1.\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman. 2.Dd October 30, 2024 3.Dt SRC.CONF 5 4.Os 5.Sh NAME 6.Nm src.conf 7.Nd "source build options" 8.Sh DESCRIPTION 9The 10.Nm 11file contains variables that control what components will be generated during 12the build process of the 13.Fx 14source tree; see 15.Xr build 7 . 16.Pp 17The 18.Nm 19file uses the standard makefile syntax. 20However, 21.Nm 22should not specify any dependencies to 23.Xr make 1 . 24Instead, 25.Nm 26is to set 27.Xr make 1 28variables that control the aspects of how the system builds. 29.Pp 30The default location of 31.Nm 32is 33.Pa /etc/src.conf , 34though an alternative location can be specified in the 35.Xr make 1 36variable 37.Va SRCCONF . 38Overriding the location of 39.Nm 40may be necessary if the system-wide settings are not suitable 41for a particular build. 42For instance, setting 43.Va SRCCONF 44to 45.Pa /dev/null 46effectively resets all build controls to their defaults. 47.Pp 48The only purpose of 49.Nm 50is to control the compilation of the 51.Fx 52source code, which is usually located in 53.Pa /usr/src . 54As a rule, the system administrator creates 55.Nm 56when the values of certain control variables need to be changed 57from their defaults. 58.Pp 59In addition, control variables can be specified 60for a particular build via the 61.Fl D 62option of 63.Xr make 1 64or in its environment; see 65.Xr environ 7 . 66.Pp 67The environment of 68.Xr make 1 69for the build can be controlled via the 70.Va SRC_ENV_CONF 71variable, which defaults to 72.Pa /etc/src-env.conf . 73Some examples that may only be set in this file are 74.Va WITH_DIRDEPS_BUILD , 75and 76.Va WITH_META_MODE , 77and 78.Va MAKEOBJDIRPREFIX 79as they are environment-only variables. 80.Pp 81The values of 82.Va WITH_ 83and 84.Va WITHOUT_ 85variables are ignored regardless of their setting; 86even if they would be set to 87.Dq Li FALSE 88or 89.Dq Li NO . 90The presence of an option causes 91it to be honored by 92.Xr make 1 . 93.Pp 94This list provides a name and short description for variables 95that can be used for source builds. 96.Bl -tag -width indent 97.It Va WITHOUT_ACCT 98Do not build process accounting tools such as 99.Xr accton 8 100and 101.Xr sa 8 . 102.It Va WITHOUT_ACPI 103Do not build 104.Xr acpiconf 8 , 105.Xr acpidump 8 106and related programs. 107.It Va WITHOUT_APM 108Do not build 109.Xr apm 8 , 110.Xr apmd 8 111and related programs. 112.It Va WITH_ASAN 113Build the base system with Address Sanitizer (ASan) to detect 114memory corruption bugs such as buffer overflows or use-after-free. 115Requires that Clang be used as the base system compiler 116and that the runtime support library is available. 117When set, it enforces these options: 118.Pp 119.Bl -item -compact 120.It 121.Va WITH_LLVM_BINUTILS 122.It 123.Va WITH_LLVM_CXXFILT 124.El 125.It Va WITHOUT_ASSERT_DEBUG 126Compile programs and libraries without the 127.Xr assert 3 128checks. 129.It Va WITHOUT_AT 130Do not build 131.Xr at 1 132and related utilities. 133.It Va WITHOUT_AUDIT 134Do not build audit support into system programs. 135.It Va WITHOUT_AUTHPF 136Do not build 137.Xr authpf 8 . 138.It Va WITHOUT_AUTOFS 139Do not build 140.Xr autofs 4 141related programs, libraries, and kernel modules. 142.It Va WITHOUT_AUTO_OBJ 143Disable automatic creation of objdirs. 144This is enabled by default if the wanted OBJDIR is writable by the current user. 145.Pp 146This must be set in the environment, make command line, or 147.Pa /etc/src-env.conf , 148not 149.Pa /etc/src.conf . 150.It Va WITH_BEARSSL 151Build the BearSSL library. 152.Pp 153BearSSL is a tiny SSL library suitable for embedded environments. 154For details see 155.Lk https://www.BearSSL.org/ 156.Pp 157This library is currently only used to perform 158signature verification and related operations 159for Verified Exec and 160.Xr loader 8 . 161.Pp 162Due to size constraints in the BIOS environment on x86, one may need to set 163.Va LOADERSIZE 164larger than the 165default 500000, although often loader is under the 500k limit even with 166this option. 167Setting 168.Va LOADERSIZE 169larger than 500000 may cause 170.Xr pxeboot 8 171to be too large to work. 172Careful testing of the loader in the target environment when built with a larger 173limit to establish safe limits is critical because different BIOS environments 174reserve differing amounts of the low 640k space, making a precise limit for 175everybody impossible. 176.Pp 177See also 178.Va WITH_LOADER_PXEBOOT 179for other considerations. 180When set, these options are also in effect: 181.Pp 182.Bl -inset -compact 183.It Va WITH_LOADER_EFI_SECUREBOOT 184(unless 185.Va WITHOUT_LOADER_EFI_SECUREBOOT 186is set explicitly) 187.It Va WITH_LOADER_VERIEXEC 188(unless 189.Va WITHOUT_LOADER_VERIEXEC 190is set explicitly) 191.It Va WITH_LOADER_VERIEXEC_VECTX 192(unless 193.Va WITHOUT_LOADER_VERIEXEC_VECTX 194is set explicitly) 195.It Va WITH_VERIEXEC 196(unless 197.Va WITHOUT_VERIEXEC 198is set explicitly) 199.El 200.It Va WITHOUT_BHYVE 201Do not build or install 202.Xr bhyve 8 , 203associated utilities, and examples. 204.Pp 205This option only affects amd64/amd64 and arm64/aarch64. 206.It Va WITH_BHYVE_SNAPSHOT 207Include support for save and restore (snapshots) in 208.Xr bhyve 8 209and 210.Xr bhyvectl 8 . 211.Pp 212This option only affects amd64/amd64. 213.It Va WITH_BIND_NOW 214Build all binaries with the 215.Dv DF_BIND_NOW 216flag set to indicate that the run-time loader should perform all relocation 217processing at process startup rather than on demand. 218The combination of the 219.Va BIND_NOW 220and 221.Va RELRO 222options provide "full" Relocation Read-Only (RELRO) support. 223With full RELRO the entire GOT is made read-only after performing relocation at 224startup, avoiding GOT overwrite attacks. 225.It Va WITHOUT_BLACKLIST 226Set this if you do not want to build 227.Xr blacklistd 8 228and 229.Xr blacklistctl 8 . 230When set, these options are also in effect: 231.Pp 232.Bl -inset -compact 233.It Va WITHOUT_BLACKLIST_SUPPORT 234(unless 235.Va WITH_BLACKLIST_SUPPORT 236is set explicitly) 237.El 238.It Va WITHOUT_BLACKLIST_SUPPORT 239Build some programs without 240.Xr libblacklist 3 241support, like 242.Xr fingerd 8 , 243.Xr ftpd 8 , 244and 245.Xr sshd 8 . 246.It Va WITHOUT_BLUETOOTH 247Do not build Bluetooth related kernel modules, programs and libraries. 248.It Va WITHOUT_BOOT 249Do not build the boot blocks and loader. 250.It Va WITHOUT_BOOTPARAMD 251Do not build or install 252.Xr bootparamd 8 . 253.It Va WITHOUT_BOOTPD 254Do not build or install 255.Xr bootpd 8 . 256.It Va WITH_BRANCH_PROTECTION 257Build with branch protection enabled. 258On arm64 enable the use of pointer authentication and 259branch target identification instructions on arm64. 260These can be used to help mitigate some exploit techniques. 261.It Va WITHOUT_BSDINSTALL 262Do not build 263.Xr bsdinstall 8 , 264.Xr sade 8 , 265and related programs. 266.It Va WITHOUT_BSD_CPIO 267Do not build the BSD licensed version of cpio based on 268.Xr libarchive 3 . 269.It Va WITHOUT_BSNMP 270Do not build or install 271.Xr bsnmpd 1 272and related libraries and data files. 273.It Va WITHOUT_BZIP2 274Do not build contributed bzip2 software as a part of the base system. 275.Bf -symbolic 276The option has no effect yet. 277.Ef 278When set, these options are also in effect: 279.Pp 280.Bl -inset -compact 281.It Va WITHOUT_BZIP2_SUPPORT 282(unless 283.Va WITH_BZIP2_SUPPORT 284is set explicitly) 285.El 286.It Va WITHOUT_BZIP2_SUPPORT 287Build some programs without optional bzip2 support. 288.It Va WITHOUT_CALENDAR 289Do not build 290.Xr calendar 1 . 291.It Va WITHOUT_CAROOT 292Do not add the trusted certificates from the Mozilla NSS bundle to 293base. 294.It Va WITHOUT_CASPER 295This option has no effect. 296.It Va WITH_CCACHE_BUILD 297Use 298.Xr ccache 1 299for the build. 300No configuration is required except to install the 301.Sy devel/ccache 302package. 303When using with 304.Xr distcc 1 , 305set 306.Sy CCACHE_PREFIX=/usr/local/bin/distcc . 307The default cache directory of 308.Pa $HOME/.ccache 309will be used, which can be overridden by setting 310.Sy CCACHE_DIR . 311The 312.Sy CCACHE_COMPILERCHECK 313option defaults to 314.Sy content 315when using the in-tree bootstrap compiler, 316and 317.Sy mtime 318when using an external compiler. 319The 320.Sy CCACHE_CPP2 321option is used for Clang but not GCC. 322.Pp 323Sharing a cache between multiple work directories requires using a layout 324similar to 325.Pa /some/prefix/src 326.Pa /some/prefix/obj 327and an environment such as: 328.Bd -literal -offset indent 329CCACHE_BASEDIR='${SRCTOP:H}' MAKEOBJDIRPREFIX='${SRCTOP:H}/obj' 330.Ed 331.Pp 332See 333.Xr ccache 1 334for more configuration options. 335.It Va WITHOUT_CCD 336Do not build 337.Xr geom_ccd 4 338and related utilities. 339.It Va WITHOUT_CDDL 340Do not build code licensed under Sun's CDDL. 341When set, it enforces these options: 342.Pp 343.Bl -item -compact 344.It 345.Va WITHOUT_CTF 346.It 347.Va WITHOUT_DTRACE 348.It 349.Va WITHOUT_LOADER_ZFS 350.It 351.Va WITHOUT_ZFS 352.It 353.Va WITHOUT_ZFS_TESTS 354.El 355.It Va WITHOUT_CLANG 356Do not build the Clang C/C++ compiler during the regular phase of the build. 357When set, it enforces these options: 358.Pp 359.Bl -item -compact 360.It 361.Va WITHOUT_CLANG_EXTRAS 362.It 363.Va WITHOUT_CLANG_FORMAT 364.It 365.Va WITHOUT_CLANG_FULL 366.It 367.Va WITHOUT_LLVM_COV 368.El 369.Pp 370When set, these options are also in effect: 371.Pp 372.Bl -inset -compact 373.It Va WITHOUT_LLVM_TARGET_AARCH64 374(unless 375.Va WITH_LLVM_TARGET_AARCH64 376is set explicitly) 377.It Va WITHOUT_LLVM_TARGET_ALL 378(unless 379.Va WITH_LLVM_TARGET_ALL 380is set explicitly) 381.It Va WITHOUT_LLVM_TARGET_ARM 382(unless 383.Va WITH_LLVM_TARGET_ARM 384is set explicitly) 385.It Va WITHOUT_LLVM_TARGET_POWERPC 386(unless 387.Va WITH_LLVM_TARGET_POWERPC 388is set explicitly) 389.It Va WITHOUT_LLVM_TARGET_RISCV 390(unless 391.Va WITH_LLVM_TARGET_RISCV 392is set explicitly) 393.El 394.It Va WITHOUT_CLANG_BOOTSTRAP 395Do not build the Clang C/C++ compiler during the bootstrap phase of 396the build. 397To be able to build the system, either gcc or clang bootstrap must be 398enabled unless an alternate compiler is provided via XCC. 399.It Va WITH_CLANG_EXTRAS 400Build additional clang and llvm tools, such as bugpoint and 401clang-format. 402.It Va WITH_CLANG_FORMAT 403Build clang-format. 404.It Va WITHOUT_CLANG_FULL 405Avoid building the ARCMigrate, Rewriter and StaticAnalyzer components of 406the Clang C/C++ compiler. 407.It Va WITH_CLEAN 408Clean before building world and/or kernel. 409.It Va WITHOUT_CPP 410Do not build 411.Xr cpp 1 . 412.It Va WITHOUT_CROSS_COMPILER 413Do not build any cross compiler in the cross-tools stage of buildworld. 414When compiling a different version of 415.Fx 416than what is installed on the system, provide an alternate 417compiler with XCC to ensure success. 418When compiling with an identical version of 419.Fx 420to the host, this option may be safely used. 421This option may also be safe when the host version of 422.Fx 423is close to the sources being built, but all bets are off if there have 424been any changes to the toolchain between the versions. 425When set, it enforces these options: 426.Pp 427.Bl -item -compact 428.It 429.Va WITHOUT_CLANG_BOOTSTRAP 430.It 431.Va WITHOUT_ELFTOOLCHAIN_BOOTSTRAP 432.It 433.Va WITHOUT_LLD_BOOTSTRAP 434.El 435.It Va WITHOUT_CRYPT 436Do not build any crypto code. 437When set, it enforces these options: 438.Pp 439.Bl -item -compact 440.It 441.Va WITHOUT_DMAGENT 442.It 443.Va WITHOUT_KERBEROS 444.It 445.Va WITHOUT_KERBEROS_SUPPORT 446.It 447.Va WITHOUT_LDNS 448.It 449.Va WITHOUT_LDNS_UTILS 450.It 451.Va WITHOUT_LOADER_ZFS 452.It 453.Va WITHOUT_OPENSSH 454.It 455.Va WITHOUT_OPENSSL 456.It 457.Va WITHOUT_OPENSSL_KTLS 458.It 459.Va WITHOUT_PKGBOOTSTRAP 460.It 461.Va WITHOUT_UNBOUND 462.It 463.Va WITHOUT_ZFS 464.It 465.Va WITHOUT_ZFS_TESTS 466.El 467.Pp 468When set, these options are also in effect: 469.Pp 470.Bl -inset -compact 471.It Va WITHOUT_GSSAPI 472(unless 473.Va WITH_GSSAPI 474is set explicitly) 475.El 476.It Va WITH_CTF 477Compile with CTF (Compact C Type Format) data. 478CTF data encapsulates a reduced form of debugging information 479similar to DWARF and the venerable stabs and is required for DTrace. 480.It Va WITHOUT_CUSE 481Do not build CUSE-related programs and libraries. 482.It Va WITHOUT_CXGBETOOL 483Do not build 484.Xr cxgbetool 8 485.Pp 486This is a default setting on 487arm/armv7, powerpc/powerpc and riscv/riscv64. 488.It Va WITH_CXGBETOOL 489Build 490.Xr cxgbetool 8 491.Pp 492This is a default setting on 493amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. 494.It Va WITHOUT_DEBUG_FILES 495Avoid building or installing standalone debug files for each 496executable binary and shared library. 497.It Va WITH_DETECT_TZ_CHANGES 498Make the time handling code detect changes to the timezone files. 499.It Va WITH_DIALOG 500Do build 501.Xr dialog 1 , 502.Xr dialog 3 , 503.Xr dpv 1 , 504and 505.Xr dpv 3 . 506.It Va WITHOUT_DICT 507Do not build the Webster dictionary files. 508.It Va WITH_DIRDEPS_BUILD 509This is an alternate build system. 510For details see 511https://www.crufty.net/sjg/docs/freebsd-meta-mode.htm. 512Build commands can be seen from the top-level with: 513.Dl make show-valid-targets 514The build is driven by dirdeps.mk using 515.Va DIRDEPS 516stored in 517Makefile.depend files found in each directory. 518.Pp 519The build can be started from anywhere, and behaves the same. 520The initial instance of 521.Xr make 1 522recursively reads 523.Va DIRDEPS 524from 525.Pa Makefile.depend , 526computing a graph of tree dependencies from the current origin. 527Setting 528.Va NO_DIRDEPS 529skips checking dirdep dependencies and will only build in the current 530and child directories. 531.Va NO_DIRDEPS_BELOW 532skips building any dirdeps and only build the current directory. 533.Pp 534This also utilizes the 535.Va WITH_META_MODE 536logic for incremental builds. 537.Pp 538The build hides commands executed unless 539.Va NO_SILENT 540is defined. 541.Pp 542Note that there is currently no mass install feature for this. 543This build is designed for producing packages, that can then be installed 544on a target system. 545.Pp 546The implementation in 547.Fx 548is incomplete. 549Completion would require leaf directories for building each kernel 550and package so that their dependencies can be tracked. 551When set, it enforces these options: 552.Pp 553.Bl -item -compact 554.It 555.Va WITH_INSTALL_AS_USER 556.El 557.Pp 558When set, these options are also in effect: 559.Pp 560.Bl -inset -compact 561.It Va WITH_META_ERROR_TARGET 562(unless 563.Va WITHOUT_META_ERROR_TARGET 564is set explicitly) 565.It Va WITH_META_MODE 566(unless 567.Va WITHOUT_META_MODE 568is set explicitly) 569.It Va WITH_STAGING 570(unless 571.Va WITHOUT_STAGING 572is set explicitly) 573.It Va WITH_STAGING_MAN 574(unless 575.Va WITHOUT_STAGING_MAN 576is set explicitly) 577.It Va WITH_STAGING_PROG 578(unless 579.Va WITHOUT_STAGING_PROG 580is set explicitly) 581.It Va WITH_SYSROOT 582(unless 583.Va WITHOUT_SYSROOT 584is set explicitly) 585.El 586.Pp 587This must be set in the environment, make command line, or 588.Pa /etc/src-env.conf , 589not 590.Pa /etc/src.conf . 591.It Va WITH_DIRDEPS_CACHE 592Cache result of dirdeps.mk which can save significant time 593for subsequent builds. 594Depends on 595.Va WITH_DIRDEPS_BUILD . 596.Pp 597This must be set in the environment, make command line, or 598.Pa /etc/src-env.conf , 599not 600.Pa /etc/src.conf . 601.It Va WITH_DISK_IMAGE_TOOLS_BOOTSTRAP 602Build 603.Xr etdump 1 , 604.Xr makefs 8 605and 606.Xr mkimg 1 607as bootstrap tools. 608.It Va WITHOUT_DMAGENT 609Do not build dma Mail Transport Agent. 610.It Va WITHOUT_DOCCOMPRESS 611Do not install compressed system documentation. 612Only the uncompressed version will be installed. 613.It Va WITHOUT_DTRACE 614Do not build DTrace framework kernel modules, libraries, and user commands. 615When set, it enforces these options: 616.Pp 617.Bl -item -compact 618.It 619.Va WITHOUT_CTF 620.El 621.It Va WITH_DTRACE_ASAN 622Compile userspace DTrace code (libdtrace, dtrace(1), lockstat(1), plockstat(1)) 623with address and undefined behavior sanitizers. 624Requires that Clang be used as the base system compiler 625and that the runtime support library is available. 626.It Va WITH_DTRACE_TESTS 627Build and install the DTrace test suite in 628.Pa /usr/tests/cddl/usr.sbin/dtrace . 629This test suite is considered experimental on architectures other than 630amd64/amd64 and running it may cause system instability. 631.It Va WITHOUT_DYNAMICROOT 632Set this if you do not want to link 633.Pa /bin 634and 635.Pa /sbin 636dynamically. 637.It Va WITHOUT_EE 638Do not build and install 639.Xr edit 1 , 640.Xr ee 1 , 641and related programs. 642.It Va WITHOUT_EFI 643Set not to build 644.Xr efivar 3 645and 646.Xr efivar 8 . 647.Pp 648This is a default setting on 649i386/i386, powerpc/powerpc, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 650.It Va WITH_EFI 651Build 652.Xr efivar 3 653and 654.Xr efivar 8 . 655.Pp 656This is a default setting on 657amd64/amd64, arm/armv7 and arm64/aarch64. 658.It Va WITHOUT_ELFTOOLCHAIN_BOOTSTRAP 659Do not build ELF Tool Chain tools 660(addr2line, nm, size, strings and strip) 661as part of the bootstrap process. 662.Bf -symbolic 663An alternate bootstrap tool chain must be provided. 664.Ef 665.It Va WITHOUT_EXAMPLES 666Avoid installing examples to 667.Pa /usr/share/examples/ . 668.It Va WITH_EXPERIMENTAL 669Include experimental features in the build. 670.It Va WITHOUT_FDT 671Do not build Flattened Device Tree support as part of the base system. 672This includes the device tree compiler (dtc) and libfdt support library. 673.Pp 674This is a default setting on 675amd64/amd64 and i386/i386. 676.It Va WITH_FDT 677Build Flattened Device Tree support as part of the base system. 678This includes the device tree compiler (dtc) and libfdt support library. 679.Pp 680This is a default setting on 681arm/armv7, arm64/aarch64, powerpc/powerpc, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 682.It Va WITHOUT_FILE 683Do not build 684.Xr file 1 685and related programs. 686.It Va WITHOUT_FINGER 687Do not build or install 688.Xr finger 1 689and 690.Xr fingerd 8 . 691.It Va WITHOUT_FLOPPY 692Do not build or install programs 693for operating floppy disk driver. 694.It Va WITHOUT_FORMAT_EXTENSIONS 695Do not enable 696.Fl fformat-extensions 697when compiling the kernel. 698Also disables all format checking. 699.It Va WITHOUT_FORTH 700Build bootloaders without Forth support. 701.It Va WITHOUT_FP_LIBC 702Build 703.Nm libc 704without floating-point support. 705.It Va WITHOUT_FREEBSD_UPDATE 706Do not build 707.Xr freebsd-update 8 . 708.It Va WITHOUT_FTP 709Do not build or install 710.Xr ftp 1 711and 712.Xr ftpd 8 . 713.It Va WITHOUT_GAMES 714Do not build games. 715.It Va WITHOUT_GH_BC 716Install the traditional FreeBSD 717.Xr bc 1 718and 719.Xr dc 1 720programs instead of the enhanced versions. 721.It Va WITHOUT_GNU_DIFF 722Do not build GNU 723.Xr diff3 1 ; 724build BSD 725.Xr diff3 1 726instead. 727.It Va WITHOUT_GOOGLETEST 728Neither build nor install 729.Lb libgmock , 730.Lb libgtest , 731and dependent tests. 732.It Va WITHOUT_GPIO 733Do not build 734.Xr gpioctl 8 735as part of the base system. 736.It Va WITHOUT_GSSAPI 737Do not build libgssapi. 738.It Va WITHOUT_HAST 739Do not build 740.Xr hastd 8 741and related utilities. 742.It Va WITH_HESIOD 743Build Hesiod support. 744.It Va WITHOUT_HTML 745Do not build HTML docs. 746.It Va WITHOUT_HYPERV 747Do not build or install HyperV utilities. 748.Pp 749This is a default setting on 750arm/armv7, powerpc/powerpc, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 751.It Va WITH_HYPERV 752Build or install HyperV utilities. 753.Pp 754This is a default setting on 755amd64/amd64, arm64/aarch64 and i386/i386. 756.It Va WITHOUT_ICONV 757Do not build iconv as part of libc. 758.It Va WITHOUT_INCLUDES 759Do not install header files. 760This option used to be spelled 761.Va NO_INCS . 762.Bf -symbolic 763The option does not work for build targets. 764.Ef 765.It Va WITHOUT_INET 766Do not build programs and libraries related to IPv4 networking. 767When set, it enforces these options: 768.Pp 769.Bl -item -compact 770.It 771.Va WITHOUT_INET_SUPPORT 772.El 773.It Va WITHOUT_INET6 774Do not build 775programs and libraries related to IPv6 networking. 776When set, it enforces these options: 777.Pp 778.Bl -item -compact 779.It 780.Va WITHOUT_INET6_SUPPORT 781.El 782.It Va WITHOUT_INET6_SUPPORT 783Build libraries, programs, and kernel modules without IPv6 support. 784.It Va WITHOUT_INETD 785Do not build 786.Xr inetd 8 . 787.It Va WITHOUT_INET_SUPPORT 788Build libraries, programs, and kernel modules without IPv4 support. 789.It Va WITHOUT_INSTALLLIB 790Set this to not install optional libraries. 791For example, when creating a 792.Xr nanobsd 8 793image. 794.Bf -symbolic 795The option does not work for build targets. 796.Ef 797.It Va WITH_INSTALL_AS_USER 798Make install targets succeed for non-root users by installing 799files with owner and group attributes set to that of the user running 800the 801.Xr make 1 802command. 803The user still must set the 804.Va DESTDIR 805variable to point to a directory where the user has write permissions. 806.It Va WITHOUT_IPFILTER 807Do not build IP Filter package. 808.It Va WITHOUT_IPFW 809Do not build IPFW tools. 810.It Va WITHOUT_IPSEC_SUPPORT 811Do not build the kernel with 812.Xr ipsec 4 813support. 814This option is needed for 815.Xr ipsec 4 816and 817.Xr tcpmd5 4 . 818.It Va WITHOUT_ISCSI 819Do not build 820.Xr iscsid 8 821and related utilities. 822.It Va WITHOUT_JAIL 823Do not build tools for the support of jails; e.g., 824.Xr jail 8 . 825.It Va WITHOUT_JEMALLOC_LG_VADDR_WIDE 826Disallow programs to use more than 48 address bits on amd64. 827Incompatible with LA57 mode. 828Enabling this option might result in a slight reduction in memory 829consumption for jemalloc metadata, but also requires disabling LA57 830(if hardware supports it). 831.It Va WITHOUT_KDUMP 832Do not build 833.Xr kdump 1 834and 835.Xr truss 1 . 836.It Va WITHOUT_KERBEROS 837Set this to not build Kerberos 5 (KTH Heimdal). 838When set, these options are also in effect: 839.Pp 840.Bl -inset -compact 841.It Va WITHOUT_GSSAPI 842(unless 843.Va WITH_GSSAPI 844is set explicitly) 845.It Va WITHOUT_KERBEROS_SUPPORT 846(unless 847.Va WITH_KERBEROS_SUPPORT 848is set explicitly) 849.El 850.It Va WITHOUT_KERBEROS_SUPPORT 851Build some programs without Kerberos support, like 852.Xr ssh 1 , 853.Xr telnet 1 , 854and 855.Xr sshd 8 . 856.It Va WITH_KERNEL_BIN 857Generate and install kernel.bin from kernel as part of the normal build and 858install processes for the kernel. Available only on arm and arm64. 859 860Usually this will be added to the kernel config file with: 861 862makeoptions WITH_KERNEL_BIN=1 863 864though it can also be used on the command line. 865.It Va WITH_KERNEL_RETPOLINE 866Enable the "retpoline" mitigation for CVE-2017-5715 in the kernel 867build. 868.It Va WITHOUT_KERNEL_SYMBOLS 869Do not install standalone kernel debug symbol files. 870This option has no effect at build time. 871.It Va WITHOUT_KVM 872Do not build the 873.Nm libkvm 874library as a part of the base system. 875.Bf -symbolic 876The option has no effect yet. 877.Ef 878When set, these options are also in effect: 879.Pp 880.Bl -inset -compact 881.It Va WITHOUT_KVM_SUPPORT 882(unless 883.Va WITH_KVM_SUPPORT 884is set explicitly) 885.El 886.It Va WITHOUT_KVM_SUPPORT 887Build some programs without optional 888.Nm libkvm 889support. 890.It Va WITHOUT_LDNS 891Setting this variable will prevent the LDNS library from being built. 892When set, it enforces these options: 893.Pp 894.Bl -item -compact 895.It 896.Va WITHOUT_LDNS_UTILS 897.It 898.Va WITHOUT_UNBOUND 899.El 900.It Va WITHOUT_LDNS_UTILS 901Setting this variable will prevent building the LDNS utilities 902.Xr drill 1 903and 904.Xr host 1 . 905.It Va WITHOUT_LEGACY_CONSOLE 906Do not build programs that support a legacy PC console; e.g., 907.Xr kbdcontrol 1 908and 909.Xr vidcontrol 1 . 910.It Va WITHOUT_LIB32 911On 64-bit platforms, do not build 32-bit library set and a 912.Nm ld-elf32.so.1 913runtime linker. 914.Pp 915This is a default setting on 916arm/armv7, i386/i386, powerpc/powerpc, powerpc/powerpc64le and riscv/riscv64. 917.It Va WITH_LIB32 918On 64-bit platforms, build the 32-bit library set and a 919.Nm ld-elf32.so.1 920runtime linker. 921.Pp 922This is a default setting on 923amd64/amd64, arm64/aarch64 and powerpc/powerpc64. 924.It Va WITHOUT_LLD 925Do not build LLVM's lld linker. 926.It Va WITHOUT_LLDB 927Do not build the LLDB debugger. 928.Pp 929This is a default setting on 930arm/armv7 and riscv/riscv64. 931.It Va WITH_LLDB 932Build the LLDB debugger. 933.Pp 934This is a default setting on 935amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpc64le. 936.It Va WITHOUT_LLD_BOOTSTRAP 937Do not build the LLD linker during the bootstrap phase of 938the build. 939To be able to build the system an alternate linker must be provided via XLD. 940.It Va WITHOUT_LLVM_ASSERTIONS 941Disable debugging assertions in LLVM. 942.It Va WITH_LLVM_BINUTILS 943Install LLVM's binutils (without an llvm- prefix), 944instead of ELF Tool Chain's tools. 945This includes 946.Xr addr2line 1 , 947.Xr ar 1 , 948.Xr nm 1 , 949.Xr objcopy 1 , 950.Xr ranlib 1 , 951.Xr readelf 1 , 952.Xr size 1 , 953and 954.Xr strip 1 . 955Regardless of this setting, LLVM tools are used for 956.Xr c++filt 1 957and 958.Xr objdump 1 . 959.Xr strings 1 960is always provided by ELF Tool Chain. 961.It Va WITHOUT_LLVM_COV 962Do not build the 963.Xr llvm-cov 1 964tool. 965.It Va WITHOUT_LLVM_CXXFILT 966Install ELF Tool Chain's cxxfilt as c++filt, instead of LLVM's llvm-cxxfilt. 967.It Va WITH_LLVM_FULL_DEBUGINFO 968Generate full debug information for LLVM libraries and tools, which uses 969more disk space and build resources, but allows for easier debugging. 970.It Va WITHOUT_LLVM_TARGET_AARCH64 971Do not build LLVM target support for AArch64. 972The 973.Va LLVM_TARGET_ALL 974option should be used rather than this in most cases. 975.It Va WITHOUT_LLVM_TARGET_ALL 976Only build the required LLVM target support. 977This option is preferred to specific target support options. 978When set, these options are also in effect: 979.Pp 980.Bl -inset -compact 981.It Va WITHOUT_LLVM_TARGET_AARCH64 982(unless 983.Va WITH_LLVM_TARGET_AARCH64 984is set explicitly) 985.It Va WITHOUT_LLVM_TARGET_ARM 986(unless 987.Va WITH_LLVM_TARGET_ARM 988is set explicitly) 989.It Va WITHOUT_LLVM_TARGET_POWERPC 990(unless 991.Va WITH_LLVM_TARGET_POWERPC 992is set explicitly) 993.It Va WITHOUT_LLVM_TARGET_RISCV 994(unless 995.Va WITH_LLVM_TARGET_RISCV 996is set explicitly) 997.El 998.It Va WITHOUT_LLVM_TARGET_ARM 999Do not build LLVM target support for ARM. 1000The 1001.Va LLVM_TARGET_ALL 1002option should be used rather than this in most cases. 1003.It Va WITH_LLVM_TARGET_BPF 1004Build LLVM target support for BPF. 1005The 1006.Va LLVM_TARGET_ALL 1007option should be used rather than this in most cases. 1008.It Va WITH_LLVM_TARGET_MIPS 1009Build LLVM target support for MIPS. 1010The 1011.Va LLVM_TARGET_ALL 1012option should be used rather than this in most cases. 1013.It Va WITHOUT_LLVM_TARGET_POWERPC 1014Do not build LLVM target support for PowerPC. 1015The 1016.Va LLVM_TARGET_ALL 1017option should be used rather than this in most cases. 1018.It Va WITHOUT_LLVM_TARGET_RISCV 1019Do not build LLVM target support for RISC-V. 1020The 1021.Va LLVM_TARGET_ALL 1022option should be used rather than this in most cases. 1023.It Va WITHOUT_LLVM_TARGET_X86 1024Do not build LLVM target support for X86. 1025The 1026.Va LLVM_TARGET_ALL 1027option should be used rather than this in most cases. 1028.It Va WITHOUT_LOADER_BIOS_TEXTONLY 1029Include graphics, font and video mode support in the i386 and amd64 BIOS 1030boot loader. 1031.It Va WITH_LOADER_EFI_SECUREBOOT 1032Enable building 1033.Xr loader 8 1034with support for verification based on certificates obtained from UEFI. 1035.It Va WITHOUT_LOADER_GELI 1036Disable inclusion of GELI crypto support in the boot chain binaries. 1037.Pp 1038This is a default setting on 1039powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpc64le. 1040.It Va WITH_LOADER_GELI 1041Build GELI bootloader support. 1042.Pp 1043This is a default setting on 1044amd64/amd64, arm/armv7, arm64/aarch64, i386/i386 and riscv/riscv64. 1045.It Va WITHOUT_LOADER_IA32 1046Do not build the 32-bit UEFI loader. 1047.Pp 1048This is a default setting on 1049arm/armv7, arm64/aarch64, i386/i386, powerpc/powerpc, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 1050.It Va WITH_LOADER_IA32 1051Build the 32-bit UEFI loader. 1052.Pp 1053This is a default setting on 1054amd64/amd64. 1055.It Va WITHOUT_LOADER_KBOOT 1056Do not build kboot, a linuxboot environment loader 1057.Pp 1058This is a default setting on 1059arm/armv7, i386/i386, powerpc/powerpc, powerpc/powerpc64le and riscv/riscv64. 1060.It Va WITH_LOADER_KBOOT 1061Build kboot, a linuxboot environment loader 1062.Pp 1063This is a default setting on 1064amd64/amd64, arm64/aarch64 and powerpc/powerpc64. 1065.It Va WITHOUT_LOADER_LUA 1066Do not build LUA bindings for the boot loader. 1067.Pp 1068This is a default setting on 1069powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpc64le. 1070.It Va WITH_LOADER_LUA 1071Build LUA bindings for the boot loader. 1072.Pp 1073This is a default setting on 1074amd64/amd64, arm/armv7, arm64/aarch64, i386/i386 and riscv/riscv64. 1075.It Va WITHOUT_LOADER_OFW 1076Disable building of openfirmware bootloader components. 1077.Pp 1078This is a default setting on 1079amd64/amd64, arm/armv7, arm64/aarch64, i386/i386 and riscv/riscv64. 1080.It Va WITH_LOADER_OFW 1081Build openfirmware bootloader components. 1082.Pp 1083This is a default setting on 1084powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpc64le. 1085.It Va WITHOUT_LOADER_PXEBOOT 1086Do not build pxeboot on i386/amd64. 1087When the pxeboot is too large, or unneeded, it may be disabled with this option. 1088See 1089.Va WITH_LOADER_PXEBOOT 1090for how to adjust the defaults when you need both a larger 1091.Pa /boot/loader 1092and 1093.Pa /boot/pxeboot 1094.Pp 1095This option only has an effect on x86. 1096.It Va WITHOUT_LOADER_UBOOT 1097Disable building of ubldr. 1098.Pp 1099This is a default setting on 1100amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64le and riscv/riscv64. 1101.It Va WITH_LOADER_UBOOT 1102Build ubldr. 1103.Pp 1104This is a default setting on 1105arm/armv7, powerpc/powerpc and powerpc/powerpc64. 1106.It Va WITH_LOADER_VERBOSE 1107Build with extra verbose debugging in the loader. 1108May explode already nearly too large loader over the limit. 1109Use with care. 1110.It Va WITH_LOADER_VERIEXEC 1111Enable building 1112.Xr loader 8 1113with support for verification similar to Verified Exec. 1114.Pp 1115Depends on 1116.Va WITH_BEARSSL . 1117May require a larger 1118.Va LOADERSIZE . 1119When set, these options are also in effect: 1120.Pp 1121.Bl -inset -compact 1122.It Va WITH_LOADER_EFI_SECUREBOOT 1123(unless 1124.Va WITHOUT_LOADER_EFI_SECUREBOOT 1125is set explicitly) 1126.It Va WITH_LOADER_VERIEXEC_VECTX 1127(unless 1128.Va WITHOUT_LOADER_VERIEXEC_VECTX 1129is set explicitly) 1130.El 1131.It Va WITH_LOADER_VERIEXEC_PASS_MANIFEST 1132Enable building 1133.Xr loader 8 1134with support to pass a verified manifest to the kernel. 1135The kernel has to be built with a module to parse the manifest. 1136.Pp 1137Depends on 1138.Va WITH_LOADER_VERIEXEC . 1139.It Va WITH_LOADER_VERIEXEC_VECTX 1140Enable building 1141.Xr loader 8 1142with support for hashing and verifying kernel and modules as a side effect 1143of loading. 1144.Pp 1145Depends on 1146.Va WITH_LOADER_VERIEXEC . 1147.It Va WITHOUT_LOADER_ZFS 1148Do not build ZFS file system boot loader support. 1149.It Va WITHOUT_LOCALES 1150Do not build localization files; see 1151.Xr locale 1 . 1152.It Va WITHOUT_LOCATE 1153Do not build 1154.Xr locate 1 1155and related programs. 1156.It Va WITHOUT_LPR 1157Do not build 1158.Xr lpr 1 1159and related programs. 1160.It Va WITHOUT_LS_COLORS 1161Build 1162.Xr ls 1 1163without support for colors to distinguish file types. 1164.It Va WITHOUT_MACHDEP_OPTIMIZATIONS 1165Prefer machine-independent non-assembler code in libc and libm. 1166.It Va WITHOUT_MAIL 1167Do not build any mail support (MUA or MTA). 1168When set, it enforces these options: 1169.Pp 1170.Bl -item -compact 1171.It 1172.Va WITHOUT_DMAGENT 1173.It 1174.Va WITHOUT_MAILWRAPPER 1175.It 1176.Va WITHOUT_SENDMAIL 1177.El 1178.It Va WITHOUT_MAILWRAPPER 1179Do not build the 1180.Xr mailwrapper 8 1181MTA selector. 1182.It Va WITHOUT_MAKE 1183Do not install 1184.Xr make 1 1185and related support files. 1186.It Va WITHOUT_MAKE_CHECK_USE_SANDBOX 1187Do not execute 1188.Dq Li "make check" 1189in limited sandbox mode. 1190This option should be paired with 1191.Va WITH_INSTALL_AS_USER 1192if executed as an unprivileged user. 1193See 1194.Xr tests 7 1195for more details. 1196.It Va WITH_MALLOC_PRODUCTION 1197Disable assertions and statistics gathering in 1198.Xr malloc 3 . 1199It also defaults the A and J runtime options to off. 1200.It Va WITHOUT_MAN 1201Do not build manual pages. 1202When set, these options are also in effect: 1203.Pp 1204.Bl -inset -compact 1205.It Va WITHOUT_MAN_UTILS 1206(unless 1207.Va WITH_MAN_UTILS 1208is set explicitly) 1209.El 1210.It Va WITHOUT_MANCOMPRESS 1211Do not install compressed man pages. 1212Only the uncompressed versions will be installed. 1213.It Va WITHOUT_MANSPLITPKG 1214Do not split man pages into their own packages during make package. 1215.It Va WITHOUT_MAN_UTILS 1216Do not build utilities for manual pages, 1217.Xr apropos 1 , 1218.Xr makewhatis 1 , 1219.Xr man 1 , 1220.Xr whatis 1 , 1221.Xr manctl 8 , 1222and related support files. 1223.It Va WITH_META_ERROR_TARGET 1224Enable the META_MODE .ERROR target. 1225.Pp 1226This target will copy the meta file of a failed target 1227to 1228.Va ERROR_LOGDIR 1229(default is 1230.Ql ${SRCTOP:H}/error ) 1231to help with failure analysis. 1232Depends on 1233.Va WITH_META_MODE . 1234This default when 1235.Va WITH_DIRDEPS_BUILD 1236is set. 1237.Pp 1238This must be set in the environment, make command line, or 1239.Pa /etc/src-env.conf , 1240not 1241.Pa /etc/src.conf . 1242.It Va WITH_META_MODE 1243Create 1244.Xr make 1 1245meta files when building, which can provide a reliable incremental build when 1246using 1247.Xr filemon 4 . 1248The meta file is created in OBJDIR as 1249.Pa target.meta . 1250These meta files track the command that was executed, its output, and the 1251current directory. 1252The 1253.Xr filemon 4 1254module is required unless 1255.Va NO_FILEMON 1256is defined. 1257When the module is loaded, any files used by the commands executed are 1258tracked as dependencies for the target in its meta file. 1259The target is considered out-of-date and rebuilt if any of these 1260conditions are true compared to the last build: 1261.Bl -bullet -compact 1262.It 1263The command to execute changes. 1264.It 1265The current working directory changes. 1266.It 1267The target's meta file is missing. 1268.It 1269The target's meta file is missing filemon data when filemon is loaded 1270and a previous run did not have it loaded. 1271.It 1272[requires 1273.Xr filemon 4 ] 1274Files read, executed or linked to are newer than the target. 1275.It 1276[requires 1277.Xr filemon 4 ] 1278Files read, written, executed or linked are missing. 1279.El 1280The meta files can also be useful for debugging. 1281.Pp 1282The build hides commands that are executed unless 1283.Va NO_SILENT 1284is defined. 1285Errors cause 1286.Xr make 1 1287to show some of its environment for further debugging. 1288.Pp 1289The build operates as it normally would otherwise. 1290This option originally invoked a different build system but that was renamed 1291to 1292.Va WITH_DIRDEPS_BUILD . 1293.Pp 1294This must be set in the environment, make command line, or 1295.Pa /etc/src-env.conf , 1296not 1297.Pa /etc/src.conf . 1298.It Va WITHOUT_MLX5TOOL 1299Do not build 1300.Xr mlx5tool 8 1301.Pp 1302This is a default setting on 1303arm/armv7, powerpc/powerpc and riscv/riscv64. 1304.It Va WITH_MLX5TOOL 1305Build 1306.Xr mlx5tool 8 1307.Pp 1308This is a default setting on 1309amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. 1310.It Va WITHOUT_NETCAT 1311Do not build 1312.Xr nc 1 1313utility. 1314.It Va WITHOUT_NETGRAPH 1315Do not build applications to support 1316.Xr netgraph 4 . 1317When set, it enforces these options: 1318.Pp 1319.Bl -item -compact 1320.It 1321.Va WITHOUT_BLUETOOTH 1322.El 1323.Pp 1324When set, these options are also in effect: 1325.Pp 1326.Bl -inset -compact 1327.It Va WITHOUT_NETGRAPH_SUPPORT 1328(unless 1329.Va WITH_NETGRAPH_SUPPORT 1330is set explicitly) 1331.El 1332.It Va WITHOUT_NETGRAPH_SUPPORT 1333Build libraries, programs, and kernel modules without netgraph support. 1334.It Va WITHOUT_NETLINK 1335Do not build 1336.Xr genl 1 1337utility. 1338.It Va WITHOUT_NETLINK_SUPPORT 1339Make libraries and programs use rtsock and 1340.Xr sysctl 3 1341interfaces instead of 1342.Xr snl 3 . 1343.It Va WITHOUT_NIS 1344Do not build 1345.Xr NIS 8 1346support and related programs. 1347If set, you might need to adopt your 1348.Xr nsswitch.conf 5 1349and remove 1350.Sq nis 1351entries. 1352.It Va WITHOUT_NLS 1353Do not build NLS catalogs. 1354When set, it enforces these options: 1355.Pp 1356.Bl -item -compact 1357.It 1358.Va WITHOUT_NLS_CATALOGS 1359.El 1360.It Va WITHOUT_NLS_CATALOGS 1361Do not build NLS catalog support for 1362.Xr csh 1 . 1363.It Va WITHOUT_NS_CACHING 1364Disable name caching in the 1365.Pa nsswitch 1366subsystem. 1367The generic caching daemon, 1368.Xr nscd 8 , 1369will not be built either if this option is set. 1370.It Va WITHOUT_NTP 1371Do not build 1372.Xr ntpd 8 1373and related programs. 1374.It Va WITHOUT_NUAGEINIT 1375Do not install the limited cloud init support scripts. 1376.It Va WITHOUT_OFED 1377Do not build the 1378.Dq "OpenFabrics Enterprise Distribution" 1379InfiniBand software stack, including kernel modules and userspace libraries. 1380.Pp 1381This is a default setting on 1382arm/armv7. 1383When set, it enforces these options: 1384.Pp 1385.Bl -item -compact 1386.It 1387.Va WITHOUT_OFED_EXTRA 1388.El 1389.It Va WITH_OFED 1390Build the 1391.Dq "OpenFabrics Enterprise Distribution" 1392InfiniBand software stack, including kernel modules and userspace libraries. 1393.Pp 1394This is a default setting on 1395amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 1396.It Va WITH_OFED_EXTRA 1397Build the non-essential components of the 1398.Dq "OpenFabrics Enterprise Distribution" 1399Infiniband software stack, mostly examples. 1400.It Va WITH_OPENLDAP 1401Enable building LDAP support for kerberos using an openldap client from ports. 1402.It Va WITHOUT_OPENMP 1403Do not build LLVM's OpenMP runtime. 1404.Pp 1405This is a default setting on 1406arm/armv7 and powerpc/powerpc. 1407.It Va WITH_OPENMP 1408Build LLVM's OpenMP runtime. 1409.Pp 1410This is a default setting on 1411amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 1412.It Va WITHOUT_OPENSSH 1413Do not build OpenSSH. 1414.It Va WITHOUT_OPENSSL 1415Do not build OpenSSL. 1416When set, it enforces these options: 1417.Pp 1418.Bl -item -compact 1419.It 1420.Va WITHOUT_DMAGENT 1421.It 1422.Va WITHOUT_KERBEROS 1423.It 1424.Va WITHOUT_KERBEROS_SUPPORT 1425.It 1426.Va WITHOUT_LDNS 1427.It 1428.Va WITHOUT_LDNS_UTILS 1429.It 1430.Va WITHOUT_LOADER_ZFS 1431.It 1432.Va WITHOUT_OPENSSH 1433.It 1434.Va WITHOUT_OPENSSL_KTLS 1435.It 1436.Va WITHOUT_PKGBOOTSTRAP 1437.It 1438.Va WITHOUT_UNBOUND 1439.It 1440.Va WITHOUT_ZFS 1441.It 1442.Va WITHOUT_ZFS_TESTS 1443.El 1444.Pp 1445When set, these options are also in effect: 1446.Pp 1447.Bl -inset -compact 1448.It Va WITHOUT_GSSAPI 1449(unless 1450.Va WITH_GSSAPI 1451is set explicitly) 1452.El 1453.It Va WITHOUT_OPENSSL_KTLS 1454Do not include kernel TLS support in OpenSSL. 1455.Pp 1456This is a default setting on 1457arm/armv7, i386/i386, powerpc/powerpc and riscv/riscv64. 1458.It Va WITH_OPENSSL_KTLS 1459Include kernel TLS support in OpenSSL. 1460.Pp 1461This is a default setting on 1462amd64/amd64, arm64/aarch64, powerpc/powerpc64 and powerpc/powerpc64le. 1463.It Va WITHOUT_PAM 1464Do not build PAM library and modules. 1465.Bf -symbolic 1466This option is deprecated and does nothing. 1467.Ef 1468When set, these options are also in effect: 1469.Pp 1470.Bl -inset -compact 1471.It Va WITHOUT_PAM_SUPPORT 1472(unless 1473.Va WITH_PAM_SUPPORT 1474is set explicitly) 1475.El 1476.It Va WITHOUT_PAM_SUPPORT 1477Build some programs without PAM support, particularly 1478.Xr ftpd 8 1479and 1480.Xr ppp 8 . 1481.It Va WITHOUT_PF 1482Do not build PF firewall package. 1483When set, it enforces these options: 1484.Pp 1485.Bl -item -compact 1486.It 1487.Va WITHOUT_AUTHPF 1488.El 1489.It Va WITHOUT_PIE 1490Do not build dynamically linked binaries as 1491Position-Independent Executable (PIE). 1492.Pp 1493This is a default setting on 1494arm/armv7, i386/i386 and powerpc/powerpc. 1495.It Va WITH_PIE 1496Build dynamically linked binaries as 1497Position-Independent Executable (PIE). 1498.Pp 1499This is a default setting on 1500amd64/amd64, arm64/aarch64, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 1501.It Va WITHOUT_PKGBOOTSTRAP 1502Do not build 1503.Xr pkg 7 1504bootstrap tool. 1505.It Va WITHOUT_PMC 1506Do not build 1507.Xr pmccontrol 8 1508and related programs. 1509.It Va WITHOUT_PPP 1510Do not build 1511.Xr ppp 8 1512and related programs. 1513.It Va WITH_PROFILE 1514Build profiled libraries for use with 1515.Xr gprof 8 . 1516This option is deprecated and may not be present in a future version of 1517.Fx . 1518.It Va WITHOUT_PTHREADS_ASSERTIONS 1519Disable debugging assertions in pthreads library. 1520.It Va WITHOUT_QUOTAS 1521Do not build 1522.Xr quota 1 1523and related programs. 1524.It Va WITHOUT_RADIUS_SUPPORT 1525Do not build radius support into various applications, like 1526.Xr pam_radius 8 1527and 1528.Xr ppp 8 . 1529.It Va WITH_RATELIMIT 1530Build the system with rate limit support. 1531.Pp 1532This makes 1533.Dv SO_MAX_PACING_RATE 1534effective in 1535.Xr getsockopt 2 , 1536and 1537.Ar txrlimit 1538support in 1539.Xr ifconfig 8 , 1540by proxy. 1541.It Va WITHOUT_RBOOTD 1542Do not build or install 1543.Xr rbootd 8 . 1544.It Va WITHOUT_RELRO 1545Do not apply the Relocation Read-Only (RELRO) vulnerability mitigation. 1546See also the 1547.Va BIND_NOW 1548option. 1549.It Va WITH_REPRODUCIBLE_BUILD 1550Exclude build metadata (such as the build time, user, or host) 1551from the kernel, boot loaders, and uname output, so that builds produce 1552bit-for-bit identical output. 1553.It Va WITHOUT_RESCUE 1554Do not build 1555.Xr rescue 8 . 1556.It Va WITH_RETPOLINE 1557Build the base system with the retpoline speculative execution 1558vulnerability mitigation for CVE-2017-5715. 1559.It Va WITHOUT_ROUTED 1560Do not build 1561.Xr routed 8 1562utility. 1563.It Va WITH_RPCBIND_WARMSTART_SUPPORT 1564Build 1565.Xr rpcbind 8 1566with warmstart support. 1567.It Va WITHOUT_SCTP_SUPPORT 1568Disable support in the kernel for the 1569.Xr sctp 4 1570Stream Control Transmission Protocol 1571loadable kernel module. 1572.It Va WITHOUT_SENDMAIL 1573Do not build 1574.Xr sendmail 8 1575and related programs. 1576.It Va WITHOUT_SERVICESDB 1577Do not install 1578.Pa /var/db/services.db . 1579.It Va WITHOUT_SETUID_LOGIN 1580Set this to disable the installation of 1581.Xr login 1 1582as a set-user-ID root program. 1583.It Va WITHOUT_SHAREDOCS 1584Do not build the 1585.Bx 4.4 1586legacy docs. 1587.It Va WITH_SORT_THREADS 1588Enable threads in 1589.Xr sort 1 . 1590.It Va WITHOUT_SOURCELESS 1591Do not build kernel modules that include sourceless code (either microcode or native code for host CPU). 1592When set, it enforces these options: 1593.Pp 1594.Bl -item -compact 1595.It 1596.Va WITHOUT_SOURCELESS_HOST 1597.It 1598.Va WITHOUT_SOURCELESS_UCODE 1599.El 1600.It Va WITHOUT_SOURCELESS_HOST 1601Do not build kernel modules that include sourceless native code for host CPU. 1602.It Va WITHOUT_SOURCELESS_UCODE 1603Do not build kernel modules that include sourceless microcode. 1604.It Va WITHOUT_SPLIT_KERNEL_DEBUG 1605Do not build standalone kernel debug files. 1606Debug data (if enabled by the kernel configuration file) 1607will be included in the kernel and modules. 1608When set, it enforces these options: 1609.Pp 1610.Bl -item -compact 1611.It 1612.Va WITHOUT_KERNEL_SYMBOLS 1613.El 1614.It Va WITHOUT_SSP 1615Do not build world with stack smashing protection. 1616See 1617.Xr security 7 1618for more information. 1619.It Va WITH_STAGING 1620Enable staging of files to a stage tree. 1621This can be best thought of as auto-install to 1622.Va DESTDIR 1623with some extra meta data to ensure dependencies can be tracked. 1624Depends on 1625.Va WITH_DIRDEPS_BUILD . 1626When set, these options are also in effect: 1627.Pp 1628.Bl -inset -compact 1629.It Va WITH_STAGING_MAN 1630(unless 1631.Va WITHOUT_STAGING_MAN 1632is set explicitly) 1633.It Va WITH_STAGING_PROG 1634(unless 1635.Va WITHOUT_STAGING_PROG 1636is set explicitly) 1637.El 1638.Pp 1639This must be set in the environment, make command line, or 1640.Pa /etc/src-env.conf , 1641not 1642.Pa /etc/src.conf . 1643.It Va WITH_STAGING_MAN 1644Enable staging of man pages to stage tree. 1645.It Va WITH_STAGING_PROG 1646Enable staging of PROGs to stage tree. 1647.It Va WITH_STALE_STAGED 1648Check staged files are not stale. 1649.It Va WITHOUT_STATS 1650Neither build nor install 1651.Lb libstats 1652and dependent binaries. 1653.It Va WITHOUT_SYSCONS 1654Do not build 1655.Xr syscons 4 1656support files such as keyboard maps, fonts, and screen output maps. 1657.It Va WITH_SYSROOT 1658Enable use of sysroot during build. 1659Depends on 1660.Va WITH_DIRDEPS_BUILD . 1661.Pp 1662This must be set in the environment, make command line, or 1663.Pa /etc/src-env.conf , 1664not 1665.Pa /etc/src.conf . 1666.It Va WITHOUT_SYSTEM_COMPILER 1667Do not opportunistically skip building a cross-compiler during the 1668bootstrap phase of the build. 1669Normally, if the currently installed compiler matches the planned bootstrap 1670compiler type and revision, then it will not be built. 1671This does not prevent a compiler from being built for installation though, 1672only for building one for the build itself. 1673The 1674.Va WITHOUT_CLANG 1675option controls that. 1676.It Va WITHOUT_SYSTEM_LINKER 1677Do not opportunistically skip building a cross-linker during the 1678bootstrap phase of the build. 1679Normally, if the currently installed linker matches the planned bootstrap 1680linker type and revision, then it will not be built. 1681This does not prevent a linker from being built for installation though, 1682only for building one for the build itself. 1683The 1684.Va WITHOUT_LLD 1685option controls that. 1686.Pp 1687This option is only relevant when 1688.Va WITH_LLD_BOOTSTRAP 1689is set. 1690.It Va WITHOUT_TALK 1691Do not build or install 1692.Xr talk 1 1693and 1694.Xr talkd 8 . 1695.It Va WITHOUT_TCP_WRAPPERS 1696Do not build or install 1697.Xr tcpd 8 , 1698and related utilities. 1699.It Va WITHOUT_TCSH 1700Do not build and install 1701.Pa /bin/csh 1702(which is 1703.Xr tcsh 1 ) . 1704.It Va WITHOUT_TELNET 1705Do not build 1706.Xr telnet 1 1707and related programs. 1708.It Va WITHOUT_TESTS 1709Do not build nor install the 1710.Fx 1711Test Suite in 1712.Pa /usr/tests/ . 1713See 1714.Xr tests 7 1715for more details. 1716This also disables the build of all test-related dependencies, including ATF. 1717When set, it enforces these options: 1718.Pp 1719.Bl -item -compact 1720.It 1721.Va WITHOUT_DTRACE_TESTS 1722.It 1723.Va WITHOUT_ZFS_TESTS 1724.El 1725.Pp 1726When set, these options are also in effect: 1727.Pp 1728.Bl -inset -compact 1729.It Va WITHOUT_GOOGLETEST 1730(unless 1731.Va WITH_GOOGLETEST 1732is set explicitly) 1733.It Va WITHOUT_TESTS_SUPPORT 1734(unless 1735.Va WITH_TESTS_SUPPORT 1736is set explicitly) 1737.El 1738.It Va WITHOUT_TESTS_SUPPORT 1739Disable the build of all test-related dependencies, including ATF. 1740When set, it enforces these options: 1741.Pp 1742.Bl -item -compact 1743.It 1744.Va WITHOUT_GOOGLETEST 1745.El 1746.It Va WITHOUT_TEXTPROC 1747Do not build 1748programs used for text processing. 1749.It Va WITHOUT_TFTP 1750Do not build or install 1751.Xr tftp 1 1752and 1753.Xr tftpd 8 . 1754.It Va WITHOUT_TOOLCHAIN 1755Do not install 1756programs used for program development, 1757compilers, debuggers etc. 1758When set, it enforces these options: 1759.Pp 1760.Bl -item -compact 1761.It 1762.Va WITHOUT_CLANG 1763.It 1764.Va WITHOUT_CLANG_EXTRAS 1765.It 1766.Va WITHOUT_CLANG_FORMAT 1767.It 1768.Va WITHOUT_CLANG_FULL 1769.It 1770.Va WITHOUT_LLD 1771.It 1772.Va WITHOUT_LLDB 1773.It 1774.Va WITHOUT_LLVM_COV 1775.El 1776.It Va WITH_UBSAN 1777Build the base system with Undefined Behavior Sanitizer (UBSan) to detect 1778various kinds of undefined behavior at runtime. 1779Requires that Clang be used as the base system compiler 1780and that the runtime support library is available 1781.It Va WITHOUT_UNBOUND 1782Do not build 1783.Xr unbound 8 1784and related programs. 1785.It Va WITH_UNDEFINED_VERSION 1786Link libraries with --undefined-version which permits version maps to 1787contain symbols that are not present in the library. 1788If this is necessary to build a particular configuration, a bug is 1789present and the configuration should be reported. 1790.It Va WITHOUT_UNIFIED_OBJDIR 1791Use the historical object directory format for 1792.Xr build 7 1793targets. 1794For native-builds and builds done directly in sub-directories the format of 1795.Pa ${MAKEOBJDIRPREFIX}/${.CURDIR} 1796is used, 1797while for cross-builds 1798.Pa ${MAKEOBJDIRPREFIX}/${TARGET}.${TARGET_ARCH}/${.CURDIR} 1799is used. 1800.Pp 1801This option is transitional and will be removed in a future version of 1802.Fx , 1803at which time 1804.Va WITH_UNIFIED_OBJDIR 1805will be enabled permanently. 1806.Pp 1807This must be set in the environment, make command line, or 1808.Pa /etc/src-env.conf , 1809not 1810.Pa /etc/src.conf . 1811.It Va WITHOUT_USB 1812Do not build USB-related programs and libraries. 1813.It Va WITHOUT_USB_GADGET_EXAMPLES 1814Do not build USB gadget kernel modules. 1815.It Va WITHOUT_UTMPX 1816Do not build user accounting tools such as 1817.Xr last 1 , 1818.Xr users 1 , 1819.Xr who 1 , 1820.Xr ac 8 , 1821.Xr lastlogin 8 1822and 1823.Xr utx 8 . 1824.It Va WITH_VERIEXEC 1825Enable building 1826.Xr veriexec 8 1827which loads the contents of verified manifests into the kernel 1828for use by 1829.Xr mac_veriexec 4 1830.Pp 1831Depends on 1832.Va WITH_BEARSSL . 1833.It Va WITHOUT_VI 1834Do not build and install vi, view, ex and related programs. 1835.It Va WITHOUT_VT 1836Do not build 1837.Xr vt 4 1838support files (fonts and keymaps). 1839.It Va WITHOUT_WARNS 1840Set this to not add warning flags to the compiler invocations. 1841Useful as a temporary workaround when code enters the tree 1842which triggers warnings in environments that differ from the 1843original developer. 1844.It Va WITHOUT_WERROR 1845Set this to not treat compiler warnings as errors. 1846Useful as a temporary workaround when working on fixing compiler warnings. 1847When set, warnings are still printed in the build log but do not fail the build. 1848.It Va WITHOUT_WIRELESS 1849Do not build programs used for 802.11 wireless networks; especially 1850.Xr wpa_supplicant 8 1851and 1852.Xr hostapd 8 . 1853When set, these options are also in effect: 1854.Pp 1855.Bl -inset -compact 1856.It Va WITHOUT_WIRELESS_SUPPORT 1857(unless 1858.Va WITH_WIRELESS_SUPPORT 1859is set explicitly) 1860.El 1861.It Va WITHOUT_WIRELESS_SUPPORT 1862Build libraries, programs, and kernel modules without 1863802.11 wireless support. 1864.It Va WITHOUT_WPA_SUPPLICANT_EAPOL 1865Build 1866.Xr wpa_supplicant 8 1867without support for the IEEE 802.1X protocol and without 1868support for EAP-PEAP, EAP-TLS, EAP-LEAP, and EAP-TTLS 1869protocols (usable only via 802.1X). 1870.It Va WITHOUT_ZFS 1871Do not build the ZFS file system kernel module, libraries such as 1872.Xr libbe 3 , 1873and user commands such as 1874.Xr zpool 8 1875or 1876.Xr zfs 8 . 1877Also disable ZFS support in utilities and libraries which implement 1878ZFS-specific functionality. 1879When set, it enforces these options: 1880.Pp 1881.Bl -item -compact 1882.It 1883.Va WITHOUT_ZFS_TESTS 1884.El 1885.It Va WITHOUT_ZFS_TESTS 1886Do not build and install the legacy ZFS test suite. 1887.It Va WITHOUT_ZONEINFO 1888Do not build the timezone database. 1889When set, it enforces these options: 1890.Pp 1891.Bl -item -compact 1892.It 1893.Va WITHOUT_ZONEINFO_LEAPSECONDS_SUPPORT 1894.El 1895.It Va WITH_ZONEINFO_LEAPSECONDS_SUPPORT 1896Build leapsecond information in to the timezone database. 1897.El 1898.Pp 1899The following options accept a single value from a list of valid values. 1900.Bl -tag -width indent 1901.It Va INIT_ALL 1902Control default initialization of stack variables in C and C++ code. 1903Options other than 1904.Li none 1905require the Clang compiler or GCC 12.0 or later. 1906The default value is 1907.Li none . 1908Valid values are: 1909.Bl -tag -width indent 1910.It Li none 1911Do not initialize stack variables (standard C/C++ behavior). 1912.It Li pattern 1913Build the base system or kernel with stack variables initialized to 1914.Pq compiler defined 1915debugging patterns on function entry. 1916.It Li zero 1917Build the base system or kernel with stack variables initialized 1918to zero on function entry. 1919This value is converted to 1920.Li none 1921for amd64 kernel builds due to incompatability with ifunc memset. 1922.El 1923.It Va LIBC_MALLOC 1924Specify the 1925.Xr malloc 3 1926implementation used by libc. 1927The default value is 1928.Li jemalloc . 1929Valid values are: 1930.Bl -tag -width indent 1931.It Li jemalloc 1932.El 1933.Pp 1934Other implementations are expected in the future in both 1935.Fx 1936and downstream consumers. 1937.El 1938.Sh FILES 1939.Bl -tag -compact -width Pa 1940.It Pa /etc/src.conf 1941.It Pa /etc/src-env.conf 1942.It Pa /usr/share/mk/bsd.own.mk 1943.El 1944.Sh SEE ALSO 1945.Xr make 1 , 1946.Xr make.conf 5 , 1947.Xr build 7 , 1948.Xr ports 7 1949.Sh HISTORY 1950The 1951.Nm 1952file appeared in 1953.Fx 7.0 . 1954.Sh AUTHORS 1955This manual page was autogenerated by 1956.An tools/build/options/makeman . 1957