+ NO_FIPS([])
+])
+
+AC_DEFUN([CONFIGURE_NSS], [
+ if test x$enable_static_cryptsetup = xyes; then
+ AC_MSG_ERROR([Static build of cryptsetup is not supported with NSS.])
+ fi
+
+ AC_MSG_WARN([NSS backend does NOT provide backward compatibility (missing ripemd160 hash).])
+
+ PKG_CHECK_MODULES([NSS], [nss],,
+ AC_MSG_ERROR([You need nss library.]))
+
+ saved_CFLAGS=$CFLAGS
+ CFLAGS="$CFLAGS $NSS_CFLAGS"
+ AC_CHECK_DECLS([NSS_GetVersion], [], [], [#include <nss.h>])
+ CFLAGS=$saved_CFLAGS
+
+ CRYPTO_CFLAGS=$NSS_CFLAGS
+ CRYPTO_LIBS=$NSS_LIBS
+ NO_FIPS([])
+])
+
+AC_DEFUN([CONFIGURE_KERNEL], [
+ AC_CHECK_HEADERS(linux/if_alg.h,,
+ [AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])])
+# AC_CHECK_DECLS([AF_ALG],,
+# [AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])],
+# [#include <sys/socket.h>])
+ NO_FIPS([])
+])
+
+AC_DEFUN([CONFIGURE_NETTLE], [
+ AC_CHECK_HEADERS(nettle/sha.h,,
+ [AC_MSG_ERROR([You need Nettle cryptographic library.])])
+
+ saved_LIBS=$LIBS
+ AC_CHECK_LIB(nettle, nettle_ripemd160_init,,
+ [AC_MSG_ERROR([You need Nettle library version 2.4 or more recent.])])
+ CRYPTO_LIBS=$LIBS
+ LIBS=$saved_LIBS
+
+ CRYPTO_STATIC_LIBS=$CRYPTO_LIBS
+ NO_FIPS([])
+])
+
+dnl ==========================================================================
+saved_LIBS=$LIBS
+
+AC_ARG_ENABLE([static-cryptsetup],
+ AS_HELP_STRING([--enable-static-cryptsetup],
+ [enable build of static cryptsetup binary]))
+if test x$enable_static_cryptsetup = xyes; then
+ if test x$enable_static = xno; then
+ AC_MSG_WARN([Requested static cryptsetup build, enabling static library.])
+ enable_static=yes
+ fi
+fi
+AM_CONDITIONAL(STATIC_TOOLS, test x$enable_static_cryptsetup = xyes)
+
+AC_ARG_ENABLE(veritysetup,
+ AS_HELP_STRING([--disable-veritysetup],
+ [disable veritysetup support]),[], [enable_veritysetup=yes])
+AM_CONDITIONAL(VERITYSETUP, test x$enable_veritysetup = xyes)
+
+AC_ARG_ENABLE([cryptsetup-reencrypt],
+ AS_HELP_STRING([--enable-cryptsetup-reencrypt],
+ [enable cryptsetup-reencrypt tool]))
+AM_CONDITIONAL(REENCRYPT, test x$enable_cryptsetup_reencrypt = xyes)
+
+AC_ARG_ENABLE(selinux,
+ AS_HELP_STRING([--disable-selinux],
+ [disable selinux support [default=auto]]),[], [])
+
+AC_ARG_ENABLE([udev],
+ AS_HELP_STRING([--disable-udev],
+ [disable udev support]),[], enable_udev=yes)
+
+dnl Try to use pkg-config for devmapper, but fallback to old detection
+PKG_CHECK_MODULES([DEVMAPPER], [devmapper >= 1.02.03],, [