mirror of
https://github.com/systemd/systemd
synced 2024-07-22 18:55:10 +00:00
![Zbigniew Jędrzejewski-Szmek](/assets/img/avatar_default.png)
The scheme is very similar to libsystemd-shared.so: instead of building a static library, we build a shared library from the same objects and link the two users to it. Both systemd and systemd-analyze consist mostly of the fairly big code in libcore, so we save a bit on the installation: (-0g, no strip) -rwxr-xr-x 5238864 Dec 14 12:52 /var/tmp/inst1/usr/lib/systemd/systemd -rwxr-xr-x 5399600 Dec 14 12:52 /var/tmp/inst1/usr/bin/systemd-analyze -rwxr-xr-x 244912 Dec 14 13:17 /var/tmp/inst2/usr/lib/systemd/systemd -rwxr-xr-x 461224 Dec 14 13:17 /var/tmp/inst2/usr/bin/systemd-analyze -rwxr-xr-x 5271568 Dec 14 13:17 /var/tmp/inst2/usr/lib/systemd/libsystemd-core-250.so (-0g, strip) -rwxr-xr-x 2522080 Dec 14 13:19 /var/tmp/inst1/usr/lib/systemd/systemd -rwxr-xr-x 2604160 Dec 14 13:19 /var/tmp/inst1/usr/bin/systemd-analyze -rwxr-xr-x 113304 Dec 14 13:19 /var/tmp/inst2/usr/lib/systemd/systemd -rwxr-xr-x 207656 Dec 14 13:19 /var/tmp/inst2/usr/bin/systemd-analyze -rwxr-xr-x 2648520 Dec 14 13:19 /var/tmp/inst2/usr/lib/systemd/libsystemd-core-250.so So for systemd itself we grow a bit (2522080 → 2648520+113304=2761824), but overall we save. The most is saved on all the test files that link to libcore, if they are installed, because there's 15 of them: $ du -s /var/tmp/inst? 220096 /var/tmp/inst1 122960 /var/tmp/inst2 I also considered making systemd-analyze a symlink to /usr/lib/systemd/systemd and turning systemd into a multicall binary. We did something like this with udevd and udevadm. But that solution doesn't fit well in this case. systemd-analyze has a bunch of functionality that is not used in systemd, so the systemd binary would need to grow quite a bit. And we're likely to add new types of verification or introspection features in analyze, and this baggage would only grow. In addition, there are the test binaries which also benefit from this.
79 lines
2.5 KiB
Bash
Executable file
79 lines
2.5 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
|
|
set -ex
|
|
|
|
export LC_CTYPE=C.UTF-8
|
|
|
|
export CC=${CC:-clang}
|
|
export CXX=${CXX:-clang++}
|
|
clang_version="$($CC --version | sed -nr 's/.*version ([^ ]+?) .*/\1/p' | sed -r 's/-$//')"
|
|
|
|
SANITIZER=${SANITIZER:-address -fsanitize-address-use-after-scope}
|
|
flags="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=$SANITIZER"
|
|
|
|
clang_lib="/usr/lib64/clang/${clang_version}/lib/linux"
|
|
[ -d "$clang_lib" ] || clang_lib="/usr/lib/clang/${clang_version}/lib/linux"
|
|
|
|
export CFLAGS=${CFLAGS:-$flags}
|
|
export CXXFLAGS=${CXXFLAGS:-$flags}
|
|
export LDFLAGS=${LDFLAGS:--L${clang_lib}}
|
|
|
|
export WORK=${WORK:-$(pwd)}
|
|
export OUT=${OUT:-$(pwd)/out}
|
|
mkdir -p "$OUT"
|
|
|
|
build="$WORK/build"
|
|
rm -rf "$build"
|
|
mkdir -p "$build"
|
|
|
|
if [ -z "$FUZZING_ENGINE" ]; then
|
|
fuzzflag="llvm-fuzz=true"
|
|
else
|
|
fuzzflag="oss-fuzz=true"
|
|
|
|
apt-get update
|
|
apt-get install -y gperf m4 gettext python3-pip \
|
|
libcap-dev libmount-dev libkmod-dev \
|
|
pkg-config wget python3-jinja2
|
|
pip3 install -r .github/workflows/requirements.txt --require-hashes
|
|
|
|
# https://github.com/google/oss-fuzz/issues/6868
|
|
ORIG_PYTHONPATH=$(python3 -c 'import sys;print(":".join(sys.path[1:]))')
|
|
export PYTHONPATH="$ORIG_PYTHONPATH:/usr/lib/python3/dist-packages/"
|
|
|
|
if [[ "$SANITIZER" == undefined ]]; then
|
|
UBSAN_FLAGS="-fsanitize=pointer-overflow -fno-sanitize-recover=pointer-overflow"
|
|
CFLAGS="$CFLAGS $UBSAN_FLAGS"
|
|
CXXFLAGS="$CXXFLAGS $UBSAN_FLAGS"
|
|
fi
|
|
fi
|
|
|
|
if ! meson "$build" "-D$fuzzflag" -Db_lundef=false; then
|
|
cat "$build/meson-logs/meson-log.txt"
|
|
exit 1
|
|
fi
|
|
|
|
ninja -v -C "$build" fuzzers
|
|
|
|
# The seed corpus is a separate flat archive for each fuzzer,
|
|
# with a fixed name ${fuzzer}_seed_corpus.zip.
|
|
for d in "$(dirname "$0")/../test/fuzz/fuzz-"*; do
|
|
zip -jqr "$OUT/$(basename "$d")_seed_corpus.zip" "$d"
|
|
done
|
|
|
|
# get fuzz-dns-packet corpus
|
|
df="$build/dns-fuzzing"
|
|
git clone --depth 1 https://github.com/CZ-NIC/dns-fuzzing "$df"
|
|
zip -jqr "$OUT/fuzz-dns-packet_seed_corpus.zip" "$df/packet"
|
|
|
|
install -Dt "$OUT/src/shared/" \
|
|
"$build"/src/shared/libsystemd-shared-*.so \
|
|
"$build"/src/core/libsystemd-core-*.so
|
|
|
|
wget -O "$OUT/fuzz-json.dict" https://raw.githubusercontent.com/rc0r/afl-fuzz/master/dictionaries/json.dict
|
|
|
|
find "$build" -maxdepth 1 -type f -executable -name "fuzz-*" -exec mv {} "$OUT" \;
|
|
find src -type f -name "fuzz-*.dict" -exec cp {} "$OUT" \;
|
|
cp src/fuzz/*.options "$OUT"
|