X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fopenwrt.git;a=blobdiff_plain;f=config%2FConfig-build.in;h=0584820cddfd8bd6285c1a52fcb0088e9cd5d16e;hp=280f71923b7481074c6b7a38798274859a1b58b6;hb=f8140c9caf4d037e4347e828a96d9008a7e16f02;hpb=491f3fc048c0a8c1b55019a3f45684cc252408d5 diff --git a/config/Config-build.in b/config/Config-build.in index 280f71923b..0584820cdd 100644 --- a/config/Config-build.in +++ b/config/Config-build.in @@ -6,10 +6,18 @@ menu "Global build settings" + config ALL_KMODS + bool "Select all kernel module packages by default" + default ALL + config ALL - bool "Select all packages by default" + bool "Select all userspace packages by default" default n + config SIGNED_PACKAGES + bool "Cryptographically signed package lists" + default y + comment "General build options" config DISPLAY_SUPPORT @@ -32,14 +40,6 @@ menu "Global build settings" iconv and GNU gettext instead of the default OpenWrt stubs. If uClibc is used, it is also built with locale support. - config BUILD_STATIC_TOOLS - default n - bool "Attempt to link host utilities statically" - help - Linking host utilities like sed or firmware-utils statically increases the - portability of the generated ImageBuilder and SDK tarballs; however, it may - fail on some Linux distributions. - config SHADOW_PASSWORDS bool prompt "Enable shadow password support" @@ -143,7 +143,7 @@ menu "Global build settings" choice prompt "Binary stripping method" default USE_STRIP if EXTERNAL_TOOLCHAIN - default USE_STRIP if USE_GLIBC || USE_EGLIBC || USE_MUSL + default USE_STRIP if USE_GLIBC || USE_MUSL default USE_SSTRIP help Select the binary stripping method you wish to use. @@ -164,7 +164,6 @@ menu "Global build settings" bool "sstrip" depends on !DEBUG depends on !USE_GLIBC - depends on !USE_EGLIBC help This will install binaries stripped using sstrip. endchoice @@ -195,7 +194,7 @@ menu "Global build settings" choice prompt "Preferred standard C++ library" - default USE_LIBSTDCXX if USE_EGLIBC + default USE_LIBSTDCXX if USE_GLIBC default USE_UCLIBCXX help Select the preferred standard C++ library for all packages that support this. @@ -212,7 +211,7 @@ menu "Global build settings" config PKG_CHECK_FORMAT_SECURITY bool prompt "Enable gcc format-security" - default n + default y help Add -Wformat -Werror=format-security to the CFLAGS. You can disable this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package @@ -251,14 +250,14 @@ menu "Global build settings" endchoice choice - prompt "Enable buffer-overflows detction (FORTIFY_SOURCE)" + prompt "Enable buffer-overflows detection (FORTIFY_SOURCE)" help Enable the _FORTIFY_SOURCE macro which introduces additional checks to detect buffer-overflows in the following standard library functions: memcpy, mempcpy, memmove, memset, strcpy, stpcpy, strncpy, strcat, strncat, sprintf, vsprintf, snprintf, vsnprintf, gets. "Conservative" (_FORTIFY_SOURCE set to 1) only introduces - checks that sholdn't change the behavior of conforming programs, + checks that shouldn't change the behavior of conforming programs, while "aggressive" (_FORTIFY_SOURCES set to 2) some more checking is added, but some conforming programs might fail. config PKG_FORTIFY_SOURCE_NONE @@ -271,8 +270,9 @@ menu "Global build settings" choice prompt "Enable RELRO protection" + default PKG_RELRO_FULL help - Enable a link-time protection know as RELRO (Relocation Read Only) + Enable a link-time protection known as RELRO (Relocation Read Only) which helps to protect from certain type of exploitation techniques altering the content of some ELF sections. "Partial" RELRO makes the .dynamic section not writeable after initialization, introducing