rauc: initial integration

[jluebbe]

No description provided.

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[github-actions]

jluebbe is integrating a new project:
- Main repo: https://github.com/rauc/rauc.git
- Criticality score: 0.66234

[jonathanmetzman]

Let me know the answers to these questions so i can ask the committee to approve this project.
Who uses rauc? Why is it critical software?

[jluebbe]

Who uses rauc?

RAUC is a system update tool, primarily for embedded systems. It is used by device manufacturers and system integrators. Some publicly known users are:

• Valve Steam Deck
• IKEA DIRIGERA hub
• CESNET velia
• Eclipse SDV Leda
• Home Assistant OS
• DB Systel Linux4ICE passenger info displays

Why is it critical software?

As a system updater, it necessarily has full root privileges and is an attractive target for attacks. Accordingly, secure authentication of the update payload is critical.

[jonathanmetzman]

Who uses rauc?

RAUC is a system update tool, primarily for embedded systems. It is used by device manufacturers and system integrators. Some publicly known users are:

• Valve Steam Deck
• IKEA DIRIGERA hub
• CESNET velia
• Eclipse SDV Leda
• Home Assistant OS
• DB Systel Linux4ICE passenger info displays

Why is it critical software?

As a system updater, it necessarily has full root privileges and is an attractive target for attacks. Accordingly, secure authentication of the update payload is critical.

Cool. Asking the committee

[jonathanmetzman]

We are glad to have rauc, we accept.

I think youre building the UBSAN build with ASAN:

('/tmp/not-out/tmpi1pzigzf/manifest_fuzzer', CompletedProcess(args=['bad_build_check', '/tmp/not-out/tmpi1pzigzf/manifest_fuzzer'], returncode=1, stdout=b'BAD BUILD: UBSan build of /tmp/not-out/tmpi1pzigzf/manifest_fuzzer seems to be compiled with ASan.\n', stderr=b''))
BAD BUILD: UBSan build of /tmp/not-out/tmpi1pzigzf/manifest_fuzzer seems to be compiled with ASan.

('/tmp/not-out/tmpi1pzigzf/bundle_fuzzer', CompletedProcess(args=['bad_build_check', '/tmp/not-out/tmpi1pzigzf/bundle_fuzzer'], returncode=1, stdout=b'BAD BUILD: UBSan build of /tmp/not-out/tmpi1pzigzf/bundle_fuzzer seems to be compiled with ASan.\n', stderr=b''))
BAD BUILD: UBSan build of /tmp/not-out/tmpi1pzigzf/bundle_fuzzer seems to be compiled with ASan.

Can you fix this issue? THen we will merge

[jluebbe]

@jonathanmetzman With rauc/rauc#1247 I should have fixed the UBSAN issue.

[jonathanmetzman]

lgtm

[jluebbe]

@jonathanmetzman It seems to me that the fuzzing has not started yet, while from the documentation it sounds like it should start working after one or two days.

https://introspector.oss-fuzz.com/indexing-overview reports failed coverage and inspector builds:

https://oss-fuzz-build-logs.storage.googleapis.com/log-045a10f6-2eeb-4ed8-ae48-b5a4c3116b7f.txt

Step #5: unzip: cannot find zipfile directory in one of /corpus/bundle_fuzzer.zip or
Step #5: /corpus/bundle_fuzzer.zip.zip, and cannot find /corpus/bundle_fuzzer.zip.ZIP, period.
Step #5: Failed to unpack the corpus for bundle_fuzzer. This usually means that corpus backup for a particular fuzz target does not exist. If a fuzz target was added in the last 24 hours, please wait one more day. Otherwise, something is wrong with the fuzz target or the infrastructure, and corpus pruning task does not finish successfully.

Also, https://oss-fuzz.com/ reports "Access Denied" for both jluebbe@lasnet.de and jlu@pengutronix.de.

Is something going wrong or should I just wait some more? :)