266 lines
9.4 KiB
Markdown
266 lines
9.4 KiB
Markdown
UNIX BUILD NOTES
|
|
====================
|
|
Some notes on how to build Neobytes Core in Unix.
|
|
|
|
(for OpenBSD specific instructions, see [build-openbsd.md](build-openbsd.md))
|
|
|
|
Note
|
|
---------------------
|
|
Always use absolute paths to configure and compile Neobytes Core and the dependencies,
|
|
for example, when specifying the the path of the dependency:
|
|
|
|
../dist/configure --enable-cxx --disable-shared --with-pic --prefix=$BDB_PREFIX
|
|
|
|
Here BDB_PREFIX must absolute path - it is defined using $(pwd) which ensures
|
|
the usage of the absolute path.
|
|
|
|
To Build
|
|
---------------------
|
|
|
|
```bash
|
|
./autogen.sh
|
|
./configure
|
|
make
|
|
make install # optional
|
|
```
|
|
|
|
This will build neobytes-qt as well if the dependencies are met.
|
|
|
|
Dependencies
|
|
---------------------
|
|
|
|
These dependencies are required:
|
|
|
|
Library | Purpose | Description
|
|
------------|------------------|----------------------
|
|
libssl | Crypto | Random Number Generation, Elliptic Curve Cryptography
|
|
libboost | Utility | Library for threading, data structures, etc
|
|
libevent | Networking | OS independent asynchronous networking
|
|
|
|
Optional dependencies:
|
|
|
|
Library | Purpose | Description
|
|
------------|------------------|----------------------
|
|
miniupnpc | UPnP Support | Firewall-jumping support
|
|
libdb4.8 | Berkeley DB | Wallet storage (only needed when wallet enabled)
|
|
qt | GUI | GUI toolkit (only needed when GUI enabled)
|
|
protobuf | Payments in GUI | Data interchange format used for payment protocol (only needed when GUI enabled)
|
|
libqrencode | QR codes in GUI | Optional for generating QR codes (only needed when GUI enabled)
|
|
libzmq3 | ZMQ notification | Optional, allows generating ZMQ notifications (requires ZMQ version >= 4.x)
|
|
|
|
For the versions used in the release, see [release-process.md](release-process.md) under *Fetch and build inputs*.
|
|
|
|
System requirements
|
|
--------------------
|
|
|
|
C++ compilers are memory-hungry. It is recommended to have at least 1 GB of
|
|
memory available when compiling Neobytes Core. With 512MB of memory or less
|
|
compilation will take much longer due to swap thrashing.
|
|
|
|
Dependency Build Instructions: Ubuntu & Debian
|
|
----------------------------------------------
|
|
Build requirements:
|
|
|
|
sudo apt-get install build-essential libtool autotools-dev automake pkg-config libssl-dev libevent-dev bsdmainutils
|
|
|
|
On at least Ubuntu 14.04+ and Debian 7+ there are generic names for the
|
|
individual boost development packages, so the following can be used to only
|
|
install necessary parts of boost:
|
|
|
|
sudo apt-get install libboost-system-dev libboost-filesystem-dev libboost-chrono-dev libboost-program-options-dev libboost-test-dev libboost-thread-dev
|
|
|
|
If that doesn't work, you can install all boost development packages with:
|
|
|
|
sudo apt-get install libboost-all-dev
|
|
|
|
BerkeleyDB is required for the wallet. db4.8 packages are available [here](https://launchpad.net/~bitcoin/+archive/bitcoin).
|
|
You can add the repository and install using the following commands:
|
|
|
|
sudo add-apt-repository ppa:bitcoin/bitcoin
|
|
sudo apt-get update
|
|
sudo apt-get install libdb4.8-dev libdb4.8++-dev
|
|
|
|
Ubuntu and Debian have their own libdb-dev and libdb++-dev packages, but these will install
|
|
BerkeleyDB 5.1 or later, which break binary wallet compatibility with the distributed executables which
|
|
are based on BerkeleyDB 4.8. If you do not care about wallet compatibility,
|
|
pass `--with-incompatible-bdb` to configure.
|
|
|
|
See the section "Disable-wallet mode" to build Neobytes Core without wallet.
|
|
|
|
Optional:
|
|
|
|
sudo apt-get install libminiupnpc-dev (see --with-miniupnpc and --enable-upnp-default)
|
|
|
|
ZMQ dependencies:
|
|
|
|
sudo apt-get install libzmq3-dev (provides ZMQ API 4.x)
|
|
|
|
Dependencies for the GUI: Ubuntu & Debian
|
|
-----------------------------------------
|
|
|
|
If you want to build Neobytes-Qt, make sure that the required packages for Qt development
|
|
are installed. Either Qt 5 or Qt 4 are necessary to build the GUI.
|
|
If both Qt 4 and Qt 5 are installed, Qt 5 will be used. Pass `--with-gui=qt4` to configure to choose Qt4.
|
|
To build without GUI pass `--without-gui`.
|
|
|
|
To build with Qt 5 (recommended) you need the following:
|
|
|
|
sudo apt-get install libqt5gui5 libqt5core5a libqt5dbus5 qttools5-dev qttools5-dev-tools libprotobuf-dev protobuf-compiler
|
|
|
|
Alternatively, to build with Qt 4 you need the following:
|
|
|
|
sudo apt-get install libqt4-dev libprotobuf-dev protobuf-compiler
|
|
|
|
libqrencode (optional) can be installed with:
|
|
|
|
sudo apt-get install libqrencode-dev
|
|
|
|
Once these are installed, they will be found by configure and a neobytes-qt executable will be
|
|
built by default.
|
|
|
|
Notes
|
|
-----
|
|
The release is built with GCC and then "strip neobytesd" to strip the debug
|
|
symbols, which reduces the executable size by about 90%.
|
|
|
|
|
|
miniupnpc
|
|
---------
|
|
|
|
[miniupnpc](http://miniupnp.free.fr/) may be used for UPnP port mapping. It can be downloaded from [here](
|
|
http://miniupnp.tuxfamily.org/files/). UPnP support is compiled in and
|
|
turned off by default. See the configure options for upnp behavior desired:
|
|
|
|
--without-miniupnpc No UPnP support miniupnp not required
|
|
--disable-upnp-default (the default) UPnP support turned off by default at runtime
|
|
--enable-upnp-default UPnP support turned on by default at runtime
|
|
|
|
|
|
Berkeley DB
|
|
-----------
|
|
It is recommended to use Berkeley DB 4.8. If you have to build it yourself:
|
|
|
|
```bash
|
|
NEOBYTES_ROOT=$(pwd)
|
|
|
|
# Pick some path to install BDB to, here we create a directory within the neobytes directory
|
|
BDB_PREFIX="${NEOBYTES_ROOT}/db4"
|
|
mkdir -p $BDB_PREFIX
|
|
|
|
# Fetch the source and verify that it is not tampered with
|
|
wget 'http://download.oracle.com/berkeley-db/db-4.8.30.NC.tar.gz'
|
|
echo '12edc0df75bf9abd7f82f821795bcee50f42cb2e5f76a6a281b85732798364ef db-4.8.30.NC.tar.gz' | sha256sum -c
|
|
# -> db-4.8.30.NC.tar.gz: OK
|
|
tar -xzvf db-4.8.30.NC.tar.gz
|
|
|
|
# Build the library and install to our prefix
|
|
cd db-4.8.30.NC/build_unix/
|
|
# Note: Do a static build so that it can be embedded into the executable, instead of having to find a .so at runtime
|
|
../dist/configure --enable-cxx --disable-shared --with-pic --prefix=$BDB_PREFIX
|
|
make install
|
|
|
|
# Configure Neobytes Core to use our own-built instance of BDB
|
|
cd $NEOBYTES_ROOT
|
|
./autogen.sh
|
|
./configure LDFLAGS="-L${BDB_PREFIX}/lib/" CPPFLAGS="-I${BDB_PREFIX}/include/" # (other args...)
|
|
```
|
|
|
|
**Note**: You only need Berkeley DB if the wallet is enabled (see the section *Disable-Wallet mode* below).
|
|
|
|
Boost
|
|
-----
|
|
If you need to build Boost yourself:
|
|
|
|
sudo su
|
|
./bootstrap.sh
|
|
./bjam install
|
|
|
|
|
|
Security
|
|
--------
|
|
To help make your Neobytes installation more secure by making certain attacks impossible to
|
|
exploit even if a vulnerability is found, binaries are hardened by default.
|
|
This can be disabled with:
|
|
|
|
Hardening Flags:
|
|
|
|
./configure --enable-hardening
|
|
./configure --disable-hardening
|
|
|
|
|
|
Hardening enables the following features:
|
|
|
|
* Position Independent Executable
|
|
Build position independent code to take advantage of Address Space Layout Randomization
|
|
offered by some kernels. Attackers who can cause execution of code at an arbitrary memory
|
|
location are thwarted if they don't know where anything useful is located.
|
|
The stack and heap are randomly located by default but this allows the code section to be
|
|
randomly located as well.
|
|
|
|
On an AMD64 processor where a library was not compiled with -fPIC, this will cause an error
|
|
such as: "relocation R_X86_64_32 against `......' can not be used when making a shared object;"
|
|
|
|
To test that you have built PIE executable, install scanelf, part of paxutils, and use:
|
|
|
|
scanelf -e ./neobytesd
|
|
|
|
The output should contain:
|
|
|
|
TYPE
|
|
ET_DYN
|
|
|
|
* Non-executable Stack
|
|
If the stack is executable then trivial stack based buffer overflow exploits are possible if
|
|
vulnerable buffers are found. By default, Neobytes Core should be built with a non-executable stack
|
|
but if one of the libraries it uses asks for an executable stack or someone makes a mistake
|
|
and uses a compiler extension which requires an executable stack, it will silently build an
|
|
executable without the non-executable stack protection.
|
|
|
|
To verify that the stack is non-executable after compiling use:
|
|
`scanelf -e ./neobytesd`
|
|
|
|
the output should contain:
|
|
STK/REL/PTL
|
|
RW- R-- RW-
|
|
|
|
The STK RW- means that the stack is readable and writeable but not executable.
|
|
|
|
Disable-wallet mode
|
|
--------------------
|
|
When the intention is to run only a P2P node without a wallet, Neobytes Core may be compiled in
|
|
disable-wallet mode with:
|
|
|
|
./configure --disable-wallet
|
|
|
|
In this case there is no dependency on Berkeley DB 4.8.
|
|
|
|
Mining is also possible in disable-wallet mode, but only using the `getblocktemplate` RPC
|
|
call not `getwork`.
|
|
|
|
Additional Configure Flags
|
|
--------------------------
|
|
A list of additional configure flags can be displayed with:
|
|
|
|
./configure --help
|
|
|
|
ARM Cross-compilation
|
|
-------------------
|
|
These steps can be performed on, for example, an Ubuntu VM. The depends system
|
|
will also work on other Linux distributions, however the commands for
|
|
installing the toolchain will be different.
|
|
|
|
First install the toolchain:
|
|
|
|
sudo apt-get install g++-arm-linux-gnueabihf
|
|
|
|
To build executables for ARM:
|
|
|
|
cd depends
|
|
make HOST=arm-linux-gnueabihf NO_QT=1
|
|
cd ..
|
|
./configure --prefix=$PWD/depends/arm-linux-gnueabihf --enable-glibc-back-compat --enable-reduce-exports LDFLAGS=-static-libstdc++
|
|
make
|
|
|
|
|
|
For further documentation on the depends system see [README.md](../depends/README.md) in the depends directory.
|