synit
/
pmbootstrap
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
pmbootstrap/test/test_cross_compile_distcc.py

48 lines
1.4 KiB
Python
Raw Normal View History

Bump copyright to 2023
2023-01-22 18:11:10 +00:00
# Copyright 2023 Oliver Smith
Cosmetic: use SPDX license header (!1877) While at it, also remove unnecessary "#!/usr/bin/env python3" in files that only get imported, and adjust other empty/comment lines in the beginnings of the files for consistency. This makes files easier to read, and makes the pmbootstrap codebase more consistent with the build.postmarketos.org codebase.
2020-02-20 20:07:28 +00:00
# SPDX-License-Identifier: GPL-3.0-or-later
pmb: adjust to distcc 3.3 and wrap it with sshd Overview: Since Alpine updated to distcc 3.3 last week, pmbootstrap wasn't able to use distcc for cross compilation anymore. It always falled back to running the compiler in QEMU (which works, but is a lot slower). The reason for that is, that distcc requires all compilers that are being used in a whitelist now. This partially fixes CVE-2004-2687 in distccd, which allowed trivial remote code execution by any process connecting to the distccd server. We only run distccd on localhost, but still this can be used for privilege escalation of sandboxed processes running on the host system (not part of pmbootstrap chroots). Because the CVE is only partially fixed (see the comment in `pmb/chroot/distccd.py` for details), we make sure that only the building chroots can talk to the distcc server by running distcc over ssh. Details: * Completely refactored `pmb/chroot/distccd.py` to run distcc over ssh * Store the running distcc server's arguments as JSON now, not as INI * Make debugging distcc issues easy: * Set DISTCC_BACKOFF_PERIOD=0, so the distcc client will not ignore the server after errors happened (this masks the original error!) * New pmbootstrap parameters: * `--distcc-nofallback`: avoids falling back to compiling with QEMU and not throwing an error * `--ccache-disable`: avoid ccache (when the compiler output is cached, distcc does not get used) * `--verbose` prints verbose output of the distcc too * New test case, that uses the new pmbootstrap parameters to force compilation through distcc, and shows the output of distcc and distccd in verbose mode on error (as well as the log of sshd)
2018-07-25 19:09:45 +00:00
import os
import pytest
import sys
test/pmb_test: prepare for common test code (!1876) Replace the "Add topdir to import path" boilerplate lines in each test file with a simple "import pmb_test". Use the "# noqa" comment if "pmb_test" is not used further in the test file, so flake8 does not complain about an unused module. Make the path to the testdata available as pmb_test.const.testdata, and use pmb.config.pmb_src to access the topdir in all tests. This is in preparation for new "pmbootstrap status" related tests, which will have shared test code in test/pmb_test/. Also, this makes the pmbootstrap codebase more consistent with the bpo codebase, which has a similar "import bpo_test" mechanism.
2020-02-20 19:14:38 +00:00
import pmb_test # noqa
pmb: adjust to distcc 3.3 and wrap it with sshd Overview: Since Alpine updated to distcc 3.3 last week, pmbootstrap wasn't able to use distcc for cross compilation anymore. It always falled back to running the compiler in QEMU (which works, but is a lot slower). The reason for that is, that distcc requires all compilers that are being used in a whitelist now. This partially fixes CVE-2004-2687 in distccd, which allowed trivial remote code execution by any process connecting to the distccd server. We only run distccd on localhost, but still this can be used for privilege escalation of sandboxed processes running on the host system (not part of pmbootstrap chroots). Because the CVE is only partially fixed (see the comment in `pmb/chroot/distccd.py` for details), we make sure that only the building chroots can talk to the distcc server by running distcc over ssh. Details: * Completely refactored `pmb/chroot/distccd.py` to run distcc over ssh * Store the running distcc server's arguments as JSON now, not as INI * Make debugging distcc issues easy: * Set DISTCC_BACKOFF_PERIOD=0, so the distcc client will not ignore the server after errors happened (this masks the original error!) * New pmbootstrap parameters: * `--distcc-nofallback`: avoids falling back to compiling with QEMU and not throwing an error * `--ccache-disable`: avoid ccache (when the compiler output is cached, distcc does not get used) * `--verbose` prints verbose output of the distcc too * New test case, that uses the new pmbootstrap parameters to force compilation through distcc, and shows the output of distcc and distccd in verbose mode on error (as well as the log of sshd)
2018-07-25 19:09:45 +00:00
import pmb.build
import pmb.chroot.distccd
import pmb.helpers.logging
@pytest.fixture
def args(tmpdir, request):
import pmb.parse
sys.argv = ["pmbootstrap", "init"]
args = pmb.parse.arguments()
args.log = args.work + "/log_testsuite.txt"
pmb.helpers.logging.init(args)
args.logfd: remove (MR 2114) Replace "args.logfd" with "pmb.helpers.logging.logfd" in order to avoid passing "args" to all functions that only use it to write to logfd. This is the first step to get rid of this args-passed-to-all-functions pattern in pmbootstrap.
2021-09-20 10:00:13 +00:00
request.addfinalizer(pmb.helpers.logging.logfd.close)
pmb: adjust to distcc 3.3 and wrap it with sshd Overview: Since Alpine updated to distcc 3.3 last week, pmbootstrap wasn't able to use distcc for cross compilation anymore. It always falled back to running the compiler in QEMU (which works, but is a lot slower). The reason for that is, that distcc requires all compilers that are being used in a whitelist now. This partially fixes CVE-2004-2687 in distccd, which allowed trivial remote code execution by any process connecting to the distccd server. We only run distccd on localhost, but still this can be used for privilege escalation of sandboxed processes running on the host system (not part of pmbootstrap chroots). Because the CVE is only partially fixed (see the comment in `pmb/chroot/distccd.py` for details), we make sure that only the building chroots can talk to the distcc server by running distcc over ssh. Details: * Completely refactored `pmb/chroot/distccd.py` to run distcc over ssh * Store the running distcc server's arguments as JSON now, not as INI * Make debugging distcc issues easy: * Set DISTCC_BACKOFF_PERIOD=0, so the distcc client will not ignore the server after errors happened (this masks the original error!) * New pmbootstrap parameters: * `--distcc-nofallback`: avoids falling back to compiling with QEMU and not throwing an error * `--ccache-disable`: avoid ccache (when the compiler output is cached, distcc does not get used) * `--verbose` prints verbose output of the distcc too * New test case, that uses the new pmbootstrap parameters to force compilation through distcc, and shows the output of distcc and distccd in verbose mode on error (as well as the log of sshd)
2018-07-25 19:09:45 +00:00
return args
def test_cross_compile_distcc(args):
# Delete old distccd log
pmb.chroot.distccd.stop(args)
distccd_log = args.work + "/chroot_native/home/pmos/distccd.log"
if os.path.exists(distccd_log):
pmb.helpers.run.root(args, ["rm", distccd_log])
# Force usage of distcc (no fallback, no ccache)
args.verbose = True
args.ccache = False
args.distcc_fallback = False
# Compile, print distccd and sshd logs on error
try:
pmb.build.package(args, "hello-world", arch="armhf", force=True)
except RuntimeError:
print("distccd log:")
pmb.helpers.run.user(args, ["cat", distccd_log], output="stdout",
check=False)
print("sshd log:")
sshd_log = args.work + "/chroot_native/home/pmos/.distcc-sshd/log.txt"
pmb.helpers.run.root(args, ["cat", sshd_log], output="stdout",
check=False)
raise