+# SPDX-License-Identifier: GPL-2.0-only
+#
# Copyright (C) 2006-2013 OpenWrt.org
# Copyright (C) 2016 LEDE Project
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+
+config EXPERIMENTAL
+ bool "Enable experimental features by default"
+ default n
+ help
+ Set this option to build with latest bleeding edge features
+ which may or may not work as expected.
+ If you would like to help the development of OpenWrt, you are
+ encouraged to set this option and provide feedback (both
+ positive and negative). But do so only if you know how to
+ recover your device in case of flashing potentially non-working
+ firmware.
+
+ If you plan to use this build in production, say NO!
menu "Global build settings"
config JSON_OVERVIEW_IMAGE_INFO
bool "Create JSON info file overview per target"
- default BUILDBOT
+ default y
help
Create a JSON info file called profiles.json in the target
directory containing machine readable list of built profiles
bool "Enable signature checking in opkg"
default SIGNED_PACKAGES
+ config DOWNLOAD_CHECK_CERTIFICATE
+ bool "Enable TLS certificate verification during package download"
+ default y
+
comment "General build options"
config TESTING_KERNEL
bool "Use the testing kernel version"
depends on HAS_TESTING_KERNEL
- default n
+ default EXPERIMENTAL
help
If the target supports a newer kernel version than the default,
you can use this config option to enable it
default n
help
This makes file checksums part of package metadata. It increases size
- but provides you with pkg_check command to check for flash coruptions.
+ but provides you with pkg_check command to check for flash corruptions.
config INCLUDE_CONFIG
bool "Include build configuration in firmware" if DEVEL
Adds -g3 to the CFLAGS.
config IPV6
- bool
- prompt "Enable IPv6 support in packages"
- default y
- help
- Enables IPv6 support in kernel (builtin) and packages.
+ def_bool y
comment "Stripping options"
choice
prompt "Binary stripping method"
- default USE_STRIP if EXTERNAL_TOOLCHAIN
default USE_STRIP if USE_GLIBC
default USE_SSTRIP
help
make the system libraries incompatible with most of the packages that are
not selected during the build process.
- choice
- prompt "Preferred standard C++ library"
- default USE_LIBSTDCXX if USE_GLIBC
- default USE_UCLIBCXX
- help
- Select the preferred standard C++ library for all packages that support this.
-
- config USE_UCLIBCXX
- bool "uClibc++"
-
- config USE_LIBSTDCXX
- bool "libstdc++"
- endchoice
-
comment "Hardening build options"
config PKG_CHECK_FORMAT_SECURITY
endchoice
+ config SECCOMP
+ bool "Enable SECCOMP"
+ select KERNEL_SECCOMP
+ select PACKAGE_procd-seccomp
+ depends on (aarch64 || arm || armeb || mips || mipsel || mips64 || mips64el || i386 || powerpc || x86_64)
+ depends on !TARGET_uml
+ default y
+ help
+ This option enables seccomp kernel features to safely
+ execute untrusted bytecode and selects the seccomp-variants
+ of procd
+
endmenu