From d84b1c62b9739e9c043a717aecec2da181eb9df7 Mon Sep 17 00:00:00 2001

From: Frantisek Sumsal <fsumsal@redhat.com>

Date: Sat, 23 Feb 2019 17:10:55 +0100

Subject: [PATCH] travis: enable ASan and UBSan on RHEL8

Resolves: #1683319

rhel-only

---

 .travis.yml               |  23 ++++++-

 ci/travis-centos-rhel8.sh | 138 +++++++++++++++++++++++---------------

 2 files changed, 105 insertions(+), 56 deletions(-)

diff --git a/.travis.yml b/.travis.yml

index c5c9c345a9..67677bdf06 100644

--- a/.travis.yml

+++ b/.travis.yml

@@ -8,8 +8,7 @@ env:

 jobs:

     include:

-        - stage: Build & test

-          name: CentOS 7

+        - name: CentOS 7

           language: bash

           env:

               - CENTOS_RELEASE="centos7"

@@ -28,3 +27,23 @@ jobs:

               - set +e

           after_script:

               - $CI_ROOT/travis-centos-${RHEL_VERSION}.sh CLEANUP

+

+        - name: CentOS 7 (ASan+UBSan)

+          language: bash

+          env:

+              - CENTOS_RELEASE="centos7"

+              - CONT_NAME="systemd-centos-$CENTOS_RELEASE"

+              - DOCKER_EXEC="docker exec -ti $CONT_NAME"

+          before_install:

+              - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce

+              - docker --version

+          install:

+              - if [ -f meson.build ]; then RHEL_VERSION=rhel8; else RHEL_VERSION=rhel7; fi

+              - $CI_ROOT/travis-centos-${RHEL_VERSION}.sh SETUP

+          script:

+              - set -e

+              # Build systemd

+              - $CI_ROOT/travis-centos-${RHEL_VERSION}.sh RUN_ASAN

+              - set +e

+          after_script:

+              - $CI_ROOT/travis-centos-${RHEL_VERSION}.sh CLEANUP

diff --git a/ci/travis-centos-rhel8.sh b/ci/travis-centos-rhel8.sh

index 1f72d984e0..c3d1018682 100755

--- a/ci/travis-centos-rhel8.sh

+++ b/ci/travis-centos-rhel8.sh

@@ -19,6 +19,60 @@ ADDITIONAL_DEPS=(systemd-ci-environment libidn2-devel python-lxml python36 ninja

 # Repo with additional depencencies to compile newer systemd on CentOS 7

 COPR_REPO="https://copr.fedorainfracloud.org/coprs/mrc0mmand/systemd-centos-ci/repo/epel-7/mrc0mmand-systemd-centos-ci-epel-7.repo"

 COPR_REPO_PATH="/etc/yum.repos.d/${COPR_REPO##*/}"

+# RHEL8 options

+CONFIGURE_OPTS=(

+    -Dsysvinit-path=/etc/rc.d/init.d

+    -Drc-local=/etc/rc.d/rc.local

+    -Ddns-servers=''

+    -Ddev-kvm-mode=0666

+    -Dkmod=true

+    -Dxkbcommon=true

+    -Dblkid=true

+    -Dseccomp=true

+    -Dima=true

+    -Dselinux=true

+    -Dapparmor=false

+    -Dpolkit=true

+    -Dxz=true

+    -Dzlib=true

+    -Dbzip2=true

+    -Dlz4=true

+    -Dpam=true

+    -Dacl=true

+    -Dsmack=true

+    -Dgcrypt=true

+    -Daudit=true

+    -Delfutils=true

+    -Dlibcryptsetup=true

+    -Delfutils=true

+    -Dqrencode=false

+    -Dgnutls=true

+    -Dmicrohttpd=true

+    -Dlibidn2=true

+    -Dlibiptc=true

+    -Dlibcurl=true

+    -Defi=true

+    -Dtpm=true

+    -Dhwdb=true

+    -Dsysusers=true

+    -Ddefault-kill-user-processes=false

+    -Dtests=unsafe

+    -Dinstall-tests=true

+    -Dtty-gid=5

+    -Dusers-gid=100

+    -Dnobody-user=nobody

+    -Dnobody-group=nobody

+    -Dsplit-usr=false

+    -Dsplit-bin=true

+    -Db_lto=false

+    -Dnetworkd=false

+    -Dtimesyncd=false

+    -Ddefault-hierarchy=legacy

+    # Custom options

+    -Dslow-tests=true

+    -Dtests=unsafe

+    -Dinstall-tests=true

+)

 function info() {

     echo -e "\033[33;1m$1\033[0m"

@@ -57,60 +111,6 @@ for phase in "${PHASES[@]}"; do

         RUN)

             info "Run phase"

             # Build systemd

-            CONFIGURE_OPTS=(

-                # RHEL8 options

-                -Dsysvinit-path=/etc/rc.d/init.d

-                -Drc-local=/etc/rc.d/rc.local

-                -Ddns-servers=''

-                -Ddev-kvm-mode=0666

-                -Dkmod=true

-                -Dxkbcommon=true

-                -Dblkid=true

-                -Dseccomp=true

-                -Dima=true

-                -Dselinux=true

-                -Dapparmor=false

-                -Dpolkit=true

-                -Dxz=true

-                -Dzlib=true

-                -Dbzip2=true

-                -Dlz4=true

-                -Dpam=true

-                -Dacl=true

-                -Dsmack=true

-                -Dgcrypt=true

-                -Daudit=true

-                -Delfutils=true

-                -Dlibcryptsetup=true

-                -Delfutils=true

-                -Dqrencode=false

-                -Dgnutls=true

-                -Dmicrohttpd=true

-                -Dlibidn2=true

-                -Dlibiptc=true

-                -Dlibcurl=true

-                -Defi=true

-                -Dtpm=true

-                -Dhwdb=true

-                -Dsysusers=true

-                -Ddefault-kill-user-processes=false

-                -Dtests=unsafe

-                -Dinstall-tests=true

-                -Dtty-gid=5

-                -Dusers-gid=100

-                -Dnobody-user=nobody

-                -Dnobody-group=nobody

-                -Dsplit-usr=false

-                -Dsplit-bin=true

-                -Db_lto=false

-                -Dnetworkd=false

-                -Dtimesyncd=false

-                -Ddefault-hierarchy=legacy

-                # Custom options

-                -Dslow-tests=true

-                -Dtests=unsafe

-                -Dinstall-tests=true

-            )

             docker exec -it -e CFLAGS='-g -O0 -ftrapv' $CONT_NAME meson build "${CONFIGURE_OPTS[@]}"

             $DOCKER_EXEC ninja -v -C build

             # Let's install the new systemd and "reboot" the container to avoid

@@ -122,6 +122,36 @@ for phase in "${PHASES[@]}"; do

             echo -ne "#!/usr/bin/perl\nexit(0);\n" > "test/udev-test.pl"

             $DOCKER_EXEC ninja -C build test

             ;;

+        RUN_ASAN|RUN_CLANG_ASAN)

+            # Let's install newer gcc for proper ASan/UBSan support

+            $DOCKER_EXEC yum -y install centos-release-scl

+            $DOCKER_EXEC yum -y install devtoolset-8 devtoolset-8-libasan-devel libasan5 devtoolset-8-libubsan-devel libubsan1

+            $DOCKER_EXEC bash -c "echo 'source scl_source enable devtoolset-8' >> /root/.bashrc"

+            # Note to my future frustrated self: docker exec runs the given command

+            # as sh -c 'command' - which means both .bash_profile and .bashrc will

+            # be ignored. That's because .bash_profile is sourced for LOGIN shells (i.e.

+            # sh -l), whereas .bashrc is sourced for NON-LOGIN INTERACTIVE shells

+            # (i.e. sh -i).

+            # As the default docker exec command lacks either of those options,

+            # we need to use a wrapper command which runs the wanted command

+            # under an explicit bash -i, so the SCL source above works properly.

+            docker exec -it $CONT_NAME bash -ic 'gcc --version'

+

+            if [[ "$phase" = "RUN_CLANG_ASAN" ]]; then

+                ENV_VARS="-e CC=clang -e CXX=clang++"

+                MESON_ARGS="-Db_lundef=false" # See https://github.com/mesonbuild/meson/issues/764

+            fi

+            docker exec $ENV_VARS -it $CONT_NAME bash -ic "meson build --werror -Dtests=unsafe -Db_sanitize=address,undefined $MESON_ARGS ${CONFIGURE_OPTS[@]}"

+            docker exec -it $CONT_NAME bash -ic 'ninja -v -C build'

+

+            # Never remove halt_on_error from UBSAN_OPTIONS. See https://github.com/systemd/systemd/commit/2614d83aa06592aedb.

+            travis_wait docker exec --interactive=false \

+                -e UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1 \

+                -e ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1 \

+                -e "TRAVIS=$TRAVIS" \

+                -t $CONT_NAME \

+                bash -ic 'meson test --timeout-multiplier=3 -C ./build/ --print-errorlogs'

+            ;;

         CLEANUP)

             info "Cleanup phase"

             docker stop $CONT_NAME