From: Simon Ruderich Date: Wed, 14 Aug 2013 15:58:31 +0000 (+0200) Subject: README,blhc: Documentation update. X-Git-Tag: 0.05~15 X-Git-Url: https://ruderich.org/simon/gitweb/?a=commitdiff_plain;h=e44dbcfa8487a008098ae1f37123b9cf363fea8f;p=blhc%2Fblhc.git README,blhc: Documentation update. --- diff --git a/README b/README index 605ab68..e039ce9 100644 --- a/README +++ b/README @@ -13,8 +13,9 @@ all compiler commands use the correct hardening flags and thus all hardening features are correctly used. It's designed to check build logs generated by Debian's dpkg-buildpackage (or -tools using dpkg-buildpackage like pbuilder or the official buildd build logs) -to help maintainers detect missing hardening flags in their packages. +tools using dpkg-buildpackage like pbuilder or sbuild (which is used for the +official buildd build logs)) to help maintainers detect missing hardening +flags in their packages. At the moment it works only on Debian and derivatives but it should be easily extendable to other systems as well. Patches are welcome. @@ -118,7 +119,7 @@ real compile process (output of dpkg-buildpackage): dpkg-buildpackage: ... If it's not present no compiler commands are detected. In case you don't use -dpkp-buildpackage but still want to check a build log adding it as first line +dpkp-buildpackage but still want to check a build log, adding it as first line should work fine. The following non-verbose builds can't be detected: diff --git a/bin/blhc b/bin/blhc index 9ed648a..c77a16c 100755 --- a/bin/blhc +++ b/bin/blhc @@ -1267,14 +1267,18 @@ blhc is a small tool which checks build logs for missing hardening flags. It's licensed under the GPL 3 or later. It's designed to check build logs generated by Debian's dpkg-buildpackage (or -tools using dpkg-buildpackage like pbuilder or the official buildd build logs) -to help maintainers detect missing hardening flags in their packages. +tools using dpkg-buildpackage like pbuilder or sbuild (which is used for the +official buildd build logs)) to help maintainers detect missing hardening +flags in their packages. Only gcc is detected as compiler at the moment. If other compilers support hardening flags as well, please report them. If there's no output, no flags are missing and the build log is fine. +See F for details about performed checks, auto-detection and +limitations. + =head1 OPTIONS =over 8