Skip to content

docs: Add DependencyInstaller.sh functionalities(-local and -prefix) to Build.md#9649

Merged
maliberty merged 3 commits into
The-OpenROAD-Project:masterfrom
alokkumardalei-wq:docs_depenency
Apr 15, 2026
Merged

docs: Add DependencyInstaller.sh functionalities(-local and -prefix) to Build.md#9649
maliberty merged 3 commits into
The-OpenROAD-Project:masterfrom
alokkumardalei-wq:docs_depenency

Conversation

@alokkumardalei-wq

@alokkumardalei-wq alokkumardalei-wq commented Mar 5, 2026

Copy link
Copy Markdown
Contributor

What does this PR do?

Fixes #4044.
In this PR we have:

  • Documented all the functionality of DependencyInstaller.sh script (like able to do a local install without using sudo) in Build.md.
  • Put the --help output into Build.md
  • Added the setup instructions as proposed by @mithro into Build.md.
   # Install dependencies which come from the operating system (precompiled packages)
sudo ./etc/DependencyInstaller.sh -base  
# Install dependencies which are unavailable from the operating system into ~/.local (alternatively used --prefix=<preferred directory>. These can be removed with `rm -rf ~/.local`.
./etc/DependencyInstaller.sh -common -local

With these instructions if users follow they
will install the OpenRoad dependencies to ~/.local
rather directly into /usr/local which will make difficult for users to uninstall things later.

  • Now etc/build.sh also support -local and -prefix arguments that etc/DependencyInstaller.sh supports.
    Verification for build.sh script support for -local and -prefix arguments:
    1. verify -local argument:
      Run this command in your terminal:
   ./etc/Build.sh -local -cmake="-DRUN_CMAKE=OFF"

Output:
if you found the line saying -- Install prefix: /Users/username/.local ,you are good to go.

image (3)
  1. verify -prefix argument:
    Run this command on your terminal providing a custom OpenRoad folder .
./etc/Build.sh -prefix=/tmp/my_custom_openroad_folder -cmake="-DRUN_CMAKE=OFF"

Output:
if you see the line saying -- Install prefix: /tmp/my_custom_openroad_folder ,then you are good to go.

image (4)

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request aims to improve build process documentation and scripting by adding documentation for DependencyInstaller.sh arguments to Build.md and extending Build.sh to support -local and -prefix arguments for specifying installation directories. However, a critical command injection vulnerability has been identified in etc/Build.sh. The new -prefix argument is appended to a string that is later executed using eval, allowing for arbitrary code execution if a malicious path is provided. It is highly recommended to avoid eval and use bash arrays for command arguments to ensure safe execution. Furthermore, consider completing the documentation in Build.md and improving argument handling in Build.sh to warn users about overriding installation paths, which would enhance usability and prevent confusion.

Comment thread etc/Build.sh Outdated
cmakeOptions+=" -DCMAKE_INSTALL_PREFIX=${HOME}/.local"
;;
-prefix=*)
cmakeOptions+=" -DCMAKE_INSTALL_PREFIX=${1#*=}"

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-critical critical

A critical command injection vulnerability exists here. The newly added -prefix argument on line 89 allows arbitrary input to be appended to cmakeOptions without sanitization, which is later executed by eval. This can be exploited to execute arbitrary shell commands (e.g., -prefix='$(touch /tmp/pwned)'). It is highly recommended to avoid eval and use bash arrays for command arguments to ensure safe execution. Furthermore, when multiple install-path arguments like -local and -prefix are used, the last one silently overrides others, which can be confusing. Consider adding a warning when an existing install path is being overridden, similar to etc/DependencyInstaller.sh.

Comment thread docs/user/Build.md Outdated
Comment on lines +101 to +115
Options:
-all Install all dependencies (base and common). Requires privileged access.
-base Install base dependencies using package managers. Requires privileged access.
-common Install common dependencies.
-eqy Install equivalence dependencies (yosys, eqy, sby).
-prefix=DIR Install common dependencies in a user-specified directory.
-local Install common dependencies in ${HOME}/.local.
-ci Install dependencies required for CI.
-nocert Disable certificate checks for downloads.
-skip-system-or-tools Skip searching for a system-installed or-tools library.
-save-deps-prefixes=FILE Save OpenROAD build arguments to FILE.
-constant-build-dir Use a constant build directory instead of a random one.
-threads=<N> Limit the number of compiling threads.
-yosys-ver=<VERSION> Specify a custom Yosys version. Used for ORFS.
-verbose Show all output from build commands.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The list of options from DependencyInstaller.sh is incomplete. It's missing the -h, -help option. For completeness and to avoid user confusion, it should be included.

Suggested change
Options:
-all Install all dependencies (base and common). Requires privileged access.
-base Install base dependencies using package managers. Requires privileged access.
-common Install common dependencies.
-eqy Install equivalence dependencies (yosys, eqy, sby).
-prefix=DIR Install common dependencies in a user-specified directory.
-local Install common dependencies in ${HOME}/.local.
-ci Install dependencies required for CI.
-nocert Disable certificate checks for downloads.
-skip-system-or-tools Skip searching for a system-installed or-tools library.
-save-deps-prefixes=FILE Save OpenROAD build arguments to FILE.
-constant-build-dir Use a constant build directory instead of a random one.
-threads=<N> Limit the number of compiling threads.
-yosys-ver=<VERSION> Specify a custom Yosys version. Used for ORFS.
-verbose Show all output from build commands.
Options:
-all Install all dependencies (base and common). Requires privileged access.
-base Install base dependencies using package managers. Requires privileged access.
-common Install common dependencies.
-eqy Install equivalence dependencies (yosys, eqy, sby).
-prefix=DIR Install common dependencies in a user-specified directory.
-local Install common dependencies in ${HOME}/.local.
-ci Install dependencies required for CI.
-nocert Disable certificate checks for downloads.
-skip-system-or-tools Skip searching for a system-installed or-tools library.
-save-deps-prefixes=FILE Save OpenROAD build arguments to FILE.
-constant-build-dir Use a constant build directory instead of a random one.
-threads=<N> Limit the number of compiling threads.
-yosys-ver=<VERSION> Specify a custom Yosys version. Used for ORFS.
-verbose Show all output from build commands.
-h, -help Show this help message.

@alokkumardalei-wq alokkumardalei-wq marked this pull request as draft March 5, 2026 12:52
@alokkumardalei-wq alokkumardalei-wq changed the title docs: Add DependencyInstaller help to Build.md and support -local/-pr… docs: Add DependencyInstaller help to Build.md and support -local/-prefix functionality into Build.md… Mar 5, 2026
@alokkumardalei-wq alokkumardalei-wq marked this pull request as ready for review March 5, 2026 13:38
@alokkumardalei-wq alokkumardalei-wq changed the title docs: Add DependencyInstaller help to Build.md and support -local/-prefix functionality into Build.md… docs: Add DependencyInstaller help to Build.md and support -local/-prefix functionality into Build.md. Mar 5, 2026
@alokkumardalei-wq alokkumardalei-wq changed the title docs: Add DependencyInstaller help to Build.md and support -local/-prefix functionality into Build.md. docs: Add DependencyInstaller.sh functionalities(-local and -prefix) to Build.md Mar 5, 2026
@github-actions

github-actions Bot commented Mar 6, 2026

Copy link
Copy Markdown
Contributor

clang-tidy review says "All clean, LGTM! 👍"

@maliberty

Copy link
Copy Markdown
Member

@gemini-cli /review

@alokkumardalei-wq

alokkumardalei-wq commented Mar 8, 2026

Copy link
Copy Markdown
Contributor Author

Hello @maliberty
All checks are passing now please have look.
Thank you.

@maliberty

Copy link
Copy Markdown
Member

The problem with old issues is that some information may be out of date. The recommendation is now to run setup.sh encapsulates the calls to DependencyInstaller.sh

@alokkumardalei-wq

alokkumardalei-wq commented Mar 8, 2026

Copy link
Copy Markdown
Contributor Author

Thank you @maliberty for the clarification. I have updated Build.md to remove the direct instructions for DependencyInstaller.sh and instead recommend using setup.sh scripts to install dependencies.

Please a have look onto this and tell me if any other add ons are to be made .

Thank you.

@github-actions

Copy link
Copy Markdown
Contributor

clang-tidy review says "All clean, LGTM! 👍"

Comment thread etc/Build.sh Outdated
;;
-cmake=*)
cmakeOptions+=" ${1#*=}"
eval "temp_arr=(${1#*=})"

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you avoid the use of eval as suggested by gemini?

@github-actions

Copy link
Copy Markdown
Contributor

clang-tidy review says "All clean, LGTM! 👍"

@alokkumardalei-wq

alokkumardalei-wq commented Mar 20, 2026

Copy link
Copy Markdown
Contributor Author

Hello @maliberty , thanks for pointing that out, I fixed that as suggested please have a look when you have time , and let me know if still I missed something ,would be happy to address that too .

Thank you.

@maliberty

Copy link
Copy Markdown
Member

conflict to resolve

@github-actions

Copy link
Copy Markdown
Contributor

clang-tidy review says "All clean, LGTM! 👍"

@alokkumardalei-wq

Copy link
Copy Markdown
Contributor Author

Hello @maliberty ,all checks are passing now , please have a look when you have time and would happy to address any feedback further.

Thank you !

Comment thread etc/Build.sh
@@ -200,57 +225,12 @@ if [[ "$OSTYPE" == "darwin"* ]]; then
export CMAKE_PREFIX_PATH=$(brew --prefix or-tools)
fi

# ==============================================================================
# PRE-COMPILATION SYSTEM CHECKS

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why remove this section?

@alokkumardalei-wq alokkumardalei-wq Apr 14, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello @maliberty apologies, that was accidentally dropped while cleaning up the branch. Restored now.

…efix in Build.sh

Signed-off-by: alokkumardalei-wq <alokkumardalei2@gmail.com>
Signed-off-by: alokkumardalei-wq <alokkumardalei2@gmail.com>
@github-actions

Copy link
Copy Markdown
Contributor

clang-tidy review says "All clean, LGTM! 👍"

Signed-off-by: alokkumardalei-wq <alokkumardalei2@gmail.com>
@github-actions

Copy link
Copy Markdown
Contributor

clang-tidy review says "All clean, LGTM! 👍"

@alokkumardalei-wq

alokkumardalei-wq commented Apr 14, 2026

Copy link
Copy Markdown
Contributor Author

Hello @maliberty all checks are passing now please have a look onto this when you have time and I would be happy address any feedback further.

Thank you !

@maliberty maliberty merged commit 2939447 into The-OpenROAD-Project:master Apr 15, 2026
15 of 16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Document the functionality found in etc/DependencyInstaller.sh

2 participants