From 36d22d82aa202bb199967e9512281e9a53db42c9 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 21:33:14 +0200 Subject: Adding upstream version 115.7.0esr. Signed-off-by: Daniel Baumann --- .../automation/taskcluster/docker-fuzz/Dockerfile | 61 ++++++++++++++++++++++ .../taskcluster/docker-fuzz/bin/checkout.sh | 20 +++++++ 2 files changed, 81 insertions(+) create mode 100644 security/nss/automation/taskcluster/docker-fuzz/Dockerfile create mode 100644 security/nss/automation/taskcluster/docker-fuzz/bin/checkout.sh (limited to 'security/nss/automation/taskcluster/docker-fuzz') diff --git a/security/nss/automation/taskcluster/docker-fuzz/Dockerfile b/security/nss/automation/taskcluster/docker-fuzz/Dockerfile new file mode 100644 index 0000000000..35fc6efe4c --- /dev/null +++ b/security/nss/automation/taskcluster/docker-fuzz/Dockerfile @@ -0,0 +1,61 @@ +# Dockerfile for running fuzzing tests. +# Used for ASAN. +# Note that when running this, you need to add `--cap-add SYS_PTRACE` to the +# docker invocation or ASAN won't work. +# On taskcluster for ASAN use `features: ["allowPtrace"]`. +# See https://github.com/google/sanitizers/issues/764#issuecomment-276700920 +FROM ubuntu:bionic-20221215 +LABEL maintainer="Martin Thomson " + +RUN dpkg --add-architecture i386 +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + build-essential \ + ca-certificates \ + clang \ + clang-tools \ + curl \ + g++-multilib \ + git \ + gyp \ + libssl-dev \ + libssl-dev:i386 \ + libxml2-utils \ + lib32z1-dev \ + linux-libc-dev:i386 \ + llvm-dev \ + locales \ + mercurial \ + ninja-build \ + pkg-config \ + python-pip \ + valgrind \ + zlib1g-dev \ + && rm -rf /var/lib/apt/lists/* \ + && apt-get autoremove -y && apt-get clean -y \ + && pip install requests + +ENV SHELL /bin/bash +ENV USER worker +ENV LOGNAME $USER +ENV HOME /home/$USER +ENV LANG en_US.UTF-8 +ENV LC_ALL $LANG +ENV HOST localhost +ENV DOMSUF localdomain + +RUN locale-gen $LANG \ + && DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales + +RUN useradd -d $HOME -s $SHELL -m $USER +WORKDIR $HOME + +# Add build and test scripts. +ADD bin $HOME/bin +RUN chmod +x $HOME/bin/* + +# Change user. +USER $USER + +# Set a default command for debugging. +CMD ["/bin/bash", "--login"] diff --git a/security/nss/automation/taskcluster/docker-fuzz/bin/checkout.sh b/security/nss/automation/taskcluster/docker-fuzz/bin/checkout.sh new file mode 100644 index 0000000000..9167f6bda6 --- /dev/null +++ b/security/nss/automation/taskcluster/docker-fuzz/bin/checkout.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash + +set -v -e -x + +if [ $(id -u) = 0 ]; then + # Drop privileges by re-running this script. + exec su worker $0 +fi + +# Default values for testing. +REVISION=${NSS_HEAD_REVISION:-default} +REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss} + +# Clone NSS. +for i in 0 2 5; do + sleep $i + hg clone -r $REVISION $REPOSITORY nss && exit 0 + rm -rf nss +done +exit 1 -- cgit v1.2.3