Mercurial > hg > sonic-visualiser

view deploy/linux/debian-dependencies.sh @ 2265:d33dff02b39b sandbox-notarize

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Work on sandboxing (possibly) and using the hardened runtime for notarization. Supply appropriate bundle ID for helpers as well as main application, and request inherited sandbox entitlements. Currently works with sandboxing (apparently) but not yet with the hardened runtime, where we can't load plugins signed by third parties even with the com.apple.security.cs.disable-library-validation entitlement because their team IDs don't match the host. Possibly that exception is supposed to be requested some other way?
author Chris Cannam
date Thu, 25 Apr 2019 16:46:02 +0100
parents c977df9da61e
children a901eff2acaf
line wrap: on
line source
#!/bin/bash

target=$1

if [ ! -f "$target" ]; then 
    echo "Usage: $0 target-executable"
    exit 1
fi

pfile=/tmp/packages_$$
rfile=/tmp/redundant_$$

trap "rm -f $pfile $rfile" 0
echo 1>&2

ldd "$target" | awk '{ print $3; }' | grep '^/' | while read lib; do
    if test -n "$lib" ; then
	dpkg-query -S "$lib"
    fi
    done | grep ': ' | awk -F: '{ print $1 }' | sort | uniq > $pfile

echo "Packages providing required libraries:" 1>&2
cat $pfile 1>&2
echo 1>&2

for p in `cat $pfile`; do 
    echo Looking at $p 1>&2
    apt-cache showpkg "$p" | grep '^  ' | grep ',' | awk -F, '{ print $1; }' | \
	while read d; do 
	    if grep -q '^'$d'$' $pfile; then
		echo $p
	    fi
    done
done | sort | uniq > $rfile

echo "Packages that can be eliminated because other packages depend on them:" 1>&2
cat $rfile 1>&2
echo 1>&2

cat $pfile $rfile | sort | uniq -u | sed 's/$/,/' | fmt -1000 | sed 's/^/Depends: /' | sed 's/,$/, libc6/' | sed 's/libjack0,/jackd,/'