# Build log hardening check, checks build logs for missing hardening flags.
-# Copyright (C) 2012-2016 Simon Ruderich
+# Copyright (C) 2012-2017 Simon Ruderich
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
use Getopt::Long ();
use Text::ParseWords ();
-our $VERSION = '0.05';
+our $VERSION = '0.07';
# CONSTANTS/VARIABLES
qw( mii ),
);
my @source_no_preprocess_compile_ada = (
+ # Ada source
+ qw( ada ),
# Ada body
qw( adb ),
- # If you add another file, fix use of @source_no_preprocess_compile_ada
- # below (search for $compile_ada).
);
my @source_no_preprocess_compile = (
# C
# Ada
@source_no_preprocess_compile_ada,
);
+my @source_no_preprocess_no_compile_ada = (
+ # Ada specification
+ qw( ads ),
+);
my @source_no_preprocess_no_compile = (
# Assembly
qw( s ),
- # Ada specification
- qw( ads ),
+ # Ada
+ @source_no_preprocess_no_compile_ada,
);
my @source_no_preprocess = (
@source_no_preprocess_compile,
@source_preprocess_compile_cpp,
@source_no_preprocess_compile_cpp,
);
+my %extensions_ada = map { $_ => 1 } (
+ @source_no_preprocess_compile_ada,
+ @source_no_preprocess_no_compile_ada,
+);
my %extensions_object = map { $_ => 1 } (
@object,
);
}
if ($option_version) {
print <<"EOF";
-blhc $VERSION Copyright (C) 2012-2016 Simon Ruderich
+blhc $VERSION Copyright (C) 2012-2017 Simon Ruderich
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
# look like a compiler executable thus causing the line to be
# treated as a normal compiler line.
next if $line =~ m{^\s*rm\s+};
+ # Some build systems emit "gcc > file".
+ next if $line =~ m{$cc_regex_normal\s*>\s*\S+};
# Check if additional hardening options were used. Used to ensure
# they are used for the complete build.
# Option or auto detected.
if ($arch) {
- # The following was partially copied from dpkg-dev 1.18.7
- # (/usr/share/perl5/Dpkg/Vendor/Debian.pm, add_hardening_flags()),
+ # The following was partially copied from dpkg-dev 1.18.15
+ # (/usr/share/perl5/Dpkg/Vendor/Debian.pm, _add_hardening_flags()),
# copyright Raphaƫl Hertzog <hertzog@debian.org>, Kees Cook
# <kees@debian.org>, Canonical, Ltd. licensed under GPL version 2 or
# later. Keep it in sync.
require Dpkg::Arch;
- my ($abi, $os, $cpu) = Dpkg::Arch::debarch_to_debtriplet($arch);
+ my ($os, $cpu);
+ # Recent dpkg versions use a quadruplet for arch. Support both.
+ eval {
+ (undef, undef, $os, $cpu) = Dpkg::Arch::debarch_to_debtuple($arch);
+ };
+ if ($@) {
+ (undef, $os, $cpu) = Dpkg::Arch::debarch_to_debtriplet($arch);
+ }
# Disable unsupported hardening options.
- if ($os !~ /^(?:linux|knetbsd|hurd)$/ or $cpu =~ /^(?:hppa|avr32)$/) {
+ if ($os !~ /^(?:linux|kfreebsd|knetbsd|hurd)$/
+ or $cpu =~ /^(?:hppa|avr32)$/) {
$harden_pie = 0;
}
if ($cpu =~ /^(?:ia64|alpha|hppa|nios2)$/ or $arch eq 'arm') {
$compile_cpp = 1;
# Ada needs special CFLAGS, use them if only ada files are compiled.
} elsif ($ada
- and $compile
- and array_equal(\@extensions,
- \@source_no_preprocess_compile_ada)) {
+ and extension_found(\%extensions_ada, @extensions)) {
$compile_ada = 1;
+ $preprocess = 0; # Ada uses no CPPFLAGS
@cflags_backup = @cflags;
@cflags = @cflags_ada;
}
=head1 LICENSE AND COPYRIGHT
-Copyright (C) 2012-2016 by Simon Ruderich
+Copyright (C) 2012-2017 by Simon Ruderich
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
ruderich.org/simon / blhc / blhc.git / blobdiff