config EXPERIMENTAL
bool "Enable experimental features by default"
- default n
help
Set this option to build with latest bleeding edge features
which may or may not work as expected.
positive and negative). But do so only if you know how to
recover your device in case of flashing potentially non-working
firmware.
-
+
If you plan to use this build in production, say NO!
menu "Global build settings"
config JSON_OVERVIEW_IMAGE_INFO
bool "Create JSON info file overview per target"
- default BUILDBOT
+ default y
help
Create a JSON info file called profiles.json in the target
directory containing machine readable list of built profiles
and resulting images.
+ config JSON_CYCLONEDX_SBOM
+ bool "Create CycloneDX SBOM JSON"
+ default BUILDBOT
+ help
+ Create a JSON files *.bom.cdx.json in the build
+ directory containing Software Bill Of Materials in CycloneDX
+ format.
+
config ALL_NONSHARED
bool "Select all target specific packages by default"
select ALL_KMODS
config BUILDBOT
bool "Set build defaults for automatic builds (e.g. via buildbot)"
- default n
help
This option changes several defaults to be more suitable for
automatic builds. This includes the following changes:
bool "Enable signature checking in opkg"
default SIGNED_PACKAGES
+ config DOWNLOAD_CHECK_CERTIFICATE
+ bool "Enable TLS certificate verification during package download"
+ default y
+
comment "General build options"
config TESTING_KERNEL
config DISPLAY_SUPPORT
bool "Show packages that require graphics support (local or remote)"
- default n
config BUILD_PATENTED
- default n
bool "Compile with support for patented functionality"
help
When this option is disabled, software which provides patented functionality
functionality, this optional support will get disabled for this package.
config BUILD_NLS
- default n
bool "Compile with full language support"
help
When this option is enabled, packages are built with the full versions of
config CLEAN_IPKG
bool
prompt "Remove ipkg/opkg status data files in final images"
- default n
help
This removes all ipkg/opkg status data files from the target directory
before building the root filesystem.
config IPK_FILES_CHECKSUMS
bool
prompt "Record files checksums in package metadata"
- default n
help
This makes file checksums part of package metadata. It increases size
- but provides you with pkg_check command to check for flash coruptions.
+ but provides you with pkg_check command to check for flash corruptions.
config INCLUDE_CONFIG
bool "Include build configuration in firmware" if DEVEL
- default n
help
If enabled, buildinfo files will be stored in /etc/build.* of firmware.
config DEBUG
bool
prompt "Compile packages with debugging info"
- default n
help
Adds -g3 to the CFLAGS.
- config IPV6
+ config USE_GC_SECTIONS
bool
- prompt "Enable IPv6 support in packages"
- default y
+ prompt "Dead code and data elimination for all packages (EXPERIMENTAL)"
+ help
+ Places functions and data items into its own sections to use the linker's
+ garbage collection capabilites.
+ Packages can choose to opt-out via setting PKG_BUILD_FLAGS:=no-gc-sections
+
+ config USE_LTO
+ bool
+ prompt "Use the link-time optimizer for all packages (EXPERIMENTAL)"
help
- Enables IPv6 support in kernel (builtin) and packages.
+ Adds LTO flags to the CFLAGS and LDFLAGS.
+ Packages can choose to opt-out via setting PKG_BUILD_FLAGS:=no-lto
+
+ config MOLD
+ depends on (aarch64 || arm || i386 || i686 || m68k || powerpc || powerpc64 || sh4 || x86_64)
+ depends on !GCC_USE_VERSION_11
+ def_bool $(shell, ./config/check-hostcxx.sh 10 2 12)
+
+ config USE_MOLD
+ bool
+ prompt "Use the mold linker for all packages"
+ depends on MOLD
+ help
+ Link packages with mold, a modern linker
+ Packages can opt-out via setting PKG_BUILD_FLAGS:=no-mold
+
+ config IPV6
+ def_bool y
comment "Stripping options"
choice
prompt "Binary stripping method"
- default USE_STRIP if EXTERNAL_TOOLCHAIN
default USE_STRIP if USE_GLIBC
default USE_SSTRIP
help
help
This will install binaries stripped using strip from binutils.
-
config USE_SSTRIP
bool "sstrip"
depends on !USE_GLIBC
help
Specifies arguments passed to the strip command when stripping binaries.
- config SSTRIP_ARGS
- string
- prompt "Sstrip arguments"
- depends on USE_SSTRIP
- default "-z"
+ config SSTRIP_DISCARD_TRAILING_ZEROES
+ bool "Strip trailing zero bytes"
+ depends on USE_SSTRIP && !USE_MOLD
+ default y
help
- Specifies arguments passed to the sstrip command when stripping binaries.
+ Use sstrip's -z option to discard trailing zero bytes
config STRIP_KERNEL_EXPORTS
bool "Strip unnecessary exports from the kernel image"
make the system libraries incompatible with most of the packages that are
not selected during the build process.
- choice
- prompt "Preferred standard C++ library"
- default USE_LIBSTDCXX if USE_GLIBC
- default USE_UCLIBCXX
- help
- Select the preferred standard C++ library for all packages that support this.
-
- config USE_UCLIBCXX
- bool "uClibc++"
-
- config USE_LIBSTDCXX
- bool "libstdc++"
- endchoice
-
comment "Hardening build options"
config PKG_CHECK_FORMAT_SECURITY
endchoice
+ config SECCOMP
+ bool "Enable SECCOMP"
+ select KERNEL_SECCOMP
+ select PACKAGE_procd-seccomp
+ depends on (aarch64 || arm || armeb || mips || mipsel || mips64 || mips64el || i386 || powerpc || x86_64)
+ depends on !TARGET_uml
+ default y
+ help
+ This option enables seccomp kernel features to safely
+ execute untrusted bytecode and selects the seccomp-variants
+ of procd
+
endmenu