[apparmor] [PATCH 2/3] Makefile: Add coverity target

Steve Beattie steve at nxnw.org
Wed Jan 6 07:24:51 UTC 2016 

On Tue, Jan 05, 2016 at 05:11:14PM -0600, Tyler Hicks wrote:
> Add a target that uses cov-build, which must be found in $PATH, to
> generate an intermediate Coverity directory. Finally, the intermediate
> directory is converted to a compressed tarball, stored in coverity/apparmor-cov-int.tar.gz, that is suitable for uploading to scan.coverity.com.

Thanks for driving this.

Some thoughts:

- In past lives, I've had to try to walk back from a random
  distributed snapshot tarball and try to match it back up to a VCS
  tree, and determine whether certain bugs had already been fixed
  and just needed cherry-picking or whether they were still an issue
  (or an insufficiently fixed issue). This is why in the generated
  tarballs, whether for release or ephemeral snapshots, I've tried
  to include a back reference to the specific commit in our VCS,
  to make backtracking significantly easier. I would imagine knowing
  which commit a given coverity scan corresponds to would be useful,
  especially if we aren't submitting every single commit. (That
  said, I'm not sure the coverity dashboard has a means of reporting
  this info.)

  (Also consider the issue we had in Ubuntu where the kernel team
  reported failures with out of date tests, but the specific revision
  used wasn't being reported, so investigation always needed to occur.)

- I've also seen tarball releases where uncommitted fixes or other
  random garbage leaked in because the tarball was taken from an
  unclean VCS checkout. This is why the Makefile does the dance of
  making a clean checkout to work on for tarball generation, even if
  it is slower. (If I were better at bazaar, I would set up something
  akin to local git references and so it wouldn't be so slow, but I'm
  not. Setting REPO_URL=. will also make things go fast, but loses
  the publicly findable origin tree. My automated jenkins builds do
  exactly that, however.)

I'd probably prefer to see it leverage a lot of the snapshot target's
internals.

> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> ---
>  Makefile | 11 ++++++++++-
>  1 file changed, 10 insertions(+), 1 deletion(-)
> 
> diff --git a/Makefile b/Makefile
> index 5a9ba73..d7c3849 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -24,6 +24,7 @@ REPO_URL?=https://code.launchpad.net/~apparmor-dev/apparmor/master
>  #REPO_URL=.
>  #REPO_URL="bzr+ssh://bazaar.launchpad.net/~sbeattie/+junk/apparmor-dev/"
>  
> +COVERITY_DIR=coverity
>  RELEASE_DIR=apparmor-${VERSION}
>  __SETUP_DIR?=.
>  
> @@ -60,7 +61,7 @@ export_dir:
>  
>  .PHONY: clean
>  clean:
> -	-rm -rf ${RELEASE_DIR} ./apparmor-${VERSION}~*
> +	-rm -rf ${RELEASE_DIR} ./apparmor-${VERSION}~* ${COVERITY_DIR}
>  	for dir in $(DIRS); do \
>  		make -C $$dir clean; \
>  	done
> @@ -69,6 +70,14 @@ clean:
>  setup:
>  	cd $(__SETUP_DIR)/libraries/libapparmor && ./autogen.sh
>  
> +.PHONY: coverity
> +coverity: COV_INT=$(COVERITY_DIR)/apparmor-cov-int
> +coverity: setup
> +	cd $(__SETUP_DIR)/libraries/libapparmor && ./configure --with-python
> +	make clean
> +	$(foreach dir, $(DIRS), cov-build --dir $(COV_INT) -- make -C $(dir);)
> +	tar -cvzf $(COV_INT).tar.gz $(COV_INT)
> +
>  .PHONY: tag
>  tag:
>  	bzr tag apparmor_${TAG_VERSION}

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160105/d268cf47/attachment-0001.pgp>

More information about the AppArmor mailing list