-
Notifications
You must be signed in to change notification settings - Fork 0
/
Config.in
842 lines (690 loc) · 25.6 KB
/
Config.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
#
mainmenu "Buildroot $BR2_VERSION Configuration"
config BR2_HAVE_DOT_CONFIG
bool
default y
config BR2_VERSION
string
option env="BR2_VERSION_FULL"
config BR2_HOSTARCH
string
option env="HOSTARCH"
config BR2_BUILD_DIR
string
option env="BUILD_DIR"
# Hidden config symbols for packages to check system gcc version
config BR2_HOST_GCC_VERSION
string
option env="HOST_GCC_VERSION"
config BR2_HOST_GCC_AT_LEAST_4_5
bool
default y if BR2_HOST_GCC_VERSION = "4 5"
config BR2_HOST_GCC_AT_LEAST_4_6
bool
default y if BR2_HOST_GCC_VERSION = "4 6"
select BR2_HOST_GCC_AT_LEAST_4_5
config BR2_HOST_GCC_AT_LEAST_4_7
bool
default y if BR2_HOST_GCC_VERSION = "4 7"
select BR2_HOST_GCC_AT_LEAST_4_6
config BR2_HOST_GCC_AT_LEAST_4_8
bool
default y if BR2_HOST_GCC_VERSION = "4 8"
select BR2_HOST_GCC_AT_LEAST_4_7
config BR2_HOST_GCC_AT_LEAST_4_9
bool
default y if BR2_HOST_GCC_VERSION = "4 9"
select BR2_HOST_GCC_AT_LEAST_4_8
config BR2_HOST_GCC_AT_LEAST_5
bool
default y if BR2_HOST_GCC_VERSION = "5"
select BR2_HOST_GCC_AT_LEAST_4_9
config BR2_HOST_GCC_AT_LEAST_6
bool
default y if BR2_HOST_GCC_VERSION = "6"
select BR2_HOST_GCC_AT_LEAST_5
config BR2_HOST_GCC_AT_LEAST_7
bool
default y if BR2_HOST_GCC_VERSION = "7"
select BR2_HOST_GCC_AT_LEAST_6
# Hidden boolean selected by packages in need of Java in order to build
# (example: kodi)
config BR2_NEEDS_HOST_JAVA
bool
# Hidden boolean selected by packages in need of javac in order to build
# (example: classpath)
config BR2_NEEDS_HOST_JAVAC
bool
# Hidden boolean selected by packages in need of jar in order to build
# (example: classpath)
config BR2_NEEDS_HOST_JAR
bool
# Hidden boolean selected by pre-built packages for x86, when they
# need to run on x86-64 machines (example: pre-built external
# toolchains, binary tools like SAM-BA, etc.).
config BR2_HOSTARCH_NEEDS_IA32_LIBS
bool
# Hidden boolean selected by packages that need to build 32 bits
# binaries with the host compiler, even on 64 bits build machines (e.g
# bootloaders).
config BR2_HOSTARCH_NEEDS_IA32_COMPILER
bool
# Hidden boolean selected by packages that need the host to have an
# UTF8 locale.
config BR2_NEEDS_HOST_UTF8_LOCALE
bool
source "arch/Config.in"
menu "Build options"
menu "Commands"
config BR2_WGET
string "Wget command"
default "wget --passive-ftp -nd -t 3"
config BR2_SVN
string "Subversion (svn) command"
default "svn --non-interactive"
config BR2_BZR
string "Bazaar (bzr) command"
default "bzr"
config BR2_GIT
string "Git command"
default "git"
config BR2_CVS
string "CVS command"
default "cvs"
config BR2_LOCALFILES
string "Local files retrieval command"
default "cp"
config BR2_SCP
string "Secure copy (scp) command"
default "scp"
config BR2_SSH
string "Secure shell (ssh) command"
default "ssh"
config BR2_HG
string "Mercurial (hg) command"
default "hg"
config BR2_ZCAT
string "zcat command"
default "gzip -d -c"
help
Command to be used to extract a gzip'ed file to stdout. zcat
is identical to gunzip -c except that the former may not be
available on your system.
Default is "gzip -d -c"
Other possible values include "gunzip -c" or "zcat".
config BR2_BZCAT
string "bzcat command"
default "bzcat"
help
Command to be used to extract a bzip2'ed file to stdout.
bzcat is identical to bunzip2 -c except that the former may
not be available on your system.
Default is "bzcat"
Other possible values include "bunzip2 -c" or "bzip2 -d -c".
config BR2_XZCAT
string "xzcat command"
default "xzcat"
help
Command to be used to extract a xz'ed file to stdout.
Default is "xzcat"
config BR2_LZCAT
string "lzcat command"
default "lzip -d -c"
help
Command to be used to extract a lzip'ed file to stdout.
Default is "lzip -d -c"
config BR2_TAR_OPTIONS
string "Tar options"
default ""
help
Options to pass to tar when extracting the sources.
E.g. " -v --exclude='*.svn*'" to exclude all .svn internal
files and to be verbose.
endmenu
config BR2_DEFCONFIG_FROM_ENV
string
option env="BR2_DEFCONFIG"
config BR2_DEFCONFIG
string "Location to save buildroot config"
default BR2_DEFCONFIG_FROM_ENV if BR2_DEFCONFIG_FROM_ENV != ""
default "$(CONFIG_DIR)/defconfig"
help
When running 'make savedefconfig', the defconfig file will be
saved in this location.
config BR2_DL_DIR
string "Download dir"
default "$(TOPDIR)/dl"
help
Directory to store all the source files that we need to fetch.
If the Linux shell environment has defined the BR2_DL_DIR
environment variable, then this overrides this configuration
item.
The directory is organized with a subdirectory for each package.
Each package has its own $(LIBFOO_DL_DIR) variable that can be used
to find the correct path.
The default is $(TOPDIR)/dl
config BR2_HOST_DIR
string "Host dir"
default "$(BASE_DIR)/host"
help
Directory to store all the binary files that are built for the
host. This includes the cross compilation toolchain when
building the internal buildroot toolchain.
The default is $(BASE_DIR)/host
menu "Mirrors and Download locations"
config BR2_PRIMARY_SITE
string "Primary download site"
default ""
help
Primary site to download from. If this option is set then
buildroot will try to download package source first from this
site and try the default if the file is not found.
Valid URIs are:
- URIs recognized by $(WGET)
- local URIs of the form file://absolutepath
- scp URIs of the form scp://[user@]host:path.
config BR2_PRIMARY_SITE_ONLY
bool "Only allow downloads from primary download site"
depends on BR2_PRIMARY_SITE != ""
help
If this option is enabled, downloads will only be attempted
from the primary download site. Other locations, like the
package's official download location or the backup download
site, will not be considered. Therefore, if the package is not
present on the primary site, the download fails.
This is useful for project developers who want to ensure that
the project can be built even if the upstream tarball
locations disappear.
if !BR2_PRIMARY_SITE_ONLY
config BR2_BACKUP_SITE
string "Backup download site"
default "http://sources.buildroot.net"
help
Backup site to download from. If this option is set then
buildroot will fall back to download package sources from here
if the normal location fails.
config BR2_KERNEL_MIRROR
string "Kernel.org mirror"
default "https://cdn.kernel.org/pub"
help
kernel.org is mirrored on a number of servers around the
world. The following allows you to select your preferred
mirror. By default, a CDN is used, which automatically
redirects to a mirror geographically close to you.
Have a look on the kernel.org site for a list of mirrors, then
enter the URL to the base directory. Examples:
http://www.XX.kernel.org/pub (XX = country code)
http://mirror.aarnet.edu.au/pub/ftp.kernel.org
config BR2_GNU_MIRROR
string "GNU Software mirror"
default "http://ftpmirror.gnu.org"
help
GNU has multiple software mirrors scattered around the
world. The following allows you to select your preferred
mirror. By default, a generic address is used, which
automatically selects an up-to-date and local mirror.
Have a look on the gnu.org site for a list of mirrors, then
enter the URL to the base directory. Examples:
http://ftp.gnu.org/pub/gnu
http://mirror.aarnet.edu.au/pub/gnu
config BR2_LUAROCKS_MIRROR
string "LuaRocks mirror"
default "http://rocks.moonscript.org"
help
LuaRocks repository.
See http://luarocks.org
config BR2_CPAN_MIRROR
string "CPAN mirror (Perl packages)"
default "http://cpan.metacpan.org"
help
CPAN (Comprehensive Perl Archive Network) is a repository of
Perl packages. It has multiple software mirrors scattered
around the world. This option allows you to select a mirror.
The list of mirrors is available at:
http://search.cpan.org/mirror
endif
endmenu
config BR2_JLEVEL
int "Number of jobs to run simultaneously (0 for auto)"
default "0"
help
Number of jobs to run simultaneously. If 0, determine
automatically according to number of CPUs on the host system.
config BR2_CCACHE
bool "Enable compiler cache"
help
This option will enable the use of ccache, a compiler cache.
It will cache the result of previous builds to speed up future
builds. By default, the cache is stored in
$HOME/.buildroot-ccache.
Note that Buildroot does not try to invalidate the cache
contents when the compiler changes in an incompatible way.
Therefore, if you make a change to the compiler version and/or
configuration, you are responsible for purging the ccache
cache by removing the $HOME/.buildroot-ccache directory.
if BR2_CCACHE
config BR2_CCACHE_DIR
string "Compiler cache location"
default "$(HOME)/.buildroot-ccache"
help
Where ccache should store cached files.
If the Linux shell environment has defined the BR2_CCACHE_DIR
environment variable, then this overrides this configuration
item.
config BR2_CCACHE_INITIAL_SETUP
string "Compiler cache initial setup"
help
Initial ccache settings to apply, such as --max-files or
--max-size.
For example, if your project is known to require more space
than the default max cache size, then you might want to
increase the cache size to a suitable amount using the -M
(--max-size) option.
The string you specify here is passed verbatim to ccache.
Refer to ccache documentation for more details.
These initial settings are applied after ccache has been
compiled.
config BR2_CCACHE_USE_BASEDIR
bool "Use relative paths"
default y
help
Allow ccache to convert absolute paths within the output
directory into relative paths.
During the build, many -I include directives are given with an
absolute path. These absolute paths end up in the hashes that
are computed by ccache. Therefore, when you build from a
different directory, the hash will be different and the cached
object will not be used.
To improve cache performance, set this option to y. This
allows ccache to rewrite absolute paths within the output
directory into relative paths. Note that only paths within the
output directory will be rewritten; therefore, if you change
BR2_HOST_DIR to point outside the output directory and
subsequently move it to a different location, this will lead
to cache misses.
This option has as a result that the debug information in the
object files also has only relative paths. Therefore, make
sure you cd to the build directory before starting gdb. See
the section "COMPILING IN DIFFERENT DIRECTORIES" in the ccache
manual for more information.
endif
config BR2_ENABLE_DEBUG
bool "build packages with debugging symbols"
help
Build packages with debugging symbols enabled. All libraries
and binaries in the 'staging' directory will have debugging
symbols, which allows remote debugging even if libraries and
binaries are stripped on the target. Whether libraries and
binaries are stripped on the target is controlled by the
BR2_STRIP_* options below.
if BR2_ENABLE_DEBUG
choice
prompt "gcc debug level"
default BR2_DEBUG_2
help
Set the debug level for gcc
config BR2_DEBUG_1
bool "debug level 1"
help
Debug level 1 produces minimal information, enough for making
backtraces in parts of the program that you don't plan to
debug. This includes descriptions of functions and external
variables, but no information about local variables and no
line numbers.
config BR2_DEBUG_2
bool "debug level 2"
help
The default gcc debug level is 2
config BR2_DEBUG_3
bool "debug level 3"
help
Level 3 includes extra information, such as all the macro
definitions present in the program. Some debuggers support
macro expansion when you use -g3.
endchoice
endif
config BR2_STRIP_strip
bool "strip target binaries"
default y
depends on !BR2_PACKAGE_HOST_ELF2FLT
help
Binaries and libraries in the target filesystem will be
stripped using the normal 'strip' command. This allows to save
space, mainly by removing debugging symbols. Debugging symbols
on the target are needed for native debugging, but not when
remote debugging is used.
config BR2_STRIP_EXCLUDE_FILES
string "executables that should not be stripped"
default ""
depends on BR2_STRIP_strip
help
You may specify a space-separated list of binaries and
libraries here that should not be stripped on the target.
config BR2_STRIP_EXCLUDE_DIRS
string "directories that should be skipped when stripping"
default ""
depends on BR2_STRIP_strip
help
You may specify a space-separated list of directories that
should be skipped when stripping. Binaries and libraries in
these directories will not be touched. The directories should
be specified relative to the target directory, without leading
slash.
choice
prompt "gcc optimization level"
default BR2_OPTIMIZE_S
help
Set the optimization level for gcc
config BR2_OPTIMIZE_0
bool "optimization level 0"
help
Do not optimize.
config BR2_OPTIMIZE_1
bool "optimization level 1"
help
Optimize. Optimizing compilation takes somewhat more time, and
a lot more memory for a large function. With -O, the compiler
tries to reduce code size and execution time, without
performing any optimizations that take a great deal of
compilation time. -O turns on the following optimization
flags: -fdefer-pop -fdelayed-branch -fguess-branch-probability
-fcprop-registers -floop-optimize -fif-conversion
-fif-conversion2 -ftree-ccp -ftree-dce -ftree-dominator-opts
-ftree-dse -ftree-ter -ftree-lrs -ftree-sra -ftree-copyrename
-ftree-fre -ftree-ch -funit-at-a-time -fmerge-constants. -O
also turns on -fomit-frame-pointer on machines where doing so
does not interfere with debugging.
config BR2_OPTIMIZE_2
bool "optimization level 2"
help
Optimize even more. GCC performs nearly all supported
optimizations that do not involve a space-speed tradeoff. The
compiler does not perform loop unrolling or function inlining
when you specify -O2. As compared to -O, this option increases
both compilation time and the performance of the generated
code. -O2 turns on all optimization flags specified by -O. It
also turns on the following optimization flags:
-fthread-jumps -fcrossjumping -foptimize-sibling-calls
-fcse-follow-jumps -fcse-skip-blocks -fgcse -fgcse-lm
-fexpensive-optimizations -fstrength-reduce
-frerun-cse-after-loop -frerun-loop-opt -fcaller-saves
-fpeephole2 -fschedule-insns -fschedule-insns2
-fsched-interblock -fsched-spec -fregmove -fstrict-aliasing
-fdelete-null-pointer-checks -freorder-blocks
-freorder-functions -falign-functions -falign-jumps
-falign-loops -falign-labels -ftree-vrp -ftree-pre. Please
note the warning under -fgcse about invoking -O2 on programs
that use computed gotos.
config BR2_OPTIMIZE_3
bool "optimization level 3"
help
Optimize yet more. -O3 turns on all optimizations specified by
-O2 and also turns on the -finline-functions, -funswitch-loops
and -fgcse-after-reload options.
config BR2_OPTIMIZE_G
bool "optimize for debugging"
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8
help
Optimize for debugging. This enables optimizations that do not
interfere with debugging. It should be the optimization level
of choice for the standard edit-compile-debug cycle, offering
a reasonable level of optimization while maintaining fast
compilation and a good debugging experience.
config BR2_OPTIMIZE_S
bool "optimize for size"
help
Optimize for size. -Os enables all -O2 optimizations that do
not typically increase code size. It also performs further
optimizations designed to reduce code size. -Os disables the
following optimization flags: -falign-functions -falign-jumps
-falign-loops -falign-labels -freorder-blocks
-freorder-blocks-and-partition -fprefetch-loop-arrays
-ftree-vect-loop-version
This is the default.
config BR2_OPTIMIZE_FAST
bool "optimize for fast"
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_6
help
Optimize for fast. Disregard strict standards
compliance. -Ofast enables all -O3 optimizations. It also
enables optimizations that are not valid for all
standard-compliant programs. It turns on -ffast-math and the
Fortran-specific -fstack-arrays, unless -fmax-stack-var-size
is specified, and -fno-protect-parens.
endchoice
config BR2_GOOGLE_BREAKPAD_ENABLE
bool "Enable google-breakpad support"
depends on BR2_INSTALL_LIBSTDCPP
depends on BR2_HOST_GCC_AT_LEAST_4_8 # C++11
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # C++11
depends on BR2_USE_WCHAR
depends on BR2_TOOLCHAIN_HAS_THREADS
depends on (BR2_TOOLCHAIN_USES_GLIBC || BR2_TOOLCHAIN_USES_UCLIBC)
depends on BR2_PACKAGE_GOOGLE_BREAKPAD_ARCH_SUPPORTS
depends on BR2_PACKAGE_HOST_GOOGLE_BREAKPAD_ARCH_SUPPORTS
select BR2_PACKAGE_GOOGLE_BREAKPAD
help
This option will enable the use of google breakpad, a library
and tool suite that allows you to distribute an application to
users with compiler-provided debugging information removed,
record crashes in compact "minidump" files, send them back to
your server and produce C and C++ stack traces from these
minidumps. Breakpad can also write minidumps on request for
programs that have not crashed.
if BR2_GOOGLE_BREAKPAD_ENABLE
config BR2_GOOGLE_BREAKPAD_INCLUDE_FILES
string "List of executables and libraries to extract symbols from"
default ""
help
You may specify a space-separated list of binaries and
libraries with full paths relative to $(TARGET_DIR) of which
debug symbols will be dumped for further use with google
breakpad.
A directory structure that can be used by minidump-stackwalk
will be created at:
$(STAGING_DIR)/usr/share/google-breakpad-symbols
endif
choice
bool "libraries"
default BR2_SHARED_LIBS if BR2_BINFMT_SUPPORTS_SHARED
default BR2_STATIC_LIBS if !BR2_BINFMT_SUPPORTS_SHARED
help
Select the type of libraries you want to use on the target.
The default is to build dynamic libraries and use those on the
target filesystem, except when the architecture and/or the
selected binary format does not support shared libraries.
config BR2_STATIC_LIBS
bool "static only"
help
Build and use only static libraries. No shared libraries will
be installed on the target. This potentially increases your
code size and should only be used if you know what you are
doing. Note that some packages may not be available when this
option is enabled, due to their need for dynamic library
support.
config BR2_SHARED_LIBS
bool "shared only"
depends on BR2_BINFMT_SUPPORTS_SHARED
help
Build and use only shared libraries. This is the recommended
solution as it saves space and build time.
config BR2_SHARED_STATIC_LIBS
bool "both static and shared"
depends on BR2_BINFMT_SUPPORTS_SHARED
help
Build both shared and static libraries, but link executables
dynamically. While building both shared and static libraries
take more time and more disk space, having static libraries
may be useful to link some of the applications statically.
endchoice
config BR2_PACKAGE_OVERRIDE_FILE
string "location of a package override file"
default "$(CONFIG_DIR)/local.mk"
help
A package override file is a short makefile that contains
variable definitions of the form <pkg>_OVERRIDE_SRCDIR, which
allows to tell Buildroot to use an existing directory as the
source directory for a particular package. See the Buildroot
documentation for more details on this feature.
config BR2_GLOBAL_PATCH_DIR
string "global patch directories"
help
You may specify a space separated list of one or more
directories containing global package patches. For a specific
version <packageversion> of a specific package <packagename>,
patches are applied as follows:
First, the default Buildroot patch set for the package is
applied from the package's directory in Buildroot.
Then for every directory - <global-patch-dir> - that exists in
BR2_GLOBAL_PATCH_DIR, if the directory
<global-patch-dir>/<packagename>/<packageversion>/ exists,
then all *.patch files in this directory will be applied.
Otherwise, if the directory <global-patch-dir>/<packagename>
exists, then all *.patch files in the directory will be
applied.
menu "Advanced"
config BR2_COMPILER_PARANOID_UNSAFE_PATH
bool "paranoid check of library/header paths"
default y
help
By default, when this option is disabled, when the Buildroot
cross-compiler will encounter an unsafe library or header path
(such as /usr/include, or /usr/lib), the compiler will display
a warning.
By enabling this option, this warning is turned into an error,
which will completely abort the build when such unsafe paths
are encountered.
Note that this mechanism is available for both the internal
toolchain (through the toolchain wrapper and binutils patches)
and external toolchain backends (through the toolchain
wrapper).
config BR2_REPRODUCIBLE
bool "Make the build reproducible (experimental)"
# SOURCE_DATE_EPOCH support in toolchain-wrapper requires GCC 4.4
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_4
help
This option will remove all sources of non-reproducibility
from the build process. For a given Buildroot configuration,
this allows to generate exactly identical binaries from one
build to the other, including on different machines.
The current implementation is restricted to builds with the
same output directory. Many (absolute) paths are recorded in
intermediary files, and it is very likely that some of these
paths leak into the target rootfs. If you build with the
same O=... path, however, the result is identical.
This is labeled as an experimental feature, as not all
packages behave properly to ensure reproducibility.
endmenu
comment "Security Hardening Options"
choice
bool "Stack Smashing Protection"
default BR2_SSP_ALL if BR2_ENABLE_SSP # legacy
depends on BR2_TOOLCHAIN_HAS_SSP
help
Enable stack smashing protection support using GCC's
-fstack-protector option family.
See
http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
for details.
Note that this requires the toolchain to have SSP support.
This is always the case for glibc and eglibc toolchain, but is
optional in uClibc toolchains.
config BR2_SSP_NONE
bool "None"
help
Disable stack-smashing protection.
config BR2_SSP_REGULAR
bool "-fstack-protector"
help
Emit extra code to check for buffer overflows, such as stack
smashing attacks. This is done by adding a guard variable to
functions with vulnerable objects. This includes functions
that call alloca, and functions with buffers larger than 8
bytes. The guards are initialized when a function is entered
and then checked when the function exits. If a guard check
fails, an error message is printed and the program exits.
config BR2_SSP_STRONG
bool "-fstack-protector-strong"
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9
help
Like -fstack-protector but includes additional functions to be
protected - those that have local array definitions, or have
references to local frame addresses.
comment "Stack Smashing Protection strong needs a toolchain w/ gcc >= 4.9"
depends on !BR2_TOOLCHAIN_GCC_AT_LEAST_4_9
config BR2_SSP_ALL
bool "-fstack-protector-all"
help
Like -fstack-protector except that all functions are
protected. This option might have a significant performance
impact on the compiled binaries.
endchoice
comment "Stack Smashing Protection needs a toolchain w/ SSP"
depends on !BR2_TOOLCHAIN_HAS_SSP
choice
bool "RELRO Protection"
depends on BR2_SHARED_LIBS
help
Enable a link-time protection know as RELRO (RELocation Read
Only) which helps to protect from certain type of exploitation
techniques altering the content of some ELF sections.
config BR2_RELRO_NONE
bool "None"
help
Disables Relocation link-time protections.
config BR2_RELRO_PARTIAL
bool "Partial"
help
This option makes the dynamic section not writeable after
initialization (with almost no performance penalty).
config BR2_RELRO_FULL
bool "Full"
help
This option includes the partial configuration, but also marks
the GOT as read-only at the cost of initialization time during
program loading, i.e every time an executable is started.
endchoice
comment "RELocation Read Only (RELRO) needs shared libraries"
depends on !BR2_SHARED_LIBS
choice
bool "Buffer-overflow Detection (FORTIFY_SOURCE)"
depends on BR2_TOOLCHAIN_USES_GLIBC
depends on !BR2_OPTIMIZE_0
help
Enable the _FORTIFY_SOURCE macro which introduces additional
checks to detect buffer-overflows in the following standard
library functions: memcpy, mempcpy, memmove, memset, strcpy,
stpcpy, strncpy, strcat, strncat, sprintf, vsprintf, snprintf,
vsnprintf, gets.
NOTE: This feature requires an optimization level of s/1/2/3/g
Support for this feature has been present since GCC 4.x.
config BR2_FORTIFY_SOURCE_NONE
bool "None"
help
Disables additional checks to detect buffer-overflows.
config BR2_FORTIFY_SOURCE_1
bool "Conservative"
help
This option sets _FORTIFY_SOURCE to 1 and only introduces
checks that shouldn't change the behavior of conforming
programs. Adds checks at compile-time only.
config BR2_FORTIFY_SOURCE_2
bool "Aggressive"
help
This option sets _FORTIFY_SOURCES to 2 and some more
checking is added, but some conforming programs might fail.
Also adds checks at run-time (detected buffer overflow
terminates the program)
endchoice
comment "Fortify Source needs a glibc toolchain and optimization"
depends on (!BR2_TOOLCHAIN_USES_GLIBC || BR2_OPTIMIZE_0)
endmenu
source "toolchain/Config.in"
source "system/Config.in"
source "linux/Config.in"
source "package/Config.in"
source "fs/Config.in"
source "boot/Config.in"
source "package/Config.in.host"
source "Config.in.legacy"
source "$BR2_BUILD_DIR/.br2-external.in"