diff --git a/configure.ac b/configure.ac
index ef0bb6e1e..0955eee99 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,1489 +1,1489 @@
# configure.ac script for GnuPG
# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
# 2008, 2009, 2010, 2012 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see .
#
# (Process this file with autoconf to produce a configure script.)
AC_PREREQ(2.59)
min_automake_version="1.9.3"
# Remember to change the version number immediately *after* a release.
# Set my_issvn to "yes" for non-released code. Remember to run an
# "svn up" and "autogen.sh --force" right before creating a distribution.
m4_define([my_version], [1.4.13])
m4_define([my_issvn], [yes])
m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \
| sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)]))
m4_define([git_revision], m4_esyscmd([git branch -v 2>/dev/null \
| awk '/^\* / {printf "%s",$3}']))
m4_define([my_full_version], [my_version[]m4_if(my_issvn,[yes],
[m4_if(git_revision,[],[-svn[]svn_revision],[-git[]git_revision])])])
AC_INIT([gnupg],[my_full_version],[http://bugs.gnupg.org])
# Set development_version to yes if the minor number is odd or you
# feel that the default check for a development version is not
# sufficient.
development_version=no
AC_CONFIG_AUX_DIR(scripts)
AC_CONFIG_SRCDIR(g10/gpg.c)
AC_CANONICAL_HOST
AM_INIT_AUTOMAKE([std-options])
AB_INIT
AM_CONFIG_HEADER(config.h)
AC_GNU_SOURCE
dnl
dnl Check for random module options
dnl
AC_MSG_CHECKING([which random module to use])
AC_ARG_ENABLE(static-rnd,
AC_HELP_STRING([[--enable-static-rnd=[egd|unix|linux|auto]]],
[specify a random number source]),
[use_static_rnd=$enableval], [use_static_rnd=default])
if test "$use_static_rnd" = no; then
use_static_rnd=default
fi
case "$use_static_rnd" in
egd | linux | unix | default )
AC_MSG_RESULT($use_static_rnd)
;;
auto )
AC_MSG_RESULT(automagically selected at runtime)
;;
* )
AC_MSG_RESULT(invalid argument)
AC_MSG_ERROR(there is no random module rnd$use_static_rnd)
;;
esac
AC_ARG_WITH(egd-socket,
AC_HELP_STRING([--with-egd-socket=NAME],[use NAME for the EGD socket]),
egd_socket_name="$withval", egd_socket_name="" )
AC_DEFINE_UNQUOTED(EGD_SOCKET_NAME, "$egd_socket_name",
[Define if you don't want the default EGD socket name.
For details see cipher/rndegd.c])
dnl
dnl See whether the user wants to disable checking for /dev/random
AC_MSG_CHECKING([whether use of /dev/random is requested])
AC_ARG_ENABLE(dev-random,
AC_HELP_STRING([--disable-dev-random],[disable the use of dev random]),
try_dev_random=$enableval, try_dev_random=yes)
AC_MSG_RESULT($try_dev_random)
dnl
dnl Check other options
dnl
AC_MSG_CHECKING([whether assembler modules are requested])
AC_ARG_ENABLE(asm,
AC_HELP_STRING([--disable-asm],[do not use assembler modules]),
try_asm_modules=$enableval, try_asm_modules=yes)
AC_MSG_RESULT($try_asm_modules)
dnl AC_MSG_CHECKING([whether memory guard is requested])
dnl AC_ARG_ENABLE(m-guard,
dnl [ --enable-m-guard enable memory guard facility],
dnl use_m_guard=$enableval, use_m_guard=no)
dnl AC_MSG_RESULT($use_m_guard)
dnl if test "$use_m_guard" = yes ; then
dnl AC_DEFINE(M_GUARD,1,[Define to use the (obsolete) malloc guarding feature])
dnl fi
# SELinux support includes tracking of sensitive files to avoid
# leaking their contents through processing these files by gpg itself
AC_MSG_CHECKING([whether SELinux support is requested])
AC_ARG_ENABLE(selinux-support,
AC_HELP_STRING([--enable-selinux-support],
[enable SELinux support]),
selinux_support=$enableval, selinux_support=no)
AC_MSG_RESULT($selinux_support)
AC_MSG_CHECKING([whether the new iconv based code is requested])
AC_ARG_ENABLE(gnupg-iconv,
AC_HELP_STRING([--disable-gnupg-iconv],
[disable the new iconv code]),
gnupg_use_iconv=$enableval, gnupg_use_iconv=yes)
AC_MSG_RESULT($gnupg_use_iconv)
dnl See if we are disabling any algorithms or features for a smaller
dnl binary
try_extensions=no
try_gettext=yes
try_dns=yes
use_rsa=yes
use_idea=yes
use_cast5=yes
use_blowfish=yes
use_aes=yes
use_twofish=yes
use_camellia=yes
use_sha256=yes
use_sha512=yes
use_bzip2=yes
use_exec=yes
card_support=yes
agent_support=yes
disable_keyserver_path=no
AC_ARG_ENABLE(minimal,
AC_HELP_STRING([--enable-minimal],[build the smallest gpg binary possible]),
try_dns=no
use_rsa=no
use_idea=no
use_cast5=no
use_blowfish=no
use_aes=no
use_twofish=no
use_camellia=no
use_sha256=no
use_sha512=no
use_bzip2=no
use_exec=no
card_support=no
agent_support=no)
AC_MSG_CHECKING([whether OpenPGP card support is requested])
AC_ARG_ENABLE(card-support,
AC_HELP_STRING([--disable-card-support],
[disable OpenPGP card support]),
card_support=$enableval)
AC_MSG_RESULT($card_support)
# Note that we may later disable the agent support based on the platform.
AC_MSG_CHECKING([whether gpg-agent support is requested])
AC_ARG_ENABLE(agent-support,
AC_HELP_STRING([--disable-agent-support],
[disable gpg-agent support]),
agent_support=$enableval)
AC_MSG_RESULT($agent_support)
AC_MSG_CHECKING([whether to enable the RSA public key algorithm])
AC_ARG_ENABLE(rsa,
AC_HELP_STRING([--disable-rsa],[disable the RSA public key algorithm]),
use_rsa=$enableval)
AC_MSG_RESULT($use_rsa)
if test x"$use_rsa" = xyes ; then
AC_DEFINE(USE_RSA,1,[Define to include the RSA public key algorithm])
fi
AC_MSG_CHECKING([whether to enable the IDEA cipher])
AC_ARG_ENABLE(idea,
AC_HELP_STRING([--disable-idea],[disable the IDEA cipher]),
use_idea=$enableval)
AC_MSG_RESULT($use_idea)
if test x"$use_idea" = xyes ; then
AC_DEFINE(USE_IDEA,1,[Define to include the IDEA cipher])
fi
AC_MSG_CHECKING([whether to enable the CAST5 cipher])
AC_ARG_ENABLE(cast5,
AC_HELP_STRING([--disable-cast5],[disable the CAST5 cipher]),
use_cast5=$enableval)
AC_MSG_RESULT($use_cast5)
if test x"$use_cast5" = xyes ; then
AC_DEFINE(USE_CAST5,1,[Define to include the CAST5 cipher])
fi
AC_MSG_CHECKING([whether to enable the BLOWFISH cipher])
AC_ARG_ENABLE(blowfish,
AC_HELP_STRING([--disable-blowfish],[disable the BLOWFISH cipher]),
use_blowfish=$enableval)
AC_MSG_RESULT($use_blowfish)
if test x"$use_blowfish" = xyes ; then
AC_DEFINE(USE_BLOWFISH,1,[Define to include the BLOWFISH cipher])
fi
AC_MSG_CHECKING([whether to enable the AES ciphers])
AC_ARG_ENABLE(aes,
AC_HELP_STRING([--disable-aes],[disable the AES, AES192, and AES256 ciphers]),
use_aes=$enableval)
AC_MSG_RESULT($use_aes)
if test x"$use_aes" = xyes ; then
AC_DEFINE(USE_AES,1,[Define to include the AES, AES192, and AES256 ciphers])
fi
AC_MSG_CHECKING([whether to enable the TWOFISH cipher])
AC_ARG_ENABLE(twofish,
AC_HELP_STRING([--disable-twofish],[disable the TWOFISH cipher]),
use_twofish=$enableval)
AC_MSG_RESULT($use_twofish)
if test x"$use_twofish" = xyes ; then
AC_DEFINE(USE_TWOFISH,1,[Define to include the TWOFISH cipher])
fi
AC_MSG_CHECKING([whether to enable the CAMELLIA cipher])
AC_ARG_ENABLE(camellia,
AC_HELP_STRING([--enable-camellia],[enable the CAMELLIA cipher]),
use_camellia=$enableval)
AC_MSG_RESULT($use_camellia)
if test x"$use_camellia" = xyes ; then
AC_DEFINE(USE_CAMELLIA,1,[Define to include the CAMELLIA cipher])
fi
AC_MSG_CHECKING([whether to enable the SHA-224 and SHA-256 digests])
AC_ARG_ENABLE(sha256,
AC_HELP_STRING([--disable-sha256],[disable the SHA-224 and SHA-256 digests]),
use_sha256=$enableval)
AC_MSG_RESULT($use_sha256)
if test x"$use_sha256" = xyes ; then
AC_DEFINE(USE_SHA256,1,[Define to include the SHA-224 and SHA-256 digests])
fi
dnl SHA512 is defined only after we confirm 64-bit support later
AC_MSG_CHECKING([whether to enable the SHA-384 and SHA-512 digests])
AC_ARG_ENABLE(sha512,
AC_HELP_STRING([--disable-sha512],[disable the SHA-384 and SHA-512 digests]),
use_sha512=$enableval)
AC_MSG_RESULT($use_sha512)
dnl BZLIB is defined only after we confirm the library is available later
AC_MSG_CHECKING([whether to enable the BZIP2 compression algorithm])
AC_ARG_ENABLE(bzip2,
AC_HELP_STRING([--disable-bzip2],[disable the BZIP2 compression algorithm]),
use_bzip2=$enableval)
AC_MSG_RESULT($use_bzip2)
AC_MSG_CHECKING([whether to enable external program execution])
AC_ARG_ENABLE(exec,
AC_HELP_STRING([--disable-exec],[disable all external program execution]),
use_exec=$enableval)
AC_MSG_RESULT($use_exec)
if test "$use_exec" = no ; then
AC_DEFINE(NO_EXEC,1,[Define to disable all external program execution])
fi
if test "$use_exec" = yes ; then
AC_MSG_CHECKING([whether to enable photo ID viewing])
AC_ARG_ENABLE(photo-viewers,
AC_HELP_STRING([--disable-photo-viewers],[disable photo ID viewers]),
[if test "$enableval" = no ; then
AC_DEFINE(DISABLE_PHOTO_VIEWER,1,[define to disable photo viewing])
fi],enableval=yes)
gnupg_cv_enable_photo_viewers=$enableval
AC_MSG_RESULT($enableval)
if test "$gnupg_cv_enable_photo_viewers" = yes ; then
AC_MSG_CHECKING([whether to use a fixed photo ID viewer])
AC_ARG_WITH(photo-viewer,
AC_HELP_STRING([--with-photo-viewer=FIXED_VIEWER],
[set a fixed photo ID viewer]),
[if test "$withval" = yes ; then
withval=no
elif test "$withval" != no ; then
AC_DEFINE_UNQUOTED(FIXED_PHOTO_VIEWER,"$withval",
[if set, restrict photo-viewer to this])
fi],withval=no)
AC_MSG_RESULT($withval)
fi
AC_MSG_CHECKING([whether to enable external keyserver helpers])
AC_ARG_ENABLE(keyserver-helpers,
AC_HELP_STRING([--disable-keyserver-helpers],
[disable all external keyserver support]),
[if test "$enableval" = no ; then
AC_DEFINE(DISABLE_KEYSERVER_HELPERS,1,
[define to disable keyserver helpers])
fi],enableval=yes)
gnupg_cv_enable_keyserver_helpers=$enableval
AC_MSG_RESULT($enableval)
if test "$gnupg_cv_enable_keyserver_helpers" = yes ; then
dnl LDAP is defined only after we confirm the library is available later
AC_MSG_CHECKING([whether LDAP keyserver support is requested])
AC_ARG_ENABLE(ldap,
AC_HELP_STRING([--disable-ldap],[disable LDAP keyserver interface only]),
try_ldap=$enableval, try_ldap=yes)
AC_MSG_RESULT($try_ldap)
AC_MSG_CHECKING([whether HKP keyserver support is requested])
AC_ARG_ENABLE(hkp,
AC_HELP_STRING([--disable-hkp],[disable HKP keyserver interface only]),
try_hkp=$enableval, try_hkp=yes)
AC_MSG_RESULT($try_hkp)
AC_MSG_CHECKING([whether finger key fetching support is requested])
AC_ARG_ENABLE(finger,
AC_HELP_STRING([--disable-finger],
[disable finger key fetching interface only]),
try_finger=$enableval, try_finger=yes)
AC_MSG_RESULT($try_finger)
AC_MSG_CHECKING([whether generic object key fetching support is requested])
AC_ARG_ENABLE(generic,
AC_HELP_STRING([--disable-generic],
[disable generic object key fetching interface only]),
try_generic=$enableval, try_generic=yes)
AC_MSG_RESULT($try_generic)
AC_MSG_CHECKING([whether email keyserver support is requested])
AC_ARG_ENABLE(mailto,
AC_HELP_STRING([--enable-mailto],
[enable email keyserver interface only]),
try_mailto=$enableval, try_mailto=no)
AC_MSG_RESULT($try_mailto)
fi
AC_MSG_CHECKING([whether keyserver exec-path is enabled])
AC_ARG_ENABLE(keyserver-path,
AC_HELP_STRING([--disable-keyserver-path],
[disable the exec-path option for keyserver helpers]),
[if test "$enableval" = no ; then
disable_keyserver_path=yes
fi],enableval=yes)
AC_MSG_RESULT($enableval)
fi
AC_MSG_CHECKING([whether the included zlib is requested])
AC_ARG_WITH(included-zlib,
AC_HELP_STRING([--with-included-zlib],[use the zlib code included here]),
[g10_force_zlib="$withval"], [g10_force_zlib=no] )
AC_MSG_RESULT($g10_force_zlib)
dnl
dnl Check for the key/uid cache size. This can't be zero, but can be
dnl pretty small on embedded systems.
dnl
AC_MSG_CHECKING([for the size of the key and uid cache])
AC_ARG_ENABLE(key-cache,
AC_HELP_STRING([--enable-key-cache=SIZE],[Set key cache to SIZE (default 4096)]),,enableval=4096)
if test "$enableval" = "no"; then
enableval=5
elif test "$enableval" = "yes" || test "$enableval" = ""; then
enableval=4096
fi
changequote(,)dnl
key_cache_size=`echo "$enableval" | sed 's/[A-Za-z]//g'`
changequote([,])dnl
if test "$enableval" != "$key_cache_size" || test "$key_cache_size" -lt 5; then
AC_MSG_ERROR([invalid key-cache size])
fi
AC_MSG_RESULT($key_cache_size)
AC_DEFINE_UNQUOTED(PK_UID_CACHE_SIZE,$key_cache_size,[Size of the key and UID caches])
dnl
dnl Check whether we want to use Linux capabilities
dnl
AC_MSG_CHECKING([whether use of capabilities is requested])
AC_ARG_WITH(capabilities,
AC_HELP_STRING([--with-capabilities],
[use linux capabilities [default=no]]),
[use_capabilities="$withval"],[use_capabilities=no])
AC_MSG_RESULT($use_capabilities)
# To avoid double inclusion of config.h which might happen at some
# places, we add the usual double inclusion protection.
AH_TOP([
#ifndef GNUPG_CONFIG_H_INCLUDED
#define GNUPG_CONFIG_H_INCLUDED
])
AH_BOTTOM([
/* We didn't define endianness above, so get it from OS macros. This
is intended for making fat binary builds on OS X. */
#if !defined(BIG_ENDIAN_HOST) && !defined(LITTLE_ENDIAN_HOST)
# if defined(__BIG_ENDIAN__)
# define BIG_ENDIAN_HOST 1
# elif defined(__LITTLE_ENDIAN__)
# define LITTLE_ENDIAN_HOST 1
# else
# error "No endianness found"
# endif
#endif
#if !(defined(HAVE_FORK) && defined(HAVE_PIPE) && defined(HAVE_WAITPID))
# define EXEC_TEMPFILE_ONLY
#endif
/* A macro to help checking the GCC version. */
#ifdef __GNUC__
# define GNUPG_GCC_VERSION (__GNUC__ * 10000 \
+ __GNUC_MINOR__ * 100 \
+ __GNUC_PATCHLEVEL__)
#endif /*__GNUC__*/
/* Please note that the string version must not contain more
than one character because the using code assumes strlen()==1 */
#ifdef HAVE_DOSISH_SYSTEM
# define DIRSEP_C '\\'
# define EXTSEP_C '.'
# define DIRSEP_S "\\"
# define EXTSEP_S "."
# define PATHSEP_C ';'
# define PATHSEP_S ";"
#else
# define DIRSEP_C '/'
# define EXTSEP_C '.'
# define DIRSEP_S "/"
# define EXTSEP_S "."
# define PATHSEP_C ':'
# define PATHSEP_S ":"
#endif
#ifdef __VMS
# define GNUPG_BAK_SFX "_bak"
# define GNUPG_TMP_SFX "_tmp"
#else /*!def __VMS */
# define GNUPG_BAK_SFX "~"
# define GNUPG_TMP_SFX EXTSEP_S "tmp"
#endif /* def __VMS [else] */
/* For some OSes we need to use fixed strings for certain directories. */
#ifdef HAVE_DRIVE_LETTERS
# define LOCALEDIR "c:\\\\lib\\\\gnupg\\\\locale"
# define GNUPG_LIBDIR "c:\\\\lib\\\\gnupg"
# define GNUPG_LIBEXECDIR "c:\\\\lib\\\\gnupg"
# define GNUPG_DATADIR "c:\\\\lib\\\\gnupg"
# define GNUPG_HOMEDIR "c:\\\\gnupg"
#else
# ifdef __VMS
# define GNUPG_DATADIR "/SYS$MANAGER/gnupg_share"
# define GNUPG_HOMEDIR "/SYS$LOGIN/gnupg"
# define GNUPG_LIBDIR "/SYS$MANAGER/gnupg_share"
# define GNUPG_LIBEXECDIR ""
# else
# define GNUPG_HOMEDIR "~/.gnupg"
# endif
#endif
/* Hack used for W32: ldap.m4 also tests for the ASCII version of
ldap_start_tls_s because that is the actual symbol used in the
library. winldap.h redefines it to our commonly used value,
thus we define our usual macro here. */
#ifdef HAVE_LDAP_START_TLS_SA
# ifndef HAVE_LDAP_START_TLS_S
# define HAVE_LDAP_START_TLS_S 1
# endif
#endif
/* This is the major version number of GnuPG so that
source included files can test for this. */
#define GNUPG_MAJOR_VERSION 1
/* This is the same as VERSION, but should be overridden if the
platform cannot handle things like dots'.' in filenames. Set
SAFE_VERSION_DOT and SAFE_VERSION_DASH to whatever SAFE_VERSION
uses for dots and dashes. */
#define SAFE_VERSION VERSION
#define SAFE_VERSION_DOT '.'
#define SAFE_VERSION_DASH '-'
/* We want to use our memory allocator for estream-printf. */
#define _ESTREAM_PRINTF_MALLOC xtrymalloc
#define _ESTREAM_PRINTF_FREE xfree
#define _ESTREAM_PRINTF_EXTRA_INCLUDE "memory.h"
#endif /*GNUPG_CONFIG_H_INCLUDED*/
])
AM_MAINTAINER_MODE
dnl Checks for programs.
AC_PROG_MAKE_SET
AM_SANITY_CHECK
missing_dir=`cd $ac_aux_dir && pwd`
AM_MISSING_PROG(ACLOCAL, aclocal, $missing_dir)
AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir)
AM_MISSING_PROG(AUTOMAKE, automake, $missing_dir)
AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir)
AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir)
AC_PROG_CC
AM_PROG_CC_C_O
AC_PROG_CPP
AC_PROG_RANLIB
AC_CHECK_TOOL(AR, ar, :)
AC_PATH_PROG(PERL,"perl")
AC_ISC_POSIX
AC_SYS_LARGEFILE
AC_PROG_INSTALL
AC_PROG_AWK
AC_CHECK_PROG(DOCBOOK_TO_MAN, docbook-to-man, yes, no)
AM_CONDITIONAL(HAVE_DOCBOOK_TO_MAN, test "$ac_cv_prog_DOCBOOK_TO_MAN" = yes)
GNUPG_CHECK_USTAR
# According to a comment by Marcus Brinkman in libgpg-error, the
# AC_PROG_CC_FOR_BUILD macro in the AC archive is broken for autoconf
# 2.57. Thus we use a simply use "cc" if we are cross-compiling.
AC_MSG_CHECKING(for cc for build)
if test "$cross_compiling" = "yes"; then
CC_FOR_BUILD="${CC_FOR_BUILD-cc}"
else
CC_FOR_BUILD="${CC_FOR_BUILD-$CC}"
fi
AC_MSG_RESULT($CC_FOR_BUILD)
AC_ARG_VAR(CC_FOR_BUILD,[build system C compiler])
MPI_OPT_FLAGS=""
have_dosish_system=no
need_dlopen=yes
case "${host}" in
*-mingw32*)
# special stuff for Windoze NT
ac_cv_have_dev_random=no
AC_DEFINE(USE_ONLY_8DOT3,1,
[set this to limit filenames to the 8.3 format])
AC_DEFINE(HAVE_DRIVE_LETTERS,1,
[defined if we must run on a stupid file system])
AC_DEFINE(USE_SIMPLE_GETTEXT,1,
[because the Unix gettext has too much overhead on
MingW32 systems and these systems lack Posix functions,
we use a simplified version of gettext])
AC_DEFINE(HAVE_W32_SYSTEM,1,
[Defined if we run on a W32 API based system])
disable_keyserver_path=yes
have_dosish_system=yes
need_dlopen=no
try_gettext="no"
agent_support=no
use_simple_gettext=yes
have_w32_system=yes
# gcc 4.6 uses by default -fomit-frame-pointer. This
# conflicts with mingw runtime's setjmp/longjmp usage. The
# actual bug we notice is a segv related to the dlopened
# iconv.dll: After returning from set_native_charset the stack
# frame is corrupt.
if test -n "$GCC" ; then
CFLAGS="$CFLAGS -fno-omit-frame-pointer"
fi
;;
i?86-emx-os2 | i?86-*-os2*emx )
# OS/2 with the EMX environment
ac_cv_have_dev_random=no
AC_DEFINE(HAVE_DRIVE_LETTERS)
have_dosish_system=yes
try_gettext="no"
agent_support=no
;;
i?86-*-msdosdjgpp*)
# DOS with the DJGPP environment
ac_cv_have_dev_random=no
AC_DEFINE(HAVE_DRIVE_LETTERS)
have_dosish_system=yes
try_gettext="no"
agent_support=no
;;
*-*-hpux*)
if test -z "$GCC" ; then
CFLAGS="$CFLAGS -Ae -D_HPUX_SOURCE"
fi
;;
*-dec-osf4*)
if test -z "$GCC" ; then
# Suppress all warnings
# to get rid of the unsigned/signed char mismatch warnings.
CFLAGS="$CFLAGS -w"
fi
;;
*-dec-osf5*)
if test -z "$GCC" ; then
# Use the newer compiler `-msg_disable ptrmismatch1' to
# get rid of the unsigned/signed char mismatch warnings.
# Using this may hide other pointer mismatch warnings, but
# it at least lets other warning classes through
CFLAGS="$CFLAGS -msg_disable ptrmismatch1"
fi
;;
m68k-atari-mint)
;;
*)
;;
esac
if test "$have_dosish_system" = yes; then
AC_DEFINE(HAVE_DOSISH_SYSTEM,1,
[defined if we run on some of the PCDOS like systems
(DOS, Windoze. OS/2) with special properties like
no file modes])
fi
AM_CONDITIONAL(HAVE_DOSISH_SYSTEM, test "$have_dosish_system" = yes)
AM_CONDITIONAL(USE_SIMPLE_GETTEXT, test x"$use_simple_gettext" = xyes)
AM_CONDITIONAL(HAVE_W32_SYSTEM, test x"$have_w32_system" = xyes)
if test "$disable_keyserver_path" = yes; then
AC_DEFINE(DISABLE_KEYSERVER_PATH,1,
[define to disable exec-path for keyserver helpers])
fi
AC_SUBST(MPI_OPT_FLAGS)
GNUPG_SYS_SYMBOL_UNDERSCORE
dnl These need to go after AC_PROG_CC so that $EXEEXT is defined
AC_DEFINE_UNQUOTED(EXEEXT,"$EXEEXT",[The executable file extension, if any])
if test x"$try_hkp" = xyes ; then
AC_SUBST(GPGKEYS_HKP,"gpgkeys_hkp$EXEEXT")
fi
if test x"$try_finger" = xyes ; then
AC_SUBST(GPGKEYS_FINGER,"gpgkeys_finger$EXEEXT")
fi
dnl Must check for network library requirements before doing link tests
dnl for ldap, for example. If ldap libs are static (or dynamic and without
dnl ELF runtime link paths), then link will fail and LDAP support won't
dnl be detected.
AC_CHECK_FUNC(gethostbyname, , AC_CHECK_LIB(nsl, gethostbyname,
[NETLIBS="-lnsl $NETLIBS"]))
AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt,
[NETLIBS="-lsocket $NETLIBS"]))
dnl Now try for the resolver functions so we can use DNS for SRV, PKA,
dnl and CERT.
if test x"$try_dns" = xyes ; then
if test x"$try_hkp" = xyes || test x"$try_http" = xyes ; then
AC_ARG_ENABLE(dns-srv,
AC_HELP_STRING([--disable-dns-srv],
[disable the use of DNS SRV in HKP and HTTP]),
use_dns_srv=$enableval,use_dns_srv=yes)
fi
AC_ARG_ENABLE(dns-pka,
AC_HELP_STRING([--disable-dns-pka],
[disable the use of PKA records in DNS]),
use_dns_pka=$enableval,use_dns_pka=yes)
AC_ARG_ENABLE(dns-cert,
AC_HELP_STRING([--disable-dns-cert],
[disable the use of CERT records in DNS]),
use_dns_cert=$enableval,use_dns_cert=yes)
fi
if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes || test x"$use_dns_cert" = xyes; then
_dns_save_libs=$LIBS
LIBS=""
# the double underscore thing is a glibc-ism?
AC_SEARCH_LIBS(res_query,resolv bind socket,,
AC_SEARCH_LIBS(__res_query,resolv bind socket,,have_resolver=no))
AC_SEARCH_LIBS(dn_expand,resolv bind socket,,
AC_SEARCH_LIBS(__dn_expand,resolv bind socket,,have_resolver=no))
AC_SEARCH_LIBS(dn_skipname,resolv bind socket,,
AC_SEARCH_LIBS(__dn_skipname,resolv bind socket,,have_resolver=no))
if test x"$have_resolver" != xno ; then
# Make sure that the BIND 4 resolver interface is workable before
# enabling any code that calls it. At some point I'll rewrite the
# code to use the BIND 8 resolver API.
AC_MSG_CHECKING([whether the resolver is usable])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include
#include
#include
#include ]],
[[unsigned char answer[PACKETSZ]; res_query("foo.bar",C_IN,T_A,answer,PACKETSZ); dn_skipname(0,0); dn_expand(0,0,0,0,0);]])],have_resolver=yes,have_resolver=no)
AC_MSG_RESULT($have_resolver)
# This is Apple-specific and somewhat bizarre as they changed the
# define in bind 8 for some reason.
if test x"$have_resolver" != xyes ; then
AC_MSG_CHECKING([whether I can make the resolver usable with BIND_8_COMPAT])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#define BIND_8_COMPAT
#include
#include
#include
#include ]],
[[unsigned char answer[PACKETSZ]; res_query("foo.bar",C_IN,T_A,answer,PACKETSZ); dn_skipname(0,0); dn_expand(0,0,0,0,0);]])],[have_resolver=yes ; need_compat=yes])
AC_MSG_RESULT($have_resolver)
fi
fi
if test x"$have_resolver" = xyes ; then
DNSLIBS=$LIBS
if test x"$use_dns_srv" = xyes ; then
AC_DEFINE(USE_DNS_SRV,1,[define to use DNS SRV])
fi
if test x"$use_dns_pka" = xyes ; then
AC_DEFINE(USE_DNS_PKA,1,[define to use our experimental DNS PKA])
fi
if test x"$use_dns_cert" = xyes ; then
AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT])
fi
if test x"$need_compat" = xyes ; then
AC_DEFINE(BIND_8_COMPAT,1,[an Apple OSXism])
fi
else
use_dns_srv=no
use_dns_pka=no
use_dns_cert=no
fi
LIBS=$_dns_save_libs
fi
AC_SUBST(DNSLIBS)
AM_CONDITIONAL(USE_DNS_SRV, test x"$use_dns_srv" = xyes)
# Check for LDAP
if test "$try_ldap" = yes ; then
GNUPG_CHECK_LDAP($NETLIBS)
fi
# Check for curl. We fake the curl API if libcurl isn't installed.
# We require 7.10 or better as we use curl_version_info().
LIBCURL_CHECK_CONFIG([yes],[7.10],,[fake_curl=yes])
AM_CONDITIONAL(FAKE_CURL,test x"$fake_curl" = xyes)
# Generic, for us, means curl
if test x"$try_generic" = xyes ; then
AC_SUBST(GPGKEYS_CURL,"gpgkeys_curl$EXEEXT")
fi
dnl This isn't necessarily sendmail itself, but anything that gives a
dnl sendmail-ish interface to the outside world. That includes qmail,
dnl postfix, etc. Basically, anything that can handle "sendmail -t".
if test "$try_mailto" = yes ; then
AC_ARG_WITH(mailprog,
AC_HELP_STRING([--with-mailprog=NAME],
[use "NAME -t" for mail transport]),,with_mailprog=yes)
if test "$with_mailprog" = yes ; then
AC_PATH_PROG(SENDMAIL,sendmail,,$PATH:/usr/sbin:/usr/libexec:/usr/lib)
if test "$ac_cv_path_SENDMAIL" ; then
GPGKEYS_MAILTO="gpgkeys_mailto"
fi
elif test "$with_mailprog" != no ; then
AC_MSG_CHECKING([for a mail transport program])
AC_SUBST(SENDMAIL,$with_mailprog)
AC_MSG_RESULT($with_mailprog)
GPGKEYS_MAILTO="gpgkeys_mailto"
fi
fi
AC_SUBST(GPGKEYS_MAILTO)
case "${host}" in
*-mingw32*)
PRINTABLE_OS_NAME="MingW32"
;;
*-*-cygwin*)
PRINTABLE_OS_NAME="Cygwin"
;;
i?86-emx-os2 | i?86-*-os2*emx )
PRINTABLE_OS_NAME="OS/2"
;;
i?86-*-msdosdjgpp*)
PRINTABLE_OS_NAME="MSDOS/DJGPP"
try_extensions=no
;;
*-linux*)
PRINTABLE_OS_NAME="GNU/Linux"
;;
*)
PRINTABLE_OS_NAME=`uname -s || echo "Unknown"`
;;
esac
AC_DEFINE_UNQUOTED(PRINTABLE_OS_NAME, "$PRINTABLE_OS_NAME",
[A human readable text with the name of the OS])
#
# 1. Set names of random devices
#
NAME_OF_DEV_RANDOM="/dev/random"
NAME_OF_DEV_URANDOM="/dev/urandom"
case "${host}" in
*-openbsd*)
NAME_OF_DEV_RANDOM="/dev/srandom"
NAME_OF_DEV_URANDOM="/dev/urandom"
;;
esac
AC_DEFINE_UNQUOTED(NAME_OF_DEV_RANDOM, "$NAME_OF_DEV_RANDOM",
[defined to the name of the strong random device])
AC_DEFINE_UNQUOTED(NAME_OF_DEV_URANDOM, "$NAME_OF_DEV_URANDOM",
[defined to the name of the weaker random device])
AC_SUBST(MPI_OPT_FLAGS)
dnl Checks for libraries.
# This is "GNU gnupg" - The project-id script from gettext
# needs to find this string. Without
# it "make distcheck" may fail.
AM_PO_SUBDIRS
AM_GNU_GETTEXT_VERSION([0.18.1])
if test "$try_gettext" = yes; then
AM_GNU_GETTEXT(,[need-ngettext])
# gettext requires some extra checks. These really should be part of
# the basic AM_GNU_GETTEXT macro. TODO: move other gettext-specific
# function checks to here.
AC_CHECK_FUNCS(strchr)
else
enable_nls=no
USE_NLS=no
USE_INCLUDED_LIBINTL=no
BUILD_INCLUDED_LIBINTL=no
POSUB=po
AC_SUBST(USE_NLS)
AC_SUBST(USE_INCLUDED_LIBINTL)
AC_SUBST(BUILD_INCLUDED_LIBINTL)
AC_SUBST(POSUB)
fi
if test "$try_extensions" = yes || test x"$card_support" = xyes ; then
if test "$need_dlopen" = yes; then
_dl_save_libs=$LIBS
LIBS=""
AC_SEARCH_LIBS(dlopen,dl,found_dlopen=yes)
if test x"$found_dlopen" = "xyes" ; then
AC_DEFINE(HAVE_DL_DLOPEN,1,
[Defined when the dlopen function family is available])
DLLIBS=$LIBS
else
if test "$try_extensions" = yes ; then
AC_MSG_NOTICE([dlopen not found. Disabling extensions.])
try_extensions=no
fi
if test "$card_support" = yes ; then
AC_MSG_WARN([dlopen not found. Disabling OpenPGP card support.])
card_support=no
fi
fi
LIBS=$_dl_save_libs
fi
fi
AC_SUBST(DLLIBS)
if test "$card_support" = yes ; then
AC_DEFINE(ENABLE_CARD_SUPPORT,1,[Define to include OpenPGP card support])
fi
if test "$agent_support" = yes ; then
AC_DEFINE(ENABLE_AGENT_SUPPORT,1,[Define to include gpg-agent support])
fi
if test "$try_extensions" = yes ; then
AC_DEFINE(USE_DYNAMIC_LINKING,1,[Define to enable the use of extensions])
fi
if test "$selinux_support" = yes ; then
AC_DEFINE(ENABLE_SELINUX_HACKS,1,[Define to enable SELinux support])
fi
if test "$gnupg_use_iconv" = yes ; then
AC_DEFINE(USE_GNUPG_ICONV,1,[Define to use the new iconv based code])
fi
AM_CONDITIONAL(ENABLE_CARD_SUPPORT, test "$card_support" = yes)
AM_CONDITIONAL(ENABLE_AGENT_SUPPORT, test "$agent_support" = yes)
AM_CONDITIONAL(ENABLE_SELINUX_HACKS, test "$selinux_support" = yes)
dnl Checks for header files.
AC_HEADER_STDC
AC_CHECK_HEADERS([unistd.h langinfo.h termio.h locale.h getopt.h pwd.h \
signal.h])
# Note that we do not check for iconv here because this is done anyway
# by the gettext checks and thus it allows us to disable the use of
# iconv by using --disable-nls.
dnl Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_C_INLINE
AC_C_VOLATILE
AC_TYPE_SIZE_T
AC_TYPE_MODE_T
AC_TYPE_SIGNAL
AC_DECL_SYS_SIGLIST
AC_ARG_ENABLE(endian-check,
AC_HELP_STRING([--disable-endian-check],
[disable the endian check and trust the OS provided macros]),
endiancheck=$enableval,endiancheck=yes)
if test x"$endiancheck" = xyes ; then
GNUPG_CHECK_ENDIAN
fi
GNUPG_CHECK_TYPEDEF(byte, HAVE_BYTE_TYPEDEF)
GNUPG_CHECK_TYPEDEF(ushort, HAVE_USHORT_TYPEDEF)
GNUPG_CHECK_TYPEDEF(ulong, HAVE_ULONG_TYPEDEF)
GNUPG_CHECK_TYPEDEF(u16, HAVE_U16_TYPEDEF)
GNUPG_CHECK_TYPEDEF(u32, HAVE_U32_TYPEDEF)
AC_CHECK_SIZEOF(unsigned short)
AC_CHECK_SIZEOF(unsigned int)
AC_CHECK_SIZEOF(unsigned long)
AC_CHECK_SIZEOF(unsigned long long)
AC_HEADER_TIME
AC_CHECK_SIZEOF(time_t,,[[
#include
#if TIME_WITH_SYS_TIME
# include
# include
#else
# if HAVE_SYS_TIME_H
# include
# else
# include
# endif
#endif
]])
GNUPG_TIME_T_UNSIGNED
# Ensure that we have UINT64_C before we bother to check for uint64_t
AC_CHECK_HEADERS([inttypes.h])
AC_CACHE_CHECK([for UINT64_C], [gnupg_cv_uint64_c_works],
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]],[[
uint64_t foo=UINT64_C(42);]])],gnupg_cv_uint64_c_works=yes,gnupg_cv_uint64_c_works=no))
if test "$gnupg_cv_uint64_c_works" = "yes" ; then
AC_CHECK_SIZEOF(uint64_t)
fi
if test "$ac_cv_sizeof_unsigned_short" = "0" \
|| test "$ac_cv_sizeof_unsigned_int" = "0" \
|| test "$ac_cv_sizeof_unsigned_long" = "0"; then
AC_MSG_WARN([Hmmm, something is wrong with the sizes - using defaults]);
fi
dnl Do we have any 64-bit data types?
if test x"$use_sha512" = xyes \
&& test "$ac_cv_sizeof_unsigned_int" != "8" \
&& test "$ac_cv_sizeof_unsigned_long" != "8" \
&& test "$ac_cv_sizeof_unsigned_long_long" != "8" \
&& test x"$ac_cv_sizeof_uint64_t" != "x8"; then
AC_MSG_NOTICE([No 64-bit types. Disabling SHA-384 and SHA-512.])
use_sha512=no
fi
if test x"$use_sha512" = xyes ; then
AC_DEFINE(USE_SHA512,1,[Define to include the SHA-384 and SHA-512 digests])
fi
AM_CONDITIONAL(USE_SHA512, test x"$use_sha512" = xyes)
dnl Checks for library functions.
AC_CHECK_DECLS(getpagesize)
AC_FUNC_FSEEKO
AC_FUNC_VPRINTF
AC_FUNC_FORK
AC_CHECK_FUNCS(strerror stpcpy strlwr tcgetattr strtoul mmap sysconf)
AC_CHECK_FUNCS(strcasecmp strncasecmp ctermid times unsetenv getpwnam getpwuid)
AC_CHECK_FUNCS(memmove gettimeofday getrusage setrlimit clock_gettime)
AC_CHECK_FUNCS(atexit raise getpagesize strftime nl_langinfo setlocale)
AC_CHECK_FUNCS(waitpid wait4 sigaction sigprocmask rand pipe stat getaddrinfo)
-AC_CHECK_FUNCS(fcntl ftruncate)
+AC_CHECK_FUNCS(fcntl ftruncate inet_ntop)
AC_REPLACE_FUNCS(mkdtemp timegm isascii memrchr strsep)
AC_CHECK_TYPES([struct sigaction, sigset_t],,,[#include ])
# See if getopt is in libiberty. This is of course not optimal since
# it might be somewhere other than libiberty, but does cover the
# mingw32 case.
AC_CHECK_FUNC(getopt,,AC_CHECK_LIB(iberty,getopt,AC_SUBST(GETOPT,"-liberty")))
#
# check for gethrtime and run a testprogram to see whether
# it is broken. It has been reported that some Solaris and HP UX systems
# raise an SIGILL
#
AC_CACHE_CHECK([for gethrtime],
[gnupg_cv_func_gethrtime],
[AC_TRY_LINK([#include ],[
hrtime_t tv;
tv = gethrtime();
],
[gnupg_cv_func_gethrtime=yes],
[gnupg_cv_func_gethrtime=no])
])
if test $gnupg_cv_func_gethrtime = yes; then
AC_DEFINE([HAVE_GETHRTIME], 1,
[Define if you have the `gethrtime(2)' function.])
AC_CACHE_CHECK([whether gethrtime is broken],
[gnupg_cv_func_broken_gethrtime],
[AC_TRY_RUN([
#include
int main () {
hrtime_t tv;
tv = gethrtime();
}
],
[gnupg_cv_func_broken_gethrtime=no],
[gnupg_cv_func_broken_gethrtime=yes],
[gnupg_cv_func_broken_gethrtime=assume-no])
])
if test $gnupg_cv_func_broken_gethrtime = yes; then
AC_DEFINE([HAVE_BROKEN_GETHRTIME], 1,
[Define if `gethrtime(2)' does not work correctly i.e. issues a SIGILL.])
fi
fi
GNUPG_CHECK_MLOCK
GNUPG_FUNC_MKDIR_TAKES_ONE_ARG
#
# Prepare building of estream-printf
#
estream_PRINTF_INIT
dnl
dnl Check whether we can use Linux capabilities as requested
dnl
if test "$use_capabilities" = "yes" ; then
AC_MSG_WARN([[
***
*** WARNING: using capabilities with GnuPG is experimental code!
***]])
use_capabilities=no
AC_CHECK_HEADERS(sys/capability.h)
if test "$ac_cv_header_sys_capability_h" = "yes" ; then
AC_CHECK_LIB(cap, cap_init, ac_need_libcap=1)
if test "$ac_cv_lib_cap_cap_init" = "yes"; then
AC_DEFINE(USE_CAPABILITIES,1,
[define if capabilities should be used])
AC_SUBST(CAPLIBS,"-lcap")
use_capabilities=yes
fi
fi
if test "$use_capabilities" = "no" ; then
AC_MSG_WARN([[
***
*** The use of capabilities on this system is not possible.
*** You need a recent Linux kernel and some patches:
*** fcaps-2.2.9-990610.patch (kernel patch for 2.2.9)
*** fcap-module-990613.tar.gz (kernel module)
*** libcap-1.92.tar.gz (user mode library and utilities)
*** And you have to configure the kernel with CONFIG_VFS_CAP_PLUGIN
*** set (filesystems menu). Be warned: This code is *really* ALPHA.
***]])
fi
fi
GNUPG_CHECK_IPC
if test "$ac_cv_header_sys_shm_h" = "yes"; then
AC_DEFINE(USE_SHM_COPROCESSING,1,
[define if the shared memory interface should be made available])
fi
AM_CONDITIONAL(HAVE_SHM, test "$ac_cv_header_sys_shm_h" = yes)
dnl
dnl check whether we have a random device
dnl
if test "$try_dev_random" = yes ; then
AC_CACHE_CHECK(for random device, ac_cv_have_dev_random,
[if test -r "$NAME_OF_DEV_RANDOM" && test -r "$NAME_OF_DEV_URANDOM" ; then
ac_cv_have_dev_random=yes; else ac_cv_have_dev_random=no; fi])
if test "$ac_cv_have_dev_random" = yes; then
AC_DEFINE(HAVE_DEV_RANDOM,1,
[defined if the system supports a random device] )
fi
else
AC_MSG_CHECKING(for random device)
ac_cv_have_dev_random=no
AC_MSG_RESULT(has been disabled)
fi
dnl
dnl Figure out the default random module.
dnl
random_modules=""
if test "$use_static_rnd" = default; then
if test "$ac_cv_have_dev_random" = yes; then
random_modules="rndlinux"
else
case "${host}" in
*-mingw32*|*-*-cygwin*)
random_modules="rndw32"
;;
i?86-emx-os2|i?86-*-os2*emx)
random_modules="rndos2"
;;
m68k-atari-mint)
random_modules="rndatari"
;;
i?86-*-msdosdjgpp*)
:
;;
*)
random_modules="rndlinux rndegd rndunix"
AC_DEFINE(USE_ALL_RANDOM_MODULES, 1,
[Allow to select random modules at runtime.])
;;
esac
fi
else
if test "$use_static_rnd" = auto; then
random_modules="rndlinux rndegd rndunix"
AC_DEFINE(USE_ALL_RANDOM_MODULES, 1)
else
random_modules="rnd$use_static_rnd";
fi
fi
if test -z "$random_modules"; then
AC_MSG_ERROR(no random module available)
fi
print_egd_warning=no
for rndmod in $random_modules "" ; do
case "$rndmod" in
rndlinux)
AC_DEFINE(USE_RNDLINUX,1,
[Defined if the /dev/random based RNG should be used.])
use_rndlinux=yes
;;
rndunix)
AC_DEFINE(USE_RNDUNIX,1,
[Defined if the default Unix RNG should be used.])
print_egd_warning=yes
use_rndunix=yes
;;
rndegd)
AC_DEFINE(USE_RNDEGD,1,
[Defined if the EGD based RNG should be used.])
use_rndegd=yes
;;
rndw32)
AC_DEFINE(USE_RNDW32,1,
[Defined if the Windows specific RNG should be used.])
use_rndw32=yes
;;
esac
done
AM_CONDITIONAL(USE_RNDLINUX, test "$use_rndlinux" = yes)
AM_CONDITIONAL(USE_RNDUNIX, test "$use_rndunix" = yes)
AM_CONDITIONAL(USE_RNDEGD, test "$use_rndegd" = yes)
AM_CONDITIONAL(USE_RNDW32, test "$use_rndw32" = yes)
dnl setup assembler stuff
AC_MSG_CHECKING(for mpi assembler functions)
if test -f $srcdir/mpi/config.links ; then
. $srcdir/mpi/config.links
AC_CONFIG_LINKS("$mpi_ln_list")
ac_cv_mpi_extra_asm_modules="$mpi_extra_modules"
ac_cv_mpi_sflags="$mpi_sflags"
ac_cv_mpi_config_done="yes"
AC_MSG_RESULT(done)
else
AC_MSG_RESULT(failed)
AC_MSG_ERROR([mpi/config.links missing!])
fi
MPI_EXTRA_ASM_OBJS=""
show_extraasm=""
if test "$ac_cv_mpi_extra_asm_modules" != ""; then
for i in $ac_cv_mpi_extra_asm_modules; do
show_extraasm="$show_extraasm $i"
MPI_EXTRA_ASM_OBJS="$MPI_EXTRA_ASM_OBJS $i.o"
done
fi
AC_SUBST(MPI_EXTRA_ASM_OBJS)
MPI_SFLAGS="$ac_cv_mpi_sflags"
AC_SUBST(MPI_SFLAGS)
# Sanity check regex. Tests adapted from mutt.
AC_MSG_CHECKING([whether regular expression support is requested])
AC_ARG_ENABLE(regex,
AC_HELP_STRING([--disable-regex],
[do not handle regular expressions in trust signatures]),
use_regex=$enableval, use_regex=yes)
AC_MSG_RESULT($use_regex)
if test "$use_regex" = yes ; then
AC_MSG_CHECKING([whether the included regex lib is requested])
AC_ARG_WITH(included-regex,
AC_HELP_STRING([--with-included-regex],
[use the included GNU regex library]),
[gnupg_cv_included_regex="$withval"],[gnupg_cv_included_regex=no])
AC_MSG_RESULT($gnupg_cv_included_regex)
if test $gnupg_cv_included_regex = no ; then
# Does the system have regex functions at all?
AC_CHECK_FUNC(regcomp,gnupg_cv_included_regex=no,
gnupg_cv_included_regex=yes)
fi
if test $gnupg_cv_included_regex = no ; then
AC_CACHE_CHECK([whether your system's regexp library is broken],
[gnupg_cv_regex_broken],
AC_TRY_RUN([
#include
#include
main() { regex_t blah ; regmatch_t p; p.rm_eo = p.rm_eo; return regcomp(&blah, "foo.*bar", REG_NOSUB) || regexec (&blah, "foobar", 0, NULL, 0); }],
gnupg_cv_regex_broken=no, gnupg_cv_regex_broken=yes, gnupg_cv_regex_broken=yes))
if test $gnupg_cv_regex_broken = yes ; then
AC_MSG_WARN(your regex is broken - using the included GNU regex instead.)
gnupg_cv_included_regex=yes
fi
fi
if test $gnupg_cv_included_regex = yes; then
AC_DEFINE(USE_INTERNAL_REGEX,1,[ Define if you want to use the included regex lib ])
fi
else
AC_DEFINE(DISABLE_REGEX,1,[ Define to disable regular expression support ])
fi
AM_CONDITIONAL(USE_INTERNAL_REGEX, test x"$gnupg_cv_included_regex" = xyes)
dnl Do we have zlib? Must do it here because Solaris failed
dnl when compiling a conftest (due to the "-lz" from LIBS).
use_local_zlib=yes
if test "$g10_force_zlib" = "yes"; then
:
else
_cppflags="${CPPFLAGS}"
_ldflags="${LDFLAGS}"
AC_ARG_WITH(zlib,
AC_HELP_STRING([--with-zlib=DIR],[use libz in DIR]),[
if test -d "$withval"; then
CPPFLAGS="${CPPFLAGS} -I$withval/include"
LDFLAGS="${LDFLAGS} -L$withval/lib"
fi
])
AC_CHECK_HEADER(zlib.h,
AC_CHECK_LIB(z, deflateInit2_,
use_local_zlib=no
ZLIBS="-lz",
CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}),
CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags})
fi
if test "$use_local_zlib" = yes ; then
AC_CONFIG_LINKS(zlib.h:zlib/zlib.h zconf.h:zlib/zconf.h )
ZLIBS="../zlib/libzlib.a"
fi
AM_CONDITIONAL(ENABLE_LOCAL_ZLIB, test "$use_local_zlib" = yes)
# Under W32 we force the use ofthe included bzip2 code.
if test x"$have_w32_system" = xyes ; then
have_bz2=yes
AC_DEFINE(HAVE_BZIP2,1,
[Defined if the bz2 compression library is available])
AC_CONFIG_LINKS(bzlib.h:bzlib/bzlib.h)
ZLIBS="$ZLIBS ../bzlib/libbz2.a"
else
if test "$use_bzip2" = yes ; then
_cppflags="${CPPFLAGS}"
_ldflags="${LDFLAGS}"
AC_ARG_WITH(bzip2,
AC_HELP_STRING([--with-bzip2=DIR],[look for bzip2 in DIR]),
[
if test -d "$withval" ; then
CPPFLAGS="${CPPFLAGS} -I$withval/include"
LDFLAGS="${LDFLAGS} -L$withval/lib"
fi
],withval="")
# Checking alongside stdio.h as an early version of bzip2 (1.0)
# required stdio.h to be included before bzlib.h, and Solaris 9 is
# woefully out of date.
if test "$withval" != no ; then
AC_CHECK_HEADER(bzlib.h,
AC_CHECK_LIB(bz2,BZ2_bzCompressInit,
[
have_bz2=yes
ZLIBS="$ZLIBS -lbz2"
AC_DEFINE(HAVE_BZIP2,1)
],
CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}),
CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags},[#include ])
fi
fi
fi
AM_CONDITIONAL(ENABLE_BZIP2_SUPPORT,test x"$have_bz2" = "xyes")
AC_SUBST(ZLIBS)
# libusb allows us to use the integrated CCID smartcard reader driver.
# We don't need it if we don't have card support though.
if test "$card_support" = yes ; then
GNUPG_CHECK_LIBUSB
fi
# Check for readline support
GNUPG_CHECK_READLINE
# Allow users to append something to the version string without
# flagging it as development version. The user version parts is
# considered everything after a dash.
if test "$development_version" != yes; then
changequote(,)dnl
tmp_pat='[a-zA-Z]'
changequote([,])dnl
if echo "$VERSION" | sed 's/-.*//' | grep "$tmp_pat" >/dev/null ; then
development_version=yes
fi
fi
if test "$development_version" = yes; then
AC_DEFINE(IS_DEVELOPMENT_VERSION,1,
[Defined if this is not a regular release])
fi
AM_CONDITIONAL(CROSS_COMPILING, test x$cross_compiling = xyes)
# add some extra libs here so that previous tests don't fail for
# mysterious reasons - the final link step should bail out.
case "${host}" in
*-mingw32*)
dnl NETLIBS="$NETLIBS -lwsock32"
W32LIBS="-lwsock32"
;;
*)
;;
esac
AC_SUBST(NETLIBS)
AC_SUBST(W32LIBS)
# Special options used with gcc.
if test "$GCC" = yes; then
# Note that it is okay to use CFLAGS here because this are just
# warning options and the user should have a chance of overriding
#them.
if test "$USE_MAINTAINER_MODE" = "yes"; then
CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes"
CFLAGS="$CFLAGS -Wformat-nonliteral"
else
CFLAGS="$CFLAGS -Wall"
fi
# This is handy for debugging so the compiler doesn't rearrange
# things and eliminate variables.
AC_ARG_ENABLE(optimization,
AC_HELP_STRING([--disable-optimization],
[disable compiler optimization]),
[if test $enableval = no ; then
CFLAGS=`echo $CFLAGS | sed 's/-O[[0-9]]//'`
fi])
AC_MSG_CHECKING([if gcc supports -Wno-pointer-sign])
_gcc_cflags_save=$CFLAGS
CFLAGS="-Wno-pointer-sign"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],_gcc_psign=yes,_gcc_psign=no)
AC_MSG_RESULT($_gcc_psign)
CFLAGS=$_gcc_cflags_save;
if test x"$_gcc_psign" = xyes ; then
CFLAGS="$CFLAGS -Wno-pointer-sign"
fi
fi
CL_AS_NOEXECSTACK
if test "$print_egd_warning" = yes; then
AC_MSG_WARN([[
***
*** The performance of the UNIX random gatherer module is not very good
*** and it does not keep the entropy pool over multiple invocations of
*** GnuPG. The suggested way to overcome this problem is to use the
***
*** Entropy Gathering Daemon (EGD)
***
*** which provides a entropy source for the whole system. It is written
*** in Perl and available at the GnuPG FTP servers. For more information
*** consult the GnuPG webpages:
***
*** http://www.gnupg.org/download/#EGD
***
*** You may want to run ./configure with --enable-static-rnd=egd or
*** --enable-static-rnd=auto to use it.
***]])
fi
AC_CONFIG_FILES([
Makefile
m4/Makefile
intl/Makefile
po/Makefile.in
util/Makefile
mpi/Makefile
cipher/Makefile
g10/Makefile
keyserver/Makefile
keyserver/gpgkeys_mailto
keyserver/gpgkeys_test
doc/Makefile
tools/Makefile
tools/gpg-zip
zlib/Makefile
bzlib/Makefile
checks/Makefile
])
AC_OUTPUT
# Give some feedback
echo
echo " Version info: $PACKAGE_STRING"
echo " Configured for: $PRINTABLE_OS_NAME ($host)"
if test -n "$show_extraasm"; then
echo " Extra cpu specific functions:$show_extraasm"
fi
echo
diff --git a/keyserver/gpgkeys_hkp.c b/keyserver/gpgkeys_hkp.c
index 27d67c6e6..382bee548 100644
--- a/keyserver/gpgkeys_hkp.c
+++ b/keyserver/gpgkeys_hkp.c
@@ -1,978 +1,1065 @@
/* gpgkeys_hkp.c - talk to an HKP keyserver
* Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
* 2009, 2012 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
*
* In addition, as a special exception, the Free Software Foundation
* gives permission to link the code of the keyserver helper tools:
* gpgkeys_ldap, gpgkeys_curl and gpgkeys_hkp with the OpenSSL
* project's "OpenSSL" library (or with modified versions of it that
* use the same license as the "OpenSSL" library), and distribute the
* linked executables. You must obey the GNU General Public License
* in all respects for all of the code used other than "OpenSSL". If
* you modify this file, you may extend this exception to your version
* of the file, but you are not obligated to do so. If you do not
* wish to do so, delete this exception statement from your version.
*/
#include
#include
#include
#include
#include
#include
#ifdef HAVE_GETOPT_H
-#include
+# include
#endif
#ifdef HAVE_LIBCURL
-#include
+# include
+/* This #define rigamarole is to enable a hack to fake DNS SRV using
+ libcurl. It only works if we have getaddrinfo(), inet_ntop(), and
+ a modern enough version of libcurl (7.21.3) so we can use
+ CURLOPT_RESOLVE to feed the resolver from the outside to force
+ libcurl to pass the right SNI. */
+#if (defined(HAVE_GETADDRINFO) && defined(HAVE_INET_NTOP) \
+ && LIBCURL_VERNUM >= 0x071503)
+# include
+# include
+# include
+# include
#else
-#include "curl-shim.h"
+# undef USE_DNS_SRV
+#endif
+#else
+# include "curl-shim.h"
#endif
#ifdef USE_DNS_SRV
-#include "srv.h"
+# include "srv.h"
#endif
#include "compat.h"
#include "keyserver.h"
#include "ksutil.h"
extern char *optarg;
extern int optind;
static FILE *input,*output,*console;
static CURL *curl;
static struct ks_options *opt;
static char errorbuffer[CURL_ERROR_SIZE];
static char *proto,*port;
static size_t
curl_mrindex_writer(const void *ptr,size_t size,size_t nmemb,void *stream)
{
- static int checked=0,swallow=0;
+ static int checked=0;
+ static int swallow=0;
if(!checked)
{
/* If the document begins with a '<', assume it's a HTML
response, which we don't support. Discard the whole message
body. GPG can handle it, but this is an optimization to deal
with it on this side of the pipe. */
const char *buf=ptr;
if(buf[0]=='<')
swallow=1;
checked=1;
}
if(swallow || fwrite(ptr,size,nmemb,stream)==nmemb)
return size*nmemb;
else
return 0;
}
/* Append but avoid creating a double slash // in the path. */
static char *
append_path(char *dest,const char *src)
{
size_t n=strlen(dest);
if(src[0]=='/' && n>0 && dest[n-1]=='/')
dest[n-1]='\0';
return strcat(dest,src);
}
int
send_key(int *eof)
{
CURLcode res;
char request[MAX_URL+15];
int begin=0,end=0,ret=KEYSERVER_INTERNAL_ERROR;
char keyid[17],state[6];
char line[MAX_LINE];
char *key=NULL,*encoded_key=NULL;
size_t keysize=1;
key = xtrymalloc(1);
if(!key)
{
fprintf(console,"gpgkeys: unable to allocate memory for key\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
key[0]='\0';
/* Read and throw away input until we see the BEGIN */
while(fgets(line,MAX_LINE,input)!=NULL)
if(sscanf(line,"KEY%*[ ]%16s%*[ ]%5s\n",keyid,state)==2
&& strcmp(state,"BEGIN")==0)
{
begin=1;
break;
}
if(!begin)
{
/* i.e. eof before the KEY BEGIN was found. This isn't an
error. */
*eof=1;
ret=KEYSERVER_OK;
goto fail;
}
/* Now slurp up everything until we see the END */
while(fgets(line,MAX_LINE,input))
if(sscanf(line,"KEY%*[ ]%16s%*[ ]%3s\n",keyid,state)==2
&& strcmp(state,"END")==0)
{
end=1;
break;
}
else
{
char *tempkey;
keysize+=strlen(line);
tempkey=realloc(key,keysize);
if(tempkey==NULL)
{
fprintf(console,"gpgkeys: unable to reallocate for key\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
else
key=tempkey;
strcat(key,line);
}
if(!end)
{
fprintf(console,"gpgkeys: no KEY %s END found\n",keyid);
*eof=1;
ret=KEYSERVER_KEY_INCOMPLETE;
goto fail;
}
encoded_key=curl_easy_escape(curl,key,keysize);
if(!encoded_key)
{
fprintf(console,"gpgkeys: out of memory\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
free(key);
key=xtrymalloc(8+strlen(encoded_key)+1);
if(!key)
{
fprintf(console,"gpgkeys: out of memory\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
strcpy(key,"keytext=");
strcat(key,encoded_key);
strcpy(request,proto);
strcat(request,"://");
strcat(request,opt->host);
strcat(request,":");
strcat(request,port);
strcat(request,opt->path);
/* request is MAX_URL+15 bytes long - MAX_URL covers the whole URL,
including any supplied path. The 15 covers /pks/add. */
append_path(request,"/pks/add");
if(opt->verbose>2)
fprintf(console,"gpgkeys: HTTP URL is `%s'\n",request);
curl_easy_setopt(curl,CURLOPT_URL,request);
curl_easy_setopt(curl,CURLOPT_POST,1L);
curl_easy_setopt(curl,CURLOPT_POSTFIELDS,key);
curl_easy_setopt(curl,CURLOPT_FAILONERROR,1L);
res=curl_easy_perform(curl);
if(res!=0)
{
fprintf(console,"gpgkeys: HTTP post error %d: %s\n",res,errorbuffer);
ret=curl_err_to_gpg_err(res);
goto fail;
}
else
fprintf(output,"\nKEY %s SENT\n",keyid);
ret=KEYSERVER_OK;
fail:
free(key);
curl_free(encoded_key);
if(ret!=0 && begin)
fprintf(output,"KEY %s FAILED %d\n",keyid,ret);
return ret;
}
static int
get_key(char *getkey)
{
CURLcode res;
char request[MAX_URL+92];
char *offset;
struct curl_writer_ctx ctx;
size_t keylen;
memset(&ctx,0,sizeof(ctx));
/* Build the search string. HKP only uses the short key IDs. */
if(strncmp(getkey,"0x",2)==0)
getkey+=2;
fprintf(output,"KEY 0x%s BEGIN\n",getkey);
if(strlen(getkey)==32)
{
fprintf(console,
"gpgkeys: HKP keyservers do not support v3 fingerprints\n");
fprintf(output,"KEY 0x%s FAILED %d\n",getkey,KEYSERVER_NOT_SUPPORTED);
return KEYSERVER_NOT_SUPPORTED;
}
strcpy(request,proto);
strcat(request,"://");
strcat(request,opt->host);
strcat(request,":");
strcat(request,port);
strcat(request,opt->path);
/* request is MAX_URL+55 bytes long - MAX_URL covers the whole URL,
including any supplied path. The 92 overcovers this /pks/... etc
string plus the 8, 16, or 40 bytes of key id/fingerprint */
append_path(request,"/pks/lookup?op=get&options=mr&search=0x");
/* send only fingerprint, long key id, or short keyid. see:
https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00#section-3.1.1.1 */
keylen = strlen(getkey);
if(keylen >= 40)
offset=&getkey[keylen-40];
else if(keylen >= 16)
offset=&getkey[keylen-16];
else if(keylen >= 8)
offset=&getkey[keylen-8];
else
offset=getkey;
strcat(request,offset);
if(opt->verbose>2)
fprintf(console,"gpgkeys: HTTP URL is `%s'\n",request);
curl_easy_setopt(curl,CURLOPT_URL,request);
curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,curl_writer);
ctx.stream=output;
curl_easy_setopt(curl,CURLOPT_FILE,&ctx);
res=curl_easy_perform(curl);
if(res!=CURLE_OK)
{
fprintf(console,"gpgkeys: HTTP fetch error %d: %s\n",res,errorbuffer);
fprintf(output,"\nKEY 0x%s FAILED %d\n",getkey,curl_err_to_gpg_err(res));
}
else
{
curl_writer_finalize(&ctx);
if(!ctx.flags.done)
{
fprintf(console,"gpgkeys: key %s not found on keyserver\n",getkey);
fprintf(output,"\nKEY 0x%s FAILED %d\n",
getkey,KEYSERVER_KEY_NOT_FOUND);
}
else
fprintf(output,"\nKEY 0x%s END\n",getkey);
}
return KEYSERVER_OK;
}
static int
get_name(const char *getkey)
{
CURLcode res;
char *request=NULL;
char *searchkey_encoded;
int ret=KEYSERVER_INTERNAL_ERROR;
struct curl_writer_ctx ctx;
memset(&ctx,0,sizeof(ctx));
searchkey_encoded=curl_easy_escape(curl,(char *)getkey,0);
if(!searchkey_encoded)
{
fprintf(console,"gpgkeys: out of memory\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
request=xtrymalloc(MAX_URL+60+strlen(searchkey_encoded));
if(!request)
{
fprintf(console,"gpgkeys: out of memory\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
fprintf(output,"NAME %s BEGIN\n",getkey);
strcpy(request,proto);
strcat(request,"://");
strcat(request,opt->host);
strcat(request,":");
strcat(request,port);
strcat(request,opt->path);
append_path(request,"/pks/lookup?op=get&options=mr&search=");
strcat(request,searchkey_encoded);
if(opt->action==KS_GETNAME)
strcat(request,"&exact=on");
if(opt->verbose>2)
fprintf(console,"gpgkeys: HTTP URL is `%s'\n",request);
curl_easy_setopt(curl,CURLOPT_URL,request);
curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,curl_writer);
ctx.stream=output;
curl_easy_setopt(curl,CURLOPT_FILE,&ctx);
res=curl_easy_perform(curl);
if(res!=CURLE_OK)
{
fprintf(console,"gpgkeys: HTTP fetch error %d: %s\n",res,errorbuffer);
ret=curl_err_to_gpg_err(res);
}
else
{
curl_writer_finalize(&ctx);
if(!ctx.flags.done)
{
fprintf(console,"gpgkeys: key %s not found on keyserver\n",getkey);
ret=KEYSERVER_KEY_NOT_FOUND;
}
else
{
fprintf(output,"\nNAME %s END\n",getkey);
ret=KEYSERVER_OK;
}
}
fail:
curl_free(searchkey_encoded);
free(request);
if(ret!=KEYSERVER_OK)
fprintf(output,"\nNAME %s FAILED %d\n",getkey,ret);
return ret;
}
static int
search_key(const char *searchkey)
{
CURLcode res;
char *request=NULL;
char *searchkey_encoded;
int ret=KEYSERVER_INTERNAL_ERROR;
enum ks_search_type search_type;
search_type=classify_ks_search(&searchkey);
if(opt->debug)
fprintf(console,"gpgkeys: search type is %d, and key is \"%s\"\n",
search_type,searchkey);
searchkey_encoded=curl_easy_escape(curl,(char *)searchkey,0);
if(!searchkey_encoded)
{
fprintf(console,"gpgkeys: out of memory\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
request=xtrymalloc(MAX_URL+60+strlen(searchkey_encoded));
if(!request)
{
fprintf(console,"gpgkeys: out of memory\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
fprintf(output,"SEARCH %s BEGIN\n",searchkey);
strcpy(request,proto);
strcat(request,"://");
strcat(request,opt->host);
strcat(request,":");
strcat(request,port);
strcat(request,opt->path);
append_path(request,"/pks/lookup?op=index&options=mr&search=");
/* HKP keyservers like the 0x to be present when searching by
keyid */
if(search_type==KS_SEARCH_KEYID_SHORT || search_type==KS_SEARCH_KEYID_LONG)
strcat(request,"0x");
strcat(request,searchkey_encoded);
if(search_type!=KS_SEARCH_SUBSTR)
strcat(request,"&exact=on");
if(opt->verbose>2)
fprintf(console,"gpgkeys: HTTP URL is `%s'\n",request);
curl_easy_setopt(curl,CURLOPT_URL,request);
curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,curl_mrindex_writer);
curl_easy_setopt(curl,CURLOPT_FILE,output);
res=curl_easy_perform(curl);
if(res!=0)
{
fprintf(console,"gpgkeys: HTTP search error %d: %s\n",res,errorbuffer);
ret=curl_err_to_gpg_err(res);
}
else
{
fprintf(output,"\nSEARCH %s END\n",searchkey);
ret=KEYSERVER_OK;
}
fail:
curl_free(searchkey_encoded);
free(request);
if(ret!=KEYSERVER_OK)
fprintf(output,"\nSEARCH %s FAILED %d\n",searchkey,ret);
return ret;
}
void
fail_all(struct keylist *keylist,int err)
{
if(!keylist)
return;
if(opt->action==KS_SEARCH)
{
fprintf(output,"SEARCH ");
while(keylist)
{
fprintf(output,"%s ",keylist->str);
keylist=keylist->next;
}
fprintf(output,"FAILED %d\n",err);
}
else
while(keylist)
{
fprintf(output,"KEY %s FAILED %d\n",keylist->str,err);
keylist=keylist->next;
}
}
-#ifdef HAVE_LIBCURL
+#if defined(HAVE_LIBCURL) && defined(USE_DNS_SRV)
/* If there is a SRV record, take the highest ranked possibility.
- This is a hack, as we don't proceed downwards. */
+ This is a hack, as we don't proceed downwards if we can't
+ connect(), but only if we can't getaddinfo(). All this should
+ ideally be replaced by actual SRV support in libcurl someday! */
+
+#define HOST_HEADER "Host:"
+
static void
-srv_replace(const char *srvtag)
+srv_replace(const char *srvtag,
+ struct curl_slist **headers, struct curl_slist **resolve)
{
-#ifdef USE_DNS_SRV
struct srventry *srvlist=NULL;
+ int srvcount, srvindex;
+ char *portstr;
if(!srvtag)
return;
+ portstr=malloc (MAX_PORT);
+ if(!portstr)
+ return;
+
if(1+strlen(srvtag)+6+strlen(opt->host)+1<=MAXDNAME)
{
char srvname[MAXDNAME];
strcpy(srvname,"_");
strcat(srvname,srvtag);
strcat(srvname,"._tcp.");
strcat(srvname,opt->host);
- getsrv(srvname,&srvlist);
+ srvcount=getsrv(srvname,&srvlist);
}
- if(srvlist)
+ for(srvindex=0 ; srvindextarget);
- newport=xtrymalloc(MAX_PORT);
- if(newname && newport)
+ if (getaddrinfo (srvlist[srvindex].target, portstr, &hints, &res) == 0)
{
- free(opt->host);
- free(opt->port);
- opt->host=newname;
- snprintf(newport,MAX_PORT,"%u",srvlist->port);
- opt->port=newport;
+ /* Very safe */
+ char ipaddr[INET_ADDRSTRLEN+INET6_ADDRSTRLEN];
+
+ if((res->ai_family==AF_INET
+ && inet_ntop (res->ai_family,
+ &((struct sockaddr_in *)res->ai_addr)->sin_addr,
+ ipaddr,sizeof(ipaddr)))
+ || (res->ai_family==AF_INET6
+ && inet_ntop (res->ai_family,
+ &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr,
+ ipaddr,sizeof(ipaddr))))
+ {
+ char *entry,*host;
+
+ entry=malloc (strlen(opt->host)+1
+ +strlen(portstr)+1+strlen(ipaddr)+1);
+
+ host=malloc (strlen(HOST_HEADER)+1+strlen(opt->host)+1);
+
+ if(entry && host)
+ {
+ sprintf (entry, "%s:%s:%s", opt->host, portstr, ipaddr);
+ sprintf (host, "%s %s", HOST_HEADER, opt->host);
+
+ *resolve=curl_slist_append (*resolve,entry);
+ *headers=curl_slist_append (*headers,host);
+
+ if(*resolve && *headers)
+ {
+ if(curl_easy_setopt (curl,
+ CURLOPT_RESOLVE,*resolve)==CURLE_OK)
+
+ {
+ if(opt->debug)
+ fprintf (console, "gpgkeys: Faking %s SRV from"
+ " %s to %s:%u\n",
+ srvtag, opt->host,
+ srvlist[srvindex].target,
+ srvlist[srvindex].port);
+
+ free (opt->port);
+ opt->port=portstr;
+ portstr=NULL;
+ }
+ }
+ }
+
+ free (entry);
+ free (host);
+ }
+
+ freeaddrinfo (res);
}
else
- {
- free(newname);
- free(newport);
- }
+ continue; /* Not found */
}
-#endif
+
+ free (srvlist);
+ free (portstr);
}
#endif
static void
show_help (FILE *fp)
{
fprintf (fp,"-h, --help\thelp\n");
fprintf (fp,"-V\t\tmachine readable version\n");
fprintf (fp,"--version\thuman readable version\n");
fprintf (fp,"-o\t\toutput to this file\n");
}
int
main(int argc,char *argv[])
{
- int arg,ret=KEYSERVER_INTERNAL_ERROR,try_srv=1;
+ int arg,ret=KEYSERVER_INTERNAL_ERROR;
char line[MAX_LINE];
int failed=0;
struct keylist *keylist=NULL,*keyptr=NULL;
char *proxy=NULL;
struct curl_slist *headers=NULL;
+ struct curl_slist *resolve=NULL;
+
+ /* Only default this to on if we have SRV support */
+#ifdef USE_DNS_SRV
+ int try_srv = 1;
+#else
+ int try_srv = 0;
+#endif
console=stderr;
/* Kludge to implement standard GNU options. */
if (argc > 1 && !strcmp (argv[1], "--version"))
{
printf ("gpgkeys_hkp (GnuPG) %s\n", VERSION);
printf ("Uses: %s\n", curl_version());
return 0;
}
else if (argc > 1 && !strcmp (argv[1], "--help"))
{
show_help (stdout);
return 0;
}
while((arg=getopt(argc,argv,"hVo:"))!=-1)
switch(arg)
{
default:
case 'h':
show_help (console);
return KEYSERVER_OK;
case 'V':
fprintf(stdout,"%d\n%s\n",KEYSERVER_PROTO_VERSION,VERSION);
return KEYSERVER_OK;
case 'o':
output=fopen(optarg,"w");
if(output==NULL)
{
fprintf(console,"gpgkeys: Cannot open output file `%s': %s\n",
optarg,strerror(errno));
return KEYSERVER_INTERNAL_ERROR;
}
break;
}
if(argc>optind)
{
input=fopen(argv[optind],"r");
if(input==NULL)
{
fprintf(console,"gpgkeys: Cannot open input file `%s': %s\n",
argv[optind],strerror(errno));
return KEYSERVER_INTERNAL_ERROR;
}
}
if(input==NULL)
input=stdin;
if(output==NULL)
output=stdout;
opt=init_ks_options();
if(!opt)
return KEYSERVER_NO_MEMORY;
/* Get the command and info block */
while(fgets(line,MAX_LINE,input)!=NULL)
{
int err;
char option[MAX_OPTION+1];
if(line[0]=='\n')
break;
err=parse_ks_options(line,opt);
if(err>0)
{
ret=err;
goto fail;
}
else if(err==0)
continue;
if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "s\n",option)==1)
{
int no=0;
char *start=&option[0];
option[MAX_OPTION]='\0';
if(ascii_strncasecmp(option,"no-",3)==0)
{
no=1;
start=&option[3];
}
if(ascii_strncasecmp(start,"http-proxy",10)==0)
{
if(no)
{
free(proxy);
proxy=strdup("");
}
else if(start[10]=='=')
{
if(strlen(&start[11])scheme)
{
fprintf(console,"gpgkeys: no scheme supplied!\n");
ret=KEYSERVER_SCHEME_NOT_FOUND;
goto fail;
}
/* Defaults */
if(ascii_strcasecmp(opt->scheme,"hkps")==0)
{
proto="https";
port="443";
}
else
{
proto="http";
port="11371";
}
if(!opt->host)
{
fprintf(console,"gpgkeys: no keyserver host provided\n");
goto fail;
}
if(opt->timeout && register_timeout()==-1)
{
fprintf(console,"gpgkeys: unable to register timeout handler\n");
return KEYSERVER_INTERNAL_ERROR;
}
curl_global_init(CURL_GLOBAL_DEFAULT);
curl=curl_easy_init();
if(!curl)
{
fprintf(console,"gpgkeys: unable to initialize curl\n");
ret=KEYSERVER_INTERNAL_ERROR;
goto fail;
}
+ if(opt->debug)
+ {
+ fprintf(console,"gpgkeys: curl version = %s\n",curl_version());
+ curl_easy_setopt(curl,CURLOPT_STDERR,console);
+ curl_easy_setopt(curl,CURLOPT_VERBOSE,1L);
+ }
+
/* Only use SRV if the user does not provide a :port. The semantics
of a specified port and SRV do not play well together. */
if(!opt->port && try_srv)
{
char *srvtag;
if(ascii_strcasecmp(opt->scheme,"hkp")==0)
srvtag="pgpkey-http";
else if(ascii_strcasecmp(opt->scheme,"hkps")==0)
srvtag="pgpkey-https";
else
srvtag=NULL;
#ifdef HAVE_LIBCURL
/* We're using libcurl, so fake SRV support via our wrapper.
This isn't as good as true SRV support, as we do not try all
possible targets at one particular level and work our way
down the list, but it's better than nothing. */
- srv_replace(srvtag);
+#ifdef USE_DNS_SRV
+ srv_replace(srvtag,&headers,&resolve);
#else
+ fprintf(console,"gpgkeys: try-dns-srv was requested, but not SRV capable\n");
+#endif
+#else /* !HAVE_LIBCURL */
/* We're using our internal curl shim, so we can use its (true)
SRV support. Obviously, CURLOPT_SRVTAG_GPG_HACK isn't a real
libcurl option. It's specific to our shim. */
curl_easy_setopt(curl,CURLOPT_SRVTAG_GPG_HACK,srvtag);
#endif
}
/* If the user provided a port (or it came in via SRV, above),
replace the default. */
if(opt->port)
port=opt->port;
curl_easy_setopt(curl,CURLOPT_ERRORBUFFER,errorbuffer);
if(opt->auth)
curl_easy_setopt(curl,CURLOPT_USERPWD,opt->auth);
- if(opt->debug)
- {
- fprintf(console,"gpgkeys: curl version = %s\n",curl_version());
- curl_easy_setopt(curl,CURLOPT_STDERR,console);
- curl_easy_setopt(curl,CURLOPT_VERBOSE,1L);
- }
-
curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert);
curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file);
/* Avoid caches to get the most recent copy of the key. This is bug
#1061. In pre-curl versions of the code, we didn't do it. Then
we did do it (as a curl default) until curl changed the default.
Now we're doing it again, but in such a way that changing
defaults in the future won't impact us. We set both the Pragma
and Cache-Control versions of the header, so we're good with both
HTTP 1.0 and 1.1. */
headers=curl_slist_append(headers,"Pragma: no-cache");
if(headers)
headers=curl_slist_append(headers,"Cache-Control: no-cache");
if(!headers)
{
fprintf(console,"gpgkeys: out of memory when building HTTP headers\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
curl_easy_setopt(curl,CURLOPT_HTTPHEADER,headers);
if(proxy)
curl_easy_setopt(curl,CURLOPT_PROXY,proxy);
/* If it's a GET or a SEARCH, the next thing to come in is the
keyids. If it's a SEND, then there are no keyids. */
if(opt->action==KS_SEND)
while(fgets(line,MAX_LINE,input)!=NULL && line[0]!='\n');
else if(opt->action==KS_GET
|| opt->action==KS_GETNAME || opt->action==KS_SEARCH)
{
for(;;)
{
struct keylist *work;
if(fgets(line,MAX_LINE,input)==NULL)
break;
else
{
if(line[0]=='\n' || line[0]=='\0')
break;
work=xtrymalloc(sizeof(struct keylist));
if(work==NULL)
{
fprintf(console,"gpgkeys: out of memory while "
"building key list\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
strcpy(work->str,line);
/* Trim the trailing \n */
work->str[strlen(line)-1]='\0';
work->next=NULL;
/* Always attach at the end to keep the list in proper
order for searching */
if(keylist==NULL)
keylist=work;
else
keyptr->next=work;
keyptr=work;
}
}
}
else
{
fprintf(console,"gpgkeys: no keyserver command specified\n");
goto fail;
}
/* Send the response */
fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
fprintf(output,"PROGRAM %s %s\n\n",VERSION,curl_version());
if(opt->verbose>1)
{
fprintf(console,"Host:\t\t%s\n",opt->host);
if(opt->port)
fprintf(console,"Port:\t\t%s\n",opt->port);
if(strcmp(opt->path,"/")!=0)
fprintf(console,"Path:\t\t%s\n",opt->path);
fprintf(console,"Command:\t%s\n",ks_action_to_string(opt->action));
}
if(opt->action==KS_GET)
{
keyptr=keylist;
while(keyptr!=NULL)
{
set_timeout(opt->timeout);
if(get_key(keyptr->str)!=KEYSERVER_OK)
failed++;
keyptr=keyptr->next;
}
}
else if(opt->action==KS_GETNAME)
{
keyptr=keylist;
while(keyptr!=NULL)
{
set_timeout(opt->timeout);
if(get_name(keyptr->str)!=KEYSERVER_OK)
failed++;
keyptr=keyptr->next;
}
}
else if(opt->action==KS_SEND)
{
int eof=0;
do
{
set_timeout(opt->timeout);
if(send_key(&eof)!=KEYSERVER_OK)
failed++;
}
while(!eof);
}
else if(opt->action==KS_SEARCH)
{
char *searchkey=NULL;
int len=0;
set_timeout(opt->timeout);
/* To search, we stick a space in between each key to search
for. */
keyptr=keylist;
while(keyptr!=NULL)
{
len+=strlen(keyptr->str)+1;
keyptr=keyptr->next;
}
searchkey=xtrymalloc(len+1);
if(searchkey==NULL)
{
ret=KEYSERVER_NO_MEMORY;
fail_all(keylist,KEYSERVER_NO_MEMORY);
goto fail;
}
searchkey[0]='\0';
keyptr=keylist;
while(keyptr!=NULL)
{
strcat(searchkey,keyptr->str);
strcat(searchkey," ");
keyptr=keyptr->next;
}
/* Nail that last space */
if(*searchkey)
searchkey[strlen(searchkey)-1]='\0';
if(search_key(searchkey)!=KEYSERVER_OK)
failed++;
free(searchkey);
}
else
abort();
if(!failed)
ret=KEYSERVER_OK;
fail:
while(keylist!=NULL)
{
struct keylist *current=keylist;
keylist=keylist->next;
free(current);
}
if(input!=stdin)
fclose(input);
if(output!=stdout)
fclose(output);
free_ks_options(opt);
curl_slist_free_all(headers);
+ curl_slist_free_all(resolve);
if(curl)
curl_easy_cleanup(curl);
free(proxy);
return ret;
}
diff --git a/m4/libcurl.m4 b/m4/libcurl.m4
index c763146a3..ce02add7b 100644
--- a/m4/libcurl.m4
+++ b/m4/libcurl.m4
@@ -1,261 +1,271 @@
# LIBCURL_CHECK_CONFIG ([DEFAULT-ACTION], [MINIMUM-VERSION],
# [ACTION-IF-YES], [ACTION-IF-NO])
# ----------------------------------------------------------
# David Shaw Jan-16-2007
#
# Checks for libcurl. DEFAULT-ACTION is the string yes or no to
# specify whether to default to --with-libcurl or --without-libcurl.
# If not supplied, DEFAULT-ACTION is yes. MINIMUM-VERSION is the
# minimum version of libcurl to accept. Pass the version as a regular
# version number like 7.10.1. If not supplied, any version is
# accepted. ACTION-IF-YES is a list of shell commands to run if
# libcurl was successfully found and passed the various tests.
# ACTION-IF-NO is a list of shell commands that are run otherwise.
# Note that using --without-libcurl does run ACTION-IF-NO.
#
# This macro #defines HAVE_LIBCURL if a working libcurl setup is
# found, and sets @LIBCURL@ and @LIBCURL_CPPFLAGS@ to the necessary
# values. Other useful defines are LIBCURL_FEATURE_xxx where xxx are
# the various features supported by libcurl, and LIBCURL_PROTOCOL_yyy
# where yyy are the various protocols supported by libcurl. Both xxx
# and yyy are capitalized. See the list of AH_TEMPLATEs at the top of
# the macro for the complete list of possible defines. Shell
# variables $libcurl_feature_xxx and $libcurl_protocol_yyy are also
# defined to 'yes' for those features and protocols that were found.
# Note that xxx and yyy keep the same capitalization as in the
# curl-config list (e.g. it's "HTTP" and not "http").
#
# Users may override the detected values by doing something like:
# LIBCURL="-lcurl" LIBCURL_CPPFLAGS="-I/usr/myinclude" ./configure
#
# For the sake of sanity, this macro assumes that any libcurl that is
# found is after version 7.7.2, the first version that included the
# curl-config script. Note that it is very important for people
# packaging binary versions of libcurl to include this script!
# Without curl-config, we can only guess what protocols are available,
# or use curl_version_info to figure it out at runtime.
AC_DEFUN([LIBCURL_CHECK_CONFIG],
[
AH_TEMPLATE([LIBCURL_FEATURE_SSL],[Defined if libcurl supports SSL])
AH_TEMPLATE([LIBCURL_FEATURE_KRB4],[Defined if libcurl supports KRB4])
AH_TEMPLATE([LIBCURL_FEATURE_IPV6],[Defined if libcurl supports IPv6])
AH_TEMPLATE([LIBCURL_FEATURE_LIBZ],[Defined if libcurl supports libz])
AH_TEMPLATE([LIBCURL_FEATURE_ASYNCHDNS],[Defined if libcurl supports AsynchDNS])
AH_TEMPLATE([LIBCURL_FEATURE_IDN],[Defined if libcurl supports IDN])
AH_TEMPLATE([LIBCURL_FEATURE_SSPI],[Defined if libcurl supports SSPI])
AH_TEMPLATE([LIBCURL_FEATURE_NTLM],[Defined if libcurl supports NTLM])
AH_TEMPLATE([LIBCURL_PROTOCOL_HTTP],[Defined if libcurl supports HTTP])
AH_TEMPLATE([LIBCURL_PROTOCOL_HTTPS],[Defined if libcurl supports HTTPS])
AH_TEMPLATE([LIBCURL_PROTOCOL_FTP],[Defined if libcurl supports FTP])
AH_TEMPLATE([LIBCURL_PROTOCOL_FTPS],[Defined if libcurl supports FTPS])
AH_TEMPLATE([LIBCURL_PROTOCOL_FILE],[Defined if libcurl supports FILE])
AH_TEMPLATE([LIBCURL_PROTOCOL_TELNET],[Defined if libcurl supports TELNET])
AH_TEMPLATE([LIBCURL_PROTOCOL_LDAP],[Defined if libcurl supports LDAP])
AH_TEMPLATE([LIBCURL_PROTOCOL_DICT],[Defined if libcurl supports DICT])
AH_TEMPLATE([LIBCURL_PROTOCOL_TFTP],[Defined if libcurl supports TFTP])
AC_ARG_WITH(libcurl,
AC_HELP_STRING([--with-libcurl=DIR],[look for the curl library in DIR]),
[_libcurl_with=$withval],[_libcurl_with=m4_if([$1],,[yes],[$1])])
if test "$_libcurl_with" != "no" ; then
AC_PROG_AWK
_libcurl_version_parse="eval $AWK '{split(\$NF,A,\".\"); X=256*256*A[[1]]+256*A[[2]]+A[[3]]; print X;}'"
+ # More recent versions of curl-config have a direct --vernum
+ # option, but we'd like this code to work with older versions as
+ # well, so just convert --version.
+ _libcurl_vernum_parse="eval $AWK '{printf \"0x%06X\",\$NF}'"
+
_libcurl_try_link=yes
if test -d "$_libcurl_with" ; then
LIBCURL_CPPFLAGS="-I$withval/include"
_libcurl_ldflags="-L$withval/lib"
AC_PATH_PROG([_libcurl_config],["$withval/bin/curl-config"])
else
AC_PATH_PROG([_libcurl_config],[curl-config])
fi
if test x$_libcurl_config != "x" ; then
AC_CACHE_CHECK([for the version of libcurl],
[libcurl_cv_lib_curl_version],
[libcurl_cv_lib_curl_version=`$_libcurl_config --version | $AWK '{print $[]2}'`])
_libcurl_version=`echo $libcurl_cv_lib_curl_version | $_libcurl_version_parse`
_libcurl_wanted=`echo m4_if([$2],,[0],[$2]) | $_libcurl_version_parse`
if test $_libcurl_wanted -gt 0 ; then
AC_CACHE_CHECK([for libcurl >= version $2],
[libcurl_cv_lib_version_ok],
[
if test $_libcurl_version -ge $_libcurl_wanted ; then
libcurl_cv_lib_version_ok=yes
else
libcurl_cv_lib_version_ok=no
fi
])
fi
if test $_libcurl_wanted -eq 0 || test x$libcurl_cv_lib_version_ok = xyes ; then
if test x"$LIBCURL_CPPFLAGS" = "x" ; then
LIBCURL_CPPFLAGS=`$_libcurl_config --cflags`
fi
if test x"$LIBCURL" = "x" ; then
LIBCURL=`$_libcurl_config --libs`
# This is so silly, but Apple actually has a bug in their
# curl-config script. Fixed in Tiger, but there are still
# lots of Panther installs around.
case "${host}" in
powerpc-apple-darwin7*)
LIBCURL=`echo $LIBCURL | sed -e 's|-arch i386||g'`
;;
esac
fi
# All curl-config scripts support --feature
_libcurl_features=`$_libcurl_config --feature`
# Is it modern enough to have --protocols? (7.12.4)
if test $_libcurl_version -ge 461828 ; then
_libcurl_protocols=`$_libcurl_config --protocols`
fi
else
_libcurl_try_link=no
fi
unset _libcurl_wanted
fi
if test $_libcurl_try_link = yes ; then
# we didn't find curl-config, so let's see if the user-supplied
# link line (or failing that, "-lcurl") is enough.
LIBCURL=${LIBCURL-"$_libcurl_ldflags -lcurl"}
AC_CACHE_CHECK([whether libcurl is usable],
[libcurl_cv_lib_curl_usable],
[
_libcurl_save_cppflags=$CPPFLAGS
CPPFLAGS="$LIBCURL_CPPFLAGS $CPPFLAGS"
_libcurl_save_libs=$LIBS
LIBS="$LIBCURL $LIBS"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]],[[
/* Try and use a few common options to force a failure if we are
missing symbols or can't link. */
int x;
curl_easy_setopt(NULL,CURLOPT_URL,NULL);
x=CURL_ERROR_SIZE;
x=CURLOPT_WRITEFUNCTION;
x=CURLOPT_FILE;
x=CURLOPT_ERRORBUFFER;
x=CURLOPT_STDERR;
x=CURLOPT_VERBOSE;
]])],libcurl_cv_lib_curl_usable=yes,libcurl_cv_lib_curl_usable=no)
CPPFLAGS=$_libcurl_save_cppflags
LIBS=$_libcurl_save_libs
unset _libcurl_save_cppflags
unset _libcurl_save_libs
])
if test $libcurl_cv_lib_curl_usable = yes ; then
_libcurl_save_cppflags=$CPPFLAGS
CPPFLAGS="$CPPFLAGS $LIBCURL_CPPFLAGS"
_libcurl_save_libs=$LIBS
LIBS="$LIBS $LIBCURL"
# Check for some libcurl functions that aren't in all
# versions.
AC_CHECK_FUNCS([curl_free curl_easy_escape curl_easy_unescape])
AH_BOTTOM([
#ifdef HAVE_LIBCURL
/* Define curl_free() via free() if our version of curl lacks
curl_free() */
#if !defined(curl_free) && !defined(HAVE_CURL_FREE)
#define curl_free(a) free((a))
#endif
/* Define curl_easy_escape() via curl_escape() if our version of curl
lacks curl_easy_escape() */
#if !defined(curl_easy_escape) && !defined(HAVE_CURL_EASY_ESCAPE)
#define curl_easy_escape(a,b,c) curl_escape((b),(c))
#endif
/* Define curl_easy_unescape() via curl_unescape() if our version of
curl lacks curl_easy_unescape() */
#if !defined(curl_easy_unescape) && !defined(HAVE_CURL_EASY_UNESCAPE)
#define curl_easy_unescape(a,b,c) curl_unescape((b),(c))
#endif
#endif /* HAVE_LIBCURL */
])
CPPFLAGS=$_libcurl_save_cppflags
LIBS=$_libcurl_save_libs
unset _libcurl_save_cppflags
unset _libcurl_save_libs
AC_DEFINE(HAVE_LIBCURL,1,
[Define to 1 if you have a functional curl library.])
AC_SUBST(LIBCURL_CPPFLAGS)
AC_SUBST(LIBCURL)
+ _libcurl_vernum=`echo $_libcurl_version | $_libcurl_vernum_parse`
+
+ AC_DEFINE_UNQUOTED(LIBCURL_VERNUM,$_libcurl_vernum,[The version of the libcurl library in packed hex form])
+
for _libcurl_feature in $_libcurl_features ; do
AC_DEFINE_UNQUOTED(AS_TR_CPP(libcurl_feature_$_libcurl_feature),[1])
eval AS_TR_SH(libcurl_feature_$_libcurl_feature)=yes
done
if test "x$_libcurl_protocols" = "x" ; then
# We don't have --protocols, so just assume that all
# protocols are available
_libcurl_protocols="HTTP FTP FILE TELNET LDAP DICT"
if test x$libcurl_feature_SSL = xyes ; then
_libcurl_protocols="$_libcurl_protocols HTTPS"
# FTPS wasn't standards-compliant until version
# 7.11.0
if test $_libcurl_version -ge 461568; then
_libcurl_protocols="$_libcurl_protocols FTPS"
fi
fi
fi
for _libcurl_protocol in $_libcurl_protocols ; do
AC_DEFINE_UNQUOTED(AS_TR_CPP(libcurl_protocol_$_libcurl_protocol),[1])
eval AS_TR_SH(libcurl_protocol_$_libcurl_protocol)=yes
done
else
unset LIBCURL
unset LIBCURL_CPPFLAGS
fi
fi
unset _libcurl_try_link
unset _libcurl_version_parse
unset _libcurl_config
unset _libcurl_feature
unset _libcurl_features
unset _libcurl_protocol
unset _libcurl_protocols
unset _libcurl_version
+ unset _libcurl_vernum
unset _libcurl_ldflags
fi
if test x$_libcurl_with = xno || test x$libcurl_cv_lib_curl_usable != xyes ; then
# This is the IF-NO path
m4_if([$4],,:,[$4])
else
# This is the IF-YES path
m4_if([$3],,:,[$3])
fi
unset _libcurl_with
])dnl