[PATCH 1/2] Require openssl-devel is libcrypto backend is selected I've changed the configure flags a little. The previous --enable-crypto sounded like something you should enable to get the functionality compiled in rather than a selection of alternative crypto back end.
https://fedorahosted.org/sssd/ticket/844 [PATCH 2/2] BUILD.txt: Warn that all crypto features are implemented Note that the recommended default is NSS.
From 29644444991bb07a37f44c998de0ec9404995996 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Sun, 24 Apr 2011 16:15:04 +0200
Subject: [PATCH 1/2] Require openssl-devel is libcrypto backend is selected
---
configure.ac | 8 ++++++++
src/conf_macros.m4 | 22 ++++++++++++++++++++++
src/external/crypto.m4 | 18 ++++++------------
3 files changed, 36 insertions(+), 12 deletions(-)
diff --git a/configure.ac b/configure.ac
index 18aa823..f888466 100644
--- a/configure.ac
+++ b/configure.ac
@@ -95,6 +95,7 @@ WITH_SELINUX
WITH_NSCD
WITH_SEMANAGE
WITH_LIBNL
+WITH_CRYPTO
m4_include([src/external/pkg.m4])
m4_include([src/external/libpopt.m4])
@@ -175,6 +176,13 @@ if test x$HAVE_SYSTEMD_UNIT != x; then
AM_CHECK_SYSTEMD
fi
+if test x$cryptolib = xnss; then
+ AM_CHECK_NSS
+fi
+if test x$cryptolib = xlibcrypto; then
+ AM_CHECK_LIBCRYPTO
+fi
+
AC_CHECK_HEADERS([sys/inotify.h])
AC_CHECK_HEADERS([sasl/sasl.h],,AC_MSG_ERROR([Could not find SASL headers]))
diff --git a/src/conf_macros.m4 b/src/conf_macros.m4
index 273a527..31048d3 100644
--- a/src/conf_macros.m4
+++ b/src/conf_macros.m4
@@ -295,3 +295,25 @@ AC_DEFUN([WITH_LIBNL],
fi
])
+AC_DEFUN([WITH_CRYPTO],
+ [ AC_ARG_WITH([crypto],
+ [AC_HELP_STRING([--with-crypto=CRYPTO_LIB],
+ [The cryptographic library to use (nss|libcrypto). The default is nss.]
+ )
+ ],
+ [],
+ with_crypto=nss
+ )
+
+ cryptolib=""
+ if test x"$with_crypto" != x; then
+ if test x"$with_crypto" = xnss || \
+ test x"$with_crypto" = xlibcrypto; then
+ cryptolib="$with_crypto";
+ else
+ AC_MSG_ERROR([Illegal value -$with_crypto- for option --with-crypto])
+ fi
+ fi
+ AM_CONDITIONAL([HAVE_NSS], [test x"$cryptolib" = xnss])
+ AM_CONDITIONAL([HAVE_LIBCRYPTO], [test x"$cryptolib" = xlibcrypto])
+ ])
diff --git a/src/external/crypto.m4 b/src/external/crypto.m4
index d1bcf40..ebaeba7 100644
--- a/src/external/crypto.m4
+++ b/src/external/crypto.m4
@@ -1,13 +1,7 @@
-AC_ARG_ENABLE(crypto,
- [ --enable-crypto Use OpenSSL crypto instead of NSS],
- [CRYPTO="$enableval"],
- [CRYPTO="no"]
-)
+AC_DEFUN([AM_CHECK_NSS],
+ [PKG_CHECK_MODULES([NSS],[nss])
+])
-if test x$CRYPTO != xyes; then
- PKG_CHECK_MODULES([NSS],[nss],[have_nss=1],[have_nss=])
-else
- PKG_CHECK_MODULES([CRYPTO],[libcrypto],[have_crypto=1],[have_crypto=])
-fi
-AM_CONDITIONAL([HAVE_NSS], [test x$have_nss != x])
-AM_CONDITIONAL([HAVE_CRYPTO], [test x$have_crypto != x])
+AC_DEFUN([AM_CHECK_LIBCRYPTO],
+ [PKG_CHECK_MODULES([CRYPTO],[libcrypto])
+])
--
1.7.4.4
From 1bf6f0c82e25df82cb8424c99a64b14269a1f7dd Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Sun, 24 Apr 2011 16:32:12 +0200
Subject: [PATCH 2/2] BUILD.txt: Warn that all crypto features are implemented
only in NSS
---
BUILD.txt | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/BUILD.txt b/BUILD.txt
index 8dd3694..d11d9ea 100644
--- a/BUILD.txt
+++ b/BUILD.txt
@@ -33,6 +33,12 @@ ding-libs are available in Fedora 14 and later version:
yum install libcollection-devel libdhash-devel libini_config-devel \
libpath_utils-devel libref_array-devel
+Some features, notably password caching, require the presence of a crypto
+library. The default, tested by SSSD upstream, is Mozilla NSS. An alternative
+crypto library can be selected during configure time using the --with-crypto
+switch. Please note that alternative crypto back ends may not provide all
+features.
+
How to build:
~~~~~~~~~~~~~
From the root of the source, run:
--
1.7.4.4
signature.asc
Description: OpenPGP digital signature
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
