Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bumped NDK version to 27 #1278

Merged
merged 3 commits into from
Jan 14, 2025
Merged

Bumped NDK version to 27 #1278

merged 3 commits into from
Jan 14, 2025

Conversation

jkurdek
Copy link
Member

@jkurdek jkurdek commented Dec 4, 2024

Updates the container to use LTS Android NDK.

@jkoritzinsky
Copy link
Member

Can you remove the deletion of clang-tidy now that we're updating the NDK?

@jkurdek
Copy link
Member Author

jkurdek commented Dec 4, 2024

@jkoritzinsky should we also remove the deletion of python site packages? NDK 27 contains python 3.11

@jkoritzinsky
Copy link
Member

I'm not sure if we can remove the site packages deletion. If you try locally, can you run docker scout cves on the image and ensure it comes back clean? When I tried with NDK 27 the python version inside of the LLVM prebuild was still causing issues.

@jkurdek
Copy link
Member Author

jkurdek commented Dec 5, 2024

I checked - python site packages need to be removed. Also, even after removing site packages the output is not entirely clear. There are some vulnerabilities around pkg:npm/[email protected] and pkg:nuget/[email protected]. But I can see they are there even without the bump.

@jkoritzinsky
Copy link
Member

What's the path of the npm/cross-spawn one?

The System.Formats.Asn1 one isn't one I'm worried about (as that's one of our packages, the docker team knows how to fix that one).

@akoeplinger
Copy link
Member

npm/cross-spawn is coming from /usr/lib/node_modules/npm/node_modules/cross-spawn/package.json so from the upstream Azure Linux npm package.

The System.Formats.Asn1 is coming from /opt/microsoft/powershell/7/Modules/PSReadLine/_manifest/spdx_2.2/manifest.spdx.json

@@ -27,8 +27,7 @@ RUN /usr/local/cmdline-tools/cmdline-tools/bin/sdkmanager --sdk_root="${ANDROID_

# We can't upgrade the NDK version as the runtime repo requires tooling that only exists up to NDK 23
# Remove all components of NDK 23 that are flagged by security scanners
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

comment should be updated since it doesn't apply anymore

@jkoritzinsky
Copy link
Member

In that case, I think both of those are "fine" in the sense that S360 hasn't flagged them for us to fix.

@akoeplinger
Copy link
Member

We could also remove the manual copying of Java since Azure Linux 3.0 now provides an out of the box package for msopenjdk-17 that we can install via tdnf

@jkurdek
Copy link
Member Author

jkurdek commented Dec 10, 2024

@akoeplinger if we remove Java copying here, what runtime changes would we have to implement?

@akoeplinger
Copy link
Member

none, we'd just install the msopenjdk-17 package instead of the COPY --from=mcr.microsoft.com/openjdk/jdk:17-mariner $JAVA_HOME $JAVA_HOME. I can send a PR later, it's just an optimization.

@jkurdek
Copy link
Member Author

jkurdek commented Jan 13, 2025

Ready to merge, runtime should be ready to work with NDK 27 on main and .NET 9 branches

@jkoritzinsky jkoritzinsky merged commit 4327bbe into dotnet:main Jan 14, 2025
10 checks passed
steveisok added a commit to steveisok/runtime that referenced this pull request Jan 14, 2025
…d aot offsets

Since we bumped the NDK in dotnet/dotnet-buildtools-prereqs-docker#1278, libClang.so is no longer found in the place we
expect. As a result, the android aot offsets won't be generated and the dedicated CI leg will fail.

This change fixes the path.
steveisok added a commit to steveisok/runtime that referenced this pull request Jan 14, 2025
…, libClang.so is no longer found in the place we expect. As a result, the android aot offsets won't be generated and the dedicated CI leg will fail.

This change fixes the path.
carlossanlop pushed a commit to dotnet/runtime that referenced this pull request Jan 14, 2025
…, libClang.so is no longer found in the place we expect. As a result, the android aot offsets won't be generated and the dedicated CI leg will fail. (#111426)

This change fixes the path.
jkurdek pushed a commit to dotnet/runtime that referenced this pull request Jan 21, 2025
…, libClang.so is no longer found in the place we expect. As a result, the android aot offsets won't be generated and the dedicated CI leg will fail.

This change fixes the path.
jkurdek pushed a commit to dotnet/runtime that referenced this pull request Jan 22, 2025
…, libClang.so is no longer found in the place we expect. As a result, the android aot offsets won't be generated and the dedicated CI leg will fail.

This change fixes the path.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants