wks: Set published keys world-readable.
[gnupg.git] / configure.ac
index b3c7678..bec7428 100644 (file)
@@ -1,6 +1,6 @@
 # configure.ac - for GnuPG 2.1
-# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
-#               2008, 2009, 2010, 2011 Free Software Foundation, Inc.
+# Copyright (C) 1998-2012 Free Software Foundation, Inc.
+# Copyright (C) 1998-2016 Werner Koch
 #
 # This file is part of GnuPG.
 #
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
-# along with this program; if not, see <http://www.gnu.org/licenses/>.
+# along with this program; if not, see <https://www.gnu.org/licenses/>.
 
 # Process this file with autoconf to produce a configure script.
 AC_PREREQ(2.61)
-min_automake_version="1.10"
+min_automake_version="1.14"
+
+# To build a release you need to create a tag with the version number
+# (git tag -s gnupg-2.n.m) and run "./autogen.sh --force".  Please
+# bump the version number immediately *after* the release and do
+# another commit and push so that the git magic is able to work.
+m4_define([mym4_package],[gnupg])
+m4_define([mym4_major], [2])
+m4_define([mym4_minor], [1])
+m4_define([mym4_micro], [20])
+
+# To start a new development series, i.e a new major or minor number
+# you need to mark an arbitrary commit before the first beta release
+# with an annotated tag.  For example the 2.1 branch starts off with
+# the tag "gnupg-2.1-base".  This is used as the base for counting
+# beta numbers before the first release of a series.
+
+# Below is m4 magic to extract and compute the git revision number,
+# the decimalized short revision number, a beta version string and a
+# flag indicating a development version (mym4_isbeta).  Note that the
+# m4 processing is done by autoconf and not during the configure run.
+m4_define([mym4_verslist], m4_split(m4_esyscmd([./autogen.sh --find-version] \
+                           mym4_package mym4_major mym4_minor mym4_micro),[:]))
+m4_define([mym4_isbeta],       m4_argn(2, mym4_verslist))
+m4_define([mym4_version],      m4_argn(4, mym4_verslist))
+m4_define([mym4_revision],     m4_argn(7, mym4_verslist))
+m4_define([mym4_revision_dec], m4_argn(8, mym4_verslist))
+m4_esyscmd([echo ]mym4_version[>VERSION])
+AC_INIT([mym4_package],[mym4_version], [https://bugs.gnupg.org])
+
+NEED_GPG_ERROR_VERSION=1.24
 
-# Remember to change the version number immediately *after* a release.
-# Set my_issvn to "yes" for non-released code.  Remember to run an
-# "svn up" and "autogen.sh" right before creating a distribution.
-m4_define([my_version], [2.1.0beta3])
-m4_define([my_issvn], [no])
+NEED_LIBGCRYPT_API=1
+NEED_LIBGCRYPT_VERSION=1.7.0
 
-m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \
-          | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)]))
-m4_define([git_revision], m4_esyscmd([git branch -v 2>/dev/null \
-          | awk '/^\* / {printf "%s",$3}']))
-m4_define([my_full_version], [my_version[]m4_if(my_issvn,[yes],
-          [m4_if(git_revision,[],[-svn[]svn_revision],[-git[]git_revision])])])
+NEED_LIBASSUAN_API=2
+NEED_LIBASSUAN_VERSION=2.4.3
 
-AC_INIT([gnupg],[my_full_version], [http://bugs.gnupg.org])
-# Set development_version to yes if the minor number is odd or you
-# feel that the default check for a development version is not
-# sufficient.
-development_version=no
+NEED_KSBA_API=1
+NEED_KSBA_VERSION=1.3.4
 
-NEED_GPG_ERROR_VERSION=1.10
+NEED_NTBTLS_API=1
+NEED_NTBTLS_VERSION=0.1.0
 
-NEED_LIBGCRYPT_API=1
-NEED_LIBGCRYPT_VERSION=1.5.0
+NEED_NPTH_API=1
+NEED_NPTH_VERSION=1.2
 
-NEED_LIBASSUAN_API=2
-NEED_LIBASSUAN_VERSION=2.0.3
 
-NEED_KSBA_API=1
-NEED_KSBA_VERSION=1.2.0
+NEED_GNUTLS_VERSION=3.0
 
+NEED_SQLITE_VERSION=3.7
 
+development_version=mym4_isbeta
 PACKAGE=$PACKAGE_NAME
 PACKAGE_GT=${PACKAGE_NAME}2
 VERSION=$PACKAGE_VERSION
 
-AC_CONFIG_AUX_DIR(scripts)
-AC_CONFIG_SRCDIR(sm/gpgsm.c)
-AM_CONFIG_HEADER(config.h)
-AM_INIT_AUTOMAKE($PACKAGE, $VERSION)
+AC_CONFIG_AUX_DIR([build-aux])
+AC_CONFIG_SRCDIR([sm/gpgsm.c])
+AC_CONFIG_HEADER([config.h])
+AM_INIT_AUTOMAKE([serial-tests dist-bzip2 no-dist-gzip])
 AC_CANONICAL_HOST
 AB_INIT
 
 AC_GNU_SOURCE
 
+# Before we do anything with the C compiler, we first save the user's
+# CFLAGS (they are restored at the end of the configure script).  This
+# is because some configure checks don't work with -Werror, but we'd
+# like to use -Werror with our build.
+CFLAGS_orig=$CFLAGS
+CFLAGS=
+
 # Some status variables.
 have_gpg_error=no
 have_libgcrypt=no
 have_libassuan=no
 have_ksba=no
-have_pth=no
+have_ntbtls=no
+have_gnutls=no
+have_sqlite=no
+have_npth=no
 have_libusb=no
-have_adns=no
+have_system_resolver=no
+gnupg_have_ldap="n/a"
 
 use_zip=yes
 use_bzip2=yes
 use_exec=yes
-disable_keyserver_path=no
-use_ccid_driver=yes
-use_standard_socket=yes
-dirmngr_auto_start=no
+use_trust_models=yes
+use_tofu=yes
+use_libdns=yes
+card_support=yes
+use_ccid_driver=auto
+dirmngr_auto_start=yes
+use_tls_library=no
+large_secmem=no
+show_tor_support=no
 
-try_ks_ldap=no
 
 GNUPG_BUILD_PROGRAM(gpg, yes)
 GNUPG_BUILD_PROGRAM(gpgsm, yes)
-GNUPG_BUILD_PROGRAM(agent, yes)
+# The agent is a required part and can't be disabled anymore.
+build_agent=yes
 GNUPG_BUILD_PROGRAM(scdaemon, yes)
-GNUPG_BUILD_PROGRAM(g13, yes)
+GNUPG_BUILD_PROGRAM(g13, no)
 GNUPG_BUILD_PROGRAM(dirmngr, yes)
 GNUPG_BUILD_PROGRAM(tools, yes)
 GNUPG_BUILD_PROGRAM(doc, yes)
 GNUPG_BUILD_PROGRAM(symcryptrun, no)
-GNUPG_BUILD_PROGRAM(gpgtar, no)
+# We use gpgtar to unpack test data, hence we always build it.  If the
+# user opts out, we simply don't install it.
+GNUPG_BUILD_PROGRAM(gpgtar, yes)
+GNUPG_BUILD_PROGRAM(wks-tools, no)
 
 AC_SUBST(PACKAGE)
 AC_SUBST(PACKAGE_GT)
@@ -108,6 +147,8 @@ AC_DEFINE_UNQUOTED(NEED_LIBGCRYPT_VERSION, "$NEED_LIBGCRYPT_VERSION",
                                        [Required version of Libgcrypt])
 AC_DEFINE_UNQUOTED(NEED_KSBA_VERSION, "$NEED_KSBA_VERSION",
                                        [Required version of Libksba])
+AC_DEFINE_UNQUOTED(NEED_NTBTLS_VERSION, "$NEED_NTBTLS_VERSION",
+                                       [Required version of NTBTLS])
 
 
 
@@ -160,7 +201,7 @@ test -n "$GNUPG_PROTECT_TOOL_PGM" \
       && show_gnupg_protect_tool_pgm="$GNUPG_PROTECT_TOOL_PGM"
 
 AC_ARG_WITH(dirmngr-ldap-pgm,
-    [  --with-dirmngr-ldap-pgm=PATH  Use PATH as the default for the dirmnge ldap wrapper)],
+    [  --with-dirmngr-ldap-pgm=PATH  Use PATH as the default for the dirmngr ldap wrapper)],
           GNUPG_DIRMNGR_LDAP_PGM="$withval", GNUPG_DIRMNGR_LDAP_PGM="" )
 AC_SUBST(GNUPG_DIRMNGR_LDAP_PGM)
 AM_CONDITIONAL(GNUPG_DIRMNGR_LDAP_PGM, test -n "$GNUPG_DIRMNGR_LDAP_PGM")
@@ -178,21 +219,11 @@ test -n "$GNUPG_DIRMNGR_LDAP_PGM" \
 AC_ARG_ENABLE(gpg2-is-gpg,
     AC_HELP_STRING([--enable-gpg2-is-gpg],[Set installed name of gpg2 to gpg]),
     gpg2_is_gpg=$enableval)
-if test "$gpg2_is_gpg" = "yes"; then
-   name_of_installed_gpg=gpg
-else
-   name_of_installed_gpg=gpg2
+if test "$gpg2_is_gpg" != "yes"; then
+   AC_DEFINE(USE_GPG2_HACK, 1, [Define to install gpg as gpg2])
 fi
-AC_DEFINE_UNQUOTED(NAME_OF_INSTALLED_GPG, "$name_of_installed_gpg",
-                   [The name of the installed GPG tool])
-
+AM_CONDITIONAL(USE_GPG2_HACK, test "$gpg2_is_gpg" != "yes")
 
-# Some folks want to use only the agent from this packet.  Make it
-# easier for them by providing the configure option
-# --enable-only-agent.
-AC_ARG_ENABLE(agent-only,
-    AC_HELP_STRING([--enable-agent-only],[build only the gpg-agent]),
-    build_agent_only=$enableval)
 
 # SELinux support includes tracking of sensitive files to avoid
 # leaking their contents through processing these files by gpg itself
@@ -203,6 +234,86 @@ AC_ARG_ENABLE(selinux-support,
               selinux_support=$enableval, selinux_support=no)
 AC_MSG_RESULT($selinux_support)
 
+
+AC_MSG_CHECKING([whether to allocate extra secure memory])
+AC_ARG_ENABLE(large-secmem,
+              AC_HELP_STRING([--enable-large-secmem],
+                             [allocate extra secure memory]),
+              large_secmem=$enableval, large_secmem=no)
+AC_MSG_RESULT($large_secmem)
+if test "$large_secmem" = yes ; then
+   SECMEM_BUFFER_SIZE=65536
+else
+   SECMEM_BUFFER_SIZE=32768
+fi
+AC_DEFINE_UNQUOTED(SECMEM_BUFFER_SIZE,$SECMEM_BUFFER_SIZE,
+                   [Size of secure memory buffer])
+
+AC_MSG_CHECKING([whether to enable trust models])
+AC_ARG_ENABLE(trust-models,
+              AC_HELP_STRING([--disable-trust-models],
+                             [disable all trust models except "always"]),
+              use_trust_models=$enableval)
+AC_MSG_RESULT($use_trust_models)
+if test "$use_trust_models" = no ; then
+    AC_DEFINE(NO_TRUST_MODELS, 1,
+             [Define to include only trust-model always])
+fi
+
+AC_MSG_CHECKING([whether to enable TOFU])
+AC_ARG_ENABLE(tofu,
+                AC_HELP_STRING([--disable-tofu],
+                               [disable the TOFU trust model]),
+              use_tofu=$enableval, use_tofu=$use_trust_models)
+AC_MSG_RESULT($use_tofu)
+if test "$use_trust_models" = no && test "$use_tofu" = yes; then
+    AC_MSG_ERROR([both --disable-trust-models and --enable-tofu given])
+fi
+
+AC_MSG_CHECKING([whether to enable libdns])
+AC_ARG_ENABLE(libdns,
+                AC_HELP_STRING([--disable-libdns],
+                               [do not build with libdns support]),
+              use_libdns=$enableval, use_libdns=yes)
+AC_MSG_RESULT($use_libdns)
+if test x"$use_libdns" = xyes ; then
+    AC_DEFINE(USE_LIBDNS, 1, [Build with integrated libdns support])
+fi
+AM_CONDITIONAL(USE_LIBDNS, test "$use_libdns" = yes)
+
+
+#
+# Options to disable algorithm
+#
+
+GNUPG_GPG_DISABLE_ALGO([rsa],[RSA public key])
+# Elgamal is a MUST algorithm
+# DSA is a MUST algorithm
+GNUPG_GPG_DISABLE_ALGO([ecdh],[ECDH public key])
+GNUPG_GPG_DISABLE_ALGO([ecdsa],[ECDSA public key])
+GNUPG_GPG_DISABLE_ALGO([eddsa],[EdDSA public key])
+
+GNUPG_GPG_DISABLE_ALGO([idea],[IDEA cipher])
+# 3DES is a MUST algorithm
+GNUPG_GPG_DISABLE_ALGO([cast5],[CAST5 cipher])
+GNUPG_GPG_DISABLE_ALGO([blowfish],[BLOWFISH cipher])
+GNUPG_GPG_DISABLE_ALGO([aes128],[AES128 cipher])
+GNUPG_GPG_DISABLE_ALGO([aes192],[AES192 cipher])
+GNUPG_GPG_DISABLE_ALGO([aes256],[AES256 cipher])
+GNUPG_GPG_DISABLE_ALGO([twofish],[TWOFISH cipher])
+GNUPG_GPG_DISABLE_ALGO([camellia128],[CAMELLIA128 cipher])
+GNUPG_GPG_DISABLE_ALGO([camellia192],[CAMELLIA192 cipher])
+GNUPG_GPG_DISABLE_ALGO([camellia256],[CAMELLIA256 cipher])
+
+GNUPG_GPG_DISABLE_ALGO([md5],[MD5 hash])
+# SHA1 is a MUST algorithm
+GNUPG_GPG_DISABLE_ALGO([rmd160],[RIPE-MD160 hash])
+GNUPG_GPG_DISABLE_ALGO([sha224],[SHA-224 hash])
+# SHA256 is a MUST algorithm for GnuPG.
+GNUPG_GPG_DISABLE_ALGO([sha384],[SHA-384 hash])
+GNUPG_GPG_DISABLE_ALGO([sha512],[SHA-512 hash])
+
+
 # Allow disabling of zip support.
 # This is in general not a good idea because according to rfc4880 OpenPGP
 # implementations SHOULD support ZLIB.
@@ -254,61 +365,6 @@ if test "$use_exec" = yes ; then
         fi],withval=no)
     AC_MSG_RESULT($withval)
   fi
-
-  AC_MSG_CHECKING([whether to enable external keyserver helpers])
-  AC_ARG_ENABLE(keyserver-helpers,
-      [  --disable-keyserver-helpers  disable all external keyserver support],
-      [if test "$enableval" = no ; then
-         AC_DEFINE(DISABLE_KEYSERVER_HELPERS,1,
-                  [define to disable keyserver helpers])
-      fi],enableval=yes)
-  gnupg_cv_enable_keyserver_helpers=$enableval
-  AC_MSG_RESULT($enableval)
-
-  if test "$gnupg_cv_enable_keyserver_helpers" = yes ; then
-    # LDAP is defined only after we confirm the library is available later
-    AC_MSG_CHECKING([whether LDAP keyserver support is requested])
-    AC_ARG_ENABLE(ldap,
-      AC_HELP_STRING([--disable-ldap],[disable LDAP keyserver interface only]),
-      try_ks_ldap=$enableval, try_ks_ldap=yes)
-    AC_MSG_RESULT($try_ks_ldap)
-
-    AC_MSG_CHECKING([whether HKP keyserver support is requested])
-    AC_ARG_ENABLE(hkp,
-      AC_HELP_STRING([--disable-hkp],[disable HKP keyserver interface only]),
-      try_hkp=$enableval, try_hkp=yes)
-    AC_MSG_RESULT($try_hkp)
-
-    AC_MSG_CHECKING([whether finger key fetching support is requested])
-    AC_ARG_ENABLE(finger,
-      AC_HELP_STRING([--disable-finger],
-        [disable finger key fetching interface only]),
-      try_finger=$enableval, try_finger=yes)
-    AC_MSG_RESULT($try_finger)
-
-    AC_MSG_CHECKING([whether generic object key fetching support is requested])
-    AC_ARG_ENABLE(generic,
-      AC_HELP_STRING([--disable-generic],
-        [disable generic object key fetching interface only]),
-      try_generic=$enableval, try_generic=yes)
-    AC_MSG_RESULT($try_generic)
-
-    AC_MSG_CHECKING([whether email keyserver support is requested])
-    AC_ARG_ENABLE(mailto,
-      AC_HELP_STRING([--enable-mailto],
-       [enable email keyserver interface only]),
-      try_mailto=$enableval, try_mailto=no)
-    AC_MSG_RESULT($try_mailto)
-  fi
-
-  AC_MSG_CHECKING([whether keyserver exec-path is enabled])
-  AC_ARG_ENABLE(keyserver-path,
-      AC_HELP_STRING([--disable-keyserver-path],
-        [disable the exec-path option for keyserver helpers]),
-      [if test "$enableval" = no ; then
-         disable_keyserver_path=yes
-      fi],enableval=yes)
-  AC_MSG_RESULT($enableval)
 fi
 
 
@@ -346,6 +402,19 @@ AC_ARG_WITH(capabilities,
 [use_capabilities="$withval"],[use_capabilities=no])
 AC_MSG_RESULT($use_capabilities)
 
+#
+# Check whether to disable the card support
+AC_MSG_CHECKING([whether smartcard support is requested])
+AC_ARG_ENABLE(card-support,
+              AC_HELP_STRING([--disable-card-support],
+                             [disable smartcard support]),
+              card_support=$enableval)
+AC_MSG_RESULT($card_support)
+if test "$card_support" = yes ; then
+  AC_DEFINE(ENABLE_CARD_SUPPORT,1,[Define to include smartcard support])
+else
+  build_scdaemon=no
+fi
 
 #
 # Allow disabling of internal CCID support.
@@ -358,15 +427,10 @@ AC_ARG_ENABLE(ccid-driver,
               use_ccid_driver=$enableval)
 AC_MSG_RESULT($use_ccid_driver)
 
-#
-# Dirmngr is nowadays a system service and thus it usually does no
-# make sense to start it as needed.  However on some systems this is
-# possible; this option enable the feature.
-#
 AC_MSG_CHECKING([whether to auto start dirmngr])
 AC_ARG_ENABLE(dirmngr-auto-start,
-              AC_HELP_STRING([--enable-dirmngr-auto-start],
-                             [enable auto starting of the dirmngr]),
+              AC_HELP_STRING([--disable-dirmngr-auto-start],
+                             [disable auto starting of the dirmngr]),
               dirmngr_auto_start=$enableval)
 AC_MSG_RESULT($dirmngr_auto_start)
 if test "$dirmngr_auto_start" = yes ; then
@@ -435,7 +499,8 @@ AH_BOTTOM([
 #else
 #define GNUPG_DEFAULT_HOMEDIR "~/.gnupg"
 #endif
-#define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d"
+#define GNUPG_PRIVATE_KEYS_DIR  "private-keys-v1.d"
+#define GNUPG_OPENPGP_REVOC_DIR "openpgp-revocs.d"
 
 /* For some systems (DOS currently), we hardcode the path here.  For
    POSIX systems the values are constructed by the Makefiles, so that
@@ -487,12 +552,14 @@ AH_BOTTOM([
 # endif
 #endif
 
+/* Provide the es_ macro for estream.  */
+#define GPGRT_ENABLE_ES_MACROS 1
 
 /* Tell libgcrypt not to use its own libgpg-error implementation. */
 #define USE_LIBGPG_ERROR 1
 
-/* We use jnlib, so tell other modules about it.  */
-#define HAVE_JNLIB_LOGGING 1
+/* Tell Libgcrypt not to include deprecated definitions.  */
+#define GCRYPT_NO_DEPRECATED 1
 
 /* Our HTTP code is used in estream mode.  */
 #define HTTP_USE_ESTREAM 1
@@ -502,19 +569,6 @@ AH_BOTTOM([
    handler.  */
 #define HTTP_NO_WSASTARTUP
 
-/* We always include support for the OpenPGP card.  */
-#define ENABLE_CARD_SUPPORT 1
-
-/* We explicitly need to disable PTH's soft mapping as Debian
-   currently enables it by default for no reason. */
-#define PTH_SYSCALL_SOFT 0
-
-/* We want to use the libgcrypt provided memory allocation for
-   asprintf.  */
-#define _ESTREAM_PRINTF_MALLOC        gcry_malloc
-#define _ESTREAM_PRINTF_FREE          gcry_free
-#define _ESTREAM_PRINTF_EXTRA_INCLUDE "../common/util.h"
-
 /* Under Windows we use the gettext code from libgpg-error.  */
 #define GPG_ERR_ENABLE_GETTEXT_MACROS
 
@@ -526,6 +580,7 @@ AH_BOTTOM([
 
 
 AM_MAINTAINER_MODE
+AC_ARG_VAR(SYSROOT,[locate config scripts also below that directory])
 
 # Checks for programs.
 AC_MSG_NOTICE([checking for programs])
@@ -537,6 +592,7 @@ AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir)
 AM_MISSING_PROG(AUTOMAKE, automake, $missing_dir)
 AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir)
 AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir)
+AM_SILENT_RULES
 AC_PROG_AWK
 AC_PROG_CC
 AC_PROG_CPP
@@ -551,10 +607,10 @@ AC_CHECK_TOOL(AR, ar, :)
 AC_PATH_PROG(PERL,"perl")
 AC_CHECK_TOOL(WINDRES, windres, :)
 AC_ISC_POSIX
-gl_EARLY
 AC_SYS_LARGEFILE
 GNUPG_CHECK_USTAR
 
+
 # We need to compile and run a program on the build machine.  A
 # comment in libgpg-error says that the AC_PROG_CC_FOR_BUILD macro in
 # the AC archive is broken for autoconf 2.57.  Given that there is no
@@ -570,12 +626,17 @@ fi
 AC_MSG_RESULT($CC_FOR_BUILD)
 AC_ARG_VAR(CC_FOR_BUILD,[build system C compiler])
 
+# We need to call this macro because other pkg-config macros are
+# not always used.
+PKG_PROG_PKG_CONFIG
 
 
 try_gettext=yes
+require_iconv=yes
 have_dosish_system=no
 have_w32_system=no
 have_w32ce_system=no
+have_android_system=no
 use_simple_gettext=no
 use_ldapwrapper=yes
 mmap_needed=yes
@@ -589,9 +650,9 @@ case "${host}" in
                   [Because the Unix gettext has too much overhead on
                    MingW32 systems and these systems lack Posix functions,
                    we use a simplified version of gettext])
-        disable_keyserver_path=yes
         have_dosish_system=yes
         have_w32_system=yes
+        require_iconv=no
         use_ldapwrapper=no  # Fixme: Do this only for CE.
         case "${host}" in
           *-mingw32ce*)
@@ -622,22 +683,16 @@ case "${host}" in
         try_gettext="no"
         ;;
 
-    *-*-freebsd*)
-       # FreeBSD
-       CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-       LDFLAGS="$LDFLAGS -L/usr/local/lib"
-       ;;
-
     *-*-hpux*)
         if test -z "$GCC" ; then
-            CFLAGS="$CFLAGS -Ae -D_HPUX_SOURCE"
+            CFLAGS="-Ae -D_HPUX_SOURCE $CFLAGS"
         fi
         ;;
     *-dec-osf4*)
         if test -z "$GCC" ; then
             # Suppress all warnings
             # to get rid of the unsigned/signed char mismatch warnings.
-            CFLAGS="$CFLAGS -w"
+            CFLAGS="-w $CFLAGS"
         fi
         ;;
     *-dec-osf5*)
@@ -646,11 +701,17 @@ case "${host}" in
             # get rid of the unsigned/signed char mismatch warnings.
             # Using this may hide other pointer mismatch warnings, but
            # it at least lets other warning classes through
-            CFLAGS="$CFLAGS -msg_disable ptrmismatch1"
+            CFLAGS="-msg_disable ptrmismatch1 $CFLAGS"
         fi
         ;;
     m68k-atari-mint)
         ;;
+    *-linux-android*)
+        have_android_system=yes
+        # Android is fully utf-8 and we do not want to use iconv to
+        # keeps things simple
+        require_iconv=no
+        ;;
     *)
        ;;
 esac
@@ -675,52 +736,15 @@ fi
 AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes)
 AM_CONDITIONAL(HAVE_W32CE_SYSTEM, test "$have_w32ce_system" = yes)
 
-if test "$use_ldapwrapper" = yes; then
-   AC_DEFINE(USE_LDAPWRAPPER,1, [Build dirmngr with LDAP wrapper process])
-fi
-AM_CONDITIONAL(USE_LDAPWRAPPER, test "$use_ldapwrapper" = yes)
-
-if test "$disable_keyserver_path" = yes; then
-    AC_DEFINE(DISABLE_KEYSERVER_PATH,1,
-              [Defined to disable exec-path for keyserver helpers])
-fi
-
-#
-# Allows enabling the use of a standard socket by default This is
-# gpg-agent's option --[no-]use-standard-socket.  For Windows we force
-# the use of this.
-#
-AC_MSG_CHECKING([whether to use a standard socket by default])
-AC_ARG_ENABLE(standard-socket,
-              AC_HELP_STRING([--disable-standard-socket],
-                             [don't use a standard socket by default]),
-              use_standard_socket=$enableval)
-tmp=""
-if test "$use_standard_socket" != yes; then
-  if test "$have_w32_system" = yes; then
-    use_standard_socket=yes
-    tmp=" (forced)"
-  fi
-fi
-AC_MSG_RESULT($use_standard_socket$tmp)
-if test "$use_standard_socket" = yes; then
-  AC_DEFINE(USE_STANDARD_SOCKET,1,
-            [Use the standard socket for the agent by default])
+if test "$have_android_system" = yes; then
+   AC_DEFINE(HAVE_ANDROID_SYSTEM,1, [Defined if we build for an Android system])
 fi
+AM_CONDITIONAL(HAVE_ANDROID_SYSTEM, test "$have_android_system" = yes)
 
 
 # (These need to go after AC_PROG_CC so that $EXEEXT is defined)
 AC_DEFINE_UNQUOTED(EXEEXT,"$EXEEXT",[The executable file extension, if any])
 
-if test x"$try_hkp" = xyes ; then
-  AC_SUBST(GPGKEYS_HKP,"gpg2keys_hkp$EXEEXT")
-fi
-
-if test x"$try_finger" = xyes ; then
-  AC_SUBST(GPGKEYS_FINGER,"gpg2keys_finger$EXEEXT")
-fi
-
-
 
 #
 # Checks for libraries.
@@ -751,10 +775,10 @@ AM_PATH_LIBASSUAN("$NEED_LIBASSUAN_API:$NEED_LIBASSUAN_VERSION",
 if test "$have_libassuan" = "yes"; then
   AC_DEFINE_UNQUOTED(GNUPG_LIBASSUAN_VERSION, "$libassuan_version",
                      [version of the libassuan library])
+  show_tor_support="only .onion"
 fi
 
 
-
 #
 # libksba is our X.509 support library
 #
@@ -765,19 +789,73 @@ AM_PATH_KSBA("$NEED_KSBA_API:$NEED_KSBA_VERSION",have_ksba=yes,have_ksba=no)
 # libusb allows us to use the integrated CCID smartcard reader driver.
 #
 # FiXME: Use GNUPG_CHECK_LIBUSB and modify to use separate AC_SUBSTs.
-if test "$use_ccid_driver" = yes ; then
-  AC_CHECK_LIB(usb, usb_bulk_write,
-                [ LIBUSB_LIBS="$LIBUSB_LIBS -lusb"
-                  AC_DEFINE(HAVE_LIBUSB,1,
-                           [defined if libusb is available])
-                  have_libusb=yes
-               ])
-  AC_CHECK_FUNCS(usb_create_match)
+if test "$use_ccid_driver" = auto || test "$use_ccid_driver" = yes; then
+   case "${host}" in
+     *-mingw32*)
+       LIBUSB_NAME=
+       LIBUSB_LIBS=
+       LIBUSB_CPPFLAGS=
+       ;;
+     *-*-darwin*)
+       LIBUSB_NAME=usb-1.0
+       LIBUSB_LIBS="-Wl,-framework,CoreFoundation -Wl,-framework,IOKit"
+       ;;
+     *-*-freebsd*)
+       # FreeBSD has a native 1.0 compatible library by -lusb.
+       LIBUSB_NAME=usb
+       LIBUSB_LIBS=
+       ;;
+     *)
+       LIBUSB_NAME=usb-1.0
+       LIBUSB_LIBS=
+       ;;
+   esac
+fi
+if test x"$LIBUSB_NAME" != x ; then
+   AC_CHECK_LIB($LIBUSB_NAME, libusb_init,
+                [ LIBUSB_LIBS="-l$LIBUSB_NAME $LIBUSB_LIBS"
+                  have_libusb=yes ])
+   AC_MSG_CHECKING([libusb include dir])
+   usb_incdir_found="no"
+   for _incdir in "" "/usr/include/libusb-1.0" "/usr/local/include/libusb-1.0"; do
+     _libusb_save_cppflags=$CPPFLAGS
+     if test -n "${_incdir}"; then
+       CPPFLAGS="-I${_incdir} ${CPPFLAGS}"
+     fi
+     AC_PREPROC_IFELSE([AC_LANG_SOURCE([[@%:@include <libusb.h>]])],
+     [usb_incdir=${_incdir}; usb_incdir_found="yes"], [])
+     CPPFLAGS=${_libusb_save_cppflags}
+     if test "$usb_incdir_found" = "yes"; then
+       break
+     fi
+   done
+   if test "$usb_incdir_found" = "yes"; then
+     AC_MSG_RESULT([${usb_incdir}])
+   else
+     AC_MSG_RESULT([not found])
+     usb_incdir=""
+     have_libusb=no
+     if test "$use_ccid_driver" != yes; then
+       use_ccid_driver=no
+     fi
+     LIBUSB_LIBS=""
+   fi
+
+   if test "$have_libusb" = yes; then
+     AC_DEFINE(HAVE_LIBUSB,1, [defined if libusb is available])
+   fi
+   if test x"$usb_incdir" = x; then
+     LIBUSB_CPPFLAGS=""
+   else
+     LIBUSB_CPPFLAGS="-I${usb_incdir}"
+   fi
 fi
 AC_SUBST(LIBUSB_LIBS)
+AC_SUBST(LIBUSB_CPPFLAGS)
 
 #
 # Check wether it is necessary to link against libdl.
+# (For example to load libpcsclite)
 #
 gnupg_dlopen_save_libs="$LIBS"
 LIBS=""
@@ -786,6 +864,42 @@ DL_LIBS=$LIBS
 AC_SUBST(DL_LIBS)
 LIBS="$gnupg_dlopen_save_libs"
 
+
+# Checks for g10
+
+AC_ARG_ENABLE(sqlite,
+                AC_HELP_STRING([--disable-sqlite],
+                               [disable the use of SQLITE]),
+              try_sqlite=$enableval, try_sqlite=yes)
+
+if test x"$use_tofu" = xyes ; then
+  if test x"$try_sqlite" = xyes ; then
+    PKG_CHECK_MODULES([SQLITE3], [sqlite3 >= $NEED_SQLITE_VERSION],
+                                 [have_sqlite=yes],
+                                 [have_sqlite=no])
+  fi
+  if test "$have_sqlite" = "yes"; then
+    :
+    AC_SUBST([SQLITE3_CFLAGS])
+    AC_SUBST([SQLITE3_LIBS])
+  else
+    use_tofu=no
+    tmp=$(echo "$SQLITE3_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g')
+    AC_MSG_WARN([[
+***
+*** Building without SQLite support - TOFU disabled
+***
+*** $tmp]])
+  fi
+fi
+
+AM_CONDITIONAL(SQLITE3, test "$have_sqlite" = "yes")
+
+if test x"$use_tofu" = xyes ; then
+    AC_DEFINE(USE_TOFU, 1, [Enable to build the TOFU code])
+fi
+
+
 # Checks for g13
 
 AC_PATH_PROG(ENCFS, encfs, /usr/bin/encfs)
@@ -819,29 +933,80 @@ AC_DEFINE_UNQUOTED(SHRED,
 
 
 #
-# Check whether the GNU Pth library is available
-# Note, that we include a Pth emulation for W32.
+# Check whether the nPth library is available
 #
-if test "$have_w32_system" = yes; then
-  GNUPG_PATH_PTH([2.0.4])
-else
-  GNUPG_PATH_PTH
-fi
-if test "$have_pth" = "yes"; then
-  AC_DEFINE(USE_GNU_PTH, 1,
-              [Defined if the GNU Portable Thread Library should be used])
+AM_PATH_NPTH("$NEED_NPTH_API:$NEED_NPTH_VERSION",have_npth=yes,have_npth=no)
+if test "$have_npth" = "yes"; then
+  AC_DEFINE(HAVE_NPTH, 1,
+              [Defined if the New Portable Thread Library is available])
+  AC_DEFINE(USE_NPTH, 1,
+              [Defined if support for nPth is requested and nPth is available])
 else
   AC_MSG_WARN([[
 ***
-*** To support concurrent access to the gpg-agent and the SCdaemon
-*** we need the support of the GNU Portable Threads Library.
-*** Download it from ftp://ftp.gnu.org/gnu/pth/
-*** On a Debian GNU/Linux system you might want to try
-***   apt-get install libpth-dev
+*** To support concurrent access for example in gpg-agent and the SCdaemon
+*** we need the support of the New Portable Threads Library.
 ***]])
 fi
 
 
+#
+# NTBTLS is our TLS library.  If it is not available fallback to
+# GNUTLS.
+#
+AC_ARG_ENABLE(ntbtls,
+              AC_HELP_STRING([--disable-ntbtls],
+                             [disable the use of NTBTLS as TLS library]),
+              try_ntbtls=$enableval, try_ntbtls=yes)
+if test x"$try_ntbtls" = xyes ; then
+  AM_PATH_NTBTLS("$NEED_NTBTLS_API:$NEED_NTBTLS_VERSION",
+                 [have_ntbtls=yes],[have_ntbtls=no])
+fi
+if test "$have_ntbtls" = yes ; then
+   use_tls_library=ntbtls
+   AC_DEFINE(HTTP_USE_NTBTLS, 1, [Enable NTBTLS support in http.c])
+else
+  AC_ARG_ENABLE(gnutls,
+                AC_HELP_STRING([--disable-gnutls],
+                               [disable GNUTLS as fallback TLS library]),
+                try_gnutls=$enableval, try_gnutls=yes)
+  if test x"$try_gnutls" = xyes ; then
+    PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= $NEED_GNUTLS_VERSION],
+                                   [have_gnutls=yes],
+                                   [have_gnutls=no])
+  fi
+  if test "$have_gnutls" = "yes"; then
+    AC_SUBST([LIBGNUTLS_CFLAGS])
+    AC_SUBST([LIBGNUTLS_LIBS])
+    use_tls_library=gnutls
+    AC_DEFINE(HTTP_USE_GNUTLS, 1, [Enable GNUTLS support in http.c])
+  else
+    tmp=$(echo "$LIBGNUTLS_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g')
+    AC_MSG_WARN([[
+***
+*** Building without NTBTLS and GNUTLS - no TLS access to keyservers.
+***
+*** $tmp]])
+  fi
+fi
+
+#
+# Allow to set a fixed trust store file for system provided certificates.
+#
+AC_ARG_WITH([default-trust-store-file],
+            [AC_HELP_STRING([--with-default-trust-store-file=FILE],
+                            [Use FILE as system trust store])],
+            default_trust_store_file="$withval",
+            default_trust_store_file="")
+if test x"$default_trust_store_file" = xno;then
+  default_trust_store_file=""
+fi
+if test x"$default_trust_store_file" != x ; then
+  AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_FILE],
+    ["$default_trust_store_file"], [Use as default system trust store file])
+fi
+
+
 AC_MSG_NOTICE([checking for networking options])
 
 #
@@ -857,72 +1022,36 @@ AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt,
 
 
 #
-# Check for ADNS.
+# Check standard resolver functions.
 #
-_cppflags="${CPPFLAGS}"
-_ldflags="${LDFLAGS}"
-AC_ARG_WITH(adns,
-            AC_HELP_STRING([--with-adns=DIR],
-                           [look for the adns library in DIR]),
-            [if test -d "$withval"; then
-               CPPFLAGS="${CPPFLAGS} -I$withval/include"
-               LDFLAGS="${LDFLAGS} -L$withval/lib"
-             fi])
-if test "$with_adns" != "no"; then
-  AC_CHECK_HEADERS(adns.h,
-                AC_CHECK_LIB(adns, adns_init,
-                             [have_adns=yes],
-                             [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}]),
-                [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}])
-fi
-if test "$have_adns" = "yes"; then
-  ADNSLIBS="-ladns"
-fi
-AC_SUBST(ADNSLIBS)
-# Newer adns versions feature a free function to be used under W32.
-AC_CHECK_FUNCS(adns_free)
-
-
-
-#
-# Now try for the resolver functions so we can use DNS for SRV, PA and CERT.
-#
-if test x"$try_hkp" = xyes || test x"$try_http" = xyes ; then
-  AC_ARG_ENABLE(dns-srv,
-     AC_HELP_STRING([--disable-dns-srv],
-                    [disable the use of DNS SRV in HKP and HTTP]),
-                use_dns_srv=$enableval,use_dns_srv=yes)
-fi
-
-AC_ARG_ENABLE(dns-pka,
-   AC_HELP_STRING([--disable-dns-pka],
-       [disable the use of PKA records in DNS]),
-   use_dns_pka=$enableval,use_dns_pka=yes)
-
-AC_ARG_ENABLE(dns-cert,
-   AC_HELP_STRING([--disable-dns-cert],
-       [disable the use of CERT records in DNS]),
-   use_dns_cert=$enableval,use_dns_cert=yes)
-
-if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes \
-   || test x"$use_dns_cert" = xyes; then
+if test "$build_dirmngr" = "yes"; then
   _dns_save_libs=$LIBS
   LIBS=""
+
+  # Find the system resolver which can always be enabled with
+  # the dirmngr option --standard-resolver.
+
   # the double underscore thing is a glibc-ism?
   AC_SEARCH_LIBS(res_query,resolv bind,,
                  AC_SEARCH_LIBS(__res_query,resolv bind,,have_resolver=no))
   AC_SEARCH_LIBS(dn_expand,resolv bind,,
                  AC_SEARCH_LIBS(__dn_expand,resolv bind,,have_resolver=no))
-  AC_SEARCH_LIBS(dn_skipname,resolv bind,,
-                 AC_SEARCH_LIBS(__dn_skipname,resolv bind,,have_resolver=no))
+
+  # macOS renames dn_skipname into res_9_dn_skipname in <resolv.h>,
+  # and for some reason fools us into believing we don't need
+  # -lresolv even if we do.  Since the test program checking for the
+  # symbol does not include <resolv.h>, we need to check for the
+  # renamed symbol explicitly.
+  AC_SEARCH_LIBS(res_9_dn_skipname,resolv bind,,
+      AC_SEARCH_LIBS(dn_skipname,resolv bind,,
+          AC_SEARCH_LIBS(__dn_skipname,resolv bind,,have_resolver=no)))
 
   if test x"$have_resolver" != xno ; then
 
-    # Make sure that the BIND 4 resolver interface is workable before
-    # enabling any code that calls it.  At some point I'll rewrite the
-    # code to use the BIND 8 resolver API.
-    # We might also want to use adns instead.  Problem with ADNS is that
-    # it does not support v6.
+      # Make sure that the BIND 4 resolver interface is workable before
+      # enabling any code that calls it.  At some point I'll rewrite the
+      # code to use the BIND 8 resolver API.
+      # We might also want to use libdns instead.
 
     AC_MSG_CHECKING([whether the resolver is usable])
     AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
@@ -940,9 +1069,9 @@ if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes \
     # define in bind 8 for some reason.
 
     if test x"$have_resolver" != xyes ; then
-       AC_MSG_CHECKING(
-             [whether I can make the resolver usable with BIND_8_COMPAT])
-       AC_LINK_IFELSE([AC_LANG_PROGRAM([[#define BIND_8_COMPAT
+      AC_MSG_CHECKING(
+           [whether I can make the resolver usable with BIND_8_COMPAT])
+      AC_LINK_IFELSE([AC_LANG_PROGRAM([[#define BIND_8_COMPAT
 #include <sys/types.h>
 #include <netinet/in.h>
 #include <arpa/nameser.h>
@@ -951,51 +1080,34 @@ if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes \
   res_query("foo.bar",C_IN,T_A,answer,PACKETSZ);
   dn_skipname(0,0); dn_expand(0,0,0,0,0);
 ]])],[have_resolver=yes ; need_compat=yes])
-       AC_MSG_RESULT($have_resolver)
+      AC_MSG_RESULT($have_resolver)
     fi
   fi
 
   if test x"$have_resolver" = xyes ; then
-     DNSLIBS=$LIBS
-
-     if test x"$use_dns_srv" = xyes ; then
-        AC_DEFINE(USE_DNS_SRV,1,[define to use DNS SRV])
-     fi
-
-     if test x"$use_dns_pka" = xyes ; then
-        AC_DEFINE(USE_DNS_PKA,1,[define to use our experimental DNS PKA])
-     fi
-
-     if test x"$use_dns_cert" = xyes ; then
-        AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT])
-     fi
-
-     if test x"$need_compat" = xyes ; then
-        AC_DEFINE(BIND_8_COMPAT,1,[an Apple OSXism])
-     fi
+    AC_DEFINE(HAVE_SYSTEM_RESOLVER,1,[The system's resolver is usable.])
+    DNSLIBS="$DNSLIBS $LIBS"
+    if test x"$need_compat" = xyes ; then
+      AC_DEFINE(BIND_8_COMPAT,1,[an Apple OSXism])
+    fi
+    if test "$use_libdns" = yes; then
+     show_tor_support=yes
+    fi
+  elif test "$use_libdns" = yes; then
+    show_tor_support=yes
   else
-     # If we have no resolver library but ADNS (e.g. under W32) enable the
-     # code parts which can be used with ADNS.
-     if test x"$have_adns" = xyes ; then
-        DNSLIBS="$ADNSLIBS"
-        AC_DEFINE(USE_ADNS,1,[Use ADNS as resolver library.])
-
-        if test x"$use_dns_srv" = xyes ; then
-           AC_DEFINE(USE_DNS_SRV,1)
-        fi
-
-        if test x"$use_dns_pka" = xyes ; then
-           AC_DEFINE(USE_DNS_PKA,1)
-        fi
+    AC_MSG_WARN([[
+***
+*** The system's DNS resolver is not usable.
+*** Dirmngr functionality is limited.
+***]])
+    show_tor_support="${show_tor_support} (no system resolver)"
+  fi
 
-        if test x"$use_dns_cert" = xyes ; then
-           AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT])
-        fi
-     else
-        use_dns_srv=no
-        use_dns_pka=no
-        use_dns_cert=no
-     fi
+  if test "$have_w32_system" = yes; then
+    if test "$use_libdns" = yes; then
+      DNSLIBS="$DNSLIBS -liphlpapi"
+    fi
   fi
 
   LIBS=$_dns_save_libs
@@ -1003,28 +1115,51 @@ fi
 
 AC_SUBST(DNSLIBS)
 
-AM_CONDITIONAL(USE_DNS_SRV, test x"$use_dns_srv" = xyes)
-
 
 #
 # Check for LDAP
 #
-if test "$try_ks_ldap" = yes || test "$build_dirmngr" = "yes" ; then
-   GNUPG_CHECK_LDAP($NETLIBS)
+# Note that running the check changes the variable
+# gnupg_have_ldap from "n/a" to "no" or "yes".
+
+AC_ARG_ENABLE(ldap,
+    AC_HELP_STRING([--disable-ldap],[disable LDAP support]),
+    [if test "$enableval" = "no"; then gnupg_have_ldap=no; fi])
+
+if test "$gnupg_have_ldap" != "no" ; then
+  if test "$build_dirmngr" = "yes" ; then
+     GNUPG_CHECK_LDAP($NETLIBS)
+     AC_CHECK_LIB(lber, ber_free,
+                  [ LBER_LIBS="$LBER_LIBS -llber"
+                    AC_DEFINE(HAVE_LBER,1,
+                             [defined if liblber is available])
+                    have_lber=yes
+                 ])
+  fi
+fi
+AC_SUBST(LBER_LIBS)
+if test "$gnupg_have_ldap" = "no"; then
+    AC_MSG_WARN([[
+***
+*** Building without LDAP support.
+*** No CRL access or X.509 certificate search available.
+***]])
 fi
 
-#
-# Check for curl.  We fake the curl API if libcurl isn't installed.
-# We require 7.10 or later as we use curl_version_info().
-#
-LIBCURL_CHECK_CONFIG([yes],[7.10],,[fake_curl=yes])
-AM_CONDITIONAL(FAKE_CURL,test x"$fake_curl" = xyes)
-
-# Generic, for us, means curl
+AM_CONDITIONAL(USE_LDAP, [test "$gnupg_have_ldap" = yes])
+if test "$gnupg_have_ldap" = yes ; then
+  AC_DEFINE(USE_LDAP,1,[Defined if LDAP is support])
+else
+ use_ldapwrapper=no
+fi
 
-if test x"$try_generic" = xyes ; then
-   AC_SUBST(GPGKEYS_CURL,"gpg2keys_curl$EXEEXT")
+if test "$use_ldapwrapper" = yes; then
+   AC_DEFINE(USE_LDAPWRAPPER,1, [Build dirmngr with LDAP wrapper process])
 fi
+AM_CONDITIONAL(USE_LDAPWRAPPER, test "$use_ldapwrapper" = yes)
+
+
+
 
 #
 # Check for sendmail
@@ -1032,26 +1167,18 @@ fi
 # This isn't necessarily sendmail itself, but anything that gives a
 # sendmail-ish interface to the outside world.  That includes Exim,
 # Postfix, etc.  Basically, anything that can handle "sendmail -t".
-if test "$try_mailto" = yes ; then
-  AC_ARG_WITH(mailprog,
+AC_ARG_WITH(mailprog,
       AC_HELP_STRING([--with-mailprog=NAME],
                      [use "NAME -t" for mail transport]),
              ,with_mailprog=yes)
-
-  if test x"$with_mailprog" = xyes ; then
+if test x"$with_mailprog" = xyes ; then
     AC_PATH_PROG(SENDMAIL,sendmail,,$PATH:/usr/sbin:/usr/libexec:/usr/lib)
-    if test "$ac_cv_path_SENDMAIL" ; then
-      GPGKEYS_MAILTO="gpg2keys_mailto"
-    fi
-  elif test x"$with_mailprog" != xno ; then
+elif test x"$with_mailprog" != xno ; then
     AC_MSG_CHECKING([for a mail transport program])
     AC_SUBST(SENDMAIL,$with_mailprog)
     AC_MSG_RESULT($with_mailprog)
-    GPGKEYS_MAILTO="gpg2keys_mailto"
-  fi
 fi
 
-AC_SUBST(GPGKEYS_MAILTO)
 
 #
 # Construct a printable name of the OS
@@ -1087,7 +1214,14 @@ AC_DEFINE_UNQUOTED(PRINTABLE_OS_NAME, "$PRINTABLE_OS_NAME",
 #
 # Checking for iconv
 #
-AM_ICONV
+if test "$require_iconv" = yes; then
+  AM_ICONV
+else
+  LIBICONV=
+  LTLIBICONV=
+  AC_SUBST(LIBICONV)
+  AC_SUBST(LTLIBICONV)
+fi
 
 
 #
@@ -1121,7 +1255,7 @@ fi
 # We use HAVE_LANGINFO_CODESET in a couple of places.
 AM_LANGINFO_CODESET
 
-# Checks required for our use locales
+# Checks required for our use of locales
 gt_LC_MESSAGES
 
 
@@ -1139,7 +1273,8 @@ fi
 AC_MSG_NOTICE([checking for header files])
 AC_HEADER_STDC
 AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h \
-                  pty.h utmp.h pwd.h inttypes.h signal.h])
+                  pty.h utmp.h pwd.h inttypes.h signal.h sys/select.h     \
+                  stdint.h signal.h])
 AC_HEADER_TIME
 
 
@@ -1158,6 +1293,8 @@ AC_DECL_SYS_SIGLIST
 gl_HEADER_SYS_SOCKET
 gl_TYPE_SOCKLEN_T
 
+AC_SEARCH_LIBS([inet_addr], [nsl])
+
 AC_ARG_ENABLE(endian-check,
               AC_HELP_STRING([--disable-endian-check],
              [disable the endian check and trust the OS provided macros]),
@@ -1195,16 +1332,6 @@ AC_CHECK_SIZEOF(time_t,,[[
 GNUPG_TIME_T_UNSIGNED
 
 
-# Ensure that we have UINT64_C before we bother to check for uint64_t
-# Fixme: really needed in gnupg?  I think it is only useful in libcgrypt.
-AC_CACHE_CHECK([for UINT64_C],[gnupg_cv_uint64_c_works],
-   AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <inttypes.h>]],
-       [[uint64_t foo=UINT64_C(42);]])],
-     gnupg_cv_uint64_c_works=yes,gnupg_cv_uint64_c_works=no))
-if test "$gnupg_cv_uint64_c_works" = "yes" ; then
-   AC_CHECK_SIZEOF(uint64_t)
-fi
-
 if test "$ac_cv_sizeof_unsigned_short" = "0" \
    || test "$ac_cv_sizeof_unsigned_int" = "0" \
    || test "$ac_cv_sizeof_unsigned_long" = "0"; then
@@ -1222,11 +1349,40 @@ AC_FUNC_VPRINTF
 AC_FUNC_FORK
 AC_CHECK_FUNCS([strerror strlwr tcgetattr mmap canonicalize_file_name])
 AC_CHECK_FUNCS([strcasecmp strncasecmp ctermid times gmtime_r strtoull])
-AC_CHECK_FUNCS([unsetenv fcntl ftruncate canonicalize_file_name])
+AC_CHECK_FUNCS([setenv unsetenv fcntl ftruncate inet_ntop])
+AC_CHECK_FUNCS([canonicalize_file_name])
 AC_CHECK_FUNCS([gettimeofday getrusage getrlimit setrlimit clock_gettime])
 AC_CHECK_FUNCS([atexit raise getpagesize strftime nl_langinfo setlocale])
 AC_CHECK_FUNCS([waitpid wait4 sigaction sigprocmask pipe getaddrinfo])
 AC_CHECK_FUNCS([ttyname rand ftello fsync stat lstat])
+AC_CHECK_FUNCS([memicmp stpcpy strsep strlwr strtoul memmove stricmp strtol \
+                memrchr isascii timegm getrusage setrlimit stat setlocale   \
+                flockfile funlockfile getpwnam getpwuid \
+                getenv inet_pton strpbrk])
+
+# On some systems (e.g. Solaris) nanosleep requires linking to librl.
+# Given that we use nanosleep only as an optimization over a select
+# based wait function we want it only if it is available in libc.
+_save_libs="$LIBS"
+AC_SEARCH_LIBS([nanosleep], [],
+               [AC_DEFINE(HAVE_NANOSLEEP,1,
+                [Define to 1 if you have the `nanosleep' function in libc.])])
+LIBS="$_save_libs"
+
+
+# See whether libc supports the Linux inotify interface
+case "${host}" in
+    *-*-linux*)
+        AC_CHECK_FUNCS([inotify_init])
+        ;;
+esac
+
+
+if test "$have_android_system" = yes; then
+   # On Android ttyname is a stub but prints an error message.
+   AC_DEFINE(HAVE_BROKEN_TTYNAME,1,
+             [Defined if ttyname does not work properly])
+fi
 
 AC_CHECK_TYPES([struct sigaction, sigset_t],,,[#include <signal.h>])
 
@@ -1235,25 +1391,51 @@ if test $ac_cv_func_mmap != yes -a $mmap_needed = yes; then
   AC_MSG_ERROR([[Sorry, the current implemenation requires mmap.]])
 fi
 
-#
-# These are needed by the jnlib parts in common.
-# Note:  We already checked pwd.h.
-AC_CHECK_HEADERS([signal.h])
-AC_CHECK_FUNCS([memicmp stpcpy strsep strlwr strtoul memmove stricmp strtol \
-                memrchr isascii timegm getrusage setrlimit stat setlocale   \
-                flockfile funlockfile fopencookie funopen getpwnam getpwuid \
-                getenv inet_pton])
-# end jnlib checks.
-
-
 
 #
-# gnulib checks
+# Check for the getsockopt SO_PEERCRED
+# (This has been copied from libassuan)
 #
-gl_SOURCE_BASE([gl])
-gl_M4_BASE([gl/m4])
-gl_MODULES([setenv mkdtemp xsize strpbrk])
-gl_INIT
+AC_MSG_CHECKING(for SO_PEERCRED)
+AC_CACHE_VAL(gnupg_cv_sys_so_peercred,
+      [AC_TRY_COMPILE([#include <sys/socket.h>],
+         [struct ucred cr;
+          int cl = sizeof cr;
+          getsockopt (1, SOL_SOCKET, SO_PEERCRED, &cr, &cl);],
+          gnupg_cv_sys_so_peercred=yes,
+          gnupg_cv_sys_so_peercred=no)
+       ])
+AC_MSG_RESULT($gnupg_cv_sys_so_peercred)
+
+if test $gnupg_cv_sys_so_peercred = yes; then
+  AC_DEFINE(HAVE_SO_PEERCRED, 1,
+            [Defined if SO_PEERCRED is supported (Linux specific)])
+else
+  # Check for the getsockopt LOCAL_PEEREID (NetBSD)
+  AC_MSG_CHECKING(for LOCAL_PEEREID)
+  AC_CACHE_VAL(gnupg_cv_sys_so_local_peereid,
+      [AC_TRY_COMPILE([#include <sys/socket.>
+         #include <sys/un.h>],
+         [struct unpcbid unp;
+          int unpl = sizeof unp;
+          getsockopt (1, SOL_SOCKET, LOCAL_PEEREID, &unp, &unpl);],
+          gnupg_cv_sys_so_local_peereid=yes,
+          gnupg_cv_sys_so_local_peereid=no)
+       ])
+  AC_MSG_RESULT($gnupg_cv_sys_so_local_peereid)
+
+  if test $gnupg_cv_sys_so_local_peereid = yes; then
+    AC_DEFINE(HAVE_LOCAL_PEEREID, 1,
+              [Defined if LOCAL_PEEREID is supported (NetBSD specific)])
+  else
+    # (Open)Solaris
+    AC_CHECK_FUNCS([getpeerucred], AC_CHECK_HEADERS([ucred.h]))
+    if test $ac_cv_func_getpeerucred != yes; then
+        # FreeBSD
+        AC_CHECK_FUNCS([getpeereid])
+    fi
+  fi
+fi
 
 
 #
@@ -1335,12 +1517,13 @@ if test "$use_zip" = yes ; then
     ])
 
   AC_CHECK_HEADER(zlib.h,
-        AC_CHECK_LIB(z, deflateInit2_,
-         ZLIBS="-lz",
-         CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}),
-         CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags})
-
-  AC_DEFINE(HAVE_ZIP,1, [Defined if ZIP and ZLIB are supported])
+     AC_CHECK_LIB(z, deflateInit2_,
+       [
+       ZLIBS="-lz"
+       AC_DEFINE(HAVE_ZIP,1, [Defined if ZIP and ZLIB are supported])
+       ],
+       CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}),
+       CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags})
 fi
 
 
@@ -1382,19 +1565,7 @@ AC_SUBST(ZLIBS)
 # Check for readline support
 GNUPG_CHECK_READLINE
 
-#
-# Allow users to append something to the version string without
-# flagging it as development version.  The user version parts is
-# considered everything after a dash.
-#
-if test "$development_version" != yes; then
-  changequote(,)dnl
-  tmp_pat='[a-zA-Z]'
-  changequote([,])dnl
-  if echo "$VERSION" | sed 's/-.*//' | grep "$tmp_pat" >/dev/null ; then
-    development_version=yes
-  fi
-fi
+
 if test "$development_version" = yes; then
     AC_DEFINE(IS_DEVELOPMENT_VERSION,1,
             [Defined if this is not a regular release])
@@ -1424,57 +1595,91 @@ AC_SUBST(W32SOCKLIBS)
 #
 # Setup gcc specific options
 #
+USE_C99_CFLAGS=
 AC_MSG_NOTICE([checking for cc features])
 if test "$GCC" = yes; then
-    # Note that it is okay to use CFLAGS here because this are just
+    mycflags=
+    mycflags_save=$CFLAGS
+
+    # Check whether gcc does not emit a diagnositc for unknow -Wno-*
+    # options.  This is the case for gcc >= 4.6
+    AC_MSG_CHECKING([if gcc ignores unknown -Wno-* options])
+    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 6 )
+#kickerror
+#endif]],[])],[_gcc_silent_wno=yes],[_gcc_silent_wno=no])
+    AC_MSG_RESULT($_gcc_silent_wno)
+
+    # Note that it is okay to use CFLAGS here because these are just
     # warning options and the user should have a chance of overriding
     # them.
     if test "$USE_MAINTAINER_MODE" = "yes"; then
-        CFLAGS="$CFLAGS -O3 -Wall -Wcast-align -Wshadow -Wstrict-prototypes"
-        CFLAGS="$CFLAGS -Wformat -Wno-format-y2k -Wformat-security"
-        AC_MSG_CHECKING([if gcc supports -Wno-missing-field-initializers])
-        _gcc_cflags_save=$CFLAGS
-        CFLAGS="-Wno-missing-field-initializers"
-        AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no)
-        AC_MSG_RESULT($_gcc_wopt)
-        CFLAGS=$_gcc_cflags_save;
+        mycflags="$mycflags -O3 -Wall -Wcast-align -Wshadow -Wstrict-prototypes"
+        mycflags="$mycflags -Wformat -Wno-format-y2k -Wformat-security"
+        if test x"$_gcc_silent_wno" = xyes ; then
+          _gcc_wopt=yes
+        else
+          AC_MSG_CHECKING([if gcc supports -Wno-missing-field-initializers])
+          CFLAGS="-Wno-missing-field-initializers"
+          AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],
+                            [_gcc_wopt=yes],[_gcc_wopt=no])
+          AC_MSG_RESULT($_gcc_wopt)
+        fi
         if test x"$_gcc_wopt" = xyes ; then
-          CFLAGS="$CFLAGS -W -Wno-sign-compare -Wno-missing-field-initializers"
+          mycflags="$mycflags -W -Wno-sign-compare"
+          mycflags="$mycflags -Wno-missing-field-initializers"
         fi
+
         AC_MSG_CHECKING([if gcc supports -Wdeclaration-after-statement])
-        _gcc_cflags_save=$CFLAGS
         CFLAGS="-Wdeclaration-after-statement"
         AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no)
         AC_MSG_RESULT($_gcc_wopt)
-        CFLAGS=$_gcc_cflags_save;
         if test x"$_gcc_wopt" = xyes ; then
-          CFLAGS="$CFLAGS -Wdeclaration-after-statement"
+          mycflags="$mycflags -Wdeclaration-after-statement"
+        fi
+
+        AC_MSG_CHECKING([if gcc supports -Wlogical-op and -Wvla])
+        CFLAGS="-Wlogical-op -Wvla"
+        AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no)
+        AC_MSG_RESULT($_gcc_wopt)
+        if test x"$_gcc_wopt" = xyes ; then
+          mycflags="$mycflags -Wlogical-op -Wvla"
         fi
+
     else
-        CFLAGS="$CFLAGS -Wall"
+        mycflags="$mycflags -Wall"
     fi
 
-    AC_MSG_CHECKING([if gcc supports -Wno-pointer-sign])
-    _gcc_cflags_save=$CFLAGS
-    CFLAGS="-Wno-pointer-sign"
-    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_psign=yes,_gcc_psign=no)
-    AC_MSG_RESULT($_gcc_psign)
-    CFLAGS=$_gcc_cflags_save;
+    if test x"$_gcc_silent_wno" = xyes ; then
+      _gcc_psign=yes
+    else
+      AC_MSG_CHECKING([if gcc supports -Wno-pointer-sign])
+      CFLAGS="-Wno-pointer-sign"
+      AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],
+                        [_gcc_psign=yes],[_gcc_psign=no])
+      AC_MSG_RESULT($_gcc_psign)
+    fi
     if test x"$_gcc_psign" = xyes ; then
-       CFLAGS="$CFLAGS -Wno-pointer-sign"
+       mycflags="$mycflags -Wno-pointer-sign"
     fi
 
     AC_MSG_CHECKING([if gcc supports -Wpointer-arith])
-    _gcc_cflags_save=$CFLAGS
     CFLAGS="-Wpointer-arith"
     AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_psign=yes,_gcc_psign=no)
     AC_MSG_RESULT($_gcc_psign)
-    CFLAGS=$_gcc_cflags_save;
     if test x"$_gcc_psign" = xyes ; then
-       CFLAGS="$CFLAGS -Wpointer-arith"
+       mycflags="$mycflags -Wpointer-arith"
+    fi
+
+    CFLAGS="$mycflags $mycflags_save"
+    if test "$use_libdns" = yes; then
+       # dirmngr/dns.{c,h} require C99 and GNU extensions.  */
+       USE_C99_CFLAGS="-std=gnu99"
     fi
 fi
 
+AC_SUBST(USE_C99_CFLAGS)
+
 
 #
 # This is handy for debugging so the compiler doesn't rearrange
@@ -1488,44 +1693,33 @@ AC_ARG_ENABLE(optimization,
                    fi])
 
 #
-# Prepare building of estream
+# We do not want support for the GNUPG_BUILDDIR environment variable
+# in a released version.  However, our regression tests suite requires
+# this and thus we build with support for it during "make distcheck".
+# This configure option implements this along with the top Makefile's
+# AM_DISTCHECK_CONFIGURE_FLAGS.
 #
-estream_INIT
+gnupg_builddir_envvar=no
+AC_ARG_ENABLE(gnupg-builddir-envvar,,
+              gnupg_builddir_envvar=$enableval)
+if test x"$gnupg_builddir_envvar" = x"yes"; then
+   AC_DEFINE(ENABLE_GNUPG_BUILDDIR_ENVVAR, 1,
+      [This is only used with "make distcheck"])
+fi
 
+#
+# Add user CFLAGS.
+#
+CFLAGS="$CFLAGS $CFLAGS_orig"
 
 #
 # Decide what to build
 #
-if test "$have_adns" = "yes"; then
-  AC_SUBST(GPGKEYS_KDNS, "gpg2keys_kdns$EXEEXT")
-fi
-
-
-missing_pth=no
-if test $have_ksba = no; then
-  build_gpgsm=no
-  build_scdaemon=no
-fi
-
-build_agent_threaded=""
-if test "$build_agent" = "yes"; then
-  if test $have_pth = no; then
-     build_agent_threaded="(not multi-threaded)"
-     missing_pth=yes
-  fi
-fi
 
 build_scdaemon_extra=""
 if test "$build_scdaemon" = "yes"; then
-  tmp=""
-  if test $have_pth = no; then
-     build_scdaemon_extra="not multi-threaded"
-     tmp=", "
-     missing_pth=yes
-  fi
   if test $have_libusb = no; then
-     build_scdaemon_extra="${tmp}without internal CCID driver"
-     tmp=", "
+     build_scdaemon_extra="without internal CCID driver"
   fi
   if test -n "$build_scdaemon_extra"; then
      build_scdaemon_extra="(${build_scdaemon_extra})"
@@ -1533,16 +1727,8 @@ if test "$build_scdaemon" = "yes"; then
 fi
 
 
-if test "$build_agent_only" = "yes" ; then
-  build_gpg=no
-  build_gpgsm=no
-  build_scdaemon=no
-  build_tools=no
-  build_doc=no
-fi
-
 #
-# Set variables for use by th automake makefile.
+# Set variables for use by automake makefiles.
 #
 AM_CONDITIONAL(BUILD_GPG,         test "$build_gpg" = "yes")
 AM_CONDITIONAL(BUILD_GPGSM,       test "$build_gpgsm" = "yes")
@@ -1554,9 +1740,11 @@ AM_CONDITIONAL(BUILD_TOOLS,       test "$build_tools" = "yes")
 AM_CONDITIONAL(BUILD_DOC,         test "$build_doc" = "yes")
 AM_CONDITIONAL(BUILD_SYMCRYPTRUN, test "$build_symcryptrun" = "yes")
 AM_CONDITIONAL(BUILD_GPGTAR,      test "$build_gpgtar" = "yes")
+AM_CONDITIONAL(BUILD_WKS_TOOLS,   test "$build_wks_tools" = "yes")
 
-AM_CONDITIONAL(RUN_GPG_TESTS,
-               test x$cross_compiling = xno -a "$build_gpg" = yes )
+AM_CONDITIONAL(ENABLE_CARD_SUPPORT, test "$card_support" = yes)
+AM_CONDITIONAL(NO_TRUST_MODELS,     test "$use_trust_models" = no)
+AM_CONDITIONAL(USE_TOFU,            test "$use_tofu" = yes)
 
 #
 # Set some defines for use gpgconf.
@@ -1581,6 +1769,97 @@ if test "$build_g13" = yes ; then
 fi
 
 
+#
+# Define Name strings
+#
+AC_DEFINE_UNQUOTED(GNUPG_NAME, "GnuPG", [The name of the project])
+
+AC_DEFINE_UNQUOTED(GPG_NAME, "gpg", [The name of the OpenPGP tool])
+AC_DEFINE_UNQUOTED(GPG_DISP_NAME, "GnuPG", [The displayed name of gpg])
+
+AC_DEFINE_UNQUOTED(GPGSM_NAME, "gpgsm", [The name of the S/MIME tool])
+AC_DEFINE_UNQUOTED(GPGSM_DISP_NAME, "GPGSM", [The displayed name of gpgsm])
+
+AC_DEFINE_UNQUOTED(GPG_AGENT_NAME, "gpg-agent", [The name of the agent])
+AC_DEFINE_UNQUOTED(GPG_AGENT_DISP_NAME, "GPG Agent",
+                                        [The displayed name of gpg-agent])
+
+AC_DEFINE_UNQUOTED(SCDAEMON_NAME, "scdaemon", [The name of the scdaemon])
+AC_DEFINE_UNQUOTED(SCDAEMON_DISP_NAME, "SCDaemon",
+                                       [The displayed name of scdaemon])
+
+AC_DEFINE_UNQUOTED(DIRMNGR_NAME, "dirmngr", [The name of the dirmngr])
+AC_DEFINE_UNQUOTED(DIRMNGR_DISP_NAME, "DirMngr",
+                                      [The displayed name of dirmngr])
+
+AC_DEFINE_UNQUOTED(G13_NAME, "g13", [The name of the g13 tool])
+AC_DEFINE_UNQUOTED(G13_DISP_NAME, "G13", [The displayed name of g13])
+
+AC_DEFINE_UNQUOTED(GPGCONF_NAME, "gpgconf", [The name of the gpgconf tool])
+AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
+                                      [The displayed name of gpgconf])
+
+AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool])
+
+AC_DEFINE_UNQUOTED(GPG_AGENT_SOCK_NAME, "S.gpg-agent",
+                   [The name of the agent socket])
+AC_DEFINE_UNQUOTED(GPG_AGENT_EXTRA_SOCK_NAME, "S.gpg-agent.extra",
+                   [The name of the agent socket for remote access])
+AC_DEFINE_UNQUOTED(GPG_AGENT_BROWSER_SOCK_NAME, "S.gpg-agent.browser",
+                   [The name of the agent socket for browsers])
+AC_DEFINE_UNQUOTED(GPG_AGENT_SSH_SOCK_NAME, "S.gpg-agent.ssh",
+                   [The name of the agent socket for ssh])
+AC_DEFINE_UNQUOTED(DIRMNGR_INFO_NAME, "DIRMNGR_INFO",
+                   [The name of the dirmngr info envvar])
+AC_DEFINE_UNQUOTED(SCDAEMON_SOCK_NAME, "S.scdaemon",
+                   [The name of the SCdaemon socket])
+AC_DEFINE_UNQUOTED(DIRMNGR_SOCK_NAME, "S.dirmngr",
+                   [The name of the dirmngr socket])
+AC_DEFINE_UNQUOTED(DIRMNGR_DEFAULT_KEYSERVER,
+                   "hkps://hkps.pool.sks-keyservers.net",
+      [The default keyserver for dirmngr to use, if none is explicitly given])
+
+AC_DEFINE_UNQUOTED(GPGEXT_GPG, "gpg", [The standard binary file suffix])
+
+if test "$have_w32_system" = yes; then
+  AC_DEFINE_UNQUOTED(GNUPG_REGISTRY_DIR, "\\\\Software\\\\GNU\\\\GnuPG",
+                     [The directory part of the W32 registry keys])
+fi
+
+
+#
+# Provide information about the build.
+#
+BUILD_REVISION="mym4_revision"
+AC_SUBST(BUILD_REVISION)
+AC_DEFINE_UNQUOTED(BUILD_REVISION, "$BUILD_REVISION",
+                   [GIT commit id revision used to build this package])
+
+changequote(,)dnl
+BUILD_VERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./'`
+changequote([,])dnl
+BUILD_VERSION="${BUILD_VERSION}mym4_revision_dec"
+BUILD_FILEVERSION=`echo "${BUILD_VERSION}" | tr . ,`
+AC_SUBST(BUILD_VERSION)
+AC_SUBST(BUILD_FILEVERSION)
+
+AC_ARG_ENABLE([build-timestamp],
+  AC_HELP_STRING([--enable-build-timestamp],
+                 [set an explicit build timestamp for reproducibility.
+                  (default is the current time in ISO-8601 format)]),
+     [if test "$enableval" = "yes"; then
+        BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date`
+      else
+        BUILD_TIMESTAMP="$enableval"
+      fi
+      BUILD_HOSTNAME="$ac_hostname"],
+     [BUILD_TIMESTAMP="<none>"
+      BUILD_HOSTNAME="<anon>"])
+AC_SUBST(BUILD_TIMESTAMP)
+AC_DEFINE_UNQUOTED(BUILD_TIMESTAMP, "$BUILD_TIMESTAMP",
+                   [The time this package was configured for a build])
+AC_SUBST(BUILD_HOSTNAME)
+
 
 #
 # Print errors here so that they are visible all
@@ -1603,18 +1882,9 @@ if test "$have_libgcrypt" = "no"; then
 ***
 *** You need libgcrypt to build this program.
 **  This library is for example available at
-***   ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/
-*** (at least version $NEED_LIBGCRYPT_VERSION using API $NEED_LIBGCRYPT_API is required.)
+***   ftp://ftp.gnupg.org/gcrypt/libgcrypt/
+*** (at least version $NEED_LIBGCRYPT_VERSION (API $NEED_LIBGCRYPT_API) is required.)
 ***]])
-dnl elif test "$gnupg_cv_gcry_kdf_derive" = no; then
-dnl    die=yes
-dnl    AC_MSG_NOTICE([[
-dnl ***
-dnl *** Libgcrypt 1.5.0 has not yet been released and thus the API
-dnl *** is a bit in a flux.  Your version misses the function
-dnl ***        gcry_kdf_derive
-dnl *** You need to install a newer Libgcrypt version.
-dnl #***]])
 fi
 if test "$have_libassuan" = "no"; then
    die=yes
@@ -1627,6 +1897,7 @@ if test "$have_libassuan" = "no"; then
 ***]])
 fi
 if test "$have_ksba" = "no"; then
+    die=yes
     AC_MSG_NOTICE([[
 ***
 *** You need libksba to build this program.
@@ -1635,16 +1906,8 @@ if test "$have_ksba" = "no"; then
 *** (at least version $NEED_KSBA_VERSION using API $NEED_KSBA_API is required).
 ***]])
 fi
-if test "$gnupg_have_ldap" = "no"; then
-    die=yes
-    AC_MSG_NOTICE([[
-***
-*** You need a LDAP library to build this program.
-*** Check out
-***    http://www.openldap.org
-*** for a suitable implementation.
-***]])
-   if test "$have_w32ce_system" = yes; then
+if test "$gnupg_have_ldap" = yes; then
+  if test "$have_w32ce_system" = yes; then
     AC_MSG_NOTICE([[
 *** Note that CeGCC might be broken, a package fixing this is:
 ***    http://files.kolab.org/local/windows-ce/
@@ -1653,20 +1916,40 @@ if test "$gnupg_have_ldap" = "no"; then
 ***]])
    fi
 fi
-if test "$missing_pth" = "yes"; then
+if test "$have_npth" = "no"; then
+    die=yes
     AC_MSG_NOTICE([[
 ***
 *** It is now required to build with support for the
-*** GNU Portable Threads Library (Pth). Please install this
+*** New Portable Threads Library (nPth). Please install this
 *** library first.  The library is for example available at
-***   ftp://ftp.gnu.org/gnu/pth/
-*** On a Debian GNU/Linux system you can install it using
-***   apt-get install libpth-dev
-*** To build GnuPG for Windows you need to use the W32PTH
-*** package; available at:
-***   ftp://ftp.g10code.com/g10code/w32pth/
+***   ftp://ftp.gnupg.org/gcrypt/npth/
+*** (at least version $NEED_NPTH_VERSION (API $NEED_NPTH_API) is required).
 ***]])
-   die=yes
+fi
+
+if test "$require_iconv" = yes; then
+  if test "$am_func_iconv" != yes; then
+    die=yes
+    AC_MSG_NOTICE([[
+***
+*** The system does not provide a working iconv function.  Please
+*** install a suitable library; for example GNU Libiconv which is
+*** available at:
+***   http://ftp.gnu.org/gnu/libiconv/
+***]])
+  fi
+fi
+
+if test "$use_ccid_driver" = yes; then
+  if test "$have_libusb" != yes; then
+    die=yes
+    AC_MSG_NOTICE([[
+***
+*** You need libusb to build the internal ccid driver.  Please
+*** install a libusb suitable for your system.
+***]])
+  fi
 fi
 
 if test "$die" = "yes"; then
@@ -1682,9 +1965,8 @@ fi
 AC_CONFIG_FILES([ m4/Makefile
 Makefile
 po/Makefile.in
-gl/Makefile
-include/Makefile
 common/Makefile
+common/w32info-rc.h
 kbx/Makefile
 g10/Makefile
 sm/Makefile
@@ -1696,12 +1978,14 @@ tools/gpg-zip
 tools/Makefile
 doc/Makefile
 tests/Makefile
+tests/gpgscm/Makefile
 tests/openpgp/Makefile
+tests/migrations/Makefile
+tests/gpgsm/Makefile
+tests/gpgme/Makefile
 tests/pkits/Makefile
+g10/gpg.w32-manifest
 ])
-#keyserver/Makefile
-#keyserver/gpg2keys_mailto
-#keyserver/gpg2keys_test
 
 
 AC_OUTPUT
@@ -1710,15 +1994,17 @@ AC_OUTPUT
 echo "
         GnuPG v${VERSION} has been configured as follows:
 
+        Revision:  mym4_revision  (mym4_revision_dec)
         Platform:  $PRINTABLE_OS_NAME ($host)
 
         OpenPGP:   $build_gpg
         S/MIME:    $build_gpgsm
-        Agent:     $build_agent $build_agent_threaded
+        Agent:     $build_agent
         Smartcard: $build_scdaemon $build_scdaemon_extra
         G13:       $build_g13
         Dirmngr:   $build_dirmngr
         Gpgtar:    $build_gpgtar
+        WKS tools: $build_wks_tools
 
         Protect tool:      $show_gnupg_protect_tool_pgm
         LDAP wrapper:      $show_gnupg_dirmngr_ldap_pgm
@@ -1727,13 +2013,26 @@ echo "
         Default scdaemon:  $show_gnupg_scdaemon_pgm
         Default dirmngr:   $show_gnupg_dirmngr_pgm
 
-        Use standard socket: $use_standard_socket
         Dirmngr auto start:  $dirmngr_auto_start
+        Readline support:    $gnupg_cv_have_readline
+        LDAP support:        $gnupg_have_ldap
+        TLS support:         $use_tls_library
+        TOFU support:        $use_tofu
+        Tor support:         $show_tor_support
 "
 if test x"$use_regex" != xyes ; then
 echo "
         Warning: No regular expression support available.
                  OpenPGP trust signatures won't work.
-                 gpg-check-pattern will not be build.
+                 gpg-check-pattern will not be built.
 "
 fi
+if test "x${gpg_config_script_warn}" != x; then
+cat <<G10EOF
+        Warning: Mismatches between the target platform and the
+                 to be used libraries have been detected for:
+                  ${gpg_config_script_warn}
+                 Please check above for more warning messages.
+
+G10EOF
+fi