# syntax=docker/dockerfile:1.0.0-experimental # # Docker setup for running the "Coverity Scan" tools over the source # tree and uploading them to the website, as per # https://scan.coverity.com/projects/qemu/builds/new # We do this on a fixed config (currently Fedora 30 with a known # set of dependencies and a configure command that enables a specific # set of options) so that random changes don't result in our accidentally # dropping some files from the scan. # # We don't build on top of the fedora.docker file because we don't # want to accidentally change or break the scan config when that # is updated. # The work of actually doing the build is handled by the # run-coverity-scan script. FROM registry.fedoraproject.org/fedora:37 RUN dnf install -y nosync && \ echo -e '#!/bin/sh\n\ if test -d /usr/lib64\n\ then\n\ export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\ else\n\ export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\ fi\n\ exec "$@"' > /usr/bin/nosync && \ chmod +x /usr/bin/nosync && \ nosync dnf update -y && \ nosync dnf install -y \ SDL2-devel \ SDL2_image-devel \ alsa-lib-devel \ bash \ bc \ bison \ brlapi-devel \ bzip2 \ bzip2-devel \ ca-certificates \ capstone-devel \ ccache \ clang \ ctags \ cyrus-sasl-devel \ daxctl-devel \ dbus-daemon \ device-mapper-multipath-devel \ diffutils \ findutils \ flex \ fuse3-devel \ gcc \ gcc-c++ \ gcovr \ genisoimage \ gettext \ git \ glib2-devel \ glib2-static \ glibc-langpack-en \ glibc-static \ glusterfs-api-devel \ gnutls-devel \ gtk3-devel \ hostname \ jemalloc-devel \ json-c-devel \ libaio-devel \ libasan \ libattr-devel \ libbpf-devel \ libcacard-devel \ libcap-ng-devel \ libcmocka-devel \ libcurl-devel \ libdrm-devel \ libepoxy-devel \ libfdt-devel \ libffi-devel \ libgcrypt-devel \ libiscsi-devel \ libjpeg-devel \ libnfs-devel \ libpmem-devel \ libpng-devel \ librbd-devel \ libseccomp-devel \ libselinux-devel \ libslirp-devel \ libssh-devel \ libtasn1-devel \ libubsan \ liburing-devel \ libusbx-devel \ libzstd-devel \ llvm \ lttng-ust-devel \ lzo-devel \ make \ mesa-libgbm-devel \ meson \ ncurses-devel \ nettle-devel \ ninja-build \ nmap-ncat \ numactl-devel \ openssh-clients \ pam-devel \ pcre-static \ pixman-devel \ pkgconfig \ pulseaudio-libs-devel \ python3 \ python3-PyYAML \ python3-numpy \ python3-opencv \ python3-pillow \ python3-pip \ python3-sphinx \ python3-sphinx_rtd_theme \ rdma-core-devel \ rpm \ sed \ snappy-devel \ socat \ sparse \ spice-protocol \ spice-server-devel \ systemd-devel \ systemtap-sdt-devel \ tar \ tesseract \ tesseract-langpack-eng \ usbredir-devel \ util-linux \ virglrenderer-devel \ vte291-devel \ which \ xen-devel \ xfsprogs-devel \ zlib-devel \ zlib-static \ zstd && \ nosync dnf autoremove -y && \ nosync dnf clean all -y && \ rpm -qa | sort > /packages.txt && \ mkdir -p /usr/libexec/ccache-wrappers && \ ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/c++ && \ ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \ ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \ ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/g++ && \ ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers" ENV LANG "en_US.UTF-8" ENV MAKE "/usr/bin/make" ENV NINJA "/usr/bin/ninja" ENV PYTHON "/usr/bin/python3" ENV QEMU_CONFIGURE_OPTS --meson=internal RUN dnf install -y curl wget ENV COVERITY_TOOL_BASE=/coverity-tools COPY coverity_tool.tgz coverity_tool.tgz RUN mkdir -p /coverity-tools/coverity_tool && cd /coverity-tools/coverity_tool && tar xf /coverity_tool.tgz COPY run-coverity-scan run-coverity-scan