configure.ac

dnl Copyright (c) 2001-2004, Roger Dingledine
dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
dnl Copyright (c) 2007-2019, The Tor Project, Inc.
dnl See LICENSE for licensing information

AC_PREREQ([2.63])
AC_INIT([tor],[0.4.5.0-alpha-dev])
AC_CONFIG_SRCDIR([src/app/main/tor_main.c])
AC_CONFIG_MACRO_DIR([m4])

configure_flags="$*"

# DO NOT EDIT THIS DEFINITION BY HAND UNLESS YOU KNOW WHAT YOU'RE DOING.
#
# The update_versions.py script updates this definition when the
# version number changes.  Tor uses it to make sure that it
# only shuts down for missing "required protocols" when those protocols
# are listed as required by a consensus after this date.
AC_DEFINE(APPROX_RELEASE_DATE, ["2020-06-09"], # for 0.4.5.0-alpha-dev
          [Approximate date when this software was released. (Updated when the version changes.)])

# "foreign" means we don't follow GNU package layout standards
# "1.11" means we require automake version 1.11 or newer
# "subdir-objects" means put .o files in the same directory as the .c files
AM_INIT_AUTOMAKE([foreign 1.11 subdir-objects -Wall -Werror])

m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
AC_CONFIG_HEADERS([orconfig.h])

AC_USE_SYSTEM_EXTENSIONS
AC_CANONICAL_HOST

PKG_PROG_PKG_CONFIG
if test "x$PKG_CONFIG" = "x" ; then
    pkg_config_user_action="install pkg-config, and check the PKG_CONFIG_PATH environment variable"
    AC_MSG_NOTICE([Some libraries need pkg-config, including systemd, nss, lzma, zstd, and custom mallocs.])
    AC_MSG_NOTICE([To use those libraries, $pkg_config_user_action.])
else
    pkg_config_user_action="check the PKG_CONFIG_PATH environment variable"
fi

if test "x$PKG_CONFIG_PATH" = "x" && test "x$prefix" != "xNONE" && test "$host" != "$build"; then
   export PKG_CONFIG_PATH=$prefix/lib/pkgconfig
   AC_MSG_NOTICE([set PKG_CONFIG_PATH=$PKG_CONFIG_PATH to support cross-compiling])
fi

AC_ARG_ENABLE(openbsd-malloc,
   AS_HELP_STRING(--enable-openbsd-malloc, [use malloc code from OpenBSD.  Linux only. Deprecated: see --with-malloc]))
AC_ARG_ENABLE(static-openssl,
   AS_HELP_STRING(--enable-static-openssl, [link against a static openssl library. Requires --with-openssl-dir]))
AC_ARG_ENABLE(static-libevent,
   AS_HELP_STRING(--enable-static-libevent, [link against a static libevent library. Requires --with-libevent-dir]))
AC_ARG_ENABLE(static-zlib,
   AS_HELP_STRING(--enable-static-zlib, [link against a static zlib library. Requires --with-zlib-dir]))
AC_ARG_ENABLE(static-tor,
   AS_HELP_STRING(--enable-static-tor, [create an entirely static Tor binary. Requires --with-openssl-dir and --with-libevent-dir and --with-zlib-dir]))
AC_ARG_ENABLE(unittests,
   AS_HELP_STRING(--disable-unittests, [don't build unit tests for Tor. Risky!]))
AC_ARG_ENABLE(coverage,
   AS_HELP_STRING(--enable-coverage, [enable coverage support in the unit-test build]))
AC_ARG_ENABLE(asserts-in-tests,
   AS_HELP_STRING(--disable-asserts-in-tests, [disable tor_assert() calls in the unit tests, for branch coverage]))
AC_ARG_ENABLE(system-torrc,
   AS_HELP_STRING(--disable-system-torrc, [don't look for a system-wide torrc file]))
AC_ARG_ENABLE(libfuzzer,
   AS_HELP_STRING(--enable-libfuzzer, [build extra fuzzers based on 'libfuzzer']))
AC_ARG_ENABLE(oss-fuzz,
   AS_HELP_STRING(--enable-oss-fuzz, [build extra fuzzers based on 'oss-fuzz' environment]))
AC_ARG_ENABLE(memory-sentinels,
   AS_HELP_STRING(--disable-memory-sentinels, [disable code that tries to prevent some kinds of memory access bugs. For fuzzing only.]))
AC_ARG_ENABLE(rust,
   AS_HELP_STRING(--enable-rust, [enable rust integration]))
AC_ARG_ENABLE(cargo-online-mode,
   AS_HELP_STRING(--enable-cargo-online-mode, [Allow cargo to make network requests to fetch crates. For builds with rust only.]))
AC_ARG_ENABLE(restart-debugging,
   AS_HELP_STRING(--enable-restart-debugging, [Build Tor with support for debugging in-process restart. Developers only.]))
AC_ARG_ENABLE(zstd-advanced-apis,
   AS_HELP_STRING(--disable-zstd-advanced-apis, [Build without support for zstd's "static-only" APIs.]))
AC_ARG_ENABLE(nss,
   AS_HELP_STRING(--enable-nss, [Use Mozilla's NSS TLS library. (EXPERIMENTAL)]))
AC_ARG_ENABLE(pic,
   AS_HELP_STRING(--enable-pic, [Build Tor's binaries as position-independent code, suitable to link as a library.]))

AC_ARG_ENABLE(missing-doc-warnings,
   AS_HELP_STRING(--enable-missing-doc-warnings, [Tell doxygen to warn about missing documentation. Makes doxygen warnings nonfatal.]))

if test "$enable_missing_doc_warnings" = "yes"; then
   DOXYGEN_FATAL_WARNINGS=NO
   DOXYGEN_WARN_ON_MISSING=YES
elif test "$enable_fatal_warnings" = "yes"; then
   # Fatal warnings from doxygen are nice, but not if we're warning about
   # missing documentation.
   DOXYGEN_FATAL_WARNINGS=YES
   DOXYGEN_WARN_ON_MISSING=NO
else
   DOXYGEN_FATAL_WARNINGS=NO
   DOXYGEN_WARN_ON_MISSING=NO
fi
AC_SUBST(DOXYGEN_FATAL_WARNINGS)
AC_SUBST(DOXYGEN_WARN_ON_MISSING)

if test "x$enable_coverage" != "xyes" -a "x$enable_asserts_in_tests" = "xno" ; then
    AC_MSG_ERROR([Can't disable assertions outside of coverage build])
fi

AM_CONDITIONAL(UNITTESTS_ENABLED, test "x$enable_unittests" != "xno")
AM_CONDITIONAL(COVERAGE_ENABLED, test "x$enable_coverage" = "xyes")
AM_CONDITIONAL(DISABLE_ASSERTS_IN_UNIT_TESTS, test "x$enable_asserts_in_tests" = "xno")
AM_CONDITIONAL(LIBFUZZER_ENABLED, test "x$enable_libfuzzer" = "xyes")
AM_CONDITIONAL(OSS_FUZZ_ENABLED, test "x$enable_oss_fuzz" = "xyes")
AM_CONDITIONAL(USE_RUST, test "x$enable_rust" = "xyes")
AM_CONDITIONAL(USE_NSS, test "x$enable_nss" = "xyes")
AM_CONDITIONAL(USE_OPENSSL, test "x$enable_nss" != "xyes")

if test "x$enable_nss" = "xyes"; then
  AC_DEFINE(ENABLE_NSS, 1,
  	    [Defined if we're building with NSS.])
else
  AC_DEFINE(ENABLE_OPENSSL, 1,
            [Defined if we're building with OpenSSL or LibreSSL])
fi

if test "$enable_static_tor" = "yes"; then
  enable_static_libevent="yes";
  enable_static_openssl="yes";
  enable_static_zlib="yes";
  CFLAGS="$CFLAGS -static"
fi

if test "$enable_system_torrc" = "no"; then
  AC_DEFINE(DISABLE_SYSTEM_TORRC, 1,
            [Defined if we're not going to look for a torrc in SYSCONF])
fi

if test "$enable_memory_sentinels" = "no"; then
  AC_DEFINE(DISABLE_MEMORY_SENTINELS, 1,
           [Defined if we're turning off memory safety code to look for bugs])
fi

AC_ARG_ENABLE(manpage,
              AS_HELP_STRING(--disable-manpage, [Disable manpage generation.]))

AC_ARG_ENABLE(html-manual,
              AS_HELP_STRING(--disable-html-manual, [Disable HTML documentation.]))

AC_ARG_ENABLE(asciidoc,
     AS_HELP_STRING(--disable-asciidoc, [don't use asciidoc (disables building of manpages)]),
     [case "${enableval}" in
        "yes") asciidoc=true ;;
        "no")  asciidoc=false ;;
        *) AC_MSG_ERROR(bad value for --disable-asciidoc) ;;
      esac], [asciidoc=true])

# systemd notify support
AC_ARG_ENABLE(systemd,
      AS_HELP_STRING(--enable-systemd, [enable systemd notification support]),
      [case "${enableval}" in
        "yes") systemd=true ;;
        "no")  systemd=false ;;
        * ) AC_MSG_ERROR(bad value for --enable-systemd) ;;
      esac], [systemd=auto])

if test "$enable_restart_debugging" = "yes"; then
  AC_DEFINE(ENABLE_RESTART_DEBUGGING, 1,
            [Defined if we're building with support for in-process restart debugging.])
fi

if test "$enable_zstd_advanced_apis" != "no"; then
   AC_DEFINE(ENABLE_ZSTD_ADVANCED_APIS, 1,
             [Defined if we're going to try to use zstd's "static-only" APIs.])
fi

# systemd support
if test "x$enable_systemd" = "xno"; then
    have_systemd=no;
else
    PKG_CHECK_MODULES(SYSTEMD,
        [libsystemd-daemon],
        have_systemd=yes,
        have_systemd=no)
    if test "x$have_systemd" = "xno"; then
        AC_MSG_NOTICE([Okay, checking for systemd a different way...])
        PKG_CHECK_MODULES(SYSTEMD,
            [libsystemd],
            have_systemd=yes,
            have_systemd=no)
    fi
fi

if test "x$have_systemd" = "xyes"; then
    AC_DEFINE(HAVE_SYSTEMD,1,[Have systemd])
    TOR_SYSTEMD_CFLAGS="${SYSTEMD_CFLAGS}"
    TOR_SYSTEMD_LIBS="${SYSTEMD_LIBS}"
    PKG_CHECK_MODULES(LIBSYSTEMD209, [libsystemd >= 209],
         [AC_DEFINE(HAVE_SYSTEMD_209,1,[Have systemd v209 or greater])], [])
fi
AC_SUBST(TOR_SYSTEMD_CFLAGS)
AC_SUBST(TOR_SYSTEMD_LIBS)

if test "x$enable_systemd" = "xyes" -a "x$have_systemd" != "xyes" ; then
    AC_MSG_ERROR([Explicitly requested systemd support, but systemd not found, $pkg_config_user_action, or set SYSTEMD_CFLAGS and SYSTEMD_LIBS.])
fi

case "$host" in
   *-*-solaris* )
     AC_DEFINE(_REENTRANT, 1, [Define on some platforms to activate x_r() functions in time.h])
     ;;
esac

AC_ARG_ENABLE(gcc-warnings,
     AS_HELP_STRING(--enable-gcc-warnings, [deprecated alias for enable-fatal-warnings]))
AC_ARG_ENABLE(fatal-warnings,
     AS_HELP_STRING(--enable-fatal-warnings, [tell the compiler to treat all warnings as errors.]))
AC_ARG_ENABLE(gcc-warnings-advisory,
     AS_HELP_STRING(--disable-gcc-warnings-advisory, [disable the regular verbose warnings]))

dnl Others suggest '/gs /safeseh /nxcompat /dynamicbase' for non-gcc on Windows
AC_ARG_ENABLE(gcc-hardening,
    AS_HELP_STRING(--disable-gcc-hardening, [disable compiler security checks]))

dnl Deprecated --enable-expensive-hardening but keep it for now for backward compat.
AC_ARG_ENABLE(expensive-hardening,
    AS_HELP_STRING(--enable-expensive-hardening, [enable more fragile and expensive compiler hardening; makes Tor slower]))
AC_ARG_ENABLE(fragile-hardening,
    AS_HELP_STRING(--enable-fragile-hardening, [enable more fragile and expensive compiler hardening; makes Tor slower]))
if test "x$enable_expensive_hardening" = "xyes" || test "x$enable_fragile_hardening" = "xyes"; then
  fragile_hardening="yes"
  AC_DEFINE(DEBUG_SMARTLIST, 1, [Enable smartlist debugging])
fi

AC_ARG_ENABLE(all-bugs-are-fatal,
   AS_HELP_STRING(--enable-all-bugs-are-fatal, [force all soft asserts in Tor codebase (tor_assert_nonfatal(), BUG(), etc.) to act as hard asserts (tor_assert() and equivalents); makes Tor fragile; only recommended for dev builds]))

if test "x$enable_all_bugs_are_fatal" = "xyes"; then
  AC_DEFINE(ALL_BUGS_ARE_FATAL, 1, [All assert failures are fatal])
fi

dnl Linker hardening options
dnl Currently these options are ELF specific - you can't use this with MacOSX
AC_ARG_ENABLE(linker-hardening,
    AS_HELP_STRING(--disable-linker-hardening, [disable linker security fixups]))

AC_ARG_ENABLE(local-appdata,
   AS_HELP_STRING(--enable-local-appdata, [default to host local application data paths on Windows]))
if test "$enable_local_appdata" = "yes"; then
  AC_DEFINE(ENABLE_LOCAL_APPDATA, 1,
            [Defined if we default to host local appdata paths on Windows])
fi

AC_ARG_ENABLE(tool-name-check,
     AS_HELP_STRING(--disable-tool-name-check, [check for sanely named toolchain when cross-compiling]))

AC_ARG_ENABLE(seccomp,
     AS_HELP_STRING(--disable-seccomp, [do not attempt to use libseccomp]))

AC_ARG_ENABLE(libscrypt,
     AS_HELP_STRING(--disable-libscrypt, [do not attempt to use libscrypt]))

dnl --- Tracing Options. ---

dnl USDT instrumentation option.
AC_ARG_ENABLE(tracing-instrumentation-usdt,
              AS_HELP_STRING([--enable-tracing-instrumentation-usdt],
                             [build with tracing USDT instrumentation]))
AM_CONDITIONAL([USE_TRACING_INSTRUMENTATION_USDT],
               [test "x$enable_tracing_instrumentation_usdt" = "xyes"])

if test "x$enable_tracing_instrumentation_usdt" = "xyes"; then
  AC_CHECK_HEADERS([sys/sdt.h], [],
                   [AC_MSG_ERROR([USDT instrumentation requires sys/sdt.h header.
                                  On Debian, apt install systemtap-sdt-dev])], [])
  AC_DEFINE([USE_TRACING_INSTRUMENTATION_USDT], [1], [Using USDT instrumentation])
fi

dnl Tracepoints event to debug logs.
AC_ARG_ENABLE(tracing-instrumentation-log-debug,
     AS_HELP_STRING([--enable-tracing-instrumentation-log-debug],
                    [build with tracing event to debug log]),
     AC_DEFINE([USE_TRACING_INSTRUMENTATION_LOG_DEBUG], [1],
               [Tracepoints to log debug]), [])
AM_CONDITIONAL([USE_TRACING_INSTRUMENTATION_LOG_DEBUG],
               [test "x$enable_tracing_instrumentation_log_debug" = "xyes"])

dnl Define that tracing is supported if any instrumentation is used.
AM_COND_IF([USE_TRACING_INSTRUMENTATION_LOG_DEBUG],
           AC_DEFINE([HAVE_TRACING], [1], [Compiled with tracing support]))
AM_COND_IF([USE_TRACING_INSTRUMENTATION_USDT],
           AC_DEFINE([HAVE_TRACING], [1], [Compiled with tracing support]))

dnl -- End Tracing Options. --

dnl Enable Android only features.
AC_ARG_ENABLE(android,
     AS_HELP_STRING(--enable-android, [build with Android features enabled]))
AM_CONDITIONAL([USE_ANDROID], [test "x$enable_android" = "xyes"])

if test "x$enable_android" = "xyes"; then
  AC_DEFINE([USE_ANDROID], [1], [Compile with Android specific features enabled])

  dnl Check if the Android log library is available.
  AC_CHECK_HEADERS([android/log.h])
  AC_SEARCH_LIBS(__android_log_write, [log])

fi

dnl ---
dnl Tor modules options. These options are namespaced with --disable-module-XXX
dnl ---

dnl All our modules.
m4_define(MODULES, relay dirauth dircache)

dnl Relay module.
AC_ARG_ENABLE([module-relay],
              AS_HELP_STRING([--disable-module-relay],
                             [Build tor without the Relay modules: tor can not run as a relay, bridge, or authority. Implies --disable-module-dirauth]))
AM_CONDITIONAL(BUILD_MODULE_RELAY, [test "x$enable_module_relay" != "xno"])
AM_COND_IF(BUILD_MODULE_RELAY,
           AC_DEFINE([HAVE_MODULE_RELAY], [1],
                     [Compile with Relay feature support]))

dnl Dircache module.  (This cannot be enabled or disabled independently of
dnl the relay module.  It is not listed by --list-modules for this reason.)
AM_CONDITIONAL(BUILD_MODULE_DIRCACHE,
               [test "x$enable_module_relay" != "xno"])
AM_COND_IF(BUILD_MODULE_DIRCACHE,
           AC_DEFINE([HAVE_MODULE_DIRCACHE], [1],
                     [Compile with directory cache support]))

dnl Directory Authority module.
AC_ARG_ENABLE([module-dirauth],
              AS_HELP_STRING([--disable-module-dirauth],
                             [Build tor without the Directory Authority module: tor can not run as a directory authority or bridge authority]))
AM_CONDITIONAL(BUILD_MODULE_DIRAUTH,[test "x$enable_module_dirauth" != "xno" && test "x$enable_module_relay" != "xno"])
AM_COND_IF(BUILD_MODULE_DIRAUTH,
           AC_DEFINE([HAVE_MODULE_DIRAUTH], [1],
                     [Compile with Directory Authority feature support]))

dnl Helper variables.
TOR_MODULES_ALL_ENABLED=
AC_DEFUN([ADD_MODULE], [
    MODULE=m4_toupper($1)
    TOR_MODULES_ALL_ENABLED="${TOR_MODULES_ALL_ENABLED} -DHAVE_MODULE_${MODULE}=1"
])
m4_foreach_w([module], MODULES, [ADD_MODULE([module])])
AC_SUBST(TOR_MODULES_ALL_ENABLED)

dnl check for the correct "ar" when cross-compiling.
dnl   (AM_PROG_AR was new in automake 1.11.2, which we do not yet require,
dnl    so kludge up a replacement for the case where it isn't there yet.)
m4_ifdef([AM_PROG_AR],
         [AM_PROG_AR],
         [AN_MAKEVAR([AR], [AC_PROG_AR])
          AN_PROGRAM([ar], [AC_PROG_AR])
          AC_DEFUN([AC_PROG_AR], [AC_CHECK_TOOL([AR], [ar], [:])])
          AC_PROG_AR])

dnl Check whether the above macro has settled for a simply named tool even
dnl though we're cross compiling. We must do this before running AC_PROG_CC,
dnl because that will find any cc on the system, not only the cross-compiler,
dnl and then verify that a binary built with this compiler runs on the
dnl build system. It will then come to the false conclusion that we're not
dnl cross-compiling.
if test "x$enable_tool_name_check" != "xno"; then
    if test "x$ac_tool_warned" = "xyes"; then
        AC_MSG_ERROR([We are cross compiling but could not find a properly named toolchain. Do you have your cross-compiling toolchain in PATH? (You can --disable-tool-name-check to ignore this.)])
	elif test "x$ac_ct_AR" != "x" -a "x$cross_compiling" = "xmaybe"; then
		AC_MSG_ERROR([We think we are cross compiling but could not find a properly named toolchain. Do you have your cross-compiling toolchain in PATH? (You can --disable-tool-name-check to ignore this.)])
	fi
fi

AC_PROG_CC
AC_PROG_CPP
AC_PROG_MAKE_SET
AC_PROG_RANLIB
AC_PROG_SED

AC_ARG_VAR([PERL], [path to Perl binary])
AC_CHECK_PROGS([PERL], [perl])
AM_CONDITIONAL(USE_PERL, [test "x$ac_cv_prog_PERL" != "x"])

dnl check for asciidoc and a2x
AC_PATH_PROG([ASCIIDOC], [asciidoc], none)
AC_PATH_PROGS([A2X], [a2x a2x.py], none)

AM_CONDITIONAL(USE_ASCIIDOC, test "x$asciidoc" = "xtrue")
AM_CONDITIONAL(BUILD_MANPAGE, [test "x$enable_manpage" != "xno"])
AM_CONDITIONAL(BUILD_HTML_DOCS, [test "x$enable_html_manual" != "xno"])

AM_PROG_CC_C_O
AC_PROG_CC_C99

AC_CACHE_CHECK([for Python 3], [tor_cv_PYTHON],
   [AC_PATH_PROGS_FEATURE_CHECK([PYTHON], [ \
	python3 \
	python3.8 python3.7 python3.6 python3.5 python3.4 \
	python ],
   [["$ac_path_PYTHON" -c 'import sys; sys.exit(sys.version_info[0]<3)' && tor_cv_PYTHON="$ac_path_PYTHON" ac_path_PYTHON_found=:]] )])
AC_SUBST([PYTHON], [$tor_cv_PYTHON])

PYTHON="$tor_cv_PYTHON"

if test "x$PYTHON" = "x"; then
  AC_MSG_WARN([Python 3 unavailable; some tests will not be run.])
fi

AM_CONDITIONAL(USEPYTHON, [test "x$PYTHON" != "x"])

dnl List all external rust crates we depend on here. Include the version
rust_crates=" \
    digest-0.7.2 \
    libc-0.2.39 \
"
AC_SUBST(rust_crates)

ifdef([AC_C_FLEXIBLE_ARRAY_MEMBER], [
AC_C_FLEXIBLE_ARRAY_MEMBER
], [
 dnl Maybe we've got an old autoconf...
 AC_CACHE_CHECK([for flexible array members],
     tor_cv_c_flexarray,
     [AC_COMPILE_IFELSE(
       AC_LANG_PROGRAM([
 struct abc { int a; char b[]; };
], [
 struct abc *def = malloc(sizeof(struct abc)+sizeof(char));
 def->b[0] = 33;
]),
  [tor_cv_c_flexarray=yes],
  [tor_cv_c_flexarray=no])])
 if test "$tor_cv_flexarray" = "yes"; then
   AC_DEFINE([FLEXIBLE_ARRAY_MEMBER], [], [Define to nothing if C supports flexible array members, and to 1 if it does not.])
 else
   AC_DEFINE([FLEXIBLE_ARRAY_MEMBER], [1], [Define to nothing if C supports flexible array members, and to 1 if it does not.])
 fi
])

AC_CACHE_CHECK([for working C99 mid-block declaration syntax],
      tor_cv_c_c99_decl,
      [AC_COMPILE_IFELSE(
         [AC_LANG_PROGRAM([], [int x; x = 3; int y; y = 4 + x;])],
	 [tor_cv_c_c99_decl=yes],
	 [tor_cv_c_c99_decl=no] )])
if test "$tor_cv_c_c99_decl" != "yes"; then
  AC_MSG_ERROR([Your compiler doesn't support c99 mid-block declarations. This is required as of Tor 0.2.6.x])
fi

AC_CACHE_CHECK([for working C99 designated initializers],
      tor_cv_c_c99_designated_init,
      [AC_COMPILE_IFELSE(
         [AC_LANG_PROGRAM([struct s { int a; int b; };],
  	       [[ struct s ss = { .b = 5, .a = 6 }; ]])],
	 [tor_cv_c_c99_designated_init=yes],
	 [tor_cv_c_c99_designated_init=no] )])

if test "$tor_cv_c_c99_designated_init" != "yes"; then
  AC_MSG_ERROR([Your compiler doesn't support c99 designated initializers. This is required as of Tor 0.2.6.x])
fi

saved_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS -Werror"
AC_CACHE_CHECK([for __attribute__((fallthrough))],
      tor_cv_c_attr_fallthrough,
      [AC_COMPILE_IFELSE(
         [AC_LANG_PROGRAM([extern int x; void fn(void) ;],
	       [[ switch (x) { case 1: fn(); __attribute__((fallthrough));
                               case 2: fn(); break; } ]])],
	 [tor_cv_c_attr_fallthrough=yes],
	 [tor_cv_c_attr_fallthrough=no] )])
CFLAGS="$saved_CFLAGS"

if test "$tor_cv_c_attr_fallthrough" = "yes"; then
  AC_DEFINE(HAVE_ATTR_FALLTHROUGH, [1], [defined if we have the fallthrough attribute.])
fi

TORUSER=_tor
AC_ARG_WITH(tor-user,
        AS_HELP_STRING(--with-tor-user=NAME, [specify username for tor daemon]),
        [
           TORUSER=$withval
        ]
)
AC_SUBST(TORUSER)

TORGROUP=_tor
AC_ARG_WITH(tor-group,
        AS_HELP_STRING(--with-tor-group=NAME, [specify group name for tor daemon]),
        [
           TORGROUP=$withval
        ]
)
AC_SUBST(TORGROUP)


dnl If _WIN32 is defined and non-zero, we are building for win32
AC_MSG_CHECKING([for win32])
AC_RUN_IFELSE([AC_LANG_SOURCE([
int main(int c, char **v) {
#ifdef _WIN32
#if _WIN32
  return 0;
#else
  return 1;
#endif
#else
  return 2;
#endif
}])],
bwin32=true; AC_MSG_RESULT([yes]),
bwin32=false; AC_MSG_RESULT([no]),
bwin32=cross; AC_MSG_RESULT([cross])
)

if test "$bwin32" = "cross"; then
AC_MSG_CHECKING([for win32 (cross)])
AC_COMPILE_IFELSE([AC_LANG_SOURCE([
#ifdef _WIN32
int main(int c, char **v) {return 0;}
#else
#error
int main(int c, char **v) {return x(y);}
#endif
])],
bwin32=true; AC_MSG_RESULT([yes]),
bwin32=false; AC_MSG_RESULT([no]))
fi

AH_BOTTOM([
#ifdef _WIN32
/* Defined to access windows functions and definitions for >=WinXP */
# ifndef WINVER
#  define WINVER 0x0501
# endif

/* Defined to access _other_ windows functions and definitions for >=WinXP */
# ifndef _WIN32_WINNT
#  define _WIN32_WINNT 0x0501
# endif

/* Defined to avoid including some windows headers as part of Windows.h */
# ifndef WIN32_LEAN_AND_MEAN
#  define WIN32_LEAN_AND_MEAN 1
# endif
#endif
])

AM_CONDITIONAL(WIN32, test "x$bwin32" = "xtrue")
AM_CONDITIONAL(BUILD_NT_SERVICES, test "x$bwin32" = "xtrue")
AM_CONDITIONAL(BUILD_LIBTORRUNNER, test "x$bwin32" != "xtrue")

dnl Enable C99 when compiling with MIPSpro
AC_MSG_CHECKING([for MIPSpro compiler])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM(, [
#if (defined(__sgi) && defined(_COMPILER_VERSION))
#error
  return x(y);
#endif
])],
bmipspro=false; AC_MSG_RESULT(no),
bmipspro=true; AC_MSG_RESULT(yes))

if test "$bmipspro" = "true"; then
  CFLAGS="$CFLAGS -c99"
fi

AC_C_BIGENDIAN

AC_ARG_VAR([TOR_RUST_TARGET], [Rust target, must be specified when cross-compiling (HOST != BUILD). example: i686-pc-windows-gnu])

if test "x$enable_rust" = "xyes"; then
  AC_ARG_VAR([RUSTC], [path to the rustc binary])
  AC_CHECK_PROG([RUSTC], [rustc], [rustc],[no])
  if test "x$RUSTC" = "xno"; then
    AC_MSG_ERROR([rustc unavailable but rust integration requested.])
  fi

  AC_ARG_VAR([CARGO], [path to the cargo binary])
  AC_CHECK_PROG([CARGO], [cargo], [cargo],[no])
  if test "x$CARGO" = "xno"; then
    AC_MSG_ERROR([cargo unavailable but rust integration requested.])
  fi

  AC_DEFINE([HAVE_RUST], 1, [have Rust])
  if test "x$enable_fatal_warnings" = "xyes"; then
    RUST_WARN=
  else
    RUST_WARN=#
  fi
  if test "x$enable_cargo_online_mode" = "xyes"; then
    CARGO_ONLINE=
    RUST_DL=#
  else
    CARGO_ONLINE=--frozen
    RUST_DL=

    dnl When we're not allowed to touch the network, we need crate dependencies
    dnl locally available.
    AC_MSG_CHECKING([rust crate dependencies])
    AC_ARG_VAR([TOR_RUST_DEPENDENCIES], [path to directory with local crate mirror])
    if test "x$TOR_RUST_DEPENDENCIES" = "x"; then
      TOR_RUST_DEPENDENCIES="${srcdir}/src/ext/rust/crates"
    fi
    dnl Check whether the path exists before we try to cd into it.
    if test ! -d "$TOR_RUST_DEPENDENCIES"; then
      AC_MSG_ERROR([Rust dependency directory $TOR_RUST_DEPENDENCIES does not exist. Specify a dependency directory using the TOR_RUST_DEPENDENCIES variable or allow cargo to fetch crates using --enable-cargo-online-mode.])
      ERRORED=1
    fi
    dnl Make the path absolute, since we'll be using it from within a
    dnl subdirectory.
    TOR_RUST_DEPENDENCIES=$(cd "$TOR_RUST_DEPENDENCIES" ; pwd)

    for dep in $rust_crates; do
      if test ! -d "$TOR_RUST_DEPENDENCIES"/"$dep"; then
        AC_MSG_ERROR([Failure to find rust dependency $TOR_RUST_DEPENDENCIES/$dep. Specify a dependency directory using the TOR_RUST_DEPENDENCIES variable or allow cargo to fetch crates using --enable-cargo-online-mode.])
        ERRORED=1
      fi
    done
    if test "x$ERRORED" = "x"; then
      AC_MSG_RESULT([yes])
    fi
  fi

  dnl For now both MSVC and MinGW rust libraries will output static libs with
  dnl the MSVC naming convention.
  if test "$bwin32" = "true"; then
    tor_rust_static_name=tor_rust.lib
  else
    tor_rust_static_name=libtor_rust.a
  fi

  AC_CANONICAL_BUILD

  if test -n "$TOR_RUST_TARGET"; then
    if test "$host" = "$build"; then
      AC_MSG_ERROR([HOST = BUILD is invalid if TOR_RUST_TARGET is specified, see configure --help for more information.])
    fi
    RUST_TARGET_PROP="target = '$TOR_RUST_TARGET'"
    TOR_RUST_LIB_PATH="src/rust/target/$TOR_RUST_TARGET/release/$tor_rust_static_name"
  else
    if test "$host" != "$build"; then
      AC_MSG_ERROR([TOR_RUST_TARGET must be specified when cross-compiling with Rust enabled.])
    fi
    RUST_TARGET_PROP=
    TOR_RUST_LIB_PATH="src/rust/target/release/$tor_rust_static_name"
  fi

  AC_SUBST(RUST_TARGET_PROP)
  AC_SUBST(TOR_RUST_LIB_PATH)
  AC_SUBST(CARGO_ONLINE)
  AC_SUBST(RUST_WARN)
  AC_SUBST(RUST_DL)

  dnl Let's check the rustc version, too
  AC_MSG_CHECKING([rust version])
  RUSTC_VERSION=`$RUSTC --version`
  RUSTC_VERSION_MAJOR=`$RUSTC --version | cut -d ' ' -f 2 | cut -d '.' -f 1`
  RUSTC_VERSION_MINOR=`$RUSTC --version | cut -d ' ' -f 2 | cut -d '.' -f 2`
  if test "x$RUSTC_VERSION_MAJOR" = "x" -o "x$RUSTC_VERSION_MINOR" = "x"; then
    AC_MSG_ERROR([rustc version couldn't be identified])
  fi
  if test "$RUSTC_VERSION_MAJOR" -lt 2 -a "$RUSTC_VERSION_MINOR" -lt 31; then
    AC_MSG_ERROR([rustc must be at least version 1.31.0])
  fi
  AC_MSG_RESULT([$RUSTC_VERSION])
fi

AC_SEARCH_LIBS(socket, [socket network])
AC_SEARCH_LIBS(gethostbyname, [nsl])
AC_SEARCH_LIBS(dlopen, [dl])
AC_SEARCH_LIBS(inet_aton, [resolv])
AC_SEARCH_LIBS(backtrace, [execinfo])
saved_LIBS="$LIBS"
AC_SEARCH_LIBS([clock_gettime], [rt])
if test "$LIBS" != "$saved_LIBS"; then
   # Looks like we need -lrt for clock_gettime().
   have_rt=yes
fi

if test "$bwin32" = "false"; then
  AC_SEARCH_LIBS(pthread_create, [pthread])
  AC_SEARCH_LIBS(pthread_detach, [pthread])
fi

AM_CONDITIONAL(THREADS_WIN32, test "$bwin32" = "true")
AM_CONDITIONAL(THREADS_PTHREADS, test "$bwin32" = "false")

AC_CHECK_FUNCS(
	_NSGetEnviron \
	RtlSecureZeroMemory \
	SecureZeroMemory \
	accept4 \
	backtrace \
	backtrace_symbols_fd \
	eventfd \
	explicit_bzero \
	timingsafe_memcmp \
	flock \
	fsync \
	ftime \
	get_current_dir_name \
	getaddrinfo \
	getdelim \
	getifaddrs \
	getline \
	getrlimit \
	gettimeofday \
	gmtime_r \
	gnu_get_libc_version \
	inet_aton \
	ioctl \
	issetugid \
	llround \
	localtime_r \
	lround \
	madvise \
	memmem \
	memset_s \
	minherit \
	mmap \
	pipe \
	pipe2 \
	prctl \
	readpassphrase \
	rint \
	sigaction \
	socketpair \
	statvfs \
	strncasecmp \
	strcasecmp \
	strlcat \
	strlcpy \
	strnlen \
	strptime \
	strtok_r \
	strtoull \
	sysconf \
	sysctl \
	truncate \
	uname \
	usleep \
	vasprintf \
	_vscprintf
)

# Apple messed up when they added some functions: they
# forgot to decorate them with appropriate AVAILABLE_MAC_OS_VERSION
# checks.

# We should only probe for these functions if we are sure that we
# are not targeting OS X 10.9 or earlier.
AC_MSG_CHECKING([for a pre-Yosemite OS X build target])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#ifdef __APPLE__
#  include <AvailabilityMacros.h>
#  ifndef MAC_OS_X_VERSION_10_10
#    define MAC_OS_X_VERSION_10_10 101000
#  endif
#  if defined(MAC_OS_X_VERSION_MIN_REQUIRED)
#    if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_10
#      error "Running on Mac OS X 10.9 or earlier"
#    endif
#  endif
#endif
]], [[]])],
   [on_macos_pre_10_10=no ; AC_MSG_RESULT([no])],
   [on_macos_pre_10_10=yes; AC_MSG_RESULT([yes])])

if test "$on_macos_pre_10_10" = "no"; then
  AC_CHECK_FUNCS(
        mach_approximate_time \
  )
fi

# We should only probe for these functions if we are sure that we
# are not targeting OSX 10.11 or earlier.
AC_MSG_CHECKING([for a pre-Sierra OSX build target])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#ifdef __APPLE__
#  include <AvailabilityMacros.h>
#  ifndef MAC_OS_X_VERSION_10_12
#    define MAC_OS_X_VERSION_10_12 101200
#  endif
#  if defined(MAC_OS_X_VERSION_MIN_REQUIRED)
#    if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_12
#      error "Running on Mac OSX 10.11 or earlier"
#    endif
#  endif
#endif
]], [[]])],
   [on_macos_pre_10_12=no ; AC_MSG_RESULT([no])],
   [on_macos_pre_10_12=yes; AC_MSG_RESULT([yes])])

if test "$on_macos_pre_10_12" = "no"; then
  AC_CHECK_FUNCS(
        clock_gettime \
        getentropy \
  )
fi

if test "$bwin32" != "true"; then
  AC_CHECK_HEADERS(pthread.h)
  AC_CHECK_FUNCS(pthread_create)
  AC_CHECK_FUNCS(pthread_condattr_setclock)
fi

if test "$bwin32" = "true"; then
  AC_CHECK_DECLS([SecureZeroMemory, _getwch], , , [
#include <windows.h>
#include <conio.h>
#include <wchar.h>
                 ])
fi

AM_CONDITIONAL(BUILD_READPASSPHRASE_C,
  test "x$ac_cv_func_readpassphrase" = "xno" && test "$bwin32" = "false")

AC_MSG_CHECKING([whether free(NULL) works])
AC_RUN_IFELSE([AC_LANG_PROGRAM([
  #include <stdlib.h>
], [
char *p = NULL;
free(p);
])],
[free_null_ok=true; AC_MSG_RESULT(yes)],
[free_null_ok=false; AC_MSG_RESULT(no)],
[free_null_ok=cross; AC_MSG_RESULT(cross)])

if test "$free_null_ok" = "false"; then
   AC_MSG_ERROR([Your libc implementation doesn't allow free(NULL), as required by C99.])
fi

dnl ------------------------------------------------------
dnl Where do you live, libevent?  And how do we call you?

if test "$bwin32" = "true"; then
  TOR_LIB_WS32=-lws2_32
  TOR_LIB_IPHLPAPI=-liphlpapi
  # Some of the cargo-cults recommend -lwsock32 as well, but I don't
  # think it's actually necessary.
  TOR_LIB_GDI=-lgdi32
  TOR_LIB_USERENV=-luserenv
else
  TOR_LIB_WS32=
  TOR_LIB_GDI=
  TOR_LIB_USERENV=
fi
AC_SUBST(TOR_LIB_WS32)
AC_SUBST(TOR_LIB_GDI)
AC_SUBST(TOR_LIB_IPHLPAPI)
AC_SUBST(TOR_LIB_USERENV)

tor_libevent_pkg_redhat="libevent"
tor_libevent_pkg_debian="libevent-dev"
tor_libevent_devpkg_redhat="libevent-devel"
tor_libevent_devpkg_debian="libevent-dev"

dnl On Gnu/Linux or any place we require it, we'll add librt to the Libevent
dnl linking for static builds.
STATIC_LIBEVENT_FLAGS=""
if test "$enable_static_libevent" = "yes"; then
    if test "$have_rt" = "yes"; then
      STATIC_LIBEVENT_FLAGS=" -lrt "
    fi
fi

TOR_SEARCH_LIBRARY(libevent, $trylibeventdir, [-levent $STATIC_LIBEVENT_FLAGS $TOR_LIB_WS32], [
#ifdef _WIN32
#include <winsock2.h>
#endif
#include <sys/time.h>
#include <sys/types.h>
#include <event2/event.h>], [
#ifdef _WIN32
#include <winsock2.h>
#endif
struct event_base;
struct event_base *event_base_new(void);
void event_base_free(struct event_base *);],
    [
#ifdef _WIN32
{WSADATA d; WSAStartup(0x101,&d); }
#endif
event_base_free(event_base_new());
], [--with-libevent-dir], [/opt/libevent])

dnl Determine the incantation needed to link libevent.
save_LIBS="$LIBS"
save_LDFLAGS="$LDFLAGS"
save_CPPFLAGS="$CPPFLAGS"

LIBS="$STATIC_LIBEVENT_FLAGS $TOR_LIB_WS32 $save_LIBS"
LDFLAGS="$TOR_LDFLAGS_libevent $LDFLAGS"
CPPFLAGS="$TOR_CPPFLAGS_libevent $CPPFLAGS"

AC_CHECK_HEADERS(event2/event.h event2/dns.h event2/bufferevent_ssl.h)

if test "$enable_static_libevent" = "yes"; then
   if test "$tor_cv_library_libevent_dir" = "(system)"; then
     AC_MSG_ERROR("You must specify an explicit --with-libevent-dir=x option when using --enable-static-libevent")
   else
     TOR_LIBEVENT_LIBS="$TOR_LIBDIR_libevent/libevent.a $STATIC_LIBEVENT_FLAGS"
   fi
else
     if test "x$ac_cv_header_event2_event_h" = "xyes"; then
       AC_SEARCH_LIBS(event_new, [event event_core], , AC_MSG_ERROR("libevent2 is installed but linking it failed while searching for event_new"))
       AC_SEARCH_LIBS(evdns_base_new, [event event_extra], , AC_MSG_ERROR("libevent2 is installed but linking it failed while searching for evdns_base_new"))

       if test "$ac_cv_search_event_new" != "none required"; then
         TOR_LIBEVENT_LIBS="$ac_cv_search_event_new"
       fi
       if test "$ac_cv_search_evdns_base_new" != "none required"; then
         TOR_LIBEVENT_LIBS="$ac_cv_search_evdns_base_new $TOR_LIBEVENT_LIBS"
       fi
     else
       AC_MSG_ERROR("libevent2 is required but the headers could not be found")
     fi
fi

dnl Now check for particular libevent functions.
AC_CHECK_FUNCS([evutil_secure_rng_set_urandom_device_file \
                evutil_secure_rng_add_bytes \
                evdns_base_get_nameserver_addr \

])

LIBS="$save_LIBS"
LDFLAGS="$save_LDFLAGS"
CPPFLAGS="$save_CPPFLAGS"

dnl Check that libevent is at least at version 2.0.10, the first stable
dnl release of its series
CPPFLAGS="$CPPFLAGS $TOR_CPPFLAGS_libevent"
AC_MSG_CHECKING([whether Libevent is new enough])
AC_COMPILE_IFELSE([AC_LANG_SOURCE([
#include <event2/event.h>
#if !defined(LIBEVENT_VERSION_NUMBER) || LIBEVENT_VERSION_NUMBER < 0x02000a00
#error
int x = y(zz);
#else
int x = 1;
#endif
])], [ AC_MSG_RESULT([yes]) ],
   [ AC_MSG_RESULT([no])
     AC_MSG_ERROR([Libevent is not new enough.  We require 2.0.10-stable or later]) ] )

LIBS="$save_LIBS"
LDFLAGS="$save_LDFLAGS"
CPPFLAGS="$save_CPPFLAGS"

AC_SUBST(TOR_LIBEVENT_LIBS)

dnl ------------------------------------------------------
dnl Where do you live, libm?

dnl On some platforms (Haiku/BeOS) the math library is
dnl part of libroot. In which case don't link against lm
TOR_LIB_MATH=""
save_LIBS="$LIBS"
AC_SEARCH_LIBS(pow, [m], , AC_MSG_ERROR([Could not find pow in libm or libc.]))
if test "$ac_cv_search_pow" != "none required"; then
    TOR_LIB_MATH="$ac_cv_search_pow"
fi
LIBS="$save_LIBS"
AC_SUBST(TOR_LIB_MATH)

dnl ------------------------------------------------------
dnl Hello, NSS.  You're new around here.
if test "x$enable_nss" = "xyes"; then
  PKG_CHECK_MODULES(NSS,
     [nss],
     [have_nss=yes],
     [have_nss=no; AC_MSG_ERROR([You asked for NSS but I can't find it, $pkg_config_user_action, or set NSS_CFLAGS and NSS_LIBS.])])
  AC_SUBST(NSS_CFLAGS)
  AC_SUBST(NSS_LIBS)
fi

dnl ------------------------------------------------------
dnl Where do you live, openssl?  And how do we call you?

if test "x$enable_nss" != "xyes"; then

tor_openssl_pkg_redhat="openssl"
tor_openssl_pkg_debian="libssl-dev"
tor_openssl_devpkg_redhat="openssl-devel"
tor_openssl_devpkg_debian="libssl-dev"

ALT_openssl_WITHVAL=""
AC_ARG_WITH(ssl-dir,
  AS_HELP_STRING(--with-ssl-dir=PATH, [obsolete alias for --with-openssl-dir]),
  [
      if test "x$withval" != "xno" && test "x$withval" != "x"; then
         ALT_openssl_WITHVAL="$withval"
      fi
  ])

AC_MSG_NOTICE([Now, we'll look for OpenSSL >= 1.0.1])
TOR_SEARCH_LIBRARY(openssl, $tryssldir, [-lssl -lcrypto $TOR_LIB_GDI $TOR_LIB_WS32],
    [#include <openssl/ssl.h>
     char *getenv(const char *);],
    [struct ssl_cipher_st;
     unsigned SSL_CIPHER_get_id(const struct ssl_cipher_st *);
     char *getenv(const char *);],
    dnl This funny-looking test program calls getenv, so that the compiler
    dnl will neither make code that call SSL_CIPHER_get_id(NULL) [producing
    dnl a crash], nor optimize out the call to SSL_CIPHER_get_id().
    dnl We look for SSL_cipher_get_id() because it is present in
    dnl OpenSSL >=1.0.1, because it is not deprecated, and because Tor
    dnl depends on it.
    [if (getenv("THIS_SHOULDNT_BE_SET_X201803")) SSL_CIPHER_get_id((void *)0);], [],
    [/usr/local/opt/openssl /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /opt/openssl])

dnl XXXX check for OPENSSL_VERSION_NUMBER == SSLeay()

if test "$enable_static_openssl" = "yes"; then
   if test "$tor_cv_library_openssl_dir" = "(system)"; then
     AC_MSG_ERROR("You must specify an explicit --with-openssl-dir=x option when using --enable-static-openssl")
   else
     TOR_OPENSSL_LIBS="$TOR_LIBDIR_openssl/libssl.a $TOR_LIBDIR_openssl/libcrypto.a"
   fi
else
     TOR_OPENSSL_LIBS="-lssl -lcrypto"
fi
AC_SUBST(TOR_OPENSSL_LIBS)

dnl Now check for particular openssl functions.
save_LIBS="$LIBS"
save_LDFLAGS="$LDFLAGS"
save_CPPFLAGS="$CPPFLAGS"
LIBS="$TOR_OPENSSL_LIBS $LIBS"
LDFLAGS="$TOR_LDFLAGS_openssl $LDFLAGS"
CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS"

AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <openssl/opensslv.h>
#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL
#error "too old"
#endif
   ]], [[]])],
   [ : ],
   [ AC_MSG_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ])

AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <openssl/opensslv.h>
#include <openssl/evp.h>
#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_ECDSA)
#error "no ECC"
#endif
#if !defined(NID_X9_62_prime256v1) || !defined(NID_secp224r1)
#error "curves unavailable"
#endif
   ]], [[]])],
   [ : ],
   [ AC_MSG_ERROR([OpenSSL is built without full ECC support, including curves P256 and P224. You can specify a path to one with ECC support with --with-openssl-dir.]) ])

AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , ,
[#include <openssl/ssl.h>
])

dnl OpenSSL functions which we might not have.  In theory, we could just
dnl check the openssl version number, but in practice that gets pretty
dnl confusing with LibreSSL, OpenSSL, and various distributions' patches
dnl to them.
AC_CHECK_FUNCS([ \
		ERR_load_KDF_strings \
		EVP_PBE_scrypt \
		SSL_CIPHER_find \
		SSL_CTX_set1_groups_list \
		SSL_CTX_set_security_level \
		SSL_SESSION_get_master_key \
		SSL_get_client_ciphers \
		SSL_get_client_random \
		SSL_get_server_random \
		TLS_method \
	       ])

dnl Check if OpenSSL structures are opaque
AC_CHECK_MEMBERS([SSL.state], , ,
[#include <openssl/ssl.h>
])

AC_CHECK_SIZEOF(SHA_CTX, , [AC_INCLUDES_DEFAULT()
#include <openssl/sha.h>
])

fi # enable_nss

dnl We will someday make KECCAK_TINY optional, but for now we still need
dnl it for SHAKE, since OpenSSL's SHAKE can't be squeezed more than
dnl once.  See comment in the definition of crypto_xof_t.

dnl AM_CONDITIONAL(BUILD_KECCAK_TINY,
dnl   test "x$ac_cv_func_EVP_sha3_256" != "xyes")

AM_CONDITIONAL(BUILD_KECCAK_TINY, true)

dnl ======================================================================
dnl Can we use KIST?