X-Git-Url: http://rtime.felk.cvut.cz/gitweb/coffee/buildroot.git/blobdiff_plain/577021e81b0bf894d26d8127822410267b2bb411..HEAD:/Config.in diff --git a/Config.in b/Config.in index 1dd2bb36b3..6b5b2b043c 100644 --- a/Config.in +++ b/Config.in @@ -14,18 +14,23 @@ config BR2_HOSTARCH string option env="HOSTARCH" -config BR2_EXTERNAL +config BR2_BUILD_DIR string - option env="BR2_EXTERNAL" + option env="BUILD_DIR" # Hidden config symbols for packages to check system gcc version config BR2_HOST_GCC_VERSION string option env="HOST_GCC_VERSION" +config BR2_HOST_GCC_AT_LEAST_4_5 + bool + default y if BR2_HOST_GCC_VERSION = "4 5" + config BR2_HOST_GCC_AT_LEAST_4_6 bool default y if BR2_HOST_GCC_VERSION = "4 6" + select BR2_HOST_GCC_AT_LEAST_4_5 config BR2_HOST_GCC_AT_LEAST_4_7 bool @@ -47,8 +52,23 @@ config BR2_HOST_GCC_AT_LEAST_5 default y if BR2_HOST_GCC_VERSION = "5" select BR2_HOST_GCC_AT_LEAST_4_9 +config BR2_HOST_GCC_AT_LEAST_6 + bool + default y if BR2_HOST_GCC_VERSION = "6" + select BR2_HOST_GCC_AT_LEAST_5 + +config BR2_HOST_GCC_AT_LEAST_7 + bool + default y if BR2_HOST_GCC_VERSION = "7" + select BR2_HOST_GCC_AT_LEAST_6 + +config BR2_HOST_GCC_AT_LEAST_8 + bool + default y if BR2_HOST_GCC_VERSION = "8" + select BR2_HOST_GCC_AT_LEAST_7 + # Hidden boolean selected by packages in need of Java in order to build -# (example: xbmc) +# (example: kodi) config BR2_NEEDS_HOST_JAVA bool @@ -74,6 +94,11 @@ config BR2_HOSTARCH_NEEDS_IA32_LIBS config BR2_HOSTARCH_NEEDS_IA32_COMPILER bool +# Hidden boolean selected by packages that need the host to have an +# UTF8 locale. +config BR2_NEEDS_HOST_UTF8_LOCALE + bool + source "arch/Config.in" menu "Build options" @@ -86,7 +111,7 @@ config BR2_WGET config BR2_SVN string "Subversion (svn) command" - default "svn" + default "svn --non-interactive" config BR2_BZR string "Bazaar (bzr) command" @@ -143,13 +168,20 @@ config BR2_XZCAT Command to be used to extract a xz'ed file to stdout. Default is "xzcat" +config BR2_LZCAT + string "lzcat command" + default "lzip -d -c" + help + Command to be used to extract a lzip'ed file to stdout. + Default is "lzip -d -c" + config BR2_TAR_OPTIONS string "Tar options" default "" help Options to pass to tar when extracting the sources. - E.g. " -v --exclude='*.svn*'" to exclude all .svn internal files - and to be verbose. + E.g. " -v --exclude='*.svn*'" to exclude all .svn internal + files and to be verbose. endmenu @@ -173,6 +205,9 @@ config BR2_DL_DIR If the Linux shell environment has defined the BR2_DL_DIR environment variable, then this overrides this configuration item. + The directory is organized with a subdirectory for each + package. Each package has its own $(LIBFOO_DL_DIR) variable + that can be used to find the correct path. The default is $(TOPDIR)/dl @@ -305,6 +340,9 @@ config BR2_CCACHE_DIR default "$(HOME)/.buildroot-ccache" help Where ccache should store cached files. + If the Linux shell environment has defined the BR2_CCACHE_DIR + environment variable, then this overrides this configuration + item. config BR2_CCACHE_INITIAL_SETUP string "Compiler cache initial setup" @@ -352,36 +390,6 @@ config BR2_CCACHE_USE_BASEDIR endif -config BR2_DEPRECATED - bool "Show options and packages that are deprecated or obsolete" - help - This option shows outdated/obsolete versions of packages and - options that are otherwise hidden. - -if BR2_DEPRECATED - -config BR2_DEPRECATED_SINCE_2015_05 - bool - default y - -config BR2_DEPRECATED_SINCE_2015_08 - bool - default y - -config BR2_DEPRECATED_SINCE_2015_11 - bool - default y - -config BR2_DEPRECATED_SINCE_2016_02 - bool - default y - -config BR2_DEPRECATED_SINCE_2016_05 - bool - default y - -endif - config BR2_ENABLE_DEBUG bool "build packages with debugging symbols" help @@ -422,12 +430,9 @@ config BR2_DEBUG_3 endchoice endif -choice - prompt "strip command for binaries on target" - default BR2_STRIP_strip - config BR2_STRIP_strip - bool "strip" + bool "strip target binaries" + default y depends on !BR2_PACKAGE_HOST_ELF2FLT help Binaries and libraries in the target filesystem will be @@ -436,24 +441,18 @@ config BR2_STRIP_strip on the target are needed for native debugging, but not when remote debugging is used. -config BR2_STRIP_none - bool "none" - help - Do not strip binaries and libraries in the target filesystem. -endchoice - config BR2_STRIP_EXCLUDE_FILES string "executables that should not be stripped" - depends on !BR2_STRIP_none default "" + depends on BR2_STRIP_strip help You may specify a space-separated list of binaries and libraries here that should not be stripped on the target. config BR2_STRIP_EXCLUDE_DIRS string "directories that should be skipped when stripping" - depends on !BR2_STRIP_none default "" + depends on BR2_STRIP_strip help You may specify a space-separated list of directories that should be skipped when stripping. Binaries and libraries in @@ -470,7 +469,7 @@ choice config BR2_OPTIMIZE_0 bool "optimization level 0" help - Do not optimize. This is the default. + Do not optimize. config BR2_OPTIMIZE_1 bool "optimization level 1" @@ -537,15 +536,32 @@ config BR2_OPTIMIZE_S -falign-loops -falign-labels -freorder-blocks -freorder-blocks-and-partition -fprefetch-loop-arrays -ftree-vect-loop-version + This is the default. + +config BR2_OPTIMIZE_FAST + bool "optimize for fast" + depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_6 + help + Optimize for fast. Disregard strict standards + compliance. -Ofast enables all -O3 optimizations. It also + enables optimizations that are not valid for all + standard-compliant programs. It turns on -ffast-math and the + Fortran-specific -fstack-arrays, unless -fmax-stack-var-size + is specified, and -fno-protect-parens. endchoice config BR2_GOOGLE_BREAKPAD_ENABLE bool "Enable google-breakpad support" - select BR2_PACKAGE_GOOGLE_BREAKPAD depends on BR2_INSTALL_LIBSTDCPP - depends on BR2_TOOLCHAIN_USES_GLIBC + depends on BR2_HOST_GCC_AT_LEAST_4_8 # C++11 + depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # C++11 + depends on BR2_USE_WCHAR + depends on BR2_TOOLCHAIN_HAS_THREADS + depends on (BR2_TOOLCHAIN_USES_GLIBC || BR2_TOOLCHAIN_USES_UCLIBC) depends on BR2_PACKAGE_GOOGLE_BREAKPAD_ARCH_SUPPORTS + depends on BR2_PACKAGE_HOST_GOOGLE_BREAKPAD_ARCH_SUPPORTS + select BR2_PACKAGE_GOOGLE_BREAKPAD help This option will enable the use of google breakpad, a library and tool suite that allows you to distribute an application to @@ -573,61 +589,6 @@ config BR2_GOOGLE_BREAKPAD_INCLUDE_FILES endif -choice - bool "build code with Stack Smashing Protection" - default BR2_SSP_ALL if BR2_ENABLE_SSP # legacy - depends on BR2_TOOLCHAIN_HAS_SSP - help - Enable stack smashing protection support using GCC's - -fstack-protector option family. - - See - http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt - for details. - - Note that this requires the toolchain to have SSP support. - This is always the case for glibc and eglibc toolchain, but is - optional in uClibc toolchains. - -config BR2_SSP_NONE - bool "None" - help - Disable stack-smashing protection. - -config BR2_SSP_REGULAR - bool "-fstack-protector" - help - Emit extra code to check for buffer overflows, such as stack - smashing attacks. This is done by adding a guard variable to - functions with vulnerable objects. This includes functions - that call alloca, and functions with buffers larger than 8 - bytes. The guards are initialized when a function is entered - and then checked when the function exits. If a guard check - fails, an error message is printed and the program exits. - -config BR2_SSP_STRONG - bool "-fstack-protector-strong" - depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 - help - Like -fstack-protector but includes additional functions to be - protected - those that have local array definitions, or have - references to local frame addresses. - -comment "Stack Smashing Protection strong needs a toolchain w/ gcc >= 4.9" - depends on !BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 - -config BR2_SSP_ALL - bool "-fstack-protector-all" - help - Like -fstack-protector except that all functions are - protected. This option might have a significant performance - impact on the compiled binaries. - -endchoice - -comment "Stack Smashing Protection needs a toolchain w/ SSP" - depends on !BR2_TOOLCHAIN_HAS_SSP - choice bool "libraries" default BR2_SHARED_LIBS if BR2_BINFMT_SUPPORTS_SHARED @@ -643,7 +604,7 @@ config BR2_STATIC_LIBS bool "static only" help Build and use only static libraries. No shared libraries will - be instaled on the target. This potentially increases your + be installed on the target. This potentially increases your code size and should only be used if you know what you are doing. Note that some packages may not be available when this option is enabled, due to their need for dynamic library @@ -667,7 +628,6 @@ config BR2_SHARED_STATIC_LIBS endchoice - config BR2_PACKAGE_OVERRIDE_FILE string "location of a package override file" default "$(CONFIG_DIR)/local.mk" @@ -715,10 +675,157 @@ config BR2_COMPILER_PARANOID_UNSAFE_PATH Note that this mechanism is available for both the internal toolchain (through the toolchain wrapper and binutils patches) - and external toolchain backends (through the toolchain wrapper). + and external toolchain backends (through the toolchain + wrapper). + +config BR2_REPRODUCIBLE + bool "Make the build reproducible (experimental)" + # SOURCE_DATE_EPOCH support in toolchain-wrapper requires GCC 4.4 + depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_4 + help + This option will remove all sources of non-reproducibility + from the build process. For a given Buildroot configuration, + this allows to generate exactly identical binaries from one + build to the other, including on different machines. + + The current implementation is restricted to builds with the + same output directory. Many (absolute) paths are recorded in + intermediary files, and it is very likely that some of these + paths leak into the target rootfs. If you build with the + same O=... path, however, the result is identical. + + This is labeled as an experimental feature, as not all + packages behave properly to ensure reproducibility. endmenu +comment "Security Hardening Options" + +choice + bool "Stack Smashing Protection" + default BR2_SSP_ALL if BR2_ENABLE_SSP # legacy + depends on BR2_TOOLCHAIN_HAS_SSP + help + Enable stack smashing protection support using GCC's + -fstack-protector option family. + + See + http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt + for details. + + Note that this requires the toolchain to have SSP support. + This is always the case for glibc and eglibc toolchain, but is + optional in uClibc toolchains. + +config BR2_SSP_NONE + bool "None" + help + Disable stack-smashing protection. + +config BR2_SSP_REGULAR + bool "-fstack-protector" + help + Emit extra code to check for buffer overflows, such as stack + smashing attacks. This is done by adding a guard variable to + functions with vulnerable objects. This includes functions + that call alloca, and functions with buffers larger than 8 + bytes. The guards are initialized when a function is entered + and then checked when the function exits. If a guard check + fails, an error message is printed and the program exits. + +config BR2_SSP_STRONG + bool "-fstack-protector-strong" + depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 + help + Like -fstack-protector but includes additional functions to be + protected - those that have local array definitions, or have + references to local frame addresses. + +comment "Stack Smashing Protection strong needs a toolchain w/ gcc >= 4.9" + depends on !BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 + +config BR2_SSP_ALL + bool "-fstack-protector-all" + help + Like -fstack-protector except that all functions are + protected. This option might have a significant performance + impact on the compiled binaries. + +endchoice + +comment "Stack Smashing Protection needs a toolchain w/ SSP" + depends on !BR2_TOOLCHAIN_HAS_SSP + +choice + bool "RELRO Protection" + depends on BR2_SHARED_LIBS + help + Enable a link-time protection know as RELRO (RELocation Read + Only) which helps to protect from certain type of exploitation + techniques altering the content of some ELF sections. + +config BR2_RELRO_NONE + bool "None" + help + Disables Relocation link-time protections. + +config BR2_RELRO_PARTIAL + bool "Partial" + help + This option makes the dynamic section not writeable after + initialization (with almost no performance penalty). + +config BR2_RELRO_FULL + bool "Full" + help + This option includes the partial configuration, but also marks + the GOT as read-only at the cost of initialization time during + program loading, i.e every time an executable is started. + +endchoice + +comment "RELocation Read Only (RELRO) needs shared libraries" + depends on !BR2_SHARED_LIBS + +choice + bool "Buffer-overflow Detection (FORTIFY_SOURCE)" + depends on BR2_TOOLCHAIN_USES_GLIBC + depends on !BR2_OPTIMIZE_0 + help + Enable the _FORTIFY_SOURCE macro which introduces additional + checks to detect buffer-overflows in the following standard + library functions: memcpy, mempcpy, memmove, memset, strcpy, + stpcpy, strncpy, strcat, strncat, sprintf, vsprintf, snprintf, + vsnprintf, gets. + + NOTE: This feature requires an optimization level of s/1/2/3/g + + Support for this feature has been present since GCC 4.x. + +config BR2_FORTIFY_SOURCE_NONE + bool "None" + help + Disables additional checks to detect buffer-overflows. + +config BR2_FORTIFY_SOURCE_1 + bool "Conservative" + help + This option sets _FORTIFY_SOURCE to 1 and only introduces + checks that shouldn't change the behavior of conforming + programs. Adds checks at compile-time only. + +config BR2_FORTIFY_SOURCE_2 + bool "Aggressive" + help + This option sets _FORTIFY_SOURCES to 2 and some more + checking is added, but some conforming programs might fail. + Also adds checks at run-time (detected buffer overflow + terminates the program) + +endchoice + +comment "Fortify Source needs a glibc toolchain and optimization" + depends on (!BR2_TOOLCHAIN_USES_GLIBC || BR2_OPTIMIZE_0) endmenu source "toolchain/Config.in" @@ -737,9 +844,4 @@ source "package/Config.in.host" source "Config.in.legacy" -menu "User-provided options" - depends on BR2_EXTERNAL != "support/dummy-external" - -source "$BR2_EXTERNAL/Config.in" - -endmenu +source "$BR2_BUILD_DIR/.br2-external.in"