1.\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman. 2.Dd October 22, 2025 3.Dt SRC.CONF 5 4.Os 5.Sh NAME 6.Nm src.conf 7.Nd "source build options" 8.Sh DESCRIPTION 9The 10.Nm 11file contains variables that control what components will be generated during 12the build process of the 13.Fx 14source tree; see 15.Xr build 7 . 16.Pp 17The 18.Nm 19file uses the standard makefile syntax. 20However, 21.Nm 22should not specify any dependencies to 23.Xr make 1 . 24Instead, 25.Nm 26is to set 27.Xr make 1 28variables that control the aspects of how the system builds. 29.Pp 30The default location of 31.Nm 32is the top level of the source tree, or 33.Pa /etc/src.conf 34if no 35.Nm 36is found in the source tree itself, 37though an alternative location can be specified in the 38.Xr make 1 39variable 40.Va SRCCONF . 41Overriding the location of 42.Nm 43may be necessary if the system-wide settings are not suitable 44for a particular build. 45For instance, setting 46.Va SRCCONF 47to 48.Pa /dev/null 49effectively resets all build controls to their defaults. 50.Pp 51The only purpose of 52.Nm 53is to control the compilation of the 54.Fx 55source code, which is usually located in 56.Pa /usr/src . 57As a rule, the system administrator creates 58.Nm 59when the values of certain control variables need to be changed 60from their defaults. 61.Pp 62In addition, control variables can be specified 63for a particular build via the 64.Fl D 65option of 66.Xr make 1 67or in its environment; see 68.Xr environ 7 . 69.Pp 70The environment of 71.Xr make 1 72for the build can be controlled via the 73.Va SRC_ENV_CONF 74variable, which defaults to 75.Pa /etc/src-env.conf . 76Some examples that may only be set in this file are 77.Va WITH_DIRDEPS_BUILD , 78and 79.Va WITH_META_MODE , 80and 81.Va MAKEOBJDIRPREFIX 82as they are environment-only variables. 83.Pp 84The values of 85.Va WITH_ 86and 87.Va WITHOUT_ 88variables are ignored regardless of their setting; 89even if they would be set to 90.Dq Li FALSE 91or 92.Dq Li NO . 93The presence of an option causes 94it to be honored by 95.Xr make 1 . 96.Pp 97This list provides a name and short description for variables 98that can be used for source builds. 99.Bl -tag -width indent 100.It Va WITHOUT_ACCT 101Do not build process accounting tools such as 102.Xr accton 8 103and 104.Xr sa 8 . 105.It Va WITHOUT_ACPI 106Do not build 107.Xr acpiconf 8 , 108.Xr acpidump 8 109and related programs. 110.It Va WITHOUT_APM 111Do not build 112.Xr apm 8 , 113.Xr apmd 8 114and related programs. 115.It Va WITH_ASAN 116Build the base system with Address Sanitizer (ASan) to detect 117memory corruption bugs such as buffer overflows or use-after-free. 118Requires that Clang be used as the base system compiler 119and that the runtime support library is available. 120When set, it enforces these options: 121.Pp 122.Bl -item -compact 123.It 124.Va WITH_LLVM_BINUTILS 125.It 126.Va WITH_LLVM_CXXFILT 127.El 128.It Va WITHOUT_ASSERT_DEBUG 129Compile programs and libraries without the 130.Xr assert 3 131checks. 132.It Va WITHOUT_AT 133Do not build 134.Xr at 1 135and related utilities. 136.It Va WITHOUT_AUDIT 137Do not build audit support into system programs. 138.It Va WITHOUT_AUTHPF 139Do not build 140.Xr authpf 8 . 141.It Va WITHOUT_AUTOFS 142Do not build 143.Xr autofs 4 144related programs, libraries, and kernel modules. 145.It Va WITHOUT_AUTO_OBJ 146Disable automatic creation of objdirs. 147This is enabled by default if the wanted OBJDIR is writable by the current user. 148.Pp 149This must be set in the environment, make command line, or 150.Pa /etc/src-env.conf , 151not 152.Pa /etc/src.conf . 153.It Va WITH_BEARSSL 154Build the BearSSL library. 155.Pp 156BearSSL is a tiny SSL library suitable for embedded environments. 157For details see 158.Lk https://www.BearSSL.org/ 159.Pp 160This library is currently only used to perform 161signature verification and related operations 162for Verified Exec and 163.Xr loader 8 . 164.Pp 165Due to size constraints in the BIOS environment on x86, one may need to set 166.Va LOADERSIZE 167larger than the 168default 500000, although often loader is under the 500k limit even with 169this option. 170Setting 171.Va LOADERSIZE 172larger than 500000 may cause 173.Xr pxeboot 8 174to be too large to work. 175Careful testing of the loader in the target environment when built with a larger 176limit to establish safe limits is critical because different BIOS environments 177reserve differing amounts of the low 640k space, making a precise limit for 178everybody impossible. 179.Pp 180See also 181.Va WITH_LOADER_PXEBOOT 182for other considerations. 183When set, these options are also in effect: 184.Pp 185.Bl -inset -compact 186.It Va WITH_LOADER_EFI_SECUREBOOT 187(unless 188.Va WITHOUT_LOADER_EFI_SECUREBOOT 189is set explicitly) 190.It Va WITH_LOADER_VERIEXEC 191(unless 192.Va WITHOUT_LOADER_VERIEXEC 193is set explicitly) 194.It Va WITH_LOADER_VERIEXEC_VECTX 195(unless 196.Va WITHOUT_LOADER_VERIEXEC_VECTX 197is set explicitly) 198.It Va WITH_VERIEXEC 199(unless 200.Va WITHOUT_VERIEXEC 201is set explicitly) 202.El 203.It Va WITHOUT_BHYVE 204Do not build or install 205.Xr bhyve 8 , 206associated utilities, and examples. 207.Pp 208This option only affects amd64/amd64 and arm64/aarch64. 209.It Va WITH_BHYVE_SNAPSHOT 210Include support for save and restore (snapshots) in 211.Xr bhyve 8 212and 213.Xr bhyvectl 8 . 214.Pp 215This option only affects amd64/amd64. 216.It Va WITH_BIND_NOW 217Build all binaries with the 218.Dv DF_BIND_NOW 219flag set to indicate that the run-time loader should perform all relocation 220processing at process startup rather than on demand. 221The combination of the 222.Va BIND_NOW 223and 224.Va RELRO 225options provide "full" Relocation Read-Only (RELRO) support. 226With full RELRO the entire GOT is made read-only after performing relocation at 227startup, avoiding GOT overwrite attacks. 228.It Va WITHOUT_BLACKLIST 229This option has been renamed to 230.Va WITHOUT_BLOCKLIST . 231When set, it enforces these options: 232.Pp 233.Bl -item -compact 234.It 235.Va WITHOUT_BLOCKLIST 236.El 237.Pp 238When set, these options are also in effect: 239.Pp 240.Bl -inset -compact 241.It Va WITHOUT_BLACKLIST_SUPPORT 242(unless 243.Va WITH_BLACKLIST_SUPPORT 244is set explicitly) 245.It Va WITHOUT_BLOCKLIST_SUPPORT 246(unless 247.Va WITH_BLOCKLIST_SUPPORT 248is set explicitly) 249.El 250.It Va WITHOUT_BLACKLIST_SUPPORT 251This option has been renamed to 252.Va WITHOUT_BLOCKLIST_SUPPORT . 253When set, it enforces these options: 254.Pp 255.Bl -item -compact 256.It 257.Va WITHOUT_BLOCKLIST_SUPPORT 258.El 259.It Va WITHOUT_BLOCKLIST 260Set this if you do not want to build 261.Xr blocklistd 8 262and 263.Xr blocklistctl 8 . 264When set, these options are also in effect: 265.Pp 266.Bl -inset -compact 267.It Va WITHOUT_BLOCKLIST_SUPPORT 268(unless 269.Va WITH_BLOCKLIST_SUPPORT 270is set explicitly) 271.El 272.It Va WITHOUT_BLOCKLIST_SUPPORT 273Build some programs without 274.Xr libblocklist 3 275support, like 276.Xr fingerd 8 277and 278.Xr sshd 8 . 279.It Va WITHOUT_BLUETOOTH 280Do not build Bluetooth related kernel modules, programs and libraries. 281.It Va WITHOUT_BOOT 282Do not build the boot blocks and loader. 283.It Va WITHOUT_BOOTPARAMD 284Do not build or install 285.Xr bootparamd 8 . 286.It Va WITHOUT_BOOTPD 287Do not build or install 288.Xr bootpd 8 . 289.It Va WITH_BRANCH_PROTECTION 290Build with branch protection enabled. 291On arm64 enable the use of pointer authentication and 292branch target identification instructions on arm64. 293These can be used to help mitigate some exploit techniques. 294.It Va WITHOUT_BSDINSTALL 295Do not build 296.Xr bsdinstall 8 , 297.Xr sade 8 , 298and related programs. 299.It Va WITHOUT_BSD_CPIO 300Do not build the BSD licensed version of cpio based on 301.Xr libarchive 3 . 302.It Va WITHOUT_BSNMP 303Do not build or install 304.Xr bsnmpd 1 305and related libraries and data files. 306.It Va WITHOUT_BZIP2 307Do not build contributed bzip2 software as a part of the base system. 308.Bf -symbolic 309The option has no effect yet. 310.Ef 311When set, these options are also in effect: 312.Pp 313.Bl -inset -compact 314.It Va WITHOUT_BZIP2_SUPPORT 315(unless 316.Va WITH_BZIP2_SUPPORT 317is set explicitly) 318.El 319.It Va WITHOUT_BZIP2_SUPPORT 320Build some programs without optional bzip2 support. 321.It Va WITHOUT_CALENDAR 322Do not build 323.Xr calendar 1 . 324.It Va WITHOUT_CAROOT 325Do not add the trusted certificates from the Mozilla NSS bundle to 326base. 327.It Va WITHOUT_CASPER 328This option has no effect. 329.It Va WITH_CCACHE_BUILD 330Use 331.Xr ccache 1 332for the build. 333No configuration is required except to install the 334.Sy devel/ccache 335or 336.Sy devel/sccache 337package. 338When using with 339.Xr distcc 1 , 340set 341.Sy CCACHE_PREFIX=/usr/local/bin/distcc . 342When using with sccache 343set 344.Sy CCACHE_NAME=sccache 345in 346.Xr src.conf 5 . 347The default cache directory of 348.Pa $HOME/.ccache 349will be used, which can be overridden by setting 350.Sy CCACHE_DIR . 351The 352.Sy CCACHE_COMPILERCHECK 353option defaults to 354.Sy content 355when using the in-tree bootstrap compiler, 356and 357.Sy mtime 358when using an external compiler. 359The 360.Sy CCACHE_CPP2 361option is used for Clang but not GCC. 362.Pp 363Sharing a cache between multiple work directories requires using a layout 364similar to 365.Pa /some/prefix/src 366.Pa /some/prefix/obj 367and an environment such as: 368.Bd -literal -offset indent 369CCACHE_BASEDIR='${SRCTOP:H}' MAKEOBJDIRPREFIX='${SRCTOP:H}/obj' 370.Ed 371.Pp 372See 373.Xr ccache 1 374for more configuration options. 375.It Va WITHOUT_CCD 376Do not build 377.Xr geom_ccd 4 378and related utilities. 379.It Va WITHOUT_CDDL 380Do not build code licensed under Sun's CDDL. 381When set, it enforces these options: 382.Pp 383.Bl -item -compact 384.It 385.Va WITHOUT_CTF 386.It 387.Va WITHOUT_DTRACE 388.It 389.Va WITHOUT_LOADER_ZFS 390.It 391.Va WITHOUT_ZFS 392.It 393.Va WITHOUT_ZFS_TESTS 394.El 395.It Va WITHOUT_CLANG 396Do not build the Clang C/C++ compiler during the regular phase of the build. 397When set, it enforces these options: 398.Pp 399.Bl -item -compact 400.It 401.Va WITHOUT_CLANG_EXTRAS 402.It 403.Va WITHOUT_CLANG_FORMAT 404.It 405.Va WITHOUT_CLANG_FULL 406.It 407.Va WITHOUT_LLVM_COV 408.El 409.Pp 410When set, these options are also in effect: 411.Pp 412.Bl -inset -compact 413.It Va WITHOUT_LLVM_TARGET_AARCH64 414(unless 415.Va WITH_LLVM_TARGET_AARCH64 416is set explicitly) 417.It Va WITHOUT_LLVM_TARGET_ALL 418(unless 419.Va WITH_LLVM_TARGET_ALL 420is set explicitly) 421.It Va WITHOUT_LLVM_TARGET_ARM 422(unless 423.Va WITH_LLVM_TARGET_ARM 424is set explicitly) 425.It Va WITHOUT_LLVM_TARGET_POWERPC 426(unless 427.Va WITH_LLVM_TARGET_POWERPC 428is set explicitly) 429.It Va WITHOUT_LLVM_TARGET_RISCV 430(unless 431.Va WITH_LLVM_TARGET_RISCV 432is set explicitly) 433.El 434.It Va WITHOUT_CLANG_BOOTSTRAP 435Do not build the Clang C/C++ compiler during the bootstrap phase of 436the build. 437To be able to build the system, either gcc or clang bootstrap must be 438enabled unless an alternate compiler is provided via XCC. 439.It Va WITH_CLANG_EXTRAS 440Build additional clang and llvm tools, such as bugpoint and 441clang-format. 442.It Va WITH_CLANG_FORMAT 443Build clang-format. 444.It Va WITHOUT_CLANG_FULL 445Avoid building the ARCMigrate, Rewriter and StaticAnalyzer components of 446the Clang C/C++ compiler. 447.It Va WITH_CLEAN 448Clean before building world and/or kernel. 449Note that recording a new epoch in 450.Pa .clean_build_epoch 451in the root of the source tree will also force a clean world build. 452.It Va WITHOUT_CPP 453Do not build 454.Xr cpp 1 . 455.It Va WITHOUT_CROSS_COMPILER 456Do not build any cross compiler in the cross-tools stage of buildworld. 457When compiling a different version of 458.Fx 459than what is installed on the system, provide an alternate 460compiler with XCC to ensure success. 461When compiling with an identical version of 462.Fx 463to the host, this option may be safely used. 464This option may also be safe when the host version of 465.Fx 466is close to the sources being built, but all bets are off if there have 467been any changes to the toolchain between the versions. 468When set, it enforces these options: 469.Pp 470.Bl -item -compact 471.It 472.Va WITHOUT_CLANG_BOOTSTRAP 473.It 474.Va WITHOUT_ELFTOOLCHAIN_BOOTSTRAP 475.It 476.Va WITHOUT_LLD_BOOTSTRAP 477.El 478.It Va WITHOUT_CRYPT 479Do not build any crypto code. 480When set, it enforces these options: 481.Pp 482.Bl -item -compact 483.It 484.Va WITHOUT_DMAGENT 485.It 486.Va WITHOUT_KERBEROS 487.It 488.Va WITHOUT_LDNS 489.It 490.Va WITHOUT_LDNS_UTILS 491.It 492.Va WITHOUT_LOADER_ZFS 493.It 494.Va WITHOUT_MITKRB5 495.It 496.Va WITHOUT_OPENSSH 497.It 498.Va WITHOUT_OPENSSL 499.It 500.Va WITHOUT_OPENSSL_KTLS 501.It 502.Va WITHOUT_PKGBOOTSTRAP 503.It 504.Va WITHOUT_UNBOUND 505.It 506.Va WITHOUT_ZFS 507.It 508.Va WITHOUT_ZFS_TESTS 509.El 510.Pp 511When set, these options are also in effect: 512.Pp 513.Bl -inset -compact 514.It Va WITHOUT_KERBEROS_SUPPORT 515(unless 516.Va WITH_KERBEROS_SUPPORT 517is set explicitly) 518.El 519.It Va WITH_CTF 520Compile with CTF (Compact C Type Format) data. 521CTF data encapsulates a reduced form of debugging information 522similar to DWARF and the venerable stabs and is required for DTrace. 523.It Va WITHOUT_CUSE 524Do not build CUSE-related programs and libraries. 525.It Va WITHOUT_CXGBETOOL 526Do not build 527.Xr cxgbetool 8 528.Pp 529This is a default setting on 530arm/armv7 and riscv/riscv64. 531.It Va WITH_CXGBETOOL 532Build 533.Xr cxgbetool 8 534.Pp 535This is a default setting on 536amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. 537.It Va WITHOUT_DEBUG_FILES 538Avoid building or installing standalone debug files for each 539executable binary and shared library. 540.It Va WITH_DETECT_TZ_CHANGES 541Make the time handling code detect changes to the timezone files. 542.It Va WITH_DIALOG 543Do build 544.Xr dialog 1 , 545.Xr dialog 3 , 546.Xr dpv 1 , 547and 548.Xr dpv 3 . 549.It Va WITHOUT_DICT 550Do not build the Webster dictionary files. 551.It Va WITH_DIRDEPS_BUILD 552This is an alternate build system. 553For details see 554https://www.crufty.net/sjg/docs/freebsd-meta-mode.htm. 555Build commands can be seen from the top-level with: 556.Dl make show-valid-targets 557The build is driven by dirdeps.mk using 558.Va DIRDEPS 559stored in 560Makefile.depend files found in each directory. 561.Pp 562The build can be started from anywhere, and behaves the same. 563The initial instance of 564.Xr make 1 565recursively reads 566.Va DIRDEPS 567from 568.Pa Makefile.depend , 569computing a graph of tree dependencies from the current origin. 570Setting 571.Va NO_DIRDEPS 572skips checking dirdep dependencies and will only build in the current 573and child directories. 574.Va NO_DIRDEPS_BELOW 575skips building any dirdeps and only build the current directory. 576.Pp 577This also utilizes the 578.Va WITH_META_MODE 579logic for incremental builds. 580.Pp 581The build hides commands executed unless 582.Va NO_SILENT 583is defined. 584.Pp 585Note that there is currently no mass install feature for this. 586This build is designed for producing packages, that can then be installed 587on a target system. 588.Pp 589The implementation in 590.Fx 591is incomplete. 592Completion would require leaf directories for building each kernel 593and package so that their dependencies can be tracked. 594When set, it enforces these options: 595.Pp 596.Bl -item -compact 597.It 598.Va WITH_INSTALL_AS_USER 599.El 600.Pp 601When set, these options are also in effect: 602.Pp 603.Bl -inset -compact 604.It Va WITH_META_ERROR_TARGET 605(unless 606.Va WITHOUT_META_ERROR_TARGET 607is set explicitly) 608.It Va WITH_META_MODE 609(unless 610.Va WITHOUT_META_MODE 611is set explicitly) 612.It Va WITH_STAGING 613(unless 614.Va WITHOUT_STAGING 615is set explicitly) 616.It Va WITH_STAGING_MAN 617(unless 618.Va WITHOUT_STAGING_MAN 619is set explicitly) 620.It Va WITH_STAGING_PROG 621(unless 622.Va WITHOUT_STAGING_PROG 623is set explicitly) 624.It Va WITH_SYSROOT 625(unless 626.Va WITHOUT_SYSROOT 627is set explicitly) 628.El 629.Pp 630This must be set in the environment, make command line, or 631.Pa /etc/src-env.conf , 632not 633.Pa /etc/src.conf . 634.It Va WITH_DIRDEPS_CACHE 635Cache result of dirdeps.mk which can save significant time 636for subsequent builds. 637Depends on 638.Va WITH_DIRDEPS_BUILD . 639.Pp 640This must be set in the environment, make command line, or 641.Pa /etc/src-env.conf , 642not 643.Pa /etc/src.conf . 644.It Va WITH_DISK_IMAGE_TOOLS_BOOTSTRAP 645Build 646.Xr etdump 1 , 647.Xr makefs 8 648and 649.Xr mkimg 1 650as bootstrap tools. 651.It Va WITHOUT_DMAGENT 652Do not build dma Mail Transport Agent. 653.It Va WITHOUT_DOCCOMPRESS 654Do not install compressed system documentation. 655Only the uncompressed version will be installed. 656.It Va WITHOUT_DTRACE 657Do not build DTrace framework kernel modules, libraries, and user commands. 658When set, it enforces these options: 659.Pp 660.Bl -item -compact 661.It 662.Va WITHOUT_CTF 663.El 664.It Va WITH_DTRACE_ASAN 665Compile userspace DTrace code (libdtrace, dtrace(1), lockstat(1), plockstat(1)) 666with address and undefined behavior sanitizers. 667Requires that Clang be used as the base system compiler 668and that the runtime support library is available. 669.It Va WITH_DTRACE_TESTS 670Build and install the DTrace test suite in 671.Pa /usr/tests/cddl/usr.sbin/dtrace . 672This test suite is considered experimental on architectures other than 673amd64/amd64 and running it may cause system instability. 674.It Va WITHOUT_DYNAMICROOT 675Set this if you do not want to link 676.Pa /bin 677and 678.Pa /sbin 679dynamically. 680.It Va WITHOUT_EE 681Do not build and install 682.Xr edit 1 , 683.Xr ee 1 , 684and related programs. 685.It Va WITHOUT_EFI 686Set not to build 687.Xr efivar 3 688and 689.Xr efivar 8 . 690.Pp 691This is a default setting on 692i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. 693.It Va WITH_EFI 694Build 695.Xr efivar 3 696and 697.Xr efivar 8 . 698.Pp 699This is a default setting on 700amd64/amd64, arm/armv7, arm64/aarch64 and riscv/riscv64. 701.It Va WITHOUT_ELFTOOLCHAIN_BOOTSTRAP 702Do not build ELF Tool Chain tools 703(addr2line, nm, size, strings and strip) 704as part of the bootstrap process. 705.Bf -symbolic 706An alternate bootstrap tool chain must be provided. 707.Ef 708.It Va WITHOUT_EXAMPLES 709Avoid installing examples to 710.Pa /usr/share/examples/ . 711.It Va WITH_EXPERIMENTAL 712Include experimental features in the build. 713.It Va WITHOUT_FDT 714Do not build Flattened Device Tree support as part of the base system. 715This includes the device tree compiler (dtc) and libfdt support library. 716.Pp 717This is a default setting on 718amd64/amd64 and i386/i386. 719.It Va WITH_FDT 720Build Flattened Device Tree support as part of the base system. 721This includes the device tree compiler (dtc) and libfdt support library. 722.Pp 723This is a default setting on 724arm/armv7, arm64/aarch64, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 725.It Va WITHOUT_FILE 726Do not build 727.Xr file 1 728and related programs. 729.It Va WITHOUT_FINGER 730Do not build or install 731.Xr finger 1 732and 733.Xr fingerd 8 . 734.It Va WITHOUT_FLOPPY 735Do not build or install programs 736for operating floppy disk driver. 737.It Va WITHOUT_FORMAT_EXTENSIONS 738Do not enable 739.Fl fformat-extensions 740when compiling the kernel. 741Also disables all format checking. 742.It Va WITHOUT_FORTH 743Build bootloaders without Forth support. 744.It Va WITHOUT_FP_LIBC 745Build 746.Nm libc 747without floating-point support. 748.It Va WITHOUT_FREEBSD_UPDATE 749Do not build 750.Xr freebsd-update 8 . 751.It Va WITHOUT_FTP 752Do not build or install 753.Xr ftp 1 . 754.It Va WITHOUT_GAMES 755Do not build games. 756.It Va WITHOUT_GNU_DIFF 757Do not build GNU 758.Xr diff3 1 ; 759build BSD 760.Xr diff3 1 761instead. 762.It Va WITHOUT_GOOGLETEST 763Neither build nor install 764.Lb libgmock , 765.Lb libgtest , 766and dependent tests. 767.It Va WITHOUT_GPIO 768Do not build 769.Xr gpioctl 8 770as part of the base system. 771.It Va WITHOUT_HAST 772Do not build 773.Xr hastd 8 774and related utilities. 775.It Va WITH_HESIOD 776Build Hesiod support. 777.It Va WITHOUT_HTML 778Do not build HTML docs. 779.It Va WITHOUT_HYPERV 780Do not build or install HyperV utilities. 781.Pp 782This is a default setting on 783arm/armv7, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 784.It Va WITH_HYPERV 785Build or install HyperV utilities. 786.Pp 787This is a default setting on 788amd64/amd64, arm64/aarch64 and i386/i386. 789.It Va WITHOUT_ICONV 790Do not build iconv as part of libc. 791.It Va WITHOUT_INCLUDES 792Do not install header files. 793This option used to be spelled 794.Va NO_INCS . 795.Bf -symbolic 796The option does not work for build targets. 797.Ef 798.It Va WITHOUT_INET 799Do not build programs and libraries related to IPv4 networking. 800When set, it enforces these options: 801.Pp 802.Bl -item -compact 803.It 804.Va WITHOUT_INET_SUPPORT 805.El 806.It Va WITHOUT_INET6 807Do not build 808programs and libraries related to IPv6 networking. 809When set, it enforces these options: 810.Pp 811.Bl -item -compact 812.It 813.Va WITHOUT_INET6_SUPPORT 814.El 815.It Va WITHOUT_INET6_SUPPORT 816Build libraries, programs, and kernel modules without IPv6 support. 817.It Va WITHOUT_INETD 818Do not build 819.Xr inetd 8 . 820.It Va WITHOUT_INET_SUPPORT 821Build libraries, programs, and kernel modules without IPv4 support. 822.It Va WITHOUT_INSTALLLIB 823Set this to not install optional libraries. 824For example, when creating a 825.Xr nanobsd 8 826image. 827.Bf -symbolic 828The option does not work for build targets. 829.Ef 830.It Va WITH_INSTALL_AS_USER 831Make install targets succeed for non-root users by installing 832files with owner and group attributes set to that of the user running 833the 834.Xr make 1 835command. 836The user still must set the 837.Va DESTDIR 838variable to point to a directory where the user has write permissions. 839.It Va WITHOUT_IPFILTER 840Do not build IP Filter package. 841.It Va WITHOUT_IPFW 842Do not build IPFW tools. 843.It Va WITHOUT_IPSEC_SUPPORT 844Do not build the kernel with 845.Xr ipsec 4 846support. 847This option is needed for 848.Xr ipsec 4 849and 850.Xr tcpmd5 4 . 851.It Va WITHOUT_ISCSI 852Do not build 853.Xr iscsid 8 854and related utilities. 855.It Va WITHOUT_JAIL 856Do not build tools for the support of jails; e.g., 857.Xr jail 8 . 858.It Va WITHOUT_JEMALLOC_LG_VADDR_WIDE 859Disallow programs to use more than 48 address bits on amd64. 860Incompatible with LA57 mode. 861Enabling this option might result in a slight reduction in memory 862consumption for jemalloc metadata, but also requires disabling LA57 863(if hardware supports it). 864.It Va WITHOUT_KDUMP 865Do not build 866.Xr kdump 1 867and 868.Xr truss 1 . 869.It Va WITHOUT_KERBEROS 870Set this to not build Kerberos. 871When set, these options are also in effect: 872.Pp 873.Bl -inset -compact 874.It Va WITHOUT_KERBEROS_SUPPORT 875(unless 876.Va WITH_KERBEROS_SUPPORT 877is set explicitly) 878.El 879.It Va WITHOUT_KERBEROS_SUPPORT 880Build some programs without Kerberos support, like 881.Xr ssh 1 , 882.Xr telnet 1 , 883and 884.Xr sshd 8 . 885.It Va WITH_KERNEL_BIN 886Generate and install kernel.bin from kernel as part of the normal build and 887install processes for the kernel. Available only on arm and arm64. 888 889Usually this will be added to the kernel config file with: 890 891makeoptions WITH_KERNEL_BIN=1 892 893though it can also be used on the command line. 894.It Va WITH_KERNEL_RETPOLINE 895Enable the "retpoline" mitigation for CVE-2017-5715 in the kernel 896build. 897.It Va WITHOUT_KERNEL_SYMBOLS 898Do not install standalone kernel debug symbol files. 899This option has no effect at build time. 900.It Va WITHOUT_KVM 901Do not build the 902.Nm libkvm 903library as a part of the base system. 904.Bf -symbolic 905The option has no effect yet. 906.Ef 907When set, these options are also in effect: 908.Pp 909.Bl -inset -compact 910.It Va WITHOUT_KVM_SUPPORT 911(unless 912.Va WITH_KVM_SUPPORT 913is set explicitly) 914.El 915.It Va WITHOUT_KVM_SUPPORT 916Build some programs without optional 917.Nm libkvm 918support. 919.It Va WITHOUT_LDNS 920Setting this variable will prevent the LDNS library from being built. 921When set, it enforces these options: 922.Pp 923.Bl -item -compact 924.It 925.Va WITHOUT_LDNS_UTILS 926.It 927.Va WITHOUT_UNBOUND 928.El 929.It Va WITHOUT_LDNS_UTILS 930Setting this variable will prevent building the LDNS utilities 931.Xr drill 1 932and 933.Xr host 1 . 934.It Va WITHOUT_LEGACY_CONSOLE 935Do not build programs that support a legacy PC console; e.g., 936.Xr kbdcontrol 1 937and 938.Xr vidcontrol 1 . 939.It Va WITHOUT_LIB32 940On 64-bit platforms, do not build 32-bit library set and a 941.Nm ld-elf32.so.1 942runtime linker. 943.Pp 944This is a default setting on 945arm/armv7, i386/i386, powerpc/powerpc64le and riscv/riscv64. 946.It Va WITH_LIB32 947On 64-bit platforms, build the 32-bit library set and a 948.Nm ld-elf32.so.1 949runtime linker. 950.Pp 951This is a default setting on 952amd64/amd64, arm64/aarch64 and powerpc/powerpc64. 953.It Va WITHOUT_LLD 954Do not build LLVM's lld linker. 955.It Va WITHOUT_LLDB 956Do not build the LLDB debugger. 957.Pp 958This is a default setting on 959riscv/riscv64. 960.It Va WITH_LLDB 961Build the LLDB debugger. 962.Pp 963This is a default setting on 964amd64/amd64, arm/armv7, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. 965.It Va WITHOUT_LLD_BOOTSTRAP 966Do not build the LLD linker during the bootstrap phase of 967the build. 968To be able to build the system an alternate linker must be provided via XLD. 969.It Va WITHOUT_LLVM_ASSERTIONS 970Disable debugging assertions in LLVM. 971.It Va WITHOUT_LLVM_BINUTILS 972Install ELF Tool Chain's binary utilities instead of LLVM's. 973This includes 974.Xr addr2line 1 , 975.Xr ar 1 , 976.Xr nm 1 , 977.Xr objcopy 1 , 978.Xr ranlib 1 , 979.Xr readelf 1 , 980.Xr size 1 , 981and 982.Xr strip 1 . 983Regardless of this setting, LLVM tools are used for 984.Xr c++filt 1 985and 986.Xr objdump 1 . 987.Xr strings 1 988is always provided by ELF Tool Chain. 989.It Va WITHOUT_LLVM_COV 990Do not build the 991.Xr llvm-cov 1 992tool. 993.It Va WITHOUT_LLVM_CXXFILT 994Install ELF Tool Chain's cxxfilt as c++filt, instead of LLVM's llvm-cxxfilt. 995.It Va WITH_LLVM_FULL_DEBUGINFO 996Generate full debug information for LLVM libraries and tools, which uses 997more disk space and build resources, but allows for easier debugging. 998.It Va WITHOUT_LLVM_TARGET_AARCH64 999Do not build LLVM target support for AArch64. 1000The 1001.Va LLVM_TARGET_ALL 1002option should be used rather than this in most cases. 1003.It Va WITHOUT_LLVM_TARGET_ALL 1004Only build the required LLVM target support. 1005This option is preferred to specific target support options. 1006When set, these options are also in effect: 1007.Pp 1008.Bl -inset -compact 1009.It Va WITHOUT_LLVM_TARGET_AARCH64 1010(unless 1011.Va WITH_LLVM_TARGET_AARCH64 1012is set explicitly) 1013.It Va WITHOUT_LLVM_TARGET_ARM 1014(unless 1015.Va WITH_LLVM_TARGET_ARM 1016is set explicitly) 1017.It Va WITHOUT_LLVM_TARGET_POWERPC 1018(unless 1019.Va WITH_LLVM_TARGET_POWERPC 1020is set explicitly) 1021.It Va WITHOUT_LLVM_TARGET_RISCV 1022(unless 1023.Va WITH_LLVM_TARGET_RISCV 1024is set explicitly) 1025.El 1026.It Va WITHOUT_LLVM_TARGET_ARM 1027Do not build LLVM target support for ARM. 1028The 1029.Va LLVM_TARGET_ALL 1030option should be used rather than this in most cases. 1031.It Va WITH_LLVM_TARGET_BPF 1032Build LLVM target support for BPF. 1033The 1034.Va LLVM_TARGET_ALL 1035option should be used rather than this in most cases. 1036.It Va WITH_LLVM_TARGET_MIPS 1037Build LLVM target support for MIPS. 1038The 1039.Va LLVM_TARGET_ALL 1040option should be used rather than this in most cases. 1041.It Va WITHOUT_LLVM_TARGET_POWERPC 1042Do not build LLVM target support for PowerPC. 1043The 1044.Va LLVM_TARGET_ALL 1045option should be used rather than this in most cases. 1046.It Va WITHOUT_LLVM_TARGET_RISCV 1047Do not build LLVM target support for RISC-V. 1048The 1049.Va LLVM_TARGET_ALL 1050option should be used rather than this in most cases. 1051.It Va WITHOUT_LLVM_TARGET_X86 1052Do not build LLVM target support for X86. 1053The 1054.Va LLVM_TARGET_ALL 1055option should be used rather than this in most cases. 1056.It Va WITHOUT_LOADER_BIOS_TEXTONLY 1057Include graphics, font and video mode support in the i386 and amd64 BIOS 1058boot loader. 1059.It Va WITH_LOADER_EFI_SECUREBOOT 1060Enable building 1061.Xr loader 8 1062with support for verification based on certificates obtained from UEFI. 1063.It Va WITHOUT_LOADER_GELI 1064Disable inclusion of GELI crypto support in the boot chain binaries. 1065.Pp 1066This is a default setting on 1067powerpc/powerpc64 and powerpc/powerpc64le. 1068.It Va WITH_LOADER_GELI 1069Build GELI bootloader support. 1070.Pp 1071This is a default setting on 1072amd64/amd64, arm/armv7, arm64/aarch64, i386/i386 and riscv/riscv64. 1073.It Va WITHOUT_LOADER_IA32 1074Do not build the 32-bit UEFI loader. 1075.Pp 1076This is a default setting on 1077arm/armv7, arm64/aarch64, i386/i386, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 1078.It Va WITH_LOADER_IA32 1079Build the 32-bit UEFI loader. 1080.Pp 1081This is a default setting on 1082amd64/amd64. 1083.It Va WITHOUT_LOADER_KBOOT 1084Do not build kboot, a linuxboot environment loader 1085.Pp 1086This is a default setting on 1087arm/armv7, i386/i386, powerpc/powerpc64le and riscv/riscv64. 1088.It Va WITH_LOADER_KBOOT 1089Build kboot, a linuxboot environment loader 1090.Pp 1091This is a default setting on 1092amd64/amd64, arm64/aarch64 and powerpc/powerpc64. 1093.It Va WITHOUT_LOADER_LUA 1094Do not build LUA bindings for the boot loader. 1095.Pp 1096This is a default setting on 1097powerpc/powerpc64 and powerpc/powerpc64le. 1098.It Va WITH_LOADER_LUA 1099Build LUA bindings for the boot loader. 1100.Pp 1101This is a default setting on 1102amd64/amd64, arm/armv7, arm64/aarch64, i386/i386 and riscv/riscv64. 1103.It Va WITHOUT_LOADER_OFW 1104Disable building of openfirmware bootloader components. 1105.Pp 1106This is a default setting on 1107amd64/amd64, arm/armv7, arm64/aarch64, i386/i386 and riscv/riscv64. 1108.It Va WITH_LOADER_OFW 1109Build openfirmware bootloader components. 1110.Pp 1111This is a default setting on 1112powerpc/powerpc64 and powerpc/powerpc64le. 1113.It Va WITHOUT_LOADER_PXEBOOT 1114Do not build pxeboot on i386/amd64. 1115When the pxeboot is too large, or unneeded, it may be disabled with this option. 1116See 1117.Va WITH_LOADER_PXEBOOT 1118for how to adjust the defaults when you need both a larger 1119.Pa /boot/loader 1120and 1121.Pa /boot/pxeboot 1122.Pp 1123This option only has an effect on x86. 1124.It Va WITHOUT_LOADER_UBOOT 1125Disable building of ubldr. 1126.Pp 1127This is a default setting on 1128amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64le and riscv/riscv64. 1129.It Va WITH_LOADER_UBOOT 1130Build ubldr. 1131.Pp 1132This is a default setting on 1133arm/armv7 and powerpc/powerpc64. 1134.It Va WITH_LOADER_VERBOSE 1135Build with extra verbose debugging in the loader. 1136May explode already nearly too large loader over the limit. 1137Use with care. 1138.It Va WITH_LOADER_VERIEXEC 1139Enable building 1140.Xr loader 8 1141with support for verification similar to Verified Exec. 1142.Pp 1143Depends on 1144.Va WITH_BEARSSL . 1145May require a larger 1146.Va LOADERSIZE . 1147When set, these options are also in effect: 1148.Pp 1149.Bl -inset -compact 1150.It Va WITH_LOADER_EFI_SECUREBOOT 1151(unless 1152.Va WITHOUT_LOADER_EFI_SECUREBOOT 1153is set explicitly) 1154.It Va WITH_LOADER_VERIEXEC_VECTX 1155(unless 1156.Va WITHOUT_LOADER_VERIEXEC_VECTX 1157is set explicitly) 1158.El 1159.It Va WITH_LOADER_VERIEXEC_PASS_MANIFEST 1160Enable building 1161.Xr loader 8 1162with support to pass a verified manifest to the kernel. 1163The kernel has to be built with a module to parse the manifest. 1164.Pp 1165Depends on 1166.Va WITH_LOADER_VERIEXEC . 1167.It Va WITH_LOADER_VERIEXEC_VECTX 1168Enable building 1169.Xr loader 8 1170with support for hashing and verifying kernel and modules as a side effect 1171of loading. 1172.Pp 1173Depends on 1174.Va WITH_LOADER_VERIEXEC . 1175.It Va WITHOUT_LOADER_ZFS 1176Do not build ZFS file system boot loader support. 1177.It Va WITHOUT_LOCALES 1178Do not build localization files; see 1179.Xr locale 1 . 1180.It Va WITHOUT_LOCATE 1181Do not build 1182.Xr locate 1 1183and related programs. 1184.It Va WITHOUT_LPR 1185Do not build 1186.Xr lpr 1 1187and related programs. 1188.It Va WITHOUT_LS_COLORS 1189Build 1190.Xr ls 1 1191without support for colors to distinguish file types. 1192.It Va WITHOUT_MACHDEP_OPTIMIZATIONS 1193Prefer machine-independent non-assembler code in libc and libm. 1194.It Va WITHOUT_MAIL 1195Do not build any mail support (MUA or MTA). 1196When set, it enforces these options: 1197.Pp 1198.Bl -item -compact 1199.It 1200.Va WITHOUT_DMAGENT 1201.It 1202.Va WITHOUT_MAILWRAPPER 1203.It 1204.Va WITHOUT_SENDMAIL 1205.El 1206.It Va WITHOUT_MAILWRAPPER 1207Do not build the 1208.Xr mailwrapper 8 1209MTA selector. 1210.It Va WITHOUT_MAKE 1211Do not install 1212.Xr make 1 1213and related support files. 1214.It Va WITHOUT_MAKE_CHECK_USE_SANDBOX 1215Do not execute 1216.Dq Li "make check" 1217in limited sandbox mode. 1218This option should be paired with 1219.Va WITH_INSTALL_AS_USER 1220if executed as an unprivileged user. 1221See 1222.Xr tests 7 1223for more details. 1224.It Va WITH_MALLOC_PRODUCTION 1225Disable assertions and statistics gathering in 1226.Xr malloc 3 . 1227The run-time options 1228.Dv opt.abort , 1229.Dv opt.abort_conf , 1230and 1231.Dv opt.junk 1232also default to false. 1233.It Va WITHOUT_MAN 1234Do not build manual pages. 1235When set, these options are also in effect: 1236.Pp 1237.Bl -inset -compact 1238.It Va WITHOUT_MAN_UTILS 1239(unless 1240.Va WITH_MAN_UTILS 1241is set explicitly) 1242.El 1243.It Va WITHOUT_MANCOMPRESS 1244Do not install compressed man pages. 1245Only the uncompressed versions will be installed. 1246.It Va WITH_MANSPLITPKG 1247Split man pages into their own packages during make package. 1248.It Va WITHOUT_MAN_UTILS 1249Do not build utilities for manual pages, 1250.Xr apropos 1 , 1251.Xr makewhatis 1 , 1252.Xr man 1 , 1253.Xr whatis 1 , 1254.Xr manctl 8 , 1255and related support files. 1256.It Va WITH_META_ERROR_TARGET 1257Enable the META_MODE .ERROR target. 1258.Pp 1259This target will copy the meta file of a failed target 1260to 1261.Va ERROR_LOGDIR 1262(default is 1263.Ql ${SRCTOP:H}/error ) 1264to help with failure analysis. 1265Depends on 1266.Va WITH_META_MODE . 1267This default when 1268.Va WITH_DIRDEPS_BUILD 1269is set. 1270.Pp 1271This must be set in the environment, make command line, or 1272.Pa /etc/src-env.conf , 1273not 1274.Pa /etc/src.conf . 1275.It Va WITH_META_MODE 1276Create 1277.Xr make 1 1278meta files when building, which can provide a reliable incremental build when 1279using 1280.Xr filemon 4 . 1281The meta file is created in OBJDIR as 1282.Pa target.meta . 1283These meta files track the command that was executed, its output, and the 1284current directory. 1285The 1286.Xr filemon 4 1287module is required unless 1288.Va NO_FILEMON 1289is defined. 1290When the module is loaded, any files used by the commands executed are 1291tracked as dependencies for the target in its meta file. 1292The target is considered out-of-date and rebuilt if any of these 1293conditions are true compared to the last build: 1294.Bl -bullet -compact 1295.It 1296The command to execute changes. 1297.It 1298The current working directory changes. 1299.It 1300The target's meta file is missing. 1301.It 1302The target's meta file is missing filemon data when filemon is loaded 1303and a previous run did not have it loaded. 1304.It 1305[requires 1306.Xr filemon 4 ] 1307Files read, executed or linked to are newer than the target. 1308.It 1309[requires 1310.Xr filemon 4 ] 1311Files read, written, executed or linked are missing. 1312.El 1313The meta files can also be useful for debugging. 1314.Pp 1315The build hides commands that are executed unless 1316.Va NO_SILENT 1317is defined. 1318Errors cause 1319.Xr make 1 1320to show some of its environment for further debugging. 1321.Pp 1322The build operates as it normally would otherwise. 1323This option originally invoked a different build system but that was renamed 1324to 1325.Va WITH_DIRDEPS_BUILD . 1326.Pp 1327This must be set in the environment, make command line, or 1328.Pa /etc/src-env.conf , 1329not 1330.Pa /etc/src.conf . 1331.It Va WITHOUT_MITKRB5 1332Set this to build KTH Heimdal instead of MIT Kerberos 5. 1333.It Va WITHOUT_MLX5TOOL 1334Do not build 1335.Xr mlx5tool 8 1336.Pp 1337This is a default setting on 1338arm/armv7 and riscv/riscv64. 1339.It Va WITH_MLX5TOOL 1340Build 1341.Xr mlx5tool 8 1342.Pp 1343This is a default setting on 1344amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. 1345.It Va WITHOUT_NETCAT 1346Do not build 1347.Xr nc 1 1348utility. 1349.It Va WITHOUT_NETGRAPH 1350Do not build applications to support 1351.Xr netgraph 4 . 1352When set, it enforces these options: 1353.Pp 1354.Bl -item -compact 1355.It 1356.Va WITHOUT_BLUETOOTH 1357.El 1358.Pp 1359When set, these options are also in effect: 1360.Pp 1361.Bl -inset -compact 1362.It Va WITHOUT_NETGRAPH_SUPPORT 1363(unless 1364.Va WITH_NETGRAPH_SUPPORT 1365is set explicitly) 1366.El 1367.It Va WITHOUT_NETGRAPH_SUPPORT 1368Build libraries, programs, and kernel modules without netgraph support. 1369.It Va WITHOUT_NETLINK 1370Do not build 1371.Xr genl 1 1372utility. 1373.It Va WITHOUT_NETLINK_SUPPORT 1374Make libraries and programs use rtsock and 1375.Xr sysctl 3 1376interfaces instead of 1377.Xr snl 3 . 1378.It Va WITHOUT_NIS 1379Do not build 1380.Xr NIS 8 1381support and related programs. 1382If set, you might need to adopt your 1383.Xr nsswitch.conf 5 1384and remove 1385.Sq nis 1386entries. 1387.It Va WITHOUT_NLS 1388Do not build NLS catalogs. 1389When set, it enforces these options: 1390.Pp 1391.Bl -item -compact 1392.It 1393.Va WITHOUT_NLS_CATALOGS 1394.El 1395.It Va WITHOUT_NLS_CATALOGS 1396Do not build NLS catalog support for 1397.Xr csh 1 . 1398.It Va WITHOUT_NS_CACHING 1399Disable name caching in the 1400.Pa nsswitch 1401subsystem. 1402The generic caching daemon, 1403.Xr nscd 8 , 1404will not be built either if this option is set. 1405.It Va WITHOUT_NTP 1406Do not build 1407.Xr ntpd 8 1408and related programs. 1409.It Va WITHOUT_NUAGEINIT 1410Do not install the limited cloud init support scripts. 1411.It Va WITHOUT_OFED 1412Do not build the 1413.Dq "OpenFabrics Enterprise Distribution" 1414InfiniBand software stack, including kernel modules and userspace libraries. 1415.Pp 1416This is a default setting on 1417arm/armv7. 1418When set, it enforces these options: 1419.Pp 1420.Bl -item -compact 1421.It 1422.Va WITHOUT_OFED_EXTRA 1423.El 1424.It Va WITH_OFED 1425Build the 1426.Dq "OpenFabrics Enterprise Distribution" 1427InfiniBand software stack, including kernel modules and userspace libraries. 1428.Pp 1429This is a default setting on 1430amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 1431.It Va WITH_OFED_EXTRA 1432Build the non-essential components of the 1433.Dq "OpenFabrics Enterprise Distribution" 1434Infiniband software stack, mostly examples. 1435.It Va WITH_OPENLDAP 1436Enable building LDAP support for kerberos using an openldap client from ports. 1437.It Va WITHOUT_OPENMP 1438Do not build LLVM's OpenMP runtime. 1439.Pp 1440This is a default setting on 1441arm/armv7. 1442.It Va WITH_OPENMP 1443Build LLVM's OpenMP runtime. 1444.Pp 1445This is a default setting on 1446amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 1447.It Va WITHOUT_OPENSSH 1448Do not build OpenSSH. 1449.It Va WITHOUT_OPENSSL 1450Do not build OpenSSL. 1451When set, it enforces these options: 1452.Pp 1453.Bl -item -compact 1454.It 1455.Va WITHOUT_DMAGENT 1456.It 1457.Va WITHOUT_KERBEROS 1458.It 1459.Va WITHOUT_LDNS 1460.It 1461.Va WITHOUT_LDNS_UTILS 1462.It 1463.Va WITHOUT_LOADER_ZFS 1464.It 1465.Va WITHOUT_MITKRB5 1466.It 1467.Va WITHOUT_OPENSSH 1468.It 1469.Va WITHOUT_OPENSSL_KTLS 1470.It 1471.Va WITHOUT_PKGBOOTSTRAP 1472.It 1473.Va WITHOUT_UNBOUND 1474.It 1475.Va WITHOUT_ZFS 1476.It 1477.Va WITHOUT_ZFS_TESTS 1478.El 1479.Pp 1480When set, these options are also in effect: 1481.Pp 1482.Bl -inset -compact 1483.It Va WITHOUT_KERBEROS_SUPPORT 1484(unless 1485.Va WITH_KERBEROS_SUPPORT 1486is set explicitly) 1487.El 1488.It Va WITHOUT_OPENSSL_KTLS 1489Do not include kernel TLS support in OpenSSL. 1490.Pp 1491This is a default setting on 1492arm/armv7, i386/i386 and riscv/riscv64. 1493.It Va WITH_OPENSSL_KTLS 1494Include kernel TLS support in OpenSSL. 1495.Pp 1496This is a default setting on 1497amd64/amd64, arm64/aarch64, powerpc/powerpc64 and powerpc/powerpc64le. 1498.It Va WITHOUT_PAM 1499Do not build PAM library and modules. 1500.Bf -symbolic 1501This option is deprecated and does nothing. 1502.Ef 1503When set, these options are also in effect: 1504.Pp 1505.Bl -inset -compact 1506.It Va WITHOUT_PAM_SUPPORT 1507(unless 1508.Va WITH_PAM_SUPPORT 1509is set explicitly) 1510.El 1511.It Va WITHOUT_PAM_SUPPORT 1512Build 1513.Xr ppp 8 1514without PAM support. 1515.It Va WITHOUT_PF 1516Do not build PF firewall package. 1517When set, it enforces these options: 1518.Pp 1519.Bl -item -compact 1520.It 1521.Va WITHOUT_AUTHPF 1522.El 1523.It Va WITHOUT_PIE 1524Do not build dynamically linked binaries as 1525Position-Independent Executable (PIE). 1526.Pp 1527This is a default setting on 1528arm/armv7 and i386/i386. 1529.It Va WITH_PIE 1530Build dynamically linked binaries as 1531Position-Independent Executable (PIE). 1532.Pp 1533This is a default setting on 1534amd64/amd64, arm64/aarch64, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 1535.It Va WITHOUT_PKGBOOTSTRAP 1536Do not build 1537.Xr pkg 7 1538bootstrap tool. 1539.It Va WITHOUT_PMC 1540Do not build 1541.Xr pmccontrol 8 1542and related programs. 1543.It Va WITHOUT_PPP 1544Do not build 1545.Xr ppp 8 1546and related programs. 1547.It Va WITHOUT_PTHREADS_ASSERTIONS 1548Disable debugging assertions in pthreads library. 1549.It Va WITHOUT_QUOTAS 1550Do not build 1551.Xr quota 1 1552and related programs. 1553.It Va WITHOUT_RADIUS_SUPPORT 1554Do not build radius support into various applications, like 1555.Xr pam_radius 8 1556and 1557.Xr ppp 8 . 1558.It Va WITH_RATELIMIT 1559Build the system with rate limit support. 1560.Pp 1561This makes 1562.Dv SO_MAX_PACING_RATE 1563effective in 1564.Xr getsockopt 2 , 1565and 1566.Ar txrlimit 1567support in 1568.Xr ifconfig 8 , 1569by proxy. 1570.It Va WITHOUT_RBOOTD 1571Do not build or install 1572.Xr rbootd 8 . 1573.It Va WITHOUT_RELRO 1574Do not apply the Relocation Read-Only (RELRO) vulnerability mitigation. 1575See also the 1576.Va BIND_NOW 1577option. 1578.It Va WITH_REPRODUCIBLE_BUILD 1579Exclude build metadata (such as the build time, user, or host) 1580from the kernel, boot loaders, and uname output, so that builds produce 1581bit-for-bit identical output. 1582.It Va WITHOUT_RESCUE 1583Do not build 1584.Xr rescue 8 . 1585.It Va WITH_RETPOLINE 1586Build the base system with the retpoline speculative execution 1587vulnerability mitigation for CVE-2017-5715. 1588.It Va WITHOUT_ROUTED 1589Do not build 1590.Xr routed 8 1591utility. 1592.It Va WITH_RPCBIND_WARMSTART_SUPPORT 1593Build 1594.Xr rpcbind 8 1595with warmstart support. 1596.It Va WITH_RUN_TESTS 1597Run tests as part of the build. 1598.It Va WITHOUT_SCTP_SUPPORT 1599Disable support in the kernel for the 1600.Xr sctp 4 1601Stream Control Transmission Protocol 1602loadable kernel module. 1603.It Va WITHOUT_SENDMAIL 1604Do not build 1605.Xr sendmail 8 1606and related programs. 1607.It Va WITHOUT_SERVICESDB 1608Do not install 1609.Pa /var/db/services.db . 1610.It Va WITHOUT_SETUID_LOGIN 1611Set this to disable the installation of 1612.Xr login 1 1613as a set-user-ID root program. 1614.It Va WITHOUT_SHAREDOCS 1615Do not build the 1616.Bx 4.4 1617legacy docs. 1618.It Va WITH_SORT_THREADS 1619Enable threads in 1620.Xr sort 1 . 1621.It Va WITHOUT_SOURCELESS 1622Do not build kernel modules that include sourceless code (either microcode or native code for host CPU). 1623When set, it enforces these options: 1624.Pp 1625.Bl -item -compact 1626.It 1627.Va WITHOUT_SOURCELESS_HOST 1628.It 1629.Va WITHOUT_SOURCELESS_UCODE 1630.El 1631.It Va WITHOUT_SOURCELESS_HOST 1632Do not build kernel modules that include sourceless native code for host CPU. 1633.It Va WITHOUT_SOURCELESS_UCODE 1634Do not build kernel modules that include sourceless microcode. 1635.It Va WITHOUT_SPLIT_KERNEL_DEBUG 1636Do not build standalone kernel debug files. 1637Debug data (if enabled by the kernel configuration file) 1638will be included in the kernel and modules. 1639When set, it enforces these options: 1640.Pp 1641.Bl -item -compact 1642.It 1643.Va WITHOUT_KERNEL_SYMBOLS 1644.El 1645.It Va WITHOUT_SSP 1646Do not build world with stack smashing protection. 1647See 1648.Xr mitigations 7 1649for more information. 1650.It Va WITH_STAGING 1651Enable staging of files to a stage tree. 1652This can be best thought of as auto-install to 1653.Va DESTDIR 1654with some extra meta data to ensure dependencies can be tracked. 1655Depends on 1656.Va WITH_DIRDEPS_BUILD . 1657When set, these options are also in effect: 1658.Pp 1659.Bl -inset -compact 1660.It Va WITH_STAGING_MAN 1661(unless 1662.Va WITHOUT_STAGING_MAN 1663is set explicitly) 1664.It Va WITH_STAGING_PROG 1665(unless 1666.Va WITHOUT_STAGING_PROG 1667is set explicitly) 1668.El 1669.Pp 1670This must be set in the environment, make command line, or 1671.Pa /etc/src-env.conf , 1672not 1673.Pa /etc/src.conf . 1674.It Va WITH_STAGING_MAN 1675Enable staging of man pages to stage tree. 1676.It Va WITH_STAGING_PROG 1677Enable staging of PROGs to stage tree. 1678.It Va WITH_STALE_STAGED 1679Check staged files are not stale. 1680.It Va WITHOUT_STATS 1681Neither build nor install 1682.Lb libstats 1683and dependent binaries. 1684.It Va WITHOUT_SYSCONS 1685Do not build 1686.Xr syscons 4 1687support files such as keyboard maps, fonts, and screen output maps. 1688.It Va WITH_SYSROOT 1689Enable use of sysroot during build. 1690Depends on 1691.Va WITH_DIRDEPS_BUILD . 1692.Pp 1693This must be set in the environment, make command line, or 1694.Pa /etc/src-env.conf , 1695not 1696.Pa /etc/src.conf . 1697.It Va WITHOUT_SYSTEM_COMPILER 1698Do not opportunistically skip building a cross-compiler during the 1699bootstrap phase of the build. 1700Normally, if the currently installed compiler matches the planned bootstrap 1701compiler type and revision, then it will not be built. 1702This does not prevent a compiler from being built for installation though, 1703only for building one for the build itself. 1704The 1705.Va WITHOUT_CLANG 1706option controls that. 1707.It Va WITHOUT_SYSTEM_LINKER 1708Do not opportunistically skip building a cross-linker during the 1709bootstrap phase of the build. 1710Normally, if the currently installed linker matches the planned bootstrap 1711linker type and revision, then it will not be built. 1712This does not prevent a linker from being built for installation though, 1713only for building one for the build itself. 1714The 1715.Va WITHOUT_LLD 1716option controls that. 1717.Pp 1718This option is only relevant when 1719.Va WITH_LLD_BOOTSTRAP 1720is set. 1721.It Va WITHOUT_TALK 1722Do not build or install 1723.Xr talk 1 1724and 1725.Xr talkd 8 . 1726.It Va WITHOUT_TCP_WRAPPERS 1727Do not build or install 1728.Xr tcpd 8 , 1729and related utilities. 1730.It Va WITHOUT_TCSH 1731Do not build and install 1732.Pa /bin/csh 1733(which is 1734.Xr tcsh 1 ) . 1735.It Va WITHOUT_TELNET 1736Do not build 1737.Xr telnet 1 1738and related programs. 1739.It Va WITHOUT_TESTS 1740Do not build nor install the 1741.Fx 1742Test Suite in 1743.Pa /usr/tests/ . 1744See 1745.Xr tests 7 1746for more details. 1747This also disables the build of all test-related dependencies, including ATF. 1748When set, it enforces these options: 1749.Pp 1750.Bl -item -compact 1751.It 1752.Va WITHOUT_DTRACE_TESTS 1753.It 1754.Va WITHOUT_ZFS_TESTS 1755.El 1756.Pp 1757When set, these options are also in effect: 1758.Pp 1759.Bl -inset -compact 1760.It Va WITHOUT_GOOGLETEST 1761(unless 1762.Va WITH_GOOGLETEST 1763is set explicitly) 1764.It Va WITHOUT_TESTS_SUPPORT 1765(unless 1766.Va WITH_TESTS_SUPPORT 1767is set explicitly) 1768.El 1769.It Va WITHOUT_TESTS_SUPPORT 1770Disable the build of all test-related dependencies, including ATF. 1771When set, it enforces these options: 1772.Pp 1773.Bl -item -compact 1774.It 1775.Va WITHOUT_GOOGLETEST 1776.El 1777.It Va WITHOUT_TEXTPROC 1778Do not build 1779programs used for text processing. 1780.It Va WITHOUT_TFTP 1781Do not build or install 1782.Xr tftp 1 1783and 1784.Xr tftpd 8 . 1785.It Va WITHOUT_TOOLCHAIN 1786Do not install 1787programs used for program development, 1788compilers, debuggers etc. 1789When set, it enforces these options: 1790.Pp 1791.Bl -item -compact 1792.It 1793.Va WITHOUT_CLANG 1794.It 1795.Va WITHOUT_CLANG_EXTRAS 1796.It 1797.Va WITHOUT_CLANG_FORMAT 1798.It 1799.Va WITHOUT_CLANG_FULL 1800.It 1801.Va WITHOUT_LLD 1802.It 1803.Va WITHOUT_LLDB 1804.It 1805.Va WITHOUT_LLVM_COV 1806.El 1807.Pp 1808When set, these options are also in effect: 1809.Pp 1810.Bl -inset -compact 1811.It Va WITHOUT_LLVM_BINUTILS 1812(unless 1813.Va WITH_LLVM_BINUTILS 1814is set explicitly) 1815.El 1816.It Va WITH_UBSAN 1817Build the base system with Undefined Behavior Sanitizer (UBSan) to detect 1818various kinds of undefined behavior at runtime. 1819Requires that Clang be used as the base system compiler 1820and that the runtime support library is available 1821.It Va WITHOUT_UNBOUND 1822Do not build 1823.Xr unbound 8 1824and related programs. 1825.It Va WITH_UNDEFINED_VERSION 1826Link libraries with --undefined-version which permits version maps to 1827contain symbols that are not present in the library. 1828If this is necessary to build a particular configuration, a bug is 1829present and the configuration should be reported. 1830.It Va WITHOUT_UNIFIED_OBJDIR 1831Use the historical object directory format for 1832.Xr build 7 1833targets. 1834For native-builds and builds done directly in sub-directories the format of 1835.Pa ${MAKEOBJDIRPREFIX}/${.CURDIR} 1836is used, 1837while for cross-builds 1838.Pa ${MAKEOBJDIRPREFIX}/${TARGET}.${TARGET_ARCH}/${.CURDIR} 1839is used. 1840.Pp 1841This option is transitional and will be removed in a future version of 1842.Fx , 1843at which time 1844.Va WITH_UNIFIED_OBJDIR 1845will be enabled permanently. 1846.Pp 1847This must be set in the environment, make command line, or 1848.Pa /etc/src-env.conf , 1849not 1850.Pa /etc/src.conf . 1851.It Va WITHOUT_USB 1852Do not build USB-related programs and libraries. 1853.It Va WITHOUT_USB_GADGET_EXAMPLES 1854Do not build USB gadget kernel modules. 1855.It Va WITHOUT_UTMPX 1856Do not build user accounting tools such as 1857.Xr last 1 , 1858.Xr users 1 , 1859.Xr who 1 , 1860.Xr ac 8 , 1861.Xr lastlogin 8 1862and 1863.Xr utx 8 . 1864.It Va WITH_VERIEXEC 1865Enable building 1866.Xr veriexec 8 1867which loads the contents of verified manifests into the kernel 1868for use by 1869.Xr mac_veriexec 4 1870.Pp 1871Depends on 1872.Va WITH_BEARSSL . 1873.It Va WITHOUT_VI 1874Do not build and install vi, view, ex and related programs. 1875.It Va WITHOUT_VT 1876Do not build 1877.Xr vt 4 1878support files (fonts and keymaps). 1879.It Va WITHOUT_WARNS 1880Set this to not add warning flags to the compiler invocations. 1881Useful as a temporary workaround when code enters the tree 1882which triggers warnings in environments that differ from the 1883original developer. 1884.It Va WITHOUT_WERROR 1885Set this to not treat compiler warnings as errors. 1886Useful as a temporary workaround when working on fixing compiler warnings. 1887When set, warnings are still printed in the build log but do not fail the build. 1888.It Va WITHOUT_WIRELESS 1889Do not build programs used for 802.11 wireless networks; especially 1890.Xr wpa_supplicant 8 1891and 1892.Xr hostapd 8 . 1893When set, these options are also in effect: 1894.Pp 1895.Bl -inset -compact 1896.It Va WITHOUT_WIRELESS_SUPPORT 1897(unless 1898.Va WITH_WIRELESS_SUPPORT 1899is set explicitly) 1900.El 1901.It Va WITHOUT_WIRELESS_SUPPORT 1902Build libraries, programs, and kernel modules without 1903802.11 wireless support. 1904.It Va WITHOUT_WPA_SUPPLICANT_EAPOL 1905Build 1906.Xr wpa_supplicant 8 1907without support for the IEEE 802.1X protocol and without 1908support for EAP-PEAP, EAP-TLS, EAP-LEAP, and EAP-TTLS 1909protocols (usable only via 802.1X). 1910.It Va WITH_ZEROREGS 1911Build the basesystem with code to zero caller-used register contents 1912on function return. 1913This prevents leaking temporary values for side channel attacks. 1914Additionally this reduces the number of usable ROP gadgets for attackers. 1915.It Va WITHOUT_ZFS 1916Do not build the ZFS file system kernel module, libraries such as 1917.Xr libbe 3 , 1918and user commands such as 1919.Xr zpool 8 1920or 1921.Xr zfs 8 . 1922Also disable ZFS support in utilities and libraries which implement 1923ZFS-specific functionality. 1924When set, it enforces these options: 1925.Pp 1926.Bl -item -compact 1927.It 1928.Va WITHOUT_ZFS_TESTS 1929.El 1930.It Va WITHOUT_ZFS_TESTS 1931Do not build and install the legacy ZFS test suite. 1932.It Va WITHOUT_ZONEINFO 1933Do not build the timezone database. 1934When set, it enforces these options: 1935.Pp 1936.Bl -item -compact 1937.It 1938.Va WITHOUT_ZONEINFO_LEAPSECONDS_SUPPORT 1939.El 1940.It Va WITH_ZONEINFO_LEAPSECONDS_SUPPORT 1941Build leapsecond information in to the timezone database. 1942This option violates 1943.St -p1003.1 1944and all other applicable standards, and is known to cause unexpected 1945issues with date/time handling in many applications and programming 1946languages. 1947.El 1948.Pp 1949The following options accept a single value from a list of valid values. 1950.Bl -tag -width indent 1951.It Va INIT_ALL 1952Control default initialization of stack variables in C and C++ code. 1953Options other than 1954.Li none 1955require the Clang compiler or GCC 12.0 or later. 1956The default value is 1957.Li none . 1958Valid values are: 1959.Bl -tag -width indent 1960.It Li none 1961Do not initialize stack variables (standard C/C++ behavior). 1962.It Li pattern 1963Build the base system or kernel with stack variables initialized to 1964.Pq compiler defined 1965debugging patterns on function entry. 1966.It Li zero 1967Build the base system or kernel with stack variables initialized 1968to zero on function entry. 1969This value is converted to 1970.Li none 1971for amd64 kernel builds due to incompatability with ifunc memset. 1972.El 1973.It Va LIBC_MALLOC 1974Specify the 1975.Xr malloc 3 1976implementation used by libc. 1977The default value is 1978.Li jemalloc . 1979Valid values are: 1980.Bl -tag -width indent 1981.It Li jemalloc 1982.El 1983.Pp 1984Other implementations are expected in the future in both 1985.Fx 1986and downstream consumers. 1987.El 1988.Sh FILES 1989.Bl -tag -compact -width Pa 1990.It Pa /etc/src.conf 1991.It Pa /etc/src-env.conf 1992.It Pa /usr/share/mk/bsd.own.mk 1993.El 1994.Sh SEE ALSO 1995.Xr make 1 , 1996.Xr make.conf 5 , 1997.Xr build 7 , 1998.Xr ports 7 1999.Sh HISTORY 2000The 2001.Nm 2002file appeared in 2003.Fx 7.0 . 2004.Sh AUTHORS 2005This manual page was autogenerated by 2006.An tools/build/options/makeman . 2007