mirror of
https://git.busybox.net/buildroot.git
synced 2024-11-27 15:33:28 +08:00
b8ec113eb1
Currently, we repeat all the SSP level selection deep down to the toolchain wrapper itself, where we eventually translate it to the actual SSP option to use. This is a bit redundant. Additionally, we will want to check that the toolchain actually supports that option (for those toolchain where it was backported). So, move the translation into kconfig, and add the qstrip'ed value to the additional flags passed to the wrapper. Add it before user-supplied opitons, to keep the previous behaviour (and allow anyone crazy-enough to override it with BR2_TARGET_OPTIMIZATION). Signed-off-by: "Yann E. MORIN" <yann.morin@orange.com> Cc: Matt Weber <matthew.weber@rockwellcollins.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
869 lines
27 KiB
Plaintext
869 lines
27 KiB
Plaintext
#
|
|
|
|
mainmenu "Buildroot $BR2_VERSION Configuration"
|
|
|
|
config BR2_HAVE_DOT_CONFIG
|
|
bool
|
|
default y
|
|
|
|
config BR2_VERSION
|
|
string
|
|
option env="BR2_VERSION_FULL"
|
|
|
|
config BR2_HOSTARCH
|
|
string
|
|
option env="HOSTARCH"
|
|
|
|
config BR2_BUILD_DIR
|
|
string
|
|
option env="BUILD_DIR"
|
|
|
|
# Hidden config symbols for packages to check system gcc version
|
|
config BR2_HOST_GCC_VERSION
|
|
string
|
|
option env="HOST_GCC_VERSION"
|
|
|
|
config BR2_HOST_GCC_AT_LEAST_4_5
|
|
bool
|
|
default y if BR2_HOST_GCC_VERSION = "4 5"
|
|
|
|
config BR2_HOST_GCC_AT_LEAST_4_6
|
|
bool
|
|
default y if BR2_HOST_GCC_VERSION = "4 6"
|
|
select BR2_HOST_GCC_AT_LEAST_4_5
|
|
|
|
config BR2_HOST_GCC_AT_LEAST_4_7
|
|
bool
|
|
default y if BR2_HOST_GCC_VERSION = "4 7"
|
|
select BR2_HOST_GCC_AT_LEAST_4_6
|
|
|
|
config BR2_HOST_GCC_AT_LEAST_4_8
|
|
bool
|
|
default y if BR2_HOST_GCC_VERSION = "4 8"
|
|
select BR2_HOST_GCC_AT_LEAST_4_7
|
|
|
|
config BR2_HOST_GCC_AT_LEAST_4_9
|
|
bool
|
|
default y if BR2_HOST_GCC_VERSION = "4 9"
|
|
select BR2_HOST_GCC_AT_LEAST_4_8
|
|
|
|
config BR2_HOST_GCC_AT_LEAST_5
|
|
bool
|
|
default y if BR2_HOST_GCC_VERSION = "5"
|
|
select BR2_HOST_GCC_AT_LEAST_4_9
|
|
|
|
config BR2_HOST_GCC_AT_LEAST_6
|
|
bool
|
|
default y if BR2_HOST_GCC_VERSION = "6"
|
|
select BR2_HOST_GCC_AT_LEAST_5
|
|
|
|
config BR2_HOST_GCC_AT_LEAST_7
|
|
bool
|
|
default y if BR2_HOST_GCC_VERSION = "7"
|
|
select BR2_HOST_GCC_AT_LEAST_6
|
|
|
|
config BR2_HOST_GCC_AT_LEAST_8
|
|
bool
|
|
default y if BR2_HOST_GCC_VERSION = "8"
|
|
select BR2_HOST_GCC_AT_LEAST_7
|
|
|
|
# When adding new entries above, be sure to update
|
|
# the HOSTCC_MAX_VERSION variable in the Makefile.
|
|
|
|
# Hidden boolean selected by packages in need of Java in order to build
|
|
# (example: kodi)
|
|
config BR2_NEEDS_HOST_JAVA
|
|
bool
|
|
|
|
# Hidden boolean selected by packages in need of javac in order to build
|
|
# (example: classpath)
|
|
config BR2_NEEDS_HOST_JAVAC
|
|
bool
|
|
|
|
# Hidden boolean selected by packages in need of jar in order to build
|
|
# (example: classpath)
|
|
config BR2_NEEDS_HOST_JAR
|
|
bool
|
|
|
|
# Hidden boolean selected by pre-built packages for x86, when they
|
|
# need to run on x86-64 machines (example: pre-built external
|
|
# toolchains, binary tools like SAM-BA, etc.).
|
|
config BR2_HOSTARCH_NEEDS_IA32_LIBS
|
|
bool
|
|
|
|
# Hidden boolean selected by packages that need to build 32 bits
|
|
# binaries with the host compiler, even on 64 bits build machines (e.g
|
|
# bootloaders).
|
|
config BR2_HOSTARCH_NEEDS_IA32_COMPILER
|
|
bool
|
|
|
|
# Hidden boolean selected by packages that need the host to have an
|
|
# UTF8 locale.
|
|
config BR2_NEEDS_HOST_UTF8_LOCALE
|
|
bool
|
|
|
|
source "arch/Config.in"
|
|
|
|
menu "Build options"
|
|
|
|
menu "Commands"
|
|
|
|
config BR2_WGET
|
|
string "Wget command"
|
|
default "wget --passive-ftp -nd -t 3"
|
|
|
|
config BR2_SVN
|
|
string "Subversion (svn) command"
|
|
default "svn --non-interactive"
|
|
|
|
config BR2_BZR
|
|
string "Bazaar (bzr) command"
|
|
default "bzr"
|
|
|
|
config BR2_GIT
|
|
string "Git command"
|
|
default "git"
|
|
|
|
config BR2_CVS
|
|
string "CVS command"
|
|
default "cvs"
|
|
|
|
config BR2_LOCALFILES
|
|
string "Local files retrieval command"
|
|
default "cp"
|
|
|
|
config BR2_SCP
|
|
string "Secure copy (scp) command"
|
|
default "scp"
|
|
|
|
config BR2_HG
|
|
string "Mercurial (hg) command"
|
|
default "hg"
|
|
|
|
config BR2_ZCAT
|
|
string "zcat command"
|
|
default "gzip -d -c"
|
|
help
|
|
Command to be used to extract a gzip'ed file to stdout. zcat
|
|
is identical to gunzip -c except that the former may not be
|
|
available on your system.
|
|
Default is "gzip -d -c"
|
|
Other possible values include "gunzip -c" or "zcat".
|
|
|
|
config BR2_BZCAT
|
|
string "bzcat command"
|
|
default "bzcat"
|
|
help
|
|
Command to be used to extract a bzip2'ed file to stdout.
|
|
bzcat is identical to bunzip2 -c except that the former may
|
|
not be available on your system.
|
|
Default is "bzcat"
|
|
Other possible values include "bunzip2 -c" or "bzip2 -d -c".
|
|
|
|
config BR2_XZCAT
|
|
string "xzcat command"
|
|
default "xzcat"
|
|
help
|
|
Command to be used to extract a xz'ed file to stdout.
|
|
Default is "xzcat"
|
|
|
|
config BR2_LZCAT
|
|
string "lzcat command"
|
|
default "lzip -d -c"
|
|
help
|
|
Command to be used to extract a lzip'ed file to stdout.
|
|
Default is "lzip -d -c"
|
|
|
|
config BR2_TAR_OPTIONS
|
|
string "Tar options"
|
|
default ""
|
|
help
|
|
Options to pass to tar when extracting the sources.
|
|
E.g. " -v --exclude='*.svn*'" to exclude all .svn internal
|
|
files and to be verbose.
|
|
|
|
endmenu
|
|
|
|
config BR2_DEFCONFIG_FROM_ENV
|
|
string
|
|
option env="BR2_DEFCONFIG"
|
|
|
|
config BR2_DEFCONFIG
|
|
string "Location to save buildroot config"
|
|
default BR2_DEFCONFIG_FROM_ENV if BR2_DEFCONFIG_FROM_ENV != ""
|
|
default "$(CONFIG_DIR)/defconfig"
|
|
help
|
|
When running 'make savedefconfig', the defconfig file will be
|
|
saved in this location.
|
|
|
|
config BR2_DL_DIR
|
|
string "Download dir"
|
|
default "$(TOPDIR)/dl"
|
|
help
|
|
Directory to store all the source files that we need to fetch.
|
|
If the Linux shell environment has defined the BR2_DL_DIR
|
|
environment variable, then this overrides this configuration
|
|
item.
|
|
The directory is organized with a subdirectory for each
|
|
package. Each package has its own $(LIBFOO_DL_DIR) variable
|
|
that can be used to find the correct path.
|
|
|
|
The default is $(TOPDIR)/dl
|
|
|
|
config BR2_HOST_DIR
|
|
string "Host dir"
|
|
default "$(BASE_DIR)/host"
|
|
help
|
|
Directory to store all the binary files that are built for the
|
|
host. This includes the cross compilation toolchain when
|
|
building the internal buildroot toolchain.
|
|
|
|
The default is $(BASE_DIR)/host
|
|
|
|
menu "Mirrors and Download locations"
|
|
|
|
config BR2_PRIMARY_SITE
|
|
string "Primary download site"
|
|
default ""
|
|
help
|
|
Primary site to download from. If this option is set then
|
|
buildroot will try to download package source first from this
|
|
site and try the default if the file is not found.
|
|
Valid URIs are:
|
|
- URIs recognized by $(WGET)
|
|
- local URIs of the form file://absolutepath
|
|
- scp URIs of the form scp://[user@]host:path.
|
|
|
|
config BR2_PRIMARY_SITE_ONLY
|
|
bool "Only allow downloads from primary download site"
|
|
depends on BR2_PRIMARY_SITE != ""
|
|
help
|
|
If this option is enabled, downloads will only be attempted
|
|
from the primary download site. Other locations, like the
|
|
package's official download location or the backup download
|
|
site, will not be considered. Therefore, if the package is not
|
|
present on the primary site, the download fails.
|
|
|
|
This is useful for project developers who want to ensure that
|
|
the project can be built even if the upstream tarball
|
|
locations disappear.
|
|
|
|
if !BR2_PRIMARY_SITE_ONLY
|
|
|
|
config BR2_BACKUP_SITE
|
|
string "Backup download site"
|
|
default "http://sources.buildroot.net"
|
|
help
|
|
Backup site to download from. If this option is set then
|
|
buildroot will fall back to download package sources from here
|
|
if the normal location fails.
|
|
|
|
config BR2_KERNEL_MIRROR
|
|
string "Kernel.org mirror"
|
|
default "https://cdn.kernel.org/pub"
|
|
help
|
|
kernel.org is mirrored on a number of servers around the
|
|
world. The following allows you to select your preferred
|
|
mirror. By default, a CDN is used, which automatically
|
|
redirects to a mirror geographically close to you.
|
|
|
|
Have a look on the kernel.org site for a list of mirrors, then
|
|
enter the URL to the base directory. Examples:
|
|
|
|
http://www.XX.kernel.org/pub (XX = country code)
|
|
http://mirror.aarnet.edu.au/pub/ftp.kernel.org
|
|
|
|
config BR2_GNU_MIRROR
|
|
string "GNU Software mirror"
|
|
default "http://ftpmirror.gnu.org"
|
|
help
|
|
GNU has multiple software mirrors scattered around the
|
|
world. The following allows you to select your preferred
|
|
mirror. By default, a generic address is used, which
|
|
automatically selects an up-to-date and local mirror.
|
|
|
|
Have a look on the gnu.org site for a list of mirrors, then
|
|
enter the URL to the base directory. Examples:
|
|
|
|
http://ftp.gnu.org/pub/gnu
|
|
http://mirror.aarnet.edu.au/pub/gnu
|
|
|
|
config BR2_LUAROCKS_MIRROR
|
|
string "LuaRocks mirror"
|
|
default "http://rocks.moonscript.org"
|
|
help
|
|
LuaRocks repository.
|
|
|
|
See http://luarocks.org
|
|
|
|
config BR2_CPAN_MIRROR
|
|
string "CPAN mirror (Perl packages)"
|
|
default "http://cpan.metacpan.org"
|
|
help
|
|
CPAN (Comprehensive Perl Archive Network) is a repository of
|
|
Perl packages. It has multiple software mirrors scattered
|
|
around the world. This option allows you to select a mirror.
|
|
|
|
The list of mirrors is available at:
|
|
http://search.cpan.org/mirror
|
|
|
|
endif
|
|
|
|
endmenu
|
|
|
|
config BR2_JLEVEL
|
|
int "Number of jobs to run simultaneously (0 for auto)"
|
|
default "0"
|
|
help
|
|
Number of jobs to run simultaneously. If 0, determine
|
|
automatically according to number of CPUs on the host system.
|
|
|
|
config BR2_CCACHE
|
|
bool "Enable compiler cache"
|
|
help
|
|
This option will enable the use of ccache, a compiler cache.
|
|
It will cache the result of previous builds to speed up future
|
|
builds. By default, the cache is stored in
|
|
$HOME/.buildroot-ccache.
|
|
|
|
Note that Buildroot does not try to invalidate the cache
|
|
contents when the compiler changes in an incompatible way.
|
|
Therefore, if you make a change to the compiler version and/or
|
|
configuration, you are responsible for purging the ccache
|
|
cache by removing the $HOME/.buildroot-ccache directory.
|
|
|
|
if BR2_CCACHE
|
|
|
|
config BR2_CCACHE_DIR
|
|
string "Compiler cache location"
|
|
default "$(HOME)/.buildroot-ccache"
|
|
help
|
|
Where ccache should store cached files.
|
|
If the Linux shell environment has defined the BR2_CCACHE_DIR
|
|
environment variable, then this overrides this configuration
|
|
item.
|
|
|
|
config BR2_CCACHE_INITIAL_SETUP
|
|
string "Compiler cache initial setup"
|
|
help
|
|
Initial ccache settings to apply, such as --max-files or
|
|
--max-size.
|
|
|
|
For example, if your project is known to require more space
|
|
than the default max cache size, then you might want to
|
|
increase the cache size to a suitable amount using the -M
|
|
(--max-size) option.
|
|
|
|
The string you specify here is passed verbatim to ccache.
|
|
Refer to ccache documentation for more details.
|
|
|
|
These initial settings are applied after ccache has been
|
|
compiled.
|
|
|
|
config BR2_CCACHE_USE_BASEDIR
|
|
bool "Use relative paths"
|
|
default y
|
|
help
|
|
Allow ccache to convert absolute paths within the output
|
|
directory into relative paths.
|
|
|
|
During the build, many -I include directives are given with an
|
|
absolute path. These absolute paths end up in the hashes that
|
|
are computed by ccache. Therefore, when you build from a
|
|
different directory, the hash will be different and the cached
|
|
object will not be used.
|
|
|
|
To improve cache performance, set this option to y. This
|
|
allows ccache to rewrite absolute paths within the output
|
|
directory into relative paths. Note that only paths within the
|
|
output directory will be rewritten; therefore, if you change
|
|
BR2_HOST_DIR to point outside the output directory and
|
|
subsequently move it to a different location, this will lead
|
|
to cache misses.
|
|
|
|
This option has as a result that the debug information in the
|
|
object files also has only relative paths. Therefore, make
|
|
sure you cd to the build directory before starting gdb. See
|
|
the section "COMPILING IN DIFFERENT DIRECTORIES" in the ccache
|
|
manual for more information.
|
|
|
|
endif
|
|
|
|
config BR2_ENABLE_DEBUG
|
|
bool "build packages with debugging symbols"
|
|
help
|
|
Build packages with debugging symbols enabled. All libraries
|
|
and binaries in the 'staging' directory will have debugging
|
|
symbols, which allows remote debugging even if libraries and
|
|
binaries are stripped on the target. Whether libraries and
|
|
binaries are stripped on the target is controlled by the
|
|
BR2_STRIP_* options below.
|
|
|
|
if BR2_ENABLE_DEBUG
|
|
choice
|
|
prompt "gcc debug level"
|
|
default BR2_DEBUG_2
|
|
help
|
|
Set the debug level for gcc
|
|
|
|
config BR2_DEBUG_1
|
|
bool "debug level 1"
|
|
help
|
|
Debug level 1 produces minimal information, enough for making
|
|
backtraces in parts of the program that you don't plan to
|
|
debug. This includes descriptions of functions and external
|
|
variables, but no information about local variables and no
|
|
line numbers.
|
|
|
|
config BR2_DEBUG_2
|
|
bool "debug level 2"
|
|
help
|
|
The default gcc debug level is 2
|
|
|
|
config BR2_DEBUG_3
|
|
bool "debug level 3"
|
|
help
|
|
Level 3 includes extra information, such as all the macro
|
|
definitions present in the program. Some debuggers support
|
|
macro expansion when you use -g3.
|
|
endchoice
|
|
endif
|
|
|
|
config BR2_STRIP_strip
|
|
bool "strip target binaries"
|
|
default y
|
|
depends on !BR2_PACKAGE_HOST_ELF2FLT
|
|
help
|
|
Binaries and libraries in the target filesystem will be
|
|
stripped using the normal 'strip' command. This allows to save
|
|
space, mainly by removing debugging symbols. Debugging symbols
|
|
on the target are needed for native debugging, but not when
|
|
remote debugging is used.
|
|
|
|
config BR2_STRIP_EXCLUDE_FILES
|
|
string "executables that should not be stripped"
|
|
default ""
|
|
depends on BR2_STRIP_strip
|
|
help
|
|
You may specify a space-separated list of binaries and
|
|
libraries here that should not be stripped on the target.
|
|
|
|
config BR2_STRIP_EXCLUDE_DIRS
|
|
string "directories that should be skipped when stripping"
|
|
default ""
|
|
depends on BR2_STRIP_strip
|
|
help
|
|
You may specify a space-separated list of directories that
|
|
should be skipped when stripping. Binaries and libraries in
|
|
these directories will not be touched. The directories should
|
|
be specified relative to the target directory, without leading
|
|
slash.
|
|
|
|
choice
|
|
prompt "gcc optimization level"
|
|
default BR2_OPTIMIZE_S
|
|
help
|
|
Set the optimization level for gcc
|
|
|
|
config BR2_OPTIMIZE_0
|
|
bool "optimization level 0"
|
|
help
|
|
Do not optimize.
|
|
|
|
config BR2_OPTIMIZE_1
|
|
bool "optimization level 1"
|
|
help
|
|
Optimize. Optimizing compilation takes somewhat more time, and
|
|
a lot more memory for a large function. With -O, the compiler
|
|
tries to reduce code size and execution time, without
|
|
performing any optimizations that take a great deal of
|
|
compilation time. -O turns on the following optimization
|
|
flags: -fdefer-pop -fdelayed-branch -fguess-branch-probability
|
|
-fcprop-registers -floop-optimize -fif-conversion
|
|
-fif-conversion2 -ftree-ccp -ftree-dce -ftree-dominator-opts
|
|
-ftree-dse -ftree-ter -ftree-lrs -ftree-sra -ftree-copyrename
|
|
-ftree-fre -ftree-ch -funit-at-a-time -fmerge-constants. -O
|
|
also turns on -fomit-frame-pointer on machines where doing so
|
|
does not interfere with debugging.
|
|
|
|
config BR2_OPTIMIZE_2
|
|
bool "optimization level 2"
|
|
help
|
|
Optimize even more. GCC performs nearly all supported
|
|
optimizations that do not involve a space-speed tradeoff. The
|
|
compiler does not perform loop unrolling or function inlining
|
|
when you specify -O2. As compared to -O, this option increases
|
|
both compilation time and the performance of the generated
|
|
code. -O2 turns on all optimization flags specified by -O. It
|
|
also turns on the following optimization flags:
|
|
-fthread-jumps -fcrossjumping -foptimize-sibling-calls
|
|
-fcse-follow-jumps -fcse-skip-blocks -fgcse -fgcse-lm
|
|
-fexpensive-optimizations -fstrength-reduce
|
|
-frerun-cse-after-loop -frerun-loop-opt -fcaller-saves
|
|
-fpeephole2 -fschedule-insns -fschedule-insns2
|
|
-fsched-interblock -fsched-spec -fregmove -fstrict-aliasing
|
|
-fdelete-null-pointer-checks -freorder-blocks
|
|
-freorder-functions -falign-functions -falign-jumps
|
|
-falign-loops -falign-labels -ftree-vrp -ftree-pre. Please
|
|
note the warning under -fgcse about invoking -O2 on programs
|
|
that use computed gotos.
|
|
|
|
config BR2_OPTIMIZE_3
|
|
bool "optimization level 3"
|
|
help
|
|
Optimize yet more. -O3 turns on all optimizations specified by
|
|
-O2 and also turns on the -finline-functions, -funswitch-loops
|
|
and -fgcse-after-reload options.
|
|
|
|
config BR2_OPTIMIZE_G
|
|
bool "optimize for debugging"
|
|
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8
|
|
help
|
|
Optimize for debugging. This enables optimizations that do not
|
|
interfere with debugging. It should be the optimization level
|
|
of choice for the standard edit-compile-debug cycle, offering
|
|
a reasonable level of optimization while maintaining fast
|
|
compilation and a good debugging experience.
|
|
|
|
config BR2_OPTIMIZE_S
|
|
bool "optimize for size"
|
|
help
|
|
Optimize for size. -Os enables all -O2 optimizations that do
|
|
not typically increase code size. It also performs further
|
|
optimizations designed to reduce code size. -Os disables the
|
|
following optimization flags: -falign-functions -falign-jumps
|
|
-falign-loops -falign-labels -freorder-blocks
|
|
-freorder-blocks-and-partition -fprefetch-loop-arrays
|
|
-ftree-vect-loop-version
|
|
This is the default.
|
|
|
|
config BR2_OPTIMIZE_FAST
|
|
bool "optimize for fast"
|
|
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_6
|
|
help
|
|
Optimize for fast. Disregard strict standards
|
|
compliance. -Ofast enables all -O3 optimizations. It also
|
|
enables optimizations that are not valid for all
|
|
standard-compliant programs. It turns on -ffast-math and the
|
|
Fortran-specific -fstack-arrays, unless -fmax-stack-var-size
|
|
is specified, and -fno-protect-parens.
|
|
|
|
endchoice
|
|
|
|
config BR2_GOOGLE_BREAKPAD_ENABLE
|
|
bool "Enable google-breakpad support"
|
|
depends on BR2_INSTALL_LIBSTDCPP
|
|
depends on BR2_HOST_GCC_AT_LEAST_4_8 # C++11
|
|
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # C++11
|
|
depends on BR2_USE_WCHAR
|
|
depends on BR2_TOOLCHAIN_HAS_THREADS
|
|
depends on (BR2_TOOLCHAIN_USES_GLIBC || BR2_TOOLCHAIN_USES_UCLIBC)
|
|
depends on BR2_PACKAGE_GOOGLE_BREAKPAD_ARCH_SUPPORTS
|
|
depends on BR2_PACKAGE_HOST_GOOGLE_BREAKPAD_ARCH_SUPPORTS
|
|
select BR2_PACKAGE_GOOGLE_BREAKPAD
|
|
help
|
|
This option will enable the use of google breakpad, a library
|
|
and tool suite that allows you to distribute an application to
|
|
users with compiler-provided debugging information removed,
|
|
record crashes in compact "minidump" files, send them back to
|
|
your server and produce C and C++ stack traces from these
|
|
minidumps. Breakpad can also write minidumps on request for
|
|
programs that have not crashed.
|
|
|
|
if BR2_GOOGLE_BREAKPAD_ENABLE
|
|
|
|
config BR2_GOOGLE_BREAKPAD_INCLUDE_FILES
|
|
string "List of executables and libraries to extract symbols from"
|
|
default ""
|
|
help
|
|
You may specify a space-separated list of binaries and
|
|
libraries with full paths relative to $(TARGET_DIR) of which
|
|
debug symbols will be dumped for further use with google
|
|
breakpad.
|
|
|
|
A directory structure that can be used by minidump-stackwalk
|
|
will be created at:
|
|
|
|
$(STAGING_DIR)/usr/share/google-breakpad-symbols
|
|
|
|
endif
|
|
|
|
choice
|
|
bool "libraries"
|
|
default BR2_SHARED_LIBS if BR2_BINFMT_SUPPORTS_SHARED
|
|
default BR2_STATIC_LIBS if !BR2_BINFMT_SUPPORTS_SHARED
|
|
help
|
|
Select the type of libraries you want to use on the target.
|
|
|
|
The default is to build dynamic libraries and use those on the
|
|
target filesystem, except when the architecture and/or the
|
|
selected binary format does not support shared libraries.
|
|
|
|
config BR2_STATIC_LIBS
|
|
bool "static only"
|
|
help
|
|
Build and use only static libraries. No shared libraries will
|
|
be installed on the target. This potentially increases your
|
|
code size and should only be used if you know what you are
|
|
doing. Note that some packages may not be available when this
|
|
option is enabled, due to their need for dynamic library
|
|
support.
|
|
|
|
config BR2_SHARED_LIBS
|
|
bool "shared only"
|
|
depends on BR2_BINFMT_SUPPORTS_SHARED
|
|
help
|
|
Build and use only shared libraries. This is the recommended
|
|
solution as it saves space and build time.
|
|
|
|
config BR2_SHARED_STATIC_LIBS
|
|
bool "both static and shared"
|
|
depends on BR2_BINFMT_SUPPORTS_SHARED
|
|
help
|
|
Build both shared and static libraries, but link executables
|
|
dynamically. While building both shared and static libraries
|
|
take more time and more disk space, having static libraries
|
|
may be useful to link some of the applications statically.
|
|
|
|
endchoice
|
|
|
|
config BR2_PACKAGE_OVERRIDE_FILE
|
|
string "location of a package override file"
|
|
default "$(CONFIG_DIR)/local.mk"
|
|
help
|
|
A package override file is a short makefile that contains
|
|
variable definitions of the form <pkg>_OVERRIDE_SRCDIR, which
|
|
allows to tell Buildroot to use an existing directory as the
|
|
source directory for a particular package. See the Buildroot
|
|
documentation for more details on this feature.
|
|
|
|
config BR2_GLOBAL_PATCH_DIR
|
|
string "global patch directories"
|
|
help
|
|
You may specify a space separated list of one or more
|
|
directories containing global package patches. For a specific
|
|
version <packageversion> of a specific package <packagename>,
|
|
patches are applied as follows:
|
|
|
|
First, the default Buildroot patch set for the package is
|
|
applied from the package's directory in Buildroot.
|
|
|
|
Then for every directory - <global-patch-dir> - that exists in
|
|
BR2_GLOBAL_PATCH_DIR, if the directory
|
|
<global-patch-dir>/<packagename>/<packageversion>/ exists,
|
|
then all *.patch files in this directory will be applied.
|
|
|
|
Otherwise, if the directory <global-patch-dir>/<packagename>
|
|
exists, then all *.patch files in the directory will be
|
|
applied.
|
|
|
|
menu "Advanced"
|
|
|
|
config BR2_COMPILER_PARANOID_UNSAFE_PATH
|
|
bool "paranoid check of library/header paths"
|
|
default y
|
|
help
|
|
By default, when this option is disabled, when the Buildroot
|
|
cross-compiler will encounter an unsafe library or header path
|
|
(such as /usr/include, or /usr/lib), the compiler will display
|
|
a warning.
|
|
|
|
By enabling this option, this warning is turned into an error,
|
|
which will completely abort the build when such unsafe paths
|
|
are encountered.
|
|
|
|
Note that this mechanism is available for both the internal
|
|
toolchain (through the toolchain wrapper and binutils patches)
|
|
and external toolchain backends (through the toolchain
|
|
wrapper).
|
|
|
|
config BR2_FORCE_HOST_BUILD
|
|
bool "Force the building of host dependencies"
|
|
help
|
|
Build all available host dependencies, even if they are
|
|
already installed on the system.
|
|
|
|
This option can be used to ensure that the download cache of
|
|
source archives for packages remain consistent between
|
|
different build hosts.
|
|
|
|
This option will increase build time.
|
|
|
|
config BR2_REPRODUCIBLE
|
|
bool "Make the build reproducible (experimental)"
|
|
# SOURCE_DATE_EPOCH support in toolchain-wrapper requires GCC 4.4
|
|
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_4
|
|
help
|
|
This option will remove all sources of non-reproducibility
|
|
from the build process. For a given Buildroot configuration,
|
|
this allows to generate exactly identical binaries from one
|
|
build to the other, including on different machines.
|
|
|
|
The current implementation is restricted to builds with the
|
|
same output directory. Many (absolute) paths are recorded in
|
|
intermediary files, and it is very likely that some of these
|
|
paths leak into the target rootfs. If you build with the
|
|
same O=... path, however, the result is identical.
|
|
|
|
This is labeled as an experimental feature, as not all
|
|
packages behave properly to ensure reproducibility.
|
|
|
|
endmenu
|
|
|
|
comment "Security Hardening Options"
|
|
|
|
choice
|
|
bool "Stack Smashing Protection"
|
|
default BR2_SSP_ALL if BR2_ENABLE_SSP # legacy
|
|
depends on BR2_TOOLCHAIN_HAS_SSP
|
|
help
|
|
Enable stack smashing protection support using GCC's
|
|
-fstack-protector option family.
|
|
|
|
See
|
|
http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
|
|
for details.
|
|
|
|
Note that this requires the toolchain to have SSP support.
|
|
This is always the case for glibc and eglibc toolchain, but is
|
|
optional in uClibc toolchains.
|
|
|
|
config BR2_SSP_NONE
|
|
bool "None"
|
|
help
|
|
Disable stack-smashing protection.
|
|
|
|
config BR2_SSP_REGULAR
|
|
bool "-fstack-protector"
|
|
help
|
|
Emit extra code to check for buffer overflows, such as stack
|
|
smashing attacks. This is done by adding a guard variable to
|
|
functions with vulnerable objects. This includes functions
|
|
that call alloca, and functions with buffers larger than 8
|
|
bytes. The guards are initialized when a function is entered
|
|
and then checked when the function exits. If a guard check
|
|
fails, an error message is printed and the program exits.
|
|
|
|
config BR2_SSP_STRONG
|
|
bool "-fstack-protector-strong"
|
|
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9
|
|
help
|
|
Like -fstack-protector but includes additional functions to be
|
|
protected - those that have local array definitions, or have
|
|
references to local frame addresses.
|
|
|
|
comment "Stack Smashing Protection strong needs a toolchain w/ gcc >= 4.9"
|
|
depends on !BR2_TOOLCHAIN_GCC_AT_LEAST_4_9
|
|
|
|
config BR2_SSP_ALL
|
|
bool "-fstack-protector-all"
|
|
help
|
|
Like -fstack-protector except that all functions are
|
|
protected. This option might have a significant performance
|
|
impact on the compiled binaries.
|
|
|
|
endchoice
|
|
|
|
config BR2_SSP_OPTION
|
|
string
|
|
default "-fstack-protector" if BR2_SSP_REGULAR
|
|
default "-fstack-protector-strong" if BR2_SSP_STRONG
|
|
default "-fstack-protector-all" if BR2_SSP_ALL
|
|
|
|
comment "Stack Smashing Protection needs a toolchain w/ SSP"
|
|
depends on !BR2_TOOLCHAIN_HAS_SSP
|
|
|
|
choice
|
|
bool "RELRO Protection"
|
|
depends on BR2_SHARED_LIBS
|
|
help
|
|
Enable a link-time protection know as RELRO (RELocation Read
|
|
Only) which helps to protect from certain type of exploitation
|
|
techniques altering the content of some ELF sections.
|
|
|
|
config BR2_RELRO_NONE
|
|
bool "None"
|
|
help
|
|
Disables Relocation link-time protections.
|
|
|
|
config BR2_RELRO_PARTIAL
|
|
bool "Partial"
|
|
help
|
|
This option makes the dynamic section not writeable after
|
|
initialization (with almost no performance penalty).
|
|
|
|
config BR2_RELRO_FULL
|
|
bool "Full"
|
|
help
|
|
This option includes the partial configuration, but also marks
|
|
the GOT as read-only at the cost of initialization time during
|
|
program loading, i.e every time an executable is started.
|
|
|
|
endchoice
|
|
|
|
comment "RELocation Read Only (RELRO) needs shared libraries"
|
|
depends on !BR2_SHARED_LIBS
|
|
|
|
choice
|
|
bool "Buffer-overflow Detection (FORTIFY_SOURCE)"
|
|
depends on BR2_TOOLCHAIN_USES_GLIBC
|
|
depends on !BR2_OPTIMIZE_0
|
|
help
|
|
Enable the _FORTIFY_SOURCE macro which introduces additional
|
|
checks to detect buffer-overflows in the following standard
|
|
library functions: memcpy, mempcpy, memmove, memset, strcpy,
|
|
stpcpy, strncpy, strcat, strncat, sprintf, vsprintf, snprintf,
|
|
vsnprintf, gets.
|
|
|
|
NOTE: This feature requires an optimization level of s/1/2/3/g
|
|
|
|
Support for this feature has been present since GCC 4.x.
|
|
|
|
config BR2_FORTIFY_SOURCE_NONE
|
|
bool "None"
|
|
help
|
|
Disables additional checks to detect buffer-overflows.
|
|
|
|
config BR2_FORTIFY_SOURCE_1
|
|
bool "Conservative"
|
|
# gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
|
|
depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
|
|
help
|
|
This option sets _FORTIFY_SOURCE to 1 and only introduces
|
|
checks that shouldn't change the behavior of conforming
|
|
programs. Adds checks at compile-time only.
|
|
|
|
config BR2_FORTIFY_SOURCE_2
|
|
bool "Aggressive"
|
|
# gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
|
|
depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
|
|
help
|
|
This option sets _FORTIFY_SOURCES to 2 and some more
|
|
checking is added, but some conforming programs might fail.
|
|
Also adds checks at run-time (detected buffer overflow
|
|
terminates the program)
|
|
|
|
endchoice
|
|
|
|
comment "Fortify Source needs a glibc toolchain and optimization"
|
|
depends on (!BR2_TOOLCHAIN_USES_GLIBC || BR2_OPTIMIZE_0)
|
|
endmenu
|
|
|
|
source "toolchain/Config.in"
|
|
|
|
source "system/Config.in"
|
|
|
|
source "linux/Config.in"
|
|
|
|
source "package/Config.in"
|
|
|
|
source "fs/Config.in"
|
|
|
|
source "boot/Config.in"
|
|
|
|
source "package/Config.in.host"
|
|
|
|
source "Config.in.legacy"
|
|
|
|
source "$BR2_BUILD_DIR/.br2-external.in"
|