Since Wireshark v2.9.0rc0-2266-g7e88bb5e53, building fuzzing binaries is
better integrated in the Wireshark build system. While that change was
supposed to be backwards compatible, unfortunately the resulting fuzzer
binaries are dynamically linked due to how cmake caches library paths.
The very first cmake invocation must be invoked with -DOSS_FUZZ=ON.
Changes:
- Use ninja for better control of parallel linker jobs.
- Installing files (make install) is no longer needed.
- Avoid setting a long list of cmake options (BUILD_xxx=OFF).
- Remove fortify comment, it does not belong here.
- Remove lemon workaround, it is fixed since v2.9.0rc0-2273-gbb2caa2a9f.
I added auto-building fuzzshark to wireshark, to avoid oss-fuzz build being broken,
but it actually broke the build:
Step #3: CC tools/oss-fuzzshark/fuzzshark-fuzzshark.o
Step #3: CC tools/oss-fuzzshark/fuzzshark-StandaloneFuzzTargetMain.o
Step #3: CCLD fuzzshark
Step #3: /usr/bin/ld: epan/.libs/libwireshark.a(packet-ipsec.o): undefined reference to symbol 'gpg_strerror@@GPG_ERROR_1.0'
Step #3: //lib/x86_64-linux-gnu/libgpg-error.so.0: error adding symbols: DSO missing from command line
Step #3: clang-6.0: error: linker command failed with exit code 1 (use -v to see invocation)
Step #3: Makefile:1821: recipe for target 'fuzzshark' failed
https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/
I ran into this because I was getting errors locally, like:
E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/d/dpkg/libdpkg-perl_1.18.4ubuntu1.1_all.deb 404 Not Found [IP: 91.189.88.149 80]
It turns out you get these if you don't update, and the official best practices are to `run apt-get update && apt-get install`. In fact, running _any_ apt-get install command without the apt-get update && before it can result in unfortunate caching artifacts -- see "cache busting". (P.S. thanks to Peng on Freenode for helping me, I'm bad at Ubuntu.)
So:
sed -re \
's/RUN apt-get ((-y )?(install|build-dep))/RUN apt-get update \&\& apt-get \1/' -i \
projects/**/Dockerfile
I also manually fixed the cases that already ran apt-get update in their Dockerfile:
dlplibs/Dockerfile
grpc/Dockerfile
libreoffice/Dockerfile
Peter Wu