You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
150 lines
4.8 KiB
150 lines
4.8 KiB
Copyright (c) 2009-2010 Satoshi Nakamoto |
|
Copyright (c) 2011 Bitcoin Developers |
|
Distributed under the MIT/X11 software license, see the accompanying |
|
file license.txt or http://www.opensource.org/licenses/mit-license.php. |
|
This product includes software developed by the OpenSSL Project for use in |
|
the OpenSSL Toolkit (http://www.openssl.org/). This product includes |
|
cryptographic software written by Eric Young (eay@cryptsoft.com) and UPnP |
|
software written by Thomas Bernard. |
|
|
|
|
|
UNIX BUILD NOTES |
|
================ |
|
|
|
To Build |
|
-------- |
|
|
|
cd src/ |
|
make -f makefile.unix # Headless bitcoin |
|
|
|
See readme-qt.rst for instructions on building Bitcoin QT, |
|
the graphical bitcoin. |
|
|
|
Dependencies |
|
------------ |
|
|
|
Library Purpose Description |
|
------- ------- ----------- |
|
libssl SSL Support Secure communications |
|
libdb4.8 Berkeley DB Blockchain & wallet storage |
|
libboost Boost C++ Library |
|
miniupnpc UPnP Support Optional firewall-jumping support |
|
|
|
miniupnpc may be used for UPnP port mapping. It can be downloaded from |
|
http://miniupnp.tuxfamily.org/files/. UPnP support is compiled in and |
|
turned off by default. Set USE_UPNP to a different value to control this: |
|
USE_UPNP= No UPnP support - miniupnp not required |
|
USE_UPNP=0 (the default) UPnP support turned off by default at runtime |
|
USE_UPNP=1 UPnP support turned on by default at runtime |
|
|
|
Licenses of statically linked libraries: |
|
Berkeley DB New BSD license with additional requirement that linked |
|
software must be free open source |
|
Boost MIT-like license |
|
miniupnpc New (3-clause) BSD license |
|
|
|
Versions used in this release: |
|
GCC 4.3.3 |
|
OpenSSL 0.9.8g |
|
Berkeley DB 4.8.30.NC |
|
Boost 1.37 |
|
miniupnpc 1.6 |
|
|
|
|
|
Dependency Build Instructions: Ubuntu & Debian |
|
---------------------------------------------- |
|
sudo apt-get install build-essential |
|
sudo apt-get install libssl-dev |
|
sudo apt-get install libdb4.8-dev |
|
sudo apt-get install libdb4.8++-dev |
|
Boost 1.40+: sudo apt-get install libboost-all-dev |
|
or Boost 1.37: sudo apt-get install libboost1.37-dev |
|
|
|
If using Boost 1.37, append -mt to the boost libraries in the makefile. |
|
|
|
|
|
Dependency Build Instructions: Gentoo |
|
------------------------------------- |
|
|
|
Note: If you just want to install bitcoind on Gentoo, you can add the Bitcoin |
|
overlay and use your package manager: |
|
layman -a bitcoin && emerge bitcoind |
|
|
|
emerge -av1 --noreplace boost glib openssl sys-libs/db:4.8 |
|
|
|
Take the following steps to build (no UPnP support): |
|
cd ${BITCOIN_DIR}/src |
|
make -f makefile.unix USE_UPNP= BDB_INCLUDE_PATH='/usr/include/db4.8' |
|
strip bitcoind |
|
|
|
|
|
Notes |
|
----- |
|
The release is built with GCC and then "strip bitcoind" to strip the debug |
|
symbols, which reduces the executable size by about 90%. |
|
|
|
|
|
miniupnpc |
|
--------- |
|
tar -xzvf miniupnpc-1.6.tar.gz |
|
cd miniupnpc-1.6 |
|
make |
|
sudo su |
|
make install |
|
|
|
|
|
Berkeley DB |
|
----------- |
|
You need Berkeley DB 4.8. If you have to build Berkeley DB yourself: |
|
../dist/configure --enable-cxx |
|
make |
|
|
|
|
|
Boost |
|
----- |
|
If you need to build Boost yourself: |
|
sudo su |
|
./bootstrap.sh |
|
./bjam install |
|
|
|
|
|
Security |
|
-------- |
|
To help make your bitcoin installation more secure by making certain attacks impossible to |
|
exploit even if a vulnerability is found, you can take the following measures: |
|
|
|
* Position Independent Executable |
|
Build position independent code to take advantage of Address Space Layout Randomization |
|
offered by some kernels. An attacker who is able to cause execution of code at an arbitrary |
|
memory location is thwarted if he doesn't know where anything useful is located. |
|
The stack and heap are randomly located by default but this allows the code section to be |
|
randomly located as well. |
|
|
|
On an Amd64 processor where a library was not compiled with -fPIC, this will cause an error |
|
such as: "relocation R_X86_64_32 against `......' can not be used when making a shared object;" |
|
|
|
To build with PIE, use: |
|
make -f makefile.unix ... -e PIE=1 |
|
|
|
To test that you have built PIE executable, install scanelf, part of paxutils, and use: |
|
scanelf -e ./bitcoin |
|
|
|
The output should contain: |
|
TYPE |
|
ET_DYN |
|
|
|
* Non-executable Stack |
|
If the stack is executable then trivial stack based buffer overflow exploits are possible if |
|
vulnerable buffers are found. By default, bitcoin should be built with a non-executable stack |
|
but if one of the libraries it uses asks for an executable stack or someone makes a mistake |
|
and uses a compiler extension which requires an executable stack, it will silently build an |
|
executable without the non-executable stack protection. |
|
|
|
To verify that the stack is non-executable after compiling use: |
|
scanelf -e ./bitcoin |
|
|
|
the output should contain: |
|
STK/REL/PTL |
|
RW- R-- RW- |
|
|
|
The STK RW- means that the stack is readable and writeable but not executable.
|
|
|