config ALL_NONSHARED
bool "Select all target specific packages by default"
- default ALL || BUILDBOT
+ select ALL_KMODS
+ default BUILDBOT
config ALL_KMODS
bool "Select all kernel module packages by default"
- default ALL
config ALL
bool "Select all userspace packages by default"
- default n
+ select ALL_KMODS
+ select ALL_NONSHARED
config BUILDBOT
bool "Set build defaults for automatic builds (e.g. via buildbot)"
comment "General build options"
+ config TESTING_KERNEL
+ bool "Use the testing kernel version"
+ depends on HAS_TESTING_KERNEL
+ default n
+ help
+ If the target supports a newer kernel version than the default,
+ you can use this config option to enable it
+
+
config DISPLAY_SUPPORT
bool "Show packages that require graphics support (local or remote)"
default n
config BUILD_PATENTED
- default y
+ default n
bool "Compile with support for patented functionality"
help
When this option is disabled, software which provides patented functionality
This removes all ipkg/opkg status data files from the target directory
before building the root filesystem.
+ config IPK_FILES_CHECKSUMS
+ bool
+ prompt "Record files checksums in package metadata"
+ default n
+ help
+ This makes file checksums part of package metadata. It increases size
+ but provides you with pkg_check command to check for flash coruptions.
+
config INCLUDE_CONFIG
bool "Include build configuration in firmware" if DEVEL
default n
Useful for release builds, so that kernel issues can be debugged offline
later.
- comment "Kernel build options"
+ menu "Kernel build options"
source "config/Config-kernel.in"
+ endmenu
+
comment "Package build options"
config DEBUG
this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package
Makefile.
+ config PKG_ASLR_PIE
+ bool
+ prompt "User space ASLR PIE compilation"
+ select BUSYBOX_DEFAULT_PIE
+ default n
+ help
+ Add -fPIC to CFLAGS and -specs=hardened-build-ld to LDFLAGS.
+ This enables package build as Position Independent Executables (PIE)
+ to protect against "return-to-text" attacks. This belongs to the
+ feature of Address Space Layout Randomisation (ASLR), which is
+ implemented by the kernel and the ELF loader by randomising the
+ location of memory allocations. This makes memory addresses harder
+ to predict when an attacker is attempting a memory-corruption exploit.
+ You can disable this per package by adding PKG_ASLR_PIE:=0 in the package
+ Makefile.
+
choice
prompt "User space Stack-Smashing Protection"
depends on USE_MUSL
bool "None"
config PKG_CC_STACKPROTECTOR_REGULAR
bool "Regular"
- select SSP_SUPPORT if !USE_MUSL
+ select GCC_LIBSSP if !USE_MUSL
depends on KERNEL_CC_STACKPROTECTOR_REGULAR
config PKG_CC_STACKPROTECTOR_STRONG
bool "Strong"
- select SSP_SUPPORT if !USE_MUSL
+ select GCC_LIBSSP if !USE_MUSL
depends on !GCC_VERSION_4_8
depends on KERNEL_CC_STACKPROTECTOR_STRONG
endchoice
bool "Strong"
endchoice
+ config KERNEL_STACKPROTECTOR
+ bool
+ default KERNEL_CC_STACKPROTECTOR_REGULAR || KERNEL_CC_STACKPROTECTOR_STRONG
+
+ config KERNEL_STACKPROTECTOR_STRONG
+ bool
+ default KERNEL_CC_STACKPROTECTOR_STRONG
+
choice
prompt "Enable buffer-overflows detection (FORTIFY_SOURCE)"
default PKG_FORTIFY_SOURCE_1