Config-build.in 8.32 KB
Newer Older
1
2
3
4
5
6
7
8
# Copyright (C) 2006-2013 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#

menu "Global build settings"

9
10
11
12
	config ALL_KMODS
		bool "Select all kernel module packages by default"
		default ALL

13
	config ALL
14
		bool "Select all userspace packages by default"
15
16
		default n

17
18
19
	config SIGNED_PACKAGES
		bool "Cryptographically signed package lists"

20
21
22
23
24
25
26
27
28
29
	comment "General build options"

	config DISPLAY_SUPPORT
		bool "Show packages that require graphics support (local or remote)"
		default n

	config BUILD_PATENTED
		default y
		bool "Compile with support for patented functionality"
		help
30
31
32
		  When this option is disabled, software which provides patented functionality
		  will not be built.  In case software provides optional support for patented
		  functionality, this optional support will get disabled for this package.
33
34
35
36
37

	config BUILD_NLS
		default n
		bool "Compile with full language support"
		help
38
39
40
		  When this option is enabled, packages are built with the full versions of
		  iconv and GNU gettext instead of the default OpenWrt stubs. If uClibc is
		  used, it is also built with locale support.
41
42
43
44
45
46
47
48
49
50
51
52
53

	config SHADOW_PASSWORDS
		bool
		prompt "Enable shadow password support"
		default y
		help
		  Enable shadow password support.

	config CLEAN_IPKG
		bool
		prompt "Remove ipkg/opkg status data files in final images"
		default n
		help
54
55
		  This removes all ipkg/opkg status data files from the target directory
		  before building the root filesystem.
56
57
58
59
60
61
62
63

	config COLLECT_KERNEL_DEBUG
		bool
		prompt "Collect kernel debug information"
		select KERNEL_DEBUG_INFO
		default n
		help
		  This collects debugging symbols from the kernel and all compiled modules.
64
65
		  Useful for release builds, so that kernel issues can be debugged offline
		  later.
66
67
68
69
70
71
72
73
74
75
76
77

	comment "Kernel build options"

	source "config/Config-kernel.in"

	comment "Package build options"

	config DEBUG
		bool
		prompt "Compile packages with debugging info"
		default n
		help
78
		  Adds -g3 to the CFLAGS.
79
80
81
82
83
84

	config IPV6
		bool
		prompt "Enable IPv6 support in packages"
		default y
		help
85
		  Enable IPv6 support in packages (passes --enable-ipv6 to configure scripts).
86
87
88
89
90
91

	config PKG_BUILD_PARALLEL
		bool
		prompt "Compile certain packages parallelized"
		default y
		help
92
93
94
95
		  This adds a -jX option to certain packages that are known to behave well
		  for parallel build. By default, the package make processes use the main
		  jobserver, in which case this option only takes effect when you add -jX
		  to the make command.
96
97
98
99
100
101
102
103
104
105

		  If you are unsure, select N.

	config PKG_BUILD_USE_JOBSERVER
		bool
		prompt "Use top-level make jobserver for packages"
		depends on PKG_BUILD_PARALLEL
		default y
		help
		  This passes the main make process jobserver fds to package builds,
106
		  enabling full parallelization across different packages.
107
108

		  Note that disabling this may overcommit CPU resources depending on the
109
110
		  -j level of the main make process, the number of package submake jobs
		  selected below and the number of actual CPUs present.
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
		  Example: If the main make is passed a -j4 and the submake -j
		  is also set to 4, we may end up with 16 parallel make processes
		  in the worst case.

	config PKG_BUILD_JOBS
		int
		prompt "Number of package submake jobs (2-512)"
		range 2 512
		default 2
		depends on PKG_BUILD_PARALLEL && !PKG_BUILD_USE_JOBSERVER
		help
		  The number of jobs (-jX) to pass to packages submake.

	config PKG_DEFAULT_PARALLEL
		bool
		prompt "Parallelize the default package build rule (May break build)"
		depends on PKG_BUILD_PARALLEL
		depends on BROKEN
		default n
		help
		  Always set the default package build rules to parallel build.

133
134
135
		  WARNING: This may break build or kill your cat, as it builds packages
		  with multiple jobs that are probably not tested in a parallel build
		  environment.
136

137
138
		  Only say Y if you don't mind fixing broken packages.  Before reporting
		  build bugs, set this to N and re-run the build.
139
140
141
142
143
144

	comment "Stripping options"

	choice
		prompt "Binary stripping method"
		default USE_STRIP   if EXTERNAL_TOOLCHAIN
145
		default USE_STRIP   if USE_GLIBC || USE_MUSL
146
147
148
149
150
151
152
		default USE_SSTRIP
		help
		  Select the binary stripping method you wish to use.

		config NO_STRIP
			bool "none"
			help
153
154
			  This will install unstripped binaries (useful for native
		 	  compiling/debugging).
155
156
157
158

		config USE_STRIP
			bool "strip"
			help
159
			  This will install binaries stripped using strip from binutils.
160
161
162
163
164
165
166


		config USE_SSTRIP
			bool "sstrip"
			depends on !DEBUG
			depends on !USE_GLIBC
			help
167
			  This will install binaries stripped using sstrip.
168
169
170
171
172
173
174
175
176
	endchoice

	config STRIP_ARGS
		string
		prompt "Strip arguments"
		depends on USE_STRIP
		default "--strip-unneeded --remove-section=.comment --remove-section=.note" if DEBUG
		default "--strip-all"
		help
177
		  Specifies arguments passed to the strip command when stripping binaries.
178
179
180
181

	config STRIP_KERNEL_EXPORTS
		bool "Strip unnecessary exports from the kernel image"
		help
182
183
184
		  Reduces kernel size by stripping unused kernel exports from the kernel
		  image.  Note that this might make the kernel incompatible with any kernel
		  modules that were not selected at the time the kernel image was created.
185
186
187
188
189

	config USE_MKLIBS
		bool "Strip unnecessary functions from libraries"
		help
		  Reduces libraries to only those functions that are necessary for using all
190
191
192
		  selected packages (including those selected as <M>).  Note that this will
		  make the system libraries incompatible with most of the packages that are
		  not selected during the build process.
193
194
195

	choice
		prompt "Preferred standard C++ library"
196
		default USE_LIBSTDCXX if USE_GLIBC
197
198
199
200
201
202
203
204
205
206
207
		default USE_UCLIBCXX
		help
		  Select the preferred standard C++ library for all packages that support this.

		config USE_UCLIBCXX
			bool "uClibc++"

		config USE_LIBSTDCXX
			bool "libstdc++"
	endchoice

208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
	comment "Hardening build options"

	config PKG_CHECK_FORMAT_SECURITY
		bool
		prompt "Enable gcc format-security"
		default n
		help
		  Add -Wformat -Werror=format-security to the CFLAGS.  You can disable
		  this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package
		  Makefile.

	choice
		prompt "User space Stack-Smashing Protection"
		default PKG_CC_STACKPROTECTOR_NONE
		help
		  Enable GCC Stack Smashing Protection (SSP) for userspace applications
		config PKG_CC_STACKPROTECTOR_NONE
			bool "None"
		config PKG_CC_STACKPROTECTOR_REGULAR
			bool "Regular"
			select SSP_SUPPORT
			depends on KERNEL_CC_STACKPROTECTOR_REGULAR
		config PKG_CC_STACKPROTECTOR_STRONG
			bool "Strong"
			select SSP_SUPPORT
			depends on GCC_VERSION_4_9_LINARO
			depends on KERNEL_CC_STACKPROTECTOR_STRONG
	endchoice

	choice
		prompt "Kernel space Stack-Smashing Protection"
		default KERNEL_CC_STACKPROTECTOR_NONE
		help
		  Enable GCC Stack-Smashing Protection (SSP) for the kernel
		config KERNEL_CC_STACKPROTECTOR_NONE
			bool "None"
		config KERNEL_CC_STACKPROTECTOR_REGULAR
			bool "Regular"
		config KERNEL_CC_STACKPROTECTOR_STRONG
			depends on GCC_VERSION_4_9_LINARO
			bool "Strong"
	endchoice

	choice
252
		prompt "Enable buffer-overflows detection (FORTIFY_SOURCE)"
253
254
255
256
257
258
		help
		  Enable the _FORTIFY_SOURCE macro which introduces additional
		  checks to detect buffer-overflows in the following standard library
		  functions: memcpy, mempcpy, memmove, memset, strcpy, stpcpy,
		  strncpy, strcat, strncat, sprintf, vsprintf, snprintf, vsnprintf,
		  gets.  "Conservative" (_FORTIFY_SOURCE set to 1) only introduces
259
		  checks that shouldn't change the behavior of conforming programs,
260
261
262
263
264
265
266
267
268
269
270
271
272
		  while "aggressive" (_FORTIFY_SOURCES set to 2) some more checking is
		  added, but some conforming programs might fail.
		config PKG_FORTIFY_SOURCE_NONE
			bool "None"
		config PKG_FORTIFY_SOURCE_1
			bool "Conservative"
		config PKG_FORTIFY_SOURCE_2
			bool "Aggressive"
	endchoice

	choice
		prompt "Enable RELRO protection"
		help
273
		  Enable a link-time protection known as RELRO (Relocation Read Only)
274
275
276
277
278
279
280
281
282
283
284
285
286
		  which helps to protect from certain type of exploitation techniques
		  altering the content of some ELF sections. "Partial" RELRO makes the
		  .dynamic section not writeable after initialization, introducing
		  almost no performance penalty, while "full" RELRO also marks the GOT
		  as read-only at the cost of initializing all of it at startup.
		config PKG_RELRO_NONE
			bool "None"
		config PKG_RELRO_PARTIAL
			bool "Partial"
		config PKG_RELRO_FULL
			bool "Full"
	endchoice

287
endmenu