def check_MACHO_FIXUP_CHAINS(binary) -> bool:

'''

return binary.has_dyld_chained_fixups

('FIXUP_CHAINS', check_MACHO_FIXUP_CHAINS),

self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-Wl,-allow_stack_execute','-fno-stack-protector', '-Wl,-no_fixup_chains']),

(1, executable+': failed NOUNDEFS Canary FIXUP_CHAINS PIE NX CONTROL_FLOW'))

self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-Wl,-allow_stack_execute','-fno-stack-protector', '-Wl,-fixup_chains']),

self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-Wl,-allow_stack_execute','-fstack-protector-all', '-Wl,-fixup_chains']),

self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-fstack-protector-all', '-Wl,-fixup_chains']),

self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-fstack-protector-all', '-Wl,-fixup_chains']),

self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-bind_at_load','-fstack-protector-all', '-Wl,-fixup_chains']),

self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-bind_at_load','-fstack-protector-all', '-fcf-protection=full', '-Wl,-fixup_chains']),

self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-pie','-Wl,-bind_at_load','-fstack-protector-all', '-fcf-protection=full', '-Wl,-fixup_chains']),

self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-flat_namespace','-fno-stack-protector', '-Wl,-no_fixup_chains']),

(1, executable+': failed NOUNDEFS Canary FIXUP_CHAINS'))

self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-flat_namespace','-fno-stack-protector', '-Wl,-fixup_chains']),

self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-flat_namespace','-fstack-protector-all', '-Wl,-fixup_chains']),

self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-bind_at_load','-fstack-protector-all', '-Wl,-fixup_chains']),

$(package)_patches=no_fixup_chains.patch

cp -f $(BASEDIR)/config.guess $(BASEDIR)/config.sub cctools && \

patch -p1 < $($(package)_patch_dir)/no_fixup_chains.patch

cp -f $(BASEDIR)/config.guess $(BASEDIR)/config.sub cctools && \

patch -p1 < $($(package)_patch_dir)/no_fixup_chains.patch

commit 5860b35ff6c7241d1c35a1b3197b45e5c9ff86cf

Author: fanquake <[email protected]>

Date: Thu Jun 29 11:52:43 2023 +0100

ld64: add support for -no_fixup_chains

This is added in later versions, and is required if we want to be able

to disable fixup_chains, for use in security tests.

index 15e8e88..b6580af 100644

@@ -4128,6 +4128,9 @@ void Options::parse(int argc, const char* argv[])

else if ( strcmp(arg, "-fixup_chains") == 0 ) {

fMakeChainedFixups = true;

}

else if (strcmp(arg, "-debug_variant") == 0) {

fDebugVariant = true;

}