Coverity OpenSource Scan: Failed to retrieve tar file - coverity

We are trying to use the Coverity OpenSource service but have problems submitting our project files for analyses.
Whenever submitting the project.tgz to the coverity (no matter whether this is done via the automation instruction or via the website directly),
we see that the build is being queued for a short time:
Last Build Status: Running. Your build is currently being analyzed
But after a few second the build fails as it cannot find the archive:
Last Build Status: Failed. Your build has failed due to the following reason. Please fix the error and upload the build again.
Error details: :Failed to retrieve tar file ...more
The build log seems fine:
2015-12-18T12:30:44.458433Z|cov-build|5752|info|> Build time (cov-build overall): 00:34:26.499117
2015-12-18T12:30:44.458433Z|cov-build|5752|info|>
2015-12-18T12:30:44.462750Z|cov-build|5752|info|> Build time (C/C++/Java emits total): 00:49:03.604351
2015-12-18T12:30:44.462750Z|cov-build|5752|info|>
2015-12-18T12:30:44.462750Z|cov-build|5752|info|>
2015-12-18T12:30:44.462794Z|cov-build|5752|info|> 397 C/C++ compilation units (100%) are ready for analysis
2015-12-18T12:30:44.462794Z|cov-build|5752|info|> 19 Java compilation units (100%) have been captured and are ready for analysis
The issue seems to be consistent with Error details: :Failed to download tar file from . Unfortunately, there is no solution.
Is there any naming convention/and or size restriction for the archive?
Thanks for your help!

After contacting the coverity support we just received the following answer and we could successfully submit a build. Seems there was some hickup on the coverity side.
"This was due to some behind the
scenes issues on our end – nothing interesting,, but it is back up and
running now. Thanks for your patience".

Related

Azure build failing due to Method not found: 'System.ReadOnlySpan`1<Char> Microsoft.IO.Path.GetFileName(System.ReadOnlySpan`1<Char>)

Ugh....Microsoft have done something.
All our builds that have been kicked off in the last few hours (approx 10:00 GMT) are failing on our "Build Solution step" failing because of the following error (from the logs):
##[error]EXEC(0,0): Error : Error occurred during processing of input file 'XXX.XXX.dll' --> Method not found: 'System.ReadOnlySpan1 Microsoft.IO.Path.GetFileName(System.ReadOnlySpan1<Char>)'.
Does anyone have any ideas on this? Nothing in our codebase has changed.
If you need more information please let me know. Thanks
FYI, this seems to be caused by a recent update to MSBuild (https://github.com/dotnet/msbuild/pull/7680) that has updated the version of System.Memory.
It looks like the obfuscation tool you're using in your build pipeline is built against a previous version of System.Memory and now that the version provided by the MSBuild environment has changed, the obfuscation tool is broken. Most likely requires the obfuscation tool to be updated.
(PS. I'm just relaying the information that others have identified where other tools are having the same issue - see https://github.com/T4MVC/R4MVC/issues/172)

Azure DevOps TFS - SonarQube Run CodeAnalysis error

I'm a bit lost and hope someone can help. We used to have a TFS build pipeline, but it has now been upgraded to Azure DevOps TFS. At the same time, new projects need to be put in and we want to have them built and analysed using SonarQube. A load of other things have changed (using .NET 6, so using different MSBuild as well, first Blazor project etc.) and the pipeline isn't working.
I have a pipeline that does:
NuGet restore
dotnet restore
Prepare analysis on SonarQube
Build solution **/*.sln (so I can specify the location for the msbuild.exe)
Run Code Analysis
The first 4 steps run fine, but then on Run Code Analysis it fails after ~45 seconds with an error:
INFO: Importing 34 Roslyn reports
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 42.540s
INFO: Final Memory: 24M/1299M
INFO: ------------------------------------------------------------------------
##[error]ERROR: Error during SonarScanner execution
ERROR: Error during SonarScanner execution
##[error]java.lang.IllegalArgumentException: URI is not absolute
at java.io.File.<init>(File.java:416)
at org.sonarsource.dotnet.shared.sarif.SarifParser10.uriToAbsolutePath(SarifParser10.java:225)
java.lang.IllegalArgumentException: URI is not absolute
at java.io.File.<init>(File.java:416)
at org.sonarsource.dotnet.shared.sarif.SarifParser10.uriToAbsolutePath(SarifParser10.java:225)
[another 80 lines or so of stack trace]
I'm not sure what this is suggesting a fix might be. The step itself doesn't seem to even take a URI, the Project Key/Name that the preparation step has as parameters work okay (testing with a previous pipeline). A Google search has bought up nothing that seems to help.
The only result I found that seemed even vaguely relevant seemed to suggest a fix in the latest version, but TFS only seems to go up to 4.* (4.23.1 specifically) and the latest seems to be 5.* or 6.*
I'm fairly new to all this, so step-by-step low-jargon explanations would be handy, thanks. :)

Azure Function - Publishing Failed - RequestTimeout

I have a basic Azure Function app. When I try to publish the app, I receive an error that says "error : The attempt to publish the ZIP file through https://... failed with HTTP status code RequestTimeout.".
This app is a .NET Standard app. I followed the instructions here. The difference is, my app has an Event Hub Trigger instead of the Http Trigger shown in the documentation. I don't understand why i'm getting a Timeout during deployment. I also don't know how to get past this.
What am I doing wrong?
Update
Here are the logs.
1>------ Build started: Project: MyProject.Functions, Configuration: Release Any CPU ------
1>MyProject.Functions -> C:\MyProject\MyProject.Functions\bin\Release\netcoreapp2.1\bin\MyProject.Functions.dll
========== Build: 1 succeeded, 0 failed, 0 up-to-date, 0 skipped ==========
Publish Started
MyProject.Functions -> C:\MyProject\MyProject.Functions\bin\Release\netcoreapp2.1\bin\MyProject.Functions.dll
MyProject.Functions -> C:\MyProject\MyProject.Functions\obj\Release\netcoreapp2.1\PubTmp\Out\
Publishing C:\MyProject\MyProject.Functions\obj\Release\netcoreapp2.1\PubTmp\MyProject.Functions - 20181101105531356.zip to https://my-project.scm.azurewebsites.net/api/zipdeploy...
C:\Users\me\.nuget\packages\microsoft.net.sdk.functions\1.0.23\build\netstandard1.0\Microsoft.NET.Sdk.Functions.Publish.ZipDeploy.targets(42,5): error : The attempt to publish the ZIP file through https://my-project.scm.azurewebsites.net/api/zipdeploy failed with HTTP status code RequestTimeout. [C:\MyProject\MyProject.Functions\MyProject.Functions.csproj]
According to this:
https://github.com/projectkudu/kudu/wiki/Deploying-from-a-zip-file
you should be able to pass ?isAsync=true to the zipdeploy url (so it would be: 'https://my-project.scm.azurewebsites.net/api/zipdeploy?isAsync=true'
This requests resolves faster without a timeout and then you can grab the location header from the response, which you can poll to see the status of your deployment.
In my case this error was because of the version of packages in my .csproj file. After updating them there was not error and the publish was successful.
I faced this recently and spent 2 complete days trying to fix it. Tried most of the solutions suggested here and on other posts.
What finally worked for me is removing my Publish settings and creating a new one by uploading a brand new .PublishSettings file.
How to get .PublishSettings file?
On Azure Portal, on your Function App, click on "Get Publish Profile"
And will automatically start downloading it.
How to Upload Publish Profile?
When trying to Publish the project from Visual Studio, click on New -> Select "Import Profile"
And Browse your .PublishSettings file.
Then, just select this new profile (if it's not selected already), and click on Publish button as you would usually do.
In my case, it was an issue with two things:
1] Visual Studio and Azure are flaky. Timeouts in a working scenario are still somewhat regular, on a bad day happening about 50-75% of the time for me. This is with an 80mb function app, not super big and I have gigabit Internet.
2] Someone deleted the file share for the storage. I had to fix WEBSITE_CONTENTAZUREFILECONNECTIONSTRING to point to the right storage connection string, and I had to update WEBSITE_CONTENTSHARE to point to a valid file share name, which I had to create in the storage resource group matching WEBSITE_CONTENTAZUREFILECONNECTIONSTRING connection string.
If you are using a development and production function slot, I would suggest to make WEBSITE_CONTENTAZUREFILECONNECTIONSTRING and WEBSITE_CONTENTSHARE deployment slot settings, that way you can link to a production and development storage environment. This is especially handy if you are using tables or blob storage and don't want to have to prefix or suffix all your table names or keys. In my opinion these two settings should be slots by default.
Once I did these changes I could publish, still dealing with the intermittent timeouts.
The error messaging with Azure function publishing is bad to non-existant, with any kind of configuration or resource errors simply causing a timeout error.
I got the same issue when using Visual Studio. Very frustrating.
But then I just used the zip file that VS created and used
az functionapp deployment source config-zip -g <resource_group> -n \
<app_name> --src <zip_file_path>
to publish.
You can find more options in
https://learn.microsoft.com/en-us/azure/azure-functions/deployment-zip-push
I got the same issue recently.
I'm not sure if they are related, but it started working fine after updating the NuGet package "Microsoft.NET.Sdk.Functions" to v3.0.7.
Changing the profile to use WebDeploy was the only way i could update my Azure Function.
When downloading the Profiles from the Azure Portal, and importing to VS - i noticed it imported 2 profiles. 1 for Zip, and another for Web Deploy method for uploading.
Trying the Zip publish profile, failed, but the WebDeploy 2nd Profile - did work and update perfectly.

"Last Build Status: Failed" after uploading a build for analysis

We use Coverity's free scanning service for free and open source projects. We have not been able to utilize the service for the last two months or so. Prior to the service failures, we had half-a-dozen or so good analysis.
Submitting a scan results in:
Last Build Status: Failed. Your build has failed due to the following reason. Please fix the error and upload the build again.
Error details: :Failed to retrieve tar file
Coverity is very good about providing copy/paste directions, and we have copied/pasted them religiously. We verified there are no build errors, and we verified the build ends with "131 C/C++ compilation units (100%) are ready for analysis" and "The cov-build utility completed successfully".
We've tried to resolve the issue by verifying things from this generic solution provided in a "failed email" response from the service. We verified or performed all of them except number four.
We did not perform number four because Coverity's documentation is horrible (its the exact opposite of their awesome scanning service). Because there's no instructions or RTFM to read, we have no idea which knobs should be turned for bin/cov-configure. We don't want to mess with it since it worked in the past.
We also tried the following:
using the web submission form and browser
using curl from the command line
packaging cov-int/ in a tarball
packaging cov-int/ in a zip file
using all lowercase for the project name
capitalizing the first letter of the project name
We always get the same message ("Failed to retrieve tar file"), even with a ZIP file. Recall that prior to about 6 weeks ago, everything was working fine.
What is the secret to uploading a file to the service? What has changed in the last six weeks or two months?
After contacting the coverity support we just received the following answer and we could successfully submit a build. Seems there was some hickup on the coverity side.
"This was due to some behind the
scenes issues on our end – nothing interesting,, but it is back up and
running now. Thanks for your patience".

Building a hello world project for a Verifone Terminal using Sourcery CodeBench for Verifone DTK

I am attempting to flash a basic hello world program to a Verifone terminal as an exercise in the development flow of the hardware. I'm currently running into an issue that is occurring somewhere during the post-build steps. After I build my project, I get the message:
***
*** The package '\Debug\dl.lab2.tar' is available for download.
***
Implying that the project built successfully. However, further up in the build messages, I can see:
"C:\Program Files (x86)\Verifone\PackageManagerProduction\Cygwin\tar.exe" -czf "usr1.bundle.lab2.tgz" "pkg.lab2.tar" "pkg.lab2.tar.p7s" "crt" -C "..\bundle" "./"
tar (child): gzip: Cannot exec: No such file or directory
tar (child): Error is not recoverable: exiting now
And indeed, when I try to load the resulting archive, I get the "Invalid bundle file" on the PinPad. Inspecting the dl.lab2.tgz file shows that one of the internal archives is actually 0 Kb, so I'm quite positive it's because this archive generation step is failing. I'm not sure why it's failing though, because checking the directory contents, it seems like everything that it's looking for is there, though I can't explain why it's searching for "./". Does anyone have an idea why this is failing, and can someone tell me if it is possible to edit this archive generation step through CodeBench?
I figured out my answer to this, so I'll post an answer to hopefully help someone else in the future. I was correct in assuming that the error being returned by tar.exe was suspect. The post-build steps were being executed by running the external script simple_pkg.bat. Apparently the path in the simple_pkg.bat script was completely wrong; it was just pointing to an executable that didn't exist. Modifying simple_pkg.bat to point to where the correct tar.exe files was fixed my issue.