1 # Copyright (C) 2006-2013 OpenWrt.org
2 # Copyright (C) 2016 LEDE Project
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
8 menu "Global build settings"
11 bool "Select all target specific packages by default"
12 default ALL || BUILDBOT
15 bool "Select all kernel module packages by default"
19 bool "Select all userspace packages by default"
23 bool "Set build defaults for automatic builds (e.g. via buildbot)"
26 This option changes several defaults to be more suitable for
27 automatic builds. This includes the following changes:
28 - Deleting build directories after compiling (to save space)
29 - Enabling per-device rootfs support
32 config SIGNED_PACKAGES
33 bool "Cryptographically signed package lists"
36 comment "General build options"
38 config DISPLAY_SUPPORT
39 bool "Show packages that require graphics support (local or remote)"
44 bool "Compile with support for patented functionality"
46 When this option is disabled, software which provides patented functionality
47 will not be built. In case software provides optional support for patented
48 functionality, this optional support will get disabled for this package.
52 bool "Compile with full language support"
54 When this option is enabled, packages are built with the full versions of
55 iconv and GNU gettext instead of the default OpenWrt stubs. If uClibc is
56 used, it is also built with locale support.
58 config SHADOW_PASSWORDS
64 prompt "Remove ipkg/opkg status data files in final images"
67 This removes all ipkg/opkg status data files from the target directory
68 before building the root filesystem.
71 bool "Include build configuration in firmware" if DEVEL
74 If enabled, config.seed will be stored in /etc/build.config of firmware.
76 config COLLECT_KERNEL_DEBUG
78 prompt "Collect kernel debug information"
79 select KERNEL_DEBUG_INFO
82 This collects debugging symbols from the kernel and all compiled modules.
83 Useful for release builds, so that kernel issues can be debugged offline
86 menu "Kernel build options"
88 source "config/Config-kernel.in"
92 comment "Package build options"
96 prompt "Compile packages with debugging info"
99 Adds -g3 to the CFLAGS.
103 prompt "Enable IPv6 support in packages"
106 Enables IPv6 support in kernel (builtin) and packages.
108 comment "Stripping options"
111 prompt "Binary stripping method"
112 default USE_STRIP if EXTERNAL_TOOLCHAIN
113 default USE_STRIP if USE_GLIBC
116 Select the binary stripping method you wish to use.
121 This will install unstripped binaries (useful for native
122 compiling/debugging).
127 This will install binaries stripped using strip from binutils.
132 depends on !USE_GLIBC
134 This will install binaries stripped using sstrip.
139 prompt "Strip arguments"
141 default "--strip-unneeded --remove-section=.comment --remove-section=.note" if DEBUG
142 default "--strip-all"
144 Specifies arguments passed to the strip command when stripping binaries.
146 config STRIP_KERNEL_EXPORTS
147 bool "Strip unnecessary exports from the kernel image"
149 Reduces kernel size by stripping unused kernel exports from the kernel
150 image. Note that this might make the kernel incompatible with any kernel
151 modules that were not selected at the time the kernel image was created.
154 bool "Strip unnecessary functions from libraries"
156 Reduces libraries to only those functions that are necessary for using all
157 selected packages (including those selected as <M>). Note that this will
158 make the system libraries incompatible with most of the packages that are
159 not selected during the build process.
162 prompt "Preferred standard C++ library"
163 default USE_LIBSTDCXX if USE_GLIBC
166 Select the preferred standard C++ library for all packages that support this.
175 comment "Hardening build options"
177 config PKG_CHECK_FORMAT_SECURITY
179 prompt "Enable gcc format-security"
182 Add -Wformat -Werror=format-security to the CFLAGS. You can disable
183 this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package
187 prompt "User space Stack-Smashing Protection"
189 default PKG_CC_STACKPROTECTOR_REGULAR
191 Enable GCC Stack Smashing Protection (SSP) for userspace applications
192 config PKG_CC_STACKPROTECTOR_NONE
194 config PKG_CC_STACKPROTECTOR_REGULAR
196 select SSP_SUPPORT if !USE_MUSL
197 depends on KERNEL_CC_STACKPROTECTOR_REGULAR
198 config PKG_CC_STACKPROTECTOR_STRONG
200 select SSP_SUPPORT if !USE_MUSL
201 depends on !GCC_VERSION_4_8
202 depends on KERNEL_CC_STACKPROTECTOR_STRONG
206 prompt "Kernel space Stack-Smashing Protection"
207 default KERNEL_CC_STACKPROTECTOR_REGULAR
208 depends on USE_MUSL || !(x86_64 || i386)
210 Enable GCC Stack-Smashing Protection (SSP) for the kernel
211 config KERNEL_CC_STACKPROTECTOR_NONE
213 config KERNEL_CC_STACKPROTECTOR_REGULAR
215 config KERNEL_CC_STACKPROTECTOR_STRONG
216 depends on !GCC_VERSION_4_8
221 prompt "Enable buffer-overflows detection (FORTIFY_SOURCE)"
222 default PKG_FORTIFY_SOURCE_1
224 Enable the _FORTIFY_SOURCE macro which introduces additional
225 checks to detect buffer-overflows in the following standard library
226 functions: memcpy, mempcpy, memmove, memset, strcpy, stpcpy,
227 strncpy, strcat, strncat, sprintf, vsprintf, snprintf, vsnprintf,
228 gets. "Conservative" (_FORTIFY_SOURCE set to 1) only introduces
229 checks that shouldn't change the behavior of conforming programs,
230 while "aggressive" (_FORTIFY_SOURCES set to 2) some more checking is
231 added, but some conforming programs might fail.
232 config PKG_FORTIFY_SOURCE_NONE
234 config PKG_FORTIFY_SOURCE_1
236 config PKG_FORTIFY_SOURCE_2
241 prompt "Enable RELRO protection"
242 default PKG_RELRO_FULL
244 Enable a link-time protection known as RELRO (Relocation Read Only)
245 which helps to protect from certain type of exploitation techniques
246 altering the content of some ELF sections. "Partial" RELRO makes the
247 .dynamic section not writeable after initialization, introducing
248 almost no performance penalty, while "full" RELRO also marks the GOT
249 as read-only at the cost of initializing all of it at startup.
250 config PKG_RELRO_NONE
252 config PKG_RELRO_PARTIAL
254 config PKG_RELRO_FULL