-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[infra] upgrade python #9532
base: master
Are you sure you want to change the base?
[infra] upgrade python #9532
Conversation
/gcbrun trial_build.py all --sanitizer coverage address --fuzzing-engine libfuzzer |
Github is breaking this by messing with something bazel (which i really wish we weren't installing in base images) depends on: https://twitter.com/mihaimaruseac/status/1620179105038876672 |
/gcbrun trial_build.py all --sanitizer coverage address --fuzzing-engine libfuzzer |
failures spurious |
/gcbrun trial_build.py tint spirv-tools pycrypto wheel proto-plus-python http-pattern-matcher airflow --sanitizer coverage address --fuzzing-engine libfuzzer |
@nareddyt this CL will break http-pattern-matcher when it lands. |
/gcbrun trial_build.py all |
http-pattern-matcher is stable and in maintenance mode, so I am not too worried. Fuzzer hasn't found anything recently |
/gcbrun trial_build.py all --sanitizer coverage address memory undefined none |
spurious: real: ? |
/gcbrun trial_build.py wolfmqtt libecc wolfssl tensorflow cel-cpp wheel pycrypto proto-plus-python http-pattern-matcher libecc tinyus bcloud-hypervisor fabric cryptofuzz minify miniz ygot suricata htmlunit bitcoin-core --sanitizer coverage address memory undefined none |
If this breaks less than 10 projects in the end I think i will merge. |
21bd09b
to
0ad5846
Compare
/gcbrun trial_build.py wolfmqtt libecc wolfssl tensorflow cel-cpp wheel pycrypto proto-plus-python http-pattern-matcher libecc tinyus bcloud-hypervisor fabric cryptofuzz minify miniz ygot suricata htmlunit bitcoin-core --sanitizer coverage address memory undefined none |
Fuzz introspector depends on python3.9 right @DavidKorczynski ? |
/gcbrun trial_build.py wolfmqtt libecc wolfssl tensorflow cel-cpp wheel pycrypto proto-plus-python http-pattern-matcher libecc tinyus bcloud-hypervisor fabric cryptofuzz minify miniz ygot suricata htmlunit bitcoin-core --sanitizer coverage address memory undefined none introspector |
In general Python 3.9+ should be fine, but let me double check tomorrow if 3.10.8 has no issues and update if so. One area where we depend on 3.9 is oss-fuzz/infra/base-images/base-builder/compile_python_fuzzer Lines 33 to 40 in daef594
|
159c9ca
to
a333b02
Compare
/gcbrun trial_build.py wolfmqtt libecc wolfssl tensorflow cel-cpp wheel pycrypto proto-plus-python http-pattern-matcher libecc tinyus bcloud-hypervisor fabric cryptofuzz minify miniz ygot suricata htmlunit bitcoin-core --sanitizer coverage address memory undefined none introspector |
/gcbrun trial_build.py all |
/gcbrun trial_build.py wolfmqtt |
The changes introduced here upgrade Python from 3.8 to 3.10.14 inside the base-builder and base-runner images. ### base-builder changes: Prior to these changes, base-builder compiled Python 3.8 from source using sources downloaded from the official release servers at https://www.python.org/ftp/python/. This updates the compiled version to 3.10.14 (the latest 3.10 release) instead. ### base-runner changes: Prior to these changes, base-runner installed Python 3.8 from the default apt repository provided by the Ubuntu 20.04 image it's based on. These apt repositories do not have a version of Python 3.10 available by default. This updates the base-runner to instead use a multi-stage build to copy the same Python interpreter compiled by the base-builder image into the runner image, which ensures both Python versions remain in-sync while saving build time by re-using a pre-built version. ## Motivation - Code coverage does not work on Python projects that use Python 3.10+ syntax, and will not work until this or similar changes are landed (see google#11419) - Upgrading the base-image to use Ubuntu 22.04 (which provides more recent Python versions via apt) has been stated as being unlikely to happen any time soon (see google#3290) - Many OSS-Fuzz integrated Python projects no longer support Python 3.8 and have resorted to implementing ad-hoc workarounds to upgrade to newer Python versions, including installing Python from the Dead Snakes PPA. - This leads to fragmentation and hard to debug issues. Maintenance is easier when everyone is using the same version without issue. - With [Python 3.8 reaching end of life soon (in 2024-10)][python- versions-EOL], it is likely that more Python projects will begin dropping support for 3.8, further increasing the number of broken builds and ad-hoc workarounds. - Previous attempts at upgrading Python have stalled. ## Known & Expected Issues Several project Dockerfiles and build scripts contain hard coded references to python3.8 file system paths, and many more have implanted ad-hoc workarounds to upgrade to newer Python versions than 3.8 (typically 3.9.) Additional changes are required to each of these projects to ensure they successfully build after this upgrade to Python 3.10. ### Fuzz Introspector Caveat Fuzz Introspector currently uses Python 3.9. While an upgrade to 3.10 is not expected to introduce any new issues, it was not tested on these changes and may require additional work. ## Possible Areas of Improvement Using the base-builder image in a multi-stage build to copy the pre- compiled Python into base-runner is effective, but feels like a workaround that may be introducing tech debt. A cleaner approach would be to extract the Python compilation into a discrete base image similar to how `base-clang` works, and use that as the multi-stage builder in images that need it. --- Fixes: - google#11419 Supersedes: - google#9532 - google#11420 [python-versions-EOL]: https://devguide.python.org/versions/
@jonathanmetzman I took a slightly different approach at this in #12027. I've tested it locally with most of the projects that failed on this PR. Most of them seem to be passing, and I've flagged or drafted a patch for those that didn't. Would you please take a look and let me know what you think whenever you get a chance? Thanks! |
Let me try when I get back in the office, sure |
After 5 years, 3.8 is EOL now: https://devguide.python.org/versions/#unsupported-versions |
No description provided.