pmb: adjust to distcc 3.3 and wrap it with sshd
Overview:
Since Alpine updated to distcc 3.3 last week, pmbootstrap wasn't able to use
distcc for cross compilation anymore. It always falled back to running the
compiler in QEMU (which works, but is a lot slower). The reason for that is,
that distcc requires all compilers that are being used in a whitelist now.
This partially fixes CVE-2004-2687 in distccd, which allowed trivial remote
code execution by any process connecting to the distccd server. We only run
distccd on localhost, but still this can be used for privilege escalation of
sandboxed processes running on the host system (not part of pmbootstrap
chroots).
Because the CVE is only partially fixed (see the comment in
`pmb/chroot/distccd.py` for details), we make sure that only the building
chroots can talk to the distcc server by running distcc over ssh.
Details:
* Completely refactored `pmb/chroot/distccd.py` to run distcc over ssh
* Store the running distcc server's arguments as JSON now, not as INI
* Make debugging distcc issues easy:
* Set DISTCC_BACKOFF_PERIOD=0, so the distcc client will not ignore the
server after errors happened (this masks the original error!)
* New pmbootstrap parameters:
* `--distcc-nofallback`: avoids falling back to compiling with QEMU and not
throwing an error
* `--ccache-disable`: avoid ccache (when the compiler output is cached,
distcc does not get used)
* `--verbose` prints verbose output of the distcc too
* New test case, that uses the new pmbootstrap parameters to force
compilation through distcc, and shows the output of distcc and distccd in
verbose mode on error (as well as the log of sshd)
2018-07-25 19:09:45 +00:00
|
|
|
"""
|
2019-01-02 08:31:20 +00:00
|
|
|
Copyright 2019 Oliver Smith
|
pmb: adjust to distcc 3.3 and wrap it with sshd
Overview:
Since Alpine updated to distcc 3.3 last week, pmbootstrap wasn't able to use
distcc for cross compilation anymore. It always falled back to running the
compiler in QEMU (which works, but is a lot slower). The reason for that is,
that distcc requires all compilers that are being used in a whitelist now.
This partially fixes CVE-2004-2687 in distccd, which allowed trivial remote
code execution by any process connecting to the distccd server. We only run
distccd on localhost, but still this can be used for privilege escalation of
sandboxed processes running on the host system (not part of pmbootstrap
chroots).
Because the CVE is only partially fixed (see the comment in
`pmb/chroot/distccd.py` for details), we make sure that only the building
chroots can talk to the distcc server by running distcc over ssh.
Details:
* Completely refactored `pmb/chroot/distccd.py` to run distcc over ssh
* Store the running distcc server's arguments as JSON now, not as INI
* Make debugging distcc issues easy:
* Set DISTCC_BACKOFF_PERIOD=0, so the distcc client will not ignore the
server after errors happened (this masks the original error!)
* New pmbootstrap parameters:
* `--distcc-nofallback`: avoids falling back to compiling with QEMU and not
throwing an error
* `--ccache-disable`: avoid ccache (when the compiler output is cached,
distcc does not get used)
* `--verbose` prints verbose output of the distcc too
* New test case, that uses the new pmbootstrap parameters to force
compilation through distcc, and shows the output of distcc and distccd in
verbose mode on error (as well as the log of sshd)
2018-07-25 19:09:45 +00:00
|
|
|
|
|
|
|
This file is part of pmbootstrap.
|
|
|
|
|
|
|
|
pmbootstrap is free software: you can redistribute it and/or modify
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
pmbootstrap is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with pmbootstrap. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
"""
|
|
|
|
|
|
|
|
import os
|
|
|
|
import pytest
|
|
|
|
import sys
|
|
|
|
|
|
|
|
# Import from parent directory
|
2018-10-27 14:21:29 +00:00
|
|
|
sys.path.insert(0, os.path.realpath(
|
pmb: adjust to distcc 3.3 and wrap it with sshd
Overview:
Since Alpine updated to distcc 3.3 last week, pmbootstrap wasn't able to use
distcc for cross compilation anymore. It always falled back to running the
compiler in QEMU (which works, but is a lot slower). The reason for that is,
that distcc requires all compilers that are being used in a whitelist now.
This partially fixes CVE-2004-2687 in distccd, which allowed trivial remote
code execution by any process connecting to the distccd server. We only run
distccd on localhost, but still this can be used for privilege escalation of
sandboxed processes running on the host system (not part of pmbootstrap
chroots).
Because the CVE is only partially fixed (see the comment in
`pmb/chroot/distccd.py` for details), we make sure that only the building
chroots can talk to the distcc server by running distcc over ssh.
Details:
* Completely refactored `pmb/chroot/distccd.py` to run distcc over ssh
* Store the running distcc server's arguments as JSON now, not as INI
* Make debugging distcc issues easy:
* Set DISTCC_BACKOFF_PERIOD=0, so the distcc client will not ignore the
server after errors happened (this masks the original error!)
* New pmbootstrap parameters:
* `--distcc-nofallback`: avoids falling back to compiling with QEMU and not
throwing an error
* `--ccache-disable`: avoid ccache (when the compiler output is cached,
distcc does not get used)
* `--verbose` prints verbose output of the distcc too
* New test case, that uses the new pmbootstrap parameters to force
compilation through distcc, and shows the output of distcc and distccd in
verbose mode on error (as well as the log of sshd)
2018-07-25 19:09:45 +00:00
|
|
|
os.path.join(os.path.dirname(__file__) + "/..")))
|
|
|
|
import pmb.build
|
|
|
|
import pmb.chroot.distccd
|
|
|
|
import pmb.helpers.logging
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.fixture
|
|
|
|
def args(tmpdir, request):
|
|
|
|
import pmb.parse
|
|
|
|
sys.argv = ["pmbootstrap", "init"]
|
|
|
|
args = pmb.parse.arguments()
|
|
|
|
args.log = args.work + "/log_testsuite.txt"
|
|
|
|
pmb.helpers.logging.init(args)
|
|
|
|
request.addfinalizer(args.logfd.close)
|
|
|
|
return args
|
|
|
|
|
|
|
|
|
|
|
|
def test_cross_compile_distcc(args):
|
|
|
|
# Delete old distccd log
|
|
|
|
pmb.chroot.distccd.stop(args)
|
|
|
|
distccd_log = args.work + "/chroot_native/home/pmos/distccd.log"
|
|
|
|
if os.path.exists(distccd_log):
|
|
|
|
pmb.helpers.run.root(args, ["rm", distccd_log])
|
|
|
|
|
|
|
|
# Force usage of distcc (no fallback, no ccache)
|
|
|
|
args.verbose = True
|
|
|
|
args.ccache = False
|
|
|
|
args.distcc_fallback = False
|
|
|
|
|
|
|
|
# Compile, print distccd and sshd logs on error
|
|
|
|
try:
|
|
|
|
pmb.build.package(args, "hello-world", arch="armhf", force=True)
|
|
|
|
except RuntimeError:
|
|
|
|
print("distccd log:")
|
|
|
|
pmb.helpers.run.user(args, ["cat", distccd_log], output="stdout",
|
|
|
|
check=False)
|
|
|
|
print("sshd log:")
|
|
|
|
sshd_log = args.work + "/chroot_native/home/pmos/.distcc-sshd/log.txt"
|
|
|
|
pmb.helpers.run.root(args, ["cat", sshd_log], output="stdout",
|
|
|
|
check=False)
|
|
|
|
raise
|