docs: Add DependencyInstaller.sh functionalities(-local and -prefix) to Build.md

[alokkumardalei-wq]

What does this PR do?

Fixes #4044.
In this PR we have:

• Documented all the functionality of DependencyInstaller.sh script (like able to do a local install without using sudo) in Build.md.
• Put the --help output into Build.md
• Added the setup instructions as proposed by @mithro into Build.md.

   # Install dependencies which come from the operating system (precompiled packages)
sudo ./etc/DependencyInstaller.sh -base  
# Install dependencies which are unavailable from the operating system into ~/.local (alternatively used --prefix=<preferred directory>. These can be removed with `rm -rf ~/.local`.
./etc/DependencyInstaller.sh -common -local

With these instructions if users follow they
will install the OpenRoad dependencies to ~/.local
rather directly into /usr/local which will make difficult for users to uninstall things later.

• Now etc/build.sh also support -local and -prefix arguments that etc/DependencyInstaller.sh supports.
  Verification for build.sh script support for -local and -prefix arguments:
  1. verify -local argument:
     Run this command in your terminal:

   ./etc/Build.sh -local -cmake="-DRUN_CMAKE=OFF"

Output:
if you found the line saying -- Install prefix: /Users/username/.local ,you are good to go.

2. verify -prefix argument:
   Run this command on your terminal providing a custom OpenRoad folder .

./etc/Build.sh -prefix=/tmp/my_custom_openroad_folder -cmake="-DRUN_CMAKE=OFF"

Output:
if you see the line saying -- Install prefix: /tmp/my_custom_openroad_folder ,then you are good to go.

[gemini-code-assist]

Code Review

This pull request aims to improve build process documentation and scripting by adding documentation for DependencyInstaller.sh arguments to Build.md and extending Build.sh to support -local and -prefix arguments for specifying installation directories. However, a critical command injection vulnerability has been identified in etc/Build.sh. The new -prefix argument is appended to a string that is later executed using eval, allowing for arbitrary code execution if a malicious path is provided. It is highly recommended to avoid eval and use bash arrays for command arguments to ensure safe execution. Furthermore, consider completing the documentation in Build.md and improving argument handling in Build.sh to warn users about overriding installation paths, which would enhance usability and prevent confusion.

[gemini-code-assist]

A critical command injection vulnerability exists here. The newly added -prefix argument on line 89 allows arbitrary input to be appended to cmakeOptions without sanitization, which is later executed by eval. This can be exploited to execute arbitrary shell commands (e.g., -prefix='$(touch /tmp/pwned)'). It is highly recommended to avoid eval and use bash arrays for command arguments to ensure safe execution. Furthermore, when multiple install-path arguments like -local and -prefix are used, the last one silently overrides others, which can be confusing. Consider adding a warning when an existing install path is being overridden, similar to etc/DependencyInstaller.sh.

[gemini-code-assist]

The list of options from DependencyInstaller.sh is incomplete. It's missing the -h, -help option. For completeness and to avoid user confusion, it should be included.

Suggested change

	Options:
	-all Install all dependencies (base and common). Requires privileged access.
	-base Install base dependencies using package managers. Requires privileged access.
	-common Install common dependencies.
	-eqy Install equivalence dependencies (yosys, eqy, sby).
	-prefix=DIR Install common dependencies in a user-specified directory.
	-local Install common dependencies in ${HOME}/.local.
	-ci Install dependencies required for CI.
	-nocert Disable certificate checks for downloads.
	-skip-system-or-tools Skip searching for a system-installed or-tools library.
	-save-deps-prefixes=FILE Save OpenROAD build arguments to FILE.
	-constant-build-dir Use a constant build directory instead of a random one.
	-threads=<N> Limit the number of compiling threads.
	-yosys-ver=<VERSION> Specify a custom Yosys version. Used for ORFS.
	-verbose Show all output from build commands.
	Options:
	-all Install all dependencies (base and common). Requires privileged access.
	-base Install base dependencies using package managers. Requires privileged access.
	-common Install common dependencies.
	-eqy Install equivalence dependencies (yosys, eqy, sby).
	-prefix=DIR Install common dependencies in a user-specified directory.
	-local Install common dependencies in ${HOME}/.local.
	-ci Install dependencies required for CI.
	-nocert Disable certificate checks for downloads.
	-skip-system-or-tools Skip searching for a system-installed or-tools library.
	-save-deps-prefixes=FILE Save OpenROAD build arguments to FILE.
	-constant-build-dir Use a constant build directory instead of a random one.
	-threads=<N> Limit the number of compiling threads.
	-yosys-ver=<VERSION> Specify a custom Yosys version. Used for ORFS.
	-verbose Show all output from build commands.
	-h, -help Show this help message.

[github-actions]

clang-tidy review says "All clean, LGTM! 👍"

[maliberty]

@gemini-cli /review

[alokkumardalei-wq]

Hello @maliberty
All checks are passing now please have look.
Thank you.

[maliberty]

The problem with old issues is that some information may be out of date. The recommendation is now to run setup.sh encapsulates the calls to DependencyInstaller.sh

[alokkumardalei-wq]

Thank you @maliberty for the clarification. I have updated Build.md to remove the direct instructions for DependencyInstaller.sh and instead recommend using setup.sh scripts to install dependencies.

Please a have look onto this and tell me if any other add ons are to be made .

Thank you.