projects / openwrt / openwrt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
mbedtls: update to version 2.7.0
[openwrt/openwrt.git] / config / Config-build.in
1 # Copyright (C) 2006-2013 OpenWrt.org
2 # Copyright (C) 2016 LEDE Project
3 #
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
6 #
7
8 menu "Global build settings"
9
10 config ALL_NONSHARED
11 bool "Select all target specific packages by default"
12 select ALL_KMODS
13 default BUILDBOT
14
15 config ALL_KMODS
16 bool "Select all kernel module packages by default"
17
18 config ALL
19 bool "Select all userspace packages by default"
20 select ALL_KMODS
21 select ALL_NONSHARED
22
23 config BUILDBOT
24 bool "Set build defaults for automatic builds (e.g. via buildbot)"
25 default n
26 help
27 This option changes several defaults to be more suitable for
28 automatic builds. This includes the following changes:
29 - Deleting build directories after compiling (to save space)
30 - Enabling per-device rootfs support
31 ...
32
33 config SIGNED_PACKAGES
34 bool "Cryptographically signed package lists"
35 default y
36
37 comment "General build options"
38
39 config DISPLAY_SUPPORT
40 bool "Show packages that require graphics support (local or remote)"
41 default n
42
43 config BUILD_PATENTED
44 default y
45 bool "Compile with support for patented functionality"
46 help
47 When this option is disabled, software which provides patented functionality
48 will not be built. In case software provides optional support for patented
49 functionality, this optional support will get disabled for this package.
50
51 config BUILD_NLS
52 default n
53 bool "Compile with full language support"
54 help
55 When this option is enabled, packages are built with the full versions of
56 iconv and GNU gettext instead of the default OpenWrt stubs. If uClibc is
57 used, it is also built with locale support.
58
59 config SHADOW_PASSWORDS
60 bool
61 default y
62
63 config CLEAN_IPKG
64 bool
65 prompt "Remove ipkg/opkg status data files in final images"
66 default n
67 help
68 This removes all ipkg/opkg status data files from the target directory
69 before building the root filesystem.
70
71 config COLLECT_KERNEL_DEBUG
72 bool
73 prompt "Collect kernel debug information"
74 select KERNEL_DEBUG_INFO
75 default BUILDBOT
76 help
77 This collects debugging symbols from the kernel and all compiled modules.
78 Useful for release builds, so that kernel issues can be debugged offline
79 later.
80
81 comment "Kernel build options"
82
83 source "config/Config-kernel.in"
84
85 comment "Package build options"
86
87 config DEBUG
88 bool
89 prompt "Compile packages with debugging info"
90 default n
91 help
92 Adds -g3 to the CFLAGS.
93
94 config IPV6
95 bool
96 prompt "Enable IPv6 support in packages"
97 default y
98 help
99 Enables IPv6 support in kernel (builtin) and packages.
100
101 comment "Stripping options"
102
103 choice
104 prompt "Binary stripping method"
105 default USE_STRIP if EXTERNAL_TOOLCHAIN
106 default USE_STRIP if USE_GLIBC
107 default USE_SSTRIP
108 help
109 Select the binary stripping method you wish to use.
110
111 config NO_STRIP
112 bool "none"
113 help
114 This will install unstripped binaries (useful for native
115 compiling/debugging).
116
117 config USE_STRIP
118 bool "strip"
119 help
120 This will install binaries stripped using strip from binutils.
121
122
123 config USE_SSTRIP
124 bool "sstrip"
125 depends on !USE_GLIBC
126 help
127 This will install binaries stripped using sstrip.
128 endchoice
129
130 config STRIP_ARGS
131 string
132 prompt "Strip arguments"
133 depends on USE_STRIP
134 default "--strip-unneeded --remove-section=.comment --remove-section=.note" if DEBUG
135 default "--strip-all"
136 help
137 Specifies arguments passed to the strip command when stripping binaries.
138
139 config STRIP_KERNEL_EXPORTS
140 bool "Strip unnecessary exports from the kernel image"
141 help
142 Reduces kernel size by stripping unused kernel exports from the kernel
143 image. Note that this might make the kernel incompatible with any kernel
144 modules that were not selected at the time the kernel image was created.
145
146 config USE_MKLIBS
147 bool "Strip unnecessary functions from libraries"
148 help
149 Reduces libraries to only those functions that are necessary for using all
150 selected packages (including those selected as <M>). Note that this will
151 make the system libraries incompatible with most of the packages that are
152 not selected during the build process.
153
154 choice
155 prompt "Preferred standard C++ library"
156 default USE_LIBSTDCXX if USE_GLIBC
157 default USE_UCLIBCXX
158 help
159 Select the preferred standard C++ library for all packages that support this.
160
161 config USE_UCLIBCXX
162 bool "uClibc++"
163
164 config USE_LIBSTDCXX
165 bool "libstdc++"
166 endchoice
167
168 comment "Hardening build options"
169
170 config PKG_CHECK_FORMAT_SECURITY
171 bool
172 prompt "Enable gcc format-security"
173 default y
174 help
175 Add -Wformat -Werror=format-security to the CFLAGS. You can disable
176 this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package
177 Makefile.
178
179 choice
180 prompt "User space Stack-Smashing Protection"
181 depends on USE_MUSL
182 default PKG_CC_STACKPROTECTOR_REGULAR
183 help
184 Enable GCC Stack Smashing Protection (SSP) for userspace applications
185 config PKG_CC_STACKPROTECTOR_NONE
186 bool "None"
187 config PKG_CC_STACKPROTECTOR_REGULAR
188 bool "Regular"
189 select SSP_SUPPORT if !USE_MUSL
190 depends on KERNEL_CC_STACKPROTECTOR_REGULAR
191 config PKG_CC_STACKPROTECTOR_STRONG
192 bool "Strong"
193 select SSP_SUPPORT if !USE_MUSL
194 depends on !GCC_VERSION_4_8
195 depends on KERNEL_CC_STACKPROTECTOR_STRONG
196 endchoice
197
198 choice
199 prompt "Kernel space Stack-Smashing Protection"
200 default KERNEL_CC_STACKPROTECTOR_REGULAR
201 depends on USE_MUSL || !(x86_64 || i386)
202 help
203 Enable GCC Stack-Smashing Protection (SSP) for the kernel
204 config KERNEL_CC_STACKPROTECTOR_NONE
205 bool "None"
206 config KERNEL_CC_STACKPROTECTOR_REGULAR
207 bool "Regular"
208 config KERNEL_CC_STACKPROTECTOR_STRONG
209 depends on !GCC_VERSION_4_8
210 bool "Strong"
211 endchoice
212
213 choice
214 prompt "Enable buffer-overflows detection (FORTIFY_SOURCE)"
215 default PKG_FORTIFY_SOURCE_1
216 help
217 Enable the _FORTIFY_SOURCE macro which introduces additional
218 checks to detect buffer-overflows in the following standard library
219 functions: memcpy, mempcpy, memmove, memset, strcpy, stpcpy,
220 strncpy, strcat, strncat, sprintf, vsprintf, snprintf, vsnprintf,
221 gets. "Conservative" (_FORTIFY_SOURCE set to 1) only introduces
222 checks that shouldn't change the behavior of conforming programs,
223 while "aggressive" (_FORTIFY_SOURCES set to 2) some more checking is
224 added, but some conforming programs might fail.
225 config PKG_FORTIFY_SOURCE_NONE
226 bool "None"
227 config PKG_FORTIFY_SOURCE_1
228 bool "Conservative"
229 config PKG_FORTIFY_SOURCE_2
230 bool "Aggressive"
231 endchoice
232
233 choice
234 prompt "Enable RELRO protection"
235 default PKG_RELRO_FULL
236 help
237 Enable a link-time protection known as RELRO (Relocation Read Only)
238 which helps to protect from certain type of exploitation techniques
239 altering the content of some ELF sections. "Partial" RELRO makes the
240 .dynamic section not writeable after initialization, introducing
241 almost no performance penalty, while "full" RELRO also marks the GOT
242 as read-only at the cost of initializing all of it at startup.
243 config PKG_RELRO_NONE
244 bool "None"
245 config PKG_RELRO_PARTIAL
246 bool "Partial"
247 config PKG_RELRO_FULL
248 bool "Full"
249 endchoice
250
251 endmenu
OpenWrt Source Repository