scripts: add MACHO dylib checking to symbol-check.py

2026-06-04 10:12:28 +02:00 · 2020-01-03 19:34:58 +08:00
parent 76bf97213f
commit c491368d8c
4 changed files with 128 additions and 28 deletions
--- a/contrib/devtools/README.md
+++ b/contrib/devtools/README.md
@@ -103,17 +103,21 @@ Perform basic security checks on a series of executables.
 symbol-check.py
 ===============

-A script to check that the (Linux) executables produced by gitian only contain
-allowed gcc, glibc and libstdc++ version symbols. This makes sure they are
-still compatible with the minimum supported Linux distribution versions.
+A script to check that the executables produced by gitian only contain
+certain symbols and are only linked against allowed libraries.
+
+For Linux this means checking for allowed gcc, glibc and libstdc++ version symbols.
+This makes sure they are still compatible with the minimum supported distribution versions.
+
+For macOS we check that the executables are only linked against libraries we allow.

 Example usage after a gitian build:

    find ../gitian-builder/build -type f -executable | xargs python3 contrib/devtools/symbol-check.py

-If only supported symbols are used the return value will be 0 and the output will be empty.
+If no errors occur the return value will be 0 and the output will be empty.

-If there are 'unsupported' symbols, the return value will be 1 a list like this will be printed:
+If there are any errors the return value will be 1 and output like this will be printed:

    .../64/test_bitcoin: symbol memcpy from unsupported version GLIBC_2.14
    .../64/test_bitcoin: symbol __fdelt_chk from unsupported version GLIBC_2.15