diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 79cdf9d28a9..a23d6374c1f 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,3 +7,8 @@ updates: schedule: interval: "weekly" open-pull-requests-limit: 2 + - package-ecosystem: "pip" + directory: "/.github/workflows" + schedule: + interval: "monthly" + open-pull-requests-limit: 2 diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh index abf7c3a8a72..a718b6f37a5 100755 --- a/.github/workflows/build_test.sh +++ b/.github/workflows/build_test.sh @@ -101,11 +101,11 @@ add-apt-repository -y ppa:upstream-systemd-ci/systemd-ci apt-get -y update apt-get -y build-dep systemd apt-get -y install "${PACKAGES[@]}" -# Install the latest meson and ninja form pip, since the distro versions don't -# support all the features we need (like --optimization=). Since the build-dep +# Install more or less recent meson and ninja with pip, since the distro versions don't +# always support all the features we need (like --optimization=). Since the build-dep # command above installs the distro versions, let's install the pip ones just # locally and add the local bin directory to the $PATH. -pip3 install --user -U meson ninja +pip3 install --user -r .github/workflows/requirements.txt --require-hashes export PATH="$HOME/.local/bin:$PATH" $CC --version diff --git a/.github/workflows/requirements.txt b/.github/workflows/requirements.txt new file mode 100644 index 00000000000..889e0826b47 --- /dev/null +++ b/.github/workflows/requirements.txt @@ -0,0 +1,18 @@ +meson==0.60.2 \ + --hash=sha256:64e6968565bf1b8152f4f9d6ca8154efb9e14caa9aabf7b22e71e6c5d053e921 \ + --hash=sha256:f486659a8c723ec8d54dbe00a9a8b4696fc75f499a60a566a9b0d02952ac0be9 +ninja==1.10.2.3 \ + --hash=sha256:0560eea57199e41e86ac2c1af0108b63ae77c3ca4d05a9425a750e908135935a \ + --hash=sha256:21a1d84d4c7df5881bfd86c25cce4cf7af44ba2b8b255c57bc1c434ec30a2dfc \ + --hash=sha256:279836285975e3519392c93c26e75755e8a8a7fafec9f4ecbb0293119ee0f9c6 \ + --hash=sha256:29570a18d697fc84d361e7e6330f0021f34603ae0fcb0ef67ae781e9814aae8d \ + --hash=sha256:5ea785bf6a15727040835256577239fa3cf5da0d60e618c307aa5efc31a1f0ce \ + --hash=sha256:688167841b088b6802e006f911d911ffa925e078c73e8ef2f88286107d3204f8 \ + --hash=sha256:6bd76a025f26b9ae507cf8b2b01bb25bb0031df54ed685d85fc559c411c86cf4 \ + --hash=sha256:740d61fefb4ca13573704ee8fe89b973d40b8dc2a51aaa4e9e68367233743bb6 \ + --hash=sha256:840a0b042d43a8552c4004966e18271ec726e5996578f28345d9ce78e225b67e \ + --hash=sha256:84be6f9ec49f635dc40d4b871319a49fa49b8d55f1d9eae7cd50d8e57ddf7a85 \ + --hash=sha256:9ca8dbece144366d5f575ffc657af03eb11c58251268405bc8519d11cf42f113 \ + --hash=sha256:cc8b31b5509a2129e4d12a35fc21238c157038022560aaf22e49ef0a77039086 \ + --hash=sha256:d5e0275d28997a750a4f445c00bdd357b35cc334c13cdff13edf30e544704fbd \ + --hash=sha256:e1b86ad50d4e681a7dbdff05fc23bb52cb773edb90bc428efba33fa027738408 diff --git a/.lgtm.yml b/.lgtm.yml index 6d52e8e1c12..e27fa169c58 100644 --- a/.lgtm.yml +++ b/.lgtm.yml @@ -32,7 +32,7 @@ extraction: - libssl-dev - python3-jinja2 after_prepare: - - pip3 install meson==0.53.2 + - pip3 install -r .github/workflows/requirements.txt --require-hashes - export PATH="/opt/work/.local/bin:$PATH" python: python_setup: diff --git a/tools/oss-fuzz.sh b/tools/oss-fuzz.sh index 5e011c78b24..8a19da665eb 100755 --- a/tools/oss-fuzz.sh +++ b/tools/oss-fuzz.sh @@ -35,8 +35,12 @@ else apt-get update apt-get install -y gperf m4 gettext python3-pip \ libcap-dev libmount-dev libkmod-dev \ - pkg-config wget - pip3 install meson ninja jinja2 + pkg-config wget python3-jinja2 + pip3 install -r .github/workflows/requirements.txt --require-hashes + + # https://github.com/google/oss-fuzz/issues/6868 + ORIG_PYTHONPATH=$(python3 -c 'import sys;print(":".join(sys.path[1:]))') + export PYTHONPATH="$ORIG_PYTHONPATH:/usr/lib/python3/dist-packages/" if [[ "$SANITIZER" == undefined ]]; then UBSAN_FLAGS="-fsanitize=pointer-overflow -fno-sanitize-recover=pointer-overflow"