#!/bin/bash TRUSTEDAPPS_TARGET_TA=$1 TRUSTEDAPPS_TA_BUILD_ROOT=$2 TRUSTEDAPPS_TA_BUILD_CMD=$3 #--------------------------------------------------------------------- # Set following according to your environment #--------------------------------------------------------------------- if [ "$BUILD_NODE" != "PREVENT" ] && [ "$BUILD_NODE" != "PREVENT_CP" ] then # 1) Prevent installation folder _PRVT_HOME= # 2) Directory where build takes place _BUILD_PATH=$TRUSTEDAPPS_TA_BUILD_ROOT # 3) Build command _BUILD_CMD=$TRUSTEDAPPS_TA_BUILD_CMD # 4) Set Proxy server IP, if using Proxy server in Overseas R&D center _PROXY_IP="10.252.250.111" fi # 5) Download Prevent tool : 1 -> download, 0 -> not download _DOWNLOAD_PREVENT=1 _LINUX_BITS=64 #=========================================================== # * DO NOT CHANGE FOLLOWING * #=========================================================== #----------------------------------------------------------- # Prevent Options(SE Group Prevent modified after consultation with the representative) #----------------------------------------------------------- # 5) Log Level _LOG_LEVEL=1 # 6) Platform _PLATFORM=Android_AP # 8) Prevent Product Name _PRODUCT="trustedapps_${TRUSTEDAPPS_TARGET_TA}" _LANG=CXX _PRODUCT=$_PRODUCT"_"$_LANG # 9) Parallel Build _PARALLEL_BUILD=OFF _REPLAY_PROCESSES=4 #----------------------------------------------------------- # Reset proxy ip if not set _PROXY_IP=${_PROXY_IP:-"10.252.250.111"} # Prevent main version _PREVENT_MAIN_VERSION=2021.03 export COV_HOST="$HOSTNAME" export ALLOW_NINJA_ENV=1 echo "Original _PRVT_HOME : $_PRVT_HOME" if [ "$BUILD_NODE" == PREVENT_CP ];then _TOOL_PATH=/root/prevent/ elif [ "$BUILD_NODE" == PREVENT ];then _TOOL_PATH=/opt/prevent/ fi if [ "_TOOL_PATH" ];then for dir in $(ls $_TOOL_PATH) do if [[ "$dir" == *"$_PREVENT_MAIN_VERSION"* ]] && [[ "$BUILD_NODE" == "PREVENT" || "$BUILD_NODE" == "PREVENT_CP" ]];then _PRVT_HOME=$_TOOL_PATH$dir echo "Changed _PRVT_HOME: $_PRVT_HOME" fi done fi # Download prevent 2021.03_modified if [ "$_DOWNLOAD_PREVENT" == "1" ] then if [ "$_LINUX_BITS" == "64" ] then _PREVENT_VER=cov-analysis-linux64-2021.03-01 else _PREVENT_VER=cov-analysis-linux-2021.03-01 fi #cd $_PRVT_HOME #cd .. if [ -f "$_PREVENT_VER.tar.gz" ] then rm $_PREVENT_VER.tar.gz fi if ! [ -d "$_PREVENT_VER" ] then wget http://$_PROXY_IP/prevent_download/2021.03/$_PREVENT_VER.tar.gz &> /dev/null tar zxvf ./$_PREVENT_VER.tar.gz &> /dev/null fi echo "Original _PRVT_HOME : $_PRVT_HOME" _PRVT_HOME="$(pwd)"/$_PREVENT_VER echo "Changed _PRVT_HOME : $_PRVT_HOME" if [ -f "$_PREVENT_VER.tar.gz" ] then rm $_PREVENT_VER.tar.gz fi echo "_____________________(modified analyzer loaded)________________" fi # Intermediate Directory if [ "$BUILD_NODE" != "PREVENT" ] && [ "$BUILD_NODE" != "PREVENT_CP" ] then _PRVT_BUILD_HOME=$_PRVT_HOME fi # Version File _VERSION_FILE=$_PRVT_HOME/config/version.sh # FTP _FTP=$_PRVT_HOME/bin/ncftpput # build_info.txt BUILD_INFO_PATH="../output" BUILD_INFO_FILE="build_info.txt" # --------------------------------------------- # get QB build params # --------------------------------------------- IFS=' ' read -ra source <<< "$_BUILD_SOURCE" #Convert string to array if [ "${#source[@]}" -gt 1 ] then _BUILD_SRC=${source[1]} else _BUILD_SRC=${source[0]} fi _ARCHIVER=tar _ARCH_EXT=tar.lzo lzop -h > /dev/null if [ $? != 0 ] then _ARCHIVER=$_PRVT_HOME/bin/7za _ARCH_EXT=7z fi if [ -z "$BUILD_INFO" ] then _OUTPUT=$_PRVT_BUILD_HOME/$_PRODUCT.$_ARCH_EXT else QB_URL="https://android.qb.sec.samsung.net" _QB_BUILD_ID=$(grep -Eo '[0-9]+$' <<<"$BUILD_INFO") _OUTPUT=$_PRVT_BUILD_HOME/$_PRODUCT"_"$_QB_BUILD_ID.$_ARCH_EXT fi _JENKINS_IP="10.252.248.36:8080" _PRD_URL="$_JENKINS_IP/job/Coverity/job/PIPELINE_COVERITY_ANALYSIS" _START_URL="$_PRD_URL/buildWithParameters?token=Start&COVERITY_PRODUCT=$_PRODUCT&_LANGUAGE=$_LANG&_VER=$_PREVENT_MAIN_VERSION&COVERITY_VER=cov-analysis-linux64-2021.03&_PLATFORM=$_PLATFORM&MANIFEST_PATH=$_BUILD_SRC&COMMIT_ID=$_BUILD_CL_SYNC&DPI_BUILD_PATH=$_PRVT_BUILD_HOME&BUILD_INFO=$BUILD_INFO&QB_URL=$QB_URL&QB_BUILD_ID=$_QB_BUILD_ID" version_up_notice() { echo --------------------------------------------------------------------- echo "Fail to Build, Check Last Step [$_STEP]" echo "Prevent was upgraded to $_PREVENT_MAIN_VERSION version." echo "Please install new version of Prevent." echo "Download : http://$_PROXY_IP/portal/downloads" echo --------------------------------------------------------------------- popd > /dev/null exit 2 } msg_error() { echo --------------------------------------------------------------------- echo "Fail to Build, Check Last Step. [$_STEP]" echo "You can ask support by following website [Static Analysis Support]." echo "Please visit and check QnA first https://mobilerndhub.sec.samsung.net/hub/support/service/candi/QNA" echo "Also, If you met up an error that 'ncftpput: Could not change to directory __PREVENT__/trustedapps_XXXX_XXXX_CXX: server said: No such directory.'" echo "Please check 'Static Analysis with Single TA build' on Trusted Application Managenet(http://mosaic.sec.samsung.net/kms/tam.club)" echo --------------------------------------------------------------------- popd > /dev/null exit 2 } error_check() { if [ $? != 0 ] then msg_error fi } pushd . > /dev/null # --------------------------------------------- echo Step1 : Check Environment # --------------------------------------------- _STEP=CHECK-PRVT_HOME if ! [ -d $_PRVT_HOME ] then msg_error fi _STEP=CHECK-ARCHIVER if [ "$_ARCH_EXT" == "7z" ] then if ! [ -f $_ARCHIVER ] then msg_error fi fi _STEP=CHECK-FTP if ! [ -f $_FTP ] then msg_error fi # --------------------------------------------- # Check Version: # --------------------------------------------- _STEP=CHECK-VERSION if [ -f $_VERSION_FILE ] then source $_VERSION_FILE fi if [ "$_PREVENT_VERSION" != "$_PREVENT_MAIN_VERSION" ] then version_up_notice fi build() { # --------------------------------------------------------------------- echo Step2 : Prevent Build - Make Intermediate result # --------------------------------------------------------------------- _STEP=COV-BUILD if [ "$1" != "inc" ] then # --------------------------------------------------------------------- echo Delete old intermediate result # --------------------------------------------------------------------- cd $_PRVT_BUILD_HOME rm -rf $_PRODUCT fi # Report start of build JOB_ID=$(wget -qO- "http://$_PROXY_IP/svace/add_analysis_history/?prod_name=$_PRODUCT&update_type=build_start") cd $_BUILD_PATH $_PRVT_HOME/bin/cov-configure --compiler arm-secureos-gnueabi-gcc --comptype gcc --template $_PRVT_HOME/bin/cov-configure --compiler aarch64-secureos-gnueabi-gcc --comptype gcc --template $_PRVT_HOME/bin/cov-build --enable-java-parse-error-recovery -V $_LOG_LEVEL --encoding UTF-8 --dir $_PRVT_BUILD_HOME/$_PRODUCT --auto-diff --return-emit-failures $_BUILD_CMD error_check # Report end of build if [ "$JOB_ID" -gt 0 ] then JOB_ID=$(wget -qO- "http://$_PROXY_IP/svace/add_analysis_history/?prod_name=$_PRODUCT&update_type=build_end&job_id=$JOB_ID") fi if [ -d "$BUILD_INFO_PATH" ] then cd $BUILD_INFO_PATH if [[ -f "$BUILD_INFO_FILE" ]]; then echo "Copy $BUILD_INFO_FILE to $_PRVT_BUILD_HOME/$_PRODUCT" cp $BUILD_INFO_FILE $_PRVT_BUILD_HOME/$_PRODUCT fi fi echo Prevent Build Complete - prepare to analyze. } parallel_build() { # --------------------------------------------------------------------- echo Step2 : Prevent Build - Record Only # --------------------------------------------------------------------- _STEP=COV-BUILD cd $_BUILD_PATH $_PRVT_HOME/bin/cov-build --enable-java-parse-error-recovery -V $_LOG_LEVEL --encoding UTF-8 --dir $_PRVT_BUILD_HOME/$_PRODUCT --record-only $_BUILD_CMD error_check mv $_PRVT_BUILD_HOME/$_PRODUCT/build-log.txt $_PRVT_BUILD_HOME/$_PRODUCT/record-build-log.txt parallel_replay } parallel_replay() { # --------------------------------------------------------------------- echo Step2 : Prevent Build - Replay # --------------------------------------------------------------------- _STEP=REPLAY cd $_BUILD_PATH $_PRVT_HOME/bin/cov-build -V $_LOG_LEVEL --encoding UTF-8 --dir $_PRVT_BUILD_HOME/$_PRODUCT --replay --replay-processes $_REPLAY_PROCESSES error_check mv $_PRVT_BUILD_HOME/$_PRODUCT/build-log.txt $_PRVT_BUILD_HOME/$_PRODUCT/replay-build-log.txt echo Prevent Build Complete - prepare to analyze. } archiving() { # --------------------------------------------------------------------- echo Step3 : Archiving # --------------------------------------------------------------------- _STEP=ARCHIVING if [ -f $_OUTPUT ] then rm -rf $_OUTPUT fi cd $_PRVT_BUILD_HOME if [ "$_ARCH_EXT" == "7z" ] then echo $_PRVT_HOME/bin/7za -mx0 a -t7z $_OUTPUT $_PRODUCT $_PRVT_HOME/bin/7za -mx0 a -t7z $_OUTPUT $_PRODUCT > /dev/null error_check echo Checking $_OUTPUT $_PRVT_HOME/bin/7za t $_OUTPUT > /dev/null error_check else tar --use-compress-program=lzop -cf $_OUTPUT $_PRODUCT fi echo Archive file was created. } transfer() { # --------------------------------------------------------------------- echo Step4 : FTP Transfer # --------------------------------------------------------------------- _STEP=Transfer $_FTP -u svace_upload_user -p svaceup -V $_PROXY_IP __PREVENT__/$_PRODUCT $_OUTPUT echo "[CHECKSUM] $_OUTPUT `sha1sum $_OUTPUT`" error_check echo $_ARCH_EXT > $_PRVT_BUILD_HOME/arch.ext $_FTP -u svace_upload_user -p svaceup -V $_PROXY_IP __PREVENT__/$_PRODUCT $_PRVT_BUILD_HOME/arch.ext error_check echo Transfer complete. } build_complete() { if [ "$JOB_ID" -gt 0 ] then _START_URL="$_START_URL&_JOB_ID=$JOB_ID" fi wget --no-proxy -q --spider $_START_URL > /dev/null echo --------------------------------------------------------------------- echo "Success to Prevent Build !!!" echo "You can check the progress by following website." echo $_PRD_URL echo Internal Job tracking id is "$JOB_ID" echo --------------------------------------------------------------------- popd > /dev/null } if [ "$1" == "arch" ] then archiving transfer build_complete elif [ "$1" == "transfer" ] then transfer build_complete elif [ "$1" == "replay" ] then parallel_replay archiving transfer build_complete else if [ "$_PARALLEL_BUILD" == "ON" ] then parallel_build else build $1 fi archiving transfer build_complete fi # --------------------------------------------- # get QB environment # --------------------------------------------- echo "QB environment variables: " printenv echo $_START_URL cp $_PRVT_HOME/${_PRODUCT}/build-log.txt $TOPDIR/output/cov-build-log.txt exit 0