ci: an attempt to run the tests under ASan/UBsan

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

diff --git a/.github/workflows/lxc-exercise b/.github/workflows/lxc-exercise
new file mode 100755 (executable)
index 0000000..b7da207
--- /dev/null
+++ b/.github/workflows/lxc-exercise
@@ -0,0 +1,174 @@
+#!/bin/bash
+# Environment
+set -eu
+set -x
+set -o pipefail
+
+unset TMPDIR
+
+TEST_PASS=0
+TEST_FAIL=0
+TEST_IGNORED=0
+
+IGNORE_LIST=""
+
+export ASAN_OPTIONS=detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1
+
+# https://github.com/lxc/lxc/issues/3757
+ASAN_OPTIONS="$ASAN_OPTIONS:detect_odr_violation=0"
+
+export UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1
+
+# Helper functions
+pass() {
+    TEST_PASS=$((${TEST_PASS}+1))
+
+    CURRENT_TIME=$(date +%s)
+    DURATION=$((CURRENT_TIME-START_TIME))
+
+    echo "PASS: $1 (${DURATION}s)"
+}
+
+fail() {
+    for entry in $IGNORE_LIST; do
+        if [ "$entry" = "$2" ]; then
+            ignore $1
+            return
+        fi
+    done
+
+    TEST_FAIL=$((${TEST_FAIL}+1))
+
+    CURRENT_TIME=$(date +%s)
+    DURATION=$((CURRENT_TIME-START_TIME))
+
+    echo "FAIL: $1 (${DURATION}s)"
+
+    if [ -f "$3" ]; then
+        echo "---"
+        cat $3
+        echo "---"
+    fi
+}
+
+ignore() {
+    TEST_IGNORED=$((${TEST_IGNORED}+1))
+    echo "IGNORED: $*"
+}
+
+summary() {
+    echo ""
+    echo "SUMMARY: pass=$TEST_PASS, fail=$TEST_FAIL, ignored=$TEST_IGNORED"
+}
+
+apt-get install --yes --no-install-recommends \
+    apparmor automake autoconf bash-completion bridge-utils build-essential \
+    busybox-static clang cloud-image-utils curl dbus debhelper debootstrap \
+    devscripts dh-apparmor dh-autoreconf dh-systemd dnsmasq-base \
+    docbook2x doxygen ed fakeroot file gcc gnupg graphviz git iptables \
+    net-tools libapparmor-dev libcap-dev libgnutls28-dev liblua5.2-dev \
+    libpam0g-dev libseccomp-dev libselinux1-dev libtool linux-libc-dev \
+    llvm lsb-release make openssl pkg-config python3-all-dev \
+    python3-setuptools rsync squashfs-tools uidmap unzip uuid-runtime \
+    wget xz-utils
+
+./autogen.sh
+CFLAGS=-fsanitize=address,undefined ./configure --enable-tests --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/ --disable-no-undefined
+make
+make install
+
+sed -i 's/USE_LXC_BRIDGE="false"/USE_LXC_BRIDGE="true"/' /etc/default/lxc
+systemctl daemon-reload
+systemctl restart apparmor
+systemctl restart lxc-net
+
+# Source distro information
+[ -e /etc/lsb-release ] && . /etc/lsb-release
+
+# Workaround for broken gpg2
+if [ -n "${http_proxy:-}" ] && [ -e /usr/bin/dirmngr ]; then
+    dpkg-divert --divert /usr/bin/dirmngr.orig --rename --add /usr/bin/dirmngr
+    (
+    cat << EOF
+#!/bin/sh
+exec /usr/bin/dirmngr.orig --honor-http-proxy \$@
+EOF
+    ) > /usr/bin/dirmngr
+    chmod +x /usr/bin/dirmngr
+fi
+
+# Override the GPG server
+sed -i "s/^DOWNLOAD_VALIDATE.*/DOWNLOAD_VALIDATE=\"false\"/" /usr/share/lxc/templates/lxc-download
+export DOWNLOAD_KEYSERVER="hkp://keyserver.ubuntu.com:80"
+
+# The actual tests
+## Default testsuite
+for testbin in /usr/bin/lxc-test-*; do
+    STRING="lxc-tests: $testbin"
+    [ ! -x "$testbin" ] && continue
+
+    # Some tests can't be run standalone
+    [ "$testbin" = "/usr/bin/lxc-test-may-control" ] && continue
+
+    # Skip some tests when running in a container
+    if [ -f /run/container_type ] || (type systemd-detect-virt >/dev/null 2>&1 && systemd-detect-virt  --container >/dev/null 2>&1); then
+        [ "$testbin" = "/usr/bin/lxc-test-reboot" ] && \
+            ignore "$STRING" && continue
+    fi
+
+    # Skip userns tests in unprivileged containers
+    if [ -f /proc/self/uid_map ] && \
+            ! grep -q "4294967295$" /proc/self/uid_map; then
+
+        [ "$testbin" = "/usr/bin/lxc-test-unpriv" ] && \
+            ignore "$STRING" && continue
+
+        [ "$testbin" = "/usr/bin/lxc-test-usernic" ] && \
+            ignore "$STRING" && continue
+    fi
+
+    # Skip some tests on old kernels
+    if [ ! -f /proc/self/uid_map ] || [ ! -f /etc/subuid ] || \
+       [ ! -f /etc/subgid ]; then
+        [ "$testbin" = "/usr/bin/lxc-test-unpriv" ] && \
+            ignore "$STRING" && continue
+
+        [ "$testbin" = "/usr/bin/lxc-test-usernic" ] && \
+            ignore "$STRING" && continue
+    fi
+
+    OUT=$(mktemp)
+    START_TIME=$(date +%s)
+    echo "$testbin"
+    (timeout 10m $testbin |& tee $OUT) && pass "$STRING" || fail "$STRING" "$testbin" "$OUT"
+    rm $OUT
+done
+
+## Python3 testsuite
+STRING="python3: API"
+if [ ! -f /usr/share/doc/python3-lxc/examples/api_test.py.gz ]; then
+    ignore "$STRING"
+else
+    OUT=$(mktemp)
+
+    PYTEST=$(mktemp)
+    cat /usr/share/doc/python3-lxc/examples/api_test.py.gz | gzip -d > $PYTEST
+    python3 $PYTEST >$OUT 2>&1 && pass "$STRING" || \
+        fail "$STRING" "python3" "$OUT"
+    rm $PYTEST
+
+    rm $OUT
+fi
+
+# Workaround for broken gpg2
+if [ -n "${http_proxy:-}" ] && [ -e /usr/bin/dirmngr ]; then
+    rm /usr/bin/dirmngr
+    dpkg-divert --divert /usr/bin/dirmngr.orig --rename --remove /usr/bin/dirmngr
+fi
+
+# Test summary
+summary
+
+[ "$TEST_FAIL" != "0" ] && exit 1
+
+exit 0

diff --git a/.github/workflows/sanitizers.yml b/.github/workflows/sanitizers.yml
new file mode 100644 (file)
index 0000000..ae78f18
--- /dev/null
+++ b/.github/workflows/sanitizers.yml
@@ -0,0 +1,22 @@
+name: Sanitizers build
+on:
+  - push
+  - pull_request
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        compiler:
+          - gcc
+          - clang
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Build
+        env:
+          CC: ${{ matrix.compiler }}
+        run: |
+          sudo CC=${{ matrix.compiler }} .github/workflows/lxc-exercise