mirror of
https://github.com/sheumann/hush.git
synced 2025-01-18 07:31:34 +00:00
3fd15e197e
This fixes problems with NULs in files being scanned, but costs +800 bytes. The same can be done to sed (TODO).
599 lines
19 KiB
Plaintext
599 lines
19 KiB
Plaintext
#
|
|
# For a description of the syntax of this configuration file,
|
|
# see scripts/kbuild/config-language.txt.
|
|
#
|
|
|
|
mainmenu "BusyBox Configuration"
|
|
|
|
config HAVE_DOT_CONFIG
|
|
bool
|
|
default y
|
|
|
|
menu "Busybox Settings"
|
|
|
|
menu "General Configuration"
|
|
|
|
config DESKTOP
|
|
bool "Enable options for full-blown desktop systems"
|
|
default n
|
|
help
|
|
Enable options and features which are not essential.
|
|
Select this only if you plan to use busybox on full-blown
|
|
desktop machine with common Linux distro, not on an embedded box.
|
|
|
|
config EXTRA_COMPAT
|
|
bool "Provide compatible behavior for rare corner cases (bigger code)"
|
|
default n
|
|
help
|
|
This option makes grep, sed etc handle rare corner cases
|
|
(embedded NUL bytes and such). This makes code bigger and uses
|
|
some GNU extensions in libc. You probably only need this option
|
|
if you plan to run busybox on desktop.
|
|
|
|
config FEATURE_ASSUME_UNICODE
|
|
bool "Assume that 1:1 char/glyph correspondence is not true"
|
|
default n
|
|
help
|
|
This makes various applets aware that one byte is not
|
|
one character on screen.
|
|
|
|
Busybox aims to eventually work correctly with Unicode displays.
|
|
Any older encodings are not guaranteed to work.
|
|
Probably by the time when busybox will be fully Unicode-clean,
|
|
other encodings will be mainly of historic interest.
|
|
|
|
choice
|
|
prompt "Buffer allocation policy"
|
|
default FEATURE_BUFFERS_USE_MALLOC
|
|
help
|
|
There are 3 ways BusyBox can handle buffer allocations:
|
|
- Use malloc. This costs code size for the call to xmalloc.
|
|
- Put them on stack. For some very small machines with limited stack
|
|
space, this can be deadly. For most folks, this works just fine.
|
|
- Put them in BSS. This works beautifully for computers with a real
|
|
MMU (and OS support), but wastes runtime RAM for uCLinux. This
|
|
behavior was the only one available for BusyBox versions 0.48 and
|
|
earlier.
|
|
|
|
config FEATURE_BUFFERS_USE_MALLOC
|
|
bool "Allocate with Malloc"
|
|
|
|
config FEATURE_BUFFERS_GO_ON_STACK
|
|
bool "Allocate on the Stack"
|
|
|
|
config FEATURE_BUFFERS_GO_IN_BSS
|
|
bool "Allocate in the .bss section"
|
|
|
|
endchoice
|
|
|
|
config SHOW_USAGE
|
|
bool "Show terse applet usage messages"
|
|
default y
|
|
help
|
|
All BusyBox applets will show help messages when invoked with
|
|
wrong arguments. You can turn off printing these terse usage
|
|
messages if you say no here.
|
|
This will save you up to 7k.
|
|
|
|
config FEATURE_VERBOSE_USAGE
|
|
bool "Show verbose applet usage messages"
|
|
default n
|
|
select SHOW_USAGE
|
|
help
|
|
All BusyBox applets will show more verbose help messages when
|
|
busybox is invoked with --help. This will add a lot of text to the
|
|
busybox binary. In the default configuration, this will add about
|
|
13k, but it can add much more depending on your configuration.
|
|
|
|
config FEATURE_COMPRESS_USAGE
|
|
bool "Store applet usage messages in compressed form"
|
|
default y
|
|
depends on SHOW_USAGE
|
|
help
|
|
Store usage messages in compressed form, uncompress them on-the-fly
|
|
when <applet> --help is called.
|
|
|
|
If you have a really tiny busybox with few applets enabled (and
|
|
bunzip2 isn't one of them), the overhead of the decompressor might
|
|
be noticeable. Also, if you run executables directly from ROM
|
|
and have very little memory, this might not be a win. Otherwise,
|
|
you probably want this.
|
|
|
|
config FEATURE_INSTALLER
|
|
bool "Support --install [-s] to install applet links at runtime"
|
|
default n
|
|
help
|
|
Enable 'busybox --install [-s]' support. This will allow you to use
|
|
busybox at runtime to create hard links or symlinks for all the
|
|
applets that are compiled into busybox.
|
|
|
|
config LOCALE_SUPPORT
|
|
bool "Enable locale support (system needs locale for this to work)"
|
|
default n
|
|
help
|
|
Enable this if your system has locale support and you would like
|
|
busybox to support locale settings.
|
|
|
|
config GETOPT_LONG
|
|
bool "Support for --long-options"
|
|
default y
|
|
help
|
|
Enable this if you want busybox applets to use the gnu --long-option
|
|
style, in addition to single character -a -b -c style options.
|
|
|
|
config FEATURE_DEVPTS
|
|
bool "Use the devpts filesystem for Unix98 PTYs"
|
|
default y
|
|
help
|
|
Enable if you want BusyBox to use Unix98 PTY support. If enabled,
|
|
busybox will use /dev/ptmx for the master side of the pseudoterminal
|
|
and /dev/pts/<number> for the slave side. Otherwise, BSD style
|
|
/dev/ttyp<number> will be used. To use this option, you should have
|
|
devpts mounted.
|
|
|
|
config FEATURE_CLEAN_UP
|
|
bool "Clean up all memory before exiting (usually not needed)"
|
|
default n
|
|
help
|
|
As a size optimization, busybox normally exits without explicitly
|
|
freeing dynamically allocated memory or closing files. This saves
|
|
space since the OS will clean up for us, but it can confuse debuggers
|
|
like valgrind, which report tons of memory and resource leaks.
|
|
|
|
Don't enable this unless you have a really good reason to clean
|
|
things up manually.
|
|
|
|
config FEATURE_PIDFILE
|
|
bool "Support writing pidfiles"
|
|
default n
|
|
help
|
|
This option makes some applets (e.g. crond, syslogd, inetd) write
|
|
a pidfile in /var/run. Some applications rely on them.
|
|
|
|
config FEATURE_SUID
|
|
bool "Support for SUID/SGID handling"
|
|
default n
|
|
help
|
|
With this option you can install the busybox binary belonging
|
|
to root with the suid bit set, and it'll and it'll automatically drop
|
|
priviledges for applets that don't need root access.
|
|
|
|
If you're really paranoid and don't want to do this, build two
|
|
busybox binaries with different applets in them (and the appropriate
|
|
symlinks pointing to each binary), and only set the suid bit on the
|
|
one that needs it. The applets currently marked to need the suid bit
|
|
are login, passwd, su, ping, traceroute, crontab, dnsd, ipcrm, ipcs,
|
|
and vlock.
|
|
|
|
config FEATURE_SUID_CONFIG
|
|
bool "Runtime SUID/SGID configuration via /etc/busybox.conf"
|
|
default n if FEATURE_SUID
|
|
depends on FEATURE_SUID
|
|
help
|
|
Allow the SUID / SGID state of an applet to be determined at runtime
|
|
by checking /etc/busybox.conf. (This is sort of a poor man's sudo.)
|
|
The format of this file is as follows:
|
|
|
|
<applet> = [Ssx-][Ssx-][x-] (<username>|<uid>).(<groupname>|<gid>)
|
|
|
|
An example might help:
|
|
|
|
[SUID]
|
|
su = ssx root.0 # applet su can be run by anyone and runs with
|
|
# euid=0/egid=0
|
|
su = ssx # exactly the same
|
|
|
|
mount = sx- root.disk # applet mount can be run by root and members
|
|
# of group disk and runs with euid=0
|
|
|
|
cp = --- # disable applet cp for everyone
|
|
|
|
The file has to be owned by user root, group root and has to be
|
|
writeable only by root:
|
|
(chown 0.0 /etc/busybox.conf; chmod 600 /etc/busybox.conf)
|
|
The busybox executable has to be owned by user root, group
|
|
root and has to be setuid root for this to work:
|
|
(chown 0.0 /bin/busybox; chmod 4755 /bin/busybox)
|
|
|
|
Robert 'sandman' Griebl has more information here:
|
|
<url: http://www.softforge.de/bb/suid.html >.
|
|
|
|
config FEATURE_SUID_CONFIG_QUIET
|
|
bool "Suppress warning message if /etc/busybox.conf is not readable"
|
|
default y
|
|
depends on FEATURE_SUID_CONFIG
|
|
help
|
|
/etc/busybox.conf should be readable by the user needing the SUID,
|
|
check this option to avoid users to be notified about missing
|
|
permissions.
|
|
|
|
config SELINUX
|
|
bool "Support NSA Security Enhanced Linux"
|
|
default n
|
|
help
|
|
Enable support for SELinux in applets ls, ps, and id. Also provide
|
|
the option of compiling in SELinux applets.
|
|
|
|
If you do not have a complete SELinux userland installed, this stuff
|
|
will not compile. Go visit
|
|
http://www.nsa.gov/selinux/index.html
|
|
to download the necessary stuff to allow busybox to compile with
|
|
this option enabled. Specifially, libselinux 1.28 or better is
|
|
directly required by busybox. If the installation is located in a
|
|
non-standard directory, provide it by invoking make as follows:
|
|
CFLAGS=-I<libselinux-include-path> \
|
|
LDFLAGS=-L<libselinux-lib-path> \
|
|
make
|
|
|
|
Most people will leave this set to 'N'.
|
|
|
|
config FEATURE_PREFER_APPLETS
|
|
bool "exec prefers applets"
|
|
default n
|
|
help
|
|
This is an experimental option which directs applets about to
|
|
call 'exec' to try and find an applicable busybox applet before
|
|
searching the PATH. This is typically done by exec'ing
|
|
/proc/self/exe.
|
|
This may affect shell, find -exec, xargs and similar applets.
|
|
They will use applets even if /bin/<applet> -> busybox link
|
|
is missing (or is not a link to busybox). However, this causes
|
|
problems in chroot jails without mounted /proc and with ps/top
|
|
(command name can be shown as 'exe' for applets started this way).
|
|
|
|
config BUSYBOX_EXEC_PATH
|
|
string "Path to BusyBox executable"
|
|
default "/proc/self/exe"
|
|
help
|
|
When Busybox applets need to run other busybox applets, BusyBox
|
|
sometimes needs to exec() itself. When the /proc filesystem is
|
|
mounted, /proc/self/exe always points to the currently running
|
|
executable. If you haven't got /proc, set this to wherever you
|
|
want to run BusyBox from.
|
|
|
|
# These are auto-selected by other options
|
|
|
|
config FEATURE_SYSLOG
|
|
bool "Support for logging to syslog"
|
|
default n
|
|
help
|
|
This option is auto-selected when you select any applet which may
|
|
send its output to syslog. You do not need to select it manually.
|
|
|
|
config FEATURE_HAVE_RPC
|
|
bool "RPC support"
|
|
default n
|
|
help
|
|
This is automatically selected if any of enabled applets need it.
|
|
You do not need to select it manually.
|
|
|
|
endmenu
|
|
|
|
menu 'Build Options'
|
|
|
|
config STATIC
|
|
bool "Build BusyBox as a static binary (no shared libs)"
|
|
default n
|
|
help
|
|
If you want to build a static BusyBox binary, which does not
|
|
use or require any shared libraries, then enable this option.
|
|
This can cause BusyBox to be considerably larger, so you should
|
|
leave this option false unless you have a good reason (i.e.
|
|
your target platform does not support shared libraries, or
|
|
you are building an initrd which doesn't need anything but
|
|
BusyBox, etc).
|
|
|
|
Most people will leave this set to 'N'.
|
|
|
|
config PIE
|
|
bool "Build BusyBox as a position independent executable"
|
|
default n
|
|
depends on !STATIC
|
|
help
|
|
(TODO: what is it and why/when is it useful?)
|
|
Most people will leave this set to 'N'.
|
|
|
|
config NOMMU
|
|
bool "Force NOMMU build"
|
|
default n
|
|
help
|
|
Busybox tries to detect whether architecture it is being
|
|
built against supports MMU or not. If this detection fails,
|
|
or if you want to build NOMMU version of busybox for testing,
|
|
you may force NOMMU build here.
|
|
|
|
Most people will leave this set to 'N'.
|
|
|
|
# PIE can be made to work with BUILD_LIBBUSYBOX, but currently
|
|
# build system does not support that
|
|
config BUILD_LIBBUSYBOX
|
|
bool "Build shared libbusybox"
|
|
default n
|
|
depends on !FEATURE_PREFER_APPLETS && !PIE && !STATIC
|
|
help
|
|
Build a shared library libbusybox.so.N.N.N which contains all
|
|
busybox code.
|
|
|
|
This feature allows every applet to be built as a tiny
|
|
separate executable. Enabling it for "one big busybox binary"
|
|
approach serves no purpose and increases code size.
|
|
You should almost certainly say "no" to this.
|
|
|
|
### config FEATURE_FULL_LIBBUSYBOX
|
|
### bool "Feature-complete libbusybox"
|
|
### default n if !FEATURE_SHARED_BUSYBOX
|
|
### depends on BUILD_LIBBUSYBOX
|
|
### help
|
|
### Build a libbusybox with the complete feature-set, disregarding
|
|
### the actually selected config.
|
|
###
|
|
### Normally, libbusybox will only contain the features which are
|
|
### used by busybox itself. If you plan to write a separate
|
|
### standalone application which uses libbusybox say 'Y'.
|
|
###
|
|
### Note: libbusybox is GPL, not LGPL, and exports no stable API that
|
|
### might act as a copyright barrier. We can and will modify the
|
|
### exported function set between releases (even minor version number
|
|
### changes), and happily break out-of-tree features.
|
|
###
|
|
### Say 'N' if in doubt.
|
|
|
|
config FEATURE_INDIVIDUAL
|
|
bool "Produce a binary for each applet, linked against libbusybox"
|
|
default y
|
|
depends on BUILD_LIBBUSYBOX
|
|
help
|
|
If your CPU architecture doesn't allow for sharing text/rodata
|
|
sections of running binaries, but allows for runtime dynamic
|
|
libraries, this option will allow you to reduce memory footprint
|
|
when you have many different applets running at once.
|
|
|
|
If your CPU architecture allows for sharing text/rodata,
|
|
having single binary is more optimal.
|
|
|
|
Each applet will be a tiny program, dynamically linked
|
|
against libbusybox.so.N.N.N.
|
|
|
|
You need to have a working dynamic linker.
|
|
|
|
config FEATURE_SHARED_BUSYBOX
|
|
bool "Produce additional busybox binary linked against libbusybox"
|
|
default y
|
|
depends on BUILD_LIBBUSYBOX
|
|
help
|
|
Build busybox, dynamically linked against libbusybox.so.N.N.N.
|
|
|
|
You need to have a working dynamic linker.
|
|
|
|
### config BUILD_AT_ONCE
|
|
### bool "Compile all sources at once"
|
|
### default n
|
|
### help
|
|
### Normally each source-file is compiled with one invocation of
|
|
### the compiler.
|
|
### If you set this option, all sources are compiled at once.
|
|
### This gives the compiler more opportunities to optimize which can
|
|
### result in smaller and/or faster binaries.
|
|
###
|
|
### Setting this option will consume alot of memory, e.g. if you
|
|
### enable all applets with all features, gcc uses more than 300MB
|
|
### RAM during compilation of busybox.
|
|
###
|
|
### This option is most likely only beneficial for newer compilers
|
|
### such as gcc-4.1 and above.
|
|
###
|
|
### Say 'N' unless you know what you are doing.
|
|
|
|
config LFS
|
|
bool "Build with Large File Support (for accessing files > 2 GB)"
|
|
default n
|
|
select FDISK_SUPPORT_LARGE_DISKS
|
|
help
|
|
If you want to build BusyBox with large file support, then enable
|
|
this option. This will have no effect if your kernel or your C
|
|
library lacks large file support for large files. Some of the
|
|
programs that can benefit from large file support include dd, gzip,
|
|
cp, mount, tar, and many others. If you want to access files larger
|
|
than 2 Gigabytes, enable this option. Otherwise, leave it set to 'N'.
|
|
|
|
config CROSS_COMPILER_PREFIX
|
|
string "Cross Compiler prefix"
|
|
default ""
|
|
help
|
|
If you want to build BusyBox with a cross compiler, then you
|
|
will need to set this to the cross-compiler prefix, for example,
|
|
"i386-uclibc-". Note that CROSS_COMPILE environment variable
|
|
or "make CROSS_COMPILE=xxx ..." will override this selection.
|
|
For native build leave it empty.
|
|
|
|
endmenu
|
|
|
|
menu 'Debugging Options'
|
|
|
|
config DEBUG
|
|
bool "Build BusyBox with extra Debugging symbols"
|
|
default n
|
|
help
|
|
Say Y here if you wish to examine BusyBox internals while applets are
|
|
running. This increases the size of the binary considerably, and
|
|
should only be used when doing development. If you are doing
|
|
development and want to debug BusyBox, answer Y.
|
|
|
|
Most people should answer N.
|
|
|
|
config DEBUG_PESSIMIZE
|
|
bool "Disable compiler optimizations"
|
|
default n
|
|
depends on DEBUG
|
|
help
|
|
The compiler's optimization of source code can eliminate and reorder
|
|
code, resulting in an executable that's hard to understand when
|
|
stepping through it with a debugger. This switches it off, resulting
|
|
in a much bigger executable that more closely matches the source
|
|
code.
|
|
|
|
config WERROR
|
|
bool "Abort compilation on any warning"
|
|
default n
|
|
help
|
|
Selecting this will add -Werror to gcc command line.
|
|
|
|
Most people should answer N.
|
|
|
|
choice
|
|
prompt "Additional debugging library"
|
|
default NO_DEBUG_LIB
|
|
help
|
|
Using an additional debugging library will make BusyBox become
|
|
considerable larger and will cause it to run more slowly. You
|
|
should always leave this option disabled for production use.
|
|
|
|
dmalloc support:
|
|
----------------
|
|
This enables compiling with dmalloc ( http://dmalloc.com/ )
|
|
which is an excellent public domain mem leak and malloc problem
|
|
detector. To enable dmalloc, before running busybox you will
|
|
want to properly set your environment, for example:
|
|
export DMALLOC_OPTIONS=debug=0x34f47d83,inter=100,log=logfile
|
|
The 'debug=' value is generated using the following command
|
|
dmalloc -p log-stats -p log-non-free -p log-bad-space \
|
|
-p log-elapsed-time -p check-fence -p check-heap \
|
|
-p check-lists -p check-blank -p check-funcs -p realloc-copy \
|
|
-p allow-free-null
|
|
|
|
Electric-fence support:
|
|
-----------------------
|
|
This enables compiling with Electric-fence support. Electric
|
|
fence is another very useful malloc debugging library which uses
|
|
your computer's virtual memory hardware to detect illegal memory
|
|
accesses. This support will make BusyBox be considerable larger
|
|
and run slower, so you should leave this option disabled unless
|
|
you are hunting a hard to find memory problem.
|
|
|
|
|
|
config NO_DEBUG_LIB
|
|
bool "None"
|
|
|
|
config DMALLOC
|
|
bool "Dmalloc"
|
|
|
|
config EFENCE
|
|
bool "Electric-fence"
|
|
|
|
endchoice
|
|
|
|
config INCLUDE_SUSv2
|
|
bool "Enable obsolete features removed before SUSv3?"
|
|
default y
|
|
help
|
|
This option will enable backwards compatibility with SuSv2,
|
|
specifically, old-style numeric options ('command -1 <file>')
|
|
will be supported in head, tail, and fold. (Note: should
|
|
affect renice too.)
|
|
|
|
config PARSE
|
|
bool "Uniform config file parser debugging applet: parse"
|
|
|
|
endmenu
|
|
|
|
menu 'Installation Options'
|
|
|
|
config INSTALL_NO_USR
|
|
bool "Don't use /usr"
|
|
default n
|
|
help
|
|
Disable use of /usr. Don't activate this option if you don't know
|
|
that you really want this behaviour.
|
|
|
|
choice
|
|
prompt "Applets links"
|
|
default INSTALL_APPLET_SYMLINKS
|
|
help
|
|
Choose how you install applets links.
|
|
|
|
config INSTALL_APPLET_SYMLINKS
|
|
bool "as soft-links"
|
|
help
|
|
Install applets as soft-links to the busybox binary. This needs some
|
|
free inodes on the filesystem, but might help with filesystem
|
|
generators that can't cope with hard-links.
|
|
|
|
config INSTALL_APPLET_HARDLINKS
|
|
bool "as hard-links"
|
|
help
|
|
Install applets as hard-links to the busybox binary. This might
|
|
count on a filesystem with few inodes.
|
|
|
|
config INSTALL_APPLET_SCRIPT_WRAPPERS
|
|
bool "as script wrappers"
|
|
help
|
|
Install applets as script wrappers that call the busybox binary.
|
|
|
|
config INSTALL_APPLET_DONT
|
|
bool "not installed"
|
|
depends on FEATURE_INSTALLER || FEATURE_SH_STANDALONE || FEATURE_PREFER_APPLETS
|
|
help
|
|
Do not install applet links. Useful when using the -install feature
|
|
or a standalone shell for rescue purposes.
|
|
|
|
endchoice
|
|
|
|
choice
|
|
prompt "/bin/sh applet link"
|
|
default INSTALL_SH_APPLET_SYMLINK
|
|
depends on INSTALL_APPLET_SCRIPT_WRAPPERS
|
|
help
|
|
Choose how you install /bin/sh applet link.
|
|
|
|
config INSTALL_SH_APPLET_SYMLINK
|
|
bool "as soft-link"
|
|
help
|
|
Install /bin/sh applet as soft-link to the busybox binary.
|
|
|
|
config INSTALL_SH_APPLET_HARDLINK
|
|
bool "as hard-link"
|
|
help
|
|
Install /bin/sh applet as hard-link to the busybox binary.
|
|
|
|
config INSTALL_SH_APPLET_SCRIPT_WRAPPER
|
|
bool "as script wrapper"
|
|
help
|
|
Install /bin/sh applet as script wrapper that call the busybox
|
|
binary.
|
|
|
|
endchoice
|
|
|
|
config PREFIX
|
|
string "BusyBox installation prefix"
|
|
default "./_install"
|
|
help
|
|
Define your directory to install BusyBox files/subdirs in.
|
|
|
|
endmenu
|
|
|
|
source libbb/Config.in
|
|
|
|
endmenu
|
|
|
|
comment "Applets"
|
|
|
|
source archival/Config.in
|
|
source coreutils/Config.in
|
|
source console-tools/Config.in
|
|
source debianutils/Config.in
|
|
source editors/Config.in
|
|
source findutils/Config.in
|
|
source init/Config.in
|
|
source loginutils/Config.in
|
|
source e2fsprogs/Config.in
|
|
source modutils/Config.in
|
|
source util-linux/Config.in
|
|
source miscutils/Config.in
|
|
source networking/Config.in
|
|
source procps/Config.in
|
|
source shell/Config.in
|
|
source sysklogd/Config.in
|
|
source runit/Config.in
|
|
source selinux/Config.in
|
|
source printutils/Config.in
|