I am currently trying to evaluate Sonarqube to analyse my embedded projects and I am getting exactly the same symptom as the first post in this thread.
dyld: warning: could not load inserted library ‘/Users/pjones/Sonarqube/bin/libinterceptor.dylib’ into hardened process because no suitable image found. Did find:
/Users/pjones/Sonarqube/bin/libinterceptor.dylib: code signature in (/Users/pjones/Sonarqube/bin/libinterceptor.dylib) not valid for use in process using Library Validation: mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed.
/Users/pjones/Sonarqube/bin/libinterceptor.dylib: stat() failed with errno=1
I have tried the simple scan on hello.c and that is working.
I am running on Mac OS X 10.15.7 x86_64
Sonorqube is 8.5.1 Developer Edition
The wrapper was downloaded from this server instance.
I will try and get it running on a different platform, either Win10 or Ubuntu but I really need this to be working on Mac
I understand this is Mac-specific, but this is where my main workflows are done. Are you saying that the wrapper cannot be used on later version of MacOS and that Windows or Linux are the workaround?
Apologies, I missed your request for a reproducer project. I will see what I can do but I would need to break down a commercial sensitive codebase to do that.
Hopefully, I have misconfigured something and the answer will pop out at me!
thank you for the private message and sorry for the delay. You are hitting CPP-2391, CLion.app/Contents/bin/cmake/mac/bin/cmake is signed and build-wrapper cannot follow that process. I would suggest you to use a non signed cmake binary, i.e. the one coming from brew.
Ok, that worked and I got an analysis. I ran CMake and it created a new Makefile. I was able to run the analysis by wrapping the make command. This however messed up my project for my CLion and Microchip toolchains.
I read somewhere that I cannot wrap the XC16 toolchain either??
What do you mean with “messed up” your project? Could you elaborate a bit?
We do have a ticket to add official support for Microchip compilers https://jira.sonarsource.com/browse/CPP-2569. Did you give it a try? It may work already. (I linked this topic to the ticket)
I ran CMake in my project root and it overwrote some of the files needed for the CLion build. I backed out of this and created a separate Cmake build for the portable code in the project.
cmake recommended way is to not do in-source build, but to build in a folder in the sub-tree or out-of the source tree. Even CLion is not polluting the main source folder and usually just creating a sub-folder where it is keeping the build.
On my first attempt I actually managed to overwrite some of my Microchip make files. To get around this I created a separate CMake tree to draw up the relevant source and wrap the build as documented. This is working great and I have integrated my builds successfully with a Sonarcloud account.
When I try to wrap my Microchip build, nothing gets written to the build-wrapper-dump.json
when you say CMake tree do you mean a build tree right? I hope not a new CMakeLists.txt file.
I checked and it is due to [CPP-2391] - Jira , microchip binaries are signed, after applying codesign --remove-signature to its binaries I was getting entries in build-wrapper-dump.json file.
Which means that you can unsign your binaries and give it a try. Otherwise you could try to use cmake to produce a compilation database and use it in the way described in [CPP-1428] - Jira.