Updated build documentation (unix).
This commit is contained in:
parent
a57e4f66ba
commit
0c01e8a8e3
1 changed files with 45 additions and 45 deletions
|
@ -31,17 +31,17 @@ Optional:
|
|||
- miniupnpc (UPnP Support)
|
||||
|
||||
Versions used in this release:
|
||||
- GCC 4.3.3
|
||||
- OpenSSL 1.0.1c
|
||||
- Berkeley DB 4.8.30.NC (not 5.x!)
|
||||
- Boost 1.48
|
||||
- GMP 5.0.2
|
||||
- miniupnpc 1.6
|
||||
- GCC 4.3.3
|
||||
- OpenSSL 1.0.1c
|
||||
- Berkeley DB 4.8.30.NC (not 5.x!)
|
||||
- Boost 1.48
|
||||
- GMP 5.0.2
|
||||
- miniupnpc 1.6
|
||||
|
||||
Licenses of statically linked libraries:
|
||||
- Berkeley DB: New BSD license with additional requirement that linked software must be free open source
|
||||
- Boost: MIT-like license
|
||||
- miniupnpc: New (3-clause) BSD license
|
||||
- Berkeley DB: New BSD license with additional requirement that linked software must be free open source
|
||||
- Boost: MIT-like license
|
||||
- miniupnpc: New (3-clause) BSD license
|
||||
|
||||
|
||||
Dependency Build Instructions: Ubuntu & Debian
|
||||
|
@ -52,16 +52,16 @@ Build requirements:
|
|||
|
||||
Berkeley db4.8 packages are available [here](https://launchpad.net/~bitcoin/+archive/bitcoin):
|
||||
|
||||
sudo add-apt-repository ppa:bitcoin/bitcoin
|
||||
sudo apt-get update
|
||||
sudo apt-get install libdb4.8-dev libdb4.8++-dev
|
||||
sudo add-apt-repository ppa:bitcoin/bitcoin
|
||||
sudo apt-get update
|
||||
sudo apt-get install libdb4.8-dev libdb4.8++-dev
|
||||
|
||||
Ubuntu precise has packages for libdb5.1-dev and libdb5.1++-dev,
|
||||
but using these will break binary wallet compatibility, and is not recommended.
|
||||
|
||||
If you have trouble with libboost dependencies, make sure these are installed:
|
||||
|
||||
sudo apt-get install libboost-timer1.48-dev libboost-chrono1.48-dev libboost-filesystem1.48-dev libboost-system1.48-dev libboost-program-options1.48-dev libboost-thread1.48-dev
|
||||
sudo apt-get install libboost-timer1.48-dev libboost-chrono1.48-dev libboost-filesystem1.48-dev libboost-system1.48-dev libboost-program-options1.48-dev libboost-thread1.48-dev
|
||||
|
||||
(If using Boost 1.37, append -mt to the boost libraries in the makefile)
|
||||
|
||||
|
@ -74,13 +74,13 @@ It can be downloaded from [here](http://miniupnp.tuxfamily.org/files/).
|
|||
UPnP support is compiled in and turned off by default.
|
||||
Set USE_UPNP to a different value to control this:
|
||||
|
||||
USE_UPNP= No UPnP support miniupnp not required
|
||||
USE_UPNP=0 (the default) UPnP support turned off by default at runtime
|
||||
USE_UPNP=1 UPnP support turned on by default at runtime
|
||||
USE_UPNP= No UPnP support miniupnp not required
|
||||
USE_UPNP=0 (the default) UPnP support turned off by default at runtime
|
||||
USE_UPNP=1 UPnP support turned on by default at runtime
|
||||
|
||||
IPv6 support may be disabled by setting:
|
||||
|
||||
USE_IPV6=0 Disable IPv6 support
|
||||
USE_IPV6=0 Disable IPv6 support
|
||||
|
||||
|
||||
Compiling Berkeley DB
|
||||
|
@ -102,11 +102,11 @@ If you need to build Boost yourself:
|
|||
|
||||
Compiling miniupnpc
|
||||
-------------------
|
||||
tar -xzvf miniupnpc-1.6.tar.gz
|
||||
cd miniupnpc-1.6
|
||||
make
|
||||
sudo su
|
||||
make install
|
||||
tar -xzvf miniupnpc-1.6.tar.gz
|
||||
cd miniupnpc-1.6
|
||||
make
|
||||
sudo su
|
||||
make install
|
||||
|
||||
|
||||
Security
|
||||
|
@ -115,39 +115,39 @@ To help make your bitcoin installation more secure by making certain attacks imp
|
|||
exploit even if a vulnerability is found, you can take the following measures:
|
||||
|
||||
* Position Independent Executable
|
||||
Build position independent code to take advantage of Address Space Layout Randomization
|
||||
offered by some kernels. An attacker who is able to cause execution of code at an arbitrary
|
||||
memory location is thwarted if he doesn't know where anything useful is located.
|
||||
The stack and heap are randomly located by default but this allows the code section to be
|
||||
randomly located as well.
|
||||
Build position independent code to take advantage of Address Space Layout Randomization
|
||||
offered by some kernels. An attacker who is able to cause execution of code at an arbitrary
|
||||
memory location is thwarted if he doesn't know where anything useful is located.
|
||||
The stack and heap are randomly located by default but this allows the code section to be
|
||||
randomly located as well.
|
||||
|
||||
On an Amd64 processor where a library was not compiled with -fPIC, this will cause an error
|
||||
such as: "relocation R_X86_64_32 against `......' can not be used when making a shared object;"
|
||||
On an Amd64 processor where a library was not compiled with -fPIC, this will cause an error
|
||||
such as: "relocation R_X86_64_32 against `......' can not be used when making a shared object;"
|
||||
|
||||
To build with PIE, use:
|
||||
To build with PIE, use:
|
||||
|
||||
make -f makefile.unix ... -e PIE=1
|
||||
make -f makefile.unix ... -e PIE=1
|
||||
|
||||
To test that you have built PIE executable, install scanelf, part of paxutils, and use:
|
||||
To test that you have built PIE executable, install scanelf, part of paxutils, and use:
|
||||
|
||||
scanelf -e ./bitcoin
|
||||
scanelf -e ./bitcoin
|
||||
|
||||
The output should contain:
|
||||
TYPE
|
||||
ET_DYN
|
||||
The output should contain:
|
||||
TYPE
|
||||
ET_DYN
|
||||
|
||||
* Non-executable Stack
|
||||
If the stack is executable then trivial stack based buffer overflow exploits are possible if
|
||||
vulnerable buffers are found. By default, bitcoin should be built with a non-executable stack
|
||||
but if one of the libraries it uses asks for an executable stack or someone makes a mistake
|
||||
and uses a compiler extension which requires an executable stack, it will silently build an
|
||||
executable without the non-executable stack protection.
|
||||
If the stack is executable then trivial stack based buffer overflow exploits are possible if
|
||||
vulnerable buffers are found. By default, bitcoin should be built with a non-executable stack
|
||||
but if one of the libraries it uses asks for an executable stack or someone makes a mistake
|
||||
and uses a compiler extension which requires an executable stack, it will silently build an
|
||||
executable without the non-executable stack protection.
|
||||
|
||||
To verify that the stack is non-executable after compiling use:
|
||||
`scanelf -e ./bitcoin`
|
||||
To verify that the stack is non-executable after compiling use:
|
||||
`scanelf -e ./bitcoin`
|
||||
|
||||
the output should contain:
|
||||
the output should contain:
|
||||
STK/REL/PTL
|
||||
RW- R-- RW-
|
||||
|
||||
The STK RW- means that the stack is readable and writeable but not executable.
|
||||
The STK RW- means that the stack is readable and writeable but not executable.
|
||||
|
|
Loading…
Reference in a new issue