# https://github.com/google/oss-fuzz/blob/master/projects/samba/build.sh
# which does nothing else.
#
-# We have to push to oss-fuzz CFLAGS into the waf ADDITIONAL_CFLAGS
-# as otherwise waf's configure fails linking the first test binary
-#
-# CFLAGS are supplied by the caller, eg the oss-fuzz compile command
-#
# Additional arguments are passed to configure, to allow this to be
# tested in autobuild.py
#
set -x
set -u
-# It is critical that this script, just as the rest of Samba's GitLab
-# CI docker has LANG set to en_US.utf8 (oss-fuzz fails to set this)
-. /etc/default/locale
-export LANG
-export LC_ALL
-
-ADDITIONAL_CFLAGS="$CFLAGS"
-export ADDITIONAL_CFLAGS
-CFLAGS=""
-export CFLAGS
-LD="$CXX"
-export LD
-
-# Use the system Python, not the OSS-Fuzz provided statically linked
-# and instrumented Python, because we can't statically link.
-
-PYTHON=/usr/bin/python3
-export PYTHON
-
-# $SANITIZER is provided by the oss-fuzz "compile" command
-#
-# We need to add the waf configure option as otherwise when we also
-# get (eg) -fsanitize=address via the CFLAGS we will fail to link
-# correctly
-
-case "$SANITIZER" in
- address)
- SANITIZER_ARG='--address-sanitizer'
- ;;
- undefined)
- SANITIZER_ARG='--undefined-sanitizer'
- ;;
- coverage)
- # Thankfully clang operating as ld has no objection to the
- # cc style options, so we can just set ADDITIONAL_LDFLAGS
- # to ensure the coverage build is done, despite waf splitting
- # the compile and link phases.
- ADDITIONAL_LDFLAGS="${ADDITIONAL_LDFLAGS:-} $COVERAGE_FLAGS"
- export ADDITIONAL_LDFLAGS
-
- SANITIZER_ARG=''
- ;;
-esac
-
-# $LIB_FUZZING_ENGINE is provided by the oss-fuzz "compile" command
-#
-
-./configure -C --without-gettext --enable-debug --enable-developer \
- --enable-libfuzzer \
- $SANITIZER_ARG \
- --disable-warnings-as-errors \
- --abi-check-disable \
- --fuzz-target-ldflags="$LIB_FUZZING_ENGINE" \
- --nonshared-binary=ALL \
- "$@" \
- LINK_CC="$CXX"
-
-make -j
-
-# Make a directory for the system shared libraries to be copied into
-mkdir -p $OUT/lib
-
-# We can't static link to all the system libs with waf, so copy them
-# to $OUT/lib and set the rpath to point there. This is similar to how
-# firefox handles this.
-
-for x in bin/fuzz_*
-do
- # Copy any system libraries needed by this fuzzer to $OUT/lib.
-
- # We run ldd on $x, the fuzz_binary in bin/ which has not yet had
- # the RPATH altered. This is clearer for debugging in local
- # development builds as $OUT is not cleaned between runs.
- #
- # Otherwise trying to re-run this can see cp can fail with:
- # cp: '/out/lib/libgcc_s.so.1' and '/out/lib/libgcc_s.so.1' are the same file
- # which is really confusing!
-
- # The cut for ( and ' ' removes the special case references to:
- # linux-vdso.so.1 => (0x00007ffe8f2b2000)
- # /lib64/ld-linux-x86-64.so.2 (0x00007fc63ea6f000)
-
- ldd $x | cut -f 2 -d '>' | cut -f 1 -d \( | cut -f 2 -d ' ' | xargs -i cp \{\} $OUT/lib/
-
- cp $x $OUT/
- bin=`basename $x`
-
- # Changing RPATH (not RUNPATH, but we can't tell here which was
- # set) is critical, otherwise libraries used by libraries won't be
- # found on the oss-fuzz target host. Sadly this is only possible
- # with clang or ld.bfd on Ubuntu 16.04 (this script is only run on
- # that).
- #
- # chrpath --convert only allows RPATH to be changed to RUNPATH,
- # not the other way around, and we really don't want RUNPATH.
- #
- # This means the copied libraries are found on the runner
- chrpath -r '$ORIGIN/lib' $OUT/$bin
-
- # Truncate the original binary to save space
- echo -n > $x
-
-done
-
-# Grap the seeds dictionary from github and put the seed zips in place
-# beside their executables.
-
-wget https://gitlab.com/samba-team/samba-fuzz-seeds/-/jobs/artifacts/master/download?job=zips \
- -O seeds.zip
-
-# We might not have unzip, but we do have python
-$PYTHON -mzipfile -e seeds.zip $OUT
-rm -f seeds.zip
+$(dirname $0)/do_build.sh $@
+$(dirname $0)/check_build.sh $OUT
--- /dev/null
+#!/bin/sh
+#
+# This is not a general-purpose build script, but instead one specific
+# to the Google oss-fuzz compile environment.
+#
+# https://google.github.io/oss-fuzz/getting-started/new-project-guide/#Requirements
+#
+# https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-builder/README.md#provided-environment-variables
+#
+# This file is run by build_samba.sh, which is run by
+# https://github.com/google/oss-fuzz/blob/master/projects/samba/build.sh
+# which does nothing else.
+#
+# We have to push to oss-fuzz CFLAGS into the waf ADDITIONAL_CFLAGS
+# as otherwise waf's configure fails linking the first test binary
+#
+# CFLAGS are supplied by the caller, eg the oss-fuzz compile command
+#
+# Additional arguments are passed to configure, to allow this to be
+# tested in autobuild.py
+#
+
+# Ensure we give good trace info, fail right away and fail with unset
+# variables
+set -e
+set -x
+set -u
+
+# It is critical that this script, just as the rest of Samba's GitLab
+# CI docker has LANG set to en_US.utf8 (oss-fuzz fails to set this)
+. /etc/default/locale
+export LANG
+export LC_ALL
+
+ADDITIONAL_CFLAGS="$CFLAGS"
+export ADDITIONAL_CFLAGS
+CFLAGS=""
+export CFLAGS
+LD="$CXX"
+export LD
+
+# Use the system Python, not the OSS-Fuzz provided statically linked
+# and instrumented Python, because we can't statically link.
+
+PYTHON=/usr/bin/python3
+export PYTHON
+
+# $SANITIZER is provided by the oss-fuzz "compile" command
+#
+# We need to add the waf configure option as otherwise when we also
+# get (eg) -fsanitize=address via the CFLAGS we will fail to link
+# correctly
+
+case "$SANITIZER" in
+ address)
+ SANITIZER_ARG='--address-sanitizer'
+ ;;
+ undefined)
+ SANITIZER_ARG='--undefined-sanitizer'
+ ;;
+ coverage)
+ # Thankfully clang operating as ld has no objection to the
+ # cc style options, so we can just set ADDITIONAL_LDFLAGS
+ # to ensure the coverage build is done, despite waf splitting
+ # the compile and link phases.
+ ADDITIONAL_LDFLAGS="${ADDITIONAL_LDFLAGS:-} $COVERAGE_FLAGS"
+ export ADDITIONAL_LDFLAGS
+
+ SANITIZER_ARG=''
+ ;;
+esac
+
+# $LIB_FUZZING_ENGINE is provided by the oss-fuzz "compile" command
+#
+
+./configure -C --without-gettext --enable-debug --enable-developer \
+ --enable-libfuzzer \
+ $SANITIZER_ARG \
+ --disable-warnings-as-errors \
+ --abi-check-disable \
+ --fuzz-target-ldflags="$LIB_FUZZING_ENGINE" \
+ --nonshared-binary=ALL \
+ "$@" \
+ LINK_CC="$CXX"
+
+make -j
+
+# Make a directory for the system shared libraries to be copied into
+mkdir -p $OUT/lib
+
+# We can't static link to all the system libs with waf, so copy them
+# to $OUT/lib and set the rpath to point there. This is similar to how
+# firefox handles this.
+
+for x in bin/fuzz_*
+do
+ # Copy any system libraries needed by this fuzzer to $OUT/lib.
+
+ # We run ldd on $x, the fuzz_binary in bin/ which has not yet had
+ # the RPATH altered. This is clearer for debugging in local
+ # development builds as $OUT is not cleaned between runs.
+ #
+ # Otherwise trying to re-run this can see cp can fail with:
+ # cp: '/out/lib/libgcc_s.so.1' and '/out/lib/libgcc_s.so.1' are the same file
+ # which is really confusing!
+
+ # The cut for ( and ' ' removes the special case references to:
+ # linux-vdso.so.1 => (0x00007ffe8f2b2000)
+ # /lib64/ld-linux-x86-64.so.2 (0x00007fc63ea6f000)
+
+ ldd $x | cut -f 2 -d '>' | cut -f 1 -d \( | cut -f 2 -d ' ' | xargs -i cp \{\} $OUT/lib/
+
+ cp $x $OUT/
+ bin=`basename $x`
+
+ # Changing RPATH (not RUNPATH, but we can't tell here which was
+ # set) is critical, otherwise libraries used by libraries won't be
+ # found on the oss-fuzz target host. Sadly this is only possible
+ # with clang or ld.bfd on Ubuntu 16.04 (this script is only run on
+ # that).
+ #
+ # chrpath --convert only allows RPATH to be changed to RUNPATH,
+ # not the other way around, and we really don't want RUNPATH.
+ #
+ # This means the copied libraries are found on the runner
+ chrpath -r '$ORIGIN/lib' $OUT/$bin
+
+ # Truncate the original binary to save space
+ echo -n > $x
+
+done
+
+# Grap the seeds dictionary from github and put the seed zips in place
+# beside their executables.
+
+wget https://gitlab.com/samba-team/samba-fuzz-seeds/-/jobs/artifacts/master/download?job=zips \
+ -O seeds.zip
+
+# We might not have unzip, but we do have python
+$PYTHON -mzipfile -e seeds.zip $OUT
+rm -f seeds.zip
git.samba.org / samba.git / commitdiff