-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathDockerfile.prereq
112 lines (94 loc) · 4.32 KB
/
Dockerfile.prereq
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# This file builds enough tools into a Linux distro to be useful for
# general software building.
# docker build -f Dockerfile.prereq -t ghcr.io/cmu-sei/redemption-prereq .
# To correct the time zone, run:
# dpkg-reconfigure tzdata
# <legal>
# 'Redemption' Automated Code Repair Tool
#
# Copyright 2023, 2024 Carnegie Mellon University.
#
# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING
# INSTITUTE MATERIAL IS FURNISHED ON AN 'AS-IS' BASIS. CARNEGIE MELLON
# UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED,
# AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR
# PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF
# THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY
# KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT
# INFRINGEMENT.
#
# Licensed under a MIT (SEI)-style license, please see License.txt or
# contact [email protected] for full terms.
#
# [DISTRIBUTION STATEMENT A] This material has been approved for public
# release and unlimited distribution. Please see Copyright notice for
# non-US Government use and distribution.
#
# This Software includes and/or makes use of Third-Party Software each
# subject to its own license.
#
# DM23-2165
# </legal>
FROM ubuntu:noble
# Apt packages
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends \
gcc mingw-w64 make autoconf zip wget git gnupg ca-certificates tzdata \
&& apt-get --purge -y autoremove \
&& apt-get clean
# Clang (v15)
# Yes, we are installing vanilla clang 15 so that we can use it to build our enhanced clang-15.
# And we are using clang-tidy v16, but everything else should be v15
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends \
clang-15 clang-tools-15 libclang-15-dev libclang1-15 clang-format-15 python3-clang-15 clangd-15 \
clang-tidy-16 \
llvm-15-dev cmake \
&& apt-get --purge -y autoremove \
&& apt-get clean \
&& ln -s /usr/bin/clang-15 /usr/bin/clang \
&& ln -s /usr/bin/clang++-15 /usr/bin/clang++
# Other packages
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends \
bear sqlite3 po4a python3-pytest iputils-ping iputils-tracepath patchutils \
ninja-build lld zlib1g-dev libtinfo-dev libxml2-dev \
&& apt-get --purge -y autoremove \
&& apt-get clean
#####################################################################
#
# add certificates required before cloning
#
#####################################################################
# if you receive any git-related errors due to certs then add your
# org's certs here
COPY cert/* /usr/local/share/ca-certificates/
RUN /usr/sbin/update-ca-certificates
#####################################################################
#
# modified clang based on 15.0.7
#
#####################################################################
RUN mkdir /opt/clang && \
git clone --depth=1 --branch llvmorg-15.0.7 https://github.com/llvm/llvm-project.git /opt/clang
# modified AST traverser required to be compiled into clang. these files exist within
# the redemption code base
COPY /code/clang/*.h /opt/clang/clang/include/clang/AST/
COPY /code/clang/*.cpp /opt/clang/clang/lib/AST/
RUN mkdir /opt/clang/build && \
cmake -G Ninja -S/opt/clang/llvm -B/opt/clang/build -DLLVM_ENABLE_PROJECTS="clang" -DLLVM_USE_LINKER=lld -DLLVM_BUILD_TESTS=OFF -DLLVM_TARGETS_TO_BUILD="X86" -DLLVM_BUILD_EXAMPLES=OFF -DLLVM_INCLUDE_EXAMPLES=OFF -DLLVM_LIBDIR_SUFFIX=64 -DCMAKE_BUILD_TYPE=Release && \
ninja -C /opt/clang/build
# clang is built in /opt/clang/build/bin
LABEL org.opencontainers.image.source=https://github.com/cmu-sei/redemption
CMD ["/bin/bash"]
# code/acr/SortedCollection.py was manually downloaded from
# https://code.activestate.com/recipes/577197-sortedcollection/
# License: MIT
# doc/examples/codebase/dos2unix-7.5.2 is used as an example (in doc/examples/codebase)
# but is not part of this distribution.
# https://dos2unix.sourceforge.io/
# License: FreeBSD-style
# doc/examples/separate_build/wrk-4.2.0 is used as an example (in doc/examples/separate_build)
# but is not part of this distribution.
# https://github.com/wg/wrk
# License: Modified Apache License 2.0