1.\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman. 2.Dd March 3, 2026 3.Dt SRC.CONF 5 4.Os 5.Sh NAME 6.Nm src.conf 7.Nd "source build options" 8.Sh DESCRIPTION 9The 10.Nm 11file contains variables that control what components will be generated during 12the build process of the 13.Fx 14source tree; see 15.Xr build 7 . 16.Pp 17The 18.Nm 19file uses the standard makefile syntax. 20However, 21.Nm 22should not specify any dependencies to 23.Xr make 1 . 24Instead, 25.Nm 26is to set 27.Xr make 1 28variables that control the aspects of how the system builds. 29.Pp 30The default location of 31.Nm 32is the top level of the source tree, or 33.Pa /etc/src.conf 34if no 35.Nm 36is found in the source tree itself, 37though an alternative location can be specified in the 38.Xr make 1 39variable 40.Va SRCCONF . 41Overriding the location of 42.Nm 43may be necessary if the system-wide settings are not suitable 44for a particular build. 45For instance, setting 46.Va SRCCONF 47to 48.Pa /dev/null 49effectively resets all build controls to their defaults. 50.Pp 51The only purpose of 52.Nm 53is to control the compilation of the 54.Fx 55source code, which is usually located in 56.Pa /usr/src . 57As a rule, the system administrator creates 58.Nm 59when the values of certain control variables need to be changed 60from their defaults. 61.Pp 62In addition, control variables can be specified 63for a particular build via the 64.Fl D 65option of 66.Xr make 1 67or in its environment; see 68.Xr environ 7 . 69.Pp 70The environment of 71.Xr make 1 72for the build can be controlled via the 73.Va SRC_ENV_CONF 74variable, which defaults to 75.Pa /etc/src-env.conf . 76Some examples that may only be set in this file are 77.Va WITH_DIRDEPS_BUILD , 78and 79.Va WITH_META_MODE , 80and 81.Va MAKEOBJDIRPREFIX 82as they are environment-only variables. 83.Pp 84The values of 85.Va WITH_ 86and 87.Va WITHOUT_ 88variables are ignored regardless of their setting; 89even if they would be set to 90.Dq Li FALSE 91or 92.Dq Li NO . 93The presence of an option causes 94it to be honored by 95.Xr make 1 . 96.Pp 97This list provides a name and short description for variables 98that can be used for source builds. 99.Bl -tag -width indent 100.It Va WITHOUT_ACCT 101Do not build process accounting tools such as 102.Xr accton 8 103and 104.Xr sa 8 . 105.It Va WITHOUT_ACPI 106Do not build 107.Xr acpiconf 8 , 108.Xr acpidump 8 109and related programs. 110.It Va WITHOUT_APM 111Do not build 112.Xr apm 8 , 113.Xr apmd 8 114and related programs. 115.It Va WITH_ASAN 116Build the base system with Address Sanitizer (ASan) to detect 117memory corruption bugs such as buffer overflows or use-after-free. 118Requires that Clang be used as the base system compiler 119and that the runtime support library is available. 120When set, it enforces these options: 121.Pp 122.Bl -item -compact 123.It 124.Va WITH_LLVM_BINUTILS 125.It 126.Va WITH_LLVM_CXXFILT 127.El 128.It Va WITHOUT_ASSERT_DEBUG 129Compile programs and libraries without the 130.Xr assert 3 131checks. 132.It Va WITHOUT_AT 133Do not build 134.Xr at 1 135and related utilities. 136.It Va WITHOUT_AUDIT 137Do not build audit support into system programs. 138.It Va WITHOUT_AUTHPF 139Do not build 140.Xr authpf 8 . 141.It Va WITHOUT_AUTOFS 142Do not build 143.Xr autofs 4 144related programs, libraries, and kernel modules. 145.It Va WITHOUT_AUTO_OBJ 146Disable automatic creation of objdirs. 147This is enabled by default if the wanted OBJDIR is writable by the current user. 148.Pp 149This must be set in the environment, make command line, or 150.Pa /etc/src-env.conf , 151not 152.Pa /etc/src.conf . 153.It Va WITH_BEARSSL 154Build the BearSSL library. 155.Pp 156BearSSL is a tiny SSL library suitable for embedded environments. 157For details see 158.Lk https://www.BearSSL.org/ 159.Pp 160This library is currently only used to perform 161signature verification and related operations 162for Verified Exec and 163.Xr loader 8 . 164.Pp 165Due to size constraints in the BIOS environment on x86, one may need to set 166.Va LOADERSIZE 167larger than the 168default 500000, although often loader is under the 500k limit even with 169this option. 170Setting 171.Va LOADERSIZE 172larger than 500000 may cause 173.Xr pxeboot 8 174to be too large to work. 175Careful testing of the loader in the target environment when built with a larger 176limit to establish safe limits is critical because different BIOS environments 177reserve differing amounts of the low 640k space, making a precise limit for 178everybody impossible. 179.Pp 180See also 181.Va WITH_LOADER_PXEBOOT 182for other considerations. 183When set, these options are also in effect: 184.Pp 185.Bl -inset -compact 186.It Va WITH_LOADER_EFI_SECUREBOOT 187(unless 188.Va WITHOUT_LOADER_EFI_SECUREBOOT 189is set explicitly) 190.It Va WITH_LOADER_VERIEXEC 191(unless 192.Va WITHOUT_LOADER_VERIEXEC 193is set explicitly) 194.It Va WITH_LOADER_VERIEXEC_VECTX 195(unless 196.Va WITHOUT_LOADER_VERIEXEC_VECTX 197is set explicitly) 198.It Va WITH_VERIEXEC 199(unless 200.Va WITHOUT_VERIEXEC 201is set explicitly) 202.El 203.It Va WITHOUT_BHYVE 204Do not build or install 205.Xr bhyve 8 , 206associated utilities, and examples. 207.Pp 208This option only affects amd64/amd64 and arm64/aarch64. 209.It Va WITH_BHYVE_SNAPSHOT 210Include support for save and restore (snapshots) in 211.Xr bhyve 8 212and 213.Xr bhyvectl 8 . 214.Pp 215This option only affects amd64/amd64. 216.It Va WITH_BIND_NOW 217Build all binaries with the 218.Dv DF_BIND_NOW 219flag set to indicate that the run-time loader should perform all relocation 220processing at process startup rather than on demand. 221The combination of the 222.Va BIND_NOW 223and 224.Va RELRO 225options provide "full" Relocation Read-Only (RELRO) support. 226With full RELRO the entire GOT is made read-only after performing relocation at 227startup, avoiding GOT overwrite attacks. 228.It Va WITHOUT_BLACKLIST 229This option has been renamed to 230.Va WITHOUT_BLOCKLIST . 231When set, it enforces these options: 232.Pp 233.Bl -item -compact 234.It 235.Va WITHOUT_BLOCKLIST 236.El 237.Pp 238When set, these options are also in effect: 239.Pp 240.Bl -inset -compact 241.It Va WITHOUT_BLACKLIST_SUPPORT 242(unless 243.Va WITH_BLACKLIST_SUPPORT 244is set explicitly) 245.It Va WITHOUT_BLOCKLIST_SUPPORT 246(unless 247.Va WITH_BLOCKLIST_SUPPORT 248is set explicitly) 249.El 250.It Va WITHOUT_BLACKLIST_SUPPORT 251This option has been renamed to 252.Va WITHOUT_BLOCKLIST_SUPPORT . 253When set, it enforces these options: 254.Pp 255.Bl -item -compact 256.It 257.Va WITHOUT_BLOCKLIST_SUPPORT 258.El 259.It Va WITHOUT_BLOCKLIST 260Set this if you do not want to build 261.Xr blocklistd 8 262and 263.Xr blocklistctl 8 . 264When set, these options are also in effect: 265.Pp 266.Bl -inset -compact 267.It Va WITHOUT_BLOCKLIST_SUPPORT 268(unless 269.Va WITH_BLOCKLIST_SUPPORT 270is set explicitly) 271.El 272.It Va WITHOUT_BLOCKLIST_SUPPORT 273Build some programs without 274.Xr libblocklist 3 275support, like 276.Xr fingerd 8 277and 278.Xr sshd 8 . 279.It Va WITHOUT_BLUETOOTH 280Do not build Bluetooth related kernel modules, programs and libraries. 281.It Va WITHOUT_BOOT 282Do not build the boot blocks and loader. 283.It Va WITHOUT_BOOTPARAMD 284Do not build or install 285.Xr bootparamd 8 . 286.It Va WITHOUT_BOOTPD 287Do not build or install 288.Xr bootpd 8 . 289.It Va WITH_BRANCH_PROTECTION 290Build with branch protection enabled. 291On arm64 enable the use of pointer authentication and 292branch target identification instructions on arm64. 293These can be used to help mitigate some exploit techniques. 294.It Va WITHOUT_BSDINSTALL 295Do not build 296.Xr bsdinstall 8 , 297.Xr sade 8 , 298and related programs. 299.It Va WITHOUT_BSNMP 300Do not build or install 301.Xr bsnmpd 1 302and related libraries and data files. 303.It Va WITHOUT_BZIP2 304Do not build contributed bzip2 software as a part of the base system. 305.Bf -symbolic 306The option has no effect yet. 307.Ef 308When set, these options are also in effect: 309.Pp 310.Bl -inset -compact 311.It Va WITHOUT_BZIP2_SUPPORT 312(unless 313.Va WITH_BZIP2_SUPPORT 314is set explicitly) 315.El 316.It Va WITHOUT_BZIP2_SUPPORT 317Build some programs without optional bzip2 support. 318.It Va WITHOUT_CALENDAR 319Do not build 320.Xr calendar 1 . 321.It Va WITHOUT_CAROOT 322Do not add the trusted certificates from the Mozilla NSS bundle to 323base. 324.It Va WITHOUT_CASPER 325This option has no effect. 326.It Va WITH_CCACHE_BUILD 327Use 328.Xr ccache 1 329for the build. 330No configuration is required except to install the 331.Sy devel/ccache 332or 333.Sy devel/sccache 334package. 335When using with 336.Xr distcc 1 , 337set 338.Sy CCACHE_PREFIX=/usr/local/bin/distcc . 339When using with sccache 340set 341.Sy CCACHE_NAME=sccache 342in 343.Xr src.conf 5 . 344The default cache directory of 345.Pa $HOME/.ccache 346will be used, which can be overridden by setting 347.Sy CCACHE_DIR . 348The 349.Sy CCACHE_COMPILERCHECK 350option defaults to 351.Sy content 352when using the in-tree bootstrap compiler, 353and 354.Sy mtime 355when using an external compiler. 356The 357.Sy CCACHE_CPP2 358option is used for Clang but not GCC. 359.Pp 360Sharing a cache between multiple work directories requires using a layout 361similar to 362.Pa /some/prefix/src 363.Pa /some/prefix/obj 364and an environment such as: 365.Bd -literal -offset indent 366CCACHE_BASEDIR='${SRCTOP:H}' MAKEOBJDIRPREFIX='${SRCTOP:H}/obj' 367.Ed 368.Pp 369See 370.Xr ccache 1 371for more configuration options. 372.It Va WITHOUT_CCD 373Do not build 374.Xr geom_ccd 4 375and related utilities. 376.It Va WITHOUT_CDDL 377Do not build code licensed under Sun's CDDL. 378When set, it enforces these options: 379.Pp 380.Bl -item -compact 381.It 382.Va WITHOUT_CTF 383.It 384.Va WITHOUT_DTRACE 385.It 386.Va WITHOUT_LOADER_ZFS 387.It 388.Va WITHOUT_ZFS 389.It 390.Va WITHOUT_ZFS_TESTS 391.El 392.It Va WITHOUT_CLANG 393Do not build the Clang C/C++ compiler during the regular phase of the build. 394When set, it enforces these options: 395.Pp 396.Bl -item -compact 397.It 398.Va WITHOUT_CLANG_EXTRAS 399.It 400.Va WITHOUT_CLANG_FORMAT 401.It 402.Va WITHOUT_CLANG_FULL 403.It 404.Va WITHOUT_LLVM_COV 405.El 406.Pp 407When set, these options are also in effect: 408.Pp 409.Bl -inset -compact 410.It Va WITHOUT_LLVM_TARGET_AARCH64 411(unless 412.Va WITH_LLVM_TARGET_AARCH64 413is set explicitly) 414.It Va WITHOUT_LLVM_TARGET_ALL 415(unless 416.Va WITH_LLVM_TARGET_ALL 417is set explicitly) 418.It Va WITHOUT_LLVM_TARGET_ARM 419(unless 420.Va WITH_LLVM_TARGET_ARM 421is set explicitly) 422.It Va WITHOUT_LLVM_TARGET_POWERPC 423(unless 424.Va WITH_LLVM_TARGET_POWERPC 425is set explicitly) 426.It Va WITHOUT_LLVM_TARGET_RISCV 427(unless 428.Va WITH_LLVM_TARGET_RISCV 429is set explicitly) 430.El 431.It Va WITHOUT_CLANG_BOOTSTRAP 432Do not build the Clang C/C++ compiler during the bootstrap phase of 433the build. 434To be able to build the system, either gcc or clang bootstrap must be 435enabled unless an alternate compiler is provided via XCC. 436.It Va WITH_CLANG_EXTRAS 437Build additional clang and llvm tools, such as bugpoint and 438clang-format. 439.It Va WITH_CLANG_FORMAT 440Build clang-format. 441.It Va WITHOUT_CLANG_FULL 442Avoid building the ARCMigrate, Rewriter and StaticAnalyzer components of 443the Clang C/C++ compiler. 444.It Va WITH_CLEAN 445Clean before building world and/or kernel. 446Note that recording a new epoch in 447.Pa .clean_build_epoch 448in the root of the source tree will also force a clean world build. 449When set, these options are also in effect: 450.Pp 451.Bl -inset -compact 452.It Va WITHOUT_DEPEND_CLEANUP 453(unless 454.Va WITH_DEPEND_CLEANUP 455is set explicitly) 456.El 457.It Va WITHOUT_CPP 458Do not build 459.Xr cpp 1 . 460.It Va WITHOUT_CROSS_COMPILER 461Do not build any cross compiler in the cross-tools stage of buildworld. 462When compiling a different version of 463.Fx 464than what is installed on the system, provide an alternate 465compiler with XCC to ensure success. 466When compiling with an identical version of 467.Fx 468to the host, this option may be safely used. 469This option may also be safe when the host version of 470.Fx 471is close to the sources being built, but all bets are off if there have 472been any changes to the toolchain between the versions. 473When set, it enforces these options: 474.Pp 475.Bl -item -compact 476.It 477.Va WITHOUT_CLANG_BOOTSTRAP 478.It 479.Va WITHOUT_ELFTOOLCHAIN_BOOTSTRAP 480.It 481.Va WITHOUT_LLD_BOOTSTRAP 482.El 483.It Va WITHOUT_CRYPT 484Do not build any crypto code. 485When set, it enforces these options: 486.Pp 487.Bl -item -compact 488.It 489.Va WITHOUT_DMAGENT 490.It 491.Va WITHOUT_KERBEROS 492.It 493.Va WITHOUT_LDNS 494.It 495.Va WITHOUT_LDNS_UTILS 496.It 497.Va WITHOUT_LOADER_ZFS 498.It 499.Va WITHOUT_MITKRB5 500.It 501.Va WITHOUT_OPENSSH 502.It 503.Va WITHOUT_OPENSSL 504.It 505.Va WITHOUT_OPENSSL_KTLS 506.It 507.Va WITHOUT_PKGBOOTSTRAP 508.It 509.Va WITHOUT_UNBOUND 510.It 511.Va WITHOUT_ZFS 512.It 513.Va WITHOUT_ZFS_TESTS 514.El 515.Pp 516When set, these options are also in effect: 517.Pp 518.Bl -inset -compact 519.It Va WITHOUT_KERBEROS_SUPPORT 520(unless 521.Va WITH_KERBEROS_SUPPORT 522is set explicitly) 523.El 524.It Va WITH_CTF 525Compile with CTF (Compact C Type Format) data. 526CTF data encapsulates a reduced form of debugging information 527similar to DWARF and the venerable stabs and is required for DTrace. 528.It Va WITHOUT_CUSE 529Do not build CUSE-related programs and libraries. 530.It Va WITHOUT_CXGBETOOL 531Do not build 532.Xr cxgbetool 8 533.Pp 534This is a default setting on 535arm/armv7 and riscv/riscv64. 536.It Va WITH_CXGBETOOL 537Build 538.Xr cxgbetool 8 539.Pp 540This is a default setting on 541amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. 542.It Va WITHOUT_DEBUG_FILES 543Avoid building or installing standalone debug files for each 544executable binary and shared library. 545.It Va WITHOUT_DEPEND_CLEANUP 546Do not attempt to detect if the object tree needs cleaning in part or in 547whole before building. 548This speeds up incremental builds, especially when experimenting with 549build options, but may cause the build to inexplicably fail or produce 550non-functioning binaries. 551.It Va WITH_DETECT_TZ_CHANGES 552Make the time handling code detect changes to the timezone files. 553.It Va WITH_DIALOG 554Do build 555.Xr dialog 1 , 556.Xr dialog 3 , 557.Xr dpv 1 , 558and 559.Xr dpv 3 . 560.It Va WITHOUT_DICT 561Do not build the Webster dictionary files. 562.It Va WITH_DIRDEPS_BUILD 563This is an alternate build system. 564For details see 565https://www.crufty.net/sjg/docs/freebsd-meta-mode.htm. 566Build commands can be seen from the top-level with: 567.Dl make show-valid-targets 568The build is driven by dirdeps.mk using 569.Va DIRDEPS 570stored in 571Makefile.depend files found in each directory. 572.Pp 573The build can be started from anywhere, and behaves the same. 574The initial instance of 575.Xr make 1 576recursively reads 577.Va DIRDEPS 578from 579.Pa Makefile.depend , 580computing a graph of tree dependencies from the current origin. 581Setting 582.Va NO_DIRDEPS 583skips checking dirdep dependencies and will only build in the current 584and child directories. 585.Va NO_DIRDEPS_BELOW 586skips building any dirdeps and only build the current directory. 587.Pp 588This also utilizes the 589.Va WITH_META_MODE 590logic for incremental builds. 591.Pp 592The build hides commands executed unless 593.Va NO_SILENT 594is defined. 595.Pp 596Note that there is currently no mass install feature for this. 597This build is designed for producing packages, that can then be installed 598on a target system. 599.Pp 600The implementation in 601.Fx 602is incomplete. 603Completion would require leaf directories for building each kernel 604and package so that their dependencies can be tracked. 605When set, it enforces these options: 606.Pp 607.Bl -item -compact 608.It 609.Va WITH_INSTALL_AS_USER 610.El 611.Pp 612When set, these options are also in effect: 613.Pp 614.Bl -inset -compact 615.It Va WITH_META_ERROR_TARGET 616(unless 617.Va WITHOUT_META_ERROR_TARGET 618is set explicitly) 619.It Va WITH_META_MODE 620(unless 621.Va WITHOUT_META_MODE 622is set explicitly) 623.It Va WITH_STAGING 624(unless 625.Va WITHOUT_STAGING 626is set explicitly) 627.It Va WITH_STAGING_MAN 628(unless 629.Va WITHOUT_STAGING_MAN 630is set explicitly) 631.It Va WITH_STAGING_PROG 632(unless 633.Va WITHOUT_STAGING_PROG 634is set explicitly) 635.It Va WITH_SYSROOT 636(unless 637.Va WITHOUT_SYSROOT 638is set explicitly) 639.El 640.Pp 641This must be set in the environment, make command line, or 642.Pa /etc/src-env.conf , 643not 644.Pa /etc/src.conf . 645.It Va WITH_DIRDEPS_CACHE 646Cache result of dirdeps.mk which can save significant time 647for subsequent builds. 648Depends on 649.Va WITH_DIRDEPS_BUILD . 650.Pp 651This must be set in the environment, make command line, or 652.Pa /etc/src-env.conf , 653not 654.Pa /etc/src.conf . 655.It Va WITH_DISK_IMAGE_TOOLS_BOOTSTRAP 656Build 657.Xr etdump 1 , 658.Xr makefs 8 659and 660.Xr mkimg 1 661as bootstrap tools. 662.It Va WITHOUT_DMAGENT 663Do not build dma Mail Transport Agent. 664.It Va WITHOUT_DOCCOMPRESS 665Do not install compressed system documentation. 666Only the uncompressed version will be installed. 667.It Va WITHOUT_DTRACE 668Do not build DTrace framework kernel modules, libraries, and user commands. 669When set, it enforces these options: 670.Pp 671.Bl -item -compact 672.It 673.Va WITHOUT_CTF 674.El 675.It Va WITH_DTRACE_ASAN 676Compile userspace DTrace code (libdtrace, dtrace(1), lockstat(1), plockstat(1)) 677with address and undefined behavior sanitizers. 678Requires that Clang be used as the base system compiler 679and that the runtime support library is available. 680.It Va WITH_DTRACE_TESTS 681Build and install the DTrace test suite in 682.Pa /usr/tests/cddl/usr.sbin/dtrace . 683This test suite is considered experimental on architectures other than 684amd64/amd64 and running it may cause system instability. 685.It Va WITHOUT_DYNAMICROOT 686Set this if you do not want to link 687.Pa /bin 688and 689.Pa /sbin 690dynamically. 691.It Va WITHOUT_EE 692Do not build and install 693.Xr edit 1 , 694.Xr ee 1 , 695and related programs. 696.It Va WITHOUT_EFI 697Set not to build 698.Xr efivar 3 699and 700.Xr efivar 8 . 701.Pp 702This is a default setting on 703i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. 704.It Va WITH_EFI 705Build 706.Xr efivar 3 707and 708.Xr efivar 8 . 709.Pp 710This is a default setting on 711amd64/amd64, arm/armv7, arm64/aarch64 and riscv/riscv64. 712.It Va WITHOUT_ELFTOOLCHAIN_BOOTSTRAP 713Do not build ELF Tool Chain tools 714(addr2line, nm, size, strings and strip) 715as part of the bootstrap process. 716.Bf -symbolic 717An alternate bootstrap tool chain must be provided. 718.Ef 719.It Va WITHOUT_EXAMPLES 720Avoid installing examples to 721.Pa /usr/share/examples/ . 722.It Va WITH_EXPERIMENTAL 723Include experimental features in the build. 724.It Va WITHOUT_FDT 725Do not build Flattened Device Tree support as part of the base system. 726This includes the device tree compiler (dtc) and libfdt support library. 727.Pp 728This is a default setting on 729amd64/amd64 and i386/i386. 730.It Va WITH_FDT 731Build Flattened Device Tree support as part of the base system. 732This includes the device tree compiler (dtc) and libfdt support library. 733.Pp 734This is a default setting on 735arm/armv7, arm64/aarch64, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 736.It Va WITHOUT_FILE 737Do not build 738.Xr file 1 739and related programs. 740.It Va WITHOUT_FINGER 741Do not build or install 742.Xr finger 1 743and 744.Xr fingerd 8 . 745.It Va WITHOUT_FLOPPY 746Do not build or install programs 747for operating floppy disk driver. 748.It Va WITHOUT_FORMAT_EXTENSIONS 749Do not enable 750.Fl fformat-extensions 751when compiling the kernel. 752Also disables all format checking. 753.It Va WITHOUT_FORTH 754Build bootloaders without Forth support. 755.It Va WITHOUT_FREEBSD_UPDATE 756Do not build 757.Xr freebsd-update 8 . 758.It Va WITHOUT_FTP 759Do not build or install 760.Xr ftp 1 . 761.It Va WITHOUT_GAMES 762Do not build games. 763.It Va WITHOUT_GOOGLETEST 764Neither build nor install 765.Lb libgmock , 766.Lb libgtest , 767and dependent tests. 768.It Va WITHOUT_GPIO 769Do not build 770.Xr gpioctl 8 771as part of the base system. 772.It Va WITHOUT_HAST 773Do not build 774.Xr hastd 8 775and related utilities. 776.It Va WITH_HESIOD 777Build Hesiod support. 778.It Va WITHOUT_HTML 779Do not build HTML docs. 780.It Va WITHOUT_HYPERV 781Do not build or install HyperV utilities. 782.Pp 783This is a default setting on 784arm/armv7, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 785.It Va WITH_HYPERV 786Build or install HyperV utilities. 787.Pp 788This is a default setting on 789amd64/amd64, arm64/aarch64 and i386/i386. 790.It Va WITHOUT_ICONV 791Do not build iconv as part of libc. 792.It Va WITHOUT_INCLUDES 793Do not install header files. 794This option used to be spelled 795.Va NO_INCS . 796.Bf -symbolic 797The option does not work for build targets. 798.Ef 799.It Va WITHOUT_INET 800Do not build programs and libraries related to IPv4 networking. 801When set, it enforces these options: 802.Pp 803.Bl -item -compact 804.It 805.Va WITHOUT_INET_SUPPORT 806.El 807.It Va WITHOUT_INET6 808Do not build 809programs and libraries related to IPv6 networking. 810When set, it enforces these options: 811.Pp 812.Bl -item -compact 813.It 814.Va WITHOUT_INET6_SUPPORT 815.El 816.It Va WITHOUT_INET6_SUPPORT 817Build libraries, programs, and kernel modules without IPv6 support. 818.It Va WITHOUT_INETD 819Do not build 820.Xr inetd 8 . 821.It Va WITHOUT_INET_SUPPORT 822Build libraries, programs, and kernel modules without IPv4 support. 823.It Va WITHOUT_INSTALLLIB 824Set this to not install optional libraries. 825For example, when creating a 826.Xr nanobsd 8 827image. 828.Bf -symbolic 829The option does not work for build targets. 830.Ef 831.It Va WITH_INSTALL_AS_USER 832Make install targets succeed for non-root users by installing 833files with owner and group attributes set to that of the user running 834the 835.Xr make 1 836command. 837The user still must set the 838.Va DESTDIR 839variable to point to a directory where the user has write permissions. 840.It Va WITHOUT_IPFILTER 841Do not build IP Filter package. 842.It Va WITH_IPFILTER_IPFS 843Enable building the 844.Xr ipfs 8 845tool to save and restore IPFilter state tables. 846.It Va WITHOUT_IPFW 847Do not build IPFW tools. 848.It Va WITHOUT_IPSEC_SUPPORT 849Do not build the kernel with 850.Xr ipsec 4 851support. 852This option is needed for 853.Xr ipsec 4 854and 855.Xr tcpmd5 4 . 856.It Va WITHOUT_ISCSI 857Do not build 858.Xr iscsid 8 859and related utilities. 860.It Va WITHOUT_JAIL 861Do not build tools for the support of jails; e.g., 862.Xr jail 8 . 863.It Va WITHOUT_JEMALLOC_LG_VADDR_WIDE 864Disallow programs to use more than 48 address bits on amd64. 865Incompatible with LA57 mode. 866Enabling this option might result in a slight reduction in memory 867consumption for jemalloc metadata, but also requires disabling LA57 868(if hardware supports it). 869.It Va WITHOUT_KDUMP 870Do not build 871.Xr kdump 1 872and 873.Xr truss 1 . 874.It Va WITHOUT_KERBEROS 875Set this to not build Kerberos. 876When set, these options are also in effect: 877.Pp 878.Bl -inset -compact 879.It Va WITHOUT_KERBEROS_SUPPORT 880(unless 881.Va WITH_KERBEROS_SUPPORT 882is set explicitly) 883.El 884.It Va WITHOUT_KERBEROS_SUPPORT 885Build some programs without Kerberos support, like 886.Xr ssh 1 , 887.Xr telnet 1 , 888and 889.Xr sshd 8 . 890.It Va WITH_KERNEL_BIN 891Generate and install kernel.bin from kernel as part of the normal build and 892install processes for the kernel. Available only on arm and arm64. 893 894Usually this will be added to the kernel config file with: 895 896makeoptions WITH_KERNEL_BIN=1 897 898though it can also be used on the command line. 899.It Va WITH_KERNEL_RETPOLINE 900Enable the "retpoline" mitigation for CVE-2017-5715 in the kernel 901build. 902.It Va WITHOUT_KERNEL_SYMBOLS 903Do not install standalone kernel debug symbol files. 904This option has no effect at build time. 905.It Va WITHOUT_KVM 906Do not build the 907.Nm libkvm 908library as a part of the base system. 909.Bf -symbolic 910The option has no effect yet. 911.Ef 912When set, these options are also in effect: 913.Pp 914.Bl -inset -compact 915.It Va WITHOUT_KVM_SUPPORT 916(unless 917.Va WITH_KVM_SUPPORT 918is set explicitly) 919.El 920.It Va WITHOUT_KVM_SUPPORT 921Build some programs without optional 922.Nm libkvm 923support. 924.It Va WITHOUT_LDNS 925Setting this variable will prevent the LDNS library from being built. 926When set, it enforces these options: 927.Pp 928.Bl -item -compact 929.It 930.Va WITHOUT_LDNS_UTILS 931.It 932.Va WITHOUT_UNBOUND 933.El 934.It Va WITHOUT_LDNS_UTILS 935Setting this variable will prevent building the LDNS utilities 936.Xr drill 1 937and 938.Xr host 1 . 939.It Va WITHOUT_LEGACY_CONSOLE 940Do not build programs that support a legacy PC console; e.g., 941.Xr kbdcontrol 1 942and 943.Xr vidcontrol 1 . 944.It Va WITHOUT_LIB32 945On 64-bit platforms, do not build 32-bit library set and a 946.Nm ld-elf32.so.1 947runtime linker. 948.Pp 949This is a default setting on 950arm/armv7, i386/i386, powerpc/powerpc64le and riscv/riscv64. 951.It Va WITH_LIB32 952On 64-bit platforms, build the 32-bit library set and a 953.Nm ld-elf32.so.1 954runtime linker. 955.Pp 956This is a default setting on 957amd64/amd64, arm64/aarch64 and powerpc/powerpc64. 958.It Va WITHOUT_LLD 959Do not build LLVM's lld linker. 960.It Va WITHOUT_LLDB 961Do not build the LLDB debugger. 962.Pp 963This is a default setting on 964riscv/riscv64. 965.It Va WITH_LLDB 966Build the LLDB debugger. 967.Pp 968This is a default setting on 969amd64/amd64, arm/armv7, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. 970.It Va WITHOUT_LLD_BOOTSTRAP 971Do not build the LLD linker during the bootstrap phase of 972the build. 973To be able to build the system an alternate linker must be provided via XLD. 974.It Va WITHOUT_LLVM_ASSERTIONS 975Disable debugging assertions in LLVM. 976.It Va WITHOUT_LLVM_BINUTILS 977Install ELF Tool Chain's binary utilities instead of LLVM's. 978This includes 979.Xr addr2line 1 , 980.Xr ar 1 , 981.Xr nm 1 , 982.Xr objcopy 1 , 983.Xr ranlib 1 , 984.Xr readelf 1 , 985.Xr size 1 , 986and 987.Xr strip 1 . 988Regardless of this setting, LLVM tools are used for 989.Xr c++filt 1 990and 991.Xr objdump 1 . 992.Xr strings 1 993is always provided by ELF Tool Chain. 994.It Va WITHOUT_LLVM_COV 995Do not build the 996.Xr llvm-cov 1 997tool. 998.It Va WITHOUT_LLVM_CXXFILT 999Install ELF Tool Chain's cxxfilt as c++filt, instead of LLVM's llvm-cxxfilt. 1000.It Va WITH_LLVM_FULL_DEBUGINFO 1001Generate full debug information for LLVM libraries and tools, which uses 1002more disk space and build resources, but allows for easier debugging. 1003.It Va WITH_LLVM_LINK_STATIC_LIBRARIES 1004Link LLVM libraries (libllvm, libclang, liblldb) statically into each of 1005the binaries that use them. 1006 1007This means that binaries linked against these libraries, such as clang, 1008ld.lld and lldb will be much larger and position dependent, but will 1009start more quickly. 1010.It Va WITHOUT_LLVM_TARGET_AARCH64 1011Do not build LLVM target support for AArch64. 1012The 1013.Va LLVM_TARGET_ALL 1014option should be used rather than this in most cases. 1015.It Va WITHOUT_LLVM_TARGET_ALL 1016Only build the required LLVM target support. 1017This option is preferred to specific target support options. 1018When set, these options are also in effect: 1019.Pp 1020.Bl -inset -compact 1021.It Va WITHOUT_LLVM_TARGET_AARCH64 1022(unless 1023.Va WITH_LLVM_TARGET_AARCH64 1024is set explicitly) 1025.It Va WITHOUT_LLVM_TARGET_ARM 1026(unless 1027.Va WITH_LLVM_TARGET_ARM 1028is set explicitly) 1029.It Va WITHOUT_LLVM_TARGET_POWERPC 1030(unless 1031.Va WITH_LLVM_TARGET_POWERPC 1032is set explicitly) 1033.It Va WITHOUT_LLVM_TARGET_RISCV 1034(unless 1035.Va WITH_LLVM_TARGET_RISCV 1036is set explicitly) 1037.El 1038.It Va WITHOUT_LLVM_TARGET_ARM 1039Do not build LLVM target support for ARM. 1040The 1041.Va LLVM_TARGET_ALL 1042option should be used rather than this in most cases. 1043.It Va WITH_LLVM_TARGET_BPF 1044Build LLVM target support for BPF. 1045The 1046.Va LLVM_TARGET_ALL 1047option should be used rather than this in most cases. 1048.It Va WITH_LLVM_TARGET_MIPS 1049Build LLVM target support for MIPS. 1050The 1051.Va LLVM_TARGET_ALL 1052option should be used rather than this in most cases. 1053.It Va WITHOUT_LLVM_TARGET_POWERPC 1054Do not build LLVM target support for PowerPC. 1055The 1056.Va LLVM_TARGET_ALL 1057option should be used rather than this in most cases. 1058.It Va WITHOUT_LLVM_TARGET_RISCV 1059Do not build LLVM target support for RISC-V. 1060The 1061.Va LLVM_TARGET_ALL 1062option should be used rather than this in most cases. 1063.It Va WITHOUT_LLVM_TARGET_X86 1064Do not build LLVM target support for X86. 1065The 1066.Va LLVM_TARGET_ALL 1067option should be used rather than this in most cases. 1068.It Va WITHOUT_LOADER_BIOS_TEXTONLY 1069Include graphics, font and video mode support in the i386 and amd64 BIOS 1070boot loader. 1071.It Va WITH_LOADER_EFI_SECUREBOOT 1072Enable building 1073.Xr loader 8 1074with support for verification based on certificates obtained from UEFI. 1075.It Va WITHOUT_LOADER_GELI 1076Disable inclusion of GELI crypto support in the boot chain binaries. 1077.Pp 1078This is a default setting on 1079powerpc/powerpc64 and powerpc/powerpc64le. 1080.It Va WITH_LOADER_GELI 1081Build GELI bootloader support. 1082.Pp 1083This is a default setting on 1084amd64/amd64, arm/armv7, arm64/aarch64, i386/i386 and riscv/riscv64. 1085.It Va WITHOUT_LOADER_IA32 1086Do not build the 32-bit UEFI loader. 1087.Pp 1088This is a default setting on 1089arm/armv7, arm64/aarch64, i386/i386, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 1090.It Va WITH_LOADER_IA32 1091Build the 32-bit UEFI loader. 1092.Pp 1093This is a default setting on 1094amd64/amd64. 1095.It Va WITHOUT_LOADER_KBOOT 1096Do not build kboot, a linuxboot environment loader 1097.Pp 1098This is a default setting on 1099arm/armv7, i386/i386, powerpc/powerpc64le and riscv/riscv64. 1100.It Va WITH_LOADER_KBOOT 1101Build kboot, a linuxboot environment loader 1102.Pp 1103This is a default setting on 1104amd64/amd64, arm64/aarch64 and powerpc/powerpc64. 1105.It Va WITHOUT_LOADER_LUA 1106Do not build LUA bindings for the boot loader. 1107.Pp 1108This is a default setting on 1109powerpc/powerpc64 and powerpc/powerpc64le. 1110.It Va WITH_LOADER_LUA 1111Build LUA bindings for the boot loader. 1112.Pp 1113This is a default setting on 1114amd64/amd64, arm/armv7, arm64/aarch64, i386/i386 and riscv/riscv64. 1115.It Va WITHOUT_LOADER_OFW 1116Disable building of openfirmware bootloader components. 1117.Pp 1118This is a default setting on 1119amd64/amd64, arm/armv7, arm64/aarch64, i386/i386 and riscv/riscv64. 1120.It Va WITH_LOADER_OFW 1121Build openfirmware bootloader components. 1122.Pp 1123This is a default setting on 1124powerpc/powerpc64 and powerpc/powerpc64le. 1125.It Va WITHOUT_LOADER_PXEBOOT 1126Do not build pxeboot on i386/amd64. 1127When the pxeboot is too large, or unneeded, it may be disabled with this option. 1128See 1129.Va WITH_LOADER_PXEBOOT 1130for how to adjust the defaults when you need both a larger 1131.Pa /boot/loader 1132and 1133.Pa /boot/pxeboot 1134.Pp 1135This option only has an effect on x86. 1136.It Va WITHOUT_LOADER_UBOOT 1137Disable building of ubldr. 1138.Pp 1139This is a default setting on 1140amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64le and riscv/riscv64. 1141.It Va WITH_LOADER_UBOOT 1142Build ubldr. 1143.Pp 1144This is a default setting on 1145arm/armv7 and powerpc/powerpc64. 1146.It Va WITH_LOADER_VERBOSE 1147Build with extra verbose debugging in the loader. 1148May explode already nearly too large loader over the limit. 1149Use with care. 1150.It Va WITH_LOADER_VERIEXEC 1151Enable building 1152.Xr loader 8 1153with support for verification similar to Verified Exec. 1154.Pp 1155Depends on 1156.Va WITH_BEARSSL . 1157May require a larger 1158.Va LOADERSIZE . 1159When set, these options are also in effect: 1160.Pp 1161.Bl -inset -compact 1162.It Va WITH_LOADER_EFI_SECUREBOOT 1163(unless 1164.Va WITHOUT_LOADER_EFI_SECUREBOOT 1165is set explicitly) 1166.It Va WITH_LOADER_VERIEXEC_VECTX 1167(unless 1168.Va WITHOUT_LOADER_VERIEXEC_VECTX 1169is set explicitly) 1170.El 1171.It Va WITH_LOADER_VERIEXEC_PASS_MANIFEST 1172Enable building 1173.Xr loader 8 1174with support to pass a verified manifest to the kernel. 1175The kernel has to be built with a module to parse the manifest. 1176.Pp 1177Depends on 1178.Va WITH_LOADER_VERIEXEC . 1179.It Va WITH_LOADER_VERIEXEC_VECTX 1180Enable building 1181.Xr loader 8 1182with support for hashing and verifying kernel and modules as a side effect 1183of loading. 1184.Pp 1185Depends on 1186.Va WITH_LOADER_VERIEXEC . 1187.It Va WITHOUT_LOADER_ZFS 1188Do not build ZFS file system boot loader support. 1189.It Va WITHOUT_LOCALES 1190Do not build localization files; see 1191.Xr locale 1 . 1192.It Va WITHOUT_LOCATE 1193Do not build 1194.Xr locate 1 1195and related programs. 1196.It Va WITHOUT_LPR 1197Do not build 1198.Xr lpr 1 1199and related programs. 1200.It Va WITHOUT_LS_COLORS 1201Build 1202.Xr ls 1 1203without support for colors to distinguish file types. 1204.It Va WITHOUT_MACHDEP_OPTIMIZATIONS 1205Prefer machine-independent non-assembler code in libc and libm. 1206.It Va WITHOUT_MAIL 1207Do not build any mail support (MUA or MTA). 1208When set, it enforces these options: 1209.Pp 1210.Bl -item -compact 1211.It 1212.Va WITHOUT_DMAGENT 1213.It 1214.Va WITHOUT_MAILWRAPPER 1215.It 1216.Va WITHOUT_SENDMAIL 1217.El 1218.It Va WITHOUT_MAILWRAPPER 1219Do not build the 1220.Xr mailwrapper 8 1221MTA selector. 1222.It Va WITHOUT_MAKE 1223Do not install 1224.Xr make 1 1225and related support files. 1226.It Va WITHOUT_MAKE_CHECK_USE_SANDBOX 1227Do not execute 1228.Dq Li "make check" 1229in limited sandbox mode. 1230This option should be paired with 1231.Va WITH_INSTALL_AS_USER 1232if executed as an unprivileged user. 1233See 1234.Xr tests 7 1235for more details. 1236.It Va WITH_MALLOC_PRODUCTION 1237Disable assertions and statistics gathering in 1238.Xr malloc 3 . 1239The run-time options 1240.Dv opt.abort , 1241.Dv opt.abort_conf , 1242and 1243.Dv opt.junk 1244also default to false. 1245.It Va WITHOUT_MAN 1246Do not build manual pages. 1247When set, these options are also in effect: 1248.Pp 1249.Bl -inset -compact 1250.It Va WITHOUT_MAN_UTILS 1251(unless 1252.Va WITH_MAN_UTILS 1253is set explicitly) 1254.El 1255.It Va WITHOUT_MANCOMPRESS 1256Do not install compressed man pages. 1257Only the uncompressed versions will be installed. 1258.It Va WITH_MANSPLITPKG 1259Split man pages into their own packages during make package. 1260.It Va WITHOUT_MAN_UTILS 1261Do not build utilities for manual pages, 1262.Xr apropos 1 , 1263.Xr makewhatis 1 , 1264.Xr man 1 , 1265.Xr whatis 1 , 1266.Xr manctl 8 , 1267and related support files. 1268.It Va WITH_META_ERROR_TARGET 1269Enable the META_MODE .ERROR target. 1270.Pp 1271This target will copy the meta file of a failed target 1272to 1273.Va ERROR_LOGDIR 1274(default is 1275.Ql ${SRCTOP:H}/error ) 1276to help with failure analysis. 1277Depends on 1278.Va WITH_META_MODE . 1279This default when 1280.Va WITH_DIRDEPS_BUILD 1281is set. 1282.Pp 1283This must be set in the environment, make command line, or 1284.Pa /etc/src-env.conf , 1285not 1286.Pa /etc/src.conf . 1287.It Va WITH_META_MODE 1288Create 1289.Xr make 1 1290meta files when building, which can provide a reliable incremental build when 1291using 1292.Xr filemon 4 . 1293The meta file is created in OBJDIR as 1294.Pa target.meta . 1295These meta files track the command that was executed, its output, and the 1296current directory. 1297The 1298.Xr filemon 4 1299module is required unless 1300.Va NO_FILEMON 1301is defined. 1302When the module is loaded, any files used by the commands executed are 1303tracked as dependencies for the target in its meta file. 1304The target is considered out-of-date and rebuilt if any of these 1305conditions are true compared to the last build: 1306.Bl -bullet -compact 1307.It 1308The command to execute changes. 1309.It 1310The current working directory changes. 1311.It 1312The target's meta file is missing. 1313.It 1314The target's meta file is missing filemon data when filemon is loaded 1315and a previous run did not have it loaded. 1316.It 1317[requires 1318.Xr filemon 4 ] 1319Files read, executed or linked to are newer than the target. 1320.It 1321[requires 1322.Xr filemon 4 ] 1323Files read, written, executed or linked are missing. 1324.El 1325The meta files can also be useful for debugging. 1326.Pp 1327The build hides commands that are executed unless 1328.Va NO_SILENT 1329is defined. 1330Errors cause 1331.Xr make 1 1332to show some of its environment for further debugging. 1333.Pp 1334The build operates as it normally would otherwise. 1335This option originally invoked a different build system but that was renamed 1336to 1337.Va WITH_DIRDEPS_BUILD . 1338.Pp 1339This must be set in the environment, make command line, or 1340.Pa /etc/src-env.conf , 1341not 1342.Pa /etc/src.conf . 1343.It Va WITHOUT_MITKRB5 1344Set this to build KTH Heimdal instead of MIT Kerberos 5. 1345.It Va WITHOUT_MLX5TOOL 1346Do not build 1347.Xr mlx5tool 8 1348.Pp 1349This is a default setting on 1350arm/armv7 and riscv/riscv64. 1351.It Va WITH_MLX5TOOL 1352Build 1353.Xr mlx5tool 8 1354.Pp 1355This is a default setting on 1356amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. 1357.It Va WITHOUT_NETCAT 1358Do not build 1359.Xr nc 1 1360utility. 1361.It Va WITHOUT_NETGRAPH 1362Do not build applications to support 1363.Xr netgraph 4 . 1364When set, it enforces these options: 1365.Pp 1366.Bl -item -compact 1367.It 1368.Va WITHOUT_BLUETOOTH 1369.El 1370.Pp 1371When set, these options are also in effect: 1372.Pp 1373.Bl -inset -compact 1374.It Va WITHOUT_NETGRAPH_SUPPORT 1375(unless 1376.Va WITH_NETGRAPH_SUPPORT 1377is set explicitly) 1378.El 1379.It Va WITHOUT_NETGRAPH_SUPPORT 1380Build libraries, programs, and kernel modules without netgraph support. 1381.It Va WITHOUT_NETLINK 1382Do not build 1383.Xr genl 1 1384utility. 1385.It Va WITHOUT_NETLINK_SUPPORT 1386Make libraries and programs use rtsock and 1387.Xr sysctl 3 1388interfaces instead of 1389.Xr snl 3 . 1390.It Va WITHOUT_NIS 1391Do not build 1392.Xr NIS 8 1393support and related programs. 1394If set, you might need to adopt your 1395.Xr nsswitch.conf 5 1396and remove 1397.Sq nis 1398entries. 1399.It Va WITHOUT_NLS 1400Do not build NLS catalogs. 1401When set, it enforces these options: 1402.Pp 1403.Bl -item -compact 1404.It 1405.Va WITHOUT_NLS_CATALOGS 1406.El 1407.It Va WITHOUT_NLS_CATALOGS 1408Do not build NLS catalog support for 1409.Xr csh 1 . 1410.It Va WITHOUT_NS_CACHING 1411Disable name caching in the 1412.Pa nsswitch 1413subsystem. 1414The generic caching daemon, 1415.Xr nscd 8 , 1416will not be built either if this option is set. 1417.It Va WITHOUT_NTP 1418Do not build 1419.Xr ntpd 8 1420and related programs. 1421.It Va WITHOUT_NUAGEINIT 1422Do not install the limited cloud init support scripts. 1423.It Va WITHOUT_OFED 1424Do not build the 1425.Dq "OpenFabrics Enterprise Distribution" 1426InfiniBand software stack, including kernel modules and userspace libraries. 1427.Pp 1428This is a default setting on 1429arm/armv7. 1430When set, it enforces these options: 1431.Pp 1432.Bl -item -compact 1433.It 1434.Va WITHOUT_OFED_EXTRA 1435.El 1436.It Va WITH_OFED 1437Build the 1438.Dq "OpenFabrics Enterprise Distribution" 1439InfiniBand software stack, including kernel modules and userspace libraries. 1440.Pp 1441This is a default setting on 1442amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 1443.It Va WITH_OFED_EXTRA 1444Build the non-essential components of the 1445.Dq "OpenFabrics Enterprise Distribution" 1446Infiniband software stack, mostly examples. 1447.It Va WITH_OPENLDAP 1448Enable building LDAP support for kerberos using an openldap client from ports. 1449.It Va WITHOUT_OPENMP 1450Do not build LLVM's OpenMP runtime. 1451.Pp 1452This is a default setting on 1453arm/armv7. 1454.It Va WITH_OPENMP 1455Build LLVM's OpenMP runtime. 1456.Pp 1457This is a default setting on 1458amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 1459.It Va WITHOUT_OPENSSH 1460Do not build OpenSSH. 1461.It Va WITHOUT_OPENSSL 1462Do not build OpenSSL. 1463When set, it enforces these options: 1464.Pp 1465.Bl -item -compact 1466.It 1467.Va WITHOUT_DMAGENT 1468.It 1469.Va WITHOUT_KERBEROS 1470.It 1471.Va WITHOUT_LDNS 1472.It 1473.Va WITHOUT_LDNS_UTILS 1474.It 1475.Va WITHOUT_LOADER_ZFS 1476.It 1477.Va WITHOUT_MITKRB5 1478.It 1479.Va WITHOUT_OPENSSH 1480.It 1481.Va WITHOUT_OPENSSL_KTLS 1482.It 1483.Va WITHOUT_PKGBOOTSTRAP 1484.It 1485.Va WITHOUT_UNBOUND 1486.It 1487.Va WITHOUT_ZFS 1488.It 1489.Va WITHOUT_ZFS_TESTS 1490.El 1491.Pp 1492When set, these options are also in effect: 1493.Pp 1494.Bl -inset -compact 1495.It Va WITHOUT_KERBEROS_SUPPORT 1496(unless 1497.Va WITH_KERBEROS_SUPPORT 1498is set explicitly) 1499.El 1500.It Va WITHOUT_OPENSSL_KTLS 1501Do not include kernel TLS support in OpenSSL. 1502.Pp 1503This is a default setting on 1504arm/armv7, i386/i386 and riscv/riscv64. 1505.It Va WITH_OPENSSL_KTLS 1506Include kernel TLS support in OpenSSL. 1507.Pp 1508This is a default setting on 1509amd64/amd64, arm64/aarch64, powerpc/powerpc64 and powerpc/powerpc64le. 1510.It Va WITHOUT_PAM 1511Do not build PAM library and modules. 1512.Bf -symbolic 1513This option is deprecated and does nothing. 1514.Ef 1515When set, these options are also in effect: 1516.Pp 1517.Bl -inset -compact 1518.It Va WITHOUT_PAM_SUPPORT 1519(unless 1520.Va WITH_PAM_SUPPORT 1521is set explicitly) 1522.El 1523.It Va WITHOUT_PAM_SUPPORT 1524Build 1525.Xr ppp 8 1526without PAM support. 1527.It Va WITHOUT_PF 1528Do not build PF firewall package. 1529When set, it enforces these options: 1530.Pp 1531.Bl -item -compact 1532.It 1533.Va WITHOUT_AUTHPF 1534.El 1535.It Va WITHOUT_PIE 1536Do not build dynamically linked binaries as 1537Position-Independent Executable (PIE). 1538.Pp 1539This is a default setting on 1540arm/armv7 and i386/i386. 1541.It Va WITH_PIE 1542Build dynamically linked binaries as 1543Position-Independent Executable (PIE). 1544.Pp 1545This is a default setting on 1546amd64/amd64, arm64/aarch64, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 1547.It Va WITHOUT_PKGBOOTSTRAP 1548Do not build 1549.Xr pkg 7 1550bootstrap tool. 1551.It Va WITHOUT_PMC 1552Do not build 1553.Xr pmccontrol 8 1554and related programs. 1555.It Va WITHOUT_PPP 1556Do not build 1557.Xr ppp 8 1558and related programs. 1559.It Va WITHOUT_PTHREADS_ASSERTIONS 1560Disable debugging assertions in pthreads library. 1561.It Va WITHOUT_QUOTAS 1562Do not build 1563.Xr quota 1 1564and related programs. 1565.It Va WITHOUT_RADIUS_SUPPORT 1566Do not build radius support into various applications, like 1567.Xr pam_radius 8 1568and 1569.Xr ppp 8 . 1570.It Va WITH_RATELIMIT 1571Build the system with rate limit support. 1572.Pp 1573This makes 1574.Dv SO_MAX_PACING_RATE 1575effective in 1576.Xr getsockopt 2 , 1577and 1578.Ar txrlimit 1579support in 1580.Xr ifconfig 8 , 1581by proxy. 1582.It Va WITHOUT_RBOOTD 1583Do not build or install 1584.Xr rbootd 8 . 1585.It Va WITHOUT_RELRO 1586Do not apply the Relocation Read-Only (RELRO) vulnerability mitigation. 1587See also the 1588.Va BIND_NOW 1589option. 1590.It Va WITH_REPRODUCIBLE_BUILD 1591Exclude build metadata (such as the build time, user, or host) 1592from the kernel, boot loaders, and 1593.Xr uname 1 1594output, so that builds produce 1595bit-for-bit identical output. 1596.It Va WITH_REPRODUCIBLE_PATHS 1597Modify the paths encoded in binary artifacts to be standard path 1598 1599Normally, the actual path is encoded in the binary. However, this makes the 1600build differ depending on the path it was built from. With this option enabled, 1601the paths recorded are /usr/src, regardless of the actual path. With this option 1602disabled, the actual paths are recorded. 1603.It Va WITHOUT_RESCUE 1604Do not build 1605.Xr rescue 8 . 1606.It Va WITH_RETPOLINE 1607Build the base system with the retpoline speculative execution 1608vulnerability mitigation for CVE-2017-5715. 1609.It Va WITHOUT_ROUTED 1610Do not build 1611.Xr routed 8 1612utility. 1613.It Va WITH_RPCBIND_WARMSTART_SUPPORT 1614Build 1615.Xr rpcbind 8 1616with warmstart support. 1617.It Va WITH_RUN_TESTS 1618Run tests as part of the build. 1619.It Va WITHOUT_SCTP_SUPPORT 1620Disable support in the kernel for the 1621.Xr sctp 4 1622Stream Control Transmission Protocol 1623loadable kernel module. 1624.It Va WITHOUT_SENDMAIL 1625Do not build 1626.Xr sendmail 8 1627and related programs. 1628.It Va WITHOUT_SERVICESDB 1629Do not install 1630.Pa /var/db/services.db . 1631.It Va WITHOUT_SETUID_LOGIN 1632Set this to disable the installation of 1633.Xr login 1 1634as a set-user-ID root program. 1635.It Va WITHOUT_SHAREDOCS 1636Do not build the 1637.Bx 4.4 1638legacy docs. 1639.It Va WITH_SORT_THREADS 1640Enable threads in 1641.Xr sort 1 . 1642.It Va WITHOUT_SOUND 1643Do not build userland sound utilities such as 1644.Xr beep 1 1645and 1646.Xr mixer 8 . 1647.It Va WITHOUT_SOURCELESS 1648Do not build kernel modules that include sourceless code (either microcode or native code for host CPU). 1649When set, it enforces these options: 1650.Pp 1651.Bl -item -compact 1652.It 1653.Va WITHOUT_SOURCELESS_HOST 1654.It 1655.Va WITHOUT_SOURCELESS_UCODE 1656.El 1657.It Va WITHOUT_SOURCELESS_HOST 1658Do not build kernel modules that include sourceless native code for host CPU. 1659.It Va WITHOUT_SOURCELESS_UCODE 1660Do not build kernel modules that include sourceless microcode. 1661.It Va WITHOUT_SPLIT_KERNEL_DEBUG 1662Do not build standalone kernel debug files. 1663Debug data (if enabled by the kernel configuration file) 1664will be included in the kernel and modules. 1665When set, it enforces these options: 1666.Pp 1667.Bl -item -compact 1668.It 1669.Va WITHOUT_KERNEL_SYMBOLS 1670.El 1671.It Va WITHOUT_SSP 1672Do not build world with stack smashing protection. 1673See 1674.Xr mitigations 7 1675for more information. 1676.It Va WITH_STAGING 1677Enable staging of files to a stage tree. 1678This can be best thought of as auto-install to 1679.Va DESTDIR 1680with some extra meta data to ensure dependencies can be tracked. 1681Depends on 1682.Va WITH_DIRDEPS_BUILD . 1683When set, these options are also in effect: 1684.Pp 1685.Bl -inset -compact 1686.It Va WITH_STAGING_MAN 1687(unless 1688.Va WITHOUT_STAGING_MAN 1689is set explicitly) 1690.It Va WITH_STAGING_PROG 1691(unless 1692.Va WITHOUT_STAGING_PROG 1693is set explicitly) 1694.El 1695.Pp 1696This must be set in the environment, make command line, or 1697.Pa /etc/src-env.conf , 1698not 1699.Pa /etc/src.conf . 1700.It Va WITH_STAGING_MAN 1701Enable staging of man pages to stage tree. 1702.It Va WITH_STAGING_PROG 1703Enable staging of PROGs to stage tree. 1704.It Va WITH_STALE_STAGED 1705Check staged files are not stale. 1706.It Va WITHOUT_STATS 1707Neither build nor install 1708.Lb libstats 1709and dependent binaries. 1710.It Va WITHOUT_SYSCONS 1711Do not build 1712.Xr syscons 4 1713support files such as keyboard maps, fonts, and screen output maps. 1714.It Va WITH_SYSROOT 1715Enable use of sysroot during build. 1716Depends on 1717.Va WITH_DIRDEPS_BUILD . 1718.Pp 1719This must be set in the environment, make command line, or 1720.Pa /etc/src-env.conf , 1721not 1722.Pa /etc/src.conf . 1723.It Va WITHOUT_SYSTEM_COMPILER 1724Do not opportunistically skip building a cross-compiler during the 1725bootstrap phase of the build. 1726Normally, if the currently installed compiler matches the planned bootstrap 1727compiler type and revision, then it will not be built. 1728This does not prevent a compiler from being built for installation though, 1729only for building one for the build itself. 1730The 1731.Va WITHOUT_CLANG 1732option controls that. 1733.It Va WITHOUT_SYSTEM_LINKER 1734Do not opportunistically skip building a cross-linker during the 1735bootstrap phase of the build. 1736Normally, if the currently installed linker matches the planned bootstrap 1737linker type and revision, then it will not be built. 1738This does not prevent a linker from being built for installation though, 1739only for building one for the build itself. 1740The 1741.Va WITHOUT_LLD 1742option controls that. 1743.Pp 1744This option is only relevant when 1745.Va WITH_LLD_BOOTSTRAP 1746is set. 1747.It Va WITHOUT_TALK 1748Do not build or install 1749.Xr talk 1 1750and 1751.Xr talkd 8 . 1752.It Va WITHOUT_TCP_WRAPPERS 1753Do not build or install 1754.Xr tcpd 8 , 1755and related utilities. 1756.It Va WITHOUT_TCSH 1757Do not build and install 1758.Pa /bin/csh 1759(which is 1760.Xr tcsh 1 ) . 1761.It Va WITHOUT_TELNET 1762Do not build 1763.Xr telnet 1 1764and related programs. 1765.It Va WITHOUT_TESTS 1766Do not build nor install the 1767.Fx 1768Test Suite in 1769.Pa /usr/tests/ . 1770See 1771.Xr tests 7 1772for more details. 1773This also disables the build of all test-related dependencies, including ATF. 1774When set, it enforces these options: 1775.Pp 1776.Bl -item -compact 1777.It 1778.Va WITHOUT_DTRACE_TESTS 1779.It 1780.Va WITHOUT_ZFS_TESTS 1781.El 1782.Pp 1783When set, these options are also in effect: 1784.Pp 1785.Bl -inset -compact 1786.It Va WITHOUT_GOOGLETEST 1787(unless 1788.Va WITH_GOOGLETEST 1789is set explicitly) 1790.It Va WITHOUT_TESTS_SUPPORT 1791(unless 1792.Va WITH_TESTS_SUPPORT 1793is set explicitly) 1794.El 1795.It Va WITHOUT_TESTS_SUPPORT 1796Disable the build of all test-related dependencies, including ATF. 1797When set, it enforces these options: 1798.Pp 1799.Bl -item -compact 1800.It 1801.Va WITHOUT_GOOGLETEST 1802.El 1803.It Va WITHOUT_TEXTPROC 1804Do not build 1805programs used for text processing. 1806.It Va WITHOUT_TFTP 1807Do not build or install 1808.Xr tftp 1 1809and 1810.Xr tftpd 8 . 1811.It Va WITHOUT_TOOLCHAIN 1812Do not install 1813programs used for program development, 1814compilers, debuggers etc. 1815When set, it enforces these options: 1816.Pp 1817.Bl -item -compact 1818.It 1819.Va WITHOUT_CLANG 1820.It 1821.Va WITHOUT_CLANG_EXTRAS 1822.It 1823.Va WITHOUT_CLANG_FORMAT 1824.It 1825.Va WITHOUT_CLANG_FULL 1826.It 1827.Va WITHOUT_LLD 1828.It 1829.Va WITHOUT_LLDB 1830.It 1831.Va WITHOUT_LLVM_COV 1832.El 1833.Pp 1834When set, these options are also in effect: 1835.Pp 1836.Bl -inset -compact 1837.It Va WITHOUT_LLVM_BINUTILS 1838(unless 1839.Va WITH_LLVM_BINUTILS 1840is set explicitly) 1841.El 1842.It Va WITH_UBSAN 1843Build the base system with Undefined Behavior Sanitizer (UBSan) to detect 1844various kinds of undefined behavior at runtime. 1845Requires that Clang be used as the base system compiler 1846and that the runtime support library is available 1847.It Va WITHOUT_UNBOUND 1848Do not build 1849.Xr unbound 8 1850and related programs. 1851.It Va WITH_UNDEFINED_VERSION 1852Link libraries with --undefined-version which permits version maps to 1853contain symbols that are not present in the library. 1854If this is necessary to build a particular configuration, a bug is 1855present and the configuration should be reported. 1856.It Va WITHOUT_UNIFIED_OBJDIR 1857Use the historical object directory format for 1858.Xr build 7 1859targets. 1860For native-builds and builds done directly in sub-directories the format of 1861.Pa ${MAKEOBJDIRPREFIX}/${.CURDIR} 1862is used, 1863while for cross-builds 1864.Pa ${MAKEOBJDIRPREFIX}/${TARGET}.${TARGET_ARCH}/${.CURDIR} 1865is used. 1866.Pp 1867This option is transitional and will be removed in a future version of 1868.Fx , 1869at which time 1870.Va WITH_UNIFIED_OBJDIR 1871will be enabled permanently. 1872.Pp 1873This must be set in the environment, make command line, or 1874.Pa /etc/src-env.conf , 1875not 1876.Pa /etc/src.conf . 1877.It Va WITHOUT_USB 1878Do not build USB-related programs and libraries. 1879When set, it enforces these options: 1880.Pp 1881.Bl -item -compact 1882.It 1883.Va WITHOUT_USB_GADGET_EXAMPLES 1884.El 1885.It Va WITHOUT_USB_GADGET_EXAMPLES 1886Do not build USB gadget kernel modules. 1887.It Va WITHOUT_UTMPX 1888Do not build user accounting tools such as 1889.Xr last 1 , 1890.Xr users 1 , 1891.Xr who 1 , 1892.Xr ac 8 , 1893.Xr lastlogin 8 1894and 1895.Xr utx 8 . 1896.It Va WITH_VERIEXEC 1897Enable building 1898.Xr veriexec 8 1899which loads the contents of verified manifests into the kernel 1900for use by 1901.Xr mac_veriexec 4 1902.Pp 1903Depends on 1904.Va WITH_BEARSSL . 1905.It Va WITHOUT_VI 1906Do not build and install vi, view, ex and related programs. 1907.It Va WITHOUT_VT 1908Do not build 1909.Xr vt 4 1910support files (fonts and keymaps). 1911.It Va WITHOUT_WARNS 1912Set this to not add warning flags to the compiler invocations. 1913Useful as a temporary workaround when code enters the tree 1914which triggers warnings in environments that differ from the 1915original developer. 1916.It Va WITHOUT_WERROR 1917Set this to not treat compiler warnings as errors. 1918Useful as a temporary workaround when working on fixing compiler warnings. 1919When set, warnings are still printed in the build log but do not fail the build. 1920.It Va WITHOUT_WIRELESS 1921Do not build programs used for 802.11 wireless networks; especially 1922.Xr wpa_supplicant 8 1923and 1924.Xr hostapd 8 . 1925When set, these options are also in effect: 1926.Pp 1927.Bl -inset -compact 1928.It Va WITHOUT_WIRELESS_SUPPORT 1929(unless 1930.Va WITH_WIRELESS_SUPPORT 1931is set explicitly) 1932.El 1933.It Va WITHOUT_WIRELESS_SUPPORT 1934Build libraries, programs, and kernel modules without 1935802.11 wireless support. 1936.It Va WITHOUT_WPA_SUPPLICANT_EAPOL 1937Build 1938.Xr wpa_supplicant 8 1939without support for the IEEE 802.1X protocol and without 1940support for EAP-PEAP, EAP-TLS, EAP-LEAP, and EAP-TTLS 1941protocols (usable only via 802.1X). 1942.It Va WITH_ZEROREGS 1943Build the basesystem with code to zero caller-used register contents 1944on function return. 1945This prevents leaking temporary values for side channel attacks. 1946Additionally this reduces the number of usable ROP gadgets for attackers. 1947.It Va WITHOUT_ZFS 1948Do not build the ZFS file system kernel module, libraries such as 1949.Xr libbe 3 , 1950and user commands such as 1951.Xr zpool 8 1952or 1953.Xr zfs 8 . 1954Also disable ZFS support in utilities and libraries which implement 1955ZFS-specific functionality. 1956When set, it enforces these options: 1957.Pp 1958.Bl -item -compact 1959.It 1960.Va WITHOUT_ZFS_TESTS 1961.El 1962.It Va WITHOUT_ZFS_TESTS 1963Do not build and install the legacy ZFS test suite. 1964.It Va WITHOUT_ZONEINFO 1965Do not build the timezone database. 1966When set, it enforces these options: 1967.Pp 1968.Bl -item -compact 1969.It 1970.Va WITHOUT_ZONEINFO_LEAPSECONDS_SUPPORT 1971.El 1972.It Va WITH_ZONEINFO_LEAPSECONDS_SUPPORT 1973Build leapsecond information in to the timezone database. 1974This option violates 1975.St -p1003.1 1976and all other applicable standards, and is known to cause unexpected 1977issues with date/time handling in many applications and programming 1978languages. 1979.El 1980.Pp 1981The following options accept a single value from a list of valid values. 1982.Bl -tag -width indent 1983.It Va INIT_ALL 1984Control default initialization of stack variables in C and C++ code. 1985Options other than 1986.Li none 1987require the Clang compiler or GCC 12.0 or later. 1988The default value is 1989.Li none . 1990Valid values are: 1991.Bl -tag -width indent 1992.It Li none 1993Do not initialize stack variables (standard C/C++ behavior). 1994.It Li pattern 1995Build the base system or kernel with stack variables initialized to 1996.Pq compiler defined 1997debugging patterns on function entry. 1998.It Li zero 1999Build the base system or kernel with stack variables initialized 2000to zero on function entry. 2001This value is converted to 2002.Li none 2003for amd64 kernel builds due to incompatability with ifunc memset. 2004.El 2005.It Va LIBC_MALLOC 2006Specify the 2007.Xr malloc 3 2008implementation used by libc. 2009The default value is 2010.Li jemalloc . 2011Valid values are: 2012.Bl -tag -width indent 2013.It Li jemalloc 2014.El 2015.Pp 2016Other implementations are expected in the future in both 2017.Fx 2018and downstream consumers. 2019.El 2020.Sh FILES 2021.Bl -tag -compact -width Pa 2022.It Pa /etc/src.conf 2023.It Pa /etc/src-env.conf 2024.It Pa /usr/share/mk/bsd.own.mk 2025.El 2026.Sh SEE ALSO 2027.Xr make 1 , 2028.Xr make.conf 5 , 2029.Xr build 7 , 2030.Xr ports 7 2031.Sh HISTORY 2032The 2033.Nm 2034file appeared in 2035.Fx 7.0 . 2036.Sh AUTHORS 2037This manual page was autogenerated by 2038.An tools/build/options/makeman . 2039