google
diff --git a/‎docker/README.md‎
Lines changed: 63 additions & 5 deletions b/‎docker/README.md‎
Lines changed: 63 additions & 5 deletions
diff --git a/‎docker/base/CHANGELOG.md‎
Lines changed: 40 additions & 0 deletions b/‎docker/base/CHANGELOG.md‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎docker/base/ubuntu20-04.Dockerfile‎
Lines changed: 156 additions & 0 deletions b/‎docker/base/ubuntu20-04.Dockerfile‎
Lines changed: 156 additions & 0 deletions
@@ -2,15 +2,21 @@
 
 ## Local testing
 
-You can build an image locally as:
+You can build a specific image locally using the `docker build` command from the root of the **clusterfuzz** repository.
+
+For example, to build the `base` image, run the following command from the root of the **clusterfuzz** repository:
 
 ```bash
-cd /path/to/image/dir
-docker build .
+docker build -f docker/base/Dockerfile docker/base
 ```
 
-where `/path/to/image/dir` is any image sub-directory in this directory that contains a
-'Dockerfile'.
+### Command Explanation
+
+*   `docker build`: The standard command to build a Docker image.
+*   `-f docker/base/Dockerfile`: This flag specifies the path to the `Dockerfile` to be used, relative to the repository root.
+*   `docker/base`: This is the "build context". The Docker daemon will have access to all files and folders within this path. This is necessary for the `COPY` instructions in the `Dockerfile`.
+
+You can adapt this command to build other images by changing the path to the `Dockerfile` and the build context accordingly.
 
 ## Production
 
@@ -22,3 +28,55 @@ To build all images on container builder, run:
 
 Note that your checkout needs to be on the latest deployed commit.
 You also need to have access to the `clusterfuzz-images` project.
+## Docker Image Dependency Tree
+
+```mermaid
+graph TD
+    subgraph Base Images
+        A(base)
+    end
+
+    subgraph Chromium
+        F(chromium/base)
+        K(chromium/tester)
+        L(chromium/python-profiler)
+        M(chromium/high-end)
+        E(chromium/tests-syncer)
+        G(chromium/builder)
+    end
+
+    subgraph OSS-Fuzz
+        H(oss-fuzz/base)
+        N(oss-fuzz/worker)
+        O(oss-fuzz/host)
+        P(oss-fuzz/host-high-end)
+    end
+
+    subgraph General
+        B(ci)
+        C(utask-main-scheduler)
+        D(fuchsia)
+        I(tworker)
+        J(high-end)
+    end
+
+
+    A --> B;
+    A --> C;
+    A --> D;
+    A --> E;
+    A --> F;
+    A --> G;
+    A --> H;
+    A --> I;
+    A --> J;
+
+    F --> K;
+    F --> L;
+    F --> M;
+
+    H --> N;
+    H --> O;
+
+    O --> P;
+```
@@ -0,0 +1,40 @@
+# Docker Image Version Changelog: clusterfuzz/base
+
+
+## Analysis Summary
+
+The `latest` and `ubuntu20` images are nearly identical, as they are both based on Ubuntu 20.04. The `ubuntu24` image, based on Ubuntu 24.04, introduces a number of package updates and changes. All three images were built successfully, but required workarounds to run and perform health checks due to a startup script that depends on a GCE metadata service. The `ubuntu24` image appears to be a viable replacement for the older images, but the package differences should be reviewed to ensure compatibility.
+
+## Build Status
+
+| Image Tag                  | Dockerfile               | Status  |
+| -------------------------- | ------------------------ | ------- |
+| `clusterfuzz/base:latest`  | `Dockerfile`             | Success |
+| `clusterfuzz/base:ubuntu20`| `ubuntu20-04.Dockerfile` | Success |
+| `clusterfuzz/base:ubuntu24`| `ubuntu24-04.Dockerfile` | Success |
+
+## Package Comparison
+
+### Key Differences (Ubuntu 20.04 vs. Ubuntu 24.04)
+
+| Package                 | Ubuntu 20.04 Version | Ubuntu 24.04 Version | Notes                               |
+| ----------------------- | -------------------- | -------------------- | ----------------------------------- |
+| `libidn11`              | `1.33-2.2ubuntu2`    | -                    | Removed in Ubuntu 24.04             |
+| `libidn12`              | -                    | `1.42-1build1`       | Added in Ubuntu 24.04               |
+| `libncurses5-dev`       | `6.2-0ubuntu2.1`     | -                    | Removed in Ubuntu 24.04             |
+| `libncurses-dev`        | `6.2-0ubuntu2.1`     | `6.4+20240113-1ubuntu2` | Upgraded in Ubuntu 24.04            |
+| `libncursesw5`          | `6.2-0ubuntu2.1`     | -                    | Removed in Ubuntu 24.04             |
+| `libncursesw6`          | `6.2-0ubuntu2.1`     | `6.4+20240113-1ubuntu2` | Upgraded in Ubuntu 24.04            |
+| `libssl-dev`            | `1.1.1f-1ubuntu2.24` | `3.0.13-0ubuntu3.5`  | Upgraded in Ubuntu 24.04            |
+| `libssl1.1`             | `1.1.1f-1ubuntu2.24` | -                    | Removed in Ubuntu 24.04             |
+| `libssl3t64`            | -                    | `3.0.13-0ubuntu3.5`  | Added in Ubuntu 24.04               |
+| `python3.8`             | `3.8.10-0ubuntu1~20.04.18` | -                | Removed in Ubuntu 24.04             |
+| `python3.12`            | -                    | `3.12.3-1ubuntu0.8`  | Added in Ubuntu 24.04               |
+
+## Dockerfile Analysis
+
+The main difference between the Dockerfiles is the base image:
+
+*   **`Dockerfile` (latest):** Uses `ubuntu:20.04` as the final base image, but also uses `ubuntu:16.04` in a multi-stage build to copy some older libraries.
+*   **`ubuntu20-04.Dockerfile`:**  Identical to the latest `Dockerfile`.
+*   **`ubuntu24-04.Dockerfile`:** Uses `ubuntu:24.04` as the base image. It removes the multi-stage build with `ubuntu:16.04` and updates the package installation commands to reflect the changes in Ubuntu 24.04. For example, it installs `libidn12` instead of `libidn11`.
@@ -0,0 +1,156 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Copy some commonly linked library versions from xenial for backwards
+# compatibility with older builds.
+FROM ubuntu:16.04 as xenial
+
+# Prevent interactive prompts during package installation. This seems to work
+# better than `ENV DEBIAN_FRONTEND=noninteractive` for some reason.
+RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections
+
+RUN apt-get update && \
+    apt-get install -y \
+      libcurl3-gnutls \
+      libffi6 \
+      libnettle6 \
+      libssl1.0.0
+
+FROM ubuntu:20.04
+
+# And again with the newest ubuntu image.
+RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections
+
+RUN mkdir /data
+WORKDIR /data
+
+RUN apt-get update && \
+    apt-get upgrade -y && \
+    apt-get autoremove -y && \
+    apt-get install -y \
+        apt-transport-https \
+        build-essential \
+        curl \
+        gdb \
+        iproute2 \
+        libbz2-dev \
+        libcurl4-openssl-dev \
+        libffi-dev \
+        libgdbm-dev \
+        libidn11 \
+        liblzma-dev \
+        libncurses5-dev \
+        libncursesw5 \
+        libnss3-dev \
+        libreadline-dev \
+        libsqlite3-dev \
+        libssl-dev \
+        libtinfo5 \
+        locales \
+        lsb-release \
+        net-tools \
+        psmisc \
+        socat \
+        sudo \
+        unzip \
+        util-linux \
+        wget \
+        zip \
+        zlib1g-dev
+
+COPY --from=xenial \
+    /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 \
+    /lib/x86_64-linux-gnu/libssl.so.1.0.0 \
+    /lib/x86_64-linux-gnu/
+COPY --from=xenial \
+    /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.* \
+    /usr/lib/x86_64-linux-gnu/libffi.so.6.* \
+    /usr/lib/x86_64-linux-gnu/libnettle.so.* \
+    /usr/lib/x86_64-linux-gnu/
+
+# Install patchelf.
+RUN curl -sS https://releases.nixos.org/patchelf/patchelf-0.9/patchelf-0.9.tar.bz2 | tar -C /tmp -xj && \
+    cd /tmp/patchelf-*/ && \
+    ./configure --prefix=/usr && \
+    make install && \
+    rm -rf /tmp/patchelf-*
+
+# Install OpenJDK 17 for Jazzer (Java fuzzer).
+# Copied from gcr.io/oss-fuzz-base/base-runner.
+ENV JAVA_HOME /usr/lib/jvm/java-17-openjdk-amd64
+ENV JAVA_15_HOME /usr/lib/jvm/java-15-openjdk-amd64
+ENV JVM_LD_LIBRARY_PATH=$JAVA_HOME/lib/server
+ENV PATH=$PATH:$JAVA_HOME/bin
+
+RUN cd /tmp && \
+    curl --silent -L -O https://download.java.net/java/GA/jdk17.0.2/dfd4a8d0985749f896bed50d7138ee7f/8/GPL/openjdk-17.0.2_linux-x64_bin.tar.gz && \
+    mkdir -p $JAVA_HOME && \
+    tar -xzv --strip-components=1 -f openjdk-17.0.2_linux-x64_bin.tar.gz --directory $JAVA_HOME && \
+    rm -rf openjdk*.tar.gz $JAVA_HOME/jmods $JAVA_HOME/lib/src.zip
+
+ # Install OpenJDK 15 and trim its size by removing unused components. Some projects only run with Java 15.
+RUN cd /tmp && \
+    curl --silent -L -O https://download.java.net/java/GA/jdk15.0.2/0d1cfde4252546c6931946de8db48ee2/7/GPL/openjdk-15.0.2_linux-x64_bin.tar.gz && \
+    mkdir -p $JAVA_15_HOME && \
+    tar -xz --strip-components=1 -f openjdk-15.0.2_linux-x64_bin.tar.gz --directory $JAVA_15_HOME && \
+    rm -rf openjdk*.tar.gz $JAVA_15_HOME/lib/src.zip
+
+# Install Python 3.11
+RUN curl -sS https://www.python.org/ftp/python/3.11.4/Python-3.11.4.tgz | tar -C /tmp -xzv && \
+    cd /tmp/Python-3.11.4 && \
+    ./configure --enable-optimizations --enable-loadable-sqlite-extensions && make altinstall && \
+    rm -rf /tmp/Python-3.11.4 /tmp/Python-3.11.4.tar.xz
+RUN pip3.11 --no-cache-dir install pipenv==2022.8.5
+
+# Install Node.js
+COPY setup_19.x /data
+RUN bash setup_19.x && apt-get update -y && apt-get install -y nodejs
+
+RUN echo "deb https://packages.cloud.google.com/apt cloud-sdk main" \
+    | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list && \
+    curl https://packages.cloud.google.com/apt/doc/apt-key.gpg \
+    | apt-key add - && \
+    apt-get update -y && \
+    apt-get install -y google-cloud-sdk
+
+# Common environment variables.
+ENV USER=clusterfuzz
+ENV INSTALL_DIRECTORY /mnt/scratch0
+ENV BOT_TMPDIR $INSTALL_DIRECTORY/tmp
+ENV ROOT_DIR $INSTALL_DIRECTORY/clusterfuzz
+ENV UPDATE_WEB_TESTS True
+ENV PYTHONPATH $INSTALL_DIRECTORY/clusterfuzz/src
+ENV RUN_CMD "python3.11 $ROOT_DIR/src/python/bot/startup/run.py"
+
+# Passwordless sudo (needed for AFL launcher).
+RUN groupadd nopwsudo && \
+    echo "%nopwsudo ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/mysudoers
+
+# Make sure GSUtil uses the GCE service account.
+RUN echo '[GoogleCompute]\nservice_account = default' > /etc/boto.cfg
+
+VOLUME $INSTALL_DIRECTORY
+WORKDIR $INSTALL_DIRECTORY
+
+RUN locale-gen en_US.UTF-8
+ENV LANG en_US.UTF-8
+ENV PYTHONIOENCODING UTF-8
+
+COPY setup_common.sh setup_clusterfuzz.sh start_clusterfuzz.sh setup_mock_metadata.sh Pipfile Pipfile.lock start.sh /data/
+RUN cd /data && \
+    # Make pip3.11 the default so that pipenv install --system works.
+    mv /usr/local/bin/pip3.11 /usr/local/bin/pip && \
+    pipenv install --deploy --system
+
+CMD ["bash", "-ex", "/data/start.sh"]