\s
\S+ # Filename without extension.
\.
- ([^\\.\s]+) # File extension.
+ ([^\\.,;:\s]+) # File extension.
(?=\s|\\) # At end of word. Can't use \b because some files have non
# word characters at the end and because \b matches double
# extensions (like .cpp.o). Works always as all lines are
my @def_ldflags_pic = (
'-fPIC',
'-fpic',
+ '-shared',
);
# Renaming rules for the output so the regex parts are not visible. Also
# stores string values of flag regexps above, see compile_flag_regexp().
}
# Ignore lines with no compiler commands.
- next if $line !~ /\b$cc_regex(?:\s|\\)/o and not $non_verbose;
+ next if not $non_verbose
+ and not $line =~ /\b$cc_regex(?:\s|\\)/o;
+ # Ignore lines with no filenames with extensions. May miss
+ # some non-verbose builds (e.g. "gcc -o test" [sic!]), but
+ # shouldn't be a problem as the log will most likely contain
+ # other non-verbose commands which are detected.
+ next if not $non_verbose
+ and not $line =~ /$file_extension_regex/o;
# Ignore false positives.
#
# `./configure` output.
next if not $non_verbose
and $line =~ /^(?:checking|(?:C|c)onfigure:) /;
- next if $line =~ /^\s*(?:Host\s+)?(?:C\s+)?
- (?:C|c)ompiler[\s.]*:?\s+
- $cc_regex_full
- (?:\s-std=[a-z0-9:+]+)?\s*$
- /xo
- or $line =~ /^\s*(?:- )?(?:HOST_)?(?:CC|CXX)\s*=\s*$cc_regex_full\s*$/o
- or $line =~ /^\s*-- Check for working (?:C|CXX) compiler: /
- or $line =~ /^\s*(?:echo )?Using [A-Z_]+\s*=\s*/;
- # `make` output.
- next if $line =~ /^Making [a-z]+ in \S+/; # e.g. "[...] in c++"
+ next if $line =~ /^\s*(?:- )?(?:HOST_)?(?:CC|CXX)\s*=\s*$cc_regex_full\s*$/o;
# Check if additional hardening options were used. Used to
# ensure they are used for the complete build.
close $fh;
if (scalar @input == 0) {
- print "No compiler commands!\n";
+ if (not $option_buildd) {
+ print "No compiler commands!\n";
+ } else {
+ print "W-no-compiler-commands\n";
+ }
$exit |= 1;
next FILE;
}
=head1 SYNOPSIS
-B<blhc> [options] <dpkg-buildpackage build log file>..
-
- --all force +all (+pie, +bindnow) check
- --arch set architecture (autodetected)
- --bindnow force +bindbow check
- --buildd parser mode for buildds
- --color use colored output
- --pie force +pie check
- --help available options
- --version version number and license
+B<blhc> [I<options>] I<E<lt>dpkg-buildpackage build log fileE<gt>..>
=head1 DESCRIPTION
Force check for all +all (+pie, +bindnow) hardening flags. By default it's
auto detected.
-=item B<--arch>
+=item B<--arch> I<architecture>
Set the specific architecture (e.g. amd64, armel, etc.), automatically
disables hardening flags not available on this architecture. Is detected