kumquat-buildroot/Config.in

988 lines
31 KiB
Plaintext
Raw Normal View History

#
mainmenu "Buildroot $BR2_VERSION Configuration"
config BR2_HAVE_DOT_CONFIG
bool
default y
config BR2_VERSION
string
option env="BR2_VERSION_FULL"
config BR2_HOSTARCH
string
option env="HOSTARCH"
config BR2_BASE_DIR
string
option env="BASE_DIR"
# br2-external paths definitions
source "$BR2_BASE_DIR/.br2-external.in.paths"
# Hidden config symbols for packages to check system gcc version
config BR2_HOST_GCC_VERSION
string
option env="HOST_GCC_VERSION"
config BR2_HOST_GCC_AT_LEAST_4_9
bool
default y if BR2_HOST_GCC_VERSION = "4 9"
config BR2_HOST_GCC_AT_LEAST_5
bool
default y if BR2_HOST_GCC_VERSION = "5"
select BR2_HOST_GCC_AT_LEAST_4_9
config BR2_HOST_GCC_AT_LEAST_6
bool
default y if BR2_HOST_GCC_VERSION = "6"
select BR2_HOST_GCC_AT_LEAST_5
config BR2_HOST_GCC_AT_LEAST_7
bool
default y if BR2_HOST_GCC_VERSION = "7"
select BR2_HOST_GCC_AT_LEAST_6
config BR2_HOST_GCC_AT_LEAST_8
bool
default y if BR2_HOST_GCC_VERSION = "8"
select BR2_HOST_GCC_AT_LEAST_7
config BR2_HOST_GCC_AT_LEAST_9
bool
default y if BR2_HOST_GCC_VERSION = "9"
select BR2_HOST_GCC_AT_LEAST_8
config BR2_HOST_GCC_AT_LEAST_10
bool
default y if BR2_HOST_GCC_VERSION = "10"
select BR2_HOST_GCC_AT_LEAST_9
config BR2_HOST_GCC_AT_LEAST_11
bool
default y if BR2_HOST_GCC_VERSION = "11"
select BR2_HOST_GCC_AT_LEAST_10
# When adding new entries above, be sure to update
# the HOSTCC_MAX_VERSION variable in the Makefile.
# Hidden boolean selected by packages in need of Java in order to build
# (example: kodi)
config BR2_NEEDS_HOST_JAVA
bool
# Hidden boolean selected by pre-built packages for x86, when they
# need to run on x86-64 machines (example: pre-built external
# toolchains, binary tools, etc.).
config BR2_HOSTARCH_NEEDS_IA32_LIBS
bool
# Hidden boolean selected by packages that need to build 32 bits
# binaries with the host compiler, even on 64 bits build machines (e.g
# bootloaders).
config BR2_HOSTARCH_NEEDS_IA32_COMPILER
bool
# Hidden boolean selected by packages that need the host to have an
# UTF8 locale.
config BR2_NEEDS_HOST_UTF8_LOCALE
bool
# Hidden boolean selected by packages that need the host to have
# support for building gcc plugins
config BR2_NEEDS_HOST_GCC_PLUGIN_SUPPORT
bool
source "arch/Config.in"
source "toolchain/Config.in"
menu "Build options"
menu "Commands"
config BR2_WGET
string "Wget command"
default "wget --passive-ftp -nd -t 3"
config BR2_SVN
string "Subversion (svn) command"
default "svn --non-interactive"
config BR2_BZR
string "Bazaar (bzr) command"
default "bzr"
2007-08-24 07:31:07 +02:00
config BR2_GIT
string "Git command"
default "git"
2007-08-24 07:31:07 +02:00
config BR2_CVS
string "CVS command"
default "cvs"
config BR2_LOCALFILES
string "Local files retrieval command"
default "cp"
config BR2_SCP
string "Secure copy (scp) command"
default "scp"
config BR2_SFTP
string "Secure file transfer (sftp) command"
default "sftp"
config BR2_HG
string "Mercurial (hg) command"
default "hg"
config BR2_ZCAT
string "zcat command"
default "gzip -d -c"
help
Command to be used to extract a gzip'ed file to stdout. zcat
is identical to gunzip -c except that the former may not be
available on your system.
Default is "gzip -d -c"
Other possible values include "gunzip -c" or "zcat".
2006-11-17 16:43:51 +01:00
config BR2_BZCAT
string "bzcat command"
default "bzcat"
help
Command to be used to extract a bzip2'ed file to stdout.
bzcat is identical to bunzip2 -c except that the former may
not be available on your system.
Default is "bzcat"
Other possible values include "bunzip2 -c" or "bzip2 -d -c".
config BR2_XZCAT
string "xzcat command"
default "xzcat"
help
Command to be used to extract a xz'ed file to stdout.
Default is "xzcat"
config BR2_LZCAT
string "lzcat command"
default "lzip -d -c"
help
Command to be used to extract a lzip'ed file to stdout.
Default is "lzip -d -c"
config BR2_TAR_OPTIONS
string "Tar options"
default ""
help
Options to pass to tar when extracting the sources.
E.g. " -v --exclude='*.svn*'" to exclude all .svn internal
files and to be verbose.
endmenu
config BR2_DEFCONFIG_FROM_ENV
string
option env="BR2_DEFCONFIG"
config BR2_DEFCONFIG
string "Location to save buildroot config"
default BR2_DEFCONFIG_FROM_ENV if BR2_DEFCONFIG_FROM_ENV != ""
default "$(CONFIG_DIR)/defconfig"
help
When running 'make savedefconfig', the defconfig file will be
saved in this location.
config BR2_DL_DIR
string "Download dir"
default "$(TOPDIR)/dl"
help
Directory to store all the source files that we need to fetch.
If the Linux shell environment has defined the BR2_DL_DIR
environment variable, then this overrides this configuration
item.
The directory is organized with a subdirectory for each
package. Each package has its own $(LIBFOO_DL_DIR) variable
that can be used to find the correct path.
The default is $(TOPDIR)/dl
config BR2_HOST_DIR
string "Host dir"
default "$(BASE_DIR)/host"
help
Directory to store all the binary files that are built for the
host. This includes the cross compilation toolchain when
building the internal buildroot toolchain.
The default is $(BASE_DIR)/host
menu "Mirrors and Download locations"
config BR2_PRIMARY_SITE
string "Primary download site"
default ""
help
Primary site to download from. If this option is set then
buildroot will try to download package source first from this
site and try the default if the file is not found.
Valid URIs are:
- URIs recognized by $(WGET)
- local URIs of the form file://absolutepath
- scp URIs of the form scp://[user@]host:path.
config BR2_PRIMARY_SITE_ONLY
bool "Only allow downloads from primary download site"
depends on BR2_PRIMARY_SITE != ""
help
If this option is enabled, downloads will only be attempted
from the primary download site. Other locations, like the
package's official download location or the backup download
site, will not be considered. Therefore, if the package is not
present on the primary site, the download fails.
This is useful for project developers who want to ensure that
the project can be built even if the upstream tarball
locations disappear.
if !BR2_PRIMARY_SITE_ONLY
config BR2_BACKUP_SITE
string "Backup download site"
default "https://sources.buildroot.net"
help
Backup site to download from. If this option is set then
buildroot will fall back to download package sources from here
if the normal location fails.
config BR2_KERNEL_MIRROR
string "Kernel.org mirror"
default "https://cdn.kernel.org/pub"
help
kernel.org is mirrored on a number of servers around the
world. The following allows you to select your preferred
mirror. By default, a CDN is used, which automatically
redirects to a mirror geographically close to you.
Have a look on the kernel.org site for a list of mirrors, then
enter the URL to the base directory. Examples:
http://www.XX.kernel.org/pub (XX = country code)
http://mirror.aarnet.edu.au/pub/ftp.kernel.org
config BR2_GNU_MIRROR
string "GNU Software mirror"
default "http://ftpmirror.gnu.org"
help
GNU has multiple software mirrors scattered around the
world. The following allows you to select your preferred
mirror. By default, a generic address is used, which
automatically selects an up-to-date and local mirror.
Have a look on the gnu.org site for a list of mirrors, then
enter the URL to the base directory. Examples:
http://ftp.gnu.org/pub/gnu
http://mirror.aarnet.edu.au/pub/gnu
config BR2_LUAROCKS_MIRROR
string "LuaRocks mirror"
default "http://rocks.moonscript.org"
help
LuaRocks repository.
See http://luarocks.org
config BR2_CPAN_MIRROR
string "CPAN mirror (Perl packages)"
default "https://cpan.metacpan.org"
help
CPAN (Comprehensive Perl Archive Network) is a repository of
Perl packages. It has multiple software mirrors scattered
around the world. This option allows you to select a mirror.
The list of mirrors is available at:
http://mirrors.cpan.org/ (tabular)
http://mirrors.cpan.org/map.html (clickable world map)
endif
endmenu
config BR2_JLEVEL
int "Number of jobs to run simultaneously (0 for auto)"
default "0"
help
Number of jobs to run simultaneously. If 0, determine
automatically according to number of CPUs on the host system.
config BR2_CCACHE
bool "Enable compiler cache"
help
This option will enable the use of ccache, a compiler cache.
It will cache the result of previous builds to speed up future
builds. By default, the cache is stored in
$HOME/.buildroot-ccache.
Note that Buildroot does not try to invalidate the cache
contents when the compiler changes in an incompatible way.
Therefore, if you make a change to the compiler version and/or
configuration, you are responsible for purging the ccache
cache by removing the $HOME/.buildroot-ccache directory.
if BR2_CCACHE
config BR2_CCACHE_DIR
string "Compiler cache location"
default "$(HOME)/.buildroot-ccache"
help
Where ccache should store cached files.
If the Linux shell environment has defined the BR2_CCACHE_DIR
environment variable, then this overrides this configuration
item.
config BR2_CCACHE_INITIAL_SETUP
string "Compiler cache initial setup"
help
Initial ccache settings to apply, such as --max-files or
--max-size.
For example, if your project is known to require more space
than the default max cache size, then you might want to
increase the cache size to a suitable amount using the -M
(--max-size) option.
The string you specify here is passed verbatim to ccache.
Refer to ccache documentation for more details.
These initial settings are applied after ccache has been
compiled.
config BR2_CCACHE_USE_BASEDIR
bool "Use relative paths"
default y
help
Allow ccache to convert absolute paths within the output
directory into relative paths.
During the build, many -I include directives are given with an
absolute path. These absolute paths end up in the hashes that
are computed by ccache. Therefore, when you build from a
different directory, the hash will be different and the cached
object will not be used.
To improve cache performance, set this option to y. This
allows ccache to rewrite absolute paths within the output
directory into relative paths. Note that only paths within the
output directory will be rewritten; therefore, if you change
BR2_HOST_DIR to point outside the output directory and
subsequently move it to a different location, this will lead
to cache misses.
This option has as a result that the debug information in the
object files also has only relative paths. Therefore, make
sure you cd to the build directory before starting gdb. See
the section "COMPILING IN DIFFERENT DIRECTORIES" in the ccache
manual for more information.
endif
config BR2_ENABLE_DEBUG
bool "build packages with debugging symbols"
help
Build packages with debugging symbols enabled. All libraries
and binaries in the 'staging' directory will have debugging
symbols, which allows remote debugging even if libraries and
binaries are stripped on the target. Whether libraries and
binaries are stripped on the target is controlled by the
BR2_STRIP_* options below.
if BR2_ENABLE_DEBUG
choice
prompt "gcc debug level"
default BR2_DEBUG_2
help
Set the debug level for gcc
config BR2_DEBUG_1
bool "debug level 1"
help
Debug level 1 produces minimal information, enough for making
backtraces in parts of the program that you don't plan to
debug. This includes descriptions of functions and external
variables, but no information about local variables and no
line numbers.
config BR2_DEBUG_2
bool "debug level 2"
help
The default gcc debug level is 2
config BR2_DEBUG_3
bool "debug level 3"
help
Level 3 includes extra information, such as all the macro
definitions present in the program. Some debuggers support
macro expansion when you use -g3.
endchoice
endif
core: introduce BR2_ENABLE_RUNTIME_DEBUG Some packages have optional runtime assertions, extra traces, or other elements that can help in debugging problems. However, such runtime elements can negatively influence performance. In a test program performing 100K gRPC calls from a client to a local server and receiving the returned response, we see following execution time: - runtime debug enabled: 1065 seconds - runtime debug disabled: 48 seconds This is more than a factor 20 (!) difference. Analysis shows that the problem mostly stems from libabseil-cpp (a dependency of gRPC) which enables mutex deadlock analysis when the preprocessor flag 'NDEBUG' is not set, which adds a 'backtrace()' call on every lock/unlock. Potentially worse, when libunwind is enabled and linked with the test program, 'backtrace()' is not provided by glibc but by libunwind itself. For production systems, users expect good performance out-of-the-box. In the example above, the difference is huge and unless explicitly tested and analyzed, users may not realize that the performance could be much better. Address this problem by introducing a new option BR2_ENABLE_RUNTIME_DEBUG, which can be used by packages or package infrastructures to set the necessary flags. Note that BR2_ENABLE_RUNTIME_DEBUG is orthogonal to BR2_ENABLE_DEBUG: the former changes runtime behavior, while the latter is only expected to add debug symbols to the build. Today, the cmake build system does introduce a runtime impact when BR2_ENABLE_DEBUG is set, but that will be rectified in a subsequent commit. Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-06-01 16:34:06 +02:00
config BR2_ENABLE_RUNTIME_DEBUG
bool "build packages with runtime debugging info"
help
Some packages may have runtime assertions, extra traces, and
similar runtime elements that can help debugging. However,
these elements may negatively influence performance so should
normally not be enabled on production systems.
Enable this option to enable such runtime debugging.
Note: disabling this option is not a guarantee that all
packages effectively removed these runtime debugging elements.
config BR2_STRIP_strip
bool "strip target binaries"
default y
depends on BR2_BINFMT_ELF
help
Binaries and libraries in the target filesystem will be
stripped using the normal 'strip' command. This allows to save
space, mainly by removing debugging symbols. Debugging symbols
on the target are needed for native debugging, but not when
remote debugging is used.
2007-08-24 07:31:07 +02:00
config BR2_STRIP_EXCLUDE_FILES
string "executables that should not be stripped"
default ""
depends on BR2_STRIP_strip
help
You may specify a space-separated list of binaries and
libraries here that should not be stripped on the target.
config BR2_STRIP_EXCLUDE_DIRS
string "directories that should be skipped when stripping"
default ""
depends on BR2_STRIP_strip
help
You may specify a space-separated list of directories that
should be skipped when stripping. Binaries and libraries in
these directories will not be touched. The directories should
be specified relative to the target directory, without leading
slash.
choice
prompt "gcc optimization level"
default BR2_OPTIMIZE_2
2008-03-12 12:23:11 +01:00
help
Set the optimization level for gcc
config BR2_OPTIMIZE_0
bool "optimization level 0"
help
Do not optimize.
config BR2_OPTIMIZE_1
bool "optimization level 1"
help
Optimize. Optimizing compilation takes somewhat more time, and
a lot more memory for a large function. With -O, the compiler
tries to reduce code size and execution time, without
performing any optimizations that take a great deal of
compilation time. -O turns on the following optimization
flags: -fdefer-pop -fdelayed-branch -fguess-branch-probability
-fcprop-registers -floop-optimize -fif-conversion
-fif-conversion2 -ftree-ccp -ftree-dce -ftree-dominator-opts
-ftree-dse -ftree-ter -ftree-lrs -ftree-sra -ftree-copyrename
-ftree-fre -ftree-ch -funit-at-a-time -fmerge-constants. -O
also turns on -fomit-frame-pointer on machines where doing so
does not interfere with debugging.
config BR2_OPTIMIZE_2
bool "optimization level 2"
help
Optimize even more. GCC performs nearly all supported
optimizations that do not involve a space-speed tradeoff. The
compiler does not perform loop unrolling or function inlining
when you specify -O2. As compared to -O, this option increases
both compilation time and the performance of the generated
code. -O2 turns on all optimization flags specified by -O. It
also turns on the following optimization flags:
-fthread-jumps -fcrossjumping -foptimize-sibling-calls
-fcse-follow-jumps -fcse-skip-blocks -fgcse -fgcse-lm
-fexpensive-optimizations -fstrength-reduce
-frerun-cse-after-loop -frerun-loop-opt -fcaller-saves
-fpeephole2 -fschedule-insns -fschedule-insns2
-fsched-interblock -fsched-spec -fregmove -fstrict-aliasing
-fdelete-null-pointer-checks -freorder-blocks
-freorder-functions -falign-functions -falign-jumps
-falign-loops -falign-labels -ftree-vrp -ftree-pre. Please
note the warning under -fgcse about invoking -O2 on programs
that use computed gotos.
This is the default.
config BR2_OPTIMIZE_3
bool "optimization level 3"
help
Optimize yet more. -O3 turns on all optimizations specified by
-O2 and also turns on the -finline-functions, -funswitch-loops
and -fgcse-after-reload options.
config BR2_OPTIMIZE_G
bool "optimize for debugging"
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8
help
Optimize for debugging. This enables optimizations that do not
interfere with debugging. It should be the optimization level
of choice for the standard edit-compile-debug cycle, offering
a reasonable level of optimization while maintaining fast
compilation and a good debugging experience.
config BR2_OPTIMIZE_S
bool "optimize for size"
help
Optimize for size. -Os enables all -O2 optimizations that do
not typically increase code size. It also performs further
optimizations designed to reduce code size. -Os disables the
following optimization flags: -falign-functions -falign-jumps
-falign-loops -falign-labels -freorder-blocks
-freorder-blocks-and-partition -fprefetch-loop-arrays
-ftree-vect-loop-version
config BR2_OPTIMIZE_FAST
bool "optimize for fast (may break packages!)"
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_6
help
Optimize for fast. Disregard strict standards
compliance. -Ofast enables all -O3 optimizations. It also
enables optimizations that are not valid for all
standard-compliant programs, so be careful, as it may break
some packages. It turns on -ffast-math and the
Fortran-specific -fstack-arrays, unless -fmax-stack-var-size
is specified, and -fno-protect-parens.
endchoice
2008-03-12 12:23:11 +01:00
config BR2_ENABLE_LTO
bool "build packages with link-time optimisation"
help
Enable the link-time optimisation (LTO) option when building
packages. Link-time optimisation re-runs optimisations at
link time, which allows the compiler to do interprocedural
analysis across compilation units and thus come with better
results: smaller size and better performance.
Note that this analysis is limited to statically linked
object files and libraries.
This option may significantly increase build times,
sometimes 5 times longer, with only limited gains.
At this time, this option only enables LTO in packages that
have an explicit configuration option for it. Other packages
always enable LTO, but most packages never enable LTO.
config BR2_GOOGLE_BREAKPAD_ENABLE
bool "Enable google-breakpad support"
depends on BR2_INSTALL_LIBSTDCPP
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_7 # C++17
depends on BR2_USE_WCHAR
depends on BR2_TOOLCHAIN_HAS_THREADS
depends on BR2_TOOLCHAIN_USES_GLIBC
depends on BR2_PACKAGE_GOOGLE_BREAKPAD_ARCH_SUPPORTS
depends on BR2_PACKAGE_HOST_GOOGLE_BREAKPAD_ARCH_SUPPORTS
select BR2_PACKAGE_GOOGLE_BREAKPAD
help
This option will enable the use of google breakpad, a library
and tool suite that allows you to distribute an application to
users with compiler-provided debugging information removed,
record crashes in compact "minidump" files, send them back to
your server and produce C and C++ stack traces from these
minidumps. Breakpad can also write minidumps on request for
programs that have not crashed.
if BR2_GOOGLE_BREAKPAD_ENABLE
config BR2_GOOGLE_BREAKPAD_INCLUDE_FILES
string "List of executables and libraries to extract symbols from"
default ""
help
You may specify a space-separated list of binaries and
libraries with full paths relative to $(TARGET_DIR) of which
debug symbols will be dumped for further use with google
breakpad.
A directory structure that can be used by minidump-stackwalk
will be created at:
$(STAGING_DIR)/usr/share/google-breakpad-symbols
endif
choice
bool "libraries"
default BR2_SHARED_LIBS if BR2_BINFMT_SUPPORTS_SHARED
default BR2_STATIC_LIBS if !BR2_BINFMT_SUPPORTS_SHARED
help
Select the type of libraries you want to use on the target.
The default is to build dynamic libraries and use those on the
target filesystem, except when the architecture and/or the
selected binary format does not support shared libraries.
config BR2_STATIC_LIBS
bool "static only"
toolchain: invert glibc <-> !static dependency Currently, glibc depends on !BR2_STATIC_LIBS in all the toolchain variants. However, for some architectures, glibc is the only supported libc. In commit 3b3105328e4aa54f3cfecbf8454a9db63875d76e ("Config.in: only allow BR2_STATIC_LIBS on supported libc/arch"), we implemented a fix to avoid configurations were BR2_STATIC_LIBS=y with an architecture already supported by glibc, because these configurations are impossible. This commit 3b3105328e4aa54f3cfecbf8454a9db63875d76e prevents from selecting BR2_STATIC_LIBS=y when the C library used for the internal toolchain backend is glibc. However, it introduces a discrepency between how this topic is handled for internal and external toolchains: - For internal toolchains, we prevent BR2_STATIC_LIBS=y if glibc is chosen. - For external toolchains, we allow BR2_STATIC_LIBS=y in all cases, and it's each glibc toolchain that has !BR2_STATIC_LIBS This commit addresses this discrepency by preventing BR2_STATIC_LIBS=y if glibc is chosen in all cases. Thanks to this, we can remove the !BR2_STATIC_LIBS dependency on both the glibc package, and all glibc external toolchains. Fixes: https://bugs.busybox.net/show_bug.cgi?id=14256 Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> [Thomas: update to master, fix the gen-bootlin-toolchains script, add a comment in the static/shared choice to indicate that static is supported only with uclibc or musl] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-10-06 22:41:32 +02:00
depends on !BR2_TOOLCHAIN_USES_GLIBC
help
Build and use only static libraries. No shared libraries will
be installed on the target. This potentially increases your
code size and should only be used if you know what you are
doing. Note that some packages may not be available when this
option is enabled, due to their need for dynamic library
support.
toolchain: invert glibc <-> !static dependency Currently, glibc depends on !BR2_STATIC_LIBS in all the toolchain variants. However, for some architectures, glibc is the only supported libc. In commit 3b3105328e4aa54f3cfecbf8454a9db63875d76e ("Config.in: only allow BR2_STATIC_LIBS on supported libc/arch"), we implemented a fix to avoid configurations were BR2_STATIC_LIBS=y with an architecture already supported by glibc, because these configurations are impossible. This commit 3b3105328e4aa54f3cfecbf8454a9db63875d76e prevents from selecting BR2_STATIC_LIBS=y when the C library used for the internal toolchain backend is glibc. However, it introduces a discrepency between how this topic is handled for internal and external toolchains: - For internal toolchains, we prevent BR2_STATIC_LIBS=y if glibc is chosen. - For external toolchains, we allow BR2_STATIC_LIBS=y in all cases, and it's each glibc toolchain that has !BR2_STATIC_LIBS This commit addresses this discrepency by preventing BR2_STATIC_LIBS=y if glibc is chosen in all cases. Thanks to this, we can remove the !BR2_STATIC_LIBS dependency on both the glibc package, and all glibc external toolchains. Fixes: https://bugs.busybox.net/show_bug.cgi?id=14256 Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> [Thomas: update to master, fix the gen-bootlin-toolchains script, add a comment in the static/shared choice to indicate that static is supported only with uclibc or musl] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-10-06 22:41:32 +02:00
comment "static only needs a toolchain w/ uclibc or musl"
depends on BR2_TOOLCHAIN_USES_GLIBC
config BR2_SHARED_LIBS
bool "shared only"
depends on BR2_BINFMT_SUPPORTS_SHARED
help
Build and use only shared libraries. This is the recommended
solution as it saves space and build time.
config BR2_SHARED_STATIC_LIBS
bool "both static and shared"
depends on BR2_BINFMT_SUPPORTS_SHARED
help
Build both shared and static libraries, but link executables
dynamically. While building both shared and static libraries
take more time and more disk space, having static libraries
may be useful to link some of the applications statically.
endchoice
config BR2_PACKAGE_OVERRIDE_FILE
string "location of a package override file"
default "$(CONFIG_DIR)/local.mk"
help
A package override file is a short makefile that contains
variable definitions of the form <pkg>_OVERRIDE_SRCDIR, which
allows to tell Buildroot to use an existing directory as the
source directory for a particular package. See the Buildroot
documentation for more details on this feature.
config BR2_GLOBAL_PATCH_DIR
package/pkg-download: lookup hash files in global-patch-dir Currently, we expect and only use hash files that lie within the package directory, alongside the .mk file. Those hash files are thus bundled with Buildroot. This implies that only what's known to Buildroot can ever get into those hash files. For packages where the version is fixed (or a static choice), then we can carry hashes for those known versions. However, we do have a few packages for which the version is a free-form entry, where the user can provide a custom location and/or version. like a custom VCS tree and revision, or a custom tarball URL. This means that Buildroot has no way to be able to cary hashes for such custom versions. This means that there is no integrity check that what was downloaded is what was expected. For a sha1 in a git tree, this is a minor issue, because the sha1 by itself is already a hash of the expected content. But for custom tarballs URLs, or for a tag in a VCS, there is indeed no integrity check. Buildroot can't provide such hashes, but interested users may want to provide those, and currently there is no (easy) way to do so. We leverage the existing global-patch-dir mechanism to look for extra hash files. We use the same heuristic that is used for bundled hash files, and for each global patch directory <dir>, we use the first file to exist among: 1. look into <dir>/<package>/<version>/<package>.hash 2. look into <dir>/<package>/<package>.hash Reported-by: "Martin Zeiser (mzeiser)" <mzeiser@cisco.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-06 20:09:13 +01:00
string "global patch and hash directories"
help
You may specify a space separated list of one or more
package/pkg-download: lookup hash files in global-patch-dir Currently, we expect and only use hash files that lie within the package directory, alongside the .mk file. Those hash files are thus bundled with Buildroot. This implies that only what's known to Buildroot can ever get into those hash files. For packages where the version is fixed (or a static choice), then we can carry hashes for those known versions. However, we do have a few packages for which the version is a free-form entry, where the user can provide a custom location and/or version. like a custom VCS tree and revision, or a custom tarball URL. This means that Buildroot has no way to be able to cary hashes for such custom versions. This means that there is no integrity check that what was downloaded is what was expected. For a sha1 in a git tree, this is a minor issue, because the sha1 by itself is already a hash of the expected content. But for custom tarballs URLs, or for a tag in a VCS, there is indeed no integrity check. Buildroot can't provide such hashes, but interested users may want to provide those, and currently there is no (easy) way to do so. We leverage the existing global-patch-dir mechanism to look for extra hash files. We use the same heuristic that is used for bundled hash files, and for each global patch directory <dir>, we use the first file to exist among: 1. look into <dir>/<package>/<version>/<package>.hash 2. look into <dir>/<package>/<package>.hash Reported-by: "Martin Zeiser (mzeiser)" <mzeiser@cisco.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-06 20:09:13 +01:00
directories containing global package patches and/or hashes.
For a specific version <packageversion> of a specific package
<packagename>, patches are looked up as follows:
First, the default Buildroot patch set for the package is
applied from the package's directory in Buildroot.
Then for every directory - <global-patch-dir> - that exists in
BR2_GLOBAL_PATCH_DIR, if the directory
<global-patch-dir>/<packagename>/<packageversion>/ exists,
then all *.patch files in this directory will be applied.
Otherwise, if the directory <global-patch-dir>/<packagename>
exists, then all *.patch files in the directory will be
applied.
package/pkg-download: lookup hash files in global-patch-dir Currently, we expect and only use hash files that lie within the package directory, alongside the .mk file. Those hash files are thus bundled with Buildroot. This implies that only what's known to Buildroot can ever get into those hash files. For packages where the version is fixed (or a static choice), then we can carry hashes for those known versions. However, we do have a few packages for which the version is a free-form entry, where the user can provide a custom location and/or version. like a custom VCS tree and revision, or a custom tarball URL. This means that Buildroot has no way to be able to cary hashes for such custom versions. This means that there is no integrity check that what was downloaded is what was expected. For a sha1 in a git tree, this is a minor issue, because the sha1 by itself is already a hash of the expected content. But for custom tarballs URLs, or for a tag in a VCS, there is indeed no integrity check. Buildroot can't provide such hashes, but interested users may want to provide those, and currently there is no (easy) way to do so. We leverage the existing global-patch-dir mechanism to look for extra hash files. We use the same heuristic that is used for bundled hash files, and for each global patch directory <dir>, we use the first file to exist among: 1. look into <dir>/<package>/<version>/<package>.hash 2. look into <dir>/<package>/<package>.hash Reported-by: "Martin Zeiser (mzeiser)" <mzeiser@cisco.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-06 20:09:13 +01:00
The hash files are looked up similarly to the patches.
menu "Advanced"
config BR2_FORCE_HOST_BUILD
bool "Force the building of host dependencies"
help
Build all available host dependencies, even if they are
already installed on the system.
This option can be used to ensure that the download cache of
source archives for packages remain consistent between
different build hosts.
This option will increase build time.
config BR2_DOWNLOAD_FORCE_CHECK_HASHES
bool "Force all downloads to have a valid hash"
help
Say 'y' here to enforce downloads to have at least one valid
hash (and of course, that all hashes be valid).
By default, Buildroot checks hashes of all packages
downloaded, except those for which a custom version is
used.
With this option turned on, Buildroot will check hashes of
all packages, including those that use a custom version. In
order to provide hashes for such packages, place additional
hash files in BR2_GLOBAL_PATCH_DIR directories.
config BR2_REPRODUCIBLE
bool "Make the build reproducible (experimental)"
toolchain/wrapper: fake __DATE_ and __TIME__ for older gcc Starting with version 7, gcc automatically recognises and enforces the environment variable SOURCE_DATE_EPOCH, and fakes __DATE__ and __TIME__ accordingly, to produce reproducible builds (at least in regards to date and time). However, older gcc versions do not offer this feature. So, we use our toolchain wrapper to force-feed __DATE__ and __TIME__ as macros, which will take precedence over those that gcc may compute itself. We compute them according to the specs: https://reproducible-builds.org/specs/source-date-epoch/ https://gcc.gnu.org/onlinedocs/cpp/Standard-Predefined-Macros.html Since we define macros otherwise internal to gcc, we have to tell it not to warn about that. The -Wno-builtin-macro-redefined flag was introduced in gcc-4.4.0. Therefore, we make BR2_REPRODUCIBLE depend on GCC >= 4.4. gcc-7 will ignore SOURCE_DATE_EPOCH when __DATE__ and __TIME__ are user-defined. Anyway, this is of no consequence: whether __DATE__ and __TIME__ or SOURCE_DATE_EPOCH takes precedence, it would yield the exact same end result since we use the same logic to compute it. Note that we didn't copy the code for it from gcc so using the same logic doesn't imply that we're inheriting GPL-3.0. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Jérôme Pouiller <jezz@sysmic.org> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Cc: Arnout Vandecappelle <arnout@mind.be> Cc: Peter Korsgaard <peter@korsgaard.com> [Arnout: rewrite commit message] Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-21 22:31:02 +02:00
# SOURCE_DATE_EPOCH support in toolchain-wrapper requires GCC 4.4
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_4
help
This option will remove all sources of non-reproducibility
from the build process. For a given Buildroot configuration,
this allows to generate exactly identical binaries from one
build to the other, including on different machines.
The current implementation is restricted to builds with the
same output directory. Many (absolute) paths are recorded in
intermediary files, and it is very likely that some of these
paths leak into the target rootfs. If you build with the
same O=... path, however, the result is identical.
This is labeled as an experimental feature, as not all
packages behave properly to ensure reproducibility.
core: implement per-package SDK and target This commit implements the core of the move to per-package SDK and target directories. The main idea is that instead of having a global output/host and output/target in which all packages install files, we switch to per-package host and target directories, that only contain their explicit dependencies. There are two main benefits: - Packages will now see only the dependencies they explicitly list in their <pkg>_DEPENDENCIES variable, and the recursive dependencies thereof. - We can support top-level parallel build properly, because a package only "sees" its own host directory and target directory, isolated from the build of other packages that can happen in parallel. It works as follows: - A new output/per-package/ directory is created, which will contain one sub-directory per package, and inside it, a "host" directory and a "target" directory: output/per-package/busybox/target output/per-package/busybox/host output/per-package/host-fakeroot/target output/per-package/host-fakeroot/host This output/per-package/ directory is PER_PACKAGE_DIR. - The global TARGET_DIR and HOST_DIR variable now automatically point to the per-package directory when PKG is defined. So whenever a package references $(HOST_DIR) or $(TARGET_DIR) in its build process, it effectively references the per-package host/target directories. Note that STAGING_DIR is a sub-dir of HOST_DIR, so it is handled as well. - Of course, packages have dependencies, so those dependencies must be installed in the per-package host and target directories. To do so, we simply rsync (using hard links to save space and time) the host and target directories of the direct dependencies of the package to the current package host and target directories. We only need to take care of direct dependencies (and not recursively all dependencies), because we accumulate into those per-package host and target directories the files installed by the dependencies. Note that this only works because we make the assumption that one package does *not* overwrite files installed by another package. This is done for "extract dependencies" at the beginning of the extract step, and for "normal dependencies" at the beginning of the configure step. This is basically enough to make per-package SDK and target work. The only gotcha is that at the end of the build, output/target and output/host are empty, which means that: - The filesystem image creation code cannot work. - We don't have a SDK to build code outside of Buildroot. In order to fix this, this commit extends the target-finalize step so that it starts by populating output/target and output/host by rsync-ing into them the target and host directories of all packages listed in the $(PACKAGES) variable. It is necessary to do this sequentially in the target-finalize step and not in each package. Doing it in package installation means that it can be done in parallel. In that case, there is a chance that two rsyncs are creating the same hardlink or directory at the same time, which makes one of them fail. This change to per-package directories has an impact on the RPATH built into the host binaries, as those RPATH now point to various per-package host directories, and no longer to the global host directory. We do not try to rewrite such RPATHs during the build as having such RPATHs is perfectly fine, but we still need to handle two fallouts from this change: - The check-host-rpath script, which verifies at the end of each package installation that it has the appropriate RPATH, is modified to understand that a RPATH to $(PER_PACKAGE_DIR)/<pkg>/host/lib is a correct RPAT. - The fix-rpath script, which mungles the RPATH mainly for the SDK preparation, is modified to rewrite the RPATH to not point to per-package directories. Indeed the patchelf --make-rpath-relative call only works if the RPATH points to the ROOTDIR passed as argument, and this ROOTDIR is the global host directory. Rewriting the RPATH to not point to per-package host directories prior to this is an easy solution to this issue. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-05 17:46:40 +01:00
config BR2_PER_PACKAGE_DIRECTORIES
bool "Use per-package directories (experimental)"
help
This option will change the build process of Buildroot
package to use per-package target and host directories.
This is useful for two related purposes:
- Cleanly isolate the build of each package, so that a
given package only "sees" the dependencies it has
explicitly expressed, and not other packages that may
have by chance been built before.
- Enable top-level parallel build.
This is labeled as an experimental feature, as not all
packages behave properly with per-package directories.
endmenu
Config.in: introduce BR2_TIME_BITS_64 option for Y2038 compatibility Y2038 is now almost only 15 years away, and embedded systems built today are potentially going to still be operational in 15 years, and even though they are supposed to receive updates by then, we all know how things go, and potentially some of these embedded systems will not receive any update. In 2038, the signed 32-bit representation of time_t used on 32-bit architectures will overflow, causing all time-related functions to go back in time in a surprising way. The Linux kernel has already been modified to support a 64-bit representation of time_t on 32-bit architectures, but from a C library perspective, the situation varies: - glibc uses this 64-bit time_t representation on 32-bit systems since glibc 2.34, but only if -D_TIME_BITS=64 is specified. Therefore, this commit adds an option to add this flag globally to the build, when glibc is the C library and the architecture is not 64-bit. - musl uses unconditionally a 64-bit time_t representation on 32-bit systems since musl 1.2.0. So there is nothing to do here since Buildroot has been using a musl >= 1.2.0, used since Buildroot 2020.05. No Buildroot option is needed here. - uClibc-ng does not support a 64-bit time_t representation on 32-bit systems, so systems using uClibc-ng will not be Y2038 compliant, at least for now. No Buildroot option is needed here. It should be noted that being Y2038-compliant will only work if all application/library code is correct. For example if an application/library stores a timestamp in an "int" instead of using the proper time_t type, then the mechanisms described above will not fix this, and the application/library will continue to be broken in terms of Y2038 support. Possible discussions points about this patch: - Should we have an option at all, or should we unconditionally pass -D_TIME_BITS=64, like we have been doing for _FILE_OFFSET_BITS=64 for quite some time. The reasoning for having an option is that the mechanism is itself opt-in in glibc, and generally relatively new, so it seemed logical for now to make it optional as well in Buildroot. - Should we show something (a Config.in comment?) in the musl and uClibc-ng case to let the user know that the code is Y2038 compliant (musl) or not Y2038 compliant (uClibc-ng). Or should this discussion be part of the Buildroot documentation? Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-10-12 23:50:08 +02:00
config BR2_TIME_BITS_64
bool "Build Y2038-ready code"
depends on BR2_TOOLCHAIN_USES_GLIBC && !BR2_ARCH_IS_64
help
This option will pass -D_TIME_BITS=64 in the compiler flags
to ensure the glibc C library uses a 64-bit representation
for time_t and other time types, which ensures that
programs/libraries will correctly handle time past year
2038.
This option only has an effect with glibc >= 2.34, as
earlier glibc versions did not have support for 64-bit
time_t.
comment "Security Hardening Options"
config BR2_PIC_PIE_ARCH_SUPPORTS
bool
default y
# Microblaze glibc toolchains don't work with PIC/PIE enabled
depends on !BR2_microblaze
# Nios2 toolchains produce non working binaries with -fPIC
depends on !BR2_nios2
config BR2_PIC_PIE
bool "Build code with PIC/PIE"
default y
depends on BR2_PIC_PIE_ARCH_SUPPORTS
depends on BR2_SHARED_LIBS
Config.in: disable PIC/PIE if the toolchain does not support PIE m68k does not seem to really support PIE as it raises the following build failure with aer-inject: /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/7.4.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/m68k-buildroot-linux-uclibc/sysroot/usr/lib/Scrt1.o: in function `lib_main': (.text+0x4): undefined reference to `__shared_flat_add_library' /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/7.4.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: final link failed: bad value We also have another build failure with uclibc on microblazeel: /home/buildroot/autobuild/instance-1/output-1/host/lib/gcc/microblazeel-buildroot-linux-uclibc/8.3.0/../../../../microblazeel-buildroot-linux-uclibc/bin/ld: final link failed: bad value collect2: error: ld returned 1 exit status Makefile.in:114: recipe for target '../utils/getconf' failed So add a BR2_TOOLCHAIN_SUPPORTS_PIE dependency on BR2_PIC_PIE Fixes: - http://autobuild.buildroot.net/results/4cdd6f0368cc9d3c6e88f01b1a8929eb0839b638 - http://autobuild.buildroot.net/results/a82a484409149d7f9aff6140ddcb89f627f508c7 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-27 23:03:34 +01:00
depends on BR2_TOOLCHAIN_SUPPORTS_PIE
help
Generate Position-Independent Code (PIC) and link
Position-Independent Executables (PIE).
Config.in: disable PIC/PIE if the toolchain does not support PIE m68k does not seem to really support PIE as it raises the following build failure with aer-inject: /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/7.4.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/m68k-buildroot-linux-uclibc/sysroot/usr/lib/Scrt1.o: in function `lib_main': (.text+0x4): undefined reference to `__shared_flat_add_library' /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/7.4.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: final link failed: bad value We also have another build failure with uclibc on microblazeel: /home/buildroot/autobuild/instance-1/output-1/host/lib/gcc/microblazeel-buildroot-linux-uclibc/8.3.0/../../../../microblazeel-buildroot-linux-uclibc/bin/ld: final link failed: bad value collect2: error: ld returned 1 exit status Makefile.in:114: recipe for target '../utils/getconf' failed So add a BR2_TOOLCHAIN_SUPPORTS_PIE dependency on BR2_PIC_PIE Fixes: - http://autobuild.buildroot.net/results/4cdd6f0368cc9d3c6e88f01b1a8929eb0839b638 - http://autobuild.buildroot.net/results/a82a484409149d7f9aff6140ddcb89f627f508c7 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-27 23:03:34 +01:00
comment "PIC/PIE needs a toolchain w/ PIE"
depends on BR2_PIC_PIE_ARCH_SUPPORTS
Config.in: disable PIC/PIE if the toolchain does not support PIE m68k does not seem to really support PIE as it raises the following build failure with aer-inject: /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/7.4.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/m68k-buildroot-linux-uclibc/sysroot/usr/lib/Scrt1.o: in function `lib_main': (.text+0x4): undefined reference to `__shared_flat_add_library' /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/7.4.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: final link failed: bad value We also have another build failure with uclibc on microblazeel: /home/buildroot/autobuild/instance-1/output-1/host/lib/gcc/microblazeel-buildroot-linux-uclibc/8.3.0/../../../../microblazeel-buildroot-linux-uclibc/bin/ld: final link failed: bad value collect2: error: ld returned 1 exit status Makefile.in:114: recipe for target '../utils/getconf' failed So add a BR2_TOOLCHAIN_SUPPORTS_PIE dependency on BR2_PIC_PIE Fixes: - http://autobuild.buildroot.net/results/4cdd6f0368cc9d3c6e88f01b1a8929eb0839b638 - http://autobuild.buildroot.net/results/a82a484409149d7f9aff6140ddcb89f627f508c7 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-27 23:03:34 +01:00
depends on BR2_SHARED_LIBS
depends on !BR2_TOOLCHAIN_SUPPORTS_PIE
choice
bool "Stack Smashing Protection"
default BR2_SSP_ALL if BR2_ENABLE_SSP # legacy
default BR2_SSP_STRONG if BR2_TOOLCHAIN_HAS_SSP_STRONG
default BR2_SSP_REGULAR
depends on BR2_TOOLCHAIN_HAS_SSP
help
Enable stack smashing protection support using GCC's
-fstack-protector option family.
See
http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
for details.
Note that this requires the toolchain to have SSP support.
This is always the case for glibc and eglibc toolchain, but is
optional in uClibc toolchains.
config BR2_SSP_NONE
bool "None"
help
Disable stack-smashing protection.
config BR2_SSP_REGULAR
bool "-fstack-protector"
help
Emit extra code to check for buffer overflows, such as stack
smashing attacks. This is done by adding a guard variable to
functions with vulnerable objects. This includes functions
that call alloca, and functions with buffers larger than 8
bytes. The guards are initialized when a function is entered
and then checked when the function exits. If a guard check
fails, an error message is printed and the program exits.
config BR2_SSP_STRONG
bool "-fstack-protector-strong"
depends on BR2_TOOLCHAIN_HAS_SSP_STRONG
help
Like -fstack-protector but includes additional functions to be
protected - those that have local array definitions, or have
references to local frame addresses.
-fstack-protector-strong officially appeared in gcc 4.9, but
some vendors have backported -fstack-protector-strong to older
versions of gcc.
config BR2_SSP_ALL
bool "-fstack-protector-all"
help
Like -fstack-protector except that all functions are
protected. This option might have a significant performance
impact on the compiled binaries.
endchoice
config BR2_SSP_OPTION
string
default "-fstack-protector" if BR2_SSP_REGULAR
default "-fstack-protector-strong" if BR2_SSP_STRONG
default "-fstack-protector-all" if BR2_SSP_ALL
comment "Stack Smashing Protection needs a toolchain w/ SSP"
depends on !BR2_TOOLCHAIN_HAS_SSP
choice
bool "RELRO Protection"
default BR2_RELRO_FULL if BR2_TOOLCHAIN_SUPPORTS_PIE
default BR2_RELRO_PARTIAL
depends on BR2_SHARED_LIBS
help
Enable a link-time protection know as RELRO (RELocation Read
Only) which helps to protect from certain type of exploitation
techniques altering the content of some ELF sections.
config BR2_RELRO_NONE
bool "None"
help
Disables Relocation link-time protections.
config BR2_RELRO_PARTIAL
bool "Partial"
help
This option makes the dynamic section not writeable after
initialization (with almost no performance penalty).
config BR2_RELRO_FULL
bool "Full"
depends on BR2_PIC_PIE_ARCH_SUPPORTS
Config.in: disable PIC/PIE if the toolchain does not support PIE m68k does not seem to really support PIE as it raises the following build failure with aer-inject: /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/7.4.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/m68k-buildroot-linux-uclibc/sysroot/usr/lib/Scrt1.o: in function `lib_main': (.text+0x4): undefined reference to `__shared_flat_add_library' /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/7.4.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: final link failed: bad value We also have another build failure with uclibc on microblazeel: /home/buildroot/autobuild/instance-1/output-1/host/lib/gcc/microblazeel-buildroot-linux-uclibc/8.3.0/../../../../microblazeel-buildroot-linux-uclibc/bin/ld: final link failed: bad value collect2: error: ld returned 1 exit status Makefile.in:114: recipe for target '../utils/getconf' failed So add a BR2_TOOLCHAIN_SUPPORTS_PIE dependency on BR2_PIC_PIE Fixes: - http://autobuild.buildroot.net/results/4cdd6f0368cc9d3c6e88f01b1a8929eb0839b638 - http://autobuild.buildroot.net/results/a82a484409149d7f9aff6140ddcb89f627f508c7 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-27 23:03:34 +01:00
depends on BR2_TOOLCHAIN_SUPPORTS_PIE
select BR2_PIC_PIE
help
This option includes the partial configuration, but also marks
the GOT as read-only at the cost of initialization time during
program loading, i.e every time an executable is started.
Config.in: disable PIC/PIE if the toolchain does not support PIE m68k does not seem to really support PIE as it raises the following build failure with aer-inject: /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/7.4.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/m68k-buildroot-linux-uclibc/sysroot/usr/lib/Scrt1.o: in function `lib_main': (.text+0x4): undefined reference to `__shared_flat_add_library' /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/7.4.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: final link failed: bad value We also have another build failure with uclibc on microblazeel: /home/buildroot/autobuild/instance-1/output-1/host/lib/gcc/microblazeel-buildroot-linux-uclibc/8.3.0/../../../../microblazeel-buildroot-linux-uclibc/bin/ld: final link failed: bad value collect2: error: ld returned 1 exit status Makefile.in:114: recipe for target '../utils/getconf' failed So add a BR2_TOOLCHAIN_SUPPORTS_PIE dependency on BR2_PIC_PIE Fixes: - http://autobuild.buildroot.net/results/4cdd6f0368cc9d3c6e88f01b1a8929eb0839b638 - http://autobuild.buildroot.net/results/a82a484409149d7f9aff6140ddcb89f627f508c7 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-27 23:03:34 +01:00
comment "RELRO Full needs a toolchain w/ PIE"
depends on BR2_PIC_PIE_ARCH_SUPPORTS
Config.in: disable PIC/PIE if the toolchain does not support PIE m68k does not seem to really support PIE as it raises the following build failure with aer-inject: /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/7.4.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/m68k-buildroot-linux-uclibc/sysroot/usr/lib/Scrt1.o: in function `lib_main': (.text+0x4): undefined reference to `__shared_flat_add_library' /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/7.4.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: final link failed: bad value We also have another build failure with uclibc on microblazeel: /home/buildroot/autobuild/instance-1/output-1/host/lib/gcc/microblazeel-buildroot-linux-uclibc/8.3.0/../../../../microblazeel-buildroot-linux-uclibc/bin/ld: final link failed: bad value collect2: error: ld returned 1 exit status Makefile.in:114: recipe for target '../utils/getconf' failed So add a BR2_TOOLCHAIN_SUPPORTS_PIE dependency on BR2_PIC_PIE Fixes: - http://autobuild.buildroot.net/results/4cdd6f0368cc9d3c6e88f01b1a8929eb0839b638 - http://autobuild.buildroot.net/results/a82a484409149d7f9aff6140ddcb89f627f508c7 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-27 23:03:34 +01:00
depends on !BR2_TOOLCHAIN_SUPPORTS_PIE
endchoice
comment "RELocation Read Only (RELRO) needs shared libraries"
depends on !BR2_SHARED_LIBS
config BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
bool
default y
# Microblaze glibc toolchains don't work with Fortify Source enabled
depends on !BR2_microblaze
choice
bool "Buffer-overflow Detection (FORTIFY_SOURCE)"
default BR2_FORTIFY_SOURCE_1
depends on BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
depends on BR2_TOOLCHAIN_USES_GLIBC
depends on !BR2_OPTIMIZE_0
help
Enable the _FORTIFY_SOURCE macro which introduces additional
checks to detect buffer-overflows in the following standard
library functions: memcpy, mempcpy, memmove, memset, strcpy,
stpcpy, strncpy, strcat, strncat, sprintf, vsprintf, snprintf,
vsnprintf, gets.
NOTE: This feature requires an optimization level of s/1/2/3/g
Support for this feature has been present since GCC 4.x.
config BR2_FORTIFY_SOURCE_NONE
bool "None"
help
Disables additional checks to detect buffer-overflows.
config BR2_FORTIFY_SOURCE_1
bool "Conservative"
# gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
help
This option sets _FORTIFY_SOURCE to 1 and only introduces
checks that shouldn't change the behavior of conforming
programs. Adds checks at compile-time only.
config BR2_FORTIFY_SOURCE_2
bool "Aggressive"
# gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
help
This option sets _FORTIFY_SOURCES to 2 and some more
checking is added, but some conforming programs might fail.
Also adds checks at run-time (detected buffer overflow
terminates the program)
config BR2_FORTIFY_SOURCE_3
bool "Extended"
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_12
help
This option sets _FORTIFY_SOURCES to 3 and even more
checking is added compared to level 2. Extends checks at
run-time that can introduce an additional performance
overhead.
endchoice
comment "Fortify Source needs a glibc toolchain and optimization"
depends on BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
depends on (!BR2_TOOLCHAIN_USES_GLIBC || BR2_OPTIMIZE_0)
endmenu
source "system/Config.in"
source "linux/Config.in"
source "package/Config.in"
source "fs/Config.in"
source "boot/Config.in"
source "package/Config.in.host"
source "Config.in.legacy"
# br2-external menus definitions
source "$BR2_BASE_DIR/.br2-external.in.menus"