# Regex to catch (GCC) compiler warnings.
my $warning_regex = qr/^(.+?):([0-9]+):[0-9]+: warning: (.+?) \[(.+?)\]$/;
-# Expected hardening flags. All flags are used as regexps.
+# Expected (hardening) flags. All flags are used as regexps.
my @cflags = (
'-g',
'-O2',
- '-fstack-protector',
- '--param=ssp-buffer-size=4',
+);
+my @cflags_format = (
'-Wformat',
'-Wformat-security',
'-Werror=format-security',
);
+my @cflags_fortify = (
+ # fortify needs at least -O1, but -O2 is recommended anyway
+);
+my @cflags_stack = (
+ '-fstack-protector',
+ '--param=ssp-buffer-size=4',
+);
my @cflags_pie = (
'-fPIE',
);
-my @cppflags = (
+my @cppflags = ();
+my @cppflags_fortify = (
'-D_FORTIFY_SOURCE=2',
);
-my @ldflags = (
+my @ldflags = ();
+my @ldflags_relro = (
'-Wl,(-z,)?relro',
);
+my @ldflags_bindnow = (
+ '-Wl,(-z,)?now',
+);
my @ldflags_pie = (
'-fPIE',
'-pie',
);
-my @ldflags_bindnow = (
- '-Wl,(-z,)?now',
-);
-# All (hardening) flags.
-my @flags = (@cflags, @cflags_pie,
- @cppflags,
- @ldflags, @ldflags_pie, @ldflags_bindnow);
# Renaming rules for the output so the regex parts are not visible.
my %flag_renames = (
'-Wl,(-z,)?relro' => '-Wl,-z,relro',
# MAIN
-# Additional hardening options.
-my $pie = 0;
-my $bindnow = 0;
+# Hardening options. Not all architectures support all hardening options.
+my $harden_format = 1;
+my $harden_fortify = 1;
+my $harden_stack = 1;
+my $harden_relro = 1;
+my $harden_bindnow = 0;
+my $harden_pie = 0;
# Parse command line arguments.
-my $option_all = 0;
my $option_help = 0;
my $option_version = 0;
+my $option_all = 0;
+my $option_arch = undef;
if (not Getopt::Long::GetOptions(
'help|h|?' => \$option_help,
'version' => \$option_version,
- 'pie' => \$pie,
- 'bindnow' => \$bindnow,
+ # Hardening options.
+ 'pie' => \$harden_pie,
+ 'bindnow' => \$harden_bindnow,
'all' => \$option_all,
+ # Misc.
+ 'arch' => \$option_arch,
)) {
require Pod::Usage;
Pod::Usage::pod2usage(2);
}
if ($option_all) {
- $pie = 1;
- $bindnow = 1;
+ $harden_pie = 1;
+ $harden_bindnow = 1;
}
# Final exit code.
$start = 1 if $line =~ /^dpkg-buildpackage:/;
next if not $start;
+ # Detect architecture automatically unless overridden.
+ if (not $option_arch
+ and $line =~ /^dpkg-buildpackage: host architecture (.+)$/) {
+ $option_arch = $1;
+ }
+
# Ignore compiler warnings for now.
next if $line =~ /$warning_regex/;
exit $exit;
}
+# Option or auto detected.
+if ($option_arch) {
+ # The following was partially copied from dpkg-dev 1.16.1.2
+ # (/usr/share/perl5/Dpkg/Vendor/Debian.pm, add_hardening_flags()),
+ # copyright Raphaƫl Hertzog <hertzog@debian.org>, Kees Cook
+ # <kees@debian.org>, Canonical, Ltd. licensed under GPL version 2 or
+ # later. Keep it in sync.
+
+ require Dpkg::Arch;
+ my ($abi, $os, $cpu) = Dpkg::Arch::debarch_to_debtriplet($option_arch);
+
+ # Disable unsupported hardening options.
+ if ($cpu =~ /^(ia64|alpha|mips|mipsel|hppa)$/ or $option_arch eq 'arm') {
+ $harden_stack = 0;
+ }
+ if ($cpu =~ /^(ia64|hppa|avr32)$/) {
+ $harden_relro = 0;
+ $harden_bindnow = 0;
+ }
+}
+
# Check if additional hardening options were used. Used to ensure they are
# used for the complete build.
foreach my $line (@input) {
- $pie = 1 if any_flags_used($line, @cflags_pie, @ldflags_pie);
- $bindnow = 1 if any_flags_used($line, @ldflags_bindnow);
+ $harden_pie = 1 if any_flags_used($line, @cflags_pie, @ldflags_pie);
+ $harden_bindnow = 1 if any_flags_used($line, @ldflags_bindnow);
}
-if ($pie) {
+# Check the specified hardening options, same order as dpkg-buildflags.
+if ($harden_pie) {
@cflags = (@cflags, @cflags_pie);
@ldflags = (@ldflags, @ldflags_pie);
}
-if ($bindnow) {
+if ($harden_stack) {
+ @cflags = (@cflags, @cflags_stack);
+}
+if ($harden_fortify) {
+ @cflags = (@cflags, @cflags_fortify);
+ @cppflags = (@cppflags, @cppflags_fortify);
+}
+if ($harden_format) {
+ @cflags = (@cflags, @cflags_format);
+}
+if ($harden_relro) {
+ @ldflags = (@ldflags, @ldflags_relro);
+}
+if ($harden_bindnow) {
@ldflags = (@ldflags, @ldflags_bindnow);
}
if ($compiler and not all_flags_used($line, \@missing, @cflags)
# Libraries linked with -fPIC don't have to (and can't) be linked
# with -fPIE as well. It's no error if only PIE flags are missing.
- and not pic_pie_conflict($line, $pie, \@missing, @cflags_pie)) {
+ and not pic_pie_conflict($line, $harden_pie, \@missing, @cflags_pie)) {
error_flags('CFLAGS missing', \@missing, \%flag_renames, $line);
$exit |= 1 << 3;
}
}
if ($linker and not all_flags_used($line, \@missing, @ldflags)
# Same here, -fPIC conflicts with -fPIE.
- and not pic_pie_conflict($line, $pie, \@missing, @ldflags_pie)) {
+ and not pic_pie_conflict($line, $harden_pie, \@missing, @ldflags_pie)) {
error_flags('LDFLAGS missing', \@missing, \%flag_renames, $line);
$exit |= 1 << 3;
}
--pie force +pie check
--bindnow force +bindbow check
--all force +all (+pie, +bindnow) check
+ --arch set architecture (autodetected)
=head1 DESCRIPTION
Force check for all +all (+pie, +bindnow) hardening flags. By default it's
auto detected.
+=item B<--arch>
+
+Set the specific architecture (e.g. amd64, armel, etc.), automatically
+disables hardening flags not available on this architecture. Is detected
+automatically if dpkg-buildpackage is used.
+
=back
Auto detection only works if at least one command uses the required hardening
use strict;
use warnings;
-use Test::More tests => 72;
+use Test::More tests => 80;
sub is_blhc {
--pie force +pie check
--bindnow force +bindbow check
--all force +all (+pie, +bindnow) check
+ --arch set architecture (autodetected)
';
LDFLAGS missing (-Wl,-z,relro): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security ../src/test/objs/test.o -o ../src/test/bin/test
';
is_blhc 'bad', '--pie', 8,
- 'CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): gcc -g -O2 -c test-a.c
+ 'CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -O2 -c test-a.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -c test-a.c
-CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): gcc -g -O2 -c test-b.c
+CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -O2 -c test-b.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -c test-b.c
-CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): gcc -g -O2 -c test-c.c
+CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -O2 -c test-c.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -c test-c.c
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie): gcc -o test test-a.o test-b.o test-c.o -ltest
-CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): x86_64-linux-gnu-gcc -g -O2 -c test-a.c
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro): gcc -o test test-a.o test-b.o test-c.o -ltest
+CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): x86_64-linux-gnu-gcc -g -O2 -c test-a.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): x86_64-linux-gnu-gcc -g -O2 -c test-a.c
-CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): x86_64-linux-gnu-gcc -g -O2 -c test-b.c
+CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): x86_64-linux-gnu-gcc -g -O2 -c test-b.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): x86_64-linux-gnu-gcc -g -O2 -c test-b.c
-CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): x86_64-linux-gnu-gcc -g -O2 -c test-c.c
+CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): x86_64-linux-gnu-gcc -g -O2 -c test-c.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): x86_64-linux-gnu-gcc -g -O2 -c test-c.c
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie): x86_64-linux-gnu-gcc -o test test-a.o test-b.o test-c.o -ltest
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro): x86_64-linux-gnu-gcc -o test test-a.o test-b.o test-c.o -ltest
CFLAGS missing (-fPIE): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -pthread -o ./testProgram ../src/test/testProgram.cpp
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -pthread -o ./testProgram ../src/test/testProgram.cpp
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -pthread -o ./testProgram ../src/test/testProgram.cpp
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -pthread -o ./testProgram ../src/test/testProgram.cpp
LDFLAGS missing (-fPIE -pie): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -pthread -Wl,-z,relro -o ../src/test/bin/test ../src/test/objs/test.o
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie): gcc -o test test-a.o test-b.o test-c.a
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security ../src/test/objs/test.o -o ../src/test/bin/test
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro): gcc -o test test-a.o test-b.o test-c.a
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security ../src/test/objs/test.o -o ../src/test/bin/test
';
is_blhc 'bad', '--bindnow', 8,
'CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -O2 -c test-a.c
LDFLAGS missing (-Wl,-z,relro -Wl,-z,now): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security ../src/test/objs/test.o -o ../src/test/bin/test
';
is_blhc 'bad', '--pie --bindnow', 8,
- 'CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): gcc -g -O2 -c test-a.c
+ 'CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -O2 -c test-a.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -c test-a.c
-CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): gcc -g -O2 -c test-b.c
+CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -O2 -c test-b.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -c test-b.c
-CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): gcc -g -O2 -c test-c.c
+CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -O2 -c test-c.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -c test-c.c
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie -Wl,-z,now): gcc -o test test-a.o test-b.o test-c.o -ltest
-CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): x86_64-linux-gnu-gcc -g -O2 -c test-a.c
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): gcc -o test test-a.o test-b.o test-c.o -ltest
+CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): x86_64-linux-gnu-gcc -g -O2 -c test-a.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): x86_64-linux-gnu-gcc -g -O2 -c test-a.c
-CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): x86_64-linux-gnu-gcc -g -O2 -c test-b.c
+CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): x86_64-linux-gnu-gcc -g -O2 -c test-b.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): x86_64-linux-gnu-gcc -g -O2 -c test-b.c
-CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): x86_64-linux-gnu-gcc -g -O2 -c test-c.c
+CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): x86_64-linux-gnu-gcc -g -O2 -c test-c.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): x86_64-linux-gnu-gcc -g -O2 -c test-c.c
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie -Wl,-z,now): x86_64-linux-gnu-gcc -o test test-a.o test-b.o test-c.o -ltest
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): x86_64-linux-gnu-gcc -o test test-a.o test-b.o test-c.o -ltest
CFLAGS missing (-fPIE): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -pthread -o ./testProgram ../src/test/testProgram.cpp
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -pthread -o ./testProgram ../src/test/testProgram.cpp
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie -Wl,-z,now): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -pthread -o ./testProgram ../src/test/testProgram.cpp
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -pthread -o ./testProgram ../src/test/testProgram.cpp
LDFLAGS missing (-fPIE -pie -Wl,-z,now): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -pthread -Wl,-z,relro -o ../src/test/bin/test ../src/test/objs/test.o
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie -Wl,-z,now): gcc -o test test-a.o test-b.o test-c.a
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie -Wl,-z,now): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security ../src/test/objs/test.o -o ../src/test/bin/test
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): gcc -o test test-a.o test-b.o test-c.a
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security ../src/test/objs/test.o -o ../src/test/bin/test
';
is_blhc 'bad', '--all', 8,
- 'CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): gcc -g -O2 -c test-a.c
+ 'CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -O2 -c test-a.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -c test-a.c
-CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): gcc -g -O2 -c test-b.c
+CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -O2 -c test-b.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -c test-b.c
-CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): gcc -g -O2 -c test-c.c
+CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -g -O2 -c test-c.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -c test-c.c
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie -Wl,-z,now): gcc -o test test-a.o test-b.o test-c.o -ltest
-CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): x86_64-linux-gnu-gcc -g -O2 -c test-a.c
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): gcc -o test test-a.o test-b.o test-c.o -ltest
+CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): x86_64-linux-gnu-gcc -g -O2 -c test-a.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): x86_64-linux-gnu-gcc -g -O2 -c test-a.c
-CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): x86_64-linux-gnu-gcc -g -O2 -c test-b.c
+CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): x86_64-linux-gnu-gcc -g -O2 -c test-b.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): x86_64-linux-gnu-gcc -g -O2 -c test-b.c
-CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): x86_64-linux-gnu-gcc -g -O2 -c test-c.c
+CFLAGS missing (-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): x86_64-linux-gnu-gcc -g -O2 -c test-c.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): x86_64-linux-gnu-gcc -g -O2 -c test-c.c
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie -Wl,-z,now): x86_64-linux-gnu-gcc -o test test-a.o test-b.o test-c.o -ltest
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): x86_64-linux-gnu-gcc -o test test-a.o test-b.o test-c.o -ltest
CFLAGS missing (-fPIE): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -pthread -o ./testProgram ../src/test/testProgram.cpp
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -pthread -o ./testProgram ../src/test/testProgram.cpp
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie -Wl,-z,now): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -pthread -o ./testProgram ../src/test/testProgram.cpp
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -pthread -o ./testProgram ../src/test/testProgram.cpp
LDFLAGS missing (-fPIE -pie -Wl,-z,now): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -pthread -Wl,-z,relro -o ../src/test/bin/test ../src/test/objs/test.o
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie -Wl,-z,now): gcc -o test test-a.o test-b.o test-c.a
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie -Wl,-z,now): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security ../src/test/objs/test.o -o ../src/test/bin/test
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): gcc -o test test-a.o test-b.o test-c.a
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security ../src/test/objs/test.o -o ../src/test/bin/test
';
is_blhc 'bad-cflags', '', 8,
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -shared -fPIC -Wl,-z,relro -o test.so test.c -ltest
';
is_blhc 'bad-cflags', '--pie', 8,
- 'CFLAGS missing (-Wformat -fPIE): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c
-CFLAGS missing (--param=ssp-buffer-size=4 -fPIE): gcc -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.c
-CFLAGS missing (-Werror=format-security -fPIE): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.c
+ 'CFLAGS missing (-fPIE -Wformat): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c
+CFLAGS missing (-fPIE --param=ssp-buffer-size=4): gcc -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.c
+CFLAGS missing (-fPIE -Werror=format-security): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.c
LDFLAGS missing (-fPIE -pie): gcc -Wl,-z,relro -o test test-a.o test-b.o test-c.o -ltest
-CFLAGS missing (-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): gcc -Wl,-z,relro -o test test.c -ltest
+CFLAGS missing (-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -Wl,-z,relro -o test test.c -ltest
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -Wl,-z,relro -o test test.c -ltest
LDFLAGS missing (-fPIE -pie): gcc -Wl,-z,relro -o test test.c -ltest
CFLAGS missing (-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -shared -fPIC -Wl,-z,relro -o test.so test.c -ltest
LDFLAGS missing (-Wl,-z,now): gcc -shared -fPIC -Wl,-z,relro -o test.so test.c -ltest
';
is_blhc 'bad-cflags', '--pie --bindnow', 8,
- 'CFLAGS missing (-Wformat -fPIE): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c
-CFLAGS missing (--param=ssp-buffer-size=4 -fPIE): gcc -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.c
-CFLAGS missing (-Werror=format-security -fPIE): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.c
+ 'CFLAGS missing (-fPIE -Wformat): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c
+CFLAGS missing (-fPIE --param=ssp-buffer-size=4): gcc -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.c
+CFLAGS missing (-fPIE -Werror=format-security): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.c
LDFLAGS missing (-fPIE -pie -Wl,-z,now): gcc -Wl,-z,relro -o test test-a.o test-b.o test-c.o -ltest
-CFLAGS missing (-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): gcc -Wl,-z,relro -o test test.c -ltest
+CFLAGS missing (-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -Wl,-z,relro -o test test.c -ltest
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -Wl,-z,relro -o test test.c -ltest
LDFLAGS missing (-fPIE -pie -Wl,-z,now): gcc -Wl,-z,relro -o test test.c -ltest
CFLAGS missing (-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): gcc -shared -fPIC -Wl,-z,relro -o test.so test.c -ltest
'CFLAGS missing (-fPIE): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c
CFLAGS missing (-fPIE): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.c
CFLAGS missing (-fPIE): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-c.c
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie): gcc -o test test-a.o test-b.o test-c.o -ltest
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro): gcc -o test test-a.o test-b.o test-c.o -ltest
';
is_blhc 'bad-ldflags', '--bindnow', 8,
'LDFLAGS missing (-Wl,-z,relro -Wl,-z,now): gcc -o test test-a.o test-b.o test-c.o -ltest
'CFLAGS missing (-fPIE): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c
CFLAGS missing (-fPIE): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.c
CFLAGS missing (-fPIE): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-c.c
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie -Wl,-z,now): gcc -o test test-a.o test-b.o test-c.o -ltest
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): gcc -o test test-a.o test-b.o test-c.o -ltest
';
is_blhc 'bad-multiline', '', 8,
LDFLAGS missing (-Wl,-z,now): gcc -shared -fPIC -DPIC libtest.o -lpthread -O2 -Wl,relro -Wl,--as-needed -o libtest.so
LDFLAGS missing (-Wl,-z,relro -Wl,-z,now): gcc -shared -fPIC -DPIC libtest.o -lpthread -O2 -Wl,--as-needed -o libtest.so
LDFLAGS missing (-Wl,-z,now): gcc -shared -fPIC test.o -Wl,-z -Wl,relro -o .libs/libtest.so.1.0.0
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie): gcc -shared -o libtest.so.0d ./test-a.o test/./test-b.o -Wl,-z,now -lpthread -ldl
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro): gcc -shared -o libtest.so.0d ./test-a.o test/./test-b.o -Wl,-z,now -lpthread -ldl
LDFLAGS missing (-Wl,-z,relro -Wl,-z,now): /usr/bin/g++ -shared -fpic -o libtest-6.1.so.0 test.o -ltiff -lz
';
# cc
is_blhc 'cc', '--pie --bindnow', 8,
- 'CFLAGS missing (-Wformat -fPIE): cc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.cc
-CFLAGS missing (-Wformat -fPIE): cc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c
-CFLAGS missing (--param=ssp-buffer-size=4 -fPIE): cc -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.c
-CFLAGS missing (-Werror=format-security -fPIE): cc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.c
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie -Wl,-z,now): cc -Wl,-z,defs -o test test-a.o test-b.o test-c.o -ltest
+ 'CFLAGS missing (-fPIE -Wformat): cc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.cc
+CFLAGS missing (-fPIE -Wformat): cc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c
+CFLAGS missing (-fPIE --param=ssp-buffer-size=4): cc -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.c
+CFLAGS missing (-fPIE -Werror=format-security): cc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.c
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): cc -Wl,-z,defs -o test test-a.o test-b.o test-c.o -ltest
LDFLAGS missing (-fPIE -pie -Wl,-z,now): cc -Wl,-z,defs test-a.o test-b.o test-c.o -ltest -Wl,-z,relro -o test/test-4.2~_4711/test.so test.o
';
# gcc
is_blhc 'gcc', '--pie --bindnow', 8,
- 'CFLAGS missing (-Wformat -fPIE): gcc-4.6 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.cc
-CFLAGS missing (-Wformat -fPIE): gcc-4.6 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c
-CFLAGS missing (--param=ssp-buffer-size=4 -fPIE): gcc-4.6 -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.c
-CFLAGS missing (-Werror=format-security -fPIE): gcc-4.6 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.c
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie -Wl,-z,now): gcc-4.6 -Wl,-z,defs -o test test-a.o test-b.o test-c.o -ltest
+ 'CFLAGS missing (-fPIE -Wformat): gcc-4.6 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.cc
+CFLAGS missing (-fPIE -Wformat): gcc-4.6 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c
+CFLAGS missing (-fPIE --param=ssp-buffer-size=4): gcc-4.6 -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.c
+CFLAGS missing (-fPIE -Werror=format-security): gcc-4.6 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.c
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): gcc-4.6 -Wl,-z,defs -o test test-a.o test-b.o test-c.o -ltest
LDFLAGS missing (-fPIE -pie -Wl,-z,now): gcc-4.6 -Wl,-z,defs test-a.o test-b.o test-c.o -ltest -Wl,-z,relro -o test/test-4.2~_4711/test.so test.o
';
# c++
is_blhc 'c++', '--pie --bindnow', 8,
- 'CFLAGS missing (-Wformat -fPIE): c++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.cpp
-CFLAGS missing (--param=ssp-buffer-size=4 -fPIE): c++ -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.cpp
-CFLAGS missing (-Werror=format-security -fPIE): c++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.cpp
+ 'CFLAGS missing (-fPIE -Wformat): c++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.cpp
+CFLAGS missing (-fPIE --param=ssp-buffer-size=4): c++ -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.cpp
+CFLAGS missing (-fPIE -Werror=format-security): c++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.cpp
CFLAGS missing (-fPIE): c++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-d.cc
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie -Wl,-z,now): c++ -Wl,-z,defs -o test test-a.o test-b.o test-c.o test-d.o -ltest
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): c++ -Wl,-z,defs -o test test-a.o test-b.o test-c.o test-d.o -ltest
LDFLAGS missing (-fPIE -pie -Wl,-z,now): c++ -Wl,-z,defs test-a.o test-b.o test-c.o -ltest -Wl,-z,relro -o test/test-4.2~_4711/test.so test.o
-CFLAGS missing (-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): c++\ test.c
+CFLAGS missing (-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): c++\ test.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): c++\ test.c
-CFLAGS missing (-Wformat -fPIE): c++-4.6 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.cpp
-CFLAGS missing (--param=ssp-buffer-size=4 -fPIE): c++-4.6 -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.cpp
-CFLAGS missing (-Werror=format-security -fPIE): c++-4.6 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.cpp
+CFLAGS missing (-fPIE -Wformat): c++-4.6 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.cpp
+CFLAGS missing (-fPIE --param=ssp-buffer-size=4): c++-4.6 -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.cpp
+CFLAGS missing (-fPIE -Werror=format-security): c++-4.6 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.cpp
CFLAGS missing (-fPIE): c++-4.6 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-d.cc
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie -Wl,-z,now): c++-4.6 -Wl,-z,defs -o test test-a.o test-b.o test-c.o test-d.o -ltest
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): c++-4.6 -Wl,-z,defs -o test test-a.o test-b.o test-c.o test-d.o -ltest
';
# g++
is_blhc 'g++', '--pie --bindnow', 8,
- 'CFLAGS missing (-Wformat -fPIE): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.cpp
-CFLAGS missing (--param=ssp-buffer-size=4 -fPIE): g++ -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.cpp
-CFLAGS missing (-Werror=format-security -fPIE): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.cpp
+ 'CFLAGS missing (-fPIE -Wformat): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.cpp
+CFLAGS missing (-fPIE --param=ssp-buffer-size=4): g++ -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.cpp
+CFLAGS missing (-fPIE -Werror=format-security): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.cpp
CFLAGS missing (-fPIE): g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-d.cc
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie -Wl,-z,now): g++ -Wl,-z,defs -o test test-a.o test-b.o test-c.o test-d.o -ltest
-CFLAGS missing (-Wformat -fPIE): x86_64-linux-gnu-g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.cpp
-CFLAGS missing (--param=ssp-buffer-size=4 -fPIE): x86_64-linux-gnu-g++ -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.cpp
-CFLAGS missing (-Werror=format-security -fPIE): x86_64-linux-gnu-g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.cpp
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): g++ -Wl,-z,defs -o test test-a.o test-b.o test-c.o test-d.o -ltest
+CFLAGS missing (-fPIE -Wformat): x86_64-linux-gnu-g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.cpp
+CFLAGS missing (-fPIE --param=ssp-buffer-size=4): x86_64-linux-gnu-g++ -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.cpp
+CFLAGS missing (-fPIE -Werror=format-security): x86_64-linux-gnu-g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.cpp
CFLAGS missing (-fPIE): x86_64-linux-gnu-g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-d.cc
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie -Wl,-z,now): x86_64-linux-gnu-g++ -Wl,-z,defs -o test test-a.o test-b.o test-c.o test-d.o -ltest
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): x86_64-linux-gnu-g++ -Wl,-z,defs -o test test-a.o test-b.o test-c.o test-d.o -ltest
LDFLAGS missing (-fPIE -pie -Wl,-z,now): g++ -Wl,-z,defs test-a.o test-b.o test-c.o -ltest -Wl,-z,relro -o test/test-4.2~_4711/test.so test.o
-CFLAGS missing (-Wformat -fPIE): g++-4.6 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.cpp
-CFLAGS missing (--param=ssp-buffer-size=4 -fPIE): g++-4.6 -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.cpp
-CFLAGS missing (-Werror=format-security -fPIE): g++-4.6 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.cpp
+CFLAGS missing (-fPIE -Wformat): g++-4.6 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.cpp
+CFLAGS missing (-fPIE --param=ssp-buffer-size=4): g++-4.6 -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.cpp
+CFLAGS missing (-fPIE -Werror=format-security): g++-4.6 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -c test-c.cpp
CFLAGS missing (-fPIE): g++-4.6 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-d.cc
-LDFLAGS missing (-Wl,-z,relro -fPIE -pie -Wl,-z,now): g++-4.6 -Wl,-z,defs -o test test-a.o test-b.o test-c.o test-d.o -ltest
+LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): g++-4.6 -Wl,-z,defs -o test test-a.o test-b.o test-c.o test-d.o -ltest
';
# libtool
is_blhc 'libtool', '--bindnow', 8,
- 'CFLAGS missing (-Wformat -fPIE): /bin/bash ../../libtool --tag=CC --mode=compile x86_64-linux-gnu-gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -c test.c
-CFLAGS missing (-Wformat -fPIE): /bin/bash ../../libtool --tag=CC --mode=compile x86_64-linux-gnu-g++ -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -c test.cpp
-CFLAGS missing (-Wformat -fPIE): /bin/bash ../../libtool --tag=CC --mode=compile gcc-4.6 -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -c test.c
-CFLAGS missing (-Wformat -fPIE): /bin/bash ../../libtool --tag=CXX --mode=compile g++-4.6 -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -c test.c
+ 'CFLAGS missing (-fPIE -Wformat): /bin/bash ../../libtool --tag=CC --mode=compile x86_64-linux-gnu-gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -c test.c
+CFLAGS missing (-fPIE -Wformat): /bin/bash ../../libtool --tag=CC --mode=compile x86_64-linux-gnu-g++ -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -c test.cpp
+CFLAGS missing (-fPIE -Wformat): /bin/bash ../../libtool --tag=CC --mode=compile gcc-4.6 -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -c test.c
+CFLAGS missing (-fPIE -Wformat): /bin/bash ../../libtool --tag=CXX --mode=compile g++-4.6 -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -c test.c
LDFLAGS missing (-fPIE): libtool: link: g++ -shared test-a.o test-b.o test-b.o test-c.o -O2 -pie -Wl,relro -Wl,now -o test.so
LDFLAGS missing (-fPIE -pie -Wl,-z,now): libtool: link: g++ -shared test-a.o test-b.o test-b.o test-c.o -O2 -Wl,relro -o test.so
LDFLAGS missing (-fPIE -pie -Wl,-z,now): libtool: link: gcc -Wl,-z -Wl,relro -o test test.o
LDFLAGS missing (-fPIE -pie -Wl,-z,now): /bin/bash /tmp/test/build/libtool --tag CXX --mode=relink g++ -Wl,-z,relro -o test.la test.o
LDFLAGS missing (-fPIE -pie -Wl,-z,now): /bin/bash ../libtool --tag=CC --mode=link gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -Wl,-z,relro -o test test.o
LDFLAGS missing (-fPIE -pie -Wl,-z,now): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -Wl,-z -Wl,relro -o .libs/test test.o
-CFLAGS missing (-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIE): /bin/bash ../libtool --tag=CC --mode=link gcc -Wl,-z,relro -o test.so test.c
+CFLAGS missing (-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security): /bin/bash ../libtool --tag=CC --mode=link gcc -Wl,-z,relro -o test.so test.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): /bin/bash ../libtool --tag=CC --mode=link gcc -Wl,-z,relro -o test.so test.c
LDFLAGS missing (-fPIE -pie -Wl,-z,now): /bin/bash ../libtool --tag=CC --mode=link gcc -Wl,-z,relro -o test.so test.c
';
+
+
+# different architectures
+
+is_blhc 'arch-avr32', '', 8,
+ 'CFLAGS missing (--param=ssp-buffer-size=4): gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector -Wformat -Wformat-security -Werror=format-security -Wall -c test.c
+';
+
+is_blhc 'arch-i386', '', 8,
+ 'CFLAGS missing (-fstack-protector): gcc -D_FORTIFY_SOURCE=2 -g -O2 -fPIE --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -Wall -c test.c
+LDFLAGS missing (-pie): gcc -fPIE -Wl,-z,relro -Wl,-z,now -o test test.o
+';
+
+is_blhc 'arch-ia64', '', 8,
+ 'CFLAGS missing (-fPIE): gcc -D_FORTIFY_SOURCE=2 -g -O2 -Wformat -Wformat-security -Werror=format-security -Wall -c test.c
+LDFLAGS missing (-pie): gcc -fPIE -o test test.o
+';
+
+is_blhc 'arch-mipsel', '', 8,
+ 'CFLAGS missing (-Werror=format-security): gcc -D_FORTIFY_SOURCE=2 -g -O2 -Wformat -Wformat-security -Wall -c test.c
+LDFLAGS missing (-Wl,-z,relro): gcc -Wl,-z,now -o test test.o
+';
ruderich.org/simon / blhc / blhc.git / commitdiff