Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Install latest fuzzer #46

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .shellcheckrc
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
enable=all
disable=SC2154 # Disabled because it's disabled by trunk
disable=SC2154 # Disabled because it's disabled in trunk by default
disable=SC2312 # Disabled because we often don't need return values
bohendo marked this conversation as resolved.
Show resolved Hide resolved
2 changes: 1 addition & 1 deletion cmd/cloudexec/cancel.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ import (
func CancelJob(config config.Config, existingState *state.State, job *state.Job, force bool) error {
if job.Status != state.Provisioning && job.Status != state.Running {
log.Info("Job %v is not running, it is %s", job.ID, job.Status)
return nil
return nil
}
log.Warn("Destroying droplet %s associated with job %v: IP=%v | CreatedAt=%s", job.Droplet.Name, job.ID, job.Droplet.IP, job.Droplet.Created)
if !force { // Ask for confirmation before cleaning this job if no force flag
Expand Down
2 changes: 1 addition & 1 deletion cmd/cloudexec/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ func main() {
return err
}
err = Launch(config, dropletSize, dropletRegion, lc)
return err
return err
},
},

Expand Down
8 changes: 4 additions & 4 deletions flake.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 2 additions & 3 deletions flake.nix
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
description = "CloudExec VPS provisioning helper";

inputs = {
nixpkgs.url = "github:nixos/nixpkgs/4ecab3273592f27479a583fb6d975d4aba3486fe"; # v23.05
nixpkgs.url = "github:nixos/nixpkgs/11cd405226b6663b1ba2073dc7d8b0d7a78175d9"; # 240209
bohendo marked this conversation as resolved.
Show resolved Hide resolved
utils.url = "github:numtide/flake-utils/04c1b180862888302ddfb2e3ad9eaa63afc60cf8"; # v1.0.0
};

Expand Down Expand Up @@ -101,7 +101,7 @@
url = "git+ssh://[email protected]/trailofbits/medusa";
rev = "72e9b8586ad93b37ff9063ccf3f5b471f934c264";
};
vendorSha256 = "sha256-IKB8c6oxF5h88FdzUAmNA96BpNo/LIbwzuDCMFsdZNE=";
vendorHash = "sha256-IKB8c6oxF5h88FdzUAmNA96BpNo/LIbwzuDCMFsdZNE=";
bohendo marked this conversation as resolved.
Show resolved Hide resolved
nativeBuildInputs = [
packages.crytic-compile
pkgs.solc
Expand Down Expand Up @@ -134,7 +134,6 @@
go-tools
gopls
go-outline
gocode
gopkgs
gocode-gomod
godef
bohendo marked this conversation as resolved.
Show resolved Hide resolved
Expand Down
6 changes: 4 additions & 2 deletions justfile
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,13 @@ trunk:
trunk fmt
trunk check

pack opSecretReference="op://Private/DigitalOcean/ApiKey":
cd packer && packer build -var do_api_token=$(op read {{opSecretReference}}) cloudexec.pkr.hcl
bohendo marked this conversation as resolved.
Show resolved Hide resolved

build:
nix build

install:
nix build
install: build
bohendo marked this conversation as resolved.
Show resolved Hide resolved
echo nix profile remove $(nix profile list | grep cloudexec | cut -d " " -f 1)
nix profile remove $(nix profile list | grep cloudexec | cut -d " " -f 1)
echo nix profile install ./result
Expand Down
70 changes: 53 additions & 17 deletions packer/provision.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,23 @@
# shellcheck source=/dev/null
set -e

########################################
## Helper Functions

function github_api {
project="$1"
github_api="https://api.github.com/repos/${project}/releases/latest"
curl -s "${github_api}"
}

function get_latest_version {
github_api "$1" | jq '.tag_name' | tr -d 'v' | tr -d '"'
}

function get_latest_artifact {
github_api "$1" | jq '.assets[] | select(.name | test("linux")) | .browser_download_url' | tr -d '"'
}

Comment on lines +5 to +21

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Image description CodeRabbit

The helper functions github_api, get_latest_version, and get_latest_artifact are well implemented. They use the GitHub API to fetch the latest version of a given project and the URL for the latest artifact for a Linux system. However, there is no error handling in case the GitHub API request fails or returns an unexpected response. Consider adding some error checking to these functions.

function github_api {
	project="$1"
	github_api="https://api.github.com/repos/${project}/releases/latest"
	response=$(curl -s "${github_api}")
    if [ $? -ne 0 ]; then
        echo "Failed to fetch data from GitHub API for project ${project}"
        exit 1
    fi
    echo "${response}"
}

########################################
## Required Configuration and Dependencies

Expand All @@ -15,40 +32,55 @@ export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y jq s3cmd tmux python3-pip python3-venv

echo "Downloading doctl..."
curl -fsSL -o /tmp/doctl-1.92.0-linux-amd64.tar.gz https://github.com/digitalocean/doctl/releases/download/v1.92.0/doctl-1.92.0-linux-amd64.tar.gz
echo "Extracting doctl..."
tar -xzf /tmp/doctl-1.92.0-linux-amd64.tar.gz -C /tmp
echo "Installing doctl..."
echo "Installing doctl v$(
set -e
get_latest_version "digitalocean/doctl"
)..."
curl -fsSL -o /tmp/doctl.tar.gz "$(
set -e
get_latest_artifact "digitalocean/doctl" | grep "amd64"
)"
tar -xzf /tmp/doctl.tar.gz -C /tmp
mv /tmp/doctl /usr/local/bin
echo "Cleaning up..."
rm /tmp/doctl-1.92.0-linux-amd64.tar.gz
rm /tmp/doctl.tar.gz
echo "Done installing: $(doctl version)"

########################################
## Common fuzz testing and analysis tools

echo "Installing solc and slither..."
echo "Installing slither..."
python3 -m venv ~/venv
source ~/venv/bin/activate
pip3 install solc-select slither-analyzer crytic-compile
solc-select use latest --always-install

echo "Downloading echidna..."
curl -fsSL https://github.com/crytic/echidna/releases/download/v2.2.3/echidna-2.2.3-x86_64-linux.tar.gz -o /tmp/echidna.tar.gz
echo "Extracting echidna..."
echo "Installing echidna v$(
set -e
get_latest_version "crytic/echidna"
)..."
curl -fsSL -o /tmp/echidna.tar.gz "$(
set -e
get_latest_artifact "crytic/echidna" | grep -v "sigstore"
)"
tar -xzf /tmp/echidna.tar.gz -C /tmp
echo "Installing echidna..."
mv /tmp/echidna /usr/local/bin
chmod +x /usr/local/bin/echidna
rm /tmp/echidna.tar.gz
echo "Done installing: $(echidna --version)"

echo "Downloading medusa..."
curl -fsSL https://github.com/crytic/medusa/releases/download/v0.1.3/medusa-linux-x64.tar.gz -o /tmp/medusa.tar.gz
echo "Extracting medusa..."
echo "Installing medusa v$(
set -e
get_latest_version "crytic/medusa"
)..."
curl -fsSL -o /tmp/medusa.tar.gz "$(
set -e
get_latest_artifact "crytic/medusa" | grep -v "sigstore"
)"
tar -xzf /tmp/medusa.tar.gz -C /tmp
echo "Installing medusa..."
chmod +x /tmp/medusa
sudo mv /tmp/medusa /usr/local/bin
chmod +x /usr/local/bin/medusa
rm /tmp/medusa.tar.gz
echo "Done installing: $(medusa --version)"
bohendo marked this conversation as resolved.
Show resolved Hide resolved

echo "Installing docker and its dependencies..."
apt-get install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common
Expand All @@ -61,3 +93,7 @@ apt-get install -y docker-ce docker-ce-cli containerd.io
user="$(whoami)"
usermod -aG docker "${user}"
systemctl enable docker
echo "Done installing docker:"
docker version

echo "Done provisioning"
Loading