From 8612d3d858fa108e5732a586d4e2d0227ae34422 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 16 Sep 2024 20:20:20 +0200 Subject: Merging upstream version 256.4. Signed-off-by: Daniel Baumann --- mkosi.sanitizers/mkosi.conf | 5 + mkosi.sanitizers/mkosi.conf.d/arch.conf | 9 ++ mkosi.sanitizers/mkosi.conf.d/debian-ubuntu.conf | 11 ++ mkosi.sanitizers/mkosi.conf.d/opensuse.conf | 10 ++ mkosi.sanitizers/mkosi.postinst | 131 +++++++++++++++++++++++ 5 files changed, 166 insertions(+) create mode 100644 mkosi.sanitizers/mkosi.conf create mode 100644 mkosi.sanitizers/mkosi.conf.d/arch.conf create mode 100644 mkosi.sanitizers/mkosi.conf.d/debian-ubuntu.conf create mode 100644 mkosi.sanitizers/mkosi.conf.d/opensuse.conf create mode 100755 mkosi.sanitizers/mkosi.postinst (limited to 'mkosi.sanitizers') diff --git a/mkosi.sanitizers/mkosi.conf b/mkosi.sanitizers/mkosi.conf new file mode 100644 index 0000000..844541c --- /dev/null +++ b/mkosi.sanitizers/mkosi.conf @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Environment=SANITIZERS +Environment=!SANITIZERS= diff --git a/mkosi.sanitizers/mkosi.conf.d/arch.conf b/mkosi.sanitizers/mkosi.conf.d/arch.conf new file mode 100644 index 0000000..195556a --- /dev/null +++ b/mkosi.sanitizers/mkosi.conf.d/arch.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=arch +Environment=LLVM=1 + +[Content] +Packages= + compiler-rt diff --git a/mkosi.sanitizers/mkosi.conf.d/debian-ubuntu.conf b/mkosi.sanitizers/mkosi.conf.d/debian-ubuntu.conf new file mode 100644 index 0000000..cfeef85 --- /dev/null +++ b/mkosi.sanitizers/mkosi.conf.d/debian-ubuntu.conf @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# TODO: Drop when https://bugzilla.suse.com/show_bug.cgi?id=1225784 is fixed. + +[Match] +Distribution=|debian +Distribution=|ubuntu +Environment=LLVM=1 + +[Content] +Packages= + libclang-rt-dev diff --git a/mkosi.sanitizers/mkosi.conf.d/opensuse.conf b/mkosi.sanitizers/mkosi.conf.d/opensuse.conf new file mode 100644 index 0000000..28357df --- /dev/null +++ b/mkosi.sanitizers/mkosi.conf.d/opensuse.conf @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# TODO: Drop when https://bugzilla.suse.com/show_bug.cgi?id=1225784 is fixed. + +[Match] +Distribution=opensuse +Environment=LLVM=1 + +[Content] +Packages= + clang diff --git a/mkosi.sanitizers/mkosi.postinst b/mkosi.sanitizers/mkosi.postinst new file mode 100755 index 0000000..e0ad422 --- /dev/null +++ b/mkosi.sanitizers/mkosi.postinst @@ -0,0 +1,131 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e +set -o nounset + +LIBSYSTEMD="$(mkosi-chroot ldconfig -p | grep libsystemd.so.0 | sed 's/[^/]*\//\//')" + +if [[ ! -f "$BUILDROOT/$LIBSYSTEMD" ]]; then + exit 0 +fi + +# Sanitizers log to stderr by default. However, journald's stderr is connected to /dev/null, so we lose +# all the sanitizer logs. To rectify that, let's connect journald's stdout to kmsg so that the sanitizer +# failures end up in the journal. +if [[ -f "$BUILDROOT"/usr/lib/systemd/system/systemd-journald.service ]]; then + mkdir -p "$BUILDROOT"/etc/systemd/system/systemd-journald.service.d + cat >"$BUILDROOT"/etc/systemd/system/systemd-journald.service.d/10-stdout-tty.conf < 50s when built with sanitizers so let's not run it by default. +systemctl --root="$BUILDROOT" mask systemd-hwdb-update.service + +ASAN_RT_PATH="$(grep libasan.so < <(mkosi-chroot ldd "$LIBSYSTEMD") | cut -d ' ' -f 3)" +if [[ -z "$ASAN_RT_PATH" ]]; then + ASAN_RT_PATH="$(grep libclang_rt.asan < <(mkosi-chroot ldd "$LIBSYSTEMD") | cut -d ' ' -f 3)" + + # As clang's ASan DSO is usually in a non-standard path, let's check if the RUNPATH is set accordingly. + if mkosi-chroot ldd "$LIBSYSTEMD" | grep -q "libclang_rt.asan.*not found"; then + echo >&2 "clang's ASan DSO libclang_rt.asan is not present in the runtime library path" + exit 1 + fi +fi +if [[ -z "$ASAN_RT_PATH" ]]; then + echo >&2 "systemd is not linked against the ASan DSO" + echo >&2 "gcc does this by default, for clang compile with -shared-libasan" + exit 1 +fi + +wrap=( + /usr/lib/polkit-1/polkitd + /usr/libexec/polkit-1/polkitd + agetty + btrfs + capsh + chgrp + chown + cryptsetup + curl + dbus-broker-launch + dbus-daemon + delv + dhcpd + dig + dmsetup + dnsmasq + findmnt + getent + getfacl + id + integritysetup + iscsid + kpartx + logger + login + ls + lsblk + lvm + mdadm + mkfs.btrfs + mkfs.erofs + mkfs.ext4 + mkfs.vfat + mkfs.xfs + mksquashfs + mkswap + multipath + multipathd + nvme + p11-kit + pkill + ps + setfacl + setpriv + sshd + stat + su + tar + tgtd + useradd + userdel + veritysetup +) + +for bin in "${wrap[@]}"; do + if ! mkosi-chroot command -v "$bin" >/dev/null; then + continue + fi + + if [[ "$bin" == getent ]]; then + enable_lsan=1 + else + enable_lsan=0 + fi + + target="$(mkosi-chroot command -v "$bin")" + + mv "$BUILDROOT/$target" "$BUILDROOT/$target.orig" + + cat >"$BUILDROOT/$target" <"$BUILDROOT"/usr/lib/systemd/systemd-asan-env <