Changeset 550 for trunk/configure.ac
- Timestamp:
- Oct 31, 2019, 9:13:12 PM (5 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/configure.ac
r548 r550 12 12 dnl start 13 13 dnl 14 AM_INIT_AUTOMAKE(samhain, 4. 3.3)14 AM_INIT_AUTOMAKE(samhain, 4.4.0) 15 15 AC_DEFINE([SAMHAIN], 1, [Application is samhain]) 16 16 AC_CANONICAL_HOST … … 2220 2220 2221 2221 dnl 2222 dnl GPG/PGPoptions2222 dnl Signify/GnuPG options 2223 2223 dnl 2224 2225 AC_ARG_WITH(signify, 2226 [ --with-signify=PATH use OpenBSD signify to verify database/config [[no]]], 2227 [ 2228 if test "x${withval}" != "xno"; then 2229 if test "x${cross_compiling}" = xyes; then 2230 mysignify="${withval}" 2231 else 2232 if test -f "${withval}"; then 2233 mysignify="${withval}" 2234 mychk0=`gpg --load-extension tiger --print-md TIGER192 ${withval} 2>/dev/null` 2235 if test "x$?" != "x0"; then 2236 mychktest=no 2237 for sam_pre in ./samhain ./yule /usr/local/sbin/samhain /usr/local/bin/samhain /usr/bin/samhain /usr/sbin/samhain /usr/local/sbin/yule /usr/local/bin/yule /usr/bin/yule /usr/sbin/yule; do 2238 if test x"${mychktest}" = xyes 2239 then 2240 : 2241 else 2242 if test -f ${sam_pre} 2243 then 2244 echo "use existing ${sam_pre} for signify checksum" 2245 mychk0=`${sam_pre} -H ${withval} 2>/dev/null` 2246 if test "x$?" != "x0"; then 2247 if test "x${nocl_code}" != "x"; then 2248 mychk0=`echo -H ${withval} | ${sam_pre} ${nocl_code} 2>/dev/null` 2249 if test "x$?" != "x0"; then 2250 : 2251 else 2252 mychk="${mychk0}" 2253 mychktest=yes 2254 fi 2255 fi 2256 else 2257 mychk="${mychk0}" 2258 mychktest=yes 2259 fi 2260 fi 2261 fi 2262 done 2263 if test x${mychktest} = xno; then 2264 AC_MSG_WARN([--with-signify: cannot determine TIGER192 checksum of ${withval}]) 2265 echo "-------------------------------------------------------------" 2266 echo " I cannot find an existing GnuPG or samhain binary to use." 2267 echo " You can:" 2268 echo " (a) run make to compile a samhain binary, then repeat" 2269 echo " ./configure and make" 2270 echo " (b) ignore the failure. The checksum of the signify binary" 2271 echo " will not get compiled in, thus allowing an attacker" 2272 echo " to replace signify with a trojan and subverting the" 2273 echo " signature verification of configure and database files." 2274 echo 2275 echo " PLEASE IGNORE THIS MESSAGE IF YOU ALSO USE --with-checksum" 2276 echo "-------------------------------------------------------------" 2277 fi 2278 else 2279 mychk="${mychk0}" 2280 fi 2281 else 2282 AC_MSG_ERROR([--with-signify: cannot find signify PATH=${withval}]) 2283 fi 2284 fi 2285 AC_DEFINE([WITH_SIG], 1, [Define if signature checking is supported.]) 2286 AC_DEFINE([WITH_SIGNIFY], 1, [Define if using OpenBSD signify for signature checking.]) 2287 AC_DEFINE_UNQUOTED([DEFAULT_SIG_PATH], _("${mysignify}"), [Define as path to signing binary]) 2288 AC_SUBST(mysignify) 2289 fi 2290 ] 2291 ) 2292 2293 AC_ARG_WITH(pubkey-checksum, 2294 [ --with-pubkey-checksum=CHKSUM compile in TIGER192 checksum of signify public key [[no]]], 2295 [ 2296 if test "x${withval}" != "xno"; then 2297 if test "x${withval}" == "xyes"; then 2298 AC_MSG_ERROR([Option --with-pubkey-checksum=CHKSUM: checksum CHKSUM of signify public key not specified.]) 2299 else 2300 if test "x${withval}" = "x"; then 2301 AC_MSG_ERROR([Option --with-checksum=CHKSUM: checksum CHKSUM of the signify public key not specified.]) 2302 fi 2303 fi 2304 AC_DEFINE([HAVE_SIG_KEY_HASH], 1, [Define if signing binary checksum available.]) 2305 AC_DEFINE_UNQUOTED([SIG_KEY_HASH], _("${withval}"), [Define as the signify public key checksum.] ) 2306 fi 2307 ] 2308 ) 2309 2224 2310 2225 2311 AC_ARG_WITH(gpg, 2226 2312 [ --with-gpg=PATH use GnuPG to verify database/config [[no]]], 2227 2313 [ 2314 if test "x${mysignify}" != "x"; then 2315 AC_MSG_ERROR([--with-gpg: already using --with-signify]) 2316 fi 2228 2317 if test "x${withval}" != "xno"; then 2229 2318 if test "x${cross_compiling}" = xyes; then … … 2284 2373 fi 2285 2374 fi 2375 AC_DEFINE([WITH_SIG], 1, [Define if signature checking is supported.]) 2286 2376 AC_DEFINE(WITH_GPG) 2287 AC_DEFINE_UNQUOTED( DEFAULT_GPG_PATH, _("${mygpg}"))2377 AC_DEFINE_UNQUOTED([DEFAULT_SIG_PATH], _("${mygpg}"), [Define as path to signing binary]) 2288 2378 AC_SUBST(mygpg) 2289 2379 fi … … 2312 2402 ) 2313 2403 2314 dnl AC_ARG_WITH(pgp,2315 dnl [ --with-pgp=PATH Use PGP to verify database/config (no).],2316 dnl [myppg="$withval"2317 dnl AC_DEFINE(WITH_PGP)2318 dnl AC_DEFINE_UNQUOTED(DEFAULT_PGP_PATH, _("${myppg}") )2319 dnl ])2320 2321 2404 AC_ARG_WITH(checksum, 2322 [ --with-checksum=CHKSUM compile in gpg/pgp checksum[[yes]]],2405 [ --with-checksum=CHKSUM compile in checksum of signing binary (e.g. gpg) [[yes]]], 2323 2406 [ 2324 2407 if test "x${withval}" != "xno"; then … … 2326 2409 if test "x${mychk}" != "x"; then 2327 2410 if test "x${mychk}" != "x${withval}"; then 2328 AC_MSG_WARN([--with-checksum: possible gpgCHKSUM problem])2411 AC_MSG_WARN([--with-checksum: possible signing binary CHKSUM problem]) 2329 2412 AC_MSG_WARN([--with-checksum: CHKSUM=${withval}]) 2330 2413 AC_MSG_WARN([--with-checksum: autodetected=${mychk}]) … … 2334 2417 else 2335 2418 if test "x${mychk}" = "x"; then 2336 AC_MSG_ERROR([Option --with-checksum=CHKSUM: checksum CHKSUM of the gpg binary not specified.])2419 AC_MSG_ERROR([Option --with-checksum=CHKSUM: checksum CHKSUM of the signing binary not specified.]) 2337 2420 fi 2338 2421 fi 2339 AC_DEFINE( HAVE_GPG_CHECKSUM)2340 AC_DEFINE_UNQUOTED( GPG_HASH, _("${mychk}"))2341 echo "${mychk}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef CHKSUM_H"; print "#define CHKSUM_H"; print "char gpgchk[50];"; for (i=1; i <= m; i++) printf "gpgchk[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "gpgchk[48] = %c%c0%c;\n", 39, 92, 39; print "#endif"; }' > sh_gpg_chksum.h2422 AC_DEFINE([HAVE_SIG_CHECKSUM], 1, [Define if signing binary checksum available.]) 2423 AC_DEFINE_UNQUOTED([SIG_HASH], _("${mychk}"), [Define as the signing binary TIGER192 checksum.] ) 2424 echo "${mychk}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef CHKSUM_H"; print "#define CHKSUM_H"; print "char sigchk[50];"; for (i=1; i <= m; i++) printf "sigchk[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "sigchk[48] = %c%c0%c;\n", 39, 92, 39; print "#endif"; }' > sh_sig_chksum.h 2342 2425 fi 2343 2426 ], 2344 2427 [ 2345 if test "x${mygpg}" != "x"; then 2428 if test "x${mygpg}" != "x" || test "x${mysignify}" != "x" 2429 then 2346 2430 if test "x${mychk}" != "x"; then 2347 AC_DEFINE(HAVE_GPG_CHECKSUM)2348 AC_DEFINE_UNQUOTED( GPG_HASH, _("${mychk}"))2349 echo "${mychk}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef CHKSUM_H"; print "#define CHKSUM_H"; print "char gpgchk[50];"; for (i=1; i <= m; i++) printf "gpgchk[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "gpgchk[48] = %c%c0%c;\n", 39, 92, 39; print "#endif"; }' > sh_gpg_chksum.h2431 AC_DEFINE([HAVE_SIG_CHECKSUM], 1, [Define if signing binary checksum available.]) 2432 AC_DEFINE_UNQUOTED([SIG_HASH], _("${mychk}"), [Define as the signing binary TIGER192 checksum.] ) 2433 echo "${mychk}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef CHKSUM_H"; print "#define CHKSUM_H"; print "char sigchk[50];"; for (i=1; i <= m; i++) printf "sigchk[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "sigchk[48] = %c%c0%c;\n", 39, 92, 39; print "#endif"; }' > sh_sig_chksum.h 2350 2434 fi 2351 2435 fi … … 2710 2794 scripts/samhain.ebuild 2711 2795 scripts/samhain.ebuild-light 2712 scripts/samhainadmin.pl 2796 scripts/samhainadmin-gpg.pl 2797 scripts/samhainadmin-sig.pl 2713 2798 scripts/yuleadmin.pl 2714 2799 scripts/check_samhain.pl … … 2718 2803 echo timestamp > stamp-h 2719 2804 chmod +x samhain-install.sh 2720 chmod +x scripts/samhainadmin.pl 2805 chmod +x scripts/samhainadmin-gpg.pl 2806 chmod +x scripts/samhainadmin-sig.pl 2721 2807 chmod +x scripts/yuleadmin.pl 2722 2808 chmod +x scripts/check_samhain.pl … … 2725 2811 2726 2812 chmod +x deploy.sh 2813 2814 if test "x${mysignify}" != x 2815 then 2816 cp -a scripts/samhainadmin-sig.pl scripts/samhainadmin.pl 2817 fi 2818 if test "x${mygpg}" != x 2819 then 2820 cp -a scripts/samhainadmin-gpg.pl scripts/samhainadmin.pl 2821 fi 2822 2727 2823 2728 2824 if test "x${cross_compiling}" = xyes
Note:
See TracChangeset
for help on using the changeset viewer.