xref: /qemu/scripts/coverity-scan/coverity-scan.docker (revision 32a9d735)

# syntax=docker/dockerfile:1.0.0-experimental
#
# Docker setup for running the "Coverity Scan" tools over the source
# tree and uploading them to the website, as per
# https://scan.coverity.com/projects/qemu/builds/new
# We do this on a fixed config (currently Fedora 30 with a known
# set of dependencies and a configure command that enables a specific
# set of options) so that random changes don't result in our accidentally
# dropping some files from the scan.
#
# We don't build on top of the fedora.docker file because we don't
# want to accidentally change or break the scan config when that
# is updated.

# The work of actually doing the build is handled by the
# run-coverity-scan script.

FROM registry.fedoraproject.org/fedora:37

RUN dnf install -y nosync && \
    echo -e '#!/bin/sh\n\
if test -d /usr/lib64\n\
then\n\
    export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
else\n\
    export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
fi\n\
exec "$@"' > /usr/bin/nosync && \
    chmod +x /usr/bin/nosync && \
    nosync dnf update -y && \
    nosync dnf install -y \
               SDL2-devel \
               SDL2_image-devel \
               alsa-lib-devel \
               bash \
               bc \
               bison \
               brlapi-devel \
               bzip2 \
               bzip2-devel \
               ca-certificates \
               capstone-devel \
               ccache \
               clang \
               ctags \
               cyrus-sasl-devel \
               daxctl-devel \
               dbus-daemon \
               device-mapper-multipath-devel \
               diffutils \
               findutils \
               flex \
               fuse3-devel \
               gcc \
               gcc-c++ \
               gcovr \
               genisoimage \
               gettext \
               git \
               glib2-devel \
               glib2-static \
               glibc-langpack-en \
               glibc-static \
               glusterfs-api-devel \
               gnutls-devel \
               gtk3-devel \
               hostname \
               jemalloc-devel \
               json-c-devel \
               libaio-devel \
               libasan \
               libattr-devel \
               libbpf-devel \
               libcacard-devel \
               libcap-ng-devel \
               libcmocka-devel \
               libcurl-devel \
               libdrm-devel \
               libepoxy-devel \
               libfdt-devel \
               libffi-devel \
               libgcrypt-devel \
               libiscsi-devel \
               libjpeg-devel \
               libnfs-devel \
               libpmem-devel \
               libpng-devel \
               librbd-devel \
               libseccomp-devel \
               libselinux-devel \
               libslirp-devel \
               libssh-devel \
               libtasn1-devel \
               libubsan \
               liburing-devel \
               libusbx-devel \
               libzstd-devel \
               llvm \
               lttng-ust-devel \
               lzo-devel \
               make \
               mesa-libgbm-devel \
               meson \
               ncurses-devel \
               nettle-devel \
               ninja-build \
               nmap-ncat \
               numactl-devel \
               openssh-clients \
               pam-devel \
               pcre-static \
               pixman-devel \
               pkgconfig \
               pulseaudio-libs-devel \
               python3 \
               python3-PyYAML \
               python3-numpy \
               python3-opencv \
               python3-pillow \
               python3-pip \
               python3-sphinx \
               python3-sphinx_rtd_theme \
               rdma-core-devel \
               rpm \
               sed \
               snappy-devel \
               socat \
               sparse \
               spice-protocol \
               spice-server-devel \
               systemd-devel \
               systemtap-sdt-devel \
               tar \
               tesseract \
               tesseract-langpack-eng \
               usbredir-devel \
               util-linux \
               virglrenderer-devel \
               vte291-devel \
               which \
               xen-devel \
               xfsprogs-devel \
               zlib-devel \
               zlib-static \
               zstd && \
    nosync dnf autoremove -y && \
    nosync dnf clean all -y && \
    rpm -qa | sort > /packages.txt && \
    mkdir -p /usr/libexec/ccache-wrappers && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/c++ && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/g++ && \
    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc

ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
ENV LANG "en_US.UTF-8"
ENV MAKE "/usr/bin/make"
ENV NINJA "/usr/bin/ninja"
ENV PYTHON "/usr/bin/python3"
ENV QEMU_CONFIGURE_OPTS --meson=internal

RUN dnf install -y curl wget
ENV COVERITY_TOOL_BASE=/coverity-tools
COPY coverity_tool.tgz coverity_tool.tgz
RUN mkdir -p /coverity-tools/coverity_tool && cd /coverity-tools/coverity_tool && tar xf /coverity_tool.tgz
COPY run-coverity-scan run-coverity-scan