mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-25 15:32:07 +00:00
scripts/run-scan-build: update
- use multiple jobs - define _FORTIFY_SOURCE=2 to enable checks on standard string handling functions due to macro/intrinsic overloads or function attributes - allow to override clang and scan-build binaries, i.e. for using versioned ones - set PYTHON_SETUP_ARGS accordingly on Debian - enable common warning -Wextra - print build result Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
This commit is contained in:
parent
af29a23553
commit
54667cdb37
@ -1,6 +1,10 @@
|
||||
#!/bin/sh
|
||||
# Run clang's static analyzer (scan-build) and record its output in output-scan-build/
|
||||
|
||||
# Allow overriding binariy names, like clang-12
|
||||
export CC=${CC:-clang}
|
||||
SCAN_BUILD=${SCAN_BUILD:-scan-build}
|
||||
|
||||
# Ensure the current directory is where this script is
|
||||
cd "$(dirname -- "$0")" || exit $?
|
||||
|
||||
@ -20,14 +24,24 @@ export PATH="$DESTDIR/usr/sbin:$DESTDIR/usr/bin:$DESTDIR/sbin:$DESTDIR/bin:$PATH
|
||||
export PYTHONPATH="$DESTDIR$(${PYTHON:-python3} -c "from distutils.sysconfig import *;print(get_python_lib(prefix='/usr'))")"
|
||||
export RUBYLIB="$DESTDIR/$(${RUBY:-ruby} -e 'puts RbConfig::CONFIG["vendorlibdir"]'):$DESTDIR/$(${RUBY:-ruby} -e 'puts RbConfig::CONFIG["vendorarchdir"]')"
|
||||
|
||||
if [ -f /etc/debian_version ]; then
|
||||
export PYTHON_SETUP_ARGS='--install-layout=deb'
|
||||
fi
|
||||
|
||||
# Build and analyze
|
||||
make -C .. CC=clang clean distclean -j"$(nproc)"
|
||||
scan-build -analyze-headers -o "$OUTPUTDIR" make -C .. \
|
||||
CC=clang \
|
||||
make -C .. clean distclean -j"$(nproc)"
|
||||
$SCAN_BUILD -analyze-headers -o "$OUTPUTDIR" make -C .. \
|
||||
DESTDIR="$DESTDIR" \
|
||||
CFLAGS="-O2 -Wall -D__CHECKER__ -I$DESTDIR/usr/include" \
|
||||
CFLAGS="-O2 -Wall -Wextra -D_FORTIFY_SOURCE=2 -D__CHECKER__ -I$DESTDIR/usr/include" \
|
||||
-j"$(nproc)" \
|
||||
install install-pywrap install-rubywrap all test
|
||||
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "++ Build succeeded"
|
||||
else
|
||||
echo "++ Build failed"
|
||||
fi
|
||||
|
||||
# Reduce the verbosity in order to keep the message from scan-build saying
|
||||
# "scan-build: Run 'scan-view /.../output-scan-build/2018-...' to examine bug reports.
|
||||
set +x
|
||||
|
Loading…
Reference in New Issue
Block a user