-Copyright (c) 2009-2010 Satoshi Nakamoto
+Copyright (c) 2009-2012 Bitcoin Developers
Distributed under the MIT/X11 software license, see the accompanying
file license.txt or http://www.opensource.org/licenses/mit-license.php.
This product includes software developed by the OpenSSL Project for use in
--------
cd src/
+make -f makefile.unix # Headless bitcoin
-make -f makefile.unix # Bitcoin with wxWidgets GUI
- or
-make -f makefile.unix bitcoind # Headless bitcoin
-
+See readme-qt.rst for instructions on building Bitcoin QT,
+the graphical bitcoin.
Dependencies
------------
+
+ Library Purpose Description
+ ------- ------- -----------
+ libssl SSL Support Secure communications
+ libdb4.8 Berkeley DB Blockchain & wallet storage
+ libboost Boost C++ Library
+ miniupnpc UPnP Support Optional firewall-jumping support
+ libqrencode QRCode generation Optional QRCode generation
+
+miniupnpc may be used for UPnP port mapping. It can be downloaded from
+http://miniupnp.tuxfamily.org/files/. UPnP support is compiled in and
+turned off by default. Set USE_UPNP to a different value to control this:
+ USE_UPNP=- No UPnP support - miniupnp not required
+ USE_UPNP=0 (the default) UPnP support turned off by default at runtime
+ USE_UPNP=1 UPnP support turned on by default at runtime
+
+libqrencode may be used for QRCode image generation. It can be downloaded
+from http://fukuchi.org/works/qrencode/index.html.en, or installed via
+your package manager. Set USE_QRCODE to control this:
+ USE_QRCODE=0 (the default) No QRCode support - libqrcode not required
+ USE_QRCODE=1 QRCode support enabled
+
+Licenses of statically linked libraries:
+ Berkeley DB New BSD license with additional requirement that linked
+ software must be free open source
+ Boost MIT-like license
+ miniupnpc New (3-clause) BSD license
+
+Versions used in this release:
+ GCC 4.3.3
+ OpenSSL 0.9.8g
+ Berkeley DB 4.8.30.NC
+ Boost 1.37
+ miniupnpc 1.6
+
+Dependency Build Instructions: Ubuntu & Debian
+----------------------------------------------
sudo apt-get install build-essential
-sudo apt-get install libgtk2.0-dev
sudo apt-get install libssl-dev
-sudo apt-get install libdb4.7-dev
-sudo apt-get install libdb4.7++-dev
-Boost 1.40+: sudo apt-get install libboost-all-dev
-or Boost 1.37: sudo apt-get install libboost1.37-dev
+sudo apt-get install libdb4.8-dev
+sudo apt-get install libdb4.8++-dev
+ Boost 1.40+: sudo apt-get install libboost-all-dev
+ or Boost 1.37: sudo apt-get install libboost1.37-dev
+sudo apt-get install libqrencode-dev
If using Boost 1.37, append -mt to the boost libraries in the makefile.
-Requires wxWidgets 2.9.0 or greater, which uses UTF-8. Don't try 2.8, it
-won't work.
-You need to download wxWidgets from http://www.wxwidgets.org/downloads/
-and build it yourself. See the build instructions and configure parameters
-below.
+Dependency Build Instructions: Gentoo
+-------------------------------------
-Requires miniupnpc for UPnP port mapping. To compile with UPnP support,
-install miniupnpc and compile after setting USE_UPNP. It can be downloaded
-from http://miniupnp.tuxfamily.org/files/.
+Note: If you just want to install bitcoind on Gentoo, you can add the Bitcoin
+ overlay and use your package manager:
+ layman -a bitcoin && emerge bitcoind
-Licenses of statically linked libraries:
-wxWidgets LGPL 2.1 with very liberal exceptions
-Berkeley DB New BSD license with additional requirement that linked software must be free open source
-Boost MIT-like license
-miniupnpc New (3-clause) BSD license
+emerge -av1 --noreplace boost glib openssl sys-libs/db:4.8
-Versions used in this release:
-GCC 4.3.3
-OpenSSL 0.9.8g
-wxWidgets 2.9.0
-Berkeley DB 4.7.25.NC
-Boost 1.37
-miniupnpc 1.5
+Take the following steps to build (no UPnP support):
+ cd ${BITCOIN_DIR}/src
+ make -f makefile.unix USE_UPNP= BDB_INCLUDE_PATH='/usr/include/db4.8'
+ strip bitcoind
Notes
-----
-The UI layout is edited with wxFormBuilder. The project file is
-uiproject.fbp. It generates uibase.cpp and uibase.h, which define base
-classes that do the rote work of constructing all the UI elements.
-
-The release is built with GCC and then "strip bitcoin" to strip the debug
+The release is built with GCC and then "strip bitcoind" to strip the debug
symbols, which reduces the executable size by about 90%.
-wxWidgets
----------
-cd /usr/local
-tar -xzvf wxWidgets-2.9.0.tar.gz
-cd wxWidgets-2.9.0
-mkdir buildgtk
-cd buildgtk
-../configure --with-gtk --enable-debug --disable-shared --enable-monolithic
-make
-sudo su
-make install
-ldconfig
-
-
miniupnpc
---------
-tar -xzvf miniupnpc-1.5.tar.gz
-cd miniupnpc-1.5
+tar -xzvf miniupnpc-1.6.tar.gz
+cd miniupnpc-1.6
make
sudo su
make install
Berkeley DB
-----------
-You need Berkeley DB 4.7. Don't use 4.8, the database/log0000* files
-are incompatible. If you have to build Berkeley DB yourself:
+You need Berkeley DB 4.8. If you have to build Berkeley DB yourself:
../dist/configure --enable-cxx
make
sudo su
./bootstrap.sh
./bjam install
+
+
+Security
+--------
+To help make your bitcoin installation more secure by making certain attacks impossible to
+exploit even if a vulnerability is found, you can take the following measures:
+
+* Position Independent Executable
+ Build position independent code to take advantage of Address Space Layout Randomization
+ offered by some kernels. An attacker who is able to cause execution of code at an arbitrary
+ memory location is thwarted if he doesn't know where anything useful is located.
+ The stack and heap are randomly located by default but this allows the code section to be
+ randomly located as well.
+
+ On an Amd64 processor where a library was not compiled with -fPIC, this will cause an error
+ such as: "relocation R_X86_64_32 against `......' can not be used when making a shared object;"
+
+ To build with PIE, use:
+ make -f makefile.unix ... -e PIE=1
+
+ To test that you have built PIE executable, install scanelf, part of paxutils, and use:
+ scanelf -e ./bitcoin
+
+ The output should contain:
+ TYPE
+ ET_DYN
+
+* Non-executable Stack
+ If the stack is executable then trivial stack based buffer overflow exploits are possible if
+ vulnerable buffers are found. By default, bitcoin should be built with a non-executable stack
+ but if one of the libraries it uses asks for an executable stack or someone makes a mistake
+ and uses a compiler extension which requires an executable stack, it will silently build an
+ executable without the non-executable stack protection.
+
+ To verify that the stack is non-executable after compiling use:
+ scanelf -e ./bitcoin
+
+ the output should contain:
+ STK/REL/PTL
+ RW- R-- RW-
+
+ The STK RW- means that the stack is readable and writeable but not executable.