Scan with Coverity

Signed-off-by: Christian Göttsche <[email protected]>
SELinuxProject · Aug 25, 2020 · e93d280 · e93d280
1 parent e7abd80
commit e93d280
Showing 1 changed file with 33 additions and 159 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -1,173 +1,47 @@
 # Define the building environment
+os: linux
+dist: bionic
 language: c
 
-matrix:
- fast_finish: true
+git:
+ depth: 3
 
-compiler:
- - clang
- - gcc
 
 env:
- matrix:
- # Test the last version of Python and Ruby together, with some linkers
- - PYVER=python3.8 RUBYLIBVER=2.7
- - PYVER=python3.8 RUBYLIBVER=2.7 TEST_FLAGS_OVERRIDE=1
- - PYVER=python3.8 RUBYLIBVER=2.7 TEST_DEBUG=1
- - PYVER=python3.8 RUBYLIBVER=2.7 LINKER=gold
- - PYVER=python3.8 RUBYLIBVER=2.7 LINKER=bfd
-
- # Test several Python versions (https://docs.travis-ci.com/user/languages/python/#python-versions)
- - PYVER=python3.5 RUBYLIBVER=2.7
- - PYVER=python3.6 RUBYLIBVER=2.7
- - PYVER=python3.7 RUBYLIBVER=2.7
- - PYVER=pypy3.6-7.2.0 RUBYLIBVER=2.7
-
- # Test several Ruby versions (http:https://rubies.travis-ci.org/)
- - PYVER=python3.8 RUBYLIBVER=2.6
- - PYVER=python3.8 RUBYLIBVER=2.5.1
- - PYVER=python3.8 RUBYLIBVER=2.4
+ global:
+ # The next declaration is the encrypted COVERITY_SCAN_TOKEN, created
+ # via the "travis encrypt" command using the project repo's public key
+ - secure: "TODO"
 
-matrix:
- exclude:
- - compiler: clang
- env: PYVER=python3.8 RUBYLIBVER=2.7 LINKER=gold
- - compiler: clang
- env: PYVER=python3.8 RUBYLIBVER=2.7 LINKER=bfd
- include:
- - compiler: gcc
- env: TRAVIS_RUN_KVM=true TRAVIS_CLOUD_IMAGE_VERSION="32:1.6"
- install:
- - skip
- before_script:
- - skip
- script: scripts/ci/travis-kvm-setup.sh
 
-# Use Travis-CI Ubuntu 18.04 Bionic Beaver, "full image" variant
-sudo: required
-dist: bionic
-
-# Install SELinux userspace utilities dependencies
 addons:
  apt:
  packages:
- - bison
- - flex
- - gawk
- - gettext
- - libaudit-dev
- - libbz2-dev
- - libcap-dev
- - libcap-ng-dev # This package is not whitelisted for the container infrastructure (https://github.com/travis-ci/apt-package-whitelist/issues/1096)
- - libcunit1-dev
- - libglib2.0-dev
- - libpcre3-dev
- - patch
- - python3-dev
- - python-dev
- - swig
- - xmlto
-
-install:
- # Download and install refpolicy headers for sepolgen tests
- - curl --location --retry 10 -o "$TRAVIS_BUILD_DIR/refpolicy.tar.bz2" https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20180701/refpolicy-2.20180701.tar.bz2
- - tar -C "$TRAVIS_BUILD_DIR" -xvjf "$TRAVIS_BUILD_DIR/refpolicy.tar.bz2"
- # Make refpolicy Makefile use the new toolchain when building modules
- - sed -e "s,^PREFIX :=.*,PREFIX := \$(DESTDIR)/usr," -i "$TRAVIS_BUILD_DIR/refpolicy/support/Makefile.devel"
- - sudo make -C "$TRAVIS_BUILD_DIR/refpolicy" install-headers
- - sudo rm -rf "$TRAVIS_BUILD_DIR/refpolicy.tar.bz2" "$TRAVIS_BUILD_DIR/refpolicy"
- - sudo mkdir -p /etc/selinux
- - echo 'SELINUXTYPE=refpolicy' | sudo tee /etc/selinux/config
- - echo 'SELINUX_DEVEL_PATH = /usr/share/selinux/refpolicy' | sudo tee /etc/selinux/sepolgen.conf
-
- # Make sepolgen tests work without really installing anything in the real root (doing this would conflict with Ubuntu packages)
- - sed -e "s,\"\(/usr/bin/[cs]\),\"$TRAVIS_BUILD_DIR/installdir\1," -i python/sepolgen/src/sepolgen/module.py
-
- # Download the required python version if it is not installed
- - VIRTUAL_ENV="$HOME/virtualenv/$PYVER"
- - if ! [ -d "$VIRTUAL_ENV" ] ; then
- curl --retry 10 -o python.tar.bz2 "https://s3.amazonaws.com/travis-python-archives/binaries/ubuntu/18.04/x86_64/${PYVER/python/python-}.tar.bz2" &&
- sudo tar xjf python.tar.bz2 --directory / &&
- rm python.tar.bz2 ;
- fi
-
- # Install flake8 for the given python version
- - $VIRTUAL_ENV/bin/pip install flake8
-
-before_script:
- # Build and install in a temporary directory to run tests
- - export DESTDIR="$TRAVIS_BUILD_DIR/installdir"
-
- # Configure the variables for Python parts
- - export VIRTUAL_ENV="$HOME/virtualenv/$PYVER"
- - export PYTHON="$VIRTUAL_ENV/bin/python"
- # Use the header files in /opt/python/... for Python because the virtualenvs do not provide Python.h
- - export PKG_CONFIG_PATH="/opt/python/$($PYTHON -c 'import sys;print("%d.%d.%d" % sys.version_info[:3])')/lib/pkgconfig"
- # PyPy does not provide a config file for pkg-config
- # libpypy-c.so is provided in bin/libpypy-c.so for PyPy and bin/libpypy3-c.so for PyPy3
- - if echo "$PYVER" | grep -q pypy ; then
- export PYINC=-I$($PYTHON -c 'import sys;print(sys.prefix)')/include ;
- export PYLIBS="$($PYTHON -c 'import sys;print("-L%s/bin -l%s" % (sys.prefix, "pypy-c" if sys.version_info < (3,) else "pypy3-c"))')" ;
- fi
-
- # Find the Ruby executable with version $RUBYLIBVER
- - rvm reinstall ruby-$RUBYLIBVER --binary
- - export RUBY="$(ls -d -1 "$HOME/.rvm/rubies/ruby-$RUBYLIBVER"*/bin/ruby | head -n 1)"
+ - bison
+ - flex
+ - gawk
+ - gettext
+ - libaudit-dev
+ - libbz2-dev
+ - libcap-dev
+ - libcap-ng-dev # This package is not whitelisted for the container infrastructure (https://github.com/travis-ci/apt-package-whitelist/issues/1096)
+ - libcunit1-dev
+ - libglib2.0-dev
+ - libpcre3-dev
+ - patch
+ - python3-dev
+ - python-dev
+ - swig
+ - xmlto
+ coverity_scan:
+ project:
+ name: "SELinuxProject/selinux"
+ description: "Build submitted via Travis CI"
+ notification_email: [email protected]
+ build_command_prepend: "make clean"
+ build_command: "export DESTDIR=$TRAVIS_BUILD_DIR/installdir && make install && make all"
+ branch_pattern: coverity_scan
 
- # Set the linker in $CC so that it gets used everywhere
- - if [ -n "$LINKER" ]; then CC="$CC -fuse-ld=$LINKER" ; fi
-
- # Show variables and versions (to help debugging)
- - echo "$CC" ; $CC --version
- - echo "$PYTHON" ; $PYTHON --version
- - echo "$RUBY" ; $RUBY --version
-
- # If TEST_FLAGS_OVERRIDE is defined, test that overriding CFLAGS, LDFLAGS and other variables works fine
- - if [ -n "$TEST_FLAGS_OVERRIDE" ]; then EXPLICIT_MAKE_VARS="CFLAGS=-I$DESTDIR/usr/include LDFLAGS=-L$DESTDIR/usr/lib LDLIBS= CPPFLAGS=" ; fi
- # If TEST_DEBUG is defined, test that debug build works fine
- - if [ -n "$TEST_DEBUG" ]; then EXPLICIT_MAKE_VARS="$EXPLICIT_MAKE_VARS DEBUG=1" ; fi
 
 script:
- # Start by installing everything into $DESTDIR
- - make install $EXPLICIT_MAKE_VARS -k
- - make install-pywrap $EXPLICIT_MAKE_VARS -k
- - make install-rubywrap $EXPLICIT_MAKE_VARS -k
-
- # Now that everything is installed, run "make all" to build everything which may have not been built
- - make all $EXPLICIT_MAKE_VARS -k
-
- # Set up environment variables for the tests
- - . ./scripts/env_use_destdir
-
- # Show variables (to help debugging issues)
- - echo "$LD_LIBRARY_PATH"
- - echo "$PATH"
- - echo "$PYTHONPATH"
- - echo "$RUBYLIB"
-
- # Run tests
- - make test $EXPLICIT_MAKE_VARS
-
- # Test Python and Ruby wrappers
- - $PYTHON -c 'import selinux;import selinux.audit2why;import semanage;print(selinux.is_selinux_enabled())'
- - $RUBY -e 'require "selinux";require "semanage";puts Selinux::is_selinux_enabled()'
-
- # Run Python linter
- - PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8
-
- # Remove every installed files
- - rm -rf "$DESTDIR"
-
- # Test that "git status" looks clean, or print a clear error message
- - |-
- git status --short | sed -n 's/^??/error: missing .gitignore entry for/p' | (! grep '^')
-
- # Clean up everything and show which file would be added to "make clean"
- - make clean distclean $EXPLICIT_MAKE_VARS
- - |-
- git ls-files --ignored --others --exclude-standard | sed 's/^/error: "make clean distclean" did not remove /' | (! grep '^')
-
-# Do not spam by email so long as the build succeeds
-notifications:
- email:
- on_success: never
+ - cat "${TRAVIS_BUILD_DIR}/cov-int/scm_log.txt"