X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=config%2FConfig-build.in;h=5ad940ba6c235cc222557003640c8a4136b8f2dd;hb=fb0fcf9ae29ee8c34247880ed5d103fc8c5f0468;hp=64057cf027eccecb5e35be5ffdf2bf6514540ccc;hpb=f6433f63ef26c416d1097449526f88c477f0a334;p=openwrt%2Fopenwrt.git

diff --git a/config/Config-build.in b/config/Config-build.in
index 64057cf027..5ad940ba6c 100644
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -6,10 +6,18 @@
 
 menu "Global build settings"
 
+	config ALL_KMODS
+		bool "Select all kernel module packages by default"
+		default ALL
+
 	config ALL
-		bool "Select all packages by default"
+		bool "Select all userspace packages by default"
 		default n
 
+	config SIGNED_PACKAGES
+		bool "Cryptographically signed package lists"
+		default y
+
 	comment "General build options"
 
 	config DISPLAY_SUPPORT
@@ -32,14 +40,6 @@ menu "Global build settings"
 		  iconv and GNU gettext instead of the default OpenWrt stubs. If uClibc is
 		  used, it is also built with locale support.
 
-	config BUILD_STATIC_TOOLS
-		default n
-		bool "Attempt to link host utilities statically"
-		help
-		  Linking host utilities like sed or firmware-utils statically increases the
-		  portability of the generated ImageBuilder and SDK tarballs; however, it may
-		  fail on some Linux distributions.
-
 	config SHADOW_PASSWORDS
 		bool
 		prompt "Enable shadow password support"
@@ -83,7 +83,7 @@ menu "Global build settings"
 		prompt "Enable IPv6 support in packages"
 		default y
 		help
-		  Enable IPv6 support in packages (passes --enable-ipv6 to configure scripts).
+		  Enables IPv6 support in kernel (builtin) and packages.
 
 	config PKG_BUILD_PARALLEL
 		bool
@@ -143,7 +143,7 @@ menu "Global build settings"
 	choice
 		prompt "Binary stripping method"
 		default USE_STRIP   if EXTERNAL_TOOLCHAIN
-		default USE_STRIP   if USE_GLIBC || USE_EGLIBC || USE_MUSL
+		default USE_STRIP   if USE_GLIBC
 		default USE_SSTRIP
 		help
 		  Select the binary stripping method you wish to use.
@@ -152,7 +152,7 @@ menu "Global build settings"
 			bool "none"
 			help
 			  This will install unstripped binaries (useful for native
-		 	  compiling/debugging).
+			  compiling/debugging).
 
 		config USE_STRIP
 			bool "strip"
@@ -162,9 +162,7 @@ menu "Global build settings"
 
 		config USE_SSTRIP
 			bool "sstrip"
-			depends on !DEBUG
 			depends on !USE_GLIBC
-			depends on !USE_EGLIBC
 			help
 			  This will install binaries stripped using sstrip.
 	endchoice
@@ -195,7 +193,7 @@ menu "Global build settings"
 
 	choice
 		prompt "Preferred standard C++ library"
-		default USE_LIBSTDCXX if USE_EGLIBC
+		default USE_LIBSTDCXX if USE_GLIBC
 		default USE_UCLIBCXX
 		help
 		  Select the preferred standard C++ library for all packages that support this.
@@ -212,7 +210,7 @@ menu "Global build settings"
 	config PKG_CHECK_FORMAT_SECURITY
 		bool
 		prompt "Enable gcc format-security"
-		default n
+		default y
 		help
 		  Add -Wformat -Werror=format-security to the CFLAGS.  You can disable
 		  this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package
@@ -220,25 +218,27 @@ menu "Global build settings"
 
 	choice
 		prompt "User space Stack-Smashing Protection"
-		default PKG_CC_STACKPROTECTOR_NONE
+		depends on USE_MUSL
+		default PKG_CC_STACKPROTECTOR_REGULAR
 		help
 		  Enable GCC Stack Smashing Protection (SSP) for userspace applications
 		config PKG_CC_STACKPROTECTOR_NONE
 			bool "None"
 		config PKG_CC_STACKPROTECTOR_REGULAR
 			bool "Regular"
-			select SSP_SUPPORT
+			select SSP_SUPPORT if !USE_MUSL
 			depends on KERNEL_CC_STACKPROTECTOR_REGULAR
 		config PKG_CC_STACKPROTECTOR_STRONG
 			bool "Strong"
-			select SSP_SUPPORT
-			depends on GCC_VERSION_4_9_LINARO
+			select SSP_SUPPORT if !USE_MUSL
+			depends on GCC_VERSION_5
 			depends on KERNEL_CC_STACKPROTECTOR_STRONG
 	endchoice
 
 	choice
 		prompt "Kernel space Stack-Smashing Protection"
-		default KERNEL_CC_STACKPROTECTOR_NONE
+		default KERNEL_CC_STACKPROTECTOR_REGULAR
+		depends on USE_MUSL || !(x86_64 || i386)
 		help
 		  Enable GCC Stack-Smashing Protection (SSP) for the kernel
 		config KERNEL_CC_STACKPROTECTOR_NONE
@@ -246,12 +246,13 @@ menu "Global build settings"
 		config KERNEL_CC_STACKPROTECTOR_REGULAR
 			bool "Regular"
 		config KERNEL_CC_STACKPROTECTOR_STRONG
-			depends on GCC_VERSION_4_9_LINARO
+			depends on GCC_VERSION_5
 			bool "Strong"
 	endchoice
 
 	choice
 		prompt "Enable buffer-overflows detection (FORTIFY_SOURCE)"
+		default PKG_FORTIFY_SOURCE_1
 		help
 		  Enable the _FORTIFY_SOURCE macro which introduces additional
 		  checks to detect buffer-overflows in the following standard library
@@ -271,6 +272,7 @@ menu "Global build settings"
 
 	choice
 		prompt "Enable RELRO protection"
+		default PKG_RELRO_FULL
 		help
 		  Enable a link-time protection known as RELRO (Relocation Read Only)
 		  which helps to protect from certain type of exploitation techniques