config EXPERIMENTAL
bool "Enable experimental features by default"
- default n
help
Set this option to build with latest bleeding edge features
which may or may not work as expected.
positive and negative). But do so only if you know how to
recover your device in case of flashing potentially non-working
firmware.
-
+
If you plan to use this build in production, say NO!
menu "Global build settings"
config BUILDBOT
bool "Set build defaults for automatic builds (e.g. via buildbot)"
- default n
help
This option changes several defaults to be more suitable for
automatic builds. This includes the following changes:
bool "Enable signature checking in opkg"
default SIGNED_PACKAGES
+ config DOWNLOAD_CHECK_CERTIFICATE
+ bool "Enable TLS certificate verification during package download"
+ default y
+
comment "General build options"
config TESTING_KERNEL
config DISPLAY_SUPPORT
bool "Show packages that require graphics support (local or remote)"
- default n
config BUILD_PATENTED
- default n
bool "Compile with support for patented functionality"
help
When this option is disabled, software which provides patented functionality
functionality, this optional support will get disabled for this package.
config BUILD_NLS
- default n
bool "Compile with full language support"
help
When this option is enabled, packages are built with the full versions of
config CLEAN_IPKG
bool
prompt "Remove ipkg/opkg status data files in final images"
- default n
help
This removes all ipkg/opkg status data files from the target directory
before building the root filesystem.
config IPK_FILES_CHECKSUMS
bool
prompt "Record files checksums in package metadata"
- default n
help
This makes file checksums part of package metadata. It increases size
- but provides you with pkg_check command to check for flash coruptions.
+ but provides you with pkg_check command to check for flash corruptions.
config INCLUDE_CONFIG
bool "Include build configuration in firmware" if DEVEL
- default n
help
If enabled, buildinfo files will be stored in /etc/build.* of firmware.
config DEBUG
bool
prompt "Compile packages with debugging info"
- default n
help
Adds -g3 to the CFLAGS.
- config IPV6
+ config USE_GC_SECTIONS
bool
- prompt "Enable IPv6 support in packages"
- default y
+ prompt "Dead code and data elimination for all packages (EXPERIMENTAL)"
help
- Enables IPv6 support in kernel (builtin) and packages.
+ Places functions and data items into its own sections to use the linker's
+ garbage collection capabilites.
+ Packages can choose to opt-out via setting PKG_BUILD_FLAGS:=no-gc-sections
+
+ config USE_LTO
+ bool
+ prompt "Use the link-time optimizer for all packages (EXPERIMENTAL)"
+ help
+ Adds LTO flags to the CFLAGS and LDFLAGS.
+ Packages can choose to opt-out via setting PKG_BUILD_FLAGS:=no-lto
+
+ config IPV6
+ def_bool y
comment "Stripping options"
choice
prompt "Binary stripping method"
- default USE_STRIP if EXTERNAL_TOOLCHAIN
default USE_STRIP if USE_GLIBC
default USE_SSTRIP
help
help
This will install binaries stripped using strip from binutils.
-
config USE_SSTRIP
bool "sstrip"
depends on !USE_GLIBC
help
Specifies arguments passed to the strip command when stripping binaries.
- config SSTRIP_ARGS
- string
- prompt "Sstrip arguments"
+ config SSTRIP_DISCARD_TRAILING_ZEROES
+ bool "Strip trailing zero bytes"
depends on USE_SSTRIP
- default "-z"
+ default y
help
- Specifies arguments passed to the sstrip command when stripping binaries.
+ Use sstrip's -z option to discard trailing zero bytes
config STRIP_KERNEL_EXPORTS
bool "Strip unnecessary exports from the kernel image"
make the system libraries incompatible with most of the packages that are
not selected during the build process.
- choice
- prompt "Preferred standard C++ library"
- default USE_LIBSTDCXX if USE_GLIBC
- default USE_UCLIBCXX
- help
- Select the preferred standard C++ library for all packages that support this.
-
- config USE_UCLIBCXX
- bool "uClibc++"
-
- config USE_LIBSTDCXX
- bool "libstdc++"
- endchoice
-
comment "Hardening build options"
config PKG_CHECK_FORMAT_SECURITY
endchoice
+ config SECCOMP
+ bool "Enable SECCOMP"
+ select KERNEL_SECCOMP
+ select PACKAGE_procd-seccomp
+ depends on (aarch64 || arm || armeb || mips || mipsel || mips64 || mips64el || i386 || powerpc || x86_64)
+ depends on !TARGET_uml
+ default y
+ help
+ This option enables seccomp kernel features to safely
+ execute untrusted bytecode and selects the seccomp-variants
+ of procd
+
endmenu
projects / openwrt / staging / jow.git / blobdiff