diff options
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 313 |
1 files changed, 256 insertions, 57 deletions
diff --git a/configure.ac b/configure.ac index 85cb19f7..cc3f4abb 100644 --- a/configure.ac +++ b/configure.ac @@ -25,16 +25,21 @@ fi # Put the user option stuff up front. -AC_ARG_WITH([system_openssl], [AS_HELP_STRING([--with-system-openssl], [Link against system copy of OpenSSL])], [], [with_system_openssl=auto]) -AC_ARG_ENABLE([openssl_asm], [AS_HELP_STRING([--disable-openssl-asm], [Don't let OpenSSL build assembler code])], [], [enable_openssl_asm=auto]) -AC_ARG_ENABLE([ca_tools], [AS_HELP_STRING([--disable-ca-tools], [Don't build any of the CA tools])], [], [enable_ca_tools=yes]) -AC_ARG_ENABLE([rpki_rtr], [AS_HELP_STRING([--disable-rpki-rtr], [Don't build the rpki-rtr code])], [], [enable_rpki_rtr=yes]) -AC_ARG_ENABLE([wsgi_daemon_mode], [AS_HELP_STRING([--enable-wsgi-daemon-mode=user[:group]],[Run the web portal as a separate process])],[],[enable_wsgi_daemon_mode=no]) +AC_ARG_WITH([system_openssl], [AS_HELP_STRING([--with-system-openssl], [Link against system copy of OpenSSL])], [], [with_system_openssl=auto]) +AC_ARG_ENABLE([rcynic_jail], [AS_HELP_STRING([--enable-rcynic-jail], [Run rcynic in chroot jail])], [], [enable_rcynic_jail=no]) +AC_ARG_ENABLE([openssl_asm], [AS_HELP_STRING([--disable-openssl-asm], [Don't let OpenSSL build assembler code])], [], [enable_openssl_asm=auto]) +AC_ARG_ENABLE([ca_tools], [AS_HELP_STRING([--disable-ca-tools], [Don't build any of the CA tools])], [], [enable_ca_tools=yes]) +AC_ARG_ENABLE([rp_tools], [AS_HELP_STRING([--disable-rp-tools], [Don't build any of the relying party tools])], [], [enable_rp_tools=yes]) +AC_ARG_ENABLE([target_installation], [AS_HELP_STRING([--disable-target-installation], [Don't perform final target installation])], [], [enable_target_installation=yes]) +AC_ARG_ENABLE([wsgi_daemon_mode], [AS_HELP_STRING([--enable-wsgi-daemon-mode=user[:group]], [Run the web portal as a separate process])], [], [enable_wsgi_daemon_mode=no]) + +AC_ARG_VAR([RCYNIC_DIR], [Where to put output files from rcynic and rtr-origin; also controls jail location for --enable-rcynic-jail]) # Obsolete options. If you know of a better way to handle this, tell me. -AC_ARG_ENABLE([python], [AS_HELP_STRING([--disable-python], [(Obsolete, do not use)])], [AC_MSG_ERROR([--disable-python is obsolete. Please see the --disable-ca-tools option])], []) -AC_ARG_ENABLE([django], [AS_HELP_STRING([--disable-django], [(Obsolete, do not use)])], [AC_MSG_ERROR([--disable-django is obsolete. Please see the --disable-ca-tools option])], []) +AC_ARG_ENABLE([python], [AS_HELP_STRING([--disable-python], [(Obsolete, do not use)])], [AC_MSG_ERROR([--disable-python is obsolete. Please see the --disable-ca-tools option])], []) +AC_ARG_ENABLE([django], [AS_HELP_STRING([--disable-django], [(Obsolete, do not use)])], [AC_MSG_ERROR([--disable-django is obsolete. Please see the --disable-ca-tools option])], []) +AC_ARG_ENABLE([rpki_rtr], [AS_HELP_STRING([--disable-rpki-rtr], [(Obsolete, do not use)])], [AC_MSG_ERROR([--disable-rpki-rtr is obsolete. Please see the --disable-rp-tools option])], []) AC_PROG_CC AC_PROG_INSTALL @@ -75,8 +80,12 @@ dnl LDFLAGS="$old_LDFLAGS" dnl unset old_LDFLAGS case $host_os in -freebsd*) LD_STATIC_FLAG='-static';; -*) LD_STATIC_FLAG='';; + freebsd*) + LD_STATIC_FLAG='-static' + ;; + *) + LD_STATIC_FLAG='' + ;; esac AC_SUBST(LD_STATIC_FLAG) @@ -110,12 +119,18 @@ then fi unset old_LDFLAGS +AC_PROG_GREP +AC_PATH_PROG([PYTHON], [python]) AC_PATH_PROG([XSLTPROC], [xsltproc]) AC_PATH_PROG([AWK], [awk]) AC_PATH_PROG([SORT], [sort]) AC_PATH_PROG([RRDTOOL], [rrdtool]) -AC_PROG_GREP AC_PATH_PROG([TRANG], [trang], [\${abs_top_srcdir}/buildtools/trang-not-found]) +AC_PATH_PROG([RSYNC], [rsync]) +AC_PATH_PROG([SU], [su]) +AC_PATH_PROG([SUDO], [sudo]) +AC_PATH_PROG([CHROOT], [chroot]) +AC_PATH_PROG([CHROOTUID], [chrootuid]) # Figure out whether we need to build our own OpenSSL library or can # use the system libraries. We're looking for two recent features: @@ -221,13 +236,166 @@ case $enable_openssl_asm in ;; esac +# RCYNIC_DIR is a "precious" argument variable to this script (see +# autoconf doc), which means that autoconf is careful with whatever +# value (if any) was passed in, and that it's already been declared +# for variable substitution. We still have to set a default value for +# it, though, and we might as well handle DESTDIR while we're at it. + +if test "X$RCYNIC_DIR" = "X" +then + rcynic_base_dir='/var/rcynic' +else + rcynic_base_dir="${RCYNIC_DIR}" +fi + +RCYNIC_DIR='${DESTDIR}'"${rcynic_base_dir}" + +# Figure out whether to run rcynic in a chroot jail, which determines +# a bunch of other settings. + +AC_MSG_CHECKING([whether to build chroot jail for rcynic]) + +case $enable_rcynic_jail in + yes) + use_rcynic_jail=yes + RCYNIC_CONF_FILE='${RCYNIC_DIR}/etc/rcynic.conf' + RCYNIC_TA_DIR='${RCYNIC_DIR}/etc/trust-anchors' + RCYNIC_BIN_RCYNIC='${RCYNIC_DIR}/bin/rcynic' + RCYNIC_CONF_RSYNC='/bin/rsync' + RCYNIC_CONF_DATA='/data' + RCYNIC_CONF_TA_DIR='/etc/trust-anchors' + RCYNIC_CRON_USER='root' + RCYNIC_JAIL_DIRS='${RCYNIC_DIR}/bin ${RCYNIC_DIR}/dev ${RCYNIC_DIR}/etc' + if test "X$host_os" = "Xlinux" + then + RCYNIC_JAIL_DIRS="RCYNIC_JAIL_DIRS "'${RCYNIC_DIR}/lib ${RCYNIC_DIR}/lib64 ${RCYNIC_DIR}/usr/lib' + fi + ;; + no) + use_rcynic_jail=no + RCYNIC_CONF_FILE='${DESTDIR}${sysconfdir}/rcynic.conf' + RCYNIC_TA_DIR='${DESTDIR}${sysconfdir}/rpki/trust-anchors' + RCYNIC_BIN_RCYNIC='${DESTDIR}${bindir}/rcynic' + RCYNIC_CONF_RSYNC="${RSYNC}" + RCYNIC_CONF_DATA="${rcynic_base_dir}/data" + RCYNIC_CONF_TA_DIR='${sysconfdir}/rpki/trust-anchors' + RCYNIC_CRON_USER='${RCYNIC_USER}' + RCYNIC_JAIL_DIRS='' + ;; + *) + AC_MSG_ERROR([Unrecognized value for --enable-rcynic-jail: $enable_rcynic_jail]) + ;; +esac + +AC_SUBST(RCYNIC_JAIL_DIRS) +AC_SUBST(RCYNIC_CONF_FILE) +AC_SUBST(RCYNIC_TA_DIR) +AC_SUBST(RCYNIC_BIN_RCYNIC) +AC_SUBST(RCYNIC_CONF_RSYNC) +AC_SUBST(RCYNIC_CONF_DATA) +AC_SUBST(RCYNIC_CONF_TA_DIR) +AC_SUBST(RCYNIC_CRON_USER) + +AC_MSG_RESULT([$use_rcynic_jail]) + +if test $use_rcynic_jail = yes && test "X$LD_STATIC_FLAG" != "X" +then + RCYNIC_STATIC_RSYNC='static-rsync/rsync' +else + RCYNIC_STATIC_RSYNC='' +fi + +AC_SUBST(RCYNIC_STATIC_RSYNC) + +# Check whether to do "final target installation". This means actions +# that can only be done when installing a package, as opposed to when +# building a package. On FreeBSD this is sort of irrelevant, because +# of the way package installs work when building from source, but on +# Debian and Ubuntu, for example, there's a strict separation between +# things that are done during package build and things that are done +# by the binary package's {pre,post}inst scripts. + +AC_MSG_CHECKING([whether to do final target installation on "make install"]) + +case $enable_target_installation in + yes|no) + ;; + *) + AC_MSG_ERROR([Unrecognized value for --enable-target-installation: $enable_target_installation]) + ;; +esac + +AC_MSG_RESULT([$enable_target_installation]) + +# rcynic jail setup is complicated enough that it's simplest to have +# different rule sets for different platforms. Icky, but.... +# rpki-rtr isn't as complicated, but has similar issues, same hack. + +case $host_os in + darwin*) + RCYNIC_MAKE_RULES='rcynic/rules.darwin.mk' + RTR_ORIGIN_MAKE_RULES='rtr-origin/rules.darwin.mk' + ;; + freebsd*) + RCYNIC_MAKE_RULES='rcynic/rules.freebsd.mk' + RTR_ORIGIN_MAKE_RULES='rtr-origin/rules.freebsd.mk' + ;; + linux*) + RCYNIC_MAKE_RULES='rcynic/rules.linux.mk' + RTR_ORIGIN_MAKE_RULES='rtr-origin/rules.linux.mk' + ;; + *) + RCYNIC_MAKE_RULES='rcynic/rules.unknown.mk' + RTR_ORIGIN_MAKE_RULES='rtr-origin/rules.unknown.mk' + ;; +esac + +AC_SUBST_FILE(RCYNIC_MAKE_RULES) +AC_SUBST_FILE(RTR_ORIGIN_MAKE_RULES) + +# Where to put HTML files is similarly platform dependent, we have to know. +# rcynic-cron will skip generating HTML files if it has no place to put them. + +case $host_os in + freebsd*) + RCYNIC_HTML_DIR='/usr/local/www/apache22/data/rcynic' + ;; + linux*) + RCYNIC_HTML_DIR='/var/www/rcynic' + ;; + *) + RCYNIC_HTML_DIR='' + ;; +esac + +AC_SUBST(RCYNIC_HTML_DIR) + +# Sort out which things to install, depending on rcynic jail status and whether +# we're doing final target installation. + +RCYNIC_INSTALL_TARGETS='install-always' +RTR_ORIGIN_INSTALL_TARGETS='install-always' + +if test $use_rcynic_jail = yes +then + RCYNIC_INSTALL_TARGETS="$RCYNIC_INSTALL_TARGETS install-jailed" +fi + +if test $enable_target_installation = yes +then + RCYNIC_INSTALL_TARGETS="$RCYNIC_INSTALL_TARGETS install-postconf" + RTR_ORIGIN_INSTALL_TARGETS="$RTR_ORIGIN_INSTALL_TARGETS install-postconf" +fi + +AC_SUBST(RCYNIC_INSTALL_TARGETS) +AC_SUBST(RTR_ORIGIN_INSTALL_TARGETS) + # Now a bunch of checks to figure out what we can do with Python. If # we don't have Python at all, none of the rest of this matters. If # we do have Python, we need to check for required packages and # versions. -AC_PATH_PROG([PYTHON], [python]) - have_python=no have_acceptable_python=no have_python_h=no @@ -313,24 +481,27 @@ fi ok=yes -if test $enable_ca_tools = yes || test $enable_rpki_rtr = yes +if test $have_python = no then - if test $have_python = no - then - ok=no - AC_MSG_WARN([I can't find a Python binary, perhaps you need to set PATH?]) - fi - if test $have_acceptable_python = no - then - ok=no - AC_MSG_WARN([The RPKI code requires Python version 2.x, for x = 6 or higher.]) - fi - if test $ok = no - then - AC_MSG_WARN([If you do not wish to install the rpki-rtr code, please specify --disable-rpki-rtr as an argument to this configure script.]) - fi + ok=no + AC_MSG_WARN([I can't find a Python binary, perhaps you need to set PATH?]) fi +if test $have_acceptable_python = no +then + ok=no + AC_MSG_WARN([The RPKI code requires Python version 2.x, for x = 6 or higher.]) +fi + +case $enable_rp_tools in + yes) build_rp_tools=yes + ;; + no) build_rp_tools=no + ;; + *) AC_MSG_ERROR([Unrecognized value for --enable-rp-tools: $enable_rp_tools]) + ;; +esac + case $enable_ca_tools in yes) build_ca_tools=yes if test $have_python_h = no @@ -366,15 +537,6 @@ case $enable_ca_tools in *) AC_MSG_ERROR([Unrecognized value for --enable-ca-tools: $enable_ca_tools]);; esac -case $enable_rpki_rtr in - yes) build_rpki_rtr=yes - ;; - no) build_rpki_rtr=no - ;; - *) AC_MSG_ERROR([Unrecognized value for --enable-rpki-rtr: $enable_rpki_rtr]);; -esac - - if test $build_ca_tools = yes && test $have_pyyaml = no then AC_MSG_WARN([PyYAML missing, so "make test" will not work properly.]) @@ -390,32 +552,59 @@ then AC_MSG_WARN([rrdtool missing, so rcynic-html won't be able to draw graphs.]) fi +if test $use_rcynic_jail = no && test "X$RSYNC" = "X" +then + ok=no + AC_MSG_WARN([The RPKI relying party tools require rsync.]) +fi + if test $ok = no then AC_MSG_ERROR([Please correct the problems above then re-run this configuration script.]) fi +# Figure out whether we are on a Debian-derived system where we need +# to tell setup.py about Debian installation layout. + +if test $build_ca_tools = yes +then + AC_MSG_CHECKING([whether we need to tell distutils to use Debian installation layout]) + use_debian_layout=no + if test -x /usr/bin/lsb_release + then + case `/usr/bin/lsb_release -is` in + Debian|Ubuntu) + use_debian_layout=yes + ;; + esac + fi + AC_MSG_RESULT([$use_debian_layout]) + if test $use_debian_layout = yes + then + SETUP_PY_INSTALL_LAYOUT='--install-layout=deb' + else + SETUP_PY_INSTALL_LAYOUT='' + + fi + AC_SUBST(SETUP_PY_INSTALL_LAYOUT) +fi + # Figure out which parts of this package we have to build. - TOP_LEVEL_SUBDIRS="" -test $build_openssl = yes && TOP_LEVEL_SUBDIRS="$TOP_LEVEL_SUBDIRS openssl" - TOP_LEVEL_SUBDIRS="$TOP_LEVEL_SUBDIRS h rcynic utils" -test $build_ca_tools = yes && TOP_LEVEL_SUBDIRS="$TOP_LEVEL_SUBDIRS rpkid" -test $build_rpki_rtr = yes && TOP_LEVEL_SUBDIRS="$TOP_LEVEL_SUBDIRS rtr-origin" + TOP_LEVEL_SUBDIRS="h" +test $build_openssl = yes && TOP_LEVEL_SUBDIRS="$TOP_LEVEL_SUBDIRS openssl" +test $build_rp_tools = yes && TOP_LEVEL_SUBDIRS="$TOP_LEVEL_SUBDIRS rcynic utils rtr-origin" +test $build_ca_tools = yes && TOP_LEVEL_SUBDIRS="$TOP_LEVEL_SUBDIRS rpkid" AC_SUBST(TOP_LEVEL_SUBDIRS) AC_CONFIG_FILES([Makefile - h/Makefile - rcynic/Makefile - rcynic/static-rsync/Makefile - utils/Makefile - utils/find_roa/Makefile - utils/hashdir/Makefile - utils/print_rpki_manifest/Makefile - utils/print_roa/Makefile - utils/scan_roas/Makefile - utils/uri/Makefile]) + h/Makefile]) + +if test "X$RCYNIC_STATIC_RSYNC" != "X" +then + AC_CONFIG_FILES([rcynic/static-rsync/Makefile]) +fi # OpenSSL has its own build system that bears no relationship to # anything but itself, and our use of it is a bit weird, so this is a @@ -466,10 +655,23 @@ else LIBS="$LIBS -lcrypto" fi +if test $build_rp_tools = yes +then + AC_CONFIG_FILES([rcynic/Makefile + utils/Makefile + utils/find_roa/Makefile + utils/hashdir/Makefile + utils/print_rpki_manifest/Makefile + utils/print_roa/Makefile + utils/scan_roas/Makefile + utils/uri/Makefile + rtr-origin/Makefile]) +fi + if test $build_ca_tools = yes then AC_MSG_CHECKING([if running under virtualenv]) - if test x$VIRTUAL_ENV != x; then + if test "x$VIRTUAL_ENV" != "x"; then AC_SUBST(VIRTUAL_ENV, [$VIRTUAL_ENV]) AC_MSG_RESULT([$VIRTUAL_ENV]) else @@ -486,9 +688,11 @@ then if test "$enable_wsgi_daemon_mode" != no then + save_IFS="$IFS" IFS=':' read user group <<_EOF $enable_wsgi_daemon_mode _EOF + IFS="$save_IFS" AC_SUBST(WSGI_DAEMON_PROCESS, "WSGIDaemonProcess rpkigui user=$user ${group:+group=}${group} display-name=%{GROUP}") AC_SUBST(WSGI_PROCESS_GROUP, "WSGIProcessGroup rpkigui") AC_MSG_RESULT([running mod_wsgi in daemon mode with user "$user" and group "${group:-default}"]) @@ -497,11 +701,6 @@ _EOF AC_CONFIG_FILES([rpkid/Makefile rpkid/tests/Makefile rpkid/portal-gui/Makefile]) fi -if test $build_rpki_rtr = yes -then - AC_CONFIG_FILES([rtr-origin/Makefile]) -fi - # Now that we're finally done with all the conditional changes to # CFLAGS, add a search directive for our own header directory. If we # ever get to the point of having our own library directory, we'd add |