1- # Host build of critical components, for Coverity Scan mostly
1+ # Host build of critical components, for static analysis
2+ #
3+ # Available targets:
4+ # build - Build all components (no static analysis)
5+ # check - Run static analysis (auto-detects scan-build or cppcheck)
6+ # scan-build - Run clang static analyzer (preferred)
7+ # cppcheck - Run cppcheck static analyzer (fallback)
8+ # coverity - Show Coverity Scan usage
9+ # coverity-build - Build for Coverity Scan (used by CI)
10+ # dep - Build dependencies only
11+ #
212APPS = bin confd factory keyack statd
313
14+ # Detect available static analysis tools
15+ HAVE_SCANBUILD := $(shell command -v scan-build 2>/dev/null)
16+ HAVE_CPPCHECK := $(shell command -v cppcheck 2>/dev/null)
17+
418.PHONY : all
519all :
6- @echo " *** all not supported, only check possible ***"
7- false
20+ @echo " *** all not supported, only build/ check/coverity possible ***"
21+ @ false
822
923.PHONY : dep
1024dep :
1125 (cd libsrx && make -f check.mk dep)
1226
13- check : dep $(APPS )
27+ # Main build target (renamed from check)
28+ .PHONY : build
29+ build : dep $(APPS )
1430 rm -rf staging
1531
1632$(APPS )
@@ -19,3 +35,83 @@ $(APPS): libsrx
1935.PHONY : libsrx
2036libsrx :
2137 (cd $@ && make -f check.mk)
38+
39+ # Static analysis target - auto-detects scan-build or cppcheck
40+ .PHONY : check
41+ check :
42+ ifdef HAVE_SCANBUILD
43+ @echo "==> Running scan-build (clang static analyzer)"
44+ $(MAKE) scan-build
45+ else ifdef HAVE_CPPCHECK
46+ @echo "==> Running cppcheck (fallback - scan-build not found)"
47+ @echo " For better analysis, install scan-build:"
48+ @echo " Debian/Ubuntu: apt-get install clang-tools"
49+ @echo " Fedora/RHEL: dnf install clang-tools-extra"
50+ @echo ""
51+ $(MAKE) cppcheck
52+ else
53+ @echo "*** ERROR: No static analysis tool found ***"
54+ @echo ""
55+ @echo "Please install scan-build (recommended) or cppcheck:"
56+ @echo " Debian/Ubuntu: sudo apt-get install clang-tools"
57+ @echo " Fedora/RHEL: sudo dnf install clang-tools-extra"
58+ @echo " Alpine: apk add clang-extra-tools"
59+ @echo ""
60+ @echo "Or install cppcheck as fallback:"
61+ @echo " Debian/Ubuntu: sudo apt-get install cppcheck"
62+ @echo " Fedora/RHEL: sudo dnf install cppcheck"
63+ @false
64+ endif
65+
66+ # Clang static analyzer (preferred)
67+ .PHONY : scan-build
68+ scan-build : dep
69+ ifndef HAVE_SCANBUILD
70+ @echo "*** ERROR: scan-build not found ***"
71+ @echo ""
72+ @echo "Install scan-build for better static analysis:"
73+ @echo " Debian/Ubuntu: sudo apt-get install clang-tools"
74+ @echo " Fedora/RHEL: sudo dnf install clang-tools-extra"
75+ @echo " Alpine: apk add clang-extra-tools"
76+ @false
77+ endif
78+ @echo "==> Running scan-build on all components"
79+ @rm -rf scan-results
80+ scan-build -o scan-results --status-bugs $(MAKE) _analyze
81+ @echo "==> Scan complete. Results in scan-results/"
82+
83+ # cppcheck static analyzer
84+ .PHONY : cppcheck
85+ cppcheck : dep
86+ ifndef HAVE_CPPCHECK
87+ @echo "*** ERROR: cppcheck not found ***"
88+ @echo ""
89+ @echo "Install cppcheck:"
90+ @echo " Debian/Ubuntu: sudo apt-get install cppcheck"
91+ @echo " Fedora/RHEL: sudo dnf install cppcheck"
92+ @echo ""
93+ @echo "Or use scan-build (recommended) instead:"
94+ @echo " Debian/Ubuntu: sudo apt-get install clang-tools"
95+ @false
96+ endif
97+ @echo "==> Running cppcheck on all components"
98+ @for app in libsrx $(APPS); do \
99+ echo " -> Checking $$app"; \
100+ (cd $$app && cppcheck --enable=all --suppress=missingIncludeSystem \
101+ --quiet --template=gcc -I../staging/include . 2>&1) || true; \
102+ done
103+ @echo "==> cppcheck complete"
104+
105+ # Internal target for scan-build to analyze
106+ .PHONY : _analyze
107+ _analyze : libsrx $(APPS )
108+ rm -rf staging
109+
110+ # Coverity Scan target (for CI)
111+ .PHONY : coverity
112+ coverity :
113+ @echo " ==> Building for Coverity Scan"
114+ @echo " Use: cov-build --dir cov-int make coverity-build"
115+
116+ .PHONY : coverity-build
117+ coverity-build : build
0 commit comments