HardenedBSD/share/examples/etc/make.conf

297 lines
11 KiB
Plaintext
Raw Normal View History

1999-08-28 01:37:10 +02:00
# $FreeBSD$
#
# NOTE: Please would any committer updating this file also update the
# make.conf(5) manual page, if necessary, which is located in
# src/share/man/man5/make.conf.5.
#
# /etc/make.conf, if present, will be read by make (see
# /usr/share/mk/sys.mk). It allows you to override macro definitions
# to make without changing your source tree, or anything the source
# tree installs.
#
# This file must be in valid Makefile syntax.
#
# There are additional things you can put into /etc/make.conf.
# You have to find those in the Makefiles and documentation of
# the source tree.
#
Overhaul the MACHINE_CPU behaviour: * Rip out MACHINE_CPU stuff from sys.mk and include a new <bsd.cpu.mk> after we pull in /etc/make.conf. We need to do it afterwards so we can react to the user setting of the: * CPUTYPE variable, which contains the CPU type which the user wants to optimize for. For example, if you want your binaries to only run on an i686-class machine (or higher), set this to i686. If you want to support running binaries on a variety of CPU generations, set this to the lowest common denominator. Supported values are listed in make.conf. * bsd.cpu.mk does the expansion of CPUTYPE into MACHINE_CPU using the (hopefully) correct unordered list of CPU types which should be used on that CPU. For example, an AMD k6 CPU wants any of the following: k6 k5 i586 i486 i386 This is still an unordered list so the client makefile logic is simple - client makefiles need to test for the various elements of the set in decreasing order of priority using ${MACHINE_CPU:M<foo>}, as before. The various MACHINE_CPU lists are believed to be correct, but should be checked. * If NO_CPU_CFLAGS is not defined, add relevant gcc compiler optimization settings by default (e.g. -karch=k6 for CPUTYPE=k6, etc). Release builders and developers of third-party software need to make sure not to enable CPU-specific optimization when generating code intended to be portable. We probably need to move to an /etc/world.conf to allow the optimization stuff to be applied separately to world/kernel and external compilations, but it's not any worse a problem than it was before. * Add coverage for the ia64/itanium MACHINE_ARCH/CPUTYPE. * Add CPUTYPE support for all of the CPU types supported by FreeBSD and gcc (only i386, alpha and ia64 first, since those are the minimally-working ports. Other architecture porters, please feel free to add the relevant gunk for your platform). Reviewed by: jhb, obrien
2001-02-22 12:14:25 +01:00
#
# The CPUTYPE variable controls which processor should be targetted for
# generated code. This controls processor-specific optimizations in
# certain code (currently only OpenSSL) as well as modifying the value
# of CFLAGS to contain the appropriate optimization directive to gcc.
# The automatic setting of CFLAGS may be overridden using the
# NO_CPU_CFLAGS variable below.
# Currently the following CPU types are recognised:
# Intel x86 architecture:
# (AMD CPUs) k7 k6-2 k6 k5
# (Intel CPUs) p4 p3 p2 i686 i586/mmx i586 i486 i386
Overhaul the MACHINE_CPU behaviour: * Rip out MACHINE_CPU stuff from sys.mk and include a new <bsd.cpu.mk> after we pull in /etc/make.conf. We need to do it afterwards so we can react to the user setting of the: * CPUTYPE variable, which contains the CPU type which the user wants to optimize for. For example, if you want your binaries to only run on an i686-class machine (or higher), set this to i686. If you want to support running binaries on a variety of CPU generations, set this to the lowest common denominator. Supported values are listed in make.conf. * bsd.cpu.mk does the expansion of CPUTYPE into MACHINE_CPU using the (hopefully) correct unordered list of CPU types which should be used on that CPU. For example, an AMD k6 CPU wants any of the following: k6 k5 i586 i486 i386 This is still an unordered list so the client makefile logic is simple - client makefiles need to test for the various elements of the set in decreasing order of priority using ${MACHINE_CPU:M<foo>}, as before. The various MACHINE_CPU lists are believed to be correct, but should be checked. * If NO_CPU_CFLAGS is not defined, add relevant gcc compiler optimization settings by default (e.g. -karch=k6 for CPUTYPE=k6, etc). Release builders and developers of third-party software need to make sure not to enable CPU-specific optimization when generating code intended to be portable. We probably need to move to an /etc/world.conf to allow the optimization stuff to be applied separately to world/kernel and external compilations, but it's not any worse a problem than it was before. * Add coverage for the ia64/itanium MACHINE_ARCH/CPUTYPE. * Add CPUTYPE support for all of the CPU types supported by FreeBSD and gcc (only i386, alpha and ia64 first, since those are the minimally-working ports. Other architecture porters, please feel free to add the relevant gunk for your platform). Reviewed by: jhb, obrien
2001-02-22 12:14:25 +01:00
# Alpha/AXP architecture: ev6 pca56 ev56 ev5 ev45 ev4
# Intel ia64 architecture: itanium
#
#CPUTYPE=i686
#NO_CPU_CFLAGS= true # Don't add -march=<cpu> to CFLAGS automatically
#NO_CPU_COPTFLAGS=true # Don't add -march=<cpu> to COPTFLAGS automatically
#
2000-03-27 04:48:12 +02:00
# CFLAGS controls the compiler settings used when compiling C code.
# Note that optimization settings above -O (-O2, ...) are not recommended
2000-03-27 04:48:12 +02:00
# or supported for compiling the world or the kernel - please revert any
# nonstandard optimization settings to "-O" before submitting bug reports
2000-03-27 04:48:12 +02:00
# to the developers.
# Note also that at this time the -O2 setting is known to produce BROKEN
# CODE on the Alpha platform.
#
#CFLAGS= -O -pipe
#
# CXXFLAGS controls the compiler settings used when compiling C++ code.
# Note that CXXFLAGS is initially set to the value of CFLAGS. If you wish
# to add to CXXFLAGS value, "+=" must be used rather than "=". Using "="
# alone will remove the often needed contents of CFLAGS from CXXFLAGS.
#
#CXXFLAGS+= -fmemoize-lookups -fsave-memoized
#
# BDECFLAGS are a set of gcc warning settings that Bruce Evans has suggested
# for use in developing FreeBSD and testing changes. They can be used by
# putting "CFLAGS+=${BDECFLAGS}" in /etc/make.conf. -Wconversion is not
# included here due to compiler bugs, eg: mkdir()'s mode_t argument.
#
#BDECFLAGS= -W -Wall -ansi -pedantic -Wbad-function-cast -Wcast-align \
# -Wcast-qual -Wchar-subscripts -Winline \
# -Wmissing-prototypes -Wnested-externs -Wpointer-arith \
# -Wredundant-decls -Wshadow -Wstrict-prototypes -Wwrite-strings
#
# To compile just the kernel with special optimizations, you should use
# this instead of CFLAGS (which is not applicable to kernel builds anyway).
# There is very little to gain by using higher optimization levels, and doing
# so can cause problems.
#
#COPTFLAGS= -O -pipe
#
# To build the system compiler such that it forces high optimization levels to
# a lower one. GCC -O2+ is known to trigger known optimizer bugs at various
# times -- this is worse on the Alpha platform. The value assigned here will
# be the highest optimization value used.
#WANT_FORCE_OPTIMIZATION_DOWNGRADE=1
#
1999-01-06 03:44:29 +01:00
# Compare before install
#INSTALL=install -C
#
# Mtree will follow symlinks
#MTREE_FOLLOWS_SYMLINKS= -L
#
# To enable installing suidperl with the setuid bit turned on
#ENABLE_SUIDPERL= true
1998-03-18 08:58:49 +01:00
#
2000-08-18 02:09:46 +02:00
# To build ppp with normal permissions
#PPP_NOSUID= true
#
# To enable installing ssh(1) with the setuid bit turned on
#ENABLE_SUID_SSH= true
#
# To avoid building various parts of the base system:
#NO_CVS= true # do not build CVS
2002-02-11 08:09:22 +01:00
#NO_CXX= true # do not build C++ and friends
#NO_BIND= true # do not build BIND
#NO_FORTRAN= true # do not build g77 and related libraries
2002-02-11 08:09:22 +01:00
#NO_GDB= true # do not build GDB
#NO_I4B= true # do not build isdn4bsd package
#NO_IPFILTER= true # do not build IP Filter package
#NO_LPR= true # do not build lpr and related programs
#NO_MAILWRAPPER=true # do not build the mailwrapper(8) MTA selector
#NO_MODULES= true # do not build modules with the kernel
#NO_OBJC= true # do not build Objective C support
#NO_OPENSSH= true # do not build OpenSSH
#NO_OPENSSL= true # do not build OpenSSL (implies NO_OPENSSH)
2002-03-16 16:14:41 +01:00
#NO_PERL= true # do not build perl5. Disables OpenSSL optimizations
#NO_SENDMAIL= true # do not build sendmail and related programs
#NO_SHAREDOCS= true # do not build the 4.4BSD legacy docs
2000-04-17 22:45:20 +02:00
#NO_TCSH= true # do not build and install /bin/csh (which is tcsh)
#NO_X= true # do not compile in XWindows support (e.g. doscmd)
#NOCRYPT= true # do not build any crypto code
#NOGAMES= true # do not build games (games/ subdir)
#NOINFO= true # do not make or install info files
#NOLIBC_R= true # do not build libc_r (re-entrant version of libc)
2002-03-16 16:14:41 +01:00
#NOPERL= true # Deprecated version of NO_PERL
#NOPROFILE= true # Avoid compiling profiled libraries
#NOSECURE= true # do not build crypto code in secure/ subdir
#NOSHARE= true # do not go into the share subdir
#NOUUCP= true # do not build uucp related programs
#
# To build the OpenSSL manpages, uncomment the following. These are not
# built by default because they clobber a number of system manpages with
# manpages describing parts of the OpenSSL toolkit, including passwd(1),
# err(3), md5(3), and others.
#
#WANT_OPENSSL_MANPAGES= true
#
# To build sys/modules when building the world (our old way of doing things)
#MODULES_WITH_WORLD=true # do not build modules when building kernel
#
# The list of modules to build instead of all of them.
#MODULES_OVERRIDE= linux ipfw
#
# The following controls building optional IDEA code in libcrypto and
# certain ports. Patents are involved - you must not use this unless
# you either have a license or fall within patent 'fair use'
# provisions.
#
# *** It is YOUR RESPONSIBILITY to determine if you can use this! ***
#
# IDEA is patented in the USA and many european countries - thought to
# be OK to use for any non-commercial use. This is optional.
#MAKE_IDEA= YES # IDEA (128 bit symmetric encryption)
#
# To avoid running MAKEDEV all on /dev during install set NO_MAKEDEV_RUN.
# If you don't want to install MAKEDEV set NO_MAKEDEV_INSTALL, this implies
# NO_MAKEDEV_RUN.
#NO_MAKEDEV_INSTALL= true
#NO_MAKEDEV_RUN= true
#
# If you do not want unformatted manual pages to be compressed
# when they are installed:
#
#NOMANCOMPRESS= true
#
#
# If you want the "compat" shared libraries installed as part of your normal
# builds, uncomment these:
#
#COMPAT1X= yes
#COMPAT20= yes
#COMPAT21= yes
#COMPAT22= yes
#COMPAT3X= yes
#COMPAT4X= yes
#
#
# Default format for system documentation, depends on your printer.
# Set this to "ascii" for simple printers or screen
#
#PRINTERDEVICE= ps
#
#
1996-02-15 22:14:36 +01:00
# How long to wait for a console keypress before booting the default kernel.
# This value is approximately in milliseconds. Keypresses are accepted by the
# BIOS before booting from disk, making it possible to give custom boot
# parameters even when this is set to 0.
#
#BOOTWAIT=0
#BOOTWAIT=30000
#
# By default, the system will always use the keyboard/video card as system
1997-06-09 07:38:41 +02:00
# console. However, the boot blocks may be dynamically configured to use a
# serial port in addition to or instead of the keyboard/video console.
#
# By default we use COM1 as our serial console port *if* we're going to use
# a serial port as our console at all. Alter as necessary.
#
# COM1: = 0x3F8, COM2: = 0x2F8, COM3: = 0x3E8, COM4: = 0x2E8
#
1996-10-14 19:27:53 +02:00
#BOOT_COMCONSOLE_PORT= 0x3F8
#
1997-06-09 07:38:41 +02:00
# The default serial console speed is 9600. Set the speed to a larger value
# for better interactive response.
#
1997-06-09 07:38:41 +02:00
#BOOT_COMCONSOLE_SPEED= 115200
#
# By default the 'pxeboot' loader retrieves the kernel via NFS. Defining
# this and recompiling /usr/src/sys/boot will cause it to retrieve the kernel
# via TFTP. This allows pxeboot to load a custom BOOTP diskless kernel yet
# still mount the server's '/' (i.e. rather then load the server's kernel).
#
#LOADER_TFTP_SUPPORT= YES
1996-10-14 19:27:53 +02:00
#
#
1994-09-30 15:57:01 +01:00
# Kerberos IV
# If you want KerberosIV (KTH eBones), define this:
1994-09-30 15:57:01 +01:00
#
#MAKE_KERBEROS4= yes
#
#
# Kerberos 5
# If you want Kerberos 5 (KTH Heimdal), define this:
#
#MAKE_KERBEROS5= yes
#
#
1998-08-01 21:55:32 +02:00
# Kerberos5
# If you want to install MIT Kerberos5 port somewhere other than /usr/local,
# define this (this is also used to tell ssh1 that kerberos is needed):
1998-08-01 21:55:32 +02:00
#
#KRB5_HOME= /usr/local
1998-08-01 21:55:32 +02:00
#
#
1998-06-26 03:44:57 +02:00
# CVSup update flags. Edit SUPFILE settings to reflect whichever distribution
# file(s) you use on your site (see /usr/share/examples/cvsup/README for more
# information on CVSup and these files). To use, do "make update" in /usr/src.
#
#SUP_UPDATE= yes
1996-10-05 20:51:45 +02:00
#
#SUP= /usr/local/bin/cvsup
#SUPFLAGS= -g -L 2
#SUPHOST= cvsup.uk.FreeBSD.org
1996-10-05 20:51:45 +02:00
#SUPFILE= /usr/share/examples/cvsup/standard-supfile
1999-06-01 04:55:44 +02:00
#PORTSSUPFILE= /usr/share/examples/cvsup/ports-supfile
#DOCSUPFILE= /usr/share/examples/cvsup/doc-supfile
#
# top(1) uses a hash table for the user names. The size of this hash
# can be tuned to match the number of local users. The table size should
# be a prime number approximately twice as large as the number of lines in
# /etc/passwd. The default number is 20011.
#
#TOP_TABLE_SIZE= 101
#
# Documentation
#
# The list of languages and encodings to build and install
#
2001-06-11 03:26:52 +02:00
#DOC_LANG= en_US.ISO8859-1 ru_RU.KOI8-R
#
#
# sendmail
#
# The following sets the default m4 configuration file to use at
# install time. Use with caution as a make install will overwrite
# any existing /etc/mail/sendmail.cf. Note that SENDMAIL_CF is now
# deprecated. The value should be a fully qualified path name.
#
#SENDMAIL_MC=/etc/mail/myconfig.mc
#
# If you need to build additional .cf files during a make buildworld,
# include the full paths to the .mc files in SENDMAIL_ADDITIONAL_MC.
#
#SENDMAIL_ADDITIONAL_MC=/etc/mail/foo.mc /etc/mail/bar.mc
#
# Setting the following variable modifies the flags passed to m4 when
# building a .cf file from a .mc file. It can be used to enable
# features disabled by default.
#
#SENDMAIL_M4_FLAGS=
#
2001-06-27 03:48:02 +02:00
# Setting the following variables modifies the build environment for
# sendmail and its related utilities. For example, SASL support can be
# added with settings such as:
#
# SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
# SENDMAIL_LDFLAGS=-L/usr/local/lib
# SENDMAIL_LDADD=-lsasl
#
# Note: If you are using Cyrus SASL with other applications which require
# access to the sasldb file, you should add '-D_FFR_UNSAFE_SASL' to
# SENDMAIL_CFLAGS. Also, add the following to your sendmail.mc file:
#
# define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')
#
#SENDMAIL_CFLAGS=
#SENDMAIL_LDFLAGS=
#SENDMAIL_LDADD=
#SENDMAIL_DPADD=
#
# Setting SENDMAIL_SET_USER_ID will install the sendmail binary as a
# set-user-ID root binary instead of a set-group-ID smmsp binary and will
# prevent the installation of /etc/mail/submit.cf.
# This is a deprecated mode of operation. See etc/mail/README for more
# information.
#
#SENDMAIL_SET_USER_ID=