mirror of
https://github.com/meshtastic/firmware.git
synced 2025-10-29 15:46:46 +00:00
b0fe5ef8ba
* Initial commit of a fuzzer for Meshtastic. * Use a max of 5 for the phone queues * Only write files to the temp dir * Limitless queue + fuzzer = lots of ram :) * Use $PIO_ENV for path to program * spelling: s/is/to/ * Use loopCanSleep instead of a lock in Router * realHardware allows full use of a CPU core * Ignore checkov CKV_DOCKER_2 & CKV_DOCKER_3 * Add Atak seed * Fix lint issues in build.sh * Use exception to exit from portduino_main * Separate build & source files into $WORK & $SRC * Use an ephemeral port for the API server * Include CXXFLAGS in the link step * Read all shared libraries * Use a separate work directory for each sanitizer --------- Co-authored-by: Ben Meadors <benmmeadors@gmail.com>
53 lines
2.6 KiB
Docker
53 lines
2.6 KiB
Docker
# This container is used to build Meshtastic with the libraries required by the fuzzer.
|
|
# ClusterFuzzLite starts the container, runs the build.sh script, and then exits.
|
|
|
|
# As this is not a long running service, health-checks are not required. ClusterFuzzLite
|
|
# also only works if the user remains unchanged from the base image (it expects to run
|
|
# as root).
|
|
# trunk-ignore-all(trivy/DS026): No healthcheck is needed for this builder container
|
|
# trunk-ignore-all(checkov/CKV_DOCKER_2): No healthcheck is needed for this builder container
|
|
# trunk-ignore-all(checkov/CKV_DOCKER_3): We must run as root for this container
|
|
# trunk-ignore-all(trivy/DS002): We must run as root for this container
|
|
# trunk-ignore-all(checkov/CKV_DOCKER_8): We must run as root for this container
|
|
# trunk-ignore-all(hadolint/DL3002): We must run as root for this container
|
|
|
|
FROM gcr.io/oss-fuzz-base/base-builder:v1
|
|
|
|
ENV PIP_ROOT_USER_ACTION=ignore
|
|
|
|
# trunk-ignore(hadolint/DL3008): apt packages are not pinned.
|
|
# trunk-ignore(terrascan/AC_DOCKER_0002): apt packages are not pinned.
|
|
RUN apt-get update && apt-get install --no-install-recommends -y \
|
|
cmake git zip libgpiod-dev libbluetooth-dev libi2c-dev \
|
|
libunistring-dev libmicrohttpd-dev libgnutls28-dev libgcrypt20-dev \
|
|
libusb-1.0-0-dev libssl-dev pkg-config && \
|
|
apt-get clean && rm -rf /var/lib/apt/lists/* && \
|
|
pip install --no-cache-dir -U \
|
|
platformio==6.1.16 \
|
|
grpcio-tools==1.68.1 \
|
|
meshtastic==2.5.9
|
|
|
|
# Ugly hack to avoid clang detecting a conflict between the math "log" function and the "log" function in framework-portduino/cores/portduino/logging.h
|
|
RUN sed -i -e 's/__MATHCALL_VEC (log,, (_Mdouble_ __x));//' /usr/include/x86_64-linux-gnu/bits/mathcalls.h
|
|
|
|
# A few dependencies are too old on the base-builder image. More recent versions are built from source.
|
|
WORKDIR $SRC
|
|
RUN git config --global advice.detachedHead false && \
|
|
git clone --depth 1 --branch 0.8.0 https://github.com/jbeder/yaml-cpp.git && \
|
|
git clone --depth 1 --branch v2.3.3 https://github.com/babelouest/orcania.git && \
|
|
git clone --depth 1 --branch v1.4.20 https://github.com/babelouest/yder.git && \
|
|
git clone --depth 1 --branch v2.7.15 https://github.com/babelouest/ulfius.git
|
|
|
|
COPY ./.clusterfuzzlite/build.sh $SRC/
|
|
|
|
WORKDIR $SRC/firmware
|
|
COPY . $SRC/firmware/
|
|
|
|
# https://docs.platformio.org/en/latest/envvars.html
|
|
ENV PLATFORMIO_CORE_DIR=$SRC/pio/core \
|
|
PLATFORMIO_LIBDEPS_DIR=$SRC/pio/libdeps \
|
|
PLATFORMIO_PACKAGES_DIR=$SRC/pio/packages \
|
|
PLATFORMIO_SETTING_ENABLE_CACHE=No \
|
|
PIO_ENV=buildroot
|
|
RUN platformio pkg install --environment $PIO_ENV
|