kernelCTF: GHA: fix repro_log archiving and exploit_info propagation …

…bugs
google · Nov 1, 2023 · d020b73 · d020b73
1 parent 9f825b9
commit d020b73
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 7 deletions.
diff --git a/.github/workflows/kernelctf-submission-verification.yaml b/.github/workflows/kernelctf-submission-verification.yaml
@@ -21,6 +21,7 @@ jobs:
     outputs:
       targets: ${{ steps.check_submission.outputs.targets }}
       submission_dir: ${{ steps.check_submission.outputs.submission_dir }}
+      exploits_info: ${{ steps.check_submission.outputs.exploits_info }}
     steps:
       - run: pip install -U jsonschema
 
@@ -114,7 +115,7 @@ jobs:
     env:
       RELEASE_ID: ${{ matrix.target }}
       SUBMISSION_DIR: ${{ needs.structure_check.outputs.submission_dir }}
-      EXPLOIT_INFO: ${{ needs.structure_check.outputs[format('exploit_info_{0}', matrix.target)] }}
+      EXPLOIT_INFO: ${{ fromJSON(needs.structure_check.outputs.exploits_info)[matrix.target] }}
     defaults:
       run:
         shell: bash
@@ -208,7 +209,7 @@ jobs:
         uses: actions/upload-artifact@v3
         with:
           name: repro_logs_${{ env.RELEASE_ID }}
-          path: repro_log_*.txt
+          path: ./kernelctf/repro/repro_log_*.txt
 
       - name: Reproduction // Summary
         env:

diff --git a/kernelctf/check-submission.py b/kernelctf/check-submission.py
@@ -141,14 +141,13 @@ def summary(success, text):
 ghSet("OUTPUT", "targets=" + json.dumps([f for f in flagTargets]))
 ghSet("OUTPUT", f"submission_dir={subDirName}")
 
+exploits_info = {}
 for target in flagTargets:
     if schemaVersion >= 3:
         exploit_info = metadata["exploits"].get(target)
         if not exploit_info: continue
-        exploit_info = { key: exploit_info[key] for key in ["uses", "requires_separate_kaslr_leak"] if key in exploit_info }
-    else:
-        exploit_info = {}
-    ghSet("OUTPUT", f"exploit_info_{target}={json.dumps(exploit_info)}")
+        exploits_info[target] = { key: exploit_info[key] for key in ["uses", "requires_separate_kaslr_leak"] if key in exploit_info }
+ghSet("OUTPUT", f"exploits_info={json.dumps(exploits_info)}")
 
 summary(True, f"✅ The file structure verification of the PR was successful!")
 
diff --git a/kernelctf/repro/repro.sh b/kernelctf/repro/repro.sh
@@ -17,7 +17,7 @@ touch $QEMU_TXT
 START_TIME=$(date +%s)
 
 CMDLINE="console=ttyS0 root=/dev/vda1 rootfstype=ext4 rootflags=discard ro init=/init hostname=repro"
-if echo $EXPLOIT_INFO | jq -e '.requires_separate_kaslr_leak'; then CMDLINE="$CMDLINE -- kaslr_leak=1"; fi
+if [[ "$(echo $EXPLOIT_INFO | jq -e '.requires_separate_kaslr_leak')" == true ]]; then CMDLINE="$CMDLINE -- kaslr_leak=1"; fi
 
 expect -c '
     set timeout -1