Coverity Scan

From YobiWiki
Jump to navigation Jump to search

Some notes on my setup to use Coverity Scan for libnfc:

Preparation

Chroot

To isolate the tool I'm using it in a chroot created according to [1]:

sudo debootstrap wheezy /pathto/wheezy
sudo chroot /pathto/wheezy

cat > ./usr/sbin/policy-rc.d <<EOF
#!/bin/sh
exit 101
EOF
chmod a+x ./usr/sbin/policy-rc.d
cp /bin/true /usr/bin/ischroot

Tools

Still in the chroot, a few utils to get & compile libnfc and to use coverity-submit:

apt-get install git
apt-get install autoconf libtool pkg-config make

For libnfc:

apt-get install libusb-dev libpcsclite-dev

For libfreefare:

apt-get install libssl-dev

For coverity-submit:

apt-get install python curl

Git clone

git clone https://code.google.com/p/libnfc/
git clone https://code.google.com/p/libfreefare/

coverity scan

Get the tool at https://scan.coverity.com/download and untar it in /opt

coverity-submit

I got that helper script from here.
It requires xmlto to create the man page, which brings >700Mb of dependencies in the chroot so I preferred to compile the man page directly on the host

apt-get install xmlto
cd coverity-submit-1.9
make

The current script is using your password on an unencrypted channel (http) so I prefer to use the token rather than the password to do so:

sed -i 's/password/token/g' coverity-submit

Then in the chroot

cd coverity-submit-1.9
make install
man coverity-submit

It requires a config file so I created ~/.coverity-submit with

[ALL]
name: MyName
userid: myusername
email: my@email
tools: /opt/cov-analysis-linux64-6.6.1/bin

[libnfc]
token: < here_comes_the_token_you_can_see_at https://scan.coverity.com/projects/XXX/upload_form >
prebuild: git clean -d -f -x && autoreconf -vis && ./configure --with-drivers=all
build: make
postbuild: make install

[libfreefare]
token: < here_comes_the_token_you_can_see_at https://scan.coverity.com/projects/XXX/upload_form >
prebuild: git clean -d -f -x && autoreconf -vis && ./configure
build: make

Libnfc postbuild is required to be able to compile libnfc-dependent components such as libfreefare

Usage

Coverity is recording in its report all environment variables so as some of them are still visible in the chroot environment I prefer to remove them first...

sudo chroot /pathto/wheezy
export LANG=C
unset XAUTHORITY
unset SUDO_USER
unset SUDO_COMMAND
unset HOSTNAME

Then for each project:

cd libnfc
git pull
coverity-submit -b $(git describe) -t $(git describe)
cd ..

etc

Configured components

In the dashboard, for libnfc:

Component name Pattern         Ignore in analysis	
lib            /libnfc/.*      No
examples       /examples/.*    No
utils          /utils/.*       No

Note that after configuration of components I had to logout from the "view defects" otherwise I could not open issues anymore