# Copyright (C) 2006-2013 OpenWrt.org
+# Copyright (C) 2016 LEDE Project
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
menu "Global build settings"
+ config ALL_NONSHARED
+ bool "Select all target specific packages by default"
+ default ALL
+
+ config ALL_KMODS
+ bool "Select all kernel module packages by default"
+ default ALL
+
config ALL
- bool "Select all packages by default"
+ bool "Select all userspace packages by default"
default n
+ config SIGNED_PACKAGES
+ bool "Cryptographically signed package lists"
+ default y
+
comment "General build options"
config DISPLAY_SUPPORT
iconv and GNU gettext instead of the default OpenWrt stubs. If uClibc is
used, it is also built with locale support.
- config BUILD_STATIC_TOOLS
- default n
- bool "Attempt to link host utilities statically"
- help
- Linking host utilities like sed or firmware-utils statically increases the
- portability of the generated ImageBuilder and SDK tarballs; however, it may
- fail on some Linux distributions.
-
config SHADOW_PASSWORDS
bool
- prompt "Enable shadow password support"
default y
- help
- Enable shadow password support.
config CLEAN_IPKG
bool
prompt "Enable IPv6 support in packages"
default y
help
- Enable IPv6 support in packages (passes --enable-ipv6 to configure scripts).
+ Enables IPv6 support in kernel (builtin) and packages.
config PKG_BUILD_PARALLEL
bool
choice
prompt "Binary stripping method"
default USE_STRIP if EXTERNAL_TOOLCHAIN
- default USE_STRIP if USE_GLIBC || USE_EGLIBC || USE_MUSL
+ default USE_STRIP if USE_GLIBC
default USE_SSTRIP
help
Select the binary stripping method you wish to use.
bool "none"
help
This will install unstripped binaries (useful for native
- compiling/debugging).
+ compiling/debugging).
config USE_STRIP
bool "strip"
config USE_SSTRIP
bool "sstrip"
- depends on !DEBUG
depends on !USE_GLIBC
- depends on !USE_EGLIBC
help
This will install binaries stripped using sstrip.
endchoice
choice
prompt "Preferred standard C++ library"
- default USE_LIBSTDCXX if USE_EGLIBC
+ default USE_LIBSTDCXX if USE_GLIBC
default USE_UCLIBCXX
help
Select the preferred standard C++ library for all packages that support this.
config PKG_CHECK_FORMAT_SECURITY
bool
prompt "Enable gcc format-security"
- default n
+ default y
help
Add -Wformat -Werror=format-security to the CFLAGS. You can disable
this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package
choice
prompt "User space Stack-Smashing Protection"
- default PKG_CC_STACKPROTECTOR_NONE
+ depends on USE_MUSL
+ default PKG_CC_STACKPROTECTOR_REGULAR
help
Enable GCC Stack Smashing Protection (SSP) for userspace applications
config PKG_CC_STACKPROTECTOR_NONE
bool "None"
config PKG_CC_STACKPROTECTOR_REGULAR
bool "Regular"
- select SSP_SUPPORT
+ select SSP_SUPPORT if !USE_MUSL
depends on KERNEL_CC_STACKPROTECTOR_REGULAR
config PKG_CC_STACKPROTECTOR_STRONG
bool "Strong"
- select SSP_SUPPORT
- depends on GCC_VERSION_4_9_LINARO
+ select SSP_SUPPORT if !USE_MUSL
+ depends on !GCC_VERSION_4_8
depends on KERNEL_CC_STACKPROTECTOR_STRONG
endchoice
choice
prompt "Kernel space Stack-Smashing Protection"
- default KERNEL_CC_STACKPROTECTOR_NONE
+ default KERNEL_CC_STACKPROTECTOR_REGULAR
+ depends on USE_MUSL || !(x86_64 || i386)
help
Enable GCC Stack-Smashing Protection (SSP) for the kernel
config KERNEL_CC_STACKPROTECTOR_NONE
config KERNEL_CC_STACKPROTECTOR_REGULAR
bool "Regular"
config KERNEL_CC_STACKPROTECTOR_STRONG
- depends on GCC_VERSION_4_9_LINARO
+ depends on !GCC_VERSION_4_8
bool "Strong"
endchoice
choice
prompt "Enable buffer-overflows detection (FORTIFY_SOURCE)"
+ default PKG_FORTIFY_SOURCE_1
help
Enable the _FORTIFY_SOURCE macro which introduces additional
checks to detect buffer-overflows in the following standard library
functions: memcpy, mempcpy, memmove, memset, strcpy, stpcpy,
strncpy, strcat, strncat, sprintf, vsprintf, snprintf, vsnprintf,
gets. "Conservative" (_FORTIFY_SOURCE set to 1) only introduces
- checks that sholdn't change the behavior of conforming programs,
+ checks that shouldn't change the behavior of conforming programs,
while "aggressive" (_FORTIFY_SOURCES set to 2) some more checking is
added, but some conforming programs might fail.
config PKG_FORTIFY_SOURCE_NONE
choice
prompt "Enable RELRO protection"
+ default PKG_RELRO_FULL
help
- Enable a link-time protection know as RELRO (Relocation Read Only)
+ Enable a link-time protection known as RELRO (Relocation Read Only)
which helps to protect from certain type of exploitation techniques
altering the content of some ELF sections. "Partial" RELRO makes the
.dynamic section not writeable after initialization, introducing