X-Git-Url: http://rtime.felk.cvut.cz/gitweb/coffee/buildroot.git/blobdiff_plain/0bb3983c9b612e861f43bc9f6470fc7c5b9adbbc..HEAD:/Config.in diff --git a/Config.in b/Config.in index 8d37c93806..6b5b2b043c 100644 --- a/Config.in +++ b/Config.in @@ -14,10 +14,6 @@ config BR2_HOSTARCH string option env="HOSTARCH" -config BR2_EXTERNAL - string - option env="BR2_EXTERNAL" - config BR2_BUILD_DIR string option env="BUILD_DIR" @@ -27,9 +23,14 @@ config BR2_HOST_GCC_VERSION string option env="HOST_GCC_VERSION" +config BR2_HOST_GCC_AT_LEAST_4_5 + bool + default y if BR2_HOST_GCC_VERSION = "4 5" + config BR2_HOST_GCC_AT_LEAST_4_6 bool default y if BR2_HOST_GCC_VERSION = "4 6" + select BR2_HOST_GCC_AT_LEAST_4_5 config BR2_HOST_GCC_AT_LEAST_4_7 bool @@ -56,8 +57,18 @@ config BR2_HOST_GCC_AT_LEAST_6 default y if BR2_HOST_GCC_VERSION = "6" select BR2_HOST_GCC_AT_LEAST_5 +config BR2_HOST_GCC_AT_LEAST_7 + bool + default y if BR2_HOST_GCC_VERSION = "7" + select BR2_HOST_GCC_AT_LEAST_6 + +config BR2_HOST_GCC_AT_LEAST_8 + bool + default y if BR2_HOST_GCC_VERSION = "8" + select BR2_HOST_GCC_AT_LEAST_7 + # Hidden boolean selected by packages in need of Java in order to build -# (example: xbmc) +# (example: kodi) config BR2_NEEDS_HOST_JAVA bool @@ -83,6 +94,11 @@ config BR2_HOSTARCH_NEEDS_IA32_LIBS config BR2_HOSTARCH_NEEDS_IA32_COMPILER bool +# Hidden boolean selected by packages that need the host to have an +# UTF8 locale. +config BR2_NEEDS_HOST_UTF8_LOCALE + bool + source "arch/Config.in" menu "Build options" @@ -95,7 +111,7 @@ config BR2_WGET config BR2_SVN string "Subversion (svn) command" - default "svn" + default "svn --non-interactive" config BR2_BZR string "Bazaar (bzr) command" @@ -152,13 +168,20 @@ config BR2_XZCAT Command to be used to extract a xz'ed file to stdout. Default is "xzcat" +config BR2_LZCAT + string "lzcat command" + default "lzip -d -c" + help + Command to be used to extract a lzip'ed file to stdout. + Default is "lzip -d -c" + config BR2_TAR_OPTIONS string "Tar options" default "" help Options to pass to tar when extracting the sources. - E.g. " -v --exclude='*.svn*'" to exclude all .svn internal files - and to be verbose. + E.g. " -v --exclude='*.svn*'" to exclude all .svn internal + files and to be verbose. endmenu @@ -182,6 +205,9 @@ config BR2_DL_DIR If the Linux shell environment has defined the BR2_DL_DIR environment variable, then this overrides this configuration item. + The directory is organized with a subdirectory for each + package. Each package has its own $(LIBFOO_DL_DIR) variable + that can be used to find the correct path. The default is $(TOPDIR)/dl @@ -314,6 +340,9 @@ config BR2_CCACHE_DIR default "$(HOME)/.buildroot-ccache" help Where ccache should store cached files. + If the Linux shell environment has defined the BR2_CCACHE_DIR + environment variable, then this overrides this configuration + item. config BR2_CCACHE_INITIAL_SETUP string "Compiler cache initial setup" @@ -361,36 +390,6 @@ config BR2_CCACHE_USE_BASEDIR endif -config BR2_DEPRECATED - bool "Show options and packages that are deprecated or obsolete" - help - This option shows outdated/obsolete versions of packages and - options that are otherwise hidden. - -if BR2_DEPRECATED - -config BR2_DEPRECATED_SINCE_2015_11 - bool - default y - -config BR2_DEPRECATED_SINCE_2016_02 - bool - default y - -config BR2_DEPRECATED_SINCE_2016_05 - bool - default y - -config BR2_DEPRECATED_SINCE_2016_08 - bool - default y - -config BR2_DEPRECATED_SINCE_2016_11 - bool - default y - -endif - config BR2_ENABLE_DEBUG bool "build packages with debugging symbols" help @@ -431,12 +430,9 @@ config BR2_DEBUG_3 endchoice endif -choice - prompt "strip command for binaries on target" - default BR2_STRIP_strip - config BR2_STRIP_strip - bool "strip" + bool "strip target binaries" + default y depends on !BR2_PACKAGE_HOST_ELF2FLT help Binaries and libraries in the target filesystem will be @@ -445,24 +441,18 @@ config BR2_STRIP_strip on the target are needed for native debugging, but not when remote debugging is used. -config BR2_STRIP_none - bool "none" - help - Do not strip binaries and libraries in the target filesystem. -endchoice - config BR2_STRIP_EXCLUDE_FILES string "executables that should not be stripped" - depends on !BR2_STRIP_none default "" + depends on BR2_STRIP_strip help You may specify a space-separated list of binaries and libraries here that should not be stripped on the target. config BR2_STRIP_EXCLUDE_DIRS string "directories that should be skipped when stripping" - depends on !BR2_STRIP_none default "" + depends on BR2_STRIP_strip help You may specify a space-separated list of directories that should be skipped when stripping. Binaries and libraries in @@ -479,7 +469,7 @@ choice config BR2_OPTIMIZE_0 bool "optimization level 0" help - Do not optimize. This is the default. + Do not optimize. config BR2_OPTIMIZE_1 bool "optimization level 1" @@ -546,17 +536,32 @@ config BR2_OPTIMIZE_S -falign-loops -falign-labels -freorder-blocks -freorder-blocks-and-partition -fprefetch-loop-arrays -ftree-vect-loop-version + This is the default. + +config BR2_OPTIMIZE_FAST + bool "optimize for fast" + depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_6 + help + Optimize for fast. Disregard strict standards + compliance. -Ofast enables all -O3 optimizations. It also + enables optimizations that are not valid for all + standard-compliant programs. It turns on -ffast-math and the + Fortran-specific -fstack-arrays, unless -fmax-stack-var-size + is specified, and -fno-protect-parens. endchoice config BR2_GOOGLE_BREAKPAD_ENABLE bool "Enable google-breakpad support" - select BR2_PACKAGE_GOOGLE_BREAKPAD depends on BR2_INSTALL_LIBSTDCPP + depends on BR2_HOST_GCC_AT_LEAST_4_8 # C++11 + depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # C++11 depends on BR2_USE_WCHAR depends on BR2_TOOLCHAIN_HAS_THREADS depends on (BR2_TOOLCHAIN_USES_GLIBC || BR2_TOOLCHAIN_USES_UCLIBC) depends on BR2_PACKAGE_GOOGLE_BREAKPAD_ARCH_SUPPORTS + depends on BR2_PACKAGE_HOST_GOOGLE_BREAKPAD_ARCH_SUPPORTS + select BR2_PACKAGE_GOOGLE_BREAKPAD help This option will enable the use of google breakpad, a library and tool suite that allows you to distribute an application to @@ -584,61 +589,6 @@ config BR2_GOOGLE_BREAKPAD_INCLUDE_FILES endif -choice - bool "build code with Stack Smashing Protection" - default BR2_SSP_ALL if BR2_ENABLE_SSP # legacy - depends on BR2_TOOLCHAIN_HAS_SSP - help - Enable stack smashing protection support using GCC's - -fstack-protector option family. - - See - http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt - for details. - - Note that this requires the toolchain to have SSP support. - This is always the case for glibc and eglibc toolchain, but is - optional in uClibc toolchains. - -config BR2_SSP_NONE - bool "None" - help - Disable stack-smashing protection. - -config BR2_SSP_REGULAR - bool "-fstack-protector" - help - Emit extra code to check for buffer overflows, such as stack - smashing attacks. This is done by adding a guard variable to - functions with vulnerable objects. This includes functions - that call alloca, and functions with buffers larger than 8 - bytes. The guards are initialized when a function is entered - and then checked when the function exits. If a guard check - fails, an error message is printed and the program exits. - -config BR2_SSP_STRONG - bool "-fstack-protector-strong" - depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 - help - Like -fstack-protector but includes additional functions to be - protected - those that have local array definitions, or have - references to local frame addresses. - -comment "Stack Smashing Protection strong needs a toolchain w/ gcc >= 4.9" - depends on !BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 - -config BR2_SSP_ALL - bool "-fstack-protector-all" - help - Like -fstack-protector except that all functions are - protected. This option might have a significant performance - impact on the compiled binaries. - -endchoice - -comment "Stack Smashing Protection needs a toolchain w/ SSP" - depends on !BR2_TOOLCHAIN_HAS_SSP - choice bool "libraries" default BR2_SHARED_LIBS if BR2_BINFMT_SUPPORTS_SHARED @@ -678,7 +628,6 @@ config BR2_SHARED_STATIC_LIBS endchoice - config BR2_PACKAGE_OVERRIDE_FILE string "location of a package override file" default "$(CONFIG_DIR)/local.mk" @@ -726,21 +675,157 @@ config BR2_COMPILER_PARANOID_UNSAFE_PATH Note that this mechanism is available for both the internal toolchain (through the toolchain wrapper and binutils patches) - and external toolchain backends (through the toolchain wrapper). + and external toolchain backends (through the toolchain + wrapper). config BR2_REPRODUCIBLE bool "Make the build reproducible (experimental)" + # SOURCE_DATE_EPOCH support in toolchain-wrapper requires GCC 4.4 + depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_4 help This option will remove all sources of non-reproducibility from the build process. For a given Buildroot configuration, this allows to generate exactly identical binaries from one build to the other, including on different machines. + The current implementation is restricted to builds with the + same output directory. Many (absolute) paths are recorded in + intermediary files, and it is very likely that some of these + paths leak into the target rootfs. If you build with the + same O=... path, however, the result is identical. + This is labeled as an experimental feature, as not all packages behave properly to ensure reproducibility. endmenu +comment "Security Hardening Options" + +choice + bool "Stack Smashing Protection" + default BR2_SSP_ALL if BR2_ENABLE_SSP # legacy + depends on BR2_TOOLCHAIN_HAS_SSP + help + Enable stack smashing protection support using GCC's + -fstack-protector option family. + + See + http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt + for details. + + Note that this requires the toolchain to have SSP support. + This is always the case for glibc and eglibc toolchain, but is + optional in uClibc toolchains. + +config BR2_SSP_NONE + bool "None" + help + Disable stack-smashing protection. + +config BR2_SSP_REGULAR + bool "-fstack-protector" + help + Emit extra code to check for buffer overflows, such as stack + smashing attacks. This is done by adding a guard variable to + functions with vulnerable objects. This includes functions + that call alloca, and functions with buffers larger than 8 + bytes. The guards are initialized when a function is entered + and then checked when the function exits. If a guard check + fails, an error message is printed and the program exits. + +config BR2_SSP_STRONG + bool "-fstack-protector-strong" + depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 + help + Like -fstack-protector but includes additional functions to be + protected - those that have local array definitions, or have + references to local frame addresses. + +comment "Stack Smashing Protection strong needs a toolchain w/ gcc >= 4.9" + depends on !BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 + +config BR2_SSP_ALL + bool "-fstack-protector-all" + help + Like -fstack-protector except that all functions are + protected. This option might have a significant performance + impact on the compiled binaries. + +endchoice + +comment "Stack Smashing Protection needs a toolchain w/ SSP" + depends on !BR2_TOOLCHAIN_HAS_SSP + +choice + bool "RELRO Protection" + depends on BR2_SHARED_LIBS + help + Enable a link-time protection know as RELRO (RELocation Read + Only) which helps to protect from certain type of exploitation + techniques altering the content of some ELF sections. + +config BR2_RELRO_NONE + bool "None" + help + Disables Relocation link-time protections. + +config BR2_RELRO_PARTIAL + bool "Partial" + help + This option makes the dynamic section not writeable after + initialization (with almost no performance penalty). + +config BR2_RELRO_FULL + bool "Full" + help + This option includes the partial configuration, but also marks + the GOT as read-only at the cost of initialization time during + program loading, i.e every time an executable is started. + +endchoice + +comment "RELocation Read Only (RELRO) needs shared libraries" + depends on !BR2_SHARED_LIBS + +choice + bool "Buffer-overflow Detection (FORTIFY_SOURCE)" + depends on BR2_TOOLCHAIN_USES_GLIBC + depends on !BR2_OPTIMIZE_0 + help + Enable the _FORTIFY_SOURCE macro which introduces additional + checks to detect buffer-overflows in the following standard + library functions: memcpy, mempcpy, memmove, memset, strcpy, + stpcpy, strncpy, strcat, strncat, sprintf, vsprintf, snprintf, + vsnprintf, gets. + + NOTE: This feature requires an optimization level of s/1/2/3/g + + Support for this feature has been present since GCC 4.x. + +config BR2_FORTIFY_SOURCE_NONE + bool "None" + help + Disables additional checks to detect buffer-overflows. + +config BR2_FORTIFY_SOURCE_1 + bool "Conservative" + help + This option sets _FORTIFY_SOURCE to 1 and only introduces + checks that shouldn't change the behavior of conforming + programs. Adds checks at compile-time only. + +config BR2_FORTIFY_SOURCE_2 + bool "Aggressive" + help + This option sets _FORTIFY_SOURCES to 2 and some more + checking is added, but some conforming programs might fail. + Also adds checks at run-time (detected buffer overflow + terminates the program) + +endchoice + +comment "Fortify Source needs a glibc toolchain and optimization" + depends on (!BR2_TOOLCHAIN_USES_GLIBC || BR2_OPTIMIZE_0) endmenu source "toolchain/Config.in" @@ -759,11 +844,4 @@ source "package/Config.in.host" source "Config.in.legacy" -menu "User-provided options" - depends on BR2_EXTERNAL != "support/dummy-external" - -source "$BR2_EXTERNAL/Config.in" - -endmenu - source "$BR2_BUILD_DIR/.br2-external.in"