Some notes on my setup to use Coverity Scan for libnfc & alike:
To isolate the tool I'm using it in a chroot created according to :
sudo debootstrap wheezy /pathto/wheezy sudo chroot /pathto/wheezy cat > ./usr/sbin/policy-rc.d <<EOF #!/bin/sh exit 101 EOF chmod a+x ./usr/sbin/policy-rc.d cp /bin/true /usr/bin/ischroot
Note that the DNS info are statically copied from your current environment so under other network conditions it may fail if DNS is incompatible. You'll get already better chances by picking a public DNS (Google 22.214.171.124, opendns, etc) rather than a 192.168.xx.1.
Still in the chroot, a few utils to get & compile libnfc and to use coverity-submit:
apt-get install git apt-get install autoconf libtool pkg-config make
apt-get install libusb-dev libpcsclite-dev
apt-get install libssl-dev
apt-get install python curl
git clone https://code.google.com/p/libnfc/ git clone https://code.google.com/p/libfreefare/
Get the tool at https://scan.coverity.com/download and untar it in /opt
I got that helper script from here.
It requires xmlto to create the man page, which brings >700Mb of dependencies in the chroot so I preferred to compile the man page directly on the host.
next revisions of coverity-submit should contain a compiled manpage, it'll be easier...
apt-get install xmlto cd coverity-submit-1.9 make
Then in the chroot
cd coverity-submit-1.9 make install man coverity-submit
It requires a config file so I created ~/.coverity-submit with
[ALL] name: MyName userid: myusername email: my@email tools: /opt/cov-analysis-linux64-6.6.1/bin [libnfc] password: < here_comes_the_token_you_can_see_at https://scan.coverity.com/projects/XXX/upload_form > prebuild: git clean -d -f -x && autoreconf -vis && ./configure --with-drivers=all build: make postbuild: make install [libfreefare] password: < here_comes_the_token_you_can_see_at https://scan.coverity.com/projects/XXX/upload_form > prebuild: git clean -d -f -x && autoreconf -vis && ./configure build: make
Libnfc postbuild is required to be able to compile libnfc-dependent components such as libfreefare
The current script is using a "password" which is actually the project "token". coverity-submit should soon accept the word "token" as synonym of "password" in the config.
Coverity is recording in its report all environment variables so as some of them are still visible in the chroot environment I prefer to remove them first...
sudo chroot /pathto/wheezy export LANG=C unset XAUTHORITY unset SUDO_USER unset SUDO_COMMAND unset HOSTNAME
Then for each project:
cd libnfc git pull coverity-submit -b $(git describe) -t $(git describe) cd ..
In the dashboard, for libnfc:
Component name Pattern Ignore in analysis lib /libnfc/.* No examples /examples/.* No utils /utils/.* No
Note that after configuration of components I had to logout from the "view defects" otherwise I could not open issues anymore