summaryrefslogtreecommitdiffstats
path: root/security/nss/automation/taskcluster/docker-fuzz
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/automation/taskcluster/docker-fuzz')
-rw-r--r--security/nss/automation/taskcluster/docker-fuzz/Dockerfile61
-rw-r--r--security/nss/automation/taskcluster/docker-fuzz/bin/checkout.sh20
2 files changed, 81 insertions, 0 deletions
diff --git a/security/nss/automation/taskcluster/docker-fuzz/Dockerfile b/security/nss/automation/taskcluster/docker-fuzz/Dockerfile
new file mode 100644
index 0000000000..00964b42f3
--- /dev/null
+++ b/security/nss/automation/taskcluster/docker-fuzz/Dockerfile
@@ -0,0 +1,61 @@
+# Dockerfile for running fuzzing tests.
+# Used for ASAN and Coverity based static-analysis.
+# Note that when running this, you need to add `--cap-add SYS_PTRACE` to the
+# docker invocation or ASAN won't work.
+# On taskcluster for ASAN use `features: ["allowPtrace"]`.
+# See https://github.com/google/sanitizers/issues/764#issuecomment-276700920
+FROM ubuntu:18.04
+LABEL maintainer="Martin Thomson <martin.thomson@gmail.com>"
+
+RUN dpkg --add-architecture i386
+RUN apt-get update \
+ && apt-get install -y --no-install-recommends \
+ build-essential \
+ ca-certificates \
+ clang \
+ clang-tools \
+ curl \
+ g++-multilib \
+ git \
+ gyp \
+ libssl-dev \
+ libssl-dev:i386 \
+ libxml2-utils \
+ lib32z1-dev \
+ linux-libc-dev:i386 \
+ llvm-dev \
+ locales \
+ mercurial \
+ ninja-build \
+ pkg-config \
+ python-pip \
+ valgrind \
+ zlib1g-dev \
+ && rm -rf /var/lib/apt/lists/* \
+ && apt-get autoremove -y && apt-get clean -y \
+ && pip install requests
+
+ENV SHELL /bin/bash
+ENV USER worker
+ENV LOGNAME $USER
+ENV HOME /home/$USER
+ENV LANG en_US.UTF-8
+ENV LC_ALL $LANG
+ENV HOST localhost
+ENV DOMSUF localdomain
+
+RUN locale-gen $LANG \
+ && DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales
+
+RUN useradd -d $HOME -s $SHELL -m $USER
+WORKDIR $HOME
+
+# Add build and test scripts.
+ADD bin $HOME/bin
+RUN chmod +x $HOME/bin/*
+
+# Change user.
+USER $USER
+
+# Set a default command for debugging.
+CMD ["/bin/bash", "--login"]
diff --git a/security/nss/automation/taskcluster/docker-fuzz/bin/checkout.sh b/security/nss/automation/taskcluster/docker-fuzz/bin/checkout.sh
new file mode 100644
index 0000000000..9167f6bda6
--- /dev/null
+++ b/security/nss/automation/taskcluster/docker-fuzz/bin/checkout.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+if [ $(id -u) = 0 ]; then
+ # Drop privileges by re-running this script.
+ exec su worker $0
+fi
+
+# Default values for testing.
+REVISION=${NSS_HEAD_REVISION:-default}
+REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss}
+
+# Clone NSS.
+for i in 0 2 5; do
+ sleep $i
+ hg clone -r $REVISION $REPOSITORY nss && exit 0
+ rm -rf nss
+done
+exit 1