When VISA doesn’t work

I used to order stuff from dealextreme on a regular basis over the last few years. Like many other customers I asked them to accept BitCoin payments. But that didn’t happen so far. So we are left with the payment options from the last century for the time being. It used to work acceptably so far … until about a month ago, when my payments suddenly started being declined. The same VISA debit card used to work with dx before, and it remains working with other merchants. Of course I checked the balance. I dont keep much more on that account than I expect to need in the short term. But $250 should suffice for a $200 order, so the problem has to be somewhere else.

Dx states it on their page unmistakeably that all payment problems are not their fault, and that people should consult with their issuing bank. So I contacted them first. They couldn’t find anything about the declines in their logs:

There are no transaction attempts on your card for the merchant
https://eud.dx.com, not on July 27th or after. 
In those days I can see transactions at merchants X, Y, Z - which all 
look like they are still pending and waiting to be completed 
(a few months ago we updated our payment processing system to 
adhere to settlement standards).

For some reason it looks like the payment authorization never reached Us.. 
When a payment takes place (when you use your card), what happens 
first is that the merchant informs Visa, Visa then informs our card 
issuer, and the card issuer informs us about a new transaction on 
your card. We then hold the corresponding funds from your wallet. 
Then a few days later, the merchant settles the transaction 
(ie. broadcasts to the network whether the transaction was 
completed or not), and we use that information to complete your 
transaction. What is strange is that the authorization for your 
purchase at https://eud.dx.com either never reached Us, or never 
left the merchant's system.

Because you've been able to use your card in the past few days, 
I'll dare to say that there's nothing wrong with your card - rather 
it seems like a glitch with this particular merchant. 

So I asked the card processing intermediary. They had no means of secure communication. I found it hard to believe that a financial institution can only communicate with their customers over unencrypted cleartext eMail.  However, I got similar results:

Please be informed that we could not find any decline on your card at our end,
which means it could be an issue with merchant end.
We request you to check with the merchant regarding this.

Finally I went back to dx and got this answer:

sorry for that.
but our related staff told us your bank reject the payment.
that is not our problem.

From all I learned so far, it seems like VISA is the problem here. But I don’t have a contact or a direct relationship with VISA. It is routed over shady ways through an unknown number of intermediaries. The best explanation that I can come up with is that the transactions triggered some kind of fraud alert and were thus blocked. Is that how they deal with the lack of a secure system? They just randomly block transactions! With no way of recurse, such false positives are really annoying for their customers.

So what do I learn from this? When there are too many intermediaries in the loop, there are more chances for errors and errors are harder to find, let alone fix. With BitCoin, there are no middlemen and a lot less things that could go wrong. I have been using BitCoin whenever possible for the last four years. Nothing alike ever happened with BitCoin, in fact this would be unimaginable with a peer to peer blockchain system. I’m really looking forward to leave all those ancient  payment methods behind…

Ironically, I read this story the same day I got the last answer from dx.

Categories: BitCoin | Tags: , | Leave a comment

Verifying downloads

Last week I stumbled across a post from last year, where somebody described how it was impossible to download an important infrastructure program securely on Windows. My first reaction was of course to pity the poor souls that are still stuck with Windows. How easy is it to just type apt-get install and have all the downloading and validation and installation conveniently handled for you.

Today I was going to set up my new server. First I downloaded the current iso file from ubuntu.com. Before installing it onto an USB stick, I thought about this blog post again. Actually I should validate this ISO! I knew before, but I usually didn’t bother. So I gave it a try. I had to search a bit for it on the download page. The easiest is if you manually pick a mirror. Then you will find the hash sum files in the index page. Some websites along the way were encrypted, others were not. The downloads themselves were not. But that didn’t matter since the hashes were GPG signed. I don’t have to do this all too often, so I  just followed the community howto. My downloaded iso file was valid, so I moved on installing it.

The hardware is actually from computer-discount.ch. For quite some time I was searching for ways to buy computer equipment with BitCoin. The American big name tech companies that accept BitCoin either do it only outside of central Europe, or don’t deliver here. So I was quite excited to find this company from Ticino. The experience so far is very good.

Categories: Software | Tags: , , , | Leave a comment

How much luggage fits into a vintage grand tourer?

Our camper has an engine problem, so we had to look for alternatives for this years summer holiday. We looked at last minute offers, but bringing all our own food to Greece didn’t seem like such a good plan. The kids wanted to sleep in a tent anyway, so we went to Tenero in the Italian speaking part of Switzerland. We were too hesitant to look for a camp in Italy after spending a night on a horribly disgusting camping in Porlezza a few years ago. With the camper, the space for luggage was never really a problem, but this time everything had to fit inside the Jag. I told my wive to pack only the most necessary things. Men and wimen have different standards as to what is important to bring on a holiday and so I ended up squeezing all this into the small car:

  • two adults and two children
  • a four person tent
  • a foldable camping table with seats
  • a foldable camping grill
  • sleeping bags and camping mattresses for all of us
  • a giant and a regular suitcase
  • four small backpacks and a regular sports bag
  • a small body surf board
  • a box with dishes and cutlery
  • ten liters of water and a bag with food

This was actually the first holiday in 13 years where I didn’t bring my paraglider. But  after the impressive list above, there was just no more room left in the car.

The camping in Tenero was great. It was clean by my wive’s standard which is quite an accomplishment. The camping has a sandy beach to the lake which was also clean and had perfect temperature.

Being so close to the famous hydroelectric dam where James Bond jumped from, we had to visit the Verzasca valley. The water and the stones were marvellous. But it was very hot for hiking.

Categories: Family, Travel | Tags: , , | Leave a comment

connecting home securely

It has been probably close to a decade that I run a small server at home. At first it was only because I could not find a web hosting company that would serve my fcgi libwt apps at an affordable price. Then I added this blog to it. In the meantime I added a lot of other stuff as well. One of the more important things became ssh. Not only for remote shell sessions, but also for securely copying files and tunneling. In fact I use ssh tunnels instead of a more traditional VPN.

Discovery

Static IP addresses are expensive in Switzerland. So I used dyndns from the start. At first the free offering, and then switched to a paid plan long before they discontinued the free offering. Just last week I received a note that they grabed the annual fee from my (scheduled to be deactivated) credit card. Generally I strongly dislike services that automatically grab money from my accounts. They didn’t even mention that the fee doubled. That’s one side of the story, the other is that dyndns is an American company. They could take my domain name hostage without even telling me.  So there has to be a better alternative. In fact there is one. It’s good technology wise, but not generally available to the unintroduced yet.

DyName for namecoin

I wrote about namecoin in a previous blog post. One of its main uses is a censorship resistant domain name registration. And the simple python script from DyName is to namecoin what dyndns and ddclient are to traditional domain names. Just prepare your registered name to include a dd entry, edit your config file, and call the script periodically from cron. That way you separate the private key where your name is registered from the hot wallet on the server. My provider used to reassign new ip addresses more frequently, now it’s about once every two months I would guess. The transition with namecoin was very smooth the last two times. I have a script that queries namecoin for the current ip address and then connects. There are dns resolvers and browser plugins or even public dns servers that would resolve namecoin domains. My experience with them was not as smooth as with the namecoin core itself. But I’m sure these parts will improve as well. So, with namecoin we have high confidence, that the ip address is correct that we are connecting to, but it can’t protect against man in the middle attacks. SSH has means to protect from that. The ssh client has a list of known ip addresses or host names and corresponding key fingerprints. But after an ip address change, there is no entry for the new destination, so ssh prints an error message and refuses to connect until you accept to add a new entry to your known_hosts file.

ssh known hosts

When you search for the error with your preferred search engine, you’ll find advices to delete offending lines in your known_hosts file. This of course is not what we need here. Just accepting to add a new entry the next time you connect would circumvent the protection against MITM that ssh provides. Since we already have the key fingerprint from the previous address, there is another more secure solution. If you have only one entry in your known_hosts file, you can skip the next few lines. Maybe you know which fingerprint is valid, for example because the file already contains a couple of lines with the same key fingerprint because the ip address changed a couple of times, and you just accepted it.

If you are not sure, which fingerprint you need, ask the server what it provides:

$ ssh-keyscan 85.3.164.135
# 85.3.164.135 SSH-2.0-OpenSSH_6.7p1 Ubuntu-5ubuntu1
85.3.164.135 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE7WE5vtqSxUnQRX5CjOzEzUAdewqHRV5MXcSCQcylcKanpnDHRE4yVlEn770MFP6EfJ61ukdNYMDnSO9eoRiZY=

Now search for this fingerprint in your known_hosts file, and copy the whole line. On the new line, you replace the first hash with the actual new ip address in clear text. You could leave it like that, but you can also hash it with the following command.

$ ssh-keygen -H -f ~/.ssh/known_hosts

After writing all this I started wondering if it would be possible to keep the host key on an external hardware device like a NitroKey or a YubiKey. I already keep my client key for authenticating to the ssh server on one of these.  That’s something to find out in a future post maybe.

Categories: BitCoin, Software | Tags: , , , | Leave a comment

ubuntu phone will be great, but it is not yet

The BQ Aquaris ubuntu phone that I waited for so eagerly was delivered today. Full of anticipation I unpacked it and switched it on. After playing with it for a while the excitement turned into dissatisfaction. I hate to say it, but on a phone the solid base and polished user experience is not enough, some basic functionality is required as well. Rough edges are much harder to work around on a phone than on a computer with a regular keyboard. Let’s face it, most people who opt for ubuntu phone want to some degree escape the freedom hating ecosystems prevalent on the big platforms. Yet instead of welcoming users with freedom loving functionality, the phone is loaded with Google, Facebook and Twitter apps.
As long as you don’t expect anything from it, it’s a pleasant experience. Knowing that it’s based on debian packages gives me great comfort. The touch interface and the settings dialogs are very nice. Yet it is lacking basic PIM and email functionality.

Phone

Nowadays one could consider the phone functionality not the most important part of a smartphone anymore. I first had to have my SIM card cut to the smaller form factor. Text messages seem to work nicely. Phone calls work fine. MMS messages were automatically configured to look up on a website by the carrier. I don’t know if the phone would support them propperly, but that’s a feature that I rarely use anyway.

Contacts

When opening the contacts app, I was greeted with the question if I wanted to sync with Google. Hell no! If I did, I would have stayed with Android. But that seems to be the only option other than having a standalone address book and typing in everything by hand. I could not find an option to sync my CardDAV address book. Lots of people complained badly about this, so it got medium priority. There is a complicated workaround using evolution sync. That way I got my address book synced from the commandline. An entry in crontab keeps it synced.

Calendar

Basically the same as contacts, except that the calendar app was not pre-installed and had to be fetched from the app store. I configured syncevolution from the commandline the same way as the address book, including crontab. But the calendar does not properly synchronize. It pushes appointments I create on the phone. But it doesn’t fetch them from the server. I will have to do some more debugging here.

Email

There doesn’t seem to be a standard email client. Instead it ships with a GMail app. People complained that there was no IMAP support whatsoever. At least I could find an email client in the app store called Dekko. The bad thing however is that instead of connecting to the email server it just hangs for an hour. When I try it without encryption, it appears to work. I can send mails, but it won’t fetch them. Another IMAP account works well, just not the one that is most important for me. Mails from my main account were fetched exactly once. Before and after that, all I get is the following error message: “Too many invalid IMAP commands”
Update: It took some manual editing of the config file to get it finally working.  Now I’m looking forward to support for notificatoin about new mails, but that is less important in comparison.

Bluetooth

Connecting to the Jabra headphones was simple as always, and the sound quality is good. But I didn’t manage to connect any of the four bluetooth keyboards I tried. Also the yubikey does not work as an external keyboard, so at first I thought it might be a general HID problem. But when I connect a USB keyboard, that works.

BitCoin

The BitCoin client from the app store is not usable for real life. It doesn’t work with qr codes, and has no key backup functionality. I can work around the missing key backup, by manually copying the file “/home/phablet/.local/share/org.sambull.bitcoin-app/ubc.wallet” to a safe place, but qr code reading is really a must. Even if there was a qr reader app, pasting in the bitcoin app is missing.  I might have to resort to a web wallet for some time.
There is a webapp for coinbase already in the store, so I tried this one first. I can scan the qr code from out of the browser by automatically launching the camera app. The picture is then uploaded to the server for the qr code reading. This seems to be common practice, but of course it is way inferior to having an app where you can move your camera until it successfully reads the qr code. But after I enter the amount and click “next”, I get a white screen, and the web app won’t respond any more. A coinbase support representative told me he had the same with safari mobile, and using the back button helped. There is no back button in the webapp, so I tried it in the browser. “Back” landed me on another white page, and “forward” led to an error message.
The next web wallet I tried was xapo. Since I use their debit card, it would be convenient. But their send page has no qr functionality.
So I moved on to greenaddress. I almost succeeded. If it wasn’t due to the defunct email. They sent me a 2FA code to my main email address, which unfortunately doesn’t work on the phone yet.

XBMC remote control

I was releaved to find more than one XBMC remote in the app store, and some are even better than what I had on Android.

News

The rss reader and the news scope make for a pleasant appearance. They find my preferred rss feeds without needing the exact URL For podcasts, I had to install PodBird. It works fine for audio podcasts. It also downloads video files, but won’t play them.

Apps

I seem to remember that they planned to be able to run android apps on ubuntu phone. But it appears those plans were abandoned a long time ago. Hence naturally for a new platform the selection of available apps is very sparse. Seems I will have to live without some apps I used frequently on Android such as SBB, 20min, MeteoSwiss… All this information and functionality is also available on the respective websites. The apps are just more convenient.

APT

Part of the reason why I wanted a ubuntu phone is the underlying debian package system. I maintained an ubuntu chroot system image on my android phone so that I could perform some tasks on a full blown shell. But it always was quirky at some points and a second class citizen all along. So I wanted the ubuntu shell to be a first class citizen. Indeed you can start a terminal which behaves very well. The keyboard is missing tab and arrow keys though. You have access to apt, or so it seems at first. when you actually want to install something you see error messages about some lock files. To get around that, one needs to enable developer mode in the phone settings and remount the root file system as readwrite. But then came something disturbing:

$sudo mount -o remount,rw /
$sudo apt-get update
$sudo apt-get install git tig nmap htop pcsc-tools gpgsm gnupg-agent
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.       
Statusinformationen werden eingelesen.... Fertig
Package git is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package 'git' has no installation candidate
E: Paket tig kann nicht gefunden werden.
E: Paket nmap kann nicht gefunden werden.
E: Paket htop kann nicht gefunden werden.
E: Paket pcsc-tools kann nicht gefunden werden.

WTF is going on here! A repository that is missing crucial packages? Mixing repositories with ubuntu propper is probably not a great idea. I don’t know yet what to do about that.
People on IRC confirmed that rather than changing the root filesystem, it’s better to have a chroot of ubuntu proper for the additional tools. This is what I had on android and hoped it would no longer be necessary on ubuntu phone.

GPG

gpg and gpg-agent were already installed. Udev is running as well. So after adding an udev rule and configuring the gpg-agent, I was able to use my YubiKey neo in OpenPGP mode for ssh authentication and similar tasks. This is great news, as it was one of the soar points with my old phone.

GPS

The phone comes with a mapping app pre installed. It looks decent, if finds the addresses, displays maps and calculates routes, everything online as it appears. What it does not however, is displaying the current position, which is crucial if you want to use it for navigation. On the internet I found people claiming that the GPS on the Aquarius doesn’t work at all, or very badly. There is some commandline program for analyzing GPS reception, which I plan to try.
Update: The utility confirmed that the GPS is not able to get a fix, not even on a mountain with clear sky.

SPOT Connect

The SPOT Connect is a satellite messenger that I use for cross country paragliding. In contrast to other live tracking systems it also works in areas without GSM reception, as it transmits the current location directly to the GlobalStar satellite network. They have an app to control it for Android and iOS, but not yet for ubuntu. I told them two years ago that it would be nice to be able to start tracking on the device itself without having to do it in the app. Now that I just lost that app support, I asked them again what options I have. But as with lots of big companies, I have the impression the support staff has a database with answers and no means to escalate feature requests or even bug reports from customers. Then I remembered a site that I found two years ago when I got the device, where a guy reverse engineered parts of the comms protocol. And sure enough I got the python utility running inside my chroot environment on the phone. That allows me to send custom ok messages, but I have yet to find out how to start tracking.

Categories: Software | Tags: , , | 2 Comments

libreboot and trisquel

Last month I saw somebody on the fsfe mailing list talk about an OpenMoko phone. As I had one of those collecting dust in the drawer, I asked if anybody was interested. Promptly I got an offer to exchange it for a Lenovo X60 notebook with libreboot. I didn’t need another notebook, but libreboot seemed interesting enough, so I agreed. It came preinstalled with trisquel gnu linux, and with a docking station. I’m not sure if I heard about that distribution before. It is based on ubuntu, but includes only the free open libre stuff. The default desktop is gnome3. Since it’s a good fit with libreboot, I kept trisquel. The first impression was that it runs extremely well for such an old device. I was also amazed how rounded and complete a full on libre distro can be these days. Gone are the days where the compromises you had to make for freedom were hard to justify. The first thing, friends ask is about flash. But I don’t miss it at all, I mean html5 has been around for a while. At first, I started to install games for the kids. They run a lot better than on my old Atom netbook. As it’s my first device with a fingerprint reader, I had a little play installing this option for logging in, fully aware that it’s not that secure. The only two things that are not so optimal are sound and heat. Neither the speakers nor the headphones give any sign of live, event hough the operating system seems to have recognized the sound card. This is not such a big deal, as the bluetooth headphones still work perfectly. The other issue is that it heats up a lot under full load. And when the core temperature hits 100°C it just switches off. This happened a couple of times when the BitCoin BlockChain synchronized. And it still happens once every second day.

Then, my XPS13 was stolen, and I needed something to fill the gap until I have a proper replacement. I must say it does the job well. I miss the XPS13 a lot, but at least I have something I can work on. And who knows how long it takes before I have an XPS13 again. They recently announced a new version with tiny bezels around the screen, bigger SSD and newer processors. But the new developer edition is not available yet, and the old version is not available any more. When it becomes available, I want to pay it with BitCoin, which also is not available yet. Dell accepts BitCoin payments in the US, Canada and the UK. I hope they will soon roll out worldwide, or at least to the rest of Europe. Once I can order on my terms, I will still have to wait about a month for delivery.

Categories: BitCoin, Software | Tags: , , , , , | Leave a comment

xapo debit card backed by BitCoin

It will take a while until we can pay with BitCoin at most merchants. For the time being xapo introduced a visa debit card that credits your expenses directly from your BitCoin online wallet at xapo. Since it runs over the visa network, and since there are currency conversions involved, it can’t be as cheap and frictionless as BitCoin directly, but it is an interesting option nonetheless. Since I’m planning on cancelling my regular credit card, this could be an interesting intermediary solution. I found a couple of articles that more or less describe the card, but they all left some uncertainty. It appears that they only recently expanded their offer to Europe. But only cards with USD, EUR or GPB as nominal currency are available. That means for me that an additional conversion from CHF to EUR will be required, adding to the transaction costs.

So, first you create an account with xapo, which is as easy as with any other online service. Then you find an option to pre-order a debit card, which will require you to allow them to hijack your twitter and facebook accounts. I don’t have none of the two, so I was stuck for a moment. There is a support chat easily accessible, and they respond quickly. European customers just need to send some money from their regular bank account to the xapo wallet where it is converted to BitCoin. After that, you receive a debit card automatically.

I received mine last week. To enable it and get the pin code, I had to call a number in the UK with a fully automated computer system. On the web you will find different information about the card. The third party issuer seems to have prohibitive fees, which xapo promised to absorb. So, I’m a bit curious about the business model behind. but this post is about it’s usage. Since I planned it as a replacement for my regular Visa credit card, I tried it for online purchases first. I always thought Visa is Visa, after all Visa debit cards are uncommon around here. Turns out most online merchants only accept Visa credit cards, and wont go with debit cards. I have no idea why this is. Today it should be easy to verify a payment with a bank where the customer’s account is. That was not the case twenty years ago, but nowadays ….?

Then I used the card to buy some chewing gums and a train ticket. That worked like a charm. When I calculated the cost with the current CHF price that the android BitCoin wallet displayed, it was about CHF 5.99 which would be even less than the fees indicated. But as we all know BitCoin is very volatile, and so this calculation is difficult to carry out exactly. But I think it’s save to say that the fees with the two currency conversions are not as prohibitive as I feared. I don’t know if the merchants pay equally high fees as with credit cards, but I guess it’s for sure higher than with the Maestro debit cards that all local banks hand out to their customers.

To sum it up, it’s great that there is now a way to indirectly spend BitCoin for everyday purchases. Even if BitCoin is used in the background, this particular use case seems to add more friction than just using the Maestro card from my local bank. The minus that bugs me most, is that I can’t use it for online purchases.

Coop sbb xapo-card

 

Update

After the card initially failed for most online purchases, I asked the xapo staff about it. They couldn’t find a good reason why the transaction failed, nor were there any logs indicating reasons for the declines. Hence I kept trying, and indeed the last few times I used the card for online purchases, it was always successful, even with merchants that failed previously.
The other issue I had a close eye on was the fees. The Amazon transactions were free, which was most welcome as purse.io stopped working with amazon.de lately. All other card transactions carried a 3% fee, which is quite hefty. But compared to the CHF 120 I currently pay for my Visa credit card, that’s acceptable. So, the time to cancel the credit card has finally arrived.
I usually have the card charged with about CHF 100. After I used it to pay something, I can recharge it immediately with a simple BitCoin transaction.

Categories: BitCoin | Tags: | Leave a comment

missing or lost -> stolen

When we went to our ski holiday last week, we had a lot of luggage. So we had to hurry when leaving or switching the train. It always worked out well, even when we had to run, or walk a stairway twice. When we left the train on the way back in our home town, I grabbed the heavy stuff as usual, but somehow missed my messenger bag with the notebook. Just outside the train I realized that it was missing, and asked my wife if she had it. She usually checks the seats before leaving. But she didn’t have my bag. We assumed we just overlooked it on the seat. Immediately we called the train company, and had to pay CHF 50 for somebody in the train to go search my bag. Nothing was found, but they told me that sometimes lost items are brought to a train station the days after. I was full of hope to see my stuff again. A couple of days later, my optimism fades. Ever more so, after I read articles about how much stuff is stolen in Swiss trains. We both noticed two black guys walking suspiciously back and forth in the train. At first I couldn’t imagine that they could grab the bag without us realizing. But after reading those stories, and especially since we really habitually check the seats before we leave, I start to think they might have taken it.

It’s just material, but still the loss hurts. We like to believe that these things happen somewhere else, but not here. We like to tell the stories of our parents who didn’t lock the door, and left the keys in the car. That just makes it more bitter when reality hits us. There are a couple of things that are difficult or even impossible to replace. The bag itself was from the Paragliding World Cup in Korea. I worked hard in the competitions for almost five years to make it into the World Cup. And this bag was one of the souvenirs. The notebook was by far the best computer I ever had. It’s a Dell XPS13 developer edition with Ubuntu pre-loaded. I didn’t allow it to get a single scratch in the 15 months I had it. If I have to order a new one, given I manage to allocate the funds for such a great device, I have to wait at least a month for delivery. The Trezor was a “first edition” given out only to the backers of the crowd funding campaign. The Prada sunglasses were from the outlet store. Just to get there would cost more than I saved on the regular price.
So, If you see somebody by chance with a brand new looking Dell XPS13 ultrabook
that doesn’t seem to belong to him, or a FlyGin messenger bag that has a Paragliding World Cup print, or with a red-black Mammut GoreTex Paclite jacket, then please report.

Categories: Family, Travel | Tags: | 1 Comment

Winter wonderland

I picked a marvellous day to go speedflying in Andermatt. See for yourself:

Categories: Paragliding | Tags: , , | Leave a comment

Code coverage for C++

Ever since I wrote automated tests, I wondered how complete the coverage was. Of course you have a feeling which parts are better covered than others. For some legacy code you might prefer not to know at all. But I thought test coverage was something easy to do with a language running on a VM such as Java, but hard with C++. Some things are not as hard as you think, once you give it a try.

The thing that triggered my interest was the coveralls badge on the readme page of vexcl. By following it through, I learned that coveralls is just for presenting the results that are generated by gcov. Some more research showed what compiler- and linker flags I need to use. In addition I found out that lcov’s genhtml can generate nice human readable html reports, while gcovr writes machine readable xml reports. So the following is really all that needs to be added to your CMakeLists.txt:

OPTION(CODE_COVERAGE       "Generate code coverage reports using gcov" OFF)

IF(CODE_COVERAGE)
    SET(CMAKE_C_FLAGS          "${CMAKE_C_FLAGS}          
        -fprofile-arcs -ftest-coverage")
    SET(CMAKE_CXX_FLAGS        "${CMAKE_CXX_FLAGS}        
        -fprofile-arcs -ftest-coverage")
    SET(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} 
        -fprofile-arcs -ftest-coverage")

    FILE(WRITE ${PROJECT_BINARY_DIR}/coverage.sh "#! /bin/sh"\n)
    FILE(APPEND ${PROJECT_BINARY_DIR}/coverage.sh "lcov --zerocounters 
        --directory . --base-directory ${MyApp_MAIN_DIR}"\n)
    FILE(APPEND ${PROJECT_BINARY_DIR}/coverage.sh "lcov --capture --initial 
        --directory . --base-directory ${MyApp_MAIN_DIR} --no-external 
        --output-file MyAppCoverage"\n)
    FILE(APPEND ${PROJECT_BINARY_DIR}/coverage.sh "make test"\n)
    FILE(APPEND ${PROJECT_BINARY_DIR}/coverage.sh "lcov --no-checksum 
        --directory . --base-directory ${MyApp_MAIN_DIR} --no-external 
        --capture --output-file MyAppCoverage.info"\n)
    FILE(APPEND ${PROJECT_BINARY_DIR}/coverage.sh "lcov 
        --remove MyAppCoverage.info '*/UnitTests/*' '*/modassert/*' 
        -o MyAppCoverage_filtered.info"\n)
    FILE(APPEND ${PROJECT_BINARY_DIR}/coverage.sh 
        "genhtml MyAppCoverage_filtered.info"\n)

    FILE(APPEND ${PROJECT_BINARY_DIR}/coverage.sh 
        "gcovr -o coverage_summary.xml -r ${MyApp_MAIN_DIR} -e '/usr.*' 
         -e '.*/UnitTests/.*' -e '.*/modassert/.*' -x --xml-pretty"\n)

    ADD_CUSTOM_TARGET(CODE_COVERAGE bash ${PROJECT_BINARY_DIR}/coverage.sh
                        WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
                        COMMENT "run the unit tests with code coverage and produce an index.html report"
                        SOURCES  ${PROJECT_BINARY_DIR}/coverage.sh)
    SET_TARGET_PROPERTIES(CODE_COVERAGE PROPERTIES
        FOLDER "Testing"
    )

ENDIF(CODE_COVERAGE)

The resulting html page is very detailed and shows you the untested lines in your source files in red.
From the produced xml file it’s easy to extract the overall percentage for example. You could use this figure to fail your nightly builds when it’s decreasing.

Categories: Software | Tags: , , | Leave a comment