Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

infra/presubmit: Use apt-get update before installing (#12008) 

Otherwise, this may lead to issues such as
https://github.com/google/oss-fuzz/pull/11943#issue-2290477404

Also, fix the broken `.zip` test.

---------

Co-authored-by: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com>
Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
This commit is contained in:
maflcko 2024-06-04 21:18:48 +02:00 committed by GitHub
parent 44abec5d38
commit 4bffaf8f3a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 33 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
infra/presubmit.py
View File

@ -232,10 +232,10 @@ def check_project_yaml(paths):
def _check_one_seed_corpus(path):
"""Returns False and prints error if |path| is a seed corpus."""
if os.path.dirname(os.path.dirname(path)) != 'projects':
if os.path.basename(os.path.dirname(os.path.dirname(path))) != 'projects':
return True
if os.path.splitext(path)[1] == 'zip':
if os.path.splitext(path)[1] == '.zip':
print('Don\'t commit seed corpora into the ClusterFuzz repo,'
'they bloat it forever.')
return False
@ -249,11 +249,39 @@ def check_seed_corpus(paths):
return all([_check_one_seed_corpus(path) for path in paths])
def _check_one_apt_update(path):
"""Checks that a Dockerfile uses apt-update before apt-install"""
if os.path.basename(os.path.dirname(os.path.dirname(path))) != 'projects':
return True
if os.path.basename(path) != 'Dockerfile':
return True
with open(path, 'r') as file:
dockerfile = file.read()
if 'RUN apt install' in dockerfile or 'RUN apt-get install' in dockerfile:
print('Please add an "apt-get update" before "apt-get install". '
'Otherwise, a cached and outdated RUN layer may lead to install '
'failures.')
return False
return True
def check_apt_update(paths):
"""Checks that all Dockerfile use apt-update before apt-install"""
return all([_check_one_apt_update(path) for path in paths])
def do_checks(changed_files):
"""Runs all presubmit checks. Returns False if any fails."""
checks = [
check_license, yapf, check_project_yaml, check_lib_fuzzing_engine,
check_seed_corpus
check_license,
yapf,
check_project_yaml,
check_lib_fuzzing_engine,
check_seed_corpus,
check_apt_update,
]
# Use a list comprehension here and in other cases where we use all() so that
# we don't quit early on failure. This is more user-friendly since the more

2
projects/xz-java/Dockerfile
View File

@ -16,7 +16,7 @@
FROM gcr.io/oss-fuzz-base/base-builder-jvm
RUN apt-get install ant -y
RUN apt-get update && apt-get install ant -y
RUN git clone --depth 1 https://github.com/tukaani-project/xz-java $SRC/xz-java
COPY build.sh $SRC/