my $continuation = 0;
my $complete_line = undef;
while (my $line = <$fh>) {
- # dpkg-buildflags only provides hardening flags since 1.16.1, don't check
- # for hardening flags in buildd mode if an older dpkg-dev is used. Default
- # flags (-g -O2) are still checked.
+ # dpkg-buildflags only provides hardening flags since 1.16.1, don't
+ # check for hardening flags in buildd mode if an older dpkg-dev is
+ # used. Default flags (-g -O2) are still checked.
#
# Packages which were built before 1.16.1 but used their own hardening
# flags are not checked.
next FILE;
}
- # We skip over unimportant lines at the beginning of the log to prevent
- # false positives.
+ # We skip over unimportant lines at the beginning of the log to
+ # prevent false positives.
$start = 1 if $line =~ /^dpkg-buildpackage:/;
next if not $start;
- # And stop at the end of the build log. Package details (reported by the
- # buildd logs) are not important for us. This also prevents false
+ # And stop at the end of the build log. Package details (reported by
+ # the buildd logs) are not important for us. This also prevents false
# positives.
last if $line =~ /^Build finished at \d{8}-\d{4}$/;
# Remove all ANSI color sequences which are sometimes used in
# non-verbose builds.
$line = Term::ANSIColor::colorstrip($line);
- # Also strip '\0xf' (delete previous character), used by Elinks' build
- # system.
+ # Also strip '\0xf' (delete previous character), used by Elinks'
+ # build system.
$line =~ s/\x0f//g;
- # And "ESC(B" which seems to be used on armhf and hurd (not sure what
- # it does).
+ # And "ESC(B" which seems to be used on armhf and hurd (not sure
+ # what it does).
$line =~ s/\033\(B//g;
}
# Check if this line indicates a non verbose build.
my $non_verbose = is_non_verbose_build($line);
- # One line may contain multiple commands (";"). Treat each one as single
- # line. parse_line() is slow, only use it when necessary.
+ # One line may contain multiple commands (";"). Treat each one as
+ # single line. parse_line() is slow, only use it when necessary.
my @line = (not $line =~ /;/)
? ($line)
: map {
- # Ensure newline at the line end - necessary for correct
- # parsing later.
+ # Ensure newline at the line end - necessary for
+ # correct parsing later.
$_ =~ s/\s+$//;
$_ .= "\n";
} Text::ParseWords::parse_line(';', 1, $line);
if ($continuation) {
$continuation = 0;
- # Join lines, but leave the "\" in place so it's clear where the
- # original line break was.
+ # Join lines, but leave the "\" in place so it's clear where
+ # the original line break was.
chomp $complete_line;
$complete_line .= ' ' . $line;
}
# `make` output.
next if $line =~ /^Making [a-z]+ in \S+/; # e.g. "[...] in c++"
- # Check if additional hardening options were used. Used to ensure
- # they are used for the complete build.
+ # Check if additional hardening options were used. Used to
+ # ensure they are used for the complete build.
$harden_pie = 1 if any_flags_used($line, @def_cflags_pie, @def_ldflags_pie);
$harden_bindnow = 1 if any_flags_used($line, @def_ldflags_bindnow);
# Even if it's a verbose build, we might have to skip this line.
next if $skip;
- # Remove everything until and including the compiler command. Makes checks
- # easier and faster.
+ # Remove everything until and including the compiler command. Makes
+ # checks easier and faster.
$line =~ s/^.*?$cc_regex//o;
# Skip unnecessary tests when only preprocessing.
$preprocess = 1;
}
- # If there are source files then it's compiling/linking in one step and we
- # must check both. We only check for source files here, because header
- # files cause too many false positives.
+ # If there are source files then it's compiling/linking in one step
+ # and we must check both. We only check for source files here, because
+ # header files cause too many false positives.
if (not $flag_preprocess
and extension_found(\%extensions_compile_link, @extensions)) {
# Assembly files don't need CFLAGS.
# Check hardening flags.
my @missing;
if ($compile and not all_flags_used($line, \@missing, @cflags)
- # Libraries linked with -fPIC don't have to (and can't) be linked
- # with -fPIE as well. It's no error if only PIE flags are missing.
+ # Libraries linked with -fPIC don't have to (and can't) be
+ # linked with -fPIE as well. It's no error if only PIE flags
+ # are missing.
and not pic_pie_conflict($line, $harden_pie, \@missing, @def_cflags_pie)
# Assume dpkg-buildflags returns the correct flags.
and not $line =~ /`dpkg-buildflags --get CFLAGS`/) {
error_flags('CFLAGS missing', \@missing, \%flag_renames, $input[$i]);
$exit |= 1 << 3;
} elsif ($compile_cpp and not all_flags_used($line, \@missing, @cflags)
- # Libraries linked with -fPIC don't have to (and can't) be linked
- # with -fPIE as well. It's no error if only PIE flags are missing.
+ # Libraries linked with -fPIC don't have to (and can't) be
+ # linked with -fPIE as well. It's no error if only PIE flags
+ # are missing.
and not pic_pie_conflict($line, $harden_pie, \@missing, @def_cflags_pie)
# Assume dpkg-buildflags returns the correct flags.
and not $line =~ /`dpkg-buildflags --get CXXFLAGS`/) {
ruderich.org/simon / blhc / blhc.git / commitdiff