[VerusCoin.git] / doc / build-unix.txt

Copyright (c) 2009-2010 Satoshi Nakamoto
Copyright (c) 2011 Bitcoin Developers
Distributed under the MIT/X11 software license, see the accompanying
file license.txt or http://www.opensource.org/licenses/mit-license.php.
This product includes software developed by the OpenSSL Project for use in
the OpenSSL Toolkit (http://www.openssl.org/).  This product includes
cryptographic software written by Eric Young ([email protected]) and UPnP
software written by Thomas Bernard.


UNIX BUILD NOTES
================

To Build
--------

cd src/
make -f makefile.unix            # Headless bitcoin

See readme-qt.rst for instructions on building Bitcoin QT,
the graphical bitcoin.

Dependencies
------------

 Library    Purpose       Description
 -------    -------       -----------
 libssl     SSL Support   Secure communications
 libdb4.8   Berkeley DB   Blockchain & wallet storage
 libboost   Boost         C++ Library
 miniupnpc  UPnP Support  Optional firewall-jumping support

miniupnpc may be used for UPnP port mapping.  It can be downloaded from
http://miniupnp.tuxfamily.org/files/.  UPnP support is compiled in and
turned off by default.  Set USE_UPNP to a different value to control this:
 USE_UPNP=     No UPnP support - miniupnp not required
 USE_UPNP=0    (the default) UPnP support turned off by default at runtime
 USE_UPNP=1    UPnP support turned on by default at runtime

Licenses of statically linked libraries:
 Berkeley DB   New BSD license with additional requirement that linked
               software must be free open source
 Boost         MIT-like license
 miniupnpc     New (3-clause) BSD license

Versions used in this release:
 GCC           4.3.3
 OpenSSL       0.9.8g
 Berkeley DB   4.8.30.NC
 Boost         1.37
 miniupnpc     1.6


Dependency Build Instructions: Ubuntu & Debian
----------------------------------------------
sudo apt-get install build-essential
sudo apt-get install libssl-dev
sudo apt-get install libdb4.8-dev
sudo apt-get install libdb4.8++-dev
 Boost 1.40+: sudo apt-get install libboost-all-dev
 or Boost 1.37: sudo apt-get install libboost1.37-dev

If using Boost 1.37, append -mt to the boost libraries in the makefile.


Dependency Build Instructions: Gentoo
-------------------------------------

Note: If you just want to install bitcoind on Gentoo, you can add the Bitcoin
      overlay and use your package manager:
          layman -a bitcoin && emerge bitcoind

emerge -av1 --noreplace boost glib openssl sys-libs/db:4.8

Take the following steps to build (no UPnP support):
 cd ${BITCOIN_DIR}/src
 make -f makefile.unix USE_UPNP= BDB_INCLUDE_PATH='/usr/include/db4.8'
 strip bitcoind


Notes
-----
The release is built with GCC and then "strip bitcoind" to strip the debug
symbols, which reduces the executable size by about 90%.


miniupnpc
---------
tar -xzvf miniupnpc-1.6.tar.gz
cd miniupnpc-1.6
make
sudo su
make install


Berkeley DB
-----------
You need Berkeley DB 4.8.  If you have to build Berkeley DB yourself:
../dist/configure --enable-cxx
make


Boost
-----
If you need to build Boost yourself:
sudo su
./bootstrap.sh
./bjam install


Security
--------
To help make your bitcoin installation more secure by making certain attacks impossible to
exploit even if a vulnerability is found, you can take the following measures:

* Position Independent Executable
    Build position independent code to take advantage of Address Space Layout Randomization
    offered by some kernels. An attacker who is able to cause execution of code at an arbitrary
    memory location is thwarted if he doesn't know where anything useful is located.
    The stack and heap are randomly located by default but this allows the code section to be
    randomly located as well.

    On an Amd64 processor where a library was not compiled with -fPIC, this will cause an error
    such as: "relocation R_X86_64_32 against `......' can not be used when making a shared object;"

    To build with PIE, use:
    make -f makefile.unix ... -e PIE=1

    To test that you have built PIE executable, install scanelf, part of paxutils, and use:
    scanelf -e ./bitcoin

    The output should contain:
     TYPE
    ET_DYN

* Non-executable Stack
    If the stack is executable then trivial stack based buffer overflow exploits are possible if
    vulnerable buffers are found. By default, bitcoin should be built with a non-executable stack
    but if one of the libraries it uses asks for an executable stack or someone makes a mistake
    and uses a compiler extension which requires an executable stack, it will silently build an
    executable without the non-executable stack protection.

    To verify that the stack is non-executable after compiling use:
    scanelf -e ./bitcoin

    the output should contain:
    STK/REL/PTL
    RW- R-- RW-

    The STK RW- means that the stack is readable and writeable but not executable.
Commit	Line	Data
0a61b0df	1	Copyright (c) 2009-2010 Satoshi Nakamoto
adea540e	2	Copyright (c) 2011 Bitcoin Developers
0a61b0df	3	Distributed under the MIT/X11 software license, see the accompanying
	4	file license.txt or http://www.opensource.org/licenses/mit-license.php.
	5	This product includes software developed by the OpenSSL Project for use in
	6	the OpenSSL Toolkit (http://www.openssl.org/). This product includes
8bb5edc1 MC	7	cryptographic software written by Eric Young ([email protected]) and UPnP
8bb5edc1 MC	8	software written by Thomas Bernard.
0a61b0df	9
	10
	11	UNIX BUILD NOTES
	12	================
	13
b1a657a0 GA	14	To Build
	15	--------
	16
84c3fb07	17	cd src/
adea540e	18	make -f makefile.unix # Headless bitcoin
84c3fb07	19
adea540e GA	20	See readme-qt.rst for instructions on building Bitcoin QT,
adea540e GA	21	the graphical bitcoin.
b1a657a0	22
0a61b0df	23	Dependencies
0a61b0df	24	------------
7b465b66	25
	26	Library Purpose Description
	27	------- ------- -----------
	28	libssl SSL Support Secure communications
	29	libdb4.8 Berkeley DB Blockchain & wallet storage
	30	libboost Boost C++ Library
bdf2f7e7	31	miniupnpc UPnP Support Optional firewall-jumping support
7b465b66	32
	33	miniupnpc may be used for UPnP port mapping. It can be downloaded from
	34	http://miniupnp.tuxfamily.org/files/. UPnP support is compiled in and
	35	turned off by default. Set USE_UPNP to a different value to control this:
	36	USE_UPNP= No UPnP support - miniupnp not required
	37	USE_UPNP=0 (the default) UPnP support turned off by default at runtime
	38	USE_UPNP=1 UPnP support turned on by default at runtime
	39
	40	Licenses of statically linked libraries:
	41	Berkeley DB New BSD license with additional requirement that linked
	42	software must be free open source
	43	Boost MIT-like license
	44	miniupnpc New (3-clause) BSD license
	45
	46	Versions used in this release:
	47	GCC 4.3.3
	48	OpenSSL 0.9.8g
	49	Berkeley DB 4.8.30.NC
	50	Boost 1.37
	51	miniupnpc 1.6
	52
	53
	54	Dependency Build Instructions: Ubuntu & Debian
	55	----------------------------------------------
0a61b0df	56	sudo apt-get install build-essential
0a61b0df	57	sudo apt-get install libssl-dev
b4ada906 MC	58	sudo apt-get install libdb4.8-dev
b4ada906 MC	59	sudo apt-get install libdb4.8++-dev
7b465b66	60	Boost 1.40+: sudo apt-get install libboost-all-dev
7b465b66	61	or Boost 1.37: sudo apt-get install libboost1.37-dev
0a61b0df	62
	63	If using Boost 1.37, append -mt to the boost libraries in the makefile.
	64
8bb5edc1	65
7b465b66	66	Dependency Build Instructions: Gentoo
7b465b66	67	-------------------------------------
b4d0588d LD	68
	69	Note: If you just want to install bitcoind on Gentoo, you can add the Bitcoin
	70	overlay and use your package manager:
	71	layman -a bitcoin && emerge bitcoind
	72
	73	emerge -av1 --noreplace boost glib openssl sys-libs/db:4.8
0a61b0df	74
bdf2f7e7	75	Take the following steps to build (no UPnP support):
c60aec9c	76	cd ${BITCOIN_DIR}/src
b4d0588d	77	make -f makefile.unix USE_UPNP= BDB_INCLUDE_PATH='/usr/include/db4.8'
7b465b66	78	strip bitcoind
0a61b0df	79
	80
	81	Notes
	82	-----
7b465b66	83	The release is built with GCC and then "strip bitcoind" to strip the debug
0a61b0df	84	symbols, which reduces the executable size by about 90%.
	85
	86
8bb5edc1 MC	87	miniupnpc
8bb5edc1 MC	88	---------
b4ada906 MC	89	tar -xzvf miniupnpc-1.6.tar.gz
b4ada906 MC	90	cd miniupnpc-1.6
8bb5edc1 MC	91	make
	92	sudo su
	93	make install
	94
	95
0a61b0df	96	Berkeley DB
0a61b0df	97	-----------
b4ada906	98	You need Berkeley DB 4.8. If you have to build Berkeley DB yourself:
0a61b0df	99	../dist/configure --enable-cxx
	100	make
	101
	102
	103	Boost
	104	-----
	105	If you need to build Boost yourself:
	106	sudo su
	107	./bootstrap.sh
	108	./bjam install
3f94dfa2	109
	110
	111	Security
	112	--------
	113	To help make your bitcoin installation more secure by making certain attacks impossible to
	114	exploit even if a vulnerability is found, you can take the following measures:
	115
	116	* Position Independent Executable
	117	Build position independent code to take advantage of Address Space Layout Randomization
	118	offered by some kernels. An attacker who is able to cause execution of code at an arbitrary
	119	memory location is thwarted if he doesn't know where anything useful is located.
	120	The stack and heap are randomly located by default but this allows the code section to be
	121	randomly located as well.
	122
	123	On an Amd64 processor where a library was not compiled with -fPIC, this will cause an error
	124	such as: "relocation R_X86_64_32 against `......' can not be used when making a shared object;"
	125
	126	To build with PIE, use:
	127	make -f makefile.unix ... -e PIE=1
	128
	129	To test that you have built PIE executable, install scanelf, part of paxutils, and use:
	130	scanelf -e ./bitcoin
	131
	132	The output should contain:
	133	TYPE
	134	ET_DYN
	135
	136	* Non-executable Stack
	137	If the stack is executable then trivial stack based buffer overflow exploits are possible if
	138	vulnerable buffers are found. By default, bitcoin should be built with a non-executable stack
	139	but if one of the libraries it uses asks for an executable stack or someone makes a mistake
	140	and uses a compiler extension which requires an executable stack, it will silently build an
	141	executable without the non-executable stack protection.
	142
	143	To verify that the stack is non-executable after compiling use:
	144	scanelf -e ./bitcoin
	145
	146	the output should contain:
	147	STK/REL/PTL
	148	RW- R-- RW-
	149
	150	The STK RW- means that the stack is readable and writeable but not executable.