package/xerces: drop cmake workaround

[buildroot-mgba.git] / Config.in

#

mainmenu "Buildroot $BR2_VERSION Configuration"

config BR2_HAVE_DOT_CONFIG
        bool
        default y

config BR2_VERSION
        string
        option env="BR2_VERSION_FULL"

config BR2_HOSTARCH
        string
        option env="HOSTARCH"

config BR2_BASE_DIR
        string
        option env="BASE_DIR"

# br2-external paths definitions
source "$BR2_BASE_DIR/.br2-external.in.paths"

# Hidden config symbols for packages to check system gcc version
config BR2_HOST_GCC_VERSION
        string
        option env="HOST_GCC_VERSION"

config BR2_HOST_GCC_AT_LEAST_4_9
        bool
        default y if BR2_HOST_GCC_VERSION = "4 9"

config BR2_HOST_GCC_AT_LEAST_5
        bool
        default y if BR2_HOST_GCC_VERSION = "5"
        select BR2_HOST_GCC_AT_LEAST_4_9

config BR2_HOST_GCC_AT_LEAST_6
        bool
        default y if BR2_HOST_GCC_VERSION = "6"
        select BR2_HOST_GCC_AT_LEAST_5

config BR2_HOST_GCC_AT_LEAST_7
        bool
        default y if BR2_HOST_GCC_VERSION = "7"
        select BR2_HOST_GCC_AT_LEAST_6

config BR2_HOST_GCC_AT_LEAST_8
        bool
        default y if BR2_HOST_GCC_VERSION = "8"
        select BR2_HOST_GCC_AT_LEAST_7

config BR2_HOST_GCC_AT_LEAST_9
        bool
        default y if BR2_HOST_GCC_VERSION = "9"
        select BR2_HOST_GCC_AT_LEAST_8

# When adding new entries above, be sure to update
# the HOSTCC_MAX_VERSION variable in the Makefile.

# Hidden boolean selected by packages in need of Java in order to build
# (example: kodi)
config BR2_NEEDS_HOST_JAVA
        bool

# Hidden boolean selected by pre-built packages for x86, when they
# need to run on x86-64 machines (example: pre-built external
# toolchains, binary tools like SAM-BA, etc.).
config BR2_HOSTARCH_NEEDS_IA32_LIBS
        bool

# Hidden boolean selected by packages that need to build 32 bits
# binaries with the host compiler, even on 64 bits build machines (e.g
# bootloaders).
config BR2_HOSTARCH_NEEDS_IA32_COMPILER
        bool

# Hidden boolean selected by packages that need the host to have an
# UTF8 locale.
config BR2_NEEDS_HOST_UTF8_LOCALE
        bool

# Hidden boolean selected by packages that need the host to have
# support for building gcc plugins
config BR2_NEEDS_HOST_GCC_PLUGIN_SUPPORT
        bool

source "arch/Config.in"

menu "Build options"

menu "Commands"

config BR2_WGET
        string "Wget command"
        default "wget --passive-ftp -nd -t 3"

config BR2_SVN
        string "Subversion (svn) command"
        default "svn --non-interactive"

config BR2_BZR
        string "Bazaar (bzr) command"
        default "bzr"

config BR2_GIT
        string "Git command"
        default "git"

config BR2_CVS
        string "CVS command"
        default "cvs"

config BR2_LOCALFILES
        string "Local files retrieval command"
        default "cp"

config BR2_SCP
        string "Secure copy (scp) command"
        default "scp"

config BR2_HG
        string "Mercurial (hg) command"
        default "hg"

config BR2_ZCAT
        string "zcat command"
        default "gzip -d -c"
        help
          Command to be used to extract a gzip'ed file to stdout. zcat
          is identical to gunzip -c except that the former may not be
          available on your system.
          Default is "gzip -d -c"
          Other possible values include "gunzip -c" or "zcat".

config BR2_BZCAT
        string "bzcat command"
        default "bzcat"
        help
          Command to be used to extract a bzip2'ed file to stdout.
          bzcat is identical to bunzip2 -c except that the former may
          not be available on your system.
          Default is "bzcat"
          Other possible values include "bunzip2 -c" or "bzip2 -d -c".

config BR2_XZCAT
        string "xzcat command"
        default "xzcat"
        help
          Command to be used to extract a xz'ed file to stdout.
          Default is "xzcat"

config BR2_LZCAT
        string "lzcat command"
        default "lzip -d -c"
        help
          Command to be used to extract a lzip'ed file to stdout.
          Default is "lzip -d -c"

config BR2_TAR_OPTIONS
        string "Tar options"
        default ""
        help
          Options to pass to tar when extracting the sources.
          E.g. " -v --exclude='*.svn*'" to exclude all .svn internal
          files and to be verbose.

endmenu

config BR2_DEFCONFIG_FROM_ENV
        string
        option env="BR2_DEFCONFIG"

config BR2_DEFCONFIG
        string "Location to save buildroot config"
        default BR2_DEFCONFIG_FROM_ENV if BR2_DEFCONFIG_FROM_ENV != ""
        default "$(CONFIG_DIR)/defconfig"
        help
          When running 'make savedefconfig', the defconfig file will be
          saved in this location.

config BR2_DL_DIR
        string "Download dir"
        default "$(TOPDIR)/dl"
        help
          Directory to store all the source files that we need to fetch.
          If the Linux shell environment has defined the BR2_DL_DIR
          environment variable, then this overrides this configuration
          item.
          The directory is organized with a subdirectory for each
          package. Each package has its own $(LIBFOO_DL_DIR) variable
          that can be used to find the correct path.

          The default is $(TOPDIR)/dl

config BR2_HOST_DIR
        string "Host dir"
        default "$(BASE_DIR)/host"
        help
          Directory to store all the binary files that are built for the
          host. This includes the cross compilation toolchain when
          building the internal buildroot toolchain.

          The default is $(BASE_DIR)/host

menu "Mirrors and Download locations"

config BR2_PRIMARY_SITE
        string "Primary download site"
        default ""
        help
          Primary site to download from. If this option is set then
          buildroot will try to download package source first from this
          site and try the default if the file is not found.
          Valid URIs are:
            - URIs recognized by $(WGET)
            - local URIs of the form file://absolutepath
            - scp URIs of the form scp://[user@]host:path.

config BR2_PRIMARY_SITE_ONLY
        bool "Only allow downloads from primary download site"
        depends on BR2_PRIMARY_SITE != ""
        help
          If this option is enabled, downloads will only be attempted
          from the primary download site. Other locations, like the
          package's official download location or the backup download
          site, will not be considered. Therefore, if the package is not
          present on the primary site, the download fails.

          This is useful for project developers who want to ensure that
          the project can be built even if the upstream tarball
          locations disappear.

if !BR2_PRIMARY_SITE_ONLY

config BR2_BACKUP_SITE
        string "Backup download site"
        default "http://sources.buildroot.net"
        help
          Backup site to download from. If this option is set then
          buildroot will fall back to download package sources from here
          if the normal location fails.

config BR2_KERNEL_MIRROR
        string "Kernel.org mirror"
        default "https://cdn.kernel.org/pub"
        help
          kernel.org is mirrored on a number of servers around the
          world. The following allows you to select your preferred
          mirror. By default, a CDN is used, which automatically
          redirects to a mirror geographically close to you.

          Have a look on the kernel.org site for a list of mirrors, then
          enter the URL to the base directory. Examples:

             http://www.XX.kernel.org/pub (XX = country code)
             http://mirror.aarnet.edu.au/pub/ftp.kernel.org

config BR2_GNU_MIRROR
        string "GNU Software mirror"
        default "http://ftpmirror.gnu.org"
        help
          GNU has multiple software mirrors scattered around the
          world. The following allows you to select your preferred
          mirror. By default, a generic address is used, which
          automatically selects an up-to-date and local mirror.

          Have a look on the gnu.org site for a list of mirrors, then
          enter the URL to the base directory. Examples:

             http://ftp.gnu.org/pub/gnu
             http://mirror.aarnet.edu.au/pub/gnu

config BR2_LUAROCKS_MIRROR
        string "LuaRocks mirror"
        default "http://rocks.moonscript.org"
        help
          LuaRocks repository.

          See http://luarocks.org

config BR2_CPAN_MIRROR
        string "CPAN mirror (Perl packages)"
        default "http://cpan.metacpan.org"
        help
          CPAN (Comprehensive Perl Archive Network) is a repository of
          Perl packages. It has multiple software mirrors scattered
          around the world. This option allows you to select a mirror.

          The list of mirrors is available at:
          http://search.cpan.org/mirror

endif

endmenu

config BR2_JLEVEL
        int "Number of jobs to run simultaneously (0 for auto)"
        default "0"
        help
          Number of jobs to run simultaneously. If 0, determine
          automatically according to number of CPUs on the host system.

config BR2_CCACHE
        bool "Enable compiler cache"
        help
          This option will enable the use of ccache, a compiler cache.
          It will cache the result of previous builds to speed up future
          builds. By default, the cache is stored in
          $HOME/.buildroot-ccache.

          Note that Buildroot does not try to invalidate the cache
          contents when the compiler changes in an incompatible way.
          Therefore, if you make a change to the compiler version and/or
          configuration, you are responsible for purging the ccache
          cache by removing the $HOME/.buildroot-ccache directory.

if BR2_CCACHE

config BR2_CCACHE_DIR
        string "Compiler cache location"
        default "$(HOME)/.buildroot-ccache"
        help
          Where ccache should store cached files.
          If the Linux shell environment has defined the BR2_CCACHE_DIR
          environment variable, then this overrides this configuration
          item.

config BR2_CCACHE_INITIAL_SETUP
        string "Compiler cache initial setup"
        help
          Initial ccache settings to apply, such as --max-files or
          --max-size.

          For example, if your project is known to require more space
          than the default max cache size, then you might want to
          increase the cache size to a suitable amount using the -M
          (--max-size) option.

          The string you specify here is passed verbatim to ccache.
          Refer to ccache documentation for more details.

          These initial settings are applied after ccache has been
          compiled.

config BR2_CCACHE_USE_BASEDIR
        bool "Use relative paths"
        default y
        help
          Allow ccache to convert absolute paths within the output
          directory into relative paths.

          During the build, many -I include directives are given with an
          absolute path. These absolute paths end up in the hashes that
          are computed by ccache. Therefore, when you build from a
          different directory, the hash will be different and the cached
          object will not be used.

          To improve cache performance, set this option to y. This
          allows ccache to rewrite absolute paths within the output
          directory into relative paths. Note that only paths within the
          output directory will be rewritten; therefore, if you change
          BR2_HOST_DIR to point outside the output directory and
          subsequently move it to a different location, this will lead
          to cache misses.

          This option has as a result that the debug information in the
          object files also has only relative paths. Therefore, make
          sure you cd to the build directory before starting gdb. See
          the section "COMPILING IN DIFFERENT DIRECTORIES" in the ccache
          manual for more information.

endif

config BR2_ENABLE_DEBUG
        bool "build packages with debugging symbols"
        help
          Build packages with debugging symbols enabled. All libraries
          and binaries in the 'staging' directory will have debugging
          symbols, which allows remote debugging even if libraries and
          binaries are stripped on the target. Whether libraries and
          binaries are stripped on the target is controlled by the
          BR2_STRIP_* options below.

if BR2_ENABLE_DEBUG
choice
        prompt "gcc debug level"
        default BR2_DEBUG_2
        help
          Set the debug level for gcc

config BR2_DEBUG_1
        bool "debug level 1"
        help
          Debug level 1 produces minimal information, enough for making
          backtraces in parts of the program that you don't plan to
          debug. This includes descriptions of functions and external
          variables, but no information about local variables and no
          line numbers.

config BR2_DEBUG_2
        bool "debug level 2"
        help
          The default gcc debug level is 2

config BR2_DEBUG_3
        bool "debug level 3"
        help
          Level 3 includes extra information, such as all the macro
          definitions present in the program. Some debuggers support
          macro expansion when you use -g3.
endchoice
endif

config BR2_STRIP_strip
        bool "strip target binaries"
        default y
        depends on !BR2_PACKAGE_HOST_ELF2FLT
        help
          Binaries and libraries in the target filesystem will be
          stripped using the normal 'strip' command. This allows to save
          space, mainly by removing debugging symbols. Debugging symbols
          on the target are needed for native debugging, but not when
          remote debugging is used.

config BR2_STRIP_EXCLUDE_FILES
        string "executables that should not be stripped"
        default ""
        depends on BR2_STRIP_strip
        help
          You may specify a space-separated list of binaries and
          libraries here that should not be stripped on the target.

config BR2_STRIP_EXCLUDE_DIRS
        string "directories that should be skipped when stripping"
        default ""
        depends on BR2_STRIP_strip
        help
          You may specify a space-separated list of directories that
          should be skipped when stripping. Binaries and libraries in
          these directories will not be touched. The directories should
          be specified relative to the target directory, without leading
          slash.

choice
        prompt "gcc optimization level"
        default BR2_OPTIMIZE_S
        help
          Set the optimization level for gcc

config BR2_OPTIMIZE_0
        bool "optimization level 0"
        help
          Do not optimize.

config BR2_OPTIMIZE_1
        bool "optimization level 1"
        help
          Optimize. Optimizing compilation takes somewhat more time, and
          a lot more memory for a large function. With -O, the compiler
          tries to reduce code size and execution time, without
          performing any optimizations that take a great deal of
          compilation time. -O turns on the following optimization
          flags: -fdefer-pop -fdelayed-branch -fguess-branch-probability
          -fcprop-registers -floop-optimize -fif-conversion
          -fif-conversion2 -ftree-ccp -ftree-dce -ftree-dominator-opts
          -ftree-dse -ftree-ter -ftree-lrs -ftree-sra -ftree-copyrename
          -ftree-fre -ftree-ch -funit-at-a-time -fmerge-constants. -O
          also turns on -fomit-frame-pointer on machines where doing so
          does not interfere with debugging.

config BR2_OPTIMIZE_2
        bool "optimization level 2"
        help
          Optimize even more. GCC performs nearly all supported
          optimizations that do not involve a space-speed tradeoff. The
          compiler does not perform loop unrolling or function inlining
          when you specify -O2. As compared to -O, this option increases
          both compilation time and the performance of the generated
          code. -O2 turns on all optimization flags specified by -O. It
          also turns on the following optimization flags:
          -fthread-jumps -fcrossjumping -foptimize-sibling-calls
          -fcse-follow-jumps -fcse-skip-blocks -fgcse  -fgcse-lm
          -fexpensive-optimizations -fstrength-reduce
          -frerun-cse-after-loop -frerun-loop-opt -fcaller-saves
          -fpeephole2 -fschedule-insns -fschedule-insns2
          -fsched-interblock -fsched-spec -fregmove -fstrict-aliasing
          -fdelete-null-pointer-checks -freorder-blocks
          -freorder-functions -falign-functions -falign-jumps
          -falign-loops -falign-labels -ftree-vrp -ftree-pre. Please
          note the warning under -fgcse about invoking -O2 on programs
          that use computed gotos.

config BR2_OPTIMIZE_3
        bool "optimization level 3"
        help
          Optimize yet more. -O3 turns on all optimizations specified by
          -O2 and also turns on the -finline-functions, -funswitch-loops
          and -fgcse-after-reload options.

config BR2_OPTIMIZE_G
        bool "optimize for debugging"
        depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8
        help
          Optimize for debugging. This enables optimizations that do not
          interfere with debugging. It should be the optimization level
          of choice for the standard edit-compile-debug cycle, offering
          a reasonable level of optimization while maintaining fast
          compilation and a good debugging experience.

config BR2_OPTIMIZE_S
        bool "optimize for size"
        help
          Optimize for size. -Os enables all -O2 optimizations that do
          not typically increase code size. It also performs further
          optimizations designed to reduce code size. -Os disables the
          following optimization flags: -falign-functions -falign-jumps
          -falign-loops -falign-labels -freorder-blocks
          -freorder-blocks-and-partition -fprefetch-loop-arrays
          -ftree-vect-loop-version
          This is the default.

config BR2_OPTIMIZE_FAST
        bool "optimize for fast (may break packages!)"
        depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_6
        help
          Optimize for fast. Disregard strict standards
          compliance. -Ofast enables all -O3 optimizations. It also
          enables optimizations that are not valid for all
          standard-compliant programs, so be careful, as it may break
          some packages. It turns on -ffast-math and the
          Fortran-specific -fstack-arrays, unless -fmax-stack-var-size
          is specified, and -fno-protect-parens.

endchoice

config BR2_GOOGLE_BREAKPAD_ENABLE
        bool "Enable google-breakpad support"
        depends on BR2_INSTALL_LIBSTDCPP
        depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # C++11
        depends on BR2_USE_WCHAR
        depends on BR2_TOOLCHAIN_HAS_THREADS
        depends on (BR2_TOOLCHAIN_USES_GLIBC || BR2_TOOLCHAIN_USES_UCLIBC)
        depends on BR2_PACKAGE_GOOGLE_BREAKPAD_ARCH_SUPPORTS
        depends on BR2_PACKAGE_HOST_GOOGLE_BREAKPAD_ARCH_SUPPORTS
        select BR2_PACKAGE_GOOGLE_BREAKPAD
        help
          This option will enable the use of google breakpad, a library
          and tool suite that allows you to distribute an application to
          users with compiler-provided debugging information removed,
          record crashes in compact "minidump" files, send them back to
          your server and produce C and C++ stack traces from these
          minidumps. Breakpad can also write minidumps on request for
          programs that have not crashed.

if BR2_GOOGLE_BREAKPAD_ENABLE

config BR2_GOOGLE_BREAKPAD_INCLUDE_FILES
        string "List of executables and libraries to extract symbols from"
        default ""
        help
          You may specify a space-separated list of binaries and
          libraries with full paths relative to $(TARGET_DIR) of which
          debug symbols will be dumped for further use with google
          breakpad.

          A directory structure that can be used by minidump-stackwalk
          will be created at:

          $(STAGING_DIR)/usr/share/google-breakpad-symbols

endif

choice
        bool "libraries"
        default BR2_SHARED_LIBS if BR2_BINFMT_SUPPORTS_SHARED
        default BR2_STATIC_LIBS if !BR2_BINFMT_SUPPORTS_SHARED
        help
          Select the type of libraries you want to use on the target.

          The default is to build dynamic libraries and use those on the
          target filesystem, except when the architecture and/or the
          selected binary format does not support shared libraries.

config BR2_STATIC_LIBS
        bool "static only"
        help
          Build and use only static libraries. No shared libraries will
          be installed on the target. This potentially increases your
          code size and should only be used if you know what you are
          doing. Note that some packages may not be available when this
          option is enabled, due to their need for dynamic library
          support.

config BR2_SHARED_LIBS
        bool "shared only"
        depends on BR2_BINFMT_SUPPORTS_SHARED
        help
          Build and use only shared libraries. This is the recommended
          solution as it saves space and build time.

config BR2_SHARED_STATIC_LIBS
        bool "both static and shared"
        depends on BR2_BINFMT_SUPPORTS_SHARED
        help
          Build both shared and static libraries, but link executables
          dynamically. While building both shared and static libraries
          take more time and more disk space, having static libraries
          may be useful to link some of the applications statically.

endchoice

config BR2_PACKAGE_OVERRIDE_FILE
        string "location of a package override file"
        default "$(CONFIG_DIR)/local.mk"
        help
          A package override file is a short makefile that contains
          variable definitions of the form <pkg>_OVERRIDE_SRCDIR, which
          allows to tell Buildroot to use an existing directory as the
          source directory for a particular package. See the Buildroot
          documentation for more details on this feature.

config BR2_GLOBAL_PATCH_DIR
        string "global patch directories"
        help
          You may specify a space separated list of one or more
          directories containing global package patches. For a specific
          version <packageversion> of a specific package <packagename>,
          patches are applied as follows:

          First, the default Buildroot patch set for the package is
          applied from the package's directory in Buildroot.

          Then for every directory - <global-patch-dir> - that exists in
          BR2_GLOBAL_PATCH_DIR, if the directory
          <global-patch-dir>/<packagename>/<packageversion>/ exists,
          then all *.patch files in this directory will be applied.

          Otherwise, if the directory <global-patch-dir>/<packagename>
          exists, then all *.patch files in the directory will be
          applied.

menu "Advanced"

config BR2_COMPILER_PARANOID_UNSAFE_PATH
        bool "paranoid check of library/header paths"
        default y
        help
          By default, when this option is disabled, when the Buildroot
          cross-compiler will encounter an unsafe library or header path
          (such as /usr/include, or /usr/lib), the compiler will display
          a warning.

          By enabling this option, this warning is turned into an error,
          which will completely abort the build when such unsafe paths
          are encountered.

          Note that this mechanism is available for both the internal
          toolchain (through the toolchain wrapper and binutils patches)
          and external toolchain backends (through the toolchain
          wrapper).

config BR2_FORCE_HOST_BUILD
        bool "Force the building of host dependencies"
        help
          Build all available host dependencies, even if they are
          already installed on the system.

          This option can be used to ensure that the download cache of
          source archives for packages remain consistent between
          different build hosts.

          This option will increase build time.

config BR2_REPRODUCIBLE
        bool "Make the build reproducible (experimental)"
        # SOURCE_DATE_EPOCH support in toolchain-wrapper requires GCC 4.4
        depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_4
        help
          This option will remove all sources of non-reproducibility
          from the build process. For a given Buildroot configuration,
          this allows to generate exactly identical binaries from one
          build to the other, including on different machines.

          The current implementation is restricted to builds with the
          same output directory. Many (absolute) paths are recorded in
          intermediary files, and it is very likely that some of these
          paths leak into the target rootfs. If you build with the
          same O=... path, however, the result is identical.

          This is labeled as an experimental feature, as not all
          packages behave properly to ensure reproducibility.

config BR2_PER_PACKAGE_DIRECTORIES
        bool "Use per-package directories (experimental)"
        help
          This option will change the build process of Buildroot
          package to use per-package target and host directories.

          This is useful for two related purposes:

            - Cleanly isolate the build of each package, so that a
              given package only "sees" the dependencies it has
              explicitly expressed, and not other packages that may
              have by chance been built before.

            - Enable top-level parallel build.

          This is labeled as an experimental feature, as not all
          packages behave properly with per-package directories.

endmenu

comment "Security Hardening Options"

config BR2_PIC_PIE
        bool "Build code with PIC/PIE"
        depends on BR2_SHARED_LIBS
        depends on BR2_TOOLCHAIN_SUPPORTS_PIE
        help
          Generate Position-Independent Code (PIC) and link
          Position-Independent Executables (PIE).

comment "PIC/PIE needs a toolchain w/ PIE"
        depends on BR2_SHARED_LIBS
        depends on !BR2_TOOLCHAIN_SUPPORTS_PIE

choice
        bool "Stack Smashing Protection"
        default BR2_SSP_ALL if BR2_ENABLE_SSP # legacy
        depends on BR2_TOOLCHAIN_HAS_SSP
        help
          Enable stack smashing protection support using GCC's
          -fstack-protector option family.

          See
          http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
          for details.

          Note that this requires the toolchain to have SSP support.
          This is always the case for glibc and eglibc toolchain, but is
          optional in uClibc toolchains.

config BR2_SSP_NONE
        bool "None"
        help
          Disable stack-smashing protection.

config BR2_SSP_REGULAR
        bool "-fstack-protector"
        help
          Emit extra code to check for buffer overflows, such as stack
          smashing attacks. This is done by adding a guard variable to
          functions with vulnerable objects. This includes functions
          that call alloca, and functions with buffers larger than 8
          bytes. The guards are initialized when a function is entered
          and then checked when the function exits. If a guard check
          fails, an error message is printed and the program exits.

config BR2_SSP_STRONG
        bool "-fstack-protector-strong"
        depends on BR2_TOOLCHAIN_HAS_SSP_STRONG
        help
          Like -fstack-protector but includes additional functions to be
          protected - those that have local array definitions, or have
          references to local frame addresses.

          -fstack-protector-strong officially appeared in gcc 4.9, but
          some vendors have backported -fstack-protector-strong to older
          versions of gcc.

config BR2_SSP_ALL
        bool "-fstack-protector-all"
        help
          Like -fstack-protector except that all functions are
          protected. This option might have a significant performance
          impact on the compiled binaries.

endchoice

config BR2_SSP_OPTION
        string
        default "-fstack-protector"        if BR2_SSP_REGULAR
        default "-fstack-protector-strong" if BR2_SSP_STRONG
        default "-fstack-protector-all"    if BR2_SSP_ALL

comment "Stack Smashing Protection needs a toolchain w/ SSP"
        depends on !BR2_TOOLCHAIN_HAS_SSP

choice
        bool "RELRO Protection"
        depends on BR2_SHARED_LIBS
        help
          Enable a link-time protection know as RELRO (RELocation Read
          Only) which helps to protect from certain type of exploitation
          techniques altering the content of some ELF sections.

config BR2_RELRO_NONE
        bool "None"
        help
          Disables Relocation link-time protections.

config BR2_RELRO_PARTIAL
        bool "Partial"
        help
          This option makes the dynamic section not writeable after
          initialization (with almost no performance penalty).

config BR2_RELRO_FULL
        bool "Full"
        depends on BR2_TOOLCHAIN_SUPPORTS_PIE
        select BR2_PIC_PIE
        help
          This option includes the partial configuration, but also marks
          the GOT as read-only at the cost of initialization time during
          program loading, i.e every time an executable is started.

comment "RELRO Full needs a toolchain w/ PIE"
        depends on !BR2_TOOLCHAIN_SUPPORTS_PIE

endchoice

comment "RELocation Read Only (RELRO) needs shared libraries"
        depends on !BR2_SHARED_LIBS

choice
        bool "Buffer-overflow Detection (FORTIFY_SOURCE)"
        depends on BR2_TOOLCHAIN_USES_GLIBC
        depends on !BR2_OPTIMIZE_0
        help
          Enable the _FORTIFY_SOURCE macro which introduces additional
          checks to detect buffer-overflows in the following standard
          library functions: memcpy, mempcpy, memmove, memset, strcpy,
          stpcpy, strncpy, strcat, strncat, sprintf, vsprintf, snprintf,
          vsnprintf, gets.

          NOTE: This feature requires an optimization level of s/1/2/3/g

          Support for this feature has been present since GCC 4.x.

config BR2_FORTIFY_SOURCE_NONE
        bool "None"
        help
          Disables additional checks to detect buffer-overflows.

config BR2_FORTIFY_SOURCE_1
        bool "Conservative"
        # gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
        depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
        help
          This option sets _FORTIFY_SOURCE to 1 and only introduces
          checks that shouldn't change the behavior of conforming
          programs.  Adds checks at compile-time only.

config BR2_FORTIFY_SOURCE_2
        bool "Aggressive"
        # gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
        depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
        help
          This option sets _FORTIFY_SOURCES to 2 and some more
          checking is added, but some conforming programs might fail.
          Also adds checks at run-time (detected buffer overflow
          terminates the program)

endchoice

comment "Fortify Source needs a glibc toolchain and optimization"
        depends on (!BR2_TOOLCHAIN_USES_GLIBC || BR2_OPTIMIZE_0)
endmenu

source "toolchain/Config.in"

source "system/Config.in"

source "linux/Config.in"

source "package/Config.in"

source "fs/Config.in"

source "boot/Config.in"

source "package/Config.in.host"

source "Config.in.legacy"

# br2-external menus definitions
source "$BR2_BASE_DIR/.br2-external.in.menus"