Merge branch 'master' into feat/abseil-ubuntu-migration

Author: hunsche

.github/workflows/ubuntu_version_sync.yml

@@ -14,15 +14,19 @@
 #
 ################################################################################
 
-name: 'Ubuntu Version Sync'
+name: 'Ubuntu Version Sync Check'
 
 on:
   pull_request:
     types: [opened, synchronize, reopened]
 
 jobs:
   check-sync:
+    name: Ubuntu File Synchronization Check
     runs-on: ubuntu-latest
+    env:
+      BASE_SHA: ${{ github.event.pull_request.base.sha }}
+      HEAD_SHA: ${{ github.event.pull_request.head.sha }}
     steps:
     - name: 'Checkout code'
       uses: actions/checkout@v4
@@ -34,7 +38,7 @@ jobs:
       run: |
         set -e
         
-        MODIFIED_FILES=$(git diff --name-only ${{ github.event.pull_request.base.sha }}...${{ github.event.pull_request.head.sha }})
+        MODIFIED_FILES=$(git diff --name-only $BASE_SHA...$HEAD_SHA)
         echo "Checking for synchronized file changes..."
         echo "Modified files in this PR:"
         echo "$MODIFIED_FILES"
@@ -63,27 +67,27 @@ jobs:
         VERSIONS=("ubuntu-20-04" "ubuntu-24-04")
 
         # Check Dockerfiles
-        for legacy_file in "${{!LEGACY_DOCKERFILES[@]}}"; do
-          if echo "$MODIFIED_FILES" | grep -q "^${legacy_file}$"; then
+        for legacy_file in "${!LEGACY_DOCKERFILES[@]}"; do
+          if [[ "${legacy_file}" == infra/* ]] && echo "$MODIFIED_FILES" | grep -q "^${legacy_file}$"; then
             echo "Legacy file changed: $legacy_file. Verifying counterparts..."
-            for version in "${{VERSIONS[@]}}"; do
-              pattern=${{LEGACY_DOCKERFILES[$legacy_file]}}
-              versioned_file="${{pattern/{{version}}/$version}}"
-              if ! echo "$MODIFIED_FILES" | grep -q "^${{versioned_file}}$"; then
+            for version in "${VERSIONS[@]}"; do
+              pattern="${LEGACY_DOCKERFILES[$legacy_file]}"
+              versioned_file="${pattern/\{version\}/$version}"
+              if ! echo "$MODIFIED_FILES" | grep -q "^${versioned_file}$"; then
                 ERRORS+="\n- Legacy file '${legacy_file}' was changed, but its counterpart '${versioned_file}' was not."
               fi
             done
           fi
         done
 
         # Check Scripts
-        for legacy_file in "${{!LEGACY_SCRIPTS[@]}}"; do
+        for legacy_file in "${!LEGACY_SCRIPTS[@]}"; do
           if echo "$MODIFIED_FILES" | grep -q "^${legacy_file}$"; then
             echo "Legacy script changed: $legacy_file. Verifying counterparts..."
-            for version in "${{VERSIONS[@]}}"; do
-              pattern=${{LEGACY_SCRIPTS[$legacy_file]}}
-              versioned_file="${{pattern/{{version}}/$version}}"
-              if ! echo "$MODIFIED_FILES" | grep -q "^${{versioned_file}}$"; then
+            for version in "${VERSIONS[@]}"; do
+              pattern="${LEGACY_SCRIPTS[$legacy_file]}"
+              versioned_file="${pattern/\{version\}/$version}"
+              if ! echo "$MODIFIED_FILES" | grep -q "^${versioned_file}$"; then
                 ERRORS+="\n- Legacy script '${legacy_file}' was changed, but its counterpart '${versioned_file}' was not."
               fi
             done

infra/base-images/base-builder-ruby/Dockerfile

@@ -18,10 +18,8 @@ FROM gcr.io/oss-fuzz-base/base-builder
 
 RUN git clone https://github.com/trailofbits/ruzzy.git $SRC/ruzzy
 
-RUN install_ruby.sh
-ENV PATH="$PATH:/usr/local/rvm/rubies/ruby-3.3.1/bin"
-
-RUN gem update --system 3.5.11
+RUN /usr/local/bin/install_ruby.sh
+RUN /usr/local/bin/gem update --system 3.5.11
 
 # Install ruzzy
 WORKDIR $SRC/ruzzy

infra/base-images/base-builder-ruby/ubuntu-20-04.Dockerfile

@@ -18,10 +18,8 @@ FROM gcr.io/oss-fuzz-base/base-builder:ubuntu-20-04
 
 RUN git clone https://github.com/trailofbits/ruzzy.git $SRC/ruzzy
 
-RUN install_ruby.sh
-ENV PATH="$PATH:/usr/local/rvm/rubies/ruby-3.3.1/bin"
-
-RUN gem update --system 3.5.11
+RUN /usr/local/bin/install_ruby.sh
+RUN /usr/local/bin/gem update --system 3.5.11
 
 # Install ruzzy
 WORKDIR $SRC/ruzzy

infra/base-images/base-builder-ruby/ubuntu-24-04.Dockerfile

@@ -18,8 +18,8 @@ FROM gcr.io/oss-fuzz-base/base-builder:ubuntu-24-04
 
 RUN git clone https://github.com/trailofbits/ruzzy.git $SRC/ruzzy
 
-RUN install_ruby.sh
-ENV PATH="$PATH:/usr/local/rvm/rubies/ruby-3.3.1/bin"
+RUN /usr/local/bin/install_ruby.sh
+RUN /usr/local/bin/gem update --system 3.5.11
 
 RUN gem update --system 3.5.11
 

infra/base-images/base-builder/indexer/utils.py

@@ -22,6 +22,12 @@
 import subprocess
 from typing import Final, Sequence
 
+from absl import logging
+
+from google3.pyglib import gfile
+import pathlib
+
+
 LD_BINARY_NAME: Final[str] = "ld-linux-x86-64.so.2"
 _LD_BINARY_PATH: Final[pathlib.Path] = pathlib.Path("/lib64") / LD_BINARY_NAME
 
@@ -79,3 +85,52 @@ def get_shared_libraries(
   )
 
   return _parse_ld_trace_output(result.stdout.decode())
+
+
+def copy_shared_libraries(
+    libraries: Sequence[SharedLibrary], dst_path: pathlib.Path
+) -> None:
+  """Copies the shared libraries to the shared directory."""
+  for lib in libraries:
+    try:
+      logging.info("Copying %s => %s", lib.name, lib.path)
+      gfile.Copy(lib.path, dst_path / lib.path.name, overwrite=True, mode=0o755)
+    except gfile.GOSError:
+      logging.exception("Could not copy %s to %s", lib.path, dst_path)
+      raise
+
+
+def patch_binary_rpath_and_interpreter(
+    binary_path: os.PathLike[str],
+    lib_mount_path: pathlib.Path,
+):
+  """Patches the binary rpath and interpreter."""
+  subprocess.run(
+      [
+          "patchelf",
+          "--set-rpath",
+          lib_mount_path.as_posix(),
+          "--force-rpath",
+          binary_path,
+      ],
+      check=True,
+  )
+
+  subprocess.run(
+      [
+          "patchelf",
+          "--set-interpreter",
+          (lib_mount_path / LD_BINARY_NAME).as_posix(),
+          binary_path,
+      ],
+      check=True,
+  )
+
+
+def get_library_mount_path(binary_id: str) -> pathlib.Path:
+  return pathlib.Path("/tmp") / (binary_id + "_lib")
+
+
+def report_progress(stage: str, is_done: bool = False) -> None:
+  """Reports progress of a stage of the snapshotting process."""
+  logging.info("%s%s", stage, "..." if not is_done else "")

infra/base-images/base-builder/install_ruby.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash -eux
 # Copyright 2024 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -15,14 +15,19 @@
 #
 ################################################################################
 
-apt update
-apt install -y lsb-release software-properties-common gnupg2 binutils xz-utils libyaml-dev
-gpg2 --keyserver keyserver.ubuntu.com --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB
+echo "Starting ruby installation"
+RUBY_VERSION=3.3.1
+RUBY_DEPS="binutils xz-utils libyaml-dev libffi-dev zlib1g-dev"
+apt update && apt install -y $RUBY_DEPS
+curl -O https://cache.ruby-lang.org/pub/ruby/3.3/ruby-$RUBY_VERSION.tar.gz
+tar -xvf ruby-$RUBY_VERSION.tar.gz
+cd ruby-$RUBY_VERSION
+./configure
+make -j$(nproc)
+make install
+cd ../
 
-curl -sSL https://get.rvm.io > ruby_installation.sh
-chmod +x ruby_installation.sh
-bash ruby_installation.sh stable
+# Clean up the sources.
+rm -rf ./ruby-$RUBY_VERSION ruby-$RUBY_VERSION.tar.gz
 
-. /etc/profile.d/rvm.sh
-
-rvm install ruby-3.3.1
+echo "Finished installing ruby"

infra/base-images/base-runner/Dockerfile

@@ -109,14 +109,14 @@ RUN wget https://repo1.maven.org/maven2/org/jacoco/org.jacoco.cli/0.8.7/org.jaco
 COPY install_javascript.sh /
 RUN /install_javascript.sh && rm /install_javascript.sh
 
-# Copy built ruby and ruzzy from builder
-COPY --from=base-ruby /usr/local/rvm /usr/local/rvm
-COPY --from=base-ruby /install/ruzzy /install/ruzzy
-COPY ruzzy /usr/local/bin/ruzzy
-ENV PATH="$PATH:/usr/local/rvm/rubies/ruby-3.3.1/bin"
-# RubyGems installation directory
-ENV GEM_HOME="$OUT/fuzz-gem"
-ENV GEM_PATH="/install/ruzzy"
+# Copy built ruby. It is up to the fuzzing harnesses
+# themselves to set GEM_HOME and GEM_PATH appropriately, as this depends
+# on how the harnesses are packaged.
+COPY --from=base-ruby /usr/local/bin/ruby /usr/local/bin/ruby
+COPY --from=base-ruby /usr/local/bin/gem /usr/local/bin/gem
+COPY --from=base-ruby /usr/local/lib/ruby /usr/local/lib/ruby
+COPY --from=base-ruby /usr/local/include/ruby-3.3.0 /usr/local/include/ruby-3.3.0
+
 
 # Do this last to make developing these files easier/faster due to caching.
 COPY bad_build_check \

infra/base-images/base-runner/ubuntu-20-04.Dockerfile

@@ -109,14 +109,13 @@ RUN wget https://repo1.maven.org/maven2/org/jacoco/org.jacoco.cli/0.8.7/org.jaco
 COPY install_javascript.sh /
 RUN /install_javascript.sh && rm /install_javascript.sh
 
-# Copy built ruby and ruzzy from builder
-COPY --from=base-ruby /usr/local/rvm /usr/local/rvm
-COPY --from=base-ruby /install/ruzzy /install/ruzzy
-COPY ruzzy /usr/bin/ruzzy
-ENV PATH="$PATH:/usr/local/rvm/rubies/ruby-3.3.1/bin"
-# RubyGems installation directory
-ENV GEM_HOME="$OUT/fuzz-gem"
-ENV GEM_PATH="/install/ruzzy"
+# Copy built ruby. It is up to the fuzzing harnesses
+# themselves to set GEM_HOME and GEM_PATH appropriately, as this depends
+# on how the harnesses are packaged.
+COPY --from=base-ruby /usr/local/bin/ruby /usr/local/bin/ruby
+COPY --from=base-ruby /usr/local/bin/gem /usr/local/bin/gem
+COPY --from=base-ruby /usr/local/lib/ruby /usr/local/lib/ruby
+COPY --from=base-ruby /usr/local/include/ruby-3.3.0 /usr/local/include/ruby-3.3.0
 
 # Do this last to make developing these files easier/faster due to caching.
 COPY bad_build_check \

infra/base-images/base-runner/ubuntu-24-04.Dockerfile

@@ -109,14 +109,13 @@ RUN wget https://repo1.maven.org/maven2/org/jacoco/org.jacoco.cli/0.8.7/org.jaco
 COPY install_javascript.sh /
 RUN /install_javascript.sh && rm /install_javascript.sh
 
-# Copy built ruby and ruzzy from builder
-COPY --from=base-ruby /usr/local/rvm /usr/local/rvm
-COPY --from=base-ruby /install/ruzzy /install/ruzzy
-COPY ruzzy /usr/bin/ruzzy
-ENV PATH="$PATH:/usr/local/rvm/rubies/ruby-3.3.1/bin"
-# RubyGems installation directory
-ENV GEM_HOME="$OUT/fuzz-gem"
-ENV GEM_PATH="/install/ruzzy"
+# Copy built ruby. It is up to the fuzzing harnesses
+# themselves to set GEM_HOME and GEM_PATH appropriately, as this depends
+# on how the harnesses are packaged.
+COPY --from=base-ruby /usr/local/bin/ruby /usr/local/bin/ruby
+COPY --from=base-ruby /usr/local/bin/gem /usr/local/bin/gem
+COPY --from=base-ruby /usr/local/lib/ruby /usr/local/lib/ruby
+COPY --from=base-ruby /usr/local/include/ruby-3.3.0 /usr/local/include/ruby-3.3.0
 
 # Do this last to make developing these files easier/faster due to caching.
 COPY bad_build_check \

infra/build/functions/build_lib.py

@@ -707,7 +707,7 @@ def get_runner_image_name(test_image_suffix, base_image_tag=None):
   # Only add a tag if it's specified and not 'legacy', as 'legacy' implies
   # 'latest', which is the default behavior.
   if base_image_tag and base_image_tag != 'legacy':
-    image += ':' + base_image_tag
+    image += f":{base_image_tag}"
 
   return image