X-Git-Url: https://git.novaco.in/?a=blobdiff_plain;f=doc%2Fbuild-unix.txt;h=7f592e232746207e5b6a1f8592a2fa0216ccdfb2;hb=1c7ed42093c5935e3958584ed98a2b03466a0023;hp=8f0c568eda7e5023534e641028b7e60e10808214;hpb=b4ada906c03111404c29b115ab37afbad92f4cf1;p=novacoin.git diff --git a/doc/build-unix.txt b/doc/build-unix.txt index 8f0c568..7f592e2 100644 --- a/doc/build-unix.txt +++ b/doc/build-unix.txt @@ -1,10 +1,10 @@ -Copyright (c) 2009-2010 Satoshi Nakamoto +Copyright (c) 2009-2012 Bitcoin Developers +Copyright (c) 2013 NovaCoin Developers Distributed under the MIT/X11 software license, see the accompanying file license.txt or http://www.opensource.org/licenses/mit-license.php. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes -cryptographic software written by Eric Young (eay@cryptsoft.com) and UPnP -software written by Thomas Bernard. +cryptographic software written by Eric Young (eay@cryptsoft.com). UNIX BUILD NOTES @@ -14,86 +14,72 @@ To Build -------- cd src/ +make -f makefile.unix # Headless novacoin -make -f makefile.unix # Bitcoin with wxWidgets GUI - or -make -f makefile.unix bitcoind # Headless bitcoin - +See readme-qt.rst for instructions on building NovaCoin QT, +the graphical novacoin. Dependencies ------------ + + Library Purpose Description + ------- ------- ----------- + libssl SSL Support Secure communications + libdb4.8 Berkeley DB Blockchain & wallet storage + libboost Boost C++ Library + libqrencode QRCode generation Optional QRCode generation + +Note that libexecinfo should be installed, if you building under *BSD systems. +This library provides backtrace facility. + +libqrencode is used for QRCode image generation. It can be downloaded +from http://fukuchi.org/works/qrencode/index.html.en, or installed via +your package manager. + +Licenses of statically linked libraries: + Berkeley DB New BSD license with additional requirement that linked + software must be free open source + Boost MIT-like license + +Versions used in this release: + GCC 4.3.3 + OpenSSL 0.9.8g + Berkeley DB 4.8.30.NC + Boost 1.37 + +Dependency Build Instructions: Ubuntu & Debian +---------------------------------------------- sudo apt-get install build-essential -sudo apt-get install libgtk2.0-dev sudo apt-get install libssl-dev sudo apt-get install libdb4.8-dev sudo apt-get install libdb4.8++-dev -Boost 1.40+: sudo apt-get install libboost-all-dev -or Boost 1.37: sudo apt-get install libboost1.37-dev + Boost 1.40+: sudo apt-get install libboost-all-dev + or Boost 1.37: sudo apt-get install libboost1.37-dev +sudo apt-get install libqrencode-dev If using Boost 1.37, append -mt to the boost libraries in the makefile. -Requires wxWidgets 2.9.0 or greater, which uses UTF-8. Don't try 2.8, it -won't work. -You need to download wxWidgets from http://www.wxwidgets.org/downloads/ -and build it yourself. See the build instructions and configure parameters -below. +Dependency Build Instructions: Gentoo +------------------------------------- -Requires miniupnpc for UPnP port mapping. It can be downloaded from -http://miniupnp.tuxfamily.org/files/. UPnP support is compiled in and -turned off by default. Set USE_UPNP to a different value to control this: -USE_UPNP= no UPnP support, miniupnp not required; -USE_UPNP=0 (the default) UPnP support turned off by default at runtime; -USE_UPNP=1 UPnP support turned on by default at runtime. +Note: If you just want to install novacoind on Gentoo, you can add the Novacoin + overlay and use your package manager: + layman -a novacoin && emerge novacoind -Licenses of statically linked libraries: -wxWidgets LGPL 2.1 with very liberal exceptions -Berkeley DB New BSD license with additional requirement that linked software must be free open source -Boost MIT-like license -miniupnpc New (3-clause) BSD license +emerge -av1 --noreplace boost glib openssl sys-libs/db:4.8 -Versions used in this release: -GCC 4.3.3 -OpenSSL 0.9.8g -wxWidgets 2.9.2 -Berkeley DB 4.8.30.NC -Boost 1.37 -miniupnpc 1.6 +Take the following steps to build: + cd ${NOVACOIN_DIR}/src + make -f makefile.unix BDB_INCLUDE_PATH='/usr/include/db4.8' + strip novacoind Notes ----- -The UI layout is edited with wxFormBuilder. The project file is -uiproject.fbp. It generates uibase.cpp and uibase.h, which define base -classes that do the rote work of constructing all the UI elements. - -The release is built with GCC and then "strip bitcoin" to strip the debug +The release is built with GCC and then "strip novacoind" to strip the debug symbols, which reduces the executable size by about 90%. - -wxWidgets ---------- -cd /usr/local -tar -xzvf wxWidgets-2.9.2.tar.gz -cd wxWidgets-2.9.2 -mkdir buildgtk -cd buildgtk -../configure --with-gtk --enable-debug --disable-shared --enable-monolithic --without-libpng --disable-svg -make -sudo su -make install -ldconfig - - -miniupnpc ---------- -tar -xzvf miniupnpc-1.6.tar.gz -cd miniupnpc-1.6 -make -sudo su -make install - - Berkeley DB ----------- You need Berkeley DB 4.8. If you have to build Berkeley DB yourself: @@ -107,3 +93,45 @@ If you need to build Boost yourself: sudo su ./bootstrap.sh ./bjam install + + +Security +-------- +To help make your novacoin installation more secure by making certain attacks impossible to +exploit even if a vulnerability is found, you can take the following measures: + +* Position Independent Executable + Build position independent code to take advantage of Address Space Layout Randomization + offered by some kernels. An attacker who is able to cause execution of code at an arbitrary + memory location is thwarted if he doesn't know where anything useful is located. + The stack and heap are randomly located by default but this allows the code section to be + randomly located as well. + + On an Amd64 processor where a library was not compiled with -fPIC, this will cause an error + such as: "relocation R_X86_64_32 against `......' can not be used when making a shared object;" + + To build with PIE, use: + make -f makefile.unix ... -e PIE=1 + + To test that you have built PIE executable, install scanelf, part of paxutils, and use: + scanelf -e ./novacoin + + The output should contain: + TYPE + ET_DYN + +* Non-executable Stack + If the stack is executable then trivial stack based buffer overflow exploits are possible if + vulnerable buffers are found. By default, novacoin should be built with a non-executable stack + but if one of the libraries it uses asks for an executable stack or someone makes a mistake + and uses a compiler extension which requires an executable stack, it will silently build an + executable without the non-executable stack protection. + + To verify that the stack is non-executable after compiling use: + scanelf -e ./novacoin + + the output should contain: + STK/REL/PTL + RW- R-- RW- + + The STK RW- means that the stack is readable and writeable but not executable.