[setuptools] Fix Broken Build & Improve Fuzz Harness #12340
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Upgrades Pyinstaller to 3.10.0 as it is the minimum version that implements support for setuptools >= 71.0.0 and its new approach to vendoring its dependencies. See: https://setuptools.pypa.io/en/latest/history.html Replaces `tomli` import from `setuptools.extern` with a direct import to resolve a `ModuleNotFoundError: No module named 'setuptools.extern'` exception. Importing from `setuptools.extern` appears to be discouraged as per comments on: pypa/setuptools#4498
- Speed up fuzzer cold-starts by using `atheris.instrument_imports` instead of `atheris.instrument_all`. - Use the TemporaryDirectory context manager to obtain a new temporary directory instead of hardocing the path. - Write a variable amount of fuzzed data to the test file. - Remove deprecated Atheris argument. - Return from the fuzz test after handled exceptions to signal to the fuzzing engine that the test is done.
There is no need to clone the distutils repo more than once. Also adds `git clone` flags to minimize the size of cloned repos.
|
DaveLak is a new contributor to projects/setuptools. The PR must be approved by known contributors before it can be merged. |
|
@DavidKorczynski Could you please help double-check this? |
|
Gentle ping @DavidKorczynski, thanks! |
|
I'll take a look at this in detail tomorrow! |
DavidKorczynski
approved these changes
Oct 6, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes Issue 68958: setuptools: Fuzzing Build Failure
Fixes the
setuptoolsfuzzer builds that have been broken since May 12, 2024.Key Changes
Pyinstaller Upgrade: Updated Pyinstaller to version 3.10.0, which is the minimum version supporting setuptools >= 71.0.0. This upgrade addresses the new dependency vendoring approach in setuptools. For more details, refer to the setuptools history.
Tomli Import Fix: Replaced the
tomliimport fromsetuptools.externwith a direct import. This change resolves theModuleNotFoundError: No module named 'setuptools.extern'exception. Usingsetuptools.externfor imports is discouraged, as noted in pypa/setuptools#4498.Additional Improvements
Dictionary Addition: Added a dictionary for setuptools fuzz harnesses.
Fuzzer Optimization: Improved fuzzer cold-start time by using
atheris.instrument_importsinstead ofatheris.instrument_all. For additional details on other minor changes, see commit e01e5aeb3da0e55cec36887f5adda32b97dc2256.Docker Image Enhancement: Cached the cloned dependency during the Docker image build step.