Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deploy: add CentOS support #279

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 16 additions & 3 deletions .github/workflows/CI.yml
Original file line number Diff line number Diff line change
Expand Up @@ -60,26 +60,39 @@ jobs:
local:
strategy:
matrix:
os: [ubuntu-20.04, ubuntu-22.04]
runs-on: ${{ matrix.os }}
image: ["ubuntu:22.04"] #, "quay.io/centos/centos:stream9"]
runs-on: ubuntu-22.04
container:
image: ${{ matrix.image }}
steps:
- uses: actions/checkout@v3

- uses: actions/setup-python@v4
with:
python-version: '3.9'
# centos is not happy with custom python
# /usr/bin/python3.9: /lib64/libm.so.6: version `GLIBC_2.35' not found (required by /__t/Python/3.9.19/x64/lib/libpython3.9.so.1.0)
if: contains(matrix.image, 'ubuntu')

# shallow clone for CI speed
- name: Setup ansible extra vars in JSON file
run: |
echo '{"git_clone_depth": 1}' >> parameters.json
working-directory: deploy

- name: Install make
run: apt-get update && apt-get install -y make
if: contains(matrix.image, 'ubuntu')

- name: Install make
run: dnf install -y make
if: contains(matrix.image, 'centos')

# skip tags related to non-existent hardware/configuration in the CI runner environment
- name: Test userspace deployment
run: >
make deploy --
--skip-tags "hardware_check,kvm_device"
--skip-tags "hardware_check,kvm_device,update_grub"
--extra-vars "@parameters.json"

remote:
Expand Down
9 changes: 0 additions & 9 deletions deploy/intellabs/kafl/roles/capstone/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,13 +1,4 @@
---
- name: Ensure minimal deps are available
ansible.builtin.package:
name: "{{ item }}"
state: present
become: true
with_items:
- git
- build-essential

- name: Clone repo
ansible.builtin.git:
repo: "{{ capstone_url }}"
Expand Down
8 changes: 3 additions & 5 deletions deploy/intellabs/kafl/roles/fuzzer/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
- include_vars: "{{ ansible_os_family }}.yml"

- name: Ensure kAFL parent directory exists
ansible.builtin.file:
path: "{{ kafl_install_root | dirname }}"
Expand All @@ -7,12 +9,8 @@

- name: Install kAFL system dependencies
ansible.builtin.package:
name: "{{ item }}"
name: "{{ packages }}"
become: true
with_items:
- python3-dev
- python3-venv
- python3-setuptools

- name: Clone repo
ansible.builtin.git:
Expand Down
4 changes: 4 additions & 0 deletions deploy/intellabs/kafl/roles/fuzzer/vars/Debian.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
packages:
- python3-dev
- python3-venv
- python3-setuptools
3 changes: 3 additions & 0 deletions deploy/intellabs/kafl/roles/fuzzer/vars/RedHat.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
packages:
- python3-devel
- python3-setuptools
7 changes: 3 additions & 4 deletions deploy/intellabs/kafl/roles/ghidra/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
- include_vars: "{{ ansible_os_family }}.yml"

- name: Ensure required dependencies are installed
ansible.builtin.package:
name: "{{ item }}"
with_items:
- openjdk-11-jdk
- unzip
name: "{{ packages }}"
become: true

- name: Check for Ghidra analyzeHeadless binary's presence
Expand Down
3 changes: 3 additions & 0 deletions deploy/intellabs/kafl/roles/ghidra/vars/Debian.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
packages:
- openjdk-11-jdk
- unzip
2 changes: 2 additions & 0 deletions deploy/intellabs/kafl/roles/ghidra/vars/RedHat.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
packages:
- java-11-openjdk-devel
Empty file.
Original file line number Diff line number Diff line change
@@ -1,24 +1,15 @@
- name: Install dependencies
ansible.builtin.package:
name:
- linux-base
- kmod
become: true

- name: Create temporary directory for downloaded packages
ansible.builtin.tempfile:
state: directory
register: down_dir
check_mode: false

- name: Download deb packages
- name: Download pre-built packages
ansible.builtin.get_url:
url: "{{ item }}"
dest: "{{ down_dir.path }}/{{ index }}.deb"
dest: "{{ down_dir.path }}/{{ item | basename }}"
mode: 0644
loop: "{{ kernel_deb_urls }}"
loop_control:
index_var: index
loop: "{{ kernel_urls }}"

- name: Install kAFL kernel
ansible.builtin.shell: dpkg -i "{{ down_dir.path }}"/*.deb
Expand Down
8 changes: 4 additions & 4 deletions deploy/intellabs/kafl/roles/kernel/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
- include_vars: "{{ ansible_os_family }}.yml"

- name: Import pre_tasks
ansible.builtin.import_tasks: pre_tasks.yml

- name: Install required dependencies
ansible.builtin.package:
name:
- build-essential
- dpkg
name: "{{ packages }}"
become: true

- name: Create temporary directory
Expand Down Expand Up @@ -46,5 +46,5 @@

# check if hardware_check in skip-tags -> to force CI run
- name: Install kernel if needed
ansible.builtin.import_tasks: install_kernel.yml
ansible.builtin.include_tasks: install_kernel_{{ ansible_distribution }}.yml
when: "'update_grub' in ansible_run_tags or 'hardware_check' in ansible_skip_tags or support_test.rc != 0"
6 changes: 6 additions & 0 deletions deploy/intellabs/kafl/roles/kernel/vars/Debian.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
packages:
- dpkg
- linux-base
- kmod
kernel_urls:
- https://github.com/IntelLabs/kafl.linux/releases/download/kvm-nyx-v6.0/linux-image-6.0.0-nyx+_6.0.0-nyx+-1_amd64.deb
2 changes: 2 additions & 0 deletions deploy/intellabs/kafl/roles/kernel/vars/RedHat.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
packages:
kernel_urls:
20 changes: 3 additions & 17 deletions deploy/intellabs/kafl/roles/qemu/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,23 +1,9 @@
- name: Install build dependencies
ansible.builtin.apt:
name: "{{ item }}"
become: true
with_items:
- git
- pkg-config
- build-essential
- libglib2.0-dev
- libpixman-1-dev
- libgtk-3-dev
- include_vars: "{{ ansible_os_family }}.yml"

- name: Install build dependencies for virtfs
- name: Install build dependencies
ansible.builtin.package:
name: "{{ item }}"
state: present
name: "{{ packages }}"
become: true
with_items:
- libcap-dev
- libattr1-dev

- name: Clone repo
ansible.builtin.git:
Expand Down
5 changes: 5 additions & 0 deletions deploy/intellabs/kafl/roles/qemu/vars/Debian.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
packages:
- pkg-config
- libglib2.0-dev
- libpixman-1-dev
- libgtk-3-dev
8 changes: 8 additions & 0 deletions deploy/intellabs/kafl/roles/qemu/vars/RedHat.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
packages:
- pkg-config
- glib2-devel
- pixman-devel
- gtk3-devel
# virtfs
- libcap-devel
- libattr-devel
21 changes: 17 additions & 4 deletions deploy/site.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,24 @@
environment:
http_proxy: "{{ proxy_env.http_proxy | default(lookup('env', 'http_proxy')) }}"
https_proxy: "{{ proxy_env.https_proxy | default(lookup('env', 'https_proxy')) }}"
vars:
pre_tasks:
- name: Apt update to ensure root access is available (or fail early)
ansible.builtin.apt:
update_cache: true
become: true
- name: Install git
ansible.builtin.package:
name: git
state: present

- name: Install build-essential (Debian)
ansible.builtin.package:
name: build-essential
state: present
when: ansible_os_family == 'Debian'

- name: Install Development Tools (RedHat)
ansible.builtin.dnf:
name: '@Development Tools'
state: present
when: ansible_os_family == 'RedHat'

roles:
- role: intellabs.kafl.fuzzer
Expand Down
Loading