OK3568_Linux_fs/buildroot/Config.in

#

mainmenu "Buildroot $BR2_VERSION Configuration"

config BR2_HAVE_DOT_CONFIG
	bool
	default y

config BR2_VERSION
	string
	option env="BR2_VERSION_FULL"

config BR2_HOSTARCH
	string
	option env="HOSTARCH"

config BR2_BASE_DIR
	string
	option env="BASE_DIR"

# br2-external paths definitions
source "$BR2_BASE_DIR/.br2-external.in.paths"

# Hidden config symbols for packages to check system gcc version
config BR2_HOST_GCC_VERSION
	string
	option env="HOST_GCC_VERSION"

config BR2_HOST_GCC_AT_LEAST_4_9
	bool
	default y if BR2_HOST_GCC_VERSION = "4 9"

config BR2_HOST_GCC_AT_LEAST_5
	bool
	default y if BR2_HOST_GCC_VERSION = "5"
	select BR2_HOST_GCC_AT_LEAST_4_9

config BR2_HOST_GCC_AT_LEAST_6
	bool
	default y if BR2_HOST_GCC_VERSION = "6"
	select BR2_HOST_GCC_AT_LEAST_5

config BR2_HOST_GCC_AT_LEAST_7
	bool
	default y if BR2_HOST_GCC_VERSION = "7"
	select BR2_HOST_GCC_AT_LEAST_6

config BR2_HOST_GCC_AT_LEAST_8
	bool
	default y if BR2_HOST_GCC_VERSION = "8"
	select BR2_HOST_GCC_AT_LEAST_7

config BR2_HOST_GCC_AT_LEAST_9
	bool
	default y if BR2_HOST_GCC_VERSION = "9"
	select BR2_HOST_GCC_AT_LEAST_8

# When adding new entries above, be sure to update
# the HOSTCC_MAX_VERSION variable in the Makefile.

# Hidden boolean selected by packages in need of Java in order to build
# (example: kodi)
config BR2_NEEDS_HOST_JAVA
	bool

# Hidden boolean selected by pre-built packages for x86, when they
# need to run on x86-64 machines (example: pre-built external
# toolchains, binary tools like SAM-BA, etc.).
config BR2_HOSTARCH_NEEDS_IA32_LIBS
	bool

# Hidden boolean selected by packages that need to build 32 bits
# binaries with the host compiler, even on 64 bits build machines (e.g
# bootloaders).
config BR2_HOSTARCH_NEEDS_IA32_COMPILER
	bool

# Hidden boolean selected by packages that need the host to have an
# UTF8 locale.
config BR2_NEEDS_HOST_UTF8_LOCALE
	bool

# Hidden boolean selected by packages that need the host to have
# support for building gcc plugins
config BR2_NEEDS_HOST_GCC_PLUGIN_SUPPORT
	bool

source "arch/Config.in"

menu "Build options"

menu "Commands"

config BR2_WGET
	string "Wget command"
	# Allow hosts with old certificates to download over https
	default "wget --passive-ftp -nd -t 3 --no-check-certificate"

config BR2_SVN
	string "Subversion (svn) command"
	default "svn --non-interactive"

config BR2_BZR
	string "Bazaar (bzr) command"
	default "bzr"

config BR2_GIT
	string "Git command"
	default "git"

config BR2_CVS
	string "CVS command"
	default "cvs"

config BR2_LOCALFILES
	string "Local files retrieval command"
	default "cp"

config BR2_SCP
	string "Secure copy (scp) command"
	default "scp"

config BR2_HG
	string "Mercurial (hg) command"
	default "hg"

config BR2_ZCAT
	string "zcat command"
	default "gzip -d -c"
	help
	  Command to be used to extract a gzip'ed file to stdout. zcat
	  is identical to gunzip -c except that the former may not be
	  available on your system.
	  Default is "gzip -d -c"
	  Other possible values include "gunzip -c" or "zcat".

config BR2_BZCAT
	string "bzcat command"
	default "bzcat"
	help
	  Command to be used to extract a bzip2'ed file to stdout.
	  bzcat is identical to bunzip2 -c except that the former may
	  not be available on your system.
	  Default is "bzcat"
	  Other possible values include "bunzip2 -c" or "bzip2 -d -c".

config BR2_XZCAT
	string "xzcat command"
	default "xzcat"
	help
	  Command to be used to extract a xz'ed file to stdout.
	  Default is "xzcat"

config BR2_LZCAT
	string "lzcat command"
	default "lzip -d -c"
	help
	  Command to be used to extract a lzip'ed file to stdout.
	  Default is "lzip -d -c"

config BR2_TAR_OPTIONS
	string "Tar options"
	default ""
	help
	  Options to pass to tar when extracting the sources.
	  E.g. " -v --exclude='*.svn*'" to exclude all .svn internal
	  files and to be verbose.

endmenu

config BR2_DEFCONFIG_FROM_ENV
	string
	option env="BR2_DEFCONFIG"

config BR2_DEFCONFIG
	string "Location to save buildroot config"
	default BR2_DEFCONFIG_FROM_ENV if BR2_DEFCONFIG_FROM_ENV != ""
	default "$(CONFIG_DIR)/defconfig"
	help
	  When running 'make savedefconfig', the defconfig file will be
	  saved in this location.

config BR2_DL_DIR
	string "Download dir"
	default "$(TOPDIR)/dl"
	help
	  Directory to store all the source files that we need to fetch.
	  If the Linux shell environment has defined the BR2_DL_DIR
	  environment variable, then this overrides this configuration
	  item.
	  The directory is organized with a subdirectory for each
	  package. Each package has its own $(LIBFOO_DL_DIR) variable
	  that can be used to find the correct path.

	  The default is $(TOPDIR)/dl

config BR2_HOST_DIR
	string "Host dir"
	default "$(BASE_DIR)/host"
	help
	  Directory to store all the binary files that are built for the
	  host. This includes the cross compilation toolchain when
	  building the internal buildroot toolchain.

	  The default is $(BASE_DIR)/host

menu "Mirrors and Download locations"

config BR2_PRIMARY_SITE
	string "Primary download site"
	default ""
	help
	  Primary site to download from. If this option is set then
	  buildroot will try to download package source first from this
	  site and try the default if the file is not found.
	  Valid URIs are:
	    - URIs recognized by $(WGET)
	    - local URIs of the form file://absolutepath
	    - scp URIs of the form scp://[user@]host:path.

config BR2_PRIMARY_SITE_ONLY
	bool "Only allow downloads from primary download site"
	depends on BR2_PRIMARY_SITE != ""
	help
	  If this option is enabled, downloads will only be attempted
	  from the primary download site. Other locations, like the
	  package's official download location or the backup download
	  site, will not be considered. Therefore, if the package is not
	  present on the primary site, the download fails.

	  This is useful for project developers who want to ensure that
	  the project can be built even if the upstream tarball
	  locations disappear.

if !BR2_PRIMARY_SITE_ONLY

config BR2_BACKUP_SITE
	string "Backup download site"
	default "http://sources.buildroot.net"
	help
	  Backup site to download from. If this option is set then
	  buildroot will fall back to download package sources from here
	  if the normal location fails.

config BR2_KERNEL_MIRROR
	string "Kernel.org mirror"
	default "https://cdn.kernel.org/pub"
	help
	  kernel.org is mirrored on a number of servers around the
	  world. The following allows you to select your preferred
	  mirror. By default, a CDN is used, which automatically
	  redirects to a mirror geographically close to you.

	  Have a look on the kernel.org site for a list of mirrors, then
	  enter the URL to the base directory. Examples:

	     http://www.XX.kernel.org/pub (XX = country code)
	     http://mirror.aarnet.edu.au/pub/ftp.kernel.org

config BR2_GNU_MIRROR
	string "GNU Software mirror"
	default "http://ftpmirror.gnu.org"
	help
	  GNU has multiple software mirrors scattered around the
	  world. The following allows you to select your preferred
	  mirror. By default, a generic address is used, which
	  automatically selects an up-to-date and local mirror.

	  Have a look on the gnu.org site for a list of mirrors, then
	  enter the URL to the base directory. Examples:

	     http://ftp.gnu.org/pub/gnu
	     http://mirror.aarnet.edu.au/pub/gnu

config BR2_LUAROCKS_MIRROR
	string "LuaRocks mirror"
	default "http://rocks.moonscript.org"
	help
	  LuaRocks repository.

	  See http://luarocks.org

config BR2_CPAN_MIRROR
	string "CPAN mirror (Perl packages)"
	default "http://cpan.metacpan.org"
	help
	  CPAN (Comprehensive Perl Archive Network) is a repository of
	  Perl packages. It has multiple software mirrors scattered
	  around the world. This option allows you to select a mirror.

	  The list of mirrors is available at:
	  http://search.cpan.org/mirror

endif

endmenu

config BR2_JLEVEL
	int "Number of jobs to run simultaneously (0 for auto)"
	default "0"
	help
	  Number of jobs to run simultaneously. If 0, determine
	  automatically according to number of CPUs on the host system.

config BR2_CCACHE
	bool "Enable compiler cache"
	help
	  This option will enable the use of ccache, a compiler cache.
	  It will cache the result of previous builds to speed up future
	  builds. By default, the cache is stored in
	  $HOME/.buildroot-ccache.

	  Note that Buildroot does not try to invalidate the cache
	  contents when the compiler changes in an incompatible way.
	  Therefore, if you make a change to the compiler version and/or
	  configuration, you are responsible for purging the ccache
	  cache by removing the $HOME/.buildroot-ccache directory.

if BR2_CCACHE

config BR2_CCACHE_DIR
	string "Compiler cache location"
	default "$(HOME)/.buildroot-ccache"
	help
	  Where ccache should store cached files.
	  If the Linux shell environment has defined the BR2_CCACHE_DIR
	  environment variable, then this overrides this configuration
	  item.

config BR2_CCACHE_INITIAL_SETUP
	string "Compiler cache initial setup"
	help
	  Initial ccache settings to apply, such as --max-files or
	  --max-size.

	  For example, if your project is known to require more space
	  than the default max cache size, then you might want to
	  increase the cache size to a suitable amount using the -M
	  (--max-size) option.

	  The string you specify here is passed verbatim to ccache.
	  Refer to ccache documentation for more details.

	  These initial settings are applied after ccache has been
	  compiled.

config BR2_CCACHE_USE_BASEDIR
	bool "Use relative paths"
	default y
	help
	  Allow ccache to convert absolute paths within the output
	  directory into relative paths.

	  During the build, many -I include directives are given with an
	  absolute path. These absolute paths end up in the hashes that
	  are computed by ccache. Therefore, when you build from a
	  different directory, the hash will be different and the cached
	  object will not be used.

	  To improve cache performance, set this option to y. This
	  allows ccache to rewrite absolute paths within the output
	  directory into relative paths. Note that only paths within the
	  output directory will be rewritten; therefore, if you change
	  BR2_HOST_DIR to point outside the output directory and
	  subsequently move it to a different location, this will lead
	  to cache misses.

	  This option has as a result that the debug information in the
	  object files also has only relative paths. Therefore, make
	  sure you cd to the build directory before starting gdb. See
	  the section "COMPILING IN DIFFERENT DIRECTORIES" in the ccache
	  manual for more information.

endif

config BR2_ENABLE_DEBUG
	bool "build packages with debugging symbols"
	help
	  Build packages with debugging symbols enabled. All libraries
	  and binaries in the 'staging' directory will have debugging
	  symbols, which allows remote debugging even if libraries and
	  binaries are stripped on the target. Whether libraries and
	  binaries are stripped on the target is controlled by the
	  BR2_STRIP_* options below.

if BR2_ENABLE_DEBUG
choice
	prompt "gcc debug level"
	default BR2_DEBUG_2
	help
	  Set the debug level for gcc

config BR2_DEBUG_1
	bool "debug level 1"
	help
	  Debug level 1 produces minimal information, enough for making
	  backtraces in parts of the program that you don't plan to
	  debug. This includes descriptions of functions and external
	  variables, but no information about local variables and no
	  line numbers.

config BR2_DEBUG_2
	bool "debug level 2"
	help
	  The default gcc debug level is 2

config BR2_DEBUG_3
	bool "debug level 3"
	help
	  Level 3 includes extra information, such as all the macro
	  definitions present in the program. Some debuggers support
	  macro expansion when you use -g3.
endchoice
endif

config BR2_ENABLE_RUNTIME_DEBUG
	bool "build packages with runtime debugging info"
	help
	  Some packages may have runtime assertions, extra traces, and
	  similar runtime elements that can help debugging. However,
	  these elements may negatively influence performance so should
	  normally not be enabled on production systems.

	  Enable this option to enable such runtime debugging.

	  Note: disabling this option is not a guarantee that all
	  packages effectively removed these runtime debugging elements.

config BR2_STRIP_strip
	bool "strip target binaries"
	default y
	depends on !BR2_PACKAGE_HOST_ELF2FLT
	help
	  Binaries and libraries in the target filesystem will be
	  stripped using the normal 'strip' command. This allows to save
	  space, mainly by removing debugging symbols. Debugging symbols
	  on the target are needed for native debugging, but not when
	  remote debugging is used.

config BR2_STRIP_EXCLUDE_FILES
	string "executables that should not be stripped"
	default ""
	depends on BR2_STRIP_strip
	help
	  You may specify a space-separated list of binaries and
	  libraries here that should not be stripped on the target.

config BR2_STRIP_EXCLUDE_DIRS
	string "directories that should be skipped when stripping"
	default ""
	depends on BR2_STRIP_strip
	help
	  You may specify a space-separated list of directories that
	  should be skipped when stripping. Binaries and libraries in
	  these directories will not be touched. The directories should
	  be specified relative to the target directory, without leading
	  slash.

choice
	prompt "gcc optimization level"
	default BR2_OPTIMIZE_S
	help
	  Set the optimization level for gcc

config BR2_OPTIMIZE_0
	bool "optimization level 0"
	help
	  Do not optimize.

config BR2_OPTIMIZE_1
	bool "optimization level 1"
	help
	  Optimize. Optimizing compilation takes somewhat more time, and
	  a lot more memory for a large function. With -O, the compiler
	  tries to reduce code size and execution time, without
	  performing any optimizations that take a great deal of
	  compilation time. -O turns on the following optimization
	  flags: -fdefer-pop -fdelayed-branch -fguess-branch-probability
	  -fcprop-registers -floop-optimize -fif-conversion
	  -fif-conversion2 -ftree-ccp -ftree-dce -ftree-dominator-opts
	  -ftree-dse -ftree-ter -ftree-lrs -ftree-sra -ftree-copyrename
	  -ftree-fre -ftree-ch -funit-at-a-time -fmerge-constants. -O
	  also turns on -fomit-frame-pointer on machines where doing so
	  does not interfere with debugging.

config BR2_OPTIMIZE_2
	bool "optimization level 2"
	help
	  Optimize even more. GCC performs nearly all supported
	  optimizations that do not involve a space-speed tradeoff. The
	  compiler does not perform loop unrolling or function inlining
	  when you specify -O2. As compared to -O, this option increases
	  both compilation time and the performance of the generated
	  code. -O2 turns on all optimization flags specified by -O. It
	  also turns on the following optimization flags:
	  -fthread-jumps -fcrossjumping -foptimize-sibling-calls
	  -fcse-follow-jumps -fcse-skip-blocks -fgcse  -fgcse-lm
	  -fexpensive-optimizations -fstrength-reduce
	  -frerun-cse-after-loop -frerun-loop-opt -fcaller-saves
	  -fpeephole2 -fschedule-insns -fschedule-insns2
	  -fsched-interblock -fsched-spec -fregmove -fstrict-aliasing
	  -fdelete-null-pointer-checks -freorder-blocks
	  -freorder-functions -falign-functions -falign-jumps
	  -falign-loops -falign-labels -ftree-vrp -ftree-pre. Please
	  note the warning under -fgcse about invoking -O2 on programs
	  that use computed gotos.

config BR2_OPTIMIZE_3
	bool "optimization level 3"
	help
	  Optimize yet more. -O3 turns on all optimizations specified by
	  -O2 and also turns on the -finline-functions, -funswitch-loops
	  and -fgcse-after-reload options.

config BR2_OPTIMIZE_G
	bool "optimize for debugging"
	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8
	help
	  Optimize for debugging. This enables optimizations that do not
	  interfere with debugging. It should be the optimization level
	  of choice for the standard edit-compile-debug cycle, offering
	  a reasonable level of optimization while maintaining fast
	  compilation and a good debugging experience.

config BR2_OPTIMIZE_S
	bool "optimize for size"
	help
	  Optimize for size. -Os enables all -O2 optimizations that do
	  not typically increase code size. It also performs further
	  optimizations designed to reduce code size. -Os disables the
	  following optimization flags: -falign-functions -falign-jumps
	  -falign-loops -falign-labels -freorder-blocks
	  -freorder-blocks-and-partition -fprefetch-loop-arrays
	  -ftree-vect-loop-version
	  This is the default.

config BR2_OPTIMIZE_FAST
	bool "optimize for fast (may break packages!)"
	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_6
	help
	  Optimize for fast. Disregard strict standards
	  compliance. -Ofast enables all -O3 optimizations. It also
	  enables optimizations that are not valid for all
	  standard-compliant programs, so be careful, as it may break
	  some packages. It turns on -ffast-math and the
	  Fortran-specific -fstack-arrays, unless -fmax-stack-var-size
	  is specified, and -fno-protect-parens.

endchoice

config BR2_GOOGLE_BREAKPAD_ENABLE
	bool "Enable google-breakpad support"
	depends on BR2_INSTALL_LIBSTDCPP
	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # C++11
	depends on BR2_USE_WCHAR
	depends on BR2_TOOLCHAIN_HAS_THREADS
	depends on (BR2_TOOLCHAIN_USES_GLIBC || BR2_TOOLCHAIN_USES_UCLIBC)
	depends on BR2_PACKAGE_GOOGLE_BREAKPAD_ARCH_SUPPORTS
	depends on BR2_PACKAGE_HOST_GOOGLE_BREAKPAD_ARCH_SUPPORTS
	select BR2_PACKAGE_GOOGLE_BREAKPAD
	help
	  This option will enable the use of google breakpad, a library
	  and tool suite that allows you to distribute an application to
	  users with compiler-provided debugging information removed,
	  record crashes in compact "minidump" files, send them back to
	  your server and produce C and C++ stack traces from these
	  minidumps. Breakpad can also write minidumps on request for
	  programs that have not crashed.

if BR2_GOOGLE_BREAKPAD_ENABLE

config BR2_GOOGLE_BREAKPAD_INCLUDE_FILES
	string "List of executables and libraries to extract symbols from"
	default ""
	help
	  You may specify a space-separated list of binaries and
	  libraries with full paths relative to $(TARGET_DIR) of which
	  debug symbols will be dumped for further use with google
	  breakpad.

	  A directory structure that can be used by minidump-stackwalk
	  will be created at:

	  $(STAGING_DIR)/usr/share/google-breakpad-symbols

endif

choice
	bool "libraries"
	default BR2_SHARED_LIBS if BR2_BINFMT_SUPPORTS_SHARED
	default BR2_STATIC_LIBS if !BR2_BINFMT_SUPPORTS_SHARED
	help
	  Select the type of libraries you want to use on the target.

	  The default is to build dynamic libraries and use those on the
	  target filesystem, except when the architecture and/or the
	  selected binary format does not support shared libraries.

config BR2_STATIC_LIBS
	bool "static only"
	help
	  Build and use only static libraries. No shared libraries will
	  be installed on the target. This potentially increases your
	  code size and should only be used if you know what you are
	  doing. Note that some packages may not be available when this
	  option is enabled, due to their need for dynamic library
	  support.

config BR2_SHARED_LIBS
	bool "shared only"
	depends on BR2_BINFMT_SUPPORTS_SHARED
	help
	  Build and use only shared libraries. This is the recommended
	  solution as it saves space and build time.

config BR2_SHARED_STATIC_LIBS
	bool "both static and shared"
	depends on BR2_BINFMT_SUPPORTS_SHARED
	help
	  Build both shared and static libraries, but link executables
	  dynamically. While building both shared and static libraries
	  take more time and more disk space, having static libraries
	  may be useful to link some of the applications statically.

endchoice

config BR2_PACKAGE_OVERRIDE_FILE
	string "location of a package override file"
	default "$(CONFIG_DIR)/local.mk"
	help
	  A package override file is a short makefile that contains
	  variable definitions of the form <pkg>_OVERRIDE_SRCDIR, which
	  allows to tell Buildroot to use an existing directory as the
	  source directory for a particular package. See the Buildroot
	  documentation for more details on this feature.

config BR2_GLOBAL_PATCH_DIR
	string "global patch directories"
	help
	  You may specify a space separated list of one or more
	  directories containing global package patches. For a specific
	  version <packageversion> of a specific package <packagename>,
	  patches are applied as follows:

	  First, the default Buildroot patch set for the package is
	  applied from the package's directory in Buildroot.

	  Then for every directory - <global-patch-dir> - that exists in
	  BR2_GLOBAL_PATCH_DIR, if the directory
	  <global-patch-dir>/<packagename>/<packageversion>/ exists,
	  then all *.patch files in this directory will be applied.

	  Otherwise, if the directory <global-patch-dir>/<packagename>
	  exists, then all *.patch files in the directory will be
	  applied.

menu "Advanced"

config BR2_COMPILER_PARANOID_UNSAFE_PATH
	bool "paranoid check of library/header paths"
	default y
	help
	  By default, when this option is disabled, when the Buildroot
	  cross-compiler will encounter an unsafe library or header path
	  (such as /usr/include, or /usr/lib), the compiler will display
	  a warning.

	  By enabling this option, this warning is turned into an error,
	  which will completely abort the build when such unsafe paths
	  are encountered.

	  Note that this mechanism is available for both the internal
	  toolchain (through the toolchain wrapper and binutils patches)
	  and external toolchain backends (through the toolchain
	  wrapper).

config BR2_FORCE_HOST_BUILD
	bool "Force the building of host dependencies"
	help
	  Build all available host dependencies, even if they are
	  already installed on the system.

	  This option can be used to ensure that the download cache of
	  source archives for packages remain consistent between
	  different build hosts.

	  This option will increase build time.

config BR2_REPRODUCIBLE
	bool "Make the build reproducible (experimental)"
	# SOURCE_DATE_EPOCH support in toolchain-wrapper requires GCC 4.4
	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_4
	help
	  This option will remove all sources of non-reproducibility
	  from the build process. For a given Buildroot configuration,
	  this allows to generate exactly identical binaries from one
	  build to the other, including on different machines.

	  The current implementation is restricted to builds with the
	  same output directory. Many (absolute) paths are recorded in
	  intermediary files, and it is very likely that some of these
	  paths leak into the target rootfs. If you build with the
	  same O=... path, however, the result is identical.

	  This is labeled as an experimental feature, as not all
	  packages behave properly to ensure reproducibility.

config BR2_PER_PACKAGE_DIRECTORIES
	bool "Use per-package directories (experimental)"
	help
	  This option will change the build process of Buildroot
	  package to use per-package target and host directories.

	  This is useful for two related purposes:

	    - Cleanly isolate the build of each package, so that a
	      given package only "sees" the dependencies it has
	      explicitly expressed, and not other packages that may
	      have by chance been built before.

	    - Enable top-level parallel build.

	  This is labeled as an experimental feature, as not all
	  packages behave properly with per-package directories.

endmenu

comment "Security Hardening Options"

config BR2_PIC_PIE_ARCH_SUPPORTS
	bool
	default y
	# Microblaze glibc toolchains don't work with PIC/PIE enabled
	depends on !BR2_microblaze
	# Nios2 toolchains produce non working binaries with -fPIC
	depends on !BR2_nios2

config BR2_PIC_PIE
	bool "Build code with PIC/PIE"
	default y
	depends on BR2_PIC_PIE_ARCH_SUPPORTS
	depends on BR2_SHARED_LIBS
	depends on BR2_TOOLCHAIN_SUPPORTS_PIE
	help
	  Generate Position-Independent Code (PIC) and link
	  Position-Independent Executables (PIE).

comment "PIC/PIE needs a toolchain w/ PIE"
	depends on BR2_PIC_PIE_ARCH_SUPPORTS
	depends on BR2_SHARED_LIBS
	depends on !BR2_TOOLCHAIN_SUPPORTS_PIE

choice
	bool "Stack Smashing Protection"
	default BR2_SSP_ALL if BR2_ENABLE_SSP # legacy
	default BR2_SSP_STRONG if BR2_TOOLCHAIN_HAS_SSP_STRONG
	default BR2_SSP_REGULAR
	depends on BR2_TOOLCHAIN_HAS_SSP
	help
	  Enable stack smashing protection support using GCC's
	  -fstack-protector option family.

	  See
	  http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
	  for details.

	  Note that this requires the toolchain to have SSP support.
	  This is always the case for glibc and eglibc toolchain, but is
	  optional in uClibc toolchains.

config BR2_SSP_NONE
	bool "None"
	help
	  Disable stack-smashing protection.

config BR2_SSP_REGULAR
	bool "-fstack-protector"
	help
	  Emit extra code to check for buffer overflows, such as stack
	  smashing attacks. This is done by adding a guard variable to
	  functions with vulnerable objects. This includes functions
	  that call alloca, and functions with buffers larger than 8
	  bytes. The guards are initialized when a function is entered
	  and then checked when the function exits. If a guard check
	  fails, an error message is printed and the program exits.

config BR2_SSP_STRONG
	bool "-fstack-protector-strong"
	depends on BR2_TOOLCHAIN_HAS_SSP_STRONG
	help
	  Like -fstack-protector but includes additional functions to be
	  protected - those that have local array definitions, or have
	  references to local frame addresses.

	  -fstack-protector-strong officially appeared in gcc 4.9, but
	  some vendors have backported -fstack-protector-strong to older
	  versions of gcc.

config BR2_SSP_ALL
	bool "-fstack-protector-all"
	help
	  Like -fstack-protector except that all functions are
	  protected. This option might have a significant performance
	  impact on the compiled binaries.

endchoice

config BR2_SSP_OPTION
	string
	default "-fstack-protector"        if BR2_SSP_REGULAR
	default "-fstack-protector-strong" if BR2_SSP_STRONG
	default "-fstack-protector-all"    if BR2_SSP_ALL

comment "Stack Smashing Protection needs a toolchain w/ SSP"
	depends on !BR2_TOOLCHAIN_HAS_SSP

choice
	bool "RELRO Protection"
	default BR2_RELRO_FULL if BR2_TOOLCHAIN_SUPPORTS_PIE
	default BR2_RELRO_PARTIAL
	depends on BR2_SHARED_LIBS
	help
	  Enable a link-time protection know as RELRO (RELocation Read
	  Only) which helps to protect from certain type of exploitation
	  techniques altering the content of some ELF sections.

config BR2_RELRO_NONE
	bool "None"
	help
	  Disables Relocation link-time protections.

config BR2_RELRO_PARTIAL
	bool "Partial"
	help
	  This option makes the dynamic section not writeable after
	  initialization (with almost no performance penalty).

config BR2_RELRO_FULL
	bool "Full"
	depends on BR2_PIC_PIE_ARCH_SUPPORTS
	depends on BR2_TOOLCHAIN_SUPPORTS_PIE
	select BR2_PIC_PIE
	help
	  This option includes the partial configuration, but also marks
	  the GOT as read-only at the cost of initialization time during
	  program loading, i.e every time an executable is started.

comment "RELRO Full needs a toolchain w/ PIE"
	depends on BR2_PIC_PIE_ARCH_SUPPORTS
	depends on !BR2_TOOLCHAIN_SUPPORTS_PIE

endchoice

comment "RELocation Read Only (RELRO) needs shared libraries"
	depends on !BR2_SHARED_LIBS

config BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
	bool
	default y
	# Microblaze glibc toolchains don't work with Fortify Source enabled
	depends on !BR2_microblaze

choice
	bool "Buffer-overflow Detection (FORTIFY_SOURCE)"
	default BR2_FORTIFY_SOURCE_1
	depends on BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
	depends on BR2_TOOLCHAIN_USES_GLIBC
	depends on !BR2_OPTIMIZE_0
	help
	  Enable the _FORTIFY_SOURCE macro which introduces additional
	  checks to detect buffer-overflows in the following standard
	  library functions: memcpy, mempcpy, memmove, memset, strcpy,
	  stpcpy, strncpy, strcat, strncat, sprintf, vsprintf, snprintf,
	  vsnprintf, gets.

	  NOTE: This feature requires an optimization level of s/1/2/3/g

	  Support for this feature has been present since GCC 4.x.

config BR2_FORTIFY_SOURCE_NONE
	bool "None"
	help
	  Disables additional checks to detect buffer-overflows.

config BR2_FORTIFY_SOURCE_1
	bool "Conservative"
	# gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
	depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
	help
	  This option sets _FORTIFY_SOURCE to 1 and only introduces
	  checks that shouldn't change the behavior of conforming
	  programs.  Adds checks at compile-time only.

config BR2_FORTIFY_SOURCE_2
	bool "Aggressive"
	# gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
	depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
	help
	  This option sets _FORTIFY_SOURCES to 2 and some more
	  checking is added, but some conforming programs might fail.
	  Also adds checks at run-time (detected buffer overflow
	  terminates the program)

endchoice

comment "Fortify Source needs a glibc toolchain and optimization"
	depends on BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
	depends on (!BR2_TOOLCHAIN_USES_GLIBC || BR2_OPTIMIZE_0)
endmenu

source "toolchain/Config.in"

source "system/Config.in"

source "linux/Config.in"

source "package/Config.in"

source "fs/Config.in"

source "boot/Config.in"

source "package/Config.in.host"

source "Config.in.legacy"

# br2-external menus definitions
source "$BR2_BASE_DIR/.br2-external.in.menus"