mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-01-26 19:23:26 -03:00
a3d198c93c
c491368d8c
scripts: add MACHO dylib checking to symbol-check.py (fanquake)76bf97213f
scripts: fix check-symbols & check-security argument passing (fanquake) Pull request description: Based on #17857. This adds dynamic library checks for MACHO executables to symbol-check.py. The script has been modified to function more like `security-check.py`. The error output is now also slightly different. i.e: ```bash # Linux x86 bitcoin-cli: symbol operator new[](unsigned long) from unsupported version GLIBCXX_3.4 bitcoin-cli: export of symbol vtable for std::basic_ios<char, std::char_traits<char> > not allowed bitcoin-cli: NEEDED library libstdc++.so.6 is not allowed bitcoin-cli: failed IMPORTED_SYMBOLS EXPORTED_SYMBOLS LIBRARY_DEPENDENCIES # RISCV (skips exported symbols checks) bitcoin-tx: symbol operator new[](unsigned long) from unsupported version GLIBCXX_3.4 bitcoin-tx: NEEDED library libstdc++.so.6 is not allowed bitcoin-tx: failed IMPORTED_SYMBOLS LIBRARY_DEPENDENCIES # macOS Checking macOS dynamic libraries... libboost_filesystem.dylib is not in ALLOWED_LIBRARIES! bitcoind: failed DYNAMIC_LIBRARIES ``` Compared to `v0.19.0.1` the macOS allowed dylibs has been slimmed down somewhat: ```diff src/qt/bitcoin-qt: /usr/lib/libSystem.B.dylib -/System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation -/System/Library/Frameworks/Security.framework/Versions/A/Security -/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics -/System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL -/System/Library/Frameworks/AGL.framework/Versions/A/AGL /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon /usr/lib/libc++.1.dylib -/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork /System/Library/Frameworks/CoreText.framework/Versions/A/CoreText /System/Library/Frameworks/ImageIO.framework/Versions/A/ImageIO /usr/lib/libobjc.A.dylib ``` ACKs for top commit: laanwj: ACKc491368d8c
Tree-SHA512: f8624e4964e80b3e0d34e8d3cc33f3107938f3ef7a01c07828f09b902b5ea31a53c50f9be03576e1896ed832cf2c399e03a7943a4f537a1e1c705f3804aed979
171 lines
5.6 KiB
YAML
171 lines
5.6 KiB
YAML
---
|
|
name: "bitcoin-core-osx-0.20"
|
|
enable_cache: true
|
|
distro: "ubuntu"
|
|
suites:
|
|
- "bionic"
|
|
architectures:
|
|
- "amd64"
|
|
packages:
|
|
- "ca-certificates"
|
|
- "curl"
|
|
- "g++"
|
|
- "git"
|
|
- "pkg-config"
|
|
- "autoconf"
|
|
- "librsvg2-bin"
|
|
- "libtiff-tools"
|
|
- "libtool"
|
|
- "automake"
|
|
- "faketime"
|
|
- "bsdmainutils"
|
|
- "cmake"
|
|
- "imagemagick"
|
|
- "libcap-dev"
|
|
- "libz-dev"
|
|
- "libbz2-dev"
|
|
- "python3"
|
|
- "python3-dev"
|
|
- "python3-setuptools"
|
|
- "fonts-tuffy"
|
|
remotes:
|
|
- "url": "https://github.com/bitcoin/bitcoin.git"
|
|
"dir": "bitcoin"
|
|
files:
|
|
- "MacOSX10.11.sdk.tar.gz"
|
|
script: |
|
|
set -e -o pipefail
|
|
|
|
WRAP_DIR=$HOME/wrapped
|
|
HOSTS="x86_64-apple-darwin16"
|
|
CONFIGFLAGS="--enable-reduce-exports --disable-bench --disable-gui-tests GENISOIMAGE=$WRAP_DIR/genisoimage"
|
|
FAKETIME_HOST_PROGS=""
|
|
FAKETIME_PROGS="ar ranlib date dmg genisoimage"
|
|
|
|
export QT_RCC_TEST=1
|
|
export QT_RCC_SOURCE_DATE_OVERRIDE=1
|
|
export TZ="UTC"
|
|
export BUILD_DIR="$PWD"
|
|
mkdir -p ${WRAP_DIR}
|
|
if test -n "$GBUILD_CACHE_ENABLED"; then
|
|
export SOURCES_PATH=${GBUILD_COMMON_CACHE}
|
|
export BASE_CACHE=${GBUILD_PACKAGE_CACHE}
|
|
mkdir -p ${BASE_CACHE} ${SOURCES_PATH}
|
|
fi
|
|
|
|
export ZERO_AR_DATE=1
|
|
|
|
# Use $LIB in LD_PRELOAD to avoid hardcoding the dir (See `man ld.so`)
|
|
function create_global_faketime_wrappers {
|
|
for prog in ${FAKETIME_PROGS}; do
|
|
echo '#!/usr/bin/env bash' > ${WRAP_DIR}/${prog}
|
|
echo "REAL=\`which -a ${prog} | grep -v ${WRAP_DIR}/${prog} | head -1\`" >> ${WRAP_DIR}/${prog}
|
|
echo "export LD_PRELOAD='/usr/\$LIB/faketime/libfaketime.so.1'" >> ${WRAP_DIR}/${prog}
|
|
echo "export FAKETIME=\"$1\"" >> ${WRAP_DIR}/${prog}
|
|
echo "\$REAL \$@" >> $WRAP_DIR/${prog}
|
|
chmod +x ${WRAP_DIR}/${prog}
|
|
done
|
|
}
|
|
|
|
function create_per-host_faketime_wrappers {
|
|
for i in $HOSTS; do
|
|
for prog in ${FAKETIME_HOST_PROGS}; do
|
|
echo '#!/usr/bin/env bash' > ${WRAP_DIR}/${i}-${prog}
|
|
echo "REAL=\`which -a ${i}-${prog} | grep -v ${WRAP_DIR}/${i}-${prog} | head -1\`" >> ${WRAP_DIR}/${i}-${prog}
|
|
echo "export LD_PRELOAD='/usr/\$LIB/faketime/libfaketime.so.1'" >> ${WRAP_DIR}/${i}-${prog}
|
|
echo "export FAKETIME=\"$1\"" >> ${WRAP_DIR}/${i}-${prog}
|
|
echo "\$REAL \$@" >> $WRAP_DIR/${i}-${prog}
|
|
chmod +x ${WRAP_DIR}/${i}-${prog}
|
|
done
|
|
done
|
|
}
|
|
|
|
# Faketime for depends so intermediate results are comparable
|
|
export PATH_orig=${PATH}
|
|
create_global_faketime_wrappers "2000-01-01 12:00:00"
|
|
create_per-host_faketime_wrappers "2000-01-01 12:00:00"
|
|
export PATH=${WRAP_DIR}:${PATH}
|
|
|
|
cd bitcoin
|
|
BASEPREFIX="${PWD}/depends"
|
|
|
|
mkdir -p ${BASEPREFIX}/SDKs
|
|
tar -C ${BASEPREFIX}/SDKs -xf ${BUILD_DIR}/MacOSX10.11.sdk.tar.gz
|
|
|
|
# Build dependencies for each host
|
|
for i in $HOSTS; do
|
|
make ${MAKEOPTS} -C ${BASEPREFIX} HOST="${i}"
|
|
done
|
|
|
|
# Faketime for binaries
|
|
export PATH=${PATH_orig}
|
|
create_global_faketime_wrappers "${REFERENCE_DATETIME}"
|
|
create_per-host_faketime_wrappers "${REFERENCE_DATETIME}"
|
|
export PATH=${WRAP_DIR}:${PATH}
|
|
|
|
# Create the release tarball using (arbitrarily) the first host
|
|
./autogen.sh
|
|
CONFIG_SITE=${BASEPREFIX}/$(echo "${HOSTS}" | awk '{print $1;}')/share/config.site ./configure --prefix=/
|
|
make dist
|
|
SOURCEDIST=$(echo bitcoin-*.tar.gz)
|
|
DISTNAME=${SOURCEDIST/%.tar.gz}
|
|
|
|
# Correct tar file order
|
|
mkdir -p temp
|
|
pushd temp
|
|
tar -xf ../$SOURCEDIST
|
|
find bitcoin-* | sort | tar --mtime="$REFERENCE_DATETIME" --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ../$SOURCEDIST
|
|
popd
|
|
|
|
# Workaround for tarball not building with the bare tag version (prep)
|
|
make -C src obj/build.h
|
|
|
|
ORIGPATH="$PATH"
|
|
# Extract the release tarball into a dir for each host and build
|
|
for i in ${HOSTS}; do
|
|
export PATH=${BASEPREFIX}/${i}/native/bin:${ORIGPATH}
|
|
mkdir -p distsrc-${i}
|
|
cd distsrc-${i}
|
|
INSTALLPATH="${PWD}/installed/${DISTNAME}"
|
|
mkdir -p ${INSTALLPATH}
|
|
tar --strip-components=1 -xf ../$SOURCEDIST
|
|
|
|
# Workaround for tarball not building with the bare tag version
|
|
echo '#!/bin/true' >share/genbuild.sh
|
|
mkdir src/obj
|
|
cp ../src/obj/build.h src/obj/
|
|
|
|
CONFIG_SITE=${BASEPREFIX}/${i}/share/config.site ./configure --prefix=/ --disable-ccache --disable-maintainer-mode --disable-dependency-tracking ${CONFIGFLAGS}
|
|
make ${MAKEOPTS}
|
|
make ${MAKEOPTS} -C src check-security
|
|
make ${MAKEOPTS} -C src check-symbols
|
|
make install-strip DESTDIR=${INSTALLPATH}
|
|
|
|
make osx_volname
|
|
make deploydir
|
|
OSX_VOLNAME="$(cat osx_volname)"
|
|
mkdir -p unsigned-app-${i}
|
|
cp osx_volname unsigned-app-${i}/
|
|
cp contrib/macdeploy/detached-sig-apply.sh unsigned-app-${i}
|
|
cp contrib/macdeploy/detached-sig-create.sh unsigned-app-${i}
|
|
cp ${BASEPREFIX}/${i}/native/bin/dmg ${BASEPREFIX}/${i}/native/bin/genisoimage unsigned-app-${i}
|
|
cp ${BASEPREFIX}/${i}/native/bin/${i}-codesign_allocate unsigned-app-${i}/codesign_allocate
|
|
cp ${BASEPREFIX}/${i}/native/bin/${i}-pagestuff unsigned-app-${i}/pagestuff
|
|
mv dist unsigned-app-${i}
|
|
pushd unsigned-app-${i}
|
|
find . | sort | tar --mtime="$REFERENCE_DATETIME" --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-osx-unsigned.tar.gz
|
|
popd
|
|
|
|
make deploy
|
|
${WRAP_DIR}/dmg dmg "${OSX_VOLNAME}.dmg" ${OUTDIR}/${DISTNAME}-osx-unsigned.dmg
|
|
|
|
cd installed
|
|
find . -name "lib*.la" -delete
|
|
find . -name "lib*.a" -delete
|
|
rm -rf ${DISTNAME}/lib/pkgconfig
|
|
find ${DISTNAME} | sort | tar --mtime="$REFERENCE_DATETIME" --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-${i}.tar.gz
|
|
cd ../../
|
|
done
|
|
mkdir -p $OUTDIR/src
|
|
mv $SOURCEDIST $OUTDIR/src
|
|
mv ${OUTDIR}/${DISTNAME}-x86_64-*.tar.gz ${OUTDIR}/${DISTNAME}-osx64.tar.gz
|