projects / openwrt / openwrt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
kernel: bump 4.14 to 4.14.202
[openwrt/openwrt.git] / config / Config-build.in
1 # Copyright (C) 2006-2013 OpenWrt.org
2 # Copyright (C) 2016 LEDE Project
3 #
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
6 #
7
8 menu "Global build settings"
9
10 config JSON_OVERVIEW_IMAGE_INFO
11 bool "Create JSON info file overview per target"
12 default BUILDBOT
13 help
14 Create a JSON info file called profiles.json in the target
15 directory containing machine readable list of built profiles
16 and resulting images.
17
18 config ALL_NONSHARED
19 bool "Select all target specific packages by default"
20 select ALL_KMODS
21 default BUILDBOT
22
23 config ALL_KMODS
24 bool "Select all kernel module packages by default"
25
26 config ALL
27 bool "Select all userspace packages by default"
28 select ALL_KMODS
29 select ALL_NONSHARED
30
31 config BUILDBOT
32 bool "Set build defaults for automatic builds (e.g. via buildbot)"
33 default n
34 help
35 This option changes several defaults to be more suitable for
36 automatic builds. This includes the following changes:
37 - Deleting build directories after compiling (to save space)
38 - Enabling per-device rootfs support
39 ...
40
41 config SIGNED_PACKAGES
42 bool "Cryptographically signed package lists"
43 default y
44
45 config SIGNATURE_CHECK
46 bool "Enable signature checking in opkg"
47 default SIGNED_PACKAGES
48
49 comment "General build options"
50
51 config TESTING_KERNEL
52 bool "Use the testing kernel version"
53 depends on HAS_TESTING_KERNEL
54 default n
55 help
56 If the target supports a newer kernel version than the default,
57 you can use this config option to enable it
58
59
60 config DISPLAY_SUPPORT
61 bool "Show packages that require graphics support (local or remote)"
62 default n
63
64 config BUILD_PATENTED
65 default n
66 bool "Compile with support for patented functionality"
67 help
68 When this option is disabled, software which provides patented functionality
69 will not be built. In case software provides optional support for patented
70 functionality, this optional support will get disabled for this package.
71
72 config BUILD_NLS
73 default n
74 bool "Compile with full language support"
75 help
76 When this option is enabled, packages are built with the full versions of
77 iconv and GNU gettext instead of the default OpenWrt stubs. If uClibc is
78 used, it is also built with locale support.
79
80 config SHADOW_PASSWORDS
81 bool
82 default y
83
84 config CLEAN_IPKG
85 bool
86 prompt "Remove ipkg/opkg status data files in final images"
87 default n
88 help
89 This removes all ipkg/opkg status data files from the target directory
90 before building the root filesystem.
91
92 config IPK_FILES_CHECKSUMS
93 bool
94 prompt "Record files checksums in package metadata"
95 default n
96 help
97 This makes file checksums part of package metadata. It increases size
98 but provides you with pkg_check command to check for flash coruptions.
99
100 config INCLUDE_CONFIG
101 bool "Include build configuration in firmware" if DEVEL
102 default n
103 help
104 If enabled, config.buildinfo will be stored in /etc/build.config of firmware.
105
106 config COLLECT_KERNEL_DEBUG
107 bool
108 prompt "Collect kernel debug information"
109 select KERNEL_DEBUG_INFO
110 default BUILDBOT
111 help
112 This collects debugging symbols from the kernel and all compiled modules.
113 Useful for release builds, so that kernel issues can be debugged offline
114 later.
115
116 menu "Kernel build options"
117
118 source "config/Config-kernel.in"
119
120 endmenu
121
122 comment "Package build options"
123
124 config DEBUG
125 bool
126 prompt "Compile packages with debugging info"
127 default n
128 help
129 Adds -g3 to the CFLAGS.
130
131 config IPV6
132 bool
133 prompt "Enable IPv6 support in packages"
134 default y
135 help
136 Enables IPv6 support in kernel (builtin) and packages.
137
138 comment "Stripping options"
139
140 choice
141 prompt "Binary stripping method"
142 default USE_STRIP if EXTERNAL_TOOLCHAIN
143 default USE_STRIP if USE_GLIBC
144 default USE_SSTRIP
145 help
146 Select the binary stripping method you wish to use.
147
148 config NO_STRIP
149 bool "none"
150 help
151 This will install unstripped binaries (useful for native
152 compiling/debugging).
153
154 config USE_STRIP
155 bool "strip"
156 help
157 This will install binaries stripped using strip from binutils.
158
159
160 config USE_SSTRIP
161 bool "sstrip"
162 depends on !USE_GLIBC
163 help
164 This will install binaries stripped using sstrip.
165 endchoice
166
167 config STRIP_ARGS
168 string
169 prompt "Strip arguments"
170 depends on USE_STRIP
171 default "--strip-unneeded --remove-section=.comment --remove-section=.note" if DEBUG
172 default "--strip-all"
173 help
174 Specifies arguments passed to the strip command when stripping binaries.
175
176 config STRIP_KERNEL_EXPORTS
177 bool "Strip unnecessary exports from the kernel image"
178 help
179 Reduces kernel size by stripping unused kernel exports from the kernel
180 image. Note that this might make the kernel incompatible with any kernel
181 modules that were not selected at the time the kernel image was created.
182
183 config USE_MKLIBS
184 bool "Strip unnecessary functions from libraries"
185 help
186 Reduces libraries to only those functions that are necessary for using all
187 selected packages (including those selected as <M>). Note that this will
188 make the system libraries incompatible with most of the packages that are
189 not selected during the build process.
190
191 choice
192 prompt "Preferred standard C++ library"
193 default USE_LIBSTDCXX if USE_GLIBC
194 default USE_UCLIBCXX
195 help
196 Select the preferred standard C++ library for all packages that support this.
197
198 config USE_UCLIBCXX
199 bool "uClibc++"
200
201 config USE_LIBSTDCXX
202 bool "libstdc++"
203 endchoice
204
205 comment "Hardening build options"
206
207 config PKG_CHECK_FORMAT_SECURITY
208 bool
209 prompt "Enable gcc format-security"
210 default y
211 help
212 Add -Wformat -Werror=format-security to the CFLAGS. You can disable
213 this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package
214 Makefile.
215
216 config PKG_ASLR_PIE
217 bool
218 prompt "User space ASLR PIE compilation"
219 select BUSYBOX_DEFAULT_PIE
220 default n
221 help
222 Add -fPIC to CFLAGS and -specs=hardened-build-ld to LDFLAGS.
223 This enables package build as Position Independent Executables (PIE)
224 to protect against "return-to-text" attacks. This belongs to the
225 feature of Address Space Layout Randomisation (ASLR), which is
226 implemented by the kernel and the ELF loader by randomising the
227 location of memory allocations. This makes memory addresses harder
228 to predict when an attacker is attempting a memory-corruption exploit.
229 You can disable this per package by adding PKG_ASLR_PIE:=0 in the package
230 Makefile.
231
232 choice
233 prompt "User space Stack-Smashing Protection"
234 depends on USE_MUSL
235 default PKG_CC_STACKPROTECTOR_REGULAR
236 help
237 Enable GCC Stack Smashing Protection (SSP) for userspace applications
238 config PKG_CC_STACKPROTECTOR_NONE
239 bool "None"
240 config PKG_CC_STACKPROTECTOR_REGULAR
241 bool "Regular"
242 select GCC_LIBSSP if !USE_MUSL
243 depends on KERNEL_CC_STACKPROTECTOR_REGULAR
244 config PKG_CC_STACKPROTECTOR_STRONG
245 bool "Strong"
246 select GCC_LIBSSP if !USE_MUSL
247 depends on !GCC_VERSION_4_8
248 depends on KERNEL_CC_STACKPROTECTOR_STRONG
249 endchoice
250
251 choice
252 prompt "Kernel space Stack-Smashing Protection"
253 default KERNEL_CC_STACKPROTECTOR_REGULAR
254 depends on USE_MUSL || !(x86_64 || i386)
255 help
256 Enable GCC Stack-Smashing Protection (SSP) for the kernel
257 config KERNEL_CC_STACKPROTECTOR_NONE
258 bool "None"
259 config KERNEL_CC_STACKPROTECTOR_REGULAR
260 bool "Regular"
261 config KERNEL_CC_STACKPROTECTOR_STRONG
262 depends on !GCC_VERSION_4_8
263 bool "Strong"
264 endchoice
265
266 config KERNEL_STACKPROTECTOR
267 bool
268 default KERNEL_CC_STACKPROTECTOR_REGULAR || KERNEL_CC_STACKPROTECTOR_STRONG
269
270 config KERNEL_STACKPROTECTOR_STRONG
271 bool
272 default KERNEL_CC_STACKPROTECTOR_STRONG
273
274 choice
275 prompt "Enable buffer-overflows detection (FORTIFY_SOURCE)"
276 default PKG_FORTIFY_SOURCE_1
277 help
278 Enable the _FORTIFY_SOURCE macro which introduces additional
279 checks to detect buffer-overflows in the following standard library
280 functions: memcpy, mempcpy, memmove, memset, strcpy, stpcpy,
281 strncpy, strcat, strncat, sprintf, vsprintf, snprintf, vsnprintf,
282 gets. "Conservative" (_FORTIFY_SOURCE set to 1) only introduces
283 checks that shouldn't change the behavior of conforming programs,
284 while "aggressive" (_FORTIFY_SOURCES set to 2) some more checking is
285 added, but some conforming programs might fail.
286 config PKG_FORTIFY_SOURCE_NONE
287 bool "None"
288 config PKG_FORTIFY_SOURCE_1
289 bool "Conservative"
290 config PKG_FORTIFY_SOURCE_2
291 bool "Aggressive"
292 endchoice
293
294 choice
295 prompt "Enable RELRO protection"
296 default PKG_RELRO_FULL
297 help
298 Enable a link-time protection known as RELRO (Relocation Read Only)
299 which helps to protect from certain type of exploitation techniques
300 altering the content of some ELF sections. "Partial" RELRO makes the
301 .dynamic section not writeable after initialization, introducing
302 almost no performance penalty, while "full" RELRO also marks the GOT
303 as read-only at the cost of initializing all of it at startup.
304 config PKG_RELRO_NONE
305 bool "None"
306 config PKG_RELRO_PARTIAL
307 bool "Partial"
308 config PKG_RELRO_FULL
309 bool "Full"
310 endchoice
311
312 endmenu
OpenWrt Source Repository