl_ldflags="-L$withval/lib" AC_PATH_PROG([_libcurl_config],["$withval/bin/curl-config"]) else AC_PATH_PROG([_libcurl_config],[curl-config]) fi if test x$_libcurl_config != "x" ; then AC_CACHE_CHECK([for the version of libcurl], [libcurl_cv_lib_curl_version], [libcurl_cv_lib_curl_version=`$_libcurl_config --version | $AWK '{print $[]2}'`]) _libcurl_version=`echo $libcurl_cv_lib_curl_version | $_libcurl_version_parse` _libcurl_wanted=`echo m4_if([$2],,[0],[$2]) | $_libcurl_version_parse` if test $_libcurl_wanted -gt 0 ; then AC_CACHE_CHECK([for libcurl >= version $2], [libcurl_cv_lib_version_ok], [ if test $_libcurl_version -ge $_libcurl_wanted ; then libcurl_cv_lib_version_ok=yes else libcurl_cv_lib_version_ok=no fi ]) fi if test $_libcurl_wanted -eq 0 || test x$libcurl_cv_lib_version_ok = xyes ; then if test x"$LIBCURL_CPPFLAGS" = "x" ; then LIBCURL_CPPFLAGS=`$_libcurl_config --cflags` fi if test x"$LIBCURL" = "x" ; then LIBCURL=`$_libcurl_config --libs` # This is so silly, but Apple actually has a bug in their # curl-config script. Fixed in Tiger, but there are still # lots of Panther installs around. case "${host}" in powerpc-apple-darwin7*) LIBCURL=`echo $LIBCURL | sed -e 's|-arch i386||g'` ;; esac fi # All curl-config scripts support --feature _libcurl_features=`$_libcurl_config --feature` # Is it modern enough to have --protocols? (7.12.4) if test $_libcurl_version -ge 461828 ; then _libcurl_protocols=`$_libcurl_config --protocols` fi else _libcurl_try_link=no fi unset _libcurl_wanted fi if test $_libcurl_try_link = yes ; then # we didn't find curl-config, so let's see if the user-supplied # link line (or failing that, "-lcurl") is enough. LIBCURL=${LIBCURL-"$_libcurl_ldflags -lcurl"} AC_CACHE_CHECK([whether libcurl is usable], [libcurl_cv_lib_curl_usable], [ _libcurl_save_cppflags=$CPPFLAGS CPPFLAGS="$LIBCURL_CPPFLAGS $CPPFLAGS" _libcurl_save_libs=$LIBS LIBS="$LIBCURL $LIBS" AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]],[[ /* Try and use a few common options to force a failure if we are missing symbols or can't link. */ int x; curl_easy_setopt(NULL,CURLOPT_URL,NULL); x=CURL_ERROR_SIZE; x=CURLOPT_WRITEFUNCTION; x=CURLOPT_FILE; x=CURLOPT_ERRORBUFFER; x=CURLOPT_STDERR; x=CURLOPT_VERBOSE; ]])],libcurl_cv_lib_curl_usable=yes,libcurl_cv_lib_curl_usable=no) CPPFLAGS=$_libcurl_save_cppflags LIBS=$_libcurl_save_libs unset _libcurl_save_cppflags unset _libcurl_save_libs ]) if test $libcurl_cv_lib_curl_usable = yes ; then _libcurl_save_cppflags=$CPPFLAGS CPPFLAGS="$CPPFLAGS $LIBCURL_CPPFLAGS" _libcurl_save_libs=$LIBS LIBS="$LIBS $LIBCURL" # Check for some libcurl functions that aren't in all # versions. AC_CHECK_FUNCS([curl_free curl_easy_escape curl_easy_unescape]) AH_BOTTOM([ #ifdef HAVE_LIBCURL /* Define curl_free() via free() if our version of curl lacks curl_free() */ #if !defined(curl_free) && !defined(HAVE_CURL_FREE) #define curl_free(a) free((a)) #endif /* Define curl_easy_escape() via curl_escape() if our version of curl lacks curl_easy_escape() */ #if !defined(curl_easy_escape) && !defined(HAVE_CURL_EASY_ESCAPE) #define curl_easy_escape(a,b,c) curl_escape((b),(c)) #endif /* Define curl_easy_unescape() via curl_unescape() if our version of curl lacks curl_easy_unescape() */ #if !defined(curl_easy_unescape) && !defined(HAVE_CURL_EASY_UNESCAPE) #define curl_easy_unescape(a,b,c) curl_unescape((b),(c)) #endif #endif /* HAVE_LIBCURL */ ]) CPPFLAGS=$_libcurl_save_cppflags LIBS=$_libcurl_save_libs unset _libcurl_save_cppflags unset _libcurl_save_libs AC_DEFINE(HAVE_LIBCURL,1, [Define to 1 if you have a functional curl library.]) AC_SUBST(LIBCURL_CPPFLAGS) AC_SUBST(LIBCURL) + _libcurl_vernum=`echo $_libcurl_version | $_libcurl_vernum_parse` + + AC_DEFINE_UNQUOTED(LIBCURL_VERNUM,$_libcurl_vernum,[The version of the libcurl library in packed hex form]) + for _libcurl_feature in $_libcurl_features ; do AC_DEFINE_UNQUOTED(AS_TR_CPP(libcurl_feature_$_libcurl_feature),[1]) eval AS_TR_SH(libcurl_feature_$_libcurl_feature)=yes done if test "x$_libcurl_protocols" = "x" ; then # We don't have --protocols, so just assume that all # protocols are available _libcurl_protocols="HTTP FTP FILE TELNET LDAP DICT" if test x$libcurl_feature_SSL = xyes ; then _libcurl_protocols="$_libcurl_protocols HTTPS" # FTPS wasn't standards-compliant until version # 7.11.0 if test $_libcurl_version -ge 461568; then _libcurl_protocols="$_libcurl_protocols FTPS" fi fi fi for _libcurl_protocol in $_libcurl_protocols ; do AC_DEFINE_UNQUOTED(AS_TR_CPP(libcurl_protocol_$_libcurl_protocol),[1]) eval AS_TR_SH(libcurl_protocol_$_libcurl_protocol)=yes done else unset LIBCURL unset LIBCURL_CPPFLAGS fi fi unset _libcurl_try_link unset _libcurl_version_parse unset _libcurl_config unset _libcurl_feature unset _libcurl_features unset _libcurl_protocol unset _libcurl_protocols unset _libcurl_version + unset _libcurl_vernum unset _libcurl_ldflags fi if test x$_libcurl_with = xno || test x$libcurl_cv_lib_curl_usable != xyes ; then # This is the IF-NO path m4_if([$4],,:,[$4]) else # This is the IF-YES path m4_if([$3],,:,[$3]) fi unset _libcurl_with ])dnl