diff options
Diffstat (limited to 'security/nss/automation/taskcluster/docker-fuzz')
-rw-r--r-- | security/nss/automation/taskcluster/docker-fuzz/Dockerfile | 61 | ||||
-rw-r--r-- | security/nss/automation/taskcluster/docker-fuzz/bin/checkout.sh | 20 |
2 files changed, 81 insertions, 0 deletions
diff --git a/security/nss/automation/taskcluster/docker-fuzz/Dockerfile b/security/nss/automation/taskcluster/docker-fuzz/Dockerfile new file mode 100644 index 0000000000..00964b42f3 --- /dev/null +++ b/security/nss/automation/taskcluster/docker-fuzz/Dockerfile @@ -0,0 +1,61 @@ +# Dockerfile for running fuzzing tests. +# Used for ASAN and Coverity based static-analysis. +# Note that when running this, you need to add `--cap-add SYS_PTRACE` to the +# docker invocation or ASAN won't work. +# On taskcluster for ASAN use `features: ["allowPtrace"]`. +# See https://github.com/google/sanitizers/issues/764#issuecomment-276700920 +FROM ubuntu:18.04 +LABEL maintainer="Martin Thomson <martin.thomson@gmail.com>" + +RUN dpkg --add-architecture i386 +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + build-essential \ + ca-certificates \ + clang \ + clang-tools \ + curl \ + g++-multilib \ + git \ + gyp \ + libssl-dev \ + libssl-dev:i386 \ + libxml2-utils \ + lib32z1-dev \ + linux-libc-dev:i386 \ + llvm-dev \ + locales \ + mercurial \ + ninja-build \ + pkg-config \ + python-pip \ + valgrind \ + zlib1g-dev \ + && rm -rf /var/lib/apt/lists/* \ + && apt-get autoremove -y && apt-get clean -y \ + && pip install requests + +ENV SHELL /bin/bash +ENV USER worker +ENV LOGNAME $USER +ENV HOME /home/$USER +ENV LANG en_US.UTF-8 +ENV LC_ALL $LANG +ENV HOST localhost +ENV DOMSUF localdomain + +RUN locale-gen $LANG \ + && DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales + +RUN useradd -d $HOME -s $SHELL -m $USER +WORKDIR $HOME + +# Add build and test scripts. +ADD bin $HOME/bin +RUN chmod +x $HOME/bin/* + +# Change user. +USER $USER + +# Set a default command for debugging. +CMD ["/bin/bash", "--login"] diff --git a/security/nss/automation/taskcluster/docker-fuzz/bin/checkout.sh b/security/nss/automation/taskcluster/docker-fuzz/bin/checkout.sh new file mode 100644 index 0000000000..9167f6bda6 --- /dev/null +++ b/security/nss/automation/taskcluster/docker-fuzz/bin/checkout.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash + +set -v -e -x + +if [ $(id -u) = 0 ]; then + # Drop privileges by re-running this script. + exec su worker $0 +fi + +# Default values for testing. +REVISION=${NSS_HEAD_REVISION:-default} +REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss} + +# Clone NSS. +for i in 0 2 5; do + sleep $i + hg clone -r $REVISION $REPOSITORY nss && exit 0 + rm -rf nss +done +exit 1 |