3 mainmenu "Buildroot $BR2_VERSION Configuration"
5 config BR2_HAVE_DOT_CONFIG
11 option env="BR2_VERSION_FULL"
21 # br2-external paths definitions
22 source "$BR2_BASE_DIR/.br2-external.in.paths"
24 # Hidden config symbols for packages to check system gcc version
25 config BR2_HOST_GCC_VERSION
27 option env="HOST_GCC_VERSION"
29 config BR2_HOST_GCC_AT_LEAST_4_9
31 default y if BR2_HOST_GCC_VERSION = "4 9"
33 config BR2_HOST_GCC_AT_LEAST_5
35 default y if BR2_HOST_GCC_VERSION = "5"
36 select BR2_HOST_GCC_AT_LEAST_4_9
38 config BR2_HOST_GCC_AT_LEAST_6
40 default y if BR2_HOST_GCC_VERSION = "6"
41 select BR2_HOST_GCC_AT_LEAST_5
43 config BR2_HOST_GCC_AT_LEAST_7
45 default y if BR2_HOST_GCC_VERSION = "7"
46 select BR2_HOST_GCC_AT_LEAST_6
48 config BR2_HOST_GCC_AT_LEAST_8
50 default y if BR2_HOST_GCC_VERSION = "8"
51 select BR2_HOST_GCC_AT_LEAST_7
53 config BR2_HOST_GCC_AT_LEAST_9
55 default y if BR2_HOST_GCC_VERSION = "9"
56 select BR2_HOST_GCC_AT_LEAST_8
58 # When adding new entries above, be sure to update
59 # the HOSTCC_MAX_VERSION variable in the Makefile.
61 # Hidden boolean selected by packages in need of Java in order to build
63 config BR2_NEEDS_HOST_JAVA
66 # Hidden boolean selected by pre-built packages for x86, when they
67 # need to run on x86-64 machines (example: pre-built external
68 # toolchains, binary tools like SAM-BA, etc.).
69 config BR2_HOSTARCH_NEEDS_IA32_LIBS
72 # Hidden boolean selected by packages that need to build 32 bits
73 # binaries with the host compiler, even on 64 bits build machines (e.g
75 config BR2_HOSTARCH_NEEDS_IA32_COMPILER
78 # Hidden boolean selected by packages that need the host to have an
80 config BR2_NEEDS_HOST_UTF8_LOCALE
83 # Hidden boolean selected by packages that need the host to have
84 # support for building gcc plugins
85 config BR2_NEEDS_HOST_GCC_PLUGIN_SUPPORT
88 source "arch/Config.in"
90 source "toolchain/Config.in"
98 default "wget --passive-ftp -nd -t 3"
101 string "Subversion (svn) command"
102 default "svn --non-interactive"
105 string "Bazaar (bzr) command"
116 config BR2_LOCALFILES
117 string "Local files retrieval command"
121 string "Secure copy (scp) command"
125 string "Secure file transfer (sftp) command"
129 string "Mercurial (hg) command"
133 string "zcat command"
136 Command to be used to extract a gzip'ed file to stdout. zcat
137 is identical to gunzip -c except that the former may not be
138 available on your system.
139 Default is "gzip -d -c"
140 Other possible values include "gunzip -c" or "zcat".
143 string "bzcat command"
146 Command to be used to extract a bzip2'ed file to stdout.
147 bzcat is identical to bunzip2 -c except that the former may
148 not be available on your system.
150 Other possible values include "bunzip2 -c" or "bzip2 -d -c".
153 string "xzcat command"
156 Command to be used to extract a xz'ed file to stdout.
160 string "lzcat command"
163 Command to be used to extract a lzip'ed file to stdout.
164 Default is "lzip -d -c"
166 config BR2_TAR_OPTIONS
170 Options to pass to tar when extracting the sources.
171 E.g. " -v --exclude='*.svn*'" to exclude all .svn internal
172 files and to be verbose.
176 config BR2_DEFCONFIG_FROM_ENV
178 option env="BR2_DEFCONFIG"
181 string "Location to save buildroot config"
182 default BR2_DEFCONFIG_FROM_ENV if BR2_DEFCONFIG_FROM_ENV != ""
183 default "$(CONFIG_DIR)/defconfig"
185 When running 'make savedefconfig', the defconfig file will be
186 saved in this location.
189 string "Download dir"
190 default "$(TOPDIR)/dl"
192 Directory to store all the source files that we need to fetch.
193 If the Linux shell environment has defined the BR2_DL_DIR
194 environment variable, then this overrides this configuration
196 The directory is organized with a subdirectory for each
197 package. Each package has its own $(LIBFOO_DL_DIR) variable
198 that can be used to find the correct path.
200 The default is $(TOPDIR)/dl
204 default "$(BASE_DIR)/host"
206 Directory to store all the binary files that are built for the
207 host. This includes the cross compilation toolchain when
208 building the internal buildroot toolchain.
210 The default is $(BASE_DIR)/host
212 menu "Mirrors and Download locations"
214 config BR2_PRIMARY_SITE
215 string "Primary download site"
218 Primary site to download from. If this option is set then
219 buildroot will try to download package source first from this
220 site and try the default if the file is not found.
222 - URIs recognized by $(WGET)
223 - local URIs of the form file://absolutepath
224 - scp URIs of the form scp://[user@]host:path.
226 config BR2_PRIMARY_SITE_ONLY
227 bool "Only allow downloads from primary download site"
228 depends on BR2_PRIMARY_SITE != ""
230 If this option is enabled, downloads will only be attempted
231 from the primary download site. Other locations, like the
232 package's official download location or the backup download
233 site, will not be considered. Therefore, if the package is not
234 present on the primary site, the download fails.
236 This is useful for project developers who want to ensure that
237 the project can be built even if the upstream tarball
240 if !BR2_PRIMARY_SITE_ONLY
242 config BR2_BACKUP_SITE
243 string "Backup download site"
244 default "http://sources.buildroot.net"
246 Backup site to download from. If this option is set then
247 buildroot will fall back to download package sources from here
248 if the normal location fails.
250 config BR2_KERNEL_MIRROR
251 string "Kernel.org mirror"
252 default "https://cdn.kernel.org/pub"
254 kernel.org is mirrored on a number of servers around the
255 world. The following allows you to select your preferred
256 mirror. By default, a CDN is used, which automatically
257 redirects to a mirror geographically close to you.
259 Have a look on the kernel.org site for a list of mirrors, then
260 enter the URL to the base directory. Examples:
262 http://www.XX.kernel.org/pub (XX = country code)
263 http://mirror.aarnet.edu.au/pub/ftp.kernel.org
265 config BR2_GNU_MIRROR
266 string "GNU Software mirror"
267 default "http://ftpmirror.gnu.org"
269 GNU has multiple software mirrors scattered around the
270 world. The following allows you to select your preferred
271 mirror. By default, a generic address is used, which
272 automatically selects an up-to-date and local mirror.
274 Have a look on the gnu.org site for a list of mirrors, then
275 enter the URL to the base directory. Examples:
277 http://ftp.gnu.org/pub/gnu
278 http://mirror.aarnet.edu.au/pub/gnu
280 config BR2_LUAROCKS_MIRROR
281 string "LuaRocks mirror"
282 default "http://rocks.moonscript.org"
286 See http://luarocks.org
288 config BR2_CPAN_MIRROR
289 string "CPAN mirror (Perl packages)"
290 default "https://cpan.metacpan.org"
292 CPAN (Comprehensive Perl Archive Network) is a repository of
293 Perl packages. It has multiple software mirrors scattered
294 around the world. This option allows you to select a mirror.
296 The list of mirrors is available at:
297 http://mirrors.cpan.org/ (tabular)
298 http://mirrors.cpan.org/map.html (clickable world map)
305 int "Number of jobs to run simultaneously (0 for auto)"
308 Number of jobs to run simultaneously. If 0, determine
309 automatically according to number of CPUs on the host system.
312 bool "Enable compiler cache"
314 This option will enable the use of ccache, a compiler cache.
315 It will cache the result of previous builds to speed up future
316 builds. By default, the cache is stored in
317 $HOME/.buildroot-ccache.
319 Note that Buildroot does not try to invalidate the cache
320 contents when the compiler changes in an incompatible way.
321 Therefore, if you make a change to the compiler version and/or
322 configuration, you are responsible for purging the ccache
323 cache by removing the $HOME/.buildroot-ccache directory.
327 config BR2_CCACHE_DIR
328 string "Compiler cache location"
329 default "$(HOME)/.buildroot-ccache"
331 Where ccache should store cached files.
332 If the Linux shell environment has defined the BR2_CCACHE_DIR
333 environment variable, then this overrides this configuration
336 config BR2_CCACHE_INITIAL_SETUP
337 string "Compiler cache initial setup"
339 Initial ccache settings to apply, such as --max-files or
342 For example, if your project is known to require more space
343 than the default max cache size, then you might want to
344 increase the cache size to a suitable amount using the -M
347 The string you specify here is passed verbatim to ccache.
348 Refer to ccache documentation for more details.
350 These initial settings are applied after ccache has been
353 config BR2_CCACHE_USE_BASEDIR
354 bool "Use relative paths"
357 Allow ccache to convert absolute paths within the output
358 directory into relative paths.
360 During the build, many -I include directives are given with an
361 absolute path. These absolute paths end up in the hashes that
362 are computed by ccache. Therefore, when you build from a
363 different directory, the hash will be different and the cached
364 object will not be used.
366 To improve cache performance, set this option to y. This
367 allows ccache to rewrite absolute paths within the output
368 directory into relative paths. Note that only paths within the
369 output directory will be rewritten; therefore, if you change
370 BR2_HOST_DIR to point outside the output directory and
371 subsequently move it to a different location, this will lead
374 This option has as a result that the debug information in the
375 object files also has only relative paths. Therefore, make
376 sure you cd to the build directory before starting gdb. See
377 the section "COMPILING IN DIFFERENT DIRECTORIES" in the ccache
378 manual for more information.
382 config BR2_ENABLE_DEBUG
383 bool "build packages with debugging symbols"
385 Build packages with debugging symbols enabled. All libraries
386 and binaries in the 'staging' directory will have debugging
387 symbols, which allows remote debugging even if libraries and
388 binaries are stripped on the target. Whether libraries and
389 binaries are stripped on the target is controlled by the
390 BR2_STRIP_* options below.
394 prompt "gcc debug level"
397 Set the debug level for gcc
402 Debug level 1 produces minimal information, enough for making
403 backtraces in parts of the program that you don't plan to
404 debug. This includes descriptions of functions and external
405 variables, but no information about local variables and no
411 The default gcc debug level is 2
416 Level 3 includes extra information, such as all the macro
417 definitions present in the program. Some debuggers support
418 macro expansion when you use -g3.
422 config BR2_ENABLE_RUNTIME_DEBUG
423 bool "build packages with runtime debugging info"
425 Some packages may have runtime assertions, extra traces, and
426 similar runtime elements that can help debugging. However,
427 these elements may negatively influence performance so should
428 normally not be enabled on production systems.
430 Enable this option to enable such runtime debugging.
432 Note: disabling this option is not a guarantee that all
433 packages effectively removed these runtime debugging elements.
435 config BR2_STRIP_strip
436 bool "strip target binaries"
438 depends on BR2_BINFMT_ELF
440 Binaries and libraries in the target filesystem will be
441 stripped using the normal 'strip' command. This allows to save
442 space, mainly by removing debugging symbols. Debugging symbols
443 on the target are needed for native debugging, but not when
444 remote debugging is used.
446 config BR2_STRIP_EXCLUDE_FILES
447 string "executables that should not be stripped"
449 depends on BR2_STRIP_strip
451 You may specify a space-separated list of binaries and
452 libraries here that should not be stripped on the target.
454 config BR2_STRIP_EXCLUDE_DIRS
455 string "directories that should be skipped when stripping"
457 depends on BR2_STRIP_strip
459 You may specify a space-separated list of directories that
460 should be skipped when stripping. Binaries and libraries in
461 these directories will not be touched. The directories should
462 be specified relative to the target directory, without leading
466 prompt "gcc optimization level"
467 default BR2_OPTIMIZE_S
469 Set the optimization level for gcc
471 config BR2_OPTIMIZE_0
472 bool "optimization level 0"
476 config BR2_OPTIMIZE_1
477 bool "optimization level 1"
479 Optimize. Optimizing compilation takes somewhat more time, and
480 a lot more memory for a large function. With -O, the compiler
481 tries to reduce code size and execution time, without
482 performing any optimizations that take a great deal of
483 compilation time. -O turns on the following optimization
484 flags: -fdefer-pop -fdelayed-branch -fguess-branch-probability
485 -fcprop-registers -floop-optimize -fif-conversion
486 -fif-conversion2 -ftree-ccp -ftree-dce -ftree-dominator-opts
487 -ftree-dse -ftree-ter -ftree-lrs -ftree-sra -ftree-copyrename
488 -ftree-fre -ftree-ch -funit-at-a-time -fmerge-constants. -O
489 also turns on -fomit-frame-pointer on machines where doing so
490 does not interfere with debugging.
492 config BR2_OPTIMIZE_2
493 bool "optimization level 2"
495 Optimize even more. GCC performs nearly all supported
496 optimizations that do not involve a space-speed tradeoff. The
497 compiler does not perform loop unrolling or function inlining
498 when you specify -O2. As compared to -O, this option increases
499 both compilation time and the performance of the generated
500 code. -O2 turns on all optimization flags specified by -O. It
501 also turns on the following optimization flags:
502 -fthread-jumps -fcrossjumping -foptimize-sibling-calls
503 -fcse-follow-jumps -fcse-skip-blocks -fgcse -fgcse-lm
504 -fexpensive-optimizations -fstrength-reduce
505 -frerun-cse-after-loop -frerun-loop-opt -fcaller-saves
506 -fpeephole2 -fschedule-insns -fschedule-insns2
507 -fsched-interblock -fsched-spec -fregmove -fstrict-aliasing
508 -fdelete-null-pointer-checks -freorder-blocks
509 -freorder-functions -falign-functions -falign-jumps
510 -falign-loops -falign-labels -ftree-vrp -ftree-pre. Please
511 note the warning under -fgcse about invoking -O2 on programs
512 that use computed gotos.
514 config BR2_OPTIMIZE_3
515 bool "optimization level 3"
517 Optimize yet more. -O3 turns on all optimizations specified by
518 -O2 and also turns on the -finline-functions, -funswitch-loops
519 and -fgcse-after-reload options.
521 config BR2_OPTIMIZE_G
522 bool "optimize for debugging"
523 depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8
525 Optimize for debugging. This enables optimizations that do not
526 interfere with debugging. It should be the optimization level
527 of choice for the standard edit-compile-debug cycle, offering
528 a reasonable level of optimization while maintaining fast
529 compilation and a good debugging experience.
531 config BR2_OPTIMIZE_S
532 bool "optimize for size"
534 Optimize for size. -Os enables all -O2 optimizations that do
535 not typically increase code size. It also performs further
536 optimizations designed to reduce code size. -Os disables the
537 following optimization flags: -falign-functions -falign-jumps
538 -falign-loops -falign-labels -freorder-blocks
539 -freorder-blocks-and-partition -fprefetch-loop-arrays
540 -ftree-vect-loop-version
543 config BR2_OPTIMIZE_FAST
544 bool "optimize for fast (may break packages!)"
545 depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_6
547 Optimize for fast. Disregard strict standards
548 compliance. -Ofast enables all -O3 optimizations. It also
549 enables optimizations that are not valid for all
550 standard-compliant programs, so be careful, as it may break
551 some packages. It turns on -ffast-math and the
552 Fortran-specific -fstack-arrays, unless -fmax-stack-var-size
553 is specified, and -fno-protect-parens.
557 config BR2_ENABLE_LTO
558 bool "build packages with link-time optimisation"
560 Enable the link-time optimisation (LTO) option when building
561 packages. Link-time optimisation re-runs optimisations at
562 link time, which allows the compiler to do interprocedural
563 analysis across compilation units and thus come with better
564 results: smaller size and better performance.
566 Note that this analysis is limited to statically linked
567 object files and libraries.
569 This option may significantly increase build times,
570 sometimes 5 times longer, with only limited gains.
572 At this time, this option only enables LTO in packages that
573 have an explicit configuration option for it. Other packages
574 always enable LTO, but most packages never enable LTO.
576 config BR2_GOOGLE_BREAKPAD_ENABLE
577 bool "Enable google-breakpad support"
578 depends on BR2_INSTALL_LIBSTDCPP
579 depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # C++11
580 depends on BR2_USE_WCHAR
581 depends on BR2_TOOLCHAIN_HAS_THREADS
582 depends on (BR2_TOOLCHAIN_USES_GLIBC || BR2_TOOLCHAIN_USES_UCLIBC)
583 depends on BR2_PACKAGE_GOOGLE_BREAKPAD_ARCH_SUPPORTS
584 depends on BR2_PACKAGE_HOST_GOOGLE_BREAKPAD_ARCH_SUPPORTS
585 select BR2_PACKAGE_GOOGLE_BREAKPAD
587 This option will enable the use of google breakpad, a library
588 and tool suite that allows you to distribute an application to
589 users with compiler-provided debugging information removed,
590 record crashes in compact "minidump" files, send them back to
591 your server and produce C and C++ stack traces from these
592 minidumps. Breakpad can also write minidumps on request for
593 programs that have not crashed.
595 if BR2_GOOGLE_BREAKPAD_ENABLE
597 config BR2_GOOGLE_BREAKPAD_INCLUDE_FILES
598 string "List of executables and libraries to extract symbols from"
601 You may specify a space-separated list of binaries and
602 libraries with full paths relative to $(TARGET_DIR) of which
603 debug symbols will be dumped for further use with google
606 A directory structure that can be used by minidump-stackwalk
609 $(STAGING_DIR)/usr/share/google-breakpad-symbols
615 default BR2_SHARED_LIBS if BR2_BINFMT_SUPPORTS_SHARED
616 default BR2_STATIC_LIBS if !BR2_BINFMT_SUPPORTS_SHARED
618 Select the type of libraries you want to use on the target.
620 The default is to build dynamic libraries and use those on the
621 target filesystem, except when the architecture and/or the
622 selected binary format does not support shared libraries.
624 config BR2_STATIC_LIBS
626 depends on !BR2_TOOLCHAIN_USES_GLIBC
628 Build and use only static libraries. No shared libraries will
629 be installed on the target. This potentially increases your
630 code size and should only be used if you know what you are
631 doing. Note that some packages may not be available when this
632 option is enabled, due to their need for dynamic library
635 comment "static only needs a toolchain w/ uclibc or musl"
636 depends on BR2_TOOLCHAIN_USES_GLIBC
638 config BR2_SHARED_LIBS
640 depends on BR2_BINFMT_SUPPORTS_SHARED
642 Build and use only shared libraries. This is the recommended
643 solution as it saves space and build time.
645 config BR2_SHARED_STATIC_LIBS
646 bool "both static and shared"
647 depends on BR2_BINFMT_SUPPORTS_SHARED
649 Build both shared and static libraries, but link executables
650 dynamically. While building both shared and static libraries
651 take more time and more disk space, having static libraries
652 may be useful to link some of the applications statically.
656 config BR2_PACKAGE_OVERRIDE_FILE
657 string "location of a package override file"
658 default "$(CONFIG_DIR)/local.mk"
660 A package override file is a short makefile that contains
661 variable definitions of the form <pkg>_OVERRIDE_SRCDIR, which
662 allows to tell Buildroot to use an existing directory as the
663 source directory for a particular package. See the Buildroot
664 documentation for more details on this feature.
666 config BR2_GLOBAL_PATCH_DIR
667 string "global patch directories"
669 You may specify a space separated list of one or more
670 directories containing global package patches. For a specific
671 version <packageversion> of a specific package <packagename>,
672 patches are applied as follows:
674 First, the default Buildroot patch set for the package is
675 applied from the package's directory in Buildroot.
677 Then for every directory - <global-patch-dir> - that exists in
678 BR2_GLOBAL_PATCH_DIR, if the directory
679 <global-patch-dir>/<packagename>/<packageversion>/ exists,
680 then all *.patch files in this directory will be applied.
682 Otherwise, if the directory <global-patch-dir>/<packagename>
683 exists, then all *.patch files in the directory will be
688 config BR2_COMPILER_PARANOID_UNSAFE_PATH
689 bool "paranoid check of library/header paths"
692 By default, when this option is disabled, when the Buildroot
693 cross-compiler will encounter an unsafe library or header path
694 (such as /usr/include, or /usr/lib), the compiler will display
697 By enabling this option, this warning is turned into an error,
698 which will completely abort the build when such unsafe paths
701 Note that this mechanism is available for both the internal
702 toolchain (through the toolchain wrapper and binutils patches)
703 and external toolchain backends (through the toolchain
706 config BR2_FORCE_HOST_BUILD
707 bool "Force the building of host dependencies"
709 Build all available host dependencies, even if they are
710 already installed on the system.
712 This option can be used to ensure that the download cache of
713 source archives for packages remain consistent between
714 different build hosts.
716 This option will increase build time.
718 config BR2_REPRODUCIBLE
719 bool "Make the build reproducible (experimental)"
720 # SOURCE_DATE_EPOCH support in toolchain-wrapper requires GCC 4.4
721 depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_4
723 This option will remove all sources of non-reproducibility
724 from the build process. For a given Buildroot configuration,
725 this allows to generate exactly identical binaries from one
726 build to the other, including on different machines.
728 The current implementation is restricted to builds with the
729 same output directory. Many (absolute) paths are recorded in
730 intermediary files, and it is very likely that some of these
731 paths leak into the target rootfs. If you build with the
732 same O=... path, however, the result is identical.
734 This is labeled as an experimental feature, as not all
735 packages behave properly to ensure reproducibility.
737 config BR2_PER_PACKAGE_DIRECTORIES
738 bool "Use per-package directories (experimental)"
740 This option will change the build process of Buildroot
741 package to use per-package target and host directories.
743 This is useful for two related purposes:
745 - Cleanly isolate the build of each package, so that a
746 given package only "sees" the dependencies it has
747 explicitly expressed, and not other packages that may
748 have by chance been built before.
750 - Enable top-level parallel build.
752 This is labeled as an experimental feature, as not all
753 packages behave properly with per-package directories.
757 comment "Security Hardening Options"
759 config BR2_PIC_PIE_ARCH_SUPPORTS
762 # Microblaze glibc toolchains don't work with PIC/PIE enabled
763 depends on !BR2_microblaze
764 # Nios2 toolchains produce non working binaries with -fPIC
765 depends on !BR2_nios2
768 bool "Build code with PIC/PIE"
770 depends on BR2_PIC_PIE_ARCH_SUPPORTS
771 depends on BR2_SHARED_LIBS
772 depends on BR2_TOOLCHAIN_SUPPORTS_PIE
774 Generate Position-Independent Code (PIC) and link
775 Position-Independent Executables (PIE).
777 comment "PIC/PIE needs a toolchain w/ PIE"
778 depends on BR2_PIC_PIE_ARCH_SUPPORTS
779 depends on BR2_SHARED_LIBS
780 depends on !BR2_TOOLCHAIN_SUPPORTS_PIE
783 bool "Stack Smashing Protection"
784 default BR2_SSP_ALL if BR2_ENABLE_SSP # legacy
785 default BR2_SSP_STRONG if BR2_TOOLCHAIN_HAS_SSP_STRONG
786 default BR2_SSP_REGULAR
787 depends on BR2_TOOLCHAIN_HAS_SSP
789 Enable stack smashing protection support using GCC's
790 -fstack-protector option family.
793 http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
796 Note that this requires the toolchain to have SSP support.
797 This is always the case for glibc and eglibc toolchain, but is
798 optional in uClibc toolchains.
803 Disable stack-smashing protection.
805 config BR2_SSP_REGULAR
806 bool "-fstack-protector"
808 Emit extra code to check for buffer overflows, such as stack
809 smashing attacks. This is done by adding a guard variable to
810 functions with vulnerable objects. This includes functions
811 that call alloca, and functions with buffers larger than 8
812 bytes. The guards are initialized when a function is entered
813 and then checked when the function exits. If a guard check
814 fails, an error message is printed and the program exits.
816 config BR2_SSP_STRONG
817 bool "-fstack-protector-strong"
818 depends on BR2_TOOLCHAIN_HAS_SSP_STRONG
820 Like -fstack-protector but includes additional functions to be
821 protected - those that have local array definitions, or have
822 references to local frame addresses.
824 -fstack-protector-strong officially appeared in gcc 4.9, but
825 some vendors have backported -fstack-protector-strong to older
829 bool "-fstack-protector-all"
831 Like -fstack-protector except that all functions are
832 protected. This option might have a significant performance
833 impact on the compiled binaries.
837 config BR2_SSP_OPTION
839 default "-fstack-protector" if BR2_SSP_REGULAR
840 default "-fstack-protector-strong" if BR2_SSP_STRONG
841 default "-fstack-protector-all" if BR2_SSP_ALL
843 comment "Stack Smashing Protection needs a toolchain w/ SSP"
844 depends on !BR2_TOOLCHAIN_HAS_SSP
847 bool "RELRO Protection"
848 default BR2_RELRO_FULL if BR2_TOOLCHAIN_SUPPORTS_PIE
849 default BR2_RELRO_PARTIAL
850 depends on BR2_SHARED_LIBS
852 Enable a link-time protection know as RELRO (RELocation Read
853 Only) which helps to protect from certain type of exploitation
854 techniques altering the content of some ELF sections.
856 config BR2_RELRO_NONE
859 Disables Relocation link-time protections.
861 config BR2_RELRO_PARTIAL
864 This option makes the dynamic section not writeable after
865 initialization (with almost no performance penalty).
867 config BR2_RELRO_FULL
869 depends on BR2_PIC_PIE_ARCH_SUPPORTS
870 depends on BR2_TOOLCHAIN_SUPPORTS_PIE
873 This option includes the partial configuration, but also marks
874 the GOT as read-only at the cost of initialization time during
875 program loading, i.e every time an executable is started.
877 comment "RELRO Full needs a toolchain w/ PIE"
878 depends on BR2_PIC_PIE_ARCH_SUPPORTS
879 depends on !BR2_TOOLCHAIN_SUPPORTS_PIE
883 comment "RELocation Read Only (RELRO) needs shared libraries"
884 depends on !BR2_SHARED_LIBS
886 config BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
889 # Microblaze glibc toolchains don't work with Fortify Source enabled
890 depends on !BR2_microblaze
893 bool "Buffer-overflow Detection (FORTIFY_SOURCE)"
894 default BR2_FORTIFY_SOURCE_1
895 depends on BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
896 depends on BR2_TOOLCHAIN_USES_GLIBC
897 depends on !BR2_OPTIMIZE_0
899 Enable the _FORTIFY_SOURCE macro which introduces additional
900 checks to detect buffer-overflows in the following standard
901 library functions: memcpy, mempcpy, memmove, memset, strcpy,
902 stpcpy, strncpy, strcat, strncat, sprintf, vsprintf, snprintf,
905 NOTE: This feature requires an optimization level of s/1/2/3/g
907 Support for this feature has been present since GCC 4.x.
909 config BR2_FORTIFY_SOURCE_NONE
912 Disables additional checks to detect buffer-overflows.
914 config BR2_FORTIFY_SOURCE_1
916 # gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
917 depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
919 This option sets _FORTIFY_SOURCE to 1 and only introduces
920 checks that shouldn't change the behavior of conforming
921 programs. Adds checks at compile-time only.
923 config BR2_FORTIFY_SOURCE_2
925 # gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
926 depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
928 This option sets _FORTIFY_SOURCES to 2 and some more
929 checking is added, but some conforming programs might fail.
930 Also adds checks at run-time (detected buffer overflow
931 terminates the program)
933 config BR2_FORTIFY_SOURCE_3
935 depends on BR2_TOOLCHAIN_GCC_AT_LEAST_12
937 This option sets _FORTIFY_SOURCES to 3 and even more
938 checking is added compared to level 2. Extends checks at
939 run-time that can introduce an additional performance
944 comment "Fortify Source needs a glibc toolchain and optimization"
945 depends on BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
946 depends on (!BR2_TOOLCHAIN_USES_GLIBC || BR2_OPTIMIZE_0)
949 source "system/Config.in"
951 source "linux/Config.in"
953 source "package/Config.in"
955 source "fs/Config.in"
957 source "boot/Config.in"
959 source "package/Config.in.host"
961 source "Config.in.legacy"
963 # br2-external menus definitions
964 source "$BR2_BASE_DIR/.br2-external.in.menus"
projects / buildroot-mgba.git / blob