Skip to content

FAQ and Recommendations

Christoph Diehl edited this page Apr 15, 2019 · 7 revisions

Manually re-build images

Locally

In order to send tasks to Travis CI from the CLI you need to obtain a token first. Either by running:

travis login --org | --com
travis token --org | --com

Or by visiting: https://travis-ci.org/profile or https://travis-ci.com/profile respectively.

Next, go and open up the .travis.yml file and make your modifications. If you only want to rebuild FuzzOS, go to the scripts section, remove the line with the build task for /services and save. Then run the following command:

python3 ./monorepo.py -ci travis-api -token <token>

If you are using a pro account attach -pro and if your repository is not mozillasecurity/orion use the -repo parameter to specify your own repository. You can also use your own .travis.yml configuration by using the -conf parameter.

Debug with Travis CI

The Docker container based approach is officially deprecated and does not work anymore. Please take a look here for the recommended alternative.

Checkout GitHub releases without API token

  1. You have an image in which rg is available
# shellcheck disable=SC1090
source ~/.common.sh
LATEST_VERSION=$(get_latest_github_release "owner/repo-name")
  1. You have an image in which "rg" is not available
LATEST_VERSION=$( \
    curl -sL "https://github.com/<owner/repo-name>/releases/latest" \
    | grep -o 'tag/[v.0-9]*' \
    | awk -F/ '{print $2}' \
    )

In both cases you can then download the latest released version with:

retry curl -LO "https://github.com/<owner/repo-name>/releases/download/$LATEST_VERSION/<archive>.<extension>"

The content of archive.extension can be obtained from the GitHub release page.

Play with FuzzOS inside the browser

"Play With Docker" is a project sponsored by Docker Inc.

  • Browse to Play With Docker
  • Login with your Docker account.
  • Press ADD NEW INSTANCE and enter docker run --rm -it mozillasecurity/fuzzos

You can upload files via drag 'n' drop or optionally login via SSH. It is also possible to let PWD point to your docker-compose configuration and setup a swarm. Example: https://labs.play-with-docker.com/?stack=https://raw.githubusercontent.com/XYZ/docker-compose.yml

Keep in mind that this is only for testing purpose and to read their motd.

Exit traps

Example use case: Disabling AWS EC2 Pools in FuzzManager

source ~/.common.sh contains the function disable-ec2-pool which needs the instance id as parameter. You can create a trap EXIT function to make sure this call is guranteed even if the scripts aborts due to errors. See setup.sh for LibFuzzer.

Data

Purge useless data

Images which inherit from FuzzOS can call $HOME/.bin/cleanup.sh (defined in recipe/cleanup.sh of FuzzOS) after installation routines of i.e apt-get to trigger some common cleanup routines.

Copy files from an image to the host

docker create --name foo -it IMAGE_NAME
docker cp foo:/src/ /dst/
docker rm -fv foo