1# Copyright (C) 2006-2013 OpenWrt.org
2# Copyright (C) 2016 LEDE Project
3#
4# This is free software, licensed under the GNU General Public License v2.
5# See /LICENSE for more information.
6#
7
8menu "Global build settings"
9
10	config ALL_NONSHARED
11		bool "Select all target specific packages by default"
12		default ALL
13
14	config ALL_KMODS
15		bool "Select all kernel module packages by default"
16		default ALL
17
18	config ALL
19		bool "Select all userspace packages by default"
20		default n
21
22	config SIGNED_PACKAGES
23		bool "Cryptographically signed package lists"
24		default y
25
26	comment "General build options"
27
28	config DISPLAY_SUPPORT
29		bool "Show packages that require graphics support (local or remote)"
30		default n
31
32	config BUILD_PATENTED
33		default y
34		bool "Compile with support for patented functionality"
35		help
36		  When this option is disabled, software which provides patented functionality
37		  will not be built.  In case software provides optional support for patented
38		  functionality, this optional support will get disabled for this package.
39
40	config BUILD_NLS
41		default n
42		bool "Compile with full language support"
43		help
44		  When this option is enabled, packages are built with the full versions of
45		  iconv and GNU gettext instead of the default OpenWrt stubs. If uClibc is
46		  used, it is also built with locale support.
47
48	config SHADOW_PASSWORDS
49		bool
50		prompt "Enable shadow password support"
51		default y
52		help
53		  Enable shadow password support.
54
55	config CLEAN_IPKG
56		bool
57		prompt "Remove ipkg/opkg status data files in final images"
58		default n
59		help
60		  This removes all ipkg/opkg status data files from the target directory
61		  before building the root filesystem.
62
63	config COLLECT_KERNEL_DEBUG
64		bool
65		prompt "Collect kernel debug information"
66		select KERNEL_DEBUG_INFO
67		default n
68		help
69		  This collects debugging symbols from the kernel and all compiled modules.
70		  Useful for release builds, so that kernel issues can be debugged offline
71		  later.
72
73	comment "Kernel build options"
74
75	source "config/Config-kernel.in"
76
77	comment "Package build options"
78
79	config DEBUG
80		bool
81		prompt "Compile packages with debugging info"
82		default n
83		help
84		  Adds -g3 to the CFLAGS.
85
86	config IPV6
87		bool
88		prompt "Enable IPv6 support in packages"
89		default y
90		help
91		  Enables IPv6 support in kernel (builtin) and packages.
92
93	config PKG_BUILD_PARALLEL
94		bool
95		prompt "Compile certain packages parallelized"
96		default y
97		help
98		  This adds a -jX option to certain packages that are known to behave well
99		  for parallel build. By default, the package make processes use the main
100		  jobserver, in which case this option only takes effect when you add -jX
101		  to the make command.
102
103		  If you are unsure, select N.
104
105	config PKG_BUILD_USE_JOBSERVER
106		bool
107		prompt "Use top-level make jobserver for packages"
108		depends on PKG_BUILD_PARALLEL
109		default y
110		help
111		  This passes the main make process jobserver fds to package builds,
112		  enabling full parallelization across different packages.
113
114		  Note that disabling this may overcommit CPU resources depending on the
115		  -j level of the main make process, the number of package submake jobs
116		  selected below and the number of actual CPUs present.
117		  Example: If the main make is passed a -j4 and the submake -j
118		  is also set to 4, we may end up with 16 parallel make processes
119		  in the worst case.
120
121	config PKG_BUILD_JOBS
122		int
123		prompt "Number of package submake jobs (2-512)"
124		range 2 512
125		default 2
126		depends on PKG_BUILD_PARALLEL && !PKG_BUILD_USE_JOBSERVER
127		help
128		  The number of jobs (-jX) to pass to packages submake.
129
130	config PKG_DEFAULT_PARALLEL
131		bool
132		prompt "Parallelize the default package build rule (May break build)"
133		depends on PKG_BUILD_PARALLEL
134		depends on BROKEN
135		default n
136		help
137		  Always set the default package build rules to parallel build.
138
139		  WARNING: This may break build or kill your cat, as it builds packages
140		  with multiple jobs that are probably not tested in a parallel build
141		  environment.
142
143		  Only say Y if you don't mind fixing broken packages.  Before reporting
144		  build bugs, set this to N and re-run the build.
145
146	comment "Stripping options"
147
148	choice
149		prompt "Binary stripping method"
150		default USE_STRIP   if EXTERNAL_TOOLCHAIN
151		default USE_STRIP   if USE_GLIBC
152		default USE_SSTRIP
153		help
154		  Select the binary stripping method you wish to use.
155
156		config NO_STRIP
157			bool "none"
158			help
159			  This will install unstripped binaries (useful for native
160			  compiling/debugging).
161
162		config USE_STRIP
163			bool "strip"
164			help
165			  This will install binaries stripped using strip from binutils.
166
167
168		config USE_SSTRIP
169			bool "sstrip"
170			depends on !USE_GLIBC
171			help
172			  This will install binaries stripped using sstrip.
173	endchoice
174
175	config STRIP_ARGS
176		string
177		prompt "Strip arguments"
178		depends on USE_STRIP
179		default "--strip-unneeded --remove-section=.comment --remove-section=.note" if DEBUG
180		default "--strip-all"
181		help
182		  Specifies arguments passed to the strip command when stripping binaries.
183
184	config STRIP_KERNEL_EXPORTS
185		bool "Strip unnecessary exports from the kernel image"
186		help
187		  Reduces kernel size by stripping unused kernel exports from the kernel
188		  image.  Note that this might make the kernel incompatible with any kernel
189		  modules that were not selected at the time the kernel image was created.
190
191	config USE_MKLIBS
192		bool "Strip unnecessary functions from libraries"
193		help
194		  Reduces libraries to only those functions that are necessary for using all
195		  selected packages (including those selected as <M>).  Note that this will
196		  make the system libraries incompatible with most of the packages that are
197		  not selected during the build process.
198
199	choice
200		prompt "Preferred standard C++ library"
201		default USE_LIBSTDCXX if USE_GLIBC
202		default USE_UCLIBCXX
203		help
204		  Select the preferred standard C++ library for all packages that support this.
205
206		config USE_UCLIBCXX
207			bool "uClibc++"
208
209		config USE_LIBSTDCXX
210			bool "libstdc++"
211	endchoice
212
213	comment "Hardening build options"
214
215	config PKG_CHECK_FORMAT_SECURITY
216		bool
217		prompt "Enable gcc format-security"
218		default y
219		help
220		  Add -Wformat -Werror=format-security to the CFLAGS.  You can disable
221		  this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package
222		  Makefile.
223
224	choice
225		prompt "User space Stack-Smashing Protection"
226		depends on USE_MUSL
227		default PKG_CC_STACKPROTECTOR_REGULAR
228		help
229		  Enable GCC Stack Smashing Protection (SSP) for userspace applications
230		config PKG_CC_STACKPROTECTOR_NONE
231			bool "None"
232		config PKG_CC_STACKPROTECTOR_REGULAR
233			bool "Regular"
234			select SSP_SUPPORT if !USE_MUSL
235			depends on KERNEL_CC_STACKPROTECTOR_REGULAR
236		config PKG_CC_STACKPROTECTOR_STRONG
237			bool "Strong"
238			select SSP_SUPPORT if !USE_MUSL
239			depends on GCC_VERSION_5
240			depends on KERNEL_CC_STACKPROTECTOR_STRONG
241	endchoice
242
243	choice
244		prompt "Kernel space Stack-Smashing Protection"
245		default KERNEL_CC_STACKPROTECTOR_REGULAR
246		depends on USE_MUSL || !(x86_64 || i386)
247		help
248		  Enable GCC Stack-Smashing Protection (SSP) for the kernel
249		config KERNEL_CC_STACKPROTECTOR_NONE
250			bool "None"
251		config KERNEL_CC_STACKPROTECTOR_REGULAR
252			bool "Regular"
253		config KERNEL_CC_STACKPROTECTOR_STRONG
254			depends on GCC_VERSION_5
255			bool "Strong"
256	endchoice
257
258	choice
259		prompt "Enable buffer-overflows detection (FORTIFY_SOURCE)"
260		default PKG_FORTIFY_SOURCE_1
261		help
262		  Enable the _FORTIFY_SOURCE macro which introduces additional
263		  checks to detect buffer-overflows in the following standard library
264		  functions: memcpy, mempcpy, memmove, memset, strcpy, stpcpy,
265		  strncpy, strcat, strncat, sprintf, vsprintf, snprintf, vsnprintf,
266		  gets.  "Conservative" (_FORTIFY_SOURCE set to 1) only introduces
267		  checks that shouldn't change the behavior of conforming programs,
268		  while "aggressive" (_FORTIFY_SOURCES set to 2) some more checking is
269		  added, but some conforming programs might fail.
270		config PKG_FORTIFY_SOURCE_NONE
271			bool "None"
272		config PKG_FORTIFY_SOURCE_1
273			bool "Conservative"
274		config PKG_FORTIFY_SOURCE_2
275			bool "Aggressive"
276	endchoice
277
278	choice
279		prompt "Enable RELRO protection"
280		default PKG_RELRO_FULL
281		help
282		  Enable a link-time protection known as RELRO (Relocation Read Only)
283		  which helps to protect from certain type of exploitation techniques
284		  altering the content of some ELF sections. "Partial" RELRO makes the
285		  .dynamic section not writeable after initialization, introducing
286		  almost no performance penalty, while "full" RELRO also marks the GOT
287		  as read-only at the cost of initializing all of it at startup.
288		config PKG_RELRO_NONE
289			bool "None"
290		config PKG_RELRO_PARTIAL
291			bool "Partial"
292		config PKG_RELRO_FULL
293			bool "Full"
294	endchoice
295
296endmenu
297