features are correctly used.
It's designed to check build logs generated by Debian's dpkg-buildpackage (or
-tools using dpkg-buildpackage like pbuilder or the official buildd build logs)
-to help maintainers detect missing hardening flags in their packages.
+tools using dpkg-buildpackage like pbuilder or sbuild (which is used for the
+official buildd build logs)) to help maintainers detect missing hardening
+flags in their packages.
At the moment it works only on Debian and derivatives but it should be easily
extendable to other systems as well. Patches are welcome.
dpkg-buildpackage: ...
If it's not present no compiler commands are detected. In case you don't use
-dpkp-buildpackage but still want to check a build log adding it as first line
+dpkp-buildpackage but still want to check a build log, adding it as first line
should work fine.
The following non-verbose builds can't be detected:
licensed under the GPL 3 or later.
It's designed to check build logs generated by Debian's dpkg-buildpackage (or
-tools using dpkg-buildpackage like pbuilder or the official buildd build logs)
-to help maintainers detect missing hardening flags in their packages.
+tools using dpkg-buildpackage like pbuilder or sbuild (which is used for the
+official buildd build logs)) to help maintainers detect missing hardening
+flags in their packages.
Only gcc is detected as compiler at the moment. If other compilers support
hardening flags as well, please report them.
If there's no output, no flags are missing and the build log is fine.
+See F<README> for details about performed checks, auto-detection and
+limitations.
+
=head1 OPTIONS
=over 8
ruderich.org/simon / blhc / blhc.git / commitdiff