X-Git-Url: https://git.archive.openwrt.org/?a=blobdiff_plain;f=config%2FConfig-build.in;h=5ad940ba6c235cc222557003640c8a4136b8f2dd;hb=f650c74ddff8e8db6eaec159be90e2025f3f0f6d;hp=213609b8b2bf277659cd2e4eb1bf6d5046d6ead6;hpb=60e0b4c321836f6523c25a1de1a6a79085a1bdc6;p=openwrt.git diff --git a/config/Config-build.in b/config/Config-build.in index 213609b8b2..5ad940ba6c 100644 --- a/config/Config-build.in +++ b/config/Config-build.in @@ -6,10 +6,18 @@ menu "Global build settings" + config ALL_KMODS + bool "Select all kernel module packages by default" + default ALL + config ALL - bool "Select all packages by default" + bool "Select all userspace packages by default" default n + config SIGNED_PACKAGES + bool "Cryptographically signed package lists" + default y + comment "General build options" config DISPLAY_SUPPORT @@ -75,7 +83,7 @@ menu "Global build settings" prompt "Enable IPv6 support in packages" default y help - Enable IPv6 support in packages (passes --enable-ipv6 to configure scripts). + Enables IPv6 support in kernel (builtin) and packages. config PKG_BUILD_PARALLEL bool @@ -135,7 +143,7 @@ menu "Global build settings" choice prompt "Binary stripping method" default USE_STRIP if EXTERNAL_TOOLCHAIN - default USE_STRIP if USE_GLIBC || USE_MUSL + default USE_STRIP if USE_GLIBC default USE_SSTRIP help Select the binary stripping method you wish to use. @@ -144,7 +152,7 @@ menu "Global build settings" bool "none" help This will install unstripped binaries (useful for native - compiling/debugging). + compiling/debugging). config USE_STRIP bool "strip" @@ -154,7 +162,6 @@ menu "Global build settings" config USE_SSTRIP bool "sstrip" - depends on !DEBUG depends on !USE_GLIBC help This will install binaries stripped using sstrip. @@ -203,7 +210,7 @@ menu "Global build settings" config PKG_CHECK_FORMAT_SECURITY bool prompt "Enable gcc format-security" - default n + default y help Add -Wformat -Werror=format-security to the CFLAGS. You can disable this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package @@ -211,25 +218,27 @@ menu "Global build settings" choice prompt "User space Stack-Smashing Protection" - default PKG_CC_STACKPROTECTOR_NONE + depends on USE_MUSL + default PKG_CC_STACKPROTECTOR_REGULAR help Enable GCC Stack Smashing Protection (SSP) for userspace applications config PKG_CC_STACKPROTECTOR_NONE bool "None" config PKG_CC_STACKPROTECTOR_REGULAR bool "Regular" - select SSP_SUPPORT + select SSP_SUPPORT if !USE_MUSL depends on KERNEL_CC_STACKPROTECTOR_REGULAR config PKG_CC_STACKPROTECTOR_STRONG bool "Strong" - select SSP_SUPPORT - depends on GCC_VERSION_4_9_LINARO + select SSP_SUPPORT if !USE_MUSL + depends on GCC_VERSION_5 depends on KERNEL_CC_STACKPROTECTOR_STRONG endchoice choice prompt "Kernel space Stack-Smashing Protection" - default KERNEL_CC_STACKPROTECTOR_NONE + default KERNEL_CC_STACKPROTECTOR_REGULAR + depends on USE_MUSL || !(x86_64 || i386) help Enable GCC Stack-Smashing Protection (SSP) for the kernel config KERNEL_CC_STACKPROTECTOR_NONE @@ -237,12 +246,13 @@ menu "Global build settings" config KERNEL_CC_STACKPROTECTOR_REGULAR bool "Regular" config KERNEL_CC_STACKPROTECTOR_STRONG - depends on GCC_VERSION_4_9_LINARO + depends on GCC_VERSION_5 bool "Strong" endchoice choice prompt "Enable buffer-overflows detection (FORTIFY_SOURCE)" + default PKG_FORTIFY_SOURCE_1 help Enable the _FORTIFY_SOURCE macro which introduces additional checks to detect buffer-overflows in the following standard library @@ -262,6 +272,7 @@ menu "Global build settings" choice prompt "Enable RELRO protection" + default PKG_RELRO_FULL help Enable a link-time protection known as RELRO (Relocation Read Only) which helps to protect from certain type of exploitation techniques