1#
2
3mainmenu "Buildroot $BR2_VERSION Configuration"
4
5config BR2_HAVE_DOT_CONFIG
6	bool
7	default y
8
9config BR2_VERSION
10	string
11	option env="BR2_VERSION_FULL"
12
13config BR2_HOSTARCH
14	string
15	option env="HOSTARCH"
16
17config BR2_BASE_DIR
18	string
19	option env="BASE_DIR"
20
21# br2-external paths definitions
22source "$BR2_BASE_DIR/.br2-external.in.paths"
23
24# Hidden config symbols for packages to check system gcc version
25config BR2_HOST_GCC_VERSION
26	string
27	option env="HOST_GCC_VERSION"
28
29config BR2_HOST_GCC_AT_LEAST_4_9
30	bool
31	default y if BR2_HOST_GCC_VERSION = "4 9"
32
33config BR2_HOST_GCC_AT_LEAST_5
34	bool
35	default y if BR2_HOST_GCC_VERSION = "5"
36	select BR2_HOST_GCC_AT_LEAST_4_9
37
38config BR2_HOST_GCC_AT_LEAST_6
39	bool
40	default y if BR2_HOST_GCC_VERSION = "6"
41	select BR2_HOST_GCC_AT_LEAST_5
42
43config BR2_HOST_GCC_AT_LEAST_7
44	bool
45	default y if BR2_HOST_GCC_VERSION = "7"
46	select BR2_HOST_GCC_AT_LEAST_6
47
48config BR2_HOST_GCC_AT_LEAST_8
49	bool
50	default y if BR2_HOST_GCC_VERSION = "8"
51	select BR2_HOST_GCC_AT_LEAST_7
52
53config BR2_HOST_GCC_AT_LEAST_9
54	bool
55	default y if BR2_HOST_GCC_VERSION = "9"
56	select BR2_HOST_GCC_AT_LEAST_8
57
58config BR2_HOST_GCC_AT_LEAST_10
59	bool
60	default y if BR2_HOST_GCC_VERSION = "10"
61	select BR2_HOST_GCC_AT_LEAST_9
62
63config BR2_HOST_GCC_AT_LEAST_11
64	bool
65	default y if BR2_HOST_GCC_VERSION = "11"
66	select BR2_HOST_GCC_AT_LEAST_10
67
68# When adding new entries above, be sure to update
69# the HOSTCC_MAX_VERSION variable in the Makefile.
70
71# Hidden boolean selected by packages in need of Java in order to build
72# (example: kodi)
73config BR2_NEEDS_HOST_JAVA
74	bool
75
76# Hidden boolean selected by pre-built packages for x86, when they
77# need to run on x86-64 machines (example: pre-built external
78# toolchains, binary tools, etc.).
79config BR2_HOSTARCH_NEEDS_IA32_LIBS
80	bool
81
82# Hidden boolean selected by packages that need to build 32 bits
83# binaries with the host compiler, even on 64 bits build machines (e.g
84# bootloaders).
85config BR2_HOSTARCH_NEEDS_IA32_COMPILER
86	bool
87
88# Hidden boolean selected by packages that need the host to have an
89# UTF8 locale.
90config BR2_NEEDS_HOST_UTF8_LOCALE
91	bool
92
93# Hidden boolean selected by packages that need the host to have
94# support for building gcc plugins
95config BR2_NEEDS_HOST_GCC_PLUGIN_SUPPORT
96	bool
97
98source "arch/Config.in"
99
100source "toolchain/Config.in"
101
102menu "Build options"
103
104menu "Commands"
105
106config BR2_WGET
107	string "Wget command"
108	default "wget -nd -t 3"
109
110config BR2_SVN
111	string "Subversion (svn) command"
112	default "svn --non-interactive"
113
114config BR2_BZR
115	string "Bazaar (bzr) command"
116	default "bzr"
117
118config BR2_GIT
119	string "Git command"
120	default "git"
121
122config BR2_CVS
123	string "CVS command"
124	default "cvs"
125
126config BR2_LOCALFILES
127	string "Local files retrieval command"
128	default "cp"
129
130config BR2_SCP
131	string "Secure copy (scp) command"
132	default "scp"
133
134config BR2_SFTP
135	string "Secure file transfer (sftp) command"
136	default "sftp"
137
138config BR2_HG
139	string "Mercurial (hg) command"
140	default "hg"
141
142config BR2_ZCAT
143	string "zcat command"
144	default "gzip -d -c"
145	help
146	  Command to be used to extract a gzip'ed file to stdout. zcat
147	  is identical to gunzip -c except that the former may not be
148	  available on your system.
149	  Default is "gzip -d -c"
150	  Other possible values include "gunzip -c" or "zcat".
151
152config BR2_BZCAT
153	string "bzcat command"
154	default "bzcat"
155	help
156	  Command to be used to extract a bzip2'ed file to stdout.
157	  bzcat is identical to bunzip2 -c except that the former may
158	  not be available on your system.
159	  Default is "bzcat"
160	  Other possible values include "bunzip2 -c" or "bzip2 -d -c".
161
162config BR2_XZCAT
163	string "xzcat command"
164	default "xzcat"
165	help
166	  Command to be used to extract a xz'ed file to stdout.
167	  Default is "xzcat"
168
169config BR2_LZCAT
170	string "lzcat command"
171	default "lzip -d -c"
172	help
173	  Command to be used to extract a lzip'ed file to stdout.
174	  Default is "lzip -d -c"
175
176config BR2_TAR_OPTIONS
177	string "Tar options"
178	default ""
179	help
180	  Options to pass to tar when extracting the sources.
181	  E.g. " -v --exclude='*.svn*'" to exclude all .svn internal
182	  files and to be verbose.
183
184endmenu
185
186config BR2_DEFCONFIG_FROM_ENV
187	string
188	option env="BR2_DEFCONFIG"
189
190config BR2_DEFCONFIG
191	string "Location to save buildroot config"
192	default BR2_DEFCONFIG_FROM_ENV if BR2_DEFCONFIG_FROM_ENV != ""
193	default "$(CONFIG_DIR)/defconfig"
194	help
195	  When running 'make savedefconfig', the defconfig file will be
196	  saved in this location.
197
198config BR2_DL_DIR
199	string "Download dir"
200	default "$(TOPDIR)/dl"
201	help
202	  Directory to store all the source files that we need to fetch.
203	  If the Linux shell environment has defined the BR2_DL_DIR
204	  environment variable, then this overrides this configuration
205	  item.
206	  The directory is organized with a subdirectory for each
207	  package. Each package has its own $(LIBFOO_DL_DIR) variable
208	  that can be used to find the correct path.
209
210	  The default is $(TOPDIR)/dl
211
212config BR2_HOST_DIR
213	string "Host dir"
214	default "$(BASE_DIR)/host"
215	help
216	  Directory to store all the binary files that are built for the
217	  host. This includes the cross compilation toolchain when
218	  building the internal buildroot toolchain.
219
220	  The default is $(BASE_DIR)/host
221
222menu "Mirrors and Download locations"
223
224config BR2_PRIMARY_SITE
225	string "Primary download site"
226	default ""
227	help
228	  Primary site to download from. If this option is set then
229	  buildroot will try to download package source first from this
230	  site and try the default if the file is not found.
231	  Valid URIs are:
232	    - URIs recognized by $(WGET)
233	    - local URIs of the form file://absolutepath
234	    - scp URIs of the form scp://[user@]host:path.
235
236config BR2_PRIMARY_SITE_ONLY
237	bool "Only allow downloads from primary download site"
238	depends on BR2_PRIMARY_SITE != ""
239	help
240	  If this option is enabled, downloads will only be attempted
241	  from the primary download site. Other locations, like the
242	  package's official download location or the backup download
243	  site, will not be considered. Therefore, if the package is not
244	  present on the primary site, the download fails.
245
246	  This is useful for project developers who want to ensure that
247	  the project can be built even if the upstream tarball
248	  locations disappear.
249
250if !BR2_PRIMARY_SITE_ONLY
251
252config BR2_BACKUP_SITE
253	string "Backup download site"
254	default "https://sources.buildroot.net"
255	help
256	  Backup site to download from. If this option is set then
257	  buildroot will fall back to download package sources from here
258	  if the normal location fails.
259
260config BR2_KERNEL_MIRROR
261	string "Kernel.org mirror"
262	default "https://cdn.kernel.org/pub"
263	help
264	  kernel.org is mirrored on a number of servers around the
265	  world. The following allows you to select your preferred
266	  mirror. By default, a CDN is used, which automatically
267	  redirects to a mirror geographically close to you.
268
269	  Have a look on the kernel.org site for a list of mirrors, then
270	  enter the URL to the base directory. Examples:
271
272	     http://www.XX.kernel.org/pub (XX = country code)
273	     http://mirror.aarnet.edu.au/pub/ftp.kernel.org
274
275config BR2_GNU_MIRROR
276	string "GNU Software mirror"
277	default "http://ftpmirror.gnu.org"
278	help
279	  GNU has multiple software mirrors scattered around the
280	  world. The following allows you to select your preferred
281	  mirror. By default, a generic address is used, which
282	  automatically selects an up-to-date and local mirror.
283
284	  Have a look on the gnu.org site for a list of mirrors, then
285	  enter the URL to the base directory. Examples:
286
287	     http://ftp.gnu.org/pub/gnu
288	     http://mirror.aarnet.edu.au/pub/gnu
289
290config BR2_LUAROCKS_MIRROR
291	string "LuaRocks mirror"
292	default "http://rocks.moonscript.org"
293	help
294	  LuaRocks repository.
295
296	  See http://luarocks.org
297
298config BR2_CPAN_MIRROR
299	string "CPAN mirror (Perl packages)"
300	default "https://cpan.metacpan.org"
301	help
302	  CPAN (Comprehensive Perl Archive Network) is a repository of
303	  Perl packages. It has multiple software mirrors scattered
304	  around the world. This option allows you to select a mirror.
305
306	  The list of mirrors is available at:
307	  http://mirrors.cpan.org/          (tabular)
308	  http://mirrors.cpan.org/map.html  (clickable world map)
309
310endif
311
312endmenu
313
314config BR2_JLEVEL
315	int "Number of jobs to run simultaneously (0 for auto)"
316	default "0"
317	help
318	  Number of jobs to run simultaneously. If 0, determine
319	  automatically according to number of CPUs on the host system.
320
321comment "ccache needs a host gcc >= 8"
322	depends on !BR2_HOST_GCC_AT_LEAST_8
323
324config BR2_CCACHE
325	bool "Enable compiler cache"
326	depends on BR2_HOST_GCC_AT_LEAST_8
327	help
328	  This option will enable the use of ccache, a compiler cache.
329	  It will cache the result of previous builds to speed up future
330	  builds. By default, the cache is stored in
331	  $HOME/.buildroot-ccache.
332
333	  Note that Buildroot does not try to invalidate the cache
334	  contents when the compiler changes in an incompatible way.
335	  Therefore, if you make a change to the compiler version and/or
336	  configuration, you are responsible for purging the ccache
337	  cache by removing the $HOME/.buildroot-ccache directory.
338
339if BR2_CCACHE
340
341config BR2_CCACHE_DIR
342	string "Compiler cache location"
343	default "$(HOME)/.buildroot-ccache"
344	help
345	  Where ccache should store cached files.
346	  If the Linux shell environment has defined the BR2_CCACHE_DIR
347	  environment variable, then this overrides this configuration
348	  item.
349
350config BR2_CCACHE_INITIAL_SETUP
351	string "Compiler cache initial setup"
352	help
353	  Initial ccache settings to apply, such as --max-files or
354	  --max-size.
355
356	  For example, if your project is known to require more space
357	  than the default max cache size, then you might want to
358	  increase the cache size to a suitable amount using the -M
359	  (--max-size) option.
360
361	  The string you specify here is passed verbatim to ccache.
362	  Refer to ccache documentation for more details.
363
364	  These initial settings are applied after ccache has been
365	  compiled.
366
367config BR2_CCACHE_USE_BASEDIR
368	bool "Use relative paths"
369	default y
370	help
371	  Allow ccache to convert absolute paths within the output
372	  directory into relative paths.
373
374	  During the build, many -I include directives are given with an
375	  absolute path. These absolute paths end up in the hashes that
376	  are computed by ccache. Therefore, when you build from a
377	  different directory, the hash will be different and the cached
378	  object will not be used.
379
380	  To improve cache performance, set this option to y. This
381	  allows ccache to rewrite absolute paths within the output
382	  directory into relative paths. Note that only paths within the
383	  output directory will be rewritten; therefore, if you change
384	  BR2_HOST_DIR to point outside the output directory and
385	  subsequently move it to a different location, this will lead
386	  to cache misses.
387
388	  This option has as a result that the debug information in the
389	  object files also has only relative paths. Therefore, make
390	  sure you cd to the build directory before starting gdb. See
391	  the section "COMPILING IN DIFFERENT DIRECTORIES" in the ccache
392	  manual for more information.
393
394endif
395
396config BR2_ENABLE_DEBUG
397	bool "build packages with debugging symbols"
398	help
399	  Build packages with debugging symbols enabled. All libraries
400	  and binaries in the 'staging' directory will have debugging
401	  symbols, which allows remote debugging even if libraries and
402	  binaries are stripped on the target. Whether libraries and
403	  binaries are stripped on the target is controlled by the
404	  BR2_STRIP_* options below.
405
406if BR2_ENABLE_DEBUG
407choice
408	prompt "gcc debug level"
409	default BR2_DEBUG_2
410	help
411	  Set the debug level for gcc
412
413config BR2_DEBUG_1
414	bool "debug level 1"
415	help
416	  Debug level 1 produces minimal information, enough for making
417	  backtraces in parts of the program that you don't plan to
418	  debug. This includes descriptions of functions and external
419	  variables, but no information about local variables and no
420	  line numbers.
421
422config BR2_DEBUG_2
423	bool "debug level 2"
424	help
425	  The default gcc debug level is 2
426
427config BR2_DEBUG_3
428	bool "debug level 3"
429	help
430	  Level 3 includes extra information, such as all the macro
431	  definitions present in the program. Some debuggers support
432	  macro expansion when you use -g3.
433endchoice
434endif
435
436config BR2_ENABLE_RUNTIME_DEBUG
437	bool "build packages with runtime debugging info"
438	help
439	  Some packages may have runtime assertions, extra traces, and
440	  similar runtime elements that can help debugging. However,
441	  these elements may negatively influence performance so should
442	  normally not be enabled on production systems.
443
444	  Enable this option to enable such runtime debugging.
445
446	  Note: disabling this option is not a guarantee that all
447	  packages effectively removed these runtime debugging elements.
448
449config BR2_STRIP_strip
450	bool "strip target binaries"
451	default y
452	depends on BR2_BINFMT_ELF
453	help
454	  Binaries and libraries in the target filesystem will be
455	  stripped using the normal 'strip' command. This allows to save
456	  space, mainly by removing debugging symbols. Debugging symbols
457	  on the target are needed for native debugging, but not when
458	  remote debugging is used.
459
460config BR2_STRIP_EXCLUDE_FILES
461	string "executables that should not be stripped"
462	default ""
463	depends on BR2_STRIP_strip
464	help
465	  You may specify a space-separated list of binaries and
466	  libraries here that should not be stripped on the target.
467
468config BR2_STRIP_EXCLUDE_DIRS
469	string "directories that should be skipped when stripping"
470	default ""
471	depends on BR2_STRIP_strip
472	help
473	  You may specify a space-separated list of directories that
474	  should be skipped when stripping. Binaries and libraries in
475	  these directories will not be touched. The directories should
476	  be specified relative to the target directory, without leading
477	  slash.
478
479choice
480	prompt "gcc optimization level"
481	default BR2_OPTIMIZE_2
482	help
483	  Set the optimization level for gcc
484
485config BR2_OPTIMIZE_0
486	bool "optimization level 0"
487	help
488	  Do not optimize.
489
490config BR2_OPTIMIZE_1
491	bool "optimization level 1"
492	help
493	  Optimize. Optimizing compilation takes somewhat more time, and
494	  a lot more memory for a large function. With -O, the compiler
495	  tries to reduce code size and execution time, without
496	  performing any optimizations that take a great deal of
497	  compilation time. -O turns on the following optimization
498	  flags: -fdefer-pop -fdelayed-branch -fguess-branch-probability
499	  -fcprop-registers -floop-optimize -fif-conversion
500	  -fif-conversion2 -ftree-ccp -ftree-dce -ftree-dominator-opts
501	  -ftree-dse -ftree-ter -ftree-lrs -ftree-sra -ftree-copyrename
502	  -ftree-fre -ftree-ch -funit-at-a-time -fmerge-constants. -O
503	  also turns on -fomit-frame-pointer on machines where doing so
504	  does not interfere with debugging.
505
506config BR2_OPTIMIZE_2
507	bool "optimization level 2"
508	help
509	  Optimize even more. GCC performs nearly all supported
510	  optimizations that do not involve a space-speed tradeoff. The
511	  compiler does not perform loop unrolling or function inlining
512	  when you specify -O2. As compared to -O, this option increases
513	  both compilation time and the performance of the generated
514	  code. -O2 turns on all optimization flags specified by -O. It
515	  also turns on the following optimization flags:
516	  -fthread-jumps -fcrossjumping -foptimize-sibling-calls
517	  -fcse-follow-jumps -fcse-skip-blocks -fgcse  -fgcse-lm
518	  -fexpensive-optimizations -fstrength-reduce
519	  -frerun-cse-after-loop -frerun-loop-opt -fcaller-saves
520	  -fpeephole2 -fschedule-insns -fschedule-insns2
521	  -fsched-interblock -fsched-spec -fregmove -fstrict-aliasing
522	  -fdelete-null-pointer-checks -freorder-blocks
523	  -freorder-functions -falign-functions -falign-jumps
524	  -falign-loops -falign-labels -ftree-vrp -ftree-pre. Please
525	  note the warning under -fgcse about invoking -O2 on programs
526	  that use computed gotos.
527	  This is the default.
528
529config BR2_OPTIMIZE_3
530	bool "optimization level 3"
531	help
532	  Optimize yet more. -O3 turns on all optimizations specified by
533	  -O2 and also turns on the -finline-functions, -funswitch-loops
534	  and -fgcse-after-reload options.
535
536config BR2_OPTIMIZE_G
537	bool "optimize for debugging"
538	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8
539	help
540	  Optimize for debugging. This enables optimizations that do not
541	  interfere with debugging. It should be the optimization level
542	  of choice for the standard edit-compile-debug cycle, offering
543	  a reasonable level of optimization while maintaining fast
544	  compilation and a good debugging experience.
545
546config BR2_OPTIMIZE_S
547	bool "optimize for size"
548	help
549	  Optimize for size. -Os enables all -O2 optimizations that do
550	  not typically increase code size. It also performs further
551	  optimizations designed to reduce code size. -Os disables the
552	  following optimization flags: -falign-functions -falign-jumps
553	  -falign-loops -falign-labels -freorder-blocks
554	  -freorder-blocks-and-partition -fprefetch-loop-arrays
555	  -ftree-vect-loop-version
556
557config BR2_OPTIMIZE_FAST
558	bool "optimize for fast (may break packages!)"
559	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_6
560	help
561	  Optimize for fast. Disregard strict standards
562	  compliance. -Ofast enables all -O3 optimizations. It also
563	  enables optimizations that are not valid for all
564	  standard-compliant programs, so be careful, as it may break
565	  some packages. It turns on -ffast-math and the
566	  Fortran-specific -fstack-arrays, unless -fmax-stack-var-size
567	  is specified, and -fno-protect-parens.
568
569endchoice
570
571config BR2_ENABLE_LTO
572	bool "build packages with link-time optimisation"
573	help
574	  Enable the link-time optimisation (LTO) option when building
575	  packages. Link-time optimisation re-runs optimisations at
576	  link time, which allows the compiler to do interprocedural
577	  analysis across compilation units and thus come with better
578	  results: smaller size and better performance.
579
580	  Note that this analysis is limited to statically linked
581	  object files and libraries.
582
583	  This option may significantly increase build times,
584	  sometimes 5 times longer, with only limited gains.
585
586	  At this time, this option only enables LTO in packages that
587	  have an explicit configuration option for it. Other packages
588	  always enable LTO, but most packages never enable LTO.
589
590config BR2_GOOGLE_BREAKPAD_ENABLE
591	bool "Enable google-breakpad support"
592	depends on BR2_INSTALL_LIBSTDCPP
593	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_7 # C++17
594	depends on BR2_USE_WCHAR
595	depends on BR2_TOOLCHAIN_HAS_THREADS
596	depends on BR2_TOOLCHAIN_USES_GLIBC
597	depends on BR2_PACKAGE_GOOGLE_BREAKPAD_ARCH_SUPPORTS
598	depends on BR2_PACKAGE_HOST_GOOGLE_BREAKPAD_ARCH_SUPPORTS
599	select BR2_PACKAGE_GOOGLE_BREAKPAD
600	help
601	  This option will enable the use of google breakpad, a library
602	  and tool suite that allows you to distribute an application to
603	  users with compiler-provided debugging information removed,
604	  record crashes in compact "minidump" files, send them back to
605	  your server and produce C and C++ stack traces from these
606	  minidumps. Breakpad can also write minidumps on request for
607	  programs that have not crashed.
608
609if BR2_GOOGLE_BREAKPAD_ENABLE
610
611config BR2_GOOGLE_BREAKPAD_INCLUDE_FILES
612	string "List of executables and libraries to extract symbols from"
613	default ""
614	help
615	  You may specify a space-separated list of binaries and
616	  libraries with full paths relative to $(TARGET_DIR) of which
617	  debug symbols will be dumped for further use with google
618	  breakpad.
619
620	  A directory structure that can be used by minidump-stackwalk
621	  will be created at:
622
623	  $(STAGING_DIR)/usr/share/google-breakpad-symbols
624
625endif
626
627choice
628	bool "libraries"
629	default BR2_SHARED_LIBS if BR2_BINFMT_SUPPORTS_SHARED
630	default BR2_STATIC_LIBS if !BR2_BINFMT_SUPPORTS_SHARED
631	help
632	  Select the type of libraries you want to use on the target.
633
634	  The default is to build dynamic libraries and use those on the
635	  target filesystem, except when the architecture and/or the
636	  selected binary format does not support shared libraries.
637
638config BR2_STATIC_LIBS
639	bool "static only"
640	depends on !BR2_TOOLCHAIN_USES_GLIBC
641	help
642	  Build and use only static libraries. No shared libraries will
643	  be installed on the target. This potentially increases your
644	  code size and should only be used if you know what you are
645	  doing. Note that some packages may not be available when this
646	  option is enabled, due to their need for dynamic library
647	  support.
648
649comment "static only needs a toolchain w/ uclibc or musl"
650	depends on BR2_TOOLCHAIN_USES_GLIBC
651
652config BR2_SHARED_LIBS
653	bool "shared only"
654	depends on BR2_BINFMT_SUPPORTS_SHARED
655	help
656	  Build and use only shared libraries. This is the recommended
657	  solution as it saves space and build time.
658
659config BR2_SHARED_STATIC_LIBS
660	bool "both static and shared"
661	depends on BR2_BINFMT_SUPPORTS_SHARED
662	help
663	  Build both shared and static libraries, but link executables
664	  dynamically. While building both shared and static libraries
665	  take more time and more disk space, having static libraries
666	  may be useful to link some of the applications statically.
667
668endchoice
669
670config BR2_PACKAGE_OVERRIDE_FILE
671	string "location of a package override file"
672	default "$(CONFIG_DIR)/local.mk"
673	help
674	  A package override file is a short makefile that contains
675	  variable definitions of the form <pkg>_OVERRIDE_SRCDIR, which
676	  allows to tell Buildroot to use an existing directory as the
677	  source directory for a particular package. See the Buildroot
678	  documentation for more details on this feature.
679
680config BR2_GLOBAL_PATCH_DIR
681	string "global patch and hash directories"
682	help
683	  You may specify a space separated list of one or more
684	  directories containing global package patches and/or hashes.
685	  For a specific version <packageversion> of a specific package
686	  <packagename>, patches are looked up as follows:
687
688	  First, the default Buildroot patch set for the package is
689	  applied from the package's directory in Buildroot.
690
691	  Then for every directory - <global-patch-dir> - that exists in
692	  BR2_GLOBAL_PATCH_DIR, if the directory
693	  <global-patch-dir>/<packagename>/<packageversion>/ exists,
694	  then all *.patch files in this directory will be applied.
695
696	  Otherwise, if the directory <global-patch-dir>/<packagename>
697	  exists, then all *.patch files in the directory will be
698	  applied.
699
700	  The hash files are looked up similarly to the patches.
701
702menu "Advanced"
703
704config BR2_FORCE_HOST_BUILD
705	bool "Force the building of host dependencies"
706	help
707	  Build all available host dependencies, even if they are
708	  already installed on the system.
709
710	  This option can be used to ensure that the download cache of
711	  source archives for packages remain consistent between
712	  different build hosts.
713
714	  This option will increase build time.
715
716config BR2_DOWNLOAD_FORCE_CHECK_HASHES
717	bool "Force all downloads to have a valid hash"
718	help
719	  Say 'y' here to enforce downloads to have at least one valid
720	  hash (and of course, that all hashes be valid).
721
722	  By default, Buildroot checks hashes of all packages
723	  downloaded, except those for which a custom version is
724	  used.
725
726	  With this option turned on, Buildroot will check hashes of
727	  all packages, including those that use a custom version. In
728	  order to provide hashes for such packages, place additional
729	  hash files in BR2_GLOBAL_PATCH_DIR directories.
730
731config BR2_REPRODUCIBLE
732	bool "Make the build reproducible (experimental)"
733	# SOURCE_DATE_EPOCH support in toolchain-wrapper requires GCC 4.4
734	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_4
735	help
736	  This option will remove all sources of non-reproducibility
737	  from the build process. For a given Buildroot configuration,
738	  this allows to generate exactly identical binaries from one
739	  build to the other, including on different machines.
740
741	  The current implementation is restricted to builds with the
742	  same output directory. Many (absolute) paths are recorded in
743	  intermediary files, and it is very likely that some of these
744	  paths leak into the target rootfs. If you build with the
745	  same O=... path, however, the result is identical.
746
747	  This is labeled as an experimental feature, as not all
748	  packages behave properly to ensure reproducibility.
749
750config BR2_PER_PACKAGE_DIRECTORIES
751	bool "Use per-package directories (experimental)"
752	help
753	  This option will change the build process of Buildroot
754	  package to use per-package target and host directories.
755
756	  This is useful for two related purposes:
757
758	    - Cleanly isolate the build of each package, so that a
759	      given package only "sees" the dependencies it has
760	      explicitly expressed, and not other packages that may
761	      have by chance been built before.
762
763	    - Enable top-level parallel build.
764
765	  This is labeled as an experimental feature, as not all
766	  packages behave properly with per-package directories.
767
768endmenu
769
770config BR2_TIME_BITS_64
771	bool "Build Y2038-ready code"
772	depends on BR2_TOOLCHAIN_USES_GLIBC && !BR2_ARCH_IS_64
773	help
774	  This option will pass -D_TIME_BITS=64 in the compiler flags
775	  to ensure the glibc C library uses a 64-bit representation
776	  for time_t and other time types, which ensures that
777	  programs/libraries will correctly handle time past year
778	  2038.
779
780	  This option only has an effect with glibc >= 2.34, as
781	  earlier glibc versions did not have support for 64-bit
782	  time_t.
783
784comment "Security Hardening Options"
785
786config BR2_PIC_PIE_ARCH_SUPPORTS
787	bool
788	default y
789	# Microblaze glibc toolchains don't work with PIC/PIE enabled
790	depends on !BR2_microblaze
791	# Nios2 toolchains produce non working binaries with -fPIC
792	depends on !BR2_nios2
793
794config BR2_PIC_PIE
795	bool "Build code with PIC/PIE"
796	default y
797	depends on BR2_PIC_PIE_ARCH_SUPPORTS
798	depends on BR2_SHARED_LIBS
799	depends on BR2_TOOLCHAIN_SUPPORTS_PIE
800	help
801	  Generate Position-Independent Code (PIC) and link
802	  Position-Independent Executables (PIE).
803
804comment "PIC/PIE needs a toolchain w/ PIE"
805	depends on BR2_PIC_PIE_ARCH_SUPPORTS
806	depends on BR2_SHARED_LIBS
807	depends on !BR2_TOOLCHAIN_SUPPORTS_PIE
808
809choice
810	bool "Stack Smashing Protection"
811	default BR2_SSP_ALL if BR2_ENABLE_SSP # legacy
812	default BR2_SSP_STRONG if BR2_TOOLCHAIN_HAS_SSP_STRONG
813	default BR2_SSP_REGULAR
814	depends on BR2_TOOLCHAIN_HAS_SSP
815	help
816	  Enable stack smashing protection support using GCC's
817	  -fstack-protector option family.
818
819	  See
820	  http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
821	  for details.
822
823	  Note that this requires the toolchain to have SSP support.
824	  This is always the case for glibc and eglibc toolchain, but is
825	  optional in uClibc toolchains.
826
827config BR2_SSP_NONE
828	bool "None"
829	help
830	  Disable stack-smashing protection.
831
832config BR2_SSP_REGULAR
833	bool "-fstack-protector"
834	help
835	  Emit extra code to check for buffer overflows, such as stack
836	  smashing attacks. This is done by adding a guard variable to
837	  functions with vulnerable objects. This includes functions
838	  that call alloca, and functions with buffers larger than 8
839	  bytes. The guards are initialized when a function is entered
840	  and then checked when the function exits. If a guard check
841	  fails, an error message is printed and the program exits.
842
843config BR2_SSP_STRONG
844	bool "-fstack-protector-strong"
845	depends on BR2_TOOLCHAIN_HAS_SSP_STRONG
846	help
847	  Like -fstack-protector but includes additional functions to be
848	  protected - those that have local array definitions, or have
849	  references to local frame addresses.
850
851	  -fstack-protector-strong officially appeared in gcc 4.9, but
852	  some vendors have backported -fstack-protector-strong to older
853	  versions of gcc.
854
855config BR2_SSP_ALL
856	bool "-fstack-protector-all"
857	help
858	  Like -fstack-protector except that all functions are
859	  protected. This option might have a significant performance
860	  impact on the compiled binaries.
861
862endchoice
863
864config BR2_SSP_OPTION
865	string
866	default "-fstack-protector"        if BR2_SSP_REGULAR
867	default "-fstack-protector-strong" if BR2_SSP_STRONG
868	default "-fstack-protector-all"    if BR2_SSP_ALL
869
870comment "Stack Smashing Protection needs a toolchain w/ SSP"
871	depends on !BR2_TOOLCHAIN_HAS_SSP
872
873choice
874	bool "RELRO Protection"
875	default BR2_RELRO_FULL if BR2_TOOLCHAIN_SUPPORTS_PIE
876	default BR2_RELRO_PARTIAL
877	depends on BR2_SHARED_LIBS
878	help
879	  Enable a link-time protection know as RELRO (RELocation Read
880	  Only) which helps to protect from certain type of exploitation
881	  techniques altering the content of some ELF sections.
882
883config BR2_RELRO_NONE
884	bool "None"
885	help
886	  Disables Relocation link-time protections.
887
888config BR2_RELRO_PARTIAL
889	bool "Partial"
890	help
891	  This option makes the dynamic section not writeable after
892	  initialization (with almost no performance penalty).
893
894config BR2_RELRO_FULL
895	bool "Full"
896	depends on BR2_PIC_PIE_ARCH_SUPPORTS
897	depends on BR2_TOOLCHAIN_SUPPORTS_PIE
898	select BR2_PIC_PIE
899	help
900	  This option includes the partial configuration, but also marks
901	  the GOT as read-only at the cost of initialization time during
902	  program loading, i.e every time an executable is started.
903
904comment "RELRO Full needs a toolchain w/ PIE"
905	depends on BR2_PIC_PIE_ARCH_SUPPORTS
906	depends on !BR2_TOOLCHAIN_SUPPORTS_PIE
907
908endchoice
909
910comment "RELocation Read Only (RELRO) needs shared libraries"
911	depends on !BR2_SHARED_LIBS
912
913config BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
914	bool
915	default y
916	# Microblaze glibc toolchains don't work with Fortify Source enabled
917	depends on !BR2_microblaze
918
919choice
920	bool "Buffer-overflow Detection (FORTIFY_SOURCE)"
921	default BR2_FORTIFY_SOURCE_1
922	depends on BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
923	depends on BR2_TOOLCHAIN_USES_GLIBC
924	depends on !BR2_OPTIMIZE_0
925	help
926	  Enable the _FORTIFY_SOURCE macro which introduces additional
927	  checks to detect buffer-overflows in the following standard
928	  library functions: memcpy, mempcpy, memmove, memset, strcpy,
929	  stpcpy, strncpy, strcat, strncat, sprintf, vsprintf, snprintf,
930	  vsnprintf, gets.
931
932	  NOTE: This feature requires an optimization level of s/1/2/3/g
933
934	  Support for this feature has been present since GCC 4.x.
935
936config BR2_FORTIFY_SOURCE_NONE
937	bool "None"
938	help
939	  Disables additional checks to detect buffer-overflows.
940
941config BR2_FORTIFY_SOURCE_1
942	bool "Conservative"
943	# gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
944	depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
945	help
946	  This option sets _FORTIFY_SOURCE to 1 and only introduces
947	  checks that shouldn't change the behavior of conforming
948	  programs.  Adds checks at compile-time only.
949
950config BR2_FORTIFY_SOURCE_2
951	bool "Aggressive"
952	# gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
953	depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
954	help
955	  This option sets _FORTIFY_SOURCES to 2 and some more
956	  checking is added, but some conforming programs might fail.
957	  Also adds checks at run-time (detected buffer overflow
958	  terminates the program)
959
960config BR2_FORTIFY_SOURCE_3
961	bool "Extended"
962	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_12
963	help
964	  This option sets _FORTIFY_SOURCES to 3 and even more
965	  checking is added compared to level 2. Extends checks at
966	  run-time that can introduce an additional performance
967	  overhead.
968
969endchoice
970
971comment "Fortify Source needs a glibc toolchain and optimization"
972	depends on BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
973	depends on (!BR2_TOOLCHAIN_USES_GLIBC || BR2_OPTIMIZE_0)
974endmenu
975
976source "system/Config.in"
977
978source "linux/Config.in"
979
980source "package/Config.in"
981
982source "fs/Config.in"
983
984source "boot/Config.in"
985
986source "package/Config.in.host"
987
988source "Config.in.legacy"
989
990# br2-external menus definitions
991source "$BR2_BASE_DIR/.br2-external.in.menus"
992