--target=target-alias the machine that CC will produce code for
--enable-debug enable debugging
- --enable-seccomp enable seccomp
--enable-static prepare for static build
+ --without-pam disable pam support
+ --without-shadow disable shadow support
+
+ --with-timestamp enable timestamp support
+
+ --uid-max=NUM set UID_MAX (default 65535)
+ --gid-max=NUM set GID_MAX (default 65535)
+
--help, -h display this help and exit
EOF
exit 0
}
+# defaults
+WITHOUT_TIMESTAMP=yes
+UID_MAX=65535
+GID_MAX=65535
+
for x; do
opt=${x%%=*}
var=${x#*=}
case "$opt" in
- --prefix) PREFIX=$var;;
- --exec-prefix) EPREFIX=$var;;
- --bindir) BINDIR=$var;;
- --datadir) SHAREDIR=$var;;
- --mandir) MANDIR=$var;;
- --sysconfdir) SYSCONFDIR=$var;;
- --pamdir) PAMDIR=$var;;
- --build) BUILD=$var;;
- --host) HOST=$var;;
- --target) TARGET=$var;;
- --enable-debug) DEBUG=yes;;
- --enable-seccomp) BUILD_SECCOMP=yes;;
- --enable-static) BUILD_STATIC=yes;;
- --help|-h) usage;;
- *) die "Error: unknown option $opt";;
+ --prefix) PREFIX=$var ;;
+ --exec-prefix) EPREFIX=$var ;;
+ --bindir) BINDIR=$var ;;
+ --datadir) SHAREDIR=$var ;;
+ --mandir) MANDIR=$var ;;
+ --sysconfdir) SYSCONFDIR=$var ;;
+ --pamdir) PAMDIR=$var ;;
+ --build) BUILD=$var ;;
+ --host) HOST=$var ;;
+ --target) TARGET=$var ;;
+ --enable-debug) DEBUG=yes ;;
+ --enable-static) BUILD_STATIC=yes ;;
+ --with-pam) WITHOUT_PAM=; WITHOUT_SHADOW=yes ;;
+ --with-shadow) WITHOUT_SHADOW=; WITHOUT_PAM=yes ;;
+ --without-pam) WITHOUT_PAM=yes ;;
+ --without-shadow) WITHOUT_SHADOW=yes ;;
+ --with-timestamp) WITHOUT_TIMESTAMP= ;;
+ --without-timestamp) WITHOUT_TIMESTAMP=yes ;;
+ --uid-max) UID_MAX=$var ;;
+ --gid-max) UID_MAX=$var ;;
+ --help|-h) usage ;;
+ *) die "Error: unknown option $opt" ;;
esac
done
CONFIG_MK=config.mk
rm -f "$CONFIG_MK"
-: ${VERSION:="$(git describe --dirty --tags --long --always)"}
-
cat <<EOF >>$CONFIG_MK
-DESTDIR ?=
PREFIX ?= ${PREFIX:="/usr"}
EPREFIX ?= ${EPREFIX:="${PREFIX}"}
BINDIR ?= ${BINDIR:="${PREFIX}/bin"}
MANDIR ?= ${MANDIR:="${SHAREDIR}/man"}
SYSCONFDIR?= ${SYSCONFDIR:="/etc"}
PAMDIR ?= ${PAMDIR:="${SYSCONFDIR}/pam.d"}
-CFLAGS += -DVERSION="\"${VERSION}\""
EOF
if [ -z "$BUILD" ]; then
KERNEL=${REST%%-*}
fi
+OS_CFLAGS="-D__${OS}__"
+
case "$OS" in
linux)
- OS_CFLAGS="-D_DEFAULT_SOURCE -D_GNU_SOURCE -DUID_MAX=60000 -DGID_MAX=60000"
+ OS_CFLAGS="$OS_CFLAGS -D_DEFAULT_SOURCE -D_GNU_SOURCE -DUID_MAX=${UID_MAX} -DGID_MAX=${GID_MAX}"
printf 'CURDIR := .\n' >>$CONFIG_MK
- printf 'PAM_DOAS = pam.d__doas__linux\n' >>$CONFIG_MK
+ [ -z "$WITHOUT_PAM" ] && \
+ printf 'PAM_DOAS = pam.d__doas__linux\n' >>$CONFIG_MK
;;
esac
printf 'CFLAGS += -static\n' >>$CONFIG_MK
# Add CPPFLAGS/CFLAGS/LDFLAGS to CC for testing features
-XCC="${CC:=clang} $CFLAGS $OS_CFLAGS $CPPFLAGS $LDFLAGS"
+XCC="${CC:=cc} $CFLAGS $OS_CFLAGS $CPPFLAGS $LDFLAGS"
# Make sure to disable --as-needed for CC tests.
XCC="$XCC -Wl,--no-as-needed"
check_func() {
func="$1"; src="$2"; shift 2
- printf 'Checking for %-14s\t\t' "$func ..."
+ printf 'Checking for %-14s\t\t' "$func ..." >&2
printf '%s\n' "$src" >"_$func.c"
$XCC "_$func.c" -o "_$func" 2>/dev/null
ret=$?
rm -f "_$func.c" "_$func"
if [ $ret -eq 0 ]; then
- printf 'yes.\n'
+ printf 'yes.\n' >&2
upperfunc="$(printf '%s\n' "$func" | tr '[[:lower:]]' '[[:upper:]]')"
printf 'CFLAGS += -DHAVE_%s\n' "$upperfunc" >>$CONFIG_MK
return 0
else
- printf 'no.\n'
+ printf 'no.\n' >&2
return 1
fi
}
+authmethod() {
+ #
+ # Check for pam_appl.h.
+ #
+ src='
+#include <security/pam_appl.h>
+int main(void) {
+ return 0;
+}'
+ [ -z "$WITHOUT_PAM" ] && check_func "pam_appl_h" "$src" && {
+ printf 'SRCS += pam.c\n' >>$CONFIG_MK
+ printf 'LDFLAGS += -lpam\n' >>$CONFIG_MK
+ printf 'CPPFLAGS += -DUSE_PAM\n' >>$CONFIG_MK
+ printf 'pam\n'
+ return 0
+ }
+
+ #
+ # Check for shadow.h.
+ #
+ src='
+#include <shadow.h>
+int main(void) {
+ return 0;
+}'
+ [ -z "$WITHOUT_SHADOW" ] && check_func "shadow_h" "$src" && {
+ printf 'SRCS += shadow.c\n' >>$CONFIG_MK
+ printf 'LDFLAGS += -lcrypt\n' >>$CONFIG_MK
+ printf 'CPPFLAGS += -DUSE_SHADOW\n' >>$CONFIG_MK
+ printf 'shadow\n'
+ return 0
+ }
+
+ return 1
+}
+
+persistmethod() {
+ [ -z "$WITHOUT_TIMESTAMP" ] && {
+ printf 'CPPFLAGS += -DUSE_TIMESTAMP\n' >>$CONFIG_MK
+ printf 'SRCS += timestamp.c\n' >>$CONFIG_MK
+ printf 'timestamp\n'
+ return 0
+ }
+ return 1
+}
+
+#
+# Check for explicit_bzero().
+#
src='
#include <string.h>
int main(void) {
return 0;
}'
check_func "explicit_bzero" "$src" || {
- printf 'OPENBSD += explicit_bzero.c\n' >>$CONFIG_MK
+ printf 'OPENBSD += explicit_bzero.o\n' >>$CONFIG_MK
}
-
#
# Check for strlcat().
#
return 0;
}'
check_func "strlcat" "$src" || {
- printf 'OPENBSD += strlcat.c\n' >>$CONFIG_MK
+ printf 'OPENBSD += strlcat.o\n' >>$CONFIG_MK
}
#
return 0;
}'
check_func "strlcpy" "$src" || {
- printf 'OPENBSD += strlcpy.c\n' >>$CONFIG_MK
+ printf 'OPENBSD += strlcpy.o\n' >>$CONFIG_MK
}
#
return 0;
}'
check_func "errc" "$src" || {
- printf 'OPENBSD += errc.c\n' >>$CONFIG_MK
+ printf 'OPENBSD += errc.o\n' >>$CONFIG_MK
}
#
return 0;
}'
check_func "verrc" "$src" || {
- printf 'OPENBSD += verrc.c\n' >>$CONFIG_MK
+ printf 'OPENBSD += verrc.o\n' >>$CONFIG_MK
}
#
return 0;
}'
check_func "setprogname" "$src" || {
- printf 'OPENBSD += progname.c\n' >>$CONFIG_MK
+ printf 'OPENBSD += progname.o\n' >>$CONFIG_MK
}
#
return 0;
}'
check_func "readpassphrase" "$src" || {
- printf 'OPENBSD += readpassphrase.c\n' >>$CONFIG_MK
+ printf 'OPENBSD += readpassphrase.o\n' >>$CONFIG_MK
}
#
return 0;
}'
check_func "strtonum" "$src" || {
- printf 'OPENBSD += strtonum.c\n' >>$CONFIG_MK
+ printf 'OPENBSD += strtonum.o\n' >>$CONFIG_MK
}
#
return 0;
}'
check_func "reallocarray" "$src" || {
- printf 'OPENBSD += reallocarray.c\n' >>$CONFIG_MK
+ printf 'OPENBSD += reallocarray.o\n' >>$CONFIG_MK
}
#
-# Check for bsd_auth.h.
+# Check for execvpe().
#
src='
-#include <bsd_auth.h>
+#include <unistd.h>
int main(void) {
+ const char *p = { "", NULL };
+ execvpe("", p, p);
return 0;
}'
-check_func "bsd_auth_h" "$src" && \
- have_bsd_auth_h=1
+check_func "execvpe" "$src" || die "system has no execvpe(3): not supported"
#
-# Check for pam_appl.h.
+# Check for setresuid().
#
src='
-#include <security/pam_appl.h>
+#include <unistd.h>
int main(void) {
+ setresuid(0, 0, 0);
return 0;
}'
-[ -z "$have_bsd_auth_h" ] && \
- check_func "pam_appl_h" "$src" && {
- printf 'SRCS += doas_pam.c\n' >>$CONFIG_MK
- }
+check_func "setresuid" "$src" || die "system has no setresuid(2): not supported"
#
-# Check for login_cap.h.
+# Check for closefrom().
#
src='
-#include <login_cap.h>
+#include <unistd.h>
int main(void) {
+ closefrom(0);
return 0;
}'
-check_func "login_cap_h" "$src" || {
- printf 'OPENBSD += setusercontext.c\n' >>$CONFIG_MK
+check_func "closefrom" "$src" || {
+ printf 'OPENBSD += closefrom.o\n' >>$CONFIG_MK
}
#
-# Check for execvpe().
+# Check for sysconf().
#
src='
#include <unistd.h>
int main(void) {
- const char *p = { "", NULL };
- execvpe("", p, p);
+ (void)sysconf(0);
return 0;
}'
-check_func "execvpe" "$src" || {
- printf 'OPENBSD += execvpe.c\n' >>$CONFIG_MK
-}
+check_func "sysconf" "$src"
#
-# Check for setresuid().
+# Check for /proc/$PID.
+#
+printf 'Checking for %-14s\t\t' "/proc/\$PID ..." >&2
+if test -d /proc/$$; then
+ printf 'yes.\n' >&2
+ printf 'CFLAGS += -DHAVE_%s\n' "PROC_PID" >>$CONFIG_MK
+else
+ printf 'no.\n' >&2
+fi
+
+#
+# Check for dirfd().
#
src='
-#include <unistd.h>
+#include <dirent.h>
int main(void) {
- setresuid(0, 0, 0);
+ (void)dirfd(0);
return 0;
}'
-check_func "setresuid" "$src" || {
- printf 'OPENBSD += setresuid.c\n' >>$CONFIG_MK
-}
+check_func "dirfd" "$src"
#
-# Check for pledge().
+# Check for fcntl.h.
#
src='
-#include <unistd.h>
+#include <fcntl.h>
int main(void) {
- pledge("", NULL);
return 0;
}'
-check_func "pledge" "$src" && {
- have_pledge=1
-}
+check_func "fcntl_h" "$src"
#
-# Check for seccomp.h
+# Check for F_CLOSEM.
#
src='
-#include <linux/seccomp.h>
-#include <sys/prctl.h>
-#include <unistd.h>
+#include <fcntl.h>
+#ifndef F_CLOSEM
+#error no F_CLOSEM
+#endif
int main(void) {
- prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL);
return 0;
}'
-[ -z "$have_pledge" -a -n "$BUILD_SECCOMP" ] && \
- check_func "seccomp_h" "$src" && \
- {
- have_pledge=1
- printf 'OPENBSD += pledge-seccomp.c\n' >>$CONFIG_MK
- }
+check_func "F_CLOSEM" "$src"
+
+#
+# Check for dirent.h.
+#
+src='
+#include <dirent.h>
+int main(void) {
+ return 0;
+}'
+check_func "dirent_h" "$src"
+
+#
+# Check for sys/ndir.h.
+#
+src='
+#include <sys/ndir.h>
+int main(void) {
+ return 0;
+}'
+check_func "sys_ndir_h" "$src"
+
+#
+# Check for sys/dir.h.
+#
+src='
+#include <sys/dir.h>
+int main(void) {
+ return 0;
+}'
+check_func "sys_dir_h" "$src"
+
+#
+# Check for ndir.h.
+#
+src='
+#include <ndir.h>
+int main(void) {
+ return 0;
+}'
+check_func "ndir_h" "$src"
-[ -z "$have_pledge" ] && \
- printf 'OPENBSD += pledge-noop.c\n' >>$CONFIG_MK
+#
+#
+#
+src='
+#include <stdlib.h>
+int main(void){return 0;}
+__attribute__((__unused__)) static void foo(void){return;}
+'
+check_func "__attribute__" "$src" || {
+ printf 'CFLAGS += -DNO_ATTRIBUTE_ON_RETURN_TYPE=1\n' >>$CONFIG_MK
+}
+
+auth=$(authmethod)
+if [ $? -eq 0 ]; then
+ printf 'Using auth method\t\t\t%s.\n' "$auth" >&2
+else
+ printf 'Error auth method\t\t\n' >&2
+ exit 1
+fi
+
+persist=$(persistmethod)
+if [ $? -eq 0 ]; then
+ printf 'Using persist method\t\t\t%s.\n' "$persist" >&2
+else
+ printf 'Using persist method\t\t\tnone.\n' >&2
+fi
+printf 'Setting UID_MAX\t\t\t\t%d.\n' "$UID_MAX" >&2
+printf 'Setting GID_MAX\t\t\t\t%d.\n' "$GID_MAX" >&2