scripts/coverity-scan/coverity-scan.docker


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167

# syntax=docker/dockerfile:1.0.0-experimental
#
# Docker setup for running the "Coverity Scan" tools over the source
# tree and uploading them to the website, as per
# https://scan.coverity.com/projects/qemu/builds/new
# We do this on a fixed config (currently Fedora 30 with a known
# set of dependencies and a configure command that enables a specific
# set of options) so that random changes don't result in our accidentally
# dropping some files from the scan.
#
# We don't build on top of the fedora.docker file because we don't
# want to accidentally change or break the scan config when that
# is updated.

# The work of actually doing the build is handled by the
# run-coverity-scan script.

FROM registry.fedoraproject.org/fedora:37

RUN dnf install -y nosync && \
    echo -e '#!/bin/sh\n\
if test -d /usr/lib64\n\
then\n\
    export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
else\n\
    export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
fi\n\
exec "$@"' > /usr/bin/nosync && \
    chmod +x /usr/bin/nosync && \
    nosync dnf update -y && \
    nosync dnf install -y \
               SDL2-devel \
               SDL2_image-devel \
               alsa-lib-devel \
               bash \
               bc \
               bison \
               brlapi-devel \
               bzip2 \
               bzip2-devel \
               ca-certificates \
               capstone-devel \
               ccache \
               clang \
               ctags \
               cyrus-sasl-devel \
               daxctl-devel \
               dbus-daemon \
               device-mapper-multipath-devel \
               diffutils \
               findutils \
               flex \
               fuse3-devel \
               gcc \
               gcc-c++ \
               gcovr \
               genisoimage \
               gettext \
               git \
               glib2-devel \
               glib2-static \
               glibc-langpack-en \
               glibc-static \
               glusterfs-api-devel \
               gnutls-devel \
               gtk3-devel \
               hostname \
               jemalloc-devel \
               json-c-devel \
               libaio-devel \
               libasan \
               libattr-devel \
               libbpf-devel \
               libcacard-devel \
               libcap-ng-devel \
               libcmocka-devel \
               libcurl-devel \
               libdrm-devel \
               libepoxy-devel \
               libfdt-devel \
               libffi-devel \
               libgcrypt-devel \
               libiscsi-devel \
               libjpeg-devel \
               libnfs-devel \
               libpmem-devel \
               libpng-devel \
               librbd-devel \
               libseccomp-devel \
               libselinux-devel \
               libslirp-devel \
               libssh-devel \
               libtasn1-devel \
               libubsan \
               liburing-devel \
               libusbx-devel \
               libzstd-devel \
               llvm \
               lttng-ust-devel \
               lzo-devel \
               make \
               mesa-libgbm-devel \
               meson \
               ncurses-devel \
               nettle-devel \
               ninja-build \
               nmap-ncat \
               numactl-devel \
               openssh-clients \
               pam-devel \
               pcre-static \
               pixman-devel \
               pkgconfig \
               pulseaudio-libs-devel \
               python3 \
               python3-PyYAML \
               python3-numpy \
               python3-opencv \
               python3-pillow \
               python3-pip \
               python3-sphinx \
               python3-sphinx_rtd_theme \
               rdma-core-devel \
               rpm \
               sed \
               snappy-devel \
               socat \
               sparse \
               spice-protocol \
               spice-server-devel \
               systemd-devel \
               systemtap-sdt-devel \
               tar \
               tesseract \
               tesseract-langpack-eng \
               usbredir-devel \
               util-linux \
               virglrenderer-devel \
               vte291-devel \
               which \
               xen-devel \
               xfsprogs-devel \
               zlib-devel \
               zlib-static \
               zstd && \
    nosync dnf autoremove -y && \
    nosync dnf clean all -y && \
    rpm -qa | sort > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/c++ && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/g++ && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc

ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
ENV LANG "en_US.UTF-8"
ENV MAKE "/usr/bin/make"
ENV NINJA "/usr/bin/ninja"
ENV PYTHON "/usr/bin/python3"
ENV QEMU_CONFIGURE_OPTS --meson=internal

RUN dnf install -y curl wget
ENV COVERITY_TOOL_BASE=/coverity-tools
COPY coverity_tool.tgz coverity_tool.tgz
RUN mkdir -p /coverity-tools/coverity_tool && cd /coverity-tools/coverity_tool && tar xf /coverity_tool.tgz
COPY run-coverity-scan run-coverity-scan