### Rozhuk Ivan 2009.07 - 2020 ### make.conf configuration file ### 12.x # The CPUTYPE variable controls which processor should be targeted for # generated code. This controls processor-specific optimizations in # certain code (currently only OpenSSL) as well as modifying the value # of CFLAGS to contain the appropriate optimization directive to gcc. # The automatic setting of CFLAGS may be overridden using the # NO_CPU_CFLAGS variable below. # Currently the following CPU types are recognized: # Intel x86 architecture: # (AMD CPUs) opteron athlon64 athlon-mp athlon-xp athlon-4 # athlon-tbird athlon k8 k6-3 k6-2 k6 k5 # (Intel CPUs) core2 core nocona pentium4m pentium4 prescott # pentium3m pentium3 pentium-m pentium2 # pentiumpro pentium-mmx pentium i486 i386 # (Via CPUs) c3 c3-2 # Alpha/AXP architecture: ev67 ev6 pca56 ev56 ev5 ev45 ev4 # AMD64 architecture: opteron, athlon64, nocona, prescott, core2 # Intel ia64 architecture: itanium2, itanium # # (?= allows to buildworld for a different CPUTYPE.) #CPUTYPE?= NO_CPU_CFLAGS= # Don't add -march= to CFLAGS automatically NO_CPU_COPTFLAGS= # Don't add -march= to COPTFLAGS automatically # C Lang #CC=clang #CXX=clang++ #CPP=clang-cpp # CFLAGS controls the compiler settings used when compiling C code. # Compiling with -fstrict-aliasing optimization breaks some [notable] ports. # http://gcc.gnu.org/onlinedocs/gcc-4.2.2/gcc/i386-and-x86_002d64-Options.html#i386-and-x86_002d64-Options # http://en.gentoo-wiki.com/wiki/Safe_Cflags # '-march' make platform dependet code, '-mtune' just optimize for platform # run on any i686, optimized for a pentium4: -march=i686 -mtune=pentium4 CFLAGS+=-O3 -pipe -funroll-loops -DSTRIP_FBSDID # -fsanitize=safe-stack -fstack-check # CXXFLAGS controls the compiler settings used when compiling C++ code. CXXFLAGS+=-O3 -funroll-loops -DSTRIP_FBSDID # To compile just the kernel with special optimizations, you should use # this instead of CFLAGS (which is not applicable to kernel builds anyway). COPTFLAGS+=-O3 -pipe -funroll-loops -DSTRIP_FBSDID # Hardening # For src.conf:WITH_SSP= and make.conf:WITH_SSP_PORTS=yes SSP_CFLAGS=-fstack-protector-strong WITH_SSP=yes WITH_SSP_PORTS=yes # Additional checks CFLAGS+=-D_FORTIFY_SOURCE=2 CXXFLAGS+=-D_FORTIFY_SOURCE=2 COPTFLAGS+=-D_FORTIFY_SOURCE=2 # Retpoline speculative execution vulnerability mitigation (CVE-2017-5715) CFLAGS+=-mretpoline CXXFLAGS+=-mretpoline COPTFLAGS+=-mretpoline # Base modules # Ethernet adapters MODULES_OVERRIDE+= iflib mdio mii em re rl vmware/vmxnet3 virtio/network # ipfw MODULES_OVERRIDE+= ipfw #MODULES_OVERRIDE+= ipfw_nat ipfw_nat64 ipfw_nptv6 ipfw_pmod libalias # PF MODULES_OVERRIDE+= pf #MODULES_OVERRIDE+= pflog pfsync # TCP MODULES_OVERRIDE+= cc/cc_cubic cc/cc_htcp khelp tcp/rack # Netgraph MODULES_OVERRIDE+= netgraph/netgraph netgraph/bpf netgraph/bridge netgraph/car netgraph/deflate netgraph/device netgraph/eiface netgraph/etf netgraph/ether netgraph/gif netgraph/gif_demux netgraph/hub netgraph/iface netgraph/ip_input netgraph/ipfw netgraph/ksocket netgraph/l2tp netgraph/mppc netgraph/one2many netgraph/patch netgraph/pipe netgraph/ppp netgraph/pppoe netgraph/pptpgre netgraph/pred1 netgraph/socket netgraph/source netgraph/split netgraph/tag netgraph/tcpmss netgraph/tee netgraph/tty netgraph/vjc netgraph/vlan rc4 # AMD hw MODULES_OVERRIDE+= amd_ecc_inject i2c/controllers/amdpm amdsbwd i2c/controllers/amdsmb amdtemp i2c/controllers/intpm # Intel hw MODULES_OVERRIDE+= coretemp i2c/controllers/ichiic i2c/controllers/ichsmb ichwd i2c/controllers/imcsmb i2c/controllers/ismt # Misc hw MODULES_OVERRIDE+= itwd i2c/jedec_dimm bios/vpd superio wbwd # Dev, debug, diagnostic MODULES_OVERRIDE+= filemon hwpmc ksyms proto siftr # MAC MODULES_OVERRIDE+= mac_biba mac_bsdextended mac_lomac mac_mls mac_partition mac_portacl # USB printers MODULES_OVERRIDE+= usb/ulpt # USB ethernet sybsys MODULES_OVERRIDE+= usb/uether usb/urndis # USB ethernet adapters MODULES_OVERRIDE+= usb/aue usb/axe usb/axge usb/mos usb/rue usb/smsc usb/udav usb/ure # USB 3G/4G modems MODULES_OVERRIDE+= usb/cdce usb/u3g usb/umodem # USB serial MODULES_OVERRIDE+= usb/uark usb/ubsa usb/ubser usb/uchcom usb/ucom usb/ucycom usb/uftdi usb/umcs usb/umct usb/umoscom usb/uplcom usb/uslcom usb/uvscom # Disable assertions and statistics gathering in malloc(3). # It also defaults the A and J runtime options to off. MALLOC_PRODUCTION= # Ports defaults DEFAULT_VERSIONS+=ccache=ccache-devel DEFAULT_VERSIONS+=librsvg2=legacy DEFAULT_VERSIONS+=mysql=10.4m DEFAULT_VERSIONS+=perl5=5.32 DEFAULT_VERSIONS+=php=73 #DEFAULT_VERSIONS+=python=2.7 #DEFAULT_VERSIONS+=python3=3.9 DEFAULT_VERSIONS+=ssl=libressl # Ports options. OPTIONS_FILE_SET+=GSSAPI_NONE OPTIONS_SET+=IPV6 OPTIONS_SET+=NLS OPTIONS_UNSET+=BASH OPTIONS_UNSET+=CAPIDOCS OPTIONS_UNSET+=DEBUG OPTIONS_UNSET+=DOCS OPTIONS_UNSET+=DOXYGEN OPTIONS_UNSET+=DTRACE OPTIONS_UNSET+=EXAMPLES OPTIONS_UNSET+=GIR OPTIONS_UNSET+=GTKDOC OPTIONS_UNSET+=HELP OPTIONS_UNSET+=HTMLDOCS OPTIONS_UNSET+=LANGLINK OPTIONS_UNSET+=LVMLINK OPTIONS_UNSET+=MAN OPTIONS_UNSET+=MAN3 OPTIONS_UNSET+=MANPAGES OPTIONS_UNSET+=RDOC OPTIONS_UNSET+=TEST OPTIONS_UNSET+=VAPI OPTIONS_UNSET+=WAYLAND OPTIONS_UNSET+=ZSH # Ports workarounds # [Bug 238118] textproc/groff: install fails when graphics/netpbm is installed but X11 not selected # https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238118 #.if ${.CURDIR:M*/textproc/groff} #PLIST_SUB+= HTMLDOCS="@comment " #.endif # https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=252548 # https://gitlab.com/gnutls/libtasn1/-/issues/31 # https://gitlab.com/gnutls/libtasn1/-/issues/30 .if ${.CURDIR:M*/security/libtasn1} CFLAGS+=-O1 .endif # Add local build settings .if exists(/etc/make.conf.local) .include "/etc/make.conf.local" .endif # Add machine build settings .if exists(/etc/make.conf.machine) .include "/etc/make.conf.machine" .endif # Ports tunings defaults PORTSDIR?=/usr/ports WRKDIRPREFIX?=/tmp/ports DISTDIR?=/var/cache/distfiles DISABLE_VULNERABILITIES?=no IGNORE_OSVERSION?=yes PORT_DBDIR?=/var/db/ports WITH_CCACHE_BUILD?=yes CCACHE_DIR?=/var/cache/ccache