configure.ac 51 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
dnl Copyright (c) 2001-2004, Roger Dingledine
2
dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
3
dnl Copyright (c) 2007-2013, The Tor Project, Inc.
Nick Mathewson's avatar
Nick Mathewson committed
4
dnl See LICENSE for licensing information
5

6
AC_INIT([tor],[0.2.6.0-alpha-dev])
Stewart Smith's avatar
Stewart Smith committed
7
AC_CONFIG_SRCDIR([src/or/main.c])
8
AC_CONFIG_MACRO_DIR([m4])
Stewart Smith's avatar
Stewart Smith committed
9
AM_INIT_AUTOMAKE
10
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
11
AC_CONFIG_HEADERS([orconfig.h])
12

13
14
AC_CANONICAL_HOST

15
if test -f /etc/redhat-release ; then
16
  if test -f /usr/kerberos/include ; then
17
    CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include"
18
  fi
19
fi
20

21
22
# Not a no-op; we want to make sure that CPPFLAGS is set before we use
# the += operator on it in src/or/Makefile.am
23
CPPFLAGS="$CPPFLAGS -I\${top_srcdir}/src/common"
24

25
26
#XXXX020 We should make these enabled or not, before 0.2.0.x-final
AC_ARG_ENABLE(buf-freelists,
27
   AS_HELP_STRING(--enable-buf-freelists, enable freelists for buffer RAM))
28
AC_ARG_ENABLE(mempools,
29
   AS_HELP_STRING(--enable-mempools, enable mempools for relay cells))
30
31
AC_ARG_ENABLE(openbsd-malloc,
   AS_HELP_STRING(--enable-openbsd-malloc, Use malloc code from openbsd.  Linux only))
32
33
AC_ARG_ENABLE(instrument-downloads,
   AS_HELP_STRING(--enable-instrument-downloads, Instrument downloads of directory resources etc.))
34
35
36
37
AC_ARG_ENABLE(static-openssl,
   AS_HELP_STRING(--enable-static-openssl, Link against a static openssl library. Requires --with-openssl-dir))
AC_ARG_ENABLE(static-libevent,
   AS_HELP_STRING(--enable-static-libevent, Link against a static libevent library. Requires --with-libevent-dir))
38
39
AC_ARG_ENABLE(static-zlib,
   AS_HELP_STRING(--enable-static-zlib, Link against a static zlib library. Requires --with-zlib-dir))
40
AC_ARG_ENABLE(static-tor,
41
   AS_HELP_STRING(--enable-static-tor, Create an entirely static Tor binary. Requires --with-openssl-dir and --with-libevent-dir and --with-zlib-dir))
42
43
AC_ARG_ENABLE(curve25519,
   AS_HELP_STRING(--disable-curve25519, Build Tor with no curve25519 elliptic-curve crypto support))
44
45
AC_ARG_ENABLE(unittests,
   AS_HELP_STRING(--disable-unittests, [Don't build unit tests for Tor. Risky!]))
46
47
AC_ARG_ENABLE(coverage,
   AS_HELP_STRING(--enable-coverage, [Enable coverage support in the unit-test build]))
48

49
50
51
AM_CONDITIONAL(UNITTESTS_ENABLED, test x$enable_unittests != xno)
AM_CONDITIONAL(COVERAGE_ENABLED, test x$enable_coverage = xyes)

52
53
54
55
56
57
if test "$enable_static_tor" = "yes"; then
  enable_static_libevent="yes";
  enable_static_openssl="yes";
  enable_static_zlib="yes";
  CFLAGS="$CFLAGS -static"
fi
58

59
if test x$enable_buf_freelists = xyes; then
60
61
62
  AC_DEFINE(ENABLE_BUF_FREELISTS, 1,
            [Defined if we try to use freelists for buffer RAM chunks])
fi
63

64
65
AM_CONDITIONAL(USE_MEMPOOLS, test x$enable_mempools = xyes)
if test x$enable_mempools = xyes; then
66
67
68
69
  AC_DEFINE(ENABLE_MEMPOOLS, 1,
            [Defined if we try to use mempools for cells being relayed])
fi

70
AM_CONDITIONAL(USE_OPENBSD_MALLOC, test x$enable_openbsd_malloc = xyes)
71
if test x$enable_instrument_downloads = xyes; then
72
73
74
  AC_DEFINE(INSTRUMENT_DOWNLOADS, 1,
            [Defined if we want to keep track of how much of each kind of resource we download.])
fi
75

76
AC_ARG_ENABLE(transparent,
77
     AS_HELP_STRING(--disable-transparent, disable transparent proxy support),
78
79
80
81
82
83
     [case "${enableval}" in
        yes) transparent=true ;;
        no)  transparent=false ;;
        *) AC_MSG_ERROR(bad value for --enable-transparent) ;;
      esac], [transparent=true])

84
85
86
87
88
89
90
91
AC_ARG_ENABLE(asciidoc,
     AS_HELP_STRING(--disable-asciidoc, don't use asciidoc (disables building of manpages)),
     [case "${enableval}" in
        yes) asciidoc=true ;;
        no)  asciidoc=false ;;
        *) AC_MSG_ERROR(bad value for --disable-asciidoc) ;;
      esac], [asciidoc=true])

92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# By default, we're not ready to ship a NAT-PMP aware Tor
AC_ARG_ENABLE(nat-pmp,
     AS_HELP_STRING(--enable-nat-pmp, enable NAT-PMP support),
     [case "${enableval}" in
        yes) natpmp=true ;;
        no)  natpmp=false ;;
        * ) AC_MSG_ERROR(bad value for --enable-nat-pmp) ;;
      esac], [natpmp=false])

# By default, we're not ready to ship a UPnP aware Tor
AC_ARG_ENABLE(upnp,
     AS_HELP_STRING(--enable-upnp, enable UPnP support),
     [case "${enableval}" in
        yes) upnp=true ;;
        no)  upnp=false ;;
        * ) AC_MSG_ERROR(bad value for --enable-upnp) ;;
      esac], [upnp=false])

110
111
112
113
114
115
case $host in
   *-*-solaris* )
     AC_DEFINE(_REENTRANT, 1, [Define on some platforms to activate x_r() functions in time.h])
     ;;
esac

116
AC_ARG_ENABLE(gcc-warnings,
117
     AS_HELP_STRING(--enable-gcc-warnings, enable verbose warnings))
118
119
AC_ARG_ENABLE(gcc-warnings-advisory,
     AS_HELP_STRING(--enable-gcc-warnings-advisory, [enable verbose warnings, excluding -Werror]))
120

121
122
dnl Others suggest '/gs /safeseh /nxcompat /dynamicbase' for non-gcc on Windows
AC_ARG_ENABLE(gcc-hardening,
123
    AS_HELP_STRING(--disable-gcc-hardening, disable compiler security checks))
124

125
126
127
AC_ARG_ENABLE(expensive-hardening,
    AS_HELP_STRING(--enable-expensive-hardening, enable more expensive compiler hardening; makes Tor slower))

128
129
130
dnl Linker hardening options
dnl Currently these options are ELF specific - you can't use this with MacOSX
AC_ARG_ENABLE(linker-hardening,
131
    AS_HELP_STRING(--disable-linker-hardening, disable linker security fixups))
132

133
134
135
136
137
138
139
AC_ARG_ENABLE(local-appdata,
   AS_HELP_STRING(--enable-local-appdata, default to host local application data paths on Windows))
if test "$enable_local_appdata" = "yes"; then
  AC_DEFINE(ENABLE_LOCAL_APPDATA, 1,
            [Defined if we default to host local appdata paths on Windows])
fi

140
141
142
143
144
145
146
# Tor2web mode flag
AC_ARG_ENABLE(tor2web-mode,
     AS_HELP_STRING(--enable-tor2web-mode, support tor2web non-anonymous mode),
[if test x$enableval = xyes; then
    CFLAGS="$CFLAGS -D ENABLE_TOR2WEB_MODE=1"
fi])

147
148
149
AC_ARG_ENABLE(bufferevents,
     AS_HELP_STRING(--enable-bufferevents, use Libevent's buffered IO.))

150
151
152
AC_ARG_ENABLE(tool-name-check,
     AS_HELP_STRING(--disable-tool-name-check, check for sanely named toolchain when cross-compiling))

153
154
155
AC_ARG_ENABLE(seccomp,
     AS_HELP_STRING(--disable-seccomp, do not attempt to use libseccomp))

156
157
158
AC_ARG_ENABLE(libscrypt,
     AS_HELP_STRING(--disable-libscrypt, do not attempt to use libscrypt))

159
160
161
162
163
164
dnl check for the correct "ar" when cross-compiling
AN_MAKEVAR([AR], [AC_PROG_AR])
AN_PROGRAM([ar], [AC_PROG_AR])
AC_DEFUN([AC_PROG_AR], [AC_CHECK_TOOL([AR], [ar], [ar])])
AC_PROG_AR

165
166
167
168
169
170
171
172
173
174
175
176
177
178
dnl Check whether the above macro has settled for a simply named tool even
dnl though we're cross compiling. We must do this before running AC_PROG_CC,
dnl because that will find any cc on the system, not only the cross-compiler,
dnl and then verify that a binary built with this compiler runs on the
dnl build system. It will then come to the false conclusion that we're not
dnl cross-compiling.
if test x$enable_tool_name_check != xno; then
    if test x$ac_tool_warned = xyes; then
        AC_MSG_ERROR([We are cross compiling but could not find a properly named toolchain. Do you have your cross-compiling toolchain in PATH? (You can --disable-tool-name-check to ignore this.)])
	elif test "x$ac_ct_AR" != x -a x$cross_compiling = xmaybe; then
		AC_MSG_ERROR([We think we are cross compiling but could not find a properly named toolchain. Do you have your cross-compiling toolchain in PATH? (You can --disable-tool-name-check to ignore this.)])
	fi
fi

179
AC_PROG_CC
180
AC_PROG_CPP
181
182
AC_PROG_MAKE_SET
AC_PROG_RANLIB
183
184
185

dnl autoconf 2.59 appears not to support AC_PROG_SED
AC_CHECK_PROG([SED],[sed],[sed],[/bin/false])
186

187
188
dnl check for asciidoc and a2x
AC_PATH_PROG([ASCIIDOC], [asciidoc], none)
189
AC_PATH_PROGS([A2X], [a2x a2x.py], none)
190
191

AM_CONDITIONAL(USE_ASCIIDOC, test x$asciidoc = xtrue)
192

193
194
195
196
AM_CONDITIONAL(USE_FW_HELPER, test x$natpmp = xtrue || test x$upnp = xtrue)
AM_CONDITIONAL(NAT_PMP, test x$natpmp = xtrue)
AM_CONDITIONAL(MINIUPNPC, test x$upnp = xtrue)
AM_PROG_CC_C_O
197
AC_PROG_CC_C99
198

199
AC_ARG_VAR(PYTHON)
200
AC_CHECK_PROGS(PYTHON, [python python2 python2.7 python3 python3.3])
201
202
203
204
205
if test "x$PYTHON" = "x"; then
  AC_MSG_WARN([Python unavailable; some tests will not be run.])
fi
AM_CONDITIONAL(USEPYTHON, [test "x$PYTHON" != "x"])

206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
ifdef([AC_C_FLEXIBLE_ARRAY_MEMBER], [
AC_C_FLEXIBLE_ARRAY_MEMBER
], [
 dnl Maybe we've got an old autoconf...
 AC_CACHE_CHECK([for flexible array members],
     tor_cv_c_flexarray,
     [AC_COMPILE_IFELSE(
       AC_LANG_PROGRAM([
 struct abc { int a; char b[]; };
], [
 struct abc *def = malloc(sizeof(struct abc)+sizeof(char));
 def->b[0] = 33;
]),
  [tor_cv_c_flexarray=yes],
  [tor_cv_c_flexarray=no])])
 if test $tor_cv_flexarray = yes ; then
222
   AC_DEFINE([FLEXIBLE_ARRAY_MEMBER], [], [Define to nothing if C supports flexible array members, and to 1 if it does not.])
223
 else
224
   AC_DEFINE([FLEXIBLE_ARRAY_MEMBER], [1], [Define to nothing if C supports flexible array members, and to 1 if it does not.])
225
226
227
 fi
])

228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
AC_CACHE_CHECK([for working C99 mid-block declaration syntax],
      tor_cv_c_c99_decl,
      [AC_COMPILE_IFELSE(
         [AC_LANG_PROGRAM([], [int x; x = 3; int y; y = 4 + x;])],
	 [tor_cv_c_c99_decl=yes],
	 [tor_cv_c_c99_decl=no] )])
if test "$tor_cv_c_c99_decl" != "yes"; then
  AC_MSG_ERROR([Your compiler doesn't support c99 mid-block declarations. This is required as of Tor 0.2.6.x])
fi

AC_CACHE_CHECK([for working C99 designated initializers],
      tor_cv_c_c99_designated_init,
      [AC_COMPILE_IFELSE(
         [AC_LANG_PROGRAM([struct s { int a; int b; };],
  	       [[ struct s ss = { .b = 5, .a = 6 }; ]])],
	 [tor_cv_c_c99_designated_init=yes],
	 [tor_cv_c_c99_designated_init=no] )])

if test "$tor_cv_c_c99_designated_init" != "yes"; then
  AC_MSG_ERROR([Your compiler doesn't support c99 designated initializers. This is required as of Tor 0.2.6.x])
fi

250
251
AC_PATH_PROG([SHA1SUM], [sha1sum], none)
AC_PATH_PROG([OPENSSL], [openssl], none)
252

253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
TORUSER=_tor
AC_ARG_WITH(tor-user,
        [  --with-tor-user=NAME    Specify username for tor daemon ],
        [
           TORUSER=$withval
        ]
)
AC_SUBST(TORUSER)

TORGROUP=_tor
AC_ARG_WITH(tor-group,
        [  --with-tor-group=NAME   Specify group name for tor daemon ],
        [
           TORGROUP=$withval
        ]
)
AC_SUBST(TORGROUP)

271

272
dnl If _WIN32 is defined and non-zero, we are building for win32
273
AC_MSG_CHECKING([for win32])
274
AC_RUN_IFELSE([AC_LANG_SOURCE([
275
int main(int c, char **v) {
276
277
#ifdef _WIN32
#if _WIN32
278
279
280
281
282
283
284
  return 0;
#else
  return 1;
#endif
#else
  return 2;
#endif
285
}])],
286
bwin32=true; AC_MSG_RESULT([yes]),
287
288
bwin32=false; AC_MSG_RESULT([no]),
bwin32=cross; AC_MSG_RESULT([cross])
289
290
)

291
if test "$bwin32" = cross; then
292
AC_MSG_CHECKING([for win32 (cross)])
293
AC_COMPILE_IFELSE([AC_LANG_SOURCE([
294
#ifdef _WIN32
295
296
297
298
299
int main(int c, char **v) {return 0;}
#else
#error
int main(int c, char **v) {return x(y);}
#endif
300
])],
301
302
303
304
bwin32=true; AC_MSG_RESULT([yes]),
bwin32=false; AC_MSG_RESULT([no]))
fi

305
AM_CONDITIONAL(BUILD_NT_SERVICES, test x$bwin32 = xtrue)
306

307
308
dnl Enable C99 when compiling with MIPSpro
AC_MSG_CHECKING([for MIPSpro compiler])
309
AC_COMPILE_IFELSE([AC_LANG_PROGRAM(, [
310
311
312
313
#if (defined(__sgi) && defined(_COMPILER_VERSION))
#error
  return x(y);
#endif
314
])],
315
bmipspro=false; AC_MSG_RESULT(no),
316
bmipspro=true; AC_MSG_RESULT(yes))
317

318
if test "$bmipspro" = true; then
319
320
321
  CFLAGS="$CFLAGS -c99"
fi

322
323
AC_C_BIGENDIAN

324
AC_SEARCH_LIBS(socket, [socket network])
325
AC_SEARCH_LIBS(gethostbyname, [nsl])
326
AC_SEARCH_LIBS(dlopen, [dl])
327
AC_SEARCH_LIBS(inet_aton, [resolv])
328
329
330
331
332
333
saved_LIBS="$LIBS"
AC_SEARCH_LIBS([clock_gettime], [rt])
if test "$LIBS" != "$saved_LIBS"; then
   # Looks like we need -lrt for clock_gettime().
   have_rt=yes
fi
334

335
336
AC_SEARCH_LIBS(pthread_create, [pthread])
AC_SEARCH_LIBS(pthread_detach, [pthread])
337

338
339
340
341
dnl -------------------------------------------------------------------
dnl Check for functions before libevent, since libevent-1.2 apparently
dnl exports strlcpy without defining it in a header.

342
AC_CHECK_FUNCS(
343
        _NSGetEnviron \
Sebastian Hahn's avatar
Sebastian Hahn committed
344
        accept4 \
Nick Mathewson's avatar
Nick Mathewson committed
345
346
        backtrace \
        backtrace_symbols_fd \
Sebastian Hahn's avatar
Sebastian Hahn committed
347
        clock_gettime \
348
349
350
        flock \
        ftime \
        getaddrinfo \
Sebastian Hahn's avatar
Sebastian Hahn committed
351
        getifaddrs \
352
353
354
355
        getrlimit \
        gettimeofday \
        gmtime_r \
        inet_aton \
Sebastian Hahn's avatar
Sebastian Hahn committed
356
        ioctl \
357
        issetugid \
358
        llround \
359
        localtime_r \
Sebastian Hahn's avatar
Sebastian Hahn committed
360
        lround \
361
362
        memmem \
        prctl \
Sebastian Hahn's avatar
Sebastian Hahn committed
363
        rint \
Nick Mathewson's avatar
Nick Mathewson committed
364
        sigaction \
365
366
367
        socketpair \
        strlcat \
        strlcpy \
368
	strnlen \
369
370
371
372
        strptime \
        strtok_r \
        strtoull \
        sysconf \
373
	sysctl \
374
        uname \
375
        usleep \
376
        vasprintf \
377
	_vscprintf
378
)
379

380
if test "$bwin32" != true; then
381
382
383
384
  AC_CHECK_HEADERS(pthread.h)
  AC_CHECK_FUNCS(pthread_create)
fi

385
dnl ------------------------------------------------------
386
dnl Where do you live, libevent?  And how do we call you?
387

388
if test "$bwin32" = true; then
389
  TOR_LIB_WS32=-lws2_32
390
  TOR_LIB_IPHLPAPI=-liphlpapi
391
392
  # Some of the cargo-cults recommend -lwsock32 as well, but I don't
  # think it's actually necessary.
393
  TOR_LIB_GDI=-lgdi32
Nick Mathewson's avatar
   
Nick Mathewson committed
394
else
395
396
  TOR_LIB_WS32=
  TOR_LIB_GDI=
Nick Mathewson's avatar
   
Nick Mathewson committed
397
fi
398
399
AC_SUBST(TOR_LIB_WS32)
AC_SUBST(TOR_LIB_GDI)
400
AC_SUBST(TOR_LIB_IPHLPAPI)
Nick Mathewson's avatar
   
Nick Mathewson committed
401

402
403
404
405
dnl We need to do this before we try our disgusting hack below.
AC_CHECK_HEADERS([sys/types.h])

dnl This is a disgusting hack so we safely include older libevent headers.
406
407
408
409
410
AC_CHECK_TYPE(u_int64_t, unsigned long long)
AC_CHECK_TYPE(u_int32_t, unsigned long)
AC_CHECK_TYPE(u_int16_t, unsigned short)
AC_CHECK_TYPE(u_int8_t, unsigned char)

411
tor_libevent_pkg_redhat="libevent"
412
tor_libevent_pkg_debian="libevent-dev"
413
414
415
tor_libevent_devpkg_redhat="libevent-devel"
tor_libevent_devpkg_debian="libevent-dev"

416
417
418
419
420
421
422
423
424
425
dnl On Gnu/Linux or any place we require it, we'll add librt to the Libevent
dnl linking for static builds.
STATIC_LIBEVENT_FLAGS=""
if test "$enable_static_libevent" = "yes"; then
    if test "$have_rt" = yes; then
      STATIC_LIBEVENT_FLAGS=" -lrt "
    fi
fi

TOR_SEARCH_LIBRARY(libevent, $trylibeventdir, [-levent $STATIC_LIBEVENT_FLAGS $TOR_LIB_WS32], [
426
#ifdef _WIN32
427
428
#include <winsock2.h>
#endif
429
#include <stdlib.h>
430
#include <sys/time.h>
Roger Dingledine's avatar
Roger Dingledine committed
431
#include <sys/types.h>
432
#include <event.h>], [
433
#ifdef _WIN32
434
435
436
#include <winsock2.h>
#endif
void exit(int); void *event_init(void);],
437
    [
438
#ifdef _WIN32
439
{WSADATA d; WSAStartup(0x101,&d); }
440
441
442
#endif
event_init(); exit(0);
], [--with-libevent-dir], [/opt/libevent])
443

444
dnl Now check for particular libevent functions.
445
446
save_LIBS="$LIBS"
save_LDFLAGS="$LDFLAGS"
447
save_CPPFLAGS="$CPPFLAGS"
448
LIBS="-levent $STATIC_LIBEVENT_FLAGS $TOR_LIB_WS32 $LIBS"
449
LDFLAGS="$TOR_LDFLAGS_libevent $LDFLAGS"
450
CPPFLAGS="$TOR_CPPFLAGS_libevent $CPPFLAGS"
451
452
453
454
AC_CHECK_FUNCS([event_get_version \
                event_get_version_number \
                event_get_method \
                event_set_log_callback \
455
                evutil_secure_rng_set_urandom_device_file \
456
                evutil_secure_rng_init \
457
                event_base_loopexit])
458
459
460
461
AC_CHECK_MEMBERS([struct event.min_heap_idx], , ,
[#include <event.h>
])

462
AC_CHECK_HEADERS(event2/event.h event2/dns.h event2/bufferevent_ssl.h)
463

464
465
LIBS="$save_LIBS"
LDFLAGS="$save_LDFLAGS"
466
CPPFLAGS="$save_CPPFLAGS"
467

468

469
470
AM_CONDITIONAL(USE_EXTERNAL_EVDNS, test x$ac_cv_header_event2_dns_h = xyes)

471
472
473
474
if test "$enable_static_libevent" = "yes"; then
   if test "$tor_cv_library_libevent_dir" = "(system)"; then
     AC_MSG_ERROR("You must specify an explicit --with-libevent-dir=x option when using --enable-static-libevent")
   else
475
     TOR_LIBEVENT_LIBS="$TOR_LIBDIR_libevent/libevent.a $STATIC_LIBEVENT_FLAGS"
476
477
478
479
480
   fi
else
     TOR_LIBEVENT_LIBS="-levent"
fi

481
482
dnl This isn't the best test for Libevent 2.0.3-alpha.  Once it's released,
dnl we can do much better.
483
484
if test "$enable_bufferevents" = "yes" ; then
  if test "$ac_cv_header_event2_bufferevent_ssl_h" != "yes" ; then
485
    AC_MSG_ERROR([You've asked for bufferevent support, but you're using a version of Libevent without SSL support.  This won't work.  We need Libevent 2.0.8-rc or later, and you don't seem to even have Libevent 2.0.3-alpha.])
486
487
488
489
490
491
  else

    CPPFLAGS="$CPPFLAGS $TOR_CPPFLAGS_libevent"

    # Check for the right version.  First see if version detection works.
    AC_MSG_CHECKING([whether we can detect the Libevent version])
492
    AC_COMPILE_IFELSE([AC_LANG_SOURCE([
493
494
495
496
497
498
499
#include <event2/event.h>
#if !defined(LIBEVENT_VERSION_NUMBER) || LIBEVENT_VERSION_NUMBER < 10
#error
int x = y(zz);
#else
int x = 1;
#endif
500
  ])], [event_version_number_works=yes; AC_MSG_RESULT([yes]) ],
501
502
503
504
505
     [event_version_number_works=no;  AC_MSG_RESULT([no])])
    if test "$event_version_number_works" != 'yes'; then
      AC_MSG_WARN([Version detection on Libevent seems broken.  Your Libevent installation is probably screwed up or very old.])
    else
      AC_MSG_CHECKING([whether Libevent is new enough for bufferevents])
506
      AC_COMPILE_IFELSE([AC_LANG_SOURCE([
507
#include <event2/event.h>
508
#if !defined(LIBEVENT_VERSION_NUMBER) || LIBEVENT_VERSION_NUMBER < 0x02000d00
509
510
511
512
513
#error
int x = y(zz);
#else
int x = 1;
#endif
514
   ])], [ AC_MSG_RESULT([yes]) ],
515
      [ AC_MSG_RESULT([no])
516
        AC_MSG_ERROR([Libevent does not seem new enough to support bufferevents.  We require 2.0.13-stable or later]) ] )
517
518
    fi
  fi
519
520
fi

521
522
523
524
LIBS="$save_LIBS"
LDFLAGS="$save_LDFLAGS"
CPPFLAGS="$save_CPPFLAGS"

525
526
AM_CONDITIONAL(USE_BUFFEREVENTS, test "$enable_bufferevents" = "yes")
if test "$enable_bufferevents" = "yes"; then
527
528
529
530
531
532
  AC_DEFINE(USE_BUFFEREVENTS, 1, [Defined if we're going to use Libevent's buffered IO API])
  if test "$enable_static_libevent" = "yes"; then
    TOR_LIBEVENT_LIBS="$TOR_LIBDIR_libevent/libevent_openssl.a $TOR_LIBEVENT_LIBS"
  else
    TOR_LIBEVENT_LIBS="-levent_openssl $TOR_LIBEVENT_LIBS"
  fi
533
fi
534
AC_SUBST(TOR_LIBEVENT_LIBS)
535

536
537
538
539
540
541
542
dnl ------------------------------------------------------
dnl Where do you live, libm?

dnl On some platforms (Haiku/BeOS) the math library is
dnl part of libroot. In which case don't link against lm
TOR_LIB_MATH=""
save_LIBS="$LIBS"
543
544
545
AC_SEARCH_LIBS(pow, [m], , AC_MSG_ERROR([Could not find pow in libm or libc.]))
if test "$ac_cv_search_pow" != "none required"; then
    TOR_LIB_MATH="$ac_cv_search_pow"
546
547
548
549
fi
LIBS="$save_LIBS"
AC_SUBST(TOR_LIB_MATH)

550
dnl ------------------------------------------------------
551
dnl Where do you live, openssl?  And how do we call you?
552

553
tor_openssl_pkg_redhat="openssl"
554
tor_openssl_pkg_debian="libssl-dev"
555
556
557
tor_openssl_devpkg_redhat="openssl-devel"
tor_openssl_devpkg_debian="libssl-dev"

558
559
560
561
562
563
564
565
566
ALT_openssl_WITHVAL=""
AC_ARG_WITH(ssl-dir,
  [  --with-ssl-dir=PATH    Obsolete alias for --with-openssl-dir ],
  [
      if test "x$withval" != xno && test "x$withval" != "x" ; then
         ALT_openssl_WITHVAL="$withval"
      fi
  ])

567
TOR_SEARCH_LIBRARY(openssl, $tryssldir, [-lssl -lcrypto $TOR_LIB_GDI],
568
569
    [#include <openssl/rand.h>],
    [void RAND_add(const void *buf, int num, double entropy);],
570
    [RAND_add((void*)0,0,0); exit(0);], [],
571
    [/usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/athena /opt/openssl])
572

573
574
dnl XXXX check for OPENSSL_VERSION_NUMBER == SSLeay()

575
576
577
578
if test "$enable_static_openssl" = "yes"; then
   if test "$tor_cv_library_openssl_dir" = "(system)"; then
     AC_MSG_ERROR("You must specify an explicit --with-openssl-dir=x option when using --enable-static-openssl")
   else
579
     TOR_OPENSSL_LIBS="$TOR_LIBDIR_openssl/libssl.a $TOR_LIBDIR_openssl/libcrypto.a"
580
581
   fi
else
582
     TOR_OPENSSL_LIBS="-lssl -lcrypto"
583
584
585
fi
AC_SUBST(TOR_OPENSSL_LIBS)

586
587
588
589
AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , ,
[#include <openssl/ssl.h>
])

590
591
592
dnl ------------------------------------------------------
dnl Where do you live, zlib?  And how do we call you?

593
594
595
596
tor_zlib_pkg_redhat="zlib"
tor_zlib_pkg_debian="zlib1g"
tor_zlib_devpkg_redhat="zlib-devel"
tor_zlib_devpkg_debian="zlib1g-dev"
597
598
599
600
601
602
603

TOR_SEARCH_LIBRARY(zlib, $tryzlibdir, [-lz],
    [#include <zlib.h>],
    [const char * zlibVersion(void);],
    [zlibVersion(); exit(0);], [--with-zlib-dir],
    [/opt/zlib])

604
605
606
607
608
609
610
611
612
613
614
615
if test "$enable_static_zlib" = "yes"; then
   if test "$tor_cv_library_zlib_dir" = "(system)"; then
     AC_MSG_ERROR("You must specify an explicit --with-zlib-dir=x option when
 using --enable-static-zlib")
   else
     TOR_ZLIB_LIBS="$TOR_LIBDIR_zlib/libz.a"
   fi
else
     TOR_ZLIB_LIBS="-lz"
fi
AC_SUBST(TOR_ZLIB_LIBS)

616
617
618
619
620
dnl ---------------------------------------------------------------------
dnl Now that we know about our major libraries, we can check for compiler
dnl and linker hardening options.  We need to do this with the libraries known,
dnl since sometimes the linker will like an option but not be willing to
dnl use it with a build of a library.
621

622
623
624
all_ldflags_for_check="$TOR_LDFLAGS_zlib $TOR_LDFLAGS_openssl $TOR_LDFLAGS_libevent"
all_libs_for_check="$TOR_ZLIB_LIBS $TOR_LIB_MATH $TOR_LIBEVENT_LIBS $TOR_OPENSSL_LIBS $TOR_LIB_WS32 $TOR_LIB_GDI"

625
626
627
628
629
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [
#if !defined(__clang__)
#error
#endif])], have_clang=yes, have_clang=no)

630
631
if test x$enable_gcc_hardening != xno; then
    CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2"
632
633
634
    if test x$have_clang = xyes; then
        TOR_CHECK_CFLAGS(-Qunused-arguments)
    fi
635
636
637
    TOR_CHECK_CFLAGS(-fstack-protector-all, also_link)
    AS_VAR_PUSHDEF([can_compile], [tor_cv_cflags_-fstack-protector-all])
    AS_VAR_PUSHDEF([can_link], [tor_can_link_-fstack-protector-all])
638
m4_ifdef([AS_VAR_IF],[
639
640
641
642
    AS_VAR_IF(can_compile, [yes],
        AS_VAR_IF(can_link, [yes],
                  [],
                  AC_MSG_ERROR([We tried to build with stack protection; it looks like your compiler supports it but your libc does not provide it. Are you missing libssp? (You can --disable-gcc-hardening to ignore this error.)]))
643
        )])
644
645
    AS_VAR_POPDEF([can_link])
    AS_VAR_POPDEF([can_compile])
646
647
648
    TOR_CHECK_CFLAGS(-Wstack-protector)
    TOR_CHECK_CFLAGS(-fwrapv)
    TOR_CHECK_CFLAGS(--param ssp-buffer-size=1)
649
650
651
652
    if test "$bwin32" = "false"; then
       TOR_CHECK_CFLAGS(-fPIE)
       TOR_CHECK_LDFLAGS(-pie, "$all_ldflags_for_check", "$all_libs_for_check")
    fi
653
fi
654

655
656
657
658
659
660
if test x$enable_expensive_hardening = xyes ; then
   TOR_CHECK_CFLAGS([-fsanitize=address])
   TOR_CHECK_CFLAGS([-fsanitize=undefined])
   TOR_CHECK_CFLAGS([-fno-omit-frame-pointer])
fi

661
662
663
if test x$enable_linker_hardening != xno; then
    TOR_CHECK_LDFLAGS(-z relro -z now, "$all_ldflags_for_check", "$all_libs_for_check")
fi
664

665
666
667
# For backtrace support
TOR_CHECK_LDFLAGS(-rdynamic)

668
dnl ------------------------------------------------------
669
670
671
672
dnl Now see if we have a -fomit-frame-pointer compiler option.

saved_CFLAGS="$CFLAGS"
TOR_CHECK_CFLAGS(-fomit-frame-pointer)
673
F_OMIT_FRAME_POINTER=''
674
if test "$saved_CFLAGS" != "$CFLAGS"; then
675
676
677
  if test x$enable_expensive_hardening != xyes ; then
    F_OMIT_FRAME_POINTER='-fomit-frame-pointer'
  fi
678
679
680
681
fi
CFLAGS="$saved_CFLAGS"
AC_SUBST(F_OMIT_FRAME_POINTER)

682
683
684
685
686
687
688
dnl ------------------------------------------------------
dnl If we are adding -fomit-frame-pointer (or if the compiler's doing it
dnl for us, as GCC 4.6 and later do at many optimization levels), then
dnl we should try to add -fasynchronous-unwind-tables so that our backtrace
dnl code will work.
TOR_CHECK_CFLAGS(-fasynchronous-unwind-tables)

689
690
691
692
693
694
dnl ------------------------------------------------------
dnl Where do you live, libnatpmp?  And how do we call you?
dnl There are no packages for Debian or Redhat as of this patch

if test "$natpmp" = "true"; then
    AC_DEFINE(NAT_PMP, 1, [Define to 1 if we are building with nat-pmp.])
Steven Murdoch's avatar
Steven Murdoch committed
695
    TOR_SEARCH_LIBRARY(libnatpmp, $trylibnatpmpdir, [-lnatpmp $TOR_LIB_WS32 $TOR_LIB_IPHLPAPI],
696
        [#include <natpmp.h>],
697
        [#ifdef _WIN32
Steven Murdoch's avatar
Steven Murdoch committed
698
699
700
         #define STATICLIB
         #endif
         #include <natpmp.h>],
701
702
703
        [   int r;
            natpmp_t natpmp;
            natpmpresp_t response;
704
            r = initnatpmp(&natpmp, 0, 0);],
705
706
707
708
709
710
711
712
713
714
715
716
            [printf("initnatpmp() returned %d (%s)\n", r, r?"FAILED":"SUCCESS");
            exit(0);],
        [--with-libnatpmp-dir],
        [/usr/lib/])
fi


dnl ------------------------------------------------------
dnl Where do you live, libminiupnpc?  And how do we call you?
dnl There are no packages for Debian or Redhat as of this patch

if test "$upnp" = "true"; then
717
    AC_DEFINE(MINIUPNPC, 1, [Define to 1 if we are building with UPnP.])
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745

    dnl Before we call TOR_SEARCH_LIBRARY we'll do a quick compile test
    dnl to see if we have miniupnpc-1.5 or -1.6
    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <miniupnpc/miniupnpc.h>],
        [upnpDiscover(1, 0, 0, 0);exit(0);])],[miniupnpc15="true"],[miniupnpc15="false"])

    if test "$miniupnpc15" = "true" ; then
        AC_DEFINE([MINIUPNPC15],[1],[libminiupnpc version 1.5 found])
        TOR_SEARCH_LIBRARY(libminiupnpc, $trylibminiupnpcdir, [-lminiupnpc $TOR_LIB_WS32 $TOR_LIB_IPHLPAPI],
            [#include <miniupnpc/miniwget.h>
             #include <miniupnpc/miniupnpc.h>
             #include <miniupnpc/upnpcommands.h>],
            [void upnpDiscover(int delay, const char * multicastif,
             const char * minissdpdsock, int sameport);],
            [upnpDiscover(1, 0, 0, 0); exit(0);],
            [--with-libminiupnpc-dir],
            [/usr/lib/])
    else
        TOR_SEARCH_LIBRARY(libminiupnpc, $trylibminiupnpcdir, [-lminiupnpc $TOR_LIB_WS32 $TOR_LIB_IPHLPAPI],
            [#include <miniupnpc/miniwget.h>
             #include <miniupnpc/miniupnpc.h>
             #include <miniupnpc/upnpcommands.h>],
            [void upnpDiscover(int delay, const char * multicastif,
             const char * minissdpdsock, int sameport, int ipv6, int * error);],
            [upnpDiscover(1, 0, 0, 0, 0, 0); exit(0);],
            [--with-libminiupnpc-dir],
            [/usr/lib/])
    fi
746
747
fi

748
749
750
dnl ============================================================
dnl Check for libseccomp

751
752
753
754
if test "x$enable_seccomp" != "xno"; then
  AC_CHECK_HEADERS([seccomp.h])
  AC_SEARCH_LIBS(seccomp_init, [seccomp])
fi
755

756
757
758
759
760
761
762
763
dnl ============================================================
dnl Check for libscrypt

if test "x$enable_libscrypt" != "xno"; then
  AC_CHECK_HEADERS([libscrypt.h])
  AC_SEARCH_LIBS(libscrypt_scrypt, [scrypt])
fi

764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
dnl ============================================================
dnl We need an implementation of curve25519.

dnl set these defaults.
have_a_curve25519=no
build_curve25519_donna=no
build_curve25519_donna_c64=no
use_curve25519_donna=no
use_curve25519_nacl=no
CURVE25519_LIBS=

if test x$enable_curve25519 != xno; then

  dnl The best choice is using curve25519-donna-c64, but that requires
  dnl that we
  AC_CACHE_CHECK([whether we can use curve25519-donna-c64],
    tor_cv_can_use_curve25519_donna_c64,
    [AC_RUN_IFELSE(
      [AC_LANG_PROGRAM([dnl
        #include <stdint.h>
        typedef unsigned uint128_t __attribute__((mode(TI)));
785
786
787
	int func(uint64_t a, uint64_t b) {
  	     uint128_t c = ((uint128_t)a) * b;
             int ok = ((uint64_t)(c>>96)) == 522859 &&
788
789
790
	           (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
                   (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
                   (((uint64_t)(c))&0xffffffffL) == 0;
791
792
             return ok;
        }
793
	], [dnl
794
795
	  int ok = func( ((uint64_t)2000000000) * 1000000000,
	  	         ((uint64_t)1234567890) << 24);
796
          return !ok;
797
798
799
        ])],
	[tor_cv_can_use_curve25519_donna_c64=yes],
        [tor_cv_can_use_curve25519_donna_c64=no],
800
	[AC_LINK_IFELSE(
801
          [AC_LANG_PROGRAM([dnl
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
        #include <stdint.h>
        typedef unsigned uint128_t __attribute__((mode(TI)));
	int func(uint64_t a, uint64_t b) {
  	     uint128_t c = ((uint128_t)a) * b;
             int ok = ((uint64_t)(c>>96)) == 522859 &&
	           (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
                   (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
                   (((uint64_t)(c))&0xffffffffL) == 0;
             return ok;
        }
	], [dnl
	  int ok = func( ((uint64_t)2000000000) * 1000000000,
	  	         ((uint64_t)1234567890) << 24);
          return !ok;
        ])],
817
818
819
            [tor_cv_can_use_curve25519_donna_c64=cross],
	    [tor_cv_can_use_curve25519_donna_c64=no])])])

820
821
822
  AC_CHECK_HEADERS([crypto_scalarmult_curve25519.h \
                    nacl/crypto_scalarmult_curve25519.h])

823
  AC_CACHE_CHECK([for nacl compiled with a fast curve25519 implementation],
824
825
826
827
828
    tor_cv_can_use_curve25519_nacl,
    [tor_saved_LIBS="$LIBS"
     LIBS="$LIBS -lnacl"
     AC_LINK_IFELSE(
       [AC_LANG_PROGRAM([dnl
829
         #ifdef HAVE_CRYPTO_SCALARMULT_CURVE25519_H
830
         #include <crypto_scalarmult_curve25519.h>
831
832
833
	 #elif defined(HAVE_NACL_CRYPTO_SCALARMULT_CURVE25519_H)
	 #include <nacl/crypto_scalarmult_curve25519.h>
	 #endif
834
         #ifdef crypto_scalarmult_curve25519_ref_BYTES
835
	 #error Hey, this is the reference implementation! That's not fast.
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
	 #endif
       ], [
	 unsigned char *a, *b, *c; crypto_scalarmult_curve25519(a,b,c);
       ])], [tor_cv_can_use_curve25519_nacl=yes],
       [tor_cv_can_use_curve25519_nacl=no])
     LIBS="$tor_saved_LIBS" ])

   dnl Okay, now we need to figure out which one to actually use. Fall back
   dnl to curve25519-donna.c

   if test x$tor_cv_can_use_curve25519_donna_c64 != xno; then
     build_curve25519_donna_c64=yes
     use_curve25519_donna=yes
   elif test x$tor_cv_can_use_curve25519_nacl = xyes; then
     use_curve25519_nacl=yes
     CURVE25519_LIBS=-lnacl
   else
     build_curve25519_donna=yes
     use_curve25519_donna=yes
   fi
   have_a_curve25519=yes
fi

if test x$have_a_curve25519 = xyes; then
  AC_DEFINE(CURVE25519_ENABLED, 1,
            [Defined if we have a curve25519 implementation])
fi
if test x$use_curve25519_donna = xyes; then
  AC_DEFINE(USE_CURVE25519_DONNA, 1,
            [Defined if we should use an internal curve25519_donna{,_c64} implementation])
fi
if test x$use_curve25519_nacl = xyes; then
  AC_DEFINE(USE_CURVE25519_NACL, 1,
            [Defined if we should use a curve25519 from nacl])
fi
AM_CONDITIONAL(BUILD_CURVE25519_DONNA, test x$build_curve25519_donna = xyes)
AM_CONDITIONAL(BUILD_CURVE25519_DONNA_C64, test x$build_curve25519_donna_c64 = xyes)
AM_CONDITIONAL(CURVE25519_ENABLED, test x$have_a_curve25519 = xyes)
AC_SUBST(CURVE25519_LIBS)

876
dnl Make sure to enable support for large off_t if available.
877
878
AC_SYS_LARGEFILE

879
880
881
882
883
884
885
886
887
888
889
890
891
AC_CHECK_HEADERS(
        assert.h \
        errno.h \
        fcntl.h \
        signal.h \
        string.h \
        sys/fcntl.h \
        sys/stat.h \
        sys/time.h \
        sys/types.h \
        time.h \
        unistd.h
 , , AC_MSG_WARN(Some headers were not found, compilation may fail.  If compilation succeeds, please send your orconfig.h to the developers so we can fix this warning.))
892

893
894
dnl These headers are not essential

895
896
AC_CHECK_HEADERS(
        arpa/inet.h \
897
        crt_externs.h \
Nick Mathewson's avatar
Nick Mathewson committed
898
        execinfo.h \
899
        grp.h \
Sebastian Hahn's avatar
Sebastian Hahn committed
900
        ifaddrs.h \
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
        inttypes.h \
        limits.h \
        linux/types.h \
        machine/limits.h \
        malloc.h \
        malloc/malloc.h \
        malloc_np.h \
        netdb.h \
        netinet/in.h \
        netinet/in6.h \
        pwd.h \
        stdint.h \
        sys/file.h \
        sys/ioctl.h \
        sys/limits.h \
        sys/mman.h \
        sys/param.h \
        sys/prctl.h \
        sys/resource.h \
920
        sys/select.h \
921
        sys/socket.h \
922
	sys/sysctl.h \
923
924
925
926
927
928
929
930
931
        sys/syslimits.h \
        sys/time.h \
        sys/types.h \
        sys/un.h \
        sys/utime.h \
        sys/wait.h \
        syslog.h \
        utime.h
)
932

933
934
AC_CHECK_HEADERS(sys/param.h)

935
AC_CHECK_HEADERS(net/if.h, net_if_found=1, net_if_found=0,
936
937
938
939
[#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
940
941
#include <sys/socket.h>
#endif])
942
AC_CHECK_HEADERS(net/pfvar.h, net_pfvar_found=1, net_pfvar_found=0,
943
944
945
946
[#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
947
#include <sys/socket.h>
948
949
950
#endif
#ifdef HAVE_NET_IF_H
#include <net/if.h>
951
#endif])
952
AC_CHECK_HEADERS(linux/netfilter_ipv4.h,
953
        linux_netfilter_ipv4=1, linux_netfilter_ipv4=0,
954
955
956
957
[#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
958
#include <sys/socket.h>
959
#endif
960
961
962
963
964
965
966
967
968
#ifdef HAVE_LIMITS_H
#include <limits.h>
#endif
#ifdef HAVE_LINUX_TYPES_H
#include <linux/types.h>
#endif
#ifdef HAVE_NETINET_IN6_H
#include <netinet/in6.h>
#endif
969
970
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
971
#endif])
972
973
974

if test x$transparent = xtrue ; then
   transparent_ok=0
975
   if test x$net_if_found = x1 && test x$net_pfvar_found = x1 ; then
976
977
978
979
980
     transparent_ok=1
   fi
   if test x$linux_netfilter_ipv4 = x1 ; then
     transparent_ok=1
   fi
981
   if test x$transparent_ok = x1 ; then
982
983
     AC_DEFINE(USE_TRANSPARENT, 1, "Define to enable transparent proxy support")
     case $host in
984
       *-*-openbsd* | *-*-bitrig*)
985
986
987
988
989
990
991
         AC_DEFINE(OPENBSD, 1, "Define to handle pf on OpenBSD properly") ;;
     esac
   else
     AC_MSG_NOTICE([Transparent proxy support enabled, but missing headers.])
   fi
fi

992
993
994
995
996
997
998
AC_CHECK_MEMBERS([struct timeval.tv_sec], , ,
[#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_TIME_H
#include <sys/time.h>
#endif])
999

1000
dnl In case we aren't given a working stdint.h, we'll need to grow our own.