1# Copyright (C) 2006-2013 OpenWrt.org 2# Copyright (C) 2016 LEDE Project 3# 4# This is free software, licensed under the GNU General Public License v2. 5# See /LICENSE for more information. 6# 7 8menu "Global build settings" 9 10 config ALL_NONSHARED 11 bool "Select all target specific packages by default" 12 default ALL 13 14 config ALL_KMODS 15 bool "Select all kernel module packages by default" 16 default ALL 17 18 config ALL 19 bool "Select all userspace packages by default" 20 default n 21 22 config SIGNED_PACKAGES 23 bool "Cryptographically signed package lists" 24 default y 25 26 comment "General build options" 27 28 config DISPLAY_SUPPORT 29 bool "Show packages that require graphics support (local or remote)" 30 default n 31 32 config BUILD_PATENTED 33 default y 34 bool "Compile with support for patented functionality" 35 help 36 When this option is disabled, software which provides patented functionality 37 will not be built. In case software provides optional support for patented 38 functionality, this optional support will get disabled for this package. 39 40 config BUILD_NLS 41 default n 42 bool "Compile with full language support" 43 help 44 When this option is enabled, packages are built with the full versions of 45 iconv and GNU gettext instead of the default OpenWrt stubs. If uClibc is 46 used, it is also built with locale support. 47 48 config SHADOW_PASSWORDS 49 bool 50 prompt "Enable shadow password support" 51 default y 52 help 53 Enable shadow password support. 54 55 config CLEAN_IPKG 56 bool 57 prompt "Remove ipkg/opkg status data files in final images" 58 default n 59 help 60 This removes all ipkg/opkg status data files from the target directory 61 before building the root filesystem. 62 63 config COLLECT_KERNEL_DEBUG 64 bool 65 prompt "Collect kernel debug information" 66 select KERNEL_DEBUG_INFO 67 default n 68 help 69 This collects debugging symbols from the kernel and all compiled modules. 70 Useful for release builds, so that kernel issues can be debugged offline 71 later. 72 73 comment "Kernel build options" 74 75 source "config/Config-kernel.in" 76 77 comment "Package build options" 78 79 config DEBUG 80 bool 81 prompt "Compile packages with debugging info" 82 default n 83 help 84 Adds -g3 to the CFLAGS. 85 86 config IPV6 87 bool 88 prompt "Enable IPv6 support in packages" 89 default y 90 help 91 Enables IPv6 support in kernel (builtin) and packages. 92 93 config PKG_BUILD_PARALLEL 94 bool 95 prompt "Compile certain packages parallelized" 96 default y 97 help 98 This adds a -jX option to certain packages that are known to behave well 99 for parallel build. By default, the package make processes use the main 100 jobserver, in which case this option only takes effect when you add -jX 101 to the make command. 102 103 If you are unsure, select N. 104 105 config PKG_BUILD_USE_JOBSERVER 106 bool 107 prompt "Use top-level make jobserver for packages" 108 depends on PKG_BUILD_PARALLEL 109 default y 110 help 111 This passes the main make process jobserver fds to package builds, 112 enabling full parallelization across different packages. 113 114 Note that disabling this may overcommit CPU resources depending on the 115 -j level of the main make process, the number of package submake jobs 116 selected below and the number of actual CPUs present. 117 Example: If the main make is passed a -j4 and the submake -j 118 is also set to 4, we may end up with 16 parallel make processes 119 in the worst case. 120 121 config PKG_BUILD_JOBS 122 int 123 prompt "Number of package submake jobs (2-512)" 124 range 2 512 125 default 2 126 depends on PKG_BUILD_PARALLEL && !PKG_BUILD_USE_JOBSERVER 127 help 128 The number of jobs (-jX) to pass to packages submake. 129 130 config PKG_DEFAULT_PARALLEL 131 bool 132 prompt "Parallelize the default package build rule (May break build)" 133 depends on PKG_BUILD_PARALLEL 134 depends on BROKEN 135 default n 136 help 137 Always set the default package build rules to parallel build. 138 139 WARNING: This may break build or kill your cat, as it builds packages 140 with multiple jobs that are probably not tested in a parallel build 141 environment. 142 143 Only say Y if you don't mind fixing broken packages. Before reporting 144 build bugs, set this to N and re-run the build. 145 146 comment "Stripping options" 147 148 choice 149 prompt "Binary stripping method" 150 default USE_STRIP if EXTERNAL_TOOLCHAIN 151 default USE_STRIP if USE_GLIBC 152 default USE_SSTRIP 153 help 154 Select the binary stripping method you wish to use. 155 156 config NO_STRIP 157 bool "none" 158 help 159 This will install unstripped binaries (useful for native 160 compiling/debugging). 161 162 config USE_STRIP 163 bool "strip" 164 help 165 This will install binaries stripped using strip from binutils. 166 167 168 config USE_SSTRIP 169 bool "sstrip" 170 depends on !USE_GLIBC 171 help 172 This will install binaries stripped using sstrip. 173 endchoice 174 175 config STRIP_ARGS 176 string 177 prompt "Strip arguments" 178 depends on USE_STRIP 179 default "--strip-unneeded --remove-section=.comment --remove-section=.note" if DEBUG 180 default "--strip-all" 181 help 182 Specifies arguments passed to the strip command when stripping binaries. 183 184 config STRIP_KERNEL_EXPORTS 185 bool "Strip unnecessary exports from the kernel image" 186 help 187 Reduces kernel size by stripping unused kernel exports from the kernel 188 image. Note that this might make the kernel incompatible with any kernel 189 modules that were not selected at the time the kernel image was created. 190 191 config USE_MKLIBS 192 bool "Strip unnecessary functions from libraries" 193 help 194 Reduces libraries to only those functions that are necessary for using all 195 selected packages (including those selected as <M>). Note that this will 196 make the system libraries incompatible with most of the packages that are 197 not selected during the build process. 198 199 choice 200 prompt "Preferred standard C++ library" 201 default USE_LIBSTDCXX if USE_GLIBC 202 default USE_UCLIBCXX 203 help 204 Select the preferred standard C++ library for all packages that support this. 205 206 config USE_UCLIBCXX 207 bool "uClibc++" 208 209 config USE_LIBSTDCXX 210 bool "libstdc++" 211 endchoice 212 213 comment "Hardening build options" 214 215 config PKG_CHECK_FORMAT_SECURITY 216 bool 217 prompt "Enable gcc format-security" 218 default y 219 help 220 Add -Wformat -Werror=format-security to the CFLAGS. You can disable 221 this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package 222 Makefile. 223 224 choice 225 prompt "User space Stack-Smashing Protection" 226 depends on USE_MUSL 227 default PKG_CC_STACKPROTECTOR_REGULAR 228 help 229 Enable GCC Stack Smashing Protection (SSP) for userspace applications 230 config PKG_CC_STACKPROTECTOR_NONE 231 bool "None" 232 config PKG_CC_STACKPROTECTOR_REGULAR 233 bool "Regular" 234 select SSP_SUPPORT if !USE_MUSL 235 depends on KERNEL_CC_STACKPROTECTOR_REGULAR 236 config PKG_CC_STACKPROTECTOR_STRONG 237 bool "Strong" 238 select SSP_SUPPORT if !USE_MUSL 239 depends on GCC_VERSION_5 240 depends on KERNEL_CC_STACKPROTECTOR_STRONG 241 endchoice 242 243 choice 244 prompt "Kernel space Stack-Smashing Protection" 245 default KERNEL_CC_STACKPROTECTOR_REGULAR 246 depends on USE_MUSL || !(x86_64 || i386) 247 help 248 Enable GCC Stack-Smashing Protection (SSP) for the kernel 249 config KERNEL_CC_STACKPROTECTOR_NONE 250 bool "None" 251 config KERNEL_CC_STACKPROTECTOR_REGULAR 252 bool "Regular" 253 config KERNEL_CC_STACKPROTECTOR_STRONG 254 depends on GCC_VERSION_5 255 bool "Strong" 256 endchoice 257 258 choice 259 prompt "Enable buffer-overflows detection (FORTIFY_SOURCE)" 260 default PKG_FORTIFY_SOURCE_1 261 help 262 Enable the _FORTIFY_SOURCE macro which introduces additional 263 checks to detect buffer-overflows in the following standard library 264 functions: memcpy, mempcpy, memmove, memset, strcpy, stpcpy, 265 strncpy, strcat, strncat, sprintf, vsprintf, snprintf, vsnprintf, 266 gets. "Conservative" (_FORTIFY_SOURCE set to 1) only introduces 267 checks that shouldn't change the behavior of conforming programs, 268 while "aggressive" (_FORTIFY_SOURCES set to 2) some more checking is 269 added, but some conforming programs might fail. 270 config PKG_FORTIFY_SOURCE_NONE 271 bool "None" 272 config PKG_FORTIFY_SOURCE_1 273 bool "Conservative" 274 config PKG_FORTIFY_SOURCE_2 275 bool "Aggressive" 276 endchoice 277 278 choice 279 prompt "Enable RELRO protection" 280 default PKG_RELRO_FULL 281 help 282 Enable a link-time protection known as RELRO (Relocation Read Only) 283 which helps to protect from certain type of exploitation techniques 284 altering the content of some ELF sections. "Partial" RELRO makes the 285 .dynamic section not writeable after initialization, introducing 286 almost no performance penalty, while "full" RELRO also marks the GOT 287 as read-only at the cost of initializing all of it at startup. 288 config PKG_RELRO_NONE 289 bool "None" 290 config PKG_RELRO_PARTIAL 291 bool "Partial" 292 config PKG_RELRO_FULL 293 bool "Full" 294 endchoice 295 296endmenu 297