1.\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman. 2.Dd August 20, 2025 3.Dt SRC.CONF 5 4.Os 5.Sh NAME 6.Nm src.conf 7.Nd "source build options" 8.Sh DESCRIPTION 9The 10.Nm 11file contains variables that control what components will be generated during 12the build process of the 13.Fx 14source tree; see 15.Xr build 7 . 16.Pp 17The 18.Nm 19file uses the standard makefile syntax. 20However, 21.Nm 22should not specify any dependencies to 23.Xr make 1 . 24Instead, 25.Nm 26is to set 27.Xr make 1 28variables that control the aspects of how the system builds. 29.Pp 30The default location of 31.Nm 32is 33.Pa /etc/src.conf , 34though an alternative location can be specified in the 35.Xr make 1 36variable 37.Va SRCCONF . 38Overriding the location of 39.Nm 40may be necessary if the system-wide settings are not suitable 41for a particular build. 42For instance, setting 43.Va SRCCONF 44to 45.Pa /dev/null 46effectively resets all build controls to their defaults. 47.Pp 48The only purpose of 49.Nm 50is to control the compilation of the 51.Fx 52source code, which is usually located in 53.Pa /usr/src . 54As a rule, the system administrator creates 55.Nm 56when the values of certain control variables need to be changed 57from their defaults. 58.Pp 59In addition, control variables can be specified 60for a particular build via the 61.Fl D 62option of 63.Xr make 1 64or in its environment; see 65.Xr environ 7 . 66.Pp 67The environment of 68.Xr make 1 69for the build can be controlled via the 70.Va SRC_ENV_CONF 71variable, which defaults to 72.Pa /etc/src-env.conf . 73Some examples that may only be set in this file are 74.Va WITH_DIRDEPS_BUILD , 75and 76.Va WITH_META_MODE , 77and 78.Va MAKEOBJDIRPREFIX 79as they are environment-only variables. 80.Pp 81The values of 82.Va WITH_ 83and 84.Va WITHOUT_ 85variables are ignored regardless of their setting; 86even if they would be set to 87.Dq Li FALSE 88or 89.Dq Li NO . 90The presence of an option causes 91it to be honored by 92.Xr make 1 . 93.Pp 94This list provides a name and short description for variables 95that can be used for source builds. 96.Bl -tag -width indent 97.It Va WITHOUT_ACCT 98Do not build process accounting tools such as 99.Xr accton 8 100and 101.Xr sa 8 . 102.It Va WITHOUT_ACPI 103Do not build 104.Xr acpiconf 8 , 105.Xr acpidump 8 106and related programs. 107.It Va WITHOUT_APM 108Do not build 109.Xr apm 8 , 110.Xr apmd 8 111and related programs. 112.It Va WITH_ASAN 113Build the base system with Address Sanitizer (ASan) to detect 114memory corruption bugs such as buffer overflows or use-after-free. 115Requires that Clang be used as the base system compiler 116and that the runtime support library is available. 117When set, it enforces these options: 118.Pp 119.Bl -item -compact 120.It 121.Va WITH_LLVM_BINUTILS 122.It 123.Va WITH_LLVM_CXXFILT 124.El 125.It Va WITHOUT_ASSERT_DEBUG 126Compile programs and libraries without the 127.Xr assert 3 128checks. 129.It Va WITHOUT_AT 130Do not build 131.Xr at 1 132and related utilities. 133.It Va WITHOUT_AUDIT 134Do not build audit support into system programs. 135.It Va WITHOUT_AUTHPF 136Do not build 137.Xr authpf 8 . 138.It Va WITHOUT_AUTOFS 139Do not build 140.Xr autofs 4 141related programs, libraries, and kernel modules. 142.It Va WITHOUT_AUTO_OBJ 143Disable automatic creation of objdirs. 144This is enabled by default if the wanted OBJDIR is writable by the current user. 145.Pp 146This must be set in the environment, make command line, or 147.Pa /etc/src-env.conf , 148not 149.Pa /etc/src.conf . 150.It Va WITH_BEARSSL 151Build the BearSSL library. 152.Pp 153BearSSL is a tiny SSL library suitable for embedded environments. 154For details see 155.Lk https://www.BearSSL.org/ 156.Pp 157This library is currently only used to perform 158signature verification and related operations 159for Verified Exec and 160.Xr loader 8 . 161.Pp 162Due to size constraints in the BIOS environment on x86, one may need to set 163.Va LOADERSIZE 164larger than the 165default 500000, although often loader is under the 500k limit even with 166this option. 167Setting 168.Va LOADERSIZE 169larger than 500000 may cause 170.Xr pxeboot 8 171to be too large to work. 172Careful testing of the loader in the target environment when built with a larger 173limit to establish safe limits is critical because different BIOS environments 174reserve differing amounts of the low 640k space, making a precise limit for 175everybody impossible. 176.Pp 177See also 178.Va WITH_LOADER_PXEBOOT 179for other considerations. 180When set, these options are also in effect: 181.Pp 182.Bl -inset -compact 183.It Va WITH_LOADER_EFI_SECUREBOOT 184(unless 185.Va WITHOUT_LOADER_EFI_SECUREBOOT 186is set explicitly) 187.It Va WITH_LOADER_VERIEXEC 188(unless 189.Va WITHOUT_LOADER_VERIEXEC 190is set explicitly) 191.It Va WITH_LOADER_VERIEXEC_VECTX 192(unless 193.Va WITHOUT_LOADER_VERIEXEC_VECTX 194is set explicitly) 195.It Va WITH_VERIEXEC 196(unless 197.Va WITHOUT_VERIEXEC 198is set explicitly) 199.El 200.It Va WITHOUT_BHYVE 201Do not build or install 202.Xr bhyve 8 , 203associated utilities, and examples. 204.Pp 205This option only affects amd64/amd64 and arm64/aarch64. 206.It Va WITH_BHYVE_SNAPSHOT 207Include support for save and restore (snapshots) in 208.Xr bhyve 8 209and 210.Xr bhyvectl 8 . 211.Pp 212This option only affects amd64/amd64. 213.It Va WITH_BIND_NOW 214Build all binaries with the 215.Dv DF_BIND_NOW 216flag set to indicate that the run-time loader should perform all relocation 217processing at process startup rather than on demand. 218The combination of the 219.Va BIND_NOW 220and 221.Va RELRO 222options provide "full" Relocation Read-Only (RELRO) support. 223With full RELRO the entire GOT is made read-only after performing relocation at 224startup, avoiding GOT overwrite attacks. 225.It Va WITHOUT_BLACKLIST 226Set this if you do not want to build 227.Xr blacklistd 8 228and 229.Xr blacklistctl 8 . 230When set, these options are also in effect: 231.Pp 232.Bl -inset -compact 233.It Va WITHOUT_BLACKLIST_SUPPORT 234(unless 235.Va WITH_BLACKLIST_SUPPORT 236is set explicitly) 237.El 238.It Va WITHOUT_BLACKLIST_SUPPORT 239Build some programs without 240.Xr libblacklist 3 241support, like 242.Xr fingerd 8 , 243.Xr ftpd 8 , 244and 245.Xr sshd 8 . 246.It Va WITHOUT_BLUETOOTH 247Do not build Bluetooth related kernel modules, programs and libraries. 248.It Va WITHOUT_BOOT 249Do not build the boot blocks and loader. 250.It Va WITHOUT_BOOTPARAMD 251Do not build or install 252.Xr bootparamd 8 . 253.It Va WITHOUT_BOOTPD 254Do not build or install 255.Xr bootpd 8 . 256.It Va WITH_BRANCH_PROTECTION 257Build with branch protection enabled. 258On arm64 enable the use of pointer authentication and 259branch target identification instructions on arm64. 260These can be used to help mitigate some exploit techniques. 261.It Va WITHOUT_BSDINSTALL 262Do not build 263.Xr bsdinstall 8 , 264.Xr sade 8 , 265and related programs. 266.It Va WITHOUT_BSD_CPIO 267Do not build the BSD licensed version of cpio based on 268.Xr libarchive 3 . 269.It Va WITHOUT_BSNMP 270Do not build or install 271.Xr bsnmpd 1 272and related libraries and data files. 273.It Va WITHOUT_BZIP2 274Do not build contributed bzip2 software as a part of the base system. 275.Bf -symbolic 276The option has no effect yet. 277.Ef 278When set, these options are also in effect: 279.Pp 280.Bl -inset -compact 281.It Va WITHOUT_BZIP2_SUPPORT 282(unless 283.Va WITH_BZIP2_SUPPORT 284is set explicitly) 285.El 286.It Va WITHOUT_BZIP2_SUPPORT 287Build some programs without optional bzip2 support. 288.It Va WITHOUT_CALENDAR 289Do not build 290.Xr calendar 1 . 291.It Va WITHOUT_CAROOT 292Do not add the trusted certificates from the Mozilla NSS bundle to 293base. 294.It Va WITHOUT_CASPER 295This option has no effect. 296.It Va WITH_CCACHE_BUILD 297Use 298.Xr ccache 1 299for the build. 300No configuration is required except to install the 301.Sy devel/ccache 302or 303.Sy devel/sccache 304package. 305When using with 306.Xr distcc 1 , 307set 308.Sy CCACHE_PREFIX=/usr/local/bin/distcc . 309When using with sccache 310set 311.Sy CCACHE_NAME=sccache 312in 313.Xr src.conf 5 . 314The default cache directory of 315.Pa $HOME/.ccache 316will be used, which can be overridden by setting 317.Sy CCACHE_DIR . 318The 319.Sy CCACHE_COMPILERCHECK 320option defaults to 321.Sy content 322when using the in-tree bootstrap compiler, 323and 324.Sy mtime 325when using an external compiler. 326The 327.Sy CCACHE_CPP2 328option is used for Clang but not GCC. 329.Pp 330Sharing a cache between multiple work directories requires using a layout 331similar to 332.Pa /some/prefix/src 333.Pa /some/prefix/obj 334and an environment such as: 335.Bd -literal -offset indent 336CCACHE_BASEDIR='${SRCTOP:H}' MAKEOBJDIRPREFIX='${SRCTOP:H}/obj' 337.Ed 338.Pp 339See 340.Xr ccache 1 341for more configuration options. 342.It Va WITHOUT_CCD 343Do not build 344.Xr geom_ccd 4 345and related utilities. 346.It Va WITHOUT_CDDL 347Do not build code licensed under Sun's CDDL. 348When set, it enforces these options: 349.Pp 350.Bl -item -compact 351.It 352.Va WITHOUT_CTF 353.It 354.Va WITHOUT_DTRACE 355.It 356.Va WITHOUT_LOADER_ZFS 357.It 358.Va WITHOUT_ZFS 359.It 360.Va WITHOUT_ZFS_TESTS 361.El 362.It Va WITHOUT_CLANG 363Do not build the Clang C/C++ compiler during the regular phase of the build. 364When set, it enforces these options: 365.Pp 366.Bl -item -compact 367.It 368.Va WITHOUT_CLANG_EXTRAS 369.It 370.Va WITHOUT_CLANG_FORMAT 371.It 372.Va WITHOUT_CLANG_FULL 373.It 374.Va WITHOUT_LLVM_COV 375.El 376.Pp 377When set, these options are also in effect: 378.Pp 379.Bl -inset -compact 380.It Va WITHOUT_LLVM_TARGET_AARCH64 381(unless 382.Va WITH_LLVM_TARGET_AARCH64 383is set explicitly) 384.It Va WITHOUT_LLVM_TARGET_ALL 385(unless 386.Va WITH_LLVM_TARGET_ALL 387is set explicitly) 388.It Va WITHOUT_LLVM_TARGET_ARM 389(unless 390.Va WITH_LLVM_TARGET_ARM 391is set explicitly) 392.It Va WITHOUT_LLVM_TARGET_POWERPC 393(unless 394.Va WITH_LLVM_TARGET_POWERPC 395is set explicitly) 396.It Va WITHOUT_LLVM_TARGET_RISCV 397(unless 398.Va WITH_LLVM_TARGET_RISCV 399is set explicitly) 400.El 401.It Va WITHOUT_CLANG_BOOTSTRAP 402Do not build the Clang C/C++ compiler during the bootstrap phase of 403the build. 404To be able to build the system, either gcc or clang bootstrap must be 405enabled unless an alternate compiler is provided via XCC. 406.It Va WITH_CLANG_EXTRAS 407Build additional clang and llvm tools, such as bugpoint and 408clang-format. 409.It Va WITH_CLANG_FORMAT 410Build clang-format. 411.It Va WITHOUT_CLANG_FULL 412Avoid building the ARCMigrate, Rewriter and StaticAnalyzer components of 413the Clang C/C++ compiler. 414.It Va WITH_CLEAN 415Clean before building world and/or kernel. 416Note that recording a new epoch in 417.Pa .clean_build_epoch 418in the root of the source tree will also force a clean world build. 419.It Va WITHOUT_CPP 420Do not build 421.Xr cpp 1 . 422.It Va WITHOUT_CROSS_COMPILER 423Do not build any cross compiler in the cross-tools stage of buildworld. 424When compiling a different version of 425.Fx 426than what is installed on the system, provide an alternate 427compiler with XCC to ensure success. 428When compiling with an identical version of 429.Fx 430to the host, this option may be safely used. 431This option may also be safe when the host version of 432.Fx 433is close to the sources being built, but all bets are off if there have 434been any changes to the toolchain between the versions. 435When set, it enforces these options: 436.Pp 437.Bl -item -compact 438.It 439.Va WITHOUT_CLANG_BOOTSTRAP 440.It 441.Va WITHOUT_ELFTOOLCHAIN_BOOTSTRAP 442.It 443.Va WITHOUT_LLD_BOOTSTRAP 444.El 445.It Va WITHOUT_CRYPT 446Do not build any crypto code. 447When set, it enforces these options: 448.Pp 449.Bl -item -compact 450.It 451.Va WITHOUT_DMAGENT 452.It 453.Va WITHOUT_KERBEROS 454.It 455.Va WITHOUT_LDNS 456.It 457.Va WITHOUT_LDNS_UTILS 458.It 459.Va WITHOUT_LOADER_ZFS 460.It 461.Va WITHOUT_MITKRB5 462.It 463.Va WITHOUT_OPENSSH 464.It 465.Va WITHOUT_OPENSSL 466.It 467.Va WITHOUT_OPENSSL_KTLS 468.It 469.Va WITHOUT_PKGBOOTSTRAP 470.It 471.Va WITHOUT_UNBOUND 472.It 473.Va WITHOUT_ZFS 474.It 475.Va WITHOUT_ZFS_TESTS 476.El 477.Pp 478When set, these options are also in effect: 479.Pp 480.Bl -inset -compact 481.It Va WITHOUT_KERBEROS_SUPPORT 482(unless 483.Va WITH_KERBEROS_SUPPORT 484is set explicitly) 485.El 486.It Va WITH_CTF 487Compile with CTF (Compact C Type Format) data. 488CTF data encapsulates a reduced form of debugging information 489similar to DWARF and the venerable stabs and is required for DTrace. 490.It Va WITHOUT_CUSE 491Do not build CUSE-related programs and libraries. 492.It Va WITHOUT_CXGBETOOL 493Do not build 494.Xr cxgbetool 8 495.Pp 496This is a default setting on 497arm/armv7 and riscv/riscv64. 498.It Va WITH_CXGBETOOL 499Build 500.Xr cxgbetool 8 501.Pp 502This is a default setting on 503amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. 504.It Va WITHOUT_DEBUG_FILES 505Avoid building or installing standalone debug files for each 506executable binary and shared library. 507.It Va WITH_DETECT_TZ_CHANGES 508Make the time handling code detect changes to the timezone files. 509.It Va WITH_DIALOG 510Do build 511.Xr dialog 1 , 512.Xr dialog 3 , 513.Xr dpv 1 , 514and 515.Xr dpv 3 . 516.It Va WITHOUT_DICT 517Do not build the Webster dictionary files. 518.It Va WITH_DIRDEPS_BUILD 519This is an alternate build system. 520For details see 521https://www.crufty.net/sjg/docs/freebsd-meta-mode.htm. 522Build commands can be seen from the top-level with: 523.Dl make show-valid-targets 524The build is driven by dirdeps.mk using 525.Va DIRDEPS 526stored in 527Makefile.depend files found in each directory. 528.Pp 529The build can be started from anywhere, and behaves the same. 530The initial instance of 531.Xr make 1 532recursively reads 533.Va DIRDEPS 534from 535.Pa Makefile.depend , 536computing a graph of tree dependencies from the current origin. 537Setting 538.Va NO_DIRDEPS 539skips checking dirdep dependencies and will only build in the current 540and child directories. 541.Va NO_DIRDEPS_BELOW 542skips building any dirdeps and only build the current directory. 543.Pp 544This also utilizes the 545.Va WITH_META_MODE 546logic for incremental builds. 547.Pp 548The build hides commands executed unless 549.Va NO_SILENT 550is defined. 551.Pp 552Note that there is currently no mass install feature for this. 553This build is designed for producing packages, that can then be installed 554on a target system. 555.Pp 556The implementation in 557.Fx 558is incomplete. 559Completion would require leaf directories for building each kernel 560and package so that their dependencies can be tracked. 561When set, it enforces these options: 562.Pp 563.Bl -item -compact 564.It 565.Va WITH_INSTALL_AS_USER 566.El 567.Pp 568When set, these options are also in effect: 569.Pp 570.Bl -inset -compact 571.It Va WITH_META_ERROR_TARGET 572(unless 573.Va WITHOUT_META_ERROR_TARGET 574is set explicitly) 575.It Va WITH_META_MODE 576(unless 577.Va WITHOUT_META_MODE 578is set explicitly) 579.It Va WITH_STAGING 580(unless 581.Va WITHOUT_STAGING 582is set explicitly) 583.It Va WITH_STAGING_MAN 584(unless 585.Va WITHOUT_STAGING_MAN 586is set explicitly) 587.It Va WITH_STAGING_PROG 588(unless 589.Va WITHOUT_STAGING_PROG 590is set explicitly) 591.It Va WITH_SYSROOT 592(unless 593.Va WITHOUT_SYSROOT 594is set explicitly) 595.El 596.Pp 597This must be set in the environment, make command line, or 598.Pa /etc/src-env.conf , 599not 600.Pa /etc/src.conf . 601.It Va WITH_DIRDEPS_CACHE 602Cache result of dirdeps.mk which can save significant time 603for subsequent builds. 604Depends on 605.Va WITH_DIRDEPS_BUILD . 606.Pp 607This must be set in the environment, make command line, or 608.Pa /etc/src-env.conf , 609not 610.Pa /etc/src.conf . 611.It Va WITH_DISK_IMAGE_TOOLS_BOOTSTRAP 612Build 613.Xr etdump 1 , 614.Xr makefs 8 615and 616.Xr mkimg 1 617as bootstrap tools. 618.It Va WITHOUT_DMAGENT 619Do not build dma Mail Transport Agent. 620.It Va WITHOUT_DOCCOMPRESS 621Do not install compressed system documentation. 622Only the uncompressed version will be installed. 623.It Va WITHOUT_DTRACE 624Do not build DTrace framework kernel modules, libraries, and user commands. 625When set, it enforces these options: 626.Pp 627.Bl -item -compact 628.It 629.Va WITHOUT_CTF 630.El 631.It Va WITH_DTRACE_ASAN 632Compile userspace DTrace code (libdtrace, dtrace(1), lockstat(1), plockstat(1)) 633with address and undefined behavior sanitizers. 634Requires that Clang be used as the base system compiler 635and that the runtime support library is available. 636.It Va WITH_DTRACE_TESTS 637Build and install the DTrace test suite in 638.Pa /usr/tests/cddl/usr.sbin/dtrace . 639This test suite is considered experimental on architectures other than 640amd64/amd64 and running it may cause system instability. 641.It Va WITHOUT_DYNAMICROOT 642Set this if you do not want to link 643.Pa /bin 644and 645.Pa /sbin 646dynamically. 647.It Va WITHOUT_EE 648Do not build and install 649.Xr edit 1 , 650.Xr ee 1 , 651and related programs. 652.It Va WITHOUT_EFI 653Set not to build 654.Xr efivar 3 655and 656.Xr efivar 8 . 657.Pp 658This is a default setting on 659i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. 660.It Va WITH_EFI 661Build 662.Xr efivar 3 663and 664.Xr efivar 8 . 665.Pp 666This is a default setting on 667amd64/amd64, arm/armv7, arm64/aarch64 and riscv/riscv64. 668.It Va WITHOUT_ELFTOOLCHAIN_BOOTSTRAP 669Do not build ELF Tool Chain tools 670(addr2line, nm, size, strings and strip) 671as part of the bootstrap process. 672.Bf -symbolic 673An alternate bootstrap tool chain must be provided. 674.Ef 675.It Va WITHOUT_EXAMPLES 676Avoid installing examples to 677.Pa /usr/share/examples/ . 678.It Va WITH_EXPERIMENTAL 679Include experimental features in the build. 680.It Va WITHOUT_FDT 681Do not build Flattened Device Tree support as part of the base system. 682This includes the device tree compiler (dtc) and libfdt support library. 683.Pp 684This is a default setting on 685amd64/amd64 and i386/i386. 686.It Va WITH_FDT 687Build Flattened Device Tree support as part of the base system. 688This includes the device tree compiler (dtc) and libfdt support library. 689.Pp 690This is a default setting on 691arm/armv7, arm64/aarch64, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 692.It Va WITHOUT_FILE 693Do not build 694.Xr file 1 695and related programs. 696.It Va WITHOUT_FINGER 697Do not build or install 698.Xr finger 1 699and 700.Xr fingerd 8 . 701.It Va WITHOUT_FLOPPY 702Do not build or install programs 703for operating floppy disk driver. 704.It Va WITHOUT_FORMAT_EXTENSIONS 705Do not enable 706.Fl fformat-extensions 707when compiling the kernel. 708Also disables all format checking. 709.It Va WITHOUT_FORTH 710Build bootloaders without Forth support. 711.It Va WITHOUT_FP_LIBC 712Build 713.Nm libc 714without floating-point support. 715.It Va WITHOUT_FREEBSD_UPDATE 716Do not build 717.Xr freebsd-update 8 . 718.It Va WITHOUT_FTP 719Do not build or install 720.Xr ftp 1 721and 722.Xr ftpd 8 . 723.It Va WITHOUT_GAMES 724Do not build games. 725.It Va WITHOUT_GNU_DIFF 726Do not build GNU 727.Xr diff3 1 ; 728build BSD 729.Xr diff3 1 730instead. 731.It Va WITHOUT_GOOGLETEST 732Neither build nor install 733.Lb libgmock , 734.Lb libgtest , 735and dependent tests. 736.It Va WITHOUT_GPIO 737Do not build 738.Xr gpioctl 8 739as part of the base system. 740.It Va WITHOUT_HAST 741Do not build 742.Xr hastd 8 743and related utilities. 744.It Va WITH_HESIOD 745Build Hesiod support. 746.It Va WITHOUT_HTML 747Do not build HTML docs. 748.It Va WITHOUT_HYPERV 749Do not build or install HyperV utilities. 750.Pp 751This is a default setting on 752arm/armv7, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 753.It Va WITH_HYPERV 754Build or install HyperV utilities. 755.Pp 756This is a default setting on 757amd64/amd64, arm64/aarch64 and i386/i386. 758.It Va WITHOUT_ICONV 759Do not build iconv as part of libc. 760.It Va WITHOUT_INCLUDES 761Do not install header files. 762This option used to be spelled 763.Va NO_INCS . 764.Bf -symbolic 765The option does not work for build targets. 766.Ef 767.It Va WITHOUT_INET 768Do not build programs and libraries related to IPv4 networking. 769When set, it enforces these options: 770.Pp 771.Bl -item -compact 772.It 773.Va WITHOUT_INET_SUPPORT 774.El 775.It Va WITHOUT_INET6 776Do not build 777programs and libraries related to IPv6 networking. 778When set, it enforces these options: 779.Pp 780.Bl -item -compact 781.It 782.Va WITHOUT_INET6_SUPPORT 783.El 784.It Va WITHOUT_INET6_SUPPORT 785Build libraries, programs, and kernel modules without IPv6 support. 786.It Va WITHOUT_INETD 787Do not build 788.Xr inetd 8 . 789.It Va WITHOUT_INET_SUPPORT 790Build libraries, programs, and kernel modules without IPv4 support. 791.It Va WITHOUT_INSTALLLIB 792Set this to not install optional libraries. 793For example, when creating a 794.Xr nanobsd 8 795image. 796.Bf -symbolic 797The option does not work for build targets. 798.Ef 799.It Va WITH_INSTALL_AS_USER 800Make install targets succeed for non-root users by installing 801files with owner and group attributes set to that of the user running 802the 803.Xr make 1 804command. 805The user still must set the 806.Va DESTDIR 807variable to point to a directory where the user has write permissions. 808.It Va WITHOUT_IPFILTER 809Do not build IP Filter package. 810.It Va WITHOUT_IPFW 811Do not build IPFW tools. 812.It Va WITHOUT_IPSEC_SUPPORT 813Do not build the kernel with 814.Xr ipsec 4 815support. 816This option is needed for 817.Xr ipsec 4 818and 819.Xr tcpmd5 4 . 820.It Va WITHOUT_ISCSI 821Do not build 822.Xr iscsid 8 823and related utilities. 824.It Va WITHOUT_JAIL 825Do not build tools for the support of jails; e.g., 826.Xr jail 8 . 827.It Va WITHOUT_JEMALLOC_LG_VADDR_WIDE 828Disallow programs to use more than 48 address bits on amd64. 829Incompatible with LA57 mode. 830Enabling this option might result in a slight reduction in memory 831consumption for jemalloc metadata, but also requires disabling LA57 832(if hardware supports it). 833.It Va WITHOUT_KDUMP 834Do not build 835.Xr kdump 1 836and 837.Xr truss 1 . 838.It Va WITHOUT_KERBEROS 839Set this to not build Kerberos. 840When set, these options are also in effect: 841.Pp 842.Bl -inset -compact 843.It Va WITHOUT_KERBEROS_SUPPORT 844(unless 845.Va WITH_KERBEROS_SUPPORT 846is set explicitly) 847.El 848.It Va WITHOUT_KERBEROS_SUPPORT 849Build some programs without Kerberos support, like 850.Xr ssh 1 , 851.Xr telnet 1 , 852and 853.Xr sshd 8 . 854.It Va WITH_KERNEL_BIN 855Generate and install kernel.bin from kernel as part of the normal build and 856install processes for the kernel. Available only on arm and arm64. 857 858Usually this will be added to the kernel config file with: 859 860makeoptions WITH_KERNEL_BIN=1 861 862though it can also be used on the command line. 863.It Va WITH_KERNEL_RETPOLINE 864Enable the "retpoline" mitigation for CVE-2017-5715 in the kernel 865build. 866.It Va WITHOUT_KERNEL_SYMBOLS 867Do not install standalone kernel debug symbol files. 868This option has no effect at build time. 869.It Va WITHOUT_KVM 870Do not build the 871.Nm libkvm 872library as a part of the base system. 873.Bf -symbolic 874The option has no effect yet. 875.Ef 876When set, these options are also in effect: 877.Pp 878.Bl -inset -compact 879.It Va WITHOUT_KVM_SUPPORT 880(unless 881.Va WITH_KVM_SUPPORT 882is set explicitly) 883.El 884.It Va WITHOUT_KVM_SUPPORT 885Build some programs without optional 886.Nm libkvm 887support. 888.It Va WITHOUT_LDNS 889Setting this variable will prevent the LDNS library from being built. 890When set, it enforces these options: 891.Pp 892.Bl -item -compact 893.It 894.Va WITHOUT_LDNS_UTILS 895.It 896.Va WITHOUT_UNBOUND 897.El 898.It Va WITHOUT_LDNS_UTILS 899Setting this variable will prevent building the LDNS utilities 900.Xr drill 1 901and 902.Xr host 1 . 903.It Va WITHOUT_LEGACY_CONSOLE 904Do not build programs that support a legacy PC console; e.g., 905.Xr kbdcontrol 1 906and 907.Xr vidcontrol 1 . 908.It Va WITHOUT_LIB32 909On 64-bit platforms, do not build 32-bit library set and a 910.Nm ld-elf32.so.1 911runtime linker. 912.Pp 913This is a default setting on 914arm/armv7, i386/i386, powerpc/powerpc64le and riscv/riscv64. 915.It Va WITH_LIB32 916On 64-bit platforms, build the 32-bit library set and a 917.Nm ld-elf32.so.1 918runtime linker. 919.Pp 920This is a default setting on 921amd64/amd64, arm64/aarch64 and powerpc/powerpc64. 922.It Va WITHOUT_LLD 923Do not build LLVM's lld linker. 924.It Va WITHOUT_LLDB 925Do not build the LLDB debugger. 926.Pp 927This is a default setting on 928arm/armv7 and riscv/riscv64. 929.It Va WITH_LLDB 930Build the LLDB debugger. 931.Pp 932This is a default setting on 933amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. 934.It Va WITHOUT_LLD_BOOTSTRAP 935Do not build the LLD linker during the bootstrap phase of 936the build. 937To be able to build the system an alternate linker must be provided via XLD. 938.It Va WITHOUT_LLVM_ASSERTIONS 939Disable debugging assertions in LLVM. 940.It Va WITHOUT_LLVM_BINUTILS 941Install ELF Tool Chain's binary utilities instead of LLVM's. 942This includes 943.Xr addr2line 1 , 944.Xr ar 1 , 945.Xr nm 1 , 946.Xr objcopy 1 , 947.Xr ranlib 1 , 948.Xr readelf 1 , 949.Xr size 1 , 950and 951.Xr strip 1 . 952Regardless of this setting, LLVM tools are used for 953.Xr c++filt 1 954and 955.Xr objdump 1 . 956.Xr strings 1 957is always provided by ELF Tool Chain. 958.It Va WITHOUT_LLVM_COV 959Do not build the 960.Xr llvm-cov 1 961tool. 962.It Va WITHOUT_LLVM_CXXFILT 963Install ELF Tool Chain's cxxfilt as c++filt, instead of LLVM's llvm-cxxfilt. 964.It Va WITH_LLVM_FULL_DEBUGINFO 965Generate full debug information for LLVM libraries and tools, which uses 966more disk space and build resources, but allows for easier debugging. 967.It Va WITHOUT_LLVM_TARGET_AARCH64 968Do not build LLVM target support for AArch64. 969The 970.Va LLVM_TARGET_ALL 971option should be used rather than this in most cases. 972.It Va WITHOUT_LLVM_TARGET_ALL 973Only build the required LLVM target support. 974This option is preferred to specific target support options. 975When set, these options are also in effect: 976.Pp 977.Bl -inset -compact 978.It Va WITHOUT_LLVM_TARGET_AARCH64 979(unless 980.Va WITH_LLVM_TARGET_AARCH64 981is set explicitly) 982.It Va WITHOUT_LLVM_TARGET_ARM 983(unless 984.Va WITH_LLVM_TARGET_ARM 985is set explicitly) 986.It Va WITHOUT_LLVM_TARGET_POWERPC 987(unless 988.Va WITH_LLVM_TARGET_POWERPC 989is set explicitly) 990.It Va WITHOUT_LLVM_TARGET_RISCV 991(unless 992.Va WITH_LLVM_TARGET_RISCV 993is set explicitly) 994.El 995.It Va WITHOUT_LLVM_TARGET_ARM 996Do not build LLVM target support for ARM. 997The 998.Va LLVM_TARGET_ALL 999option should be used rather than this in most cases. 1000.It Va WITH_LLVM_TARGET_BPF 1001Build LLVM target support for BPF. 1002The 1003.Va LLVM_TARGET_ALL 1004option should be used rather than this in most cases. 1005.It Va WITH_LLVM_TARGET_MIPS 1006Build LLVM target support for MIPS. 1007The 1008.Va LLVM_TARGET_ALL 1009option should be used rather than this in most cases. 1010.It Va WITHOUT_LLVM_TARGET_POWERPC 1011Do not build LLVM target support for PowerPC. 1012The 1013.Va LLVM_TARGET_ALL 1014option should be used rather than this in most cases. 1015.It Va WITHOUT_LLVM_TARGET_RISCV 1016Do not build LLVM target support for RISC-V. 1017The 1018.Va LLVM_TARGET_ALL 1019option should be used rather than this in most cases. 1020.It Va WITHOUT_LLVM_TARGET_X86 1021Do not build LLVM target support for X86. 1022The 1023.Va LLVM_TARGET_ALL 1024option should be used rather than this in most cases. 1025.It Va WITHOUT_LOADER_BIOS_TEXTONLY 1026Include graphics, font and video mode support in the i386 and amd64 BIOS 1027boot loader. 1028.It Va WITH_LOADER_EFI_SECUREBOOT 1029Enable building 1030.Xr loader 8 1031with support for verification based on certificates obtained from UEFI. 1032.It Va WITHOUT_LOADER_GELI 1033Disable inclusion of GELI crypto support in the boot chain binaries. 1034.Pp 1035This is a default setting on 1036powerpc/powerpc64 and powerpc/powerpc64le. 1037.It Va WITH_LOADER_GELI 1038Build GELI bootloader support. 1039.Pp 1040This is a default setting on 1041amd64/amd64, arm/armv7, arm64/aarch64, i386/i386 and riscv/riscv64. 1042.It Va WITHOUT_LOADER_IA32 1043Do not build the 32-bit UEFI loader. 1044.Pp 1045This is a default setting on 1046arm/armv7, arm64/aarch64, i386/i386, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 1047.It Va WITH_LOADER_IA32 1048Build the 32-bit UEFI loader. 1049.Pp 1050This is a default setting on 1051amd64/amd64. 1052.It Va WITHOUT_LOADER_KBOOT 1053Do not build kboot, a linuxboot environment loader 1054.Pp 1055This is a default setting on 1056arm/armv7, i386/i386, powerpc/powerpc64le and riscv/riscv64. 1057.It Va WITH_LOADER_KBOOT 1058Build kboot, a linuxboot environment loader 1059.Pp 1060This is a default setting on 1061amd64/amd64, arm64/aarch64 and powerpc/powerpc64. 1062.It Va WITHOUT_LOADER_LUA 1063Do not build LUA bindings for the boot loader. 1064.Pp 1065This is a default setting on 1066powerpc/powerpc64 and powerpc/powerpc64le. 1067.It Va WITH_LOADER_LUA 1068Build LUA bindings for the boot loader. 1069.Pp 1070This is a default setting on 1071amd64/amd64, arm/armv7, arm64/aarch64, i386/i386 and riscv/riscv64. 1072.It Va WITHOUT_LOADER_OFW 1073Disable building of openfirmware bootloader components. 1074.Pp 1075This is a default setting on 1076amd64/amd64, arm/armv7, arm64/aarch64, i386/i386 and riscv/riscv64. 1077.It Va WITH_LOADER_OFW 1078Build openfirmware bootloader components. 1079.Pp 1080This is a default setting on 1081powerpc/powerpc64 and powerpc/powerpc64le. 1082.It Va WITHOUT_LOADER_PXEBOOT 1083Do not build pxeboot on i386/amd64. 1084When the pxeboot is too large, or unneeded, it may be disabled with this option. 1085See 1086.Va WITH_LOADER_PXEBOOT 1087for how to adjust the defaults when you need both a larger 1088.Pa /boot/loader 1089and 1090.Pa /boot/pxeboot 1091.Pp 1092This option only has an effect on x86. 1093.It Va WITHOUT_LOADER_UBOOT 1094Disable building of ubldr. 1095.Pp 1096This is a default setting on 1097amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64le and riscv/riscv64. 1098.It Va WITH_LOADER_UBOOT 1099Build ubldr. 1100.Pp 1101This is a default setting on 1102arm/armv7 and powerpc/powerpc64. 1103.It Va WITH_LOADER_VERBOSE 1104Build with extra verbose debugging in the loader. 1105May explode already nearly too large loader over the limit. 1106Use with care. 1107.It Va WITH_LOADER_VERIEXEC 1108Enable building 1109.Xr loader 8 1110with support for verification similar to Verified Exec. 1111.Pp 1112Depends on 1113.Va WITH_BEARSSL . 1114May require a larger 1115.Va LOADERSIZE . 1116When set, these options are also in effect: 1117.Pp 1118.Bl -inset -compact 1119.It Va WITH_LOADER_EFI_SECUREBOOT 1120(unless 1121.Va WITHOUT_LOADER_EFI_SECUREBOOT 1122is set explicitly) 1123.It Va WITH_LOADER_VERIEXEC_VECTX 1124(unless 1125.Va WITHOUT_LOADER_VERIEXEC_VECTX 1126is set explicitly) 1127.El 1128.It Va WITH_LOADER_VERIEXEC_PASS_MANIFEST 1129Enable building 1130.Xr loader 8 1131with support to pass a verified manifest to the kernel. 1132The kernel has to be built with a module to parse the manifest. 1133.Pp 1134Depends on 1135.Va WITH_LOADER_VERIEXEC . 1136.It Va WITH_LOADER_VERIEXEC_VECTX 1137Enable building 1138.Xr loader 8 1139with support for hashing and verifying kernel and modules as a side effect 1140of loading. 1141.Pp 1142Depends on 1143.Va WITH_LOADER_VERIEXEC . 1144.It Va WITHOUT_LOADER_ZFS 1145Do not build ZFS file system boot loader support. 1146.It Va WITHOUT_LOCALES 1147Do not build localization files; see 1148.Xr locale 1 . 1149.It Va WITHOUT_LOCATE 1150Do not build 1151.Xr locate 1 1152and related programs. 1153.It Va WITHOUT_LPR 1154Do not build 1155.Xr lpr 1 1156and related programs. 1157.It Va WITHOUT_LS_COLORS 1158Build 1159.Xr ls 1 1160without support for colors to distinguish file types. 1161.It Va WITHOUT_MACHDEP_OPTIMIZATIONS 1162Prefer machine-independent non-assembler code in libc and libm. 1163.It Va WITHOUT_MAIL 1164Do not build any mail support (MUA or MTA). 1165When set, it enforces these options: 1166.Pp 1167.Bl -item -compact 1168.It 1169.Va WITHOUT_DMAGENT 1170.It 1171.Va WITHOUT_MAILWRAPPER 1172.It 1173.Va WITHOUT_SENDMAIL 1174.El 1175.It Va WITHOUT_MAILWRAPPER 1176Do not build the 1177.Xr mailwrapper 8 1178MTA selector. 1179.It Va WITHOUT_MAKE 1180Do not install 1181.Xr make 1 1182and related support files. 1183.It Va WITHOUT_MAKE_CHECK_USE_SANDBOX 1184Do not execute 1185.Dq Li "make check" 1186in limited sandbox mode. 1187This option should be paired with 1188.Va WITH_INSTALL_AS_USER 1189if executed as an unprivileged user. 1190See 1191.Xr tests 7 1192for more details. 1193.It Va WITH_MALLOC_PRODUCTION 1194Disable assertions and statistics gathering in 1195.Xr malloc 3 . 1196The run-time options 1197.Dv opt.abort , 1198.Dv opt.abort_conf , 1199and 1200.Dv opt.junk 1201also default to false. 1202.It Va WITHOUT_MAN 1203Do not build manual pages. 1204When set, these options are also in effect: 1205.Pp 1206.Bl -inset -compact 1207.It Va WITHOUT_MAN_UTILS 1208(unless 1209.Va WITH_MAN_UTILS 1210is set explicitly) 1211.El 1212.It Va WITHOUT_MANCOMPRESS 1213Do not install compressed man pages. 1214Only the uncompressed versions will be installed. 1215.It Va WITHOUT_MANSPLITPKG 1216Do not split man pages into their own packages during make package. 1217.It Va WITHOUT_MAN_UTILS 1218Do not build utilities for manual pages, 1219.Xr apropos 1 , 1220.Xr makewhatis 1 , 1221.Xr man 1 , 1222.Xr whatis 1 , 1223.Xr manctl 8 , 1224and related support files. 1225.It Va WITH_META_ERROR_TARGET 1226Enable the META_MODE .ERROR target. 1227.Pp 1228This target will copy the meta file of a failed target 1229to 1230.Va ERROR_LOGDIR 1231(default is 1232.Ql ${SRCTOP:H}/error ) 1233to help with failure analysis. 1234Depends on 1235.Va WITH_META_MODE . 1236This default when 1237.Va WITH_DIRDEPS_BUILD 1238is set. 1239.Pp 1240This must be set in the environment, make command line, or 1241.Pa /etc/src-env.conf , 1242not 1243.Pa /etc/src.conf . 1244.It Va WITH_META_MODE 1245Create 1246.Xr make 1 1247meta files when building, which can provide a reliable incremental build when 1248using 1249.Xr filemon 4 . 1250The meta file is created in OBJDIR as 1251.Pa target.meta . 1252These meta files track the command that was executed, its output, and the 1253current directory. 1254The 1255.Xr filemon 4 1256module is required unless 1257.Va NO_FILEMON 1258is defined. 1259When the module is loaded, any files used by the commands executed are 1260tracked as dependencies for the target in its meta file. 1261The target is considered out-of-date and rebuilt if any of these 1262conditions are true compared to the last build: 1263.Bl -bullet -compact 1264.It 1265The command to execute changes. 1266.It 1267The current working directory changes. 1268.It 1269The target's meta file is missing. 1270.It 1271The target's meta file is missing filemon data when filemon is loaded 1272and a previous run did not have it loaded. 1273.It 1274[requires 1275.Xr filemon 4 ] 1276Files read, executed or linked to are newer than the target. 1277.It 1278[requires 1279.Xr filemon 4 ] 1280Files read, written, executed or linked are missing. 1281.El 1282The meta files can also be useful for debugging. 1283.Pp 1284The build hides commands that are executed unless 1285.Va NO_SILENT 1286is defined. 1287Errors cause 1288.Xr make 1 1289to show some of its environment for further debugging. 1290.Pp 1291The build operates as it normally would otherwise. 1292This option originally invoked a different build system but that was renamed 1293to 1294.Va WITH_DIRDEPS_BUILD . 1295.Pp 1296This must be set in the environment, make command line, or 1297.Pa /etc/src-env.conf , 1298not 1299.Pa /etc/src.conf . 1300.It Va WITHOUT_MITKRB5 1301Set this to build KTH Heimdal instead of MIT Kerberos 5. 1302.It Va WITHOUT_MLX5TOOL 1303Do not build 1304.Xr mlx5tool 8 1305.Pp 1306This is a default setting on 1307arm/armv7 and riscv/riscv64. 1308.It Va WITH_MLX5TOOL 1309Build 1310.Xr mlx5tool 8 1311.Pp 1312This is a default setting on 1313amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. 1314.It Va WITHOUT_NETCAT 1315Do not build 1316.Xr nc 1 1317utility. 1318.It Va WITHOUT_NETGRAPH 1319Do not build applications to support 1320.Xr netgraph 4 . 1321When set, it enforces these options: 1322.Pp 1323.Bl -item -compact 1324.It 1325.Va WITHOUT_BLUETOOTH 1326.El 1327.Pp 1328When set, these options are also in effect: 1329.Pp 1330.Bl -inset -compact 1331.It Va WITHOUT_NETGRAPH_SUPPORT 1332(unless 1333.Va WITH_NETGRAPH_SUPPORT 1334is set explicitly) 1335.El 1336.It Va WITHOUT_NETGRAPH_SUPPORT 1337Build libraries, programs, and kernel modules without netgraph support. 1338.It Va WITHOUT_NETLINK 1339Do not build 1340.Xr genl 1 1341utility. 1342.It Va WITHOUT_NETLINK_SUPPORT 1343Make libraries and programs use rtsock and 1344.Xr sysctl 3 1345interfaces instead of 1346.Xr snl 3 . 1347.It Va WITHOUT_NIS 1348Do not build 1349.Xr NIS 8 1350support and related programs. 1351If set, you might need to adopt your 1352.Xr nsswitch.conf 5 1353and remove 1354.Sq nis 1355entries. 1356.It Va WITHOUT_NLS 1357Do not build NLS catalogs. 1358When set, it enforces these options: 1359.Pp 1360.Bl -item -compact 1361.It 1362.Va WITHOUT_NLS_CATALOGS 1363.El 1364.It Va WITHOUT_NLS_CATALOGS 1365Do not build NLS catalog support for 1366.Xr csh 1 . 1367.It Va WITHOUT_NS_CACHING 1368Disable name caching in the 1369.Pa nsswitch 1370subsystem. 1371The generic caching daemon, 1372.Xr nscd 8 , 1373will not be built either if this option is set. 1374.It Va WITHOUT_NTP 1375Do not build 1376.Xr ntpd 8 1377and related programs. 1378.It Va WITHOUT_NUAGEINIT 1379Do not install the limited cloud init support scripts. 1380.It Va WITHOUT_OFED 1381Do not build the 1382.Dq "OpenFabrics Enterprise Distribution" 1383InfiniBand software stack, including kernel modules and userspace libraries. 1384.Pp 1385This is a default setting on 1386arm/armv7. 1387When set, it enforces these options: 1388.Pp 1389.Bl -item -compact 1390.It 1391.Va WITHOUT_OFED_EXTRA 1392.El 1393.It Va WITH_OFED 1394Build the 1395.Dq "OpenFabrics Enterprise Distribution" 1396InfiniBand software stack, including kernel modules and userspace libraries. 1397.Pp 1398This is a default setting on 1399amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 1400.It Va WITH_OFED_EXTRA 1401Build the non-essential components of the 1402.Dq "OpenFabrics Enterprise Distribution" 1403Infiniband software stack, mostly examples. 1404.It Va WITH_OPENLDAP 1405Enable building LDAP support for kerberos using an openldap client from ports. 1406.It Va WITHOUT_OPENMP 1407Do not build LLVM's OpenMP runtime. 1408.Pp 1409This is a default setting on 1410arm/armv7. 1411.It Va WITH_OPENMP 1412Build LLVM's OpenMP runtime. 1413.Pp 1414This is a default setting on 1415amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 1416.It Va WITHOUT_OPENSSH 1417Do not build OpenSSH. 1418.It Va WITHOUT_OPENSSL 1419Do not build OpenSSL. 1420When set, it enforces these options: 1421.Pp 1422.Bl -item -compact 1423.It 1424.Va WITHOUT_DMAGENT 1425.It 1426.Va WITHOUT_KERBEROS 1427.It 1428.Va WITHOUT_LDNS 1429.It 1430.Va WITHOUT_LDNS_UTILS 1431.It 1432.Va WITHOUT_LOADER_ZFS 1433.It 1434.Va WITHOUT_MITKRB5 1435.It 1436.Va WITHOUT_OPENSSH 1437.It 1438.Va WITHOUT_OPENSSL_KTLS 1439.It 1440.Va WITHOUT_PKGBOOTSTRAP 1441.It 1442.Va WITHOUT_UNBOUND 1443.It 1444.Va WITHOUT_ZFS 1445.It 1446.Va WITHOUT_ZFS_TESTS 1447.El 1448.Pp 1449When set, these options are also in effect: 1450.Pp 1451.Bl -inset -compact 1452.It Va WITHOUT_KERBEROS_SUPPORT 1453(unless 1454.Va WITH_KERBEROS_SUPPORT 1455is set explicitly) 1456.El 1457.It Va WITHOUT_OPENSSL_KTLS 1458Do not include kernel TLS support in OpenSSL. 1459.Pp 1460This is a default setting on 1461arm/armv7, i386/i386 and riscv/riscv64. 1462.It Va WITH_OPENSSL_KTLS 1463Include kernel TLS support in OpenSSL. 1464.Pp 1465This is a default setting on 1466amd64/amd64, arm64/aarch64, powerpc/powerpc64 and powerpc/powerpc64le. 1467.It Va WITHOUT_PAM 1468Do not build PAM library and modules. 1469.Bf -symbolic 1470This option is deprecated and does nothing. 1471.Ef 1472When set, these options are also in effect: 1473.Pp 1474.Bl -inset -compact 1475.It Va WITHOUT_PAM_SUPPORT 1476(unless 1477.Va WITH_PAM_SUPPORT 1478is set explicitly) 1479.El 1480.It Va WITHOUT_PAM_SUPPORT 1481Build some programs without PAM support, particularly 1482.Xr ftpd 8 1483and 1484.Xr ppp 8 . 1485.It Va WITHOUT_PF 1486Do not build PF firewall package. 1487When set, it enforces these options: 1488.Pp 1489.Bl -item -compact 1490.It 1491.Va WITHOUT_AUTHPF 1492.El 1493.It Va WITHOUT_PIE 1494Do not build dynamically linked binaries as 1495Position-Independent Executable (PIE). 1496.Pp 1497This is a default setting on 1498arm/armv7 and i386/i386. 1499.It Va WITH_PIE 1500Build dynamically linked binaries as 1501Position-Independent Executable (PIE). 1502.Pp 1503This is a default setting on 1504amd64/amd64, arm64/aarch64, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 1505.It Va WITHOUT_PKGBOOTSTRAP 1506Do not build 1507.Xr pkg 7 1508bootstrap tool. 1509.It Va WITHOUT_PMC 1510Do not build 1511.Xr pmccontrol 8 1512and related programs. 1513.It Va WITHOUT_PPP 1514Do not build 1515.Xr ppp 8 1516and related programs. 1517.It Va WITHOUT_PTHREADS_ASSERTIONS 1518Disable debugging assertions in pthreads library. 1519.It Va WITHOUT_QUOTAS 1520Do not build 1521.Xr quota 1 1522and related programs. 1523.It Va WITHOUT_RADIUS_SUPPORT 1524Do not build radius support into various applications, like 1525.Xr pam_radius 8 1526and 1527.Xr ppp 8 . 1528.It Va WITH_RATELIMIT 1529Build the system with rate limit support. 1530.Pp 1531This makes 1532.Dv SO_MAX_PACING_RATE 1533effective in 1534.Xr getsockopt 2 , 1535and 1536.Ar txrlimit 1537support in 1538.Xr ifconfig 8 , 1539by proxy. 1540.It Va WITHOUT_RBOOTD 1541Do not build or install 1542.Xr rbootd 8 . 1543.It Va WITHOUT_RELRO 1544Do not apply the Relocation Read-Only (RELRO) vulnerability mitigation. 1545See also the 1546.Va BIND_NOW 1547option. 1548.It Va WITH_REPRODUCIBLE_BUILD 1549Exclude build metadata (such as the build time, user, or host) 1550from the kernel, boot loaders, and uname output, so that builds produce 1551bit-for-bit identical output. 1552.It Va WITHOUT_RESCUE 1553Do not build 1554.Xr rescue 8 . 1555.It Va WITH_RETPOLINE 1556Build the base system with the retpoline speculative execution 1557vulnerability mitigation for CVE-2017-5715. 1558.It Va WITHOUT_ROUTED 1559Do not build 1560.Xr routed 8 1561utility. 1562.It Va WITH_RPCBIND_WARMSTART_SUPPORT 1563Build 1564.Xr rpcbind 8 1565with warmstart support. 1566.It Va WITH_RUN_TESTS 1567Run tests as part of the build. 1568.It Va WITHOUT_SCTP_SUPPORT 1569Disable support in the kernel for the 1570.Xr sctp 4 1571Stream Control Transmission Protocol 1572loadable kernel module. 1573.It Va WITHOUT_SENDMAIL 1574Do not build 1575.Xr sendmail 8 1576and related programs. 1577.It Va WITHOUT_SERVICESDB 1578Do not install 1579.Pa /var/db/services.db . 1580.It Va WITHOUT_SETUID_LOGIN 1581Set this to disable the installation of 1582.Xr login 1 1583as a set-user-ID root program. 1584.It Va WITHOUT_SHAREDOCS 1585Do not build the 1586.Bx 4.4 1587legacy docs. 1588.It Va WITH_SORT_THREADS 1589Enable threads in 1590.Xr sort 1 . 1591.It Va WITHOUT_SOURCELESS 1592Do not build kernel modules that include sourceless code (either microcode or native code for host CPU). 1593When set, it enforces these options: 1594.Pp 1595.Bl -item -compact 1596.It 1597.Va WITHOUT_SOURCELESS_HOST 1598.It 1599.Va WITHOUT_SOURCELESS_UCODE 1600.El 1601.It Va WITHOUT_SOURCELESS_HOST 1602Do not build kernel modules that include sourceless native code for host CPU. 1603.It Va WITHOUT_SOURCELESS_UCODE 1604Do not build kernel modules that include sourceless microcode. 1605.It Va WITHOUT_SPLIT_KERNEL_DEBUG 1606Do not build standalone kernel debug files. 1607Debug data (if enabled by the kernel configuration file) 1608will be included in the kernel and modules. 1609When set, it enforces these options: 1610.Pp 1611.Bl -item -compact 1612.It 1613.Va WITHOUT_KERNEL_SYMBOLS 1614.El 1615.It Va WITHOUT_SSP 1616Do not build world with stack smashing protection. 1617See 1618.Xr mitigations 7 1619for more information. 1620.It Va WITH_STAGING 1621Enable staging of files to a stage tree. 1622This can be best thought of as auto-install to 1623.Va DESTDIR 1624with some extra meta data to ensure dependencies can be tracked. 1625Depends on 1626.Va WITH_DIRDEPS_BUILD . 1627When set, these options are also in effect: 1628.Pp 1629.Bl -inset -compact 1630.It Va WITH_STAGING_MAN 1631(unless 1632.Va WITHOUT_STAGING_MAN 1633is set explicitly) 1634.It Va WITH_STAGING_PROG 1635(unless 1636.Va WITHOUT_STAGING_PROG 1637is set explicitly) 1638.El 1639.Pp 1640This must be set in the environment, make command line, or 1641.Pa /etc/src-env.conf , 1642not 1643.Pa /etc/src.conf . 1644.It Va WITH_STAGING_MAN 1645Enable staging of man pages to stage tree. 1646.It Va WITH_STAGING_PROG 1647Enable staging of PROGs to stage tree. 1648.It Va WITH_STALE_STAGED 1649Check staged files are not stale. 1650.It Va WITHOUT_STATS 1651Neither build nor install 1652.Lb libstats 1653and dependent binaries. 1654.It Va WITHOUT_SYSCONS 1655Do not build 1656.Xr syscons 4 1657support files such as keyboard maps, fonts, and screen output maps. 1658.It Va WITH_SYSROOT 1659Enable use of sysroot during build. 1660Depends on 1661.Va WITH_DIRDEPS_BUILD . 1662.Pp 1663This must be set in the environment, make command line, or 1664.Pa /etc/src-env.conf , 1665not 1666.Pa /etc/src.conf . 1667.It Va WITHOUT_SYSTEM_COMPILER 1668Do not opportunistically skip building a cross-compiler during the 1669bootstrap phase of the build. 1670Normally, if the currently installed compiler matches the planned bootstrap 1671compiler type and revision, then it will not be built. 1672This does not prevent a compiler from being built for installation though, 1673only for building one for the build itself. 1674The 1675.Va WITHOUT_CLANG 1676option controls that. 1677.It Va WITHOUT_SYSTEM_LINKER 1678Do not opportunistically skip building a cross-linker during the 1679bootstrap phase of the build. 1680Normally, if the currently installed linker matches the planned bootstrap 1681linker type and revision, then it will not be built. 1682This does not prevent a linker from being built for installation though, 1683only for building one for the build itself. 1684The 1685.Va WITHOUT_LLD 1686option controls that. 1687.Pp 1688This option is only relevant when 1689.Va WITH_LLD_BOOTSTRAP 1690is set. 1691.It Va WITHOUT_TALK 1692Do not build or install 1693.Xr talk 1 1694and 1695.Xr talkd 8 . 1696.It Va WITHOUT_TCP_WRAPPERS 1697Do not build or install 1698.Xr tcpd 8 , 1699and related utilities. 1700.It Va WITHOUT_TCSH 1701Do not build and install 1702.Pa /bin/csh 1703(which is 1704.Xr tcsh 1 ) . 1705.It Va WITHOUT_TELNET 1706Do not build 1707.Xr telnet 1 1708and related programs. 1709.It Va WITHOUT_TESTS 1710Do not build nor install the 1711.Fx 1712Test Suite in 1713.Pa /usr/tests/ . 1714See 1715.Xr tests 7 1716for more details. 1717This also disables the build of all test-related dependencies, including ATF. 1718When set, it enforces these options: 1719.Pp 1720.Bl -item -compact 1721.It 1722.Va WITHOUT_DTRACE_TESTS 1723.It 1724.Va WITHOUT_ZFS_TESTS 1725.El 1726.Pp 1727When set, these options are also in effect: 1728.Pp 1729.Bl -inset -compact 1730.It Va WITHOUT_GOOGLETEST 1731(unless 1732.Va WITH_GOOGLETEST 1733is set explicitly) 1734.It Va WITHOUT_TESTS_SUPPORT 1735(unless 1736.Va WITH_TESTS_SUPPORT 1737is set explicitly) 1738.El 1739.It Va WITHOUT_TESTS_SUPPORT 1740Disable the build of all test-related dependencies, including ATF. 1741When set, it enforces these options: 1742.Pp 1743.Bl -item -compact 1744.It 1745.Va WITHOUT_GOOGLETEST 1746.El 1747.It Va WITHOUT_TEXTPROC 1748Do not build 1749programs used for text processing. 1750.It Va WITHOUT_TFTP 1751Do not build or install 1752.Xr tftp 1 1753and 1754.Xr tftpd 8 . 1755.It Va WITHOUT_TOOLCHAIN 1756Do not install 1757programs used for program development, 1758compilers, debuggers etc. 1759When set, it enforces these options: 1760.Pp 1761.Bl -item -compact 1762.It 1763.Va WITHOUT_CLANG 1764.It 1765.Va WITHOUT_CLANG_EXTRAS 1766.It 1767.Va WITHOUT_CLANG_FORMAT 1768.It 1769.Va WITHOUT_CLANG_FULL 1770.It 1771.Va WITHOUT_LLD 1772.It 1773.Va WITHOUT_LLDB 1774.It 1775.Va WITHOUT_LLVM_COV 1776.El 1777.Pp 1778When set, these options are also in effect: 1779.Pp 1780.Bl -inset -compact 1781.It Va WITHOUT_LLVM_BINUTILS 1782(unless 1783.Va WITH_LLVM_BINUTILS 1784is set explicitly) 1785.El 1786.It Va WITH_UBSAN 1787Build the base system with Undefined Behavior Sanitizer (UBSan) to detect 1788various kinds of undefined behavior at runtime. 1789Requires that Clang be used as the base system compiler 1790and that the runtime support library is available 1791.It Va WITHOUT_UNBOUND 1792Do not build 1793.Xr unbound 8 1794and related programs. 1795.It Va WITH_UNDEFINED_VERSION 1796Link libraries with --undefined-version which permits version maps to 1797contain symbols that are not present in the library. 1798If this is necessary to build a particular configuration, a bug is 1799present and the configuration should be reported. 1800.It Va WITHOUT_UNIFIED_OBJDIR 1801Use the historical object directory format for 1802.Xr build 7 1803targets. 1804For native-builds and builds done directly in sub-directories the format of 1805.Pa ${MAKEOBJDIRPREFIX}/${.CURDIR} 1806is used, 1807while for cross-builds 1808.Pa ${MAKEOBJDIRPREFIX}/${TARGET}.${TARGET_ARCH}/${.CURDIR} 1809is used. 1810.Pp 1811This option is transitional and will be removed in a future version of 1812.Fx , 1813at which time 1814.Va WITH_UNIFIED_OBJDIR 1815will be enabled permanently. 1816.Pp 1817This must be set in the environment, make command line, or 1818.Pa /etc/src-env.conf , 1819not 1820.Pa /etc/src.conf . 1821.It Va WITHOUT_USB 1822Do not build USB-related programs and libraries. 1823.It Va WITHOUT_USB_GADGET_EXAMPLES 1824Do not build USB gadget kernel modules. 1825.It Va WITHOUT_UTMPX 1826Do not build user accounting tools such as 1827.Xr last 1 , 1828.Xr users 1 , 1829.Xr who 1 , 1830.Xr ac 8 , 1831.Xr lastlogin 8 1832and 1833.Xr utx 8 . 1834.It Va WITH_VERIEXEC 1835Enable building 1836.Xr veriexec 8 1837which loads the contents of verified manifests into the kernel 1838for use by 1839.Xr mac_veriexec 4 1840.Pp 1841Depends on 1842.Va WITH_BEARSSL . 1843.It Va WITHOUT_VI 1844Do not build and install vi, view, ex and related programs. 1845.It Va WITHOUT_VT 1846Do not build 1847.Xr vt 4 1848support files (fonts and keymaps). 1849.It Va WITHOUT_WARNS 1850Set this to not add warning flags to the compiler invocations. 1851Useful as a temporary workaround when code enters the tree 1852which triggers warnings in environments that differ from the 1853original developer. 1854.It Va WITHOUT_WERROR 1855Set this to not treat compiler warnings as errors. 1856Useful as a temporary workaround when working on fixing compiler warnings. 1857When set, warnings are still printed in the build log but do not fail the build. 1858.It Va WITHOUT_WIRELESS 1859Do not build programs used for 802.11 wireless networks; especially 1860.Xr wpa_supplicant 8 1861and 1862.Xr hostapd 8 . 1863When set, these options are also in effect: 1864.Pp 1865.Bl -inset -compact 1866.It Va WITHOUT_WIRELESS_SUPPORT 1867(unless 1868.Va WITH_WIRELESS_SUPPORT 1869is set explicitly) 1870.El 1871.It Va WITHOUT_WIRELESS_SUPPORT 1872Build libraries, programs, and kernel modules without 1873802.11 wireless support. 1874.It Va WITHOUT_WPA_SUPPLICANT_EAPOL 1875Build 1876.Xr wpa_supplicant 8 1877without support for the IEEE 802.1X protocol and without 1878support for EAP-PEAP, EAP-TLS, EAP-LEAP, and EAP-TTLS 1879protocols (usable only via 802.1X). 1880.It Va WITH_ZEROREGS 1881Build the basesystem with code to zero caller-used register contents 1882on function return. 1883This prevents leaking temporary values for side channel attacks. 1884Additionally this reduces the number of usable ROP gadgets for attackers. 1885.It Va WITHOUT_ZFS 1886Do not build the ZFS file system kernel module, libraries such as 1887.Xr libbe 3 , 1888and user commands such as 1889.Xr zpool 8 1890or 1891.Xr zfs 8 . 1892Also disable ZFS support in utilities and libraries which implement 1893ZFS-specific functionality. 1894When set, it enforces these options: 1895.Pp 1896.Bl -item -compact 1897.It 1898.Va WITHOUT_ZFS_TESTS 1899.El 1900.It Va WITHOUT_ZFS_TESTS 1901Do not build and install the legacy ZFS test suite. 1902.It Va WITHOUT_ZONEINFO 1903Do not build the timezone database. 1904When set, it enforces these options: 1905.Pp 1906.Bl -item -compact 1907.It 1908.Va WITHOUT_ZONEINFO_LEAPSECONDS_SUPPORT 1909.El 1910.It Va WITH_ZONEINFO_LEAPSECONDS_SUPPORT 1911Build leapsecond information in to the timezone database. 1912This option violates 1913.St -p1003.1 1914and all other applicable standards, and is known to cause unexpected 1915issues with date/time handling in many applications and programming 1916languages. 1917.El 1918.Pp 1919The following options accept a single value from a list of valid values. 1920.Bl -tag -width indent 1921.It Va INIT_ALL 1922Control default initialization of stack variables in C and C++ code. 1923Options other than 1924.Li none 1925require the Clang compiler or GCC 12.0 or later. 1926The default value is 1927.Li none . 1928Valid values are: 1929.Bl -tag -width indent 1930.It Li none 1931Do not initialize stack variables (standard C/C++ behavior). 1932.It Li pattern 1933Build the base system or kernel with stack variables initialized to 1934.Pq compiler defined 1935debugging patterns on function entry. 1936.It Li zero 1937Build the base system or kernel with stack variables initialized 1938to zero on function entry. 1939This value is converted to 1940.Li none 1941for amd64 kernel builds due to incompatability with ifunc memset. 1942.El 1943.It Va LIBC_MALLOC 1944Specify the 1945.Xr malloc 3 1946implementation used by libc. 1947The default value is 1948.Li jemalloc . 1949Valid values are: 1950.Bl -tag -width indent 1951.It Li jemalloc 1952.El 1953.Pp 1954Other implementations are expected in the future in both 1955.Fx 1956and downstream consumers. 1957.El 1958.Sh FILES 1959.Bl -tag -compact -width Pa 1960.It Pa /etc/src.conf 1961.It Pa /etc/src-env.conf 1962.It Pa /usr/share/mk/bsd.own.mk 1963.El 1964.Sh SEE ALSO 1965.Xr make 1 , 1966.Xr make.conf 5 , 1967.Xr build 7 , 1968.Xr ports 7 1969.Sh HISTORY 1970The 1971.Nm 1972file appeared in 1973.Fx 7.0 . 1974.Sh AUTHORS 1975This manual page was autogenerated by 1976.An tools/build/options/makeman . 1977