diff options
| author | rhtenhove <rhtenhove@users.noreply.github.com> | 2022-06-24 09:26:09 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-06-24 09:26:09 -0400 |
| commit | 1dac69b1eb16dff00d7a625138da5555c3acccb8 (patch) | |
| tree | f1fe87d36415044f0426a750a6406e6a630c0cb2 | |
| parent | 0da7ddb738df60b3650d36832c9ede040a7ba6b9 (diff) | |
| download | afl++-1dac69b1eb16dff00d7a625138da5555c3acccb8.tar.gz | |
use container; more is built + tested; use make -i (#2)
| -rw-r--r-- | .github/workflows/build-test-push-container.yaml | 96 | ||||
| -rw-r--r-- | .github/workflows/codeql-analysis.yml | 32 | ||||
| -rw-r--r-- | .github/workflows/container.yaml | 136 | ||||
| -rw-r--r-- | Dockerfile | 64 | ||||
| -rw-r--r-- | GNUmakefile | 34 | ||||
| -rw-r--r-- | Makefile | 28 | ||||
| -rw-r--r-- | docs/INSTALL.md | 18 | ||||
| -rwxr-xr-x | qemu_mode/build_qemu_support.sh | 2 |
8 files changed, 209 insertions, 201 deletions
diff --git a/.github/workflows/build-test-push-container.yaml b/.github/workflows/build-test-push-container.yaml deleted file mode 100644 index 5d9e69e4..00000000 --- a/.github/workflows/build-test-push-container.yaml +++ /dev/null @@ -1,96 +0,0 @@ -name: Build and test container image -on: - push: - branches: - - stable - - dev - tags: - - '*' - pull_request: - branch: - - stable - - dev - -jobs: - build-amd64: - name: Build and test amd64 - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Build amd64 - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/amd64 - load: true - tags: aflplusplus/aflplusplus:test - # cache-from: type=gha # Ensure we always build a fresh image. We just use the cache for the subsequent push job. - cache-to: type=gha,mode=max - - name: Test linux/amd64 image - run: docker run --rm --platform linux/amd64 aflplusplus/aflplusplus:test make tests - continue-on-error: true - build-arm64: - name: Build and test arm64 - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - with: - platforms: arm64 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Build arm64 - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/arm64 - load: true - tags: aflplusplus/aflplusplus:test - # cache-from: type=gha # Ensure we always build a fresh image. We just use the cache for the subsequent push job. - cache-to: type=gha,mode=max - - name: Test linux/arm64 image - run: docker run --rm --platform linux/arm64 aflplusplus/aflplusplus:test make tests - continue-on-error: true - push: - needs: - - build-amd64 - - build-arm64 - if: ${{ github.event_name == 'push' }} - name: Push image - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - with: - platforms: arm64 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Login to Dockerhub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_TOKEN }} - - name: Publish ${{ github.ref_name }} for amd64 and arm64 to docker.io registry - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/amd64,linux/arm64 - push: true - tags: aflplusplus/aflplusplus:${{ github.ref_name }} - cache-from: type=gha - # cache-to: type=gha,mode=max # No need to add to cache as we'll never use this - if: ${{ github.ref_name != 'stable' }} - - name: Publish stable and latest to docker.io registry - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/amd64,linux/arm64 - push: true - tags: aflplusplus/aflplusplus:${{ github.ref_name }},aflplusplus/aflplusplus:latest - cache-from: type=gha - # cache-to: type=gha,mode=max # No need to add to cache as we'll never use this - if: ${{ github.ref_name == 'stable' }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index 55d477fc..00000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: "CodeQL" - -on: - push: - branches: [ stable, dev ] - pull_request: - branches: [ stable, dev ] - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - - strategy: - fail-fast: false - matrix: - language: [ 'cpp' ] - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - - - name: Autobuild - uses: github/codeql-action/autobuild@v2 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml new file mode 100644 index 00000000..504eadfa --- /dev/null +++ b/.github/workflows/container.yaml @@ -0,0 +1,136 @@ +name: Build, test, CodeQL and push container image +on: + push: + branches: + - stable + - dev + tags: + - "*" + pull_request: + branches: + - dev # No need for stable-pull-request, as that equals dev-push + +jobs: + build-amd64: + name: Build amd64 image + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to GitHub Container Registry # Container cache registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build amd64 + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/amd64 + tags: ghcr.io/${{ github.actor }}/aflplusplus:amd64 + push: true + cache-from: type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus:amd64 + + build-arm64: + name: Build arm64 image + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to GitHub Container Registry # Container cache registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + with: + platforms: arm64 + - name: Build arm64 + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/arm64 + tags: ghcr.io/${{ github.actor }}/aflplusplus:arm64 + push: true + cache-from: type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus:arm64 + + test-amd64: + name: Test amd64 image + runs-on: ubuntu-latest + needs: build-amd64 + steps: + - name: Test amd64 + run: docker run --rm ghcr.io/${{ github.actor }}/aflplusplus:amd64 make tests + continue-on-error: true + + codeql-amd64: + name: CodeQL Analyze amd64 compiled code + runs-on: ubuntu-latest + needs: + - build-amd64 + container: + image: ghcr.io/${{ github.actor }}/aflplusplus:amd64 + steps: + - name: Fix for using external repo in container build # https://github.com/actions/checkout/issues/760 + run: git config --global --add safe.directory /__w/AFLplusplus/AFLplusplus + - name: Checkout + uses: actions/checkout@v3 + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: cpp + - name: Build AFLplusplus # Rebuild because CodeQL needs to monitor the build process + env: + CC: gcc # These are symlinked to the version used in the container build + CXX: g++ + run: make -i distrib # Best effort using -i + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + + push: + name: Push amd64 and arm64 image + runs-on: ubuntu-latest + needs: + - test-amd64 + - build-arm64 + if: ${{ github.event_name == 'push' }} + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + with: + platforms: arm64 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to docker.io + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Set tags to push + id: push-tags + run: | + PUSH_TAGS=docker.io/aflplusplus/aflplusplus:${GITHUB_REF_NAME} + if [ "${GITHUB_REF_NAME}" = "stable" ]; then + PUSH_TAGS=${PUSH_TAGS},docker.io/aflplusplus/aflplusplus:latest + fi + export PUSH_TAGS + echo "::set-output name=PUSH_TAGS::${PUSH_TAGS}" + - name: Push to docker.io registry + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/amd64,linux/arm64 # TODO: Fix: arm64 image doesn't use cached layer from COPY line + push: true + tags: ${{ steps.push-tags.outputs.PUSH_TAGS }} + cache-from: | + type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus:amd64 + type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus:arm64 @@ -5,46 +5,41 @@ FROM ubuntu:22.04 AS aflplusplus LABEL "maintainer"="afl++ team <afl@aflplus.plus>" -LABEL "about"="AFLplusplus docker image" +LABEL "about"="AFLplusplus container image" ARG DEBIAN_FRONTEND=noninteractive -ENV NO_ARCH_OPT 1 -ENV IS_DOCKER="1" +ENV NO_ARCH_OPT=1 +ENV IS_DOCKER=1 RUN apt-get update && apt-get full-upgrade -y && \ - apt-get -y install --no-install-recommends \ - make cmake automake \ - meson ninja-build bison flex \ - xz-utils bzip2 \ - git \ - python3 python3-dev python3-setuptools python-is-python3 \ - libtool libtool-bin \ - libglib2.0-dev \ - wget vim jupp nano bash-completion less \ - apt-utils apt-transport-https ca-certificates gnupg dialog \ - libpixman-1-dev \ - gnuplot-nox && \ + apt-get install -y --no-install-recommends wget ca-certificates && \ rm -rf /var/lib/apt/lists/* -RUN wget -qO- https://sh.rustup.rs | CARGO_HOME=/etc/cargo sh -s -- -y -q --no-modify-path -ENV PATH=$PATH:/etc/cargo/bin - ARG LLVM_VERSION=14 ARG GCC_VERSION=12 -RUN mkdir -p /etc/apt/keyrings && \ - echo "deb [signed-by=/etc/apt/keyrings/llvm-snapshot.gpg.key] http://apt.llvm.org/jammy/ llvm-toolchain-jammy-${LLVM_VERSION} main" > /etc/apt/sources.list.d/llvm.list && \ +RUN echo "deb [signed-by=/etc/apt/keyrings/llvm-snapshot.gpg.key] http://apt.llvm.org/jammy/ llvm-toolchain-jammy-${LLVM_VERSION} main" > /etc/apt/sources.list.d/llvm.list && \ wget -qO /etc/apt/keyrings/llvm-snapshot.gpg.key https://apt.llvm.org/llvm-snapshot.gpg.key RUN apt-get update && \ apt-get -y install --no-install-recommends \ + make cmake automake meson ninja-build bison flex \ + git xz-utils bzip2 wget vim jupp nano bash-completion less \ + python3 python3-dev python3-setuptools python-is-python3 \ + libtool libtool-bin libglib2.0-dev \ + apt-utils apt-transport-https gnupg dialog \ + gnuplot-nox libpixman-1-dev \ gcc-${GCC_VERSION} g++-${GCC_VERSION} gcc-${GCC_VERSION}-plugin-dev gdb lcov \ - clang-${LLVM_VERSION} clang-tools-${LLVM_VERSION} libc++1-${LLVM_VERSION} libc++-${LLVM_VERSION}-dev \ - libc++abi1-${LLVM_VERSION} libc++abi-${LLVM_VERSION}-dev libclang1-${LLVM_VERSION} libclang-${LLVM_VERSION}-dev \ - libclang-common-${LLVM_VERSION}-dev libclang-cpp${LLVM_VERSION} libclang-cpp${LLVM_VERSION}-dev liblld-${LLVM_VERSION} \ - liblld-${LLVM_VERSION}-dev liblldb-${LLVM_VERSION} liblldb-${LLVM_VERSION}-dev libllvm${LLVM_VERSION} libomp-${LLVM_VERSION}-dev \ - libomp5-${LLVM_VERSION} lld-${LLVM_VERSION} lldb-${LLVM_VERSION} llvm-${LLVM_VERSION} llvm-${LLVM_VERSION}-dev llvm-${LLVM_VERSION}-runtime llvm-${LLVM_VERSION}-tools \ + clang-${LLVM_VERSION} clang-tools-${LLVM_VERSION} libc++1-${LLVM_VERSION} \ + libc++-${LLVM_VERSION}-dev libc++abi1-${LLVM_VERSION} libc++abi-${LLVM_VERSION}-dev \ + libclang1-${LLVM_VERSION} libclang-${LLVM_VERSION}-dev \ + libclang-common-${LLVM_VERSION}-dev libclang-cpp${LLVM_VERSION} \ + libclang-cpp${LLVM_VERSION}-dev liblld-${LLVM_VERSION} \ + liblld-${LLVM_VERSION}-dev liblldb-${LLVM_VERSION} liblldb-${LLVM_VERSION}-dev \ + libllvm${LLVM_VERSION} libomp-${LLVM_VERSION}-dev libomp5-${LLVM_VERSION} \ + lld-${LLVM_VERSION} lldb-${LLVM_VERSION} llvm-${LLVM_VERSION} \ + llvm-${LLVM_VERSION}-dev llvm-${LLVM_VERSION}-runtime llvm-${LLVM_VERSION}-tools \ $([ "$(dpkg --print-architecture)" = "amd64" ] && echo gcc-${GCC_VERSION}-multilib gcc-multilib) \ $([ "$(dpkg --print-architecture)" = "arm64" ] && echo libcapstone-dev) && \ rm -rf /var/lib/apt/lists/* @@ -54,6 +49,9 @@ RUN apt-get update && \ RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-${GCC_VERSION} 0 && \ update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-${GCC_VERSION} 0 +RUN wget -qO- https://sh.rustup.rs | CARGO_HOME=/etc/cargo sh -s -- -y -q --no-modify-path +ENV PATH=$PATH:/etc/cargo/bin + ENV LLVM_CONFIG=llvm-config-${LLVM_VERSION} ENV AFL_SKIP_CPUFREQ=1 ENV AFL_TRY_AFFINITY=1 @@ -62,18 +60,18 @@ ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 RUN git clone --depth=1 https://github.com/vanhauser-thc/afl-cov && \ (cd afl-cov && make install) && rm -rf afl-cov -WORKDIR /AFLplusplus -COPY . . - # Until gcc v12.1 is released for ubuntu https://bugs.launchpad.net/ubuntu/+source/gcc-11/+bug/1940029 -ENV NO_NYX 1 +ARG NO_NYX=1 # Build currently broken -ENV NO_CORESIGHT 1 -ENV NO_UNICORN_ARM64 1 +ARG NO_CORESIGHT=1 +ARG NO_UNICORN_ARM64=1 + +WORKDIR /AFLplusplus +COPY . . -RUN export CC=gcc-${GCC_VERSION} && export CXX=g++-${GCC_VERSION} && make clean && \ - make distrib && make install && make clean +RUN export CC=gcc-${GCC_VERSION} && export CXX=g++-${GCC_VERSION} && gmake clean && \ + gmake distrib && gmake install && gmake clean RUN echo "set encoding=utf-8" > /root/.vimrc && \ echo ". /etc/bash_completion" >> ~/.bashrc && \ diff --git a/GNUmakefile b/GNUmakefile index 9982ad75..477518fa 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -308,17 +308,17 @@ endif .PHONY: all all: test_x86 test_shm test_python ready $(PROGS) afl-as llvm gcc_plugin test_build all_done - -$(MAKE) -C utils/aflpp_driver + $(MAKE) -C utils/aflpp_driver .PHONY: llvm llvm: - -$(MAKE) -j4 -f GNUmakefile.llvm + $(MAKE) -j$(nproc) -f GNUmakefile.llvm @test -e afl-cc || { echo "[-] Compiling afl-cc failed. You seem not to have a working compiler." ; exit 1; } .PHONY: gcc_plugin gcc_plugin: ifneq "$(SYS)" "Darwin" - -$(MAKE) -f GNUmakefile.gcc_plugin + $(MAKE) -f GNUmakefile.gcc_plugin endif .PHONY: man @@ -568,19 +568,19 @@ all_done: test_build .PHONY: clean clean: rm -rf $(PROGS) afl-fuzz-document afl-as as afl-g++ afl-clang afl-clang++ *.o src/*.o *~ a.out core core.[1-9][0-9]* *.stackdump .test .test1 .test2 test-instr .test-instr0 .test-instr1 afl-cs-proxy afl-qemu-trace afl-gcc-fast afl-g++-fast ld *.so *.8 test/unittests/*.o test/unittests/unit_maybe_alloc test/unittests/preallocable .afl-* afl-gcc afl-g++ afl-clang afl-clang++ test/unittests/unit_hash test/unittests/unit_rand *.dSYM lib*.a - -$(MAKE) -f GNUmakefile.llvm clean - -$(MAKE) -f GNUmakefile.gcc_plugin clean - -$(MAKE) -C utils/libdislocator clean - -$(MAKE) -C utils/libtokencap clean + $(MAKE) -f GNUmakefile.llvm clean + $(MAKE) -f GNUmakefile.gcc_plugin clean + $(MAKE) -C utils/libdislocator clean + $(MAKE) -C utils/libtokencap clean $(MAKE) -C utils/aflpp_driver clean - -$(MAKE) -C utils/afl_network_proxy clean - -$(MAKE) -C utils/socket_fuzzing clean - -$(MAKE) -C utils/argv_fuzzing clean - -$(MAKE) -C utils/plot_ui clean - -$(MAKE) -C qemu_mode/unsigaction clean - -$(MAKE) -C qemu_mode/libcompcov clean - -$(MAKE) -C qemu_mode/libqasan clean - -$(MAKE) -C frida_mode clean + $(MAKE) -C utils/afl_network_proxy clean + $(MAKE) -C utils/socket_fuzzing clean + $(MAKE) -C utils/argv_fuzzing clean + $(MAKE) -C utils/plot_ui clean + $(MAKE) -C qemu_mode/unsigaction clean + $(MAKE) -C qemu_mode/libcompcov clean + $(MAKE) -C qemu_mode/libqasan clean + $(MAKE) -C frida_mode clean rm -rf nyx_mode/packer/linux_initramfs/init.cpio.gz nyx_mode/libnyx/libnyx/target/release/* nyx_mode/QEMU-Nyx/x86_64-softmmu/qemu-system-x86_64 ifeq "$(IN_REPO)" "1" -test -e coresight_mode/coresight-trace/Makefile && $(MAKE) -C coresight_mode/coresight-trace clean || true @@ -610,7 +610,7 @@ endif .PHONY: distrib distrib: all - $(MAKE) -j4 -f GNUmakefile.llvm + $(MAKE) -j$(nproc) -f GNUmakefile.llvm ifneq "$(SYS)" "Darwin" $(MAKE) -f GNUmakefile.gcc_plugin endif @@ -674,7 +674,7 @@ endif .PHONY: source-only source-only: all - $(MAKE) -j4 -f GNUmakefile.llvm + $(MAKE) -j$(nproc) -f GNUmakefile.llvm ifneq "$(SYS)" "Darwin" $(MAKE) -f GNUmakefile.gcc_plugin endif @@ -1,42 +1,42 @@ all: @echo trying to use GNU make... - @gmake all || echo please install GNUmake + -@gmake all source-only: - @gmake source-only + -@gmake source-only binary-only: - @gmake binary-only + -@gmake binary-only distrib: - @gmake distrib + -@gmake distrib man: - @gmake man + -@gmake man install: - @gmake install + -@gmake install document: - @gmake document + -@gmake document deepclean: - @gmake deepclean + -@gmake deepclean code-format: - @gmake code-format + -@gmake code-format help: - @gmake help + -@gmake help tests: - @gmake tests + -@gmake tests unit: - @gmake unit + -@gmake unit unit_clean: - @gmake unit_clean + -@gmake unit_clean clean: - @gmake clean + -@gmake clean diff --git a/docs/INSTALL.md b/docs/INSTALL.md index e29fca96..98fb024a 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -30,20 +30,22 @@ sudo apt-get install -y gcc-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* // sudo apt-get install -y ninja-build # for QEMU mode git clone https://github.com/AFLplusplus/AFLplusplus cd AFLplusplus -make distrib +make -i distrib sudo make install ``` +> We add the `-i` to make so it will skip any features that fail to install. + It is recommended to install the newest available gcc, clang and llvm-dev possible in your distribution! -Note that `make distrib` also builds FRIDA mode, QEMU mode, unicorn_mode, and +Note that `make -i distrib` also builds FRIDA mode, QEMU mode, unicorn_mode, and more. If you just want plain AFL++, then do `make all`. If you want some assisting tooling compiled but are not interested in binary-only targets, then instead choose: ```shell -make source-only +make -i source-only ``` These build targets exist: @@ -70,7 +72,7 @@ you can also build statically linked versions of the AFL++ binaries by passing the `STATIC=1` argument to make: ```shell -make STATIC=1 +make -i STATIC=1 ``` These build options exist: @@ -88,7 +90,7 @@ These build options exist: * LLVM_CONFIG - if your distro doesn't use the standard name for llvm-config (e.g., Debian) -e.g.: `make ASAN_BUILD=1` +e.g.: `make -i ASAN_BUILD=1` ## MacOS X on x86 and arm64 (M1) @@ -114,11 +116,11 @@ export PATH="/usr/local/opt/llvm/bin:$PATH" export PATH="/usr/local/opt/coreutils/libexec/gnubin:/usr/local/bin:$PATH" export CC=clang export CXX=clang++ -gmake +gmake -i cd frida_mode -gmake +gmake -i cd .. -sudo gmake install +sudo gmake -i install ``` `afl-gcc` will fail unless you have GCC installed, but that is using outdated diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index 5dbd9d44..277a6323 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -273,7 +273,7 @@ echo "[+] Configuration complete." echo "[*] Attempting to build QEMU (fingers crossed!)..." -make -j `nproc` || exit 1 +make -j$(nproc) || exit 1 echo "[+] Build process successful!" |