Merge branch 'ticket23602_029'
[tor.git] / configure.ac
blobd2682944fb5aa204b8899c24ba33417762625795
1 dnl Copyright (c) 2001-2004, Roger Dingledine
2 dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
3 dnl Copyright (c) 2007-2017, The Tor Project, Inc.
4 dnl See LICENSE for licensing information
6 AC_PREREQ([2.63])
7 AC_INIT([tor],[0.3.2.1-alpha-dev])
8 AC_CONFIG_SRCDIR([src/or/main.c])
9 AC_CONFIG_MACRO_DIR([m4])
11 # "foreign" means we don't follow GNU package layout standards
12 # "1.11" means we require automake version 1.11 or newer
13 # "subdir-objects" means put .o files in the same directory as the .c files
14 AM_INIT_AUTOMAKE([foreign 1.11 subdir-objects -Wall -Werror])
16 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
17 AC_CONFIG_HEADERS([orconfig.h])
19 AC_USE_SYSTEM_EXTENSIONS
20 AC_CANONICAL_HOST
22 PKG_PROG_PKG_CONFIG
24 if test -f "/etc/redhat-release"; then
25   if test -f "/usr/kerberos/include"; then
26     CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include"
27   fi
30 # Not a no-op; we want to make sure that CPPFLAGS is set before we use
31 # the += operator on it in src/or/Makefile.am
32 CPPFLAGS="$CPPFLAGS -I\${top_srcdir}/src/common"
34 AC_ARG_ENABLE(openbsd-malloc,
35    AS_HELP_STRING(--enable-openbsd-malloc, [use malloc code from OpenBSD.  Linux only]))
36 AC_ARG_ENABLE(static-openssl,
37    AS_HELP_STRING(--enable-static-openssl, [link against a static openssl library. Requires --with-openssl-dir]))
38 AC_ARG_ENABLE(static-libevent,
39    AS_HELP_STRING(--enable-static-libevent, [link against a static libevent library. Requires --with-libevent-dir]))
40 AC_ARG_ENABLE(static-zlib,
41    AS_HELP_STRING(--enable-static-zlib, [link against a static zlib library. Requires --with-zlib-dir]))
42 AC_ARG_ENABLE(static-tor,
43    AS_HELP_STRING(--enable-static-tor, [create an entirely static Tor binary. Requires --with-openssl-dir and --with-libevent-dir and --with-zlib-dir]))
44 AC_ARG_ENABLE(unittests,
45    AS_HELP_STRING(--disable-unittests, [don't build unit tests for Tor. Risky!]))
46 AC_ARG_ENABLE(coverage,
47    AS_HELP_STRING(--enable-coverage, [enable coverage support in the unit-test build]))
48 AC_ARG_ENABLE(asserts-in-tests,
49    AS_HELP_STRING(--disable-asserts-in-tests, [disable tor_assert() calls in the unit tests, for branch coverage]))
50 AC_ARG_ENABLE(system-torrc,
51    AS_HELP_STRING(--disable-system-torrc, [don't look for a system-wide torrc file]))
52 AC_ARG_ENABLE(libfuzzer,
53    AS_HELP_STRING(--enable-libfuzzer, [build extra fuzzers based on 'libfuzzer']))
54 AC_ARG_ENABLE(oss-fuzz,
55    AS_HELP_STRING(--enable-oss-fuzz, [build extra fuzzers based on 'oss-fuzz' environment]))
56 AC_ARG_ENABLE(memory-sentinels,
57    AS_HELP_STRING(--disable-memory-sentinels, [disable code that tries to prevent some kinds of memory access bugs. For fuzzing only.]))
58 AC_ARG_ENABLE(rust,
59    AS_HELP_STRING(--enable-rust, [enable rust integration]))
60 AC_ARG_ENABLE(cargo-online-mode,
61    AS_HELP_STRING(--enable-cargo-online-mode, [Allow cargo to make network requests to fetch crates. For builds with rust only.]))
63 if test "x$enable_coverage" != "xyes" -a "x$enable_asserts_in_tests" = "xno" ; then
64     AC_MSG_ERROR([Can't disable assertions outside of coverage build])
67 AM_CONDITIONAL(UNITTESTS_ENABLED, test "x$enable_unittests" != "xno")
68 AM_CONDITIONAL(COVERAGE_ENABLED, test "x$enable_coverage" = "xyes")
69 AM_CONDITIONAL(DISABLE_ASSERTS_IN_UNIT_TESTS, test "x$enable_asserts_in_tests" = "xno")
70 AM_CONDITIONAL(LIBFUZZER_ENABLED, test "x$enable_libfuzzer" = "xyes")
71 AM_CONDITIONAL(OSS_FUZZ_ENABLED, test "x$enable_oss_fuzz" = "xyes")
72 AM_CONDITIONAL(USE_RUST, test "x$enable_rust" = "xyes")
74 if test "$enable_static_tor" = "yes"; then
75   enable_static_libevent="yes";
76   enable_static_openssl="yes";
77   enable_static_zlib="yes";
78   CFLAGS="$CFLAGS -static"
81 if test "$enable_system_torrc" = "no"; then
82   AC_DEFINE(DISABLE_SYSTEM_TORRC, 1,
83             [Defined if we're not going to look for a torrc in SYSCONF])
86 if test "$enable_memory_sentinels" = "no"; then
87   AC_DEFINE(DISABLE_MEMORY_SENTINELS, 1,
88            [Defined if we're turning off memory safety code to look for bugs])
91 AM_CONDITIONAL(USE_OPENBSD_MALLOC, test "x$enable_openbsd_malloc" = "xyes")
93 AC_ARG_ENABLE(asciidoc,
94      AS_HELP_STRING(--disable-asciidoc, [don't use asciidoc (disables building of manpages)]),
95      [case "${enableval}" in
96         "yes") asciidoc=true ;;
97         "no")  asciidoc=false ;;
98         *) AC_MSG_ERROR(bad value for --disable-asciidoc) ;;
99       esac], [asciidoc=true])
101 # systemd notify support
102 AC_ARG_ENABLE(systemd,
103       AS_HELP_STRING(--enable-systemd, [enable systemd notification support]),
104       [case "${enableval}" in
105         "yes") systemd=true ;;
106         "no")  systemd=false ;;
107         * ) AC_MSG_ERROR(bad value for --enable-systemd) ;;
108       esac], [systemd=auto])
112 # systemd support
113 if test "x$enable_systemd" = "xno"; then
114     have_systemd=no;
115 else
116     PKG_CHECK_MODULES(SYSTEMD,
117         [libsystemd-daemon],
118         have_systemd=yes,
119         have_systemd=no)
120     if test "x$have_systemd" = "xno"; then
121         AC_MSG_NOTICE([Okay, checking for systemd a different way...])
122         PKG_CHECK_MODULES(SYSTEMD,
123             [libsystemd],
124             have_systemd=yes,
125             have_systemd=no)
126     fi
129 if test "x$have_systemd" = "xyes"; then
130     AC_DEFINE(HAVE_SYSTEMD,1,[Have systemd])
131     TOR_SYSTEMD_CFLAGS="${SYSTEMD_CFLAGS}"
132     TOR_SYSTEMD_LIBS="${SYSTEMD_LIBS}"
133     PKG_CHECK_MODULES(LIBSYSTEMD209, [libsystemd >= 209],
134          [AC_DEFINE(HAVE_SYSTEMD_209,1,[Have systemd v209 or more])], [])
136 AC_SUBST(TOR_SYSTEMD_CFLAGS)
137 AC_SUBST(TOR_SYSTEMD_LIBS)
139 if test "x$enable_systemd" = "xyes" -a "x$have_systemd" != "xyes" ; then
140     AC_MSG_ERROR([Explicitly requested systemd support, but systemd not found])
143 case "$host" in
144    *-*-solaris* )
145      AC_DEFINE(_REENTRANT, 1, [Define on some platforms to activate x_r() functions in time.h])
146      ;;
147 esac
149 AC_ARG_ENABLE(gcc-warnings,
150      AS_HELP_STRING(--enable-gcc-warnings, [deprecated alias for enable-fatal-warnings]))
151 AC_ARG_ENABLE(fatal-warnings,
152      AS_HELP_STRING(--enable-fatal-warnings, [tell the compiler to treat all warnings as errors.]))
153 AC_ARG_ENABLE(gcc-warnings-advisory,
154      AS_HELP_STRING(--disable-gcc-warnings-advisory, [disable the regular verbose warnings]))
156 dnl Others suggest '/gs /safeseh /nxcompat /dynamicbase' for non-gcc on Windows
157 AC_ARG_ENABLE(gcc-hardening,
158     AS_HELP_STRING(--disable-gcc-hardening, [disable compiler security checks]))
160 dnl Deprecated --enable-expensive-hardening but keep it for now for backward compat.
161 AC_ARG_ENABLE(expensive-hardening,
162     AS_HELP_STRING(--enable-expensive-hardening, [enable more fragile and expensive compiler hardening; makes Tor slower]))
163 AC_ARG_ENABLE(fragile-hardening,
164     AS_HELP_STRING(--enable-fragile-hardening, [enable more fragile and expensive compiler hardening; makes Tor slower]))
165 if test "x$enable_expensive_hardening" = "xyes" || test "x$enable_fragile_hardening" = "xyes"; then
166   fragile_hardening="yes"
169 dnl Linker hardening options
170 dnl Currently these options are ELF specific - you can't use this with MacOSX
171 AC_ARG_ENABLE(linker-hardening,
172     AS_HELP_STRING(--disable-linker-hardening, [disable linker security fixups]))
174 AC_ARG_ENABLE(local-appdata,
175    AS_HELP_STRING(--enable-local-appdata, [default to host local application data paths on Windows]))
176 if test "$enable_local_appdata" = "yes"; then
177   AC_DEFINE(ENABLE_LOCAL_APPDATA, 1,
178             [Defined if we default to host local appdata paths on Windows])
181 # Tor2web mode flag
182 AC_ARG_ENABLE(tor2web-mode,
183      AS_HELP_STRING(--enable-tor2web-mode, [support tor2web non-anonymous mode]),
184 [if test "x$enableval" = "xyes"; then
185     CFLAGS="$CFLAGS -D ENABLE_TOR2WEB_MODE=1"
186 fi])
188 AC_ARG_ENABLE(tool-name-check,
189      AS_HELP_STRING(--disable-tool-name-check, [check for sanely named toolchain when cross-compiling]))
191 AC_ARG_ENABLE(seccomp,
192      AS_HELP_STRING(--disable-seccomp, [do not attempt to use libseccomp]))
194 AC_ARG_ENABLE(libscrypt,
195      AS_HELP_STRING(--disable-libscrypt, [do not attempt to use libscrypt]))
197 dnl Enable event tracing which are transformed to debug log statement.
198 AC_ARG_ENABLE(event-tracing-debug,
199      AS_HELP_STRING(--enable-event-tracing-debug, [build with event tracing to debug log]))
200 AM_CONDITIONAL([USE_EVENT_TRACING_DEBUG], [test "x$enable_event_tracing_debug" = "xyes"])
202 if test x$enable_event_tracing_debug = xyes; then
203   AC_DEFINE([USE_EVENT_TRACING_DEBUG], [1], [Tracing framework to log debug])
204   AC_DEFINE([TOR_EVENT_TRACING_ENABLED], [1], [Compile the event tracing instrumentation])
207 dnl check for the correct "ar" when cross-compiling.
208 dnl   (AM_PROG_AR was new in automake 1.11.2, which we do not yet require,
209 dnl    so kludge up a replacement for the case where it isn't there yet.)
210 m4_ifdef([AM_PROG_AR],
211          [AM_PROG_AR],
212          [AN_MAKEVAR([AR], [AC_PROG_AR])
213           AN_PROGRAM([ar], [AC_PROG_AR])
214           AC_DEFUN([AC_PROG_AR], [AC_CHECK_TOOL([AR], [ar], [:])])
215           AC_PROG_AR])
217 dnl Check whether the above macro has settled for a simply named tool even
218 dnl though we're cross compiling. We must do this before running AC_PROG_CC,
219 dnl because that will find any cc on the system, not only the cross-compiler,
220 dnl and then verify that a binary built with this compiler runs on the
221 dnl build system. It will then come to the false conclusion that we're not
222 dnl cross-compiling.
223 if test "x$enable_tool_name_check" != "xno"; then
224     if test "x$ac_tool_warned" = "xyes"; then
225         AC_MSG_ERROR([We are cross compiling but could not find a properly named toolchain. Do you have your cross-compiling toolchain in PATH? (You can --disable-tool-name-check to ignore this.)])
226         elif test "x$ac_ct_AR" != "x" -a "x$cross_compiling" = "xmaybe"; then
227                 AC_MSG_ERROR([We think we are cross compiling but could not find a properly named toolchain. Do you have your cross-compiling toolchain in PATH? (You can --disable-tool-name-check to ignore this.)])
228         fi
231 AC_PROG_CC
232 AC_PROG_CPP
233 AC_PROG_MAKE_SET
234 AC_PROG_RANLIB
235 AC_PROG_SED
237 AC_ARG_VAR([PERL], [path to Perl binary])
238 AC_CHECK_PROGS([PERL], [perl])
239 AM_CONDITIONAL(USE_PERL, [test "x$ac_cv_prog_PERL" != "x"])
241 dnl check for asciidoc and a2x
242 AC_PATH_PROG([ASCIIDOC], [asciidoc], none)
243 AC_PATH_PROGS([A2X], [a2x a2x.py], none)
245 AM_CONDITIONAL(USE_ASCIIDOC, test "x$asciidoc" = "xtrue")
247 AM_PROG_CC_C_O
248 AC_PROG_CC_C99
250 AC_ARG_VAR([PYTHON], [path to Python binary])
251 AC_CHECK_PROGS(PYTHON, [python python2 python2.7 python3 python3.3])
252 if test "x$PYTHON" = "x"; then
253   AC_MSG_WARN([Python unavailable; some tests will not be run.])
255 AM_CONDITIONAL(USEPYTHON, [test "x$PYTHON" != "x"])
257 dnl List all external rust crates we depend on here. Include the version
258 rust_crates="libc-0.2.22"
259 AC_SUBST(rust_crates)
261 ifdef([AC_C_FLEXIBLE_ARRAY_MEMBER], [
262 AC_C_FLEXIBLE_ARRAY_MEMBER
263 ], [
264  dnl Maybe we've got an old autoconf...
265  AC_CACHE_CHECK([for flexible array members],
266      tor_cv_c_flexarray,
267      [AC_COMPILE_IFELSE(
268        AC_LANG_PROGRAM([
269  struct abc { int a; char b[]; };
270 ], [
271  struct abc *def = malloc(sizeof(struct abc)+sizeof(char));
272  def->b[0] = 33;
274   [tor_cv_c_flexarray=yes],
275   [tor_cv_c_flexarray=no])])
276  if test "$tor_cv_flexarray" = "yes"; then
277    AC_DEFINE([FLEXIBLE_ARRAY_MEMBER], [], [Define to nothing if C supports flexible array members, and to 1 if it does not.])
278  else
279    AC_DEFINE([FLEXIBLE_ARRAY_MEMBER], [1], [Define to nothing if C supports flexible array members, and to 1 if it does not.])
280  fi
283 AC_CACHE_CHECK([for working C99 mid-block declaration syntax],
284       tor_cv_c_c99_decl,
285       [AC_COMPILE_IFELSE(
286          [AC_LANG_PROGRAM([], [int x; x = 3; int y; y = 4 + x;])],
287          [tor_cv_c_c99_decl=yes],
288          [tor_cv_c_c99_decl=no] )])
289 if test "$tor_cv_c_c99_decl" != "yes"; then
290   AC_MSG_ERROR([Your compiler doesn't support c99 mid-block declarations. This is required as of Tor 0.2.6.x])
293 AC_CACHE_CHECK([for working C99 designated initializers],
294       tor_cv_c_c99_designated_init,
295       [AC_COMPILE_IFELSE(
296          [AC_LANG_PROGRAM([struct s { int a; int b; };],
297                [[ struct s ss = { .b = 5, .a = 6 }; ]])],
298          [tor_cv_c_c99_designated_init=yes],
299          [tor_cv_c_c99_designated_init=no] )])
301 if test "$tor_cv_c_c99_designated_init" != "yes"; then
302   AC_MSG_ERROR([Your compiler doesn't support c99 designated initializers. This is required as of Tor 0.2.6.x])
305 TORUSER=_tor
306 AC_ARG_WITH(tor-user,
307         AS_HELP_STRING(--with-tor-user=NAME, [specify username for tor daemon]),
308         [
309            TORUSER=$withval
310         ]
312 AC_SUBST(TORUSER)
314 TORGROUP=_tor
315 AC_ARG_WITH(tor-group,
316         AS_HELP_STRING(--with-tor-group=NAME, [specify group name for tor daemon]),
317         [
318            TORGROUP=$withval
319         ]
321 AC_SUBST(TORGROUP)
324 dnl If _WIN32 is defined and non-zero, we are building for win32
325 AC_MSG_CHECKING([for win32])
326 AC_RUN_IFELSE([AC_LANG_SOURCE([
327 int main(int c, char **v) {
328 #ifdef _WIN32
329 #if _WIN32
330   return 0;
331 #else
332   return 1;
333 #endif
334 #else
335   return 2;
336 #endif
337 }])],
338 bwin32=true; AC_MSG_RESULT([yes]),
339 bwin32=false; AC_MSG_RESULT([no]),
340 bwin32=cross; AC_MSG_RESULT([cross])
343 if test "$bwin32" = "cross"; then
344 AC_MSG_CHECKING([for win32 (cross)])
345 AC_COMPILE_IFELSE([AC_LANG_SOURCE([
346 #ifdef _WIN32
347 int main(int c, char **v) {return 0;}
348 #else
349 #error
350 int main(int c, char **v) {return x(y);}
351 #endif
352 ])],
353 bwin32=true; AC_MSG_RESULT([yes]),
354 bwin32=false; AC_MSG_RESULT([no]))
357 AH_BOTTOM([
358 #ifdef _WIN32
359 /* Defined to access windows functions and definitions for >=WinXP */
360 # ifndef WINVER
361 #  define WINVER 0x0501
362 # endif
364 /* Defined to access _other_ windows functions and definitions for >=WinXP */
365 # ifndef _WIN32_WINNT
366 #  define _WIN32_WINNT 0x0501
367 # endif
369 /* Defined to avoid including some windows headers as part of Windows.h */
370 # ifndef WIN32_LEAN_AND_MEAN
371 #  define WIN32_LEAN_AND_MEAN 1
372 # endif
373 #endif
377 AM_CONDITIONAL(BUILD_NT_SERVICES, test "x$bwin32" = "xtrue")
379 dnl Enable C99 when compiling with MIPSpro
380 AC_MSG_CHECKING([for MIPSpro compiler])
381 AC_COMPILE_IFELSE([AC_LANG_PROGRAM(, [
382 #if (defined(__sgi) && defined(_COMPILER_VERSION))
383 #error
384   return x(y);
385 #endif
386 ])],
387 bmipspro=false; AC_MSG_RESULT(no),
388 bmipspro=true; AC_MSG_RESULT(yes))
390 if test "$bmipspro" = "true"; then
391   CFLAGS="$CFLAGS -c99"
394 AC_C_BIGENDIAN
396 if test "x$enable_rust" = "xyes"; then
397   AC_ARG_VAR([RUSTC], [path to the rustc binary])
398   AC_CHECK_PROG([RUSTC], [rustc], [rustc],[no])
399   if test "x$RUSTC" = "xno"; then
400     AC_MSG_ERROR([rustc unavailable but rust integration requested.])
401   fi
403   AC_ARG_VAR([CARGO], [path to the cargo binary])
404   AC_CHECK_PROG([CARGO], [cargo], [cargo],[no])
405   if test "x$CARGO" = "xno"; then
406     AC_MSG_ERROR([cargo unavailable but rust integration requested.])
407   fi
409   AC_DEFINE([HAVE_RUST], 1, [have Rust])
410   if test "x$enable_cargo_online_mode" = "xyes"; then
411     CARGO_ONLINE=
412     RUST_DL=#
413   else
414     CARGO_ONLINE=--frozen
415     RUST_DL=
417     dnl When we're not allowed to touch the network, we need crate dependencies
418     dnl locally available.
419     AC_MSG_CHECKING([rust crate dependencies])
420     AC_ARG_VAR([RUST_DEPENDENCIES], [path to directory with local crate mirror])
421     if test "x$RUST_DEPENDENCIES" = "x"; then
422       RUST_DEPENDENCIES="$srcdir/src/ext/rust/"
423       NEED_MOD=1
424     fi
425     if test ! -d "$RUST_DEPENDENCIES"; then
426       AC_MSG_ERROR([Rust dependency directory $RUST_DEPENDENCIES does not exist. Specify a dependency directory using the RUST_DEPENDENCIES variable or allow cargo to fetch crates using --enable-cargo-online-mode.])
427     fi
428     for dep in $rust_crates; do
429       if test ! -d "$RUST_DEPENDENCIES"/"$dep"; then
430         AC_MSG_ERROR([Failure to find rust dependency $RUST_DEPENDENCIES/$dep. Specify a dependency directory using the RUST_DEPENDENCIES variable or allow cargo to fetch crates using --enable-cargo-online-mode.])
431       fi
432     done
433     if test "x$NEED_MOD" = "x1"; then
434       dnl When looking for dependencies from cargo, pick right directory
435       RUST_DEPENDENCIES="../../src/ext/rust"
436     fi
437   fi
439   dnl For now both MSVC and MinGW rust libraries will output static libs with
440   dnl the MSVC naming convention.
441   if test "$bwin32" = "true"; then
442     TOR_RUST_UTIL_STATIC_NAME=tor_util.lib
443   else
444     TOR_RUST_UTIL_STATIC_NAME=libtor_util.a
445   fi
447   AC_SUBST(TOR_RUST_UTIL_STATIC_NAME)
448   AC_SUBST(CARGO_ONLINE)
449   AC_SUBST(RUST_DL)
451   dnl Let's check the rustc version, too
452   AC_MSG_CHECKING([rust version])
453   RUSTC_VERSION_MAJOR=`$RUSTC --version | cut -d ' ' -f 2 | cut -d '.' -f 1`
454   RUSTC_VERSION_MINOR=`$RUSTC --version | cut -d ' ' -f 2 | cut -d '.' -f 2`
455   if test "x$RUSTC_VERSION_MAJOR" = "x" -o "x$RUSTC_VERSION_MINOR" = "x"; then
456     AC_MSG_ERROR([rustc version couldn't be identified])
457   fi
458   if test "$RUSTC_VERSION_MAJOR" -lt 2 -a "$RUSTC_VERSION_MINOR" -lt 14; then
459     AC_MSG_ERROR([rustc must be at least version 1.14])
460   fi
463 AC_SEARCH_LIBS(socket, [socket network])
464 AC_SEARCH_LIBS(gethostbyname, [nsl])
465 AC_SEARCH_LIBS(dlopen, [dl])
466 AC_SEARCH_LIBS(inet_aton, [resolv])
467 AC_SEARCH_LIBS(backtrace, [execinfo])
468 saved_LIBS="$LIBS"
469 AC_SEARCH_LIBS([clock_gettime], [rt])
470 if test "$LIBS" != "$saved_LIBS"; then
471    # Looks like we need -lrt for clock_gettime().
472    have_rt=yes
475 AC_SEARCH_LIBS(pthread_create, [pthread])
476 AC_SEARCH_LIBS(pthread_detach, [pthread])
478 AM_CONDITIONAL(THREADS_WIN32, test "$bwin32" = "true")
479 AM_CONDITIONAL(THREADS_PTHREADS, test "$bwin32" = "false")
481 AC_CHECK_FUNCS(
482         _NSGetEnviron \
483         RtlSecureZeroMemory \
484         SecureZeroMemory \
485         accept4 \
486         backtrace \
487         backtrace_symbols_fd \
488         eventfd \
489         explicit_bzero \
490         timingsafe_memcmp \
491         flock \
492         ftime \
493         get_current_dir_name \
494         getaddrinfo \
495         getifaddrs \
496         getpass \
497         getrlimit \
498         gettimeofday \
499         gmtime_r \
500         htonll \
501         inet_aton \
502         ioctl \
503         issetugid \
504         llround \
505         localtime_r \
506         lround \
507         memmem \
508         memset_s \
509         pipe \
510         pipe2 \
511         prctl \
512         readpassphrase \
513         rint \
514         sigaction \
515         socketpair \
516         statvfs \
517         strlcat \
518         strlcpy \
519         strnlen \
520         strptime \
521         strtok_r \
522         strtoull \
523         sysconf \
524         sysctl \
525         truncate \
526         uname \
527         usleep \
528         vasprintf \
529         _vscprintf
532 # Apple messed up when they added two functions functions in Sierra: they
533 # forgot to decorate them with appropriate AVAILABLE_MAC_OS_VERSION
534 # checks. So we should only probe for those functions if we are sure that we
535 # are not targetting OSX 10.11 or earlier.
536 AC_MSG_CHECKING([for a pre-Sierra OSX build target])
537 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
538 #ifdef __APPLE__
539 #  include <AvailabilityMacros.h>
540 #  ifndef MAC_OS_X_VERSION_10_12
541 #    define MAC_OS_X_VERSION_10_12 101200
542 #  endif
543 #  if defined(MAC_OS_X_VERSION_MIN_REQUIRED)
544 #    if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_12
545 #      error "Running on Mac OSX 10.11 or earlier"
546 #    endif
547 #  endif
548 #endif
549 ]], [[]])],
550    [on_macos_pre_10_12=no ; AC_MSG_RESULT([no])],
551    [on_macos_pre_10_12=yes; AC_MSG_RESULT([yes])])
553 if test "$on_macos_pre_10_12" = "no"; then
554   AC_CHECK_FUNCS(
555         clock_gettime \
556         getentropy \
557   )
560 if test "$bwin32" != "true"; then
561   AC_CHECK_HEADERS(pthread.h)
562   AC_CHECK_FUNCS(pthread_create)
563   AC_CHECK_FUNCS(pthread_condattr_setclock)
566 if test "$bwin32" = "true"; then
567   AC_CHECK_DECLS([SecureZeroMemory, _getwch], , , [
568 #include <windows.h>
569 #include <conio.h>
570 #include <wchar.h>
571                  ])
574 AM_CONDITIONAL(BUILD_READPASSPHRASE_C,
575   test "x$ac_cv_func_readpassphrase" = "xno" && test "$bwin32" = "false")
577 dnl ------------------------------------------------------
578 dnl Where do you live, libevent?  And how do we call you?
580 if test "$bwin32" = "true"; then
581   TOR_LIB_WS32=-lws2_32
582   TOR_LIB_IPHLPAPI=-liphlpapi
583   # Some of the cargo-cults recommend -lwsock32 as well, but I don't
584   # think it's actually necessary.
585   TOR_LIB_GDI=-lgdi32
586   TOR_LIB_USERENV=-luserenv
587 else
588   TOR_LIB_WS32=
589   TOR_LIB_GDI=
590   TOR_LIB_USERENV=
592 AC_SUBST(TOR_LIB_WS32)
593 AC_SUBST(TOR_LIB_GDI)
594 AC_SUBST(TOR_LIB_IPHLPAPI)
595 AC_SUBST(TOR_LIB_USERENV)
597 tor_libevent_pkg_redhat="libevent"
598 tor_libevent_pkg_debian="libevent-dev"
599 tor_libevent_devpkg_redhat="libevent-devel"
600 tor_libevent_devpkg_debian="libevent-dev"
602 dnl On Gnu/Linux or any place we require it, we'll add librt to the Libevent
603 dnl linking for static builds.
604 STATIC_LIBEVENT_FLAGS=""
605 if test "$enable_static_libevent" = "yes"; then
606     if test "$have_rt" = "yes"; then
607       STATIC_LIBEVENT_FLAGS=" -lrt "
608     fi
611 TOR_SEARCH_LIBRARY(libevent, $trylibeventdir, [-levent $STATIC_LIBEVENT_FLAGS $TOR_LIB_WS32], [
612 #ifdef _WIN32
613 #include <winsock2.h>
614 #endif
615 #include <sys/time.h>
616 #include <sys/types.h>
617 #include <event2/event.h>], [
618 #ifdef _WIN32
619 #include <winsock2.h>
620 #endif
621 struct event_base;
622 struct event_base *event_base_new(void);],
623     [
624 #ifdef _WIN32
625 {WSADATA d; WSAStartup(0x101,&d); }
626 #endif
627 event_base_new();
628 ], [--with-libevent-dir], [/opt/libevent])
630 dnl Determine the incantation needed to link libevent.
631 save_LIBS="$LIBS"
632 save_LDFLAGS="$LDFLAGS"
633 save_CPPFLAGS="$CPPFLAGS"
635 LIBS="$STATIC_LIBEVENT_FLAGS $TOR_LIB_WS32 $save_LIBS"
636 LDFLAGS="$TOR_LDFLAGS_libevent $LDFLAGS"
637 CPPFLAGS="$TOR_CPPFLAGS_libevent $CPPFLAGS"
639 AC_CHECK_HEADERS(event2/event.h event2/dns.h event2/bufferevent_ssl.h)
641 if test "$enable_static_libevent" = "yes"; then
642    if test "$tor_cv_library_libevent_dir" = "(system)"; then
643      AC_MSG_ERROR("You must specify an explicit --with-libevent-dir=x option when using --enable-static-libevent")
644    else
645      TOR_LIBEVENT_LIBS="$TOR_LIBDIR_libevent/libevent.a $STATIC_LIBEVENT_FLAGS"
646    fi
647 else
648      if test "x$ac_cv_header_event2_event_h" = "xyes"; then
649        AC_SEARCH_LIBS(event_new, [event event_core], , AC_MSG_ERROR("libevent2 is installed but linking it failed while searching for event_new"))
650        AC_SEARCH_LIBS(evdns_base_new, [event event_extra], , AC_MSG_ERROR("libevent2 is installed but linking it failed while searching for evdns_base_new"))
652        if test "$ac_cv_search_event_new" != "none required"; then
653          TOR_LIBEVENT_LIBS="$ac_cv_search_event_new"
654        fi
655        if test "$ac_cv_search_evdns_base_new" != "none required"; then
656          TOR_LIBEVENT_LIBS="$ac_cv_search_evdns_base_new $TOR_LIBEVENT_LIBS"
657        fi
658      else
659        AC_MSG_ERROR("libevent2 is required but the headers could not be found")
660      fi
663 dnl Now check for particular libevent functions.
664 AC_CHECK_FUNCS([evutil_secure_rng_set_urandom_device_file \
665                 evutil_secure_rng_add_bytes \
668 LIBS="$save_LIBS"
669 LDFLAGS="$save_LDFLAGS"
670 CPPFLAGS="$save_CPPFLAGS"
672 dnl Check that libevent is at least at version 2.0.10, the first stable
673 dnl release of its series
674 CPPFLAGS="$CPPFLAGS $TOR_CPPFLAGS_libevent"
675 AC_MSG_CHECKING([whether Libevent is new enough])
676 AC_COMPILE_IFELSE([AC_LANG_SOURCE([
677 #include <event2/event.h>
678 #if !defined(LIBEVENT_VERSION_NUMBER) || LIBEVENT_VERSION_NUMBER < 0x02000a00
679 #error
680 int x = y(zz);
681 #else
682 int x = 1;
683 #endif
684 ])], [ AC_MSG_RESULT([yes]) ],
685    [ AC_MSG_RESULT([no])
686      AC_MSG_ERROR([Libevent is not new enough.  We require 2.0.10-stable or later]) ] )
688 LIBS="$save_LIBS"
689 LDFLAGS="$save_LDFLAGS"
690 CPPFLAGS="$save_CPPFLAGS"
692 AC_SUBST(TOR_LIBEVENT_LIBS)
694 dnl ------------------------------------------------------
695 dnl Where do you live, libm?
697 dnl On some platforms (Haiku/BeOS) the math library is
698 dnl part of libroot. In which case don't link against lm
699 TOR_LIB_MATH=""
700 save_LIBS="$LIBS"
701 AC_SEARCH_LIBS(pow, [m], , AC_MSG_ERROR([Could not find pow in libm or libc.]))
702 if test "$ac_cv_search_pow" != "none required"; then
703     TOR_LIB_MATH="$ac_cv_search_pow"
705 LIBS="$save_LIBS"
706 AC_SUBST(TOR_LIB_MATH)
708 dnl ------------------------------------------------------
709 dnl Where do you live, openssl?  And how do we call you?
711 tor_openssl_pkg_redhat="openssl"
712 tor_openssl_pkg_debian="libssl-dev"
713 tor_openssl_devpkg_redhat="openssl-devel"
714 tor_openssl_devpkg_debian="libssl-dev"
716 ALT_openssl_WITHVAL=""
717 AC_ARG_WITH(ssl-dir,
718   AS_HELP_STRING(--with-ssl-dir=PATH, [obsolete alias for --with-openssl-dir]),
719   [
720       if test "x$withval" != "xno" && test "x$withval" != "x"; then
721          ALT_openssl_WITHVAL="$withval"
722       fi
723   ])
725 AC_MSG_NOTICE([Now, we'll look for OpenSSL >= 1.0.1])
726 TOR_SEARCH_LIBRARY(openssl, $tryssldir, [-lssl -lcrypto $TOR_LIB_GDI],
727     [#include <openssl/ssl.h>],
728     [struct ssl_method_st; const struct ssl_method_st *TLSv1_1_method(void);],
729     [TLSv1_1_method();], [],
730     [/usr/local/opt/openssl /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/athena /opt/openssl])
732 dnl XXXX check for OPENSSL_VERSION_NUMBER == SSLeay()
734 if test "$enable_static_openssl" = "yes"; then
735    if test "$tor_cv_library_openssl_dir" = "(system)"; then
736      AC_MSG_ERROR("You must specify an explicit --with-openssl-dir=x option when using --enable-static-openssl")
737    else
738      TOR_OPENSSL_LIBS="$TOR_LIBDIR_openssl/libssl.a $TOR_LIBDIR_openssl/libcrypto.a"
739    fi
740 else
741      TOR_OPENSSL_LIBS="-lssl -lcrypto"
743 AC_SUBST(TOR_OPENSSL_LIBS)
745 dnl Now check for particular openssl functions.
746 save_LIBS="$LIBS"
747 save_LDFLAGS="$LDFLAGS"
748 save_CPPFLAGS="$CPPFLAGS"
749 LIBS="$TOR_OPENSSL_LIBS $LIBS"
750 LDFLAGS="$TOR_LDFLAGS_openssl $LDFLAGS"
751 CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS"
753 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
754 #include <openssl/opensslv.h>
755 #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL
756 #error "too old"
757 #endif
758    ]], [[]])],
759    [ : ],
760    [ AC_MSG_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ])
762 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
763 #include <openssl/opensslv.h>
764 #include <openssl/evp.h>
765 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_ECDSA)
766 #error "no ECC"
767 #endif
768 #if !defined(NID_X9_62_prime256v1) || !defined(NID_secp224r1)
769 #error "curves unavailable"
770 #endif
771    ]], [[]])],
772    [ : ],
773    [ AC_MSG_ERROR([OpenSSL is built without full ECC support, including curves P256 and P224. You can specify a path to one with ECC support with --with-openssl-dir.]) ])
775 AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , ,
776 [#include <openssl/ssl.h>
779 AC_CHECK_FUNCS([ \
780                 SSL_SESSION_get_master_key \
781                 SSL_get_server_random \
782                 SSL_get_client_ciphers \
783                 SSL_get_client_random \
784                 SSL_CIPHER_find \
785                 TLS_method
786                ])
788 dnl Check if OpenSSL has scrypt implementation.
789 AC_CHECK_FUNCS([ EVP_PBE_scrypt ])
791 dnl Check if OpenSSL structures are opaque
792 AC_CHECK_MEMBERS([SSL.state], , ,
793 [#include <openssl/ssl.h>
796 dnl Define the set of checks for KIST scheduler support.
797 AC_DEFUN([CHECK_KIST_SUPPORT],[
798   dnl KIST needs struct tcp_info and for certain members to exist.
799   AC_CHECK_MEMBERS(
800     [struct tcp_info.tcpi_unacked, struct tcp_info.tcpi_snd_mss],
801     , ,[[#include <netinet/tcp.h>]])
802   dnl KIST needs SIOCOUTQNSD to exist for an ioctl call.
803   AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [
804                      #include <linux/sockios.h>
805                      #ifndef SIOCOUTQNSD
806                      #error
807                      #endif
808                      ])], have_siocoutqnsd=yes, have_siocoutqnsd=no)
809   if test "x$have_siocoutqnsd" = "xyes"; then
810     if test "x$ac_cv_member_struct_tcp_info_tcpi_unacked" = "xyes"; then
811       if test "x$ac_cv_member_struct_tcp_info_tcpi_snd_mss" = "xyes"; then
812         have_kist_support=yes
813       fi
814     fi
815   fi
817 dnl Now, trigger the check.
818 CHECK_KIST_SUPPORT
819 AS_IF([test "x$have_kist_support" = "xyes"],
820       [AC_DEFINE(HAVE_KIST_SUPPORT, 1, [Defined if KIST scheduler is supported
821                                         on this system])],
822       [AC_MSG_NOTICE([KIST scheduler can't be used. Missing support.])])
824 LIBS="$save_LIBS"
825 LDFLAGS="$save_LDFLAGS"
826 CPPFLAGS="$save_CPPFLAGS"
828 dnl ------------------------------------------------------
829 dnl Where do you live, zlib?  And how do we call you?
831 tor_zlib_pkg_redhat="zlib"
832 tor_zlib_pkg_debian="zlib1g"
833 tor_zlib_devpkg_redhat="zlib-devel"
834 tor_zlib_devpkg_debian="zlib1g-dev"
836 TOR_SEARCH_LIBRARY(zlib, $tryzlibdir, [-lz],
837     [#include <zlib.h>],
838     [const char * zlibVersion(void);],
839     [zlibVersion();], [--with-zlib-dir],
840     [/opt/zlib])
842 if test "$enable_static_zlib" = "yes"; then
843    if test "$tor_cv_library_zlib_dir" = "(system)"; then
844      AC_MSG_ERROR("You must specify an explicit --with-zlib-dir=x option when
845  using --enable-static-zlib")
846    else
847      TOR_ZLIB_LIBS="$TOR_LIBDIR_zlib/libz.a"
848    fi
849 else
850      TOR_ZLIB_LIBS="-lz"
852 AC_SUBST(TOR_ZLIB_LIBS)
854 dnl ------------------------------------------------------
855 dnl Where we do we find lzma?
857 AC_ARG_ENABLE(lzma,
858       AS_HELP_STRING(--enable-lzma, [enable support for the LZMA compression scheme.]),
859       [case "${enableval}" in
860         "yes") lzma=true ;;
861         "no")  lzma=false ;;
862         * ) AC_MSG_ERROR(bad value for --enable-lzma) ;;
863       esac], [lzma=auto])
865 if test "x$enable_lzma" = "xno"; then
866     have_lzma=no;
867 else
868     PKG_CHECK_MODULES([LZMA],
869                       [liblzma],
870                       have_lzma=yes,
871                       have_lzma=no)
873     if test "x$have_lzma" = "xno" ; then
874         AC_MSG_WARN([Unable to find liblzma.])
875     fi
878 if test "x$have_lzma" = "xyes"; then
879     AC_DEFINE(HAVE_LZMA,1,[Have LZMA])
880     TOR_LZMA_CFLAGS="${LZMA_CFLAGS}"
881     TOR_LZMA_LIBS="${LZMA_LIBS}"
883 AC_SUBST(TOR_LZMA_CFLAGS)
884 AC_SUBST(TOR_LZMA_LIBS)
886 dnl ------------------------------------------------------
887 dnl Where we do we find zstd?
889 AC_ARG_ENABLE(zstd,
890       AS_HELP_STRING(--enable-zstd, [enable support for the Zstandard compression scheme.]),
891       [case "${enableval}" in
892         "yes") zstd=true ;;
893         "no")  zstd=false ;;
894         * ) AC_MSG_ERROR(bad value for --enable-zstd) ;;
895       esac], [zstd=auto])
897 if test "x$enable_zstd" = "xno"; then
898     have_zstd=no;
899 else
900     PKG_CHECK_MODULES([ZSTD],
901                       [libzstd >= 1.1],
902                       have_zstd=yes,
903                       have_zstd=no)
905     if test "x$have_zstd" = "xno" ; then
906         AC_MSG_WARN([Unable to find libzstd.])
907     fi
910 if test "x$have_zstd" = "xyes"; then
911     AC_DEFINE(HAVE_ZSTD,1,[Have Zstd])
912     TOR_ZSTD_CFLAGS="${ZSTD_CFLAGS}"
913     TOR_ZSTD_LIBS="${ZSTD_LIBS}"
915 AC_SUBST(TOR_ZSTD_CFLAGS)
916 AC_SUBST(TOR_ZSTD_LIBS)
918 dnl ----------------------------------------------------------------------
919 dnl Check if libcap is available for capabilities.
921 tor_cap_pkg_debian="libcap2"
922 tor_cap_pkg_redhat="libcap"
923 tor_cap_devpkg_debian="libcap-dev"
924 tor_cap_devpkg_redhat="libcap-devel"
926 AC_CHECK_LIB([cap], [cap_init], [],
927   AC_MSG_NOTICE([Libcap was not found. Capabilities will not be usable.])
929 AC_CHECK_FUNCS(cap_set_proc)
931 dnl ---------------------------------------------------------------------
932 dnl Now that we know about our major libraries, we can check for compiler
933 dnl and linker hardening options.  We need to do this with the libraries known,
934 dnl since sometimes the linker will like an option but not be willing to
935 dnl use it with a build of a library.
937 all_ldflags_for_check="$TOR_LDFLAGS_zlib $TOR_LDFLAGS_openssl $TOR_LDFLAGS_libevent"
938 all_libs_for_check="$TOR_ZLIB_LIBS $TOR_LIB_MATH $TOR_LIBEVENT_LIBS $TOR_OPENSSL_LIBS $TOR_SYSTEMD_LIBS $TOR_LIB_WS32 $TOR_LIB_GDI $TOR_LIB_USERENV $TOR_CAP_LIBS"
940 CFLAGS_FTRAPV=
941 CFLAGS_FWRAPV=
942 CFLAGS_ASAN=
943 CFLAGS_UBSAN=
946 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [
947 #if !defined(__clang__)
948 #error
949 #endif])], have_clang=yes, have_clang=no)
951 if test "x$enable_gcc_hardening" != "xno"; then
952     CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2"
953     if test "x$have_clang" = "xyes"; then
954         TOR_CHECK_CFLAGS(-Qunused-arguments)
955     fi
956     TOR_CHECK_CFLAGS(-fstack-protector-all, also_link)
957     AS_VAR_PUSHDEF([can_compile], [tor_cv_cflags_-fstack-protector-all])
958     AS_VAR_PUSHDEF([can_link], [tor_can_link_-fstack-protector-all])
959 m4_ifdef([AS_VAR_IF],[
960     AS_VAR_IF(can_compile, [yes],
961         AS_VAR_IF(can_link, [yes],
962                   [],
963                   AC_MSG_ERROR([We tried to build with stack protection; it looks like your compiler supports it but your libc does not provide it. Are you missing libssp? (You can --disable-gcc-hardening to ignore this error.)]))
964         )])
965     AS_VAR_POPDEF([can_link])
966     AS_VAR_POPDEF([can_compile])
967     TOR_CHECK_CFLAGS(-Wstack-protector)
968     TOR_CHECK_CFLAGS(--param ssp-buffer-size=1)
969     if test "$bwin32" = "false" && test "$enable_libfuzzer" != "yes" && test "$enable_oss_fuzz" != "yes"; then
970        TOR_CHECK_CFLAGS(-fPIE)
971        TOR_CHECK_LDFLAGS(-pie, "$all_ldflags_for_check", "$all_libs_for_check")
972     fi
973     TOR_TRY_COMPILE_WITH_CFLAGS(-fwrapv, also_link, CFLAGS_FWRAPV="-fwrapv", true)
976 if test "$fragile_hardening" = "yes"; then
977     TOR_TRY_COMPILE_WITH_CFLAGS(-ftrapv, also_link, CFLAGS_FTRAPV="-ftrapv", true)
978    if test "$tor_cv_cflags__ftrapv" = "yes" && test "$tor_can_link__ftrapv" != "yes"; then
979       AC_MSG_WARN([The compiler supports -ftrapv, but for some reason I was not able to link with -ftrapv. Are you missing run-time support? Run-time hardening will not work as well as it should.])
980    fi
982    if test "$tor_cv_cflags__ftrapv" != "yes"; then
983      AC_MSG_ERROR([You requested fragile hardening, but the compiler does not seem to support -ftrapv.])
984    fi
986    TOR_TRY_COMPILE_WITH_CFLAGS([-fsanitize=address], also_link, CFLAGS_ASAN="-fsanitize=address", true)
987     if test "$tor_cv_cflags__fsanitize_address" = "yes" && test "$tor_can_link__fsanitize_address" != "yes"; then
988       AC_MSG_ERROR([The compiler supports -fsanitize=address, but for some reason I was not able to link when using it. Are you missing run-time support? With GCC you need libubsan.so, and with Clang you need libclang_rt.ubsan*])
989     fi
991    TOR_TRY_COMPILE_WITH_CFLAGS([-fsanitize=undefined], also_link, CFLAGS_UBSAN="-fsanitize=undefined", true)
992     if test "$tor_cv_cflags__fsanitize_address" = "yes" && test "$tor_can_link__fsanitize_address" != "yes"; then
993       AC_MSG_ERROR([The compiler supports -fsanitize=undefined, but for some reason I was not able to link when using it. Are you missing run-time support? With GCC you need libasan.so, and with Clang you need libclang_rt.ubsan*])
994     fi
996 TOR_CHECK_CFLAGS([-fno-omit-frame-pointer])
999 CFLAGS_BUGTRAP="$CFLAGS_FTRAPV $CFLAGS_ASAN $CFLAGS_UBSAN"
1000 CFLAGS_CONSTTIME="$CFLAGS_FWRAPV"
1002 mulodi_fixes_ftrapv=no
1003 if test "$have_clang" = "yes"; then
1004   saved_CFLAGS="$CFLAGS"
1005   CFLAGS="$CFLAGS $CFLAGS_FTRAPV"
1006   AC_MSG_CHECKING([whether clang -ftrapv can link a 64-bit int multiply])
1007   AC_LINK_IFELSE([
1008       AC_LANG_SOURCE([[
1009           #include <stdint.h>
1010           #include <stdlib.h>
1011           int main(int argc, char **argv)
1012           {
1013             int64_t x = ((int64_t)atoi(argv[1])) * (int64_t)atoi(argv[2])
1014                         * (int64_t)atoi(argv[3]);
1015             return x == 9;
1016           } ]])],
1017           [ftrapv_can_link=yes; AC_MSG_RESULT([yes])],
1018           [ftrapv_can_link=no; AC_MSG_RESULT([no])])
1019   if test "$ftrapv_can_link" = "no"; then
1020     AC_MSG_CHECKING([whether defining __mulodi4 fixes that])
1021     AC_LINK_IFELSE([
1022       AC_LANG_SOURCE([[
1023           #include <stdint.h>
1024           #include <stdlib.h>
1025           int64_t __mulodi4(int64_t a, int64_t b, int *overflow) {
1026              *overflow=0;
1027              return a;
1028           }
1029           int main(int argc, char **argv)
1030           {
1031             int64_t x = ((int64_t)atoi(argv[1])) * (int64_t)atoi(argv[2])
1032                         * (int64_t)atoi(argv[3]);
1033             return x == 9;
1034           } ]])],
1035           [mulodi_fixes_ftrapv=yes; AC_MSG_RESULT([yes])],
1036           [mulodi_fixes_ftrapv=no; AC_MSG_RESULT([no])])
1037   fi
1038   CFLAGS="$saved_CFLAGS"
1041 AM_CONDITIONAL(ADD_MULODI4, test "$mulodi_fixes_ftrapv" = "yes")
1043 dnl These cflags add bunches of branches, and we haven't been able to
1044 dnl persuade ourselves that they're suitable for code that needs to be
1045 dnl constant time.
1046 AC_SUBST(CFLAGS_BUGTRAP)
1047 dnl These cflags are variant ones sutable for code that needs to be
1048 dnl constant-time.
1049 AC_SUBST(CFLAGS_CONSTTIME)
1051 if test "x$enable_linker_hardening" != "xno"; then
1052     TOR_CHECK_LDFLAGS(-z relro -z now, "$all_ldflags_for_check", "$all_libs_for_check")
1055 # For backtrace support
1056 TOR_CHECK_LDFLAGS(-rdynamic)
1058 dnl ------------------------------------------------------
1059 dnl Now see if we have a -fomit-frame-pointer compiler option.
1061 saved_CFLAGS="$CFLAGS"
1062 TOR_CHECK_CFLAGS(-fomit-frame-pointer)
1063 F_OMIT_FRAME_POINTER=''
1064 if test "$saved_CFLAGS" != "$CFLAGS"; then
1065   if test "$fragile_hardening" = "yes"; then
1066     F_OMIT_FRAME_POINTER='-fomit-frame-pointer'
1067   fi
1069 CFLAGS="$saved_CFLAGS"
1070 AC_SUBST(F_OMIT_FRAME_POINTER)
1072 dnl ------------------------------------------------------
1073 dnl If we are adding -fomit-frame-pointer (or if the compiler's doing it
1074 dnl for us, as GCC 4.6 and later do at many optimization levels), then
1075 dnl we should try to add -fasynchronous-unwind-tables so that our backtrace
1076 dnl code will work.
1077 TOR_CHECK_CFLAGS(-fasynchronous-unwind-tables)
1079 dnl ============================================================
1080 dnl Check for libseccomp
1082 if test "x$enable_seccomp" != "xno"; then
1083   AC_CHECK_HEADERS([seccomp.h])
1084   AC_SEARCH_LIBS(seccomp_init, [seccomp])
1087 dnl ============================================================
1088 dnl Check for libscrypt
1090 if test "x$enable_libscrypt" != "xno"; then
1091   AC_CHECK_HEADERS([libscrypt.h])
1092   AC_SEARCH_LIBS(libscrypt_scrypt, [scrypt])
1093   AC_CHECK_FUNCS([libscrypt_scrypt])
1096 dnl ============================================================
1097 dnl We need an implementation of curve25519.
1099 dnl set these defaults.
1100 build_curve25519_donna=no
1101 build_curve25519_donna_c64=no
1102 use_curve25519_donna=no
1103 use_curve25519_nacl=no
1104 CURVE25519_LIBS=
1106 dnl The best choice is using curve25519-donna-c64, but that requires
1107 dnl that we
1108 AC_CACHE_CHECK([whether we can use curve25519-donna-c64],
1109   tor_cv_can_use_curve25519_donna_c64,
1110   [AC_RUN_IFELSE(
1111     [AC_LANG_PROGRAM([dnl
1112       #include <stdint.h>
1113       typedef unsigned uint128_t __attribute__((mode(TI)));
1114   int func(uint64_t a, uint64_t b) {
1115            uint128_t c = ((uint128_t)a) * b;
1116            int ok = ((uint64_t)(c>>96)) == 522859 &&
1117              (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
1118                  (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
1119                  (((uint64_t)(c))&0xffffffffL) == 0;
1120            return ok;
1121       }
1122   ], [dnl
1123     int ok = func( ((uint64_t)2000000000) * 1000000000,
1124                    ((uint64_t)1234567890) << 24);
1125         return !ok;
1126       ])],
1127   [tor_cv_can_use_curve25519_donna_c64=yes],
1128       [tor_cv_can_use_curve25519_donna_c64=no],
1129   [AC_LINK_IFELSE(
1130         [AC_LANG_PROGRAM([dnl
1131       #include <stdint.h>
1132       typedef unsigned uint128_t __attribute__((mode(TI)));
1133   int func(uint64_t a, uint64_t b) {
1134            uint128_t c = ((uint128_t)a) * b;
1135            int ok = ((uint64_t)(c>>96)) == 522859 &&
1136              (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
1137                  (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
1138                  (((uint64_t)(c))&0xffffffffL) == 0;
1139            return ok;
1140       }
1141   ], [dnl
1142     int ok = func( ((uint64_t)2000000000) * 1000000000,
1143                  ((uint64_t)1234567890) << 24);
1144         return !ok;
1145       ])],
1146           [tor_cv_can_use_curve25519_donna_c64=cross],
1147       [tor_cv_can_use_curve25519_donna_c64=no])])])
1149 AC_CHECK_HEADERS([crypto_scalarmult_curve25519.h \
1150                   nacl/crypto_scalarmult_curve25519.h])
1152 AC_CACHE_CHECK([for nacl compiled with a fast curve25519 implementation],
1153   tor_cv_can_use_curve25519_nacl,
1154   [tor_saved_LIBS="$LIBS"
1155    LIBS="$LIBS -lnacl"
1156    AC_LINK_IFELSE(
1157      [AC_LANG_PROGRAM([dnl
1158        #ifdef HAVE_CRYPTO_SCALARMULT_CURVE25519_H
1159        #include <crypto_scalarmult_curve25519.h>
1160    #elif defined(HAVE_NACL_CRYPTO_SCALARMULT_CURVE25519_H)
1161    #include <nacl/crypto_scalarmult_curve25519.h>
1162    #endif
1163        #ifdef crypto_scalarmult_curve25519_ref_BYTES
1164    #error Hey, this is the reference implementation! That's not fast.
1165    #endif
1166      ], [
1167    unsigned char *a, *b, *c; crypto_scalarmult_curve25519(a,b,c);
1168      ])], [tor_cv_can_use_curve25519_nacl=yes],
1169      [tor_cv_can_use_curve25519_nacl=no])
1170    LIBS="$tor_saved_LIBS" ])
1172  dnl Okay, now we need to figure out which one to actually use. Fall back
1173  dnl to curve25519-donna.c
1175  if test "x$tor_cv_can_use_curve25519_donna_c64" != "xno"; then
1176    build_curve25519_donna_c64=yes
1177    use_curve25519_donna=yes
1178  elif test "x$tor_cv_can_use_curve25519_nacl" = "xyes"; then
1179    use_curve25519_nacl=yes
1180    CURVE25519_LIBS=-lnacl
1181  else
1182    build_curve25519_donna=yes
1183    use_curve25519_donna=yes
1184  fi
1186 if test "x$use_curve25519_donna" = "xyes"; then
1187   AC_DEFINE(USE_CURVE25519_DONNA, 1,
1188             [Defined if we should use an internal curve25519_donna{,_c64} implementation])
1190 if test "x$use_curve25519_nacl" = "xyes"; then
1191   AC_DEFINE(USE_CURVE25519_NACL, 1,
1192             [Defined if we should use a curve25519 from nacl])
1194 AM_CONDITIONAL(BUILD_CURVE25519_DONNA,
1195   test "x$build_curve25519_donna" = "xyes")
1196 AM_CONDITIONAL(BUILD_CURVE25519_DONNA_C64,
1197   test "x$build_curve25519_donna_c64" = "xyes")
1198 AC_SUBST(CURVE25519_LIBS)
1200 dnl Make sure to enable support for large off_t if available.
1201 AC_SYS_LARGEFILE
1203 AC_CHECK_HEADERS([assert.h \
1204                   errno.h \
1205                   fcntl.h \
1206                   signal.h \
1207                   string.h \
1208                   sys/capability.h \
1209                   sys/fcntl.h \
1210                   sys/stat.h \
1211                   sys/time.h \
1212                   sys/types.h \
1213                   time.h \
1214                   unistd.h \
1215                   arpa/inet.h \
1216                   crt_externs.h \
1217                   execinfo.h \
1218                   grp.h \
1219                   ifaddrs.h \
1220                   inttypes.h \
1221                   limits.h \
1222                   linux/types.h \
1223                   machine/limits.h \
1224                   malloc.h \
1225                   malloc/malloc.h \
1226                   malloc_np.h \
1227                   netdb.h \
1228                   netinet/in.h \
1229                   netinet/in6.h \
1230                   pwd.h \
1231                   readpassphrase.h \
1232                   stdint.h \
1233                   sys/eventfd.h \
1234                   sys/file.h \
1235                   sys/ioctl.h \
1236                   sys/limits.h \
1237                   sys/mman.h \
1238                   sys/param.h \
1239                   sys/prctl.h \
1240                   sys/random.h \
1241                   sys/resource.h \
1242                   sys/select.h \
1243                   sys/socket.h \
1244                   sys/statvfs.h \
1245                   sys/syscall.h \
1246                   sys/sysctl.h \
1247                   sys/syslimits.h \
1248                   sys/time.h \
1249                   sys/types.h \
1250                   sys/un.h \
1251                   sys/utime.h \
1252                   sys/wait.h \
1253                   syslog.h \
1254                   utime.h])
1256 AC_CHECK_HEADERS(sys/param.h)
1258 AC_CHECK_HEADERS(net/if.h, net_if_found=1, net_if_found=0,
1259 [#ifdef HAVE_SYS_TYPES_H
1260 #include <sys/types.h>
1261 #endif
1262 #ifdef HAVE_SYS_SOCKET_H
1263 #include <sys/socket.h>
1264 #endif])
1265 AC_CHECK_HEADERS(net/pfvar.h, net_pfvar_found=1, net_pfvar_found=0,
1266 [#ifdef HAVE_SYS_TYPES_H
1267 #include <sys/types.h>
1268 #endif
1269 #ifdef HAVE_SYS_SOCKET_H
1270 #include <sys/socket.h>
1271 #endif
1272 #ifdef HAVE_NET_IF_H
1273 #include <net/if.h>
1274 #endif
1275 #ifdef HAVE_NETINET_IN_H
1276 #include <netinet/in.h>
1277 #endif])
1279 AC_CHECK_HEADERS(linux/if.h,[],[],
1281 #ifdef HAVE_SYS_SOCKET_H
1282 #include <sys/socket.h>
1283 #endif
1286 AC_CHECK_HEADERS(linux/netfilter_ipv4.h,
1287         linux_netfilter_ipv4=1, linux_netfilter_ipv4=0,
1288 [#ifdef HAVE_SYS_TYPES_H
1289 #include <sys/types.h>
1290 #endif
1291 #ifdef HAVE_SYS_SOCKET_H
1292 #include <sys/socket.h>
1293 #endif
1294 #ifdef HAVE_LIMITS_H
1295 #include <limits.h>
1296 #endif
1297 #ifdef HAVE_LINUX_TYPES_H
1298 #include <linux/types.h>
1299 #endif
1300 #ifdef HAVE_NETINET_IN6_H
1301 #include <netinet/in6.h>
1302 #endif
1303 #ifdef HAVE_NETINET_IN_H
1304 #include <netinet/in.h>
1305 #endif])
1307 AC_CHECK_HEADERS(linux/netfilter_ipv6/ip6_tables.h,
1308         linux_netfilter_ipv6_ip6_tables=1, linux_netfilter_ipv6_ip6_tables=0,
1309 [#ifdef HAVE_SYS_TYPES_H
1310 #include <sys/types.h>
1311 #endif
1312 #ifdef HAVE_SYS_SOCKET_H
1313 #include <sys/socket.h>
1314 #endif
1315 #ifdef HAVE_LIMITS_H
1316 #include <limits.h>
1317 #endif
1318 #ifdef HAVE_LINUX_TYPES_H
1319 #include <linux/types.h>
1320 #endif
1321 #ifdef HAVE_NETINET_IN6_H
1322 #include <netinet/in6.h>
1323 #endif
1324 #ifdef HAVE_NETINET_IN_H
1325 #include <netinet/in.h>
1326 #endif
1327 #ifdef HAVE_LINUX_IF_H
1328 #include <linux/if.h>
1329 #endif])
1331 transparent_ok=0
1332 if test "x$net_if_found" = "x1" && test "x$net_pfvar_found" = "x1"; then
1333   transparent_ok=1
1335 if test "x$linux_netfilter_ipv4" = "x1"; then
1336   transparent_ok=1
1338 if test "x$linux_netfilter_ipv6_ip6_tables" = "x1"; then
1339   transparent_ok=1
1341 if test "x$transparent_ok" = "x1"; then
1342   AC_DEFINE(USE_TRANSPARENT, 1, "Define to enable transparent proxy support")
1343 else
1344   AC_MSG_NOTICE([Transparent proxy support enabled, but missing headers.])
1347 AC_CHECK_MEMBERS([struct timeval.tv_sec], , ,
1348 [#ifdef HAVE_SYS_TYPES_H
1349 #include <sys/types.h>
1350 #endif
1351 #ifdef HAVE_SYS_TIME_H
1352 #include <sys/time.h>
1353 #endif])
1355 dnl In case we aren't given a working stdint.h, we'll need to grow our own.
1356 dnl Watch out.
1358 AC_CHECK_SIZEOF(int8_t)
1359 AC_CHECK_SIZEOF(int16_t)
1360 AC_CHECK_SIZEOF(int32_t)
1361 AC_CHECK_SIZEOF(int64_t)
1362 AC_CHECK_SIZEOF(uint8_t)
1363 AC_CHECK_SIZEOF(uint16_t)
1364 AC_CHECK_SIZEOF(uint32_t)
1365 AC_CHECK_SIZEOF(uint64_t)
1366 AC_CHECK_SIZEOF(intptr_t)
1367 AC_CHECK_SIZEOF(uintptr_t)
1369 dnl AC_CHECK_TYPES([int8_t, int16_t, int32_t, int64_t, uint8_t, uint16_t, uint32_t, uint64_t, intptr_t, uintptr_t])
1371 AC_CHECK_SIZEOF(char)
1372 AC_CHECK_SIZEOF(short)
1373 AC_CHECK_SIZEOF(int)
1374 AC_CHECK_SIZEOF(long)
1375 AC_CHECK_SIZEOF(long long)
1376 AC_CHECK_SIZEOF(__int64)
1377 AC_CHECK_SIZEOF(void *)
1378 AC_CHECK_SIZEOF(time_t)
1379 AC_CHECK_SIZEOF(size_t)
1380 AC_CHECK_SIZEOF(pid_t)
1382 AC_CHECK_TYPES([uint, u_char, ssize_t])
1384 AC_PC_FROM_UCONTEXT([:])
1386 dnl used to include sockaddr_storage, but everybody has that.
1387 AC_CHECK_TYPES([struct in6_addr, struct sockaddr_in6, sa_family_t], , ,
1388 [#ifdef HAVE_SYS_TYPES_H
1389 #include <sys/types.h>
1390 #endif
1391 #ifdef HAVE_NETINET_IN_H
1392 #include <netinet/in.h>
1393 #endif
1394 #ifdef HAVE_NETINET_IN6_H
1395 #include <netinet/in6.h>
1396 #endif
1397 #ifdef HAVE_SYS_SOCKET_H
1398 #include <sys/socket.h>
1399 #endif
1400 #ifdef _WIN32
1401 #define _WIN32_WINNT 0x0501
1402 #define WIN32_LEAN_AND_MEAN
1403 #include <winsock2.h>
1404 #include <ws2tcpip.h>
1405 #endif
1407 AC_CHECK_MEMBERS([struct in6_addr.s6_addr32, struct in6_addr.s6_addr16, struct sockaddr_in.sin_len, struct sockaddr_in6.sin6_len], , ,
1408 [#ifdef HAVE_SYS_TYPES_H
1409 #include <sys/types.h>
1410 #endif
1411 #ifdef HAVE_NETINET_IN_H
1412 #include <netinet/in.h>
1413 #endif
1414 #ifdef HAVE_NETINET_IN6_H
1415 #include <netinet/in6.h>
1416 #endif
1417 #ifdef HAVE_SYS_SOCKET_H
1418 #include <sys/socket.h>
1419 #endif
1420 #ifdef _WIN32
1421 #define _WIN32_WINNT 0x0501
1422 #define WIN32_LEAN_AND_MEAN
1423 #include <winsock2.h>
1424 #include <ws2tcpip.h>
1425 #endif
1428 AC_CHECK_TYPES([rlim_t], , ,
1429 [#ifdef HAVE_SYS_TYPES_H
1430 #include <sys/types.h>
1431 #endif
1432 #ifdef HAVE_SYS_TIME_H
1433 #include <sys/time.h>
1434 #endif
1435 #ifdef HAVE_SYS_RESOURCE_H
1436 #include <sys/resource.h>
1437 #endif
1440 AX_CHECK_SIGN([time_t],
1441        [ : ],
1442        [ : ], [
1443 #ifdef HAVE_SYS_TYPES_H
1444 #include <sys/types.h>
1445 #endif
1446 #ifdef HAVE_SYS_TIME_H
1447 #include <sys/time.h>
1448 #endif
1449 #ifdef HAVE_TIME_H
1450 #include <time.h>
1451 #endif
1454 if test "$ax_cv_decl_time_t_signed" = "no"; then
1455   AC_MSG_ERROR([You have an unsigned time_t; Tor does not support that. Please tell the Tor developers about your interesting platform.])
1458 AX_CHECK_SIGN([size_t],
1459        [ tor_cv_size_t_signed=yes ],
1460        [ tor_cv_size_t_signed=no ], [
1461 #ifdef HAVE_SYS_TYPES_H
1462 #include <sys/types.h>
1463 #endif
1466 if test "$ax_cv_decl_size_t_signed" = "yes"; then
1467   AC_MSG_ERROR([You have a signed size_t; that's grossly nonconformant.])
1470 AX_CHECK_SIGN([enum always],
1471        [ AC_DEFINE(ENUM_VALS_ARE_SIGNED, 1, [Define if enum is always signed]) ],
1472        [ : ], [
1473  enum always { AAA, BBB, CCC };
1476 AC_CHECK_SIZEOF(socklen_t, , [AC_INCLUDES_DEFAULT()
1477 #ifdef HAVE_SYS_SOCKET_H
1478 #include <sys/socket.h>
1479 #endif
1482 # We want to make sure that we _don't_ have a cell_t defined, like IRIX does.
1484 AC_CHECK_SIZEOF(cell_t)
1486 # Now make sure that NULL can be represented as zero bytes.
1487 AC_CACHE_CHECK([whether memset(0) sets pointers to NULL], tor_cv_null_is_zero,
1488 [AC_RUN_IFELSE([AC_LANG_SOURCE(
1489 [[#include <stdlib.h>
1490 #include <string.h>
1491 #include <stdio.h>
1492 #ifdef HAVE_STDDEF_H
1493 #include <stddef.h>
1494 #endif
1495 int main () { char *p1,*p2; p1=NULL; memset(&p2,0,sizeof(p2));
1496 return memcmp(&p1,&p2,sizeof(char*))?1:0; }]])],
1497        [tor_cv_null_is_zero=yes],
1498        [tor_cv_null_is_zero=no],
1499        [tor_cv_null_is_zero=cross])])
1501 if test "$tor_cv_null_is_zero" = "cross"; then
1502   # Cross-compiling; let's hope that the target isn't raving mad.
1503   AC_MSG_NOTICE([Cross-compiling: we'll assume that NULL is represented as a sequence of 0-valued bytes.])
1506 if test "$tor_cv_null_is_zero" != "no"; then
1507   AC_DEFINE([NULL_REP_IS_ZERO_BYTES], 1,
1508             [Define to 1 iff memset(0) sets pointers to NULL])
1511 AC_CACHE_CHECK([whether memset(0) sets doubles to 0.0], tor_cv_dbl0_is_zero,
1512 [AC_RUN_IFELSE([AC_LANG_SOURCE(
1513 [[#include <stdlib.h>
1514 #include <string.h>
1515 #include <stdio.h>
1516 #ifdef HAVE_STDDEF_H
1517 #include <stddef.h>
1518 #endif
1519 int main () { double d1,d2; d1=0; memset(&d2,0,sizeof(d2));
1520 return memcmp(&d1,&d2,sizeof(d1))?1:0; }]])],
1521        [tor_cv_dbl0_is_zero=yes],
1522        [tor_cv_dbl0_is_zero=no],
1523        [tor_cv_dbl0_is_zero=cross])])
1525 if test "$tor_cv_dbl0_is_zero" = "cross"; then
1526   # Cross-compiling; let's hope that the target isn't raving mad.
1527   AC_MSG_NOTICE([Cross-compiling: we'll assume that 0.0 can be represented as a sequence of 0-valued bytes.])
1530 if test "$tor_cv_dbl0_is_zero" != "no"; then
1531   AC_DEFINE([DOUBLE_0_REP_IS_ZERO_BYTES], 1,
1532             [Define to 1 iff memset(0) sets doubles to 0.0])
1535 # And what happens when we malloc zero?
1536 AC_CACHE_CHECK([whether we can malloc(0) safely.], tor_cv_malloc_zero_works,
1537 [AC_RUN_IFELSE([AC_LANG_SOURCE(
1538 [[#include <stdlib.h>
1539 #include <string.h>
1540 #include <stdio.h>
1541 #ifdef HAVE_STDDEF_H
1542 #include <stddef.h>
1543 #endif
1544 int main () { return malloc(0)?0:1; }]])],
1545        [tor_cv_malloc_zero_works=yes],
1546        [tor_cv_malloc_zero_works=no],
1547        [tor_cv_malloc_zero_works=cross])])
1549 if test "$tor_cv_malloc_zero_works" = "cross"; then
1550   # Cross-compiling; let's hope that the target isn't raving mad.
1551   AC_MSG_NOTICE([Cross-compiling: we'll assume that we need to check malloc() arguments for 0.])
1554 if test "$tor_cv_malloc_zero_works" = "yes"; then
1555   AC_DEFINE([MALLOC_ZERO_WORKS], 1,
1556             [Define to 1 iff malloc(0) returns a pointer])
1559 # whether we seem to be in a 2s-complement world.
1560 AC_CACHE_CHECK([whether we are using 2s-complement arithmetic], tor_cv_twos_complement,
1561 [AC_RUN_IFELSE([AC_LANG_SOURCE(
1562 [[int main () { int problem = ((-99) != (~99)+1);
1563 return problem ? 1 : 0; }]])],
1564        [tor_cv_twos_complement=yes],
1565        [tor_cv_twos_complement=no],
1566        [tor_cv_twos_complement=cross])])
1568 if test "$tor_cv_twos_complement" = "cross"; then
1569   # Cross-compiling; let's hope that the target isn't raving mad.
1570   AC_MSG_NOTICE([Cross-compiling: we'll assume that negative integers are represented with two's complement.])
1573 if test "$tor_cv_twos_complement" != "no"; then
1574   AC_DEFINE([USING_TWOS_COMPLEMENT], 1,
1575             [Define to 1 iff we represent negative integers with
1576              two's complement])
1579 # What does shifting a negative value do?
1580 AC_CACHE_CHECK([whether right-shift on negative values does sign-extension], tor_cv_sign_extend,
1581 [AC_RUN_IFELSE([AC_LANG_SOURCE(
1582 [[int main () { int okay = (-60 >> 8) == -1; return okay ? 0 : 1; }]])],
1583        [tor_cv_sign_extend=yes],
1584        [tor_cv_sign_extend=no],
1585        [tor_cv_sign_extend=cross])])
1587 if test "$tor_cv_sign_extend" = "cross"; then
1588   # Cross-compiling; let's hope that the target isn't raving mad.
1589   AC_MSG_NOTICE([Cross-compiling: we'll assume that right-shifting negative integers causes sign-extension])
1592 if test "$tor_cv_sign_extend" != "no"; then
1593   AC_DEFINE([RSHIFT_DOES_SIGN_EXTEND], 1,
1594             [Define to 1 iff right-shifting a negative value performs sign-extension])
1597 # Is uint8_t the same type as unsigned char?
1598 AC_CACHE_CHECK([whether uint8_t is the same type as unsigned char], tor_cv_uint8_uchar,
1599 [AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1600 #include <stdint.h>
1601 extern uint8_t c;
1602 unsigned char c;]])],
1603        [tor_cv_uint8_uchar=yes],
1604        [tor_cv_uint8_uchar=no],
1605        [tor_cv_uint8_uchar=cross])])
1607 if test "$tor_cv_uint8_uchar" = "cross"; then
1608   AC_MSG_NOTICE([Cross-compiling: we'll assume that uint8_t is the same type as unsigned char])
1611 if test "$tor_cv_uint8_uchar" = "no"; then
1612   AC_MSG_ERROR([We assume that uint8_t is the same type as unsigned char, but your compiler disagrees.])
1615 # Whether we should use the dmalloc memory allocation debugging library.
1616 AC_MSG_CHECKING(whether to use dmalloc (debug memory allocation library))
1617 AC_ARG_WITH(dmalloc,
1618 AS_HELP_STRING(--with-dmalloc, [use debug memory allocation library]),
1619 [if [[ "$withval" = "yes" ]]; then
1620   dmalloc=1
1621   AC_MSG_RESULT(yes)
1622 else
1623   dmalloc=1
1624   AC_MSG_RESULT(no)
1625 fi], [ dmalloc=0; AC_MSG_RESULT(no) ]
1628 if [[ $dmalloc -eq 1 ]]; then
1629   AC_CHECK_HEADERS(dmalloc.h, , AC_MSG_ERROR(dmalloc header file not found. Do you have the development files for dmalloc installed?))
1630   AC_SEARCH_LIBS(dmalloc_malloc, [dmallocth dmalloc], , AC_MSG_ERROR(Libdmalloc library not found. If you enable it you better have it installed.))
1631   AC_DEFINE(USE_DMALLOC, 1, [Debug memory allocation library])
1632   AC_CHECK_FUNCS(dmalloc_strdup dmalloc_strndup)
1635 AC_ARG_WITH(tcmalloc,
1636 AS_HELP_STRING(--with-tcmalloc, [use tcmalloc memory allocation library]),
1637 [ tcmalloc=yes ], [ tcmalloc=no ])
1639 if test "x$tcmalloc" = "xyes"; then
1640    LDFLAGS="-ltcmalloc $LDFLAGS"
1643 using_custom_malloc=no
1644 if test "x$enable_openbsd_malloc" = "xyes"; then
1645    using_custom_malloc=yes
1647 if test "x$tcmalloc" = "xyes"; then
1648    using_custom_malloc=yes
1650 if test "$using_custom_malloc" = "no"; then
1651    AC_CHECK_FUNCS(mallinfo)
1654 # By default, we're going to assume we don't have mlockall()
1655 # bionic and other platforms have various broken mlockall subsystems.
1656 # Some systems don't have a working mlockall, some aren't linkable,
1657 # and some have it but don't declare it.
1658 AC_CHECK_FUNCS(mlockall)
1659 AC_CHECK_DECLS([mlockall], , , [
1660 #ifdef HAVE_SYS_MMAN_H
1661 #include <sys/mman.h>
1662 #endif])
1664 # Some MinGW environments don't have getpagesize in unistd.h. We don't use
1665 # AC_CHECK_FUNCS(getpagesize), because other environments rename getpagesize
1666 # using macros
1667 AC_CHECK_DECLS([getpagesize], , , [
1668 #ifdef HAVE_UNISTD_H
1669 #include <unistd.h>
1670 #endif])
1672 # Allow user to specify an alternate syslog facility
1673 AC_ARG_WITH(syslog-facility,
1674 AS_HELP_STRING(--with-syslog-facility=LOG, [syslog facility to use (default=LOG_DAEMON)]),
1675 syslog_facility="$withval", syslog_facility="LOG_DAEMON")
1676 AC_DEFINE_UNQUOTED(LOGFACILITY,$syslog_facility,[name of the syslog facility])
1677 AC_SUBST(LOGFACILITY)
1679 # Check if we have getresuid and getresgid
1680 AC_CHECK_FUNCS(getresuid getresgid)
1682 # Check for gethostbyname_r in all its glorious incompatible versions.
1683 #   (This logic is based on that in Python's configure.in)
1684 AH_TEMPLATE(HAVE_GETHOSTBYNAME_R,
1685   [Define this if you have any gethostbyname_r()])
1687 AC_CHECK_FUNC(gethostbyname_r, [
1688   AC_MSG_CHECKING([how many arguments gethostbyname_r() wants])
1689   OLD_CFLAGS=$CFLAGS
1690   CFLAGS="$CFLAGS $MY_CPPFLAGS $MY_THREAD_CPPFLAGS $MY_CFLAGS"
1691   AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1692 #include <netdb.h>
1693   ]], [[
1694     char *cp1, *cp2;
1695     struct hostent *h1, *h2;
1696     int i1, i2;
1697     (void)gethostbyname_r(cp1,h1,cp2,i1,&h2,&i2);
1698   ]])],[
1699     AC_DEFINE(HAVE_GETHOSTBYNAME_R)
1700     AC_DEFINE(HAVE_GETHOSTBYNAME_R_6_ARG, 1,
1701      [Define this if gethostbyname_r takes 6 arguments])
1702     AC_MSG_RESULT(6)
1703   ], [
1704     AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1705 #include <netdb.h>
1706     ]], [[
1707       char *cp1, *cp2;
1708       struct hostent *h1;
1709       int i1, i2;
1710       (void)gethostbyname_r(cp1,h1,cp2,i1,&i2);
1711     ]])], [
1712       AC_DEFINE(HAVE_GETHOSTBYNAME_R)
1713       AC_DEFINE(HAVE_GETHOSTBYNAME_R_5_ARG, 1,
1714         [Define this if gethostbyname_r takes 5 arguments])
1715       AC_MSG_RESULT(5)
1716    ], [
1717       AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1718 #include <netdb.h>
1719      ]], [[
1720        char *cp1;
1721        struct hostent *h1;
1722        struct hostent_data hd;
1723        (void) gethostbyname_r(cp1,h1,&hd);
1724      ]])], [
1725        AC_DEFINE(HAVE_GETHOSTBYNAME_R)
1726        AC_DEFINE(HAVE_GETHOSTBYNAME_R_3_ARG, 1,
1727          [Define this if gethostbyname_r takes 3 arguments])
1728        AC_MSG_RESULT(3)
1729      ], [
1730        AC_MSG_RESULT(0)
1731      ])
1732   ])
1733  ])
1734  CFLAGS=$OLD_CFLAGS
1737 AC_CACHE_CHECK([whether the C compiler supports __func__],
1738   tor_cv_have_func_macro,
1739   AC_COMPILE_IFELSE([AC_LANG_SOURCE([
1740 #include <stdio.h>
1741 int main(int c, char **v) { puts(__func__); }])],
1742   tor_cv_have_func_macro=yes,
1743   tor_cv_have_func_macro=no))
1745 AC_CACHE_CHECK([whether the C compiler supports __FUNC__],
1746   tor_cv_have_FUNC_macro,
1747   AC_COMPILE_IFELSE([AC_LANG_SOURCE([
1748 #include <stdio.h>
1749 int main(int c, char **v) { puts(__FUNC__); }])],
1750   tor_cv_have_FUNC_macro=yes,
1751   tor_cv_have_FUNC_macro=no))
1753 AC_CACHE_CHECK([whether the C compiler supports __FUNCTION__],
1754   tor_cv_have_FUNCTION_macro,
1755   AC_COMPILE_IFELSE([AC_LANG_SOURCE([
1756 #include <stdio.h>
1757 int main(int c, char **v) { puts(__FUNCTION__); }])],
1758   tor_cv_have_FUNCTION_macro=yes,
1759   tor_cv_have_FUNCTION_macro=no))
1761 AC_CACHE_CHECK([whether we have extern char **environ already declared],
1762   tor_cv_have_environ_declared,
1763   AC_COMPILE_IFELSE([AC_LANG_SOURCE([
1764 #ifdef HAVE_UNISTD_H
1765 #include <unistd.h>
1766 #endif
1767 #include <stdlib.h>
1768 int main(int c, char **v) { char **t = environ; }])],
1769   tor_cv_have_environ_declared=yes,
1770   tor_cv_have_environ_declared=no))
1772 if test "$tor_cv_have_func_macro" = "yes"; then
1773   AC_DEFINE(HAVE_MACRO__func__, 1, [Defined if the compiler supports __func__])
1776 if test "$tor_cv_have_FUNC_macro" = "yes"; then
1777   AC_DEFINE(HAVE_MACRO__FUNC__, 1, [Defined if the compiler supports __FUNC__])
1780 if test "$tor_cv_have_FUNCTION_macro" = "yes"; then
1781   AC_DEFINE(HAVE_MACRO__FUNCTION__, 1,
1782            [Defined if the compiler supports __FUNCTION__])
1785 if test "$tor_cv_have_environ_declared" = "yes"; then
1786   AC_DEFINE(HAVE_EXTERN_ENVIRON_DECLARED, 1,
1787            [Defined if we have extern char **environ already declared])
1790 # $prefix stores the value of the --prefix command line option, or
1791 # NONE if the option wasn't set.  In the case that it wasn't set, make
1792 # it be the default, so that we can use it to expand directories now.
1793 if test "x$prefix" = "xNONE"; then
1794   prefix=$ac_default_prefix
1797 # and similarly for $exec_prefix
1798 if test "x$exec_prefix" = "xNONE"; then
1799   exec_prefix=$prefix
1802 if test "x$BUILDDIR" = "x"; then
1803   BUILDDIR=`pwd`
1805 AC_SUBST(BUILDDIR)
1806 AH_TEMPLATE([BUILDDIR],[tor's build directory])
1807 AC_DEFINE_UNQUOTED(BUILDDIR,"$BUILDDIR")
1809 if test "x$CONFDIR" = "x"; then
1810   CONFDIR=`eval echo $sysconfdir/tor`
1812 AC_SUBST(CONFDIR)
1813 AH_TEMPLATE([CONFDIR],[tor's configuration directory])
1814 AC_DEFINE_UNQUOTED(CONFDIR,"$CONFDIR")
1816 BINDIR=`eval echo $bindir`
1817 AC_SUBST(BINDIR)
1818 LOCALSTATEDIR=`eval echo $localstatedir`
1819 AC_SUBST(LOCALSTATEDIR)
1821 if test "$bwin32" = "true"; then
1822   # Test if the linker supports the --nxcompat and --dynamicbase options
1823   # for Windows
1824   save_LDFLAGS="$LDFLAGS"
1825   LDFLAGS="-Wl,--nxcompat -Wl,--dynamicbase"
1826   AC_MSG_CHECKING([whether the linker supports DllCharacteristics])
1827   AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
1828     [AC_MSG_RESULT([yes])]
1829     [save_LDFLAGS="$save_LDFLAGS $LDFLAGS"],
1830     [AC_MSG_RESULT([no])]
1831   )
1832   LDFLAGS="$save_LDFLAGS"
1835 # Set CFLAGS _after_ all the above checks, since our warnings are stricter
1836 # than autoconf's macros like.
1837 if test "$GCC" = "yes"; then
1838   # Disable GCC's strict aliasing checks.  They are an hours-to-debug
1839   # accident waiting to happen.
1840   CFLAGS="$CFLAGS -Wall -fno-strict-aliasing"
1841 else
1842   # Override optimization level for non-gcc compilers
1843   CFLAGS="$CFLAGS -O"
1844   enable_gcc_warnings=no
1845   enable_gcc_warnings_advisory=no
1848 # Warnings implies advisory-warnings and -Werror.
1849 if test "$enable_gcc_warnings" = "yes"; then
1850   enable_gcc_warnings_advisory=yes
1851   enable_fatal_warnings=yes
1854 # OS X Lion started deprecating the system openssl. Let's just disable
1855 # all deprecation warnings on OS X. Also, to potentially make the binary
1856 # a little smaller, let's enable dead_strip.
1857 case "$host_os" in
1859  darwin*)
1860     CFLAGS="$CFLAGS -Wno-deprecated-declarations"
1861     LDFLAGS="$LDFLAGS -dead_strip" ;;
1862 esac
1864 # Add some more warnings which we use in development but not in the
1865 # released versions.  (Some relevant gcc versions can't handle these.)
1867 # Note that we have to do this near the end  of the autoconf process, or
1868 # else we may run into problems when these warnings hit on the testing C
1869 # programs that autoconf wants to build.
1870 if test "x$enable_gcc_warnings_advisory" != "xno"; then
1872   case "$host" in
1873     *-*-openbsd* | *-*-bitrig*)
1874       # Some OpenBSD versions (like 4.8) have -Wsystem-headers by default.
1875       # That's fine, except that the headers don't pass -Wredundant-decls.
1876       # Therefore, let's disable -Wsystem-headers when we're building
1877       # with maximal warnings on OpenBSD.
1878       CFLAGS="$CFLAGS -Wno-system-headers" ;;
1879   esac
1881   # GCC4.3 users once report trouble with -Wstrict-overflow=5.  GCC5 users
1882   # have it work better.
1883   # CFLAGS="$CFLAGS -Wstrict-overflow=1"
1885   # This warning was added in gcc 4.3, but it appears to generate
1886   # spurious warnings in gcc 4.4.  I don't know if it works in 4.5.
1887   #CFLAGS="$CFLAGS -Wlogical-op"
1889   m4_foreach_w([warning_flag], [
1890      -Waddress
1891      -Waddress-of-array-temporary
1892      -Waddress-of-temporary
1893      -Wambiguous-macro
1894      -Wanonymous-pack-parens
1895      -Warc
1896      -Warc-abi
1897      -Warc-bridge-casts-disallowed-in-nonarc
1898      -Warc-maybe-repeated-use-of-weak
1899      -Warc-performSelector-leaks
1900      -Warc-repeated-use-of-weak
1901      -Warray-bounds
1902      -Warray-bounds-pointer-arithmetic
1903      -Wasm
1904      -Wasm-operand-widths
1905      -Watomic-properties
1906      -Watomic-property-with-user-defined-accessor
1907      -Wauto-import
1908      -Wauto-storage-class
1909      -Wauto-var-id
1910      -Wavailability
1911      -Wbackslash-newline-escape
1912      -Wbad-array-new-length
1913      -Wbind-to-temporary-copy
1914      -Wbitfield-constant-conversion
1915      -Wbool-conversion
1916      -Wbool-conversions
1917      -Wbuiltin-requires-header
1918      -Wchar-align
1919      -Wcompare-distinct-pointer-types
1920      -Wcomplex-component-init
1921      -Wconditional-type-mismatch
1922      -Wconfig-macros
1923      -Wconstant-conversion
1924      -Wconstant-logical-operand
1925      -Wconstexpr-not-const
1926      -Wcustom-atomic-properties
1927      -Wdangling-field
1928      -Wdangling-initializer-list
1929      -Wdate-time
1930      -Wdelegating-ctor-cycles
1931      -Wdeprecated-implementations
1932      -Wdeprecated-register
1933      -Wdirect-ivar-access
1934      -Wdiscard-qual
1935      -Wdistributed-object-modifiers
1936      -Wdivision-by-zero
1937      -Wdollar-in-identifier-extension
1938      -Wdouble-promotion
1939      -Wduplicate-decl-specifier
1940      -Wduplicate-enum
1941      -Wduplicate-method-arg
1942      -Wduplicate-method-match
1943      -Wduplicated-cond
1944      -Wdynamic-class-memaccess
1945      -Wembedded-directive
1946      -Wempty-translation-unit
1947      -Wenum-conversion
1948      -Wexit-time-destructors
1949      -Wexplicit-ownership-type
1950      -Wextern-initializer
1951      -Wextra
1952      -Wextra-semi
1953      -Wextra-tokens
1954      -Wflexible-array-extensions
1955      -Wfloat-conversion
1956      -Wformat-non-iso
1957      -Wfour-char-constants
1958      -Wgcc-compat
1959      -Wglobal-constructors
1960      -Wgnu-array-member-paren-init
1961      -Wgnu-designator
1962      -Wgnu-static-float-init
1963      -Wheader-guard
1964      -Wheader-hygiene
1965      -Widiomatic-parentheses
1966      -Wignored-attributes
1967      -Wimplicit-atomic-properties
1968      -Wimplicit-conversion-floating-point-to-bool
1969      -Wimplicit-exception-spec-mismatch
1970      -Wimplicit-fallthrough
1971      -Wimplicit-fallthrough-per-function
1972      -Wimplicit-retain-self
1973      -Wimport-preprocessor-directive-pedantic
1974      -Wincompatible-library-redeclaration
1975      -Wincompatible-pointer-types-discards-qualifiers
1976      -Wincomplete-implementation
1977      -Wincomplete-module
1978      -Wincomplete-umbrella
1979      -Winit-self
1980      -Wint-conversions
1981      -Wint-to-void-pointer-cast
1982      -Winteger-overflow
1983      -Winvalid-constexpr
1984      -Winvalid-iboutlet
1985      -Winvalid-noreturn
1986      -Winvalid-pp-token
1987      -Winvalid-source-encoding
1988      -Winvalid-token-paste
1989      -Wknr-promoted-parameter
1990      -Wlanguage-extension-token
1991      -Wlarge-by-value-copy
1992      -Wliteral-conversion
1993      -Wliteral-range
1994      -Wlocal-type-template-args
1995      -Wlogical-op
1996      -Wloop-analysis
1997      -Wmain-return-type
1998      -Wmalformed-warning-check
1999      -Wmethod-signatures
2000      -Wmicrosoft
2001      -Wmicrosoft-exists
2002      -Wmismatched-parameter-types
2003      -Wmismatched-return-types
2004      -Wmissing-field-initializers
2005      -Wmissing-format-attribute
2006      -Wmissing-noreturn
2007      -Wmissing-selector-name
2008      -Wmissing-sysroot
2009      -Wmissing-variable-declarations
2010      -Wmodule-conflict
2011      -Wnested-anon-types
2012      -Wnewline-eof
2013      -Wnon-literal-null-conversion
2014      -Wnon-pod-varargs
2015      -Wnonportable-cfstrings
2016      -Wnormalized=id
2017      -Wnull-arithmetic
2018      -Wnull-character
2019      -Wnull-conversion
2020      -Wnull-dereference
2021      -Wout-of-line-declaration
2022      -Wover-aligned
2023      -Woverlength-strings
2024      -Woverride-init
2025      -Woverriding-method-mismatch
2026      -Wpointer-type-mismatch
2027      -Wpredefined-identifier-outside-function
2028      -Wprotocol-property-synthesis-ambiguity
2029      -Wreadonly-iboutlet-property
2030      -Wreadonly-setter-attrs
2031      -Wreceiver-expr
2032      -Wreceiver-forward-class
2033      -Wreceiver-is-weak
2034      -Wreinterpret-base-class
2035      -Wrequires-super-attribute
2036      -Wreserved-user-defined-literal
2037      -Wreturn-stack-address
2038      -Wsection
2039      -Wselector-type-mismatch
2040      -Wsentinel
2041      -Wserialized-diagnostics
2042      -Wshadow
2043      -Wshift-count-negative
2044      -Wshift-count-overflow
2045      -Wshift-negative-value
2046      -Wshift-overflow=2
2047      -Wshift-sign-overflow
2048      -Wshorten-64-to-32
2049      -Wsizeof-array-argument
2050      -Wsource-uses-openmp
2051      -Wstatic-float-init
2052      -Wstatic-in-inline
2053      -Wstatic-local-in-inline
2054      -Wstrict-overflow=1
2055      -Wstring-compare
2056      -Wstring-conversion
2057      -Wstrlcpy-strlcat-size
2058      -Wstrncat-size
2059      -Wsuggest-attribute=format
2060      -Wsuggest-attribute=noreturn
2061      -Wsuper-class-method-mismatch
2062      -Wswitch-bool
2063      -Wsync-nand
2064      -Wtautological-constant-out-of-range-compare
2065      -Wtentative-definition-incomplete-type
2066      -Wtrampolines
2067      -Wtype-safety
2068      -Wtypedef-redefinition
2069      -Wtypename-missing
2070      -Wundefined-inline
2071      -Wundefined-internal
2072      -Wundefined-reinterpret-cast
2073      -Wunicode
2074      -Wunicode-whitespace
2075      -Wunknown-warning-option
2076      -Wunnamed-type-template-args
2077      -Wunneeded-member-function
2078      -Wunsequenced
2079      -Wunsupported-visibility
2080      -Wunused-but-set-parameter
2081      -Wunused-but-set-variable
2082      -Wunused-command-line-argument
2083      -Wunused-const-variable=2
2084      -Wunused-exception-parameter
2085      -Wunused-local-typedefs
2086      -Wunused-member-function
2087      -Wunused-sanitize-argument
2088      -Wunused-volatile-lvalue
2089      -Wuser-defined-literals
2090      -Wvariadic-macros
2091      -Wvector-conversion
2092      -Wvector-conversions
2093      -Wvexing-parse
2094      -Wvisibility
2095      -Wvla-extension
2096      -Wzero-length-array
2097   ], [ TOR_CHECK_CFLAGS([warning_flag]) ])
2099 dnl    We should re-enable this in some later version.  Clang doesn't
2100 dnl    mind, but it causes trouble with GCC.
2101 dnl     -Wstrict-overflow=2
2103 dnl    These seem to require annotations that we don't currently use,
2104 dnl    and they give false positives in our pthreads wrappers. (Clang 4)
2105 dnl     -Wthread-safety
2106 dnl     -Wthread-safety-analysis
2107 dnl     -Wthread-safety-attributes
2108 dnl     -Wthread-safety-beta
2109 dnl     -Wthread-safety-precise
2111   CFLAGS="$CFLAGS -W -Wfloat-equal -Wundef -Wpointer-arith"
2112   CFLAGS="$CFLAGS -Wstrict-prototypes -Wmissing-prototypes -Wwrite-strings"
2113   CFLAGS="$CFLAGS -Wredundant-decls -Wchar-subscripts -Wcomment -Wformat=2"
2114   CFLAGS="$CFLAGS -Wwrite-strings"
2115   CFLAGS="$CFLAGS -Wnested-externs -Wbad-function-cast -Wswitch-enum"
2116   CFLAGS="$CFLAGS -Waggregate-return -Wpacked -Wunused"
2117   CFLAGS="$CFLAGS -Wunused-parameter "
2118   # These interfere with building main() { return 0; }, which autoconf
2119   # likes to use as its default program.
2120   CFLAGS="$CFLAGS -Wold-style-definition -Wmissing-declarations"
2122   if test "$tor_cv_cflags__Wnull_dereference" = "yes"; then
2123     AC_DEFINE([HAVE_CFLAG_WNULL_DEREFERENCE], 1, [True if we have -Wnull-dereference])
2124   fi
2125   if test "$tor_cv_cflags__Woverlength_strings" = "yes"; then
2126     AC_DEFINE([HAVE_CFLAG_WOVERLENGTH_STRINGS], 1, [True if we have -Woverlength-strings])
2127   fi
2129   if test "x$enable_fatal_warnings" = "xyes"; then
2130     # I'd like to use TOR_CHECK_CFLAGS here, but I can't, since the
2131     # default autoconf programs are full of errors.
2132     CFLAGS="$CFLAGS -Werror"
2133   fi
2137 if test "$enable_coverage" = "yes" && test "$have_clang" = "no"; then
2138    case "$host_os" in
2139     darwin*)
2140       AC_MSG_WARN([Tried to enable coverage on OSX without using the clang compiler. This might not work! If coverage fails, use CC=clang when configuring with --enable-coverage.])
2141    esac
2144 CPPFLAGS="$CPPFLAGS $TOR_CPPFLAGS_libevent $TOR_CPPFLAGS_openssl $TOR_CPPFLAGS_zlib"
2146 AC_CONFIG_FILES([
2147         Doxyfile
2148         Makefile
2149         contrib/dist/suse/tor.sh
2150         contrib/operator-tools/tor.logrotate
2151         contrib/dist/tor.sh
2152         contrib/dist/torctl
2153         contrib/dist/tor.service
2154         src/config/torrc.sample
2155         src/config/torrc.minimal
2156         src/rust/.cargo/config
2157         scripts/maint/checkOptionDocs.pl
2158         scripts/maint/updateVersions.pl
2161 if test "x$asciidoc" = "xtrue" && test "$ASCIIDOC" = "none"; then
2162   regular_mans="doc/tor doc/tor-gencert doc/tor-resolve doc/torify"
2163   for file in $regular_mans ; do
2164     if ! [[ -f "$srcdir/$file.1.in" ]] || ! [[ -f "$srcdir/$file.html.in" ]] ; then
2165       echo "==================================";
2166       echo;
2167       echo "Building Tor has failed since manpages cannot be built.";
2168       echo;
2169       echo "You need asciidoc installed to be able to build the manpages.";
2170       echo "To build without manpages, use the --disable-asciidoc argument";
2171       echo "when calling configure.";
2172       echo;
2173       echo "==================================";
2174       exit 1;
2175     fi
2176   done
2179 if test "$fragile_hardening" = "yes"; then
2180   AC_MSG_WARN([
2182 ============
2183 Warning!  Building Tor with --enable-fragile-hardening (also known as
2184 --enable-expensive-hardening) makes some kinds of attacks harder, but makes
2185 other kinds of attacks easier. A Tor instance build with this option will be
2186 somewhat less vulnerable to remote code execution, arithmetic overflow, or
2187 out-of-bounds read/writes... but at the cost of becoming more vulnerable to
2188 denial of service attacks. For more information, see
2189 https://trac.torproject.org/projects/tor/wiki/doc/TorFragileHardening
2190 ============
2191   ])
2194 AC_OUTPUT