From e93d280d83c9105c716ab9f9f8e532aacb9efd51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Tue, 25 Aug 2020 12:54:02 +0200 Subject: [PATCH] Scan with Coverity MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian Göttsche --- .travis.yml | 192 +++++++++------------------------------------------- 1 file changed, 33 insertions(+), 159 deletions(-) diff --git a/.travis.yml b/.travis.yml index bd3c98420c..3188d42114 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,173 +1,47 @@ # Define the building environment +os: linux +dist: bionic language: c -matrix: - fast_finish: true +git: + depth: 3 -compiler: - - clang - - gcc env: - matrix: - # Test the last version of Python and Ruby together, with some linkers - - PYVER=python3.8 RUBYLIBVER=2.7 - - PYVER=python3.8 RUBYLIBVER=2.7 TEST_FLAGS_OVERRIDE=1 - - PYVER=python3.8 RUBYLIBVER=2.7 TEST_DEBUG=1 - - PYVER=python3.8 RUBYLIBVER=2.7 LINKER=gold - - PYVER=python3.8 RUBYLIBVER=2.7 LINKER=bfd - - # Test several Python versions (https://docs.travis-ci.com/user/languages/python/#python-versions) - - PYVER=python3.5 RUBYLIBVER=2.7 - - PYVER=python3.6 RUBYLIBVER=2.7 - - PYVER=python3.7 RUBYLIBVER=2.7 - - PYVER=pypy3.6-7.2.0 RUBYLIBVER=2.7 - - # Test several Ruby versions (http://rubies.travis-ci.org/) - - PYVER=python3.8 RUBYLIBVER=2.6 - - PYVER=python3.8 RUBYLIBVER=2.5.1 - - PYVER=python3.8 RUBYLIBVER=2.4 + global: + # The next declaration is the encrypted COVERITY_SCAN_TOKEN, created + # via the "travis encrypt" command using the project repo's public key + - secure: "TODO" -matrix: - exclude: - - compiler: clang - env: PYVER=python3.8 RUBYLIBVER=2.7 LINKER=gold - - compiler: clang - env: PYVER=python3.8 RUBYLIBVER=2.7 LINKER=bfd - include: - - compiler: gcc - env: TRAVIS_RUN_KVM=true TRAVIS_CLOUD_IMAGE_VERSION="32:1.6" - install: - - skip - before_script: - - skip - script: scripts/ci/travis-kvm-setup.sh -# Use Travis-CI Ubuntu 18.04 Bionic Beaver, "full image" variant -sudo: required -dist: bionic - -# Install SELinux userspace utilities dependencies addons: apt: packages: - - bison - - flex - - gawk - - gettext - - libaudit-dev - - libbz2-dev - - libcap-dev - - libcap-ng-dev # This package is not whitelisted for the container infrastructure (https://github.com/travis-ci/apt-package-whitelist/issues/1096) - - libcunit1-dev - - libglib2.0-dev - - libpcre3-dev - - patch - - python3-dev - - python-dev - - swig - - xmlto - -install: - # Download and install refpolicy headers for sepolgen tests - - curl --location --retry 10 -o "$TRAVIS_BUILD_DIR/refpolicy.tar.bz2" https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20180701/refpolicy-2.20180701.tar.bz2 - - tar -C "$TRAVIS_BUILD_DIR" -xvjf "$TRAVIS_BUILD_DIR/refpolicy.tar.bz2" - # Make refpolicy Makefile use the new toolchain when building modules - - sed -e "s,^PREFIX :=.*,PREFIX := \$(DESTDIR)/usr," -i "$TRAVIS_BUILD_DIR/refpolicy/support/Makefile.devel" - - sudo make -C "$TRAVIS_BUILD_DIR/refpolicy" install-headers - - sudo rm -rf "$TRAVIS_BUILD_DIR/refpolicy.tar.bz2" "$TRAVIS_BUILD_DIR/refpolicy" - - sudo mkdir -p /etc/selinux - - echo 'SELINUXTYPE=refpolicy' | sudo tee /etc/selinux/config - - echo 'SELINUX_DEVEL_PATH = /usr/share/selinux/refpolicy' | sudo tee /etc/selinux/sepolgen.conf - - # Make sepolgen tests work without really installing anything in the real root (doing this would conflict with Ubuntu packages) - - sed -e "s,\"\(/usr/bin/[cs]\),\"$TRAVIS_BUILD_DIR/installdir\1," -i python/sepolgen/src/sepolgen/module.py - - # Download the required python version if it is not installed - - VIRTUAL_ENV="$HOME/virtualenv/$PYVER" - - if ! [ -d "$VIRTUAL_ENV" ] ; then - curl --retry 10 -o python.tar.bz2 "https://s3.amazonaws.com/travis-python-archives/binaries/ubuntu/18.04/x86_64/${PYVER/python/python-}.tar.bz2" && - sudo tar xjf python.tar.bz2 --directory / && - rm python.tar.bz2 ; - fi - - # Install flake8 for the given python version - - $VIRTUAL_ENV/bin/pip install flake8 - -before_script: - # Build and install in a temporary directory to run tests - - export DESTDIR="$TRAVIS_BUILD_DIR/installdir" - - # Configure the variables for Python parts - - export VIRTUAL_ENV="$HOME/virtualenv/$PYVER" - - export PYTHON="$VIRTUAL_ENV/bin/python" - # Use the header files in /opt/python/... for Python because the virtualenvs do not provide Python.h - - export PKG_CONFIG_PATH="/opt/python/$($PYTHON -c 'import sys;print("%d.%d.%d" % sys.version_info[:3])')/lib/pkgconfig" - # PyPy does not provide a config file for pkg-config - # libpypy-c.so is provided in bin/libpypy-c.so for PyPy and bin/libpypy3-c.so for PyPy3 - - if echo "$PYVER" | grep -q pypy ; then - export PYINC=-I$($PYTHON -c 'import sys;print(sys.prefix)')/include ; - export PYLIBS="$($PYTHON -c 'import sys;print("-L%s/bin -l%s" % (sys.prefix, "pypy-c" if sys.version_info < (3,) else "pypy3-c"))')" ; - fi - - # Find the Ruby executable with version $RUBYLIBVER - - rvm reinstall ruby-$RUBYLIBVER --binary - - export RUBY="$(ls -d -1 "$HOME/.rvm/rubies/ruby-$RUBYLIBVER"*/bin/ruby | head -n 1)" + - bison + - flex + - gawk + - gettext + - libaudit-dev + - libbz2-dev + - libcap-dev + - libcap-ng-dev # This package is not whitelisted for the container infrastructure (https://github.com/travis-ci/apt-package-whitelist/issues/1096) + - libcunit1-dev + - libglib2.0-dev + - libpcre3-dev + - patch + - python3-dev + - python-dev + - swig + - xmlto + coverity_scan: + project: + name: "SELinuxProject/selinux" + description: "Build submitted via Travis CI" + notification_email: selinux@vger.kernel.org + build_command_prepend: "make clean" + build_command: "export DESTDIR=$TRAVIS_BUILD_DIR/installdir && make install && make all" + branch_pattern: coverity_scan - # Set the linker in $CC so that it gets used everywhere - - if [ -n "$LINKER" ]; then CC="$CC -fuse-ld=$LINKER" ; fi - - # Show variables and versions (to help debugging) - - echo "$CC" ; $CC --version - - echo "$PYTHON" ; $PYTHON --version - - echo "$RUBY" ; $RUBY --version - - # If TEST_FLAGS_OVERRIDE is defined, test that overriding CFLAGS, LDFLAGS and other variables works fine - - if [ -n "$TEST_FLAGS_OVERRIDE" ]; then EXPLICIT_MAKE_VARS="CFLAGS=-I$DESTDIR/usr/include LDFLAGS=-L$DESTDIR/usr/lib LDLIBS= CPPFLAGS=" ; fi - # If TEST_DEBUG is defined, test that debug build works fine - - if [ -n "$TEST_DEBUG" ]; then EXPLICIT_MAKE_VARS="$EXPLICIT_MAKE_VARS DEBUG=1" ; fi script: - # Start by installing everything into $DESTDIR - - make install $EXPLICIT_MAKE_VARS -k - - make install-pywrap $EXPLICIT_MAKE_VARS -k - - make install-rubywrap $EXPLICIT_MAKE_VARS -k - - # Now that everything is installed, run "make all" to build everything which may have not been built - - make all $EXPLICIT_MAKE_VARS -k - - # Set up environment variables for the tests - - . ./scripts/env_use_destdir - - # Show variables (to help debugging issues) - - echo "$LD_LIBRARY_PATH" - - echo "$PATH" - - echo "$PYTHONPATH" - - echo "$RUBYLIB" - - # Run tests - - make test $EXPLICIT_MAKE_VARS - - # Test Python and Ruby wrappers - - $PYTHON -c 'import selinux;import selinux.audit2why;import semanage;print(selinux.is_selinux_enabled())' - - $RUBY -e 'require "selinux";require "semanage";puts Selinux::is_selinux_enabled()' - - # Run Python linter - - PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8 - - # Remove every installed files - - rm -rf "$DESTDIR" - - # Test that "git status" looks clean, or print a clear error message - - |- - git status --short | sed -n 's/^??/error: missing .gitignore entry for/p' | (! grep '^') - - # Clean up everything and show which file would be added to "make clean" - - make clean distclean $EXPLICIT_MAKE_VARS - - |- - git ls-files --ignored --others --exclude-standard | sed 's/^/error: "make clean distclean" did not remove /' | (! grep '^') - -# Do not spam by email so long as the build succeeds -notifications: - email: - on_success: never + - cat "${TRAVIS_BUILD_DIR}/cov-int/scm_log.txt"