--target=target-alias the machine that CC will produce code for
--enable-debug enable debugging
- --enable-seccomp enable seccomp
--enable-static prepare for static build
+ --without-pam disable pam support
+ --without-shadow disable shadow support
+
+ --with-timestamp enable timestamp support
+
+ --uid-max=NUM set UID_MAX (default 65535)
+ --gid-max=NUM set GID_MAX (default 65535)
+
--help, -h display this help and exit
EOF
exit 0
}
+# defaults
+WITHOUT_TIMESTAMP=yes
+UID_MAX=65535
+GID_MAX=65535
+
for x; do
opt=${x%%=*}
var=${x#*=}
case "$opt" in
- --prefix) PREFIX=$var;;
- --exec-prefix) EPREFIX=$var;;
- --bindir) BINDIR=$var;;
- --datadir) SHAREDIR=$var;;
- --mandir) MANDIR=$var;;
- --sysconfdir) SYSCONFDIR=$var;;
- --pamdir) PAMDIR=$var;;
- --build) BUILD=$var;;
- --host) HOST=$var;;
- --target) TARGET=$var;;
- --enable-debug) DEBUG=yes;;
- --enable-seccomp) BUILD_SECCOMP=yes;;
- --enable-static) BUILD_STATIC=yes;;
- --help|-h) usage;;
- *) die "Error: unknown option $opt";;
+ --prefix) PREFIX=$var ;;
+ --exec-prefix) EPREFIX=$var ;;
+ --bindir) BINDIR=$var ;;
+ --datadir) SHAREDIR=$var ;;
+ --mandir) MANDIR=$var ;;
+ --sysconfdir) SYSCONFDIR=$var ;;
+ --pamdir) PAMDIR=$var ;;
+ --build) BUILD=$var ;;
+ --host) HOST=$var ;;
+ --target) TARGET=$var ;;
+ --enable-debug) DEBUG=yes ;;
+ --enable-static) BUILD_STATIC=yes ;;
+ --with-pam) WITHOUT_PAM=; WITHOUT_SHADOW=yes ;;
+ --with-shadow) WITHOUT_SHADOW=; WITHOUT_PAM=yes ;;
+ --without-pam) WITHOUT_PAM=yes ;;
+ --without-shadow) WITHOUT_SHADOW=yes ;;
+ --with-timestamp) WITHOUT_TIMESTAMP= ;;
+ --without-timestamp) WITHOUT_TIMESTAMP=yes ;;
+ --uid-max) UID_MAX=$var ;;
+ --gid-max) UID_MAX=$var ;;
+ --help|-h) usage ;;
+ *) die "Error: unknown option $opt" ;;
esac
done
CONFIG_MK=config.mk
-rm -f "$CONFIG_MK"
+CONFIG_H=config.h
+rm -f "$CONFIG_MK" "$CONFIG_H"
-# : ${VERSION:="$(git describe --dirty --tags --long --always)"}
-: ${VERSION:="0.2"}
+cat <<! >$CONFIG_H
+#ifndef CONFIG_H
+#define CONFIG_H
-cat <<EOF >>$CONFIG_MK
-PREFIX ?= ${PREFIX:="/usr"}
-EPREFIX ?= ${EPREFIX:="${PREFIX}"}
-BINDIR ?= ${BINDIR:="${PREFIX}/bin"}
-SHAREDIR ?= ${SHAREDIR:="${PREFIX}/share"}
-MANDIR ?= ${MANDIR:="${SHAREDIR}/man"}
-SYSCONFDIR?= ${SYSCONFDIR:="/etc"}
-PAMDIR ?= ${PAMDIR:="${SYSCONFDIR}/pam.d"}
-CFLAGS += -DVERSION="\"${VERSION}\""
-EOF
+!
if [ -z "$BUILD" ]; then
BUILD="$(uname -m)-unknown-$(uname -s | tr '[:upper:]' '[:lower:]')"
case "$OS" in
linux)
- OS_CFLAGS="$OS_CFLAGS -D_DEFAULT_SOURCE -D_GNU_SOURCE -DUID_MAX=60000 -DGID_MAX=60000"
- printf 'CURDIR := .\n' >>$CONFIG_MK
- printf 'PAM_DOAS = pam.d__doas__linux\n' >>$CONFIG_MK
+ printf 'Setting UID_MAX\t\t\t\t%d.\n' "$UID_MAX" >&2
+ printf '#define UID_MAX %s\n' "$UID_MAX" >>$CONFIG_H
+ printf 'Setting GID_MAX\t\t\t\t%d.\n' "$GID_MAX" >&2
+ printf '#define GID_MAX %s\n' "$GID_MAX" >>$CONFIG_H
+ OS_CFLAGS="$OS_CFLAGS -D_DEFAULT_SOURCE -D_GNU_SOURCE"
+ ;;
+ netbsd)
+ OS_CFLAGS="$OS_CFLAGS -D_OPENBSD_SOURCE"
+ printf 'LDLIBS += -lutil\n' >>$CONFIG_MK
+ : ${BINGRP:=wheel}
+ ;;
+ freebsd)
+ printf 'LDLIBS += -lutil\n' >>$CONFIG_MK
+ : ${BINGRP:=wheel}
+ ;;
+ darwin)
+ : ${BINGRP:=wheel}
;;
esac
+: ${PREFIX:=/usr/local}
+: ${EPREFIX:=${PREFIX}}
+: ${BINDIR:=${PREFIX}/bin}
+: ${SHAREDIR:=${PREFIX}/share}
+: ${MANDIR:=${SHAREDIR}/man}
+: ${SYSCONFDIR:=/etc}
+: ${PAMDIR:=${SYSCONFDIR}/pam.d}
+: ${BINMODE:=4755}
+: ${BINOWN:=root}
+: ${BINGRP:=root}
+
+cat <<EOF >>$CONFIG_MK
+PREFIX ?= ${PREFIX}
+EPREFIX ?= ${EPREFIX}
+BINDIR ?= ${BINDIR}
+SHAREDIR ?= ${SHAREDIR}
+MANDIR ?= ${MANDIR}
+SYSCONFDIR?= ${SYSCONFDIR}
+PAMDIR ?= ${PAMDIR}
+BINMODE ?= ${BINMODE}
+BINOWN ?= ${BINOWN}
+BINGRP ?= ${BINGRP}
+EOF
+
[ -n "$OS_CFLAGS" ] && \
printf 'CFLAGS += %s\n' "$OS_CFLAGS" >>$CONFIG_MK
[ -n "$BUILD_STATIC" ] && \
printf 'CFLAGS += -static\n' >>$CONFIG_MK
-# Add CPPFLAGS/CFLAGS/LDFLAGS to CC for testing features
-XCC="${CC:=clang} $CFLAGS $OS_CFLAGS $CPPFLAGS $LDFLAGS"
+# Add CPPFLAGS/CFLAGS/LDFLAGS/LDLIBS to CC for testing features
+XCC="${CC:=cc} $CFLAGS $OS_CFLAGS $CPPFLAGS $LDFLAGS $LDLIBS"
# Make sure to disable --as-needed for CC tests.
-XCC="$XCC -Wl,--no-as-needed"
+
+case "$OS" in
+ darwin) ;;
+ *) XCC="$XCC -Wl,--no-as-needed" ;;
+esac
check_func() {
func="$1"; src="$2"; shift 2
- printf 'Checking for %-14s\t\t' "$func ..."
+ printf 'Checking for %-14s\t\t' "$func ..." >&2
printf '%s\n' "$src" >"_$func.c"
$XCC "_$func.c" -o "_$func" 2>/dev/null
ret=$?
rm -f "_$func.c" "_$func"
+ upperfunc="$(printf '%s\n' "$func" | tr '[[:lower:]]' '[[:upper:]]')"
if [ $ret -eq 0 ]; then
- printf 'yes.\n'
- upperfunc="$(printf '%s\n' "$func" | tr '[[:lower:]]' '[[:upper:]]')"
- printf 'CFLAGS += -DHAVE_%s\n' "$upperfunc" >>$CONFIG_MK
+ printf 'yes.\n' >&2
+ printf '#define HAVE_%s\n' "$upperfunc" >>$CONFIG_H
return 0
else
- printf 'no.\n'
+ printf '/* #define HAVE_%s */\n' "$upperfunc" >>$CONFIG_H
+ printf 'no.\n' >&2
return 1
fi
}
+authmethod() {
+ #
+ # Check for pam_appl.h.
+ #
+ src='
+#include <security/pam_appl.h>
+int main(void) {
+ return 0;
+}'
+ [ -z "$WITHOUT_PAM" ] && check_func "pam_appl_h" "$src" && {
+ printf 'SRCS += pam.c\n' >>$CONFIG_MK
+ printf 'LDLIBS += -lpam\n' >>$CONFIG_MK
+ printf '#define USE_PAM\n' >>$CONFIG_H
+ printf 'pam\n'
+
+ pam_file="pam.d__doas__${OS}"
+ [ -e "$pam_file" ] && printf 'PAM_DOAS = %s\n' "$pam_file" >>$CONFIG_MK
+ return 0
+ }
+
+ #
+ # Check for shadow.h.
+ #
+ src='
+#include <shadow.h>
+int main(void) {
+ return 0;
+}'
+ [ -z "$WITHOUT_SHADOW" ] && check_func "shadow_h" "$src" && {
+ printf 'SRCS += shadow.c\n' >>$CONFIG_MK
+ printf 'LDLIBS += -lcrypt\n' >>$CONFIG_MK
+ printf '#define USE_SHADOW\n' >>$CONFIG_H
+ printf 'shadow\n'
+ return 0
+ }
+
+ return 1
+}
+
+persistmethod() {
+ [ -z "$WITHOUT_TIMESTAMP" ] && {
+ printf '#define USE_TIMESTAMP\n' >>$CONFIG_H
+ printf 'SRCS += timestamp.c\n' >>$CONFIG_MK
+ printf 'timestamp\n'
+ return 0
+ }
+ return 1
+}
+
+#
+# Check for explicit_bzero().
+#
src='
#include <string.h>
int main(void) {
return 0;
}'
check_func "explicit_bzero" "$src" || {
- printf 'OPENBSD += explicit_bzero.o\n' >>$CONFIG_MK
+ printf 'SRCS += libopenbsd/explicit_bzero.c\n' >>$CONFIG_MK
}
-
#
# Check for strlcat().
#
return 0;
}'
check_func "strlcat" "$src" || {
- printf 'OPENBSD += strlcat.o\n' >>$CONFIG_MK
+ printf 'SRCS += libopenbsd/strlcat.c\n' >>$CONFIG_MK
}
#
return 0;
}'
check_func "strlcpy" "$src" || {
- printf 'OPENBSD += strlcpy.o\n' >>$CONFIG_MK
+ printf 'SRCS += libopenbsd/strlcpy.c\n' >>$CONFIG_MK
}
#
return 0;
}'
check_func "errc" "$src" || {
- printf 'OPENBSD += errc.o\n' >>$CONFIG_MK
+ printf 'SRCS += libopenbsd/errc.c\n' >>$CONFIG_MK
}
#
# Check for verrc().
#
src='
+#include <stddef.h>
#include <err.h>
int main(void) {
- verrc(0, 0, "");
+ verrc(0, 0, "x", NULL);
return 0;
}'
check_func "verrc" "$src" || {
- printf 'OPENBSD += verrc.o\n' >>$CONFIG_MK
+ printf 'SRCS += libopenbsd/verrc.c\n' >>$CONFIG_MK
}
#
return 0;
}'
check_func "setprogname" "$src" || {
- printf 'OPENBSD += progname.o\n' >>$CONFIG_MK
+ printf 'SRCS += libopenbsd/progname.c\n' >>$CONFIG_MK
}
#
return 0;
}'
check_func "readpassphrase" "$src" || {
- printf 'OPENBSD += readpassphrase.o\n' >>$CONFIG_MK
+ printf 'SRCS += libopenbsd/readpassphrase.c\n' >>$CONFIG_MK
}
#
return 0;
}'
check_func "strtonum" "$src" || {
- printf 'OPENBSD += strtonum.o\n' >>$CONFIG_MK
+ printf 'SRCS += libopenbsd/strtonum.c\n' >>$CONFIG_MK
}
#
return 0;
}'
check_func "reallocarray" "$src" || {
- printf 'OPENBSD += reallocarray.o\n' >>$CONFIG_MK
+ printf 'SRCS += libopenbsd/reallocarray.c\n' >>$CONFIG_MK
}
#
-# Check for bsd_auth.h.
+# Check for execvpe().
#
src='
-#include <bsd_auth.h>
+#include <unistd.h>
int main(void) {
+ const char *p = { "", NULL };
+ execvpe("", p, p);
return 0;
}'
-check_func "bsd_auth_h" "$src" && \
- have_bsd_auth_h=1
+check_func "execvpe" "$src" || {
+ printf 'SRCS += libopenbsd/execvpe.c\n' >>$CONFIG_MK
+}
#
-# Check for pam_appl.h.
+# Check for setresuid().
#
src='
-#include <security/pam_appl.h>
+#include <unistd.h>
int main(void) {
+ setresuid(0, 0, 0);
return 0;
}'
-[ -z "$have_bsd_auth_h" ] && \
- check_func "pam_appl_h" "$src" && {
- printf 'SRCS += doas_pam.c\n' >>$CONFIG_MK
- printf 'LDFLAGS += -lpam\n' >>$CONFIG_MK
- }
+check_func "setresuid" "$src"
+have_setresuid=$?
#
-# Check for login_cap.h.
+# Check for setresgid().
#
src='
-#include <login_cap.h>
+#include <unistd.h>
int main(void) {
+ setresgid(0, 0, 0);
return 0;
}'
-check_func "login_cap_h" "$src" || {
- printf 'OPENBSD += setusercontext.o\n' >>$CONFIG_MK
-}
+check_func "setresgid" "$src"
+have_setresgid=$?
+
+if [ $have_setresuid -eq 1 -o $have_setresgid -eq 1 ]; then
+ printf 'SRCS += libopenbsd/bsd-setres_id.c\n' >>$CONFIG_MK
+fi
#
-# Check for execvpe().
+# Check for setreuid().
#
src='
#include <unistd.h>
int main(void) {
- const char *p = { "", NULL };
- execvpe("", p, p);
+ setreuid(0, 0);
return 0;
}'
-check_func "execvpe" "$src" || {
- printf 'OPENBSD += execvpe.o\n' >>$CONFIG_MK
-}
+check_func "setreuid" "$src"
+
#
-# Check for setresuid().
+# Check for setregid().
#
src='
#include <unistd.h>
int main(void) {
- setresuid(0, 0, 0);
+ setregid(0, 0);
return 0;
}'
-check_func "setresuid" "$src" || {
- printf 'OPENBSD += setresuid.o\n' >>$CONFIG_MK
-}
+check_func "setregid" "$src"
#
-# Check for pledge().
+# Check for closefrom().
#
src='
#include <unistd.h>
int main(void) {
- pledge("", NULL);
+ closefrom(0);
return 0;
}'
-check_func "pledge" "$src" && {
- have_pledge=1
+check_func "closefrom" "$src" || {
+ printf 'SRCS += libopenbsd/closefrom.c\n' >>$CONFIG_MK
}
#
-# Check for seccomp.h
+# Check for sysconf().
#
src='
-#include <linux/seccomp.h>
-#include <sys/prctl.h>
#include <unistd.h>
int main(void) {
- prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL);
+ (void)sysconf(0);
return 0;
}'
-[ -z "$have_pledge" -a -n "$BUILD_SECCOMP" ] && \
- check_func "seccomp_h" "$src" && \
- {
- have_pledge=1
- printf 'OPENBSD += pledge-seccomp.o\n' >>$CONFIG_MK
- }
+check_func "sysconf" "$src"
+
+#
+# Check for dirfd().
+#
+src='
+#include <dirent.h>
+int main(void) {
+ (void)dirfd(0);
+ return 0;
+}'
+check_func "dirfd" "$src"
+
+#
+# Check for fcntl.h.
+#
+src='
+#include <fcntl.h>
+int main(void) {
+ return 0;
+}'
+check_func "fcntl_h" "$src"
+
+#
+# Check for F_CLOSEM.
+#
+src='
+#include <fcntl.h>
+#ifndef F_CLOSEM
+#error no F_CLOSEM
+#endif
+int main(void) {
+ return 0;
+}'
+check_func "F_CLOSEM" "$src"
+
+#
+# Check for dirent.h.
+#
+src='
+#include <dirent.h>
+int main(void) {
+ return 0;
+}'
+check_func "dirent_h" "$src"
+
+#
+# Check for sys/ndir.h.
+#
+src='
+#include <sys/ndir.h>
+int main(void) {
+ return 0;
+}'
+check_func "sys_ndir_h" "$src"
+
+#
+# Check for sys/dir.h.
+#
+src='
+#include <sys/dir.h>
+int main(void) {
+ return 0;
+}'
+check_func "sys_dir_h" "$src"
+
+#
+# Check for ndir.h.
+#
+src='
+#include <ndir.h>
+int main(void) {
+ return 0;
+}'
+check_func "ndir_h" "$src"
+
+#
+# Check for login_cap.h.
+#
+src='
+#include <sys/types.h>
+#include <login_cap.h>
+int main(void) {
+ return 0;
+}'
+check_func "login_cap_h" "$src"
+
+#
+#
+#
+src='
+#include <stdlib.h>
+int main(void){return 0;}
+__attribute__((__unused__)) static void foo(void){return;}
+'
+check_func "__attribute__" "$src" || {
+ printf 'CFLAGS += -DNO_ATTRIBUTE_ON_RETURN_TYPE=1\n' >>$CONFIG_MK
+}
+
+auth=$(authmethod)
+if [ $? -eq 0 ]; then
+ printf 'Using auth method\t\t\t%s.\n' "$auth" >&2
+else
+ printf 'Error auth method\t\t\n' >&2
+ exit 1
+fi
+
+persist=$(persistmethod)
+if [ $? -eq 0 ]; then
+ printf 'Using persist method\t\t\t%s.\n' "$persist" >&2
+else
+ printf 'Using persist method\t\t\tnone.\n' >&2
+fi
+
+printf '#define DOAS_CONF "%s/doas.conf"\n' "${SYSCONFDIR}" >>$CONFIG_H
-[ -z "$have_pledge" ] && \
- printf 'OPENBSD += pledge-noop.o\n' >>$CONFIG_MK
+printf '\n#endif /* CONFIG_H */\n' >>$CONFIG_H