fuzz: build fuzzers inside docker

Dockerfile

@@ -7,8 +7,7 @@ COPY octets/ ./octets/
 COPY qlog/ ./qlog/
 COPY quiche/ ./quiche/
 
-RUN apt-get update && apt-get install -y cmake && \
+RUN apt-get update && apt-get install -y cmake && rm -rf /var/lib/apt/lists/*
-    rm -rf /var/lib/apt/lists/*
 
 RUN cargo build --manifest-path apps/Cargo.toml
 

Makefile

@@ -40,8 +40,8 @@ build-fuzz:
 
 # build fuzzing image
 .PHONY: docker-fuzz
-docker-fuzz: build-fuzz
+docker-fuzz:
-	$(DOCKER) build --tag $(FUZZ_REPO):$(FUZZ_TAG) fuzz
+	$(DOCKER) build -f fuzz/Dockerfile --target quiche-libfuzzer --tag $(FUZZ_REPO):$(FUZZ_TAG) .
 
 .PHONY: docker-fuzz-publish
 docker-fuzz-publish:

fuzz/Dockerfile

@@ -1,14 +1,36 @@
-FROM debian:bullseye
+FROM rustlang/rust:nightly as fuzz
+
+WORKDIR /build
+
+COPY Cargo.toml Cargo.toml
+COPY Makefile Makefile
+COPY apps/ ./apps/
+COPY fuzz/ ./fuzz/
+COPY octets/ ./octets/
+COPY qlog/ ./qlog/
+COPY quiche/ ./quiche/
+
+RUN apt-get update && apt-get install -y cmake && rm -rf /var/lib/apt/lists/*
+
+RUN cargo install cargo-fuzz
+RUN make build-fuzz
+
+##
+## quiche-libfuzzer: quiche image for fuzzing
+##
+FROM debian:latest as quiche-libfuzzer
+
 LABEL maintainer="alessandro@cloudflare.com"
 
 WORKDIR /home/mayhem/
 
-# Install llvm-symbolizer to have source code information in stack traces
+RUN apt-get update && apt-get install -y ca-certificates llvm && rm -rf /var/lib/apt/lists/*
-RUN apt-get update && apt-get install llvm -y
 
-COPY ./cert.crt ./
+COPY fuzz/cert.crt ./
-COPY ./cert.key ./
+COPY fuzz/cert.key ./
 
-COPY ./target/x86_64-unknown-linux-gnu/release/packet_recv_client ./
+COPY --from=fuzz \
-COPY ./target/x86_64-unknown-linux-gnu/release/packet_recv_server ./
+     /build/fuzz/target/x86_64-unknown-linux-gnu/release/packet_recv_client \
-COPY ./target/x86_64-unknown-linux-gnu/release/qpack_decode ./
+     /build/fuzz/target/x86_64-unknown-linux-gnu/release/packet_recv_server \
+     /build/fuzz/target/x86_64-unknown-linux-gnu/release/qpack_decode \
+     ./