search

Unvanquished / validate-release

MIT License
1 stars 1 forks source link

0.54 updates #4

Closed slipher closed 1 year ago

slipher commented 1 year ago

The output now looks like this:

Checking the universal zip (version = '0.54.0')
Dirty version string detected: unvanquished_0.54.0/pkg/res-weapons_0.54-dirty.dpk
Pak dependency cycle: res-weapons_0.54-dirty.dpk -> res-buildables_0.54.dpk -> res-weapons_0.54-dirty.dpk
Linux binary daemon (i686) depends on a too-new symbol version GLIBC_2.28
Linux binary daemonded (i686) depends on a too-new symbol version GLIBC_2.28
Linux binary daemon-tty (i686) depends on a too-new symbol version GLIBC_2.28
File 'Unvanquished.app/Contents/MacOS/SDL2.framework/SDL2' in unvanquished_0.54.0/macos-amd64.zip has odd permissions0o777
File 'Unvanquished.app/Contents/MacOS/SDL2.framework/Versions/A/Frameworks/hidapi.framework/hidapi' in unvanquished_0.54.0/macos-amd64.zip has odd permissions 0o777
File 'Unvanquished.app/Contents/MacOS/SDL2.framework/Versions/Current/Frameworks/hidapi.framework/hidapi' in unvanquished_0.54.0/macos-amd64.zip has odd permissions 0o777
illwieckz commented 1 year ago

Great!

Note, about those:

File 'Unvanquished.app/Contents/MacOS/SDL2.framework/SDL2' in unvanquished_0.54.0/macos-amd64.zip has odd permissions 0o777
File 'Unvanquished.app/Contents/MacOS/SDL2.framework/Versions/A/Frameworks/hidapi.framework/hidapi' in unvanquished_0.54.0/macos-amd64.zip has odd permissions 0o777
File 'Unvanquished.app/Contents/MacOS/SDL2.framework/Versions/Current/Frameworks/hidapi.framework/hidapi' in unvanquished_0.54.0/macos-amd64.zip has odd permissions 0o777

I believe it's because they're symlinks. So we may exclude symlinks from permission checks.

slipher commented 1 year ago

I believe it's because they're symlinks. So we may exclude symlinks from permission checks.

I allowed 777 for symlinks.

illwieckz commented 1 year ago

I also suggest that. All the 0.54.0 Linux binaries were built in the exact same Debian 10 Buster docker.

The fact the libc version differs across the architectures on the exact same distribution and exact same installation may be a specificity of such architecture (maybe a bug fix or security fix?).

diff --git a/validate_release.py b/validate_release.py
index 30e4777..173fc69 100755
--- a/validate_release.py
+++ b/validate_release.py
@@ -45,7 +45,19 @@ def CheckUnixPermissions(z):
         if permissions & 0o7777 not in normal and permissions != symlink:
             yield f"File '{info.filename}' in {z.filename} has odd permissions {oct(permissions)}"

-def LinuxCheckSymbolVersions(elf, binary):
+def LinuxCheckSymbolVersions(elf, binary, arch):
+    # Target supported versions are from Debian 10 Buster
+    lib_versions = {
+        'amd64': (('GLIBC', '2.27'), ('GLIBCXX', '3.4.25')),
+        'i686':  (('GLIBC', '2.28'), ('GLIBCXX', '3.4.25')),
+        'arm64': (('GLIBC', '2.27'), ('GLIBCXX', '3.4.25')),
+        'armhf': None, # Not yet implemented for 32-bit ARM
+    }
+    if arch not in lib_versions.keys():
+        yield f'Unknown Linux binary {binary} ({arch})'
+        return
+    if not lib_versions[arch]:
+        return
     v = lambda version: tuple(int(n) for n in version.split('.'))
     maxes = collections.defaultdict(lambda: '0')
     for section in elf.iter_sections():
@@ -56,12 +68,11 @@ def LinuxCheckSymbolVersions(elf, binary):
                 lib, _, version = aux.name.partition('_')
                 if v(version) > v(maxes[lib]):
                     maxes[lib] = version
-    # Target supported versions are from Ubuntu 18.04
-    for lib, version in (('GLIBC', '2.27'), ('GLIBCXX', '3.4.25')):
+    for lib, version in lib_versions[arch]:
         if maxes[lib] == '0':
-            yield f"Can't detect symbol versions for {lib} on Linux binary {binary}"
+            yield f"Can't detect symbol versions for {lib} on Linux binary {binary} ({arch})"
         elif v(maxes[lib]) > v(version):
-            yield f'Linux binary {binary} depends on a too-new symbol version {lib}_{maxes[lib]}'
+            yield f'Linux binary {binary} ({arch}) depends on a too-new symbol version {lib}_{maxes[lib]}'

 def GetElfBuildId(elf):
     for section in elf.iter_sections():
@@ -117,8 +128,7 @@ def LinuxCheckBinary(z, arch, binary, symids):
         yield f"{arch} {binary} dynamic dependencies changed: " + ', '.join(changes)

     # Check libc and libstdc++ symbol versions
-    if arch != 'armhf': # Not yet implemented for 32-bit ARM - symbol versions are different somehow
-        yield from LinuxCheckSymbolVersions(elf, f"{binary} ({arch})")
+    yield from LinuxCheckSymbolVersions(elf, binary, arch)

 def WindowsCheckBinary(z, binary, bitness, symids):
     # Partially based on https://gist.github.com/wdormann/dcdba9840701c879115f9aa5c1ef86dc
illwieckz commented 1 year ago

Forget the patch above, I'll do a PR once this one is merged (I will have more changes).

LGTM.