INN commit: trunk (13 files)
INN Commit
rra at isc.org
Sat Oct 26 16:38:24 UTC 2013
Date: Saturday, October 26, 2013 @ 09:38:23
Author: iulius
Revision: 9548
improve the build with Kerberos v5 and OpenSSL support
* use Kerberos v5 probes from rra-c-util (new krb5-config.m4
and lib-helper.m4 files, and update of krb5.m4)
* use OpenSSL probes from rra-c-util (update of openssl.m4)
* KRB5_AUTH is now defined directly in configure.ac
* --with-kerberos is renamed to --with-krb5 (configure flag)
* --enable-reduced-depends is a new configure flag, which
tries to minimize the shared library dependencies of the
resulting binaries on platforms with proper shared library
dependencies; this is not enabled by default, and is
of interest primarily to people building packages
for distributions
* new --with-krb5-include, --with-krb5-lib, --with-openssl-include,
and --with-openssl-lib configure flags to allow the use of
non-standard paths
* if the Kerberos v5, or OpenSSL SSL and crypto libraries are found
at configure time, INN will now be built with support for them unless
respectively the --without-krb5, or --without-openssl flags are
explicitly passed to configure
* update documentation and inn.conf sample file
Added:
trunk/m4/krb5-config.m4
trunk/m4/lib-helper.m4
Modified:
trunk/MANIFEST
trunk/Makefile.global.in
trunk/configure.ac
trunk/doc/pod/install.pod
trunk/doc/pod/news.pod
trunk/doc/pod/nnrpd.pod
trunk/doc/pod/ovdb.pod
trunk/doc/pod/readers.conf.pod
trunk/m4/krb5.m4
trunk/m4/openssl.m4
trunk/samples/inn.conf.in
--------------------------+
MANIFEST | 4
Makefile.global.in | 6
configure.ac | 12 +
doc/pod/install.pod | 21 ++
doc/pod/news.pod | 35 +++
doc/pod/nnrpd.pod | 12 -
doc/pod/ovdb.pod | 2
doc/pod/readers.conf.pod | 9
m4/krb5-config.m4 | 102 +++++++++++
m4/krb5.m4 | 406 ++++++++++++++++++++++++++++++++++++++-------
m4/lib-helper.m4 | 139 +++++++++++++++
m4/openssl.m4 | 137 ++++++++-------
samples/inn.conf.in | 5
13 files changed, 742 insertions(+), 148 deletions(-)
Modified: MANIFEST
===================================================================
--- MANIFEST 2013-10-05 19:56:44 UTC (rev 9547)
+++ MANIFEST 2013-10-26 16:38:23 UTC (rev 9548)
@@ -559,9 +559,11 @@
m4/compress.m4 Autoconf macro for compress detection
m4/inet-ntoa.m4 Autoconf macro to check inet_ntoa
m4/iov-max.m4 Autoconf macro for IOV_MAX
-m4/krb5.m4 Autoconf macro for Kerberos v5
+m4/krb5-config.m4 Autoconf macros to use krb5-config
+m4/krb5.m4 Autoconf macros for Kerberos v5
m4/large-fpos.m4 Autoconf macro for large-file fpos_t
m4/lib-depends.m4 Autoconf macro to change library probes
+m4/lib-helper.m4 Autoconf macros used by other library probes
m4/lib-pathname.m4 Autoconf macros to find the library path
m4/libtool.m4 Autoconf macros for libtool
m4/ltoptions.m4 Autoconf macros for libtool option handling
Modified: Makefile.global.in
===================================================================
--- Makefile.global.in 2013-10-05 19:56:44 UTC (rev 9547)
+++ Makefile.global.in 2013-10-26 16:38:23 UTC (rev 9548)
@@ -171,9 +171,9 @@
## linking code that contains OpenSSL support, and the path to the OpenSSL
## binaries.
-SSL_CPPFLAGS = @SSL_CPPFLAGS@
-SSL_LDFLAGS = @SSL_LDFLAGS@
-SSL_LIBS = @SSL_LIBS@
+SSL_CPPFLAGS = @OPENSSL_CPPFLAGS@
+SSL_LDFLAGS = @OPENSSL_LDFLAGS@
+SSL_LIBS = @OPENSSL_LIBS@
SSLBIN = @SSLBIN@
Modified: configure.ac
===================================================================
--- configure.ac 2013-10-05 19:56:44 UTC (rev 9547)
+++ configure.ac 2013-10-26 16:38:23 UTC (rev 9548)
@@ -39,9 +39,11 @@
m4_include([m4/compress.m4])
m4_include([m4/inet-ntoa.m4])
m4_include([m4/iov-max.m4])
+m4_include([m4/krb5-config.m4])
m4_include([m4/krb5.m4])
m4_include([m4/large-fpos.m4])
m4_include([m4/lib-depends.m4])
+m4_include([m4/lib-helper.m4])
m4_include([m4/lib-pathname.m4])
m4_include([m4/libtool.m4])
m4_include([m4/lt~obsolete.m4])
@@ -330,10 +332,16 @@
dnl libraries if needed.
INN_LIB_BERKELEYDB
INN_LIB_ZLIB
-INN_LIB_OPENSSL
+INN_LIB_OPENSSL_OPTIONAL
INN_LIB_SASL
-INN_LIB_KERBEROS
+INN_LIB_KRB5_OPTIONAL
+dnl If Kerberos is found, define KRB5_AUTH to auth_krb5 so as to build
+dnl that program.
+AS_IF([test x"$KRB5_LIBS" != x],
+ [KRB5_AUTH=auth_krb5])
+AC_SUBST([KRB5_AUTH])
+
dnl The dbm libraries are a special case. If we're building with Berkeley DB,
dnl just use the ndbm support provided by it.
if test x"$DB_LIBS" != x ; then
Modified: doc/pod/install.pod
===================================================================
--- doc/pod/install.pod 2013-10-05 19:56:44 UTC (rev 9547)
+++ doc/pod/install.pod 2013-10-26 16:38:23 UTC (rev 9548)
@@ -151,7 +151,7 @@
--with-zlib zlib 1.x or higher
--with-openssl OpenSSL 0.9.6 or higher
--with-sasl SASL 2.x or higher
- --with-kerberos MIT Kerberos v5 1.2.x or higher
+ --with-krb5 MIT Kerberos v5 1.2.x or higher
If any of these libraries (other than Perl or Python) are built shared and
installed in locations where your system doesn't search for shared
@@ -291,6 +291,15 @@
installation independently; see C<./configure --help> and look for the
B<--with-*-dir>=PATH options.
+=item B<--enable-reduced-depends>
+
+Requests that library probes assume shared libraries are in use and
+dependencies of libraries should not be probed. It therefore tries to
+minimize the shared library dependencies of the resulting binaries on
+platforms with proper shared library dependencies. This is not enabled
+by default, and is of interest primarily to people building packages
+for distributions.
+
=item B<--enable-largefiles>
Enables large file support. This is not enabled by default, even on
@@ -395,7 +404,7 @@
is expected to have subdirectories F<include> and F<lib> (F<lib32>
and F<lib64> are also checked), containing respectively F<db.h>, and
the library itself. In case non-standard paths to the S<Berkeley DB>
-are used, one or both of the options B<--with-berkeleydb-include>
+libraries are used, one or both of the options B<--with-berkeleydb-include>
and B<--with-berkeleydb-lib> can be given to configure with a path.
=item B<--with-zlib>=PATH
@@ -416,6 +425,14 @@
this option, you'll still need to make a certificate and private key to use TLS.
See below for details on how to do that.
+In case non-standard paths to the OpenSSL libraries are used, one or
+both of the options B<--with-openssl-include> and B<--with-openssl-lib>
+can be given to configure with a path.
+
+If the OpenSSL SSL and crypto libraries are found at configure time,
+INN will be built with TLS/SSL support unless the B<--without-openssl>
+flag is explicitly passed to configure.
+
=item B<--enable-ipv6>
Enables support for IPv6 in B<innd>, B<innfeed>, B<nnrpd>, and several of the
Modified: doc/pod/news.pod
===================================================================
--- doc/pod/news.pod 2013-10-05 19:56:44 UTC (rev 9547)
+++ doc/pod/news.pod 2013-10-26 16:38:23 UTC (rev 9548)
@@ -18,6 +18,11 @@
=item *
+The B<--with-kerberos> configure flag used to add S<Kerberos v5>
+support has been renamed to B<--with-krb5>.
+
+=item *
+
$HOME is no longer exported as an environment variable by B<innshellvars>,
B<innshellvars.tcl> and the Perl module C<INN::Config>. It was previously
overriding the default user home directory with I<pathnews>. If you use
@@ -122,15 +127,33 @@
=item *
-When building INN with S<Berkeley DB> support, no longer add
-standard locations to compiler and linker include flags. Such
-default paths are now added only if explicitly given to one or
-more of the B<--with-berkeleydb>, B<--with-berkeleydb-include>, or
-B<--with-berkeleydb-lib> configure flags (the last two flags are new
-in S<INN 2.6.0>).
+When building INN with S<Berkeley DB>, S<Kerberos v5>, or OpenSSL
+support, no longer add standard locations to compiler and linker include
+flags. Such default paths are now added only if explicitly given to
+one or more of the B<--with-berkeleydb>, B<--with-berkeleydb-include>,
+B<--with-berkeleydb-lib>, B<--with-krb5>, B<--with-krb5-include>,
+B<--with-krb5-lib>, B<--with-openssl>, B<--with-openssl-include>, or
+B<--with-openssl-lib> configure flags (the flags ending with C<-include>
+and C<-lib> are new in S<INN 2.6.0>).
=item *
+If the S<Kerberos v5>, or OpenSSL SSL and crypto libraries are found
+at configure time, INN will now be built with support for them unless
+respectively the B<--without-krb5>, or B<--without-openssl> flags are
+explicitly passed to configure.
+
+=item *
+
+The configure flag B<--enable-reduced-depends> has been added to request
+that library probes assume shared libraries are in use and dependencies
+of libraries should not be probed. It therefore tries to minimize the
+shared library dependencies of the resulting binaries on platforms with
+proper shared library dependencies. This is not enabled by default, and
+is of interest primarily to people building packages for distributions.
+
+=item *
+
For security reasons, use of the flawed SSLv2 protocol is now disabled
for TLS sessions with B<nnrpd>.
Modified: doc/pod/nnrpd.pod
===================================================================
--- doc/pod/nnrpd.pod 2013-10-05 19:56:44 UTC (rev 9547)
+++ doc/pod/nnrpd.pod 2013-10-26 16:38:23 UTC (rev 9548)
@@ -155,8 +155,9 @@
=item B<-S>
-If specified, B<nnrpd> will start a negotiation for a TLS session as
-soon as connected. To use this flag, B<--with-openssl> must have been
+If specified, B<nnrpd> will start a negotiation for a TLS session
+as soon as connected. To use this flag, the OpenSSL SSL and crypto
+libraries must have been found at configure time, or B<--with-openssl>
specified at configure time. For more information on running B<nnrpd>
with TLS support, see L<TLS SUPPORT>.
@@ -171,11 +172,12 @@
=head1 TLS SUPPORT
-If INN is built with B<--with-openssl>, B<nnrpd> will support news reading
+If INN is built with B<--with-openssl> or if the OpenSSL SSL and crypto
+libraries are found at configure time, B<nnrpd> will support news reading
over TLS (also known as SSL). For clients that use the STARTTLS command,
no special configuration is needed beyond creating a TLS/SSL certificate
-for the server. You should do this in exactly the same way that you would
-generate a certificate for a web server.
+for the server. You should do this in exactly the same way that you
+would generate a certificate for a web server.
If you're happy with a self-signed certificate (which will generate
warnings with some news reader clients), you can create and install one in
Modified: doc/pod/ovdb.pod
===================================================================
--- doc/pod/ovdb.pod 2013-10-05 19:56:44 UTC (rev 9547)
+++ doc/pod/ovdb.pod 2013-10-26 16:38:23 UTC (rev 9548)
@@ -33,7 +33,7 @@
is expected to have subdirectories F<include> and F<lib> (F<lib32>
and F<lib64> are also checked), containing respectively F<db.h>, and
the library itself. In case non-standard paths to the S<Berkeley DB>
-are used, one or both of the options B<--with-berkeleydb-include>
+libraries are used, one or both of the options B<--with-berkeleydb-include>
and B<--with-berkeleydb-lib> can be given to configure with a path.
The ovdb database may take up more disk space for a given spool than the
Modified: doc/pod/readers.conf.pod
===================================================================
--- doc/pod/readers.conf.pod 2013-10-05 19:56:44 UTC (rev 9547)
+++ doc/pod/readers.conf.pod 2013-10-26 16:38:23 UTC (rev 9548)
@@ -307,10 +307,11 @@
=item B<require_ssl:>
If set to true, an incoming connection only matches this auth group if
-it is encrypted using TLS/SSL, either from the beginning if the B<-S> flag
-was passed to B<nnrpd> or after a successful use of STARTTLS. This
-parameter is only valid if INN is compiled with TLS/SSL support
-(B<--with-openssl> passed to configure).
+it is encrypted using TLS/SSL, either from the beginning if the B<-S>
+flag was passed to B<nnrpd> or after a successful use of STARTTLS.
+This parameter is only valid if INN is compiled with TLS/SSL support (by
+default if the OpenSSL SSL and crypto libraries are found at configure
+time, otherwise see the B<--with-openssl> flag passed to configure).
=item B<perl_access:>
Added: m4/krb5-config.m4
===================================================================
--- m4/krb5-config.m4 (rev 0)
+++ m4/krb5-config.m4 2013-10-26 16:38:23 UTC (rev 9548)
@@ -0,0 +1,102 @@
+dnl Use krb5-config to get link paths for Kerberos libraries.
+dnl $Id$
+dnl
+dnl Provides one macro, INN_KRB5_CONFIG, which attempts to get compiler and
+dnl linker flags for a library via krb5-config and sets the appropriate shell
+dnl variables. Defines the Autoconf variable PATH_KRB5_CONFIG, which can be
+dnl used to find the default path to krb5-config.
+dnl
+dnl Depends on INN_ENABLE_REDUCED_DEPENDS.
+dnl
+dnl The canonical version of this file is maintained in the rra-c-util
+dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+dnl
+dnl Written by Russ Allbery <rra at stanford.edu>
+dnl Copyright 2011, 2012
+dnl The Board of Trustees of the Leland Stanford Junior University
+dnl
+dnl This file is free software; the authors give unlimited permission to copy
+dnl and/or distribute it, with or without modifications, as long as this
+dnl notice is preserved.
+
+dnl Check for krb5-config in the user's path and set PATH_KRB5_CONFIG. This
+dnl is moved into a separate macro so that it can be loaded via AC_REQUIRE,
+dnl meaning it will only be run once even if we link with multiple krb5-config
+dnl libraries.
+AC_DEFUN([_INN_KRB5_CONFIG_PATH],
+[AC_ARG_VAR([PATH_KRB5_CONFIG], [Path to krb5-config])
+ AC_PATH_PROG([PATH_KRB5_CONFIG], [krb5-config], [],
+ [${PATH}:/usr/kerberos/bin])])
+
+dnl Check whether the --deps flag is supported by krb5-config. Takes the path
+dnl to krb5-config to use. Note that this path is not embedded in the cache
+dnl variable, so this macro implicitly assumes that we will always use the
+dnl same krb5-config program.
+AC_DEFUN([_INN_KRB5_CONFIG_DEPS],
+[AC_REQUIRE([_INN_KRB5_CONFIG_PATH])
+ AC_CACHE_CHECK([for --deps support in krb5-config],
+ [inn_cv_krb5_config_deps],
+ [AS_IF(["$1" 2>&1 | grep deps >/dev/null 2>&1],
+ [inn_cv_krb5_config_deps=yes],
+ [inn_cv_krb5_config_deps=no])])])
+
+dnl Obtain the library flags for a particular library using krb5-config.
+dnl Takes the path to the krb5-config program to use, the argument to
+dnl krb5-config to use, and the variable prefix under which to store the
+dnl library flags.
+AC_DEFUN([_INN_KRB5_CONFIG_LIBS],
+[AC_REQUIRE([_INN_KRB5_CONFIG_PATH])
+ AC_REQUIRE([INN_ENABLE_REDUCED_DEPENDS])
+ _INN_KRB5_CONFIG_DEPS([$1])
+ AS_IF([test x"$inn_reduced_depends" = xfalse \
+ && test x"$inn_cv_krb5_config_deps" = xyes],
+ [$3[]_LIBS=`"$1" --deps --libs $2 2>/dev/null`],
+ [$3[]_LIBS=`"$1" --libs $2 2>/dev/null`])])
+
+dnl Attempt to find the flags for a library using krb5-config. Takes the
+dnl following arguments (in order):
+dnl
+dnl 1. The root directory for the library in question, generally from an
+dnl Autoconf --with flag. Used by preference as the path to krb5-config.
+dnl
+dnl 2. The argument to krb5-config to retrieve flags for this particular
+dnl library.
+dnl
+dnl 3. The variable prefix to use when setting CPPFLAGS and LIBS variables
+dnl based on the result of krb5-config.
+dnl
+dnl 4. Further actions to take if krb5-config was found and supported that
+dnl library type.
+dnl
+dnl 5. Further actions to take if krb5-config could not be used to get flags
+dnl for that library type.
+dnl
+dnl Special-case a krb5-config argument of krb5 and run krb5-config without an
+dnl argument if that option was requested and not supported. Old versions of
+dnl krb5-config didn't take an argument to specify the library type, but
+dnl always returned the flags for libkrb5.
+AC_DEFUN([INN_KRB5_CONFIG],
+[AC_REQUIRE([_INN_KRB5_CONFIG_PATH])
+ inn_krb5_config_$3=
+ inn_krb5_config_$3[]_ok=
+ AS_IF([test x"$1" != x && test -x "$1/bin/krb5-config"],
+ [inn_krb5_config_$3="$1/bin/krb5-config"],
+ [inn_krb5_config_$3="$PATH_KRB5_CONFIG"])
+ AS_IF([test x"$inn_krb5_config_$3" != x && test -x "$inn_krb5_config_$3"],
+ [AC_CACHE_CHECK([for $2 support in krb5-config], [inn_cv_lib_$3[]_config],
+ [AS_IF(["$inn_krb5_config_$3" 2>&1 | grep $2 >/dev/null 2>&1],
+ [inn_cv_lib_$3[]_config=yes],
+ [inn_cv_lib_$3[]_config=no])])
+ AS_IF([test "$inn_cv_lib_$3[]_config" = yes],
+ [$3[]_CPPFLAGS=`"$inn_krb5_config_$3" --cflags $2 2>/dev/null`
+ _INN_KRB5_CONFIG_LIBS([$inn_krb5_config_$3], [$2], [$3])
+ inn_krb5_config_$3[]_ok=yes],
+ [AS_IF([test x"$2" = xkrb5],
+ [$3[]_CPPFLAGS=`"$inn_krb5_config_$3" --cflags 2>/dev/null`
+ $3[]_LIBS=`"$inn_krb5_config_$3" --libs $2 2>/dev/null`
+ inn_krb5_config_$3[]_ok=yes])])])
+ AS_IF([test x"$inn_krb5_config_$3[]_ok" = xyes],
+ [$3[]_CPPFLAGS=`echo "$$3[]_CPPFLAGS" | sed 's%-I/usr/include %%'`
+ $3[]_CPPFLAGS=`echo "$$3[]_CPPFLAGS" | sed 's%-I/usr/include$%%'`
+ $4],
+ [$5])])
Property changes on: trunk/m4/krb5-config.m4
___________________________________________________________________
Added: svn:eol-style
+ native
Added: svn:keywords
+ Author Date Id Revision
Modified: m4/krb5.m4
===================================================================
--- m4/krb5.m4 2013-10-05 19:56:44 UTC (rev 9547)
+++ m4/krb5.m4 2013-10-26 16:38:23 UTC (rev 9548)
@@ -1,66 +1,348 @@
-dnl krb5.m4 -- Find the Kerberos v5 libraries.
+dnl Find the compiler and linker flags for Kerberos.
dnl $Id$
dnl
-dnl Defines the macro INN_LIB_KERBEROS, which probes for the Kerberos v5
-dnl libraries and defines the output variables KRB5_CPPFLAGS, KRB5_LDFLAGS,
-dnl and KRB5_LIBS to the appropriate preprocessor and linker flags.
+dnl Finds the compiler and linker flags for linking with Kerberos libraries.
+dnl Provides the --with-krb5, --with-krb5-include, and --with-krb5-lib
+dnl configure options to specify non-standard paths to the Kerberos libraries.
+dnl Uses krb5-config where available unless reduced dependencies is requested
+dnl or --with-krb5-include or --with-krb5-lib are given.
dnl
-dnl Also defines KRB5_AUTH to auth_krb5 if Kerberos was desired and found and
-dnl probe for krb5_init_ets (which may or may not be required).
+dnl Provides the macro INN_LIB_KRB5 and sets the substitution variables
+dnl KRB5_CPPFLAGS, KRB5_LDFLAGS, and KRB5_LIBS. Also provides
+dnl INN_LIB_KRB5_SWITCH to set CPPFLAGS, LDFLAGS, and LIBS to include the
+dnl Kerberos libraries, saving the current values first, and
+dnl INN_LIB_KRB5_RESTORE to restore those settings to before the last
+dnl INN_LIB_KRB5_SWITCH. HAVE_KERBEROS will always be defined if INN_LIB_KRB5
+dnl is used.
+dnl
+dnl If KRB5_CPPFLAGS, KRB5_LDFLAGS, or KRB5_LIBS are set before calling these
+dnl macros, their values will be added to whatever the macros discover.
+dnl
+dnl Provides the INN_LIB_KRB5_OPTIONAL macro, which should be used if Kerberos
+dnl support is optional. In this case, Kerberos libraries are mandatory if
+dnl --with-krb5 or related flags are given, and will not be probed for if
+dnl --without-krb5 is given. Otherwise, they'll be probed for, and
+dnl inn_use_kerberos will be set to true if they're found and not set
+dnl otherwise. The substitution variables will always be set, but they will
+dnl be empty unless Kerberos libraries are found and the user did not disable
+dnl Kerberos support. Similarly, HAVE_KERBEROS will be defined if Kerberos
+dnl libraries are found and the user didn't disable Kerberos support.
+dnl
+dnl Sets the Automake conditional KRB5_USES_COM_ERR saying whether we use
+dnl com_err, since if we're also linking with AFS libraries, we may have to
+dnl change library ordering in that case.
+dnl
+dnl Depends on INN_KRB5_CONFIG, INN_ENABLE_REDUCED_DEPENDS, and
+dnl INN_SET_LDFLAGS.
+dnl
+dnl Also provides INN_FUNC_KRB5_GET_INIT_CREDS_OPT_FREE_ARGS, which checks
+dnl whether krb5_get_init_creds_opt_free takes one argument or two. Defines
+dnl HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_2_ARGS if it takes two arguments.
+dnl
+dnl Also provides INN_INCLUDES_KRB5, which are the headers to include when
+dnl probing the Kerberos library properties.
+dnl
+dnl The canonical version of this file is maintained in the rra-c-util
+dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+dnl
+dnl Written by Russ Allbery <rra at stanford.edu>
+dnl Copyright 2005, 2006, 2007, 2008, 2009, 2010, 2011
+dnl The Board of Trustees of the Leland Stanford Junior University
+dnl
+dnl This file is free software; the authors give unlimited permission to copy
+dnl and/or distribute it, with or without modifications, as long as this
+dnl notice is preserved.
-AC_DEFUN([INN_LIB_KERBEROS],
-[KRB5_CPPFLAGS=
-KRB5_LDFLAGS=
-KRB5_LIBS=
-KRB5_AUTH=
-AC_ARG_WITH([kerberos],
- [AS_HELP_STRING([--with-kerberos@<:@=PATH@:>@],
- [Enable Kerberos v5 (for auth_krb5)])],
- KRB5_DIR=$with_kerberos,
- KRB5_DIR=no)
-AC_MSG_CHECKING([if Kerberos is desired])
-if test x"$KRB5_DIR" = xno ; then
- AC_MSG_RESULT([no])
-else
- AC_MSG_RESULT([yes])
- AC_MSG_CHECKING([for Kerberos location])
- if test x"$KRB5_DIR" = xyes ; then
- for dir in $prefix /usr/local /usr ; do
- if test -f "$dir/include/krb5.h" ; then
- KRB5_DIR=$dir
- break
- fi
- done
- fi
- if test x"$KRB5_DIR" = xyes ; then
- AC_MSG_ERROR([cannot find Kerberos])
- else
- AC_MSG_RESULT([$KRB5_DIR])
- if test x"$KRB5_DIR" != x/usr ; then
- KRB5_CPPFLAGS="-I$KRB5_DIR/include"
- KRB5_LDFLAGS="-L$KRB5_DIR/lib"
- fi
- inn_save_LDFLAGS=$LDFLAGS
- LDFLAGS="$KRB5_LDFLAGS $LDFLAGS"
- AC_CHECK_LIB([krb5], [krb5_init_context],
- [KRB5_LIBS="-lkrb5 -lasn1 -lroken -lcrypto -lcom_err"],
- [KRB5_EXTRA="-lk5crypto -lcom_err"
- AC_CHECK_LIB([krb5support], [krb5int_getspecific],
- [KRB5_EXTRA="$KRB5_EXTRA -lkrb5support"],
- [AC_SEARCH_LIBS([pthread_setspecific], [pthreads pthread])
- AC_CHECK_LIB([krb5support], [krb5int_setspecific],
- [KRB5_EXTRA="$KRB5_EXTRA -lkrb5support"])])
- AC_CHECK_LIB([krb5], [krb5_cc_default],
- [KRB5_LIBS="-lkrb5 $KRB5_EXTRA"],
- [AC_MSG_ERROR([cannot find usable Kerberos v5 library])],
- [$KRB5_EXTRA])],
- [-lasn1 -lroken -lcrypto -lcom_err])
- LDFLAGS=$inn_save_LDFLAGS
- KRB5_AUTH=auth_krb5
- AC_CHECK_HEADERS([et/com_err.h])
- fi
-fi
-AC_SUBST([KRB5_CPPFLAGS])
-AC_SUBST([KRB5_LDFLAGS])
-AC_SUBST([KRB5_LIBS])
-AC_SUBST([KRB5_AUTH])])
+dnl Headers to include when probing for Kerberos library properties.
+AC_DEFUN([INN_INCLUDES_KRB5], [[
+#if HAVE_KRB5_H
+# include <krb5.h>
+#else
+# include <krb5/krb5.h>
+#endif
+]])
+
+dnl Save the current CPPFLAGS, LDFLAGS, and LIBS settings and switch to
+dnl versions that include the Kerberos flags. Used as a wrapper, with
+dnl INN_LIB_KRB5_RESTORE, around tests.
+AC_DEFUN([INN_LIB_KRB5_SWITCH],
+[inn_krb5_save_CPPFLAGS="$CPPFLAGS"
+ inn_krb5_save_LDFLAGS="$LDFLAGS"
+ inn_krb5_save_LIBS="$LIBS"
+ CPPFLAGS="$KRB5_CPPFLAGS $CPPFLAGS"
+ LDFLAGS="$KRB5_LDFLAGS $LDFLAGS"
+ LIBS="$KRB5_LIBS $LIBS"])
+
+dnl Restore CPPFLAGS, LDFLAGS, and LIBS to their previous values (before
+dnl INN_LIB_KRB5_SWITCH was called).
+AC_DEFUN([INN_LIB_KRB5_RESTORE],
+[CPPFLAGS="$inn_krb5_save_CPPFLAGS"
+ LDFLAGS="$inn_krb5_save_LDFLAGS"
+ LIBS="$inn_krb5_save_LIBS"])
+
+dnl Set KRB5_CPPFLAGS and KRB5_LDFLAGS based on inn_krb5_root,
+dnl inn_krb5_libdir, and inn_krb5_includedir.
+AC_DEFUN([_INN_LIB_KRB5_PATHS],
+[AS_IF([test x"$inn_krb5_libdir" != x],
+ [KRB5_LDFLAGS="-L$inn_krb5_libdir"],
+ [AS_IF([test x"$inn_krb5_root" != x],
+ [INN_SET_LDFLAGS([KRB5_LDFLAGS], [$inn_krb5_root])])])
+ AS_IF([test x"$inn_krb5_includedir" != x],
+ [KRB5_CPPFLAGS="-I$inn_krb5_includedir"],
+ [AS_IF([test x"$inn_krb5_root" != x],
+ [AS_IF([test x"$inn_krb5_root" != x/usr],
+ [KRB5_CPPFLAGS="-I${inn_krb5_root}/include"])])])])
+
+dnl Check for a header using a file existence check rather than using
+dnl AC_CHECK_HEADERS. This is used if there were arguments to configure
+dnl specifying the Kerberos header path, since we may have one header in the
+dnl default include path and another under our explicitly-configured Kerberos
+dnl location.
+AC_DEFUN([_INN_LIB_KRB5_CHECK_HEADER],
+[AC_MSG_CHECKING([for $1])
+ AS_IF([test -f "${inn_krb5_incroot}/$1"],
+ [AC_DEFINE_UNQUOTED(AS_TR_CPP([HAVE_$1]), [1],
+ [Define to 1 if you have the <$1> header file.])
+ AC_MSG_RESULT([yes])],
+ [AC_MSG_RESULT([no])])])
+
+dnl Does the appropriate library checks for reduced-dependency Kerberos
+dnl linkage. The single argument, if true, says to fail if Kerberos could not
+dnl be found.
+AC_DEFUN([_INN_LIB_KRB5_REDUCED],
+[INN_LIB_KRB5_SWITCH
+ AC_CHECK_LIB([krb5], [krb5_init_context], [KRB5_LIBS="-lkrb5"],
+ [AS_IF([test x"$1" = xtrue],
+ [AC_MSG_ERROR([cannot find usable Kerberos library])])])
+ LIBS="$KRB5_LIBS $LIBS"
+ AS_IF([test x"$inn_krb5_incroot" = x],
+ [AC_CHECK_HEADERS([krb5.h krb5/krb5.h])],
+ [_INN_LIB_KRB5_CHECK_HEADER([krb5.h])
+ _INN_LIB_KRB5_CHECK_HEADER([krb5/krb5.h])])
+ AC_CHECK_FUNCS([krb5_get_error_message],
+ [AC_CHECK_FUNCS([krb5_free_error_message])],
+ [AC_CHECK_FUNCS([krb5_get_error_string], [],
+ [AC_CHECK_FUNCS([krb5_get_err_txt], [],
+ [AC_CHECK_LIB([ksvc], [krb5_svc_get_msg],
+ [KRB5_LIBS="$KRB5_LIBS -lksvc"
+ AC_DEFINE([HAVE_KRB5_SVC_GET_MSG], [1])
+ AC_CHECK_HEADERS([ibm_svc/krb5_svc.h], [], [],
+ [INN_INCLUDES_KRB5])],
+ [AC_CHECK_LIB([com_err], [com_err],
+ [KRB5_LIBS="$KRB5_LIBS -lcom_err"],
+ [AC_MSG_ERROR([cannot find usable com_err library])])
+ AC_CHECK_HEADERS([et/com_err.h])])])])])
+ INN_LIB_KRB5_RESTORE])
+
+dnl Does the appropriate library checks for Kerberos linkage when we don't
+dnl have krb5-config or reduced dependencies. The single argument, if true,
+dnl says to fail if Kerberos could not be found.
+AC_DEFUN([_INN_LIB_KRB5_MANUAL],
+[INN_LIB_KRB5_SWITCH
+ inn_krb5_extra=
+ LIBS=
+ AC_SEARCH_LIBS([res_search], [resolv], [],
+ [AC_SEARCH_LIBS([__res_search], [resolv])])
+ AC_SEARCH_LIBS([gethostbyname], [nsl])
+ AC_SEARCH_LIBS([socket], [socket], [],
+ [AC_CHECK_LIB([nsl], [socket], [LIBS="-lnsl -lsocket $LIBS"], [],
+ [-lsocket])])
+ AC_SEARCH_LIBS([crypt], [crypt])
+ AC_SEARCH_LIBS([roken_concat], [roken])
+ inn_krb5_extra="$LIBS"
+ LIBS="$inn_krb5_save_LIBS"
+ AC_CHECK_LIB([krb5], [krb5_init_context],
+ [KRB5_LIBS="-lkrb5 -lasn1 -lcom_err -lcrypto $inn_krb5_extra"],
+ [AC_CHECK_LIB([krb5support], [krb5int_getspecific],
+ [inn_krb5_extra="-lkrb5support $inn_krb5_extra"],
+ [AC_CHECK_LIB([pthreads], [pthread_setspecific],
+ [inn_krb5_pthread="-lpthreads"],
+ [AC_CHECK_LIB([pthread], [pthread_setspecific],
+ [inn_krb5_pthread="-lpthread"])])
+ AC_CHECK_LIB([krb5support], [krb5int_setspecific],
+ [inn_krb5_extra="-lkrb5support $inn_krb5_extra $inn_krb5_pthread"],
+ [], [$inn_krb5_pthread $inn_krb5_extra])],
+ [$inn_krb5_extra])
+ AC_CHECK_LIB([com_err], [error_message],
+ [inn_krb5_extra="-lcom_err $inn_krb5_extra"], [], [$inn_krb5_extra])
+ AC_CHECK_LIB([ksvc], [krb5_svc_get_msg],
+ [inn_krb5_extra="-lksvc $inn_krb5_extra"], [], [$inn_krb5_extra])
+ AC_CHECK_LIB([k5crypto], [krb5int_hash_md5],
+ [inn_krb5_extra="-lk5crypto $inn_krb5_extra"], [], [$inn_krb5_extra])
+ AC_CHECK_LIB([k5profile], [profile_get_values],
+ [inn_krb5_extra="-lk5profile $inn_krb5_extra"], [], [$inn_krb5_extra])
+ AC_CHECK_LIB([krb5], [krb5_cc_default],
+ [KRB5_LIBS="-lkrb5 $inn_krb5_extra"],
+ [AS_IF([test x"$1" = xtrue],
+ [AC_MSG_ERROR([cannot find usable Kerberos library])])],
+ [$inn_krb5_extra])],
+ [-lasn1 -lcom_err -lcrypto $inn_krb5_extra])
+ LIBS="$KRB5_LIBS $LIBS"
+ AS_IF([test x"$inn_krb5_incroot" = x],
+ [AC_CHECK_HEADERS([krb5.h krb5/krb5.h])],
+ [_INN_LIB_KRB5_CHECK_HEADER([krb5.h])
+ _INN_LIB_KRB5_CHECK_HEADER([krb5/krb5.h])])
+ AC_CHECK_FUNCS([krb5_get_error_message],
+ [AC_CHECK_FUNCS([krb5_free_error_message])],
+ [AC_CHECK_FUNCS([krb5_get_error_string], [],
+ [AC_CHECK_FUNCS([krb5_get_err_txt], [],
+ [AC_CHECK_FUNCS([krb5_svc_get_msg],
+ [AC_CHECK_HEADERS([ibm_svc/krb5_svc.h], [], [],
+ [INN_INCLUDES_KRB5])],
+ [AC_CHECK_HEADERS([et/com_err.h])])])])])
+ INN_LIB_KRB5_RESTORE])
+
+dnl Sanity-check the results of krb5-config and be sure we can really link a
+dnl Kerberos program. If that fails, clear KRB5_CPPFLAGS and KRB5_LIBS so
+dnl that we know we don't have usable flags and fall back on the manual
+dnl check.
+AC_DEFUN([_INN_LIB_KRB5_CHECK],
+[INN_LIB_KRB5_SWITCH
+ AC_CHECK_FUNC([krb5_init_context],
+ [INN_LIB_KRB5_RESTORE],
+ [INN_LIB_KRB5_RESTORE
+ KRB5_CPPFLAGS=
+ KRB5_LIBS=
+ _INN_LIB_KRB5_PATHS
+ _INN_LIB_KRB5_MANUAL([$1])])])
+
+dnl Determine Kerberos compiler and linker flags from krb5-config. Does the
+dnl additional probing we need to do to uncover error handling features, and
+dnl falls back on the manual checks.
+AC_DEFUN([_INN_LIB_KRB5_CONFIG],
+[INN_KRB5_CONFIG([${inn_krb5_root}], [krb5], [KRB5],
+ [_INN_LIB_KRB5_CHECK([$1])
+ INN_LIB_KRB5_SWITCH
+ AS_IF([test x"$inn_krb5_incroot" = x],
+ [AC_CHECK_HEADERS([krb5.h krb5/krb5.h])],
+ [_INN_LIB_KRB5_CHECK_HEADER([krb5.h])
+ _INN_LIB_KRB5_CHECK_HEADER([krb5/krb5.h])])
+ AC_CHECK_FUNCS([krb5_get_error_message],
+ [AC_CHECK_FUNCS([krb5_free_error_message])],
+ [AC_CHECK_FUNCS([krb5_get_error_string], [],
+ [AC_CHECK_FUNCS([krb5_get_err_txt], [],
+ [AC_CHECK_FUNCS([krb5_svc_get_msg],
+ [AC_CHECK_HEADERS([ibm_svc/krb5_svc.h], [], [],
+ [INN_INCLUDES_KRB5])],
+ [AC_CHECK_HEADERS([et/com_err.h])])])])])
+ INN_LIB_KRB5_RESTORE],
+ [_INN_LIB_KRB5_PATHS
+ _INN_LIB_KRB5_MANUAL([$1])])])
+
+dnl The core of the library checking, shared between INN_LIB_KRB5 and
+dnl INN_LIB_KRB5_OPTIONAL. The single argument, if "true", says to fail if
+dnl Kerberos could not be found. Set up inn_krb5_incroot for later header
+dnl checking.
+AC_DEFUN([_INN_LIB_KRB5_INTERNAL],
+[AC_REQUIRE([INN_ENABLE_REDUCED_DEPENDS])
+ inn_krb5_incroot=
+ AS_IF([test x"$inn_krb5_includedir" != x],
+ [inn_krb5_incroot="$inn_krb5_includedir"],
+ [AS_IF([test x"$inn_krb5_root" != x],
+ [inn_krb5_incroot="${inn_krb5_root}/include"])])
+ AS_IF([test x"$inn_reduced_depends" = xtrue],
+ [_INN_LIB_KRB5_PATHS
+ _INN_LIB_KRB5_REDUCED([$1])],
+ [AS_IF([test x"$inn_krb5_includedir" = x && test x"$inn_krb5_libdir" = x],
+ [_INN_LIB_KRB5_CONFIG([$1])],
+ [_INN_LIB_KRB5_PATHS
+ _INN_LIB_KRB5_MANUAL([$1])])])
+ inn_krb5_uses_com_err=false
+ AS_CASE([$LIBS], [*-lcom_err*], [inn_krb5_uses_com_err=true])
+ m4_ifdef([AM_CONDITIONAL],
+ [AM_CONDITIONAL([KRB5_USES_COM_ERR],
+ [test x"$inn_krb5_uses_com_err" = xtrue])])])
+
+dnl The main macro for packages with mandatory Kerberos support.
+AC_DEFUN([INN_LIB_KRB5],
+[inn_krb5_root=
+ inn_krb5_libdir=
+ inn_krb5_includedir=
+ inn_use_kerberos=true
+ AC_SUBST([KRB5_CPPFLAGS])
+ AC_SUBST([KRB5_LDFLAGS])
+ AC_SUBST([KRB5_LIBS])
+
+ AC_ARG_WITH([krb5],
+ [AS_HELP_STRING([--with-krb5=DIR],
+ [Location of Kerberos headers and libraries])],
+ [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
+ [inn_krb5_root="$withval"])])
+ AC_ARG_WITH([krb5-include],
+ [AS_HELP_STRING([--with-krb5-include=DIR],
+ [Location of Kerberos headers])],
+ [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
+ [inn_krb5_includedir="$withval"])])
+ AC_ARG_WITH([krb5-lib],
+ [AS_HELP_STRING([--with-krb5-lib=DIR],
+ [Location of Kerberos libraries])],
+ [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
+ [inn_krb5_libdir="$withval"])])
+ _INN_LIB_KRB5_INTERNAL([true])
+ AC_DEFINE([HAVE_KERBEROS], 1, [Define to enable Kerberos features.])])
+
+dnl The main macro for packages with optional Kerberos support.
+AC_DEFUN([INN_LIB_KRB5_OPTIONAL],
+[inn_krb5_root=
+ inn_krb5_libdir=
+ inn_krb5_includedir=
+ inn_use_kerberos=
+ AC_SUBST([KRB5_CPPFLAGS])
+ AC_SUBST([KRB5_LDFLAGS])
+ AC_SUBST([KRB5_LIBS])
+
+ AC_ARG_WITH([krb5],
+ [AS_HELP_STRING([--with-krb5@<:@=DIR@:>@],
+ [Location of Kerberos headers and libraries])],
+ [AS_IF([test x"$withval" = xno],
+ [inn_use_kerberos=false],
+ [AS_IF([test x"$withval" != xyes], [inn_krb5_root="$withval"])
+ inn_use_kerberos=true])])
+ AC_ARG_WITH([krb5-include],
+ [AS_HELP_STRING([--with-krb5-include=DIR],
+ [Location of Kerberos headers])],
+ [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
+ [inn_krb5_includedir="$withval"])])
+ AC_ARG_WITH([krb5-lib],
+ [AS_HELP_STRING([--with-krb5-lib=DIR],
+ [Location of Kerberos libraries])],
+ [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
+ [inn_krb5_libdir="$withval"])])
+
+ AS_IF([test x"$inn_use_kerberos" != xfalse],
+ [AS_IF([test x"$inn_use_kerberos" = xtrue],
+ [_INN_LIB_KRB5_INTERNAL([true])],
+ [_INN_LIB_KRB5_INTERNAL([false])])],
+ [m4_ifdef([AM_CONDITIONAL],
+ [AM_CONDITIONAL([KRB5_USES_COM_ERR], [false])],
+ [:])])
+
+ AS_IF([test x"$KRB5_LIBS" != x],
+ [inn_use_kerberos=true
+ AC_DEFINE([HAVE_KERBEROS], 1, [Define to enable Kerberos features.])])])
+
+dnl Source used by INN_FUNC_KRB5_GET_INIT_CREDS_OPT_FREE_ARGS.
+AC_DEFUN([_INN_FUNC_KRB5_OPT_FREE_ARGS_SOURCE], [INN_INCLUDES_KRB5] [[
+int
+main(void)
+{
+ krb5_get_init_creds_opt *opts;
+ krb5_context c;
+ krb5_get_init_creds_opt_free(c, opts);
+}
+]])
+
+dnl Check whether krb5_get_init_creds_opt_free takes one argument or two.
+dnl Early Heimdal used to take a single argument. Defines
+dnl HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_2_ARGS if it takes two arguments.
+dnl
+dnl Should be called with INN_LIB_KRB5_SWITCH active.
+AC_DEFUN([INN_FUNC_KRB5_GET_INIT_CREDS_OPT_FREE_ARGS],
+[AC_CACHE_CHECK([if krb5_get_init_creds_opt_free takes two arguments],
+ [inn_cv_func_krb5_get_init_creds_opt_free_args],
+ [AC_COMPILE_IFELSE([AC_LANG_SOURCE([_INN_FUNC_KRB5_OPT_FREE_ARGS_SOURCE])],
+ [inn_cv_func_krb5_get_init_creds_opt_free_args=yes],
+ [inn_cv_func_krb5_get_init_creds_opt_free_args=no])])
+ AS_IF([test $inn_cv_func_krb5_get_init_creds_opt_free_args = yes],
+ [AC_DEFINE([HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_2_ARGS], 1,
+ [Define if krb5_get_init_creds_opt_free takes two arguments.])])])
Added: m4/lib-helper.m4
===================================================================
--- m4/lib-helper.m4 (rev 0)
+++ m4/lib-helper.m4 2013-10-26 16:38:23 UTC (rev 9548)
@@ -0,0 +1,139 @@
+dnl Helper functions to manage compiler variables.
+dnl $Id$
+dnl
+dnl These are a wide variety of helper macros to make it easier to construct
+dnl standard macros to probe for a library and to set library-specific
+dnl CPPFLAGS, LDFLAGS, and LIBS shell substitution variables. Most of them
+dnl take as one of the arguments the prefix string to use for variables, which
+dnl is usually something like "KRB5" or "GSSAPI".
+dnl
+dnl Depends on INN_ENABLE_REDUCED_DEPENDS and INN_SET_LDFLAGS.
+dnl
+dnl The canonical version of this file is maintained in the rra-c-util
+dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+dnl
+dnl Written by Russ Allbery <rra at stanford.edu>
+dnl Copyright 2011
+dnl The Board of Trustees of the Leland Stanford Junior University
+dnl
+dnl This file is free software; the authors give unlimited permission to copy
+dnl and/or distribute it, with or without modifications, as long as this
+dnl notice is preserved.
+
+dnl Add the library flags to the default compiler flags and then remove them.
+dnl
+dnl To use these macros, pass the prefix string used for the variables as the
+dnl only argument. For example, to use these for a library with KRB5 as a
+dnl prefix, one would use:
+dnl
+dnl AC_DEFUN([INN_LIB_KRB5_SWITCH], [INN_LIB_HELPER_SWITCH([KRB5])])
+dnl AC_DEFUN([INN_LIB_KRB5_RESTORE], [INN_LIB_HELPER_RESTORE([KRB5])])
+dnl
+dnl Then, wrap checks for library features with INN_LIB_KRB5_SWITCH and
+dnl INN_LIB_KRB5_RESTORE.
+AC_DEFUN([INN_LIB_HELPER_SWITCH],
+[inn_$1[]_save_CPPFLAGS="$CPPFLAGS"
+ inn_$1[]_save_LDFLAGS="$LDFLAGS"
+ inn_$1[]_save_LIBS="$LIBS"
+ CPPFLAGS="$$1[]_CPPFLAGS $CPPFLAGS"
+ LDFLAGS="$$1[]_LDFLAGS $LDFLAGS"
+ LIBS="$$1[]_LIBS $LIBS"])
+
+AC_DEFUN([INN_LIB_HELPER_RESTORE],
+[CPPFLAGS="$inn_$1[]_save_CPPFLAGS"
+ LDFLAGS="$inn_$1[]_save_LDFLAGS"
+ LIBS="$inn_$1[]_save_LIBS"])
+
+dnl Given _root, _libdir, and _includedir variables set for a library (set by
+dnl INN_LIB_HELPER_WITH*), set the LDFLAGS and CPPFLAGS variables for that
+dnl library accordingly. Takes the variable prefix as the only argument.
+AC_DEFUN([INN_LIB_HELPER_PATHS],
+[AS_IF([test x"$inn_$1[]_libdir" != x],
+ [$1[]_LDFLAGS="-L$inn_$1[]_libdir"],
+ [AS_IF([test x"$inn_$1[]_root" != x],
+ [INN_SET_LDFLAGS([$1][_LDFLAGS], [${inn_$1[]_root}])])])
+ AS_IF([test x"$inn_$1[]_includedir" != x],
+ [$1[]_CPPFLAGS="-I$inn_$1[]_includedir"],
+ [AS_IF([test x"$inn_$1[]_root" != x],
+ [AS_IF([test x"$inn_$1[]_root" != x/usr],
+ [$1[]_CPPFLAGS="-I${inn_$1[]_root}/include"])])])])
+
+dnl Check whether a library works. This is used as a sanity check on the
+dnl results of *-config shell scripts. Takes four arguments; the first, if
+dnl "true", says that a working library is mandatory and errors out if it
+dnl doesn't. The second is the variable prefix. The third is a function to
+dnl look for that should be in the libraries. The fourth is the
+dnl human-readable name of the library for error messages.
+AC_DEFUN([INN_LIB_HELPER_CHECK],
+[INN_LIB_HELPER_SWITCH([$2])
+ AC_CHECK_FUNC([$3], [],
+ [AS_IF([test x"$1" = xtrue],
+ [AC_MSG_FAILURE([unable to link with $4 library])])
+ $2[]_CPPFLAGS=
+ $2[]_LDFLAGS=
+ $2[]_LIBS=])
+ INN_LIB_HELPER_RESTORE([$2])])
+
+dnl Initialize the variables used by a library probe and set the appropriate
+dnl ones as substitution variables. Takes the library variable prefix as its
+dnl only argument.
+AC_DEFUN([INN_LIB_HELPER_VAR_INIT],
+[inn_$1[]_root=
+ inn_$1[]_libdir=
+ inn_$1[]_includedir=
+ inn_use_$1=
+ $1[]_CPPFLAGS=
+ $1[]_LDFLAGS=
+ $1[]_LIBS=
+ AC_SUBST([$1][_CPPFLAGS])
+ AC_SUBST([$1][_LDFLAGS])
+ AC_SUBST([$1][_LIBS])])
+
+dnl Handles --with options for a non-optional library. First argument is the
+dnl base for the switch names. Second argument is the short description.
+dnl Third argument is the variable prefix. The variables set are used by
+dnl INN_LIB_HELPER_PATHS.
+AC_DEFUN([INN_LIB_HELPER_WITH],
+[AC_ARG_WITH([$1],
+ [AS_HELP_STRING([--with-][$1][=DIR],
+ [Location of $2 headers and libraries])],
+ [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
+ [inn_$3[]_root="$withval"])])
+ AC_ARG_WITH([$1][-include],
+ [AS_HELP_STRING([--with-][$1][-include=DIR],
+ [Location of $2 headers])],
+ [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
+ [inn_$3[]_includedir="$withval"])])
+ AC_ARG_WITH([$1][-lib],
+ [AS_HELP_STRING([--with-][$1][-lib=DIR],
+ [Location of $2 libraries])],
+ [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
+ [inn_$3[]_libdir="$withval"])])])
+
+dnl Handles --with options for an optional library, so --with-<library> can
+dnl cause the checks to be skipped entirely or become mandatory. Sets an
+dnl inn_use_PREFIX variable to true or false if the library is explicitly
+dnl enabled or disabled.
+dnl
+dnl First argument is the base for the switch names. Second argument is the
+dnl short description. Third argument is the variable prefix.
+dnl
+dnl The variables set are used by INN_LIB_HELPER_PATHS.
+AC_DEFUN([INN_LIB_HELPER_WITH_OPTIONAL],
+[AC_ARG_WITH([$1],
+ [AS_HELP_STRING([--with-][$1][@<:@=DIR@:>@],
+ [Location of $2 headers and libraries])],
+ [AS_IF([test x"$withval" = xno],
+ [inn_use_$3=false],
+ [AS_IF([test x"$withval" != yes], [inn_$3[]_root="$withval"])
+ inn_use_$3=true])])
+ AC_ARG_WITH([$1][-include],
+ [AS_HELP_STRING([--with-][$1][-include=DIR],
+ [Location of $2 headers])],
+ [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
+ [inn_$3[]_includedir="$withval"])])
+ AC_ARG_WITH([$1][-lib],
+ [AS_HELP_STRING([--with-][$1][-lib=DIR],
+ [Location of $2 libraries])],
+ [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
+ [inn_$3[]_libdir="$withval"])])])
Property changes on: trunk/m4/lib-helper.m4
___________________________________________________________________
Added: svn:eol-style
+ native
Added: svn:keywords
+ Author Date Id Revision
Modified: m4/openssl.m4
===================================================================
--- m4/openssl.m4 2013-10-05 19:56:44 UTC (rev 9547)
+++ m4/openssl.m4 2013-10-26 16:38:23 UTC (rev 9548)
@@ -1,65 +1,82 @@
-dnl ssl.m4 -- Find the path to the SSL libraries.
+dnl Find the compiler and linker flags for OpenSSL.
dnl $Id$
dnl
-dnl This file provides INN_LIB_OPENSSL, which defines the --with-openssl
-dnl command-line option and probes for the location of OpenSSL if that
-dnl option is used without an optional path. It looks by default in $prefix,
-dnl /usr/local, and /usr. However it finds OpenSSL, it also makes sure that
-dnl it links correctly and checks to see if RSAref is used. It exports
-dnl SSL_LDFLAGS, SSL_CPPFLAGS, and SSL_LIBS.
+dnl Finds the compiler and linker flags for linking with both the OpenSSL SSL
+dnl library and its crypto library. Provides the --with-openssl,
+dnl --with-openssl-lib, and --with-openssl-include configure options to
+dnl specify non-standard paths to the OpenSSL libraries.
dnl
-dnl Support is only present for OpenSSL at the current time, although it would
-dnl be nice to add support for GnuTLS at some point. This will likely also
-dnl require source changes and possibly a licensing change.
+dnl Provides the macro INN_LIB_OPENSSL and sets the substitution variables
+dnl OPENSSL_CPPFLAGS, OPENSSL_LDFLAGS, OPENSSL_LIBS, CRYPTO_CPPFLAGS,
+dnl CRYPTO_LDFLAGS, and CRYPTO_LIBS. Also provides INN_LIB_OPENSSL_SWITCH and
+dnl INN_LIB_CRYPTO_SWITCH to set CPPFLAGS, LDFLAGS, and LIBS to include the
+dnl SSL or crypto libraries, saving the current values first, and
+dnl INN_LIB_OPENSSL_RESTORE and INN_LIB_CRYPTO_RESTORE to restore those
+dnl settings to before the last INN_LIB_OPENSSL_SWITCH or
+dnl INN_LIB_CRYPTO_SWITCH.
+dnl
+dnl Depends on the lib-helper.m4 framework.
+dnl
+dnl The canonical version of this file is maintained in the rra-c-util
+dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+dnl
+dnl Written by Russ Allbery <rra at stanford.edu>
+dnl Copyright 2010, 2013
+dnl The Board of Trustees of the Leland Stanford Junior University
+dnl
+dnl This file is free software; the authors give unlimited permission to copy
+dnl and/or distribute it, with or without modifications, as long as this
+dnl notice is preserved.
+dnl Save the current CPPFLAGS, LDFLAGS, and LIBS settings and switch to
+dnl versions that include the SSL or crypto flags. Used as a wrapper, with
+dnl INN_LIB_OPENSSL_RESTORE or INN_LIB_CRYPTO_RESTORE, around tests.
+AC_DEFUN([INN_LIB_OPENSSL_SWITCH], [INN_LIB_HELPER_SWITCH([OPENSSL])])
+AC_DEFUN([INN_LIB_CRYPTO_SWITCH], [INN_LIB_HELPER_SWITCH([CRYPTO])])
+
+dnl Restore CPPFLAGS, LDFLAGS, and LIBS to their previous values (before
+dnl INN_LIB_OPENSSL_SWITCH or INN_LIB_CRYPTO_SWITCH were called).
+AC_DEFUN([INN_LIB_OPENSSL_RESTORE], [INN_LIB_HELPER_RESTORE([OPENSSL])])
+AC_DEFUN([INN_LIB_CRYPTO_RESTORE], [INN_LIB_HELPER_RESTORE([CRYPTO])])
+
+dnl Checks if the OpenSSL and crypto libraries are present. The single
+dnl argument, if "true", says to fail if the OpenSSL SSL library could not be
+dnl found.
+AC_DEFUN([_INN_LIB_OPENSSL_INTERNAL],
+[INN_LIB_HELPER_PATHS([OPENSSL])
+ CRYPTO_CPPFLAGS="$OPENSSL_CPPFLAGS"
+ CRYPTO_LDFLAGS="$OPENSSL_LDFLAGS"
+ CRYPTO_LIBS=
+ AC_SUBST([CRYPTO_CPPFLAGS])
+ AC_SUBST([CRYPTO_LDFLAGS])
+ AC_SUBST([CRYPTO_LIBS])
+ INN_LIB_OPENSSL_SWITCH
+ AC_CHECK_LIB([crypto], [AES_cbc_encrypt], [CRYPTO_LIBS=-lcrypto],
+ [AC_MSG_ERROR([cannot find usable OpenSSL crypto library])])
+ AS_IF([test x"$inn_reduced_depends" = xtrue],
+ [AC_CHECK_LIB([ssl], [SSL_library_init],
+ [OPENSSL_LIBS="-lssl $CRYPTO_LIBS"],
+ [AS_IF([test x"$1" = xtrue],
+ [AC_MSG_ERROR([cannot find usable OpenSSL library])])],
+ [$CRYPTO_LIBS])],
+ [AC_CHECK_LIB([ssl], [SSL_library_init], [OPENSSL_LIBS=-lssl],
+ [AS_IF([test x"$1" = xtrue],
+ [AC_MSG_ERROR([cannot find usable OpenSSL library])])])])])
+
+dnl The main macro for packages with mandatory OpenSSL support.
AC_DEFUN([INN_LIB_OPENSSL],
-[SSL_LDFLAGS=
-SSL_CPPFLAGS=
-SSL_LIBS=
-AC_ARG_WITH([openssl],
- [AS_HELP_STRING([--with-openssl@<:@=PATH@:>@],
- [Enable OpenSSL (for NNTP over TLS/SSL support)])],
- SSL_DIR=$with_openssl,
- SSL_DIR=no)
-AC_MSG_CHECKING([if OpenSSL is desired])
-if test x"$SSL_DIR" = xno ; then
- AC_MSG_RESULT([no])
-else
- AC_MSG_RESULT([yes])
- AC_MSG_CHECKING([for OpenSSL location])
- if test x"$SSL_DIR" = xyes ; then
- for dir in $prefix /usr/local /usr ; do
- if test -f "$dir/include/openssl/ssl.h" ; then
- SSL_DIR=$dir
- break
- fi
- done
- fi
- if test x"$SSL_DIR" = xyes ; then
- AC_MSG_ERROR([cannot find OpenSSL])
- else
- AC_MSG_RESULT([$SSL_DIR])
- if test x"$SSL_DIR" != x/usr ; then
- SSL_CPPFLAGS="-I$SSL_DIR/include"
- SSL_LDFLAGS="-L$SSL_DIR/lib"
- fi
- inn_save_LDFLAGS=$LDFLAGS
- LDFLAGS="$SSL_LDFLAGS $LDFLAGS"
- AC_CHECK_LIB([rsaref], [RSAPublicEncrypt],
- [AC_CHECK_LIB([RSAglue], [RSAPublicEncrypt],
- [SSL_LIBS="-lRSAglue -lrsaref"], , [-lrsaref])])
- AC_CHECK_LIB([crypto], [BIO_new],
- [AC_CHECK_LIB([dl], [DSO_load],
- [SSL_LIBS="-lcrypto -ldl $SSL_LIBS"],
- [SSL_LIBS="-lcrypto $SSL_LIBS"], [-lcrypto $SSL_LIBS])],
- [AC_MSG_ERROR(cannot link with OpenSSL)], [$SSL_LIBS])
- AC_CHECK_LIB([ssl], [SSL_library_init],
- [SSL_LIBS="-lssl $SSL_LIBS"],
- [AC_MSG_ERROR(cannot link with OpenSSL)], [$SSL_LIBS])
- LDFLAGS=$inn_save_LDFLAGS
- AC_DEFINE([HAVE_SSL], 1, [Define if OpenSSL is available.])
- fi
-fi
-AC_SUBST([SSL_CPPFLAGS])
-AC_SUBST([SSL_LDFLAGS])
-AC_SUBST([SSL_LIBS])])
+[INN_LIB_HELPER_VAR_INIT([OPENSSL])
+ INN_LIB_HELPER_WITH([openssl], [OpenSSL], [OPENSSL])
+ _INN_LIB_OPENSSL_INTERNAL([true])
+ AC_DEFINE([HAVE_SSL], 1, [Define if libssl is available.])])
+
+dnl The main macro for packages with optional OpenSSL support.
+AC_DEFUN([INN_LIB_OPENSSL_OPTIONAL],
+[INN_LIB_HELPER_VAR_INIT([OPENSSL])
+ INN_LIB_HELPER_WITH_OPTIONAL([openssl], [OpenSSL], [OPENSSL])
+ AS_IF([test x"$inn_use_OPENSSL" != xfalse],
+ [AS_IF([test x"$inn_use_OPENSSL" = xtrue],
+ [_INN_LIB_OPENSSL_INTERNAL([true])],
+ [_INN_LIB_OPENSSL_INTERNAL([false])])])
+ AS_IF([test x"$OPENSSL_LIBS" != x],
+ [AC_DEFINE([HAVE_SSL], 1, [Define if libssl is available.])])])
Modified: samples/inn.conf.in
===================================================================
--- samples/inn.conf.in 2013-10-05 19:56:44 UTC (rev 9547)
+++ samples/inn.conf.in 2013-10-26 16:38:23 UTC (rev 9548)
@@ -130,8 +130,9 @@
# Reading and Posting -- TLS/SSL Support
#
-# You must have compiled this support in with --with-openssl
-# at configure time.
+# The OpenSSL SSL and crypto libraries must have been found
+# at configure time to have this support, or you must have
+# compiled this support in with --with-openssl at configure time.
#tlscafile:
#tlscapath: @sysconfdir@
More information about the inn-committers
mailing list