[openssh-commits] [openssh] 08/08: configure flag to built-in security key support

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Nov 15 16:09:13 AEDT 2019 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 5c0bc273cba53f822b7d777bbb6c35d160d3b505
Author: Damien Miller <djm at mindrot.org>
Date:   Fri Nov 15 16:08:00 2019 +1100

    configure flag to built-in security key support
    
    Require --with-security-key-builtin before enabling the built-in
    security key support (and consequent dependency on libfido2).
---
 README.md    |  1 +
 configure.ac | 12 +++++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 412adcec..4a393295 100644
--- a/README.md
+++ b/README.md
@@ -66,6 +66,7 @@ Flag | Meaning
 ``--with-libedit`` | Enable [libedit](https://www.thrysoee.dk/editline/) support for sftp.
 ``--with-kerberos5`` | Enable Kerberos/GSSAPI support. Both [Heimdal](https://www.h5l.org/) and [MIT](https://web.mit.edu/kerberos/) Kerberos implementations are supported.
 ``--with-selinux`` | Enable [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) support.
+``--with-security-key-builtin`` | Include built-in support for U2F/FIDO2 security keys. This requires [libfido2](https://github.com/Yubico/libfido2) be installed.
 
 ## Development
 
diff --git a/configure.ac b/configure.ac
index 3814db66..0c2882b1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1908,6 +1908,16 @@ AC_ARG_ENABLE([security-key],
 		fi
 	]
 )
+enable_sk_internal=
+AC_ARG_WITH([security-key-builtin],
+	[  --with-security-key-builtin include builtin U2F/FIDO support],
+	[
+		if test "x$withval" != "xno" ; then
+			enable_sk_internal=yes
+		fi
+	]
+)
+test "x$disable_sk" != "x" && enable_sk_internal=""
 
 AC_SEARCH_LIBS([dlopen], [dl])
 AC_CHECK_FUNCS([dlopen])
@@ -3062,7 +3072,7 @@ fi
 AC_MSG_RESULT([$enable_sk])
 
 # Now check for built-in security key support.
-if test "x$enable_sk" = "xyes" ; then
+if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then
 	AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
 	use_pkgconfig_for_libfido2=
 	if test "x$PKGCONFIG" != "xno"; then

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list