oss-fuzz: Always run the check, even on the oss-fuzz platform

It is much harder to determine why we get messages like
    Step #6: Error occured while running fuzz_reg_parse:
    Step #6: /workspace/out/coverage/fuzz_reg_parse: error while loading shared libraries: libavahi-common.so.3: cannot open shared object file: No such file or directory
instead this detects the failure to use RPATH (which is
strictly required instead of the modern RUNPATH)
otherwise.

We do this by creating a new build_samba.sh after renaming
build_samba.sh to do_build.sh because this is what oss-fuzz
runs, meaning we don't need to coordinate a MR there as well.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

lib/fuzzing/oss-fuzz/build_samba.sh

@@ -11,11 +11,6 @@
 # https://github.com/google/oss-fuzz/blob/master/projects/samba/build.sh
 # which does nothing else.
 #
-# We have to push to oss-fuzz CFLAGS into the waf ADDITIONAL_CFLAGS
-# as otherwise waf's configure fails linking the first test binary
-#
-# CFLAGS are supplied by the caller, eg the oss-fuzz compile command
-#
 # Additional arguments are passed to configure, to allow this to be
 # tested in autobuild.py
 #
@@ -26,116 +21,5 @@ set -e
 set -x
 set -u
 
-# It is critical that this script, just as the rest of Samba's GitLab
-# CI docker has LANG set to en_US.utf8 (oss-fuzz fails to set this)
-. /etc/default/locale
-export LANG
-export LC_ALL
-
-ADDITIONAL_CFLAGS="$CFLAGS"
-export ADDITIONAL_CFLAGS
-CFLAGS=""
-export CFLAGS
-LD="$CXX"
-export LD
-
-# Use the system Python, not the OSS-Fuzz provided statically linked
-# and instrumented Python, because we can't statically link.
-
-PYTHON=/usr/bin/python3
-export PYTHON
-
-# $SANITIZER is provided by the oss-fuzz "compile" command
-#
-# We need to add the waf configure option as otherwise when we also
-# get (eg) -fsanitize=address via the CFLAGS we will fail to link
-# correctly
-
-case "$SANITIZER" in
-    address)
-	SANITIZER_ARG='--address-sanitizer'
-	;;
-    undefined)
-	SANITIZER_ARG='--undefined-sanitizer'
-	;;
-    coverage)
-	# Thankfully clang operating as ld has no objection to the
-	# cc style options, so we can just set ADDITIONAL_LDFLAGS
-	# to ensure the coverage build is done, despite waf splitting
-	# the compile and link phases.
-	ADDITIONAL_LDFLAGS="${ADDITIONAL_LDFLAGS:-} $COVERAGE_FLAGS"
-	export ADDITIONAL_LDFLAGS
-
-	SANITIZER_ARG=''
-       ;;
-esac
-
-# $LIB_FUZZING_ENGINE is provided by the oss-fuzz "compile" command
-#
-
-./configure -C --without-gettext --enable-debug --enable-developer \
-            --enable-libfuzzer \
-	    $SANITIZER_ARG \
-	    --disable-warnings-as-errors \
-	    --abi-check-disable \
-	    --fuzz-target-ldflags="$LIB_FUZZING_ENGINE" \
-	    --nonshared-binary=ALL \
-	    "$@" \
-	    LINK_CC="$CXX"
-
-make -j
-
-# Make a directory for the system shared libraries to be copied into
-mkdir -p $OUT/lib
-
-# We can't static link to all the system libs with waf, so copy them
-# to $OUT/lib and set the rpath to point there.  This is similar to how
-# firefox handles this.
-
-for x in bin/fuzz_*
-do
-    # Copy any system libraries needed by this fuzzer to $OUT/lib.
-
-    # We run ldd on $x, the fuzz_binary in bin/ which has not yet had
-    # the RPATH altered.  This is clearer for debugging in local
-    # development builds as $OUT is not cleaned between runs.
-    #
-    # Otherwise trying to re-run this can see cp can fail with:
-    # cp: '/out/lib/libgcc_s.so.1' and '/out/lib/libgcc_s.so.1' are the same file
-    # which is really confusing!
-
-    # The cut for ( and ' ' removes the special case references to:
-    # 	linux-vdso.so.1 =>  (0x00007ffe8f2b2000)
-    #   /lib64/ld-linux-x86-64.so.2 (0x00007fc63ea6f000)
-
-    ldd $x | cut -f 2 -d '>' | cut -f 1 -d \( | cut -f 2 -d  ' ' | xargs -i cp \{\} $OUT/lib/
-
-    cp $x $OUT/
-    bin=`basename $x`
-
-    # Changing RPATH (not RUNPATH, but we can't tell here which was
-    # set) is critical, otherwise libraries used by libraries won't be
-    # found on the oss-fuzz target host.  Sadly this is only possible
-    # with clang or ld.bfd on Ubuntu 16.04 (this script is only run on
-    # that).
-    #
-    # chrpath --convert only allows RPATH to be changed to RUNPATH,
-    # not the other way around, and we really don't want RUNPATH.
-    #
-    # This means the copied libraries are found on the runner
-    chrpath -r '$ORIGIN/lib' $OUT/$bin
-
-    # Truncate the original binary to save space
-    echo -n > $x
-
-done
-
-# Grap the seeds dictionary from github and put the seed zips in place
-# beside their executables.
-
-wget https://gitlab.com/samba-team/samba-fuzz-seeds/-/jobs/artifacts/master/download?job=zips \
-     -O seeds.zip
-
-# We might not have unzip, but we do have python
-$PYTHON -mzipfile -e seeds.zip  $OUT
-rm -f seeds.zip
+$(dirname $0)/do_build.sh $@
+$(dirname $0)/check_build.sh $OUT

lib/fuzzing/oss-fuzz/do_build.sh

@@ -0,0 +1,141 @@
+#!/bin/sh
+#
+# This is not a general-purpose build script, but instead one specific
+# to the Google oss-fuzz compile environment.
+#
+# https://google.github.io/oss-fuzz/getting-started/new-project-guide/#Requirements
+#
+# https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-builder/README.md#provided-environment-variables
+#
+# This file is run by build_samba.sh, which is run by
+# https://github.com/google/oss-fuzz/blob/master/projects/samba/build.sh
+# which does nothing else.
+#
+# We have to push to oss-fuzz CFLAGS into the waf ADDITIONAL_CFLAGS
+# as otherwise waf's configure fails linking the first test binary
+#
+# CFLAGS are supplied by the caller, eg the oss-fuzz compile command
+#
+# Additional arguments are passed to configure, to allow this to be
+# tested in autobuild.py
+#
+
+# Ensure we give good trace info, fail right away and fail with unset
+# variables
+set -e
+set -x
+set -u
+
+# It is critical that this script, just as the rest of Samba's GitLab
+# CI docker has LANG set to en_US.utf8 (oss-fuzz fails to set this)
+. /etc/default/locale
+export LANG
+export LC_ALL
+
+ADDITIONAL_CFLAGS="$CFLAGS"
+export ADDITIONAL_CFLAGS
+CFLAGS=""
+export CFLAGS
+LD="$CXX"
+export LD
+
+# Use the system Python, not the OSS-Fuzz provided statically linked
+# and instrumented Python, because we can't statically link.
+
+PYTHON=/usr/bin/python3
+export PYTHON
+
+# $SANITIZER is provided by the oss-fuzz "compile" command
+#
+# We need to add the waf configure option as otherwise when we also
+# get (eg) -fsanitize=address via the CFLAGS we will fail to link
+# correctly
+
+case "$SANITIZER" in
+    address)
+	SANITIZER_ARG='--address-sanitizer'
+	;;
+    undefined)
+	SANITIZER_ARG='--undefined-sanitizer'
+	;;
+    coverage)
+	# Thankfully clang operating as ld has no objection to the
+	# cc style options, so we can just set ADDITIONAL_LDFLAGS
+	# to ensure the coverage build is done, despite waf splitting
+	# the compile and link phases.
+	ADDITIONAL_LDFLAGS="${ADDITIONAL_LDFLAGS:-} $COVERAGE_FLAGS"
+	export ADDITIONAL_LDFLAGS
+
+	SANITIZER_ARG=''
+       ;;
+esac
+
+# $LIB_FUZZING_ENGINE is provided by the oss-fuzz "compile" command
+#
+
+./configure -C --without-gettext --enable-debug --enable-developer \
+            --enable-libfuzzer \
+	    $SANITIZER_ARG \
+	    --disable-warnings-as-errors \
+	    --abi-check-disable \
+	    --fuzz-target-ldflags="$LIB_FUZZING_ENGINE" \
+	    --nonshared-binary=ALL \
+	    "$@" \
+	    LINK_CC="$CXX"
+
+make -j
+
+# Make a directory for the system shared libraries to be copied into
+mkdir -p $OUT/lib
+
+# We can't static link to all the system libs with waf, so copy them
+# to $OUT/lib and set the rpath to point there.  This is similar to how
+# firefox handles this.
+
+for x in bin/fuzz_*
+do
+    # Copy any system libraries needed by this fuzzer to $OUT/lib.
+
+    # We run ldd on $x, the fuzz_binary in bin/ which has not yet had
+    # the RPATH altered.  This is clearer for debugging in local
+    # development builds as $OUT is not cleaned between runs.
+    #
+    # Otherwise trying to re-run this can see cp can fail with:
+    # cp: '/out/lib/libgcc_s.so.1' and '/out/lib/libgcc_s.so.1' are the same file
+    # which is really confusing!
+
+    # The cut for ( and ' ' removes the special case references to:
+    # 	linux-vdso.so.1 =>  (0x00007ffe8f2b2000)
+    #   /lib64/ld-linux-x86-64.so.2 (0x00007fc63ea6f000)
+
+    ldd $x | cut -f 2 -d '>' | cut -f 1 -d \( | cut -f 2 -d  ' ' | xargs -i cp \{\} $OUT/lib/
+
+    cp $x $OUT/
+    bin=`basename $x`
+
+    # Changing RPATH (not RUNPATH, but we can't tell here which was
+    # set) is critical, otherwise libraries used by libraries won't be
+    # found on the oss-fuzz target host.  Sadly this is only possible
+    # with clang or ld.bfd on Ubuntu 16.04 (this script is only run on
+    # that).
+    #
+    # chrpath --convert only allows RPATH to be changed to RUNPATH,
+    # not the other way around, and we really don't want RUNPATH.
+    #
+    # This means the copied libraries are found on the runner
+    chrpath -r '$ORIGIN/lib' $OUT/$bin
+
+    # Truncate the original binary to save space
+    echo -n > $x
+
+done
+
+# Grap the seeds dictionary from github and put the seed zips in place
+# beside their executables.
+
+wget https://gitlab.com/samba-team/samba-fuzz-seeds/-/jobs/artifacts/master/download?job=zips \
+     -O seeds.zip
+
+# We might not have unzip, but we do have python
+$PYTHON -mzipfile -e seeds.zip  $OUT
+rm -f seeds.zip

script/autobuild.py

@@ -652,7 +652,6 @@ tasks = {
         # build the fuzzers (static) via the oss-fuzz script
         ("fuzzers-mkdir-prefix", "mkdir -p ${PREFIX_DIR}"),
         ("fuzzers-build", "OUT=${PREFIX_DIR} LIB_FUZZING_ENGINE= SANITIZER=address CXX= CFLAGS= ADDITIONAL_LDFLAGS='-fuse-ld=bfd' ./lib/fuzzing/oss-fuzz/build_samba.sh --enable-afl"),
-        ("fuzzers-check", "./lib/fuzzing/oss-fuzz/check_build.sh ${PREFIX_DIR}")
         ],
 
     # * Test smbd and smbtorture can build semi-static