diff options
Diffstat (limited to 'mkosi.build')
-rwxr-xr-x | mkosi.build | 55 |
1 files changed, 53 insertions, 2 deletions
diff --git a/mkosi.build b/mkosi.build index 2be8fdbda1..27e5b1c65c 100755 --- a/mkosi.build +++ b/mkosi.build @@ -5,6 +5,9 @@ set -e # This is a build script for OS image generation using mkosi (https://github.com/systemd/mkosi). # Simply invoke "mkosi" in the project directory to build an OS image. +ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1 +UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1 + # On Fedora "ld" is (unfortunately — if you ask me) managed via # "alternatives". Since we'd like to support building images in environments # with only /usr/ around (e.g. mkosi's UsrOnly=1 option), we have the problem @@ -61,7 +64,8 @@ if [ ! -f "$BUILDDIR"/build.ninja ] ; then -D man=false \ -D translations=false \ -D version-tag="${VERSION_TAG}" \ - -D mode=developer + -D mode=developer \ + -D b_sanitize="${SANITIZERS:-none}" fi cd "$BUILDDIR" @@ -71,7 +75,15 @@ if [ "$WITH_TESTS" = 1 ] ; then getent group $id >/dev/null || groupadd -g $id testgroup$id done - ninja test + if [ -n "$SANITIZERS" ]; then + export ASAN_OPTIONS="$ASAN_OPTIONS" + export UBSAN_OPTIONS="$UBSAN_OPTIONS" + TIMEOUT_MULTIPLIER=3 + else + TIMEOUT_MULTIPLIER=1 + fi + + meson test --timeout-multiplier=$TIMEOUT_MULTIPLIER fi cd "$SRCDIR" @@ -120,3 +132,42 @@ if [ -n "$CI_BUILD" ]; then cp -v "$SRCDIR/test/mkosi-check-and-shutdown.sh" "$DESTDIR/usr/lib/systemd/mkosi-check-and-shutdown.sh" chmod +x "$DESTDIR/usr/lib/systemd/mkosi-check-and-shutdown.sh" fi + +if [ -n "$SANITIZERS" ]; then + LD_PRELOAD=$(ldd $BUILDDIR/systemd | grep libasan.so | awk '{print $3}') + + mkdir -p "$DESTDIR/etc/systemd/system.conf.d" + + cat > "$DESTDIR/etc/systemd/system.conf.d/10-asan.conf" <<EOF +[Manager] +ManagerEnvironment=ASAN_OPTIONS=$ASAN_OPTIONS\\ + UBSAN_OPTIONS=$UBSAN_OPTIONS\\ + LD_PRELOAD=$LD_PRELOAD +DefaultEnvironment=ASAN_OPTIONS=$ASAN_OPTIONS\\ + UBSAN_OPTIONS=$UBSAN_OPTIONS\\ + LD_PRELOAD=$LD_PRELOAD +EOF + + # ASAN logs to stderr by default. However, journald's stderr is connected to /dev/null, so we lose + # all the ASAN logs. To rectify that, let's connect journald's stdout to the console so that any + # sanitizer failures appear directly on the user's console. + mkdir -p "$DESTDIR/etc/systemd/system/systemd-journald.service.d" + + cat > "$DESTDIR/etc/systemd/system/systemd-journald.service.d/10-stdout-tty.conf" <<EOF +[Service] +StandardOutput=tty +EOF + + # Both systemd and util-linux's login call vhangup() on /dev/console which disconnects all users. + # This means systemd-journald can't log to /dev/console even if we configure `StandardOutput=tty`. As + # a workaround, we modify console-getty.service to disable systemd's vhangup() and disallow login + # from calling vhangup() so that journald's ASAN logs correctly end up in the console. + + mkdir -p "$DESTDIR/etc/systemd/system/console-getty.service.d" + + cat > "$DESTDIR/etc/systemd/system/console-getty.service.d/10-no-vhangup.conf" <<EOF +[Service] +TTYVHangup=no +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +EOF +fi |