string
option env="HOSTARCH"
-config BR2_EXTERNAL
+config BR2_BUILD_DIR
string
- option env="BR2_EXTERNAL"
+ option env="BUILD_DIR"
# Hidden config symbols for packages to check system gcc version
config BR2_HOST_GCC_VERSION
string
option env="HOST_GCC_VERSION"
+config BR2_HOST_GCC_AT_LEAST_4_5
+ bool
+ default y if BR2_HOST_GCC_VERSION = "4 5"
+
config BR2_HOST_GCC_AT_LEAST_4_6
bool
default y if BR2_HOST_GCC_VERSION = "4 6"
+ select BR2_HOST_GCC_AT_LEAST_4_5
config BR2_HOST_GCC_AT_LEAST_4_7
bool
default y if BR2_HOST_GCC_VERSION = "6"
select BR2_HOST_GCC_AT_LEAST_5
+config BR2_HOST_GCC_AT_LEAST_7
+ bool
+ default y if BR2_HOST_GCC_VERSION = "7"
+ select BR2_HOST_GCC_AT_LEAST_6
+
+config BR2_HOST_GCC_AT_LEAST_8
+ bool
+ default y if BR2_HOST_GCC_VERSION = "8"
+ select BR2_HOST_GCC_AT_LEAST_7
+
# Hidden boolean selected by packages in need of Java in order to build
-# (example: xbmc)
+# (example: kodi)
config BR2_NEEDS_HOST_JAVA
bool
config BR2_HOSTARCH_NEEDS_IA32_COMPILER
bool
+# Hidden boolean selected by packages that need the host to have an
+# UTF8 locale.
+config BR2_NEEDS_HOST_UTF8_LOCALE
+ bool
+
source "arch/Config.in"
menu "Build options"
config BR2_SVN
string "Subversion (svn) command"
- default "svn"
+ default "svn --non-interactive"
config BR2_BZR
string "Bazaar (bzr) command"
Command to be used to extract a xz'ed file to stdout.
Default is "xzcat"
+config BR2_LZCAT
+ string "lzcat command"
+ default "lzip -d -c"
+ help
+ Command to be used to extract a lzip'ed file to stdout.
+ Default is "lzip -d -c"
+
config BR2_TAR_OPTIONS
string "Tar options"
default ""
help
Options to pass to tar when extracting the sources.
- E.g. " -v --exclude='*.svn*'" to exclude all .svn internal files
- and to be verbose.
+ E.g. " -v --exclude='*.svn*'" to exclude all .svn internal
+ files and to be verbose.
endmenu
If the Linux shell environment has defined the BR2_DL_DIR
environment variable, then this overrides this configuration
item.
+ The directory is organized with a subdirectory for each
+ package. Each package has its own $(LIBFOO_DL_DIR) variable
+ that can be used to find the correct path.
The default is $(TOPDIR)/dl
default "$(HOME)/.buildroot-ccache"
help
Where ccache should store cached files.
+ If the Linux shell environment has defined the BR2_CCACHE_DIR
+ environment variable, then this overrides this configuration
+ item.
config BR2_CCACHE_INITIAL_SETUP
string "Compiler cache initial setup"
endif
-config BR2_DEPRECATED
- bool "Show options and packages that are deprecated or obsolete"
- help
- This option shows outdated/obsolete versions of packages and
- options that are otherwise hidden.
-
-if BR2_DEPRECATED
-
-config BR2_DEPRECATED_SINCE_2015_05
- bool
- default y
-
-config BR2_DEPRECATED_SINCE_2015_08
- bool
- default y
-
-config BR2_DEPRECATED_SINCE_2015_11
- bool
- default y
-
-config BR2_DEPRECATED_SINCE_2016_02
- bool
- default y
-
-config BR2_DEPRECATED_SINCE_2016_05
- bool
- default y
-
-config BR2_DEPRECATED_SINCE_2016_08
- bool
- default y
-
-endif
-
config BR2_ENABLE_DEBUG
bool "build packages with debugging symbols"
help
endchoice
endif
-choice
- prompt "strip command for binaries on target"
- default BR2_STRIP_strip
-
config BR2_STRIP_strip
- bool "strip"
+ bool "strip target binaries"
+ default y
depends on !BR2_PACKAGE_HOST_ELF2FLT
help
Binaries and libraries in the target filesystem will be
on the target are needed for native debugging, but not when
remote debugging is used.
-config BR2_STRIP_none
- bool "none"
- help
- Do not strip binaries and libraries in the target filesystem.
-endchoice
-
config BR2_STRIP_EXCLUDE_FILES
string "executables that should not be stripped"
- depends on !BR2_STRIP_none
default ""
+ depends on BR2_STRIP_strip
help
You may specify a space-separated list of binaries and
libraries here that should not be stripped on the target.
config BR2_STRIP_EXCLUDE_DIRS
string "directories that should be skipped when stripping"
- depends on !BR2_STRIP_none
default ""
+ depends on BR2_STRIP_strip
help
You may specify a space-separated list of directories that
should be skipped when stripping. Binaries and libraries in
config BR2_OPTIMIZE_0
bool "optimization level 0"
help
- Do not optimize. This is the default.
+ Do not optimize.
config BR2_OPTIMIZE_1
bool "optimization level 1"
-falign-loops -falign-labels -freorder-blocks
-freorder-blocks-and-partition -fprefetch-loop-arrays
-ftree-vect-loop-version
+ This is the default.
+
+config BR2_OPTIMIZE_FAST
+ bool "optimize for fast"
+ depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_6
+ help
+ Optimize for fast. Disregard strict standards
+ compliance. -Ofast enables all -O3 optimizations. It also
+ enables optimizations that are not valid for all
+ standard-compliant programs. It turns on -ffast-math and the
+ Fortran-specific -fstack-arrays, unless -fmax-stack-var-size
+ is specified, and -fno-protect-parens.
endchoice
config BR2_GOOGLE_BREAKPAD_ENABLE
bool "Enable google-breakpad support"
- select BR2_PACKAGE_GOOGLE_BREAKPAD
depends on BR2_INSTALL_LIBSTDCPP
- depends on BR2_TOOLCHAIN_USES_GLIBC
+ depends on BR2_HOST_GCC_AT_LEAST_4_8 # C++11
+ depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # C++11
+ depends on BR2_USE_WCHAR
+ depends on BR2_TOOLCHAIN_HAS_THREADS
+ depends on (BR2_TOOLCHAIN_USES_GLIBC || BR2_TOOLCHAIN_USES_UCLIBC)
depends on BR2_PACKAGE_GOOGLE_BREAKPAD_ARCH_SUPPORTS
+ depends on BR2_PACKAGE_HOST_GOOGLE_BREAKPAD_ARCH_SUPPORTS
+ select BR2_PACKAGE_GOOGLE_BREAKPAD
help
This option will enable the use of google breakpad, a library
and tool suite that allows you to distribute an application to
endif
-choice
- bool "build code with Stack Smashing Protection"
- default BR2_SSP_ALL if BR2_ENABLE_SSP # legacy
- depends on BR2_TOOLCHAIN_HAS_SSP
- help
- Enable stack smashing protection support using GCC's
- -fstack-protector option family.
-
- See
- http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
- for details.
-
- Note that this requires the toolchain to have SSP support.
- This is always the case for glibc and eglibc toolchain, but is
- optional in uClibc toolchains.
-
-config BR2_SSP_NONE
- bool "None"
- help
- Disable stack-smashing protection.
-
-config BR2_SSP_REGULAR
- bool "-fstack-protector"
- help
- Emit extra code to check for buffer overflows, such as stack
- smashing attacks. This is done by adding a guard variable to
- functions with vulnerable objects. This includes functions
- that call alloca, and functions with buffers larger than 8
- bytes. The guards are initialized when a function is entered
- and then checked when the function exits. If a guard check
- fails, an error message is printed and the program exits.
-
-config BR2_SSP_STRONG
- bool "-fstack-protector-strong"
- depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9
- help
- Like -fstack-protector but includes additional functions to be
- protected - those that have local array definitions, or have
- references to local frame addresses.
-
-comment "Stack Smashing Protection strong needs a toolchain w/ gcc >= 4.9"
- depends on !BR2_TOOLCHAIN_GCC_AT_LEAST_4_9
-
-config BR2_SSP_ALL
- bool "-fstack-protector-all"
- help
- Like -fstack-protector except that all functions are
- protected. This option might have a significant performance
- impact on the compiled binaries.
-
-endchoice
-
-comment "Stack Smashing Protection needs a toolchain w/ SSP"
- depends on !BR2_TOOLCHAIN_HAS_SSP
-
choice
bool "libraries"
default BR2_SHARED_LIBS if BR2_BINFMT_SUPPORTS_SHARED
bool "static only"
help
Build and use only static libraries. No shared libraries will
- be instaled on the target. This potentially increases your
+ be installed on the target. This potentially increases your
code size and should only be used if you know what you are
doing. Note that some packages may not be available when this
option is enabled, due to their need for dynamic library
endchoice
-
config BR2_PACKAGE_OVERRIDE_FILE
string "location of a package override file"
default "$(CONFIG_DIR)/local.mk"
Note that this mechanism is available for both the internal
toolchain (through the toolchain wrapper and binutils patches)
- and external toolchain backends (through the toolchain wrapper).
-
-endmenu
+ and external toolchain backends (through the toolchain
+ wrapper).
config BR2_REPRODUCIBLE
bool "Make the build reproducible (experimental)"
+ # SOURCE_DATE_EPOCH support in toolchain-wrapper requires GCC 4.4
+ depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_4
help
This option will remove all sources of non-reproducibility
from the build process. For a given Buildroot configuration,
this allows to generate exactly identical binaries from one
build to the other, including on different machines.
+ The current implementation is restricted to builds with the
+ same output directory. Many (absolute) paths are recorded in
+ intermediary files, and it is very likely that some of these
+ paths leak into the target rootfs. If you build with the
+ same O=... path, however, the result is identical.
+
This is labeled as an experimental feature, as not all
packages behave properly to ensure reproducibility.
endmenu
+comment "Security Hardening Options"
+
+choice
+ bool "Stack Smashing Protection"
+ default BR2_SSP_ALL if BR2_ENABLE_SSP # legacy
+ depends on BR2_TOOLCHAIN_HAS_SSP
+ help
+ Enable stack smashing protection support using GCC's
+ -fstack-protector option family.
+
+ See
+ http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
+ for details.
+
+ Note that this requires the toolchain to have SSP support.
+ This is always the case for glibc and eglibc toolchain, but is
+ optional in uClibc toolchains.
+
+config BR2_SSP_NONE
+ bool "None"
+ help
+ Disable stack-smashing protection.
+
+config BR2_SSP_REGULAR
+ bool "-fstack-protector"
+ help
+ Emit extra code to check for buffer overflows, such as stack
+ smashing attacks. This is done by adding a guard variable to
+ functions with vulnerable objects. This includes functions
+ that call alloca, and functions with buffers larger than 8
+ bytes. The guards are initialized when a function is entered
+ and then checked when the function exits. If a guard check
+ fails, an error message is printed and the program exits.
+
+config BR2_SSP_STRONG
+ bool "-fstack-protector-strong"
+ depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9
+ help
+ Like -fstack-protector but includes additional functions to be
+ protected - those that have local array definitions, or have
+ references to local frame addresses.
+
+comment "Stack Smashing Protection strong needs a toolchain w/ gcc >= 4.9"
+ depends on !BR2_TOOLCHAIN_GCC_AT_LEAST_4_9
+
+config BR2_SSP_ALL
+ bool "-fstack-protector-all"
+ help
+ Like -fstack-protector except that all functions are
+ protected. This option might have a significant performance
+ impact on the compiled binaries.
+
+endchoice
+
+comment "Stack Smashing Protection needs a toolchain w/ SSP"
+ depends on !BR2_TOOLCHAIN_HAS_SSP
+
+choice
+ bool "RELRO Protection"
+ depends on BR2_SHARED_LIBS
+ help
+ Enable a link-time protection know as RELRO (RELocation Read
+ Only) which helps to protect from certain type of exploitation
+ techniques altering the content of some ELF sections.
+
+config BR2_RELRO_NONE
+ bool "None"
+ help
+ Disables Relocation link-time protections.
+
+config BR2_RELRO_PARTIAL
+ bool "Partial"
+ help
+ This option makes the dynamic section not writeable after
+ initialization (with almost no performance penalty).
+
+config BR2_RELRO_FULL
+ bool "Full"
+ help
+ This option includes the partial configuration, but also marks
+ the GOT as read-only at the cost of initialization time during
+ program loading, i.e every time an executable is started.
+
+endchoice
+
+comment "RELocation Read Only (RELRO) needs shared libraries"
+ depends on !BR2_SHARED_LIBS
+
+choice
+ bool "Buffer-overflow Detection (FORTIFY_SOURCE)"
+ depends on BR2_TOOLCHAIN_USES_GLIBC
+ depends on !BR2_OPTIMIZE_0
+ help
+ Enable the _FORTIFY_SOURCE macro which introduces additional
+ checks to detect buffer-overflows in the following standard
+ library functions: memcpy, mempcpy, memmove, memset, strcpy,
+ stpcpy, strncpy, strcat, strncat, sprintf, vsprintf, snprintf,
+ vsnprintf, gets.
+
+ NOTE: This feature requires an optimization level of s/1/2/3/g
+
+ Support for this feature has been present since GCC 4.x.
+
+config BR2_FORTIFY_SOURCE_NONE
+ bool "None"
+ help
+ Disables additional checks to detect buffer-overflows.
+
+config BR2_FORTIFY_SOURCE_1
+ bool "Conservative"
+ help
+ This option sets _FORTIFY_SOURCE to 1 and only introduces
+ checks that shouldn't change the behavior of conforming
+ programs. Adds checks at compile-time only.
+
+config BR2_FORTIFY_SOURCE_2
+ bool "Aggressive"
+ help
+ This option sets _FORTIFY_SOURCES to 2 and some more
+ checking is added, but some conforming programs might fail.
+ Also adds checks at run-time (detected buffer overflow
+ terminates the program)
+
+endchoice
+
+comment "Fortify Source needs a glibc toolchain and optimization"
+ depends on (!BR2_TOOLCHAIN_USES_GLIBC || BR2_OPTIMIZE_0)
+endmenu
+
source "toolchain/Config.in"
source "system/Config.in"
source "Config.in.legacy"
-menu "User-provided options"
- depends on BR2_EXTERNAL != "support/dummy-external"
-
-source "$BR2_EXTERNAL/Config.in"
-
-endmenu
+source "$BR2_BUILD_DIR/.br2-external.in"