From 8d6123faa8cae0bad6f82c9021e9ac6686b2f55d Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 15 Mar 2021 09:00:00 +0100
Subject: [PATCH] build: new option to disable building of tpm2daemon

* configure.ac (build_tpmd): New configure option --disable-tpm2d
(BUILD_WITH_TPM2D): New.
* Makefile.am (tests): Use conditionally BUILD_TPM2D instead of
HAVE_LIBTSS.
* build-aux/speedo.mk (speedo_pkg_gnupg_configure) [W32]: Do not build
tpm2d.
* autogen.rc: Ditto.
---
 Makefile.am         |  2 +-
 autogen.rc          |  1 +
 build-aux/speedo.mk |  2 +-
 configure.ac        | 64 +++++++++++++++++++++++++++++----------------
 4 files changed, 44 insertions(+), 25 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index 0e1aacad3..b23cf3be8 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -106,7 +106,7 @@ tests =
 else
 tests = tests
 endif
-if HAVE_LIBTSS
+if BUILD_TPM2D
 tpm2d = tpm2d
 else
 tpm2d =
diff --git a/autogen.rc b/autogen.rc
index c80dd4801..d10a540fc 100644
--- a/autogen.rc
+++ b/autogen.rc
@@ -20,6 +20,7 @@ case "$myhost" in
       --with-zlib=@SYSROOT@
       --with-regex=@SYSROOT@
       --disable-g13
+      --disable-tpm2d
       "
     ;;
 
diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk
index 1c5e268a1..fb1c23b4f 100644
--- a/build-aux/speedo.mk
+++ b/build-aux/speedo.mk
@@ -614,7 +614,7 @@ speedo_pkg_ntbtls_configure = --disable-shared
 
 ifeq ($(TARGETOS),w32)
 speedo_pkg_gnupg_configure = \
-        --disable-g13 --enable-ntbtls
+        --disable-g13 --enable-ntbtls --disable-tpm2d
 else
 speedo_pkg_gnupg_configure = --disable-g13 --enable-wks-tools
 endif
diff --git a/configure.ac b/configure.ac
index ba50fb892..82e3e670c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -127,6 +127,7 @@ GNUPG_BUILD_PROGRAM(scdaemon, yes)
 GNUPG_BUILD_PROGRAM(g13, no)
 GNUPG_BUILD_PROGRAM(dirmngr, yes)
 GNUPG_BUILD_PROGRAM(keyboxd, yes)
+GNUPG_BUILD_PROGRAM(tpm2d, yes)
 GNUPG_BUILD_PROGRAM(doc, yes)
 # We use gpgtar to unpack test data, hence we always build it.  If the
 # user opts out, we simply don't install it.
@@ -1593,23 +1594,28 @@ AC_SUBST(W32SOCKLIBS)
 #
 # TPM libtss library .. don't compile TPM support if we don't have it
 #
-_save_libs="$LIBS"
-_save_cflags="$CFLAGS"
-LIBS=""
-AC_SEARCH_LIBS([TSS_Create], [tss ibmtss],have_libtss=IBM,
+LIBTSS_LIBS=
+LIBTSS_CFLAGS=
+if test "$build_tpm2d" = "yes"; then
+  _save_libs="$LIBS"
+  _save_cflags="$CFLAGS"
+  LIBS=""
+  AC_SEARCH_LIBS([TSS_Create], [tss ibmtss],have_libtss=IBM,
     AC_SEARCH_LIBS([Esys_Initialize], [tss2-esys],have_libtss=Intel))
-if test "$have_libtss" = IBM; then
+  if test "$have_libtss" = IBM; then
     LIBTSS_CFLAGS="-DTPM_POSIX"
     CFLAGS="$CFLAGS ${LIBTSS_CFLAGS}"
-    AC_CHECK_HEADER([tss2/tss.h],[AC_DEFINE(TSS_INCLUDE,tss2, [tss2 include location])], [
-	AC_CHECK_HEADER([ibmtss/tss.h],[AC_DEFINE(TSS_INCLUDE,ibmtss, [ibmtss include location])], [
-            AC_MSG_WARN([No TSS2 include directory found, disabling TPM support])
-	    have_libtss=no
-	])
+    AC_CHECK_HEADER([tss2/tss.h],
+                    [AC_DEFINE(TSS_INCLUDE,tss2, [tss2 include location])], [
+      AC_CHECK_HEADER([ibmtss/tss.h],[AC_DEFINE(TSS_INCLUDE,ibmtss,
+                                                [ibmtss include location])], [
+        AC_MSG_WARN([No TSS2 include directory found, disabling TPM support])
+        have_libtss=no
+      ])
     ])
     LIBTSS_LIBS=$LIBS
     AC_SUBST(TSS_INCLUDE)
-elif test "$have_libtss" = Intel; then
+  elif test "$have_libtss" = Intel; then
     ##
     # Intel TSS has an API issue: Esys_TR_GetTpmHandle wasn't introduced
     # until version 2.4.0.
@@ -1623,15 +1629,19 @@ elif test "$have_libtss" = Intel; then
     ])
     LIBTSS_LIBS="$LIBS -ltss2-mu -ltss2-rc -ltss2-tctildr"
     AC_DEFINE(HAVE_INTEL_TSS, 1, [Defined if we have the Intel TSS])
-fi
-LIBS="$_save_libs"
-CFLAGS="$_save_cflags"
-if test "$have_libtss" != no; then
+  fi
+  LIBS="$_save_libs"
+  CFLAGS="$_save_cflags"
+  if test "$have_libtss" != no; then
     AC_DEFINE(HAVE_LIBTSS, 1, [Defined if we have TPM2 support library])
     # look for a TPM emulator for testing
     AC_PATH_PROG(TPMSERVER, tpm_server,,/bin:/usr/bin:/usr/lib/ibmtss:/usr/libexec/ibmtss)
     AC_PATH_PROG(SWTPM, swtpm,,/bin:/usr/bin:/usr/lib/ibmtss:/usr/libexec/ibmtss)
     AC_PATH_PROG(SWTPM_IOCTL, swtpm_ioctl,,/bin:/usr/bin:/usr/lib/ibmtss:/usr/libexec/ibmtss)
+  fi
+fi
+if test "$have_libtss" = no; then
+  build_tpm2d=no
 fi
 AC_SUBST(LIBTSS_LIBS)
 AC_SUBST(LIBTSS_CFLAGS)
@@ -1854,6 +1864,7 @@ AM_CONDITIONAL(BUILD_SCDAEMON,    test "$build_scdaemon" = "yes")
 AM_CONDITIONAL(BUILD_G13,         test "$build_g13" = "yes")
 AM_CONDITIONAL(BUILD_DIRMNGR,     test "$build_dirmngr" = "yes")
 AM_CONDITIONAL(BUILD_KEYBOXD,     test "$build_keyboxd" = "yes")
+AM_CONDITIONAL(BUILD_TPM2D,       test "$build_tpm2d" = "yes")
 AM_CONDITIONAL(BUILD_DOC,         test "$build_doc" = "yes")
 AM_CONDITIONAL(BUILD_GPGTAR,      test "$build_gpgtar" = "yes")
 AM_CONDITIONAL(BUILD_WKS_TOOLS,   test "$build_wks_tools" = "yes")
@@ -1884,6 +1895,9 @@ fi
 if test "$build_keyboxd" = yes ; then
     AC_DEFINE(BUILD_WITH_KEYBOXD,1,[Defined if KEYBOXD is to be build])
 fi
+if test "$build_tpm2d" = yes ; then
+    AC_DEFINE(BUILD_WITH_TPM2D,1,[Defined if TPM2D to be build])
+fi
 if test "$build_g13" = yes ; then
     AC_DEFINE(BUILD_WITH_G13,1,[Defined if G13 is to be build])
 fi
@@ -2130,6 +2144,10 @@ tools/gpg-card.w32-manifest
 
 AC_OUTPUT
 
+show_tss_type=
+if test "$build_tpm2d" = "yes"; then
+  show_tss_type="($have_libtss)"
+fi
 
 echo "
         GnuPG v${VERSION} has been configured as follows:
@@ -2141,20 +2159,21 @@ echo "
         S/MIME:    $build_gpgsm
         Agent:     $build_agent
         Smartcard: $build_scdaemon $build_scdaemon_extra
+        TPM:       $build_tpm2d $show_tss_type
         G13:       $build_g13
         Dirmngr:   $build_dirmngr
         Keyboxd:   $build_keyboxd
         Gpgtar:    $build_gpgtar
         WKS tools: $build_wks_tools
 
-        Protect tool:      $show_gnupg_protect_tool_pgm
-        LDAP wrapper:      $show_gnupg_dirmngr_ldap_pgm
-        Default agent:     $show_gnupg_agent_pgm
-        Default pinentry:  $show_gnupg_pinentry_pgm
-        Default scdaemon:  $show_gnupg_scdaemon_pgm
-        Default keyboxd:   $show_gnupg_keyboxd_pgm
+        Protect tool:       $show_gnupg_protect_tool_pgm
+        LDAP wrapper:       $show_gnupg_dirmngr_ldap_pgm
+        Default agent:      $show_gnupg_agent_pgm
+        Default pinentry:   $show_gnupg_pinentry_pgm
+        Default scdaemon:   $show_gnupg_scdaemon_pgm
+        Default keyboxd:    $show_gnupg_keyboxd_pgm
         Default tpm2daemon: $show_gnupg_tpm2daemon_pgm
-        Default dirmngr:   $show_gnupg_dirmngr_pgm
+        Default dirmngr:    $show_gnupg_dirmngr_pgm
 
         Dirmngr auto start:  $dirmngr_auto_start
         Readline support:    $gnupg_cv_have_readline
@@ -2162,7 +2181,6 @@ echo "
         TLS support:         $use_tls_library
         TOFU support:        $use_tofu
         Tor support:         $show_tor_support
-        TPM support:         $have_libtss
 "
 if test "$have_libtss" != no -a -z "$TPMSERVER" -a -z "$SWTPM"; then
 cat <<G10EOF