From patchwork Thu May 21 12:45:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 1295182 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=KX2SAgBZ; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49STs574Blz9sSc for ; Thu, 21 May 2020 22:46:49 +1000 (AEST) Received: from localhost ([::1]:57844 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jbkb1-0004Z0-Ml for incoming@patchwork.ozlabs.org; Thu, 21 May 2020 08:46:47 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50666) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jbka1-0003Su-Ca for qemu-devel@nongnu.org; Thu, 21 May 2020 08:45:45 -0400 Received: from us-smtp-1.mimecast.com ([207.211.31.81]:48642 helo=us-smtp-delivery-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1jbkZz-00055F-Vq for qemu-devel@nongnu.org; Thu, 21 May 2020 08:45:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1590065142; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bXEvneVjzgbu2ZEtxyoNELNsDsBTtVe8DgxO+NN781s=; b=KX2SAgBZQf6Duwfjq8/8E9cw9QqqT5+zcFXJEdJSGBQ9NcBtpO0NSguStz4Ip4i2seL71C n6MyCcxeL/y7UyXimY2k1eRzRjXSx+/KrB4yKa16Qz7G7ug9OkB2Qa86e5tiU8vwgKvPRf aeChSggu8pTOUns7c+WH/wUoGUYOOlI= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-419-T3QrDOlHMhiDmpRS9bSzJA-1; Thu, 21 May 2020 08:45:38 -0400 X-MC-Unique: T3QrDOlHMhiDmpRS9bSzJA-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 129438014D4; Thu, 21 May 2020 12:45:37 +0000 (UTC) Received: from virtlab701.virt.lab.eng.bos.redhat.com (virtlab701.virt.lab.eng.bos.redhat.com [10.19.152.228]) by smtp.corp.redhat.com (Postfix) with ESMTP id 640DD341E9; Thu, 21 May 2020 12:45:36 +0000 (UTC) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v2 1/8] docker.py/build: support -t and -f arguments Date: Thu, 21 May 2020 08:45:28 -0400 Message-Id: <20200521124535.5329-2-pbonzini@redhat.com> In-Reply-To: <20200521124535.5329-1-pbonzini@redhat.com> References: <20200521124535.5329-1-pbonzini@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=207.211.31.81; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/21 04:44:45 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, alex.bennee@linaro.org, =?utf-8?q?Philippe_Mat?= =?utf-8?q?hieu-Daud=C3=A9?= Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" The docker.py command line is subtly different from docker and podman's, in that the tag and Dockerfile are passed via positional arguments. Remove this gratuitous difference and just parse -f and -t. -f was previously used by --extra-files, only keep the long option. Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Paolo Bonzini --- tests/docker/Makefile.include | 2 +- tests/docker/docker.py | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include index 43a8678688..262704663f 100644 --- a/tests/docker/Makefile.include +++ b/tests/docker/Makefile.include @@ -55,7 +55,7 @@ docker-image-%: $(DOCKER_FILES_DIR)/%.docker else docker-image-%: $(DOCKER_FILES_DIR)/%.docker $(call quiet-command,\ - $(DOCKER_SCRIPT) build qemu:$* $< \ + $(DOCKER_SCRIPT) build -t qemu:$* -f $< \ $(if $V,,--quiet) $(if $(NOCACHE),--no-cache) \ $(if $(NOUSER),,--add-current-user) \ $(if $(EXTRA_FILES),--extra-files $(EXTRA_FILES))\ diff --git a/tests/docker/docker.py b/tests/docker/docker.py index d8268c1111..ad61747bae 100755 --- a/tests/docker/docker.py +++ b/tests/docker/docker.py @@ -391,16 +391,16 @@ class BuildCommand(SubCommand): help="""Specify a binary that will be copied to the container together with all its dependent libraries""") - parser.add_argument("--extra-files", "-f", nargs='*', + parser.add_argument("--extra-files", nargs='*', help="""Specify files that will be copied in the Docker image, fulfilling the ADD directive from the Dockerfile""") parser.add_argument("--add-current-user", "-u", dest="user", action="store_true", help="Add the current user to image's passwd") - parser.add_argument("tag", + parser.add_argument("-t", dest="tag", help="Image Tag") - parser.add_argument("dockerfile", + parser.add_argument("-f", dest="dockerfile", help="Dockerfile name") def run(self, args, argv): From patchwork Thu May 21 12:45:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 1295181 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=gx7/4/45; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49STrz4RsXz9sSc for ; Thu, 21 May 2020 22:46:43 +1000 (AEST) Received: from localhost ([::1]:57184 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jbkav-0004IZ-3w for incoming@patchwork.ozlabs.org; Thu, 21 May 2020 08:46:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50660) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jbka0-0003RR-Tg for qemu-devel@nongnu.org; Thu, 21 May 2020 08:45:44 -0400 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:40111 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1jbkZz-00054g-BI for qemu-devel@nongnu.org; Thu, 21 May 2020 08:45:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1590065142; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JylNTLJ4Kj99nUd1RpSvGVjexBbIph/5MU6rV0q7Gbs=; b=gx7/4/45KVZ9pvPVOoedIFScs4lV+kbm4x8KiAJty9+myZcrVf0WHdntQmYKm08Ta+YvY/ CITnIm0G0zNoAVFtO/xE4jtCvo4qeEKGWRfKgTYJxkavM7toOCn7XNGOyLZrMWiiehBNPx hscHZWgCUXBuuv8efY+WMVX63IaAuTw= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-505-Ey2mx2JxM8-6ehGYG8Poxg-1; Thu, 21 May 2020 08:45:39 -0400 X-MC-Unique: Ey2mx2JxM8-6ehGYG8Poxg-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E59CB100A8FB; Thu, 21 May 2020 12:45:37 +0000 (UTC) Received: from virtlab701.virt.lab.eng.bos.redhat.com (virtlab701.virt.lab.eng.bos.redhat.com [10.19.152.228]) by smtp.corp.redhat.com (Postfix) with ESMTP id 43272341E9; Thu, 21 May 2020 12:45:37 +0000 (UTC) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v2 2/8] docker.py/build: support binary files in --extra-files Date: Thu, 21 May 2020 08:45:29 -0400 Message-Id: <20200521124535.5329-3-pbonzini@redhat.com> In-Reply-To: <20200521124535.5329-1-pbonzini@redhat.com> References: <20200521124535.5329-1-pbonzini@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=207.211.31.120; envelope-from=pbonzini@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/21 01:44:25 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, alex.bennee@linaro.org, =?utf-8?q?Philippe_Mat?= =?utf-8?q?hieu-Daud=C3=A9?= Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Read the --extra-files in binary mode to avoid encoding errors. Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Paolo Bonzini --- tests/docker/docker.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/docker/docker.py b/tests/docker/docker.py index ad61747bae..85e1dda10f 100755 --- a/tests/docker/docker.py +++ b/tests/docker/docker.py @@ -56,15 +56,19 @@ class EngineEnum(enum.IntEnum): USE_ENGINE = EngineEnum.AUTO +def _bytes_checksum(bytes): + """Calculate a digest string unique to the text content""" + return hashlib.sha1(bytes).hexdigest() + def _text_checksum(text): """Calculate a digest string unique to the text content""" - return hashlib.sha1(text.encode('utf-8')).hexdigest() + return _bytes_checksum(text.encode('utf-8')) def _read_dockerfile(path): return open(path, 'rt', encoding='utf-8').read() def _file_checksum(filename): - return _text_checksum(_read_dockerfile(filename)) + return _bytes_checksum(open(filename, 'rb').read()) def _guess_engine_command(): From patchwork Thu May 21 12:45:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 1295184 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=HEBkolKZ; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49STtz3vStz9sPK for ; Thu, 21 May 2020 22:48:27 +1000 (AEST) Received: from localhost ([::1]:37486 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jbkcb-0007sl-9R for incoming@patchwork.ozlabs.org; Thu, 21 May 2020 08:48:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50682) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jbka3-0003Vm-7w for qemu-devel@nongnu.org; Thu, 21 May 2020 08:45:47 -0400 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:34046 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1jbka1-00057I-SV for qemu-devel@nongnu.org; Thu, 21 May 2020 08:45:46 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1590065145; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tJrxybmGdrfBbB987Z3tJ0S0qgwtOuPu1SkhX8bjTVs=; b=HEBkolKZnL72QHeWvokgqgFUTdG79EW8r14A3JKO5KTDZYweqiBfKRZ1X1HMDZn+PV1H1I kUJiaRkXLXiM8ZxQMQ9Kx4ceLXYZFDeCgWCTfldUY5lHikMvb/rUWuqC4Zy7zQK/N/59qF 5UwS45jC7YquoaO+8DjzcGAMvMQiit4= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-358-7RhToScFNAe45_u0Q4goqg-1; Thu, 21 May 2020 08:45:39 -0400 X-MC-Unique: 7RhToScFNAe45_u0Q4goqg-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A9C14107ACF4; Thu, 21 May 2020 12:45:38 +0000 (UTC) Received: from virtlab701.virt.lab.eng.bos.redhat.com (virtlab701.virt.lab.eng.bos.redhat.com [10.19.152.228]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2176C341E9; Thu, 21 May 2020 12:45:38 +0000 (UTC) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v2 3/8] run-coverity-scan: get Coverity token and email from special git config section Date: Thu, 21 May 2020 08:45:30 -0400 Message-Id: <20200521124535.5329-4-pbonzini@redhat.com> In-Reply-To: <20200521124535.5329-1-pbonzini@redhat.com> References: <20200521124535.5329-1-pbonzini@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=205.139.110.120; envelope-from=pbonzini@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/21 06:06:22 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, alex.bennee@linaro.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Support a [coverity] section in .git/config. It can be used to retrieve the token and also, if it is different from user.email, the username of the submitter. Reviewed-by: Peter Maydell Signed-off-by: Paolo Bonzini --- scripts/coverity-scan/run-coverity-scan | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/scripts/coverity-scan/run-coverity-scan b/scripts/coverity-scan/run-coverity-scan index 2e067ef5cf..990f75138d 100755 --- a/scripts/coverity-scan/run-coverity-scan +++ b/scripts/coverity-scan/run-coverity-scan @@ -41,9 +41,10 @@ # is intended mainly for internal use by the Docker support # # User-specifiable environment variables: -# COVERITY_TOKEN -- Coverity token +# COVERITY_TOKEN -- Coverity token (default: looks at your +# coverity.token config) # COVERITY_EMAIL -- the email address to use for uploads (default: -# looks at your git user.email config) +# looks at your git coverity.email or user.email config) # COVERITY_BUILD_CMD -- make command (default: 'make -jN' where N is # number of CPUs as determined by 'nproc') # COVERITY_TOOL_BASE -- set to directory to put coverity tools @@ -58,11 +59,11 @@ check_upload_permissions() { # with status 1 if the check failed (usually a bad token); # will exit the script with status 0 if the check indicated that we # can't upload yet (ie we are at quota) - # Assumes that PROJTOKEN, PROJNAME and DRYRUN have been initialized. + # Assumes that COVERITY_TOKEN, PROJNAME and DRYRUN have been initialized. echo "Checking upload permissions..." - if ! up_perm="$(wget https://scan.coverity.com/api/upload_permitted --post-data "token=$PROJTOKEN&project=$PROJNAME" -q -O -)"; then + if ! up_perm="$(wget https://scan.coverity.com/api/upload_permitted --post-data "token=$COVERITY_TOKEN&project=$PROJNAME" -q -O -)"; then echo "Coverity Scan API access denied: bad token?" exit 1 fi @@ -94,20 +95,20 @@ check_upload_permissions() { update_coverity_tools () { # Check for whether we need to download the Coverity tools # (either because we don't have a copy, or because it's out of date) - # Assumes that COVERITY_TOOL_BASE, PROJTOKEN and PROJNAME are set. + # Assumes that COVERITY_TOOL_BASE, COVERITY_TOKEN and PROJNAME are set. mkdir -p "$COVERITY_TOOL_BASE" cd "$COVERITY_TOOL_BASE" echo "Checking for new version of coverity build tools..." - wget https://scan.coverity.com/download/linux64 --post-data "token=$PROJTOKEN&project=$PROJNAME&md5=1" -O coverity_tool.md5.new + wget https://scan.coverity.com/download/linux64 --post-data "token=$COVERITY_TOKEN&project=$PROJNAME&md5=1" -O coverity_tool.md5.new if ! cmp -s coverity_tool.md5 coverity_tool.md5.new; then # out of date md5 or no md5: download new build tool # blow away the old build tool echo "Downloading coverity build tools..." rm -rf coverity_tool coverity_tool.tgz - wget https://scan.coverity.com/download/linux64 --post-data "token=$PROJTOKEN&project=$PROJNAME" -O coverity_tool.tgz + wget https://scan.coverity.com/download/linux64 --post-data "token=$COVERITY_TOKEN&project=$PROJNAME" -O coverity_tool.tgz if ! (cat coverity_tool.md5.new; echo " coverity_tool.tgz") | md5sum -c --status; then echo "Downloaded tarball didn't match md5sum!" exit 1 @@ -205,6 +206,9 @@ while [ "$#" -ge 1 ]; do esac done +if [ -z "$COVERITY_TOKEN" ]; then + COVERITY_TOKEN="$(git config coverity.token)" +fi if [ -z "$COVERITY_TOKEN" ]; then echo "COVERITY_TOKEN environment variable not set" exit 1 @@ -225,7 +229,6 @@ if [ -z "$SRCDIR" ]; then SRCDIR="$PWD" fi -PROJTOKEN="$COVERITY_TOKEN" PROJNAME=QEMU TARBALL=cov-int.tar.xz @@ -268,6 +271,9 @@ if [ -z "$DESCRIPTION" ]; then DESCRIPTION="$(git rev-parse HEAD)" fi +if [ -z "$COVERITY_EMAIL" ]; then + COVERITY_EMAIL="$(git config coverity.email)" +fi if [ -z "$COVERITY_EMAIL" ]; then COVERITY_EMAIL="$(git config user.email)" fi @@ -393,7 +399,7 @@ if [ "$DRYRUN" = yes ]; then exit 0 fi -curl --form token="$PROJTOKEN" --form email="$COVERITY_EMAIL" \ +curl --form token="$COVERITY_TOKEN" --form email="$COVERITY_EMAIL" \ --form file=@"$TARBALL" --form version="$VERSION" \ --form description="$DESCRIPTION" \ https://scan.coverity.com/builds?project="$PROJNAME" From patchwork Thu May 21 12:45:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 1295179 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=YQ/gROl+; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49STrZ4KVtz9sPK for ; Thu, 21 May 2020 22:46:22 +1000 (AEST) Received: from localhost ([::1]:55248 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jbkaa-0003UD-9h for incoming@patchwork.ozlabs.org; Thu, 21 May 2020 08:46:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50662) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jbka0-0003Rh-U1 for qemu-devel@nongnu.org; Thu, 21 May 2020 08:45:44 -0400 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:36189 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1jbkZz-00054p-Lt for qemu-devel@nongnu.org; Thu, 21 May 2020 08:45:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1590065142; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1x1449wh9fFr7gq1V8OCFbpQf1TKKB1YZGtB8zf4V7c=; b=YQ/gROl+X1qIJ/7/UB8Hd5aWAHRFZEYAfgFLgVEfJmhngcCxy1awlGJBP2FZOSsOQJamTX Ds982Vtsts9PuIdeMlrFqyz+CbgvIuSVRxIufi7ESWbC3ZugmD0Ps/7CkkDalaf9zWRWhh m/HJeCDBn7UGiTqD874RumPBRf2phnA= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-190-dfaHOMhqPC2MO-S3r96W0g-1; Thu, 21 May 2020 08:45:40 -0400 X-MC-Unique: dfaHOMhqPC2MO-S3r96W0g-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 6D7B2461; Thu, 21 May 2020 12:45:39 +0000 (UTC) Received: from virtlab701.virt.lab.eng.bos.redhat.com (virtlab701.virt.lab.eng.bos.redhat.com [10.19.152.228]) by smtp.corp.redhat.com (Postfix) with ESMTP id DAA0934201; Thu, 21 May 2020 12:45:38 +0000 (UTC) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v2 4/8] run-coverity-scan: use docker.py Date: Thu, 21 May 2020 08:45:31 -0400 Message-Id: <20200521124535.5329-5-pbonzini@redhat.com> In-Reply-To: <20200521124535.5329-1-pbonzini@redhat.com> References: <20200521124535.5329-1-pbonzini@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=205.139.110.120; envelope-from=pbonzini@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/21 06:06:22 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, alex.bennee@linaro.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Our trusted docker wrapper allows run-coverity-scan to run with both docker and podman. For the "run" phase this is transparent; for the "build" phase however scripts are replaced with a bind mount (-v). This is not an issue because the secret option is meant for secrets stored globally in the system and bind mounts are a valid substitute for secrets that are known to whoever builds the container. Signed-off-by: Paolo Bonzini Reviewed-by: Peter Maydell --- scripts/coverity-scan/coverity-scan.docker | 2 +- scripts/coverity-scan/run-coverity-scan | 32 ++++++++++++++-------- 2 files changed, 22 insertions(+), 12 deletions(-) diff --git a/scripts/coverity-scan/coverity-scan.docker b/scripts/coverity-scan/coverity-scan.docker index a4f64d1283..6f0460b66c 100644 --- a/scripts/coverity-scan/coverity-scan.docker +++ b/scripts/coverity-scan/coverity-scan.docker @@ -128,4 +128,4 @@ RUN rpm -q $PACKAGES | sort > /packages.txt ENV PATH $PATH:/usr/libexec/python3-sphinx/ ENV COVERITY_TOOL_BASE=/coverity-tools COPY run-coverity-scan run-coverity-scan -RUN --mount=type=secret,id=coverity.token,required ./run-coverity-scan --update-tools-only --tokenfile /run/secrets/coverity.token +RUN ./run-coverity-scan --update-tools-only --tokenfile /work/token diff --git a/scripts/coverity-scan/run-coverity-scan b/scripts/coverity-scan/run-coverity-scan index 990f75138d..e926623b3b 100755 --- a/scripts/coverity-scan/run-coverity-scan +++ b/scripts/coverity-scan/run-coverity-scan @@ -29,7 +29,9 @@ # Command line options: # --dry-run : run the tools, but don't actually do the upload -# --docker : create and work inside a docker container +# --docker : create and work inside a container +# --docker-engine : specify the container engine to use (docker/podman/auto); +# implies --docker # --update-tools-only : update the cached copy of the tools, but don't run them # --tokenfile : file to read Coverity token from # --version ver : specify version being analyzed (default: ask git) @@ -197,6 +199,17 @@ while [ "$#" -ge 1 ]; do ;; --docker) DOCKER=yes + DOCKER_ENGINE=auto + shift + ;; + --docker-engine) + shift + if [ $# -eq 0 ]; then + echo "--docker-engine needs an argument" + exit 1 + fi + DOCKER=yes + DOCKER_ENGINE="$1" shift ;; *) @@ -283,9 +296,8 @@ if [ "$DOCKER" = yes ]; then # build docker container including the coverity-scan tools # Put the Coverity token into a temporary file that only # we have read access to, and then pass it to docker build - # using --secret. This requires at least Docker 18.09. - # Mostly what we are trying to do here is ensure we don't leak - # the token into the Docker image. + # using a volume. A volume is enough for the token not to + # leak into the Docker image. umask 077 SECRETDIR=$(mktemp -d) if [ -z "$SECRETDIR" ]; then @@ -300,12 +312,10 @@ if [ "$DOCKER" = yes ]; then # TODO: This re-downloads the tools every time, rather than # caching and reusing the image produced with the downloaded tools. # Not sure why. - # TODO: how do you get 'docker build' to print the output of the - # commands it is running to its stdout? This would be useful for debug. - DOCKER_BUILDKIT=1 docker build -t coverity-scanner \ - --secret id=coverity.token,src="$SECRET" \ - -f scripts/coverity-scan/coverity-scan.docker \ - scripts/coverity-scan + tests/docker/docker.py --engine ${DOCKER_ENGINE} build \ + -t coverity-scanner -f scripts/coverity-scan/coverity-scan.docker \ + -v "$SECRETDIR:/work" \ + --extra-files scripts/coverity-scan/run-coverity-scan echo "Archiving sources to be analyzed..." ./scripts/archive-source.sh "$SECRETDIR/qemu-sources.tgz" if [ "$DRYRUN" = yes ]; then @@ -323,7 +333,7 @@ if [ "$DOCKER" = yes ]; then # Arrange for this docker run to get access to the sources with -v. # We pass through all the configuration from the outer script to the inner. export COVERITY_EMAIL COVERITY_BUILD_CMD - docker run -it --env COVERITY_EMAIL --env COVERITY_BUILD_CMD \ + tests/docker/docker.py run -it --env COVERITY_EMAIL --env COVERITY_BUILD_CMD \ -v "$SECRETDIR:/work" coverity-scanner \ ./run-coverity-scan --version "$VERSION" \ --description "$DESCRIPTION" $DRYRUNARG --tokenfile /work/token \ From patchwork Thu May 21 12:45:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 1295186 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=V018j6D5; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49STwL6M1Lz9sPK for ; Thu, 21 May 2020 22:49:38 +1000 (AEST) Received: from localhost ([::1]:43716 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jbkdk-00028U-Lf for incoming@patchwork.ozlabs.org; Thu, 21 May 2020 08:49:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50700) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jbka5-0003bB-NS for qemu-devel@nongnu.org; Thu, 21 May 2020 08:45:49 -0400 Received: from us-smtp-2.mimecast.com ([207.211.31.81]:36673 helo=us-smtp-delivery-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1jbka2-00057Y-Gv for qemu-devel@nongnu.org; Thu, 21 May 2020 08:45:49 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1590065145; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nEfu+WKuLGTbcmW54phLurwiymXP59SyP07hImE7S0M=; b=V018j6D5fuYhOmU5fdnPFQ9deJZeEw2HhYZQbVPqa7AvmfXy/KtwcMkp96l7w0iD0bxLro lUxwYRMpgl70f0a/0ZiBK11OVAl3L6ir1g/G50HnHk9qXvE0eJrMefkTFlwa6Xm01IfB6B D7CFZDwpYmxs0TiZTarp9XMjbgTHUQ4= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-133-1FbnthhCOb-6x0L2Xwy6FA-1; Thu, 21 May 2020 08:45:41 -0400 X-MC-Unique: 1FbnthhCOb-6x0L2Xwy6FA-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 324F0800053; Thu, 21 May 2020 12:45:40 +0000 (UTC) Received: from virtlab701.virt.lab.eng.bos.redhat.com (virtlab701.virt.lab.eng.bos.redhat.com [10.19.152.228]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9E475341E9; Thu, 21 May 2020 12:45:39 +0000 (UTC) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v2 5/8] run-coverity-scan: add --no-update-tools option Date: Thu, 21 May 2020 08:45:32 -0400 Message-Id: <20200521124535.5329-6-pbonzini@redhat.com> In-Reply-To: <20200521124535.5329-1-pbonzini@redhat.com> References: <20200521124535.5329-1-pbonzini@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=207.211.31.81; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/21 04:44:45 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, alex.bennee@linaro.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Provide a quick way to skip building the container while we figure out how to get caching right. Reviewed-by: Peter Maydell Signed-off-by: Paolo Bonzini --- scripts/coverity-scan/run-coverity-scan | 37 +++++++++++++++---------- 1 file changed, 23 insertions(+), 14 deletions(-) diff --git a/scripts/coverity-scan/run-coverity-scan b/scripts/coverity-scan/run-coverity-scan index e926623b3b..bc9e12670b 100755 --- a/scripts/coverity-scan/run-coverity-scan +++ b/scripts/coverity-scan/run-coverity-scan @@ -33,6 +33,7 @@ # --docker-engine : specify the container engine to use (docker/podman/auto); # implies --docker # --update-tools-only : update the cached copy of the tools, but don't run them +# --no-update-tools : do not update the cached copy of the tools # --tokenfile : file to read Coverity token from # --version ver : specify version being analyzed (default: ask git) # --description desc : specify description of this version (default: ask git) @@ -130,7 +131,7 @@ update_coverity_tools () { # Check user-provided environment variables and arguments DRYRUN=no -UPDATE_ONLY=no +UPDATE=yes DOCKER=no while [ "$#" -ge 1 ]; do @@ -139,9 +140,13 @@ while [ "$#" -ge 1 ]; do shift DRYRUN=yes ;; + --no-update-tools) + shift + UPDATE=no + ;; --update-tools-only) shift - UPDATE_ONLY=yes + UPDATE=only ;; --version) shift @@ -245,12 +250,12 @@ fi PROJNAME=QEMU TARBALL=cov-int.tar.xz -if [ "$UPDATE_ONLY" = yes ] && [ "$DOCKER" = yes ]; then +if [ "$UPDATE" = only ] && [ "$DOCKER" = yes ]; then echo "Combining --docker and --update-only is not supported" exit 1 fi -if [ "$UPDATE_ONLY" = yes ]; then +if [ "$UPDATE" = only ]; then # Just do the tools update; we don't need to check whether # we are in a source tree or have upload rights for this, # so do it before some of the command line and source tree checks. @@ -293,7 +298,6 @@ fi # Run ourselves inside docker if that's what the user wants if [ "$DOCKER" = yes ]; then - # build docker container including the coverity-scan tools # Put the Coverity token into a temporary file that only # we have read access to, and then pass it to docker build # using a volume. A volume is enough for the token not to @@ -308,14 +312,17 @@ if [ "$DOCKER" = yes ]; then echo "Created temporary directory $SECRETDIR" SECRET="$SECRETDIR/token" echo "$COVERITY_TOKEN" > "$SECRET" - echo "Building docker container..." - # TODO: This re-downloads the tools every time, rather than - # caching and reusing the image produced with the downloaded tools. - # Not sure why. - tests/docker/docker.py --engine ${DOCKER_ENGINE} build \ - -t coverity-scanner -f scripts/coverity-scan/coverity-scan.docker \ - -v "$SECRETDIR:/work" \ - --extra-files scripts/coverity-scan/run-coverity-scan + if [ "$UPDATE" != no ]; then + # build docker container including the coverity-scan tools + echo "Building docker container..." + # TODO: This re-downloads the tools every time, rather than + # caching and reusing the image produced with the downloaded tools. + # Not sure why. + tests/docker/docker.py --engine ${DOCKER_ENGINE} build \ + -t coverity-scanner -f scripts/coverity-scan/coverity-scan.docker \ + -v "$SECRETDIR:/work" \ + --extra-files scripts/coverity-scan/run-coverity-scan + fi echo "Archiving sources to be analyzed..." ./scripts/archive-source.sh "$SECRETDIR/qemu-sources.tgz" if [ "$DRYRUN" = yes ]; then @@ -350,7 +357,9 @@ fi check_upload_permissions -update_coverity_tools +if [ "$UPDATE" != no ]; then + update_coverity_tools +fi TOOLBIN="$(cd "$COVERITY_TOOL_BASE" && echo $PWD/coverity_tool/cov-analysis-*/bin)" From patchwork Thu May 21 12:45:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 1295180 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=cB4seQus; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49STrf1ntcz9sPK for ; Thu, 21 May 2020 22:46:25 +1000 (AEST) Received: from localhost ([::1]:55520 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jbkad-0003cK-6M for incoming@patchwork.ozlabs.org; Thu, 21 May 2020 08:46:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50698) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jbka5-0003Zq-44 for qemu-devel@nongnu.org; Thu, 21 May 2020 08:45:49 -0400 Received: from us-smtp-1.mimecast.com ([205.139.110.61]:29493) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1jbka2-00057S-Ep for qemu-devel@nongnu.org; Thu, 21 May 2020 08:45:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1590065145; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RYYQUL0ofIRC+VTkLDVn89vPvmwrazQpp2d5+kAvCAk=; b=cB4seQusnQcmIyF0u8v8OUiK1EMD+2j8VNDK5Qp/mYdfGrbPphf3ht4IP0f/boaa6xkKpQ EMWYXMsh6zLjO8xhN9EMlfpbf7AH2kuMtRcwkqRYPc++yeII5Y1hWVEcTah0Xo3/xHVkp1 LUI6kCbGjt3bHrptORQhavARfcWZOW8= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-10-LCi3rWuYMF67bfFWmY3aUQ-1; Thu, 21 May 2020 08:45:41 -0400 X-MC-Unique: LCi3rWuYMF67bfFWmY3aUQ-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id EC206464; Thu, 21 May 2020 12:45:40 +0000 (UTC) Received: from virtlab701.virt.lab.eng.bos.redhat.com (virtlab701.virt.lab.eng.bos.redhat.com [10.19.152.228]) by smtp.corp.redhat.com (Postfix) with ESMTP id 629B3341E9; Thu, 21 May 2020 12:45:40 +0000 (UTC) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v2 6/8] run-coverity-scan: use --no-update-tools in docker run Date: Thu, 21 May 2020 08:45:33 -0400 Message-Id: <20200521124535.5329-7-pbonzini@redhat.com> In-Reply-To: <20200521124535.5329-1-pbonzini@redhat.com> References: <20200521124535.5329-1-pbonzini@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=205.139.110.61; envelope-from=pbonzini@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/21 01:47:40 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, alex.bennee@linaro.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Tools are already updated via the docker build. Reviewed-by: Peter Maydell Signed-off-by: Paolo Bonzini --- scripts/coverity-scan/run-coverity-scan | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/scripts/coverity-scan/run-coverity-scan b/scripts/coverity-scan/run-coverity-scan index bc9e12670b..6bb38b4f48 100755 --- a/scripts/coverity-scan/run-coverity-scan +++ b/scripts/coverity-scan/run-coverity-scan @@ -325,17 +325,16 @@ if [ "$DOCKER" = yes ]; then fi echo "Archiving sources to be analyzed..." ./scripts/archive-source.sh "$SECRETDIR/qemu-sources.tgz" + ARGS="--no-update-tools" if [ "$DRYRUN" = yes ]; then - DRYRUNARG=--dry-run + ARGS="$ARGS --dry-run" fi echo "Running scanner..." # If we need to capture the output tarball, get the inner run to # save it to the secrets directory so we can copy it out before the # directory is cleaned up. if [ ! -z "$RESULTSTARBALL" ]; then - RTARGS="--results-tarball /work/cov-int.tar.xz" - else - RTARGS="" + ARGS="$ARGS --results-tarball /work/cov-int.tar.xz" fi # Arrange for this docker run to get access to the sources with -v. # We pass through all the configuration from the outer script to the inner. @@ -343,8 +342,8 @@ if [ "$DOCKER" = yes ]; then tests/docker/docker.py run -it --env COVERITY_EMAIL --env COVERITY_BUILD_CMD \ -v "$SECRETDIR:/work" coverity-scanner \ ./run-coverity-scan --version "$VERSION" \ - --description "$DESCRIPTION" $DRYRUNARG --tokenfile /work/token \ - --srcdir /qemu --src-tarball /work/qemu-sources.tgz $RTARGS + --description "$DESCRIPTION" $ARGS --tokenfile /work/token \ + --srcdir /qemu --src-tarball /work/qemu-sources.tgz if [ ! -z "$RESULTSTARBALL" ]; then echo "Copying results tarball to $RESULTSTARBALL..." cp "$SECRETDIR/cov-int.tar.xz" "$RESULTSTARBALL" From patchwork Thu May 21 12:45:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 1295185 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=PMT/fTzu; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49STv605hJz9sRK for ; Thu, 21 May 2020 22:48:34 +1000 (AEST) Received: from localhost ([::1]:38190 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jbkch-00089Y-Qz for incoming@patchwork.ozlabs.org; Thu, 21 May 2020 08:48:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50680) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jbka2-0003Ui-RU for qemu-devel@nongnu.org; Thu, 21 May 2020 08:45:46 -0400 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:44001 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1jbka1-000578-K2 for qemu-devel@nongnu.org; Thu, 21 May 2020 08:45:46 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1590065144; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ucbm30v1gOPnBVovAjuwcDEPB4Pjf4KkcMD5kjEUqv0=; b=PMT/fTzuxcd5aubI+ze4go6bBV0U8W5bQMmGdYTvVefy90cl/raqKFWE1FY+SX50shq3Kb F5Zwm7y4uP4/fVYYBzSpB8Vbxf9LBov1csmF5cv7GIkifCOZOWpODLgU+Qrl7JbdZ6av28 erje6xlVSrcbUZQR2M98/135lB8vflI= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-168-GM5QclnOM4usfzC6l56Irg-1; Thu, 21 May 2020 08:45:42 -0400 X-MC-Unique: GM5QclnOM4usfzC6l56Irg-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B20CC8005AA; Thu, 21 May 2020 12:45:41 +0000 (UTC) Received: from virtlab701.virt.lab.eng.bos.redhat.com (virtlab701.virt.lab.eng.bos.redhat.com [10.19.152.228]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2863D341E9; Thu, 21 May 2020 12:45:41 +0000 (UTC) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v2 7/8] run-coverity-scan: download tools outside the container Date: Thu, 21 May 2020 08:45:34 -0400 Message-Id: <20200521124535.5329-8-pbonzini@redhat.com> In-Reply-To: <20200521124535.5329-1-pbonzini@redhat.com> References: <20200521124535.5329-1-pbonzini@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=205.139.110.120; envelope-from=pbonzini@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/21 06:06:22 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, alex.bennee@linaro.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" This lets us look at coverity_tool.md5 across executions of run-coverity-scan and skip the download. Reviewed-by: Peter Maydell Signed-off-by: Paolo Bonzini --- scripts/coverity-scan/coverity-scan.docker | 3 +- scripts/coverity-scan/run-coverity-scan | 42 +++++++++++----------- 2 files changed, 24 insertions(+), 21 deletions(-) diff --git a/scripts/coverity-scan/coverity-scan.docker b/scripts/coverity-scan/coverity-scan.docker index 6f0460b66c..efcf63224d 100644 --- a/scripts/coverity-scan/coverity-scan.docker +++ b/scripts/coverity-scan/coverity-scan.docker @@ -127,5 +127,6 @@ RUN dnf install -y $PACKAGES RUN rpm -q $PACKAGES | sort > /packages.txt ENV PATH $PATH:/usr/libexec/python3-sphinx/ ENV COVERITY_TOOL_BASE=/coverity-tools +COPY coverity_tool.tgz coverity_tool.tgz +RUN mkdir -p /coverity-tools/coverity_tool && cd /coverity-tools/coverity_tool && tar xf /coverity_tool.tgz COPY run-coverity-scan run-coverity-scan -RUN ./run-coverity-scan --update-tools-only --tokenfile /work/token diff --git a/scripts/coverity-scan/run-coverity-scan b/scripts/coverity-scan/run-coverity-scan index 6bb38b4f48..8bff952bf5 100755 --- a/scripts/coverity-scan/run-coverity-scan +++ b/scripts/coverity-scan/run-coverity-scan @@ -116,15 +116,17 @@ update_coverity_tools () { echo "Downloaded tarball didn't match md5sum!" exit 1 fi - # extract the new one, keeping it corralled in a 'coverity_tool' directory - echo "Unpacking coverity build tools..." - mkdir -p coverity_tool - cd coverity_tool - tar xf ../coverity_tool.tgz - cd .. - mv coverity_tool.md5.new coverity_tool.md5 - fi + if [ "$DOCKER" != yes ]; then + # extract the new one, keeping it corralled in a 'coverity_tool' directory + echo "Unpacking coverity build tools..." + mkdir -p coverity_tool + cd coverity_tool + tar xf ../coverity_tool.tgz + cd .. + mv coverity_tool.md5.new coverity_tool.md5 + fi + fi rm -f coverity_tool.md5.new } @@ -296,6 +298,14 @@ if [ -z "$COVERITY_EMAIL" ]; then COVERITY_EMAIL="$(git config user.email)" fi +# Otherwise, continue with the full build and upload process. + +check_upload_permissions + +if [ "$UPDATE" != no ]; then + update_coverity_tools +fi + # Run ourselves inside docker if that's what the user wants if [ "$DOCKER" = yes ]; then # Put the Coverity token into a temporary file that only @@ -315,13 +325,13 @@ if [ "$DOCKER" = yes ]; then if [ "$UPDATE" != no ]; then # build docker container including the coverity-scan tools echo "Building docker container..." - # TODO: This re-downloads the tools every time, rather than - # caching and reusing the image produced with the downloaded tools. + # TODO: This re-unpacks the tools every time, rather than caching + # and reusing the image produced by the COPY of the .tgz file. # Not sure why. tests/docker/docker.py --engine ${DOCKER_ENGINE} build \ -t coverity-scanner -f scripts/coverity-scan/coverity-scan.docker \ - -v "$SECRETDIR:/work" \ - --extra-files scripts/coverity-scan/run-coverity-scan + --extra-files scripts/coverity-scan/run-coverity-scan \ + "$COVERITY_TOOL_BASE"/coverity_tool.tgz fi echo "Archiving sources to be analyzed..." ./scripts/archive-source.sh "$SECRETDIR/qemu-sources.tgz" @@ -352,14 +362,6 @@ if [ "$DOCKER" = yes ]; then exit 0 fi -# Otherwise, continue with the full build and upload process. - -check_upload_permissions - -if [ "$UPDATE" != no ]; then - update_coverity_tools -fi - TOOLBIN="$(cd "$COVERITY_TOOL_BASE" && echo $PWD/coverity_tool/cov-analysis-*/bin)" if ! test -x "$TOOLBIN/cov-build"; then From patchwork Thu May 21 12:45:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 1295187 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=gt4itLhm; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49STwR6Cfzz9sPK for ; Thu, 21 May 2020 22:49:43 +1000 (AEST) Received: from localhost ([::1]:44102 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jbkdp-0002IH-Kk for incoming@patchwork.ozlabs.org; Thu, 21 May 2020 08:49:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50688) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jbka3-0003X2-Rk for qemu-devel@nongnu.org; Thu, 21 May 2020 08:45:47 -0400 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:31613 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1jbka2-00057M-0Y for qemu-devel@nongnu.org; Thu, 21 May 2020 08:45:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1590065145; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=j4FdChKq6cAC1AvirjpOGLQBCc9XB8opK4v+ZgHbNbU=; b=gt4itLhmbO/FTwOmyhkax2YP4wf6Bi/kFiyIQffHNif8wDsIV2vvQfWoKkbMU44MC9KJsp GmicmmcNOeeLv+TrGz4hkfeX9SejXRYBrjnuDt+TX8ADv2PHxrBIuE60G3mmldMjMzzVkk Zf18j6GNshdvqIRifcit144dMm6TA7U= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-287-GKADqYn6NVaODDiJDgJH2Q-1; Thu, 21 May 2020 08:45:43 -0400 X-MC-Unique: GKADqYn6NVaODDiJDgJH2Q-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 75D96108BD0B; Thu, 21 May 2020 12:45:42 +0000 (UTC) Received: from virtlab701.virt.lab.eng.bos.redhat.com (virtlab701.virt.lab.eng.bos.redhat.com [10.19.152.228]) by smtp.corp.redhat.com (Postfix) with ESMTP id E119A34209; Thu, 21 May 2020 12:45:41 +0000 (UTC) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PATCH v2 8/8] run-coverity-scan: support --update-tools-only --docker Date: Thu, 21 May 2020 08:45:35 -0400 Message-Id: <20200521124535.5329-9-pbonzini@redhat.com> In-Reply-To: <20200521124535.5329-1-pbonzini@redhat.com> References: <20200521124535.5329-1-pbonzini@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=207.211.31.120; envelope-from=pbonzini@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/21 01:44:25 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, alex.bennee@linaro.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Just build the container when run-coverity-scan is invoked with --update-tools-only --docker. This requires moving the "docker build" logic into the update_coverity_tools function. The only snag is that --update-tools-only --docker requires access to the dockerfile. For now just report an error for --src-tarball, and "docker build" will fail if not in a source tree. Another possibility could be to host our container images on a public registry, and use "FROM qemu:fedora" to make the Dockerfile small enough that it can be included directly in the run-coverity-scan script. Reviewed-by: Peter Maydell Signed-off-by: Paolo Bonzini --- scripts/coverity-scan/run-coverity-scan | 39 +++++++++++++++---------- 1 file changed, 23 insertions(+), 16 deletions(-) diff --git a/scripts/coverity-scan/run-coverity-scan b/scripts/coverity-scan/run-coverity-scan index 8bff952bf5..03a791dec9 100755 --- a/scripts/coverity-scan/run-coverity-scan +++ b/scripts/coverity-scan/run-coverity-scan @@ -95,6 +95,18 @@ check_upload_permissions() { } +build_docker_image() { + # build docker container including the coverity-scan tools + echo "Building docker container..." + # TODO: This re-unpacks the tools every time, rather than caching + # and reusing the image produced by the COPY of the .tgz file. + # Not sure why. + tests/docker/docker.py --engine ${DOCKER_ENGINE} build \ + -t coverity-scanner -f scripts/coverity-scan/coverity-scan.docker \ + --extra-files scripts/coverity-scan/run-coverity-scan \ + "$COVERITY_TOOL_BASE"/coverity_tool.tgz +} + update_coverity_tools () { # Check for whether we need to download the Coverity tools # (either because we don't have a copy, or because it's out of date) @@ -128,6 +140,11 @@ update_coverity_tools () { fi fi rm -f coverity_tool.md5.new + cd "$SRCDIR" + + if [ "$DOCKER" = yes ]; then + build_docker_image + fi } @@ -252,15 +269,16 @@ fi PROJNAME=QEMU TARBALL=cov-int.tar.xz -if [ "$UPDATE" = only ] && [ "$DOCKER" = yes ]; then - echo "Combining --docker and --update-only is not supported" - exit 1 -fi - if [ "$UPDATE" = only ]; then # Just do the tools update; we don't need to check whether # we are in a source tree or have upload rights for this, # so do it before some of the command line and source tree checks. + + if [ "$DOCKER" = yes ] && [ ! -z "$SRCTARBALL" ]; then + echo --update-tools-only --docker is incompatible with --src-tarball. + exit 1 + fi + update_coverity_tools exit 0 fi @@ -322,17 +340,6 @@ if [ "$DOCKER" = yes ]; then echo "Created temporary directory $SECRETDIR" SECRET="$SECRETDIR/token" echo "$COVERITY_TOKEN" > "$SECRET" - if [ "$UPDATE" != no ]; then - # build docker container including the coverity-scan tools - echo "Building docker container..." - # TODO: This re-unpacks the tools every time, rather than caching - # and reusing the image produced by the COPY of the .tgz file. - # Not sure why. - tests/docker/docker.py --engine ${DOCKER_ENGINE} build \ - -t coverity-scanner -f scripts/coverity-scan/coverity-scan.docker \ - --extra-files scripts/coverity-scan/run-coverity-scan \ - "$COVERITY_TOOL_BASE"/coverity_tool.tgz - fi echo "Archiving sources to be analyzed..." ./scripts/archive-source.sh "$SECRETDIR/qemu-sources.tgz" ARGS="--no-update-tools"