# Distributed under the MIT/X11 software license, see the accompanying
# file license.txt or http://www.opensource.org/licenses/mit-license.php.
-CXX=g++
+USE_UPNP:=0
-WXINCLUDEPATHS=$(shell wx-config --cxxflags)
+DEFS=-DNOPCH
-WXLIBS=$(shell wx-config --libs)
+DEFS += $(addprefix -I,$(BOOST_INCLUDE_PATH) $(BDB_INCLUDE_PATH) $(OPENSSL_INCLUDE_PATH))
+LIBS = $(addprefix -L,$(BOOST_LIB_PATH) $(BDB_LIB_PATH) $(OPENSSL_LIB_PATH))
-DEFS=-DNOPCH -DFOURWAYSSE2 -DUSE_SSL
+LMODE = dynamic
+LMODE2 = dynamic
+ifdef STATIC
+ LMODE = static
+ ifeq (${STATIC}, all)
+ LMODE2 = static
+ endif
+else
+ TESTDEFS += -DBOOST_TEST_DYN_LINK
+endif
# for boost 1.37, add -mt to the boost libraries
-LIBS= \
- -Wl,-Bstatic \
- -l boost_system \
- -l boost_filesystem \
- -l boost_program_options \
- -l boost_thread \
- -l db_cxx \
+LIBS += \
+ -Wl,-B$(LMODE) \
+ -l boost_system$(BOOST_LIB_SUFFIX) \
+ -l boost_filesystem$(BOOST_LIB_SUFFIX) \
+ -l boost_program_options$(BOOST_LIB_SUFFIX) \
+ -l boost_thread$(BOOST_LIB_SUFFIX) \
+ -l db_cxx$(BDB_LIB_SUFFIX) \
-l ssl \
-l crypto
-bitcoin: USE_UPNP:=1
- ifdef USE_UPNP
- LIBS += -l miniupnpc
- DEFS += -DUSE_UPNP=$(USE_UPNP)
- endif
+ifndef USE_UPNP
+ override USE_UPNP = -
+endif
+ifneq (${USE_UPNP}, -)
+ LIBS += -l miniupnpc
+ DEFS += -DUSE_UPNP=$(USE_UPNP)
+endif
-bitcoind: USE_UPNP:=0
- ifdef USE_UPNP
- LIBS += -l miniupnpc
- DEFS += -DUSE_UPNP=$(USE_UPNP)
- endif
+ifneq (${USE_SSL}, 0)
+ DEFS += -DUSE_SSL
+endif
LIBS+= \
- -Wl,-Bdynamic \
- -l gthread-2.0 \
+ -Wl,-B$(LMODE2) \
-l z \
-l dl \
-l pthread
-DEBUGFLAGS=-g -D__WXDEBUG__
-CXXFLAGS=-O2 -Wno-invalid-offsetof -Wformat $(DEBUGFLAGS) $(DEFS)
-HEADERS=headers.h strlcpy.h serialize.h uint256.h util.h key.h bignum.h base58.h \
- script.h db.h net.h irc.h keystore.h main.h wallet.h rpc.h uibase.h ui.h noui.h init.h
+# Hardening
+# Make some classes of vulnerabilities unexploitable in case one is discovered.
+#
+ # This is a workaround for Ubuntu bug #691722, the default -fstack-protector causes
+ # -fstack-protector-all to be ignored unless -fno-stack-protector is used first.
+ # see: https://bugs.launchpad.net/ubuntu/+source/gcc-4.5/+bug/691722
+ HARDENING=-fno-stack-protector
+
+ # Stack Canaries
+ # Put numbers at the beginning of each stack frame and check that they are the same.
+ # If a stack buffer if overflowed, it writes over the canary number and then on return
+ # when that number is checked, it won't be the same and the program will exit with
+ # a "Stack smashing detected" error instead of being exploited.
+ HARDENING+=-fstack-protector-all -Wstack-protector
+
+ # Make some important things such as the global offset table read only as soon as
+ # the dynamic linker is finished building it. This will prevent overwriting of addresses
+ # which would later be jumped to.
+ HARDENING+=-Wl,-z,relro -Wl,-z,now
+
+ # Build position independent code to take advantage of Address Space Layout Randomization
+ # offered by some kernels.
+ # see doc/build-unix.txt for more information.
+ ifdef PIE
+ HARDENING+=-fPIE -pie
+ endif
+
+ # -D_FORTIFY_SOURCE=2 does some checking for potentially exploitable code patterns in
+ # the source such overflowing a statically defined buffer.
+ HARDENING+=-D_FORTIFY_SOURCE=2
+#
+
+
+DEBUGFLAGS=-g
+CXXFLAGS=-O2
+xCXXFLAGS=-pthread -Wno-invalid-offsetof -Wformat $(DEBUGFLAGS) $(DEFS) $(HARDENING) $(CXXFLAGS)
+HEADERS = \
+ base58.h \
+ bignum.h \
+ checkpoints.h \
+ crypter.h \
+ db.h \
+ headers.h \
+ init.h \
+ irc.h \
+ key.h \
+ keystore.h \
+ main.h \
+ net.h \
+ noui.h \
+ protocol.h \
+ bitcoinrpc.h \
+ script.h \
+ serialize.h \
+ strlcpy.h \
+ uint256.h \
+ util.h \
+ wallet.h
OBJS= \
- obj/util.o \
- obj/script.o \
+ obj/checkpoints.o \
+ obj/crypter.o \
obj/db.o \
- obj/net.o \
+ obj/init.o \
obj/irc.o \
obj/keystore.o \
obj/main.o \
- obj/wallet.o \
- obj/rpc.o \
- obj/init.o \
- cryptopp/obj/sha.o \
- cryptopp/obj/cpu.o
-
-
-all: bitcoin
-
-
-obj/%.o: %.cpp $(HEADERS)
- $(CXX) -c $(CXXFLAGS) $(WXINCLUDEPATHS) -DGUI -o $@ $<
+ obj/net.o \
+ obj/protocol.o \
+ obj/bitcoinrpc.o \
+ obj/script.o \
+ obj/util.o \
+ obj/wallet.o
-cryptopp/obj/%.o: cryptopp/%.cpp
- $(CXX) -c $(CXXFLAGS) -O3 -o $@ $<
-bitcoin: $(OBJS) obj/ui.o obj/uibase.o
- $(CXX) $(CXXFLAGS) -o $@ $^ $(WXLIBS) $(LIBS)
+all: bitcoind
+# auto-generated dependencies:
+-include obj/nogui/*.P
+-include obj-test/*.P
-obj/nogui/%.o: %.cpp $(HEADERS)
- $(CXX) -c $(CXXFLAGS) -o $@ $<
+obj/nogui/%.o: %.cpp
+ $(CXX) -c $(xCXXFLAGS) -MMD -o $@ $<
+ @cp $(@:%.o=%.d) $(@:%.o=%.P); \
+ sed -e 's/#.*//' -e 's/^[^:]*: *//' -e 's/ *\\$$//' \
+ -e '/^$$/ d' -e 's/$$/ :/' < $(@:%.o=%.d) >> $(@:%.o=%.P); \
+ rm -f $(@:%.o=%.d)
bitcoind: $(OBJS:obj/%=obj/nogui/%)
- $(CXX) $(CXXFLAGS) -o $@ $^ $(LIBS)
+ $(CXX) $(xCXXFLAGS) -o $@ $^ $(LDFLAGS) $(LIBS)
-obj/test/%.o: test/%.cpp $(HEADERS)
- $(CXX) -c $(CFLAGS) -o $@ $<
+obj-test/%.o: test/%.cpp
+ $(CXX) -c $(TESTDEFS) $(xCXXFLAGS) -MMD -o $@ $<
+ @cp $(@:%.o=%.d) $(@:%.o=%.P); \
+ sed -e 's/#.*//' -e 's/^[^:]*: *//' -e 's/ *\\$$//' \
+ -e '/^$$/ d' -e 's/$$/ :/' < $(@:%.o=%.d) >> $(@:%.o=%.P); \
+ rm -f $(@:%.o=%.d)
-test_bitcoin: obj/test/test_bitcoin.o
- $(CXX) $(CFLAGS) -o $@ $(LIBPATHS) $^ $(LIBS) -lboost_unit_test_framework
+test_bitcoin: obj-test/test_bitcoin.o $(filter-out obj/nogui/init.o,$(OBJS:obj/%=obj/nogui/%))
+ $(CXX) $(xCXXFLAGS) -o $@ $(LIBPATHS) $^ -Wl,-B$(LMODE) -lboost_unit_test_framework $(LDFLAGS) $(LIBS)
clean:
- -rm -f bitcoin bitcoind test_bitcoin
+ -rm -f bitcoind test_bitcoin
-rm -f obj/*.o
-rm -f obj/nogui/*.o
- -rm -f obj/test/*.o
- -rm -f cryptopp/obj/*.o
- -rm -f headers.h.gch
+ -rm -f obj-test/*.o
+ -rm -f obj/*.P
+ -rm -f obj/nogui/*.P
+ -rm -f obj-test/*.P