krb5 commit: Add option to build without libkeyutils
Greg Hudson
ghudson at mit.edu
Fri Mar 22 12:21:10 EDT 2019
https://github.com/krb5/krb5/commit/b43ebf0f0adebab7df02ada88bf639ddd67e23e0
commit b43ebf0f0adebab7df02ada88bf639ddd67e23e0
Author: Robert Marshall <rmarshall at gitlab.com>
Date: Tue Mar 12 23:20:06 2019 -0400
Add option to build without libkeyutils
Add a --without-keyutils option to disable the keyring ccache, for
scenarios where minimizing libkrb5 dependencies is important.
[ghudson at mit.edu: moved processing to configure.ac; added error if
explicit --without-keyutils is given and libkeyutils is not found;
nested persistent keyring check for clarity; moved new documentation
to appropriate place and don't mention persistent keyrings; rephrased
commit message]
ticket: 8791 (new)
doc/build/options2configure.rst | 4 ++++
src/aclocal.m4 | 22 ----------------------
src/configure.ac | 21 +++++++++++++++++++++
3 files changed, 25 insertions(+), 22 deletions(-)
diff --git a/doc/build/options2configure.rst b/doc/build/options2configure.rst
index ddbee20..a895962 100644
--- a/doc/build/options2configure.rst
+++ b/doc/build/options2configure.rst
@@ -387,6 +387,10 @@ Optional packages
``--without-krb5-config`` to disable the use of krb5-config and
use the usual built-in defaults.
+**-**\ **-without-keyutils**
+ Build without libkeyutils support. This disables the KEYRING
+ credential cache type.
+
Examples
--------
diff --git a/src/aclocal.m4 b/src/aclocal.m4
index 3752d9b..c74755a 100644
--- a/src/aclocal.m4
+++ b/src/aclocal.m4
@@ -93,8 +93,6 @@ KRB5_LIB_PARAMS
KRB5_AC_INITFINI
KRB5_AC_ENABLE_THREADS
KRB5_AC_FIND_DLOPEN
-KRB5_AC_KEYRING_CCACHE
-KRB5_AC_PERSISTENT_KEYRING
])dnl
dnl Maintainer mode, akin to what automake provides, 'cept we don't
@@ -1677,23 +1675,3 @@ if test "$with_ldap" = yes; then
OPENLDAP_PLUGIN=yes
fi
])dnl
-dnl
-dnl If libkeyutils exists (on Linux) include it and use keyring ccache
-AC_DEFUN(KRB5_AC_KEYRING_CCACHE,[
- AC_CHECK_HEADERS([keyutils.h],
- AC_CHECK_LIB(keyutils, add_key,
- [dnl Pre-reqs were found
- AC_DEFINE(USE_KEYRING_CCACHE, 1, [Define if the keyring ccache should be enabled])
- LIBS="-lkeyutils $LIBS"
- ]))
-])dnl
-dnl
-dnl If libkeyutils supports persistent keyrings, use them
-AC_DEFUN(KRB5_AC_PERSISTENT_KEYRING,[
- AC_CHECK_HEADERS([keyutils.h],
- AC_CHECK_LIB(keyutils, keyctl_get_persistent,
- [AC_DEFINE(HAVE_PERSISTENT_KEYRING, 1,
- [Define if persistent keyrings are supported])
- ]))
-])dnl
-dnl
diff --git a/src/configure.ac b/src/configure.ac
index 59193c6..ed5c0a7 100644
--- a/src/configure.ac
+++ b/src/configure.ac
@@ -323,6 +323,27 @@ AC_SUBST(TLS_IMPL)
AC_SUBST(TLS_IMPL_CFLAGS)
AC_SUBST(TLS_IMPL_LIBS)
+AC_ARG_WITH([keyutils],
+AC_HELP_STRING([--without-keyutils],[do not link with libkeyutils]),
+ [], [with_keyutils=check])
+if test "$with_keyutils" != no; then
+ have_keyutils=false
+ AC_CHECK_HEADERS([keyutils.h],
+ AC_CHECK_LIB(keyutils, add_key, [have_keyutils=true]))
+ if test "$have_keyutils" = true; then
+ AC_DEFINE(USE_KEYRING_CCACHE, 1,
+ [Define if the keyring ccache should be enabled])
+ LIBS="-lkeyutils $LIBS"
+ # If libkeyutils supports persistent keyrings, use them.
+ AC_CHECK_LIB(keyutils, keyctl_get_persistent,
+ [AC_DEFINE(HAVE_PERSISTENT_KEYRING, 1,
+ [Define if persistent keyrings are supported])
+ ])
+ elif test "$with_keyutils" = yes; then
+ AC_MSG_ERROR([libkeyutils not found])
+ fi
+fi
+
# The SPAKE preauth plugin currently supports edwards25519 natively,
# and can support three NIST groups using OpenSSL.
HAVE_SPAKE_OPENSSL=no
More information about the cvs-krb5
mailing list