Updated build process checks for referenced libraries

[iramiller]

Summary

Some users have reported build issues with cleveldb and with the libwasmvm (both of which are shared libraries). The build process should be modified to require specific libraries with verified hashes to lock in these dependency versions.

Problem Definition

As the following linker report shows, shared libraries (in this case leveldb and libwasm are not locked against specific versions. This leads to issues because the implementation can vary widely across the revisions (or in the case of libwasm there is no restriction at all).

otool -L ./build/provenanced
./build/provenanced:
        /usr/local/opt/leveldb/lib/libleveldb.1.dylib (compatibility version 1.0.0, current version 1.23.0)
        /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation (compatibility version 150.0.0, current version 1675.129.0)
        /System/Library/Frameworks/Security.framework/Versions/A/Security (compatibility version 1.0.0, current version 59306.101.1)
        /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1281.100.1)
        @rpath/libwasmvm.dylib (compatibility version 0.0.0, current version 0.0.0)
        /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit (compatibility version 1.0.0, current version 275.0.0)

Proposal

Require that all shared libraries target explicit compatibility versions. When the library does not provide version information (such as libwasmvm that reports 0.0.0 require that an explicit file hash matches the expected build version.

---

For Admin Use

• Not duplicate issue
• Appropriate labels applied
• Appropriate contributors tagged
• Contributor assigned/self-assigned

[iramiller]

We can update this process to remove cleveldb support with 1.14.x it looks like...