gpg: Fix export of ecc secret keys by adjusting check ordering.
[gnupg.git] / configure.ac
index 5335e56..80af6fa 100644 (file)
@@ -1,6 +1,7 @@
 # configure.ac - for GnuPG 2.1
 # Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
 #               2008, 2009, 2010, 2011, 2012 Free Software Foundation, Inc.
+# Copyright (C) 2013, 2014 Werner Koch
 #
 # This file is part of GnuPG.
 #
@@ -25,28 +26,34 @@ min_automake_version="1.10"
 # (git tag -s gnupg-2.n.m) and run "./autogen.sh --force".  Please
 # bump the version number immediately *after* the release and do
 # another commit and push so that the git magic is able to work.
-m4_define([mym4_version], [2.1.0])
+m4_define([mym4_package],[gnupg])
+m4_define([mym4_major], [2])
+m4_define([mym4_minor], [1])
+m4_define([mym4_micro], [0])
+
+# To start a new development series, i.e a new major or minor number
+# you need to mark an arbitrary commit before the first beta release
+# with an annotated tag.  For example the 2.1 branch starts off with
+# the tag "gnupg-2.1-base".  This is used as the base for counting
+# beta numbers before the first release of a series.
 
 # Below is m4 magic to extract and compute the git revision number,
 # the decimalized short revision number, a beta version string and a
-# flag indicating a development version (mym4_isgit).  Note that the
+# flag indicating a development version (mym4_isbeta).  Note that the
 # m4 processing is done by autoconf and not during the configure run.
-m4_define([mym4_revision],
-          m4_esyscmd([git rev-parse --short HEAD | tr -d '\n\r']))
-m4_define([mym4_revision_dec],
-          m4_esyscmd_s([echo $((0x$(echo ]mym4_revision[|head -c 4)))]))
-m4_define([mym4_betastring],
-          m4_esyscmd_s([git describe --match 'gnupg-2.[0-9].*[0-9]' --long|\
-                        awk -F- '$3!=0{print"-beta"$3}']))
-m4_define([mym4_isgit],m4_if(mym4_betastring,[],[no],[yes]))
-m4_define([mym4_full_version],[mym4_version[]mym4_betastring])
-
-AC_INIT([gnupg],[mym4_full_version], [http://bugs.gnupg.org])
+m4_define([mym4_verslist], m4_split(m4_esyscmd([./autogen.sh --find-version] \
+                           mym4_package mym4_major mym4_minor mym4_micro),[:]))
+m4_define([mym4_isbeta],       m4_argn(2, mym4_verslist))
+m4_define([mym4_version],      m4_argn(4, mym4_verslist))
+m4_define([mym4_revision],     m4_argn(7, mym4_verslist))
+m4_define([mym4_revision_dec], m4_argn(8, mym4_verslist))
+m4_esyscmd([echo ]mym4_version[>VERSION])
+AC_INIT([mym4_package],[mym4_version], [http://bugs.gnupg.org])
 
-NEED_GPG_ERROR_VERSION=1.11
+NEED_GPG_ERROR_VERSION=1.14
 
 NEED_LIBGCRYPT_API=1
-NEED_LIBGCRYPT_VERSION=1.5.0
+NEED_LIBGCRYPT_VERSION=1.6.0
 
 NEED_LIBASSUAN_API=2
 NEED_LIBASSUAN_VERSION=2.1.0
@@ -57,16 +64,20 @@ NEED_KSBA_VERSION=1.2.0
 NEED_NPTH_API=1
 NEED_NPTH_VERSION=0.91
 
+NEED_GNUTLS_VERSION=3.0
 
-development_version=mym4_isgit
+
+development_version=mym4_isbeta
 PACKAGE=$PACKAGE_NAME
 PACKAGE_GT=${PACKAGE_NAME}2
 VERSION=$PACKAGE_VERSION
 
-AC_CONFIG_AUX_DIR(scripts)
-AC_CONFIG_SRCDIR(sm/gpgsm.c)
-AM_CONFIG_HEADER(config.h)
-AM_INIT_AUTOMAKE($PACKAGE, $VERSION)
+AC_CONFIG_AUX_DIR([build-aux])
+AC_CONFIG_SRCDIR([sm/gpgsm.c])
+AC_CONFIG_HEADER([config.h])
+# Note: For automake 1.13 add the option
+#          serial-tests
+AM_INIT_AUTOMAKE([dist-bzip2 no-dist-gzip])
 AC_CANONICAL_HOST
 AB_INIT
 
@@ -80,16 +91,16 @@ have_ksba=no
 have_npth=no
 have_libusb=no
 have_adns=no
+gnupg_have_ldap="n/a"
 
 use_zip=yes
 use_bzip2=yes
 use_exec=yes
-disable_keyserver_path=no
+use_trust_models=yes
+card_support=yes
 use_ccid_driver=yes
 use_standard_socket=yes
-dirmngr_auto_start=no
-
-try_ks_ldap=no
+dirmngr_auto_start=yes
 
 GNUPG_BUILD_PROGRAM(gpg, yes)
 GNUPG_BUILD_PROGRAM(gpgsm, yes)
@@ -194,13 +205,6 @@ AC_DEFINE_UNQUOTED(NAME_OF_INSTALLED_GPG, "$name_of_installed_gpg",
                    [The name of the installed GPG tool])
 
 
-# Some folks want to use only the agent from this packet.  Make it
-# easier for them by providing the configure option
-# --enable-only-agent.
-AC_ARG_ENABLE(agent-only,
-    AC_HELP_STRING([--enable-agent-only],[build only the gpg-agent]),
-    build_agent_only=$enableval)
-
 # SELinux support includes tracking of sensitive files to avoid
 # leaking their contents through processing these files by gpg itself
 AC_MSG_CHECKING([whether SELinux support is requested])
@@ -210,6 +214,51 @@ AC_ARG_ENABLE(selinux-support,
               selinux_support=$enableval, selinux_support=no)
 AC_MSG_RESULT($selinux_support)
 
+
+AC_MSG_CHECKING([whether to enable trust models])
+AC_ARG_ENABLE(trust-models,
+              AC_HELP_STRING([--disable-trust-models],
+                             [disable all trust models except "always"]),
+              use_trust_models=$enableval)
+AC_MSG_RESULT($use_trust_models)
+if test "$use_trust_models" = no ; then
+    AC_DEFINE(NO_TRUST_MODELS, 1,
+             [Define to include only trust-model always])
+fi
+
+
+#
+# Options to disable algorithm
+#
+
+GNUPG_GPG_DISABLE_ALGO([rsa],[RSA public key])
+# Elgamal is a MUST algorithm
+# DSA is a MUST algorithm
+GNUPG_GPG_DISABLE_ALGO([ecdh],[ECDH public key])
+GNUPG_GPG_DISABLE_ALGO([ecdsa],[ECDSA public key])
+GNUPG_GPG_DISABLE_ALGO([eddsa],[EdDSA public key])
+
+GNUPG_GPG_DISABLE_ALGO([idea],[IDEA cipher])
+# 3DES is a MUST algorithm
+GNUPG_GPG_DISABLE_ALGO([cast5],[CAST5 cipher])
+GNUPG_GPG_DISABLE_ALGO([blowfish],[BLOWFISH cipher])
+GNUPG_GPG_DISABLE_ALGO([aes128],[AES128 cipher])
+GNUPG_GPG_DISABLE_ALGO([aes192],[AES192 cipher])
+GNUPG_GPG_DISABLE_ALGO([aes256],[AES256 cipher])
+GNUPG_GPG_DISABLE_ALGO([twofish],[TWOFISH cipher])
+GNUPG_GPG_DISABLE_ALGO([camellia128],[CAMELLIA128 cipher])
+GNUPG_GPG_DISABLE_ALGO([camellia192],[CAMELLIA192 cipher])
+GNUPG_GPG_DISABLE_ALGO([camellia256],[CAMELLIA256 cipher])
+
+GNUPG_GPG_DISABLE_ALGO([md5],[MD5 hash])
+# SHA1 is a MUSt algorithm
+GNUPG_GPG_DISABLE_ALGO([rmd160],[RIPE-MD160 hash])
+GNUPG_GPG_DISABLE_ALGO([sha224],[SHA-224 hash])
+GNUPG_GPG_DISABLE_ALGO([sha256],[SHA-256 hash])
+GNUPG_GPG_DISABLE_ALGO([sha384],[SHA-384 hash])
+GNUPG_GPG_DISABLE_ALGO([sha512],[SHA-512 hash])
+
+
 # Allow disabling of zip support.
 # This is in general not a good idea because according to rfc4880 OpenPGP
 # implementations SHOULD support ZLIB.
@@ -261,61 +310,6 @@ if test "$use_exec" = yes ; then
         fi],withval=no)
     AC_MSG_RESULT($withval)
   fi
-
-  AC_MSG_CHECKING([whether to enable external keyserver helpers])
-  AC_ARG_ENABLE(keyserver-helpers,
-      [  --disable-keyserver-helpers  disable all external keyserver support],
-      [if test "$enableval" = no ; then
-         AC_DEFINE(DISABLE_KEYSERVER_HELPERS,1,
-                  [define to disable keyserver helpers])
-      fi],enableval=yes)
-  gnupg_cv_enable_keyserver_helpers=$enableval
-  AC_MSG_RESULT($enableval)
-
-  if test "$gnupg_cv_enable_keyserver_helpers" = yes ; then
-    # LDAP is defined only after we confirm the library is available later
-    AC_MSG_CHECKING([whether LDAP keyserver support is requested])
-    AC_ARG_ENABLE(ldap,
-      AC_HELP_STRING([--disable-ldap],[disable LDAP keyserver interface only]),
-      try_ks_ldap=$enableval, try_ks_ldap=yes)
-    AC_MSG_RESULT($try_ks_ldap)
-
-    AC_MSG_CHECKING([whether HKP keyserver support is requested])
-    AC_ARG_ENABLE(hkp,
-      AC_HELP_STRING([--disable-hkp],[disable HKP keyserver interface only]),
-      try_hkp=$enableval, try_hkp=yes)
-    AC_MSG_RESULT($try_hkp)
-
-    AC_MSG_CHECKING([whether finger key fetching support is requested])
-    AC_ARG_ENABLE(finger,
-      AC_HELP_STRING([--disable-finger],
-        [disable finger key fetching interface only]),
-      try_finger=$enableval, try_finger=yes)
-    AC_MSG_RESULT($try_finger)
-
-    AC_MSG_CHECKING([whether generic object key fetching support is requested])
-    AC_ARG_ENABLE(generic,
-      AC_HELP_STRING([--disable-generic],
-        [disable generic object key fetching interface only]),
-      try_generic=$enableval, try_generic=yes)
-    AC_MSG_RESULT($try_generic)
-
-    AC_MSG_CHECKING([whether email keyserver support is requested])
-    AC_ARG_ENABLE(mailto,
-      AC_HELP_STRING([--enable-mailto],
-       [enable email keyserver interface only]),
-      try_mailto=$enableval, try_mailto=no)
-    AC_MSG_RESULT($try_mailto)
-  fi
-
-  AC_MSG_CHECKING([whether keyserver exec-path is enabled])
-  AC_ARG_ENABLE(keyserver-path,
-      AC_HELP_STRING([--disable-keyserver-path],
-        [disable the exec-path option for keyserver helpers]),
-      [if test "$enableval" = no ; then
-         disable_keyserver_path=yes
-      fi],enableval=yes)
-  AC_MSG_RESULT($enableval)
 fi
 
 
@@ -353,6 +347,19 @@ AC_ARG_WITH(capabilities,
 [use_capabilities="$withval"],[use_capabilities=no])
 AC_MSG_RESULT($use_capabilities)
 
+#
+# Check whether to disable the card support
+AC_MSG_CHECKING([whether smartcard support is requested])
+AC_ARG_ENABLE(card-support,
+              AC_HELP_STRING([--disable-card-support],
+                             [disable smartcard support]),
+              card_support=$enableval)
+AC_MSG_RESULT($card_support)
+if test "$card_support" = yes ; then
+  AC_DEFINE(ENABLE_CARD_SUPPORT,1,[Define to include smartcard support])
+else
+  build_scdaemon=no
+fi
 
 #
 # Allow disabling of internal CCID support.
@@ -365,15 +372,10 @@ AC_ARG_ENABLE(ccid-driver,
               use_ccid_driver=$enableval)
 AC_MSG_RESULT($use_ccid_driver)
 
-#
-# Dirmngr is nowadays a system service and thus it usually does no
-# make sense to start it as needed.  However on some systems this is
-# possible; this option enable the feature.
-#
 AC_MSG_CHECKING([whether to auto start dirmngr])
 AC_ARG_ENABLE(dirmngr-auto-start,
-              AC_HELP_STRING([--enable-dirmngr-auto-start],
-                             [enable auto starting of the dirmngr]),
+              AC_HELP_STRING([--disable-dirmngr-auto-start],
+                             [disable auto starting of the dirmngr]),
               dirmngr_auto_start=$enableval)
 AC_MSG_RESULT($dirmngr_auto_start)
 if test "$dirmngr_auto_start" = yes ; then
@@ -442,7 +444,8 @@ AH_BOTTOM([
 #else
 #define GNUPG_DEFAULT_HOMEDIR "~/.gnupg"
 #endif
-#define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d"
+#define GNUPG_PRIVATE_KEYS_DIR  "private-keys-v1.d"
+#define GNUPG_OPENPGP_REVOC_DIR "openpgp-revocs.d"
 
 /* For some systems (DOS currently), we hardcode the path here.  For
    POSIX systems the values are constructed by the Makefiles, so that
@@ -494,10 +497,15 @@ AH_BOTTOM([
 # endif
 #endif
 
+/* Provide the es_ macro for estream.  */
+#define GPGRT_ENABLE_ES_MACROS 1
 
 /* Tell libgcrypt not to use its own libgpg-error implementation. */
 #define USE_LIBGPG_ERROR 1
 
+/* Tell Libgcrypt not to include deprecated definitions.  */
+#define GCRYPT_NO_DEPRECATED 1
+
 /* We use jnlib, so tell other modules about it.  */
 #define HAVE_JNLIB_LOGGING 1
 
@@ -509,14 +517,6 @@ AH_BOTTOM([
    handler.  */
 #define HTTP_NO_WSASTARTUP
 
-/* We always include support for the OpenPGP card.  */
-#define ENABLE_CARD_SUPPORT 1
-
-/* We want to use the libgcrypt provided memory allocation for
-   asprintf.  */
-#define _ESTREAM_PRINTF_REALLOC       gcry_realloc
-#define _ESTREAM_PRINTF_EXTRA_INCLUDE "../common/util.h"
-
 /* Under Windows we use the gettext code from libgpg-error.  */
 #define GPG_ERR_ENABLE_GETTEXT_MACROS
 
@@ -539,6 +539,7 @@ AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir)
 AM_MISSING_PROG(AUTOMAKE, automake, $missing_dir)
 AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir)
 AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir)
+AM_SILENT_RULES
 AC_PROG_AWK
 AC_PROG_CC
 AC_PROG_CPP
@@ -575,6 +576,7 @@ AC_ARG_VAR(CC_FOR_BUILD,[build system C compiler])
 
 
 try_gettext=yes
+require_iconv=yes
 have_dosish_system=no
 have_w32_system=no
 have_w32ce_system=no
@@ -593,7 +595,6 @@ case "${host}" in
                   [Because the Unix gettext has too much overhead on
                    MingW32 systems and these systems lack Posix functions,
                    we use a simplified version of gettext])
-        disable_keyserver_path=yes
         have_dosish_system=yes
         have_w32_system=yes
         run_tests=no
@@ -652,6 +653,9 @@ case "${host}" in
         ;;
     *-linux-androideabi)
         have_android_system=yes
+        # Android is fully utf-8 and we do not want to use iconv to
+        # keeps things simple
+        require_iconv=no
         run_tests=no
         ;;
     *)
@@ -693,10 +697,6 @@ if test "$use_ldapwrapper" = yes; then
 fi
 AM_CONDITIONAL(USE_LDAPWRAPPER, test "$use_ldapwrapper" = yes)
 
-if test "$disable_keyserver_path" = yes; then
-    AC_DEFINE(DISABLE_KEYSERVER_PATH,1,
-              [Defined to disable exec-path for keyserver helpers])
-fi
 
 #
 # Allows enabling the use of a standard socket by default This is
@@ -725,15 +725,6 @@ fi
 # (These need to go after AC_PROG_CC so that $EXEEXT is defined)
 AC_DEFINE_UNQUOTED(EXEEXT,"$EXEEXT",[The executable file extension, if any])
 
-if test x"$try_hkp" = xyes ; then
-  AC_SUBST(GPGKEYS_HKP,"gpg2keys_hkp$EXEEXT")
-fi
-
-if test x"$try_finger" = xyes ; then
-  AC_SUBST(GPGKEYS_FINGER,"gpg2keys_finger$EXEEXT")
-fi
-
-
 
 #
 # Checks for libraries.
@@ -791,6 +782,7 @@ AC_SUBST(LIBUSB_LIBS)
 
 #
 # Check wether it is necessary to link against libdl.
+# (For example to load libpcsclite)
 #
 gnupg_dlopen_save_libs="$LIBS"
 LIBS=""
@@ -836,9 +828,10 @@ AC_DEFINE_UNQUOTED(SHRED,
 #
 AM_PATH_NPTH("$NEED_NPTH_API:$NEED_NPTH_VERSION",have_npth=yes,have_npth=no)
 if test "$have_npth" = "yes"; then
-  # We define this macro because some code parts require it.
-  AC_DEFINE(USE_NPTH, 1,
+  AC_DEFINE(HAVE_NPTH, 1,
               [Defined if the New Portable Thread Library is available])
+  AC_DEFINE(USE_NPTH, 1,
+              [Defined if support for nPth is requested and nPth is available])
 else
   AC_MSG_WARN([[
 ***
@@ -847,6 +840,26 @@ else
 ***]])
 fi
 
+#
+# Check whether GNUTLS is available
+#
+PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= $NEED_GNUTLS_VERSION],
+                               [have_gnutls=yes],
+                               [have_gnutls=no])
+if test "$have_gnutls" = "yes"; then
+  AC_SUBST([LIBGNUTLS_CFLAGS])
+  AC_SUBST([LIBGNUTLS_LIBS])
+  AC_DEFINE(HTTP_USE_GNUTLS, 1, [Enable GNUTLS support in http.c])
+else
+  tmp=$(echo "$LIBGNUTLS_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g')
+  AC_MSG_WARN([[
+***
+*** Building without GNUTLS - no TLS access to keyservers.
+***
+*** $tmp]])
+fi
+
+
 
 AC_MSG_NOTICE([checking for networking options])
 
@@ -893,12 +906,10 @@ AC_CHECK_FUNCS(adns_free)
 #
 # Now try for the resolver functions so we can use DNS for SRV, PA and CERT.
 #
-if test x"$try_hkp" = xyes || test x"$try_http" = xyes ; then
-  AC_ARG_ENABLE(dns-srv,
-     AC_HELP_STRING([--disable-dns-srv],
-                    [disable the use of DNS SRV in HKP and HTTP]),
-                use_dns_srv=$enableval,use_dns_srv=yes)
-fi
+AC_ARG_ENABLE(dns-srv,
+              AC_HELP_STRING([--disable-dns-srv],
+                             [disable the use of DNS SRV in HKP and HTTP]),
+              use_dns_srv=$enableval,use_dns_srv=yes)
 
 AC_ARG_ENABLE(dns-pka,
    AC_HELP_STRING([--disable-dns-pka],
@@ -1015,7 +1026,9 @@ AM_CONDITIONAL(USE_DNS_SRV, test x"$use_dns_srv" = xyes)
 #
 # Check for LDAP
 #
-if test "$try_ks_ldap" = yes || test "$build_dirmngr" = "yes" ; then
+# Note that running the check changes the variable
+# gnupg_have_ldap from "n/a" to "no" or "yes".
+if test "$build_dirmngr" = "yes" ; then
    GNUPG_CHECK_LDAP($NETLIBS)
    AC_CHECK_LIB(lber, ber_free,
                 [ LBER_LIBS="$LBER_LIBS -llber"
@@ -1027,44 +1040,23 @@ fi
 AC_SUBST(LBER_LIBS)
 
 #
-# Check for curl.  We fake the curl API if libcurl isn't installed.
-# We require 7.10 or later as we use curl_version_info().
-#
-LIBCURL_CHECK_CONFIG([yes],[7.10],,[fake_curl=yes])
-AM_CONDITIONAL(FAKE_CURL,test x"$fake_curl" = xyes)
-
-# Generic, for us, means curl
-
-if test x"$try_generic" = xyes ; then
-   AC_SUBST(GPGKEYS_CURL,"gpg2keys_curl$EXEEXT")
-fi
-
-#
 # Check for sendmail
 #
 # This isn't necessarily sendmail itself, but anything that gives a
 # sendmail-ish interface to the outside world.  That includes Exim,
 # Postfix, etc.  Basically, anything that can handle "sendmail -t".
-if test "$try_mailto" = yes ; then
-  AC_ARG_WITH(mailprog,
+AC_ARG_WITH(mailprog,
       AC_HELP_STRING([--with-mailprog=NAME],
                      [use "NAME -t" for mail transport]),
              ,with_mailprog=yes)
-
-  if test x"$with_mailprog" = xyes ; then
+if test x"$with_mailprog" = xyes ; then
     AC_PATH_PROG(SENDMAIL,sendmail,,$PATH:/usr/sbin:/usr/libexec:/usr/lib)
-    if test "$ac_cv_path_SENDMAIL" ; then
-      GPGKEYS_MAILTO="gpg2keys_mailto"
-    fi
-  elif test x"$with_mailprog" != xno ; then
+elif test x"$with_mailprog" != xno ; then
     AC_MSG_CHECKING([for a mail transport program])
     AC_SUBST(SENDMAIL,$with_mailprog)
     AC_MSG_RESULT($with_mailprog)
-    GPGKEYS_MAILTO="gpg2keys_mailto"
-  fi
 fi
 
-AC_SUBST(GPGKEYS_MAILTO)
 
 #
 # Construct a printable name of the OS
@@ -1100,7 +1092,14 @@ AC_DEFINE_UNQUOTED(PRINTABLE_OS_NAME, "$PRINTABLE_OS_NAME",
 #
 # Checking for iconv
 #
-AM_ICONV
+if test "$require_iconv" = yes; then
+  AM_ICONV
+else
+  LIBICONV=
+  LTLIBICONV=
+  AC_SUBST(LIBICONV)
+  AC_SUBST(LTLIBICONV)
+fi
 
 
 #
@@ -1134,7 +1133,7 @@ fi
 # We use HAVE_LANGINFO_CODESET in a couple of places.
 AM_LANGINFO_CODESET
 
-# Checks required for our use locales
+# Checks required for our use of locales
 gt_LC_MESSAGES
 
 
@@ -1210,16 +1209,6 @@ AC_CHECK_SIZEOF(time_t,,[[
 GNUPG_TIME_T_UNSIGNED
 
 
-# Ensure that we have UINT64_C before we bother to check for uint64_t
-# Fixme: really needed in gnupg?  I think it is only useful in libcgrypt.
-AC_CACHE_CHECK([for UINT64_C],[gnupg_cv_uint64_c_works],
-   AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <inttypes.h>]],
-       [[uint64_t foo=UINT64_C(42);]])],
-     gnupg_cv_uint64_c_works=yes,gnupg_cv_uint64_c_works=no))
-if test "$gnupg_cv_uint64_c_works" = "yes" ; then
-   AC_CHECK_SIZEOF(uint64_t)
-fi
-
 if test "$ac_cv_sizeof_unsigned_short" = "0" \
    || test "$ac_cv_sizeof_unsigned_int" = "0" \
    || test "$ac_cv_sizeof_unsigned_long" = "0"; then
@@ -1237,7 +1226,7 @@ AC_FUNC_VPRINTF
 AC_FUNC_FORK
 AC_CHECK_FUNCS([strerror strlwr tcgetattr mmap canonicalize_file_name])
 AC_CHECK_FUNCS([strcasecmp strncasecmp ctermid times gmtime_r strtoull])
-AC_CHECK_FUNCS([unsetenv fcntl ftruncate canonicalize_file_name])
+AC_CHECK_FUNCS([unsetenv fcntl ftruncate inet_ntop canonicalize_file_name])
 AC_CHECK_FUNCS([gettimeofday getrusage getrlimit setrlimit clock_gettime])
 AC_CHECK_FUNCS([atexit raise getpagesize strftime nl_langinfo setlocale])
 AC_CHECK_FUNCS([waitpid wait4 sigaction sigprocmask pipe getaddrinfo])
@@ -1356,12 +1345,13 @@ if test "$use_zip" = yes ; then
     ])
 
   AC_CHECK_HEADER(zlib.h,
-        AC_CHECK_LIB(z, deflateInit2_,
-         ZLIBS="-lz",
-         CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}),
-         CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags})
-
-  AC_DEFINE(HAVE_ZIP,1, [Defined if ZIP and ZLIB are supported])
+     AC_CHECK_LIB(z, deflateInit2_,
+       [
+       ZLIBS="-lz"
+       AC_DEFINE(HAVE_ZIP,1, [Defined if ZIP and ZLIB are supported])
+       ],
+       CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}),
+       CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags})
 fi
 
 
@@ -1435,21 +1425,36 @@ AC_SUBST(W32SOCKLIBS)
 #
 AC_MSG_NOTICE([checking for cc features])
 if test "$GCC" = yes; then
-    # Note that it is okay to use CFLAGS here because this are just
+    # Check whether gcc does not emit a diagnositc for unknow -Wno-*
+    # options.  This is the case for gcc >= 4.6
+    AC_MSG_CHECKING([if gcc ignores unknown -Wno-* options])
+    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 6 )
+#kickerror
+#endif]],[])],[_gcc_silent_wno=yes],[_gcc_silent_wno=no])
+    AC_MSG_RESULT($_gcc_silent_wno)
+
+    # Note that it is okay to use CFLAGS here because these are just
     # warning options and the user should have a chance of overriding
     # them.
     if test "$USE_MAINTAINER_MODE" = "yes"; then
         CFLAGS="$CFLAGS -O3 -Wall -Wcast-align -Wshadow -Wstrict-prototypes"
         CFLAGS="$CFLAGS -Wformat -Wno-format-y2k -Wformat-security"
-        AC_MSG_CHECKING([if gcc supports -Wno-missing-field-initializers])
-        _gcc_cflags_save=$CFLAGS
-        CFLAGS="-Wno-missing-field-initializers"
-        AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no)
-        AC_MSG_RESULT($_gcc_wopt)
-        CFLAGS=$_gcc_cflags_save;
+        if test x"$_gcc_silent_wno" = xyes ; then
+          _gcc_wopt=yes
+        else
+          AC_MSG_CHECKING([if gcc supports -Wno-missing-field-initializers])
+          _gcc_cflags_save=$CFLAGS
+          CFLAGS="-Wno-missing-field-initializers"
+          AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],
+                            [_gcc_wopt=yes],[_gcc_wopt=no])
+          AC_MSG_RESULT($_gcc_wopt)
+          CFLAGS=$_gcc_cflags_save;
+        fi
         if test x"$_gcc_wopt" = xyes ; then
           CFLAGS="$CFLAGS -W -Wno-sign-compare -Wno-missing-field-initializers"
         fi
+
         AC_MSG_CHECKING([if gcc supports -Wdeclaration-after-statement])
         _gcc_cflags_save=$CFLAGS
         CFLAGS="-Wdeclaration-after-statement"
@@ -1463,12 +1468,17 @@ if test "$GCC" = yes; then
         CFLAGS="$CFLAGS -Wall"
     fi
 
-    AC_MSG_CHECKING([if gcc supports -Wno-pointer-sign])
-    _gcc_cflags_save=$CFLAGS
-    CFLAGS="-Wno-pointer-sign"
-    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_psign=yes,_gcc_psign=no)
-    AC_MSG_RESULT($_gcc_psign)
-    CFLAGS=$_gcc_cflags_save;
+    if test x"$_gcc_silent_wno" = xyes ; then
+      _gcc_psign=yes
+    else
+      AC_MSG_CHECKING([if gcc supports -Wno-pointer-sign])
+      _gcc_cflags_save=$CFLAGS
+      CFLAGS="-Wno-pointer-sign"
+      AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],
+                        [_gcc_psign=yes],[_gcc_psign=no])
+      AC_MSG_RESULT($_gcc_psign)
+      CFLAGS=$_gcc_cflags_save;
+    fi
     if test x"$_gcc_psign" = xyes ; then
        CFLAGS="$CFLAGS -Wno-pointer-sign"
     fi
@@ -1497,18 +1507,8 @@ AC_ARG_ENABLE(optimization,
                    fi])
 
 #
-# Prepare building of estream
-#
-estream_INIT
-
-
-#
 # Decide what to build
 #
-if test "$have_adns" = "yes"; then
-  AC_SUBST(GPGKEYS_KDNS, "gpg2keys_kdns$EXEEXT")
-fi
-
 
 build_scdaemon_extra=""
 if test "$build_scdaemon" = "yes"; then
@@ -1521,16 +1521,8 @@ if test "$build_scdaemon" = "yes"; then
 fi
 
 
-if test "$build_agent_only" = "yes" ; then
-  build_gpg=no
-  build_gpgsm=no
-  build_scdaemon=no
-  build_tools=no
-  build_doc=no
-fi
-
 #
-# Set variables for use by th automake makefile.
+# Set variables for use by automake makefiles.
 #
 AM_CONDITIONAL(BUILD_GPG,         test "$build_gpg" = "yes")
 AM_CONDITIONAL(BUILD_GPGSM,       test "$build_gpgsm" = "yes")
@@ -1543,6 +1535,9 @@ AM_CONDITIONAL(BUILD_DOC,         test "$build_doc" = "yes")
 AM_CONDITIONAL(BUILD_SYMCRYPTRUN, test "$build_symcryptrun" = "yes")
 AM_CONDITIONAL(BUILD_GPGTAR,      test "$build_gpgtar" = "yes")
 
+AM_CONDITIONAL(ENABLE_CARD_SUPPORT, test "$card_support" = yes)
+AM_CONDITIONAL(NO_TRUST_MODELS, test "$use_trust_models" = no)
+
 AM_CONDITIONAL(RUN_GPG_TESTS,
                test x$cross_compiling = xno -a "$build_gpg" = yes )
 
@@ -1569,6 +1564,58 @@ if test "$build_g13" = yes ; then
 fi
 
 
+#
+# Define Name strings
+#
+AC_DEFINE_UNQUOTED(GNUPG_NAME, "GnuPG", [The name of the project])
+
+AC_DEFINE_UNQUOTED(GPG_NAME, "gpg", [The name of the OpenPGP tool])
+AC_DEFINE_UNQUOTED(GPG_DISP_NAME, "GnuPG", [The displayed name of gpg])
+
+AC_DEFINE_UNQUOTED(GPGSM_NAME, "gpgsm", [The name of the S/MIME tool])
+AC_DEFINE_UNQUOTED(GPGSM_DISP_NAME, "GPGSM", [The displayed name of gpgsm])
+
+AC_DEFINE_UNQUOTED(GPG_AGENT_NAME, "gpg-agent", [The name of the agent])
+AC_DEFINE_UNQUOTED(GPG_AGENT_DISP_NAME, "GPG Agent",
+                                        [The displayed name of gpg-agent])
+
+AC_DEFINE_UNQUOTED(SCDAEMON_NAME, "scdaemon", [The name of the scdaemon])
+AC_DEFINE_UNQUOTED(SCDAEMON_DISP_NAME, "SCDaemon",
+                                       [The displayed name of scdaemon])
+
+AC_DEFINE_UNQUOTED(DIRMNGR_NAME, "dirmngr", [The name of the dirmngr])
+AC_DEFINE_UNQUOTED(DIRMNGR_DISP_NAME, "DirMngr",
+                                      [The displayed name of dirmngr])
+
+AC_DEFINE_UNQUOTED(G13_NAME, "g13", [The name of the g13 tool])
+AC_DEFINE_UNQUOTED(G13_DISP_NAME, "G13", [The displayed name of g13])
+
+AC_DEFINE_UNQUOTED(GPGCONF_NAME, "gpgconf", [The name of the gpgconf tool])
+AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
+                                      [The displayed name of gpgconf])
+
+AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool])
+
+AC_DEFINE_UNQUOTED(GPG_AGENT_INFO_NAME, "GPG_AGENT_INFO",
+                   [The name of the agent info envvar])
+AC_DEFINE_UNQUOTED(GPG_AGENT_SOCK_NAME, "S.gpg-agent",
+                   [The name of the agent socket])
+AC_DEFINE_UNQUOTED(GPG_AGENT_SSH_SOCK_NAME, "S.gpg-agent.ssh",
+                   [The name of the agent socket for ssh])
+AC_DEFINE_UNQUOTED(DIRMNGR_INFO_NAME, "DIRMNGR_INFO",
+                   [The name of the dirmngr info envvar])
+AC_DEFINE_UNQUOTED(SCDAEMON_SOCK_NAME, "S.scdaemon",
+                   [The name of the SCdaemon socket])
+AC_DEFINE_UNQUOTED(DIRMNGR_SOCK_NAME, "S.dirmngr",
+                   [The name of the dirmngr socket])
+
+AC_DEFINE_UNQUOTED(GPGEXT_GPG, "gpg", [The standard binary file suffix])
+
+if test "$have_w32_system" = yes; then
+  AC_DEFINE_UNQUOTED(GNUPG_REGISTRY_DIR, "\\\\Software\\\\GNU\\\\GnuPG",
+                     [The directory part of the W32 registry keys])
+fi
+
 
 #
 # Provide information about the build.
@@ -1641,7 +1688,7 @@ if test "$gnupg_have_ldap" = "no"; then
     die=yes
     AC_MSG_NOTICE([[
 ***
-*** You need a LDAP library to build this program.
+*** The Dirmngr part requires an LDAP library
 *** Check out
 ***    http://www.openldap.org
 *** for a suitable implementation.
@@ -1667,6 +1714,19 @@ if test "$have_npth" = "no"; then
 ***]])
 fi
 
+if test "$require_iconv" = yes; then
+  if test "$am_func_iconv" != yes; then
+    die=yes
+    AC_MSG_NOTICE([[
+***
+*** The system does not provide a working iconv function.  Please
+*** install a suitable library; for example GNU Libiconv which is
+*** available at:
+***   http://ftp.gnu.org/gnu/libiconv/
+***]])
+  fi
+fi
+
 if test "$die" = "yes"; then
     AC_MSG_ERROR([[
 ***
@@ -1681,7 +1741,6 @@ AC_CONFIG_FILES([ m4/Makefile
 Makefile
 po/Makefile.in
 gl/Makefile
-include/Makefile
 common/Makefile
 common/w32info-rc.h
 kbx/Makefile
@@ -1698,9 +1757,6 @@ tests/Makefile
 tests/openpgp/Makefile
 tests/pkits/Makefile
 ])
-#keyserver/Makefile
-#keyserver/gpg2keys_mailto
-#keyserver/gpg2keys_test
 
 
 AC_OUTPUT
@@ -1729,6 +1785,9 @@ echo "
 
         Use standard socket: $use_standard_socket
         Dirmngr auto start:  $dirmngr_auto_start
+        Readline support:    $gnupg_cv_have_readline
+        DNS SRV support:     $use_dns_srv
+        TLS support:         $have_gnutls
 "
 if test x"$use_regex" != xyes ; then
 echo "