X-Git-Url: https://git.archive.openwrt.org/?a=blobdiff_plain;f=config%2FConfig-build.in;h=5ad940ba6c235cc222557003640c8a4136b8f2dd;hb=f650c74ddff8e8db6eaec159be90e2025f3f0f6d;hp=0ca145e3a96586919eef6ca9be13bac89dae9897;hpb=e46df1450d6f86c3921957047fe0cb38d541414c;p=openwrt.git

diff --git a/config/Config-build.in b/config/Config-build.in
index 0ca145e3a9..5ad940ba6c 100644
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -6,10 +6,18 @@
 
 menu "Global build settings"
 
+	config ALL_KMODS
+		bool "Select all kernel module packages by default"
+		default ALL
+
 	config ALL
-		bool "Select all packages by default"
+		bool "Select all userspace packages by default"
 		default n
 
+	config SIGNED_PACKAGES
+		bool "Cryptographically signed package lists"
+		default y
+
 	comment "General build options"
 
 	config DISPLAY_SUPPORT
@@ -32,14 +40,6 @@ menu "Global build settings"
 		  iconv and GNU gettext instead of the default OpenWrt stubs. If uClibc is
 		  used, it is also built with locale support.
 
-	config BUILD_STATIC_TOOLS
-		default n
-		bool "Attempt to link host utilities statically"
-		help
-		  Linking host utilities like sed or firmware-utils statically increases the
-		  portability of the generated ImageBuilder and SDK tarballs; however, it may
-		  fail on some Linux distributions.
-
 	config SHADOW_PASSWORDS
 		bool
 		prompt "Enable shadow password support"
@@ -83,7 +83,7 @@ menu "Global build settings"
 		prompt "Enable IPv6 support in packages"
 		default y
 		help
-		  Enable IPv6 support in packages (passes --enable-ipv6 to configure scripts).
+		  Enables IPv6 support in kernel (builtin) and packages.
 
 	config PKG_BUILD_PARALLEL
 		bool
@@ -143,7 +143,7 @@ menu "Global build settings"
 	choice
 		prompt "Binary stripping method"
 		default USE_STRIP   if EXTERNAL_TOOLCHAIN
-		default USE_STRIP   if USE_GLIBC || USE_EGLIBC || USE_MUSL
+		default USE_STRIP   if USE_GLIBC
 		default USE_SSTRIP
 		help
 		  Select the binary stripping method you wish to use.
@@ -152,7 +152,7 @@ menu "Global build settings"
 			bool "none"
 			help
 			  This will install unstripped binaries (useful for native
-		 	  compiling/debugging).
+			  compiling/debugging).
 
 		config USE_STRIP
 			bool "strip"
@@ -162,9 +162,7 @@ menu "Global build settings"
 
 		config USE_SSTRIP
 			bool "sstrip"
-			depends on !DEBUG
 			depends on !USE_GLIBC
-			depends on !USE_EGLIBC
 			help
 			  This will install binaries stripped using sstrip.
 	endchoice
@@ -195,7 +193,7 @@ menu "Global build settings"
 
 	choice
 		prompt "Preferred standard C++ library"
-		default USE_LIBSTDCXX if USE_EGLIBC
+		default USE_LIBSTDCXX if USE_GLIBC
 		default USE_UCLIBCXX
 		help
 		  Select the preferred standard C++ library for all packages that support this.
@@ -212,7 +210,7 @@ menu "Global build settings"
 	config PKG_CHECK_FORMAT_SECURITY
 		bool
 		prompt "Enable gcc format-security"
-		default n
+		default y
 		help
 		  Add -Wformat -Werror=format-security to the CFLAGS.  You can disable
 		  this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package
@@ -220,25 +218,27 @@ menu "Global build settings"
 
 	choice
 		prompt "User space Stack-Smashing Protection"
-		default PKG_CC_STACKPROTECTOR_NONE
+		depends on USE_MUSL
+		default PKG_CC_STACKPROTECTOR_REGULAR
 		help
 		  Enable GCC Stack Smashing Protection (SSP) for userspace applications
 		config PKG_CC_STACKPROTECTOR_NONE
 			bool "None"
 		config PKG_CC_STACKPROTECTOR_REGULAR
 			bool "Regular"
-			select SSP_SUPPORT
+			select SSP_SUPPORT if !USE_MUSL
 			depends on KERNEL_CC_STACKPROTECTOR_REGULAR
 		config PKG_CC_STACKPROTECTOR_STRONG
 			bool "Strong"
-			select SSP_SUPPORT
-			depends on GCC_VERSION_4_9_LINARO
+			select SSP_SUPPORT if !USE_MUSL
+			depends on GCC_VERSION_5
 			depends on KERNEL_CC_STACKPROTECTOR_STRONG
 	endchoice
 
 	choice
 		prompt "Kernel space Stack-Smashing Protection"
-		default KERNEL_CC_STACKPROTECTOR_NONE
+		default KERNEL_CC_STACKPROTECTOR_REGULAR
+		depends on USE_MUSL || !(x86_64 || i386)
 		help
 		  Enable GCC Stack-Smashing Protection (SSP) for the kernel
 		config KERNEL_CC_STACKPROTECTOR_NONE
@@ -246,19 +246,20 @@ menu "Global build settings"
 		config KERNEL_CC_STACKPROTECTOR_REGULAR
 			bool "Regular"
 		config KERNEL_CC_STACKPROTECTOR_STRONG
-			depends on GCC_VERSION_4_9_LINARO
+			depends on GCC_VERSION_5
 			bool "Strong"
 	endchoice
 
 	choice
 		prompt "Enable buffer-overflows detection (FORTIFY_SOURCE)"
+		default PKG_FORTIFY_SOURCE_1
 		help
 		  Enable the _FORTIFY_SOURCE macro which introduces additional
 		  checks to detect buffer-overflows in the following standard library
 		  functions: memcpy, mempcpy, memmove, memset, strcpy, stpcpy,
 		  strncpy, strcat, strncat, sprintf, vsprintf, snprintf, vsnprintf,
 		  gets.  "Conservative" (_FORTIFY_SOURCE set to 1) only introduces
-		  checks that sholdn't change the behavior of conforming programs,
+		  checks that shouldn't change the behavior of conforming programs,
 		  while "aggressive" (_FORTIFY_SOURCES set to 2) some more checking is
 		  added, but some conforming programs might fail.
 		config PKG_FORTIFY_SOURCE_NONE
@@ -271,8 +272,9 @@ menu "Global build settings"
 
 	choice
 		prompt "Enable RELRO protection"
+		default PKG_RELRO_FULL
 		help
-		  Enable a link-time protection know as RELRO (Relocation Read Only)
+		  Enable a link-time protection known as RELRO (Relocation Read Only)
 		  which helps to protect from certain type of exploitation techniques
 		  altering the content of some ELF sections. "Partial" RELRO makes the
 		  .dynamic section not writeable after initialization, introducing