-
Notifications
You must be signed in to change notification settings - Fork 20
Expand file tree
/
Copy pathDockerfile.libafl
More file actions
111 lines (93 loc) · 3.31 KB
/
Dockerfile.libafl
File metadata and controls
111 lines (93 loc) · 3.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
FROM debian:bookworm
# ------ Build and install dependencies ------
ARG LLVM_V=19
# Add the LLVM apt repo
RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates gnupg lsb-release software-properties-common wget && \
wget https://apt.llvm.org/llvm.sh && \
chmod +x llvm.sh && \
./llvm.sh ${LLVM_V}
# Install LLVM toolchain & deps for AFL++, Nyx, Bitcoin Core
# vim & tmux are useful
RUN apt-get update && apt install -y --no-install-recommends \
ninja-build \
libgtk-3-dev \
pax-utils \
python3-msgpack \
python3-jinja2 \
curl \
lld-${LLVM_V} \
llvm-${LLVM_V} \
llvm-${LLVM_V}-dev \
clang-${LLVM_V} \
cpio \
git \
build-essential \
libtool \
autotools-dev \
automake \
cmake \
pkg-config \
bsdmainutils \
openssh-client \
libcapstone-dev \
python3 \
libzstd-dev \
libssl-dev \
tmux \
vim \
gnuplot
# Install rust and tools
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
ENV PATH="/root/.cargo/bin:${PATH}"
RUN rustup install nightly-2026-02-15 && rustup default nightly-2026-02-15
RUN cargo install just
WORKDIR /
# Clone AFLplusplus and build
ENV LLVM_CONFIG=llvm-config-${LLVM_V}
RUN git clone https://github.com/AFLplusplus/AFLplusplus
RUN cd AFLplusplus && make PERFORMANCE=1 -j$(nproc --ignore 1)
# ------ Build Bitcoin Core and the nyx agent ------
# Build Bitcoin Core
ARG OWNER=bitcoin
ARG REPO=bitcoin
ARG BRANCH=master
ARG PR_NUMBER=
ARG BITCOIN_COMMIT=""
RUN git clone --depth 1 --branch "${BRANCH}" "https://github.com/${OWNER}/${REPO}.git" "${REPO}" && \
cd "${REPO}" && \
if [ -n "${PR_NUMBER}" ]; then \
git fetch --depth 1 origin "pull/${PR_NUMBER}/head:pr-${PR_NUMBER}" && \
git checkout "pr-${PR_NUMBER}"; \
elif [ -n "${BITCOIN_COMMIT}" ]; then \
git fetch --depth 1 origin "${BITCOIN_COMMIT}" && \
git checkout "${BITCOIN_COMMIT}"; \
fi
ENV CC=/AFLplusplus/afl-clang-fast
ENV CXX=/AFLplusplus/afl-clang-fast++
ENV LD=/AFLplusplus/afl-clang-fast
COPY ./target-patches/bitcoin-core-ir-denylist.txt /denylist.txt
ENV AFL_LLVM_DENYLIST=/denylist.txt
ENV SOURCES_PATH=/tmp/bitcoin-depends
RUN make -C bitcoin/depends NO_QT=1 NO_ZMQ=1 NO_USDT=1 download-linux SOURCES_PATH=$SOURCES_PATH
# Keep extracted source
RUN sed -i --regexp-extended '/.*rm -rf .*extract_dir.*/d' ./bitcoin/depends/funcs.mk && \
make -C ./bitcoin/depends DEBUG=1 NO_QT=1 NO_ZMQ=1 NO_USDT=1 \
SOURCES_PATH=$SOURCES_PATH \
AR=llvm-ar-${LLVM_V} NM=llvm-nm-${LLVM_V} RANLIB=llvm-ranlib-${LLVM_V} STRIP=llvm-strip-${LLVM_V} \
-j$(nproc)
COPY ./target-patches/bitcoin-core-aggressive-rng.patch bitcoin/
RUN cd bitcoin/ && \
git apply bitcoin-core-aggressive-rng.patch
RUN cd bitcoin/ && cmake -B build_fuzz \
--toolchain ./depends/$(./depends/config.guess)/toolchain.cmake \
-DSANITIZERS="address" \
-DAPPEND_CPPFLAGS="-DFUZZAMOTO_FUZZING -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -DABORT_ON_FAILED_ASSUME" \
-DAPPEND_LDFLAGS="-fuse-ld=lld-${LLVM_V}"
RUN cmake --build bitcoin/build_fuzz -j$(nproc) --target bitcoind
ENV CC=clang-${LLVM_V}
ENV CXX=clang++-${LLVM_V}
ENV LD=lld-${LLVM_V}
# Needed to avoid "fatal: detected dubious ownership in repository" errors from
# the Nyx build inside of target/
RUN git config --global --add safe.directory /fuzzamoto
COPY ./ci /ci