curl-fuzzer would like to use a script to define the dependencies
downloaded as part of oss-fuzz image generation, so that only one
repository needs updating in order to get future fuzzing builds running.
The curl fuzzer has been moved into its own repository,
http://github.com/curl/curl-fuzzer. For oss-fuzz this means it needs to
check out two codebases and compile them.
curl is now moving towards having native fuzzing capabilities in line
with
https://github.com/google/oss-fuzz/blob/master/docs/ideal_integration.md.
It now ticks a lot of the boxes:
- It's maintained in Git
- It's built with the rest of the tests in Travis
- It has a seed corpus (currently quite basic)
- It's continuously tested on the seed corpus with ASan
- It's fast and has no OOMs
https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/
I ran into this because I was getting errors locally, like:
E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/d/dpkg/libdpkg-perl_1.18.4ubuntu1.1_all.deb 404 Not Found [IP: 91.189.88.149 80]
It turns out you get these if you don't update, and the official best practices are to `run apt-get update && apt-get install`. In fact, running _any_ apt-get install command without the apt-get update && before it can result in unfortunate caching artifacts -- see "cache busting". (P.S. thanks to Peng on Freenode for helping me, I'm bad at Ubuntu.)
So:
sed -re \
's/RUN apt-get ((-y )?(install|build-dep))/RUN apt-get update \&\& apt-get \1/' -i \
projects/**/Dockerfile
I also manually fixed the cases that already ran apt-get update in their Dockerfile:
dlplibs/Dockerfile
grpc/Dockerfile
libreoffice/Dockerfile