----
This is a shell script that automatically determines the system type. There is
-a single optional parameter, `--prefix` which indicates the directory tree
-where the software should be installed. For example,
+an optional parameter `--prefix`, which indicates the directory tree where the
+software should be installed. For example,
----
./configure --prefix=/opt/free
control program into `/opt/free/bin`. The default value for the prefix is
`/usr/local`.
-The configure script assumes you want to use gcc as your compiler. If you want
-to use a different compiler, you can configure this way:
+The `configure` script assumes you want to use `gcc` as your compiler. If you
+want to use a different compiler, you can configure this way:
----
-CC=cc CFLAGS=-O ./configure --prefix=/opt/free
+CC=cc ./configure --prefix=/opt/free
----
for Bourne-family shells, or
On Linux, if development files for the libcap library are available, `chronyd`
will be built with support for dropping root privileges. On other systems no
extra library is needed. The default user which `chronyd` should run as can be
-specified with the `--with-user` option of the configure script.
+specified with the `--with-user` option of the `configure` script.
+
+If development files for the POSIX threads library are available, `chronyd`
+will be built with support for asynchronous resolving of hostnames specified in
+the `server`, `peer`, and `pool` directives. This allows `chronyd` operating as
+a server to respond to client requests when resolving a hostname. If you don't
+want to enable the support, specify the `--disable-asyncdns` flag to
+`configure`.
+
+If development files for the https://www.lysator.liu.se/~nisse/nettle/[Nettle],
+https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS[NSS], or
+http://www.libtom.net/LibTomCrypt/[libtomcrypt] library are available,
+`chronyd` will be built with support for other cryptographic hash functions
+than MD5, which can be used for NTP authentication with a symmetric key. If you
+don't want to enable the support, specify the `--disable-sechash` flag to
+`configure`.
If development files for the editline or readline library are available,
`chronyc` will be built with line editing support. If you don't want this,
-specify the `--disable-readline` flag to configure.
+specify the `--disable-readline` flag to `configure`.
If a `timepps.h` header is available (e.g. from the
http://linuxpps.org[LinuxPPS project]), `chronyd` will be built with PPS API
normally searched by the compiler, you can add it to the searched locations by
setting the `CPPFLAGS` variable to `-I/path/to/timepps`.
+The `--help` option can be specified to `configure` to print all options
+supported by the script.
+
Now type
----
option or the `user` directive in the configuration file, or set the default
user with the `--with-user` configure option before building.
+== Support for system call filtering
+
+`chronyd` can be built with support for the Linux secure computing (seccomp)
+facility. This requires development files for the
+https://github.com/seccomp/libseccomp[libseccomp] library and the
+`--enable-scfilter` option specified to `configure`. The `-F` option of
+`chronyd` will enable a system call filter, which should significantly reduce
+the kernel attack surface and possibly prevent kernel exploits from `chronyd`
+if it is compromised.
+
== Support for line editing libraries
`chronyc` can be built with support for line editing, this allows you to use
incompatible with chrony's license GPLv2. You should use editline instead if
you don't want to use older readline versions.
-The configure script will automatically enable the line editing support if one
-of the supported libraries is available. If they are both available, the
+The `configure` script will automatically enable the line editing support if
+one of the supported libraries is available. If they are both available, the
editline library will be used.
-If you don't want to use it (in which case chronyc will use a minimal command
-line interface), invoke configure like this:
+If you don't want to use it (in which case `chronyc` will use a minimal command
+line interface), invoke `configure` like this:
----
./configure --disable-readline other-options...
== Extra options for package builders
-The configure and make procedures have some extra options that may be useful if
-you are building a distribution package for chrony.
+The `configure` and `make` procedures have some extra options that may be
+useful if you are building a distribution package for `chrony`.
-The `--mandir=DIR` option to configure specifies an install directory for the
-man pages. This overrides the `man` subdirectory of the argument to the
---prefix option.
+The `--mandir=DIR` option to `configure` specifies an installation directory
+for the man pages. This overrides the `man` subdirectory of the argument to the
+`--prefix` option.
----
./configure --prefix=/usr --mandir=/usr/share/man
to set both options together.
-The final option is the `DESTDIR` option to the make command. For example, you
-could use the commands
+The final option is the `DESTDIR` option to the `make` command. For example,
+you could use the commands
----
./configure --prefix=/usr --mandir=/usr/share/man
projects / thirdparty / chrony.git / commitdiff
