Also use buildd's "Architecture" header to detect architecture.

[blhc/blhc.git] / bin / blhc

diff --git a/bin/blhc b/bin/blhc
index 92ab3b442b1beae820aad9eb3988e3cfbb125795..5e8e0181356613dca5de8afe591ce3ab24a5d684 100755 (executable)
--- a/bin/blhc
+++ b/bin/blhc
@@ -428,6 +428,7 @@ my $option_help        = 0;
 my $option_version     = 0;
 my $option_pie         = 0;
 my $option_bindnow     = 0;
 my $option_version     = 0;
 my $option_pie         = 0;
 my $option_bindnow     = 0;

+my @option_ignore_arch = ();

 my @option_ignore_flag = ();
 my @option_ignore_line = ();
 my $option_all         = 0;
 my @option_ignore_flag = ();
 my @option_ignore_line = ();
 my $option_all         = 0;


@@ -442,6 +443,7 @@ if (not Getopt::Long::GetOptions(
             'bindnow'       => \$option_bindnow,
             'all'           => \$option_all,
             # Ignore.
             'bindnow'       => \$option_bindnow,
             'all'           => \$option_all,
             # Ignore.

+            'ignore-arch=s' => \@option_ignore_arch,

             'ignore-flag=s' => \@option_ignore_flag,
             'ignore-line=s' => \@option_ignore_line,
             # Misc.
             'ignore-flag=s' => \@option_ignore_flag,
             'ignore-line=s' => \@option_ignore_line,
             # Misc.


@@ -533,6 +535,15 @@ foreach my $file (@ARGV) {
     my $harden_pie     = $option_pie;     # defaults to 0
 
     while (my $line = <$fh>) {
     my $harden_pie     = $option_pie;     # defaults to 0
 
     while (my $line = <$fh>) {

+        # Detect architecture automatically unless overridden. For buildd logs
+        # only, doesn't use the dpkg-buildpackage header. Necessary to ignore
+        # build logs which aren't built (wrong architecture, build error,
+        # etc.).
+        if (not $arch
+                and $line =~ /^Architecture: (.+)$/) {
+            $arch = $1;
+        }
+

         # dpkg-buildflags only provides hardening flags since 1.16.1, don't
         # check for hardening flags in buildd mode if an older dpkg-dev is
         # used. Default flags (-g -O2) are still checked.
         # dpkg-buildflags only provides hardening flags since 1.16.1, don't
         # check for hardening flags in buildd mode if an older dpkg-dev is
         # used. Default flags (-g -O2) are still checked.


@@ -542,7 +553,7 @@ foreach my $file (@ARGV) {
         if ($option_buildd
                 and index($line, 'Toolchain package versions: ') == 0) {
             require Dpkg::Version;
         if ($option_buildd
                 and index($line, 'Toolchain package versions: ') == 0) {
             require Dpkg::Version;

-            if ($line !~ /\bdpkg-dev_(\S+)/
+            if (not $line =~ /\bdpkg-dev_(\S+)/

                     or Dpkg::Version::version_compare($1, '1.16.1') < 0) {
                 $harden_format  = 0;
                 $harden_fortify = 0;
                     or Dpkg::Version::version_compare($1, '1.16.1') < 0) {
                 $harden_format  = 0;
                 $harden_fortify = 0;


@@ -689,6 +700,16 @@ foreach my $file (@ARGV) {
 
     close $fh;
 
 
     close $fh;
 

+    # Ignore arch if requested.
+    if (scalar @option_ignore_arch > 0 and $arch) {
+        foreach my $ignore (@option_ignore_arch) {
+            if ($arch eq $ignore) {
+                print "ignoring architecture '$arch'\n";
+                next FILE;
+            }
+        }
+    }
+

     if (scalar @input == 0) {
         if (not $option_buildd) {
             print "No compiler commands!\n";
     if (scalar @input == 0) {
         if (not $option_buildd) {
             print "No compiler commands!\n";


@@ -1020,6 +1041,12 @@ Don't require Term::ANSIColor.
 
 Use colored (ANSI) output for warning messages.
 
 
 Use colored (ANSI) output for warning messages.
 

+=item B<--ignore-arch> I<arch>
+
+Ignore build logs from architectures matching I<arch>. I<arch> is a string.
+
+Used to prevent false positives. This option can be specified multiple times.
+

 =item B<--ignore-flag> I<flag>
 
 Don't print an error when the specific flag is missing in a compiler line.
 =item B<--ignore-flag> I<flag>
 
 Don't print an error when the specific flag is missing in a compiler line.