lgtm: Build external dependencies for a more complete analysis

The build system is a bit limited, only the repository directory and
LGTM_WORKSPACE is writable.  sudo doesn't work at all, for others we
don't have enough permission.

.lgtm.yml

@@ -6,6 +6,28 @@ queries:
 
 extraction:
   cpp:
+    prepare:
+      packages:
+        # for tss2
+        - libssl-dev
+    after_prepare:
+      - export DEPS_BUILD_DIR=$LGTM_WORKSPACE/deps
+      - mkdir -p $DEPS_BUILD_DIR
+      - export DEPS_PREFIX=$DEPS_BUILD_DIR/usr
+      - mkdir -p $DEPS_PREFIX
+      - export PKG_CONFIG_PATH="$DEPS_PREFIX/lib/pkgconfig:$PKG_CONFIG_PATH"
+      - export LD_LIBRARY_PATH="$DEPS_PREFIX/lib:$LD_LIBRARY_PATH"
+      - mkdir -p $LGTM_WORKSPACE/bin
+      # sudo doesn't work on the build hosts
+      - ln -s /usr/bin/nice $LGTM_WORKSPACE/bin/sudo
+      # for ldconfig we don't have enough permissions
+      - ln -s /bin/true $LGTM_WORKSPACE/bin/ldconfig
+      # likewise for apt-get
+      - ln -s /bin/echo $LGTM_WORKSPACE/bin/apt-get
+      - export PATH=$LGTM_WORKSPACE/bin:$PATH
+      - export TEST=all
+      - ./scripts/test.sh deps
+      - rm $LGTM_WORKSPACE/bin/*
     configure:
       command:
         # follows the "all" build in test.sh (without custom-compiled stuff)
@@ -19,4 +41,4 @@ extraction:
             --disable-kernel-wfp --disable-kernel-iph --disable-winhttp
             --disable-af-alg --disable-coverage
             --disable-python-eggs-install
-            --disable-botan --disable-wolfssl --disable-tss-tss2
+            --disable-monolithic --disable-leak-detective

scripts/test.sh

@@ -5,7 +5,7 @@ build_botan()
 {
 	# same revision used in the build recipe of the testing environment
 	BOTAN_REV=0881f2c33ff7 # 2.13.0 + amalgamation patch
-	BOTAN_DIR=$TRAVIS_BUILD_DIR/../botan
+	BOTAN_DIR=$DEPS_BUILD_DIR/botan
 
 	if test -d "$BOTAN_DIR"; then
 		return
@@ -22,7 +22,8 @@ build_botan()
 					  --disable-modules=locking_allocator"
 	fi
 	# disable some larger modules we don't need for the tests
-	BOTAN_CONFIG="$BOTAN_CONFIG --disable-modules=pkcs11,tls,x509,xmss"
+	BOTAN_CONFIG="$BOTAN_CONFIG --disable-modules=pkcs11,tls,x509,xmss
+				  --prefix=$DEPS_PREFIX"
 
 	git clone https://github.com/randombit/botan.git $BOTAN_DIR &&
 	cd $BOTAN_DIR &&
@@ -37,7 +38,7 @@ build_botan()
 build_wolfssl()
 {
 	WOLFSSL_REV=87859f9e810b # v4.3.0-stable + IBM Z patch
-	WOLFSSL_DIR=$TRAVIS_BUILD_DIR/../wolfssl
+	WOLFSSL_DIR=$DEPS_BUILD_DIR/wolfssl
 
 	if test -d "$WOLFSSL_DIR"; then
 		return
@@ -46,7 +47,8 @@ build_wolfssl()
 	echo "$ build_wolfssl()"
 
 	WOLFSSL_CFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DES_ECB"
-	WOLFSSL_CONFIG="--enable-keygen --enable-rsapss --enable-aesccm
+	WOLFSSL_CONFIG="--prefix=$DEPS_PREFIX
+					--enable-keygen --enable-rsapss --enable-aesccm
 					--enable-aesctr --enable-des3 --enable-camellia
 					--enable-curve25519 --enable-ed25519"
 
@@ -65,7 +67,7 @@ build_tss2()
 {
 	TSS2_REV=2.3.1
 	TSS2_PKG=tpm2-tss-$TSS2_REV
-	TSS2_DIR=$TRAVIS_BUILD_DIR/../$TSS2_PKG
+	TSS2_DIR=$DEPS_BUILD_DIR/$TSS2_PKG
 	TSS2_SRC=https://github.com/tpm2-software/tpm2-tss/releases/download/$TSS2_REV/$TSS2_PKG.tar.gz
 
 	if test -d "$TSS2_DIR"; then
@@ -74,20 +76,18 @@ build_tss2()
 
 	echo "$ build_tss2()"
 
-	curl -L $TSS2_SRC | tar xz -C $TRAVIS_BUILD_DIR/.. &&
+	curl -L $TSS2_SRC | tar xz -C $DEPS_BUILD_DIR &&
 	cd $TSS2_DIR &&
-	./configure --disable-doxygen-doc &&
+	./configure --prefix=$DEPS_PREFIX --disable-doxygen-doc &&
 	make -j4 >/dev/null &&
 	sudo make install >/dev/null &&
 	sudo ldconfig || exit $?
 	cd -
 }
 
-if test -z $TRAVIS_BUILD_DIR; then
-	TRAVIS_BUILD_DIR=$PWD
-fi
-
-cd $TRAVIS_BUILD_DIR
+: ${TRAVIS_BUILD_DIR=$PWD}
+: ${DEPS_BUILD_DIR=$TRAVIS_BUILD_DIR/..}
+: ${DEPS_PREFIX=/usr/local}
 
 TARGET=check