FreeBSD manual
download PDF document: src-env.conf.5.pdf
SRC.CONF(5) FreeBSD File Formats Manual SRC.CONF(5)
NAME
src.conf - source build options
DESCRIPTION
The src.conf file contains variables that control what components will be
generated during the build process of the FreeBSD source tree; see
build(7).
The src.conf file uses the standard makefile syntax. However, src.conf
should not specify any dependencies to make(1). Instead, src.conf is to
set make(1) variables that control the aspects of how the system builds.
The default location of src.conf is /etc/src.conf, though an alternative
location can be specified in the make(1) variable SRCCONF. Overriding
the location of src.conf may be necessary if the system-wide settings are
not suitable for a particular build. For instance, setting SRCCONF to
/dev/null effectively resets all build controls to their defaults.
The only purpose of src.conf is to control the compilation of the FreeBSD
source code, which is usually located in /usr/src. As a rule, the system
administrator creates src.conf when the values of certain control
variables need to be changed from their defaults.
In addition, control variables can be specified for a particular build
via the -D option of make(1) or in its environment; see environ(7).
The environment of make(1) for the build can be controlled via the
SRC_ENV_CONF variable, which defaults to /etc/src-env.conf. Some
examples that may only be set in this file are WITH_DIRDEPS_BUILD, and
WITH_META_MODE, and MAKEOBJDIRPREFIX as they are environment-only
variables.
The values of variables are ignored regardless of their setting; even if
they would be set to "FALSE" or "NO". The presence of an option causes
it to be honored by make(1).
This list provides a name and short description for variables that can be
used for source builds.
WITHOUT_ACCT
Do not build process accounting tools such as accton(8) and
sa(8).
WITHOUT_ACPI
Do not build acpiconf(8), acpidump(8) and related programs.
WITHOUT_APM
Do not build apm(8), apmd(8) and related programs.
WITH_ASAN
Build the base system with Address Sanitizer (ASan) to detect
memory corruption bugs such as buffer overflows or use-after-
free. Requires that Clang be used as the base system compiler
and that the runtime support library is available. When set, it
enforces these options:
WITH_LLVM_BINUTILS
WITHOUT_AUDIT
Do not build audit support into system programs.
WITHOUT_AUTHPF
Do not build authpf(8).
WITHOUT_AUTOFS
Do not build autofs(5) related programs, libraries, and kernel
modules.
WITHOUT_AUTO_OBJ
Disable automatic creation of objdirs. This is enabled by
default if the wanted OBJDIR is writable by the current user.
This must be set in the environment, make command line, or
/etc/src-env.conf, not /etc/src.conf.
WITH_BEARSSL
Build the BearSSL library.
BearSSL is a tiny SSL library suitable for embedded environments.
For details see https://www.BearSSL.org/
This library is currently only used to perform signature
verification and related operations for Verified Exec and
loader(8).
Due to size constraints in the BIOS environment on x86, one may
need to set LOADERSIZE larger than the default 500000, although
often loader is under the 500k limit even with this option.
Setting LOADERSIZE larger than 500000 may cause pxeboot(8) to be
too large to work. Careful testing of the loader in the target
environment when built with a larger limit to establish safe
limits is critical because different BIOS environments reserve
differing amounts of the low 640k space, making a precise limit
for everybody impossible.
See also WITH_LOADER_PXEBOOT for other considerations. When set,
these options are also in effect:
WITH_LOADER_EFI_SECUREBOOT (unless WITHOUT_LOADER_EFI_SECUREBOOT
is set explicitly)
WITH_LOADER_VERIEXEC (unless WITHOUT_LOADER_VERIEXEC is set
explicitly)
WITH_LOADER_VERIEXEC_VECTX (unless WITHOUT_LOADER_VERIEXEC_VECTX
is set explicitly)
WITH_VERIEXEC (unless WITHOUT_VERIEXEC is set explicitly)
WITHOUT_BHYVE
Do not build or install bhyve(8), associated utilities, and
examples.
This option only affects amd64/amd64.
WITH_BHYVE_SNAPSHOT
Include support for save and restore (snapshots) in bhyve(8) and
bhyvectl(8).
(RELRO) support. With full RELRO the entire GOT is made read-
only after performing relocation at startup, avoiding GOT
overwrite attacks.
WITHOUT_BLACKLIST
Set this if you do not want to build blacklistd(8) and
blacklistctl(8). When set, these options are also in effect:
WITHOUT_BLACKLIST_SUPPORT (unless WITH_BLACKLIST_SUPPORT is set
explicitly)
WITHOUT_BLACKLIST_SUPPORT
Build some programs without libblacklist(3) support, like
fingerd(8), ftpd(8), and sshd(8).
WITHOUT_BLUETOOTH
Do not build Bluetooth related kernel modules, programs and
libraries.
WITHOUT_BOOT
Do not build the boot blocks and loader.
WITHOUT_BOOTPARAMD
Do not build or install bootparamd(8).
WITHOUT_BOOTPD
Do not build or install bootpd(8).
WITHOUT_BSDINSTALL
Do not build bsdinstall(8), sade(8), and related programs.
WITHOUT_BSD_CPIO
Do not build the BSD licensed version of cpio based on
libarchive(3).
WITHOUT_BSNMP
Do not build or install bsnmpd(1) and related libraries and data
files.
WITHOUT_BZIP2
Do not build contributed bzip2 software as a part of the base
system. The option has no effect yet. When set, these options
are also in effect:
WITHOUT_BZIP2_SUPPORT (unless WITH_BZIP2_SUPPORT is set
explicitly)
WITHOUT_BZIP2_SUPPORT
Build some programs without optional bzip2 support.
WITHOUT_CALENDAR
Do not build calendar(1).
WITHOUT_CAPSICUM
This option has no effect.
WITHOUT_CAROOT
Do not add the trusted certificates from the Mozilla NSS bundle
to base.
set CCACHE_PREFIX=/usr/local/bin/distcc. The default cache
directory of $HOME/.ccache will be used, which can be overridden
by setting CCACHE_DIR. The CCACHE_COMPILERCHECK option defaults
to content when using the in-tree bootstrap compiler, and mtime
when using an external compiler. The CCACHE_CPP2 option is used
for Clang but not GCC.
Sharing a cache between multiple work directories requires using
a layout similar to /some/prefix/src /some/prefix/obj and an
environment such as:
CCACHE_BASEDIR='${SRCTOP:H}' MAKEOBJDIRPREFIX='${SRCTOP:H}/obj'
See ccache(1) for more configuration options.
WITHOUT_CCD
Do not build geom_ccd(4) and related utilities.
WITHOUT_CDDL
Do not build code licensed under Sun's CDDL. When set, it
enforces these options:
WITHOUT_CTF
WITHOUT_DTRACE
WITHOUT_LOADER_ZFS
WITHOUT_ZFS
WITHOUT_ZFS_TESTS
WITHOUT_CLANG
Do not build the Clang C/C++ compiler during the regular phase of
the build. When set, it enforces these options:
WITHOUT_CLANG_EXTRAS
WITHOUT_CLANG_FORMAT
WITHOUT_CLANG_FULL
WITHOUT_LLVM_COV
When set, these options are also in effect:
WITHOUT_LLVM_TARGET_AARCH64 (unless WITH_LLVM_TARGET_AARCH64 is
set explicitly)
WITHOUT_LLVM_TARGET_ALL (unless WITH_LLVM_TARGET_ALL is set
explicitly)
WITHOUT_LLVM_TARGET_ARM (unless WITH_LLVM_TARGET_ARM is set
explicitly)
WITHOUT_LLVM_TARGET_POWERPC (unless WITH_LLVM_TARGET_POWERPC is
set explicitly)
WITHOUT_LLVM_TARGET_RISCV (unless WITH_LLVM_TARGET_RISCV is set
explicitly)
WITHOUT_CLANG_BOOTSTRAP
Do not build the Clang C/C++ compiler during the bootstrap phase
of the build. To be able to build the system, either gcc or
clang bootstrap must be enabled unless an alternate compiler is
provided via XCC.
WITH_CLANG_EXTRAS
Build additional clang and llvm tools, such as bugpoint and
clang-format.
WITHOUT_CLEAN
Do not clean before building world and/or kernel.
WITHOUT_CPP
Do not build cpp(1).
WITHOUT_CROSS_COMPILER
Do not build any cross compiler in the cross-tools stage of
buildworld. When compiling a different version of FreeBSD than
what is installed on the system, provide an alternate compiler
with XCC to ensure success. When compiling with an identical
version of FreeBSD to the host, this option may be safely used.
This option may also be safe when the host version of FreeBSD is
close to the sources being built, but all bets are off if there
have been any changes to the toolchain between the versions.
When set, it enforces these options:
WITHOUT_CLANG_BOOTSTRAP
WITHOUT_ELFTOOLCHAIN_BOOTSTRAP
WITHOUT_LLD_BOOTSTRAP
WITHOUT_CRYPT
Do not build any crypto code. When set, it enforces these
options:
WITHOUT_DMAGENT
WITHOUT_KERBEROS
WITHOUT_KERBEROS_SUPPORT
WITHOUT_LDNS
WITHOUT_LDNS_UTILS
WITHOUT_LOADER_ZFS
WITHOUT_OPENSSH
WITHOUT_OPENSSL
WITHOUT_OPENSSL_KTLS
WITHOUT_PKGBOOTSTRAP
WITHOUT_UNBOUND
WITHOUT_ZFS
WITHOUT_ZFS_TESTS
When set, these options are also in effect:
WITHOUT_GSSAPI (unless WITH_GSSAPI is set explicitly)
WITH_CTF
Compile with CTF (Compact C Type Format) data. CTF data
encapsulates a reduced form of debugging information similar to
DWARF and the venerable stabs and is required for DTrace.
WITHOUT_CUSE
Do not build CUSE-related programs and libraries.
WITHOUT_CXGBETOOL
Do not build cxgbetool(8)
This is a default setting on arm/armv7, powerpc/powerpc and
riscv/riscv64.
WITH_CXGBETOOL
executable binary and shared library.
WITH_DETECT_TZ_CHANGES
Make the time handling code detect changes to the timezone files.
WITHOUT_DIALOG
Do not build dialog(1), dialog(3), dpv(1), and dpv(3). When set,
it enforces these options:
WITHOUT_BSDINSTALL
WITHOUT_DICT
Do not build the Webster dictionary files.
WITH_DIRDEPS_BUILD
This is an alternate build system. For details see
https://www.crufty.net/sjg/docs/freebsd-meta-mode.htm. Build
commands can be seen from the top-level with:
make show-valid-targets
The build is driven by dirdeps.mk using DIRDEPS stored in
Makefile.depend files found in each directory.
The build can be started from anywhere, and behaves the same.
The initial instance of make(1) recursively reads DIRDEPS from
Makefile.depend, computing a graph of tree dependencies from the
current origin. Setting NO_DIRDEPS skips checking dirdep
dependencies and will only build in the current and child
directories. NO_DIRDEPS_BELOW skips building any dirdeps and
only build the current directory.
This also utilizes the WITH_META_MODE logic for incremental
builds.
The build hides commands executed unless NO_SILENT is defined.
Note that there is currently no mass install feature for this.
This build is designed for producing packages, that can then be
installed on a target system.
The implementation in FreeBSD is incomplete. Completion would
require leaf directories for building each kernel and package so
that their dependencies can be tracked. When set, it enforces
these options:
WITH_INSTALL_AS_USER
When set, these options are also in effect:
WITH_META_ERROR_TARGET (unless WITHOUT_META_ERROR_TARGET is set
explicitly)
WITH_META_MODE (unless WITHOUT_META_MODE is set explicitly)
WITH_STAGING (unless WITHOUT_STAGING is set explicitly)
WITH_STAGING_MAN (unless WITHOUT_STAGING_MAN is set explicitly)
WITH_STAGING_PROG (unless WITHOUT_STAGING_PROG is set explicitly)
WITH_SYSROOT (unless WITHOUT_SYSROOT is set explicitly)
This must be set in the environment, make command line, or
/etc/src-env.conf, not /etc/src.conf.
WITH_DISK_IMAGE_TOOLS_BOOTSTRAP
Build etdump(1), makefs(8) and mkimg(1) as bootstrap tools.
WITHOUT_DMAGENT
Do not build dma Mail Transport Agent.
WITHOUT_DOCCOMPRESS
Do not install compressed system documentation. Only the
uncompressed version will be installed.
WITHOUT_DTRACE
Do not build DTrace framework kernel modules, libraries, and user
commands. When set, it enforces these options:
WITHOUT_CTF
WITH_DTRACE_ASAN
Compile userspace DTrace code (libdtrace, dtrace(1), lockstat(1),
plockstat(1)) with address and undefined behavior sanitizers.
Requires that Clang be used as the base system compiler and that
the runtime support library is available.
WITH_DTRACE_TESTS
Build and install the DTrace test suite in
/usr/tests/cddl/usr.sbin/dtrace. This test suite is considered
experimental on architectures other than amd64/amd64 and running
it may cause system instability.
WITHOUT_DYNAMICROOT
Set this if you do not want to link /bin and /sbin dynamically.
WITHOUT_EE
Do not build and install edit(1), ee(1), and related programs.
WITHOUT_EFI
Set not to build efivar(3) and efivar(8).
This is a default setting on i386/i386, powerpc/powerpc,
powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64.
WITH_EFI
Build efivar(3) and efivar(8).
This is a default setting on amd64/amd64, arm/armv7 and
arm64/aarch64.
WITHOUT_ELFTOOLCHAIN_BOOTSTRAP
Do not build ELF Tool Chain tools (addr2line, nm, size, strings
and strip) as part of the bootstrap process. An alternate
bootstrap tool chain must be provided.
WITHOUT_EXAMPLES
Avoid installing examples to /usr/share/examples/.
WITH_EXPERIMENTAL
Include experimental features in the build.
WITHOUT_FDT
Do not build Flattened Device Tree support as part of the base
This includes the device tree compiler (dtc) and libfdt support
library.
This is a default setting on arm/armv7, arm64/aarch64,
powerpc/powerpc, powerpc/powerpc64, powerpc/powerpc64le and
riscv/riscv64.
WITHOUT_FILE
Do not build file(1) and related programs.
WITHOUT_FINGER
Do not build or install finger(1) and fingerd(8).
WITHOUT_FLOPPY
Do not build or install programs for operating floppy disk
driver.
WITHOUT_FORMAT_EXTENSIONS
Do not enable -fformat-extensions when compiling the kernel.
Also disables all format checking.
WITHOUT_FORTH
Build bootloaders without Forth support.
WITHOUT_FP_LIBC
Build libc without floating-point support.
WITHOUT_FREEBSD_UPDATE
Do not build freebsd-update(8).
WITHOUT_FTP
Do not build or install ftp(1) and ftpd(8).
WITHOUT_GAMES
Do not build games.
WITHOUT_GH_BC
Install the traditional FreeBSD bc(1) and dc(1) programs instead
of the enhanced versions.
WITHOUT_GNU_DIFF
Do not build GNU diff3(1).
WITHOUT_GOOGLETEST
Neither build nor install GoogleMock library (libgmock, -lgmock),
GoogleTest library (libgtest, -lgtest), and dependent tests.
WITHOUT_GPIO
Do not build gpioctl(8) as part of the base system.
WITHOUT_GSSAPI
Do not build libgssapi.
WITHOUT_HAST
Do not build hastd(8) and related utilities.
WITH_HESIOD
Build Hesiod support.
powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64.
WITH_HYPERV
Build or install HyperV utilities.
This is a default setting on amd64/amd64, arm64/aarch64 and
i386/i386.
WITHOUT_ICONV
Do not build iconv as part of libc.
WITHOUT_INCLUDES
Do not install header files. This option used to be spelled
NO_INCS. The option does not work for build targets.
WITHOUT_INET
Do not build programs and libraries related to IPv4 networking.
When set, it enforces these options:
WITHOUT_INET_SUPPORT
WITHOUT_INET6
Do not build programs and libraries related to IPv6 networking.
When set, it enforces these options:
WITHOUT_INET6_SUPPORT
WITHOUT_INET6_SUPPORT
Build libraries, programs, and kernel modules without IPv6
support.
WITHOUT_INETD
Do not build inetd(8).
WITHOUT_INET_SUPPORT
Build libraries, programs, and kernel modules without IPv4
support.
WITH_INIT_ALL_PATTERN
Build the base system or kernel with stack variables initialized
to (compiler defined) debugging patterns on function entry. This
option requires the clang compiler.
WITH_INIT_ALL_ZERO
Build the base system or kernel with stack variables initialized
to zero on function entry. This option requires that the clang
compiler be used.
WITHOUT_INSTALLLIB
Set this to not install optional libraries. For example, when
creating a nanobsd(8) image. The option does not work for build
targets.
WITH_INSTALL_AS_USER
Make install targets succeed for non-root users by installing
files with owner and group attributes set to that of the user
running the make(1) command. The user still must set the DESTDIR
variable to point to a directory where the user has write
permissions.
WITHOUT_IPSEC_SUPPORT
Do not build the kernel with ipsec(4) support. This option is
needed for ipsec(4) and tcpmd5(4).
WITHOUT_ISCSI
Do not build iscsid(8) and related utilities.
WITHOUT_JAIL
Do not build tools for the support of jails; e.g., jail(8).
WITHOUT_JEMALLOC_LG_VADDR_WIDE
Disallow programs to use more than 48 address bits on amd64.
Incompatible with LA57 mode. Enabling this option might result
in a slight reduction in memory consumption for jemalloc
metadata, but also requires disabling LA57 (if hardware supports
it).
WITHOUT_KDUMP
Do not build kdump(1) and truss(1).
WITHOUT_KERBEROS
Set this to not build Kerberos 5 (KTH Heimdal). When set, these
options are also in effect:
WITHOUT_GSSAPI (unless WITH_GSSAPI is set explicitly)
WITHOUT_KERBEROS_SUPPORT (unless WITH_KERBEROS_SUPPORT is set
explicitly)
WITHOUT_KERBEROS_SUPPORT
Build some programs without Kerberos support, like ssh(1),
telnet(1), and sshd(8).
WITH_KERNEL_RETPOLINE
Enable the "retpoline" mitigation for CVE-2017-5715 in the kernel
build.
WITHOUT_KERNEL_SYMBOLS
Do not install standalone kernel debug symbol files. This option
has no effect at build time.
WITHOUT_KVM
Do not build the libkvm library as a part of the base system.
The option has no effect yet. When set, these options are also
in effect:
WITHOUT_KVM_SUPPORT (unless WITH_KVM_SUPPORT is set explicitly)
WITHOUT_KVM_SUPPORT
Build some programs without optional libkvm support.
WITHOUT_LDNS
Setting this variable will prevent the LDNS library from being
built. When set, it enforces these options:
WITHOUT_LDNS_UTILS
WITHOUT_UNBOUND
WITHOUT_LDNS_UTILS
Setting this variable will prevent building the LDNS utilities
On 64-bit platforms, do not build 32-bit library set and a
ld-elf32.so.1 runtime linker.
This is a default setting on arm/armv7, i386/i386,
powerpc/powerpc, powerpc/powerpc64le and riscv/riscv64.
WITH_LIB32
On 64-bit platforms, build the 32-bit library set and a
ld-elf32.so.1 runtime linker.
This is a default setting on amd64/amd64, arm64/aarch64 and
powerpc/powerpc64.
WITHOUT_LLD
Do not build LLVM's lld linker.
WITHOUT_LLDB
Do not build the LLDB debugger.
This is a default setting on arm/armv7 and riscv/riscv64.
WITH_LLDB
Build the LLDB debugger.
This is a default setting on amd64/amd64, arm64/aarch64,
i386/i386, powerpc/powerpc, powerpc/powerpc64 and
powerpc/powerpc64le.
WITHOUT_LLD_BOOTSTRAP
Do not build the LLD linker during the bootstrap phase of the
build. To be able to build the system an alternate linker must
be provided via XLD.
WITHOUT_LLD_IS_LD
Do not install a /usr/bin/ld symlink to ld.lld. The system will
not have a usable tool chain unless a linker is provided some
other way.
WITH_LLVM_ASSERTIONS
Enable debugging assertions in LLVM.
WITH_LLVM_BINUTILS
Install LLVM's binutils (without an llvm- prefix), instead of ELF
Tool Chain's tools. This includes addr2line(1), ar(1), nm(1),
objcopy(1), ranlib(1), readelf(1), size(1), and strip(1).
Regardless of this setting, LLVM tools are used for c++filt(1)
and objdump(1). strings(1) is always provided by ELF Tool Chain.
WITHOUT_LLVM_COV
Do not build the llvm-cov(1) tool.
WITHOUT_LLVM_CXXFILT
Install ELF Tool Chain's cxxfilt as c++filt, instead of LLVM's
llvm-cxxfilt.
WITH_LLVM_FULL_DEBUGINFO
Generate full debug information for LLVM libraries and tools,
which uses more disk space and build resources, but allows for
easier debugging.
Only build the required LLVM target support. This option is
preferred to specific target support options. When set, these
options are also in effect:
WITHOUT_LLVM_TARGET_AARCH64 (unless WITH_LLVM_TARGET_AARCH64 is
set explicitly)
WITHOUT_LLVM_TARGET_ARM (unless WITH_LLVM_TARGET_ARM is set
explicitly)
WITHOUT_LLVM_TARGET_POWERPC (unless WITH_LLVM_TARGET_POWERPC is
set explicitly)
WITHOUT_LLVM_TARGET_RISCV (unless WITH_LLVM_TARGET_RISCV is set
explicitly)
WITHOUT_LLVM_TARGET_ARM
Do not build LLVM target support for ARM. The LLVM_TARGET_ALL
option should be used rather than this in most cases.
WITH_LLVM_TARGET_BPF
Build LLVM target support for BPF. The LLVM_TARGET_ALL option
should be used rather than this in most cases.
WITH_LLVM_TARGET_MIPS
Build LLVM target support for MIPS. The LLVM_TARGET_ALL option
should be used rather than this in most cases.
WITHOUT_LLVM_TARGET_POWERPC
Do not build LLVM target support for PowerPC. The
LLVM_TARGET_ALL option should be used rather than this in most
cases.
WITHOUT_LLVM_TARGET_RISCV
Do not build LLVM target support for RISC-V. The LLVM_TARGET_ALL
option should be used rather than this in most cases.
WITHOUT_LLVM_TARGET_X86
Do not build LLVM target support for X86. The LLVM_TARGET_ALL
option should be used rather than this in most cases.
WITHOUT_LOADER_BIOS_TEXTONLY
Include graphics, font and video mode support in the i386 and
amd64 BIOS boot loader.
WITH_LOADER_EFI_SECUREBOOT
Enable building loader(8) with support for verification based on
certificates obtained from UEFI.
WITHOUT_LOADER_GELI
Disable inclusion of GELI crypto support in the boot chain
binaries.
This is a default setting on powerpc/powerpc, powerpc/powerpc64
and powerpc/powerpc64le.
WITH_LOADER_GELI
Build GELI bootloader support.
This is a default setting on amd64/amd64, arm/armv7,
arm64/aarch64, i386/i386 and riscv/riscv64.
Build kboot, a linuxboot environment loader
This is a default setting on amd64/amd64, arm64/aarch64 and
powerpc/powerpc64.
WITHOUT_LOADER_LUA
Do not build LUA bindings for the boot loader.
This is a default setting on powerpc/powerpc, powerpc/powerpc64
and powerpc/powerpc64le.
WITH_LOADER_LUA
Build LUA bindings for the boot loader.
This is a default setting on amd64/amd64, arm/armv7,
arm64/aarch64, i386/i386 and riscv/riscv64.
WITHOUT_LOADER_OFW
Disable building of openfirmware bootloader components.
This is a default setting on amd64/amd64, arm/armv7,
arm64/aarch64, i386/i386 and riscv/riscv64.
WITH_LOADER_OFW
Build openfirmware bootloader components.
This is a default setting on powerpc/powerpc, powerpc/powerpc64
and powerpc/powerpc64le.
WITHOUT_LOADER_PXEBOOT
Do not build pxeboot on i386/amd64. When the pxeboot is too
large, or unneeded, it may be disabled with this option. See
WITH_LOADER_PXEBOOT for how to adjust the defaults when you need
both a larger /boot/loader and /boot/pxeboot
This option only has an effect on x86.
WITHOUT_LOADER_UBOOT
Disable building of ubldr.
This is a default setting on amd64/amd64, arm64/aarch64,
i386/i386, powerpc/powerpc64le and riscv/riscv64.
WITH_LOADER_UBOOT
Build ubldr.
This is a default setting on arm/armv7, powerpc/powerpc and
powerpc/powerpc64.
WITH_LOADER_VERBOSE
Build with extra verbose debugging in the loader. May explode
already nearly too large loader over the limit. Use with care.
WITH_LOADER_VERIEXEC
Enable building loader(8) with support for verification similar
to Verified Exec.
Depends on WITH_BEARSSL. May require a larger LOADERSIZE. When
set, these options are also in effect:
Enable building loader(8) with support to pass a verified
manifest to the kernel. The kernel has to be built with a module
to parse the manifest.
Depends on WITH_LOADER_VERIEXEC.
WITH_LOADER_VERIEXEC_VECTX
Enable building loader(8) with support for hashing and verifying
kernel and modules as a side effect of loading.
Depends on WITH_LOADER_VERIEXEC.
WITHOUT_LOADER_ZFS
Do not build ZFS file system boot loader support.
WITHOUT_LOCALES
Do not build localization files; see locale(1).
WITHOUT_LOCATE
Do not build locate(1) and related programs.
WITHOUT_LPR
Do not build lpr(1) and related programs.
WITHOUT_LS_COLORS
Build ls(1) without support for colors to distinguish file types.
WITHOUT_MACHDEP_OPTIMIZATIONS
Prefer machine-independent non-assembler code in libc and libm.
WITHOUT_MAIL
Do not build any mail support (MUA or MTA). When set, it
enforces these options:
WITHOUT_DMAGENT
WITHOUT_MAILWRAPPER
WITHOUT_SENDMAIL
WITHOUT_MAILWRAPPER
Do not build the mailwrapper(8) MTA selector.
WITHOUT_MAKE
Do not install make(1) and related support files.
WITHOUT_MAKE_CHECK_USE_SANDBOX
Do not execute "make check" in limited sandbox mode. This option
should be paired with WITH_INSTALL_AS_USER if executed as an
unprivileged user. See tests(7) for more details.
WITH_MALLOC_PRODUCTION
Disable assertions and statistics gathering in malloc(3). It
also defaults the A and J runtime options to off.
WITHOUT_MAN
Do not build manual pages. When set, these options are also in
effect:
WITHOUT_MAN_UTILS (unless WITH_MAN_UTILS is set explicitly)
WITHOUT_MAN_UTILS
Do not build utilities for manual pages, apropos(1),
makewhatis(1), man(1), whatis(1), manctl(8), and related support
files.
WITH_META_ERROR_TARGET
Enable the META_MODE .ERROR target.
This target will copy the meta file of a failed target to
ERROR_LOGDIR (default is `${SRCTOP:H}/error') to help with
failure analysis. Depends on WITH_META_MODE. This default when
WITH_DIRDEPS_BUILD is set.
This must be set in the environment, make command line, or
/etc/src-env.conf, not /etc/src.conf.
WITH_META_MODE
Create make(1) meta files when building, which can provide a
reliable incremental build when using filemon(4). The meta file
is created in OBJDIR as target.meta. These meta files track the
command that was executed, its output, and the current directory.
The filemon(4) module is required unless NO_FILEMON is defined.
When the module is loaded, any files used by the commands
executed are tracked as dependencies for the target in its meta
file. The target is considered out-of-date and rebuilt if any of
these conditions are true compared to the last build:
o The command to execute changes.
o The current working directory changes.
o The target's meta file is missing.
o The target's meta file is missing filemon data when filemon
is loaded and a previous run did not have it loaded.
o [requires filemon(4)] Files read, executed or linked to are
newer than the target.
o [requires filemon(4)] Files read, written, executed or linked
are missing.
The meta files can also be useful for debugging.
The build hides commands that are executed unless NO_SILENT is
defined. Errors cause make(1) to show some of its environment
for further debugging.
The build operates as it normally would otherwise. This option
originally invoked a different build system but that was renamed
to WITH_DIRDEPS_BUILD.
This must be set in the environment, make command line, or
/etc/src-env.conf, not /etc/src.conf.
WITHOUT_MLX5TOOL
Do not build mlx5tool(8)
This is a default setting on arm/armv7, powerpc/powerpc and
riscv/riscv64.
WITH_MLX5TOOL
Build mlx5tool(8)
This is a default setting on amd64/amd64, arm64/aarch64,
enforces these options:
WITHOUT_BLUETOOTH
When set, these options are also in effect:
WITHOUT_NETGRAPH_SUPPORT (unless WITH_NETGRAPH_SUPPORT is set
explicitly)
WITHOUT_NETGRAPH_SUPPORT
Build libraries, programs, and kernel modules without netgraph
support.
WITHOUT_NETLINK
Do not build genl(1) utility.
WITHOUT_NETLINK_SUPPORT
Make libraries and programs use rtsock and sysctl(3) interfaces
instead of snl(3).
WITHOUT_NIS
Do not build NIS(8) support and related programs. If set, you
might need to adopt your nsswitch.conf(5) and remove `nis'
entries.
WITHOUT_NLS
Do not build NLS catalogs. When set, it enforces these options:
WITHOUT_NLS_CATALOGS
WITHOUT_NLS_CATALOGS
Do not build NLS catalog support for csh(1).
WITHOUT_NS_CACHING
Disable name caching in the nsswitch subsystem. The generic
caching daemon, nscd(8), will not be built either if this option
is set.
WITHOUT_NTP
Do not build ntpd(8) and related programs.
WITHOUT_NUAGEINIT
Do not install the limited cloud init support scripts.
WITHOUT_OFED
Do not build the "OpenFabrics Enterprise Distribution" InfiniBand
software stack, including kernel modules and userspace libraries.
This is a default setting on arm/armv7. When set, it enforces
these options:
WITHOUT_OFED_EXTRA
WITH_OFED
Build the "OpenFabrics Enterprise Distribution" InfiniBand
software stack, including kernel modules and userspace libraries.
This is a default setting on amd64/amd64, arm64/aarch64,
i386/i386, powerpc/powerpc, powerpc/powerpc64,
Enable building LDAP support for kerberos using an openldap
client from ports.
WITHOUT_OPENMP
Do not build LLVM's OpenMP runtime.
This is a default setting on arm/armv7 and powerpc/powerpc.
WITH_OPENMP
Build LLVM's OpenMP runtime.
This is a default setting on amd64/amd64, arm64/aarch64,
i386/i386, powerpc/powerpc64, powerpc/powerpc64le and
riscv/riscv64.
WITHOUT_OPENSSH
Do not build OpenSSH.
WITHOUT_OPENSSL
Do not build OpenSSL. When set, it enforces these options:
WITHOUT_DMAGENT
WITHOUT_KERBEROS
WITHOUT_KERBEROS_SUPPORT
WITHOUT_LDNS
WITHOUT_LDNS_UTILS
WITHOUT_LOADER_ZFS
WITHOUT_OPENSSH
WITHOUT_OPENSSL_KTLS
WITHOUT_PKGBOOTSTRAP
WITHOUT_UNBOUND
WITHOUT_ZFS
WITHOUT_ZFS_TESTS
When set, these options are also in effect:
WITHOUT_GSSAPI (unless WITH_GSSAPI is set explicitly)
WITHOUT_OPENSSL_KTLS
Do not include kernel TLS support in OpenSSL.
This is a default setting on arm/armv7, i386/i386,
powerpc/powerpc and riscv/riscv64.
WITH_OPENSSL_KTLS
Include kernel TLS support in OpenSSL.
This is a default setting on amd64/amd64, arm64/aarch64,
powerpc/powerpc64 and powerpc/powerpc64le.
WITHOUT_PAM
Do not build PAM library and modules. This option is deprecated
and does nothing. When set, these options are also in effect:
WITHOUT_PAM_SUPPORT (unless WITH_PAM_SUPPORT is set explicitly)
WITHOUT_PAM_SUPPORT
Build some programs without PAM support, particularly ftpd(8) and
ppp(8).
WITHOUT_PIE
Do not build dynamically linked binaries as Position-Independent
Executable (PIE).
This is a default setting on arm/armv7, i386/i386 and
powerpc/powerpc.
WITH_PIE
Build dynamically linked binaries as Position-Independent
Executable (PIE).
This is a default setting on amd64/amd64, arm64/aarch64,
powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64.
WITHOUT_PKGBOOTSTRAP
Do not build pkg(7) bootstrap tool.
WITHOUT_PMC
Do not build pmccontrol(8) and related programs.
WITHOUT_PPP
Do not build ppp(8) and related programs.
WITH_PROFILE
Build profiled libraries for use with gprof(8). This option is
deprecated and may not be present in a future version of FreeBSD.
WITHOUT_PTHREADS_ASSERTIONS
Disable debugging assertions in pthreads library.
WITHOUT_QUOTAS
Do not build quota(1) and related programs.
WITHOUT_RADIUS_SUPPORT
Do not build radius support into various applications, like
pam_radius(8) and ppp(8).
WITH_RATELIMIT
Build the system with rate limit support.
This makes SO_MAX_PACING_RATE effective in getsockopt(2), and
txrlimit support in ifconfig(8), by proxy.
WITHOUT_RBOOTD
Do not build or install rbootd(8).
WITHOUT_RELRO
Do not apply the Relocation Read-Only (RELRO) vulnerability
mitigation. See also the BIND_NOW option.
WITHOUT_REPRODUCIBLE_BUILD
Include build metadata (such as the build time, user, and host)
in the kernel, boot loaders, and uname output. Successive builds
will not be bit-for-bit identical.
WITHOUT_RESCUE
Do not build rescue(8).
WITH_RETPOLINE
Build rpcbind(8) with warmstart support.
WITHOUT_SCTP_SUPPORT
Disable support in the kernel for the sctp(4) Stream Control
Transmission Protocol loadable kernel module.
WITHOUT_SENDMAIL
Do not build sendmail(8) and related programs.
WITHOUT_SERVICESDB
Do not install /var/db/services.db.
WITHOUT_SETUID_LOGIN
Set this to disable the installation of login(1) as a set-user-ID
root program.
WITHOUT_SHAREDOCS
Do not build the 4.4BSD legacy docs.
WITH_SORT_THREADS
Enable threads in sort(1).
WITHOUT_SOURCELESS
Do not build kernel modules that include sourceless code (either
microcode or native code for host CPU). When set, it enforces
these options:
WITHOUT_SOURCELESS_HOST
WITHOUT_SOURCELESS_UCODE
WITHOUT_SOURCELESS_HOST
Do not build kernel modules that include sourceless native code
for host CPU.
WITHOUT_SOURCELESS_UCODE
Do not build kernel modules that include sourceless microcode.
WITHOUT_SPLIT_KERNEL_DEBUG
Do not build standalone kernel debug files. Debug data (if
enabled by the kernel configuration file) will be included in the
kernel and modules. When set, it enforces these options:
WITHOUT_KERNEL_SYMBOLS
WITHOUT_SSP
Do not build world with stack smashing protection.
WITH_STAGING
Enable staging of files to a stage tree. This can be best
thought of as auto-install to DESTDIR with some extra meta data
to ensure dependencies can be tracked. Depends on
WITH_DIRDEPS_BUILD. When set, these options are also in effect:
WITH_STAGING_MAN (unless WITHOUT_STAGING_MAN is set explicitly)
WITH_STAGING_PROG (unless WITHOUT_STAGING_PROG is set explicitly)
This must be set in the environment, make command line, or
/etc/src-env.conf, not /etc/src.conf.
Check staged files are not stale.
WITHOUT_STATS
Neither build nor install library "libstats" and dependent
binaries.
WITHOUT_SYSCONS
Do not build syscons(4) support files such as keyboard maps,
fonts, and screen output maps.
WITH_SYSROOT
Enable use of sysroot during build. Depends on
WITH_DIRDEPS_BUILD.
This must be set in the environment, make command line, or
/etc/src-env.conf, not /etc/src.conf.
WITHOUT_SYSTEM_COMPILER
Do not opportunistically skip building a cross-compiler during
the bootstrap phase of the build. Normally, if the currently
installed compiler matches the planned bootstrap compiler type
and revision, then it will not be built. This does not prevent a
compiler from being built for installation though, only for
building one for the build itself. The WITHOUT_CLANG option
controls that.
WITHOUT_SYSTEM_LINKER
Do not opportunistically skip building a cross-linker during the
bootstrap phase of the build. Normally, if the currently
installed linker matches the planned bootstrap linker type and
revision, then it will not be built. This does not prevent a
linker from being built for installation though, only for
building one for the build itself. The WITHOUT_LLD option
controls that.
This option is only relevant when WITH_LLD_BOOTSTRAP is set.
WITHOUT_TALK
Do not build or install talk(1) and talkd(8).
WITHOUT_TCP_WRAPPERS
Do not build or install tcpd(8), and related utilities.
WITHOUT_TCSH
Do not build and install /bin/csh (which is tcsh(1)).
WITHOUT_TELNET
Do not build telnet(1) and related programs.
WITHOUT_TESTS
Do not build nor install the FreeBSD Test Suite in /usr/tests/.
See tests(7) for more details. This also disables the build of
all test-related dependencies, including ATF. When set, it
enforces these options:
WITHOUT_DTRACE_TESTS
WITHOUT_ZFS_TESTS
When set, these options are also in effect:
ATF. When set, it enforces these options:
WITHOUT_GOOGLETEST
WITHOUT_TEXTPROC
Do not build programs used for text processing.
WITHOUT_TFTP
Do not build or install tftp(1) and tftpd(8).
WITHOUT_TOOLCHAIN
Do not install programs used for program development, compilers,
debuggers etc. When set, it enforces these options:
WITHOUT_CLANG
WITHOUT_CLANG_EXTRAS
WITHOUT_CLANG_FORMAT
WITHOUT_CLANG_FULL
WITHOUT_LLD
WITHOUT_LLDB
WITHOUT_LLVM_COV
WITH_UBSAN
Build the base system with Undefined Behavior Sanitizer (UBSan)
to detect various kinds of undefined behavior at runtime.
Requires that Clang be used as the base system compiler and that
the runtime support library is available
WITHOUT_UNBOUND
Do not build unbound(8) and related programs.
WITHOUT_UNIFIED_OBJDIR
Use the historical object directory format for build(7) targets.
For native-builds and builds done directly in sub-directories the
format of ${MAKEOBJDIRPREFIX}/${.CURDIR} is used, while for
cross-builds
${MAKEOBJDIRPREFIX}/${TARGET}.${TARGET_ARCH}/${.CURDIR} is used.
This option is transitional and will be removed in a future
version of FreeBSD, at which time WITH_UNIFIED_OBJDIR will be
enabled permanently.
This must be set in the environment, make command line, or
/etc/src-env.conf, not /etc/src.conf.
WITHOUT_USB
Do not build USB-related programs and libraries.
WITHOUT_USB_GADGET_EXAMPLES
Do not build USB gadget kernel modules.
WITHOUT_UTMPX
Do not build user accounting tools such as last(1), users(1),
who(1), ac(8), lastlogin(8) and utx(8).
WITH_VERIEXEC
Enable building veriexec(8) which loads the contents of verified
manifests into the kernel for use by mac_veriexec(4)
WITHOUT_WARNS
Set this to not add warning flags to the compiler invocations.
Useful as a temporary workaround when code enters the tree which
triggers warnings in environments that differ from the original
developer.
WITHOUT_WERROR
Set this to not treat compiler warnings as errors. Useful as a
temporary workaround when working on fixing compiler warnings.
When set, warnings are still printed in the build log but do not
fail the build.
WITHOUT_WIRELESS
Do not build programs used for 802.11 wireless networks;
especially wpa_supplicant(8) and hostapd(8). When set, these
options are also in effect:
WITHOUT_WIRELESS_SUPPORT (unless WITH_WIRELESS_SUPPORT is set
explicitly)
WITHOUT_WIRELESS_SUPPORT
Build libraries, programs, and kernel modules without 802.11
wireless support.
WITHOUT_WPA_SUPPLICANT_EAPOL
Build wpa_supplicant(8) without support for the IEEE 802.1X
protocol and without support for EAP-PEAP, EAP-TLS, EAP-LEAP, and
EAP-TTLS protocols (usable only via 802.1X).
WITHOUT_ZFS
Do not build the ZFS file system kernel module, libraries such as
libbe(3), and user commands such as zpool(8) or zfs(8). Also
disable ZFS support in utilities and libraries which implement
ZFS-specific functionality. When set, it enforces these options:
WITHOUT_ZFS_TESTS
WITHOUT_ZFS_TESTS
Do not build and install the legacy ZFS test suite.
WITHOUT_ZONEINFO
Do not build the timezone database. When set, it enforces these
options:
WITHOUT_ZONEINFO_LEAPSECONDS_SUPPORT
WITH_ZONEINFO_LEAPSECONDS_SUPPORT
Build leapsecond information in to the timezone database.
FILES
/etc/src.conf
/etc/src-env.conf
/usr/share/mk/bsd.own.mk
SEE ALSO
make(1), make.conf(5), build(7), ports(7)
HISTORY