1.\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman. 2.Dd March 5, 2026 3.Dt SRC.CONF 5 4.Os 5.Sh NAME 6.Nm src.conf 7.Nd "source build options" 8.Sh DESCRIPTION 9The 10.Nm 11file contains variables that control what components will be generated during 12the build process of the 13.Fx 14source tree; see 15.Xr build 7 . 16.Pp 17The 18.Nm 19file uses the standard makefile syntax. 20However, 21.Nm 22should not specify any dependencies to 23.Xr make 1 . 24Instead, 25.Nm 26is to set 27.Xr make 1 28variables that control the aspects of how the system builds. 29.Pp 30The default location of 31.Nm 32is the top level of the source tree, or 33.Pa /etc/src.conf 34if no 35.Nm 36is found in the source tree itself, 37though an alternative location can be specified in the 38.Xr make 1 39variable 40.Va SRCCONF . 41Overriding the location of 42.Nm 43may be necessary if the system-wide settings are not suitable 44for a particular build. 45For instance, setting 46.Va SRCCONF 47to 48.Pa /dev/null 49effectively resets all build controls to their defaults. 50.Pp 51The only purpose of 52.Nm 53is to control the compilation of the 54.Fx 55source code, which is usually located in 56.Pa /usr/src . 57As a rule, the system administrator creates 58.Nm 59when the values of certain control variables need to be changed 60from their defaults. 61.Pp 62In addition, control variables can be specified 63for a particular build via the 64.Fl D 65option of 66.Xr make 1 67or in its environment; see 68.Xr environ 7 . 69.Pp 70The environment of 71.Xr make 1 72for the build can be controlled via the 73.Va SRC_ENV_CONF 74variable, which defaults to 75.Pa /etc/src-env.conf . 76Some examples that may only be set in this file are 77.Va WITH_DIRDEPS_BUILD , 78and 79.Va WITH_META_MODE , 80and 81.Va MAKEOBJDIRPREFIX 82as they are environment-only variables. 83.Pp 84The values of 85.Va WITH_ 86and 87.Va WITHOUT_ 88variables are ignored regardless of their setting; 89even if they would be set to 90.Dq Li FALSE 91or 92.Dq Li NO . 93The presence of an option causes 94it to be honored by 95.Xr make 1 . 96.Pp 97This list provides a name and short description for variables 98that can be used for source builds. 99.Bl -tag -width indent 100.It Va WITHOUT_ACCT 101Do not build process accounting tools such as 102.Xr accton 8 103and 104.Xr sa 8 . 105.It Va WITHOUT_ACPI 106Do not build 107.Xr acpiconf 8 , 108.Xr acpidump 8 109and related programs. 110.It Va WITHOUT_APM 111Do not build 112.Xr apm 8 , 113.Xr apmd 8 114and related programs. 115.It Va WITH_ASAN 116Build the base system with Address Sanitizer (ASan) to detect 117memory corruption bugs such as buffer overflows or use-after-free. 118Requires that Clang be used as the base system compiler 119and that the runtime support library is available. 120When set, it enforces these options: 121.Pp 122.Bl -item -compact 123.It 124.Va WITH_LLVM_BINUTILS 125.El 126.It Va WITHOUT_ASSERT_DEBUG 127Compile programs and libraries without the 128.Xr assert 3 129checks. 130.It Va WITHOUT_AT 131Do not build 132.Xr at 1 133and related utilities. 134.It Va WITHOUT_AUDIT 135Do not build audit support into system programs. 136.It Va WITHOUT_AUTHPF 137Do not build 138.Xr authpf 8 . 139.It Va WITHOUT_AUTOFS 140Do not build 141.Xr autofs 4 142related programs, libraries, and kernel modules. 143.It Va WITHOUT_AUTO_OBJ 144Disable automatic creation of objdirs. 145This is enabled by default if the wanted OBJDIR is writable by the current user. 146.Pp 147This must be set in the environment, make command line, or 148.Pa /etc/src-env.conf , 149not 150.Pa /etc/src.conf . 151.It Va WITH_BEARSSL 152Build the BearSSL library. 153.Pp 154BearSSL is a tiny SSL library suitable for embedded environments. 155For details see 156.Lk https://www.BearSSL.org/ 157.Pp 158This library is currently only used to perform 159signature verification and related operations 160for Verified Exec and 161.Xr loader 8 . 162.Pp 163Due to size constraints in the BIOS environment on x86, one may need to set 164.Va LOADERSIZE 165larger than the 166default 500000, although often loader is under the 500k limit even with 167this option. 168Setting 169.Va LOADERSIZE 170larger than 500000 may cause 171.Xr pxeboot 8 172to be too large to work. 173Careful testing of the loader in the target environment when built with a larger 174limit to establish safe limits is critical because different BIOS environments 175reserve differing amounts of the low 640k space, making a precise limit for 176everybody impossible. 177.Pp 178See also 179.Va WITH_LOADER_PXEBOOT 180for other considerations. 181When set, these options are also in effect: 182.Pp 183.Bl -inset -compact 184.It Va WITH_LOADER_EFI_SECUREBOOT 185(unless 186.Va WITHOUT_LOADER_EFI_SECUREBOOT 187is set explicitly) 188.It Va WITH_LOADER_VERIEXEC 189(unless 190.Va WITHOUT_LOADER_VERIEXEC 191is set explicitly) 192.It Va WITH_LOADER_VERIEXEC_VECTX 193(unless 194.Va WITHOUT_LOADER_VERIEXEC_VECTX 195is set explicitly) 196.It Va WITH_VERIEXEC 197(unless 198.Va WITHOUT_VERIEXEC 199is set explicitly) 200.El 201.It Va WITHOUT_BHYVE 202Do not build or install 203.Xr bhyve 8 , 204associated utilities, and examples. 205.Pp 206This option only affects amd64/amd64 and arm64/aarch64. 207.It Va WITH_BHYVE_SNAPSHOT 208Include support for save and restore (snapshots) in 209.Xr bhyve 8 210and 211.Xr bhyvectl 8 . 212.Pp 213This option only affects amd64/amd64. 214.It Va WITH_BIND_NOW 215Build all binaries with the 216.Dv DF_BIND_NOW 217flag set to indicate that the run-time loader should perform all relocation 218processing at process startup rather than on demand. 219The combination of the 220.Va BIND_NOW 221and 222.Va RELRO 223options provide "full" Relocation Read-Only (RELRO) support. 224With full RELRO the entire GOT is made read-only after performing relocation at 225startup, avoiding GOT overwrite attacks. 226.It Va WITHOUT_BLACKLIST 227This option has been renamed to 228.Va WITHOUT_BLOCKLIST . 229When set, it enforces these options: 230.Pp 231.Bl -item -compact 232.It 233.Va WITHOUT_BLOCKLIST 234.El 235.Pp 236When set, these options are also in effect: 237.Pp 238.Bl -inset -compact 239.It Va WITHOUT_BLACKLIST_SUPPORT 240(unless 241.Va WITH_BLACKLIST_SUPPORT 242is set explicitly) 243.It Va WITHOUT_BLOCKLIST_SUPPORT 244(unless 245.Va WITH_BLOCKLIST_SUPPORT 246is set explicitly) 247.El 248.It Va WITHOUT_BLACKLIST_SUPPORT 249This option has been renamed to 250.Va WITHOUT_BLOCKLIST_SUPPORT . 251When set, it enforces these options: 252.Pp 253.Bl -item -compact 254.It 255.Va WITHOUT_BLOCKLIST_SUPPORT 256.El 257.It Va WITHOUT_BLOCKLIST 258Set this if you do not want to build 259.Xr blocklistd 8 260and 261.Xr blocklistctl 8 . 262When set, these options are also in effect: 263.Pp 264.Bl -inset -compact 265.It Va WITHOUT_BLOCKLIST_SUPPORT 266(unless 267.Va WITH_BLOCKLIST_SUPPORT 268is set explicitly) 269.El 270.It Va WITHOUT_BLOCKLIST_SUPPORT 271Build some programs without 272.Xr libblocklist 3 273support, like 274.Xr fingerd 8 275and 276.Xr sshd 8 . 277.It Va WITHOUT_BLUETOOTH 278Do not build Bluetooth related kernel modules, programs and libraries. 279.It Va WITHOUT_BOOT 280Do not build the boot blocks and loader. 281.It Va WITHOUT_BOOTPARAMD 282Do not build or install 283.Xr bootparamd 8 . 284.It Va WITHOUT_BOOTPD 285Do not build or install 286.Xr bootpd 8 . 287.It Va WITH_BRANCH_PROTECTION 288Build with branch protection enabled. 289On arm64 enable the use of pointer authentication and 290branch target identification instructions on arm64. 291These can be used to help mitigate some exploit techniques. 292.It Va WITHOUT_BSDINSTALL 293Do not build 294.Xr bsdinstall 8 , 295.Xr sade 8 , 296and related programs. 297.It Va WITHOUT_BSNMP 298Do not build or install 299.Xr bsnmpd 1 300and related libraries and data files. 301.It Va WITHOUT_BZIP2 302Do not build contributed bzip2 software as a part of the base system. 303.Bf -symbolic 304The option has no effect yet. 305.Ef 306When set, these options are also in effect: 307.Pp 308.Bl -inset -compact 309.It Va WITHOUT_BZIP2_SUPPORT 310(unless 311.Va WITH_BZIP2_SUPPORT 312is set explicitly) 313.El 314.It Va WITHOUT_BZIP2_SUPPORT 315Build some programs without optional bzip2 support. 316.It Va WITHOUT_CALENDAR 317Do not build 318.Xr calendar 1 . 319.It Va WITHOUT_CAROOT 320Do not add the trusted certificates from the Mozilla NSS bundle to 321base. 322.It Va WITHOUT_CASPER 323This option has no effect. 324.It Va WITH_CCACHE_BUILD 325Use 326.Xr ccache 1 327for the build. 328No configuration is required except to install the 329.Sy devel/ccache 330or 331.Sy devel/sccache 332package. 333When using with 334.Xr distcc 1 , 335set 336.Sy CCACHE_PREFIX=/usr/local/bin/distcc . 337When using with sccache 338set 339.Sy CCACHE_NAME=sccache 340in 341.Xr src.conf 5 . 342The default cache directory of 343.Pa $HOME/.ccache 344will be used, which can be overridden by setting 345.Sy CCACHE_DIR . 346The 347.Sy CCACHE_COMPILERCHECK 348option defaults to 349.Sy content 350when using the in-tree bootstrap compiler, 351and 352.Sy mtime 353when using an external compiler. 354The 355.Sy CCACHE_CPP2 356option is used for Clang but not GCC. 357.Pp 358Sharing a cache between multiple work directories requires using a layout 359similar to 360.Pa /some/prefix/src 361.Pa /some/prefix/obj 362and an environment such as: 363.Bd -literal -offset indent 364CCACHE_BASEDIR='${SRCTOP:H}' MAKEOBJDIRPREFIX='${SRCTOP:H}/obj' 365.Ed 366.Pp 367See 368.Xr ccache 1 369for more configuration options. 370.It Va WITHOUT_CCD 371Do not build 372.Xr geom_ccd 4 373and related utilities. 374.It Va WITHOUT_CDDL 375Do not build code licensed under Sun's CDDL. 376When set, it enforces these options: 377.Pp 378.Bl -item -compact 379.It 380.Va WITHOUT_CTF 381.It 382.Va WITHOUT_DTRACE 383.It 384.Va WITHOUT_LOADER_ZFS 385.It 386.Va WITHOUT_ZFS 387.It 388.Va WITHOUT_ZFS_TESTS 389.El 390.It Va WITHOUT_CLANG 391Do not build the Clang C/C++ compiler during the regular phase of the build. 392When set, it enforces these options: 393.Pp 394.Bl -item -compact 395.It 396.Va WITHOUT_CLANG_EXTRAS 397.It 398.Va WITHOUT_CLANG_FORMAT 399.It 400.Va WITHOUT_CLANG_FULL 401.It 402.Va WITHOUT_LLVM_COV 403.El 404.Pp 405When set, these options are also in effect: 406.Pp 407.Bl -inset -compact 408.It Va WITHOUT_LLVM_TARGET_AARCH64 409(unless 410.Va WITH_LLVM_TARGET_AARCH64 411is set explicitly) 412.It Va WITHOUT_LLVM_TARGET_ALL 413(unless 414.Va WITH_LLVM_TARGET_ALL 415is set explicitly) 416.It Va WITHOUT_LLVM_TARGET_ARM 417(unless 418.Va WITH_LLVM_TARGET_ARM 419is set explicitly) 420.It Va WITHOUT_LLVM_TARGET_POWERPC 421(unless 422.Va WITH_LLVM_TARGET_POWERPC 423is set explicitly) 424.It Va WITHOUT_LLVM_TARGET_RISCV 425(unless 426.Va WITH_LLVM_TARGET_RISCV 427is set explicitly) 428.El 429.It Va WITHOUT_CLANG_BOOTSTRAP 430Do not build the Clang C/C++ compiler during the bootstrap phase of 431the build. 432To be able to build the system, either gcc or clang bootstrap must be 433enabled unless an alternate compiler is provided via XCC. 434.It Va WITH_CLANG_EXTRAS 435Build additional clang and llvm tools, such as bugpoint and 436clang-format. 437.It Va WITH_CLANG_FORMAT 438Build clang-format. 439.It Va WITHOUT_CLANG_FULL 440Avoid building the ARCMigrate, Rewriter and StaticAnalyzer components of 441the Clang C/C++ compiler. 442.It Va WITH_CLEAN 443Clean before building world and/or kernel. 444Note that recording a new epoch in 445.Pa .clean_build_epoch 446in the root of the source tree will also force a clean world build. 447When set, these options are also in effect: 448.Pp 449.Bl -inset -compact 450.It Va WITHOUT_DEPEND_CLEANUP 451(unless 452.Va WITH_DEPEND_CLEANUP 453is set explicitly) 454.El 455.It Va WITHOUT_CPP 456Do not build 457.Xr cpp 1 . 458.It Va WITHOUT_CROSS_COMPILER 459Do not build any cross compiler in the cross-tools stage of buildworld. 460When compiling a different version of 461.Fx 462than what is installed on the system, provide an alternate 463compiler with XCC to ensure success. 464When compiling with an identical version of 465.Fx 466to the host, this option may be safely used. 467This option may also be safe when the host version of 468.Fx 469is close to the sources being built, but all bets are off if there have 470been any changes to the toolchain between the versions. 471When set, it enforces these options: 472.Pp 473.Bl -item -compact 474.It 475.Va WITHOUT_CLANG_BOOTSTRAP 476.It 477.Va WITHOUT_ELFTOOLCHAIN_BOOTSTRAP 478.It 479.Va WITHOUT_LLD_BOOTSTRAP 480.El 481.It Va WITHOUT_CRYPT 482Do not build any crypto code. 483When set, it enforces these options: 484.Pp 485.Bl -item -compact 486.It 487.Va WITHOUT_DMAGENT 488.It 489.Va WITHOUT_KERBEROS 490.It 491.Va WITHOUT_LDNS 492.It 493.Va WITHOUT_LDNS_UTILS 494.It 495.Va WITHOUT_LOADER_ZFS 496.It 497.Va WITHOUT_MITKRB5 498.It 499.Va WITHOUT_OPENSSH 500.It 501.Va WITHOUT_OPENSSL 502.It 503.Va WITHOUT_OPENSSL_KTLS 504.It 505.Va WITHOUT_PKGBOOTSTRAP 506.It 507.Va WITHOUT_UNBOUND 508.It 509.Va WITHOUT_ZFS 510.It 511.Va WITHOUT_ZFS_TESTS 512.El 513.Pp 514When set, these options are also in effect: 515.Pp 516.Bl -inset -compact 517.It Va WITHOUT_KERBEROS_SUPPORT 518(unless 519.Va WITH_KERBEROS_SUPPORT 520is set explicitly) 521.El 522.It Va WITH_CTF 523Compile with CTF (Compact C Type Format) data. 524CTF data encapsulates a reduced form of debugging information 525similar to DWARF and the venerable stabs and is required for DTrace. 526.It Va WITHOUT_CUSE 527Do not build CUSE-related programs and libraries. 528.It Va WITHOUT_CXGBETOOL 529Do not build 530.Xr cxgbetool 8 531.Pp 532This is a default setting on 533arm/armv7 and riscv/riscv64. 534.It Va WITH_CXGBETOOL 535Build 536.Xr cxgbetool 8 537.Pp 538This is a default setting on 539amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. 540.It Va WITHOUT_DEBUG_FILES 541Avoid building or installing standalone debug files for each 542executable binary and shared library. 543.It Va WITHOUT_DEPEND_CLEANUP 544Do not attempt to detect if the object tree needs cleaning in part or in 545whole before building. 546This speeds up incremental builds, especially when experimenting with 547build options, but may cause the build to inexplicably fail or produce 548non-functioning binaries. 549.It Va WITH_DETECT_TZ_CHANGES 550Make the time handling code detect changes to the timezone files. 551.It Va WITH_DIALOG 552Do build 553.Xr dialog 1 , 554.Xr dialog 3 , 555.Xr dpv 1 , 556and 557.Xr dpv 3 . 558.It Va WITHOUT_DICT 559Do not build the Webster dictionary files. 560.It Va WITH_DIRDEPS_BUILD 561This is an alternate build system. 562For details see 563https://www.crufty.net/sjg/docs/freebsd-meta-mode.htm. 564Build commands can be seen from the top-level with: 565.Dl make show-valid-targets 566The build is driven by dirdeps.mk using 567.Va DIRDEPS 568stored in 569Makefile.depend files found in each directory. 570.Pp 571The build can be started from anywhere, and behaves the same. 572The initial instance of 573.Xr make 1 574recursively reads 575.Va DIRDEPS 576from 577.Pa Makefile.depend , 578computing a graph of tree dependencies from the current origin. 579Setting 580.Va NO_DIRDEPS 581skips checking dirdep dependencies and will only build in the current 582and child directories. 583.Va NO_DIRDEPS_BELOW 584skips building any dirdeps and only build the current directory. 585.Pp 586This also utilizes the 587.Va WITH_META_MODE 588logic for incremental builds. 589.Pp 590The build hides commands executed unless 591.Va NO_SILENT 592is defined. 593.Pp 594Note that there is currently no mass install feature for this. 595This build is designed for producing packages, that can then be installed 596on a target system. 597.Pp 598The implementation in 599.Fx 600is incomplete. 601Completion would require leaf directories for building each kernel 602and package so that their dependencies can be tracked. 603When set, it enforces these options: 604.Pp 605.Bl -item -compact 606.It 607.Va WITH_INSTALL_AS_USER 608.El 609.Pp 610When set, these options are also in effect: 611.Pp 612.Bl -inset -compact 613.It Va WITH_META_ERROR_TARGET 614(unless 615.Va WITHOUT_META_ERROR_TARGET 616is set explicitly) 617.It Va WITH_META_MODE 618(unless 619.Va WITHOUT_META_MODE 620is set explicitly) 621.It Va WITH_STAGING 622(unless 623.Va WITHOUT_STAGING 624is set explicitly) 625.It Va WITH_STAGING_MAN 626(unless 627.Va WITHOUT_STAGING_MAN 628is set explicitly) 629.It Va WITH_STAGING_PROG 630(unless 631.Va WITHOUT_STAGING_PROG 632is set explicitly) 633.It Va WITH_SYSROOT 634(unless 635.Va WITHOUT_SYSROOT 636is set explicitly) 637.El 638.Pp 639This must be set in the environment, make command line, or 640.Pa /etc/src-env.conf , 641not 642.Pa /etc/src.conf . 643.It Va WITH_DIRDEPS_CACHE 644Cache result of dirdeps.mk which can save significant time 645for subsequent builds. 646Depends on 647.Va WITH_DIRDEPS_BUILD . 648.Pp 649This must be set in the environment, make command line, or 650.Pa /etc/src-env.conf , 651not 652.Pa /etc/src.conf . 653.It Va WITH_DISK_IMAGE_TOOLS_BOOTSTRAP 654Build 655.Xr etdump 1 , 656.Xr makefs 8 657and 658.Xr mkimg 1 659as bootstrap tools. 660.It Va WITHOUT_DMAGENT 661Do not build dma Mail Transport Agent. 662.It Va WITHOUT_DOCCOMPRESS 663Do not install compressed system documentation. 664Only the uncompressed version will be installed. 665.It Va WITHOUT_DTRACE 666Do not build DTrace framework kernel modules, libraries, and user commands. 667When set, it enforces these options: 668.Pp 669.Bl -item -compact 670.It 671.Va WITHOUT_CTF 672.El 673.It Va WITH_DTRACE_ASAN 674Compile userspace DTrace code (libdtrace, dtrace(1), lockstat(1), plockstat(1)) 675with address and undefined behavior sanitizers. 676Requires that Clang be used as the base system compiler 677and that the runtime support library is available. 678.It Va WITH_DTRACE_TESTS 679Build and install the DTrace test suite in 680.Pa /usr/tests/cddl/usr.sbin/dtrace . 681This test suite is considered experimental on architectures other than 682amd64/amd64 and running it may cause system instability. 683.It Va WITHOUT_DYNAMICROOT 684Set this if you do not want to link 685.Pa /bin 686and 687.Pa /sbin 688dynamically. 689.It Va WITHOUT_EE 690Do not build and install 691.Xr edit 1 , 692.Xr ee 1 , 693and related programs. 694.It Va WITHOUT_EFI 695Set not to build 696.Xr efivar 3 697and 698.Xr efivar 8 . 699.Pp 700This is a default setting on 701i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. 702.It Va WITH_EFI 703Build 704.Xr efivar 3 705and 706.Xr efivar 8 . 707.Pp 708This is a default setting on 709amd64/amd64, arm/armv7, arm64/aarch64 and riscv/riscv64. 710.It Va WITHOUT_ELFTOOLCHAIN_BOOTSTRAP 711Do not build ELF Tool Chain tools 712(addr2line, nm, size, strings and strip) 713as part of the bootstrap process. 714.Bf -symbolic 715An alternate bootstrap tool chain must be provided. 716.Ef 717.It Va WITHOUT_EXAMPLES 718Avoid installing examples to 719.Pa /usr/share/examples/ . 720.It Va WITH_EXPERIMENTAL 721Include experimental features in the build. 722.It Va WITHOUT_FDT 723Do not build Flattened Device Tree support as part of the base system. 724This includes the device tree compiler (dtc) and libfdt support library. 725.Pp 726This is a default setting on 727amd64/amd64 and i386/i386. 728.It Va WITH_FDT 729Build Flattened Device Tree support as part of the base system. 730This includes the device tree compiler (dtc) and libfdt support library. 731.Pp 732This is a default setting on 733arm/armv7, arm64/aarch64, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 734.It Va WITHOUT_FILE 735Do not build 736.Xr file 1 737and related programs. 738.It Va WITHOUT_FINGER 739Do not build or install 740.Xr finger 1 741and 742.Xr fingerd 8 . 743.It Va WITHOUT_FLOPPY 744Do not build or install programs 745for operating floppy disk driver. 746.It Va WITHOUT_FORMAT_EXTENSIONS 747Do not enable 748.Fl fformat-extensions 749when compiling the kernel. 750Also disables all format checking. 751.It Va WITHOUT_FORTH 752Build bootloaders without Forth support. 753.It Va WITHOUT_FREEBSD_UPDATE 754Do not build 755.Xr freebsd-update 8 . 756.It Va WITHOUT_FTP 757Do not build or install 758.Xr ftp 1 . 759.It Va WITHOUT_GAMES 760Do not build games. 761.It Va WITHOUT_GOOGLETEST 762Neither build nor install 763.Lb libgmock , 764.Lb libgtest , 765and dependent tests. 766.It Va WITHOUT_GPIO 767Do not build 768.Xr gpioctl 8 769as part of the base system. 770.It Va WITHOUT_HAST 771Do not build 772.Xr hastd 8 773and related utilities. 774.It Va WITH_HESIOD 775Build Hesiod support. 776.It Va WITHOUT_HTML 777Do not build HTML docs. 778.It Va WITHOUT_HYPERV 779Do not build or install HyperV utilities. 780.Pp 781This is a default setting on 782arm/armv7, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 783.It Va WITH_HYPERV 784Build or install HyperV utilities. 785.Pp 786This is a default setting on 787amd64/amd64, arm64/aarch64 and i386/i386. 788.It Va WITHOUT_ICONV 789Do not build iconv as part of libc. 790.It Va WITHOUT_INCLUDES 791Do not install header files. 792This option used to be spelled 793.Va NO_INCS . 794.Bf -symbolic 795The option does not work for build targets. 796.Ef 797.It Va WITHOUT_INET 798Do not build programs and libraries related to IPv4 networking. 799When set, it enforces these options: 800.Pp 801.Bl -item -compact 802.It 803.Va WITHOUT_INET_SUPPORT 804.El 805.It Va WITHOUT_INET6 806Do not build 807programs and libraries related to IPv6 networking. 808When set, it enforces these options: 809.Pp 810.Bl -item -compact 811.It 812.Va WITHOUT_INET6_SUPPORT 813.El 814.It Va WITHOUT_INET6_SUPPORT 815Build libraries, programs, and kernel modules without IPv6 support. 816.It Va WITHOUT_INETD 817Do not build 818.Xr inetd 8 . 819.It Va WITHOUT_INET_SUPPORT 820Build libraries, programs, and kernel modules without IPv4 support. 821.It Va WITHOUT_INSTALLLIB 822Set this to not install optional libraries. 823For example, when creating a 824.Xr nanobsd 8 825image. 826.Bf -symbolic 827The option does not work for build targets. 828.Ef 829.It Va WITH_INSTALL_AS_USER 830Make install targets succeed for non-root users by installing 831files with owner and group attributes set to that of the user running 832the 833.Xr make 1 834command. 835The user still must set the 836.Va DESTDIR 837variable to point to a directory where the user has write permissions. 838.It Va WITHOUT_IPFILTER 839Do not build IP Filter package. 840.It Va WITH_IPFILTER_IPFS 841Enable building the 842.Xr ipfs 8 843tool to save and restore IPFilter state tables. 844.It Va WITHOUT_IPFW 845Do not build IPFW tools. 846.It Va WITHOUT_IPSEC_SUPPORT 847Do not build the kernel with 848.Xr ipsec 4 849support. 850This option is needed for 851.Xr ipsec 4 852and 853.Xr tcpmd5 4 . 854.It Va WITHOUT_ISCSI 855Do not build 856.Xr iscsid 8 857and related utilities. 858.It Va WITHOUT_JAIL 859Do not build tools for the support of jails; e.g., 860.Xr jail 8 . 861.It Va WITHOUT_JEMALLOC_LG_VADDR_WIDE 862Disallow programs to use more than 48 address bits on amd64. 863Incompatible with LA57 mode. 864Enabling this option might result in a slight reduction in memory 865consumption for jemalloc metadata, but also requires disabling LA57 866(if hardware supports it). 867.It Va WITHOUT_KDUMP 868Do not build 869.Xr kdump 1 870and 871.Xr truss 1 . 872.It Va WITHOUT_KERBEROS 873Set this to not build Kerberos. 874When set, these options are also in effect: 875.Pp 876.Bl -inset -compact 877.It Va WITHOUT_KERBEROS_SUPPORT 878(unless 879.Va WITH_KERBEROS_SUPPORT 880is set explicitly) 881.El 882.It Va WITHOUT_KERBEROS_SUPPORT 883Build some programs without Kerberos support, like 884.Xr ssh 1 , 885.Xr telnet 1 , 886and 887.Xr sshd 8 . 888.It Va WITH_KERNEL_BIN 889Generate and install kernel.bin from kernel as part of the normal build and 890install processes for the kernel. Available only on arm and arm64. 891 892Usually this will be added to the kernel config file with: 893 894makeoptions WITH_KERNEL_BIN=1 895 896though it can also be used on the command line. 897.It Va WITH_KERNEL_RETPOLINE 898Enable the "retpoline" mitigation for CVE-2017-5715 in the kernel 899build. 900.It Va WITHOUT_KERNEL_SYMBOLS 901Do not install standalone kernel debug symbol files. 902This option has no effect at build time. 903.It Va WITHOUT_KVM 904Do not build the 905.Nm libkvm 906library as a part of the base system. 907.Bf -symbolic 908The option has no effect yet. 909.Ef 910When set, these options are also in effect: 911.Pp 912.Bl -inset -compact 913.It Va WITHOUT_KVM_SUPPORT 914(unless 915.Va WITH_KVM_SUPPORT 916is set explicitly) 917.El 918.It Va WITHOUT_KVM_SUPPORT 919Build some programs without optional 920.Nm libkvm 921support. 922.It Va WITHOUT_LDNS 923Setting this variable will prevent the LDNS library from being built. 924When set, it enforces these options: 925.Pp 926.Bl -item -compact 927.It 928.Va WITHOUT_LDNS_UTILS 929.It 930.Va WITHOUT_UNBOUND 931.El 932.It Va WITHOUT_LDNS_UTILS 933Setting this variable will prevent building the LDNS utilities 934.Xr drill 1 935and 936.Xr host 1 . 937.It Va WITHOUT_LEGACY_CONSOLE 938Do not build programs that support a legacy PC console; e.g., 939.Xr kbdcontrol 1 940and 941.Xr vidcontrol 1 . 942.It Va WITHOUT_LIB32 943On 64-bit platforms, do not build 32-bit library set and a 944.Nm ld-elf32.so.1 945runtime linker. 946.Pp 947This is a default setting on 948arm/armv7, i386/i386, powerpc/powerpc64le and riscv/riscv64. 949.It Va WITH_LIB32 950On 64-bit platforms, build the 32-bit library set and a 951.Nm ld-elf32.so.1 952runtime linker. 953.Pp 954This is a default setting on 955amd64/amd64, arm64/aarch64 and powerpc/powerpc64. 956.It Va WITHOUT_LLD 957Do not build LLVM's lld linker. 958.It Va WITHOUT_LLDB 959Do not build the LLDB debugger. 960.Pp 961This is a default setting on 962riscv/riscv64. 963.It Va WITH_LLDB 964Build the LLDB debugger. 965.Pp 966This is a default setting on 967amd64/amd64, arm/armv7, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. 968.It Va WITHOUT_LLD_BOOTSTRAP 969Do not build the LLD linker during the bootstrap phase of 970the build. 971To be able to build the system an alternate linker must be provided via XLD. 972.It Va WITHOUT_LLVM_ASSERTIONS 973Disable debugging assertions in LLVM. 974.It Va WITHOUT_LLVM_BINUTILS 975Install ELF Tool Chain's binary utilities instead of LLVM's. 976This includes 977.Xr addr2line 1 , 978.Xr ar 1 , 979.Xr nm 1 , 980.Xr objcopy 1 , 981.Xr ranlib 1 , 982.Xr readelf 1 , 983.Xr size 1 , 984and 985.Xr strip 1 . 986Regardless of this setting, LLVM tools are used for 987.Xr c++filt 1 988and 989.Xr objdump 1 . 990.Xr strings 1 991is always provided by ELF Tool Chain. 992.It Va WITHOUT_LLVM_COV 993Do not build the 994.Xr llvm-cov 1 995tool. 996.It Va WITH_LLVM_FULL_DEBUGINFO 997Generate full debug information for LLVM libraries and tools, which uses 998more disk space and build resources, but allows for easier debugging. 999.It Va WITH_LLVM_LINK_STATIC_LIBRARIES 1000Link LLVM libraries (libllvm, libclang, liblldb) statically into each of 1001the binaries that use them. 1002 1003This means that binaries linked against these libraries, such as clang, 1004ld.lld and lldb will be much larger and position dependent, but will 1005start more quickly. 1006.It Va WITHOUT_LLVM_TARGET_AARCH64 1007Do not build LLVM target support for AArch64. 1008The 1009.Va LLVM_TARGET_ALL 1010option should be used rather than this in most cases. 1011.It Va WITHOUT_LLVM_TARGET_ALL 1012Only build the required LLVM target support. 1013This option is preferred to specific target support options. 1014When set, these options are also in effect: 1015.Pp 1016.Bl -inset -compact 1017.It Va WITHOUT_LLVM_TARGET_AARCH64 1018(unless 1019.Va WITH_LLVM_TARGET_AARCH64 1020is set explicitly) 1021.It Va WITHOUT_LLVM_TARGET_ARM 1022(unless 1023.Va WITH_LLVM_TARGET_ARM 1024is set explicitly) 1025.It Va WITHOUT_LLVM_TARGET_POWERPC 1026(unless 1027.Va WITH_LLVM_TARGET_POWERPC 1028is set explicitly) 1029.It Va WITHOUT_LLVM_TARGET_RISCV 1030(unless 1031.Va WITH_LLVM_TARGET_RISCV 1032is set explicitly) 1033.El 1034.It Va WITHOUT_LLVM_TARGET_ARM 1035Do not build LLVM target support for ARM. 1036The 1037.Va LLVM_TARGET_ALL 1038option should be used rather than this in most cases. 1039.It Va WITH_LLVM_TARGET_BPF 1040Build LLVM target support for BPF. 1041The 1042.Va LLVM_TARGET_ALL 1043option should be used rather than this in most cases. 1044.It Va WITH_LLVM_TARGET_MIPS 1045Build LLVM target support for MIPS. 1046The 1047.Va LLVM_TARGET_ALL 1048option should be used rather than this in most cases. 1049.It Va WITHOUT_LLVM_TARGET_POWERPC 1050Do not build LLVM target support for PowerPC. 1051The 1052.Va LLVM_TARGET_ALL 1053option should be used rather than this in most cases. 1054.It Va WITHOUT_LLVM_TARGET_RISCV 1055Do not build LLVM target support for RISC-V. 1056The 1057.Va LLVM_TARGET_ALL 1058option should be used rather than this in most cases. 1059.It Va WITHOUT_LLVM_TARGET_X86 1060Do not build LLVM target support for X86. 1061The 1062.Va LLVM_TARGET_ALL 1063option should be used rather than this in most cases. 1064.It Va WITHOUT_LOADER_BIOS_TEXTONLY 1065Include graphics, font and video mode support in the i386 and amd64 BIOS 1066boot loader. 1067.It Va WITH_LOADER_EFI_SECUREBOOT 1068Enable building 1069.Xr loader 8 1070with support for verification based on certificates obtained from UEFI. 1071.It Va WITHOUT_LOADER_GELI 1072Disable inclusion of GELI crypto support in the boot chain binaries. 1073.Pp 1074This is a default setting on 1075powerpc/powerpc64 and powerpc/powerpc64le. 1076.It Va WITH_LOADER_GELI 1077Build GELI bootloader support. 1078.Pp 1079This is a default setting on 1080amd64/amd64, arm/armv7, arm64/aarch64, i386/i386 and riscv/riscv64. 1081.It Va WITHOUT_LOADER_IA32 1082Do not build the 32-bit UEFI loader. 1083.Pp 1084This is a default setting on 1085arm/armv7, arm64/aarch64, i386/i386, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 1086.It Va WITH_LOADER_IA32 1087Build the 32-bit UEFI loader. 1088.Pp 1089This is a default setting on 1090amd64/amd64. 1091.It Va WITHOUT_LOADER_KBOOT 1092Do not build kboot, a linuxboot environment loader 1093.Pp 1094This is a default setting on 1095arm/armv7, i386/i386, powerpc/powerpc64le and riscv/riscv64. 1096.It Va WITH_LOADER_KBOOT 1097Build kboot, a linuxboot environment loader 1098.Pp 1099This is a default setting on 1100amd64/amd64, arm64/aarch64 and powerpc/powerpc64. 1101.It Va WITHOUT_LOADER_LUA 1102Do not build LUA bindings for the boot loader. 1103.Pp 1104This is a default setting on 1105powerpc/powerpc64 and powerpc/powerpc64le. 1106.It Va WITH_LOADER_LUA 1107Build LUA bindings for the boot loader. 1108.Pp 1109This is a default setting on 1110amd64/amd64, arm/armv7, arm64/aarch64, i386/i386 and riscv/riscv64. 1111.It Va WITHOUT_LOADER_OFW 1112Disable building of openfirmware bootloader components. 1113.Pp 1114This is a default setting on 1115amd64/amd64, arm/armv7, arm64/aarch64, i386/i386 and riscv/riscv64. 1116.It Va WITH_LOADER_OFW 1117Build openfirmware bootloader components. 1118.Pp 1119This is a default setting on 1120powerpc/powerpc64 and powerpc/powerpc64le. 1121.It Va WITHOUT_LOADER_PXEBOOT 1122Do not build pxeboot on i386/amd64. 1123When the pxeboot is too large, or unneeded, it may be disabled with this option. 1124See 1125.Va WITH_LOADER_PXEBOOT 1126for how to adjust the defaults when you need both a larger 1127.Pa /boot/loader 1128and 1129.Pa /boot/pxeboot 1130.Pp 1131This option only has an effect on x86. 1132.It Va WITHOUT_LOADER_UBOOT 1133Disable building of ubldr. 1134.Pp 1135This is a default setting on 1136amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64le and riscv/riscv64. 1137.It Va WITH_LOADER_UBOOT 1138Build ubldr. 1139.Pp 1140This is a default setting on 1141arm/armv7 and powerpc/powerpc64. 1142.It Va WITH_LOADER_VERBOSE 1143Build with extra verbose debugging in the loader. 1144May explode already nearly too large loader over the limit. 1145Use with care. 1146.It Va WITH_LOADER_VERIEXEC 1147Enable building 1148.Xr loader 8 1149with support for verification similar to Verified Exec. 1150.Pp 1151Depends on 1152.Va WITH_BEARSSL . 1153May require a larger 1154.Va LOADERSIZE . 1155When set, these options are also in effect: 1156.Pp 1157.Bl -inset -compact 1158.It Va WITH_LOADER_EFI_SECUREBOOT 1159(unless 1160.Va WITHOUT_LOADER_EFI_SECUREBOOT 1161is set explicitly) 1162.It Va WITH_LOADER_VERIEXEC_VECTX 1163(unless 1164.Va WITHOUT_LOADER_VERIEXEC_VECTX 1165is set explicitly) 1166.El 1167.It Va WITH_LOADER_VERIEXEC_PASS_MANIFEST 1168Enable building 1169.Xr loader 8 1170with support to pass a verified manifest to the kernel. 1171The kernel has to be built with a module to parse the manifest. 1172.Pp 1173Depends on 1174.Va WITH_LOADER_VERIEXEC . 1175.It Va WITH_LOADER_VERIEXEC_VECTX 1176Enable building 1177.Xr loader 8 1178with support for hashing and verifying kernel and modules as a side effect 1179of loading. 1180.Pp 1181Depends on 1182.Va WITH_LOADER_VERIEXEC . 1183.It Va WITHOUT_LOADER_ZFS 1184Do not build ZFS file system boot loader support. 1185.It Va WITHOUT_LOCALES 1186Do not build localization files; see 1187.Xr locale 1 . 1188.It Va WITHOUT_LOCATE 1189Do not build 1190.Xr locate 1 1191and related programs. 1192.It Va WITHOUT_LPR 1193Do not build 1194.Xr lpr 1 1195and related programs. 1196.It Va WITHOUT_LS_COLORS 1197Build 1198.Xr ls 1 1199without support for colors to distinguish file types. 1200.It Va WITHOUT_MACHDEP_OPTIMIZATIONS 1201Prefer machine-independent non-assembler code in libc and libm. 1202.It Va WITHOUT_MAIL 1203Do not build any mail support (MUA or MTA). 1204When set, it enforces these options: 1205.Pp 1206.Bl -item -compact 1207.It 1208.Va WITHOUT_DMAGENT 1209.It 1210.Va WITHOUT_MAILWRAPPER 1211.It 1212.Va WITHOUT_SENDMAIL 1213.El 1214.It Va WITHOUT_MAILWRAPPER 1215Do not build the 1216.Xr mailwrapper 8 1217MTA selector. 1218.It Va WITHOUT_MAKE 1219Do not install 1220.Xr make 1 1221and related support files. 1222.It Va WITHOUT_MAKE_CHECK_USE_SANDBOX 1223Do not execute 1224.Dq Li "make check" 1225in limited sandbox mode. 1226This option should be paired with 1227.Va WITH_INSTALL_AS_USER 1228if executed as an unprivileged user. 1229See 1230.Xr tests 7 1231for more details. 1232.It Va WITH_MALLOC_PRODUCTION 1233Disable assertions and statistics gathering in 1234.Xr malloc 3 . 1235The run-time options 1236.Dv opt.abort , 1237.Dv opt.abort_conf , 1238and 1239.Dv opt.junk 1240also default to false. 1241.It Va WITHOUT_MAN 1242Do not build manual pages. 1243When set, these options are also in effect: 1244.Pp 1245.Bl -inset -compact 1246.It Va WITHOUT_MAN_UTILS 1247(unless 1248.Va WITH_MAN_UTILS 1249is set explicitly) 1250.El 1251.It Va WITHOUT_MANCOMPRESS 1252Do not install compressed man pages. 1253Only the uncompressed versions will be installed. 1254.It Va WITH_MANSPLITPKG 1255Split man pages into their own packages during make package. 1256.It Va WITHOUT_MAN_UTILS 1257Do not build utilities for manual pages, 1258.Xr apropos 1 , 1259.Xr makewhatis 1 , 1260.Xr man 1 , 1261.Xr whatis 1 , 1262.Xr manctl 8 , 1263and related support files. 1264.It Va WITH_META_ERROR_TARGET 1265Enable the META_MODE .ERROR target. 1266.Pp 1267This target will copy the meta file of a failed target 1268to 1269.Va ERROR_LOGDIR 1270(default is 1271.Ql ${SRCTOP:H}/error ) 1272to help with failure analysis. 1273Depends on 1274.Va WITH_META_MODE . 1275This default when 1276.Va WITH_DIRDEPS_BUILD 1277is set. 1278.Pp 1279This must be set in the environment, make command line, or 1280.Pa /etc/src-env.conf , 1281not 1282.Pa /etc/src.conf . 1283.It Va WITH_META_MODE 1284Create 1285.Xr make 1 1286meta files when building, which can provide a reliable incremental build when 1287using 1288.Xr filemon 4 . 1289The meta file is created in OBJDIR as 1290.Pa target.meta . 1291These meta files track the command that was executed, its output, and the 1292current directory. 1293The 1294.Xr filemon 4 1295module is required unless 1296.Va NO_FILEMON 1297is defined. 1298When the module is loaded, any files used by the commands executed are 1299tracked as dependencies for the target in its meta file. 1300The target is considered out-of-date and rebuilt if any of these 1301conditions are true compared to the last build: 1302.Bl -bullet -compact 1303.It 1304The command to execute changes. 1305.It 1306The current working directory changes. 1307.It 1308The target's meta file is missing. 1309.It 1310The target's meta file is missing filemon data when filemon is loaded 1311and a previous run did not have it loaded. 1312.It 1313[requires 1314.Xr filemon 4 ] 1315Files read, executed or linked to are newer than the target. 1316.It 1317[requires 1318.Xr filemon 4 ] 1319Files read, written, executed or linked are missing. 1320.El 1321The meta files can also be useful for debugging. 1322.Pp 1323The build hides commands that are executed unless 1324.Va NO_SILENT 1325is defined. 1326Errors cause 1327.Xr make 1 1328to show some of its environment for further debugging. 1329.Pp 1330The build operates as it normally would otherwise. 1331This option originally invoked a different build system but that was renamed 1332to 1333.Va WITH_DIRDEPS_BUILD . 1334.Pp 1335This must be set in the environment, make command line, or 1336.Pa /etc/src-env.conf , 1337not 1338.Pa /etc/src.conf . 1339.It Va WITHOUT_MITKRB5 1340Set this to build KTH Heimdal instead of MIT Kerberos 5. 1341.It Va WITHOUT_MLX5TOOL 1342Do not build 1343.Xr mlx5tool 8 1344.Pp 1345This is a default setting on 1346arm/armv7 and riscv/riscv64. 1347.It Va WITH_MLX5TOOL 1348Build 1349.Xr mlx5tool 8 1350.Pp 1351This is a default setting on 1352amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. 1353.It Va WITHOUT_NETCAT 1354Do not build 1355.Xr nc 1 1356utility. 1357.It Va WITHOUT_NETGRAPH 1358Do not build applications to support 1359.Xr netgraph 4 . 1360When set, it enforces these options: 1361.Pp 1362.Bl -item -compact 1363.It 1364.Va WITHOUT_BLUETOOTH 1365.El 1366.Pp 1367When set, these options are also in effect: 1368.Pp 1369.Bl -inset -compact 1370.It Va WITHOUT_NETGRAPH_SUPPORT 1371(unless 1372.Va WITH_NETGRAPH_SUPPORT 1373is set explicitly) 1374.El 1375.It Va WITHOUT_NETGRAPH_SUPPORT 1376Build libraries, programs, and kernel modules without netgraph support. 1377.It Va WITHOUT_NETLINK 1378Do not build 1379.Xr genl 1 1380utility. 1381.It Va WITHOUT_NETLINK_SUPPORT 1382Make libraries and programs use rtsock and 1383.Xr sysctl 3 1384interfaces instead of 1385.Xr snl 3 . 1386.It Va WITHOUT_NIS 1387Do not build 1388.Xr NIS 8 1389support and related programs. 1390If set, you might need to adopt your 1391.Xr nsswitch.conf 5 1392and remove 1393.Sq nis 1394entries. 1395.It Va WITHOUT_NLS 1396Do not build NLS catalogs. 1397When set, it enforces these options: 1398.Pp 1399.Bl -item -compact 1400.It 1401.Va WITHOUT_NLS_CATALOGS 1402.El 1403.It Va WITHOUT_NLS_CATALOGS 1404Do not build NLS catalog support for 1405.Xr csh 1 . 1406.It Va WITHOUT_NS_CACHING 1407Disable name caching in the 1408.Pa nsswitch 1409subsystem. 1410The generic caching daemon, 1411.Xr nscd 8 , 1412will not be built either if this option is set. 1413.It Va WITHOUT_NTP 1414Do not build 1415.Xr ntpd 8 1416and related programs. 1417.It Va WITHOUT_NUAGEINIT 1418Do not install the limited cloud init support scripts. 1419.It Va WITHOUT_OFED 1420Do not build the 1421.Dq "OpenFabrics Enterprise Distribution" 1422InfiniBand software stack, including kernel modules and userspace libraries. 1423.Pp 1424This is a default setting on 1425arm/armv7. 1426When set, it enforces these options: 1427.Pp 1428.Bl -item -compact 1429.It 1430.Va WITHOUT_OFED_EXTRA 1431.El 1432.It Va WITH_OFED 1433Build the 1434.Dq "OpenFabrics Enterprise Distribution" 1435InfiniBand software stack, including kernel modules and userspace libraries. 1436.Pp 1437This is a default setting on 1438amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 1439.It Va WITH_OFED_EXTRA 1440Build the non-essential components of the 1441.Dq "OpenFabrics Enterprise Distribution" 1442Infiniband software stack, mostly examples. 1443.It Va WITH_OPENLDAP 1444Enable building LDAP support for kerberos using an openldap client from ports. 1445.It Va WITHOUT_OPENMP 1446Do not build LLVM's OpenMP runtime. 1447.Pp 1448This is a default setting on 1449arm/armv7. 1450.It Va WITH_OPENMP 1451Build LLVM's OpenMP runtime. 1452.Pp 1453This is a default setting on 1454amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 1455.It Va WITHOUT_OPENSSH 1456Do not build OpenSSH. 1457.It Va WITHOUT_OPENSSL 1458Do not build OpenSSL. 1459When set, it enforces these options: 1460.Pp 1461.Bl -item -compact 1462.It 1463.Va WITHOUT_DMAGENT 1464.It 1465.Va WITHOUT_KERBEROS 1466.It 1467.Va WITHOUT_LDNS 1468.It 1469.Va WITHOUT_LDNS_UTILS 1470.It 1471.Va WITHOUT_LOADER_ZFS 1472.It 1473.Va WITHOUT_MITKRB5 1474.It 1475.Va WITHOUT_OPENSSH 1476.It 1477.Va WITHOUT_OPENSSL_KTLS 1478.It 1479.Va WITHOUT_PKGBOOTSTRAP 1480.It 1481.Va WITHOUT_UNBOUND 1482.It 1483.Va WITHOUT_ZFS 1484.It 1485.Va WITHOUT_ZFS_TESTS 1486.El 1487.Pp 1488When set, these options are also in effect: 1489.Pp 1490.Bl -inset -compact 1491.It Va WITHOUT_KERBEROS_SUPPORT 1492(unless 1493.Va WITH_KERBEROS_SUPPORT 1494is set explicitly) 1495.El 1496.It Va WITHOUT_OPENSSL_KTLS 1497Do not include kernel TLS support in OpenSSL. 1498.Pp 1499This is a default setting on 1500arm/armv7, i386/i386 and riscv/riscv64. 1501.It Va WITH_OPENSSL_KTLS 1502Include kernel TLS support in OpenSSL. 1503.Pp 1504This is a default setting on 1505amd64/amd64, arm64/aarch64, powerpc/powerpc64 and powerpc/powerpc64le. 1506.It Va WITHOUT_PAM 1507Do not build PAM library and modules. 1508.Bf -symbolic 1509This option is deprecated and does nothing. 1510.Ef 1511When set, these options are also in effect: 1512.Pp 1513.Bl -inset -compact 1514.It Va WITHOUT_PAM_SUPPORT 1515(unless 1516.Va WITH_PAM_SUPPORT 1517is set explicitly) 1518.El 1519.It Va WITHOUT_PAM_SUPPORT 1520Build 1521.Xr ppp 8 1522without PAM support. 1523.It Va WITHOUT_PF 1524Do not build PF firewall package. 1525When set, it enforces these options: 1526.Pp 1527.Bl -item -compact 1528.It 1529.Va WITHOUT_AUTHPF 1530.El 1531.It Va WITHOUT_PIE 1532Do not build dynamically linked binaries as 1533Position-Independent Executable (PIE). 1534.Pp 1535This is a default setting on 1536arm/armv7 and i386/i386. 1537.It Va WITH_PIE 1538Build dynamically linked binaries as 1539Position-Independent Executable (PIE). 1540.Pp 1541This is a default setting on 1542amd64/amd64, arm64/aarch64, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64. 1543.It Va WITHOUT_PKGBOOTSTRAP 1544Do not build 1545.Xr pkg 7 1546bootstrap tool. 1547.It Va WITHOUT_PMC 1548Do not build 1549.Xr pmccontrol 8 1550and related programs. 1551.It Va WITHOUT_PPP 1552Do not build 1553.Xr ppp 8 1554and related programs. 1555.It Va WITHOUT_PTHREADS_ASSERTIONS 1556Disable debugging assertions in pthreads library. 1557.It Va WITHOUT_QUOTAS 1558Do not build 1559.Xr quota 1 1560and related programs. 1561.It Va WITHOUT_RADIUS_SUPPORT 1562Do not build radius support into various applications, like 1563.Xr pam_radius 8 1564and 1565.Xr ppp 8 . 1566.It Va WITH_RATELIMIT 1567Build the system with rate limit support. 1568.Pp 1569This makes 1570.Dv SO_MAX_PACING_RATE 1571effective in 1572.Xr getsockopt 2 , 1573and 1574.Ar txrlimit 1575support in 1576.Xr ifconfig 8 , 1577by proxy. 1578.It Va WITHOUT_RBOOTD 1579Do not build or install 1580.Xr rbootd 8 . 1581.It Va WITHOUT_RELRO 1582Do not apply the Relocation Read-Only (RELRO) vulnerability mitigation. 1583See also the 1584.Va BIND_NOW 1585option. 1586.It Va WITH_REPRODUCIBLE_BUILD 1587Exclude build metadata (such as the build time, user, or host) 1588from the kernel, boot loaders, and 1589.Xr uname 1 1590output, so that builds produce 1591bit-for-bit identical output. 1592.It Va WITH_REPRODUCIBLE_PATHS 1593Modify the paths encoded in binary artifacts to be standard path 1594 1595Normally, the actual path is encoded in the binary. However, this makes the 1596build differ depending on the path it was built from. With this option enabled, 1597the paths recorded are /usr/src, regardless of the actual path. With this option 1598disabled, the actual paths are recorded. 1599.It Va WITHOUT_RESCUE 1600Do not build 1601.Xr rescue 8 . 1602.It Va WITH_RETPOLINE 1603Build the base system with the retpoline speculative execution 1604vulnerability mitigation for CVE-2017-5715. 1605.It Va WITHOUT_ROUTED 1606Do not build 1607.Xr routed 8 1608utility. 1609.It Va WITH_RPCBIND_WARMSTART_SUPPORT 1610Build 1611.Xr rpcbind 8 1612with warmstart support. 1613.It Va WITH_RUN_TESTS 1614Run tests as part of the build. 1615.It Va WITHOUT_SCTP_SUPPORT 1616Disable support in the kernel for the 1617.Xr sctp 4 1618Stream Control Transmission Protocol 1619loadable kernel module. 1620.It Va WITHOUT_SENDMAIL 1621Do not build 1622.Xr sendmail 8 1623and related programs. 1624.It Va WITHOUT_SERVICESDB 1625Do not install 1626.Pa /var/db/services.db . 1627.It Va WITHOUT_SETUID_LOGIN 1628Set this to disable the installation of 1629.Xr login 1 1630as a set-user-ID root program. 1631.It Va WITHOUT_SHAREDOCS 1632Do not build the 1633.Bx 4.4 1634legacy docs. 1635.It Va WITH_SORT_THREADS 1636Enable threads in 1637.Xr sort 1 . 1638.It Va WITHOUT_SOUND 1639Do not build userland sound utilities such as 1640.Xr beep 1 1641and 1642.Xr mixer 8 . 1643.It Va WITHOUT_SOURCELESS 1644Do not build kernel modules that include sourceless code (either microcode or native code for host CPU). 1645When set, it enforces these options: 1646.Pp 1647.Bl -item -compact 1648.It 1649.Va WITHOUT_SOURCELESS_HOST 1650.It 1651.Va WITHOUT_SOURCELESS_UCODE 1652.El 1653.It Va WITHOUT_SOURCELESS_HOST 1654Do not build kernel modules that include sourceless native code for host CPU. 1655.It Va WITHOUT_SOURCELESS_UCODE 1656Do not build kernel modules that include sourceless microcode. 1657.It Va WITHOUT_SPLIT_KERNEL_DEBUG 1658Do not build standalone kernel debug files. 1659Debug data (if enabled by the kernel configuration file) 1660will be included in the kernel and modules. 1661When set, it enforces these options: 1662.Pp 1663.Bl -item -compact 1664.It 1665.Va WITHOUT_KERNEL_SYMBOLS 1666.El 1667.It Va WITHOUT_SSP 1668Do not build world with stack smashing protection. 1669See 1670.Xr mitigations 7 1671for more information. 1672.It Va WITH_STAGING 1673Enable staging of files to a stage tree. 1674This can be best thought of as auto-install to 1675.Va DESTDIR 1676with some extra meta data to ensure dependencies can be tracked. 1677Depends on 1678.Va WITH_DIRDEPS_BUILD . 1679When set, these options are also in effect: 1680.Pp 1681.Bl -inset -compact 1682.It Va WITH_STAGING_MAN 1683(unless 1684.Va WITHOUT_STAGING_MAN 1685is set explicitly) 1686.It Va WITH_STAGING_PROG 1687(unless 1688.Va WITHOUT_STAGING_PROG 1689is set explicitly) 1690.El 1691.Pp 1692This must be set in the environment, make command line, or 1693.Pa /etc/src-env.conf , 1694not 1695.Pa /etc/src.conf . 1696.It Va WITH_STAGING_MAN 1697Enable staging of man pages to stage tree. 1698.It Va WITH_STAGING_PROG 1699Enable staging of PROGs to stage tree. 1700.It Va WITH_STALE_STAGED 1701Check staged files are not stale. 1702.It Va WITHOUT_STATS 1703Neither build nor install 1704.Lb libstats 1705and dependent binaries. 1706.It Va WITHOUT_SYSCONS 1707Do not build 1708.Xr syscons 4 1709support files such as keyboard maps, fonts, and screen output maps. 1710.It Va WITH_SYSROOT 1711Enable use of sysroot during build. 1712Depends on 1713.Va WITH_DIRDEPS_BUILD . 1714.Pp 1715This must be set in the environment, make command line, or 1716.Pa /etc/src-env.conf , 1717not 1718.Pa /etc/src.conf . 1719.It Va WITHOUT_SYSTEM_COMPILER 1720Do not opportunistically skip building a cross-compiler during the 1721bootstrap phase of the build. 1722Normally, if the currently installed compiler matches the planned bootstrap 1723compiler type and revision, then it will not be built. 1724This does not prevent a compiler from being built for installation though, 1725only for building one for the build itself. 1726The 1727.Va WITHOUT_CLANG 1728option controls that. 1729.It Va WITHOUT_SYSTEM_LINKER 1730Do not opportunistically skip building a cross-linker during the 1731bootstrap phase of the build. 1732Normally, if the currently installed linker matches the planned bootstrap 1733linker type and revision, then it will not be built. 1734This does not prevent a linker from being built for installation though, 1735only for building one for the build itself. 1736The 1737.Va WITHOUT_LLD 1738option controls that. 1739.Pp 1740This option is only relevant when 1741.Va WITH_LLD_BOOTSTRAP 1742is set. 1743.It Va WITHOUT_TALK 1744Do not build or install 1745.Xr talk 1 1746and 1747.Xr talkd 8 . 1748.It Va WITHOUT_TCP_WRAPPERS 1749Do not build or install 1750.Xr tcpd 8 , 1751and related utilities. 1752.It Va WITHOUT_TCSH 1753Do not build and install 1754.Pa /bin/csh 1755(which is 1756.Xr tcsh 1 ) . 1757.It Va WITHOUT_TELNET 1758Do not build 1759.Xr telnet 1 1760and related programs. 1761.It Va WITHOUT_TESTS 1762Do not build nor install the 1763.Fx 1764Test Suite in 1765.Pa /usr/tests/ . 1766See 1767.Xr tests 7 1768for more details. 1769This also disables the build of all test-related dependencies, including ATF. 1770When set, it enforces these options: 1771.Pp 1772.Bl -item -compact 1773.It 1774.Va WITHOUT_DTRACE_TESTS 1775.It 1776.Va WITHOUT_ZFS_TESTS 1777.El 1778.Pp 1779When set, these options are also in effect: 1780.Pp 1781.Bl -inset -compact 1782.It Va WITHOUT_GOOGLETEST 1783(unless 1784.Va WITH_GOOGLETEST 1785is set explicitly) 1786.It Va WITHOUT_TESTS_SUPPORT 1787(unless 1788.Va WITH_TESTS_SUPPORT 1789is set explicitly) 1790.El 1791.It Va WITHOUT_TESTS_SUPPORT 1792Disable the build of all test-related dependencies, including ATF. 1793When set, it enforces these options: 1794.Pp 1795.Bl -item -compact 1796.It 1797.Va WITHOUT_GOOGLETEST 1798.El 1799.It Va WITHOUT_TEXTPROC 1800Do not build 1801programs used for text processing. 1802.It Va WITHOUT_TFTP 1803Do not build or install 1804.Xr tftp 1 1805and 1806.Xr tftpd 8 . 1807.It Va WITHOUT_TOOLCHAIN 1808Do not install 1809programs used for program development, 1810compilers, debuggers etc. 1811When set, it enforces these options: 1812.Pp 1813.Bl -item -compact 1814.It 1815.Va WITHOUT_CLANG 1816.It 1817.Va WITHOUT_CLANG_EXTRAS 1818.It 1819.Va WITHOUT_CLANG_FORMAT 1820.It 1821.Va WITHOUT_CLANG_FULL 1822.It 1823.Va WITHOUT_LLD 1824.It 1825.Va WITHOUT_LLDB 1826.It 1827.Va WITHOUT_LLVM_COV 1828.El 1829.Pp 1830When set, these options are also in effect: 1831.Pp 1832.Bl -inset -compact 1833.It Va WITHOUT_LLVM_BINUTILS 1834(unless 1835.Va WITH_LLVM_BINUTILS 1836is set explicitly) 1837.El 1838.It Va WITH_UBSAN 1839Build the base system with Undefined Behavior Sanitizer (UBSan) to detect 1840various kinds of undefined behavior at runtime. 1841Requires that Clang be used as the base system compiler 1842and that the runtime support library is available 1843.It Va WITHOUT_UNBOUND 1844Do not build 1845.Xr unbound 8 1846and related programs. 1847.It Va WITH_UNDEFINED_VERSION 1848Link libraries with --undefined-version which permits version maps to 1849contain symbols that are not present in the library. 1850If this is necessary to build a particular configuration, a bug is 1851present and the configuration should be reported. 1852.It Va WITHOUT_UNIFIED_OBJDIR 1853Use the historical object directory format for 1854.Xr build 7 1855targets. 1856For native-builds and builds done directly in sub-directories the format of 1857.Pa ${MAKEOBJDIRPREFIX}/${.CURDIR} 1858is used, 1859while for cross-builds 1860.Pa ${MAKEOBJDIRPREFIX}/${TARGET}.${TARGET_ARCH}/${.CURDIR} 1861is used. 1862.Pp 1863This option is transitional and will be removed in a future version of 1864.Fx , 1865at which time 1866.Va WITH_UNIFIED_OBJDIR 1867will be enabled permanently. 1868.Pp 1869This must be set in the environment, make command line, or 1870.Pa /etc/src-env.conf , 1871not 1872.Pa /etc/src.conf . 1873.It Va WITHOUT_USB 1874Do not build USB-related programs and libraries. 1875When set, it enforces these options: 1876.Pp 1877.Bl -item -compact 1878.It 1879.Va WITHOUT_USB_GADGET_EXAMPLES 1880.El 1881.It Va WITHOUT_USB_GADGET_EXAMPLES 1882Do not build USB gadget kernel modules. 1883.It Va WITHOUT_UTMPX 1884Do not build user accounting tools such as 1885.Xr last 1 , 1886.Xr users 1 , 1887.Xr who 1 , 1888.Xr ac 8 , 1889.Xr lastlogin 8 1890and 1891.Xr utx 8 . 1892.It Va WITH_VERIEXEC 1893Enable building 1894.Xr veriexec 8 1895which loads the contents of verified manifests into the kernel 1896for use by 1897.Xr mac_veriexec 4 1898.Pp 1899Depends on 1900.Va WITH_BEARSSL . 1901.It Va WITHOUT_VI 1902Do not build and install vi, view, ex and related programs. 1903.It Va WITHOUT_VT 1904Do not build 1905.Xr vt 4 1906support files (fonts and keymaps). 1907.It Va WITHOUT_WARNS 1908Set this to not add warning flags to the compiler invocations. 1909Useful as a temporary workaround when code enters the tree 1910which triggers warnings in environments that differ from the 1911original developer. 1912.It Va WITHOUT_WERROR 1913Set this to not treat compiler warnings as errors. 1914Useful as a temporary workaround when working on fixing compiler warnings. 1915When set, warnings are still printed in the build log but do not fail the build. 1916.It Va WITHOUT_WIRELESS 1917Do not build programs used for 802.11 wireless networks; especially 1918.Xr wpa_supplicant 8 1919and 1920.Xr hostapd 8 . 1921When set, these options are also in effect: 1922.Pp 1923.Bl -inset -compact 1924.It Va WITHOUT_WIRELESS_SUPPORT 1925(unless 1926.Va WITH_WIRELESS_SUPPORT 1927is set explicitly) 1928.El 1929.It Va WITHOUT_WIRELESS_SUPPORT 1930Build libraries, programs, and kernel modules without 1931802.11 wireless support. 1932.It Va WITHOUT_WPA_SUPPLICANT_EAPOL 1933Build 1934.Xr wpa_supplicant 8 1935without support for the IEEE 802.1X protocol and without 1936support for EAP-PEAP, EAP-TLS, EAP-LEAP, and EAP-TTLS 1937protocols (usable only via 802.1X). 1938.It Va WITH_ZEROREGS 1939Build the basesystem with code to zero caller-used register contents 1940on function return. 1941This prevents leaking temporary values for side channel attacks. 1942Additionally this reduces the number of usable ROP gadgets for attackers. 1943.It Va WITHOUT_ZFS 1944Do not build the ZFS file system kernel module, libraries such as 1945.Xr libbe 3 , 1946and user commands such as 1947.Xr zpool 8 1948or 1949.Xr zfs 8 . 1950Also disable ZFS support in utilities and libraries which implement 1951ZFS-specific functionality. 1952When set, it enforces these options: 1953.Pp 1954.Bl -item -compact 1955.It 1956.Va WITHOUT_ZFS_TESTS 1957.El 1958.It Va WITHOUT_ZFS_TESTS 1959Do not build and install the legacy ZFS test suite. 1960.It Va WITHOUT_ZONEINFO 1961Do not build the timezone database. 1962When set, it enforces these options: 1963.Pp 1964.Bl -item -compact 1965.It 1966.Va WITHOUT_ZONEINFO_LEAPSECONDS_SUPPORT 1967.El 1968.It Va WITH_ZONEINFO_LEAPSECONDS_SUPPORT 1969Build leapsecond information in to the timezone database. 1970This option violates 1971.St -p1003.1 1972and all other applicable standards, and is known to cause unexpected 1973issues with date/time handling in many applications and programming 1974languages. 1975.El 1976.Pp 1977The following options accept a single value from a list of valid values. 1978.Bl -tag -width indent 1979.It Va INIT_ALL 1980Control default initialization of stack variables in C and C++ code. 1981Options other than 1982.Li none 1983require the Clang compiler or GCC 12.0 or later. 1984The default value is 1985.Li none . 1986Valid values are: 1987.Bl -tag -width indent 1988.It Li none 1989Do not initialize stack variables (standard C/C++ behavior). 1990.It Li pattern 1991Build the base system or kernel with stack variables initialized to 1992.Pq compiler defined 1993debugging patterns on function entry. 1994.It Li zero 1995Build the base system or kernel with stack variables initialized 1996to zero on function entry. 1997This value is converted to 1998.Li none 1999for amd64 kernel builds due to incompatibility with ifunc memset. 2000.El 2001.It Va LIBC_MALLOC 2002Specify the 2003.Xr malloc 3 2004implementation used by libc. 2005The default value is 2006.Li jemalloc . 2007Valid values are: 2008.Bl -tag -width indent 2009.It Li jemalloc 2010.El 2011.Pp 2012Other implementations are expected in the future in both 2013.Fx 2014and downstream consumers. 2015.El 2016.Sh FILES 2017.Bl -tag -compact -width Pa 2018.It Pa /etc/src.conf 2019.It Pa /etc/src-env.conf 2020.It Pa /usr/share/mk/bsd.own.mk 2021.El 2022.Sh SEE ALSO 2023.Xr make 1 , 2024.Xr make.conf 5 , 2025.Xr build 7 , 2026.Xr ports 7 2027.Sh HISTORY 2028The 2029.Nm 2030file appeared in 2031.Fx 7.0 . 2032.Sh AUTHORS 2033This manual page was autogenerated by 2034.An tools/build/options/makeman . 2035