projects / openwrt / staging / wigyori.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
image: don't modify file permissions before rootfs generation
[openwrt/staging/wigyori.git] / config / Config-build.in
1 # Copyright (C) 2006-2013 OpenWrt.org
2 # Copyright (C) 2016 LEDE Project
3 #
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
6 #
7
8 menu "Global build settings"
9
10 config ALL_NONSHARED
11 bool "Select all target specific packages by default"
12 default ALL
13
14 config ALL_KMODS
15 bool "Select all kernel module packages by default"
16 default ALL
17
18 config ALL
19 bool "Select all userspace packages by default"
20 default n
21
22 config SIGNED_PACKAGES
23 bool "Cryptographically signed package lists"
24 default y
25
26 comment "General build options"
27
28 config DISPLAY_SUPPORT
29 bool "Show packages that require graphics support (local or remote)"
30 default n
31
32 config BUILD_PATENTED
33 default y
34 bool "Compile with support for patented functionality"
35 help
36 When this option is disabled, software which provides patented functionality
37 will not be built. In case software provides optional support for patented
38 functionality, this optional support will get disabled for this package.
39
40 config BUILD_NLS
41 default n
42 bool "Compile with full language support"
43 help
44 When this option is enabled, packages are built with the full versions of
45 iconv and GNU gettext instead of the default OpenWrt stubs. If uClibc is
46 used, it is also built with locale support.
47
48 config SHADOW_PASSWORDS
49 bool
50 default y
51
52 config CLEAN_IPKG
53 bool
54 prompt "Remove ipkg/opkg status data files in final images"
55 default n
56 help
57 This removes all ipkg/opkg status data files from the target directory
58 before building the root filesystem.
59
60 config COLLECT_KERNEL_DEBUG
61 bool
62 prompt "Collect kernel debug information"
63 select KERNEL_DEBUG_INFO
64 default n
65 help
66 This collects debugging symbols from the kernel and all compiled modules.
67 Useful for release builds, so that kernel issues can be debugged offline
68 later.
69
70 comment "Kernel build options"
71
72 source "config/Config-kernel.in"
73
74 comment "Package build options"
75
76 config DEBUG
77 bool
78 prompt "Compile packages with debugging info"
79 default n
80 help
81 Adds -g3 to the CFLAGS.
82
83 config IPV6
84 bool
85 prompt "Enable IPv6 support in packages"
86 default y
87 help
88 Enables IPv6 support in kernel (builtin) and packages.
89
90 config PKG_BUILD_PARALLEL
91 bool
92 prompt "Compile certain packages parallelized"
93 default y
94 help
95 This adds a -jX option to certain packages that are known to behave well
96 for parallel build. By default, the package make processes use the main
97 jobserver, in which case this option only takes effect when you add -jX
98 to the make command.
99
100 If you are unsure, select N.
101
102 config PKG_BUILD_USE_JOBSERVER
103 bool
104 prompt "Use top-level make jobserver for packages"
105 depends on PKG_BUILD_PARALLEL
106 default y
107 help
108 This passes the main make process jobserver fds to package builds,
109 enabling full parallelization across different packages.
110
111 Note that disabling this may overcommit CPU resources depending on the
112 -j level of the main make process, the number of package submake jobs
113 selected below and the number of actual CPUs present.
114 Example: If the main make is passed a -j4 and the submake -j
115 is also set to 4, we may end up with 16 parallel make processes
116 in the worst case.
117
118 config PKG_BUILD_JOBS
119 int
120 prompt "Number of package submake jobs (2-512)"
121 range 2 512
122 default 2
123 depends on PKG_BUILD_PARALLEL && !PKG_BUILD_USE_JOBSERVER
124 help
125 The number of jobs (-jX) to pass to packages submake.
126
127 config PKG_DEFAULT_PARALLEL
128 bool
129 prompt "Parallelize the default package build rule (May break build)"
130 depends on PKG_BUILD_PARALLEL
131 depends on BROKEN
132 default n
133 help
134 Always set the default package build rules to parallel build.
135
136 WARNING: This may break build or kill your cat, as it builds packages
137 with multiple jobs that are probably not tested in a parallel build
138 environment.
139
140 Only say Y if you don't mind fixing broken packages. Before reporting
141 build bugs, set this to N and re-run the build.
142
143 comment "Stripping options"
144
145 choice
146 prompt "Binary stripping method"
147 default USE_STRIP if EXTERNAL_TOOLCHAIN
148 default USE_STRIP if USE_GLIBC
149 default USE_SSTRIP
150 help
151 Select the binary stripping method you wish to use.
152
153 config NO_STRIP
154 bool "none"
155 help
156 This will install unstripped binaries (useful for native
157 compiling/debugging).
158
159 config USE_STRIP
160 bool "strip"
161 help
162 This will install binaries stripped using strip from binutils.
163
164
165 config USE_SSTRIP
166 bool "sstrip"
167 depends on !USE_GLIBC
168 help
169 This will install binaries stripped using sstrip.
170 endchoice
171
172 config STRIP_ARGS
173 string
174 prompt "Strip arguments"
175 depends on USE_STRIP
176 default "--strip-unneeded --remove-section=.comment --remove-section=.note" if DEBUG
177 default "--strip-all"
178 help
179 Specifies arguments passed to the strip command when stripping binaries.
180
181 config STRIP_KERNEL_EXPORTS
182 bool "Strip unnecessary exports from the kernel image"
183 help
184 Reduces kernel size by stripping unused kernel exports from the kernel
185 image. Note that this might make the kernel incompatible with any kernel
186 modules that were not selected at the time the kernel image was created.
187
188 config USE_MKLIBS
189 bool "Strip unnecessary functions from libraries"
190 help
191 Reduces libraries to only those functions that are necessary for using all
192 selected packages (including those selected as <M>). Note that this will
193 make the system libraries incompatible with most of the packages that are
194 not selected during the build process.
195
196 choice
197 prompt "Preferred standard C++ library"
198 default USE_LIBSTDCXX if USE_GLIBC
199 default USE_UCLIBCXX
200 help
201 Select the preferred standard C++ library for all packages that support this.
202
203 config USE_UCLIBCXX
204 bool "uClibc++"
205
206 config USE_LIBSTDCXX
207 bool "libstdc++"
208 endchoice
209
210 comment "Hardening build options"
211
212 config PKG_CHECK_FORMAT_SECURITY
213 bool
214 prompt "Enable gcc format-security"
215 default y
216 help
217 Add -Wformat -Werror=format-security to the CFLAGS. You can disable
218 this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package
219 Makefile.
220
221 choice
222 prompt "User space Stack-Smashing Protection"
223 depends on USE_MUSL
224 default PKG_CC_STACKPROTECTOR_REGULAR
225 help
226 Enable GCC Stack Smashing Protection (SSP) for userspace applications
227 config PKG_CC_STACKPROTECTOR_NONE
228 bool "None"
229 config PKG_CC_STACKPROTECTOR_REGULAR
230 bool "Regular"
231 select SSP_SUPPORT if !USE_MUSL
232 depends on KERNEL_CC_STACKPROTECTOR_REGULAR
233 config PKG_CC_STACKPROTECTOR_STRONG
234 bool "Strong"
235 select SSP_SUPPORT if !USE_MUSL
236 depends on !GCC_VERSION_4_8
237 depends on KERNEL_CC_STACKPROTECTOR_STRONG
238 endchoice
239
240 choice
241 prompt "Kernel space Stack-Smashing Protection"
242 default KERNEL_CC_STACKPROTECTOR_REGULAR
243 depends on USE_MUSL || !(x86_64 || i386)
244 help
245 Enable GCC Stack-Smashing Protection (SSP) for the kernel
246 config KERNEL_CC_STACKPROTECTOR_NONE
247 bool "None"
248 config KERNEL_CC_STACKPROTECTOR_REGULAR
249 bool "Regular"
250 config KERNEL_CC_STACKPROTECTOR_STRONG
251 depends on !GCC_VERSION_4_8
252 bool "Strong"
253 endchoice
254
255 choice
256 prompt "Enable buffer-overflows detection (FORTIFY_SOURCE)"
257 default PKG_FORTIFY_SOURCE_1
258 help
259 Enable the _FORTIFY_SOURCE macro which introduces additional
260 checks to detect buffer-overflows in the following standard library
261 functions: memcpy, mempcpy, memmove, memset, strcpy, stpcpy,
262 strncpy, strcat, strncat, sprintf, vsprintf, snprintf, vsnprintf,
263 gets. "Conservative" (_FORTIFY_SOURCE set to 1) only introduces
264 checks that shouldn't change the behavior of conforming programs,
265 while "aggressive" (_FORTIFY_SOURCES set to 2) some more checking is
266 added, but some conforming programs might fail.
267 config PKG_FORTIFY_SOURCE_NONE
268 bool "None"
269 config PKG_FORTIFY_SOURCE_1
270 bool "Conservative"
271 config PKG_FORTIFY_SOURCE_2
272 bool "Aggressive"
273 endchoice
274
275 choice
276 prompt "Enable RELRO protection"
277 default PKG_RELRO_FULL
278 help
279 Enable a link-time protection known as RELRO (Relocation Read Only)
280 which helps to protect from certain type of exploitation techniques
281 altering the content of some ELF sections. "Partial" RELRO makes the
282 .dynamic section not writeable after initialization, introducing
283 almost no performance penalty, while "full" RELRO also marks the GOT
284 as read-only at the cost of initializing all of it at startup.
285 config PKG_RELRO_NONE
286 bool "None"
287 config PKG_RELRO_PARTIAL
288 bool "Partial"
289 config PKG_RELRO_FULL
290 bool "Full"
291 endchoice
292
293 endmenu
Staging tree of Zoltan Herpai