Difference between revisions of "Coverity Scan"
m (→Usage) |
|||
(11 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | Some notes on my setup to use Coverity Scan for libnfc: |
+ | Some notes on my setup to use Coverity Scan for libnfc & alike: |
==Preparation== |
==Preparation== |
||
Line 15: | Line 15: | ||
cp /bin/true /usr/bin/ischroot |
cp /bin/true /usr/bin/ischroot |
||
</source> |
</source> |
||
+ | |||
+ | Note that the DNS info are statically copied from your current environment so under other network conditions it may fail if DNS is incompatible. You'll get already better chances by picking a public DNS (Google 8.8.8.8, opendns, etc) rather than a 192.168.xx.1. |
||
+ | |||
===Tools=== |
===Tools=== |
||
Still in the chroot, a few utils to get & compile libnfc and to use coverity-submit: |
Still in the chroot, a few utils to get & compile libnfc and to use coverity-submit: |
||
Line 20: | Line 23: | ||
apt-get install git |
apt-get install git |
||
apt-get install autoconf libtool pkg-config make |
apt-get install autoconf libtool pkg-config make |
||
+ | </source> |
||
+ | For libnfc: |
||
+ | <source lang=bash> |
||
apt-get install libusb-dev libpcsclite-dev |
apt-get install libusb-dev libpcsclite-dev |
||
+ | </source> |
||
+ | For libfreefare: |
||
+ | <source lang=bash> |
||
+ | apt-get install libssl-dev |
||
+ | </source> |
||
+ | For coverity-submit: |
||
+ | <source lang=bash> |
||
apt-get install python curl |
apt-get install python curl |
||
</source> |
</source> |
||
+ | |||
===Git clone=== |
===Git clone=== |
||
<source lang=bash> |
<source lang=bash> |
||
git clone https://code.google.com/p/libnfc/ |
git clone https://code.google.com/p/libnfc/ |
||
+ | git clone https://code.google.com/p/libfreefare/ |
||
</source> |
</source> |
||
+ | |||
===coverity scan=== |
===coverity scan=== |
||
Get the tool at https://scan.coverity.com/download |
Get the tool at https://scan.coverity.com/download |
||
Line 32: | Line 48: | ||
===coverity-submit=== |
===coverity-submit=== |
||
I got that helper script from [http://www.catb.org/~esr/coverity-submit/ here]. |
I got that helper script from [http://www.catb.org/~esr/coverity-submit/ here]. |
||
− | < |
+ | <br>It requires xmlto to create the man page, which brings >700Mb of dependencies in the chroot so I preferred to compile the man page directly on the host. |
+ | <br>next revisions of coverity-submit should contain a compiled manpage, it'll be easier... |
||
<source lang=bash> |
<source lang=bash> |
||
apt-get install xmlto |
apt-get install xmlto |
||
Line 38: | Line 55: | ||
make |
make |
||
</source> |
</source> |
||
+ | |||
Then in the chroot |
Then in the chroot |
||
<source lang=bash> |
<source lang=bash> |
||
Line 53: | Line 71: | ||
[libnfc] |
[libnfc] |
||
− | + | password: < here_comes_the_token_you_can_see_at https://scan.coverity.com/projects/XXX/upload_form > |
|
prebuild: git clean -d -f -x && autoreconf -vis && ./configure --with-drivers=all |
prebuild: git clean -d -f -x && autoreconf -vis && ./configure --with-drivers=all |
||
+ | build: make |
||
+ | postbuild: make install |
||
+ | |||
+ | [libfreefare] |
||
+ | password: < here_comes_the_token_you_can_see_at https://scan.coverity.com/projects/XXX/upload_form > |
||
+ | prebuild: git clean -d -f -x && autoreconf -vis && ./configure |
||
build: make |
build: make |
||
</source> |
</source> |
||
+ | Libnfc postbuild is required to be able to compile libnfc-dependent components such as libfreefare |
||
+ | |||
+ | The current script is using a "password" which is actually the project "token". coverity-submit should soon accept the word "token" as synonym of "password" in the config. |
||
+ | |||
==Usage== |
==Usage== |
||
Coverity is recording in its report all environment variables so as some of them are still visible in the chroot environment I prefer to remove them first... |
Coverity is recording in its report all environment variables so as some of them are still visible in the chroot environment I prefer to remove them first... |
||
Line 66: | Line 94: | ||
unset SUDO_COMMAND |
unset SUDO_COMMAND |
||
unset HOSTNAME |
unset HOSTNAME |
||
+ | </source> |
||
+ | Then for each project: |
||
+ | <source lang=bash> |
||
+ | cd libnfc |
||
git pull |
git pull |
||
coverity-submit -b $(git describe) -t $(git describe) |
coverity-submit -b $(git describe) -t $(git describe) |
||
+ | cd .. |
||
</source> |
</source> |
||
+ | etc |
||
==Configured components== |
==Configured components== |
||
− | In the dashboard: |
+ | In the dashboard, for libnfc: |
Component name Pattern Ignore in analysis |
Component name Pattern Ignore in analysis |
||
lib /libnfc/.* No |
lib /libnfc/.* No |
||
examples /examples/.* No |
examples /examples/.* No |
||
utils /utils/.* No |
utils /utils/.* No |
||
+ | Note that after configuration of components I had to logout from the "view defects" otherwise I could not open issues anymore |
Latest revision as of 22:53, 24 September 2013
Some notes on my setup to use Coverity Scan for libnfc & alike:
Preparation
Chroot
To isolate the tool I'm using it in a chroot created according to [1]:
sudo debootstrap wheezy /pathto/wheezy
sudo chroot /pathto/wheezy
cat > ./usr/sbin/policy-rc.d <<EOF
#!/bin/sh
exit 101
EOF
chmod a+x ./usr/sbin/policy-rc.d
cp /bin/true /usr/bin/ischroot
Note that the DNS info are statically copied from your current environment so under other network conditions it may fail if DNS is incompatible. You'll get already better chances by picking a public DNS (Google 8.8.8.8, opendns, etc) rather than a 192.168.xx.1.
Tools
Still in the chroot, a few utils to get & compile libnfc and to use coverity-submit:
apt-get install git
apt-get install autoconf libtool pkg-config make
For libnfc:
apt-get install libusb-dev libpcsclite-dev
For libfreefare:
apt-get install libssl-dev
For coverity-submit:
apt-get install python curl
Git clone
git clone https://code.google.com/p/libnfc/
git clone https://code.google.com/p/libfreefare/
coverity scan
Get the tool at https://scan.coverity.com/download and untar it in /opt
coverity-submit
I got that helper script from here.
It requires xmlto to create the man page, which brings >700Mb of dependencies in the chroot so I preferred to compile the man page directly on the host.
next revisions of coverity-submit should contain a compiled manpage, it'll be easier...
apt-get install xmlto
cd coverity-submit-1.9
make
Then in the chroot
cd coverity-submit-1.9
make install
man coverity-submit
It requires a config file so I created ~/.coverity-submit with
[ALL]
name: MyName
userid: myusername
email: my@email
tools: /opt/cov-analysis-linux64-6.6.1/bin
[libnfc]
password: < here_comes_the_token_you_can_see_at https://scan.coverity.com/projects/XXX/upload_form >
prebuild: git clean -d -f -x && autoreconf -vis && ./configure --with-drivers=all
build: make
postbuild: make install
[libfreefare]
password: < here_comes_the_token_you_can_see_at https://scan.coverity.com/projects/XXX/upload_form >
prebuild: git clean -d -f -x && autoreconf -vis && ./configure
build: make
Libnfc postbuild is required to be able to compile libnfc-dependent components such as libfreefare
The current script is using a "password" which is actually the project "token". coverity-submit should soon accept the word "token" as synonym of "password" in the config.
Usage
Coverity is recording in its report all environment variables so as some of them are still visible in the chroot environment I prefer to remove them first...
sudo chroot /pathto/wheezy
export LANG=C
unset XAUTHORITY
unset SUDO_USER
unset SUDO_COMMAND
unset HOSTNAME
Then for each project:
cd libnfc
git pull
coverity-submit -b $(git describe) -t $(git describe)
cd ..
etc
Configured components
In the dashboard, for libnfc:
Component name Pattern Ignore in analysis lib /libnfc/.* No examples /examples/.* No utils /utils/.* No
Note that after configuration of components I had to logout from the "view defects" otherwise I could not open issues anymore