Binary Static Library Artifact auditing tool #8741
Conversation
|
We would also like to provide docker image that bundles the tool and has the oldest supported libc in the Swift ecosystem which is glibc 2.26 as of Swift 6. |
|
Please correct me if I'm wrong, but I don't see how this tool checks for compatible ABIs at all. It seems to only deal with symbol names and doesn't have any knowledge the actual function ABI. Also is there a reason this only works for the host triple? This seems like an odd requirement. Lastly, why does this manually call shell tools? This functionality should likely be expressed in an action graph (via llbuild). The his would mean it could be included in larger graphs as well individually operations can be cached. |
daniel-grumberg
force-pushed
the
dgrumberg/binary-artifact-audit
branch
from
b4a419c to
b1ac38f
Compare
Upon further reflection we can tell users to the 6.2 amazonlinux2 image once it comes out, until we figure out a more robust strategy in a future release. |
|
@rauhul answers inline:
This might a terminology misnomer (I am not a low level runtime person), but what it does validate is that any referenced symbols are either provided by default (e.g. compiler runtimes) or come from the system libc. It needs to run on the host triple because we don't actually have access to the system libc on the deployment target currently. We will recommend users run this on amazonlinux2 images as they have the oldest libc of the supported images.
I am not familiar with this, but this is not part of the build, it is a purely one of operation intended to be run in CI by binary static library artifact vendors. |
daniel-grumberg
requested review from
jakepetroules,
dschaefer2,
shawnhyam,
bripeticca,
plemarquand,
owenv,
bkhouri,
cmcgee1024 and
daveyc123
as code owners
|
@swift-ci please smoke-test |
|
@swift-ci please test |
daniel-grumberg
force-pushed
the
dgrumberg/binary-artifact-audit
branch
from
b1ac38f to
da1aff7
Compare
Currently the tool can only on a Linux host.
daniel-grumberg
force-pushed
the
dgrumberg/binary-artifact-audit
branch
from
da1aff7 to
1e5f09b
Compare
|
@swift-ci please test |
|
@swift-ci test windows |
|
@swift-ci please test windows |
|
@swift-ci please test |
|
@swift-ci test self hosted windows |
|
@swift-ci test self-hosted windows |
|
|
||
| try await archiver.extract(from: path, to: archiveDirectory) | ||
|
|
||
| let artifacts = try fileSystem.getDirectoryContents(archiveDirectory) |
There was a problem hiding this comment.
Just to check are we filtering somewhere to only use the .a that also applies to the current host triplet?
There was a problem hiding this comment.
parseLibraryArtifactArchives does it for us.
|
@swift-ci test self hosted windows |
|
@swift-ci test |
|
@swift-ci test windows |
This is an implementation of the auditing tool described in [SE-0482](https://github.com/swiftlang/swift-evolution/blob/main/proposals/0482-swiftpm-static-library-binary-target-non-apple-platforms.md). ### Motivation: As part of SE-0482 and #8639 we introduced the ability to depend on prebuilt static libraries (that expose a C interface) and that don't have any dependencies outside of the C standard library. This PR introduces an auditing tool that checks the ABI of static library artifact bundle and checks if it's compatible with the current host platform. ### Modifications: - Create a new package subcommand that checks a local artifact bundle for unexpected external dependencies. - New internal APIs to inspect the ABI of a binary object (object file, static archive, dynamic library). ### Result: Users will be able to validate that their static library binary artifacts won't cause runtime issues for users.
This is an implementation of the auditing tool described in SE-0482.
Motivation:
As part of SE-0482 and #8639 we introduced the ability to depend on prebuilt static libraries (that expose a C interface) and that don't have any dependencies outside of the C standard library. This PR introduces an auditing tool that checks the ABI of static library artifact bundle and checks if it's compatible with the current host platform.
Modifications:
Result:
Users will be able to validate that their static library binary artifacts won't cause runtime issues for users.