|
|
@@ -1,4 +1,5 @@
|
|
|
#!/usr/bin/env bash
|
|
|
+#
|
|
|
# Coverity scan script
|
|
|
#
|
|
|
# Copyright: SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
@@ -6,6 +7,7 @@
|
|
|
# Author : Costa Tsaousis (costa@netdata.cloud)
|
|
|
# Author : Pawel Krupa (paulfantom)
|
|
|
# Author : Pavlos Emm. Katsoulakis (paul@netdata.cloud)
|
|
|
+# shellcheck disable=SC1091,SC2230,SC2086
|
|
|
|
|
|
# To run manually, save configuration to .coverity-scan.conf like this:
|
|
|
#
|
|
|
@@ -25,22 +27,30 @@
|
|
|
# this includes the token, so the default is not to print it.
|
|
|
# COVERITY_SUBMIT_DEBUG=1
|
|
|
#
|
|
|
+# Override the standard coverity build version we know is supported
|
|
|
+# COVERITY_BUILD_VERSION="cov-analysis-linux64-2019.03"
|
|
|
+#
|
|
|
# All these variables can also be exported before running this script.
|
|
|
#
|
|
|
# If the first parameter of this script is "install",
|
|
|
# coverity build tools will be downloaded and installed in /opt/coverity
|
|
|
|
|
|
+set -e
|
|
|
+
|
|
|
+INSTALL_DIR="/opt"
|
|
|
+
|
|
|
# the version of coverity to use
|
|
|
-COVERITY_BUILD_VERSION="cov-analysis-linux64-2019.03"
|
|
|
+COVERITY_BUILD_VERSION="${COVERITY_BUILD_VERSION:-cov-analysis-linux64-2019.03}"
|
|
|
|
|
|
-source packaging/installer/functions.sh || exit 1
|
|
|
+# TODO: For some reasons this does not fully load on Debian 10 (Haven't checked if it happens on other distros yet), it breaks
|
|
|
+source packaging/installer/functions.sh || echo "Failed to fully load the functions library"
|
|
|
|
|
|
cpus=$(find_processors)
|
|
|
[ -z "${cpus}" ] && cpus=1
|
|
|
|
|
|
if [ -f ".coverity-scan.conf" ]
|
|
|
then
|
|
|
- source ".coverity-scan.conf" || exit 1
|
|
|
+ source ".coverity-scan.conf"
|
|
|
fi
|
|
|
|
|
|
repo="${REPOSITORY}"
|
|
|
@@ -59,6 +69,10 @@ if [ -z "${token}" ]; then
|
|
|
fatal "export variable COVERITY_SCAN_TOKEN or set it in .coverity-scan.conf"
|
|
|
fi
|
|
|
|
|
|
+if ! command -v curl >/dev/null 2>&1; then
|
|
|
+ fatal "CURL is required for coverity scan to work"
|
|
|
+fi
|
|
|
+
|
|
|
# only print the output of a command
|
|
|
# when debugging is enabled
|
|
|
# used to hide the token when debugging is not enabled
|
|
|
@@ -74,9 +88,11 @@ debugrun() {
|
|
|
}
|
|
|
|
|
|
scanit() {
|
|
|
- export PATH="${PATH}:/opt/${COVERITY_BUILD_VERSION}/bin/"
|
|
|
+ progress "Scanning using coverity"
|
|
|
+ export PATH="${PATH}:${INSTALL_DIR}/${COVERITY_BUILD_VERSION}/bin/"
|
|
|
covbuild="${COVERITY_BUILD_PATH}"
|
|
|
[ -z "${covbuild}" ] && covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)"
|
|
|
+
|
|
|
if [ -z "${covbuild}" ]; then
|
|
|
fatal "Cannot find 'cov-build' binary in \$PATH. Export variable COVERITY_BUILD_PATH or set it in .coverity-scan.conf"
|
|
|
elif [ ! -x "${covbuild}" ]; then
|
|
|
@@ -94,54 +110,45 @@ scanit() {
|
|
|
[ -f netdata-coverity-analysis.tgz ] && run rm netdata-coverity-analysis.tgz
|
|
|
|
|
|
progress "Configuring netdata source..."
|
|
|
+
|
|
|
run autoreconf -ivf
|
|
|
- run ./configure --disable-lto \
|
|
|
- --enable-https \
|
|
|
- --enable-jsonc \
|
|
|
- --enable-plugin-nfacct \
|
|
|
- --enable-plugin-freeipmi \
|
|
|
- --enable-plugin-cups \
|
|
|
- --enable-backend-prometheus-remote-write \
|
|
|
- ${NULL}
|
|
|
-
|
|
|
- # TODO: enable these plugins too
|
|
|
- # --enable-plugin-xenstat \
|
|
|
- # --enable-backend-kinesis \
|
|
|
- # --enable-backend-mongodb \
|
|
|
+ run ./configure ${OTHER_OPTIONS}
|
|
|
|
|
|
progress "Analyzing netdata..."
|
|
|
- run "${covbuild}" --dir cov-int make -j${cpus} || exit 1
|
|
|
+ run "${covbuild}" --dir cov-int make -j${cpus}
|
|
|
|
|
|
echo >&2 "Compressing analysis..."
|
|
|
- run tar czvf netdata-coverity-analysis.tgz cov-int || exit 1
|
|
|
+ run tar czvf netdata-coverity-analysis.tgz cov-int
|
|
|
|
|
|
echo >&2 "Sending analysis to coverity for netdata version ${version} ..."
|
|
|
COVERITY_SUBMIT_RESULT=$(debugrun curl --progress-bar \
|
|
|
--form token="${token}" \
|
|
|
- --form email=${email} \
|
|
|
+ --form email="${email}" \
|
|
|
--form file=@netdata-coverity-analysis.tgz \
|
|
|
--form version="${version}" \
|
|
|
--form description="netdata, monitor everything, in real-time." \
|
|
|
- https://scan.coverity.com/builds?project=${repo})
|
|
|
+ https://scan.coverity.com/builds?project="${repo}")
|
|
|
|
|
|
- echo ${COVERITY_SUBMIT_RESULT} | grep -q -e 'Build successfully submitted' || echo >&2 "scan results were not pushed to coverity. Message was: ${COVERITY_SUBMIT_RESULT}"
|
|
|
+ echo "${COVERITY_SUBMIT_RESULT}" | grep -q -e 'Build successfully submitted' || echo >&2 "scan results were not pushed to coverity. Message was: ${COVERITY_SUBMIT_RESULT}"
|
|
|
|
|
|
progress "Coverity scan completed"
|
|
|
}
|
|
|
|
|
|
installit() {
|
|
|
- progress "Downloading coverity..."
|
|
|
- cd /tmp || exit 1
|
|
|
+ ORIGINAL_DIR="${PWD}"
|
|
|
+ TMP_DIR="$(mktemp -d /tmp/netdata-coverity-scan-XXXXX)"
|
|
|
+ progress "Downloading coverity in ${TMP_DIR}..."
|
|
|
+ cd "${TMP_DIR}"
|
|
|
|
|
|
- [ -f "${COVERITY_BUILD_VERSION}.tar.gz" ] && run rm -f "${COVERITY_BUILD_VERSION}.tar.gz"
|
|
|
debugrun curl --remote-name --remote-header-name --show-error --location --data "token=${token}&project=${repo}" https://scan.coverity.com/download/linux64
|
|
|
|
|
|
if [ -f "${COVERITY_BUILD_VERSION}.tar.gz" ]; then
|
|
|
progress "Installing coverity..."
|
|
|
- cd /opt || exit 1
|
|
|
- run sudo tar -z -x -f "/tmp/${COVERITY_BUILD_VERSION}.tar.gz" || exit 1
|
|
|
- rm "/tmp/${COVERITY_BUILD_VERSION}.tar.gz"
|
|
|
- export PATH=${PATH}:/opt/${COVERITY_BUILD_VERSION}/bin/
|
|
|
+ cd "${INSTALL_DIR}"
|
|
|
+
|
|
|
+ run sudo tar -z -x -f "${TMP_DIR}/${COVERITY_BUILD_VERSION}.tar.gz" || exit 1
|
|
|
+ rm "${TMP_DIR}/${COVERITY_BUILD_VERSION}.tar.gz"
|
|
|
+ export PATH=${PATH}:${INSTALL_DIR}/${COVERITY_BUILD_VERSION}/bin/
|
|
|
else
|
|
|
fatal "Failed to download coverity tool tarball!"
|
|
|
fi
|
|
|
@@ -152,16 +159,48 @@ installit() {
|
|
|
fatal "Failed to install coverity."
|
|
|
fi
|
|
|
|
|
|
+ # Clean temp directory
|
|
|
+ [ -n "${TMP_DIR}" ] && rm -rf "${TMP_DIR}"
|
|
|
+
|
|
|
progress "Coverity scan tools are installed."
|
|
|
+ cd "$ORIGINAL_DIR"
|
|
|
return 0
|
|
|
}
|
|
|
|
|
|
-if [ "${1}" = "install" ]
|
|
|
-then
|
|
|
- shift 1
|
|
|
- installit "${@}"
|
|
|
- exit $?
|
|
|
-else
|
|
|
- scanit "${@}"
|
|
|
- exit $?
|
|
|
-fi
|
|
|
+OTHER_OPTIONS="--disable-lto"
|
|
|
+OTHER_OPTIONS+=" --with-zlib"
|
|
|
+OTHER_OPTIONS+=" --with-math"
|
|
|
+OTHER_OPTIONS+=" --enable-https"
|
|
|
+OTHER_OPTIONS+=" --enable-jsonc"
|
|
|
+OTHER_OPTIONS+=" --enable-plugin-nfacct"
|
|
|
+OTHER_OPTIONS+=" --enable-plugin-freeipmi"
|
|
|
+OTHER_OPTIONS+=" --enable-plugin-cups"
|
|
|
+OTHER_OPTIONS+=" --enable-backend-prometheus-remote-write"
|
|
|
+# TODO: enable these plugins too
|
|
|
+#OTHER_OPTIONS+=" --enable-plugin-xenstat"
|
|
|
+#OTHER_OPTIONS+=" --enable-backend-kinesis"
|
|
|
+#OTHER_OPTIONS+=" --enable-backend-mongodb"
|
|
|
+
|
|
|
+FOUND_OPTS="NO"
|
|
|
+while [ -n "${1}" ]; do
|
|
|
+ if [ "${1}" = "--with-install" ]; then
|
|
|
+ progress "Running coverity install"
|
|
|
+ installit
|
|
|
+ shift 1
|
|
|
+ elif [ -n "${1}" ]; then
|
|
|
+ # Clear the default arguments, once you bump into the first argument
|
|
|
+ if [ "${FOUND_OPTS}" = "NO" ]; then
|
|
|
+ OTHER_OPTIONS="${1}"
|
|
|
+ FOUND_OPTS="YES"
|
|
|
+ else
|
|
|
+ OTHER_OPTIONS+=" ${1}"
|
|
|
+ fi
|
|
|
+
|
|
|
+ shift 1
|
|
|
+ else
|
|
|
+ break
|
|
|
+ fi
|
|
|
+done
|
|
|
+
|
|
|
+echo "Running coverity scan with extra options ${OTHER_OPTIONS}"
|
|
|
+scanit "${OTHER_OPTIONS}"
|
Paul Emm. Katsoulakis