X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fopenwrt.git;a=blobdiff_plain;f=config%2FConfig-build.in;h=a082a5e0e2ed9ad3e9749440c3f244aee8668072;hp=23cf83bc4045f9163bda12210e65c72fe50e764e;hb=0f30f56e3857f3271796f4e5fa8f651841ab1a94;hpb=941fc5e8c8fd48c31c97c9194d1bed786145f978 diff --git a/config/Config-build.in b/config/Config-build.in index 23cf83bc40..a082a5e0e2 100644 --- a/config/Config-build.in +++ b/config/Config-build.in @@ -9,15 +9,26 @@ menu "Global build settings" config ALL_NONSHARED bool "Select all target specific packages by default" - default ALL + select ALL_KMODS + default BUILDBOT config ALL_KMODS bool "Select all kernel module packages by default" - default ALL config ALL bool "Select all userspace packages by default" + select ALL_KMODS + select ALL_NONSHARED + + config BUILDBOT + bool "Set build defaults for automatic builds (e.g. via buildbot)" default n + help + This option changes several defaults to be more suitable for + automatic builds. This includes the following changes: + - Deleting build directories after compiling (to save space) + - Enabling per-device rootfs support + ... config SIGNED_PACKAGES bool "Cryptographically signed package lists" @@ -30,7 +41,7 @@ menu "Global build settings" default n config BUILD_PATENTED - default y + default n bool "Compile with support for patented functionality" help When this option is disabled, software which provides patented functionality @@ -47,10 +58,7 @@ menu "Global build settings" config SHADOW_PASSWORDS bool - prompt "Enable shadow password support" default y - help - Enable shadow password support. config CLEAN_IPKG bool @@ -60,20 +68,28 @@ menu "Global build settings" This removes all ipkg/opkg status data files from the target directory before building the root filesystem. + config INCLUDE_CONFIG + bool "Include build configuration in firmware" if DEVEL + default n + help + If enabled, config.seed will be stored in /etc/build.config of firmware. + config COLLECT_KERNEL_DEBUG bool prompt "Collect kernel debug information" select KERNEL_DEBUG_INFO - default n + default BUILDBOT help This collects debugging symbols from the kernel and all compiled modules. Useful for release builds, so that kernel issues can be debugged offline later. - comment "Kernel build options" + menu "Kernel build options" source "config/Config-kernel.in" + endmenu + comment "Package build options" config DEBUG @@ -90,59 +106,6 @@ menu "Global build settings" help Enables IPv6 support in kernel (builtin) and packages. - config PKG_BUILD_PARALLEL - bool - prompt "Compile certain packages parallelized" - default y - help - This adds a -jX option to certain packages that are known to behave well - for parallel build. By default, the package make processes use the main - jobserver, in which case this option only takes effect when you add -jX - to the make command. - - If you are unsure, select N. - - config PKG_BUILD_USE_JOBSERVER - bool - prompt "Use top-level make jobserver for packages" - depends on PKG_BUILD_PARALLEL - default y - help - This passes the main make process jobserver fds to package builds, - enabling full parallelization across different packages. - - Note that disabling this may overcommit CPU resources depending on the - -j level of the main make process, the number of package submake jobs - selected below and the number of actual CPUs present. - Example: If the main make is passed a -j4 and the submake -j - is also set to 4, we may end up with 16 parallel make processes - in the worst case. - - config PKG_BUILD_JOBS - int - prompt "Number of package submake jobs (2-512)" - range 2 512 - default 2 - depends on PKG_BUILD_PARALLEL && !PKG_BUILD_USE_JOBSERVER - help - The number of jobs (-jX) to pass to packages submake. - - config PKG_DEFAULT_PARALLEL - bool - prompt "Parallelize the default package build rule (May break build)" - depends on PKG_BUILD_PARALLEL - depends on BROKEN - default n - help - Always set the default package build rules to parallel build. - - WARNING: This may break build or kill your cat, as it builds packages - with multiple jobs that are probably not tested in a parallel build - environment. - - Only say Y if you don't mind fixing broken packages. Before reporting - build bugs, set this to N and re-run the build. - comment "Stripping options" choice @@ -221,6 +184,22 @@ menu "Global build settings" this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package Makefile. + config PKG_ASLR_PIE + bool + prompt "User space ASLR PIE compilation" + select BUSYBOX_DEFAULT_PIE + default n + help + Add -fPIC to CFLAGS and -specs=hardened-build-ld to LDFLAGS. + This enables package build as Position Independent Executables (PIE) + to protect against "return-to-text" attacks. This belongs to the + feature of Address Space Layout Randomisation (ASLR), which is + implemented by the kernel and the ELF loader by randomising the + location of memory allocations. This makes memory addresses harder + to predict when an attacker is attempting a memory-corruption exploit. + You can disable this per package by adding PKG_ASLR_PIE:=0 in the package + Makefile. + choice prompt "User space Stack-Smashing Protection" depends on USE_MUSL @@ -231,12 +210,12 @@ menu "Global build settings" bool "None" config PKG_CC_STACKPROTECTOR_REGULAR bool "Regular" - select SSP_SUPPORT if !USE_MUSL + select GCC_LIBSSP if !USE_MUSL depends on KERNEL_CC_STACKPROTECTOR_REGULAR config PKG_CC_STACKPROTECTOR_STRONG bool "Strong" - select SSP_SUPPORT if !USE_MUSL - depends on GCC_VERSION_5 + select GCC_LIBSSP if !USE_MUSL + depends on !GCC_VERSION_4_8 depends on KERNEL_CC_STACKPROTECTOR_STRONG endchoice @@ -251,7 +230,7 @@ menu "Global build settings" config KERNEL_CC_STACKPROTECTOR_REGULAR bool "Regular" config KERNEL_CC_STACKPROTECTOR_STRONG - depends on GCC_VERSION_5 + depends on !GCC_VERSION_4_8 bool "Strong" endchoice