**** BEGIN LOGGING AT Sun Nov 24 02:59:58 2019 Nov 24 03:28:50 build #174 of ramips/mt76x8 is complete: Success [build successful] Build details are at http://buildbot.openwrt.org/master/images/builders/ramips%2Fmt76x8/builds/174 Nov 24 07:52:56 jow: ping Nov 24 07:58:56 ynezz: what do you think of creating a docker container ontop of the sdk containing the coverity wrapper and itegrate it into the openwrt-ci? this way we have per project reports via ci Nov 24 09:17:04 jow: do we have download statistics for packages? I would be interested in what packages are popular in openwrt. Nov 24 09:30:19 ynezz: tnx Nov 24 09:46:37 jow: You there? Nov 24 10:39:19 aparcar[m]: +1 Nov 24 11:43:37 aparcar[m]: we would end with two solutions, which could result in increased maintenance effort Nov 24 11:44:13 aparcar[m]: one with buildbot (kernel, dropbear, hostapd, dnsmasq, libc...) and second one inside openwrt-ci Nov 24 11:44:59 aparcar[m]: it's fine with me, but certainly something which needs to be considered Nov 24 11:46:36 aparcar[m]: do we really need to coverity check every push? even if we do that, we don't know when the coverity is going to analyze the submitted results Nov 24 11:47:58 aparcar[m]: isn't one build/check once a day good enough? you need to consider the size of the coverity analyzer which is 700MB+ and you would need to download it for every build in the CI Nov 24 11:55:53 I'm probably biased, because it's some closed source solution and I don't want to waste more time on it Nov 24 11:56:57 you cant use it on your machines during development, you can improve it, build more on it Nov 24 11:57:07 s/you can/you can't/ Nov 24 11:57:55 so I would rather invest that time in clang - fuzzers, sanitizers, unit test coverage Nov 24 11:59:18 speaking of coverity, can someone pls tell me quick how to, how to see for example issues in the fstools? Nov 24 11:59:40 no matter what I do in chromium/firefox, my list of issues is empty Nov 24 12:02:32 I click on https://scan.coverity.com/projects/openwrt/view_defects then in the filter, I add Project=*fstools* [x] Nov 24 12:54:29 ynezz: I think you have to select Component and not Project. Works here in firefox Nov 24 12:55:41 ynezz: maybe this link works for you? https://scan5.coverity.com/reports.htm#v52675/p10360/fileInstanceId=162795962&defectInstanceId=45364911&mergedDefectId=1433765 Nov 24 13:01:03 nope, empty Nov 24 13:06:41 can you remove me from the project and add again? Nov 24 13:07:48 ynezz: can you disavle adblock and make a force cache flush (str shift r)? Nov 24 13:08:45 I don't have any adblock in chromium Nov 24 13:09:07 I've disabled everything in firefox as well, so I assume it's something on their side Nov 24 13:09:41 okay readded you Nov 24 13:11:04 regarding the big sdk image with coverity installed, I'd setup a meta container with apt + coverity and then use the meta container as a base for daily sdk images Nov 24 13:11:24 so the ci caches the meta container and only redownloads the changed sdk Nov 24 13:12:40 it works now, thanks Nov 24 13:14:39 aparcar[m]: you see another layer of complexity Nov 24 13:15:37 what do we get in exchange for this? Nov 24 13:19:47 ynezz: I think the analysis of a small project like fwtool takes about 10 minutes, so after that you get an email with possible issus Nov 24 13:20:31 but I'm fine with the buildbot version too, whatever works best for the devs I guess Nov 24 13:21:03 ynezz: I'm off for today, will look into a setup tomorrow! Nov 24 13:22:58 aparcar[m]: I would stick to buildbot version for now (would be much easier) unless we got the number of bugs to 0, then it might make sense to receive emails for regressions Nov 24 13:25:08 aparcar[m]: with the proposed change, we would probably start receiving more emails, getting used to them, ignore them as well :] Nov 24 14:09:10 hey, how do i make two packages mutually exclusive? So make it clear that you should fully uninstall one package set, before installing the other one? Nov 24 15:16:51 I have a problem with a custom package where it does not seem to find the Makefile after me tinkering around a bit and I don't know where I went wrong. https://bpaste.net/show/GKXKU Nov 24 16:40:02 I was missing an empty "define Build/Compile\nendef" Nov 24 17:43:18 updated openwrt/upstream, https://sdwalker.github.io/uscan/index.html Nov 24 17:52:10 andy2244: you can't really, but as long as they ship overlapping files, opkg will complain (and e.g. will break the image build if both are selected with =y) Nov 24 18:25:23 KanjiMonster: ok thanks i did use 'depends on !PACKAGE_' now and seems to work in menuconfig at least Nov 24 18:48:56 andy2244: can you still choose to build both as =m? Nov 24 21:11:19 ynezz: more emails only if new defects are found. Nov 24 21:48:07 aparcar[m]: you can get those emails once a day as well, what's the difference? Nov 24 21:50:06 aparcar[m]: coverity in ci = increased overhead (downloading the coverity framework, additional build time delay for every build) and complexity Nov 24 21:50:43 aparcar[m]: coverity in buildbot once a day is not a big deal Nov 24 21:51:18 result is same in both cases, we would get same amount of emails in that day, right? Nov 24 21:51:39 ynezz: Ack, there will be no further suggestions from my side in any other direction Nov 24 21:51:58 I'm just thinking aloud Nov 24 21:52:19 maybe I'm missing something, but don't see it now Nov 24 21:55:47 BTW I had "add Coverity to CI" on my todo list initialy, but now I'm convinced, that buildbot every day is better approach Nov 24 21:57:20 how is coverity even going to work with it? Nov 24 21:57:37 it's static code analysis Nov 24 21:57:48 ynezz: my concern is that tools are easily compiled via buildbot, but when you want individual tools like hostapd etc you would have to tell the buildbot to compile it individually. there is not command like "compile tools and this list of specific tools I'd like to monitor". As the coverity logs are not mergeable I'm stumbling on who to implement that. Maybe a chain command like "cov-build make tools/compile Nov 24 21:57:49 package/hostapd/compile package.../" would do the job Nov 24 21:58:43 aparcar[m]: just reuse what lynxis did? Nov 24 21:59:10 ynezz: but that just compiles tools, doesn't it? so hostapd would be missing Nov 24 21:59:33 it builds all, then clean the packages you're interested in and build them again under coverity Nov 24 22:00:14 Mister_X: what do you mean exactly? Nov 24 22:05:24 ynezz: oh now I see, sorry first time I checked the script I missed that (obvious) point. Also the logs seem mergeable. I'll stick to what I said before and extend the buildbot ;) Nov 24 22:06:35 I use coverity scan, and it's a static code analysis tool Nov 24 22:06:49 finding (security) issues in the code Nov 24 22:07:07 unless you're using a different product from them Nov 24 22:07:19 ok, it's being used in the same way by OpenWrt as well Nov 24 22:08:35 but currently on private infrastructure just once a week, so we're just thinking aloud how to move/integrate it into OpenWrt infrastructure and make the builds once a day Nov 24 22:10:15 that's great Nov 24 22:10:46 https://scan.coverity.com/projects/openwrt/ anyone can ask for access, help with bug squashing is more then welcome :) Nov 24 22:15:30 it's a great tool Nov 24 22:15:56 they might have a bug somewhere: "-6,183,238 Lines of Code in Selected Components" Nov 24 22:35:48 i'll trigger another **** ENDING LOGGING AT Mon Nov 25 02:59:58 2019