configure flag to built-in security key support

Require --with-security-key-builtin before enabling the built-in
security key support (and consequent dependency on libfido2).

diff --git a/README.md b/README.md
index 412adcecb89a64e64f8923f2d34a28105d58a862..4a393295d857a1c0f88a9b77ce9384c75d58fef0 100644 (file)
--- a/README.md
+++ b/README.md
@@ -66,6 +66,7 @@ Flag | Meaning
 ``--with-libedit`` | Enable [libedit](https://www.thrysoee.dk/editline/) support for sftp.
 ``--with-kerberos5`` | Enable Kerberos/GSSAPI support. Both [Heimdal](https://www.h5l.org/) and [MIT](https://web.mit.edu/kerberos/) Kerberos implementations are supported.
 ``--with-selinux`` | Enable [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) support.
+``--with-security-key-builtin`` | Include built-in support for U2F/FIDO2 security keys. This requires [libfido2](https://github.com/Yubico/libfido2) be installed.
 
 ## Development
 

diff --git a/configure.ac b/configure.ac
index 3814db66b35a76bc3ff22345ce363cc78c36d884..0c2882b1a325cd47a54756f21988c10597f90c8a 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1908,6 +1908,16 @@ AC_ARG_ENABLE([security-key],
                fi
        ]
 )
+enable_sk_internal=
+AC_ARG_WITH([security-key-builtin],
+       [  --with-security-key-builtin include builtin U2F/FIDO support],
+       [
+               if test "x$withval" != "xno" ; then
+                       enable_sk_internal=yes
+               fi
+       ]
+)
+test "x$disable_sk" != "x" && enable_sk_internal=""
 
 AC_SEARCH_LIBS([dlopen], [dl])
 AC_CHECK_FUNCS([dlopen])
@@ -3062,7 +3072,7 @@ fi
 AC_MSG_RESULT([$enable_sk])
 
 # Now check for built-in security key support.
-if test "x$enable_sk" = "xyes" ; then
+if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then
        AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
        use_pkgconfig_for_libfido2=
        if test "x$PKGCONFIG" != "xno"; then