my $harden_bindnow = $option_bindnow; # defaults to 0
my $harden_pie = $option_pie; # defaults to 0
- # Input lines, contain only the lines with compiler commands.
- my @input = ();
-
- my $start = 0;
- my $continuation = 0;
- my $complete_line = undef;
while (my $line = <$fh>) {
# dpkg-buildflags only provides hardening flags since 1.16.1, don't
# check for hardening flags in buildd mode if an older dpkg-dev is
#
# Packages which were built before 1.16.1 but used their own hardening
# flags are not checked.
- if ($option_buildd and not $start
- and $line =~ /^Toolchain package versions: /) {
+ if ($option_buildd and $line =~ /^Toolchain package versions: /) {
require Dpkg::Version;
if ($line !~ /dpkg-dev_(\S+)/
or Dpkg::Version::version_compare($1, '1.16.1') < 0) {
# If hardening wrapper is used (wraps calls to gcc and adds hardening
# flags automatically) we can't perform any checks, abort.
- if (not $start and $line =~ /^Build-Depends: .*\bhardening-wrapper\b/) {
+ if ($line =~ /^Build-Depends: .*\bhardening-wrapper\b/) {
error_hardening_wrapper();
$exit |= 1 << 4;
next FILE;
# We skip over unimportant lines at the beginning of the log to
# prevent false positives.
- $start = 1 if $line =~ /^dpkg-buildpackage:/;
- next if not $start;
+ last if $line =~ /^dpkg-buildpackage:/;
+ }
+
+ # Input lines, contain only the lines with compiler commands.
+ my @input = ();
+
+ my $continuation = 0;
+ my $complete_line = undef;
+ while (my $line = <$fh>) {
# And stop at the end of the build log. Package details (reported by
# the buildd logs) are not important for us. This also prevents false
# positives.
ruderich.org/simon / blhc / blhc.git / commitdiff