3 mainmenu "Buildroot $BR2_VERSION Configuration"
5 config BR2_HAVE_DOT_CONFIG
11 option env="BR2_VERSION_FULL"
21 # br2-external paths definitions
22 source "$BR2_BASE_DIR/.br2-external.in.paths"
24 # Hidden config symbols for packages to check system gcc version
25 config BR2_HOST_GCC_VERSION
27 option env="HOST_GCC_VERSION"
29 config BR2_HOST_GCC_AT_LEAST_4_9
31 default y if BR2_HOST_GCC_VERSION = "4 9"
33 config BR2_HOST_GCC_AT_LEAST_5
35 default y if BR2_HOST_GCC_VERSION = "5"
36 select BR2_HOST_GCC_AT_LEAST_4_9
38 config BR2_HOST_GCC_AT_LEAST_6
40 default y if BR2_HOST_GCC_VERSION = "6"
41 select BR2_HOST_GCC_AT_LEAST_5
43 config BR2_HOST_GCC_AT_LEAST_7
45 default y if BR2_HOST_GCC_VERSION = "7"
46 select BR2_HOST_GCC_AT_LEAST_6
48 config BR2_HOST_GCC_AT_LEAST_8
50 default y if BR2_HOST_GCC_VERSION = "8"
51 select BR2_HOST_GCC_AT_LEAST_7
53 config BR2_HOST_GCC_AT_LEAST_9
55 default y if BR2_HOST_GCC_VERSION = "9"
56 select BR2_HOST_GCC_AT_LEAST_8
58 # When adding new entries above, be sure to update
59 # the HOSTCC_MAX_VERSION variable in the Makefile.
61 # Hidden boolean selected by packages in need of Java in order to build
63 config BR2_NEEDS_HOST_JAVA
66 # Hidden boolean selected by pre-built packages for x86, when they
67 # need to run on x86-64 machines (example: pre-built external
68 # toolchains, binary tools like SAM-BA, etc.).
69 config BR2_HOSTARCH_NEEDS_IA32_LIBS
72 # Hidden boolean selected by packages that need to build 32 bits
73 # binaries with the host compiler, even on 64 bits build machines (e.g
75 config BR2_HOSTARCH_NEEDS_IA32_COMPILER
78 # Hidden boolean selected by packages that need the host to have an
80 config BR2_NEEDS_HOST_UTF8_LOCALE
83 # Hidden boolean selected by packages that need the host to have
84 # support for building gcc plugins
85 config BR2_NEEDS_HOST_GCC_PLUGIN_SUPPORT
88 source "arch/Config.in"
96 default "wget --passive-ftp -nd -t 3"
99 string "Subversion (svn) command"
100 default "svn --non-interactive"
103 string "Bazaar (bzr) command"
114 config BR2_LOCALFILES
115 string "Local files retrieval command"
119 string "Secure copy (scp) command"
123 string "Mercurial (hg) command"
127 string "zcat command"
130 Command to be used to extract a gzip'ed file to stdout. zcat
131 is identical to gunzip -c except that the former may not be
132 available on your system.
133 Default is "gzip -d -c"
134 Other possible values include "gunzip -c" or "zcat".
137 string "bzcat command"
140 Command to be used to extract a bzip2'ed file to stdout.
141 bzcat is identical to bunzip2 -c except that the former may
142 not be available on your system.
144 Other possible values include "bunzip2 -c" or "bzip2 -d -c".
147 string "xzcat command"
150 Command to be used to extract a xz'ed file to stdout.
154 string "lzcat command"
157 Command to be used to extract a lzip'ed file to stdout.
158 Default is "lzip -d -c"
160 config BR2_TAR_OPTIONS
164 Options to pass to tar when extracting the sources.
165 E.g. " -v --exclude='*.svn*'" to exclude all .svn internal
166 files and to be verbose.
170 config BR2_DEFCONFIG_FROM_ENV
172 option env="BR2_DEFCONFIG"
175 string "Location to save buildroot config"
176 default BR2_DEFCONFIG_FROM_ENV if BR2_DEFCONFIG_FROM_ENV != ""
177 default "$(CONFIG_DIR)/defconfig"
179 When running 'make savedefconfig', the defconfig file will be
180 saved in this location.
183 string "Download dir"
184 default "$(TOPDIR)/dl"
186 Directory to store all the source files that we need to fetch.
187 If the Linux shell environment has defined the BR2_DL_DIR
188 environment variable, then this overrides this configuration
190 The directory is organized with a subdirectory for each
191 package. Each package has its own $(LIBFOO_DL_DIR) variable
192 that can be used to find the correct path.
194 The default is $(TOPDIR)/dl
198 default "$(BASE_DIR)/host"
200 Directory to store all the binary files that are built for the
201 host. This includes the cross compilation toolchain when
202 building the internal buildroot toolchain.
204 The default is $(BASE_DIR)/host
206 menu "Mirrors and Download locations"
208 config BR2_PRIMARY_SITE
209 string "Primary download site"
212 Primary site to download from. If this option is set then
213 buildroot will try to download package source first from this
214 site and try the default if the file is not found.
216 - URIs recognized by $(WGET)
217 - local URIs of the form file://absolutepath
218 - scp URIs of the form scp://[user@]host:path.
220 config BR2_PRIMARY_SITE_ONLY
221 bool "Only allow downloads from primary download site"
222 depends on BR2_PRIMARY_SITE != ""
224 If this option is enabled, downloads will only be attempted
225 from the primary download site. Other locations, like the
226 package's official download location or the backup download
227 site, will not be considered. Therefore, if the package is not
228 present on the primary site, the download fails.
230 This is useful for project developers who want to ensure that
231 the project can be built even if the upstream tarball
234 if !BR2_PRIMARY_SITE_ONLY
236 config BR2_BACKUP_SITE
237 string "Backup download site"
238 default "http://sources.buildroot.net"
240 Backup site to download from. If this option is set then
241 buildroot will fall back to download package sources from here
242 if the normal location fails.
244 config BR2_KERNEL_MIRROR
245 string "Kernel.org mirror"
246 default "https://cdn.kernel.org/pub"
248 kernel.org is mirrored on a number of servers around the
249 world. The following allows you to select your preferred
250 mirror. By default, a CDN is used, which automatically
251 redirects to a mirror geographically close to you.
253 Have a look on the kernel.org site for a list of mirrors, then
254 enter the URL to the base directory. Examples:
256 http://www.XX.kernel.org/pub (XX = country code)
257 http://mirror.aarnet.edu.au/pub/ftp.kernel.org
259 config BR2_GNU_MIRROR
260 string "GNU Software mirror"
261 default "http://ftpmirror.gnu.org"
263 GNU has multiple software mirrors scattered around the
264 world. The following allows you to select your preferred
265 mirror. By default, a generic address is used, which
266 automatically selects an up-to-date and local mirror.
268 Have a look on the gnu.org site for a list of mirrors, then
269 enter the URL to the base directory. Examples:
271 http://ftp.gnu.org/pub/gnu
272 http://mirror.aarnet.edu.au/pub/gnu
274 config BR2_LUAROCKS_MIRROR
275 string "LuaRocks mirror"
276 default "http://rocks.moonscript.org"
280 See http://luarocks.org
282 config BR2_CPAN_MIRROR
283 string "CPAN mirror (Perl packages)"
284 default "http://cpan.metacpan.org"
286 CPAN (Comprehensive Perl Archive Network) is a repository of
287 Perl packages. It has multiple software mirrors scattered
288 around the world. This option allows you to select a mirror.
290 The list of mirrors is available at:
291 http://search.cpan.org/mirror
298 int "Number of jobs to run simultaneously (0 for auto)"
301 Number of jobs to run simultaneously. If 0, determine
302 automatically according to number of CPUs on the host system.
305 bool "Enable compiler cache"
307 This option will enable the use of ccache, a compiler cache.
308 It will cache the result of previous builds to speed up future
309 builds. By default, the cache is stored in
310 $HOME/.buildroot-ccache.
312 Note that Buildroot does not try to invalidate the cache
313 contents when the compiler changes in an incompatible way.
314 Therefore, if you make a change to the compiler version and/or
315 configuration, you are responsible for purging the ccache
316 cache by removing the $HOME/.buildroot-ccache directory.
320 config BR2_CCACHE_DIR
321 string "Compiler cache location"
322 default "$(HOME)/.buildroot-ccache"
324 Where ccache should store cached files.
325 If the Linux shell environment has defined the BR2_CCACHE_DIR
326 environment variable, then this overrides this configuration
329 config BR2_CCACHE_INITIAL_SETUP
330 string "Compiler cache initial setup"
332 Initial ccache settings to apply, such as --max-files or
335 For example, if your project is known to require more space
336 than the default max cache size, then you might want to
337 increase the cache size to a suitable amount using the -M
340 The string you specify here is passed verbatim to ccache.
341 Refer to ccache documentation for more details.
343 These initial settings are applied after ccache has been
346 config BR2_CCACHE_USE_BASEDIR
347 bool "Use relative paths"
350 Allow ccache to convert absolute paths within the output
351 directory into relative paths.
353 During the build, many -I include directives are given with an
354 absolute path. These absolute paths end up in the hashes that
355 are computed by ccache. Therefore, when you build from a
356 different directory, the hash will be different and the cached
357 object will not be used.
359 To improve cache performance, set this option to y. This
360 allows ccache to rewrite absolute paths within the output
361 directory into relative paths. Note that only paths within the
362 output directory will be rewritten; therefore, if you change
363 BR2_HOST_DIR to point outside the output directory and
364 subsequently move it to a different location, this will lead
367 This option has as a result that the debug information in the
368 object files also has only relative paths. Therefore, make
369 sure you cd to the build directory before starting gdb. See
370 the section "COMPILING IN DIFFERENT DIRECTORIES" in the ccache
371 manual for more information.
375 config BR2_ENABLE_DEBUG
376 bool "build packages with debugging symbols"
378 Build packages with debugging symbols enabled. All libraries
379 and binaries in the 'staging' directory will have debugging
380 symbols, which allows remote debugging even if libraries and
381 binaries are stripped on the target. Whether libraries and
382 binaries are stripped on the target is controlled by the
383 BR2_STRIP_* options below.
387 prompt "gcc debug level"
390 Set the debug level for gcc
395 Debug level 1 produces minimal information, enough for making
396 backtraces in parts of the program that you don't plan to
397 debug. This includes descriptions of functions and external
398 variables, but no information about local variables and no
404 The default gcc debug level is 2
409 Level 3 includes extra information, such as all the macro
410 definitions present in the program. Some debuggers support
411 macro expansion when you use -g3.
415 config BR2_ENABLE_RUNTIME_DEBUG
416 bool "build packages with runtime debugging info"
418 Some packages may have runtime assertions, extra traces, and
419 similar runtime elements that can help debugging. However,
420 these elements may negatively influence performance so should
421 normally not be enabled on production systems.
423 Enable this option to enable such runtime debugging.
425 Note: disabling this option is not a guarantee that all
426 packages effectively removed these runtime debugging elements.
428 config BR2_STRIP_strip
429 bool "strip target binaries"
431 depends on !BR2_PACKAGE_HOST_ELF2FLT
433 Binaries and libraries in the target filesystem will be
434 stripped using the normal 'strip' command. This allows to save
435 space, mainly by removing debugging symbols. Debugging symbols
436 on the target are needed for native debugging, but not when
437 remote debugging is used.
439 config BR2_STRIP_EXCLUDE_FILES
440 string "executables that should not be stripped"
442 depends on BR2_STRIP_strip
444 You may specify a space-separated list of binaries and
445 libraries here that should not be stripped on the target.
447 config BR2_STRIP_EXCLUDE_DIRS
448 string "directories that should be skipped when stripping"
450 depends on BR2_STRIP_strip
452 You may specify a space-separated list of directories that
453 should be skipped when stripping. Binaries and libraries in
454 these directories will not be touched. The directories should
455 be specified relative to the target directory, without leading
459 prompt "gcc optimization level"
460 default BR2_OPTIMIZE_S
462 Set the optimization level for gcc
464 config BR2_OPTIMIZE_0
465 bool "optimization level 0"
469 config BR2_OPTIMIZE_1
470 bool "optimization level 1"
472 Optimize. Optimizing compilation takes somewhat more time, and
473 a lot more memory for a large function. With -O, the compiler
474 tries to reduce code size and execution time, without
475 performing any optimizations that take a great deal of
476 compilation time. -O turns on the following optimization
477 flags: -fdefer-pop -fdelayed-branch -fguess-branch-probability
478 -fcprop-registers -floop-optimize -fif-conversion
479 -fif-conversion2 -ftree-ccp -ftree-dce -ftree-dominator-opts
480 -ftree-dse -ftree-ter -ftree-lrs -ftree-sra -ftree-copyrename
481 -ftree-fre -ftree-ch -funit-at-a-time -fmerge-constants. -O
482 also turns on -fomit-frame-pointer on machines where doing so
483 does not interfere with debugging.
485 config BR2_OPTIMIZE_2
486 bool "optimization level 2"
488 Optimize even more. GCC performs nearly all supported
489 optimizations that do not involve a space-speed tradeoff. The
490 compiler does not perform loop unrolling or function inlining
491 when you specify -O2. As compared to -O, this option increases
492 both compilation time and the performance of the generated
493 code. -O2 turns on all optimization flags specified by -O. It
494 also turns on the following optimization flags:
495 -fthread-jumps -fcrossjumping -foptimize-sibling-calls
496 -fcse-follow-jumps -fcse-skip-blocks -fgcse -fgcse-lm
497 -fexpensive-optimizations -fstrength-reduce
498 -frerun-cse-after-loop -frerun-loop-opt -fcaller-saves
499 -fpeephole2 -fschedule-insns -fschedule-insns2
500 -fsched-interblock -fsched-spec -fregmove -fstrict-aliasing
501 -fdelete-null-pointer-checks -freorder-blocks
502 -freorder-functions -falign-functions -falign-jumps
503 -falign-loops -falign-labels -ftree-vrp -ftree-pre. Please
504 note the warning under -fgcse about invoking -O2 on programs
505 that use computed gotos.
507 config BR2_OPTIMIZE_3
508 bool "optimization level 3"
510 Optimize yet more. -O3 turns on all optimizations specified by
511 -O2 and also turns on the -finline-functions, -funswitch-loops
512 and -fgcse-after-reload options.
514 config BR2_OPTIMIZE_G
515 bool "optimize for debugging"
516 depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8
518 Optimize for debugging. This enables optimizations that do not
519 interfere with debugging. It should be the optimization level
520 of choice for the standard edit-compile-debug cycle, offering
521 a reasonable level of optimization while maintaining fast
522 compilation and a good debugging experience.
524 config BR2_OPTIMIZE_S
525 bool "optimize for size"
527 Optimize for size. -Os enables all -O2 optimizations that do
528 not typically increase code size. It also performs further
529 optimizations designed to reduce code size. -Os disables the
530 following optimization flags: -falign-functions -falign-jumps
531 -falign-loops -falign-labels -freorder-blocks
532 -freorder-blocks-and-partition -fprefetch-loop-arrays
533 -ftree-vect-loop-version
536 config BR2_OPTIMIZE_FAST
537 bool "optimize for fast (may break packages!)"
538 depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_6
540 Optimize for fast. Disregard strict standards
541 compliance. -Ofast enables all -O3 optimizations. It also
542 enables optimizations that are not valid for all
543 standard-compliant programs, so be careful, as it may break
544 some packages. It turns on -ffast-math and the
545 Fortran-specific -fstack-arrays, unless -fmax-stack-var-size
546 is specified, and -fno-protect-parens.
550 config BR2_GOOGLE_BREAKPAD_ENABLE
551 bool "Enable google-breakpad support"
552 depends on BR2_INSTALL_LIBSTDCPP
553 depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # C++11
554 depends on BR2_USE_WCHAR
555 depends on BR2_TOOLCHAIN_HAS_THREADS
556 depends on (BR2_TOOLCHAIN_USES_GLIBC || BR2_TOOLCHAIN_USES_UCLIBC)
557 depends on BR2_PACKAGE_GOOGLE_BREAKPAD_ARCH_SUPPORTS
558 depends on BR2_PACKAGE_HOST_GOOGLE_BREAKPAD_ARCH_SUPPORTS
559 select BR2_PACKAGE_GOOGLE_BREAKPAD
561 This option will enable the use of google breakpad, a library
562 and tool suite that allows you to distribute an application to
563 users with compiler-provided debugging information removed,
564 record crashes in compact "minidump" files, send them back to
565 your server and produce C and C++ stack traces from these
566 minidumps. Breakpad can also write minidumps on request for
567 programs that have not crashed.
569 if BR2_GOOGLE_BREAKPAD_ENABLE
571 config BR2_GOOGLE_BREAKPAD_INCLUDE_FILES
572 string "List of executables and libraries to extract symbols from"
575 You may specify a space-separated list of binaries and
576 libraries with full paths relative to $(TARGET_DIR) of which
577 debug symbols will be dumped for further use with google
580 A directory structure that can be used by minidump-stackwalk
583 $(STAGING_DIR)/usr/share/google-breakpad-symbols
589 default BR2_SHARED_LIBS if BR2_BINFMT_SUPPORTS_SHARED
590 default BR2_STATIC_LIBS if !BR2_BINFMT_SUPPORTS_SHARED
592 Select the type of libraries you want to use on the target.
594 The default is to build dynamic libraries and use those on the
595 target filesystem, except when the architecture and/or the
596 selected binary format does not support shared libraries.
598 config BR2_STATIC_LIBS
601 Build and use only static libraries. No shared libraries will
602 be installed on the target. This potentially increases your
603 code size and should only be used if you know what you are
604 doing. Note that some packages may not be available when this
605 option is enabled, due to their need for dynamic library
608 config BR2_SHARED_LIBS
610 depends on BR2_BINFMT_SUPPORTS_SHARED
612 Build and use only shared libraries. This is the recommended
613 solution as it saves space and build time.
615 config BR2_SHARED_STATIC_LIBS
616 bool "both static and shared"
617 depends on BR2_BINFMT_SUPPORTS_SHARED
619 Build both shared and static libraries, but link executables
620 dynamically. While building both shared and static libraries
621 take more time and more disk space, having static libraries
622 may be useful to link some of the applications statically.
626 config BR2_PACKAGE_OVERRIDE_FILE
627 string "location of a package override file"
628 default "$(CONFIG_DIR)/local.mk"
630 A package override file is a short makefile that contains
631 variable definitions of the form <pkg>_OVERRIDE_SRCDIR, which
632 allows to tell Buildroot to use an existing directory as the
633 source directory for a particular package. See the Buildroot
634 documentation for more details on this feature.
636 config BR2_GLOBAL_PATCH_DIR
637 string "global patch directories"
639 You may specify a space separated list of one or more
640 directories containing global package patches. For a specific
641 version <packageversion> of a specific package <packagename>,
642 patches are applied as follows:
644 First, the default Buildroot patch set for the package is
645 applied from the package's directory in Buildroot.
647 Then for every directory - <global-patch-dir> - that exists in
648 BR2_GLOBAL_PATCH_DIR, if the directory
649 <global-patch-dir>/<packagename>/<packageversion>/ exists,
650 then all *.patch files in this directory will be applied.
652 Otherwise, if the directory <global-patch-dir>/<packagename>
653 exists, then all *.patch files in the directory will be
658 config BR2_COMPILER_PARANOID_UNSAFE_PATH
659 bool "paranoid check of library/header paths"
662 By default, when this option is disabled, when the Buildroot
663 cross-compiler will encounter an unsafe library or header path
664 (such as /usr/include, or /usr/lib), the compiler will display
667 By enabling this option, this warning is turned into an error,
668 which will completely abort the build when such unsafe paths
671 Note that this mechanism is available for both the internal
672 toolchain (through the toolchain wrapper and binutils patches)
673 and external toolchain backends (through the toolchain
676 config BR2_FORCE_HOST_BUILD
677 bool "Force the building of host dependencies"
679 Build all available host dependencies, even if they are
680 already installed on the system.
682 This option can be used to ensure that the download cache of
683 source archives for packages remain consistent between
684 different build hosts.
686 This option will increase build time.
688 config BR2_REPRODUCIBLE
689 bool "Make the build reproducible (experimental)"
690 # SOURCE_DATE_EPOCH support in toolchain-wrapper requires GCC 4.4
691 depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_4
693 This option will remove all sources of non-reproducibility
694 from the build process. For a given Buildroot configuration,
695 this allows to generate exactly identical binaries from one
696 build to the other, including on different machines.
698 The current implementation is restricted to builds with the
699 same output directory. Many (absolute) paths are recorded in
700 intermediary files, and it is very likely that some of these
701 paths leak into the target rootfs. If you build with the
702 same O=... path, however, the result is identical.
704 This is labeled as an experimental feature, as not all
705 packages behave properly to ensure reproducibility.
707 config BR2_PER_PACKAGE_DIRECTORIES
708 bool "Use per-package directories (experimental)"
710 This option will change the build process of Buildroot
711 package to use per-package target and host directories.
713 This is useful for two related purposes:
715 - Cleanly isolate the build of each package, so that a
716 given package only "sees" the dependencies it has
717 explicitly expressed, and not other packages that may
718 have by chance been built before.
720 - Enable top-level parallel build.
722 This is labeled as an experimental feature, as not all
723 packages behave properly with per-package directories.
727 comment "Security Hardening Options"
729 config BR2_PIC_PIE_ARCH_SUPPORTS
732 # Microblaze glibc toolchains don't work with PIC/PIE enabled
733 depends on !BR2_microblaze
734 # Nios2 toolchains produce non working binaries with -fPIC
735 depends on !BR2_nios2
738 bool "Build code with PIC/PIE"
740 depends on BR2_PIC_PIE_ARCH_SUPPORTS
741 depends on BR2_SHARED_LIBS
742 depends on BR2_TOOLCHAIN_SUPPORTS_PIE
744 Generate Position-Independent Code (PIC) and link
745 Position-Independent Executables (PIE).
747 comment "PIC/PIE needs a toolchain w/ PIE"
748 depends on BR2_PIC_PIE_ARCH_SUPPORTS
749 depends on BR2_SHARED_LIBS
750 depends on !BR2_TOOLCHAIN_SUPPORTS_PIE
753 bool "Stack Smashing Protection"
754 default BR2_SSP_ALL if BR2_ENABLE_SSP # legacy
755 default BR2_SSP_STRONG if BR2_TOOLCHAIN_HAS_SSP_STRONG
756 default BR2_SSP_REGULAR
757 depends on BR2_TOOLCHAIN_HAS_SSP
759 Enable stack smashing protection support using GCC's
760 -fstack-protector option family.
763 http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
766 Note that this requires the toolchain to have SSP support.
767 This is always the case for glibc and eglibc toolchain, but is
768 optional in uClibc toolchains.
773 Disable stack-smashing protection.
775 config BR2_SSP_REGULAR
776 bool "-fstack-protector"
778 Emit extra code to check for buffer overflows, such as stack
779 smashing attacks. This is done by adding a guard variable to
780 functions with vulnerable objects. This includes functions
781 that call alloca, and functions with buffers larger than 8
782 bytes. The guards are initialized when a function is entered
783 and then checked when the function exits. If a guard check
784 fails, an error message is printed and the program exits.
786 config BR2_SSP_STRONG
787 bool "-fstack-protector-strong"
788 depends on BR2_TOOLCHAIN_HAS_SSP_STRONG
790 Like -fstack-protector but includes additional functions to be
791 protected - those that have local array definitions, or have
792 references to local frame addresses.
794 -fstack-protector-strong officially appeared in gcc 4.9, but
795 some vendors have backported -fstack-protector-strong to older
799 bool "-fstack-protector-all"
801 Like -fstack-protector except that all functions are
802 protected. This option might have a significant performance
803 impact on the compiled binaries.
807 config BR2_SSP_OPTION
809 default "-fstack-protector" if BR2_SSP_REGULAR
810 default "-fstack-protector-strong" if BR2_SSP_STRONG
811 default "-fstack-protector-all" if BR2_SSP_ALL
813 comment "Stack Smashing Protection needs a toolchain w/ SSP"
814 depends on !BR2_TOOLCHAIN_HAS_SSP
817 bool "RELRO Protection"
818 default BR2_RELRO_FULL if BR2_TOOLCHAIN_SUPPORTS_PIE
819 default BR2_RELRO_PARTIAL
820 depends on BR2_SHARED_LIBS
822 Enable a link-time protection know as RELRO (RELocation Read
823 Only) which helps to protect from certain type of exploitation
824 techniques altering the content of some ELF sections.
826 config BR2_RELRO_NONE
829 Disables Relocation link-time protections.
831 config BR2_RELRO_PARTIAL
834 This option makes the dynamic section not writeable after
835 initialization (with almost no performance penalty).
837 config BR2_RELRO_FULL
839 depends on BR2_PIC_PIE_ARCH_SUPPORTS
840 depends on BR2_TOOLCHAIN_SUPPORTS_PIE
843 This option includes the partial configuration, but also marks
844 the GOT as read-only at the cost of initialization time during
845 program loading, i.e every time an executable is started.
847 comment "RELRO Full needs a toolchain w/ PIE"
848 depends on BR2_PIC_PIE_ARCH_SUPPORTS
849 depends on !BR2_TOOLCHAIN_SUPPORTS_PIE
853 comment "RELocation Read Only (RELRO) needs shared libraries"
854 depends on !BR2_SHARED_LIBS
856 config BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
859 # Microblaze glibc toolchains don't work with Fortify Source enabled
860 depends on !BR2_microblaze
863 bool "Buffer-overflow Detection (FORTIFY_SOURCE)"
864 default BR2_FORTIFY_SOURCE_1
865 depends on BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
866 depends on BR2_TOOLCHAIN_USES_GLIBC
867 depends on !BR2_OPTIMIZE_0
869 Enable the _FORTIFY_SOURCE macro which introduces additional
870 checks to detect buffer-overflows in the following standard
871 library functions: memcpy, mempcpy, memmove, memset, strcpy,
872 stpcpy, strncpy, strcat, strncat, sprintf, vsprintf, snprintf,
875 NOTE: This feature requires an optimization level of s/1/2/3/g
877 Support for this feature has been present since GCC 4.x.
879 config BR2_FORTIFY_SOURCE_NONE
882 Disables additional checks to detect buffer-overflows.
884 config BR2_FORTIFY_SOURCE_1
886 # gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
887 depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
889 This option sets _FORTIFY_SOURCE to 1 and only introduces
890 checks that shouldn't change the behavior of conforming
891 programs. Adds checks at compile-time only.
893 config BR2_FORTIFY_SOURCE_2
895 # gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
896 depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
898 This option sets _FORTIFY_SOURCES to 2 and some more
899 checking is added, but some conforming programs might fail.
900 Also adds checks at run-time (detected buffer overflow
901 terminates the program)
905 comment "Fortify Source needs a glibc toolchain and optimization"
906 depends on BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
907 depends on (!BR2_TOOLCHAIN_USES_GLIBC || BR2_OPTIMIZE_0)
910 source "toolchain/Config.in"
912 source "system/Config.in"
914 source "linux/Config.in"
916 source "package/Config.in"
918 source "fs/Config.in"
920 source "boot/Config.in"
922 source "package/Config.in.host"
924 source "Config.in.legacy"
926 # br2-external menus definitions
927 source "$BR2_BASE_DIR/.br2-external.in.menus"