X-Git-Url: http://rtime.felk.cvut.cz/gitweb/coffee/buildroot.git/blobdiff_plain/dfae6f6765a6e596cde9f40de73b0c1979269174..HEAD:/Config.in diff --git a/Config.in b/Config.in index 8ff725a426..6b5b2b043c 100644 --- a/Config.in +++ b/Config.in @@ -14,15 +14,74 @@ config BR2_HOSTARCH string option env="HOSTARCH" -config BR2_EXTERNAL +config BR2_BUILD_DIR string - option env="BR2_EXTERNAL" + option env="BUILD_DIR" + +# Hidden config symbols for packages to check system gcc version +config BR2_HOST_GCC_VERSION + string + option env="HOST_GCC_VERSION" + +config BR2_HOST_GCC_AT_LEAST_4_5 + bool + default y if BR2_HOST_GCC_VERSION = "4 5" + +config BR2_HOST_GCC_AT_LEAST_4_6 + bool + default y if BR2_HOST_GCC_VERSION = "4 6" + select BR2_HOST_GCC_AT_LEAST_4_5 + +config BR2_HOST_GCC_AT_LEAST_4_7 + bool + default y if BR2_HOST_GCC_VERSION = "4 7" + select BR2_HOST_GCC_AT_LEAST_4_6 + +config BR2_HOST_GCC_AT_LEAST_4_8 + bool + default y if BR2_HOST_GCC_VERSION = "4 8" + select BR2_HOST_GCC_AT_LEAST_4_7 + +config BR2_HOST_GCC_AT_LEAST_4_9 + bool + default y if BR2_HOST_GCC_VERSION = "4 9" + select BR2_HOST_GCC_AT_LEAST_4_8 + +config BR2_HOST_GCC_AT_LEAST_5 + bool + default y if BR2_HOST_GCC_VERSION = "5" + select BR2_HOST_GCC_AT_LEAST_4_9 + +config BR2_HOST_GCC_AT_LEAST_6 + bool + default y if BR2_HOST_GCC_VERSION = "6" + select BR2_HOST_GCC_AT_LEAST_5 + +config BR2_HOST_GCC_AT_LEAST_7 + bool + default y if BR2_HOST_GCC_VERSION = "7" + select BR2_HOST_GCC_AT_LEAST_6 + +config BR2_HOST_GCC_AT_LEAST_8 + bool + default y if BR2_HOST_GCC_VERSION = "8" + select BR2_HOST_GCC_AT_LEAST_7 # Hidden boolean selected by packages in need of Java in order to build -# (example: xbmc) +# (example: kodi) config BR2_NEEDS_HOST_JAVA bool +# Hidden boolean selected by packages in need of javac in order to build +# (example: classpath) +config BR2_NEEDS_HOST_JAVAC + bool + +# Hidden boolean selected by packages in need of jar in order to build +# (example: classpath) +config BR2_NEEDS_HOST_JAR + bool + # Hidden boolean selected by pre-built packages for x86, when they # need to run on x86-64 machines (example: pre-built external # toolchains, binary tools like SAM-BA, etc.). @@ -35,6 +94,11 @@ config BR2_HOSTARCH_NEEDS_IA32_LIBS config BR2_HOSTARCH_NEEDS_IA32_COMPILER bool +# Hidden boolean selected by packages that need the host to have an +# UTF8 locale. +config BR2_NEEDS_HOST_UTF8_LOCALE + bool + source "arch/Config.in" menu "Build options" @@ -47,7 +111,7 @@ config BR2_WGET config BR2_SVN string "Subversion (svn) command" - default "svn" + default "svn --non-interactive" config BR2_BZR string "Bazaar (bzr) command" @@ -81,9 +145,9 @@ config BR2_ZCAT string "zcat command" default "gzip -d -c" help - Command to be used to extract a gzip'ed file to stdout. - zcat is identical to gunzip -c except that the former may - not be available on your system. + Command to be used to extract a gzip'ed file to stdout. zcat + is identical to gunzip -c except that the former may not be + available on your system. Default is "gzip -d -c" Other possible values include "gunzip -c" or "zcat". @@ -104,13 +168,20 @@ config BR2_XZCAT Command to be used to extract a xz'ed file to stdout. Default is "xzcat" +config BR2_LZCAT + string "lzcat command" + default "lzip -d -c" + help + Command to be used to extract a lzip'ed file to stdout. + Default is "lzip -d -c" + config BR2_TAR_OPTIONS string "Tar options" default "" help Options to pass to tar when extracting the sources. - E.g. " -v --exclude='*.svn*'" to exclude all .svn internal files - and to be verbose. + E.g. " -v --exclude='*.svn*'" to exclude all .svn internal + files and to be verbose. endmenu @@ -123,8 +194,8 @@ config BR2_DEFCONFIG default BR2_DEFCONFIG_FROM_ENV if BR2_DEFCONFIG_FROM_ENV != "" default "$(CONFIG_DIR)/defconfig" help - When running 'make savedefconfig', the defconfig file will be saved - in this location. + When running 'make savedefconfig', the defconfig file will be + saved in this location. config BR2_DL_DIR string "Download dir" @@ -132,7 +203,11 @@ config BR2_DL_DIR help Directory to store all the source files that we need to fetch. If the Linux shell environment has defined the BR2_DL_DIR - environment variable, then this overrides this configuration item. + environment variable, then this overrides this configuration + item. + The directory is organized with a subdirectory for each + package. Each package has its own $(LIBFOO_DL_DIR) variable + that can be used to find the correct path. The default is $(TOPDIR)/dl @@ -140,9 +215,9 @@ config BR2_HOST_DIR string "Host dir" default "$(BASE_DIR)/host" help - Directory to store all the binary files that are built for the host. - This includes the cross compilation toolchain when building the - internal buildroot toolchain. + Directory to store all the binary files that are built for the + host. This includes the cross compilation toolchain when + building the internal buildroot toolchain. The default is $(BASE_DIR)/host @@ -152,13 +227,13 @@ config BR2_PRIMARY_SITE string "Primary download site" default "" help - Primary site to download from. If this option is set then buildroot - will try to download package source first from this site and try the - default if the file is not found. - Valid URIs are URIs recognized by $(WGET) and scp URIs of the form - scp://[user@]host:path. - NOTE: This works for all packages using the central package - infrastructure (generic, autotools, cmake, ...) + Primary site to download from. If this option is set then + buildroot will try to download package source first from this + site and try the default if the file is not found. + Valid URIs are: + - URIs recognized by $(WGET) + - local URIs of the form file://absolutepath + - scp URIs of the form scp://[user@]host:path. config BR2_PRIMARY_SITE_ONLY bool "Only allow downloads from primary download site" @@ -167,11 +242,11 @@ config BR2_PRIMARY_SITE_ONLY If this option is enabled, downloads will only be attempted from the primary download site. Other locations, like the package's official download location or the backup download - site, will not be considered. Therefore, if the package is - not present on the primary site, the download fails. + site, will not be considered. Therefore, if the package is not + present on the primary site, the download fails. - This is useful for project developers who want to ensure - that the project can be built even if the upstream tarball + This is useful for project developers who want to ensure that + the project can be built even if the upstream tarball locations disappear. if !BR2_PRIMARY_SITE_ONLY @@ -180,51 +255,43 @@ config BR2_BACKUP_SITE string "Backup download site" default "http://sources.buildroot.net" help - Backup site to download from. If this option is set then buildroot - will fall back to download package sources from here if the - normal location fails. + Backup site to download from. If this option is set then + buildroot will fall back to download package sources from here + if the normal location fails. config BR2_KERNEL_MIRROR string "Kernel.org mirror" - default "https://www.kernel.org/pub" + default "https://cdn.kernel.org/pub" help - kernel.org is mirrored on a number of servers around the world. - The following allows you to select your preferred mirror. + kernel.org is mirrored on a number of servers around the + world. The following allows you to select your preferred + mirror. By default, a CDN is used, which automatically + redirects to a mirror geographically close to you. - Have a look on the kernel.org site for a list of mirrors, then enter - the URL to the base directory. Examples: + Have a look on the kernel.org site for a list of mirrors, then + enter the URL to the base directory. Examples: http://www.XX.kernel.org/pub (XX = country code) http://mirror.aarnet.edu.au/pub/ftp.kernel.org config BR2_GNU_MIRROR string "GNU Software mirror" - default "http://ftp.gnu.org/pub/gnu" + default "http://ftpmirror.gnu.org" help - GNU has multiple software mirrors scattered around the world. - The following allows you to select your preferred mirror. + GNU has multiple software mirrors scattered around the + world. The following allows you to select your preferred + mirror. By default, a generic address is used, which + automatically selects an up-to-date and local mirror. - Have a look on the gnu.org site for a list of mirrors, then enter - the URL to the base directory. Examples: + Have a look on the gnu.org site for a list of mirrors, then + enter the URL to the base directory. Examples: http://ftp.gnu.org/pub/gnu http://mirror.aarnet.edu.au/pub/gnu -config BR2_DEBIAN_MIRROR - string "Debian Software mirror" - default "http://ftp.debian.org" - help - Debian has multiple software mirrors scattered around the world. - The following allows you to select your preferred mirror. - - Usually, just add your country code like XX here: - http://ftp.XX.debian.org - -endif - config BR2_LUAROCKS_MIRROR string "LuaRocks mirror" - default "http://luarocks.org/repositories/rocks" + default "http://rocks.moonscript.org" help LuaRocks repository. @@ -232,65 +299,94 @@ config BR2_LUAROCKS_MIRROR config BR2_CPAN_MIRROR string "CPAN mirror (Perl packages)" - default "http://search.cpan.org/CPAN" + default "http://cpan.metacpan.org" help - CPAN (Comprehensive Perl Archive Network) is a repository - of Perl packages. It has multiple software mirrors scattered + CPAN (Comprehensive Perl Archive Network) is a repository of + Perl packages. It has multiple software mirrors scattered around the world. This option allows you to select a mirror. The list of mirrors is available at: http://search.cpan.org/mirror +endif + endmenu config BR2_JLEVEL int "Number of jobs to run simultaneously (0 for auto)" default "0" help - Number of jobs to run simultaneously. If 0, determine - automatically according to number of CPUs on the host - system. + Number of jobs to run simultaneously. If 0, determine + automatically according to number of CPUs on the host system. config BR2_CCACHE bool "Enable compiler cache" help - This option will enable the use of ccache, a compiler - cache. It will cache the result of previous builds to speed - up future builds. The cache is stored in + This option will enable the use of ccache, a compiler cache. + It will cache the result of previous builds to speed up future + builds. By default, the cache is stored in $HOME/.buildroot-ccache. Note that Buildroot does not try to invalidate the cache - contents when the compiler changes in an incompatible - way. Therefore, if you make a change to the compiler version - and/or configuration, you are responsible for purging the - ccache cache by removing the $HOME/.buildroot-ccache - directory. + contents when the compiler changes in an incompatible way. + Therefore, if you make a change to the compiler version and/or + configuration, you are responsible for purging the ccache + cache by removing the $HOME/.buildroot-ccache directory. + +if BR2_CCACHE config BR2_CCACHE_DIR string "Compiler cache location" - depends on BR2_CCACHE default "$(HOME)/.buildroot-ccache" help Where ccache should store cached files. + If the Linux shell environment has defined the BR2_CCACHE_DIR + environment variable, then this overrides this configuration + item. -config BR2_DEPRECATED - bool "Show packages that are deprecated or obsolete" +config BR2_CCACHE_INITIAL_SETUP + string "Compiler cache initial setup" help - This option hides outdated/obsolete versions of packages. + Initial ccache settings to apply, such as --max-files or + --max-size. -if BR2_DEPRECATED + For example, if your project is known to require more space + than the default max cache size, then you might want to + increase the cache size to a suitable amount using the -M + (--max-size) option. -config BR2_DEPRECATED_SINCE_2013_11 - bool - default y + The string you specify here is passed verbatim to ccache. + Refer to ccache documentation for more details. -config BR2_DEPRECATED_SINCE_2014_02 - bool - default y + These initial settings are applied after ccache has been + compiled. -config BR2_DEPRECATED_SINCE_2014_05 - bool +config BR2_CCACHE_USE_BASEDIR + bool "Use relative paths" default y + help + Allow ccache to convert absolute paths within the output + directory into relative paths. + + During the build, many -I include directives are given with an + absolute path. These absolute paths end up in the hashes that + are computed by ccache. Therefore, when you build from a + different directory, the hash will be different and the cached + object will not be used. + + To improve cache performance, set this option to y. This + allows ccache to rewrite absolute paths within the output + directory into relative paths. Note that only paths within the + output directory will be rewritten; therefore, if you change + BR2_HOST_DIR to point outside the output directory and + subsequently move it to a different location, this will lead + to cache misses. + + This option has as a result that the debug information in the + object files also has only relative paths. Therefore, make + sure you cd to the build directory before starting gdb. See + the section "COMPILING IN DIFFERENT DIRECTORIES" in the ccache + manual for more information. endif @@ -314,11 +410,11 @@ choice config BR2_DEBUG_1 bool "debug level 1" help - Debug level 1 produces minimal information, enough - for making backtraces in parts of the program that - you don't plan to debug. This includes descriptions - of functions and external variables, but no information - about local variables and no line numbers. + Debug level 1 produces minimal information, enough for making + backtraces in parts of the program that you don't plan to + debug. This includes descriptions of functions and external + variables, but no information about local variables and no + line numbers. config BR2_DEBUG_2 bool "debug level 2" @@ -328,64 +424,41 @@ config BR2_DEBUG_2 config BR2_DEBUG_3 bool "debug level 3" help - Level 3 includes extra information, such as all the - macro definitions present in the program. Some debuggers - support macro expansion when you use -g3. + Level 3 includes extra information, such as all the macro + definitions present in the program. Some debuggers support + macro expansion when you use -g3. endchoice endif -choice - prompt "strip command for binaries on target" - default BR2_STRIP_strip - config BR2_STRIP_strip - bool "strip" - depends on !BR2_PACKAGE_HOST_ELF2FLT - help - Binaries and libraries in the target filesystem will be - stripped using the normal 'strip' command. This allows to - save space, mainly by removing debugging symbols. Debugging - symbols on the target are needed for native debugging, but - not when remote debugging is used. - -config BR2_STRIP_sstrip - bool "sstrip" - select BR2_PACKAGE_SSTRIP_HOST + bool "strip target binaries" + default y depends on !BR2_PACKAGE_HOST_ELF2FLT - depends on BR2_DEPRECATED_SINCE_2014_05 help Binaries and libraries in the target filesystem will be - stripped using the 'sstrip' command, which strips a little - bit more than the traditional 'strip' command. This allows to - save space, mainly by removing debugging symbols. Debugging - symbols on the target are needed for native debugging, but - not when remote debugging is used. - -config BR2_STRIP_none - bool "none" - help - Do not strip binaries and libraries in the target - filesystem. -endchoice + stripped using the normal 'strip' command. This allows to save + space, mainly by removing debugging symbols. Debugging symbols + on the target are needed for native debugging, but not when + remote debugging is used. config BR2_STRIP_EXCLUDE_FILES string "executables that should not be stripped" - depends on !BR2_STRIP_none default "" + depends on BR2_STRIP_strip help - You may specify a space-separated list of binaries and libraries - here that should not be stripped on the target. + You may specify a space-separated list of binaries and + libraries here that should not be stripped on the target. config BR2_STRIP_EXCLUDE_DIRS string "directories that should be skipped when stripping" - depends on !BR2_STRIP_none default "" + depends on BR2_STRIP_strip help - You may specify a space-separated list of directories that should - be skipped when stripping. Binaries and libraries in these - directories will not be touched. - The directories should be specified relative to the target directory, - without leading slash. + You may specify a space-separated list of directories that + should be skipped when stripping. Binaries and libraries in + these directories will not be touched. The directories should + be specified relative to the target directory, without leading + slash. choice prompt "gcc optimization level" @@ -396,122 +469,365 @@ choice config BR2_OPTIMIZE_0 bool "optimization level 0" help - Do not optimize. This is the default. + Do not optimize. config BR2_OPTIMIZE_1 bool "optimization level 1" help - Optimize. Optimizing compilation takes somewhat more time, - and a lot more memory for a large function. With -O, the - compiler tries to reduce code size and execution time, - without performing any optimizations that take a great deal - of compilation time. -O turns on the following optimization + Optimize. Optimizing compilation takes somewhat more time, and + a lot more memory for a large function. With -O, the compiler + tries to reduce code size and execution time, without + performing any optimizations that take a great deal of + compilation time. -O turns on the following optimization flags: -fdefer-pop -fdelayed-branch -fguess-branch-probability -fcprop-registers -floop-optimize -fif-conversion -fif-conversion2 -ftree-ccp -ftree-dce -ftree-dominator-opts -ftree-dse -ftree-ter -ftree-lrs -ftree-sra -ftree-copyrename - -ftree-fre -ftree-ch -funit-at-a-time -fmerge-constants - -O also turns on -fomit-frame-pointer on machines where doing - so does not interfere with debugging. + -ftree-fre -ftree-ch -funit-at-a-time -fmerge-constants. -O + also turns on -fomit-frame-pointer on machines where doing so + does not interfere with debugging. config BR2_OPTIMIZE_2 bool "optimization level 2" help - Optimize even more. GCC performs nearly all supported optimizations - that do not involve a space-speed tradeoff. The compiler does not - perform loop unrolling or function inlining when you specify -O2. - As compared to -O, this option increases both compilation time and - the performance of the generated code. -O2 turns on all optimization - flags specified by -O. It also turns on the following optimization - flags: -fthread-jumps -fcrossjumping -foptimize-sibling-calls + Optimize even more. GCC performs nearly all supported + optimizations that do not involve a space-speed tradeoff. The + compiler does not perform loop unrolling or function inlining + when you specify -O2. As compared to -O, this option increases + both compilation time and the performance of the generated + code. -O2 turns on all optimization flags specified by -O. It + also turns on the following optimization flags: + -fthread-jumps -fcrossjumping -foptimize-sibling-calls -fcse-follow-jumps -fcse-skip-blocks -fgcse -fgcse-lm - -fexpensive-optimizations -fstrength-reduce -frerun-cse-after-loop - -frerun-loop-opt -fcaller-saves -fpeephole2 -fschedule-insns - -fschedule-insns2 -fsched-interblock -fsched-spec -fregmove - -fstrict-aliasing -fdelete-null-pointer-checks -freorder-blocks - -freorder-functions -falign-functions -falign-jumps -falign-loops - -falign-labels -ftree-vrp -ftree-pre - Please note the warning under -fgcse about invoking -O2 on programs + -fexpensive-optimizations -fstrength-reduce + -frerun-cse-after-loop -frerun-loop-opt -fcaller-saves + -fpeephole2 -fschedule-insns -fschedule-insns2 + -fsched-interblock -fsched-spec -fregmove -fstrict-aliasing + -fdelete-null-pointer-checks -freorder-blocks + -freorder-functions -falign-functions -falign-jumps + -falign-loops -falign-labels -ftree-vrp -ftree-pre. Please + note the warning under -fgcse about invoking -O2 on programs that use computed gotos. config BR2_OPTIMIZE_3 bool "optimization level 3" help - Optimize yet more. -O3 turns on all optimizations specified by -O2 - and also turns on the -finline-functions, -funswitch-loops and - -fgcse-after-reload options. + Optimize yet more. -O3 turns on all optimizations specified by + -O2 and also turns on the -finline-functions, -funswitch-loops + and -fgcse-after-reload options. + +config BR2_OPTIMIZE_G + bool "optimize for debugging" + depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 + help + Optimize for debugging. This enables optimizations that do not + interfere with debugging. It should be the optimization level + of choice for the standard edit-compile-debug cycle, offering + a reasonable level of optimization while maintaining fast + compilation and a good debugging experience. config BR2_OPTIMIZE_S bool "optimize for size" help - Optimize for size. -Os enables all -O2 optimizations that do not - typically increase code size. It also performs further optimizations - designed to reduce code size. -Os disables the following optimization - flags: -falign-functions -falign-jumps -falign-loops -falign-labels - -freorder-blocks -freorder-blocks-and-partition -fprefetch-loop-arrays + Optimize for size. -Os enables all -O2 optimizations that do + not typically increase code size. It also performs further + optimizations designed to reduce code size. -Os disables the + following optimization flags: -falign-functions -falign-jumps + -falign-loops -falign-labels -freorder-blocks + -freorder-blocks-and-partition -fprefetch-loop-arrays -ftree-vect-loop-version + This is the default. + +config BR2_OPTIMIZE_FAST + bool "optimize for fast" + depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_6 + help + Optimize for fast. Disregard strict standards + compliance. -Ofast enables all -O3 optimizations. It also + enables optimizations that are not valid for all + standard-compliant programs. It turns on -ffast-math and the + Fortran-specific -fstack-arrays, unless -fmax-stack-var-size + is specified, and -fno-protect-parens. endchoice -config BR2_ENABLE_SSP - bool "build code with Stack Smashing Protection" - depends on BR2_TOOLCHAIN_HAS_SSP +config BR2_GOOGLE_BREAKPAD_ENABLE + bool "Enable google-breakpad support" + depends on BR2_INSTALL_LIBSTDCPP + depends on BR2_HOST_GCC_AT_LEAST_4_8 # C++11 + depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # C++11 + depends on BR2_USE_WCHAR + depends on BR2_TOOLCHAIN_HAS_THREADS + depends on (BR2_TOOLCHAIN_USES_GLIBC || BR2_TOOLCHAIN_USES_UCLIBC) + depends on BR2_PACKAGE_GOOGLE_BREAKPAD_ARCH_SUPPORTS + depends on BR2_PACKAGE_HOST_GOOGLE_BREAKPAD_ARCH_SUPPORTS + select BR2_PACKAGE_GOOGLE_BREAKPAD + help + This option will enable the use of google breakpad, a library + and tool suite that allows you to distribute an application to + users with compiler-provided debugging information removed, + record crashes in compact "minidump" files, send them back to + your server and produce C and C++ stack traces from these + minidumps. Breakpad can also write minidumps on request for + programs that have not crashed. + +if BR2_GOOGLE_BREAKPAD_ENABLE + +config BR2_GOOGLE_BREAKPAD_INCLUDE_FILES + string "List of executables and libraries to extract symbols from" + default "" help - Enable stack smashing protection support using GCCs - -fstack-protector-all option. + You may specify a space-separated list of binaries and + libraries with full paths relative to $(TARGET_DIR) of which + debug symbols will be dumped for further use with google + breakpad. - See http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt - for details. + A directory structure that can be used by minidump-stackwalk + will be created at: - Note that this requires the toolchain to have SSP - support. This is always the case for glibc and eglibc - toolchain, but is optional in uClibc toolchains. + $(STAGING_DIR)/usr/share/google-breakpad-symbols -comment "enabling Stack Smashing Protection requires support in the toolchain" - depends on !BR2_TOOLCHAIN_HAS_SSP +endif + +choice + bool "libraries" + default BR2_SHARED_LIBS if BR2_BINFMT_SUPPORTS_SHARED + default BR2_STATIC_LIBS if !BR2_BINFMT_SUPPORTS_SHARED + help + Select the type of libraries you want to use on the target. -config BR2_PREFER_STATIC_LIB - bool "prefer static libraries" + The default is to build dynamic libraries and use those on the + target filesystem, except when the architecture and/or the + selected binary format does not support shared libraries. + +config BR2_STATIC_LIBS + bool "static only" help - Where possible, build and use static libraries for the target. - This potentially increases your code size and should only be - used if you know what you do. - The default is to build dynamic libraries and use those on - the target filesystem. + Build and use only static libraries. No shared libraries will + be installed on the target. This potentially increases your + code size and should only be used if you know what you are + doing. Note that some packages may not be available when this + option is enabled, due to their need for dynamic library + support. - WARNING: This is highly experimental at the moment. +config BR2_SHARED_LIBS + bool "shared only" + depends on BR2_BINFMT_SUPPORTS_SHARED + help + Build and use only shared libraries. This is the recommended + solution as it saves space and build time. + +config BR2_SHARED_STATIC_LIBS + bool "both static and shared" + depends on BR2_BINFMT_SUPPORTS_SHARED + help + Build both shared and static libraries, but link executables + dynamically. While building both shared and static libraries + take more time and more disk space, having static libraries + may be useful to link some of the applications statically. + +endchoice config BR2_PACKAGE_OVERRIDE_FILE string "location of a package override file" default "$(CONFIG_DIR)/local.mk" help A package override file is a short makefile that contains - variable definitions of the form _OVERRIDE_SRCDIR, - which allows to tell Buildroot to use an existing directory - as the source directory for a particular package. See the - Buildroot documentation for more details on this feature. + variable definitions of the form _OVERRIDE_SRCDIR, which + allows to tell Buildroot to use an existing directory as the + source directory for a particular package. See the Buildroot + documentation for more details on this feature. config BR2_GLOBAL_PATCH_DIR string "global patch directories" help - You may specify a space separated list of one or more directories - containing global package patches. For a specific version - of a specific package , patches are - applied as follows: + You may specify a space separated list of one or more + directories containing global package patches. For a specific + version of a specific package , + patches are applied as follows: - First, the default Buildroot patch set for the package is applied - from the package's directory in Buildroot. + First, the default Buildroot patch set for the package is + applied from the package's directory in Buildroot. Then for every directory - - that exists in BR2_GLOBAL_PATCH_DIR, if the directory - /// exists, then all - *.patch files in this directory will be applied. + /// exists, + then all *.patch files in this directory will be applied. + + Otherwise, if the directory / + exists, then all *.patch files in the directory will be + applied. + +menu "Advanced" + +config BR2_COMPILER_PARANOID_UNSAFE_PATH + bool "paranoid check of library/header paths" + default y + help + By default, when this option is disabled, when the Buildroot + cross-compiler will encounter an unsafe library or header path + (such as /usr/include, or /usr/lib), the compiler will display + a warning. - Otherwise, if the directory / exists, - then all *.patch files in the directory will be applied. + By enabling this option, this warning is turned into an error, + which will completely abort the build when such unsafe paths + are encountered. + + Note that this mechanism is available for both the internal + toolchain (through the toolchain wrapper and binutils patches) + and external toolchain backends (through the toolchain + wrapper). + +config BR2_REPRODUCIBLE + bool "Make the build reproducible (experimental)" + # SOURCE_DATE_EPOCH support in toolchain-wrapper requires GCC 4.4 + depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_4 + help + This option will remove all sources of non-reproducibility + from the build process. For a given Buildroot configuration, + this allows to generate exactly identical binaries from one + build to the other, including on different machines. + + The current implementation is restricted to builds with the + same output directory. Many (absolute) paths are recorded in + intermediary files, and it is very likely that some of these + paths leak into the target rootfs. If you build with the + same O=... path, however, the result is identical. + + This is labeled as an experimental feature, as not all + packages behave properly to ensure reproducibility. endmenu +comment "Security Hardening Options" + +choice + bool "Stack Smashing Protection" + default BR2_SSP_ALL if BR2_ENABLE_SSP # legacy + depends on BR2_TOOLCHAIN_HAS_SSP + help + Enable stack smashing protection support using GCC's + -fstack-protector option family. + + See + http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt + for details. + + Note that this requires the toolchain to have SSP support. + This is always the case for glibc and eglibc toolchain, but is + optional in uClibc toolchains. + +config BR2_SSP_NONE + bool "None" + help + Disable stack-smashing protection. + +config BR2_SSP_REGULAR + bool "-fstack-protector" + help + Emit extra code to check for buffer overflows, such as stack + smashing attacks. This is done by adding a guard variable to + functions with vulnerable objects. This includes functions + that call alloca, and functions with buffers larger than 8 + bytes. The guards are initialized when a function is entered + and then checked when the function exits. If a guard check + fails, an error message is printed and the program exits. + +config BR2_SSP_STRONG + bool "-fstack-protector-strong" + depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 + help + Like -fstack-protector but includes additional functions to be + protected - those that have local array definitions, or have + references to local frame addresses. + +comment "Stack Smashing Protection strong needs a toolchain w/ gcc >= 4.9" + depends on !BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 + +config BR2_SSP_ALL + bool "-fstack-protector-all" + help + Like -fstack-protector except that all functions are + protected. This option might have a significant performance + impact on the compiled binaries. + +endchoice + +comment "Stack Smashing Protection needs a toolchain w/ SSP" + depends on !BR2_TOOLCHAIN_HAS_SSP + +choice + bool "RELRO Protection" + depends on BR2_SHARED_LIBS + help + Enable a link-time protection know as RELRO (RELocation Read + Only) which helps to protect from certain type of exploitation + techniques altering the content of some ELF sections. + +config BR2_RELRO_NONE + bool "None" + help + Disables Relocation link-time protections. + +config BR2_RELRO_PARTIAL + bool "Partial" + help + This option makes the dynamic section not writeable after + initialization (with almost no performance penalty). + +config BR2_RELRO_FULL + bool "Full" + help + This option includes the partial configuration, but also marks + the GOT as read-only at the cost of initialization time during + program loading, i.e every time an executable is started. + +endchoice + +comment "RELocation Read Only (RELRO) needs shared libraries" + depends on !BR2_SHARED_LIBS + +choice + bool "Buffer-overflow Detection (FORTIFY_SOURCE)" + depends on BR2_TOOLCHAIN_USES_GLIBC + depends on !BR2_OPTIMIZE_0 + help + Enable the _FORTIFY_SOURCE macro which introduces additional + checks to detect buffer-overflows in the following standard + library functions: memcpy, mempcpy, memmove, memset, strcpy, + stpcpy, strncpy, strcat, strncat, sprintf, vsprintf, snprintf, + vsnprintf, gets. + + NOTE: This feature requires an optimization level of s/1/2/3/g + + Support for this feature has been present since GCC 4.x. + +config BR2_FORTIFY_SOURCE_NONE + bool "None" + help + Disables additional checks to detect buffer-overflows. + +config BR2_FORTIFY_SOURCE_1 + bool "Conservative" + help + This option sets _FORTIFY_SOURCE to 1 and only introduces + checks that shouldn't change the behavior of conforming + programs. Adds checks at compile-time only. + +config BR2_FORTIFY_SOURCE_2 + bool "Aggressive" + help + This option sets _FORTIFY_SOURCES to 2 and some more + checking is added, but some conforming programs might fail. + Also adds checks at run-time (detected buffer overflow + terminates the program) + +endchoice + +comment "Fortify Source needs a glibc toolchain and optimization" + depends on (!BR2_TOOLCHAIN_USES_GLIBC || BR2_OPTIMIZE_0) +endmenu + source "toolchain/Config.in" source "system/Config.in" @@ -528,9 +844,4 @@ source "package/Config.in.host" source "Config.in.legacy" -menu "User-provided options" - depends on BR2_EXTERNAL != "support/dummy-external" - -source "$BR2_EXTERNAL/Config.in" - -endmenu +source "$BR2_BUILD_DIR/.br2-external.in"