# Copyright (c) 2009-2010 Satoshi Nakamoto # Distributed under the MIT/X11 software license, see the accompanying # file license.txt or http://www.opensource.org/licenses/mit-license.php. USE_UPNP:=0 DEFS=-DUSE_IPV6 DEFS += $(addprefix -I,$(CURDIR) $(CURDIR)/obj $(BOOST_INCLUDE_PATH) $(BDB_INCLUDE_PATH) $(OPENSSL_INCLUDE_PATH)) LIBS = $(addprefix -L,$(BOOST_LIB_PATH) $(BDB_LIB_PATH) $(OPENSSL_LIB_PATH)) TESTDEFS = -DTEST_DATA_DIR=$(abspath test/data) LMODE = dynamic LMODE2 = dynamic ifdef STATIC LMODE = static ifeq (${STATIC}, all) LMODE2 = static endif else TESTDEFS += -DBOOST_TEST_DYN_LINK endif # for boost 1.37, add -mt to the boost libraries LIBS += \ -Wl,-B$(LMODE) \ -l boost_system$(BOOST_LIB_SUFFIX) \ -l boost_filesystem$(BOOST_LIB_SUFFIX) \ -l boost_program_options$(BOOST_LIB_SUFFIX) \ -l boost_thread$(BOOST_LIB_SUFFIX) \ -l db_cxx$(BDB_LIB_SUFFIX) \ -l ssl \ -l crypto ifndef USE_UPNP override USE_UPNP = - endif ifneq (${USE_UPNP}, -) LIBS += -l miniupnpc DEFS += -DUSE_UPNP=$(USE_UPNP) endif LIBS+= \ -Wl,-B$(LMODE2) \ -l z \ -l dl \ -l pthread # Hardening # Make some classes of vulnerabilities unexploitable in case one is discovered. # # This is a workaround for Ubuntu bug #691722, the default -fstack-protector causes # -fstack-protector-all to be ignored unless -fno-stack-protector is used first. # see: https://bugs.launchpad.net/ubuntu/+source/gcc-4.5/+bug/691722 HARDENING=-fno-stack-protector # Stack Canaries # Put numbers at the beginning of each stack frame and check that they are the same. # If a stack buffer if overflowed, it writes over the canary number and then on return # when that number is checked, it won't be the same and the program will exit with # a "Stack smashing detected" error instead of being exploited. HARDENING+=-fstack-protector-all -Wstack-protector # Make some important things such as the global offset table read only as soon as # the dynamic linker is finished building it. This will prevent overwriting of addresses # which would later be jumped to. HARDENING+=-Wl,-z,relro -Wl,-z,now # Build position independent code to take advantage of Address Space Layout Randomization # offered by some kernels. # see doc/build-unix.txt for more information. ifdef PIE HARDENING+=-fPIE -pie endif # -D_FORTIFY_SOURCE=2 does some checking for potentially exploitable code patterns in # the source such overflowing a statically defined buffer. HARDENING+=-D_FORTIFY_SOURCE=2 # DEBUGFLAGS=-g CXXFLAGS=-O2 -pthread -Wall -Wextra -Wformat -Wformat-security -Wno-unused-parameter \ $(DEBUGFLAGS) $(DEFS) $(HARDENING) OBJS= \ obj/version.o \ obj/checkpoints.o \ obj/netbase.o \ obj/addrman.o \ obj/crypter.o \ obj/key.o \ obj/db.o \ obj/init.o \ obj/irc.o \ obj/keystore.o \ obj/main.o \ obj/net.o \ obj/protocol.o \ obj/bitcoinrpc.o \ obj/rpcdump.o \ obj/script.o \ obj/sync.o \ obj/util.o \ obj/wallet.o \ obj/walletdb.o \ obj/noui.o all: bitcoind # auto-generated dependencies: -include obj/*.P -include obj-test/*.P obj/build.h: FORCE ../share/genbuild.sh obj/build.h version.cpp: obj/build.h DEFS += -DHAVE_BUILD_INFO obj/%.o: %.cpp $(CXX) -c $(CXXFLAGS) -MMD -o $@ $< @cp $(@:%.o=%.d) $(@:%.o=%.P); \ sed -e 's/#.*//' -e 's/^[^:]*: *//' -e 's/ *\\$$//' \ -e '/^$$/ d' -e 's/$$/ :/' < $(@:%.o=%.d) >> $(@:%.o=%.P); \ rm -f $(@:%.o=%.d) bitcoind: $(OBJS:obj/%=obj/%) $(CXX) $(CXXFLAGS) -o $@ $^ $(LDFLAGS) $(LIBS) TESTOBJS := $(patsubst test/%.cpp,obj-test/%.o,$(wildcard test/*.cpp)) obj-test/%.o: test/%.cpp $(CXX) -c $(TESTDEFS) $(CXXFLAGS) -MMD -o $@ $< @cp $(@:%.o=%.d) $(@:%.o=%.P); \ sed -e 's/#.*//' -e 's/^[^:]*: *//' -e 's/ *\\$$//' \ -e '/^$$/ d' -e 's/$$/ :/' < $(@:%.o=%.d) >> $(@:%.o=%.P); \ rm -f $(@:%.o=%.d) test_bitcoin: $(TESTOBJS) $(filter-out obj/init.o,$(OBJS:obj/%=obj/%)) $(CXX) $(CXXFLAGS) -o $@ $(LIBPATHS) $^ -Wl,-B$(LMODE) -lboost_unit_test_framework $(LDFLAGS) $(LIBS) clean: -rm -f bitcoind test_bitcoin -rm -f obj/*.o -rm -f obj-test/*.o -rm -f obj/*.P -rm -f obj-test/*.P -rm -f src/build.h FORCE: