Whitespace only change.

[blhc/blhc.git] / bin / blhc

diff --git a/bin/blhc b/bin/blhc
index 62ddb86a6076f986eb6fdeffec5b84e71b6f8731..87037453ac493594c06b3339118d28621be94f12 100755 (executable)
--- a/bin/blhc
+++ b/bin/blhc
@@ -142,13 +142,13 @@ my %extension = map { $_ => 1 } (
 # Regexp to match file extensions.
 my $file_extension_regex = qr/
     \s
 # Regexp to match file extensions.
 my $file_extension_regex = qr/
     \s

-    \S+         # Filename without extension.
+    \S+             # Filename without extension.

     \.
     \.

-    ([^\\.\s]+) # File extension.
-    (?=\s|\\)   # At end of word. Can't use \b because some files have non
-                # word characters at the end and because \b matches double
-                # extensions (like .cpp.o). Works always as all lines are
-                # terminated with "\n".
+    ([^\\.,;:\s]+)  # File extension.
+    (?=\s|\\)       # At end of word. Can't use \b because some files have non
+                    # word characters at the end and because \b matches double
+                    # extensions (like .cpp.o). Works always as all lines are
+                    # terminated with "\n".

     /x;
 
 # Expected (hardening) flags. All flags are used as regexps.
     /x;
 
 # Expected (hardening) flags. All flags are used as regexps.


@@ -193,6 +193,7 @@ my @def_ldflags_pie = (
 my @def_ldflags_pic = (
     '-fPIC',
     '-fpic',
 my @def_ldflags_pic = (
     '-fPIC',
     '-fpic',

+    '-shared',

 );
 # Renaming rules for the output so the regex parts are not visible. Also
 # stores string values of flag regexps above, see compile_flag_regexp().
 );
 # Renaming rules for the output so the regex parts are not visible. Also
 # stores string values of flag regexps above, see compile_flag_regexp().


@@ -571,23 +572,21 @@ FILE: foreach my $file (@ARGV) {
                 }
 
                 # Ignore lines with no compiler commands.
                 }
 
                 # Ignore lines with no compiler commands.

-                next if $line !~ /\b$cc_regex(?:\s|\\)/o and not $non_verbose;
+                next if not $non_verbose
+                        and not $line =~ /\b$cc_regex(?:\s|\\)/o;
+                # Ignore lines with no filenames with extensions. May miss
+                # some non-verbose builds (e.g. "gcc -o test" [sic!]), but
+                # shouldn't be a problem as the log will most likely contain
+                # other non-verbose commands which are detected.
+                next if not $non_verbose
+                        and not $line =~ /$file_extension_regex/o;

 
                 # Ignore false positives.
                 #
                 # `./configure` output.
                 next if not $non_verbose
                         and $line =~ /^(?:checking|(?:C|c)onfigure:) /;
 
                 # Ignore false positives.
                 #
                 # `./configure` output.
                 next if not $non_verbose
                         and $line =~ /^(?:checking|(?:C|c)onfigure:) /;

-                next if $line =~ /^\s*(?:Host\s+)?(?:C\s+)?
-                                   (?:C|c)ompiler[\s.]*:?\s+
-                                   $cc_regex_full
-                                   (?:\s-std=[a-z0-9:+]+)?\s*$
-                                 /xo
-                        or $line =~ /^\s*(?:- )?(?:HOST_)?(?:CC|CXX)\s*=\s*$cc_regex_full\s*$/o
-                        or $line =~ /^\s*-- Check for working (?:C|CXX) compiler: /
-                        or $line =~ /^\s*(?:echo )?Using [A-Z_]+\s*=\s*/;
-                # `make` output.
-                next if $line =~ /^Making [a-z]+ in \S+/; # e.g. "[...] in c++"
+                next if $line =~ /^\s*(?:- )?(?:HOST_)?(?:CC|CXX)\s*=\s*$cc_regex_full\s*$/o;

 
                 # Check if additional hardening options were used. Used to
                 # ensure they are used for the complete build.
 
                 # Check if additional hardening options were used. Used to
                 # ensure they are used for the complete build.


@@ -602,7 +601,11 @@ FILE: foreach my $file (@ARGV) {
     close $fh;
 
     if (scalar @input == 0) {
     close $fh;
 
     if (scalar @input == 0) {

-        print "No compiler commands!\n";
+        if (not $option_buildd) {
+            print "No compiler commands!\n";
+        } else {
+            print "W-no-compiler-commands\n";
+        }

         $exit |= 1;
         next FILE;
     }
         $exit |= 1;
         next FILE;
     }


@@ -850,16 +853,7 @@ blhc - build log hardening check, checks build logs for missing hardening flags
 
 =head1 SYNOPSIS
 
 
 =head1 SYNOPSIS
 

-B<blhc> [options] <dpkg-buildpackage build log file>..
-
-    --all                   force +all (+pie, +bindnow) check
-    --arch                  set architecture (autodetected)
-    --bindnow               force +bindbow check
-    --buildd                parser mode for buildds
-    --color                 use colored output
-    --pie                   force +pie check
-    --help                  available options
-    --version               version number and license
+B<blhc> [I<options>] I<E<lt>dpkg-buildpackage build log fileE<gt>..>

 
 =head1 DESCRIPTION
 
 
 =head1 DESCRIPTION
 


@@ -875,7 +869,7 @@ other important warnings. It's licensed under the GPL 3 or later.
 Force check for all +all (+pie, +bindnow) hardening flags. By default it's
 auto detected.
 
 Force check for all +all (+pie, +bindnow) hardening flags. By default it's
 auto detected.
 

-=item B<--arch>
+=item B<--arch> I<architecture>

 
 Set the specific architecture (e.g. amd64, armel, etc.), automatically
 disables hardening flags not available on this architecture. Is detected
 
 Set the specific architecture (e.g. amd64, armel, etc.), automatically
 disables hardening flags not available on this architecture. Is detected