base-files: allocate uid/gid starting from 65536
[openwrt/openwrt.git] / config / Config-build.in
1 # Copyright (C) 2006-2013 OpenWrt.org
2 # Copyright (C) 2016 LEDE Project
3 #
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
6 #
7
8 menu "Global build settings"
9
10 config ALL_NONSHARED
11 bool "Select all target specific packages by default"
12 default ALL || BUILDBOT
13
14 config ALL_KMODS
15 bool "Select all kernel module packages by default"
16 default ALL
17
18 config ALL
19 bool "Select all userspace packages by default"
20 default n
21
22 config BUILDBOT
23 bool "Set build defaults for automatic builds (e.g. via buildbot)"
24 default n
25 help
26 This option changes several defaults to be more suitable for
27 automatic builds. This includes the following changes:
28 - Deleting build directories after compiling (to save space)
29 - Enabling per-device rootfs support
30 ...
31
32 config SIGNED_PACKAGES
33 bool "Cryptographically signed package lists"
34 default y
35
36 comment "General build options"
37
38 config DISPLAY_SUPPORT
39 bool "Show packages that require graphics support (local or remote)"
40 default n
41
42 config BUILD_PATENTED
43 default y
44 bool "Compile with support for patented functionality"
45 help
46 When this option is disabled, software which provides patented functionality
47 will not be built. In case software provides optional support for patented
48 functionality, this optional support will get disabled for this package.
49
50 config BUILD_NLS
51 default n
52 bool "Compile with full language support"
53 help
54 When this option is enabled, packages are built with the full versions of
55 iconv and GNU gettext instead of the default OpenWrt stubs. If uClibc is
56 used, it is also built with locale support.
57
58 config SHADOW_PASSWORDS
59 bool
60 default y
61
62 config CLEAN_IPKG
63 bool
64 prompt "Remove ipkg/opkg status data files in final images"
65 default n
66 help
67 This removes all ipkg/opkg status data files from the target directory
68 before building the root filesystem.
69
70 config INCLUDE_CONFIG
71 bool "Include build configuration in firmware" if DEVEL
72 default n
73 help
74 If enabled, config.seed will be stored in /etc/build.config of firmware.
75
76 config COLLECT_KERNEL_DEBUG
77 bool
78 prompt "Collect kernel debug information"
79 select KERNEL_DEBUG_INFO
80 default BUILDBOT
81 help
82 This collects debugging symbols from the kernel and all compiled modules.
83 Useful for release builds, so that kernel issues can be debugged offline
84 later.
85
86 menu "Kernel build options"
87
88 source "config/Config-kernel.in"
89
90 endmenu
91
92 comment "Package build options"
93
94 config DEBUG
95 bool
96 prompt "Compile packages with debugging info"
97 default n
98 help
99 Adds -g3 to the CFLAGS.
100
101 config IPV6
102 bool
103 prompt "Enable IPv6 support in packages"
104 default y
105 help
106 Enables IPv6 support in kernel (builtin) and packages.
107
108 comment "Stripping options"
109
110 choice
111 prompt "Binary stripping method"
112 default USE_STRIP if EXTERNAL_TOOLCHAIN
113 default USE_STRIP if USE_GLIBC
114 default USE_SSTRIP
115 help
116 Select the binary stripping method you wish to use.
117
118 config NO_STRIP
119 bool "none"
120 help
121 This will install unstripped binaries (useful for native
122 compiling/debugging).
123
124 config USE_STRIP
125 bool "strip"
126 help
127 This will install binaries stripped using strip from binutils.
128
129
130 config USE_SSTRIP
131 bool "sstrip"
132 depends on !USE_GLIBC
133 help
134 This will install binaries stripped using sstrip.
135 endchoice
136
137 config STRIP_ARGS
138 string
139 prompt "Strip arguments"
140 depends on USE_STRIP
141 default "--strip-unneeded --remove-section=.comment --remove-section=.note" if DEBUG
142 default "--strip-all"
143 help
144 Specifies arguments passed to the strip command when stripping binaries.
145
146 config STRIP_KERNEL_EXPORTS
147 bool "Strip unnecessary exports from the kernel image"
148 help
149 Reduces kernel size by stripping unused kernel exports from the kernel
150 image. Note that this might make the kernel incompatible with any kernel
151 modules that were not selected at the time the kernel image was created.
152
153 config USE_MKLIBS
154 bool "Strip unnecessary functions from libraries"
155 help
156 Reduces libraries to only those functions that are necessary for using all
157 selected packages (including those selected as <M>). Note that this will
158 make the system libraries incompatible with most of the packages that are
159 not selected during the build process.
160
161 choice
162 prompt "Preferred standard C++ library"
163 default USE_LIBSTDCXX if USE_GLIBC
164 default USE_UCLIBCXX
165 help
166 Select the preferred standard C++ library for all packages that support this.
167
168 config USE_UCLIBCXX
169 bool "uClibc++"
170
171 config USE_LIBSTDCXX
172 bool "libstdc++"
173 endchoice
174
175 comment "Hardening build options"
176
177 config PKG_CHECK_FORMAT_SECURITY
178 bool
179 prompt "Enable gcc format-security"
180 default y
181 help
182 Add -Wformat -Werror=format-security to the CFLAGS. You can disable
183 this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package
184 Makefile.
185
186 choice
187 prompt "User space Stack-Smashing Protection"
188 depends on USE_MUSL
189 default PKG_CC_STACKPROTECTOR_REGULAR
190 help
191 Enable GCC Stack Smashing Protection (SSP) for userspace applications
192 config PKG_CC_STACKPROTECTOR_NONE
193 bool "None"
194 config PKG_CC_STACKPROTECTOR_REGULAR
195 bool "Regular"
196 select SSP_SUPPORT if !USE_MUSL
197 depends on KERNEL_CC_STACKPROTECTOR_REGULAR
198 config PKG_CC_STACKPROTECTOR_STRONG
199 bool "Strong"
200 select SSP_SUPPORT if !USE_MUSL
201 depends on !GCC_VERSION_4_8
202 depends on KERNEL_CC_STACKPROTECTOR_STRONG
203 endchoice
204
205 choice
206 prompt "Kernel space Stack-Smashing Protection"
207 default KERNEL_CC_STACKPROTECTOR_REGULAR
208 depends on USE_MUSL || !(x86_64 || i386)
209 help
210 Enable GCC Stack-Smashing Protection (SSP) for the kernel
211 config KERNEL_CC_STACKPROTECTOR_NONE
212 bool "None"
213 config KERNEL_CC_STACKPROTECTOR_REGULAR
214 bool "Regular"
215 config KERNEL_CC_STACKPROTECTOR_STRONG
216 depends on !GCC_VERSION_4_8
217 bool "Strong"
218 endchoice
219
220 choice
221 prompt "Enable buffer-overflows detection (FORTIFY_SOURCE)"
222 default PKG_FORTIFY_SOURCE_1
223 help
224 Enable the _FORTIFY_SOURCE macro which introduces additional
225 checks to detect buffer-overflows in the following standard library
226 functions: memcpy, mempcpy, memmove, memset, strcpy, stpcpy,
227 strncpy, strcat, strncat, sprintf, vsprintf, snprintf, vsnprintf,
228 gets. "Conservative" (_FORTIFY_SOURCE set to 1) only introduces
229 checks that shouldn't change the behavior of conforming programs,
230 while "aggressive" (_FORTIFY_SOURCES set to 2) some more checking is
231 added, but some conforming programs might fail.
232 config PKG_FORTIFY_SOURCE_NONE
233 bool "None"
234 config PKG_FORTIFY_SOURCE_1
235 bool "Conservative"
236 config PKG_FORTIFY_SOURCE_2
237 bool "Aggressive"
238 endchoice
239
240 choice
241 prompt "Enable RELRO protection"
242 default PKG_RELRO_FULL
243 help
244 Enable a link-time protection known as RELRO (Relocation Read Only)
245 which helps to protect from certain type of exploitation techniques
246 altering the content of some ELF sections. "Partial" RELRO makes the
247 .dynamic section not writeable after initialization, introducing
248 almost no performance penalty, while "full" RELRO also marks the GOT
249 as read-only at the cost of initializing all of it at startup.
250 config PKG_RELRO_NONE
251 bool "None"
252 config PKG_RELRO_PARTIAL
253 bool "Partial"
254 config PKG_RELRO_FULL
255 bool "Full"
256 endchoice
257
258 endmenu