my $option_version = 0;
my $option_pie = 0;
my $option_bindnow = 0;
+my @option_ignore_arch = ();
my @option_ignore_flag = ();
my @option_ignore_line = ();
my $option_all = 0;
'bindnow' => \$option_bindnow,
'all' => \$option_all,
# Ignore.
+ 'ignore-arch=s' => \@option_ignore_arch,
'ignore-flag=s' => \@option_ignore_flag,
'ignore-line=s' => \@option_ignore_line,
# Misc.
if ($option_buildd
and index($line, 'Toolchain package versions: ') == 0) {
require Dpkg::Version;
- if ($line !~ /\bdpkg-dev_(\S+)/
+ if (not $line =~ /\bdpkg-dev_(\S+)/
or Dpkg::Version::version_compare($1, '1.16.1') < 0) {
$harden_format = 0;
$harden_fortify = 0;
close $fh;
+ # Ignore arch if requested.
+ if (scalar @option_ignore_arch > 0 and $arch) {
+ foreach my $ignore (@option_ignore_arch) {
+ if ($arch eq $ignore) {
+ print "ignoring architecture '$arch'\n";
+ next FILE;
+ }
+ }
+ }
+
if (scalar @input == 0) {
if (not $option_buildd) {
print "No compiler commands!\n";
Use colored (ANSI) output for warning messages.
+=item B<--ignore-arch> I<arch>
+
+Ignore build logs from architectures matching I<arch>. I<arch> is a string.
+
+Used to prevent false positives. This option can be specified multiple times.
+
=item B<--ignore-flag> I<flag>
Don't print an error when the specific flag is missing in a compiler line.