# Copyright (c) 2009-2010 Satoshi Nakamoto # Distributed under the MIT/X11 software license, see the accompanying # file license.txt or http://www.opensource.org/licenses/mit-license.php. DEFS=-DNOPCH DEFS += $(addprefix -I,$(BOOST_INCLUDE_PATH) $(BDB_INCLUDE_PATH) $(OPENSSL_INCLUDE_PATH)) LIBS = $(addprefix -L,$(BOOST_LIB_PATH) $(BDB_LIB_PATH) $(OPENSSL_LIB_PATH)) LMODE = dynamic LMODE2 = dynamic ifdef STATIC LMODE = static ifeq (${STATIC}, all) LMODE2 = static endif else TESTDEFS += -DBOOST_TEST_DYN_LINK endif # for boost 1.37, add -mt to the boost libraries LIBS += \ -Wl,-B$(LMODE) \ -l boost_system$(BOOST_LIB_SUFFIX) \ -l boost_filesystem$(BOOST_LIB_SUFFIX) \ -l boost_program_options$(BOOST_LIB_SUFFIX) \ -l boost_thread$(BOOST_LIB_SUFFIX) \ -l db_cxx$(BDB_LIB_SUFFIX) \ -l ssl \ -l crypto \ -static-libgcc LIBS+= \ -Wl,-B$(LMODE2) \ -l pthread # Hardening # Make some classes of vulnerabilities unexploitable in case one is discovered. # # This is a workaround for Ubuntu bug #691722, the default -fstack-protector causes # -fstack-protector-all to be ignored unless -fno-stack-protector is used first. # see: https://bugs.launchpad.net/ubuntu/+source/gcc-4.5/+bug/691722 HARDENING=-fno-stack-protector # Stack Canaries # Put numbers at the beginning of each stack frame and check that they are the same. # If a stack buffer if overflowed, it writes over the canary number and then on return # when that number is checked, it won't be the same and the program will exit with # a "Stack smashing detected" error instead of being exploited. HARDENING+=-fstack-protector-all -Wstack-protector # Make some important things such as the global offset table read only as soon as # the dynamic linker is finished building it. This will prevent overwriting of addresses # which would later be jumped to. HARDENING+=-Wl,-z,relro -Wl,-z,now # Build position independent code to take advantage of Address Space Layout Randomization # offered by some kernels. # see doc/build-unix.txt for more information. ifdef PIE HARDENING+=-fPIE -pie endif # -D_FORTIFY_SOURCE=2 does some checking for potentially exploitable code patterns in # the source such overflowing a statically defined buffer. HARDENING+=-D_FORTIFY_SOURCE=2 # DEBUGFLAGS=-g CXXFLAGS=-O2 xCXXFLAGS=-pthread -Wno-invalid-offsetof -Wformat $(DEBUGFLAGS) $(DEFS) $(HARDENING) $(CXXFLAGS) HEADERS = \ base58.h \ bignum.h \ checkpoints.h \ crypter.h \ db.h \ headers.h \ init.h \ key.h \ keystore.h \ knobs.h \ main.h \ net.h \ noui.h \ protocol.h \ bitcoinrpc.h \ script.h \ serialize.h \ strlcpy.h \ uint256.h \ util.h \ wallet.h OBJS= \ obj/checkpoints.o \ obj/crypter.o \ obj/db.o \ obj/init.o \ obj/keystore.o \ obj/main.o \ obj/net.o \ obj/protocol.o \ obj/bitcoinrpc.o \ obj/script.o \ obj/util.o \ obj/wallet.o all: bitcoind # auto-generated dependencies: -include obj/nogui/*.P -include obj-test/*.P obj/nogui/%.o: %.cpp $(CXX) -c $(xCXXFLAGS) -MMD -o $@ $< @cp $(@:%.o=%.d) $(@:%.o=%.P); \ sed -e 's/#.*//' -e 's/^[^:]*: *//' -e 's/ *\\$$//' \ -e '/^$$/ d' -e 's/$$/ :/' < $(@:%.o=%.d) >> $(@:%.o=%.P); \ rm -f $(@:%.o=%.d) bitcoind: $(OBJS:obj/%=obj/nogui/%) $(CXX) $(xCXXFLAGS) -o $@ $^ $(LDFLAGS) $(LIBS) obj-test/%.o: test/%.cpp $(CXX) -c $(TESTDEFS) $(xCXXFLAGS) -MMD -o $@ $< @cp $(@:%.o=%.d) $(@:%.o=%.P); \ sed -e 's/#.*//' -e 's/^[^:]*: *//' -e 's/ *\\$$//' \ -e '/^$$/ d' -e 's/$$/ :/' < $(@:%.o=%.d) >> $(@:%.o=%.P); \ rm -f $(@:%.o=%.d) test_bitcoin: obj-test/test_bitcoin.o $(filter-out obj/nogui/init.o,$(OBJS:obj/%=obj/nogui/%)) $(CXX) $(xCXXFLAGS) -o $@ $(LIBPATHS) $^ -Wl,-B$(LMODE) -lboost_unit_test_framework $(LDFLAGS) $(LIBS) clean: -rm -f bitcoind test_bitcoin -rm -f obj/*.o -rm -f obj/nogui/*.o -rm -f obj-test/*.o -rm -f obj/*.P -rm -f obj/nogui/*.P -rm -f obj-test/*.P