Build instructions for solaris
Changes to get build working for Solaris 11.1
This commit is contained in:
parent
e15fd6d0f8
commit
f2a3277d4a
2 changed files with 356 additions and 0 deletions
141
doc/build-solaris.md
Normal file
141
doc/build-solaris.md
Normal file
|
@ -0,0 +1,141 @@
|
|||
Copyright (c) 2009-2013 Bitcoin Developers
|
||||
|
||||
Distributed under the MIT/X11 software license, see the accompanying
|
||||
file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
||||
This product includes software developed by the OpenSSL Project for use in the [OpenSSL Toolkit](http://www.openssl.org/). This product includes
|
||||
cryptographic software written by Eric Young ([eay@cryptsoft.com](mailto:eay@cryptsoft.com)), and UPnP software written by Thomas Bernard.
|
||||
|
||||
UNIX BUILD NOTES
|
||||
====================
|
||||
|
||||
To Build
|
||||
---------------------
|
||||
|
||||
cd src/
|
||||
gmake -f makefile.solaris # Headless bitcoin
|
||||
|
||||
See readme-qt.rst for instructions on building Bitcoin-Qt, the graphical user interface.
|
||||
|
||||
Dependencies
|
||||
---------------------
|
||||
|
||||
Library Purpose Description
|
||||
------- ------- -----------
|
||||
libssl SSL Support Secure communications
|
||||
libdb Berkeley DB Blockchain & wallet storage
|
||||
libboost Boost C++ Library
|
||||
miniupnpc UPnP Support Optional firewall-jumping support
|
||||
|
||||
[miniupnpc](http://miniupnp.free.fr/) may be used for UPnP port mapping. It can be downloaded from [here](
|
||||
http://miniupnp.tuxfamily.org/files/). UPnP support is compiled in and
|
||||
turned off by default. Set USE_UPNP to a different value to control this:
|
||||
|
||||
USE_UPNP= No UPnP support miniupnp not required
|
||||
USE_UPNP=0 (the default) UPnP support turned off by default at runtime
|
||||
USE_UPNP=1 UPnP support turned on by default at runtime
|
||||
|
||||
IPv6 support may be disabled by setting:
|
||||
|
||||
USE_IPV6=0 Disable IPv6 support
|
||||
|
||||
Licenses of statically linked libraries:
|
||||
Berkeley DB New BSD license with additional requirement that linked
|
||||
software must be free open source
|
||||
Boost MIT-like license
|
||||
miniupnpc New (3-clause) BSD license
|
||||
|
||||
- Versions used in this release:
|
||||
- GCC 4.5.2
|
||||
- OpenSSL 1.0.1c
|
||||
- Berkeley DB 6.0.20
|
||||
- Boost 1.54
|
||||
- miniupnpc 1.6
|
||||
|
||||
Building dependencies
|
||||
---------------------
|
||||
|
||||
first set environment (64-bit)
|
||||
|
||||
export CXXFLAGS="-m64 -march=native -mtune=native -I/usr/local/include"
|
||||
export CPPFLAGS="-m64 -march=native -mtune=native -I/usr/local/include"
|
||||
export CFLAGS="-m64 -march=native -mtune=native -I/usr/local/include"
|
||||
export LDFLAGS="-m64 -L/usr/local/lib -R/usr/local/lib -L/usr/gnu/lib/amd64 -R/usr/gnu/lib/amd64"
|
||||
|
||||
GMP
|
||||
---
|
||||
|
||||
autoreconf
|
||||
|
||||
./configure --enable-cxx
|
||||
make
|
||||
make check
|
||||
sudo make install
|
||||
|
||||
OpenSSL
|
||||
-------
|
||||
|
||||
./Configure solaris64-x86_64-gcc --prefix=/usr/local --openssldir=/usr/local/openssl $CXXFLAGS $LDFLAGS enable-ec_nistp_64_gcc_128 enable-gmp enable-md2 enable-rc5 enable-rfc3779 zlib shared
|
||||
gmake depend
|
||||
gmake
|
||||
gmake test
|
||||
sudo gmake install
|
||||
|
||||
BerkeleyDB
|
||||
----------
|
||||
|
||||
dist/s_config
|
||||
cd build_unix
|
||||
../dist/configure --prefix=/usr/local --enable-cxx --enable-pthread_api --enable-o_direct --enable-dtrace
|
||||
make
|
||||
sudo make install
|
||||
|
||||
Boost
|
||||
-----
|
||||
|
||||
You need to edit boost/cstdint.hpp and add "|| defined(__sun__)" to defines at lines before "#include <inittypes.h>"
|
||||
|
||||
./bootstrap.sh --prefix=/usr --libdir=/usr/lib/amd64
|
||||
sudo ./b2 variant=release link=shared threading=multi address-model=64 cxxflags="$CXXFLAGS" linkflags="$LDFLAGS" architecture=x86 instruction-set=native install
|
||||
|
||||
Security
|
||||
--------
|
||||
To help make your bitcoin installation more secure by making certain attacks impossible to
|
||||
exploit even if a vulnerability is found, you can take the following measures:
|
||||
|
||||
* Position Independent Executable
|
||||
Build position independent code to take advantage of Address Space Layout Randomization
|
||||
offered by some kernels. An attacker who is able to cause execution of code at an arbitrary
|
||||
memory location is thwarted if he doesn't know where anything useful is located.
|
||||
The stack and heap are randomly located by default but this allows the code section to be
|
||||
randomly located as well.
|
||||
|
||||
On an Amd64 processor where a library was not compiled with -fPIC, this will cause an error
|
||||
such as: "relocation R_X86_64_32 against `......' can not be used when making a shared object;"
|
||||
|
||||
To build with PIE, use:
|
||||
|
||||
make -f makefile.unix ... -e PIE=1
|
||||
|
||||
To test that you have built PIE executable, install scanelf, part of paxutils, and use:
|
||||
|
||||
scanelf -e ./bitcoin
|
||||
|
||||
The output should contain:
|
||||
TYPE
|
||||
ET_DYN
|
||||
|
||||
* Non-executable Stack
|
||||
If the stack is executable then trivial stack based buffer overflow exploits are possible if
|
||||
vulnerable buffers are found. By default, bitcoin should be built with a non-executable stack
|
||||
but if one of the libraries it uses asks for an executable stack or someone makes a mistake
|
||||
and uses a compiler extension which requires an executable stack, it will silently build an
|
||||
executable without the non-executable stack protection.
|
||||
|
||||
To verify that the stack is non-executable after compiling use:
|
||||
`scanelf -e ./bitcoin`
|
||||
|
||||
the output should contain:
|
||||
STK/REL/PTL
|
||||
RW- R-- RW-
|
||||
|
||||
The STK RW- means that the stack is readable and writeable but not executable.
|
215
src/makefile.solaris
Normal file
215
src/makefile.solaris
Normal file
|
@ -0,0 +1,215 @@
|
|||
# Copyright (c) 2009-2010 Satoshi Nakamoto
|
||||
# Copyright (c) 2013 Primecoind developers
|
||||
# Distributed under conditional MIT/X11 software license,
|
||||
# see the accompanying file COPYING
|
||||
|
||||
# :=0 --> UPnP support turned off by default at runtime
|
||||
# :=1 --> UPnP support turned on by default at runtime
|
||||
# :=- --> No UPnP support - miniupnp not required
|
||||
USE_UPNP:=0
|
||||
|
||||
# :=1 --> Enable IPv6 support
|
||||
# :=0 --> Disable IPv6 support
|
||||
USE_IPV6:=1
|
||||
|
||||
LINK:=$(CXX)
|
||||
|
||||
DEFS=-DBOOST_SPIRIT_THREADSAFE -D_FILE_OFFSET_BITS=64
|
||||
|
||||
DEFS += $(addprefix -I,$(CURDIR) $(CURDIR)/obj $(BOOST_INCLUDE_PATH) $(BDB_INCLUDE_PATH) $(OPENSSL_INCLUDE_PATH))
|
||||
LIBS = $(addprefix -L,$(BOOST_LIB_PATH) $(BDB_LIB_PATH) $(OPENSSL_LIB_PATH))
|
||||
|
||||
TESTDEFS = -DTEST_DATA_DIR=$(abspath test/data)
|
||||
|
||||
LMODE = dynamic
|
||||
LMODE2 = dynamic
|
||||
ifdef STATIC
|
||||
LMODE = static
|
||||
ifeq (${STATIC}, all)
|
||||
LMODE2 = static
|
||||
endif
|
||||
else
|
||||
TESTDEFS += -DBOOST_TEST_DYN_LINK
|
||||
endif
|
||||
|
||||
# for boost 1.37, add -mt to the boost libraries
|
||||
LIBS += \
|
||||
-Wl,-B$(LMODE) \
|
||||
-l boost_system$(BOOST_LIB_SUFFIX) \
|
||||
-l boost_filesystem$(BOOST_LIB_SUFFIX) \
|
||||
-l boost_program_options$(BOOST_LIB_SUFFIX) \
|
||||
-l boost_thread$(BOOST_LIB_SUFFIX) \
|
||||
-l db_cxx$(BDB_LIB_SUFFIX) \
|
||||
-l ssl \
|
||||
-l crypto \
|
||||
-l nsl \
|
||||
-l socket \
|
||||
-Wl,-Bdynamic \
|
||||
-l gmp \
|
||||
-Wl,-B$(LMODE)
|
||||
|
||||
TESTLIBS += \
|
||||
-Wl,-B$(LMODE) \
|
||||
-l boost_unit_test_framework$(BOOST_LIB_SUFFIX)
|
||||
|
||||
ifndef USE_UPNP
|
||||
override USE_UPNP = -
|
||||
endif
|
||||
ifneq (${USE_UPNP}, -)
|
||||
LIBS += -l miniupnpc
|
||||
DEFS += -DUSE_UPNP=$(USE_UPNP)
|
||||
endif
|
||||
|
||||
ifneq (${USE_IPV6}, -)
|
||||
DEFS += -DUSE_IPV6=$(USE_IPV6)
|
||||
endif
|
||||
|
||||
ifeq ($(RELEASE), 1)
|
||||
# Linux: Enable bundling libgmp.so with the binary
|
||||
LIBS += -Wl,-rpath,\$$ORIGIN
|
||||
endif
|
||||
|
||||
|
||||
LIBS+= \
|
||||
-Wl,-B$(LMODE2) \
|
||||
-l z \
|
||||
-l dl \
|
||||
-l pthread
|
||||
|
||||
|
||||
# Hardening
|
||||
# Make some classes of vulnerabilities unexploitable in case one is discovered.
|
||||
#
|
||||
# This is a workaround for Ubuntu bug #691722, the default -fstack-protector causes
|
||||
# -fstack-protector-all to be ignored unless -fno-stack-protector is used first.
|
||||
# see: https://bugs.launchpad.net/ubuntu/+source/gcc-4.5/+bug/691722
|
||||
HARDENING=-fno-stack-protector
|
||||
|
||||
# Stack Canaries
|
||||
# Put numbers at the beginning of each stack frame and check that they are the same.
|
||||
# If a stack buffer if overflowed, it writes over the canary number and then on return
|
||||
# when that number is checked, it won't be the same and the program will exit with
|
||||
# a "Stack smashing detected" error instead of being exploited.
|
||||
HARDENING+=-fstack-protector-all -Wstack-protector
|
||||
|
||||
# Make some important things such as the global offset table read only as soon as
|
||||
# the dynamic linker is finished building it. This will prevent overwriting of addresses
|
||||
# which would later be jumped to.
|
||||
LDHARDENING+=-Wl,-z,now
|
||||
|
||||
# Build position independent code to take advantage of Address Space Layout Randomization
|
||||
# offered by some kernels.
|
||||
# see doc/build-unix.txt for more information.
|
||||
ifdef PIE
|
||||
HARDENING+=-fPIE
|
||||
LDHARDENING+=-pie
|
||||
endif
|
||||
|
||||
# -D_FORTIFY_SOURCE=2 does some checking for potentially exploitable code patterns in
|
||||
# the source such overflowing a statically defined buffer.
|
||||
HARDENING+=-D_FORTIFY_SOURCE=2
|
||||
#
|
||||
|
||||
|
||||
DEBUGFLAGS=-g
|
||||
|
||||
# CXXFLAGS can be specified on the make command line, so we use xCXXFLAGS that only
|
||||
# adds some defaults in front. Unfortunately, CXXFLAGS=... $(CXXFLAGS) does not work.
|
||||
xCXXFLAGS=-O2 -pthread -Wall -Wextra -Wformat -Wformat-security -Wno-unused-parameter \
|
||||
$(DEBUGFLAGS) $(DEFS) $(HARDENING) $(CXXFLAGS)
|
||||
|
||||
# LDFLAGS can be specified on the make command line, so we use xLDFLAGS that only
|
||||
# adds some defaults in front. Unfortunately, LDFLAGS=... $(LDFLAGS) does not work.
|
||||
xLDFLAGS=$(LDHARDENING) $(LDFLAGS)
|
||||
|
||||
OBJS= \
|
||||
leveldb/libleveldb.a \
|
||||
obj/alert.o \
|
||||
obj/version.o \
|
||||
obj/checkpoints.o \
|
||||
obj/netbase.o \
|
||||
obj/addrman.o \
|
||||
obj/crypter.o \
|
||||
obj/key.o \
|
||||
obj/db.o \
|
||||
obj/init.o \
|
||||
obj/keystore.o \
|
||||
obj/main.o \
|
||||
obj/net.o \
|
||||
obj/protocol.o \
|
||||
obj/bitcoinrpc.o \
|
||||
obj/rpcdump.o \
|
||||
obj/rpcnet.o \
|
||||
obj/rpcmining.o \
|
||||
obj/rpcwallet.o \
|
||||
obj/rpcblockchain.o \
|
||||
obj/rpcrawtransaction.o \
|
||||
obj/script.o \
|
||||
obj/sync.o \
|
||||
obj/util.o \
|
||||
obj/wallet.o \
|
||||
obj/walletdb.o \
|
||||
obj/hash.o \
|
||||
obj/bloom.o \
|
||||
obj/noui.o \
|
||||
obj/leveldb.o \
|
||||
obj/txdb.o \
|
||||
obj/prime.o \
|
||||
obj/checkpointsync.o
|
||||
|
||||
all: primecoind
|
||||
|
||||
test check: test_primecoin FORCE
|
||||
./test_primecoin
|
||||
|
||||
#
|
||||
# LevelDB support
|
||||
#
|
||||
MAKEOVERRIDES =
|
||||
LIBS += $(CURDIR)/leveldb/libleveldb.a $(CURDIR)/leveldb/libmemenv.a
|
||||
DEFS += $(addprefix -I,$(CURDIR)/leveldb/include)
|
||||
DEFS += $(addprefix -I,$(CURDIR)/leveldb/helpers)
|
||||
leveldb/libleveldb.a:
|
||||
@echo "Building LevelDB ..." && cd leveldb && $(MAKE) CC=$(CC) CXX=$(CXX) OPT="$(xCXXFLAGS)" libleveldb.a libmemenv.a && cd ..
|
||||
|
||||
# auto-generated dependencies:
|
||||
-include obj/*.P
|
||||
-include obj-test/*.P
|
||||
|
||||
obj/build.h: FORCE
|
||||
/bin/sh ../share/genbuild.sh obj/build.h
|
||||
version.cpp: obj/build.h
|
||||
DEFS += -DHAVE_BUILD_INFO
|
||||
|
||||
obj/%.o: %.cpp
|
||||
$(CXX) -c $(xCXXFLAGS) -MMD -MF $(@:%.o=%.d) -o $@ $<
|
||||
@cp $(@:%.o=%.d) $(@:%.o=%.P); \
|
||||
sed -e 's/#.*//' -e 's/^[^:]*: *//' -e 's/ *\\$$//' \
|
||||
-e '/^$$/ d' -e 's/$$/ :/' < $(@:%.o=%.d) >> $(@:%.o=%.P); \
|
||||
rm -f $(@:%.o=%.d)
|
||||
|
||||
primecoind: $(OBJS:obj/%=obj/%)
|
||||
$(LINK) $(xCXXFLAGS) -o $@ $^ $(xLDFLAGS) $(LIBS)
|
||||
|
||||
TESTOBJS := $(patsubst test/%.cpp,obj-test/%.o,$(wildcard test/*.cpp))
|
||||
|
||||
obj-test/%.o: test/%.cpp
|
||||
$(CXX) -c $(TESTDEFS) $(xCXXFLAGS) -MMD -MF $(@:%.o=%.d) -o $@ $<
|
||||
@cp $(@:%.o=%.d) $(@:%.o=%.P); \
|
||||
sed -e 's/#.*//' -e 's/^[^:]*: *//' -e 's/ *\\$$//' \
|
||||
-e '/^$$/ d' -e 's/$$/ :/' < $(@:%.o=%.d) >> $(@:%.o=%.P); \
|
||||
rm -f $(@:%.o=%.d)
|
||||
|
||||
test_primecoin: $(TESTOBJS) $(filter-out obj/init.o,$(OBJS:obj/%=obj/%))
|
||||
$(LINK) $(xCXXFLAGS) -o $@ $(LIBPATHS) $^ $(TESTLIBS) $(xLDFLAGS) $(LIBS)
|
||||
|
||||
clean:
|
||||
-rm -f primecoind test_primecoin
|
||||
-rm -f obj/*.o
|
||||
-rm -f obj-test/*.o
|
||||
-rm -f obj/*.P
|
||||
-rm -f obj-test/*.P
|
||||
-rm -f obj/build.h
|
||||
-cd leveldb && $(MAKE) clean || true
|
||||
|
||||
FORCE:
|
Loading…
Reference in a new issue