AC_PREREQ([2.67])
-AC_INIT([cryptsetup],[1.4.1])
+AC_INIT([cryptsetup],[1.4.3])
dnl library version from <major>.<minor>.<release>[-<suffix>]
LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)
-LIBCRYPTSETUP_VERSION_INFO=5:0:1
+LIBCRYPTSETUP_VERSION_INFO=6:0:2
AC_CONFIG_SRCDIR(src/cryptsetup.c)
AC_CONFIG_MACRO_DIR([m4])
LIBS=$saved_LIBS
dnl ==========================================================================
+dnl FIPS extensions
+AC_ARG_ENABLE([fips], AS_HELP_STRING([--enable-fips],[enable FIPS mode restrictions]),
+[with_fips=$enableval],
+[with_fips=no])
+
+if test "x$with_fips" = "xyes"; then
+ AC_DEFINE(ENABLE_FIPS, 1, [Enable FIPS mode restrictions])
+
+ if test "x$enable_static" = "xyes" -o "x$enable_static_cryptsetup" = "xyes" ; then
+ AC_MSG_ERROR([Static build is not compatible with FIPS.])
+ fi
+
+ saved_LIBS=$LIBS
+ AC_CHECK_LIB(fipscheck, FIPSCHECK_verify, ,[AC_MSG_ERROR([You need the fipscheck library.])])
+ AC_SUBST(FIPSCHECK_LIBS, $LIBS)
+ LIBS=$saved_LIBS
+
+fi
+
+AC_DEFUN([NO_FIPS], [
+ if test "x$with_fips" = "xyes"; then
+ AC_MSG_ERROR([This option is not compatible with FIPS.])
+ fi
+])
+
+dnl ==========================================================================
dnl Crypto backend functions
AC_DEFUN([CONFIGURE_GCRYPT], [
- AM_PATH_LIBGCRYPT(1.1.42,,[AC_MSG_ERROR([You need the gcrypt library.])])
+ if test "x$with_fips" = "xyes"; then
+ GCRYPT_REQ_VERSION=1.4.5
+ else
+ GCRYPT_REQ_VERSION=1.1.42
+ fi
+ AM_PATH_LIBGCRYPT($GCRYPT_REQ_VERSION,,[AC_MSG_ERROR([You need the gcrypt library.])])
if test x$enable_static_cryptsetup = xyes; then
saved_LIBS=$LIBS
CRYPTO_CFLAGS=$LIBGCRYPT_CFLAGS
CRYPTO_LIBS=$LIBGCRYPT_LIBS
CRYPTO_STATIC_LIBS=$LIBGCRYPT_STATIC_LIBS
+
+ AC_DEFINE_UNQUOTED(GCRYPT_REQ_VERSION, ["$GCRYPT_REQ_VERSION"], [Requested gcrypt version])
])
AC_DEFUN([CONFIGURE_OPENSSL], [
CRYPTO_STATIC_LIBS=$OPENSSL_LIBS
PKG_CONFIG=$saved_PKG_CONFIG
fi
+ NO_FIPS([])
])
AC_DEFUN([CONFIGURE_NSS], [
PKG_CHECK_MODULES([NSS], [nss],,
AC_MSG_ERROR([You need nss library.]))
+
+ saved_CFLAGS=$CFLAGS
+ CFLAGS="$CFLAGS $NSS_CFLAGS"
+ AC_CHECK_DECLS([NSS_GetVersion], [], [], [#include <nss.h>])
+ CFLAGS=$saved_CFLAGS
+
CRYPTO_CFLAGS=$NSS_CFLAGS
CRYPTO_LIBS=$NSS_LIBS
+ NO_FIPS([])
])
AC_DEFUN([CONFIGURE_KERNEL], [
# AC_CHECK_DECLS([AF_ALG],,
# [AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])],
# [#include <sys/socket.h>])
-
+ NO_FIPS([])
])
AC_DEFUN([CONFIGURE_NETTLE], [
LIBS=$saved_LIBS
CRYPTO_STATIC_LIBS=$CRYPTO_LIBS
+ NO_FIPS([])
])
dnl ==========================================================================
enable_static=yes
fi
fi
-AM_CONDITIONAL(STATIC_CRYPTSETUP, test x$enable_static_cryptsetup = xyes)
+AM_CONDITIONAL(STATIC_TOOLS, test x$enable_static_cryptsetup = xyes)
+
+AC_ARG_ENABLE(veritysetup,
+ AS_HELP_STRING([--disable-veritysetup],
+ [disable veritysetup support]),[], [enable_veritysetup=yes])
+AM_CONDITIONAL(VERITYSETUP, test x$enable_veritysetup = xyes)
AC_ARG_ENABLE(selinux,
AS_HELP_STRING([--disable-selinux],
LIBS="$LIBS $DEVMAPPER_LIBS"
AC_CHECK_DECLS([dm_task_secure_data], [], [], [#include <libdevmapper.h>])
+AC_CHECK_DECLS([dm_task_retry_remove], [], [], [#include <libdevmapper.h>])
AC_CHECK_DECLS([DM_UDEV_DISABLE_DISK_RULES_FLAG], [have_cookie=yes], [have_cookie=no], [#include <libdevmapper.h>])
if test "x$enable_udev" = xyes; then
if test "x$have_cookie" = xno; then
lib/crypto_backend/Makefile
lib/luks1/Makefile
lib/loopaes/Makefile
+lib/verity/Makefile
src/Makefile
po/Makefile.in
man/Makefile