+++ /dev/null
-Copyright (c) 2009-2010 Satoshi Nakamoto
-Copyright (c) 2011 Bitcoin Developers
-Distributed under the MIT/X11 software license, see the accompanying
-file license.txt or http://www.opensource.org/licenses/mit-license.php.
-This product includes software developed by the OpenSSL Project for use in
-the OpenSSL Toolkit (http://www.openssl.org/). This product includes
-cryptographic software written by Eric Young (eay@cryptsoft.com) and UPnP
-software written by Thomas Bernard.
-
-
-UNIX BUILD NOTES
-================
-
-To Build
---------
-
-cd src/
-make -f makefile.unix # Headless bitcoin
-
-See readme-qt.rst for instructions on building Bitcoin QT,
-the graphical bitcoin.
-
-Dependencies
-------------
-
- Library Purpose Description
- ------- ------- -----------
- libssl SSL Support Secure communications
- libdb4.8 Berkeley DB Blockchain & wallet storage
- libboost Boost C++ Library
- miinupnpc UPnP Support Optional firewall-jumping support
-
-miniupnpc may be used for UPnP port mapping. It can be downloaded from
-http://miniupnp.tuxfamily.org/files/. UPnP support is compiled in and
-turned off by default. Set USE_UPNP to a different value to control this:
- USE_UPNP= No UPnP support - miniupnp not required
- USE_UPNP=0 (the default) UPnP support turned off by default at runtime
- USE_UPNP=1 UPnP support turned on by default at runtime
-
-Licenses of statically linked libraries:
- Berkeley DB New BSD license with additional requirement that linked
- software must be free open source
- Boost MIT-like license
- miniupnpc New (3-clause) BSD license
-
-Versions used in this release:
- GCC 4.3.3
- OpenSSL 0.9.8g
- Berkeley DB 4.8.30.NC
- Boost 1.37
- miniupnpc 1.6
-
-
-Dependency Build Instructions: Ubuntu & Debian
-----------------------------------------------
-sudo apt-get install build-essential
-sudo apt-get install libssl-dev
-sudo apt-get install libdb4.8-dev
-sudo apt-get install libdb4.8++-dev
- Boost 1.40+: sudo apt-get install libboost-all-dev
- or Boost 1.37: sudo apt-get install libboost1.37-dev
-
-If using Boost 1.37, append -mt to the boost libraries in the makefile.
-
-
-Dependency Build Instructions: Gentoo
--------------------------------------
-emerge -av net-libs/miniupnpc boost openssl sys-libs/db
-
-Then take the following steps to build:
- cd ${BITCOIN_DIR}/src
- sed -i 's/<db_cxx.h>/<db4.8\/db_cxx.h>/' *.h # path fix
- sed -i 's/-Bstatic/-Bdynamic/' makefile.unix # dynamic linking
- sed -i 's/^USE_UPNP:=0$/USE_UPNP:=/' makefile.unix # disable UPnP
- make -f makefile.unix
- strip bitcoind
-
-
-Notes
------
-The release is built with GCC and then "strip bitcoind" to strip the debug
-symbols, which reduces the executable size by about 90%.
-
-
-miniupnpc
----------
-tar -xzvf miniupnpc-1.6.tar.gz
-cd miniupnpc-1.6
-make
-sudo su
-make install
-
-
-Berkeley DB
------------
-You need Berkeley DB 4.8. If you have to build Berkeley DB yourself:
-../dist/configure --enable-cxx
-make
-
-
-Boost
------
-If you need to build Boost yourself:
-sudo su
-./bootstrap.sh
-./bjam install
-
-
-Security
---------
-To help make your bitcoin installation more secure by making certain attacks impossible to
-exploit even if a vulnerability is found, you can take the following measures:
-
-* Position Independent Executable
- Build position independent code to take advantage of Address Space Layout Randomization
- offered by some kernels. An attacker who is able to cause execution of code at an arbitrary
- memory location is thwarted if he doesn't know where anything useful is located.
- The stack and heap are randomly located by default but this allows the code section to be
- randomly located as well.
-
- On an Amd64 processor where a library was not compiled with -fPIC, this will cause an error
- such as: "relocation R_X86_64_32 against `......' can not be used when making a shared object;"
-
- To build with PIE, use:
- make -f makefile.unix ... -e PIE=1
-
- To test that you have built PIE executable, install scanelf, part of paxutils, and use:
- scanelf -e ./bitcoin
-
- The output should contain:
- TYPE
- ET_DYN
-
-* Non-executable Stack
- If the stack is executable then trivial stack based buffer overflow exploits are possible if
- vulnerable buffers are found. By default, bitcoin should be built with a non-executable stack
- but if one of the libraries it uses asks for an executable stack or someone makes a mistake
- and uses a compiler extension which requires an executable stack, it will silently build an
- executable without the non-executable stack protection.
-
- To verify that the stack is non-executable after compiling use:
- scanelf -e ./bitcoin
-
- the output should contain:
- STK/REL/PTL
- RW- R-- RW-
-
- The STK RW- means that the stack is readable and writeable but not executable.