diff --git a/scripts/ci/docker_upgrade.sh b/scripts/ci/docker_upgrade.sh index a9c7acaf2..a6b59e157 100755 --- a/scripts/ci/docker_upgrade.sh +++ b/scripts/ci/docker_upgrade.sh @@ -51,7 +51,17 @@ docker build "scripts/docker/${IMAGE_NAME}" --file "scripts/docker/${IMAGE_NAME} echo "-- test_docker @ '${PWD}'" -docker run --rm --volume "${PWD}:/root/project" "${IMAGE_NAME}" "/root/project/scripts/ci/${IMAGE_NAME}_test_${IMAGE_VARIANT}.sh" +# NOTE: Since /root/project/ is a dir from outside the container and the owner of the files is different, +# git show in the script refuses to work. It must be marked as safe to use first. +# See https://github.blog/2022-04-12-git-security-vulnerability-announced/ +docker run \ + --rm \ + --volume "${PWD}:/root/project" \ + "${IMAGE_NAME}" \ + bash -c " + git config --global --add safe.directory /root/project && + /root/project/scripts/ci/${IMAGE_NAME}_test_${IMAGE_VARIANT}.sh + " echo "-- push_docker" diff --git a/scripts/docker/buildpack-deps/Dockerfile.emscripten b/scripts/docker/buildpack-deps/Dockerfile.emscripten index 0d1d1a28e..81f9881d3 100644 --- a/scripts/docker/buildpack-deps/Dockerfile.emscripten +++ b/scripts/docker/buildpack-deps/Dockerfile.emscripten @@ -33,12 +33,12 @@ # Using $(em-config CACHE)/sysroot/usr seems to work, though, and still has cmake find the # dependencies automatically. FROM emscripten/emsdk:2.0.33 AS base -LABEL version="9" +LABEL version="10" ADD emscripten.jam /usr/src RUN set -ex; \ cd /usr/src; \ - git clone https://github.com/Z3Prover/z3.git -b z3-4.8.14 --depth 1 ; \ + git clone https://github.com/Z3Prover/z3.git -b z3-4.8.16 --depth 1 ; \ cd z3; \ mkdir build; \ cd build; \ diff --git a/scripts/docker/buildpack-deps/Dockerfile.ubuntu1604.clang.ossfuzz b/scripts/docker/buildpack-deps/Dockerfile.ubuntu1604.clang.ossfuzz index bbc554e0f..d85700f33 100644 --- a/scripts/docker/buildpack-deps/Dockerfile.ubuntu1604.clang.ossfuzz +++ b/scripts/docker/buildpack-deps/Dockerfile.ubuntu1604.clang.ossfuzz @@ -22,7 +22,7 @@ # (c) 2016-2021 solidity contributors. #------------------------------------------------------------------------------ FROM gcr.io/oss-fuzz-base/base-clang:latest as base -LABEL version="16" +LABEL version="17" ARG DEBIAN_FRONTEND=noninteractive @@ -61,7 +61,7 @@ RUN set -ex; \ # Z3 RUN set -ex; \ - git clone --depth 1 -b z3-4.8.14 https://github.com/Z3Prover/z3.git \ + git clone --depth 1 -b z3-4.8.16 https://github.com/Z3Prover/z3.git \ /usr/src/z3; \ cd /usr/src/z3; \ mkdir build; \ diff --git a/scripts/docker/buildpack-deps/Dockerfile.ubuntu2004 b/scripts/docker/buildpack-deps/Dockerfile.ubuntu2004 index 6a047aa27..4ef94d30a 100644 --- a/scripts/docker/buildpack-deps/Dockerfile.ubuntu2004 +++ b/scripts/docker/buildpack-deps/Dockerfile.ubuntu2004 @@ -22,7 +22,7 @@ # (c) 2016-2019 solidity contributors. #------------------------------------------------------------------------------ FROM buildpack-deps:focal AS base -LABEL version="11" +LABEL version="12" ARG DEBIAN_FRONTEND=noninteractive diff --git a/scripts/docker/buildpack-deps/Dockerfile.ubuntu2004.clang b/scripts/docker/buildpack-deps/Dockerfile.ubuntu2004.clang index 853969ecd..4a0fadd25 100644 --- a/scripts/docker/buildpack-deps/Dockerfile.ubuntu2004.clang +++ b/scripts/docker/buildpack-deps/Dockerfile.ubuntu2004.clang @@ -22,7 +22,7 @@ # (c) 2016-2019 solidity contributors. #------------------------------------------------------------------------------ FROM buildpack-deps:focal AS base -LABEL version="11" +LABEL version="12" ARG DEBIAN_FRONTEND=noninteractive