From de491fda3d6c66da5b26999f2e94424d82cfe7bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Thu, 9 Nov 2023 14:51:48 +0100 Subject: [PATCH] scripts: update run-scan-build MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Do not build test target Building the test target breaks the whole build since the tests for libsepol require checkpolicy to be build already: make[2]: *** No rule to make target '../../checkpolicy/y.tab.o', needed by 'libsepol-tests'. Stop. make[2]: *** Waiting for unfinished jobs.... Since issues in the test suites are not critical do not build them. * Update build status reporting Since the script sets the option -e scan-build will immediately exit on failure and the informative message "++ Build failed" is not printed. * Bump to fortify level 3 * Fix typo Signed-off-by: Christian Göttsche Acked-by: James Carter --- scripts/run-scan-build | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/scripts/run-scan-build b/scripts/run-scan-build index 7b731f3e..e4f13a2f 100755 --- a/scripts/run-scan-build +++ b/scripts/run-scan-build @@ -1,7 +1,7 @@ #!/bin/sh # Run clang's static analyzer (scan-build) and record its output in output-scan-build/ -# Allow overriding binariy names, like clang-12 +# Allow overriding binary names, like clang-12 export CC=${CC:-clang} SCAN_BUILD=${SCAN_BUILD:-scan-build} @@ -32,15 +32,12 @@ fi make -C .. clean distclean -j"$(nproc)" $SCAN_BUILD -analyze-headers -o "$OUTPUTDIR" make -C .. \ DESTDIR="$DESTDIR" \ - CFLAGS="-O2 -Wall -Wextra -D_FORTIFY_SOURCE=2 -D__CHECKER__ -I$DESTDIR/usr/include" \ + CFLAGS="-O2 -Wall -Wextra -D_FORTIFY_SOURCE=3 -D__CHECKER__ -I$DESTDIR/usr/include" \ -j"$(nproc)" \ - install install-pywrap install-rubywrap all test + install install-pywrap install-rubywrap all \ + || { echo "++ Build failed!"; exit 1; } -if [ $? -eq 0 ]; then - echo "++ Build succeeded" -else - echo "++ Build failed" -fi +echo "++ Build succeeded" # Reduce the verbosity in order to keep the message from scan-build saying # "scan-build: Run 'scan-view /.../output-scan-build/2018-...' to examine bug reports.