Changeset View
Changeset View
Standalone View
Standalone View
doc/build-unix.md
UNIX BUILD NOTES | UNIX BUILD NOTES | ||||
==================== | ==================== | ||||
Some notes on how to build Bitcoin ABC in Unix. | Some notes on how to build Bitcoin ABC in Unix. | ||||
(For FreeBSD specific instructions, see `build-freebsd.md` in this directory.) | (For FreeBSD specific instructions, see `build-freebsd.md` in this directory.) | ||||
Note | Note | ||||
--------------------- | --------------------- | ||||
Always use absolute paths to configure and compile Bitcoin ABC and the dependencies, | Always use absolute paths to configure and compile Bitcoin ABC and the dependencies. | ||||
for example, when specifying the path of the dependency: | For example, when specifying the path of the dependency: | ||||
../dist/configure --enable-cxx --disable-shared --with-pic --prefix=$BDB_PREFIX | ../dist/configure --enable-cxx --disable-shared --with-pic --prefix=$BDB_PREFIX | ||||
Here BDB_PREFIX must be an absolute path - it is defined using $(pwd) which ensures | Here BDB_PREFIX must be an absolute path - it is defined using $(pwd) which ensures | ||||
the usage of the absolute path. | the usage of the absolute path. | ||||
To Build | To Build | ||||
--------------------- | --------------------- | ||||
Before you start building, please make sure that your compiler supports C++14. | Before you start building, please make sure that your compiler supports C++14. | ||||
It is recommended to create a build directory to build out-of-tree. | It is recommended to create a build directory to build out-of-tree. | ||||
```bash | ```bash | ||||
./autogen.sh | ./autogen.sh | ||||
mkdir build | mkdir build | ||||
cd build | cd build | ||||
../configure | ../configure | ||||
make | make | ||||
make install # optional | make install # optional | ||||
``` | ``` | ||||
This will build bitcoin-qt as well if the dependencies are met. | This will build bitcoin-qt as well, if the dependencies are met. | ||||
Dependencies | Dependencies | ||||
--------------------- | --------------------- | ||||
These dependencies are required: | These dependencies are required: | ||||
Library | Purpose | Description | Library | Purpose | Description | ||||
------------|------------------|---------------------- | ------------|------------------|---------------------- | ||||
▲ Show 20 Lines • Show All 122 Lines • ▼ Show 20 Lines | |||||
Hardening Flags: | Hardening Flags: | ||||
./configure --enable-hardening | ./configure --enable-hardening | ||||
./configure --disable-hardening | ./configure --disable-hardening | ||||
Hardening enables the following features: | Hardening enables the following features: | ||||
* _Position Independent Executable_: Build position independent code to take advantage of Address Space Layout Randomization | |||||
* Position Independent Executable | |||||
Build position independent code to take advantage of Address Space Layout Randomization | |||||
offered by some kernels. Attackers who can cause execution of code at an arbitrary memory | offered by some kernels. Attackers who can cause execution of code at an arbitrary memory | ||||
location are thwarted if they don't know where anything useful is located. | location are thwarted if they don't know where anything useful is located. | ||||
The stack and heap are randomly located by default, but this allows the code section to be | The stack and heap are randomly located by default, but this allows the code section to be | ||||
randomly located as well. | randomly located as well. | ||||
On an AMD64 processor where a library was not compiled with -fPIC, this will cause an error | On an AMD64 processor where a library was not compiled with -fPIC, this will cause an error | ||||
such as: "relocation R_X86_64_32 against `......' can not be used when making a shared object;" | such as: "relocation R_X86_64_32 against `......' can not be used when making a shared object;" | ||||
To test that you have built PIE executable, install scanelf, part of paxutils, and use: | To test that you have built PIE executable, install scanelf, part of paxutils, and use: | ||||
scanelf -e ./bitcoin | scanelf -e ./bitcoin | ||||
The output should contain: | The output should contain: | ||||
TYPE | TYPE | ||||
ET_DYN | ET_DYN | ||||
* Non-executable Stack | * _Non-executable Stack_: If the stack is executable then trivial stack-based buffer overflow exploits are possible if | ||||
If the stack is executable then trivial stack-based buffer overflow exploits are possible if | |||||
vulnerable buffers are found. By default, Bitcoin ABC should be built with a non-executable stack, | vulnerable buffers are found. By default, Bitcoin ABC should be built with a non-executable stack, | ||||
but if one of the libraries it uses asks for an executable stack or someone makes a mistake | but if one of the libraries it uses asks for an executable stack or someone makes a mistake | ||||
and uses a compiler extension which requires an executable stack, it will silently build an | and uses a compiler extension which requires an executable stack, it will silently build an | ||||
executable without the non-executable stack protection. | executable without the non-executable stack protection. | ||||
To verify that the stack is non-executable after compiling use: | To verify that the stack is non-executable after compiling use: | ||||
`scanelf -e ./bitcoin` | `scanelf -e ./bitcoin` | ||||
▲ Show 20 Lines • Show All 55 Lines • Show Last 20 Lines |