thodg/libgit2/azure-pipelines/docker/focal
-
Show log
Commit
-
Hash : 6a917c04
Author :
Date : 2020-06-28T15:51:43
Add CI support for Memory and UndefinedBehavior Sanitizers This change adds two new build targets: MSan and UBSan. This is because even though OSS-Fuzz is great and adds a lot of coverage, it only does that for the fuzz targets, so the rest of the codebase is not necessarily run with the Sanitizers ever :( So this change makes sure that MSan/UBSan warnings don't make it into the codebase. As part of this change, the Ubuntu focal container is introduced. It builds mbedTLS and libssh2 as debug libraries into /usr/local and as MSan-enabled libraries into /usr/local/msan. This latter part is needed because MSan requires the binary and all its dependent libraries to be built with MSan support so that memory allocations and deallocations are tracked correctly to avoid false positives.
-
azure-pipelines/docker/focal
-
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79
FROM ubuntu:focal AS apt RUN apt-get update && \ DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ bzip2 \ clang-10 \ cmake \ curl \ gcc-10 \ git \ krb5-user \ libcurl4-gnutls-dev \ libgcrypt20-dev \ libkrb5-dev \ libpcre3-dev \ libssl-dev \ libz-dev \ llvm-10 \ make \ ninja-build \ openjdk-8-jre-headless \ openssh-server \ openssl \ pkgconf \ python \ sudo \ valgrind \ && \ rm -rf /var/lib/apt/lists/* && \ mkdir /usr/local/msan FROM apt AS mbedtls RUN cd /tmp && \ curl --location --silent --show-error https://tls.mbed.org/download/mbedtls-2.16.2-apache.tgz | \ tar -xz && \ cd mbedtls-2.16.2 && \ scripts/config.pl unset MBEDTLS_AESNI_C && \ scripts/config.pl set MBEDTLS_MD4_C 1 && \ mkdir build build-msan && \ cd build && \ CC=clang-10 CFLAGS="-fPIC" cmake -G Ninja -DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF -DUSE_SHARED_MBEDTLS_LIBRARY=ON -DUSE_STATIC_MBEDTLS_LIBRARY=OFF -DCMAKE_BUILD_TYPE=Debug -DCMAKE_PREFIX_PATH=/usr/local -DCMAKE_INSTALL_PREFIX=/usr/local .. && \ ninja install && \ cd ../build-msan && \ CC=clang-10 CFLAGS="-fPIC" cmake -G Ninja -DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF -DUSE_SHARED_MBEDTLS_LIBRARY=ON -DUSE_STATIC_MBEDTLS_LIBRARY=OFF -DCMAKE_BUILD_TYPE=MemSanDbg -DCMAKE_INSTALL_PREFIX=/usr/local/msan .. && \ ninja install && \ cd .. && \ rm -rf mbedtls-2.16.2 FROM mbedtls AS libssh2 RUN cd /tmp && \ curl --insecure --location --silent --show-error https://www.libssh2.org/download/libssh2-1.8.2.tar.gz | \ tar -xz && \ cd libssh2-1.8.2 && \ mkdir build build-msan && \ cd build && \ CC=clang-10 CFLAGS="-fPIC" cmake -G Ninja -DBUILD_SHARED_LIBS=ON -DCRYPTO_BACKEND=Libgcrypt -DCMAKE_PREFIX_PATH=/usr/local -DCMAKE_INSTALL_PREFIX=/usr/local .. && \ ninja install && \ cd ../build-msan && \ CC=clang-10 CFLAGS="-fPIC -fsanitize=memory -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2 -fno-omit-frame-pointer" LDFLAGS="-fsanitize=memory" cmake -G Ninja -DBUILD_SHARED_LIBS=ON -DCRYPTO_BACKEND=mbedTLS -DCMAKE_PREFIX_PATH=/usr/local/msan -DCMAKE_INSTALL_PREFIX=/usr/local/msan .. && \ ninja install && \ cd .. && \ rm -rf libssh2-1.8.2 FROM libssh2 AS valgrind RUN cd /tmp && \ curl --insecure --location --silent --show-error https://sourceware.org/pub/valgrind/valgrind-3.15.0.tar.bz2 | \ tar -xj && \ cd valgrind-3.15.0 && \ CC=clang-10 ./configure && \ make MAKEFLAGS="-j -l$(grep -c ^processor /proc/cpuinfo)" && \ make install && \ cd .. && \ rm -rf valgrind-3.15.0 FROM valgrind AS configure COPY entrypoint.sh /usr/local/bin/entrypoint.sh RUN chmod a+x /usr/local/bin/entrypoint.sh RUN mkdir /var/run/sshd ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]