Add our own autoconf check for libgcrypt.

[meshlink] / configure.ac

diff --git a/configure.ac b/configure.ac
index 8b7c07a6488c9d44a94451336b7995fd09fd0d6d..c5b0d23a6ff3c8ce91af244c73e55cf803f1e99e 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1,7 +1,7 @@
 dnl Process this file with autoconf to produce a configure script.
 
 AC_PREREQ(2.61)
 dnl Process this file with autoconf to produce a configure script.
 
 AC_PREREQ(2.61)

-AC_INIT([tinc], [1.1pre8])
+AC_INIT([tinc], [1.1pre9])

 AC_CONFIG_SRCDIR([src/tincd.c])
 AC_GNU_SOURCE
 AM_INIT_AUTOMAKE([check-news std-options subdir-objects -Wall])
 AC_CONFIG_SRCDIR([src/tincd.c])
 AC_GNU_SOURCE
 AM_INIT_AUTOMAKE([check-news std-options subdir-objects -Wall])


@@ -109,7 +109,7 @@ AC_ARG_ENABLE(tunemu,
 )
 
 AC_ARG_WITH(windows2000,
 )
 
 AC_ARG_WITH(windows2000,

-  AS_HELP_STRING([--without-windows2000], [compile with support for Windows 2000. This disables support for tunneling over existing IPv6 networks.]),
+  AS_HELP_STRING([--with-windows2000], [compile with support for Windows 2000. This disables support for tunneling over existing IPv6 networks.]),

   [ AS_IF([test "x$with_windows2000" = "xyes"],
       [AC_DEFINE(WITH_WINDOWS2000, 1, [Compile with support for Windows 2000])])
   ]
   [ AS_IF([test "x$with_windows2000" = "xyes"],
       [AC_DEFINE(WITH_WINDOWS2000, 1, [Compile with support for Windows 2000])])
   ]


@@ -133,6 +133,30 @@ if test -d /sw/lib ; then
   LIBS="$LIBS -L/sw/lib"
 fi
 
   LIBS="$LIBS -L/sw/lib"
 fi
 

+dnl Compiler hardening flags
+
+AC_ARG_ENABLE([hardening], AS_HELP_STRING([--disable-hardening], [disable compiler and linker hardening flags]))
+AS_IF([test "x$enable_hardening" != "xno"],
+  [AX_CHECK_COMPILE_FLAG([-DFORTIFY_SOURCE=2], [CPPFLAGS="$CPPFLAGS -DFORITFY_SOURCE=2"])
+   AX_CHECK_COMPILE_FLAG([-fno-strict-overflow], [CPPFLAGS="$CPPFLAGS -fno-strict-overflow"])
+   AX_CHECK_COMPILE_FLAG([-fwrapv], [CPPFLAGS="$CPPFLAGS -fwrapv"])
+   case $host_os in
+     *mingw*)
+       AX_CHECK_LINK_FLAG([-Wl,--dynamicbase], [LDFLAGS="$LDFLAGS -Wl,--dynamicbase"])
+       AX_CHECK_LINK_FLAG([-Wl,--nxcompat], [LDFLAGS="$LDFLAGS -Wl,--nxcompat"])
+       # TODO: get -fstack-protector-all working with MinGW
+       ;;
+     *)
+       AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [CPPFLAGS="$CPPFLAGS -fstack-protector-all"])
+       AX_CHECK_COMPILE_FLAG([-fPIE], [CPPFLAGS="$CPPFLAGS -fPIE"])
+       AX_CHECK_LINK_FLAG([-pie], [LDFLAGS="$LDFLAGS -pie"])
+       ;;
+   esac
+   AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="$LDFLAGS -Wl,-z,relro"])
+   AX_CHECK_LINK_FLAG([-Wl,-z,now], [LDFLAGS="$LDFLAGS -Wl,-z,now"])
+  ]
+);
+

 dnl Checks for header files.
 dnl We do this in multiple stages, because unlike Linux all the other operating systems really suck and don't include their own dependencies.
 
 dnl Checks for header files.
 dnl We do this in multiple stages, because unlike Linux all the other operating systems really suck and don't include their own dependencies.
 


@@ -193,20 +217,20 @@ tinc_READLINE
 tinc_ZLIB
 tinc_LZO
 
 tinc_ZLIB
 tinc_LZO
 

-if test "$with_libgcrypt" = yes; then
+if test "x$with_libgcrypt" != "xno"; then

        gcrypt=true
        gcrypt=true

-       AM_PATH_LIBGCRYPT([1.4.0], [], [])
+       tinc_LIBGCRYPT

 else
        openssl=true
        tinc_OPENSSL
 fi
        
 else
        openssl=true
        tinc_OPENSSL
 fi
        

-AM_CONDITIONAL(OPENSSL, test "$openssl" = true)
-AM_CONDITIONAL(GCRYPT, test "$grypt" = true)
+AM_CONDITIONAL(OPENSSL, test -n "$openssl")
+AM_CONDITIONAL(GCRYPT, test -n "$gcrypt")

 
 dnl Check if support for jumbograms is requested 
 AC_ARG_ENABLE(jumbograms,
 
 dnl Check if support for jumbograms is requested 
 AC_ARG_ENABLE(jumbograms,

-  AS_HELP_STRING([--disable-jumbograms], [enable support for jumbograms (packets up to 9000 bytes)]),
+  AS_HELP_STRING([--enable-jumbograms], [enable support for jumbograms (packets up to 9000 bytes)]),

   [ AS_IF([test "x$enable_jumbograms" = "xyes"],
       [ AC_DEFINE(ENABLE_JUMBOGRAMS, 1, [Support for jumbograms (packets up to 9000 bytes)]) ])
   ]
   [ AS_IF([test "x$enable_jumbograms" = "xyes"],
       [ AC_DEFINE(ENABLE_JUMBOGRAMS, 1, [Support for jumbograms (packets up to 9000 bytes)]) ])
   ]