xref: /freebsd/share/man/man5/src.conf.5 (revision bd66c1b43e33540205dbc1187c2f2a15c58b57ba)
1.\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman.
2.Dd October 4, 2024
3.Dt SRC.CONF 5
4.Os
5.Sh NAME
6.Nm src.conf
7.Nd "source build options"
8.Sh DESCRIPTION
9The
10.Nm
11file contains variables that control what components will be generated during
12the build process of the
13.Fx
14source tree; see
15.Xr build 7 .
16.Pp
17The
18.Nm
19file uses the standard makefile syntax.
20However,
21.Nm
22should not specify any dependencies to
23.Xr make 1 .
24Instead,
25.Nm
26is to set
27.Xr make 1
28variables that control the aspects of how the system builds.
29.Pp
30The default location of
31.Nm
32is
33.Pa /etc/src.conf ,
34though an alternative location can be specified in the
35.Xr make 1
36variable
37.Va SRCCONF .
38Overriding the location of
39.Nm
40may be necessary if the system-wide settings are not suitable
41for a particular build.
42For instance, setting
43.Va SRCCONF
44to
45.Pa /dev/null
46effectively resets all build controls to their defaults.
47.Pp
48The only purpose of
49.Nm
50is to control the compilation of the
51.Fx
52source code, which is usually located in
53.Pa /usr/src .
54As a rule, the system administrator creates
55.Nm
56when the values of certain control variables need to be changed
57from their defaults.
58.Pp
59In addition, control variables can be specified
60for a particular build via the
61.Fl D
62option of
63.Xr make 1
64or in its environment; see
65.Xr environ 7 .
66.Pp
67The environment of
68.Xr make 1
69for the build can be controlled via the
70.Va SRC_ENV_CONF
71variable, which defaults to
72.Pa /etc/src-env.conf .
73Some examples that may only be set in this file are
74.Va WITH_DIRDEPS_BUILD ,
75and
76.Va WITH_META_MODE ,
77and
78.Va MAKEOBJDIRPREFIX
79as they are environment-only variables.
80.Pp
81The values of
82.Va WITH_
83and
84.Va WITHOUT_
85variables are ignored regardless of their setting;
86even if they would be set to
87.Dq Li FALSE
88or
89.Dq Li NO .
90The presence of an option causes
91it to be honored by
92.Xr make 1 .
93.Pp
94This list provides a name and short description for variables
95that can be used for source builds.
96.Bl -tag -width indent
97.It Va WITHOUT_ACCT
98Do not build process accounting tools such as
99.Xr accton 8
100and
101.Xr sa 8 .
102.It Va WITHOUT_ACPI
103Do not build
104.Xr acpiconf 8 ,
105.Xr acpidump 8
106and related programs.
107.It Va WITHOUT_APM
108Do not build
109.Xr apm 8 ,
110.Xr apmd 8
111and related programs.
112.It Va WITH_ASAN
113Build the base system with Address Sanitizer (ASan) to detect
114memory corruption bugs such as buffer overflows or use-after-free.
115Requires that Clang be used as the base system compiler
116and that the runtime support library is available.
117When set, it enforces these options:
118.Pp
119.Bl -item -compact
120.It
121.Va WITH_LLVM_BINUTILS
122.It
123.Va WITH_LLVM_CXXFILT
124.El
125.It Va WITHOUT_ASSERT_DEBUG
126Compile programs and libraries without the
127.Xr assert 3
128checks.
129.It Va WITHOUT_AT
130Do not build
131.Xr at 1
132and related utilities.
133.It Va WITHOUT_AUDIT
134Do not build audit support into system programs.
135.It Va WITHOUT_AUTHPF
136Do not build
137.Xr authpf 8 .
138.It Va WITHOUT_AUTOFS
139Do not build
140.Xr autofs 4
141related programs, libraries, and kernel modules.
142.It Va WITHOUT_AUTO_OBJ
143Disable automatic creation of objdirs.
144This is enabled by default if the wanted OBJDIR is writable by the current user.
145.Pp
146This must be set in the environment, make command line, or
147.Pa /etc/src-env.conf ,
148not
149.Pa /etc/src.conf .
150.It Va WITH_BEARSSL
151Build the BearSSL library.
152.Pp
153BearSSL is a tiny SSL library suitable for embedded environments.
154For details see
155.Lk https://www.BearSSL.org/
156.Pp
157This library is currently only used to perform
158signature verification and related operations
159for Verified Exec and
160.Xr loader 8 .
161.Pp
162Due to size constraints in the BIOS environment on x86, one may need to set
163.Va LOADERSIZE
164larger than the
165default 500000, although often loader is under the 500k limit even with
166this option.
167Setting
168.Va LOADERSIZE
169larger than 500000 may cause
170.Xr pxeboot 8
171to be too large to work.
172Careful testing of the loader in the target environment when built with a larger
173limit to establish safe limits is critical because different BIOS environments
174reserve differing amounts of the low 640k space, making a precise limit for
175everybody impossible.
176.Pp
177See also
178.Va WITH_LOADER_PXEBOOT
179for other considerations.
180When set, these options are also in effect:
181.Pp
182.Bl -inset -compact
183.It Va WITH_LOADER_EFI_SECUREBOOT
184(unless
185.Va WITHOUT_LOADER_EFI_SECUREBOOT
186is set explicitly)
187.It Va WITH_LOADER_VERIEXEC
188(unless
189.Va WITHOUT_LOADER_VERIEXEC
190is set explicitly)
191.It Va WITH_LOADER_VERIEXEC_VECTX
192(unless
193.Va WITHOUT_LOADER_VERIEXEC_VECTX
194is set explicitly)
195.It Va WITH_VERIEXEC
196(unless
197.Va WITHOUT_VERIEXEC
198is set explicitly)
199.El
200.It Va WITHOUT_BHYVE
201Do not build or install
202.Xr bhyve 8 ,
203associated utilities, and examples.
204.Pp
205This option only affects amd64/amd64 and arm64/aarch64.
206.It Va WITH_BHYVE_SNAPSHOT
207Include support for save and restore (snapshots) in
208.Xr bhyve 8
209and
210.Xr bhyvectl 8 .
211.Pp
212This option only affects amd64/amd64.
213.It Va WITH_BIND_NOW
214Build all binaries with the
215.Dv DF_BIND_NOW
216flag set to indicate that the run-time loader should perform all relocation
217processing at process startup rather than on demand.
218The combination of the
219.Va BIND_NOW
220and
221.Va RELRO
222options provide "full" Relocation Read-Only (RELRO) support.
223With full RELRO the entire GOT is made read-only after performing relocation at
224startup, avoiding GOT overwrite attacks.
225.It Va WITHOUT_BLACKLIST
226Set this if you do not want to build
227.Xr blacklistd 8
228and
229.Xr blacklistctl 8 .
230When set, these options are also in effect:
231.Pp
232.Bl -inset -compact
233.It Va WITHOUT_BLACKLIST_SUPPORT
234(unless
235.Va WITH_BLACKLIST_SUPPORT
236is set explicitly)
237.El
238.It Va WITHOUT_BLACKLIST_SUPPORT
239Build some programs without
240.Xr libblacklist 3
241support, like
242.Xr fingerd 8 ,
243.Xr ftpd 8 ,
244and
245.Xr sshd 8 .
246.It Va WITHOUT_BLUETOOTH
247Do not build Bluetooth related kernel modules, programs and libraries.
248.It Va WITHOUT_BOOT
249Do not build the boot blocks and loader.
250.It Va WITHOUT_BOOTPARAMD
251Do not build or install
252.Xr bootparamd 8 .
253.It Va WITHOUT_BOOTPD
254Do not build or install
255.Xr bootpd 8 .
256.It Va WITH_BRANCH_PROTECTION
257Build with branch protection enabled.
258On arm64 enable the use of pointer authentication and
259branch target identification instructions on arm64.
260These can be used to help mitigate some exploit techniques.
261.It Va WITHOUT_BSDINSTALL
262Do not build
263.Xr bsdinstall 8 ,
264.Xr sade 8 ,
265and related programs.
266.It Va WITHOUT_BSD_CPIO
267Do not build the BSD licensed version of cpio based on
268.Xr libarchive 3 .
269.It Va WITHOUT_BSNMP
270Do not build or install
271.Xr bsnmpd 1
272and related libraries and data files.
273.It Va WITHOUT_BZIP2
274Do not build contributed bzip2 software as a part of the base system.
275.Bf -symbolic
276The option has no effect yet.
277.Ef
278When set, these options are also in effect:
279.Pp
280.Bl -inset -compact
281.It Va WITHOUT_BZIP2_SUPPORT
282(unless
283.Va WITH_BZIP2_SUPPORT
284is set explicitly)
285.El
286.It Va WITHOUT_BZIP2_SUPPORT
287Build some programs without optional bzip2 support.
288.It Va WITHOUT_CALENDAR
289Do not build
290.Xr calendar 1 .
291.It Va WITHOUT_CAROOT
292Do not add the trusted certificates from the Mozilla NSS bundle to
293base.
294.It Va WITHOUT_CASPER
295This option has no effect.
296.It Va WITH_CCACHE_BUILD
297Use
298.Xr ccache 1
299for the build.
300No configuration is required except to install the
301.Sy devel/ccache
302package.
303When using with
304.Xr distcc 1 ,
305set
306.Sy CCACHE_PREFIX=/usr/local/bin/distcc .
307The default cache directory of
308.Pa $HOME/.ccache
309will be used, which can be overridden by setting
310.Sy CCACHE_DIR .
311The
312.Sy CCACHE_COMPILERCHECK
313option defaults to
314.Sy content
315when using the in-tree bootstrap compiler,
316and
317.Sy mtime
318when using an external compiler.
319The
320.Sy CCACHE_CPP2
321option is used for Clang but not GCC.
322.Pp
323Sharing a cache between multiple work directories requires using a layout
324similar to
325.Pa /some/prefix/src
326.Pa /some/prefix/obj
327and an environment such as:
328.Bd -literal -offset indent
329CCACHE_BASEDIR='${SRCTOP:H}' MAKEOBJDIRPREFIX='${SRCTOP:H}/obj'
330.Ed
331.Pp
332See
333.Xr ccache 1
334for more configuration options.
335.It Va WITHOUT_CCD
336Do not build
337.Xr geom_ccd 4
338and related utilities.
339.It Va WITHOUT_CDDL
340Do not build code licensed under Sun's CDDL.
341When set, it enforces these options:
342.Pp
343.Bl -item -compact
344.It
345.Va WITHOUT_CTF
346.It
347.Va WITHOUT_DTRACE
348.It
349.Va WITHOUT_LOADER_ZFS
350.It
351.Va WITHOUT_ZFS
352.It
353.Va WITHOUT_ZFS_TESTS
354.El
355.It Va WITHOUT_CLANG
356Do not build the Clang C/C++ compiler during the regular phase of the build.
357When set, it enforces these options:
358.Pp
359.Bl -item -compact
360.It
361.Va WITHOUT_CLANG_EXTRAS
362.It
363.Va WITHOUT_CLANG_FORMAT
364.It
365.Va WITHOUT_CLANG_FULL
366.It
367.Va WITHOUT_LLVM_COV
368.El
369.Pp
370When set, these options are also in effect:
371.Pp
372.Bl -inset -compact
373.It Va WITHOUT_LLVM_TARGET_AARCH64
374(unless
375.Va WITH_LLVM_TARGET_AARCH64
376is set explicitly)
377.It Va WITHOUT_LLVM_TARGET_ALL
378(unless
379.Va WITH_LLVM_TARGET_ALL
380is set explicitly)
381.It Va WITHOUT_LLVM_TARGET_ARM
382(unless
383.Va WITH_LLVM_TARGET_ARM
384is set explicitly)
385.It Va WITHOUT_LLVM_TARGET_POWERPC
386(unless
387.Va WITH_LLVM_TARGET_POWERPC
388is set explicitly)
389.It Va WITHOUT_LLVM_TARGET_RISCV
390(unless
391.Va WITH_LLVM_TARGET_RISCV
392is set explicitly)
393.El
394.It Va WITHOUT_CLANG_BOOTSTRAP
395Do not build the Clang C/C++ compiler during the bootstrap phase of
396the build.
397To be able to build the system, either gcc or clang bootstrap must be
398enabled unless an alternate compiler is provided via XCC.
399.It Va WITH_CLANG_EXTRAS
400Build additional clang and llvm tools, such as bugpoint and
401clang-format.
402.It Va WITH_CLANG_FORMAT
403Build clang-format.
404.It Va WITHOUT_CLANG_FULL
405Avoid building the ARCMigrate, Rewriter and StaticAnalyzer components of
406the Clang C/C++ compiler.
407.It Va WITH_CLEAN
408Clean before building world and/or kernel.
409.It Va WITHOUT_CPP
410Do not build
411.Xr cpp 1 .
412.It Va WITHOUT_CROSS_COMPILER
413Do not build any cross compiler in the cross-tools stage of buildworld.
414When compiling a different version of
415.Fx
416than what is installed on the system, provide an alternate
417compiler with XCC to ensure success.
418When compiling with an identical version of
419.Fx
420to the host, this option may be safely used.
421This option may also be safe when the host version of
422.Fx
423is close to the sources being built, but all bets are off if there have
424been any changes to the toolchain between the versions.
425When set, it enforces these options:
426.Pp
427.Bl -item -compact
428.It
429.Va WITHOUT_CLANG_BOOTSTRAP
430.It
431.Va WITHOUT_ELFTOOLCHAIN_BOOTSTRAP
432.It
433.Va WITHOUT_LLD_BOOTSTRAP
434.El
435.It Va WITHOUT_CRYPT
436Do not build any crypto code.
437When set, it enforces these options:
438.Pp
439.Bl -item -compact
440.It
441.Va WITHOUT_DMAGENT
442.It
443.Va WITHOUT_KERBEROS
444.It
445.Va WITHOUT_KERBEROS_SUPPORT
446.It
447.Va WITHOUT_LDNS
448.It
449.Va WITHOUT_LDNS_UTILS
450.It
451.Va WITHOUT_LOADER_ZFS
452.It
453.Va WITHOUT_OPENSSH
454.It
455.Va WITHOUT_OPENSSL
456.It
457.Va WITHOUT_OPENSSL_KTLS
458.It
459.Va WITHOUT_PKGBOOTSTRAP
460.It
461.Va WITHOUT_UNBOUND
462.It
463.Va WITHOUT_ZFS
464.It
465.Va WITHOUT_ZFS_TESTS
466.El
467.Pp
468When set, these options are also in effect:
469.Pp
470.Bl -inset -compact
471.It Va WITHOUT_GSSAPI
472(unless
473.Va WITH_GSSAPI
474is set explicitly)
475.El
476.It Va WITH_CTF
477Compile with CTF (Compact C Type Format) data.
478CTF data encapsulates a reduced form of debugging information
479similar to DWARF and the venerable stabs and is required for DTrace.
480.It Va WITHOUT_CUSE
481Do not build CUSE-related programs and libraries.
482.It Va WITHOUT_CXGBETOOL
483Do not build
484.Xr cxgbetool 8
485.Pp
486This is a default setting on
487arm/armv7, powerpc/powerpc and riscv/riscv64.
488.It Va WITH_CXGBETOOL
489Build
490.Xr cxgbetool 8
491.Pp
492This is a default setting on
493amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le.
494.It Va WITHOUT_DEBUG_FILES
495Avoid building or installing standalone debug files for each
496executable binary and shared library.
497.It Va WITH_DETECT_TZ_CHANGES
498Make the time handling code detect changes to the timezone files.
499.It Va WITH_DIALOG
500Do build
501.Xr dialog 1 ,
502.Xr dialog 3 ,
503.Xr dpv 1 ,
504and
505.Xr dpv 3 .
506.It Va WITHOUT_DICT
507Do not build the Webster dictionary files.
508.It Va WITH_DIRDEPS_BUILD
509This is an alternate build system.
510For details see
511https://www.crufty.net/sjg/docs/freebsd-meta-mode.htm.
512Build commands can be seen from the top-level with:
513.Dl make show-valid-targets
514The build is driven by dirdeps.mk using
515.Va DIRDEPS
516stored in
517Makefile.depend files found in each directory.
518.Pp
519The build can be started from anywhere, and behaves the same.
520The initial instance of
521.Xr make 1
522recursively reads
523.Va DIRDEPS
524from
525.Pa Makefile.depend ,
526computing a graph of tree dependencies from the current origin.
527Setting
528.Va NO_DIRDEPS
529skips checking dirdep dependencies and will only build in the current
530and child directories.
531.Va NO_DIRDEPS_BELOW
532skips building any dirdeps and only build the current directory.
533.Pp
534This also utilizes the
535.Va WITH_META_MODE
536logic for incremental builds.
537.Pp
538The build hides commands executed unless
539.Va NO_SILENT
540is defined.
541.Pp
542Note that there is currently no mass install feature for this.
543This build is designed for producing packages, that can then be installed
544on a target system.
545.Pp
546The implementation in
547.Fx
548is incomplete.
549Completion would require leaf directories for building each kernel
550and package so that their dependencies can be tracked.
551When set, it enforces these options:
552.Pp
553.Bl -item -compact
554.It
555.Va WITH_INSTALL_AS_USER
556.El
557.Pp
558When set, these options are also in effect:
559.Pp
560.Bl -inset -compact
561.It Va WITH_META_ERROR_TARGET
562(unless
563.Va WITHOUT_META_ERROR_TARGET
564is set explicitly)
565.It Va WITH_META_MODE
566(unless
567.Va WITHOUT_META_MODE
568is set explicitly)
569.It Va WITH_STAGING
570(unless
571.Va WITHOUT_STAGING
572is set explicitly)
573.It Va WITH_STAGING_MAN
574(unless
575.Va WITHOUT_STAGING_MAN
576is set explicitly)
577.It Va WITH_STAGING_PROG
578(unless
579.Va WITHOUT_STAGING_PROG
580is set explicitly)
581.It Va WITH_SYSROOT
582(unless
583.Va WITHOUT_SYSROOT
584is set explicitly)
585.El
586.Pp
587This must be set in the environment, make command line, or
588.Pa /etc/src-env.conf ,
589not
590.Pa /etc/src.conf .
591.It Va WITH_DIRDEPS_CACHE
592Cache result of dirdeps.mk which can save significant time
593for subsequent builds.
594Depends on
595.Va WITH_DIRDEPS_BUILD .
596.Pp
597This must be set in the environment, make command line, or
598.Pa /etc/src-env.conf ,
599not
600.Pa /etc/src.conf .
601.It Va WITH_DISK_IMAGE_TOOLS_BOOTSTRAP
602Build
603.Xr etdump 1 ,
604.Xr makefs 8
605and
606.Xr mkimg 1
607as bootstrap tools.
608.It Va WITHOUT_DMAGENT
609Do not build dma Mail Transport Agent.
610.It Va WITHOUT_DOCCOMPRESS
611Do not install compressed system documentation.
612Only the uncompressed version will be installed.
613.It Va WITHOUT_DTRACE
614Do not build DTrace framework kernel modules, libraries, and user commands.
615When set, it enforces these options:
616.Pp
617.Bl -item -compact
618.It
619.Va WITHOUT_CTF
620.El
621.It Va WITH_DTRACE_ASAN
622Compile userspace DTrace code (libdtrace, dtrace(1), lockstat(1), plockstat(1))
623with address and undefined behavior sanitizers.
624Requires that Clang be used as the base system compiler
625and that the runtime support library is available.
626.It Va WITH_DTRACE_TESTS
627Build and install the DTrace test suite in
628.Pa /usr/tests/cddl/usr.sbin/dtrace .
629This test suite is considered experimental on architectures other than
630amd64/amd64 and running it may cause system instability.
631.It Va WITHOUT_DYNAMICROOT
632Set this if you do not want to link
633.Pa /bin
634and
635.Pa /sbin
636dynamically.
637.It Va WITHOUT_EE
638Do not build and install
639.Xr edit 1 ,
640.Xr ee 1 ,
641and related programs.
642.It Va WITHOUT_EFI
643Set not to build
644.Xr efivar 3
645and
646.Xr efivar 8 .
647.Pp
648This is a default setting on
649i386/i386, powerpc/powerpc, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64.
650.It Va WITH_EFI
651Build
652.Xr efivar 3
653and
654.Xr efivar 8 .
655.Pp
656This is a default setting on
657amd64/amd64, arm/armv7 and arm64/aarch64.
658.It Va WITHOUT_ELFTOOLCHAIN_BOOTSTRAP
659Do not build ELF Tool Chain tools
660(addr2line, nm, size, strings and strip)
661as part of the bootstrap process.
662.Bf -symbolic
663An alternate bootstrap tool chain must be provided.
664.Ef
665.It Va WITHOUT_EXAMPLES
666Avoid installing examples to
667.Pa /usr/share/examples/ .
668.It Va WITH_EXPERIMENTAL
669Include experimental features in the build.
670.It Va WITHOUT_FDT
671Do not build Flattened Device Tree support as part of the base system.
672This includes the device tree compiler (dtc) and libfdt support library.
673.Pp
674This is a default setting on
675amd64/amd64 and i386/i386.
676.It Va WITH_FDT
677Build Flattened Device Tree support as part of the base system.
678This includes the device tree compiler (dtc) and libfdt support library.
679.Pp
680This is a default setting on
681arm/armv7, arm64/aarch64, powerpc/powerpc, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64.
682.It Va WITHOUT_FILE
683Do not build
684.Xr file 1
685and related programs.
686.It Va WITHOUT_FINGER
687Do not build or install
688.Xr finger 1
689and
690.Xr fingerd 8 .
691.It Va WITHOUT_FLOPPY
692Do not build or install programs
693for operating floppy disk driver.
694.It Va WITHOUT_FORMAT_EXTENSIONS
695Do not enable
696.Fl fformat-extensions
697when compiling the kernel.
698Also disables all format checking.
699.It Va WITHOUT_FORTH
700Build bootloaders without Forth support.
701.It Va WITHOUT_FP_LIBC
702Build
703.Nm libc
704without floating-point support.
705.It Va WITHOUT_FREEBSD_UPDATE
706Do not build
707.Xr freebsd-update 8 .
708.It Va WITHOUT_FTP
709Do not build or install
710.Xr ftp 1
711and
712.Xr ftpd 8 .
713.It Va WITHOUT_GAMES
714Do not build games.
715.It Va WITHOUT_GH_BC
716Install the traditional FreeBSD
717.Xr bc 1
718and
719.Xr dc 1
720programs instead of the enhanced versions.
721.It Va WITHOUT_GNU_DIFF
722Do not build GNU
723.Xr diff3 1 ;
724build BSD
725.Xr diff3 1
726instead.
727.It Va WITHOUT_GOOGLETEST
728Neither build nor install
729.Lb libgmock ,
730.Lb libgtest ,
731and dependent tests.
732.It Va WITHOUT_GPIO
733Do not build
734.Xr gpioctl 8
735as part of the base system.
736.It Va WITHOUT_GSSAPI
737Do not build libgssapi.
738.It Va WITHOUT_HAST
739Do not build
740.Xr hastd 8
741and related utilities.
742.It Va WITH_HESIOD
743Build Hesiod support.
744.It Va WITHOUT_HTML
745Do not build HTML docs.
746.It Va WITHOUT_HYPERV
747Do not build or install HyperV utilities.
748.Pp
749This is a default setting on
750arm/armv7, powerpc/powerpc, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64.
751.It Va WITH_HYPERV
752Build or install HyperV utilities.
753.Pp
754This is a default setting on
755amd64/amd64, arm64/aarch64 and i386/i386.
756.It Va WITHOUT_ICONV
757Do not build iconv as part of libc.
758.It Va WITHOUT_INCLUDES
759Do not install header files.
760This option used to be spelled
761.Va NO_INCS .
762.Bf -symbolic
763The option does not work for build targets.
764.Ef
765.It Va WITHOUT_INET
766Do not build programs and libraries related to IPv4 networking.
767When set, it enforces these options:
768.Pp
769.Bl -item -compact
770.It
771.Va WITHOUT_INET_SUPPORT
772.El
773.It Va WITHOUT_INET6
774Do not build
775programs and libraries related to IPv6 networking.
776When set, it enforces these options:
777.Pp
778.Bl -item -compact
779.It
780.Va WITHOUT_INET6_SUPPORT
781.El
782.It Va WITHOUT_INET6_SUPPORT
783Build libraries, programs, and kernel modules without IPv6 support.
784.It Va WITHOUT_INETD
785Do not build
786.Xr inetd 8 .
787.It Va WITHOUT_INET_SUPPORT
788Build libraries, programs, and kernel modules without IPv4 support.
789.It Va WITHOUT_INSTALLLIB
790Set this to not install optional libraries.
791For example, when creating a
792.Xr nanobsd 8
793image.
794.Bf -symbolic
795The option does not work for build targets.
796.Ef
797.It Va WITH_INSTALL_AS_USER
798Make install targets succeed for non-root users by installing
799files with owner and group attributes set to that of the user running
800the
801.Xr make 1
802command.
803The user still must set the
804.Va DESTDIR
805variable to point to a directory where the user has write permissions.
806.It Va WITHOUT_IPFILTER
807Do not build IP Filter package.
808.It Va WITHOUT_IPFW
809Do not build IPFW tools.
810.It Va WITHOUT_IPSEC_SUPPORT
811Do not build the kernel with
812.Xr ipsec 4
813support.
814This option is needed for
815.Xr ipsec 4
816and
817.Xr tcpmd5 4 .
818.It Va WITHOUT_ISCSI
819Do not build
820.Xr iscsid 8
821and related utilities.
822.It Va WITHOUT_JAIL
823Do not build tools for the support of jails; e.g.,
824.Xr jail 8 .
825.It Va WITHOUT_JEMALLOC_LG_VADDR_WIDE
826Disallow programs to use more than 48 address bits on amd64.
827Incompatible with LA57 mode.
828Enabling this option might result in a slight reduction in memory
829consumption for jemalloc metadata, but also requires disabling LA57
830(if hardware supports it).
831.It Va WITHOUT_KDUMP
832Do not build
833.Xr kdump 1
834and
835.Xr truss 1 .
836.It Va WITHOUT_KERBEROS
837Set this to not build Kerberos 5 (KTH Heimdal).
838When set, these options are also in effect:
839.Pp
840.Bl -inset -compact
841.It Va WITHOUT_GSSAPI
842(unless
843.Va WITH_GSSAPI
844is set explicitly)
845.It Va WITHOUT_KERBEROS_SUPPORT
846(unless
847.Va WITH_KERBEROS_SUPPORT
848is set explicitly)
849.El
850.It Va WITHOUT_KERBEROS_SUPPORT
851Build some programs without Kerberos support, like
852.Xr ssh 1 ,
853.Xr telnet 1 ,
854and
855.Xr sshd 8 .
856.It Va WITH_KERNEL_BIN
857Generate and install kernel.bin from kernel as part of the normal build and
858install processes for the kernel. Available only on arm and arm64.
859
860Usually this will be added to the kernel config file with:
861
862makeoptions	WITH_KERNEL_BIN=1
863
864though it can also be used on the command line.
865.It Va WITH_KERNEL_RETPOLINE
866Enable the "retpoline" mitigation for CVE-2017-5715 in the kernel
867build.
868.It Va WITHOUT_KERNEL_SYMBOLS
869Do not install standalone kernel debug symbol files.
870This option has no effect at build time.
871.It Va WITHOUT_KVM
872Do not build the
873.Nm libkvm
874library as a part of the base system.
875.Bf -symbolic
876The option has no effect yet.
877.Ef
878When set, these options are also in effect:
879.Pp
880.Bl -inset -compact
881.It Va WITHOUT_KVM_SUPPORT
882(unless
883.Va WITH_KVM_SUPPORT
884is set explicitly)
885.El
886.It Va WITHOUT_KVM_SUPPORT
887Build some programs without optional
888.Nm libkvm
889support.
890.It Va WITHOUT_LDNS
891Setting this variable will prevent the LDNS library from being built.
892When set, it enforces these options:
893.Pp
894.Bl -item -compact
895.It
896.Va WITHOUT_LDNS_UTILS
897.It
898.Va WITHOUT_UNBOUND
899.El
900.It Va WITHOUT_LDNS_UTILS
901Setting this variable will prevent building the LDNS utilities
902.Xr drill 1
903and
904.Xr host 1 .
905.It Va WITHOUT_LEGACY_CONSOLE
906Do not build programs that support a legacy PC console; e.g.,
907.Xr kbdcontrol 1
908and
909.Xr vidcontrol 1 .
910.It Va WITHOUT_LIB32
911On 64-bit platforms, do not build 32-bit library set and a
912.Nm ld-elf32.so.1
913runtime linker.
914.Pp
915This is a default setting on
916arm/armv7, i386/i386, powerpc/powerpc, powerpc/powerpc64le and riscv/riscv64.
917.It Va WITH_LIB32
918On 64-bit platforms, build the 32-bit library set and a
919.Nm ld-elf32.so.1
920runtime linker.
921.Pp
922This is a default setting on
923amd64/amd64, arm64/aarch64 and powerpc/powerpc64.
924.It Va WITHOUT_LLD
925Do not build LLVM's lld linker.
926.It Va WITHOUT_LLDB
927Do not build the LLDB debugger.
928.Pp
929This is a default setting on
930arm/armv7 and riscv/riscv64.
931.It Va WITH_LLDB
932Build the LLDB debugger.
933.Pp
934This is a default setting on
935amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpc64le.
936.It Va WITHOUT_LLD_BOOTSTRAP
937Do not build the LLD linker during the bootstrap phase of
938the build.
939To be able to build the system an alternate linker must be provided via XLD.
940.It Va WITHOUT_LLVM_ASSERTIONS
941Disable debugging assertions in LLVM.
942.It Va WITH_LLVM_BINUTILS
943Install LLVM's binutils (without an llvm- prefix),
944instead of ELF Tool Chain's tools.
945This includes
946.Xr addr2line 1 ,
947.Xr ar 1 ,
948.Xr nm 1 ,
949.Xr objcopy 1 ,
950.Xr ranlib 1 ,
951.Xr readelf 1 ,
952.Xr size 1 ,
953and
954.Xr strip 1 .
955Regardless of this setting, LLVM tools are used for
956.Xr c++filt 1
957and
958.Xr objdump 1 .
959.Xr strings 1
960is always provided by ELF Tool Chain.
961.It Va WITHOUT_LLVM_COV
962Do not build the
963.Xr llvm-cov 1
964tool.
965.It Va WITHOUT_LLVM_CXXFILT
966Install ELF Tool Chain's cxxfilt as c++filt, instead of LLVM's llvm-cxxfilt.
967.It Va WITH_LLVM_FULL_DEBUGINFO
968Generate full debug information for LLVM libraries and tools, which uses
969more disk space and build resources, but allows for easier debugging.
970.It Va WITHOUT_LLVM_TARGET_AARCH64
971Do not build LLVM target support for AArch64.
972The
973.Va LLVM_TARGET_ALL
974option should be used rather than this in most cases.
975.It Va WITHOUT_LLVM_TARGET_ALL
976Only build the required LLVM target support.
977This option is preferred to specific target support options.
978When set, these options are also in effect:
979.Pp
980.Bl -inset -compact
981.It Va WITHOUT_LLVM_TARGET_AARCH64
982(unless
983.Va WITH_LLVM_TARGET_AARCH64
984is set explicitly)
985.It Va WITHOUT_LLVM_TARGET_ARM
986(unless
987.Va WITH_LLVM_TARGET_ARM
988is set explicitly)
989.It Va WITHOUT_LLVM_TARGET_POWERPC
990(unless
991.Va WITH_LLVM_TARGET_POWERPC
992is set explicitly)
993.It Va WITHOUT_LLVM_TARGET_RISCV
994(unless
995.Va WITH_LLVM_TARGET_RISCV
996is set explicitly)
997.El
998.It Va WITHOUT_LLVM_TARGET_ARM
999Do not build LLVM target support for ARM.
1000The
1001.Va LLVM_TARGET_ALL
1002option should be used rather than this in most cases.
1003.It Va WITH_LLVM_TARGET_BPF
1004Build LLVM target support for BPF.
1005The
1006.Va LLVM_TARGET_ALL
1007option should be used rather than this in most cases.
1008.It Va WITH_LLVM_TARGET_MIPS
1009Build LLVM target support for MIPS.
1010The
1011.Va LLVM_TARGET_ALL
1012option should be used rather than this in most cases.
1013.It Va WITHOUT_LLVM_TARGET_POWERPC
1014Do not build LLVM target support for PowerPC.
1015The
1016.Va LLVM_TARGET_ALL
1017option should be used rather than this in most cases.
1018.It Va WITHOUT_LLVM_TARGET_RISCV
1019Do not build LLVM target support for RISC-V.
1020The
1021.Va LLVM_TARGET_ALL
1022option should be used rather than this in most cases.
1023.It Va WITHOUT_LLVM_TARGET_X86
1024Do not build LLVM target support for X86.
1025The
1026.Va LLVM_TARGET_ALL
1027option should be used rather than this in most cases.
1028.It Va WITH_LOADER_BIOS_TEXTONLY
1029Use the old, FreeBSD 12 vidconsole.c.
1030This only supports text mode without teken, without any graphics, font or video mode support.
1031This setting only affects the i386 and amd64 BIOS boot loader.
1032.It Va WITH_LOADER_EFI_SECUREBOOT
1033Enable building
1034.Xr loader 8
1035with support for verification based on certificates obtained from UEFI.
1036.It Va WITHOUT_LOADER_GELI
1037Disable inclusion of GELI crypto support in the boot chain binaries.
1038.Pp
1039This is a default setting on
1040powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpc64le.
1041.It Va WITH_LOADER_GELI
1042Build GELI bootloader support.
1043.Pp
1044This is a default setting on
1045amd64/amd64, arm/armv7, arm64/aarch64, i386/i386 and riscv/riscv64.
1046.It Va WITHOUT_LOADER_IA32
1047Do not build the 32-bit UEFI loader.
1048.Pp
1049This is a default setting on
1050arm/armv7, arm64/aarch64, i386/i386, powerpc/powerpc, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64.
1051.It Va WITH_LOADER_IA32
1052Build the 32-bit UEFI loader.
1053.Pp
1054This is a default setting on
1055amd64/amd64.
1056.It Va WITHOUT_LOADER_KBOOT
1057Do not build kboot, a linuxboot environment loader
1058.Pp
1059This is a default setting on
1060arm/armv7, i386/i386, powerpc/powerpc, powerpc/powerpc64le and riscv/riscv64.
1061.It Va WITH_LOADER_KBOOT
1062Build kboot, a linuxboot environment loader
1063.Pp
1064This is a default setting on
1065amd64/amd64, arm64/aarch64 and powerpc/powerpc64.
1066.It Va WITHOUT_LOADER_LUA
1067Do not build LUA bindings for the boot loader.
1068.Pp
1069This is a default setting on
1070powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpc64le.
1071.It Va WITH_LOADER_LUA
1072Build LUA bindings for the boot loader.
1073.Pp
1074This is a default setting on
1075amd64/amd64, arm/armv7, arm64/aarch64, i386/i386 and riscv/riscv64.
1076.It Va WITHOUT_LOADER_OFW
1077Disable building of openfirmware bootloader components.
1078.Pp
1079This is a default setting on
1080amd64/amd64, arm/armv7, arm64/aarch64, i386/i386 and riscv/riscv64.
1081.It Va WITH_LOADER_OFW
1082Build openfirmware bootloader components.
1083.Pp
1084This is a default setting on
1085powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpc64le.
1086.It Va WITHOUT_LOADER_PXEBOOT
1087Do not build pxeboot on i386/amd64.
1088When the pxeboot is too large, or unneeded, it may be disabled with this option.
1089See
1090.Va WITH_LOADER_PXEBOOT
1091for how to adjust the defaults when you need both a larger
1092.Pa /boot/loader
1093and
1094.Pa /boot/pxeboot
1095.Pp
1096This option only has an effect on x86.
1097.It Va WITHOUT_LOADER_UBOOT
1098Disable building of ubldr.
1099.Pp
1100This is a default setting on
1101amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64le and riscv/riscv64.
1102.It Va WITH_LOADER_UBOOT
1103Build ubldr.
1104.Pp
1105This is a default setting on
1106arm/armv7, powerpc/powerpc and powerpc/powerpc64.
1107.It Va WITH_LOADER_VERBOSE
1108Build with extra verbose debugging in the loader.
1109May explode already nearly too large loader over the limit.
1110Use with care.
1111.It Va WITH_LOADER_VERIEXEC
1112Enable building
1113.Xr loader 8
1114with support for verification similar to Verified Exec.
1115.Pp
1116Depends on
1117.Va WITH_BEARSSL .
1118May require a larger
1119.Va LOADERSIZE .
1120When set, these options are also in effect:
1121.Pp
1122.Bl -inset -compact
1123.It Va WITH_LOADER_EFI_SECUREBOOT
1124(unless
1125.Va WITHOUT_LOADER_EFI_SECUREBOOT
1126is set explicitly)
1127.It Va WITH_LOADER_VERIEXEC_VECTX
1128(unless
1129.Va WITHOUT_LOADER_VERIEXEC_VECTX
1130is set explicitly)
1131.El
1132.It Va WITH_LOADER_VERIEXEC_PASS_MANIFEST
1133Enable building
1134.Xr loader 8
1135with support to pass a verified manifest to the kernel.
1136The kernel has to be built with a module to parse the manifest.
1137.Pp
1138Depends on
1139.Va WITH_LOADER_VERIEXEC .
1140.It Va WITH_LOADER_VERIEXEC_VECTX
1141Enable building
1142.Xr loader 8
1143with support for hashing and verifying kernel and modules as a side effect
1144of loading.
1145.Pp
1146Depends on
1147.Va WITH_LOADER_VERIEXEC .
1148.It Va WITHOUT_LOADER_ZFS
1149Do not build ZFS file system boot loader support.
1150.It Va WITHOUT_LOCALES
1151Do not build localization files; see
1152.Xr locale 1 .
1153.It Va WITHOUT_LOCATE
1154Do not build
1155.Xr locate 1
1156and related programs.
1157.It Va WITHOUT_LPR
1158Do not build
1159.Xr lpr 1
1160and related programs.
1161.It Va WITHOUT_LS_COLORS
1162Build
1163.Xr ls 1
1164without support for colors to distinguish file types.
1165.It Va WITHOUT_MACHDEP_OPTIMIZATIONS
1166Prefer machine-independent non-assembler code in libc and libm.
1167.It Va WITHOUT_MAIL
1168Do not build any mail support (MUA or MTA).
1169When set, it enforces these options:
1170.Pp
1171.Bl -item -compact
1172.It
1173.Va WITHOUT_DMAGENT
1174.It
1175.Va WITHOUT_MAILWRAPPER
1176.It
1177.Va WITHOUT_SENDMAIL
1178.El
1179.It Va WITHOUT_MAILWRAPPER
1180Do not build the
1181.Xr mailwrapper 8
1182MTA selector.
1183.It Va WITHOUT_MAKE
1184Do not install
1185.Xr make 1
1186and related support files.
1187.It Va WITHOUT_MAKE_CHECK_USE_SANDBOX
1188Do not execute
1189.Dq Li "make check"
1190in limited sandbox mode.
1191This option should be paired with
1192.Va WITH_INSTALL_AS_USER
1193if executed as an unprivileged user.
1194See
1195.Xr tests 7
1196for more details.
1197.It Va WITH_MALLOC_PRODUCTION
1198Disable assertions and statistics gathering in
1199.Xr malloc 3 .
1200It also defaults the A and J runtime options to off.
1201.It Va WITHOUT_MAN
1202Do not build manual pages.
1203When set, these options are also in effect:
1204.Pp
1205.Bl -inset -compact
1206.It Va WITHOUT_MAN_UTILS
1207(unless
1208.Va WITH_MAN_UTILS
1209is set explicitly)
1210.El
1211.It Va WITHOUT_MANCOMPRESS
1212Do not install compressed man pages.
1213Only the uncompressed versions will be installed.
1214.It Va WITHOUT_MANSPLITPKG
1215Do not split man pages into their own packages during make package.
1216.It Va WITHOUT_MAN_UTILS
1217Do not build utilities for manual pages,
1218.Xr apropos 1 ,
1219.Xr makewhatis 1 ,
1220.Xr man 1 ,
1221.Xr whatis 1 ,
1222.Xr manctl 8 ,
1223and related support files.
1224.It Va WITH_META_ERROR_TARGET
1225Enable the META_MODE .ERROR target.
1226.Pp
1227This target will copy the meta file of a failed target
1228to
1229.Va ERROR_LOGDIR
1230(default is
1231.Ql ${SRCTOP:H}/error )
1232to help with failure analysis.
1233Depends on
1234.Va WITH_META_MODE .
1235This default when
1236.Va WITH_DIRDEPS_BUILD
1237is set.
1238.Pp
1239This must be set in the environment, make command line, or
1240.Pa /etc/src-env.conf ,
1241not
1242.Pa /etc/src.conf .
1243.It Va WITH_META_MODE
1244Create
1245.Xr make 1
1246meta files when building, which can provide a reliable incremental build when
1247using
1248.Xr filemon 4 .
1249The meta file is created in OBJDIR as
1250.Pa target.meta .
1251These meta files track the command that was executed, its output, and the
1252current directory.
1253The
1254.Xr filemon 4
1255module is required unless
1256.Va NO_FILEMON
1257is defined.
1258When the module is loaded, any files used by the commands executed are
1259tracked as dependencies for the target in its meta file.
1260The target is considered out-of-date and rebuilt if any of these
1261conditions are true compared to the last build:
1262.Bl -bullet -compact
1263.It
1264The command to execute changes.
1265.It
1266The current working directory changes.
1267.It
1268The target's meta file is missing.
1269.It
1270The target's meta file is missing filemon data when filemon is loaded
1271and a previous run did not have it loaded.
1272.It
1273[requires
1274.Xr filemon 4 ]
1275Files read, executed or linked to are newer than the target.
1276.It
1277[requires
1278.Xr filemon 4 ]
1279Files read, written, executed or linked are missing.
1280.El
1281The meta files can also be useful for debugging.
1282.Pp
1283The build hides commands that are executed unless
1284.Va NO_SILENT
1285is defined.
1286Errors cause
1287.Xr make 1
1288to show some of its environment for further debugging.
1289.Pp
1290The build operates as it normally would otherwise.
1291This option originally invoked a different build system but that was renamed
1292to
1293.Va WITH_DIRDEPS_BUILD .
1294.Pp
1295This must be set in the environment, make command line, or
1296.Pa /etc/src-env.conf ,
1297not
1298.Pa /etc/src.conf .
1299.It Va WITHOUT_MLX5TOOL
1300Do not build
1301.Xr mlx5tool 8
1302.Pp
1303This is a default setting on
1304arm/armv7, powerpc/powerpc and riscv/riscv64.
1305.It Va WITH_MLX5TOOL
1306Build
1307.Xr mlx5tool 8
1308.Pp
1309This is a default setting on
1310amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le.
1311.It Va WITHOUT_NETCAT
1312Do not build
1313.Xr nc 1
1314utility.
1315.It Va WITHOUT_NETGRAPH
1316Do not build applications to support
1317.Xr netgraph 4 .
1318When set, it enforces these options:
1319.Pp
1320.Bl -item -compact
1321.It
1322.Va WITHOUT_BLUETOOTH
1323.El
1324.Pp
1325When set, these options are also in effect:
1326.Pp
1327.Bl -inset -compact
1328.It Va WITHOUT_NETGRAPH_SUPPORT
1329(unless
1330.Va WITH_NETGRAPH_SUPPORT
1331is set explicitly)
1332.El
1333.It Va WITHOUT_NETGRAPH_SUPPORT
1334Build libraries, programs, and kernel modules without netgraph support.
1335.It Va WITHOUT_NETLINK
1336Do not build
1337.Xr genl 1
1338utility.
1339.It Va WITHOUT_NETLINK_SUPPORT
1340Make libraries and programs use rtsock and
1341.Xr sysctl 3
1342interfaces instead of
1343.Xr snl 3 .
1344.It Va WITHOUT_NIS
1345Do not build
1346.Xr NIS 8
1347support and related programs.
1348If set, you might need to adopt your
1349.Xr nsswitch.conf 5
1350and remove
1351.Sq nis
1352entries.
1353.It Va WITHOUT_NLS
1354Do not build NLS catalogs.
1355When set, it enforces these options:
1356.Pp
1357.Bl -item -compact
1358.It
1359.Va WITHOUT_NLS_CATALOGS
1360.El
1361.It Va WITHOUT_NLS_CATALOGS
1362Do not build NLS catalog support for
1363.Xr csh 1 .
1364.It Va WITHOUT_NS_CACHING
1365Disable name caching in the
1366.Pa nsswitch
1367subsystem.
1368The generic caching daemon,
1369.Xr nscd 8 ,
1370will not be built either if this option is set.
1371.It Va WITHOUT_NTP
1372Do not build
1373.Xr ntpd 8
1374and related programs.
1375.It Va WITHOUT_NUAGEINIT
1376Do not install the limited cloud init support scripts.
1377.It Va WITHOUT_OFED
1378Do not build the
1379.Dq "OpenFabrics Enterprise Distribution"
1380InfiniBand software stack, including kernel modules and userspace libraries.
1381.Pp
1382This is a default setting on
1383arm/armv7.
1384When set, it enforces these options:
1385.Pp
1386.Bl -item -compact
1387.It
1388.Va WITHOUT_OFED_EXTRA
1389.El
1390.It Va WITH_OFED
1391Build the
1392.Dq "OpenFabrics Enterprise Distribution"
1393InfiniBand software stack, including kernel modules and userspace libraries.
1394.Pp
1395This is a default setting on
1396amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64.
1397.It Va WITH_OFED_EXTRA
1398Build the non-essential components of the
1399.Dq "OpenFabrics Enterprise Distribution"
1400Infiniband software stack, mostly examples.
1401.It Va WITH_OPENLDAP
1402Enable building LDAP support for kerberos using an openldap client from ports.
1403.It Va WITHOUT_OPENMP
1404Do not build LLVM's OpenMP runtime.
1405.Pp
1406This is a default setting on
1407arm/armv7 and powerpc/powerpc.
1408.It Va WITH_OPENMP
1409Build LLVM's OpenMP runtime.
1410.Pp
1411This is a default setting on
1412amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64.
1413.It Va WITHOUT_OPENSSH
1414Do not build OpenSSH.
1415.It Va WITHOUT_OPENSSL
1416Do not build OpenSSL.
1417When set, it enforces these options:
1418.Pp
1419.Bl -item -compact
1420.It
1421.Va WITHOUT_DMAGENT
1422.It
1423.Va WITHOUT_KERBEROS
1424.It
1425.Va WITHOUT_KERBEROS_SUPPORT
1426.It
1427.Va WITHOUT_LDNS
1428.It
1429.Va WITHOUT_LDNS_UTILS
1430.It
1431.Va WITHOUT_LOADER_ZFS
1432.It
1433.Va WITHOUT_OPENSSH
1434.It
1435.Va WITHOUT_OPENSSL_KTLS
1436.It
1437.Va WITHOUT_PKGBOOTSTRAP
1438.It
1439.Va WITHOUT_UNBOUND
1440.It
1441.Va WITHOUT_ZFS
1442.It
1443.Va WITHOUT_ZFS_TESTS
1444.El
1445.Pp
1446When set, these options are also in effect:
1447.Pp
1448.Bl -inset -compact
1449.It Va WITHOUT_GSSAPI
1450(unless
1451.Va WITH_GSSAPI
1452is set explicitly)
1453.El
1454.It Va WITHOUT_OPENSSL_KTLS
1455Do not include kernel TLS support in OpenSSL.
1456.Pp
1457This is a default setting on
1458arm/armv7, i386/i386, powerpc/powerpc and riscv/riscv64.
1459.It Va WITH_OPENSSL_KTLS
1460Include kernel TLS support in OpenSSL.
1461.Pp
1462This is a default setting on
1463amd64/amd64, arm64/aarch64, powerpc/powerpc64 and powerpc/powerpc64le.
1464.It Va WITHOUT_PAM
1465Do not build PAM library and modules.
1466.Bf -symbolic
1467This option is deprecated and does nothing.
1468.Ef
1469When set, these options are also in effect:
1470.Pp
1471.Bl -inset -compact
1472.It Va WITHOUT_PAM_SUPPORT
1473(unless
1474.Va WITH_PAM_SUPPORT
1475is set explicitly)
1476.El
1477.It Va WITHOUT_PAM_SUPPORT
1478Build some programs without PAM support, particularly
1479.Xr ftpd 8
1480and
1481.Xr ppp 8 .
1482.It Va WITHOUT_PF
1483Do not build PF firewall package.
1484When set, it enforces these options:
1485.Pp
1486.Bl -item -compact
1487.It
1488.Va WITHOUT_AUTHPF
1489.El
1490.It Va WITHOUT_PIE
1491Do not build dynamically linked binaries as
1492Position-Independent Executable (PIE).
1493.Pp
1494This is a default setting on
1495arm/armv7, i386/i386 and powerpc/powerpc.
1496.It Va WITH_PIE
1497Build dynamically linked binaries as
1498Position-Independent Executable (PIE).
1499.Pp
1500This is a default setting on
1501amd64/amd64, arm64/aarch64, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64.
1502.It Va WITHOUT_PKGBOOTSTRAP
1503Do not build
1504.Xr pkg 7
1505bootstrap tool.
1506.It Va WITHOUT_PMC
1507Do not build
1508.Xr pmccontrol 8
1509and related programs.
1510.It Va WITHOUT_PPP
1511Do not build
1512.Xr ppp 8
1513and related programs.
1514.It Va WITH_PROFILE
1515Build profiled libraries for use with
1516.Xr gprof 8 .
1517This option is deprecated and may not be present in a future version of
1518.Fx .
1519.It Va WITHOUT_PTHREADS_ASSERTIONS
1520Disable debugging assertions in pthreads library.
1521.It Va WITHOUT_QUOTAS
1522Do not build
1523.Xr quota 1
1524and related programs.
1525.It Va WITHOUT_RADIUS_SUPPORT
1526Do not build radius support into various applications, like
1527.Xr pam_radius 8
1528and
1529.Xr ppp 8 .
1530.It Va WITH_RATELIMIT
1531Build the system with rate limit support.
1532.Pp
1533This makes
1534.Dv SO_MAX_PACING_RATE
1535effective in
1536.Xr getsockopt 2 ,
1537and
1538.Ar txrlimit
1539support in
1540.Xr ifconfig 8 ,
1541by proxy.
1542.It Va WITHOUT_RBOOTD
1543Do not build or install
1544.Xr rbootd 8 .
1545.It Va WITHOUT_RELRO
1546Do not apply the Relocation Read-Only (RELRO) vulnerability mitigation.
1547See also the
1548.Va BIND_NOW
1549option.
1550.It Va WITH_REPRODUCIBLE_BUILD
1551Exclude build metadata (such as the build time, user, or host)
1552from the kernel, boot loaders, and uname output, so that builds produce
1553bit-for-bit identical output.
1554.It Va WITHOUT_RESCUE
1555Do not build
1556.Xr rescue 8 .
1557.It Va WITH_RETPOLINE
1558Build the base system with the retpoline speculative execution
1559vulnerability mitigation for CVE-2017-5715.
1560.It Va WITHOUT_ROUTED
1561Do not build
1562.Xr routed 8
1563utility.
1564.It Va WITH_RPCBIND_WARMSTART_SUPPORT
1565Build
1566.Xr rpcbind 8
1567with warmstart support.
1568.It Va WITHOUT_SCTP_SUPPORT
1569Disable support in the kernel for the
1570.Xr sctp 4
1571Stream Control Transmission Protocol
1572loadable kernel module.
1573.It Va WITHOUT_SENDMAIL
1574Do not build
1575.Xr sendmail 8
1576and related programs.
1577.It Va WITHOUT_SERVICESDB
1578Do not install
1579.Pa /var/db/services.db .
1580.It Va WITHOUT_SETUID_LOGIN
1581Set this to disable the installation of
1582.Xr login 1
1583as a set-user-ID root program.
1584.It Va WITHOUT_SHAREDOCS
1585Do not build the
1586.Bx 4.4
1587legacy docs.
1588.It Va WITH_SORT_THREADS
1589Enable threads in
1590.Xr sort 1 .
1591.It Va WITHOUT_SOURCELESS
1592Do not build kernel modules that include sourceless code (either microcode or native code for host CPU).
1593When set, it enforces these options:
1594.Pp
1595.Bl -item -compact
1596.It
1597.Va WITHOUT_SOURCELESS_HOST
1598.It
1599.Va WITHOUT_SOURCELESS_UCODE
1600.El
1601.It Va WITHOUT_SOURCELESS_HOST
1602Do not build kernel modules that include sourceless native code for host CPU.
1603.It Va WITHOUT_SOURCELESS_UCODE
1604Do not build kernel modules that include sourceless microcode.
1605.It Va WITHOUT_SPLIT_KERNEL_DEBUG
1606Do not build standalone kernel debug files.
1607Debug data (if enabled by the kernel configuration file)
1608will be included in the kernel and modules.
1609When set, it enforces these options:
1610.Pp
1611.Bl -item -compact
1612.It
1613.Va WITHOUT_KERNEL_SYMBOLS
1614.El
1615.It Va WITHOUT_SSP
1616Do not build world with stack smashing protection.
1617See
1618.Xr security 7
1619for more information.
1620.It Va WITH_STAGING
1621Enable staging of files to a stage tree.
1622This can be best thought of as auto-install to
1623.Va DESTDIR
1624with some extra meta data to ensure dependencies can be tracked.
1625Depends on
1626.Va WITH_DIRDEPS_BUILD .
1627When set, these options are also in effect:
1628.Pp
1629.Bl -inset -compact
1630.It Va WITH_STAGING_MAN
1631(unless
1632.Va WITHOUT_STAGING_MAN
1633is set explicitly)
1634.It Va WITH_STAGING_PROG
1635(unless
1636.Va WITHOUT_STAGING_PROG
1637is set explicitly)
1638.El
1639.Pp
1640This must be set in the environment, make command line, or
1641.Pa /etc/src-env.conf ,
1642not
1643.Pa /etc/src.conf .
1644.It Va WITH_STAGING_MAN
1645Enable staging of man pages to stage tree.
1646.It Va WITH_STAGING_PROG
1647Enable staging of PROGs to stage tree.
1648.It Va WITH_STALE_STAGED
1649Check staged files are not stale.
1650.It Va WITHOUT_STATS
1651Neither build nor install
1652.Lb libstats
1653and dependent binaries.
1654.It Va WITHOUT_SYSCONS
1655Do not build
1656.Xr syscons 4
1657support files such as keyboard maps, fonts, and screen output maps.
1658.It Va WITH_SYSROOT
1659Enable use of sysroot during build.
1660Depends on
1661.Va WITH_DIRDEPS_BUILD .
1662.Pp
1663This must be set in the environment, make command line, or
1664.Pa /etc/src-env.conf ,
1665not
1666.Pa /etc/src.conf .
1667.It Va WITHOUT_SYSTEM_COMPILER
1668Do not opportunistically skip building a cross-compiler during the
1669bootstrap phase of the build.
1670Normally, if the currently installed compiler matches the planned bootstrap
1671compiler type and revision, then it will not be built.
1672This does not prevent a compiler from being built for installation though,
1673only for building one for the build itself.
1674The
1675.Va WITHOUT_CLANG
1676option controls that.
1677.It Va WITHOUT_SYSTEM_LINKER
1678Do not opportunistically skip building a cross-linker during the
1679bootstrap phase of the build.
1680Normally, if the currently installed linker matches the planned bootstrap
1681linker type and revision, then it will not be built.
1682This does not prevent a linker from being built for installation though,
1683only for building one for the build itself.
1684The
1685.Va WITHOUT_LLD
1686option controls that.
1687.Pp
1688This option is only relevant when
1689.Va WITH_LLD_BOOTSTRAP
1690is set.
1691.It Va WITHOUT_TALK
1692Do not build or install
1693.Xr talk 1
1694and
1695.Xr talkd 8 .
1696.It Va WITHOUT_TCP_WRAPPERS
1697Do not build or install
1698.Xr tcpd 8 ,
1699and related utilities.
1700.It Va WITHOUT_TCSH
1701Do not build and install
1702.Pa /bin/csh
1703(which is
1704.Xr tcsh 1 ) .
1705.It Va WITHOUT_TELNET
1706Do not build
1707.Xr telnet 1
1708and related programs.
1709.It Va WITHOUT_TESTS
1710Do not build nor install the
1711.Fx
1712Test Suite in
1713.Pa /usr/tests/ .
1714See
1715.Xr tests 7
1716for more details.
1717This also disables the build of all test-related dependencies, including ATF.
1718When set, it enforces these options:
1719.Pp
1720.Bl -item -compact
1721.It
1722.Va WITHOUT_DTRACE_TESTS
1723.It
1724.Va WITHOUT_ZFS_TESTS
1725.El
1726.Pp
1727When set, these options are also in effect:
1728.Pp
1729.Bl -inset -compact
1730.It Va WITHOUT_GOOGLETEST
1731(unless
1732.Va WITH_GOOGLETEST
1733is set explicitly)
1734.It Va WITHOUT_TESTS_SUPPORT
1735(unless
1736.Va WITH_TESTS_SUPPORT
1737is set explicitly)
1738.El
1739.It Va WITHOUT_TESTS_SUPPORT
1740Disable the build of all test-related dependencies, including ATF.
1741When set, it enforces these options:
1742.Pp
1743.Bl -item -compact
1744.It
1745.Va WITHOUT_GOOGLETEST
1746.El
1747.It Va WITHOUT_TEXTPROC
1748Do not build
1749programs used for text processing.
1750.It Va WITHOUT_TFTP
1751Do not build or install
1752.Xr tftp 1
1753and
1754.Xr tftpd 8 .
1755.It Va WITHOUT_TOOLCHAIN
1756Do not install
1757programs used for program development,
1758compilers, debuggers etc.
1759When set, it enforces these options:
1760.Pp
1761.Bl -item -compact
1762.It
1763.Va WITHOUT_CLANG
1764.It
1765.Va WITHOUT_CLANG_EXTRAS
1766.It
1767.Va WITHOUT_CLANG_FORMAT
1768.It
1769.Va WITHOUT_CLANG_FULL
1770.It
1771.Va WITHOUT_LLD
1772.It
1773.Va WITHOUT_LLDB
1774.It
1775.Va WITHOUT_LLVM_COV
1776.El
1777.It Va WITH_UBSAN
1778Build the base system with Undefined Behavior Sanitizer (UBSan) to detect
1779various kinds of undefined behavior at runtime.
1780Requires that Clang be used as the base system compiler
1781and that the runtime support library is available
1782.It Va WITHOUT_UNBOUND
1783Do not build
1784.Xr unbound 8
1785and related programs.
1786.It Va WITH_UNDEFINED_VERSION
1787Link libraries with --undefined-version which permits version maps to
1788contain symbols that are not present in the library.
1789If this is necessary to build a particular configuration, a bug is
1790present and the configuration should be reported.
1791.It Va WITHOUT_UNIFIED_OBJDIR
1792Use the historical object directory format for
1793.Xr build 7
1794targets.
1795For native-builds and builds done directly in sub-directories the format of
1796.Pa ${MAKEOBJDIRPREFIX}/${.CURDIR}
1797is used,
1798while for cross-builds
1799.Pa ${MAKEOBJDIRPREFIX}/${TARGET}.${TARGET_ARCH}/${.CURDIR}
1800is used.
1801.Pp
1802This option is transitional and will be removed in a future version of
1803.Fx ,
1804at which time
1805.Va WITH_UNIFIED_OBJDIR
1806will be enabled permanently.
1807.Pp
1808This must be set in the environment, make command line, or
1809.Pa /etc/src-env.conf ,
1810not
1811.Pa /etc/src.conf .
1812.It Va WITHOUT_USB
1813Do not build USB-related programs and libraries.
1814.It Va WITHOUT_USB_GADGET_EXAMPLES
1815Do not build USB gadget kernel modules.
1816.It Va WITHOUT_UTMPX
1817Do not build user accounting tools such as
1818.Xr last 1 ,
1819.Xr users 1 ,
1820.Xr who 1 ,
1821.Xr ac 8 ,
1822.Xr lastlogin 8
1823and
1824.Xr utx 8 .
1825.It Va WITH_VERIEXEC
1826Enable building
1827.Xr veriexec 8
1828which loads the contents of verified manifests into the kernel
1829for use by
1830.Xr mac_veriexec 4
1831.Pp
1832Depends on
1833.Va WITH_BEARSSL .
1834.It Va WITHOUT_VI
1835Do not build and install vi, view, ex and related programs.
1836.It Va WITHOUT_VT
1837Do not build
1838.Xr vt 4
1839support files (fonts and keymaps).
1840.It Va WITHOUT_WARNS
1841Set this to not add warning flags to the compiler invocations.
1842Useful as a temporary workaround when code enters the tree
1843which triggers warnings in environments that differ from the
1844original developer.
1845.It Va WITHOUT_WERROR
1846Set this to not treat compiler warnings as errors.
1847Useful as a temporary workaround when working on fixing compiler warnings.
1848When set, warnings are still printed in the build log but do not fail the build.
1849.It Va WITHOUT_WIRELESS
1850Do not build programs used for 802.11 wireless networks; especially
1851.Xr wpa_supplicant 8
1852and
1853.Xr hostapd 8 .
1854When set, these options are also in effect:
1855.Pp
1856.Bl -inset -compact
1857.It Va WITHOUT_WIRELESS_SUPPORT
1858(unless
1859.Va WITH_WIRELESS_SUPPORT
1860is set explicitly)
1861.El
1862.It Va WITHOUT_WIRELESS_SUPPORT
1863Build libraries, programs, and kernel modules without
1864802.11 wireless support.
1865.It Va WITHOUT_WPA_SUPPLICANT_EAPOL
1866Build
1867.Xr wpa_supplicant 8
1868without support for the IEEE 802.1X protocol and without
1869support for EAP-PEAP, EAP-TLS, EAP-LEAP, and EAP-TTLS
1870protocols (usable only via 802.1X).
1871.It Va WITHOUT_ZFS
1872Do not build the ZFS file system kernel module, libraries such as
1873.Xr libbe 3 ,
1874and user commands such as
1875.Xr zpool 8
1876or
1877.Xr zfs 8 .
1878Also disable ZFS support in utilities and libraries which implement
1879ZFS-specific functionality.
1880When set, it enforces these options:
1881.Pp
1882.Bl -item -compact
1883.It
1884.Va WITHOUT_ZFS_TESTS
1885.El
1886.It Va WITHOUT_ZFS_TESTS
1887Do not build and install the legacy ZFS test suite.
1888.It Va WITHOUT_ZONEINFO
1889Do not build the timezone database.
1890When set, it enforces these options:
1891.Pp
1892.Bl -item -compact
1893.It
1894.Va WITHOUT_ZONEINFO_LEAPSECONDS_SUPPORT
1895.El
1896.It Va WITH_ZONEINFO_LEAPSECONDS_SUPPORT
1897Build leapsecond information in to the timezone database.
1898.El
1899.Pp
1900The following options accept a single value from a list of valid values.
1901.Bl -tag -width indent
1902.It Va INIT_ALL
1903Control default initialization of stack variables in C and C++ code.
1904Options other than
1905.Li none
1906require the Clang compiler or GCC 12.0 or later.
1907The default value is
1908.Li none .
1909Valid values are:
1910.Bl -tag -width indent
1911.It Li none
1912Do not initialize stack variables (standard C/C++ behavior).
1913.It Li pattern
1914Build the base system or kernel with stack variables initialized to
1915.Pq compiler defined
1916debugging patterns on function entry.
1917.It Li zero
1918Build the base system or kernel with stack variables initialized
1919to zero on function entry.
1920This value is converted to
1921.Li none
1922for amd64 kernel builds due to incompatability with ifunc memset.
1923.El
1924.It Va LIBC_MALLOC
1925Specify the
1926.Xr malloc 3
1927implementation used by libc.
1928The default value is
1929.Li jemalloc .
1930Valid values are:
1931.Bl -tag -width indent
1932.It Li jemalloc
1933.El
1934.Pp
1935Other implementations are expected in the future in both
1936.Fx
1937and downstream consumers.
1938.El
1939.Sh FILES
1940.Bl -tag -compact -width Pa
1941.It Pa /etc/src.conf
1942.It Pa /etc/src-env.conf
1943.It Pa /usr/share/mk/bsd.own.mk
1944.El
1945.Sh SEE ALSO
1946.Xr make 1 ,
1947.Xr make.conf 5 ,
1948.Xr build 7 ,
1949.Xr ports 7
1950.Sh HISTORY
1951The
1952.Nm
1953file appeared in
1954.Fx 7.0 .
1955.Sh AUTHORS
1956This manual page was autogenerated by
1957.An tools/build/options/makeman .
1958