Loading maintainers/maintainer-list.nix +6 −0 Original line number Diff line number Diff line Loading @@ -7757,6 +7757,12 @@ githubId = 411447; name = "Leo Gaspard"; }; ekzyis = { email = "ramdip.singhgill@gmail.com"; github = "ekzyis"; githubId = 27162016; name = "Ramdip Gill"; }; elasticdog = { email = "aaron@elasticdog.com"; github = "elasticdog"; Loading pkgs/tools/security/aflplusplus/default.nix +46 −3 Original line number Diff line number Diff line Loading @@ -17,6 +17,7 @@ wine ? null, cmocka, llvmPackages, withNyx ? false, }: # wine fuzzing is only known to work for win32 binaries, and using a mixture of Loading @@ -24,6 +25,10 @@ # a full 32bit version of this package if you want to do wine fuzzing assert (wine != null) -> (stdenv.targetPlatform.system == "i686-linux"); # nyx mode is only available on x86_64-linux, # see nyx_mode/build_nyx_support.sh in source code of aflplusplus assert withNyx -> (stdenv.targetPlatform.system == "x86_64-linux"); let aflplusplus-qemu = callPackage ./qemu.nix { }; qemu-exe-name = Loading @@ -35,6 +40,17 @@ let throw "aflplusplus: no support for ${stdenv.targetPlatform.system}!"; libdislocator = callPackage ./libdislocator.nix { inherit aflplusplus; }; libtokencap = callPackage ./libtokencap.nix { inherit aflplusplus; }; libnyx = if withNyx then callPackage ./nyx_mode/libnyx/libnyx.nix { inherit aflplusplus; } else null; qemu-nyx = if withNyx then callPackage ./nyx_mode/QEMU-Nyx/qemu-nyx.nix { inherit aflplusplus; } else null; nyx-packer = if withNyx then callPackage ./nyx_mode/packer/packer.nix { inherit aflplusplus qemu-nyx; } else null; aflplusplus = stdenvNoCC.mkDerivation rec { pname = "aflplusplus"; version = "4.35c"; Loading @@ -43,7 +59,12 @@ let owner = "AFLplusplus"; repo = "AFLplusplus"; tag = "v${version}"; hash = "sha256-j5YH39JKcjYuDqyl+KRMtgn3UoeWEW1z7m4ysf2uilc="; hash = if withNyx then "sha256-srHrYPEb0UAP/G9cOxJOZ9D6v9pxqez28suPsa70E2M=" else "sha256-j5YH39JKcjYuDqyl+KRMtgn3UoeWEW1z7m4ysf2uilc="; fetchSubmodules = withNyx; }; enableParallelBuilding = true; Loading @@ -68,6 +89,10 @@ let # warning: "_FORTIFY_SOURCE" redefined hardeningDisable = [ "fortify" ]; # We build nyx mode dependencies ourselves, so this patch skips # build_nyx_support.sh in the aflplusplus source code. It also skips # test-nyx-mode.sh because we can't test nyx mode in the sandbox. patches = lib.optional withNyx ./nyx_mode/nyx_mode.patch; postPatch = '' # Don't care about this. rm Android.bp Loading @@ -94,6 +119,9 @@ let substituteInPlace GNUmakefile.llvm \ --replace-fail "\$(LLVM_BINDIR)/clang" "${clang}/bin/clang" '' + lib.optionalString withNyx '' patchShebangs nyx_mode/build_nyx_support.sh ''; env.NIX_CFLAGS_COMPILE = toString [ Loading Loading @@ -145,7 +173,15 @@ let --replace-fail "cgdelete" "${libcgroup}/bin/cgdelete" patchShebangs $out/bin '' + lib.optionalString withNyx '' # Use same FHS as if built from source using build_nyx_support.sh. This # means libnyx.so must be next to afl binaries and nyx_mode dependencies # are in nyx_mode/. cp ${libnyx}/lib/libnyx.so $out/bin mkdir $out/nyx_mode ln -s ${nyx-packer} $out/nyx_mode/packer ln -s ${qemu-nyx} $out/nyx_mode/QEMU-Nyx '' + lib.optionalString (wine != null) '' substitute afl-wine-trace $out/bin/afl-wine-trace \ Loading @@ -166,6 +202,7 @@ let file cmocka ]; doInstallCheck = true; installCheckPhase = '' runHook preInstallCheck Loading @@ -191,7 +228,13 @@ let ''; passthru = { inherit libdislocator libtokencap; inherit libdislocator libtokencap libnyx nyx-packer qemu-nyx ; qemu = aflplusplus-qemu; }; Loading pkgs/tools/security/aflplusplus/nyx_mode/QEMU-Nyx/qemu-nyx.nix 0 → 100644 +77 −0 Original line number Diff line number Diff line { stdenv, lib, fetchFromGitHub, python3, pkg-config, flex, bison, glib, pixman, aflplusplus, }: # this derivation assumes x86_64-linux assert stdenv.targetPlatform.system == "x86_64-linux"; stdenv.mkDerivation { version = builtins.readFile (aflplusplus.src + "/nyx_mode/QEMU_NYX_VERSION"); pname = "QEMU-Nyx"; src = aflplusplus.src; postUnpack = '' sourceRoot="$sourceRoot/nyx_mode/QEMU-Nyx" ''; # same flags for ./configure as ./compile_qemu_nyx.sh static would set configureFlags = [ "--target-list=x86_64-softmmu" "--disable-docs" "--disable-gtk" "--disable-werror" "--disable-capstone" "--disable-libssh" "--disable-tools" "--enable-nyx" "--enable-nyx-static" ]; nativeBuildInputs = [ python3 pkg-config flex bison ]; buildInputs = [ glib pixman ]; enableParallelBuilding = true; preConfigure = '' CAPSTONE_ROOT=$PWD/capstone_v4 LIBXDC_ROOT=$PWD/libxdc make -C $CAPSTONE_ROOT -j$(nproc) make -C $LIBXDC_ROOT -j$(nproc) clean # For some reason the Makefile of libxdc clears LDFLAGS; we remove that line # so ld can find libcapstone.so.4 sed -i '3d' $LIBXDC_ROOT/Makefile NO_LTO=1 LDFLAGS="-L$CAPSTONE_ROOT -L$LIBXDC_ROOT" CFLAGS="-I$CAPSTONE_ROOT/include/" make -C $LIBXDC_ROOT -j$(nproc) export LIBS="-L$CAPSTONE_ROOT -L$LIBXDC_ROOT/" export QEMU_CFLAGS="-I$CAPSTONE_ROOT/include/ -I$LIBXDC_ROOT/ $QEMU_CFLAGS" ''; meta = { homepage = "https://github.com/nyx-fuzz/QEMU-Nyx"; description = "Nyx's fork of QEMU"; license = lib.licenses.gpl2Only; platforms = lib.platforms.x86_64; maintainers = with lib.maintainers; [ ekzyis ]; }; } pkgs/tools/security/aflplusplus/nyx_mode/libnyx/Cargo.lock 0 → 100644 +1242 −0 File added.Preview size limit exceeded, changes collapsed. Show changes pkgs/tools/security/aflplusplus/nyx_mode/libnyx/libnyx.nix 0 → 100644 +39 −0 Original line number Diff line number Diff line { lib, stdenv, rustPlatform, aflplusplus, python3, }: rustPlatform.buildRustPackage { version = builtins.readFile (aflplusplus.src + "/nyx_mode/LIBNYX_VERSION"); pname = "libnyx"; src = aflplusplus.src; postUnpack = '' sourceRoot="$sourceRoot/nyx_mode/libnyx/libnyx" cp ${./Cargo.lock} "$sourceRoot/Cargo.lock" ''; cargoLock = { lockFile = ./Cargo.lock; }; doCheck = false; installPhase = '' runHook preInstall mkdir -p $out/lib cp "target/${stdenv.hostPlatform.rust.rustcTarget}/release/liblibnyx.so" $out/lib/libnyx.so runHook postInstall ''; meta = { homepage = "https://github.com/nyx-fuzz/libnyx"; description = "Rust library to build hypervisor-based snapshot fuzzers"; license = lib.licenses.gpl2Only; platforms = lib.platforms.linux; maintainers = with lib.maintainers; [ ekzyis ]; }; } Loading
maintainers/maintainer-list.nix +6 −0 Original line number Diff line number Diff line Loading @@ -7757,6 +7757,12 @@ githubId = 411447; name = "Leo Gaspard"; }; ekzyis = { email = "ramdip.singhgill@gmail.com"; github = "ekzyis"; githubId = 27162016; name = "Ramdip Gill"; }; elasticdog = { email = "aaron@elasticdog.com"; github = "elasticdog"; Loading
pkgs/tools/security/aflplusplus/default.nix +46 −3 Original line number Diff line number Diff line Loading @@ -17,6 +17,7 @@ wine ? null, cmocka, llvmPackages, withNyx ? false, }: # wine fuzzing is only known to work for win32 binaries, and using a mixture of Loading @@ -24,6 +25,10 @@ # a full 32bit version of this package if you want to do wine fuzzing assert (wine != null) -> (stdenv.targetPlatform.system == "i686-linux"); # nyx mode is only available on x86_64-linux, # see nyx_mode/build_nyx_support.sh in source code of aflplusplus assert withNyx -> (stdenv.targetPlatform.system == "x86_64-linux"); let aflplusplus-qemu = callPackage ./qemu.nix { }; qemu-exe-name = Loading @@ -35,6 +40,17 @@ let throw "aflplusplus: no support for ${stdenv.targetPlatform.system}!"; libdislocator = callPackage ./libdislocator.nix { inherit aflplusplus; }; libtokencap = callPackage ./libtokencap.nix { inherit aflplusplus; }; libnyx = if withNyx then callPackage ./nyx_mode/libnyx/libnyx.nix { inherit aflplusplus; } else null; qemu-nyx = if withNyx then callPackage ./nyx_mode/QEMU-Nyx/qemu-nyx.nix { inherit aflplusplus; } else null; nyx-packer = if withNyx then callPackage ./nyx_mode/packer/packer.nix { inherit aflplusplus qemu-nyx; } else null; aflplusplus = stdenvNoCC.mkDerivation rec { pname = "aflplusplus"; version = "4.35c"; Loading @@ -43,7 +59,12 @@ let owner = "AFLplusplus"; repo = "AFLplusplus"; tag = "v${version}"; hash = "sha256-j5YH39JKcjYuDqyl+KRMtgn3UoeWEW1z7m4ysf2uilc="; hash = if withNyx then "sha256-srHrYPEb0UAP/G9cOxJOZ9D6v9pxqez28suPsa70E2M=" else "sha256-j5YH39JKcjYuDqyl+KRMtgn3UoeWEW1z7m4ysf2uilc="; fetchSubmodules = withNyx; }; enableParallelBuilding = true; Loading @@ -68,6 +89,10 @@ let # warning: "_FORTIFY_SOURCE" redefined hardeningDisable = [ "fortify" ]; # We build nyx mode dependencies ourselves, so this patch skips # build_nyx_support.sh in the aflplusplus source code. It also skips # test-nyx-mode.sh because we can't test nyx mode in the sandbox. patches = lib.optional withNyx ./nyx_mode/nyx_mode.patch; postPatch = '' # Don't care about this. rm Android.bp Loading @@ -94,6 +119,9 @@ let substituteInPlace GNUmakefile.llvm \ --replace-fail "\$(LLVM_BINDIR)/clang" "${clang}/bin/clang" '' + lib.optionalString withNyx '' patchShebangs nyx_mode/build_nyx_support.sh ''; env.NIX_CFLAGS_COMPILE = toString [ Loading Loading @@ -145,7 +173,15 @@ let --replace-fail "cgdelete" "${libcgroup}/bin/cgdelete" patchShebangs $out/bin '' + lib.optionalString withNyx '' # Use same FHS as if built from source using build_nyx_support.sh. This # means libnyx.so must be next to afl binaries and nyx_mode dependencies # are in nyx_mode/. cp ${libnyx}/lib/libnyx.so $out/bin mkdir $out/nyx_mode ln -s ${nyx-packer} $out/nyx_mode/packer ln -s ${qemu-nyx} $out/nyx_mode/QEMU-Nyx '' + lib.optionalString (wine != null) '' substitute afl-wine-trace $out/bin/afl-wine-trace \ Loading @@ -166,6 +202,7 @@ let file cmocka ]; doInstallCheck = true; installCheckPhase = '' runHook preInstallCheck Loading @@ -191,7 +228,13 @@ let ''; passthru = { inherit libdislocator libtokencap; inherit libdislocator libtokencap libnyx nyx-packer qemu-nyx ; qemu = aflplusplus-qemu; }; Loading
pkgs/tools/security/aflplusplus/nyx_mode/QEMU-Nyx/qemu-nyx.nix 0 → 100644 +77 −0 Original line number Diff line number Diff line { stdenv, lib, fetchFromGitHub, python3, pkg-config, flex, bison, glib, pixman, aflplusplus, }: # this derivation assumes x86_64-linux assert stdenv.targetPlatform.system == "x86_64-linux"; stdenv.mkDerivation { version = builtins.readFile (aflplusplus.src + "/nyx_mode/QEMU_NYX_VERSION"); pname = "QEMU-Nyx"; src = aflplusplus.src; postUnpack = '' sourceRoot="$sourceRoot/nyx_mode/QEMU-Nyx" ''; # same flags for ./configure as ./compile_qemu_nyx.sh static would set configureFlags = [ "--target-list=x86_64-softmmu" "--disable-docs" "--disable-gtk" "--disable-werror" "--disable-capstone" "--disable-libssh" "--disable-tools" "--enable-nyx" "--enable-nyx-static" ]; nativeBuildInputs = [ python3 pkg-config flex bison ]; buildInputs = [ glib pixman ]; enableParallelBuilding = true; preConfigure = '' CAPSTONE_ROOT=$PWD/capstone_v4 LIBXDC_ROOT=$PWD/libxdc make -C $CAPSTONE_ROOT -j$(nproc) make -C $LIBXDC_ROOT -j$(nproc) clean # For some reason the Makefile of libxdc clears LDFLAGS; we remove that line # so ld can find libcapstone.so.4 sed -i '3d' $LIBXDC_ROOT/Makefile NO_LTO=1 LDFLAGS="-L$CAPSTONE_ROOT -L$LIBXDC_ROOT" CFLAGS="-I$CAPSTONE_ROOT/include/" make -C $LIBXDC_ROOT -j$(nproc) export LIBS="-L$CAPSTONE_ROOT -L$LIBXDC_ROOT/" export QEMU_CFLAGS="-I$CAPSTONE_ROOT/include/ -I$LIBXDC_ROOT/ $QEMU_CFLAGS" ''; meta = { homepage = "https://github.com/nyx-fuzz/QEMU-Nyx"; description = "Nyx's fork of QEMU"; license = lib.licenses.gpl2Only; platforms = lib.platforms.x86_64; maintainers = with lib.maintainers; [ ekzyis ]; }; }
pkgs/tools/security/aflplusplus/nyx_mode/libnyx/Cargo.lock 0 → 100644 +1242 −0 File added.Preview size limit exceeded, changes collapsed. Show changes
pkgs/tools/security/aflplusplus/nyx_mode/libnyx/libnyx.nix 0 → 100644 +39 −0 Original line number Diff line number Diff line { lib, stdenv, rustPlatform, aflplusplus, python3, }: rustPlatform.buildRustPackage { version = builtins.readFile (aflplusplus.src + "/nyx_mode/LIBNYX_VERSION"); pname = "libnyx"; src = aflplusplus.src; postUnpack = '' sourceRoot="$sourceRoot/nyx_mode/libnyx/libnyx" cp ${./Cargo.lock} "$sourceRoot/Cargo.lock" ''; cargoLock = { lockFile = ./Cargo.lock; }; doCheck = false; installPhase = '' runHook preInstall mkdir -p $out/lib cp "target/${stdenv.hostPlatform.rust.rustcTarget}/release/liblibnyx.so" $out/lib/libnyx.so runHook postInstall ''; meta = { homepage = "https://github.com/nyx-fuzz/libnyx"; description = "Rust library to build hypervisor-based snapshot fuzzers"; license = lib.licenses.gpl2Only; platforms = lib.platforms.linux; maintainers = with lib.maintainers; [ ekzyis ]; }; }
