Skip to content

nss: enable replayable build #13492

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
AdamKorcz merged 2 commits into from
Jun 27, 2025
Merged

nss: enable replayable build #13492

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5abd280
nss: enable replayable build
DavidKorczynski Jun 26, 2025
45f2ba4
nit
DavidKorczynski Jun 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions projects/nss/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,5 @@ RUN apt-get update && apt-get install -y make mercurial zlib1g-dev gyp ninja-bui
RUN hg clone https://hg.mozilla.org/projects/nspr nspr
RUN hg clone https://hg.mozilla.org/projects/nss nss
RUN git clone --depth 1 https://github.com/MozillaSecurity/nss-fuzzing-corpus.git nss-corpus

WORKDIR nss
COPY build.sh $SRC/
COPY build.sh replay_build.sh $SRC/
WORKDIR $SRC/nss
4 changes: 4 additions & 0 deletions projects/nss/build.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,10 @@
#
################################################################################

if [[ -n ${CAPTURE_REPLAY_SCRIPT-} ]]; then
# Make sure we don't remove cached directory
sed -i 's/rm -rf/#rm -rf/g' automation/ossfuzz/build.sh
fi

# Build NSS with fuzzers.
./automation/ossfuzz/build.sh
44 changes: 44 additions & 0 deletions projects/nss/replay_build.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
#!/bin/bash -eu
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################

# This script is useful for OSS-Fuzz infrastructure which is used to rebuild
# code from cached images. This is to support various ongoing efforts in
# OSS-Fuzz.

# List of targets disabled for oss-fuzz.
declare -A disabled=()
# List of targets we want to fuzz in TLS and non-TLS mode.
declare -A tls_targets=([tls-client]=1 [tls-server]=1 [dtls-client]=1 [dtls-server]=1)
# Helper function that copies a fuzzer binary and its seed corpus.
copy_fuzzer()
{
local fuzzer=$1
local name=$2
# Copy the binary.
cp ../dist/Debug/bin/$fuzzer $OUT/$name
}

# Rebuild the library using most recent cache
cd $SRC/nss
ninja -C /src/nss/out/Debug -v

# Copy dual mode targets in TLS mode.
for name in "${!tls_targets[@]}"; do
if [ -z "${disabled[$name]:-}" ]; then
copy_fuzzer nssfuzz-$name $name
fi
done