Preserve LLVM and Clang libraries in the final stage (#14)

alessandrogario · web-flow · commit be224c7a32e4 · 2020-03-05T00:36:46.000+01:00
* Docs: Update required dependencies in the README

* final stage: Preserve the LLVM and Clang libraries

* Docs: Update the README to document how to create the release tarball

* stage 0: Prevent the use of links for the destination folder

* Code review changes

* build: Add a script to build the toolchain inside Docker

* build: Use Ubuntu 18.04 as base Docker image

* build: Rename the docker script

* Docs: Update the README
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+build
+
diff --git a/README.md b/README.md
@@ -36,7 +36,7 @@ For the instructions we will use Ubuntu 18.04.
 
 ## Prerequisites
 ```
-sudo apt install --no-install-recommends g++-8 gcc-8 automake autoconf gettext bison flex unzip help2man libtool-bin libncurses-dev make ninja-build patch
+sudo apt install g++-8 gcc-8 automake autoconf gettext bison flex unzip help2man libtool-bin libncurses-dev make ninja-build patch txinfo gawk wget git texinfo xz-utils python
 ```
 Then use `update-alternatives` to tell the system that the version of GCC/G++ and CPP is the default we would like to use:
 ```
@@ -65,7 +65,13 @@ The script has to be run as a normal user and accepts one argument, which is the
 This should output the sysroot under `/opt/osquery-toolchain/final` and the LLVM toolchain will be under `/opt/osquery-toolchain/final/sysroot/usr`
 
 ## Redistributing and usage
-tar the sysroot folder and uncompress that wherever you like on the target machine.
+1. Enter inside the **final** folder within the destination path
+2. Rename the **sysroot** folder to **osquery-toolchain**
+3. Compress the folder with the following command: `tar -pcvJf osquery-toolchain-<VERSION>.tar.xz osquery-toolchain`
+
+Make sure that the **<VERSION>** field matches a valid tag, for example: `osquery-toolchain-1.0.1.tar.xz`.
+
+The generated tarball can then be uncompressed wherever you like on the target machine.
 
 The toolchain defaults to using libc++ as the C++ standard library, compiler-rt as part of the builtins it needs, instead of relying on libgcc and lld as the linker; so these are implicit.
 libc++abi has to be explicitly linked when compiling C++ with `l:libc++abi.a` instead; merged with it there's also libunwind, which is therefore implicit.
diff --git a/build.sh b/build.sh
@@ -229,7 +229,6 @@ source ./config
 TOOLCHAIN_DIR=$1
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
 
-
 # We are already at the final stage, nothing to do
 if [ -e $TOOLCHAIN_DIR/final/sysroot ]; then
   echo "Nothing to do. If you want to redo the final stage please delete the $TOOLCHAIN_DIR/final/sysroot folder"
@@ -321,7 +320,6 @@ additional_compiler_flags="-s" \
 additional_cmake="" \
 build_llvm
 
-
 build_folder="build-compilerrt-builtins" \
 cc_compiler="clang" \
 cxx_compiler="clang++" \
@@ -379,16 +377,12 @@ additional_linker_flags="-rtlib=compiler-rt -l:libc++abi.a -ldl -lpthread" \
 additional_cmake="${llvm_additional_cmake}" \
 build_llvm
 
-
 CURRENT_DIR=$TOOLCHAIN_DIR/final
 SYSROOT=$TOOLCHAIN_DIR/final/$TUPLE/$TUPLE/sysroot
 PREFIX=$SYSROOT/usr
 
-# Remove the static libclang/liblld/libLLVM and all versions of libstdc++ from the sysroot.
+# Remove all the versions of libstdc++ from the sysroot.
 ( cd $PREFIX/lib; \
-  rm -f libclang*.a; \
-  rm -f liblld*.a; \
-  rm -f libLLVM*.a; \
   rm -f libstdc*)
 
 # Remove unused GCC binaries
@@ -436,12 +430,13 @@ do
 done
 
 remaining_symlinks=`find "$SYSROOT" -type l`
+real_sysroot=`realpath ${SYSROOT}`
 
 symlinks_to_fix=0
 while read line
 do
   real_path=`readlink -f "$line"`
-  if [[ ! "$real_path" == "$SYSROOT/"* ]]; then
+  if [[ ! "$real_path" == "$real_sysroot/"* ]]; then
     symlinks_to_fix=1
     echo "$line -> $real_path"
   fi
diff --git a/build_inside_docker.sh b/build_inside_docker.sh
@@ -0,0 +1,128 @@
+#!/usr/bin/env bash
+
+export CMAKE_VERSION="3.15.2"
+export BASE_IMAGE="ubuntu:bionic"
+
+main() {
+  if [[ -z "${run_build_script}" ]] ; then
+    startDockerContainer || return 1
+  else
+    buildOsqueryToolchain || return 1
+  fi
+
+  return 0
+}
+
+startDockerContainer() {
+  if [[ -d "build" ]] ; then
+    echo "Reusing existing build folder"
+  else
+    echo "Creating new build folder"
+
+    mkdir build
+    if [[ $? != 0 ]] ; then
+      echo "Failed to create the build folder"
+      return 1
+    fi
+  fi
+
+  local container_name="osquery-toolchain-$(git rev-parse HEAD)"
+  docker rm "${container_name}" > /dev/null 2>&1
+
+  docker run --rm -e "run_build_script=1" -v "$(realpath build):/opt/osquery-toolchain" -v "$(pwd):/home/osquery/osquery-toolchain" --name "${container_name}" -it "${BASE_IMAGE}" /bin/bash -c '/home/osquery/osquery-toolchain/build_inside_docker.sh'
+  if [[ $? != 0 ]] ; then
+    echo "Failed to start the Docker container"
+    return 1
+  fi
+
+  return 0
+}
+
+buildOsqueryToolchain() {
+  # https://stackoverflow.com/questions/59895/how-to-get-the-source-directory-of-a-bash-script-from-within-the-script-itself
+  local home_folder="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+  cd "${home_folder}"
+
+  installSystemDependencies || return 1
+  installCMake || return 1
+  initializeOsqueryUser || return 1
+
+  export KEEP_INTERMEDIATE_STAGES=1
+  sudo -u osquery ./build.sh "/opt/osquery-toolchain"
+  if [[ $? != 0 ]] ; then
+    echo "The build script has failed"
+    return 1
+  fi
+
+  return 0
+}
+
+initializeOsqueryUser() {
+  useradd -d "/home/osquery" -M osquery
+  if [[ $? != 0 ]] ; then
+    echo "Failed to create the osquery user"
+    return 1
+  fi
+
+  chown -R osquery:osquery "/home/osquery"
+  if [[ $? != 0 ]] ; then
+    echo "Failed to set the require permissions on the home directory"
+    return 1
+  fi
+
+  return 0
+}
+
+installSystemDependencies() {
+  apt-get update
+  if [[ $? != 0 ]] ; then
+    echo "Failed to update the package repositories"
+    return 1
+  fi
+
+  apt-get install g++-8 gcc-8 automake autoconf gettext bison flex unzip help2man libtool-bin libncurses-dev make ninja-build wget git texinfo xz-utils gawk python sudo -y
+  if [[ $? != 0 ]] ; then
+    echo "Failed to install the required dependencies"
+    return 1
+  fi
+
+  update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-8 20
+  if [ $? != 0 ] ; then
+    echo "Failed to set the default gcc binary path"
+    return 1
+  fi
+
+  update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-8 20
+  if [ $? != 0 ] ; then
+    echo "Failed to set the default g++ binary path"
+    return 1
+  fi
+
+  update-alternatives --install /usr/bin/cpp cpp /usr/bin/cpp-8 20
+  if [ $? != 0 ] ; then
+    echo "Failed to set the default cpp binary path"
+    return 1
+  fi
+
+  return 0
+}
+
+installCMake() {
+  local cmake_archive_path="/tmp/cmake.tar.gz"
+  wget "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/cmake-${CMAKE_VERSION}-Linux-x86_64.tar.gz" -O "${cmake_archive_path}"
+  if [[ $? != 0 ]] ; then
+    echo "Failed to download the CMake release archive"
+    return 1
+  fi
+
+  tar xvf "${cmake_archive_path}" -C "/usr/local" --strip 1
+  if [[ $? != 0 ]] ; then
+    echo "Failed to extract the CMake release archive"
+    return 1
+  fi
+
+  return 0
+}
+
+main $@
+exit $?
