mirror of
https://github.com/dashpay/dash.git
synced 2024-12-25 12:02:48 +01:00
7fb31bc434
c491368d8cfddf3a5b6d574f10ed67492fcecbed scripts: add MACHO dylib checking to symbol-check.py (fanquake) 76bf97213f4b153dd3ccf1314088a73c4804601d scripts: fix check-symbols & check-security argument passing (fanquake) Pull request description: Based on #17857. This adds dynamic library checks for MACHO executables to symbol-check.py. The script has been modified to function more like `security-check.py`. The error output is now also slightly different. i.e: ```bash # Linux x86 bitcoin-cli: symbol operator new[](unsigned long) from unsupported version GLIBCXX_3.4 bitcoin-cli: export of symbol vtable for std::basic_ios<char, std::char_traits<char> > not allowed bitcoin-cli: NEEDED library libstdc++.so.6 is not allowed bitcoin-cli: failed IMPORTED_SYMBOLS EXPORTED_SYMBOLS LIBRARY_DEPENDENCIES # RISCV (skips exported symbols checks) bitcoin-tx: symbol operator new[](unsigned long) from unsupported version GLIBCXX_3.4 bitcoin-tx: NEEDED library libstdc++.so.6 is not allowed bitcoin-tx: failed IMPORTED_SYMBOLS LIBRARY_DEPENDENCIES # macOS Checking macOS dynamic libraries... libboost_filesystem.dylib is not in ALLOWED_LIBRARIES! bitcoind: failed DYNAMIC_LIBRARIES ``` Compared to `v0.19.0.1` the macOS allowed dylibs has been slimmed down somewhat: ```diff src/qt/bitcoin-qt: /usr/lib/libSystem.B.dylib -/System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation -/System/Library/Frameworks/Security.framework/Versions/A/Security -/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics -/System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL -/System/Library/Frameworks/AGL.framework/Versions/A/AGL /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon /usr/lib/libc++.1.dylib -/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork /System/Library/Frameworks/CoreText.framework/Versions/A/CoreText /System/Library/Frameworks/ImageIO.framework/Versions/A/ImageIO /usr/lib/libobjc.A.dylib ``` ACKs for top commit: laanwj: ACK c491368d8cfddf3a5b6d574f10ed67492fcecbed Tree-SHA512: f8624e4964e80b3e0d34e8d3cc33f3107938f3ef7a01c07828f09b902b5ea31a53c50f9be03576e1896ed832cf2c399e03a7943a4f537a1e1c705f3804aed979
185 lines
6.2 KiB
YAML
185 lines
6.2 KiB
YAML
---
|
|
name: "dash-osx-18"
|
|
enable_cache: true
|
|
distro: "ubuntu"
|
|
suites:
|
|
- "focal"
|
|
architectures:
|
|
- "amd64"
|
|
packages:
|
|
- "ca-certificates"
|
|
- "curl"
|
|
- "g++"
|
|
- "git"
|
|
- "pkg-config"
|
|
- "autoconf"
|
|
- "librsvg2-bin"
|
|
- "libtiff-tools"
|
|
- "libtool"
|
|
- "automake"
|
|
- "faketime"
|
|
- "bsdmainutils"
|
|
- "imagemagick"
|
|
- "libcap-dev"
|
|
- "libz-dev"
|
|
- "libbz2-dev"
|
|
- "python3"
|
|
- "python3-dev"
|
|
- "python3-setuptools"
|
|
- "fonts-tuffy"
|
|
- "ccache"
|
|
- "cmake"
|
|
- "xorriso"
|
|
- "libtinfo5"
|
|
remotes:
|
|
- "url": "https://github.com/dashpay/dash.git"
|
|
"dir": "dash"
|
|
files:
|
|
- "Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz"
|
|
script: |
|
|
set -e -o pipefail
|
|
|
|
WRAP_DIR=$HOME/wrapped
|
|
HOSTS="x86_64-apple-darwin19"
|
|
CONFIGFLAGS="--enable-reduce-exports --disable-miner --disable-bench --disable-gui-tests XORRISOFS=${WRAP_DIR}/xorrisofs DMG=${WRAP_DIR}/dmg --enable-crash-hooks"
|
|
FAKETIME_HOST_PROGS=""
|
|
FAKETIME_PROGS="ar ranlib date dmg xorrisofs"
|
|
|
|
export TZ="UTC"
|
|
export BUILD_DIR="$PWD"
|
|
mkdir -p ${WRAP_DIR}
|
|
if test -n "$GBUILD_CACHE_ENABLED"; then
|
|
export SOURCES_PATH=${GBUILD_COMMON_CACHE}
|
|
export BASE_CACHE=${GBUILD_PACKAGE_CACHE}/depends
|
|
mkdir -p ${BASE_CACHE} ${SOURCES_PATH}
|
|
|
|
# Setup ccache to use correct cache directories
|
|
CONFIGFLAGS="${CONFIGFLAGS} --enable-ccache"
|
|
export CCACHE_DIR=${GBUILD_PACKAGE_CACHE}/ccache
|
|
if [ -f ${GBUILD_PACKAGE_CACHE}/ccache.tar ]; then
|
|
pushd ${GBUILD_PACKAGE_CACHE}
|
|
tar xf ccache.tar
|
|
rm ccache.tar
|
|
popd
|
|
fi
|
|
# instead of compressing ccache.tar, we let ccache handle it by itself
|
|
# Otherwise we end up uncompressing/compressing a lot of cache files which we actually never use
|
|
export CCACHE_COMPRESS=1
|
|
else
|
|
CONFIGFLAGS="${CONFIGFLAGS} --disable-ccache"
|
|
fi
|
|
|
|
export ZERO_AR_DATE=1
|
|
|
|
# Use $LIB in LD_PRELOAD to avoid hardcoding the dir (See `man ld.so`)
|
|
function create_global_faketime_wrappers {
|
|
for prog in ${FAKETIME_PROGS}; do
|
|
echo '#!/usr/bin/env bash' > ${WRAP_DIR}/${prog}
|
|
echo "REAL=\`which -a ${prog} | grep -v ${WRAP_DIR}/${prog} | head -1\`" >> ${WRAP_DIR}/${prog}
|
|
echo "export LD_PRELOAD='/usr/\$LIB/faketime/libfaketime.so.1'" >> ${WRAP_DIR}/${prog}
|
|
echo "export FAKETIME=\"$1\"" >> ${WRAP_DIR}/${prog}
|
|
echo "\$REAL \$@" >> $WRAP_DIR/${prog}
|
|
chmod +x ${WRAP_DIR}/${prog}
|
|
touch -d "${REFERENCE_DATETIME}" ${WRAP_DIR}/${prog}
|
|
done
|
|
}
|
|
|
|
function create_per-host_faketime_wrappers {
|
|
for i in $HOSTS; do
|
|
for prog in ${FAKETIME_HOST_PROGS}; do
|
|
echo '#!/usr/bin/env bash' > ${WRAP_DIR}/${i}-${prog}
|
|
echo "REAL=\`which -a ${i}-${prog} | grep -v ${WRAP_DIR}/${i}-${prog} | head -1\`" >> ${WRAP_DIR}/${i}-${prog}
|
|
echo "export LD_PRELOAD='/usr/\$LIB/faketime/libfaketime.so.1'" >> ${WRAP_DIR}/${i}-${prog}
|
|
echo "export FAKETIME=\"$1\"" >> ${WRAP_DIR}/${i}-${prog}
|
|
echo "\$REAL \$@" >> $WRAP_DIR/${i}-${prog}
|
|
chmod +x ${WRAP_DIR}/${i}-${prog}
|
|
touch -d "${REFERENCE_DATETIME}" ${WRAP_DIR}/${i}-${prog}
|
|
done
|
|
done
|
|
}
|
|
|
|
# Faketime for depends so intermediate results are comparable
|
|
export PATH_orig=${PATH}
|
|
create_global_faketime_wrappers "2000-01-01 12:00:00"
|
|
create_per-host_faketime_wrappers "2000-01-01 12:00:00"
|
|
export PATH=${WRAP_DIR}:${PATH}
|
|
|
|
cd dash
|
|
BASEPREFIX="${PWD}/depends"
|
|
|
|
mkdir -p ${BASEPREFIX}/SDKs
|
|
tar -C ${BASEPREFIX}/SDKs -xf ${BUILD_DIR}/Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz
|
|
|
|
# Build dependencies for each host
|
|
for i in $HOSTS; do
|
|
make ${MAKEOPTS} -C ${BASEPREFIX} HOST="${i}"
|
|
done
|
|
|
|
# Faketime for binaries
|
|
export PATH=${PATH_orig}
|
|
create_global_faketime_wrappers "${REFERENCE_DATETIME}"
|
|
create_per-host_faketime_wrappers "${REFERENCE_DATETIME}"
|
|
export PATH=${WRAP_DIR}:${PATH}
|
|
|
|
# Define DISTNAME variable.
|
|
# shellcheck source=contrib/gitian-descriptors/assign_DISTNAME
|
|
source contrib/gitian-descriptors/assign_DISTNAME
|
|
|
|
GIT_ARCHIVE="${OUTDIR}/src/${DISTNAME}.tar.gz"
|
|
|
|
# Create the source tarball
|
|
mkdir -p "$(dirname "$GIT_ARCHIVE")"
|
|
git archive --prefix="${DISTNAME}/" --output="$GIT_ARCHIVE" HEAD
|
|
|
|
ORIGPATH="$PATH"
|
|
# Extract the git archive into a dir for each host and build
|
|
for i in ${HOSTS}; do
|
|
export PATH=${BASEPREFIX}/${i}/native/bin:${ORIGPATH}
|
|
mkdir -p distsrc-${i}
|
|
cd distsrc-${i}
|
|
INSTALLPATH="${PWD}/installed/${DISTNAME}"
|
|
mkdir -p ${INSTALLPATH}
|
|
tar --strip-components=1 -xf "${GIT_ARCHIVE}"
|
|
|
|
./autogen.sh
|
|
CONFIG_SITE=${BASEPREFIX}/${i}/share/config.site ./configure --prefix=/ --disable-maintainer-mode --disable-dependency-tracking ${CONFIGFLAGS}
|
|
make ${MAKEOPTS}
|
|
make -C src osx_debug
|
|
make ${MAKEOPTS} -C src check-security
|
|
make ${MAKEOPTS} -C src check-symbols
|
|
make install-strip DESTDIR=${INSTALLPATH}
|
|
|
|
make osx_volname
|
|
make deploydir
|
|
mkdir -p unsigned-app-${i}
|
|
cp osx_volname unsigned-app-${i}/
|
|
cp contrib/macdeploy/detached-sig-apply.sh unsigned-app-${i}
|
|
cp contrib/macdeploy/detached-sig-create.sh unsigned-app-${i}
|
|
cp ${BASEPREFIX}/${i}/native/bin/dmg unsigned-app-${i}
|
|
mv dist unsigned-app-${i}
|
|
pushd unsigned-app-${i}
|
|
find . | sort | tar --mtime="$REFERENCE_DATETIME" --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-osx-unsigned.tar.gz
|
|
popd
|
|
|
|
make deploy OSX_DMG="${OUTDIR}/${DISTNAME}-osx-unsigned.dmg"
|
|
|
|
cd installed
|
|
find . -name "lib*.la" -delete
|
|
find . -name "lib*.a" -delete
|
|
rm -rf ${DISTNAME}/lib/pkgconfig
|
|
find .. -name "*.dSYM" -exec cp -ra {} ${DISTNAME}/bin \;
|
|
find ${DISTNAME} -not -path '*.dSYM*' | sort | tar --mtime="$REFERENCE_DATETIME" --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-${i}.tar.gz
|
|
find ${DISTNAME} -path '*.dSYM*' | sort | tar --mtime="$REFERENCE_DATETIME" --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-${i}-debug.tar.gz
|
|
cd ../../
|
|
done
|
|
mv ${OUTDIR}/${DISTNAME}-x86_64-apple-darwin19.tar.gz ${OUTDIR}/${DISTNAME}-osx64.tar.gz
|
|
mv ${OUTDIR}/${DISTNAME}-x86_64-apple-darwin19-debug.tar.gz ${OUTDIR}/${DISTNAME}-osx64-debug.tar.gz
|
|
|
|
# Compress ccache (otherwise the assert file will get too huge)
|
|
if [ "$CCACHE_DIR" != "" ]; then
|
|
pushd ${GBUILD_PACKAGE_CACHE}
|
|
tar cf ccache.tar ccache
|
|
rm -rf ccache
|
|
popd
|
|
fi
|