Manual Page Search Parameters
SRC.CONF(5) File Formats Manual SRC.CONF(5)

src.confsource build options

The src.conf file contains variables that control what components will be generated during the build process of the FreeBSD source tree; see build(7).

The src.conf file uses the standard makefile syntax. However, src.conf should not specify any dependencies to make(1). Instead, src.conf is to set make(1) variables that control the aspects of how the system builds.

The default location of src.conf is /etc/src.conf, though an alternative location can be specified in the make(1) variable SRCCONF. Overriding the location of src.conf may be necessary if the system-wide settings are not suitable for a particular build. For instance, setting SRCCONF to /dev/null effectively resets all build controls to their defaults.

The only purpose of src.conf is to control the compilation of the FreeBSD source code, which is usually located in /usr/src. As a rule, the system administrator creates src.conf when the values of certain control variables need to be changed from their defaults.

In addition, control variables can be specified for a particular build via the -D option of make(1) or in its environment; see environ(7).

The environment of make(1) for the build can be controlled via the SRC_ENV_CONF variable, which defaults to /etc/src-env.conf. Some examples that may only be set in this file are WITH_DIRDEPS_BUILD, and WITH_META_MODE, and MAKEOBJDIRPREFIX as they are environment-only variables.

The values of WITH_ and WITHOUT_ variables are ignored regardless of their setting; even if they would be set to “FALSE” or “NO”. The presence of an option causes it to be honored by make(1).

This list provides a name and short description for variables that can be used for source builds.

WITHOUT_ACCT
Do not build process accounting tools such as accton(8) and sa(8).
WITHOUT_ACPI
Do not build acpiconf(8), acpidump(8) and related programs.
WITHOUT_APM
Do not build apm(8), apmd(8) and related programs.
WITH_ASAN
Build the base system with Address Sanitizer (ASan) to detect memory corruption bugs such as buffer overflows or use-after-free. Requires that Clang be used as the base system compiler and that the runtime support library is available. When set, it enforces these options:

  • WITH_LLVM_BINUTILS
  • WITH_LLVM_CXXFILT
WITHOUT_ASSERT_DEBUG
Compile programs and libraries without the assert(3) checks.
WITHOUT_AT
Do not build at(1) and related utilities.
WITHOUT_AUDIT
Do not build audit support into system programs.
WITHOUT_AUTHPF
Do not build authpf(8).
WITHOUT_AUTOFS
Do not build autofs(4) related programs, libraries, and kernel modules.
WITHOUT_AUTO_OBJ
Disable automatic creation of objdirs. This is enabled by default if the wanted OBJDIR is writable by the current user.

This must be set in the environment, make command line, or /etc/src-env.conf, not /etc/src.conf.

WITH_BEARSSL
Build the BearSSL library.

BearSSL is a tiny SSL library suitable for embedded environments. For details see https://www.BearSSL.org/

This library is currently only used to perform signature verification and related operations for Verified Exec and loader(8).

Due to size constraints in the BIOS environment on x86, one may need to set LOADERSIZE larger than the default 500000, although often loader is under the 500k limit even with this option. Setting LOADERSIZE larger than 500000 may cause pxeboot(8) to be too large to work. Careful testing of the loader in the target environment when built with a larger limit to establish safe limits is critical because different BIOS environments reserve differing amounts of the low 640k space, making a precise limit for everybody impossible.

See also WITH_LOADER_PXEBOOT for other considerations. When set, these options are also in effect:

WITH_LOADER_EFI_SECUREBOOT
(unless WITHOUT_LOADER_EFI_SECUREBOOT is set explicitly)
WITH_LOADER_VERIEXEC
(unless WITHOUT_LOADER_VERIEXEC is set explicitly)
WITH_LOADER_VERIEXEC_VECTX
(unless WITHOUT_LOADER_VERIEXEC_VECTX is set explicitly)
WITH_VERIEXEC
(unless WITHOUT_VERIEXEC is set explicitly)
WITHOUT_BHYVE
Do not build or install bhyve(8), associated utilities, and examples.

This option only affects amd64/amd64, arm64/aarch64 and arm64/aarch64c.

WITH_BHYVE_SNAPSHOT
Include support for save and restore (snapshots) in bhyve(8) and bhyvectl(8).

This option only affects amd64/amd64.

WITH_BIND_NOW
Build all binaries with the DF_BIND_NOW flag set to indicate that the run-time loader should perform all relocation processing at process startup rather than on demand. The combination of the BIND_NOW and RELRO options provide "full" Relocation Read-Only (RELRO) support. With full RELRO the entire GOT is made read-only after performing relocation at startup, avoiding GOT overwrite attacks.
WITHOUT_BLACKLIST
Set this if you do not want to build blacklistd(8) and blacklistctl(8). When set, these options are also in effect:

WITHOUT_BLACKLIST_SUPPORT
(unless WITH_BLACKLIST_SUPPORT is set explicitly)
WITHOUT_BLACKLIST_SUPPORT
Build some programs without libblacklist(3) support, like fingerd(8), ftpd(8), and sshd(8).
WITHOUT_BLUETOOTH
Do not build Bluetooth related kernel modules, programs and libraries.
WITHOUT_BOOT
Do not build the boot blocks and loader.
WITHOUT_BOOTPARAMD
Do not build or install bootparamd(8).
WITHOUT_BOOTPD
Do not build or install bootpd(8).
WITH_BRANCH_PROTECTION
Build with branch protection enabled. On arm64 enable the use of pointer authentication and branch target identification instructions on arm64. These can be used to help mitigate some exploit techniques.
WITHOUT_BSDINSTALL
Do not build bsdinstall(8), sade(8), and related programs.
WITHOUT_BSD_CPIO
Do not build the BSD licensed version of cpio based on libarchive(3).
WITHOUT_BSNMP
Do not build or install bsnmpd(1) and related libraries and data files.
WITHOUT_BZIP2
Do not build contributed bzip2 software as a part of the base system.
The option has no effect yet.
When set, these options are also in effect:

WITHOUT_BZIP2_SUPPORT
(unless WITH_BZIP2_SUPPORT is set explicitly)
WITHOUT_BZIP2_SUPPORT
Build some programs without optional bzip2 support.
WITHOUT_CALENDAR
Do not build calendar(1).
WITHOUT_CAROOT
Do not add the trusted certificates from the Mozilla NSS bundle to base.
WITHOUT_CASPER
This option has no effect.
WITH_CCACHE_BUILD
Use ccache(1) for the build. No configuration is required except to install the package. When using with distcc(1), set . The default cache directory of $HOME/.ccache will be used, which can be overridden by setting . The option defaults to when using the in-tree bootstrap compiler, and when using an external compiler. The option is used for Clang but not GCC.

Sharing a cache between multiple work directories requires using a layout similar to /some/prefix/src /some/prefix/obj and an environment such as:

CCACHE_BASEDIR='${SRCTOP:H}' MAKEOBJDIRPREFIX='${SRCTOP:H}/obj'

See ccache(1) for more configuration options.

WITHOUT_CCD
Do not build geom_ccd(4) and related utilities.
WITHOUT_CDDL
Do not build code licensed under Sun's CDDL.

This is a default setting on arm64/aarch64c and riscv/riscv64c. When set, it enforces these options:

  • WITHOUT_CTF
  • WITHOUT_DTRACE
  • WITHOUT_LOADER_ZFS
  • WITHOUT_ZFS
  • WITHOUT_ZFS_TESTS
WITHOUT_CHERIBSDBOX
Do not build cheribsdbox.
WITHOUT_CHERI_CAPREVOKE
Do not build userspace with CHERI capability revocation support.

This is a default setting on amd64/amd64, arm/armv7, arm64/aarch64, i386/i386, powerpc/powerpc, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64.

WITH_CHERI_CAPREVOKE
Build userspace with CHERI capability revocation support.

This is a default setting on arm64/aarch64c and riscv/riscv64c.

WITH_CLANG
Build the Clang C/C++ compiler during the normal phase of the build.
WITH_CLANG_BOOTSTRAP
Build the Clang C/C++ compiler during the bootstrap phase of the build.
WITH_CLANG_EXTRAS
Build additional clang and llvm tools, such as bugpoint and clang-format.
WITH_CLANG_FORMAT
Build clang-format.
WITH_CLANG_FULL
Build the ARCMigrate, Rewriter and StaticAnalyzer components of the Clang C/C++ compiler.
WITH_CLEAN
Clean before building world and/or kernel.
WITHOUT_CPP
Do not build cpp(1).
WITHOUT_CROSS_COMPILER
Do not build any cross compiler in the cross-tools stage of buildworld. When compiling a different version of FreeBSD than what is installed on the system, provide an alternate compiler with XCC to ensure success. When compiling with an identical version of FreeBSD to the host, this option may be safely used. This option may also be safe when the host version of FreeBSD is close to the sources being built, but all bets are off if there have been any changes to the toolchain between the versions. When set, it enforces these options:

  • WITHOUT_ELFTOOLCHAIN_BOOTSTRAP
WITHOUT_CRYPT
Do not build any crypto code. When set, it enforces these options:

  • WITHOUT_DMAGENT
  • WITHOUT_KERBEROS
  • WITHOUT_KERBEROS_SUPPORT
  • WITHOUT_LDNS
  • WITHOUT_LDNS_UTILS
  • WITHOUT_LOADER_ZFS
  • WITHOUT_OPENSSH
  • WITHOUT_OPENSSL
  • WITHOUT_OPENSSL_KTLS
  • WITHOUT_PKGBOOTSTRAP
  • WITHOUT_UNBOUND
  • WITHOUT_ZFS
  • WITHOUT_ZFS_TESTS

When set, these options are also in effect:

WITHOUT_GSSAPI
(unless WITH_GSSAPI is set explicitly)
WITH_CTF
Compile with CTF (Compact C Type Format) data. CTF data encapsulates a reduced form of debugging information similar to DWARF and the venerable stabs and is required for DTrace.
WITHOUT_CUSE
Do not build CUSE-related programs and libraries.
WITHOUT_CXGBETOOL
Do not build cxgbetool(8)

This is a default setting on arm/armv7, powerpc/powerpc, riscv/riscv64 and riscv/riscv64c.

WITH_CXGBETOOL
Build cxgbetool(8)

This is a default setting on amd64/amd64, arm64/aarch64, arm64/aarch64c, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le.

WITHOUT_DEBUG_FILES
Avoid building or installing standalone debug files for each executable binary and shared library.
WITH_DETECT_TZ_CHANGES
Make the time handling code detect changes to the timezone files.
WITH_DIALOG
Do build dialog(1), dialog(3), dpv(1), and dpv(3).
WITHOUT_DICT
Do not build the Webster dictionary files.
WITH_DIRDEPS_BUILD
This is an alternate build system. For details see https://www.crufty.net/sjg/docs/freebsd-meta-mode.htm. Build commands can be seen from the top-level with:
make show-valid-targets
The build is driven by dirdeps.mk using DIRDEPS stored in Makefile.depend files found in each directory.

The build can be started from anywhere, and behaves the same. The initial instance of make(1) recursively reads DIRDEPS from Makefile.depend, computing a graph of tree dependencies from the current origin. Setting NO_DIRDEPS skips checking dirdep dependencies and will only build in the current and child directories. NO_DIRDEPS_BELOW skips building any dirdeps and only build the current directory.

This also utilizes the WITH_META_MODE logic for incremental builds.

The build hides commands executed unless NO_SILENT is defined.

Note that there is currently no mass install feature for this. This build is designed for producing packages, that can then be installed on a target system.

The implementation in FreeBSD is incomplete. Completion would require leaf directories for building each kernel and package so that their dependencies can be tracked. When set, it enforces these options:

  • WITH_INSTALL_AS_USER

When set, these options are also in effect:

WITH_META_ERROR_TARGET
(unless WITHOUT_META_ERROR_TARGET is set explicitly)
WITH_META_MODE
(unless WITHOUT_META_MODE is set explicitly)
WITH_STAGING
(unless WITHOUT_STAGING is set explicitly)
WITH_STAGING_MAN
(unless WITHOUT_STAGING_MAN is set explicitly)
WITH_STAGING_PROG
(unless WITHOUT_STAGING_PROG is set explicitly)
WITH_SYSROOT
(unless WITHOUT_SYSROOT is set explicitly)

This must be set in the environment, make command line, or /etc/src-env.conf, not /etc/src.conf.

WITH_DIRDEPS_CACHE
Cache result of dirdeps.mk which can save significant time for subsequent builds. Depends on WITH_DIRDEPS_BUILD.

This must be set in the environment, make command line, or /etc/src-env.conf, not /etc/src.conf.

WITH_DISK_IMAGE_TOOLS_BOOTSTRAP
Build etdump(1), makefs(8) and mkimg(1) as bootstrap tools.
WITHOUT_DMAGENT
Do not build dma Mail Transport Agent.
WITHOUT_DOCCOMPRESS
Do not install compressed system documentation. Only the uncompressed version will be installed.
WITHOUT_DTRACE
Do not build DTrace framework kernel modules, libraries, and user commands.

This is a default setting on arm64/aarch64c and riscv/riscv64c. When set, it enforces these options:

  • WITHOUT_CTF
WITH_DTRACE_ASAN
Compile userspace DTrace code (libdtrace, dtrace(1), lockstat(1), plockstat(1)) with address and undefined behavior sanitizers. Requires that Clang be used as the base system compiler and that the runtime support library is available.
WITH_DTRACE_TESTS
Build and install the DTrace test suite in /usr/tests/cddl/usr.sbin/dtrace. This test suite is considered experimental on architectures other than amd64/amd64 and running it may cause system instability.
WITHOUT_DYNAMICROOT
Set this if you do not want to link /bin and /sbin dynamically.
WITHOUT_EE
Do not build and install edit(1), ee(1), and related programs.
WITHOUT_EFI
Set not to build efivar(3) and efivar(8).

This is a default setting on i386/i386, powerpc/powerpc, powerpc/powerpc64, powerpc/powerpc64le, riscv/riscv64 and riscv/riscv64c.

WITH_EFI
Build efivar(3) and efivar(8).

This is a default setting on amd64/amd64, arm/armv7, arm64/aarch64 and arm64/aarch64c.

WITHOUT_ELFTOOLCHAIN_BOOTSTRAP
Do not build ELF Tool Chain tools (addr2line, nm, size, strings and strip) as part of the bootstrap process.
An alternate bootstrap tool chain must be provided.
WITHOUT_EXAMPLES
Avoid installing examples to /usr/share/examples/.
WITH_EXPERIMENTAL
Include experimental features in the build.
WITHOUT_FDT
Do not build Flattened Device Tree support as part of the base system. This includes the device tree compiler (dtc) and libfdt support library.

This is a default setting on amd64/amd64 and i386/i386.

WITH_FDT
Build Flattened Device Tree support as part of the base system. This includes the device tree compiler (dtc) and libfdt support library.

This is a default setting on arm/armv7, arm64/aarch64, arm64/aarch64c, powerpc/powerpc, powerpc/powerpc64, powerpc/powerpc64le, riscv/riscv64 and riscv/riscv64c.

WITHOUT_FILE
Do not build file(1) and related programs.
WITHOUT_FINGER
Do not build or install finger(1) and fingerd(8).
WITHOUT_FLOPPY
Do not build or install programs for operating floppy disk driver.
WITHOUT_FORMAT_EXTENSIONS
Do not enable -fformat-extensions when compiling the kernel. Also disables all format checking.
WITHOUT_FORTH
Build bootloaders without Forth support.
WITHOUT_FP_LIBC
Build libc without floating-point support.
WITHOUT_FREEBSD_UPDATE
Do not build freebsd-update(8).
WITHOUT_FTP
Do not build or install ftp(1) and ftpd(8).
WITHOUT_GAMES
Do not build games.
WITHOUT_GH_BC
Install the traditional FreeBSD bc(1) and dc(1) programs instead of the enhanced versions.
WITHOUT_GNU_DIFF
Do not build GNU diff3(1); build BSD diff3(1) instead.
WITHOUT_GOOGLETEST
Neither build nor install library “libgmock”, library “libgtest”, and dependent tests.
WITHOUT_GPIO
Do not build gpioctl(8) as part of the base system.
WITHOUT_GSSAPI
Do not build libgssapi.
WITHOUT_HAST
Do not build hastd(8) and related utilities.
WITH_HESIOD
Build Hesiod support.
WITHOUT_HTML
Do not build HTML docs.
WITHOUT_HYPERV
Do not build or install HyperV utilities.

This is a default setting on arm/armv7, arm64/aarch64c, powerpc/powerpc, powerpc/powerpc64, powerpc/powerpc64le, riscv/riscv64 and riscv/riscv64c.

WITH_HYPERV
Build or install HyperV utilities.

This is a default setting on amd64/amd64, arm64/aarch64 and i386/i386.

WITHOUT_ICONV
Do not build iconv as part of libc.
WITHOUT_INCLUDES
Do not install header files. This option used to be spelled NO_INCS.
The option does not work for build targets.
WITHOUT_INET
Do not build programs and libraries related to IPv4 networking. When set, it enforces these options:

  • WITHOUT_INET_SUPPORT
WITHOUT_INET6
Do not build programs and libraries related to IPv6 networking. When set, it enforces these options:

  • WITHOUT_INET6_SUPPORT
WITHOUT_INET6_SUPPORT
Build libraries, programs, and kernel modules without IPv6 support.
WITHOUT_INETD
Do not build inetd(8).
WITHOUT_INET_SUPPORT
Build libraries, programs, and kernel modules without IPv4 support.
WITHOUT_INSTALLLIB
Set this to not install optional libraries. For example, when creating a nanobsd(8) image.
The option does not work for build targets.
WITH_INSTALL_AS_USER
Make install targets succeed for non-root users by installing files with owner and group attributes set to that of the user running the make(1) command. The user still must set the DESTDIR variable to point to a directory where the user has write permissions.
WITHOUT_IPFILTER
Do not build IP Filter package.
WITHOUT_IPFW
Do not build IPFW tools.
WITHOUT_IPSEC_SUPPORT
Do not build the kernel with ipsec(4) support. This option is needed for ipsec(4) and tcpmd5(4).
WITHOUT_ISCSI
Do not build iscsid(8) and related utilities.
WITHOUT_JAIL
Do not build tools for the support of jails; e.g., jail(8).
WITHOUT_JEMALLOC_LG_VADDR_WIDE
Disallow programs to use more than 48 address bits on amd64. Incompatible with LA57 mode. Enabling this option might result in a slight reduction in memory consumption for jemalloc metadata, but also requires disabling LA57 (if hardware supports it).
WITHOUT_KDUMP
Do not build kdump(1) and truss(1).
WITHOUT_KERBEROS
Set this to not build Kerberos 5 (KTH Heimdal). When set, these options are also in effect:

WITHOUT_GSSAPI
(unless WITH_GSSAPI is set explicitly)
WITHOUT_KERBEROS_SUPPORT
(unless WITH_KERBEROS_SUPPORT is set explicitly)
WITHOUT_KERBEROS_SUPPORT
Build some programs without Kerberos support, like ssh(1), telnet(1), and sshd(8).
WITH_KERNEL_BIN
Generate and install kernel.bin from kernel as part of the normal build and install processes for the kernel. Available only on arm and arm64.

Usually this will be added to the kernel config file with:

makeoptions WITH_KERNEL_BIN=1

though it can also be used on the command line.

WITH_KERNEL_RETPOLINE
Enable the "retpoline" mitigation for CVE-2017-5715 in the kernel build.
WITHOUT_KERNEL_SYMBOLS
Do not install standalone kernel debug symbol files. This option has no effect at build time.
WITHOUT_KVM
Do not build the libkvm library as a part of the base system.
The option has no effect yet.
When set, these options are also in effect:

WITHOUT_KVM_SUPPORT
(unless WITH_KVM_SUPPORT is set explicitly)
WITHOUT_KVM_SUPPORT
Build some programs without optional libkvm support.
WITHOUT_LDNS
Setting this variable will prevent the LDNS library from being built. When set, it enforces these options:

  • WITHOUT_LDNS_UTILS
  • WITHOUT_UNBOUND
WITHOUT_LDNS_UTILS
Setting this variable will prevent building the LDNS utilities drill(1) and host(1).
WITHOUT_LEGACY_CONSOLE
Do not build programs that support a legacy PC console; e.g., kbdcontrol(1) and vidcontrol(1).
WITHOUT_LIB32
On 64-bit platforms, do not build 32-bit library set and a ld-elf32.so.1 runtime linker.

This is a default setting on arm/armv7, i386/i386, powerpc/powerpc, powerpc/powerpc64le, riscv/riscv64 and riscv/riscv64c.

WITH_LIB32
On 64-bit platforms, build the 32-bit library set and a ld-elf32.so.1 runtime linker.

This is a default setting on amd64/amd64, arm64/aarch64, arm64/aarch64c and powerpc/powerpc64.

WITHOUT_LIB64
On CHERI platforms, do not build the 64-bit library set and a ld-elf64.so.1 runtime linker.

This is a default setting on amd64/amd64, arm/armv7, arm64/aarch64, i386/i386, powerpc/powerpc, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64.

WITH_LIB64
On CHERI platforms, build the 64-bit library set and a ld-elf64.so.1 runtime linker.

This is a default setting on arm64/aarch64c and riscv/riscv64c.

WITH_LIB64C
On 64-bit platforms, build the CHERIABI library set and a ld-elf64c.so.1 runtime linker.
WITH_LLD
Build LLVM's lld linker.
WITH_LLDB
Build the LLDB debugger.
WITH_LLD_BOOTSTRAP
Build the LLD linker during the bootstrap phase of the build, and use it during buildworld and buildkernel.
WITHOUT_LLVM_ASSERTIONS
Disable debugging assertions in LLVM.
WITH_LLVM_BINUTILS
Install LLVM's binutils (without an llvm- prefix), instead of ELF Tool Chain's tools. This includes addr2line(1), ar(1), nm(1), objcopy(1), ranlib(1), readelf(1), size(1), and strip(1). Regardless of this setting, LLVM tools are used for c++filt(1) and objdump(1). strings(1) is always provided by ELF Tool Chain.
WITH_LLVM_COV
Build the llvm-cov(1) tool.
WITHOUT_LLVM_CXXFILT
Install ELF Tool Chain's cxxfilt as c++filt, instead of LLVM's llvm-cxxfilt.
WITH_LLVM_FULL_DEBUGINFO
Generate full debug information for LLVM libraries and tools, which uses more disk space and build resources, but allows for easier debugging.
WITHOUT_LLVM_TARGET_AARCH64
Do not build LLVM target support for AArch64. The LLVM_TARGET_ALL option should be used rather than this in most cases.

This is a default setting on amd64/amd64, arm/armv7, i386/i386, powerpc/powerpc, powerpc/powerpc64, powerpc/powerpc64le, riscv/riscv64 and riscv/riscv64c.

WITH_LLVM_TARGET_AARCH64
Build LLVM target support for AArch64. The LLVM_TARGET_ALL option should be used rather than this in most cases.

This is a default setting on arm64/aarch64 and arm64/aarch64c.

WITH_LLVM_TARGET_ALL
Build support for all LLVM targets. This option is always applied to the bootstrap compiler for buildworld when LLVM is used. When set, these options are also in effect:

WITH_LLVM_TARGET_AARCH64
(unless WITHOUT_LLVM_TARGET_AARCH64 is set explicitly)
WITH_LLVM_TARGET_ARM
(unless WITHOUT_LLVM_TARGET_ARM is set explicitly)
WITH_LLVM_TARGET_POWERPC
(unless WITHOUT_LLVM_TARGET_POWERPC is set explicitly)
WITH_LLVM_TARGET_RISCV
(unless WITHOUT_LLVM_TARGET_RISCV is set explicitly)
WITHOUT_LLVM_TARGET_ARM
Do not build LLVM target support for ARM. The LLVM_TARGET_ALL option should be used rather than this in most cases.

This is a default setting on amd64/amd64, i386/i386, powerpc/powerpc, powerpc/powerpc64, powerpc/powerpc64le, riscv/riscv64 and riscv/riscv64c.

WITH_LLVM_TARGET_ARM
Build LLVM target support for ARM. The LLVM_TARGET_ALL option should be used rather than this in most cases.

This is a default setting on arm/armv7, arm64/aarch64 and arm64/aarch64c.

WITH_LLVM_TARGET_BPF
Build LLVM target support for BPF. The LLVM_TARGET_ALL option should be used rather than this in most cases.
WITH_LLVM_TARGET_MIPS
Build LLVM target support for MIPS. The LLVM_TARGET_ALL option should be used rather than this in most cases.
WITHOUT_LLVM_TARGET_POWERPC
Do not build LLVM target support for PowerPC. The LLVM_TARGET_ALL option should be used rather than this in most cases.

This is a default setting on amd64/amd64, arm/armv7, arm64/aarch64, arm64/aarch64c, i386/i386, riscv/riscv64 and riscv/riscv64c.

WITH_LLVM_TARGET_POWERPC
Build LLVM target support for PowerPC. The LLVM_TARGET_ALL option should be used rather than this in most cases.

This is a default setting on powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpc64le.

WITHOUT_LLVM_TARGET_RISCV
Do not build LLVM target support for RISC-V. The LLVM_TARGET_ALL option should be used rather than this in most cases.

This is a default setting on amd64/amd64, arm/armv7, arm64/aarch64, arm64/aarch64c, i386/i386, powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpc64le.

WITH_LLVM_TARGET_RISCV
Build LLVM target support for RISC-V. The LLVM_TARGET_ALL option should be used rather than this in most cases.

This is a default setting on riscv/riscv64 and riscv/riscv64c.

WITHOUT_LLVM_TARGET_X86
Do not build LLVM target support for X86. The LLVM_TARGET_ALL option should be used rather than this in most cases.

This is a default setting on arm/armv7, arm64/aarch64, arm64/aarch64c, powerpc/powerpc, powerpc/powerpc64, powerpc/powerpc64le, riscv/riscv64 and riscv/riscv64c.

WITH_LLVM_TARGET_X86
Build LLVM target support for X86. The LLVM_TARGET_ALL option should be used rather than this in most cases.

This is a default setting on amd64/amd64 and i386/i386.

WITH_LOADER_BIOS_TEXTONLY
Use the old, FreeBSD 12 vidconsole.c. This only supports text mode without teken, without any graphics, font or video mode support. This setting only affects the i386 and amd64 BIOS boot loader.
WITH_LOADER_EFI_SECUREBOOT
Enable building loader(8) with support for verification based on certificates obtained from UEFI.
WITHOUT_LOADER_GELI
Disable inclusion of GELI crypto support in the boot chain binaries.

This is a default setting on powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpc64le.

WITH_LOADER_GELI
Build GELI bootloader support.

This is a default setting on amd64/amd64, arm/armv7, arm64/aarch64, arm64/aarch64c, i386/i386, riscv/riscv64 and riscv/riscv64c.

WITHOUT_LOADER_IA32
Do not build the 32-bit UEFI loader.

This is a default setting on arm/armv7, arm64/aarch64, arm64/aarch64c, i386/i386, powerpc/powerpc, powerpc/powerpc64, powerpc/powerpc64le, riscv/riscv64 and riscv/riscv64c.

WITH_LOADER_IA32
Build the 32-bit UEFI loader.

This is a default setting on amd64/amd64.

WITHOUT_LOADER_KBOOT
Do not build kboot, a linuxboot environment loader

This is a default setting on arm/armv7, arm64/aarch64c, i386/i386, powerpc/powerpc, powerpc/powerpc64le, riscv/riscv64 and riscv/riscv64c.

WITH_LOADER_KBOOT
Build kboot, a linuxboot environment loader

This is a default setting on amd64/amd64, arm64/aarch64 and powerpc/powerpc64.

WITHOUT_LOADER_LUA
Do not build LUA bindings for the boot loader.

This is a default setting on powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpc64le.

WITH_LOADER_LUA
Build LUA bindings for the boot loader.

This is a default setting on amd64/amd64, arm/armv7, arm64/aarch64, arm64/aarch64c, i386/i386, riscv/riscv64 and riscv/riscv64c.

WITHOUT_LOADER_OFW
Disable building of openfirmware bootloader components.

This is a default setting on amd64/amd64, arm/armv7, arm64/aarch64, arm64/aarch64c, i386/i386, riscv/riscv64 and riscv/riscv64c.

WITH_LOADER_OFW
Build openfirmware bootloader components.

This is a default setting on powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpc64le.

WITHOUT_LOADER_PXEBOOT
Do not build pxeboot on i386/amd64. When the pxeboot is too large, or unneeded, it may be disabled with this option. See WITH_LOADER_PXEBOOT for how to adjust the defaults when you need both a larger /boot/loader and /boot/pxeboot

This option only has an effect on x86.

WITHOUT_LOADER_UBOOT
Disable building of ubldr.

This is a default setting on amd64/amd64, arm64/aarch64, arm64/aarch64c, i386/i386, powerpc/powerpc64le, riscv/riscv64 and riscv/riscv64c.

WITH_LOADER_UBOOT
Build ubldr.

This is a default setting on arm/armv7, powerpc/powerpc and powerpc/powerpc64.

WITH_LOADER_VERBOSE
Build with extra verbose debugging in the loader. May explode already nearly too large loader over the limit. Use with care.
WITH_LOADER_VERIEXEC
Enable building loader(8) with support for verification similar to Verified Exec.

Depends on WITH_BEARSSL. May require a larger LOADERSIZE. When set, these options are also in effect:

WITH_LOADER_EFI_SECUREBOOT
(unless WITHOUT_LOADER_EFI_SECUREBOOT is set explicitly)
WITH_LOADER_VERIEXEC_VECTX
(unless WITHOUT_LOADER_VERIEXEC_VECTX is set explicitly)
WITH_LOADER_VERIEXEC_PASS_MANIFEST
Enable building loader(8) with support to pass a verified manifest to the kernel. The kernel has to be built with a module to parse the manifest.

Depends on WITH_LOADER_VERIEXEC.

WITH_LOADER_VERIEXEC_VECTX
Enable building loader(8) with support for hashing and verifying kernel and modules as a side effect of loading.

Depends on WITH_LOADER_VERIEXEC.

WITHOUT_LOADER_ZFS
Do not build ZFS file system boot loader support.
WITHOUT_LOCALES
Do not build localization files; see locale(1).
WITHOUT_LOCATE
Do not build locate(1) and related programs.
WITHOUT_LPR
Do not build lpr(1) and related programs.
WITHOUT_LS_COLORS
Build ls(1) without support for colors to distinguish file types.
WITHOUT_MACHDEP_OPTIMIZATIONS
Prefer machine-independent non-assembler code in libc and libm.
WITHOUT_MAIL
Do not build any mail support (MUA or MTA). When set, it enforces these options:

  • WITHOUT_DMAGENT
  • WITHOUT_MAILWRAPPER
  • WITHOUT_SENDMAIL
WITHOUT_MAILWRAPPER
Do not build the mailwrapper(8) MTA selector.
WITHOUT_MAKE
Do not install make(1) and related support files.
WITHOUT_MAKE_CHECK_USE_SANDBOX
Do not execute “make check” in limited sandbox mode. This option should be paired with WITH_INSTALL_AS_USER if executed as an unprivileged user. See tests(7) for more details.
WITH_MALLOC_PRODUCTION
Disable assertions and statistics gathering in malloc(3). It also defaults the A and J runtime options to off.
WITH_MALLOC_REVOCATION_SHIM
Enable the malloc revocation shim (mrs) wrapper.

This is a default setting on arm64/aarch64c and riscv/riscv64c.

WITHOUT_MAN
Do not build manual pages. When set, these options are also in effect:

WITHOUT_MAN_UTILS
(unless WITH_MAN_UTILS is set explicitly)
WITHOUT_MANCOMPRESS
Do not install compressed man pages. Only the uncompressed versions will be installed.
WITHOUT_MANSPLITPKG
Do not split man pages into their own packages during make package.
WITHOUT_MAN_UTILS
Do not build utilities for manual pages, apropos(1), makewhatis(1), man(1), whatis(1), manctl(8), and related support files.
WITH_META_ERROR_TARGET
Enable the META_MODE .ERROR target.

This target will copy the meta file of a failed target to ERROR_LOGDIR (default is ‘${SRCTOP:H}/error’) to help with failure analysis. Depends on WITH_META_MODE. This default when WITH_DIRDEPS_BUILD is set.

This must be set in the environment, make command line, or /etc/src-env.conf, not /etc/src.conf.

WITH_META_MODE
Create make(1) meta files when building, which can provide a reliable incremental build when using filemon(4). The meta file is created in OBJDIR as target.meta. These meta files track the command that was executed, its output, and the current directory. The filemon(4) module is required unless NO_FILEMON is defined. When the module is loaded, any files used by the commands executed are tracked as dependencies for the target in its meta file. The target is considered out-of-date and rebuilt if any of these conditions are true compared to the last build:
  • The command to execute changes.
  • The current working directory changes.
  • The target's meta file is missing.
  • The target's meta file is missing filemon data when filemon is loaded and a previous run did not have it loaded.
  • [requires filemon(4)] Files read, executed or linked to are newer than the target.
  • [requires filemon(4)] Files read, written, executed or linked are missing.
The meta files can also be useful for debugging.

The build hides commands that are executed unless NO_SILENT is defined. Errors cause make(1) to show some of its environment for further debugging.

The build operates as it normally would otherwise. This option originally invoked a different build system but that was renamed to WITH_DIRDEPS_BUILD.

This must be set in the environment, make command line, or /etc/src-env.conf, not /etc/src.conf.

WITHOUT_MLX5TOOL
Do not build mlx5tool(8)

This is a default setting on arm/armv7, powerpc/powerpc, riscv/riscv64 and riscv/riscv64c.

WITH_MLX5TOOL
Build mlx5tool(8)

This is a default setting on amd64/amd64, arm64/aarch64, arm64/aarch64c, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le.

WITHOUT_NETCAT
Do not build nc(1) utility.
WITHOUT_NETGRAPH
Do not build applications to support netgraph(4). When set, it enforces these options:

  • WITHOUT_BLUETOOTH

When set, these options are also in effect:

WITHOUT_NETGRAPH_SUPPORT
(unless WITH_NETGRAPH_SUPPORT is set explicitly)
WITHOUT_NETGRAPH_SUPPORT
Build libraries, programs, and kernel modules without netgraph support.
Do not build genl(1) utility.
Make libraries and programs use rtsock and sysctl(3) interfaces instead of snl(3).
WITHOUT_NIS
Do not build NIS(8) support and related programs. If set, you might need to adopt your nsswitch.conf(5) and remove ‘nis’ entries.
WITHOUT_NLS
Do not build NLS catalogs. When set, it enforces these options:

  • WITHOUT_NLS_CATALOGS
WITHOUT_NLS_CATALOGS
Do not build NLS catalog support for csh(1).
WITHOUT_NS_CACHING
Disable name caching in the nsswitch subsystem. The generic caching daemon, nscd(8), will not be built either if this option is set.

This is a default setting on arm64/aarch64c and riscv/riscv64c.

WITHOUT_NTP
Do not build ntpd(8) and related programs.
WITHOUT_NUAGEINIT
Do not install the limited cloud init support scripts.
WITHOUT_OFED
Do not build the “OpenFabrics Enterprise Distribution” InfiniBand software stack, including kernel modules and userspace libraries.

This is a default setting on arm/armv7, arm64/aarch64c and riscv/riscv64c. When set, it enforces these options:

  • WITHOUT_OFED_EXTRA
WITH_OFED
Build the “OpenFabrics Enterprise Distribution” InfiniBand software stack, including kernel modules and userspace libraries.

This is a default setting on amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64.

WITH_OFED_EXTRA
Build the non-essential components of the “OpenFabrics Enterprise Distribution” Infiniband software stack, mostly examples.
WITH_OPENLDAP
Enable building LDAP support for kerberos using an openldap client from ports.
WITHOUT_OPENMP
Do not build LLVM's OpenMP runtime.

This is a default setting on arm/armv7, arm64/aarch64c, powerpc/powerpc and riscv/riscv64c.

WITH_OPENMP
Build LLVM's OpenMP runtime.

This is a default setting on amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64, powerpc/powerpc64le and riscv/riscv64.

WITHOUT_OPENSSH
Do not build OpenSSH.
WITHOUT_OPENSSL
Do not build OpenSSL. When set, it enforces these options:

  • WITHOUT_DMAGENT
  • WITHOUT_KERBEROS
  • WITHOUT_KERBEROS_SUPPORT
  • WITHOUT_LDNS
  • WITHOUT_LDNS_UTILS
  • WITHOUT_LOADER_ZFS
  • WITHOUT_OPENSSH
  • WITHOUT_OPENSSL_KTLS
  • WITHOUT_PKGBOOTSTRAP
  • WITHOUT_UNBOUND
  • WITHOUT_ZFS
  • WITHOUT_ZFS_TESTS

When set, these options are also in effect:

WITHOUT_GSSAPI
(unless WITH_GSSAPI is set explicitly)
WITHOUT_OPENSSL_KTLS
Do not include kernel TLS support in OpenSSL.

This is a default setting on arm/armv7, i386/i386, powerpc/powerpc, riscv/riscv64 and riscv/riscv64c.

WITH_OPENSSL_KTLS
Include kernel TLS support in OpenSSL.

This is a default setting on amd64/amd64, arm64/aarch64, arm64/aarch64c, powerpc/powerpc64 and powerpc/powerpc64le.

WITHOUT_PAM
Do not build PAM library and modules.
This option is deprecated and does nothing.
When set, these options are also in effect:

WITHOUT_PAM_SUPPORT
(unless WITH_PAM_SUPPORT is set explicitly)
WITHOUT_PAM_SUPPORT
Build some programs without PAM support, particularly ftpd(8) and ppp(8).
WITHOUT_PF
Do not build PF firewall package. When set, it enforces these options:

  • WITHOUT_AUTHPF
WITHOUT_PIE
Do not build dynamically linked binaries as Position-Independent Executable (PIE).

This is a default setting on arm/armv7, i386/i386 and powerpc/powerpc.

WITH_PIE
Build dynamically linked binaries as Position-Independent Executable (PIE).

This is a default setting on amd64/amd64, arm64/aarch64, arm64/aarch64c, powerpc/powerpc64, powerpc/powerpc64le, riscv/riscv64 and riscv/riscv64c.

WITHOUT_PKGBOOTSTRAP
Do not build pkg(7) bootstrap tool.
WITHOUT_PMC
Do not build pmccontrol(8) and related programs.
WITHOUT_PPP
Do not build ppp(8) and related programs.
WITH_PROFILE
Build profiled libraries for use with gprof(8). This option is deprecated and may not be present in a future version of FreeBSD.
WITHOUT_PTHREADS_ASSERTIONS
Disable debugging assertions in pthreads library.
WITHOUT_QUOTAS
Do not build quota(1) and related programs.
WITHOUT_RADIUS_SUPPORT
Do not build radius support into various applications, like pam_radius(8) and ppp(8).
WITH_RATELIMIT
Build the system with rate limit support.

This makes SO_MAX_PACING_RATE effective in getsockopt(2), and txrlimit support in ifconfig(8), by proxy.

WITHOUT_RBOOTD
Do not build or install rbootd(8).
WITHOUT_RELRO
Do not apply the Relocation Read-Only (RELRO) vulnerability mitigation. See also the BIND_NOW option.
WITH_REPRODUCIBLE_BUILD
Exclude build metadata (such as the build time, user, or host) from the kernel, boot loaders, and uname output, so that builds produce bit-for-bit identical output.
WITHOUT_RESCUE
Do not build rescue(8).
WITH_RETPOLINE
Build the base system with the retpoline speculative execution vulnerability mitigation for CVE-2017-5715.
WITHOUT_ROUTED
Do not build routed(8) utility.
WITH_RPCBIND_WARMSTART_SUPPORT
Build rpcbind(8) with warmstart support.
WITHOUT_SCTP_SUPPORT
Disable support in the kernel for the sctp(4) Stream Control Transmission Protocol loadable kernel module.
WITHOUT_SENDMAIL
Do not build sendmail(8) and related programs.
WITHOUT_SERVICESDB
Do not install /var/db/services.db.
WITHOUT_SETUID_LOGIN
Set this to disable the installation of login(1) as a set-user-ID root program.
WITHOUT_SHAREDOCS
Do not build the 4.4BSD legacy docs.
WITH_SORT_THREADS
Enable threads in sort(1).
WITHOUT_SOURCELESS
Do not build kernel modules that include sourceless code (either microcode or native code for host CPU). When set, it enforces these options:

  • WITHOUT_SOURCELESS_HOST
  • WITHOUT_SOURCELESS_UCODE
WITHOUT_SOURCELESS_HOST
Do not build kernel modules that include sourceless native code for host CPU.
WITHOUT_SOURCELESS_UCODE
Do not build kernel modules that include sourceless microcode.
WITHOUT_SPLIT_KERNEL_DEBUG
Do not build standalone kernel debug files. Debug data (if enabled by the kernel configuration file) will be included in the kernel and modules. When set, it enforces these options:

  • WITHOUT_KERNEL_SYMBOLS
WITHOUT_SSP
Do not build world with stack smashing protection. See security(7) for more information.
WITH_STAGING
Enable staging of files to a stage tree. This can be best thought of as auto-install to DESTDIR with some extra meta data to ensure dependencies can be tracked. Depends on WITH_DIRDEPS_BUILD. When set, these options are also in effect:

WITH_STAGING_MAN
(unless WITHOUT_STAGING_MAN is set explicitly)
WITH_STAGING_PROG
(unless WITHOUT_STAGING_PROG is set explicitly)

This must be set in the environment, make command line, or /etc/src-env.conf, not /etc/src.conf.

WITH_STAGING_MAN
Enable staging of man pages to stage tree.
WITH_STAGING_PROG
Enable staging of PROGs to stage tree.
WITH_STALE_STAGED
Check staged files are not stale.
WITHOUT_STATS
Neither build nor install library “libstats” and dependent binaries.
WITHOUT_SYSCONS
Do not build syscons(4) support files such as keyboard maps, fonts, and screen output maps.
WITH_SYSROOT
Enable use of sysroot during build. Depends on WITH_DIRDEPS_BUILD.

This must be set in the environment, make command line, or /etc/src-env.conf, not /etc/src.conf.

WITHOUT_SYSTEM_COMPILER
Do not opportunistically skip building a cross-compiler during the bootstrap phase of the build. Normally, if the currently installed compiler matches the planned bootstrap compiler type and revision, then it will not be built. This does not prevent a compiler from being built for installation though, only for building one for the build itself. The WITHOUT_CLANG option controls that.
WITHOUT_SYSTEM_LINKER
Do not opportunistically skip building a cross-linker during the bootstrap phase of the build. Normally, if the currently installed linker matches the planned bootstrap linker type and revision, then it will not be built. This does not prevent a linker from being built for installation though, only for building one for the build itself. The WITHOUT_LLD option controls that.

This option is only relevant when WITH_LLD_BOOTSTRAP is set.

WITHOUT_TALK
Do not build or install talk(1) and talkd(8).
WITHOUT_TCP_WRAPPERS
Do not build or install tcpd(8), and related utilities.
WITHOUT_TCSH
Do not build and install /bin/csh (which is tcsh(1)).
WITHOUT_TELNET
Do not build telnet(1) and related programs.
WITHOUT_TESTS
Do not build nor install the FreeBSD Test Suite in /usr/tests/. See tests(7) for more details. This also disables the build of all test-related dependencies, including ATF. When set, it enforces these options:

  • WITHOUT_DTRACE_TESTS
  • WITHOUT_ZFS_TESTS

When set, these options are also in effect:

WITHOUT_GOOGLETEST
(unless WITH_GOOGLETEST is set explicitly)
WITHOUT_TESTS_SUPPORT
(unless WITH_TESTS_SUPPORT is set explicitly)
WITHOUT_TESTS_SUPPORT
Disable the build of all test-related dependencies, including ATF. When set, it enforces these options:

  • WITHOUT_GOOGLETEST
WITHOUT_TEXTPROC
Do not build programs used for text processing.
WITHOUT_TFTP
Do not build or install tftp(1) and tftpd(8).
WITHOUT_TOOLCHAIN
Do not install programs used for program development, compilers, debuggers etc.
WITH_UBSAN
Build the base system with Undefined Behavior Sanitizer (UBSan) to detect various kinds of undefined behavior at runtime. Requires that Clang be used as the base system compiler and that the runtime support library is available
WITHOUT_UNBOUND
Do not build unbound(8) and related programs.
WITH_UNDEFINED_VERSION
Link libraries with --undefined-version which permits version maps to contain symbols that are not present in the library. If this is necessary to build a particular configuration, a bug is present and the configuration should be reported.
WITHOUT_UNIFIED_OBJDIR
Use the historical object directory format for build(7) targets. For native-builds and builds done directly in sub-directories the format of ${MAKEOBJDIRPREFIX}/${.CURDIR} is used, while for cross-builds ${MAKEOBJDIRPREFIX}/${TARGET}.${TARGET_ARCH}/${.CURDIR} is used.

This option is transitional and will be removed in a future version of FreeBSD, at which time WITH_UNIFIED_OBJDIR will be enabled permanently.

This must be set in the environment, make command line, or /etc/src-env.conf, not /etc/src.conf.

WITHOUT_USB
Do not build USB-related programs and libraries.
WITHOUT_USB_GADGET_EXAMPLES
Do not build USB gadget kernel modules.
WITHOUT_UTMPX
Do not build user accounting tools such as last(1), users(1), who(1), ac(8), lastlogin(8) and utx(8).
WITH_VERIEXEC
Enable building veriexec(8) which loads the contents of verified manifests into the kernel for use by mac_veriexec(4)

Depends on WITH_BEARSSL.

WITHOUT_VI
Do not build and install vi, view, ex and related programs.
WITHOUT_VT
Do not build vt(4) support files (fonts and keymaps).
WITHOUT_WARNS
Set this to not add warning flags to the compiler invocations. Useful as a temporary workaround when code enters the tree which triggers warnings in environments that differ from the original developer.
WITHOUT_WERROR
Set this to not treat compiler warnings as errors. Useful as a temporary workaround when working on fixing compiler warnings. When set, warnings are still printed in the build log but do not fail the build.
WITHOUT_WIRELESS
Do not build programs used for 802.11 wireless networks; especially wpa_supplicant(8) and hostapd(8). When set, these options are also in effect:

WITHOUT_WIRELESS_SUPPORT
(unless WITH_WIRELESS_SUPPORT is set explicitly)
WITHOUT_WIRELESS_SUPPORT
Build libraries, programs, and kernel modules without 802.11 wireless support.
WITHOUT_WPA_SUPPLICANT_EAPOL
Build wpa_supplicant(8) without support for the IEEE 802.1X protocol and without support for EAP-PEAP, EAP-TLS, EAP-LEAP, and EAP-TTLS protocols (usable only via 802.1X).
WITHOUT_ZFS
Do not build the ZFS file system kernel module, libraries such as libbe(3), and user commands such as zpool(8) or zfs(8). Also disable ZFS support in utilities and libraries which implement ZFS-specific functionality. When set, it enforces these options:

  • WITHOUT_ZFS_TESTS
WITHOUT_ZFS_TESTS
Do not build and install the legacy ZFS test suite.
WITHOUT_ZONEINFO
Do not build the timezone database. When set, it enforces these options:

  • WITHOUT_ZONEINFO_LEAPSECONDS_SUPPORT
WITH_ZONEINFO_LEAPSECONDS_SUPPORT
Build leapsecond information in to the timezone database.

The following options accept a single value from a list of valid values.

INIT_ALL
Control default initialization of stack variables in C and C++ code. Options other than none require the Clang compiler or GCC 12.0 or later. The default value is none. Valid values are:
Do not initialize stack variables (standard C/C++ behavior).
Build the base system or kernel with stack variables initialized to (compiler defined) debugging patterns on function entry.
Build the base system or kernel with stack variables initialized to zero on function entry. This value is converted to none for amd64 kernel builds due to incompatability with ifunc memset.
LIBC_MALLOC
Specify the malloc(3) implementation used by libc. The default value is jemalloc. Valid values are:
 

Other implementations are expected in the future in both FreeBSD and downstream consumers.

/etc/src.conf
 
/etc/src-env.conf
 
/usr/share/mk/bsd.own.mk
 

make(1), make.conf(5), build(7), ports(7)

The src.conf file appeared in FreeBSD 7.0.

This manual page was autogenerated by tools/build/options/makeman.

January 11, 2025 dev