diff --git a/infra/base-images/base-builder/Dockerfile b/infra/base-images/base-builder/Dockerfile index 8dcbdce6cc5c..0ab8942650cc 100644 --- a/infra/base-images/base-builder/Dockerfile +++ b/infra/base-images/base-builder/Dockerfile @@ -19,9 +19,9 @@ FROM gcr.io/oss-fuzz-base/base-clang COPY install_deps.sh / RUN /install_deps.sh && rm /install_deps.sh -# Build and install latest Python 3 (3.8.3). -ENV PYTHON_VERSION 3.8.3 -RUN export PYTHON_DEPS="\ +# Build and install latest Python 3.10. +ENV PYTHON_VERSION 3.10.14 +RUN PYTHON_DEPS="\ zlib1g-dev \ libncurses5-dev \ libgdbm-dev \ @@ -39,12 +39,14 @@ RUN export PYTHON_DEPS="\ tar -xvf Python-$PYTHON_VERSION.tar.xz && \ cd Python-$PYTHON_VERSION && \ ./configure --enable-optimizations --enable-shared && \ - make -j install && \ + make -j$(nproc) install && \ ldconfig && \ - ln -s /usr/bin/python3 /usr/bin/python && \ + ln -s /usr/local/bin/python3 /usr/local/bin/python && \ cd .. && \ rm -r /tmp/Python-$PYTHON_VERSION.tar.xz /tmp/Python-$PYTHON_VERSION && \ - rm -rf /usr/local/lib/python3.8/test && \ + rm -rf /usr/local/lib/python${PYTHON_VERSION%.*}/test && \ + python3 -m ensurepip && \ + python3 -m pip install --upgrade pip && \ apt-get remove -y $PYTHON_DEPS # https://github.com/google/oss-fuzz/issues/3888 # Install six for Bazel rules. @@ -177,4 +179,4 @@ COPY llvmsymbol.diff $SRC COPY detect_repo.py /opt/cifuzz/ COPY bazel.bazelrc /root/.bazelrc -CMD ["compile"] \ No newline at end of file +CMD ["compile"] diff --git a/infra/base-images/base-runner/Dockerfile b/infra/base-images/base-runner/Dockerfile index 234ac9a01096..951d5b781865 100755 --- a/infra/base-images/base-runner/Dockerfile +++ b/infra/base-images/base-runner/Dockerfile @@ -24,6 +24,11 @@ RUN cargo install rustfilt # Using multi-stage build to copy some LLVM binaries needed in the runner image. FROM gcr.io/oss-fuzz-base/base-clang AS base-clang +# The base builder image compiles a specific Python version. Using a multi-stage build +# to copy that same Python interpreter into the runner image saves build time and keeps +# the Python versions in sync. +FROM gcr.io/oss-fuzz-base/base-builder AS base-builder + # Real image that will be used later. FROM gcr.io/oss-fuzz-base/base-image @@ -35,6 +40,18 @@ COPY --from=base-clang /usr/local/bin/llvm-cov \ /usr/local/bin/llvm-symbolizer \ /usr/local/bin/ +# Copy the pre-compiled Python binaries and libraries +COPY --from=base-builder /usr/local/bin/python3.10 /usr/local/bin/python3.10 +COPY --from=base-builder /usr/local/lib/libpython3.10.so.1.0 /usr/local/lib/libpython3.10.so.1.0 +COPY --from=base-builder /usr/local/include/python3.10 /usr/local/include/python3.10 +COPY --from=base-builder /usr/local/lib/python3.10 /usr/local/lib/python3.10 +COPY --from=base-builder /usr/local/bin/pip3 /usr/local/bin/pip3 + +# Create symbolic links to ensure compatibility +RUN ldconfig && \ + ln -s /usr/local/bin/python3.10 /usr/local/bin/python3 && \ + ln -s /usr/local/bin/python3.10 /usr/local/bin/python + COPY install_deps.sh / RUN /install_deps.sh && rm /install_deps.sh diff --git a/infra/base-images/base-runner/install_deps.sh b/infra/base-images/base-runner/install_deps.sh index ef12cde0061a..fc0569b339ad 100755 --- a/infra/base-images/base-runner/install_deps.sh +++ b/infra/base-images/base-runner/install_deps.sh @@ -20,12 +20,10 @@ apt-get update && apt-get install -y \ binutils \ file \ + ca-certificates \ fonts-dejavu \ git \ libcap2 \ - python3 \ - python3-pip \ - python3-setuptools \ rsync \ unzip \ wget \