Fix comment of configure.
[gnupg.git] / configure.ac
index bd84633..dc1fc1a 100644 (file)
@@ -1,6 +1,6 @@
 # configure.ac - for GnuPG 2.1
-# Copyright (C) 1998-2012 Free Software Foundation, Inc.
-# Copyright (C) 1998-2015 Werner Koch
+# Copyright (C) 1998-2017 Free Software Foundation, Inc.
+# Copyright (C) 1998-2017 Werner Koch
 #
 # This file is part of GnuPG.
 #
@@ -15,7 +15,7 @@
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
-# along with this program; if not, see <http://www.gnu.org/licenses/>.
+# along with this program; if not, see <https://www.gnu.org/licenses/>.
 
 # Process this file with autoconf to produce a configure script.
 AC_PREREQ(2.61)
@@ -27,8 +27,8 @@ min_automake_version="1.14"
 # another commit and push so that the git magic is able to work.
 m4_define([mym4_package],[gnupg])
 m4_define([mym4_major], [2])
-m4_define([mym4_minor], [1])
-m4_define([mym4_micro], [10])
+m4_define([mym4_minor], [2])
+m4_define([mym4_micro], [2])
 
 # To start a new development series, i.e a new major or minor number
 # you need to mark an arbitrary commit before the first beta release
@@ -47,24 +47,28 @@ m4_define([mym4_version],      m4_argn(4, mym4_verslist))
 m4_define([mym4_revision],     m4_argn(7, mym4_verslist))
 m4_define([mym4_revision_dec], m4_argn(8, mym4_verslist))
 m4_esyscmd([echo ]mym4_version[>VERSION])
-AC_INIT([mym4_package],[mym4_version], [http://bugs.gnupg.org])
+AC_INIT([mym4_package],[mym4_version], [https://bugs.gnupg.org])
 
-NEED_GPG_ERROR_VERSION=1.16
+# When changing the SWDB tag please also adjust the hard coded tags in
+# build-aux/speedo.mk and Makefile.am
+AC_DEFINE_UNQUOTED(GNUPG_SWDB_TAG, "gnupg22", [swdb tag for this branch])
+
+NEED_GPG_ERROR_VERSION=1.24
 
 NEED_LIBGCRYPT_API=1
-NEED_LIBGCRYPT_VERSION=1.6.0
+NEED_LIBGCRYPT_VERSION=1.7.0
 
 NEED_LIBASSUAN_API=2
-NEED_LIBASSUAN_VERSION=2.1.0
+NEED_LIBASSUAN_VERSION=2.4.3
 
 NEED_KSBA_API=1
-NEED_KSBA_VERSION=1.2.0
+NEED_KSBA_VERSION=1.3.4
 
 NEED_NTBTLS_API=1
 NEED_NTBTLS_VERSION=0.1.0
 
 NEED_NPTH_API=1
-NEED_NPTH_VERSION=0.91
+NEED_NPTH_VERSION=1.2
 
 
 NEED_GNUTLS_VERSION=3.0
@@ -85,6 +89,7 @@ AB_INIT
 
 AC_GNU_SOURCE
 
+
 # Some status variables.
 have_gpg_error=no
 have_libgcrypt=no
@@ -95,7 +100,7 @@ have_gnutls=no
 have_sqlite=no
 have_npth=no
 have_libusb=no
-have_adns=no
+have_system_resolver=no
 gnupg_have_ldap="n/a"
 
 use_zip=yes
@@ -103,8 +108,9 @@ use_bzip2=yes
 use_exec=yes
 use_trust_models=yes
 use_tofu=yes
+use_libdns=yes
 card_support=yes
-use_ccid_driver=yes
+use_ccid_driver=auto
 dirmngr_auto_start=yes
 use_tls_library=no
 large_secmem=no
@@ -118,10 +124,12 @@ build_agent=yes
 GNUPG_BUILD_PROGRAM(scdaemon, yes)
 GNUPG_BUILD_PROGRAM(g13, no)
 GNUPG_BUILD_PROGRAM(dirmngr, yes)
-GNUPG_BUILD_PROGRAM(tools, yes)
 GNUPG_BUILD_PROGRAM(doc, yes)
 GNUPG_BUILD_PROGRAM(symcryptrun, no)
+# We use gpgtar to unpack test data, hence we always build it.  If the
+# user opts out, we simply don't install it.
 GNUPG_BUILD_PROGRAM(gpgtar, yes)
+GNUPG_BUILD_PROGRAM(wks-tools, no)
 
 AC_SUBST(PACKAGE)
 AC_SUBST(PACKAGE_GT)
@@ -190,7 +198,7 @@ test -n "$GNUPG_PROTECT_TOOL_PGM" \
       && show_gnupg_protect_tool_pgm="$GNUPG_PROTECT_TOOL_PGM"
 
 AC_ARG_WITH(dirmngr-ldap-pgm,
-    [  --with-dirmngr-ldap-pgm=PATH  Use PATH as the default for the dirmnge ldap wrapper)],
+    [  --with-dirmngr-ldap-pgm=PATH  Use PATH as the default for the dirmngr ldap wrapper)],
           GNUPG_DIRMNGR_LDAP_PGM="$withval", GNUPG_DIRMNGR_LDAP_PGM="" )
 AC_SUBST(GNUPG_DIRMNGR_LDAP_PGM)
 AM_CONDITIONAL(GNUPG_DIRMNGR_LDAP_PGM, test -n "$GNUPG_DIRMNGR_LDAP_PGM")
@@ -198,23 +206,18 @@ show_gnupg_dirmngr_ldap_pgm="(default)"
 test -n "$GNUPG_DIRMNGR_LDAP_PGM" \
       && show_gnupg_dirmngr_ldap_pgm="$GNUPG_DIRMNGR_LDAP_PGM"
 
+
 #
-# On some platforms gpg2 is usually installed as gpg without using a
-# symlink.  For correct operation of gpgconf it needs to know the
-# installed name of gpg.  This option sets "gpg2"'s installed name to
-# just "gpg".  Note that it might be required to rename gpg2 to gpg
-# manually after the build process.
+# For a long time gpg 2.x was installed as gpg2.  This changed with
+# 2.2.  This option can be used to install gpg under the name gpg2.
 #
-AC_ARG_ENABLE(gpg2-is-gpg,
-    AC_HELP_STRING([--enable-gpg2-is-gpg],[Set installed name of gpg2 to gpg]),
-    gpg2_is_gpg=$enableval)
-if test "$gpg2_is_gpg" = "yes"; then
-   name_of_installed_gpg=gpg
-else
-   name_of_installed_gpg=gpg2
+AC_ARG_ENABLE(gpg-is-gpg2,
+    AC_HELP_STRING([--enable-gpg-is-gpg2],[Set installed name of gpg to gpg2]),
+    gpg_is_gpg2=$enableval)
+if test "$gpg_is_gpg2" = "yes"; then
+   AC_DEFINE(USE_GPG2_HACK, 1, [Define to install gpg as gpg2])
 fi
-AC_DEFINE_UNQUOTED(NAME_OF_INSTALLED_GPG, "$name_of_installed_gpg",
-                   [The name of the installed GPG tool])
+AM_CONDITIONAL(USE_GPG2_HACK, test "$gpg_is_gpg2" = "yes")
 
 
 # SELinux support includes tracking of sensitive files to avoid
@@ -256,9 +259,22 @@ AC_MSG_CHECKING([whether to enable TOFU])
 AC_ARG_ENABLE(tofu,
                 AC_HELP_STRING([--disable-tofu],
                                [disable the TOFU trust model]),
-              use_tofu=$enableval, use_tofu=yes)
+              use_tofu=$enableval, use_tofu=$use_trust_models)
 AC_MSG_RESULT($use_tofu)
+if test "$use_trust_models" = no && test "$use_tofu" = yes; then
+    AC_MSG_ERROR([both --disable-trust-models and --enable-tofu given])
+fi
 
+AC_MSG_CHECKING([whether to enable libdns])
+AC_ARG_ENABLE(libdns,
+                AC_HELP_STRING([--disable-libdns],
+                               [do not build with libdns support]),
+              use_libdns=$enableval, use_libdns=yes)
+AC_MSG_RESULT($use_libdns)
+if test x"$use_libdns" = xyes ; then
+    AC_DEFINE(USE_LIBDNS, 1, [Build with integrated libdns support])
+fi
+AM_CONDITIONAL(USE_LIBDNS, test "$use_libdns" = yes)
 
 
 #
@@ -466,7 +482,8 @@ AH_BOTTOM([
 #define SAFE_VERSION_DOT  '.'
 #define SAFE_VERSION_DASH '-'
 
-/* Some global constants. */
+/* Some global constants.
+ * Note that the homedir must not end in a slash.  */
 #ifdef HAVE_DOSISH_SYSTEM
 # ifdef HAVE_DRIVE_LETTERS
 #  define GNUPG_DEFAULT_HOMEDIR "c:/gnupg"
@@ -585,10 +602,13 @@ AC_PROG_RANLIB
 AC_CHECK_TOOL(AR, ar, :)
 AC_PATH_PROG(PERL,"perl")
 AC_CHECK_TOOL(WINDRES, windres, :)
+AC_PATH_PROG(YAT2M, "yat2m", "./yat2m" )
+AC_ARG_VAR(YAT2M, [tool to convert texi to man pages])
 AC_ISC_POSIX
 AC_SYS_LARGEFILE
 GNUPG_CHECK_USTAR
 
+
 # We need to compile and run a program on the build machine.  A
 # comment in libgpg-error says that the AC_PROG_CC_FOR_BUILD macro in
 # the AC archive is broken for autoconf 2.57.  Given that there is no
@@ -604,6 +624,9 @@ fi
 AC_MSG_RESULT($CC_FOR_BUILD)
 AC_ARG_VAR(CC_FOR_BUILD,[build system C compiler])
 
+# We need to call this macro because other pkg-config macros are
+# not always used.
+PKG_PROG_PKG_CONFIG
 
 
 try_gettext=yes
@@ -612,7 +635,6 @@ have_dosish_system=no
 have_w32_system=no
 have_w32ce_system=no
 have_android_system=no
-run_tests=yes
 use_simple_gettext=no
 use_ldapwrapper=yes
 mmap_needed=yes
@@ -628,7 +650,7 @@ case "${host}" in
                    we use a simplified version of gettext])
         have_dosish_system=yes
         have_w32_system=yes
-        run_tests=no
+        require_iconv=no
         use_ldapwrapper=no  # Fixme: Do this only for CE.
         case "${host}" in
           *-mingw32ce*)
@@ -661,14 +683,14 @@ case "${host}" in
 
     *-*-hpux*)
         if test -z "$GCC" ; then
-            CFLAGS="$CFLAGS -Ae -D_HPUX_SOURCE"
+            CFLAGS="-Ae -D_HPUX_SOURCE $CFLAGS"
         fi
         ;;
     *-dec-osf4*)
         if test -z "$GCC" ; then
             # Suppress all warnings
             # to get rid of the unsigned/signed char mismatch warnings.
-            CFLAGS="$CFLAGS -w"
+            CFLAGS="-w $CFLAGS"
         fi
         ;;
     *-dec-osf5*)
@@ -677,17 +699,20 @@ case "${host}" in
             # get rid of the unsigned/signed char mismatch warnings.
             # Using this may hide other pointer mismatch warnings, but
            # it at least lets other warning classes through
-            CFLAGS="$CFLAGS -msg_disable ptrmismatch1"
+            CFLAGS="-msg_disable ptrmismatch1 $CFLAGS"
         fi
         ;;
     m68k-atari-mint)
         ;;
-    *-linux-androideabi)
+    *-linux-android*)
         have_android_system=yes
         # Android is fully utf-8 and we do not want to use iconv to
         # keeps things simple
         require_iconv=no
-        run_tests=no
+        ;;
+    *-apple-darwin*)
+        AC_DEFINE(_DARWIN_C_SOURCE, 900000L,
+                  Expose all libc features (__DARWIN_C_FULL).)
         ;;
     *)
        ;;
@@ -718,11 +743,6 @@ if test "$have_android_system" = yes; then
 fi
 AM_CONDITIONAL(HAVE_ANDROID_SYSTEM, test "$have_android_system" = yes)
 
-if test "$run_tests" = yes; then
-   AC_DEFINE(RUN_TESTS,1, [Defined if we should run the tests])
-fi
-AM_CONDITIONAL(RUN_TESTS, test "$run_tests" = yes)
-
 
 # (These need to go after AC_PROG_CC so that $EXEEXT is defined)
 AC_DEFINE_UNQUOTED(EXEEXT,"$EXEEXT",[The executable file extension, if any])
@@ -757,26 +777,7 @@ AM_PATH_LIBASSUAN("$NEED_LIBASSUAN_API:$NEED_LIBASSUAN_VERSION",
 if test "$have_libassuan" = "yes"; then
   AC_DEFINE_UNQUOTED(GNUPG_LIBASSUAN_VERSION, "$libassuan_version",
                      [version of the libassuan library])
-  # Starting with 2.4.1 we have Tor support in Libassuan.  */
-  ok=no
-  if test "$libassuan_version_major" -gt "2"; then
-    ok=yes
-  else
-    if test "$libassuan_version_major" -eq "2"; then
-      if test "$libassuan_version_minor" -gt "4"; then
-        ok=yes
-      else
-        if test "$libassuan_version_minor" -eq "4"; then
-          if test "$libassuan_version_micro" -ge "1"; then
-            ok=yes
-          fi
-        fi
-      fi
-    fi
-  fi
-  if test $ok = yes ;then
-    show_tor_support="only .onion"
-  fi
+  show_tor_support="only .onion"
 fi
 
 
@@ -790,19 +791,72 @@ AM_PATH_KSBA("$NEED_KSBA_API:$NEED_KSBA_VERSION",have_ksba=yes,have_ksba=no)
 # libusb allows us to use the integrated CCID smartcard reader driver.
 #
 # FiXME: Use GNUPG_CHECK_LIBUSB and modify to use separate AC_SUBSTs.
-if test "$use_ccid_driver" = yes ; then
-  AC_CHECK_LIB(usb, usb_bulk_write,
-                [ LIBUSB_LIBS="$LIBUSB_LIBS -lusb"
-                  AC_DEFINE(HAVE_LIBUSB,1,
-                           [defined if libusb is available])
-                  have_libusb=yes
-               ])
-  AC_CHECK_FUNCS(usb_create_match)
+if test "$use_ccid_driver" = auto || test "$use_ccid_driver" = yes; then
+   case "${host}" in
+     *-mingw32*)
+       LIBUSB_NAME=
+       LIBUSB_LIBS=
+       LIBUSB_CPPFLAGS=
+       ;;
+     *-*-darwin*)
+       LIBUSB_NAME=usb-1.0
+       LIBUSB_LIBS="-Wl,-framework,CoreFoundation -Wl,-framework,IOKit"
+       ;;
+     *-*-freebsd*)
+       # FreeBSD has a native 1.0 compatible library by -lusb.
+       LIBUSB_NAME=usb
+       LIBUSB_LIBS=
+       ;;
+     *)
+       LIBUSB_NAME=usb-1.0
+       LIBUSB_LIBS=
+       ;;
+   esac
+fi
+if test x"$LIBUSB_NAME" != x ; then
+   AC_CHECK_LIB($LIBUSB_NAME, libusb_init,
+                [ LIBUSB_LIBS="-l$LIBUSB_NAME $LIBUSB_LIBS"
+                  have_libusb=yes ])
+   AC_MSG_CHECKING([libusb include dir])
+   usb_incdir_found="no"
+   for _incdir in "" "/usr/include/libusb-1.0" "/usr/local/include/libusb-1.0"; do
+     _libusb_save_cppflags=$CPPFLAGS
+     if test -n "${_incdir}"; then
+       CPPFLAGS="-I${_incdir} ${CPPFLAGS}"
+     fi
+     AC_PREPROC_IFELSE([AC_LANG_SOURCE([[@%:@include <libusb.h>]])],
+     [usb_incdir=${_incdir}; usb_incdir_found="yes"], [])
+     CPPFLAGS=${_libusb_save_cppflags}
+     if test "$usb_incdir_found" = "yes"; then
+       break
+     fi
+   done
+   if test "$usb_incdir_found" = "yes"; then
+     AC_MSG_RESULT([${usb_incdir}])
+   else
+     AC_MSG_RESULT([not found])
+     usb_incdir=""
+     have_libusb=no
+     if test "$use_ccid_driver" != yes; then
+       use_ccid_driver=no
+     fi
+     LIBUSB_LIBS=""
+   fi
+
+   if test "$have_libusb" = yes; then
+     AC_DEFINE(HAVE_LIBUSB,1, [defined if libusb is available])
+   fi
+   if test x"$usb_incdir" = x; then
+     LIBUSB_CPPFLAGS=""
+   else
+     LIBUSB_CPPFLAGS="-I${usb_incdir}"
+   fi
 fi
 AC_SUBST(LIBUSB_LIBS)
+AC_SUBST(LIBUSB_CPPFLAGS)
 
 #
-# Check wether it is necessary to link against libdl.
+# Check whether it is necessary to link against libdl.
 # (For example to load libpcsclite)
 #
 gnupg_dlopen_save_libs="$LIBS"
@@ -938,6 +992,22 @@ else
   fi
 fi
 
+#
+# Allow to set a fixed trust store file for system provided certificates.
+#
+AC_ARG_WITH([default-trust-store-file],
+            [AC_HELP_STRING([--with-default-trust-store-file=FILE],
+                            [Use FILE as system trust store])],
+            default_trust_store_file="$withval",
+            default_trust_store_file="")
+if test x"$default_trust_store_file" = xno;then
+  default_trust_store_file=""
+fi
+if test x"$default_trust_store_file" != x ; then
+  AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_FILE],
+    ["$default_trust_store_file"], [Use as default system trust store file])
+fi
+
 
 AC_MSG_NOTICE([checking for networking options])
 
@@ -954,90 +1024,39 @@ AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt,
 
 
 #
-# Check for ADNS.
-#
-_cppflags="${CPPFLAGS}"
-_ldflags="${LDFLAGS}"
-AC_ARG_WITH(adns,
-            AC_HELP_STRING([--with-adns=DIR],
-                           [look for the adns library in DIR]),
-            [if test -d "$withval"; then
-               CPPFLAGS="${CPPFLAGS} -I$withval/include"
-               LDFLAGS="${LDFLAGS} -L$withval/lib"
-             fi])
-if test "$with_adns" != "no"; then
-  AC_CHECK_HEADERS(adns.h,AC_CHECK_LIB(adns, adns_init_strcfg,[have_adns=yes]))
-  AC_CHECK_FUNCS(adns_free)
-  AC_MSG_CHECKING([if adns supports adns_if_tormode])
-  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
-    #include <adns.h>
-    adns_initflags flags = adns_if_tormode;
-  ]],[])],[adns_if_tormode=yes],[adns_if_tormode=no])
-  AC_MSG_RESULT($adns_if_tormode)
-  if test x"$adns_if_tormode" = xyes; then
-    AC_DEFINE(HAVE_ADNS_IF_TORMODE,1,[define if adns_if_tormode is available])
-    if test "$show_tor_support" != "no"; then
-      show_tor_support=yes
-    fi
-  fi
-fi
-CPPFLAGS=${_cppflags}
-LDFLAGS=${_ldflags}
-if test "$have_adns" = "yes"; then
-  ADNSLIBS="-ladns"
-fi
-
-
-#
-# Now try for the resolver functions so we can use DNS for SRV, PA and CERT.
+# Check standard resolver functions.
 #
-AC_ARG_ENABLE(dns-srv,
-              AC_HELP_STRING([--disable-dns-srv],
-                             [disable the use of DNS SRV in HKP and HTTP]),
-              use_dns_srv=$enableval,use_dns_srv=yes)
-
-AC_ARG_ENABLE(dns-cert,
-   AC_HELP_STRING([--disable-dns-cert],
-       [disable the use of CERT records in DNS]),
-   use_dns_cert=$enableval,use_dns_cert=yes)
-
-if test x"$use_dns_srv" = xyes || test x"$use_dns_cert" = xyes; then
+if test "$build_dirmngr" = "yes"; then
   _dns_save_libs=$LIBS
   LIBS=""
 
-  if test x"$have_adns" = xyes ; then
-    # We prefer ADNS.
-    DNSLIBS="$ADNSLIBS"
-    AC_DEFINE(USE_ADNS,1,[Use ADNS as resolver library.])
+  # Find the system resolver which can always be enabled with
+  # the dirmngr option --standard-resolver.
 
-    if test x"$use_dns_srv" = xyes ; then
-        AC_DEFINE(USE_DNS_SRV,1)
-    fi
+  # the double underscore thing is a glibc-ism?
+  AC_SEARCH_LIBS(res_query,resolv bind,,
+                 AC_SEARCH_LIBS(__res_query,resolv bind,,have_resolver=no))
+  AC_SEARCH_LIBS(dn_expand,resolv bind,,
+                 AC_SEARCH_LIBS(__dn_expand,resolv bind,,have_resolver=no))
 
-    if test x"$use_dns_cert" = xyes ; then
-        AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT])
-    fi
-  else
-    # With no ADNS find the system resolver.
+  # macOS renames dn_skipname into res_9_dn_skipname in <resolv.h>,
+  # and for some reason fools us into believing we don't need
+  # -lresolv even if we do.  Since the test program checking for the
+  # symbol does not include <resolv.h>, we need to check for the
+  # renamed symbol explicitly.
+  AC_SEARCH_LIBS(res_9_dn_skipname,resolv bind,,
+      AC_SEARCH_LIBS(dn_skipname,resolv bind,,
+          AC_SEARCH_LIBS(__dn_skipname,resolv bind,,have_resolver=no)))
 
-    # the double underscore thing is a glibc-ism?
-    AC_SEARCH_LIBS(res_query,resolv bind,,
-                   AC_SEARCH_LIBS(__res_query,resolv bind,,have_resolver=no))
-    AC_SEARCH_LIBS(dn_expand,resolv bind,,
-                   AC_SEARCH_LIBS(__dn_expand,resolv bind,,have_resolver=no))
-    AC_SEARCH_LIBS(dn_skipname,resolv bind,,
-                   AC_SEARCH_LIBS(__dn_skipname,resolv bind,,have_resolver=no))
-
-    if test x"$have_resolver" != xno ; then
+  if test x"$have_resolver" != xno ; then
 
       # Make sure that the BIND 4 resolver interface is workable before
       # enabling any code that calls it.  At some point I'll rewrite the
       # code to use the BIND 8 resolver API.
-      # We might also want to use adns instead.  Problem with ADNS is that
-      # it does not support v6.
+      # We might also want to use libdns instead.
 
-      AC_MSG_CHECKING([whether the resolver is usable])
-      AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
+    AC_MSG_CHECKING([whether the resolver is usable])
+    AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
 #include <netinet/in.h>
 #include <arpa/nameser.h>
 #include <resolv.h>]],
@@ -1046,15 +1065,15 @@ if test x"$use_dns_srv" = xyes || test x"$use_dns_cert" = xyes; then
   dn_skipname(0,0);
   dn_expand(0,0,0,0,0);
 ]])],have_resolver=yes,have_resolver=no)
-      AC_MSG_RESULT($have_resolver)
+    AC_MSG_RESULT($have_resolver)
 
-      # This is Apple-specific and somewhat bizarre as they changed the
-      # define in bind 8 for some reason.
+    # This is Apple-specific and somewhat bizarre as they changed the
+    # define in bind 8 for some reason.
 
-      if test x"$have_resolver" != xyes ; then
-         AC_MSG_CHECKING(
-             [whether I can make the resolver usable with BIND_8_COMPAT])
-        AC_LINK_IFELSE([AC_LANG_PROGRAM([[#define BIND_8_COMPAT
+    if test x"$have_resolver" != xyes ; then
+      AC_MSG_CHECKING(
+           [whether I can make the resolver usable with BIND_8_COMPAT])
+      AC_LINK_IFELSE([AC_LANG_PROGRAM([[#define BIND_8_COMPAT
 #include <sys/types.h>
 #include <netinet/in.h>
 #include <arpa/nameser.h>
@@ -1063,27 +1082,33 @@ if test x"$use_dns_srv" = xyes || test x"$use_dns_cert" = xyes; then
   res_query("foo.bar",C_IN,T_A,answer,PACKETSZ);
   dn_skipname(0,0); dn_expand(0,0,0,0,0);
 ]])],[have_resolver=yes ; need_compat=yes])
-         AC_MSG_RESULT($have_resolver)
-      fi
+      AC_MSG_RESULT($have_resolver)
     fi
+  fi
 
-    if test x"$have_resolver" = xyes ; then
-      DNSLIBS=$LIBS
-
-      if test x"$use_dns_srv" = xyes ; then
-         AC_DEFINE(USE_DNS_SRV,1,[define to use DNS SRV])
-      fi
-
-      if test x"$use_dns_cert" = xyes ; then
-        AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT])
-      fi
+  if test x"$have_resolver" = xyes ; then
+    AC_DEFINE(HAVE_SYSTEM_RESOLVER,1,[The system's resolver is usable.])
+    DNSLIBS="$DNSLIBS $LIBS"
+    if test x"$need_compat" = xyes ; then
+      AC_DEFINE(BIND_8_COMPAT,1,[an Apple OSXism])
+    fi
+    if test "$use_libdns" = yes; then
+     show_tor_support=yes
+    fi
+  elif test "$use_libdns" = yes; then
+    show_tor_support=yes
+  else
+    AC_MSG_WARN([[
+***
+*** The system's DNS resolver is not usable.
+*** Dirmngr functionality is limited.
+***]])
+    show_tor_support="${show_tor_support} (no system resolver)"
+  fi
 
-      if test x"$need_compat" = xyes ; then
-        AC_DEFINE(BIND_8_COMPAT,1,[an Apple OSXism])
-      fi
-    else
-      use_dns_srv=no
-      use_dns_cert=no
+  if test "$have_w32_system" = yes; then
+    if test "$use_libdns" = yes; then
+      DNSLIBS="$DNSLIBS -liphlpapi"
     fi
   fi
 
@@ -1092,8 +1117,6 @@ fi
 
 AC_SUBST(DNSLIBS)
 
-AM_CONDITIONAL(USE_DNS_SRV, test x"$use_dns_srv" = xyes)
-
 
 #
 # Check for LDAP
@@ -1253,7 +1276,9 @@ AC_MSG_NOTICE([checking for header files])
 AC_HEADER_STDC
 AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h \
                   pty.h utmp.h pwd.h inttypes.h signal.h sys/select.h     \
-                  signal.h])
+                  stdint.h signal.h util.h libutil.h termios.h \
+                  ucred.h sys/sysmacros.h sys/mkdev.h])
+
 AC_HEADER_TIME
 
 
@@ -1336,9 +1361,27 @@ AC_CHECK_FUNCS([waitpid wait4 sigaction sigprocmask pipe getaddrinfo])
 AC_CHECK_FUNCS([ttyname rand ftello fsync stat lstat])
 AC_CHECK_FUNCS([memicmp stpcpy strsep strlwr strtoul memmove stricmp strtol \
                 memrchr isascii timegm getrusage setrlimit stat setlocale   \
-                flockfile funlockfile fopencookie funopen getpwnam getpwuid \
+                flockfile funlockfile getpwnam getpwuid \
                 getenv inet_pton strpbrk])
 
+# On some systems (e.g. Solaris) nanosleep requires linking to librl.
+# Given that we use nanosleep only as an optimization over a select
+# based wait function we want it only if it is available in libc.
+_save_libs="$LIBS"
+AC_SEARCH_LIBS([nanosleep], [],
+               [AC_DEFINE(HAVE_NANOSLEEP,1,
+                [Define to 1 if you have the `nanosleep' function in libc.])])
+LIBS="$_save_libs"
+
+
+# See whether libc supports the Linux inotify interface
+case "${host}" in
+    *-*-linux*)
+        AC_CHECK_FUNCS([inotify_init])
+        ;;
+esac
+
+
 if test "$have_android_system" = yes; then
    # On Android ttyname is a stub but prints an error message.
    AC_DEFINE(HAVE_BROKEN_TTYNAME,1,
@@ -1349,9 +1392,20 @@ AC_CHECK_TYPES([struct sigaction, sigset_t],,,[#include <signal.h>])
 
 # Dirmngr requires mmap on Unix systems.
 if test $ac_cv_func_mmap != yes -a $mmap_needed = yes; then
-  AC_MSG_ERROR([[Sorry, the current implemenation requires mmap.]])
+  AC_MSG_ERROR([[Sorry, the current implementation requires mmap.]])
 fi
 
+
+#
+# Check for the getsockopt SO_PEERCRED, etc.
+#
+AC_CHECK_MEMBERS([struct ucred.pid, struct ucred.cr_pid, struct sockpeercred.pid], [], [], [#include <sys/types.h>
+#include <sys/socket.h> ])
+
+# (Open)Solaris
+AC_CHECK_FUNCS([getpeerucred])
+
+
 #
 # W32 specific test
 #
@@ -1485,6 +1539,11 @@ if test "$development_version" = yes; then
             [Defined if this is not a regular release])
 fi
 
+if test "$USE_MAINTAINER_MODE" = "yes"; then
+    AC_DEFINE(MAINTAINER_MODE,1,
+            [Defined if this build is in maintainer mode])
+fi
+
 AM_CONDITIONAL(CROSS_COMPILING, test x$cross_compiling = xyes)
 
 GNUPG_CHECK_GNUMAKE
@@ -1509,9 +1568,13 @@ AC_SUBST(W32SOCKLIBS)
 #
 # Setup gcc specific options
 #
+USE_C99_CFLAGS=
 AC_MSG_NOTICE([checking for cc features])
 if test "$GCC" = yes; then
-    # Check whether gcc does not emit a diagnositc for unknow -Wno-*
+    mycflags=
+    mycflags_save=$CFLAGS
+
+    # Check whether gcc does not emit a diagnositc for unknown -Wno-*
     # options.  This is the case for gcc >= 4.6
     AC_MSG_CHECKING([if gcc ignores unknown -Wno-* options])
     AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
@@ -1524,62 +1587,72 @@ if test "$GCC" = yes; then
     # warning options and the user should have a chance of overriding
     # them.
     if test "$USE_MAINTAINER_MODE" = "yes"; then
-        CFLAGS="$CFLAGS -O3 -Wall -Wcast-align -Wshadow -Wstrict-prototypes"
-        CFLAGS="$CFLAGS -Wformat -Wno-format-y2k -Wformat-security"
+        mycflags="$mycflags -O3 -Wall -Wcast-align -Wshadow -Wstrict-prototypes"
+        mycflags="$mycflags -Wformat -Wno-format-y2k -Wformat-security"
         if test x"$_gcc_silent_wno" = xyes ; then
           _gcc_wopt=yes
         else
           AC_MSG_CHECKING([if gcc supports -Wno-missing-field-initializers])
-          _gcc_cflags_save=$CFLAGS
           CFLAGS="-Wno-missing-field-initializers"
           AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],
                             [_gcc_wopt=yes],[_gcc_wopt=no])
           AC_MSG_RESULT($_gcc_wopt)
-          CFLAGS=$_gcc_cflags_save;
         fi
         if test x"$_gcc_wopt" = xyes ; then
-          CFLAGS="$CFLAGS -W -Wno-sign-compare -Wno-missing-field-initializers"
+          mycflags="$mycflags -W -Wno-sign-compare"
+          mycflags="$mycflags -Wno-missing-field-initializers"
         fi
 
         AC_MSG_CHECKING([if gcc supports -Wdeclaration-after-statement])
-        _gcc_cflags_save=$CFLAGS
         CFLAGS="-Wdeclaration-after-statement"
         AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no)
         AC_MSG_RESULT($_gcc_wopt)
-        CFLAGS=$_gcc_cflags_save;
         if test x"$_gcc_wopt" = xyes ; then
-          CFLAGS="$CFLAGS -Wdeclaration-after-statement"
+          mycflags="$mycflags -Wdeclaration-after-statement"
+        fi
+
+        AC_MSG_CHECKING([if gcc supports -Wlogical-op and -Wvla])
+        CFLAGS="-Wlogical-op -Wvla"
+        AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no)
+        AC_MSG_RESULT($_gcc_wopt)
+        if test x"$_gcc_wopt" = xyes ; then
+          mycflags="$mycflags -Wlogical-op -Wvla"
         fi
+
     else
-        CFLAGS="$CFLAGS -Wall"
+        mycflags="$mycflags -Wall"
     fi
 
     if test x"$_gcc_silent_wno" = xyes ; then
       _gcc_psign=yes
     else
       AC_MSG_CHECKING([if gcc supports -Wno-pointer-sign])
-      _gcc_cflags_save=$CFLAGS
       CFLAGS="-Wno-pointer-sign"
       AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],
                         [_gcc_psign=yes],[_gcc_psign=no])
       AC_MSG_RESULT($_gcc_psign)
-      CFLAGS=$_gcc_cflags_save;
     fi
     if test x"$_gcc_psign" = xyes ; then
-       CFLAGS="$CFLAGS -Wno-pointer-sign"
+       mycflags="$mycflags -Wno-pointer-sign"
     fi
 
     AC_MSG_CHECKING([if gcc supports -Wpointer-arith])
-    _gcc_cflags_save=$CFLAGS
     CFLAGS="-Wpointer-arith"
     AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_psign=yes,_gcc_psign=no)
     AC_MSG_RESULT($_gcc_psign)
-    CFLAGS=$_gcc_cflags_save;
     if test x"$_gcc_psign" = xyes ; then
-       CFLAGS="$CFLAGS -Wpointer-arith"
+       mycflags="$mycflags -Wpointer-arith"
+    fi
+
+    CFLAGS="$mycflags $mycflags_save"
+    if test "$use_libdns" = yes; then
+       # dirmngr/dns.{c,h} require C99 and GNU extensions.  */
+       USE_C99_CFLAGS="-std=gnu99"
     fi
 fi
 
+AC_SUBST(USE_C99_CFLAGS)
+
 
 #
 # This is handy for debugging so the compiler doesn't rearrange
@@ -1593,6 +1666,46 @@ AC_ARG_ENABLE(optimization,
                    fi])
 
 #
+# Add -Werror to CFLAGS.  This hack can be used to avoid problems with
+# misbehaving autoconf tests in case the user supplied -Werror.
+#
+AC_ARG_ENABLE(werror,
+   AC_HELP_STRING([--enable-werror],
+                  [append -Werror to CFLAGS]),
+                  [if test $enableval = yes ; then
+                      CFLAGS="$CFLAGS -Werror"
+                   fi])
+
+#
+# Configure option --enable-all-tests
+#
+AC_MSG_CHECKING([whether "make check" shall run all tests])
+AC_ARG_ENABLE(all-tests,
+              AC_HELP_STRING([--enable-all-tests],
+                             [let "make check" run all tests]),
+              run_all_tests=$enableval, run_all_tests=no)
+AC_MSG_RESULT($run_all_tests)
+if test "$run_all_tests" = "yes"; then
+    AC_DEFINE(RUN_ALL_TESTS,1,
+            [Defined if "make check" shall run all tests])
+fi
+
+#
+# We do not want support for the GNUPG_BUILDDIR environment variable
+# in a released version.  However, our regression tests suite requires
+# this and thus we build with support for it during "make distcheck".
+# This configure option implements this along with the top Makefile's
+# AM_DISTCHECK_CONFIGURE_FLAGS.
+#
+gnupg_builddir_envvar=no
+AC_ARG_ENABLE(gnupg-builddir-envvar,,
+              gnupg_builddir_envvar=$enableval)
+if test x"$gnupg_builddir_envvar" = x"yes"; then
+   AC_DEFINE(ENABLE_GNUPG_BUILDDIR_ENVVAR, 1,
+      [This is only used with "make distcheck"])
+fi
+
+#
 # Decide what to build
 #
 
@@ -1616,18 +1729,15 @@ AM_CONDITIONAL(BUILD_AGENT,       test "$build_agent" = "yes")
 AM_CONDITIONAL(BUILD_SCDAEMON,    test "$build_scdaemon" = "yes")
 AM_CONDITIONAL(BUILD_G13,         test "$build_g13" = "yes")
 AM_CONDITIONAL(BUILD_DIRMNGR,     test "$build_dirmngr" = "yes")
-AM_CONDITIONAL(BUILD_TOOLS,       test "$build_tools" = "yes")
 AM_CONDITIONAL(BUILD_DOC,         test "$build_doc" = "yes")
 AM_CONDITIONAL(BUILD_SYMCRYPTRUN, test "$build_symcryptrun" = "yes")
 AM_CONDITIONAL(BUILD_GPGTAR,      test "$build_gpgtar" = "yes")
+AM_CONDITIONAL(BUILD_WKS_TOOLS,   test "$build_wks_tools" = "yes")
 
 AM_CONDITIONAL(ENABLE_CARD_SUPPORT, test "$card_support" = yes)
 AM_CONDITIONAL(NO_TRUST_MODELS,     test "$use_trust_models" = no)
 AM_CONDITIONAL(USE_TOFU,            test "$use_tofu" = yes)
 
-AM_CONDITIONAL(RUN_GPG_TESTS,
-               test x$cross_compiling = xno -a "$build_gpg" = yes )
-
 #
 # Set some defines for use gpgconf.
 #
@@ -1644,7 +1754,7 @@ if test "$build_scdaemon" = yes ; then
     AC_DEFINE(BUILD_WITH_SCDAEMON,1,[Defined if SCDAEMON is to be build])
 fi
 if test "$build_dirmngr" = yes ; then
-    AC_DEFINE(BUILD_WITH_DIRMNGR,1,[Defined if SCDAEMON is to be build])
+    AC_DEFINE(BUILD_WITH_DIRMNGR,1,[Defined if DIRMNGR is to be build])
 fi
 if test "$build_g13" = yes ; then
     AC_DEFINE(BUILD_WITH_G13,1,[Defined if G13 is to be build])
@@ -1685,6 +1795,10 @@ AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool])
 
 AC_DEFINE_UNQUOTED(GPG_AGENT_SOCK_NAME, "S.gpg-agent",
                    [The name of the agent socket])
+AC_DEFINE_UNQUOTED(GPG_AGENT_EXTRA_SOCK_NAME, "S.gpg-agent.extra",
+                   [The name of the agent socket for remote access])
+AC_DEFINE_UNQUOTED(GPG_AGENT_BROWSER_SOCK_NAME, "S.gpg-agent.browser",
+                   [The name of the agent socket for browsers])
 AC_DEFINE_UNQUOTED(GPG_AGENT_SSH_SOCK_NAME, "S.gpg-agent.ssh",
                    [The name of the agent socket for ssh])
 AC_DEFINE_UNQUOTED(DIRMNGR_INFO_NAME, "DIRMNGR_INFO",
@@ -1693,6 +1807,9 @@ AC_DEFINE_UNQUOTED(SCDAEMON_SOCK_NAME, "S.scdaemon",
                    [The name of the SCdaemon socket])
 AC_DEFINE_UNQUOTED(DIRMNGR_SOCK_NAME, "S.dirmngr",
                    [The name of the dirmngr socket])
+AC_DEFINE_UNQUOTED(DIRMNGR_DEFAULT_KEYSERVER,
+                   "hkps://hkps.pool.sks-keyservers.net",
+      [The default keyserver for dirmngr to use, if none is explicitly given])
 
 AC_DEFINE_UNQUOTED(GPGEXT_GPG, "gpg", [The standard binary file suffix])
 
@@ -1726,12 +1843,13 @@ AC_ARG_ENABLE([build-timestamp],
         BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date`
       else
         BUILD_TIMESTAMP="$enableval"
-      fi],
-     [BUILD_TIMESTAMP="<none>"])
+      fi
+      BUILD_HOSTNAME="$ac_hostname"],
+     [BUILD_TIMESTAMP="<none>"
+      BUILD_HOSTNAME="<anon>"])
 AC_SUBST(BUILD_TIMESTAMP)
 AC_DEFINE_UNQUOTED(BUILD_TIMESTAMP, "$BUILD_TIMESTAMP",
                    [The time this package was configured for a build])
-BUILD_HOSTNAME="$ac_hostname"
 AC_SUBST(BUILD_HOSTNAME)
 
 
@@ -1746,7 +1864,7 @@ if test "$have_gpg_error" = "no"; then
 ***
 *** You need libgpg-error to build this program.
 **  This library is for example available at
-***   ftp://ftp.gnupg.org/gcrypt/libgpg-error
+***   https://gnupg.org/ftp/gcrypt/libgpg-error
 *** (at least version $NEED_GPG_ERROR_VERSION is required.)
 ***]])
 fi
@@ -1756,7 +1874,7 @@ if test "$have_libgcrypt" = "no"; then
 ***
 *** You need libgcrypt to build this program.
 **  This library is for example available at
-***   ftp://ftp.gnupg.org/gcrypt/libgcrypt/
+***   https://gnupg.org/ftp/gcrypt/libgcrypt/
 *** (at least version $NEED_LIBGCRYPT_VERSION (API $NEED_LIBGCRYPT_API) is required.)
 ***]])
 fi
@@ -1766,7 +1884,7 @@ if test "$have_libassuan" = "no"; then
 ***
 *** You need libassuan to build this program.
 *** This library is for example available at
-***   ftp://ftp.gnupg.org/gcrypt/libassuan/
+***   https://gnupg.org/ftp/gcrypt/libassuan/
 *** (at least version $NEED_LIBASSUAN_VERSION (API $NEED_LIBASSUAN_API) is required).
 ***]])
 fi
@@ -1776,7 +1894,7 @@ if test "$have_ksba" = "no"; then
 ***
 *** You need libksba to build this program.
 *** This library is for example available at
-***   ftp://ftp.gnupg.org/gcrypt/libksba/
+***   https://gnupg.org/ftp/gcrypt/libksba/
 *** (at least version $NEED_KSBA_VERSION using API $NEED_KSBA_API is required).
 ***]])
 fi
@@ -1797,7 +1915,7 @@ if test "$have_npth" = "no"; then
 *** It is now required to build with support for the
 *** New Portable Threads Library (nPth). Please install this
 *** library first.  The library is for example available at
-***   ftp://ftp.gnupg.org/gcrypt/npth/
+***   https://gnupg.org/ftp/gcrypt/npth/
 *** (at least version $NEED_NPTH_VERSION (API $NEED_NPTH_API) is required).
 ***]])
 fi
@@ -1810,7 +1928,18 @@ if test "$require_iconv" = yes; then
 *** The system does not provide a working iconv function.  Please
 *** install a suitable library; for example GNU Libiconv which is
 *** available at:
-***   http://ftp.gnu.org/gnu/libiconv/
+***   https://ftp.gnu.org/gnu/libiconv/
+***]])
+  fi
+fi
+
+if test "$use_ccid_driver" = yes; then
+  if test "$have_libusb" != yes; then
+    die=yes
+    AC_MSG_NOTICE([[
+***
+*** You need libusb to build the internal ccid driver.  Please
+*** install a libusb suitable for your system.
 ***]])
   fi
 fi
@@ -1841,7 +1970,11 @@ tools/gpg-zip
 tools/Makefile
 doc/Makefile
 tests/Makefile
+tests/gpgscm/Makefile
 tests/openpgp/Makefile
+tests/migrations/Makefile
+tests/gpgsm/Makefile
+tests/gpgme/Makefile
 tests/pkits/Makefile
 g10/gpg.w32-manifest
 ])
@@ -1863,6 +1996,7 @@ echo "
         G13:       $build_g13
         Dirmngr:   $build_dirmngr
         Gpgtar:    $build_gpgtar
+        WKS tools: $build_wks_tools
 
         Protect tool:      $show_gnupg_protect_tool_pgm
         LDAP wrapper:      $show_gnupg_dirmngr_ldap_pgm
@@ -1874,7 +2008,6 @@ echo "
         Dirmngr auto start:  $dirmngr_auto_start
         Readline support:    $gnupg_cv_have_readline
         LDAP support:        $gnupg_have_ldap
-        DNS SRV support:     $use_dns_srv
         TLS support:         $use_tls_library
         TOFU support:        $use_tofu
         Tor support:         $show_tor_support