github-actions[bot]
commented
4 months ago DaveLak is a new contributor to projects/gc-iam. The PR must be approved by known contributors before it can be merged. The past contributors are: arthurscchan
Closed DaveLak closed 4 months ago
github-actions[bot]
commented
4 months ago DaveLak is a new contributor to projects/gc-iam. The PR must be approved by known contributors before it can be merged. The past contributors are: arthurscchan
Fixes Monorail Issue 61581.
The https://github.com/googleapis/python-iam repository was archived on 2023-10-26 and the project was moved to the
google-cloud-iampackage in the https://github.com/googleapis/google-cloud-python repository. The upstream migration removed the source code from the original repo, resulting in the broken build.Related PRs Fixing Similar Issues
12015
12016
Other Changes Introduced Here
Fixes for Missing Instrumentation of Native Extension Code
Native extensions used by this project were not being instrumented despite the environment variables set in
build.shbecausepipwas downloading prebuilt binaries instead of building them with appropriate flags. The result was reduced fuzzer efficacy for ASAN runs and little to no value for UBSAN runs.This is fixed by building dependencies with instrumentation in
build.sh:Passing
--no-binary :all:topip installinstructs pip to prefer building/compiling the required dependencies rather than downloading a pre-built binary. The result is a slower install, but enables more effective fuzzing by instrumenting native extensions shipped with dependencies.:all:is used instead of specifying individual dependencies to make the build more resilient and adaptable to upstream dependency changes.The
Dockerfilewas also updated to install the required build dependencies.Misc.
pipupgrade into theDockerfileso it is only done once when the image is built.google-cloud-coreinstall step and instead relies on thegoogle-cloud-iampackage to specify its own dependencies.enable_python_coverage=Trueargument fromatheris.Setup.