| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Since the files with generated directives are now automatically
generated during build, they're now under the respective build directory
which the current oss-fuzz CI script didn't account for.
Follow-up to: #24958
Resolves: #25859
|
|
|
|
| |
Closes https://github.com/systemd/systemd/issues/23532
|
|
|
|
|
|
|
|
|
|
|
| |
fuzz-introspector passes -fuse-ld=gold and -flto using CFLAGS/LDFLAGS and due to
https://github.com/mesonbuild/meson/issues/6377#issuecomment-575977919 and
https://github.com/mesonbuild/meson/issues/6377 it doesn't mix well with meson.
It's possible to build systemd with duct tape there using something like
https://github.com/google/oss-fuzz/pull/7583#issuecomment-1104011067 but
apparently even with gold and lto some parts of systemd are missing from
reports (presumably due to https://github.com/google/oss-fuzz/issues/7598).
Let's just fail here for now to make it clear that fuzz-introspector isn't supported.
|
|
|
|
|
| |
to let it cover as much code as possible. It should help to catch
most regressions in a few minutes.
|
|
|
|
|
|
|
| |
It's like CIFuzz but unlike CIFuzz it's compatible with forks and
it should make it possible to run the fuzzers to make sure that
patches backported to them are backported correctly without introducing
new bugs and regressions.
|
|
|
|
| |
That's just a follow-up to https://github.com/systemd/systemd/pull/22179
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was copy-pasted directly from OSS-Fuzz where it makes sense to
kind of strip binaries to get nice backtraces but when the fuzzers
are built and run locally with gdb it would be nice to have a little
bit more than that.
It was initially discovered in elfutils where I put the same flags
and was surprised when I couldn't run the fuzzer comfortably step
by step, which led to the same change there: https://github.com/google/oss-fuzz/pull/7092
:-)
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The scheme is very similar to libsystemd-shared.so: instead of building a
static library, we build a shared library from the same objects and link the
two users to it. Both systemd and systemd-analyze consist mostly of the fairly
big code in libcore, so we save a bit on the installation:
(-0g, no strip)
-rwxr-xr-x 5238864 Dec 14 12:52 /var/tmp/inst1/usr/lib/systemd/systemd
-rwxr-xr-x 5399600 Dec 14 12:52 /var/tmp/inst1/usr/bin/systemd-analyze
-rwxr-xr-x 244912 Dec 14 13:17 /var/tmp/inst2/usr/lib/systemd/systemd
-rwxr-xr-x 461224 Dec 14 13:17 /var/tmp/inst2/usr/bin/systemd-analyze
-rwxr-xr-x 5271568 Dec 14 13:17 /var/tmp/inst2/usr/lib/systemd/libsystemd-core-250.so
(-0g, strip)
-rwxr-xr-x 2522080 Dec 14 13:19 /var/tmp/inst1/usr/lib/systemd/systemd
-rwxr-xr-x 2604160 Dec 14 13:19 /var/tmp/inst1/usr/bin/systemd-analyze
-rwxr-xr-x 113304 Dec 14 13:19 /var/tmp/inst2/usr/lib/systemd/systemd
-rwxr-xr-x 207656 Dec 14 13:19 /var/tmp/inst2/usr/bin/systemd-analyze
-rwxr-xr-x 2648520 Dec 14 13:19 /var/tmp/inst2/usr/lib/systemd/libsystemd-core-250.so
So for systemd itself we grow a bit (2522080 → 2648520+113304=2761824), but
overall we save. The most is saved on all the test files that link to libcore,
if they are installed, because there's 15 of them:
$ du -s /var/tmp/inst?
220096 /var/tmp/inst1
122960 /var/tmp/inst2
I also considered making systemd-analyze a symlink to /usr/lib/systemd/systemd
and turning systemd into a multicall binary. We did something like this with
udevd and udevadm. But that solution doesn't fit well in this case.
systemd-analyze has a bunch of functionality that is not used in systemd,
so the systemd binary would need to grow quite a bit. And we're likely to
add new types of verification or introspection features in analyze, and this
baggage would only grow. In addition, there are the test binaries which also
benefit from this.
|
| |
|
|
|
|
|
|
|
|
|
| |
to be able to control our dependencies right here without
sending PRs like https://github.com/google/oss-fuzz/pull/5199 and
https://github.com/google/oss-fuzz/pull/5601.
It should also allow us to pin meson to let Dependabot keep track of
it and jump from one version to another without breaking anything
|
| |
|
|
|
|
|
|
| |
It should help to make it more clear what causes issues like
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30140
and https://github.com/google/oss-fuzz/pull/5084
|
| |
|
|
|
|
|
|
|
| |
It's off by default on OSS-Fuzz but it should be safe to turn it on
manually: https://github.com/google/oss-fuzz/issues/659#issuecomment-631897889
Just a follow-up to https://github.com/systemd/systemd/pull/15865.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As in 2a5fcfae024ffc370bb780572279f45a1da3f946
and in 3e67e5c9928f8b1e1c5a63def88d53ed1fed12eb
using /usr/bin/env allows bash to be looked up in PATH
rather than being hard-coded.
As with the previous changes the same arguments apply
- distributions have scripts to rewrite shebangs on installation and
they know what locations to rely on.
- For tests/compilation we should rather rely on the user to have setup
there PATH correctly.
In particular this makes testing from git easier on NixOS where do not provide
/bin/bash to improve compose-ability.
|
|
|
|
|
|
|
|
| |
The compatibility issue in meson v0.53 has been fixed in v0.53.1, which
is already available through pip, so let's remove the pin for meson
introduced before.
Reverts: 514793658c499821383bdc8bbf1d33048c18dd40
|
|
|
|
|
|
|
|
| |
Latest meson doesn't work with older python 3.5, which is present on
Ubuntu 16.04. Let's pin in to the latest working version (0.52.1) until
we properly bump all necessary Ubuntu images to 18.04.
See: https://github.com/mesonbuild/meson/issues/6427
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the fuzz target was integrated, it was added as a stopgap
to get fuzz-json up and running. It served its purpose and can
safely be removed to prevent tools/oss-fuzz.sh from failing with
```
+wget -O /home/travis/build/systemd/systemd/out/fuzz-json_seed_corpus.zip https://storage.googleapis.com/skia-fuzzer/oss-fuzz/skjson_seed_corpus.zip
--2019-09-10 22:40:44-- https://storage.googleapis.com/skia-fuzzer/oss-fuzz/skjson_seed_corpus.zip
Resolving storage.googleapis.com (storage.googleapis.com)... 74.125.70.128, 2607:f8b0:4001:c05::80
Connecting to storage.googleapis.com (storage.googleapis.com)|74.125.70.128|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2019-09-10 22:40:44 ERROR 403: Forbidden.
```
Ideally we should put our seed corpus somewhere and download it from there
but I haven't got round to it.
|
|
|
|
| |
Closes https://github.com/systemd/systemd/issues/10645
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We had all kinds of indentation: 2 sp, 3 sp, 4 sp, 8 sp, and mixed.
4 sp was the most common, in particular the majority of scripts under test/
used that. Let's standarize on 4 sp, because many commandlines are long and
there's a lot of nesting, and with 8sp indentation less stuff fits. 4 sp
also seems to be the default indentation, so this will make it less likely
that people will mess up if they don't load the editor config. (I think people
often use vi, and vi has no support to load project-wide configuration
automatically. We distribute a .vimrc file, but it is not loaded by default,
and even the instructions in it seem to discourage its use for security
reasons.)
Also remove the few vim config lines that were left. We should either have them
on all files, or none.
Also remove some strange stuff like '#!/bin/env bash', yikes.
|
|
|
|
|
| |
We currently don't have any upstream but it doesn't mean that
it should be impossible to experiment with local ones :-)
|
| |
|
|
|
|
|
| |
Also, all corpus subdirectories are named exactly the same as the fuzzer they
are for. This makes the paths a bit longer, but easier.
|
|
|
|
|
|
|
|
| |
The workaround is no longer necessary, because the scripts
checking fuzzers have stopped going down to the subdirectories
of $OUT and started to look for the string "LLVMFuzzerTestOneInput"
to tell fuzzers and random binaries apart. Some more details can be
found at https://github.com/google/oss-fuzz/issues/1566.
|
|
|
|
|
|
|
|
| |
Fixes #9320.
for p in Shapovalov Chevalier Rozhkov Sievers Mack Herrmann Schmidt Rudenberg Sahani Landden Andersen Watanabe; do
git grep -e 'Copyright.*'$p -l|xargs perl -i -0pe 's|/([*][*])?[*]\s+([*#]\s+)?Copyright[^\n]*'$p'[^\n]*\s*[*]([*][*])?/\n*|\n|gms; s|\s+([*#]\s+)?Copyright[^\n]*'$p'[^\n]*\n*|\n|gms'
done
|
|
|
|
|
|
| |
Let's unify an beautify our remaining copyright statements, with a
unicode ©. This means our copyright statements are now always formatted
the same way. Yay.
|
|
|
|
|
|
| |
Apparently oss-fuzz's "bad build check" is confused by the library.
Let's make it non-executable, so the checker ignores it.
Should fix https://github.com/google/oss-fuzz/issues/1330.
|
|
|
|
|
|
|
|
|
|
| |
Files which are installed as-is (any .service and other unit files, .conf
files, .policy files, etc), are left as is. My assumption is that SPDX
identifiers are not yet that well known, so it's better to retain the
extended header to avoid any doubt.
I also kept any copyright lines. We can probably remove them, but it'd nice to
obtain explicit acks from all involved authors before doing that.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I have no idea why clang doesn't do this on its own, and why clang
makes it so hard to query this path (-dumpversion returns something
unrelated...).
I know this is an ugly hack, but this is a very specialized script,
so it should be OK to make it a bit hacky.
Tested to work on Fedora (27) and Debian (unstable).
Fixes #8428.
|
|
|