AC_PREREQ([2.67])
-AC_INIT([cryptsetup],[2.3.7])
+AC_INIT([cryptsetup],[2.6.1])
dnl library version from <major>.<minor>.<release>[-<suffix>]
LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)
-LIBCRYPTSETUP_VERSION_INFO=18:0:6
+LIBCRYPTSETUP_VERSION_INFO=21:0:9
AM_SILENT_RULES([yes])
AC_CONFIG_SRCDIR(src/cryptsetup.c)
# For old automake use this
#AM_INIT_AUTOMAKE(dist-xz subdir-objects)
-AM_INIT_AUTOMAKE([dist-xz 1.12 serial-tests subdir-objects])
+AM_INIT_AUTOMAKE([dist-xz 1.12 serial-tests subdir-objects foreign])
if test "x$prefix" = "xNONE"; then
sysconfdir=/etc
AC_PROG_CC
AM_PROG_CC_C_O
AC_PROG_CPP
+AC_PROG_CXX
AC_PROG_INSTALL
AC_PROG_MAKE_SET
+AC_PROG_MKDIR_P
AC_ENABLE_STATIC(no)
LT_INIT
PKG_PROG_PKG_CONFIG
-AM_ICONV
dnl ==========================================================================
dnl define PKG_CHECK_VAR for old pkg-config <= 0.28
])
])
dnl ==========================================================================
+dnl AsciiDoc manual pages
+
+AC_ARG_ENABLE([asciidoc],
+ AS_HELP_STRING([--disable-asciidoc], [do not generate man pages from asciidoc]),
+ [], [enable_asciidoc=yes]
+)
+
+AC_PATH_PROG([ASCIIDOCTOR], [asciidoctor])
+if test "x$enable_asciidoc" = xyes -a "x$ASCIIDOCTOR" = x; then
+ AC_MSG_ERROR([Building man pages requires asciidoctor installed.])
+fi
+AM_CONDITIONAL([ENABLE_ASCIIDOC], [test "x$enable_asciidoc" = xyes])
+
+have_manpages=no
+AS_IF([test -f "$srcdir/man/cryptsetup-open.8"], [
+ AC_MSG_NOTICE([re-use already generated man-pages.])
+ have_manpages=yes]
+)
+AM_CONDITIONAL([HAVE_MANPAGES], [test "x$have_manpages" = xyes])
+
+dnl ==========================================================================
AC_C_RESTRICT
AC_HEADER_DIRENT
-AC_CHECK_HEADERS(fcntl.h malloc.h inttypes.h sys/ioctl.h sys/mman.h \
+AC_CHECK_HEADERS(fcntl.h malloc.h inttypes.h uchar.h sys/ioctl.h sys/mman.h \
sys/sysmacros.h sys/statvfs.h ctype.h unistd.h locale.h byteswap.h endian.h stdint.h)
AC_CHECK_DECLS([O_CLOEXEC],,[AC_DEFINE([O_CLOEXEC],[0], [Defined to 0 if not provided])],
[[
AC_FUNC_STRERROR_R
dnl ==========================================================================
+dnl LUKS2 external tokens
+
+AC_ARG_ENABLE([external-tokens],
+ AS_HELP_STRING([--disable-external-tokens], [disable external LUKS2 tokens]),
+ [], [enable_external_tokens=yes])
+if test "x$enable_external_tokens" = "xyes"; then
+ AC_DEFINE(USE_EXTERNAL_TOKENS, 1, [Use external tokens])
+ dnl we need dynamic library loading here
+ saved_LIBS=$LIBS
+ AC_SEARCH_LIBS([dlsym],[dl])
+ AC_CHECK_FUNCS([dlvsym])
+ AC_SUBST(DL_LIBS, $LIBS)
+ LIBS=$saved_LIBS
+fi
+AM_CONDITIONAL(EXTERNAL_TOKENS, test "x$enable_external_tokens" = "xyes")
+
+AC_ARG_ENABLE([ssh-token],
+ AS_HELP_STRING([--disable-ssh-token], [disable LUKS2 ssh-token]),
+ [], [enable_ssh_token=yes])
+AM_CONDITIONAL(SSHPLUGIN_TOKEN, test "x$enable_ssh_token" = "xyes")
+
+if test "x$enable_ssh_token" = "xyes" -a "x$enable_external_tokens" = "xno"; then
+ AC_MSG_ERROR([Requested LUKS2 ssh-token build, but external tokens are disabled.])
+fi
+
+dnl LUKS2 online reencryption
+AC_ARG_ENABLE([luks2-reencryption],
+ AS_HELP_STRING([--disable-luks2-reencryption], [disable LUKS2 online reencryption extension]),
+ [], [enable_luks2_reencryption=yes])
+if test "x$enable_luks2_reencryption" = "xyes"; then
+ AC_DEFINE(USE_LUKS2_REENCRYPTION, 1, [Use LUKS2 online reencryption extension])
+fi
+
+dnl ==========================================================================
AM_GNU_GETTEXT([external],[need-ngettext])
AM_GNU_GETTEXT_VERSION([0.18.3])
fi
])
-dnl LUKS2 online reencryption
-AC_ARG_ENABLE([luks2-reencryption],
- AS_HELP_STRING([--disable-luks2-reencryption], [disable LUKS2 online reencryption extension]),
- [], [enable_luks2_reencryption=yes])
-if test "x$enable_luks2_reencryption" = "xyes"; then
- AC_DEFINE(USE_LUKS2_REENCRYPTION, 1, [Use LUKS2 online reencryption extension])
-fi
-
dnl ==========================================================================
dnl pwquality library (cryptsetup CLI only)
AC_ARG_ENABLE([pwquality],
fi
dnl ==========================================================================
+dnl fuzzers, it requires own static library compilation later
+AC_ARG_ENABLE([fuzz-targets],
+ AS_HELP_STRING([--enable-fuzz-targets], [enable building fuzz targets]))
+AM_CONDITIONAL(ENABLE_FUZZ_TARGETS, test "x$enable_fuzz_targets" = "xyes")
+
+if test "x$enable_fuzz_targets" = "xyes"; then
+ AX_CHECK_COMPILE_FLAG([-fsanitize=fuzzer-no-link],,
+ AC_MSG_ERROR([Required compiler options not supported; use clang.]), [-Werror])
+fi
+
+dnl ==========================================================================
dnl passwdqc library (cryptsetup CLI only)
AC_ARG_ENABLE([passwdqc],
AS_HELP_STRING([--enable-passwdqc@<:@=CONFIG_PATH@:>@],
[], [enable_veritysetup=yes])
AM_CONDITIONAL(VERITYSETUP, test "x$enable_veritysetup" = "xyes")
-AC_ARG_ENABLE([cryptsetup-reencrypt],
- AS_HELP_STRING([--disable-cryptsetup-reencrypt], [disable cryptsetup-reencrypt tool]),
- [], [enable_cryptsetup_reencrypt=yes])
-AM_CONDITIONAL(REENCRYPT, test "x$enable_cryptsetup_reencrypt" = "xyes")
-
AC_ARG_ENABLE([integritysetup],
AS_HELP_STRING([--disable-integritysetup], [disable integritysetup support]),
[], [enable_integritysetup=yes])
AC_CHECK_DECLS([json_object_object_add_ex], [], [], [#include <json-c/json.h>])
AC_CHECK_DECLS([json_object_deep_copy], [], [], [#include <json-c/json.h>])
+dnl Check for libssh and argp for SSH plugin
+if test "x$enable_ssh_token" = "xyes"; then
+ PKG_CHECK_MODULES([LIBSSH], [libssh])
+ AC_CHECK_DECLS([ssh_session_is_known_server], [], [], [#include <libssh/libssh.h>])
+ AC_CHECK_HEADER([argp.h], [], AC_MSG_ERROR([You need argp library.]))
+ saved_LIBS=$LIBS
+ AC_SEARCH_LIBS([argp_parse],[argp])
+ AC_SUBST(ARGP_LIBS, $LIBS)
+ LIBS=$saved_LIBS
+fi
+
dnl Crypto backend configuration.
AC_ARG_WITH([crypto_backend],
AS_HELP_STRING([--with-crypto_backend=BACKEND], [crypto backend (gcrypt/openssl/nss/kernel/nettle) [openssl]]),
PKG_CONFIG=$saved_PKG_CONFIG
fi
+dnl Check compiler support for symver function attribute
+AC_MSG_CHECKING([for symver attribute support])
+saved_CFLAGS=$CFLAGS
+CFLAGS="-O0 -Werror"
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+ void _test_sym(void);
+ __attribute__((__symver__("sym@VERSION_4.2"))) void _test_sym(void) {}
+]],
+[[ _test_sym() ]]
+)],[
+ AC_DEFINE([HAVE_ATTRIBUTE_SYMVER], 1, [Define to 1 to use __attribute__((symver))])
+ AC_MSG_RESULT([yes])
+], [
+ AC_MSG_RESULT([no])
+])
+CFLAGS=$saved_CFLAGS
+
AC_MSG_CHECKING([for systemd tmpfiles config directory])
PKG_CHECK_VAR([systemd_tmpfilesdir], [systemd], [tmpfilesdir], [], [systemd_tmpfilesdir=no])
AC_MSG_RESULT([$systemd_tmpfilesdir])
AC_SUBST([LIBARGON2_LIBS])
AC_SUBST([BLKID_LIBS])
+AC_SUBST([LIBSSH_LIBS])
+
AC_SUBST([LIBCRYPTSETUP_VERSION])
AC_SUBST([LIBCRYPTSETUP_VERSION_INFO])
+dnl Set Requires.private for libcryptsetup.pc
+dnl pwquality is used only by tools
+PKGMODULES="uuid devmapper json-c"
+case $with_crypto_backend in
+ gcrypt) PKGMODULES+=" libgcrypt" ;;
+ openssl) PKGMODULES+=" openssl" ;;
+ nss) PKGMODULES+=" nss" ;;
+ nettle) PKGMODULES+=" nettle" ;;
+esac
+if test "x$enable_libargon2" = "xyes"; then
+ PKGMODULES+=" libargon2"
+fi
+if test "x$enable_blkid" = "xyes"; then
+ PKGMODULES+=" blkid"
+fi
+AC_SUBST([PKGMODULES])
dnl ==========================================================================
AC_ARG_ENABLE([dev-random],
AS_HELP_STRING([--enable-dev-random], [use /dev/random by default for key generation (otherwise use /dev/urandom)]))
AC_DEFINE(ENABLE_LUKS_ADJUST_XTS_KEYSIZE, 1, [XTS mode - double default LUKS keysize if needed])
fi
-CS_STR_WITH([luks2-pbkdf], [Default PBKDF algorithm (pbkdf2 or argon2i/argon2id) for LUKS2], [argon2i])
+CS_STR_WITH([luks2-pbkdf], [Default PBKDF algorithm (pbkdf2 or argon2i/argon2id) for LUKS2], [argon2id])
CS_NUM_WITH([luks1-iter-time], [PBKDF2 iteration time for LUKS1 (in ms)], [2000])
CS_NUM_WITH([luks2-iter-time], [Argon2 PBKDF iteration time for LUKS2 (in ms)], [2000])
CS_NUM_WITH([luks2-memory-kb], [Argon2 PBKDF memory cost for LUKS2 (in kB)], [1048576])
DEFAULT_LUKS2_LOCK_DIR_PERMS=$with_luks2_lock_dir_perms
AC_SUBST(DEFAULT_LUKS2_LOCK_DIR_PERMS)
+CS_STR_WITH([luks2-external-tokens-path], [path to directory with LUKSv2 external token handlers (plugins)], [LIBDIR/cryptsetup])
+if test -n "$with_luks2_external_tokens_path"; then
+ CS_ABSPATH([${with_luks2_external_tokens_path}],[with-luks2-external-tokens-path])
+ EXTERNAL_LUKS2_TOKENS_PATH=$with_luks2_external_tokens_path
+else
+ EXTERNAL_LUKS2_TOKENS_PATH="\${libdir}/cryptsetup"
+fi
+AC_SUBST(EXTERNAL_LUKS2_TOKENS_PATH)
+
dnl Override default LUKS format version (for cryptsetup or cryptsetup-reencrypt format actions only).
AC_ARG_WITH([default_luks_format],
AS_HELP_STRING([--with-default-luks-format=FORMAT], [default LUKS format version (LUKS1/LUKS2) [LUKS2]]),
po/Makefile.in
scripts/cryptsetup.conf
tests/Makefile
+tests/fuzz/Makefile
])
AC_OUTPUT