search

open-obfuscator / o-mvll

:electron: O-MVLL is a LLVM-based obfuscator for native code (Android & iOS)
https://obfuscator.re/omvll
Apache License 2.0
617 stars 66 forks source link

Run regression tests in GitHub NDK action #15

Closed weliveindetail closed 1 year ago

weliveindetail commented 1 year ago

This patch shows what we need to run regression tests for NDK in docker and proposes a Dockerfile to build the required image. The NDK workflow is running successfully in our fork already: https://github.com/build38/o-mvll/actions/runs/5147901935

+ ninja check
[0/1] Running O-MVLL regression tests
Running tests with: /test-deps/bin/clang
Testing plugin file: /o-mvll/src/build_ndk_r25/libOMVLL.so
OMVLL_PYTHONPATH: /Python-3.10.7/Lib
-- Testing: 4 tests, 2 workers --
PASS: O-MVLL Tests :: passes/arithmetic/xor-x86_64-darwin.c (1 of 4)
PASS: O-MVLL Tests :: passes/arithmetic/xor-aarch64.c (2 of 4)
PASS: O-MVLL Tests :: passes/arithmetic/xor-x86_64-linux.c (3 of 4)
PASS: O-MVLL Tests :: passes/strings-encoding/basic-aarch64.cpp (4 of 4)

Testing Time: 0.87s
  Passed: 4

This first version still contains a few hacks, but we can get rid of them as soon as we update the package of prebuilt dependencies.

romainthomas commented 1 year ago

I actually missed to provide the Linux Docker image that were used for compiling the dependencies (openobfuscator/omvll-ndk)

FROM debian:stretch-slim
LABEL maintainer="Romain Thomas <me@romainthomas.fr>"
RUN mkdir -p /usr/share/man/man1                                      && \
    apt-get update -y                                                 && \
    apt-get install -y --no-install-recommends                           \
    ninja-build g++ gcc clang-11 git make ca-certificates curl unzip     \
    build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev   \
    libreadline-dev libffi-dev libsqlite3-dev wget libbz2-dev            \
    libc++abi-11-dev libc++-11-dev                                       \
  && apt-get clean                                                       \
  && rm -rf /var/lib/apt/lists/*

# Python 3.10.7 requires at least OpenSSL 1.1.1 while debian:stretch-slim provides OpenSSL 1.1.0.
# Hence, we need to compile this version
RUN curl -LO https://www.openssl.org/source/openssl-1.1.1q.tar.gz && \
    tar xzvf ./openssl-1.1.1q.tar.gz                              && \
    cd openssl-1.1.1q                                             && \
    CC=clang-11 CXX=clang++-11 CFLAGS="-fPIC"                        \
      ./config --prefix=/usr --openssldir=/usr shared             && \
    make -j$(nproc)                                               && \
    make -j$(nproc) install                                       && \
    mv /usr/lib/libcrypto.so.1.1 /usr/lib/x86_64-linux-gnu/       && \
    mv /usr/lib/libssl.so.1.1    /usr/lib/x86_64-linux-gnu/       && \
    cd .. && rm -rf openssl-1.1.1q && rm -rf openssl-1.1.1q.tar.gz

# Install a recent version of cmake
RUN curl -LO https://github.com/Kitware/CMake/releases/download/v3.24.2/cmake-3.24.2-linux-x86_64.sh && \
    chmod u+x ./cmake-3.24.2-linux-x86_64.sh                                                         && \
    ./cmake-3.24.2-linux-x86_64.sh --skip-license --prefix=/usr/                                     && \
    rm -rf ./cmake-3.24.2-linux-x86_64.sh

# Install a recent version of python3
RUN curl -LO https://www.python.org/ftp/python/3.10.7/Python-3.10.7.tgz && \
    tar xzvf Python-3.10.7.tgz                                          && \
    cd Python-3.10.7                                                    && \
    CC=clang-11 CXX=clang++-11 CFLAGS="-fPIC -m64"                         \
    ./configure                                                            \
      --enable-shared                                                      \
      --disable-ipv6                                                       \
      --host=x86_64-linux-gnu                                              \
      --target=x86_64-linux-gnu                                            \
      --build=x86_64-linux-gnu                                             \
      --disable-test-modules                                            && \
    make -j$(nproc) install                                             && \
    mv /usr/local/lib/libpython3.10.so.1.0 /usr/lib/x86_64-linux-gnu/   && \
    cd .. && rm -rf Python-3.10.7.tgz && rm -rf Python-3.10.7

For a maximum of compatibility I was using the Debian stretch image which was released in 2020 but if you strongly need a 2022 version we can switch to the ubuntu:22.04 image.

For the LLVM pre-built archive, it was generated from this image with the following command:

docker run --rm \
       -v <path>/o-mvll/OMVLL:/o-mvll \
       -v <path>/LLVM/android-toolchain-llvm-project:/LLVM \
       openobfuscator/omvll-ndk bash /o-mvll/scripts/docker/deps/compile_llvm_r25.sh
weliveindetail commented 1 year ago

Clang frontend rework uncovered an issue with this PR. The build bot has a weird entry target=None in its set of "available features" when running the test-suite:

-Available features are: {'system-linux', 'shell', 'host-platform-linux', 'host-arch-x86', 'aarch64-registered-target', 'bpf-registered-target', 'x86-registered-target', 'arm-registered-target'}
+Available features are: {'system-linux', 'shell', 'host-platform-linux', 'host-arch-x86', 'target=None', 'aarch64-registered-target', 'x86-registered-target'}

It appears to be the reason for the test failure in https://github.com/build38/o-mvll/actions/runs/5521114156/jobs/10068744247. We should investigate it when/before moving on with this PR.