X-Git-Url: https://git.archive.openwrt.org/?a=blobdiff_plain;f=config%2FConfig-build.in;h=35c07c63f8a964c3b1de9edb45bbe2d4bfe929ec;hb=a833be775656312fe9a1fb5b3d235d03dc141533;hp=280f71923b7481074c6b7a38798274859a1b58b6;hpb=d6a6788fabc6387035500c123047f80f7ce20dad;p=openwrt.git diff --git a/config/Config-build.in b/config/Config-build.in index 280f71923b..35c07c63f8 100644 --- a/config/Config-build.in +++ b/config/Config-build.in @@ -6,10 +6,18 @@ menu "Global build settings" + config ALL_KMODS + bool "Select all kernel module packages by default" + default ALL + config ALL - bool "Select all packages by default" + bool "Select all userspace packages by default" default n + config SIGNED_PACKAGES + bool "Cryptographically signed package lists" + default y + comment "General build options" config DISPLAY_SUPPORT @@ -32,14 +40,6 @@ menu "Global build settings" iconv and GNU gettext instead of the default OpenWrt stubs. If uClibc is used, it is also built with locale support. - config BUILD_STATIC_TOOLS - default n - bool "Attempt to link host utilities statically" - help - Linking host utilities like sed or firmware-utils statically increases the - portability of the generated ImageBuilder and SDK tarballs; however, it may - fail on some Linux distributions. - config SHADOW_PASSWORDS bool prompt "Enable shadow password support" @@ -143,7 +143,7 @@ menu "Global build settings" choice prompt "Binary stripping method" default USE_STRIP if EXTERNAL_TOOLCHAIN - default USE_STRIP if USE_GLIBC || USE_EGLIBC || USE_MUSL + default USE_STRIP if USE_GLIBC || USE_MUSL default USE_SSTRIP help Select the binary stripping method you wish to use. @@ -164,7 +164,6 @@ menu "Global build settings" bool "sstrip" depends on !DEBUG depends on !USE_GLIBC - depends on !USE_EGLIBC help This will install binaries stripped using sstrip. endchoice @@ -195,7 +194,7 @@ menu "Global build settings" choice prompt "Preferred standard C++ library" - default USE_LIBSTDCXX if USE_EGLIBC + default USE_LIBSTDCXX if USE_GLIBC default USE_UCLIBCXX help Select the preferred standard C++ library for all packages that support this. @@ -212,7 +211,7 @@ menu "Global build settings" config PKG_CHECK_FORMAT_SECURITY bool prompt "Enable gcc format-security" - default n + default y help Add -Wformat -Werror=format-security to the CFLAGS. You can disable this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package @@ -220,25 +219,25 @@ menu "Global build settings" choice prompt "User space Stack-Smashing Protection" - default PKG_CC_STACKPROTECTOR_NONE + default PKG_CC_STACKPROTECTOR_REGULAR help Enable GCC Stack Smashing Protection (SSP) for userspace applications config PKG_CC_STACKPROTECTOR_NONE bool "None" config PKG_CC_STACKPROTECTOR_REGULAR bool "Regular" - select SSP_SUPPORT + select SSP_SUPPORT if !USE_MUSL depends on KERNEL_CC_STACKPROTECTOR_REGULAR config PKG_CC_STACKPROTECTOR_STRONG bool "Strong" - select SSP_SUPPORT + select SSP_SUPPORT if !USE_MUSL depends on GCC_VERSION_4_9_LINARO depends on KERNEL_CC_STACKPROTECTOR_STRONG endchoice choice prompt "Kernel space Stack-Smashing Protection" - default KERNEL_CC_STACKPROTECTOR_NONE + default KERNEL_CC_STACKPROTECTOR_REGULAR help Enable GCC Stack-Smashing Protection (SSP) for the kernel config KERNEL_CC_STACKPROTECTOR_NONE @@ -251,14 +250,14 @@ menu "Global build settings" endchoice choice - prompt "Enable buffer-overflows detction (FORTIFY_SOURCE)" + prompt "Enable buffer-overflows detection (FORTIFY_SOURCE)" help Enable the _FORTIFY_SOURCE macro which introduces additional checks to detect buffer-overflows in the following standard library functions: memcpy, mempcpy, memmove, memset, strcpy, stpcpy, strncpy, strcat, strncat, sprintf, vsprintf, snprintf, vsnprintf, gets. "Conservative" (_FORTIFY_SOURCE set to 1) only introduces - checks that sholdn't change the behavior of conforming programs, + checks that shouldn't change the behavior of conforming programs, while "aggressive" (_FORTIFY_SOURCES set to 2) some more checking is added, but some conforming programs might fail. config PKG_FORTIFY_SOURCE_NONE @@ -271,8 +270,9 @@ menu "Global build settings" choice prompt "Enable RELRO protection" + default PKG_RELRO_FULL help - Enable a link-time protection know as RELRO (Relocation Read Only) + Enable a link-time protection known as RELRO (Relocation Read Only) which helps to protect from certain type of exploitation techniques altering the content of some ELF sections. "Partial" RELRO makes the .dynamic section not writeable after initialization, introducing