1.\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman. 2.Dd February 13, 2026 3.Dt SRC.CONF 5 4.Os 5.Sh NAME 6.Nm src.conf 7.Nd "source build options" 8.Sh DESCRIPTION 9The 10.Nm 11file contains variables that control what components will be generated during 12the build process of the 13.Fx 14source tree; see 15.Xr build 7 . 16.Pp 17The 18.Nm 19file uses the standard makefile syntax. 20However, 21.Nm 22should not specify any dependencies to 23.Xr make 1 . 24Instead, 25.Nm 26is to set 27.Xr make 1 28variables that control the aspects of how the system builds. 29.Pp 30The default location of 31.Nm 32is the top level of the source tree, or 33.Pa /etc/src.conf 34if no 35.Nm 36is found in the source tree itself, 37though an alternative location can be specified in the 38.Xr make 1 39variable 40.Va SRCCONF . 41Overriding the location of 42.Nm 43may be necessary if the system-wide settings are not suitable 44for a particular build. 45For instance, setting 46.Va SRCCONF 47to 48.Pa /dev/null 49effectively resets all build controls to their defaults. 50.Pp 51The only purpose of 52.Nm 53is to control the compilation of the 54.Fx 55source code, which is usually located in 56.Pa /usr/src . 57As a rule, the system administrator creates 58.Nm 59when the values of certain control variables need to be changed 60from their defaults. 61.Pp 62In addition, control variables can be specified 63for a particular build via the 64.Fl D 65option of 66.Xr make 1 67or in its environment; see 68.Xr environ 7 . 69.Pp 70The environment of 71.Xr make 1 72for the build can be controlled via the 73.Va SRC_ENV_CONF 74variable, which defaults to 75.Pa /etc/src-env.conf . 76Some examples that may only be set in this file are 77.Va WITH_DIRDEPS_BUILD , 78and 79.Va WITH_META_MODE , 80and 81.Va MAKEOBJDIRPREFIX 82as they are environment-only variables. 83.Pp 84The values of 85.Va WITH_ 86and 87.Va WITHOUT_ 88variables are ignored regardless of their setting; 89even if they would be set to 90.Dq Li FALSE 91or 92.Dq Li NO . 93The presence of an option causes 94it to be honored by 95.Xr make 1 . 96.Pp 97This list provides a name and short description for variables 98that can be used for source builds. 99.Bl -tag -width indent 100.It Va WITHOUT_ACCT 101Do not build process accounting tools such as 102.Xr accton 8 103and 104.Xr sa 8 . 105.It Va WITHOUT_ACPI 106Do not build 107.Xr acpiconf 8 , 108.Xr acpidump 8 109and related programs. 110.It Va WITHOUT_APM 111Do not build 112.Xr apm 8 , 113.Xr apmd 8 114and related programs. 115.It Va WITH_ASAN 116Build the base system with Address Sanitizer (ASan) to detect 117memory corruption bugs such as buffer overflows or use-after-free. 118Requires that Clang be used as the base system compiler 119and that the runtime support library is available. 120When set, it enforces these options: 121.Pp 122.Bl -item -compact 123.It 124.Va WITH_LLVM_BINUTILS 125.It 126.Va WITH_LLVM_CXXFILT 127.El 128.It Va WITHOUT_ASSERT_DEBUG 129Compile programs and libraries without the 130.Xr assert 3 131checks. 132.It Va WITHOUT_AT 133Do not build 134.Xr at 1 135and related utilities. 136.It Va WITHOUT_AUDIT 137Do not build audit support into system programs. 138.It Va WITHOUT_AUTHPF 139Do not build 140.Xr authpf 8 . 141.It Va WITHOUT_AUTOFS 142Do not build 143.Xr autofs 4 144related programs, libraries, and kernel modules. 145.It Va WITHOUT_AUTO_OBJ 146Disable automatic creation of objdirs. 147This is enabled by default if the wanted OBJDIR is writable by the current user. 148.Pp 149This must be set in the environment, make command line, or 150.Pa /etc/src-env.conf , 151not 152.Pa /etc/src.conf . 153.It Va WITH_BEARSSL 154Build the BearSSL library. 155.Pp 156BearSSL is a tiny SSL library suitable for embedded environments. 157For details see 158.Lk https://www.BearSSL.org/ 159.Pp 160This library is currently only used to perform 161signature verification and related operations 162for Verified Exec and 163.Xr loader 8 . 164.Pp 165Due to size constraints in the BIOS environment on x86, one may need to set 166.Va LOADERSIZE 167larger than the 168default 500000, although often loader is under the 500k limit even with 169this option. 170Setting 171.Va LOADERSIZE 172larger than 500000 may cause 173.Xr pxeboot 8 174to be too large to work. 175Careful testing of the loader in the target environment when built with a larger 176limit to establish safe limits is critical because different BIOS environments 177reserve differing amounts of the low 640k space, making a precise limit for 178everybody impossible. 179.Pp 180See also 181.Va WITH_LOADER_PXEBOOT 182for other considerations. 183When set, these options are also in effect: 184.Pp 185.Bl -inset -compact 186.It Va WITH_LOADER_EFI_SECUREBOOT 187(unless 188.Va WITHOUT_LOADER_EFI_SECUREBOOT 189is set explicitly) 190.It Va WITH_LOADER_VERIEXEC 191(unless 192.Va WITHOUT_LOADER_VERIEXEC 193is set explicitly) 194.It Va WITH_LOADER_VERIEXEC_VECTX 195(unless 196.Va WITHOUT_LOADER_VERIEXEC_VECTX 197is set explicitly) 198.It Va WITH_VERIEXEC 199(unless 200.Va WITHOUT_VERIEXEC 201is set explicitly) 202.El 203.It Va WITHOUT_BHYVE 204Do not build or install 205.Xr bhyve 8 , 206associated utilities, and examples. 207.Pp 208This option only affects amd64/amd64 and arm64/aarch64. 209.It Va WITH_BHYVE_SNAPSHOT 210Include support for save and restore (snapshots) in 211.Xr bhyve 8 212and 213.Xr bhyvectl 8 . 214.Pp 215This option only affects amd64/amd64. 216.It Va WITH_BIND_NOW 217Build all binaries with the 218.Dv DF_BIND_NOW 219flag set to indicate that the run-time loader should perform all relocation 220processing at process startup rather than on demand. 221The combination of the 222.Va BIND_NOW 223and 224.Va RELRO 225options provide "full" Relocation Read-Only (RELRO) support. 226With full RELRO the entire GOT is made read-only after performing relocation at 227startup, avoiding GOT overwrite attacks. 228.It Va WITHOUT_BLACKLIST 229This option has been renamed to 230.Va WITHOUT_BLOCKLIST . 231When set, it enforces these options: 232.Pp 233.Bl -item -compact 234.It 235.Va WITHOUT_BLOCKLIST 236.El 237.Pp 238When set, these options are also in effect: 239.Pp 240.Bl -inset -compact 241.It Va WITHOUT_BLACKLIST_SUPPORT 242(unless 243.Va WITH_BLACKLIST_SUPPORT 244is set explicitly) 245.It Va WITHOUT_BLOCKLIST_SUPPORT 246(unless 247.Va WITH_BLOCKLIST_SUPPORT 248is set explicitly) 249.El 250.It Va WITHOUT_BLACKLIST_SUPPORT 251This option has been renamed to 252.Va WITHOUT_BLOCKLIST_SUPPORT . 253When set, it enforces these options: 254.Pp 255.Bl -item -compact 256.It 257.Va WITHOUT_BLOCKLIST_SUPPORT 258.El 259.It Va WITHOUT_BLOCKLIST 260Set this if you do not want to build 261.Xr blocklistd 8 262and 263.Xr blocklistctl 8 . 264When set, these options are also in effect: 265.Pp 266.Bl -inset -compact 267.It Va WITHOUT_BLOCKLIST_SUPPORT 268(unless 269.Va WITH_BLOCKLIST_SUPPORT 270is set explicitly) 271.El 272.It Va WITHOUT_BLOCKLIST_SUPPORT 273Build some programs without 274.Xr libblocklist 3 275support, like 276.Xr fingerd 8 277and 278.Xr sshd 8 . 279.It Va WITHOUT_BLUETOOTH 280Do not build Bluetooth related kernel modules, programs and libraries. 281.It Va WITHOUT_BOOT 282Do not build the boot blocks and loader. 283.It Va WITHOUT_BOOTPARAMD 284Do not build or install 285.Xr bootparamd 8 . 286.It Va WITHOUT_BOOTPD 287Do not build or install 288.Xr bootpd 8 . 289.It Va WITH_BRANCH_PROTECTION 290Build with branch protection enabled. 291On arm64 enable the use of pointer authentication and 292branch target identification instructions on arm64. 293These can be used to help mitigate some exploit techniques. 294.It Va WITHOUT_BSDINSTALL 295Do not build 296.Xr bsdinstall 8 , 297.Xr sade 8 , 298and related programs. 299.It Va WITHOUT_BSD_CPIO 300Do not build the BSD licensed version of cpio based on 301.Xr libarchive 3 . 302.It Va WITHOUT_BSNMP 303Do not build or install 304.Xr bsnmpd 1 305and related libraries and data files. 306.It Va WITHOUT_BZIP2 307Do not build contributed bzip2 software as a part of the base system. 308.Bf -symbolic 309The option has no effect yet. 310.Ef 311When set, these options are also in effect: 312.Pp 313.Bl -inset -compact 314.It Va WITHOUT_BZIP2_SUPPORT 315(unless 316.Va WITH_BZIP2_SUPPORT 317is set explicitly) 318.El 319.It Va WITHOUT_BZIP2_SUPPORT 320Build some programs without optional bzip2 support. 321.It Va WITHOUT_CALENDAR 322Do not build 323.Xr calendar 1 . 324.It Va WITHOUT_CAROOT 325Do not add the trusted certificates from the Mozilla NSS bundle to 326base. 327.It Va WITHOUT_CASPER 328This option has no effect. 329.It Va WITH_CCACHE_BUILD 330Use 331.Xr ccache 1 332for the build. 333No configuration is required except to install the 334.Sy devel/ccache 335or 336.Sy devel/sccache 337package. 338When using with 339.Xr distcc 1 , 340set 341.Sy CCACHE_PREFIX=/usr/local/bin/distcc . 342When using with sccache 343set 344.Sy CCACHE_NAME=sccache 345in 346.Xr src.conf 5 . 347The default cache directory of 348.Pa $HOME/.ccache 349will be used, which can be overridden by setting 350.Sy CCACHE_DIR . 351The 352.Sy CCACHE_COMPILERCHECK 353option defaults to 354.Sy content 355when using the in-tree bootstrap compiler, 356and 357.Sy mtime 358when using an external compiler. 359The 360.Sy CCACHE_CPP2 361option is used for Clang but not GCC. 362.Pp 363Sharing a cache between multiple work directories requires using a layout 364similar to 365.Pa /some/prefix/src 366.Pa /some/prefix/obj 367and an environment such as: 368.Bd -literal -offset indent 369CCACHE_BASEDIR='${SRCTOP:H}' MAKEOBJDIRPREFIX='${SRCTOP:H}/obj' 370.Ed 371.Pp 372See 373.Xr ccache 1 374for more configuration options. 375.It Va WITHOUT_CCD 376Do not build 377.Xr geom_ccd 4 378and related utilities. 379.It Va WITHOUT_CDDL 380Do not build code licensed under Sun's CDDL. 381When set, it enforces these options: 382.Pp 383.Bl -item -compact 384.It 385.Va WITHOUT_CTF 386.It 387.Va WITHOUT_DTRACE 388.It 389.Va WITHOUT_LOADER_ZFS 390.It 391.Va WITHOUT_ZFS 392.It 393.Va WITHOUT_ZFS_TESTS 394.El 395.It Va WITHOUT_CLANG 396Do not build the Clang C/C++ compiler during the regular phase of the build. 397When set, it enforces these options: 398.Pp 399.Bl -item -compact 400.It 401.Va WITHOUT_CLANG_EXTRAS 402.It 403.Va WITHOUT_CLANG_FORMAT 404.It 405.Va WITHOUT_CLANG_FULL 406.It 407.Va WITHOUT_LLVM_COV 408.El 409.Pp 410When set, these options are also in effect: 411.Pp 412.Bl -inset -compact 413.It Va WITHOUT_LLVM_TARGET_AARCH64 414(unless 415.Va WITH_LLVM_TARGET_AARCH64 416is set explicitly) 417.It Va WITHOUT_LLVM_TARGET_ALL 418(unless 419.Va WITH_LLVM_TARGET_ALL 420is set explicitly) 421.It Va WITHOUT_LLVM_TARGET_ARM 422(unless 423.Va WITH_LLVM_TARGET_ARM 424is set explicitly) 425.It Va WITHOUT_LLVM_TARGET_POWERPC 426(unless 427.Va WITH_LLVM_TARGET_POWERPC 428is set explicitly) 429.It Va WITHOUT_LLVM_TARGET_RISCV 430(unless 431.Va WITH_LLVM_TARGET_RISCV 432is set explicitly) 433.El 434.It Va WITHOUT_CLANG_BOOTSTRAP 435Do not build the Clang C/C++ compiler during the bootstrap phase of 436the build. 437To be able to build the system, either gcc or clang bootstrap must be 438enabled unless an alternate compiler is provided via XCC. 439.It Va WITH_CLANG_EXTRAS 440Build additional clang and llvm tools, such as bugpoint and 441clang-format. 442.It Va WITH_CLANG_FORMAT 443Build clang-format. 444.It Va WITHOUT_CLANG_FULL 445Avoid building the ARCMigrate, Rewriter and StaticAnalyzer components of 446the Clang C/C++ compiler. 447.It Va WITH_CLEAN 448Clean before building world and/or kernel. 449Note that recording a new epoch in 450.Pa .clean_build_epoch 451in the root of the source tree will also force a clean world build. 452When set, these options are also in effect: 453.Pp 454.Bl -inset -compact 455.It Va WITHOUT_DEPEND_CLEANUP 456(unless 457.Va WITH_DEPEND_CLEANUP 458is set explicitly) 459.El 460.It Va WITHOUT_CPP 461Do not build 462.Xr cpp 1 . 463.It Va WITHOUT_CROSS_COMPILER 464Do not build any cross compiler in the cross-tools stage of buildworld. 465When compiling a different version of 466.Fx 467than what is installed on the system, provide an alternate 468compiler with XCC to ensure success. 469When compiling with an identical version of 470.Fx 471to the host, this option may be safely used. 472This option may also be safe when the host version of 473.Fx 474is close to the sources being built, but all bets are off if there have 475been any changes to the toolchain between the versions. 476When set, it enforces these options: 477.Pp 478.Bl -item -compact 479.It 480.Va WITHOUT_CLANG_BOOTSTRAP 481.It 482.Va WITHOUT_ELFTOOLCHAIN_BOOTSTRAP 483.It 484.Va WITHOUT_LLD_BOOTSTRAP 485.El 486.It Va WITHOUT_CRYPT 487Do not build any crypto code. 488When set, it enforces these options: 489.Pp 490.Bl -item -compact 491.It 492.Va WITHOUT_DMAGENT 493.It 494.Va WITHOUT_KERBEROS 495.It 496.Va WITHOUT_LDNS 497.It 498.Va WITHOUT_LDNS_UTILS 499.It 500.Va WITHOUT_LOADER_ZFS 501.It 502.Va WITHOUT_MITKRB5 503.It 504.Va WITHOUT_OPENSSH 505.It 506.Va WITHOUT_OPENSSL 507.It 508.Va WITHOUT_OPENSSL_KTLS 509.It 510.Va WITHOUT_PKGBOOTSTRAP 511.It 512.Va WITHOUT_UNBOUND 513.It 514.Va WITHOUT_ZFS 515.It 516.Va WITHOUT_ZFS_TESTS 517.El 518.Pp 519When set, these options are also in effect: 520.Pp 521.Bl -inset -compact 522.It Va WITHOUT_KERBEROS_SUPPORT 523(unless 524.Va WITH_KERBEROS_SUPPORT 525is set explicitly) 526.El 527.It Va WITH_CTF 528Compile with CTF (Compact C Type Format) data. 529CTF data encapsulates a reduced form of debugging information 530similar to DWARF and the venerable stabs and is required for DTrace. 531.It Va WITHOUT_CUSE 532Do not build CUSE-related programs and libraries. 533.It Va WITHOUT_CXGBETOOL 534Do not build 535.Xr cxgbetool 8 536.Pp 537This is a default setting on 538arm/armv7 and riscv/riscv64. 539.It Va WITH_CXGBETOOL 540Build 541.Xr cxgbetool 8 542.Pp 543This is a default setting on 544amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. 545.It Va WITHOUT_DEBUG_FILES 546Avoid building or installing standalone debug files for each 547executable binary and shared library. 548.It Va WITHOUT_DEPEND_CLEANUP 549Do not attempt to detect if the object tree needs cleaning in part or in 550whole before building. 551This speeds up incremental builds, especially when experimenting with 552build options, but may cause the build to inexplicably fail or produce 553non-functioning binaries. 554.It Va WITH_DETECT_TZ_CHANGES 555Make the time handling code detect changes to the timezone files. 556.It Va WITH_DIALOG 557Do build 558.Xr dialog 1 , 559.Xr dialog 3 , 560.Xr dpv 1 , 561and 562.Xr dpv 3 . 563.It Va WITHOUT_DICT 564Do not build the Webster dictionary files. 565.It Va WITH_DIRDEPS_BUILD 566This is an alternate build system. 567For details see 568https://www.crufty.net/sjg/docs/freebsd-meta-mode.htm. 569Build commands can be seen from the top-level with: 570.Dl make show-valid-targets 571The build is driven by dirdeps.mk using 572.Va DIRDEPS 573stored in 574Makefile.depend files found in each directory. 575.Pp 576The build can be started from anywhere, and behaves the same. 577The initial instance of 578.Xr make 1 579recursively reads 580.Va DIRDEPS 581from 582.Pa Makefile.depend , 583computing a graph of tree dependencies from the current origin. 584Setting 585.Va NO_DIRDEPS 586skips checking dirdep dependencies and will only build in the current 587and child directories. 588.Va NO_DIRDEPS_BELOW 589skips building any dirdeps and only build the current directory. 590.Pp 591This also utilizes the 592.Va WITH_META_MODE 593logic for incremental builds. 594.Pp 595The build hides commands executed unless 596.Va NO_SILENT 597is defined. 598.Pp 599Note that there is currently no mass install feature for this. 600This build is designed for producing packages, that can then be installed 601on a target system. 602.Pp 603The implementation in 604.Fx 605is incomplete. 606Completion would require leaf directories for building each kernel 607and package so that their dependencies can be tracked. 608When set, it enforces these options: 609.Pp 610.Bl -item -compact 611.It 612.Va WITH_INSTALL_AS_USER 613.El 614.Pp 615When set, these options are also in effect: 616.Pp 617.Bl -inset -compact 618.It Va WITH_META_ERROR_TARGET 619(unless 620.Va WITHOUT_META_ERROR_TARGET 621is set explicitly) 622.It Va WITH_META_MODE 623(unless 624.Va WITHOUT_META_MODE 625is set explicitly) 626.It Va WITH_STAGING 627(unless 628.Va WITHOUT_STAGING 629is set explicitly) 630.It Va WITH_STAGING_MAN 631(unless 632.Va WITHOUT_STAGING_MAN 633is set explicitly) 634.It Va WITH_STAGING_PROG 635(unless 636.Va WITHOUT_STAGING_PROG 637is set explicitly) 638.It Va WITH_SYSROOT 639(unless 640.Va WITHOUT_SYSROOT 641is set explicitly) 642.El 643.Pp 644This must be set in the environment, make command line, or 645.Pa /etc/src-env.conf , 646not 647.Pa /etc/src.conf . 648.It Va WITH_DIRDEPS_CACHE 649Cache result of dirdeps.mk which can save significant time 650for subsequent builds. 651Depends on 652.Va WITH_DIRDEPS_BUILD . 653.Pp 654This must be set in the environment, make command line, or 655.Pa /etc/src-env.conf , 656not 657.Pa /etc/src.conf . 658.It Va WITH_DISK_IMAGE_TOOLS_BOOTSTRAP 659Build 660.Xr etdump 1 , 661.Xr makefs 8 662and 663.Xr mkimg 1 664as bootstrap tools. 665.It Va WITHOUT_DMAGENT 666Do not build dma Mail Transport Agent. 667.It Va WITHOUT_DOCCOMPRESS 668Do not install compressed system documentation. 669Only the uncompressed version will be installed. 670.It Va WITHOUT_DTRACE 671Do not build DTrace framework kernel modules, libraries, and user commands. 672When set, it enforces these options: 673.Pp 674.Bl -item -compact 675.It 676.Va WITHOUT_CTF 677.El 678.It Va WITH_DTRACE_ASAN 679Compile userspace DTrace code (libdtrace, dtrace(1), lockstat(1), plockstat(1)) 680with address and undefined behavior sanitizers. 681Requires that Clang be used as the base system compiler 682and that the runtime support library is available. 683.It Va WITH_DTRACE_TESTS 684Build and install the DTrace test suite in 685.Pa /usr/tests/cddl/usr.sbin/dtrace . 686This test suite is considered experimental on architectures other than 687amd64/amd64 and running it may cause system instability. 688.It Va WITHOUT_DYNAMICROOT 689Set this if you do not want to link 690.Pa /bin 691and 692.Pa /sbin 693dynamically. 694.It Va WITHOUT_EE 695Do not build and install 696.Xr edit 1 , 697.Xr ee 1 , 698and related programs. 699.It Va WITHOUT_EFI 700Set not to build 701.Xr efivar 3 702and 703.Xr efivar 8 . 704.Pp 705This is a default setting on 706i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. 707.It Va WITH_EFI 708Build 709.Xr efivar 3 710and 711.Xr efivar 8 . 712.Pp 713This is a default setting on 714amd64/amd64, arm/armv7, arm64/aarch64 and riscv/riscv64. 715.It Va WITHOUT_ELFTOOLCHAIN_BOOTSTRAP 716Do not build ELF Tool Chain tools 717(addr2line, nm, size, strings and strip) 718as part of the bootstrap process. 719.Bf -symbolic 720An alternate bootstrap tool chain must be provided. 721.Ef 722.It Va WITHOUT_EXAMPLES 723Avoid installing examples to 724.Pa /usr/share/examples/ . 725.It Va WITH_EXPERIMENTAL 726Include experimental features in the build. 727.It Va WITHOUT_FDT 728Do not build Flattened Device Tree support as part of the base system. 729This includes the device tree compiler (dtc) and libfdt support library. 730.Pp 731This is a default setting on 732amd64/amd64 and i386/i386. 733.It Va WITH_FDT 734Build Flattened Device Tree support as part of the base system. 735This includes the device tree compiler (dtc) and libfdt support library. 736.Pp 737This is a default setting on 738arm/armv7, arm64/aarch64, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 739.It Va WITHOUT_FILE 740Do not build 741.Xr file 1 742and related programs. 743.It Va WITHOUT_FINGER 744Do not build or install 745.Xr finger 1 746and 747.Xr fingerd 8 . 748.It Va WITHOUT_FLOPPY 749Do not build or install programs 750for operating floppy disk driver. 751.It Va WITHOUT_FORMAT_EXTENSIONS 752Do not enable 753.Fl fformat-extensions 754when compiling the kernel. 755Also disables all format checking. 756.It Va WITHOUT_FORTH 757Build bootloaders without Forth support. 758.It Va WITHOUT_FREEBSD_UPDATE 759Do not build 760.Xr freebsd-update 8 . 761.It Va WITHOUT_FTP 762Do not build or install 763.Xr ftp 1 . 764.It Va WITHOUT_GAMES 765Do not build games. 766.It Va WITH_GNU_DIFF 767Build and install GNU 768.Xr diff3 1 769instead of BSD 770.Xr diff3 1 . 771.It Va WITHOUT_GOOGLETEST 772Neither build nor install 773.Lb libgmock , 774.Lb libgtest , 775and dependent tests. 776.It Va WITHOUT_GPIO 777Do not build 778.Xr gpioctl 8 779as part of the base system. 780.It Va WITHOUT_HAST 781Do not build 782.Xr hastd 8 783and related utilities. 784.It Va WITH_HESIOD 785Build Hesiod support. 786.It Va WITHOUT_HTML 787Do not build HTML docs. 788.It Va WITHOUT_HYPERV 789Do not build or install HyperV utilities. 790.Pp 791This is a default setting on 792arm/armv7, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 793.It Va WITH_HYPERV 794Build or install HyperV utilities. 795.Pp 796This is a default setting on 797amd64/amd64, arm64/aarch64 and i386/i386. 798.It Va WITHOUT_ICONV 799Do not build iconv as part of libc. 800.It Va WITHOUT_INCLUDES 801Do not install header files. 802This option used to be spelled 803.Va NO_INCS . 804.Bf -symbolic 805The option does not work for build targets. 806.Ef 807.It Va WITHOUT_INET 808Do not build programs and libraries related to IPv4 networking. 809When set, it enforces these options: 810.Pp 811.Bl -item -compact 812.It 813.Va WITHOUT_INET_SUPPORT 814.El 815.It Va WITHOUT_INET6 816Do not build 817programs and libraries related to IPv6 networking. 818When set, it enforces these options: 819.Pp 820.Bl -item -compact 821.It 822.Va WITHOUT_INET6_SUPPORT 823.El 824.It Va WITHOUT_INET6_SUPPORT 825Build libraries, programs, and kernel modules without IPv6 support. 826.It Va WITHOUT_INETD 827Do not build 828.Xr inetd 8 . 829.It Va WITHOUT_INET_SUPPORT 830Build libraries, programs, and kernel modules without IPv4 support. 831.It Va WITHOUT_INSTALLLIB 832Set this to not install optional libraries. 833For example, when creating a 834.Xr nanobsd 8 835image. 836.Bf -symbolic 837The option does not work for build targets. 838.Ef 839.It Va WITH_INSTALL_AS_USER 840Make install targets succeed for non-root users by installing 841files with owner and group attributes set to that of the user running 842the 843.Xr make 1 844command. 845The user still must set the 846.Va DESTDIR 847variable to point to a directory where the user has write permissions. 848.It Va WITHOUT_IPFILTER 849Do not build IP Filter package. 850.It Va WITH_IPFILTER_IPFS 851Enable building the 852.Xr ipfs 8 853tool to save and restore IPFilter state tables. 854.It Va WITHOUT_IPFW 855Do not build IPFW tools. 856.It Va WITHOUT_IPSEC_SUPPORT 857Do not build the kernel with 858.Xr ipsec 4 859support. 860This option is needed for 861.Xr ipsec 4 862and 863.Xr tcpmd5 4 . 864.It Va WITHOUT_ISCSI 865Do not build 866.Xr iscsid 8 867and related utilities. 868.It Va WITHOUT_JAIL 869Do not build tools for the support of jails; e.g., 870.Xr jail 8 . 871.It Va WITHOUT_JEMALLOC_LG_VADDR_WIDE 872Disallow programs to use more than 48 address bits on amd64. 873Incompatible with LA57 mode. 874Enabling this option might result in a slight reduction in memory 875consumption for jemalloc metadata, but also requires disabling LA57 876(if hardware supports it). 877.It Va WITHOUT_KDUMP 878Do not build 879.Xr kdump 1 880and 881.Xr truss 1 . 882.It Va WITHOUT_KERBEROS 883Set this to not build Kerberos. 884When set, these options are also in effect: 885.Pp 886.Bl -inset -compact 887.It Va WITHOUT_KERBEROS_SUPPORT 888(unless 889.Va WITH_KERBEROS_SUPPORT 890is set explicitly) 891.El 892.It Va WITHOUT_KERBEROS_SUPPORT 893Build some programs without Kerberos support, like 894.Xr ssh 1 , 895.Xr telnet 1 , 896and 897.Xr sshd 8 . 898.It Va WITH_KERNEL_BIN 899Generate and install kernel.bin from kernel as part of the normal build and 900install processes for the kernel. Available only on arm and arm64. 901 902Usually this will be added to the kernel config file with: 903 904makeoptions WITH_KERNEL_BIN=1 905 906though it can also be used on the command line. 907.It Va WITH_KERNEL_RETPOLINE 908Enable the "retpoline" mitigation for CVE-2017-5715 in the kernel 909build. 910.It Va WITHOUT_KERNEL_SYMBOLS 911Do not install standalone kernel debug symbol files. 912This option has no effect at build time. 913.It Va WITHOUT_KVM 914Do not build the 915.Nm libkvm 916library as a part of the base system. 917.Bf -symbolic 918The option has no effect yet. 919.Ef 920When set, these options are also in effect: 921.Pp 922.Bl -inset -compact 923.It Va WITHOUT_KVM_SUPPORT 924(unless 925.Va WITH_KVM_SUPPORT 926is set explicitly) 927.El 928.It Va WITHOUT_KVM_SUPPORT 929Build some programs without optional 930.Nm libkvm 931support. 932.It Va WITHOUT_LDNS 933Setting this variable will prevent the LDNS library from being built. 934When set, it enforces these options: 935.Pp 936.Bl -item -compact 937.It 938.Va WITHOUT_LDNS_UTILS 939.It 940.Va WITHOUT_UNBOUND 941.El 942.It Va WITHOUT_LDNS_UTILS 943Setting this variable will prevent building the LDNS utilities 944.Xr drill 1 945and 946.Xr host 1 . 947.It Va WITHOUT_LEGACY_CONSOLE 948Do not build programs that support a legacy PC console; e.g., 949.Xr kbdcontrol 1 950and 951.Xr vidcontrol 1 . 952.It Va WITHOUT_LIB32 953On 64-bit platforms, do not build 32-bit library set and a 954.Nm ld-elf32.so.1 955runtime linker. 956.Pp 957This is a default setting on 958arm/armv7, i386/i386, powerpc/powerpc64le and riscv/riscv64. 959.It Va WITH_LIB32 960On 64-bit platforms, build the 32-bit library set and a 961.Nm ld-elf32.so.1 962runtime linker. 963.Pp 964This is a default setting on 965amd64/amd64, arm64/aarch64 and powerpc/powerpc64. 966.It Va WITHOUT_LLD 967Do not build LLVM's lld linker. 968.It Va WITHOUT_LLDB 969Do not build the LLDB debugger. 970.Pp 971This is a default setting on 972riscv/riscv64. 973.It Va WITH_LLDB 974Build the LLDB debugger. 975.Pp 976This is a default setting on 977amd64/amd64, arm/armv7, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. 978.It Va WITHOUT_LLD_BOOTSTRAP 979Do not build the LLD linker during the bootstrap phase of 980the build. 981To be able to build the system an alternate linker must be provided via XLD. 982.It Va WITHOUT_LLVM_ASSERTIONS 983Disable debugging assertions in LLVM. 984.It Va WITHOUT_LLVM_BINUTILS 985Install ELF Tool Chain's binary utilities instead of LLVM's. 986This includes 987.Xr addr2line 1 , 988.Xr ar 1 , 989.Xr nm 1 , 990.Xr objcopy 1 , 991.Xr ranlib 1 , 992.Xr readelf 1 , 993.Xr size 1 , 994and 995.Xr strip 1 . 996Regardless of this setting, LLVM tools are used for 997.Xr c++filt 1 998and 999.Xr objdump 1 . 1000.Xr strings 1 1001is always provided by ELF Tool Chain. 1002.It Va WITHOUT_LLVM_COV 1003Do not build the 1004.Xr llvm-cov 1 1005tool. 1006.It Va WITHOUT_LLVM_CXXFILT 1007Install ELF Tool Chain's cxxfilt as c++filt, instead of LLVM's llvm-cxxfilt. 1008.It Va WITH_LLVM_FULL_DEBUGINFO 1009Generate full debug information for LLVM libraries and tools, which uses 1010more disk space and build resources, but allows for easier debugging. 1011.It Va WITH_LLVM_LINK_STATIC_LIBRARIES 1012Link LLVM libraries (libllvm, libclang, liblldb) statically into each of 1013the binaries that use them. 1014 1015This means that binaries linked against these libraries, such as clang, 1016ld.lld and lldb will be much larger and position dependent, but will 1017start more quickly. 1018.It Va WITHOUT_LLVM_TARGET_AARCH64 1019Do not build LLVM target support for AArch64. 1020The 1021.Va LLVM_TARGET_ALL 1022option should be used rather than this in most cases. 1023.It Va WITHOUT_LLVM_TARGET_ALL 1024Only build the required LLVM target support. 1025This option is preferred to specific target support options. 1026When set, these options are also in effect: 1027.Pp 1028.Bl -inset -compact 1029.It Va WITHOUT_LLVM_TARGET_AARCH64 1030(unless 1031.Va WITH_LLVM_TARGET_AARCH64 1032is set explicitly) 1033.It Va WITHOUT_LLVM_TARGET_ARM 1034(unless 1035.Va WITH_LLVM_TARGET_ARM 1036is set explicitly) 1037.It Va WITHOUT_LLVM_TARGET_POWERPC 1038(unless 1039.Va WITH_LLVM_TARGET_POWERPC 1040is set explicitly) 1041.It Va WITHOUT_LLVM_TARGET_RISCV 1042(unless 1043.Va WITH_LLVM_TARGET_RISCV 1044is set explicitly) 1045.El 1046.It Va WITHOUT_LLVM_TARGET_ARM 1047Do not build LLVM target support for ARM. 1048The 1049.Va LLVM_TARGET_ALL 1050option should be used rather than this in most cases. 1051.It Va WITH_LLVM_TARGET_BPF 1052Build LLVM target support for BPF. 1053The 1054.Va LLVM_TARGET_ALL 1055option should be used rather than this in most cases. 1056.It Va WITH_LLVM_TARGET_MIPS 1057Build LLVM target support for MIPS. 1058The 1059.Va LLVM_TARGET_ALL 1060option should be used rather than this in most cases. 1061.It Va WITHOUT_LLVM_TARGET_POWERPC 1062Do not build LLVM target support for PowerPC. 1063The 1064.Va LLVM_TARGET_ALL 1065option should be used rather than this in most cases. 1066.It Va WITHOUT_LLVM_TARGET_RISCV 1067Do not build LLVM target support for RISC-V. 1068The 1069.Va LLVM_TARGET_ALL 1070option should be used rather than this in most cases. 1071.It Va WITHOUT_LLVM_TARGET_X86 1072Do not build LLVM target support for X86. 1073The 1074.Va LLVM_TARGET_ALL 1075option should be used rather than this in most cases. 1076.It Va WITHOUT_LOADER_BIOS_TEXTONLY 1077Include graphics, font and video mode support in the i386 and amd64 BIOS 1078boot loader. 1079.It Va WITH_LOADER_EFI_SECUREBOOT 1080Enable building 1081.Xr loader 8 1082with support for verification based on certificates obtained from UEFI. 1083.It Va WITHOUT_LOADER_GELI 1084Disable inclusion of GELI crypto support in the boot chain binaries. 1085.Pp 1086This is a default setting on 1087powerpc/powerpc64 and powerpc/powerpc64le. 1088.It Va WITH_LOADER_GELI 1089Build GELI bootloader support. 1090.Pp 1091This is a default setting on 1092amd64/amd64, arm/armv7, arm64/aarch64, i386/i386 and riscv/riscv64. 1093.It Va WITHOUT_LOADER_IA32 1094Do not build the 32-bit UEFI loader. 1095.Pp 1096This is a default setting on 1097arm/armv7, arm64/aarch64, i386/i386, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 1098.It Va WITH_LOADER_IA32 1099Build the 32-bit UEFI loader. 1100.Pp 1101This is a default setting on 1102amd64/amd64. 1103.It Va WITHOUT_LOADER_KBOOT 1104Do not build kboot, a linuxboot environment loader 1105.Pp 1106This is a default setting on 1107arm/armv7, i386/i386, powerpc/powerpc64le and riscv/riscv64. 1108.It Va WITH_LOADER_KBOOT 1109Build kboot, a linuxboot environment loader 1110.Pp 1111This is a default setting on 1112amd64/amd64, arm64/aarch64 and powerpc/powerpc64. 1113.It Va WITHOUT_LOADER_LUA 1114Do not build LUA bindings for the boot loader. 1115.Pp 1116This is a default setting on 1117powerpc/powerpc64 and powerpc/powerpc64le. 1118.It Va WITH_LOADER_LUA 1119Build LUA bindings for the boot loader. 1120.Pp 1121This is a default setting on 1122amd64/amd64, arm/armv7, arm64/aarch64, i386/i386 and riscv/riscv64. 1123.It Va WITHOUT_LOADER_OFW 1124Disable building of openfirmware bootloader components. 1125.Pp 1126This is a default setting on 1127amd64/amd64, arm/armv7, arm64/aarch64, i386/i386 and riscv/riscv64. 1128.It Va WITH_LOADER_OFW 1129Build openfirmware bootloader components. 1130.Pp 1131This is a default setting on 1132powerpc/powerpc64 and powerpc/powerpc64le. 1133.It Va WITHOUT_LOADER_PXEBOOT 1134Do not build pxeboot on i386/amd64. 1135When the pxeboot is too large, or unneeded, it may be disabled with this option. 1136See 1137.Va WITH_LOADER_PXEBOOT 1138for how to adjust the defaults when you need both a larger 1139.Pa /boot/loader 1140and 1141.Pa /boot/pxeboot 1142.Pp 1143This option only has an effect on x86. 1144.It Va WITHOUT_LOADER_UBOOT 1145Disable building of ubldr. 1146.Pp 1147This is a default setting on 1148amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64le and riscv/riscv64. 1149.It Va WITH_LOADER_UBOOT 1150Build ubldr. 1151.Pp 1152This is a default setting on 1153arm/armv7 and powerpc/powerpc64. 1154.It Va WITH_LOADER_VERBOSE 1155Build with extra verbose debugging in the loader. 1156May explode already nearly too large loader over the limit. 1157Use with care. 1158.It Va WITH_LOADER_VERIEXEC 1159Enable building 1160.Xr loader 8 1161with support for verification similar to Verified Exec. 1162.Pp 1163Depends on 1164.Va WITH_BEARSSL . 1165May require a larger 1166.Va LOADERSIZE . 1167When set, these options are also in effect: 1168.Pp 1169.Bl -inset -compact 1170.It Va WITH_LOADER_EFI_SECUREBOOT 1171(unless 1172.Va WITHOUT_LOADER_EFI_SECUREBOOT 1173is set explicitly) 1174.It Va WITH_LOADER_VERIEXEC_VECTX 1175(unless 1176.Va WITHOUT_LOADER_VERIEXEC_VECTX 1177is set explicitly) 1178.El 1179.It Va WITH_LOADER_VERIEXEC_PASS_MANIFEST 1180Enable building 1181.Xr loader 8 1182with support to pass a verified manifest to the kernel. 1183The kernel has to be built with a module to parse the manifest. 1184.Pp 1185Depends on 1186.Va WITH_LOADER_VERIEXEC . 1187.It Va WITH_LOADER_VERIEXEC_VECTX 1188Enable building 1189.Xr loader 8 1190with support for hashing and verifying kernel and modules as a side effect 1191of loading. 1192.Pp 1193Depends on 1194.Va WITH_LOADER_VERIEXEC . 1195.It Va WITHOUT_LOADER_ZFS 1196Do not build ZFS file system boot loader support. 1197.It Va WITHOUT_LOCALES 1198Do not build localization files; see 1199.Xr locale 1 . 1200.It Va WITHOUT_LOCATE 1201Do not build 1202.Xr locate 1 1203and related programs. 1204.It Va WITHOUT_LPR 1205Do not build 1206.Xr lpr 1 1207and related programs. 1208.It Va WITHOUT_LS_COLORS 1209Build 1210.Xr ls 1 1211without support for colors to distinguish file types. 1212.It Va WITHOUT_MACHDEP_OPTIMIZATIONS 1213Prefer machine-independent non-assembler code in libc and libm. 1214.It Va WITHOUT_MAIL 1215Do not build any mail support (MUA or MTA). 1216When set, it enforces these options: 1217.Pp 1218.Bl -item -compact 1219.It 1220.Va WITHOUT_DMAGENT 1221.It 1222.Va WITHOUT_MAILWRAPPER 1223.It 1224.Va WITHOUT_SENDMAIL 1225.El 1226.It Va WITHOUT_MAILWRAPPER 1227Do not build the 1228.Xr mailwrapper 8 1229MTA selector. 1230.It Va WITHOUT_MAKE 1231Do not install 1232.Xr make 1 1233and related support files. 1234.It Va WITHOUT_MAKE_CHECK_USE_SANDBOX 1235Do not execute 1236.Dq Li "make check" 1237in limited sandbox mode. 1238This option should be paired with 1239.Va WITH_INSTALL_AS_USER 1240if executed as an unprivileged user. 1241See 1242.Xr tests 7 1243for more details. 1244.It Va WITH_MALLOC_PRODUCTION 1245Disable assertions and statistics gathering in 1246.Xr malloc 3 . 1247The run-time options 1248.Dv opt.abort , 1249.Dv opt.abort_conf , 1250and 1251.Dv opt.junk 1252also default to false. 1253.It Va WITHOUT_MAN 1254Do not build manual pages. 1255When set, these options are also in effect: 1256.Pp 1257.Bl -inset -compact 1258.It Va WITHOUT_MAN_UTILS 1259(unless 1260.Va WITH_MAN_UTILS 1261is set explicitly) 1262.El 1263.It Va WITHOUT_MANCOMPRESS 1264Do not install compressed man pages. 1265Only the uncompressed versions will be installed. 1266.It Va WITH_MANSPLITPKG 1267Split man pages into their own packages during make package. 1268.It Va WITHOUT_MAN_UTILS 1269Do not build utilities for manual pages, 1270.Xr apropos 1 , 1271.Xr makewhatis 1 , 1272.Xr man 1 , 1273.Xr whatis 1 , 1274.Xr manctl 8 , 1275and related support files. 1276.It Va WITH_META_ERROR_TARGET 1277Enable the META_MODE .ERROR target. 1278.Pp 1279This target will copy the meta file of a failed target 1280to 1281.Va ERROR_LOGDIR 1282(default is 1283.Ql ${SRCTOP:H}/error ) 1284to help with failure analysis. 1285Depends on 1286.Va WITH_META_MODE . 1287This default when 1288.Va WITH_DIRDEPS_BUILD 1289is set. 1290.Pp 1291This must be set in the environment, make command line, or 1292.Pa /etc/src-env.conf , 1293not 1294.Pa /etc/src.conf . 1295.It Va WITH_META_MODE 1296Create 1297.Xr make 1 1298meta files when building, which can provide a reliable incremental build when 1299using 1300.Xr filemon 4 . 1301The meta file is created in OBJDIR as 1302.Pa target.meta . 1303These meta files track the command that was executed, its output, and the 1304current directory. 1305The 1306.Xr filemon 4 1307module is required unless 1308.Va NO_FILEMON 1309is defined. 1310When the module is loaded, any files used by the commands executed are 1311tracked as dependencies for the target in its meta file. 1312The target is considered out-of-date and rebuilt if any of these 1313conditions are true compared to the last build: 1314.Bl -bullet -compact 1315.It 1316The command to execute changes. 1317.It 1318The current working directory changes. 1319.It 1320The target's meta file is missing. 1321.It 1322The target's meta file is missing filemon data when filemon is loaded 1323and a previous run did not have it loaded. 1324.It 1325[requires 1326.Xr filemon 4 ] 1327Files read, executed or linked to are newer than the target. 1328.It 1329[requires 1330.Xr filemon 4 ] 1331Files read, written, executed or linked are missing. 1332.El 1333The meta files can also be useful for debugging. 1334.Pp 1335The build hides commands that are executed unless 1336.Va NO_SILENT 1337is defined. 1338Errors cause 1339.Xr make 1 1340to show some of its environment for further debugging. 1341.Pp 1342The build operates as it normally would otherwise. 1343This option originally invoked a different build system but that was renamed 1344to 1345.Va WITH_DIRDEPS_BUILD . 1346.Pp 1347This must be set in the environment, make command line, or 1348.Pa /etc/src-env.conf , 1349not 1350.Pa /etc/src.conf . 1351.It Va WITHOUT_MITKRB5 1352Set this to build KTH Heimdal instead of MIT Kerberos 5. 1353.It Va WITHOUT_MLX5TOOL 1354Do not build 1355.Xr mlx5tool 8 1356.Pp 1357This is a default setting on 1358arm/armv7 and riscv/riscv64. 1359.It Va WITH_MLX5TOOL 1360Build 1361.Xr mlx5tool 8 1362.Pp 1363This is a default setting on 1364amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. 1365.It Va WITHOUT_NETCAT 1366Do not build 1367.Xr nc 1 1368utility. 1369.It Va WITHOUT_NETGRAPH 1370Do not build applications to support 1371.Xr netgraph 4 . 1372When set, it enforces these options: 1373.Pp 1374.Bl -item -compact 1375.It 1376.Va WITHOUT_BLUETOOTH 1377.El 1378.Pp 1379When set, these options are also in effect: 1380.Pp 1381.Bl -inset -compact 1382.It Va WITHOUT_NETGRAPH_SUPPORT 1383(unless 1384.Va WITH_NETGRAPH_SUPPORT 1385is set explicitly) 1386.El 1387.It Va WITHOUT_NETGRAPH_SUPPORT 1388Build libraries, programs, and kernel modules without netgraph support. 1389.It Va WITHOUT_NETLINK 1390Do not build 1391.Xr genl 1 1392utility. 1393.It Va WITHOUT_NETLINK_SUPPORT 1394Make libraries and programs use rtsock and 1395.Xr sysctl 3 1396interfaces instead of 1397.Xr snl 3 . 1398.It Va WITHOUT_NIS 1399Do not build 1400.Xr NIS 8 1401support and related programs. 1402If set, you might need to adopt your 1403.Xr nsswitch.conf 5 1404and remove 1405.Sq nis 1406entries. 1407.It Va WITHOUT_NLS 1408Do not build NLS catalogs. 1409When set, it enforces these options: 1410.Pp 1411.Bl -item -compact 1412.It 1413.Va WITHOUT_NLS_CATALOGS 1414.El 1415.It Va WITHOUT_NLS_CATALOGS 1416Do not build NLS catalog support for 1417.Xr csh 1 . 1418.It Va WITHOUT_NS_CACHING 1419Disable name caching in the 1420.Pa nsswitch 1421subsystem. 1422The generic caching daemon, 1423.Xr nscd 8 , 1424will not be built either if this option is set. 1425.It Va WITHOUT_NTP 1426Do not build 1427.Xr ntpd 8 1428and related programs. 1429.It Va WITHOUT_NUAGEINIT 1430Do not install the limited cloud init support scripts. 1431.It Va WITHOUT_OFED 1432Do not build the 1433.Dq "OpenFabrics Enterprise Distribution" 1434InfiniBand software stack, including kernel modules and userspace libraries. 1435.Pp 1436This is a default setting on 1437arm/armv7. 1438When set, it enforces these options: 1439.Pp 1440.Bl -item -compact 1441.It 1442.Va WITHOUT_OFED_EXTRA 1443.El 1444.It Va WITH_OFED 1445Build the 1446.Dq "OpenFabrics Enterprise Distribution" 1447InfiniBand software stack, including kernel modules and userspace libraries. 1448.Pp 1449This is a default setting on 1450amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 1451.It Va WITH_OFED_EXTRA 1452Build the non-essential components of the 1453.Dq "OpenFabrics Enterprise Distribution" 1454Infiniband software stack, mostly examples. 1455.It Va WITH_OPENLDAP 1456Enable building LDAP support for kerberos using an openldap client from ports. 1457.It Va WITHOUT_OPENMP 1458Do not build LLVM's OpenMP runtime. 1459.Pp 1460This is a default setting on 1461arm/armv7. 1462.It Va WITH_OPENMP 1463Build LLVM's OpenMP runtime. 1464.Pp 1465This is a default setting on 1466amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 1467.It Va WITHOUT_OPENSSH 1468Do not build OpenSSH. 1469.It Va WITHOUT_OPENSSL 1470Do not build OpenSSL. 1471When set, it enforces these options: 1472.Pp 1473.Bl -item -compact 1474.It 1475.Va WITHOUT_DMAGENT 1476.It 1477.Va WITHOUT_KERBEROS 1478.It 1479.Va WITHOUT_LDNS 1480.It 1481.Va WITHOUT_LDNS_UTILS 1482.It 1483.Va WITHOUT_LOADER_ZFS 1484.It 1485.Va WITHOUT_MITKRB5 1486.It 1487.Va WITHOUT_OPENSSH 1488.It 1489.Va WITHOUT_OPENSSL_KTLS 1490.It 1491.Va WITHOUT_PKGBOOTSTRAP 1492.It 1493.Va WITHOUT_UNBOUND 1494.It 1495.Va WITHOUT_ZFS 1496.It 1497.Va WITHOUT_ZFS_TESTS 1498.El 1499.Pp 1500When set, these options are also in effect: 1501.Pp 1502.Bl -inset -compact 1503.It Va WITHOUT_KERBEROS_SUPPORT 1504(unless 1505.Va WITH_KERBEROS_SUPPORT 1506is set explicitly) 1507.El 1508.It Va WITHOUT_OPENSSL_KTLS 1509Do not include kernel TLS support in OpenSSL. 1510.Pp 1511This is a default setting on 1512arm/armv7, i386/i386 and riscv/riscv64. 1513.It Va WITH_OPENSSL_KTLS 1514Include kernel TLS support in OpenSSL. 1515.Pp 1516This is a default setting on 1517amd64/amd64, arm64/aarch64, powerpc/powerpc64 and powerpc/powerpc64le. 1518.It Va WITHOUT_PAM 1519Do not build PAM library and modules. 1520.Bf -symbolic 1521This option is deprecated and does nothing. 1522.Ef 1523When set, these options are also in effect: 1524.Pp 1525.Bl -inset -compact 1526.It Va WITHOUT_PAM_SUPPORT 1527(unless 1528.Va WITH_PAM_SUPPORT 1529is set explicitly) 1530.El 1531.It Va WITHOUT_PAM_SUPPORT 1532Build 1533.Xr ppp 8 1534without PAM support. 1535.It Va WITHOUT_PF 1536Do not build PF firewall package. 1537When set, it enforces these options: 1538.Pp 1539.Bl -item -compact 1540.It 1541.Va WITHOUT_AUTHPF 1542.El 1543.It Va WITHOUT_PIE 1544Do not build dynamically linked binaries as 1545Position-Independent Executable (PIE). 1546.Pp 1547This is a default setting on 1548arm/armv7 and i386/i386. 1549.It Va WITH_PIE 1550Build dynamically linked binaries as 1551Position-Independent Executable (PIE). 1552.Pp 1553This is a default setting on 1554amd64/amd64, arm64/aarch64, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 1555.It Va WITHOUT_PKGBOOTSTRAP 1556Do not build 1557.Xr pkg 7 1558bootstrap tool. 1559.It Va WITHOUT_PMC 1560Do not build 1561.Xr pmccontrol 8 1562and related programs. 1563.It Va WITHOUT_PPP 1564Do not build 1565.Xr ppp 8 1566and related programs. 1567.It Va WITHOUT_PTHREADS_ASSERTIONS 1568Disable debugging assertions in pthreads library. 1569.It Va WITHOUT_QUOTAS 1570Do not build 1571.Xr quota 1 1572and related programs. 1573.It Va WITHOUT_RADIUS_SUPPORT 1574Do not build radius support into various applications, like 1575.Xr pam_radius 8 1576and 1577.Xr ppp 8 . 1578.It Va WITH_RATELIMIT 1579Build the system with rate limit support. 1580.Pp 1581This makes 1582.Dv SO_MAX_PACING_RATE 1583effective in 1584.Xr getsockopt 2 , 1585and 1586.Ar txrlimit 1587support in 1588.Xr ifconfig 8 , 1589by proxy. 1590.It Va WITHOUT_RBOOTD 1591Do not build or install 1592.Xr rbootd 8 . 1593.It Va WITHOUT_RELRO 1594Do not apply the Relocation Read-Only (RELRO) vulnerability mitigation. 1595See also the 1596.Va BIND_NOW 1597option. 1598.It Va WITH_REPRODUCIBLE_BUILD 1599Exclude build metadata (such as the build time, user, or host) 1600from the kernel, boot loaders, and 1601.Xr uname 1 1602output, so that builds produce 1603bit-for-bit identical output. 1604.It Va WITH_REPRODUCIBLE_PATHS 1605Modify the paths encoded in binary artifacts to be standard path 1606 1607Normally, the actual path is encoded in the binary. However, this makes the 1608build differ depending on the path it was built from. With this option enabled, 1609the paths recorded are /usr/src, regardless of the actual path. With this option 1610disabled, the actual paths are recorded. 1611.It Va WITHOUT_RESCUE 1612Do not build 1613.Xr rescue 8 . 1614.It Va WITH_RETPOLINE 1615Build the base system with the retpoline speculative execution 1616vulnerability mitigation for CVE-2017-5715. 1617.It Va WITHOUT_ROUTED 1618Do not build 1619.Xr routed 8 1620utility. 1621.It Va WITH_RPCBIND_WARMSTART_SUPPORT 1622Build 1623.Xr rpcbind 8 1624with warmstart support. 1625.It Va WITH_RUN_TESTS 1626Run tests as part of the build. 1627.It Va WITHOUT_SCTP_SUPPORT 1628Disable support in the kernel for the 1629.Xr sctp 4 1630Stream Control Transmission Protocol 1631loadable kernel module. 1632.It Va WITHOUT_SENDMAIL 1633Do not build 1634.Xr sendmail 8 1635and related programs. 1636.It Va WITHOUT_SERVICESDB 1637Do not install 1638.Pa /var/db/services.db . 1639.It Va WITHOUT_SETUID_LOGIN 1640Set this to disable the installation of 1641.Xr login 1 1642as a set-user-ID root program. 1643.It Va WITHOUT_SHAREDOCS 1644Do not build the 1645.Bx 4.4 1646legacy docs. 1647.It Va WITH_SORT_THREADS 1648Enable threads in 1649.Xr sort 1 . 1650.It Va WITHOUT_SOUND 1651Do not build userland sound utilities such as 1652.Xr beep 1 1653and 1654.Xr mixer 8 . 1655.It Va WITHOUT_SOURCELESS 1656Do not build kernel modules that include sourceless code (either microcode or native code for host CPU). 1657When set, it enforces these options: 1658.Pp 1659.Bl -item -compact 1660.It 1661.Va WITHOUT_SOURCELESS_HOST 1662.It 1663.Va WITHOUT_SOURCELESS_UCODE 1664.El 1665.It Va WITHOUT_SOURCELESS_HOST 1666Do not build kernel modules that include sourceless native code for host CPU. 1667.It Va WITHOUT_SOURCELESS_UCODE 1668Do not build kernel modules that include sourceless microcode. 1669.It Va WITHOUT_SPLIT_KERNEL_DEBUG 1670Do not build standalone kernel debug files. 1671Debug data (if enabled by the kernel configuration file) 1672will be included in the kernel and modules. 1673When set, it enforces these options: 1674.Pp 1675.Bl -item -compact 1676.It 1677.Va WITHOUT_KERNEL_SYMBOLS 1678.El 1679.It Va WITHOUT_SSP 1680Do not build world with stack smashing protection. 1681See 1682.Xr mitigations 7 1683for more information. 1684.It Va WITH_STAGING 1685Enable staging of files to a stage tree. 1686This can be best thought of as auto-install to 1687.Va DESTDIR 1688with some extra meta data to ensure dependencies can be tracked. 1689Depends on 1690.Va WITH_DIRDEPS_BUILD . 1691When set, these options are also in effect: 1692.Pp 1693.Bl -inset -compact 1694.It Va WITH_STAGING_MAN 1695(unless 1696.Va WITHOUT_STAGING_MAN 1697is set explicitly) 1698.It Va WITH_STAGING_PROG 1699(unless 1700.Va WITHOUT_STAGING_PROG 1701is set explicitly) 1702.El 1703.Pp 1704This must be set in the environment, make command line, or 1705.Pa /etc/src-env.conf , 1706not 1707.Pa /etc/src.conf . 1708.It Va WITH_STAGING_MAN 1709Enable staging of man pages to stage tree. 1710.It Va WITH_STAGING_PROG 1711Enable staging of PROGs to stage tree. 1712.It Va WITH_STALE_STAGED 1713Check staged files are not stale. 1714.It Va WITHOUT_STATS 1715Neither build nor install 1716.Lb libstats 1717and dependent binaries. 1718.It Va WITHOUT_SYSCONS 1719Do not build 1720.Xr syscons 4 1721support files such as keyboard maps, fonts, and screen output maps. 1722.It Va WITH_SYSROOT 1723Enable use of sysroot during build. 1724Depends on 1725.Va WITH_DIRDEPS_BUILD . 1726.Pp 1727This must be set in the environment, make command line, or 1728.Pa /etc/src-env.conf , 1729not 1730.Pa /etc/src.conf . 1731.It Va WITHOUT_SYSTEM_COMPILER 1732Do not opportunistically skip building a cross-compiler during the 1733bootstrap phase of the build. 1734Normally, if the currently installed compiler matches the planned bootstrap 1735compiler type and revision, then it will not be built. 1736This does not prevent a compiler from being built for installation though, 1737only for building one for the build itself. 1738The 1739.Va WITHOUT_CLANG 1740option controls that. 1741.It Va WITHOUT_SYSTEM_LINKER 1742Do not opportunistically skip building a cross-linker during the 1743bootstrap phase of the build. 1744Normally, if the currently installed linker matches the planned bootstrap 1745linker type and revision, then it will not be built. 1746This does not prevent a linker from being built for installation though, 1747only for building one for the build itself. 1748The 1749.Va WITHOUT_LLD 1750option controls that. 1751.Pp 1752This option is only relevant when 1753.Va WITH_LLD_BOOTSTRAP 1754is set. 1755.It Va WITHOUT_TALK 1756Do not build or install 1757.Xr talk 1 1758and 1759.Xr talkd 8 . 1760.It Va WITHOUT_TCP_WRAPPERS 1761Do not build or install 1762.Xr tcpd 8 , 1763and related utilities. 1764.It Va WITHOUT_TCSH 1765Do not build and install 1766.Pa /bin/csh 1767(which is 1768.Xr tcsh 1 ) . 1769.It Va WITHOUT_TELNET 1770Do not build 1771.Xr telnet 1 1772and related programs. 1773.It Va WITHOUT_TESTS 1774Do not build nor install the 1775.Fx 1776Test Suite in 1777.Pa /usr/tests/ . 1778See 1779.Xr tests 7 1780for more details. 1781This also disables the build of all test-related dependencies, including ATF. 1782When set, it enforces these options: 1783.Pp 1784.Bl -item -compact 1785.It 1786.Va WITHOUT_DTRACE_TESTS 1787.It 1788.Va WITHOUT_ZFS_TESTS 1789.El 1790.Pp 1791When set, these options are also in effect: 1792.Pp 1793.Bl -inset -compact 1794.It Va WITHOUT_GOOGLETEST 1795(unless 1796.Va WITH_GOOGLETEST 1797is set explicitly) 1798.It Va WITHOUT_TESTS_SUPPORT 1799(unless 1800.Va WITH_TESTS_SUPPORT 1801is set explicitly) 1802.El 1803.It Va WITHOUT_TESTS_SUPPORT 1804Disable the build of all test-related dependencies, including ATF. 1805When set, it enforces these options: 1806.Pp 1807.Bl -item -compact 1808.It 1809.Va WITHOUT_GOOGLETEST 1810.El 1811.It Va WITHOUT_TEXTPROC 1812Do not build 1813programs used for text processing. 1814.It Va WITHOUT_TFTP 1815Do not build or install 1816.Xr tftp 1 1817and 1818.Xr tftpd 8 . 1819.It Va WITHOUT_TOOLCHAIN 1820Do not install 1821programs used for program development, 1822compilers, debuggers etc. 1823When set, it enforces these options: 1824.Pp 1825.Bl -item -compact 1826.It 1827.Va WITHOUT_CLANG 1828.It 1829.Va WITHOUT_CLANG_EXTRAS 1830.It 1831.Va WITHOUT_CLANG_FORMAT 1832.It 1833.Va WITHOUT_CLANG_FULL 1834.It 1835.Va WITHOUT_LLD 1836.It 1837.Va WITHOUT_LLDB 1838.It 1839.Va WITHOUT_LLVM_COV 1840.El 1841.Pp 1842When set, these options are also in effect: 1843.Pp 1844.Bl -inset -compact 1845.It Va WITHOUT_LLVM_BINUTILS 1846(unless 1847.Va WITH_LLVM_BINUTILS 1848is set explicitly) 1849.El 1850.It Va WITH_UBSAN 1851Build the base system with Undefined Behavior Sanitizer (UBSan) to detect 1852various kinds of undefined behavior at runtime. 1853Requires that Clang be used as the base system compiler 1854and that the runtime support library is available 1855.It Va WITHOUT_UNBOUND 1856Do not build 1857.Xr unbound 8 1858and related programs. 1859.It Va WITH_UNDEFINED_VERSION 1860Link libraries with --undefined-version which permits version maps to 1861contain symbols that are not present in the library. 1862If this is necessary to build a particular configuration, a bug is 1863present and the configuration should be reported. 1864.It Va WITHOUT_UNIFIED_OBJDIR 1865Use the historical object directory format for 1866.Xr build 7 1867targets. 1868For native-builds and builds done directly in sub-directories the format of 1869.Pa ${MAKEOBJDIRPREFIX}/${.CURDIR} 1870is used, 1871while for cross-builds 1872.Pa ${MAKEOBJDIRPREFIX}/${TARGET}.${TARGET_ARCH}/${.CURDIR} 1873is used. 1874.Pp 1875This option is transitional and will be removed in a future version of 1876.Fx , 1877at which time 1878.Va WITH_UNIFIED_OBJDIR 1879will be enabled permanently. 1880.Pp 1881This must be set in the environment, make command line, or 1882.Pa /etc/src-env.conf , 1883not 1884.Pa /etc/src.conf . 1885.It Va WITHOUT_USB 1886Do not build USB-related programs and libraries. 1887.It Va WITHOUT_USB_GADGET_EXAMPLES 1888Do not build USB gadget kernel modules. 1889.It Va WITHOUT_UTMPX 1890Do not build user accounting tools such as 1891.Xr last 1 , 1892.Xr users 1 , 1893.Xr who 1 , 1894.Xr ac 8 , 1895.Xr lastlogin 8 1896and 1897.Xr utx 8 . 1898.It Va WITH_VERIEXEC 1899Enable building 1900.Xr veriexec 8 1901which loads the contents of verified manifests into the kernel 1902for use by 1903.Xr mac_veriexec 4 1904.Pp 1905Depends on 1906.Va WITH_BEARSSL . 1907.It Va WITHOUT_VI 1908Do not build and install vi, view, ex and related programs. 1909.It Va WITHOUT_VT 1910Do not build 1911.Xr vt 4 1912support files (fonts and keymaps). 1913.It Va WITHOUT_WARNS 1914Set this to not add warning flags to the compiler invocations. 1915Useful as a temporary workaround when code enters the tree 1916which triggers warnings in environments that differ from the 1917original developer. 1918.It Va WITHOUT_WERROR 1919Set this to not treat compiler warnings as errors. 1920Useful as a temporary workaround when working on fixing compiler warnings. 1921When set, warnings are still printed in the build log but do not fail the build. 1922.It Va WITHOUT_WIRELESS 1923Do not build programs used for 802.11 wireless networks; especially 1924.Xr wpa_supplicant 8 1925and 1926.Xr hostapd 8 . 1927When set, these options are also in effect: 1928.Pp 1929.Bl -inset -compact 1930.It Va WITHOUT_WIRELESS_SUPPORT 1931(unless 1932.Va WITH_WIRELESS_SUPPORT 1933is set explicitly) 1934.El 1935.It Va WITHOUT_WIRELESS_SUPPORT 1936Build libraries, programs, and kernel modules without 1937802.11 wireless support. 1938.It Va WITHOUT_WPA_SUPPLICANT_EAPOL 1939Build 1940.Xr wpa_supplicant 8 1941without support for the IEEE 802.1X protocol and without 1942support for EAP-PEAP, EAP-TLS, EAP-LEAP, and EAP-TTLS 1943protocols (usable only via 802.1X). 1944.It Va WITH_ZEROREGS 1945Build the basesystem with code to zero caller-used register contents 1946on function return. 1947This prevents leaking temporary values for side channel attacks. 1948Additionally this reduces the number of usable ROP gadgets for attackers. 1949.It Va WITHOUT_ZFS 1950Do not build the ZFS file system kernel module, libraries such as 1951.Xr libbe 3 , 1952and user commands such as 1953.Xr zpool 8 1954or 1955.Xr zfs 8 . 1956Also disable ZFS support in utilities and libraries which implement 1957ZFS-specific functionality. 1958When set, it enforces these options: 1959.Pp 1960.Bl -item -compact 1961.It 1962.Va WITHOUT_ZFS_TESTS 1963.El 1964.It Va WITHOUT_ZFS_TESTS 1965Do not build and install the legacy ZFS test suite. 1966.It Va WITHOUT_ZONEINFO 1967Do not build the timezone database. 1968When set, it enforces these options: 1969.Pp 1970.Bl -item -compact 1971.It 1972.Va WITHOUT_ZONEINFO_LEAPSECONDS_SUPPORT 1973.El 1974.It Va WITH_ZONEINFO_LEAPSECONDS_SUPPORT 1975Build leapsecond information in to the timezone database. 1976This option violates 1977.St -p1003.1 1978and all other applicable standards, and is known to cause unexpected 1979issues with date/time handling in many applications and programming 1980languages. 1981.El 1982.Pp 1983The following options accept a single value from a list of valid values. 1984.Bl -tag -width indent 1985.It Va INIT_ALL 1986Control default initialization of stack variables in C and C++ code. 1987Options other than 1988.Li none 1989require the Clang compiler or GCC 12.0 or later. 1990The default value is 1991.Li none . 1992Valid values are: 1993.Bl -tag -width indent 1994.It Li none 1995Do not initialize stack variables (standard C/C++ behavior). 1996.It Li pattern 1997Build the base system or kernel with stack variables initialized to 1998.Pq compiler defined 1999debugging patterns on function entry. 2000.It Li zero 2001Build the base system or kernel with stack variables initialized 2002to zero on function entry. 2003This value is converted to 2004.Li none 2005for amd64 kernel builds due to incompatability with ifunc memset. 2006.El 2007.It Va LIBC_MALLOC 2008Specify the 2009.Xr malloc 3 2010implementation used by libc. 2011The default value is 2012.Li jemalloc . 2013Valid values are: 2014.Bl -tag -width indent 2015.It Li jemalloc 2016.El 2017.Pp 2018Other implementations are expected in the future in both 2019.Fx 2020and downstream consumers. 2021.El 2022.Sh FILES 2023.Bl -tag -compact -width Pa 2024.It Pa /etc/src.conf 2025.It Pa /etc/src-env.conf 2026.It Pa /usr/share/mk/bsd.own.mk 2027.El 2028.Sh SEE ALSO 2029.Xr make 1 , 2030.Xr make.conf 5 , 2031.Xr build 7 , 2032.Xr ports 7 2033.Sh HISTORY 2034The 2035.Nm 2036file appeared in 2037.Fx 7.0 . 2038.Sh AUTHORS 2039This manual page was autogenerated by 2040.An tools/build/options/makeman . 2041