'-Wl,(-z,)?now' => '-Wl,-z,now',
);
+# Statistics of missing flags and non-verbose build commands. Used for
+# $option_buildd.
+my %statistics = (
+ preprocess => 0,
+ preprocess_missing => 0,
+ compile => 0,
+ compile_missing => 0,
+ compile_cpp => 0,
+ compile_cpp_missing => 0,
+ link => 0,
+ link_missing => 0,
+ commands => 0,
+ commands_nonverbose => 0,
+);
+
# Use colored (ANSI) output?
my $option_color;
# If hardening wrapper is used (wraps calls to gcc and adds hardening
# flags automatically) we can't perform any checks, abort.
if ($line =~ /^Build-Depends: .*\bhardening-wrapper\b/) {
- error_hardening_wrapper();
+ if (not $option_buildd) {
+ error_hardening_wrapper();
+ } else {
+ print "I-hardening-wrapper-used\n";
+ }
$exit |= 1 << 4;
next FILE;
}
next FILE;
}
+ if ($option_buildd) {
+ $statistics{commands} += scalar @input;
+ }
+
# Option or auto detected.
if ($option_arch) {
# The following was partially copied from dpkg-dev 1.16.1.2
my $skip = 0;
if (is_non_verbose_build($line, $input[$i + 1], \$skip)) {
- error_non_verbose_build($line);
+ if (not $option_buildd) {
+ error_non_verbose_build($line);
+ } else {
+ $statistics{commands_nonverbose}++;
+ }
$exit |= 1 << 2;
next;
}
$compile_cpp = 1;
}
+ if ($option_buildd) {
+ $statistics{preprocess}++ if $preprocess;
+ $statistics{compile}++ if $compile;
+ $statistics{compile_cpp}++ if $compile_cpp;
+ $statistics{link}++ if $link;
+ }
+
# Check hardening flags.
my @missing;
if ($compile and not all_flags_used($line, \@missing, @cflags)
and not pic_pie_conflict($line, $harden_pie, \@missing, @def_cflags_pie)
# Assume dpkg-buildflags returns the correct flags.
and not $line =~ /`dpkg-buildflags --get CFLAGS`/) {
- error_flags('CFLAGS missing', \@missing, \%flag_renames, $input[$i]);
+ if (not $option_buildd) {
+ error_flags('CFLAGS missing', \@missing, \%flag_renames, $input[$i]);
+ } else {
+ $statistics{compile_missing}++;
+ }
$exit |= 1 << 3;
} elsif ($compile_cpp and not all_flags_used($line, \@missing, @cflags)
# Libraries linked with -fPIC don't have to (and can't) be
and not pic_pie_conflict($line, $harden_pie, \@missing, @def_cflags_pie)
# Assume dpkg-buildflags returns the correct flags.
and not $line =~ /`dpkg-buildflags --get CXXFLAGS`/) {
- error_flags('CXXFLAGS missing', \@missing, \%flag_renames, $input[$i]);
+ if (not $option_buildd) {
+ error_flags('CXXFLAGS missing', \@missing, \%flag_renames, $input[$i]);
+ } else {
+ $statistics{compile_cpp_missing}++;
+ }
$exit |= 1 << 3;
}
if ($preprocess and not all_flags_used($line, \@missing, @cppflags)
# Assume dpkg-buildflags returns the correct flags.
and not $line =~ /`dpkg-buildflags --get CPPFLAGS`/) {
- error_flags('CPPFLAGS missing', \@missing, \%flag_renames, $input[$i]);
+ if (not $option_buildd) {
+ error_flags('CPPFLAGS missing', \@missing, \%flag_renames, $input[$i]);
+ } else {
+ $statistics{preprocess_missing}++;
+ }
$exit |= 1 << 3;
}
if ($link and not all_flags_used($line, \@missing, @ldflags)
and not pic_pie_conflict($line, $harden_pie, \@missing, @def_ldflags_pie)
# Assume dpkg-buildflags returns the correct flags.
and not $line =~ /`dpkg-buildflags --get LDFLAGS`/) {
- error_flags('LDFLAGS missing', \@missing, \%flag_renames, $input[$i]);
+ if (not $option_buildd) {
+ error_flags('LDFLAGS missing', \@missing, \%flag_renames, $input[$i]);
+ } else {
+ $statistics{link_missing}++;
+ }
$exit |= 1 << 3;
}
}
}
+# Print statistics for buildd mode, only output in this mode.
+if ($option_buildd) {
+ my @warning;
+
+ if ($statistics{preprocess_missing}) {
+ push @warning, sprintf "CPPFLAGS %d (of %d)",
+ $statistics{preprocess_missing},
+ $statistics{preprocess};
+ }
+ if ($statistics{compile_missing}) {
+ push @warning, sprintf "CFLAGS %d (of %d)",
+ $statistics{compile_missing},
+ $statistics{compile};
+ }
+ if ($statistics{compile_cpp_missing}) {
+ push @warning, sprintf "CXXFLAGS %d (of %d)",
+ $statistics{compile_cpp_missing},
+ $statistics{compile_cpp};
+ }
+ if ($statistics{link_missing}) {
+ push @warning, sprintf "LDFLAGS %d (of %d)",
+ $statistics{link_missing},
+ $statistics{link};
+ }
+ if (scalar @warning) {
+ local $" = ', '; # array join string
+ print "W-dpkg-buildflags-missing @warning missing\n";
+ }
+
+ if ($statistics{commands_nonverbose}) {
+ printf "W-compiler-flags-hidden %d (of %d) hidden\n",
+ $statistics{commands_nonverbose},
+ $statistics{commands},
+ }
+}
+
+
exit $exit;
use strict;
use warnings;
-use Test::More tests => 98;
+use Test::More tests => 100;
sub is_blhc {
'';
is_blhc 'buildd-dpkg-dev', '--buildd', 8,
- 'CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -O2 -c test-a.c
-CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -c test-a.c
-CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -O2 -c test-b.c
-CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -c test-b.c
-CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -O2 -c test-c.c
-CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -c test-c.c
-LDFLAGS missing (-Wl,-z,relro): gcc -o test test-a.o test-b.o test-c.o -ltest
-CFLAGS missing (-O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -c test-a.c
-CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -c test-a.c
-CFLAGS missing (-O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -c test-b.c
-CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -c test-b.c
-CFLAGS missing (-O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -c test-c.c
-CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -c test-c.c
-LDFLAGS missing (-Wl,-z,relro): gcc -o test test-a.o test-b.o test-c.o -ltest
+ 'W-dpkg-buildflags-missing CPPFLAGS 7 (of 7), CFLAGS 6 (of 6), CXXFLAGS 1 (of 1), LDFLAGS 2 (of 2) missing
';
is_blhc 'buildd-dpkg-dev-old', '--buildd', 8,
- 'CFLAGS missing (-O2): gcc -g -c test-a.c
-CFLAGS missing (-O2): gcc -g -c test-b.c
-CFLAGS missing (-O2): gcc -g -c test-c.c
+ 'W-dpkg-buildflags-missing CFLAGS 3 (of 6), CXXFLAGS 1 (of 1) missing
';
+is_blhc 'buildd-verbose-build', '--buildd', 4,
+ 'W-compiler-flags-hidden 1 (of 5) hidden
+';
+
+
# multiple files
is_blhc ['good', 'good-pie', 'good-bindnow', 'good-all', 'good-multiline', 'good-library'], '', 0,
ruderich.org/simon / blhc / blhc.git / commitdiff