From 6d12c939f7936fb605a0a87e8d40eee43d572d69 Mon Sep 17 00:00:00 2001 From: KubaZ2 Date: Thu, 10 Oct 2024 20:50:25 +0200 Subject: [PATCH 1/5] Improve building --- .github/workflows/dotnet.yml | 20 ++++++++++ Backend/Sandbox/Asm/Dockerfile | 37 +++--------------- Backend/Sandbox/CheckedRuntime/Dockerfile | 38 +++++++++++++++++++ .../Sandbox/CheckedRuntime/docker-compose.yml | 6 +++ Sharp.sln | 7 ++++ 5 files changed, 76 insertions(+), 32 deletions(-) create mode 100644 Backend/Sandbox/CheckedRuntime/Dockerfile create mode 100644 Backend/Sandbox/CheckedRuntime/docker-compose.yml diff --git a/.github/workflows/dotnet.yml b/.github/workflows/dotnet.yml index d012dec..1dbf832 100644 --- a/.github/workflows/dotnet.yml +++ b/.github/workflows/dotnet.yml @@ -59,6 +59,26 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Check if checked runtime changed + uses: dorny/paths-filter@v3 + id: checkedruntime + with: + filters: | + checkedruntime: + - 'Backend/Sandbox/CheckedRuntime/**' + + - name: Build and push checked runtime + if: steps.checkedruntime.outputs.checkedruntime == 'true' + uses: docker/bake-action@v5 + with: + source: . + workdir: Backend/Sandbox/CheckedRuntime + push: true + set: | + *.platform=linux/amd64,linux/arm64 + *.cache-from=type=gha + *.cache-to=type=gha,mode=min + - name: Build and push bot uses: docker/bake-action@v5 with: diff --git a/Backend/Sandbox/Asm/Dockerfile b/Backend/Sandbox/Asm/Dockerfile index c75e8ed..5b240b0 100644 --- a/Backend/Sandbox/Asm/Dockerfile +++ b/Backend/Sandbox/Asm/Dockerfile @@ -1,9 +1,7 @@ ARG DOTNET_SDK_VERSION=8.0 ARG DOTNET_RUNTIME_VERSION=8.0.7 -ARG OS=ubuntu -ARG OS_VERSION=24.04 ARG OS_CODENAME=noble -ARG MINUS_PREFIXED_PLATFORM_IF_NOT_AMD64 +ARG CHECKED_RUNTIME_IMAGE=ghcr.io/kubaz2/sharp/checked-runtime:$DOTNET_RUNTIME_VERSION FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:$DOTNET_SDK_VERSION AS build-env WORKDIR /src @@ -23,41 +21,16 @@ COPY Backend/Sandbox/Asm Backend/Sandbox/Asm RUN dotnet publish Backend/Sandbox/Asm/Asm.csproj -c Release -o /app -FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet-buildtools/prereqs:$OS-$OS_VERSION$MINUS_PREFIXED_PLATFORM_IF_NOT_AMD64 AS runtime-build-env -WORKDIR /runtime -ARG DOTNET_RUNTIME_VERSION -ARG OS_CODENAME -ARG TARGETARCH -ARG BUILDARCH - -RUN git clone --depth 1 --branch v$DOTNET_RUNTIME_VERSION https://github.com/dotnet/runtime.git . - -# Asserts fail when running in pwn.red/jail, so we need to remove them -RUN sed -i 247d src/coreclr/pal/src/misc/cgroup.cpp -RUN sed -i 666d src/coreclr/pal/src/sync/cs.cpp - -RUN if [ $TARGETARCH = $BUILDARCH ]; then \ - ./build.sh clr -c Checked; \ - else \ - case $TARGETARCH in \ - arm64) BINUTILS_ARCH=aarch64 DOTNET_ARCH=arm64 ;; \ - arm) BINUTILS_ARCH=arm DOTNET_ARCH=arm ;; \ - amd64) BINUTILS_ARCH=x86-64 DOTNET_ARCH=x64 ;; \ - x86) BINUTILS_ARCH=i686 DOTNET_ARCH=x86 ;; \ - *) echo "Unsupported target architecture: $TARGETARCH" && exit 1 ;; \ - esac && \ - sudo apt update -y && sudo apt install -y qemu-user-static binfmt-support debootstrap binutils-$BINUTILS_ARCH-linux-gnu && \ - ln -s /usr/bin/llvm-objcopy-14 /usr/bin/llvm-objcopy && \ - sudo ./eng/common/cross/build-rootfs.sh $DOTNET_ARCH $OS_CODENAME && \ - ROOTFS_DIR=/runtime/.tools/rootfs/$DOTNET_ARCH ./build.sh clr -c Checked -a $DOTNET_ARCH --cross; \ - fi +# 'docker buildx use default' is needed to use local 'ghcr.io/kubaz2/sharp/checked-runtime' image +FROM --platform=$BUILDPLATFORM ghcr.io/kubaz2/sharp/checked-runtime:$DOTNET_RUNTIME_VERSION AS checked-runtime FROM mcr.microsoft.com/dotnet/runtime:$DOTNET_RUNTIME_VERSION-$OS_CODENAME AS runtime ARG DOTNET_RUNTIME_VERSION +ARG CHECKED_RUNTIME_IMAGE COPY --from=build-env /app /app -COPY --from=runtime-build-env /runtime/artifacts/bin/coreclr/linux.*.*/libclrjit.so /usr/share/dotnet/shared/Microsoft.NETCore.App/$DOTNET_RUNTIME_VERSION/ +COPY --from=checked-runtime /runtime/libclrjit.so /usr/share/dotnet/shared/Microsoft.NETCore.App/$DOTNET_RUNTIME_VERSION/ FROM pwn.red/jail diff --git a/Backend/Sandbox/CheckedRuntime/Dockerfile b/Backend/Sandbox/CheckedRuntime/Dockerfile new file mode 100644 index 0000000..2b2c156 --- /dev/null +++ b/Backend/Sandbox/CheckedRuntime/Dockerfile @@ -0,0 +1,38 @@ +ARG DOTNET_RUNTIME_VERSION=8.0.7 +ARG OS=ubuntu +ARG OS_VERSION=24.04 +ARG OS_CODENAME=noble +ARG MINUS_PREFIXED_PLATFORM_IF_NOT_AMD64 + +FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet-buildtools/prereqs:$OS-$OS_VERSION$MINUS_PREFIXED_PLATFORM_IF_NOT_AMD64 AS build-env +WORKDIR /runtime +ARG DOTNET_RUNTIME_VERSION +ARG OS_CODENAME +ARG TARGETARCH +ARG BUILDARCH + +RUN git clone --depth 1 --branch v$DOTNET_RUNTIME_VERSION https://github.com/dotnet/runtime.git . + +# Asserts fail when running in pwn.red/jail, so we need to remove them +RUN sed -i 247d src/coreclr/pal/src/misc/cgroup.cpp +RUN sed -i 666d src/coreclr/pal/src/sync/cs.cpp + +RUN if [ $TARGETARCH = $BUILDARCH ]; then \ + ./build.sh clr -c Checked; \ + else \ + case $TARGETARCH in \ + arm64) BINUTILS_ARCH=aarch64 DOTNET_ARCH=arm64 ;; \ + arm) BINUTILS_ARCH=arm DOTNET_ARCH=arm ;; \ + amd64) BINUTILS_ARCH=x86-64 DOTNET_ARCH=x64 ;; \ + x86) BINUTILS_ARCH=i686 DOTNET_ARCH=x86 ;; \ + *) echo "Unsupported target architecture: $TARGETARCH" && exit 1 ;; \ + esac && \ + sudo apt update -y && sudo apt install -y qemu-user-static binfmt-support debootstrap binutils-$BINUTILS_ARCH-linux-gnu && \ + ln -s /usr/bin/llvm-objcopy-14 /usr/bin/llvm-objcopy && \ + sudo ./eng/common/cross/build-rootfs.sh $DOTNET_ARCH $OS_CODENAME && \ + ROOTFS_DIR=/runtime/.tools/rootfs/$DOTNET_ARCH ./build.sh clr -c Checked -a $DOTNET_ARCH --cross; \ + fi + +FROM --platform=$BUILDPLATFORM busybox:latest AS storage + +COPY --from=build-env /runtime/artifacts/bin/coreclr/linux.*.*/libclrjit.so /runtime/libclrjit.so diff --git a/Backend/Sandbox/CheckedRuntime/docker-compose.yml b/Backend/Sandbox/CheckedRuntime/docker-compose.yml new file mode 100644 index 0000000..769dec7 --- /dev/null +++ b/Backend/Sandbox/CheckedRuntime/docker-compose.yml @@ -0,0 +1,6 @@ +services: + build-reference: + build: + context: . + dockerfile: Dockerfile + image: ghcr.io/kubaz2/sharp/checked-runtime:8.0.7 diff --git a/Sharp.sln b/Sharp.sln index 8c3628d..4dc4874 100644 --- a/Sharp.sln +++ b/Sharp.sln @@ -34,6 +34,12 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Mobius.ILasm", "Bot\Mobius. EndProject Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Sharp.Runtime", "Sharp.Runtime\Sharp.Runtime.csproj", "{AF8C0407-4D7C-4DAE-9155-D4A784A621BA}" EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "CheckedRuntime", "CheckedRuntime", "{451D9195-4B8F-4FE7-ACA3-49393B72D46C}" + ProjectSection(SolutionItems) = preProject + Backend\Sandbox\CheckedRuntime\Dockerfile = Backend\Sandbox\CheckedRuntime\Dockerfile + Backend\Sandbox\CheckedRuntime\docker-compose.yml = Backend\Sandbox\CheckedRuntime\docker-compose.yml + EndProjectSection +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU @@ -110,6 +116,7 @@ Global {7C79AA2B-EF7A-4469-81D1-005FA8B51F79} = {E1FDC2B5-9366-4C2E-AEE5-4391EA3475CB} {C56987FC-826F-4C24-B463-C265C0B22FC1} = {CD2DD56C-299C-4B87-9D9E-20F5CAE78D08} {65B5DBEB-7DCD-440D-86C9-477BC5D9C4BD} = {CD2DD56C-299C-4B87-9D9E-20F5CAE78D08} + {451D9195-4B8F-4FE7-ACA3-49393B72D46C} = {E1FDC2B5-9366-4C2E-AEE5-4391EA3475CB} EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution SolutionGuid = {C72C4E95-468F-43BC-AC2C-4E6720CD713B} From bd6f823d063d3a8b1746de179ffb7a2d76696793 Mon Sep 17 00:00:00 2001 From: KubaZ2 Date: Thu, 10 Oct 2024 20:51:32 +0200 Subject: [PATCH 2/5] Remove check for test --- .github/workflows/dotnet.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dotnet.yml b/.github/workflows/dotnet.yml index 1dbf832..6a810c6 100644 --- a/.github/workflows/dotnet.yml +++ b/.github/workflows/dotnet.yml @@ -29,7 +29,7 @@ jobs: run: dotnet test --no-build --verbosity normal publish: - if: github.event_name == 'push' && github.ref == 'refs/heads/main' + # if: github.event_name == 'push' && github.ref == 'refs/heads/main' needs: test From e7f63539dd57af85b1f1827f9b9163625f4a1137 Mon Sep 17 00:00:00 2001 From: KubaZ2 Date: Thu, 10 Oct 2024 20:58:40 +0200 Subject: [PATCH 3/5] Remove unused arg --- Backend/Sandbox/Asm/Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Backend/Sandbox/Asm/Dockerfile b/Backend/Sandbox/Asm/Dockerfile index 5b240b0..f4b284d 100644 --- a/Backend/Sandbox/Asm/Dockerfile +++ b/Backend/Sandbox/Asm/Dockerfile @@ -1,7 +1,6 @@ ARG DOTNET_SDK_VERSION=8.0 ARG DOTNET_RUNTIME_VERSION=8.0.7 ARG OS_CODENAME=noble -ARG CHECKED_RUNTIME_IMAGE=ghcr.io/kubaz2/sharp/checked-runtime:$DOTNET_RUNTIME_VERSION FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:$DOTNET_SDK_VERSION AS build-env WORKDIR /src @@ -26,7 +25,6 @@ FROM --platform=$BUILDPLATFORM ghcr.io/kubaz2/sharp/checked-runtime:$DOTNET_RUNT FROM mcr.microsoft.com/dotnet/runtime:$DOTNET_RUNTIME_VERSION-$OS_CODENAME AS runtime ARG DOTNET_RUNTIME_VERSION -ARG CHECKED_RUNTIME_IMAGE COPY --from=build-env /app /app From 9beb57c6b990514d5a593edd293da39a2e3ea21e Mon Sep 17 00:00:00 2001 From: KubaZ2 Date: Thu, 10 Oct 2024 21:39:04 +0200 Subject: [PATCH 4/5] Restore the condition --- .github/workflows/dotnet.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dotnet.yml b/.github/workflows/dotnet.yml index 6a810c6..1dbf832 100644 --- a/.github/workflows/dotnet.yml +++ b/.github/workflows/dotnet.yml @@ -29,7 +29,7 @@ jobs: run: dotnet test --no-build --verbosity normal publish: - # if: github.event_name == 'push' && github.ref == 'refs/heads/main' + if: github.event_name == 'push' && github.ref == 'refs/heads/main' needs: test From 94d149ca52e0793fb055f98ecfe892790f30e30e Mon Sep 17 00:00:00 2001 From: KubaZ2 Date: Thu, 10 Oct 2024 21:43:07 +0200 Subject: [PATCH 5/5] Change the name --- Backend/Sandbox/CheckedRuntime/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Backend/Sandbox/CheckedRuntime/docker-compose.yml b/Backend/Sandbox/CheckedRuntime/docker-compose.yml index 769dec7..b2c9eb8 100644 --- a/Backend/Sandbox/CheckedRuntime/docker-compose.yml +++ b/Backend/Sandbox/CheckedRuntime/docker-compose.yml @@ -1,5 +1,5 @@ services: - build-reference: + checked-runtime: build: context: . dockerfile: Dockerfile