github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-21 06:45:29 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 1
firejail/configure.ac
netblue30 4522ccb4ef version 0.9.66rc1 released
2021-06-02 11:28:00 -04:00

359 lines
10 KiB
Text
Raw Blame History

#
# Note:
#
# If for any reason autoconf fails, run "autoreconf -i --install " and try again.
# This is how the error looks like on Arch Linux:
# ./configure: line 3064: syntax error near unexpected token `newline'
# ./configure: line 3064: `AX_CHECK_COMPILE_FLAG('
#
# We rely solely on autoconf, without automake. Apparently, in this case
# the macros from m4 directory are not picked up by default by automake.
# "autoreconf -i --install" seems to fix the problem.
#
AC_PREREQ([2.68])
AC_INIT([firejail],[0.9.66rc1],[netblue30@protonmail.com],[],[https://firejail.wordpress.com])
AC_CONFIG_SRCDIR([src/firejail/main.c])
AC_CONFIG_MACRO_DIR([m4])
AC_PROG_CC
AC_PROG_INSTALL
AC_PROG_RANLIB
HAVE_SPECTRE="no"
AX_CHECK_COMPILE_FLAG(
[-mindirect-branch=thunk],
[HAVE_SPECTRE="yes" && EXTRA_CFLAGS="$EXTRA_CFLAGS -mindirect-branch=thunk"]
)
AX_CHECK_COMPILE_FLAG(
[-mretpoline],
[HAVE_SPECTRE="yes" && EXTRA_CFLAGS="$EXTRA_CFLAGS -mretpoline"]
)
AX_CHECK_COMPILE_FLAG(
[-fstack-clash-protection],
[HAVE_SPECTRE="yes" && EXTRA_CFLAGS="$EXTRA_CFLAGS -fstack-clash-protection"]
)
AX_CHECK_COMPILE_FLAG(
[-fstack-protector-strong],
[HAVE_SPECTRE="yes" && EXTRA_CFLAGS="$EXTRA_CFLAGS -fstack-protector-strong"]
)
AC_ARG_ENABLE([analyzer],
AS_HELP_STRING([--enable-analyzer], [enable GCC static analyzer]))
AS_IF([test "x$enable_analyzer" = "xyes"], [
EXTRA_CFLAGS="$EXTRA_CFLAGS -fanalyzer -Wno-analyzer-malloc-leak"
])
HAVE_APPARMOR=""
AC_ARG_ENABLE([apparmor],
AS_HELP_STRING([--enable-apparmor], [enable apparmor]))
AS_IF([test "x$enable_apparmor" = "xyes"], [
HAVE_APPARMOR="-DHAVE_APPARMOR"
PKG_CHECK_MODULES([AA], libapparmor,
[EXTRA_CFLAGS="$EXTRA_CFLAGS $AA_CFLAGS" && EXTRA_LDFLAGS="$EXTRA_LDFLAGS $AA_LIBS"])
AC_SUBST(HAVE_APPARMOR)
])
HAVE_SELINUX=""
AC_ARG_ENABLE([selinux],
AS_HELP_STRING([--enable-selinux], [SELinux labeling support]))
AS_IF([test "x$enable_selinux" = "xyes"], [
HAVE_SELINUX="-DHAVE_SELINUX"
EXTRA_LDFLAGS="$EXTRA_LDFLAGS -lselinux "
AC_SUBST(HAVE_SELINUX)
])
AC_SUBST([EXTRA_CFLAGS])
AC_SUBST([EXTRA_LDFLAGS])
HAVE_DBUSPROXY=""
AC_ARG_ENABLE([dbusproxy],
AS_HELP_STRING([--disable-dbusproxy], [disable dbus proxy]))
AS_IF([test "x$enable_dbusproxy" != "xno"], [
HAVE_DBUSPROXY="-DHAVE_DBUSPROXY"
AC_SUBST(HAVE_DBUSPROXY)
])
# overlayfs features temporarely disabled pending fixes
HAVE_OVERLAYFS=""
AC_SUBST(HAVE_OVERLAYFS)
#
#AC_ARG_ENABLE([overlayfs],
# AS_HELP_STRING([--disable-overlayfs], [disable overlayfs]))
#AS_IF([test "x$enable_overlayfs" != "xno"], [
# HAVE_OVERLAYFS="-DHAVE_OVERLAYFS"
# AC_SUBST(HAVE_OVERLAYFS)
#])
HAVE_OUTPUT=""
AC_ARG_ENABLE([output],
AS_HELP_STRING([--disable-output], [disable --output logging]))
AS_IF([test "x$enable_output" != "xno"], [
HAVE_OUTPUT="-DHAVE_OUTPUT"
AC_SUBST(HAVE_OUTPUT)
])
HAVE_USERTMPFS=""
AC_ARG_ENABLE([usertmpfs],
AS_HELP_STRING([--disable-usertmpfs], [disable tmpfs as regular user]))
AS_IF([test "x$enable_usertmpfs" != "xno"], [
HAVE_USERTMPFS="-DHAVE_USERTMPFS"
AC_SUBST(HAVE_USERTMPFS)
])
HAVE_MAN="no"
AC_ARG_ENABLE([man],
AS_HELP_STRING([--disable-man], [disable man pages]))
AS_IF([test "x$enable_man" != "xno"], [
HAVE_MAN="-DHAVE_MAN"
AC_SUBST(HAVE_MAN)
AC_CHECK_PROG([HAVE_GAWK], [gawk], [yes], [no])
AS_IF([test "x$HAVE_GAWK" != "xyes"], [AC_MSG_ERROR("*** gawk not found ***")])
])
HAVE_FIRETUNNEL=""
AC_ARG_ENABLE([firetunnel],
AS_HELP_STRING([--disable-firetunnel], [disable firetunnel]))
AS_IF([test "x$enable_firetunnel" != "xno"], [
HAVE_FIRETUNNEL="-DHAVE_FIRETUNNEL"
AC_SUBST(HAVE_FIRETUNNEL)
])
HAVE_PRIVATEHOME=""
AC_ARG_ENABLE([private-home],
AS_HELP_STRING([--disable-private-home], [disable private home feature]))
AS_IF([test "x$enable_private_home" != "xno"], [
HAVE_PRIVATE_HOME="-DHAVE_PRIVATE_HOME"
AC_SUBST(HAVE_PRIVATE_HOME)
])
HAVE_CHROOT=""
AC_ARG_ENABLE([chroot],
AS_HELP_STRING([--disable-chroot], [disable chroot]))
AS_IF([test "x$enable_chroot" != "xno"], [
HAVE_CHROOT="-DHAVE_CHROOT"
AC_SUBST(HAVE_CHROOT)
])
HAVE_GLOBALCFG=""
AC_ARG_ENABLE([globalcfg],
AS_HELP_STRING([--disable-globalcfg], [if the global config file firejail.cfg is not present, continue the program using defaults]))
AS_IF([test "x$enable_globalcfg" != "xno"], [
HAVE_GLOBALCFG="-DHAVE_GLOBALCFG"
AC_SUBST(HAVE_GLOBALCFG)
])
HAVE_NETWORK=""
AC_ARG_ENABLE([network],
AS_HELP_STRING([--disable-network], [disable network]))
AS_IF([test "x$enable_network" != "xno"], [
HAVE_NETWORK="-DHAVE_NETWORK"
AC_SUBST(HAVE_NETWORK)
])
HAVE_USERNS=""
AC_ARG_ENABLE([userns],
AS_HELP_STRING([--disable-userns], [disable user namespace]))
AS_IF([test "x$enable_userns" != "xno"], [
HAVE_USERNS="-DHAVE_USERNS"
AC_SUBST(HAVE_USERNS)
])
HAVE_X11=""
AC_ARG_ENABLE([x11],
AS_HELP_STRING([--disable-x11], [disable X11 sandboxing support]))
AS_IF([test "x$enable_x11" != "xno"], [
HAVE_X11="-DHAVE_X11"
AC_SUBST(HAVE_X11)
])
HAVE_FILE_TRANSFER=""
AC_ARG_ENABLE([file-transfer],
AS_HELP_STRING([--disable-file-transfer], [disable file transfer]))
AS_IF([test "x$enable_file_transfer" != "xno"], [
HAVE_FILE_TRANSFER="-DHAVE_FILE_TRANSFER"
AC_SUBST(HAVE_FILE_TRANSFER)
])
HAVE_WHITELIST=""
AC_ARG_ENABLE([whitelist],
AS_HELP_STRING([--disable-whitelist], [disable whitelist]))
AS_IF([test "x$enable_whitelist" != "xno"], [
HAVE_WHITELIST="-DHAVE_WHITELIST"
AC_SUBST(HAVE_WHITELIST)
])
HAVE_SUID=""
AC_ARG_ENABLE([suid],
AS_HELP_STRING([--disable-suid], [install as a non-SUID executable]))
AS_IF([test "x$enable_suid" = "xno"],
[HAVE_SUID="no"],
[HAVE_SUID="yes"]
)
AC_SUBST(HAVE_SUID)
HAVE_FATAL_WARNINGS=""
AC_ARG_ENABLE([fatal_warnings],
AS_HELP_STRING([--enable-fatal-warnings], [-W -Wall -Werror]))
AS_IF([test "x$enable_fatal_warnings" = "xyes"], [
HAVE_FATAL_WARNINGS="-W -Wall -Werror"
AC_SUBST(HAVE_FATAL_WARNINGS)
])
BUSYBOX_WORKAROUND="no"
AC_ARG_ENABLE([busybox-workaround],
AS_HELP_STRING([--enable-busybox-workaround], [enable busybox workaround]))
AS_IF([test "x$enable_busybox_workaround" = "xyes"], [
BUSYBOX_WORKAROUND="yes"
AC_SUBST(BUSYBOX_WORKAROUND)
])
HAVE_GCOV=""
AC_ARG_ENABLE([gcov],
AS_HELP_STRING([--enable-gcov], [Gcov instrumentation]))
AS_IF([test "x$enable_gcov" = "xyes"], [
HAVE_GCOV="--coverage -DHAVE_GCOV "
EXTRA_LDFLAGS="$EXTRA_LDFLAGS -lgcov --coverage "
AC_SUBST(HAVE_GCOV)
])
HAVE_CONTRIB_INSTALL="yes"
AC_ARG_ENABLE([contrib-install],
AS_HELP_STRING([--enable-contrib-install], [install contrib scripts]))
AS_IF([test "x$enable_contrib_install" = "xno"],
[HAVE_CONTRIB_INSTALL="no"],
[HAVE_CONTRIB_INSTALL="yes"]
)
AC_SUBST(HAVE_CONTRIB_INSTALL)
HAVE_FORCE_NONEWPRIVS=""
AC_ARG_ENABLE([force-nonewprivs],
AS_HELP_STRING([--enable-force-nonewprivs], [enable force nonewprivs]))
AS_IF([test "x$enable_force_nonewprivs" = "xyes"], [
HAVE_FORCE_NONEWPRIVS="-DHAVE_FORCE_NONEWPRIVS"
AC_SUBST(HAVE_FORCE_NONEWPRIVS)
])
HAVE_LTS=""
AC_ARG_ENABLE([lts],
AS_HELP_STRING([--enable-lts], [enable long-term support software version (LTS)]))
AS_IF([test "x$enable_lts" = "xyes"], [
HAVE_LTS="-DHAVE_LTS"
AC_SUBST(HAVE_LTS)
HAVE_DBUSPROXY=""
AC_SUBST(HAVE_DBUSPROXY)
HAVE_OVERLAYFS=""
AC_SUBST(HAVE_OVERLAYFS)
HAVE_OUTPUT=""
AC_SUBST(HAVE_OUTPUT)
HAVE_USERTMPFS=""
AC_SUBST(HAVE_USERTMPFS)
HAVE_MAN="-DHAVE_MAN"
AC_SUBST(HAVE_MAN)
HAVE_FIRETUNNEL=""
AC_SUBST(HAVE_FIRETUNNEL)
HAVE_PRIVATEHOME=""
AC_SUBST(HAVE_PRIVATE_HOME)
HAVE_CHROOT=""
AC_SUBST(HAVE_CHROOT)
HAVE_GLOBALCFG=""
AC_SUBST(HAVE_GLOBALCFG)
HAVE_USERNS=""
AC_SUBST(HAVE_USERNS)
HAVE_X11=""
AC_SUBST(HAVE_X11)
HAVE_FILE_TRANSFER=""
AC_SUBST(HAVE_FILE_TRANSFER)
HAVE_SUID="yes"
AC_SUBST(HAVE_SUID)
BUSYBOX_WORKAROUND="no"
AC_SUBST(BUSYBOX_WORKAROUND)
HAVE_CONTRIB_INSTALL="no",
AC_SUBST(HAVE_CONTRIB_INSTALL)
])
# checking pthread library
AC_CHECK_LIB([pthread], [main], [], AC_MSG_ERROR([*** POSIX thread support not installed ***]))
AC_CHECK_HEADER(pthread.h,,AC_MSG_ERROR([*** POSIX thread support not installed ***]))
AC_CHECK_HEADER([linux/seccomp.h],,AC_MSG_ERROR([*** SECCOMP support is not installed (/usr/include/linux/seccomp.h missing) ***]))
# set sysconfdir
if test "$prefix" = /usr; then
test "$sysconfdir" = '${prefix}/etc' && sysconfdir="/etc"
fi
AC_CONFIG_FILES([mkdeb.sh], [chmod +x mkdeb.sh])
AC_CONFIG_FILES([Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile \
src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile \
src/ftee/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile \
src/profstats/Makefile src/man/Makefile src/zsh_completion/Makefile src/bash_completion/Makefile test/Makefile \
src/jailcheck/Makefile])
AC_OUTPUT
cat <<EOF
Configuration options:
prefix: $prefix
sysconfdir: $sysconfdir
apparmor: $HAVE_APPARMOR
SELinux labeling support: $HAVE_SELINUX
global config: $HAVE_GLOBALCFG
chroot: $HAVE_CHROOT
network: $HAVE_NETWORK
user namespace: $HAVE_USERNS
X11 sandboxing support: $HAVE_X11
whitelisting: $HAVE_WHITELIST
private home support: $HAVE_PRIVATE_HOME
file transfer support: $HAVE_FILE_TRANSFER
overlayfs support: $HAVE_OVERLAYFS
DBUS proxy support: $HAVE_DBUSPROXY
allow tmpfs as regular user: $HAVE_USERTMPFS
enable --ouput logging: $HAVE_OUTPUT
Manpage support: $HAVE_MAN
firetunnel support: $HAVE_FIRETUNNEL
busybox workaround: $BUSYBOX_WORKAROUND
Spectre compiler patch: $HAVE_SPECTRE
EXTRA_LDFLAGS: $EXTRA_LDFLAGS
EXTRA_CFLAGS: $EXTRA_CFLAGS
fatal warnings: $HAVE_FATAL_WARNINGS
Gcov instrumentation: $HAVE_GCOV
Install contrib scripts: $HAVE_CONTRIB_INSTALL
Install as a SUID executable: $HAVE_SUID
LTS: $HAVE_LTS
Always enforce filters: $HAVE_FORCE_NONEWPRIVS
EOF
if test "$HAVE_LTS" = -DHAVE_LTS; then
cat <<\EOF
*********************************************************
* Warning: Long-term support (LTS) was enabled! *
* Most compile-time options have bean rewritten! *
*********************************************************
EOF
fi
Reference in a new issue View git blame Copy permalink