Fix false positives from cmake when probing for compiler flags

[blhc/blhc.git] / bin / blhc

diff --git a/bin/blhc b/bin/blhc
index 3611c6de4c3980fa743b201be179484705559590..8606368f9f34e112582c4fe3a7a4ef02477b794d 100755 (executable)
--- a/bin/blhc
+++ b/bin/blhc
@@ -2,7 +2,7 @@
 
 # Build log hardening check, checks build logs for missing hardening flags.
 
-# Copyright (C) 2012-2020  Simon Ruderich
+# Copyright (C) 2012-2021  Simon Ruderich
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -690,7 +690,7 @@ if ($option_help) {
 }
 if ($option_version) {
     print <<"EOF";
-blhc $VERSION  Copyright (C) 2012-2020  Simon Ruderich
+blhc $VERSION  Copyright (C) 2012-2021  Simon Ruderich
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -1087,6 +1087,8 @@ foreach my $file (@ARGV) {
             next if $line =~ /^C\+\+ linker for the host machine: /;
             # Embedded `gcc -print-*` commands
             next if $line =~ /`$cc_regex_normal\s*[^`]*-print-\S+`/;
+            # cmake checking for compiler flags without setting CPPFLAGS
+            next if $line =~ m{^\s*/usr/(bin|lib)/(ccache/)?c\+\+ -dM -E -c /usr/share/cmake-\S+/Modules/CMakeCXXCompilerABI\.cpp};
 
             # Check if additional hardening options were used. Used to ensure
             # they are used for the complete build.
@@ -1550,6 +1552,9 @@ you find false positives which affect more packages please report a bug.
 
 To generate this string simply use echo in C<debian/rules>; make sure to use @
 to suppress the echo command itself as it could also trigger a false positive.
+If the build process takes a long time edit the C<.build> file in place and
+tweak the ignore string until B<blhc --all --debian package.build> no longer
+reports any false positives.
 
 =head1 OPTIONS