Difference between revisions of "Coverity Scan"

From YobiWiki
Jump to navigation Jump to search
m
 
(2 intermediate revisions by the same user not shown)
Line 15: Line 15:
 
cp /bin/true /usr/bin/ischroot
 
cp /bin/true /usr/bin/ischroot
 
</source>
 
</source>
  +
  +
Note that the DNS info are statically copied from your current environment so under other network conditions it may fail if DNS is incompatible. You'll get already better chances by picking a public DNS (Google 8.8.8.8, opendns, etc) rather than a 192.168.xx.1.
  +
 
===Tools===
 
===Tools===
 
Still in the chroot, a few utils to get & compile libnfc and to use coverity-submit:
 
Still in the chroot, a few utils to get & compile libnfc and to use coverity-submit:
Line 45: Line 48:
 
===coverity-submit===
 
===coverity-submit===
 
I got that helper script from [http://www.catb.org/~esr/coverity-submit/ here].
 
I got that helper script from [http://www.catb.org/~esr/coverity-submit/ here].
<br>It requires xmlto to create the man page, which brings >700Mb of dependencies in the chroot so I preferred to compile the man page directly on the host
+
<br>It requires xmlto to create the man page, which brings >700Mb of dependencies in the chroot so I preferred to compile the man page directly on the host.
  +
<br>next revisions of coverity-submit should contain a compiled manpage, it'll be easier...
 
<source lang=bash>
 
<source lang=bash>
 
apt-get install xmlto
 
apt-get install xmlto
Line 51: Line 55:
 
make
 
make
 
</source>
 
</source>
  +
The current script is using your password on an unencrypted channel (http) so I prefer to use the token rather than the password to do so:
 
<source lang=bash>
 
sed -i 's/password/token/g' coverity-submit
 
</source>
 
 
Then in the chroot
 
Then in the chroot
 
<source lang=bash>
 
<source lang=bash>
Line 70: Line 71:
   
 
[libnfc]
 
[libnfc]
token: < here_comes_the_token_you_can_see_at https://scan.coverity.com/projects/XXX/upload_form >
+
password: < here_comes_the_token_you_can_see_at https://scan.coverity.com/projects/XXX/upload_form >
 
prebuild: git clean -d -f -x && autoreconf -vis && ./configure --with-drivers=all
 
prebuild: git clean -d -f -x && autoreconf -vis && ./configure --with-drivers=all
 
build: make
 
build: make
Line 76: Line 77:
   
 
[libfreefare]
 
[libfreefare]
token: < here_comes_the_token_you_can_see_at https://scan.coverity.com/projects/XXX/upload_form >
+
password: < here_comes_the_token_you_can_see_at https://scan.coverity.com/projects/XXX/upload_form >
 
prebuild: git clean -d -f -x && autoreconf -vis && ./configure
 
prebuild: git clean -d -f -x && autoreconf -vis && ./configure
 
build: make
 
build: make
 
</source>
 
</source>
 
Libnfc postbuild is required to be able to compile libnfc-dependent components such as libfreefare
 
Libnfc postbuild is required to be able to compile libnfc-dependent components such as libfreefare
  +
  +
The current script is using a "password" which is actually the project "token". coverity-submit should soon accept the word "token" as synonym of "password" in the config.
   
 
==Usage==
 
==Usage==

Latest revision as of 22:53, 24 September 2013

Some notes on my setup to use Coverity Scan for libnfc & alike:

Preparation

Chroot

To isolate the tool I'm using it in a chroot created according to [1]:

sudo debootstrap wheezy /pathto/wheezy
sudo chroot /pathto/wheezy

cat > ./usr/sbin/policy-rc.d <<EOF
#!/bin/sh
exit 101
EOF
chmod a+x ./usr/sbin/policy-rc.d
cp /bin/true /usr/bin/ischroot

Note that the DNS info are statically copied from your current environment so under other network conditions it may fail if DNS is incompatible. You'll get already better chances by picking a public DNS (Google 8.8.8.8, opendns, etc) rather than a 192.168.xx.1.

Tools

Still in the chroot, a few utils to get & compile libnfc and to use coverity-submit:

apt-get install git
apt-get install autoconf libtool pkg-config make

For libnfc:

apt-get install libusb-dev libpcsclite-dev

For libfreefare:

apt-get install libssl-dev

For coverity-submit:

apt-get install python curl

Git clone

git clone https://code.google.com/p/libnfc/
git clone https://code.google.com/p/libfreefare/

coverity scan

Get the tool at https://scan.coverity.com/download and untar it in /opt

coverity-submit

I got that helper script from here.
It requires xmlto to create the man page, which brings >700Mb of dependencies in the chroot so I preferred to compile the man page directly on the host.
next revisions of coverity-submit should contain a compiled manpage, it'll be easier...

apt-get install xmlto
cd coverity-submit-1.9
make

Then in the chroot

cd coverity-submit-1.9
make install
man coverity-submit

It requires a config file so I created ~/.coverity-submit with

[ALL]
name: MyName
userid: myusername
email: my@email
tools: /opt/cov-analysis-linux64-6.6.1/bin

[libnfc]
password: < here_comes_the_token_you_can_see_at https://scan.coverity.com/projects/XXX/upload_form >
prebuild: git clean -d -f -x && autoreconf -vis && ./configure --with-drivers=all
build: make
postbuild: make install

[libfreefare]
password: < here_comes_the_token_you_can_see_at https://scan.coverity.com/projects/XXX/upload_form >
prebuild: git clean -d -f -x && autoreconf -vis && ./configure
build: make

Libnfc postbuild is required to be able to compile libnfc-dependent components such as libfreefare

The current script is using a "password" which is actually the project "token". coverity-submit should soon accept the word "token" as synonym of "password" in the config.

Usage

Coverity is recording in its report all environment variables so as some of them are still visible in the chroot environment I prefer to remove them first...

sudo chroot /pathto/wheezy
export LANG=C
unset XAUTHORITY
unset SUDO_USER
unset SUDO_COMMAND
unset HOSTNAME

Then for each project:

cd libnfc
git pull
coverity-submit -b $(git describe) -t $(git describe)
cd ..

etc

Configured components

In the dashboard, for libnfc:

Component name Pattern         Ignore in analysis	
lib            /libnfc/.*      No
examples       /examples/.*    No
utils          /utils/.*       No

Note that after configuration of components I had to logout from the "view defects" otherwise I could not open issues anymore