📄 configure.ac
字号:
fi AC_DEFINE(SKEY) LIBS="-lskey $LIBS" SKEY_MSG="yes" AC_MSG_CHECKING([for s/key support]) AC_TRY_RUN( [#include <stdio.h>#include <skey.h>int main() { char *ff = skey_keyinfo(""); ff=""; return 0; } ], [AC_MSG_RESULT(yes)], [ AC_MSG_RESULT(no) AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) ]) fi ])# Check whether user wants TCP wrappers supportTCPW_MSG="no"AC_ARG_WITH(tcp-wrappers, [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], [ if test "x$withval" != "xno" ; then saved_LIBS="$LIBS" saved_LDFLAGS="$LDFLAGS" saved_CPPFLAGS="$CPPFLAGS" if test -n "${withval}" -a "${withval}" != "yes"; then if test -d "${withval}/lib"; then if test -n "${need_dash_r}"; then LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" else LDFLAGS="-L${withval}/lib ${LDFLAGS}" fi else if test -n "${need_dash_r}"; then LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" else LDFLAGS="-L${withval} ${LDFLAGS}" fi fi if test -d "${withval}/include"; then CPPFLAGS="-I${withval}/include ${CPPFLAGS}" else CPPFLAGS="-I${withval} ${CPPFLAGS}" fi fi LIBWRAP="-lwrap" LIBS="$LIBWRAP $LIBS" AC_MSG_CHECKING(for libwrap) AC_TRY_LINK( [#include <tcpd.h> int deny_severity = 0, allow_severity = 0; ], [hosts_access(0);], [ AC_MSG_RESULT(yes) AC_DEFINE(LIBWRAP) AC_SUBST(LIBWRAP) TCPW_MSG="yes" ], [ AC_MSG_ERROR([*** libwrap missing]) ] ) LIBS="$saved_LIBS" fi ])dnl Checks for library functions.AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ clock fchmod fchown freeaddrinfo futimes gai_strerror \ getaddrinfo getcwd getgrouplist getnameinfo getopt \ getrlimit getrusage getttyent glob inet_aton inet_ntoa \ inet_ntop innetgr login_getcapbool md5_crypt memmove \ mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ realpath recvmsg rresvport_af sendmsg setdtablesize setegid \ setenv seteuid setgroups setlogin setproctitle setresgid setreuid \ setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \ truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty)dnl IRIX and Solaris 2.5.1 have dirname() in libgenAC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ AC_CHECK_LIB(gen, dirname,[ AC_CACHE_CHECK([for broken dirname], ac_cv_have_broken_dirname, [ save_LIBS="$LIBS" LIBS="$LIBS -lgen" AC_TRY_RUN( [#include <libgen.h>#include <string.h>int main(int argc, char **argv) { char *s, buf[32]; strncpy(buf,"/etc", 32); s = dirname(buf); if (!s || strncmp(s, "/", 32) != 0) { exit(1); } else { exit(0); }} ], [ ac_cv_have_broken_dirname="no" ], [ ac_cv_have_broken_dirname="yes" ] ) LIBS="$save_LIBS" ]) if test "x$ac_cv_have_broken_dirname" = "xno" ; then LIBS="$LIBS -lgen" AC_DEFINE(HAVE_DIRNAME) AC_CHECK_HEADERS(libgen.h) fi ])])dnl Checks for time functionsAC_CHECK_FUNCS(gettimeofday time)dnl Checks for utmp functionsAC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)AC_CHECK_FUNCS(utmpname)dnl Checks for utmpx functionsAC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )AC_CHECK_FUNCS(setutxent utmpxname)AC_CHECK_FUNC(daemon, [AC_DEFINE(HAVE_DAEMON)], [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])])AC_CHECK_FUNC(getpagesize, [AC_DEFINE(HAVE_GETPAGESIZE)], [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])])# Check for broken snprintfif test "x$ac_cv_func_snprintf" = "xyes" ; then AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) AC_TRY_RUN( [#include <stdio.h>int main(void){char b[5];snprintf(b,5,"123456789");return(b[4]!='\0');} ], [AC_MSG_RESULT(yes)], [ AC_MSG_RESULT(no) AC_DEFINE(BROKEN_SNPRINTF) AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) ] )fiAC_FUNC_GETPGRP# Check for PAM libsPAM_MSG="no"AC_ARG_WITH(pam, [ --with-pam Enable PAM support ], [ if test "x$withval" != "xno" ; then if test "x$ac_cv_header_security_pam_appl_h" != "xyes" ; then AC_MSG_ERROR([PAM headers not found]) fi AC_CHECK_LIB(dl, dlopen, , ) AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing])) AC_CHECK_FUNCS(pam_getenvlist) disable_shadow=yes PAM_MSG="yes" AC_DEFINE(USE_PAM) if test $ac_cv_lib_dl_dlopen = yes; then LIBPAM="-lpam -ldl" else LIBPAM="-lpam" fi AC_SUBST(LIBPAM) fi ])# Check for older PAMif test "x$PAM_MSG" = "xyes" ; then # Check PAM strerror arguments (old PAM) AC_MSG_CHECKING([whether pam_strerror takes only one argument]) AC_TRY_COMPILE( [#include <stdlib.h>#include <security/pam_appl.h> ], [(void)pam_strerror((pam_handle_t *)NULL, -1);], [AC_MSG_RESULT(no)], [ AC_DEFINE(HAVE_OLD_PAM) AC_MSG_RESULT(yes) PAM_MSG="yes (old library)" ] )fi# Search for OpenSSLsaved_CPPFLAGS="$CPPFLAGS"saved_LDFLAGS="$LDFLAGS"AC_ARG_WITH(ssl-dir, [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], [ if test "x$withval" != "xno" ; then if test -d "$withval/lib"; then if test -n "${need_dash_r}"; then LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" else LDFLAGS="-L${withval}/lib ${LDFLAGS}" fi else if test -n "${need_dash_r}"; then LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" else LDFLAGS="-L${withval} ${LDFLAGS}" fi fi if test -d "$withval/include"; then CPPFLAGS="-I${withval}/include ${CPPFLAGS}" else CPPFLAGS="-I${withval} ${CPPFLAGS}" fi fi ])LIBS="$LIBS -lcrypto"AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL), [ dnl Check default openssl install dir if test -n "${need_dash_r}"; then LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" else LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" fi CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL), [ AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) ] ) ])# Sanity check OpenSSL headersAC_MSG_CHECKING([whether OpenSSL's headers match the library])AC_TRY_RUN( [#include <string.h>#include <openssl/opensslv.h>int main(void) { return(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } ], [ AC_MSG_RESULT(yes) ], [ AC_MSG_RESULT(no) AC_MSG_ERROR(Your OpenSSL headers do not match your library) ])# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the # version in OpenSSL. Skip this for PAMif test "x$PAM_MSG" = "xno" -a "x$check_for_libcrypt_later" = "x1"; then AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")fi### Configure cryptographic random number support# Check wheter OpenSSL seeds itselfAC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])AC_TRY_RUN( [#include <string.h>#include <openssl/rand.h>int main(void) { return(RAND_status() == 1 ? 0 : 1); } ], [ OPENSSL_SEEDS_ITSELF=yes AC_MSG_RESULT(yes) ], [ AC_MSG_RESULT(no) # Default to use of the rand helper if OpenSSL doesn't # seed itself USE_RAND_HELPER=yes ])# Do we want to force the use of the rand helper?AC_ARG_WITH(rand-helper, [ --with-rand-helper Use subprocess to gather strong randomness ], [ if test "x$withval" = "xno" ; then # Force use of OpenSSL's internal RNG, even if # the previous test showed it to be unseeded. if test -z "$OPENSSL_SEEDS_ITSELF" ; then AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG]) OPENSSL_SEEDS_ITSELF=yes USE_RAND_HELPER="" fi else USE_RAND_HELPER=yes fi ],) # Which randomness source do we use?if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then # OpenSSL only AC_DEFINE(OPENSSL_PRNG_ONLY) RAND_MSG="OpenSSL internal ONLY" INSTALL_SSH_RAND_HELPER=""elif test ! -z "$USE_RAND_HELPER" ; then # install rand helper RAND_MSG="ssh-rand-helper" INSTALL_SSH_RAND_HELPER="yes"fiAC_SUBST(INSTALL_SSH_RAND_HELPER)### Configuration of ssh-rand-helper# PRNGD TCP socketAC_ARG_WITH(prngd-port, [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], [ case "$withval" in no) withval="" ;; [[0-9]]*) ;; *) AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port) ;; esac if test ! -z "$withval" ; then PRNGD_PORT="$withval" AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT) fi ])# PRNGD Unix domain socketAC_ARG_WITH(prngd-socket, [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], [ case "$withval" in yes) withval="/var/run/egd-pool" ;; no) withval="" ;; /*) ;; *) AC_MSG_ERROR(You must specify an absolute path to the entropy socket) ;; esac if test ! -z "$withval" ; then if test ! -z "$PRNGD_PORT" ; then AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket) fi if test ! -r "$withval" ; then AC_MSG_WARN(Entropy socket is not readable) fi PRNGD_SOCKET="$withval" AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET") fi ], [ # Check for existing socket only if we don't have a random device already if test "$USE_RAND_HELPER" = yes ; then AC_MSG_CHECKING(for PRNGD/EGD socket) # Insert other locations here for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then PRNGD_SOCKET="$sock" AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET") break; fi done if test ! -z "$PRNGD_SOCKET" ; then AC_MSG_RESULT($PRNGD_SOCKET) else AC_MSG_RESULT(not found) fi fi ])# Change default command timeout for hashing entropy sourceentropy_timeout=200AC_ARG_WITH(entropy-timeout, [ --with-entropy-timeout Specify entropy gathering command timeout (msec)], [ if test "x$withval" != "xno" ; then entropy_timeout=$withval fi ] )AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)ssh_privsep_user=sshdAC_ARG_WITH(privsep-user, [ --with-privsep-user=user Specify non-privileged user for privilege separation], [ if test -n "$withval"; then ssh_privsep_user=$withval fi ] )AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$ssh_privsep_user")# We do this little dance with the search path to insure# that programs that we select for use by installed programs# (which may be run by the super-user) come from trusted# locations before they come from the user's private area.# This should help avoid accidentally configuring some# random version of a program in someone's personal bin.OPATH=$PATHPATH=/bin:/usr/bintest -h /bin 2> /dev/null && PATH=/usr/bintest -d /sbin && PATH=$PATH:/sbintest -d /usr/sbin && PATH=$PATH:/usr/sbinPATH=$PATH:/etc:$OPATH# These programs are used by the command hashing source to gather entropy OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)OSSH_PATH_ENTROPY_PROG(PROG_W, w)OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)OSSH_PATH_ENTROPY_PROG(PROG_DF, df)OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)# restore PATHPATH=$OPATH# Where does ssh-rand-helper get its randomness from?INSTALL_SSH_PRNG_CMDS=""if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then if test ! -z "$PRNGD_PORT" ; then RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT" elif test ! -z "$PRNGD_SOCKET" ; then RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\"" else RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)" RAND_HELPER_CMDHASH=yes INSTALL_SSH_PRNG_CMDS="yes" fifiAC_SUBST(INSTALL_SSH_PRNG_CMDS)# Cheap hack to ensure NEWS-OS libraries are arranged right.if test ! -z "$SONY" ; then LIBS="$LIBS -liberty";fi# Checks for data types⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -