# Copyright (C) 2006-2013 OpenWrt.org
+# Copyright (C) 2016 LEDE Project
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
menu "Global build settings"
+ config ALL_NONSHARED
+ bool "Select all target specific packages by default"
+ default ALL
+
config ALL_KMODS
bool "Select all kernel module packages by default"
default ALL
config SIGNED_PACKAGES
bool "Cryptographically signed package lists"
+ default y
comment "General build options"
prompt "Enable IPv6 support in packages"
default y
help
- Enable IPv6 support in packages (passes --enable-ipv6 to configure scripts).
+ Enables IPv6 support in kernel (builtin) and packages.
config PKG_BUILD_PARALLEL
bool
choice
prompt "Binary stripping method"
default USE_STRIP if EXTERNAL_TOOLCHAIN
- default USE_STRIP if USE_GLIBC || USE_MUSL
+ default USE_STRIP if USE_GLIBC
default USE_SSTRIP
help
Select the binary stripping method you wish to use.
bool "none"
help
This will install unstripped binaries (useful for native
- compiling/debugging).
+ compiling/debugging).
config USE_STRIP
bool "strip"
config USE_SSTRIP
bool "sstrip"
- depends on !DEBUG
depends on !USE_GLIBC
help
This will install binaries stripped using sstrip.
config PKG_CHECK_FORMAT_SECURITY
bool
prompt "Enable gcc format-security"
- default n
+ default y
help
Add -Wformat -Werror=format-security to the CFLAGS. You can disable
this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package
choice
prompt "User space Stack-Smashing Protection"
- default PKG_CC_STACKPROTECTOR_NONE
+ depends on USE_MUSL
+ default PKG_CC_STACKPROTECTOR_REGULAR
help
Enable GCC Stack Smashing Protection (SSP) for userspace applications
config PKG_CC_STACKPROTECTOR_NONE
bool "None"
config PKG_CC_STACKPROTECTOR_REGULAR
bool "Regular"
- select SSP_SUPPORT
+ select SSP_SUPPORT if !USE_MUSL
depends on KERNEL_CC_STACKPROTECTOR_REGULAR
config PKG_CC_STACKPROTECTOR_STRONG
bool "Strong"
- select SSP_SUPPORT
- depends on GCC_VERSION_4_9_LINARO
+ select SSP_SUPPORT if !USE_MUSL
+ depends on GCC_VERSION_5
depends on KERNEL_CC_STACKPROTECTOR_STRONG
endchoice
choice
prompt "Kernel space Stack-Smashing Protection"
- default KERNEL_CC_STACKPROTECTOR_NONE
+ default KERNEL_CC_STACKPROTECTOR_REGULAR
+ depends on USE_MUSL || !(x86_64 || i386)
help
Enable GCC Stack-Smashing Protection (SSP) for the kernel
config KERNEL_CC_STACKPROTECTOR_NONE
config KERNEL_CC_STACKPROTECTOR_REGULAR
bool "Regular"
config KERNEL_CC_STACKPROTECTOR_STRONG
- depends on GCC_VERSION_4_9_LINARO
+ depends on GCC_VERSION_5
bool "Strong"
endchoice
choice
prompt "Enable buffer-overflows detection (FORTIFY_SOURCE)"
+ default PKG_FORTIFY_SOURCE_1
help
Enable the _FORTIFY_SOURCE macro which introduces additional
checks to detect buffer-overflows in the following standard library
choice
prompt "Enable RELRO protection"
+ default PKG_RELRO_FULL
help
Enable a link-time protection known as RELRO (Relocation Read Only)
which helps to protect from certain type of exploitation techniques